L3VPN MPLS - Internal BGP between CE - PE
Dear Members, We are ISP which use the same autonomous system to hold External BGP sessions and for implementing L3VPN MPLS ( as internal BGP ) We have a internal office router that receives a "default route" via IBGP from our border router. I'll try to briefly explain the problem: This internal router named (CE) keeps IBGP session with PE router in VRF "def". CE ( GlobalTable ) - PE ( vrf "DEF" ) The aim is "default route" IBGP received from the the ISP provider to be redistributed to PE in all vrf "DEF" After establishing the session we observe that actualy that "default route" is propagating successful in whole vrf "DEF" but MPLS does not set label of this route and the traffic is blackholed. When using another protocol as OSPF and EIGRP everything is OK. We opened case in Cisco TAC and they explaned that IOS official is not support IBGP between PE and CE. Only EBGP. I would like to know if any of you had similar problem and if there is any workaround in Cisco platform. I see for example Juniper has special commands for resolving this problem. Thanks in advance! Best~ Javor Kliachev
What is the next hop of the route? There should be an IGP route for the next hop in the iBGP default. It should have a label or LSP attached to it. How was the default generated? Does it come from a provider? If so you may have to set next hop self on the router that receives the default. Your provider's PE router IP won't be in your IGP by default and hence won't be known to your label protocol. 2012/5/8 Javor Kliachev <jkliachev@neterra.net>:
Dear Members,
We are ISP which use the same autonomous system to hold External BGP sessions and for implementing L3VPN MPLS ( as internal BGP )
We have a internal office router that receives a "default route" via IBGP from our border router.
I'll try to briefly explain the problem:
This internal router named (CE) keeps IBGP session with PE router in VRF "def".
CE ( GlobalTable ) - PE ( vrf "DEF" )
The aim is "default route" IBGP received from the the ISP provider to be redistributed to PE in all vrf "DEF"
After establishing the session we observe that actualy that "default route" is propagating successful in whole vrf "DEF" but MPLS does not set label of this route and the traffic is blackholed.
When using another protocol as OSPF and EIGRP everything is OK.
We opened case in Cisco TAC and they explaned that IOS official is not support IBGP between PE and CE. Only EBGP.
I would like to know if any of you had similar problem and if there is any workaround in Cisco platform. I see for example Juniper has special commands for resolving this problem.
Thanks in advance!
Best~ Javor Kliachev
Look at the route to 87.121.83.25. It looks like that's the address of your provider's PE router. It is most likely not in your IGP and hence does not have a FEC. You should set next-hop self on the router that peers with your ISP. Also, I might be missing something but I don't usually set next-hop self using a route map. I usually just use the update source and next-hop-self options direct under BGP. 2012/5/8 Javor Kliachev <jkliachev@neterra.net>
Dear Keegan,
Thank you for your advice!
Here is the output of my configuration and applied debug commands:
#### PE router config:
The session bellow is between PE and CE:
router bgp 34224 ! address-family ipv4 vrf DEF redistribute connected redistribute static neighbor 10.18.7.1 remote-as 34224 neighbor 10.18.7.1 description to_echo-sdc_CE neighbor 10.18.7.1 activate neighbor 10.18.7.1 send-community both neighbor 10.18.7.1 prefix-list Permit_Default in neighbor 10.18.7.1 route-map NEXT-HOP-SELF in neighbor 10.18.7.1 route-map NEXT-HOP-SELF out no synchronization exit-address-family end
*Hotel-st_PE#*show route-map NEXT-HOP-SELF route-map NEXT-HOP-SELF, permit, sequence 10 Match clauses: Set clauses: ip next-hop peer-address Policy routing matches: 0 packets, 0 bytes
*Hotel-st_PE*#show ip bgp vpnv4 vrf DEF summary Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.18.7.1 4 34224 85 38 894079 0 0 00:00:02 1
*Hotel-st_PE*#show ip bgp vpnv4 vrf DEF neighbors 10.18.7.1 routes
Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 34224:151 (default for vrf DEF) *>i0.0.0.0 10.18.7.1 0 120 0 i
*Hotel-st_PE*#show ip route vrf DEF
23.0.0.0/32 is subnetted, 1 subnets S 23.23.23.23 [1/0] via 10.18.7.1 24.0.0.0/32 is subnetted, 1 subnets C 24.24.24.24 is directly connected, Loopback30 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks B 10.100.187.1/32 [200/0] via 10.1.7.253, 00:16:16 C 10.18.7.0/29 is directly connected, Vlan187 B* 0.0.0.0/0 [200/0] via 10.18.7.1, 00:08:40
#### Bravo-plv is other test PE router which should receive and use "default route"
*bravo-plv_PE*#show ip route vrf DEF
23.0.0.0/32 is subnetted, 1 subnets B 23.23.23.23 [200/0] via 10.1.1.253, 1w5d 24.0.0.0/32 is subnetted, 1 subnets B 24.24.24.24 [200/0] via 10.1.1.253, 2w0d 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.100.187.1/32 is directly connected, Loopback100 B 10.18.7.0/29 [200/0] via 10.1.1.253, 1w6d B* 0.0.0.0/0 [200/0] via 10.18.7.1, 00:02:37
### this ping is OK because 10.18.7.0/29 is connected on the PE router.
*bravo-plv_PE*#ping vrf DEF 10.18.7.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.18.7.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
### 212.73.140.140.190 isn't in routing table. It is direct connected network on interface on CE and passing via "default route"
*bravo-plv_PE*#ping vrf DEF 212.73.140.190
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 212.73.140.190, timeout is 2 seconds: ..... Success rate is 0 percent (0/5)
This is very strange:
------------------------------------------------------------------------------------------------- ## this output showing that the router not set MPLS label for 0.0.0.0/0
Only for static and the connected networks.
*bravo-plv_PE**#*show ip cef vrf DEF 10.18.7.0/29 10.18.7.0/29 nexthop 10.1.7.1 Vlan15 label 76 43
*bravo-plv_PE**#*show ip cef vrf DEF 0.0.0.0/0 0.0.0.0/0 recursive via 87.121.83.25 unusable: no label
-------------------------------------------------------------------------------------------------
Best~
On 05/08/2012 01:29 PM, Keegan Holley wrote:
What is the next hop of the route? There should be an IGP route for the next hop in the iBGP default. It should have a label or LSP attached to it. How was the default generated? Does it come from a provider? If so you may have to set next hop self on the router that receives the default. Your provider's PE router IP won't be in your IGP by default and hence won't be known to your label protocol.
2012/5/8 Javor Kliachev <jkliachev@neterra.net> <jkliachev@neterra.net>:
Dear Members,
We are ISP which use the same autonomous system to hold External BGP sessions and for implementing L3VPN MPLS ( as internal BGP )
We have a internal office router that receives a "default route" via IBGP from our border router.
I'll try to briefly explain the problem:
This internal router named (CE) keeps IBGP session with PE router in VRF "def".
CE ( GlobalTable ) - PE ( vrf "DEF" )
The aim is "default route" IBGP received from the the ISP provider to be redistributed to PE in all vrf "DEF"
After establishing the session we observe that actualy that "default route" is propagating successful in whole vrf "DEF" but MPLS does not set label of this route and the traffic is blackholed.
When using another protocol as OSPF and EIGRP everything is OK.
We opened case in Cisco TAC and they explaned that IOS official is not support IBGP between PE and CE. Only EBGP.
I would like to know if any of you had similar problem and if there is any workaround in Cisco platform. I see for example Juniper has special commands for resolving this problem.
Thanks in advance!
Best~ Javor Kliachev
-- --- *Javor Kliachev* IP engineer
Neterra Ltd. Telephone: +359 2 975 16 16 Fax: +359 2 975 34 36 Mobile: +359 885 988 495 www.neterra.net
Dear Keegan, Thank you for your advice! Here is the output of my configuration and applied debug commands: # PE router config: The session bellow is between PE and CE: router bgp 34224 ! address-family ipv4 vrf DEF redistribute connected redistribute static neighbor 10.18.7.1 remote-as 34224 neighbor 10.18.7.1 description to_echo-sdc_CE neighbor 10.18.7.1 activate neighbor 10.18.7.1 send-community both neighbor 10.18.7.1 prefix-list Permit_Default in neighbor 10.18.7.1 route-map NEXT-HOP-SELF in neighbor 10.18.7.1 route-map NEXT-HOP-SELF out no synchronization exit-address-family end Hotel-st_PE#show route-map NEXT-HOP-SELF route-map NEXT-HOP-SELF, permit, sequence 10 Match clauses: Set clauses: ip next-hop peer-address Policy routing matches: 0 packets, 0 bytes Hotel-st_PE#show ip bgp vpnv4 vrf DEF summary Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.18.7.1 4 34224 85 38 894079 0 0 00:00:02 1 Hotel-st_PE#show ip bgp vpnv4 vrf DEF neighbors 10.18.7.1 routes Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 34224:151 (default for vrf DEF) *>i0.0.0.0 10.18.7.1 0 120 0 i Hotel-st_PE#show ip route vrf DEF 23.0.0.0/32 is subnetted, 1 subnets S 23.23.23.23 [1/0] via 10.18.7.1 24.0.0.0/32 is subnetted, 1 subnets C 24.24.24.24 is directly connected, Loopback30 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks B 10.100.187.1/32 [200/0] via 10.1.7.253, 00:16:16 C 10.18.7.0/29 is directly connected, Vlan187 B* 0.0.0.0/0 [200/0] via 10.18.7.1, 00:08:40 #### Bravo-plv is other test PE router which should receive and use "default route" bravo-plv_PE#show ip route vrf DEF 23.0.0.0/32 is subnetted, 1 subnets B 23.23.23.23 [200/0] via 10.1.1.253, 1w5d 24.0.0.0/32 is subnetted, 1 subnets B 24.24.24.24 [200/0] via 10.1.1.253, 2w0d 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.100.187.1/32 is directly connected, Loopback100 B 10.18.7.0/29 [200/0] via 10.1.1.253, 1w6d B* 0.0.0.0/0 [200/0] via 10.18.7.1, 00:02:37 ### this ping is OK because 10.18.7.0/29 is connected on the PE router. bravo-plv_PE#ping vrf DEF 10.18.7.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.18.7.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms ### 212.73.140.140.190 isn't in routing table. It is direct connected network on interface on CE and passing via "default route" bravo-plv_PE#ping vrf DEF 212.73.140.190 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 212.73.140.190, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) This is very strange: ------------------------------------------------------------------------------------------------- ## this output showing that the router not set MPLS label for 0.0.0.0/0 Only for static and the connected networks. bravo-plv_PE#show ip cef vrf DEF 10.18.7.0/29 10.18.7.0/29 nexthop 10.1.7.1 Vlan15 label 76 43 bravo-plv_PE#show ip cef vrf DEF 0.0.0.0/0 0.0.0.0/0 recursive via 87.121.83.25 unusable: no label ------------------------------------------------------------------------------------------------- Best~ -- --- *Javor Kliachev* IP engineer Neterra Ltd. Telephone: +359 2 975 16 16 Fax: +359 2 975 34 36 Mobile: +359 885 988 495 www.neterra.net <http://www.neterra.net>
participants (2)
-
Javor Kliachev
-
Keegan Holley