On Mon, Apr 08, 2019 at 05:08:32PM -0400, Henry Bonath wrote:
> Hello, I am seeing some BGP VPNv4 routes staying populated in
> the RIB of route-reflector clients even after dropping the originating
> neighbor.
>
> I'm on OpenBSD 6.4, running MPLS L3VPN.
>
> I have 2 IBGP route-reflectors, both OpenBSD 6.4.
> I run OSPF to distribute Loopbacks into an Area (100)
> We run Cisco devices for our Provider Edge installed on site at
> Customer Premise.
> All MPLS PE devices neighbor with both route reflectors.
>
> My bgpd.conf from the route reflectors:
> ===================================================
> ASN="64670"
>
> # global configuration
> AS $ASN
> router-id 172.16.16.212
> nexthop qualify via default
>
> group "IBGP" {
> remote-as $ASN
> announce IPv4 vpn
> route-reflector 172.16.16.212
> local-address 172.16.16.212
> neighbor 100.92.64.0/18 {
> }
>
> }
>
> # IBGP: allow all updates to and from our IBGP neighbors
> allow from any
> allow to any
> ===================================================
>
> bgpd.conf from an OpenBSD PE:
> ===================================================
> ASN="64670"
>
> # global configuration
> AS $ASN
> router-id 100.92.127.121
>
> rdomain 2 {
> rd 64670:37
> import-target rt 64670:37
> export-target rt 64670:37
> # advertise summary of tenant Subnet:
> network 172.29.21.0/24
>
> # Redistribute from OSPF (Priority 32)
> network inet priority 32
> depend on mpe1
> }
>
> group "IBGP" {
> remote-as $ASN
> announce IPv4 vpn
> set rtlabel FROM_BGP
> local-address 100.92.127.121
> neighbor 172.16.16.211 {
> descr "bgp-rr-01"
> }
> neighbor 172.16.16.212 {
> descr "bgp-rr-02"
> }
>
> }
>
> # IBGP: allow all updates to and from our IBGP neighbors
> allow from ibgp
> allow to ibgp
>
> ===================================================
>
> The problem comes if I shutdown one of my Premise equipment PE
> devices, or an OpenBSD PE,
> on the other OpenBSD PEs that remain up, they still show the routes
> that were advertised by the
> now shutdown device.
>
> If I log into a route reflector and run a "bgpctl show rib" those
> routes are no longer there as i expected,
> though they persist at the OpenBSD reflector clients.
>
> Example output after shutting down the 100.92.127.21 Cisco PE observed
> from the OpenBSD PE
> that is listening to 64670:37 rt/rd:
>
> flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
> S = Stale, E = Error
> origin validation state: N = not-found, V = valid, ! = invalid
> origin: i = IGP, e = EGP, ? = Incomplete
>
> flags ovs destination gateway lpref med aspath origin
> I*> N rd 64670:37 192.168.11.0/24 100.92.127.21 100 2 ?
> I* N rd 64670:37 192.168.11.0/24 100.92.127.21 100 2 ?
> I*> N rd 64670:37 192.168.15.0/24 100.92.127.21 100 2 ?
> I* N rd 64670:37 192.168.15.0/24 100.92.127.21 100 2 ?
> I*> N rd 64670:37 192.168.20.0/24 100.92.127.21 100 3 ?
> I* N rd 64670:37 192.168.20.0/24 100.92.127.21 100 3 ?
> I*> N rd 64670:37 192.168.100.0/24 100.92.127.21 100 2 ?
> I* N rd 64670:37 192.168.100.0/24 100.92.127.21 100 2 ?
> I*> N rd 64670:37 192.168.110.0/24 100.92.127.21 100 3 ?
> I* N rd 64670:37 192.168.110.0/24 100.92.127.21 100 3 ?
> I*> N rd 64670:37 192.168.150.0/24 100.92.127.21 100 2 ?
> I* N rd 64670:37 192.168.150.0/24 100.92.127.21 100 2 ?
> I*> N rd 64670:37 192.168.200.0/24 100.92.127.21 100 2 ?
> I* N rd 64670:37 192.168.200.0/24 100.92.127.21 100 2 ?
>
> Shouldn't those routes disappear once the 100.92.127.21 router is shutdown?
>
> Thanks for any help you all have to offer!
Are you able to test this with -current? There were some fixes and changes
done for MPLS VPN support. I have the feeling that this may be already
fixed. Also I would desiable gracefull restart on the RR with 'announce
restart no' for the template.
--
:wq Claudio
