[c-nsp] MED on vpnv4 routes

Zaheer Aziz zaziz at cisco.com
Thu Aug 12 11:05:49 EDT 2004


At 09:52 AM 8/12/2004 -0500, Timothy.Hall at alltel.com wrote:
>I am setting the med in the gsr:


I does not look like that you are setting the MED for neighbor 10.0.200.2

Here is your relevant config.

neighbor 10.0.200.2 activate
neighbor 10.0.200.2 route-map ebgp-out out

route-map ebgp-out permit 10
  match as-path 100
!
route-map ebgp-out deny 20


ip as-path access-list 100 permit ^$
ip as-path access-list 100 deny all

where is the MED setting for this neighbor in AS 65000 ?
By default MED is cleared when an update crosses the AS
Hope this helps
Zaheer



>router bgp 65001
>  no bgp default ipv4-unicast
>  bgp log-neighbor-changes
>  bgp deterministic-med
>  bgp graceful-restart restart-time 120
>  bgp graceful-restart stalepath-time 360
>  bgp graceful-restart
>  neighbor 10.0.200.2 remote-as 65000
>  neighbor 192.168.0.6 remote-as 65001
>  neighbor 192.168.0.6 update-source Loopback0
>  neighbor 192.168.0.7 remote-as 65001
>  neighbor 192.168.0.7 update-source Loopback0
>  neighbor 192.168.0.22 remote-as 65001
>  neighbor 192.168.0.22 update-source Loopback0
>  !
>  address-family ipv4
>  auto-summary
>  no synchronization
>  exit-address-family
>  !
>  address-family vpnv4
>  neighbor 10.0.200.2 activate
>  neighbor 10.0.200.2 send-community both
>  neighbor 10.0.200.2 route-map ebgp-in in
>  neighbor 10.0.200.2 route-map ebgp-out out
>  neighbor 192.168.0.6 activate
>  neighbor 192.168.0.6 next-hop-self
>  neighbor 192.168.0.6 send-community both
>  neighbor 192.168.0.6 route-map set-med-high in
>  neighbor 192.168.0.6 route-map set-loc-pref out
>  neighbor 192.168.0.7 activate
>  neighbor 192.168.0.7 next-hop-self
>  neighbor 192.168.0.7 send-community both
>  neighbor 192.168.0.22 activate
>  neighbor 192.168.0.22 next-hop-self
>  neighbor 192.168.0.22 send-community both
>  neighbor 192.168.0.22 route-map set-med-low in
>  neighbor 192.168.0.22 route-map set-loc-pref out
>  exit-address-family
>  !
>  address-family ipv4 vrf test-vrf
>  no auto-summary
>  no synchronization
>  exit-address-family
>!
>ip classless
>!
>ip extcommunity-list 1 permit rt 65000:1
>ip bgp-community new-format
>ip community-list 4 permit 65000:4
>ip community-list 14 permit 65000:14
>ip as-path access-list 100 permit ^$
>ip as-path access-list 100 deny all
>!
>!
>ip prefix-list ROUTE_SOURCE seq 5 permit 192.168.0.22/32
>access-list 10 permit 192.168.0.22
>access-list 10 deny   any
>access-list 20 permit 192.168.0.6
>access-list 20 deny   any
>route-map set-med-high permit 10
>  set metric 100
>!
>route-map set-loc-pref permit 10
>  match community 4
>  set local-preference 200
>!
>route-map set-loc-pref permit 20
>  match community 14
>!
>route-map ebgp-in permit 10
>  match extcommunity 1
>  set extcomm-list 1 delete
>  set extcommunity rt  65001:1
>!
>route-map ebgp-out permit 10
>  match as-path 100
>!
>route-map ebgp-out deny 20
>!
>route-map set-med-low permit 10
>  set metric 50
>
>----------------------------------------------
>
>tim
>
>
>
>At 08:30 AM 8/12/2004 -0500, Timothy.Hall at alltel.com wrote:
> >Here is the debug output for the GSR (sender):
>
>One more question
>
>Are you setting the MEDs on the ASBR(GSR) or is it set somewhere else in 
>65000.
>relevant configs from GSR and 7200 would be helpful as well.
>Thans
>Zaheer
>
>
> >*Aug 12 11:41:09.418: %BGP-5-ADJCHANGE: neighbor 10.0.200.2 Up
> >r19#
> >*Aug 12 11:41:09.418: BGP(2): 10.0.200.2 send UPDATE (format)
> >192.168.0.22:1:10.0.133.0/30, next 10.0.200.1, metric 50, path , extended
> >community RT:65001:1
> >*Aug 12 11:41:09.418: BGP(2): 10.0.200.2 send UPDATE (format)
> >192.168.0.6:1:10.0.136.0/30, next 10.0.200.1, metric 100, path , extended
> >community RT:65001:1
> >
> >Here is the debug output for the 7200 (receiver):
> >
> >w0d: BGP: Import walker start version 1, end version 3
> >1w0d: BGP: ... start import cfg version = 2
> >1w0d: BGP: Prefix 192.168.0.6:1:10.0.136.0/30 to be imported as
> >0:0:10.0.136.0/30 -- Permitted
> >nexthop 10.0.200.1, origin i, path 65001, extended community RT:65001:1
> >1w0d: Path added
> >1w0d: BGP: Prefix 192.168.0.22:1:10.0.133.0/30 to be imported as
> >0:0:10.0.133.0/30 -- Permitted
> >nexthop 10.0.200.1, origin ?, path 65001, extended community RT:65001:1
> >1w0d: Path added
> >1w0d: BGP(2): Revise route installing 1 of 1 route for 10.0.133.0/30 ->
> >10.0.200.1 to test IP table
> >1w0d: BGP(2): Revise route installing 1 of 1 route for 10.0.136.0/30 ->
> >10.0.200.1 to test IP table
> >
> >Last, here is the sh ip bgp vpnv4 * output:
> >
> >Network          Next Hop            Metric LocPrf Weight Path
> >Route Distinguisher: 0:0
> >*> 10.0.133.0/30    10.0.200.1                             0 65001 ?
> >*> 10.0.136.0/30    10.0.200.1                             0 65001 i
> >
> >As you can see, metric appears to be sent, but not received???
> >
> >tim
> >
> >
> >
> >At 04:20 PM 8/11/2004 -0500, Timothy.Hall at alltel.com wrote:
> > >We are having a problem with some lab testing. We set up two AS's doing
> > >interprovider VPN, each AS has two ASBR's. The ASBR's are set up with ebgp
> > >advertising only the vpnv4 routes. We set the MED for the routes so that
> > >we would know which inter-AS link traffic would take. One border router is
> > >an M-series, the other is a GSR. Problem is the GSR is not sending the vpn
> > >routes with the MED set. The debug ip bgp update output shows that the MED
> > >is set and the router thinks it is advertising properly, however the other
> > >side does not indicate that it is receiving the MED attribute. Also, it
> > >doesn'ty matter whether the receiving router is an M-series or a Cisco
> > >router. Problem occurs in both cases.
> >
> >Please provide the debugs from sender and receiver for any one of the
> >prefixes in question.
> >
> >Zaheer
> >
> >
> > >GSR is running 12.0(27)S2.
> > >
> > >Anyone have any ideas?
> > >
> > >Thanks,
> > >Tim
> > >
> > >*************************************************************************
> > *****************
> > >The information contained in this message, including attachments, may
> > contain
> > >privileged or confidential information that is intended to be delivered
> > >only to the
> > >person identified above. If you are not the intended recipient, or the
> > person
> > >responsible for delivering this message to the intended recipient, ALLTEL
> > >requests
> > >that you immediately notify the sender and asks that you do not read the
> > >message or its
> > >attachments, and that you delete them without copying or sending them to
> > >anyone else.
> > >
> > >
> > >_______________________________________________
> > >cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > >https://puck.nether.net/mailman/listinfo/cisco-nsp
> > >archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> >************************************************************************* 
> *****************
> >The information contained in this message, including attachments, may 
> contain
> >privileged or confidential information that is intended to be delivered
> >only to the
> >person identified above. If you are not the intended recipient, or the 
> person
> >responsible for delivering this message to the intended recipient, ALLTEL
> >requests
> >that you immediately notify the sender and asks that you do not read the
> >message or its
> >attachments, and that you delete them without copying or sending them to
> >anyone else.
> >
> >
> >_______________________________________________
> >cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >https://puck.nether.net/mailman/listinfo/cisco-nsp
> >archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>******************************************************************************************
>The information contained in this message, including attachments, may contain
>privileged or confidential information that is intended to be delivered 
>only to the
>person identified above. If you are not the intended recipient, or the person
>responsible for delivering this message to the intended recipient, ALLTEL 
>requests
>that you immediately notify the sender and asks that you do not read the 
>message or its
>attachments, and that you delete them without copying or sending them to 
>anyone else.



More information about the cisco-nsp mailing list