Route restriction on BGP

Similar Messages

• Assistance Needed: Inter-VRF Routing with MP-BGP

  hello everyone,
  I've been trying to solve a problem for over a day regarding inter-vrf routing using MP-BGP and I can't seem to figure a few things out.
  I have Cisco 1921 which has VRF-JLAN and VRF-JGLOBE with 3 interfaces configured as (g0/0 = vrf JLAN, g0/1=no vrf, g0/2 = dot1q trunk to 2960S). vrf JLAN is a restricted network for users access, dns server, e.t.c. vrf JGLOBE is for Video server and global routing table belongs to Wifi Access. I've been able to seperate all the network and I can route traffic out to the Internet from vrf JLAN and the global route table but where I'm having issues is getting vrf JGLOBE to route traffic using the Global route table.
  For example: vrf JLAN should not be accessed by either Global or vrf JGLOBE. JGLOBE should be able to access vrf JLAN dns server but it should route its internet traffic via Global route table (g0/1). Last JLAN should be able to access 2 networks from the Global route table.
  I've attached my config and diagram so you can better understand what I'm trying to achieve. More light to solving this problem would be much appreciated.
  ip vrf JGLOBE
   rd 65001:2
   export map WIFI
   route-target export 65001:2
  ip vrf JLAN
   rd 65001:1
   import ipv4 unicast map C-GLOBAL
   route-target export 65001:1
   route-target import 65001:1
   route-target import 65001:2
  interface GigabitEthernet0/0
   description LAN-ACCESS-INTERNET [TO Nexthop FIREWALL]
   ip vrf forwarding JLAN
   ip address 192.168.4.3 255.255.255.248
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip flow ingress
   ip flow egress
   ip inspect INTERNET-FW out
   ip virtual-reassembly in
   load-interval 30
   duplex auto
   speed auto
  interface GigabitEthernet0/1
   description GLOBAL-Wifi-INTERNET [TO Nexthop - FIREWALL]
   ip address 192.168.5.3 255.255.255.248
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip flow ingress
   ip flow egress
   ip inspect GLOBAL-FW in
   ip inspect GLOBAL-FW out
   ip virtual-reassembly in
   load-interval 30
   duplex auto
   speed auto
  interface GigabitEthernet0/2
   no ip address
   duplex auto
   speed auto
  interface GigabitEthernet0/2.3
   description Users LAN
   encapsulation dot1Q 3
   ip vrf forwarding JLAN
   ip address 192.168.30.1 255.255.255.240
  interface GigabitEthernet0/2.4
   description Video Server
   encapsulation dot1Q 4
   ip vrf forwarding JGLOBE
   ip address 10.6.40.1 255.255.255.0
  router ospf 1 vrf JLAN
   router-id 10.6.6.10
   redistribute bgp 65001 subnets
   network 0.0.0.0 255.255.255.255 area 0
  router ospf 2 vrf JGLOBE
   router-id 10.5.7.10
   redistribute bgp 65001 subnets
   network 0.0.0.0 255.255.255.255 area 0
  router bgp 65001
   bgp router-id 10.4.6.4
   bgp log-neighbor-changes
   bgp graceful-restart restart-time 120
   bgp graceful-restart stalepath-time 360
   bgp graceful-restart
   address-family ipv4
    redistribute connected
   exit-address-family
   address-family ipv4 vrf JGLOBE
    redistribute connected
    redistribute ospf 2
   exit-address-family
   address-family ipv4 vrf JLAN
    redistribute connected
    redistribute ospf 1
   exit-address-family
  ip dns view vrf JGLOBE default
  ip dns view vrf JLAN default
  ip route 0.0.0.0 0.0.0.0 192.168.5.1
  ip route vrf JGLOBE 0.0.0.0 0.0.0.0 GigabitEthernet0/1 192.168.5.1
  ip route vrf JLAN 0.0.0.0 0.0.0.0 192.168.4.1 name LAN_INET
  ip prefix-list GLOBAL-INET seq 5 permit 0.0.0.0/0
  ip prefix-list SERVER-NET seq 5 permit 10.6.40.2/32
  ip prefix-list WIFI-NET seq 5 permit 10.254.0.0/22 le 32

  Hi Matt
  Yes the X/32 routes needs to be present in the VRF Routing-Table and if they are to be learnt statically then the MP-iBGP config for that particular VRF address-family has to redistribute static routes as well.
  Regards
  Varma

• Does a Router support 2 BGP As in one router

  Does a Router support 2 BGP As in one router. I have gone through the below Cisco page, however my router is not allowing to enter the second AS in the router, it is giving the error as usual " BGP is already running; AS is XX" . 
  http://www.cisco.com/c/en/us/td/docs/ios/12_2s/feature/guide/fsbgpdas.html#wp1056689
  My Router :- Cisco 3845
  IOS Version :- c3845-advipservicesk9-mz.124-24.T8.bin

  Hi,
  You can not run multiple BGP processes on a single router with each of them being in a separate AS. What you can do, and the link in your post explains that, is that towards a particular eBGP neighbor, you can use the neighbor local-as command to appear to be in a different AS than the one you really are in. So you do not start two BGP processes, you just make your single BGP process to appear to use a different ASN on a particular eBGP peering.
  Best regards,
  Peter

• MPLS - unknown metric on routes found on BGP table

  Hi All,
  Wondering what are below highlighted value as they are used for route preferences.
  pe401c6506#sh ip bgp vpnv4 vrf DATA 10.18.0.0/16
  BGP routing table entry for 10.254.0.253:120:10.18.0.0/16, version 157413
  Paths: (2 available, best #2, table DATA)
    Advertised to update-groups:
       1          2          3          4          5          6          7
       8          10         11         12         13         14         15
       53
    Local, (aggregated by 65001 10.254.4.254), (Received from a RR-client), imported path from 10.254.4.254:120:10.18.0.0/16
      10.254.4.254 (metric 3) from 10.254.4.254 (10.254.4.254)
        Origin IGP, metric 0, localpref 100, weight 300, valid, internal, atomic-aggregate
        Extended Community: RT:65001:120
    Local, (aggregated by 65001 10.254.4.253), (Received from a RR-client), imported path from 10.254.4.253:120:10.18.0.0/16
      10.254.4.253 (metric 2) from 10.254.4.253 (10.254.4.253)
        Origin IGP, metric 0, localpref 100, weight 300, valid, internal, atomic-aggregate, best
        Extended Community: RT:65001:120
  *Note - Are red highlighted some sort of different metric from the BGP MED metric?
  Regards,
  Hin

  Hi Hin
  The Red Highlighted Metrics are the IGP Metrics to reach the MP-iBGP Peer which is the 8th Criterion for Best Path Selection Algo..
  If we will check for a show ip route 10.254.4.254/253 we will see the IGP metric as to be as the one highlighted in red above.
  Hope this helps to answer your query..
  Regards
  Varma

• Does a route-policy override BGP split-horizon rule in IOS-XR?

  If I receive a default route from a non-client, can I turn around and send it to another non client if I have the following applied to the non-client?
  prefix-set send-default
    0.0.0.0/0
  end-set
  route-policy DEFAULT-POLICY
    if destination in send-default then
      pass
    else
      drop
    endif
  end-policy
   neighbor-group BLAH
    remote-as XXXXX
    password encrypted XXXXXXX
    description iBGP to Decryptors
    update-source Loopback0
    address-family ipv4 unicast
     route-policy DEFAULT-POLICY out
     soft-reconfiguration inbound always
   neighbor X.X.X.X
    use neighbor-group BLAH
  end

  Hi Carlopez,
  For BGP to inject a default rotue you need the "default-information originate" command, unfortunately, you can't redistribute or regenerate a route via the RPL method you described.
  regards
  xander

• Route tagging on BGP

  Hello,
  I have following problem. I want to tag a route on a CE router and advertise it into the MPLS.
  router A (CE-A): subnet 10.12.10.0/24
  CE-A   ------ PE-A ------- MPLS --------PE-B-------CE-B------
  I want to tag the routes on router CE-A with tag500 and want to receive the tag on router CE-B with that tag in order to redistribute them based on the Tag 500.
  I have tried following:
  route-map Tag500 permit 10
   set tag 500
  network 10.12.10.0 mask 255.255.255.0 route-map Tag500
  and
  neighbor 10.192.96.9 route-map Tag500 out
  on the second command i am receiving:
  % "Tag500" used as BGP outbound route-map, set tag not supported
  on the router CE-B i am receiving only Tag XXXX (replaced real EBGP neighbor AS with XXXX). YYYY is own AS.
  CE-B#show ip route 10.12.10.254
  Routing entry for 10.12.10.0/24
    Known via "bgp YYYY", distance 20, metric 0
    Tag XXXX, type external
    Last update from 10.192.96.61 04:34:47 ago
    Routing Descriptor Blocks:
    * 10.192.96.61, from 10.192.96.61, 04:34:47 ago
        Route metric is 0, traffic share count is 1
        AS Hops 4
        Route tag XXXX
  I would like to see something like:
  CE-B#show ip route 10.12.10.254
  Routing entry for 10.12.10.0/24
    Known via "bgp YYYY", distance 20, metric 0
    Tag 500, type external
    Last update from 10.192.96.61 04:34:47 ago
    Routing Descriptor Blocks:
    * 10.192.96.61, from 10.192.96.61, 04:34:47 ago
        Route metric is 0, traffic share count is 1
        AS Hops 4
        Route tag 500
  How can i make this happen ?
  Can i do this with communities ? If yes, could someone please explain how ?
  Kind Regards,
  Oliver

  Do you have control of the other side? If not, you'll  have to work with the isp to make sure they treat your community the way that you want. You'll also need to make sure they support them. Other than that, you can set communities outbound in the route map, and you'll need to configure your neighbor to send the communities:
  route-map Community permit 20
  set community 123:1234 (usually ASN:Number)
  router bgp 1
  neighbor 1.1.1.1 send-community both
  neighbor 1.1.1.1 route-map Community out
  When they receive it, they'll need to match on the community instead of the tag...
  HTH,
  John

• Find Source IP of Router for Route Learned via BGP

  Hi All, 
  45 minutes of searching documents and google, and I cannot find a series of commands that will help me identify the Source IP of the router which advertised a route.  The router I am accessing is the on-premise router, and only has one neighbor from which it learns all the routes. 
  I recall being able to do this fairly easily in the past. 
  Regards,
  Jerry

  To clarify, 
  If I do
  show ip bgp neighbor 10.100.100.2 route
  I see about 100 routes learned from that neighbor. 
  Is there any way to track down where each of those routes came from?
  Thanks in advance,
  Jerry

• Advertising ipv4 routes via ipv6 bgp peers

  Hello,
  I have established IPV6 bgp sessions with ipv6 prefix-list filter. But ipv4 routes were advertised over this bgp session. Do I I need special configuration under address family or ipv4 prefix-list filters required ?
  Note : the config was  IBGP between 7200 routers and 6509 core switches.
  Thank you all
  Nael

  Hi Nael,
  This is because address-family ipv4 unicast gets activated by default when you configure a new neighbor in BGP. You either need to configure "no bgp default ipv4-unicast" or go under address-family ipv4 unicast and do a "no neighbor" for the ipv6 neighbor.
  Hope this helps

• Importing not-just-1-best bgp route to VRF in XR in case of unique RD per PE

  I'm trying to import  BGP prefix from several different sources into VRF for fast convergence. When RD on local and remote PE match, it works right away. But if RDs are different, then I can see many different routes in "sh bgp vpnv4 unicast rd x:x (remote PE's RD)" with NOT-IN-VRF flag, but only best one is present in "sh bgp vpnv4 unicast vrf YYY" or  "sh bgp vpnv4 unicast rd y:y (RD of local PE)". 
  As I understand, in IOS it is handled like this:
  router bgp 1
  address-family ipv4 vrf YYY
    import path selection all
    import path limit 4
  But can not figure out how to do it in XR. Any suggestions? Do not want to roll back to same-RD-on-all-PEs approach, as IOS doesn't do much of add-paths for VPNv4 ;(. 

  I dont know if this will exactly suit your needs but you can enable PIC (Prefix independent convergence) with the additional-paths command.
  The exact command depends on your XR version (additional-paths install backup or additional-paths election)
  Refer to the document:
  http://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-1/routing/command/reference/b_routing_cr41crs/b_routing_cr41crs_chapter_01.html#wp2841279186

• Inject BGP Default Routes into Multiple VRF before Best Path Selection

  Hello, 
  I have the following setup:
  Multiple Border Routers with eBGP sessions to external AS. We receive a default route from this multiple AS to keep the Table manageable. We noticed an important part of our traffic was been SW routed instead of CEF when we had the Full Internet table. Router Resources came to the ground when we changed to a default. 
  Now I want to separate this default routes into different VRF. Attached is the Diagram. 
  My question is,  the multiple default route all go into the BGP Table. The BGP table then select the best route and place it on the RIB and then to the FIB. 
  I want to redistribute the different Route on the BGP table prior to the Best path selection algorithm and placed on the RIB. 
  How can I achieve this?

  Hi,
  Redistribution of multiple routes to same prefix is not possible. Even if you have configured BGP multipath and all different bgp routes got installed into routing table, during redistribution only route will be redistributed. 
  Also would like to understand the requirement of redistributing multiple BGP routes in to IGP. As per your diagram, 3 different eBGP sessions are on three different routers, so you can prefer eBGP route over iBGP received from other routers and can distribute eBGP route to IGP from each router. Thus you will have three different default routes in to IGP in core.
  Please don't forget to rate this post if it has been helpful
  - Akash

• Query on BGP route distribution

  Hello Everyone
  In the below scenario (GNS3), IBGP peering enabled between R1-R2, R1-R3, R2-R3 and EBGP peering enabled between R2-R4,R3-R5,R4-R6,R5-R7. OSPF enabled as IGP. Scenario attached for reference.
  The problem I've observed in R1 is not getting entire BGP routing table for destinations 30.x.x.x/40.x.x.x.
  I'm able to see only best routes in R1 BGP routing table, but alternate valid routes are not visible in its topology table.
  R1#sh ip bgp
  BGP table version is 81, local router ID is 100.100.2.1
  *>i30.30.1.0/24     10.10.1.2                0    100      0 200 300 ?
  *>i30.30.2.0/24     10.10.1.2                0    100      0 200 300 ?
  *>i40.40.1.0/24     10.10.2.2                0    100      0 200 400 i
  *>i40.40.2.0/24     10.10.2.2                0    100      0 200 400 i
  *> 100.100.1.0/24   0.0.0.0                  0         32768 i
  *> 100.100.2.0/24   0.0.0.0                  0         32768 i
  More confusing part to me is when I disable IBGP peering between R2-R3 or shutdown interface between R2-R3 or else if I disable ospf in R1,R2 & R3 routers , I'm able to see both best route and alternate valid route in BGP topology table.
  R1#sh ip bgp

  Hi Milin & Renan,
  Thanks for your replies. To narrow down the problem, I’ve shut down the 40.40.x.x network.
  Now between R2-R3, R3 is not advertising 30.30.X.X network to R2, but whereas R2 is advertising 30.30.X.X network to R3. Why R3 is not advertising 30.30.X.X (route via 200 400 300) to R2.
  R2#sh ip bgp ( No alternate route)
   Network          Next Hop            Metric LocPrf Weight Path
  *> 30.30.1.0/24     10.10.4.2                              0 200 300 ?
  *> 30.30.2.0/24     10.10.4.2                              0 200 300 ?
  *>i100.100.1.0/24   10.10.1.1                0    100      0 i
  *>i100.100.2.0/24   10.10.1.1                0    100      0 i
  R2#sh ip bgp summary
  Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
  10.10.1.1       4   100      96      98        5    0    0 01:05:50        2
  10.10.3.2       4   100      98     100        5    0    0 01:05:54        0
  10.10.4.2       4   200     100      98        5    0    0 01:05:39        2
  R3#sh ip bgp  ( only in R3 we can see both best route & alternate route)
     Network          Next Hop            Metric LocPrf Weight Path
  *>i30.30.1.0/24     10.10.3.1                0    100      0 200 300 ?
  *                   10.10.5.2                              0 200 400 300 ?
  *>i30.30.2.0/24     10.10.3.1                0    100      0 200 300 ?
  *                   10.10.5.2                              0 200 400 300 ?
  *>i100.100.1.0/24   10.10.2.1                0    100      0 i
  *>i100.100.2.0/24   10.10.2.1                0    100      0 i
  R3#sh ip bgp summary
  Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
  10.10.2.1       4   100      54      57       19    0    0 00:50:17        2
  10.10.3.1       4   100      62      60       19    0    0 00:27:22        2
  10.10.5.2       4   200      58      58       19    0    0 00:50:08        2

• BGP default route advertisement - change preference

  hi guys,
  I would appreciate some assistance here. We have a primary head office & a DR site. Routers at both sites connect to our carrier for an IP VPN service using BGP. BGP configs on each router advertise a default route 0.0.0.0.
     #sh ip bgp neighbors x.x.x.x advertised-routes
        BGP table version is 358, local router ID is x.x.x.x
        Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
                r RIB-failure, S Stale
        Origin codes: i - IGP, e - EGP, ? - incomplete
        Originating default network 0.0.0.0
  Issue is, some of our remote sites prefer the DR router path for traffic destined to internet.
  We are advertising multiple default routes to our carrier, and based on feedback from carrier, route with lowest MED is preferred.
  This brings me to what i need to change from my side. Need to change the route preference so that from our remote offices, only the route to head office is preferred with DR site the least preferred route. I know there are multliple ways of doing this, however keen to get input from the experts out there.
  DR site router has this BGP config currently applied:
     router bgp XXXXX
      bgp log-neighbor-changes
      redistribute connected
      redistribute ospf 1 match internal external 1 external 2
      neighbor x.x.x.x remote-as XXXX
      neighbor x.x.x.x default-originate
      neighbor x.x.x.x soft-reconfiguration inbound
      neighbor x.x.x.x route-map IMPORT-POLICY in
      neighbor x.x.x.x route-map OPI-route-advertisement out
      default-information originate
  Removing the  "neighbor x.x.x.x default-originate" is not an option, as we need to have the ability to failover to DR at any point.
  Thanks in advance & if you need any further info pls advise.
  Rama

  Hi Milan,
  Thanks. Answers below:
  Does it provide an MPLS backbone to you? YES
  Are you using the same AS number on all your sites or different ones? Same AS
  Any way, what about advertising the default route from your DR site with the site AS number prepended several times (5 times, e.g.)? That's the thing I am struggling to understand as the route-map OPI-route-advertisement already has it prepended 2 times. Shouldn't that be enough to influence which route is least preferred?
  route-map OPI-route-advertisement permit 20
   match ip address prefix-list xxx default-route
   set as-path prepend XXXXX XXXXX
  If your provider would permit that and hasn't configured his routers to ignore the AS_PATH length (as him a question), it should make the default route advertised from your DR less preferred within your backbone. Will ask.
  Given this, any other thoughts/questions?
  Thanks, Rama

• Filtering OSPF routes from MPBGP to BGP speaker in the same VRF

  I'm wondering if anyone has some ideas they an share on this.
  Assume the following:
  - CE1 is speaking *iBGP and OSPF to PE1 inside vrf foo
  - PE1 is mutually redistributing CE1's OSPF table with MPBGP
  - PE1 exchanges MPBGP routes with PE2.
  - PE2 is mutually redistributing CE2's OSPF table with MPBGP
  - CE2 is speaking *iBGP and OSPF to PE2 inside vrf foo
  So the problem is that the OSPF routes redistributed into MPBGP from via one CE are being announced to the other CE via the PE-CE BGP process.  Because those routes are already being received by the CE via the PE-CE OSPF process, they are showing up in the CE's BGP table as RIB failures.
  Is there any way to filter those out?  I've tried setting and matching tags and communities from within various redistribution points on the PE, but I can't seem to keep them out of the CE's BGP table.

  are you sure you are using iBGP on both sides and not eBGP?
  I'm asking because routes learnt by PE1 from CE via iBGP ( meaning same BGP AS number on CE1 and PE1 vrf foo) will not be propagated to CE2, because an iBGP route learned by a BGP speaker in not pushed to another iBGP speaker.
  So it means that a show ip bgp neighbor vrf foo advertised routes on PE2 shall  show that no routes from CE1 are being advertised to CE2.
  As mentionned earlier, changing BGP admin distance is an option. Let BGP have a better distance on your CEs and this should do the trick :
  router bgp xxx
  distance bgp 20 20 20
  Then after clearing bgp session, the rib failures are gone as OSPF is AD 110 and BGP is now AD 20 ( also remember that BGP does not annouces rib failure routes to other BGP peers)
  cheers

• BGP route advertisement

  I am confused about which routes will a bgp speaker advertise to its bgp neighbors?
  Will it advertise the bgp routes in routing table OR will it advertise the best routes from the bgp table (but not necessarily in routing table)?

  Thanks!!
  I thought so, but in Troubleshooting IP Routing Protocols book by Cisco press, it is stated that bgp router will advertise its routes from routing table, so wanted to confirm that that was indeed wrong.
  On page 668, this is what is written:
  One rule that BGP follows when advertising prefixes to other neighbors is that the prefix being advertised must
  exist in the routing table of the advertising router.

• Facing problem while redistributing RIP routes in BGP

    Hi All,
  we are facing some problems while redistributing the RIP routes into BGP.
  Scenario is like we are using RIP between My site and client router and we are redistributing some of the routes learned via RIP into the BGP ( we are using BGP to take clients routes inside our network)
  We are using a route-Map in which we have allowed the rip routes that we want to install in our bgp table,but the problem is we are not able to install only one subnet out of many that we have allowed in the access-list , all the routes that we have allowed in ACL are there in the routing table,for the workaround we have advertise this subnet by using the network command in bgp and now we can see the routes in the BGP table.
  can anyone help me out on this why we are not able to see only one subnet in our BGP table by using the redistribution.

  hi, please find the same
  sh ip route 199.67.210.0 255.255.255.0
  Routing entry for 199.67.210.0/24
    Known via "rip", distance 120, metric 1
    Redistributing via bgp 65533, rip
    Advertised by bgp 65533 metric 100 route-map RIP-BGP
    Last update from 169.189.164.185 on GigabitEthernet0/0, 00:00:27 ago
    Routing Descriptor Blocks:
    * 169.189.164.185, from 169.189.164.185, 00:00:27 ago, via GigabitEthernet0/0
        Route metric is 1, traffic share count is 1
  =============================
  sh ip bgp 199.67.210.0 255.255.255.0
  BGP routing table entry for 199.67.210.0/24, version 1456
  Paths: (1 available, best #1, table Default-IP-Routing-Table)
    Advertised to update-groups:
       1
    Local
      169.189.164.185 from 0.0.0.0 (169.189.164.187)
        Origin IGP, metric 1, localpref 100, weight 32768, valid, sourced, local, best
  WBPO-Southwest-RTR#
  =========================================
  sh ip rip database 199.67.210.0 255.255.255.0
  199.67.210.0/24
      [1] via 169.189.164.185, 00:00:09, GigabitEthernet0/0 sh ip rip database 199.67.210.0 255.255.255.0
  199.67.210.0/24
      [1] via 169.189.164.185, 00:00:09, GigabitEthernet0/0
  ====================================
  we have removed the enrty from the ACL because we are not able to see the entry for this in bgp table despite allowing this in the acl.