TL;DR: iBGP only cares about and installs the best eBGP route within an AS into the BGP table when configured in AF vpnv4, but not in af ipv4 vrf RED. Working as intended or have I borked something?
Hiya, friends! Happy monday to you all.
Simplified diagram: https://i.imgur.com/FA0KxAi.png
There are 2 links (DMVPN tunnels) between the spoke and each hub. I don't run MPLS between the hubs.
I have a couple more vrfs out to other spokes than the one specified here, they behave exactly the same. If I specify the iBGP neighbor session between my hubs within "address-family vpnv4" then BGP behaves differently than if I have the iBGP neighbor statements in each ipv4 unicast address family (vrf lite style).
With the neighbor statements in AF vpnv4, the only route that gets spread is the best way out (Local pref 2000) in HubB, HubA's BGP table is completely unchanged:
HubA#sh run | sec ip vrf RED ip vrf RED rd 1:3 route-target export 65001:3 route-target import 65001:3 HubA#sh run | sec vpnv4 address-family vpnv4 neighbor HubB activate neighbor HubB send-community both neighbor HubB next-hop-self HubA#sh ip bgp vpnv4 vrf RED BGP table version is 5, local router ID is 10.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 1:3 (default for vrf RED) *> 10.10.10.0/24 10.20.10.4 0 2000 0 65002 i * 10.20.12.4 0 200 0 65002 i HubB#sh run | sec ip vrf RED ip vrf RED rd 2:3 route-target export 65001:3 route-target import 65001:3 HubB#sh run | sec vpnv4 address-family vpnv4 neighbor HubA activate neighbor HubA send-community both neighbor HubA next-hop-self HubB#sh ip bgp vpnv4 vrf RED BGP table version is 5, local router ID is 10.1.1.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 2:3 (default for vrf RED) 0.0.0.0 0.0.0.0 0 i * 10.10.10.0/24 10.20.10.4 0 1000 0 65002 i *>i 10.1.1.1 0 2000 0 65002 i * 10.20.12.4 0 100 0 65002 i
If I, on the other hand, specify the iBGP neighborship per vrf (within address-family ipv4 vrf RED), all 4 ways to the LAN behind the spoke is visible in both Hub routers.
Is this working as intended? Does it even matter if I see all the possible ways out or not? I tried killing the primary tunnel to the spoke (the one that gets marked with LP 2000), resulting in the LP 1000 tunnel being the primary way out from HubA too.
No comments:
Post a Comment