19 posts were merged into an existing topic: How to advertise networks in BGP
SInce BGP only advertises network which matches in the routing table, why doesn’t it advertise prefixes learnt from other neighbor as its own network to other neighbors .
the show ip route command does show route is being self-originated but the last update still shows that is prefix is being learnt from neighbor
This is a very good question concerning how BGP and NAT can function together. For BGP to advertise a route, this route must be in the router’s routing table. But if you’re using NAT, then the routes in the router’s routing table will be the internal or private ranges, ranges that you don’t actually want advertised. So how do you get the routable or public IP ranges to be advertised by BGP?
Well, in simple terms, you would have to insert the route to the public IP address space that is being used for NAT translation. If for example, you are translating 10.123.10.50 to the external IP address 188.8.131.52, then you would add a static route on the NAT router that points to a null interface like so:
ip route 184.108.40.206 255.255.255.255 Null0
For this route to be advertised via BGP, you would add the following
network command to the appropriate BGP AS:
network 220.127.116.11 mask 255.255.255.255
This IP address will then be advertised via BGP.
If you have a whole range of public IP addresses that are used for NAT, then you can add the whole range of addresses to the above two commands. For example, if you are translating to the external range 18.104.22.168/27, then the respective commands would be:
ip route 22.214.171.124 255.255.255.224 Null0
network 126.96.36.199 mask 255.255.255.224
I hope this has been helpful!
BGP does use triggered updates when it learns of a change on its internal domain. However, there are a few things that affect the operation of this triggering that will in turn affect the behaviour of BGP.
Lets say that there is a network on the internal domain that is learned via OSPF, and this network continually goes up and down. BGP updates will be affected by the following:
The detection of the changes - how fast does the router detect that the OSPF route is down? This depends primarily on the BGP scanner process. This process walks the BGP table and confirms reachability of the next hops. The most important issue here is that BGP will do this once a minute.
Propagation of the changes - How fast and often can BGP advertise the changes? By default, BGP waits for the Advertisement Interval to expire before sending any changes. For eBGP, the default is 30 seconds and for iBGP the default is 5 seconds. Even if a change is detected in an OSPF route for example, BGP will not send out any advertisements until this timer expires. The benefit is that updates can be sent more efficiently, solving the problem of stability to a certain degree, but this comes at a cost of convergence time.
If however you have a flapping route on an internal network, BGP will not issue updates at the same frequency thus giving you some stability until the problem can be solved.
I hope this has been helpful!
Let assume that R1 have three eBGP neighbors ( R2 , R3 , and R4 ) and I need to advertise the network in interface loopback of R1 to only R2.
Is that possible by using network statement with route-map ?? or there is something else to achieve this ??
It’s very helpful for me if you can do that by using network statement with route-map.
That is no problem. You advertise the network with the network command and then use route-maps to filter what you need.
Here’s R1 advertising to R2:
R1#show ip bgp neighbors 192.168.12.2 advertised-routes BGP table version is 4, local router ID is 188.8.131.52 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 184.108.40.206/32 0.0.0.0 0 32768 i Total number of prefixes 1
And to R3:
R1#show ip bgp neighbors 192.168.13.3 advertised-routes BGP table version is 4, local router ID is 220.127.116.11 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 18.104.22.168/32 0.0.0.0 0 32768 i *> 22.214.171.124/32 192.168.12.2 0 0 2 i Total number of prefixes 2
If you want to filter 126.96.36.199/32 from being advertised to R3, do something like this:
R1(config)#ip prefix-list R1_L0 permit 188.8.131.52/32 R1(config)#route-map TO_R3 deny 10 R1(config-route-map)#match ip address prefix-list R1_L0 R1(config)#route-map TO_R3 permit 20 R1(config)#router bgp 1 R1(config-router)#neighbor 192.168.13.3 route-map TO_R3 out
And it’s gone:
R1#show ip bgp neighbors 192.168.13.3 advertised-routes BGP table version is 4, local router ID is 184.108.40.206 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 220.127.116.11/32 192.168.12.2 0 0 2 i Total number of prefixes 1
Hope this helps!
Thank you @ReneMolenaar for your fast answer,
Your example helpful if you already have something in the BGP table and you want to advertise it to only specific neighbor ( filtering ), but I was wondering if it is possible for the router that injecting the route in the BGP table will advertise it to specific neighbor ( injecting and filtering ).
BGP is a policy implementation protocol more than being routing protocol so absolutely this can be done by advertising the network then filtering it by using neighbor x.x.x.x ( route-map or distribute-list or advertise-map etc… ) statement, but I really want to find scale option by using single command to achieve that and I am thinking that this can be achieved by using network statement in combine with route-map, for example :-
network 18.104.22.168 mask 255.255.255.255 route-map To-R2-Only
If that could be achieved by using this command what be the logic of ( route-map To-R2-Only ) ? if not and there is another thing can achieve that can you tell me about it ??
My Best Regards,
I’m afraid you can’t do this. With BGP, the network command adds something to the global BGP table and then you can use route-maps to decide if you want to advertise something or not to your neighbors.
What exactly are you trying to do? If you want something where you don’t advertise anything to a neighbor unless you configure it to do so, then you still could use a route-map with some regular expressions. For example, let’s say you don’t want to advertise anything by default that you added to the BGP table then you can use a route-map with a regular expression like this:
R1(config)#ip as-path access-list 1 permit ^$ R1(config)#ip prefix-list THESE_PREFIXES permit 22.214.171.124/32 R1(config)#route-map TO_R2 permit 10 R1(config-route-map)#match ip address prefix-list THESE_PREFIXES R1(config)#route-map TO_R2 deny 65535 R1(config-route-map)#match as-path 1
You can also get pretty creative with the BGP communities.
PS - It is possible to attach a route-map to a network command btw, but it can only be used to change the attributes of the network you advertise.
Thanks @ReneMolenaar, your provided information very useful.
Hi Laz, Thanks. So when the traffic comes for a destination IP of 126.96.36.199, it will first do NATting before route the packet to internal private subnet(10.X.X.X) ?
Yes, that is correct. The packet will be NATted before being routed. This is also standard for the NAT order of operations that are always very useful to review. Here is a link that describes these order of operations:
The case that you are describing is an outside-to-inside transaction.
I hope this has been helpful!
“When we use the network command in BGP then BGP will only look at the routing table. When it finds the network that matches the network command, it will install it in the BGP table.” Would this mean the loopback 188.8.131.52 from R1, that’s advertised to R2 via BGP won’t be installed on the R2 BGP table unless there’s a route to the loopback in the R2 routing table as well? I am still having issues understanding the relationship between the BGP table and the routing table. Any additional clarification will be very helpful.
This “rule” is relevant only when using the
network command. Whenever you use the
network command, the network that you are referring to in that command must be in the routing table in order for it to be installed in the BGP table and advertised.
Any network that a router learns about from a BGP neighbor will be placed in the BGP table and will not go through the routing table check.
So in the case of this lesson, R1 will place the 184.108.40.206/24 subnet in its routing table because the following two are true:
- it has been added using the network command
- it exists in the routing table because it is a directly connected network
R2 on the other hand will have the 220.127.116.11/24 network installed in its BGP and subsequently, routing table (if it is indeed the best route) because it was learned via BGP. There is no prerequisite for the route to be in the routing table in this case.
I hope this has been helpful!
Hello, Id like to clarify something that was actually mentioned but I did not quite get. This is one specific case of advertising default route. So I have a router (rather redundant pair) that are in the middle of the network. They have and advertise through BGP multiple internal networks. But they dont have default gateway. Now I have connected another pair of routers to them (typical crossbar configuration). I dont want to dump to them the whole BGP from my core. But still want to use BGP. Obviously, advertising only DG from core is 1st thing that comes to mind. So I thought there are 3 choices:
- On core routers create and advertise to new routers the new static route to 0.0.0.0 for Null0 interface. That did not look very elegant. Seems would work (since more specific routes still would be in the RIB and rest would go to Null) but still… So did not try that.
- Use with ‘neighbor’ statement the ‘default-originate’ switch. In my case core routers are ASRs, so this goes under address-family section. Tried and it worked fine - downstream routers show up now 0.0.0.0 route pointing to core. Packets will go there and then will be routed based on RIB there.
- Then I thought, why not to do the same for all other connected to core routers? But too many statements need to be reconfigured. So I discarded ‘default-originate’ in neighbor statement and instead added under global section of BGP config the ‘default-information originate’ statement. And, no result. Downstream routers dont have 0.0.0.0 network anymore.
So now Im confused - my understanding was that ‘default-information originate’ allows router to advertise default gateway to all the neighbors when actual default route does not exist in RIB. Same as ‘default-originate’ in the neighbor statement but ‘globally’ for all the neighbors. Is it not the case? It was mentioned earlier that defulat-information originate works only with redistribution. But if we redistribute default gateway it will anyway get advertised (unless we filter it out on purpose). Then why would we need default -information originate? It would be similar to my option ‘1’ above where I create route to null0 and then redistribute it into BGP. No need for anything else.
So can we clarify the purpose and application of the ‘default-information originate’ command? Maybe with some examples?
There are four ways to distribute a default route in BGP. The first three have a similar effect, two of which you have already described in your post:
- redistribution from another protocol
The fourth is the
network X.X.X.X default-originate command which works a little differently. It is the same as the
default-information originate command, because the default route doesn’t actually have to be in the routing table. However, it is different in that the default route will ONLY be advertised to this specific BGP neighbor and not to all BGP neighbors. The default route will NOTbe installed in the BGP RIB of the router on which you apply this command, so it won’t generally be advertised to all BGP neighbors.
default-information originate command actually DOES place the default route into the RIB so that it does propagate it to all BGP neighbors. It is the
network X.X.X.X default-information originate command that allows you to advertise a default route that is NOT in the routing table and is not placed within the RIB, and is sent ONLY to the specified neighbor.
I don’t know the details of your specific topology, but I hope this clarification will bring you a step closer to resolving your issue.
I hope this has been helpful!
Thanks, Lazaros, I still was having difficulties understanding the actual application and differences between all these commands. And I have to assume what you really meant in your explanation is not “It is the network X.X.X.X default-information originate command” (no such command exists) but rather “It is the neighbor X.X.X.X default-originate command”, which is quite different particularly when person is already quite confused. But it jolted my brain sufficiently enough that its finally dawned on me. Googling this thing was just getting the repetition of the same thing without anybody stating it in clear way (talking about technicians not good at communicating their thoughts :-)) . The ‘default-information originate’ command DOES NOT REQUIRE REDISTRIBUTION to work. That would be meaningless. IT IS redistribution. Thats if there are other protocols that are NOT redistributing into BGP but that do have default gateway then this command WILL then redistribute the DG (and only DG) into BGP, install it into BGP RIB and consequently advertise to all BGP neighbors. Also clear now why it did not work in my case while neighbor default-originate did. Actually, it did work in a sense - it was honestly ‘redistributing’ DG from any other RIB, its just that those did not have DG so nothing really was happening and no errors either. If at any time I would for instance add static route to DG it would immediately appear in BGP, as well (without me redistributing static). Thats all there is. Now all is very clear and purpose and function of each of these commands make complete sense. Thanks.
Yes, you are correct, and my apologies for that error .
I’m glad you’ve cleared it up and it is now fully understood!
I have yet another question regarding redistribution. Lets say I have a router with many interfaces and a sufficiently large block of static routes. So I want to advertise them by BGP. The ‘redistribution’ command would be a savior in this case- I just ‘redistribute’ static and connected into BGP. However, with many neighbors I dont want to advertise all the static and/or connected routes to all the neighbors, only to some. But the problem is the ‘redistribute’ command is a global command, it does not exist under each neighbor section. So how would I ‘redistribute’ only to selected neighbors? Is it even possible?
In this case, you could use the
redistribute command to get the static routes in your local BGP table and then use route-maps to define what you want to advertise to your neighbors. For example:
R1(config)#interface loopback 0 R1(config-if)#ip address 192.168.0.1 255.255.255.255 R1(config)#interface loopback 1 R1(config-if)#ip address 192.168.1.1 255.255.255.255 R1(config)#router bgp 1 R1(config-router)#redistribute connected
R2 now sees both entries:
R2#show ip bgp BGP table version is 8, local router ID is 18.104.22.168 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 192.168.0.1/32 192.168.12.1 0 0 1 ? *> 192.168.1.1/32 192.168.12.1 0 0 1 ?
Let’s get rid of one:
R1(config)#ip access-list sta R1_L0 R1(config-std-nacl)#permit host 192.168.0.1 R1(config)#route-map R2 permit 10 R1(config-route-map)#match ip address R1_L0 R1(config)#router bgp 1 R1(config-router)#neighbor 192.168.12.2 route-map R2 out
R2 only sees the route we permit not:
R2#show ip bgp Network Next Hop Metric LocPrf Weight Path *> 192.168.0.1/32 192.168.12.1 0 0 1 ?
Hope this helps!
Ok, thanks Rene, thats kind of what I was thinking. So I would potentially end up with multiple route-maps for different neighbors to filter out undesirable routes for specific neighbors while by default redistributed routes would all get advertised to all neighbors. Actually, the question came from attempt to move configuration from Juniper to CISCO. In Juniper its another way around - by default nothing is advertised, need to have a policy indicating what neighbors the routes are redistributed to. Certainly better in this scenario. Just another proof no vendor is better or worse than another - shortcoming in one’s product is the strong feature in competitor’s.