Why BGP Connection refused by remote host in VRF?

frank · ‎12-26-2007

Can't find the reason for my BGP is not establishing in the VRF setup?

Both PE and CE can ping each other within VRF and I only see the "Connection refused by remote host" from CE router and PE is just in idle mode.

Here is my PE config:

!

interface Serial0/0

no ip address

encapsulation frame-relay

no ip mroute-cache

no fair-queue

clock rate 2000000

frame-relay intf-type dce

!

interface Serial0/0.171 point-to-point

ip vrf forwarding CRG001

ip address 10.116.0.25 255.255.255.252

frame-relay interface-dlci 171

!

interface Serial0/0.172 point-to-point

ip vrf forwarding CRG002

ip address 10.116.40.25 255.255.255.252

frame-relay interface-dlci 172

!

interface Serial0/0.173 point-to-point

ip vrf forwarding CRG003

ip address 10.116.80.41 255.255.255.252

frame-relay interface-dlci 173

!

router bgp 65000

no synchronization

bgp log-neighbor-changes

no auto-summary

!

address-family ipv4 vrf CRG003

neighbor 10.116.80.42 remote-as 65210

neighbor 10.116.80.42 activate

no auto-summary

no synchronization

network 10.10.30.0 mask 255.255.255.0

exit-address-family

!

address-family ipv4 vrf CRG002

neighbor 10.116.40.26 remote-as 65209

neighbor 10.116.40.26 activate

no auto-summary

no synchronization

network 10.10.20.0 mask 255.255.255.0

exit-address-family

!

address-family ipv4 vrf CRG001

neighbor 10.116.0.26 remote-as 65208

neighbor 10.116.0.26 activate

no auto-summary

no synchronization

network 10.10.10.0 mask 255.255.255.0

exit-address-family

!

Her is the CE config:

!

interface Serial0/0

description VzB_ckt_W0M39897

no ip address

encapsulation frame-relay

no ip mroute-cache

!

interface Serial0/0.171 point-to-point

ip vrf forwarding CRG001

ip address 10.116.0.26 255.255.255.252

frame-relay interface-dlci 171

!

interface Serial0/0.172 point-to-point

ip vrf forwarding CRG002

ip address 10.116.40.26 255.255.255.252

frame-relay interface-dlci 172

!

interface Serial0/0.173 point-to-point

ip vrf forwarding CRG003

ip address 10.116.80.42 255.255.255.252

frame-relay interface-dlci 173

!

router bgp 10

no synchronization

bgp log-neighbor-changes

no auto-summary

!

address-family ipv4 vrf CRG003

neighbor 10.116.80.41 remote-as 65000

neighbor 10.116.80.41 local-as 65210

neighbor 10.116.80.41 activate

no auto-summary

no synchronization

exit-address-family

!

address-family ipv4 vrf CRG002

neighbor 10.116.40.25 remote-as 65000

neighbor 10.116.40.25 local-as 65209

neighbor 10.116.40.25 activate

no auto-summary

no synchronization

exit-address-family

!

address-family ipv4 vrf CRG001

neighbor 10.116.0.25 remote-as 65000

neighbor 10.116.0.25 local-as 65208

neighbor 10.116.0.25 activate

no auto-summary

no synchronization

exit-address-family

!

Edison Ortiz · ‎12-26-2007

You need to configure address-family vpnv4 in order to advertise IPv4 NLRI between the PE and CE routers.

Here is a sample config:

http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a00800a6c11.shtml

frank · ‎12-27-2007

"address-family vpnv4" is for between PE and PE, but my case is between PE and CE so need to use "address-family ipv4".

http://www.cisco.com/en/US/docs/ios/12_1/switch/configuration/guide/xcdtagc.html#wp1001483

frank · ‎12-27-2007

Found the problem...

The PE BGP was missing the router-id:

PE#sh ip bgp vpnv4 all summ

BGP router identifier 0.0.0.0, local AS number 65000

BGP table version is 1, main routing table version 1

3 network entries using 363 bytes of memory

3 path entries using 180 bytes of memory

3 BGP path attribute entries using 180 bytes of memory

3 BGP extended community entries using 72 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 795 total bytes of memory

BGP activity 3/0 prefixes, 3/0 paths, scan interval 15 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

10.116.0.26 4 65208 0 0 0 0 0 never Idle

10.116.40.26 4 65209 0 0 0 0 0 never Idle

10.116.80.42 4 65210 0 0 0 0 0 never Idle

PE#

And is working after I created a loopback and use that as the BGP router-id, tricky...

PE#sh ip bgp vpnv4 all summ

BGP router identifier 192.168.100.1, local AS number 65000

BGP table version is 7, main routing table version 7

3 network entries using 363 bytes of memory

3 path entries using 180 bytes of memory

3 BGP path attribute entries using 180 bytes of memory

3 BGP extended community entries using 72 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 795 total bytes of memory

BGP activity 9/6 prefixes, 9/6 paths, scan interval 15 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

10.116.0.26 4 65208 10 13 4 0 0 00:00:25 0

10.116.40.26 4 65209 10 13 4 0 0 00:00:26 0

10.116.80.42 4 65210 10 13 4 0 0 00:00:30 0

PE#

royalblues · ‎12-27-2007

This could have been because BGP allocates it's router-id from global address space - so you need at least one 'up/up' interface in the default routing table

If you have all the interfaces under some or the other VRF, BGP will not be able to allocate the router-id which could have been the problem in your case

Narayan