Reflected IBGP VPNv4 Routes overstaying their welcome

Mon, 08 Apr 2019 14:09:33 -0700 

Hello, I am seeing some BGP VPNv4 routes staying populated in
the RIB of route-reflector clients even after dropping the originating neighbor.

I'm on OpenBSD 6.4, running MPLS L3VPN.

I have 2 IBGP route-reflectors, both OpenBSD 6.4.
I run OSPF to distribute Loopbacks into an Area (100)
We run Cisco devices for our Provider Edge installed on site at
Customer Premise.
All MPLS PE devices neighbor with both route reflectors.

My bgpd.conf from the route reflectors:
===================================================
ASN="64670"

# global configuration
AS $ASN
router-id 172.16.16.212
nexthop qualify via default

group "IBGP" {
        remote-as $ASN
        announce IPv4 vpn
        route-reflector 172.16.16.212
        local-address 172.16.16.212
        neighbor 100.92.64.0/18 {
        }

}

# IBGP: allow all updates to and from our IBGP neighbors
allow from any
allow to any
===================================================

bgpd.conf from an OpenBSD PE:
===================================================
ASN="64670"

# global configuration
AS $ASN
router-id 100.92.127.121

rdomain 2 {
        rd 64670:37
        import-target rt 64670:37
        export-target rt 64670:37
        # advertise summary of tenant Subnet:
        network 172.29.21.0/24

        # Redistribute from OSPF (Priority 32)
        network inet priority 32
        depend on mpe1
}

group "IBGP" {
        remote-as $ASN
        announce IPv4 vpn
        set rtlabel FROM_BGP
        local-address 100.92.127.121
        neighbor 172.16.16.211 {
                descr "bgp-rr-01"
        }
        neighbor 172.16.16.212 {
                descr "bgp-rr-02"
        }

}

# IBGP: allow all updates to and from our IBGP neighbors
allow from ibgp
allow to ibgp

===================================================

The problem comes if I shutdown one of my Premise equipment PE
devices, or an OpenBSD PE,
on the other OpenBSD PEs that remain up, they still show the routes
that were advertised by the
now shutdown device.

If I log into a route reflector and run a "bgpctl show rib" those
routes are no longer there as i expected,
though they persist at the OpenBSD reflector clients.

Example output after shutting down the 100.92.127.21 Cisco PE observed
from the OpenBSD PE
that is listening to 64670:37 rt/rd:

flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
       S = Stale, E = Error
origin validation state: N = not-found, V = valid, ! = invalid
origin: i = IGP, e = EGP, ? = Incomplete

flags ovs destination          gateway          lpref   med aspath origin
I*>     N rd 64670:37 192.168.11.0/24 100.92.127.21      100     2 ?
I*      N rd 64670:37 192.168.11.0/24 100.92.127.21      100     2 ?
I*>     N rd 64670:37 192.168.15.0/24 100.92.127.21      100     2 ?
I*      N rd 64670:37 192.168.15.0/24 100.92.127.21      100     2 ?
I*>     N rd 64670:37 192.168.20.0/24 100.92.127.21      100     3 ?
I*      N rd 64670:37 192.168.20.0/24 100.92.127.21      100     3 ?
I*>     N rd 64670:37 192.168.100.0/24 100.92.127.21      100     2 ?
I*      N rd 64670:37 192.168.100.0/24 100.92.127.21      100     2 ?
I*>     N rd 64670:37 192.168.110.0/24 100.92.127.21      100     3 ?
I*      N rd 64670:37 192.168.110.0/24 100.92.127.21      100     3 ?
I*>     N rd 64670:37 192.168.150.0/24 100.92.127.21      100     2 ?
I*      N rd 64670:37 192.168.150.0/24 100.92.127.21      100     2 ?
I*>     N rd 64670:37 192.168.200.0/24 100.92.127.21      100     2 ?
I*      N rd 64670:37 192.168.200.0/24 100.92.127.21      100     2 ?

Shouldn't those routes disappear once the 100.92.127.21 router is shutdown?

Thanks for any help you all  have to offer!
-Henry

Reply via email to