RE: BGP peer establishment

From: Volkov, Dmitry (IDS Canada) (dmitry_volkov@ca.ml.com)
Date: Sat Jul 05 2003 - 18:48:50 GMT-3

• Next message: Volkov, Dmitry (IDS Canada): "Legacy DDR with ISDN callback - how to restrict server to"
• Previous message: Volkov, Dmitry (IDS Canada): "RE: BGP peer establishment"
• Maybe in reply to: Volkov, Dmitry (IDS Canada): "BGP peer establishment"
• Next in thread: Scott Morris: "RE: BGP peer establishment"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Brian,

I agree that side with def route doesn't even send TCP SYN 179 (debug says
"no route")
I sniffed it
In my case I just put static route on the router with def route.
However I belive we all talk about the same ;)
Router interprets bgp routes originated localy via "network" statement with
"next hop 0.0.0.0"
maybe here is the reason why router doesn't bother to establish session if
it doesn't have longer match to peer.

> -----Original Message-----
> From: Brian McGahan [mailto:brian@cyscoexpert.com]
> Sent: Saturday, July 05, 2003 5:40 PM
> To: 'Volkov, Dmitry (IDS Canada)'; 'Scott Morris'; 'Donny MATEO'
> Cc: ccielab@groupstudy.com
> Subject: RE: BGP peer establishment
>
>
> Dmitry,
>
> This is a different case then. What Scott said is correct. The
> side with the default route cannot initiate the connection.
>
> In your case, since the side with the specific route is on the
> outside interface, it can not initiate a BGP session to the router on
> the inside.
>
> Did you try allowing the BGP connection in from the outside with
> an access-list or a conduit?
>
> HTH,
>
> Brian McGahan, CCIE #8593
> Director of Design and Implementation
> brian@cyscoexpert.com
>
> CyscoExpert Corporation
> Internetwork Consulting & Training
> Toll Free: 866.CyscoXP
> Fax: 847.674.2625
>
>
> > -----Original Message-----
> > From: Volkov, Dmitry (IDS Canada) [mailto:dmitry_volkov@ca.ml.com]
> > Sent: Friday, July 04, 2003 2:46 PM
> > To: 'Brian McGahan'; 'Scott Morris'; 'Donny MATEO'
> > Cc: ccielab@groupstudy.com
> > Subject: RE: BGP peer establishment
> >
> > > -----Original Message-----
> > > From: Brian McGahan [mailto:brian@cyscoexpert.com]
> > > Sent: Friday, July 04, 2003 2:18 PM
> > > To: 'Scott Morris'; 'Donny MATEO'; 'Volkov, Dmitry (IDS Canada)'
> > > Cc: ccielab@groupstudy.com; nobody@groupstudy.com
> > > Subject: RE: BGP peer establishment
> > >
> > >
> > > Not necessarily. As long as one side of the connection has a
> > > longer match than 0.0.0.0/0 adjacency can be established.
> Take the
> >
> > I think this side (with longer match) should no be blocked by
> firewall.
> > In my case I had R5(172.50.50.5)---------(.1)pix(.10)--------
> > (172.50.10.1)R1
> > R5 inside (had default route), R1 outside (had specific route)
> > TCP 179 session from R5 to R1 had to establish BGP peering
> > R5 did't try TCP 179 because of default route.
> >
> > r5#deb ip bgp out
> > BGP debugging is on
> > 01:19:08: BGP: 172.50.10.1 multihop open delayed 19152ms (no route)
> >
> > Does anybody know fundamental explanation - why BGP TCP
> connection is
> not
> > established
> > from source with def route to the neigbor ? is it cisco specific ?
> >
> >
> > > following scenario:
> > >
> > > R1-16.0.0.0/8---R6---26.0.0.0/8---R2
> > >
> > > R1 is in AS 1, R2 is in AS 2. They are transitting R6 to peer.
> > > The only route that R1 has to the 26.0.0.0/8 subnet is a
> > > default, while
> > > R2 has a longer match to 16.0.0.0/8.
> > >
> > > R1#sh run | b router bgp
> > > router bgp 1
> > > bgp log-neighbor-changes
> > > network 1.1.1.1 mask 255.255.255.255
> > > neighbor 26.0.0.2 remote-as 2
> > > neighbor 26.0.0.2 ebgp-multihop 255
> > > !
> > > ip route 0.0.0.0 0.0.0.0 16.0.0.6
> > >
> > > R2#sh run | b router bgp
> > > router bgp 2
> > > bgp log-neighbor-changes
> > > network 2.2.2.2 mask 255.255.255.255
> > > neighbor 16.0.0.1 remote-as 1
> > > neighbor 16.0.0.1 ebgp-multihop 255
> > > !
> > > ip route 16.0.0.0 255.0.0.0 26.0.0.6
> > >
> > > R1#sh ip bgp sum | b Neighbor
> > > Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
> > > State/PfxRcd
> > > 26.0.0.2 4 2 11 11 3 0
> 0 00:06:32
> > > 1
> > >
> > > R2#sh ip bgp sum | b Neighbor
> > > Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
> > > State/PfxRcd
> > > 16.0.0.1 4 1 12 12 3 0
> 0 00:07:10
> > > 1
> > >
> > > R1#sh ip bgp
> > > BGP table version is 3, local router ID is 16.0.0.1
> > > Status codes: s suppressed, d damped, h history, * valid,
> > best, i
> -
> > > internal
> > > Origin codes: i - IGP, e - EGP, ? - incomplete
> > >
> > > Network Next Hop Metric LocPrf Weight Path
> > > *> 1.1.1.1/32 0.0.0.0 0 32768 i
> > > *> 2.2.2.2/32 26.0.0.2 0 0 2 i
> > >
> > > R2#sh ip bgp
> > > BGP table version is 3, local router ID is 26.0.0.2
> > > Status codes: s suppressed, d damped, h history, * valid,
> > best, i
> -
> > > internal
> > > Origin codes: i - IGP, e - EGP, ? - incomplete
> > >
> > > Network Next Hop Metric LocPrf Weight Path
> > > *> 1.1.1.1/32 16.0.0.1 0 0 1 i
> > > *> 2.2.2.2/32 0.0.0.0 0 32768 i
> > >
> > > R1#sh ip route
> > > Codes: C - connected, S - static, I - IGRP, R - RIP, M -
> > > mobile, B - BGP
> > > D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
> area
> > > N1 - OSPF NSSA external type 1, N2 - OSPF NSSA
> external type
> 2
> > > E1 - OSPF external type 1, E2 - OSPF external type
> 2, E - EGP
> > > i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
> ia - IS-IS
> > > inter area
> > > * - candidate default, U - per-user static route, o - ODR
> > > P - periodic downloaded static route
> > >
> > > Gateway of last resort is 16.0.0.6 to network 0.0.0.0
> > >
> > > C 16.0.0.0/8 is directly connected, FastEthernet0/6
> > > 1.0.0.0/32 is subnetted, 1 subnets
> > > C 1.1.1.1 is directly connected, Loopback0
> > > 2.0.0.0/32 is subnetted, 1 subnets
> > > B 2.2.2.2 [20/0] via 26.0.0.2, 00:06:08
> > > S* 0.0.0.0/0 [1/0] via 16.0.0.6
> > > R1#
> > >
> > > R2#sh ip route
> > > Codes: C - connected, S - static, I - IGRP, R - RIP, M -
> > > mobile, B - BGP
> > > D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter
> area
> > > N1 - OSPF NSSA external type 1, N2 - OSPF NSSA
> external type
> 2
> > > E1 - OSPF external type 1, E2 - OSPF external type
> 2, E - EGP
> > > i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
> ia - IS-IS
> > > inter area
> > > * - candidate default, U - per-user static route, o - ODR
> > > P - periodic downloaded static route
> > >
> > > Gateway of last resort is not set
> > >
> > > S 16.0.0.0/8 [1/0] via 26.0.0.6
> > > 1.0.0.0/32 is subnetted, 1 subnets
> > > B 1.1.1.1 [20/0] via 16.0.0.1, 00:06:55
> > > 2.0.0.0/32 is subnetted, 1 subnets
> > > C 2.2.2.2 is directly connected, Loopback0
> > > C 26.0.0.0/8 is directly connected, FastEthernet0/6
> > >
> > >
> > > As you can see from the above output, as long as one side has a
> > > longer match than 0, BGP adjacency can be established.
> > >
> > > HTH,
> > >
> > > Brian McGahan, CCIE #8593
> > > Director of Design and Implementation
> > > brian@cyscoexpert.com
> > >
> > > CyscoExpert Corporation
> > > Internetwork Consulting & Training
> > > Toll Free: 866.CyscoXP
> > > Fax: 847.674.2625
> > >
> > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf
> > > Of
> > > > Scott Morris
> > > > Sent: Friday, July 04, 2003 8:57 AM
> > > > To: 'Donny MATEO'; 'Volkov, Dmitry (IDS Canada)'
> > > > Cc: ccielab@groupstudy.com; nobody@groupstudy.com
> > > > Subject: RE: BGP peer establishment
> > > >
> > > > There must be a non-default route to reach the other side. So
> > > anything
> > > > other than a 0/0 route will work.
> > > >
> > > > Scott
> > > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf
> > > Of
> > > > Donny MATEO
> > > > Sent: Friday, July 04, 2003 1:58 AM
> > > > To: Volkov, Dmitry (IDS Canada)
> > > > Cc: 'ccielab@groupstudy.com'; nobody@groupstudy.com
> > > > Subject: Re: BGP peer establishment
> > > >
> > > >
> > > > If I remember correctly there was an old thread discussing this.
> The
> > > > conclusion is something like BGP need specific route to
> establish
> > > > peering. Not sure if there is anymore information as to why
> > > and so on.
> > > >
> > > > Donny
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > "Volkov, Dmitry
> > > >
> > > > (IDS Canada)" To:
> > > > "'ccielab@groupstudy.com'" <ccielab@groupstudy.com>
> > > >
> > > > <dmitry_volkov@ca cc:
> > > >
> > > > .ml.com> Subject:
> BGP peer
> > > > establishment
> > > > Sent by:
> > > >
> > > > nobody@groupstudy
> > > >
> > > > .com
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > 07/04/2003 06:22
> > > >
> > > > AM
> > > >
> > > > Please respond to
> > > >
> > > > "Volkov, Dmitry
> > > >
> > > > (IDS Canada)"
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > R5(172.50.50.5)---------(.1)pix(.10)--------(172.50.10.1)R1
> > > >
> > > > R5 can ping R1; R5 uses default route to reach R1. R5 can not
> > > establish
> > > > BGP peering with R1 until I put static route - more
> specific than
> > > > 0.0.0.0 0.0.0.0 - WHY ?
> > > >
> > > > r5#sh ip bgp sum
> > > > BGP router identifier 60.5.5.5, local AS number 55
> > > > BGP table version is 1, main routing table version 1
> > > >
> > > > Neighbor V AS MsgRcvd MsgSent TblVer InQ
> OutQ Up/Down
> > > > State/PfxRcd
> > > > 172.50.10.1 4 65 0 0 0 0 0 never
> > > > Active
> > > >
> > > > r5#sh ip ro
> > > > <snip>
> > > > R* 0.0.0.0/0 [120/1] via 172.50.50.1, 00:00:06,
> FastEthernet0/0
> > > >
> > > > r5#conf t
> > > > Enter configuration commands, one per line. End with CNTL/Z.
> > > > r5(config)#ip route 172.50.10.1 255.255.255.255 172.50.50.1
> > > >
> > > > 00:55:02: %BGP-5-ADJCHANGE: neighbor 172.50.10.1 Up bgp ev
> > > >
> > > > r5#sh ip bgp sum
> > > > BGP router identifier 60.5.5.5, local AS number 55
> > > > BGP table version is 1, main routing table version 1
> > > >
> > > > Neighbor V AS MsgRcvd MsgSent TblVer InQ
> OutQ Up/Down
> > > > State/PfxRcd
> > > > 172.50.10.1 4 65 5 5 1 0 0
> 00:02:01
> > > > 0
> > > > r5# sh ip ro
> > > > <snip>
> > > >
> > > > S 172.50.10.1/32 [1/0] via 172.50.50.1
> > > > R* 0.0.0.0/0 [120/1] via 172.50.50.1, 00:00:13,
> FastEthernet0/0
> > > >
> > > > r5#
> > > > router bgp 55
> > > > bgp log-neighbor-changes
> > > > neighbor 172.50.10.1 remote-as 65
> > > > neighbor 172.50.10.1 ebgp-multihop 2
> > > > r1#
> > > > router bgp 65
> > > > bgp log-neighbor-changes
> > > > neighbor 172.50.50.5 remote-as 55
> > > > neighbor 172.50.50.5 ebgp-multihop 2
> > > >
> > > > Thank You,
> > > >
> > > > Dmitry Volkov
> > > > CCIE # 10292
> > > >
> > > >
> > > >
> > > ______________________________________________________________
> > > _________
> > > > You are subscribed to the GroupStudy.com CCIE R&S Discussion
> Group.
> > > >
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > This message is for information purposes only and its content
> > > > should not be construed as an offer, or solicitation of
> an offer,
> to
> > > buy
> > > > or sell any banking or financial instruments or services and no
> > > > representation or warranty is given in respect of its accuracy,
> > > > completeness or fairness. The material is subject to change
> without
> > > > notice. You should take your own independent tax, legal
> and other
> > > > professional advice in respect of the content of this message.
> This
> > > > message may contain confidential or legally privileged material
> and
> > > may
> > > > not be copied, redistributed or published (in whole or in part)
> > > without
> > > > our prior written consent. This email may have been intercepted,
> > > > partially destroyed, arrive late, incomplete or contain
> > > viruses and no
> > > > liability is accepted by any member of the Credit Agricole
> Indosuez
> > > > group as a result. If you are not the intended recipient of this
> > > > message, please immediately notify the sender and delete
> > > this message
> > > > from your computer.
> > > >
> > > >
> > > >
> > > ______________________________________________________________
> > > _________
> > > > You are subscribed to the GroupStudy.com CCIE R&S Discussion
> Group.
> > > >
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> > > >
> > > ______________________________________________________________
> > > _________
> > > > You are subscribed to the GroupStudy.com CCIE R&S Discussion
> Group.
> > > >
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html

• Next message: Volkov, Dmitry (IDS Canada): "Legacy DDR with ISDN callback - how to restrict server to"
• Previous message: Volkov, Dmitry (IDS Canada): "RE: BGP peer establishment"
• Maybe in reply to: Volkov, Dmitry (IDS Canada): "BGP peer establishment"
• Next in thread: Scott Morris: "RE: BGP peer establishment"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:25 GMT-3