BGP Next-Hop Processing - Next-Hop-Self
R1<---(iBGP)---->R2<----(eBGP)----->R3
- R2 learns a new prefix from R3 which becomes the next-hop for this prefix
- When R2 advertise this prefix to R1, the next-hop value for R1 is still R3 address
- R1 will drop packets sent to the prefix cause next-hop (R3) is unreachable for R1
- The solution would be if R1 has R2 as next-hop to reach this new prefix
- next-hop-self statement will change this in the router which receives the eBGP prefix (R2)
network 150.1.7.7 mask 255.255.255.255
neighbor 155.1.146.1 remote-as 100
neighbor 155.1.146.1 next-hop-self
neighbor 155.1.79.9 remote-as 54BGP Next-Hop Processing - Manual Modification
Two possible scenarios where the next-hop can be fixed. On R1(RR) or in R7 (RR client)
R1:
route-map SET_NEXT_HOP_FROM_R8 permit 10
set ip next-hop 155.1.58.8
!
router bgp 100
network 150.1.1.1 mask 255.255.255.255
neighbor 155.1.58.8 remote-as 100
neighbor 155.1.58.8 route-map SET_NEXT_HOP_FROM_R8 in
neighbor 155.1.67.7 remote-as 100
neighbor 155.1.58.8 route-reflector-client
neighbor 155.1.67.7 route-reflector-client
R7:
route-map SET_NEXT_HOP_TO_R1 permit 10
set ip next-hop 155.1.67.7
!
router bgp 100
network 150.1.7.7 mask 255.255.255.255
neighbor 155.1.146.1 remote-as 100
neighbor 155.1.146.1 route-map SET_NEXT_HOP_TO_R1 out
neighbor 155.1.79.9 remote-as 54
iBGP Synchronization
If your AS passes traffic from another AS to a third AS, BGP should not advertise a route before all the routers in your AS have learned about the route via IGP. BGP waits until IGP has propagated the route within the AS. Then, BGP advertises the route to external peers.
Route map filtering should always be used when redistribute BGP into IGP to avoid CPU and memory exhaustion like the example
R8:
ip as-path access-list 1 permit ^54_
!
route-map BGP_TO_IGP permit 10
match as-path 1
!
router eigrp 100
redistribute bgp 100 metric 100000 1000 255 1 1500 route-map BGP_TO_IGP
network 150.1.8.8 0.0.0.0
!
router bgp 100
synchronizationBGP Redistribute Internal
Redistribute iBGP into IGP is disabled by default cause potential loops like the example
- R3 and R4 know that the next-hop to 1.1.1.1 is through R2 (iBGP advertise)
- R3 will always reach R2 through R4 cause its lowest IGP metric (20)
- If R3 distributes 1.1.1.1 into OSPF, R2 will have a new route to reach 1.1.1.1 with R3 as next-hop, this route will be prefered over the iBGP learned route cause a better AD (110 vs 200)
- When R3 try to go 1.1.1.1 through R2, R2 will try to go through R3 and the loop will begin
- To enable iBGP redistribution into IGP use the statement bgp redistribute-internal under the router bgp process
BGP Peer Groups
R1:
router bgp 100
neighbor IBGP_PEERS peer-group
neighbor IBGP_PEERS remote-as 100
neighbor IBGP_PEERS update-source Loopback0
neighbor IBGP_PEERS route-reflector-client
neighbor 150.1.2.2 peer-group IBGP_PEERS
neighbor 150.1.3.3 peer-group IBGP_PEERS
network 150.1.1.1 mask 255.255.255.255
R2:
router bgp 100
neighbor 150.1.1.1 remote-as 100
neighbor 150.1.1.1 update-source Loopback0
network 150.1.2.2 mask 255.255.255.255
R3:
router bgp 100
neighbor 150.1.1.1 remote-as 100
neighbor 150.1.1.1 update-source Loopback0
network 150.1.3.3 mask 255.255.255.255
BGP Network Statement
Another way to deal with external next-hop besides next-hop-self is to propagate the external link subnet to all the iBGP peers so they will install it in their RIBs and do a recursive look up till they find the next hop
R7:
router bgp 100
no neighbor 150.1.1.1 next-hop-self
network 155.1.79.0 mask 255.255.255.0
BGP Auto-Summary
Works with the network statement (classfull network subnet in the IGP table must exist) and when we do redistributionR7:
route-map CONNECTED_TO_BGP
match interface Loopback0
match interface GigabitEthernet1.79
!
router bgp 100
no network 150.1.7.7 mask 255.255.255.255
no network 155.1.79.0 mask 255.255.255.0
auto-summary
redistribute connected route-map CONNECTED_TO_BGP
R8:
router bgp 100
no network 150.1.8.8 mask 255.255.255.255
no network 155.1.108.0 mask 255.255.255.0
auto-summary
network 150.1.0.0
network 155.1.0.0BGP best path selection process
- Ignore invalid paths (no valid next-hop, not synchronized, looped).
- Prefer path with the highest locally assigned weight value.
- Prefer path with the highest Local Preference attribute value.
- Prefer locally originated prefixes (originated via the network, aggregate-address, or redistribution commands).
- Prefer path with the shortest AS_PATH attribute length.
- Prefer path with the lowest Origin Type (value for the Origin code), where IGP < EGP < Incomplete.
- Prefer path with the lowest MED attribute value (provided that the first AS in the list is the same).
- Prefer external BGP paths over internal BGP paths.
- Prefer path with the smallest IGP metric to reach the NEXT_HOP IP address.
- Prefer path originated from the router with the lowest BGP Router ID.
No valid next-hop. This is the most common cause for the prefix being ignored by the selection process. BGP prefixes carry their next-hop as a separate attribute (NEXT_HOP attribute). If the next-hop address is NOT reachable via IGP, the prefix is marked as invalid and is not considered. This usually happens with eBGP-learned prefixes when you forget to enter the command next-hop-self or advertise the link subnet into IGP/BGP.
BGP Synchronization enabled and the prefix is not in the IGP table. The bestpath process will ignore this prefix. This is a legacy restriction, but you may occasionally run into it.
AS_PATH Loop. Prefixes from the neighbor that has the local AS number in the AS_PATH attribute are dropped. This is the well-known BGP loop detection mechanism.
No comments:
Post a Comment