It was indeed as synchronization problem. My understanding is that in order
to bring it from BGP into the routing table, it has to be able to reach the
next-hop address from IGP. What's odd is that both WAN links to the
upstream ISPs were in iBGP, so I need to read up on synchronization some
more.
For now, 'no synchronization' fixed the problem.
As I posted OT in another post (but perhaps more relevant here):
I just installed Zebra on my linux server so I can give people IOS-like
access to a BGP router. telnet://r2.artoo.net:2605 with a password of 'bgp'
and you can get a look at the world of BGP from AS18506 via UUNET AS701 and
Sprint AS1239.
The Zebra interface is very close to IOS and has nearly all the BGP-related
commands. I just wish it had traceroute and show ip route (of course, I
think I could do it with the main Zebra daemon, but I don't feel like
messing with it just now).
Zebra is a free routing daemon (bgp, ospf, rip, all with ipv6 support as
well): http://www.zebra.org/
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
Cisco resources: http://r2cisco.artoo.net/
""John Neiberger"" <[EMAIL PROTECTED]> wrote in message
sac48e13.088@fsutil01">news:sac48e13.088@fsutil01...
> [I'm resending this from my work address because the first attempt
> didn't appear to succeed.]
>
> Forgive me if I missed something but this appears to be the famous
> iBGP
> synchronization problem, which I believe can be fixed by turning off
> synchronization and set 'next-hop-self' on advertisements between your
> two internal routers.
>
> When one router takes external routes and passes them to an internal
> neighbor, it doesn't alter the next hop attribute. When the other
> internal neighbor receives the route, the next hop is not the other
> internal peer,
> but the external peer it was received from. If the second iBGP peer
> in this
> example does not have a valid IGP route to that next hop, the route
> can't
> be installed into the routing table.
>
> I only quickly looked through your post so I may be way off base here.
> Take
> it with a grain of salt. <g>
>
> HTH,
> John
> >
> > > Ok, more info (plus I have BGP to UUNET up and have the same
> problem
> the
> > > reverse direction). 206.51.253.1 is part of UUNET AS701.
> 64.6.1.1 is
> > part
> > > of Sprint AS1239:
> > >
> > > ISC-Mod-3640#sh ip bgp 206.51.253.1
> > > BGP routing table entry for 206.51.253.0/24, version 0
> > > Paths: (1 available, no best path)
> > > Not advertised to any peer
> > > 701
> > > 157.130.196.245 (metric 1) from 63.107.123.249
> (63.107.123.253)
> > > Origin IGP, localpref 100, valid, internal, not
> synchronized
> > > ISC-Mod-3640#
> > >
> > > ISC-Tur-2600-2#sh ip bgp 64.6.1.1
> > > BGP routing table entry for 64.6.0.0/20, version 0
> > > Paths: (1 available, no best path)
> > > Not advertised to any peer
> > > 1239
> > > 144.232.206.65 (metric 1) from 63.107.123.250 (63.172.195.1)
> > > Origin IGP, metric 60, localpref 100, valid, internal, not
> > > synchronized
> > >
> > >
> > > There-in lies my problem. How do I get each router to
> synchronize so
> it
> > > will allow it into the routing table?
> > >
> > > Two cool public BGP looking glass routers:
> > > route-views.oregon-ix.net
> > > route-server.cerf.net
> > >
> > > --
> > > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
> > > List email: [EMAIL PROTECTED]
> > > Homepage: http://jason.artoo.net/
> > > Cisco resources: http://r2cisco.artoo.net/
> > >
> > >
> > > ""J Roysdon"" <[EMAIL PROTECTED]> wrote in message
> > > 9a0gj6$c5a$[EMAIL PROTECTED]">news:9a0gj6$c5a$[EMAIL PROTECTED]...
> > > > It's been delayed time and again, but I've finally found the
> time to
> > push
> > > > through the docs and configuration notes needed to get our ASN
> up
> and
> > > > running with our upstream providers.
> > > >
> > > > So, this morning we began announcing ASN 18506 and our
> netblocks out
> > > > Sprintlink with no problems. I had them turn on full routes
> and
> we're
> > up
> > > > to: '11176 network entries and 11169 paths' and still
> climbing.
> > > >
> > > > Ok, so hears the setup:
> > > >
> > > > UUNET - [T1/FR] - s0/0.1 2621 s0/1 - [T1] - s0/1 3640 s1/2 -
> [T1] -
> > Sprint
> > > >
> > > > I'm still trying to get our Accounts Payable folks to get us
> our
> UUNET
> > > > account number so I haven't got any BGP communications up with
> UUNET
> > yet.
> > > > As the 2621 is maxed at 64mb RAM, I'm going to tell UUNET to
> only
> send
> > me
> > > > customer routes. Also, presently I'm filtering non-iBGP info
> from
> the
> > > 3640
> > > > to the 2621 and only allowing Sprint's own ASN through
> (eventually
> I'll
> > > have
> > > > it pass Sprint and their customers). The 2621 shows all the
> 1238
> > > netblocks
> > > > that should be getting through in the bgp table, but if I do a
> 'sh
> ip
> > > route'
> > > > they don't appear, and in fact no BGP routes show.
> > > >
> > > > Here's the pertinent current config sections:
> > > > 3640:
> > > > interface Serial0/1
> > > > description External T1 to Turlock 2621 s0/1
> > > > ip address 63.107.123.250 255.255.255.252
> > > > ip rip send version 2
> > > > ip rip receive version 2
> > > > !
> > > > interface Serial1/2
> > > > description T1 to Sprint
> > > > ip address 144.232.206.66 255.255.255.252
> > > > !
> > > > router rip
> > > > version 2
> > > > redistribute static
> > > > passive-interface Ethernet0/0
> > > > passive-interface Serial0/0
> > > > passive-interface Ethernet0/1
> > > > passive-interface Serial1/0
> > > > passive-interface Serial1/1
> > > > passive-interface Serial1/2
> > > > passive-interface Serial1/3
> > > > network 63.0.0.0
> > > > network 144.232.0.0
> > > > network 206.216.246.0
> > > > network 207.92.43.0
> > > > network 207.92.140.0
> > > > network 207.223.144.0
> > > > neighbor 63.107.123.149
> > > > no auto-summary
> > > > !
> > > > router bgp 18506
> > > > bgp router-id 63.172.195.1
> > > > bgp cluster-id 3478924129
> > > > bgp log-neighbor-changes
> > > > network 63.172.195.0 mask 255.255.255.0
> > > > network 63.172.204.0 mask 255.255.254.0
> > > > network 144.232.206.64 mask 255.255.255.252
> > > > network 206.216.246.0
> > > > network 207.92.43.0
> > > > network 207.92.140.0
> > > > network 207.223.144.0
> > > > neighbor 63.107.123.249 remote-as 18506
> > > > neighbor 63.107.123.249 description Turlock 2621 to UUNET
> > > > neighbor 63.107.123.249 password [removed]
> > > > neighbor 63.107.123.249 update-source Serial0/1
> > > > neighbor 63.107.123.249 version 4
> > > > neighbor 63.107.123.249 filter-list 98 out
> > > > neighbor 144.232.206.65 remote-as 1239
> > > > neighbor 144.232.206.65 description Sprintlink Modesto T1
> > > > neighbor 144.232.206.65 update-source Serial1/2
> > > > neighbor 144.232.206.65 version 4
> > > > neighbor 144.232.206.65 distribute-list BGP-Egress-Filter out
> > > > neighbor 144.232.206.65 filter-list 99 out
> > > > ip route 0.0.0.0 0.0.0.0 144.232.206.65
> > > > ip route 0.0.0.0 0.0.0.0 Serial1/1 254
> > > > ip route 10.0.0.0 255.0.0.0 Null0
> > > > ip route 63.172.195.0 255.255.255.0 Null0 254
> > > > ip route 63.172.195.24 255.255.255.252 63.172.195.3
> > > > ip route 63.172.195.28 255.255.255.252 Serial1/3
> > > > ip route 63.172.195.32 255.255.255.248 63.172.195.18
> > > > ip route 63.172.195.40 255.255.255.248 63.172.195.3
> > > > ip route 63.172.204.0 255.255.254.0 Null0 254
> > > > ip route 63.172.204.0 255.255.255.0 63.172.195.10
> > > > ip route 144.232.187.198 255.255.255.255 Serial1/2
> > > > ip route 165.236.160.6 255.255.255.255 Serial1/1
> > > > ip route 165.236.161.193 255.255.255.255 Serial1/1
> > > > ip route 165.236.161.208 255.255.255.255 Serial1/1
> > > > ip route 172.16.0.0 255.240.0.0 Null0
> > > > ip route 192.168.0.0 255.255.0.0 Null0
> > > > ip route 204.30.40.0 255.255.255.0 Serial1/1
> > > > ip route 206.216.246.0 255.255.255.0 Null0 254
> > > > ip route 207.92.43.0 255.255.255.0 Null0 254
> > > > ip route 207.92.43.48 255.255.255.240 Serial1/3
> > > > ip route 207.92.43.80 255.255.255.240 63.172.195.10
> > > > ip route 207.92.140.0 255.255.255.0 Null0 254
> > > > ip route 207.92.140.128 255.255.255.128 Serial1/0
> > > > ip route 207.223.144.0 255.255.255.0 63.172.195.10
> > > > ip route 207.223.144.0 255.255.255.0 Null0 254
> > > > ip as-path access-list 98 permit ^$
> > > > ip as-path access-list 98 permit ^1239$
> > > > ip as-path access-list 99 permit ^$
> > > > !
> > > > ip access-list standard BGP-Egress-Filter
> > > > remark **** Limit BGP annoucements to only NetsWork's (ASN
> 18506)
> > > netblocks
> > > > ****
> > > > remark ** Sprintlink supplied netblocks **
> > > > permit 63.172.195.0 0.0.0.255
> > > > permit 63.172.204.0 0.0.0.254
> > > > remark ** UUNET supplied netblocks ** (off until BGP with
> UUNET is
> > > > established)
> > > > remark ** Netcom (now Earthlink) supplied netblocks **
> > > > permit 207.92.43.0 0.0.0.255
> > > > permit 207.92.140.0 0.0.0.255
> > > > remark ** Netcom (ICG) supplied netblocks **
> > > > permit 207.223.144.0 0.0.0.255
> > > > remark ** Netcom (ICG) supplied netblock for Dreamscope **
> > > > permit 206.216.246.0 0.0.0.255
> > > >
> > > > 2621:
> > > >
> > > > interface Serial0/0
> > > > description FR T1 to UUNET
> > > > no ip address
> > > > encapsulation frame-relay IETF
> > > > frame-relay lmi-type ansi
> > > > !
> > > > interface Serial0/0.1 point-to-point
> > > > ip unnumbered Ethernet0/0
> > > > frame-relay interface-dlci xxx IETF
> > > > !
> > > > interface Serial0/1
> > > > description External T1 to Modesto 3640 s0/1
> > > > ip address 63.107.123.249 255.255.255.252
> > > > !
> > > > router rip
> > > > version 2
> > > > redistribute static
> > > > passive-interface Ethernet0/0
> > > > passive-interface Serial0/0
> > > > passive-interface Serial0/0.1
> > > > passive-interface Ethernet0/1
> > > > passive-interface Serial0/2
> > > > passive-interface Serial0/3
> > > > network 63.0.0.0
> > > > network 209.165.3.0
> > > > network 209.165.91.0
> > > > network 209.165.99.0
> > > > network 209.165.100.0
> > > > network 209.165.103.0
> > > > network 209.165.104.0
> > > > network 209.165.106.0
> > > > neighbor 63.107.123.250
> > > > no auto-summary
> > > > !
> > > > router bgp 18506
> > > > bgp router-id 63.107.123.253
> > > > bgp cluster-id 3517276948
> > > > bgp log-neighbor-changes
> > > > network 63.107.123.0 mask 255.255.255.0
> > > > network 209.165.99.0
> > > > neighbor 63.107.123.250 remote-as 18506
> > > > neighbor 63.107.123.250 description Modesto 3640 to Sprint
> > > > neighbor 63.107.123.250 password [removed]
> > > > neighbor 63.107.123.250 update-source Serial0/1
> > > > neighbor 63.107.123.250 version 4
> > > > neighbor 63.107.123.250 distribute-list BGP-Egress-Filter out
> > > > neighbor 63.107.123.250 route-map C3640 in
> > > > !
> > > > ip route 0.0.0.0 0.0.0.0 Serial0/0.1
> > > > ip route 10.0.0.0 255.0.0.0 Null0
> > > > ip route 63.107.123.0 255.255.255.0 Null0 254
> > > > ip route 63.107.123.0 255.255.255.224 Serial0/2
> > > > ip route 63.107.123.32 255.255.255.224 63.107.123.254
> > > > ip route 63.107.123.64 255.255.255.224 Serial0/3
> > > > ip route 63.107.123.192 255.255.255.224 63.107.123.254
> > > > ip route 172.16.0.0 255.240.0.0 Null0
> > > > ip route 192.168.0.0 255.255.0.0 Null0
> > > > ip route 209.165.3.224 255.255.255.224 209.165.99.254
> > > > ip route 209.165.91.0 255.255.255.0 209.165.99.254
> > > > ip route 209.165.100.0 255.255.255.0 209.165.99.254
> > > > ip route 209.165.103.0 255.255.255.0 209.165.99.254
> > > > ip route 209.165.104.0 255.255.255.0 209.165.99.254
> > > > ip route 209.165.106.0 255.255.255.0 209.165.99.254
> > > > ip as-path access-list 98 permit ^1239$
> > > > ip as-path access-list 98 permit ^$
> > > > ip as-path access-list 99 permit ^$
> > > > !
> > > > ip access-list standard BGP-Egress-Filter
> > > > remark **** Limit BGP annoucements to only NetsWork's (ASN
> 18506)
> > > netblocks
> > > > ****
> > > > remark ** Sprintlink supplied netblocks **
> > > > permit 63.172.195.0 0.0.0.255
> > > > permit 63.172.204.0 0.0.0.254
> > > > remark ** UUNET supplied netblocks **
> > > > permit 63.107.123.0 0.0.0.255
> > > > remark ** Netcom (now Earthlink) supplied netblocks **
> > > > permit 207.92.43.0 0.0.0.255
> > > > permit 207.92.140.0 0.0.0.255
> > > > remark ** Netcom (ICG) supplied netblocks **
> > > > permit 207.223.144.0 0.0.0.255
> > > > remark ** Netcom (ICG) supplied netblock for Dreamscope **
> > > > permit 206.216.246.0 0.0.0.255
> > > > route-map C3640 permit 10
> > > > match as-path 98
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
