Re: Cisco ASR BGP within the box question

[Joe Maimon <jmaimon () ttec com>]

I sure hope you have better luck than I did.

http://www.mail-archive.com/cisco-nsp () puck nether net/msg20125.html



Steven.Glogger () swisscom com wrote:
> hi all
>
> just a short question (related to a quite new feature from cisco).
> with the new cisco ASR software (15.0(1)S - released some days ago) it is able to do BGP on the same box.
> we need this feature because we use the VASI interfaces to bring and filter traffic from one VRF to another VRF and 
> performing firewalling (ZBF).
>
> basically we have on the box:
> [VRF_A via vasileft1]--[VRF_B via vasiright1]
>
> and the box itself speaks BGP on VRF_B with some RR's:
> [ASRBox] ---- (RR) ---- [anotherbox]
>
> the fun part is, if you want to announce (e.g. 0.0.0.0/0) from VRF_B (announced from anotherbox) to VRF_A it should be 
> possible now with that new feature.
>
> according to BGP I need to configure the VRF_A peer as route-reflector-client so the routes from the anotherbox get 
> reflected via RR to VRF_B.
>
> but, it seems that the router itself needs to be tricked, since he thinks that both peers are in the same route-reflector cluster 
> ("DENIED due to: reflected from the same cluster"):
>
> Aug  2 13:35:03: BGP(0): 213.3.246.33 send UPDATE (format) 0.0.0.0/0, next 10.62.112.65, metric 0, path 44038 3303, 
> extended community RT:65501:1702
>
> Aug  2 13:35:03: BGP(0): 213.3.246.34 rcv UPDATE w/ attr: nexthop 10.62.112.65, origin i, localpref 250, metric 0, 
> originator 10.62.112.65, clusterlist 10.62.112.79 10.62.112.17, merged path 44038 3303, AS_PATH , community
>
> Aug  2 13:35:03: BGP(0): 213.3.246.34 rcv UPDATE about 0.0.0.0/0 -- DENIED due to: reflected from the same cluster;
>
> Aug  2 13:35:03: BGP: 213.3.246.34 Modifying prefix 0.0.0.0/0 from 0 ->  4 address
>
>
> so, this is my config:
>
>
> config:
> <snip>
> interface vasileft1
> ip vrf forwarding VRF_A
>   ip address 10.0.0.1 255.255.255.252
>   zone-member security VASILEFT
> !
> interface vasiright1
> ip vrf forwarding VRF_B
>   ip address 10.0.0.2 255.255.255.252
> zone-member security VASIRIGHT
> !
>
> router bgp 65501
>   address-family ipv4 vrf IABIP-
>    bgp router-id 10.0.0.1
>    redistribute connected
>    redistribute static
>    neighbor 10.0.0.2 remote-as 65501
>    neighbor 10.0.0.2 update-source vasileft1
>    neighbor 10.0.0.2 activate
>    neighbor 10.0.0.2 send-community both
>    neighbor 10.0.0.2 next-hop-self
>
>   exit-address-family
>   !
>   address-family ipv4 vrf IACYP-
>    import path selection multipaths
>    bgp router-id 10.0.0.2
>    redistribute connected
>    redistribute static route-map SET-PREFIX-SoO
>    neighbor 10.0.0.1 remote-as 65501
>    neighbor 10.0.0.1 update-source vasiright1
>    neighbor 10.0.0.1 activate
>    neighbor 10.0.0.1 send-community both
>    neighbor 10.0.0.1 next-hop-self
>   exit-address-family
> </snip>
>
>
>
>
> what does not works:
> - having another AS number on the same box (otherwise eBGP would be possible)
> - client-to-client reflection
> - magic stuff in route-map
> - setting different cluster-id's for different address-families
> - nothing found in the release notes: 
> http://www.cisco.com/en/US/docs/ios/ios_xe/3/release/notes/asr1k_rn_3s_rel_notes.html
>
> so, does anyone knows a nice hidden command to disable this cluster-checking on a per-peer basis or so?
>
>
> -steven