cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
2377
Views
0
Helpful
2
Replies
kevinannies
Beginner

BGP CE <-> PE Route advertised to peer and advertised back again

Here is some context to the scenario (note that I have snuffed some stuff as this is a real network with real public IP's)


The route is a directly connected LAN on the CE:


Code:

CE#show ip route | i 10.44.72.0/24
C        10.44.72.0/24 is directly connected, Vlan10



BGP config on CE


Code:

router bgp 65135
bgp log-neighbor-changes
bgp redistribute-internal
redistribute connected route-map CONNECTED <<<<<<<<route enters BGP process here
redistribute static route-map STATIC
neighbor X.X.X.49 remote-as X
neighbor X.X.X.49 description X
neighbor X.X.X.49 password 7 X
neighbor X.X.X.49 timers 15 45
neighbor X.X.X.49 send-community
neighbor X.X.X.49 allowas-in
neighbor X.X.X.49 route-map CE-FROM-PE-BACKUP in
neighbor X.X.X.49 route-map CE-TO-PE-BACKUP out <<<<<<<<<Community set here



Code:

CE#show run | section CE-TO-PE-BACKUP
neighbor X.X.X.49 route-map CE-TO-PE-BACKUP out
route-map CE-TO-PE-BACKUP deny 10
match community MPLUS-TRACKING
route-map CE-TO-PE-BACKUP permit 100
set metric 0
set community 65135:123 65135:456 additive <<<<<<<<<<community set



Over to the PE we receive the route via BGP with the attached communities.


Code:

PE#sh ip bgp vpnv4  vrf XXX 10.44.72.0/24
BGP routing table entry for X:X:10.44.72.0/24, version 703105176
Paths: (1 available, best #1, table XXX)
  Advertised to update-groups:
     1          45
  65135
    X.X.X.50 from X.X.X.50 (X.X.X.68) <<<<<<<<<<<<<<<<<<.68 is the loopback of the CE which is the Router-ID
      Origin incomplete, metric 0, localpref 150, valid, external, best
      Community: 65135:123 65135:456<<<<<<<<<<<<<<<<< here's our communities
      Extended Community: RT:X:X RT:X:X
      mpls labels in/out 1472/nolabel



But the PE advertises the route back again! Surely this is not supposed to happen.


Code:

PE#sh ip bgp vpnv4  vrf XXX neighbors X.X.X.50  advertised-routes  | include 10.44.72.0
*> 10.44.72.0/24    X.X.X.50              0    150      0 65135 ?



Our only protectection from this back on the CE is to filter the route using community we attached using an inbound route map


Code:

neighbor X.X.X.49 route-map CE-FROM-PE-BACKUP in



Code:

CE#show run | section CE-FROM-PE-BACKUP

route-map CE-FROM-PE-BACKUP deny 10<<<<<<<<<<<<<<DENY
match community SITE-ID
route-map CE-FROM-PE-BACKUP permit 100
set local-preference 90
set weight 100
set community no-export additive



Code:

CE#show ip community-list SITE-ID
Named Community standard list SITE-ID
    permit 65135:456 <<<<<<<<<<<<<<<<<<<

Any ideas on why this is happening? You help is greatly appreciated in advance.

2 REPLIES 2
Giuseppe Larosa
Hall of Fame Master

Hello Kevin,

this kind of behaviour has been reported before in the forums.

A wild guess is that because you are using neigh allowas-in on the CE node, the PE router BGP configuration has been tuned for this, and what you see is a side effect of allowing resending routes with your AS number to your device  on the PE node.

Hope to help

Giuseppe

Hi Giuseppe,

Many thanks for taking the time out of your work to respond to my query.

Your wild guess is valid and it could be something to do with this though I cannot test this as its a live network.

The issue happens for multiple customers on the same PE.

I have compared another PE which was implemented using the same commands (as overide on PE and allow-as in on CE and I don't get the same results. It something specific to this solution and i'm thinking it might be the PE itself.

PE#show ip bgp vpnv4 vrf XXX neighb X.X.X.X routes  | i 10.160.184

*> 10.160.184.0/29  X.X.X.186             0    170      0 65135 ?

PE#show ip bgp vpnv4 vrf XXX neighb X.X.X.186 advertised-routes | i 10.160.184

CE config

router bgp 65135

no synchronization

bgp log-neighbor-changes

redistribute connected route-map MARK-CONNECTED

redistribute static route-map MARK-STATIC

neighbor X.X.X.185 remote-as 4589

neighborX.X.X.185 description Fa1/2/4:X

neighbor X.X.X.185 password 7 X

neighbor X.X.X.185 timers 15 45

neighborX.X.X.185 send-community

neighborX.X.X.185 allowas-in

neighborX.X.X.185 route-map CE-FROM-PE in

neighbor X.X.X.185 route-map CE-TO-PE out

neighborX.X.X.185 maximum-prefix 1000

Also if you have the links to the old threads relating to this I will read those to see if I can glean more information.

It seems to be an issue specifically with this PE (7206VXR running 12.2(31)SB18). I will check for known bugs in the meantime.

Thanks once again

Regards

Kevin