Thanks Claudio, I was hoping you would see this.
I know that you guys fixed some other MPLS bugs as I was affected by
the LDP/ARP issue as well.
I have one PE running -current that I confirmed was no longer getting
the LDP drops/crashes
but I have not tested this against it as I just discovered it.
I'll spin up some test machines and report back what I find out.
-Henry
On Tue, Apr 9, 2019 at 5:48 AM Claudio Jeker <cje...@diehard.n-r-g.com> wrote:
>
> On Mon, Apr 08, 2019 at 05:08:32PM -0400, Henry Bonath wrote:
> > Hello, I am seeing some BGP VPNv4 routes staying populated in
> > the RIB of route-reflector clients even after dropping the originating
> > neighbor.
> >
> > I'm on OpenBSD 6.4, running MPLS L3VPN.
> >
> > I have 2 IBGP route-reflectors, both OpenBSD 6.4.
> > I run OSPF to distribute Loopbacks into an Area (100)
> > We run Cisco devices for our Provider Edge installed on site at
> > Customer Premise.
> > All MPLS PE devices neighbor with both route reflectors.
> >
> > My bgpd.conf from the route reflectors:
> > ===================================================
> > ASN="64670"
> >
> > # global configuration
> > AS $ASN
> > router-id 172.16.16.212
> > nexthop qualify via default
> >
> > group "IBGP" {
> > remote-as $ASN
> > announce IPv4 vpn
> > route-reflector 172.16.16.212
> > local-address 172.16.16.212
> > neighbor 100.92.64.0/18 {
> > }
> >
> > }
> >
> > # IBGP: allow all updates to and from our IBGP neighbors
> > allow from any
> > allow to any
> > ===================================================
> >
> > bgpd.conf from an OpenBSD PE:
> > ===================================================
> > ASN="64670"
> >
> > # global configuration
> > AS $ASN
> > router-id 100.92.127.121
> >
> > rdomain 2 {
> > rd 64670:37
> > import-target rt 64670:37
> > export-target rt 64670:37
> > # advertise summary of tenant Subnet:
> > network 172.29.21.0/24
> >
> > # Redistribute from OSPF (Priority 32)
> > network inet priority 32
> > depend on mpe1
> > }
> >
> > group "IBGP" {
> > remote-as $ASN
> > announce IPv4 vpn
> > set rtlabel FROM_BGP
> > local-address 100.92.127.121
> > neighbor 172.16.16.211 {
> > descr "bgp-rr-01"
> > }
> > neighbor 172.16.16.212 {
> > descr "bgp-rr-02"
> > }
> >
> > }
> >
> > # IBGP: allow all updates to and from our IBGP neighbors
> > allow from ibgp
> > allow to ibgp
> >
> > ===================================================
> >
> > The problem comes if I shutdown one of my Premise equipment PE
> > devices, or an OpenBSD PE,
> > on the other OpenBSD PEs that remain up, they still show the routes
> > that were advertised by the
> > now shutdown device.
> >
> > If I log into a route reflector and run a "bgpctl show rib" those
> > routes are no longer there as i expected,
> > though they persist at the OpenBSD reflector clients.
> >
> > Example output after shutting down the 100.92.127.21 Cisco PE observed
> > from the OpenBSD PE
> > that is listening to 64670:37 rt/rd:
> >
> > flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
> > S = Stale, E = Error
> > origin validation state: N = not-found, V = valid, ! = invalid
> > origin: i = IGP, e = EGP, ? = Incomplete
> >
> > flags ovs destination gateway lpref med aspath origin
> > I*> N rd 64670:37 192.168.11.0/24 100.92.127.21 100 2 ?
> > I* N rd 64670:37 192.168.11.0/24 100.92.127.21 100 2 ?
> > I*> N rd 64670:37 192.168.15.0/24 100.92.127.21 100 2 ?
> > I* N rd 64670:37 192.168.15.0/24 100.92.127.21 100 2 ?
> > I*> N rd 64670:37 192.168.20.0/24 100.92.127.21 100 3 ?
> > I* N rd 64670:37 192.168.20.0/24 100.92.127.21 100 3 ?
> > I*> N rd 64670:37 192.168.100.0/24 100.92.127.21 100 2 ?
> > I* N rd 64670:37 192.168.100.0/24 100.92.127.21 100 2 ?
> > I*> N rd 64670:37 192.168.110.0/24 100.92.127.21 100 3 ?
> > I* N rd 64670:37 192.168.110.0/24 100.92.127.21 100 3 ?
> > I*> N rd 64670:37 192.168.150.0/24 100.92.127.21 100 2 ?
> > I* N rd 64670:37 192.168.150.0/24 100.92.127.21 100 2 ?
> > I*> N rd 64670:37 192.168.200.0/24 100.92.127.21 100 2 ?
> > I* N rd 64670:37 192.168.200.0/24 100.92.127.21 100 2 ?
> >
> > Shouldn't those routes disappear once the 100.92.127.21 router is shutdown?
> >
> > Thanks for any help you all have to offer!
>
> Are you able to test this with -current? There were some fixes and changes
> done for MPLS VPN support. I have the feeling that this may be already
> fixed. Also I would desiable gracefull restart on the RR with 'announce
> restart no' for the template.
>
> --
> :wq Claudio
>
