BGP Next Hop 0.0.0.0, Origin Codes and RIB Failure (IV)

In this post, we're going to explore some specific BGP concepts that are crucial for understanding how BGP works. We'll look at what the next hop of 0.0.0.0 means in BGP, dive into the meaning of different Origin Codes, and understand what a RIB failure means. I'm going to use the following example as a base to explain these concepts.

Here in our example, HQ-01 is in AS 1000, ENT-01 is in AS 2000, and there are two intermediary ISP routers in AS 100. These ISP routers will establish an iBGP session between each other to pass along BGP routes. HQ-01 advertises the prefix 100.100.0.0/16 to its eBGP peer ISP-01 using the network 100.100.0.0 mask 255.255.0.0 command.

#HQ-01

router bgp 1000
 network 100.100.0.0 mask 255.255.0.0
 neighbor 12.12.12.2 remote-as 100

We have covered the configurations extensively in our previous part so, feel free to cehck it out.

What is BGP Next Hop 0.0.0.0?

In BGP, when you see a next hop listed as 0.0.0.0, it indicates that the route being referred to is originated by the local router. It's BGP's way of saying, "This network starts right here, with me."

#hq-01

hq-01#show ip bgp
*Apr  1 18:25:40.694: %SYS-5-CONFIG_I: Configured from console by consolep
BGP table version is 12, local router ID is 12.12.12.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  100.100.0.0/16   0.0.0.0                  0         32768 i

Taking a look at the output from show ip bgp, we see the prefix 100.100.0.0/16 with a next hop of 0.0.0.0. This entry tells us that hq-01 is the originator of the 100.100.0.0/16 network. The route is directly connected to hq-01 and being injected into BGP using the network command or is being redistributed into BGP from the local routing table, and hq-01 is announcing this route to other BGP peers as a network that is locally originated.

When you check the BGP table on ISP-01 with the same command, the next hop for the 100.100.0.0/16 prefix won't show as 0.0.0.0. That's because ISP-01 isn't the originator of this prefix. Instead, the next hop will be set to the IP address of hq-01, the router that advertised the prefix via eBGP.

#ISP-01

ISP-01#show ip bgp 
BGP table version is 10, local router ID is 192.168.12.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  100.100.0.0/16   12.12.12.1               0             0 1000 i

BGP Origin Codes

Origin Code is a well-known mandatory BGP Path attribute that defines the Origin of routing information, aka, how a route became a BGP route. Well-known mandatory attributes must be recognized by all BGP implementations and included with every prefix advertisement. So, you will see them in each and every BGP prefixes.

There are three types of Origin Codes:

1. i (IGP) - Has the highest priority and routes are added to the BGP routing table using the network command
2. e (EGP) - This is pretty rare, but it means the route came from EGP. You won't see this often.
3. ? (incomplete) - The routes that are redistributed from other routing protocols to BGP.

When I say IGP Origin code has the highest priority what I meant was that let’s say a router learns about the same route from two different places, and everything else about (Weight, Local Preference, AS_Path) these routes are the same. What happens next? Your router will take a look at the origin code to break the tie. If one of the routes has an origin code of i, that route is the winner.

If we look at the show ip bgp output from HQ-01 router again, we can see an i next to the 100.100.0.0/16 prefix (Path). Well, we used the network command so, that's what we would expect to see.

#hq-01

hq-01#show ip bgp
*Apr  1 18:25:40.694: %SYS-5-CONFIG_I: Configured from console by consolep
BGP table version is 12, local router ID is 12.12.12.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  100.100.0.0/16   0.0.0.0                  0         32768 i

Let's go and remove the network command and add the redistribute connected command and see what happens.

hq-01(config-router)#no network 100.100.0.0 mask 255.255.0.0
hq-01(config-router)#redistribute connected 
hq-01(config-router)#end

#hq-01

hq-01#show ip bgp 
BGP table version is 8, local router ID is 12.12.12.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  10.10.0.0/16     0.0.0.0                  0         32768 ?
 *>  12.12.12.0/24    0.0.0.0                  0         32768 ?
 *>  100.100.0.0/16   0.0.0.0                  0         32768 ?

First of all, now we are seeing three prefixes, why? Well, I use the 10.10.0.0/16 network for management purposes so, ignore it. The second one is the link between HQ-01 and ISP-01 and the third one is of course what we are discussing so far.

But, if you look at the origin code, now it has changed to ? indicates the prefixes are being redistributed to BGP.

RIB Failure

RIB failure occurs when a route selected by BGP cannot be installed in the routing table. This might happen for a few reasons, such as a routing table having a more specific or preferable route to the same destination. We are just continuing from where we left off (HQ-01 is using redistribute connected)

#ISP-01

ISP-01#show ip bgp 
BGP table version is 6, local router ID is 192.168.12.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 r>  10.10.0.0/16     12.12.12.1               0             0 1000 ?
 r>  12.12.12.0/24    12.12.12.1               0             0 1000 ?
 *>  100.100.0.0/16   12.12.12.1               0             0 1000 ?

#ISP-01

ISP-01#show ip interface brief | incl up
GigabitEthernet1       12.12.12.2      YES TFTP   up                    up      
GigabitEthernet2       192.168.12.1    YES TFTP   up                    up      
GigabitEthernet8       10.10.50.41     YES manual up                    up      

If you look at the output from ISP-01, we see routes marked with r>, indicating they are recognized by BGP as the best path for their destinations but have not been installed in the routing table due to RIB failure.

The reason for the RIB failures in the example from ISP-01 is due to the presence of connected routes that overlap with the BGP-advertised routes.

• The 10.10.0.0/16 network is being used by ISP-01 for management purposes (so, I can SSH to all the devices). This network is directly connected to ISP-01 (and all other routers), making it a connected route. In IP routing, connected routes are given a higher preference over routes learned through BGP or other routing protocols. Therefore, the BGP route to 10.10.0.0/16 experiences a RIB failure as the router's IP routing table prioritizes the connected route for this network.
• Similarly, 12.12.12.0/24 is another network directly connected to ISP-01. Like the 10.10.0.0/16 network, this connected route takes precedence over the BGP-learned route to the same destination.

In summary, the RIB failures for these prefixes are due to the routing preference given to connected routes over BGP-learned routes.