Route-reflector clusters
In a cluster of multiple route-reflector, is it necessary for the route-reflectors to be peers to each other? Does the use of the cluster id have any effect on this?
"Usually a cluster of clients will have a single route reflector. In that case, the cluster is identified by the router ID of the route reflector. To increase redundancy and avoid a single point of failure, a cluster might have more than one route reflector. In this case, all route reflectors in the cluster must be configured with the 4-byte cluster ID so that a route reflector can recognize updates from route reflectors in the same cluster. All the route reflectors serving a cluster should be fully meshed and all of them should have identical sets of client and nonclient peers.
If the cluster has more than one route reflector, configure the cluster ID by using the following command in router configuration mode: "
That is taken from
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fipr_c/ipcprt2/1cfbgp.htm#wp1001965
But, if the route-reflectors are not meshed, can someone explain to me what could happen. Is this just a best practice, or a must configuration?
Similar Messages
-
BGP route-reflector next-hop issue
Hello,
I have a small GNS3 lab that is working with one exception: I cannot ping loopback0 on RRc2 and RRc3 from RRc1.
RRc1, RRc2 and RRc3 can all ping loopback0 on SmileyISP and RRc2 and RRc3 can ping each others loopback0
interfaces.
I am broken between the two route-reflectors: RRS1 and RRS2.
Given these conditions:
1) Do not configure any IGP.
2) No static routes
How do I get connectivity from RRc1's loopback0 interface to RRc2 loopback0 and RRc3 loopback0?
I used a route-map to set the next hop, but I am obviously doing something wrong.
I am providing relevant show command outputs, router configs, and the GNS3 topology.net config.
You will have to change the image and working directories to match your computer.
Not quite sure where I am going wrong.
Any help would be greatly appreciated.
Thanks.
-- Mark
RRc1#sh ip bgp
BGP table version is 53, local router ID is 172.16.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*>i 1.1.1.0/24 10.1.25.5 0 100 0 100 i
*>i 10.1.12.0/24 10.1.26.2 0 100 0 i
*>i 10.1.13.0/24 10.1.12.1 0 100 0 i
*>i 10.1.14.0/24 10.1.12.1 0 100 0 i
*>i 10.1.15.0/24 10.1.12.1 0 100 0 i
*>i 10.1.25.0/24 10.1.26.2 0 100 0 i
* i 10.1.26.0/24 10.1.26.2 0 100 0 i
*> 0.0.0.0 0 32768 i
*> 172.16.1.0/24 0.0.0.0 0 32768 i
*>i 172.16.2.0/24 10.1.12.1 0 100 0 i
*>i 172.16.3.0/24 10.1.12.1 0 100 0 i
RRc1#
RRc1#ping 172.16.2.1 so lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.1
Success rate is 0 percent (0/5)
RRc1#
RRc2#sh ip bgp
BGP table version is 31, local router ID is 172.16.2.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*>i 1.1.1.0/24 10.1.15.5 0 100 0 100 i
* i 10.1.12.0/24 10.1.12.2 0 100 0 i
* i 10.1.13.0/24 10.1.13.1 0 100 0 i
*> 0.0.0.0 0 32768 i
*>i 10.1.14.0/24 10.1.13.1 0 100 0 i
*>i 10.1.15.0/24 10.1.13.1 0 100 0 i
* i 10.1.25.0/24 10.1.12.2 0 100 0 i
* i 10.1.26.0/24 10.1.12.2 0 100 0 i
* i 172.16.1.0/24 10.1.12.2 0 100 0 i
*> 172.16.2.0/24 0.0.0.0 0 32768 i
*>i 172.16.3.0/24 10.1.14.4 0 100 0 i
RRc2#
SmileyISP#sh run
Building configuration...
Current configuration : 988 bytes
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname SmileyISP
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface Loopback0
ip address 1.1.1.1 255.255.255.0
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.15.5 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
ip address 10.1.25.5 255.255.255.0
speed auto
duplex auto
router bgp 100
bgp log-neighbor-changes
network 1.1.1.0 mask 255.255.255.0
network 10.1.15.0 mask 255.255.255.0
neighbor 10.1.15.1 remote-as 200
neighbor 10.1.25.2 remote-as 200
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRS1#sh run
Building configuration...
Current configuration : 1594 bytes
! Last configuration change at 19:24:34 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRS1
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.15.1 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
ip address 10.1.12.1 255.255.255.0
speed auto
duplex auto
interface FastEthernet2/0
ip address 10.1.13.1 255.255.255.0
speed auto
duplex auto
interface FastEthernet2/1
ip address 10.1.14.1 255.255.255.0
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.13.0 mask 255.255.255.0
network 10.1.14.0 mask 255.255.255.0
network 10.1.15.0 mask 255.255.255.0
neighbor RouteReflectors peer-group
neighbor RouteReflectors remote-as 200
neighbor RouteReflectors route-map NEXTHOP out
neighbor RRClients peer-group
neighbor RRClients remote-as 200
neighbor RRClients route-reflector-client
neighbor 10.1.12.2 peer-group RouteReflectors
neighbor 10.1.13.3 peer-group RRClients
neighbor 10.1.14.4 peer-group RRClients
neighbor 10.1.15.5 remote-as 100
ip forward-protocol nd
no ip http server
no ip http secure-server
route-map NEXTHOP permit 10
set ip next-hop peer-address
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRS2#sh ru
Building configuration...
Current configuration : 1542 bytes
! Last configuration change at 19:42:06 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRS2
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.12.2 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
ip address 10.1.25.2 255.255.255.0
speed auto
duplex auto
interface FastEthernet2/0
ip address 10.1.26.2 255.255.255.0
speed auto
duplex auto
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.12.0 mask 255.255.255.0
network 10.1.25.0 mask 255.255.255.0
network 10.1.26.0 mask 255.255.255.0
neighbor RouteReflectors peer-group
neighbor RouteReflectors remote-as 200
neighbor RouteReflectors route-map NEXTHOP out
neighbor RRClients peer-group
neighbor RRClients remote-as 200
neighbor RRClients route-reflector-client
neighbor 10.1.12.1 peer-group RouteReflectors
neighbor 10.1.25.5 remote-as 100
neighbor 10.1.26.6 peer-group RRClients
ip forward-protocol nd
no ip http server
no ip http secure-server
route-map NEXTHOP permit 10
set ip next-hop peer-address
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRc1#sh run
Building configuration...
Current configuration : 1005 bytes
! Last configuration change at 18:43:57 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRc1
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface Loopback0
ip address 172.16.1.1 255.255.255.0
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.26.6 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.26.0 mask 255.255.255.0
network 172.16.1.0 mask 255.255.255.0
neighbor 10.1.26.2 remote-as 200
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRc2#sh run
Building configuration...
Current configuration : 1005 bytes
! Last configuration change at 18:45:05 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRc2
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface Loopback0
ip address 172.16.2.1 255.255.255.0
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.13.3 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.13.0 mask 255.255.255.0
network 172.16.2.0 mask 255.255.255.0
neighbor 10.1.13.1 remote-as 200
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
RRc3#wr term
Building configuration...
Current configuration : 1005 bytes
! Last configuration change at 18:31:12 UTC Sat Feb 7 2015
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
hostname RRc3
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
interface Loopback0
ip address 172.16.3.1 255.255.255.0
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 10.1.14.4 255.255.255.0
speed auto
duplex auto
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
router bgp 200
bgp log-neighbor-changes
network 10.1.14.0 mask 255.255.255.0
network 172.16.3.0 mask 255.255.255.0
neighbor 10.1.14.1 remote-as 200
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
logging synchronous
transport preferred none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
end
autostart = False
version = 0.8.6
[127.0.0.1:7202]
workingdir = C:\Users\Mark\AppData\Local\Temp
udp = 10200
image = C:\downloads\GNS3\c7200-adventerprisek9-mz.152-4.S5.image
idlepc = 0x62f1e4ec
ghostios = True
console = 2005
aux = 2100
cnfg = configs\SmileyISP.cfg
slot1 = PA-2FE-TX
f1/0 = RRS1 f1/0
f1/1 = RRS2 f1/1
x = -24.0
y = -259.0
z = 1.0
hx = -1.5
hy = -24.0
console = 2015
aux = 2101
cnfg = configs\RRc1.cfg
slot1 = PA-2FE-TX
f1/0 = RRS2 f2/0
x = -292.0
y = 200.0
z = 1.0
hx = -5.5
hy = -25.0
[127.0.0.1:7200]
workingdir = C:\Users\Mark\AppData\Local\Temp
udp = 10000
image = C:\downloads\GNS3\c7200-adventerprisek9-mz.152-4.S5.image
idlepc = 0x62f1e4ec
ghostios = True
console = 2012
aux = 2102
cnfg = configs\RRS1.cfg
slot1 = PA-2FE-TX
f1/0 = SmileyISP f1/0
f1/1 = RRS2 f1/0
slot2 = PA-2FE-TX
f2/0 = RRc2 f1/0
f2/1 = RRc3 f1/0
x = 197.0
y = 6.0
z = 1.0
hx = 42.5
hy = -20.0
console = 2013
aux = 2103
cnfg = configs\RRS2.cfg
slot1 = PA-2FE-TX
f1/0 = RRS1 f1/1
f1/1 = SmileyISP f1/1
slot2 = PA-2FE-TX
f2/0 = RRc1 f1/0
x = -239.0
y = 9.0
z = 1.0
hx = 1.5
hy = -24.0
[127.0.0.1:7201]
workingdir = C:\Users\Mark\AppData\Local\Temp
udp = 10100
image = C:\downloads\GNS3\c7200-adventerprisek9-mz.152-4.S5.image
idlepc = 0x62f1e4ec
ghostios = True
console = 2009
aux = 2104
cnfg = configs\RRc3.cfg
slot1 = PA-2FE-TX
f1/0 = RRS1 f2/1
x = 337.0
y = 155.0
z = 1.0
hx = 17.5
hy = -25.0
console = 2008
aux = 2105
cnfg = configs\RRc2.cfg
slot1 = PA-2FE-TX
f1/0 = RRS1 f2/0
x = 149.0
y = 204.0
z = 1.0
hx = -13.5
hy = -23.0
[GNS3-DATA]
configs = configs
text = ".1"
x = 208.0
y = -23.0
text = "10.1.12.0/24"
x = -19.0
y = 5.0
text = ".1"
x = 153.0
y = 25.0
text = ".1"
x = 259.0
y = 33.0
text = "10.1.13.0/24"
x = 238.0
y = 84.0
rotate = 99
text = "10.1.25.0/24"
x = -188.0
y = -124.0
text = "l0: 172.16.2.1/24"
x = 125.0
y = 244.0
text = "l0:172.16.1.1/24"
x = -269.0
y = 240.0
text = "10.1.15.0/24"
x = 116.0
y = -127.0
text = "10.1.14.0/24"
x = 293.0
y = 53.0
rotate = 50
text = ".1"
x = 194.0
y = 68.0
text = "AS100"
x = -20.0
y = -342.0
text = ".2"
x = -148.0
y = 46.0
text = "AS200"
x = 33.0
y = 300.0
text = "l0: 1.1.1.1/24"
x = -42.0
y = -306.0
text = ".5"
x = 50.0
y = -213.0
text = ".2"
x = -248.0
y = 60.0
text = ".2"
x = -174.0
y = -52.0
text = ".5"
x = -54.0
y = -209.0
text = ".6"
x = -232.0
y = 189.0
text = "l0:172.16.3.1/24"
x = 299.0
y = 194.0
text = "10.1.26.0/24"
x = -274.0
y = 167.0
rotate = 290
text = ".3"
x = 208.0
y = 187.0
text = ".4"
x = 312.0
y = 155.0
type = ellipse
x = 50.0
y = -35.0
width = 385.0
height = 345.0
fill_color = "#ffff7f"
border_style = 2
z = -1.0
type = ellipse
x = -171.0
y = -346.0
width = 359.0
height = 200.0
fill_color = "#aaff7f"
border_style = 2
z = -1.0
type = ellipse
x = -407.0
y = -87.0
width = 883.0
height = 443.0
border_style = 2
z = -2.0
type = ellipse
x = -361.0
y = -29.0
width = 385.0
height = 326.0
fill_color = "#55aaff"
border_style = 2
z = -3.0BD,
Ahh...
OK. In the original article, the author states that the final piece with the route map
NEXTHOP was supposed to fix the reachability issue. Obviously it doesn't.
After reading your last post, I looked more carefully at the output from 'sh ip bgp'
on each of the client routers and I realized that several of the next hop addresses were
wrong for some of the prefixes.
1) I completely removed the 'neighbor RouteReflectors route-map NEXTHOP out'
from both RR's. Then I ran 'sh ip bgp' on the clients and noted a change in the next hop addresses. Still wrong, but it changed.
2) I then tried next-hop-self from the RR's to the clients, but it did not change from where
it was after I completed step 1. I am not sure why there was no change. (actually, see the very end of this post)
3) I then applied my version of the route map: route-map NEXTHOP permit 10
set ip next-hop peer-address
to the RR's with this: neighbor RRClients route-map NEXTHOP out
That fixed it. All three clients have as their next hop for all prefixes their respective
RR's (which is what they should have for this topology).
I have full connectivity everywhere, even loopback to loopback between all clients.
1) THANK YOU for pointing me in the right direction.
2) If I may ask, why did next hop self fail? More specifically, I saw no change at all
in the next hop for the advertised prefixes. Is it because next-hop-self should be used
for eBGP peers and all of the RR's and clients are all within the same AS? -
Hello,
i have this bgp topology all router running bgp and no igp is running. Now, the problem is R2 and R3 are route reflector, R1 and R4 are Rclient.
R3 has learn route from R4 (4.4.4.4) from its R client and it advertise to R2 but R2 not advertise (4.4.4.4) route to its client (R1).
R1#sh ip bgp
BGP table version is 5, local router ID is 192.168.12.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 0.0.0.0 0 32768 i
*>i2.2.2.2/32 192.168.12.2 0 100 0 i
* i3.3.3.3/32 192.168.23.3 0 100 0 i
R2#sh ip bgp
BGP table version is 8, local router ID is 192.168.12.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.1/32 192.168.12.1 0 100 0 i
*> 2.2.2.2/32 0.0.0.0 0 32768 i
*>i3.3.3.3/32 192.168.23.3 0 100 0 i
* i4.4.4.4/32 192.168.34.4 0 100 0 iR3#sh ip bgp
BGP table version is 8, local router ID is 192.168.23.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* i1.1.1.1/32 192.168.12.1 0 100 0 i
*>i2.2.2.2/32 192.168.23.2 0 100 0 i
*> 3.3.3.3/32 0.0.0.0 0 32768 i
*>i4.4.4.4/32 192.168.34.4 0 100 0
R3#sh run | se router bgp
router bgp 1
no synchronization
bgp log-neighbor-changes
network 3.3.3.3 mask 255.255.255.255
neighbor 192.168.23.2 remote-as 1
neighbor 192.168.23.2 next-hop-self
neighbor 192.168.34.4 remote-as 1
neighbor 192.168.34.4 route-reflector-client
no auto-summary -
Rt-filter or route-policy in a route-reflector
Hi,
I want to implement a route reflector that i will use in two differents networks with differents VPNL3. So i do not want that my route reflector advertise the prefixes form a network to the other. I am using an ASR9000 with IOS XR 4.3.2 as route reflector.
I tried two differents configurations in a testing enviroment and both work fine, one applying route-policy filtering by RD, and another using RT-filter. But i do not know what is better to implement on production. I will appreciate if somebody could help me to decide what is the best to implement in a production Network, thinking in the resources of the network and in the IPv6 deployment (i could not configure RT Filter with address-family ipv6)
With route-policy
rd-set RD_XXX
65000:*
end-set
route-policy to_XXX
if rd in RD_XXX then
pass
else
drop
endif
end-policy
route-policy to_YYY
if rd in RD_XXX then
drop
else
pass
endif
end-policy
router bgp 65001
neighbor-group XXX
remote-as 65001
address-family vpnv4 unicast
route-reflector-client
route-policy to_XXX out
neighbor-group YYY
remote-as 650001
update-source Loopback0
address-family vpnv4 unicast
route-reflector-client
route-policy to_YYY out
with RT-Filter
router bgp 65001
address-family ipv4 rt-filter
neighbor-group XXX
address-family ipv4 rt-filter
route-reflector-client
soft-reconfiguration inbound always
neighbor-group YYY
address-family ipv4 rt-filter
route-reflector-client
soft-reconfiguration inbound always
RegardsHi,
One benefit I see with rt-filter is, this feature provides considerable savings in CPU cycles and transient memory usage, generally this will be beneficial when you have large number of prefixes to be filtered, as you do not need to define route-policy for all the prefixes, and also it simple to configure (only one command )
Look at the Restrictions for BGP: RT Constrained Route Distribution in below document
http://www.cisco.com/en/US/docs/ios/ios_xe/iproute_bgp/configuration/guide/irg_rt_filter_xe.html
HTH
Regards,
Sandip -
Hi All...
I have this topology:
CE2-->PE1-->P--->PE2-->CE2
.............\-->PE3-->CE2
In router "P" I want to configure MP-BGP, but I have many doubts with configurations this router. I need to do route-reflector too.
Anybody can help me?
CLRGomesThanks, look my configuration:
Router P
router bgp 65500
no synchronization
no bgp default route-target filter
bgp log-neighbor-changes
neighbor MPLS peer-group
neighbor MPLS remote-as 65500
neighbor MPLS ebgp-multihop 255
neighbor MPLS update-source Loopback0
neighbor MPLS route-reflector-client
neighbor MPLS allowas-in
neighbor MPLS soft-reconfiguration inbound
neighbor 10.10.10.2 peer-group MPLS
neighbor 10.10.10.3 peer-group MPLS
neighbor 10.10.10.4 peer-group MPLS
no auto-summary
address-family vpnv4
neighbor MPLS route-reflector-client
neighbor MPLS send-community both
neighbor 10.10.10.2 activate
neighbor 10.10.10.3 activate
neighbor 10.10.10.4 activate
exit-address-family
ok...working perfect, I did MP-BGP between PE routers and I configured RDs differents too...
Later I did between PE->CE with OSPF and working too, loadshare working.
Thanks a lot
CLRGomes
CCIE R&S -
Hi
I have a Network with about 14 PE's and totally 800 vpnv4 Prefixes.
I thought about a design with redundant 7200 as Route Reflectors.
Now the question: Could i use two PE's (6500 Sup 720) as Route Reflector? So i wouldn't have to buy two 7200.
cheers patrickHello Patrick,
As you know that Route Reflectors as a concept is applicable for networks having heavy IBGP mesh, and also involves quite a burden on the processor.
Coming back to your question !!! Yes a couple of 6500 with SUP 720 can be used, you can try this new IOS release 12.2(17b)SXA.
Check this link further:
http://www.cisco.com/en/US/products/hw/switches/ps708/prod_bulletin09186a00801df1dd.html
sultan -
Hi,
I am having this design issue with route reflectors and could use some help.
I have 18 routers fully meshed in an MP-iBGP session and i am going to introduce route reflectors into the network to minimize the total number of TCP sessions
My problem is that some of these routers have outboud policies with one another. for example i have a route map on router 1 affecting only router 2 and would like to keep it this way
is there any way to do that through route reflectors ?
Thank you
HadiHi Riccardo,
I have 18 routers in a full MP-iBGP mesh topology. Some pairs of these routers have the following policy :
I have a route-map matching on Route Targets and i am setting the next hop to be different from the rest of the RT for that site.
This way, the prefixes originating from site A for example will reach site B with different next hops depending on how i set it in my route-map.
These policies are only between pairs of routers i.e. router#1 needs only to affect router#2
How can i achieve this using RRs
Thank you
Hadi -
Route-reflector-client inheritance-disable
Hi Folks,
I found the command route-reflector-client inheritance-disable here, why do we use it.
http://www.cisco.com/en/US/docs/routers/xr12000/software/xr12k_r3.9/routing/command/reference/b_rr39xr12kbook_chapter_01.html#wp1681856112
RP/0/0/CPU0:router(config)# router bgp 140
RP/0/0/CPU0:router(config-bgp)# af-group group1 address-family ipv4 unicast
RP/0/0/CPU0:router(config-bgp-afgrp)# route-reflector-client
RP/0/0/CPU0:router(config-bgp-afgrp)#exit
RP/0/0/CPU0:router(config-bgp)# neighbor 172.20.1.1
RP/0/0/CPU0:router(config-bgp-nbr)# remote-as 140
RP/0/0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast
RP/0/0/CPU0:router(config-bgp-nbr-af)# use af-group group1
RP/0/0/CPU0:router(config-bgp-nbr-af)# route-reflector-client inheritance-disable
I Will rate all helpful posts Thanks in advance
Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."Hello Muhammad,
As document says:
The following example disables the route-reflector client for neighbor 172.20.1.1, preventing this feature from being automatically inherited from address family group group1:
RP/0/RP0/CPU0:router(config)# router bgp 140
RP/0/RP0/CPU0:router(config-bgp)# af-group group1 address-family ipv4 unicast
RP/0/RP0/CPU0:router(config-bgp-afgrp)# route-reflector-client
RP/0/RP0/CPU0:router(config-bgp-afgrp)#exit
RP/0/RP0/CPU0:router(config-bgp)# neighbor 172.20.1.1
RP/0/RP0/CPU0:router(config-bgp-nbr)# remote-as 140
RP/0/RP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast
RP/0/RP0/CPU0:router(config-bgp-nbr-af)# use af-group group1
RP/0/RP0/CPU0:router(config-bgp-nbr-af)# route-reflector-client inheritance-disable
Neighbor 172.20.1.1 si configured as member of group1. Members of group1 are configured as route-reflector-clients. But you want to disable neighbor 172.20.1.1 to become route-reflector-client so you need to configure route-reflector-client inheritance-disable.
Best Regards
Please rate all helpful posts and close solved questions -
I'm considering a limited IPv6 rollout using 6PE, and would like to know if the following configuration would be supported.
Our typical topology consists of customer aggregation routers connected to a pair of regional core routers. The cores are directly interconnected to other regions' cores via our long haul transport network. Our border routers are also connected to the closest pair of cores.
All the regional pairs of core routers are route reflectors, and the customer aggregation and border routers are route reflector clients of the closest pair of cores.
These are all 7600-class routers, and they're all running MPLS on the interconnects.
Can we use 6PE to exchange V6 routes between our dual-stack customer aggregation and border routers, and have those routes reflected through MPBGP sessions to the IPv4-only core routers?
customer_agg (dual v4/v6) ---> region1 core (v4 only) --->
<--- region2 core (v4 only) ---> border (dual v4/v6)
Thanks much...Stafford, yes you can run 6 PE in you distributed RR topology. Only thing is even though your RR's need not be dual stack but they definately need to support V6 Address Family for peering with the border PE's and reflecting the updates received.
Do note that when you enable ipv6 address family it makes it a dual stack router even though you do not aggregate customers over ipv6 link addresses.(7600'shave support for this, so should not be much of a concern here in terms of support)
Here is a reference for 6PE configuration.
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_data_sheet09186a008052edd3.html
Other option which you can think of is rather than creaing a full mesh of v6 peerings, if your dployment is limited to certain PE's you may want to form direct v6 ibgp between them.
HTH-Cheers,
Swaroop -
if i config mp-bgp vpnv4 reflector on a P router, does this P router become a PE router? Or keep P router role in mpls network?
thank you!Hello,
As I see it, how you do the route reflection process is more your own business than the customers'. How well you are doing it will of course affect the customers, but this is more an internal issue of the core, rather than something to discuss with the customer. Anyway, in this case the customers might have a point.
The problem when you have 2 PE's as your RR's is that if you want to perform a maintenance procedure on those PE's, it might also affect customers not even connected to the particular PE's. If on the other hand the core routers are the RR's, if you perform maintenance on them, few things in the network will be operational anyway since they stand in the middle, so no more harm done than expected. One could argue that in both cases there are 2 RR's, so things cannot be that bad. If one goes down we do have the other. (In the case of the P's however, if one goes down you might have a split network, so route reflection is the last thing that would concern you.)
You have 122 PE's and expect more. My guess is that your routers can handle the process if in most cases only a couple of routes are exchanged between VPN sites. Whether you choose to make RR's the P's or the PE's is more of a matter of style. I would prefer the PE's, because I would rather keep the P's "clean", doing what they are supposed to do, that is label switching traffic. MPLS is supposed to relief the core from running BGP, and we do not want to take risks in the P's by running something not absolutely necessary for them. In addition, route reflection is supposed to relief the PE's from having to peer with each other directly, so it looks more their own business to handle the route reflection process, which is coming to remedy the necessity for them (that is the PE's) to peer with every other PE in the network.
The bottom line is: Your P's are more important to you than any other router. This is for the customers' best interest as well. Keep functions where they belong more naturally.
Kind Regards,
M. -
In such a scenario where a commmon cluster-id is configured on the two RRs (R1,R2) is the iBGP session between the RRs required and if so why ?
Hi Darlington,
It is there in the below link:
http://cisco.iphelp.ru/faq/5/ch15lev2sec17.html
It is nothing but to provide redundancy if the R8 to R2 link goes down, R2 will not be able to reach R8.
Thanks,
Manjunath -
MP-BGP Router Reflectot (RR) Default Behaviour
Hi All,
I have a 7206VXR configured like RR for MPBGP (Afi/safi 1/128 L3VPN rfc 2547Bis).
My RR is configured with different peer-group towards its clients (PE).
I'd like to konw what is the RR's default behaviour when it receives an updata message type 'withdrawal' by its client.
I've observed that:
- When a PE send its update (withdrawal), it receive back by RR all its bgp table...with a lot NLRI that my PE doesn't need..Is it a normal behaviour?
- When a PE send its update (withdrawal), it receives back by RR its own update..I think that this is a normal behaviuor since he is configured within a peer-group on RR. Is it correct?
Many thanks in advance for your support.
GianlucaHello I'm trying to configure a lab with 4 7600-sup32-3b 12.2(2)-33.SRC. 2 of them as P routers and the rest as PE. P's are Route Reflector and PE are route reflector clients. If I create the same VRF in both PE routes are note not advertised between PEs.(show ip route vrf lab). Please could you give me a configuration example or a link where I could take a look.
Thanks in advance. Santiago. -
Hi all,
We've a cell-based MPLS network (based on BPX 8600/LSC 7200 acting as the P and MGXs with RPMs acting as the PEs and connected with E3s to the BPX).
On those PEs...we're running MPLS VPNs for our customers and there're 2 PEs acting as Route Reflectors for all the other PEs for reflecting the MP-BGP routes for the VRFs.
The problem is that with any RPM reloads or any interface flapping or without any reason....all of a sudden we found that a VRF customer that has for example 2 branches....one of them connected to POPX and the other branch connected to POPY complaining that there's no connectivity bet the 2 branches although when issuing the command " sh ip route vrf Customer AAA " on the PE of POPX we found that the IBGP routes of the other branch are present in its VRF routing table.....but still the 2 branches cannot ping each other.
The same problem may be repeated for all VRF customers connected bet those 2 POPs and aren't solved except when issuing the command on the PE of POP X "clear ip route (lpbk add of the PE in POPY)"
After that command....everything is OK and the 2 branches can ping each other without problems.
After some investigation...we found that this problem is due to an LSC bug....the suspected bugs were CSCea21665 and CSCea74222 and the workaround for those bugs are "clear ip route (Remote PE lpbk add)"
As listed in those bugs also that the fix for them is in IOS 12.2(15)T05 and higher....so we upgraded our LSC from ver 12.2(8)T4 to the latest
12.2(19).
Unfortunately we found that the problem is not yet solved and still the same syptoms appers for the VRFs.....and that mean that upgrading the IOS ver for the LSc is not enough and there's a step yet missing for avoiding that fatal problem.
So has anyone faced this problem before ??? and if yes what were the steps done to avoid it other than the famous workaround "clear ip route (Remote PE lpbk add)"???Mohamed,
I red your problem, because I'm interested on all the WAN switching staff.
Look at bug CSCea21665 on CCO, the fix is not integrated in 12.2 main line, so you have to go to one of the following minimum IOS 12.2(15)T05, 12.2(17.6)S, 12.3(1.9), 12.3(1.9)T, 12.0(25.3)S01, 12.2(11)T09, 12.2(15)ZK, 12.3(2.3)B, 12.2(15)ZK01.
Look at Bug CSCea74222, it's fixed in
12.2(15)T03, 12.3(1.5), 12.3(1.5)T, 12.2(17.3)S, 12.2(15)ZK, 12.3(2.3)B
From that two bugs, do not use 12.2 main line, the fix is not integrated.
Don't use 12.3, it's to new ;-))
I would recommend 12.2(15)T05 or higher, that means 12.2(15)T07
Than you shouldn't see the problem again.
regards
Dietmar -
MPLS BGP routes push to DMVPN spokes
I have an MPLS with BGP. I also have sites that are not connected directly to the MPLS, but have a s2s VPN to hub sites that are connected to the MPLS and that way they access the MPLS resources. I need to communicate the route changes to the MPLS when the DMVPN fails-over to another hub.
Currently this is my config:
Datacenter (MPLS only)
interface GigabitEthernet0/1
description MPLS
ip address 192.168.0.34 255.255.255.252
interface Vlan2
ip address 192.168.96.2 255.255.255.0
router bgp 65511
bgp log-neighbor-changes
network 192.168.96.0
neighbor 192.168.0.33 remote-as 65510
Hub site 1 (MPLS + internet)
interface Tunnel200
ip address 10.99.99.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication auth
ip nhrp map multicast dynamic
ip nhrp network-id 12345
ip nhrp holdtime 600
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 200
tunnel protection ipsec profile dmvpn
interface GigabitEthernet0/1
description MPLS
ip address 192.168.1.2 255.255.255.0 secondary
ip address 192.168.0.2 255.255.255.252
router bgp 65001
bgp log-neighbor-changes
network 192.168.1.0
network 192.168.21.0
!10.99 clients are DMVPN spokes
neighbor 10.99.99.3 remote-as 99010
neighbor 10.99.99.3 route-reflector-client
neighbor 10.99.99.21 remote-as 99001
neighbor 10.99.99.21 route-reflector-client
!as 65000 is the MPLS PE
neighbor 192.168.0.1 remote-as 65000
Hub Site 2, has the same configuration, except for local ip address and router BGP ID.
Spoke site:
interface Tunnel200
ip address 10.99.99.3 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication auth
ip nhrp map 10.99.99.1 PUBLIC_IP_HUB_1
ip nhrp map 10.99.99.16 PUBLIC_IP_HUB_2
ip nhrp network-id 12345
ip nhrp holdtime 600
ip nhrp nhs 10.99.99.1 priority 1
ip nhrp nhs 10.99.99.16 priority 5
ip nhrp nhs fallback 60
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 200
tunnel protection ipsec profile dmvpn
interface GigabitEthernet0/1
description Internal
ip address 192.168.3.1 255.255.255.192
router bgp 99010
bgp log-neighbor-changes
network 192.168.3.0
neighbor 10.99.99.1 remote-as 65001
neighbor 10.99.99.16 remote-as 65013
On this spoke site
#sh ip route
B 192.168.1.0/24 [20/0] via 10.99.99.1, 00:47:01
which is the HUB network, but the rest of the MPLS routes are not "learned".
What am I missing?
Thanks!Hi Jon, I've ommited the configuration of the MPLS provider routers in between. The DC is connected to a router that has the AS 65510.
DC:CPE---PE:{MPLS}PE---CPE:HUB---{internet}---Spoke
The DC is ok getting the network information via BGP:
#sh ip route
B 192.168.3.0/24 [20/0] via 192.168.0.33, 3d05h
B 192.168.21.0/24 [20/0] via 192.168.0.33, 3d05h
#sh ip bgp 192.168.21.0
BGP routing table entry for 192.168.21.0/24, version 559
Paths: (1 available, best #1, table default)
Not advertised to any peer
Refresh Epoch 1
65510 3549 6140 3549 65000
192.168.0.33 from 192.168.0.33 (###.###.###.###)
Origin IGP, localpref 100, valid, external, best
#sh ip route 192.168.21.0
Routing entry for 192.168.21.0/24
Known via "bgp 65511", distance 20, metric 0
Tag 65510, type external
Last update from 192.168.0.33 3d05h ago
Routing Descriptor Blocks:
* 192.168.0.33, from 192.168.0.33, 3d05h ago
Route metric is 0, traffic share count is 1
AS Hops 5
Route tag 65510
MPLS label: none
Spoke:
#sh ip bgp
BGP table version is 494, local router ID is 192.168.21.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.0.129.32/27 10.99.99.16 0 65013 65012 3549 ?
*> 192.168.96.0 10.99.99.16 0 65013 65012 3549 6745 65510 ?
#sh ip route 192.168.96.0
Routing entry for 192.168.96.0/24
Known via "bgp 99001", distance 20, metric 0
Tag 65013, type external
Last update from 10.99.99.16 00:02:11 ago
Routing Descriptor Blocks:
* 10.99.99.16, from 10.99.99.16, 00:02:11 ago
Route metric is 0, traffic share count is 1
AS Hops 5
Route tag 65013
MPLS label: none
#sh ip bgp 192.168.96.0
BGP routing table entry for 192.168.96.0/24, version 465
Paths: (1 available, best #1, table default)
Not advertised to any peer
Refresh Epoch 2
65013 65012 3549 6745 65510
10.99.99.16 from 10.99.99.16 (10.2.16.1)
Origin incomplete, localpref 100, valid, external, best
The route is not being updated to the rest of the routers, and the 192.168.21.0 network is still announced via the old route.
(from spoke)
ping 192.168.96.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.96.2, timeout is 2 seconds:
Success rate is 0 percent (0/5)
From DC
#traceroute 192.168.21.1
Type escape sequence to abort.
Tracing the route to 192.168.21.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.0.33 [AS 65510] 0 msec 0 msec 0 msec
2 172.50.1.33 [AS 65510] 56 msec 36 msec 36 msec
3 10.80.1.1 [AS 3549] 44 msec 44 msec 44 msec
4 10.80.1.2 [AS 3549] 172 msec 172 msec 168 msec
5 172.50.1.1 [AS 3549] 168 msec 168 msec 172 msec
6 172.50.1.2 [AS 3549] 180 msec 180 msec 176 msec
7 192.168.0.2 [AS 65000] 172 msec 172 msec 168 msec <- old route, should be 192.168.0.9
8 192.168.0.2 [AS 65000] !H * !H -
I have just issued the 'sh ip route' command and the router output is showing some of the routes as 'L'
I have the expected Connected 'C' and OSPF 'O' routes but I have not seen the 'L' indicator before. I have done a search but can't find anything that explains why the /32 interface addresses have been marked as Local
ROUTER#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
<OUTPUT OMITTED>
C XX.YYY.1.64/30 is directly connected, GigabitEthernet0/0
L XX.YYY.1.66/32 is directly connected, GigabitEthernet0/0
C XX.YYY.1.68/30 is directly connected, GigabitEthernet0/1
L XX.YYY.1.70/32 is directly connected, GigabitEthernet0/1
These connections are configured as point to point OSPF connections for connecting the router to core switches, and the routers themselves are used as BGP Route Reflectors. Can anyone shed any light on the meaning of 'Local' and why it is needed as well as 'Connected'. I can do a 'sh ip route connected' but it doesn't allow 'sh ip route local'
These are c7301 routers running IOS 12.2(33)SRD
Regards
MelProbably no one will read this 4 years after, but just for thread comletion's sake (and since gougle returns this page in its results) I cut-paste the following passage form the CCNA 100-101 cert guide(Chapter 16 after Example 16-1).
"Note that the router also automatically produces a different kind of route, called a local route. The local routes defines a route for the one specific IP address configured on the router interface. Each local route has a /32 prefix length, defining a host route, which defines a route just for that one IP address. For example, the last local route, for 172.16.5.1/32, defines a route that matches only the IP address of 172.16.5.1. Routers use these local routes that list their own local IP addresses to more efficiently forward packets sent to the router itself."
Maybe you are looking for
-
On photoshop cs6 when I drag in an image it will not allow me. It comes up with a circle with a line through the middle. I've heard that a solution is to disable UAC. I do not want to disable it. Any solutions anyone?
-
Call to Web Sevice in External (non SAP) system from SAP CRM
Hi, I have to make a call to External system from SAP CRM 5.0 system. The external system will provide a sample webservice which SAP will try to initiate Can you please tell me: 1. What settings/object needs to be maintained in SAP in order to make t
-
Asynchronous messaging on Orion 1.5.2
Hello, all, I am running Orion 1.5.2 JMS Queue and have 2 clients subscribed to it. Client A is the producer of messages and Client B is the consumer. I use asynchronous messaging, that is Client B implements MessageListener interface and has an onMe
-
I want to open my new Macmini to internet
I need help to configurate my new mac mini. In fact I would like to be able to get to my mini mac at home from anywhere in the world with any other device. Can someone help me to set up this proprely with the right software I will need ?
-
OIM11g: Notification Event, before and after data elements
Hello I have several notification events currently working correctly. I would like to, however, create a new notification event that contains the before and after value of a changed attribute. For example: if user email address changes, notification