Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
344
Views
0
Helpful
1
Replies

ASR9906 as BNG, leaking routes from VRF to PW-Ether in GRT

ThomasD86
Level 1
Level 1

‎09-13-2022 06:59 AM

Hi,

In the network I am working with, we have an ASR9k acting as BNG that has an IBGP neighborship with a catalyst 8500 that acts as BG and provides access to the big internet to CPEs that are authenticated on the BNG.

CPEs reach the BNG through mpls pseudowires and are terminated on a PW-Ether. The BNG has an interface connected to a network that hosts the Radius and DNS servers that is on a separate VRF. The problem seems creating inside the Radius/DNS vrf a return route towards the CPEs.

On the BNG router, I can get the network used by CPEs installed in the VRF routing table only if I declare it with a Null0 next hop, doing this causes it to get installed in the VRF but, it seems to be blackholing traffic.

I found two ways to make this work:

#1

1.Configure a default information originate on the iBGP neighbor (the BG router)

2.Configure on the BNG a discard route for the CPE network

3. Configure on the BNG 2 route policies:

- One to import the default route being advertised by the BG in the Radius/DNS VRF.

- One to export the Radius/DNS server network from the VRF to the GRT

Now upstream traffic from CPEs will be locally routed to the Radius/DNS but return traffic will have to go through the BG  only to be sent back to the BNG this time in the default VRF and then back to the CPEs. It works but, it's not optimal

 

#2

Create a P2P link on two interfaces of the BNG router and insert one of those in the Radius/DNS vrf while leaving the other in the default then, use static routing to point the return traffic to the next hop in the default VRF. This works and doesn't generate additional load on the BG but again, we're wasting two interfaces on the same router which creates a huge point of failure. If one of the two linecards involved fails, the service effectively stops working.

This seems to be caused by the fact that I cannot get the CPE network to be advertised by BGP unless I declare it as a static route with Null0 as next-hop. This way it gets installed but even if it's leaked into the Radius/DNS VRF return traffic is not working and I have to use workaround #1. Or, to keep everything on the BNG, use #2

Is there something obvious I am missing or are those the only ways to do it?

Thanks a lot

 

 

Labels:
Preview file
86 KB
0 Helpful
1 Reply 1

tkarnani
Cisco Employee
Cisco Employee

‎09-13-2022 08:18 AM

Hi, i am not the BNG expert,

 

however have you considered ABF

https://community.cisco.com/t5/service-providers-knowledge-base/asr9000-xr-abf-acl-based-forwarding/ta-p/3153403

 

you can match the incoming packets via ACL and force the next hop to be in the global table or another vrf

 

Thank you

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents