BGP prefixes accepted, but not installed into routing table

Knogle · May 4, 2021, 5:48pm

Ahoy friends.
I got my home router as well as my holiday residence connected through a Wireguard Point-to-Point connection.
My home router is acting as a hub in a hub and spoke topology.
In addition to my Wireguard tunnel i have set up my routers in order to connect through BGP and redistribute and filter some routes, which works quite fine, but only in one direction.

That's what my routing table looks like on my OpenWrt device at my remote holiday residence:

do show ip bgp
BGP table version is 0, local router ID is 192.168.165.32
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
              i internal, r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*  10.0.0.0/24      10.0.0.1                 0             0 64511 ?
*>                  0.0.0.0                  0         32768 ?
*> 10.8.0.0/24      0.0.0.0                  0         32768 ?
*> 10.10.10.10/32   10.0.0.1                 0             0 64511 ?
*> 172.20.32.0/19   10.0.0.1                 0             0 64511 ?
*> 172.20.160.0/19  10.0.0.1                 0             0 64511 ?
*> 172.20.192.0/19  10.0.0.1                 0             0 64511 ?
*> 172.20.224.0/19  10.0.0.1                 0             0 64511 ?
*> 192.168.2.0      10.0.0.1                 0             0 64511 ?
*> 192.168.3.0      10.0.0.1                 0             0 64511 ?
*> 192.168.154.0    10.0.0.1                 0             0 64511 ?
*> 192.168.165.0    0.0.0.0                  0         32768 ?
*> 192.168.178.0    10.0.0.1                 0             0 64511 ?
*> 192.168.200.0    10.0.0.1                 0             0 64511 ?
*> 192.168.252.0    10.0.0.1                 0             0 64511 ?

Displayed  14 out of 15 total prefixes

It looks fine, all my routes from my home are being redistributed properly into the RIB of my holiday residence.

Unfortunately it's not working as expected on my home router OpenWrt device.
I need the 192.168.165.0 route to get working.

penWrt# show ip bgp 
BGP table version is 0, local router ID is 10.10.10.10
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
              i internal, r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
   10.0.0.0/24      10.0.0.3                 0             0 64510 ?
*>                  0.0.0.0                  0         32768 ?
   10.8.0.0/24      10.0.0.3                 0             0 64510 ?
*> 10.10.10.10/32   0.0.0.0                  0         32768 ?
*> 172.20.32.0/19   0.0.0.0                  0         32768 ?
*> 172.20.160.0/19  0.0.0.0                  0         32768 ?
*> 172.20.192.0/19  0.0.0.0                  0         32768 ?
*> 172.20.224.0/19  0.0.0.0                  0         32768 ?
*> 192.168.2.0      0.0.0.0                  0         32768 ?
*> 192.168.3.0      0.0.0.0                  0         32768 ?
*> 192.168.154.0    0.0.0.0                  0         32768 ?
   192.168.165.0    10.0.0.3                 0             0 64510 ?
*> 192.168.178.0    0.0.0.0                  0         32768 ?
*> 192.168.200.0    0.0.0.0                  0         32768 ?
*> 192.168.252.0    0.0.0.0                  0         32768 ?

Displayed  14 out of 15 total prefixes

show ip bgp neighbors says: For address family: IPv4 Unicast Community attribute sent to this neighbor(all) 3 accepted prefixes
So the prefixes have been transfered, but they are not tagged as best route, also not being valid.
What might be the reason here? Even a different weight or local preference doesn't solve this issue.
Did i miss something?

show run of my home OpenWrt hub router.

Password: 
OpenWrt> en
OpenWrt# show run

Current configuration:
!
password omitted for brevity
!
router bgp 64511
 bgp router-id 10.10.10.10
 redistribute connected
 neighbor 10.0.0.3 remote-as 64510
 neighbor 10.0.0.3 update-source wg0
!
 address-family ipv6
 redistribute connected
 exit-address-family
 exit
!
access-list FILTER-BGP-1 deny 192.168.3.0/24
access-list FILTER-BGP-1 permit any
access-list vty permit 127.0.0.0/8
access-list vty deny any
!
ip prefix-list DENY-TRUSTED seq 5 deny 192.168.3.0/24
!
route-map FILTER-BGP-1 deny 10
 match ip address prefix-list DENY-TRUSTED
!
line vty
 access-class vty
!
end

As well as from my spoke OpenWrt router.


 do show run
Building configuration...

Current configuration:
!
!
debug ospf6 lsa unknown
!
interface eth0
!
interface lo
!
interface tun0
!
interface wg0
!
interface wlan0
!
router bgp 64510
 bgp router-id 192.168.165.32
 redistribute connected
 neighbor 10.0.0.1 remote-as 64511
 neighbor 10.0.0.1 update-source wg0
!
 address-family ipv6
 redistribute connected
 exit-address-family
 exit
!
ip forwarding
ipv6 forwarding
!
line vty
!
end

Right at the moment it's a really really simple configuration, so i don't know what i might have missed.

Shortly another spoke will be added, my grandma's home. I want to establish a Wireguard connection as well, but also BGP peering, but for some reason the prefix is not being advertised properly to the hub.
Is it more appropriate to use iBGP instead and configure the Hub as a route reflector?

I am looking forward to hear from you.
Thanks in advance!

trendy · May 4, 2021, 7:24pm

It is more appropriate to use the allowed ips in wireguard.

Knogle · May 10, 2021, 5:55pm

Problem has been solved. It was weird, but after a reboot it worked lol.
Unfortunately I need to use dynamic routing protocols due to my constantly changing network topology.

system · May 20, 2021, 5:55pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.