New BGP neighbor help

cb_it
cb_it used Ask the Experts™
on
I have a MPLS WAN with Verizon that connects my 6 locations. My routers are running BGP. I'm far from an expert so be kind.

Verizon added fiber connections at 3 of my locations. These fiber circuits will replace my copper lines I have now. So I received new BGP IP info from Verizon and I connected up the cables to a different interface on the router. So the current WAN cables are still connected.

So I shutdown the current interface and I'm assuming the new BGP routes will take affect but they don't. The info below is from router 1.

router bgp 65001
 no synchronization
 bgp log-neighbor-changes
 timers bgp 10 30
 redistribute connected
 redistribute static
 neighbor 152.176.XXX.XXX remote-as 65000 (current BGP)
 neighbor 199.220.XXX.XXX remote-as 65000 (new BGP)
 no auto-summary


Any ideas?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2014

Commented:
What does the output from  "show ip bgp nei"  show?

How long did you leave the link down for?

Does Verizon have the correct IP address for you on the link?

Author

Commented:
The neighbors do show when I run the sh ip bgp neighbors. I can post more of this output if need be.

I had the link down for about 10 minutes.

I'm pretty sure that Verizon has the correct info.

When I shut my current wan, I then do an extended ping from new interface to new interface on other router and I get a reply. Yet my routers cant ping each other. Wish I knew a better way to explain this.
Top Expert 2014

Commented:
Can you post the output from "show ip bgp summary"
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
The 172.16.1.1 and 172.16.1.2 is a point-to-point circuit I have with Verizon. I also shut this down when I'm trying to test.

R1#sh ip bgp summ
BGP router identifier 172.16.1.1, local AS number 65001
BGP table version is 667, main routing table version 667
25 network entries using 3300 bytes of memory
43 path entries using 2236 bytes of memory
12/6 BGP path/bestpath attribute entries using 2016 bytes of memory
3 BGP AS-PATH entries using 72 bytes of memory
1 BGP extended community entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 2 (at peak 4) using 64 bytes of memory
BGP using 7712 total bytes of memory
BGP activity 164/139 prefixes, 629/586 paths, scan interval 60 secs

Neighbor        V          AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
152.176.XX.XXX  4      65000  320337  320518      667    0    0 12:07:45       11
172.16.1.2      4      65001  354649  320340      667    0    0 12:05:32       19
199.220.XXX.XX  4      65000  110014  105255      667    0    0 22:00:39        3
Top Expert 2014

Commented:
Well it shows that you are communicating with 199.220.XXX.XXX and you received some routes.

"show ip bgp nei 199.220.XXX.XXX received-routes"

will show you what routes you have received.  I would verify that the route to 199.220.XXX.XXX is via the new link.  If by some weird chance it is by one of the other two links you would loose contact with it when you take them down.
bgp convergence typically requires 20 minutes or so.

in the mean time you can check that you can ping networks that are near you. use traceroute to a well-known address and pings to visualise the propagation so you don't miss too many heart beats during those 20 minutes

Author

Commented:
20 minutes really?

When I shut my WAN link, the 172.16.1.1 point-to-point link usually comes up within 30 seconds. Same if I shut the point-to-point. Traffic using that link will start to use the WAN link. My bgp timers used to be set to the default of 180 seconds, now it's 30. So I'm surprised to hear 20 minutes. If 20 minutes is accurate I will shut my interfaces tonight from home and wait.

Also, when I run the
show ip bgp nei 199.220.XXX.XXX received-routes
Inbound soft reconfiguration not enabled on 199.220.XXX.XXX

Author

Commented:
Here is a piece from show ip bgp nei 199.220.XXX.XXX advertised-routes

My branch traffic will use the 152.176.XXX.XXX WAN link. I use the 172.16.1.2 point-to-point for my DR datacenter.

The next hop for this new fiber circuit shows 0.0.0.0 for next hop. Should that be like that? Again, I'm not an expert. I'm probably missing something silly. Thanks for the help.


   Network          Next Hop  
*> 10.10.153.0/24  152.176.XXX.XXX
*> 10.10.154.0/24  152.176.XXX.XXX
*>i10.10.155.0/24  172.16.1.2    
*> 10.10.156.0/24  0.0.0.0      
*> 10.10.157.0/24  152.176.XXX.XXX  
*> 10.10.158.0/25  152.176.XXX.XXX    
*> 199.220.XXX.XXX/30 0.0.0.0
20 minutes really?

yes. connecting to a peer occurs within seconds. what i'm referring to is the time it takes for the other ASs to learn that you can/need be reached on the new route. bgp-enabled systems tell one another about routes modifications typically once every 30 seconds. there are approximately 50k ASs, and some of them are accessible through dozens of hops.

Inbound soft reconfiguration not enabled

i'm no cisco expert but i'd assume your box is not configured to learn routes from it's peer. this is a normal setup if you do not use multiple links simultaneously, and need to select the best path for each AS. the same message may appear likewise if the peer is not configured to send routes.

you should be able to set the peer's address manually using
neighbor IPADDRESS remote-as ASNUMBER

i can't tell if enabling soft reconfiguration would or would not be a better way. if the peer supports it and it is disabled on your side, probably yes.

Author

Commented:
I was unable to test last night. I will try tonight.

Also, I do use this to set the peer address.

neighbor IPADDRESS remote-as ASNUMBER

Author

Commented:
Let's get back to the 20 minutes.

what i'm referring to is the time it takes for the other ASs to learn that you can/need be reached on the new route.

My main office and my datacenter communicate using a 10Mb point-to-point circuit. They can also communicate via the WAN if the point-to-point goes down. When I disconnect the point-to-point circuit, the WAN link will be up in about 20-30 seconds and I can communicate again with my datacenter. Where does the 20 minutes come from?

I guess I'm thinking that if I disconnect my current WAN circuit, the new BGP wan link will come up with 20-30 seconds as well.

I have attached a picture. The thin black lines are my current BGP WAN. The red lines and IP's are the new circuits. I shutdown the 152.162.6.1 at the main office and I'm done - I cant communicate with my other offices.
BJS-MPLS-Network2-NO-IP.png
Top Expert 2014

Commented:
If this is over private MPLS links, then it will be 20-30 seconds.

What I believe skullnobrains is talking about is over the Internet it could take up to 20 minutes for everybody to get the updates.

Author

Commented:
Thanks for the reply, giltjr. I was pretty sure that 20 minutes was not the norm for a private network.

Do you have any ideas for my dilemma above? Seems like the circuits and IP's are all up and running, it's just that BGP is not working right - like it's not learning the routes to take.

Thanks for any help you can provide.
sorry, i misread part of your question : i confirm the link should come up within seconds.

have you tried setting the address once manually, and then enabling updates (see my previous post) ? the message is pretty explicit and indicates updates are disabled on either side.

Author

Commented:
I do have the peer address set manually.  I typed this in when I was activating this new circuit when I had Verizon on the phone

neighbor 199.220.6.1 remote-as 65000

As you can see in my config I do not have any networks configured for BGP, I just have redistribute connected.

router bgp 65001
 no synchronization
 bgp log-neighbor-changes
 timers bgp 10 30
 redistribute connected
 redistribute static

What I did try was to set a static route to 10.10.1.0 and of course the link to that office came right up.
ip route 10.10.1.0 255.255.255.0 199.220.6.2

When I am testing all of this I have my monitoring software up, and I can ping all of the Verizon neighbor IP's, but I cant ping my local router IP's.

When I have both the point-to-point circuit and the WAN interface shut here is what I see - the 199.220.6.2 is not active.

Neighbor             V          AS    MsgRcvd MsgSent   Tbl  Ver  InQ OutQ Up/Down  State/PfxRcd
152.162.6.2  4      65000  374830  375050        0      0    0 00:19:14 Idle
172.16.1.2           4      65001  413356  374936        0      0    0 00:00:35 Active
199.220.6.2  4      65000  170258  160092      858    0    0 1d03h           8
i was under the assumption that 199.220.6.2 was your default gateway, and that the previous link was manually shut down.

if another link to the same AS is up and working (or was shortlyt before), i'm unsure this is even supposed to work (but i'm quite out of my league here).

can you try a shutdown on the other link and then "clear ip bgp 65000", and if the link activates as expected, set the gateway accordingly ?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial