Issues propagating Routes over BGP. VRF to VRF for redundant routers

Hi there,

We have been having an issue with propagating our routes between our Core Datacenter Routers.

Pretty sure this is a simple misconfiguration issue but we have been looking at it for the last few weeks.

We have VRRP’s in place for failover and I believe this issue is that the next hop address is not showing up as the VRF

our BGP setup on both CCR’s looks like the following:

10.10.10.1 is an address on the physical interface, 10.10.10.255 is a loopback address (

     remote.address=10.10.10.254/32 .port=179 
     local.address=10.10.10.255 .role=ibgp 
     connect=yes listen=yes routing-table=main router-id=10.10.10.255 templates=default as=136595 
     nexthop-choice=default address-families=ip,l2vpn,l2vpn-cisco,vpnv4 cisco-vpls-nlri-len-fmt=auto-bits 
     output.redistribute=connected,static,bgp,vpn .network=bgp-networks 

bgp VPN:

Flags: X - disabled, I - inactive 
 0   name="bgp-mpls-vpn-1" 
     import.router-id=XXX-VRF .route-targets=136595:4 
     export.route-targets=136595:4 .redistribute=connected,static,vpn 
     route-distinguisher="136595:4" vrf=XXX-VRF label-allocation-policy=per-vrf

I have obfuscated the following addresses:
$NEXT.EBGP is our next hop - its a ip address of our connecting ISP
$L2TP.IP is the public l2tp address of the related remote WAN site address of this client

routing table of second router: (L2tp connection of $XXX.burwood on other router)

Flags: D - dynamic; X - disabled, I - inactive, A - active; 
c - connect, s - static, r - rip, b - bgp, o - ospf, i - is-is, d - dhcp, v - vpn, m - modem, y - bgp-mpls-vp>
H - hw-offloaded; + - ecmp 
 5  As   dst-address=0.0.0.0/0 routing-table=XXX-VRF gateway=10.51.252.250@XXX-VRF 
         immediate-gw=10.51.252.250%VLAN1737.XXXdistance=1 scope=30 target-scope=10 
         vrf-interface=VLAN1737.XXXsuppress-hw-offload=no 

   D y   dst-address=0.0.0.0/0 routing-table=XXX-VRF gateway=10.51.252.250@XXX-VRF 
         immediate-gw=10.51.252.250%VLAN1737.XXXdistance=200 scope=20 target-scope=10 

 6  As   dst-address=10.10.10.254/32 routing-table=XXX-VRF gateway=VLAN1737.XXX@XXX-VRF 
 6  As   dst-address=10.10.10.254/32 routing-table=XXX-VRF gateway=VLAN1737.XXX@XXX-VRF 
         immediate-gw=VLAN1737.XXXdistance=1 scope=30 target-scope=10 suppress-hw-offload=no 

   D y   dst-address=10.10.10.254/32 routing-table=XXX-VRF gateway=XXX-VRF@XXX-VRF immediate-gw=XXX-VRF 
         distance=200 scope=20 target-scope=10 

 7  IsH  dst-address=10.51.11.0/24 routing-table=XXX-VRF gateway=XXX.burwood@XXX-VRF immediate-gw="" 
         distance=1 scope=30 target-scope=10 suppress-hw-offload=no 

   DAyH  dst-address=10.51.11.0/24 routing-table=XXX-VRF gateway=10.10.10.254 distance=200 scope=20 
         target-scope=30 

   DAc   dst-address=10.51.252.0/24 routing-table=XXX-VRF gateway=VLAN1737.XXX@XXX-VRF 
         immediate-gw=VLAN1737.XXXdistance=0 scope=10 target-scope=5 
         local-address=10.51.252.248%VLAN1737.XXX@XXX-VRF 

   D y   dst-address=10.51.252.0/24 routing-table=XXX-VRF gateway=XXX-VRF@XXX-VRF immediate-gw=XXX-VRF 
         distance=200 scope=20 target-scope=10 

   DAyH  dst-address=10.51.252.253/32 routing-table=XXX-VRF gateway=10.10.10.254 distance=200 scope=20 
         target-scope=30 

   DAyH  dst-address=$L2TP.IP/32 routing-table=XXX-VRF gateway=10.10.10.254 distance=200 scope=20 
         target-scope=30 

Routing table of first router: (L2TP connection of $XXX.burwood on this router)

Flags: D - dynamic; X - disabled, I - inactive, A - active; 
c - connect, s - static, r - rip, b - bgp, o - ospf, i - is-is, d - dhcp, v - vpn, m - modem, y - bgp-mpls-vpn; 
H - hw-offloaded; + - ecmp 
 0  As   dst-address=0.0.0.0/0 routing-table=XXX-VRF gateway=10.51.252.250@XXX-VRF immediate-gw=10.51.252.250%VLAN1737.XXX
         distance=1 scope=30 target-scope=10 vrf-interface=VLAN1737.XXXsuppress-hw-offload=no 

   D yH  dst-address=0.0.0.0/0 routing-table=XXX-VRF gateway=10.10.10.255 distance=200 scope=20 target-scope=30 

   DAyH  dst-address=10.10.10.254/32 routing-table=XXX-VRF gateway=10.10.10.255 distance=200 scope=20 target-scope=30 

 1  As   dst-address=10.51.11.0/24 routing-table=XXX-VRF gateway=XXX.burwood@XXX-VRF immediate-gw=XXX.burwood distance=1 
         scope=30 target-scope=10 suppress-hw-offload=no 

   DAc   dst-address=10.51.252.0/24 routing-table=XXX-VRF gateway=VLAN1737.XXX@XXX-VRF immediate-gw=VLAN1737.XXXdistance=0 
         scope=10 target-scope=5 local-address=10.51.252.249%VLAN1737.XXX@XXX-VRF 

   D yH  dst-address=10.51.252.0/24 routing-table=XXX-VRF gateway=10.10.10.255 distance=200 scope=20 target-scope=30 

   DAc   dst-address=10.51.252.253/32 routing-table=XXX-VRF gateway=XXX.VRRP@XXX-VRF immediate-gw=XXX.VRRP distance=0 
         scope=10 target-scope=5 local-address=10.51.252.253%XXX.VRRP@XXX-VRF 

   DAc   dst-address=$L2TP.IP/32 routing-table=XXX-VRF gateway=XXX.burwood@XXX-VRF immediate-gw=XXX.burwood distance=0 
         scope=10 target-scope=5 local-address=$NEXT.EBGP%XXX.burwood@XXX-VRF 

Currently dropping the VRRP interface from the first router so that it connects on the second router caused the connection to VRRP to failover correctly. However traffic cannot route to the first router’s L2tp interface so the sites connection is dropped. I believe this is due to the next hop on the VRF routing table not being resolvable for the $L2TP.IP connection between the routers over BGP.

Let me know if I can provide any more context around this, really appreciate any help towards this as its been abit of an uphill battle.

Cheers.

Gabe

From console snippets, it is not really clear what exactly you want to do.
If you want to distribute route from VRF via BGP VPN, then your static routing is not correct, routes to remote peer must be in the main table.
If you want to run BGP in a VRF, then BGP connection config is not correct and BGP VPN config is not needed.

Normally when running VPNv4 with iBGP, an IGP like OSPF or IS-IS is used so that LDP can create an MPLS LSP to carry the VPNv4 routes over. There doesn’t appear to be an IGP running in your route output.

Also, iBGP doesn’t change the next hop unless configured to do so. Without an IGP to carry the next hop, the routes won’t work beyond a single hop unless you configure next-hop-self on every router in the path.

thanks guys, we have got OSPF running between the two routers - I am wondering if this is misconfigured.

when using BGP VPN does MPLS also need to be configured in the Mikrotik config?

Some examples of the OSPF config showing is up and that the 10.10.10.254 (remote router OSPF neighbor is communicating:

image841×523 7.1 KB

image825×519 45.5 KB

We previously had 2 ccrs running v6 setup this way, two new CCR’s were purchased to replace these, however when setting up our redundancy we ran in to these issues (had exported and imported configs)
The import process was done over a year ago and there were initial issues with the primary CCR which makes me dubious of inconsistency’s in the config.

The following route tables are how they show up on the relevant VRF’s:

This router has the l2tp server binding on connected, the router table shows the address it is connected on fine (the address blanked out - and the correct l2tp name in the gateway

image1056×321 29.6 KB

The remote router has the following in its route table for the relevant VRF interface:

The blanked out addresses are the l2tp ip that is correct and l2tp name

image1656×361 52.5 KB

Also the routes on each ccr on the main tables:

image1496×152 16.5 KB

and

image1546×247 15.4 KB

Let me know if I can provide any more specific detail around anything,

Cheers,

Gabe