[c-nsp] MP-BGP and route leaking on MPLS problem
Fernando García Fernández
listas at cutre.net
Thu Aug 14 05:33:54 EDT 2014
Hello
I’m working with a BGP/MPLS lab and I found one “trivial” problem (I’m working with dynamips but I think is not related).
The scenario is:
CE <-> PE1 <-> P <-> PE2
PE2 will be connected to Internet, but currently I’m using loopback 2 for testing.
What I wanna do is:
- In PE2 make a route leaking from VRF TAG to the global routing table (GRT from now on)
- In PE2 make a route leaking from GRT to VRF TAG (specifically of 172.16.7.0/30, loopback 2)
- I’m using import/export ipv4 unicast map on version 15.2(4)S1 that support it.
- I expected the leaked routes from GRT in VRF TAG to be distributed through VRF TAG and receive them in the CE
- But this routes didn’t arrive to PE1. Why?
The relevant information.
Complete configurations for PE1 and PE2 (P only speak LDP):
———————————————————————————————————————————————————————————————————————
PE1
———————————————————————————————————————————————————————————————————————
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname PE1
!
boot-start-marker
boot-end-marker
!
!
vrf definition TAG
rd 65000:106
route-target export 65000:106
route-target import 65000:106
!
address-family ipv4
import ipv4 unicast map GLOBAL_TAG
export ipv4 unicast map TAG_GLOBAL
exit-address-family
!
!
no aaa new-model
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
ipv6 multicast rpf use-bgp
!
!
mpls label protocol ldp
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.0.0.4 255.255.255.255
!
interface Loopback1
vrf forwarding TAG
ip address 10.100.0.4 255.255.255.255
!
interface Loopback2
no ip address
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
vrf forwarding TAG
ip address 172.16.7.5 255.255.255.252
speed auto
duplex auto
!
interface FastEthernet1/1
ip address 192.168.6.1 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet2/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet2/1
ip address 192.168.7.1 255.255.255.0
speed auto
duplex auto
mpls ip
!
router ospf 10
network 10.0.0.0 0.0.0.255 area 0
network 192.168.0.0 0.0.255.255 area 0
!
router bgp 65000
bgp log-neighbor-changes
neighbor 10.0.0.7 remote-as 65000
neighbor 10.0.0.7 update-source Loopback0
!
address-family ipv4
network 10.0.0.4 mask 255.255.255.255
network 10.100.0.4 mask 255.255.255.255
network 172.16.7.4 mask 255.255.255.252
no neighbor 10.0.0.7 activate
exit-address-family
!
address-family vpnv4
neighbor 10.0.0.7 activate
neighbor 10.0.0.7 send-community both
exit-address-family
!
address-family ipv4 vrf TAG
network 10.100.0.4 mask 255.255.255.255
network 172.16.7.4 mask 255.255.255.252
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
ip prefix-list PL_GLOBAL_TAG seq 10 permit 10.0.0.4/32
ip prefix-list PL_GLOBAL_TAG seq 20 permit 172.16.7.4/30
!
ip prefix-list PL_TAG_GLOBAL seq 10 permit 10.100.0.0/24 le 32
ip prefix-list PL_TAG_GLOBAL seq 20 permit 172.16.7.4/30
!
route-map TAG_GLOBAL permit 10
match ip address prefix-list PL_TAG_GLOBAL
!
route-map GLOBAL_TAG permit 10
match ip address prefix-list PL_GLOBAL_TAG
!
!
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
transport input all
!
!
end
———————————————————————————————————————————————————————————————————————
PE2
———————————————————————————————————————————————————————————————————————
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname PE2
!
boot-start-marker
boot-end-marker
!
!
vrf definition TAG
rd 65000:106
route-target export 65000:106
route-target import 65000:106
!
address-family ipv4
import ipv4 unicast map GLOBAL_TAG
export ipv4 unicast map TAG_GLOBAL
exit-address-family
!
!
no aaa new-model
ip cef
!
no ipv6 cef
ipv6 multicast rpf use-bgp
!
!
mpls label protocol ldp
multilink bundle-name authenticated
!
interface Loopback0
ip address 10.0.0.7 255.255.255.255
!
interface Loopback1
vrf forwarding TAG
ip address 10.100.0.7 255.255.255.255
!
interface Loopback2
ip address 172.16.7.1 255.255.255.252
!
interface FastEthernet0/0
no ip address
duplex half
!
interface FastEthernet1/0
ip address 192.168.9.2 255.255.255.0
speed auto
duplex auto
mpls ip
!
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
!
router ospf 10
network 10.0.0.0 0.0.0.255 area 0
network 192.168.0.0 0.0.255.255 area 0
!
router bgp 65000
bgp log-neighbor-changes
neighbor 10.0.0.4 remote-as 65000
neighbor 10.0.0.4 update-source Loopback0
!
address-family ipv4
network 10.0.0.7 mask 255.255.255.255
network 10.100.0.7 mask 255.255.255.255
network 172.16.7.0 mask 255.255.255.252
no neighbor 10.0.0.4 activate
exit-address-family
!
address-family vpnv4
neighbor 10.0.0.4 activate
neighbor 10.0.0.4 send-community both
exit-address-family
!
address-family ipv4 vrf TAG
network 10.100.0.7 mask 255.255.255.255
network 172.16.7.0 mask 255.255.255.252
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 172.16.7.4 255.255.255.252 Loopback1
!
!
ip prefix-list PL_GLOBAL_TAG seq 10 permit 10.0.0.7/32
ip prefix-list PL_GLOBAL_TAG seq 20 permit 172.16.7.0/30
!
ip prefix-list PL_TAG_GLOBAL seq 10 permit 10.100.0.0/24 le 32
ip prefix-list PL_TAG_GLOBAL seq 20 permit 172.16.7.0/24 le 32
!
route-map TAG_GLOBAL permit 10
match ip address prefix-list PL_TAG_GLOBAL
!
route-map GLOBAL_TAG permit 10
match ip address prefix-list PL_GLOBAL_TAG
!
!
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
transport input all
!
!
end
———————————————————————————————————————————————————————————————————————
Show ip route from the GRT and VRF table on both PEs. What’s interesting is that we se 172.16.7.0/30 in both table in PE2:
GRT
C 172.16.7.0/30 is directly connected, Loopback2
VRF TAG
B 172.16.7.0/30 is directly connected, 01:12:39, Loopback2
But is not in PE1.
In PE2:
———————————————————————————————————————————————————————————————————————
PE2#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
10.0.0.0/32 is subnetted, 4 subnets
O 10.0.0.4 [110/3] via 192.168.9.1, 01:13:40, FastEthernet1/0
O 10.0.0.6 [110/2] via 192.168.9.1, 01:15:05, FastEthernet1/0
C 10.0.0.7 is directly connected, Loopback0
B 10.100.0.7 is directly connected, 01:12:27, Loopback1
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
C 172.16.7.0/30 is directly connected, Loopback2
L 172.16.7.1/32 is directly connected, Loopback2
S 172.16.7.4/30 is directly connected, Loopback1
O 192.168.6.0/24 [110/3] via 192.168.9.1, 01:13:40, FastEthernet1/0
O 192.168.7.0/24 [110/2] via 192.168.9.1, 01:15:05, FastEthernet1/0
O 192.168.8.0/24 [110/2] via 192.168.9.1, 01:15:05, FastEthernet1/0
192.168.9.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.9.0/24 is directly connected, FastEthernet1/0
L 192.168.9.2/32 is directly connected, FastEthernet1/0
PE2#show ip route vrf TAG
Routing Table: TAG
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
10.0.0.0/32 is subnetted, 3 subnets
B 10.0.0.7 is directly connected, 01:12:39, Loopback0
B 10.100.0.4 [200/0] via 10.0.0.4, 01:12:39
C 10.100.0.7 is directly connected, Loopback1
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
B 172.16.7.0/30 is directly connected, 01:12:39, Loopback2
L 172.16.7.1/32 is directly connected, Loopback2
B 172.16.7.4/30 [200/0] via 10.0.0.4, 01:12:39
———————————————————————————————————————————————————————————————————————
In PE1:
———————————————————————————————————————————————————————————————————————
PE1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
10.0.0.0/32 is subnetted, 4 subnets
C 10.0.0.4 is directly connected, Loopback0
O 10.0.0.6 [110/2] via 192.168.7.2, 01:15:16, FastEthernet2/1
O 10.0.0.7 [110/3] via 192.168.7.2, 01:15:16, FastEthernet2/1
B 10.100.0.4 is directly connected, 01:14:18, Loopback1
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
B 172.16.7.4/30 is directly connected, 01:14:18, FastEthernet1/0
L 172.16.7.5/32 is directly connected, FastEthernet1/0
192.168.6.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.6.0/24 is directly connected, FastEthernet1/1
L 192.168.6.1/32 is directly connected, FastEthernet1/1
192.168.7.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.7.0/24 is directly connected, FastEthernet2/1
L 192.168.7.1/32 is directly connected, FastEthernet2/1
O 192.168.8.0/24 [110/2] via 192.168.7.2, 01:15:16, FastEthernet2/1
O 192.168.9.0/24 [110/2] via 192.168.7.2, 01:15:16, FastEthernet2/1
PE1#show ip route vrf TAG
Routing Table: TAG
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
10.0.0.0/32 is subnetted, 3 subnets
B 10.0.0.4 is directly connected, 01:14:26, Loopback0
C 10.100.0.4 is directly connected, Loopback1
B 10.100.0.7 [200/0] via 10.0.0.7, 01:14:11
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.7.4/30 is directly connected, FastEthernet1/0
L 172.16.7.5/32 is directly connected, FastEthernet1/0
———————————————————————————————————————————————————————————————————————
We can see that PE2 doesn’t announce to PE1:
PE2#show ip bgp vpnv4 all neighbors 10.0.0.4 advertised-routes
BGP table version is 8, local router ID is 172.16.7.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 65000:106 (default for vrf TAG)
Import Map: GLOBAL_TAG, Address-Family: IPv4 Unicast, Pfx Count/Limit: 2/1000
Export Map: TAG_GLOBAL, Address-Family: IPv4 Unicast, Pfx Count/Limit: 3/1000
*> 10.100.0.7/32 0.0.0.0 0 32768 i
Any hint????
More information about the cisco-nsp
mailing list