Ethernet Switches & Routers

Reply
Frequent Contributor
Posts: 131
Registered: ‎07-02-2012

Issue with VPNv4 Route Reflection

Hello community,

I have been turning this upside down but I can't seem to figure out with is wrong with my RR configuration.

Here is the topology :

.1 and .2 : theese are the RRs (CER-RT)

.3 and .4 : thesse are the ERs (MLXe-4)

.1 and .3 : on site A (still isolated from site B)

.2 and .4 : on site B (still isolated from site A)

On the RR side :

router bgp

local-as XXXXX

bfd-enable

bfd min-tx 50 min-rx 50 multiplier 3

  auto-shutdown-new-neighbors

cluster-id XXXXX

capability as4 enable

maxas-limit in 100

fast-external-fallover

neighbor ER-PEER peer-group

neighbor ER-PEER remote-as XXXXX

neighbor ER-PEER description EDGE-ROUTERS-PEERS

  neighbor ER-PEER update-source loopback 1

neighbor ER-PEER soft-reconfiguration inbound

neighbor RR-PEER peer-group                

                 
neighbor RR-PEER remote-as XXXXX
neighbor RR-PEER description ROUTE-REFLECTORS-PEERS
  neighbor RR-PEER next-hop-self
neighbor RR-PEER update-source loopback 1
neighbor RR-PEER soft-reconfiguration inbound
neighbor XXX.YYY.ZZZ.1 peer-group RR-PEER
neighbor XXX.YYY.ZZZ.3 peer-group ER-PEER
  neighbor XXX.YYY.ZZZ.4 peer-group ER-PEER
!
address-family ipv4 unicast
redistribute static route-map FROM-STATIC-V4-TO-BGP
neighbor ER-PEER route-reflector-client
neighbor ER-PEER send-community
neighbor RR-PEER route-map in FROM-RR
  neighbor RR-PEER route-map out TO-RR
neighbor RR-PEER send-community
exit-address-family
!
address-family ipv4 multicast
exit-address-family
!
address-family ipv6 unicast
exit-address-family
!
address-family ipv6 multicast
exit-address-family                                             
!
address-family vpnv4 unicast
neighbor XXX.YYY.ZZZ.1 activate
neighbor XXX.YYY.ZZZ.1 send-community both
  neighbor XXX.YYY.ZZZ.3 activate
neighbor XXX.YYY.ZZZ.3 route-reflector-client
neighbor XXX.YYY.ZZZ.3 send-community both
neighbor XXX.YYY.ZZZ.4 activate
neighbor XXX.YYY.ZZZ.4 route-reflector-client
  neighbor XXX.YYY.ZZZ.4 send-community both
exit-address-family


The VPNv4 session comes just fine :

SSH@rr01.XXX#sh ip bgp vpnv4 summary
  BGP4 Summary
  Router ID: XXX.YYY.ZZZ.2   Local AS Number: XXXXX
   Confederation Identifier: not configured
  Confederation Peers:
  Cluster ID: XXXXX
  Maximum Number of IP ECMP Paths Supported for Load Sharing: 1
  Number of Neighbors Configured: 3, UP: 1
  Number of Routes Installed: 0
   Number of Routes Advertising to All Neighbors: 0 (0 entries)
  Number of Attribute Entries Installed: 0
  Neighbor Address  AS#         State     Time     Rt:Accepted Filtered Sent     ToSend
  XXX.YYY.ZZZ.1       XXXXX       CONN      7d 2h14m    0        0        0        0       
   XXX.YYY.ZZZ.3       XXXXX       CONN      8d 1h10m    0        0        0        0       
  XXX.YYY.ZZZ.4       XXXXX       ESTAB     7d 2h10m    0        0        0        0    


Still, the AFI shows it's not activated :

SSH@rr01.XXX#sh ip bgp peer-group
1   BGP peer-group is ER-PEER, Remote AS: XXXXX
    Description: EDGE-ROUTERS-PEERS
       UpdateSource: Loopback 1
       SoftInboundReconfiguration: yes
      Address family : IPV4 Unicast
         activate
       SendCommunity: yes
      Address family : IPV4 Multicast
        no activate
      Address family : IPV6 Unicast
        no activate
      Address family : IPV6 Multicast
         no activate
      Address family : VPNV4 Unicast
        no activate
      Address family : L2VPN VPLS
        no activate
    Members:
       IP Address: XXX.YYY.ZZZ.3
       IP Address: XXX.YYY.ZZZ.4, AS: XXXXX

It's exactly the same output result seen from the ER :

SSH@er01.XXX#sh ip bgp vpnv4 summary
  BGP4 Summary
  Router ID: XXX.YYY.ZZZ.4   Local AS Number: XXXXXX
  Confederation Identifier: not configured
   Confederation Peers:
  Maximum Number of IP ECMP Paths Supported for Load Sharing: 1
  Number of Neighbors Configured: 2, UP: 1
  Number of Routes Installed: 0
  Number of Routes Advertising to All Neighbors: 0 (0 entries)
   Number of Attribute Entries Installed: 0
  Neighbor Address  AS#         State     Time     Rt:Accepted Filtered Sent     ToSend
  XXX.YYY.ZZZ.1       XXXXXX       CONN      8d 1h18m    0        0        0        0       
   XXX.YYY.ZZZ.2       XXXXXX       ESTAB     7d 2h16m    0        0        0        0    

SSH@er01.XXX#sh ip bgp peer-group
1   BGP peer-group is RR-PEER, Remote AS: XXXXXX
    Description: ROUTE-REFLECTORS-PEERS
        UpdateSource: Loopback 1
       NextHopSelf: yes
       SoftInboundReconfiguration: yes
      Address family : IPV4 Unicast
        activate
       SendCommunity: yes
    Route Filter Policies:
        Route-map: (in) FROM-RR-PEER  (out) TO-RR-PEER 
      Address family : IPV4 Multicast
        no activate
      Address family : IPV6 Unicast
        no activate
      Address family : IPV6 Multicast
         no activate
      Address family : VPNV4 Unicast
        no activate
      Address family : L2VPN VPLS
        no activate
    Members:
       IP Address: XXX.YYY.ZZZ.1
       IP Address: XXX.YYY.ZZZ.2, AS: XXXXXX


Also, got the right licences on the RR :

SSH@rr01.XXX#sh license
Index   Package Name              Lid          Slot    License Type    Status     License Period
1       IP_ROUTE_SCALE            XXXXXXXXX   M       normal          active     unlimited     
2       NI-CER-2024-ADV           XXXXXXXXX   M       normal          active     unlimited  

My RR works just fine for IPv4 AFI.

Can't seem to find what's wrong with VPNv4 AFI...Can't seem to find anything in the NetIron config guide...

Maybe I forgot something but this used to be quite trivial under cisco CLI. Possibly a CLI specificity I overlooked here !?!

Thanks.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook