Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1768
Views
0
Helpful
0
Comments

Troubleshooting issues related to route distribution between BGP and LISP - Scenario 2

teegeorg
Cisco Employee
Cisco Employee

on ‎06-11-2019 01:45 AM

Description of the issue and topology

  • External Host or Server reachability from Fabric host
  • DHCP IP assignment failure

Topology

Control Plane and Fabric Border are non-colocated

Configurations

Core:

router ospf 10

router-id 71.0.0.1

network 50.0.0.0 0.255.255.255 area 0




router bgp 65001

bgp router-id interface Loopback0

address-family ipv4 vrf Engineering

neighbor 200.0.0.2 remote-as 65002

 

With SDA:

##### FB1  ########

interface Loopback0

 description Fabric Node Router ID

 ip address 71.0.0.1 255.255.255.255

ip router isis

!

vrf definition vn1

 rd 1:4099

 !

 address-family ipv4

  route-target export 1:4099

  route-target import 1:4099

 exit-address-family

 !

 address-family ipv6

  route-target export 1:4099

  route-target import 1:4099

 exit-address-family

!

interface Loopback1021

 vrf forwarding vn1

 ip address 100.1.1.1 255.255.255.255

!

router lisp

 locator-set rloc_set1

  IPv4-interface Loopback0 priority 10 weight 10

  auto-discover-rlocs

  exit-locator-set

 !

 service ipv4

  encapsulation vxlan

  map-cache-limit 5119

  database-mapping limit dynamic 3000

  itr map-resolver 71.0.0.10

  etr map-server 71.0.0.10 key key1

  etr map-server 71.0.0.10 proxy-reply

  etr

  sgt

  proxy-etr

  proxy-itr 71.0.0.1

  exit-service-ipv4

 !

instance-id 4097

  remote-rloc-probe on-route-change

  service ipv4

   eid-table default

   distance site-registrations 250

   exit-service-ipv4

  !

  exit-instance-id

 !

 instance-id 4098

  remote-rloc-probe on-route-change

  service ipv4

   eid-table vrf DEFAULT_VN

   distance site-registrations 250

   exit-service-ipv4

  !

exit-instance-id

 !

 instance-id 4099

  remote-rloc-probe on-route-change

  service ipv4

   eid-table vrf Engineering

 route-import map-cache bgp 65001 route-map PERMIT_EIDS

   route-import database bgp 65001 route-map db locator-set rloc_set1 < -----




   exit-service-ipv4

  !

  exit-instance-id

 !

 !

 ipv4 locator reachability exclude-default

 ipv4 source-locator Loopback0

 exit-router-lisp

!

!

router bgp 65001

 bgp router-id interface Loopback0

 bgp log-neighbor-changes

 bgp graceful-restart

 !

address-family ipv4 vrf vn1

  network 173.168.127.1 mask 255.255.255.255 

  aggregate-address 173.168.127.0 255.255.255.0 summary-only

  neighbor 175.5.5.2 remote-as 65002

  neighbor 175.5.5.2 activate

 exit-address-family

!

 address-family vpnv4

  neighbor 50.0.0.200 activate

  neighbor 50.0.0.200 send-community both

 exit-address-family

 !

!

ip routing

!

route-map db deny 10

 match community 1

route-map db permit 20

route-map PERMIT_EIDS permit 10

 match community 1

route-map PERMIT_EIDS deny 20

Control Plane:

interface Loopback0

 description Fabric Node Router ID

 ip address 71.0.0.10 255.255.255.255

ip router isis

!

vrf definition Engineering

 rd 1:4099

 !

 address-family ipv4

  route-target export 1:4099

  route-target import 1:4099

 exit-address-family

 !

 address-family ipv6

  route-target export 1:4099

  route-target import 1:4099

 exit-address-family

!




router lisp

 locator-set rloc_set1

  IPv4-interface Loopback0 priority 10 weight 10

  auto-discover-rlocs

  exit-locator-set

 !

 service ipv4

  encapsulation vxlan

  map-server

  map-resolver

  exit-service-ipv4

 !

instance-id 4097

  remote-rloc-probe on-route-change

  service ipv4

   eid-table default

   route-export site-registrations

   distance site-registrations 250

   exit-service-ipv4

  !

  exit-instance-id

 !

 instance-id 4098

  remote-rloc-probe on-route-change

  service ipv4

   eid-table vrf DEFAULT_VN

   route-export site-registrations

   distance site-registrations 250

   exit-service-ipv4

  !

exit-instance-id

 !

 instance-id 4099

  remote-rloc-probe on-route-change

  service ipv4

   eid-table vrf Engineering

   route-export site-registrations

   distance site-registrations 250

   exit-service-ipv4

  !

  exit-instance-id

 site site_uci

  authentication-key key1

  eid-record instance-id 4097 0.0.0.0/0 accept-more-specifics

  eid-record instance-id 4098 0.0.0.0/0 accept-more-specifics

  eid-record instance-id 4099 0.0.0.0/0 accept-more-specifics

  exit-site

 !

 !

 ipv4 locator reachability exclude-default

 ipv4 source-locator Loopback0

 exit-router-lisp

!

router bgp 65001

 bgp log-neighbor-changes

 neighbor 50.0.0.100 remote-as 65001

 !

 address-family vpnv4

  neighbor 50.0.0.100 activate

  neighbor 50.0.0.100 send-community both

  neighbor 50.0.0.100 route-map tag out

 exit-address-family

 !

 address-family ipv4 vrf Engineering

  aggregate-address 100.0.0.0 255.0.0.0 summary-only < send the aggregate route only >

  redistribute lisp metric 10 < redistribute lisp to BGP >

 exit-address-family

!

route-map tag permit 10

 set community 655370

Possible Causes

  • External prefixes not advertised to Fabric Border
  • External prefixes not registered to Control Plane
  • Fabric prefixes registered to Control Plane not getting advertised to Border through MPLS VPN
  • Incorrect route-maps resulting in non advertisement of Fabric routes to external BGP domain

Solution

Ensuring external prefixes learnt from BGP registered to MS/MRR and Fabric LISP prefixes redistributed

MPLS VPNv4 connection should carry fabric routes with the correct community values

Pre-SD-Access Troubleshooting

show ip ospf neighbor
show ip bgp summary
show ip route ospf
show ip route bgp

Post-SD-Access Troubleshooting

Verify export of the MS/MR registrations into RIB on Control Plane

show lisp site

LISP Site Registration Information

* = Some locators are down or unreachable

# = Some registrations are sourced by reliable transport




Site Name      Last           Up     Who Last                   Inst     EID Prefix

                      Register             Registered                  ID       

site_uci        2d14h     yes#       70.0.0.1                  4099       100.1.1.100/32




show ip route vrf Engineering

Routing Table: abcd

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B – BGP

            D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

            N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

            E1 - OSPF external type 1, E2 - OSPF external type 2

            i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

            ia - IS-IS inter area, * - candidate default, U - per-user static route

            o - ODR, P - periodic downloaded static route, H - NHRP, l – LISP

            a - application route

            + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

      200.0.0.0/32 is subnetted, 1 subnets

l       100.1.1.100 [240/1], 17:57:50, Null0

Verify redistribution of LISP routes into BGP on Control Plane

show bgp vpnv4 unicast vrf Engineering

BGP table version is 4, local router ID is 71.0.0.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

              x best-external, a additional-path, c RIB-compressed,

              t secondary path,

Origin codes: i - IGP, e - EGP, ? – incomplete

RPKI validation codes: V valid, I invalid, N Not found

    Network          Next Hop            Metric LocPrf Weight Path

Route Distinguisher: 1:2 (default for vrf PACAF)

Export Map: vrf_to_global, Address-Family: IPv4 Unicast, Pfx Count/Limit: 1/1000

 *>   100.1.1.100/32      0.0.0.0                  0         32768 i

Verify the import of BGP routes into LISP

## verify the LISP MS/MR routes learnt via VPNv4 on Fabric Border

SG1#show ip route vrf vn1




Routing Table: vn1

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP

       n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       H - NHRP, G - NHRP registered, g - NHRP registration summary

       o - ODR, P - periodic downloaded static route, l - LISP

       a - application route

       + - replicated route, % - next hop override, p - overrides from PfR




Gateway of last resort is not set




      100.0.0.0/8 is subnetted, 1 subnets

B        100.0.0.0 [200/0] via 71.0.0.10, 00:16:39

### Verify the prefix is pointing to LISP interface in CEF and not BGP

SG1#show ip cef vrf vn1 100.0.0.0 int

100.0.0.0/8, epoch 1, flags [sc, lisp elig], refcnt 6, per-destination sharing

  sources: LISP, IPL

  feature space:

    IPRM: 0x00010000

    Broker: linked, distributed at 1st priority

  subblocks:

    LISP remote EID: 2 packets 1152 bytes fwd action signal, cfg as EID space

    SC owned,sourced: LISP generalised SMR - [enabled, inheriting, 0x7FD0F4E27E00 locks: 1]

    LISP source path list

      path list 7FD0F2AD9D78, 8 locks, per-destination, flags 0x49 [shble, rif, hwcn]

        ifnums:

          LISP0.4099(116)

        1 path

          path 7FD0F17E9D70, share 1/1, type attached prefix, for IPv4

            attached to LISP0.4099, glean for LISP0.4099

        1 output chain

          chain[0]: glean for LISP0.4099

      Dependent covered prefix type LISP, cover 0.0.0.0/0

    2 IPL sources [no flags]

  ifnums:

    LISP0.4099(116)

  path list 7FD0F2AD9D78, 7 locks, per-destination, flags 0x49 [shble, rif, hwcn]

    path 7FD0F17E9D70, share 1/1, type attached prefix, for IPv4

      attached to LISP0.4099, glean for LISP0.4099

  output chain:

    PushCounter(LISP:100.0.0.0/8) 7FD0E946CD80

    glean for LISP0.4099 <---- this is to trigger a map-request for the traffic destined to this prefix (Note not pointing to BGP adjacency)




## You can verify the community value tagged to the route

SG1#show ip bgp vpnv4 vrf vn1 100.0.0.0/8

BGP routing table entry for 1:4099:100.0.0.0/8, version 12

Paths: (1 available, best #1, table vn1)

  Advertised to update-groups:

     3         

  Refresh Epoch 1

  Local, (aggregated by 65001 71.0.0.10)

    71.0.0.10 (metric 20) (via default) from 71.0.0.10 (71.0.0.10)

      Origin IGP, metric 0, localpref 100, valid, internal, atomic-aggregate, best

      Community: 655370 < ----- Community value tagged at Control Plane

      Extended Community: RT:1:4099

      mpls labels in/out nolabel/34

      rx pathid: 0, tx pathid: 0x0

      Updated on Nov 26 2018 16:43:56 UTC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents