Привет, незнакомец!

Похоже, вы здесь новенький. Чтобы принять участие, нажмите одну из кнопок ниже!

Проблема с Route Reflectors в Multiprotocol BGP

отредактировано сентября 2016 Раздел: MPLS
Дело было вечером, делать было нечего и решил практически поработать со статьёй BGP Inter-AS.
Начал с самой простой - Option A. Топология сети получилась следующая:
Топология сети
Когда в автономной системе только два iBGP: PE и ABSR, то всё работает. Присутствует сетевая доступность между CE1 и CE3, а также между CE2 и CE4.
Но когда когда в топологию ввожу RR, настраиваю их как Route Reflectors и убираю соседство между PE и ABSR, то всё ломается.
Тэги темы:

Комментарии

  • PE1# show running-config
    hostname PE1
    !
    ip vrf SITE1
    description --SITE1--
    rd 65100:1
    route-target export 65100:1
    route-target import 65100:1
    bgp next-hop Loopback1
    !
    ip vrf SITE2
    description --SITE2--
    rd 65100:2
    route-target export 65100:2
    route-target import 65100:2
    bgp next-hop Loopback2
    !
    mpls traffic-eng tunnels
    mpls traffic-eng reoptimize timers frequency 60
    no mpls ip propagate-ttl forwarded
    !
    interface Loopback0
    no shutdown
    description --Router-ID--
    ip address 10.0.0.2 255.255.255.255
    !
    interface Loopback1
    no shutdown
    description --SITE1-ID--
    ip address 10.0.10.2 255.255.255.255
    no isis advertise prefix
    !
    interface Loopback2
    no shutdown
    description --SITE1-ID--
    ip address 10.0.20.2 255.255.255.255
    no isis advertise prefix
    !
    interface Tunnel1
    no shutdown
    description --For-SITE1--
    ip unnumbered Loopback0
    tunnel mode mpls traffic-eng
    tunnel destination 10.0.0.3
    tunnel mpls traffic-eng priority 4 4
    tunnel mpls traffic-eng bandwidth 2000
    tunnel mpls traffic-eng path-option 10 explicit name MAIN_SITE1
    tunnel mpls traffic-eng path-option 20 dynamic
    no routing dynamic
    !
    interface Tunnel2
    no shutdown
    description --For-SITE2--
    ip unnumbered Loopback0
    tunnel mode mpls traffic-eng
    tunnel destination 10.0.0.3
    tunnel mpls traffic-eng priority 7 7
    tunnel mpls traffic-eng bandwidth 2000
    tunnel mpls traffic-eng path-option 10 explicit name MAIN_SITE2
    tunnel mpls traffic-eng path-option 20 dynamic
    no routing dynamic
    !
    interface Ethernet0/0
    no shutdown
    description --To-SW1--
    no ip address
    no keepalive
    no mop enabled
    !
    interface Ethernet0/0.2
    no shutdown
    description --SITE1--
    encapsulation dot1Q 2
    ip vrf forwarding SITE1
    ip address 10.2.1.1 255.255.255.0
    !
    interface Ethernet0/0.3
    no shutdown
    description --SITE2--
    encapsulation dot1Q 3
    ip vrf forwarding SITE2
    ip address 10.3.1.1 255.255.255.0
    !
    interface Ethernet0/1
    no shutdown
    description --To-RR1--
    ip address 10.0.1.1 255.255.255.252
    ip router isis
    mpls traffic-eng tunnels
    no keepalive
    bfd interval 500 min_rx 500 multiplier 3
    no mop enabled
    clns mtu 512
    isis metric 5000
    isis hello-interval minimal
    ip rsvp bandwidth 8000
    !
    interface Ethernet0/2
    no shutdown
    description --To-R1--
    ip address 10.0.1.14 255.255.255.252
    ip router isis
    mpls traffic-eng tunnels
    no keepalive
    bfd interval 500 min_rx 500 multiplier 3
    no mop enabled
    clns mtu 512
    isis metric 1000
    isis hello-interval minimal
    ip rsvp bandwidth 8000
    !
    router isis
    mpls traffic-eng router-id Loopback0
    mpls traffic-eng level-1
    net 49.0100.0100.0000.0002.00
    is-type level-1
    metric-style wide
    passive-interface default
    no passive-interface Ethernet0/1
    no passive-interface Ethernet0/2
    bfd all-interfaces
    !
    router bgp 65100
    bgp router-id 10.0.0.2
    bgp cluster-id 10.0.0.1
    bgp log-neighbor-changes
    no bgp default ipv4-unicast
    neighbor L3VPN peer-group
    neighbor L3VPN remote-as 65100
    neighbor L3VPN update-source Loopback0
    neighbor 10.0.0.1 peer-group L3VPN
    !
    address-family ipv4
    exit-address-family
    !
    address-family vpnv4
    neighbor L3VPN send-community extended
    neighbor 10.0.0.1 activate
    exit-address-family
    !
    address-family ipv4 vrf SITE1
    redistribute connected
    exit-address-family
    !
    address-family ipv4 vrf SITE2
    redistribute connected
    exit-address-family
    !
    ip route 10.0.10.3 255.255.255.255 Tunnel1
    ip route 10.0.20.3 255.255.255.255 Tunnel2
    !
    ip explicit-path name MAIN_SITE1 enable
    next-address 10.0.0.4
    !
    ip explicit-path name MAIN_SITE2 enable
    next-address 10.0.0.4
  • отредактировано сентября 2016
    ABSR1# show running-config
    hostname ABSR1
    !
    ip vrf SITE1
    description --SITE1--
    rd 65100:1
    route-target export 65100:1
    route-target import 65100:1
    bgp next-hop Loopback1
    !
    ip vrf SITE2
    description --SITE2--
    rd 65100:2
    route-target export 65100:2
    route-target import 65100:2
    bgp next-hop Loopback2
    !
    mpls traffic-eng tunnels
    mpls traffic-eng reoptimize timers frequency 60
    no mpls ip propagate-ttl forwarded
    !
    interface Loopback0
    no shutdown
    description --Router-ID--
    ip address 10.0.0.3 255.255.255.255
    !
    interface Loopback1
    no shutdown
    description --SITE1-ID--
    ip address 10.0.10.3 255.255.255.255
    no isis advertise prefix
    !
    interface Loopback2
    no shutdown
    description --SITE1-ID--
    ip address 10.0.20.3 255.255.255.255
    no isis advertise prefix
    !
    interface Tunnel1
    no shutdown
    description --For-SITE1--
    ip unnumbered Loopback0
    tunnel mode mpls traffic-eng
    tunnel destination 10.0.0.2
    tunnel mpls traffic-eng priority 4 4
    tunnel mpls traffic-eng bandwidth 2000
    tunnel mpls traffic-eng path-option 10 explicit name MAIN_SITE1
    tunnel mpls traffic-eng path-option 20 dynamic
    no routing dynamic
    !
    interface Tunnel2
    no shutdown
    description --For-SITE2--
    ip unnumbered Loopback0
    tunnel mode mpls traffic-eng
    tunnel destination 10.0.0.2
    tunnel mpls traffic-eng priority 7 7
    tunnel mpls traffic-eng bandwidth 2000
    tunnel mpls traffic-eng path-option 10 explicit name MAIN_SITE2
    tunnel mpls traffic-eng path-option 20 dynamic
    no routing dynamic
    !
    interface Ethernet0/0
    no shutdown
    description --To-ABSR2--
    no ip address
    no keepalive
    no mop enabled
    !
    interface Ethernet0/0.2
    no shutdown
    description --SITE1--
    encapsulation dot1Q 2
    ip vrf forwarding SITE1
    ip address 10.2.0.1 255.255.255.0
    ip ospf 1 area 0
    !
    interface Ethernet0/0.3
    no shutdown
    description --SITE2--
    encapsulation dot1Q 3
    ip vrf forwarding SITE2
    ip address 10.3.0.1 255.255.255.0
    ip ospf 2 area 0
    !
    interface Ethernet0/1
    no shutdown
    description --To-R1--
    ip address 10.0.1.9 255.255.255.252
    ip router isis
    mpls traffic-eng tunnels
    no keepalive
    bfd interval 500 min_rx 500 multiplier 3
    no mop enabled
    clns mtu 512
    isis metric 1000
    isis hello-interval minimal
    ip rsvp bandwidth 8000
    !
    interface Ethernet0/2
    no shutdown
    description --To-RR1--
    ip address 10.0.1.6 255.255.255.252
    ip router isis
    mpls traffic-eng tunnels
    no keepalive
    bfd interval 500 min_rx 500 multiplier 3
    no mop enabled
    clns mtu 512
    isis metric 5000
    isis hello-interval minimal
    ip rsvp bandwidth 8000
    !
    router ospf 1 vrf SITE1
    router-id 10.0.10.3
    capability vrf-lite
    redistribute bgp 65100 subnets
    passive-interface default
    no passive-interface Ethernet0/0.2
    !
    router ospf 2 vrf SITE2
    router-id 10.0.20.3
    capability vrf-lite
    redistribute bgp 65100 subnets
    passive-interface default
    no passive-interface Ethernet0/0.3
    !
    router isis
    mpls traffic-eng router-id Loopback0
    mpls traffic-eng level-1
    net 49.0100.0100.0000.0003.00
    is-type level-1
    metric-style wide
    passive-interface default
    no passive-interface Ethernet0/1
    no passive-interface Ethernet0/2
    bfd all-interfaces
    !
    router bgp 65100
    bgp router-id 10.0.0.3
    bgp cluster-id 10.0.0.1
    bgp log-neighbor-changes
    no bgp default ipv4-unicast
    neighbor L3VPN peer-group
    neighbor L3VPN remote-as 65100
    neighbor L3VPN update-source Loopback0
    neighbor 10.0.0.1 peer-group L3VPN
    !
    address-family ipv4
    exit-address-family
    !
    address-family vpnv4
    neighbor L3VPN send-community extended
    neighbor 10.0.0.1 activate
    exit-address-family
    !
    address-family ipv4 vrf SITE1
    redistribute connected
    redistribute ospf 1 metric 10 match internal external 1 external 2
    exit-address-family
    !
    address-family ipv4 vrf SITE2
    redistribute connected
    redistribute ospf 2 metric 10 match internal external 1 external 2
    exit-address-family
    !
    ip route 10.0.10.2 255.255.255.255 Tunnel1
    ip route 10.0.20.2 255.255.255.255 Tunnel2
    !
    ip explicit-path name MAIN_SITE1 enable
    next-address 10.0.0.4
    !
    ip explicit-path name MAIN_SITE2 enable
    next-address 10.0.0.4
  • RR1# show running-config
    hostname RR1
    !
    mpls traffic-eng tunnels
    mpls traffic-eng reoptimize timers frequency 60
    no mpls ip propagate-ttl forwarded
    !
    interface Loopback0
    no shutdown
    description --Router-ID--
    ip address 10.0.0.1 255.255.255.255
    !
    interface Ethernet0/1
    no shutdown
    description --To-PE1--
    ip address 10.0.1.2 255.255.255.252
    ip router isis
    mpls traffic-eng tunnels
    no keepalive
    bfd interval 500 min_rx 500 multiplier 3
    no mop enabled
    clns mtu 512
    isis metric 5000
    isis hello-interval minimal
    ip rsvp bandwidth 8000
    !
    interface Ethernet0/2
    no shutdown
    description --To-ABSR1--
    ip address 10.0.1.5 255.255.255.252
    ip router isis
    mpls traffic-eng tunnels
    no keepalive
    bfd interval 500 min_rx 500 multiplier 3
    no mop enabled
    clns mtu 512
    isis metric 5000
    isis hello-interval minimal
    ip rsvp bandwidth 8000
    !
    router isis
    mpls traffic-eng router-id Loopback0
    mpls traffic-eng level-1
    net 49.0100.0100.0000.0001.00
    is-type level-1
    metric-style wide
    passive-interface default
    no passive-interface Ethernet0/1
    no passive-interface Ethernet0/2
    bfd all-interfaces
    !
    router bgp 65100
    bgp router-id 10.0.0.1
    bgp cluster-id 10.0.0.1
    no bgp client-to-client reflection
    bgp log-neighbor-changes
    no bgp default ipv4-unicast
    neighbor L3VPN peer-group
    neighbor L3VPN remote-as 65100
    neighbor L3VPN update-source Loopback0
    neighbor 10.0.0.2 peer-group L3VPN
    neighbor 10.0.0.3 peer-group L3VPN
    !
    address-family ipv4
    exit-address-family
    !
    address-family vpnv4
    neighbor L3VPN send-community extended
    neighbor L3VPN route-reflector-client
    neighbor 10.0.0.2 activate
    neighbor 10.0.0.3 activate
    exit-address-family
  • PE1# show bgp all
    For address family: IPv4 Unicast

    For address family: VPNv4 Unicast

    BGP table version is 17, local router ID is 10.0.0.2
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
    r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
    x best-external, a additional-path, c RIB-compressed,
    Origin codes: i - IGP, e - EGP, ? - incomplete
    RPKI validation codes: V valid, I invalid, N Not found

    Network Next Hop Metric LocPrf Weight Path
    Route Distinguisher: 65100:1 (default for vrf SITE1)
    *> 10.2.1.0/24 0.0.0.0 0 32768 ?
    Route Distinguisher: 65100:2 (default for vrf SITE2)
    *> 10.3.1.0/24 0.0.0.0 0 32768 ?

    For address family: IPv4 Multicast

    For address family: L2VPN E-VPN

    For address family: VPNv4 Multicast

    For address family: MVPNv4 Unicast
    ABSR1# show bgp all
    For address family: IPv4 Unicast

    For address family: VPNv4 Unicast

    BGP table version is 15, local router ID is 10.0.0.3
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
    r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
    x best-external, a additional-path, c RIB-compressed,
    Origin codes: i - IGP, e - EGP, ? - incomplete
    RPKI validation codes: V valid, I invalid, N Not found

    Network Next Hop Metric LocPrf Weight Path
    Route Distinguisher: 65100:1 (default for vrf SITE1)
    *> 10.2.0.0/24 0.0.0.0 0 32768 ?
    Route Distinguisher: 65100:2 (default for vrf SITE2)
    *> 10.3.0.0/24 0.0.0.0 0 32768 ?

    For address family: IPv4 Multicast

    For address family: L2VPN E-VPN

    For address family: VPNv4 Multicast

    For address family: MVPNv4 Unicast
    RR1# show bgp all
    For address family: IPv4 Unicast

    For address family: VPNv4 Unicast

    BGP table version is 1, local router ID is 10.0.0.1
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
    r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
    x best-external, a additional-path, c RIB-compressed,
    Origin codes: i - IGP, e - EGP, ? - incomplete
    RPKI validation codes: V valid, I invalid, N Not found

    Network Next Hop Metric LocPrf Weight Path
    Route Distinguisher: 65100:1
    * i 10.2.0.0/24 10.0.10.3 0 100 0 ?
    * i 10.2.1.0/24 10.0.10.2 0 100 0 ?
    Route Distinguisher: 65100:2
    * i 10.3.0.0/24 10.0.20.3 0 100 0 ?
    * i 10.3.1.0/24 10.0.20.2 0 100 0 ?

    For address family: IPv4 Multicast

    For address family: L2VPN E-VPN

    For address family: MVPNv4 Unicast

    PE1# show bgp all peer-group L3VPN
    BGP peer-group is L3VPN, remote AS 65100
    BGP version 4
    Neighbor sessions:
    0 active, is not multisession capable (disabled)
    Default minimum time between advertisement runs is 0 seconds

    For address family: VPNv4 Unicast
    BGP neighbor is L3VPN, peer-group internal, members:
    10.0.0.1
    Index 0, Advertise bit 0
    Interface associated: (none)
    Update messages formatted 0, replicated 0
    Number of NLRIs in the update sent: max 0, min 0
    ABSR1# show bgp all peer-group L3VPN
    BGP peer-group is L3VPN, remote AS 65100
    BGP version 4
    Neighbor sessions:
    0 active, is not multisession capable (disabled)
    Default minimum time between advertisement runs is 0 seconds

    For address family: VPNv4 Unicast
    BGP neighbor is L3VPN, peer-group internal, members:
    10.0.0.1
    Index 0, Advertise bit 0
    Interface associated: (none)
    Update messages formatted 0, replicated 0
    Number of NLRIs in the update sent: max 0, min 0
    RR1# show bgp all peer-group L3VPN
    BGP version 4
    Neighbor sessions:
    0 active, is not multisession capable (disabled)
    Default minimum time between advertisement runs is 0 seconds

    For address family: VPNv4 Unicast
    BGP neighbor is L3VPN, peer-group internal, members:
    10.0.0.2 10.0.0.3
    Index 0, Advertise bit 0
    Route-Reflector Client
    Interface associated: (none)
    Update messages formatted 0, replicated 0
    Number of NLRIs in the update sent: max 0, min 0

    P.S.: Если кого нибудь заинтересует, то могу через личку поделится лабой. Заранее спасибо.
  • Не особо знаток циски, но разве не так?

    Command
    Purpose
    Router(config-router)# neighbor ip-address | peer-group-name route-reflector-client
    Configures the local router as a BGP route reflector and the specified neighbor as a client.
  • И разве на клиенте надо указывать кластер ид? Будет же кластер луп
  • glazgoo написал:

    И разве на клиенте надо указывать кластер ид? Будет же кластер луп

    cluster id указан на всех соседях и равен он bgp cluster-id 10.0.0.1

    PE1# show running-config | section router bgp
    router bgp 65100
    bgp router-id 10.0.0.2
    bgp cluster-id 10.0.0.1
    bgp log-neighbor-changes
    no bgp default ipv4-unicast
    neighbor L3VPN peer-group
    neighbor L3VPN remote-as 65100
    neighbor L3VPN update-source Loopback0
    neighbor 10.0.0.1 peer-group L3VPN
    !
    address-family ipv4
    exit-address-family
    !
    address-family vpnv4
    neighbor L3VPN send-community extended
    neighbor 10.0.0.1 activate
    exit-address-family
    !
    address-family ipv4 vrf SITE1
    redistribute connected
    exit-address-family
    !
    address-family ipv4 vrf SITE2
    redistribute connected
    exit-address-family
    ABSR1# show running-config | section router bgp
    router bgp 65100
    bgp router-id 10.0.0.3
    bgp cluster-id 10.0.0.1
    bgp log-neighbor-changes
    no bgp default ipv4-unicast
    neighbor L3VPN peer-group
    neighbor L3VPN remote-as 65100
    neighbor L3VPN update-source Loopback0
    neighbor 10.0.0.1 peer-group L3VPN
    !
    address-family ipv4
    exit-address-family
    !
    address-family vpnv4
    neighbor L3VPN send-community extended
    neighbor 10.0.0.1 activate
    exit-address-family
    !
    address-family ipv4 vrf SITE1
    redistribute connected
    redistribute ospf 1 metric 10 match internal external 1 external 2
    exit-address-family
    !
    address-family ipv4 vrf SITE2
    redistribute connected
    redistribute ospf 2 metric 10 match internal external 1 external 2
    exit-address-family
    glazgoo написал:

    Не особо знаток циски, но разве не так?
    Router(config-router)# neighbor ip-address | peer-group-name route-reflector-client
    Configures the local router as a BGP route reflector and the specified neighbor as a client.

    Именно так, но при объявлении команды no bgp default ipv4-unicast команды neighbor [ip-address | peer-group-name] route-reflector-client объявляется не в глобальной настройки процесса BGP, а в address-family vpnv4.
    RR1# show running-config | section router bgp
    router bgp 65100
    bgp router-id 10.0.0.1
    bgp cluster-id 10.0.0.1
    bgp log-neighbor-changes
    no bgp default ipv4-unicast
    neighbor L3VPN peer-group
    neighbor L3VPN remote-as 65100
    neighbor L3VPN update-source Loopback0
    neighbor 10.0.0.2 peer-group L3VPN
    neighbor 10.0.0.3 peer-group L3VPN
    !
    address-family ipv4
    exit-address-family
    !
    address-family vpnv4
    neighbor L3VPN send-community extended
    neighbor L3VPN route-reflector-client
    neighbor 10.0.0.2 activate
    neighbor 10.0.0.3 activate
    exit-address-family
  • отредактировано сентября 2016
    На клиентах не должен указываться cluster-id

    Посмотри, какие vpn-ipv4 отдает маршрутизатор PE своим соседям.
    Если там есть cluster-id, то будет cluster loop
  • glazgoo написал:

    На клиентах не должен указываться cluster-id

    Убрал, ничего не поменялось.
    glazgoo написал:


    Посмотри, какие vpn-ipv4 отдает маршрутизатор PE своим соседям.
    Если там есть cluster-id, то будет cluster loop

    Не до конца понял как посмотреть. Подскажите.
  • ArteS написал:


    cluster id указан на всех соседях и равен он bgp cluster-id 10.0.0.1

    Одинаковый у всех? И в левом и в правом ISP?
  • Нет. В AS65100 - 10.0.0.1, а в AS65200 - 10.1.0.1.
  • Эх, а я думал все просто :)
    Ну тогда вам дебажить, смотрите что уходит с RR-клиентов, что приходит на RR, что уходит с RR в сторону клиентов.
  • В дебаге с клиентов маршруты уходят на RR, а вот он по каким то причинам не раздает их обратно.
  • А на RR что?
    Маршруты в Adj-RIBs-In попадают? в RIB?
  • На RR маршруты попадают. Я выше писал результаты команды show bgp all с RR. Или нужен результат другой команды?
  • А, точно не заметил, так они у вас не бестовые, насколько я понимаю вывод циски.

    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
    * i 10.2.0.0/24 10.0.10.3 0 100 0 ?
    * i 10.2.1.0/24 10.0.10.2 0 100 0 ?
  • Согласен. Разобрался.
    RR не знает о Lo1 и Lo2 у PE и ABSR, так как я заведомо их исключил из IS-IS ввиду использования статической маршрутизации в RSVP TE туннели и думал что они не нужны на RR. Как только я убрал настройку no isis advertise prefix с Lo1 и Lo2 у PE и ABSR префиксы прилетели на RR

    RR1# show ip route isis
    Gateway of last resort is not set
    10.0.0.0/8 is variably subnetted, 14 subnets, 2 masks
    . . .
    i L1 10.0.20.2/32 [115/5000] via 10.0.1.1, 02:09:27, Ethernet0/1
    i L1 10.0.20.3/32 [115/7000] via 10.0.1.1, 02:09:22, Ethernet0/1
    . . .
    Они стали best'ами у BGP:

    RR1# show bgp all
    For address family: VPNv4 Unicast
    BGP table version is 7, local router ID is 10.0.0.1
    Network Next Hop Metric LocPrf Weight Path
    Route Distinguisher: 65100:1
    *>i 10.2.0.0/24 10.0.10.3 0 100 0 ?
    *>i 10.2.1.0/24 10.0.10.2 0 100 0 ?
    *>i 10.2.2.0/24 10.0.10.3 10 100 0 65200 i
    Route Distinguisher: 65100:2
    *>i 10.3.0.0/24 10.0.20.3 0 100 0 ?
    *>i 10.3.1.0/24 10.0.20.2 0 100 0 ?
    *>i 10.3.2.0/24 10.0.20.3 10 100 0 65200 i
    И он их раздал соседям:

    PE1# show ip route vrf SITE1
    Routing Table: SITE1
    Gateway of last resort is not set
    10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
    B 10.2.0.0/24 [200/0] via 10.0.10.3, 02:18:56
    C 10.2.1.0/24 is directly connected, Ethernet0/0.2
    L 10.2.1.1/32 is directly connected, Ethernet0/0.2
    B 10.2.2.0/24 [200/10] via 10.0.10.3, 02:18:03
    Всем Спасибо. :)
Войдите или Зарегистрируйтесь чтобы комментировать.