[c-nsp] MED on vpnv4 routes

Zaheer Aziz zaziz at cisco.com
Thu Aug 12 11:29:41 EDT 2004 

At 10:16 AM 8/12/2004 -0500, Timothy.Hall at alltel.com wrote:
>I set the med on the ibgp neighbors inbound. I don't alter the routes 
>outbound ebgp so the med should still be advertised.

Hi Tim,

quoting directly from the source. Please read the last line

RFC 1771                         BGP-4                        March 1995


5.1.4   MULTI_EXIT_DISC

    The MULTI_EXIT_DISC attribute may be used on external (inter-AS)
    links to discriminate among multiple exit or entry points to the same
    neighboring AS.  The value of the MULTI_EXIT_DISC attribute is a four
    octet unsigned number which is called a metric.  All other factors
    being equal, the exit or entry point with lower metric should be
    preferred.  If received over external links, the MULTI_EXIT_DISC
    attribute may be propagated over internal links to other BGP speakers
    within the same AS.  The MULTI_EXIT_DISC attribute is never
    propagated to other BGP speakers in neighboring AS's.


Zaheer


>-----Original Message-----
>From: Zaheer Aziz [mailto:zaziz at cisco.com]
>Sent: Thursday, August 12, 2004 10:06 AM
>To: Hall, Timothy
>Cc: zaziz at cisco.com; cisco-nsp at puck.nether.net
>Subject: RE: [c-nsp] MED on vpnv4 routes
>
>
>At 09:52 AM 8/12/2004 -0500, Timothy.Hall at alltel.com wrote:
> >I am setting the med in the gsr:
>
>
>I does not look like that you are setting the MED for neighbor 10.0.200.2
>
>Here is your relevant config.
>
>neighbor 10.0.200.2 activate
>neighbor 10.0.200.2 route-map ebgp-out out
>
>route-map ebgp-out permit 10
>   match as-path 100
>!
>route-map ebgp-out deny 20
>
>
>ip as-path access-list 100 permit ^$
>ip as-path access-list 100 deny all
>
>where is the MED setting for this neighbor in AS 65000 ?
>By default MED is cleared when an update crosses the AS
>Hope this helps
>Zaheer
>
>
>
> >router bgp 65001
> >  no bgp default ipv4-unicast
> >  bgp log-neighbor-changes
> >  bgp deterministic-med
> >  bgp graceful-restart restart-time 120
> >  bgp graceful-restart stalepath-time 360
> >  bgp graceful-restart
> >  neighbor 10.0.200.2 remote-as 65000
> >  neighbor 192.168.0.6 remote-as 65001
> >  neighbor 192.168.0.6 update-source Loopback0
> >  neighbor 192.168.0.7 remote-as 65001
> >  neighbor 192.168.0.7 update-source Loopback0
> >  neighbor 192.168.0.22 remote-as 65001
> >  neighbor 192.168.0.22 update-source Loopback0
> >  !
> >  address-family ipv4
> >  auto-summary
> >  no synchronization
> >  exit-address-family
> >  !
> >  address-family vpnv4
> >  neighbor 10.0.200.2 activate
> >  neighbor 10.0.200.2 send-community both
> >  neighbor 10.0.200.2 route-map ebgp-in in
> >  neighbor 10.0.200.2 route-map ebgp-out out
> >  neighbor 192.168.0.6 activate
> >  neighbor 192.168.0.6 next-hop-self
> >  neighbor 192.168.0.6 send-community both
> >  neighbor 192.168.0.6 route-map set-med-high in
> >  neighbor 192.168.0.6 route-map set-loc-pref out
> >  neighbor 192.168.0.7 activate
> >  neighbor 192.168.0.7 next-hop-self
> >  neighbor 192.168.0.7 send-community both
> >  neighbor 192.168.0.22 activate
> >  neighbor 192.168.0.22 next-hop-self
> >  neighbor 192.168.0.22 send-community both
> >  neighbor 192.168.0.22 route-map set-med-low in
> >  neighbor 192.168.0.22 route-map set-loc-pref out
> >  exit-address-family
> >  !
> >  address-family ipv4 vrf test-vrf
> >  no auto-summary
> >  no synchronization
> >  exit-address-family
> >!
> >ip classless
> >!
> >ip extcommunity-list 1 permit rt 65000:1
> >ip bgp-community new-format
> >ip community-list 4 permit 65000:4
> >ip community-list 14 permit 65000:14
> >ip as-path access-list 100 permit ^$
> >ip as-path access-list 100 deny all
> >!
> >!
> >ip prefix-list ROUTE_SOURCE seq 5 permit 192.168.0.22/32
> >access-list 10 permit 192.168.0.22
> >access-list 10 deny   any
> >access-list 20 permit 192.168.0.6
> >access-list 20 deny   any
> >route-map set-med-high permit 10
> >  set metric 100
> >!
> >route-map set-loc-pref permit 10
> >  match community 4
> >  set local-preference 200
> >!
> >route-map set-loc-pref permit 20
> >  match community 14
> >!
> >route-map ebgp-in permit 10
> >  match extcommunity 1
> >  set extcomm-list 1 delete
> >  set extcommunity rt  65001:1
> >!
> >route-map ebgp-out permit 10
> >  match as-path 100
> >!
> >route-map ebgp-out deny 20
> >!
> >route-map set-med-low permit 10
> >  set metric 50
> >
> >----------------------------------------------
> >
> >tim
> >
> >
> >
> >At 08:30 AM 8/12/2004 -0500, Timothy.Hall at alltel.com wrote:
> > >Here is the debug output for the GSR (sender):
> >
> >One more question
> >
> >Are you setting the MEDs on the ASBR(GSR) or is it set somewhere else in
> >65000.
> >relevant configs from GSR and 7200 would be helpful as well.
> >Thans
> >Zaheer
> >
> >
> > >*Aug 12 11:41:09.418: %BGP-5-ADJCHANGE: neighbor 10.0.200.2 Up
> > >r19#
> > >*Aug 12 11:41:09.418: BGP(2): 10.0.200.2 send UPDATE (format)
> > >192.168.0.22:1:10.0.133.0/30, next 10.0.200.1, metric 50, path , extended
> > >community RT:65001:1
> > >*Aug 12 11:41:09.418: BGP(2): 10.0.200.2 send UPDATE (format)
> > >192.168.0.6:1:10.0.136.0/30, next 10.0.200.1, metric 100, path , extended
> > >community RT:65001:1
> > >
> > >Here is the debug output for the 7200 (receiver):
> > >
> > >w0d: BGP: Import walker start version 1, end version 3
> > >1w0d: BGP: ... start import cfg version = 2
> > >1w0d: BGP: Prefix 192.168.0.6:1:10.0.136.0/30 to be imported as
> > >0:0:10.0.136.0/30 -- Permitted
> > >nexthop 10.0.200.1, origin i, path 65001, extended community RT:65001:1
> > >1w0d: Path added
> > >1w0d: BGP: Prefix 192.168.0.22:1:10.0.133.0/30 to be imported as
> > >0:0:10.0.133.0/30 -- Permitted
> > >nexthop 10.0.200.1, origin ?, path 65001, extended community RT:65001:1
> > >1w0d: Path added
> > >1w0d: BGP(2): Revise route installing 1 of 1 route for 10.0.133.0/30 ->
> > >10.0.200.1 to test IP table
> > >1w0d: BGP(2): Revise route installing 1 of 1 route for 10.0.136.0/30 ->
> > >10.0.200.1 to test IP table
> > >
> > >Last, here is the sh ip bgp vpnv4 * output:
> > >
> > >Network          Next Hop            Metric LocPrf Weight Path
> > >Route Distinguisher: 0:0
> > >*> 10.0.133.0/30    10.0.200.1                             0 65001 ?
> > >*> 10.0.136.0/30    10.0.200.1                             0 65001 i
> > >
> > >As you can see, metric appears to be sent, but not received???
> > >
> > >tim
> > >
> > >
> > >
> > >At 04:20 PM 8/11/2004 -0500, Timothy.Hall at alltel.com wrote:
> > > >We are having a problem with some lab testing. We set up two AS's doing
> > > >interprovider VPN, each AS has two ASBR's. The ASBR's are set up 
> with ebgp
> > > >advertising only the vpnv4 routes. We set the MED for the routes so that
> > > >we would know which inter-AS link traffic would take. One border 
> router is
> > > >an M-series, the other is a GSR. Problem is the GSR is not sending 
> the vpn
> > > >routes with the MED set. The debug ip bgp update output shows that 
> the MED
> > > >is set and the router thinks it is advertising properly, however the 
> other
> > > >side does not indicate that it is receiving the MED attribute. Also, it
> > > >doesn'ty matter whether the receiving router is an M-series or a Cisco
> > > >router. Problem occurs in both cases.
> > >
> > >Please provide the debugs from sender and receiver for any one of the
> > >prefixes in question.
> > >
> > >Zaheer
> > >
> > >
> > > >GSR is running 12.0(27)S2.
> > > >
> > > >Anyone have any ideas?
> > > >
> > > >Thanks,
> > > >Tim
> > > >
> > > >********************************************************************* 
> ****
> > > *****************
> > > >The information contained in this message, including attachments, may
> > > contain
> > > >privileged or confidential information that is intended to be delivered
> > > >only to the
> > > >person identified above. If you are not the intended recipient, or the
> > > person
> > > >responsible for delivering this message to the intended recipient, 
> ALLTEL
> > > >requests
> > > >that you immediately notify the sender and asks that you do not read the
> > > >message or its
> > > >attachments, and that you delete them without copying or sending them to
> > > >anyone else.
> > > >
> > > >
> > > >_______________________________________________
> > > >cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > >https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > >archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >
> > >*************************************************************************
> > *****************
> > >The information contained in this message, including attachments, may
> > contain
> > >privileged or confidential information that is intended to be delivered
> > >only to the
> > >person identified above. If you are not the intended recipient, or the
> > person
> > >responsible for delivering this message to the intended recipient, ALLTEL
> > >requests
> > >that you immediately notify the sender and asks that you do not read the
> > >message or its
> > >attachments, and that you delete them without copying or sending them to
> > >anyone else.
> > >
> > >
> > >_______________________________________________
> > >cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > >https://puck.nether.net/mailman/listinfo/cisco-nsp
> > >archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> >************************************************************************* 
> *****************
> >The information contained in this message, including attachments, may 
> contain
> >privileged or confidential information that is intended to be delivered
> >only to the
> >person identified above. If you are not the intended recipient, or the 
> person
> >responsible for delivering this message to the intended recipient, ALLTEL
> >requests
> >that you immediately notify the sender and asks that you do not read the
> >message or its
> >attachments, and that you delete them without copying or sending them to
> >anyone else.
>
>******************************************************************************************
>The information contained in this message, including attachments, may contain
>privileged or confidential information that is intended to be delivered 
>only to the
>person identified above. If you are not the intended recipient, or the person
>responsible for delivering this message to the intended recipient, ALLTEL 
>requests
>that you immediately notify the sender and asks that you do not read the 
>message or its
>attachments, and that you delete them without copying or sending them to 
>anyone else.
>
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list