1. Home
  2. Cisco Systems
  3. Hunting a BGP advertisement leak ...

Hunting a BGP advertisement leak ...

Hi *,

this one is driving me nuts ...

We have internal MPLS VPN Networks set up that work fine ... one of the routers involved in routing the VPNs internally through our backbone is also involved in peering/uplink with other ASNs. The IPs used in the MPLS VPN are RFC IPs from the 10/8 range.

Somehow, two of the networks get advertised to the outside ... two out of 5 ... for the last couple days I have been trying to locate how or where, but have not been able to locate the leak ...

The peerings and uplinks have prefix filters in place that - according to the router output - seem to work fine ("show ip bgp nei x.x.x.x adv" does not list the prefixes, "show ip bgp 10.x.0.0/24" says they are not advertised to any peer). I did the "show .. adv" output for ALL peering and uplink partners, but none showed the networks in question ...

What other way is there to locate the origin of this leak???

Tnx!

Reply to
Garry
Loading thread data ...

Find out what is the "next-hop" vaule of the network you're advertising but do not want to. Then, you will know which router is leaking since when passing a prefix to EBGP peer, router puts it's interface address as the next-hop address.

It's kind of hard to comment not seeing the picture. If you could add some more details, it would be great. (show ip bgp outputs, sh run, ...).

Reply to
Ivan Ostreš

OK, we basically have two routers that do our external connectivity via uplinks and peerings ... one doesn't get the prefixes at all ("show ip bgp" doesn't have the route, though the router does still get the route via OSPF). The other receives the prefixes both via OSPF and BGP, though

- as written before - "show ip bgp nei ... adv" will not list it on ANY neighbor as being advertised ... this router lists the net with next hop of the other router of course -- but as that router does no have any EBGP connections, it can't advertise it to any peers or uplinks ...

Is there any other way a prefix might be advertised to a peer without it being shown on the "show ip bgp nei ... adv" output?

Also, I still don't understand why two nets would be advertised, while another three nets that are used and configured exactly identical (AFAICT) are not advertised?

show ip bgp only lists the IBGP connection to the originating router (DSL router for customer connections), not for any external connection ... sh run is about 80k long ... ;)

Tnx ..

Reply to
Garry

It's possible that you're running in a bug. I've seen similar stuff before but was not able to find bugID for that. Please look at bugTrack tool at CCO. If I were you, I would open a TAC case since some bugs are hidden (mostly found internally).

Hm.. yeah, that was a thing that could have been expected :-). Sorry I was not able to help more.

Reply to
Ivan Ostreš

As Ivan has stated this may be a bug but I would ask your peer to check what routes they have recieved from you on the BGP neighborship prior to raising the TAC. i.e. if you can not see the advert and they can there is definately a bug. If they cant see it in the BGP they should be able to identify why they are routing a certain network to you. Static etc.

Toby

Reply to
Toby

Another thing you can do is turn on "debug ip bgp" and then "clear ip bgp ". The debugging messages should show whether you're actually advertising the network.

Reply to
Barry Margolin

Tried that, but the debug output didn't show any advertisements ... neither the 10/8 subnets, nor the regular ones ... !?

-gg

Reply to
Cisco Fan

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.