[c-nsp] Filtering OSPF routes from MPBGP to BGP speaker in thesame VRF
Jason Lixfeld
jason at lixfeld.ca
Sun Feb 26 08:41:24 EST 2012
On 2012-02-26, at 4:14 AM, Oliver Boehmer (oboehmer) wrote:
> iBGP as PE-CE routing protocol is not officially supported in IOS (i.e.
> between a real L3VPN PE and a CE as described in
> draft-marques-l3vpn-ibgp. running it in vrf-lite is supported for most
> scenarios, IIRC), and you might already have noticed this as you might
> have needed to tweak the next-hop manually?
I had't actually gotten that far in the lab quite yet. I'm still only at the point of having a BGP table on the PEs that included more than just OSPF routes within that VRF and not being able to filter those OSPF routes them from appearing in the CE BGP table.
> Having said this, I'm not
> sure what prevented you from filtering out the prefixes based on some
> regular communities you have set when redistributing the OSPF prefixes
> to MP-BGP on the ingress PE1? Can you share some config examples?
Adding the community to the OSPF routes isn't the problem. Filtering out that community from being announced to a PE-CE iBGP session is where the problems arise.
Here's an OSPF route redistributed into MPBGP with the community 1 filtering hook added:
ASR.2#sh ip bgp vpnv4 vrf Inetv4 11.11.11.1
BGP routing table entry for 21949:4:11.11.11.1/32, version 24
Paths: (2 available, best #2, table Inetv4)
Flag: 0x820
Advertised to update-groups:
1 2
Local
10.0.0.5 (metric 20) from 10.0.0.5 (10.0.0.5)
Origin incomplete, metric 31, localpref 100, valid, internal
Community: 1
Extended Community: RT:21949:4 OSPF DOMAIN ID:0x0005:0x000000640200
OSPF RT:0.0.0.0:5:0 OSPF ROUTER ID:10.0.0.7:0
mpls labels in/out 41/48
Local
9.20.255.4 from 0.0.0.0 (10.0.0.6)
Origin incomplete, metric 31, localpref 100, weight 32768, valid, sourced, best
Community: 1
Extended Community: RT:21949:4 OSPF DOMAIN ID:0x0005:0x000000640200
OSPF RT:0.0.0.0:5:0 OSPF ROUTER ID:10.0.0.8:0
mpls labels in/out 41/nolabel
ASR.2#
The intention is to prevent that route from being advertised to neighbor 9.20.255.4 inside vrf Inetv4:
ASR.2#sh run | s router bgp
router bgp 21949
bgp log-neighbor-changes
neighbor 10.0.0.5 remote-as 21949
neighbor 10.0.0.5 update-source Loopback0
!
address-family ipv4
neighbor 10.0.0.5 activate
neighbor 10.0.0.5 send-community both
neighbor 10.0.0.5 next-hop-self
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 10.0.0.5 activate
neighbor 10.0.0.5 send-community both
exit-address-family
!
address-family ipv4 vrf Inetv4
redistribute connected
redistribute static
redistribute ospf 100 vrf Inetv4 match internal external 1 external 2 nssa-external 1 nssa-external 2 route-map OSPFtoBGP
neighbor 9.20.255.4 remote-as 21949
neighbor 9.20.255.4 activate
neighbor 9.20.255.4 send-community both
neighbor 9.20.255.4 route-reflector-client
neighbor 9.20.255.4 next-hop-self
neighbor 9.20.255.4 route-map NOOSPF out
no synchronization
network 9.20.255.0 mask 255.255.255.0
network 10.0.0.0 mask 255.255.255.0
exit-address-family
!
ASR.2#sh run | b route-map NOOSPF
route-map NOOSPF deny 10
match community 1
route-map NOOSPF permit 20
ASR.2#
But on 7600.2/9.20.255.4/CE I still see the route tagged with community 1 even though it should be filtered on ASR.2 via route-map NOOSPF:
7600.2#sh ip bgp 11.11.11.1
BGP routing table entry for 11.11.11.1/32, version 253
Paths: (2 available, best #1, table Default-IP-Routing-Table, RIB-failure(17))
Flag: 0xBC0
Advertised to update-groups:
1
Local, (Received from a RR-client)
9.20.255.5 from 9.20.255.5 (10.0.0.6)
Origin incomplete, metric 31, localpref 100, valid, internal, best
Community: 1
Extended Community: RT:21949:4 OSPF DOMAIN ID:0x0005:0x000000640200
OSPF RT:0.0.0.0:5:0 OSPF ROUTER ID:10.0.0.8:0
Local
9.20.255.3 (metric 11) from 10.0.0.3 (10.0.0.3)
Origin incomplete, metric 31, localpref 100, valid, internal
Community: 1
Extended Community: RT:21949:4 OSPF DOMAIN ID:0x0005:0x000000640200
OSPF RT:0.0.0.0:5:0 OSPF ROUTER ID:10.0.0.7:0
Originator: 10.0.0.5, Cluster list: 10.0.0.3
7600.2#
More information about the cisco-nsp
mailing list