FW: [c-nsp] MED on vpnv4 routes

Timothy.Hall at alltel.com Timothy.Hall at alltel.com
Thu Aug 12 11:31:21 EDT 2004


so I just removed the inbound ibgp route-maps and changed the ebgp outbound route-map to set the metric - still no dice...

route-map ebgp-out permit 10
 match as-path 100
!
route-map ebgp-out permit 15
 set metric 177
!
route-map ebgp-out deny 20

ddress-family vpnv4
 neighbor 10.0.200.2 activate
 neighbor 10.0.200.2 send-community both
 neighbor 10.0.200.2 route-map ebgp-in in
 neighbor 10.0.200.2 route-map ebgp-out out
 neighbor 192.168.0.6 activate
 neighbor 192.168.0.6 next-hop-self
 neighbor 192.168.0.6 send-community both
 neighbor 192.168.0.6 route-map set-loc-pref out
 neighbor 192.168.0.7 activate
 neighbor 192.168.0.7 next-hop-self
 neighbor 192.168.0.7 send-community both
 neighbor 192.168.0.22 activate
 neighbor 192.168.0.22 next-hop-self
 neighbor 192.168.0.22 send-community both
 neighbor 192.168.0.22 route-map set-loc-pref out
 exit-address-family

--------------------------

Lab-7200-1#sh ip bgp v * 
BGP table version is 21, local router ID is 166.102.5.63
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 0:0
*> 10.0.133.0/30    10.0.200.1                             0 65001 ?
*> 10.0.136.0/30    10.0.200.1                             0 65001 i



-----Original Message-----
From: Zaheer Aziz [mailto:zaziz at cisco.com]
Sent: Thursday, August 12, 2004 10:20 AM
To: Oliver Boehmer (oboehmer)
Cc: Hall, Timothy
Subject: Re: FW: [c-nsp] MED on vpnv4 routes


At 05:10 PM 8/12/2004 +0200, Oliver Boehmer \(oboehmer\) wrote:

[adding Tim]

Hi Oliver and Tim,

>bug.. I can repro his problem easily... unless the MED is set outbound
>on the vpnv4 eBGP connection, it will not arrive at the other side..

MED should be send as 0 when advertise to EBGP neighbor unless you set
it on the EBGP connection itself.

Zaheer



>         oli
>
>Timothy.Hall at alltel.com <> wrote on Thursday, August 12, 2004 4:53 PM:
>
> > I am setting the med in the gsr:
> >
> > router bgp 65001
> >  no bgp default ipv4-unicast
> >  bgp log-neighbor-changes
> >  bgp deterministic-med
> >  bgp graceful-restart restart-time 120
> >  bgp graceful-restart stalepath-time 360
> >  bgp graceful-restart
> >  neighbor 10.0.200.2 remote-as 65000
> >  neighbor 192.168.0.6 remote-as 65001
> >  neighbor 192.168.0.6 update-source Loopback0
> >  neighbor 192.168.0.7 remote-as 65001
> >  neighbor 192.168.0.7 update-source Loopback0
> >  neighbor 192.168.0.22 remote-as 65001
> >  neighbor 192.168.0.22 update-source Loopback0
> >  !
> >  address-family ipv4
> >  auto-summary
> >  no synchronization
> >  exit-address-family
> >  !
> >  address-family vpnv4
> >  neighbor 10.0.200.2 activate
> >  neighbor 10.0.200.2 send-community both
> >  neighbor 10.0.200.2 route-map ebgp-in in
> >  neighbor 10.0.200.2 route-map ebgp-out out
> >  neighbor 192.168.0.6 activate
> >  neighbor 192.168.0.6 next-hop-self
> >  neighbor 192.168.0.6 send-community both
> >  neighbor 192.168.0.6 route-map set-med-high in
> >  neighbor 192.168.0.6 route-map set-loc-pref out
> >  neighbor 192.168.0.7 activate
> >  neighbor 192.168.0.7 next-hop-self
> >  neighbor 192.168.0.7 send-community both
> >  neighbor 192.168.0.22 activate
> >  neighbor 192.168.0.22 next-hop-self
> >  neighbor 192.168.0.22 send-community both
> >  neighbor 192.168.0.22 route-map set-med-low in
> >  neighbor 192.168.0.22 route-map set-loc-pref out
> >  exit-address-family
> >  !
> >  address-family ipv4 vrf test-vrf
> >  no auto-summary
> >  no synchronization
> >  exit-address-family
> > !
> > ip classless
> > !
> > ip extcommunity-list 1 permit rt 65000:1
> > ip bgp-community new-format
> > ip community-list 4 permit 65000:4
> > ip community-list 14 permit 65000:14
> > ip as-path access-list 100 permit ^$
> > ip as-path access-list 100 deny all
> > !
> > !
> > ip prefix-list ROUTE_SOURCE seq 5 permit 192.168.0.22/32
> > access-list 10 permit 192.168.0.22
> > access-list 10 deny   any
> > access-list 20 permit 192.168.0.6
> > access-list 20 deny   any
> > route-map set-med-high permit 10
> >  set metric 100
> > !
> > route-map set-loc-pref permit 10
> >  match community 4
> >  set local-preference 200
> > !
> > route-map set-loc-pref permit 20
> >  match community 14
> > !
> > route-map ebgp-in permit 10
> >  match extcommunity 1
> >  set extcomm-list 1 delete
> >  set extcommunity rt  65001:1
> > !
> > route-map ebgp-out permit 10
> >  match as-path 100
> > !
> > route-map ebgp-out deny 20
> > !
> > route-map set-med-low permit 10
> >  set metric 50
> >
> > ----------------------------------------------
> >
> > tim
> >
> >
> >
> > At 08:30 AM 8/12/2004 -0500, Timothy.Hall at alltel.com wrote:
> >> Here is the debug output for the GSR (sender):
> >
> > One more question
> >
> > Are you setting the MEDs on the ASBR(GSR) or is it set somewhere else
> > in 65000. relevant configs from GSR and 7200 would be helpful as well.
> > Thans
> > Zaheer
> >
> >
> >> *Aug 12 11:41:09.418: %BGP-5-ADJCHANGE: neighbor 10.0.200.2 Up
> >> r19#
> >> *Aug 12 11:41:09.418: BGP(2): 10.0.200.2 send UPDATE (format)
> >> 192.168.0.22:1:10.0.133.0/30, next 10.0.200.1, metric 50, path ,
> >> extended community RT:65001:1 *Aug 12 11:41:09.418: BGP(2):
> >> 10.0.200.2 send UPDATE (format) 192.168.0.6:1:10.0.136.0/30, next
> >> 10.0.200.1, metric 100, path , extended community RT:65001:1
> >>
> >> Here is the debug output for the 7200 (receiver):
> >>
> >> w0d: BGP: Import walker start version 1, end version 3
> >> 1w0d: BGP: ... start import cfg version = 2
> >> 1w0d: BGP: Prefix 192.168.0.6:1:10.0.136.0/30 to be imported as
> >> 0:0:10.0.136.0/30 -- Permitted
> >> nexthop 10.0.200.1, origin i, path 65001, extended community
> >> RT:65001:1 1w0d: Path added 1w0d: BGP: Prefix
> >> 192.168.0.22:1:10.0.133.0/30 to be imported as 0:0:10.0.133.0/30 --
> >> Permitted
> >> nexthop 10.0.200.1, origin ?, path 65001, extended community
> >> RT:65001:1 1w0d: Path added 1w0d: BGP(2): Revise route installing 1
> >> of 1 route for 10.0.133.0/30 ->
> >> 10.0.200.1 to test IP table
> >> 1w0d: BGP(2): Revise route installing 1 of 1 route for 10.0.136.0/30
> >> ->
> >> 10.0.200.1 to test IP table
> >>
> >> Last, here is the sh ip bgp vpnv4 * output:
> >>
> >> Network          Next Hop            Metric LocPrf Weight Path
> >> Route Distinguisher: 0:0
> >> *> 10.0.133.0/30    10.0.200.1                             0 65001 ?
> >> *> 10.0.136.0/30    10.0.200.1                             0 65001 i
> >>
> >> As you can see, metric appears to be sent, but not received???
> >>
> >> tim
> >>
> >>
> >>
> >> At 04:20 PM 8/11/2004 -0500, Timothy.Hall at alltel.com wrote:
> >>> We are having a problem with some lab testing. We set up two AS's
> >>> doing interprovider VPN, each AS has two ASBR's. The ASBR's are set
> >>> up with ebgp advertising only the vpnv4 routes. We set the MED for
> >>> the routes so that we would know which inter-AS link traffic would
> >>> take. One border router is an M-series, the other is a GSR. Problem
> >>> is the GSR is not sending the vpn routes with the MED set. The
> >>> debug ip bgp update output shows that the MED is set and the router
> >>> thinks it is advertising properly, however the other side does not
> >>> indicate that it is receiving the MED attribute. Also, it doesn'ty
> >>> matter whether the receiving router is an M-series or a Cisco
> >>> router. Problem occurs in both cases.
> >>
> >> Please provide the debugs from sender and receiver for any one of
> >> the prefixes in question.
> >>
> >> Zaheer
> >>
> >>
> >>> GSR is running 12.0(27)S2.
> >>>
> >>> Anyone have any ideas?
> >>>
> >>> Thanks,
> >>> Tim
> >>>
> >>>
>************************************************************************
>*
> >>> ***************** The information contained in this message,
> >>> including attachments, may contain privileged or confidential
> >>> information that is intended to be delivered only to the person
> >>> identified above. If you are not the intended recipient, or the
> >>> person responsible for delivering this message to the intended
> >>> recipient, ALLTEL requests that you immediately notify the sender
> >>> and asks that you do not read the message or its attachments, and
> >>> that you delete them without copying or sending them to anyone
> >>> else.
> >>>
> >>>
> >>> _______________________________________________
> >>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >>> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>
> >>
>************************************************************************
>******************
> >> The information contained in this message, including attachments,
> >> may contain privileged or confidential information that is intended
> >> to be delivered
> >> only to the
> >> person identified above. If you are not the intended recipient, or
> >> the person responsible for delivering this message to the intended
> >> recipient, ALLTEL requests that you immediately notify the sender
> >> and asks that you do not read the message or its attachments, and
> >> that you delete them without copying or sending them to anyone else.
> >>
> >>
> >> _______________________________________________
> >> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> >
>************************************************************************
>******************
> > The information contained in this message, including attachments, may
> > contain privileged or confidential information that is intended to be
> > delivered only to the person identified above. If you are not the
> > intended recipient, or the person responsible for delivering this
> > message to the intended recipient, ALLTEL requests that you
> > immediately notify the sender and asks that you do not read the
> > message or its attachments, and that you delete them without copying
> > or sending them to anyone else.
> >
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/

******************************************************************************************
The information contained in this message, including attachments, may contain 
privileged or confidential information that is intended to be delivered only to the 
person identified above. If you are not the intended recipient, or the person 
responsible for delivering this message to the intended recipient, ALLTEL requests 
that you immediately notify the sender and asks that you do not read the message or its 
attachments, and that you delete them without copying or sending them to anyone else. 




More information about the cisco-nsp mailing list