01-15-2024 06:59 AM - last edited on 01-22-2024 10:06 PM by Translator
Hi,
We have a 3 x DC architecture that can be summarised as per below:
DC1 - West London
DC2 - Telehouse West
DC3 - Telehouse North
DC1 has an ethernet metro line directly to DC2 and DC3 and likewise DC2 and DC3 have a X-Connect within Telehouse, thus forming a tringle.
Originally all of our external traffic from West London (DC1) exited via Ethernet metro to Telehouse North.
To upgrade the connectivity and create DC redundancy, I organised better bandwidth uplinks from Telehouse West.
At DC2 and DC3 as well as transit connectivity we also have LINX Connectivity.
I now have traffic exiting our network via Telehouse West, thus allowing us to upgrade Telehouse North, or should be, except for one issue as explained below:
Traffic destined for the outside world is still traversing Telehouse North (DC3) first and then Telehouse West (DC2) instead of direct to Telehouse West.
Unfortunatly, I am on a network that cannot be "Down" for any reason (other than the obvious complete hardware failure etc).
The internal routing is being handled by ISIS/MPLS and given that I am not a Cisco expert (worked on Juniper mainly over the past several years), I was hoping someone may be able to aid in resolving how I can get the routing changed to go direct over the ethernet metro from DC1 to DC2 without going to DC3 first.
On top of that, I cannot make use of the upgraded LINX connectivity at DC2 because of the above issue. The BGP open packet wants to exit via DC3 and LINX Collector naturally sees this from the wrong address and drops the packets.
Here is the ISIS/MPLS configs I can see on DC1:
router isis 40000
vrf VFM
net 49.4000.4013.4013.00
metric-style wide
redistribute connected
router isis
router isis <ASN>
net 49.3323.9613.9613.00
metric-style wide
redistribute connected
redistribute static ip
maximum-paths 8
address-family ipv6
multi-topology
redistribute connected
redistribute static
exit-address-family
And DC3:
router isis <ASN>
net 49.3323.9612.9614.00
metric-style wide
metric 100
redistribute connected
redistribute static ip
maximum-paths 8
distance 100 clns
address-family ipv6
multi-topology
redistribute connected
redistribute static
exit-address-family
And DC2:
router isis 40000
vrf VFM
net 49.4000.4011.4011.00
metric-style wide
redistribute connected
router isis MULTICAST
net 31.3131.3131.3131.00
metric-style wide
router isis <ASN>
net 49.3323.9611.9611.00
metric-style wide
metric 100
redistribute connected
redistribute static ip
maximum-paths 8
distance 100 clns
address-family ipv6
multi-topology
redistribute connected
redistribute static
exit-address-family
If any other information is required then please let me know and I will supply.
Many thanks
Solved! Go to Solution.
01-21-2024 03:32 PM - edited 01-21-2024 04:25 PM
Hi @CliveG ,
> The maximum packet size I can ping with the df-bit set is MTU 9168.
It looks like we found the issue. This certainly explain why the hello packets do reach between DC1 and DC2.
> mtu 9216 at both ends and the is-is neighbor is UP as shown below (lab):
Bear in mind that in the lab you control the underlay transport (probably back to back between DC1 and DC2). Who provides the transport between the production DC1 and DC2? Most probably a 3rd party and they certainly have specifications on the maximum MTU size they support in their transport network.
As a test, you might want to configure "no isis hello padding always" on the port channel interface on both side and verify that the adjacency comes up. But in the end, the real solution is to adjust the MTU to reflect what is supported by the underlay network.
Regards,
01-15-2024 01:07 PM
Hi @CliveG ,
> The BGP open packet wants to exit via DC3
Is the BGP peer address a DC2 directly connected prefix?
If so it should use the directly connected link from DC1 to DC2. Is the ISIS neighbor relationship up between DC1 and DC2?
Regards,
01-16-2024 09:43 AM - last edited on 01-22-2024 10:09 PM by Translator
Hi Harold,
So, from what I can see of the neighbor relationships, everything goes to DC3. No wonder everything routes that way. See below neighbor relationships for L1 and L2 IS-IS:
DC1:
DC3 L1 Te2/5/10 xxx.xxx.xxx.xxx UP 8 DC3-THN.03
DC3 L2 Te2/5/10 xxx.xxx.xxx.xxx UP 9 DC3-THN.03
DC2:
DC3 L1 Po511 xxx.xxx.xxx.xxx UP 9 DC3-THN.02
DC3 L2 Po511 xxx.xxx.xxx.xxx UP 7 DC3-THN.02
DC3:
DC2 L1 Po211 xxx.xxx.xxx.xxx UP 26 DC3-THN.02
DC2 L2 Po211 xxx.xxx.xxx.xxx UP 22 DC3-THN.02
DC1 L1 Te1/5/16 xxx.xxx.xxx.xxx UP 27 DC3-THN.03
DC1 L2 Te1/5/16 xxx.xxx.xxx.xxx UP 23 DC3-THN.03
So, the question now would be, how can I get the neighbor relationship up between DC1 and DC2 without affecting any operations of DC3 please?
Many thanks for the help thus far.
01-16-2024 12:56 PM
Hi @CliveG ,
You need to configure ISIS on the interface between DC1 and DC2, just like you already do for the interface between DC1 and DC3.
Regards,
01-16-2024 01:08 PM
@Harold Ritter his issue not in bgp.
@CliveG I remember your old post about connect three DC.
Please share your topolgy here make Mr @Harold Ritter check it and suggest solution to you.
Thanks a lot
MHM
01-17-2024 02:53 AM
Hi MHM
There is an iBGP relationship between DC1 and DC2 but, as per what I have noted above, the external routes learned are via DC3. As per the discussion with Harold, my guess is because the igp (is-is) has no neighbor relationship between DC1 and DC2.
I am preparing a GNS3 lab to see what happens to the routing when I create an is-is relationship between DC1 and DC2.
I will update when this has been completed.
Thank you both for your help.
01-17-2024 03:26 AM
in BGP you need to see two neighbor in each site
for example DC1 must see two neighbor DC2 and DC3
and if the prefix learn from DC2 (ibgp) not direct from DC3(ebgp) that meaning the best path select ibgp over bgp
this can happened when you LP (inbound or outbound in neighbor) or weight inbound
MHM
01-17-2024 04:56 AM - last edited on 01-22-2024 10:20 PM by Translator
Hi,
I have just completed a quick check of the ip bgp summary for each DC and it shows as follows:
DC1:
DC2 4 <ASN> 14095246 269514 1783976404 0 0 24w0d 918371
DC3 4 <ASN> 45156394 278323 1783976404 0 0 24w0d 23
DC3:
DC2 4 <ASN> 14249640 45004489 174503500 0 0 24w0d 918357
DC1 4 <ASN> 278325 45156396 174503500 0 0 24w0d 28
DC2:
DC1 4 <ASN> 269517 14095562 241046999 0 0 24w0d 28
DC3 4 <ASN> 45004490 14249803 241046999 0 0 24w0d 28
So, DC1 is getting the full internet routing table from DC2. But here is a read out from the routing tables at DC1 and also the traceroute for the address 8.8.8.8:
Routing Entry for 8.8.8.8 on DC1:
Routing entry for 8.8.8.0/24
Known via
bgp <ASN>
distance 200, metric 2020
Tag 174, type internal
Last update from DC2 1w3d ago
Routing Descriptor Blocks:
* DC2, from DC2, 1w3d ago
Route metric is 2020, traffic share count is 1
AS Hops 3
Route tag 174
MPLS label: none
Traceroute from DC1 to 8.8.8.8:
1 <DC3> [MPLS: Label 50 Exp 0] 0 msec 0 msec 0 msec
2 <DC2 X-Connect port> 0 msec 4 msec 0 msec
3 <Cogent transit ISP>[AS 174] 0 msec 0 msec 4 msec
As you can see with the first hop, there is also an MPLS Label, hence why I titled the subject as MPLS/IS-IS.
Unfortunatly, this network was set up way before I joined the company and looks to me like it was just set up to "work" and then made live with no planning at all. There is zero documentation like HLDs or LLDs that may explain some of it. There was a handover video but the only thing really discussed in that is the sfp's. No help at all.
If there is any more config I can supply then please let me know.
01-17-2024 05:35 AM
Hi @CliveG ,
Did you add the configuration to add an ISIS neighbour between DC1 and DC2. Without this, traffic from DC1 to Internet will continue to go through DC3.
Regards,
01-17-2024 06:48 AM
Hi Harold,
I cannot do that as of yet because we are running C6880 and I cannot emulate that on GNS3. However, we do have a lab, but I will not be in the DC(1) until tomorrow. I do not want to do this on a live network that cannot afford any downtime without knowing the exact result.
I'll update once I have completed this.
Thank you
01-17-2024 06:55 AM
@Harold Ritter I ask him to draw topolgy to make clear to you I think he is busy
so let me summary what I know about this issue
DC1, DC2 and DC3 are connect via L2VPN xconnect and traffic between DC1 and DC2 is pass through DC3
it not take the direct connection between DC1 and DC2 (if there is)
so we must focus in IGP not BGP, in end BGP is peer-to-peer and need reachability that IGP response of.
hope I am correct @CliveG
thanks a lot
MHM