Solved: Re: MP BGP flapping

Mitii · ‎08-10-2020

There is an MPLS VPN network of about 30 routers (Cisco and Mikrotik) in the attachment simplified network diagram. 2-a Route Reflector on Cisco 3845. OSPF, BGP, and MP BGP are deployed.

Two problems have recently emerged:

if the connection between (10.40.254.217) and (10.40.254.213) is lost, the MP BGP session starts flapping between RR and (10.40.254.213) with a timeout of 180 seconds;
RR is involved in the transfer of traffic. If you make a new Import / export RT on RR in one of the vrfs, the MP BGP flapping session starts between RR and (10.40.254.213) with a timeout of 180 seconds.

OSPF, LDP, BGP VPNv4 tables are all normal, pings are stable.

It helps to disable the LDP interface on Mikrotik (10.40.254.213) and enable it after the MP BGP session is established.

Tried changing OS, changing MSS. Not help.

It seems that the problems are related. Can someone help?

Mitii · ‎08-12-2020

Changing the MTU in the network section (OSPF in the diagram) helped. There were MPLS MTU 1500, L3 MTU 1484. Became MPLS MTU 1530, L3 MTU 1500. Although the previous values work fine on other parts of the network.

Thanks everyone.

View solution in original post

Giuseppe Larosa · ‎08-10-2020

Hello @Mitii ,

are you using loopback interfaces as MP BGP endpoints ?

Because that is a requirement for a working MPLS L3 VPN service.

if you are using loopback interfaces as BGP router-ids OSPF RIDS and MPLS LDP RIDS (the same loopback on the same node for all three RIDs) is another best practice.

Each PE node should have two backbone facing interfaces with MPLS enabled on it.

Also avoid to have an MPLS enabled path with the same OSPF cost of a not enabled MPLS path Cisco routers are not able to discriminate and they attempt to load balance over them breaking L3 VPN connectivity.

>> it helps to disable the LDP interface on Mikrotik (10.40.254.213) and enable it after the MP BGP session is established.

it is strange what you see in your tests.

Hope to help

Giuseppe

Mitii · ‎08-10-2020

Thank you for your quick response.

Yes, i use loopback for OSPF, LDP, MP BGP.

Also, LDP is enabled on all interfaces that are in Global OSPF.

Very strange. And what to do is unclear.

paul driver · ‎08-10-2020

Hello
Just to confirm you have a ibgp peering between the RR's with client to client reflection disabled for the RRC's, And the RRC's are NOT meshed to each other correct?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Mitii · ‎08-10-2020

Thank you for your quick response.

Yes, configuration from RR-1 (10.40.254.240):

router bgp 65040

bgp cluster-id 1

neighbor 10.40.254.213 remote-as 65040 (This Is RR Client)
neighbor 10.40.254.213 password xxx
neighbor 10.40.254.213 update-source Loopback40

neighbor 10.40.254.239 remote-as 65040 (This Is RR-2)
neighbor 10.40.254.239 password xxx
neighbor 10.40.254.239 update-source Loopback40

address-family vpnv4

neighbor 10.40.254.213 activate
neighbor 10.40.254.213 route-reflector-client

neighbor 10.40.254.239 activate

On RR-2 same configuration.

RRC's have iBGP connectivity only with RR-1 and RR-2.

Georg Pauwen · ‎08-11-2020

Hello,

do you have the full configs of the devices in your simplified diagram ? So we can lab this ?

Mitii · ‎08-11-2020

Thank you.

Sure. Can try.

But we must remember that there is no such problem with other routers.

Mitii · ‎08-12-2020

Changing the MTU in the network section (OSPF in the diagram) helped. There were MPLS MTU 1500, L3 MTU 1484. Became MPLS MTU 1530, L3 MTU 1500. Although the previous values work fine on other parts of the network.

Thanks everyone.