BGP and static route 1

[pepe123]

I have a Cisco router running BGP for the main (primary) link. If my main link goes down there is a back up circuit. I have created a static route with a metric of 250. When the main link goes down the traffic goes via my backup with no problem. The problem is when the main link(primary) comes backup the router does not change the traffic back to the primary. On the bgp status I do not get an update about the location being backup until I remove the static route. If any one can help me on this issue I would appreciated.

Thanks,
Jose'

 

[baddos]

Are you accepting a default route via BGP? If so, that should get installed.

You should probably run BGP on the secondary link as well, and have BGP decide where to route the traffic.

 

[sbonete]

The problem here seems to be as follows:

As your eBGP neighbour must be reached over the BGP link and all the traffic is going over the secondary link, there is no way for your router making an adjacency with the other BGP router when the statics route all the traffic over the secondary link.

Try to add a static for your BGP neighbour exiting over the primary line. That should work. Take care, that static must have an administrative distance of 0 or 1 (always better than the backup static route).

I.E, your BGP neighbor is 21.21.21.2 and your BGP link is s0/0 add the following line to your config:

ip route 21.21.21.2 255.255.255.255 s0/0

That should fix your problem.

Regards.

Sam Bonete.

 

[vipergg]

If the above doesn't work you can try putting the command default-information originate on the main bgp link and put default-information originate metric 200 on the backup link and see if this will work for you .

 

[onlinecorp]

I too am having BGP issues, what is happening is:
I peer with Pentel Data and AT&T. No matter what I do
all routes are going to ATT first. And therefore I am not getting fail over should ATT go down. What I need is a real experianced Cicso Guru to look at my config and spot the issues. Is there anyone out there who can assist? Please?

Contact Elliott Kayne
570-686-2300
ek@onlinecorp.com
Thanks

 

[baddos]

onelinecorp...

Are you receiving a full view, default route, or just using a static default route?

 

[onlinecorp]

I dont know I am not the router tech. I am looking for a guru to help me to configure this correctly. All I know is it is configed for fail over. If you know of or are a cisco guru with BGP experiance, I can send you my configs to review.

 

[jneiberger]

sbonete:

Your solution might work if he is using eBGP multihop, but would be irrelevant if this is not a multihop session.

pepe123:

1. Is this an eBGP multihop session?

2. If you are not running BGP on your secondary link then how do Internet routers become aware of your addresses? Is your ISP on that link advertising them for you? Did you get your assigned addresses from the ISP you're using as a backup?

3. If you're only running BGP on one link, do you really need BGP? I suspect that you got your public addresses from ISP B but you really want to use ISP A as your primary. Is that true?

4. Wait a second...I guess I'm just assuming that you have two ISPs. Do you have two links to a single ISP or do you have two ISPs? If this is just two links to the same ISP and you're only running BGP on one of them then you almost definitely do not need BGP.

5. Out of curiosity, if you have two ISPs, what is the prefix length of the addresses that you have been assigned?

 

[pepe123]

This network is not going to the Internet. This is a private PIP network from MCI. MCI uses the bgp and the eigrp is my old network that I am converting from. Both are on the same router.

 

[jneiberger]

Gotcha. Interestingly, we almost bought a bunch of MCI PIP circuits but we ended up going with another vendor. However, I'm in the middle of the very same process you are. I've got a network full of frame relay running EIGRP and I'm migrating to VPN services with BGP.

Can we see a sanitized copy of your config?

 

[pepe123]

Here a copy of my config.

version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Master
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5
enable password 7
!
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
no ip domain lookup
no ftp-server write-enable
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0/0$
ip address x.x.1.4 255.255.255.0
duplex full
speed 10
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
encapsulation frame-relay
no fair-queue
frame-relay traffic-shaping
frame-relay lmi-type ansi
hold-queue 200 out
!
interface Serial0/0/0.1 point-to-point
description Frame Relay to Bridgeport
ip address x.x.50.1 255.255.255.252
frame-relay class cisco
frame-relay interface-dlci 206
class cisco2
!
interface Serial0/0/0.2 point-to-point
description Frame-relay to Jackson,MS
ip address x.x.50.5 255.255.255.252
frame-relay class cisco
frame-relay interface-dlci 211
class cisco2
!
interface Serial0/0/0.3 point-to-point
description Frame-Relay to Raleigh,NC
ip address x.x.50.9 255.255.255.252
frame-relay class cisco
frame-relay interface-dlci 205
class cisco2
!
interface Serial0/0/0.5 point-to-point
description Frame-Relay to Norcross
ip address x.x.50.17 255.255.255.252
frame-relay class cisco1
frame-relay interface-dlci 219
!
interface Serial0/0/0.7 point-to-point
description Frame Relay Akron
ip address x.x.50.25 255.255.255.252
frame-relay class cisco1
frame-relay interface-dlci 217
!
interface Serial0/0/0.8 point-to-point
description Frame-Relay Indy
ip address x.x.50.33 255.255.255.252
frame-relay class cisco
frame-relay interface-dlci 202
class cisco2
!
interface Serial0/0/0.9 point-to-point
description Frame-Relay Phoenix
ip address x.x.50.37 255.255.255.252
frame-relay class cisco
frame-relay interface-dlci 215
class cisco2
!
interface Serial0/0/0.11 point-to-point
description Frame-Relay to Fort Pierce
ip address x.x.50.41 255.255.255.252
frame-relay class cisco1
frame-relay interface-dlci 210
!
interface Serial0/0/0.12 point-to-point
description Frame-Relay to Columbus,OH
ip address x.x.50.45 255.255.255.252
frame-relay class cisco
frame-relay interface-dlci 223
!
interface Serial0/0/0.13 point-to-point
description Frame-Relay to City of Industry,CA
ip address x.x.50.49 255.255.255.252
frame-relay class cisco
frame-relay interface-dlci 222
!
interface Serial0/0/0.14 point-to-point
description Frame-Relay to Newark,CA
ip address x.x.50.53 255.255.255.252
frame-relay class cisco1
frame-relay interface-dlci 218
!
interface Serial0/0/0.15 point-to-point
description Frame-Relay to Bettendorf,Iowa
ip address x.x.50.65 255.255.255.252
frame-relay class cisco1
frame-relay interface-dlci 209
!
interface Serial0/0/0.16 point-to-point
description Frame-Relay to Sarasota,FL
ip address x.x.50.61 255.255.255.252
frame-relay class cisco1
frame-relay interface-dlci 207
!
interface Serial0/0/0.17 point-to-point
description Frame-relay to Ft. Myers,FL
ip address x.x.50.57 255.255.255.252
frame-relay class cisco1
frame-relay interface-dlci 220
!
interface Serial0/0/0.300 point-to-point
description MCI MPLS Circuit tamarac-fl_
ip address x.x.42.162 255.255.255.252
frame-relay class cisco3
frame-relay interface-dlci 300 IETF
!
router eigrp 1
redistribute static
redistribute connected
redistribute bgp 1 metric 10 10 255 255 1500
network x.x.1.0
network x.x.50.0
no auto-summary
!
router bgp 1
no synchronization
bgp log-neighbor-changes
neighbor x.x.42.161 remote-as 65000
no auto-summary
redistribute connected
redistribute static
redistribute eigrp 1

!
ip classless
ip route 192.168.1.0 255.255.255.0 197.98.1.5
ip route 197.98.4.0 255.255.255.0 197.98.1.5 250
ip route 197.98.6.0 255.255.255.0 197.98.1.5 250
ip route 197.98.7.0 255.255.255.0 197.98.1.5 250
ip route 197.98.8.0 255.255.255.0 197.98.1.5 250
ip route 197.98.10.0 255.255.255.0 197.98.1.5 250
ip route 197.98.19.0 255.255.255.0 197.98.1.5 250
ip route 197.98.20.0 255.255.255.0 197.98.1.5
!
!
no ip http server
no ip http secure-server
!
!
map-class frame-relay cisco
frame-relay cir 128000
frame-relay bc 16000
frame-relay mincir 64000
frame-relay holdq 200
frame-relay adaptive-shaping becn
!
map-class frame-relay cisco2
frame-relay cir 128000
frame-relay mincir 128000
frame-relay holdq 200
frame-relay adaptive-shaping becn
!
map-class frame-relay cisco1
frame-relay cir 56000
frame-relay bc 7000
frame-relay mincir 32000
frame-relay holdq 80
frame-relay adaptive-shaping becn
!
map-class frame-relay cisco3
frame-relay cir 512000
frame-relay mincir 512000
frame-relay holdq 200
frame-relay adaptive-shaping becn
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
password 7
login
line aux 0
password 7
login
line vty 0 4
password 7
login
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
no scheduler allocate
!
end

 

[jneiberger]

Okay, good. Now, what routes are you learning from the PIP connection via BGP?

 

[pepe123]

The routes are 197.98.4.0,197.98.6.0,197.98.10.0,197.98.14.0. Those are the locations that have been converted to PIP.

 

[jneiberger]

And what prefix length are these routes? Your static routes are /24s. Are you learning /24s via BGP?

Can you post the output of "show ip bgp"?

 

[pepe123]

Here is the information

Master#sh ip bgp
BGP table version is 232, local router ID is 206.115.42.162
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 147.225.132.240/30
206.115.42.161 0 65000 ?
*> 147.225.133.60/30
206.115.42.161 0 65000 ?
*> 147.225.133.64/30
206.115.42.161 0 0 65000 ?
*> 147.225.134.40/30
206.115.42.161 0 65000 ?
*> 147.225.178.232/30
206.115.42.161 0 0 65000 ?
*> 147.225.231.68/30
206.115.42.161 0 65000 ?
*> 147.225.231.104/30
206.115.42.161 0 65000 ?
*> 147.225.244.52/30
206.115.42.161 0 65000 ?
*> 159.24.158.24/30 206.115.42.161 0 65000 ?
Network Next Hop Metric LocPrf Weight Path
*> 192.168.1.0 197.98.1.5 0 32768 ?
*> 192.168.40.0 206.115.42.161 0 65000 65000 ?
*> 197.98.1.0 0.0.0.0 0 32768 ?
*> 197.98.2.0 197.98.50.62 2172416 32768 ?
*> 197.98.3.0 206.115.42.161 0 65000 65000 ?
*> 197.98.4.0 206.115.42.161 0 65000 65000 ?
*> 197.98.5.0 206.115.42.161 0 65000 65000 ?
*> 197.98.6.0 197.98.50.2 2172416 32768 ?
*> 197.98.7.0 197.98.50.34 2172416 32768 ?
*> 197.98.8.0 197.98.50.6 2172416 32768 ?
*> 197.98.9.0 206.115.42.161 0 65000 65000 ?
*> 197.98.10.0 197.98.50.38 2172416 32768 ?
*> 197.98.12.0 197.98.50.42 2684416 32768 ?
*> 197.98.13.0 197.98.50.54 2172416 32768 ?
*> 197.98.14.0 206.115.42.161 0 65000 65000 ?
*> 197.98.15.0 197.98.50.18 2172416 32768 ?
*> 197.98.16.0 197.98.50.66 2172416 32768 ?
*> 197.98.17.0 197.98.50.42 2172416 32768 ?
*> 197.98.18.0 197.98.50.58 2195456 32768 ?
*> 197.98.19.0 206.115.42.161 0 65000 65000 ?
*> 197.98.20.0 197.98.1.5 0 32768 ?
*> 197.98.21.0 197.98.50.46 2172416 32768 ?
Network Next Hop Metric LocPrf Weight Path
*> 197.98.22.0 197.98.50.50 2172416 32768 ?
*> 197.98.23.0 206.115.42.161 0 65000 65000 ?
*> 197.98.50.0/30 0.0.0.0 0 32768 ?
*> 197.98.50.4/30 0.0.0.0 0 32768 ?
*> 197.98.50.8/30 0.0.0.0 0 32768 ?
*> 197.98.50.16/30 0.0.0.0 0 32768 ?
*> 197.98.50.24/30 0.0.0.0 0 32768 ?
*> 197.98.50.32/30 0.0.0.0 0 32768 ?
*> 197.98.50.36/30 0.0.0.0 0 32768 ?
*> 197.98.50.40/30 0.0.0.0 0 32768 ?
*> 197.98.50.44/30 0.0.0.0 0 32768 ?
*> 197.98.50.48/30 0.0.0.0 0 32768 ?
*> 197.98.50.52/30 0.0.0.0 0 32768 ?
*> 197.98.50.56/30 0.0.0.0 0 32768 ?
*> 197.98.50.60/30 0.0.0.0 0 32768 ?
*> 197.98.50.64/30 0.0.0.0 0 32768 ?
*> 197.98.51.0/30 197.98.50.42 2681856 32768 ?
*> 206.114.91.100/30
206.115.42.161 0 65000 ?
* 206.115.42.160/30
206.115.42.161 0 0 65000 ?
*> 0.0.0.0 0 32768 ?
Network Next Hop Metric LocPrf Weight Path
*> 206.115.43.24/30 206.115.42.161 0 65000 ?
*> 206.115.47.240/30
206.115.42.161 0 65000 ?
*> 206.155.22.196/30
206.115.42.161 0 65000 ?
*> 206.155.28.236/30
206.115.42.161 0 65000 ?
Master#

 

[jneiberger]

It's interesting that you only have one BGP session to an external peer yet you have multiple next-hops in your BGP table. In this situation, shouldn't all of your next-hops be 206.115.42.161?

One of the routes you mentioned, 197.98.10.0, has a next hop of 197.98.50.38. How is that happening? Do you have another BGP peer that isn't listed in this config, or is someone altering the next-hop attribute somewhere?

 

[pepe123]

Sory, I made a mistake on the list of IP address. The 197.98.10.0 is on the eigrp. All the routes with the 197.98. address are learned via eigrp. I hope that answer your questions.

 

[jneiberger]

Hmm...this is a mystery, then. Your backup routes are /24s and so are the routes you're learning via BGP. BGP has a better AD than eigrp so your primary should take over shortly after the link comes back up.

After the primary recovers, does your BGP session recover immediately or does that also remain broken until you remove the static route?

 

[pepe123]

The bgp session remains down until I remove the static route.

 

[jneiberger]

That's really odd. Your eBGP peer is directly connected via DLCI 300. As soon as that PVC comes back up, that route should override all other routes to that destination because it will be the most specific and it will have the lowest AD.

Are you able to do some testing? I'd like to force this device to take the secondary path and then do a "show ip route 206.115.42.161". I'd like to know why the directly connected route isn't being taken. Some other route must be taking precedence and we need to find out why.