Assistance needed for BGP in MPLS/VRF

tahscolony · ‎02-08-2016

I am working on setting up a pair of routers in a lab for a future upcoming deployment in VRF. One router will be at one building, the other will be in another building, the connection between them will terminate on switches that are backboned together between buildings. On each router will be a trunked interface going to the switches, on the switches will be trunks going to another pair of switches to another state, basically a complete L2 loop, which will have VLAN's terminated on the routers. Each vlan will be a segmented netwrok, several will be in the same VRF, but there will be others that will be in different vrf that will be public networks. The routers will have a GB connection to an ISP using BGP. SO I have a vrf called Public, and another vrf called External. The Public will have the 2 GB connections to the ISP, one router will be the master, the other the standby, the External will have our address space, along with a cloud providers address space which we will receive their public network routes, and we will advertise them ours, so all the "Internet" traffic between the provider and us will travel over the switched network back to them, so I filtered their routes out from public received routes in the External vrf. This way our routes are exported to Public, the cloud networks are filtered so we don't advertise them to the ISP, and are costed more direct over the L2, there will be a VPN with weighted BGP in case of L2 failure.

On the Public side, what I need to do that I am having a little problem with, auto failover of BGP. If the primary link to the ISP fails, the default route is not switching to the standby router, it totally disappears, so I don't know if thats because of the MPLS configuration, or if I configured the BGP incorrect on the ISP router(this is all lab based at the moment).

Second, the filter for route exporting between External and Public only works properly if I reboot the router. IOW if I add or remove a network from the ACL, it does not get added or removed from the Public routing table unless I reboot the router.

I attached the 4 configurations from the routers in use. They interconnect via trunks through switches. One switch has a vlan with an IP address used for the faux default route of 6.6.6.2 to test routing.

These will connect to our core on a single VLAN on the Internal vrf and neighbor up with the existing OSPF. That part is working OK, its the external side I need to clean up and make working perfectly.

Giuseppe Larosa · ‎02-09-2016

Hello tahscolony,

you would be very kind and find much more help if you can add a network diagram to the attached files, in jpeg format is preferred, because not everyone has MS visio on his/her PC.

I see some strange command combinations:

A) on both main-mpls and standby-mpls you have a CE router in vrf Public that has your own BGP AS number. This was not permitted once.

B) on standby-mpls why you rise the weight from default 0 to 100 and at the same time you try to prepend AS 4242 twice 4242 4242 for certain prefixes. This is not clear to me.

A network diagram would be helpful

Hope to help

Giuseppe

paul driver · ‎02-09-2016

Apologies Giuseppe

I didnt see you reply ,

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Giuseppe Larosa · ‎02-09-2016

Hello Paul,

no problems at all !

We are saying the same thing, that the original poster should add a network diagram.

Best Regards

Giuseppe

tahscolony · ‎02-09-2016

Yeah I guess a diagram would be helpful. I forgot about the permit statement. The prepend I couldnt see working on the cloud router. The goal is to weight the standby router as a secondary link to force the traffic to the primary router. the 4242 is the cloud network, the 4141 is the internet network.

tahscolony · ‎02-09-2016

One thing I noticed though, looks like the weighting works on the PE,

oute Distinguisher: 1000:200 (default for vrf Internal)
* i10.0.10.0/24     10.10.100.2              0    100      0 ?
*>                  0.0.0.0                  0         32768 ?
* i10.80.100.1/32   10.10.100.2              2    100      0 ?
*>                  0.0.0.0                  0         32768 ?
*> 10.80.100.2/32   10.0.10.2                2         32768 ?
* i                 10.10.100.2              0    100      0 ?
* i10.80.100.3/32   10.10.100.2              2    100      0 ?
*>                  10.0.10.3                2         32768 ?
*> 172.16.0.0       10.11.100.0              0             0 4242 i
* i                 10.10.100.2              0    100      0 4242 4242 4242 i
*> 172.17.0.0       10.11.101.0              0             0 4242 i
* i                 10.10.100.2              0    100      0 4242 4242 4242 i
*> 172.18.0.0       10.11.102.0              0             0 4242 i
* i                 10.10.100.2              0    100      0 4242 4242 4242 i

So one or the other needs to be removed, either the prepend statement, or the weight, IOW I shouldn't have both in play.

tahscolony · ‎02-09-2016

OK, this is a puzzler,

*> 66.66.88.0/24 50.60.70.3 0 100 64518 64518 i
* 50.60.70.1 0 0 64518 i

Why is it preferring the weighted route?

paul driver · ‎02-09-2016

Hello

looking at you configuration , some things dont seem correct - Its a bit hard trying to troubleshoot without some sort of topology diagram -

If applicable can you one share please

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

tahscolony · ‎02-09-2016

I think I found the solution that appears to be working for me. I removed vrf External, and just lumped them all into Public. Using a distribute list I filter out what to advertise to who, still have one more to do to filter out default traffic to the Cloud, but failover is now working. I would like to be able to speed up the switchover, so it doesn't take so long to change default route, but still want to prevent route flapping. So is there a way to have it switch to the other router quickly, yet fail back slowly?

This is the configuration that worked. I will reconfigure the Internal to be more like this for weighting the routes.

address-family ipv4 vrf Public
neighbor 50.60.70.0 remote-as 4242
neighbor 50.60.70.0 activate

neighbor 55.66.77.1 distribute-list 3 out
neighbor 55.66.77.1 remote-as 4141
neighbor 55.66.77.1 activate
neighbor 55.66.77.1 distribute-list 2 out
no synchronization
network 0.0.0.0
network 66.66.88.0 mask 255.255.255.0
exit-address-family