Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2655
Views
0
Helpful
2
Replies

BGP CE <-> PE Route advertised to peer and advertised back again

kevinannies
Level 1
Level 1

‎01-08-2013 06:52 AM - edited ‎03-04-2019 06:37 PM

Here is some context to the scenario (note that I have snuffed some stuff as this is a real network with real public IP's)


The route is a directly connected LAN on the CE:


Code:

CE#show ip route | i 10.44.72.0/24
C        10.44.72.0/24 is directly connected, Vlan10



BGP config on CE


Code:

router bgp 65135
bgp log-neighbor-changes
bgp redistribute-internal
redistribute connected route-map CONNECTED <<<<<<<<route enters BGP process here
redistribute static route-map STATIC
neighbor X.X.X.49 remote-as X
neighbor X.X.X.49 description X
neighbor X.X.X.49 password 7 X
neighbor X.X.X.49 timers 15 45
neighbor X.X.X.49 send-community
neighbor X.X.X.49 allowas-in
neighbor X.X.X.49 route-map CE-FROM-PE-BACKUP in
neighbor X.X.X.49 route-map CE-TO-PE-BACKUP out <<<<<<<<<Community set here



Code:

CE#show run | section CE-TO-PE-BACKUP
neighbor X.X.X.49 route-map CE-TO-PE-BACKUP out
route-map CE-TO-PE-BACKUP deny 10
match community MPLUS-TRACKING
route-map CE-TO-PE-BACKUP permit 100
set metric 0
set community 65135:123 65135:456 additive <<<<<<<<<<community set



Over to the PE we receive the route via BGP with the attached communities.


Code:

PE#sh ip bgp vpnv4  vrf XXX 10.44.72.0/24
BGP routing table entry for X:X:10.44.72.0/24, version 703105176
Paths: (1 available, best #1, table XXX)
  Advertised to update-groups:
     1          45
  65135
    X.X.X.50 from X.X.X.50 (X.X.X.68) <<<<<<<<<<<<<<<<<<.68 is the loopback of the CE which is the Router-ID
      Origin incomplete, metric 0, localpref 150, valid, external, best
      Community: 65135:123 65135:456<<<<<<<<<<<<<<<<< here's our communities
      Extended Community: RT:X:X RT:X:X
      mpls labels in/out 1472/nolabel



But the PE advertises the route back again! Surely this is not supposed to happen.


Code:

PE#sh ip bgp vpnv4  vrf XXX neighbors X.X.X.50  advertised-routes  | include 10.44.72.0
*> 10.44.72.0/24    X.X.X.50              0    150      0 65135 ?



Our only protectection from this back on the CE is to filter the route using community we attached using an inbound route map


Code:

neighbor X.X.X.49 route-map CE-FROM-PE-BACKUP in



Code:

CE#show run | section CE-FROM-PE-BACKUP

route-map CE-FROM-PE-BACKUP deny 10<<<<<<<<<<<<<<DENY
match community SITE-ID
route-map CE-FROM-PE-BACKUP permit 100
set local-preference 90
set weight 100
set community no-export additive



Code:

CE#show ip community-list SITE-ID
Named Community standard list SITE-ID
    permit 65135:456 <<<<<<<<<<<<<<<<<<<

Any ideas on why this is happening? You help is greatly appreciated in advance.

Labels:
0 Helpful
2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎01-08-2013 07:06 AM

Hello Kevin,

this kind of behaviour has been reported before in the forums.

A wild guess is that because you are using neigh allowas-in on the CE node, the PE router BGP configuration has been tuned for this, and what you see is a side effect of allowing resending routes with your AS number to your device  on the PE node.

Hope to help

Giuseppe

0 Helpful

kevinannies
Level 1
Level 1
In response to Giuseppe Larosa

‎01-08-2013 08:12 AM

Hi Giuseppe,

Many thanks for taking the time out of your work to respond to my query.

Your wild guess is valid and it could be something to do with this though I cannot test this as its a live network.

The issue happens for multiple customers on the same PE.

I have compared another PE which was implemented using the same commands (as overide on PE and allow-as in on CE and I don't get the same results. It something specific to this solution and i'm thinking it might be the PE itself.

PE#show ip bgp vpnv4 vrf XXX neighb X.X.X.X routes  | i 10.160.184

*> 10.160.184.0/29  X.X.X.186             0    170      0 65135 ?

PE#show ip bgp vpnv4 vrf XXX neighb X.X.X.186 advertised-routes | i 10.160.184

CE config

router bgp 65135

no synchronization

bgp log-neighbor-changes

redistribute connected route-map MARK-CONNECTED

redistribute static route-map MARK-STATIC

neighbor X.X.X.185 remote-as 4589

neighborX.X.X.185 description Fa1/2/4:X

neighbor X.X.X.185 password 7 X

neighbor X.X.X.185 timers 15 45

neighborX.X.X.185 send-community

neighborX.X.X.185 allowas-in

neighborX.X.X.185 route-map CE-FROM-PE in

neighbor X.X.X.185 route-map CE-TO-PE out

neighborX.X.X.185 maximum-prefix 1000

Also if you have the links to the old threads relating to this I will read those to see if I can glean more information.

It seems to be an issue specifically with this PE (7206VXR running 12.2(31)SB18). I will check for known bugs in the meantime.

Thanks once again

Regards

Kevin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card