Description
HI.
The main problem is that frr does not support iBGP if I use local-as == remote-as.
BGP diag from frr side:
because it is type external-link, as I think, it prepends as-path
test02# show bgp l2vpn evpn neighbors 10.216.96.20 routes
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN type-1 prefix: [1]:[EthTag]:[ESI]:[IPlen]:[VTEP-IP]:[Frag-id]
EVPN type-2 prefix: [2]:[EthTag]:[MAClen]:[MAC]:[IPlen]:[IP]
EVPN type-3 prefix: [3]:[EthTag]:[IPlen]:[OrigIP]
EVPN type-4 prefix: [4]:[ESI]:[IPlen]:[OrigIP]
EVPN type-5 prefix: [5]:[EthTag]:[IPlen]:[IP]
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.216.96.20:100
*> [5]:[0]:[31]:[100.100.100.100]
10.216.96.20 100 0 4200000001 i
RT:59904:100 ET:8 Rmac:bc:0f:fe:5c:53:00
Route Distinguisher: 10.216.96.20:222
*> [5]:[0]:[32]:[200.200.200.200]
10.216.96.20 100 0 4200000001 i
RT:59904:222 ET:8 Rmac:bc:0f:fe:5c:53:00
Displayed 2 out of 13 total prefixes
test02# show bgp l2vpn evpn neighbors 10.216.96.20 advertised-routes
Default local pref 100, local AS 4200000000
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 0.0.0.0:2
*> [5]:[0]:[32]:[23.23.23.23]
0 100 0 4200000001 i
Version
test02# show version
FRRouting 10.6.0 (test02) on Linux(6.1.0-0.deb11.21-amd64).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
configured with:
'--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--sbindir=/usr/lib/frr' '--with-vtysh-pager=/usr/bin/pager' '--libdir=/usr/lib/x86_64-linux-gnu/frr' '--with-moduledir=/usr/lib/x86_64-linux-gnu/frr/modules' '--disable-dependency-tracking' '--enable-rpki' '--disable-scripting' '--enable-pim6d' '--disable-grpc' '--disable-address-sanitizer' '--with-libpam' '--enable-doc' '--enable-doc-html' '--enable-snmp' '--enable-fpm' '--disable-protobuf' '--disable-zeromq' '--enable-ospfapi' '--enable-bgp-vnc' '--enable-multipath=256' '--enable-pcre2posix' '--enable-user=frr' '--enable-group=frr' '--enable-vty-group=frrvty' '--enable-configfile-mask=0640' '--enable-logfile-mask=0640' 'build_alias=x86_64-linux-gnu' 'PYTHON=python3'
How to reproduce
lo on frr host 10.252.70.45/32
lo on juniper 10.216.96.20/32
config:
router bgp 4200000000
bgp router-id 10.252.72.64
no bgp enforce-first-as
bgp bestpath as-path multipath-relax
no bgp network import-check
neighbor EVPN_TEMPLATE peer-group
neighbor EVPN_TEMPLATE remote-as 4200000001
neighbor EVPN_TEMPLATE local-as 4200000001
neighbor EVPN_TEMPLATE ttl-security hops 64
neighbor EVPN_TEMPLATE update-source 10.252.70.45
neighbor 10.216.96.20 peer-group EVPN_TEMPLATE
address-family ipv4 unicast
no neighbor EVPN_TEMPLATE activate
address-family l2vpn evpn
neighbor EVPN_TEMPLATE activate
neighbor EVPN_TEMPLATE route-reflector-client
neighbor EVPN_TEMPLATE soft-reconfiguration inbound
neighbor EVPN_TEMPLATE maximum-prefix 1000
neighbor EVPN_TEMPLATE allowas-in 2
neighbor 10.252.70.157 activate
advertise-all-vni
advertise-svi-ip
exit-address-family
exit
router bgp 4200000000 vrf netns222
!
address-family ipv4 unicast
redistribute connected
redistribute static
exit-address-family
!
address-family l2vpn evpn
advertise ipv4 unicast
exit-address-family
exit
Expected behavior
I expected if use iBGP (same ASN on both sides) it should without ttl and loops and witout prepends
Actual behavior
test02# show bgp neighbors 10.216.96.20
BGP neighbor is 10.216.96.20, remote AS 4200000001, local AS 4200000001, external link
Local Role: undefined
Remote Role: undefined
Description: 30.leaf
Member of peer-group EVPN_TEMPLATE for session parameters
BGP version 4, remote router ID 10.216.96.20, local router ID 10.252.72.64
BGP state = Established, up for 00:16:46
Last read 00:00:13, Last write 00:00:16
Hold time is 90 seconds, keepalive interval is 30 seconds
Configured hold time is 180 seconds, keepalive interval is 60 seconds
Configured tcp-mss is 0, synced tcp-mss is 1448
Configured conditional advertisements interval is 60 seconds
Neighbor capabilities:
4 Byte AS: advertised and received
Extended Message: advertised
AddPath:
L2VPN EVPN: RX advertised
Paths-Limit:
L2VPN EVPN: advertised (0)
Long-lived Graceful Restart: advertised and received
Address families by peer:
Route refresh: advertised and received
Enhanced Route Refresh: advertised
Address Family L2VPN EVPN: advertised and received
Hostname Capability: advertised (name: test02,domain name: n/a) not received
Version Capability: not advertised not received
Link-Local Next Hop Capability: not advertised not received
Graceful Restart Capability: advertised and received
Remote Restart timer is 120 seconds
Address families by peer:
Graceful Restart Capability: advertised and received
Remote Restart timer is 120 seconds
Peer has restarted (N-bit is set)
Address families by peer:
none
Graceful restart information:
End-of-RIB send: L2VPN EVPN
End-of-RIB received: L2VPN EVPN
Local GR Mode: Helper
Remote GR Mode: Helper
R bit: False
N bit: True
Timers:
Configured Restart Time(sec): 120
Received Restart Time(sec): 120
Configured LLGR Stale Path Time(sec): 0
L2VPN EVPN:
F bit: False
End-of-RIB sent: Yes
End-of-RIB sent after update: No
End-of-RIB received: Yes
Timers:
Configured Stale Path Time(sec): 360
LLGR Stale Path Time(sec): 0
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 1 1
Notifications: 0 0
Updates: 13 2
Keepalives: 34 37
Route Refresh: 0 0
Capability: 0 0
Total: 48 40
Prefix statistics:
Inbound filtered: 0
AS-PATH loop: 0
Originator loop: 0
Cluster loop: 0
Invalid next-hop: 0
Withdrawn: 0
Attributes discarded: 0
Minimum time between advertisement runs is 0 seconds
Update delay timer is 0 seconds (remaining: 0)
Update source is 10.252.70.45
For address family: L2VPN EVPN
EVPN_TEMPLATE peer-group member
Update group 4, subgroup 4
Packet Queue length 0
Route-Reflector Client
Inbound soft reconfiguration allowed
Local AS allowed in path, 2 occurrences
NEXT_HOP is propagated unchanged to this neighbor
Community attribute sent to this neighbor(all)
advertise-all-vni
1 accepted, 13 sent prefixes
Maximum prefixes allowed 1000
Threshold for warning message 75%
Connections established 1; dropped 0
Last reset 00:16:50, No path to specified Neighbor (n/a)
Internal BGP neighbor may be up to 64 hops away.
Local host: 10.252.70.45, Local port: 38903
Foreign host: 10.216.96.20, Foreign port: 179
Nexthop: 10.252.70.45
Nexthop global: ::
Nexthop local: ::
BGP connection: non shared network
BGP Connect Retry Timer in Seconds: 30
Estimated round trip time: 103 ms
Read thread: on Write thread: on FD used: 31
and at the same time on juniper side:
show bgp neighbor 10.252.70.45 | match state
Type: Internal State: Established Flags:
Additional context
dump on frr host, while no allowas-in and ttl-security hops 64:
tcpdump -niany host 10.216.96.20:
11:28:40.110259 eno01 Out IP (tos 0xc0, ttl 1, id 17569, offset 0, flags [DF], proto TCP (6), length 60)
10.252.70.45.34049 > 10.216.96.20.179: Flags [S], cksum 0xbc5d (incorrect -> 0x18c9), seq 1101887639, win 64240, options [mss 1460,sackOK,TS val 1518591386 ecr 0,nop,wscale 7], length 0
and session in idle state:
10.216.96.20 4 4200000001 71 124 0 0 0 00:18:15 Idle
and show bgp neighbors 10.216.96.20:
...
Internal BGP neighbor may be up to 1 hops away.
...
Is that correct behavior?
Checklist
Description
HI.
The main problem is that frr does not support iBGP if I use local-as == remote-as.
BGP diag from frr side:
because it is type external-link, as I think, it prepends as-path
test02# show bgp l2vpn evpn neighbors 10.216.96.20 routes
test02# show bgp l2vpn evpn neighbors 10.216.96.20 advertised-routes
Version
How to reproduce
lo on frr host 10.252.70.45/32
lo on juniper 10.216.96.20/32
config:
router bgp 4200000000
bgp router-id 10.252.72.64
no bgp enforce-first-as
bgp bestpath as-path multipath-relax
no bgp network import-check
neighbor EVPN_TEMPLATE peer-group
neighbor EVPN_TEMPLATE remote-as 4200000001
neighbor EVPN_TEMPLATE local-as 4200000001
neighbor EVPN_TEMPLATE ttl-security hops 64
neighbor EVPN_TEMPLATE update-source 10.252.70.45
neighbor 10.216.96.20 peer-group EVPN_TEMPLATE
address-family ipv4 unicast
no neighbor EVPN_TEMPLATE activate
address-family l2vpn evpn
neighbor EVPN_TEMPLATE activate
neighbor EVPN_TEMPLATE route-reflector-client
neighbor EVPN_TEMPLATE soft-reconfiguration inbound
neighbor EVPN_TEMPLATE maximum-prefix 1000
neighbor EVPN_TEMPLATE allowas-in 2
neighbor 10.252.70.157 activate
advertise-all-vni
advertise-svi-ip
exit-address-family
exit
router bgp 4200000000 vrf netns222
!
address-family ipv4 unicast
redistribute connected
redistribute static
exit-address-family
!
address-family l2vpn evpn
advertise ipv4 unicast
exit-address-family
exit
Expected behavior
I expected if use iBGP (same ASN on both sides) it should without ttl and loops and witout prepends
Actual behavior
test02# show bgp neighbors 10.216.96.20
BGP neighbor is 10.216.96.20, remote AS 4200000001, local AS 4200000001, external link
Local Role: undefined
Remote Role: undefined
Description: 30.leaf
Member of peer-group EVPN_TEMPLATE for session parameters
BGP version 4, remote router ID 10.216.96.20, local router ID 10.252.72.64
BGP state = Established, up for 00:16:46
Last read 00:00:13, Last write 00:00:16
Hold time is 90 seconds, keepalive interval is 30 seconds
Configured hold time is 180 seconds, keepalive interval is 60 seconds
Configured tcp-mss is 0, synced tcp-mss is 1448
Configured conditional advertisements interval is 60 seconds
Neighbor capabilities:
4 Byte AS: advertised and received
Extended Message: advertised
AddPath:
L2VPN EVPN: RX advertised
Paths-Limit:
L2VPN EVPN: advertised (0)
Long-lived Graceful Restart: advertised and received
Address families by peer:
Route refresh: advertised and received
Enhanced Route Refresh: advertised
Address Family L2VPN EVPN: advertised and received
Hostname Capability: advertised (name: test02,domain name: n/a) not received
Version Capability: not advertised not received
Link-Local Next Hop Capability: not advertised not received
Graceful Restart Capability: advertised and received
Remote Restart timer is 120 seconds
Address families by peer:
Graceful Restart Capability: advertised and received
Remote Restart timer is 120 seconds
Peer has restarted (N-bit is set)
Address families by peer:
none
Graceful restart information:
End-of-RIB send: L2VPN EVPN
End-of-RIB received: L2VPN EVPN
Local GR Mode: Helper
Remote GR Mode: Helper
R bit: False
N bit: True
Timers:
Configured Restart Time(sec): 120
Received Restart Time(sec): 120
Configured LLGR Stale Path Time(sec): 0
L2VPN EVPN:
F bit: False
End-of-RIB sent: Yes
End-of-RIB sent after update: No
End-of-RIB received: Yes
Timers:
Configured Stale Path Time(sec): 360
LLGR Stale Path Time(sec): 0
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 1 1
Notifications: 0 0
Updates: 13 2
Keepalives: 34 37
Route Refresh: 0 0
Capability: 0 0
Total: 48 40
Prefix statistics:
Inbound filtered: 0
AS-PATH loop: 0
Originator loop: 0
Cluster loop: 0
Invalid next-hop: 0
Withdrawn: 0
Attributes discarded: 0
Minimum time between advertisement runs is 0 seconds
Update delay timer is 0 seconds (remaining: 0)
Update source is 10.252.70.45
For address family: L2VPN EVPN
EVPN_TEMPLATE peer-group member
Update group 4, subgroup 4
Packet Queue length 0
Route-Reflector Client
Inbound soft reconfiguration allowed
Local AS allowed in path, 2 occurrences
NEXT_HOP is propagated unchanged to this neighbor
Community attribute sent to this neighbor(all)
advertise-all-vni
1 accepted, 13 sent prefixes
Maximum prefixes allowed 1000
Threshold for warning message 75%
Connections established 1; dropped 0
Last reset 00:16:50, No path to specified Neighbor (n/a)
Internal BGP neighbor may be up to 64 hops away.
Local host: 10.252.70.45, Local port: 38903
Foreign host: 10.216.96.20, Foreign port: 179
Nexthop: 10.252.70.45
Nexthop global: ::
Nexthop local: ::
BGP connection: non shared network
BGP Connect Retry Timer in Seconds: 30
Estimated round trip time: 103 ms
Read thread: on Write thread: on FD used: 31
and at the same time on juniper side:
Additional context
dump on frr host, while no allowas-in and ttl-security hops 64:
and session in idle state:
and show bgp neighbors 10.216.96.20:
...
Is that correct behavior?
Checklist