Press "Enter" to skip to content

BGP Routes – Cisco

Last updated on January 4, 2019

        Okay the issue i'm having at the moment is i've got a server stack connected to a switch. The switch is then connected to a router. That switch/router combo has been used and tested numerous times.
Now this router connects to another router via a BGP peer which then connects into the wider area network, sharing 200 or so BGP routes. So R1 which is connected to my server stack can ping all the way through the network to any address it wishes to. However the server stack behind it cannot ping out. It can ping the local router interface, and the router interface connecting R1 to R2...but heres the strange part, it cannot ping the connection on R2. So to clarify it can ping 25.231.34.106 which is R1 g0/0 but cannot ping 25.231.34.105 which is R2 g0/0. It also cannot ping further into the WAN. This is really throwing me at the moment and i'm convinced the config is correct. Below is some excerpts.
router bgp 65001  
 network 25.141.156.0 mask 255.255.252.0  
 neighbor 25.231.34.105 remote-as 65677  
 neighbor 25.231.34.105 filter-list 150 out

as-path access-list permit ^$

ip route 0.0.0.0 0.0.0.0 25.231.34.105  
ip route 25.141.156.0 255.255.252.0 25.141.156.6 - Note .6 is the switch vlan.
To clarify, R1 has a full BGP routing table so connectivity from R1 to R2 is fine, it's just allowing my server stack and clients out through R1 that's the issue! I've used this config before and it has worked so i'm struggling to see what's causing this problem. Any advice or guidance?
    Current configuration : 15583 bytes

version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
no service password-recovery
!
hostname Router1
!
boot-start-marker
boot-end-marker
!
!
no logging console
!
!
!
!
!
!
aaa session-id common
clock timezone GMT 0 0
!
no ipv6 cef
no ip source-route
no ip gratuitous-arps
ip cef
!
!
!
!
!
no ip bootp server
no ip domain lookup
ip domain name example.net
multilink bundle-name authenticated
!
!
!
!
ip ssh version 2
ip scp server enable
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 duplex full
 speed 100
 no mop enabled
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 8.2.156.1 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 8.2.156.98 255.255.255.192
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface GigabitEthernet0/0.70
 encapsulation dot1Q 70
 ip address 8.2.156.9 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface GigabitEthernet0/0.80
 encapsulation dot1Q 80
 ip address 8.2.156.22 255.255.255.248 secondary
 ip address 8.2.156.18 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface GigabitEthernet0/0.210
 encapsulation dot1Q 210
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface GigabitEthernet0/0.301
 encapsulation dot1Q 301
 ip address 8.2.157.129 255.255.255.240
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface GigabitEthernet0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1400
 ip tcp adjust-mss 1360
 duplex auto
 speed auto
 no mop enabled
!
interface GigabitEthernet0/0/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 duplex auto
 speed auto
 no mop enabled
!
interface GigabitEthernet0/1/0
 ip address 77.5.34.106 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip tcp adjust-mss 1300
 duplex full
 speed 100
 media-type sfp
 no cdp enable
 no mop enabled
!
interface GigabitEthernet0/1/0
 ip address 77.5.34.106 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip tcp adjust-mss 1300
 duplex full
 speed 100
 media-type sfp
 no cdp enable
 no mop enabled
!
router bgp 64729
 bgp log-neighbor-changes
 network 8.2.156.0 mask 255.255.252.0
 neighbor 77.5.34.105 remote-as 64613
 neighbor 77.5.34.105 filter-list 150 out
!
ip forward-protocol nd
!
ip as-path access-list 150 permit ^$
no ip http server
ip http access-class 80
ip http authentication aaa
ip http secure-server
ip http secure-port 8443
!
ip route 0.0.0.0 0.0.0.0 77.5.34.105
ip route 8.2.156.0 255.255.252.0 8.2.156.6
ip tacacs source-interface GigabitEthernet0/0.20
!

access-list 8 permit 8.2.157.9
access-list 8 permit 8.2.157.10
access-list 8 permit 25.146.194.24
access-list 8 permit 8.2.157.128 0.0.0.15
access-list 8 deny   any log
access-list 80 permit 8.2.157.9
access-list 80 permit 8.2.157.10
access-list 80 permit 8.2.157.25
access-list 80 permit 8.2.156.130
access-list 80 permit 25.144.90.13
access-list 80 permit 25.144.90.12
access-list 80 permit 25.144.90.51
access-list 80 permit 25.144.90.50
access-list 80 permit 25.144.85.32 0.0.0.31
access-list 80 permit 25.144.101.32 0.0.0.31
access-list 80 permit 25.144.92.32 0.0.0.31
access-list 80 permit 25.149.202.128 0.0.0.127
access-list 80 permit 25.144.108.32 0.0.0.31
access-list 80 permit 25.149.181.128 0.0.0.127
access-list 80 deny   any log
access-list 110 permit tcp host 8.2.157.9 any eq 22
access-list 110 permit tcp host 8.2.157.10 any eq 22
access-list 110 permit tcp host 8.2.157.25 any eq 22
access-list 110 permit tcp host 8.2.156.130 any eq 22
access-list 110 permit tcp 8.2.157.128 0.0.0.15 any eq 22
access-list 110 permit tcp host 25.146.194.24 any eq 22
access-list 110 permit tcp 25.144.85.32 0.0.0.31 any eq 22
access-list 110 permit tcp 25.144.101.32 0.0.0.31 any eq 22
access-list 110 permit tcp 25.144.92.32 0.0.0.31 any eq 22
access-list 110 permit tcp 25.149.202.128 0.0.0.127 any eq 22
access-list 110 permit tcp 25.144.108.32 0.0.0.31 any eq 22
access-list 110 permit tcp 25.149.181.128 0.0.0.127 any eq 22
access-list 110 permit tcp host 25.144.90.12 any eq 22
access-list 110 permit tcp host 25.144.90.13 any eq 22
access-list 110 permit tcp host 25.144.90.50 any eq 22
access-list 110 permit tcp host 25.144.90.51 any eq 22
access-list 110 deny   ip any any log
BGP Fault

Be First to Comment

Leave a Reply

%d bloggers like this: