Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2514
Views
5
Helpful
1
Replies

IOS XR and next-hop-self with "ibgp policy out enforce-modifications"

Go to solution
mmelbourne
Level 5
Level 5

‎11-12-2022 12:27 PM

Hi,

I have a situation where "ibgp policy out enforce-modifications" is enabled globally to allow the next-hop to be changed for for prefixes towards specific iBGP peers.

However, a different neighbor-group is used for basic route-reflection which is confgured with 'next-hop-self'. When the "enforce-modifications" command is applied, this appears to break the well-understood behaviour of route-reflection, i.e. for  RR-clients, next-hop-self should not be changed (except for eBGP peers).

Even without any explicit outbound policy applied to this neighbor-group, IOS-XR, as RR, inserts itself into the path between its RR-clients. Is this expected behaviour, as I would expect the 'normal' rules to apply, unless policy defines otherwise.

My workaround is a construct llike the following applied outbound towards the RR-clients:

route-policy ibgp-nexthop-unchanged
 if path-type is ibgp then
  set next-hop unchanged
 else
  pass
 endif
end-policy

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee

‎11-12-2022 01:08 PM - edited ‎11-12-2022 01:15 PM

Hi @mmelbourne ,

It is indeed the expected behaviour. The very purpose of the "ibgp policy out enforce-modifications" command is to allow all BGP attributes to be changed on the reflected iBGP routes.

So if you do not want the next hop to be changed on the reflected iBGP routes, you need to disable next-hop-self on the neighbor-group used for basic route reflection or continue to use the route-policy to prevent the next hop to be changed on the iBGP reflected routes, like you currently do.

You could also disable next-hop-self on the neighbor-group and use a route-policy to set next-hop-self only for the eBGP routes.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

1 Reply 1

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee

‎11-12-2022 01:08 PM - edited ‎11-12-2022 01:15 PM

Hi @mmelbourne ,

It is indeed the expected behaviour. The very purpose of the "ibgp policy out enforce-modifications" command is to allow all BGP attributes to be changed on the reflected iBGP routes.

So if you do not want the next hop to be changed on the reflected iBGP routes, you need to disable next-hop-self on the neighbor-group used for basic route reflection or continue to use the route-policy to prevent the next hop to be changed on the iBGP reflected routes, like you currently do.

You could also disable next-hop-self on the neighbor-group and use a route-policy to set next-hop-self only for the eBGP routes.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Customers Also Viewed These Support Documents