[c-nsp] MED on vpnv4 routes

Timothy.Hall at alltel.com Timothy.Hall at alltel.com
Thu Aug 12 11:16:18 EDT 2004


I set the med on the ibgp neighbors inbound. I don't alter the routes outbound ebgp so the med should still be advertised.

-----Original Message-----
From: Zaheer Aziz [mailto:zaziz at cisco.com]
Sent: Thursday, August 12, 2004 10:06 AM
To: Hall, Timothy
Cc: zaziz at cisco.com; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] MED on vpnv4 routes


At 09:52 AM 8/12/2004 -0500, Timothy.Hall at alltel.com wrote:
>I am setting the med in the gsr:


I does not look like that you are setting the MED for neighbor 10.0.200.2

Here is your relevant config.

neighbor 10.0.200.2 activate
neighbor 10.0.200.2 route-map ebgp-out out

route-map ebgp-out permit 10
  match as-path 100
!
route-map ebgp-out deny 20


ip as-path access-list 100 permit ^$
ip as-path access-list 100 deny all

where is the MED setting for this neighbor in AS 65000 ?
By default MED is cleared when an update crosses the AS
Hope this helps
Zaheer



>router bgp 65001
>  no bgp default ipv4-unicast
>  bgp log-neighbor-changes
>  bgp deterministic-med
>  bgp graceful-restart restart-time 120
>  bgp graceful-restart stalepath-time 360
>  bgp graceful-restart
>  neighbor 10.0.200.2 remote-as 65000
>  neighbor 192.168.0.6 remote-as 65001
>  neighbor 192.168.0.6 update-source Loopback0
>  neighbor 192.168.0.7 remote-as 65001
>  neighbor 192.168.0.7 update-source Loopback0
>  neighbor 192.168.0.22 remote-as 65001
>  neighbor 192.168.0.22 update-source Loopback0
>  !
>  address-family ipv4
>  auto-summary
>  no synchronization
>  exit-address-family
>  !
>  address-family vpnv4
>  neighbor 10.0.200.2 activate
>  neighbor 10.0.200.2 send-community both
>  neighbor 10.0.200.2 route-map ebgp-in in
>  neighbor 10.0.200.2 route-map ebgp-out out
>  neighbor 192.168.0.6 activate
>  neighbor 192.168.0.6 next-hop-self
>  neighbor 192.168.0.6 send-community both
>  neighbor 192.168.0.6 route-map set-med-high in
>  neighbor 192.168.0.6 route-map set-loc-pref out
>  neighbor 192.168.0.7 activate
>  neighbor 192.168.0.7 next-hop-self
>  neighbor 192.168.0.7 send-community both
>  neighbor 192.168.0.22 activate
>  neighbor 192.168.0.22 next-hop-self
>  neighbor 192.168.0.22 send-community both
>  neighbor 192.168.0.22 route-map set-med-low in
>  neighbor 192.168.0.22 route-map set-loc-pref out
>  exit-address-family
>  !
>  address-family ipv4 vrf test-vrf
>  no auto-summary
>  no synchronization
>  exit-address-family
>!
>ip classless
>!
>ip extcommunity-list 1 permit rt 65000:1
>ip bgp-community new-format
>ip community-list 4 permit 65000:4
>ip community-list 14 permit 65000:14
>ip as-path access-list 100 permit ^$
>ip as-path access-list 100 deny all
>!
>!
>ip prefix-list ROUTE_SOURCE seq 5 permit 192.168.0.22/32
>access-list 10 permit 192.168.0.22
>access-list 10 deny   any
>access-list 20 permit 192.168.0.6
>access-list 20 deny   any
>route-map set-med-high permit 10
>  set metric 100
>!
>route-map set-loc-pref permit 10
>  match community 4
>  set local-preference 200
>!
>route-map set-loc-pref permit 20
>  match community 14
>!
>route-map ebgp-in permit 10
>  match extcommunity 1
>  set extcomm-list 1 delete
>  set extcommunity rt  65001:1
>!
>route-map ebgp-out permit 10
>  match as-path 100
>!
>route-map ebgp-out deny 20
>!
>route-map set-med-low permit 10
>  set metric 50
>
>----------------------------------------------
>
>tim
>
>
>
>At 08:30 AM 8/12/2004 -0500, Timothy.Hall at alltel.com wrote:
> >Here is the debug output for the GSR (sender):
>
>One more question
>
>Are you setting the MEDs on the ASBR(GSR) or is it set somewhere else in 
>65000.
>relevant configs from GSR and 7200 would be helpful as well.
>Thans
>Zaheer
>
>
> >*Aug 12 11:41:09.418: %BGP-5-ADJCHANGE: neighbor 10.0.200.2 Up
> >r19#
> >*Aug 12 11:41:09.418: BGP(2): 10.0.200.2 send UPDATE (format)
> >192.168.0.22:1:10.0.133.0/30, next 10.0.200.1, metric 50, path , extended
> >community RT:65001:1
> >*Aug 12 11:41:09.418: BGP(2): 10.0.200.2 send UPDATE (format)
> >192.168.0.6:1:10.0.136.0/30, next 10.0.200.1, metric 100, path , extended
> >community RT:65001:1
> >
> >Here is the debug output for the 7200 (receiver):
> >
> >w0d: BGP: Import walker start version 1, end version 3
> >1w0d: BGP: ... start import cfg version = 2
> >1w0d: BGP: Prefix 192.168.0.6:1:10.0.136.0/30 to be imported as
> >0:0:10.0.136.0/30 -- Permitted
> >nexthop 10.0.200.1, origin i, path 65001, extended community RT:65001:1
> >1w0d: Path added
> >1w0d: BGP: Prefix 192.168.0.22:1:10.0.133.0/30 to be imported as
> >0:0:10.0.133.0/30 -- Permitted
> >nexthop 10.0.200.1, origin ?, path 65001, extended community RT:65001:1
> >1w0d: Path added
> >1w0d: BGP(2): Revise route installing 1 of 1 route for 10.0.133.0/30 ->
> >10.0.200.1 to test IP table
> >1w0d: BGP(2): Revise route installing 1 of 1 route for 10.0.136.0/30 ->
> >10.0.200.1 to test IP table
> >
> >Last, here is the sh ip bgp vpnv4 * output:
> >
> >Network          Next Hop            Metric LocPrf Weight Path
> >Route Distinguisher: 0:0
> >*> 10.0.133.0/30    10.0.200.1                             0 65001 ?
> >*> 10.0.136.0/30    10.0.200.1                             0 65001 i
> >
> >As you can see, metric appears to be sent, but not received???
> >
> >tim
> >
> >
> >
> >At 04:20 PM 8/11/2004 -0500, Timothy.Hall at alltel.com wrote:
> > >We are having a problem with some lab testing. We set up two AS's doing
> > >interprovider VPN, each AS has two ASBR's. The ASBR's are set up with ebgp
> > >advertising only the vpnv4 routes. We set the MED for the routes so that
> > >we would know which inter-AS link traffic would take. One border router is
> > >an M-series, the other is a GSR. Problem is the GSR is not sending the vpn
> > >routes with the MED set. The debug ip bgp update output shows that the MED
> > >is set and the router thinks it is advertising properly, however the other
> > >side does not indicate that it is receiving the MED attribute. Also, it
> > >doesn'ty matter whether the receiving router is an M-series or a Cisco
> > >router. Problem occurs in both cases.
> >
> >Please provide the debugs from sender and receiver for any one of the
> >prefixes in question.
> >
> >Zaheer
> >
> >
> > >GSR is running 12.0(27)S2.
> > >
> > >Anyone have any ideas?
> > >
> > >Thanks,
> > >Tim
> > >
> > >*************************************************************************
> > *****************
> > >The information contained in this message, including attachments, may
> > contain
> > >privileged or confidential information that is intended to be delivered
> > >only to the
> > >person identified above. If you are not the intended recipient, or the
> > person
> > >responsible for delivering this message to the intended recipient, ALLTEL
> > >requests
> > >that you immediately notify the sender and asks that you do not read the
> > >message or its
> > >attachments, and that you delete them without copying or sending them to
> > >anyone else.
> > >
> > >
> > >_______________________________________________
> > >cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > >https://puck.nether.net/mailman/listinfo/cisco-nsp
> > >archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> >************************************************************************* 
> *****************
> >The information contained in this message, including attachments, may 
> contain
> >privileged or confidential information that is intended to be delivered
> >only to the
> >person identified above. If you are not the intended recipient, or the 
> person
> >responsible for delivering this message to the intended recipient, ALLTEL
> >requests
> >that you immediately notify the sender and asks that you do not read the
> >message or its
> >attachments, and that you delete them without copying or sending them to
> >anyone else.
> >
> >
> >_______________________________________________
> >cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >https://puck.nether.net/mailman/listinfo/cisco-nsp
> >archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>******************************************************************************************
>The information contained in this message, including attachments, may contain
>privileged or confidential information that is intended to be delivered 
>only to the
>person identified above. If you are not the intended recipient, or the person
>responsible for delivering this message to the intended recipient, ALLTEL 
>requests
>that you immediately notify the sender and asks that you do not read the 
>message or its
>attachments, and that you delete them without copying or sending them to 
>anyone else.

******************************************************************************************
The information contained in this message, including attachments, may contain 
privileged or confidential information that is intended to be delivered only to the 
person identified above. If you are not the intended recipient, or the person 
responsible for delivering this message to the intended recipient, ALLTEL requests 
that you immediately notify the sender and asks that you do not read the message or its 
attachments, and that you delete them without copying or sending them to anyone else. 




More information about the cisco-nsp mailing list