Re: ACI BGP peering over vpc failing

ITforever · ‎07-29-2018

Hello,

I am currently working on ACI to an ASA context (Firepower) integration and encountered an interesting problem. So, the connection between ASA and ACI leaf nodes are VPC. Pings work fine from the ASA to ACI L3out VPC A/B primary and secondary IP addresses.

L3out has BGP enabled and uses router id option only. So no loopback configured and this is eBGP peering. Logical interfaces in use are SVI > VPC setup.

Scenario 1: If I create a BGP Peer Connectivity using vPC - the neighborship won't establish.

Scenario 2: If I create a BGP Peer Connectivity using loopback - the neighborship establishes fine.

So, I don't understand why it works over loopback while I have no loopback confiured. Why it does not work over SVI/VPCs while they are just fine. Or, is it the way ACI operates?

Thanks very much.

micgarc2 · ‎08-06-2018

Hello,

Should work fine unless its some type of FW issue. Here is my config. I am peering over an vPC SVI not using any loopbacks.

Topo:

N5K config:

interface port-channel555
 switchport mode trunk
 switchport trunk allowed vlan 1-701,703-724,726-1036,1038-1100,1102-1531,1533-4094
!
interface Vlan1311
no shutdown
vrf member mg4
ip address 192.168.11.3/24
!
router bgp 20000
vrf mg4
address-family ipv4 unicast
neighbor 192.168.11.1 remote-as 30000
address-family ipv4 unicast
neighbor 192.168.11.2 remote-as 30000
address-family ipv4 unicast

ACI:

Verification:

5K:

ACI-5596-B# show ip bgp summary vrf mg4
BGP summary information for VRF mg4, address family IPv4 Unicast
BGP router identifier 192.168.11.3, local AS number 20000
BGP table version is 4, IPv4 Unicast config peers 2, capable peers 2
0 network entries and 0 paths using 0 bytes of memory
BGP attribute entries [0/0], BGP AS path entries [0/0]
BGP community entries [0/0], BGP clusterlist entries [0/0]

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.11.1    4 30000      15      15        4    0    0 00:11:32 0
192.168.11.2    4 30000      15      15        4    0    0 00:11:21 0

ACI:

leaf204# show ip bgp summary vrf MG:v4
BGP summary information for VRF MG:v4, address family IPv4 Unicast
BGP router identifier 1.1.111.204, local AS number 65000
BGP table version is 14, IPv4 Unicast config peers 2, capable peers 1
4 network entries and 5 paths using 592 bytes of memory
BGP attribute entries [5/720], BGP AS path entries [0/0]
BGP community entries [0/0], BGP clusterlist entries [12/80]

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.11.3    4 20000      14      14       14    0    0 00:10:02 0

a-leaf206# show ip bgp summary vrf MG:v4
BGP summary information for VRF MG:v4, address family IPv4 Unicast
BGP router identifier 1.1.111.206, local AS number 65000
BGP table version is 18, IPv4 Unicast config peers 2, capable peers 1
4 network entries and 5 paths using 592 bytes of memory
BGP attribute entries [5/720], BGP AS path entries [0/0]
BGP community entries [0/0], BGP clusterlist entries [10/64]

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.11.3    4 20000      14      14       18    0    0 00:10:26 0

Hope this helps!

Thank you for participating in the Cisco Support Forum for ACI! If you have other questions related to this post, please let us know. If this response answers your questions, please mark this post "answered" and assign a rating to the response(s) provided. This will help notify other viewers that your question(s) is answered and this helps us provide better responses for this and future questions.

Regards,

Michael G.