04-10-2013 02:46 PM - edited 03-04-2019 07:33 PM
Hi,
I have a lab setup where I am running 2 MPLS clouds with a 3rd tier path over DMVPN. The routing over MPLS works fine, local preferences and AS path prepending take care of the path selection using route-maps to differentiate traffic types.
The hub and spokes are each in unique private AS's.
The issue I have is that the VPNs from the spoke to the hub will come up but I'm seeing eBGP routes across them that I want a longer AS-PATH value stamped on. Just like the MPLS paths I want to be able to filter on ^$ so only local networks are advertised from each location. The VPN appears to be the exception.
Stamping local preferences works fine across the VPN and I can see the intended values for routes coming in.
Stamping the AS-PATH prepends on the VPN neighbor however completely removes those routes from the advertisements into the VPN cloud as well as from the hub's bgp table. The VPN doesn't go down however.
I've tried using progressively simplified versions of the route-map:
ip as-path access-list 1 permit ^$
ip as-path access-list 8 permit ^$
access-list 1 permit any
access-list 8 permit 10.8.x.x
neighbor 10.0.255.2 (hub IP) route-map VPN_as_pass out
route-map VPN_as_pass permit 10
match ip address 8
match as-path 8
set as-path prepend 64000 64000 64000 64000 64000 64000 64000 64000
!
route-map VPN_as_pass permit 20
match ip address 1
match as-path 1
set as-path prepend 64000 64000 64000 64000 64000 64000 64000
OR
!
route-map VPN_as_pass permit 20
match ip address 1
match as-path 1
set as-path prepend 64000 64000 64000 64000 64000 64000 64000
OR
!
route-map VPN_as_pass permit 20
set as-path prepend 64000 64000 64000 64000 64000 64000 64000
The only thing that brings the routes back on the hub end is removing the neighbor statement with the route-map VPN_as_pass from the spoke.
I am starting to think there is some special multicast or unicast behaviour over GRE when route advertisements are put thru a routemap. Stamping values on inbound routes doesn't affect the VPN or BGP, only outbound.
Comments?
Carl King
04-18-2013 07:04 AM
Hello Carl,
This is weird behaviour, could you post entire config of hub and spokes or entire GNS project?
Best Regards
Please rate all helpful posts and close solved questions
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide