Re: BGP Flapping routes

From: John Matijevic (matijevi@bellsouth.net)
Date: Tue Aug 19 2003 - 13:03:41 GMT-3

Hello Lary and Team,
I am going to try to recap the issue to make sure I fully understand of what
the problem was all the way to the resolution:
Synopsis:
3 Routers, R1, R2 and R3.
R1 and R2 are in same AS BGP 65100, also running OSPF,
R3 is in AS BGP 65.
R2 and R3 are running EIGRP,
Networks in question is the loopback interfaces.
If we analyze the sh ip route on R1 we see that the loopback interface on
R3:
3.3.3.0 is changed from B to O, This is becuase the administrative distance
of IBGP is 200 and the administrative distance of OSPF is 110,
this was happening every 60 seconds becuase of the keepalive interval.
On R2 when we analyze the sh ip route:
We see that again it is the 3.3.3.0 network that is changing:
This time the 3.3.3.0 router is changing from B to D, This is becuase the
administrative distance of EBGP is 20 and the administrative distance of
EIGRP is 90.
Now lets take a look at R3,
We see that the network's in question are 1.1.1.0 and 2.2.2.0
if we look at sh ip route on R3:
We can see that 1.1.1.0 is learned via EBGP with a ad of 20 and that 2.2.2.0
is also learned via EBGP with distance of 20.
then 2.2.2.0 changes in that in is now learned via external Eigrp with
distance of 170, and 1.1.1.0 is not in table at all.
My analysis indicates here that R1 and R2 are learning about the same routes
via 2 different protocols BGP and OSPF,
R3 is learning about 1.1.1.0 and 2.2.2.0 via 2 different protocols BGP and
EIGRP.
When solving the issue Larry, put set the administrative idstance of EBGP
from 20 to 91 and left the default for IBP and Local, which is 200.
He did this on the border BGP routers of the 2 different as.
Becuase he set the BGP administrative distance from EGP to from 20 to 91 so
that the routes on the border ASes would be learned via IGP.
Conclusion:
What is happening is that the route to the loopback that was advertised by
BGP was advertising a loopback address as the next hop. I think that maybe,
as discussed earlier Larry, may have put next-hop-self, under the BGP
process, that put in the next hop for the IBGP when this was not necessary,
and thats what may have caused BGP to put the next-hop in the routing table
as the loopback address.
I agree with David, in that I think what happened is that the routes were
being advertised by both IGP and BGP, and the BGP process was trying to take
the BGP route becuase it had a better administrative distance, by chaing the
administrative distance on R2 and R3 to higher than EIGRP to 91 you are
making sure that the routing table knows that to get to the route it has to
take an IGP, on R2 and R3 the border routers of the ases. Very good
scenerio. I know I definately learned a lot here.
Sincerely,
Matijevic

I think this would have only needed to be done, on R2, since the ebgp route
gets a distance of 20.
----- Original Message -----
From: "Larry Cain" <l_u_cain@hotmail.com>
To: <ccielab@groupstudy.com>
Cc: <matijevi@bellsouth.net>
Sent: Tuesday, August 19, 2003 10:35 AM
Subject: Re: BGP Flapping routes

> Hi John
>
> Put the distance bgp 91 200 200 command in bgp router.
> Did this on all R2 and R3 to settle the argument over who has the best
route
> to the loopbacks.
> I have pulled down that lab but thinking about it, it might have been
better
> to neighbour to the physical interfaces and not loopbacks where routing
> knowledge is used to form the neighbour relationships.
>
> HTH Larry
>
> >From: "John Matijevic" <matijevi@bellsouth.net>
> >To: "Larry Cain" <l_u_cain@hotmail.com>,<ccielab@groupstudy.com>
> >CC: <dswink@cisco.com>
> >Subject: Re: BGP Flapping routes
> >Date: Tue, 19 Aug 2003 09:33:21 -0400
> >
> >Hello Larry,
> >Im curious as to where you made the changes, could you please post the
> >changes you made, to get it to work.
> >Sincerely,
> >Matijevic
> >----- Original Message -----
> >From: "Larry Cain" <l_u_cain@hotmail.com>
> >To: <ccielab@groupstudy.com>
> >Cc: <dswink@cisco.com>
> >Sent: Tuesday, August 19, 2003 7:26 AM
> >Subject: RE: BGP Flapping routes
> >
> >
> > > Hi Dave
> > >
> > > Thanks for your input. Changing the ADs for BGP cured the problem.
> > > Sorry about leaving bits out of the config, trying to make it short
and
> > > concise, went a bit over the top.
> > >
> > > Decided to go with AD change rather than route filtering as suggested
by
> > > MMoniz (sorry I don't know your first name), as it seems a lot easier.
> > > But which way would be the best, I suppose a question to the proctor
> >would
> > > be in order.
> > >
> > > Thank you for all your input.
> > > Back to making something just as stupid up, with the hope that it
might
> >come
> > > up.
> > >
> > > Cheers
> > >
> > > Larry
> > >
> > >
> > > >From: "Dave Swink \(dswink\)" <dswink@cisco.com>
> > > >Reply-To: <dswink@cisco.com>
> > > >To: "'Larry Cain'" <l_u_cain@hotmail.com>
> > > >CC: <ccielab@groupstudy.com>
> > > >Subject: RE: BGP Flapping routes
> > > >Date: Mon, 18 Aug 2003 17:42:03 -0500
> > > >
> > > >Larry,
> > > >
> > > >I think you have cut out some other important lines in the configs.
R2
> > > >and R3 peer in BGP because EIGRP has a route to 2.2.2.0 and 3.3.3.0
> >(you
> > > >do not show "network 3.3.3.0 0.0.0.255" under the EIGRP process in
R3,
> > > >but it must be there from the routing table behavior). EIGRP on R3
> > > >offers a route to 2.2.2.0 via 10.1.3.2 with an administrative
distance
> > > >of 90, which is good, since 10.1.3.2 is indeed the next hop. BGP uses
> > > >this routing to peer R2 and R3. Then BGP on R3 proclaims that it also
> > > >has a route to 2.2.2.0 via 2.2.2.2 with an administrative distance of
> > > >just 20, so it replaces the EIGRP route.
> > > >
> > > >Problem: R3 now has a route to 2.2.2.0 via 2.2.2.2, but it does not
> >know
> > > >a working route to 2.2.2.2, the supposed next hop anymore! So BGP
times
> > > >out, the peering breaks and the EIGRP route takes over again.
> > > >
> > > >Now that sensible routing has been restored, the BGP routers will
peer
> > > >up again and the flap-o-rama is going again.
> > > >
> > > >In real life, you would use a static route to point to the next hop
to
> > > >the BGP peer. BGP's external AD of 20 will not over rule a static
> > > >route's AD of 1. In your lab, you could just change the AD of the
BGP
> > > >routes to the loopback subnets to 91.
> > > >
> > > >Fun lab.
> > > >
> > > >Dave Swink
> > > >
> > > >
> > > >
> > > >-----Original Message-----
> > > >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> > > >Larry Cain
> > > >Sent: Monday, August 18, 2003 4:04 PM
> > > >To: ccielab@groupstudy.com
> > > >Cc: matijevi@bellsouth.net
> > > >Subject: Re: BGP Flapping routes
> > > >
> > > >
> > > >Hi John
> > > >
> > > >Already done, took it out of the configs to make them shorter -
sorry.
> > > >Also have put next-hop-self in as well to all neighbours. Restarted
all
> > > >bgp processes. Have tried this with similar topologies and different
> > > >routing protocols with
> > > >no success.
> > > >It seems to be a problem with redistributing, but WHERE???!!
> > > >
> > > >Any ideas, comments much appreciated.
> > > >
> > > >Larry
> > > >
> > > >
> > > > >From: "John Matijevic" <matijevi@bellsouth.net>
> > > > >To: "Larry Cain" <l_u_cain@hotmail.com>,<ccielab@groupstudy.com>
> > > > >Subject: Re: BGP Flapping routes
> > > > >Date: Mon, 18 Aug 2003 15:32:25 -0400
> > > > >
> > > > >Hello Larry,
> > > > >This looks like a tricky issue, lets start by adding the following
to
> > > > >your BGP configs on all routers, neighbor ip-address update-source
> >lo0
> > > > >restart your bgp process,
> > > > >and post results.
> > > > >Sincerely,
> > > > >Matijevic
> > > > >----- Original Message -----
> > > > >From: "Larry Cain" <l_u_cain@hotmail.com>
> > > > >To: <ccielab@groupstudy.com>
> > > > >Cc: <matijevi@bellsouth.net>
> > > > >Sent: Monday, August 18, 2003 2:44 PM
> > > > >Subject: Re: BGP Flapping routes
> > > > >
> > > > >
> > > > > > Hi John
> > > > > >
> > > > > > Here is info you asked for.
> > > > > > Hope it helps.
> > > > > > 2 versions of routing and bgp tables.
> > > > > > First is with the tables with all info including BGP in them.
The
> > > > > > second
> > > > >is
> > > > > > without the BGP routes.
> > > > > > You will notice that certain routes are either learnt by BGP or
> >the
> > > > > > IGP,
> > > > >or
> > > > > > disappear all together.
> > > > > > the routes will then reappear or cahnged to a learnt BGP route.
> >This
> > > >
> > > > > > happens every 60s, regular as clockwork - well as regualar as
> >Cisco
> > > > > > routers can get. The top bgp table goes with the top routing
> >table.
> > > > > >
> > > > > > Many thanks for your help
> > > > > >
> > > > > > Larry
> > > > > >
> > > > > > r1#sh ip ro
> > > > > > C 1.1.1.0 is directly connected, Loopback0
> > > > > > O 2.2.2.0 [110/65] via 10.1.2.2, 00:26:40, Serial0
> > > > > > B 3.3.3.0 [200/0] via 2.2.2.2, 00:00:13
> > > > > > O E2 10.1.3.0 [110/5] via 10.1.2.2, 00:26:40, Serial0
> > > > > > C 10.1.2.0 is directly connected, Serial0
> > > > > > C 10.1.1.0 is directly connected, Ethernet0
> > > > > > O E2 10.1.4.0 [110/5] via 10.1.2.2, 00:26:40, Serial0
> > > > > >
> > > > > > C 1.1.1.0 is directly connected, Loopback0
> > > > > > O 2.2.2.0 [110/65] via 10.1.2.2, 00:38:19, Serial0
> > > > > > O E2 3.3.3.0 [110/5] via 10.1.2.2, 00:00:52, Serial0
> > > > > > O E2 10.1.3.0 [110/5] via 10.1.2.2, 00:38:19, Serial0
> > > > > > C 10.1.2.0 is directly connected, Serial0
> > > > > > C 10.1.1.0 is directly connected, Ethernet0
> > > > > > O E2 10.1.4.0 [110/5] via 10.1.2.2, 00:38:19, Serial0
> > > > > >
> > > > > > r2#sh ip ro
> > > > > > B 1.1.1.0/24 [200/0] via 1.1.1.1, 00:12:04
> > > > > > C 2.2.2.0 is directly connected, Loopback0
> > > > > > B 3.3.3.0 [20/0] via 3.3.3.3, 00:00:05
> > > > > > C 10.1.3.0 is directly connected, Serial1
> > > > > > C 10.1.2.0 is directly connected, Serial0
> > > > > > O 10.1.1.0 [110/51] via 10.1.2.1, 00:22:32, Serial0
> > > > > > D 10.1.4.0 [90/307200] via 10.1.3.3, 00:33:33, Serial1
> > > > > >
> > > > > > B 1.1.1.0/24 [200/0] via 1.1.1.1, 00:11:16
> > > > > > C 2.2.2.0 is directly connected, Loopback0
> > > > > > D 3.3.3.0 [90/409600] via 10.1.3.3, 00:00:16, Serial1
> > > > > > C 10.1.3.0 is directly connected, Serial1
> > > > > > C 10.1.2.0 is directly connected, Serial0
> > > > > > O 10.1.1.0 [110/51] via 10.1.2.1, 00:21:43, Serial0
> > > > > > D 10.1.4.0 [90/307200] via 10.1.3.3, 00:32:45, Serial1
> > > > > >
> > > > > > R3#sh ip ro
> > > > > > B 1.1.1.0/24 [20/0] via 2.2.2.2, 00:00:26
> > > > > > B 2.2.2.0 [20/0] via 2.2.2.2, 00:00:27
> > > > > > C 3.3.3.0 is directly connected, Loopback0
> > > > > > C 10.1.3.0 is directly connected, Serial1
> > > > > > D EX 10.1.2.0 [170/2560025856] via 10.1.3.2, 00:34:57,
Serial1
> > > > > > D EX 10.1.1.0 [170/2560025856] via 10.1.3.2, 00:23:41,
Serial1
> > > > > > C 10.1.4.0 is directly connected, Ethernet0
> > > > > >
> > > > > > D EX 2.2.2.0 [170/2560025856] via 10.1.3.2, 00:00:47, Serial1
> > > > > > C 3.3.3.0 is directly connected, Loopback0
> > > > > > C 10.1.3.0 is directly connected, Serial1
> > > > > > D EX 10.1.2.0 [170/2560025856] via 10.1.3.2, 00:36:15,
Serial1
> > > > > > D EX 10.1.1.0 [170/2560025856] via 10.1.3.2, 00:25:00,
Serial1
> > > > > > C 10.1.4.0 is directly connected, Ethernet0
> > > > > >
> > > > > >
> > > > > > r1#sh ip bg
> > > > > > Network Next Hop Metric LocPrf Weight Path
> > > > > > *> 1.1.1.0/24 0.0.0.0 0 32768 i
> > > > > > *>i2.2.2.0/24 2.2.2.2 0 100 0 i
> > > > > > *>i3.3.3.0/24 2.2.2.2 0 100 0 65200 i
> > > > > >
> > > > > > Network Next Hop Metric LocPrf Weight Path
> > > > > > *> 1.1.1.0/24 0.0.0.0 0 32768 i
> > > > > > *>i2.2.2.0/24 2.2.2.2 0 100 0 i
> > > > > >
> > > > > > r2#sh ip bg
> > > > > > Network Next Hop Metric LocPrf Weight Path
> > > > > > *>i1.1.1.0/24 1.1.1.1 0 100 0 i
> > > > > > *> 2.2.2.0/24 0.0.0.0 0 32768 i
> > > > > > *> 3.3.3.0/24 3.3.3.3 0 0 65200 I
> > > > > >
> > > > > > Network Next Hop Metric LocPrf Weight Path
> > > > > > *>i1.1.1.0/24 1.1.1.1 0 100 0 i
> > > > > > *> 2.2.2.0/24 0.0.0.0 0 32768 i
> > > > > > * 3.3.3.0/24 3.3.3.3 0 0 65200
i
> > > > > >
> > > > > > r3#sh ip bg
> > > > > > Network Next Hop Metric LocPrf Weight Path
> > > > > > *> 1.1.1.0/24 2.2.2.2 0 65100 i
> > > > > > *> 2.2.2.0/24 2.2.2.2 0 0 65100 i
> > > > > > *> 3.3.3.0/24 0.0.0.0 0 32768 i
> > > > > >
> > > > > > Network Next Hop Metric LocPrf Weight Path
> > > > > > * 1.1.1.0/24 2.2.2.2 0 65100 i
> > > > > > * 2.2.2.0/24 2.2.2.2 0 0 65100 i
> > > > > > *> 3.3.3.0/24 0.0.0.0 0 32768 i
> > > > > >
> > > > > >
> > > > > > >From: "John Matijevic" <matijevi@bellsouth.net>
> > > > > > >To: "Larry Cain"
<l_u_cain@hotmail.com>,<ccielab@groupstudy.com>
> > > > > > >Subject: Re: BGP Flapping routes
> > > > > > >Date: Mon, 18 Aug 2003 12:46:09 -0400
> > > > > > >
> > > > > >
> > > > > >
> > > > > > Hello Larry,
> > > > > > Im not quite understanding what the problem is in particular the
> > > > >following:
> > > > > > The BGP routes from other AS (loopbacks) are in the table for
60s
> > > > > > with
> > > > >*>,
> > > > > > then 60s with only > on both R2 and R3.
> > > > > > R1 only sees R3 loop when R2 has *> (obviously).
> > > > > > Can you please try to rephrase what you mean here?
> > > > > > Also could you post sh ip route, and sh ip bgp, on all 3
routers?
> > > > > > Sincerely, Matijevic
> > > > > > ----- Original Message -----
> > > > > > From: "Larry Cain" <l_u_cain@hotmail.com>
> > > > > > To: <ccielab@groupstudy.com>
> > > > > > Sent: Monday, August 18, 2003 12:34 PM
> > > > > > Subject: BGP Flapping routes
> > > > > >
> > > > > >
> > > > > > >Hi Group
> > > > > > >
> > > > > > >Have got a BGP route flapping route problem.
> > > > > > >
> > > > > > >R1 and R2 talking OSPF. R2 and R3 talking eigrp. They are
> > > > >redistributing
> > > > > > >both ways.
> > > > > > >IGP routing tables are correct on R1 and R3 - seeing all
networks
> > > > > > including
> > > > > > >remote e0 networks.
> > > > > > >R1 and R2 in same AS 65100. R3 in AS 65200.
> > > > > > >Only Loopbacks put into BGP.
> > > > > > >
> > > > > > >
> > > > > > >|--e0--R1----s0----R2----s1----R3--e0--|
> > > > > > >
> > > > > > >---------OSPF--------|---------eigrp--------
> > > > > > >
> > > > > > >|------bgp65100------| |--bgp65200--|
> > > > > > >
> > > > > > >The BGP routes from other AS (loopbacks) are in the table for
60s
> > > > > > >with
> > > > >*>,
> > > > > > >then 60s with only > on both R2 and R3.
> > > > > > >R1 only sees R3 loop when R2 has *> (obviously).
> > > > > > >
> > > > > > >As I say this happens every minute.
> > > > > > >Please help!!!!
> > > > > > >
> > > > > > >Configs below:
> > > > > > >
> > > > > > >All the best
> > > > > > >
> > > > > > >Larry
> > > > > > >
> > > > > > >ROUTER R1
> > > > > > >interface Loopback0
> > > > > > >ip address 1.1.1.1 255.255.255.0
> > > > > > >!
> > > > > > >interface Ethernet0
> > > > > > >ip address 10.1.1.1 255.255.255.0
> > > > > > >!
> > > > > > >interface Serial0
> > > > > > >ip address 10.1.2.1 255.255.255.0
> > > > > > >!
> > > > > > >router ospf 1
> > > > > > >network 1.1.1.0 0.0.0.255 area 0
> > > > > > >network 10.0.0.0 255.0.0.0 area 0
> > > > > > >!
> > > > > > >router bgp 65100
> > > > > > >network 1.1.1.0 mask 255.255.255.0
> > > > > > >neighbor 2.2.2.2 remote-as 65100
> > > > > > >no auto-summary
> > > > > > >!
> > > > > > >
> > > > > > >ROUTER R2
> > > > > > >interface Loopback0
> > > > > > >ip address 2.2.2.2 255.255.255.0
> > > > > > >!
> > > > > > >interface Serial0
> > > > > > >ip address 10.1.2.2 255.255.255.0
> > > > > > >!
> > > > > > >interface Serial1
> > > > > > >ip address 10.1.3.2 255.255.255.0
> > > > > > >!
> > > > > > >router ospf 1
> > > > > > >redistribute eigrp 1 metric 5 subnets
> > > > > > >network 2.2.2.0 0.0.0.255 area 0
> > > > > > >network 10.1.2.0 0.0.0.255 area 0
> > > > > > >!
> > > > > > >router eigrp 1
> > > > > > >redistribute ospf 1 metric 1 1 1 1 1
> > > > > > >network 10.1.3.0 0.0.0.255
> > > > > > >!
> > > > > > >router bgp 65100
> > > > > > >network 2.2.2.0 mask 255.255.255.0
> > > > > > >neighbor 1.1.1.1 remote-as 65100
> > > > > > >neighbor 3.3.3.3 remote-as 65200
> > > > > > >no auto-summary
> > > > > > >!
> > > > > > >
> > > > > > >ROUTER R3
> > > > > > >interface Loopback0
> > > > > > >ip address 3.3.3.3 255.255.255.0
> > > > > > >!
> > > > > > >interface Ethernet0
> > > > > > >ip address 10.1.4.3 255.255.255.0
> > > > > > >!
> > > > > > >interface Serial1
> > > > > > >ip address 10.1.3.3 255.255.255.0
> > > > > > >!
> > > > > > >router eigrp 1
> > > > > > >redistribute ospf 1 metric 1 1 1 1 1
> > > > > > >network 10.1.3.0 0.0.0.255
> > > > > > >network 10.1.4.0 0.0.0.255
> > > > > > >no auto-summary
> > > > > > >!
> > > > > > >router bgp 65200
> > > > > > >network 3.3.3.0 mask 255.255.255.0
> > > > > > >neighbor 2.2.2.2 remote-as 65100
> > > > > > >no auto-summary
> > > > > > >!
> > > > > > >
> > > > > >
>_________________________________________________________________
> > > > > > >Use MSN Messenger to send music and pics to your friends
> > > > > > >http://www.msn.co.uk/messenger
> > > > > > >
> > > > > > >
> > > > > >
> > >___________________________________________________________________
> > > > > > >____
> > > > > > >You are subscribed to the GroupStudy.com CCIE R&S Discussion
> >Group.
> > > > > > >
> > > > > > >Subscription information may be found at:
> > > > > > >http://www.groupstudy.com/list/CCIELab.html
> > > > > >
> > > > > >
> > > > > >
> >____________________________________________________________________
> > > > > > ___
> > > > > > You are subscribed to the GroupStudy.com CCIE R&S Discussion
> >Group.
> > > > > >
> > > > > > Subscription information may be found at:
> > > > > > http://www.groupstudy.com/list/CCIELab.html
> > > > > >
> > > > > >

This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:54:03 GMT-3