cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2292
Views
50
Helpful
16
Replies

Forward iBGP VPNv4 routes from PE to VRF of CE

lukassgg
Level 1
Level 1

Good Morning, 

We're having troubles redistributing routes learned over iBGP VPNv4 from a PE to the VRF Customer1 of a connected CE.

The PE (XR3) receives the IPv4 route 10.2.0.0/24 over iBGP VPNv4 from the RR (2011::1):

OS is Cisco IOS XR.

RP/0/RP0/CPU0:XR3#show bgp vpnv4 unicast neighbors 2011::1 routes
Fri Dec 2 08:27:45.456 UTC
BGP router identifier 3.3.3.3, local AS number 65000
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0 RD version: 0
BGP main routing table version 7321
BGP NSR Initial initsync version 2 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf Customer1)
*>i10.2.0.0/24 2015::1 100 0 64700 i
Processed 1 prefixes, 1 paths

But the PE (XR3) doesn't forward this route 10.2.0.0/24 to the VRF Customer1 of the, over eBGP connected, CE (10.36.0.2):

RP/0/RP0/CPU0:XR3#show bgp vrf Customer1 ipv4 unicast neighbors 10.36.0.2 advertised-routes
Fri Dec 2 08:31:35.239 UTC
RP/0/RP0/CPU0:XR3#

We're running dualstack (IPv4, IPv6) and the PE receives the IPv6 route fd00:a::/112 from our RR.

RP/0/RP0/CPU0:XR3#show bgp vpnv6 unicast neighbors 2011::1 routes
Fri Dec 2 08:55:51.047 UTC
BGP router identifier 3.3.3.3, local AS number 65000
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0 RD version: 0
BGP main routing table version 56
BGP NSR Initial initsync version 1 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf Customer1)
*>ifd00:a::/112 2015::1 100 0 64700 i
Processed 1 prefixes, 1 paths

And also forwards this IPv6 route fd00:a::/112 to to VRF for our CE.

RP/0/RP0/CPU0:XR3#show bgp vrf Customer1 ipv6 unicast neighbors 2001:db8:36::6 advertised-routes
Fri Dec 2 08:57:15.310 UTC
Network Next Hop From AS Path
Route Distinguisher: 1:1 (default for vrf Customer1)
fd00:a::/112 2001:db8:36::3 2011::1 65000 64700i
Processed 1 prefixes, 1 paths

So I'm assuming we're probably missing something in the BGP IPv4 unicast settings of our PE (XR3), that doesn't forward the route 10.2.0.0/24 to our VRF Customer1 of the CE. 

This is our PE (XR3) BGP configuration:

RP/0/RP0/CPU0:XR3#show run | begin bgp
Fri Dec 2 08:39:03.632 UTC
Building configuration...
router bgp 65000
bgp router-id 3.3.3.3
address-family ipv4 unicast
!
address-family vpnv4 unicast
!
address-family ipv6 unicast
!
address-family vpnv6 unicast
segment-routing srv6
locator MAIN
!
neighbor 2011::1 (This is the Route Reflector)
remote-as 65000
update-source Loopback0
address-family vpnv4 unicast
!
address-family vpnv6 unicast
!
vrf Customer1
rd 1:1
address-family ipv4 unicast
!
address-family ipv6 unicast
segment-routing srv6
alloc mode per-ce
!
neighbor 10.36.0.2 (This is our CE IPv4)
remote-as 64800
update-source GigabitEthernet0/0/0/4
address-family ipv4 unicast
route-policy pass in
route-policy pass out
next-hop-self
!
neighbor 2001:db8:36::6 (This is our CE IPv6)
remote-as 64800
update-source GigabitEthernet0/0/0/4
address-family ipv6 unicast
route-policy pass in
route-policy pass out
next-hop-self




Thanks for any help in advance.

edit:

BGP IPv4 unicast- and BGP IPv6 unicast-peering is established between PE (XR3) and CE.

RP/0/RP0/CPU0:XR3#show bgp vrf Customer1 ipv4 unicast neighbors brief
Fri Dec 2 09:13:38.275 UTC
Neighbor Spk AS Description Up/Down NBRState
10.36.0.2 0 64800 1d18h Established


RP/0/RP0/CPU0:XR3#show bgp vrf Customer1 ipv6 unicast neighbors brief
Fri Dec 2 09:14:49.187 UTC
Neighbor Spk AS Description Up/Down NBRState
2001:db8:36::6 0 64800 1d18h Established

Global VRF Config on PE (XR3):

RP/0/RP0/CPU0:XR3#show run vrf
Fri Dec 2 09:21:42.584 UTC
vrf Customer1
address-family ipv4 unicast
import route-target
1:1
export route-target
1:1
address-family ipv6 unicast
import route-target
1:1
export route-target
1:1
1 Accepted Solution

Accepted Solutions

Harold Ritter
Level 12
Level 12

Hi @lukassgg ,

You are missing a few configuration statements for VPNv4 to work properly. You have them configured for VPNv6 that is why the ipv6 routes are passed to the CE without a problem.

router bgp 65000

address-family vpnv4 unicast

segment-routing srv6

locator MAIN

!

vrf Customer1

rd 1:1

address-family ipv4 unicast

segment-routing srv6

alloc mode per-ce

!

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

16 Replies 16

@Harold Ritter get the issue.

Harold Ritter
Level 12
Level 12

Hi @lukassgg ,

You are missing a few configuration statements for VPNv4 to work properly. You have them configured for VPNv6 that is why the ipv6 routes are passed to the CE without a problem.

router bgp 65000

address-family vpnv4 unicast

segment-routing srv6

locator MAIN

!

vrf Customer1

rd 1:1

address-family ipv4 unicast

segment-routing srv6

alloc mode per-ce

!

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hi @Harold Ritter ,

thank you very much for your response. 

I implemented your changes, but unfortunately there are still no routes being advertised from PE (XR3) to the VRF of our CE.

RP/0/RP0/CPU0:XR3#show run | begin bgp
Fri Dec 2 14:15:19.261 UTC
Building configuration...
router bgp 65000
bgp router-id 3.3.3.3
address-family ipv4 unicast
!
address-family vpnv4 unicast
segment-routing srv6
locator MAIN
!
address-family ipv6 unicast
!
address-family vpnv6 unicast
segment-routing srv6
locator MAIN
!
neighbor 2011::1
remote-as 65000
update-source Loopback0
address-family vpnv4 unicast
!
address-family vpnv6 unicast
!
vrf Customer1
rd 1:1
address-family ipv4 unicast
segment-routing srv6
alloc mode per-ce
!
address-family ipv6 unicast
segment-routing srv6
alloc mode per-ce
!
neighbor 10.36.0.2
remote-as 64800
update-source GigabitEthernet0/0/0/4
address-family ipv4 unicast
route-policy pass in
route-policy pass out
next-hop-self
!
neighbor 2001:db8:36::6
remote-as 64800
update-source GigabitEthernet0/0/0/4
address-family ipv6 unicast
route-policy pass in
route-policy pass out
next-hop-self



RP/0/RP0/CPU0:XR3#show bgp vrf Customer1 ipv4 unicast neighbors 10.36.0.2 advertised-routes
Fri Dec 2 14:19:12.968 UTC
RP/0/RP0/CPU0:XR3#

Looking forward to your response.

does BGP have active session to this neighbor ?
I see you use g0/0/4 as update source for both address family IPv4 and IPv6 ?

I @MHM Cisco World ,

Here's the output that was given in the original post, showing that both IPv6 and IPv4 neighbours are up.

RP/0/RP0/CPU0:XR3#show bgp vrf Customer1 ipv4 unicast neighbors brief
Fri Dec 2 09:13:38.275 UTC
Neighbor Spk AS Description Up/Down NBRState
10.36.0.2 0 64800 1d18h Established


RP/0/RP0/CPU0:XR3#show bgp vrf Customer1 ipv6 unicast neighbors brief
Fri Dec 2 09:14:49.187 UTC
Neighbor Spk AS Description Up/Down NBRState
2001:db8:36::6 0 64800 1d18h Established

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

If you mean the eBGP session between PE (XR3) and CE then yes. 

RP/0/RP0/CPU0:XR3#show bgp vrf Customer1 ipv4 unicast neighbors brief
Fri Dec 2 14:38:19.869 UTC
Neighbor Spk AS Description Up/Down NBRState
10.36.0.2 0 64800 2d00h Established

Yes, we use the same interface for IPv4- and IPv6-BGP peering.
We wanted both IPv4 and IPv6 peering between PE and CE.

you meaning G0/0/4 is dual stacking ?

Yes.

Hi @lukassgg ,

Can you post the output for the following commands:

sh bgp vpnv4 unicast vrf Customer1 10.2.0.0/24

sh bgp vrf Customer1 ipv4 uni 10.2.0.0/24

show route vrf Customer1 10.2.0.0/24

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

RP/0/RP0/CPU0:XR3#show bgp vpnv4 unicast vrf Customer1 10.2.0.0/24
Fri Dec 2 14:48:39.245 UTC
BGP routing table entry for 10.2.0.0/24, Route Distinguisher: 1:1
Versions:
Process bRIB/RIB SendTblVer
Speaker 387345 387345
Last Modified: Dec 2 14:48:07.458 for 00:00:31
Paths: (1 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer
64700
2015::1 (metric 10) from 2011::1 (5.5.5.5)
Received Label 24000
Origin IGP, localpref 100, valid, internal, best, group-best, import-candidate, imported
Received Path ID 0, Local Path ID 1, version 387345
Extended community: RT:1:1
Originator: 5.5.5.5, Cluster list: 1.1.1.1
Source AFI: VPNv4 Unicast, Source VRF: Customer1, Source Route Distinguisher: 1:1

RP/0/RP0/CPU0:XR3#show bgp vrf Customer1 ipv4 unicast
Fri Dec 2 14:49:53.833 UTC
BGP VRF Customer1, state: Active
BGP Route Distinguisher: 1:1
VRF ID: 0x60000003
BGP router identifier 3.3.3.3, local AS number 65000
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000003 RD version: 387345
BGP main routing table version 387345
BGP NSR Initial initsync version 2 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf Customer1)
r>i10.2.0.0/24 2015::1 100 0 64700 i
*> 10.6.0.1/32 10.36.0.2 0 0 64800 i
Processed 2 prefixes, 2 paths

RP/0/RP0/CPU0:XR3#show route vrf Customer1 10.2.0.0/24
Fri Dec 2 14:50:56.965 UTC
% Network not in table

Hi @lukassgg ,

10.2.0.0/24 has a RIB failure condition, but this route is not present in the RIB. What IOS-XR version are you running and on what platform?

Can you do a

clear bgp vpnv4 uni * soft in

and see if it clears the RIB failure condition?

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

r>i10.2.0.0/24 2015::1 100 0 64700 i <<--

@Harold Ritter  mention the route is rib failure, and I see Not advertised to any peer

which can cause of rib failure route.

the interesting point here the next-hop, 
we talk about IPv4 but the next-hop is IPv6.

so I think the source of this issue is from the origin of this route. 

Hi @lukassgg ,

Can you check the originating PE (5.5.5.5) to make sure that it is not missing the SRv6 configuration statements like XR3 did?

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hi @Harold Ritter 

You're so right, I totally forgot about that.
I added the missing SRv6 configuration on the other PE called XR5 and it seems to work.

The PE (XR3) now advertises the network 10.2.0.0/24 to the CE1

RP/0/RP0/CPU0:XR3#show bgp vrf Customer1 ipv4 unicast neighbors 10.36.0.2 advertised-routes
Fri Dec 2 18:01:38.960 UTC
Network Next Hop From AS Path
Route Distinguisher: 1:1 (default for vrf Customer1)
10.2.0.0/24 10.36.0.1 2011::1 65000 64700i
Processed 1 prefixes, 1 paths

No RIB-failure message anymore.

And the route 10.2.0.0/24 is even visible on the CE1.

CE1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 192.168.123.1 to network 0.0.0.0

S* 0.0.0.0/0 [254/0] via 192.168.123.1
10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
B 10.2.0.0/24 [20/0] via 10.36.0.1, 00:29:07
C 10.6.0.1/32 is directly connected, Loopback0
C 10.36.0.0/30 is directly connected, GigabitEthernet2
L 10.36.0.2/32 is directly connected, GigabitEthernet2
192.168.123.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.123.0/24 is directly connected, GigabitEthernet1
L 192.168.123.173/32 is directly connected, GigabitEthernet1

Likewise the route to the network on CE1 10.6.0.1/32 is now also being advertised from the other PE (XR5) to the other CE device.

RP/0/RP0/CPU0:XR5#show bgp vrf Customer1 ipv4 unicast neighbors 10.101.10.10 advertised-routes
Fri Dec 2 18:06:00.014 UTC
Network Next Hop From AS Path
Route Distinguisher: 1:1 (default for vrf Customer1)
10.6.0.1/32 10.101.10.5 2011::1 65000 64800i
Processed 1 prefixes, 1 paths

Thank you so much

Review Cisco Networking for a $25 gift card