Hi Henry, How long are you leaving the sessions down for on the PE router ? are you leaving the sessions down past the hold time value on the neigbour of the router that you are shutting down. are you doing a graceful shutdown? or are you simply rebooting the neigbour if im not mistaken I dont think the neighbour would withdraw the routes until the hold time has expired ... im subject to correction on this one... but it is the behaviour I have empirically observed on the bgp routers that i manage I hope this helps Tom Smyth
On Mon, 8 Apr 2019 at 22:11, Henry Bonath <[email protected]> wrote: > > Hello, I am seeing some BGP VPNv4 routes staying populated in > the RIB of route-reflector clients even after dropping the originating > neighbor. > > I'm on OpenBSD 6.4, running MPLS L3VPN. > > I have 2 IBGP route-reflectors, both OpenBSD 6.4. > I run OSPF to distribute Loopbacks into an Area (100) > We run Cisco devices for our Provider Edge installed on site at > Customer Premise. > All MPLS PE devices neighbor with both route reflectors. > > My bgpd.conf from the route reflectors: > =================================================== > ASN="64670" > > # global configuration > AS $ASN > router-id 172.16.16.212 > nexthop qualify via default > > group "IBGP" { > remote-as $ASN > announce IPv4 vpn > route-reflector 172.16.16.212 > local-address 172.16.16.212 > neighbor 100.92.64.0/18 { > } > > } > > # IBGP: allow all updates to and from our IBGP neighbors > allow from any > allow to any > =================================================== > > bgpd.conf from an OpenBSD PE: > =================================================== > ASN="64670" > > # global configuration > AS $ASN > router-id 100.92.127.121 > > rdomain 2 { > rd 64670:37 > import-target rt 64670:37 > export-target rt 64670:37 > # advertise summary of tenant Subnet: > network 172.29.21.0/24 > > # Redistribute from OSPF (Priority 32) > network inet priority 32 > depend on mpe1 > } > > group "IBGP" { > remote-as $ASN > announce IPv4 vpn > set rtlabel FROM_BGP > local-address 100.92.127.121 > neighbor 172.16.16.211 { > descr "bgp-rr-01" > } > neighbor 172.16.16.212 { > descr "bgp-rr-02" > } > > } > > # IBGP: allow all updates to and from our IBGP neighbors > allow from ibgp > allow to ibgp > > =================================================== > > The problem comes if I shutdown one of my Premise equipment PE > devices, or an OpenBSD PE, > on the other OpenBSD PEs that remain up, they still show the routes > that were advertised by the > now shutdown device. > > If I log into a route reflector and run a "bgpctl show rib" those > routes are no longer there as i expected, > though they persist at the OpenBSD reflector clients. > > Example output after shutting down the 100.92.127.21 Cisco PE observed > from the OpenBSD PE > that is listening to 64670:37 rt/rd: > > flags: * = Valid, > = Selected, I = via IBGP, A = Announced, > S = Stale, E = Error > origin validation state: N = not-found, V = valid, ! = invalid > origin: i = IGP, e = EGP, ? = Incomplete > > flags ovs destination gateway lpref med aspath origin > I*> N rd 64670:37 192.168.11.0/24 100.92.127.21 100 2 ? > I* N rd 64670:37 192.168.11.0/24 100.92.127.21 100 2 ? > I*> N rd 64670:37 192.168.15.0/24 100.92.127.21 100 2 ? > I* N rd 64670:37 192.168.15.0/24 100.92.127.21 100 2 ? > I*> N rd 64670:37 192.168.20.0/24 100.92.127.21 100 3 ? > I* N rd 64670:37 192.168.20.0/24 100.92.127.21 100 3 ? > I*> N rd 64670:37 192.168.100.0/24 100.92.127.21 100 2 ? > I* N rd 64670:37 192.168.100.0/24 100.92.127.21 100 2 ? > I*> N rd 64670:37 192.168.110.0/24 100.92.127.21 100 3 ? > I* N rd 64670:37 192.168.110.0/24 100.92.127.21 100 3 ? > I*> N rd 64670:37 192.168.150.0/24 100.92.127.21 100 2 ? > I* N rd 64670:37 192.168.150.0/24 100.92.127.21 100 2 ? > I*> N rd 64670:37 192.168.200.0/24 100.92.127.21 100 2 ? > I* N rd 64670:37 192.168.200.0/24 100.92.127.21 100 2 ? > > Shouldn't those routes disappear once the 100.92.127.21 router is shutdown? > > Thanks for any help you all have to offer! > -Henry > -- Kindest regards, Tom Smyth The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
