FW: [c-nsp] MED on vpnv4 routes
Zaheer Aziz
zaziz at cisco.com
Thu Aug 12 11:39:29 EDT 2004
At 10:31 AM 8/12/2004 -0500, Timothy.Hall at alltel.com wrote:
>so I just removed the inbound ibgp route-maps and changed the ebgp
>outbound route-map to set the metric - still no dice...
because the config is incorrect
Try this
oute-map ebgp-out permit 10
match as-path 100
set metric 177
!
route-map ebgp-out deny 20
and then soft or hard clear the neighbor
Zaheer
>route-map ebgp-out permit 10
> match as-path 100
>!
>route-map ebgp-out permit 15
> set metric 177
>!
>route-map ebgp-out deny 20
>
>ddress-family vpnv4
> neighbor 10.0.200.2 activate
> neighbor 10.0.200.2 send-community both
> neighbor 10.0.200.2 route-map ebgp-in in
> neighbor 10.0.200.2 route-map ebgp-out out
> neighbor 192.168.0.6 activate
> neighbor 192.168.0.6 next-hop-self
> neighbor 192.168.0.6 send-community both
> neighbor 192.168.0.6 route-map set-loc-pref out
> neighbor 192.168.0.7 activate
> neighbor 192.168.0.7 next-hop-self
> neighbor 192.168.0.7 send-community both
> neighbor 192.168.0.22 activate
> neighbor 192.168.0.22 next-hop-self
> neighbor 192.168.0.22 send-community both
> neighbor 192.168.0.22 route-map set-loc-pref out
> exit-address-family
>
>--------------------------
>
>Lab-7200-1#sh ip bgp v *
>BGP table version is 21, local router ID is 166.102.5.63
>Status codes: s suppressed, d damped, h history, * valid, > best, i -
>internal,
> r RIB-failure, S Stale
>Origin codes: i - IGP, e - EGP, ? - incomplete
>
> Network Next Hop Metric LocPrf Weight Path
>Route Distinguisher: 0:0
>*> 10.0.133.0/30 10.0.200.1 0 65001 ?
>*> 10.0.136.0/30 10.0.200.1 0 65001 i
>
>
>
>-----Original Message-----
>From: Zaheer Aziz [mailto:zaziz at cisco.com]
>Sent: Thursday, August 12, 2004 10:20 AM
>To: Oliver Boehmer (oboehmer)
>Cc: Hall, Timothy
>Subject: Re: FW: [c-nsp] MED on vpnv4 routes
>
>
>At 05:10 PM 8/12/2004 +0200, Oliver Boehmer \(oboehmer\) wrote:
>
>[adding Tim]
>
>Hi Oliver and Tim,
>
> >bug.. I can repro his problem easily... unless the MED is set outbound
> >on the vpnv4 eBGP connection, it will not arrive at the other side..
>
>MED should be send as 0 when advertise to EBGP neighbor unless you set
>it on the EBGP connection itself.
>
>Zaheer
>
>
>
> > oli
> >
> >Timothy.Hall at alltel.com <> wrote on Thursday, August 12, 2004 4:53 PM:
> >
> > > I am setting the med in the gsr:
> > >
> > > router bgp 65001
> > > no bgp default ipv4-unicast
> > > bgp log-neighbor-changes
> > > bgp deterministic-med
> > > bgp graceful-restart restart-time 120
> > > bgp graceful-restart stalepath-time 360
> > > bgp graceful-restart
> > > neighbor 10.0.200.2 remote-as 65000
> > > neighbor 192.168.0.6 remote-as 65001
> > > neighbor 192.168.0.6 update-source Loopback0
> > > neighbor 192.168.0.7 remote-as 65001
> > > neighbor 192.168.0.7 update-source Loopback0
> > > neighbor 192.168.0.22 remote-as 65001
> > > neighbor 192.168.0.22 update-source Loopback0
> > > !
> > > address-family ipv4
> > > auto-summary
> > > no synchronization
> > > exit-address-family
> > > !
> > > address-family vpnv4
> > > neighbor 10.0.200.2 activate
> > > neighbor 10.0.200.2 send-community both
> > > neighbor 10.0.200.2 route-map ebgp-in in
> > > neighbor 10.0.200.2 route-map ebgp-out out
> > > neighbor 192.168.0.6 activate
> > > neighbor 192.168.0.6 next-hop-self
> > > neighbor 192.168.0.6 send-community both
> > > neighbor 192.168.0.6 route-map set-med-high in
> > > neighbor 192.168.0.6 route-map set-loc-pref out
> > > neighbor 192.168.0.7 activate
> > > neighbor 192.168.0.7 next-hop-self
> > > neighbor 192.168.0.7 send-community both
> > > neighbor 192.168.0.22 activate
> > > neighbor 192.168.0.22 next-hop-self
> > > neighbor 192.168.0.22 send-community both
> > > neighbor 192.168.0.22 route-map set-med-low in
> > > neighbor 192.168.0.22 route-map set-loc-pref out
> > > exit-address-family
> > > !
> > > address-family ipv4 vrf test-vrf
> > > no auto-summary
> > > no synchronization
> > > exit-address-family
> > > !
> > > ip classless
> > > !
> > > ip extcommunity-list 1 permit rt 65000:1
> > > ip bgp-community new-format
> > > ip community-list 4 permit 65000:4
> > > ip community-list 14 permit 65000:14
> > > ip as-path access-list 100 permit ^$
> > > ip as-path access-list 100 deny all
> > > !
> > > !
> > > ip prefix-list ROUTE_SOURCE seq 5 permit 192.168.0.22/32
> > > access-list 10 permit 192.168.0.22
> > > access-list 10 deny any
> > > access-list 20 permit 192.168.0.6
> > > access-list 20 deny any
> > > route-map set-med-high permit 10
> > > set metric 100
> > > !
> > > route-map set-loc-pref permit 10
> > > match community 4
> > > set local-preference 200
> > > !
> > > route-map set-loc-pref permit 20
> > > match community 14
> > > !
> > > route-map ebgp-in permit 10
> > > match extcommunity 1
> > > set extcomm-list 1 delete
> > > set extcommunity rt 65001:1
> > > !
> > > route-map ebgp-out permit 10
> > > match as-path 100
> > > !
> > > route-map ebgp-out deny 20
> > > !
> > > route-map set-med-low permit 10
> > > set metric 50
> > >
> > > ----------------------------------------------
> > >
> > > tim
> > >
> > >
> > >
> > > At 08:30 AM 8/12/2004 -0500, Timothy.Hall at alltel.com wrote:
> > >> Here is the debug output for the GSR (sender):
> > >
> > > One more question
> > >
> > > Are you setting the MEDs on the ASBR(GSR) or is it set somewhere else
> > > in 65000. relevant configs from GSR and 7200 would be helpful as well.
> > > Thans
> > > Zaheer
> > >
> > >
> > >> *Aug 12 11:41:09.418: %BGP-5-ADJCHANGE: neighbor 10.0.200.2 Up
> > >> r19#
> > >> *Aug 12 11:41:09.418: BGP(2): 10.0.200.2 send UPDATE (format)
> > >> 192.168.0.22:1:10.0.133.0/30, next 10.0.200.1, metric 50, path ,
> > >> extended community RT:65001:1 *Aug 12 11:41:09.418: BGP(2):
> > >> 10.0.200.2 send UPDATE (format) 192.168.0.6:1:10.0.136.0/30, next
> > >> 10.0.200.1, metric 100, path , extended community RT:65001:1
> > >>
> > >> Here is the debug output for the 7200 (receiver):
> > >>
> > >> w0d: BGP: Import walker start version 1, end version 3
> > >> 1w0d: BGP: ... start import cfg version = 2
> > >> 1w0d: BGP: Prefix 192.168.0.6:1:10.0.136.0/30 to be imported as
> > >> 0:0:10.0.136.0/30 -- Permitted
> > >> nexthop 10.0.200.1, origin i, path 65001, extended community
> > >> RT:65001:1 1w0d: Path added 1w0d: BGP: Prefix
> > >> 192.168.0.22:1:10.0.133.0/30 to be imported as 0:0:10.0.133.0/30 --
> > >> Permitted
> > >> nexthop 10.0.200.1, origin ?, path 65001, extended community
> > >> RT:65001:1 1w0d: Path added 1w0d: BGP(2): Revise route installing 1
> > >> of 1 route for 10.0.133.0/30 ->
> > >> 10.0.200.1 to test IP table
> > >> 1w0d: BGP(2): Revise route installing 1 of 1 route for 10.0.136.0/30
> > >> ->
> > >> 10.0.200.1 to test IP table
> > >>
> > >> Last, here is the sh ip bgp vpnv4 * output:
> > >>
> > >> Network Next Hop Metric LocPrf Weight Path
> > >> Route Distinguisher: 0:0
> > >> *> 10.0.133.0/30 10.0.200.1 0 65001 ?
> > >> *> 10.0.136.0/30 10.0.200.1 0 65001 i
> > >>
> > >> As you can see, metric appears to be sent, but not received???
> > >>
> > >> tim
> > >>
> > >>
> > >>
> > >> At 04:20 PM 8/11/2004 -0500, Timothy.Hall at alltel.com wrote:
> > >>> We are having a problem with some lab testing. We set up two AS's
> > >>> doing interprovider VPN, each AS has two ASBR's. The ASBR's are set
> > >>> up with ebgp advertising only the vpnv4 routes. We set the MED for
> > >>> the routes so that we would know which inter-AS link traffic would
> > >>> take. One border router is an M-series, the other is a GSR. Problem
> > >>> is the GSR is not sending the vpn routes with the MED set. The
> > >>> debug ip bgp update output shows that the MED is set and the router
> > >>> thinks it is advertising properly, however the other side does not
> > >>> indicate that it is receiving the MED attribute. Also, it doesn'ty
> > >>> matter whether the receiving router is an M-series or a Cisco
> > >>> router. Problem occurs in both cases.
> > >>
> > >> Please provide the debugs from sender and receiver for any one of
> > >> the prefixes in question.
> > >>
> > >> Zaheer
> > >>
> > >>
> > >>> GSR is running 12.0(27)S2.
> > >>>
> > >>> Anyone have any ideas?
> > >>>
> > >>> Thanks,
> > >>> Tim
> > >>>
> > >>>
> >************************************************************************
> >*
> > >>> ***************** The information contained in this message,
> > >>> including attachments, may contain privileged or confidential
> > >>> information that is intended to be delivered only to the person
> > >>> identified above. If you are not the intended recipient, or the
> > >>> person responsible for delivering this message to the intended
> > >>> recipient, ALLTEL requests that you immediately notify the sender
> > >>> and asks that you do not read the message or its attachments, and
> > >>> that you delete them without copying or sending them to anyone
> > >>> else.
> > >>>
> > >>>
> > >>> _______________________________________________
> > >>> cisco-nsp mailing list cisco-nsp at puck.nether.net
> > >>> https://puck.nether.net/mailman/listinfo/cisco-nsp
> > >>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >>
> > >>
> >************************************************************************
> >******************
> > >> The information contained in this message, including attachments,
> > >> may contain privileged or confidential information that is intended
> > >> to be delivered
> > >> only to the
> > >> person identified above. If you are not the intended recipient, or
> > >> the person responsible for delivering this message to the intended
> > >> recipient, ALLTEL requests that you immediately notify the sender
> > >> and asks that you do not read the message or its attachments, and
> > >> that you delete them without copying or sending them to anyone else.
> > >>
> > >>
> > >> _______________________________________________
> > >> cisco-nsp mailing list cisco-nsp at puck.nether.net
> > >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> > >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >
> > >
> >************************************************************************
> >******************
> > > The information contained in this message, including attachments, may
> > > contain privileged or confidential information that is intended to be
> > > delivered only to the person identified above. If you are not the
> > > intended recipient, or the person responsible for delivering this
> > > message to the intended recipient, ALLTEL requests that you
> > > immediately notify the sender and asks that you do not read the
> > > message or its attachments, and that you delete them without copying
> > > or sending them to anyone else.
> > >
> > >
> > > _______________________________________________
> > > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>******************************************************************************************
>The information contained in this message, including attachments, may contain
>privileged or confidential information that is intended to be delivered
>only to the
>person identified above. If you are not the intended recipient, or the person
>responsible for delivering this message to the intended recipient, ALLTEL
>requests
>that you immediately notify the sender and asks that you do not read the
>message or its
>attachments, and that you delete them without copying or sending them to
>anyone else.
More information about the cisco-nsp
mailing list