We have a rather odd issue with some backup static routes on my MPLS routers that I've yet to figure out the cause.
We use BGP for routing on the MPLS, but in the event that a site has its circuits go down, we have static routes with a distance of 250 set that kick in and direct traffic to a Cisco PIX that will create a VPN tunnel to the remote sites to get around the failure.
The problem we have is when the circuits come back up, some of the sites still use the static routes instead of BGP.
Here's an example of our configuration:
router bgp xxxxx
no bgp log-neighbor-changes
network 10.1.1.0 (this is the network of the LAN interface)
neighbor xx.xx.xx.xx remote-as xxx
neighbor xx.xx.xx.xx weight 45555
ip route 10.1.3.0 255.255.255.0 10.1.1.225 250
Thanks in advance for any help.
Is the site learning a comparable route through BGP?
By comparable, I mean a prefix with the same length subnet mask.
So, does the spoke router learn about 10.1.3.0 255.255.255.0 through BGP?
[EDIT] Just to be clear, the BGP configuration you show is from which router, the hub or spoke? Which side initiates the IPSec tunnel? [EDIT]
Has to be the same subnet mask or BGP has a better one. If static route has better subnet mask, traffic will use it from very beginning whatever the AD is. Say hello to Gary Dulin.
BGP and the static route should have the same subnet mask (/24)
Router#sh ip route 10.1.3.0
Routing entry for 10.1.3.0/24
Known via "bgp xxxxx", distance 20, metric 0
Tag xxxx, type external
Last update from xx.xx.xx.xx 3w1d ago
Routing Descriptor Blocks:
* xx.xx.xx.xx, from xx.xx.xx.xx, 3w1d ago
Route metric is 0, traffic share count is 1
AS Hops 2
Route tag xxxx
First off, thanks for the reply.
Yes, 10.1.3.0/24 is learned via BGP and should be the preferred route. The static route is supposed to only go into effect if that BGP route disappears out of the routing table. That part seems to work fine, it just doesn't go back to the BGP provided route when it comes back into the routing table.
The configuration was for a spoke site. The actual BGP neighbors I can't get configs from because they are controlled by the MPLS provider.
The hub site config looks pretty much the same, the only difference is it doesn't have the BGP neighbor weight and it has a different BGP neighbor. I'm thinking of adding the BGP neighbor weight to all sites.
If my logic is correct, setting the BGP neighbor weight should force it to be preferred over the static routes. That doesn't seem to have worked though for the site config I referenced. It still uses the static route.
The IPSec tunnel is actually established by a Cisco PIX 515, which is off the LAN interface at IP 10.1.1.225
Hope that makes sense.
Your BGP weight has nothing to do with route selection in this case. If the route is learned from EBGP, it has AD 20 and will automatically win over static which is AD 250. Can you provide a topology diagram?
Here's a topology diagram. My Visio skills suck so hopefully it makes sense.
I'll be posting the output of sh ip bgp 10.1.3.0 and sh ip route 10.1.3.0 later. I need to schedule a test to reproduce the issue to get that. Right now they both show BGP as the preferred route.