Thanks everybody, I do have the allowas-in command configured on the routers
residing in AS 100 on both sides, from what the show ip bgp neighbor x.x.x.x
advertised-routes is telling me though, the eBGP peer that resides in AS 200
is not even trying to send the route from the other side of my discontiguous
AS 100. It will send any routes that originate in AS 200, but not from the
other AS 100.
As a quick snapshot, it is setup as such:
R4 <> R2 <> R1 <> R3 <> R5
With R4 and R5 being in AS 100 and R1, R2 and R3 fully meshed iBGP peers in
AS 200.
The 4.0.0.0 is being originated from R4 and 5.0.0.0 is being originated from
R5, both routes make it to all routers in AS 200 but neither makes it to the
far side AS 100 router.
From R2:
R2(config)#*do sho ip bgp*
BGP table version is 4, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 4.0.0.0 10.1.24.4 0 0 100 i
* i5.0.0.0 10.1.35.5 0 100 0 100 i
R2(config)#*do sho ip bgp neigh 10.1.24.4 advertised-routes*
Total number of prefixes 0
R2(config)#*do sh run | s bgp 200*
router bgp 200
no synchronization
bgp log-neighbor-changes
neighbor 10.1.24.4 remote-as 100
neighbor 10.1.123.1 remote-as 200
neighbor 10.1.123.3 remote-as 200
no auto-summary
R2(config)#
R4#*sh run | s bgp 100*
router bgp 100
no synchronization
bgp log-neighbor-changes
network 4.0.0.0
neighbor 10.1.24.2 remote-as 200
neighbor 10.1.24.2 allowas-in
no auto-summary
And on R4, you can see it never received any prefixes:
R4#*show ip bgp neighbors 10.1.24.2 | in Prefixes|Sent*
Sent Rcvd
Sent Rcvd
Prefixes Current: 1 0
Prefixes Total: 1 0
There is no filtering going on throughout the topology, the only
non-standard thing is the discontiguous AS.
On Tue, Oct 20, 2009 at 8:24 AM, Victor Cappuccio <vcappuccio_at_gmail.com>wrote:
> Hi,
>
> Like Andrew said you can use allowas-in to prevent this from happening:
> to prevent this happening: *Mar 1 00:05:34.851: BGP(0): 10.1.12.2 rcv
> UPDATE about 3.3.3.3/32 -- DENIED due to: AS-PATH contains our own AS;
> the thing here is that the other routers will have back the route from the
> next hop AS, now if allowed to use VRF to solve this issue, using the
> as-overrride feature
> http://anetworkerblog.com/2008/05/11/neighbor-ce-as-override/
> making Narbik Happy by using a 007 stuff here :-)
>
>
> R2(config-router)#do show run | b router bgp
> router bgp 200
> bgp log-neighbor-changes
> !
> address-family ipv4
> no auto-summary
> no synchronization
> exit-address-family
> !
> address-family ipv4 vrf X
> neighbor 10.1.12.1 remote-as 100
> neighbor 10.1.12.1 activate
> neighbor 10.1.12.1 as-override
> neighbor 10.1.23.3 remote-as 100
> neighbor 10.1.23.3 activate
> neighbor 10.1.23.3 as-override
> no synchronization
> exit-address-family
> !
> R2(config-router)#do show ip bgp vpnv4 all
> BGP table version is 7, local router ID is 10.1.23.2
> Status codes: s suppressed, d damped, h history, * valid, > best, i -
> internal,
> r RIB-failure, S Stale
> Origin codes: i - IGP, e - EGP, ? - incomplete
> Network Next Hop Metric LocPrf Weight Path
> Route Distinguisher: 1:1 (default for vrf X)
> *> 1.1.1.1/32 10.1.12.1 0 0 100 i
> *> 3.3.3.3/32 10.1.23.3 0 0 100 i
> R2(config-router)#do show ip bgp vpnv4 all neigh 10.1.23.3 ad
> BGP table version is 7, local router ID is 10.1.23.2
> Status codes: s suppressed, d damped, h history, * valid, > best, i -
> internal,
> r RIB-failure, S Stale
> Origin codes: i - IGP, e - EGP, ? - incomplete
> Network Next Hop Metric LocPrf Weight Path
> Route Distinguisher: 1:1 (default for vrf X)
> *> 1.1.1.1/32 10.1.12.1 0 0 100 i
> Total number of prefixes 1
> R2(config-router)#do show ip bgp vpnv4 all neigh 10.1.12.1 ad
> BGP table version is 7, local router ID is 10.1.23.2
> Status codes: s suppressed, d damped, h history, * valid, > best, i -
> internal,
> r RIB-failure, S Stale
> Origin codes: i - IGP, e - EGP, ? - incomplete
> Network Next Hop Metric LocPrf Weight Path
> Route Distinguisher: 1:1 (default for vrf X)
> *> 3.3.3.3/32 10.1.23.3 0 0 100 i
> Total number of prefixes 1
> and
> R3#show ip bgp
> BGP table version is 5, local router ID is 10.1.12.1
> Status codes: s suppressed, d damped, h history, * valid, > best, i -
> internal,
> r RIB-failure, S Stale
> Origin codes: i - IGP, e - EGP, ? - incomplete
> Network Next Hop Metric LocPrf Weight Path
> *> 1.1.1.1/32 10.1.23.2 0 200 200 i
> *> 3.3.3.3/32 0.0.0.0 0 32768 i
>
> Just my 2 cents!
> Victor.-
>
>
>
>
> On Tue, Oct 20, 2009 at 6:35 AM, ALL From_NJ <all.from.nj_at_gmail.com>wrote:
>
>> I would re-check your setup.
>>
>> You are right, the allow-as will simply allow in the local AS x number of
>> times in the path. This is done on the receiving end.
>>
>> If you changed your set up some, and one side has the AS 101, is the
>> problem
>> present? I might suggest to try this and make sure all BGP is cool first.
>>
>> Also, you can prepend an AS on advertisement, so you can leave the one
>> side
>> with AS 101 as is and simply send out a route with AS 100 in the path.
>> The
>> AS 100 router should not accept it. This is another way to test the
>> allowed-as command.
>>
>> Create a new loopback on AS 101 and prepend AS 100 in it.
>>
>> HTH,
>>
>> Andrew Lee Lissitz
>>
>>
>>
>>
>>
>> On Mon, Oct 19, 2009 at 11:12 PM, Nate Lee <natetlee_at_gmail.com> wrote:
>>
>> > I have a scenario labbed up where I have an discontiguous BGP AS split
>> by
>> > another AS, something like this: (AS100) <> (AS 200) <> (AS 100).
>> >
>> > I am trying to get the prefixes on the AS 100 routers to show up in each
>> > others BGP tables. I have implemented the neighbor x.x.x.x allowas-in
>> > command on the AS 100 routers on their neighbor statements facing the AS
>> > 200
>> > routers but it does not seem to work. When I do a SHOW IP BGP NEIGH
>> > x.x.x.x
>> > ADVERTISED-ROUTES on the AS 200 routers, I see that the AS 200 router
>> will
>> > not send the route that originated in the far side AS 100.
>> >
>> > Is there some sort of configuration needed on the AS 200 routers to
>> allow
>> > them to send a route with an AS PATH that contains the AS they are
>> sending
>> > into? I was under the impression that they do not perform an outgoing
>> AS
>> > PATH check.
>> >
>> > Thanks!
>> >
>> > Nate
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>>
>>
>> --
>> Andrew Lee Lissitz
>> all.from.nj_at_gmail.com
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Victor Cappuccio
> CCIE R/S# 20657
> CCSI# 30452
> www.anetworkerblog.com
> www.linkedin.com/in/vcappuccio
Blogs and organic groups at http://www.ccie.net
Received on Tue Oct 20 2009 - 20:06:50 ART
This archive was generated by hypermail 2.2.0 : Sun Nov 01 2009 - 07:51:00 ART