I am currently diving deep into BGP and was hoping someone could help me find where I am going wrong with this please.
My current setup is 3 FRR routers in full mesh all on the same switch. They neighbor together just fine and are sharing routes. In order for updates to be sent between the routers I need to have setup some filters because of RFC-8212 ( ebgp-requires-policy ). I spent a couple of days reading through FRR's documentation and researching filtering/route maps and was able to get all the routers to share their routes with happy pings all around. This was achieved by setting the default-map defined below as both the outgoing and incoming route map for each neighbor.
ip prefix-list no-default-route seq 10 deny 0.0.0.0/0 ip prefix-list ClassA seq 10 permit 10.0.0.0/8 le 32 ip prefix-list ClassB seq 10 permit 172.16.0.0/12 le 32 ip prefix-list ClassC seq 10 permit 192.168.0.0/16 le 32 ! route-map default-map permit 10 match ip address prefix-list no-default-route ! route-map default-map permit 20 match ip address prefix-list ClassA ! route-map default-map permit 30 match ip address prefix-list ClassB ! route-map default-map permit 40 match ip address prefix-list ClassC If I am understanding the documentation correctly, this route map would deny the advertisements of a default route and only accept routes to networks in the private IP space. When I had one of my routers advertise a 0.0.0.0/0 network, none of the other routers added it to their learned routes so I believed that I was on the right track.
However, I do not think I setup the filtering correctly. When I tried to dive a little deeper into route maps to help further confirm that what I was doing was correct though, things stopped working as expected. I had Router 3 advertise out 10.50.50.0/24 and then used the following route map on Router 3 to try and change the weight and next-hop address when being advertised to Router 1 ( neighbor 10.20.20.1 route-map change-dummy-network out ).
access-list dummy-network seq 10 permit 10.50.50.0/24 ! route-map change-dummy-network permit 10 match ip address dummy-network set ip next-hop 10.20.20.4 set weight 30000 route-map change-dummy-network permit 20 call default-map I assumed that this change-dummy-network route map would first check if the network being advertised was 10.50.50.0/24 and if so change the next-hop to 10.20.20.4 (dummy address) and give it a weight of 30000. If the network was not 10.50.50.0/24 it would then send the network through the default-map and deny or permit accordingly. This is not what happened though as Router 1 never got the 10.50.50.0/24 network from Router 3.
(Note: This snippet is from after I had turned off FRR on Router 2 which was done to help reduce variables for troubleshooting)
Router 3:
R3(config-router-af)# do show bgp detail BGP table version is 86, local router ID is 10.20.20.3, vrf id 0 Default local pref 100, local AS 65003 Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.0.1.0/24 10.20.20.1 0 0 65001 i *> 10.0.3.0/24 0.0.0.0 0 32768 i 10.50.50.0/24 0.0.0.0 0 32768 i *> 172.16.1.0/24 10.20.20.1 0 0 65001 i *> 192.168.1.0/24 10.20.20.1 0 0 65001 i R3(config-router-af)# do show ip bgp update-groups advertised-routes update group 19, subgroup 17 BGP table version is 86, local router ID is 10.20.20.3 Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.0.1.0/24 0.0.0.0 0 65001 i *> 10.0.3.0/24 0.0.0.0 0 32768 i *> 172.16.1.0/24 0.0.0.0 0 65001 i *> 192.168.1.0/24 0.0.0.0 0 65001 i Total number of prefixes 4 R3(config-router-af)# do show route-map change-dummy-network ! took out zebra part BGP: route-map: change-dummy-network Invoked: 4 Optimization: enabled Processed Change: false permit, sequence 10 Invoked 0 Match clauses: ip address dummy-network Set clauses: ip next-hop 10.20.20.4 weight 30000 Call clause: Action: Exit routemap permit, sequence 20 Invoked 0 Match clauses: Set clauses: Call clause: Call default-map Action: Exit routemap Router 1:
R1(config-router-af)# do show bgp detail BGP table version is 67, local router ID is 10.20.20.1, vrf id 0 Default local pref 100, local AS 65001 Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 0.0.0.0/0 0.0.0.0 0 32768 i *> 10.0.1.0/24 0.0.0.0 0 32768 i *> 10.0.3.0/24 10.20.20.3 0 0 65003 i *> 172.16.1.0/24 0.0.0.0 0 32768 i *> 192.168.1.0/24 0.0.0.0 0 32768 i Displayed 5 routes and 5 total paths R1(config-router-af)# do show ip bgp update-groups advertised-routes update group 20, subgroup 18 BGP table version is 67, local router ID is 10.20.20.1 Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.0.1.0/24 0.0.0.0 0 32768 i *> 10.0.3.0/24 0.0.0.0 0 65003 i *> 172.16.1.0/24 0.0.0.0 0 32768 i *> 192.168.1.0/24 0.0.0.0 0 32768 i Total number of prefixes 4 I did the usual troubleshooting of do clear ip bgp *, restarting the FRR service, rebooting the router, etc. If anyone would happen to know what I am doing wrong with my route maps, prefix list, and or access lists I would greatly appreciate it.
Thanks!
No comments:
Post a Comment