Select Page

Next-hop AttributE

 BGP Next-Hop Attribute 

RFC 4271 defined Next-Hop attribute as: The NEXT_HOP is a well-known mandatory attribute that defines the IP address of the router that SHOULD be used as the next hop to the destinations listed in the UPDATE message.

Basically, Next-Hop forces the router to do a recursive lookup in order to determine which egress interface should be used to send the packets out.

Juniper vMX 14 & EVE-NG Pro is used for this lab.

Next-Hop Reachability

Without Next-Hop reachability, BGP-learned route will not be injected into BGP. There are two ways to solve this issue:

  • Advertise Next-Hop subnet via IGP (OSPF, IS-IS, RIP, EIGRP, etc)
  • Use Next-Hop command to modify the next-hop IP

Next-Hop Attributes and Route-Reflectors

Route-Reflectors must not change Next-Hop attribute for routers that are being reflected. Failure to follow this rule will attract data traffic to the Route-Reflectors. This is not desirable, as Route-Reflectors are Control, not Data nodes and might not have capacity to forward traffic.

Next-Hop Self and EBGP Peers

Be default, routes advertised to EBGP peers will have Next-Hop attribute changed to EBGP session’s source IP address. You don’t have to do anything. There is no point in configuring ‘next-hop self’ on EBGP sessions, everything is done automatically.

 Devices Configuration:

[email protected]> show configuration |display set
set version 14.1R4.8
set system host-name R1
set system root-authentication encrypted-password “$1$Wsqdz5YK$uP03JJl0Cl9VCFIGw/VI8/”
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/2 unit 0 family inet address 12.12.12.1/24
set interfaces ge-0/0/3 unit 0 family inet address 13.13.13.1/24
set routing-options autonomous-system 100
set protocols bgp group iBGP-R2 type internal
set protocols bgp group iBGP-R2 traceoptions file R1-to-R2
set protocols bgp group iBGP-R2 traceoptions flag all
set protocols bgp group iBGP-R2 local-address 12.12.12.1
set protocols bgp group iBGP-R2 export 13NW-NEXT-HOP
set protocols bgp group iBGP-R2 peer-as 100
set protocols bgp group iBGP-R2 neighbor 12.12.12.2
set protocols bgp group eBGP-R3 type external
set protocols bgp group eBGP-R3 traceoptions file R1-to-R3
set protocols bgp group eBGP-R3 traceoptions flag all
set protocols bgp group eBGP-R3 local-address 13.13.13.1
set protocols bgp group eBGP-R3 peer-as 200
set protocols bgp group eBGP-R3 neighbor 13.13.13.3
set policy-options policy-statement 13NW-NEXT-HOP term t1 then next-hop self

[email protected]> show configuration |display set
set version 14.1R4.8
set system host-name R2
set system root-authentication encrypted-password “$1$VxiOaTTW$Ysbmt6ZC7HOqFFjnLu8ak/”
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/0 unit 0 family inet
set interfaces ge-0/0/2 unit 0 family inet address 12.12.12.2/24
set interfaces lo0 unit 2 family inet address 2.2.2.2/24
set interfaces lo0 unit 2 family inet address 22.22.22.22/24
set routing-options autonomous-system 100
set protocols bgp group iBGP-to-R1 type internal
set protocols bgp group iBGP-to-R1 traceoptions file R2-to-R1
set protocols bgp group iBGP-to-R1 traceoptions flag all
set protocols bgp group iBGP-to-R1 local-address 12.12.12.2
set protocols bgp group iBGP-to-R1 export R2-loop
set protocols bgp group iBGP-to-R1 peer-as 100
set protocols bgp group iBGP-to-R1 neighbor 12.12.12.1
set policy-options policy-statement R2-loop term 1 from interface lo0.2
set policy-options policy-statement R2-loop term 1 from interface ge-0/0/0.0
set policy-options policy-statement R2-loop term 1 then accept

[email protected]> show configuration |display set
set version 14.1R4.8
set system host-name R3
set system root-authentication encrypted-password “$1$wPe7GXpQ$C.1GjIPSpRySXHSmu/OdN1”
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/3 unit 0 family inet address 13.13.13.3/24
set interfaces lo0 unit 3 family inet address 3.3.3.3/24
set interfaces lo0 unit 3 family inet address 33.33.33.33/24
set routing-options autonomous-system 200
set protocols bgp group eBGP-to-R1 type external
set protocols bgp group eBGP-to-R1 traceoptions file R3-to-R1
set protocols bgp group eBGP-to-R1 traceoptions flag all
set protocols bgp group eBGP-to-R1 local-address 13.13.13.3
set protocols bgp group eBGP-to-R1 export R3-loop
set protocols bgp group eBGP-to-R1 peer-as 100
set protocols bgp group eBGP-to-R1 neighbor 13.13.13.1
set policy-options policy-statement R3-loop term t1 from interface lo0.3
set policy-options policy-statement R3-loop term t1 then accept

** TASK Specific Config:

– R2, R3 LOOPBACKs are exported:

R1>
 set protocols bgp group iBGP-to-R1 export R1-loop
set protocols bgp group iBGP-to-R1 peer-as 100
set protocols bgp group iBGP-to-R1 neighbor 12.12.12.1
set policy-options policy-statement R1-loop term 1 from interface lo0.2
set policy-options policy-statement R1-loop term 1 then accept
R2>
set protocols bgp group eBGP-to-R1 export R3-loop
set protocols bgp group eBGP-to-R1 peer-as 100
set protocols bgp group eBGP-to-R1 neighbor 13.13.13.1
set policy-options policy-statement R3-loop term t1 from interface lo0.3

set policy-options policy-statement R3-loop term t1 then accept 

R1 can reach both r2-r3 loopbacks;

 [email protected]> ping 2.2.2.2 
PING 2.2.2.2 (2.2.2.2): 56 data bytes
64 bytes from 2.2.2.2: icmp_seq=0 ttl=64 time=2.388 ms
[email protected]> ping 3.3.3.3
PING 3.3.3.3 (3.3.3.3): 56 data bytes
64 bytes from 3.3.3.3: icmp_seq=0 ttl=64 time=4.937 ms

— R1 LEARNING R3 LOOPBACK, ALSO ADVERTISING TO R2,

HOWEVER, NOT SHOWING IN R2 TABLE.

[email protected]R1> show route 3.3.3.3 receive-protocol bgp 13.13.13.3

inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 3.3.3.0/24 13.13.13.3 200 I

[email protected]R1> show route 3.3.3.3 advertising-protocol bgp 12.12.12.2

inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 3.3.3.0/24 13.13.13.3 100 200 I

[email protected]R2> show route 3.3.3.3 receive-protocol bgp 12.12.12.1

NONE— Let’s check log’s/traceoption……..
Traceoption / log
[email protected]R2> show log R2-to-R1 |match 3.3.3.0  
Apr 13 01:50:31.646174 bgp_rcv_nlri: 3.3.3.0/24
Apr 13 01:50:31.646291 ADD      3.3.3.0/24          nhid 0  BGP      pref 170/-101 metric  <Hidden Int Ext>  as 100
Coming as hidden:
[email protected]R2> show route hidden extensive    
 
inet.0: 8 destinations, 8 routes (6 active, 0 holddown, 2 hidden)
3.3.3.0/24 (1 entry, 0 announced)
         BGP    Preference: 170/-101
                Next hop type: Unusable
                Address: 0x92c5244
                Next-hop reference count: 2
                State:
                Local AS:   100 Peer AS:   100
                Age: 20:24 
                Validation State: unverified 
                Task: BGP_100.12.12.12.1+179
                AS path: 200 I
                Accepted
                Localpref: 100
                Router ID: 12.12.12.1
                Indirect next hops: 1
                        Protocol next hop: 13.13.13.3
                        Indirect next hop: 0x0 – INH Session ID: 0x0
 
33.33.33.0/24 (1 entry, 0 announced)
         BGP    Preference: 170/-101
                Next hop type: Unusable
                Address: 0x92c5244      
                Next-hop reference count: 2
                State:
                Local AS:   100 Peer AS:   100
                Age: 20:24 
                Validation State: unverified 
                Task: BGP_100.12.12.12.1+179
                AS path: 200 I
                Accepted
                Localpref: 100
                Router ID: 12.12.12.1
                Indirect next hops: 1
                        Protocol next hop: 13.13.13.3
                        Indirect next hop: 0x0 – INH Session ID: 0x0 

 — If you notice, next-hop is 13.13.13.3, however this next-hop is not reachable from R2.

 [email protected]> show route 
 
inet.0: 8 destinations, 8 routes (6 active, 0 holddown, 2 hidden)
+ = Active Route, – = Last Active, * = Both
 
2.2.2.0/24         *[Direct/0] 02:45:27
                    > via lo0.2
2.2.2.2/32         *[Local/0] 02:45:27
                      Local via lo0.2
12.12.12.0/24      *[Direct/0] 02:44:22
                    > via ge-0/0/2.0
12.12.12.2/32      *[Local/0] 02:44:23
                      Local via ge-0/0/2.0
22.22.22.0/24      *[Direct/0] 02:45:27
                    > via lo0.2
22.22.22.22/32     *[Local/0] 02:45:27
                      Local via lo0.2
 
 This explains iBGP does not change “Next-hop” when route is received from an eBGP peer and sent to its iBGP peer.
 
— Let’s check from R3. The R2 network (2.2.2.0/24) in R3 routing table.
[email protected]> show route 
 
inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both
 
2.2.2.0/24         *[BGP/170] 00:34:18, localpref 100
                      AS path: 100 I, validation-state: unverified
                    > to 13.13.13.1 via ge-0/0/3.0
3.3.3.0/24         *[Direct/0] 02:55:20
                    > via lo0.3
3.3.3.3/32         *[Local/0] 02:55:20
                      Local via lo0.3
13.13.13.0/24      *[Direct/0] 02:54:15
                    > via ge-0/0/3.0
13.13.13.3/32      *[Local/0] 02:54:16
                      Local via ge-0/0/3.0
22.22.22.0/24      *[BGP/170] 00:34:18, localpref 100
                      AS path: 100 I, validation-state: unverified
                    > to 13.13.13.1 via ge-0/0/3.0
33.33.33.0/24      *[Direct/0] 02:55:20
                    > via lo0.3
33.33.33.33/32     *[Local/0] 02:55:20
                      Local via lo0.3
 
— But, PING fails
[email protected]> ping 2.2.2.2 source 3.3.3.3 rapid count 5 
PING 2.2.2.2 (2.2.2.2): 56 data bytes
…..
— 2.2.2.2 ping statistics —
5 packets transmitted, 0 packets received, 100% packet loss
  — This is because packet from R3 hit R1, and R1 send packet to R2 with next-hop 13.13.13.3 (that does not exists in R2 table) and packet drops. 
FIX……
R1>
# set policy-options policy-statement 13NW-NEXT-HOP term t1 then next-hop self   
set protocols bgp group iBGP-R2 export 13NW-NEXT-HOP
#commit
 
[email protected]> show log R2-to-R1 |match 3.3.3.0 
Apr 13 04:28:45.912483 BGP RECV         3.3.3.0/24 , 33.33.33.0/24
Apr 13 04:28:45.919811 CHANGE   3.3.3.0/24          nhid 0 gw 12.12.12.1      BGP      pref 170/-101 metric  <Active Int Ext>  as 100
— Now it shows as Active instead of hidden.
Routes in R1 Table now. 
[email protected]> show route 3.3.3.3 
 
inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both
 
3.3.3.0/24         *[BGP/170] 02:43:58, localpref 100
                      AS path: 200 I, validation-state: unverified
                    > to 13.13.13.3 via ge-0/0/3.0
 
[email protected]> show route 33.33.33.33  
 
inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both
 
33.33.33.0/24      *[BGP/170] 02:44:09, localpref 100
                      AS path: 200 I, validation-state: unverified
                    > to 13.13.13.3 via ge-0/0/3.0
[email protected]> ping 2.2.2.2 source 3.3.3.3 rapid count 5
PING 2.2.2.2 (2.2.2.2): 56 data bytes
!!!!!
— 2.2.2.2 ping statistics —
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.141/2.779/4.314/0.795 ms
 
[email protected]> show route receive-protocol bgp 12.12.12.1 
 
inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 3.3.3.0/24              12.12.12.1                   100        200 I
* 33.33.33.0/24       12.12.12.1                   100        200 I
 

[email protected]> ping 3.3.3.3 source 2.2.2.2 rapid count 5
PING 3.3.3.3 (3.3.3.3): 56 data bytes
!!!!!
— 3.3.3.3 ping statistics —
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.296/2.676/3.318/0.376 ms

[email protected]> ping 33.33.33.33 source 2.2.2.2 rapid count 5
PING 33.33.33.33 (33.33.33.33): 56 data bytes
!!!!!
— 33.33.33.33 ping statistics —
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.293/2.623/3.597/0.494 ms

[email protected]> traceroute 3.3.3.3 source 2.2.2.2
traceroute to 3.3.3.3 (3.3.3.3) from 2.2.2.2, 30 hops max, 40 byte packets
1 12.12.12.1 (12.12.12.1) 2.487 ms 1.424 ms 1.436 ms
2 3.3.3.3 (3.3.3.3) 2.680 ms 2.388 ms 2.937 ms

[email protected]> show route next-hop 12.12.12.1

inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, – = Last Active, * = Both

3.3.3.0/24 *[BGP/170] 00:20:34, localpref 100
AS path: 200 I, validation-state: unverified
> to 12.12.12.1 via ge-0/0/2.0
33.33.33.0/24 *[BGP/170] 00:20:34, localpref 100
AS path: 200 I, validation-state: unverified
> to 12.12.12.1 via ge-0/0/2.0

Share on print
Print
Share on google
Google+
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

The Juniper All-Access | Reading List

Leave a reply

Your email address will not be published. Required fields are marked *

ADENTECH guides

We love to help.

Get our newsletter, join the community: