Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
875
Views
0
Helpful
3
Replies

Local traffic diversion using VRF and BGP

everanneau
Level 1
Level 1

‎11-12-2018 07:16 AM

Hello everyone,

 

I am trying to configure a router to divert traffic towards a given next-hop (through interface Gi0/0/0/1) for inspection. That part is easy to setup using BGP route advertisement.

After inspection, traffic is re-injected to another interface of the router. I cannot succeed to configure the re-injection towards the initial next-hop.

 

I would like such routing plan:

Before traffic diversion configuration : 10.119.6.128/25 via 10.119.6.33 (Gi0/0/0/3)

After configuration:

  • 10.119.6.128/25 via 10.117.6.2 (Gi0/0/0/1)
  • for traffic hitting Gi0/0/0/2: 10.119.6.128/25 via 10.119.6.33 (Gi0/0/0/3)

 

I then configured a VRF on interface Gi0/0/0/2:

 

vrf test
 address-family ipv4 unicast
  import from default-vrf route-policy pass-all advertise-as-vpn
  import route-target
   65000:666
  !
 !
!
interface GigabitEthernet0/0/0/2
 vrf test
 ipv4 address 10.118.6.1 255.255.255.128
!

 

and also setup BGP to allow receive route advertisements for traffic re-injection from a route reflector at 10.33.40.200 (goBGP / exaBGP):

 

router bgp 65000
 bgp router-id 10.33.40.201
 address-family ipv4 unicast
  redistribute connected
  redistribute static
 !
 !
 address-family vpnv4 unicast
 !
 neighbor 10.33.40.200
  remote-as 65000
  address-family ipv4 unicast
   weight 32768
  !
  address-family vpnv4 unicast
   weight 65535
  !
 !
 vrf test
  rd 65000:666
  address-family ipv4 unicast
  !
  neighbor 10.33.40.200
   remote-as 65000
   address-family ipv4 unicast
   !
  !
 !
!

 

However, in the vrf test, the route to 10.119.6.128/25 is installed inside the RIB but the nexthop seems unresolved:

 

#sh cef vrf test 10.119.6.128/25 det
Mon Nov 12 15:09:08.395 UTC
10.119.6.128/25, version 58, internal 0x5000001 0x0 (ptr 0xa140bf74) [1], 0x0 (0x0), 0x208 (0xa1583208)
 Updated Nov 12 14:14:59.117
 Prefix Len 25, traffic index 0, precedence n/a, priority 3
  gateway array (0xa129fd54) reference count 1, flags 0x403a, source rib (7), 0 backups
                [1 type 1 flags 0x148441 (0xa159d398) ext 0x0 (0x0)]
  LW-LDI[type=0, refc=0, ptr=0x0, sh-ldi=0x0]
  gateway array update type-time 3 Nov 12 15:09:00.115
 LDI Update time Nov 12 14:14:59.117
   via 10.119.6.33/32, 0 dependencies, recursive [flags 0x6000]
    path-idx 0 NHID 0x0 [0xa0db7294 0x0]
    recursion-via-/32
    next hop VRF - 'default', table - 0xe0000000
    unresolved
     labels imposed {0}


    Load distribution: 0 (refcount 1)

    Hash  OK  Interface                 Address
    0     Y   Unknown                   drop

which is not true:

 

#sh cef vrf test 10.119.6.33          
Mon Nov 12 15:11:02.917 UTC
10.119.6.33/32, version 0, internal 0x1020001 0x0 (ptr 0xa140bd74) [1], 0x0 (0xa13d45b0), 0x0 (0x0)
 Updated Nov 12 13:09:35.456 
 local adjacency 10.119.6.33
 Prefix Len 32, traffic index 0, Adjacency-prefix, precedence n/a, priority 15
   via 10.119.6.33/32, GigabitEthernet0/0/0/3, 7 dependencies, weight 0, class 0 [flags 0x0]
    path-idx 0 NHID 0x0 [0xa0f3d2f8 0x0]
    next hop VRF - 'default', table - 0xe0000000
    next hop 10.119.6.33/32
    local adjacency

 

I may miss some MPLS configuration (even the router is acting as both MPLS domain ingress and egress router) but I cannot figure out where. Any help is really wellcome.

 

Best regards,

Labels:
0 Helpful
3 Replies 3

tkarnani
Cisco Employee
Cisco Employee

‎11-12-2018 10:38 AM

Labels imposed none, are we trying to send labelled to unlablled interface?

   unresolved
     labels imposed {0}


    Load distribution: 0 (refcount 1)

    Hash  OK  Interface                 Address
    0     Y   Unknown                   drop
0 Helpful

everanneau
Level 1
Level 1
In response to tkarnani

‎11-13-2018 01:50 AM

I'm not sure to understand your question.
I added the following mpls configuration:

 

#sh run mpls
Tue Nov 13 09:45:19.957 UTC
mpls ldp
 interface GigabitEthernet0/0/0/2
  address-family ipv4
  !
 !
 interface GigabitEthernet0/0/0/3
  address-family ipv4
  !
 !
 vrf test
  address-family ipv4
  !
 !
!

The BGP advertised route remains unresolved, while the router advertise a label 24005.

#sh cef vrf test 10.119.6.128    
Tue Nov 13 09:48:05.136 UTC
10.119.6.128/25, version 43, internal 0x1000001 0x0 (ptr 0xa140bf74) [1], 0x0 (0x0), 0x208 (0xa1583190)
 Updated Nov 13 09:14:29.774
 Prefix Len 25, traffic index 0, precedence n/a, priority 3
   via 10.119.6.33/32, 0 dependencies, recursive [flags 0x6000]
    path-idx 0 NHID 0x0 [0xa0db7294 0x0]
    recursion-via-/32
    next hop VRF - 'default', table - 0xe0000000
    unresolved
     local label 24005 
     labels imposed {0}
0 Helpful

everanneau
Level 1
Level 1

‎11-13-2018 04:09 PM

Ok, regarding that post, it seems that with "Cisco IOS XR, you must have a static route /32 in order to allocate and send label for the BGP next-hop in the Inter-AS link."

 

So that, the following configuration solve a part of the issue

#sh run mpls
Wed Nov 14 00:02:44.403 UTC
mpls static
 interface GigabitEthernet0/0/0/2
 interface GigabitEthernet0/0/0/3
 address-family ipv4 unicast
  local-label 1000 allocate per-prefix 10.119.6.33/32
   forward
    path 1 nexthop GigabitEthernet0/0/0/3 10.119.6.33 out-label pop
   !
  !
 !

 

The unsolved part of the issue is that packets leaving the router are labelled (this is the label that identify the customer/VRF). Is there any mean to remove that label ?

0 Helpful
Customers Also Viewed These Support Documents