ISP and INT1 and PE1 have the

Brad Nightingale · ‎12-09-2015

Hi

I have a network whereby my Internet edge router is peering with our ISP. All I am recieving from them is a default route - thats all I want. Lets call our router INT1.

INT1 then peers as a route-reflector-client to PE1 inside our network and advertises it the default. Great this works 100%.

The issue I have is that from PE1 across to PE2 we have MP-iBGP running. I can get ALL routes from PE1 onto PE2 except for the default, not matter what I do. PE1 has routes that it has redistributed from OSPF it has learned from VRF interfaces attached on PE1 directly.

What I am getting on PE2 is the following:

*Dec 9 22:23:13.287: BGP: 172.21.16.5 martian network 59392:0:16777216:0.0.0.0/-24 received - ignored

I get the reason why its being rejected is because this is seen as a martian network, the question is why? I have done some digging and have attached a wireshark trace of the update details. The output is weirdsaying there is a prefix length invalid. It would appear to leave the PE1 router alright. All other prefixs are learned on PE2 fine. This would indicate a drop of some information in the NLRI prefix, but why would it drop this info if all other prefixes are fine? I have done this in our live environment as well as GNS3 and the result is the same.

Any thioughts on this would be appreciated. I need control over my routing and therefore I am avoiding using static routes, or OSPF betwen INT1 and PE1.

Thanks

Brad

Masoud Pourshabanian · ‎12-09-2015

Hello,

It seems odd to me. Why would bgp residtribute default route with prefix of /24? Please share your config and topology. There is a command under BGP that allows martin route, but it is not helpfull in this situation.

Masoud

Brad Nightingale · ‎12-09-2015

Yes this is what I wondered - Im assuming that is what the -24 means in the martian route error. ASR9k has something that allows the martian check. I cant give too much away as this is our production network, but I will say the topo is basically:

ISP<--->INT1<--->PE1<---MPLSP2PLink--->PE2

Essentially INT1 can be considered a CE router that happens to be peering. I have read a lot about doing default routing using statics / OSPF and then redist this on the PE, but Would rather not do this.

Masoud Pourshabanian · ‎12-09-2015

Correct me If I am wrong.

ISP sends default route to INIT1 by BGP.

Between INIT1 and under that customer VRF, you have configured IBGP.

INIT1 sends default route by RR to IBGP

Now, MP-BGP should advertises the default route to PE2 customer VRF.

How OSPF is related to customer VRF ?

Masoud

Brad Nightingale · ‎12-09-2015

Yes your assessment is correct. My comment regarding OSPF was only me saying I have heard that other people use OSPF thats all. OSPF is not implemented in my network, except as necessary across the MPLS network for LDP

Masoud Pourshabanian · ‎12-09-2015

Let me try a scenario and get back to you.

Masoud

Brad Nightingale · ‎12-09-2015

Thanks - I have been looking into this all day today and cant sort - if you can set something up and let me know how you go that would be awesome.

Masoud Pourshabanian · ‎12-09-2015

ISP and INT1 and PE1 have the same AS number?

ISP router BGP 100

INT1 router BGP 100

PE1 router BGP 100

or

ISP router BGP 100

INT1 router BGP 100

PE1 router BGP 200

?

Brad Nightingale · ‎12-09-2015

PE1, PE2, INT1 all have the same AS. ISP is our upstream Service Provider and has a different AS.

Masoud Pourshabanian · ‎12-10-2015

I misunderstood at first. I thought you have set

Neighbour x.x.x.x route-reflector-client on INT1

It should be on PE1 under VRF. Is it correct?

It is on PE1?

Brad Nightingale · ‎12-10-2015

Yes it should be on PE1 with INT1 as a route-reflector-client of PE1

Masoud Pourshabanian · ‎12-10-2015

I am testing it on GNS. I faced a problem. I need to set internal-vpn-client as well as route-refletor-client on PE; however, my IOS does not support it.

Did you set internal-vpn-client on PE? Which IOS and router are you using ON GNS?

Brad Nightingale · ‎12-10-2015

I am using the 7200 with the following details:

(C7200-ADVENTERPRISEK9-M), Version 15.2(4)S3

I see that command is only avaliable for :15.4(1)T

What does that command do though? Do I need that? I have had a brief look and see its a new command.

Masoud Pourshabanian · ‎12-10-2015

Route-reflector advertise routes from PE to CE.

internal-vpn-client advertises route from PE(VRF) to another PE when IBGP between PE and CE is used.

Before this command, Cisco did not support IBGP between CE and PE.

So how do you advertise routes received from ITIN to PE2. By default, PE1 does not advertises the routes.

Brad Nightingale · ‎12-10-2015

Thank you so much - it looks like then this is what the issue is based on what you are saying. I will not be able to prove this though until I upgrade PE1. What I will do, in the mean time, is I will setup a static route on my PE1 router and redistribute this into the MPLS so that I get that on PE2. INT1 is indeed "acting" as a CE router and all its advertising to PE1 is a default route (thats all I need). So until I upgrade my PE1 IOS to 15.4 I will setup a static. Ill le tyou know how I go.

Thanks.

BGP CE-to-PE Default Route Behaviour