On Wed, Jul 06, 2011 at 03:51:18PM +0300, peter dunaskin wrote:
> >> >A) look at bgpd -nv output and check if the filter rules make sense.
> >> They look fine, only filter rules on core2b are affected and they look
> >> like this:
> >> match from 159.148.214.101 set { prepend-neighbor 3 }
> >> match to 159.148.214.101 set { prepend-self 3 }
> >> deny from any
> >> allow from any inet prefixlen 8 - 24
> >> deny from any prefix 10.0.0.0/8 prefixlen >= 8
> >> deny from any prefix 172.16.0.0/12 prefixlen >= 12
> >> deny from any prefix 192.168.0.0/16 prefixlen >= 16
> >> deny from any prefix 169.254.0.0/16 prefixlen >= 16
> >> deny from any prefix 192.0.2.0/24 prefixlen >= 24
> >> deny from any prefix 224.0.0.0/4 prefixlen >= 4
> >> deny from any prefix 240.0.0.0/4 prefixlen >= 4
> >>
> >>
> >> >B) use "bgpctl show rib nei latnet out" to see what prefixes you are
> >> >actually sending to the other side.
> >> This is actually weird, primary router has only our network, but
> >> secondary has all networks, but I'm not sure if it should be like that:
> >>
> >> # core2a
> >> flags: * = Valid, > = Selected, I = via IBGP, A = Announced
> >> origin: i = IGP, e = EGP, ? = Incomplete
> >>
> >> flags destination gateway lpref med aspath origin
> >> AI*> 194.143.152.0/23 0.0.0.0 100 0 i
> >>
> >> # core2b:
> >> flags: * = Valid, > = Selected, I = via IBGP, A = Announced
> >> origin: i = IGP, e = EGP, ? = Incomplete
> >>
> >> flags destination gateway lpref med aspath origin
> >> I*> 31.24.192.0/21 159.148.214.101 100 0 21178 21178
> >> 21178 2588 42480 8194 i
> >> I*> 31.170.16.0/21 159.148.214.101 100 0 21178 21178
> >> 21178 2588 42480 5518 49191 i
> >> ... [skip] ...
> >> I*> 194.143.152.0/23 159.148.214.98 100 0 21178 21178
> >> 21178 i
> >> ... [skip] ...
> >> I*> 217.198.224.0/20 159.148.214.101 100 0 21178 21178
> >> 21178 2588 42480 20910 i
> >> I*> 217.199.96.0/19 159.148.214.101 100 0 21178 21178
> >> 21178 2588 42480 20797 20797 20797 20797 i
> >>
> >I'm not surprised. You must use filter to limit the networks you announce
> >when using announce all. So at least a deny to any and an allow to any
> >prefix 194.143.152.0/23 rule is needed.
>
> Thanks Claudio, I've added these filters to my rules, now both my
> routers announce only my network to the upstream:
>
> # core2a:
> flags: * = Valid, > = Selected, I = via IBGP, A = Announced
> origin: i = IGP, e = EGP, ? = Incomplete
>
> flags destination gateway lpref med aspath origin
> AI*> 194.143.152.0/23 0.0.0.0 100 0 i
>
> # core2b:
> flags: * = Valid, > = Selected, I = via IBGP, A = Announced
> origin: i = IGP, e = EGP, ? = Incomplete
>
> flags destination gateway lpref med aspath origin
> I*> 194.143.152.0/23 159.148.214.98 100 0 21178 21178 21178 i
>
>
> Now, to test everything again, I removed any prepend-self and
> prepend-neighbor settings on secondary router and added them to primary
> router. After doing that and reloading BGPD, everything seems to be
> fine:
>
> # core2a:
> flags: * = Valid, > = Selected, I = via IBGP, A = Announced
> origin: i = IGP, e = EGP, ? = Incomplete
>
> flags destination gateway lpref med aspath origin
> AI*> 194.143.152.0/23 0.0.0.0 100 0 21178 i
>
> # core2b:
> flags: * = Valid, > = Selected, I = via IBGP, A = Announced
> origin: i = IGP, e = EGP, ? = Incomplete
>
> flags destination gateway lpref med aspath origin
> I*> 194.143.152.0/23 159.148.214.98 100 0 i
>
>
> Yet my upstream still prefers core2a as correct route to our network. I
> noticed, that only core2a networks have "announced" flag, is that right?
> Any other ideas what could be wrong?
>
If you look at the Loc-Rib aka 'bgpctl show rib 194.143.152.1 all' it will
show you that there are two networks for 194.143.152.0/23 on core2b. This
comes from the fact that core2a is announcing his network to core2b and
the route from core2a is considered better and therefor selected and
announced. The A flag is only set on local networks.
Now if the upstreams always selects one route over another then it is a
missconfiguration on their side (e.g. there is still a static route
somewhere configured or something else).
--
:wq Claudio
