Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Trying to Understand this

R1169063#show ip bgp neighbors 152.162.63.101 received-routes | inc 10.70.

*> 10.70.20.0/23    152.162.63.101                         0 65000 64705 ?

*> 10.70.30.0/23    152.162.63.101                         0 65000 64704 ?

*> 10.70.40.0/23    152.162.63.101                         0 65000 64701 ?

*> 10.70.60.0/23    152.162.63.101                         0 65000 64708 ?

*> 10.70.70.0/23    152.162.63.101                         0 65000 64702 ?

*> 10.70.80.0/23    152.162.63.101                         0 65000 64703 ?

*> 10.70.89.0/24    152.162.63.101                         0 65000 64714 i

*> 10.70.100.0/23   152.162.63.101                         0 65000 64714 ?

*> 10.70.110.0/23   152.162.63.101                         0 65000 64712 i

*> 10.70.120.0/23   152.162.63.101                         0 65000 64714 ?

*> 10.70.130.0/24   152.162.63.101                         0 65000 64712 i

*> 10.70.131.0/24   152.162.63.101                         0 65000 64712 i

*> 10.70.140.0/23   152.162.63.101                         0 65000 64712 i

*> 10.70.150.0/23   152.162.63.101                         0 65000 64712 ?

I am very confused....But maybe this tells me something about my network.

10.70.100.0/23 and 10.70.120.0/23 are TWO different physical locations....so does this tell me that in order to get to both sites I have to go through almost like a hub router?

21 REPLIES
Hall of Fame Super Blue

Trying to Understand this

Steven

All routes are being seen with the same next hop IP.

    

All this means is that you router is peering with another BGP router that is receiving routes for remote networks that could be at different sites. Imagine a setup where you have multiple sites connected together with a provider network MPLS or not. At each site you have a router that peers with a provider router. The provider routers will have routes to all your sites but because at each site you are only peering with a provider router you only see that router as the next hop IP.

So i suspect you are looking at a BGP table on a router managed by your company that is peering with a provider router and receving from that router all your remote networks. The next hop IP of all routes is the provider router and the provider is then responsible for routing any traffic to the correct destination.

If this is not the case then please clarify.

Jon

New Member

Trying to Understand this

jon -

Each route has the same next AS65000, which is the MPLS VPN. But then when looking at the next AS path 64714 exists for 3 different subnets, 10.70.89.0/24 and 10.70.120.0/23 are in the same physical location, but 10.70.100.0/23 is a totally different location in another country....so why is the second AS path the same?

Hall of Fame Super Blue

Re: Trying to Understand this

Steven

Perhaps you have used the same AS for those two sites. Note to be able to do this on those routers you would need to see -

router bgp

neighbor x.x.x.x  allowas-in 1

where x.x.x.x is the next hop IP address of the peer router.

Jon

New Member

Trying to Understand this

I have verified that each router at each site is NOT using the same AS.

Hall of Fame Super Blue

Trying to Understand this

Are you sure that that route is not being advertised from both sites and it is picking the wrong one ?

Jon

New Member

Trying to Understand this

yup verified this with the advertised routes command...Im pretty confused.

Hall of Fame Super Blue

Trying to Understand this

So each site has it's own connection to the MPLS network and each site uses BGP to advertise routes to the provider router ?

Jon

New Member

Trying to Understand this

Correct!

Hall of Fame Super Blue

Trying to Understand this

And the router you are on is at a different site from both of the others ?

And you have logged onto both remote routers and done a "sh ip bgp ... advertised-routes" and only seen them advertising what they should be ?

Have you tried tracerouting to them to see what path they take ?

Jon

New Member

Trying to Understand this

The router I see the output from is completely separate, yes.

Yes, I have confirmed the advertised routes.

Traceroute from what device to where?

Hall of Fame Super Blue

Trying to Understand this

Ideally from a device in the site you are in to IPs in both those networks and see if they take the same path.

Also if possible can you post BGP config for the two remote sites ?

Jon

New Member

Trying to Understand this

Holy Batman Jon....my eyes need some checking...these two sites are using the same AS number....Is this even possible? I know they are TWO physically different locations.

NEXUS5K001# traceroute 10.70.100.15
traceroute to 10.70.100.15 (10.70.100.15), 30 hops max, 40 byte packets
1  10.170.199.6 (10.170.199.6) (AS 64707)  1.054 ms  2.085 ms  2.718 ms
2  152.162.63.101 (152.162.63.101) (AS 64707)  6.05 ms  7.615 ms  6.498 ms
3  68.139.102.141 (68.139.102.141) (AS 65000)  126.792 ms  126.596 ms  126.212 ms
      [Label=21129 E=0 TTL=255 S=1]
4  68.138.118.202 (68.138.118.202) (AS 65000)  123.325 ms  123.99 ms  123.354 ms
5  10.70.100.15 (10.70.100.15) (AS 64714)  124.188 ms  126.23 ms  123.9 ms



NEXUS5K001# traceroute 10.70.120.15
traceroute to 10.70.120.15 (10.70.120.15), 30 hops max, 40 byte packets
1  10.170.199.6 (10.170.199.6) (AS 64707)  2.963 ms  1.523 ms  2.012 ms
2  152.162.63.101 (152.162.63.101) (AS 64707)  6.412 ms  5.864 ms  7.695 ms
3  68.139.102.141 (68.139.102.141) (AS 65000)  127.751 ms  126.723 ms  125.727 ms
      [Label=21130 E=0 TTL=255 S=1]
4  68.139.102.142 (68.139.102.142) (AS 65000)  123.083 ms  123.061 ms  123.191 ms
5  10.70.120.15 (10.70.120.15) (AS 64714)  122.927 ms  122.942 ms  122.846 ms
NEXUS5K001#

I mean you cant configure another BGP process or even override a current one as it tells you cant within the IOS. So this is not an easy mistake.

Hall of Fame Super Blue

Re: Trying to Understand this

It's possible yes. In fact the only issue with using the same AS in two sites is that they will drop routes received from each other as they see their own AS in the AS PATH but you can override this with "allowas-in"

From your local routers perspective it is not an issue as it using a different AS number.

I thought though that you had verified that the two sites were using different AS numbers ?

Perhaps some configs and a quick topology explanation would help us sort this out.

Jon

New Member

Re: Trying to Understand this

Ok side road....They will drop routes learned from each other due to the rule of iBGP neighbors.No iBGP neighbor will advertise routes it learns from another iBGP neighbor....

But these two sites being differnet, this could cause an issue. correct? So what is allowas-in for? what kind of attribute is this? Well-known? etc, etc.

Hall of Fame Super Blue

Re: Trying to Understand this

They will drop routes learned from each other due to the rule of iBGP neighbors.No iBGP neighbor will advertise routes it learns from another iBGP neighbor....

No because this is EBGP. If an EBGP speaking router receives a router from an EBGP peer and sees it's own AS in the AS PATH it drops the route. This is how EBGP avoids loops.  The rule you quote is for IBGP although it is related to loop prevention as well.

But these two sites being differnet, this could cause an issue. correct? So what is allowas-in for? what kind of attribute is this? Well-known? etc, etc.

It would only cause an issue between the sites using the same AS. Any other sites would be fine as they would not drop the routes although there may be an underlying issue that is causing the symptom that needs looking at. Within an MPLS environment where the AS numbers are for your sites it is only an issue for you. Obviously for ISPs peering on the internet using the wrong AS could have rather more serious consequences.

The "allowas-in ..." command can be used by the customer to tell your EBGP router to accept a certain number of occurences of its own AS. It is not a BGP attribute just another BGP configuration option. So

router bgp

neighbor x.x.x.x allowas-in   where x is the number of times your own AS can occur in the AS PATH

the above would allow an EBGP router to accept a route with its own AS in the AS PATH "x" number of times. It shouldl obviously only be used where there is no chance of creating a loop. With a customer MPLS environment that is usually okay to do but if you were a transit AS then it would not be a good idea to use it.

In my last job we had an MPLS network provider and we used the same AS number in all sites and used the above command on all our EBGP speaking routers and it worked fine.

Jon

New Member

Trying to Understand this

Dear...why would you use the same AS on all sites? This is a good question because the company that has purchased us uses AS# per region, like West Coast uses 65000, East Coast uses 65001...but shouldnt these be unique?

Does it matter where in sequence it sees its own AS_PATH? For example:

*> 10.70.89.0/24    152.162.63.101                         0 65000 64714 i

*> 10.70.100.0/23   152.162.63.101                         0 65000 64714 ?

*> 10.70.110.0/23   152.162.63.101                         0 65000 64712 i

*> 10.70.120.0/23   152.162.63.101                         0 65000 64714 ?

Will AS 64714 drop all these routes with 64714?

So site with 10.70.120.0/23 subnet will never see a BGP advertisement for the other two subnets because its own AS_PATH in line?

Hall of Fame Super Blue

Re: Trying to Understand this

On the internet AS numbers do need to be unique but for a customer connecting to an MPLS network for example there is no reason why you cannot reuse the same AS across all your sites.

It doesn't matter where in the AS PATH it is. If an EBGP router in AS 64714 received a route advertisement from an EBGP peer with AS 64714 in the AS PATH then without extra configuration yes it would drop it.

So site with 10.70.120.0/23 subnet will never see a BGP advertisement for the other two subnets because its own AS_PATH in line?

Yes, unless you used the "allowas-in ..." command.

Edit - just to be precise on that last bit. The site will see the advertisements ie. it will receive them but it will drop them and they cannot be used unless you use the extra configuration i mentioned.

Jon

New Member

Re: Trying to Understand this

Ya so this was definately an issue, because these sites were using a default route back to the datacenter to essentially get to each other, rather than directly communicating direct. the allowas-in 1 worked beautifully.

I still would think to keep it clean you should use different AS numbers for all sites.

Hall of Fame Super Blue

Re: Trying to Understand this

I still would think to keep it clean you should use different AS numbers for all sites.

It is really a matter of preference for something like this. We found that using the same AS allowed us to create a more standard template for our implementation engineers but i wouldn't argue against using a different AS per site.

Jon

New Member

Re: Trying to Understand this

Hey Jon is there any official cisco docs that explain same ASN for multiple sites? I have some peers telling me that routing is not working correctly because two sites cannot have the same ASN. Now from what we talked about with the allowas-in configured there shouldnt be any issues. Can you think of anything else this would cause an issue with?

Hall of Fame Super Blue

Re: Trying to Understand this

The allowas-in command should only be an issue if the AS is a transit AS.

We used it at the last place i worked in all our sites connecting to an MPLS network with no routing issues.

Here is a link to a Cisco doc which covers it -

http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/112236-allowas-in-bgp-config-example.html

Jon

417
Views
0
Helpful
21
Replies