Mailing List Archive: MLXe BGP Next Hop Not Reachable

MLXe BGP Next Hop Not Reachable

james at atlanticmetro

Aug 30, 2016, 5:10 AM

Post #1 of 8 (2519 views)

Hello,

Came across a strange issue that I could use a second set of eyes on.

Have an MLXe8 router with 5.6e running. Customer BGP session is up and
we're receiving the route they're advertising, but BGP thinks the next-hop
is unreachable and not accepting the route. Its not even getting to the
point of processing any prefix-lists or route-maps.

SSH@router#show ip bgp neigh 10.60.154.210 received-routes detail
There are 1 received routes from neighbor 10.60.154.210
Searching for matching routes, use ^C to quit...
Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED
E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH m:NOT-INSTALLED-MULTIPATH
S:SUPPRESSED F:FILTERED s:STALE
1 Prefix: 10.60.158.0/26, Status: EF, Age: 0h0m12s
NEXT_HOP: 10.60.154.210, Not Reachable, Learned from Peer:
10.60.154.210 (64585)
LOCAL_PREF: 100, MED: 0, ORIGIN: igp, Weight: 0
AS_PATH: 64585

interface ve 170
ip address 10.60.154.209/29
!

neighbor CUSTOMER-ABC peer-group
neighbor CUSTOMER-ABC remote-as 64585
neighbor CUSTOMER-ABC soft-reconfiguration inbound
neighbor CUSTOMER-ABC default-originate
neighbor CUSTOMER-ABC route-map in CUSTOMER-NOEXPORT-in
neighbor CUSTOMER-ABC route-map out DEFAULT-ONLY
neighbor 10.60.154.210 peer-group CUSTOMER-ABC

Tried the usual suspects of removing the interconnect /29 from the ve and
re-applying, rebuilding the BGP session, bouncing it many times, etc.
Session is up..ping communication works fine.

--

*James Cornman*

jcornman@atlanticmetro.net
212.792.9950 - ext 101

*Atlantic Metro Communications*

*4 Century Drive, Parsippany NJ 07054*

*Colocation â€¢ Cloud Hosting â€¢ Network Connectivity â€¢ Managed Services*
Follow us on Twitter: @atlanticmetro <https://twitter.com/atlanticmetro> *â€¢
Like us on Facebook <https://www.facebook.com/atlanticmetro>*
www.atlanticmetro.net

Re: MLXe BGP Next Hop Not Reachable [ In reply to ]

Aug 30, 2016, 5:19 AM

Post #2 of 8 (2510 views)

Dear James,

Silly question : why a /29 IP interconnect and not a /30 ? Have you tried
changing that ?

Best regards.

2016-08-30 14:10 GMT+02:00 James Cornman <james@atlanticmetro.net>:

> Hello,
>
> Came across a strange issue that I could use a second set of eyes on.
>
> Have an MLXe8 router with 5.6e running. Customer BGP session is up and
> we're receiving the route they're advertising, but BGP thinks the next-hop
> is unreachable and not accepting the route. Its not even getting to the
> point of processing any prefix-lists or route-maps.
>
>
> SSH@router#show ip bgp neigh 10.60.154.210 received-routes detail
> There are 1 received routes from neighbor 10.60.154.210
> Searching for matching routes, use ^C to quit...
> Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED
> E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH
> m:NOT-INSTALLED-MULTIPATH
> S:SUPPRESSED F:FILTERED s:STALE
> 1 Prefix: 10.60.158.0/26, Status: EF, Age: 0h0m12s
> NEXT_HOP: 10.60.154.210, Not Reachable, Learned from Peer:
> 10.60.154.210 (64585)
> LOCAL_PREF: 100, MED: 0, ORIGIN: igp, Weight: 0
> AS_PATH: 64585
>
>
> interface ve 170
> ip address 10.60.154.209/29
> !
>
> neighbor CUSTOMER-ABC peer-group
> neighbor CUSTOMER-ABC remote-as 64585
> neighbor CUSTOMER-ABC soft-reconfiguration inbound
> neighbor CUSTOMER-ABC default-originate
> neighbor CUSTOMER-ABC route-map in CUSTOMER-NOEXPORT-in
> neighbor CUSTOMER-ABC route-map out DEFAULT-ONLY
> neighbor 10.60.154.210 peer-group CUSTOMER-ABC
>
> Tried the usual suspects of removing the interconnect /29 from the ve and
> re-applying, rebuilding the BGP session, bouncing it many times, etc.
> Session is up..ping communication works fine.
>
>
>
> --
>
> *James Cornman*
>
> jcornman@atlanticmetro.net
> 212.792.9950 - ext 101
>
> *Atlantic Metro Communications*
>
> *4 Century Drive, Parsippany NJ 07054*
>
>
> *Colocation â€¢ Cloud Hosting â€¢ Network Connectivity â€¢ Managed Services*
> Follow us on Twitter: @atlanticmetro <https://twitter.com/atlanticmetro> *â€¢
> Like us on Facebook <https://www.facebook.com/atlanticmetro>*
> www.atlanticmetro.net
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>

--
Youssef BENGELLOUN-ZAHR

Re: MLXe BGP Next Hop Not Reachable [ In reply to ]

boards188 at gmail

Aug 30, 2016, 6:01 AM

Post #3 of 8 (2511 views)

And another silly question; I assume you have checked your system max
variables? There used to be an issue where system max for the route table
was set to 205k, IIRC?

Jason K Pope
214.566.8527
boards188@gmail.com

On Tue, Aug 30, 2016 at 7:10 AM, James Cornman <james@atlanticmetro.net>
wrote:

> Hello,
>
> Came across a strange issue that I could use a second set of eyes on.
>
> Have an MLXe8 router with 5.6e running. Customer BGP session is up and
> we're receiving the route they're advertising, but BGP thinks the next-hop
> is unreachable and not accepting the route. Its not even getting to the
> point of processing any prefix-lists or route-maps.
>
>
> SSH@router#show ip bgp neigh 10.60.154.210 received-routes detail
> There are 1 received routes from neighbor 10.60.154.210
> Searching for matching routes, use ^C to quit...
> Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED
> E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH
> m:NOT-INSTALLED-MULTIPATH
> S:SUPPRESSED F:FILTERED s:STALE
> 1 Prefix: 10.60.158.0/26, Status: EF, Age: 0h0m12s
> NEXT_HOP: 10.60.154.210, Not Reachable, Learned from Peer:
> 10.60.154.210 (64585)
> LOCAL_PREF: 100, MED: 0, ORIGIN: igp, Weight: 0
> AS_PATH: 64585
>
>
> interface ve 170
> ip address 10.60.154.209/29
> !
>
> neighbor CUSTOMER-ABC peer-group
> neighbor CUSTOMER-ABC remote-as 64585
> neighbor CUSTOMER-ABC soft-reconfiguration inbound
> neighbor CUSTOMER-ABC default-originate
> neighbor CUSTOMER-ABC route-map in CUSTOMER-NOEXPORT-in
> neighbor CUSTOMER-ABC route-map out DEFAULT-ONLY
> neighbor 10.60.154.210 peer-group CUSTOMER-ABC
>
> Tried the usual suspects of removing the interconnect /29 from the ve and
> re-applying, rebuilding the BGP session, bouncing it many times, etc.
> Session is up..ping communication works fine.
>
>
>
> --
>
> *James Cornman*
>
> jcornman@atlanticmetro.net
> 212.792.9950 - ext 101
>
> *Atlantic Metro Communications*
>
> *4 Century Drive, Parsippany NJ 07054*
>
>
> *Colocation â€¢ Cloud Hosting â€¢ Network Connectivity â€¢ Managed Services*
> Follow us on Twitter: @atlanticmetro <https://twitter.com/atlanticmetro> *â€¢
> Like us on Facebook <https://www.facebook.com/atlanticmetro>*
> www.atlanticmetro.net
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>

Re: MLXe BGP Next Hop Not Reachable [ In reply to ]

james at atlanticmetro

Aug 30, 2016, 6:19 AM

Post #4 of 8 (2511 views)

Silly question : why a /29 IP interconnect and not a /30 ? Have you tried
changing that ?

There are other routers in the works for the future and other static hosts
in the subnet that are unrelated

> --
>
> *James Cornman*
>
> jcornman@atlanticmetro.net
> 212.792.9950 - ext 101
>
> *Atlantic Metro Communications*
>
> *4 Century Drive, Parsippany NJ 07054*
>
>
> *Colocation â€¢ Cloud Hosting â€¢ Network Connectivity â€¢ Managed Services*
> Follow us on Twitter: @atlanticmetro <https://twitter.com/atlanticmetro> *â€¢
> Like us on Facebook <https://www.facebook.com/atlanticmetro>*
> www.atlanticmetro.net
>

Re: MLXe BGP Next Hop Not Reachable [ In reply to ]

james at atlanticmetro

Aug 30, 2016, 6:21 AM

Post #5 of 8 (2514 views)

And another silly question; I assume you have checked your system max
variables? There used to be an issue where system max for the route table
was set to 205k, IIRC?

Yes indeed. Many other customer sessions on this router. we have it set to
1million routes

> --
>
> *James Cornman*
>
> jcornman@atlanticmetro.net
> 212.792.9950 - ext 101
>
> *Atlantic Metro Communications*
>
> *4 Century Drive, Parsippany NJ 07054*
>
>
> *Colocation â€¢ Cloud Hosting â€¢ Network Connectivity â€¢ Managed Services*
> Follow us on Twitter: @atlanticmetro <https://twitter.com/atlanticmetro> *â€¢
> Like us on Facebook <https://www.facebook.com/atlanticmetro>*
> www.atlanticmetro.net
>

Re: MLXe BGP Next Hop Not Reachable [ In reply to ]

georgeb at gmail

Aug 30, 2016, 7:42 AM

Post #6 of 8 (2507 views)

Any chance that customer subnet 10.60.154.209/29 is included in a black
hole or static route someplace? Is this a new connection or one that was
working and has stopped working? If it is a new connection, check to see
if that network range was previously black-holed (routed to NULL) or
something like that.

On Tue, Aug 30, 2016 at 6:21 AM, James Cornman <james@atlanticmetro.net>
wrote:

>
> And another silly question; I assume you have checked your system max
> variables? There used to be an issue where system max for the route table
> was set to 205k, IIRC?
>
>
> Yes indeed. Many other customer sessions on this router. we have it set to
> 1million routes
>
>
>> --
>>
>> *James Cornman*
>>
>> jcornman@atlanticmetro.net
>> 212.792.9950 - ext 101
>>
>> *Atlantic Metro Communications*
>>
>> *4 Century Drive, Parsippany NJ 07054*
>>
>>
>> *Colocation â€¢ Cloud Hosting â€¢ Network Connectivity â€¢ Managed Services*
>> Follow us on Twitter: @atlanticmetro <https://twitter.com/atlanticmetro> *â€¢
>> Like us on Facebook <https://www.facebook.com/atlanticmetro>*
>> www.atlanticmetro.net
>>
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>

Re: MLXe BGP Next Hop Not Reachable [ In reply to ]

james at atlanticmetro

Aug 30, 2016, 8:16 AM

Post #7 of 8 (2506 views)

I've determined the issue. It seems the "Not Reachable" statement was a
misnomer..the real issue was with a route-map entry not exactly matching
the proper prefix length. For shame..

For posterities sake, if it says Filtered, and also Not Reachable..its
probably the filter and nothing to do with the next hop being unreachable.

Thanks all.

-James

On Tue, Aug 30, 2016 at 10:42 AM, George B <georgeb@gmail.com> wrote:

> Any chance that customer subnet 10.60.154.209/29 is included in a black
> hole or static route someplace? Is this a new connection or one that was
> working and has stopped working? If it is a new connection, check to see
> if that network range was previously black-holed (routed to NULL) or
> something like that.
>
>
>
> On Tue, Aug 30, 2016 at 6:21 AM, James Cornman <james@atlanticmetro.net>
> wrote:
>
>>
>> And another silly question; I assume you have checked your system max
>> variables? There used to be an issue where system max for the route table
>> was set to 205k, IIRC?
>>
>>
>> Yes indeed. Many other customer sessions on this router. we have it set
>> to 1million routes
>>
>>
>>> --
>>>
>>> *James Cornman*
>>>
>>> jcornman@atlanticmetro.net
>>> 212.792.9950 - ext 101
>>>
>>> *Atlantic Metro Communications*
>>>
>>> *4 Century Drive, Parsippany NJ 07054*
>>>
>>>
>>> *Colocation â€¢ Cloud Hosting â€¢ Network Connectivity â€¢ Managed Services*
>>> Follow us on Twitter: @atlanticmetro <https://twitter.com/atlanticmetro>
>>> *â€¢ Like us on Facebook <https://www.facebook.com/atlanticmetro>*
>>> www.atlanticmetro.net
>>>
>>
>> _______________________________________________
>> foundry-nsp mailing list
>> foundry-nsp@puck.nether.net
>> http://puck.nether.net/mailman/listinfo/foundry-nsp
>>
>
>

--

*James Cornman*

*Chief Technology Officer*jcornman@atlanticmetro.net
212.792.9950 - ext 101

*Atlantic Metro Communications*

*4 Century Drive, Parsippany NJ 07054*

*Colocation â€¢ Cloud Hosting â€¢ Network Connectivity â€¢ Managed Services*
Follow us on Twitter: @atlanticmetro <https://twitter.com/atlanticmetro> *â€¢
Like us on Facebook <https://www.facebook.com/atlanticmetro>*
www.atlanticmetro.net

Re: MLXe BGP Next Hop Not Reachable [ In reply to ]

mgehrmann at atlassian

Aug 30, 2016, 5:26 PM

Post #8 of 8 (2498 views)

Two things I have found that may help you:
- next-hop unreachable can also mean filtered i.e. route-map problem
- next-hop-recursion can be your friend

Mike

On 30 August 2016 at 22:10, James Cornman <james@atlanticmetro.net> wrote:

> Hello,
>
> Came across a strange issue that I could use a second set of eyes on.
>
> Have an MLXe8 router with 5.6e running. Customer BGP session is up and
> we're receiving the route they're advertising, but BGP thinks the next-hop
> is unreachable and not accepting the route. Its not even getting to the
> point of processing any prefix-lists or route-maps.
>
>
> SSH@router#show ip bgp neigh 10.60.154.210 received-routes detail
> There are 1 received routes from neighbor 10.60.154.210
> Searching for matching routes, use ^C to quit...
> Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP D:DAMPED
> E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH
> m:NOT-INSTALLED-MULTIPATH
> S:SUPPRESSED F:FILTERED s:STALE
> 1 Prefix: 10.60.158.0/26, Status: EF, Age: 0h0m12s
> NEXT_HOP: 10.60.154.210, Not Reachable, Learned from Peer:
> 10.60.154.210 (64585)
> LOCAL_PREF: 100, MED: 0, ORIGIN: igp, Weight: 0
> AS_PATH: 64585
>
>
> interface ve 170
> ip address 10.60.154.209/29
> !
>
> neighbor CUSTOMER-ABC peer-group
> neighbor CUSTOMER-ABC remote-as 64585
> neighbor CUSTOMER-ABC soft-reconfiguration inbound
> neighbor CUSTOMER-ABC default-originate
> neighbor CUSTOMER-ABC route-map in CUSTOMER-NOEXPORT-in
> neighbor CUSTOMER-ABC route-map out DEFAULT-ONLY
> neighbor 10.60.154.210 peer-group CUSTOMER-ABC
>
> Tried the usual suspects of removing the interconnect /29 from the ve and
> re-applying, rebuilding the BGP session, bouncing it many times, etc.
> Session is up..ping communication works fine.
>
>
>
> --
>
> *James Cornman*
>
> jcornman@atlanticmetro.net
> 212.792.9950 - ext 101
>
> *Atlantic Metro Communications*
>
> *4 Century Drive, Parsippany NJ 07054*
>
>
> *Colocation â€¢ Cloud Hosting â€¢ Network Connectivity â€¢ Managed Services*
> Follow us on Twitter: @atlanticmetro <https://twitter.com/atlanticmetro> *â€¢
> Like us on Facebook <https://www.facebook.com/atlanticmetro>*
> www.atlanticmetro.net
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>

--
Michael Gehrmann
Senior Network Engineer - Atlassian
m: +61 407 570 658