Re: BGP MDT

Brian,

Sorry for late reply. Thanks for your help.

Roger,

You were right it is a bug.

On Thu, Jun 28, 2012 at 2:03 AM, Brian McGahan <bmcgahan_at_ine.com> wrote:

> Here are my logs I was referring to:
>
> http://pastebin.com/jQuzJJnR
>
>
> HTH,
>
> Brian McGahan, CCIE #8593 (R&S/SP/Security)
> bmcgahan_at_INE.com
>
> Internetwork Expert, Inc.
> http://www.INE.com
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Brian McGahan
> Sent: Wednesday, June 27, 2012 2:26 PM
> To: Nicky
> Cc: ccielab_at_groupstudy.com
> Subject: RE: BGP MDT
>
> Hi Nicky,
>
> You're right. I just verified this in 12.2(33)SRE3. At first if the MDT
> neighbor is not manually activated, the capabilities exchange does not
> contain AFI/SAFI IPv4 MDT. However after a reload AFI/SAFI IPv4 MDT is
> advertised to all VPNv4 peers that weren't previously activated, which
> results in them constantly sending NOTIFICATION about the disjoint
> capability. It shouldn't behave this way though.
>
> Most likely you could categorize this as a low severity bug, because
> although it's a step above a cosmetic bug it still shouldn't negatively
> affect anything in the control plane or data plane. You'll just constantly
> get the log messages that the neighbors failed the capabilities exchange
> for that AFI/SAFI.
>
> I would venture to guess that this problem is probably related to bug
> CSCsx21230, which states:
>
> CSCsx21230 - mVPN - PIM MDT information broken after reload Description
> Symptom:
>
> - PIM neighbors over default MDT on multicast VPN configuration may not
> come up on MPLS PE after a reload
>
> - On the output of "show ip pim mdt" there will be no indication of the
> MDT default group address
>
> Conditions:
>
> - Issue may be seen on MPLS PE configured for mVPN after doing IOS upgrade
> from image using extended communities and Type 2 RD for BGP advertisement,
> to an image supporting BGP address family MDT SAFI.
>
> - Router needs to be running IOS 12.4(20)T or later where the BGP address
> family MDT SAFI was introduced.
>
> Workaround:
>
> - After the reload, need to manually configure the new BGP address family
> ipv4 mdt and activate it for the VPNv4 neighbors.
>
>
> The latest version affected by this in the S train is listed as
> 12.2(33)SRB1, our versions 12.2(33)SRE2 and 3 should theoretically have the
> fix installed. Probably what they did as the fix is just to automatically
> activate all VPNv4 neighbors as MDT neighbors, even though the result of
> this doesn't show up in the running configs.
>
> You can see in my log output the "show bgp ipv4 mdt all summary" shows
> 5.5.5.5 as a NoNeg neighbor, but there is no "neighbor 5.5.5.5 activate"
> under address-family ipv4 mdt. Furthermore when you say "no neighbor
> 5.5.5.5 activate" under address-family ipv4 mdt there is no change in the
> running config, however there is a state change in the network as the
> neighbor stops advertising AFI/SAFI IPv4 MDT in the capabilities exchange,
> which stops the NOTIFICATION message.
>
> Interesting problem :) You can submit a bug report about it if you want
> and they'll add it to their queue. Within the scope of the CCIE Lab Exam I
> wouldn't worry about it though.
>
> Brian McGahan, CCIE #8593 (R&S/SP/Security) bmcgahan_at_INE.com
>
> Internetwork Expert, Inc.
> http://www.INE.com
>
> From: Nicky [mailto:ccienovice_at_gmail.com]
> Sent: Wednesday, June 27, 2012 10:23 AM
> To: Brian McGahan
> Cc: ccielab_at_groupstudy.com
> Subject: Re: BGP MDT
>
>
> sh bgp ipv4 mdt all su
> BGP router identifier 8.8.8.8, local AS number 100 BGP table version is 7,
> main routing table version 7
> 5 network entries using 740 bytes of memory
> 5 path entries using 280 bytes of memory
> 3/3 BGP path/bestpath attribute entries using 372 bytes of memory
> 8 BGP rrinfo entries using 192 bytes of memory
> 1 BGP AS-PATH entries using 24 bytes of memory
> 7 BGP extended community entries using 328 bytes of memory
> 0 BGP route-map cache entries using 0 bytes of memory
> 0 BGP filter-list cache entries using 0 bytes of memory BGP using 1936
> total bytes of memory BGP activity 42/0 prefixes, 51/0 paths, scan interval
> 60 secs
>
> Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down
> State/PfxRcd
> 2.2.2.2 4 9 0 0 1 0 0 never
> (NoNeg) >>> reappeared after reload
> 5.5.5.5 4 9 20 7 7 0 0 00:01:46
> 4
>
> sh bgp ipv4 mdt all
> BGP table version is 7, local router ID is 8.8.8.8 Status codes: s
> suppressed, d damped, h history, * valid, > best, i - internal,
> r RIB-failure, S Stale, m multipath, b backup-path, x
> best-external Origin codes: i - IGP, e - EGP, ? - incomplete
>
> Network Next Hop Metric LocPrf Weight Path
> Route Distinguisher: 100:100 (default for vrf CUST)
> *>i3.3.3.3/32 3.3.3.3 0 100 0 ?
> *>i4.4.4.4/32 4.4.4.4 0 100 0 ?
> *>i7.7.7.7/32 7.7.7.7 0 100 0 ?
> *> 8.8.8.8/32 0.0.0.0 0 ?
> Route Distinguisher: 1001:100
> *>i9.9.9.9/32 5.5.5.5 0 100 0 1001 ?
> *>i10.10.10.10/32 5.5.5.5 0 100 0 1001 ?
>
> 2.2.2.2 is appearing because I have configured mdt default in vrf. But I
> need to know why such default has been programmed by cisco.
> On Wed, Jun 27, 2012 at 7:33 PM, Brian McGahan <bmcgahan_at_ine.com> wrote:
> What does "sh bgp ipv4 mdt all summary" and "sh bgp ipv4 mdt all" say?
>
> Brian McGahan, CCIE #8593 (R&S/SP/Security) bmcgahan_at_INE.com
>
> Internetwork Expert, Inc.
> http://www.INE.com
>
> From: Nicky [mailto:ccienovice_at_gmail.com]
> Sent: Tuesday, June 26, 2012 9:33 PM
> To: Brian McGahan
> Cc: ccielab_at_groupstudy.com
> Subject: Re: BGP MDT
>
> Please find the configuration:-
>
> vrf definition CUST
> rd 100:100
> !
> address-family ipv4
> route-target export 100:100
> route-target import 100:100
> route-target import 1001:100
> mdt default 239.255.2.10
>
> exit-address-family
> !
> address-family ipv6
> route-target export 100:100
> route-target import 100:100
> route-target import 1001:100
> exit-address-family
>
> =============
> router bgp 100
> no bgp default ipv4-unicast
> bgp log-neighbor-changes
> neighbor 2.2.2.2 remote-as 100
> neighbor 2.2.2.2 update-source Loopback0 neighbor 5.5.5.5 remote-as 100
> neighbor 5.5.5.5 update-source Loopback0
>
> !
> address-family ipv4
> no synchronization
> network 8.8.8.8 mask 255.255.255.255
> neighbor 2.2.2.2 activate
> neighbor 5.5.5.5 activate
> no auto-summary
> exit-address-family
> !
> address-family vpnv4
> neighbor 2.2.2.2 activate
> neighbor 2.2.2.2 send-community extended exit-address-family !
> address-family ipv4 mdt
> neighbor 5.5.5.5 activate
> neighbor 5.5.5.5 send-community extended exit-address-family
>
> This is the config after removing the neighbor under mdt.Also, the IOS
> version is "12.2(33)SRE2".
>
> Cheers,
> Nikhil E.
> On Tue, Jun 26, 2012 at 10:27 PM, Brian McGahan <bmcgahan_at_ine.com> wrote:
> That's only for versions that are pre-standard, and also only if you have
> the VRF locally configured, and only if you have the default MDT configured
> under the VRF. If you want to explicitly disable it then upgrade to a
> version that supports the standardized BGP AFI/SAFI for IPv4 MDT.
>
> Post your config and relevant show outputs if you're having trouble with a
> specific design and I'd be more than happy to help.
>
> HTH,
>
> Brian McGahan, CCIE #8593 (R&S/SP/Security) bmcgahan_at_INE.com
>
> Internetwork Expert, Inc.
> http://www.INE.com
>
> On Jun 26, 2012, at 10:27 AM, "Nicky" <ccienovice_at_gmail.com> wrote:
>
> This not a bug but IOS operation itself. Kindly go through the excerpt
> from the link shared by Brian:-
>
> "when a default MDT configuration exists and a VPNv4 neighbor in BGP is
> configured, a similar neighbor in the IPv4 MDT address family will be
> automatically configured."
>
> Cheers,
> Nicky
> On Tue, Jun 26, 2012 at 8:46 PM, Roger Pfaeffli <rpf23543_at_gmail.com>
> wrote:
> If you remove the neighbor from the mdt address family and it still
> appears in the config under the address family, it seems to be a bug. There
> is nothing like the "no bgp default ipv4 unicast". Like Brian said, if you
> completely want to remove The functionality" just delete the address-family
> ipv4 mdt.
>
> Regards
>
> Roger #23543
>
> Sent from my iPhone
>
> On 26.06.2012, at 14:22, Nicky <ccienovice_at_gmail.com> wrote:
>
> > Hi Brian,
> >
> > Kindly ignore the first sentence and please do let me know if there is
> > any command similar to "no bgp default ipv4-unicast" to disable this
> > MDT SAFI functionality.
> >
> > Cheers,
> > Nicky
> >
> > On Tue, Jun 26, 2012 at 5:47 PM, Nicky <ccienovice_at_gmail.com> wrote:
> >
> >> Hi Brian,
> >>
> >> Even if use the command no neighbor and reload the router the
> >> configuration reappears. Is there any command same as "no bgp default
> >> ipv4-unicast"?
> >>
> >> Cheers,
> >> Nicky
> >>
> >>
> >> On Tue, Jun 26, 2012 at 5:00 PM, Brian McGahan <bmcgahan_at_ine.com>
> wrote:
> >>
> >>> MDT BGP neighbors don't get activated by default. Just like any
> >>> other AFI/SAFI in BGP, e.g. VPNv4, VPNv6, etc. you have to enable it
> manually.
> >>> You would need to add the "neighbor w.x.y.z activate" command under
> >>> the address-family ipv4 mdt.
> >>>
> >>> For versions that a pre-standard for BGP MDT SAFI, your VPNv4 peers
> >>> will also be your MDT peers. If you migrate to a newer version that
> >>> supports the BGP MDT standard it will automatically activate these
> >>> peers under MDT in addition to their VPNv4 configuration:
> >>>
> >>>
> >>> http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fs_mvpn.html
> >>> #wp1116841
> >>>
> >>> If you want to remove a peer though you simply need to say "no
> >>> neighbor w.x.y.z activate" under address-family ipv4 mdt.
> >>>
> >>>
> >>> HTH,
> >>>
> >>> Brian McGahan, CCIE #8593 (R&S/SP/Security) bmcgahan_at_INE.com
> >>>
> >>> Internetwork Expert, Inc.
> >>> http://www.INE.com
> >>>
> >>> -----Original Message-----
> >>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf
> >>> Of Nicky
> >>> Sent: Tuesday, June 26, 2012 5:58 AM
> >>> To: ccielab_at_groupstudy.com
> >>> Subject: BGP MDT
> >>>
> >>> Hi All,
> >>>
> >>> By default the neighbors get activated under address family ipv4 mdt.
> >>>
> >>> Is there any command to disable the default activation.
> >>>
> >>> Thanks & Regards,
> >>> Nicky
> >>>
> >>>
> >>> Blogs and organic groups at http://www.ccie.net
> >>>
> >>> ____________________________________________________________________
> >>> ___ Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > ______________________________________________________________________
> > _ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
>
>
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sat Jun 30 2012 - 14:10:16 ART