cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
668
Views
5
Helpful
14
Replies
Highlighted

ABF next-hop V6 lookup in RIB or FIB?

Need some assistance determining exactly how the nexthop decision is made when a ABF forwarding rule is matched.  My question is, does it do a lookup in the RIB or FIB and will the packet be handled via the actions specified by the results of that lookup?

 

I am trying to create an ABF rule which will match ipv6 traffic with a dscp marking of 7 and have it set the nexthop to a V6 labeled-unicast route which recurses to a 6PE next-hop which will then label the packet and send it to it's final destination.  I am seeing in the logs is that the packet matches the ABF entry so the matching criteria appears correct.  Unfortunately, the path is unchanged and the packet is not redirected to the nexthop I specify.

 

ABF entry::

ipv6 access-list ACL_IPV6_POLICY_ROUTING
 130 permit ipv6 any any dscp 7 log nexthop1 ipv6 2001:506:100:f440::194:96

 

Log Entry showing packets matching::

RP/0/RSP0/CPU0:Aug 16 16:16:57.625 UTC: ipv6_acl_daemon[303]: %ACL-IPV6_ACL-6-IPACCESSLOGNP : access-list ACL_IPV6_POLICY_ROUTING (130) permit 58 2600:6ce2:0:2::1 -> 2001:506:100:f480::194:131, 4 packets
RP/0/RSP0/CPU0:Aug 16 16:16:57.625 UTC: ipv6_acl_daemon[303]: %ACL-IPV6_ACL-6-IPACCESSLOGP : access-list ACL_IPV6_POLICY_ROUTING (130) permit udp 2600:6ce2:0:2::1(32780) -> 2001:506:100:f480::194:131(33437), 1 packet

 

V6 Route for next-hop in RIB::

#show route ipv6 2001:506:100:f440::194:96

Routing entry for 2001:506:100:f440::194:96/128
  Known via "bgp 65206", distance 200, metric 0, type internal
  Installed Aug 15 21:41:09.752 for 19:27:10
  Routing Descriptor Blocks
    ::ffff:96.34.226.91, from ::ffff:172.30.120.133
      Nexthop in Vrf: "default", Table: "default", IPv4 Unicast, Table Id: 0xe0000000
      Route metric is 0
  No advertising protos.

 

V6 Route for 6PE route in RIB(Hitting the default)::

#show route ipv6 ::ffff:96.34.226.91

Routing entry for ::/0
  Known via "isis default", distance 115, metric 100, candidate default path, type level-1
  Installed May 30 22:29:15.191 for 11w0d
  Routing Descriptor Blocks
    fe80::d66d:50ff:fe93:c602, from 2001:506:100:f400::194:0, via Bundle-Ether3
      Route metric is 100
  No advertising protos.

 

V6 CEF entry for next-hop::

#show cef ipv6 2001:506:100:f440::194:96
2001:506:100:f440::194:96/128, version 26680183, internal 0x14004001 0x0 (ptr 0x779199dc) [1], 0x0 (0x0), 0x410 (0x7bf3fa00)
 Updated Aug 15 21:41:09.750
 Prefix Len 128, traffic index 0, precedence n/a, priority 4
 BGP Attribute: id: 0x1f92, Local id: 0x2ad, Origin AS: 0, Next Hop AS: 0

   via ::ffff:96.34.226.91, 3 dependencies, recursive [flags 0x6000]
    path-idx 0 NHID 0x0 [0x71280244 0x0]
    next hop VRF - 'default', table - 0xe0000000
    next hop ::ffff:96.34.226.91 via ::ffff:96.34.226.91:0
     next hop 96.34.12.13/32 BE2          labels imposed {16006 300112}

I would like to see the ABF action use the CEF entry to forward the packet and not the RIB entry, but I don't believe that's happening.  Is that expected behavior? 

 

I did try to set the nexthop on the ABF entry to the 6PE route and my commit failed 

(config)#ipv6 access-list ACL_IPV6_POLICY_ROUTING
RP/0/RSP0/CPU0:crr01k1sbcc(config-ipv6-acl)# 130 permit ipv6 any any dscp 7 log nexthop1 ipv6 ::ffff:96.34.226.91
RP/0/RSP0/CPU0:crr01k1sbcc(config-ipv6-acl)#commit

% Failed to commit one or more configuration items during a pseudo-atomic operation. All changes made have been reverted. Please issue 'show configuration failed [inheritance]' from this session to view the errors

(config-ipv6-acl)#show configuration failed inheritance
!! SEMANTIC ERRORS: This configuration was rejected by
!! the system due to semantic errors. The individual
!! errors with each failed configuration command can be
!! found below.


ipv6 access-list ACL_IPV6_POLICY_ROUTING
130 permit ipv6 any any dscp 7 log nexthop1 ipv6 ::ffff:96.34.226.91
!!% V4 Mapped nexthop address: verify ACL config failed for ACL ACL_IPV6_POLICY_ROUTING seq 130
!
end

IOS-XR version is 5.1.3.

Any help would be greatly appreciated.

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: ABF next-hop V6 lookup in RIB or FIB?

Hi Noah,

i checked internally, it seems for mpls next hop abf is not supported

an alternative we can try is using epbr, it can be used to redirect packets over mpls vpn

 

https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r6-4/ip-addresses/configuration/guide/b-ip-addresses-configuration-guide-asr9000-64x/b-ip-addresses-configuration-guide-asr9000-64x_chapter_0111.html

 

Thanks

 

 

 

View solution in original post

14 REPLIES 14
Highlighted
Cisco Employee

Re: ABF next-hop V6 lookup in RIB or FIB?

i have never tried this or seen a next hop as 6pe, in general for basic ABF next hop we need to verify the two things below.

 

#1

 

show access-list ipv6 ACL_IPV6_POLICY_ROUTING hardware ingress  location 0/x/cpu0

>> we are looking to verify the next hop in hardware

 

#2

 

show cef ipv6 external location 0/x/cpu0

>> we are looking for the ABF section, verify the prefix is there and the next hop is resolved and  valid

Highlighted

Re: ABF next-hop V6 lookup in RIB or FIB?

Thanks for replying so quickly @tkarnani.  Requested info below.

#show access-list ipv6 ACL_IPV6_POLICY_ROUTING hardware ingress  location 0/0/CPU0
ipv6 access-list ACL_IPV6_POLICY_ROUTING
 110 permit ipv6 any any dscp 6 (next-hop: addr=2001:506:100:f440::194:95, vrf name=default)
 130 permit ipv6 any any dscp 7 log (211 hw matches) (next-hop: addr=2001:506:100:f440::194:96, vrf name=default)
 1000 permit ipv6 any any (1152990 hw matches)

#show cef ipv6 external location 0/0/cpu0
Client Name : IPV6_ABF (comp-id: 0xc09) (0x94f6e050)
Protocol : ipv6
Prefix : 2001:506:100:f440::194:95 (0x94fa00fc)
Gateway array : 8886d8a0 (0x20020170/1)
Loadinfo : 0 (0x0/0)
Number of notifs : 1
Interest type : IP reachability notify
Table Id : 0xe0800000
Cookie Value : 0000000000000000
State : resolved
Via : 2001:506:100:f440::194:95/128
Added to pend list: Aug 15 22:23:54.144

Client Name : IPV6_ABF (comp-id: 0xc09) (0x94f6e050)
Protocol : ipv6
Prefix : 2001:506:100:f440::194:96 (0x94fa01a0)
Gateway array : 8886d990 (0x20020170/1)
Loadinfo : 0 (0x0/0)
Number of notifs : 1
Interest type : IP reachability notify
Table Id : 0xe0800000
Cookie Value : 0000000000000000
State : resolved
Via : 2001:506:100:f440::194:96/128
Added to pend list: Aug 15 22:23:54.145

Client Name : fib-ipv6 (comp-id: 0) (0x0)
Protocol : ipv4
Prefix : 96.34.194.0 (0x962710d4)
Gateway array : 8873ffa8 (0x10050/1)
Loadinfo : 8904e0f8 (0x300101/1)
Number of notifs : 0
Interest type : 6VPE MPLS nexthop reachability
Table Id : 0x0
Cookie Value : 0000000000000000
State : unresolved, in retry
Via :
Added to pend list: Never

Client Name : fib-ipv6 (comp-id: 0) (0x0)
Protocol : ipv4
Prefix : 96.34.226.90 (0x96271150)
Gateway array : 8873ded8 (0x30050/1)
Loadinfo : 8904de00 (0x1110111/1)
Number of notifs : 0
Interest type : 6VPE MPLS nexthop reachability
Table Id : 0x0
Cookie Value : 0000000000000000
State : resolved
Via : 16004/0
Added to pend list: Never

Client Name : fib-ipv6 (comp-id: 0) (0x0)
Protocol : ipv4
Prefix : 96.34.226.91 (0x962711cc)
Gateway array : 8873eb80 (0x30050/1)
Loadinfo : 8904df30 (0x1110111/1)
Number of notifs : 0
Interest type : 6VPE MPLS nexthop reachability
Table Id : 0x0
Cookie Value : 0000000000000000
State : resolved
Via : 16005/0
Added to pend list: Never

Looks like both prefixes are present, and the state='resolved'.  The next-hop does not reflect the 6pe route however.  Do I need to somehow get those 6pe routes in to the V6 RIB?

 

Highlighted
Cisco Employee

Re: ABF next-hop V6 lookup in RIB or FIB?

in the current state are packets being forwarded to 2001:506:100:f440::194:95 ?

Highlighted

Re: ABF next-hop V6 lookup in RIB or FIB?

Packets are not being forwarded using the default route.  They are not being routed to 2001:506:100:f440::194:95 

Highlighted
Cisco Employee

Re: ABF next-hop V6 lookup in RIB or FIB?

What type of Line card are you using for 0/0/cpu0?

Highlighted

Re: ABF next-hop V6 lookup in RIB or FIB?

NAME: "module 0/0/CPU0", DESCR: "80G Modular Linecard, Packet Transport Optimized"
PID: A9K-MOD80-TR, VID: V07, SN: XXXXXXXX
Highlighted
Cisco Employee

Re: ABF next-hop V6 lookup in RIB or FIB?

Hi Noah,

i checked internally, it seems for mpls next hop abf is not supported

an alternative we can try is using epbr, it can be used to redirect packets over mpls vpn

 

https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r6-4/ip-addresses/configuration/guide/b-ip-addresses-configuration-guide-asr9000-64x/b-ip-addresses-configuration-guide-asr9000-64x_chapter_0111.html

 

Thanks

 

 

 

View solution in original post

Highlighted

Re: ABF next-hop V6 lookup in RIB or FIB?

Thanks for all your help @tkarnani.  ePBR worked perfectly.  Really appreciate it

Highlighted
Cisco Employee

Re: ABF next-hop V6 lookup in RIB or FIB?

Glad i could help

Highlighted

Re: ABF next-hop V6 lookup in RIB or FIB?

Sorry to re-visit this, but had another question that I can't seem to find an answer for in the documentation. 

It appears that when and IPv6 packet reaches the destination I've set in my policy-map and has the mpls labels popped, the dscp marking has been re-set to 0 or BE instead of the dscp value I originally matched on.  Is that expected behavior when using ePBR?  I am fairly certain the modification to the packet is happening before it's tagged by the local router that is enforcing the policy-map but could be wrong.  Just want to see if there is some documentation regarding how the packet is handled by ePBR or if this is expected behavior and if so, what my options would be for preserving or re-setting the dscp marking on the IP packet. This only seems to happen for v6.  v4 works as expected with the original dscp marking still set.  Also of note, the v6 next-hop is learned via bgp-lu so that might or might not affect how label imposition occurs but I wouldn't expect it to change the IPv6 headers either way.  Thanks for your help in advance...

Highlighted
Cisco Employee

Re: ABF next-hop V6 lookup in RIB or FIB?

Can you let us know on which platform do you see this and with what IOS XR release? The decapsulation PE should not rewrite the IP ToS based on the MPLS EXP. Control plane (how we learned the route) plays no role in this. 

Highlighted

Re: ABF next-hop V6 lookup in RIB or FIB?

Thanks for your response.  The far-side PE is a JunOS device and I am working with them now to determine if the issue is on their side. Please see my response to tkarnani from just a few minutes ago for more info.

Highlighted
Cisco Employee

Re: ABF next-hop V6 lookup in RIB or FIB?

can you also let us know how you are allocating the label on the remote PE?

per prefix? per vrf? per pe?

 

 

Highlighted

Re: ABF next-hop V6 lookup in RIB or FIB?

I should have updated this yesterday, but didn't grab a packet capture until late in the day.  I do in fact see the correct DSCP markings on the packet after it is forwarded to it's destination so I no longer believe this is an issue on the XR device.  It looks to be something on the far side so I am engaging another vendor to determine if their device has a rewrite policy that is stripping that marking.

 

To answer your question, we are allocating labels via labeled-unicast and they are allocated per-prefix. 

 

Thank you for your response, but I no longer believe it's a Cisco issue.

CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey