[c-nsp] inter-as mp-bgp with ttl-security issue
Vitkovsky, Adam
avitkovsky at emea.att.com
Tue Jan 3 11:51:37 EST 2012
I just ran across this issue again so I decided to find some reasonable explanation if there's one
I've just set up a vpnv4 session between two inter-as route-reflectors (7200s runing 12.2(33)SRE4)
Since it's MP-eBGP session I either can use "ebgp-multihop" or "ttl-security" to manipulate the ttl in bgp packets allowing them to pas between AS domains
Now here's the catch:
If I decide to use "ttl-security" in the session template on both ends I won't get routing updates across the established session
Reason according to debug: -- DENIED due to: non-connected MP_REACH NEXTHOP;, label 18
-which is not true as the Inter-AS-route-reflector has a route to the originating PE in the other AS route is pointing to the ASBR connecting to the other AS
And the label-switched-path exist as verified by the mpls ping between the inter-as-route-reflector and the PE in other AS
However when I deconfigure the "ttl-security" and use "ebgp-multihop" instead and reset the session I'll get all the inter-as vpnv4 routes -no issues
Adam Vitkovsky CCIP(r) CCNP(r) certified
System Engineer | AT&T Business Solutions - Global Customer Service
Phone: +421-269-257-375
Email: av0025 at att.com<mailto:av0025 at att.com>
"This message and any attachments to it contain confidential business information intended solely for the recipients. If you have received this email in error please do not forward or distribute it to anyone else, but email me to report the error, and then delete this message from your system."
More information about the cisco-nsp
mailing list