[c-nsp] Cisco ASR BGP within the box question
Joe Maimon
jmaimon at ttec.com
Mon Aug 2 11:23:20 EDT 2010
I sure hope you have better luck than I did.
http://www.mail-archive.com/cisco-nsp@puck.nether.net/msg20125.html
Steven.Glogger at swisscom.com wrote:
> hi all
>
> just a short question (related to a quite new feature from cisco).
> with the new cisco ASR software (15.0(1)S - released some days ago) it is able to do BGP on the same box.
> we need this feature because we use the VASI interfaces to bring and filter traffic from one VRF to another VRF and performing firewalling (ZBF).
>
> basically we have on the box:
> [VRF_A via vasileft1]--[VRF_B via vasiright1]
>
> and the box itself speaks BGP on VRF_B with some RR's:
> [ASRBox] ---- (RR) ---- [anotherbox]
>
> the fun part is, if you want to announce (e.g. 0.0.0.0/0) from VRF_B (announced from anotherbox) to VRF_A it should be possible now with that new feature.
>
> according to BGP I need to configure the VRF_A peer as route-reflector-client so the routes from the anotherbox get reflected via RR to VRF_B.
>
> but, it seems that the router itself needs to be tricked, since he thinks that both peers are in the same route-reflector cluster ("DENIED due to: reflected from the same cluster"):
>
> Aug 2 13:35:03: BGP(0): 213.3.246.33 send UPDATE (format) 0.0.0.0/0, next 10.62.112.65, metric 0, path 44038 3303, extended community RT:65501:1702
>
> Aug 2 13:35:03: BGP(0): 213.3.246.34 rcv UPDATE w/ attr: nexthop 10.62.112.65, origin i, localpref 250, metric 0, originator 10.62.112.65, clusterlist 10.62.112.79 10.62.112.17, merged path 44038 3303, AS_PATH , community
>
> Aug 2 13:35:03: BGP(0): 213.3.246.34 rcv UPDATE about 0.0.0.0/0 -- DENIED due to: reflected from the same cluster;
>
> Aug 2 13:35:03: BGP: 213.3.246.34 Modifying prefix 0.0.0.0/0 from 0 -> 4 address
>
>
> so, this is my config:
>
>
> config:
> <snip>
> interface vasileft1
> ip vrf forwarding VRF_A
> ip address 10.0.0.1 255.255.255.252
> zone-member security VASILEFT
> !
> interface vasiright1
> ip vrf forwarding VRF_B
> ip address 10.0.0.2 255.255.255.252
> zone-member security VASIRIGHT
> !
>
> router bgp 65501
> address-family ipv4 vrf IABIP-
> bgp router-id 10.0.0.1
> redistribute connected
> redistribute static
> neighbor 10.0.0.2 remote-as 65501
> neighbor 10.0.0.2 update-source vasileft1
> neighbor 10.0.0.2 activate
> neighbor 10.0.0.2 send-community both
> neighbor 10.0.0.2 next-hop-self
>
> exit-address-family
> !
> address-family ipv4 vrf IACYP-
> import path selection multipaths
> bgp router-id 10.0.0.2
> redistribute connected
> redistribute static route-map SET-PREFIX-SoO
> neighbor 10.0.0.1 remote-as 65501
> neighbor 10.0.0.1 update-source vasiright1
> neighbor 10.0.0.1 activate
> neighbor 10.0.0.1 send-community both
> neighbor 10.0.0.1 next-hop-self
> exit-address-family
> </snip>
>
>
>
>
> what does not works:
> - having another AS number on the same box (otherwise eBGP would be possible)
> - client-to-client reflection
> - magic stuff in route-map
> - setting different cluster-id's for different address-families
> - nothing found in the release notes: http://www.cisco.com/en/US/docs/ios/ios_xe/3/release/notes/asr1k_rn_3s_rel_notes.html
>
> so, does anyone knows a nice hidden command to disable this cluster-checking on a per-peer basis or so?
>
>
> -steven
>
>
>
>
More information about the cisco-nsp
mailing list