Solved: Re: influencing BGP attributes within MPLS network ---help - Page 2

Manoj Buddhika · ‎12-04-2011

pls take a look at my question and diagram is attached in the file. pls help me to fix this problem.

I have following requirement about traffic paths within the
MPLS network.MPLS network is running MP-BGP4.

1.Traffic from Europe branch to Asia branch go through London
router.

2.Traffic from America branch to Asia branch go through Los Angeles
router.

3.The two paths through London and Los Angeles should have redundancy.
That is if path through London is not accessible all the traffic must
go through Los Angeles. IF Los Angeles path go down all the traffic must
go through London.

4.Traffic from Asia to Europe and America is controlled by redistributing
BGP4 learned routes with different metrics at the London and Los Angeles
routers.So that trafic from Asia branch to Europe go through London and
traffic from Asia to America go through Los Angeles.

I have been using below configs on the PE routers. But it is not working.
In the MPLS network only one path is selected for both traffic from Europe
and America.Pls can anyone help me to fix this problem.

#PE3
ip vrf CUSTOMER
rd 1:10
route-target export 1:20
route-target import 1:40
export map EXPORT-ROUTE
import map IMPORT-ROUTE
!
interface FastEthernet0/0
description LONDON-GW
ip vrf forwarding CUSTOMER
ip address 1.1.1.2 255.255.255.252
!
router bgp 65400
!
address-family ipv4 vrf CUSTOMER
redistribute connected
neighbor 1.1.1.1 remote-as 65401
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 next-hop-self
neighbor 1.1.1.1 soft-reconfiguration inbound
no auto-summary
no synchronization
exit-address-family
!
ip extcommunity-list 1 permit rt 1:10
!
ip extcommunity-list 2 permit rt 1:40
!
route-map EXPORT-ROUTE permit 10
description LONDON-GW
match extcommunity 1
set extcomm-list 1 delete
set extcommunity rt 1:20 additive
!
route-map IMPORT-ROUTE permit 10
description EU & US-BRANCH
match extcommunity 2

#PE4
ip vrf CUSTOMER
rd 1:10
route-target export 1:30
route-target import 1:40
export map EXPORT-ROUTE
import map IMPORT-ROUTE
!
interface FastEthernet0/0
description LA-GW
ip vrf forwarding CUSTOMER
ip address 2.2.2.2 255.255.255.252
!
router bgp 65400
!
address-family ipv4 vrf CUSTOMER
redistribute connected
neighbor 2.2.2.1 remote-as 65402
neighbor 2.2.2.1 activate
neighbor 2.2.2.1 next-hop-self
neighbor 2.2.2.1 soft-reconfiguration inbound
no auto-summary
no synchronization
exit-address-family
!
ip extcommunity-list 1 permit rt 1:10
!
ip extcommunity-list 2 permit rt 1:40
!
route-map EXPORT-ROUTE permit 10
description LA-GW
match extcommunity 1
set extcomm-list 1 delete
set extcommunity rt 1:30 additive
!
route-map IMPORT-ROUTE permit 10
description EU & US-BRANCH
match extcommunity 2

#PE1
ip vrf CUSTOMER
rd 1:10
route-target export 1:40
route-target import 1:20
route-target import 1:30
export map EXPORT-ROUTE
import map IMPORT-ROUTE
!
interface FastEthernet0/0
description EU-BRANCH
ip vrf forwarding CUSTOMER
ip address 3.3.3.2 255.255.255.252
!
router bgp 65400
!
address-family ipv4 vrf CUSTOMER
redistribute connected
redistribute static
no auto-summary
no synchronization
exit-address-family
!
ip route vrf CUSTOMER 172.16.1.0 255.255.255.0 FastEthernet0/0 3.3.3.1 name EU-BRANCH
!
ip extcommunity-list 1 permit rt 1:10
!
ip extcommunity-list 2 permit rt 1:20
!
ip extcommunity-list 3 permit rt 1:30
!
route-map EXPORT-ROUTE permit 10
description EU-BRANCH
match extcommunity 1
set extcomm-list 1 delete
set extcommunity rt 1:40 additive
!
route-map IMPORT-ROUTE permit 10
description LONDON-GW(MAIN)
match extcommunity 2
set metric 100
!
route-map IMPORT-ROUTE permit 20
description LA-GW(BACKUP)
match extcommunity 3
set metric 200
!
route-map IMPORT-ROUTE permit 30
description OTHER

#PE2
ip vrf CUSTOMER
rd 1:10
route-target export 1:40
route-target import 1:20
route-target import 1:30
export map EXPORT-ROUTE
import map IMPORT-ROUTE
!
interface FastEthernet0/0
description US-BRANCH
ip vrf forwarding CUSTOMER
ip address 4.4.4.2 255.255.255.252
!
router bgp 65400
!
address-family ipv4 vrf CUSTOMER
redistribute connected
redistribute static
no auto-summary
no synchronization
exit-address-family
!
ip route vrf CUSTOMER 192.168.1.0 255.255.255.0 FastEthernet0/0 4.4.4.1 name US-BRANCH
!
ip extcommunity-list 1 permit rt 1:10
!
ip extcommunity-list 2 permit rt 1:20
!
ip extcommunity-list 3 permit rt 1:30
!
route-map EXPORT-ROUTE permit 10
description US-BRANCH
match extcommunity 1
set extcomm-list 1 delete
set extcommunity rt 1:40 additive
!
route-map IMPORT-ROUTE permit 10
description LONDON-GW(BACKUP)
match extcommunity 2
set metric 200
!
route-map IMPORT-ROUTE permit 20
description LA-GW(MAIN)
match extcommunity 3
set metric 100
!
route-map IMPORT-ROUTE permit 30
description OTHER

Manoj Buddhika · ‎12-20-2011

Hi Varma,

I still find some difficulties when configuring. I dont know whether it is IOS version problem or anything else.
Here is a example I found when configuring on PE3

your suggest command -> ip extcommunity-list standard CUSTOMER permit rt 1:20
but in my router I only have this ->ip extcommunity-list 77 permit rt 1:20

I cant have a text like "CUSTOMER" for extcommunity lis name. But I think that is OK ,I still could configure the community list.
the next problem is more anoying.

your suggest command ->
     route-map community permit 10
     match extcommunity CUSTOMER
     set community 65400:1111

   I could configure that except for the "CUSTOMER" I used "77" which is my standard community list number. but on the show running
   config it will appear as this.

!route-map community permit 10
!match extcommunity 77
!set community -8911785

the 65400:1111 will change to a minus number

I wonder why is that ? could you please give some advice on that

Thank you
Manoj

Vaibhava Varma · ‎12-20-2011

Hi Manoj

Please use the below command to enable the new community format on your IOS

"ip bgp-community new-format"

Regards

Varma

Manoj Buddhika · ‎12-20-2011

Hi Varma,
Thanky you very much for your helping.
after ip bgp-community new-format

I could overcome that problem.

bug still have these problems as mention below

#PE1

I couldn't configure this command "ip community list CUSTOMER permit 65400:1111

that is I cant use 65400:1111 format after permit. I can only use rt AS:nn format.

so I configured like this

ip community-list 77 permit rt 1:20

here 77 is for CUSTOMER which is your standard-list name. I think it is ok. problem is instead of 65400:1111

i used rt1:20 because 65400:1111 is inported as rt 1:20

#PE2

same as PE1 couldn't configure your command ip community list CUSTOMER permit 65400:2222.

instead I used this

ip community-list 77 permit rt 1:30

that is because 65400:2222 on PE4 is imported as rt 1:30 on PE2
after configuring as above ,still all the traffic from europe and america will select only one path that is throuth PE3
please if you have any thoughts where I might wrong , I would be very much appricated.
thank you for your valuble time

Best regards

Manoj

Vaibhava Varma · ‎12-21-2011

Hi Manoj

Can you please share your modified configs of all the 4 PEs with changes highlighted..

RT is an extcommunity and we should be able to permit it under standard community . Have you configured this command ?

ip community-list 77 permit rt 1:30

Regards

Varma

Manoj Buddhika · ‎12-24-2011

Hi Varma

This is my new configs on all the four PE routers and two route-reflectors.

waiting for any ideas from you, where I might I have configured it wrong.

thanks.

----------------------

#PE3

----------------------

ip vrf CUSTOMER

rd 1:10

route-target export 1:20

route-target import 1:40

!

address-family vpnv4

neighbor PEER-GROUP send-community both

neighbor PEER-GROUP route-map community out

neighbor RR1-IP activate

neighbor RR2-IP activate

exit-address-family

!

address-family ipv4 vrf CUSTOMER

redistribute connected

neighbor 1.1.1.1 remote-as 65401

neighbor 1.1.1.1 activate

neighbor 1.1.1.1 next-hop-self

neighbor 1.1.1.1 soft-reconfiguration inbound

no auto-summary

no synchronization

exit-address-family

!

ip extcommunity-list 77 permit rt 1:20

ip bgp-community new-format

!

route-map community permit 10

match extcommunity 77

set community 65400:1111

!

route-map community permit 20

!

-----------------------------

#PE4

-----------------------------

ip vrf CUSTOMER

rd 1:10

route-target export 1:30

route-target import 1:40

!

address-family vpnv4

neighbor PEER-GROUP send-community both

neighbor PEER-GROUP route-map community out

neighbor RR1-IP activate

neighbor RR2-IP activate

exit-address-family

!

address-family ipv4 vrf CUSTOMER

redistribute connected

neighbor 2.2.2.1 remote-as 65402

neighbor 2.2.2.1 activate

neighbor 2.2.2.1 next-hop-self

neighbor 2.2.2.1 soft-reconfiguration inbound

no auto-summary

no synchronization

exit-address-family

!

ip extcommunity-list 77 permit rt 1:30

!

route-map community permit 10

match extcommunity 77

set community 65400:2222

!

route-map community permit 20

!

--------------------

#PE1

--------------------

ip vrf CUSTOMER

rd 1:10

route-target export 1:40

route-target import 1:20

route-target import 1:30

!

address-family vpnv4

neighbor PEER-GROUP send-community both

neighbor PEER-GROUP route-map community in

neighbor RR1-IP activate

neighbor RR2-IP activate

exit-address-family

!

address-family ipv4 vrf CUSTOMER

redistribute connected

redistribute static

no auto-summary

no synchronization

exit-address-family

!

ip extcommunity-list 77 permit rt 1:20

!

route-map community permit 10

match extcommunity 77

set local-preference 110

!

route-map community permit 20

!

------------------

#PE2

------------------

ip vrf CUSTOMER

rd 1:10

route-target export 1:40

route-target import 1:20

route-target import 1:30

!

address-family vpnv4

neighbor PEER-GROUP send-community both

neighbor PEER-GROUP route-map community in

neighbor RR1-IP activate

neighbor RR2-IP activate

exit-address-family

!

address-family ipv4 vrf CUSTOMER

redistribute connected

redistribute static

no auto-summary

no synchronization

exit-address-family

!

ip extcommunity-list 77 permit rt 1:30

!

route-map community permit 10

match extcommunity 77

set local-preference 110

!

route-map community permit 20

!

---------------

RR1 route-reflector1

--------------

!

address-family vpnv4

neighbor PEER-GROUP route-reflector-client

neighbor PEER-GROUP send-community both

neighbor PE3-IP activate

neighbor PE4-IP activate

neighbor PE1-IP activate

neighbor PE2-IP activate

!

-------------

RR2 route-reflector2

-------------

!

address-family vpnv4

neighbor PEER-GROUP route-reflector-client

neighbor PEER-GROUP send-community both

neighbor PE3-IP activate

neighbor PE4-IP activate

neighbor PE1-IP activate

neighbor PE2-IP activate

!

Manoj Buddhika · ‎12-24-2011

Hi, Varma

Here I put the how the paths are selected by PE1,PE2 for the network 10.0.2.0/24 .

As you can see both PE1,PE2 select PE3 as the next-hop.

PE1#

PE1#show ip bgp vpnv4 vrf CUSTOMER

Load for five secs: 0%/0%; one minute: 0%; five minutes: 0%

Time source is NTP, 22:30:29.381 JST Sat Dec 24 2011

BGP table version is 3393, local router ID is PE1-IP

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:10 (default for vrf CUSTOMER)

*>i1.1.1.0/30 PE3-IP 0 110 0 ?

* i PE3-IP 0 110 0 ?

* i2.2.2.0/30 PE4-IP 0 100 0 ?

*>i PE4-IP 0 100 0 ?

*> 3.3.3.0/30 0.0.0.0 0 32768 ?

* i10.0.2.0/24 PE3-IP 0 110 0 65401 ?

*>i PE3-IP 0 110 0 65401 ?

*> 172.16.1.0/24 3.3.3.1 0 32768 ?

PE1#

------------------------------

PE2#

PE2#show ip bgp vpnv4 vrf CUSTOMER

Load for five secs: 0%/0%; one minute: 0%; five minutes: 0%

Time source is NTP, 22:36:05.399 JST Sat Dec 24 2011

BGP table version is 5021, local router ID is PE2-IP

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:10 (default for vrf CUSTOMER)

*>i1.1.1.0/30 PE3-IP 0 100 0 ?

* i PE3-IP 0 100 0 ?

* i2.2.2.0/30 PE4-IP 0 110 0 ?

*>i PE4-IP 0 110 0 ?

*> 4.4.4.0/30 0.0.0.0 0 32768 ?

* i10.0.2.0/24 PE3-IP 0 100 0 65401 ?

*>i PE3-IP 0 100 0 65401 ?

*> 192.168.1.0 4.4.4.1 0 32768 ?

PE2#

Vaibhava Varma · ‎12-24-2011

Hi Manoj

The config seems alright..However the output is little strange as when two different PEs are announcing the same route from Asia then why on PE1 and PE2 the prefix 10.0.2.0/24 is shown to be learnt from single PE only twice...

* i10.0.2.0/24 PE3-IP 0 110 0 65401 ?

*>i PE3-IP 0 110 0 65401 ?

I think its bcoz of RRs coming in between..The RRs are selecting PE3 as the best route intermediately and announcing only PE3's routes further to PE1 and PE2..Interesting Issue to be looked at as I did not think of this before that RR's will be doing intermediate bgp best path selection..Now to overcome this issue we need to ensure that the RR's keep both the copies of route learnt from PE3 and PE4 and advertise the same to PE1/PE2..To do so we need to change the RD of vrf CUSTOMER on PE4 to 1:20 so that now the IPv4 Prefix 10.0.2.0/24 becomes two unqiue vpnv4 prefixes and hence RR reflects both of them to PE1/PE2..Now using the same community route-map inwards on PE1/PE2 we can match the export RT values of PE3/PE4 and set the local preference to 110..This will solve our requirement,

But we should make a note that changing the RD config on an already running VRF will result in disruption of services as the vrf needs to deleted and redefined..

Also on a side note when we are matching on the RT values on PE1/PE2 there is no need to set standard community on PE3/PE4 so we can get rid of the route-map config on PE3/PE4

Hope this helps to answer your query.

Regards

Varma

Message was edited by: Vaibhava Varma

Manoj Buddhika · ‎12-25-2011

Hi, Varma

Thank you for your comments. After changing the rd of PE4 to rd 1:20 it worked fine. Now the trafic is routed according to the way I wanted. Still testing the validity of the method and impact on the production network when the rd is changing and other things like redundancy.If I find any other issues ,I will let you know.

Thanks again

Best regards

Manoj

Vaibhava Varma · ‎12-25-2011

Hi Manoj

Glad to hear that we finally arrived at a solution

Regards

Varma

Manoj Buddhika · ‎12-25-2011

Hi, Varma

As you suggested I removed standard community list and route-maps from PE3/PE4. After that it didn't work properly. PE1/PE2 had their connected and statically mentioned routes only.

So I think below standard community and route-maps are neccessary on PE3 & PE4. Little strange though.

PE3--

!

ip extcommunity-list 77 permit rt 1:20
ip bgp-community new-format
!
!
route-map community permit 10
match extcommunity 77
set community 65400:1111
!
route-map community permit 20
!

PE4---

!
ip extcommunity-list 77 permit rt 1:30
ip bgp-community new-format
!
!
route-map community permit 10
match extcommunity 77
set community 65400:2222
!
route-map community permit 20
!

regards

manoj

Vaibhava Varma · ‎12-25-2011

Hi Manoj

That should have not happened as we are not matching based on Standard Community but only extcommunity RT..

PE3/PE4 will be sending out the vpnv4 prefixes out to the MPLS Backbone by default so even if we removed the route-map there should have not been any issues.. Did you try soft claring MP-iBGP after removing route-map.

Regards

Varma