Re: [c-nsp] BGP with MPLS

[Maile Halatuituia]

?Mattias

Thanks for your reply now i have more clear of what it is i am trying to do on 
my lab. What i need is to be able to setup the network now that in the future 
it would support L3 MPLS VPN, and L2 VPN.

Moreover i have this two L3 switch which i confirm do not support MPLS commands 
, with several L2 ones which i want to setup that it is Redundan as well. If 
one PE goes down every thing will still be working 

I hope i am not add confusion to my question.

Cheers.

Maile.


From: Mattias Gyllenvarg 
Sent: Wednesday, October 5, 2016 3:04 AM
To: Maile Halatuituia
Subject: Re: [c-nsp] BGP with MPLS

You do not need MPLS to carry the traffic.

But you will offcourse loose all the features MPLS adds to regular data-link 
capabilites.

tis 4 okt. 2016 kl 05:00 skrev Maile Halatuituia 
>:
Hi

Can i do BGP without MPLS between my two PE routers.

My question is to my understabd that BGP carry the means of reachability 
between the two PE but it is the mpls actually carry the traffic. Can someone 
correct me if i am wrong or suggest any best approach to this.

The reason is that my PE router does not support MPLS .

Hope to hear you soon.


Confidentiality Notice: This email (including any attachment) is intended for 
internal use only. Any unauthorized use, dissemination or copying of the 
content is prohibited. If you are not the intended recipient and have received 
this e-mail in error, please notify the sender by email and delete this email 
and any attachment.
___
cisco-nsp mailing list  
cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Confidentiality Notice: This email (including any attachment) is intended for 
internal use only. Any unauthorized use, dissemination or copying of the 
content is prohibited. If you are not the intended recipient and have received 
this e-mail in error, please notify the sender by email and delete this email 
and any attachment.
Confidentiality Notice: This email (including any attachment) is intended for 
internal use only. Any unauthorized use, dissemination or copying of the 
content is prohibited. If you are not the intended recipient and have received 
this e-mail in error, please notify the sender by email and delete this email 
and any attachment.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] BGP with MPLS

[Nick Cutting]

What you are talking about can only be done on ONE device, at least for L3VPN.  
This is using multiprotocol BGP without VPNV4 bgp - which is fun in a lab, but 
quite useless in the real world.

Jeremy Stretch did a good write-up on this

http://packetlife.net/blog/2010/mar/29/inter-vrf-routing-vrf-lite/

You may need to use vrf lite + physical cables, or a dirty combination of the 
above, but I wouldn't recommend it.

-Original Message-
From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of James 
Bensley
Sent: Tuesday, October 4, 2016 11:36 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] BGP with MPLS

On 4 October 2016 at 04:00, Maile Halatuituia  wrote:
> Hi
>
> Can i do BGP without MPLS between my two PE routers.
>
> My question is to my understabd that BGP carry the means of reachability 
> between the two PE but it is the mpls actually carry the traffic. Can someone 
> correct me if i am wrong or suggest any best approach to this.
>
> The reason is that my PE router does not support MPLS .
>
> Hope to hear you soon.

I'm not sure I fully understand you.

You can run multiprotocol BGP between two PEs to exchange routes between them 
however if the PEs don't support MPLS and you are trying to create L2 and/or L3 
VPNs you will be hard pushed to get any traffic flowing :)

Normally MP-BGP would assign an MPLS label value and advertise the prefix and 
label to the neighbouring PE. If your PEs don't support MPLS I guess a label 
might not even be allocated by BGP so they might not even advertise the prefix.


Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] BGP with MPLS

[James Bensley]

On 4 October 2016 at 04:00, Maile Halatuituia  wrote:
> Hi
>
> Can i do BGP without MPLS between my two PE routers.
>
> My question is to my understabd that BGP carry the means of reachability 
> between the two PE but it is the mpls actually carry the traffic. Can someone 
> correct me if i am wrong or suggest any best approach to this.
>
> The reason is that my PE router does not support MPLS .
>
> Hope to hear you soon.

I'm not sure I fully understand you.

You can run multiprotocol BGP between two PEs to exchange routes
between them however if the PEs don't support MPLS and you are trying
to create L2 and/or L3 VPNs you will be hard pushed to get any traffic
flowing :)

Normally MP-BGP would assign an MPLS label value and advertise the
prefix and label to the neighbouring PE. If your PEs don't support
MPLS I guess a label might not even be allocated by BGP so they might
not even advertise the prefix.


Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IOS-XR BGP Aggregate-addresses and VRF Export route-policy behaviour

[Adam Vitkovsky]

> James Bensley
> Sent: Tuesday, October 04, 2016 2:11 PM
>
> On 1 October 2016 at 13:51, Mailing Lists  wrote:
> > Need a second opinion on what should be happening with VRF export
> > route-policies on IOS-XR when using BGP aggregate-address prefixes...
> >
> > Example scenario:
> >
> > 3 VRF's A,B and C
> >
> > A and B export specific prefixes to C using an export route-policy
> >
> > A contains an aggregate-address in BGP
> >
> > BGP aggregate gets tagged and exported to C even though the route-map
> > specifies the specific longer prefix. This sort of behavior is
> > repeatable on ASR9K running 5.2.4 and 5.3.3 SP3 as well as XRv running
> > 5.3.3 which my example below is taken from
> >
> > Full Configuration from the XRv test example:
> >
> > http://pastebin.com/z0q3TTQB
> >
> > Routing table and BGP table from vrf-c and
> >
> > http://pastebin.com/nAc2vHza
> >
> > You can see the aggregate tagged with the RT that should only apply to
> > the specific prefixes.
> >
> > Have I properly misunderstood something and this is intentional
> > behavior, or is this very wrong?
> >
> > Thanks
>
>
> Can you try to swap this...
>
> if destination in (10.1.1.1/32, 10.2.2.2/32) then
>
> For a prefix list, I wonder if there is a problem with the matching clasue?
>
>
Other thing that comes to mind is removing the "as-set" from the aggregate 
route.
Just in case it is generated after the export-policy is applied and just 
happens to inherit attributes of contributing routes.
Just shooting in the dark.

adam










Adam Vitkovsky
IP Engineer

T:  0333 006 5936
E:  adam.vitkov...@gamma.co.uk
W:  www.gamma.co.uk

This is an email from Gamma Telecom Ltd, trading as “Gamma”. The contents of 
this email are confidential to the ordinary user of the email address to which 
it was addressed. This email is not intended to create any legal relationship. 
No one else may place any reliance upon it, or copy or forward all or any of it 
in any form (unless otherwise notified). If you receive this email in error, 
please accept our apologies, we would be obliged if you would telephone our 
postmaster on +44 (0) 808 178 9652 or email postmas...@gamma.co.uk

Gamma Telecom Limited, a company incorporated in England and Wales, with 
limited liability, with registered number 04340834, and whose registered office 
is at 5 Fleet Place London EC4M 7RD and whose principal place of business is at 
Kings House, Kings Road West, Newbury, Berkshire, RG14 5BY.
---
 This email has been scanned for email related threats and delivered safely by 
Mimecast.
 For more information please visit http://www.mimecast.com
---
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR1K forwarding failures on 10G SPA's

[Stephen Fulton]

Gentlemen,

Interesting, I checked this morning and the input drops were very high, 
despite being cleared 12 hours ago on a router no longer in production. 
If anyone has an TAC case they can reference (privately or otherwise) 
I'd appreciate it, as I have a TAC case open now.  I'll wait on updating 
IOS-XE from 3.16.3.S until TAC is ready.


Thanks,

-- Stephen

On 2016-10-04 1:57 AM, Sascha Pollok wrote:

Exactly. OP might try to raise hold-queue xx in on those interfaces. If
it solves the problem temporarily (!) he found it.

If so, show buffers input-interfacw should give a hint.
The NTP bug came up pretty recently (2 months or so?) so it could
actually be the cause.

-Sascha

Am 4. Oktober 2016 07:45:36 schrieb Mark Tees :


That sounds like what I experienced in ASR920 land recently with bad
packets filling up interface input queues causing a wedge.

When it happens check the interface input queues and save the output.

The resolution for us so far has been tight CoPP with discards, iACLs,
and the like to only allow things towards the boxes that are as
trusted as possible.

On Tuesday, 4 October 2016, Sascha Pollok > wrote:

Just to make sure: latest IOS XE version? Its not the NTP
processing bug filling up interface queues? How does the input
queue look on the affected interfaces?

Cheers
Sascha


Am 4. Oktober 2016 05:33:39 schrieb Stephen Fulton
:

ISIS adjacencies drop as well as BGP sessions on neighboring
devices drop.

Issue just reoccurred.

-- Stephen

On 2016-10-03 10:59 PM, Scott Granados wrote:

Anything logged while this happens?

On Oct 3, 2016, at 10:52 PM, Stephen Fulton
 wrote:

Hi all,

I have run into a number of forwarding failure events
on ASR1K's with 10G SPA's.  These have occurred across
a range of IOS-XE versions, using various ROMMON
versions and across two different ASR1K platforms
(1002's and 1004's).  Multiple SPA's have been
replaced, IOS-XE versions and ROMMON versions upgraded
and in the case of the ASR1004's, SIP's replaced (both
SIP10 and SIP40's).  TAC cases have been opened
several times.

What occurs is forwarding across an interface fails
completely.  The easiest way to find it is the lack of
ARP entries on the interface/sub-interface, due to
time-outs, but traffic is still attempting to traverse
the interface.  When I ping the IP address associated
with the failed interface, it fails.  ARP resolution
of any neighbors fails, and neighboring devices on the
same broadcast domain cannot reach it - though will
see its MAC in the ARP table.

In all cases, ISIS and MPLS was configured on the
interfaces.  BFD has been on some, not on others.

I recently found learned of another organization that
saw the same behavior on an ASR1006 with 10G SPA's.
SPA's and SIP's were replaced and the last advice they
received from TAC was that if it occurred again the
chassis would need to replaced.  It did but they chose
not to replace the chassis and simply stopped using
10G entirely.

Has anyone else seen this?

-- Stephen

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp

archive at http://puck.nether.net/pipermail/cisco-nsp/



___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp

archive at http://puck.nether.net/pipermail/cisco-nsp/




___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp

archive at http://puck.nether.net/pipermail/cisco-nsp/




--
Regards,

Mark L. Tees


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at 

Re: [c-nsp] IOS-XR BGP Aggregate-addresses and VRF Export route-policy behaviour

[James Bensley]

On 1 October 2016 at 13:51, Mailing Lists  wrote:
> Need a second opinion on what should be happening with VRF export
> route-policies on IOS-XR when using BGP aggregate-address prefixes...
>
> Example scenario:
>
> 3 VRF's A,B and C
>
> A and B export specific prefixes to C using an export route-policy
>
> A contains an aggregate-address in BGP
>
> BGP aggregate gets tagged and exported to C even though the route-map
> specifies the specific longer prefix. This sort of behavior is repeatable
> on ASR9K running 5.2.4 and 5.3.3 SP3 as well as XRv running 5.3.3 which my
> example below is taken from
>
> Full Configuration from the XRv test example:
>
> http://pastebin.com/z0q3TTQB
>
> Routing table and BGP table from vrf-c and
>
> http://pastebin.com/nAc2vHza
>
> You can see the aggregate tagged with the RT that should only apply to the
> specific prefixes.
>
> Have I properly misunderstood something and this is intentional behavior,
> or is this very wrong?
>
> Thanks


Can you try to swap this...

if destination in (10.1.1.1/32, 10.2.2.2/32) then

For a prefix list, I wonder if there is a problem with the matching clasue?


Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] IOS-XR BGP Aggregate-addresses and VRF Export route-policy behaviour

[Adam Vitkovsky]

> Mailing Lists
> Sent: Saturday, October 01, 2016 1:51 PM
>
> Need a second opinion on what should be happening with VRF export route-
> policies on IOS-XR when using BGP aggregate-address prefixes...
>
> Example scenario:
>
> 3 VRF's A,B and C
>
> A and B export specific prefixes to C using an export route-policy
>
> A contains an aggregate-address in BGP
>
> BGP aggregate gets tagged and exported to C even though the route-map
> specifies the specific longer prefix. This sort of behavior is repeatable on
> ASR9K running 5.2.4 and 5.3.3 SP3 as well as XRv running 5.3.3 which my
> example below is taken from
>
> Full Configuration from the XRv test example:
>
> http://pastebin.com/z0q3TTQB
>
> Routing table and BGP table from vrf-c and
>
> http://pastebin.com/nAc2vHza
>
> You can see the aggregate tagged with the RT that should only apply to the
> specific prefixes.
>
> Have I properly misunderstood something and this is intentional behavior, or
> is this very wrong?
>
Looks like a funky bug.
Does changing the match criteria in the export route-policy have any effect?

adam







Adam Vitkovsky
IP Engineer

T:  0333 006 5936
E:  adam.vitkov...@gamma.co.uk
W:  www.gamma.co.uk

This is an email from Gamma Telecom Ltd, trading as “Gamma”. The contents of 
this email are confidential to the ordinary user of the email address to which 
it was addressed. This email is not intended to create any legal relationship. 
No one else may place any reliance upon it, or copy or forward all or any of it 
in any form (unless otherwise notified). If you receive this email in error, 
please accept our apologies, we would be obliged if you would telephone our 
postmaster on +44 (0) 808 178 9652 or email postmas...@gamma.co.uk

Gamma Telecom Limited, a company incorporated in England and Wales, with 
limited liability, with registered number 04340834, and whose registered office 
is at 5 Fleet Place London EC4M 7RD and whose principal place of business is at 
Kings House, Kings Road West, Newbury, Berkshire, RG14 5BY.
---
 This email has been scanned for email related threats and delivered safely by 
Mimecast.
 For more information please visit http://www.mimecast.com
---
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/