Question about BGP, need help
The scenario is simple:
R1 and R2 are connected via serial, in AS 5500.
R3 is in AS 777, connected to R2 via serial.
This is R1:
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Serial0/0
ip address 10.1.12.1 255.255.255.252
serial restart-delay 0
!
router ospf 1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 10.1.12.1 0.0.0.0 area 0
!
router bgp 5500
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 5500
neighbor 2.2.2.2 update-source Loopback0
no auto-summary
!
This is R2:
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Serial0/0
ip address 10.1.12.2 255.255.255.252
serial restart-delay 0
!
interface Serial0/1
ip address 10.1.23.1 255.255.255.252
serial restart-delay 0
!
router ospf 1
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 10.1.12.2 0.0.0.0 area 0
!
router bgp 5500
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 5500
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 next-hop-self
neighbor 10.1.23.2 remote-as 777
neighbor 10.1.23.2 ebgp-multihop 2
no auto-summary
!
and R3:
interface Loopback1
ip address 200.1.1.1 255.255.255.255
!
interface Serial0/0
ip address 10.1.23.2 255.255.255.252
serial restart-delay 0
!
router bgp 777
no synchronization
bgp log-neighbor-changes
network 200.1.1.1 mask 255.255.255.255
neighbor 10.1.23.1 remote-as 5500
no auto-summary
!
R1 sees R3's advertized 200.1.1.1 255.255.255.255 loopback network,
R1#sh ip bgp
....
*>i200.1.1.1/32 2.2.2.2
and is placing it accordingly in its routing table
with next hop being R2 (2.2.2.2).
By the same token, R2 sees 200.1.1.1 and is placing it in routing table.
The scenario is simple but i still can't ping 200.1.1.1 at all from R1 (also ican't ping R1 from R3), and i just can't figure it out what the problem is/what i missed. Any suggestions are very welcome. Please help out!
p.s.
If i redistribute connected on R1 and R2, then i can ping everything, but thats just not good practice is it?
R1 and R2 are connected via serial, in AS 5500.
R3 is in AS 777, connected to R2 via serial.
This is R1:
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Serial0/0
ip address 10.1.12.1 255.255.255.252
serial restart-delay 0
!
router ospf 1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 10.1.12.1 0.0.0.0 area 0
!
router bgp 5500
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 5500
neighbor 2.2.2.2 update-source Loopback0
no auto-summary
!
This is R2:
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Serial0/0
ip address 10.1.12.2 255.255.255.252
serial restart-delay 0
!
interface Serial0/1
ip address 10.1.23.1 255.255.255.252
serial restart-delay 0
!
router ospf 1
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 10.1.12.2 0.0.0.0 area 0
!
router bgp 5500
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 5500
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 next-hop-self
neighbor 10.1.23.2 remote-as 777
neighbor 10.1.23.2 ebgp-multihop 2
no auto-summary
!
and R3:
interface Loopback1
ip address 200.1.1.1 255.255.255.255
!
interface Serial0/0
ip address 10.1.23.2 255.255.255.252
serial restart-delay 0
!
router bgp 777
no synchronization
bgp log-neighbor-changes
network 200.1.1.1 mask 255.255.255.255
neighbor 10.1.23.1 remote-as 5500
no auto-summary
!
R1 sees R3's advertized 200.1.1.1 255.255.255.255 loopback network,
R1#sh ip bgp
....
*>i200.1.1.1/32 2.2.2.2
and is placing it accordingly in its routing table
with next hop being R2 (2.2.2.2).
By the same token, R2 sees 200.1.1.1 and is placing it in routing table.
The scenario is simple but i still can't ping 200.1.1.1 at all from R1 (also ican't ping R1 from R3), and i just can't figure it out what the problem is/what i missed. Any suggestions are very welcome. Please help out!
p.s.
If i redistribute connected on R1 and R2, then i can ping everything, but thats just not good practice is it?
Comments
-
mikej412
Member Posts: 10,086 ■■■■■■■■■■
Do you have a route on R1 so that it knows how to get to the next hop address of 2.2.2.2?:mike: Cisco Certifications -- Collect the Entire Set! -
gojericho0
Member Posts: 1,059 ■■■□□□□□□□
What does R3's routing table look like? Does it have a return route back to R1, remember unless you are doing an extended ping, you source on R1 will be the WAN link -
lildeezul
Member Posts: 404
examine the routing tables, to make sure you have a path there, and the remote has a path back.NHSCA National All-American Wrestler 135lb -
acidsatyr
Member Posts: 111
Routing table of R1:
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/65] via 10.1.12.2, 00:15:21, Serial0/0
200.1.1.0/32 is subnetted, 1 subnets
B 200.1.1.1 [200/0] via 2.2.2.2, 00:00:57
10.0.0.0/30 is subnetted, 1 subnets
C 10.1.12.0 is directly connected, Serial0/0
R1 knows how to get to destination over router 2 (2.2.2.2)
Routing table of R2:
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 10.1.12.1, 00:17:10, Serial0/0
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
200.1.1.0/32 is subnetted, 1 subnets
B 200.1.1.1 [20/0] via 10.1.23.2, 00:10:58
10.0.0.0/30 is subnetted, 2 subnets
C 10.1.12.0 is directly connected, Serial0/0
C 10.1.23.0 is directly connected, Serial0/1
And R2 knows how to get to R3.
The problem is in R3:
Gateway of last resort is not set
200.1.1.0/32 is subnetted, 1 subnets
C 200.1.1.1 is directly connected, Loopback1
10.0.0.0/30 is subnetted, 1 subnets
C 10.1.23.0 is directly connected, Serial0/0
But, assuming that AS 777 is ISP and is not suppose to know about my routes/networks, and not configuring default-route, ip route 0.0.0.0 0.0.0.0 s0/0 on both R3 and R1 (after which everything does work), is there other way to do it?
Thx a lot for helping out guys!
-
kryolla
Member Posts: 785
Let me see if have this right
R1----R2
R3
OSPF Between R1 & R2
iBGP R1 & R2
eBGP R2 & R3
R3 injects 200.1.1.1
Your issues is R1 can't reach 200.1.1.1 and R1 can't reach R3 but R2 should because it is directly connected
To fix both issues R1 has a route to 200.1.1.1 via BGP but R3 does not have a route back because when you ping, the source IP address is R1 S0/0 so to fix your problem R3 needs a route to R1 s0/0 so set up a default route on R3 with a next hop of R2 s0/1 ip address or run OSPF between R2 & R3 or advertise R1 Lo0 into BGP and source your pings from that interface. Or set up NAT to translate you internal IP to the ip address of R2 s0/1. Or set up a static route
HTHStudying for CCIE and drinking Home Brew -
dtlokee
Member Posts: 2,378 ■■■■□□□□□□
I don't see where on R1 or R2 you are advertising the 10.1.12.0/30 prefix into BGP.The only easy day was yesterday! -
acidsatyr
Member Posts: 111
My dilemma is this:
There are several ways to do this, however assuming AS 777 is my ISP or let's just say a system i don't want to share my internal info with or advertise links into, then:
a) I can't advertise my loopback addresses into BGP via network statement (i.e R1's loopback as a source address, 1.1.1.1).
b) By the same token I don't want to advertise my serial links into BGP at all! AS 777 doesn't need to know about my internal links. That's why i have IGP to distribute my loopback addresses.....
c) ....but notice i don't have OSPF running between R2 and R3 (R2 uses only its S0/0 link for OSPF), again, i don't want to advertise via OSPF on my S1/0 link to R3!
I was confused since i thought BGP would take care of this itself i, that is, chain propagate itself trough neighbor relationship so i don't have to do these things myself. I though R3 should be able to see R1 via R2.
It seems to me that the only way is , default route from R3 into AS 5500, and a static route from AS5500 to R3, which will I then redistributed into OSPF (?)
So, although you all gave valid answers, what would be the best way in your opinion to let R3 reach R1 considering i don't want to advertise information from AS5500 into AS777 ??
Hopefully that will explain it,
Thank You -
EdTheLad
Member Posts: 2,111 ■■■■□□□□□□
When you initiate a ping from R1, by default R1 will use the out going interface ip address as its source, since you dont want to advertise your internal links in BGP of course the ping will not be successful.Why dont you advertise the loopback 1.1.1.1 into bgp, r3 will now have a route to 1.1.1.1, issue an extended ping from R1 with src ip address 1.1.1.1 thats it.If you want to telnet or ftp use the loopback as the source interface. Example " ip ftp source-interface lo0"Networking, sometimes i love it, mostly i hate it.Its all about the $$$$ -
dtlokee
Member Posts: 2,378 ■■■■□□□□□□
If you don't want to advertise your routes to the provider then the only way for you to make it work is NAT. Your provider IS NOT going to install a default route to you. Why don't you want to advertise your networks? What type of connection is this? Why are you peering with BGP at all if you don't want to share your routes?
Maybe I have missed something, but this is an unrealistic scenario.The only easy day was yesterday! -
acidsatyr
Member Posts: 111
Yes, it is unrealistic scenario for many reasons I just wanted to see what option I have if I want to make this run. NAT seems to be the best way given the constraints.
Thank you al for help, much appreciated.