L3VPN MPLS - Internal BGP between CE - PE

Mailman List Mirror (Read Only)
1

Dear Members,

We are ISP which use the same autonomous system to hold External BGP sessions
and for implementing L3VPN MPLS ( as internal BGP )

We have a internal office router that receives a "default route" via IBGP
from our border router.

I'll try to briefly explain the problem:

This internal router named (CE) keeps IBGP session with PE router in VRF "def".

CE ( GlobalTable ) - PE ( vrf "DEF" )

The aim is "default route" IBGP received from the the ISP provider to be redistributed to PE in all vrf "DEF"

After establishing the session we observe that actualy that "default route" is propagating successful
in whole vrf "DEF" but MPLS does not set label of this route and the traffic is blackholed.

When using another protocol as OSPF and EIGRP everything is OK.

We opened case in Cisco TAC and they explaned that IOS official is not support IBGP between PE and CE. Only EBGP.

I would like to know if any of you had similar problem and if there is any workaround in Cisco platform.
I see for example Juniper has special commands for resolving this problem.

Thanks in advance!

Best~
Javor Kliachev

2

What is the next hop of the route? There should be an IGP route for
the next hop in the iBGP default. It should have a label or LSP
attached to it. How was the default generated? Does it come from a
provider? If so you may have to set next hop self on the router that
receives the default. Your provider's PE router IP won't be in your
IGP by default and hence won't be known to your label protocol.

3
4

Dear Keegan,

Thank you for your advice!

Here is the output of my configuration and applied debug commands:

# PE router config:

The session bellow is between PE and CE:

router bgp 34224
!
address-family ipv4 vrf DEF
   redistribute connected
   redistribute static
   neighbor 10.18.7.1 remote-as 34224
   neighbor 10.18.7.1 description to_echo-sdc_CE
   neighbor 10.18.7.1 activate
   neighbor 10.18.7.1 send-community both
   neighbor 10.18.7.1 prefix-list Permit_Default in
   neighbor 10.18.7.1 route-map NEXT-HOP-SELF in
   neighbor 10.18.7.1 route-map NEXT-HOP-SELF out
   no synchronization
  exit-address-family
end

Hotel-st_PE#show route-map NEXT-HOP-SELF
route-map NEXT-HOP-SELF, permit, sequence 10
   Match clauses:
   Set clauses:
     ip next-hop peer-address
   Policy routing matches: 0 packets, 0 bytes

Hotel-st_PE#show ip bgp vpnv4 vrf DEF summary
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.18.7.1 4 34224 85 38 894079 0 0 00:00:02 1

Hotel-st_PE#show ip bgp vpnv4 vrf DEF neighbors 10.18.7.1 routes

    Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 34224:151 (default for vrf DEF)
*>i0.0.0.0 10.18.7.1 0 120 0 i

Hotel-st_PE#show ip route vrf DEF

      23.0.0.0/32 is subnetted, 1 subnets
S 23.23.23.23 [1/0] via 10.18.7.1
      24.0.0.0/32 is subnetted, 1 subnets
C 24.24.24.24 is directly connected, Loopback30
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B 10.100.187.1/32 [200/0] via 10.1.7.253, 00:16:16
C 10.18.7.0/29 is directly connected, Vlan187
B* 0.0.0.0/0 [200/0] via 10.18.7.1, 00:08:40

#### Bravo-plv is other test PE router which should receive and use "default route"

bravo-plv_PE#show ip route vrf DEF

      23.0.0.0/32 is subnetted, 1 subnets
B 23.23.23.23 [200/0] via 10.1.1.253, 1w5d
      24.0.0.0/32 is subnetted, 1 subnets
B 24.24.24.24 [200/0] via 10.1.1.253, 2w0d
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.100.187.1/32 is directly connected, Loopback100
B 10.18.7.0/29 [200/0] via 10.1.1.253, 1w6d
B* 0.0.0.0/0 [200/0] via 10.18.7.1, 00:02:37

### this ping is OK because 10.18.7.0/29 is connected on the PE router.

bravo-plv_PE#ping vrf DEF 10.18.7.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.18.7.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms

### 212.73.140.140.190 isn't in routing table. It is direct connected network on
interface on CE and passing via "default route"

bravo-plv_PE#ping vrf DEF 212.73.140.190

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 212.73.140.190, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

This is very strange:

5

Look at the route to 87.121.83.25. It looks like that's the address of
your provider's PE router. It is most likely not in your IGP and hence
does not have a FEC. You should set next-hop self on the router that peers
with your ISP. Also, I might be missing something but I don't usually set
next-hop self using a route map. I usually just use the update source and
next-hop-self options direct under BGP.