02-18-2017 05:47 PM - edited 03-05-2019 08:03 AM
I am using EBGP between PE and CE, and CE generate a default a route to PE. I am using "default-originate" on CE
But PE received this route but not selected. Could anyone help check? Thanks
I am using XRv platform to test this.
Configuration on PE:
RP/0/0/CPU0:Border#show running-config router bgp 65545 vrf FIA
Wed Feb 15 13:47:46.798 UTC
router bgp 65545
vrf FIA
rd 65545:1
address-family ipv4 unicast
!
neighbor 192.168.210.14
remote-as 3000
address-family ipv4 unicast
maximum-prefix 8 80
soft-reconfiguration inbound always
!
!
!
!
Configuration on CE:
RP/0/0/CPU0:ISP#show running-config router bgp 6000 neighbor 192.168.210.13
Wed Feb 15 12:56:51.030 UTC
router bgp 6000
neighbor 192.168.210.13
remote-as 65545
ebgp-multihop 1
local-as 3000
description Transit_Peer2
address-family ipv4 unicast
default-originate
soft-reconfiguration inbound always
!
!
!
The route is received on PE, but result is not selected, I don not know why....? This does not make sense...
RP/0/0/CPU0:Border#show bgp vrf FIA 0.0.0.0
Wed Feb 15 13:50:26.987 UTC
BGP routing table entry for 0.0.0.0/0, Route Distinguisher: 65545:1
Versions:
Process bRIB/RIB SendTblVer
Speaker 0 0
Last Modified: Feb 15 12:33:12.415 for 01:17:14
Paths: (1 available, no best path)
Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer
3000 6000, (received-only)
192.168.210.14 from 192.168.210.14 (10.127.224.7)
Origin IGP, localpref 100, valid, external
Received Path ID 0, Local Path ID 0, version 0
RP/0/0/CPU0:Border#show bgp vrf FIA neighbors 192.168.210.14 received routes
Wed Feb 15 13:52:32.769 UTC
BGP VRF FIA, state: Active
BGP Route Distinguisher: 65545:1
VRF ID: 0x60000003
BGP router identifier 10.127.224.4, local AS number 65545
BGP table state: Active
Table ID: 0xe0000012 RD version: 202
BGP main routing table version 202
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 65545:1 (default for vrf FIA)
* 0.0.0.0/0 192.168.210.14 0 3000 6000 i
Processed 1 prefixes, 1 paths
Solved! Go to Solution.
02-18-2017 06:13 PM
Hi,
In IOS-XR you need to apply an import and export policy to the EBGP neighbour:
route-policy PASS-ALL
pass
end-policy
Also do not forget to configure the ipv4 and vpnv4 address-family in the global BGP instance.
Cheers.
02-19-2017 08:09 AM
Hi
As Leonardo mentioned previously you need to set up a route-policy to allow the communication between the eBGP sessions, so your configuration should be:
PE
route-policy PASS
pass
end-policy
router bgp 65545
vrf FIA
rd 65545:1
address-family ipv4 unicast
!
neighbor 192.168.210.14
remote-as 3000
address-family ipv4 unicast
route-policy PASS in
route-policy PASS out
*****************
CE
route-policy PASS
pass
end-policy
router bgp 6000
address-family ipv4 unicast
neighbor 192.168.210.13
remote-as 65545
ebgp-multihop 1
local-as 3000
description Transit_Peer2
address-family ipv4 unicast
default-originate
route-policy PASS in
route-policy PASS out
* eBGP multihop is not required if you are using interface connected directly for you bgp adjacency. Also Im assuming you already have configured the VPN unicast.
External BGP (eBGP) neighbors must have an inbound and outbound policy configured. If no policy is configured, no routes are accepted from the neighbor, nor are any routes advertised to it. This added security measure ensures that routes cannot accidentally be accepted or advertised in the case of a configuration omission error.
Note This enforcement affects only eBGP neighbors (neighbors in a different autonomous system than this router). For internal BGP (iBGP) neighbors (neighbors in the same autonomous system), all routes are accepted or advertised if there is no policy.
In the following example, for an eBGP neighbor, if all routes should be accepted and advertised with no modifications, a simple pass-all policy is configured:
RP/0/RSP0/CPU0:router(config)# route-policy pass-all
RP/0/RSP0/CPU0:router(config-rpl)# pass
RP/0/RSP0/CPU0:router(config-rpl)# end-policy
RP/0/RSP0/CPU0:router(config)# commit
Hope it is useful
:-)
02-18-2017 06:13 PM
Hi,
In IOS-XR you need to apply an import and export policy to the EBGP neighbour:
route-policy PASS-ALL
pass
end-policy
Also do not forget to configure the ipv4 and vpnv4 address-family in the global BGP instance.
Cheers.
02-19-2017 08:09 AM
Hi
As Leonardo mentioned previously you need to set up a route-policy to allow the communication between the eBGP sessions, so your configuration should be:
PE
route-policy PASS
pass
end-policy
router bgp 65545
vrf FIA
rd 65545:1
address-family ipv4 unicast
!
neighbor 192.168.210.14
remote-as 3000
address-family ipv4 unicast
route-policy PASS in
route-policy PASS out
*****************
CE
route-policy PASS
pass
end-policy
router bgp 6000
address-family ipv4 unicast
neighbor 192.168.210.13
remote-as 65545
ebgp-multihop 1
local-as 3000
description Transit_Peer2
address-family ipv4 unicast
default-originate
route-policy PASS in
route-policy PASS out
* eBGP multihop is not required if you are using interface connected directly for you bgp adjacency. Also Im assuming you already have configured the VPN unicast.
External BGP (eBGP) neighbors must have an inbound and outbound policy configured. If no policy is configured, no routes are accepted from the neighbor, nor are any routes advertised to it. This added security measure ensures that routes cannot accidentally be accepted or advertised in the case of a configuration omission error.
Note This enforcement affects only eBGP neighbors (neighbors in a different autonomous system than this router). For internal BGP (iBGP) neighbors (neighbors in the same autonomous system), all routes are accepted or advertised if there is no policy.
In the following example, for an eBGP neighbor, if all routes should be accepted and advertised with no modifications, a simple pass-all policy is configured:
RP/0/RSP0/CPU0:router(config)# route-policy pass-all
RP/0/RSP0/CPU0:router(config-rpl)# pass
RP/0/RSP0/CPU0:router(config-rpl)# end-policy
RP/0/RSP0/CPU0:router(config)# commit
Hope it is useful
:-)
02-19-2017 12:43 PM
One more question.
Why in XR platform started designed like this.
IBGP peer does not need the policy
but EBGP peer needs this policy.
I agree normally EBGP peer normally need policy, at least for security reason.. But it really make people confuse. And I haven't find any CLI indicate me the route is not install in RIB because of there is a default "deny all" policy.
Hope to listen opinions from you :)
Thanks.
02-19-2017 05:14 PM
Hi,
Likely you can check this thru "show bgp trace" or "debug bgp <peer> in".
Cheers.
02-19-2017 10:43 AM
Thanks a lot
It works...
Not first time I make such mistake.....
The difference of route-policy between different vendors always confuse.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: