Solved: Re: Static route being ignored when traffic comes from MPLS neighbor - Page 2

7tsommer · ‎10-14-2022

Given this setup:

R1 and R2 are ASR9Ks running IOS-XR, and R3 is an ASR920 running IOS-XE

We have MPLS with MP-BGP running between R2 and R3 (with OSPF as the underlay in the default VRFs on those routers). Routing between R1 and R2 on the production circuit is strictly OSPF, with the protocol running in VRF3 for R2. We built a bypass link for rerouting traffic around the OSPF link with static routes for testing some things. We have no routing protocols running across the bypass link, but we do have "redistribute connected" configured in OSPF. Both of the links (the OSPF production link and bypass link) from R1 to R2 exist in the default VRF on R1 and in VRF3 on R2. There are also ports on R3 that exist in VRF3. There is no MPLS between R1 and R2.

Under normal circumstances, R1 advertises a default route to R2, which propagates it to R3 via MP-BGP and the rest of the network in VRF3. We want to be able to bypass the OSPF link between R1 and R2 for testing by using static /32 routes on both ends. On R2, the static route is in VRF3.

When we install a static route and look at the VRF3 routing table on R2, it indeed shows only one path to the destination - the /32 static we configured. When we run traces on R2 in that VRF towards the destination in the static route (westbound, beyond R1), it shows R1's side of the bypass link in the traceroutes as expected.

However, when we run traces from VRF3 on R3 to the same destination, R2 still forwards those packets across the OSPF link between R1 and R2. Since we're not redistributing the static bypass route, R3 still uses the default route to send the traffic to R2. But why, if R2 itself does have that static route and does show it to be the only path to the destination, is it sending R3's traffic through the default route path via the OSPF link?

From what I can tell, R3 is popping the label off when sending traffic towards the default route to R2. So shouldn't R2 treat it as just another packet on VRF3 and use the static route to send it across the bypass link? What is making it ignore that when receiving traffic from R3 over the MPLS link? I looked at the CEF table, and the only entry for the static destination is the static route over the bypass link, but traces from R3 to that same destination still show the OSPF link as the next-hop. What is causing R2 to forward it using the VRF3 OSPF default route instead of the static?

We did notice that redistributing that static into BGP caused R2 to forward R3's VRF3 traffic through the bypass link, but we really want to avoid redistributing those statics at all. Redistributing into BGP caused routing loops because it was being redistributed into OSPF elsewhere and propagated to R1, so R1 was just sending back to R2 and thus looping. We're trying to avoid having to do a bunch of other configuration work on R2 and other adjacent OSPF routers to prevent these loops. Seems like there should be something we can do on R2 to get it to treat R3's VRF3 traffic like any other port on R2 in that VRF, thus causing it to use the static route to send the traffic across the bypass link.

Harold Ritter · ‎10-14-2022

No need for the

redistribute connected

Just the

redistribute static

is enough

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

MHM Cisco World · ‎10-14-2022

@7tsommer as Mr @Harold Ritter mention, can you confirm that you redistribute the static?

7tsommer · ‎10-18-2022

Redistributing the static into MP-BGP got the traces to work as expected. We'll need to explore the potential impact of changing from

 per-prefix to per-vrf

in MPLS if we want to remove that. Unfortunately, redistributing the static into BGP causes some other mutual redistribution issues with OSPF down the line. We have a workaround in place, but it's not as elegant as not having to redistribute at all.

Harold, are you aware of any useful resources that discuss the impact of migrating from

per-prefix to per-vrf?

Is that a locally significant change, or would it have to be network-wide? I'll be googling for more info as well, but please share if you have any useful resources that talk about the impact of this change.

MHM Cisco World · ‎10-18-2022

""Unfortunately, redistributing the static into BGP causes some other mutual redistribution issues with OSPF down the line. ""
I return to your original post, yes there is dual point redistribute issue if you redistribute static to BGP then redistribute BGP into OSPF the R1 will have prefix from OSPF.

sorry I was must read your post carful anyway,
you can solve this
redistribute static into BGP
and use

route-map

to deny prefix (static route) when redistribute the BGP into OSPF.

this my opinion for this issue.

7tsommer · ‎10-18-2022

MHM Cisco World, unfortunately, filtering those statics in the BGP-to-OSPF redistribution by way of prefix-sets is not scalable. We would have to update prefix-sets on all routers in that OSPF domain because they would all also be getting the BGP routes. I did try using a BGP community to tag the routes when redistributing from static to BGP in hopes that I could use that community to deny redistribution from BGP to OSPF, but unfortunately you can't use communities for that.

Harold Ritter · ‎10-19-2022

Hi @7tsommer ,

although you can't use the BGP community directly to filter when redistributing from BGP to OSPF, you can certainly do it indirectly using the following technique.

route-policy bgp2rib

  if community matches-any COMM-TEST then

    set tag 999

  endif

  pass

end-policy

!

route-policy bgp2ospf

  if tag eq 999 then

    drop

  endif

  pass

end-policy

!

router ospf 109

 redistribute bgp 109 route-policy bgp2ospf

router bgp 109

 address-family ipv4 unicast

  table-policy bgp2rib

 !

You first match the community when installing the route in the RIB using a table-policy. If it matches the community you used when redistributing the static into BGP, you set the tag to a given value that you can later match when redistributing BGP to OSPF.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

7tsommer · ‎10-22-2022

Harold! Thank you so much for that! I completely forgot about the table-policy command. That was the final icing on the cake to get things working exactly as needed.

Harold Ritter · ‎10-18-2022

Hi @7tsommer ,

> Harold, are you aware of any useful resources that discuss the impact of migrating from

per-prefix to per-vrf?

Is that a locally > significant change, or would it have to be network-wide? I'll be googling for more info as well, but please share if you have any > useful resources that talk about the impact of this change.

The change would only need to be done locally on R2. As moving to

per-vrf

implies two lookups for each packets, you can definitely expect a performance hit as stated in the following document.

https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r7-1/routing/configuration/guide/b-routing-cg-asr9000-71x/b-routing-cg-asr9000-71x_chapter_010.html#concept_9B625C57192B415BAFDA8D4C5653C9FA

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México