[f-nsp] Issue with Route Reflection configuration

Youssef Bengelloun-Zahr youssef at 720.fr
Thu Aug 30 11:44:16 EDT 2012 

Hello community,

I have been turning this upside down but I can't seem to figure with is
wrong with my RR configuration.

Here is the topology :

.1 and .2 : theese are the RRs (CER-RT)
.3 and .4 : thesse are the ERs (MLXe-4)

.1 and .3 : on site A (still isolated from site B)
.2 and .4 : on site B (still isolated from site A)


On the RR side :

router bgp
 local-as XXXXX
 bfd-enable
 bfd min-tx 50 min-rx 50 multiplier 3
 auto-shutdown-new-neighbors
 cluster-id XXXXX
 capability as4 enable
 maxas-limit in 100
 fast-external-fallover
 neighbor ER-PEER peer-group
 neighbor ER-PEER remote-as XXXXX
 neighbor ER-PEER description EDGE-ROUTERS-PEERS
 neighbor ER-PEER update-source loopback 1
 neighbor ER-PEER soft-reconfiguration inbound
 neighbor RR-PEER peer-group
 neighbor RR-PEER remote-as XXXXX
 neighbor RR-PEER description ROUTE-REFLECTORS-PEERS
 neighbor RR-PEER next-hop-self
 neighbor RR-PEER update-source loopback 1
 neighbor RR-PEER soft-reconfiguration inbound
 neighbor XXX.YYY.ZZZ.1 peer-group RR-PEER
 neighbor XXX.YYY.ZZZ.3 peer-group ER-PEER
 neighbor XXX.YYY.ZZZ.4 peer-group ER-PEER
!
 address-family ipv4 unicast
 redistribute static route-map FROM-STATIC-V4-TO-BGP
 neighbor ER-PEER route-reflector-client
 neighbor ER-PEER send-community
 neighbor RR-PEER route-map in FROM-RR
 neighbor RR-PEER route-map out TO-RR
 neighbor RR-PEER send-community
 exit-address-family
!
 address-family ipv4 multicast
 exit-address-family
!
 address-family ipv6 unicast
 exit-address-family
!
 address-family ipv6 multicast
 exit-address-family
!
 address-family vpnv4 unicast
 neighbor XXX.YYY.ZZZ.1 activate
 neighbor XXX.YYY.ZZZ.1 send-community both
 neighbor XXX.YYY.ZZZ.3 activate
 neighbor XXX.YYY.ZZZ.3 route-reflector-client
 neighbor XXX.YYY.ZZZ.3 send-community both
 neighbor XXX.YYY.ZZZ.4 activate
 neighbor XXX.YYY.ZZZ.4 route-reflector-client
 neighbor XXX.YYY.ZZZ.4 send-community both
 exit-address-family


The VPNv4 session comes just fine :

SSH at rr01.XXX#sh ip bgp vpnv4 summary
  BGP4 Summary
  Router ID: XXX.YYY.ZZZ.2   Local AS Number: XXXXX
  Confederation Identifier: not configured
  Confederation Peers:
  Cluster ID: XXXXX
  Maximum Number of IP ECMP Paths Supported for Load Sharing: 1
  Number of Neighbors Configured: 3, UP: 1
  Number of Routes Installed: 0
  Number of Routes Advertising to All Neighbors: 0 (0 entries)
  Number of Attribute Entries Installed: 0
  Neighbor Address  AS#         State     Time     Rt:Accepted Filtered
Sent     ToSend
  XXX.YYY.ZZZ.1       XXXXX       CONN      7d 2h14m    0        0
0        0
  XXX.YYY.ZZZ.3       XXXXX       CONN      8d 1h10m    0        0
0        0
  XXX.YYY.ZZZ.4       XXXXX       *ESTAB*     7d 2h10m    0        0
0        0


Still, the AFI shows it's not activated :

SSH at rr01.XXX#sh ip bgp peer-group
1   BGP peer-group is ER-PEER, Remote AS: XXXXX
    Description: EDGE-ROUTERS-PEERS
       UpdateSource: Loopback 1
       SoftInboundReconfiguration: yes
      Address family : IPV4 Unicast
        activate
       SendCommunity: yes
      Address family : IPV4 Multicast
        no activate
      Address family : IPV6 Unicast
        no activate
      Address family : IPV6 Multicast
        no activate
*      Address family : VPNV4 Unicast
        no activate
*      Address family : L2VPN VPLS
        no activate
    Members:
       IP Address: XXX.YYY.ZZZ.3
       IP Address: XXX.YYY.ZZZ.4, AS: XXXXX


It's exactly the same from result seen from the ER :

SSH at er01.XXX#sh ip bgp vpnv4 summary
  BGP4 Summary
  Router ID: XXX.YYY.ZZZ.4   Local AS Number: XXXXXX
  Confederation Identifier: not configured
  Confederation Peers:
  Maximum Number of IP ECMP Paths Supported for Load Sharing: 1
  Number of Neighbors Configured: 2, UP: 1
  Number of Routes Installed: 0
  Number of Routes Advertising to All Neighbors: 0 (0 entries)
  Number of Attribute Entries Installed: 0
  Neighbor Address  AS#         State     Time     Rt:Accepted Filtered
Sent     ToSend
  XXX.YYY.ZZZ.1       XXXXXX       CONN      8d 1h18m    0        0
0        0
  XXX.YYY.ZZZ.2       XXXXXX       *ESTAB*     7d 2h16m    0
0        0        0



SSH at er01.XXX#sh ip bgp peer-group
1   BGP peer-group is RR-PEER, Remote AS: XXXXXX
    Description: ROUTE-REFLECTORS-PEERS
       UpdateSource: Loopback 1
       NextHopSelf: yes
       SoftInboundReconfiguration: yes
      Address family : IPV4 Unicast
        activate
       SendCommunity: yes
    Route Filter Policies:
       Route-map: (in) FROM-RR-PEER  (out) TO-RR-PEER
      Address family : IPV4 Multicast
        no activate
      Address family : IPV6 Unicast
        no activate
      Address family : IPV6 Multicast
        no activate
*      Address family : VPNV4 Unicast
        no activate
*      Address family : L2VPN VPLS
        no activate
    Members:
       IP Address: XXX.YYY.ZZZ.1
       IP Address: XXX.YYY.ZZZ.2, AS: XXXXXX



Also, got the right licences on the RR :

SSH at rr01.XXX#sh license
Index   Package Name              Lid          Slot    License Type
Status     License Period
1       IP_ROUTE_SCALE            XXXXXXXXX   M       normal
active     unlimited
2       NI-CER-2024-ADV           XXXXXXXXX   M       normal
active     unlimited


Can't seem to find what's wrong... Can't seem to find anything in the
NetIron config guide...

Maybe I forgot something but this used to be quite trivial under cisco CLI.
Possibly a CLI specificity I overlooked here.

Thanks.

-- 
Youssef BENGELLOUN-ZAHR
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20120830/faa13653/attachment.html>

More information about the foundry-nsp mailing list