cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2520
Views
10
Helpful
6
Replies

MP-BGP Import Map Mulfunction

Hi Guys

Another day, another weird happening. Here it goes:

Background:

In our network, we have separated different traffics through the use of VRFs. So we have multiple VRFs which have expanded throughout the network. The connecting point between the VRFs is MP-BGP. In other words we have standalone MP-BGP (MP-BGP without any neighbor statements) configured on select routers that would perform the import and export of the routes into different VRFs. There are "import map" and "export map" configured under VRF configurations to restrict the prefixes that we want to transfer between the VRFs.

Problem:

Today I wanted to update a prefix-list for an Import map throughout the network. I needed to perform this change on two routers. When I added the new permitted prefixes under the prefix-list for the import map, one of the routers reflected the changes by correctly redistributing the routes while the other did not. The non responding router is a Cisco 6509 with IOS image 12.2 (33) SXH3 IP services. The functioning router is a Cisco 7609 with IOS image 12.2 (33) SRC1 IP Advanced Services. To simplify the setup, you can think of the process as below:

Source VRF------>MP-BGP------->Import Map-------->Destination VRF

Troubleshooting Done So Far:

I have spent a good portion of my day looking at this issue. I have verified that:

  1. both routers have the new prefixes in their source VRF
  2. there is no export limitation into MP-BGP for the source VRF
  3. I can see the prefixes in the BGP table of the source VRF
  4. There is no typo in terms of incorrectly typing the name of the prefix-list or route-map or import map since we have another pair of these routers and the same situation happens there. The 6509 does not redistribute while the 7609 does.
  5. Only the 7609 router would eventually import the new prefixes into the destination VRF according to the changes done in the import map.

Weird or What?

Here is what I think the problem is: The import-map on the 6509 does not refresh automatically. Here is how I came to this conclusion:

  1. Starting from the beginning I did a "clear ip prefix-list" on both routers to set the hit counts of the statements to 0
  2. I added the new prefixes under the prefix-list on both routers
  3. I did a "show ip prefix-list detail" command on both routers
  4. I found that the hit counts for all the statements in the prefix-list of the 7609 were recalculated (Including the hit count of the newly added statements)
  5. This shows that when you add or remove a statement from the prefix list, the 7609 has the courtesy of refreshing the import-map
  6. Shockingly the hit counts on the statements in the prefix-list on the 6509 were all set to 0 (Resulting from the "clear" ciommand issued earlier)
  7. This shows that the import-map has not been updated
  8. This problem has manifested itself in other ways as well which I am not going to get into but all is indicating that the import-map is not being refreshed when statements are added to or removed from the associated prefix-listI

Now I know a lot of you might suggest to remove the import-map and add it again however this is production and doing that change is not going to happen soon so I would appreciate if any of you guys has any other thoughts on this. This could very well be a bug which we need to further discuss with Cisco.

Thanks

2 Accepted Solutions

Accepted Solutions

Hello Babak,

first of all, I would like to thank you for the complete and clear description of your issue.

Your results might suggest that a different implementation of MP BGP regarding MP BGP feature import map is in two different IOS trains 12,2(33)SXH and 12.2(33)SRC.

This might be the case.

I tried to look at the bug toolkit for 12.2(33)SXH3 with search key "import map" and there are few bugs listed, but none of them is an exact match of your scenario.

this one

CSCts25780

ip vrf import map issue
Symptom:
changing "ip cpmmunity-list" does not inform route-map and hence routes are not
re-evaluated wherever the route-map is being used.

Conditions:
route-map should have "match community" configured

Workaround:
change route-map directly

Is related to missing refresh of routes when an ip community list is changed ( invoked in the route-map used in the import map).

So this is the closer one that I see.

I would say it is almost the same issue an object used for match in the route-map has been changed and the route-map is not re-evaluated.

In your case is an ip prefix-list in the bug description is a community-list.

Best Regards

Giuseppe

View solution in original post

As per lab re-create test, 12.2(33)SXH3 (what you are running) to 12.2(33)SXH6.  The problem was present.  However in 12.2(33)SXI and later the problem is resolved.
 
CSCsi53802 https://techzone.cisco.com/t5/Routing-Protocols/623543289-Import-map-not-refreshing-after-editing-prefix-list/td-p/117286does affect 12.2(33)SXH release. The entire train seems to have this issue and the bug is only fixed in 12.2(33)SXI and later. 
 
 

This fix added a check in the code.  Whenever the route-map is changed the import/export process is now aware of it, and rewalks the bgp table to apply the change.  I verified that 12.2(33)SXI will dynamically ADD the route and remove the route depending on the prefix-list change. 

12.2(33)SRC releases have the fix for this bug too.

View solution in original post

6 Replies 6

I removed the import map under the VRF definition and added it again however there is still no hits on the prefix-lists and the subnet's are not being redistributed.

I am posting this for the benefit of the community.  After a some time, maybe 30 minutes to an hour, after I removed and added back the import-map the routes where being redistributed again.  So to summarize, on the 6509 platform I had to manually remove and add the import-map once the associated IP prefix-list was modified for the changes to take effect.

I am happy that this got fixed however I am not still convinced.  I think that there is more to it than I understand at the moment.  I need to investigate this further.

Hello Babak,

first of all, I would like to thank you for the complete and clear description of your issue.

Your results might suggest that a different implementation of MP BGP regarding MP BGP feature import map is in two different IOS trains 12,2(33)SXH and 12.2(33)SRC.

This might be the case.

I tried to look at the bug toolkit for 12.2(33)SXH3 with search key "import map" and there are few bugs listed, but none of them is an exact match of your scenario.

this one

CSCts25780

ip vrf import map issue
Symptom:
changing "ip cpmmunity-list" does not inform route-map and hence routes are not
re-evaluated wherever the route-map is being used.

Conditions:
route-map should have "match community" configured

Workaround:
change route-map directly

Is related to missing refresh of routes when an ip community list is changed ( invoked in the route-map used in the import map).

So this is the closer one that I see.

I would say it is almost the same issue an object used for match in the route-map has been changed and the route-map is not re-evaluated.

In your case is an ip prefix-list in the bug description is a community-list.

Best Regards

Giuseppe

So this seems like a final solution:

Cisco TAC came up with the following bugs:

BUG ID :- CSCsi53802 

Change in prefix-list used by vrf import/export map not processed by BGP

BUG ID :- CSCtj57167

modification to prefix-list nested within vrf import map are not applied

These two bugs are an exact explanation of what I am experiencing however the IOS 12.2 SXH3 is not listed as having this problem.  I am talking to them to see if this is a slip.  The workaround for this problem is to issue the "clear ip route vrf" command after the prefix-list has been modified. 

I am going to try this resolution on the second 6509 that needs the update. 

Hopefully this will be useful for someone out there

Thanks Guys.

The final piece of the puzzle:

From 12.2(33)SXH3 (what I am running) to 12.2(33)SXH6,  the problem is present.  However in 12.2(33)SXI and later the problem is resolved.

The code was changed to check the associated route-map, anywhere it was used, once any components of it got changed.

Hope this helps some lost souls out there.

Thanks

As per lab re-create test, 12.2(33)SXH3 (what you are running) to 12.2(33)SXH6.  The problem was present.  However in 12.2(33)SXI and later the problem is resolved.
 
CSCsi53802 https://techzone.cisco.com/t5/Routing-Protocols/623543289-Import-map-not-refreshing-after-editing-prefix-list/td-p/117286does affect 12.2(33)SXH release. The entire train seems to have this issue and the bug is only fixed in 12.2(33)SXI and later. 
 
 

This fix added a check in the code.  Whenever the route-map is changed the import/export process is now aware of it, and rewalks the bgp table to apply the change.  I verified that 12.2(33)SXI will dynamically ADD the route and remove the route depending on the prefix-list change. 

12.2(33)SRC releases have the fix for this bug too.

Review Cisco Networking for a $25 gift card