Default Route BGP conundrum

steven.crutchley · ‎05-30-2012

I have a router with the follow routes in it:

B 10.0.0.0/16 via interface 1 - learnt from eBGP neighbour - AS Path length 2

*B 123.123.123.123 via interface 2 - default route dirstibuted by an iBGP neighbour in the same AS - AS path length 0

(sorry this is not an exact copy of the routing table but should give the general idea).

If I send a packet to the 10.0.32.0/22 network (assuming there are no other routes in the table), it SHOULD send the packet out interface 1 right?

A route is chosen in the following order:

1. Most specific match

2. AD

3. Metric

Clearly the router out interface 1 matches the route more specifically.

The problem is, the packet is actually being sent out the default route (interface 2). If the "most specifc match" was not a factor, then I can understand as BGP would prefer the shortest AS_Path Length.

Can anyone help me understand why this is happening?

John Blakley · ‎05-30-2012

The more specific route should be preferred. Can you post "sho ip route 10.0.0.0" and "sh ip route 123.123.123.123" ?

HTH, John *** Please rate all useful posts ***

Peter Paluch · ‎05-30-2012

John,

You're very much on the right track but stating this depends on the netmask of the 123.123.123.123 route. We're looking for longest prefix match - but if the netmask of the 123.123.123.123 is /32 then there is no match - remember that the match is defined as:

DestIP AND Routing_Entry_Netmask == Routing_Entry_Network

Clearly, 10.0.[32-35].X AND 255.255.255.255 = 10.0.[32-35].X, not 123.123.123.123. There's no match there.

There is a gotcha with default networks defined with ip default-network command - if these networks exist in the routing table, then to my best knowledge, the one having the longest prefix is chosen as the network of last resort. However, the entire concept of default network (as opposed to a default route) is such unfortunate that it should be eradicated as soon as possible - it goes quite contrary to every IP routing logic.

Best regards,

Peter

Peter Paluch · ‎05-30-2012

Steven,

You have to be very careful about not confusing two processes: populating the routing table, and making lookups in the routing table.

When populating the routing table, routes are being put first by their AD (the lowest AD wins) and then by their metric. Please note that this decision process comes into play only if there are multiple paths or even two different routing protocols trying to insert the same network/netmask entry into the routing table. Otherwise, there is no contention and no need for a decision process. Note also that the longest prefix match absolutely does not apply here because you are not matching destination IP addresses to the routing table entries yet.

When making lookups in a routing table, the only thing that matters is the longest prefix match. Forget about ADs, metrics, whatever other attributes of a route. The longest prefix match is always performed against the best known routes, and the decision process used during the routing table buildup guarantees that what the routing table holds are only the best routes (save EIGRP's unequal cost balancing but let's not complicate things too much).

I felt necessary stating this before we go any deeper into discussion what is happening.

And to be totally frank - I am very surprised to see that your router sends packets for 10.0.32.0/22 via interface 2. That does not make much sense if the route to 10.10.0.0/16 is truly present. In addition, I am missing the point of 123.123.123.123 network - what is that? A loopback network? What is its netmask? How come it is being declared a candidate default (noted with the asterisk sign) - did you use any ip default-network commands? Do you believe you could copy the exact routing table contents?

Best regards,

Peter

JohnTylerPearce · ‎05-30-2012

Peter unless I've got stupid in the past months (completely possible) I would think that for 10.0.32.0/22, it would take the route of 10.0.0.0/16. I can't see it ever matching 123.123.123.123/? no matter what the mask is.

Peter Paluch · ‎05-30-2012

Hello John,

Peter unless I've got stupid in the past months (completely possible) I  would think that for 10.0.32.0/22, it would take the route of  10.0.0.0/16. I can't see it ever matching 123.123.123.123/? no matter  what the mask is.

Don't worry about getting stupid - it is absolutely not your case! Your observation is correct - under no circumstances would the 123.123.123.123/X (masked appropriately; X between 1 and 32) provide a match with destinations in the range 10.0.32.0/22.

However, there is this Cisco-specific concept of a default network. If there is no match for the packet's destination, the router will look for a network (disregarding any matches/mismatches) that is flagged as a default network (note - a default network is not the same as the default route). This may be happening to Steven - the question is why.

You may be interested in reading the following article - it highlights the differences between ways of configuring the gateway of last resort:

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094374.shtml

Oh, and I was wrong in my former assumption about the selection of a default network - this article states clearly:

If you configure multiple networks as candidate default routes using the ip default-network command, the network that has the lowest administrative distance is chosen as the network for the gateway of last resort. If all the networks have the same administrative distance then the network listed first in the routing table (show ip route lists the routing table) is chosen as the network for the gateway of last resort.

Best regards,

Peter