11-12-2022 12:27 PM
Hi,
I have a situation where "ibgp policy out enforce-modifications" is enabled globally to allow the next-hop to be changed for for prefixes towards specific iBGP peers.
However, a different neighbor-group is used for basic route-reflection which is confgured with 'next-hop-self'. When the "enforce-modifications" command is applied, this appears to break the well-understood behaviour of route-reflection, i.e. for RR-clients, next-hop-self should not be changed (except for eBGP peers).
Even without any explicit outbound policy applied to this neighbor-group, IOS-XR, as RR, inserts itself into the path between its RR-clients. Is this expected behaviour, as I would expect the 'normal' rules to apply, unless policy defines otherwise.
My workaround is a construct llike the following applied outbound towards the RR-clients:
route-policy ibgp-nexthop-unchanged
if path-type is ibgp then
set next-hop unchanged
else
pass
endif
end-policy
Solved! Go to Solution.
11-12-2022 01:08 PM - edited 11-12-2022 01:15 PM
Hi @mmelbourne ,
It is indeed the expected behaviour. The very purpose of the "ibgp policy out enforce-modifications" command is to allow all BGP attributes to be changed on the reflected iBGP routes.
So if you do not want the next hop to be changed on the reflected iBGP routes, you need to disable next-hop-self on the neighbor-group used for basic route reflection or continue to use the route-policy to prevent the next hop to be changed on the iBGP reflected routes, like you currently do.
You could also disable next-hop-self on the neighbor-group and use a route-policy to set next-hop-self only for the eBGP routes.
Regards,
11-12-2022 01:08 PM - edited 11-12-2022 01:15 PM
Hi @mmelbourne ,
It is indeed the expected behaviour. The very purpose of the "ibgp policy out enforce-modifications" command is to allow all BGP attributes to be changed on the reflected iBGP routes.
So if you do not want the next hop to be changed on the reflected iBGP routes, you need to disable next-hop-self on the neighbor-group used for basic route reflection or continue to use the route-policy to prevent the next hop to be changed on the iBGP reflected routes, like you currently do.
You could also disable next-hop-self on the neighbor-group and use a route-policy to set next-hop-self only for the eBGP routes.
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide