Page 1 of 1

CCR BGP Full Route Problem

Posted: Thu Aug 15, 2013 7:33 pm
by icsmainman
I have a CCR Router that has been receiving default route only from upstream BGP Peer. I run OSFP Internally and redistribute default route. Everything has worked great for 3 months. I recently requested my upstream provider send me FULL ROUTES.

When this happens I see the prefixes coming in, during this time everything still works, however after the prefixes are loaded... Approx. 450K, I lose connectivity from my internal network to the outside world. I can access the outside world directly from the CCR however the CCR will not pass any data that originates internally to the outside.

Anyone have any ideas? Here is my BGP.


0 * name="default" as=16127 router-id=199.193.220.1 redistribute-connected=yes
redistribute-static=no redistribute-rip=no redistribute-ospf=no
redistribute-other-bgp=no out-filter="" client-to-client-reflection=yes
ignore-as-path-len=no routing-table=""


# INSTANCE REMOTE-ADDRESS REMOTE-AS
0 E default 64.132.229.117 4323



Thanks in advance

Re: CCR BGP Full Route Problem

Posted: Fri Aug 16, 2013 4:05 am
by joshaven
Are your advertisements being received properly by your upline?

Re: CCR BGP Full Route Problem

Posted: Mon Aug 19, 2013 12:18 pm
by mrz
Please contact support with supout file.

Re: CCR BGP Full Route Problem

Posted: Mon Aug 19, 2013 1:02 pm
by raz
Show us your IP Prefixes and setup some out Filters...

Re: CCR BGP Full Route Problem

Posted: Mon Aug 19, 2013 6:18 pm
by icsmainman
Yes advertisements are going out.

PEER PREFIX NEXTHOP AS-PATH ORIGIN LOCAL-PREF
TWTel... 24.153.242.0/23 64.132.229.118 incomplete
TWTel... 192.171.116.0/22 64.132.229.118 incomplete
TWTel... 199.193.216.0/21 64.132.229.118 incomplete
TWTel... 173.226.142.0/23 64.132.229.118 incomplete



I have my filters as follows.
1 ;;; ALLOW 199.193.216.0/21 TO BE ADVETISED IF IT IS BIGGER OR EQUAL TO /24
chain=ADVERTISE-OUT prefix=199.193.216.0/21 prefix-length=21-24
invert-match=no action=accept set-bgp-prepend-path=""

2 ;;; ALLOW 192.171.116.0/22 TO BE ADVETISED IF IT IS BIGGER OR EQUAL TO /24
chain=ADVERTISE-OUT prefix=192.171.116.0/22 prefix-length=22-24
invert-match=no action=accept set-bgp-prepend-path=""

3 ;;; ALLOW 24.153.242.0/23 TO BE ADVETISED IF IT IS BIGGER OR EQUAL TO /24
chain=ADVERTISE-OUT prefix=24.153.242.0/23 prefix-length=23-24
invert-match=no action=accept set-bgp-prepend-path=""

4 ;;; ALLOW 173.226.142.0/23 TO BE ADVETISED IF IT IS BIGGER OR EQUAL TO /24
chain=ADVERTISE-OUT prefix=173.226.142.0/23 prefix-length=23-24
invert-match=no action=accept set-bgp-prepend-path=""

5 ;;; BLOCK ALL OTHER BGP ADVERTISMENTS
chain=ADVERTISE-OUT invert-match=no action=discard set-bgp-prepend-path=""



The funny thing is, I can ping from the router to the outside world. I can even ping from internal network to router, however the router will not pass data that originates internally to outside world.

Re: CCR BGP Full Route Problem

Posted: Tue Aug 20, 2013 9:52 am
by raz
Your Prefixes are visible to the Internet: http://bgp.he.net/AS16887#_prefixes

What says /ip address print?

Yours have to look like this, if you're going to use a /24
/ip address
add address=199.193.216.1/21 interface=ether1 network=199.193.216.0
...
And Transfernet(!)
add address=22.22.220.90/30 interface=uplink(VLAN) network=\
    22.22.220.88
/routing bgp network
add network=199.193.216.1/21 synchronize=no
/routing bgp peer
add disabled=yes name=YOUR_ISP out-filter=NAME_OF_FILTER-v4 remote-address=\
    REMOTE_ROUTER_IP remote-as=4323
/routing filter
add action=accept chain=NAME_OF_FILTER-v4 prefix=199.193.216.1/21
add action=discard chain=NAME_OF_FILTER-v4 prefix=0.0.0.0 prefix-length=\
    0-32
/routing prefix-lists
add chain=NAME_OF_FILTER-v4 prefix=199.193.216.1/21 prefix-length=21
Here a traceroute from me via Level3 to your Network, the last Hop is lost...
traceroute to 199.193.216.1 (199.193.216.1), 30 hops max, 60 byte packets
 1  gateway  0.119 ms  0.142 ms  0.158 ms
 2  router  0.322 ms  0.331 ms  0.332 ms
 3  ******.Frankfurt1.Level3.net (**********)  57.663 ms  57.668 ms  57.675 ms
 4  vlan60.csw1.Frankfurt1.Level3.net (4.69.154.62)  90.657 ms  90.906 ms  90.906 ms
 5  ae-61-61.ebr1.Frankfurt1.Level3.net (4.69.140.1)  88.044 ms  88.045 ms  88.046 ms
 6  ae-47-47.ebr2.Paris1.Level3.net (4.69.143.142)  88.037 ms  87.791 ms  87.778 ms
 7  ae-42-42.ebr2.Washington1.Level3.net (4.69.137.54)  88.057 ms  88.062 ms  88.052 ms
 8  ae-62-62.csw1.Washington1.Level3.net (4.69.134.146)  91.694 ms  89.445 ms  89.433 ms
 9  ae-1-60.edge2.Washington4.Level3.net (4.69.149.16)  87.958 ms  87.941 ms  87.962 ms
10  TWTC-level3-1x10G.Washington.Level3.net (4.53.114.10)  89.372 ms  89.379 ms  89.320 ms
11  sat1-ar4-ge-1-0-0-0.us.twtelecom.net (66.192.241.166)  139.582 ms  134.340 ms  134.331 ms
12  64.132.229.118 (64.132.229.118)  129.688 ms !H  129.697 ms !H  129.692 ms !H

Re: CCR BGP Full Route Problem

Posted: Thu Aug 22, 2013 10:49 am
by szastan
do you redistribute default route in your OSPF instance?

Redistribute Default Route = always (as type 1)

Re: CCR BGP Full Route Problem

Posted: Sat Aug 24, 2013 11:39 pm
by IPANetEngineer
Are you taking a full table + default or just a full table?

If you're redistributing a default route via OSPF and you didn't request a default with the full table, then you have no default to redistribute to the LAN side. You either need to request a default from the provider in addition to the full table or add this on the BGP router:

ros code

/routing ospf instance
set [ find default=yes ] distribute-default=always-as-type-2