From: Michael Snyder (msnyder@revolutioncomputer.com)
Date: Fri Feb 13 2004 - 00:01:23 GMT-3
I just got doing this in a practice lab tonight. Thought I would post a
problem from it.
The lab has loopbacks in the format of 210.x.x.x
210.1.1.1/32
210.2.2.2/32
210.4.4.4/24 (version 1 rip)
210.5.5.5/32
etc.
All my bgp neighbors use loopback peering. Example 210.1.1.1 peers to
210.2.2.2
router bgp 64513
no synchronization
bgp router-id 210.5.5.5
bgp log-neighbor-changes
bgp confederation identifier 200
bgp confederation peers 64512
neighbor internal peer-group
neighbor internal remote-as 64513
neighbor internal update-source Loopback0
neighbor internal route-reflector-client
neighbor 210.2.2.2 peer-group internal
neighbor 210.4.4.4 peer-group internal
neighbor 210.6.6.6 remote-as 64512
neighbor 210.6.6.6 ebgp-multihop 4
neighbor 210.6.6.6 update-source Loopback0
neighbor 210.7.7.7 remote-as 700
neighbor 210.7.7.7 ebgp-multihop 3
neighbor 210.7.7.7 update-source Loopback0
no auto-summary
Here's the rub, one of the requirements is to advertise the loopback
networks into bgp.
I'm using igp to reach my bgp neighbors! As soon as I put the loopback
subnets into bgp, they will go down.
Why? `B 210.8.8.8 [20/0] via 210.7.7.7, 00:02:05` Because the
external AS's will place routes in the routing tables with the admin
distance of 20.
This is just a classic bgp landmine.
Solution, as soon as I saw the requirement I added the following
commands to every router.
access-list 80 permit 210.0.0.0 0.255.255.255
router bgp xxxx
distance 180 210.0.0.0 0.255.255.255 80
end
In English, any bgp routing updates coming from any loopback networks
(which is all my neighbors) set the routes that match access-list 80
(which also is my loopback networks) to the admin distance of 180 (which
is higher than my highest igp eigrp external 170 admin distance)
One note, the distance command uses wildcards, not masks. The ios help
is wrong.
Michael Snyder
Lead Network Engineer
CCNP/DP, CSS1, MCSE NT/2000
Revolution Computer Systems
(270) 443-7400
This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:49 GMT-3