Hello Hemant,
Well, it's Sunday and pushing people to solve your issue in two hours isn't going to speed up the process - this isn't TAC, this is a voluntary forum
Anyway, regarding your issue. This is what I believe is the sequence of steps causing the routing loop:
- When the BGP peering between TCL1 and DCP is deactivated, DCS will learn about 1.1.1.1 from TCL1, redistributes it into EIGRP and advertises it to DCP with AD=170. Hence, DCP knows about the network from DCS via EIGRP. As the BGP process on DCP still runs, just a peering is deactivated, you may verify using show ip bgp that DCP still has the 1.1.1.1 network in the BGP database, thanks to the redistribution from EIGRP into BGP. At this point, DCP points to DCS, and DCS points to TCL1.
- When the BGP peering between TCL1 and DCP is reestablished, BGP on DCP advertises 1.1.1.1 to TCL1 in a race condition (DCP is sooner at sending the update than TCL1). Because the local preference on TCL1 is set to 200 while the default local preference for all other route sources is 100, TCL1 prefers BGP-learned routes from DCP rather than trusting the original path towards Branch.
- What you now have is TCL1 pointing back to DCP, and DCP still pointing to DCS and DCS pointing to TCL1. A routing loop is thus created.
A correct solution would be to make a PE ignore routes received from a customer site that have been advertised to the site via the same or another PE. Ideally, this would be accomplished by tagging the routes at TCL1 when sending them to DCP and DCS and dropping the routes received from DCP and DCS if they carry the same tag. The problem is, however, that DCP and DCS perform BGP-and-EIGRP redistribution and the tag value may be lost in this redistribution, voiding this protection.
An alternative way of solving this is to use the BGP Site of Origin extended community attribute. Although originally created to prevent routing loops that occur for customer site-internal routes, it should help in this scenario as well:
- TCL1 will mark both DCP and DCS BGP peers with a particular identical SoO value
- Routes received from both DCP and DCS will be marked on TCL1 with the configured SoO value
- A route marked with a SoO value will never be advertised from TCL1 to a BGP peer configured with the same SoO value
How is this going to help us here? Well, assume that after the BGP peering between TCL1 and DCS comes up. DCS sends the 1.1.1.1 to TCL1, and TCL1 will mark it with a SoO attribute, say, SoO:64670:1. It will at first converge towards DCP, creating a temporary routing loop. However, as the 1.1.1.1 carries the SoO attribute of SoO:64670:1, it must not be advertised to DCS which carrier the same SoO attribute. Therefore, TCL1 shall withdraw the 1.1.1.1 from DCS. The 1.1.1.1 will thus be removed from DCS's routing table and will be removed from EIGRP as well. This in turn will cause the DCP to stop advertising the 1.1.1.1 in BGP back to TCL1, breaking the loop and allowing the TCL1 to reconverge on the correct path. Note that this solution is not perfect in that it potentially allows for a temporary routing loop to occur.
The configuration on TCL1 is very easy - simply add these commands:
router bgp 4755
address-family ipv4 vrf TATA-DBC
neighbor 10.80.80.2 soo 64670:1
neighbor 10.90.90.2 soo 64670:1
This should do the trick. Please note that as I explained earlier, the SoO is originally intended for a different purpose but it does prevent a route learned from a customer site to be readvertised to that site, which is a part of the routing loop problem you are facing.
If you want to read more about SoO attribute please visit these documents and discussions:
http://www.cisco.com/en/US/docs/ios/ios_xe/iproute_bgp/configuration/guide/irg_neighbor_soo_xe.html
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/L3VPNCon.html#wp359897
https://supportforums.cisco.com/message/3536081#3536081
https://supportforums.cisco.com/message/3740364#3740364
Best regards,
Peter
