Tuesday, December 30, 2008

IE Vol 1: Inter-AS MPLS VPNs with MP-eBGP for VPNv4 Exchange Complete

Wow, that title sure is a mouthful. This lab seriously threw me for a loop. No matter what I did, my provider PE routers would not load the vpnv4 routes advertised by the customer PE routers.

After playing with enough debug commands, I finally came across the following:

R2#debug ip bgp vpnv4 uni upd
*Dec 31 03:03:41.943: BGP(2): 150.1.3.3 rcvd UPDATE w/ attr: nexthop 150.1.3.3, origin ?, localpref 100, metric 0, extended community RT:1:100
*Dec 31 03:03:41.943: BGP(2): 150.1.3.3 rcvd 1:100:10.1.37.0/24 -- DENIED due to: extended community not supported;

Huh? What does it mean extended community not supported?

As it turns out, extended communities, by default, are not accepted from eBGP peers. This is the first lab that I've tried to exchange vpnv4 routes across eBGP, so it's the first time I've run into this.

The command to enable extended communities across eBGP peers is no bgp default route-target filter. The details can be found here.

2 comments:

Anonymous said...

You can also do 'send-community extended' on the neighbor manually

Maria said...

As far as I understand the "no bgp default route-target filter" command is doing something different from what you described. The problem solved by this command does not have to do with eBGP. It has to do with MP-iBGP and the VPNv4 prefix exchange between PEs. The PEs automatically filter VPNv4 updates received from other PEs when the updates have RTs which are not configured as import RTs in any VRFs of the receiving PE (except when router receiving updates is a route-reflector for the sending router). The debugs you posted are debugs relevant to the MP-iBGP prefix exchange (there is a local preference attribute in there, which is not exchanged between ASs). The receiving router denies prefix because it does not have a locally configured VRF with the particular RT as import RT. The 'send-community extended' is required, but you surely had it set correctly on the sending PE (the RT is in the debug output for the particular update).