Re: Why do I see Prefix in BGP table that is not imported with RT valu

Kandarp Patel · ‎07-27-2023

Hello There,

We have 2 MPLS PE routers RouterA and RouterB. RouterA has 10.0.0.0/8 in its routing table, and we do not want 10.0.0.0/8 to be exported to RouterB's routing table. to do that, we created route-policy on RouterA matching 10.0.0.0/8 prefix and tagged with extended community RT value which is not exported under vrf export configuration and applied this route-policy to export configuration.

By doing so, we are able to block 10.0.0.0/8 from being seen in routing table of RouterB, but we still see 10.0.0.0/8 in BGP table of RouterB.

Any suggestion on what am I missing to make sure RouterB dont have 10.0.0.0/8 in BGP table as well?

Below are the configurations on RouterA and RouterB

Thank you

KP

----------

RouterA

route-policy BLOCK_EXPORT
if destination in (10.0.0.0/8) then
set extcommunity rt (65000:10)
else
pass
endif
end-policy

vrf Cisco
address-family ipv4 unicast
import route-target
65000:2
!
export route-policy BLOCK_EXPORT
export route-target
65000:2

show route vrf Cisco | i 10.0.0.0/8

B 10.0.0.0/8 [200/0] via 0.0.0.0, 6w0d, Null0

sh bgp vrf 000024-2 | i 10.0.0.0
*> 10.0.0.0/8 0.0.0.0 32768 i

-----------

RouterB

vrf Cisco
address-family ipv4 unicast
import route-target
65000:2
!
export route-target
65000:2

show route vrf Cisco | i 10.0.0.0/8

sh bgp vrf Cisco | i 10.0.0.0
*>i10.0.0.0/8 10.255.255.1 100 0 i

MHM Cisco World · ‎07-27-2023

show ip bgp 10.0.0.0
check if it get 65000:10 or 65000:2

Kandarp Patel · ‎07-27-2023

Hi @MHM Cisco World ,

show bgp 10.0.0.0 is getting RT: 65000:10.

MHM Cisco World · ‎07-27-2023

this in router B?
try below

route-policy BLOCK_EXPORT
if destination in (10.0.0.0/8) then
set extcommunity rt (65000:10)
endif
set extcommunity rt (65000:2)
end-policy

Kandarp Patel · ‎07-27-2023

Yes @MHM Cisco World .

Kandarp Patel · ‎07-27-2023

Local, (aggregated by 65000 10.255.255.1), (Received from a RR-client), (received & used)
10.255.255.1 (metric 106) from 10.255.255.1
Received Label 24041
Origin IGP, localpref 100, valid, internal, atomic-aggregate, import-candidate, not-in-vrf
Received Path ID 0, Local Path ID 0, version 0
Extended community: RT:65000:10
Originator: 10.255.255.1

Flavio Miranda · ‎07-27-2023

Hi @Kandarp Patel

Can you share the BGP config ? Do you have the command "neighbor x.x.x.x send-community" ?

Another point, you set set extcommunity rt (65000:10) but you've been using 65000:2

Kandarp Patel · ‎07-27-2023

Hi @Flavio Miranda ,

yes, the reason for setting extcommunity rt (65000:10) is so that matching prefixes will use 65000:10 RT value and rest of the prefixes will use default exported 65000:2 and we can avoid exporting matching prefixes.

Below is the BGP configuration for this vrf.

router bgp 65000
vrf Cisco
rd 65000:2
default-information originate
address-family ipv4 unicast
aggregate-address 10.0.0.0/8 summary-only
redistribute connected
redistribute static
!
neighbor 10.10.10.1
remote-as 65001
password encrypted 032052390E2C021E1E5B4A
address-family ipv4 unicast
route-policy BGP_PASS in
route-policy BGP_PASS out

Flavio Miranda · ‎07-27-2023

@Kandarp Patel got it.

I believe you should have the command below

neighbor10.10.10.1 send-community

Kandarp Patel · ‎07-27-2023

Hi @Flavio Miranda

So neighbor 10.10.10.1 is the CE router which is peering with RouterA using ebgp. the problem is not with bgp peering to CE router. the problem we are seeing is with MPLS PE router where we trying to not have RouterA export the filtered prefix but RouterB (2nd PE router) does get it in BGP table. does that make sense? sorry if my question is not clear.

Harold Ritter · ‎07-27-2023

Hi @Kandarp Patel ,

This is normal behavior. The prefix is still exported, but with a different RT (65000:10) than the default one configured for the VRF (65000:2).

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

MHM Cisco World · ‎07-27-2023

But he import 65000:2 not 65000:10 so the prefix must not appear in R-b

After my summer holiday I will add ios xr and check rpl.

Now it time to release

Have a nice summer

MHM

Kandarp Patel · ‎07-27-2023

Yes, that's true.

I have created similar setup in my lab and found that "Route-reflector-client" command on RouterB is making a difference.

In production environment, RouterB is configured as a Router reflector and has all other PE routers configured as Route-reflector-client. In lab, when I remove "Route-reflector-client" command on RouterB peering to RouterA, I am not seeing it any more in BGP table.

We will need Route reflector client command on RouterB to support exchanging routes between PE routers as they are in IBGP and only connected via RouterB. but now, i am thinking how route-reflector-client configuration is causing this issue.

MHM Cisco World · ‎07-27-2023

I will check this behavior tomorrow in my lab' sorry I will make you wait' I now see peaky blinders series lol...

Tomorrow I will update you.

Thanks for your time

MHM

Harold Ritter · ‎07-27-2023

Hi @MHM Cisco World ,

There are a couple of reasons a VPNv4 prefix is kept on a router even though there is no VRF importing that prefix.

1. The router is configured as a route reflector.

2. The router is configured with " no bgp default route-target filter", which is used when the router is configured as an InterAS option B ASBR.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Why do I see Prefix in BGP table that is not imported with RT value