Route-refresh vs soft-reconfiguration inbound
Hi,
If IOS supports route-refresh capability then can i do away with soft-reconfiguration inbound to save memory and cpu utilization in multi-vrf ce routers.
Thanks
Kas
Absolutely !!
soft-reconfiguration inbound is more seen as a troubleshooting tool and should be enabled only to check what you are receiving and then should be removed.
HTH
Laurent.
Similar Messages
-
Nexus5548 BGP soft-reconfiguration inbound
Hi,
I have a small problem when using Nexus5548 version 5.2(1)N1(2a) with BGP and "soft-reconfiguration inbound". The BGP config looks exactly like other Nexus implementations with BGP but with N5K im not able to see "show ip bgp neighbors x.x.x.x received-routes". I get the error message saying:
% Inbound soft reconfiguration for IPv4 Unicast not enabled on x.x.x.x
The BGP-config looks like this:
router bgp [ASN]
router-id 1.2.3.4
neighbor x.x.x.x remote-as [eBGP_ASN]
address-family ipv4 unicast
route-map BGP_prim in
soft-reconfiguration inbound
The neighbor looks like it supports this feature:
Neighbor capabilities:
Dynamic capability: advertised (mp, refresh, gr)
Dynamic capability (old): advertised
Route refresh capability (new): advertised received
Route refresh capability (old): advertised received
4-Byte AS capability: advertised received
Address family IPv4 Unicast: advertised received
Graceful Restart capability: advertised
Any idea where im going wrong or is it not possible to do this in N5K?
Cheers! // MattiasMattias,
I may be answering a slightly different question but here goes: Are you sure you need the soft-reconfiguration inbound? Are you perhaps confusing this feature with route refresh, a different feature?
It appears that most people do not differentiate between these two features. They provide the same functionality but use vastly different means of accomplishing them.
The soft-reconfig inbound is an ancient workaround about BGP's former inability to ask a neighbor to repeatedly resend a set of routes. Cisco devices have traditionally solved this problem by storing a separate, unfiltered copy of all routes received from a particular neighbor configured with the neighbor soft-reconfig inbound command. Every change on the inbound policy would then simply re-filter the routes from the unfiltered database maintained on a per-neighbor basis. An obvious disadvantage of this approach is the amount of wasted memory to keep unfiltered BGP databases for each neighbor for which you have configured the soft-reconfig inbound.
In RFC 2918 which is 15 years old by now, a new BGP message was standardized: the Route Refresh message. Using this message, a BGP router can ask its neighbor at any time to resend a particular family of routes (IPv4 routes, IPv6 routes, etc.). No storing of unfiltered databases is necessary anymore. In addition, this Route Refresh is negotiated and used automatically as soon as both routers support it.
Now, your Nexus tells you right away:
Route refresh capability (new): advertised received
Route refresh capability (old): advertised received
It is telling you that both your Nexus (advertised) and its neighbor (received) support the Route Refresh feature, and as a result, they will be using it automatically, without you configuring anything in particular.
If you configured soft-reconfig inbound for a neighbor, you would be losing the advantages of Route Refresh, as you would be forcing your router to store unfiltered routes from the neighbor even though both routers support the Route Refresh and storing the unfiltered database is entirely useless.
It is possible that NX-OS tries to do things the smart way, and when it finds out that both peers support Route Refresh, it uses it in place of soft-reconfig inbound even if you have it configured. I am not fluent in NX-OS so I cannot comment on that with certainty but it is a possibility.
In any case, to show the routes received from a neighbor, you should use just show ip bgp neighbor x.x.x.x received routes (not received-routes).
Would you mind trying this out? If this works for you then I suggest that you remove the soft-reconfig inbound from your configuration. It seems to be useless in your (and in most people's) case.
Best regards,
Peter -
Automatically route determination for Normal PO - Inbound delivery
dear MM experts,
we are successful route determination for STO & SO, now we wud like to know whether normal PO, route automatically determined or not.
-while creating PO, we don't find the shipping tab, unlike in sto,
or
-while creating inbound delivery
Please help in giving solution if any one as already implemented
thanx in advance
srihariHi, did you solve it? I am having the same problem.
-
Rt-filter or route-policy in a route-reflector
Hi,
I want to implement a route reflector that i will use in two differents networks with differents VPNL3. So i do not want that my route reflector advertise the prefixes form a network to the other. I am using an ASR9000 with IOS XR 4.3.2 as route reflector.
I tried two differents configurations in a testing enviroment and both work fine, one applying route-policy filtering by RD, and another using RT-filter. But i do not know what is better to implement on production. I will appreciate if somebody could help me to decide what is the best to implement in a production Network, thinking in the resources of the network and in the IPv6 deployment (i could not configure RT Filter with address-family ipv6)
With route-policy
rd-set RD_XXX
65000:*
end-set
route-policy to_XXX
if rd in RD_XXX then
pass
else
drop
endif
end-policy
route-policy to_YYY
if rd in RD_XXX then
drop
else
pass
endif
end-policy
router bgp 65001
neighbor-group XXX
remote-as 65001
address-family vpnv4 unicast
route-reflector-client
route-policy to_XXX out
neighbor-group YYY
remote-as 650001
update-source Loopback0
address-family vpnv4 unicast
route-reflector-client
route-policy to_YYY out
with RT-Filter
router bgp 65001
address-family ipv4 rt-filter
neighbor-group XXX
address-family ipv4 rt-filter
route-reflector-client
soft-reconfiguration inbound always
neighbor-group YYY
address-family ipv4 rt-filter
route-reflector-client
soft-reconfiguration inbound always
RegardsHi,
One benefit I see with rt-filter is, this feature provides considerable savings in CPU cycles and transient memory usage, generally this will be beneficial when you have large number of prefixes to be filtered, as you do not need to define route-policy for all the prefixes, and also it simple to configure (only one command )
Look at the Restrictions for BGP: RT Constrained Route Distribution in below document
http://www.cisco.com/en/US/docs/ios/ios_xe/iproute_bgp/configuration/guide/irg_rt_filter_xe.html
HTH
Regards,
Sandip -
Difference between address-family ipv6 and address-family ipv6 labeled unicast
Hello Experts,
Can someone explain me the difference between address-family ipv6 and address-family ipv6 labeled unicast. Per my understanding, i think both of them are used to send labelled IPv6 prefix advertisements through BGP..If so, are the following configs same?
address-family ipv6
neighbor 192.168.0.1 activate
neighbor 192.168.0.1 send-label
router bgp 10
neighbor 192.168.0.1
address-family ipv6 labelled unicast
Please let me know if my understanding is correct
Thanks
MukundhThanks for the reply Nagendra...
I have another related query regarding this. We have BGP neighborship flapping between 2 routers ...One is Cisco 7204 and another is Juniper M120 I think.... The Juniper logs show that BGP is flapped due to family inet6 not configured on the Juniper end and Juniper is receiving BGP advertisements with native IPv6 as next hop from Cisco when it shouldn't be receiving that.. The following are commands on Cisco and Juniper...
##### CISCO####
outer bgp 5603
neighbor 95.176.254.10 inherit peer-session LAR neighbor 95.176.254.10 description --- M320-LAB-LJ-CIGALETOVA address-family ipv4
neighbor 95.176.254.10 activate
neighbor 95.176.254.10 inherit peer-policy LAR-ipv4 address-family ipv6
neighbor 95.176.254.10 activate
neighbor 95.176.254.10 send-community both
neighbor 95.176.254.10 route-reflector-client
neighbor 95.176.254.10 send-label
template peer-session LAR
remote-as 5603
update-source Loopback0
timers 30 90
exit-peer-session
template peer-policy LAR-ipv4
route-map LAR-ipv4-out out
route-reflector-client
soft-reconfiguration inbound
send-community both
exit-peer-policy
####JUNIPER####
protocols{bgp{
group I-BGP-IPV4 {
type internal;
family inet {
unicast;
family inet6 {
labeled-unicast {
explicit-null;
export RR-Export-All;
neighbor 95.176.255.254 {
description C7201-RR-IP-CIGALETOVA;
local-address 95.176.254.10;
neighbor 95.176.255.252 {
description C7201-RR-IP-CIGALETOVA;
local-address 95.176.254.10;
By the cisco command above, shouldn't cisco be sending only labelled ipv6 prefixes or am I wrong in this. And if Cisco sends both unlabelled and labelled prefixes, is there a way to make it send only ipv6 prefixes?
Thanks
Mukundh -
BGP Next-hop conflict with MPLS Label.
Hi, Experts
Equipment: Cisco ASR9922, IOS-XR 4.3.2
Issue: I have problem that my RR do the next-hop-self by using route-policy for client routers, the next-hop is changed as intended but the MPLS label doesn’t changed to reflect the new next-hop.
What I would like to achieve: I would like RR to set next-hop-self only for selected prefixes(172.168.0.0/24, 0.0.0.0/0) but maintain original next-hop for the rest, I do this by using route-policy.
Detail:
I have routers running MPLS infrastructure with ASR9922 as an RR. RN router is in neighbor-group RN and CPE-xx routers are in neighbor-group AN.
•- Every routers are in same BGP AS64549.
•- RN sends prefixes 0.0.0.0/0 and 172.168.0.0/24 to RR.
•- CPE-25 sends prefix 192.168.25.1/32 to RR.
Neighbor-group AN has the route-policy AN-OUT2 to set next-hop of prefix 172.168.0.0/24 and 0.0.0.0/0 to RR#loopback1 before send out update to CPE routers. Below is BGP and RPL configuration at RR.
router bgp 64549
nsr
bgp graceful-restart
ibgp policy out enforce-modifications
address-family vpnv4 unicast
additional-paths receive
additional-paths send
additional-paths selection route-policy ADD-PATH-iBGP
retain route-target all
neighbor-group AN
remote-as 64549
cluster-id 172.16.1.11
update-source Loopback1
address-family vpnv4 unicast
route-reflector-client
route-policy AN-OUT2 out
soft-reconfiguration inbound
route-policy AN-OUT2
if destination in DEFAULT or destination in RNC then
set next-hop 192.168.10.11
else
pass
endif
end-policy
This is what RR advertises to CPE-24
RP/0/RP0/CPU0:RR#show bgp vpnv4 unicast neighbors 192.168.10.24 advertised-routes
Fri Dec 20 15:23:14.931 BKK
Network Next Hop From AS Path
Route Distinguisher: 64549:3339
0.0.0.0/0 192.168.10.11 172.16.1.1 ?
172.16.1.2 ?
172.168.0.0/24 192.168.10.11 172.16.1.1 ?
172.16.1.2 ?
192.168.0.1/32 192.168.10.11 192.168.10.24 i
192.168.0.26/32 192.168.10.26 192.168.10.26 i
192.168.25.1/32 192.168.10.25 192.168.10.25 i
192.168.211.8/30 192.168.10.22 192.168.10.22 i
The IP part works as intended but MPLS Label doesn’t work as intended. Please take a look at RN who is originates 172.168.0.0/24, label 16025 is locally assigned.
RP/0/RP0/CPU0:RN1#show bgp vpnv4 unicast labels
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 64549:3339 (default for vrf VLAN3339)
*> 0.0.0.0/0 0.0.0.0 nolabel 16025
* i 172.16.1.11 16068 16025
* i 172.16.1.13 16033 16025
*> 172.168.0.0/24 0.0.0.0 nolabel 16025
* i 172.16.1.11 16059 16025
* i 172.16.1.13 16024 16025
172.168.0.0/24 at RR, label 16059 is locally assigned, label 16025 is receive from RN router. It should send 172.168.0.0/24 with label 16059 to CPE-24 to reflect next-hop changed.
RP/0/RSP0/CPU0:RR#show bgp vpnv4 unicast labels
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 64549:3339
*>i0.0.0.0/0 172.16.1.1 16025 16068
* i 172.16.1.2 16007 16068
*>i172.168.0.0/24 172.16.1.1 16025 16059
* i 172.16.1.2 16007 16059
*>i192.168.0.1/32 192.168.10.24 131070 16060
*>i192.168.25.1/32 192.168.10.25 131070 16062
*>i192.168.211.8/30 192.168.10.22 131070 16065
What I found at CPE-24 which is Alcatel router is that, RR send prefix 172.168.0.0/24, nh 192.168.10.11 with label 16025 which is incorrect.
A:CPE-24# show router bgp routes vpn-ipv4 172.168.0.0/24
===============================================================================
BGP Router ID:192.168.10.24 AS:64549 Local AS:64549
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
Origin codes : i - IGP, e - EGP, ? - incomplete, > - best, b - backup
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop Path-Id VPNLabel
As-Path
u*>? 64549:3339:172.168.0.0/24 100 0
192.168.10.11 None 16025
No As-Path
Routes : 1
===============================================================================
On RR If I just remove the policy and do the next-hop-self under vpv4 address family, CPE-24 will get corrent nh with correct label(16059) but that won’t achieve our requirement to change nh only on selected prefixes. Is this software problem? Or is there any solution to work around?
Regard,
MaritHello Marit,
I am able to recreate this in the lab, and unfortunately this scenario is not supported. BGP does not advertise allocated label if we set nexhop using route policy. The only way is by next-hop-self configured on RR, and yes it eventually will applies to all prefixes advertised to neighbor-group AN. Currently i do not have workaround available.
Below is the capture of what i have tested in the lab:
The topology:
CRS-4-02 ---------- CRS-8-01 ------------ ASR-9006-1
CRS-8-01 is Route-reflector of CRS-4-02 and ASR-9006-1.
CRS-4-02 advertise some prefixes.
This issue occurs when RR have route-policy toward ASR-9006-1, where it assign incorrect label. But it assign correct label if CRS-8-01 use next-hop-self.
Below is the test done in the lab if RR use next-hop-self:
RP/0/RP0/CPU0:CRS-4-02#show run router bgp
Tue Jan 7 08:16:18.945 UTC
router bgp 1
bgp router-id 172.16.4.1
ibgp policy out enforce-modifications
address-family ipv4 unicast
address-family vpnv4 unicast
neighbor 172.16.8.3
remote-as 1
update-source Loopback0
address-family ipv4 unicast
address-family vpnv4 unicast
route-policy PASS in
route-policy PASS out
vrf RTAMAELA
rd 100:1
address-family ipv4 unicast
redistribute connected
RP/0/RP0/CPU0:CRS-4-02#show bgp vpnv4 unicast advertised summary
Tue Jan 7 08:16:29.001 UTC
Network Next Hop From Advertised to
Route Distinguisher: 100:1
78.22.11.2/32 172.16.4.1 Local 172.16.8.3
78.22.11.3/32 172.16.4.1 Local 172.16.8.3
93.22.15.61/32 172.16.4.1 Local 172.16.8.3
RP/0/RP0/CPU0:CRS-4-02#
RP/0/RP0/CPU0:CRS-4-02#show bgp vpnv4 unicast labels
Tue Jan 7 08:16:53.655 UTC
BGP router identifier 172.16.4.1, local AS number 1
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0
BGP main routing table version 57
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 100:1 (default for vrf RTAMAELA)
*>i22.51.32.77/32 172.16.8.3 16056 nolabel
*> 78.22.11.2/32 0.0.0.0 nolabel 16003
*> 78.22.11.3/32 0.0.0.0 nolabel 16003
*> 93.22.15.61/32 0.0.0.0 nolabel 16003
Processed 4 prefixes, 4 paths
RP/0/RP0/CPU0:CRS-4-02#
RP/0/RP1/CPU0:CRS-8-01#show run router bgp
Wed Jan 8 11:07:05.436 UTC
router bgp 1
bgp graceful-restart
ibgp policy out enforce-modifications
address-family ipv4 unicast
allocate-label all
address-family vpnv4 unicast
retain route-target all
neighbor-group AN
remote-as 1
update-source Loopback0
address-family vpnv4 unicast
route-reflector-client
next-hop-self <-- use next-hop-self toward ASR-9006-1
soft-reconfiguration inbound
neighbor-group RN
remote-as 1
update-source Loopback0
graceful-restart
address-family vpnv4 unicast
route-reflector-client
next-hop-self
soft-reconfiguration inbound
neighbor 10.10.10.10
remote-as 1
address-family ipv4 unicast
neighbor 72.15.48.5
use neighbor-group AN
neighbor 172.16.4.1
use neighbor-group RN
RP/0/RP1/CPU0:CRS-8-01#show bgp vpnv4 unicast labels
Wed Jan 8 11:07:09.091 UTC
BGP router identifier 172.16.8.3, local AS number 1
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 344169
BGP main routing table version 92
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 100:1
*>i22.51.32.77/32 72.15.48.5 16000 16056
*>i78.22.11.2/32 172.16.4.1 16003 16053
*>i78.22.11.3/32 172.16.4.1 16003 16054
*>i93.22.15.61/32 172.16.4.1 16003 16055
Processed 4 prefixes, 4 paths
RP/0/RP1/CPU0:CRS-8-01#
RP/0/RSP1/CPU0:ASR-9006-01#show run router bgp
Wed Jan 8 17:02:02.796 UTC
router bgp 1
bgp router-id 72.15.48.5
bgp graceful-restart
ibgp policy out enforce-modifications
address-family ipv4 unicast
address-family vpnv4 unicast
retain route-target all
neighbor-group RR
remote-as 1
update-source Loopback0
graceful-restart
address-family vpnv4 unicast
route-reflector-client
soft-reconfiguration inbound
neighbor 172.16.8.3
use neighbor-group RR
neighbor 192.169.1.2
remote-as 1
update-source Loopback0
address-family vpnv4 unicast
route-policy PASS in
route-policy PASS out
vrf RTAMAELA
rd 100:1
address-family ipv4 unicast
redistribute connected
RP/0/RSP1/CPU0:ASR-9006-01#show bgp vpnv4 unicast labels
Wed Jan 8 17:02:04.381 UTC
BGP router identifier 72.15.48.5, local AS number 1
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 253825
BGP main routing table version 126
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 100:1 (default for vrf RTAMAELA)
*> 22.51.32.77/32 0.0.0.0 nolabel 16000
*>i78.22.11.2/32 172.16.8.3 16053 nolabel <== 172.16.8.3 is the loopback address of CRS-8-01
*>i78.22.11.3/32 172.16.8.3 16054 nolabel
*>i93.22.15.61/32 172.16.8.3 16055 nolabel
Processed 4 prefixes, 4 paths
RP/0/RSP1/CPU0:ASR-9006-01#
From output above we can see that ASR-9006-01 received correct label for each prefix.
Below is the output with route-policy configured and ASR-9006-01 receive incorrect label:
RP/0/RP1/CPU0:CRS-8-01#show run router bgp
Wed Jan 8 11:04:46.310 UTC
router bgp 1
bgp graceful-restart
ibgp policy out enforce-modifications
address-family ipv4 unicast
allocate-label all
address-family vpnv4 unicast
retain route-target all
neighbor-group AN
remote-as 1
update-source Loopback0
address-family vpnv4 unicast
route-reflector-client
route-policy RTAMAELA out
soft-reconfiguration inbound
neighbor-group RN
remote-as 1
update-source Loopback0
graceful-restart
address-family vpnv4 unicast
route-reflector-client
next-hop-self
soft-reconfiguration inbound
neighbor 72.15.48.5
use neighbor-group AN
neighbor 172.16.4.1
use neighbor-group RN
RP/0/RP1/CPU0:CRS-8-01#show run route-policy RTAMAELA
Wed Jan 8 11:16:06.847 UTC
route-policy RTAMAELA
if destination in RNC then
set next-hop 172.16.8.3
else
pass
endif
end-policy
RP/0/RP1/CPU0:CRS-8-01#show run prefix-set RNC
Wed Jan 8 11:16:12.099 UTC
prefix-set RNC
78.22.11.3/32
end-set
RP/0/RP1/CPU0:CRS-8-01#show bgp vpnv4 unicast labels
Wed Jan 8 11:04:33.512 UTC
BGP router identifier 172.16.8.3, local AS number 1
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 344013
BGP main routing table version 92
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 100:1
*>i22.51.32.77/32 72.15.48.5 16000 16056
*>i78.22.11.2/32 172.16.4.1 16003 16053
*>i78.22.11.3/32 172.16.4.1 16003 16054
*>i93.22.15.61/32 172.16.4.1 16003 16055
Processed 4 prefixes, 4 paths
RP/0/RP1/CPU0:CRS-8-01#
RP/0/RSP1/CPU0:ASR-9006-01#show run router bgp
Wed Jan 8 16:59:41.601 UTC
router bgp 1
bgp router-id 72.15.48.5
bgp graceful-restart
ibgp policy out enforce-modifications
address-family ipv4 unicast
address-family vpnv4 unicast
retain route-target all
neighbor-group RR
remote-as 1
update-source Loopback0
graceful-restart
address-family vpnv4 unicast
route-reflector-client
soft-reconfiguration inbound
neighbor 172.16.8.3
use neighbor-group RR
neighbor 192.169.1.2
remote-as 1
update-source Loopback0
address-family vpnv4 unicast
route-policy PASS in
route-policy PASS out
vrf RTAMAELA
rd 100:1
address-family ipv4 unicast
redistribute connected
RP/0/RSP1/CPU0:ASR-9006-01#show bgp ipv4 unicast labels
Wed Jan 8 16:59:52.173 UTC
RP/0/RSP1/CPU0:ASR-9006-01#show bgp vpnv4 unicast labels
Wed Jan 8 17:00:00.457 UTC
BGP router identifier 72.15.48.5, local AS number 1
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 253701
BGP main routing table version 123
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 100:1 (default for vrf RTAMAELA)
*> 22.51.32.77/32 0.0.0.0 nolabel 16000
*>i78.22.11.2/32 172.16.4.1 16003 nolabel
*>i78.22.11.3/32 172.16.8.3 16003 nolabel <-- It receive label 16003, which is wrong. it should receive label 16054.
*>i93.22.15.61/32 172.16.4.1 16003 nolabel
Processed 4 prefixes, 4 paths
RP/0/RSP1/CPU0:ASR-9006-01#
Rivalino -
BGP default route advertisement - change preference
hi guys,
I would appreciate some assistance here. We have a primary head office & a DR site. Routers at both sites connect to our carrier for an IP VPN service using BGP. BGP configs on each router advertise a default route 0.0.0.0.
#sh ip bgp neighbors x.x.x.x advertised-routes
BGP table version is 358, local router ID is x.x.x.x
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Originating default network 0.0.0.0
Issue is, some of our remote sites prefer the DR router path for traffic destined to internet.
We are advertising multiple default routes to our carrier, and based on feedback from carrier, route with lowest MED is preferred.
This brings me to what i need to change from my side. Need to change the route preference so that from our remote offices, only the route to head office is preferred with DR site the least preferred route. I know there are multliple ways of doing this, however keen to get input from the experts out there.
DR site router has this BGP config currently applied:
router bgp XXXXX
bgp log-neighbor-changes
redistribute connected
redistribute ospf 1 match internal external 1 external 2
neighbor x.x.x.x remote-as XXXX
neighbor x.x.x.x default-originate
neighbor x.x.x.x soft-reconfiguration inbound
neighbor x.x.x.x route-map IMPORT-POLICY in
neighbor x.x.x.x route-map OPI-route-advertisement out
default-information originate
Removing the "neighbor x.x.x.x default-originate" is not an option, as we need to have the ability to failover to DR at any point.
Thanks in advance & if you need any further info pls advise.
RamaHi Milan,
Thanks. Answers below:
Does it provide an MPLS backbone to you? YES
Are you using the same AS number on all your sites or different ones? Same AS
Any way, what about advertising the default route from your DR site with the site AS number prepended several times (5 times, e.g.)? That's the thing I am struggling to understand as the route-map OPI-route-advertisement already has it prepended 2 times. Shouldn't that be enough to influence which route is least preferred?
route-map OPI-route-advertisement permit 20
match ip address prefix-list xxx default-route
set as-path prepend XXXXX XXXXX
If your provider would permit that and hasn't configured his routers to ignore the AS_PATH length (as him a question), it should make the default route advertised from your DR less preferred within your backbone. Will ask.
Given this, any other thoughts/questions?
Thanks, Rama -
BGP Advertised Routes two Peering
Dear all
I have issue with BGP behaviour. I have two BGP peering; from both I receive default route, but one of them,
AS 65472 is primary so I setup local preference in 200; it is because I want to use AS 65472 as internet
provider. The another one, AS 65472 is used as secundary internet access, but for internal network (private) is
used as primary. The issue is when try ping from LAN, can not reach internal network, seems to be that
becuase Local preference is setup within AS65472 and the packet try to go thru AS 65472 because local prefeence 200,
but I need that internal network go thru AS 65471.
I am sure that I am advertising network as I expect, but when is running BGP for both peering, it fails.
Here are go output for this situation:
7204VXR-SCT#sh ip bgp neighbors 172.16.40.37 received-routes
Network Next Hop Metric LocPrf Weight Path
* i0.0.0.0 172.16.40.37 0 100 0 i
Total number of prefixes 1
7204VXR-SCT#sh ip bgp neighbors 172.16.40.37 advertised-routes
Network Next Hop Metric LocPrf Weight Path
*> 10.10.200.0/30 0.0.0.0 0 32768 i
*> 10.30.24.0/21 172.16.40.4 0 32768 i
*> 172.16.17.0/24 172.16.40.5 0 32768 i
*> 172.16.211.0/24 0.0.0.0 0 32768 i
*> 172.18.56.16/29 0.0.0.0 0 32768 i
*> 172.30.100.18/32 0.0.0.0 0 32768 i
*> 172.31.0.20/30 0.0.0.0 0 32768 i
7204VXR-SCT#sh ip bgp neighbors 190.97.254.241 received-routes
Network Next Hop Metric LocPrf Weight Path
* 0.0.0.0 190.97.254.241 0 65472 i
Total number of prefixes 1
Network Next Hop Metric LocPrf Weight Path
*> 190.153.116.0/22 172.16.40.4 0 32768 i
*> 190.153.120.0/22 172.16.40.4 0 32768 i
*> 190.153.124.0/24 172.16.40.37 10 32768 i
router bgp 65471
bgp log-neighbor-changes
neighbor externalBGP peer-group
neighbor externalBGP remote-as 65472
neighbor externalBGP version 4
neighbor internalBGP-SCT peer-group
neighbor internalBGP-SCT remote-as 65471
neighbor internalBGP-SCT version 4
neighbor 172.16.40.37 peer-group internalBGP-SCT
neighbor 190.97.254.241 peer-group viginet
address-family ipv4
neighbor externalBGPsoft-reconfiguration inbound
neighbor externalBGProute-map viginet-in in
neighbor externalBGProute-map viginet-out out
neighbor internalBGP-SCT soft-reconfiguration inbound
neighbor internalBGP-SCT route-map internalBGP-SCT-out out
neighbor 172.16.40.37 activate
neighbor 190.97.254.241 activate
no auto-summary
no synchronization
network 10.10.200.0 mask 255.255.255.252
network 10.30.24.0 mask 255.255.248.0
network 172.16.17.0 mask 255.255.255.0
network 172.16.40.0 mask 255.255.255.0
network 172.16.211.0 mask 255.255.255.0
network 172.18.56.16 mask 255.255.255.248
network 172.30.100.18 mask 255.255.255.255
network 172.31.0.20 mask 255.255.255.252
network 190.153.116.0 mask 255.255.252.0
network 190.153.120.0 mask 255.255.252.0
network 190.153.124.0 mask 255.255.255.0
exit-address-family
ip route 172.16.40.36 255.255.255.252 Null0 250
ip route 190.153.116.0 255.255.252.0 172.16.40.4
ip route 190.153.120.0 255.255.252.0 172.16.40.4
ip prefix-list invalidas seq 10 permit 172.16.40.0/24
ip prefix-list invalidas seq 15 permit 10.30.24.0/21
ip prefix-list invalidas seq 20 permit 172.16.211.0/24
ip prefix-list invalidas seq 25 permit 172.18.56.16/29
ip prefix-list invalidas seq 30 permit 172.30.100.18/32
ip prefix-list invalidas seq 35 permit 10.10.200.0/30
ip prefix-list invalidas seq 40 permit 172.16.17.0/24
ip prefix-list invalidas seq 45 permit 172.31.0.20/30
ip access-list standard viginet-100
permit 190.153.116.0 0.0.3.255
permit 190.153.120.0 0.0.3.255
permit 190.153.124.0 0.0.0.255
route-map externalBGP-out permit 10
match ip address viginet-100
route-map externalBGP-in permit 10
set local-preference 200
route-map internalBGP-SCT-out permit 10
match ip address prefix-list invalidasHello.
If you want your internal network to go through peer 65471 (to 0.0.0.0/0), then why do you need AS 65472?
Could you please provide "show ip bgp 0.0.0.0/0"? -
Does a route-policy override BGP split-horizon rule in IOS-XR?
If I receive a default route from a non-client, can I turn around and send it to another non client if I have the following applied to the non-client?
prefix-set send-default
0.0.0.0/0
end-set
route-policy DEFAULT-POLICY
if destination in send-default then
pass
else
drop
endif
end-policy
neighbor-group BLAH
remote-as XXXXX
password encrypted XXXXXXX
description iBGP to Decryptors
update-source Loopback0
address-family ipv4 unicast
route-policy DEFAULT-POLICY out
soft-reconfiguration inbound always
neighbor X.X.X.X
use neighbor-group BLAH
endHi Carlopez,
For BGP to inject a default rotue you need the "default-information originate" command, unfortunately, you can't redistribute or regenerate a route via the RPL method you described.
regards
xander -
Hi All...
I have this topology:
CE2-->PE1-->P--->PE2-->CE2
.............\-->PE3-->CE2
In router "P" I want to configure MP-BGP, but I have many doubts with configurations this router. I need to do route-reflector too.
Anybody can help me?
CLRGomesThanks, look my configuration:
Router P
router bgp 65500
no synchronization
no bgp default route-target filter
bgp log-neighbor-changes
neighbor MPLS peer-group
neighbor MPLS remote-as 65500
neighbor MPLS ebgp-multihop 255
neighbor MPLS update-source Loopback0
neighbor MPLS route-reflector-client
neighbor MPLS allowas-in
neighbor MPLS soft-reconfiguration inbound
neighbor 10.10.10.2 peer-group MPLS
neighbor 10.10.10.3 peer-group MPLS
neighbor 10.10.10.4 peer-group MPLS
no auto-summary
address-family vpnv4
neighbor MPLS route-reflector-client
neighbor MPLS send-community both
neighbor 10.10.10.2 activate
neighbor 10.10.10.3 activate
neighbor 10.10.10.4 activate
exit-address-family
ok...working perfect, I did MP-BGP between PE routers and I configured RDs differents too...
Later I did between PE->CE with OSPF and working too, loadshare working.
Thanks a lot
CLRGomes
CCIE R&S -
Hello,
I am trying to understand the following. I have a PE(7200-SF02) router peering with 10 other PE routers and one E-BGP, all these routers are sending a default route to each other, but this router only shows 2 learned routes in the RIB-IN:
7200-SF02#show ip bgp v v vrfData 0.0.0.0
BGP routing table entry for 100:3:0.0.0.0/0, version 1007
Paths: (3 available, best #2, table vrfData)
Advertised to peer-groups:
mbgp-ut mbgp-sf
P1 P2, imported path from 100:1:0.0.0.0/0
10.0.0.3 (metric 2) from 10.0.0.3 (10.0.0.3)
Origin IGP, metric 0, localpref 100, valid, internal
Extended Community: RT:100:1,
mpls labels in/out 142/98
26749 3356
69.x.x.x from 69.x.x.x (x.x.x.x)
Origin IGP, localpref 100, valid, external, best
Extended Community: RT:100:1,
mpls labels in/out 142/nolabel
P1 P2, (received-only)
x.x.x.x from x.x.x.x (x.x.x.x)
Origin IGP, localpref 100, valid, external,
mpls labels in/out 142/nolabel
On another router which has the same peerings and route targets I show:
7200-SF04#show ip bgp v v vrfData 0.0.0.0
BGP routing table entry for 100:1:0.0.0.0/0, version 333461
Paths: (12 available, best #11, table vrfData)
Advertised to peer-groups:
mbgp-ut mbgp-sf
P1 P2, imported path from 100:3:0.0.0.0/0
10.0.0.2 (metric 2) from 10.0.0.2 (10.0.0.2)
Origin IGP, metric 0, localpref 100, valid, internal
Community: no-export
Extended Community: RT:100:1,
mpls labels in/out 212/142
P1 P2
10.0.0.4 (metric 2) from 10.0.0.4 (10.0.0.4)
Origin IGP, metric 0, localpref 100, valid, internal
Community: no-export
Extended Community: RT:100:1,
mpls labels in/out 212/206
P1 2828
10.0.0.5 (metric 5) from 10.0.0.5 (10.0.0.5)
Origin IGP, metric 0, localpref 100, valid, internal
Extended Community: RT:100:1,
mpls labels in/out 212/66
P1 2828
10.0.0.6 (metric 5) from 10.0.0.6 (10.0.0.6)
Origin IGP, metric 0, localpref 100, valid, internal
Extended Community: RT:100:1,
mpls labels in/out 212/254
P1 2828
10.0.0.10 (metric 4) from 10.0.0.10 (10.0.0.10)
Origin IGP, metric 0, localpref 100, valid, internal
Extended Community: RT:100:1,
mpls labels in/out 212/123
P1 2828
10.0.0.1 (metric 4) from 10.0.0.1 (10.0.0.1)
Origin IGP, metric 0, localpref 100, valid, internal
Extended Community: RT:100:1,
mpls labels in/out 212/121
P1 P2
CUT OUTPUT DUE TO LIMIT
I see the other routers sending this:
200-SF04#show ip bgp v a neighbors 10.0.0.2(SF02) advertised-routes
BGP table version is 333779, local router ID is 10.0.0.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf vrfData)
*> 0.0.0.0 xxxxxx 0 P1 P2 i
The only difference is that they have a different route distinguisher, but don't know how the RD is relevant since the route targets are the same and the RD are only locally significant.
This routers are running the same version.
TIANo filtering going on.
show ip bgp v a summ
BGP router identifier 10.0.0.2, local AS number 65520
BGP table version is 1522, main routing table version 1522
788 network entries using 95348 bytes of memory
926 path entries using 59264 bytes of memory
157 BGP path attribute entries using 9420 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
1 BGP community entries using 24 bytes of memory
100 BGP extended community entries using 3888 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 167992 total bytes of memory
1 received paths for inbound soft reconfiguration
BGP activity 903/115 prefixes, 1104/178 paths, scan interval 15 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.0.0.1 4 65520 1707 1810 1522 0 0 1d04h 7
10.0.0.3 4 65520 1706 1836 1522 0 0 1d04h 3
10.0.0.4 4 65520 1780 1836 1522 0 0 1d04h 117
10.0.0.5 4 65520 1783 1810 1522 0 0 1d04h 92
10.0.0.6 4 65520 1745 1810 1522 0 0 1d04h 99
10.0.0.7 4 65520 1789 1836 1522 0 0 1d04h 81
10.0.0.8 4 65520 1761 1836 1522 0 0 1d04h 98
10.0.0.9 4 65520 1706 1836 1522 0 0 1d04h 3
10.0.0.10 4 65520 1707 1810 1522 0 0 1d04h 7
10.0.0.11 4 65520 1735 1836 1522 0 0 1d04h 23
x.x.x.x.7 4 xxxx 1705 1778 1522 0 0 1d04h 1
Which part of the config. is relevant?
Only difference is that the RD on that particular vrf is different.
router bgp 65520
no synchronization
bgp log-neighbor-changes
neighbor mbgp-ut peer-group
neighbor mbgp-ut remote-as 65520
neighbor mbgp-ut update-source Loopback0
neighbor mbgp-ut soft-reconfiguration inbound
neighbor mbgp-sf peer-group
neighbor mbgp-sf remote-as 65520
neighbor mbgp-sf update-source Loopback0
neighbor mbgp-sf soft-reconfiguration inbound
neighbor 10.0.0.1 peer-group mbgp-ut
neighbor 10.0.0.3 peer-group mbgp-sf
neighbor 10.0.0.4 peer-group mbgp-sf
neighbor 10.0.0.5 peer-group mbgp-ut
neighbor 10.0.0.6 peer-group mbgp-ut
neighbor 10.0.0.7 peer-group mbgp-sf
neighbor 10.0.0.8 peer-group mbgp-sf
neighbor 10.0.0.9 peer-group mbgp-sf
neighbor 10.0.0.10 peer-group mbgp-ut
neighbor 10.0.0.11 peer-group mbgp-sf
no auto-summary
address-family vpnv4
neighbor mbgp-ut send-community both
neighbor mbgp-sf send-community both
neighbor mbgp-sf route-map noexport out
neighbor 10.0.0.1 activate
neighbor 10.0.0.3 activate
neighbor 10.0.0.4 activate
neighbor 10.0.0.5 activate
neighbor 10.0.0.6 activate
neighbor 10.0.0.7 activate
neighbor 10.0.0.8 activate
neighbor 10.0.0.9 activate
neighbor 10.0.0.10 activate
neighbor 10.0.0.11 activate
exit-address-family
address-family ipv4 vrf vrfData
redistribute static
redistribute ospf 101 match internal external 1 external 2 route-map igp2bgp
neighbor x.x.x.7 remote-as xxxxx
neighbor x.x.x.7 activate
neighbor x.x.x.7 soft-reconfiguration inbound
neighbor x.x.x.7 route-map metric out
no auto-summary
no synchronization
exit-address-family
All of my neighbors are sending a default, but I am only receiving the one from 10.0.0.3 and the peer on vrfData -
BGP4 Session Goes Down receiving FULL Routers from providers
BGP4 Session Goes Down receiving FULL Routers from providers
CONF
router bgp 22999
no synchronization
bgp log-neighbor-changes
bgp maxas-limit 254
network 196.12.173.0
aggregate-address 196.12.173.0 255.255.255.0 summary-only
neighbor 64.247.171.17 remote-as 11992
neighbor 64.247.171.17 version 4
neighbor 64.247.171.17 soft-reconfiguration inbound
neighbor 64.247.171.17 distribute-list ramallo_in in
neighbor 64.247.171.17 distribute-list ramallo_out out
neighbor 196.12.168.202 remote-as 11367
neighbor 196.12.168.202 ebgp-multihop 2
neighbor 196.12.168.202 version 4
neighbor 196.12.168.202 next-hop-self
neighbor 196.12.168.202 soft-reconfiguration inbound
neighbor 196.12.168.202 distribute-list ramallo_out out
SHOW VERSION
Router# show ver
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M3, REL
EASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Sun 18-Jul-10 03:32 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M9, RELEASE SOFTWARE (fc1)
Router uptime is 1 week, 10 hours, 11 minutes
System returned to ROM by power-on
System image file is "flash0:c2900-universalk9-mz.SPA.150-1.M3.bin"
Last reload type: Normal Reload
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco CISCO2911/K9 (revision 1.0) with 483328K/40960K bytes of memory.
Processor board ID FTX1445A1W4
3 Gigabit Ethernet interfaces
2 Serial interfaces
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
SHOW LOG
*Sep 21 21:58:09.107: %BGP-3-NOTIFICATION: sent to neighbor 196.12.168.202 3/1 (
update malformed) 0 bytes
*Sep 21 21:58:09.107: %BGP-4-MSGDUMP: unsupported or mal-formatted message recei
ved from 196.12.168.202:
FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 00BB 0200 0000 2440 0101 0040 0216 0205
0000 2C67 0000 392E 0000 329C 0000 4BE5 0000 6D21 4003 04C4 0CA8 CA18 BE61 8B18
BE61 9818 BE61 9118 BE61 8F18 BE61 8318 BE61 9F18 BE61 9718 BE61 9618 BE61 9918
BE61 9E18 BE61 9C18 BE61 9B18 BE61 9D18 BE61 8C18 BE61 8118 BE61 9318 BE61 8E18
BE61 9418 BE61 9518 BE61 9A18 BE61 8218 BE61 8D18 BE61 9218 BE61 8918 BE61 8618
BE61 8518 BE61 8818 BE61 8A18 BE61 8718 BE61 8418 BE61 8018 BE61 90
*Sep 21 21:58:09.107: %BGP-4-BGP_OUT_OF_MEMORY: BGP resetting because of memory
exhaustion.
*Sep 21 21:58:19.895: %BGP-5-ADJCHANGE: neighbor 64.247.171.17 Down No memory
*Sep 21 21:58:19.895: %BGP_SESSION-5-ADJCHANGE: neighbor 64.247.171.17 IPv4 Unic
ast topology base removed from session No memory
*Sep 21 21:58:19.895: %BGP_SESSION-5-ADJCHANGE: neighbor 196.12.168.202 IPv4 Uni
cast topology base removed from session BGP Notification sent
*Sep 21 21:58:28.707: %BGP-5-ADJCHANGE: neighbor 64.247.171.17 Up
*Sep 21 21:58:31.267: %BGP-5-ADJCHANGE: neighbor 196.12.168.202 Up
*Sep 21 21:58:35.607: %SYS-5-CONFIG_I: Configured from console by vty0 (196.12.1
73.25)
*Sep 21 22:02:35.387: %SYS-2-MALLOCFAIL: Memory allocation of 65536 bytes failed
from 0x2342E9A8, alignment 0
Pool: Processor Free: 125144 Cause: Memory fragmentation
Alternate Pool: None Free: 0 Cause: No Alternate pool
-Process= "BGP Router", ipl= 0, pid= 239, -Traceback= 0x2340604Cz 0x23423490z
0x21AF2D38z 0x21AA5C80z 0x21AA5FB0z 0x21B63554z 0x21B63E58z 0x21AC7844z 0x21AC7D
04z 0x21AC83A8z
*Sep 21 22:02:35.387: %BGP-5-ADJCHANGE: neighbor 196.12.168.202 Down BGP Notific
ation sent
*Sep 21 22:02:35.387: %BGP-3-NOTIFICATION: sent to neighbor 196.12.168.202 3/1 (
update malformed) 0 bytes
*Sep 21 22:02:35.387: %BGP-4-MSGDUMP: unsupported or mal-formatted message recei
ved from 196.12.168.202:
FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 0061 0200 0000 3240 0101 0040 0216 0205
0000 2C67 0000 392E 0000 329C 0000 6D52 0000 1B89 4003 04C4 0CA8 CA40 0600 C007
0800 001B 89C8 3BC4 C618 C83D 1018 C83D 1A18 C83B 3C18 C829 D618 BA00 D417 BA00
D0
*Sep 21 22:02:35.387: %BGP-4-BGP_OUT_OF_MEMORY: BGP resetting because of memory
exhaustion.
*Sep 21 22:02:46.379: %BGP-5-ADJCHANGE: neighbor 64.247.171.17 Down No memory
*Sep 21 22:02:46.379: %BGP_SESSION-5-ADJCHANGE: neighbor 64.247.171.17 IPv4 Unic
ast topology base removed from session No memory
*Sep 21 22:02:46.379: %BGP_SESSION-5-ADJCHANGE: neighbor 196.12.168.202 IPv4 Uni
cast topology base removed from session BGP Notification sent
*Sep 21 22:03:00.319: %BGP-5-ADJCHANGE: neighbor 196.12.168.202 Up
*Sep 21 22:03:01.347: %BGP-5-ADJCHANGE: neighbor 64.247.171.17 Up
Router#
Any ideas?I have CISCO ASR 1002-X with 4 GB Memory. i have the same problem
BGP Session goes down.
here is the log
*Feb 25 06:03:06.571: %BGP-4-BGP_OUT_OF_MEMORY: BGP resetting because of memory exhaustion.
*Feb 25 06:03:07.968: %COMMON_FIB-4-DISABLING: IPv4 CEF is being disabled due to a fatal error.
*Feb 25 06:03:10.107: %BGP-5-ADJCHANGE: neighbor X.X.X.X Down No memory
*Feb 25 06:03:10.107: %BGP_SESSION-5-ADJCHANGE: neighbor X.X.X.X IPv4 Unicast topology base removed from session No memory
*Feb 25 06:03:10.107: %BGP-5-ADJCHANGE: neighbor X.X.X.X Down No memory
*Feb 25 06:03:10.107: %BGP_SESSION-5-ADJCHANGE: neighbor X.X.X.X IPv4 Unicast topology base removed from session No memory
*Feb 25 06:03:10.107: %BGP-5-ADJCHANGE: neighbor X.X.X.X Down No memory
*Feb 25 06:03:10.107: %BGP_SESSION-5-ADJCHANGE: neighbor X.X.X.X IPv4 Unicast topology base removed from session No memory
*Feb 25 06:04:22.732: %FIB-2-FIBDOWN: CEF has been disabled due to a low memory condition. It can be re-enabled by configuring "ip cef [distributed]" -
Hi,
I want to load share traffic for my two network segments. I have two routers with each internet circuit running BGP with two different ISPs(ISP- A & ISP-B). Also running IBGP between two routers. Since i have two /24 segments(not provided by ISP) so i want one segment to prefer via ISP A & other segment to prefer via ISP B. I have configured EBGP & IBGP and configured AS-path prepend but i see some asymmetric behaviour. Source traffic which prefer via ISP -A is going via it but incoming traffic is via ISP-B.
Pls suggest how this asymmetric behaviour could be fixed.Hi. Pls see below config. I have ASA configured with ip x.x.x.5 so while tracing from firewall to another location public ip(USA) trace goes to router-A via ISP-A. But when do trace from USA to ASA it goes through ISP-B.
Router-A#
router bgp 132965
bgp log-neighbor-changes
neighbor 14.140.191.181 remote-as 4755 --- ISP- A
neighbor X.X.X.18 remote-as 132965 ---- IBGP
address-family ipv4
network X.X.X.0 mask 255.255.255.0
network Y.Y.Y.0 mask 255.255.255.0
neighbor 14.140.191.181 activate
neighbor 14.140.191.181 soft-reconfiguration inbound
neighbor 14.140.191.181 route-map BGP-add out
neighbor 14.140.191.181 maximum-prefix 1000 1
neighbor X.X.X.18 activate
neighbor X.X.X.18 next-hop-self
neighbor X.X.X.18 soft-reconfiguration inbound
exit-address-family
ip route X.X.X.0 255.255.255.0 Null0 254
ip route Y.Y.Y.0 255.255.255.0 X.X.X.5 name DMZ
ip prefix-list BGP-236 seq 5 permit X.X.X.0/24
ip prefix-list BGP-237 seq 5 permit Y.Y.Y.0/24
route-map BGP-add permit 5
match ip address prefix-list BGP-236
route-map BGP-add permit 10
match ip address prefix-list BGP-237
set as-path prepend 132965 132965 132965 132965
===========================================================
Router-B#
router bgp 132965
bgp log-neighbor-changes
redistribute connected
network X.X.X.0 mask 255.255.255.0
network Y.Y.Y.0 mask 255.255.255.0
neighbor X.X.X.17 remote-as 132965 --- IBGP
neighbor X.X.X.17 next-hop-self
neighbor X.X.X.17 soft-reconfiguration inbound
neighbor 125.19.48.121 remote-as 9498 --- ISP-B
neighbor 125.19.48.121 soft-reconfiguration inbound
neighbor 125.19.48.121 route-map BGP-bhar out
neighbor 125.19.48.121 maximum-prefix 1000 1
ip route Y.Y.Y.0 255.255.255.0 X.X.X.5 name DMZ
ip prefix-list BGP-236 seq 5 permit X.X.X.0/24
ip prefix-list BGP-237 seq 5 permit Y.Y.Y.0/24
route-map BGP-bhar permit 5
match ip address prefix-list BGP-237
route-map BGP-bhar permit 10
match ip address prefix-list BGP-236
set as-path prepend 132965 132965 132965 132965 -
BGP, VRF and PBR ("set vrf")
Hi networkers!
Requirements:
- 2 locations (OFFICE, DC) in the same town
- each having two active WAN connections (carrying individual routing domains): The default Any2Any WAN (where several other locations are connected to) and a client specific MC WAN.
- There is a high speed "metro" connection between the locations
- Targets of MC WAN must only be available from a dedicated "MC LAN" network segment
- The default route of "MC LAN" is into Any2Any. Some specific routes coming from MC WAN will overrule A2A routes
- By default, all locally generated traffic should leave into the local WAN links
- In case of a local fault, the locally generated traffic should go via "metro" link into the remote WAN links.
- Traffic between office and DC has to use the metro link.
Hardware: Cat 4500X in VSS configuration at both locations acting as router.
The challenge is with the "MC LAN" that should be fully integrated into A2A routing (communicating locally with devices in other LAN segments and remotely with other sites) but it should also communicate with some special targets of the MC WAN that all other LAN segments must not see.
The general solution that I found is to set the "MC LAN segment" into the GRT but apply "ip vrf receive VRF_MC" and "set vrf VRF_MC" as PBR for targets that should be reached via MC-WAN. It is makes me a little unhappy, that I have to configure a static PBR "routing" because the MC routes are already available by BGP within VRF_MC. But I have tested several other solutions (route leackage e.g.). But they did not work (route leakage for example is not possible on-device between VLANs but only between physical ports).
I put in here only the OFFICE part of the configuration. At the DC there is no "MC LAN" only "MC WAN" which is fully isolated by VRF.
We create two transfer networks at each side. One for the Metro and one for the WAN and start BGP sessions with the neighbors. Failover is guaranteed by longer AS-PATH:
vrf definition VRF_MC
description MC routing domain
rd 65500:1
address-family ipv4
exit-address-family
interface Vlan3
description MC Office
ip vrf receive VRF_MC
ip address 1.40.1.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip policy route-map MC_PBR_VRF
interface Vlan30
description WAN A2A transfer (partner 2.2.2.18 // remote-as 65293 - local AS 65502)
ip address 2.2.2.21 255.255.255.240
interface Vlan31
description WAN MC(partner 2.2.2.50 // remote-as 65293 - local AS 65502)
vrf forwarding VRF_MC
ip address 2.2.2.53 255.255.255.240
interface Vlan34
description Metro A2A transfer (partner 3.3.3.69 remote-as 65503)
ip address 3.3.3.66 255.255.255.240
interface Vlan36
description Metro MC transfer (partner 3.3.3.85 remote-as 65503)
vrf forwarding VRF_MC
ip address 3.3.3.82 255.255.255.240
router bgp 65502
bgp always-compare-med
bgp log-neighbor-changes
network 1.40.1.0 mask 255.255.255.0 <-- MC LAN
network 1.1.192.0 mask 255.255.248.0 <-- other Office LAN segments below
network 1.1.200.0 mask 255.255.248.0
network 1.1.208.0 mask 255.255.248.0
neighbor 2.2.2.18 remote-as 65293
neighbor 2.2.2.18 description to_A2A_WAN
neighbor 2.2.2.18 version 4
neighbor 2.2.2.18 remove-private-as
neighbor 2.2.2.18 soft-reconfiguration inbound
neighbor 2.2.2.18 prefix-list BGP_A2A_out out
neighbor 3.3.3.69 remote-as 65503
neighbor 3.3.3.69 description A2A_Metro_to_DC
neighbor 3.3.3.69 update-source Vlan34
neighbor 3.3.3.69 version 4
neighbor 3.3.3.69 soft-reconfiguration inbound
address-family ipv4 vrf VRF_MC
network 1.40.1.0 mask 255.255.255.0 <-- MC LAN
neighbor 2.2.2.50 remote-as 65293
neighbor 2.2.2.50 description to_MC_WAN
neighbor 2.2.2.50 version 4
neighbor 2.2.2.50 activate
neighbor 2.2.2.50 remove-private-as
neighbor 2.2.2.50 soft-reconfiguration inbound
neighbor 2.2.2.50 prefix-list BGP_MC_out out
neighbor 3.3.3.85 remote-as 65503
neighbor 3.3.3.85 description MC_Metro_to_DC
neighbor 3.3.3.85 update-source Vlan36
neighbor 3.3.3.85 activate
neighbor 3.3.3.85 soft-reconfiguration inbound
exit-address-family
route-map MC_PBR_VRF permit 10
match ip address MC_PBR_ROUTE
set vrf VRF_MC
! control BGP
ip prefix-list BGP_A2A_out seq 10 permit 1.1.192.0/21 le 32
ip prefix-list BGP_A2A_out seq 20 permit 1.1.200.0/21 le 32
ip prefix-list BGP_A2A_out seq 30 permit 1.1.208.0/21 le 32
ip prefix-list BGP_A2A_out seq 40 permit 1.40.1.0/24 le 32
! control BGP
ip prefix-list BGP_MC_out seq 10 permit 1.40.1.0/24 le 32
ip access-list extended MC_PBR_ROUTE
permit ip any 2.2.2.48 0.0.0.15
permit ip any 3.3.3.80 0.0.0.15
permit ip any 7.87.208.0 0.0.15.255
permit ip any 55.55.0.0 0.0.0.255
permit ip any host 93.93.93.93
That's all.
What is possible:
- traceroute into MC WAN from Office LAN router "traceroute vrf VRF_MC 55.55.0.83"
1 2.2.2.50 [AS 65276] 8 msec 0 msec 0 msec
2 10.10.21.189 [AS 65276] 4 msec 0 msec 4 msec
3 10.10.41.74 [AS 65276] 12 msec 8 msec 16 msec
- MC LAN is fully reachable from A2A WAN
- Metro link is used for backup and "city" traffic between office and DC.
What does not work:
- A device connected to MC LAN cannot reach any target in MC WAN. Example:
C:\Users\me>tracert -d 55.55.0.83
1 2 ms 1 ms 1 ms 2.2.2.53 <- IP local VLAN31 MC-WAN transfer net (belonging to VRF_MC)
2 <1 ms <1 ms <1 ms 2.2.2.18 <- jump back into the GTR (A2A WAN router IP)
3 1 ms 1 ms 1 ms 5.5.5.5 <- A2A WAN
What is missing?? Is my solution itself a no-go?
Additional question: There is a backup metro link with a smaller bandwidth that should be used only in case of main metro link is down. I installed a route-map to "set local-preference 20" for all routes received via this backup metro link. Is this the recommended way to implement such backup link.
Best regardsUse the route map as a noraml thing.
To match the all the ip address there should not be any match statement in the route map. -
Influencing BGP attributes within MPLS network
pls take a look at my question and diagram is attached in the file. pls help me to fix this problem.
I have following requirement about traffic paths within the
MPLS network.MPLS network is running MP-BGP4.
1.Traffic from Europe branch to Asia branch go through London
router.
2.Traffic from America branch to Asia branch go through Los Angeles
router.
3.The two paths through London and Los Angeles should have redundancy.
That is if path through London is not accessible all the traffic must
go through Los Angeles. IF Los Angeles path go down all the traffic must
go through London.
4.Traffic from Asia to Europe and America is controlled by redistributing
BGP4 learned routes with different metrics at the London and Los Angeles
routers.So that trafic from Asia branch to Europe go through London and
traffic from Asia to America go through Los Angeles.
I have been using below configs on the PE routers. But it is not working.
In the MPLS network only one path is selected for both traffic from Europe
and America.Pls can anyone help me to fix this problem.
#PE3
ip vrf CUSTOMER
rd 1:10
route-target export 1:20
route-target import 1:40
export map EXPORT-ROUTE
import map IMPORT-ROUTE
interface FastEthernet0/0
description LONDON-GW
ip vrf forwarding CUSTOMER
ip address 1.1.1.2 255.255.255.252
router bgp 65400
address-family ipv4 vrf CUSTOMER
redistribute connected
neighbor 1.1.1.1 remote-as 65401
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 next-hop-self
neighbor 1.1.1.1 soft-reconfiguration inbound
no auto-summary
no synchronization
exit-address-family
ip extcommunity-list 1 permit rt 1:10
ip extcommunity-list 2 permit rt 1:40
route-map EXPORT-ROUTE permit 10
description LONDON-GW
match extcommunity 1
set extcomm-list 1 delete
set extcommunity rt 1:20 additive
route-map IMPORT-ROUTE permit 10
description EU & US-BRANCH
match extcommunity 2
#PE4
ip vrf CUSTOMER
rd 1:10
route-target export 1:30
route-target import 1:40
export map EXPORT-ROUTE
import map IMPORT-ROUTE
interface FastEthernet0/0
description LA-GW
ip vrf forwarding CUSTOMER
ip address 2.2.2.2 255.255.255.252
router bgp 65400
address-family ipv4 vrf CUSTOMER
redistribute connected
neighbor 2.2.2.1 remote-as 65402
neighbor 2.2.2.1 activate
neighbor 2.2.2.1 next-hop-self
neighbor 2.2.2.1 soft-reconfiguration inbound
no auto-summary
no synchronization
exit-address-family
ip extcommunity-list 1 permit rt 1:10
ip extcommunity-list 2 permit rt 1:40
route-map EXPORT-ROUTE permit 10
description LA-GW
match extcommunity 1
set extcomm-list 1 delete
set extcommunity rt 1:30 additive
route-map IMPORT-ROUTE permit 10
description EU & US-BRANCH
match extcommunity 2
#PE1
ip vrf CUSTOMER
rd 1:10
route-target export 1:40
route-target import 1:20
route-target import 1:30
export map EXPORT-ROUTE
import map IMPORT-ROUTE
interface FastEthernet0/0
description EU-BRANCH
ip vrf forwarding CUSTOMER
ip address 3.3.3.2 255.255.255.252
router bgp 65400
address-family ipv4 vrf CUSTOMER
redistribute connected
redistribute static
no auto-summary
no synchronization
exit-address-family
ip route vrf CUSTOMER 172.16.1.0 255.255.255.0 FastEthernet0/0 3.3.3.1 name EU-BRANCH
ip extcommunity-list 1 permit rt 1:10
ip extcommunity-list 2 permit rt 1:20
ip extcommunity-list 3 permit rt 1:30
route-map EXPORT-ROUTE permit 10
description EU-BRANCH
match extcommunity 1
set extcomm-list 1 delete
set extcommunity rt 1:40 additive
route-map IMPORT-ROUTE permit 10
description LONDON-GW(MAIN)
match extcommunity 2
set metric 100
route-map IMPORT-ROUTE permit 20
description LA-GW(BACKUP)
match extcommunity 3
set metric 200
route-map IMPORT-ROUTE permit 30
description OTHER
#PE2
ip vrf CUSTOMER
rd 1:10
route-target export 1:40
route-target import 1:20
route-target import 1:30
export map EXPORT-ROUTE
import map IMPORT-ROUTE
interface FastEthernet0/0
description US-BRANCH
ip vrf forwarding CUSTOMER
ip address 4.4.4.2 255.255.255.252
router bgp 65400
address-family ipv4 vrf CUSTOMER
redistribute connected
redistribute static
no auto-summary
no synchronization
exit-address-family
ip route vrf CUSTOMER 192.168.1.0 255.255.255.0 FastEthernet0/0 4.4.4.1 name US-BRANCH
ip extcommunity-list 1 permit rt 1:10
ip extcommunity-list 2 permit rt 1:20
ip extcommunity-list 3 permit rt 1:30
route-map EXPORT-ROUTE permit 10
description US-BRANCH
match extcommunity 1
set extcomm-list 1 delete
set extcommunity rt 1:40 additive
route-map IMPORT-ROUTE permit 10
description LONDON-GW(BACKUP)
match extcommunity 2
set metric 200
route-map IMPORT-ROUTE permit 20
description LA-GW(MAIN)
match extcommunity 3
set metric 100
route-map IMPORT-ROUTE permit 30
description OTHERHi Manoj
"send-community both" will export both Standard and Extended Communities
The Standard Community Values which we are setting up New on PE3 and PE4 and Matching on PE1 and PE2 can be anything in ASN:nn Format..I Just randomly chose them as 65400:1111 on PE3/PE1 and 65400:2222 on PE4/PE2.
The extcommunity values to be used on PE3/PE4 will be the export RT values used in the VRF Customer Config as posted in your first post..
#PE3
ip vrf CUSTOMER
rd 1:10
route-target export 1:20
route-target import 1:40
export map EXPORT-ROUTE
import map IMPORT-ROUTE
#PE4
ip vrf CUSTOMER
rd 1:10
route-target export 1:30
route-target import 1:40
export map EXPORT-ROUTE
import map IMPORT-ROUTE
I think I mixed up little with PE3 as PE1 and PE4 as PE2 instead ..Revised corrected config would be
On PE3-- Under VPNv4 We enable sending out the normal community values out to the RR.Then we match the extcommunity rt for the VRF Customer and set the community value to 65400:1111 which will be matched at PE1
router bgp 65400
address-family vpnv4
neighbor "RR-IP" send-community both
neighbor "RR-IP" route-map community out
exit-address-family
route-map community permit 10
match extcommunity CUSTOMER
set community 65400:1111
route-map community permit 20
ip extcommunity-list standard CUSTOMER permit rt 1:20
On PE4-- Under VPNv4 We enable sending out the normal community values out to the RR.Then we match the extcommunity rt for the VRF Customer and set the community value to 65400:2222 which will be matched at PE2
router bgp 65400
address-family vpnv4
neighbor "RR-IP" send-community both
neighbor "RR-IP" route-map community out
exit-address-family
route-map community permit 10
match extcommunity CUSTOMER
set community 65400:2222
route-map community permit 20
ip extcommunity-list standard CUSTOMER permit rt 1:30
On PE1-- Under VPNv4 We match the community value 65400:1111 which was set at PE3 and set the LP to 110
router bgp 65400
address-family vpnv4
neighbor "RR-IP" route-map community in
exit-address-family
route-map community permit 10
match community CUSTOMER
set local-preference 110
route-map community permit 20
ip community-list standard CUSTOMER permit 65400:1111
On PE2-- Under VPNv4 We match the community value 65400:2222 which was set at PE4 and set the LP to 110
router bgp 65400
address-family vpnv4
neighbor "RR-IP" route-map community in
exit-address-family
route-map community permit 10
match community CUSTOMER
set local-preference 110
route-map community permit 20
ip community-list standard CUSTOMER permit 65400:2222
Make Sure that RR is enabled to propogate the normal BGP communities as well...
Hope this helps to answer your question..Please let me know for any clarifications..
Regards
Varma
Maybe you are looking for
-
How do you get a message back after you deleted it?
On accedent I deleted an important message and I need it back how can I get it back and I don't have I cloud
-
Articulating Arm for 30" Cinema Display
Has anyone had any luck finding a good articulating arm (desk mount or wall mount) that can handle the weight and that is VESA compliant. The base that comes with the display just eats away too much of my surface area. I bought the VESA Mount Adapter
-
Trouble with Digital output on Live Value under Windows
I have a soundblaster li've value card in my system using the digital output in win98se and all works fine. I just upgraded to WinXP. The windows drivers worked fine once i switched them to digital output. However, i lost the Creative mixer and wante
-
10.4.11 won't install after download "disk does not meet requirements"
After successfully upgrading to 10.4.6, I was able to download (after three attempts) the upgrade to 10.4.11. When I went to install it, it said the volume I picked (the one the OS is on and just upgraded to Tiger) did not meet the requirements and h
-
Any Java on IXP4XX Network Processor ??
Hi, I am trying to find out whether there is any Java, either J2ME CDC or CLDC, or any other Java package on can be implemented on Intel IXP4XX series of Network Processor. Is there any concrete work has been done on this? I came across news in the i