6 Replies Latest reply: May 23, 2019 8:32 AM by Martin RSS

    BGP route should be inaccessible but is not

    dvangyzeghem

      Dear,

       

      I have some different bgp entries in the table for most of the destination subnets.

      For most of my routes 1 of the 3 entries is marked as inaccessible , because the associated next-hop is unreachable.

      So that is as it should.

       

      For at least 1 destination, the "incorrect" entry to the unreachable next hop is not marked as inaccessible, although it has the same unreachable next-hop.

      It is also put in the routing table and the result is that it does not work for that subnet.

       

       

      Anybody can explain this please?

      Only thing i see is that 10.0.0.0/8 is classfull network and the ones where it works good are all more specific, but i dont know how that could have an impact.

      Also version number but same there , i dont see how that could have an impact.

      All the other parameters are exactly the same.

      The X.X.X.X is also the same IP

       

       

      BGP routing table entry for 10.0.0.0/8, version 207267

        10.234.187.102 from X.X.X.X

        Origin IGP, metric 0, localpref 70, valid, internal, best

       

      BGP routing table entry for 10.6.32.0/21, version 218790

        10.234.187.102 (inaccessible) from X.X.X.X

        Origin IGP, metric 0, localpref 70, valid, internal

       

       

       

      Thank you in advance

       

       

        • 1. Re: BGP route should be inaccessible but is not
          Juergen Ilse CCNA R&S

          an you please provide more information to us? The configuration of the bgp process and the complete output of "sh ip bgp 10.0.0.0" and "sh ip bgp 10.6.32.0"?

          • 2. Re: BGP route should be inaccessible but is not
            dvangyzeghem

            Hi juergen,

             

            I prefer not to put the entire bgp config , you would need also the config of 3 other routers and a bunch of route maps and filters.

            The rest of the "sho ip bgp" command output  is completly normal.

            We have changed the configuration also to fix the issue.

            I understand if you cannot help then.

             

            I hope someone recognizes my issue and can think of possible reasons.

             

            I believe this is not really config related , but has to do with the built in next-hop check in BGP that seems to fail for the 10.0.0.0/8.

             

             

            thank you anyway

            • 3. Re: BGP route should be inaccessible but is not
              jh

              I replicated your problem, nothing too special in the configs below. See further below with debug ip bgp and ip routing. I expect you're right and it's the point at which the check is performed.

               

              R1#

              router bgp 100

              bgp log-neighbor-changes

              neighbor 192.168.12.2 remote-as 100

              neighbor 192.168.12.2 route-map LOC_PREF in ! just to replicate your 70

               

              R2#

              router bgp 100

              bgp log-neighbor-changes

              network 10.0.0.0

              network 10.6.32.0 mask 255.255.248.0

              neighbor 192.168.12.1 remote-as 100

              !

              ip route 10.0.0.0 255.0.0.0 10.234.187.102

              ip route 10.6.32.0 255.255.248.0 10.234.187.102

              ip route 10.234.187.102 255.255.255.255 Null0


              ! Create a static route on R1 to make the BGP next hop accessible

              R1(config)#ip route 10.234.187.102 255.255.255.255 Null0

              R1(config)#

              *May 22 20:40:26.977: RT: updating static 10.234.187.102/32 (0x0)  :

                  via 0.0.0.0 Nu0 0 1048578


              *May 22 20:40:26.977: RT: network 10.0.0.0/8 is now subnetted

              *May 22 20:40:26.977: RT: network 10.0.0.0 is now variably masked

              *May 22 20:40:26.977: RT: add 10.234.187.102/32 via 0.0.0.0, static metric [1/0]

              R1(config)#

              *May 22 20:40:31.980: RT: updating bgp 10.0.0.0/8 (0x0)  :

                  via 10.234.187.102  0 1048577

               

              *May 22 20:40:31.980: RT: closer admin distance for 10.0.0.0, flushing 1 routes

              *May 22 20:40:31.980: RT: add 10.0.0.0/8 via 10.234.187.102, bgp metric [200/0]

              *May 22 20:40:31.980: RT: updating bgp 10.6.32.0/21 (0x0)  :

                  via 10.234.187.102  0 1048577

               

              *May 22 20:40:31.981: RT: add 10.6.32.0/21 via 10.234.187.102, bgp metric [200/0]

              *May 22 20:40:31.981: BGP_Router: unhandled major event code 128, minor 0

              R1(config)#do sh ip bgp 10.0.0.0/8                     

              BGP routing table entry for 10.0.0.0/8, version 6

              Paths: (1 available, best #1, table default)

                Not advertised to any peer

                Refresh Epoch 1

                Local

                  10.234.187.102 from 192.168.12.2 (192.168.12.2)

                    Origin IGP, metric 0, localpref 70, valid, internal, best

                    rx pathid: 0, tx pathid: 0x0

              R1(config)#do sh ip bgp 10.6.32.0/21                   

              BGP routing table entry for 10.6.32.0/21, version 7

              Paths: (1 available, best #1, table default)

                Not advertised to any peer

                Refresh Epoch 1

                Local

                  10.234.187.102 from 192.168.12.2 (192.168.12.2)

                    Origin IGP, metric 0, localpref 70, valid, internal, best

                    rx pathid: 0, tx pathid: 0x0


              ! Now remove the static route on R1 to make the next hop inaccessible

              R1(config)#no ip route 10.234.187.102 255.255.255.255 Null0

              R1(config)#

              *May 22 20:41:03.426: RT: del 10.234.187.102 via 0.0.0.0, static metric [1/0]

              *May 22 20:41:03.426: RT: delete subnet route to 10.234.187.102/32

              R1(config)#

              *May 22 20:41:08.429: RT: updating bgp 10.0.0.0/8 (0x0)  :

                  via 10.234.187.102  0 1048577

               

              *May 22 20:41:08.429: RT: closer admin distance for 10.0.0.0, flushing 1 routes

              *May 22 20:41:08.429: RT: add 10.0.0.0/8 via 10.234.187.102, bgp metric [200/0]

              *May 22 20:41:08.429: RT: del 10.6.32.0 via 10.234.187.102, bgp metric [200/0]

              *May 22 20:41:08.430: RT: delete subnet route to 10.6.32.0/21

              *May 22 20:41:08.430: BGP_Router: unhandled major event code 128, minor 0

              R1(config)#

              *May 22 20:41:23.070: BGP: topo global:IPv4 Unicast:base Scanning routing tables

              *May 22 20:41:23.070: BGP: topo global:IPv4 Multicast:base Scanning routing tables

              *May 22 20:41:23.070: BGP: topo global:L2VPN E-VPN:base Scanning routing tables

              *May 22 20:41:23.070: BGP: topo global:MVPNv4 Unicast:base Scanning routing tables


              ! 10.0.0.0/8 remains valid and best; 10.6.32.0/21 now shows 10.234.187.102 (inaccessible)

              R1(config)#do sh ip bgp 10.0.0.0/8                       

              BGP routing table entry for 10.0.0.0/8, version 8

              Paths: (1 available, best #1, table default)

                Not advertised to any peer

                Refresh Epoch 1

                Local

                  10.234.187.102 from 192.168.12.2 (192.168.12.2)

                    Origin IGP, metric 0, localpref 70, valid, internal, best

                    rx pathid: 0, tx pathid: 0x0

              R1(config)#do sh ip bgp 10.6.32.0/21                     

              BGP routing table entry for 10.6.32.0/21, version 9

              Paths: (1 available, no best path)

                Not advertised to any peer

                Refresh Epoch 1

                Local

                  10.234.187.102 (inaccessible) from 192.168.12.2 (192.168.12.2)

                    Origin IGP, metric 0, localpref 70, valid, internal

                    rx pathid: 0, tx pathid: 0


              ! 10.0.0.0/8 remains in routing table

              R1(config)#do sh ip route

              Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

                    D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

                    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

                    E1 - OSPF external type 1, E2 - OSPF external type 2

                    i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

                    ia - IS-IS inter area, * - candidate default, U - per-user static route

                    o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

                    a - application route

                    + - replicated route, % - next hop override, p - overrides from PfR

               

              Gateway of last resort is not set

               

              B 10.0.0.0/8 [200/0] via 10.234.187.102, 00:00:35

                    192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks

              C        192.168.12.0/24 is directly connected, GigabitEthernet0/0.12

              L        192.168.12.1/32 is directly connected, GigabitEthernet0/0.12

                    192.168.13.0/24 is variably subnetted, 2 subnets, 2 masks

              C        192.168.13.0/24 is directly connected, GigabitEthernet0/0.13

              L        192.168.13.1/32 is directly connected, GigabitEthernet0/0.13


              ! You might also notice, not unexpectedly, this:

              *May 22 21:08:18.477: %IPRT-3-RIB_LOOP: Resolution loop formed by routes in RIB


              ! Clear BGP and both will flag up inaccessible


              • 4. Re: BGP route should be inaccessible but is not
                dvangyzeghem

                Hello JH,

                 

                Thank you very much for replicating this.

                 

                So this seems to be a bug/limitation in BGP that for some prefixes this check does not work correctly from the first time.

                 

                 

                I will avoid these setups with unreachable next hops , so i do not depend on this bgp mechanism.

                • 5. Re: BGP route should be inaccessible but is not
                  jh

                  No problem, I recalled seeing it before; I assume it's a hangover from the good old days. I didn't check to see if a bug report was submitted.

                  • 6. Re: BGP route should be inaccessible but is not
                    Martin

                    the config of 3 other routers and a bunch of route maps and filters.

                     

                    You can use route maps to change Next Hop value. check your route maps for line " set ip next-hop x.x.x.x" and if u have such line, check route maps in/out direction and structure of them. make sure u have them applied properly. 

                    if u use route maps to change next hop ip in bgp, then u do not need neighbor x.xx.x next-hop-self