One of the issues I usually face is AS path transit or in simple words routes looping when client have two
IPVPN links both working as Main/Main. Why does client request for Main/Main
as opposed to Main/Backup? I believe they have their own reasons. They might
need to load balance their traffic for some prefixes or could be other reasons.
The only difference b/w both Services in many ISP's perspective is that Main/Main comes with default BGP
parameters. While Main/Backup comes with higher local preference on the Main
link.
Client normally has many branches located in different geographical location each advertising their own prefixes through BGP. In this case, having two active links, the routes coming from far end branches enters the 1st links and goes back through the other 2nd link. I believe below diagram will make the issue clear for you 😊
Client normally has many branches located in different geographical location each advertising their own prefixes through BGP. In this case, having two active links, the routes coming from far end branches enters the 1st links and goes back through the other 2nd link. I believe below diagram will make the issue clear for you 😊
Like I mentioned earlier, the same client has many branches
connected to this branch via ISP MPLS. Okay! Enough talking, let us configure and
demonstrate the issue.
In the above diagram, The CE is connected via two links i.e. Link-Aàe0/0 & Link-Bàe0/1 to ISP’s PE’s. firs let us
configure the CE interfaces. You can use any range of IP’s. I am using below
simple ranges 😊
Firs we will configure Link-A interface e0/0
!
interface Ethernet0/0
ip address 1.1.1.1
255.255.255.252
!
now Link-B inter e0/1
!
interface Ethernet0/1
ip address 1.1.1.5
255.255.255.252
!
Note that those IP’s are also provided the ISP as well and along
with other information’s like BGP parameters.
Now let us configure the LAN interface as well. I am lazy so I am
using lo1 as the LAN 😊
interface Loopback1
ip address 10.10.10.1
255.255.255.0
The ISP provides you with the BGP configuration that contains the Provider
AS and the Client AS. Normally client AS is same for all the branches. I have configured the MPLS with BGP AS-2 and
Client AS-1. Let us do the client side since Provider would already have
configured their side the time they provide you the details
R1(config-router)#router bgp 1
R1(config-router)# bgp router-id 1.1.1.1
BGP router ID is optional but recommended. You can use any. Normally
loopback 0 IP is used. I don’t have loopback 0 so I am using any arbitrary value.
R1(config-router)# neighbor 1.1.1.2 remote-as 2
R1(config-router)# neighbor 1.1.1.6 remote-as 2
Those details will already be provided by the ISP. Let us see if BGP
comes up now
*May 16 06:03:28.712: %BGP-5-ADJCHANGE: neighbor 1.1.1.6 Up
*May 16 06:03:28.712: %BGP-5-ADJCHANGE: neighbor 1.1.1.2 Up
Yup, they came up. Let us very as well
R1(config-router)#do sho ip bgp sum
BGP router identifier 1.1.1.1, local AS number 1
BGP table version is 1, main routing table version 1
1 network entries using 140 bytes of memory
1 path entries using 80 bytes of memory
1/0 BGP path/bestpath attribute entries using 144 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 364 total bytes of memory
BGP activity 39/38 prefixes, 106/105 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer
InQ OutQ Up/Down State/PfxRcd
1.1.1.2 4 2 4
2 1 0
0 00:00:04 0
1.1.1.6 4
2 4 2
1 0 0 00:00:04 0
Up they are up from 4 seconds.
But wait, why am I not receiving any prefixes from the branches
R1(config-router)#do sh ip bgp
R1(config-router)#
This is because of the Same AS for this Client in all the
branches. By default, bgp will not install any route in its bgp table if it
sees it coming from the same AS as it considers it; as of its own route coming
back to it and hence not install in its bgp table to avoid routing loop.
To force the bgp install routes from the same AS we have to use
below
R1(config-router)#neighbor 1.1.1.6 allowas-in
R1(config-router)#neighbor 1.1.1.2 allowas-in
The allow-as in forces BGP to install routes coming from the same
AS. Normally you don’t to do it in production, because ISP already have
as-override configured from their side under the clients VRF but like I said I am
lazy to configure the MPLS so I am using the other way around. 😝
Lets see if we are getting the routes now
R1#sh ip bgp sum | b Nei
Neighbor V AS MsgRcvd MsgSent TblVer
InQ OutQ Up/Down State/PfxRcd
1.1.1.2 4 2 22
18 15 0
0 00:10:58 8
1.1.1.6 4 2 22
18 15 0
0 00:10:58 8
Yes , we are getting 8 prefixes from different branches. Let us
see what routes are we getting
R1#sh ip bgp | b Net
Network Next Hop Metric LocPrf Weight Path
* 20.20.10.0/24 1.1.1.2 0 2 1 ?
*> 1.1.1.6 0 2 1 ?
* 20.20.11.0/24 1.1.1.2 0 2 1 ?
*> 1.1.1.6 0 2 1 ?
* 20.20.12.0/24 1.1.1.2 0 2 1 ?
*> 1.1.1.6 0 2 1 ?
* 20.20.13.0/24 1.1.1.2 0 2 1 ?
*> 1.1.1.6 0 2 1 ?
* 20.20.14.0/24 1.1.1.2 0 2 1 ?
*> 1.1.1.6 0 2 1 ?
* 20.20.15.0/24 1.1.1.2 0 2 1 ?
*> 1.1.1.6 0 2 1 ?
* 20.20.16.0/24 1.1.1.2 0 2 1 ?
*> 1.1.1.6 0 2 1 ?
* 20.20.17.0/24 1.1.1.2 0 2 1 ?
*> 1.1.1.6 0 2 1 ?
Seems good so far. Let us now advertise our LAN subnet as
well. The best way is to manually
advertise by using network command as opposed to redistribute it.
R1(config)#do sh ip route connected | b Gate
Gateway of last resort is not set
1.0.0.0/8 is variably
subnetted, 4 subnets, 2 masks
C 1.1.1.0/30 is
directly connected, Ethernet0/0
L 1.1.1.1/32 is
directly connected, Ethernet0/0
C 1.1.1.4/30 is
directly connected, Ethernet0/1
L 1.1.1.5/32 is
directly connected, Ethernet0/1
10.0.0.0/8 is variably
subnetted, 2 subnets, 2 masks
C 10.10.10.0/24 is
directly connected, Loopback1
L 10.10.10.1/32 is
directly connected, Loopback1
Our LAN is configured under loopback1 with subnet /24
R1(config)#router bgp 1
R1(config-router)#network 10.10.10.0 mask 255.255.255.0
Now let us soft clear the bgp
R1(config-router)#do clear ip bgp * sof
So far good. Now let us see if our LAN is advertised or not to
both neighbors
R1#sh ip bgp nei 1.1.1.2
advertised-routes | b Net
Network Next Hop Metric LocPrf Weight Path
*> 10.10.10.0/24 0.0.0.0 0 32768 i
*> 20.20.10.0/24 1.1.1.6 0 2 1 ?
*> 20.20.11.0/24 1.1.1.6 0 2 1 ?
*> 20.20.12.0/24 1.1.1.6 0 2 1 ?
*> 20.20.13.0/24 1.1.1.6 0 2 1 ?
*> 20.20.14.0/24 1.1.1.6 0 2 1 ?
*> 20.20.15.0/24 1.1.1.6 0 2 1 ?
*> 20.20.16.0/24 1.1.1.6 0 2 1 ?
*> 20.20.17.0/24 1.1.1.6 0 2 1 ?
Total number of prefixes 9
R1#sh ip bgp nei 1.1.1.6 advertised-routes | b Net
Network Next Hop Metric LocPrf Weight Path
*>
10.10.10.0/24 0.0.0.0 0 32768 i
*> 20.20.10.0/24 1.1.1.6 0 2 1 ?
*> 20.20.11.0/24 1.1.1.6 0 2 1 ?
*> 20.20.12.0/24 1.1.1.6 0 2 1 ?
*> 20.20.13.0/24 1.1.1.6 0 2 1 ?
*> 20.20.14.0/24 1.1.1.6 0 2 1 ?
*> 20.20.15.0/24 1.1.1.6 0 2 1 ?
*> 20.20.16.0/24 1.1.1.6 0 2 1 ?
*> 20.20.17.0/24 1.1.1.6 0 2 1 ?
Total number of prefixes 9
Yes, we are advertising our prefix as highlight. But wait, what
are the other routes are why are we advertising it since we only advertised our
LAN subnet only i.e. 10.10.10.0/24
Those routes are actually coming from other branches. We only
should have received them and not advertise them back since we are not the
owner of the routes. Also loop formed in the network since we can see all the
routes coming from uplinks are advertised back to the uplinks. There are
multiple ways to overcome this issue. One of the solution is request the ISP to
apply SOO (site of origin) under both the neighbor. But to do simple change
from ISP side, you have to go to through many unnecessary procedures and
sings/stamps with addition to the involvement of cost as well sometimes.
To avoid all those unnecessary procedures, why not doing the
change form CE side. Again we can overcome this issue through multiple ways
from CE side. However, I shall explain two simple ways i.e.
-
Using Route-map
-
Using Filter-list
In this part I will use route-map . first we need to create
route-map and match type of route that are local to the router
R1(config-route-map)#route-map LOCAL permit 10
Now let us what option do we have
R1(config-route-map)# match ?
additional-paths BGP Add-Path match policies
as-path Match BGP AS path list
clns CLNS information
community Match BGP community list
extcommunity Match BGP/VPN extended community list
interface Match first hop interface of route
ip IP specific information
ipv6 IPv6 specific information
length Packet length
local-preference Local preference for route
mdt-group Match routes corresponding to MDT
group
metric Match metric of route
mpls-label Match routes which have MPLS labels
policy-list Match IP policy list
route-type Match route-type of route
rpki Match RPKI state of route
source-protocol Match source-protocol of route
tag Match tag of route
we can see many options. We will use route-type here since the
description is self-explanatory
R1(config-route-map)# match route-type ?
external external route (BGP, EIGRP and OSPF type
1/2)
internal internal route (including OSPF
intra/inter area)
level-1 IS-IS level-1 route
level-2 IS-IS level-2 route
local locally generated route
nssa-external nssa-external route (OSPF type 1/2)
again many option, but we only need locally generated routes
R1(config-route-map)# match route-type local
Let us verify
R1#sho route-map LOCAL
route-map LOCAL, permit, sequence 10
Match clauses:
route-type local
Set clauses:
Policy routing matches: 0
packets, 0 bytes
Now time to apply it on neighbors under bgp
R1(config-router)#router bgp 1
R1(config-router)# neighbor 1.1.1.2 route-map LOCAL out
R1(config-router)# neighbor 1.1.1.6 route-map LOCAL out
Clear the bgp * soft and check the advertise routes to see if we
are only advertising our local routes
R1(config-router)#do clear ip bgp * sof
R1(config-router)#do sh ip bgp nei 1.1.1.6 ad | b Net
Network Next Hop Metric LocPrf Weight Path
*> 10.10.10.0/24 0.0.0.0
0 32768 i
Total number of prefixes 1
R1(config-router)#do sh ip bgp nei 1.1.1.2 adve | b Net
Network Next Hop Metric LocPrf Weight Path
*> 10.10.10.0/24 0.0.0.0 0 32768 i
Total number of prefixes 1
Yes, now things seem to be fine as we are only advertising local
routes. Let us confirm if are still receiving branch routes as well.
R1(config-router)#do sh ip bgp nei 1.1.1.2 rou | b Net
Network Next Hop Metric LocPrf Weight Path
* 10.10.10.0/24 1.1.1.2 0 2 1 i
* 20.20.10.0/24 1.1.1.2 0 2 1 ?
* 20.20.11.0/24 1.1.1.2 0 2 1 ?
* 20.20.12.0/24 1.1.1.2 0 2 1 ?
* 20.20.13.0/24 1.1.1.2 0 2 1 ?
* 20.20.14.0/24 1.1.1.2 0 2 1 ?
* 20.20.15.0/24 1.1.1.2 0 2 1 ?
* 20.20.16.0/24 1.1.1.2 0 2 1 ?
* 20.20.17.0/24 1.1.1.2 0 2 1 ?
Total number of prefixes 9
R1(config-router)#do sh ip bgp nei 1.1.1.6 rou | b Net
Network Next Hop Metric LocPrf Weight Path
* 10.10.10.0/24 1.1.1.6 0 2 1 i
*> 20.20.10.0/24 1.1.1.6
0 2 1
?
*> 20.20.11.0/24 1.1.1.6 0 2 1 ?
*> 20.20.12.0/24 1.1.1.6 0 2 1 ?
*> 20.20.13.0/24 1.1.1.6 0 2 1 ?
*> 20.20.14.0/24 1.1.1.6 0 2 1 ?
*> 20.20.15.0/24 1.1.1.6 0 2 1 ?
*> 20.20.16.0/24 1.1.1.6 0 2 1 ?
*> 20.20.17.0/24 1.1.1.6 0 2 1 ?
Total number of prefixes 9
R1(config-router)#
Yes we are getting all the routes. If you have noticed, we are
again getting our locally originated route from the BGP. This is because
route-type is not matched from the branch side. I have left this protion for
you to do it 😊
In the next par I shall be using the same topology but instead of
route-map, I shall use filter-list under bgp.
That’s it for now. Thank you for your time. Feel free to comment should
you need further details or should you find any mistakes in the configuration.
informative and helpful.thanks alot.
ReplyDelete