No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Multihomed NE40E readvertises internet BGP updates to ISPs, BGP peers (ISPs) on NE40E are flapping between idle and established state

Publication Date:  2012-07-27 Views:  83 Downloads:  0
Issue Description
Network Overview:

NE40E-x3 -------------------GigabitEthernet3/0/0-------------------------- ISP1
-------------------GigabitEthernet3/0/2-------------------------- ISP 2

Phenomenon Description:

It's found that the NE40E cannot establish stable peer realtionships with ISP 1 and ISP 2, however BGP is configured properly on NE40E, physical links to both ISPs are up and stable, the IPs of ISP 1 and 2 are pingable from NE40E.
Alarm Information
log messages showing the BGP states flapping between idle and established state for both ISP 1 and ISP 2
Handling Process
1. Checking the interfaces status of NE40E to both ISPs, and found that they are always up:

display interface GigabitEthernet3/0/0
GigabitEthernet3/0/0 current state : UP
Line protocol current state : UP

display interface GigabitEthernet3/0/2
GigabitEthernet3/0/0 current state : UP
Line protocol current state : UP

2. Pinging the IPs of both ISPs from NE40E and the result was successful.

3. A filter policy is configured on NE40E BGP configuration to allow only the local public networks to be sent to ISPs, and prevent any other updates:

A. Configuring the acl list which includes the local public networks to be allowed to be sent in the BGP updates:
acl number 2020
rule 10 permit source 201.140.105.245 0
rule 20 permit source 201.140.105.246 0
rule 30 permit source 201.140.105.247 0
rule 40 permit source 201.140.105.248 0
rule 50 permit source 201.140.105.249 0
rule 60 permit source 201.140.105.250 0

B. Configuring the BGP filter policy with acl 2020:
bgp AS-number
filter-policy 2020 export
Root Cause
It's found that the NE40E is multihomed to two different ISPs and cannot be a transit router between the two ISPs, in other words, ISP1 shouldn't reach the internet routes through the NE40E, then ISP 2, and the same applicable for ISP2.

Each ISP router terminates the BGP session to NE40 when receiveing the same internet routing updates from NE40(the updates coming from the other ISP connected to the same NE40).

The soultion was to configure a BGP filter policy to allow specific networks (local public network) which belongs to NE40E to be sent to ISPs and to deny any other BGP updates.
Suggestions
When configuring a multihomed CE (in the case is NE40E), it's recommended to configure a route filter using filter policy for the BGP updates sent not to make the CE a transit router.

END