Hello viewers, on this publish we shall be talk about a state of affairs the place eBGP neighborship throughout 2 BGP enabled Routers dropped on enabling NAT Overload on identical Router.
Instance Situation: BGP Neighborship Drops when NAT is Enabled
Diagrams under depicts the connectivity throughout Router R1, R2 and R3.
Whereas R1 and R2 may have static Route for reachability, R2 and R3 will type eBGP neighborship between AS 2 and AS3 respectively. Additionally, community 10.0.0.0/8 (Behind R1 and proven as Loopback0 for take a look at state of affairs) shall be NATted with Inside International IP of 200.200.200.1 on R2.
Base Configuration throughout R1, R2 and R3
The bottom configuration throughout R1, R2 and R3 is as proven under –
R1
interface Loopback0
ip deal with 10.0.0.1 255.255.255.0
!
interface FastEthernet0/0
ip deal with 192.168.12.1 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 192.168.12.2
!
Finish
R2
interface FastEthernet0/0
ip deal with 192.168.12.2 255.255.255.0
ip nat inside
!
interface FastEthernet0/1
ip deal with 10.23.23.2 255.255.255.0
ip nat exterior
!
ip route 0.0.0.0 0.0.0.0 10.23.23.3
ip route 10.0.0.0 255.255.255.0 192.168.12.1
!
ip nat pool NATPOOL 200.200.200.1 200.200.200.1 prefix-length 24
ip nat inside supply record 1 pool NATPOOL overload
!
access-list 1 allow 10.0.0.0 0.255.255.255
!
Finish
R3
interface Loopback0
ip deal with 3.3.3.3 255.255.255.0
!
interface FastEthernet0/1
ip deal with 10.23.23.3 255.255.255.0
!
!
ip route 0.0.0.0 0.0.0.0 10.23.23.2
!
finish
Configure BGP throughout R2 and R3
Now that we now have NAT Overload in place (10.0.0.0/8 will get NATted to 200.200.200.1) ,subsequent step is to configure BGP throughout R2 and R3 as under –
R2
bgp log-neighbor-changes
community 10.23.23.0 masks 255.255.255.0
neighbor 10.23.23.3 remote-as 3
no auto-summary
R3
bgp log-neighbor-changes
community 10.23.23.0 masks 255.255.255.0
neighbor 10.23.23.2 remote-as 2
no auto-summary
After configuring eBGP, nonetheless each Routers are displaying neighborship as “Energetic” as under –
BGP desk model is 2, most important routing desk model 2
1 community entries utilizing 117 bytes of reminiscence
1 path entries utilizing 52 bytes of reminiscence
2/1 BGP path/bestpath attribute entries utilizing 248 bytes of reminiscence
0 BGP route-map cache entries utilizing 0 bytes of reminiscence
0 BGP filter-list cache entries utilizing 0 bytes of reminiscence
BGP utilizing 417 complete bytes of reminiscence
BGP exercise 3/2 prefixes, 4/3 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.23.23.2 4 2 290 295 0 0 0 00:02:25 Energetic
BGP desk model is 2, most important routing desk model 2
1 community entries utilizing 117 bytes of reminiscence
1 path entries utilizing 52 bytes of reminiscence
2/1 BGP path/bestpath attribute entries utilizing 248 bytes of reminiscence
0 BGP route-map cache entries utilizing 0 bytes of reminiscence
0 BGP filter-list cache entries utilizing 0 bytes of reminiscence
BGP utilizing 417 complete bytes of reminiscence
BGP exercise 2/1 prefixes, 3/2 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.23.23.3 4 3 290 291 0 0 0 00:03:11 Energetic
Let’s take assist of debug command to troubleshoot why BGP neighborship shouldn’t be forming.
To cease undesirable site visitors from being captured in debug , we take assist of entry record as under –
*Mar 1 08:51:47.301: IP: s=200.200.200.1 (FastEthernet0/1), d=10.23.23.3, len 44, rcvd 0
*Mar 1 08:51:47.305: TCP src=21387, dst=179, seq=4006275843, ack=0, win=16384 SYN
R3#
As seen from output of debug command, the supply forming neighborship with R3 IP 10.23.23.3 is 200.200.200.1 and never 20.23.23.2.
On additional evaluation , we get to know that Supply IP (R2 Fa0/1) 10.23.23.2 can be being NATted to 200.200.200.1 which shouldn’t be the case.
To beat this example , we have to change the supply record used for NAT (on this case entry record 1) to exclude interface fa0/1 of R2 (10.23.23.2) as under –
R2(config-std-nacl)#do sh access-list
Normal IP entry record 1
5 deny 10.23.23.0, wildcard bits 0.0.0.255 (4 matches)
10 allow 10.0.0.0, wildcard bits 0.255.255.255 (320 matches)
As soon as configured , lets confirm the neighborship standing as under –
BGP desk model is 2, most important routing desk model 2
1 community entries utilizing 117 bytes of reminiscence
2 path entries utilizing 104 bytes of reminiscence
3/1 BGP path/bestpath attribute entries utilizing 372 bytes of reminiscence
1 BGP AS-PATH entries utilizing 24 bytes of reminiscence
0 BGP route-map cache entries utilizing 0 bytes of reminiscence
0 BGP filter-list cache entries utilizing 0 bytes of reminiscence
BGP utilizing 617 complete bytes of reminiscence
BGP exercise 2/1 prefixes, 4/2 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.23.23.3 4 3 363 364 2 0 0 00:08:55 1
BGP desk model is 2, most important routing desk model 2
1 community entries utilizing 117 bytes of reminiscence
2 path entries utilizing 104 bytes of reminiscence
3/1 BGP path/bestpath attribute entries utilizing 372 bytes of reminiscence
1 BGP AS-PATH entries utilizing 24 bytes of reminiscence
0 BGP route-map cache entries utilizing 0 bytes of reminiscence
0 BGP filter-list cache entries utilizing 0 bytes of reminiscence
BGP utilizing 617 complete bytes of reminiscence
BGP exercise 3/2 prefixes, 5/3 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.23.23.2 4 2 363 368 2 0 0 00:08:39 1
The eBGP neighborship is now up and in a position to obtain Routes from neighbors.
Therefore, as verified from the troubleshooting train, Supply Subnet to be NATTed might disrupt with the BGP neighborship if each are utilizing overlapping IP deal with. To mitigate this situation, we have to deny eBGP subnet from Supply record (Entry record) for NAT overload.
