>> >A) look at bgpd -nv output and check if the filter rules make sense.
>> They look fine, only filter rules on core2b are affected and they look
>> like this:
>> match from 159.148.214.101 set { prepend-neighbor 3 }
>> match to 159.148.214.101 set { prepend-self 3 }
>> deny from any
>> allow from any inet prefixlen 8 - 24
>> deny from any prefix 10.0.0.0/8 prefixlen >= 8
>> deny from any prefix 172.16.0.0/12 prefixlen >= 12
>> deny from any prefix 192.168.0.0/16 prefixlen >= 16
>> deny from any prefix 169.254.0.0/16 prefixlen >= 16
>> deny from any prefix 192.0.2.0/24 prefixlen >= 24
>> deny from any prefix 224.0.0.0/4 prefixlen >= 4
>> deny from any prefix 240.0.0.0/4 prefixlen >= 4
>>
>>
>> >B) use "bgpctl show rib nei latnet out" to see what prefixes you are
>> >actually sending to the other side.
>> This is actually weird, primary router has only our network, but
>> secondary has all networks, but I'm not sure if it should be like that:
>>
>> # core2a
>> flags: * = Valid, > = Selected, I = via IBGP, A = Announced
>> origin: i = IGP, e = EGP, ? = Incomplete
>>
>> flags destination gateway lpref med aspath origin
>> AI*> 194.143.152.0/23 0.0.0.0 100 0 i
>>
>> # core2b:
>> flags: * = Valid, > = Selected, I = via IBGP, A = Announced
>> origin: i = IGP, e = EGP, ? = Incomplete
>>
>> flags destination gateway lpref med aspath origin
>> I*> 31.24.192.0/21 159.148.214.101 100 0 21178 21178 21178
>> 2588 42480 8194 i
>> I*> 31.170.16.0/21 159.148.214.101 100 0 21178 21178 21178
>> 2588 42480 5518 49191 i
>> ... [skip] ...
>> I*> 194.143.152.0/23 159.148.214.98 100 0 21178 21178 21178 i
>> ... [skip] ...
>> I*> 217.198.224.0/20 159.148.214.101 100 0 21178 21178 21178
>> 2588 42480 20910 i
>> I*> 217.199.96.0/19 159.148.214.101 100 0 21178 21178 21178
>> 2588 42480 20797 20797 20797 20797 i
>>
>I'm not surprised. You must use filter to limit the networks you announce
>when using announce all. So at least a deny to any and an allow to any
>prefix 194.143.152.0/23 rule is needed.
Thanks Claudio, I've added these filters to my rules, now both my
routers announce only my network to the upstream:
# core2a:
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete
flags destination gateway lpref med aspath origin
AI*> 194.143.152.0/23 0.0.0.0 100 0 i
# core2b:
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete
flags destination gateway lpref med aspath origin
I*> 194.143.152.0/23 159.148.214.98 100 0 21178 21178 21178 i
Now, to test everything again, I removed any prepend-self and
prepend-neighbor settings on secondary router and added them to primary
router. After doing that and reloading BGPD, everything seems to be
fine:
# core2a:
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete
flags destination gateway lpref med aspath origin
AI*> 194.143.152.0/23 0.0.0.0 100 0 21178 i
# core2b:
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete
flags destination gateway lpref med aspath origin
I*> 194.143.152.0/23 159.148.214.98 100 0 i
Yet my upstream still prefers core2a as correct route to our network. I
noticed, that only core2a networks have "announced" flag, is that right?
Any other ideas what could be wrong?
Thanks,
Peter
