BGP next-hop-self

Written on by admin on. Posted in BGP

BGP is an autonomous system by autonomous system routing protocol, and next hop value of BGP network updates that leave an AS, is the IP address of the router at the exit point from AS. Further, that advertisement is sent through iBGP to neighbors, but next hop attribute remains the same. Usually, a router inside AS, does not have a route to external IP address from next hop attribute.

To overcome this issue, use next command:

neighbor {ip-addr | group-name } next-hop-self

This command will change next hop attribute for received updates to its own IP address. Type this command under BGP configuration mode on Router at the entry point in AS. Let’s consider an example.

BGP next hop attribute

When ISP2 Router advertise its network 192.168.0.0/24, next hop ip address will be 10.0.0.2 (its fa0/0 interface). ISP1 advertise this network to Branch router with the same 10.0.0.2 next hop attribute. Let’s configure those routers, but won’t change next hop attribute for now.

ISP1

ISP1(config)#interface fastEthernet 0/0
ISP1(config-if)#ip address 10.0.0.1 255.255.255.252
ISP1(config-if)#no shutdown
ISP1(config-if)#interface fastEthernet 0/1
ISP1(config-if)#ip address 10.0.1.1 255.255.255.252
ISP1(config-if)#no shutdown
ISP1(config-if)#exit
ISP1(config)#router bgp 65000
ISP1(config-router)#neighbor 10.0.1.2 remote-as 65000
ISP1(config-router)#neighbor 10.0.0.2 remote-as 65100
ISP1(config-router)#network 10.0.1.0 mask 255.255.255.252

Branch

Branch(config)#interface fastEthernet 0/0
Branch(config-if)#ip address 10.0.1.2 255.255.255.252 
Branch(config-if)#no shutdown
Branch(config)#router bgp 65000
Branch(config-router)#neighbor 10.0.1.1 remote-as 65000

ISP2

ISP2(config)#interface fastEthernet 0/0
ISP2(config-if)#ip address 10.0.0.2 255.255.255.252
ISP2(config-if)#no shutdown 
ISP2(config-if)#interface lo 0
ISP2(config-if)#ip address 192.168.0.1 255.255.255.0
ISP2(config-if)#exit
ISP2(config)#router bgp 65100
ISP2(config-router)#neighbor 10.0.0.1 remote-as 65000
ISP2(config-router)#network 192.168.0.0 mask 255.255.255.0

Now will check next hop attribute on Branch router for network 192.168.0.0:

Branch#show ip bgp 
BGP table version is 3, local router ID is 10.0.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
r>i10.0.1.0/30      10.0.1.1                 0    100      0 i
* i192.168.0.0      10.0.0.2                 0    100      0 65100 i
Branch#

As you can see, next hop for 192.168.0.0 network is 10.0.0.2 which is outsite of 65000 AS, and Branch router doesn’t have a route to it. BGP will not put 192.168.0.0 into routing table because it doesn’t know how to reach next hop, you can see this below:

Branch#show ip route 
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/30 is subnetted, 1 subnets
C       10.0.1.0 is directly connected, FastEthernet0/0
Branch#

Now, I will type next-hop-self command on ISP1 to change next-hop attribute for external networks that will be advertised to Branch router:

ISP1(config-router)#neighbor 10.0.1.2 next-hop-self

And again will verify on Branch:

Branch#show ip bgp 
BGP table version is 6, local router ID is 10.0.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
r>i10.0.1.0/30      10.0.1.1                 0    100      0 i
*>i192.168.0.0      10.0.1.1                 0    100      0 65100 i
Have you seen? Next hop attribute has changed from 10.0.0.2 to 10.0.1.1. Let’s check routing table:
Branch#show ip route 
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/30 is subnetted, 1 subnets
C       10.0.1.0 is directly connected, FastEthernet0/0
B    192.168.0.0/24 [200/0] via 10.0.1.1, 00:02:02
Branch#
Awesome, and now a ping from Branch router to 192.168.0.1 loopback address of ISP2:
Branch#ping 192.168.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/47/76 ms
Branch#

Perfect!

That’s all, I hope you enjoyed this lab!
76806 views

Comments (36)

  • Andy

    |

    I have been struggling to understand BGP Next-hop-self for weeks. I tried Youtube, Cisco website and other materials. You Sir, got it right on the spot. Short but simple to understand. Thank you very much.

    Reply

    • admin

      |

      I’m glad you found the answer you were looking for!

      Reply

      • Essam

        |

        Very good explanation, thanks for your efforts.

        Reply

      • bijith

        |

        Dear Admin and friends,

        I have set up the exact Lab , and its working same as you explained.

        Could admin or someone clarify my below doubt please.

        When I am pinging from BRANCH to the IP 10.0.0.1 and 10.0.0.2. its not pinging. But as you said the IP 192.168.0.1 is reachable. How its possible?

        Traceroute to the destination is also showing 10.0.1.1 and 10.0.0.2 are the number of hops to reach the destination.

        Here the destination is reachable but the hop 10.0.0.2 is not reachable

        BRANCH#ping 192.168.0.1

        Type escape sequence to abort.
        Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
        !!!!!
        Success rate is 100 percent (5/5), round-trip min/avg/max = 36/56/80 ms
        BRANCH#traceroute 192.168.0.1

        Type escape sequence to abort.
        Tracing the route to 192.168.0.1

        1 10.0.1.1 40 msec 32 msec 20 msec
        2 10.0.0.2 60 msec * 64 msec
        BRANCH#
        BRANCH#ping 10.0.1.1

        Type escape sequence to abort.
        Sending 5, 100-byte ICMP Echos to 10.0.1.1, timeout is 2 seconds:
        !!!!!
        Success rate is 100 percent (5/5), round-trip min/avg/max = 20/40/80 ms
        BRANCH#
        BRANCH#ping 10.0.0.2

        Type escape sequence to abort.
        Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
        …..
        Success rate is 0 percent (0/5)
        BRANCH#

        Thanks in advance
        Bijith D Meethal

        Reply

        • admin

          |

          Hi there,

          Even it seems a bit strange, this is expected. You cannot ping directly 10.0.0.1 and 10.0.0.2 from BRANCH because there is no route to them in BRANCH routing table. If you would like to be able to do that, you would need some IGP (like OSPF, EIGRP or static routes) to use for that.

          Then, why you see 10.0.0.1 and 10.0.0.2 in traceroutes? Well, this is because traceroute works a bit differently than ping tool.

          When you ping a destination you ping the destination address all the time.

          When you perform a traceroute, you also send packets to the same
          destination in every traceroute line you see in your output (usually 3 udp packets). At first are sent 3 packets with TTL 1, then first hop decreases TTL and replies with a Time-to-live exceeded message. TTL is gradually increased and this process repeats, that’s why you see intermediary hop in traceroute outputs.

          Please check this link https://ccieblog.co.uk/basic-troubleshooting-commands/how-does-traceroute-work or this one http://www.slashroot.in/how-does-traceroute-work-and-examples-using-traceroute-command for a more detailed explanation of traceroute.

          Regards.

          Reply

  • Moadh

    |

    Really it is simple and straight..

    I have read many articles about it but couldn’t understand and finally got the idea with your perfect explanation

    Reply

  • UDAWANT AMIT

    |

    Very nice Explanation …now i understand meaning of next-hop-self commamd

    Reply

  • Randy M

    |

    Perfectly explained and easy to understand! ! THANKS

    Reply

  • ar@bangalore

    |

    thank u very much sir this is the one i wanted .

    Reply

  • Built_adi

    |

    Thank you! This is great

    Reply

  • MaxMilano

    |

    I had some problem on understanding the theorical explanation, but the example is perfect! Thank you very muck!!!

    Reply

  • Avinash

    |

    Hi Folks
    Will this work in its current config as the link between the ISP’s are neither redistributed into igp nor advertised. There is no static route as well.
    Thanks

    Reply

  • sheeja

    |

    I was confused about next-hop self till reading this.Sir thank you

    Reply

  • Florin

    |

    Cisco documentation realy confused me, this article was very helpful 10x

    Reply

  • jorge

    |

    Hi, one question, this labs will work if the network comand is configured between the ISP 1 and ISP 2; do this means that the next hop self is avoidable? how can i now fo sure when use next hop or networks in EBGP?

    Reply

  • Raghav

    |

    Hi sir , firstly thanks for the beauty explanation of Next-hop self command.
    Let me know how route-reflector is also used.
    I know it(route-reflector) aviods the usage of next-hop self.
    But i want simple example to insist route-reflector.
    thanks in advacnce.

    Reply

  • Bob Le Bob

    |

    Nice example, but it should be enriched this way:
    Branch advertises one network it knows of has directly connected. Let’s take a look at sh ip bgp in ISP2 router, for comparison, both before and after issuing the next-hop self in ISP1 router.

    Reply

    • Bob Le Bob

      |

      Additional, it would be useful to show the output on ISP2 router, not only in Branch router, for establishing a better comparison.

      Reply

  • Thurny

    |

    Thank you for a simple, straight-forward explanation of the mechanics of next-hop-self. Really, really appreciated!

    Reply

  • Gaurav Kumar Yadav

    |

    This is an awesome explanation!!! short and simple. Got to understand difficult topics with easy explanation.I often come to this site for tutorials.Thanks Getnetworking.net 🙂

    Reply

  • Jesus Christ, science

    |

    Super clear. Thank you!

    Reply

  • ambrish

    |

    superb…

    Reply

  • ibrahim

    |

    Excellent work SIR! i definitely appreciate it . . . Thanks

    Reply

  • Rodrigo

    |

    Great !!

    Reply

  • Nazir

    |

    Crisp and clear explanation
    Thanks

    Reply

  • Zia

    |

    You kept it simple… Awesome…

    Reply

    • Subrun Jamil

      |

      Simply awesome….Keep moving….

      Thank You

      Reply

  • Gabriel

    |

    Thanks dude for the explanation. So clear now! What about if I have 2 ISPs router instead of 1 as u did in the example?

    Reply

  • Vikash

    |

    Very nice and precise.

    Reply

  • sandeep

    |

    Excellent and simple theory.

    Reply

  • Dilip Pandey

    |

    Thanks, very nicely explained.

    Reply

  • bcsalomon

    |

    First, thank you for the simple and detailed explanation.
    I labed this up and went one step further. I added a second branch router using 10.0.2.0/30 with ISP1 in the same AS 65000. I verified that the Branch1 and Branch2 received a next hop IP address specific to the subnet they share with ISP1 (which makes sense but was not so obvious):

    Branch1(config-router)#do sh ip bgp | beg Network
    Network Next Hop Metric LocPrf Weight Path
    *>i 192.168.0.0 10.0.1.1 0 100 0 65100 i

    Branch2(config-router)#do sh ip bgp | beg Network
    Network Next Hop Metric LocPrf Weight Path
    *>i 192.168.0.0 10.0.2.1 0 100 0 65100 i

    Reply

  • Ahmet Yakupoglu

    |

    Very nice Explanation …appreciate your efforts.
    there is a typo IPS1& IPS2 instead of ISP 1 & ISP2

    Ahmet Yakupoglu
    http://www.itmug.ca

    Reply

    • admin

      |

      Thanks for hint ;), rectified.

      Reply

  • zuber

    |

    I am using 4 routes in GNS3,i have configured full mesh IBGP topology. Neighborship is formed between all 4, R1 & R2 are receiving all the routes in their routing table, but R3 and R4 are unable to receive all routes in their routing table. i can see routes are there in “Sh ip bpg” output but not in routing table. can anyone help me on this please?

    Reply

  • Luis R

    |

    You did a great job explaining next-hop-self command. Thank you, kudos!

    Reply

Leave a comment


3 + = ten