Ethernet Switches & Routers

Reply
Frequent Contributor
Posts: 127
Registered: ‎07-02-2012

Issue with VPNv4 Route Reflection

Hello community,

I have been turning this upside down but I can't seem to figure out with is wrong with my RR configuration.

Here is the topology :

.1 and .2 : theese are the RRs (CER-RT)

.3 and .4 : thesse are the ERs (MLXe-4)

.1 and .3 : on site A (still isolated from site B)

.2 and .4 : on site B (still isolated from site A)

On the RR side :

router bgp

local-as XXXXX

bfd-enable

bfd min-tx 50 min-rx 50 multiplier 3

  auto-shutdown-new-neighbors

cluster-id XXXXX

capability as4 enable

maxas-limit in 100

fast-external-fallover

neighbor ER-PEER peer-group

neighbor ER-PEER remote-as XXXXX

neighbor ER-PEER description EDGE-ROUTERS-PEERS

  neighbor ER-PEER update-source loopback 1

neighbor ER-PEER soft-reconfiguration inbound

neighbor RR-PEER peer-group                

                 
neighbor RR-PEER remote-as XXXXX
neighbor RR-PEER description ROUTE-REFLECTORS-PEERS
  neighbor RR-PEER next-hop-self
neighbor RR-PEER update-source loopback 1
neighbor RR-PEER soft-reconfiguration inbound
neighbor XXX.YYY.ZZZ.1 peer-group RR-PEER
neighbor XXX.YYY.ZZZ.3 peer-group ER-PEER
  neighbor XXX.YYY.ZZZ.4 peer-group ER-PEER
!
address-family ipv4 unicast
redistribute static route-map FROM-STATIC-V4-TO-BGP
neighbor ER-PEER route-reflector-client
neighbor ER-PEER send-community
neighbor RR-PEER route-map in FROM-RR
  neighbor RR-PEER route-map out TO-RR
neighbor RR-PEER send-community
exit-address-family
!
address-family ipv4 multicast
exit-address-family
!
address-family ipv6 unicast
exit-address-family
!
address-family ipv6 multicast
exit-address-family                                             
!
address-family vpnv4 unicast
neighbor XXX.YYY.ZZZ.1 activate
neighbor XXX.YYY.ZZZ.1 send-community both
  neighbor XXX.YYY.ZZZ.3 activate
neighbor XXX.YYY.ZZZ.3 route-reflector-client
neighbor XXX.YYY.ZZZ.3 send-community both
neighbor XXX.YYY.ZZZ.4 activate
neighbor XXX.YYY.ZZZ.4 route-reflector-client
  neighbor XXX.YYY.ZZZ.4 send-community both
exit-address-family


The VPNv4 session comes just fine :

SSH@rr01.XXX#sh ip bgp vpnv4 summary
  BGP4 Summary
  Router ID: XXX.YYY.ZZZ.2   Local AS Number: XXXXX
   Confederation Identifier: not configured
  Confederation Peers:
  Cluster ID: XXXXX
  Maximum Number of IP ECMP Paths Supported for Load Sharing: 1
  Number of Neighbors Configured: 3, UP: 1
  Number of Routes Installed: 0
   Number of Routes Advertising to All Neighbors: 0 (0 entries)
  Number of Attribute Entries Installed: 0
  Neighbor Address  AS#         State     Time     Rt:Accepted Filtered Sent     ToSend
  XXX.YYY.ZZZ.1       XXXXX       CONN      7d 2h14m    0        0        0        0       
   XXX.YYY.ZZZ.3       XXXXX       CONN      8d 1h10m    0        0        0        0       
  XXX.YYY.ZZZ.4       XXXXX       ESTAB     7d 2h10m    0        0        0        0    


Still, the AFI shows it's not activated :

SSH@rr01.XXX#sh ip bgp peer-group
1   BGP peer-group is ER-PEER, Remote AS: XXXXX
    Description: EDGE-ROUTERS-PEERS
       UpdateSource: Loopback 1
       SoftInboundReconfiguration: yes
      Address family : IPV4 Unicast
         activate
       SendCommunity: yes
      Address family : IPV4 Multicast
        no activate
      Address family : IPV6 Unicast
        no activate
      Address family : IPV6 Multicast
         no activate
      Address family : VPNV4 Unicast
        no activate
      Address family : L2VPN VPLS
        no activate
    Members:
       IP Address: XXX.YYY.ZZZ.3
       IP Address: XXX.YYY.ZZZ.4, AS: XXXXX

It's exactly the same output result seen from the ER :

SSH@er01.XXX#sh ip bgp vpnv4 summary
  BGP4 Summary
  Router ID: XXX.YYY.ZZZ.4   Local AS Number: XXXXXX
  Confederation Identifier: not configured
   Confederation Peers:
  Maximum Number of IP ECMP Paths Supported for Load Sharing: 1
  Number of Neighbors Configured: 2, UP: 1
  Number of Routes Installed: 0
  Number of Routes Advertising to All Neighbors: 0 (0 entries)
   Number of Attribute Entries Installed: 0
  Neighbor Address  AS#         State     Time     Rt:Accepted Filtered Sent     ToSend
  XXX.YYY.ZZZ.1       XXXXXX       CONN      8d 1h18m    0        0        0        0       
   XXX.YYY.ZZZ.2       XXXXXX       ESTAB     7d 2h16m    0        0        0        0    

SSH@er01.XXX#sh ip bgp peer-group
1   BGP peer-group is RR-PEER, Remote AS: XXXXXX
    Description: ROUTE-REFLECTORS-PEERS
        UpdateSource: Loopback 1
       NextHopSelf: yes
       SoftInboundReconfiguration: yes
      Address family : IPV4 Unicast
        activate
       SendCommunity: yes
    Route Filter Policies:
        Route-map: (in) FROM-RR-PEER  (out) TO-RR-PEER 
      Address family : IPV4 Multicast
        no activate
      Address family : IPV6 Unicast
        no activate
      Address family : IPV6 Multicast
         no activate
      Address family : VPNV4 Unicast
        no activate
      Address family : L2VPN VPLS
        no activate
    Members:
       IP Address: XXX.YYY.ZZZ.1
       IP Address: XXX.YYY.ZZZ.2, AS: XXXXXX


Also, got the right licences on the RR :

SSH@rr01.XXX#sh license
Index   Package Name              Lid          Slot    License Type    Status     License Period
1       IP_ROUTE_SCALE            XXXXXXXXX   M       normal          active     unlimited     
2       NI-CER-2024-ADV           XXXXXXXXX   M       normal          active     unlimited  

My RR works just fine for IPv4 AFI.

Can't seem to find what's wrong with VPNv4 AFI...Can't seem to find anything in the NetIron config guide...

Maybe I forgot something but this used to be quite trivial under cisco CLI. Possibly a CLI specificity I overlooked here !?!

Thanks.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.