Friday, February 26, 2010

eBGP peering with Loopbacks: AD problems

Hi all,
while I'm 3 days at home ill, I've started reading the great "Routing TCP/IP Vol.II" from Cisco Press, and playing a little with bgp to refresh my knowledge on that.

During my tests I've encountered some small interesting and funny things:

eg: eBGP issues peering with Loopbacks and announcing loopback on bgp itself

The topology is really simple, I used the same of my old rip lab:








Here the .net file I used on Dynagen and the initial configs:






############## bgp.net file ###############
[10.3.3.2:7200]
udp = 10000
workingdir = /tmp
[[7200]]
image = /opt/c7200-adventerprisek9-mz.124-11.T.bin
npe = npe-400
ram = 160
[[ROUTER R1]]
console = 20001
s1/0 = R2 s1/0
[[ROUTER R2]]
console = 20002
s1/1 = R3 s1/1

[10.3.3.2:7201]
udp = 15000
workingdir = /tmp
[[7200]]
image = /opt/c7200-adventerprisek9-mz.124-11.T.bin
npe = npe-400
ram = 160
[[ROUTER R3]]
console = 20003
################## end bgp.net file ######################


!--- R1 initial config

hostname R1

no ip domain-look
line con 0
logging sync
no exec-tim

int lo 0
ip address 192.168.1.1 255.255.255.0
ip ospf 1 area 0
ip ospf network point-to-point

int ser 1/0
desc R1 - R2
ip address 10.12.12.1 255.255.255.192
no shut
ip ospf 1 area 0

router ospf 1
router-id 192.168.1.1

!--- END R1 initial config

!--- R2 initial config
hostname R2

no ip domain-look
line con 0
logging sync
no exec-tim

int lo 0
ip address 192.168.2.1 255.255.255.0
ip ospf 1 area 0
ip ospf network point-to-point

int ser 1/0
desc R1 - R2
ip address 10.12.12.2 255.255.255.192
ip ospf 1 area 0
no shut

int ser 1/1
desc R2 - R3
ip address 10.23.23.2 255.255.255.192
ip ospf 1 area 0
no shut

router ospf 1
router-id 192.168.2.1

!--- END R2 initial config

!--- R3 initial config
hostname R3

no ip domain-look
line con 0
logging sync
no exec-tim

int lo 0
ip address 192.168.3.1 255.255.255.0
ip ospf 1 area 0
ip ospf network point-to-point

int ser 1/1
desc R3 - R2
ip address 10.23.23.3 255.255.255.192
ip ospf 1 area 0
no shut

router ospf 1
router-id 192.168.3.1

!--- END R3 initial config



Well, now let's start peering eBGP between loopbacks 0 and announcing loopbacks into bgp:


!-- ON R1
router bgp 100
no auto
no sync
nei 192.168.2.1 remote 200
nei 192.168.2.1 update lo0
nei 192.168.2.1 ebgp 2
network 192.168.1.0

!-- ON R2
router bgp 200
no auto
no sync
nei 192.168.1.1 remote 100
nei 192.168.1.1 update lo0
nei 192.168.1.1 ebgp 2
nei 192.168.3.1 remote 300
nei 192.168.3.1 update lo0
nei 192.168.3.1 ebgp 2
network 192.168.2.0

!-- ON R3
router bgp 300
no auto
no sync
nei 192.168.2.1 remote 200
nei 192.168.2.1 update lo0
nei 192.168.2.1 ebgp 2
network 192.168.3.0



All seems to work fine, bgp peering slowly comes up, they're exchanging prefixes....

R2(config-router)#do sh ip bgp sum
BGP router identifier 192.168.2.1, local AS number 200
BGP table version is 4, main routing table version 4
3 network entries using 360 bytes of memory
3 path entries using 156 bytes of memory
4/3 BGP path/bestpath attribute entries using 496 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 1) using 32 bytes of memory
BGP using 1092 total bytes of memory
BGP activity 3/0 prefixes, 3/0 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.1.1 4 100 4 7 4 0 0 00:01:53 1
192.168.3.1 4 300 4 7 4 0 0 00:01:39 1

R2(config-router)#do sh ip bgp
BGP table version is 4, local router ID is 192.168.2.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 192.168.1.0 192.168.1.1 0 0 100 i
*> 192.168.2.0 0.0.0.0 0 32768 i
*> 192.168.3.0 192.168.3.1 0 0 300 i


(Scott Morris will say something like "life is pretty good" at this point :-) )

But.. wait.. network 192.168.1.0 next hop 192.168.1.1 ?? that sounds like a bad recursion!

Let me check on the routing table of R2:

R2(config-router)#do sh ip route | inc 192.168.1.0
B 192.168.1.0/24 [20/0] via 192.168.1.1, 00:02:58

R2(config-router)#do sh ip route 192.168.1.0
Routing entry for 192.168.1.0/24
Known via "bgp 200", distance 20, metric 0
Tag 100, type external
Last update from 192.168.1.1 00:00:09 ago
Routing Descriptor Blocks:
* 192.168.1.1, from 192.168.1.1, 00:00:09 ago
Route metric is 0, traffic share count is 1
AS Hops 1
Route tag 100

What's happened? R2 has learned from R1 the 192.168.1.0/24 prefix and it has installed into the rib because the eBGP administrative distance = 20. The next hop for this prefix is the eBGP peer address, the loopback0, so the routing table entry is correct, but that creates the next hop unreachable, a sort of rib l00p.
If we try, we can't ping the R1 lo0 from R2 after the eBGP prefix is installed:

R2(config-router)#do sh ip route 192.168.1.0
Routing entry for 192.168.1.0/24
Known via "bgp 200", distance 20, metric 0
Tag 100, type external
Last update from 192.168.1.1 00:00:06 ago
Routing Descriptor Blocks:
* 192.168.1.1, from 192.168.1.1, 00:00:06 ago
Route metric is 0, traffic share count is 1
AS Hops 1
Route tag 100

R2(config-router)#
R2(config-router)#do ping 192.168.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R2(config-router)#

After a little while (BGP has "slow" timers by default) we see the eBGP peers going down, then up (they removes the eBGP rib entries and becomes reachable by ospf again..), then down again...

*Feb 26 12:20:25.651: %BGP-5-ADJCHANGE: neighbor 192.168.1.1 Down BGP Notification sent
*Feb 26 12:20:25.651: %BGP-3-NOTIFICATION: sent to neighbor 192.168.1.1 4/0 (hold time expired) 0 bytes
*Feb 26 12:20:57.667: %BGP-5-ADJCHANGE: neighbor 192.168.1.1 Up


How to solve this issue?
-don't create the network statement for the loopbacks used for peering, let igp do his job
OR
-announce loopbacks under eBGP but create static routes (lower AD wins..)
OR
-peer the eBGP neighbors with the directly connected interfaces (as every manual suggest :-) )
OR
-modify the default administrative distance for eBGP routes
OR
-use BGP Backdoor for the neighbor networks

Here the example using bgp backdoor from R3 perspective:
R3(config)#do sh ip route 192.168.2.0
Routing entry for 192.168.2.0/24
Known via "bgp 300", distance 20, metric 0
Tag 200, type external
Last update from 192.168.2.1 00:00:07 ago
Routing Descriptor Blocks:
* 192.168.2.1, from 192.168.2.1, 00:00:07 ago
Route metric is 0, traffic share count is 1
AS Hops 1
Route tag 200

R3(config)#router bgp 300
R3(config-router)#network 192.168.2.0 backdoor
R3(config-router)#do sh ip route 192.168.2.0
Routing entry for 192.168.2.0/24
Known via "ospf 1", distance 110, metric 65, type intra area
Last update from 10.23.23.2 on Serial1/1, 00:00:05 ago
Routing Descriptor Blocks:
* 10.23.23.2, from 192.168.2.1, 00:00:05 ago, via Serial1/1
Route metric is 65, traffic share count is 1

R3(config-router)#do sh ip route | beg Gate
Gateway of last resort is not set

10.0.0.0/26 is subnetted, 2 subnets
C 10.23.23.0 is directly connected, Serial1/1
O 10.12.12.0 [110/128] via 10.23.23.2, 00:23:30, Serial1/1
B 192.168.1.0/24 [20/0] via 192.168.2.1, 00:18:39
O 192.168.2.0/24 [110/65] via 10.23.23.2, 00:06:35, Serial1/1
C 192.168.3.0/24 is directly connected, Loopback0
R3(config-router)#

Note that R1 loopback still learned from bgp by R3.

have phun!
Marco

No comments: