Solved: eBGP routes and rib-failure

Peter Gavagan · ‎03-10-2012

Hello,

I have a question regarding eBGP routes and rib-failure. I have two CE routers that I manage. They are peering with two PE routers. OSPF and iBGP is running between the two CE routers. BGP is being redistributed into OSPF as well on the CEs. I am using prefix lists to filter incoming routes on the CEs from the PEs.

CE2 is receiving all routes from PE2 without a problem but CE1 has all the received-routes in rib-failure. When I run a show ip route, the OSPF routes on CE1 are being perfered that it is getting from CE2. It appears the routes are only being seen in iBGP and since OSPF has a lower AD the routes show in rib-failure in BGP. So CE1 is not adding the eBGP routes to the route table.

When I run a show ip bpg neighbor recieved-routes command on CE1 for PE1, the recieved-routes show in rib-failure as well. Does this mean that PE1 is sending rib-failure routes to CE1?

CE01#sh ip bgp neighbors 10.10.249.233 received-routes

BGP table version is 197067, local router ID is 10.10.127.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

r 10.10.16.0/28 10.10.249.233 0 1234 12345 i

r 10.12.0.0/17 10.10.249.233 0 1234 12345 i

r 10.13.116.0/22 10.10.249.233 0 1234 12345 i

r 10.13.120.0/22 10.10.249.233 0 1234 12345 i

r 10.13.124.0/23 10.10.249.233 0 1234 12345 i

r 10.14.128.0/24 10.10.249.233 0 1234 12345 i

r 10.23.64.0/20 10.10.249.233 0 1234 12345 i

r 10.23.80.0/20 10.10.249.233 0 1234 12345 i

r 10.23.96.0/24 10.10.249.233 0 1234 12345 12346 i

CE01#sh ip route 10.10.16.0

Routing entry for 10.10.16.0/28

Known via "ospf 1", distance 110, metric 10

Tag 1234, type extern 2, forward metric 1

Last update from 10.10.98.245 on Vlan98, 22:31:17 ago

Routing Descriptor Blocks:

* 10.10.98.245, from 10.10.127.2, 22:31:17 ago, via Vlan98

Route metric is 10, traffic share count is 1

Route tag 1234

CE02#sh ip route 10.10.16.0

Routing entry for 10.10.16.0/28

Known via "bgp 11111", distance 20, metric 0

Tag 1234, type external

Redistributing via ospf 1

Advertised by ospf 1 metric 10 subnets route-map BGP_TO_OSPF

Last update from 10.10.249.237 22:33:10 ago

Routing Descriptor Blocks:

* 10.10.249.237, from 10.10.249.237, 22:33:10 ago

Route metric is 0, traffic share count is 1

AS Hops 2

Route tag 1234

MPLS label: none

milan.kulik · ‎03-12-2012

Hi,

so your router CE1 is receiving the same prefix 10.10.16.0/28 three times then:

1) from the eBGP neighbor with local-preference = 150 (AD = 20)

2) from CE2 via iBGP with local-preference = 200 (AD = 200)

3) from CE2 via OSPF (AD = 110)

So from BGP protocol point of view, the router compares 1) and 2). As 2) has better BGP attributes (higher local-preference), it's the best route within BGP.

There is only one route for the prefix within OSPF, so 3) is the best route within OSFP.

Then the router has to choose the best route among all routing protocols to put to the RIB.

The OSPF route has AD =110, while 2) is an iBGP route, i.e., AD = 200.

So the OSPF route gets to the RIB.

And you can see the BGP prefixes (both iBGP and eBGP) failed to get to the RIB.

So if you want to get the eBGP route to the RIB on CE1, you need to make it the best withing BGP first.

You could assign a higher weight to it, e.g.

neighbor 10.10.249.233 weight 35000

would make it.

In this case, all eBGP prefixes would win within BGP on CE1.

And as AD = 20 for eBGP, they would beat OSPF prefixes and get to the RIB finally.

And as the weight attribute is local only and is not advertised to the BGP neighbors, no change would happen in CE2 routing.

Is this what you need?

Sure there are other possibilities: not running iBGP between the routers while there is also OSPF with BGP prefixes redistributed, e.g.

But only you know what is really necessary in your network.

HTH,

Milan

View solution in original post

pgurumu77 · ‎03-10-2012

What does sh ip bgp rib-failure say, BTW you are looking at recv-routes, what does show ip bgp nei X.X.X.X routes say?

Peter Gavagan · ‎03-10-2012

Hi. Thanks.

bgp rib-failure shows "Higher admin distance"

CE01#sh ip bgp rib-failure

Network Next Hop RIB-failure RIB-NH Matches

10.10.16.0/28 10.10.127.2 Higher admin distance n/a

But it shows the next hop of CE2 and not PE1.

Show ip bgp nei routes show rib-failure as well:

CE01#sh ip bgp neighbors 10.10.249.233 routes

BGP table version is 197159, local router ID is 10.10.127.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

r 10.10.16.0/28 10.10.249.233 150 0 1234 12345 i

r 10.12.0.0/17 10.10.249.233 150 0 1234 12345 i

r 10.13.116.0/22 10.10.249.233 150 0 1234 12345 i

r 10.13.120.0/22 10.10.249.233 150 0 1234 12345 i

r 10.13.124.0/23 10.10.249.233 150 0 1234 12345 i

r 10.14.128.0/24 10.10.249.233 150 0 1234 12345 i

r 10.23.64.0/20 10.10.249.233 150 0 1234 12345 i

pgurumu77 · ‎03-10-2012

That (Higher Admin Distance) means your IGP route is preferred, because EIGRP (90) or OSPF (110) or IS-IS(115) or RIP (120) or STATIC(default: 1) routes are always preferred than iBGP (200) routes, this is common, is there a redistribution going on?

sh ip route, instead of sh ip bgp is your best bet to find out why CE2 is preferred over PE1.

Peter Gavagan · ‎03-10-2012

Exactly, the OSPF route with the 110 AD is prefered over the 200 AD of iBGP. But I don't understand why the eBGP (AD20) is not being perfered on CE1?

Yes, I am redistributing BGP into OSPF

redistribute bgp 11111 metric 10 subnets route-map BGP_TO_OSPF

Here's a sh ip route output on CE1

CE01#sh ip route 10.10.16.0

Routing entry for 10.10.16.0/28

Known via "ospf 1", distance 110, metric 10

Tag 1234, type extern 2, forward metric 1

Last update from 10.10.98.245 on Vlan98, 1d01h ago

Routing Descriptor Blocks:

* 10.10.98.245, from 10.10.127.2, 1d01h ago, via Vlan98

Route metric is 10, traffic share count is 1

Route tag 1234

pgurumu77 · ‎03-10-2012

What is the local-pref for 10.10.16.0 subnet on CE1 and CE2, I am guessing CE2 has higher local-pref than CE1 and CE1 will prefer the routes via iBGP from CE2, since your redistribute BGP into OSPF, OSPF routers are preferred. If you want to fix this, remove redistribution unless you really really want it or you know what you are doing.

Ryan Newell · ‎03-11-2012

Hi Peter,

Can you post your BGP configuration and any relevant policies?

regards,

ryan

Peter Gavagan · ‎03-11-2012

Hi Ryan

I've posted the OSPF and BGP config on CE1.

I am seting the local-preference on CE1 to 150 and CE2 is 200.

Thanks

router ospf 1

log-adjacency-changes

redistribute connected subnets

redistribute bgp 11111 metric 10 subnets route-map BGP_TO_OSPF

network 10.10.98.240 0.0.0.15 area 9

router bgp 11111

no synchronization

bgp router-id 10.10.127.1

bgp log-neighbor-changes

network 10.10.98.240 mask 255.255.255.240

network 10.10.127.1 mask 255.255.255.255

network 192.168.10.0 mask 255.255.255.0

network 192.168.11.0 mask 255.255.255.0

network 192.168.12.0 mask 255.255.255.0

network 192.168.13.0 mask 255.255.255.0

network 192.168.14.0 mask 255.255.255.0

neighbor 10.10.249.233 remote-as 1234

neighbor 10.10.249.233 description PE1 Gi1/2 vrf GLB

neighbor 10.10.249.233 version 4

neighbor 10.10.249.233 soft-reconfiguration inbound

neighbor 10.10.249.233 route-map CHI-PROD-IN in

neighbor 10.10.249.233 route-map CHI-PROD-OUT out

neighbor 10.10.127.2 remote-as 11111

neighbor 10.10.127.2 description iBGP to CE02

neighbor 10.10.127.2 update-source Loopback0

neighbor 10.10.127.2 next-hop-self

neighbor 10.10.127.2 soft-reconfiguration inbound

no auto-summary

ip prefix-list CHI-IN seq 10 permit 0.0.0.0/0 le 32

!

ip prefix-list CHI-OUT seq 10 permit 192.168.10.0/24

ip prefix-list CHI-OUT seq 20 permit 192.168.11.0/24

ip prefix-list CHI-OUT seq 30 permit 192.168.12.0/24

ip prefix-list CHI-OUT seq 40 permit 192.168.13.0/24

ip prefix-list CHI-OUT seq 50 permit 192.168.14.0/24

ip prefix-list CHI-OUT seq 60 permit 10.10.98.240/28

ip prefix-list CHI-OUT seq 70 permit 10.10.127.0/24 ge 32

!

route-map CHI-PROD-OUT permit 10

match ip address prefix-list CHI-OUT

!

route-map BGP_TO_OSPF permit 10

match ip address prefix-list CHI-IN

!

route-map CHI-PROD-IN permit 10

match ip address prefix-list CHI-IN

set local-preference 150

milan.kulik · ‎03-12-2012

Hi,

so your router CE1 is receiving the same prefix 10.10.16.0/28 three times then:

1) from the eBGP neighbor with local-preference = 150 (AD = 20)

2) from CE2 via iBGP with local-preference = 200 (AD = 200)

3) from CE2 via OSPF (AD = 110)

So from BGP protocol point of view, the router compares 1) and 2). As 2) has better BGP attributes (higher local-preference), it's the best route within BGP.

There is only one route for the prefix within OSPF, so 3) is the best route within OSFP.

Then the router has to choose the best route among all routing protocols to put to the RIB.

The OSPF route has AD =110, while 2) is an iBGP route, i.e., AD = 200.

So the OSPF route gets to the RIB.

And you can see the BGP prefixes (both iBGP and eBGP) failed to get to the RIB.

So if you want to get the eBGP route to the RIB on CE1, you need to make it the best withing BGP first.

You could assign a higher weight to it, e.g.

neighbor 10.10.249.233 weight 35000

would make it.

In this case, all eBGP prefixes would win within BGP on CE1.

And as AD = 20 for eBGP, they would beat OSPF prefixes and get to the RIB finally.

And as the weight attribute is local only and is not advertised to the BGP neighbors, no change would happen in CE2 routing.

Is this what you need?

Sure there are other possibilities: not running iBGP between the routers while there is also OSPF with BGP prefixes redistributed, e.g.

But only you know what is really necessary in your network.

HTH,

Milan

Peter Gavagan · ‎03-12-2012

Hi Milan

I think you nailed it on the head! That's exactly what I was looking for. I think I will assign a higher weight to the peer.

I apprecaite your detailed answer. I will make change this week and post results. Thanks

Peter

Peter Gavagan · ‎03-16-2012

Hi Milan - I assigned a higher weight to the eBGP neighbor on CE1 it worked! Thanks again. Much appreciated!