cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1344
Views
0
Helpful
15
Replies

Router missing connected route after enabling BGP

tkatsiaounis
Level 1
Level 1

I have a router (Cisco 3845 with 1GB of memory and running IOS 12.4.24-T7 Advanced IP Services) on which i am trying to implement a bgp session with my ISP. My router has the three following interfaces

int g0/0 -> 26.30.80.92 (ISP side)

int g0/1 -> 94.132.32.120 (Static 16-IP block from ISP where my services reside)

int g1/0 -> 192.168.1.0 (Internal block for iBGP and OSPF)

 

My BGP config

router bgp 60
 no synchronization
 bgp log-neighbor-changes
 neighbor 26.30.80.110 remote-as 134
 neighbor 26.30.80.110 password 7 XXXXXXXXXXXXXX
 neighbor 26.30.80.110 ebgp-multihop 6
 no auto-summary

 

 

When i enable BGP the router downloads all routes from the ISP router (which is NOT 26.30.80.92 but another router 26.30.80.110) and everything seems to be working fine up to  a point when i cannot connect to anything in my 94.132.32.120 block. Strangely enough i can ping the router interface IP of this block but nothing further inside.

 

When i do a sh ip route 94.132.32.120 it returns as connected but still i cannot ping from outside. From the router i can ping the internal block IP's.

 

If i do a traceroute from outside to an ip of the block it stops at 94.132.32.121 (the router IP ) and then shows the router IP three times and then stars.

 

Does any body have any idea what might be the issue???

 

I thought about ISP problem with the specific block but although i got my own IP block  we have services that must still work with the ISP 16 block for the time being.

 

Thanks a lot in advance for any help/.

15 Replies 15

milan.kulik
Level 10
Level 10

Hi,

 

a) how is your 94.132.32.120/x subnet advertised to the Internet? What it the /x subnet length?

b) Are the devices within that subnet using your  router IP  94.132.32.121 as their default GW?

 

Best regards.

Milan


 

a) It is a block of 16 IP addresses belonging to the ISP. I suppose they point their routers to our router IP address to find this /28.I do not advertise that subnet to the internet.

 

b) Yes.In fact there is a firewall behind the router and it NAT's internal IP's to the real subnet. Plan is to migrate to the new subnet but the services must still work until then.

What are you trying to accomplish with BGP?

Unicorns!!!!!!!!

No just kidding. I am trying to advertise our block of IP's on our ASN. Still though until our services are all migrated to the new block, the old one must still work.

So Gig0/0 connects to your ISP and Gig0/1 connects to a segment with your firewall. What Is Gig1/0 connected to? Another router you're using for BGP? Does it have a interface on the same network as the firewall and Gig0/1?

Another router you're using for BGP? YES

Does it have a interface on the same network as the firewall and Gig0/1? NO

What does your routing table look like before and after enabling BGP for that network? Can you post the before/after output of 'sh ip route | i 94.132.32'

I don't understand:  do you need to advertise the new block to your ISP or not ?  If not, why are you using BGP ? Can't you a default router to 26.30.80.92 ?

 

In any case you BGP session will not advertise any subnet infect you don't configure any network to be advertised (network command), neither redistribution

 

e

 

I have two blocks of IP addresses.

Block 1 is a /28 given to me by my ISP where my current services reside.

Block 2 is a /22 from RIPE which i need to advertise to my GBP peers.

Block 2 is advertised fine and i have NO problem with it.

 

My config snippet does not include the network staements because i have no problem with them.

Hi,

 

one possibility would be the FW blocking the incoming connections?

I still don't understand though: Why are you peering to a BGP neighbor 6 hops away?

There might be some routers in the middle dropping the packets...

 

Best regards,

Milan

 


 

FW blocking the incoming connections? No. The firewall is already working with the IP block i have from the ISP.

 

BGP neighbor 6 hops away? ISP asked me to.

May be firewall permit only session directed to the old block.

The old block is the one that does not work.

tkatsiaounis
Level 1
Level 1

I tried everything. I talked to the ISP, i changed the mem modules, i changed a router (swapped for another 3845), as it seems good old CPU of 3845 is too small to handle modern BGP issues (or is faulty). Since the router is EoL  i'll solve my issues with an ASR1001.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: