We are an ISP and we are trying to give internet access to a client via BGP. The client already has a primary connection with AT&T and is using our service as a backup. We have a complete routing table in our router and we are only giving the client 4 networks which they desire via a route-map. For discussion sake lets say our ASN number is 40000 the client ASN number is 27000. Our router ip is 10.156.130.91 and the client is 10.156.130.81. Ping is working fine and the BGP state is established but when the client brings down their primary internet connection with AT&T they are unable to route outside and get a message expired in transit from the 130.91 ip address. Our config is as follows:
router bgp 40000
neighbor 10.156.130.81 remote-as 27309
neighbor 10.156.130.81 route-map rm_peer_3_in in
neighbor 10.156.130.81 route-map rm_peer_3_out out
neighbor 10.156.130.100 remote-as 40725
ip prefix-list pl_peer_3_in seq 5 permit 184.108.40.206/24
ip prefix-list pl_peer_3_in seq 10 permit 220.127.116.11/24
ip prefix-list pl_peer_3_in seq 15 permit 18.104.22.168/24
ip prefix-list pl_peer_3_in seq 20 permit 22.214.171.124/24
ip prefix-list pl_peer_3_in seq 21 permit 0.0.0.0/32
ip prefix-list pl_peer_3_in seq 25 deny any
ip prefix-list pl_peer_3_out seq 5 permit 126.96.36.199/24
ip prefix-list pl_peer_3_out seq 10 permit 188.8.131.52/24
ip prefix-list pl_peer_3_out seq 15 permit 184.108.40.206/24
ip prefix-list pl_peer_3_out seq 20 permit 220.127.116.11/24
ip prefix-list pl_peer_3_out seq 21 permit 0.0.0.0/32
ip prefix-list pl_peer_3_out seq 25 deny any
route-map rm_peer_3_out permit 5
match ip address prefix-list pl_peer_3_out
route-map rm_peer_3_in permit 5
match ip address prefix-list pl_peer_3_in
The client configuration is:
interface FastEthernet0/0/0 ip address 10.156.130.81 255.255.255.192 duplex auto speed auto
router bgp 27000 no synchronization bgp log-neighbor-changes bgp inject-map ORIGINATE exist-map LEARNED_ROUTE network 18.104.22.168 mask 255.255.255.0 network 22.214.171.124 mask 255.255.255.128 network 126.96.36.199 mask 255.255.255.128 network 188.8.131.52 mask 255.255.255.0 network 184.108.40.206 mask 255.255.255.0 aggregate-address 220.127.116.11 255.255.255.0 summary-only aggregate-address 18.104.22.168 255.255.255.0 summary-only aggregate-address 22.214.171.124 255.255.255.0 summary-only neighbor 12.91.XX.YYY remote-as 7000 neighbor 12.91.XX.YYY weight 10 neighbor 12.91.XX.YYY route-map ATT_NO_EXPORT in neighbor 10.156.130.91 remote-as 40000 neighbor 10.156.130.91 send-community neighbor 10.156.130.91 distribute-list 6 out neighbor 10.156.130.91 route-map Backup in neighbor 10.156.130.91 route-map Comcast-Community out neighbor 10.156.130.91 advertise-map ADV non-exist-map NONEXIST neighbor 10.156.130.91 ebgp-multihop 255 no auto-summary ! no ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 10.156.130.91 30 ip route 192.168.40.0 255.255.255.0 126.96.36.199 permanent no ip http server no ip http secure-server ! ip bgp-community new-format ! ip prefix-list ROUTE seq 5 permit 0.0.0.0/0 ! ip prefix-list ROUTE_SOURCE seq 5 permit 12.91.XX.YYY/32 ! ip prefix-list UNAGGREGATED_ROUTES seq 5 permit 188.8.131.52/32 ! access-list 1 permit any access-list 2 deny any access-list 3 permit any access-list 5 permit 184.108.40.206 access-list 6 permit 220.127.116.11 0.0.0.255 access-list 6 permit 18.104.22.168 0.0.0.255 access-list 6 permit 22.214.171.124 0.0.0.255 access-list 6 permit 126.96.36.199 0.0.0.255 ! ! ! ! route-map NONEXIST permit 10 match ip address 5 ! route-map Backup permit 10 match ip address 1 set community no-export ! route-map Comcast-Community permit 10 match ip address 3 set community 7922:100 ! route-map ATT_NO_EXPORT permit 10 match ip address 1 set community no-export ! route-map ORIGINATE permit 10 set ip address prefix-list UNAGGREGATED_ROUTES ! route-map LEARNED_ROUTE permit 10 match ip address prefix-list ROUTE match ip route-source prefix-list ROUTE_SOURCE ! route-map ADV permit 10 match ip address 6 ! route-map AS-PREPEND permit 10 match ip address 1 set as-path prepend 27000 27000 27000 27000
there are some basic notes about your configuration
a) a default route should be represented as 0.0.0.0/0 not as 0.0.0.0/32
b) why the route filters applied to the customer are equal? this doesn't make sense the two prefix-list pl_peer_3_out and pl_peer_3_in permit the same IP prefixes I would expect you to provide a default route and some routes not to receive a default route from customer and the same set of routes.
c) what is the use of the inject-map on customer router? if the customer router receives a default route from expected route source it generates a route for 188.8.131.52/32 that is not sent to your router ( there is the distribute-list 6 towards your router and that prefix is not included) so what is its use?
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...