IOS XR BGP Best Practice: eBGP Transit AS Route Advertisment

Available Languages

Download Options

  • PDF     (5.1 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (74.8 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (69.1 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:April 19, 2016
Document ID:200427

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes how all routes are sent in Internetwork Operating System (IOS) while it is up to the peer to filter the routes on ingress by way of Autonomous System (AS) PATH lookup. However, in Cisco IOS XR this is not always the case as some of the routes are advertised, just like in IOS, while in other cases the IOS XR router will filter these routes.

This rule applies when a Cisco IOS XR router acts as a transit router for two external Border Gateway Protocol (eBGP) peers in the same AS.

Rule

  1. All neighbors without as-override configured will be placed in a common update-group assuming other parameters match.

  2. (a) When an update-group contains only one neighbor, perform send-side loop detection. With this, all routes in which the first AS number of the AS PATH matches the neighbor's AS will not be advertised to the neighbor. If the neighbor's AS is contained in any other position of the AS PATH, such routes are advertised normally.

    (b) If CLI knob as-path-loopcheck out disable is configured under the Virtual Routing and Forwarding (VRF) address-family or Virtual Private Network (VPN) address-family configuration sub-modes, then the behavior in 2(a) is overridden.

  3. If the update-group contains more than one neighbor, the behavior in rule 2 does not apply. Routes are advertised normally.

Note: Configuring as-path-loopcheck out disable is not recommended as it could cause loops in the network. This Border Gateway Protocol (BGP) knob is only noted because it is a possible configuration.

Mitigation

Since update-groups are configured dynamically by the software there might be cases where one Cisco IOS XR router in the network behaves according to rule 2(a) and another router behaves by rule 3. This could cause issues for network designers, so instead it is recommended to plan for either condition.

The AS-override or as-path-loopcheck out disable CLI knobs should be configured if we need to distribute routes through a transit AS back to the same AS. Otherwise, we can let default filtering take place on the peer to ignore the routes.

Relying just on allow-as-in' is not a reliable method as in some design scenarios all routes will be advertised and in others the AS PATH check will cause filtering of some routes by the transit Cisco IOS XR router.

See Border Gateway Protocol Commands on how to configure these knobs.

Example

An example of the third behavior from the rule is stated, this can be verified by the update-group CLI having both neighbors listed in the update group and seeing routes with AS 65535 in the AS PATH.

Configuration

router bgp 65001
vrf test
 rd 65001:65535
 address-family ipv4 unicast
 redistribute connected
 redistribute static
 !
 neighbor 10.10.10.1
 remote-as 65535
 address-family ipv4 unicast
 send-community-ebgp
 route-policy ebgp-in in
 maximum-prefix 12000 75
 route-policy pass-all out
 send-extended-community-ebgp
 !
 !
 neighbor 10.20.20.1
 remote-as 65535
 address-family ipv4 unicast
 send-community-ebgp
 route-policy ebgp-in in
 maximum-prefix 12000 75
 route-policy pass-all out
 send-extended-community-ebgp

Advertised Routes

RP/0/7/CPU0:router#show bgp vrf test neighbors 10.20.20.1 advertised-routes
Tue Sep 22 03:44:28.910 UTC
Network Next Hop From AS Path
Route Distinguisher: 65001:65535 (default for vrf test)
10.0.35.128/26 10.158.236.113 172.23.246.43 65535i
10.0.35.192/28 10.158.236.113 172.23.246.43 65535i
10.0.37.0/24 10.158.236.113 172.23.246.43 65535i
10.0.51.128/26 10.158.236.113 172.23.246.43 65535i
10.0.51.192/28 10.158.236.113 172.23.246.43 65535i
10.0.53.0/24 10.158.236.113 172.23.246.43 65535i
10.0.60.32/28 10.158.236.113 172.23.246.43 65535i
10.0.60.64/28 10.158.236.113 172.23.246.43 65535i
10.0.60.96/28 10.158.236.113 172.23.246.43 65535i
10.0.64.96/27 10.158.236.113 172.23.246.7 65535 65468 65325?

Update Group

RP/0/7/CPU0:router#show bgp vrf test update-group neighbor 10.10.10.1
Update group for IPv4 Unicast, index 0.2:
  Attributes:
    Outbound policy: pass-all
    First neighbor AS: 65535
    Send communities
    Send extended communities
    4-byte AS capable
    Non-labeled address-family capable
    Minimum advertisement interval: 0 secs
  Update group desynchronized: 0
  Sub-groups merged: 1
  Number of refresh subgroups: 0
  Messages formatted: 16690, replicated: 32231
  All neighbors are assigned to sub-group(s)
    Neighbors in sub-group: 0.2, Filter-Groups num:1
     Neighbors in filter-group: 0.2(RT num: 0)
      10.10.10.1             10.20.20.1
TAC Authored

Contributed by Cisco Engineers

  • Sam Milstead
    Cisco TAC Engineer

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products