IMPORTANT UPDATE:
So I have worked out that the PE is in fact forwarding the updates to the route reflector. The issue seems to be to do with what rd I am looking at. You see part of this scenario was to do a rewrite of the rt and rd at the change of AS. The rt rewrite is in fact working. Being translated from 2203:3000 to 46202:3000. The faulty assumption that I made was that the rd would also be translated. This is not happening.
So my problem is now not so much redistribution of routes, as this is working, but translation of the rd. I can't for the life of me work out how to do this on cisco.
Taken from a wireshark capture of the BGP updates:
Community Transitive Two-Octet AS Route Target: 46202:3000
Label Stack=16 (bottom) RD=2203:3000, IPv4=10.0.0.1/32
Update on this first issue:
The commands to do this are missing from any IOS release other than on XE (and maybe XR, I don't have access to an XR device).
From one of our production BRAS's:
(config-route-map)#set extcommunity ?
cost Cost extended community
rt Route Target extended community
soo Site-of-Origin extended community
vpn-distinguisher VPN Distinguisher
That last line doesn't exist on IOS ver 15, which is what I am running on my lab environment. So for the mean time that is as far as I can go with that part of the scenario.
End of update on that issue
So on top of this issue I have also found another one to do with MPLS PHP. From the PE going to the external AS it is popping off all labels and thus making it so it doesn't work at all. So the other AS receives a packet with no labels at all.
All packets from inside my AS are destined for the other AS next hop IP of 34.20.43.11:
PE-4#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 34.20.43.11/32 0 Gi0/0 34.20.43.11
As you can see it pops the label when it shouldn't as the other AS is expecting a label of 16:
LinkedISP#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 10.0.0.1/32[V] 0 aggregate/CUSTOMER_3000
Also not sure about how to solve this. Turning off PHP for a next hop doesn't seem to be able to be done.
Thanks in advance for any thoughts on this.
Original Post + Asked for Show commands:
I am labbing up a scenario where we would peer with another service provider that is in a location that our service provider isn't. For example another country. My plan is to peer with that SP and exchange vpnv4 extended communities so that our customers can access their sites that are off that SP's network over a L3VPN. The basic premise is as follows:
Customer<-into a L3VPN->Our MPLS network<->Peering with other SP<->their MPLS network<-Out of L3VPN->Customer
I have configured it all up and I am successfully exchanging the communities over eBGP. The issue I have that I have been so far unable to solve is that for some reason the cisco routers are not re-advertising the externally learnt vpnv4 routes over the internal vpnv4 BGP sessions. Outputs:
PE-4#show ip bgp vpnv4 rd 46202:3000
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 46202:3000 (default for vrf CUSTOMER_3000_Mapped)
*> 10.0.0.1/32 34.20.43.11 0 0 2203 ?
*> 10.0.0.3/32 0.0.0.0 0 32768 ?
* i10.0.0.200/32 115.40.0.130 0 100 0 ?
*>i 115.40.0.130 0 100 0 ?
You can see the route being received from the other service provider (AS2203) and is also inserted into the routing table:
PE-4#show ip route vrf CUSTOMER_3000_Mapped
10.0.0.0/32 is subnetted, 3 subnets
B 10.0.0.1 [20/0] via 34.20.43.11, 00:58:11
C 10.0.0.3 is directly connected, Loopback3001
B 10.0.0.200 [200/0] via 115.40.0.130, 00:58:11
It is also successfully receiving routes from the route reflector (10.0.0.200 route).
The route reflector is not being given the routes from the other service provider.
RR1#show ip bgp vpnv4 rd 46202:3000
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 46202:3000
*>i10.0.0.3/32 115.40.0.131 0 100 0 ?
*>i10.0.0.200/32 115.40.0.130 0 100 0 ?
I'm at a loss as to why the external vpnv4 routes are not redistributed internally. Below are the relevant configs. Thank you in advance for any help!
PE-4#
vrf definition CUSTOMER_3000_Mapped
rd 46202:3000
!
address-family ipv4
route-target export 46202:3000
route-target import 46202:3000
exit-address-family
!
interface Loopback3001
vrf forwarding CUSTOMER_3000_Mapped
ip address 10.0.0.3 255.255.255.255
!
interface GigabitEthernet0/0
description ### PE-4 <-> LinkedISP ###
ip address 34.20.43.10 255.255.255.254
duplex full
speed 1000
media-type gbic
negotiation auto
mpls bgp forwarding
router bgp 46202
bgp log-neighbor-changes
bgp graceful-restart restart-time 120
bgp graceful-restart stalepath-time 360
bgp graceful-restart
no bgp default ipv4-unicast
no bgp default route-target filter
neighbor ROUTE-REFLECTORS peer-group
neighbor ROUTE-REFLECTORS remote-as 46202
neighbor 34.20.43.11 remote-as 2203
neighbor 115.40.1.1 peer-group ROUTE-REFLECTORS
neighbor 115.40.1.2 peer-group ROUTE-REFLECTORS
!
address-family ipv4
neighbor ROUTE-REFLECTORS send-community extended
neighbor 115.40.1.1 activate
neighbor 115.40.1.2 activate
exit-address-family
!
address-family vpnv4
neighbor ROUTE-REFLECTORS send-community extended
neighbor 34.20.43.11 activate
neighbor 34.20.43.11 send-community extended
neighbor 34.20.43.11 route-map community-rewrite-46202:3000 out
neighbor 115.40.1.1 activate
neighbor 115.40.1.2 activate
exit-address-family
!
address-family ipv6
neighbor 115.40.1.1 activate
neighbor 115.40.1.2 activate
exit-address-family
!
address-family vpnv6
neighbor ROUTE-REFLECTORS send-community extended
neighbor 115.40.1.1 activate
neighbor 115.40.1.2 activate
exit-address-family
!
address-family ipv4 vrf CUSTOMER_3000_Mapped
redistribute connected
exit-address-family
!
ip extcommunity-list 2 permit rt 46202:3000
ip bgp-community new-format
!
route-map community-rewrite-46202:3000 permit 10
match extcommunity 2
set extcomm-list 2 delete
set extcommunity rt 2203:3000
Route Reflectors are standard config, just simply set up with the PE's as route-reflector-clients.
The 'other provider' is set up basically as a mirror to the above config.
Cheers,
Updated with requested outputs:
PE-4#show bgp vpnv4 unicast all neighbors 115.40.1.1 advertised-routes
--Output Omitted--
Route Distinguisher: 46202:3000 (default for vrf CUSTOMER_3000_Mapped)
*> 10.0.0.3/32 0.0.0.0 0 32768 ?
PE-4#show bgp vpnv4 unicast rd 46202:3000 10.0.0.1
BGP routing table entry for 46202:3000:10.0.0.1/32, version 37
Paths: (1 available, best #1, table CUSTOMER_3000_Mapped)
Not advertised to any peer
2203, imported path from 2203:3000:10.0.0.1/32
34.20.43.11 from 34.20.43.11 (34.20.43.11)
Origin incomplete, metric 0, localpref 100, valid, external, best
Extended Community: RT:46202:3000
mpls labels in/out nolabel/16
More Updated shows:
PE-4#show ip route vrf CUSTOMER_3000_Mapped 10.0.0.1
Routing Table: CUSTOMER_3000_Mapped
Routing entry for 10.0.0.1/32
Known via "bgp 46202", distance 20, metric 0
Tag 2203, type external
Last update from 34.20.43.11 14:18:17 ago
Routing Descriptor Blocks:
* 34.20.43.11 (default), from 34.20.43.11, 14:18:17 ago
Route metric is 0, traffic share count is 1
AS Hops 1
Route tag 2203
MPLS label: 16
MPLS Flags: MPLS Required
PE-4#show ip cef vrf CUSTOMER_3000_Mapped 10.0.0.1
10.0.0.1/32
nexthop 34.20.43.11 GigabitEthernet0/0 label 16
34.20.43.10/31 is also advertised in the global routing table as a connected subnet over OSPF for MPLS:
PE-4#show ip ospf 1 0.0.0.8 interface
GigabitEthernet0/0 is up, line protocol is up
Internet Address 34.20.43.10/31, Area 8, Attached via Network Statement
Process ID 1, Router ID 115.40.0.131, Network Type BROADCAST, Cost: 1
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Transmit Delay is 1 sec, State WAITING, Priority 1
No designated router on this network
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
No Hellos (Passive interface)
Wait time before Designated router selection 00:00:37
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 3/3, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
Best Answer
Wasn't able to resolve my issue.