Route-reflector-client inheritance-disable
Hi Folks,
I found the command route-reflector-client inheritance-disable here, why do we use it.
http://www.cisco.com/en/US/docs/routers/xr12000/software/xr12k_r3.9/routing/command/reference/b_rr39xr12kbook_chapter_01.html#wp1681856112
RP/0/0/CPU0:router(config)# router bgp 140
RP/0/0/CPU0:router(config-bgp)# af-group group1 address-family ipv4 unicast
RP/0/0/CPU0:router(config-bgp-afgrp)# route-reflector-client
RP/0/0/CPU0:router(config-bgp-afgrp)#exit
RP/0/0/CPU0:router(config-bgp)# neighbor 172.20.1.1
RP/0/0/CPU0:router(config-bgp-nbr)# remote-as 140
RP/0/0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast
RP/0/0/CPU0:router(config-bgp-nbr-af)# use af-group group1
RP/0/0/CPU0:router(config-bgp-nbr-af)# route-reflector-client inheritance-disable
I Will rate all helpful posts Thanks in advance
Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."
Hello Muhammad,
As document says:
The following example disables the route-reflector client for neighbor 172.20.1.1, preventing this feature from being automatically inherited from address family group group1:
RP/0/RP0/CPU0:router(config)# router bgp 140
RP/0/RP0/CPU0:router(config-bgp)# af-group group1 address-family ipv4 unicast
RP/0/RP0/CPU0:router(config-bgp-afgrp)# route-reflector-client
RP/0/RP0/CPU0:router(config-bgp-afgrp)#exit
RP/0/RP0/CPU0:router(config-bgp)# neighbor 172.20.1.1
RP/0/RP0/CPU0:router(config-bgp-nbr)# remote-as 140
RP/0/RP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast
RP/0/RP0/CPU0:router(config-bgp-nbr-af)# use af-group group1
RP/0/RP0/CPU0:router(config-bgp-nbr-af)# route-reflector-client inheritance-disable
Neighbor 172.20.1.1 si configured as member of group1. Members of group1 are configured as route-reflector-clients. But you want to disable neighbor 172.20.1.1 to become route-reflector-client so you need to configure route-reflector-client inheritance-disable.
Best Regards
Please rate all helpful posts and close solved questions
Similar Messages
-
BGP route-reflector next-hop issue
Hello,
I have a small GNS3 lab that is working with one exception: I cannot ping loopback0 on RRc2 and RRc3 from RRc1.
RRc1, RRc2 and RRc3 can all ping loopback0 on SmileyISP and RRc2 and RRc3 can ping each others loopback0
interfaces.
I am broken between the two route-reflectors: RRS1 and RRS2.
Given these conditions:
1) Do not configure any IGP.
2) No static routes
How do I get connectivity from RRc1's loopback0 interface to RRc2 loopback0 and RRc3 loopback0?
I used a route-map to set the next hop, but I am obviously doing something wrong.
I am providing relevant show command outputs, router configs, and the GNS3 topology.net config.
You will have to change the image and working directories to match your computer.
Not quite sure where I am going wrong.
Any help would be greatly appreciated.
Thanks.
-- Mark
RRc1#sh ip bgp
BGP table version is 53, local router ID is 172.16.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*>i 1.1.1.0/24 10.1.25.5 0 100 0 100 i
*>i 10.1.12.0/24 10.1.26.2 0 100 0 i
*>i 10.1.13.0/24 10.1.12.1 0 100 0 i
*>i 10.1.14.0/24 10.1.12.1 0 100 0 i
*>i 10.1.15.0/24 10.1.12.1 0 100 0 i
*>i 10.1.25.0/24 10.1.26.2 0 100 0 i
* i 10.1.26.0/24 10.1.26.2 0 100 0 i
*> 0.0.0.0 0 32768 i
*> 172.16.1.0/24 0.0.0.0 0 32768 i
*>i 172.16.2.0/24 10.1.12.1 0 100 0 i
*>i 172.16.3.0/24 10.1.12.1 0 100 0 i
RRc1#
RRc1#ping 172.16.2.1 so lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.1
Success rate is 0 percent (0/5)
RRc1#
RRc2#sh ip bgp
BGP table version is 31, local router ID is 172.16.2.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*>i 1.1.1.0/24 10.1.15.5 0 100 0 100 i
* i 10.1.12.0/24 10.1.12.2 0 100 0 i
* i 10.1.13.0/24 10.1.13.1 0 100 0 i
*> 0.0.0.0 0 32768 i
*>i 10.1.14.0/24 10.1.13.1 0 100 0 i
*>i 10.1.15.0/24 10.1.13.1 0 100 0 i
* i 10.1.25.0/24 10.1.12.2 0 100 0 i
* i 10.1.26.0/24 10.1.12.2 0 100 0 i
* i 172.16.1.0/24 10.1.12.2 0 100 0 i
*> 172.16.2.0/24 0.0.0.0 0 32768 i
*>i 172.16.3.0/24 10.1.14.4 0 100 0 i
RRc2#
SmileyISP#sh run
Building configuration...
Current configuration : 988 bytes
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname SmileyISP
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface Loopback0
ip address 1.1.1.1 255.255.255.0
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.15.5 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
ip address 10.1.25.5 255.255.255.0
speed auto
duplex auto
router bgp 100
bgp log-neighbor-changes
network 1.1.1.0 mask 255.255.255.0
network 10.1.15.0 mask 255.255.255.0
neighbor 10.1.15.1 remote-as 200
neighbor 10.1.25.2 remote-as 200
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRS1#sh run
Building configuration...
Current configuration : 1594 bytes
! Last configuration change at 19:24:34 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRS1
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.15.1 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
ip address 10.1.12.1 255.255.255.0
speed auto
duplex auto
interface FastEthernet2/0
ip address 10.1.13.1 255.255.255.0
speed auto
duplex auto
interface FastEthernet2/1
ip address 10.1.14.1 255.255.255.0
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.13.0 mask 255.255.255.0
network 10.1.14.0 mask 255.255.255.0
network 10.1.15.0 mask 255.255.255.0
neighbor RouteReflectors peer-group
neighbor RouteReflectors remote-as 200
neighbor RouteReflectors route-map NEXTHOP out
neighbor RRClients peer-group
neighbor RRClients remote-as 200
neighbor RRClients route-reflector-client
neighbor 10.1.12.2 peer-group RouteReflectors
neighbor 10.1.13.3 peer-group RRClients
neighbor 10.1.14.4 peer-group RRClients
neighbor 10.1.15.5 remote-as 100
ip forward-protocol nd
no ip http server
no ip http secure-server
route-map NEXTHOP permit 10
set ip next-hop peer-address
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRS2#sh ru
Building configuration...
Current configuration : 1542 bytes
! Last configuration change at 19:42:06 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRS2
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.12.2 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
ip address 10.1.25.2 255.255.255.0
speed auto
duplex auto
interface FastEthernet2/0
ip address 10.1.26.2 255.255.255.0
speed auto
duplex auto
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.12.0 mask 255.255.255.0
network 10.1.25.0 mask 255.255.255.0
network 10.1.26.0 mask 255.255.255.0
neighbor RouteReflectors peer-group
neighbor RouteReflectors remote-as 200
neighbor RouteReflectors route-map NEXTHOP out
neighbor RRClients peer-group
neighbor RRClients remote-as 200
neighbor RRClients route-reflector-client
neighbor 10.1.12.1 peer-group RouteReflectors
neighbor 10.1.25.5 remote-as 100
neighbor 10.1.26.6 peer-group RRClients
ip forward-protocol nd
no ip http server
no ip http secure-server
route-map NEXTHOP permit 10
set ip next-hop peer-address
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRc1#sh run
Building configuration...
Current configuration : 1005 bytes
! Last configuration change at 18:43:57 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRc1
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface Loopback0
ip address 172.16.1.1 255.255.255.0
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.26.6 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.26.0 mask 255.255.255.0
network 172.16.1.0 mask 255.255.255.0
neighbor 10.1.26.2 remote-as 200
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRc2#sh run
Building configuration...
Current configuration : 1005 bytes
! Last configuration change at 18:45:05 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRc2
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface Loopback0
ip address 172.16.2.1 255.255.255.0
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.13.3 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.13.0 mask 255.255.255.0
network 172.16.2.0 mask 255.255.255.0
neighbor 10.1.13.1 remote-as 200
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRc3#wr term
Building configuration...
Current configuration : 1005 bytes
! Last configuration change at 18:31:12 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRc3
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface Loopback0
ip address 172.16.3.1 255.255.255.0
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.14.4 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.14.0 mask 255.255.255.0
network 172.16.3.0 mask 255.255.255.0
neighbor 10.1.14.1 remote-as 200
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
autostart = False
version = 0.8.6
[127.0.0.1:7202]
workingdir = C:\Users\Mark\AppData\Local\Temp
udp = 10200
image = C:\downloads\GNS3\c7200-adventerprisek9-mz.152-4.S5.image
idlepc = 0x62f1e4ec
ghostios = True
console = 2005
aux = 2100
cnfg = configs\SmileyISP.cfg
slot1 = PA-2FE-TX
f1/0 = RRS1 f1/0
f1/1 = RRS2 f1/1
x = -24.0
y = -259.0
z = 1.0
hx = -1.5
hy = -24.0
console = 2015
aux = 2101
cnfg = configs\RRc1.cfg
slot1 = PA-2FE-TX
f1/0 = RRS2 f2/0
x = -292.0
y = 200.0
z = 1.0
hx = -5.5
hy = -25.0
[127.0.0.1:7200]
workingdir = C:\Users\Mark\AppData\Local\Temp
udp = 10000
image = C:\downloads\GNS3\c7200-adventerprisek9-mz.152-4.S5.image
idlepc = 0x62f1e4ec
ghostios = True
console = 2012
aux = 2102
cnfg = configs\RRS1.cfg
slot1 = PA-2FE-TX
f1/0 = SmileyISP f1/0
f1/1 = RRS2 f1/0
slot2 = PA-2FE-TX
f2/0 = RRc2 f1/0
f2/1 = RRc3 f1/0
x = 197.0
y = 6.0
z = 1.0
hx = 42.5
hy = -20.0
console = 2013
aux = 2103
cnfg = configs\RRS2.cfg
slot1 = PA-2FE-TX
f1/0 = RRS1 f1/1
f1/1 = SmileyISP f1/1
slot2 = PA-2FE-TX
f2/0 = RRc1 f1/0
x = -239.0
y = 9.0
z = 1.0
hx = 1.5
hy = -24.0
[127.0.0.1:7201]
workingdir = C:\Users\Mark\AppData\Local\Temp
udp = 10100
image = C:\downloads\GNS3\c7200-adventerprisek9-mz.152-4.S5.image
idlepc = 0x62f1e4ec
ghostios = True
console = 2009
aux = 2104
cnfg = configs\RRc3.cfg
slot1 = PA-2FE-TX
f1/0 = RRS1 f2/1
x = 337.0
y = 155.0
z = 1.0
hx = 17.5
hy = -25.0
console = 2008
aux = 2105
cnfg = configs\RRc2.cfg
slot1 = PA-2FE-TX
f1/0 = RRS1 f2/0
x = 149.0
y = 204.0
z = 1.0
hx = -13.5
hy = -23.0
[GNS3-DATA]
configs = configs
text = ".1"
x = 208.0
y = -23.0
text = "10.1.12.0/24"
x = -19.0
y = 5.0
text = ".1"
x = 153.0
y = 25.0
text = ".1"
x = 259.0
y = 33.0
text = "10.1.13.0/24"
x = 238.0
y = 84.0
rotate = 99
text = "10.1.25.0/24"
x = -188.0
y = -124.0
text = "l0: 172.16.2.1/24"
x = 125.0
y = 244.0
text = "l0:172.16.1.1/24"
x = -269.0
y = 240.0
text = "10.1.15.0/24"
x = 116.0
y = -127.0
text = "10.1.14.0/24"
x = 293.0
y = 53.0
rotate = 50
text = ".1"
x = 194.0
y = 68.0
text = "AS100"
x = -20.0
y = -342.0
text = ".2"
x = -148.0
y = 46.0
text = "AS200"
x = 33.0
y = 300.0
text = "l0: 1.1.1.1/24"
x = -42.0
y = -306.0
text = ".5"
x = 50.0
y = -213.0
text = ".2"
x = -248.0
y = 60.0
text = ".2"
x = -174.0
y = -52.0
text = ".5"
x = -54.0
y = -209.0
text = ".6"
x = -232.0
y = 189.0
text = "l0:172.16.3.1/24"
x = 299.0
y = 194.0
text = "10.1.26.0/24"
x = -274.0
y = 167.0
rotate = 290
text = ".3"
x = 208.0
y = 187.0
text = ".4"
x = 312.0
y = 155.0
type = ellipse
x = 50.0
y = -35.0
width = 385.0
height = 345.0
fill_color = "#ffff7f"
border_style = 2
z = -1.0
type = ellipse
x = -171.0
y = -346.0
width = 359.0
height = 200.0
fill_color = "#aaff7f"
border_style = 2
z = -1.0
type = ellipse
x = -407.0
y = -87.0
width = 883.0
height = 443.0
border_style = 2
z = -2.0
type = ellipse
x = -361.0
y = -29.0
width = 385.0
height = 326.0
fill_color = "#55aaff"
border_style = 2
z = -3.0BD,
Ahh...
OK. In the original article, the author states that the final piece with the route map
NEXTHOP was supposed to fix the reachability issue. Obviously it doesn't.
After reading your last post, I looked more carefully at the output from 'sh ip bgp'
on each of the client routers and I realized that several of the next hop addresses were
wrong for some of the prefixes.
1) I completely removed the 'neighbor RouteReflectors route-map NEXTHOP out'
from both RR's. Then I ran 'sh ip bgp' on the clients and noted a change in the next hop addresses. Still wrong, but it changed.
2) I then tried next-hop-self from the RR's to the clients, but it did not change from where
it was after I completed step 1. I am not sure why there was no change. (actually, see the very end of this post)
3) I then applied my version of the route map: route-map NEXTHOP permit 10
set ip next-hop peer-address
to the RR's with this: neighbor RRClients route-map NEXTHOP out
That fixed it. All three clients have as their next hop for all prefixes their respective
RR's (which is what they should have for this topology).
I have full connectivity everywhere, even loopback to loopback between all clients.
1) THANK YOU for pointing me in the right direction.
2) If I may ask, why did next hop self fail? More specifically, I saw no change at all
in the next hop for the advertised prefixes. Is it because next-hop-self should be used
for eBGP peers and all of the RR's and clients are all within the same AS? -
Hello,
i have this bgp topology all router running bgp and no igp is running. Now, the problem is R2 and R3 are route reflector, R1 and R4 are Rclient.
R3 has learn route from R4 (4.4.4.4) from its R client and it advertise to R2 but R2 not advertise (4.4.4.4) route to its client (R1).
R1#sh ip bgp
BGP table version is 5, local router ID is 192.168.12.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
*>i2.2.2.2/32 192.168.12.2 0 100 0 i
* i3.3.3.3/32 192.168.23.3 0 100 0 i
R2#sh ip bgp
BGP table version is 8, local router ID is 192.168.12.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.1/32 192.168.12.1 0 100 0 i
*> 2.2.2.2/32 0.0.0.0 0 32768 i
*>i3.3.3.3/32 192.168.23.3 0 100 0 i
* i4.4.4.4/32 192.168.34.4 0 100 0 iR3#sh ip bgp
BGP table version is 8, local router ID is 192.168.23.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i1.1.1.1/32 192.168.12.1 0 100 0 i
*>i2.2.2.2/32 192.168.23.2 0 100 0 i
*> 3.3.3.3/32 0.0.0.0 0 32768 i
*>i4.4.4.4/32 192.168.34.4 0 100 0
R3#sh run | se router bgp
router bgp 1
no synchronization
bgp log-neighbor-changes
network 3.3.3.3 mask 255.255.255.255
neighbor 192.168.23.2 remote-as 1
neighbor 192.168.23.2 next-hop-self
neighbor 192.168.34.4 remote-as 1
neighbor 192.168.34.4 route-reflector-client
no auto-summary -
Rt-filter or route-policy in a route-reflector
Hi,
I want to implement a route reflector that i will use in two differents networks with differents VPNL3. So i do not want that my route reflector advertise the prefixes form a network to the other. I am using an ASR9000 with IOS XR 4.3.2 as route reflector.
I tried two differents configurations in a testing enviroment and both work fine, one applying route-policy filtering by RD, and another using RT-filter. But i do not know what is better to implement on production. I will appreciate if somebody could help me to decide what is the best to implement in a production Network, thinking in the resources of the network and in the IPv6 deployment (i could not configure RT Filter with address-family ipv6)
With route-policy
rd-set RD_XXX
65000:*
end-set
route-policy to_XXX
if rd in RD_XXX then
pass
else
drop
endif
end-policy
route-policy to_YYY
if rd in RD_XXX then
drop
else
pass
endif
end-policy
router bgp 65001
neighbor-group XXX
remote-as 65001
address-family vpnv4 unicast
route-reflector-client
route-policy to_XXX out
neighbor-group YYY
remote-as 650001
update-source Loopback0
address-family vpnv4 unicast
route-reflector-client
route-policy to_YYY out
with RT-Filter
router bgp 65001
address-family ipv4 rt-filter
neighbor-group XXX
address-family ipv4 rt-filter
route-reflector-client
soft-reconfiguration inbound always
neighbor-group YYY
address-family ipv4 rt-filter
route-reflector-client
soft-reconfiguration inbound always
RegardsHi,
One benefit I see with rt-filter is, this feature provides considerable savings in CPU cycles and transient memory usage, generally this will be beneficial when you have large number of prefixes to be filtered, as you do not need to define route-policy for all the prefixes, and also it simple to configure (only one command )
Look at the Restrictions for BGP: RT Constrained Route Distribution in below document
http://www.cisco.com/en/US/docs/ios/ios_xe/iproute_bgp/configuration/guide/irg_rt_filter_xe.html
HTH
Regards,
Sandip -
Hi All...
I have this topology:
CE2-->PE1-->P--->PE2-->CE2
.............\-->PE3-->CE2
In router "P" I want to configure MP-BGP, but I have many doubts with configurations this router. I need to do route-reflector too.
Anybody can help me?
CLRGomesThanks, look my configuration:
Router P
router bgp 65500
no synchronization
no bgp default route-target filter
bgp log-neighbor-changes
neighbor MPLS peer-group
neighbor MPLS remote-as 65500
neighbor MPLS ebgp-multihop 255
neighbor MPLS update-source Loopback0
neighbor MPLS route-reflector-client
neighbor MPLS allowas-in
neighbor MPLS soft-reconfiguration inbound
neighbor 10.10.10.2 peer-group MPLS
neighbor 10.10.10.3 peer-group MPLS
neighbor 10.10.10.4 peer-group MPLS
no auto-summary
address-family vpnv4
neighbor MPLS route-reflector-client
neighbor MPLS send-community both
neighbor 10.10.10.2 activate
neighbor 10.10.10.3 activate
neighbor 10.10.10.4 activate
exit-address-family
ok...working perfect, I did MP-BGP between PE routers and I configured RDs differents too...
Later I did between PE->CE with OSPF and working too, loadshare working.
Thanks a lot
CLRGomes
CCIE R&S -
I'm considering a limited IPv6 rollout using 6PE, and would like to know if the following configuration would be supported.
Our typical topology consists of customer aggregation routers connected to a pair of regional core routers. The cores are directly interconnected to other regions' cores via our long haul transport network. Our border routers are also connected to the closest pair of cores.
All the regional pairs of core routers are route reflectors, and the customer aggregation and border routers are route reflector clients of the closest pair of cores.
These are all 7600-class routers, and they're all running MPLS on the interconnects.
Can we use 6PE to exchange V6 routes between our dual-stack customer aggregation and border routers, and have those routes reflected through MPBGP sessions to the IPv4-only core routers?
customer_agg (dual v4/v6) ---> region1 core (v4 only) --->
<--- region2 core (v4 only) ---> border (dual v4/v6)
Thanks much...Stafford, yes you can run 6 PE in you distributed RR topology. Only thing is even though your RR's need not be dual stack but they definately need to support V6 Address Family for peering with the border PE's and reflecting the updates received.
Do note that when you enable ipv6 address family it makes it a dual stack router even though you do not aggregate customers over ipv6 link addresses.(7600'shave support for this, so should not be much of a concern here in terms of support)
Here is a reference for 6PE configuration.
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_data_sheet09186a008052edd3.html
Other option which you can think of is rather than creaing a full mesh of v6 peerings, if your dployment is limited to certain PE's you may want to form direct v6 ibgp between them.
HTH-Cheers,
Swaroop -
In a cluster of multiple route-reflector, is it necessary for the route-reflectors to be peers to each other? Does the use of the cluster id have any effect on this?
"Usually a cluster of clients will have a single route reflector. In that case, the cluster is identified by the router ID of the route reflector. To increase redundancy and avoid a single point of failure, a cluster might have more than one route reflector. In this case, all route reflectors in the cluster must be configured with the 4-byte cluster ID so that a route reflector can recognize updates from route reflectors in the same cluster. All the route reflectors serving a cluster should be fully meshed and all of them should have identical sets of client and nonclient peers.
If the cluster has more than one route reflector, configure the cluster ID by using the following command in router configuration mode: "
That is taken from
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt2/1cfbgp.htm#wp1001965
But, if the route-reflectors are not meshed, can someone explain to me what could happen. Is this just a best practice, or a must configuration? -
How can i route smtp client in multiple messaging store servers environment
In multiple messaging store servers environment, how can i route smtp client to the host which was specified in user's ldap "mailhost" attribute,just likes route pop client through mmp.
does mmp can do it? or any other idea?
thx a lot~!So, you want to add a text line to some messages, but not all?
That's going to be pretty complex, actually.
First, if all your mail is text, adding a text footer isn't all that difficult, it's done through the conversion channel.
But filtering that, so you only do it for some users, isn't going to be easy at all.
If you can get your users to point their clients to a particular MTA, then you can add the tag on that mta, only.
Please note, that a text tag on a text mail is possible. Adding to an HTML mail is FAR more complex, and not a job for somebody not extremely familiar with MIME and building such. -
Hi
I have a Network with about 14 PE's and totally 800 vpnv4 Prefixes.
I thought about a design with redundant 7200 as Route Reflectors.
Now the question: Could i use two PE's (6500 Sup 720) as Route Reflector? So i wouldn't have to buy two 7200.
cheers patrickHello Patrick,
As you know that Route Reflectors as a concept is applicable for networks having heavy IBGP mesh, and also involves quite a burden on the processor.
Coming back to your question !!! Yes a couple of 6500 with SUP 720 can be used, you can try this new IOS release 12.2(17b)SXA.
Check this link further:
http://www.cisco.com/en/US/products/hw/switches/ps708/prod_bulletin09186a00801df1dd.html
sultan -
Hi,
I am having this design issue with route reflectors and could use some help.
I have 18 routers fully meshed in an MP-iBGP session and i am going to introduce route reflectors into the network to minimize the total number of TCP sessions
My problem is that some of these routers have outboud policies with one another. for example i have a route map on router 1 affecting only router 2 and would like to keep it this way
is there any way to do that through route reflectors ?
Thank you
HadiHi Riccardo,
I have 18 routers in a full MP-iBGP mesh topology. Some pairs of these routers have the following policy :
I have a route-map matching on Route Targets and i am setting the next hop to be different from the rest of the RT for that site.
This way, the prefixes originating from site A for example will reach site B with different next hops depending on how i set it in my route-map.
These policies are only between pairs of routers i.e. router#1 needs only to affect router#2
How can i achieve this using RRs
Thank you
Hadi -
How do I access router setup page if the router DHCP service is disabled?
When I had DSL, my WRT54G was my DHCP master for my home network. When I got AT&T U-Verse, their "gateway" became the DHCP master and also the wireless access point. But the signal was not strong enough where I wanted to use it, so I hooked up the WRT54G again. I discovered that if I connected the U-Verse gateway to the "Internet" port on the WRT54G Linksys, then my home network was split in two, which I did not want. The WRT54G access point is physically somewhat distant from my wired computer, so I wanted to keep the U-Verse gateway as the DHCP master. (The U-Verse gateway is a router with four "computer" ports but no "Internet" port.)
I followed instructions on the Linksys web site, and using my wi-fi connected computer I re-programmed the WRT54G to be "Disabled" as a DHCP server. Then I powered down and physically connected the U-Verse gateway to a "Computer" port on the WRT54G. This solved my problem: my distant wi-fi computer now has a good signal, and both computers "see" each other.
However, now I seem to have lost access to the WRT54G setup "web page." Is it possible to access the innards of the WRT54G when its DHCP service is disabled? Or would I have to reset the device to factory configuration and start all over if I wanted to make any tweaks?You can still access the router's web configuration pages even if the internal DHCP server is disabled and it is connected via a LAN Ethernet port to your upstream router.
Did you reserve and IP addresses on the Uverse router for static IPs?
If you did, assign one of these to the Linksys router (LAN) and you will be able to access it from your LAN. Since you are not using the WAN port, the Linksys router will not pull an IP from the Uverse router. You are using the device as a switch. -
2851 router vpn to 851 router lan clients cannot ping
Greets - I'm expanding my lab experience by adding a 2851 router to my mix of 18xx and 851/871 units. Some of this infrastructure is in production, some just lab work. I have established good connectivity between 18xx's and 851/871's with IPSEC VPNs (site-to-site static and dynamic), but my problem is with adding in a 2851.
Setup: 2851 with 12.4 ADVENTK9, WAN on GE0/0 as 216.189.223.bbb/26, LAN on GE0/1 as 172.20.0.1/20 (VPN module, but no additional HWIC modules)
851 with 12.4 ADVENTK9, WAN on FE4 as 216.53.254.aaa/24, LAN on FE0..3 via BVI1 as 172.21.1.1/24
The two router WAN ports are bridged via a 3rd router (a Zywall with 216.0.0.0/8 route, with the router at 216.1.1.1) affectionately called the "InterNOT", which provides a surrogate to the great web, minus actual other hosts and dns, but it doesn't matter. As both my WAN addresses are within 216.x.x.x, this works quite well. This surrogate has tested fine and is known to not be part of a problem.
The 851 has been tested against another 851 with complementary setup and a successful VPN can run between the two.
I have good LAN-WAN connections on each router. I do have a "Good" VPN connection between the two routers.
The problem: I cannot ping from a LAN host on 172.20.x.x on the 2851 to any 172.21.1.x (eg 172.21.1.1) host on the 851, and vice versa.
From a LAN host, I can ping to my InterNOT - for example a dhcp host 172.20.6.2 on the 2851 LAN can ping 216.1.1.1 fine. I can also ping the 851's WAN address at 216.53.254.aaa.
To complicate matters, if I connect to the routers via console, I CAN ping across the vpn to the destination LAN hosts, in both directions.
This seems to indicate that there is a bridging problem between the LAN interfaces to the VPN interfaces. I suspect this is a config problem on the 2851, as I have had a similar config working on my 851 to 851 site-to-site setups. I also suspect it is in the 2851's config as I'm still just starting out with this particular router.
So some stripped-down configs:
For the 2851:
no service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname router2851
boot-start-marker
boot-end-marker
no logging buffered
no logging console
enable password mypassword2
no aaa new-model
dot11 syslog
no ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 172.20.0.1 172.20.6.1
ip dhcp excluded-address 172.20.6.254 172.20.15.254
ip dhcp pool Internal_2000
import all
network 172.20.0.0 255.255.240.0
domain-name myseconddomain.int
default-router 172.20.0.1
lease 7
no ip domain lookup
multilink bundle-name authenticated
voice-card 0
no dspfarm
crypto pki <<truncated>>
crypto pki certificate chain TP-self-signed-2995823027
<<truncated>>
quit
username myusername privilege 15 password 0 mypassword2
archive
log config
hidekeys
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key mysharedkey address 216.53.254.aaa
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to216.53.254.aaa
set peer 216.53.254.aaa
set transform-set ESP-3DES-SHA
match address 100
interface GigabitEthernet0/0
description $ETH-WAN$
ip address 216.189.223.bbb 255.255.255.192
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map SDM_CMAP_1
no shut
interface GigabitEthernet0/1
description $FW_INSIDE$$ETH-LAN$
ip address 172.20.0.1 255.255.240.0
ip nat inside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
no mop enabled
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
ip http server
ip http authentication local
ip http secure-server
ip dns server
ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/0 overload
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 172.20.0.0 0.0.15.255
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 172.20.0.0 0.0.15.255 172.21.1.0 0.0.0.255
access-list 101 remark CCP_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 172.20.0.0 0.0.15.255 172.21.1.0 0.0.0.255
access-list 101 permit ip 172.20.0.0 0.0.15.255 any
route-map SDM_RMAP_1 permit 1
match ip address 101
control-plane
banner motd ~This is a private computer system for authorized use only. And Stuff~
line con 0
line aux 0
line vty 0 4
privilege level 15
password mypassword
login local
transport input telnet ssh
scheduler allocate 20000 1000
end
And for the 851:
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname router851
boot-start-marker
boot-end-marker
logging buffered 52000 debugging
no logging console
enable password mypassword
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
resource policy
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no ip dhcp use vrf connected
ip dhcp excluded-address 172.21.1.1 172.21.1.100
ip dhcp pool Internal_2101
import all
network 172.21.1.0 255.255.255.0
default-router 172.21.1.1
domain-name mydomain.int
dns-server 172.21.1.10
lease 4
ip cef
ip domain name mydomain.int
ip name-server 172.21.1.10
crypto pki <<truncated>>
crypto pki certificate chain TP-self-signed-3077836316
<<truncated>>
quit
username myusername privilege 15 password 0 mypassword2
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key mysharedkey address 216.189.223.aaa
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to216.189.223.bbb
set peer 216.189.223.bbb
set transform-set ESP-3DES-SHA2
match address 100
bridge irb
interface FastEthernet0
spanning-tree portfast
interface FastEthernet1
spanning-tree portfast
interface FastEthernet2
spanning-tree portfast
interface FastEthernet3
spanning-tree portfast
interface FastEthernet4
description $ETH-WAN$
ip address 216.53.254.aaa 255.255.254.0
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1460
duplex auto
speed auto
no cdp enable
crypto map SDM_CMAP_1
no shut
interface Vlan1
description Internal Network
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 1
bridge-group 1 spanning-disabled
interface BVI1
description Bridge to Internal Network
ip address 172.21.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route 0.0.0.0 0.0.0.0 FastEthernet4
ip route 172.21.1.0 255.255.255.0 BVI1
ip http server
ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 172.21.1.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 172.21.1.0 0.0.0.255 172.20.0.0 0.0.15.255
access-list 101 remark CCP_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 172.21.1.0 0.0.0.255 172.20.0.0 0.0.15.255
access-list 101 remark IPSec Rule
access-list 101 deny ip 172.21.1.0 0.0.0.255 172.21.101.0 0.0.0.31
access-list 101 permit ip 172.21.1.0 0.0.0.255 any
route-map SDM_RMAP_1 permit 1
match ip address 101
control-plane
bridge 1 route ip
banner motd ~This is a private computer system for authorized use only. And Stuff.~
line con 0
password mypassword
no modem enable
line aux 0
line vty 0 4
password mypassword
scheduler max-task-time 5000
end
Note that the above are somewhat stripped-down configs, without firewall or WAN ACL's - interestingly my default WAN-Inbound ACLs seem to break connectivity when included, so I realize I have some more cleanup to do there, but the 2851 LAN bridging seems to be what I should concentrate on first.
I'm still googling some of the particulars with the 2851, but any assistance is appreciated.
Regards,
Ted.Hi,
First,please delete NAT.If we configured the NAT in the RRAS,the source IP address in all packets sent to 192.168.1.0/24 would be translated to 192.168.1.224.
Second,please enable the LAN routing in RRAS server.To enable LAN routing,please follow the steps below,
1.In the RRAS server,Open Routing and Remote Access.
2.Right-click the server name,then click
properties.
3.On the General tab,select
IPv4 Router check box,and then click Local area network(LAN) routing only.
Then,announce the 172.16.0.0 network to the router.
To learn more details about enabling LAN routing, please refer to the link below,
http://technet.microsoft.com/en-us/library/dd458974.aspx
Best Regards,
Tina -
Join AirPort Express to D-Link DGL4300 router in client mode not working
I only want to be able to stream iTunes to my AirPort Express via my existing network which is controlled by my D-Link DGL-4300 router.
My AirPort Express works as an iTunes streamer because I tested it running its own network (ignoring the existing D-Link network). I am trying to connect in client mode (I think), but my D-Link router just can't see the AirPort Express which seems to disappear off the radar after it restarts with the new settings.
This is what happens...
1. AirPort Express Hard Reset
2. Connect to Airport Express wireless network (which disconnects me from my D-Link DGL4300 wireless network “K1000578”)
3. Run AirPort Utility and enter “Assist Me” mode.
4. Set AirPort Express name and password then click continue.
5. Select “I have a wireless network and want to add AirPort Express or replace an existing device on my network” then click continue.
6. Select “I want AirPort Express to join my current network”
7. Select the name of my D-Link DGL4300 network “K1000578” from the drop down box, select WPA/WPA2 Personal wireless security type and enter the DGL4300 password, then click continue.
8. Click Update in the summary screen.
What happens then is...
MESSAGE BOX “Apple wireless device restarting. Please wait...”
MESSAGE BOX “Connecting to network ‘K1000578’. Please wait...”
AirPort Utility returns with a message advising that although the device was successfully updated, AirPort utility was unable to find it after restarting. It also suggests that I made need to reselect my network for the AirPort menu and try again.
My computer is now unable to even see the AirPort express device.
When I try to reconnect to my existing DGL4300 network “K1000578”, it says that the settings saved on this computer for the network do not match the requirements of the network. !! ***!!
I can fix the last part above by deleting the connection information for my DGL4300 and searching for it again. BUT HOW ON EARTH DO I CONNECT MY AIRPORT EXPRESS TO MY NETWORK?!!
I am able to connect my PC directly to the AirPort Express (if I set it up as its own network) and successfully stream iTunes, but this means I have to disconnect from my DGL4300 network also which means I won’t get internet on that machine and I can’t use my iPhone Remote App.
This is my second experience with Apples “it just works” philosophy. MobileMe was my first. Guess how I’m feeling!
Any help at all is kindly appreciated.I forgot to mention, I have turned off the MAC address filters on my router, so that's not the cause.
-
Client side disabling of Outlook anywhere in Outlook 2013
Hi
Our admins recently had to disable external access for Outlook while keeping ActiveSync for Mobile Clients working. This was done by placing the autodiscover service (autodiscover.ourexternaldomain.com) behind a TMG with two factor authentication, and also
putting our mail.ourexternaldomain.com behind the same TMG. So, Outlook from outside the network can't connect anymore (it will show you the login/pass prompt but what it wants is the two factor credentials, not your domain credentials.. so essentially you
can't connect anymore), and mobile client still work.
In addition, they've disabled the "Outlook anywhere" options (specifically, "Connect to Microsoft Exchange using HTTP" is not only grayed out, it is forced disabled) by GPO.
Unfortunately, that doesn't work for the handful that's already using Outlook 2013. There, even when the "Connect to Microsoft Exchange using HTTP" option is unchecked, the client will query autodiscover.ourexternaldomain.com, and eventually gets
the response containing not only the EXCH protocol (which contains the internal urls), but also the EXPR protocol containing the public urls. That in turn re-enables "Connect to Microsoft Exchange using HTTP", so now clients, even when inside the
organization will try to access the mail.ourexternaldomain.com which is behind the TMG, resulting in perpetual login prompts being displayed (the login actually comes from the TMG, not Exchange).
So, is there a way to force disable "Connect to Microsoft Exchange using HTTP" for Outlook 2013, preferably without changing anything on Exchange and the GPO. I guess I'm looking for the registry key that is set for outlook 2010. I checked up on
the GPO for Outlook 2010 and it seems it sets HKCU/Software/Policies/Microsoft/Office/14.0/Outlook/RPC/ProxyServerFlags = 0. Doing the same for Outlook 2013 (so using the Office/15.0/Outlook/RPC key) results in outlook no longer being able to connect altogether.
When I manually remove the checkbox and restart Outlook, it first connects using the internal url, then after getting autodiscover it sets the checkbox "Connect to Microsoft Exchange using HTTP" again, and since the external url can be resolved
from inside the network, I get the password prompts again even from inside the corporate network.
Is there a registry key combination that keeps outlook connecting but never using the http proxy?Hi Stephan,
How about the suggestion from Ed.
Feel free to contact me if there is any update.
Thanks
Mavis
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Mavis Huang
TechNet Community Support -
[SOLVED]dhcpd: sharing internet connection from router to clients
I can't seem to figure out (no wonderin, I am inexperienced with networking) how exactly you share an internet connection obtained by (authoritative?) router among a subnet of dhcpd clients? I was setting up pxe server (and i succeeded.. somehow) but nobody gave a reference to this specific problem. This guy http://igor.chudov.com/projects/PXE-Net … Of-Ubuntu/ wrote:
Expect to spend at least 1/2 hour figuring out good DHCP settings for your network. This is more complicated if there is another DHCP server on your network, as it often is the case.
and i don't quite get the catch. Someone willing to explain or give references?
Last edited by dummyan (2012-06-15 11:37:28)It sounds like you are trying to configure your system as a router. You want to administer a subnet on one port, and act as a gateway to allow those machines to share your connection to a parent network on a second port. In this case, your address for the second port comes from the network to which you are attached and its DHCP server. Your machine, on the other hand, runs a DHCP server for machines downstream from your first port. You then act as a gateway and provide NAT services bridge the two ports.
Here is an article you should read from our Wiki.
Also, for background this wikipedia article
Maybe you are looking for
-
Lost "Reopen all windows from last session" and some of my search history
Safari seems to turn into a memory hog. When this happens it appears to stop recording browsing history and thus does not reload all the windows I had open. I always restart Safari when it starts hogging memory. Has anyone else been able to correlate
-
Add Doc. Date to "Customer Receivables Ageing" report
Hi! Let me know if you can in the PLD layout called "Business Partners Aging (Details) (System)" show instead of the Posting Date the Doc. Date. Thanks!
-
Problem in Loading source code
All, I have custom program with 32000 lines of code in the main program, due to this system find it difficult to load. What are best possible ways to load? PS please don't suggest to chunk into different form routines , i know this will solve this is
-
hi, i'm not sure how to explain this. i have a slightly annoying problem, that i am sure can't be resolved but it's worth a shot. i like the album list view. i hope it's called that. i click the list view, and the little arrow on the top left to get
-
Copy .git directories keeping the directory structure
I want to create a script that searches through all folders in one drive and copy all folder named .git and it's content on a backup location with the exact same folder sturcture. For example: take this structure root | + Folder 1 + .git | | Folder 1