Solved: Problem with community BGP

axelhauguel · ‎07-05-2021

Hello,

I'll explain the situation to you:

I have a cisco router at the heart of the network, and I provide transit to some clients via BGP.

The problem is that some of my customers sometimes advertise their prefixes to me, and sometimes through another transit. My router is re-advertising the route coming from my forwarder since my client's prefix is in my prefix list.

I want to work around this problem by applying a BGP community to all the prefixes I get from my downstreams, and in my "prefix-list" that I send to my forwarders, I would like to "match this BGP community".

Session BGP Downstream (it's a customer):

  template peer NBRGRP-AS212815FRR-CUST-V6
    remote-as 212815
    remove-private-as
    address-family ipv6 unicast
      send-community
      route-map RPL-AS212815FRR-CUST-IN-V6 in
      route-map RPL-AS212815FRR-CUST-OUT-V6 out
      maximum-prefix 20
      next-hop-self
      soft-reconfiguration inbound always

route-map RPL-AS212815FRR-CUST-IN-V6 permit 100
  description "FRR Dyjix"
  match ipv6 address prefix-list PFX-AS212815FRR-IRR-V6

route-map RPL-AS212815FRR-CUST-OUT-V6 permit 100

I want to apply 100:999 community and not announce this community to peers, because it's a private community.

Can you help me and write config ?

I'have tested lot of things and prefixes are rejected if I apply "set community 100:999 no-export" in "IN" of route map.

edge01.par9k(config-route-map)# sh ipv6 bgp neighbors 2a10:4640:1::3 received-routes 

Peer 2a10:4640:1::3 routes for address family IPv6 Unicast:
BGP table version is 4949750, Local Router ID is 193.38.250.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2

   Network            Next Hop            Metric     LocPrf     Weight Path
* i2a0c:b641:140::/44 2a10:4640:1:cafe::22
                                                        100          0 211448 i
* i2a10:4646:10::/48  2a10:4640:1:cafe::18
                                               0        100          0 212124 i
* i2a10:4646:11::/48  2a10:4640:1:cafe::12
                                               0        100          0 212106 i
* i2a10:4646:15::/48  2a10:4640:1:cafe::16
                                               0        100          0 212066 i
* i2a10:4646:16::/48  2a10:4640:1:cafe::17
                                               0        100          0 212022 i
* i2a10:4646:60::/44  2a10:4640:1:cafe::12
                                               0        100          0 212106 i
* i2a10:4646:70::/44  2a10:4640:1:cafe::1e
                                               0        100          0 211405 i
* i2a10:4646:90::/44  2a10:4640:1:cafe::1f
                                               0        100          0 211374 i
* i2a10:4647::/48     2a10:4640:1:cafe::13
                                               0        100          0 50046 i
* i2a10:4647:1::/48   2a10:4640:1:cafe::13
                                               0        100          0 50046 i
* i2a10:4647:2::/48   2a10:4640:1:cafe::13
                                               0        100          0 50046 i

edge01.par9k(config-route-map)# no set community 100:999 no-export

edge01.par9k(config-route-map)# sh ipv6 bgp neighbors 2a10:4640:1::3 received-routes 

Peer 2a10:4640:1::3 routes for address family IPv6 Unicast:
BGP table version is 4949814, Local Router ID is 193.38.250.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2

   Network            Next Hop            Metric     LocPrf     Weight Path
*>i2a0c:b641:140::/44 2a10:4640:1:cafe::22
                                                        100          0 211448 i
*>i2a10:4646:10::/48  2a10:4640:1:cafe::18
                                               0        100          0 212124 i
*>i2a10:4646:11::/48  2a10:4640:1:cafe::12
                                               0        100          0 212106 i
*>i2a10:4646:15::/48  2a10:4640:1:cafe::16
                                               0        100          0 212066 i
*>i2a10:4646:16::/48  2a10:4640:1:cafe::17
                                               0        100          0 212022 i
*>i2a10:4646:60::/44  2a10:4640:1:cafe::12
                                               0        100          0 212106 i
*>i2a10:4646:70::/44  2a10:4640:1:cafe::1e
                                               0        100          0 211405 i
*>i2a10:4646:90::/44  2a10:4640:1:cafe::1f
                                               0        100          0 211374 i
*>i2a10:4647::/48     2a10:4640:1:cafe::13
                                               0        100          0 50046 i
*>i2a10:4647:1::/48   2a10:4640:1:cafe::13
                                               0        100          0 50046 i
*>i2a10:4647:2::/48   2a10:4640:1:cafe::13
                                               0        100          0 50046 i

Thanks

Axel

Harold Ritter · ‎07-14-2021

Hi Axel,

You can't rely on either the "routes received" nor "received-routes", as both variations of the "show ip bgp neighbor" command use the "soft-reconfiguration inbound" feature and as discussed yesterday, there seems to be an issue with these commands not indicating that the path is best (">") when the received path has been altered. I would recommend the "show ip bgp neighbor x.x.x.x routes" instead.

The following command also indicates that this path is the best:

edge01.par9k(config-route-map)# sh bgp ip unicast 5.8.249.0/24
BGP routing table information for VRF default, address family IPv4 Unicast
BGP routing table entry for 5.8.249.0/24, version 28303228
Paths: (2 available, best #1)
Flags: (0x08001a) (high32 00000000) on xmit-list, is in urib, is best urib route, is in HW

  Advertised path-id 1
  Path type: external, path is valid, is best path, no labeled nexthop, in rib
  AS-Path: 211492 , path sourced external to AS
    185.171.202.230 (metric 0) from 185.171.202.230 (5.8.249.1)
      Origin IGP, MED 0, localpref 100, weight 0
      Community: 999:100

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

View solution in original post

MHM Cisco World · ‎07-05-2021

"no-export"

no-export
ibgp2-ibgp1ebgp-ebgp2

ebgp2 will advertise prefix toward ibgp1ebgp and here the no-export will use which make ibgp1ebgp not advertise prefix to ibgp2. so it will apply to only outbound.
So can you share topology of your network?

Giuseppe Larosa · ‎07-05-2021

Hello Axel,

no export cannot be used as it meand do not advertise to other ASes and this is not what you want.

First of all you need to consider to use in your route-maps :

set community 100:999 additive

this way the value is added to received values and it does not take the place of existing BGP communities.

in sending out you can take advantage of the community delete feature

ip community-list 11 permit 100:999

route-map CUSTOMER-OUT permit 10

match ...

set community delete 11

This should be able to remove the community value from sent advertisements to other customers.

Hope to help

Giuseppe

axelhauguel · ‎07-06-2021

Hi @Giuseppe Larosa @MHM Cisco World

Thanks for explanation.

I will work on it today and I tell you if it's work.

Thanks a lot for your help

Axel

axelhauguel · ‎07-06-2021

Hello,

I'have applied BGP community on received prefixes for customer but all prefixes are now rejected (not best path)

edge01.par9k(config)# route-map RPL-AS212815FRR-CUST-IN-V6 permit 100
edge01.par9k(config-route-map)# set community 100:999 additive

edge01.par9k(config-route-map)# sh ipv6 bgp neighbors 2a10:4640:1::3  received-routes 

Peer 2a10:4640:1::3 routes for address family IPv6 Unicast:
BGP table version is 5215643, Local Router ID is 193.38.250.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2

   Network            Next Hop            Metric     LocPrf     Weight Path
* i2a0c:b641:140::/44 2a10:4640:1:cafe::22
                                                        100          0 211448 i
* i2a10:4646:10::/48  2a10:4640:1:cafe::18
                                               0        100          0 212124 i
* i2a10:4646:11::/48  2a10:4640:1:cafe::12
                                               0        100          0 212106 i
* i2a10:4646:15::/48  2a10:4640:1:cafe::16
                                               0        100          0 212066 i
* i2a10:4646:16::/48  2a10:4640:1:cafe::17
                                               0        100          0 212022 i
* i2a10:4646:60::/44  2a10:4640:1:cafe::12
                                               0        100          0 212106 i
* i2a10:4646:70::/44  2a10:4640:1:cafe::1e
                                               0        100          0 211405 i
* i2a10:4646:90::/44  2a10:4640:1:cafe::1f
                                               0        100          0 211374 i
* i2a10:4647::/48     2a10:4640:1:cafe::13
                                               0        100          0 50046 i
* i2a10:4647:1::/48   2a10:4640:1:cafe::13
                                               0        100          0 50046 i
* i2a10:4647:2::/48   2a10:4640:1:cafe::13
                                               0        100          0 50046 i

Any idea?

`

edge01.par9k(config-route-map)# sh bgp ipv6 unicast 2a10:4646:15::/48
BGP routing table information for VRF default, address family IPv6 Unicast
BGP routing table entry for 2a10:4646:15::/48, version 5216351
Paths: (2 available, best #1)
Flags: (0x08001a) (high32 00000000) on xmit-list, is in u6rib, is best u6rib route, is in HW

  Advertised path-id 1
  Path type: internal, path is valid, is best path, no labeled nexthop
  AS-Path: 212066 , path sourced external to AS
    2a10:4640:1:cafe::16 (metric 0) from 2a10:4640:1::3 (169.7.7.1)
      Origin IGP, MED 0, localpref 100, weight 0
      Community: 100:999 

  Path type: internal, path is valid, received only, no labeled nexthop
  AS-Path: 212066 , path sourced external to AS
    2a10:4640:1:cafe::16 (metric 0) from 2a10:4640:1::3 (169.7.7.1)
      Origin IGP, MED 0, localpref 100, weight 0

  Path-id 1 advertised to peers:
    2001:7f8:54::63    2001:7f8:54::118    2001:7f8:54::174    2001:7f8:54::250
    2001:7f8:54::251    2001:7f8:54::1:65    2001:7f8:54::1:166    2001:7f8:54::1:176
    2a0f:9240:cafe:1::d    2a10:4640:1:cafe::20

edge01.par9k(config-route-map)#

Maybe the reason :

edge01.par9k(config-route-map)# show logging | in "2a10:4646:16::/48"
2021 Jul  6 13:15:08 edge01.par9k %IPFIB-SLOT1-2-UFIB_ROUTE_CREATE: Unicast route create failed for INS unit 0, VRF: 1, 2a10:4646:16::/48, flags:0x0, intf:0x100425, Error: Hw Trie full(201)
2021 Jul  6 13:15:32 edge01.par9k %IPFIB-SLOT1-2-UFIB_ROUTE_CREATE: Unicast route create failed for INS unit 0, VRF: 1, 2a10:4646:16::/48, flags:0x0, intf:0x100425, Error: Hw Trie full(201)
2021 Jul  6 13:19:50 edge01.par9k %IPFIB-SLOT1-2-UFIB_ROUTE_CREATE: Unicast route create failed for INS unit 0, VRF: 1, 2a10:4646:16::/48, flags:0x0, intf:0x100425, Error: Hw Trie full(201)
2021 Jul  6 13:21:12 edge01.par9k %IPFIB-SLOT1-2-UFIB_ROUTE_CREATE: Unicast route create failed for INS unit 0, VRF: 1, 2a10:4646:16::/48, flags:0x0, intf:0x100425, Error: Hw Trie full(201)

Thanks

Axel

axelhauguel · ‎07-07-2021

Hello Giuseppe,

I'have retry on a IPv4 customer because i'have not route problem on IPv4.

I'have set community additive on customer.

But after that, the route is not market as "best" in sh ip bgp neighbor.

Do you have an idea ?

edge01.par9k(config-route-map)# sh bgp ip unicast 45.13.116.0/24 
BGP routing table information for VRF default, address family IPv4 Unicast
BGP routing table entry for 45.13.116.0/24, version 20962180
Paths: (2 available, best #1)
Flags: (0x08001a) (high32 00000000) on xmit-list, is in urib, is best urib route, is in HW

  Advertised path-id 1
  Path type: external, path is valid, is best path, no labeled nexthop, in rib
  AS-Path: 47484 , path sourced external to AS
    185.171.202.246 (metric 0) from 185.171.202.246 (169.8.8.8)
      Origin IGP, MED not set, localpref 100, weight 0
      Community: 100:999 

  Path type: external, path is valid, received only, no labeled nexthop
  AS-Path: 47484 , path sourced external to AS
    185.171.202.246 (metric 0) from 185.171.202.246 (169.8.8.8)
      Origin IGP, MED not set, localpref 100, weight 0

  Path-id 1 advertised to peers:
    37.49.236.63       37.49.236.118      37.49.236.174      37.49.236.250  
    37.49.236.251      37.49.237.65       37.49.237.166      37.49.237.176  
    100.64.70.5        185.171.202.92     185.171.202.199    185.171.202.204
    185.171.202.230

edge01.par9k(config-route-map)#

edge01.par9k(config-route-map)# sh ip bgp neighbors 185.171.202.246 received-routes 

Peer 185.171.202.246 routes for address family IPv4 Unicast:
BGP table version is 20962319, Local Router ID is 193.38.250.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2

   Network            Next Hop            Metric     LocPrf     Weight Path
* e45.13.116.0/24     185.171.202.246                                0 47484 i

edge01.par9k(config-route-map)#

There no "*>e45.13.116.0/24"

Thanks

MHM Cisco World · ‎07-11-2021

Hi Friend sorry but I was some busy,
Any News ?

axelhauguel · ‎07-11-2021

Hi,

Seem not linked with Hw trie full. Because i'have space for Hw trie in IPv6 and i'have the same problem : when I apply BGP community, route are dropped.

Can you tell me all commands need to be done (to confirm) ?

Thanks

MHM Cisco World · ‎07-11-2021

R1-R2
As I understand the issue here is that
in R2 you tag the INBOUND prefix and then filter this tag in OUTBOUND,
I think this is not possible,
instead tag the prefix OUTBOUND in R1 and use filter in R2 INBOUND.

Harold Ritter · ‎07-11-2021

Hi Axel,

This is unusual, as the prefix says it is best.

edge01.par9k(config-route-map)# sh bgp ip unicast 45.13.116.0/24 
BGP routing table information for VRF default, address family IPv4 Unicast
BGP routing table entry for 45.13.116.0/24, version 20962180
Paths: (2 available, best #1)
Flags: (0x08001a) (high32 00000000) on xmit-list, is in urib, is best urib route, is in HW

  Advertised path-id 1
  Path type: external, path is valid, is best path, no labeled nexthop, in rib
  AS-Path: 47484 , path sourced external to AS
    185.171.202.246 (metric 0) from 185.171.202.246 (169.8.8.8)
      Origin IGP, MED not set, localpref 100, weight 0configuration 
      Community: 100:999

I see you are using "soft-reconfiguration inbound". Just to eliminate the possibility of a memory issue, can you remove the "soft-reconfiguration inbound" from your configuration and see if it helps. I normally recommend against using "soft-reconfiguration inbound" anyway as using clear soft inbound bgp command has the same results and consumes less memory.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

axelhauguel · ‎07-12-2021

Hello Harold,

I'have tested to remove soft configuration inbound but I cannot more run "sh ip bgp neighbor x.x.x.x received-routes".

I'have recorded my screen to see : https://youtu.be/gadiOO8XZtc

I can send you my running-config if you can help me please (very needed :-)))

Thanks

Axel

Harold Ritter · ‎07-12-2021

Hi Axel,

The "show ip bgp neighbor x.x.x.x received-routes" is indeed used specifically for when "soft-reconfiguration inbound" is configured. You can use "show ip bgp neighbor x.x.x.x routes" instead.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

axelhauguel · ‎07-12-2021

Hi Harold,

Thanks for your help. It work without soft reconfiguration inbound.

Can you tell me exactly what this option is for and what is its impact?

Is there really no way to make this work with the soft inbound reconfiguration always?

Thank you

edge01.par9k(config-route-map)# set community additive 999:100
edge01.par9k(config-route-map)# router bgp 212815
edge01.par9k(config-router)# template peer NBRGRP-AS47484-CUST-V4
edge01.par9k(config-router-neighbor)# address-family ipv4 unicast 
edge01.par9k(config-router-neighbor-af)# no so
soft-reconfiguration   soo                    
edge01.par9k(config-router-neighbor-af)# no soft-reconfiguration inbound
edge01.par9k(config-router-neighbor-af)# show ip bgp neighbor 185.171.202.246 routes

Peer 185.171.202.246 routes for address family IPv4 Unicast:
BGP table version is 26519191, Local Router ID is 193.38.250.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2

   Network            Next Hop            Metric     LocPrf     Weight Path
*>e45.13.116.0/24     185.171.202.246                                0 47484 i

edge01.par9k(config-router-neighbor-af)# show ip bgp neighbor 185.171.202.246 routes

Peer 185.171.202.246 routes for address family IPv4 Unicast:
BGP table version is 26519212, Local Router ID is 193.38.250.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2

   Network            Next Hop            Metric     LocPrf     Weight Path
*>e45.13.116.0/24     185.171.202.246                                0 47484 i

edge01.par9k(config-router-neighbor-af)# sh bgp ip unicast 45.13.116.0/24 
BGP routing table information for VRF default, address family IPv4 Unicast
BGP routing table entry for 45.13.116.0/24, version 26519046
Paths: (1 available, best #1)
Flags: (0x08001a) (high32 00000000) on xmit-list, is in urib, is best urib route, is in HW

  Advertised path-id 1
  Path type: external, path is valid, is best path, no labeled nexthop, in rib
  AS-Path: 47484 , path sourced external to AS
    185.171.202.246 (metric 0) from 185.171.202.246 (169.8.8.8)
      Origin IGP, MED not set, localpref 100, weight 0
      Community: 999:100 

  Path-id 1 advertised to peers:
    37.49.236.63       37.49.236.118      37.49.236.174      37.49.236.250  
    37.49.236.251      37.49.237.65       37.49.237.166      37.49.237.176  
    100.64.70.5        185.171.202.183    185.171.202.199    185.171.202.204
    185.171.202.230

edge01.par9k(config-router-neighbor-af)# show ip bgp neighbor 185.171.202.246 routes

Peer 185.171.202.246 routes for address family IPv4 Unicast:
BGP table version is 26519269, Local Router ID is 193.38.250.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2

   Network            Next Hop            Metric     LocPrf     Weight Path
*>e45.13.116.0/24     185.171.202.246                                0 47484 i

edge01.par9k(config-router-neighbor-af)#

Harold Ritter · ‎07-12-2021

Hi Axel,

It kind of confirms that this problem could be related to memory contraints.

The "soft-reconfiguration inbound" causes BGP to keep an untouched copy of all the paths received from the peer where it is applied, which obviously causes the memory consumption to be higher than without this feature.

The goal of this feature was to be able to do a "clear ip bgp soft <neighbor> in" and to reprocess all of the updates received from a neighbor without reseting the BGP session. This was used in case you had changed an inbound policy and wanted to reprocess the updated through that new policy.

But since then, the "route refresh capability" (RFC2918) has been standardized and implemented, which defeats the purpose of keeping a copy of all the updates received from a neighbor just in case you need to reprocess them. If you ever need to reprocess the updates, the route refresh capability allows you to dynamically ask the neighbor to resend all of the updates one more time without having to reset the session.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

axelhauguel · ‎07-12-2021

For your information, i'have put again soft-reconfiguration inbound always and with your command I see the route and not with old command :

Spoiler

edge01.par9k(config-router-neighbor-af)# sh ip bgp neighbors 185.171.202.246 received-routes

Peer 185.171.202.246 routes for address family IPv4 Unicast:

BGP table version is 26520113, Local Router ID is 193.38.250.1

Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best

Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected

Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2

Network Next Hop Metric LocPrf Weight Path

* e45.13.116.0/24 185.171.202.246 0 47484 i

edge01.par9k(config-router-neighbor-af)# sh ip bgp neighbors 185.171.202.246 routes

Peer 185.171.202.246 routes for address family IPv4 Unicast:

BGP table version is 26520116, Local Router ID is 193.38.250.1

Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best

Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected

Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2

Network Next Hop Metric LocPrf Weight Path

*>e45.13.116.0/24 185.171.202.246 0 47484 i

edge01.par9k(config-router-neighbor-af)#

edge01.par9k(config-router-neighbor-af)# sh ip bgp neighbors 185.171.202.246 received-routes Peer 185.171.202.246 routes for address family IPv4 Unicast:BGP table version is 26520113, Local Router ID is 193.38.250.1Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-bestPath type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injectedOrigin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2 Network Next Hop Metric LocPrf Weight Path* e45.13.116.0/24 185.171.202.246 0 47484 i edge01.par9k(config-router-neighbor-af)# sh ip bgp neighbors 185.171.202.246 routes Peer 185.171.202.246 routes for address family IPv4 Unicast:BGP table version is 26520116, Local Router ID is 193.38.250.1Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-bestPath type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injectedOrigin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2 Network Next Hop Metric LocPrf Weight Path*>e45.13.116.0/24 185.171.202.246 0 47484 i edge01.par9k(config-router-neighbor-af)#

is there a reason ?