1 2 Previous Next 15 Replies Latest reply: May 1, 2012 10:24 AM by black-cisco01 RSS

    BGP default route problem

    Julian

      Hi everyone,

       

      I am trying to receive a default route via BGP from an ISP (ASN 200) and propagate it through my ASN (64512) via EIGRP. The scenario is the following. I have also attached the routers configurations.

       

      BGPscenario.png

       

      However, I have a weird problem. I am injecting a default route from the ISP with the command "neighbor 192.168.1.6 default-originate". Before propagating a default route through ASN 64512 I can ping the ISP's loopback0 from SanJose1:

       

      SanJose1#sh ip route | begin Gateway
      Gateway of last resort is 192.168.1.5 to network 0.0.0.0

           172.16.0.0/24 is subnetted, 3 subnets
      D       172.16.32.0 [90/2297856] via 172.16.1.2, 00:40:24, Serial0/1
      C       172.16.1.0 is directly connected, Serial0/1
      C       172.16.64.0 is directly connected, Loopback0
           192.168.1.0/30 is subnetted, 1 subnets
      C       192.168.1.4 is directly connected, Serial0/0
      B*   0.0.0.0/0 [20/0] via 192.168.1.5, 00:37:30

       

      SanJose1#ping 192.168.100.1

      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds:
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 12/28/64 ms

       

      Next, I create a loopback on SanJose1 and use it to propagate a default route:

       

      SanJose1#conf t

      Enter configuration commands, one per line.  End with CNTL/Z.

      SanJose1(config)#int loopback 1

      *Mar  1 00:43:56.007: %LINK-3-UPDOWN: Interface Loopback1, changed state to up

      *Mar  1 00:43:57.007: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up

      SanJose1(config-if)#ip address 192.168.2.2 255.255.255.0

      SanJose1(config-if)#exit

      SanJose1(config)#ip default-network 192.168.2.0

       

      On SanJose2 I have the default and I can ping the ISP's loopback:

       

      SanJose2#sh ip route | begin Gateway
      Gateway of last resort is 172.16.1.1 to network 192.168.2.0

           172.16.0.0/24 is subnetted, 3 subnets
      C       172.16.32.0 is directly connected, Loopback0
      C       172.16.1.0 is directly connected, Serial0/1
      D       172.16.64.0 [90/2297856] via 172.16.1.1, 00:44:24, Serial0/1
      D*   192.168.2.0/24 [90/2297856] via 172.16.1.1, 00:00:37, Serial0/1

      SanJose2#ping 192.168.100.1

      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds:
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 12/36/68 ms

       

      The problem comes now, when I try to ping the ISP's loopback from SanJose1 again, I can't:

       

      SanJose1#ping 192.168.100.1

      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds:
      .....
      Success rate is 0 percent (0/5)

       

      And if I debug to see the cause of the problem, I see that now the source address of the pings is loopback1:

       

      SanJose1#debug ip packet
      IP packet debugging is on
      SanJose1#ping 192.168.100.1 repeat 1

      Type escape sequence to abort.
      Sending 1, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds:

      *Mar  1 00:49:14.695: IP: tableid=0, s=192.168.2.2 (local), d=192.168.100.1 (Serial0/0), routed via FIB
      *Mar  1 00:49:14.695: IP: s=192.168.2.2 (local), d=192.168.100.1 (Serial0/0), len 100, sending
      Success rate is 0 percent (0/1)

       

      What is the reason of this behavior? Why the source of the ping is loopback1 and not interface serial 0/0/0 on SanJose1 now?

       

      And other question about the propagation of the default route in ASN 64512. Can I get in EIGRP a default propagated only when receiving the default from the ISP? This is easily done in OSPF using the "default-information originate" OSPF subcommand. However, in EIGRP, the "ip default-network" command propagates the route regardless of the default received from the ISP (as in this example). Also, with the "ip route 0.0.0.0 0.0.0.0 s0/0/0" command on SanJose1 and redistributing statics or using network 0.0.0.0, the default is propagated always unless interface s0/0/0 goes down, but if the interface is up and working and the ISP stops sending the default, a default route is still propated through ASN 64512.

       

      All comments will be very much appreciated.

       

      Best regards,

      Julián

        • 1. Re: BGP default route problem
          Tigger

          Regarding the ping source behavior....

           

          I worked with your configs.   You are correct that the source goes to default loopback-1(the default-network).

          Interesting thing while experimenting with this.

           

          *  when I  shutdown loopback-1,  loopback-0  then became the source IP.

          * THEN  when I also shutdown loopback-0,  it finally went back to the s0/0.

           

          * When I brought up loopback-0, the source remained at S0/0.

          *BUT when bringing up loopback-1 again....source reverted to lo1.

           

          When I removed the command  ip default-network 192.168.2.0      the problem went away.

           

          still working through it.

          EDIT:   trying to replicate this with  loopback-0 (172.16.64.0), by changing the default-network command.   No luck.   It returns to S0/0  as we would like it to be.

          • 2. Re: BGP default route problem
            black-cisco01

            I'm learing for route so i would like to join the thinking process and has build the lab also.

            the first problem i encounter is, when adding the ip default-network 192.168.2.0 this was the output

            on Sanjose2:

             

            Gateway of last resort is 172.16.1.1 to network 192.168.2.0

             

                 172.16.0.0/24 is subnetted, 3 subnets

            C       172.16.32.0 is directly connected, Loopback0

            C       172.16.1.0 is directly connected, Serial0/0

            D       172.16.64.0 [90/2297856] via 172.16.1.1, 00:18:59, Serial0/0

            D*   192.168.2.0/24 [90/2297856] via 172.16.1.1, 00:00:26, Serial0/0

            B*   0.0.0.0/0 [200/0] via 192.168.1.5, 00:00:09

            R3#ping 192.168.100.1

             

            Type escape sequence to abort.

            Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds:

            .....

            Success rate is 0 percent (0/5)

            =====================================================

             

            Not possible to ping so i was wondering how it was possible for Julian to ping succesfully.

            Also because the ISP has no entry for the 172.16.1.0/24 in its routing table:

             

            R1#sh ip ro

             

            Gateway of last resort is not set

             

                 192.168.1.0/30 is subnetted, 1 subnets

            C       192.168.1.4 is directly connected, Serial0/0

            C    192.168.100.0/24 is directly connected, Loopback0

            ====================================================

             

            Secondly when adding the ip default-net 192.168.2.0 on Sanjose1 this was the output:

             

            R2#sh ip ro

             

            Gateway of last resort is not set

             

                 172.16.0.0/24 is subnetted, 3 subnets

            D       172.16.32.0 [90/2297856] via 172.16.1.2, 00:41:16, Serial0/1

            C       172.16.1.0 is directly connected, Serial0/1

            C       172.16.64.0 is directly connected, Loopback0

                 192.168.1.0/30 is subnetted, 1 subnets

            C       192.168.1.4 is directly connected, Serial0/0

            C*   192.168.2.0/24 is directly connected, Loopback1

            B*   0.0.0.0/0 [20/0] via 192.168.1.5, 00:05:13

             

            As u can see its has 2 candidate default but no gateway of last resort, so this could be the problem for not able to ping from Sanjose1 and that Lo1 one is being seeing as source.

            ====================================================

             

            I have also noticed that there is no IBGP neighborship command in the configuration Julian has posted.

             

            Last but not least i very strange thing happend and that is on Sanjose2 when i just build the lab and added the default route from the ISP i looked at Sanjose2 this what is saw:

             

            R3#sh ip ro 

             

            Gateway of last resort is 192.168.1.5 to network 0.0.0.0

             

                 172.16.0.0/24 is subnetted, 3 subnets

            C       172.16.32.0 is directly connected, Loopback0

            C       172.16.1.0 is directly connected, Serial0/0

            D       172.16.64.0 [90/2297856] via 172.16.1.1, 00:39:35, Serial0/0

            B*   0.0.0.0/0 [200/0] via 192.168.1.5, 00:00:44

             

            and a few moments later the route was gone:

             

            R3#sh ip ro

             

            Gateway of last resort is not set

             

                 172.16.0.0/24 is subnetted, 3 subnets

            C       172.16.32.0 is directly connected, Loopback0

            C       172.16.1.0 is directly connected, Serial0/0

            D       172.16.64.0 [90/2297856] via 172.16.1.1, 00:40:26, Serial0/0

             

            sorry if the text is a bit long...

             

            cheers...

             

            ps: if found a similar topic but still i'm not able to inject the BGP default route into Eigrp

             

            https://learningnetwork.cisco.com/thread/42283

            • 3. Re: BGP default route problem
              borzol CCNP (CCIE R&S candidate)

              hi,

               

              with care, you can use on sanjose1 serial 0/0/1 the ip summary address eigrp 64512 0.0.0.0 0.0.0.0 254

               

              in this way, you advertise default route into eigrp domain but not override the default route from R1 on sanjose1.

               

              borzol

              • 4. Re: BGP default route problem
                Brian

                On San Jose1, under the EIGRP process redistribute the BGP route.  Don't forget the default seed metric for EIGRP.

                 

                router eigrp 1

                redistribute bgp <ASN> metric 100000 100 255 1 1500

                 

                Also, does ISP1 have a route to the networks on San Jose 2?  Make ISP has at least a route to the 172.16.0.0/16 network to San Jose 1.

                 

                Hope this helps.

                 

                Brian

                 

                • 5. Re: BGP default route problem
                  borzol CCNP (CCIE R&S candidate)

                  hi,

                   

                  can U send me r1 routing and/or bgp table? Has r1 routing for your 64512 domain?

                   

                  i think your bgp configuration is incorrect because bgp will advertise only those networks which is in your routing table (exact present) and you advertise under bgp configuration.

                   

                  Your config is:

                   

                  router bgp 64512

                  no synchronization

                  bgp log-neighbor-changes

                  network 172.16.0.0  -> it looks for 172.16.0.0 255.255.0.0 in your routing table.

                  network 172.16.1.0 mask 255.255.255.0 ->it looks for 172.116.1.0 255.255.255.0 in your routing table

                  neighbor 192.168.1.5 remote-as 200

                  no auto-summary

                  !

                  so I think you will advertise the serial link network between sj1 and sj2  but not advertise 172.16.64.0/24 and 172.16.32.0/24

                  Try aggregate address on sj1 to r1 for 172.16.0.0 255.255.0.0 [summary-only] or add more specific network commands.

                   

                  I don't think that VIP solution is fully ok. It is ok in this situation but not when you are in real word, where bgp has more than 100000 routing instance. Cisco doesn't recomend this solution - redistribute bgp into IGP routing process- too.

                   

                  regards,

                  borzol

                  • 6. Re: BGP default route problem
                    Brian

                    In this situation (and even in the real world) if the only BGP route you had were the default route, then redistributing BGP into an IGP is perfectly fine.  You are correct (and I agree) if you were taking the whole BGP table I would not recommend redistributing BGP into your IGP.

                     

                    In your AS 64512 you have various 172.16.x.0/24 subnets.  As long as your IGP (EIGRP in this case) knows how to reach everyone, then it is perfectly fine to have your BGP advertise the 172.16.0.0/16 prefix to ISP 1.  For example:

                     

                    router bgp 64512

                    no sync

                    bgp log-neighbor-changes

                    network 172.16.0.0

                    neighbor 192.168.1.5 remote-as 200

                    !

                    !

                    ip route 172.16.0.0 255.255.0.0 null 0

                     

                    If you do not include the serial subnet in a network statement under the BGP process it will not be advertised via BGP.  In this example there is no need to redistribute your EIGRP learned routes into BGP either.  This is a matter of choice.  Industry best practice is to summarize your internal networks prior to advertising into BGP, in order to keep the BGP Internet table small.

                     

                    Hope this helps.

                     

                    Brian

                     

                    • 7. Re: BGP default route problem
                      black-cisco01

                      yes that did the job indeed, but i still have some question

                       

                      @julian how were u able to ping the ISP from SJ1 ( with the info provided in ur show run output) as it seems some information was missing ( like a static route from the ISP to the 172.16.0.0 network etc...)

                       

                      @Brian how come i was able to ping from SJ2 to the ISP loopback 192.168.100.1 with this output from SJ2:

                       

                      R3#sh ip bgp

                      BGP table version is 3, local router ID is 172.16.32.1

                      Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

                                    r RIB-failure, S Stale

                      Origin codes: i - IGP, e - EGP, ? - incomplete

                       

                         Network          Next Hop            Metric LocPrf Weight Path

                      r>i0.0.0.0          192.168.1.5              0    100      0 200 i

                       

                      R3#ping 192.168.100.1

                       

                      Type escape sequence to abort.

                      Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds:

                      !!!!!

                       

                      R3#traceroute 192.168.100.1

                       

                      Type escape sequence to abort.

                      Tracing the route to 192.168.100.1

                       

                        1 172.16.1.1 28 msec 16 msec 20 msec

                        2 192.168.1.5 12 msec *  48 msec

                       

                       

                      ISP was the next hop and i was able to ping it

                       

                      I think because of the default route but im not sure. I'm i correct on this?

                      • 8. Re: BGP default route problem
                        Brian

                        can you do a "sh ip route" on R3 (SJ2) router?

                         

                         

                        Brian

                         

                        • 9. Re: BGP default route problem
                          Julian

                          Hi everyone,

                           

                          First of all, thank you everyone for your interest. One day out of my PC, get back and I see lot of useful information and questions

                           

                          @black-cisco01, thank you for your interest and the link https://learningnetwork.cisco.com/thread/42283, I found there a way to have a default propagated through ASN 64512 but only when a default is advertised from ISP to SanJose1, just as I wanted. This can be done by redistributing the default from BGP into EIGRP on SanJose1. Brian also says that, I tried and it works perfectly.

                          I can ping from SanJose1 and SanJose2 to the ISP's loopback because the ISP has network 172.16.0.0 in its bgp table:

                           

                          ISP#sh ip bgp
                          BGP table version is 2, local router ID is 192.168.100.1
                          Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
                                        r RIB-failure, S Stale
                          Origin codes: i - IGP, e - EGP, ? - incomplete

                             Network          Next Hop            Metric LocPrf Weight Path
                          *> 172.16.0.0       192.168.1.6              0             0 64512 i

                           

                          because on SanJose1's configuration:

                           

                          router bgp 64512

                          no synchronization

                          bgp log-neighbor-changes

                          network 172.16.0.0

                          neighbor 192.168.1.5 remote-as 200

                          no auto-summary

                          !

                          ip route 172.16.0.0 255.255.0.0 Null0 <<< I forgot this line in my routers' configurations I attached

                           

                          So, pings are succesfully .

                           

                          I have also noticed that there is no IBGP neighborship command in the configuration Julian has posted.

                           

                          black-cisco01, there is no need for an iBGP peering between SanJose1 and SanJose2, I am using only EIGRP inside ASN 64512.

                           

                          @borzol, I have also tried your way with "ip summary-address eigrp 64512 0.0.0.0 0.0.0.0 254" and it also works. But honestly, I like more by redistributing from BGP into EIGRP, because with ip summary-address when the ISP does not advertise the default there is a 0.0.0.0 0.0.0.0 to null0 in SanJose1's RIB, although that is not a problem. Also, it is a very good solution when the ISP advertises full updates plus the default, because as you said it is not a good practice redistributing thousands of routes from BGP into EIGRP.

                           

                          @Brian, as I already said, I tried by redistributing from BGP into EIGRP with "redistribute bgp 64512 metric 1500 200 255 1 1500" and it works pretty fine, thank you for the idea

                           

                          @Año del Tigre, thank you, it seems you are the only one worried about the problem of the source address of the pings on SanJose1. I still don't know the reason, but it makes no sense for this behavior. Año del Tigre, Brian, borzol, black-cisco01, can it be a IOS's bug or a GNS3's bug?

                           

                          Best regards,

                          Julián

                           

                          El mensaje fue editado por: Julian

                          • 10. Re: BGP default route problem
                            black-cisco01

                            R3#sh ip ro

                             

                            Gateway of last resort is 172.16.1.1 to network 0.0.0.0

                             

                                 172.16.0.0/24 is subnetted, 3 subnets

                            C       172.16.32.0 is directly connected, Loopback0

                            C       172.16.1.0 is directly connected, Serial0/0

                            D       172.16.64.0 [90/2297856] via 172.16.1.1, 00:00:40, Serial0/0

                            D    192.168.2.0/24 [90/2297856] via 172.16.1.1, 00:00:40, Serial0/0

                            D*EX 0.0.0.0/0 [170/2221056] via 172.16.1.1, 00:00:05, Serial0/0

                            • 11. Re: BGP default route problem
                              borzol CCNP (CCIE R&S candidate)

                              it was a good brain storming.

                              :-)

                              • 12. Re: BGP default route problem
                                Julian

                                Hi black-cisco01,

                                 

                                You can ping the ISP's loopback from SanJose2 because of the EIGRP-learned default route:

                                 

                                D*EX 0.0.0.0/0 [170/2221056] via 172.16.1.1, 00:00:05, Serial0/0

                                 

                                As you said, the SanJose2's bgp table shows next-hop 192.168.1.5, but take care, looking at its bgp table carefully you can see that SanJose2 does not use that BGP default route, it has a "r", which means RIB failure, which means BGP does not put that route into the routing table, probably because you have an EIGRP-learned route with a better administrative distance (external EIGRP's 170 better than iBGP's 200). Try this interesting command "show ip bgp rib-failures"

                                 

                                R3#sh ip bgp

                                BGP table version is 3, local router ID is 172.16.32.1

                                Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

                                              r RIB-failure, S Stale

                                Origin codes: i - IGP, e - EGP, ? - incomplete

                                 

                                   Network          Next Hop            Metric LocPrf Weight Path

                                r>i0.0.0.0          192.168.1.5              0    100      0 200 i

                                 

                                So you were correct

                                 

                                Anyways, I am not using BGP inside ASN 64512 but only EIGRP. I am only using BGP between the ISP and SanJose1.

                                 

                                Regards,

                                Julián

                                • 13. Re: BGP default route problem
                                  black-cisco01

                                  ok thats explains it. thx Julian for the clarification

                                   

                                  ps: how does this command actually works?

                                   

                                  ip route 172.16.0.0 255.255.0.0 Null0 <<< I forgot this line in my routers' configurations I attached

                                  • 14. Re: BGP default route problem
                                    Julian

                                    I wanted SanJose1 to advertise network 172.16.0.0/16 to the ISP, and because of that I configured network 172.16.0.0 under the bgp 64512 process.

                                    But take into account that for BGP to advertise a route via the network command, a matching route must exist in the routing table.

                                    So ip route 172.16.0.0 255.255.0.0 null0 puts a static route into the SanJose1's routing table pointing to null0 like this:

                                     

                                    S       172.16.0.0/16 is directly connected, Null0

                                     

                                    So now there is a matching route to 0.0.0.0 in SanJose1's routing table and it can be advertise via the network 172.16.0.0 command.

                                    This route pointing to null0 does not cause forwarding problems on SanJose1 because it will have more specific routes within network 172.16.0.0/16, such as 172.16.1.0/24, 172.16.64.0/24 and more

                                     

                                    Regards,

                                    Julián

                                    1 2 Previous Next