VPNv4 aggregate address

Hi,
I am trying to reduce the routing table to our PE's which are currently 3750ME's. The 3750ME's only come with 128MB of DRAM so I am keen to reduce the size of the routing table amongst other things. Is there an equivalent to the aggregate-address ipv4 address family (within bgp) command for vpnv4 routes? Essentially I would like to filter, summarise or add default routes facing the PE's where possible. Being able to perform this level of granularity per vrf instance would be ideal.
I had read somewhere that vpn4 automatically summarises between P's and PE's but I wasn't 100% confident on the source of this information.

there's no auto summarization, in fact your P routers shouldn't be running BGP and they shouldn't see any VPNv4 prefixes. There's no aggregate-address command under "address-family vpnv4", you put it under "address-family ipv4 vrf x". In other words, you summarize routes coming in from CE's in a VRF. Use "summary-only" keyword. It will result only in a summary vpnv4 route sent to other PE's

Similar Messages

Why BGP aggregate-address shows next hop itself?

Hello,
I have treble with bgp aggregate-address x.x.x.x y.y.y.y summary-only command, whenever i put that command on my bgp it start showing its next hop as itself, i am running ios 15.2(4)M1 attached is my topology, and below is config of "Sugerbush"
Network Next Hop Metric LocPrf Weight Path
s> 192.168.192.0 192.168.1.254 409600 0 100 ?
* i 192.168.192.0/21 192.168.1.237 0 100 0 i
*> 0.0.0.0 32768 i <-------WHY?
* 192.168.1.254 0 0 100 ?
s> 192.168.193.0 192.168.1.254 409600 0 100 ?
s> 192.168.194.0 192.168.1.254 409600 0 100 ?
Sugarbush#
Sugarbush#sh ip bgp 192.168.192.0/21
BGP routing table entry for 192.168.192.0/21, version 9
Paths: (3 available, best #2, table default)
Advertised to update-groups:
37 38
Refresh Epoch 1
Local, (aggregated by 200 192.168.1.246)
192.168.1.237 from 192.168.1.237 (192.168.1.246)
Origin IGP, metric 0, localpref 100, valid, internal, atomic-aggregate
Refresh Epoch 1
Local, (aggregated by 200 192.168.1.253)
0.0.0.0 from 0.0.0.0 (192.168.1.253)
Origin IGP, localpref 100, weight 32768, valid, aggregated, local, atomic-aggregate, best
Refresh Epoch 1
100, (aggregated by 100 192.168.199.2)
192.168.1.254 from 192.168.1.254 (192.168.199.2)
Origin incomplete, metric 0, localpref 100, valid, external, atomic-aggregate
Sugarbush#
Sugarbush#sh run | s bgp
router bgp 200
bgp log-neighbor-changes
bgp aggregate-timer 0
aggregate-address 192.168.192.0 255.255.248.0 summary-only
neighbor 192.168.1.237 remote-as 200
neighbor 192.168.1.237 next-hop-self
neighbor 192.168.1.250 remote-as 300
neighbor 192.168.1.254 remote-as 100
Sugarbush#
Regards,
gargolek,

Hello,
I have treble with bgp aggregate-address x.x.x.x y.y.y.y summary-only command, whenever i put that command on my bgp it start showing its next hop as itself, i am running ios 15.2(4)M1 attached is my topology, and below is config of "Sugerbush"
Network Next Hop Metric LocPrf Weight Path
s> 192.168.192.0 192.168.1.254 409600 0 100 ?
* i 192.168.192.0/21 192.168.1.237 0 100 0 i
*> 0.0.0.0 32768 i <-------WHY?
* 192.168.1.254 0 0 100 ?
s> 192.168.193.0 192.168.1.254 409600 0 100 ?
s> 192.168.194.0 192.168.1.254 409600 0 100 ?
Sugarbush#
Sugarbush#sh ip bgp 192.168.192.0/21
BGP routing table entry for 192.168.192.0/21, version 9
Paths: (3 available, best #2, table default)
Advertised to update-groups:
37 38
Refresh Epoch 1
Local, (aggregated by 200 192.168.1.246)
192.168.1.237 from 192.168.1.237 (192.168.1.246)
Origin IGP, metric 0, localpref 100, valid, internal, atomic-aggregate
Refresh Epoch 1
Local, (aggregated by 200 192.168.1.253)
0.0.0.0 from 0.0.0.0 (192.168.1.253)
Origin IGP, localpref 100, weight 32768, valid, aggregated, local, atomic-aggregate, best
Refresh Epoch 1
100, (aggregated by 100 192.168.199.2)
192.168.1.254 from 192.168.1.254 (192.168.199.2)
Origin incomplete, metric 0, localpref 100, valid, external, atomic-aggregate
Sugarbush#
Sugarbush#sh run | s bgp
router bgp 200
bgp log-neighbor-changes
bgp aggregate-timer 0
aggregate-address 192.168.192.0 255.255.248.0 summary-only
neighbor 192.168.1.237 remote-as 200
neighbor 192.168.1.237 next-hop-self
neighbor 192.168.1.250 remote-as 300
neighbor 192.168.1.254 remote-as 100
Sugarbush#
Regards,
gargolek,

Aggregate-address command

I noticed when I first place aggregate-address 10.34.0.0 255.224.0.0 summary-only and than 10.40.0.0 255.255.255.0 to advertise more specific, that route is not placed. If I take out 10.34.0.0 and put 10.40.0.0 and than put 10.34.0.0 back, I can see both advertised. Looks to me the order matters if second aggregate fells into wider aggregate. Did anyone notice this issue?

Hello Mateusz,
you can use the suppress-map option in the aggregate-address command to get the desired behaviour
see
https://www.cisco.com/en/US/docs/ios/iproute/command/reference/irp_bgp1.html#wp1011467
routes that match the route-map will be suppressed the component routes not matching will be advertised in addition to aggregate
Hope to help
Giuseppe

ASR9000 VPNv4 prefix limits

I'm seeing an odd issue that cropped up during testing of a new network. I was asked to inject at least 300K routes into a L3VPN instance configured across a new MPLS core of ASR9006 and 9001 routers.
I had a router that can inject some 425K routes, so used that as my source.
I have ebgp between ISP route injection and CE router.
Ebgp between CE router and PE at edge of L3VPN.
i see the 425K routes on the ISP, CE and PE. Looking at show bgp vpnv4 unicast summary shows 425K+ routes.
But, across the `other side' of the L3VPN on another PE-CE connection into that L3VPN I only see exactly 207000 routes, with show bgp vpnv4 unicast summary. And if I look on the the CE router there I see the same, 207000 routes.
I see there is a maximum-prefix command, with different defaults dpending on the address family, but non at 207000. Also I've not configured any aggregate addressing.
It looks like the L3VPN is droppong excess routes, but I've played around with the maximum prefix value, seems to have no effect on my network.
The other point, the core is using a pair of route reflectors, if that makes any difference to this.
Anyone seen this before, any ideas?
Code is 4.3.0 on all ASR's.

I'm seeing an odd issue that cropped up during testing of a new network. I was asked to inject at least 300K routes into a L3VPN instance configured across a new MPLS core of ASR9006 and 9001 routers.
I had a router that can inject some 425K routes, so used that as my source.
I have ebgp between ISP route injection and CE router.
Ebgp between CE router and PE at edge of L3VPN.
i see the 425K routes on the ISP, CE and PE. Looking at show bgp vpnv4 unicast summary shows 425K+ routes.
But, across the `other side' of the L3VPN on another PE-CE connection into that L3VPN I only see exactly 207000 routes, with show bgp vpnv4 unicast summary. And if I look on the the CE router there I see the same, 207000 routes.
I see there is a maximum-prefix command, with different defaults dpending on the address family, but non at 207000. Also I've not configured any aggregate addressing.
It looks like the L3VPN is droppong excess routes, but I've played around with the maximum prefix value, seems to have no effect on my network.
The other point, the core is using a pair of route reflectors, if that makes any difference to this.
Anyone seen this before, any ideas?
Code is 4.3.0 on all ASR's.

Inter as vpnv4

Hello Folks,
In inter AS VPNV4 we will form a egbp vpnv4 neighbor relation ship.
In IOS XR what is the way to achieve it?
Am I correct going this way
route-policy EBGP (in both the routers)
pass
end-policy
commit
R1 (10.10.10.1)------------------------(10.10.10.2) R2
conf t                                                                 conf t
router bgp 1                                                       router bgp 10
neighbor 10.10.10.2                                        neighbor 10.10.10.1
remote-as 10                                                   remote-as 1
address-family vpnv4 uni                                 address-family vpnv4 uni
route-policy EBGP in                                      route-policy EBGP in
route-policy EBGP out                                     route-policy EBGP out
exit-address-family                                           exit-address-family
commit                                                                commit
Is ther any static route necessary here and if so then why?
I Will rate all helpful posts
Regards
Thanveer
"Everybody is genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is a stupid."

Hi Thanveer,
Here's a rough working example:
r1 (gi0/0/0/0) <++++++++> (gi0/0/0/0) r2
r1:
interface GigabitEthernet0/0/0/0
ipv4 address 192.168.12.1 255.255.255.0
route-policy accept-all
pass
end-policy
router static
address-family ipv4 unicast
192.168.12.2/32 GigabitEthernet0/0/0/0
router bgp 1
mpls activate
interface GigabitEthernet0/0/0/0
address-family vpnv4 unicast
retain route-target all
neighbor 192.168.12.2
remote-as 2
address-family vpnv4 unicast
   route-policy accept-all in
   route-policy accept-all out
r2:
interface GigabitEthernet0/0/0/0
ipv4 address 192.168.12.2 255.255.255.0
route-policy accept-all
pass
end-policy
router static
address-family ipv4 unicast
192.168.12.1/32 GigabitEthernet0/0/0/0
router bgp 2
mpls activate
interface GigabitEthernet0/0/0/0
address-family vpnv4 unicast
retain route-target all
neighbor 192.168.12.1
remote-as 1
address-family vpnv4 unicast
   route-policy accept-all in
   route-policy accept-all out
Hope this helps

Address family vpn4/ipv4 for EBGP

What is the difference between "address family vpnv4" and address family ipv4", do I have to configure both for an EBGP session ?
Thanks
NK

VPNv4 is used for the support of MPLS VPN as described by draft-ietf-l3vpn-rfc2547bis-03.
http://www.ietf.org/internet-drafts/draft-ietf-l3vpn-rfc2547bis-03.txt
IPv4 is for the support of regular ipv4 addresses.
You may need to enable vpnv4 or/and ipv4 depending on what you want to do.
Let me know if I answered your question,

Not working multitopology ISIS with IOS and IOS-XR

Hi everyone,
I've gon a problem setting up IPv6 routing with ISIS in the test network. There are four routers connected as shown on the image.
I've got problems setting up IPv6 routing in this topology. I tried single topology and multitopology ISIS. Neither of them works properly. Single topology simple does not come up when IPv6 is configured in ISIS. Multitopology yet comes up but uyields only working IPv4 roting. I can see that IPv6 ISIS RIB is buit by the routers, but it is not copied into the main routing table.
That's what I get in the multitopology mode:
All neignors are up.
R2#show isis neighbors
Tag null:
System Id Type Interface IP Address State Holdtime Circuit Id
R7 L1 Et0/2 2.2.27.7 UP 7 R7.04
R8 L1 Et0/1 2.2.28.8 UP 9 R8.03
R9 L1 Et0/0 2.2.29.9 UP 7 R9.01
Database in consistent on all four routers
R2#show isis database
Tag null:
IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
R2.00-00 * 0x0000001C 0x21DD 727 0/0/0
R7.00-00 0x00000011 0xF6EF 866 0/0/0
R7.04-00 0x00000007 0x5CD2 1117 0/0/0
R8.00-00 0x0000000B 0xD2EA 941 0/0/0
R8.01-00 0x00000006 0xF0C3 878 0/0/0
R8.03-00 0x00000006 0x7E39 805 0/0/0
R9.00-00 0x0000000B 0x4071 817 0/0/0
R9.01-00 0x00000006 0x8D2A 783 0/0/0
R9.03-00 0x00000006 0xE3CC 840 0/0/0
ISIS IPv6 RIB contains only local prefixes
R2#show isis ipv6 rib
IS-IS IPv6 process , local RIB
2002:2:2::7/128
2002:2:2:27::/64
2002:2:2:78::/64
2002:2:2:79::/64
IPv6 topology is not complete as if R8 and R9 were not in database
R2#show isis ipv6 topology
Tag null:
IS-IS TID 2 paths to level-1 routers
System Id Metric Next-Hop Interface SNPA
R2 --
R7 10 R7 Et0/2 0202.5a00.b120
R8 **
R9 **
A closer look at isis database:
R2#show isis database detail
Tag null:
IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
R2.00-00 * 0x0000001D 0x1FDE 1004 0/0/0
Area Address: 47.0002
Topology: IPv4 (0x0)
IPv6 (0x2)
NLPID: 0xCC 0x8E
Hostname: R2
IP Address: 2.2.0.2
Metric: 10 IP 2.2.0.2/32
Metric: 10 IP 2.2.29.0/24
Metric: 10 IP 2.2.28.0/24
Metric: 10 IP 2.2.27.0/24
IPv6 Address: 2002:2:2::2
Metric: 10 IPv6 (MT-IPv6) 2002:2:2:29::/64
Metric: 10 IPv6 (MT-IPv6) 2002:2:2:28::/64
Metric: 10 IPv6 (MT-IPv6) 2002:2:2:27::/64
Metric: 10 IPv6 (MT-IPv6) 2002:2:2::2/128
Metric: 10 IS-Extended R7.04
Metric: 10 IS-Extended R8.03
Metric: 10 IS-Extended R9.01
Metric: 10 IS (MT-IPv6) R7.04
Metric: 10 IS (MT-IPv6) R8.03
Metric: 10 IS (MT-IPv6) R9.01
R7.00-00 0x00000012 0xF4F0 1187 0/0/0
Area Address: 47.0002
Topology: IPv4 (0x0)
IPv6 (0x2)
NLPID: 0xCC 0x8E
Hostname: R7
IP Address: 2.2.0.7
Metric: 10 IP 2.2.0.7/32
Metric: 10 IP 2.2.78.0/24
Metric: 10 IP 2.2.79.0/24
Metric: 10 IP 2.2.27.0/24
IPv6 Address: 2002:2:2::7
Metric: 10 IPv6 (MT-IPv6) 2002:2:2:78::/64
Metric: 10 IPv6 (MT-IPv6) 2002:2:2:79::/64
Metric: 10 IPv6 (MT-IPv6) 2002:2:2:27::/64
Metric: 10 IPv6 (MT-IPv6) 2002:2:2::7/128
Metric: 10 IS-Extended R7.04
Metric: 10 IS-Extended R8.01
Metric: 10 IS-Extended R9.03
Metric: 10 IS (MT-IPv6) R7.04
Metric: 10 IS (MT-IPv6) R8.01
Metric: 10 IS (MT-IPv6) R9.03
R7.04-00 0x00000007 0x5CD2 640 0/0/0
Metric: 0 IS-Extended R7.00
Metric: 0 IS-Extended R2.00
R8.00-00 0x0000000B 0xD2EA 464 0/0/0
Area Address: 47.0002
NLPID: 0xCC 0x8E
Topology: IPv4 (0x0)
IPv6 (0x2)
Hostname: R8
IP Address: 2.2.0.8
IPv6 Address: 2002:2:2::8
Metric: 10 IS-Extended R8.01
Metric: 10 IS-Extended R8.03
Metric: 10 IP 2.2.0.8/32
Metric: 10 IP 2.2.28.0/24
Metric: 10 IP 2.2.78.0/24
Metric: 10 IPv6 (MT-IPv6) 2002:2:2::8/128
Metric: 10 IPv6 (MT-IPv6) 2002:2:2:28::/64
Metric: 10 IPv6 (MT-IPv6) 2002:2:2:78::/64
R8.01-00 0x00000007 0xEEC4 1155 0/0/0
Metric: 0 IS-Extended R8.00
Metric: 0 IS-Extended R7.00
R8.03-00 0x00000006 0x7E39 328 0/0/0
Metric: 0 IS-Extended R8.00
Metric: 0 IS-Extended R2.00
R9.00-00 0x0000000C 0x3E72 1035 0/0/0
Area Address: 47.0002
NLPID: 0xCC 0x8E
Topology: IPv4 (0x0)
IPv6 (0x2)
Hostname: R9
IP Address: 2.2.0.9
IPv6 Address: 2002:2:2::9
Metric: 10 IS-Extended R9.01
Metric: 10 IS-Extended R9.03
Metric: 10 IP 2.2.0.9/32
Metric: 10 IP 2.2.29.0/24
Metric: 10 IP 2.2.79.0/24
Metric: 10 IPv6 (MT-IPv6) 2002:2:2::9/128
Metric: 10 IPv6 (MT-IPv6) 2002:2:2:29::/64
Metric: 10 IPv6 (MT-IPv6) 2002:2:2:79::/64
R9.01-00 0x00000007 0x8B2B 1048 0/0/0
Metric: 0 IS-Extended R9.00
Metric: 0 IS-Extended R2.00
R9.03-00 0x00000007 0xE1CD 1091 0/0/0
Metric: 0 IS-Extended R9.00
Metric: 0 IS-Extended R7.00
I don't understand the following: Why R8 doesn't consider itself attached to Pseudonodes R8.01 and R8.03 in IPv6 topology? The same question about R9 and Pseudonodes R9.01 and R9.03 in IPv6 topology. R7 and R2 consider themselves as attached to Pseudonode R7.04, although R7.04 doesn't look much different from the rest of the Pseudonode LSPs in the database. This fact still doesn't allow them to calculate a correct RIB.
Am I missing something?
Configs of the devices is below:
######R2########
service timestamps debug datetime msec
service timestamps log datetime msec
hostname R2
boot-start-marker
boot-end-marker
vrf definition ABC
rd 2:2
address-family ipv4
route-target export 2:2
route-target import 2:2
route-target import 1002:2
exit-address-family
no aaa new-model
clock timezone PST 0
ip source-route
ip cef
ipv6 unicast-routing
ipv6 cef
multilink bundle-name authenticated
mpls label protocol ldp
interface Loopback0
ip address 2.2.0.2 255.255.255.255
ip router isis
ipv6 address 2002:2:2::2/128
ipv6 router isis
interface Ethernet0/0
ip address 2.2.29.2 255.255.255.0
ip router isis
ipv6 address 2002:2:2:29::2/64
ipv6 router isis
mpls ip
interface Ethernet0/1
ip address 2.2.28.2 255.255.255.0
ip router isis
ipv6 address 2002:2:2:28::2/64
ipv6 router isis
mpls ip
interface Ethernet0/2
ip address 2.2.27.2 255.255.255.0
ip router isis
ipv6 address 2002:2:2:27::2/64
ipv6 router isis
mpls ip
interface Ethernet0/3
no ip address
shutdown
interface Ethernet1/0
vrf forwarding ABC
ip address 172.2.142.2 255.255.255.0
interface Ethernet1/1
no ip address
shutdown
interface Ethernet1/2
no ip address
shutdown
interface Ethernet1/3
no ip address
shutdown
router isis
net 47.0002.0000.0000.0002.00
is-type level-1
metric-style wide
address-family ipv6
multi-topology
exit-address-family
router rip
version 2
address-family ipv4 vrf ABC
redistribute bgp 2 metric 1
network 172.2.0.0
no auto-summary
version 2
exit-address-family
router bgp 2
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 2.2.0.9 remote-as 2
neighbor 2.2.0.9 update-source Loopback0
address-family ipv4
no synchronization
network 2.2.0.2 mask 255.255.255.255
neighbor 2.2.0.9 activate
neighbor 2.2.0.9 send-community
no auto-summary
exit-address-family
address-family vpnv4
neighbor 2.2.0.9 activate
neighbor 2.2.0.9 send-community extended
neighbor 2.2.0.9 next-hop-self
exit-address-family
address-family ipv4 vrf ABC
no synchronization
redistribute rip
exit-address-family
no ip http server
mpls ldp router-id Loopback0
control-plane
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
login
end
######R7########
service timestamps debug datetime msec
service timestamps log datetime msec
hostname R7
boot-start-marker
boot-end-marker
vrf definition ABC
rd 2:2
address-family ipv4
route-target export 2:2
route-target import 2:2
route-target import 1002:2
exit-address-family
no aaa new-model
clock timezone PST 0
ip source-route
ip cef
ipv6 unicast-routing
ipv6 cef
multilink bundle-name authenticated
mpls label protocol ldp
interface Loopback0
ip address 2.2.0.7 255.255.255.255
ip router isis
ipv6 address 2002:2:2::7/128
ipv6 router isis
interface Ethernet0/0
ip address 2.2.78.7 255.255.255.0
ip router isis
ipv6 address 2002:2:2:78::7/64
ipv6 router isis
mpls ip
interface Ethernet0/1
ip address 2.2.79.7 255.255.255.0
ip router isis
ipv6 address 2002:2:2:79::7/64
ipv6 router isis
mpls ip
interface Ethernet0/2
ip address 2.2.27.7 255.255.255.0
ip router isis
ipv6 address 2002:2:2:27::7/64
ipv6 router isis
mpls ip
interface Ethernet0/3
no ip address
shutdown
interface Ethernet1/0
vrf forwarding ABC
ip address 172.2.17.7 255.255.255.0
interface Ethernet1/1
no ip address
shutdown
interface Ethernet1/2
no ip address
shutdown
interface Ethernet1/3
no ip address
shutdown
interface Serial2/0
no ip address
no fair-queue
serial restart-delay 0
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
router ospf 100 vrf ABC
log-adjacency-changes
redistribute bgp 2 subnets
network 172.2.0.0 0.0.255.255 area 0
router isis
net 47.0002.0000.0000.0007.00
is-type level-1
metric-style wide
address-family ipv6
multi-topology
exit-address-family
router bgp 2
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 2.2.0.9 remote-as 2
neighbor 2.2.0.9 update-source Loopback0
neighbor 2002:2:2::9 remote-as 2
neighbor 2002:2:2::9 update-source Loopback0
address-family ipv4
no synchronization
network 2.2.0.7 mask 255.255.255.255
neighbor 2.2.0.9 activate
neighbor 2.2.0.9 send-community
no auto-summary
exit-address-family
address-family vpnv4
neighbor 2.2.0.9 activate
neighbor 2.2.0.9 send-community extended
exit-address-family
address-family ipv6
no synchronization
network 2002:2:2::7/128
neighbor 2002:2:2::9 activate
exit-address-family
address-family ipv4 vrf ABC
no synchronization
redistribute ospf 100 vrf ABC
exit-address-family
no ip http server
mpls ldp router-id Loopback0
control-plane
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
line vty 0 4
login
end
######R9########
hostname R9
telnet vrf default ipv4 server max-servers 100
username student
group root-lr
secret 5 $1$FJX6$23S1vUlkI7nuRNSFMWR8N0
aaa authentication login default local
cdp
vrf ABC
address-family ipv4 unicast
import route-target
2:2
1002:2
export route-target
2:2
control-plane
management-plane
out-of-band
interface MgmtEth0/0/CPU0/0
allow Telnet
interface Loopback0
ipv4 address 2.2.0.9 255.255.255.255
ipv6 address 2002:2:2::9/128
interface MgmtEth0/0/CPU0/0
ipv4 address 10.0.8.129 255.255.255.0
interface GigabitEthernet0/2/1/0
description uplink SW4
interface GigabitEthernet0/2/1/1
description uplink R2, R5
interface GigabitEthernet0/2/1/1.29
description - VLAN 29 (R2)
ipv4 address 2.2.29.9 255.255.255.0
ipv6 address 2002:2:2:29::9/64
dot1q vlan 29
interface GigabitEthernet0/2/1/1.59
description - VLAN 59 (R5)
vrf ABC
ipv4 address 172.2.59.9 255.255.255.0
dot1q vlan 59
interface GigabitEthernet0/2/1/2
description uplink R6, R7
interface GigabitEthernet0/2/1/2.69
description - VLAN 69 (R6)
ipv4 address 2.2.69.9 255.255.255.0
ipv6 address 2002:2:2:69::9/64
dot1q vlan 69
interface GigabitEthernet0/2/1/2.79
description - VLAN 79 (R7)
ipv4 address 2.2.79.9 255.255.255.0
ipv6 address 2002:2:2:79::9/64
dot1q vlan 79
interface GigabitEthernet0/2/1/3
shutdown
interface GigabitEthernet0/2/1/4
shutdown
interface POS0/2/0/0
shutdown
interface POS0/2/0/1
shutdown
interface POS0/2/0/2
shutdown
interface POS0/2/0/3
shutdown
route-policy default_policy_pass_all
pass
end-policy
router static
address-family ipv4 unicast
2.2.69.6/32 GigabitEthernet0/2/1/2.69
router isis abc
is-type level-1
net 47.0002.0000.0000.0009.00
address-family ipv4 unicast
metric-style wide
interface Loopback0
address-family ipv4 unicast
address-family ipv6 unicast
interface GigabitEthernet0/2/1/1.29
address-family ipv4 unicast
address-family ipv6 unicast
interface GigabitEthernet0/2/1/2.79
address-family ipv4 unicast
address-family ipv6 unicast
router bgp 2
address-family ipv4 unicast
network 2.2.0.9/32
address-family vpnv4 unicast
address-family ipv6 unicast
network 2002:2:2::9/128
address-family vpnv6 unicast
neighbor 2.2.0.2
remote-as 2
update-source Loopback0
address-family ipv4 unicast
next-hop-self
address-family vpnv4 unicast
route-reflector-client
neighbor 2.2.0.7
remote-as 2
update-source Loopback0
address-family ipv4 unicast
next-hop-self
address-family vpnv4 unicast
route-reflector-client
next-hop-self
address-family ipv6 unicast
next-hop-self
address-family vpnv6 unicast
next-hop-self
neighbor 2.2.0.8
remote-as 2
update-source Loopback0
address-family ipv4 unicast
next-hop-self
address-family vpnv4 unicast
route-reflector-client
next-hop-self
neighbor 2.2.69.6
remote-as 1002
address-family ipv4 unicast
route-policy default_policy_pass_all in
route-policy default_policy_pass_all out
address-family vpnv4 unicast
route-policy default_policy_pass_all in
route-policy default_policy_pass_all out
neighbor 2002:2:2::7
remote-as 2
update-source Loopback0
address-family ipv6 unicast
next-hop-self
neighbor 2002:2:2:69::6
remote-as 1002
address-family ipv6 unicast
route-policy default_policy_pass_all in
route-policy default_policy_pass_all out
vrf ABC
rd 2:2
address-family ipv4 unicast
redistribute eigrp 100
mpls ldp
router-id 2.2.0.9
interface GigabitEthernet0/2/1/1.29
interface GigabitEthernet0/2/1/2.79
router eigrp 100
vrf ABC
address-family ipv4
default-metric 100000 10 250 1 1500
autonomous-system 100
redistribute bgp 2
interface GigabitEthernet0/2/0/1.59
interface GigabitEthernet0/2/1/1.59
end
######R8########
hostname R8
telnet vrf default ipv4 server max-servers 100
username student
group root-lr
secret 5 $1$Y39m$k.fAmjkI6OEFDmiIfSkGt1
aaa authentication login default local
cdp
vrf ABC
address-family ipv4 unicast
import route-target
2:2
1002:2
export route-target
2:2
control-plane
management-plane
out-of-band
interface MgmtEth0/0/CPU0/0
allow Telnet
interface Loopback0
ipv4 address 2.2.0.8 255.255.255.255
ipv6 address 2002:2:2::8/128
interface MgmtEth0/0/CPU0/0
ipv4 address 10.0.8.128 255.255.255.0
interface GigabitEthernet0/2/1/0
description uplink SW3
interface GigabitEthernet0/2/1/1
description uplink R3, R7
interface GigabitEthernet0/2/1/1.38
description - VLAN 38 (R3)
vrf ABC
ipv4 address 172.2.38.8 255.255.255.0
dot1q vlan 38
interface GigabitEthernet0/2/1/1.78
description - VLAN 78 (R7)
ipv4 address 2.2.78.8 255.255.255.0
ipv6 address 2002:2:2:78::8/64
dot1q vlan 78
interface GigabitEthernet0/2/1/2
description uplink R2, R15
interface GigabitEthernet0/2/1/2.28
description - VLAN 28 (R2)
ipv4 address 2.2.28.8 255.255.255.0
ipv6 address 2002:2:2:28::8/64
dot1q vlan 28
interface GigabitEthernet0/2/1/2.158
description - VLAN 158 (R15)
dot1q vlan 158
route-policy default_policy_pass_all
pass
end-policy
router isis abc
is-type level-1
net 47.0002.0000.0000.0008.00
address-family ipv4 unicast
metric-style wide
interface Loopback0
address-family ipv4 unicast
address-family ipv6 unicast
interface GigabitEthernet0/2/1/1.78
address-family ipv4 unicast
address-family ipv6 unicast
interface GigabitEthernet0/2/1/2.28
address-family ipv4 unicast
address-family ipv6 unicast
router bgp 2
address-family ipv4 unicast
network 2.2.0.8/32
address-family vpnv4 unicast
neighbor 2.2.0.9
remote-as 2
update-source Loopback0
address-family ipv4 unicast
next-hop-self
address-family vpnv4 unicast
vrf ABC
rd 2:2
address-family ipv4 unicast
network 172.2.38.0/24
allocate-label all
neighbor 172.2.38.3
remote-as 123
address-family ipv4 unicast
route-policy default_policy_pass_all in
route-policy default_policy_pass_all out
as-override
send-extended-community-ebgp
mpls ldp
router-id 2.2.0.8
interface GigabitEthernet0/2/1/1.78
interface GigabitEthernet0/2/1/2.28
end
RP/0/0/CPU0:R8#

Hello,
Can you check on XR that you have option of enabling metric-style wide under ipv6 address-family.I'm not sure but i suppose you will also need to configure metric-style wide under ipv6 address-family as you are using multi-topology .IOS default run single topology and XR run default multi-topology.only need to be sure that you are running same topology and metric-style same on all router,in transition process like from multi to single or changing metric-style you can use "metric-style transition" option..
Regards,
Ashish

How do you Redistribution EIGRP into OSPF and maintain a distance of 250 for a static route?

Ok, I have scoured the forums long enough and have to post. The design is below. I moved a firewall to our new data center, which required adding some static routes for VPN connections and broadband backups. To minimize the amount of static routes I redistribute static into EIGRP with a route-map and prefix-list.
My problem is the next part of my network. When the data leaves my 56128's it hits an edge device connecting to our dark fiber. On this edge device I am running OSPF onto the dark fiber, then redistribute some EIGRP subnets into OSPF and again all is well.
Everything works up until the point the redistributed routes hit my RIB at my main data center where I am running IBGP. IBPG is run between our MPLS router and core for all our remote sites. When my backup route from the 56128's hits the cores, it supersedes the BGP route because the AD route O E2 [110/20] is lower than the BGP AD B [200/0]. Given the configuration below what can be done to remedy this? Oh when I redistribute I can only change the AD for the backup routes, all other routes should stay the same.
56128's where my static routes are:
ip route 192.168.101.0/24 192.168.30.77 name firewall 250
router eigrp 65100
redistribute static route-map Static-To-Eigrp
route-map Static-To-Eigrp permit 10
match ip address prefix-list Static2Eigrp
ip prefix-list Static2Eigrp seq 2 permit 192.168.101.0/24
Edge device:
router eigrp 65100
network 172.18.0.5 0.0.0.0
network 172.18.0.32 0.0.0.3
network 172.18.0.36 0.0.0.3
redistribute ospf 65100 metric 2000000 0 255 1 1500
redistribute static metric 200000 0 255 1 1500 route-map STATICS_INTO_EIGRP
passive-interface default
no passive-interface Port-channel11
no passive-interface Port-channel12
eigrp router-id 172.18.0.5
router ospf 65100
router-id 172.18.0.5
log-adjacency-changes
redistribute eigrp 65100 subnets route-map EIGRP_INTO_OSPF
passive-interface default
no passive-interface GigabitEthernet1/0/1
no passive-interface GigabitEthernet1/0/2
no passive-interface GigabitEthernet2/0/1
no passive-interface GigabitEthernet2/0/2
network 172.18.0.0 0.0.255.255 area 0
ip prefix-list EIGRP_INTO_OSPF seq 5 permit 172.18.0.0/16 le 32
ip prefix-list EIGRP_INTO_OSPF seq 10 permit 192.168.94.0/29 le 32
ip prefix-list EIGRP_INTO_OSPF seq 15 permit 192.168.26.32/29 le 32
ip prefix-list EIGRP_INTO_OSPF seq 20 permit 192.168.30.72/29 le 32
ip prefix-list EIGRP_INTO_OSPF seq 25 permit 192.168.20.128/25 le 32
ip prefix-list EIGRP_INTO_OSPF seq 26 permit 192.168.101.0/24 le 32 <- Backup Route for MPLS Remote Office
route-map EIGRP_INTO_OSPF permit 10
match ip address prefix-list EIGRP_INTO_OSPF

So in the case of a /24. If it were say broken up into /25's? From our remote sites we are using aggregate-address summary-only. Not sure how I would advertise a more specific route via BGP, sorry.
I didnt have this problem until I moved my firewalls. They plugged into the cores where IBGP was running and the static never kicked in unless the bgp route disappeared. I guess I could use my static redistribution for my VPN sites and use statics across the cores for the handful of backup links I have.

BGP4 Session Goes Down receiving FULL Routers from providers

BGP4 Session Goes Down receiving FULL Routers from providers
CONF
router bgp 22999
no synchronization
bgp log-neighbor-changes
bgp maxas-limit 254
network 196.12.173.0
aggregate-address 196.12.173.0 255.255.255.0 summary-only
neighbor 64.247.171.17 remote-as 11992
neighbor 64.247.171.17 version 4
neighbor 64.247.171.17 soft-reconfiguration inbound
neighbor 64.247.171.17 distribute-list ramallo_in in
neighbor 64.247.171.17 distribute-list ramallo_out out
neighbor 196.12.168.202 remote-as 11367
neighbor 196.12.168.202 ebgp-multihop 2
neighbor 196.12.168.202 version 4
neighbor 196.12.168.202 next-hop-self
neighbor 196.12.168.202 soft-reconfiguration inbound
neighbor 196.12.168.202 distribute-list ramallo_out out
SHOW VERSION
Router# show ver
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M3, REL
EASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Sun 18-Jul-10 03:32 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M9, RELEASE SOFTWARE (fc1)
Router uptime is 1 week, 10 hours, 11 minutes
System returned to ROM by power-on
System image file is "flash0:c2900-universalk9-mz.SPA.150-1.M3.bin"
Last reload type: Normal Reload
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco CISCO2911/K9 (revision 1.0) with 483328K/40960K bytes of memory.
Processor board ID FTX1445A1W4
3 Gigabit Ethernet interfaces
2 Serial interfaces
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)
SHOW LOG
*Sep 21 21:58:09.107: %BGP-3-NOTIFICATION: sent to neighbor 196.12.168.202 3/1 (
update malformed) 0 bytes
*Sep 21 21:58:09.107: %BGP-4-MSGDUMP: unsupported or mal-formatted message recei
ved from 196.12.168.202:
FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 00BB 0200 0000 2440 0101 0040 0216 0205
0000 2C67 0000 392E 0000 329C 0000 4BE5 0000 6D21 4003 04C4 0CA8 CA18 BE61 8B18
BE61 9818 BE61 9118 BE61 8F18 BE61 8318 BE61 9F18 BE61 9718 BE61 9618 BE61 9918
BE61 9E18 BE61 9C18 BE61 9B18 BE61 9D18 BE61 8C18 BE61 8118 BE61 9318 BE61 8E18
BE61 9418 BE61 9518 BE61 9A18 BE61 8218 BE61 8D18 BE61 9218 BE61 8918 BE61 8618
BE61 8518 BE61 8818 BE61 8A18 BE61 8718 BE61 8418 BE61 8018 BE61 90
*Sep 21 21:58:09.107: %BGP-4-BGP_OUT_OF_MEMORY: BGP resetting because of memory
exhaustion.
*Sep 21 21:58:19.895: %BGP-5-ADJCHANGE: neighbor 64.247.171.17 Down No memory
*Sep 21 21:58:19.895: %BGP_SESSION-5-ADJCHANGE: neighbor 64.247.171.17 IPv4 Unic
ast topology base removed from session No memory
*Sep 21 21:58:19.895: %BGP_SESSION-5-ADJCHANGE: neighbor 196.12.168.202 IPv4 Uni
cast topology base removed from session BGP Notification sent
*Sep 21 21:58:28.707: %BGP-5-ADJCHANGE: neighbor 64.247.171.17 Up
*Sep 21 21:58:31.267: %BGP-5-ADJCHANGE: neighbor 196.12.168.202 Up
*Sep 21 21:58:35.607: %SYS-5-CONFIG_I: Configured from console by vty0 (196.12.1
73.25)
*Sep 21 22:02:35.387: %SYS-2-MALLOCFAIL: Memory allocation of 65536 bytes failed
from 0x2342E9A8, alignment 0
Pool: Processor Free: 125144 Cause: Memory fragmentation
Alternate Pool: None Free: 0 Cause: No Alternate pool
-Process= "BGP Router", ipl= 0, pid= 239, -Traceback= 0x2340604Cz 0x23423490z
0x21AF2D38z 0x21AA5C80z 0x21AA5FB0z 0x21B63554z 0x21B63E58z 0x21AC7844z 0x21AC7D
04z 0x21AC83A8z
*Sep 21 22:02:35.387: %BGP-5-ADJCHANGE: neighbor 196.12.168.202 Down BGP Notific
ation sent
*Sep 21 22:02:35.387: %BGP-3-NOTIFICATION: sent to neighbor 196.12.168.202 3/1 (
update malformed) 0 bytes
*Sep 21 22:02:35.387: %BGP-4-MSGDUMP: unsupported or mal-formatted message recei
ved from 196.12.168.202:
FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 0061 0200 0000 3240 0101 0040 0216 0205
0000 2C67 0000 392E 0000 329C 0000 6D52 0000 1B89 4003 04C4 0CA8 CA40 0600 C007
0800 001B 89C8 3BC4 C618 C83D 1018 C83D 1A18 C83B 3C18 C829 D618 BA00 D417 BA00
D0
*Sep 21 22:02:35.387: %BGP-4-BGP_OUT_OF_MEMORY: BGP resetting because of memory
exhaustion.
*Sep 21 22:02:46.379: %BGP-5-ADJCHANGE: neighbor 64.247.171.17 Down No memory
*Sep 21 22:02:46.379: %BGP_SESSION-5-ADJCHANGE: neighbor 64.247.171.17 IPv4 Unic
ast topology base removed from session No memory
*Sep 21 22:02:46.379: %BGP_SESSION-5-ADJCHANGE: neighbor 196.12.168.202 IPv4 Uni
cast topology base removed from session BGP Notification sent
*Sep 21 22:03:00.319: %BGP-5-ADJCHANGE: neighbor 196.12.168.202 Up
*Sep 21 22:03:01.347: %BGP-5-ADJCHANGE: neighbor 64.247.171.17 Up
Router#
Any ideas?

I have CISCO ASR 1002-X with 4 GB Memory. i have the same problem
BGP Session goes down.
here is the log
*Feb 25 06:03:06.571: %BGP-4-BGP_OUT_OF_MEMORY: BGP resetting because of memory exhaustion.
*Feb 25 06:03:07.968: %COMMON_FIB-4-DISABLING: IPv4 CEF is being disabled due to a fatal error.
*Feb 25 06:03:10.107: %BGP-5-ADJCHANGE: neighbor X.X.X.X Down No memory
*Feb 25 06:03:10.107: %BGP_SESSION-5-ADJCHANGE: neighbor X.X.X.X IPv4 Unicast topology base removed from session No memory
*Feb 25 06:03:10.107: %BGP-5-ADJCHANGE: neighbor X.X.X.X Down No memory
*Feb 25 06:03:10.107: %BGP_SESSION-5-ADJCHANGE: neighbor X.X.X.X IPv4 Unicast topology base removed from session No memory
*Feb 25 06:03:10.107: %BGP-5-ADJCHANGE: neighbor X.X.X.X Down No memory
*Feb 25 06:03:10.107: %BGP_SESSION-5-ADJCHANGE: neighbor X.X.X.X IPv4 Unicast topology base removed from session No memory
*Feb 25 06:04:22.732: %FIB-2-FIBDOWN: CEF has been disabled due to a low memory condition. It can be re-enabled by configuring "ip cef [distributed]"

How do you keep aggr permanent across reboots on Sol 10?

How can I keep my aggr permanent across the reboot?? The steps in the manual don't work for my system. It is the 1/06 build and the latest patch cluster has been added. (Kernel 118833-36)
I created an aggr with bge1 and bge2 and enabled LACP on the NICs
#dladm show-link
bge0 type:non-vlan mtu:1500 device:bge0
bge1 type:non-vlan mtu:1500 device:bge1
bge2 type:non-vlan mtu:1500 device:bge2
bge3 type:non-vlan mtu:1500 device:bge3
#dladm create-aggr -d bge1 -d bge2 -l active 1
#dladm show-aggr
key: 1 (0x0001) policy: L4 address: 0:3:ba:f8:13:aa (auto)
device address speed duplex link state
bge1 0:3:ba:f8:13:aa 0 Mbps unknown down standby
bge2 0:3:ba:f8:13:ab 0 Mbps unknown down standby
#ifconfig aggr1 plumb 192.168.30.110 up
#ifconfig �a
lo0
bge0: flags=1000843<UP, BROADCAST, RUNNING, MULTICAST, IPv4> mtu 1500 index 2
inet 192.168.30.253 netmask ffffff00 broadcast 192.168.30.255
ether 0:3:ba:f8:13:a9
aggr1: flags=1000843<UP, BROADCAST, RUNNING, MULTICAST, IPv4> mtu 1500 index 3
inet 192.168.30.110 netmask ffffff00 broadcast 192.168.30.255
ether 0:3:ba:f8:13:aa
#vi /etc/hostname.aggr1
192.168.30.110
I rebooted and I am getting a �aggr1 failed to plumb�
I tried to
#ifconfig aggr1 plumb 192.168.30.110 up
and get �ifconfig: plumb aggr1: Invalid argument
I tried
#dladm show-aggr
and get nothing returned
I tried
#dladm create-aggr �d bge1 �d bge2 1
and get �dladm: create operation failed: File exists�
So I have to do a
#dladm delete-aggr 1
so I can create a new one and start the whole process over again.

Thanks to smorris@
bug 6369648 (link aggregation interfaces missing after reboot).
This has been resolved in patch 120990-02 (SunOS 5.10: net-physical
Patch)
I applied the patch and put the aggregate address in the file, /etc/hostname.aggr1 and it remained across reboots.

BGP decision algorithm - help needed - stumped

Hello gurus! hoping for a BGP expert to chime in here. Im studying for my CCIE, and there is something in Jeff Doyle's Routing TCP/IP vol2 book that I just cant seem to figure out and its really stalling my understanding of the BGP path selection algorithm.
Its on pg 195, example 3-57, attached as an image in this post (Ive also attached the network diagram that this output refers to). Basically its an output of "show ip bgp" and whats stumping me is simply: for the aggregate route 192.168.192.0/21, why has this router selected as best (>) the one via next hop 192.168.1.254?? I would have thought based on the presence of the LocalPref = 100 on the 192.168.1.237 route that would have been selected. But apparently not! Heres a walk through of the path selection logic as i understand it:
1/WEIGHT: both 0, so skipped.
2/LOCAL_PREF: this is my problem, .237 should win, but ignoring for now...
3/ORIGINATED LOCALLY: neither are they are learnt from BGP peers, so skipping.
4/AS_PATH: both identical, AS100 only, so skipping
5/ORIGIN CODE: both are 'i' (IGP), both were created from "aggregate-address" statements on their originating routers downstream in AS100
6/MED: both empty, so skipping
7/PREFER [eBGP] over [confedBGP] over iBGP: so the .254 route apparently wins on this condition... which in isolation, i agree with (clearly the eBGP .254 route is better than the .237 iBGP candidate).
.... however what about step 2/LOCAL_PREF!?
looking forward to some expert guidance here to help me squash this one :)
thank in advance,
Keiran

Hello,
Keiran are you talking about "Orgin" attribute or ORIGINATED LOCALLY as this attribute i am not able to find it...that attribute anywhere:
http://netcerts.net/bgp-path-attributes-and-the-decision-process/
Path Attributes:
Attribute
Class
ORIGIN
Well-know mandatory
AS_PATH
Well-know mandatory
NEXT_HOP
Well-know mandatory
LOCAL_PREF
Well-know discretionary
ATOMIC_AGGREGATE
Well-know discretionary
AGGREGATOR
Optional transitive
COMMUNITY
Optional transitive
MULTI_EXIT_DISC (MED)
Optional nontransitive
ORGINATOR_ID
Optional nontransitive
ORGINATOR_ID
Optional nontransitive
CLUSTER_LIST
Optional nontransitive
Also there is similar question on learning forums:
https://learningnetwork.cisco.com/thread/36845
From the forum:
"Locally Originated means that the local router is the one that generated the route with either a network statement, and aggregate statement, redistribution, or conditional route injection. It's not an attribute that is included in the UPDATE messge, instead it's just used by the local process as part of the path selection, where the router will prefer its own locally originated routes over someone else's origination of the same prefix."
Hopefully this will help.
BTW i am reading same book and too bad Mr. Doyle did not include full configs for all routers, as i am trying to simulate his scenarios sometimes it is not working as in his book, now i have issue on next page 197 why Orgin IGP is not taking precedence over Incomplete even if one is learned via EBGP and other over iBGP...driving me nuts.
Regards,
Lukasz

Partitioned-MDT MP2MP with BGP-AD/mLDP in XR 4.3

I've been working on trying to get LSM working between a couple of A9Ks to support a SSM based IPTV application.
After ingesting a bunch of content on the subject, I think what I want is Partitioned MDT, MP2MP with BGP-AD/mLDP (PIM-free core). I'm wondering if anyone has any links to working configuration examples for this type of MVPN or some good troubleshooting guides for this type of MVPN specifically.
The XR 4.3 configuration guide seems to provide either a broken or an incomplete example, so what I've managed to work out from it, doesn't seem to work.
By 'doesn't seem to work', I mean I have a SSM based join-group configured on a CE with a PIM adjacency to XR PE1. XR PE1 sees the (S,G) from the CE, but the adjacent XR PE2 (config below) doesn't see it.
Thanks in advance for any pointers.
interface Loopback0
ipv4 address 72.15.48.4 255.255.255.255
interface Loopback2022
vrf tv
ipv4 address 172.16.0.32 255.255.255.255
interface TenGigE0/0/0/15
description Facing Source
vrf tv
ipv4 address 172.16.1.1 255.255.255.0
interface TenGigE0/0/0/0
description Facing Core
cdp
mtu 9216
ipv4 address 72.15.49.80 255.255.255.254
carrier-delay up 0 down 0
dampening
router bgp 21949
address-family ipv4 unicast
address-family vpnv4 unicast
address-family ipv4 mvpn
neighbor-group P-MVPN
remote-as 21949
update-source Loopback0
address-family vpnv4 unicast
address-family vpnv6 unicast
address-family ipv4 mvpn
neighbor 72.15.48.10
use neighbor-group P-MVPN
vrf tv
rd 21949:2022
address-family ipv4 unicast
redistribute connected route-policy SOURCE--INTERNAL-CONNECTED
redistribute static route-policy SOURCE--INTERNAL-STATIC
address-family ipv4 mvpn
multicast-routing
address-family ipv4
interface TenGigE0/0/0/0
enable
nsf
mdt source Loopback0
rate-per-route
accounting per-prefix
vrf tv
address-family ipv4
mdt source Loopback2022
mdt partitioned mldp ipv4 mp2mp
rate-per-route
interface all enable
bgp auto-discovery mldp
accounting per-prefix
mpls ldp
router-id Loopback0
graceful-restart
session protection
log
neighbor
graceful-restart
session-protection
mldp
logging notifications
interface TenGigE0/0/0/0
router pim
vrf tv
address-family ipv4
rpf topology route-policy MLDP-TV
interface TenGigE0/0/0/15
enable
route-policy MLDP-TV
set core-tree mldp-partitioned-mp2mp
end-policy

Hi Jason,
As we have worked on this already. The resolution of this issue is by putting Loopback0 under multicast-routing.
multicast-routing
address-family ipv4
interface TenGigE0/0/0/0
enable
interface loopback 0
enable
Thanks,
Rivalino

BGP decision algorithm nitty-gritty (relationship of locally originated routes to weight attribute)

Hello everyone, i have a question on this algorithm. Specifically the relationship between (cisco specific) WEIGHT which is right at the top of the path selection algorithm.... and routes that are ORIGINATED_LOCALLY (3rd one down, after weight and local_pref).
Heres the relevant steps of the decision tree:
1/WEIGHT (highest wins)
2/LOCAL_PREF (highest wins)
3/ORIGINATED LOCALLY (prefer locally originated over peer learnt)
Whats confusing to me is that Jeff's book tells us that if a prefix is ORIGINATED_LOCALLY (ie entered into BGP on that same router - either by a network/aggregate-address statement, or from redistribution) then its WEIGHT will also be set to 32768 (as opposed to a BGP peer learnt route whose WEIGHT is set to 0). I understand this.
My question is why??? Seems to me that if this is the case there is little purpose of having ORIGINATED_LOCALLY in the decision tree at all, as the logic will never get there on account of the the propagation of its value into (the higher up) WEIGHT decision. This also in turn means that ORIGINATED_LOCALLY has the power to override the attribute LOCAL_PREF.... so couldn't this whole logic be simplified to be:
1/WEIGHT or ORIGINATED LOCALLY
2/LOCAL_PREF (highest wins)
This very thing has confused another user on another post too, that user writes: "I tried thinking of an example where "ORIGINATED LOCALLY" works but weight doesn't, but couldn't think of any."
looking forward to the thoughts of this community.
Thanks in advance, Keiran.
PS> perhaps the attached diagram will help visualise this.

Thanks for your reply shaikhkamran123, i hadn't considered the multivendor environment (where cisco specific concept of 'weight' would be irrelevant to those routers), so yes their decision would start with:
1) Local Preference
2) Locally originated
as opposed to cisco
1/WEIGHT (highest wins)
2/LOCAL_PREF (highest wins)
3/ORIGINATED LOCALLY (prefer locally originated over peer learnt)
but it still doesn't really explain why cisco chose to alter their inbuilt weight based on if a route was locally originated. This alters the logic of the above decision algorithm: ie if its locally originated, it will set a high weight (32768), which will be preferred.... and heres the main thing *BEFORE* local_pref is even looked at. So in other words decision criteria#3, gets merged into #1, skipping ahead of #2. Am i going crazy here??
thanks in advance all...
K.

BGP As-set

Hi all,
My topology is very simple
R1 ------------------------- R2 ------------------------R3 -------------------------- R4
R1 is advertising 3 subnets. 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24. All routers are in separate AS (1,2,3,4 respectively). Performing aggregation on R3
R3
router bgp 3
aggregate-address 192.168.0.0 255.255.0.0 summary-only
on R4
R4#show ip bgp 192.168.0.0 255.255.0.0
BGP routing table entry for 192.168.0.0/16, version 39
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
Not advertised to any peer
3, (aggregated by 3 3.3.3.3)
    10.1.34.3 from 10.1.34.3 (3.3.3.3)
      Origin IGP, metric 0, localpref 100, valid, external, atomic-aggregate, best
Now on R3 if i use the keyword as-set, it removes the bolded atomic-aggregate, like below
R3
aggregate-address 192.168.0.0 255.255.0.0 as-set summary-only
on R4
BGP routing table entry for 192.168.0.0/16, version 40
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
Not advertised to any peer
3 2 1, (aggregated by 3 3.3.3.3)
    10.1.34.3 from 10.1.34.3 (3.3.3.3)
      Origin IGP, metric 0, localpref 100, valid, external, best (its gone)
R4#
Is this normal behavior ?

Yes it is. Seeing the atomic-aggregate indicates to the receiving router that there are more AS's behind the one that's advertised it. If you'll notice that R3 has set itself as the only AS in the path and advertised that to R4. R4 sees it, but it only knows about R3. When you set as-set on the summary, it tells R3 to not aggregate all AS'es behind it, but instead pass the complete as-path to the upstream neighbor.
R4#show ip bgp 192.168.0.0 255.255.0.0
BGP routing table entry for 192.168.0.0/16, version 39
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
Not advertised to any peer
3, (aggregated by 3 3.3.3.3)
    10.1.34.3 from 10.1.34.3 (3.3.3.3)
      Origin IGP, metric 0, localpref 100, valid, external, atomic-aggregate, best
R3
aggregate-address 192.168.0.0 255.255.0.0 as-set summary-only
on R4
BGP routing table entry for 192.168.0.0/16, version 40
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
Not advertised to any peer
3 2 1, (aggregated by 3 3.3.3.3)
    10.1.34.3 from 10.1.34.3 (3.3.3.3)
      Origin IGP, metric 0, localpref 100, valid, external, best (its gone)
R4#
HTH,
John
*** Please rate all useful posts ***

L3VPN on Cisco ASR9001 IOS XF 4.3.1 (PE router)

Hi all,
I need to know if this configuration is correct on Cisco ASR 9001 to have L3VPN.
This CISCO should be a PE router (other PE router is in another Autonomous System).
RP/0/RSP0/CPU0:ASR9001-2#sh running-config
Mon Oct 6 06:11:16.434 UTC
Building configuration...
!! IOS XR Configuration 4.3.1
!! Last configuration change at Sun Oct 5 08:23:50 2014 by admin
hostname ASR9001-2
telnet vrf default ipv4 server max-servers 100
ptp
clock
domain 1
profile 1
multicast
transport ethernet
port state slave-only
clock operation two-step
profile 2
transport ethernet
vrf vpnv4
address-family ipv4 unicast
import route-target
   65000:111
   65001:111
export route-target
   65000:111
interface Loopback0
ipv4 address 10.85.0.67 255.255.255.255
interface Loopback1
vrf vpnv4
ipv4 address 2.2.2.2 255.255.255.255
interface MgmtEth0/RSP0/CPU0/0
shutdown
interface MgmtEth0/RSP0/CPU0/1
ipv4 address 10.44.107.35 255.255.255.128
interface GigabitEthernet0/0/0/0
shutdown
interface GigabitEthernet0/0/0/1
ptp
profile 2
shutdown
interface GigabitEthernet0/0/0/2
shutdown
interface GigabitEthernet0/0/0/3
shutdown
interface GigabitEthernet0/0/0/4
shutdown
interface GigabitEthernet0/0/0/5
shutdown
interface GigabitEthernet0/0/0/6
shutdown
interface GigabitEthernet0/0/0/7
shutdown
interface GigabitEthernet0/0/0/8
shutdown
interface GigabitEthernet0/0/0/9
shutdown
interface GigabitEthernet0/0/0/10
shutdown
interface GigabitEthernet0/0/0/11
shutdown
interface GigabitEthernet0/0/0/12
shutdown
interface GigabitEthernet0/0/0/13
shutdown
interface GigabitEthernet0/0/0/14
shutdown
interface GigabitEthernet0/0/0/15
shutdown
interface GigabitEthernet0/0/0/16
shutdown
interface GigabitEthernet0/0/0/17
shutdown
interface GigabitEthernet0/0/0/18
shutdown
interface GigabitEthernet0/0/0/19
shutdown
interface TenGigE0/0/1/0
mtu 9216
shutdown
interface TenGigE0/0/1/1
mtu 9000
ptp
profile p1
ipv4 address 10.85.52.5 255.255.255.252
interface TenGigE0/0/1/2
shutdown
interface TenGigE0/0/1/3
mtu 9000
ipv4 address 10.85.52.1 255.255.255.252
interface TenGigE0/0/2/0
shutdown
interface TenGigE0/0/2/1
shutdown
interface TenGigE0/0/2/2
shutdown
interface TenGigE0/0/2/3
shutdown
router static
address-family ipv4 unicast
10.40.0.0/14 10.44.107.1
141.0.0.0/8 10.44.107.1
router ospf 1
router-id 10.85.0.67
mpls ldp sync
mpls ldp auto-config
area 0.0.0.0
mtu-ignore enable
interface Loopback0
   passive enable
interface TenGigE0/0/1/1
interface TenGigE0/0/1/3
router bgp 65000
bgp router-id 10.85.0.67
address-family ipv4 unicast
network 10.85.0.67/32
address-family vpnv4 unicast
neighbor 10.85.0.71
remote-as 65000
update-source Loopback0
address-family ipv4 unicast
address-family vpnv4 unicast
neighbor 10.85.0.72
remote-as 65000
update-source Loopback0
address-family ipv4 unicast
address-family vpnv4 unicast
vrf vpnv4
rd 10.85.0.67:111
address-family ipv4 unicast
   redistribute connected
   redistribute static
mpls ldp
router-id 10.85.0.67
interface TenGigE0/0/1/1
interface TenGigE0/0/1/3
ssh server v2
ssh server session-limit 100
end

"New pin mode is not supported if you are using the RSA native protocol."
I am very aware of this.
"Use the Radius protocol on the RSA Authentication Manager for features like New pin , next token mode etc."
I am also very aware of this too.
However, I do not want to use radius on the
RSA Authentication Manager. I want to use
tacacs+ in the ACS but off-load the
authentication database piece to RSA. I
want to use tacacs because I want to have
separations between Authentication and
Authorization, which is not possible with
radius.
From the router's perspective, it does not
know anything about RSA, it only knows ACS.
Are you saying that even though ACS passes the
credentials to RSA, it is still RSA native
protocol? i.e. udp port 5500?
Thanks.

VPNv4 aggregate address

Similar Messages

Maybe you are looking for