BGP route refresh and soft-reconfiguration

-
R1 ---------------------R2



R2(config-router)#do sh ip bgp nei 100.100.12.1
BGP neighbor is 100.100.12.1,  remote AS 100, external link
  BGP version 4, remote router ID 10.10.30.1
  BGP state = Established, up for 00:44:20
  Last read 00:00:20, last write 00:00:20, hold time is 180, keepalive interval is 60 seconds
  Neighbor capabilities:
    Route refresh: advertised and received(old & new)
    Address family IPv4 Unicast: advertised and received
    ......

Without soft-reconfiguration, clear ip bgp * soft command sends Refresh Request, as long as the peer router has Route Refresh capability, it sends back updates with entire BGP table. this command does the same work with command clear ip bgp * in.

R2#debug ip bgp
BGP debugging is on for address family: IPv4 Unicast
R2#debug ip bgp up
BGP updates debugging is on for address family: IPv4 Unicast
R2#
R2#
R2#clear ip bgp * soft
R2#
*Mar  1 00:06:01.987: BGP: 100.100.12.1 sending REFRESH_REQ(5) for afi/safi: 1/1
*Mar  1 00:06:01.987: BGP: 100.100.12.1 send message type 5, length (incl. header) 23
*Mar  1 00:06:02.083: BGP(0): 100.100.12.1 rcvd UPDATE w/ attr: nexthop 100.100.12.1, origin i, metric 0, path 100
*Mar  1 00:06:02.087: BGP(0): 100.100.12.1 rcvd 10.10.3.0/24...duplicate ignored
*Mar  1 00:06:02.087: BGP(0): 100.100.12.1 rcvd 10.10.2.0/24...duplicate ignored
*Mar  1 00:06:02.091: BGP(0): 100.100.12.1 rcvd 10.10.1.0/24...duplicate ignored
*Mar  1 00:06:02.091: BGP(0): 100.100.12.1 rcvd 10.10.0.0/24...duplicate ignored

R2#clear ip bgp 100.100.12.1  in
R2#
*Mar  1 00:53:33.883: BGP: 100.100.12.1 sending REFRESH_REQ(5) for afi/safi: 1/1
*Mar  1 00:53:33.883: BGP: 100.100.12.1 send message type 5, length (incl. header) 23

R2(config)#ip prefix-list INBOUND permit 10.10.0.0/24
R2(config)#ip prefix-list INBOUND permit 10.10.20.0/24

R2(config)#router bgp 200
R2(config-router)#nei 100.100.12.1 prefix-list INBOUND in

R2#sh ip bgp
BGP table version is 5, local router ID is 100.100.12.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*> 10.10.0.0/24     100.100.12.1             0             0 100 i
*> 10.10.10.0/24    100.100.12.1             0             0 100 i
*> 10.10.20.0/24    100.100.12.1             0             0 100 i
*> 10.10.30.0/24    100.100.12.1             0             0 100 I
clear ip bgp * soft  and clear ip bgp * soft request the peer router to re-send BGP table so the new filter can apply on it.

R2#clear ip bgp 100.100.12.1 in
R2#
*Mar  1 00:56:04.899: BGP: 100.100.12.1 sending REFRESH_REQ(5) for afi/safi: 1/1
*Mar  1 00:56:04.899: BGP: 100.100.12.1 send message type 5, length (incl. header) 23
R2#
R2#
R2#sh ip bgp                  
BGP table version is 7, local router ID is 100.100.12.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.10.0.0/24     100.100.12.1             0             0 100 i
*> 10.10.20.0/24    100.100.12.1             0             0 100 i
R2#
R2#

Without soft-reconfiguration, following command doesn't work.

R2#sh ip bgp nei 100.100.12.1 received-routes
% Inbound soft reconfiguration not enabled on 100.100.12.1
When enable soft-reconfiguration, the local router immediately sends out a Refresh Request to get a copy of the peer BGP table and stores it locally.

R2#config t
R2(config)#router bgp 200
R2(config-router)#nei 100.100.12.1 soft-reconfiguration in
R2(config-router)#
R2(config-router)#
R2(config-router)#
*Mar  1 00:57:43.879: BGP: 100.100.12.1 sending REFRESH_REQ(5) for afi/safi: 1/1
*Mar  1 00:57:43.879: BGP: 100.100.12.1 send message type 5, length (incl. header) 23
R2(config-router)#^Z
R2#

With soft-reconfiguration, the following command can display received route from local cached copy.
R2#sh ip bgp nei 100.100.12.1 received-routes
BGP table version is 11, local router ID is 100.100.12.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*> 10.10.0.0/24     100.100.12.1             0             0 100 i
*  10.10.10.0/24    100.100.12.1             0             0 100 i
*> 10.10.20.0/24    100.100.12.1             0             0 100 i
*  10.10.30.0/24    100.100.12.1             0             0 100 i
Total number of prefixes 4
R2#
R2#
R2#sh ip bgp 10.10.0.0/24                        
BGP routing table entry for 10.10.0.0/24, version 11
Paths: (1 available, best #1, table Default-IP-Routing-Table)
  Not advertised to any peer
  100, (received & used)
    100.100.12.1 from 100.100.12.1 (10.10.30.1)
      Origin IGP, metric 0, localpref 100, valid, external, best
The routes didn't pass the filter will be marked as received-only in the BGP table.

R2#sh ip bgp 10.10.10.0/24
BGP routing table entry for 10.10.10.0/24, version 0
Paths: (1 available, no best path)
  Not advertised to any peer
  100, (received-only)
    100.100.12.1 from 100.100.12.1 (10.10.30.1)
      Origin IGP, metric 0, localpref 100, valid, external


With soft-reconfiguration enabled, both commands clear ip bgp x.x.x.x soft and clear ip bgp x.x.x.x in no longer send out Refresh Request, instead, they re-apply policy on the local cached copy of the peer BGP table.

R2#
R2#clear ip bgp 100.100.12.1 soft
R2#
*Mar  1 01:54:39.887: BGP(0): start inbound soft reconfiguration for 100.100.12.1
*Mar  1 01:54:39.887: BGP(0): process 10.10.0.0/24, next hop 100.100.12.1, metric 0 from 100.100.12.1
*Mar  1 01:54:39.887: BGP(0): No inbound policy. Prefix 10.10.0.0/24 accepted unconditionally
*Mar  1 01:54:39.891: BGP(0): process 10.10.10.0/24, next hop 100.100.12.1, metric 0 from 100.100.12.1
*Mar  1 01:54:39.891: BGP(0): Prefix 10.10.10.0/24 rejected by inbound distribute/prefix-list.
*Mar  1 01:54:39.891: BGP(0): update denied
*Mar  1 01:54:39.895: BGP(0): process 10.10.20.0/24, next hop 100.100.12.1, metric 0 from 100.100.12.1
R2#
*Mar  1 01:54:39.895: BGP(0): No inbound policy. Prefix 10.10.20.0/24 accepted unconditionally
*Mar  1 01:54:39.895: BGP(0): process 10.10.30.0/24, next hop 100.100.12.1, metric 0 from 100.100.12.1
*Mar  1 01:54:39.899: BGP(0): Prefix 10.10.30.0/24 rejected by inbound distribute/prefix-list.
*Mar  1 01:54:39.899: BGP(0): update denied
*Mar  1 01:54:39.899: BGP(0): complete inbound soft reconfiguration, ran for 12ms
R2#
R2#
R2#clear ip bgp 100.100.12.1 in
R2#
*Mar  1 02:02:35.891: BGP(0): start inbound soft reconfiguration for 100.100.12.1
*Mar  1 02:02:35.891: BGP(0): process 10.10.0.0/24, next hop 100.100.12.1, metric 0 from 100.100.12.1
*Mar  1 02:02:35.891: BGP(0): No inbound policy. Prefix 10.10.0.0/24 accepted unconditionally
*Mar  1 02:02:35.895: BGP(0): process 10.10.10.0/24, next hop 100.100.12.1, metric 0 from 100.100.12.1
*Mar  1 02:02:35.895: BGP(0): Prefix 10.10.10.0/24 rejected by inbound distribute/prefix-list.
*Mar  1 02:02:35.895: BGP(0): update denied
*Mar  1 02:02:35.899: BGP(0): process 10.10.20.0/24, next hop 100.100.12.1, metric 0 from 100.100.12.1
*Mar  1 02:02:35.899: BGP(0): No inbound policy. Prefix 10.10.20.0/24 accepted unconditionally
*Mar  1 02:02:35.899: BGP(0): process 10.10.30.0/24, next hop 100.100.12.1, metric 0 from 100.100.12.1
*Mar  1 02:02:35.903: BGP(0): Prefix 10.10.30.0/24 rejected by inbound distribute/prefix-list.
*Mar  1 02:02:35.903: BGP(0): update denied
*Mar  1 02:02:35.903: BGP(0): complete inbound soft reconfiguration, ran for 12ms
R2#

So, when the router has Route Refresh capability, the only benefit to enable soft-reconfiguration is to use following command:
show ip bgp nei x.x.x.x received-routes

However, without soft-reconfiguration, issue the following command also display the received routes:

R2#sh ip bgp nei 100.100.12.1 received-routes
% Inbound soft reconfiguration not enabled on 100.100.12.1
R2#

R2#sh ip bgp nei 100.100.12.1 route
BGP table version is 5, local router ID is 100.100.12.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*> 10.10.0.0/24     100.100.12.1             0             0 100 i
*> 10.10.1.0/24     100.100.12.1             0             0 100 i
*> 10.10.2.0/24     100.100.12.1             0             0 100 i
*> 10.10.3.0/24     100.100.12.1             0             0 100 i
Total number of prefixes 4
R2#

Comments

Post a Comment

Popular posts from this blog

Firepower FMC and FTD troubleshooting

-
 1. Display real time log on FMC or FTD: pigtail for example: pigtail | grep 192.168.2.20                      pigtail | grep sftunnel 2. Restart communication channel manage_procs.pl run it from  the sensor only, run it from FMC will reset all sensors' channel. This scripts are nice to be used when the FMC and FTD have communication problems like heartbeats are not received, policy deployment is failing or events are not received > expert ************************************************************** NOTICE - Shell access will be deprecated in future releases          and will be replaced with a separate expert mode CLI. ************************************************************** admin@FTD:~$ sudo su Password: root@FTD:/home/admin# manage_procs.pl ****************  Configuration Utility  **************  1   Reconfigure Correlator  2   Reconfigure and flush Correlator  3    Restart Comm. channel  4   Update routes  5   Reset all routes  6   Validate Network  0   Exit *****
Read more

ASA IKEv1 VPN troubleshooting Steps and Tips

-
  1. Phase I proposal mismatch  Run show crypto isakmp sa  Initiator: MM_WAIT_MSG2 Responder: No info  Most likely this is phase1 proposal mismatch, verify IKEv1 policy, other symptoms:   Initiator log: Information Exchange processing failed All configured IKE versions failed to establish the tunnel Initiator debug: Received an un-encrypted NO_PROPOSAL_CHOSEN notify message, dropping Responder log: Error processing payload: Payload ID Responder debug:  All SA proposals found unacceptable 2. IKE version mismatch:  Run  show crypto isakmp sa  no info at both initiator and responder Initiator log: Removing peer from correlator table failed, no match! Reason: User Requested  All configured IKE versions failed to establish the tunnel Initiator debug: Oakley begin quick mode PHASE 1 COMPLETED IKE Initiator sending 1st QM pkt Removing peer from correlator table failed, no match! Session is being torn down. Reason: User Requested Responder log: Tunnel Rejected: Conflicting protocols specified
Read more

Firepower 2100/1100 FTD/ASA initial setup, reimage, upgrade.

-
  Chassis FXOS and FTD share same management IP (default 192.168.45.45) Chassis FXOS (192.168.45.45) and ASA ()use different management IP although on same physical interface. SSH to FXOS/FTD are on FTD CLI prompt, go to FXOS using the  connect fxos  command Console to Chassis is on FXOS CLI prompt, go to FTD using the  connect ftd  command The Firepower 1100 does not support the FXOS Firepower Chassis Manager; only a limited CLI is supported for troubleshooting purposes. The Firepower 2100 runs an underlying operating system called the Firepower eXtensible Operating System (FXOS).  If you run ASA on Firepower 2100, ASA can be in the following modes: Appliance mode (the default after ASA 9.13)—Appliance mode lets you configure all settings in the ASA. Only advanced troubleshooting commands are available from the FXOS CLI. See the  FXOS troubleshooting guide  for more information. Firepower Chassis Manager is not supported . ciscoasa# connect fxos [admin] Connecting to fxos. Connected
Read more