[c-nsp] Cisco and Juniper - BGP MPLS L2VPN VPLS interoperability

Aaron aaron1 at gvtc.com
Wed Dec 2 12:37:15 EST 2015 

Is it normal for a Route Reflector to reflect routes back to the client that
send them in the first place ?  I'm still trying to figure out why this
ME3600 is resetting it's bgp session so I enabled some debugs and am
wondering if something weird is happening here with this ME3600 and this
version of IOS...

Like I said before, I bring up BGP L2VPN Address Family on a Juniper ACX5048
or MX104 and then terrible things happen to my ME3600's that run 15.2.(4)S3
and S5 ... BUT, not S1.  15.2(4)S1 is fine.  Also ASR920 with IOS XE
03.15.00.S is fine.

This ME3600 is 10.101.12.251 and does have a bgp-based l2vpn with the
following info...

interface Loopback0
 ip address 10.101.12.251 255.255.255.255

eng-lab-3600-1#sh bgp l2vpn vpls al
...
     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 64512:10920
 *>  64512:10920:10.101.12.251/96
                       0.0.0.0                            32768 ?

eng-lab-3600-1#sh run | sec l2 vfi
l2 vfi v920 autodiscovery
 vpn id 10920
 shutdown

eng-lab-3600-1#sh vfi
...
VFI name: v920, state: admindown, type: multipoint, signaling: LDP
  VPN ID: 10920, VPLS-ID: 64512:10920
  RD: 64512:10920, RT: 64512:10920
  Bridge-Domain 920 attachment circuits:
    Vlan920
  Neighbors connected via pseudowires:
  Peer Address     VC ID        Discovered Router ID    S

********* ....so now that you know that this ME3600 is generating
64512:10920:10.101.12.251/96 NLRI, now see bgp debugs on this ME below....

Dec  2 17:18:57.848: BGP(9): (base) 10.101.0.254 send UPDATE (format)
64512:10920:10.101.12.251/96, next 10.101.12.251, metric 0, path Local,
extended community RT:64512:10920 L2VPN AGI:64512:10920
Dec  2 17:18:57.852: BGP(4): (base) 10.101.0.254 send UPDATE (format)
10.101.12.251:1:172.30.176.80/28, next 10.101.12.251, label 393, metric 0,
path Local, extended community RT:1:1
Dec  2 17:18:57.852: BGP(4): (base) 10.101.0.254 send UPDATE (format)
10.101.12.251:6:2.2.2.0/24, next 10.101.12.251, label 411, metric 0, path
Local, extended community RT:6:6
Dec  2 17:19:02.848: BGP(9): 10.101.0.254 rcv UPDATE w/ attr: nexthop
10.101.12.251, origin ?, localpref 100, metric 0, originator 10.101.12.251,
clusterlist 10.101.0.254, merged path , AS_PATH , community , extended
community RT:64512:10920 L2VPN AGI:64512:10920, SSA attribute
Dec  2 17:19:02.848: BGPSSA ssacount is 0
**********************************************
*** SEE HERE PLEASE, it seems that right when I rcv a UPDATE from the RR
(10.101.0.254), in that same time stamp Dec  2 17:19:02.848 I see BGP
Closing.  Is this coincidental ? or is this ME3600 running this version of
software not able to deal with this ? and also, what in the world does the
juniper got to do with this , such that when I enable bgp l2vpn on the
juniper, this phenomena begins !
**********************************************
Dec  2 17:19:02.848: BGP(9): 10.101.0.254 rcv UPDATE about
64512:10920:10.101.12.251/96 -- DENIED due to: ORIGINATOR is us; MP_REACH
NEXTHOP is our own address;
Dec  2 17:19:02.848: BGP: 10.101.0.254 went from Established to Closing
Dec  2 17:19:02.852: %BGP-3-NOTIFICATION: sent to neighbor 10.101.0.254 3/10
(illegal network) 1 bytes 00
Dec  2 17:19:02.852: BGP: ses global 10.101.0.254 (0x1132A048:1) Send
NOTIFICATION 3/10 (illegal network) 1 bytes 00
Dec  2 17:19:02.852: %BGP-4-MSGDUMP: unsupported or mal-formatted message
received from 10.101.0.254:
FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 006A 0200 0000 5390 0E00 2000 1941
040A
650C F500 0015 0001 0A65 0CF5 8000 0001 0001 0002 C350 0101 0002 0040 0101
0040
0200 4005 0400 0000 64C0 1010 800A 0502 0000 0064 0002 FFFF 0000 2774 800A
040A
6500 FE80 0904 0A65 0CF5
Dec  2 17:19:07.064: BGP: 10.101.0.254 local error close after sending
NOTIFICATION
Dec  2 17:19:07.064: %BGP-5-NBR_RESET: Neighbor 10.101.0.254 reset (BGP
Notification sent)
Dec  2 17:19:07.064: BGP: nbr_topo global 10.101.0.254 VPNv4 Unicast:base
(0x1132A048:1) NSF delete stale NSF not active
Dec  2 17:19:07.064: BGP: nbr_topo global 10.101.0.254 VPNv4 Unicast:base
(0x1132A048:1) NSF no stale paths state is NSF not active
Dec  2 17:19:07.064: BGP: nbr_topo global 10.101.0.254 VPNv4 Unicast:base
(0x1132A048:1) Resetting ALL counters.
Dec  2 17:19:07.064: BGP: nbr_topo global 10.101.0.254 L2VPN Vpls:base
(0x1132A048:1) NSF delete stale NSF not active
Dec  2 17:19:07.064: BGP: nbr_topo global 10.101.0.254 L2VPN Vpls:base
(0x1132A048:1) NSF no stale paths state is NSF not active
Dec  2 17:19:07.064: BGP: nbr_topo global 10.101.0.254 L2VPN Vpls:base
(0x1132A048:1) Resetting ALL counters.
Dec  2 17:19:07.064: BGP: 10.101.0.254 closing
Dec  2 17:19:07.064: BGP: ses global 10.101.0.254 (0x1132A048:1) Session
close and reset neighbor 10.101.0.254 topostate
Dec  2 17:19:07.064: BGP: nbr_topo global 10.101.0.254 L2VPN Vpls:base
(0x1132A048:1) Resetting ALL counters.
Dec  2 17:19:07.064: BGP: ses global 10.101.0.254 (0x1132A048:1) Session
close and reset neighbor 10.101.0.254 topostate
Dec  2 17:19:07.064: BGP: nbr_topo global 10.101.0.254 VPNv4 Unicast:base
(0x1132A048:1) Resetting ALL counters.
Dec  2 17:19:07.064: BGP: 10.101.0.254 went from Closing to Idle
Dec  2 17:19:07.064: %BGP-5-ADJCHANGE: neighbor 10.101.0.254 Down BGP
Notification sent
Dec  2 17:19:07.064: %BGP_SESSION-5-ADJCHANGE: neighbor 10.101.0.254 L2VPN
Vpls topology base removed from session  BGP Notification sent
Dec  2 17:19:07.064: BGP: ses global 10.101.0.254 (0x1132A048:1) Removed
topology L2VPN Vpls:base
Dec  2 17:19:07.064: %BGP_SESSION-5-ADJCHANGE: neighbor 10.101.0.254 VPNv4
Unicast topology base removed from session  BGP Notification sent
Dec  2 17:19:07.064: BGP: ses global 10.101.0.254 (0x1132A048:1) Removed
topology VPNv4 Unicast:base
Dec  2 17:19:07.064: BGP: ses global 10.101.0.254 (0x1132A048:1) Removed
last topology
Dec  2 17:19:07.064: BGP: nbr global 10.101.0.254 Open active delayed
14336ms (35000ms max, 60% jitter)
Dec  2 17:19:07.064: BGP: nbr global 10.101.0.254 Active open failed - open
timer running
u all
All possible debugging has been turned off


Aaron


-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
Aaron
Sent: Friday, November 20, 2015 12:33 PM
To: 'Mohammad Khalil'; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Cisco and Juniper - BGP MPLS L2VPN VPLS
interoperability

Yes thanks Mohammad, I did that a while back or else IOS and IOS XR would
not neighbor up on l2vpn af connection.

 

Aaron

 

Interoperability Between Cisco IOS XR and Cisco IOS on VPLS LDP Signaling
http://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-1/lxvpn/con
figuration/guide/vc41crs/vc41vpls.html#pgfId-1331672

 

 

 

From: Mohammad Khalil [mailto:eng_mssk at hotmail.com]
Sent: Friday, November 20, 2015 12:28 PM
To: Aaron; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] Cisco and Juniper - BGP MPLS L2VPN VPLS
interoperability

 

Hi 

did u try neighbor x.x.x.x prefix-length-size 2 from me3400 side

 

 

 

Sent from my Samsung device



-------- Original message --------
From: Aaron <aaron1 at gvtc.com>
Date: 20/11/2015 20:08 (GMT+02:00)
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Cisco and Juniper - BGP MPLS L2VPN VPLS interoperability 

Can anyone share any experiences with interoperating Cisco and Juniper BGP
MPLS L2VPN's ?

 

Yesterday I fired up L2VPN configs in my ACX5048 and MX104 in my lab and
brought up BGP L2VPN address family and got some bad results

 

It caused all of my Cisco ME3600's in my network to send BGP Notifications
and drop their MP-BGP neighbor sessions to the Route Reflector core and
purge all their vpnv4, vpnv6 and l2vpn topology tables !

 

Bad customer impact. lots of trouble.

 

"Rollback 1" on ACX and MX and all is well

 

Anyway have trouble in this area ?

 

Aaron

 

P.S. for a couple weeks those same ACX and MX were running just fine with my
route reflector core (dual asr9k's) and running fine with BGP MPLS L3VPN's
(layer 3) routing-instances. able to talk to the rest of the routing
domains, etc.  all that seemed fine.  It was just this L2VPN stuff yesterday
was bad.

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list