07-06-2015 03:50 AM - edited 03-05-2019 01:48 AM
Hi,
Can anyone advise on the best practice/recommended method for creating iBGP peers between VRF's on different routers please?
I have two transit routers that are running a VRF to eBGP peer with our Internal network, and also eBGP peer out to an External network. The transit routers should also peer with each other via iBGP.
The current configuration for iBGP peering is using the local-as command to use the AS assigned to the VRF. This creates an eBGP peer relationship between the two transit routers, and they drop the prefixes advertised between each each other due to AS LOOP.
Config
Transit Router R1 router bgp 65000 ! address-family ipv4 vrf VRF_AS65200 neighbor IBGP_AS65200 peer-group neighbor IBGP_AS65200 local-as 65200 neighbor IBGP_AS65200 description IBGP to 65200 iBGP neighbor IBGP_AS65200 timers 3 10 neighbor IBGP_AS65200 send-community neighbor IBGP_AS65200 soft-reconfiguration inbound neighbor 172.25.84.102 remote-as 65200 neighbor 172.25.84.102 peer-group IBGP_AS65200 neighbor 172.25.84.102 fall-over neighbor 172.25.84.102 activate Transit Router R2 router bgp 65000 ! address-family ipv4 vrf VRF_AS65200 neighbor IBGP_AS65200 peer-group neighbor IBGP_AS65200 local-as 65200 neighbor IBGP_AS65200 description IBGP to 65200 iBGP neighbor IBGP_AS65200 timers 3 10 neighbor IBGP_AS65200 send-community neighbor IBGP_AS65200 soft-reconfiguration inbound neighbor 172.25.84.101 remote-as 65200 neighbor 172.25.84.101 peer-group IBGP_AS65200 neighbor 172.25.84.101 fall-over neighbor 172.25.84.101 activate
I tried forming the iBGP peering by removing the local-as parameter, but the neighborship fails to establish because without the local-as parameter, the routers advertise that their local AS is 65000 (global BGP process AS number).
I have successfully managed to establish the iBGP peering and exchange routing information by specifying the remote-as as 65000. When I check the AS Path on the upstream routers the AS Path looks correct. Although this works, this configuration seems a little strange in the fact that you need to specify the remote-as as the global AS process number, even though you want to peer on a different AS.
The other method that seems to work is to use route reflectors, but this seems pointless when the iBGP relationship is only between two peers.
I can't find anything in the support documentation that describes this issue and how to fix it, unless you are using IOS-XE.
Both routers are WS-C6506-E running s72033-ipservicesk9-mz.122-33.SXI4a.bin
Any help greatly appreciated.
Thanks,
Paul
07-06-2015 06:08 AM
Hi Paul
Can you try configuring a router-id under the vrf and see if that helps. i tried it on my simulation environment with the SXI4a release and i was able to see the iBGP neighborship come up.
PE1#sh ip bgp vpnv4 all sum
BGP router identifier 1.1.1.1, local AS number 100 <<<<<<<<
BGP table version is 9, main routing table version 9
2 network entries using 274 bytes of memory
2 path entries using 136 bytes of memory
4/2 BGP path/bestpath attribute entries using 640 bytes of memory
1 BGP rrinfo entries using 24 bytes of memory
1 BGP extended community entries using 40 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1114 total bytes of memory
BGP activity 5/3 prefixes, 5/3 paths, scan interval 15 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 100 13 9 9 0 0 00:06:54 2
192.168.10.2 4 100 11 12 9 0 0 00:00:22 0 <<<<<<<<<<<<<
PE1#
and i am using VRF on both sides.
CE1#sh ip bgp vpnv4 all sum
BGP router identifier 100.1.1.1, local AS number 100
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.10.1 4 100 10 9 1 0 0 00:04:07 0
CE1#
You might also want to read the below post by Luc in case the router-id doesn't help:
http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/117567-technote-ibgp-00.html
HTH
Vinit
07-06-2015 06:10 AM
I would also like to know what is the IOS version being used on both the routers. i see you are using SXI4a image on one side. is it the same on the other side as well.
07-06-2015 08:01 AM
Yes, it's the same IOS and hardware on both switches.
07-06-2015 08:04 AM
Config on CE: = = = = = = = CE1#sh run | s r b router bgp 100 no synchronization bgp log-neighbor-changes network 100.1.1.1 mask 255.255.255.255 no auto-summary ! address-family ipv4 vrf A neighbor 192.168.10.1 remote-as 100 neighbor 192.168.10.1 activate no synchronization network 100.1.1.1 mask 255.255.255.255 exit-address-family CE1# PE Config: = = = = = PE1#sh run | s r b router bgp 100 bgp router-id 1.1.1.1 no bgp default ipv4-unicast bgp log-neighbor-changes neighbor 2.2.2.2 remote-as 100 neighbor 2.2.2.2 update-source Loopback0 ! address-family vpnv4 neighbor 2.2.2.2 activate neighbor 2.2.2.2 send-community extended neighbor 2.2.2.2 next-hop-self exit-address-family ! address-family ipv4 vrf A neighbor 192.168.10.2 remote-as 100 neighbor 192.168.10.2 activate no synchronization exit-address-family
i just put a basic configuration. Could you please share the output of "show run vrf VRF_AS65200" in a file from both the routers.
08-11-2015 05:18 PM
Hi Vinit:
I have a situation whereby we are using a private AS and the provider is also using the same private AS.
Both sides cannot change their AS #'s. This is the key issue.
Is there any "hack" we can use to peer with each other via EBGP?
Tried the local-as feature on the cust rtr but no luck.
We are running BGP across a tunnel with VRF.
The provider cannot make any changes to their BGP policy.
Thx.
07-06-2015 08:01 AM
Hi Vinit,
On the production switches where I have the issue the bgp router-id is defined under the address family.
How have you configured the bgp peering, did you specify the remote-as for the neighbor?
Thanks,
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide