cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4975
Views
10
Helpful
6
Replies

iBGP Peering Between VRF's

paulstone80
Level 3
Level 3

Hi,

Can anyone advise on the best practice/recommended method for creating iBGP peers between VRF's on different routers please?

 

I have two transit routers that are running a VRF to eBGP peer with our Internal network, and also eBGP peer out to an External network. The transit routers should also peer with each other via iBGP.

 

The current configuration for iBGP peering is using the local-as command to use the AS assigned to the VRF. This creates an eBGP peer relationship between the two transit routers, and they drop the prefixes advertised between each each other due to AS LOOP.

 

Config

Transit Router R1
router bgp 65000
!
address-family ipv4 vrf VRF_AS65200
  neighbor IBGP_AS65200 peer-group
  neighbor IBGP_AS65200 local-as 65200
  neighbor IBGP_AS65200 description IBGP to 65200 iBGP
  neighbor IBGP_AS65200 timers 3 10
  neighbor IBGP_AS65200 send-community
  neighbor IBGP_AS65200 soft-reconfiguration inbound
  neighbor 172.25.84.102 remote-as 65200
  neighbor 172.25.84.102 peer-group IBGP_AS65200
  neighbor 172.25.84.102 fall-over
  neighbor 172.25.84.102 activate


Transit Router R2
router bgp 65000
!
address-family ipv4 vrf VRF_AS65200
  neighbor IBGP_AS65200 peer-group
  neighbor IBGP_AS65200 local-as 65200
  neighbor IBGP_AS65200 description IBGP to 65200 iBGP
  neighbor IBGP_AS65200 timers 3 10
  neighbor IBGP_AS65200 send-community
  neighbor IBGP_AS65200 soft-reconfiguration inbound
  neighbor 172.25.84.101 remote-as 65200
  neighbor 172.25.84.101 peer-group IBGP_AS65200
  neighbor 172.25.84.101 fall-over
  neighbor 172.25.84.101 activate

 

I tried forming the iBGP peering by removing the local-as parameter, but the neighborship fails to establish because without the local-as parameter, the routers advertise that their local AS is 65000 (global BGP process AS number).

I have successfully managed to establish the iBGP peering and exchange routing information by specifying the remote-as as 65000. When I check the AS Path on the upstream routers the AS Path looks correct. Although this works, this configuration seems a little strange in the fact that you need to specify the remote-as as the global AS process number, even though you want to peer on a different AS.

 

The other method that seems to work is to use route reflectors, but this seems pointless when the iBGP relationship is only between two peers.

 

I can't find anything in the support documentation that describes this issue and how to fix it, unless you are using IOS-XE.

 

Both routers are WS-C6506-E running s72033-ipservicesk9-mz.122-33.SXI4a.bin

 

Any help greatly appreciated.

 

Thanks,

 

Paul

HTH Paul ****Please rate useful posts****
6 Replies 6

Vinit Jain
Cisco Employee
Cisco Employee

Hi Paul

Can you try configuring a router-id under the vrf and see if that helps. i tried it on my simulation environment with the SXI4a release and i was able to see the iBGP neighborship come up.

PE1#sh ip bgp vpnv4 all sum
BGP router identifier 1.1.1.1, local AS number 100 <<<<<<<<
BGP table version is 9, main routing table version 9
2 network entries using 274 bytes of memory
2 path entries using 136 bytes of memory
4/2 BGP path/bestpath attribute entries using 640 bytes of memory
1 BGP rrinfo entries using 24 bytes of memory
1 BGP extended community entries using 40 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1114 total bytes of memory
BGP activity 5/3 prefixes, 5/3 paths, scan interval 15 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2.2.2.2         4         100      13       9        9    0    0 00:06:54        2
192.168.10.2    4         100      11      12        9    0    0 00:00:22        0  <<<<<<<<<<<<<
PE1#

and i am using VRF on both sides.

CE1#sh ip bgp vpnv4 all sum
BGP router identifier 100.1.1.1, local AS number 100
BGP table version is 1, main routing table version 1

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.10.1    4         100      10       9        1    0    0 00:04:07        0
CE1#

You might also want to read the below post by Luc in case the router-id doesn't help:

http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/117567-technote-ibgp-00.html

HTH

Vinit

Thanks
--Vinit

I would also like to know what is the IOS version being used on both the routers. i see you are using SXI4a image on one side. is it the same on the other side as well.

 

Thanks
--Vinit

Yes, it's the same IOS and hardware on both switches.

HTH Paul ****Please rate useful posts****

Config on CE:
= = = = = = = 
CE1#sh run | s r b
router bgp 100
 no synchronization
 bgp log-neighbor-changes
 network 100.1.1.1 mask 255.255.255.255
 no auto-summary
 !
 address-family ipv4 vrf A
  neighbor 192.168.10.1 remote-as 100
  neighbor 192.168.10.1 activate
  no synchronization
  network 100.1.1.1 mask 255.255.255.255
 exit-address-family
CE1#


PE Config:
= = = = = 
PE1#sh run | s r b
router bgp 100
 bgp router-id 1.1.1.1
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 100
 neighbor 2.2.2.2 update-source Loopback0
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community extended
  neighbor 2.2.2.2 next-hop-self
 exit-address-family
 !
 address-family ipv4 vrf A
  neighbor 192.168.10.2 remote-as 100
  neighbor 192.168.10.2 activate
  no synchronization
 exit-address-family

i just put a basic configuration. Could you please share the output of "show run vrf VRF_AS65200" in a file from both the routers.

Thanks
--Vinit

Hi Vinit:

I have a situation whereby we are using a private AS and the provider is also using the same private AS.

 

Both sides cannot change their AS #'s. This is the key issue.

 

Is there any "hack" we can use to peer with each other via EBGP?

 

Tried the local-as feature on the cust rtr but no luck.

 

We are running BGP across a tunnel with VRF.

 

The provider cannot make any changes to their BGP policy.

 

Thx.

Hi Vinit,

 

On the production switches where I have the issue the bgp router-id is defined under the address family.

 

How have you configured the bgp peering, did you specify the remote-as for the neighbor?  

 

Thanks,

Paul

HTH Paul ****Please rate useful posts****
Review Cisco Networking for a $25 gift card