XR- BGP conditional route injection

darshakpp · ‎04-10-2013

Hi All,

I need to implement the conditional route injection features in the network. I found the feature available and working in IOS. But i need this in IOS-XR (12404/ASR9k). Cisco feature navigator lists the feature availability in version 4.2.0. But Im unable to find the same (advertise-map exist/non-exist map)

Im i missing something here? Do we have any thing else in IOS XR which can achieve this? Please help!

Regards,

Darshak

xthuijs · ‎04-13-2013

Darshak,

today we have the ability to inject a default route based on a condition such as "rib has route".

however that operation is not available at the bgp neighbor attachpoint, only for the default information orignate.

One option you have is to use an IPSLA tracker on a particular next hop and when that fails, we can spawn a syslog message. When that syslog message is seen by EEM, you can have EEM reconfigure something in BGP or in RPL to remove some routes for instance.

If you just want to track the state of an interface, which already has a defined syslog message, you dont need ipsla for that, and you can use EEM directly on that syslog message.

sample IPSLA config:

track ISP1-prefix
  type route reachability
   route ipv4 10.2.2.0/30
  !
!

resulting message

object_tracking[319]:  %SERVICES-OT-6-TRACK_INFO : track ISP1-prefix state Track_Down

Note you need the MGBL pie to run ipsla.

xander

darshakpp · ‎04-15-2013

Thanks Alexander,

I will try EEM to reconfigure BGP/RPL paramaters. I will update the results once Im done.

Darshak

xthuijs · ‎07-06-2017

hey conditional route advertisement enthusiasts!

wanted to pass some news on here, it is currently in active development! finally! :)

one of the challenges had been how to scan and register for route updates of those that the condition is depending on, but we feel we have found a scalable and solid way!

Got a question too:

currently we are planning for the design that the route(s) monitored are in the same vrf/routing table as where the advertisment needs to happen.

Is there any objection to that, or is there a (large/direct) need to conditionally advertise a route in vrf X that has a condition on an available route in vrf Y? thinking of a possible phase 2 for that.

If so, can you share a use case for that for interest?

cheers!

xander

Johan Tornhult · ‎07-06-2017

Hi Xander, I'm curious what "active development" translates to when it comes to release date / which version of XR it will be included into. Can you share any information regarding that?

/Johan

xthuijs · ‎07-07-2017

hi johan, it means that the guys are actively working on the code to integrate this.

once it is ready and tested it will get into an open release that can accept features at that moment. realistically I think that means 641 or maybe with a little luck, depending on test resource availability maybe 632, but wouldnt bet on that.

xander

weylin.piegorsch · ‎08-25-2017

Hi Xander,

I have a use case for you to conditionally inject routes from a different VRF.

We've contracted Akamai to perform DDoS mitigation. When we advertise to them a prefix, they advertise it on the Internet and, since their prefix is ALWAYS a /24 and our anchors are /16s, the /24 prefix we advertise to them will always win. The challenge? We have a number of prefixes internally that are larger than a /24, so the /24 version does not - and must not - appear either in this chassis's FIB, or in our IGP. As an example, our wireless subnet is all public non-NAT address, and is the upper /17 (we technically have three /16s, but that's immaterial here).

I can add a static route to null0 to the /24, but that would black-hole that section of the subnet. Not ideal.
I can do some other fancy stuff that involves route policies and prefix lists, but that gets somewhat complicated when trying to insert a prefix into the advertisement to Akamai.
When we active the service on an actual incident, I have to assume our least-experienced on-call person will do it, and the campus edge router pair is the only place we have IOS XR. So ideally I'm looking for a solution that involves a SINGLE command to insert the advertisement.
I can use a 2nd router as a "helper", but I'm trying to avoid that.

The idea I have is to put a static route in a dediated VRF (technically VRF Lite since I'm not running MPLS). Any routes in that VRF are advertised to Akamai, but they do not show up in IGP (and it's impossible to make them show up in IGP). I've been playing around with putting the BGP neighbor definiton in the dedicated VRF and doing some routing leaking between the VRF and the global routing table, but I'm finding it challenging to accomplish this.

Is there a better way to accomplish what I'm trying to do? Conditional route injection seems like an awesome approach, but if there's a way to do it without conditional route injection that can implement the service with changing a single line of the running-config, I'm all ears.

I guess this is also kinda the opposite of how conditional route injection historically works, but I'm open to complicated up-front engineering if it makes things easy for in-progress incidents given an SOP. Would that make what I'm thinking of "arbitrary" route injection rather than "conditional"? er, whatever.

Weylin

Rodney-#39357 · ‎03-12-2018

Xander

Any update on the development , have some urgent requirement that need some conditional routing and which code is it supported.

Mikkel Troest · ‎08-29-2014

Hi Xander Sorry for reviving an old thread, but are there any plans of supporting conditional advertisements in a more BGP-native way than the EEM solution? - either by making rib-has-route available to e.g. the neighbor-out attach point, or reintroducing the advertise-map feature , or something completely different? Use-case is suppressing prefixes to primary upstream, and announcing them to a scrubbing service in case of a detected DoS attack. Call me old-fashioned, but I'm not too keen on having syslog-driven EEM script poking about with the actual configuration of the box. Cheers Mikkel

xthuijs · ‎08-31-2014

hi mikkel,

am totally with you on the EEM, that is not the prettiest solution for this purpose, but it is the only option today.

There is a DDTS for tracking of the functionality that you are requesting:

CSCue04899 Allow 'rib-has-route' for outbound rpl

there is currently no release set for this (I see it has no release notes either so you can't view it in the bugtoolkit for more details, but the headline says it all :)

regards

xander

gogie · ‎05-20-2016

Any update on this one?

xthuijs · ‎05-20-2016

It is currently evaluated for XR 61 or 62, no fixed release yet determined.

xander

gabo28121981 · ‎02-08-2017

hello.

Has there been any advanced in this matter? it is really troublesome not having the cool features.

xthuijs · ‎02-08-2017

hi there,

it's (still) not tied to a definite release yet. what would really help me if you (and anyone with this need btw!) can connect with your account team to raise this as a priority for your network.

that way I justify the investment that it has to develop this functionality.

since bgp in xr is event driven, time based operations are not very easy to accommodate. we engineered for a way there, but it requires more dev and test resources than we anticipated. this means simply that I need to be able to justifyt he cost...

xander

Adam Vitkovsky · ‎02-08-2017

Also regarding the “rib-has-route” it is essential to be able to specify which RIB(VRF) should the lookup be performed in please

adam