Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

BGP Nexthop issues

Posted on 2009-07-06
2
Medium Priority
?
675 Views
Last Modified: 2013-12-14
We are having some issues with Cisco iBGP.

Our (test) network consists of the following
1 x Cisco 3560G switch (Core/Dist switch)
1 x Cisco 2811 Router - Core Router
1 x Cisco 2811 Router - Primary Border Router
1 x Cisco 2611XM Router - Secondary Border Router

The 3560G holds 5 /24 subnets which are announced to the Core Router via iBGP.

The Primary Border router connects to an IX/Peering Point and has approximatelly 10k routes which it announces to the Core Router. The Secondary Border Router connects to our Transit provider and announces a default route to the Core Router.

The core router then summarizes these and announces a default 0.0.0.0 to the 3560G due to its route limitations imposed by Cisco.

The problem we are having is that the Core Router is not obeying "next-hop-self" commands, and is announcing the /24's from the Core switch to both of the border routers with a next-hop value of the 3560G, meaning that the borders do not see these as valid routes, and thus do not announce them to the transit provider or IX.

The work around so far is to have static routes on the borders to point back to the core router - but this shouldnt be necessary.

Please find below the (cut down) configurations for the routers - I would be eternally greatful for help on this.

BORDER 1 (2811)
interface FastEthernet0/0
 ip address 192.168.1.77 255.255.255.0
 duplex full
 speed 100
!
interface FastEthernet0/1
 ip address 10.10.104.253 255.255.255.252
 duplex full
 speed 100
!
router bgp 9999
 no synchronization
 bgp router-id 10.10.104.253
 bgp log-neighbor-changes
 bgp redistribute-internal
 timers bgp 30 45 30
 neighbor 10.10.104.254 remote-as 9999
 neighbor 10.10.104.254 next-hop-self
 neighbor 192.168.1.240 remote-as 1111
 neighbor 192.168.1.240 route-map PEER-ANNOUNCE out
 neighbor 192.168.1.253 remote-as 1111
 neighbor 192.168.1.253 route-map PEER-ANNOUNCE out
 no auto-summary
!
ip forward-protocol nd
ip route 10.10.104.0 255.255.255.0 10.10.104.254
ip route 10.10.105.0 255.255.255.0 10.10.104.254
ip route 10.10.106.0 255.255.255.0 10.10.104.254
ip route 10.10.243.0 255.255.255.0 10.10.104.254
ip route 10.10.141.0 255.255.255.0 10.10.104.254
!
!
ip access-list extended peer-announce
 permit ip 10.10.243.0 0.0.0.255 any
 permit ip 10.10.104.0 0.0.0.255 any
 permit ip 10.10.105.0 0.0.0.255 any
 permit ip 10.10.106.0 0.0.0.255 any
 permit ip 10.10.141.0 0.0.0.255 any
!
!
route-map PEER-ANNOUNCE permit 10
 match ip address peer-announce
!

BORDER 2 (2611XM)

interface FastEthernet0/0.140
 encapsulation dot1Q 140
 ip address 192.168.2.147 255.255.255.248
!
interface FastEthernet0/1.162
 encapsulation dot1Q 162
 ip address 10.10.104.249 255.255.255.252
!
router bgp 9999
 no synchronization
 bgp router-id 10.10.104.249
 bgp log-neighbor-changes
 neighbor 10.10.104.250 remote-as 9999
 neighbor 10.10.104.250 default-originate
 neighbor 10.10.104.250 filter-list 1 out
 neighbor 192.168.2.145 remote-as 3333
 neighbor 192.168.2.145 route-map OUT out
 no auto-summary
!
ip classless
ip route 10.10.104.0 255.255.255.0 10.10.104.250
ip route 10.10.243.0 255.255.255.0 10.10.104.250
ip route 10.10.141.0 255.255.255.0 10.10.104.250
!
ip as-path access-list 1 deny .*
!
!
ip access-list extended out
 permit ip 10.10.243.0 0.0.0.255 any
 permit ip 10.10.104.0 0.0.0.255 any
 permit ip 10.10.141.0 0.0.0.255 any
 permit ip 10.10.105.0 0.0.0.255 any
 permit ip 10.10.106.0 0.0.0.255 any
!
route-map OUT permit 10
 match ip address out
 set local-preference 800
 set as-path prepend 9999 9999 9999 9999 9999 9999 9999
!



CORE ROUTER (2811)

interface FastEthernet0/0.161
 encapsulation dot1Q 161
 ip address 10.10.104.254 255.255.255.252
!
interface FastEthernet0/0.162
 encapsulation dot1Q 162
 ip address 10.10.104.250 255.255.255.252
!
interface FastEthernet0/1.163
 encapsulation dot1Q 163
 ip address 10.10.104.238 255.255.255.252
!
router bgp 9999
 no synchronization
 bgp log-neighbor-changes
 bgp redistribute-internal
 timers bgp 30 45 30
 neighbor 10.10.104.237 remote-as 9999
 neighbor 10.10.104.237 default-originate
 neighbor 10.10.104.237 filter-list 1 out
 neighbor 10.10.104.249 remote-as 9999
 neighbor 10.10.104.249 route-reflector-client
 neighbor 10.10.104.249 next-hop-self
 neighbor 10.10.104.249 weight 800
 neighbor 10.10.104.249 route-map INTERNAL out
 neighbor 10.10.104.253 remote-as 9999
 neighbor 10.10.104.253 update-source FastEthernet0/0.161
 neighbor 10.10.104.253 route-reflector-client
 neighbor 10.10.104.253 next-hop-self
 neighbor 10.10.104.253 weight 1600
 neighbor 10.10.104.253 route-map INTERNAL out
 no auto-summary
!
ip forward-protocol nd
!
ip as-path access-list 1 deny .*
!
!
ip access-list extended core-to-border
 permit ip 10.10.243.0 0.0.0.255 any
 permit ip 10.10.104.0 0.0.0.255 any
 permit ip 10.10.105.0 0.0.0.255 any
 permit ip 10.10.106.0 0.0.0.255 any
 permit ip 10.10.141.0 0.0.0.255 any
!
access-list 1 permit any
!
route-map INTERNAL permit 10
 match ip address core-to-border
!



CORE SWITCH (3560G)



router bgp 9999
 no synchronization
 bgp log-neighbor-changes
 bgp redistribute-internal
 network 10.10.104.0 mask 255.255.255.0
 network 10.10.105.0 mask 255.255.255.0
 network 10.10.106.0 mask 255.255.255.0
 network 10.10.243.0
 network 10.10.141.0
 aggregate-address 10.10.104.0 255.255.255.0 summary-only
 aggregate-address 10.10.243.0 255.255.255.0 summary-only
 neighbor 10.10.104.238 remote-as 9999
 neighbor 10.10.104.238 transport path-mtu-discovery
 neighbor 10.10.104.238 next-hop-self
 neighbor 10.10.104.238 route-map CORE-ANNOUNCE out
 no auto-summary
!
!
ip access-list extended core-announce
 permit ip 10.10.243.0 0.0.0.255 any
 permit ip 10.10.104.0 0.0.0.255 any
 permit ip 10.10.105.0 0.0.0.255 any
 permit ip 10.10.106.0 0.0.0.255 any
 permit ip 10.10.141.0 0.0.0.255 any
!
route-map CORE-ANNOUNCE permit 10
 match ip address core-announce
!


0
Comment
Question by:gregnetau
2 Comments
 
LVL 3

Accepted Solution

by:
apd32123 earned 2000 total points
ID: 24793886
route-map INTERNAL permit 10
 match ip address core-to-border
 set ip next-hop x.x.x.x

or

set ip next-hop peer-address

You are using a route-map to control outbound updates I would set the next-hop parameters there.
0
 

Author Closing Comment

by:gregnetau
ID: 31600489
Thanks - Perfect - that has solved all of the problems!!
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
AWS has developed and created its highly available global infrastructure allowing users to deploy and manage their estates all across the world through the use of the following geographical components   RegionsAvailability ZonesEdge Locations  Wh…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question