[c-nsp] BGP quandry

Justin Shore justin at justinshore.com
Wed Jun 17 23:08:48 EDT 2009 

I'm scratching my head on a BGP problem.  I have a pair of core routers 
and a pair of distribution routers in our data center.  The DC routers 
each have a single connection to the core routers (1 connection per 
pair).  Previously the DC routers were configured as route-reflector 
clients with a route-map stripping out all ipv4 routes but the default. 
  The links are MPLS-enabled and I have production MPLS/VPNs on the 
links currently that are working fine.  It's fairly straightforward. 
Upstream of the core routers are a pair of border routers.  The border 
and core routers are in a full mesh.

Now I'm trying to hang a new router off of one of the data center 
routers and extend our BGP environment to it.  I've configured it to be 
part of a confederation (that router will ultimately have a direct 
Internet peer and will need full routes).  I'm currently hopping over 
the DC router and going straight to a core router for that eBGP 
confederation connection.  However I now need to access a MPLS/VPN from 
the new router in our data center.  So it basically looks like this:

A     B
|\   /|
| \ / |
|  /\ |
| /  \|
C-----D
|     |
E     F
       |
       G

A	Border 1
B	Border 2
C	Core 1
D	Core 2
E	DC 1
F	DC 2
G	New Router

A-D are currently a full mesh and I'd like to extend that to A-F.  G is 
the beginning of a confederation and new AS.

I'm taking the opportunity to go back and eliminate the RR design from 
the DC and make those 2 routers part of the full mesh with the core and 
border routers.  I've removed the RR config from one of the DC routers 
and its directly connected core router and replaced it with my standard 
ibgp peer-group.  The session comes up but I'm not getting any vpnv4 
routes over the session.  I can't figure out what I'm overlooking.

Core:
  neighbor ibgp-peer peer-group
  neighbor ibgp-peer remote-as 65001
  neighbor ibgp-peer transport path-mtu-discovery
  neighbor ibgp-peer password 7 monkey
  neighbor ibgp-peer update-source Loopback0
  neighbor ibgp-peer version 4
  neighbor ibgp-peer send-community
  neighbor ibgp-peer soft-reconfiguration inbound
  neighbor ibgp-peer maximum-prefix 350000 80 warning-only
  neighbor 10.64.0.34 peer-group ibgp-peer
  neighbor 10.64.0.34 description iBGP to 7201-1.dc (65001)
  neighbor 10.64.0.34 default-originate
!
  address-family vpnv4
  neighbor ibgp-peer send-community extended
  neighbor 10.64.0.34 activate
  exit-address-family

I added the last activate for grins but it didn't help.  peer-groups are 
auto-activated which is why it's not explicitly spelled out in the vpn4 
statement.

DC:
  neighbor ibgp-peer peer-group
  neighbor ibgp-peer remote-as 65001
  neighbor ibgp-peer transport path-mtu-discovery
  neighbor ibgp-peer password 7 monkey
  neighbor ibgp-peer update-source Loopback0
  neighbor ibgp-peer version 4
  neighbor 10.64.0.20 peer-group ibgp-peer
  neighbor 10.64.0.20 description iBGP to 7613-2.clr (65001)
!
  address-family ipv4
   neighbor ibgp-peer send-community
   neighbor ibgp-peer soft-reconfiguration inbound
   neighbor ibgp-peer maximum-prefix 350000 80 warning-only
   neighbor 10.64.0.20 activate
  exit-address-family
  !
  address-family vpnv4
   neighbor ibgp-peer send-community extended
  exit-address-family


I've removed several things of course.  Does anything jump out at 
anyone?  I'm having difficulty finding a command to see what prefixes 
I'm advertising inside of a vrf to the remote peer.  All I get on the DC 
router is the connected and static prefixes.  Do peer-groups and vpnv4 
routes not mix?

Thanks
  Justin

More information about the cisco-nsp mailing list