[128345] in North American Network Operators' Group
RE: [c-nsp] Cisco ASR BGP within the box question
daemon@ATHENA.MIT.EDU (Steven.Glogger@swisscom.com)
Tue Aug 3 04:13:42 2010
From: <Steven.Glogger@swisscom.com>
To: <oboehmer@cisco.com>, <cisco-nsp@puck.nether.net>, <nanog@nanog.org>
Date: Tue, 3 Aug 2010 10:13:15 +0200
In-Reply-To: <6E4D2678AC543844917CA081C9D6B33F0247F8B2@XMB-AMS-103.cisco.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
thanks oliver,=20
will try and keep you (and the list) updated.
-steven
-----Original Message-----
From: Oliver Boehmer (oboehmer) [mailto:oboehmer@cisco.com]=20
Sent: Tuesday, August 03, 2010 8:06 AM
To: Glogger Steven, SCS-NIT-NIO-PIO-DNW-NEO; cisco-nsp@puck.nether.net; nan=
og@nanog.org
Subject: RE: [c-nsp] Cisco ASR BGP within the box question
Steven,
> just a short question (related to a quite new feature from cisco).
> with the new cisco ASR software (15.0(1)S - released some days ago) it
is
> able to do BGP on the same box.
> we need this feature because we use the VASI interfaces to bring and
filter
> traffic from one VRF to another VRF and performing firewalling (ZBF).
>=20
> basically we have on the box:
> [VRF_A via vasileft1]--[VRF_B via vasiright1]
>=20
> and the box itself speaks BGP on VRF_B with some RR's:
> [ASRBox] ---- (RR) ---- [anotherbox]
>=20
> the fun part is, if you want to announce (e.g. 0.0.0.0/0) from VRF_B
> (announced from anotherbox) to VRF_A it should be possible now with
that new
> feature.
>=20
> according to BGP I need to configure the VRF_A peer as
route-reflector-
> client so the routes from the anotherbox get reflected via RR to
VRF_B.
>=20
> but, it seems that the router itself needs to be tricked, since he
thinks
> that both peers are in the same route-reflector cluster ("DENIED due
to:
> reflected from the same cluster"):
>[...]=20
> so, does anyone knows a nice hidden command to disable this
cluster-checking
> on a per-peer basis or so?
I'm not aware of an enhancement to set the cluster-id on a per-vrf
basis, it is currently global.. But you could turn this into an eBGP
session using local-as, for example
router bgp 65501
address-family ipv4 vrf IABIP-
neighbor 10.0.0.2 remote-as 65502
neighbor 10.0.0.2 local-as 65503 no-prepend replace-as
address-family ipv4 vrf IACYP-
neighbor 10.0.0.1 remote-as 65503
neighbor 10.0.0.1 local-as 65502 no-prepend replace-as
not sure if this helps..
oli
