Re: SDWAN cEdge not allowing two BGP instances on different VPN/VRFs

netcast · ‎07-12-2023

Hello!

In my SDWAN topology I have multiple cEdge's with one link connecting to the internet and another link connecting to MPLS. On the MPLS link I am running eBGP. I am trying to run iBGP on the service VPN and I keep getting an error in vManage:

[12-Jul-2023 15:11:38 UTC] Failed to update configuration - too many /ncs:devices/device{vip_internal_temp_device_CSR-0B1B7F16-6504-76D6-D883-BED7D5056FD4-00166a58-c58b-4537-8b68-ca310a93a45e}/config/native/router/bgp, 2 configured, at most 1 must be configured

Is it not possible to run an iBGP instance along side an eBGP instance on separate VPN/VRFs?

MHM Cisco World · ‎07-12-2023

Can I see config you use.

netcast · ‎07-12-2023

!
vrf definition 1
description Service_VPN1
rd 1:1
!
address-family ipv4
route-target export 1:1
route-target import 1:1
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition 65528
!
address-family ipv4
exit-address-family
!
vrf definition Mgmt-intf
rd 1:512
!
address-family ipv4
route-target export 1:512
route-target import 1:512
exit-address-family
!
address-family ipv6
exit-address-family
!
!
interface Loopback1
vrf forwarding 1
ip address 99.99.99.1 255.255.255.255
no ip redirects
ip mtu 1500
ip ospf dead-interval 40
ip ospf 1 area 0
!
interface Loopback65528
vrf forwarding 65528
ip address 192.168.1.1 255.255.255.255
!
interface Tunnel1
ip unnumbered GigabitEthernet1
no ip redirects
ipv6 unnumbered GigabitEthernet1
no ipv6 redirects
tunnel source GigabitEthernet1
tunnel mode sdwan
!
interface Tunnel2
ip unnumbered GigabitEthernet2
no ip redirects
ipv6 unnumbered GigabitEthernet2
no ipv6 redirects
tunnel source GigabitEthernet2
tunnel mode sdwan
!
interface GigabitEthernet1
description INTERNET
ip address 192.1.1.254 255.255.255.0
no ip redirects
load-interval 30
negotiation auto
arp timeout 1200
no mop enabled
no mop sysid
!
interface GigabitEthernet2
description MPLS
ip address 172.31.11.254 255.255.255.0
no ip redirects
load-interval 30
negotiation auto
arp timeout 1200
no mop enabled
no mop sysid
!
interface GigabitEthernet3
vrf forwarding 1
ip address 10.5.6.1 255.255.255.0
no ip redirects
load-interval 30
negotiation auto
vrrp 56 address-family ipv4
timers advertise 100
priority 150
vrrpv2
track omp shutdown
address 10.5.6.254 primary
exit-vrrp
arp timeout 1200
no mop enabled
no mop sysid
!
interface GigabitEthernet4
description VPN1
vrf forwarding 1
ip address 10.1.16.1 255.255.255.0
no ip redirects
ip ospf network point-to-point
ip ospf dead-interval 40
ip ospf 1 area 0
load-interval 30
negotiation auto
arp timeout 1200
no mop enabled
no mop sysid
!
!
router ospf 1 vrf 1
auto-cost reference-bandwidth 1000
timers throttle spf 200 1000 10000
redistribute omp
!
router bgp 66001
bgp log-neighbor-changes
neighbor 172.31.11.1 remote-as 100
!
address-family ipv4
network 172.31.11.0 mask 255.255.255.0
neighbor 172.31.11.1 activate
neighbor 172.31.11.1 send-community both
neighbor 172.31.11.1 maximum-prefix 2147483647 100
distance bgp 20 200 20
exit-address-family
!
ip forward-protocol nd
no ip http server
ip http secure-server
!
ip nat route vrf 65528 0.0.0.0 0.0.0.0 global
no ip nat service skinny tcp port 2000
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060
no ip nat service H225
no ip nat service ras
no ip nat service rtsp udp
no ip nat service rtsp tcp
no ip nat service dns tcp
no ip nat service dns udp
no ip nat service netbios-ns tcp
no ip nat service netbios-ns udp
no ip nat service netbios-ssn
no ip nat service netbios-dgm
no ip nat service ldap
no ip nat service sunrpc udp
no ip nat service sunrpc tcp
no ip nat service msrpc tcp
no ip nat service tftp
no ip nat service rcmd
no ip nat service pptp
no ip nat service ftp
no ip nat service gatekeeper
no ip nat service dns-reset-ttl
ip route 0.0.0.0 0.0.0.0 192.1.1.1
ip route vrf 1 10.1.0.16 255.255.255.255 10.1.16.16
ip route vrf 1 10.5.16.0 255.255.255.0 10.1.16.16
ip scp server enable
!
!
show sdwan run
!
vrf definition 1
description Service_VPN1
rd 1:1
address-family ipv4
route-target export 1:1
route-target import 1:1
exit-address-family
!
address-family ipv6
exit-address-family
!
!
vrf definition Mgmt-intf
rd 1:512
address-family ipv4
route-target export 1:512
route-target import 1:512
exit-address-family
!
address-family ipv6
exit-address-family
!
!
ip dhcp pool vrf-1-GigabitEthernet3
vrf 1
lease 1 0 0
default-router 10.5.6.254
dns-server 8.8.8.8
network 10.5.6.0 255.255.255.0
exit
ip dhcp use hardware-address client-id
no ip dhcp use class
ip dhcp use vrf remote
ip name-server 8.8.8.8
ip route 0.0.0.0 0.0.0.0 192.1.1.1 1
ip route vrf 1 10.1.0.16 255.255.255.255 10.1.16.16 1
ip route vrf 1 10.5.16.0 255.255.255.0 10.1.16.16 1
no ip http ctc authentication
no ip igmp ssm-map query dns
ipv6 unicast-routing
interface GigabitEthernet1
description INTERNET
no shutdown
arp timeout 1200
ip address 192.1.1.254 255.255.255.0
no ip redirects
ip mtu 1500
load-interval 30
mtu 1500
negotiation auto
exit
interface GigabitEthernet10
description OOB
shutdown
arp timeout 1200
vrf forwarding Mgmt-intf
no ip address
no ip redirects
ip mtu 1500
load-interval 30
mtu 1500
negotiation auto
exit
interface GigabitEthernet2
description MPLS
no shutdown
arp timeout 1200
ip address 172.31.11.254 255.255.255.0
no ip redirects
ip mtu 1500
load-interval 30
mtu 1500
negotiation auto
exit
interface GigabitEthernet3
no shutdown
arp timeout 1200
vrf forwarding 1
ip address 10.5.6.1 255.255.255.0
no ip redirects
ip mtu 1500
load-interval 30
mtu 1500
negotiation auto
vrrp 56 address-family ipv4
vrrpv2
address 10.5.6.254
priority 150
timers advertise 100
track omp shutdown
exit
exit
interface GigabitEthernet4
description VPN1
no shutdown
arp timeout 1200
vrf forwarding 1
ip address 10.1.16.1 255.255.255.0
no ip redirects
ip mtu 1500
ip ospf 1 area 0
ip ospf network point-to-point
ip ospf dead-interval 40
ip ospf hello-interval 10
ip ospf priority 1
ip ospf retransmit-interval 5
load-interval 30
mtu 1500
negotiation auto
exit
!
interface Loopback1
no shutdown
arp timeout 1200
vrf forwarding 1
ip address 99.99.99.1 255.255.255.255
no ip redirects
ip mtu 1500
ip ospf 1 area 0
ip ospf dead-interval 40
ip ospf hello-interval 10
ip ospf priority 1
ip ospf retransmit-interval 5
exit
interface Tunnel1
no shutdown
ip unnumbered GigabitEthernet1
no ip redirects
ipv6 unnumbered GigabitEthernet1
no ipv6 redirects
tunnel source GigabitEthernet1
tunnel mode sdwan
exit
interface Tunnel2
no shutdown
ip unnumbered GigabitEthernet2
no ip redirects
ipv6 unnumbered GigabitEthernet2
no ipv6 redirects
tunnel source GigabitEthernet2
tunnel mode sdwan
exit
clock timezone UTC 0 0
logging persistent size 104857600 filesize 10485760
logging buffered 512000
no logging rate-limit
logging persistent
aaa authentication login default local
aaa authorization exec default local
no crypto ikev2 diagnose error
no crypto isakmp diagnose error
router bgp 66001
bgp log-neighbor-changes
distance bgp 20 200 20
neighbor 172.31.11.1 remote-as 100
neighbor 172.31.11.1 ebgp-multihop 1
address-family ipv4 unicast
neighbor 172.31.11.1 remote-as 100
neighbor 172.31.11.1 activate
neighbor 172.31.11.1 maximum-prefix 2147483647 100
neighbor 172.31.11.1 send-community both
network 172.31.11.0 mask 255.255.255.0
exit-address-family
!
timers bgp 60 180
!
router ospf 1 vrf 1
auto-cost reference-bandwidth 1000
timers throttle spf 200 1000 10000
compatible rfc1583
distance ospf external 110
distance ospf inter-area 110
distance ospf intra-area 110
redistribute omp subnets
!
sdwan
interface GigabitEthernet1
tunnel-interface
encapsulation ipsec weight 1
no border
color biz-internet restrict
no last-resort-circuit
no low-bandwidth-link
control-connections
no vbond-as-stun-server
vmanage-connection-preference 5
port-hop
carrier default
nat-refresh-interval 5
hello-interval 1000
hello-tolerance 12
allow-service all
no allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
allow-service sshd
allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
no allow-service snmp
exit
exit
interface GigabitEthernet2
tunnel-interface
encapsulation ipsec weight 1
no border
color mpls restrict
no last-resort-circuit
no low-bandwidth-link
control-connections
no vbond-as-stun-server
vmanage-connection-preference 5
port-hop
carrier default
nat-refresh-interval 5
hello-interval 1000
hello-tolerance 12
allow-service all
allow-service bgp
allow-service dhcp
allow-service dns
allow-service icmp
allow-service sshd
allow-service netconf
no allow-service ntp
no allow-service ospf
no allow-service stun
no allow-service snmp
exit
exit
omp
no shutdown
send-path-limit 4
ecmp-limit 4
graceful-restart
no as-dot-notation
timers
holdtime 60
advertisement-interval 1
graceful-restart-timer 43200
eor-timer 300
exit
address-family ipv4
advertise bgp
advertise connected
advertise static
!
address-family ipv6
advertise bgp
advertise connected
advertise static
!
!

netcast · ‎07-12-2023

I am trying to use Loopback 1 for iBGP which already is running ospf on that same interface.

MHM Cisco World · ‎07-14-2023

Address-family ipv4 vrf 1

Then config neighbor'

Kanan Huseynli · ‎07-13-2023

Hi,

did you enable address-family ipv4 for neighbors which are in VPN0 and service VPN?

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

netcast · ‎07-13-2023

I did enable address-family ipv4

Kanan Huseynli · ‎07-14-2023

Share what you have already deployed and what you want to add , but it fails.

Screens from vmanage..

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.