Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

BGP Nexthop issues

Posted on 2009-07-06
2
Medium Priority
?
673 Views
Last Modified: 2013-12-14
We are having some issues with Cisco iBGP.

Our (test) network consists of the following
1 x Cisco 3560G switch (Core/Dist switch)
1 x Cisco 2811 Router - Core Router
1 x Cisco 2811 Router - Primary Border Router
1 x Cisco 2611XM Router - Secondary Border Router

The 3560G holds 5 /24 subnets which are announced to the Core Router via iBGP.

The Primary Border router connects to an IX/Peering Point and has approximatelly 10k routes which it announces to the Core Router. The Secondary Border Router connects to our Transit provider and announces a default route to the Core Router.

The core router then summarizes these and announces a default 0.0.0.0 to the 3560G due to its route limitations imposed by Cisco.

The problem we are having is that the Core Router is not obeying "next-hop-self" commands, and is announcing the /24's from the Core switch to both of the border routers with a next-hop value of the 3560G, meaning that the borders do not see these as valid routes, and thus do not announce them to the transit provider or IX.

The work around so far is to have static routes on the borders to point back to the core router - but this shouldnt be necessary.

Please find below the (cut down) configurations for the routers - I would be eternally greatful for help on this.

BORDER 1 (2811)
interface FastEthernet0/0
 ip address 192.168.1.77 255.255.255.0
 duplex full
 speed 100
!
interface FastEthernet0/1
 ip address 10.10.104.253 255.255.255.252
 duplex full
 speed 100
!
router bgp 9999
 no synchronization
 bgp router-id 10.10.104.253
 bgp log-neighbor-changes
 bgp redistribute-internal
 timers bgp 30 45 30
 neighbor 10.10.104.254 remote-as 9999
 neighbor 10.10.104.254 next-hop-self
 neighbor 192.168.1.240 remote-as 1111
 neighbor 192.168.1.240 route-map PEER-ANNOUNCE out
 neighbor 192.168.1.253 remote-as 1111
 neighbor 192.168.1.253 route-map PEER-ANNOUNCE out
 no auto-summary
!
ip forward-protocol nd
ip route 10.10.104.0 255.255.255.0 10.10.104.254
ip route 10.10.105.0 255.255.255.0 10.10.104.254
ip route 10.10.106.0 255.255.255.0 10.10.104.254
ip route 10.10.243.0 255.255.255.0 10.10.104.254
ip route 10.10.141.0 255.255.255.0 10.10.104.254
!
!
ip access-list extended peer-announce
 permit ip 10.10.243.0 0.0.0.255 any
 permit ip 10.10.104.0 0.0.0.255 any
 permit ip 10.10.105.0 0.0.0.255 any
 permit ip 10.10.106.0 0.0.0.255 any
 permit ip 10.10.141.0 0.0.0.255 any
!
!
route-map PEER-ANNOUNCE permit 10
 match ip address peer-announce
!

BORDER 2 (2611XM)

interface FastEthernet0/0.140
 encapsulation dot1Q 140
 ip address 192.168.2.147 255.255.255.248
!
interface FastEthernet0/1.162
 encapsulation dot1Q 162
 ip address 10.10.104.249 255.255.255.252
!
router bgp 9999
 no synchronization
 bgp router-id 10.10.104.249
 bgp log-neighbor-changes
 neighbor 10.10.104.250 remote-as 9999
 neighbor 10.10.104.250 default-originate
 neighbor 10.10.104.250 filter-list 1 out
 neighbor 192.168.2.145 remote-as 3333
 neighbor 192.168.2.145 route-map OUT out
 no auto-summary
!
ip classless
ip route 10.10.104.0 255.255.255.0 10.10.104.250
ip route 10.10.243.0 255.255.255.0 10.10.104.250
ip route 10.10.141.0 255.255.255.0 10.10.104.250
!
ip as-path access-list 1 deny .*
!
!
ip access-list extended out
 permit ip 10.10.243.0 0.0.0.255 any
 permit ip 10.10.104.0 0.0.0.255 any
 permit ip 10.10.141.0 0.0.0.255 any
 permit ip 10.10.105.0 0.0.0.255 any
 permit ip 10.10.106.0 0.0.0.255 any
!
route-map OUT permit 10
 match ip address out
 set local-preference 800
 set as-path prepend 9999 9999 9999 9999 9999 9999 9999
!



CORE ROUTER (2811)

interface FastEthernet0/0.161
 encapsulation dot1Q 161
 ip address 10.10.104.254 255.255.255.252
!
interface FastEthernet0/0.162
 encapsulation dot1Q 162
 ip address 10.10.104.250 255.255.255.252
!
interface FastEthernet0/1.163
 encapsulation dot1Q 163
 ip address 10.10.104.238 255.255.255.252
!
router bgp 9999
 no synchronization
 bgp log-neighbor-changes
 bgp redistribute-internal
 timers bgp 30 45 30
 neighbor 10.10.104.237 remote-as 9999
 neighbor 10.10.104.237 default-originate
 neighbor 10.10.104.237 filter-list 1 out
 neighbor 10.10.104.249 remote-as 9999
 neighbor 10.10.104.249 route-reflector-client
 neighbor 10.10.104.249 next-hop-self
 neighbor 10.10.104.249 weight 800
 neighbor 10.10.104.249 route-map INTERNAL out
 neighbor 10.10.104.253 remote-as 9999
 neighbor 10.10.104.253 update-source FastEthernet0/0.161
 neighbor 10.10.104.253 route-reflector-client
 neighbor 10.10.104.253 next-hop-self
 neighbor 10.10.104.253 weight 1600
 neighbor 10.10.104.253 route-map INTERNAL out
 no auto-summary
!
ip forward-protocol nd
!
ip as-path access-list 1 deny .*
!
!
ip access-list extended core-to-border
 permit ip 10.10.243.0 0.0.0.255 any
 permit ip 10.10.104.0 0.0.0.255 any
 permit ip 10.10.105.0 0.0.0.255 any
 permit ip 10.10.106.0 0.0.0.255 any
 permit ip 10.10.141.0 0.0.0.255 any
!
access-list 1 permit any
!
route-map INTERNAL permit 10
 match ip address core-to-border
!



CORE SWITCH (3560G)



router bgp 9999
 no synchronization
 bgp log-neighbor-changes
 bgp redistribute-internal
 network 10.10.104.0 mask 255.255.255.0
 network 10.10.105.0 mask 255.255.255.0
 network 10.10.106.0 mask 255.255.255.0
 network 10.10.243.0
 network 10.10.141.0
 aggregate-address 10.10.104.0 255.255.255.0 summary-only
 aggregate-address 10.10.243.0 255.255.255.0 summary-only
 neighbor 10.10.104.238 remote-as 9999
 neighbor 10.10.104.238 transport path-mtu-discovery
 neighbor 10.10.104.238 next-hop-self
 neighbor 10.10.104.238 route-map CORE-ANNOUNCE out
 no auto-summary
!
!
ip access-list extended core-announce
 permit ip 10.10.243.0 0.0.0.255 any
 permit ip 10.10.104.0 0.0.0.255 any
 permit ip 10.10.105.0 0.0.0.255 any
 permit ip 10.10.106.0 0.0.0.255 any
 permit ip 10.10.141.0 0.0.0.255 any
!
route-map CORE-ANNOUNCE permit 10
 match ip address core-announce
!


0
Comment
Question by:gregnetau
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 3

Accepted Solution

by:
apd32123 earned 2000 total points
ID: 24793886
route-map INTERNAL permit 10
 match ip address core-to-border
 set ip next-hop x.x.x.x

or

set ip next-hop peer-address

You are using a route-map to control outbound updates I would set the next-hop parameters there.
0
 

Author Closing Comment

by:gregnetau
ID: 31600489
Thanks - Perfect - that has solved all of the problems!!
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question