Bgp multipath
Why does a bgp router (configured with multipath) advertise only one best path to its peers, even though it knows multiple paths to reach a destination and also installs them in its routing table? Can somebody help me understand this?
In a MPLS VPN scenario if a customer is multihomed to two PEs, load sharing can be achieved by using different Route Distinguisher (RD) for that VRF on each PE. The VPNv4 prefix is made up of 64 bit RD and 32 bit IPv4 address. This makes the prefix unique. If the RD is the same on both PEs then there can only be one best path because it would be the same prefix.
Like Peter described there are newer features like add path that enables BGP to send multiple paths to be used. Peter also described that BGP was designed to be a stable and higly scaling protocol. Announcing more than one path will lead to increased usage of RAM, RIB and FIB so these are factors that must be considered before enabling such features.
There is also a feature called diverse path that can be used on Route Reflectors (RR). Description from Cisco:
BGP Diverse Path Using a Diverse-Path Route Reflector
The BGP Diverse Path Using a Diverse-Path Route Reflector feature overcomes the lack of path diversity in an AS containing RRs. This feature is meant to provide path diversity within an AS, within a single cluster only. That is, an RR is allowed to advertise the diverse path to its client peers only.
For each RR in the AS, a shadow RR is added to distribute the second best path, also known as the diverse path. Figure 2 shows the shadow RR for RR2. The shadow RR improves path diversity because PE3 can now learn both P1 (from RR1/RR2) and learn P2 from the shadow RR
Most of these features are designed for RR scenarios. In an iBGP full mesh, optimal forwarding is easier to achieve.
Daniel Dib
CCIE #37149
Please rate helpful posts.
Similar Messages
-
Hi All,
I noticed a really unusual thing. When multipath is enabled between eBGP and iBGP, the AD of iBGP path also appears as 20 instead of 200. However, if eBGP path is not available and only iBGP path is available, the AD becomes 200.
This seems like a bug. Any ideas?
Here's the sample output- Notice network 10.2.2.0 in the both outputs.
PE1#sh ip route vrf CUST1
Gateway of last resort is not set
172.64.0.0/30 is subnetted, 3 subnets
C 172.64.1.0 is directly connected, Serial0/0
B 172.64.2.0 is directly connected, 00:22:35, Serial0/1
B 172.64.3.0 [200/0] via 2.2.2.2, 00:04:33
10.0.0.0/24 is subnetted, 2 subnets
B 10.2.2.0 [20/0] via 172.64.2.1 (CUST2), 00:22:35
[20/0] via 2.2.2.2, 00:00:27
B 10.1.1.0 [20/0] via 172.64.1.1, 00:22:45
PE1#sh ip bgp vpnv4 all 10.2.2.0
BGP routing table entry for 1:1:10.2.2.0/24, version 24
Paths: (2 available, best #2, table CUST1)
Multipath: eiBGP
Flag: 0x800
Advertised to update-groups:
1
65002, imported path from 2:2:10.2.2.0/24
2.2.2.2 (metric 11) from 2.2.2.2 (2.2.2.2)
Origin IGP, metric 0, localpref 100, valid, internal, multipath
Extended Community: RT:2:2
mpls labels in/out nolabel/20
65002, imported path from 1:2:10.2.2.0/24
172.64.2.1 from 172.64.2.1 (10.2.2.1)
Origin IGP, metric 0, localpref 100, valid, external, multipath, best
Extended Community: RT:1:2
Regards,
Amit.@Giuseppe- I have to agree with you. To support your claim, when I made the eBGP route unavailable, the routing table stored the iBGP path with correct AD i.e. 200.
@shivlu- Here's the implementation mate.
http://sites.google.com/site/amitsciscozone/home/bgp/bgp-multipath-load-sharing-for-both-ebgp-and-ibgp-in-an-mpls-vpn -
Inject BGP Default Routes into Multiple VRF before Best Path Selection
Hello,
I have the following setup:
Multiple Border Routers with eBGP sessions to external AS. We receive a default route from this multiple AS to keep the Table manageable. We noticed an important part of our traffic was been SW routed instead of CEF when we had the Full Internet table. Router Resources came to the ground when we changed to a default.
Now I want to separate this default routes into different VRF. Attached is the Diagram.
My question is, the multiple default route all go into the BGP Table. The BGP table then select the best route and place it on the RIB and then to the FIB.
I want to redistribute the different Route on the BGP table prior to the Best path selection algorithm and placed on the RIB.
How can I achieve this?Hi,
Redistribution of multiple routes to same prefix is not possible. Even if you have configured BGP multipath and all different bgp routes got installed into routing table, during redistribution only route will be redistributed.
Also would like to understand the requirement of redistributing multiple BGP routes in to IGP. As per your diagram, 3 different eBGP sessions are on three different routers, so you can prefer eBGP route over iBGP received from other routers and can distribute eBGP route to IGP from each router. Thus you will have three different default routes in to IGP in core.
Please don't forget to rate this post if it has been helpful
- Akash -
BGP Problems when activate 1-100GbE linecard
I have a CRS-8/S with version 4.0.1 installed.
I configured bgp multipath load-balacing and maximum-paths 6 EBGP.
I have 7 bgp peers, however due to the maximum-paths 6 EBGP, only six of them"work".
A few days, I installed the card 1-100GbE on CRS. At that time we started to have 8 bgp peers.
After installing this card, I got 5 links 10G and 100G works, in the context of BGP, however were the 10G with some installability.
Is it normal?
I can pass the idea?It is ok Luis,
how have you measured those instabilities? and the big question whether you have them at the time being or they have disappeared by themselves?
were there any peer flaps registered? any performance-related issues?
I could think of different BGP tables those peers have been announcing to your box, can you check and confirm the same please?
In general, there is no distinction be it 10GE or 100GE in terms of how well the load-balancing would work.
HTH,
Ivan. -
MPLS VPN load sharing when multihoming
Any one know of best practices for outbound load balancing when multihoming to 2 different service providers in an mpls vpn.
I have referred to this document (http://www.cisco.com/warp/public/459/40.html) which states the only way to do this is by assigning metrics/weights to a certain range of prefixes learned from one provider, hence load sharing.
Turning up bgp multipath on the CE would be optimal but since AS PATHs are different the best path selection will be different. Could we possibly turn of best path selection for AS paths (bgp bestpath as-path ignore) and make multipath work? Would that install 2 routes for the same prefix in the RIB?
Thanks
Ariful HuqYes you can turn off best path selection for AS path and have multipath work. For a route to be populated in routing table BGP has various metrics for its selection. AS path is one of the metrics it uses for best route selection, so I dont think there should be any problem with it.
-
MP-BGP and MPLS multipath load sharing
Hi,
I am trying to PoC MPLS multi path load sharing by using per-PE-per-VRF RDs in the network.
I have a simple lab setup with AS65000 which consists of SITE1 PE1&PE2 routers (10.250.0.101 and 10.250.0.102), route reflector RR in the middle (10.250.0.55) and SITE2 PE1&PE2 routers (10.250.0.201 and 10.250.0.202). PE routers only do iBGP peering with centralized route reflector and passing route to 10.1.1.0/24 prefix (learned from single CE router) with 100:1 and 100:2 RDs for specific VRF.
Route reflector gets routes with multiple RDs, makes copies of these routes in order to make local comparison to RD 55:55 configured, uses these routes and install multiple paths into its routing table (all PE routers and RR have "maximum-paths eibgp 4" configured):
RR#sh ip bgp vpnv4 all
BGP table version is 7, local router ID is 10.250.0.55
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 55:55 (default for vrf VRF-A) VRF Router ID 10.250.0.55
* i10.1.1.0/24 10.250.0.102 0 100 0 65001 i
*>i 10.250.0.101 0 100 0 65001 i
Route Distinguisher: 100:1
*>i10.1.1.0/24 10.250.0.101 0 100 0 65001 i
Route Distinguisher: 100:2
*>i10.1.1.0/24 10.250.0.102 0 100 0 65001 i
RR#sh ip route vrf VRF-A
<output omitted>
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B 10.1.1.0/24 [200/0] via 10.250.0.102, 00:45:52
[200/0] via 10.250.0.101, 00:46:22
BUT, for some reason RR doest reflects routes with multiple RDs down to SITE2 PE1&PE2 - its own clients:
RR#sh ip bgp vpnv4 all neighbors 10.250.0.201 advertised-routes
Total number of prefixes 0
RR#sh ip bgp vpnv4 all neighbors 10.250.0.202 advertised-routes
Total number of prefixes 0
Here comes RR BGP configuration:
router bgp 65000
no synchronization
bgp router-id 10.250.0.55
bgp cluster-id 1.1.1.1
bgp log-neighbor-changes
neighbor 10.250.0.101 remote-as 65000
neighbor 10.250.0.101 update-source Loopback0
neighbor 10.250.0.101 route-reflector-client
neighbor 10.250.0.101 soft-reconfiguration inbound
neighbor 10.250.0.102 remote-as 65000
neighbor 10.250.0.102 update-source Loopback0
neighbor 10.250.0.102 route-reflector-client
neighbor 10.250.0.102 soft-reconfiguration inbound
neighbor 10.250.0.201 remote-as 65000
neighbor 10.250.0.201 update-source Loopback0
neighbor 10.250.0.201 route-reflector-client
neighbor 10.250.0.201 soft-reconfiguration inbound
neighbor 10.250.0.202 remote-as 65000
neighbor 10.250.0.202 update-source Loopback0
neighbor 10.250.0.202 route-reflector-client
neighbor 10.250.0.202 soft-reconfiguration inbound
no auto-summary
address-family vpnv4
neighbor 10.250.0.101 activate
neighbor 10.250.0.101 send-community both
neighbor 10.250.0.102 activate
neighbor 10.250.0.102 send-community both
neighbor 10.250.0.201 activate
neighbor 10.250.0.201 send-community both
neighbor 10.250.0.202 activate
neighbor 10.250.0.202 send-community both
exit-address-family
address-family ipv4 vrf VRF-A
maximum-paths eibgp 4
no synchronization
bgp router-id 10.250.0.55
network 10.255.1.1 mask 255.255.255.255
exit-address-family
SITE1 PE1 configuration:
router bgp 65000
no synchronization
bgp router-id 10.250.0.101
bgp log-neighbor-changes
neighbor 10.250.0.55 remote-as 65000
neighbor 10.250.0.55 update-source Loopback0
neighbor 10.250.0.55 soft-reconfiguration inbound
no auto-summary
address-family vpnv4
neighbor 10.250.0.55 activate
neighbor 10.250.0.55 send-community both
exit-address-family
address-family ipv4 vrf VRF-A
neighbor 10.1.101.2 remote-as 65001
neighbor 10.1.101.2 activate
neighbor 10.1.101.2 soft-reconfiguration inbound
maximum-paths eibgp 4
no synchronization
bgp router-id 10.250.0.101
exit-address-family
SITE1 PE2 configuration is similar to SITE1 PE1. They both do eBGP peering with dualhomed CE router in AS65001 which announces 10.1.1.0/24 prefix into VRF-A table.
My question is: clearly, the issue is that RR doesn't reflect any routes to its clients (SITE2 PE1&PE2) for 10.1.1.0/24 prefix with 100:1 and 100:2 RDs that dont match it's locally configured RD 55:55 for VRF-A, although they are present in its BGP/RIB tables and used for multipathing. Is this an expected behavior or some feature limitation for specific platform or IOS version? Currently, in this test lab setup I run IOS 12.4(24)T8 on all the devices.
Please, let me know if any further details are needed to get an idea of why this well known and widely used feature is not working correctly in my case. Thanks a lot!
Regards,
SergeyHi Ashish,
I tried to remove VRF and address family configurations completely from RR.
router bgp 65000
no synchronization
bgp router-id 10.250.0.55
bgp cluster-id 1.1.1.1
bgp log-neighbor-changes
neighbor 10.250.0.101 remote-as 65000
neighbor 10.250.0.101 update-source Loopback0
neighbor 10.250.0.101 route-reflector-client
neighbor 10.250.0.101 soft-reconfiguration inbound
neighbor 10.250.0.102 remote-as 65000
neighbor 10.250.0.102 update-source Loopback0
neighbor 10.250.0.102 route-reflector-client
neighbor 10.250.0.102 soft-reconfiguration inbound
neighbor 10.250.0.201 remote-as 65000
neighbor 10.250.0.201 update-source Loopback0
neighbor 10.250.0.201 route-reflector-client
neighbor 10.250.0.201 soft-reconfiguration inbound
neighbor 10.250.0.202 remote-as 65000
neighbor 10.250.0.202 update-source Loopback0
neighbor 10.250.0.202 route-reflector-client
neighbor 10.250.0.202 soft-reconfiguration inbound
no auto-summary
address-family vpnv4
neighbor 10.250.0.101 activate
neighbor 10.250.0.101 send-community both
neighbor 10.250.0.102 activate
neighbor 10.250.0.102 send-community both
neighbor 10.250.0.201 activate
neighbor 10.250.0.201 send-community both
neighbor 10.250.0.202 activate
neighbor 10.250.0.202 send-community both
exit-address-family
After this, RR doesn't accept any routes at all from S1PE1&S1PE2 routers, thus not reflecting any routes down to its clients S2PE1&S2PE2 as well:
S1PE1#sh ip bgp vpnv4 all
BGP table version is 6, local router ID is 10.250.0.101
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VRF-A) VRF Router ID 10.250.0.101
*> 10.1.1.0/24 10.1.101.2 0 0 65001 i
S1PE1#sh ip bgp vpnv4 all neighbors 10.250.0.55 advertised-routes
BGP table version is 6, local router ID is 10.250.0.101
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VRF-A) VRF Router ID 10.250.0.101
*> 10.1.1.0/24 10.1.101.2 0 0 65001 i
Total number of prefixes 1
S1PE2#sh ip bgp vpnv4 all
BGP table version is 6, local router ID is 10.250.0.102
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:2 (default for vrf VRF-A) VRF Router ID 10.250.0.102
*> 10.1.1.0/24 10.1.201.2 0 0 65001 i
S1PE2#sh ip bgp vpnv4 all neighbors 10.250.0.55 advertised-routes
BGP table version is 6, local router ID is 10.250.0.102
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:2 (default for vrf VRF-A) VRF Router ID 10.250.0.102
*> 10.1.1.0/24 10.1.201.2 0 0 65001 i
Total number of prefixes 1
RR#sh ip bgp vpnv4 all
RR#sh ip bgp vpnv4 all neighbors 10.250.0.101 routes
Total number of prefixes 0
RR#sh ip bgp vpnv4 all neighbors 10.250.0.102 routes
Total number of prefixes 0
Any feedback is appreciated. Thanks.
Regards,
Sergey -
MPLS BGP routes push to DMVPN spokes
I have an MPLS with BGP. I also have sites that are not connected directly to the MPLS, but have a s2s VPN to hub sites that are connected to the MPLS and that way they access the MPLS resources. I need to communicate the route changes to the MPLS when the DMVPN fails-over to another hub.
Currently this is my config:
Datacenter (MPLS only)
interface GigabitEthernet0/1
description MPLS
ip address 192.168.0.34 255.255.255.252
interface Vlan2
ip address 192.168.96.2 255.255.255.0
router bgp 65511
bgp log-neighbor-changes
network 192.168.96.0
neighbor 192.168.0.33 remote-as 65510
Hub site 1 (MPLS + internet)
interface Tunnel200
ip address 10.99.99.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication auth
ip nhrp map multicast dynamic
ip nhrp network-id 12345
ip nhrp holdtime 600
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 200
tunnel protection ipsec profile dmvpn
interface GigabitEthernet0/1
description MPLS
ip address 192.168.1.2 255.255.255.0 secondary
ip address 192.168.0.2 255.255.255.252
router bgp 65001
bgp log-neighbor-changes
network 192.168.1.0
network 192.168.21.0
!10.99 clients are DMVPN spokes
neighbor 10.99.99.3 remote-as 99010
neighbor 10.99.99.3 route-reflector-client
neighbor 10.99.99.21 remote-as 99001
neighbor 10.99.99.21 route-reflector-client
!as 65000 is the MPLS PE
neighbor 192.168.0.1 remote-as 65000
Hub Site 2, has the same configuration, except for local ip address and router BGP ID.
Spoke site:
interface Tunnel200
ip address 10.99.99.3 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication auth
ip nhrp map 10.99.99.1 PUBLIC_IP_HUB_1
ip nhrp map 10.99.99.16 PUBLIC_IP_HUB_2
ip nhrp network-id 12345
ip nhrp holdtime 600
ip nhrp nhs 10.99.99.1 priority 1
ip nhrp nhs 10.99.99.16 priority 5
ip nhrp nhs fallback 60
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 200
tunnel protection ipsec profile dmvpn
interface GigabitEthernet0/1
description Internal
ip address 192.168.3.1 255.255.255.192
router bgp 99010
bgp log-neighbor-changes
network 192.168.3.0
neighbor 10.99.99.1 remote-as 65001
neighbor 10.99.99.16 remote-as 65013
On this spoke site
#sh ip route
B 192.168.1.0/24 [20/0] via 10.99.99.1, 00:47:01
which is the HUB network, but the rest of the MPLS routes are not "learned".
What am I missing?
Thanks!Hi Jon, I've ommited the configuration of the MPLS provider routers in between. The DC is connected to a router that has the AS 65510.
DC:CPE---PE:{MPLS}PE---CPE:HUB---{internet}---Spoke
The DC is ok getting the network information via BGP:
#sh ip route
B 192.168.3.0/24 [20/0] via 192.168.0.33, 3d05h
B 192.168.21.0/24 [20/0] via 192.168.0.33, 3d05h
#sh ip bgp 192.168.21.0
BGP routing table entry for 192.168.21.0/24, version 559
Paths: (1 available, best #1, table default)
Not advertised to any peer
Refresh Epoch 1
65510 3549 6140 3549 65000
192.168.0.33 from 192.168.0.33 (###.###.###.###)
Origin IGP, localpref 100, valid, external, best
#sh ip route 192.168.21.0
Routing entry for 192.168.21.0/24
Known via "bgp 65511", distance 20, metric 0
Tag 65510, type external
Last update from 192.168.0.33 3d05h ago
Routing Descriptor Blocks:
* 192.168.0.33, from 192.168.0.33, 3d05h ago
Route metric is 0, traffic share count is 1
AS Hops 5
Route tag 65510
MPLS label: none
Spoke:
#sh ip bgp
BGP table version is 494, local router ID is 192.168.21.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.0.129.32/27 10.99.99.16 0 65013 65012 3549 ?
*> 192.168.96.0 10.99.99.16 0 65013 65012 3549 6745 65510 ?
#sh ip route 192.168.96.0
Routing entry for 192.168.96.0/24
Known via "bgp 99001", distance 20, metric 0
Tag 65013, type external
Last update from 10.99.99.16 00:02:11 ago
Routing Descriptor Blocks:
* 10.99.99.16, from 10.99.99.16, 00:02:11 ago
Route metric is 0, traffic share count is 1
AS Hops 5
Route tag 65013
MPLS label: none
#sh ip bgp 192.168.96.0
BGP routing table entry for 192.168.96.0/24, version 465
Paths: (1 available, best #1, table default)
Not advertised to any peer
Refresh Epoch 2
65013 65012 3549 6745 65510
10.99.99.16 from 10.99.99.16 (10.2.16.1)
Origin incomplete, localpref 100, valid, external, best
The route is not being updated to the rest of the routers, and the 192.168.21.0 network is still announced via the old route.
(from spoke)
ping 192.168.96.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.96.2, timeout is 2 seconds:
Success rate is 0 percent (0/5)
From DC
#traceroute 192.168.21.1
Type escape sequence to abort.
Tracing the route to 192.168.21.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.0.33 [AS 65510] 0 msec 0 msec 0 msec
2 172.50.1.33 [AS 65510] 56 msec 36 msec 36 msec
3 10.80.1.1 [AS 3549] 44 msec 44 msec 44 msec
4 10.80.1.2 [AS 3549] 172 msec 172 msec 168 msec
5 172.50.1.1 [AS 3549] 168 msec 168 msec 172 msec
6 172.50.1.2 [AS 3549] 180 msec 180 msec 176 msec
7 192.168.0.2 [AS 65000] 172 msec 172 msec 168 msec <- old route, should be 192.168.0.9
8 192.168.0.2 [AS 65000] !H * !H -
Issue with multipath load-sharing of VPNv4 routes
Hi Sir,
Below is output of "show ip bgp vpnv4 all 10.1.36.0/24" on a PE router in an MPLS VPN environment:
KP1#sh ip bgp vpnv4 all 10.1.36.0/24
BGP routing table entry for 65001:202:10.1.36.0/24, version 1732
Paths: (2 available, best #1, no table)
Not advertised to any peer
Local
172.18.254.56 (metric 31) from 172.18.254.54 (172.18.254.54)
Origin incomplete, metric 0, localpref 100, valid, internal, best
Extended Community: RT:65001:1200
Originator: 172.18.254.56, Cluster list: 172.18.254.54
Local
172.18.254.56 (metric 31) from 172.18.255.254 (172.18.255.254)
Origin incomplete, metric 0, localpref 100, valid, internal
Extended Community: RT:65001:1200
Originator: 172.18.254.56, Cluster list: 172.18.255.254
BGP routing table entry for 65001:203:10.1.36.0/24, version 2439
Paths: (2 available, best #2, no table)
Not advertised to any peer
Local
172.18.255.4 (metric 21) from 172.18.255.254 (172.18.255.254)
Origin incomplete, metric 0, localpref 100, valid, internal
Extended Community: RT:65001:1200
Originator: 172.18.255.4, Cluster list: 172.18.255.254
Local
172.18.255.4 (metric 21) from 172.18.254.54 (172.18.254.54)
Origin incomplete, metric 0, localpref 100, valid, internal, best
Extended Community: RT:65001:1200
Originator: 172.18.255.4, Cluster list: 172.18.254.54
BGP routing table entry for 65001:204:10.1.36.0/24, version 2441
Paths: (2 available, best #2, table V1:TEST)
Multipath: iBGP
Not advertised to any peer
Local, imported path from 65001:202:10.1.36.0/24
172.18.254.56 (metric 31) from 172.18.254.54 (172.18.254.54)
Origin incomplete, metric 0, localpref 100, valid, internal
Extended Community: RT:65001:1200
Originator: 172.18.254.56, Cluster list: 172.18.254.54
Local, imported path from 65001:203:10.1.36.0/24
172.18.255.4 (metric 21) from 172.18.254.54 (172.18.254.54)
Origin incomplete, metric 0, localpref 100, valid, internal, best
Extended Community: RT:65001:1200
Originator: 172.18.255.4, Cluster list: 172.18.254.54
KP1#
There are two RRs on the network: RR1 (172.18.254.54) and RR2 (172.18.255.254). All PE routers peer with these two RRs.
The VPNv4 prefix 10.1.36.0/24 is advertised by two PE routers; the first is 172.18.254.56 (hostname: SK1) using RD 65001:202, another is 172.18.255.4 (hostname: SK2) using RD 65001:203. This is an Intranet VPN with RT value of 65001:1200.
I understand why KP1 selects the path via SK2 as the best because it matches the BGP best-path selection criteria: "Prefer the path with the lowest IGP metric to the BGP next hop".
I want to load-balance traffic destined to 10.1.36.0/24 across SK1 and SK2. Thus, I modified the config on KP1 as follows:
router bgp 65001
address-family ipv4 vrf V1:TEST
maximum-paths ibgp 2
But still only one best path is selected and installed into the VRF routing tables, as follows:
KP1#sh ip route vrf V1:TEST
Routing Table: V1:TEST
10.0.0.0/24 is subnetted, 6 subnets
B 10.1.36.0 [200/0] via 172.18.255.4, 20:53:01
KP1#sh ip bgp vpnv4 vrf V1:TEST
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10081:204 (default for vrf V1:TEST)
* i10.1.36.0/24 172.18.254.56 0 100 0 ?
*>i 172.18.255.4 0 100 0 ?
KP1 only installs the two paths when I configured the following:
router bgp 65001
address-family ipv4 vrf V1:TEST
maximum-paths ibgp unequal-cost 2 (I can't exactly remember the command. It should be this one.)
Please advise if this is the correct way to install both routes.
Thank you.
B.Rgds,
Lim TSHi,
"maximum-path ... unequal-cost" means install two pathes EVEN IF paths have unequal IGP metric. If the metric is identical then the BGP path selection is identical to not configuring "unequal-cost".
This option is used to skip the normal BGP path selection step "closest IGP neighbor" when it comes to decide what to insert into the IP routing table.
So typically you would use "unequal-cost" as for the VPN customer your core network is not interesting (not even visible). So routing decisions based on your core network metrics are (often) not in the customers interest. The customer is usually interested in loading the redundant access lines. This would potentially not be possible because of the SP BGP selection mechanism.
Hope this helps!
Regards, Martin -
BGP route-reflector next-hop issue
Hello,
I have a small GNS3 lab that is working with one exception: I cannot ping loopback0 on RRc2 and RRc3 from RRc1.
RRc1, RRc2 and RRc3 can all ping loopback0 on SmileyISP and RRc2 and RRc3 can ping each others loopback0
interfaces.
I am broken between the two route-reflectors: RRS1 and RRS2.
Given these conditions:
1) Do not configure any IGP.
2) No static routes
How do I get connectivity from RRc1's loopback0 interface to RRc2 loopback0 and RRc3 loopback0?
I used a route-map to set the next hop, but I am obviously doing something wrong.
I am providing relevant show command outputs, router configs, and the GNS3 topology.net config.
You will have to change the image and working directories to match your computer.
Not quite sure where I am going wrong.
Any help would be greatly appreciated.
Thanks.
-- Mark
RRc1#sh ip bgp
BGP table version is 53, local router ID is 172.16.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*>i 1.1.1.0/24 10.1.25.5 0 100 0 100 i
*>i 10.1.12.0/24 10.1.26.2 0 100 0 i
*>i 10.1.13.0/24 10.1.12.1 0 100 0 i
*>i 10.1.14.0/24 10.1.12.1 0 100 0 i
*>i 10.1.15.0/24 10.1.12.1 0 100 0 i
*>i 10.1.25.0/24 10.1.26.2 0 100 0 i
* i 10.1.26.0/24 10.1.26.2 0 100 0 i
*> 0.0.0.0 0 32768 i
*> 172.16.1.0/24 0.0.0.0 0 32768 i
*>i 172.16.2.0/24 10.1.12.1 0 100 0 i
*>i 172.16.3.0/24 10.1.12.1 0 100 0 i
RRc1#
RRc1#ping 172.16.2.1 so lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.1
Success rate is 0 percent (0/5)
RRc1#
RRc2#sh ip bgp
BGP table version is 31, local router ID is 172.16.2.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*>i 1.1.1.0/24 10.1.15.5 0 100 0 100 i
* i 10.1.12.0/24 10.1.12.2 0 100 0 i
* i 10.1.13.0/24 10.1.13.1 0 100 0 i
*> 0.0.0.0 0 32768 i
*>i 10.1.14.0/24 10.1.13.1 0 100 0 i
*>i 10.1.15.0/24 10.1.13.1 0 100 0 i
* i 10.1.25.0/24 10.1.12.2 0 100 0 i
* i 10.1.26.0/24 10.1.12.2 0 100 0 i
* i 172.16.1.0/24 10.1.12.2 0 100 0 i
*> 172.16.2.0/24 0.0.0.0 0 32768 i
*>i 172.16.3.0/24 10.1.14.4 0 100 0 i
RRc2#
SmileyISP#sh run
Building configuration...
Current configuration : 988 bytes
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname SmileyISP
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface Loopback0
ip address 1.1.1.1 255.255.255.0
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.15.5 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
ip address 10.1.25.5 255.255.255.0
speed auto
duplex auto
router bgp 100
bgp log-neighbor-changes
network 1.1.1.0 mask 255.255.255.0
network 10.1.15.0 mask 255.255.255.0
neighbor 10.1.15.1 remote-as 200
neighbor 10.1.25.2 remote-as 200
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRS1#sh run
Building configuration...
Current configuration : 1594 bytes
! Last configuration change at 19:24:34 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRS1
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.15.1 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
ip address 10.1.12.1 255.255.255.0
speed auto
duplex auto
interface FastEthernet2/0
ip address 10.1.13.1 255.255.255.0
speed auto
duplex auto
interface FastEthernet2/1
ip address 10.1.14.1 255.255.255.0
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.13.0 mask 255.255.255.0
network 10.1.14.0 mask 255.255.255.0
network 10.1.15.0 mask 255.255.255.0
neighbor RouteReflectors peer-group
neighbor RouteReflectors remote-as 200
neighbor RouteReflectors route-map NEXTHOP out
neighbor RRClients peer-group
neighbor RRClients remote-as 200
neighbor RRClients route-reflector-client
neighbor 10.1.12.2 peer-group RouteReflectors
neighbor 10.1.13.3 peer-group RRClients
neighbor 10.1.14.4 peer-group RRClients
neighbor 10.1.15.5 remote-as 100
ip forward-protocol nd
no ip http server
no ip http secure-server
route-map NEXTHOP permit 10
set ip next-hop peer-address
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRS2#sh ru
Building configuration...
Current configuration : 1542 bytes
! Last configuration change at 19:42:06 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRS2
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.12.2 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
ip address 10.1.25.2 255.255.255.0
speed auto
duplex auto
interface FastEthernet2/0
ip address 10.1.26.2 255.255.255.0
speed auto
duplex auto
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.12.0 mask 255.255.255.0
network 10.1.25.0 mask 255.255.255.0
network 10.1.26.0 mask 255.255.255.0
neighbor RouteReflectors peer-group
neighbor RouteReflectors remote-as 200
neighbor RouteReflectors route-map NEXTHOP out
neighbor RRClients peer-group
neighbor RRClients remote-as 200
neighbor RRClients route-reflector-client
neighbor 10.1.12.1 peer-group RouteReflectors
neighbor 10.1.25.5 remote-as 100
neighbor 10.1.26.6 peer-group RRClients
ip forward-protocol nd
no ip http server
no ip http secure-server
route-map NEXTHOP permit 10
set ip next-hop peer-address
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRc1#sh run
Building configuration...
Current configuration : 1005 bytes
! Last configuration change at 18:43:57 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRc1
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface Loopback0
ip address 172.16.1.1 255.255.255.0
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.26.6 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.26.0 mask 255.255.255.0
network 172.16.1.0 mask 255.255.255.0
neighbor 10.1.26.2 remote-as 200
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRc2#sh run
Building configuration...
Current configuration : 1005 bytes
! Last configuration change at 18:45:05 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRc2
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface Loopback0
ip address 172.16.2.1 255.255.255.0
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.13.3 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.13.0 mask 255.255.255.0
network 172.16.2.0 mask 255.255.255.0
neighbor 10.1.13.1 remote-as 200
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRc3#wr term
Building configuration...
Current configuration : 1005 bytes
! Last configuration change at 18:31:12 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRc3
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface Loopback0
ip address 172.16.3.1 255.255.255.0
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.14.4 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.14.0 mask 255.255.255.0
network 172.16.3.0 mask 255.255.255.0
neighbor 10.1.14.1 remote-as 200
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
autostart = False
version = 0.8.6
[127.0.0.1:7202]
workingdir = C:\Users\Mark\AppData\Local\Temp
udp = 10200
image = C:\downloads\GNS3\c7200-adventerprisek9-mz.152-4.S5.image
idlepc = 0x62f1e4ec
ghostios = True
console = 2005
aux = 2100
cnfg = configs\SmileyISP.cfg
slot1 = PA-2FE-TX
f1/0 = RRS1 f1/0
f1/1 = RRS2 f1/1
x = -24.0
y = -259.0
z = 1.0
hx = -1.5
hy = -24.0
console = 2015
aux = 2101
cnfg = configs\RRc1.cfg
slot1 = PA-2FE-TX
f1/0 = RRS2 f2/0
x = -292.0
y = 200.0
z = 1.0
hx = -5.5
hy = -25.0
[127.0.0.1:7200]
workingdir = C:\Users\Mark\AppData\Local\Temp
udp = 10000
image = C:\downloads\GNS3\c7200-adventerprisek9-mz.152-4.S5.image
idlepc = 0x62f1e4ec
ghostios = True
console = 2012
aux = 2102
cnfg = configs\RRS1.cfg
slot1 = PA-2FE-TX
f1/0 = SmileyISP f1/0
f1/1 = RRS2 f1/0
slot2 = PA-2FE-TX
f2/0 = RRc2 f1/0
f2/1 = RRc3 f1/0
x = 197.0
y = 6.0
z = 1.0
hx = 42.5
hy = -20.0
console = 2013
aux = 2103
cnfg = configs\RRS2.cfg
slot1 = PA-2FE-TX
f1/0 = RRS1 f1/1
f1/1 = SmileyISP f1/1
slot2 = PA-2FE-TX
f2/0 = RRc1 f1/0
x = -239.0
y = 9.0
z = 1.0
hx = 1.5
hy = -24.0
[127.0.0.1:7201]
workingdir = C:\Users\Mark\AppData\Local\Temp
udp = 10100
image = C:\downloads\GNS3\c7200-adventerprisek9-mz.152-4.S5.image
idlepc = 0x62f1e4ec
ghostios = True
console = 2009
aux = 2104
cnfg = configs\RRc3.cfg
slot1 = PA-2FE-TX
f1/0 = RRS1 f2/1
x = 337.0
y = 155.0
z = 1.0
hx = 17.5
hy = -25.0
console = 2008
aux = 2105
cnfg = configs\RRc2.cfg
slot1 = PA-2FE-TX
f1/0 = RRS1 f2/0
x = 149.0
y = 204.0
z = 1.0
hx = -13.5
hy = -23.0
[GNS3-DATA]
configs = configs
text = ".1"
x = 208.0
y = -23.0
text = "10.1.12.0/24"
x = -19.0
y = 5.0
text = ".1"
x = 153.0
y = 25.0
text = ".1"
x = 259.0
y = 33.0
text = "10.1.13.0/24"
x = 238.0
y = 84.0
rotate = 99
text = "10.1.25.0/24"
x = -188.0
y = -124.0
text = "l0: 172.16.2.1/24"
x = 125.0
y = 244.0
text = "l0:172.16.1.1/24"
x = -269.0
y = 240.0
text = "10.1.15.0/24"
x = 116.0
y = -127.0
text = "10.1.14.0/24"
x = 293.0
y = 53.0
rotate = 50
text = ".1"
x = 194.0
y = 68.0
text = "AS100"
x = -20.0
y = -342.0
text = ".2"
x = -148.0
y = 46.0
text = "AS200"
x = 33.0
y = 300.0
text = "l0: 1.1.1.1/24"
x = -42.0
y = -306.0
text = ".5"
x = 50.0
y = -213.0
text = ".2"
x = -248.0
y = 60.0
text = ".2"
x = -174.0
y = -52.0
text = ".5"
x = -54.0
y = -209.0
text = ".6"
x = -232.0
y = 189.0
text = "l0:172.16.3.1/24"
x = 299.0
y = 194.0
text = "10.1.26.0/24"
x = -274.0
y = 167.0
rotate = 290
text = ".3"
x = 208.0
y = 187.0
text = ".4"
x = 312.0
y = 155.0
type = ellipse
x = 50.0
y = -35.0
width = 385.0
height = 345.0
fill_color = "#ffff7f"
border_style = 2
z = -1.0
type = ellipse
x = -171.0
y = -346.0
width = 359.0
height = 200.0
fill_color = "#aaff7f"
border_style = 2
z = -1.0
type = ellipse
x = -407.0
y = -87.0
width = 883.0
height = 443.0
border_style = 2
z = -2.0
type = ellipse
x = -361.0
y = -29.0
width = 385.0
height = 326.0
fill_color = "#55aaff"
border_style = 2
z = -3.0BD,
Ahh...
OK. In the original article, the author states that the final piece with the route map
NEXTHOP was supposed to fix the reachability issue. Obviously it doesn't.
After reading your last post, I looked more carefully at the output from 'sh ip bgp'
on each of the client routers and I realized that several of the next hop addresses were
wrong for some of the prefixes.
1) I completely removed the 'neighbor RouteReflectors route-map NEXTHOP out'
from both RR's. Then I ran 'sh ip bgp' on the clients and noted a change in the next hop addresses. Still wrong, but it changed.
2) I then tried next-hop-self from the RR's to the clients, but it did not change from where
it was after I completed step 1. I am not sure why there was no change. (actually, see the very end of this post)
3) I then applied my version of the route map: route-map NEXTHOP permit 10
set ip next-hop peer-address
to the RR's with this: neighbor RRClients route-map NEXTHOP out
That fixed it. All three clients have as their next hop for all prefixes their respective
RR's (which is what they should have for this topology).
I have full connectivity everywhere, even loopback to loopback between all clients.
1) THANK YOU for pointing me in the right direction.
2) If I may ask, why did next hop self fail? More specifically, I saw no change at all
in the next hop for the advertised prefixes. Is it because next-hop-self should be used
for eBGP peers and all of the RR's and clients are all within the same AS? -
BGP Outbound Route-Map Question
Hi Experts,
Just need your help again. I was trying to do some lab and I came across this weird behaviour with BGP outbound route-map. The diagram is simple.
Please see attached diagram. Sorry for the very poor illustration. R6 has iBGP peering to both R4 and R1. Both R1 and R4 have eBGP peering to R5. No IGP running on any routers as well to keep things simple. There are 2 things to do.
* Create a static route for 160.1.0.0/16 pointing to Null0 on both R1 and R4 and advertise to BGP via network statement but only R5 should be able to see the 160.1.0.0/16 route. R6 should not receive it.
* Advertise R5's /32 loopback interface to BGP but ensure R6 to have that route in its routing table. Don't use next-hop-self on both R1 and R4. Don't advertise WAN link via network command.
I'll just illustrate R4 and R6 here to keep things straight forward.
R4#sh ip bgp
BGP table version is 5, local router ID is 150.1.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 150.1.5.5/32 155.1.45.5 0 0 100 i
*> 160.1.0.0 0.0.0.0 0 32768 i
R6#sh ip bgp
BGP table version is 11, local router ID is 150.1.6.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i150.1.5.5/32 155.1.45.5 0 100 0 100 i
* i 155.1.0.5 0 100 0 100 i
The first task was achieved as the 160.0.0.0/16 route is not present in R6's table. I used these commands in R4.
router bgp 65000
no synchronization
bgp log-neighbor-changes
network 160.1.0.0
neighbor 155.1.45.5 remote-as 100
neighbor 155.1.146.6 remote-as 65000
neighbor 155.1.146.6 route-map R6_OUT out
no auto-summary
route-map R6_OUT deny 5
match ip address prefix-list AGGR
route-map R6_OUT permit 1000
ip prefix-list AGGR seq 5 permit 160.1.0.0/16
So with the configuration above, it is clear that R4 is hitting route-map line 5 to deny 160.1.0.0/16 being advertised to R6. I tried to remove line 5 to validate as well if the /16 route will be advertised to R6 and it did so route-map configuration above is confirmed working.
Next, advertise loopback 0 of R5 to R6 and make sure it is a valid route in BGP table without the use of next-hop-self or WAN advertisement.
I used the following configuration.
ip prefix-list R5_LINK seq 5 permit 155.1.45.5/32
route-map R6_OUT permit 10
match ip route-source R5_LINK
set ip next-hop 155.1.146.4
I inserted line 10 in between route-map 5 and 1000. So R4 would check its route table for routes with 155.1.45.5 as route-source then advertise it to R6 with next-hop address of 155.1.146.4. It worked!
R6#sh ip bgp
BGP table version is 15, local router ID is 150.1.6.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i150.1.5.5/32 155.1.146.4 0 100 0 100 i
* i 155.1.0.5 0 100 0 100 i
*>i160.1.0.0 155.1.146.4 0 100 0 i
As you can see above, 150.1.5.5 route is now a valid BGP route but surprisingly, the 160.1.0.0/16 route is there! From what I have seen, BGP skipped line 5 and started at 10. Even if I insert the same rule as line 5 and make it as line 15, it's not working. The /16 route is still being advertised. If I remove the match ip route-source clause in sequence 10 then it will withdraw the 160.1.0.0/16 route again. Looks like "match ip route-source" is not very friendly with direct filtering to BGP neighbors but I saw this being used with BGP inject-map and it worked well.
R4#sh route-map
route-map R6_OUT, deny, sequence 5
Match clauses:
ip address prefix-lists: AGGR
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map R6_OUT, permit, sequence 10
Match clauses:
ip route-source (access-lists): R5_LINK
Set clauses:
ip next-hop 155.1.146.4
Policy routing matches: 0 packets, 0 bytes
route-map R6_OUT, permit, sequence 1000
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
Any thoughts why this is happening?
Thanks in advance.Hi John,
I did a small lab to test feature "match ip route-source" and it is working fine. Please check below config and output.
R4 does not have 172.16.16.0/24 and also routes for which next-hop is not 1.1.1.1. In case you still facing issue, please share output of "debug ip bgp updates out"
Topology
R1--ebgp--R3---ibgp---R4
R3#show ip b su | b Nei
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 100 34 36 29 0 0 00:27:37 7
4.4.4.4 4 300 9 12 29 0 0 00:04:12 0
R3#
R3#sh route-map TO-R4
route-map TO-R4, deny, sequence 10
Match clauses:
ip address prefix-lists: DENY-PREFIX
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map TO-R4, permit, sequence 20
Match clauses:
ip route-source (access-lists): 20
Set clauses:
Policy routing matches: 0 packets, 0 bytes
R3#
R3#show ip prefix-list DENY-PREFIX
ip prefix-list DENY-PREFIX: 1 entries
seq 5 permit 172.16.16.0/24
R3#
R3#sh ip access-lists 20
Standard IP access list 20
20 permit 1.1.1.1 (25 matches)
R3#
R3#show ip b
BGP table version is 29, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 172.16.8.0/22 1.1.1.1 0 0 100 i
*> 172.31.13.1 20 32768 i
*> 172.16.16.0/24 1.1.1.1 0 0 100 i
*> 172.16.17.0/24 1.1.1.1 0 0 100 i
*> 172.16.19.0/24 1.1.1.1 0 0 100 i
*> 172.16.20.0/22 1.1.1.1 0 0 100 i
* 172.16.24.0/30 1.1.1.1 0 0 100 i
*> 172.31.13.1 20 32768 i
*> 172.16.80.0/22 1.1.1.1 0 0 100 i
R3#
R4#show ip b
BGP table version is 53, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
r>i172.16.17.0/24 1.1.1.1 0 100 0 100 i
r>i172.16.19.0/24 1.1.1.1 0 100 0 100 i
r>i172.16.20.0/22 1.1.1.1 0 100 0 100 i
*>i172.16.80.0/22 1.1.1.1 0 100 0 100 i
R4#
--Pls dont forget to rate helpful posts--
Regards,
Akash -
Trouble with advertise a route BGP from VRF on Cisco IOS 7600
Hi
the diagram especifie the actually operating network
we try to advertise the network 172.16.161.6 to Nortel devices and Cisco devices on cisco AS 2005 and 64912, if we are staying look the routing table on cisco 7600 the network 172.16.161.6 is know it
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/24/28 ms
cisco 7600#trace
cisco 7600#traceroute vrf data 172.16.161.6
Type escape sequence to abort.
Tracing the route to 172.16.161.6
1 189.1.11.5 [MPLS: Labels 581/730 Exp 0] 24 msec 24 msec 24 msec
2 172.16.12.73 [MPLS: Label 730 Exp 0] 36 msec 28 msec 36 msec
3 172.16.12.74 20 msec 20 msec 24 msec
4 172.16.14.10 64 msec 20 msec 20 msec
5 172.16.19.9 20 msec 24 msec 20 msec
6 172.16.161.6 24 msec 20 msec 24 msec
PE_CAR_1#ping vrf data 172.16.161.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.161.6, timeout is 2 seconds:
but the devices Nortel on AS 64912 on routing tables don´t know the networ 172.16.161.6
the difference on cisco 7600 that know both AS 64912 and 2005 is this one:
configuration on Cisco Router 7600
router bgp 2006
bgp router-id 172.16.110.97
bgp log-neighbor-changes
bgp graceful-restart restart-time 120
bgp graceful-restart stalepath-time 360
bgp graceful-restart
neighbor 172.16.10.41 remote-as 64912
neighbor 172.16.10.41 description PP-A6
neighbor 172.16.11.233 remote-as 64912
neighbor 172.16.11.233 description PP-2TE2
neighbor 172.16.12.73 remote-as 2005
neighbor 172.16.12.73 description PE_MEX_1
neighbor 172.16.12.73 fall-over bfd
neighbor 172.16.13.9 remote-as 2005
neighbor 172.16.13.9 description PE_MEX_3
neighbor 172.16.13.9 fall-over bfd
neighbor 172.16.13.77 remote-as 2005
neighbor 172.16.14.6 remote-as 64512
neighbor 172.16.14.10 remote-as 64512
neighbor 172.16.16.26 remote-as 64982
neighbor 172.16.16.26 description INTERNET-2
neighbor 172.16.16.30 remote-as 64982
neighbor 172.16.16.30 description INTERNET-1
address-family ipv4
neighbor 172.16.10.41 activate (conexion to Nortel Devices)
neighbor 172.16.10.41 route-map AS-PATH-MAN in
neighbor 172.16.10.41 route-map REDES-WAN->MAN out
neighbor 172.16.11.233 activate (conexion to Nortel Devices)
neighbor 172.16.11.233 route-map AS-PATH-MAN in
neighbor 172.16.11.233 route-map REDES-WAN->MAN out
neighbor 172.16.12.73 activate
neighbor 172.16.12.73 route-map REDES-WAN-PE_MEX_1 in
neighbor 172.16.12.73 route-map DEFAULT-ROUTE out
neighbor 172.16.13.9 activate (conexion to Cisco 7600 Devices)
neighbor 172.16.13.9 route-map REDES-WAN-PE_MEX_3 in
neighbor 172.16.13.9 route-map DEFAULT-ROUTE out
neighbor 172.16.13.77 activate
neighbor 172.16.13.77 route-map DEFAULT-ROUTE out
neighbor 172.16.14.6 activate (conexion to ASR 9000)
neighbor 172.16.14.6 route-map default out
neighbor 172.16.14.10 activate (conexion to ASR 9000)
neighbor 172.16.14.10 route-map default out
the difference that look it from routes to know Nortel devices an Cisco Devices is the sollow on Cisco 7600
Cisco 7600#sho ip bgp 150.151.1.250
BGP routing table entry for 150.151.0.0/16, version 5612717
Paths: (2 available, best #1, table default)
Multipath: eBGP
Advertised to update-groups:
2 4
2005
172.16.13.9 from 172.16.13.9 (150.220.250.5)
Origin IGP, localpref 300, valid, external, best
Community: 100:22
Extended Community: RT:100:22
2005
172.16.12.73 from 172.16.12.73 (150.220.250.1)
Origin IGP, localpref 260, valid, external
Community: 100:22
Extended Community: RT:100:22
Cisco 7600#sho ip bgp 172.16.161.6
BGP routing table entry for 172.16.161.6/32, version 6133620
Paths: (2 available, best #2, table default)
Multipath: eBGP
Not advertised to any peer
64512 64513
172.16.14.6 from 172.16.14.6 (172.16.14.1)
Origin incomplete, localpref 100, valid, external, multipath
Extended Community: RT:64512:64513
64512 64513
172.16.14.10 from 172.16.14.10 (172.16.14.2)
Origin incomplete, localpref 100, valid, external, multipath, best
Extended Community: RT:64512:64513
NOT advertised to any peer
if we looking on ASR the vrf GAT the network is advertised but on vrf CAMPUS not
RP/0/RSP0/CPU0:ED_MEX_1#sho bgp vrf CAMPUS 172.16.161.6
Mon May 20 12:58:03.516 UTC
BGP routing table entry for 172.16.161.6/32, Route Distinguisher: 64512:64513
Versions:
Process bRIB/RIB SendTblVer
Speaker 20 20
Local Label: 16004
Last Modified: May 17 17:24:29.877 for 2d19h
Paths: (1 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer
64513
172.16.19.5 from 172.16.19.5 (172.16.162.4)
Origin incomplete, metric 110, localpref 100, valid, external, best, group-best, import-candidate
Received Path ID 0, Local Path ID 1, version 20
Extended community: RT:64512:64513
but the vrf GAT:
RP/0/RSP0/CPU0:ED_MEX_1#sho bgp vrf GAT 172.16.161.6
Mon May 20 12:58:52.909 UTC
BGP routing table entry for 172.16.161.6/32, Route Distinguisher: 64512:2006
Versions:
Process bRIB/RIB SendTblVer
Speaker 30 30
Last Modified: May 17 17:24:29.877 for 2d19h
Paths: (1 available, best #1)
Advertised to CE peers (in unique update groups):
172.16.14.5
Path #1: Received by speaker 0
Advertised to CE peers (in unique update groups):
172.16.14.5
64513
172.16.19.5 from 172.16.19.5 (172.16.162.4)
Origin incomplete, metric 110, localpref 100, valid, external, best, group-best, import-candidate, imported
Received Path ID 0, Local Path ID 1, version 30
Extended community: RT:64512:64513
Any idea for this trouble, we try to advertise the extend community but nothing.
the configuration on ASR is the follow:
router bgp 64512
bgp router-id 172.16.14.1
address-family ipv4 unicast
address-family vpnv4 unicast
vrf GAT
rd 64512:2006
address-family ipv4 unicast
redistribute connected
redistribute static
neighbor 172.16.14.5
remote-as 2006
address-family ipv4 unicast
send-community-ebgp
route-policy pass-all in
route-policy pass-all out
send-extended-community-ebgp
vrf CAMPUS
rd 64512:64513
address-family ipv4 unicast
redistribute connected
redistribute static
neighbor 172.16.19.5
remote-as 64513
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
we only put send-extended-community-ebgp only on vrf GAT.
Best RegardsHi Harold thanks for your comment
We do it your recommendation and put on AS 64912 routes a route-map for identify the traffic IN on interface the finally configuration on cisco 7600 is:
router bgp 2006
bgp router-id 172.16.110.97
bgp log-neighbor-changes
bgp graceful-restart restart-time 120
bgp graceful-restart stalepath-time 360
bgp graceful-restart
neighbor 172.16.14.6 remote-as 64512
neighbor 172.16.14.6 description EDGE_MEX_1
neighbor 172.16.14.10 remote-as 64512
neighbor 172.16.14.10 description EDGE_MEX_2
address-family ipv4
no synchronization
neighbor 172.16.14.6 route-map REDES_CAMPUS in
neighbor 172.16.14.6 route-map default out
neighbor 172.16.14.10 activate
neighbor 172.16.14.10 route-map REDES_CAMPUS in
neighbor 172.16.14.10 route-map default out
neighbor 172.16.16.26 activate
with the follow route maps:
ip extcommunity-list standard GAT permit rt 64512:64513
ip bgp-community new-format
ip community-list standard REDES-GAT permit 64512:2006
route-map REDES_CAMPUS permit 430
match extcommunity GAT
set local-preference 250
set community 64512:2006 additive
set extcommunity rt 64512:64513 additive
route-map REDES-WAN->MAN permit 1600
match community REDES-GAT
with this information the routes advertise on neighbord know the loopback 172.16.161.6
GW_MEX_2#sho ip bgp neighbors 172.16.11.233 advertised-routes
BGP table version is 6160029, local router ID is 172.16.110.97
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.0.0.1/32 172.16.12.73 300 0 2005 ?
*> 1.0.0.2/32 172.16.12.73 300 0 2005 ?
Network Next Hop Metric LocPrf Weight Path
*> 172.16.140.72/32 172.16.13.9 300 0 2005 ?
*> 172.16.141.22/32 172.16.12.73 250 0 2005 ?
*> 172.16.141.61/32 172.16.12.73 250 0 2005 i
*> 172.16.141.71/32 172.16.12.73 250 0 2005 i
*> 172.16.142.0/27 172.16.13.9 300 0 2005 ?
*> 172.16.142.32/27 172.16.13.9 250 0 2005 ?
*> 172.16.144.0/27 172.16.13.9 300 0 2005 ?
*> 172.16.146.1/32 172.16.13.9 300 0 2005 65451 i
*> 172.16.150.0/27 172.16.12.73 250 0 2005 ?
*> 172.16.152.0/27 172.16.13.9 300 0 2005 ?
*> 172.16.152.32/28 172.16.13.9 300 0 2005 ?
*> 172.16.155.1/32 172.16.13.9 300 0 2005 ?
*> 172.16.161.1/32 172.16.14.6 0 250 0 64512 ?
*> 172.16.161.6/32 172.16.14.10 0 250 0 64512 ?
Thanks for your cooperation
Best Regards -
Hi Guys,
I came across this command, but have problem understanding what it does or how to use it:
Router(config-router-af)# import path selection {all | bestpath [strict] | multipath [strict]}
It falls under the "BGP Event-Based VPN Import" section:
http://www.cisco.com/c/en/us/td/docs/ios/ios_xe/iproute_bgp/configuration/guide/2_xe/irg_xe_book/irg_event_vpn_import_xe.html#wp1059052
Does anyone know what this does or how this works?Hi,
It specifies the BGP import path selection policy for a specific VRF instance.
You might be aware on VRF-LITE, that's the VPNs without MPLS.
BGP Event-Based VPN Import
The BGP Event-Based VPN Import feature introduces a modification to the existing BGP path import process. BGP Virtual Private Network (VPN) import provides importing functionality for BGP paths where BGP paths are imported from the BGP VPN table into a BGP virtual routing and forwarding (VRF) topology. In the existing path import process, when path updates occur, the import updates are processed during the next scan time, which is a configurable interval of 5 to 15 seconds. The scan time adds a delay in the propagation of routes. The enhanced BGP path import is driven by events; when a BGP path changes, all of its imported copies are updated as soon as processing is available.
When you use the BGP Event-Based VPN Import feature, convergence times are significantly reduced because provider edge (PE) routers can propagate VPN paths to customer edge (CE) routers without the scan time delay. Configuration changes such as adding imported route targets (RT) to a VRF are not processed immediately, and are still handled during the 60-second periodic scanner pass.
Import Path Selection Policy
Event-based VPN import introduces three path selection policies:
•All—Import all available paths from the exporting net that match any route target (RT) associated with the importing VRF instance.
•Best path—Import the best available path that matches the RT of the VRF instance. If the best path in the exporting net does not match the RT of the VRF instance, a best available path that matches the RT of the VRF instance is imported.
•Multipath—Import the best path and all paths marked as multipaths that match the RT of the VRF instance. If there are no best path or multipath matches, then the best available path is selected.
- Ashok
Please rate the useful post or mark as correct answer as it will help others looking for similar information -
Hi,
got a customers who's connected to one of our PE using 2 links.
2 BGP sessions have been set (we can't peer on loopbacks), the ebgp multipath option is set, I seen the same routes twice with equal cost on my PE, but customers report that one link is at 80% of usage whereas the other rarely goes up to 20%.
Cef is configue "per destination".
Can't see why I have this behaviour except that someone on customer routeur is running heavy traffic TCP soft like P2P.
Are there some caveheats on "loadsharing" with BGP on MPLS VPN architectures ?
ThanksHi,
did you see 2 IP routes on remote PEs as well?
You might run into one problem coming from BGP maximum path for iBGP being 1 by default.
So you could try
router bgp 65000
addressfamily ipv4 vrf MyVRF
maximum-path ibgp 2
on all REMOTE PE, as they are learning the redundant CE routes through iMBGP and will not install both into the VRF routing table.
If you have route reflectors in place, then you will need to have different RD on the two VRFs the redundant CE interfaces are bound to.
Additionally on all remote PEs:
router bgp 65000
addressfamily ipv4 vrf MyVRF
maximum-path ibgp 2 import 2
egards
Martin -
"sh ip bgp ipv6" or "sh bgp ipv6"
Hi All,
im trying to clarify some confusion with where this is going in terms of show commands for bgp
when i first played with ipv6 bgp in 12.3 years back, the only way to view bgp v6 items was via "sh bgp ipv6", and this as far as i recall was meant to be the way forward for v4 too, and 'sh ip bgp' was to be removed in future ios releases.
Now im looking at SRE5 in the lab, and a 'sh bgp ipv6' gives me not output saying its deprecated, and 'show ip bgp ipv4' shows me all v4 and v6 bgp neighbour sessions.
if anyone can anyone shed some light on this it would be great since its a tad confusing, even more when you add vpnv4 to the mix.
thanks
MarkMark,
Let me try to answer your question like this.
As far as I know. Both commands are still valid (check int recent 15.2.1T release).
R2#show bgp ipv6 unicastBGP table version is 2, local router ID is 192.168.23.2Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-FilterOrigin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path*> 2001:DB8:2::/64 :: 0 32768 iR2#show ip bgp ipv6 unicastBGP table version is 2, local router ID is 192.168.23.2Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-FilterOrigin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path*> 2001:DB8:2::/64 :: 0 32768 i
What is deprecated is the command without "unicast" added.
R2#show ip bgp ipv6% Incomplete command.R2#show bgp ipv6BGP table version is 3, local router ID is 192.168.23.2Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-FilterOrigin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path*> 2001:DB8:2::/64 :: 0 32768 i% NOTE: This command is deprecated. Please use 'show bgp ipv6 unicast'
I'm not aware of anything specific to SRE that would cause it to be different.
Can you make share same outputs from your devices?
M. -
Troubleshooting with IOS BGP and IOS XR BGP - routing table Empty
Hi
actually we tried to make a neigborhood between ASR9000 and Cisco 7600, we have the neigborhood active but on routing tables from ASR only have the networks locals or connected doesn´t learn anything from BGP 7600
the diagram is this:
When try to know the routes on ASR9000 from Cisco 7609 happen the follow
the neighbor is UP from Cisco 7600 and ASR 9000 but the routing table is empty.
the config on cisco 7600 is:
router bgp 2006
neighbor 172.16.14.6 remote-as 64512
address-family ipv4
neighbor 172.16.14.6 activate
the config on cisco ASR9000 is:
router bgp 64512
bgp router-id 172.16.161.1
address-family ipv4 unicast
neighbor 172.16.14.5
remote-as 2006
address-family ipv4 unicast
Help us
Best RegardsAnother important one is the fact that in XR you need to have RPL policies (even if they only have a "pass-all" functionality) to accept inbound/outbound routes in eBGP.
Check the article on the asr9000 unequal cost multipath that has some sample BGP outputs and show command verifications that may help also.
If not the case, get us the XR config from the A9K side.
Also what does the bgp table on teh IOS side look like? as Richard suggests, there doesnt seem to be anything injected by the 7600 itself.
regards
xander
Xander Thuijs
Principal Engineer CCIE#6775, ASR9000
Maybe you are looking for
-
I wonder if some one can clarify the whole Apple ID thing. Here's the situation. My girlfriend (who I live with) has just purchased a iPad. We intend to set her up with her own Apple ID (eg [email protected]) I currently have two Apple IDs but as I h
-
How to get Daily Customer Balance Report?
Hi I have received a requirement from the user where he has to send the Daily Customer balance report currently he is using the T.Code S_ALR_87012172 Customer Balances in Local Currency for fetching the monthly data. I want to know what are the ways
-
OSA - Concept of Further Participant
Hi All, I am new to OSA module and is a little confused with part appraisals and further partipant. Base on english explanation "Further participants are those that have an interest in the document but are not directly responsible for the appraisal p
-
JDeveloper Slow with CVS 'Finding Incoming Changes'
Hi all, My JDeveloper (10.1.3.3) has been running smoothly until we added a CVS connection to the IDE and put the projects under CVS control (CVSNT 2.5.03 Build 2382). The IDE (jdevW.exe) is drawing all my machine resources and there is always a "Fin
-
Is It Possible To Store Something Other Than An Object In A Session?
I have seen how to store an object in a session and the syntax is public void setAttribute(String name, Object value);and we usually put String(s) in that object; for example, we have a customer object and we do the following: customer.setStartDate(