peering to an hsrp vip will work , fast hellos can be used to minimise the swap delay , in all circumstances bgp will flap .
to have device redundancy to a single upstream pe would sound over spec , but to a multi node internal external peer would be ideal . A Flap is much better than total loss of service . Regards Vin On Fri, Oct 12, 2012 at 5:47 AM, Marko Milivojevic <[email protected]>wrote: > To be honest, I'm as amused as you are with this :-). I'm in a > bootcamp for the next three weeks, but I'll for sure give it a > thorough test when I'm done :-). > > I'm guessing it can be made to work, as long as HSRP-side is > "passive", i.e. not the one initiating connection. Of course, without > a state exchange between HSRP peers, when there is HSRP failover, BGP > will flap. This is probably why it's not recommended. > > -- > Marko Milivojevic - CCIE #18427 (SP R&S) > Senior CCIE Instructor - IPexpert > > On Thu, Oct 11, 2012 at 5:16 PM, Nick Bonifacio <[email protected]> > wrote: > > There has to be instability issues, right? Flapping, arps and macs > getting hosed perhaps? > > > > *Paging Dr. Marko* > > > > > > ________________________________ > > From: Tony Singh <[email protected]> > > To: Nick Bonifacio <[email protected]> > > Cc: Bob McCouch <[email protected]>; "[email protected]" < > [email protected]> > > Sent: Thursday, October 11, 2012 6:13 PM > > Subject: Re: [OSL | CCIE_RS] Hello team can we make bgp neighbor ship > HSRP virtual IP ? > > > > > > Good work Nick > > > > I'm sure Cisco know this works..? Why do they not recommend it then ... > > > > > > -- > > BR > > > > Tony > > Sent from my iPhone on 3 > > > > On 11 Oct 2012, at 23:06, Nick Bonifacio <[email protected]> wrote: > > > > > > > >> > >>R5(config-router)#do sh ip b > >>*Oct 11 22:09:20.495: %BGP-5-ADJCHANGE: neighbor 10.0.46.1 Down User > reset > >>*Oct 11 22:09:20.907: %BGP-5-ADJCHANGE: neighbor 10.0.46.1 Up gp > >>BGP table version is 16, local router ID is 10.0.46.55 > >>Status codes: s suppressed, d damped, h history, * valid, > best, i - > internal, > >> r RIB-failure, S Stale > >>Origin codes: i - IGP, e - EGP, ? - incomplete > >> > >> > >> Network Next Hop Metric LocPrf Weight Path > >>*>i192.46.1.0 10.0.46.1 1234 100 10000 i > >>*>i192.46.2.0 10.0.46.1 1234 100 10000 i > >>*>i192.46.3.0 10.0.46.1 1234 100 10000 i > >>*>i192.46.4.0 10.0.46.1 1234 100 10000 i > >>*>i192.46.5.0 10.0.46.1 1234 100 10000 i > >>*>i192.46.6.0 10.0.46.1 1234 100 10000 i > >>*>i192.46.7.0 10.0.46.1 1234 100 10000 i > >>*>i192.46.8.0 10.0.46.1 1234 100 10000 i > >>*>i192.46.9.0 10.0.46.1 1234 100 10000 i > >>*>i192.46.10.0 10.0.46.1 1234 100 10000 i > >>*>i192.46.11.0 10.0.46.1 1234 100 10000 i > >>*>i192.46.12.0 10.0.46.1 1234 100 10000 i > >>*>i192.46.13.0 10.0.46.1 1234 100 10000 i > >>*>i192.46.14.0 10.0.46.1 1234 100 10000 i > >>*>i192.46.15.0 10.0.46.1 1234 100 10000 i > >>R5(config-router)# > >> > >> > >>i need a fast way to copy and paste prefixes in :) > >> > >> > >>I did manipulate weight, MED... > >> > >>________________________________ > >> From: Tony Singh <[email protected]> > >>To: Nick Bonifacio <[email protected]> > >>Cc: Bob McCouch <[email protected]>; "[email protected]" < > [email protected]> > >>Sent: Thursday, October 11, 2012 5:54 PM > >>Subject: Re: [OSL | CCIE_RS] Hello team can we make bgp neighbor ship > HSRP virtual IP ? > >> > >>Take it further see how many prefixes it can handle, check metrics work > weight local pref med... > >> > >>-- > >>BR > >> > >>Tony > >> > >>Sent from my iPad > >> > >>On 11 Oct 2012, at 22:34, Nick Bonifacio <[email protected]> wrote: > >> > >>> I can't believe it, working on real hardware as well: > >>> > >>> interface FastEthernet0/0 > >>> ip address 10.0.46.6 255.255.255.0 > >>> duplex auto > >>> speed auto > >>> standby 0 ip 10.0.46.1 > >>> > >>> > >>> router bgp 456 > >>> no synchronization > >>> bgp log-neighbor-changes > >>> neighbor 10.0.46.55 remote-as 456 > >>> no auto-summary > >>> > >>> > >>> ------------------------------------------------------------------ > >>> > >>> > >>> interface FastEthernet0/0 > >>> ip address 10.0.46.55 255.255.255.0 > >>> duplex > > auto > >>> speed auto > >>> > >>> > >>> router bgp 456 > >>> no synchronization > >>> bgp log-neighbor-changes > >>> neighbor 10.0.46.1 remote-as 456 > >>> no auto-summary > >>> > >>> > >>> R5(config-router)#do sh ip bgp sum > >>> BGP router identifier 10.0.46.55, local AS number 456 > >>> BGP table version is 1, main routing table version 1 > >>> > >>> Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ > Up/Down State/PfxRcd > >>> 10.0.46.1 4 456 5 5 1 0 > 0 00:03:18 0 > >>> > >>> > >>> R5(config-router)#do sh tcp brief > >>> TCB Local Address > > Foreign Address (state) > >>> 66A1041C 10.0.46.55.39341 10.0.46.1.179 > ESTAB > >>> > >>> > >>> System image file is "flash:c1841-adventerprisek9-mz.124-24.T7.bin" > >>> > >>> > >>> > >>> ________________________________ > >>> From: Nick Bonifacio <[email protected]> > >>> To: Bob McCouch <[email protected]> > >>> Cc: "[email protected]" <[email protected]> > >>> Sent: Thursday, October 11, 2012 8:51 AM > >>> Subject: Re: [OSL | CCIE_RS] Hello team can we make bgp neighbor ship > HSRP virtual IP ? > >>> > >>> Just what I need, another OCD day. Oh well, I'll be home in about 8 > hours and will have access to real hardware. I will let everyone know what > happens. > >>> > >>> Nick > >>> > >>> Sent from my iPhone > >>> > >>> On Oct 11, 2012, at 8:43 AM, Bob McCouch <[email protected]> wrote: > >>> > >>>> Interesting. I was also pretty sure that didn't work. At best it would > >>>> only do a passive open (respond to a TCP syn) no originate the > >>>> session. > >>>> > >>>> Bob > >>>> -- > >>>> Sent from my iPhone, please excuse any typos. > >>>> > >>>> On Oct 11, 2012, at 8:25 AM, > > Nick Bonifacio <[email protected]> wrote: > >>>> > >>>>> //Disclaimer: I am using GNS3 for this example. > >>>>> > >>>>> This is the way I understand it, anyone else feel free to chime in: > >>>>> > >>>>> Think update source. > >>>>> > >>>>> router bgp 4 > >>>>> neighbor 10.0.4.5 remote-as 5 > >>>>> neighbor 10.0.4.5 update-source FastEthernet0/0 > >>>>> > >>>>> > >>>>> interface FastEthernet0/0 > >>>>> ip address 10.0.4.4 255.255.255.0 > >>>>> duplex auto > >>>>> speed auto > >>>>> standby 0 ip 10.0.4.254 > >>>>> > >>>>> how can I create a neighborship by sourcing the standby 0 IP? I > can't. > >>>>> > >>>>> Let's look at router 5 on the other side > >>>>> > >>>>> interface > > FastEthernet0/0 > >>>>> ip address 10.0.4.5 255.255.255.0 > >>>>> duplex auto > >>>>> speed auto > >>>>> > >>>>> router bgp 5 > >>>>> no synchronization > >>>>> bgp log-neighbor-changes > >>>>> neighbor 10.0.1.1 remote-as 1 > >>>>> neighbor 10.0.4.254 remote-as 4 > >>>>> no auto-summary > >>>>> > >>>>> > >>>>> Let's debug BGP on R4 > >>>>> > >>>>> R4(config-router)#no > >>>>> *Mar 1 00:31:36.267: BGP: 10.0.4.5 passive open to 10.0.4.254 > >>>>> *Mar 1 00:31:36.271: BGP: 10.0.4.5 passive open failed - 10.0.4.254 > is not update-source FastEthernet0/0's address (10.0.4.4) > >>>>> *Mar 1 00:31:36.271: BGP: 10.0.4.5 remote connection attempt > failed, local address 10.0.4.254 > >>>>> R4(config-router)#no > >>>>> *Mar 1 00:31:38.255: BGP: 10.0.4.5 open active, local address > > 10.0.4.4 > >>>>> *Mar 1 00:31:38.311: BGP: 10.0.4.5 open failed: Connection refused > by remote host, open active delayed 26388ms (35000ms max, 28% jitter) > >>>>> R4(config-router)#no > >>>>> > >>>>> ok it is complaining about 10.0.4.254 not being fa0/0's address. > Fine, I will remove update source fa0/0 > >>>>> > >>>>> > >>>>> > >>>>> router bgp 4 > >>>>> no synchronization > >>>>> bgp log-neighbor-changes > >>>>> neighbor 10.0.4.2 remote-as 2 > >>>>> neighbor 10.0.4.3 remote-as 3 > >>>>> neighbor 10.0.4.5 remote-as 5 > >>>>> neighbor 10.0.4.5 update-source FastEthernet0/0 > >>>>> maximum-paths 3 > >>>>> no auto-summary > >>>>> > >>>>> no neighbor 10.0.4.5 update-source FastEthernet0/0 > >>>>> > >>>>> BGP: 10.0.4.5 rcvd OPEN w/ remote AS 5 > >>>>> *Mar 1 > > 00:33:09.427: BGP: 10.0.4.5 went from OpenSent to OpenConfirm > >>>>> *Mar 1 00:33:09.427: BGP: 10.0.4.5 send message type 1, length > (incl. header) 45 > >>>>> *Mar 1 00:33:09.475: BGP: 10.0.4.5 went from OpenConfirm to > Established > >>>>> *Mar 1 00:33:09.475: %BGP-5-ADJCHANGE: neighbor 10.0.4.5 Up > >>>>> > >>>>> uh oh, it is working! Interesting.. I am in GNS3 but will lab it up > at home on real hardware once I get there. This is not the behavior I > expected. > >>>>> > >>>>> R5#sh ip bgp sum > >>>>> [...] > >>>>> Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down > State/PfxRcd > >>>>> 10.0.1.1 4 1 40 40 2 0 0 00:36:01 > > 1 > >>>>> 10.0.4.254 4 4 16 22 2 0 0 00:02:47 > 1 > >>>>> > >>>>> > >>>>> I also tested it with iBGP and the same behavior occured. I also > failed over the HSRP address and made another node active as 10.0.4.254 and > the adjacency did come back up on that router! > >>>>> > >>>>> I will try this out on real hardware once I get home and then report > back. We had tried this in production 2 months ago using ASR1000s and > could not get it working. > >>>>> > >>>>> Nick > >>>>> > >>>>> > >>>>> ________________________________ > >>>>> From: Samir Idris <[email protected]> > >>>>> To: Nick Bonifacio <[email protected]> > >>>>> Cc: Taqdir Singh <[email protected]>; " > [email protected]" <[email protected]> > >>>>> Sent: Thursday, October 11, 2012 7:50 AM > >>>>> Subject: Re: [OSL | CCIE_RS] Hello team can we make bgp neighbor > ship HSRP virtual IP ? > >>>>> > >>>>> > >>>>> Nick, > >>>>> > >>>>> Why cant we source from a virtual IP? Can you shed some light on > the logic? > >>>>> > >>>>> Regards, > >>>>> Samir. > >>>>> > >>>>> On Thursday, October 11, 2012, Nick > > Bonifacio <[email protected]> wrote: > >>>>>> Hi Taqdir, > >>>>>> > >>>>>> You have to source from a physical interface and cannot source from > a vIP. Here is a link to "best practice" using HSRP and multihomed BGP > environments: > >>>>>> > >>>>>> > http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080093f2c.shtml > >>>>>> > >>>>>> > >>>>>> Thanks! > >>>>>> Nick > >>>>>> > >>>>>> ________________________________ > >>>>>> From: Taqdir Singh <[email protected]> > >>>>>> To: [email protected] > >>>>>> Sent: Thursday, October 11, 2012 3:16 AM > >>>>>> Subject: [OSL | CCIE_RS] Hello team can we make bgp neighbor ship > HSRP virtual IP ? > >>>>>> > >>>>>> Hello team can we make bgp neighborship with HSRP virtual IP ? > >>>>>> _______________________________________________ > >>>>>> For more information regarding industry leading CCIE Lab training, > please visit http://www.ipexpert.com/ > >>>>>> > >>>>>> Are you a CCNP or CCIE and looking for a job? Check out > http://www.platinumplacement.com/ > >>>>>> > >>>>>> http://onlinestudylist.com/mailman/listinfo/ccie_rs > >>>>>> _______________________________________________ > >>>>>> For more information regarding industry leading CCIE Lab training, > please visit http://www.ipexpert.com/ > >>>>>> > >>>>>> Are you a CCNP or CCIE and looking for a job? Check out > http://www.platinumplacement.com/ > >>>>>> > >>>>>> http://onlinestudylist.com/mailman/listinfo/ccie_rs > >>>>> > >>>>> -- > >>>>> Samir Idris > >>>>> _______________________________________________ > >>>>> For more information regarding industry leading CCIE Lab training, > please visit www.ipexpert.com > >>>>> > >>>>> Are > > you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > >>>>> > >>>>> http://onlinestudylist.com/mailman/listinfo/ccie_rs > >>> _______________________________________________ > >>> For more information regarding industry leading CCIE Lab training, > please visit www.ipexpert.com > >>> > >>> Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > >>> > >>> http://onlinestudylist.com/mailman/listinfo/ccie_rs > >>> _______________________________________________ > >>> For more information regarding industry leading CCIE Lab training, > please visit www.ipexpert.com > >>> > >>> Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > >>> > >>> http://onlinestudylist.com/mailman/listinfo/ccie_rs > >> > >> > >> > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, > please visit www.ipexpert.com > > > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
