01-08-2013 06:52 AM - edited 03-04-2019 06:37 PM
Here is some context to the scenario (note that I have snuffed some stuff as this is a real network with real public IP's)
The route is a directly connected LAN on the CE:
Code:
CE#show ip route | i 10.44.72.0/24
C 10.44.72.0/24 is directly connected, Vlan10
BGP config on CE
Code:
router bgp 65135
bgp log-neighbor-changes
bgp redistribute-internal
redistribute connected route-map CONNECTED <<<<<<<<route enters BGP process here
redistribute static route-map STATIC
neighbor X.X.X.49 remote-as X
neighbor X.X.X.49 description X
neighbor X.X.X.49 password 7 X
neighbor X.X.X.49 timers 15 45
neighbor X.X.X.49 send-community
neighbor X.X.X.49 allowas-in
neighbor X.X.X.49 route-map CE-FROM-PE-BACKUP in
neighbor X.X.X.49 route-map CE-TO-PE-BACKUP out <<<<<<<<<Community set here
Code:
CE#show run | section CE-TO-PE-BACKUP
neighbor X.X.X.49 route-map CE-TO-PE-BACKUP out
route-map CE-TO-PE-BACKUP deny 10
match community MPLUS-TRACKING
route-map CE-TO-PE-BACKUP permit 100
set metric 0
set community 65135:123 65135:456 additive <<<<<<<<<<community set
Over to the PE we receive the route via BGP with the attached communities.
Code:
PE#sh ip bgp vpnv4 vrf XXX 10.44.72.0/24
BGP routing table entry for X:X:10.44.72.0/24, version 703105176
Paths: (1 available, best #1, table XXX)
Advertised to update-groups:
1 45
65135
X.X.X.50 from X.X.X.50 (X.X.X.68) <<<<<<<<<<<<<<<<<<.68 is the loopback of the CE which is the Router-ID
Origin incomplete, metric 0, localpref 150, valid, external, best
Community: 65135:123 65135:456<<<<<<<<<<<<<<<<< here's our communities
Extended Community: RT:X:X RT:X:X
mpls labels in/out 1472/nolabel
But the PE advertises the route back again! Surely this is not supposed to happen.
Code:
PE#sh ip bgp vpnv4 vrf XXX neighbors X.X.X.50 advertised-routes | include 10.44.72.0
*> 10.44.72.0/24 X.X.X.50 0 150 0 65135 ?
Our only protectection from this back on the CE is to filter the route using community we attached using an inbound route map
Code:
neighbor X.X.X.49 route-map CE-FROM-PE-BACKUP in
Code:
CE#show run | section CE-FROM-PE-BACKUP
route-map CE-FROM-PE-BACKUP deny 10<<<<<<<<<<<<<<DENY
match community SITE-ID
route-map CE-FROM-PE-BACKUP permit 100
set local-preference 90
set weight 100
set community no-export additive
Code:
CE#show ip community-list SITE-ID
Named Community standard list SITE-ID
permit 65135:456 <<<<<<<<<<<<<<<<<<<
Any ideas on why this is happening? You help is greatly appreciated in advance.
01-08-2013 07:06 AM
Hello Kevin,
this kind of behaviour has been reported before in the forums.
A wild guess is that because you are using neigh allowas-in on the CE node, the PE router BGP configuration has been tuned for this, and what you see is a side effect of allowing resending routes with your AS number to your device on the PE node.
Hope to help
Giuseppe
01-08-2013 08:12 AM
Hi Giuseppe,
Many thanks for taking the time out of your work to respond to my query.
Your wild guess is valid and it could be something to do with this though I cannot test this as its a live network.
The issue happens for multiple customers on the same PE.
I have compared another PE which was implemented using the same commands (as overide on PE and allow-as in on CE and I don't get the same results. It something specific to this solution and i'm thinking it might be the PE itself.
PE#show ip bgp vpnv4 vrf XXX neighb X.X.X.X routes | i 10.160.184
*> 10.160.184.0/29 X.X.X.186 0 170 0 65135 ?
PE#show ip bgp vpnv4 vrf XXX neighb X.X.X.186 advertised-routes | i 10.160.184
CE config
router bgp 65135
no synchronization
bgp log-neighbor-changes
redistribute connected route-map MARK-CONNECTED
redistribute static route-map MARK-STATIC
neighbor X.X.X.185 remote-as 4589
neighborX.X.X.185 description Fa1/2/4:X
neighbor X.X.X.185 password 7 X
neighbor X.X.X.185 timers 15 45
neighborX.X.X.185 send-community
neighborX.X.X.185 allowas-in
neighborX.X.X.185 route-map CE-FROM-PE in
neighbor X.X.X.185 route-map CE-TO-PE out
neighborX.X.X.185 maximum-prefix 1000
Also if you have the links to the old threads relating to this I will read those to see if I can glean more information.
It seems to be an issue specifically with this PE (7206VXR running 12.2(31)SB18). I will check for known bugs in the meantime.
Thanks once again
Regards
Kevin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide