Inter-AS MPLS ASBR Route Reflectors

Unanswered Question
May 10th, 2007

Hi, I'm doing a laboratory testing the Inter-AS MPLS feature, the problem is that when I try to make the EBGP session between the ASBR's loopbacks, I can't ping across the vrf configured in my PE's (1 PE in AS X, 1 PE in AS Y), the BGP sessions are up, even the VRF is up too, but I can?t ping between them, if I make the session between the directly connected interfaces everything runs good.

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Harold Ritter Thu, 05/10/2007 - 19:15

Andres,

The support for the loopback interface peering between the two ASBRs is only supported from 12.0(29)S and requires a few modification to the configuration.

1) add the "neighbor disable-connected-check" command for the eBGP session between the two ASBRs.

2) add the "mpls bgp forwarding" command on the physical interface(s) between the two ASBRs.

3) a /32 route for the peer ASBR loopback address including the physical interface as follow:

ip route x.x.x.x 255.255.255.255 Ethernet0/0 n.n.n.n (where n.n.n.n is the IP address of the next-hop)

or

ip route x.x.x.x 255.255.255.255 se2/0 (for point-to-point interfaces)

Note that this configuration is only useful if you are going to use multiple physical circuits between the two ASBRs and if you want to load balance the traffic between the two ASes on these physical links. Otherwise, it is recommended to use the directly connected interface for the BGP session between the two ASBRs.

Hope this helps,

andres_rivera Fri, 05/11/2007 - 05:50

Thanks for your help.

I already tried this configuration, but I have just one single physical link between the ASBR's.

I'm using the 12.2(25).

Harold Ritter Fri, 05/11/2007 - 06:01

If you only have one link then it would be much easier to peer using the directly connected interface. But if you want to try it just for fun, you will need to runcode in the 12.0S train.

Hope this helps,

jbotello Thu, 05/10/2007 - 21:19

Hello Andres,

There are practically 3 different ways to do what you are looking for.

1. VRF Back to Back, where you configure per VRF per subinterface between ASBR. Simple, but if you have many VPN that required Inter-AS connectivity it doesn't scale.

2. ASBR exchange VPNv4+labels. Here the ASBR speak MBGP against its own AS PE or RR, and EBGP with the other ASBR. If the ASBR doesn't have any VRF configured, it will filter the VPNv4 prefixes (default behavior of any VPNv4 PE). You need to disable the filter using unter router bgp with the following command "no bgp default route-target filter". When you do this, ASBR will store all VPN (if comming from RR) or the one from specific PE if comming for a specific PE. You can filter if you want to limit the VRF that required Inter-AS.

3. Between RR from AS 1 and AS 2, you create a Multihop EBGP session under VPNv4 address familiy and enable the command "neighbor x.x.x.x next-hop-unchanged" You need this because you dont want all traffic inter-as goes throught the RR (normally RR are not in the datapath). Second, you create a IPv4 EBGP session between ASBR, but with one little setup, you need to send both IPv4 NLRI and Labels because you normally will not turn on LDP/TDP between ASBR and traffic required to be labeled. The prefixes that required also labels are only the loopbacks interface of the other AS PEs. Under address-family ipv4, you active asbr neighbor and also configure "neighbor asbr.x.x.x send-label". And make sure you redistribute EBGP from ASBR into their AS IGP in one direction, and the PE loopbacks from AS IGP into EBGP. After doing this, you can validate that you have a label for the other AS PE loopbacks with the following command "show ip bgp labels"

for configs and details, please read

http://www.cisco.com/warp/public/732/Tech/mpls/docs/interasconfig.ppt

Good luck

jbotello Thu, 05/10/2007 - 21:28

Andres, about your setup that doesn't work when setting the session via loopbacks between ASBR. I'm assuming you are trying option 2. Make sure you have a label for asbr next hop loopback address, or configure next-hop-self in all ibgp sessions.

andres_rivera Fri, 05/11/2007 - 05:56

Hi,thanks a lot for your help.

I'm using the 3 way, I have the EBGP session between RR from AS1 to AS2, and applied everything you tell me. If a apply the show ip bgp labels I can see the other AS PE's loopabcks.

I would continue investigating, please notify me if you find something, I'll tell you as soon as I could make that works.

jbotello Fri, 05/11/2007 - 06:11

Can you attach the following outputs?

from PE's

show ip cef vrf detail

show ip cef detail

From RR's

Show run | beg router bgp

andres_rivera Fri, 05/11/2007 - 09:40

I have the loopback 1 on PE's to simulate the CE.

Recently I tested making a multilink in the directly connected interface of the ASBR's with ip unnumbered loop 0, and it worked..

Attachment: 
Harold Ritter Fri, 05/11/2007 - 13:43

Andres,

Looking at the partial config that you provided, I can see that you are doing InterAS option 10c. This mode requires to configure ipv4 + label between the two ASes, which I did not see in the partial config.

Please refer to the following URL for more information on IPv4 + label:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00801ead94.html

Hope this helps,

andres_rivera Fri, 05/11/2007 - 14:09

Hi, I have configured the label interchange between the two ASes, but in the ASBR's (send label, mpls bgp forwarding, etc.), I saw the document you told me, I have based the laboratory in that document, as I told you before, the only solution I've found leaving the loopback as a neighbor is configuring a multilink between the ASBR's. Now I'm trying to test if an ASBR could have a VRF configured without affecting the PE's VRFs.

Thanks for helping me.

Harold Ritter Fri, 05/11/2007 - 14:12

Andres,

I just realized that you might be doing that after I sent my message.

Let us know if you have any other questions or issues,

Harold Ritter Fri, 05/11/2007 - 14:34

Andres,

Just one more thing. I'm not sure I understand what you mean about the multilink between the two ASBRs. Could you please explain.

As I was explaining yesterday, the only way you will be able to sucessfully configure the session between the two ASBRs (either VPNv4 or IPv4 + labels) using the loopback address is by applying the configuration changes I pointed out and to run an IOS in the 12.0S train (later than 12.0(29)S. The DDTS for this issue was CSCeb38210 and was fixed in 12.0(29)S.

http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCeb38210

Hope this helps,

andres_rivera Fri, 05/11/2007 - 14:56

Sure, I configured the following:

interface multilink 1

ip unnumbered loop 0

mpls forwarding

ppp multilink

interface serial1/5

ip address 10.10.10.101.1 255.255.255.252

encapasulation ppp

mpls bgp forwarding

ppp multilink

multilink-group 1

This is the directly connected interface.

I make put the ASBR's loopback 0 as a BPG neighbor.

This way was the only way to leave the loopbacks as neigbors of BGP.

Harold Ritter Fri, 05/11/2007 - 15:11

Andres,

I see what you meant now. But if you ever wanted to load balance over multiple links without using multilink you can follow the recipe I gave you.

Hope this helps,

Actions

This Discussion