Solved: Re: Problem with community BGP - Page 2

axelhauguel · ‎07-05-2021

Hello,

I'll explain the situation to you:

I have a cisco router at the heart of the network, and I provide transit to some clients via BGP.

The problem is that some of my customers sometimes advertise their prefixes to me, and sometimes through another transit. My router is re-advertising the route coming from my forwarder since my client's prefix is in my prefix list.

I want to work around this problem by applying a BGP community to all the prefixes I get from my downstreams, and in my "prefix-list" that I send to my forwarders, I would like to "match this BGP community".

Session BGP Downstream (it's a customer):

  template peer NBRGRP-AS212815FRR-CUST-V6
    remote-as 212815
    remove-private-as
    address-family ipv6 unicast
      send-community
      route-map RPL-AS212815FRR-CUST-IN-V6 in
      route-map RPL-AS212815FRR-CUST-OUT-V6 out
      maximum-prefix 20
      next-hop-self
      soft-reconfiguration inbound always

route-map RPL-AS212815FRR-CUST-IN-V6 permit 100
  description "FRR Dyjix"
  match ipv6 address prefix-list PFX-AS212815FRR-IRR-V6

route-map RPL-AS212815FRR-CUST-OUT-V6 permit 100

I want to apply 100:999 community and not announce this community to peers, because it's a private community.

Can you help me and write config ?

I'have tested lot of things and prefixes are rejected if I apply "set community 100:999 no-export" in "IN" of route map.

edge01.par9k(config-route-map)# sh ipv6 bgp neighbors 2a10:4640:1::3 received-routes 

Peer 2a10:4640:1::3 routes for address family IPv6 Unicast:
BGP table version is 4949750, Local Router ID is 193.38.250.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2

   Network            Next Hop            Metric     LocPrf     Weight Path
* i2a0c:b641:140::/44 2a10:4640:1:cafe::22
                                                        100          0 211448 i
* i2a10:4646:10::/48  2a10:4640:1:cafe::18
                                               0        100          0 212124 i
* i2a10:4646:11::/48  2a10:4640:1:cafe::12
                                               0        100          0 212106 i
* i2a10:4646:15::/48  2a10:4640:1:cafe::16
                                               0        100          0 212066 i
* i2a10:4646:16::/48  2a10:4640:1:cafe::17
                                               0        100          0 212022 i
* i2a10:4646:60::/44  2a10:4640:1:cafe::12
                                               0        100          0 212106 i
* i2a10:4646:70::/44  2a10:4640:1:cafe::1e
                                               0        100          0 211405 i
* i2a10:4646:90::/44  2a10:4640:1:cafe::1f
                                               0        100          0 211374 i
* i2a10:4647::/48     2a10:4640:1:cafe::13
                                               0        100          0 50046 i
* i2a10:4647:1::/48   2a10:4640:1:cafe::13
                                               0        100          0 50046 i
* i2a10:4647:2::/48   2a10:4640:1:cafe::13
                                               0        100          0 50046 i

edge01.par9k(config-route-map)# no set community 100:999 no-export

edge01.par9k(config-route-map)# sh ipv6 bgp neighbors 2a10:4640:1::3 received-routes 

Peer 2a10:4640:1::3 routes for address family IPv6 Unicast:
BGP table version is 4949814, Local Router ID is 193.38.250.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2

   Network            Next Hop            Metric     LocPrf     Weight Path
*>i2a0c:b641:140::/44 2a10:4640:1:cafe::22
                                                        100          0 211448 i
*>i2a10:4646:10::/48  2a10:4640:1:cafe::18
                                               0        100          0 212124 i
*>i2a10:4646:11::/48  2a10:4640:1:cafe::12
                                               0        100          0 212106 i
*>i2a10:4646:15::/48  2a10:4640:1:cafe::16
                                               0        100          0 212066 i
*>i2a10:4646:16::/48  2a10:4640:1:cafe::17
                                               0        100          0 212022 i
*>i2a10:4646:60::/44  2a10:4640:1:cafe::12
                                               0        100          0 212106 i
*>i2a10:4646:70::/44  2a10:4640:1:cafe::1e
                                               0        100          0 211405 i
*>i2a10:4646:90::/44  2a10:4640:1:cafe::1f
                                               0        100          0 211374 i
*>i2a10:4647::/48     2a10:4640:1:cafe::13
                                               0        100          0 50046 i
*>i2a10:4647:1::/48   2a10:4640:1:cafe::13
                                               0        100          0 50046 i
*>i2a10:4647:2::/48   2a10:4640:1:cafe::13
                                               0        100          0 50046 i

Thanks

Axel

Harold Ritter · ‎07-12-2021

Not sure if it is a cosmetic bug or the intended behavior, but I have reproduced the exact same behavior with IOS.

So when the "soft-reconfiguration inbound" is configured and that the path is unaltered (no inbound policy changing the path)

the command "show ip bgp nei x.x.x.x received-routes" will show the route as best with the ">".

but if the path has been altered with an inbound policy (in your case to add a community)

the command "show ip bgp nei x.x.x.x received-routes" will not show the route as best with the ">",

but "show ip bgp nei x.x.x.x routes" will.

I would definitely recommend always using the latter then.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Giuseppe Larosa · ‎07-13-2021

Hello @axelhauguel ,

it is really strange that the two commands provide a different output .

I'm not able to provide an explanation for this .

However, to verify if the prefix is installed and advertised to someone I would use

show ip bgp <prefix>

IF you see the prefix labeled as best with > and advertised to someone you are fine.

If your device has some memory issues it may take time to update the output of the command related to soft-reconfiguration inbound . So it can provide old information or wrong information if it is not possible to store both the unfiltered version and the filtered version of the prefixes . But this is just a guess.

Edit:

as suggested by @Harold Ritter you should use the route refresh capability instead to save on used memory. This should be automatically negotiated at BGP session setup. If I correctly remember you don't need an explicit command to enable it.

To verify it you can look at the output of show ip bgp neighbors among the capabilities advertised and received.

Hope to help

Giuseppe

axelhauguel · ‎07-13-2021

Hello,

Thanks for feedback.

However, to verify if the prefix is installed and advertised to someone I would use

show ip bgp <prefix>

IF you see the prefix labeled as best with > and advertised to someone you are fine.

Is it 100% reliable? Because for example, for facebook, some prefixes do not seem to go through the best path .. as if the path was not in the forwarding table.

@Giuseppe Larosa wrote:

If your device has some memory issues it may take time to update the output of the command related to soft-reconfiguration inbound . So it can provide old information or wrong information if it is not possible to store both the unfiltered version and the filtered version of the prefixes . But this is just a guess.

edge01.par9k# sh resource 

     Resource                   Min       Max       Used      Unused    Avail    
     --------                   ---       ---       ----      ------    -----    
     vlan                       16        4094      23        0         4071     
     vrf                        2         4096      2         0         4094     
     port-channel               0         511       1         0         510      
     u4route-mem                768       768       130       638       638      
     u6route-mem                512       512       34        478       478      
     m4route-mem                58        58        1         57        57       
     m6route-mem                8         8         1         7         7        

edge01.par9k# sh system resources 
Load average:   1 minute: 0.30   5 minutes: 0.43   15 minutes: 0.44
Processes   :   711 total, 3 running
CPU states  :   2.77% user,   2.10% kernel,   95.11% idle
        CPU0 states  :   1.05% user,   5.26% kernel,   93.68% idle
        CPU1 states  :   2.04% user,   6.12% kernel,   91.83% idle
        CPU2 states  :   1.03% user,   2.06% kernel,   96.90% idle
        CPU3 states  :   1.03% user,   1.03% kernel,   97.93% idle
        CPU4 states  :   3.00% user,   5.00% kernel,   92.00% idle
        CPU5 states  :   13.13% user,   2.02% kernel,   84.84% idle
        CPU6 states  :   4.00% user,   0.00% kernel,   96.00% idle
        CPU7 states  :   1.00% user,   0.00% kernel,   99.00% idle
        CPU8 states  :   0.00% user,   0.00% kernel,   100.00% idle
        CPU9 states  :   5.94% user,   0.99% kernel,   93.06% idle
        CPU10 states  :   0.99% user,   0.00% kernel,   99.00% idle
        CPU11 states  :   1.00% user,   1.00% kernel,   98.00% idle
Memory usage:   65808192K total,   9941048K used,   55867144K free
Current memory status: OK
edge01.par9k#

I'have lot of memory available.. So I don't really understand.

as suggested by @Harold Ritter you should use the route refresh capability instead to save on used memory. This should be automatically negotiated at BGP session setup. If I correctly remember you don't need an explicit command to enable it.

Does this mean that I would have to stop and restart the BGP session if I make any changes to the route-map?

Thanks for help,

Axel

axelhauguel · ‎07-14-2021

Hello,

Today i'have add "set community 999:100 additive" to route-map IN of another neighbor, network always ping but all commands return prefix is not the best.

edge01.par9k(config-route-map)# sh ip bgp neighbors 185.171.202.230 routes received 

Peer 185.171.202.230 routes for address family IPv4 Unicast:
BGP table version is 28303847, Local Router ID is 193.38.250.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2

   Network            Next Hop            Metric     LocPrf     Weight Path
* e5.8.249.0/24       185.171.202.230          0                     0 211492 i

edge01.par9k(config-route-map)# sh bgp ip unicast 5.8.249.0/24
BGP routing table information for VRF default, address family IPv4 Unicast
BGP routing table entry for 5.8.249.0/24, version 28303228
Paths: (2 available, best #1)
Flags: (0x08001a) (high32 00000000) on xmit-list, is in urib, is best urib route, is in HW

  Advertised path-id 1
  Path type: external, path is valid, is best path, no labeled nexthop, in rib
  AS-Path: 211492 , path sourced external to AS
    185.171.202.230 (metric 0) from 185.171.202.230 (5.8.249.1)
      Origin IGP, MED 0, localpref 100, weight 0
      Community: 999:100 

  Path type: external, path is valid, received only, no labeled nexthop
  AS-Path: 211492 , path sourced external to AS
    185.171.202.230 (metric 0) from 185.171.202.230 (5.8.249.1)
      Origin IGP, MED 0, localpref 100, weight 0

  Path-id 1 advertised to peers:
    37.49.236.63       37.49.236.118      37.49.236.174      37.49.236.250  
    37.49.236.251      37.49.237.65       37.49.237.166      37.49.237.176  
    100.64.70.5        185.171.202.199    185.171.202.204    185.171.202.227

edge01.par9k(config-route-map)# sh ip bgp neighbors 185.171.202.230 received-routes 

Peer 185.171.202.230 routes for address family IPv4 Unicast:
BGP table version is 28304000, Local Router ID is 193.38.250.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2

   Network            Next Hop            Metric     LocPrf     Weight Path
* e5.8.249.0/24       185.171.202.230          0                     0 211492 i

edge01.par9k(config-route-map)#

What do you think about that ?

Thanks

Harold Ritter · ‎07-14-2021

Hi Axel,

You can't rely on either the "routes received" nor "received-routes", as both variations of the "show ip bgp neighbor" command use the "soft-reconfiguration inbound" feature and as discussed yesterday, there seems to be an issue with these commands not indicating that the path is best (">") when the received path has been altered. I would recommend the "show ip bgp neighbor x.x.x.x routes" instead.

The following command also indicates that this path is the best:

edge01.par9k(config-route-map)# sh bgp ip unicast 5.8.249.0/24
BGP routing table information for VRF default, address family IPv4 Unicast
BGP routing table entry for 5.8.249.0/24, version 28303228
Paths: (2 available, best #1)
Flags: (0x08001a) (high32 00000000) on xmit-list, is in urib, is best urib route, is in HW

  Advertised path-id 1
  Path type: external, path is valid, is best path, no labeled nexthop, in rib
  AS-Path: 211492 , path sourced external to AS
    185.171.202.230 (metric 0) from 185.171.202.230 (5.8.249.1)
      Origin IGP, MED 0, localpref 100, weight 0
      Community: 999:100

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

axelhauguel · ‎07-14-2021

Hi Harold,

Thanks a lot.

I'have added community for each peers.

But I can't delete community on OUT route-map.

Can you tell me how to do it ?

set community delete 11 (COMMAND NOT EXIST)

edge01.par9k(config-route-map)# set community ?
  additive           Add to existing community
  graceful-shutdown  Graceful Shutdown (well-known community)
  internet           Internet (well-known community)
  local-AS           Do not send outside local AS (well-known community)
  no-advertise       Do not advertise to any peer (well-known community)
  no-export          Do not export to next AS (well-known community)
  none               No community attribute
  ASN2:NN            Community number aa:nn format

edge01.par9k(config-route-map)#

If you can tell me soon as possible please, because i'am worried to have bad routing with sending private community.

Reminder settings for you :

was set up :

ip community-list standard 11 seq 10 permit 999:100 

route-map RPL-AS51706-TRANSIT-OUT-V4 permit 100
  match ip address prefix-list PFX-AS212815-IRR-V4

Spoiler

I'have also tested with (not working) :

route-map RPL-AS51706-TRANSIT-OUT-V4 permit 100
  match ip address prefix-list PFX-AS212815-IRR-V4 
  set comm-list 11  delete

axelhauguel · ‎07-14-2021

Sorry, it works.

Thanks a lot for your help, all team. 🥰

@Harold Ritter @Giuseppe Larosa @MHM Cisco World

Giuseppe Larosa · ‎07-15-2021

Hello @axelhauguel ,

nice to know that now it is working.

I have suggested a command on the fly and my memory failed to provide the correct syntax.

I usually check at least a command reference before suggesting. This time I didn't. I apologize for that.

set comm-list 11 delete is the right one. But you are smart and you have found it by yourself.

By the way, if you ping a BGP network it is installed in the IP routinga table and only the best path is installed.

As Harold has noted the IOS XR version of the command

sh bgp ip unicast 5.8.249.0/24

tells the path is best.

Hope to help

Giuseppe

MHM Cisco World · ‎07-14-2021

can you draw topology if you can?