How come EBGP does need to use route-map for advertising the default route, while IBGP does not need it ?
If you have a DMVPN where half the spokes are in one AS, the other half are in another AS, can you still use dynamic peer groups?
Say Hub is in AS 65001. S1 and S2 are in AS 65001 and S3 and S4 are in 65002. How would you set that up?
Hello Max
Yes, you can do this. Take a look at this post, which is in the DMVPN Phase 3 BGP Routing forum topic, but the same principle applies here too:
I hope this has been helpful!
Laz
Hi Rene/Laz,
In the given commands,
Hub(config)#ip route 0.0.0.0 0.0.0.0 null0
Hub(config)#ip prefix-list DEFAULT_ROUTE permit 0.0.0.0/0
Hub(config)#route-map SPOKE_ROUTERS permit 10
Hub(config-route-map)#match ip address prefix-list DEFAULT_ROUTE
Hub(config)#router bgp 65001
Hub(config-router)#network 0.0.0.0 mask 0.0.0.0
Hub(config-router)#neighbor 172.16.123.2 route-map SPOKE_ROUTERS out
Hub(config-router)#neighbor 172.16.123.3 route-map SPOKE_ROUTERS out
My confusion is that first you sent any n/w with any mask to null 0 then you creating prefix list for the same and permitting n/w then further advertising default to route BGP, we can simply advertise the default route here also like spokes in same AS instead of that whole configuration.
unable to understand please elaborate?
Hello Pradyumna
Using the null0 static route is standard practice to be able to advertise a network in BGP that you donât actually have. Remember that BGP can only advertise networks that are already in the routing table. The default route is not in the routing table by default, but if you add it as a null route, it will be, so BGP will automatically advertise it.
Now the rest of the configuration using the route map simply filters out any other prefixes that may be shared using BGP. So the result is that BGP will advertise only the null default route, and will not advertise anything else, which is what we want.
I hope this has been helpful!
Laz
2 Likes
Hi Laz,
Thanks for this explanation, if possible can you elaborate null 0 concept whole process like how it works when any network advertises to null 0 interface?
Hello Laz - Is there anything specific to the DMVPN tunnels that we did not use the âdefault-information originateâ command in BGP (with a static default route to Null0) OR simply the âneighbor X.X.X.X default originateâ command (that should also work without the Null0 route) ? I tried it both ways but the Spokes would just not see the default route. What am I missing here ?..TY !
Hello Rehank
Using the default-information originate command with BGP should also be an option to send the default route from the HUB to the spokes. However, you must keep in mind that in order for this to work, you must also have a redistribution statement configured, otherwise the default route will not be advertised. More about this can be found at the following CIsco command line reference:
Similarly, you could use the default originate keywords with the neighbor statement, but even then, if you choose to use it with a route map, the match IP address statement must match the IP access list exactly. More on this can be found here:
Using these references, you can experiment to determine which setup would be best for your situation. Rene chose to use a routemap that matches the default route on the hub to be sent out to the neighbouring spokes.
I hope this has been helpful!
Laz
Hello Pradyumna
The Null0 route in routing tables can be used for various reasons. The following posts should cover most of what you are looking for:
If you have any more specific questions, let us know!
I hope this has been helpful!
Laz
Hi Laz,
I think here their is no need of prefix list and route map, only creating a default route with null 0 interface and advertise it in bgp is enough then why are we using prefix-list and route map?
Kindly explain all these commands from creating null 0 interface to applying of prefix-list, actually unable to understand what traffic is exactly being advertised and what is getting blocked?
Hello Pradyumna
If you create the null route and advertise that route via BGP using the network 0.0.0.0 mask 0.0.0.0 command, then yes, that would be enough to advertise the default route to the spokes. However, this would simply add the default route to the routing tables of the spokes via BGP.
The routes to the destinations to all other spokes would still be advertised.
The purpose of the prefix-list and route map is to filter out the rest of the routes and allow the spoke to learn only the default route.
Notice that after these commands, the spokes have only a single route: the default route, and the route to the other spoke is no longer there.
For more info on the commands involved in applying prefix lists, take a look at the following lesson:
I hope this has been helpful!
Laz
HI ,
which IOS model will support bgp listen range X.X.X.X. i tried on 7200 series ios 15.1 it not supported.
Hello Gowthamraj
According to the following Cisco command reference documentation, this command was introduced with IOS version 12.2(33)SXH.
Whether a particular command is available also depends on the train of the IOS as well as the platform, so it may be that your specific router doesnât support it. The following documentation includes additional information about BGP dynamic neighbors, and explains some of the IOS versions that support it.
I hope this has been helpful!
Laz
thank you Laz i will check it and comeback to you
1 Like
Hi Rene,
I want to understand dmvpn network id command , what are the senario when it needs to be diff?
and what is actual usecase of this
Hello Ankush
I think you mean the ip nhrp network-id command that is issued in interface configuration mode, correct? In the following introductory lesson to DMVPN below, Rene explains this command in detail:
Specifically, he says:
When you use multiple DMVPN networks, you need the network ID to differentiate between the two networks. This value is only locally significant but for troubleshooting reasons itâs best to use the same value on all routers.
I hope this has been helpful!
Laz
âiBGP with dynamic peersâ donât seem to be working. Whatâs wrong with it?
Hub#show run | s router bgp
router bgp 65001
bgp log-neighbor-changes
bgp listen range 172.16.123.0/24 peer-group DMVPN_SPOKES
network 0.0.0.0
neighbor DMVPN_SPOKES peer-group
neighbor DMVPN_SPOKES remote-as 65001
Spoke1#show run | s router bgp
router bgp 65001
bgp log-neighbor-changes
network 3.3.3.3 mask 255.255.255.255
neighbor 172.16.123.1 remote-as 65001
Spoke2#show run | s router bgp
router bgp 65001
bgp log-neighbor-changes
network 2.2.2.2 mask 255.255.255.255
neighbor 172.16.123.1 remote-as 65001
debug ip bgp all:
*Dec 21 11:23:23.252: BGP: topo global:IPv4 Unicast:base Scanning routing tables
*Dec 21 11:23:23.252: BGP: topo global:IPv4 Multicast:base Scanning routing tables
*Dec 21 11:23:23.252: BGP: topo global:L2VPN E-VPN:base Scanning routing tables
*Dec 21 11:23:23.252: BGP: topo global:MVPNv4 Unicast:base Scanning routing tables
Hello Puilai
First of all, the debug output that you see there is normal. It doesnât indicate a problem. BGP routers will scan next-hop IPs for validation every 60 seconds, and itâs a normal procedure. You can find out more about this here:
Now looking at your configurations I donât see anything immediately out of the ordinary. Make sure that youâve followed the steps in the lesson exactly. Can you clarify what the problem you are facing is so that we can help you out further?
I hope this has been helpful!
Laz
Hi Community !
regarding DMVPN with BGP , I have configured as below:
a) Hub router in AS 65001
b) Three Spoke routers -1,2,3 in AS 65002 - forming IPV4 and IPV6 tunnels (Tunnel 0 -IPV4) and (Tunnel-6 IPV6)
c) used neighbor < nhs ip add> allowas-in 1 in spoke router BGP config to allow spoke-to-spoke BGP communication and it worksâŚ
SPOKE-1: code snippet:
router bgp 65002
neighbor 172.16.123.1 remote-as 65001
network 2.2.2.2 mask 255.255.255.255
neighbor 172.16.123.1 activate
neighbor 172.16.123.1 allowas-in 1