Solved: ASR920 BGP on BDI interface doesn't work

spadhausen · ‎02-23-2025

Hello, I have a big issue:

ASR920 with 2x 10GBe on a port channel to my uplink (0.0.0.0) and BGP running OK

2x10GBe on a port channel where I receive qnq vlans.

I have created a BDI interface, I can ping the remote ends with no issue.

The issue is that I cannot reach via telnet nor run BGP on the BVI.

I set a /30 ip on the BDI, I can ping and trace the remote end (no ACL, no filters, nothing). I cannot telnet the remote end, nor BGP.

Is there a limitation of the BGP functionality on BDI interface on ASR920?

ASR920MIX#sh ver
Cisco IOS XE Software, Version 17.06.02
Cisco IOS Software [Bengaluru], ASR920 Software (PPC_LINUX_IOSD-UNIVERSALK9_NPE-M), Version 17.6.2, RELEASE SOFTWARE (fc7)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2021 by Cisco Systems, Inc.
Compiled Tue 23-Nov-21 10:17 by mcpre

ROM: 15.6(48r)

ASR920MIX uptime is 9 weeks, 1 day, 21 hours, 39 minutes
Uptime for this control processor is 9 weeks, 1 day, 21 hours, 46 minutes
System returned to ROM by reload at 23:05:24 ITALY Thu Dec 19 2024
System restarted at 15:04:46 ITALY Fri Dec 20 2024
System image file is "bootflash:asr920-universalk9_npe.17.06.02.SPA.bin"
Last reload reason: PowerOn

License Level: advancedmetroipaccess
License Type: Permanent
Next reload license Level: advancedmetroipaccess

Smart Licensing Status: Smart Licensing is DISABLED

cisco ASR-920-4SZ-A (Freescale P2020) processor (revision 1.0 GHz) with 864646K/6147K bytes of memory.
Processor board ID CAT2230U0TC
2 Gigabit Ethernet interfaces
4 Ten Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
3670016K bytes of physical memory.
1231647K bytes of eMMC flash at bootflash:.

I have also tried to create a loopback interface and run BGP from there, with no success.

==========================================

interface Loopback1
description virtual interface for BGP
ip address 100.80.2.110 255.255.255.255
no ip redirects
no ip proxy-arp
!
interface Port-channel2
mtu 9000
no ip address
no ip redirects
no ip proxy-arp

service instance 306 ethernet
encapsulation dot1q 306 second-dot1q 10
rewrite ingress tag pop 2 symmetric
bridge-domain 11 split-horizon group 0

interface BDI11
ip address 100.80.5.1 255.255.255.252
no ip redirects
no ip proxy-arp
!

TEST: If I set the remote neighbour 100.80.5.2: doesnt work, the peer is DIRECTLY CONNECTED

If I set a remote loopback on the remote device and set a static route, DONT WORK

If I remove the static route and the path to the remote loopback address goes through wan with another route, works.

The are NO FILTERS, just a bunch of qnq in the port-channel2

Seems that when traffic goes through BDI it doesnt work.

Dr. Spadoni

spadhausen · ‎03-12-2025

I have finally found the issue.

The metro-eth ISP DROPS every packet that is not marked as COS0.

The issue is that BGP goes out from the interface in COS6.

On the ASR920 I cannot set an egress policy on a BDI interface.

I now need to ask to someone that has a 1001X if he can apply a policy map on the egress BDI to mark everything COS0.

Dr. Spadoni

View solution in original post

Flavio Miranda · ‎02-23-2025

@spadhausen

How did you configure the BGP?

If you are using eBGP and loopback, did you add the command ebgp-multihop 2?

spadhausen · ‎02-23-2025

Hello. Yes, if using loopback added the multihop, but with no success.

The BGP doesnt work from the BDI to a direct connected IP (/30).

The BGP works flawlessy when on a port-channel using two 10G interface and a juniper (directly connected via /29).

Also a plain telnet doesnt work from the BDI interface.

Does the ASR920 has any limitation doing bgp from the BDI interface?

Dr. Spadoni

MHM Cisco World · ‎02-23-2025

When you use LO do you use default route or static route ??

MHM

spadhausen · ‎02-23-2025

Yes. Ping and traceroute are perfect. But for example a telnet session to the peer doesnt work. Timeout.

Dr. Spadoni

MHM Cisco World · ‎02-23-2025

Defualt route if config in both side will not work

One peer must at least have static not default route.

MHM

Georg Pauwen · ‎02-23-2025

Hello,

you are running BGP between the ASR and a Juniper ? If so, post the full running configs of both...

spadhausen · ‎02-23-2025

The BGP config is very plain.

the juniper is directly connected via a DAC cable,

the other BGP that I want to do is a metroeth via BDI interface.

The conf is pretty simple:

router bgp 4200002110
bgp log-neighbor-changes
neighbor 100.127.254.57 remote-as xyz
neighbor 100.127.254.57 description MX204
neighbor 100.127.254.57 timers 10 30

The conf with the second peer via BDI is exactly the same!

If direct connect in the other end of the /30

neighbor 100.80.5.2 remote-as xyz
neighbor 100.80.5.2 description Remote_MT
neighbor 100.80.5.2 timers 10 30

Even if I set the "update-source" loopback or BDI doesnt connect. no difference.

If I connect via loopback I set the multihop.

guys, I know how to configure BGP on cisco, but this time I cant understand why it doesnt work. maybe ASR920 doesnt support bgp via BDI ?

Dr. Spadoni

paul driver · ‎02-23-2025

Hello
Can your confirm your topology as based on your OP as it doesn't seem correct?
Your bridging from a central rtr between two other rtrs correct?

Also eBGP peering via sourcing from either loopback of those two remote rtrs, and you have reachability to either loopback over that central bridge domain?

If so as long as that reachability is NOT via default routing then the bgp peering should establish as long as you have either defined eBGP TTL higher than 1 to reach the bgp sources or disabled that sanity check.

you mention telnet is not working can you confirm that session is to either loopback and for tcp port 179

From either bgp rtr
telnet <loopback x> 179 /source <loopback x> This needs to work and if it doesn’t then you have transit issue for bgp.

For basic BDI with/without a routed interface it would be something like this?

int port x & y
service instance 1 ethernet
encapsulation untagged
bridge-domain 1
no shut

interface BDI1 (optional)
ip address x.x.x.x y.y.y.y

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

spadhausen · ‎02-23-2025

I will try to make a diagram now and post in a couple of minutes.

Dr. Spadoni

spadhausen · ‎02-23-2025

CISCO vs MX204 - BGP works

ASR920 to MT (100.80.5.2) doesnt work

telnet from 100.80.5.1 to 100.80.5.2 doesnt work

I can reach the MT (100.80.2.201 is its loopback) via another link through juniper MX204,

100.80.2.110 to 100.80.2.201 via juniper (and another bunch of hops) to the MT works.

The telnet from the 100.80.5.1 to 100.80.5.2 via BDI doesnt work.

If I replace the cisco with a simple Mikrotik at 100.80.5.1, everything works, telnet, bgp and everything else as expected.

No filter involved. nothing nothing nothing.

If I set the BGP via loopback I set the static route, everything pings and traceroute correctly, but doesnt work. I dont see the packets from the Mikrotik side at 100.80.5.2, I dont see neither port 23 or 179. But I receive correctly the ICMP. No filter involved in the path.

Dr. Spadoni

paul driver · ‎02-24-2025

Hello
Thank you for the diagram, So you are bridging the cisco wan interface towards the juniper- correct?
As for the bgp not being supported for ASR looking at the CCO doc it does suggest it is supported.

What is interesting is that you are not able to telnet tcp 179 to either end rtr over the BDI which seem to suggest it is this thats causing the issue

Have you tried stripping that out and just make a basic untagged bridge with no L3 BDI?
Ive ran a similar setup using CSR rtrs and it works fine using the below BDI on the cisco

example:
interface Port-channel10
no ip address
service instance 100 ethernet
encapsulation untagged
bridge-domain 100

interface x/w
Description facing Juniper
no ip address
channel-group 10

interface x/y
Description facing Juniper
no ip address
channel-group 10

interface x/z
Description facing WAN
no ip address
service instance 100 ethernet
encapsulation untagged
bridge-domain 100

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

spadhausen · ‎02-24-2025

Hello

The "WAN" side to juniper is a plain LACP (port-channel interface), 2x10G cisco vs 2x10G in the mx204 juniper.

The real issue is when telnet/bgp occurs via BDI interface. It doesnt work, nor packet goes out there.

I will test to make a BDI interface towards juniper and will post the results here.

The question is not if the BGP works on the 920, but if BGP on a BDI interface is somewhat unsupported.

Dr. Spadoni

paul driver · ‎02-24-2025

Hello
TBH you've lost me...

The BDI is to bridge a certain interfaces and from your diagram thats the cisco facing wan(metro)
so my assumption was you are bridging the cisco wan addressing on towards the juniper meaning the bgp peering will be situated on the juniper, But from what your describing are you applying BDI on the metro facing cisco rtr which to me is not correct ...but as ive stated most probably im completely wrong in my thinking, what i can confirm is ive tested CSR rtrs IOS-XE and that works using BDI and portchannels and also verified that the CCO documentation states ASRs are supported also (although that documentation is based on 1000 models not 920s)

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

spadhausen · ‎02-24-2025

Nope

on the BDI interface nothing listens nor connects FROM the router.

Dr. Spadoni