Solved: BGP with two RR

Calob · ‎06-14-2019

im trying to test a BGP topology with two Route Reflctor, but im facing a problem, i don't know why my RR client don't receive updates.

couple of information about the topology:

im using the same BGP cluster ID on the RR in AS 500

both RR (R5/R6) are peered with all IBGP peers.

when i advertise ISP1 routes into BGP, the RR get's the updates but don't send them to RR Client,

from what i know, a route learned from a client can be forwarded to another EBGP neighbor, client and non-client.

when i run show ip bgp summary: everyting looks fine,

i don't know what's stopping the RR from sending updates to clients.

im using GNS3, IOU3 adventerprisek9-15.5.2T

thanks in advance

###### Router Interfaces Configuration & OSPF
R1
Conf t
Inter eth 0/0
Ip address 17.9.1.2 255.255.255.252
No shut
Inter eth 0/1
Ip address 17.9.1.6 255.255.255.252
No shut
Inter eth 0/2
Ip address 10.1.1.1 255.255.255.252
Ip ospf hello-interval 1
Ip ospf dead-interval 3
No shut
Inter eth 0/3
Ip address 10.1.1.5 255.255.255.252
Ip ospf hello-interval 1
Ip ospf dead-interval 3
No shut
Inter eth 1/0
Ip address 10.1.1.17 255.255.255.252
Ip ospf hello-interval 1
Ip ospf dead-interval 3
No shut
exit
Interface loopback 0
Ip address 11.11.11.11 255.255.255.255
exit
Router ospf 1
Network 10.1.1.1 0.0.0.0 area 0
Network 10.1.1.5 0.0.0.0 area 0
Network 10.1.1.17 0.0.0.0 area 0
Network 17.9.1.0 0.0.0.255 area 0
Network 11.11.11.11 0.0.0.0 area 0
# not form neighborship with ISP
Passive-interface ether 0/0
Passive-interface ether 0/1
exit

R2
Conf t
Inter eth 0/0
Ip address 180.1.5.2 255.255.255.252
No shut
Inter eth 0/1
Ip address 180.1.5.6 255.255.255.252
No shut
Inter eth 0/2
Ip address 10.1.1.2 255.255.255.252
Ip ospf hello-interval 1
Ip ospf dead-interval 3
No shut
Inter eth 0/3
Ip address 10.1.1.13 255.255.255.252
Ip ospf hello-interval 1
Ip ospf dead-interval 3
No shut
Inter eth 1/0
Ip address 10.1.1.21 255.255.255.252
Ip ospf hello-interval 1
Ip ospf dead-interval 3
No shut
Interface loopback 0
Ip address 22.22.22.22 255.255.255.255
exit
Router ospf 1
Network 10.1.1.2 0.0.0.0 area 0
Network 10.1.1.13 0.0.0.0 area 0
Network 10.1.1.21 0.0.0.0 area 0
Network 180.1.5.0 0.0.0.255 area 0
Network 22.22.22.22 0.0.0.0 area 0
Passive-interface eth 0/0
Passive-interface eth 0/1
EXIT

R3
Conf t
Inter ether 0/0
Ip address 10.1.1.6 255.255.255.252
Ip ospf hello-interval 1
Ip ospf dead-interval 3
No shut
Inter ether 0/1
Ip address 10.1.1.9 255.255.255.252
Ip ospf hello-interval 1
Ip ospf dead-interval 3
No shut
Inter ether 0/2
Ip address 10.1.1.25 255.255.255.252
Ip ospf hello-interval 1
Ip ospf dead-interval 3
No shut
Inter eth 0/3
Ip address 150.1.0.2 255.255.255.252
No shut
Interface loopback 0
Ip address 33.33.33.33 255.255.255.255
exit
Router ospf 1
Router-id 33.33.33.33
Network 33.33.33.33 0.0.0.0 area 0
Network 10.1.1.6 0.0.0.0 area 0
Network 10.1.1.9 0.0.0.0 area 0
Network 10.1.1.25 0.0.0.0 area 0
EXIT

R4
Conf t
Inter ether 0/0
Ip address 10.1.1.14 255.255.255.252
Ip ospf hello-interval 1
Ip ospf dead-interval 3
No shut
Inter ether 0/1
Ip address 10.1.1.10 255.255.255.252
Ip ospf hello-interval 1
Ip ospf dead-interval 3
No shut
Inter ether 0/2
Ip address 10.1.1.29 255.255.255.252
Ip ospf hello-interval 1
Ip ospf dead-interval 3
No shut
Interface loopback 0
Ip address 44.44.44.44 255.255.255.255
exit
Router ospf 1
Router-id 44.44.44.44
Network 44.44.44.44 0.0.0.0 area 0
Network 10.1.1.10 0.0.0.0 area 0
Network 10.1.1.14 0.0.0.0 area 0
Network 10.1.1.29 0.0.0.0 area 0
EXIT

R5
Conf t
Inter ether 0/0
Ip address 10.1.1.18 255.255.255.252
Ip ospf hello-interval 1
Ip ospf dead-interval 3
No shut
Inter ether 0/1
Ip address 10.1.1.26 255.255.255.252
Ip ospf hello-interval 1
Ip ospf dead-interval 3
No shut
Inter eth 0/2
Ip address 10.1.1.33 255.255.255.252
Ip ospf hello-interval 1
Ip ospf dead-interval 3
Interface loopback 0
Ip address 55.55.55.55 255.255.255.255
exit
Router ospf 1
Router-id 55.55.55.55
Network 55.55.55.55 0.0.0.0 area 0
Network 10.1.1.18 0.0.0.0 area 0
Network 10.1.1.26 0.0.0.0 area 0
Network 10.1.1.33 0.0.0.0 area 0
EXIT

R6
Conf t
Inter ether 0/0
Ip address 10.1.1.22 255.255.255.252
Ip ospf hello-interval 1
Ip ospf dead-interval 3
No shut
Inter ether 0/1
Ip address 10.1.1.30 255.255.255.252
Ip ospf hello-interval 1
Ip ospf dead-interval 3
No shut
Inter eth 0/2
Ip address 10.1.1.34 255.255.255.252
Ip ospf hello-interval 1
Ip ospf dead-interval 3
Interface loopback 0
Ip address 66.66.66.66 255.255.255.255
Exit
Router ospf 1
Router-id 66.66.66.66
Network 66.66.66.66 0.0.0.0 area 0
Network 10.1.1.22 0.0.0.0 area 0
Network 10.1.1.30 0.0.0.0 area 0
Network 10.1.1.34 0.0.0.0 area 0

#### ISPs interface & EBGP peering configuration
ISP1
Conf t
Inter ether 0/0
Ip address 17.9.1.1 255.255.255.252
No shut
Int ether 0/1
Ip address 17.9.1.5 255.255.255.252
No shut
Inter Loopback 0
Ip address 1.1.1.1 255.255.255.255
Inter Loopback 1
Ip address 1.1.2.1 255.255.255.255
Inter Loopback 2
Ip address 1.1.3.1 255.255.255.255
Inter Loopback 3
Ip address 1.1.4.1 255.255.255.255
Inter Loopback 4
Ip address 1.1.5.1 255.255.255.255
Inter Loopback 5
Ip address 1.1.6.1 255.255.255.255
Inter Loopback 6
Ip address 1.1.7.1 255.255.255.255
Exit
Ip route 11.11.11.11 255.255.255.255 17.9.1.2
Ip route 11.11.11.11 255.255.255.255 17.9.1.6
Router bgp 200
Neighbor 11.11.11.11 remote-as 500
Neighbor 11.11.11.11 Description LINK-R1
Neighbor 11.11.11.11 ebgp-multihop 2
Neighbor 11.11.11.11 update-source loopback 0
Neighbor 11.11.11.11 password 0 cisco

ISP2
Conf t
Inter ether 0/0
Ip address 180.1.5.1 255.255.255.252
No shut
Int ether 0/1
Ip address 180.1.5.5 255.255.255.252
No shut
Inter Loopback 0
Ip address 2.2.1.1 255.255.255.255
Inter Loopback 1
Ip address 2.2.2.2 255.255.255.255
Inter Loopback 2
Ip address 2.2.3.1 255.255.255.255
Inter Loopback 3
Ip address 2.2.4.1 255.255.255.255
Inter Loopback 4
Ip address 2.2.5.1 255.255.255.255
Inter Loopback 5
Ip address 2.2.6.1 255.255.255.255
Inter Loopback 6
Ip address 2.2.7.1 255.255.255.255
Exit
Ip route 22.22.22.22 255.255.255.255 180.1.5.2
Ip route 22.22.22.22 255.255.255.255 180.1.5.9
!
Router bgp 300
Neighbor 22.22.22.22 remote-as 500
Neighbor 22.22.22.22 Description LINK-NLBR2
Neighbor 22.22.22.22 update-source loopb 1
Neighbor 22.22.22.22 ebgp-multihop 2
Neighbor 22.22.22.22 password 0 cisco

R1
Conf t
Ip route 1.1.1.1 255.255.255.255 17.9.1.1
Ip route 1.1.1.1 255.255.255.255 17.9.1.5
!
Router bgp 500
Neighbor 1.1.1.1 remote-as 200
Neighbor 1.1.1.1 Description LINK-ISP1
Neighbor 1.1.1.1 update-source loopback 0
Neighbor 1.1.1.1 ebgp-multihop 2
Neighbor 1.1.1.1 password 0 cisco

R2
Conf t
Ip route 2.2.2.2 255.255.255.255 180.1.5.1
Ip route 2.2.2.2 255.255.255.255 180.1.5.10
!
Router bgp 500
Neighbor 2.2.2.2 remote-as 300
Neighbor 2.2.2.2 descr LINK-ISP2
Neighbor 2.2.2.2 update-source loopback 0
Neighbor 2.2.2.2 ebgp-multihop 2
Neighbor 2.2.2.2 password 0 cisco

##### IBGP PEERING & RR Configuration
R1
Conf t
Router bgp 500
Neighbor 55.55.55.55 remote-as 500
Neighbor 55.55.55.55 update-source loopb 0
Neighbor 55.55.55.55 description LINK-R5
!
Neighbor 66.66.66.66 remote-as 500
Neighbor 66.66.66.66 update-source loopb 0
Neighbor 66.66.66.66 description LINK-R6
No synchronization
#######
R3
Conf t
Router bgp 500
Neighbor 55.55.55.55 remote-as 500
Neighbor 55.55.55.55 update-source loopb 0
Neighbor 55.55.55.55 description LINK-R5
!
Neighbor 66.66.66.66 remote-as 500
Neighbor 66.66.66.66 update-source loopb 0
Neighbor 66.66.66.66 description LINK-R6
No synchronization

R2
Conf t
Router bgp 500
Neighbor 55.55.55.55 remote-as 500
Neighbor 55.55.55.55 update-source loopb 0
Neighbor 55.55.55.55 description LINK-R5
!
Neighbor 66.66.66.66 remote-as 500
Neighbor 66.66.66.66 update-source loopb 0
Neighbor 66.66.66.66 description LINK-R6
No synchronization
######
R4
Conf t
Router bgp 500
Neighbor 55.55.55.55 remote-as 500
Neighbor 55.55.55.55 update-source loopb 0
Neighbor 55.55.55.55 description LINK-R5
!
Neighbor 66.66.66.66 remote-as 500
Neighbor 66.66.66.66 update-source loopb 0
Neighbor 66.66.66.66 description LINK-R6
No synchronization

R5
Router bgp 500
Bgp cluster-id 55.55.55.55
Neighbor 11.11.11.11 remote-as 500
Neighbor 11.11.11.11 update-source loop 0
Neighbor 11.11.11.11 description LINK-R1
Neighbor 11.11.11.11 route-reflector-client
!
Neighbor 22.22.22.22 remote-as 500
Neighbor 22.22.22.22 update-source loopb 0
Neighbor 22.22.22.22 description LINK-R2
Neighbor 22.22.22.22 route-reflector-client
!
Neighbor 33.33.33.33 remote-as 500
Neighbor 33.33.33.33 update-source loopb 0
Neighbor 33.33.33.33 description LINK-R3
Neighbor 33.33.33.33 route-reflector-client
!
Neighbor 44.44.44.44 remote-as 500
Neighbor 44.44.44.44 update-source loopb 0
Neighbor 44.44.44.44 description LINK-R4
Neighbor 44.44.44.44 route-reflector-client
!
No synchronization

R6
Router bgp 500
Bgp cluster-id 55.55.55.55
Neighbor 11.11.11.11 remote-as 500
Neighbor 11.11.11.11 update-source loop 0
Neighbor 11.11.11.11 description LINK-R1
Neighbor 11.11.11.11 route-reflector-client
!
Neighbor 22.22.22.22 remote-as 500
Neighbor 22.22.22.22 update-source loopb 0
Neighbor 22.22.22.22 description LINK-R2
Neighbor 22.22.22.22 route-reflector-client
!
Neighbor 33.33.33.33 remote-as 500
Neighbor 33.33.33.33 update-source loopb 0
Neighbor 33.33.33.33 description LINK-R3
Neighbor 33.33.33.33 route-reflector-client
!
Neighbor 44.44.44.44 remote-as 500
Neighbor 44.44.44.44 update-source loopb 0
Neighbor 44.44.44.44 description LINK-R4
Neighbor 44.44.44.44 route-reflector-client
!
No synchronization

####### Advertise ISP1/ISP2 routes into BGP using a route-map
ISP1
Conf t
Ip access-list standard LOOPBACKs
Permit 1.1.0.0 0.0.255.255
Exit
Route-map FILT_RTS
Match ip address LOOPBACKs
exit
Router bgp 200
Redistribute connected route-map FILT_RTS

ISP2
Conf t
Ip access-list standard LOOPBACKs
Permit 2.2.0.0 0.0.255.255
Exit
Route-map FILT_RTS
Match ip address LOOPBACKs
exit
Router bgp 300RoutingBGP
Redistribute connected route-map FILT_RTS

Giuseppe Larosa · ‎06-14-2019

Hello Calob,

the router R1 needs to redistribute the static routes to 1.1.1.1 into OSPF so that the BGP next-hop of prefixes coming from ISP1 is resolved on RR devices and later can be reflected.

You have eBGP sessions on loopbacks and you have to take care of this.

The same has to be done on the router connected to ISP2 router.

>>An iBGP peer does not change the BGP next-hop when advertising a route received from an eBGP neighbor. So the external 1.1.1.1 is received on the two RRs and they have no route for this next-hop address.

R1:

ip prefix-list ISP1-BGP-NH permit 1.1.1.1/32

route-map STATIC-INTO-OSPF permit 10

match address prefix ISP1-BGP-NH

router ospf 1

redistribute static route-map STATIC-INTO-OSPF subnets

As an alternative R1 has to use next-hop self toward the two RR servers.

The same applies on the router connected to ISP2.

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎06-14-2019

Hello Calob,

the router R1 needs to redistribute the static routes to 1.1.1.1 into OSPF so that the BGP next-hop of prefixes coming from ISP1 is resolved on RR devices and later can be reflected.

You have eBGP sessions on loopbacks and you have to take care of this.

The same has to be done on the router connected to ISP2 router.

>>An iBGP peer does not change the BGP next-hop when advertising a route received from an eBGP neighbor. So the external 1.1.1.1 is received on the two RRs and they have no route for this next-hop address.

R1:

ip prefix-list ISP1-BGP-NH permit 1.1.1.1/32

route-map STATIC-INTO-OSPF permit 10

match address prefix ISP1-BGP-NH

router ospf 1

redistribute static route-map STATIC-INTO-OSPF subnets

As an alternative R1 has to use next-hop self toward the two RR servers.

The same applies on the router connected to ISP2.

Hope to help

Giuseppe

Calob · ‎06-15-2019

thank you so much Giuseppe Larosa, indeed redistributing the ISP next hop into OSPF helped me resolve this issue,

i have another question, now R3/R4 are getting two copies of the same update, what should i modify inorder to get only one update ?

BGP TABLE.PNG

Giuseppe Larosa · ‎06-15-2019

Hello Calob,

you have deployed two RR servers that use the same cluster-id, so all other iBGP clients receives two copies of each advertisement one reflected by RRS1 and one reflected by RRS2.

A single best path is chosen and the other path is a backup path.

This is not a problem or an issue. This is what you get when using two RR servers: redundancy in the control plane.

So the answer to your question

>> i have another question, now R3/R4 are getting two copies of the same update, what should i modify inorder to get only one update ?

Or you remove one RRS or you get two copies of the same update.

This is not a problem it is the real reason to deploy two RRS in the same cluster. I would make no changes to your network environment.

I can add that in some other contexts like MPLS L3 VPN we use different route distinguisher RD on PE nodes serving the same VRF customer site, in order to have the RRS to propagate two "copies" of each MPLS L3 VPN prefix (actually a VPNv4 prefix that is made by prepending the 64 bit RD to a 32 bit IPv4 prefix) in the backbone.

This is because each RRS propagates only the best path for the prefix.

The RRS adds two optional attributes to the reflected route that allows for safe loop free propagation:

The Originator ID: the BGP router-id of the iBGP client that injects the route in iBGP

if a BGP client receives an update with Originator-id = its own BGP router-id it will ignore it.

The Cluster List: it provides the history of reflection an update has gone through in the iBGP AS.

The Cluster List contains one or more Cluster-ids (or BGP router-id of RRS if cluster-id is not set).

The shortest Cluster List is preferred in best path choice, when a RRS receives an update that already contains its own Cluster-id in the Cluster List the update is ignored (this provides loop prevention)

So there is no problem with multiple copies of BGP updates. It is considered a redundancy feature.

Hope to help

Giuseppe

Calob · ‎06-18-2019

thank you so much sir for your clarification.

Georg Pauwen · ‎06-14-2019

Hello,

it is hard to tell from the partial configurations you have posted which networks you are actually announcing, and on which router. Can you post the running configs of all routers, in one comprehensive file per router, so we can lab this ?