- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- My BGP routes are showing as Hidden and Inactive
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My BGP routes are showing as Hidden and Inactive
Hi Team,
I am facing this one more issue with BGP and route from other path is being received as Hidden and Inactive. I have scenario as depict in diagram. I am currently receiving route from Provider 1 which is fine. However route received from Provider 2 is showing as Hidden and Inactive on my firewall routing table.
I am at FW1 with version R80.30 with AS 64520 with network 172.31.24.0/24 while other peer is 64520 as well with network 10.100.0.0/16. However we are connected with two providers and route learned from provider-2 is getting as Hidden and Inactive from FW1 perspective.
Can someone please help?
set bgp external remote-as 9730 on
set bgp external remote-as 9730 peer xx.xx.xx.xx on
set bgp external remote-as 9730 peer xx.xx.xx.xx holdtime 15
set bgp external remote-as 9730 peer xx.xx.xx.xx keepalive 5
set bgp external remote-as 65001 on
set bgp external remote-as 65001 peer yy.yy.yy.yy on
set bgp external remote-as 65001 peer yy.yy.yy.yy as-override on
Here is my route table at FW1
#show route bgp
B 10.100.0.0/16 via xx.xx.xx.xx, eth1, cost None, age 913492
And here is the issue
B 10.100.0.0/16 via xx.xx.xx.xx, eth1, cost None, age 913540
B H i 10.100.0.0/16 is an unusable route
Blason R
CCSA,CCSE,CCCS
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I guess this need allow-as. This resolved the issue
set bgp external remote-as 65001 peer yy.yy.yy.yy allowas-in-count 2
Blason R
CCSA,CCSE,CCCS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you have route filters or route-maps configured accepting the routes and how do the as-paths compare?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes - default route filters configure and no such mechanism for as-path comparison
set inbound-route-filter bgp-policy 512 based-on-as as 9730 on
set inbound-route-filter bgp-policy 512 accept-all-ipv4
set inbound-route-filter bgp-policy 516 based-on-as as 65001 on
set inbound-route-filter bgp-policy 516 accept-all-ipv4
set route-redistribution to bgp-as 9730 from static-route 172.16.0.0/12 on
set route-redistribution to bgp-as 9730 from static-route 192.168.0.0/16 on
set route-redistribution to bgp-as 65001 from static-route 172.16.0.0/12 on
set route-redistribution to bgp-as 65001 from static-route 192.168.0.0/16 on
Blason R
CCSA,CCSE,CCCS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do I need to use
allowas-in Accept a IPv4-route that contains the local-AS in the as-path
Blason R
CCSA,CCSE,CCCS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What do you see with: "show route bgp aspath" ?
Please also review the following:
sk173204: Received BGP routes appear as unusable, hidden and inactive
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I guess this need allow-as. This resolved the issue
set bgp external remote-as 65001 peer yy.yy.yy.yy allowas-in-count 2
Blason R
CCSA,CCSE,CCCS