Resources
    IOS XR Teaser - BGP as PE ...
    11 May 12

    IOS XR Teaser - BGP as PE to CE for MPLS L3VPN

    Posted byBrian McGahan
    facebooktwitterlinkedin
    news-featured

    Update: Congrats to Mark, our winner of 100 rack rental tokens for the first correct answer, that XR2 is missing a BGP router-id.  In regular IOS, a router-id is chosen based on the highest Loopback interface.  If there is no Loopback interface the highest IP address of all up/up interfaces is chosen.  In the case of IOS XR however, the router-id will not be chosen from a physical link.  It will only be chosen from the highest Loopback interface, or from the manual router-id command.  Per the Cisco documentation:

    BGP Router Identifier

    For BGP sessions between neighbors to be established, BGP must be assigned a router ID. The router ID is sent to BGP peers in the OPEN message when a BGP session is established.

    BGP attempts to obtain a router ID in the following ways (in order of preference):

    • By means of the address configured using the bgp router-id command in router configuration mode.
    • By using the highest IPv4 address on a loopback interface in the system if the router is booted with saved loopback address configuration.
    • By using the primary IPv4 address of the first loopback address that gets configured if there are not any in the saved configuration.

    If none of these methods for obtaining a router ID succeeds, BGP does not have a router ID and cannot establish any peering sessions with BGP neighbors. In such an instance, an error message is entered in the system log, and the show bgp summary command displays a router ID of 0.0.0.0.

    After BGP has obtained a router ID, it continues to use it even if a better router ID becomes available. This usage avoids unnecessary flapping for all BGP sessions. However, if the router ID currently in use becomes invalid (because the interface goes down or its configuration is changed), BGP selects a new router ID (using the rules described) and all established peering sessions are reset.

    Since XR2 in this case does not have a Loopback configured, the BGP process cannot initialize.  The kicker with this problem is that the documentation states that when this problem occurs you should see that "an error message is entered in the system log", however in this case a Syslog was not generated about the error.  At least this is the last time this problem will bite me ;)

     


    Today while working on additional content for our CCIE Service Provider Version 3.0 Lab Workbook I had one of those epic brain fart moments.  What started off as work on (what I thought was) a fairly simply design ended up as a 2 hour troubleshooting rabbit hole of rolling back config snippets one by one, debugging, and basically overall misery that can be perfectly summed up by this GIF of a guy smashing his head against his keyboard. :)

    The scenario in question was a BGP peering between two IOS XR routers.  One was the PE of an MPLS L3VPN network and one was the CE.  As I've done this config literally hundreds of times in the past I could not for the life of me figure out why the BGP peering would not establish.  The relevant snippet of the topology diagram is as follows:

    Since this scenario caused me so much pleasure I am offering 100 tokens good for CCIE Service Provider Version 3.0 Rack Rentals - or any of our other Routing & Switching rack rentals & mock labs, Security rack rentals, or Voice rack rentals - to whoever the first person is that can tell me why did these neighbors not establish a BGP peering.  The relevant outputs needed to troubleshoot the problem can be found below.  I still haven't decided whether I'm going to leave this problem in the workbook or not since it's such a mean one :)  Good luck!

     

     

    <strong>RP/0/0/CPU0:XR1#show run</strong>
    Fri May 11 00:34:38.563 UTC
    Building configuration...
    !! IOS XR Configuration 3.9.1
    !! Last configuration change at Fri May 11 00:32:50 2012 by xr1
    !
    hostname XR1
    username xr1
    group root-lr
    password 7 13061E010803
    !
    vrf ABC
    address-family ipv4 unicast
    import route-target
    26:65001
    !
    export route-target
    26:65001
    !
    !
    !
    line console
    exec-timeout 0 0
    !
    ipv4 access-list PE_ROUTERS
    10 permit ipv4 host 1.1.1.1 any
    20 permit ipv4 host 2.2.2.2 any
    30 permit ipv4 host 5.5.5.5 any
    40 permit ipv4 host 19.19.19.19 any
    !
    interface Loopback0
    ipv4 address 19.19.19.19 255.255.255.255
    !
    interface GigabitEthernet0/1/0/0
    ipv4 address 172.19.10.19 255.255.255.0
    !
    interface GigabitEthernet0/1/0/1
    ipv4 address 26.3.19.19 255.255.255.0
    !
    interface POS0/6/0/0
    vrf ABC
    ipv4 address 10.19.20.19 255.255.255.0
    !
    route-policy PASS
    pass
    end-policy
    !
    router isis 1
    is-type level-2-only
    net 49.0001.0000.0000.0019.00
    address-family ipv4 unicast
    mpls ldp auto-config
    !
    interface Loopback0
    passive
    address-family ipv4 unicast
    !
    !
    interface GigabitEthernet0/1/0/1
    point-to-point
    hello-password hmac-md5 encrypted 022527722E
    address-family ipv4 unicast
    !
    !
    !
    router bgp 26
    address-family ipv4 unicast
    !
    ! address-family ipv4 unicast
    address-family vpnv4 unicast
    !
    neighbor-group PE_ROUTERS
    remote-as 26
    update-source Loopback0
    address-family vpnv4 unicast
    !
    !
    neighbor 1.1.1.1
    use neighbor-group PE_ROUTERS
    !
    neighbor 2.2.2.2
    use neighbor-group PE_ROUTERS
    !
    neighbor 5.5.5.5
    use neighbor-group PE_ROUTERS
    !
    vrf ABC
    rd 26:65001
    address-family ipv4 unicast
    !
    neighbor 10.19.20.20
    remote-as 65001
    address-family ipv4 unicast
    route-policy PASS in
    route-policy PASS out
    as-override
    !
    !
    !
    !
    mpls ldp
    label
    allocate for PE_ROUTERS
    !
    !
    end

    RP/0/0/CPU0:XR1#

    <strong>RP/0/3/CPU0:XR2#show run </strong>
    Fri May 11 00:35:04.932 UTC
    Building configuration...
    !! IOS XR Configuration 3.9.1
    !! Last configuration change at Fri May 11 00:30:30 2012 by xr2
    !
    hostname XR2
    logging console debugging
    username xr2
    group root-lr
    password 7 00071A150754
    !
    cdp
    line console
    exec-timeout 0 0
    !
    interface GigabitEthernet0/4/0/0
    ipv4 address 10.20.20.20 255.255.255.0
    ipv6 address 2001:10:20:20::20/64
    !
    interface POS0/7/0/0
    ipv4 address 10.19.20.20 255.255.255.0
    ipv6 address 2001:10:19:20::20/64
    !
    route-policy PASS
    pass
    end-policy
    !
    router bgp 65001
    address-family ipv4 unicast
    !
    neighbor 10.19.20.19
    remote-as 26
    address-family ipv4 unicast
    route-policy PASS in
    route-policy PASS out
    !
    !
    !
    end

    RP/0/3/CPU0:XR2#

    RP/0/0/CPU0:XR1#show bgp vrf ABC ipv4 unicast summary 
    Fri May 11 00:34:29.712 UTC
    BGP VRF ABC, state: Active
    BGP Route Distinguisher: 26:65001
    VRF ID: 0x60000002
    BGP router identifier 19.19.19.19, local AS number 26
    BGP table state: Active
    Table ID: 0xe0000002
    BGP main routing table version 1

    BGP is operating in STANDALONE mode.

    Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer
    Speaker 1 1 1 1 1 1

    Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
    10.19.20.20 0 65001 2 7 0 0 0 00:03:59 Idle

    
    
    <strong>RP/0/3/CPU0:XR2#show bgp ipv4 unicast summary</strong>
    Fri May 11 00:35:02.278 UTC
    BGP router identifier 0.0.0.0, local AS number 65001
    BGP generic scan interval 60 secs
    BGP table state: Active
    Table ID: 0xe0000000
    BGP main routing table version 1
    BGP scan interval 60 secs

    BGP is operating in STANDALONE mode.

    Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer
    Speaker 1 1 1 1 1 1

    Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
    10.19.20.19 0 26 2 2 0 0 0 00:04:31 Active

    
    
    RP/0/0/CPU0:XR1#show bgp vrf ABC ipv4 unicast neighbors 
    Fri May 11 00:34:18.708 UTC

    BGP neighbor is 10.19.20.20, vrf ABC
    Remote AS 65001, local AS 26, external link
    Remote router ID 0.0.0.0
    BGP state = Idle
    Last read 00:00:00, Last read before reset 00:04:10
    Hold time is 180, keepalive interval is 60 seconds
    Configured hold time: 180, keepalive: 60, min acceptable hold time: 3
    Last write 00:00:15, attempted 53, written 53
    Second last write 00:01:01, attempted 53, written 53
    Last write before reset 00:04:10, attempted 72, written 72
    Second last write before reset 00:04:15, attempted 53, written 53
    Last write pulse rcvd May 11 00:34:02.927 last full not set pulse count 9
    Last write pulse rcvd before reset 00:04:10
    Socket not armed for io, not armed for read, not armed for write
    Last write thread event before reset 00:04:10, second last 00:04:10
    Last KA expiry before reset 00:00:00, second last 00:00:00
    Last KA error before reset 00:00:00, KA not sent 00:00:00
    Last KA start before reset 00:00:00, second last 00:00:00
    Precedence: internet
    Enforcing first AS is enabled
    Received 2 messages, 0 notifications, 0 in queue
    Sent 7 messages, 0 notifications, 0 in queue
    Minimum time between advertisement runs is 0 secs

    For Address Family: IPv4 Unicast
    BGP neighbor version 0
    Update group: 0.2
    Route refresh request: received 0, sent 0
    Policy for incoming advertisements is PASS
    Policy for outgoing advertisements is PASS
    0 accepted prefixes, 0 are bestpaths
    Cumulative no. of prefixes denied: 0.
    Prefix advertised 0, suppressed 0, withdrawn 0
    Maximum prefixes allowed 524288
    Threshold for warning message 75%, restart interval 0 min
    AS override is set
    An EoR was not received during read-only mode
    Last ack version 0, Last synced ack version 0
    Outstanding version objects: current 0, max 0

    Connections established 1; dropped 1
    Local host: 10.19.20.19, Local port: 19432
    Foreign host: 10.19.20.20, Foreign port: 179
    Last reset 00:00:15, due to Peer closing down the session
    Peer reset reason: Remote closed the session (Connection timed out)
    Time since last notification sent to neighbor: 00:02:11
    Error Code: administrative shutdown
    Notification data sent:
    None

    <strong>RP/0/3/CPU0:XR2#show bgp ipv4 unicast neighbors </strong>
    Fri May 11 00:34:58.427 UTC
    

    BGP neighbor is 10.19.20.19
    Remote AS 26, local AS 65001, external link
    Remote router ID 0.0.0.0
    BGP state = Active
    Last read 00:00:00, Last read before reset 00:04:50
    Hold time is 180, keepalive interval is 60 seconds
    Configured hold time: 180, keepalive: 60, min acceptable hold time: 3
    Last write 00:04:50, attempted 19, written 19
    Second last write 00:04:50, attempted 53, written 53
    Last write before reset 00:04:50, attempted 19, written 19
    Second last write before reset 00:04:50, attempted 53, written 53
    Last write pulse rcvd May 11 00:30:08.305 last full not set pulse count 4
    Last write pulse rcvd before reset 00:04:50
    Socket not armed for io, not armed for read, not armed for write
    Last write thread event before reset 00:04:50, second last 00:04:50
    Last KA expiry before reset 00:00:00, second last 00:00:00
    Last KA error before reset 00:00:00, KA not sent 00:00:00
    Last KA start before reset 00:04:50, second last 00:00:00
    Precedence: internet
    Enforcing first AS is enabled
    Received 2 messages, 0 notifications, 0 in queue
    Sent 2 messages, 0 notifications, 0 in queue
    Minimum time between advertisement runs is 30 secs

    For Address Family: IPv4 Unicast
    BGP neighbor version 0
    Update group: 0.2
    Route refresh request: received 0, sent 0
    Policy for incoming advertisements is PASS
    Policy for outgoing advertisements is PASS
    0 accepted prefixes, 0 are bestpaths
    Cumulative no. of prefixes denied: 0.
    Prefix advertised 0, suppressed 0, withdrawn 0
    Maximum prefixes allowed 524288
    Threshold for warning message 75%, restart interval 0 min
    An EoR was not received during read-only mode
    Last ack version 0, Last synced ack version 0
    Outstanding version objects: current 0, max 0

    Connections established 1; dropped 1
    Local host: 10.19.20.20, Local port: 60056
    Foreign host: 10.19.20.19, Foreign port: 179
    Last reset 00:02:27, due to Interface flap
    Time since last notification sent to neighbor: 00:05:07
    Error Code: administrative reset
    Notification data sent:
    None

    © 2024 INE. All Rights Reserved. All logos, trademarks and registered trademarks are the property of their respective owners.
    instagram Logofacebook Logotwitter Logolinkedin Logoyoutube Logo