Ok, I believe this is an ROS7 thing and just a misconfiguration on my part. By default, BGP on ROS6 would advertise eBGP routes to iBGP. However, despite having a plain accept output filter(or no output filter set which should do the same thing), no eBGP routes are being advertised into iBGP.
Is that expected behavior?
Just to clarify terminology, redistribution is a manual config in BGP that is not the default.
It seems like you’re describing advertising eBGP learned routes to iBGP peers..is that accurate?
Can you share config and the output of /routing/routes for the routers involved?
Yes that’s correct. I am just looking to have eBGP routes advertised to iBGP peers. I updated my original post to eliminate the ambiguity.
Edge Router BGP and filter config:
/routing bgp template
set default address-families=ip as=65534 disabled=no nexthop-choice=\
force-self output.network=bgp-networks router-id=10.200.1.1 \
routing-table=main use-bfd=yes vrf=main
add address-families=ip as=65534 disabled=no input.filter=DROPALL name=\
EXTERNAL-v4 output.filter-chain=DROPALL .network=BGP-v4-OUTPUT \
router-id=<sanitized> routing-table=main use-bfd=no vrf=main
/routing bgp connection
add address-families=ip as=65534 disabled=no input.filter=\
BGP-HURRICANE_ELECTRIC_V4_IN local.role=ebgp-customer name=\
WAN_HURRICANE-ELECTRIC output.filter-chain=BGP-HURRICANE_ELECTRIC_V4_OUT \
.network=V4_PUBLIC remote.address=184.105.63.33/32 .as=6939 \
router-id=<sanitized> routing-table=main templates=EXTERNAL-v4 use-bfd=\
no vrf=main
add address-families=ip as=65534 connect=yes disabled=no input.filter=\
BGP-CORER1_V4_IN listen=yes local.address=10.200.1.1 .role=\
ibgp-rr-client multihop=yes name=CORER1.DC01_V4 nexthop-choice=\
force-self output.filter-chain=BGP-CORER1_V4_OUT \
remote.address=10.200.1.3/32 .as=65534 router-id=10.200.1.1 \
routing-table=main templates=default use-bfd=no vrf=main
/routing filter rule
add chain=BGP-HURRICANE_ELECTRIC_V4_IN comment=\
"Drop all variations of our prefixes" disabled=no rule=\
"if (dst in BGP_OUR_PREFIXES) {\r\
\nreject\r\
\n}"
add chain=BGP-HURRICANE_ELECTRIC_V4_IN comment="Drop bogon routes in" disabled=\
no rule="if (dst in BOGON) {\r\
\nreject\r\
\n}"
add chain=BGP-HURRICANE_ELECTRIC_V4_IN comment="Accept all other routers" \
disabled=no rule=accept
add chain=BGP-HURRICANE_ELECTRIC_V4_OUT comment=\
"Only Advertise routes in BGP_V4_PUBLIC Firewall Filter" disabled=\
no rule="if (dst in BGP_V4_PUBLIC) {accept}"
add chain=BGP-CORER1.DC01_V4_IN disabled=no rule=accept
add chain=BGP-CORER1.DC01_V4_OUT disabled=no rule=accept
Core Configuration:
/routing bgp template
set default address-families=ip as=65534 disabled=no nexthop-choice=force-self output.network=bgp-networks router-id=10.200.1.3 routing-table=main use-bfd=no vrf=main
/routing bgp connection
add address-families=ip as=65534 connect=yes disabled=no input.filter=BGP-EDGER1.DC01_V4_IN listen=yes local.address=10.200.1.3 .role=ibgp-rr name=EDGER1.DC01_V4 nexthop-choice=force-self output.filter-chain=BGP-EDGER1.DC01_V4_OUT .network=BGP-LOCAL-NETS remote.address=10.200.1.1/32 .as=65534 router-id=\
10.200.1.3 routing-table=main templates=default use-bfd=no vrf=main
/routing filter rule
add chain=BGP-EDGER1.DC01_V4_IN disabled=no rule=accept
add chain=BGP-EDGER1.DC01_V4_OUT disabled=no rule=accept
Im not going to dump the table, as the edge is taking full routes however here is OSPF and an eBGP route(google):
ip route/print where dst-address=8.8.8.0/24
Flags: D - DYNAMIC; I, A - ACTIVE; b, y - COPY
Columns: DST-ADDRESS, GATEWAY, DISTANCE
DST-ADDRESS GATEWAY DISTANCE
DAb 8.8.8.0/24 184.105.63.33 20
/ip route/ print where ospf=yes
Flags: D - DYNAMIC; A - ACTIVE; o, y - COPY; + - ECMP
Columns: DST-ADDRESS, GATEWAY, DISTANCE
DST-ADDRESS GATEWAY DISTANCE
DAo 10.200.1.3/32 10.10.10.6%E1V0102-TRANSIT-CORE01.DC01 110
ip route print where connect=yes
Flags: D - DYNAMIC; A - ACTIVE; c, y - COPY
Columns: DST-ADDRESS, GATEWAY, DISTANCE
DST-ADDRESS GATEWAY DISTANCE
DAc 10.10.10.4/30 E1V0102-TRANSIT-CORE01.DC01 0
DAc 10.200.1.1/32 loopback 0
DAc 10.217.0.0/24 ether2 0
DAc 184.105.63.32/29 E1V0002-WAN-HURRICANE-ELECTRIC 0
Core / iBGP neighbor
iip route print
Flags: D - DYNAMIC; A - ACTIVE; c, s, o, d, y - COPY; + - ECMP
Columns: DST-ADDRESS, GATEWAY, DISTANCE
# DST-ADDRESS GATEWAY DISTANCE
DAc 10.10.10.4/30 E1V0102-TRANSIT-EDGER1.DC01 0
DAo 10.200.1.1/32 10.10.10.5%E1V0102-TRANSIT-EDGER1.DC01 110
DAc 10.200.1.3/32 loopback 0
DAc 10.217.0.0/24 ether2 0
As you can see, no routes are being advertised to the iBGP neighbor, I did confirm that the session is established on both ends. If I enable redistribution, it does push all of the routes as expected. I think there is some misconfiguration I made, but don’t see where specifically.
Thanks!
Hi,
as this post doesn’t have an solution posted and I was running into the same problem in two different setups too, here is my solution.
Setup 1: brand new routers, config from scratch, eBGP to iBGP was working as expected (permit-any filter for in/out).
Setup 2: existing router, adding second router, was not working.
You have to add output.redistribute=bgp to your bgp connection config.
Yes, it’s weird that in Setup 1 it’s just working. print detail on the session/connection doesn’t show any details to this flag. And on the other setup it wasn’t. I have configured this now explicit to the connections to avoid further strange default behaviour
output.redistribute=bgp is needed only when redistributing routes from other BGP instances.