Discussion:
[c-nsp] IOS XR OSPF redistribute to eBGP
Ahmed Sharif
2016-04-22 21:18:40 UTC
Permalink
Hi Experts,

I have a setup as below

Cisco ASR9k1(vrf OM_InBand_CE) ------------OSPF(loopback cable)-----------------(vrf OM_InBand_TME_PE ) ASR9K1 (vrf OM_InBand_TME_PE) -------------eBGP----------- ISP

For outbound:
I have one specific route x.x.x.x/23 learned by OSPF in vrf OM_InBand_TME_PE from vrf OM_InBand_CE.
I want to send this specific route under specific vrf (normal vrf unicast) to my eBGP peer and I am not able to do it.
Below are configurations for outbound traffic:

prefix-set to-tele
x.x.x.x/23
end-set
!
route-policy to-telepeer
if destination in to-tele then
done
endif
end-policy
!

router bgp 65201
bgp router-id x.x.x.x
address-family ipv4 unicast
!
address-family vpnv4 unicast
!
vrf OM_InBand_TME_PE
rd auto
address-family ipv4 unicast
!
neighbor y.y.y.y
remote-as 65200
address-family ipv4 unicast
route-policy to-telepeer out
soft-reconfiguration inbound always

And then check results using command "show bgp vrf OM_InBand_TME_PE neighbors y.y.y.y advertised-routes" and nothing is going to the neighbor.

For inbound:
Similarly for inbound traffic I have to accept a default route from my eBGP peer which is being accepted successfully by configurations below but I need specific acceptance of default route.
For inbound I have applied below policy which is accepting everything I believe. (neighbor is advertising one route to ASR9k1)

route-policy from-telepeer
pass
end-policy

router bgp 65201
bgp router-id x.x.x.x
address-family ipv4 unicast
!
address-family vpnv4 unicast
!
vrf OM_InBand_TME_PE
rd auto
address-family ipv4 unicast
!
neighbor y.y.y.y
remote-as 65200
address-family ipv4 unicast
route-policy from-telepeer
soft-reconfiguration inbound always

Kindly assist with your expertise if possible and point out my mistake especially for outbound traffic where nothing is working.

Thanks and Regards,
Ahmed
_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Aaron
2016-04-22 23:50:26 UTC
Permalink
Since you are talking about vrf routes into bgp I guess you don't need RT's
but I'm not entirely sure... I see you don't have RT's in your vrf.

I wonder if you need the network/23 in the vrf context under bgp... like...

router bgp 65201
vrf OM_InBand_TME_PE
Network x.x.x.x/23

...here's my vrf context under my bgp for network's I advertise to my isp...

router bgp 64512
vrf one
rd 10.101.101.101:1
address-family ipv4 unicast
aggregate-address 1.2.3.0/20 summary-only
aggregate-address 2.4.6.0/19 summary-only

neighbor 3.1.3.1
remote-as 6789
local-as 1369 no-prepend replace-as
address-family ipv4 unicast
route-policy ipv4-allow-in in
route-policy ipv4-allow-out out

...also, I'm not sure of the difference between "done" and "pass" in a
route-policy... but I use "pass"

RP/0/RSP0/CPU0:eng-lab-9k-1(config-rpl)#if destination in testit then ?
....
done Accept this route with no further processing
....
pass Pass this route for further processing
...

...here's my outbound...

route-policy ipv4-allow-out
if destination in send-to-isp then
pass
else
drop
endif
end-policy
!

RP/0/RSP0/CPU0:grdn-9k#sh run prefix-set send-to-isp
Fri Apr 22 18:30:47.346 CDT
prefix-set send-to-isp
1.2.3.0/19,
2.4.6.0/20,
end-set

I don't see your inbound route-policy.... so maybe that's a problem too for
getting the 0/0 route from your isp...

Here's my inbound to allow 0/0 from my isp...

route-policy ipv4-allow-in
pass
end-policy
!


- Aaron

_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Ahmed Sharif
2016-04-23 00:03:33 UTC
Permalink
Hi Aaron,

Let's focus on outbound only. Yes you are correct, I am not using RTs and I want it to be achieved using route-policy just like you mentioned below.
For out bound you defined the route-policy "ipv4-allow-out" in which you referenced "send-to-isp".
Can you show me the example configuration of "send-to-isp" ?

route-policy ipv4-allow-out
if destination in send-to-isp then
pass
else
drop
endif
end-policy

Regards,
Ahmed

-----Original Message-----
From: Aaron [mailto:***@gvtc.com]
Sent: den 23 april 2016 01:50
To: Ahmed Sharif; cisco-***@puck.nether.net
Subject: RE: [c-nsp] IOS XR OSPF redistribute to eBGP

Since you are talking about vrf routes into bgp I guess you don't need RT's but I'm not entirely sure... I see you don't have RT's in your vrf.

I wonder if you need the network/23 in the vrf context under bgp... like...

router bgp 65201
vrf OM_InBand_TME_PE
Network x.x.x.x/23

...here's my vrf context under my bgp for network's I advertise to my isp...

router bgp 64512
vrf one
rd 10.101.101.101:1
address-family ipv4 unicast
aggregate-address 1.2.3.0/20 summary-only
aggregate-address 2.4.6.0/19 summary-only

neighbor 3.1.3.1
remote-as 6789
local-as 1369 no-prepend replace-as
address-family ipv4 unicast
route-policy ipv4-allow-in in
route-policy ipv4-allow-out out

...also, I'm not sure of the difference between "done" and "pass" in a route-policy... but I use "pass"

RP/0/RSP0/CPU0:eng-lab-9k-1(config-rpl)#if destination in testit then ?
....
done Accept this route with no further processing
....
pass Pass this route for further processing
...

...here's my outbound...

route-policy ipv4-allow-out
if destination in send-to-isp then
pass
else
drop
endif
end-policy
!

RP/0/RSP0/CPU0:grdn-9k#sh run prefix-set send-to-isp Fri Apr 22 18:30:47.346 CDT prefix-set send-to-isp
1.2.3.0/19,
2.4.6.0/20,
end-set

I don't see your inbound route-policy.... so maybe that's a problem too for getting the 0/0 route from your isp...

Here's my inbound to allow 0/0 from my isp...

route-policy ipv4-allow-in
pass
end-policy
!


- Aaron

_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Aaron
2016-04-23 00:07:13 UTC
Permalink
Sure... I did... here it is again...

RP/0/RSP0/CPU0:grdn-9k#sh run prefix-set send-to-isp

Fri Apr 22 18:30:47.346 CDT

prefix-set send-to-isp
1.2.3.0/19,
2.4.6.0/20,
end-set

- Aaron

-----Original Message-----
From: Ahmed Sharif [mailto:***@ericsson.com]
Sent: Friday, April 22, 2016 7:04 PM
To: Aaron <***@gvtc.com>; cisco-***@puck.nether.net
Subject: RE: [c-nsp] IOS XR OSPF redistribute to eBGP

Hi Aaron,

Let's focus on outbound only. Yes you are correct, I am not using RTs and I
want it to be achieved using route-policy just like you mentioned below.
For out bound you defined the route-policy "ipv4-allow-out" in which you
referenced "send-to-isp".
Can you show me the example configuration of "send-to-isp" ?

route-policy ipv4-allow-out
if destination in send-to-isp then
pass
else
drop
endif
end-policy

Regards,
Ahmed

-----Original Message-----
From: Aaron [mailto:***@gvtc.com]
Sent: den 23 april 2016 01:50
To: Ahmed Sharif; cisco-***@puck.nether.net
Subject: RE: [c-nsp] IOS XR OSPF redistribute to eBGP

Since you are talking about vrf routes into bgp I guess you don't need RT's
but I'm not entirely sure... I see you don't have RT's in your vrf.

I wonder if you need the network/23 in the vrf context under bgp... like...

router bgp 65201
vrf OM_InBand_TME_PE
Network x.x.x.x/23

...here's my vrf context under my bgp for network's I advertise to my isp...

router bgp 64512
vrf one
rd 10.101.101.101:1
address-family ipv4 unicast
aggregate-address 1.2.3.0/20 summary-only
aggregate-address 2.4.6.0/19 summary-only

neighbor 3.1.3.1
remote-as 6789
local-as 1369 no-prepend replace-as
address-family ipv4 unicast
route-policy ipv4-allow-in in
route-policy ipv4-allow-out out

...also, I'm not sure of the difference between "done" and "pass" in a
route-policy... but I use "pass"

RP/0/RSP0/CPU0:eng-lab-9k-1(config-rpl)#if destination in testit then ?
....
done Accept this route with no further processing
....
pass Pass this route for further processing
...

...here's my outbound...

route-policy ipv4-allow-out
if destination in send-to-isp then
pass
else
drop
endif
end-policy
!

RP/0/RSP0/CPU0:grdn-9k#sh run prefix-set send-to-isp Fri Apr 22 18:30:47.346
CDT prefix-set send-to-isp
1.2.3.0/19,
2.4.6.0/20,
end-set

I don't see your inbound route-policy.... so maybe that's a problem too for
getting the 0/0 route from your isp...

Here's my inbound to allow 0/0 from my isp...

route-policy ipv4-allow-in
pass
end-policy
!


- Aaron


_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Ahmed Sharif
2016-04-23 00:16:14 UTC
Permalink
Apologies. Thanks mate!
I actually tried below Current policy both with "done" and "pass" without success, perhaps I should do it exactly as you suggested with else statement as well.
I will try it on Monday(@customer site) and let my expert team know about it.

Current
******
prefix-set to-tele
x.x.x.x/23
end-set
!
route-policy to-telepeer
if destination in to-tele then
done
endif
end-policy

I would like to try
***************
prefix-set to-tele
x.x.x.x/23
end-set
!
route-policy to-telepeer
if destination in to-tele then
pass
else
drop
endif
end-policy

Thanks and Regards,
Ahmed

-----Original Message-----
From: Aaron [mailto:***@gvtc.com]
Sent: den 23 april 2016 02:07
To: Ahmed Sharif; cisco-***@puck.nether.net
Subject: RE: [c-nsp] IOS XR OSPF redistribute to eBGP

Sure... I did... here it is again...

RP/0/RSP0/CPU0:grdn-9k#sh run prefix-set send-to-isp

Fri Apr 22 18:30:47.346 CDT

prefix-set send-to-isp
1.2.3.0/19,
2.4.6.0/20,
end-set

- Aaron

-----Original Message-----
From: Ahmed Sharif [mailto:***@ericsson.com]
Sent: Friday, April 22, 2016 7:04 PM
To: Aaron <***@gvtc.com>; cisco-***@puck.nether.net
Subject: RE: [c-nsp] IOS XR OSPF redistribute to eBGP

Hi Aaron,

Let's focus on outbound only. Yes you are correct, I am not using RTs and I want it to be achieved using route-policy just like you mentioned below.
For out bound you defined the route-policy "ipv4-allow-out" in which you referenced "send-to-isp".
Can you show me the example configuration of "send-to-isp" ?

route-policy ipv4-allow-out
if destination in send-to-isp then
pass
else
drop
endif
end-policy

Regards,
Ahmed

-----Original Message-----
From: Aaron [mailto:***@gvtc.com]
Sent: den 23 april 2016 01:50
To: Ahmed Sharif; cisco-***@puck.nether.net
Subject: RE: [c-nsp] IOS XR OSPF redistribute to eBGP

Since you are talking about vrf routes into bgp I guess you don't need RT's but I'm not entirely sure... I see you don't have RT's in your vrf.

I wonder if you need the network/23 in the vrf context under bgp... like...

router bgp 65201
vrf OM_InBand_TME_PE
Network x.x.x.x/23

...here's my vrf context under my bgp for network's I advertise to my isp...

router bgp 64512
vrf one
rd 10.101.101.101:1
address-family ipv4 unicast
aggregate-address 1.2.3.0/20 summary-only
aggregate-address 2.4.6.0/19 summary-only

neighbor 3.1.3.1
remote-as 6789
local-as 1369 no-prepend replace-as
address-family ipv4 unicast
route-policy ipv4-allow-in in
route-policy ipv4-allow-out out

...also, I'm not sure of the difference between "done" and "pass" in a route-policy... but I use "pass"

RP/0/RSP0/CPU0:eng-lab-9k-1(config-rpl)#if destination in testit then ?
....
done Accept this route with no further processing
....
pass Pass this route for further processing
...

...here's my outbound...

route-policy ipv4-allow-out
if destination in send-to-isp then
pass
else
drop
endif
end-policy
!

RP/0/RSP0/CPU0:grdn-9k#sh run prefix-set send-to-isp Fri Apr 22 18:30:47.346 CDT prefix-set send-to-isp
1.2.3.0/19,
2.4.6.0/20,
end-set

I don't see your inbound route-policy.... so maybe that's a problem too for getting the 0/0 route from your isp...

Here's my inbound to allow 0/0 from my isp...

route-policy ipv4-allow-in
pass
end-policy
!


- Aaron


_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Ahmed Sharif
2016-04-23 00:05:10 UTC
Permalink
Hi Aaron,

Let's focus on outbound only. Yes you are correct, I am not using RTs and I want it to be achieved using route-policy just like you mentioned below.
For out bound you defined the route-policy "ipv4-allow-out" in which you referenced "send-to-isp".
Can you show me the example configuration of "send-to-isp" ? Kindly note that the prefix I want to advertise is an ospf route.

route-policy ipv4-allow-out
if destination in send-to-isp then
pass
else
drop
endif
end-policy

Regards,
Ahmed

-----Original Message-----
From: Aaron [mailto:***@gvtc.com]
Sent: den 23 april 2016 01:50
To: Ahmed Sharif; cisco-***@puck.nether.net
Subject: RE: [c-nsp] IOS XR OSPF redistribute to eBGP

Since you are talking about vrf routes into bgp I guess you don't need RT's but I'm not entirely sure... I see you don't have RT's in your vrf.

I wonder if you need the network/23 in the vrf context under bgp... like...

router bgp 65201
vrf OM_InBand_TME_PE
Network x.x.x.x/23

...here's my vrf context under my bgp for network's I advertise to my isp...

router bgp 64512
vrf one
rd 10.101.101.101:1
address-family ipv4 unicast
aggregate-address 1.2.3.0/20 summary-only
aggregate-address 2.4.6.0/19 summary-only

neighbor 3.1.3.1
remote-as 6789
local-as 1369 no-prepend replace-as
address-family ipv4 unicast
route-policy ipv4-allow-in in
route-policy ipv4-allow-out out

...also, I'm not sure of the difference between "done" and "pass" in a route-policy... but I use "pass"

RP/0/RSP0/CPU0:eng-lab-9k-1(config-rpl)#if destination in testit then ?
....
done Accept this route with no further processing
....
pass Pass this route for further processing
...

...here's my outbound...

route-policy ipv4-allow-out
if destination in send-to-isp then
pass
else
drop
endif
end-policy
!

RP/0/RSP0/CPU0:grdn-9k#sh run prefix-set send-to-isp Fri Apr 22 18:30:47.346 CDT prefix-set send-to-isp
1.2.3.0/19,
2.4.6.0/20,
end-set

I don't see your inbound route-policy.... so maybe that's a problem too for getting the 0/0 route from your isp...

Here's my inbound to allow 0/0 from my isp...

route-policy ipv4-allow-in
pass
end-policy
!


- Aaron

_______________________________________________
cisco-nsp mailing list cisco-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Loading...