[c-nsp] IOS XR BGP default route - prepending AS

Brian Knight brian.t.knight at gmail.com
Wed Apr 20 16:12:03 EDT 2016 

Hi Nathan,

Fair enough.  Just trying not to get into too much trouble by revealing too
much.

(Although I'm curious now - what do other people do to sanitize configs for
public mailing lists?  Obviously customer sensitive data must be removed,
but is that it?)

We are running XR 4.2.4 on a C12k.

Here's the full config as it sits now:

----------

community-set BGP-SITECODE
  53828:1003
end-set

prefix-set IPV4-RESERVED
  0.0.0.0/8 le 32,
  10.0.0.0/8 le 32,
  100.64.0.0/10 le 32,
  127.0.0.0/8 le 32,
  169.254.0.0/16 le 32,
  172.16.0.0/12 le 32,
  192.0.0.0/24 le 32,
  192.0.2.0/24 le 32,
  192.168.0.0/16 le 32,
  198.18.0.0/15 le 32,
  198.51.100.0/24 le 32,
  203.0.113.0/24 le 32,
  224.0.0.0/3 le 32,
  240.0.0.0/4 le 32
end-set

route-policy IPV4-RESERVED-DENY
  if destination in IPV4-RESERVED then
    drop
  else
    pass
  endif
end-policy

prefix-set IPV4-DEFAULT
  0.0.0.0/0
end-set

route-policy IPV4-DEFAULT-DENY
  if destination in IPV4-DEFAULT then
    drop
  else
    pass
  endif
end-policy

route-policy IPV4-BGP-NNI-DIA-IN($localpref)
  apply IPV4-RESERVED-DENY
  apply IPV4-DEFAULT-DENY
  # For primary NNIs, $localpref = 400
  # For backup NNIs, $localpref = 350
  #
  set local-preference $localpref
  set community BGP-SITECODE additive
end-policy

route-policy IPV4-BGP-NNI-DIA-OUT($prepend)
  # For primary NNIs, $prepend = 0
  # For backup NNIs, $prepend = 2
  #
  # Announce only default route
  if destination in (0.0.0.0/0) then
    prepend as-path 53828 $prepend
    set community BGP-SITECODE
  else
    drop
  endif
end-policy

route-policy IPV4-BGP-NNI-DIA-PRIMARY-IN
  apply IPV4-BGP-NNI-DIA-IN(400)
end-policy

route-policy IPV4-BGP-NNI-DIA-PRIMARY-OUT
  apply IPV4-BGP-NNI-DIA-OUT(0)
end-policy

route-policy IPV4-BGP-NNI-DIA-BACKUP-IN
  apply IPV4-BGP-NNI-DIA-IN(350)
end-policy

route-policy IPV4-BGP-NNI-DIA-BACKUP-OUT
  apply IPV4-BGP-NNI-DIA-OUT(2)
end-policy

route-policy IPV4-BGP-NNI-DIA-DEFAULT-PRIMARY-OUT
  set community BGP-SITECODE
end-policy

route-policy IPV4-BGP-NNI-DIA-DEFAULT-BACKUP-OUT
  prepend as-path 53828 2
  set community BGP-SITECODE
end-policy

router bgp 53828
 !
 neighbor-group IPV4-NNI-DIA-PRIMARY
  address-family ipv4 unicast
   send-community-ebgp
   route-policy IPV4-BGP-NNI-DIA-PRIMARY-IN in
   maximum-prefix 500 80 restart 1
   route-policy IPV4-BGP-NNI-DIA-PRIMARY-OUT out
   send-extended-community-ebgp
   default-originate
   soft-reconfiguration inbound
 !
 neighbor-group IPV4-NNI-DIA-BACKUP
  address-family ipv4 unicast
   send-community-ebgp
   route-policy IPV4-BGP-NNI-DIA-BACKUP-IN in
   maximum-prefix 500 80 restart 1
   route-policy IPV4-BGP-NNI-DIA-BACKUP-OUT out
   send-extended-community-ebgp
   default-originate
   soft-reconfiguration inbound
 !
 neighbor 64.191.75.189
  remote-as 2828
  use neighbor-group IPV4-NNI-DIA-BACKUP
  shutdown

----------

Thanks again,

-Brian Knight

On Wed, Apr 20, 2016 at 2:19 AM, Nathan Ward <cisco-nsp at daork.net> wrote:

> Hi,
>
> At first I thought this was because you were seeing the pre-policy routes,
> but that’s not the case if you’re asking for advertised routes under a
> neighbour - when I look at advertised routes on ASR9k neighbours where I
> have prepends in the policy, I see those prepends. You don’t see them if
> you ask for “route-policy <blah>” though, weirdly.
>
> I can’t see anything wrong with your config - perhaps you can paste the
> relevant unmodified config, I wonder if your modifications have hidden bugs
> or something. Note that you left your ASN in anyway, despite doing the
> MY-AS thing in some places, so, may as well just include it rather than
> potentially obscuring things ;)
>
> --
> Nathan Ward
>
> > On 20/04/2016, at 16:50, Brian Knight <brian.t.knight at gmail.com> wrote:
> >
> > At $DAYJOB we use MPLS VPNs from other carriers to provide Internet
> access
> > to customers connected to these VPNs.  There is always a primary path for
> > outbound access, plus one or more backup paths.  I am trying to
> configure a
> > backup path, but can't seem to set AS path prepending on the default
> route
> > we announce to the MPLS VPN.
> >
> > This is our first time configuring these types of MPLS VPNs on IOS XR.
> >
> > I've got a config that looks a little something like this:
> >
> > --------
> >
> > route-policy BACKUP-IN
> >  apply IPV4-RESERVED-DENY
> >  apply IPV4-DEFAULT-DENY
> >  # For backup, localpref = 350
> >  #
> >  set local-preference 350
> >  set community BGP-SITECODE additive
> > end-policy
> >
> > route-policy BACKUP-OUT
> >  # For backup, prepend = 2
> >  #
> >  # Announce only default route
> >  if destination in (0.0.0.0/0) then
> >    prepend as-path MY-AS 2
> >    set community BGP-SITECODE
> >  else
> >    drop
> >  endif
> > end-policy
> >
> > router bgp 53828
> >    neighbor THEIR-IP
> >      remote-as THEIR-AS
> >      address-family ipv4 unicast
> > default-originate
> >        route-policy BACKUP-IN in
> >        route-policy BACKUP-OUT out
> >        send-community-ebgp
> >        send-extended-community-ebgp
> >        soft-reconfig inbound
> >        maximum-prefix 500 80 restart 1
> >
> > --------
> >
> > The config originates a default route towards THEIR-IP, which is
> expected.
> > But the default route that is generated is apparently not influenced by
> the
> > BACKUP-OUT policy (prepend MY-AS 2 times).
> >
> > RP/0/8/CPU0:AR1.ATL1#sh bgp ipv4 u nei THEIR-IP adv
> > Wed Apr 20 01:00:39.545 CDT
> > Network            Next Hop        From            AS Path
> > 0.0.0.0/0          0.0.0.0         Local           i
> >
> > What's the simplest way to prepend AS path on a default route advertised
> to
> > a single peer?
> >
> > A few sources suggest adding a default route to Null0 in our Internet
> > routing table and advertising it through redistribution, or enter a
> > "network 0.0.0.0/0" command in the BGP address-family, both of which
> can be
> > influenced by route policies.  Neither of those options sound
> particularly
> > simple to me.
> >
> > I have also tried the following to no avail:
> >
> > ---------
> >
> > route-policy DEFAULT-BACKUP-OUT
> >  prepend as-path 53828 2
> >  set community BGP-SITECODE
> > end-policy
> >
> > router bgp 53828
> >    neighbor THEIR-IP
> >      address-family ipv4 unicast
> > default-originate route-policy DEFAULT-BACKUP-OUT
> >
> > ---------
> >
> > I'd be grateful for any insight.
> >
> > Thanks,
> >
> > -Brian Knight
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>


-- 
-Brian Knight

More information about the cisco-nsp mailing list