Wired Intelligent Edge

Hi

I'm preparing for a customer implementation where I will change the existing Aruba-CX 8360v2 VSX cluster with a single Internet access using static routing to a redundant Internet access using BGP. This is also the first step for multiple DC's connected to Internet.

So now my question. I have setup a simple setup using eve-ng with Cisco routers being the ISP and the Aruba-CX OVA Version: Virtual.10.07.0004 being the customer (without the VSX part)
I'm using Communities providing Local pref for the provider (standard setup for the ISP (instead of as-path prepend) and using local pref for the inbound routes from the provider which probably will be the default route only at this stage. All this looks good. 

The setup for the customer will be active standby using BGP meaning only one path will be active. On the provider side local pref works as expected with local pref value deciding the path. Now to my concern. when looking in the Aruba bgp table, "show bgp ipv4/ipv6 unicast" the local pref is ok, 300 on the "standby node iBGP path. BUT the best path in the table on the "standby node" is the eBGP with a local pref of 200. 

Looking in the Aruba doc and BGP best path algorithm it says that step 2 is local pref and ebgp and ibgp is further down in the table. This is what I expected but the outcome in reality doesn't follow that. Why? I assume I can tweak it by setting ibgp and ebgp to the same distance, not possible though in the OVA. Is there a difference in the Aruba-CX OVA compared to the real devices in scope 8360v2? Anyone that can sched some light on this behaviour?

Below the bgp output from the standby node. The eBGP link networks are /31 nets. OSPF for igp and loopback is used for update source for ibgp.

Hi again

I have now tested with a newer version of Aruba-CX OVA, 

-----------------------------------------------------------------------------
ArubaOS-CX
(c) Copyright Hewlett Packard Enterprise Development LP
-----------------------------------------------------------------------------
Version      : Virtual.10.09.0002
Build Date   :
Build ID     : ArubaOS-CX:Virtual.10.09.0002:456cd71cc7cb:202112061706
Build SHA    : 456cd71cc7cb78a52d12445ff257fd49cf120ad9

Still the same problem, 

eBGP has precedence over Local Preference which is wrong. Also its not possible to change the routing administrative distance for eBGP/iBGP.

Comments anyone?
I will test this in reality when the second access is installed (still some weeks to go).

Hi

I'm preparing for a customer implementation where I will change the existing Aruba-CX 8360v2 VSX cluster with a single Internet access using static routing to a redundant Internet access using BGP. This is also the first step for multiple DC's connected to Internet.

So now my question. I have setup a simple setup using eve-ng with Cisco routers being the ISP and the Aruba-CX OVA Version: Virtual.10.07.0004 being the customer (without the VSX part)
I'm using Communities providing Local pref for the provider (standard setup for the ISP (instead of as-path prepend) and using local pref for the inbound routes from the provider which probably will be the default route only at this stage. All this looks good. 

The setup for the customer will be active standby using BGP meaning only one path will be active. On the provider side local pref works as expected with local pref value deciding the path. Now to my concern. when looking in the Aruba bgp table, "show bgp ipv4/ipv6 unicast" the local pref is ok, 300 on the "standby node iBGP path. BUT the best path in the table on the "standby node" is the eBGP with a local pref of 200. 

Looking in the Aruba doc and BGP best path algorithm it says that step 2 is local pref and ebgp and ibgp is further down in the table. This is what I expected but the outcome in reality doesn't follow that. Why? I assume I can tweak it by setting ibgp and ebgp to the same distance, not possible though in the OVA. Is there a difference in the Aruba-CX OVA compared to the real devices in scope 8360v2? Anyone that can sched some light on this behaviour?

Below the bgp output from the standby node. The eBGP link networks are /31 nets. OSPF for igp and loopback is used for update source for ibgp.

What you observed with the OVA is wrong.

The BGP decision tree should be:

Please note that the admin distance does not come into the picture before step 8.

I can not check right now on OVA but you should have distance bgp command in router bgp section.

If so, please set same distance for both ebgp and ibgp although this is not expected in network industry.

If the behavior is the same on 8360, please open a TAC case.

Hi again

I have now tested with a newer version of Aruba-CX OVA, 

-----------------------------------------------------------------------------
ArubaOS-CX
(c) Copyright Hewlett Packard Enterprise Development LP
-----------------------------------------------------------------------------
Version      : Virtual.10.09.0002
Build Date   :
Build ID     : ArubaOS-CX:Virtual.10.09.0002:456cd71cc7cb:202112061706
Build SHA    : 456cd71cc7cb78a52d12445ff257fd49cf120ad9

Still the same problem, 

eBGP has precedence over Local Preference which is wrong. Also its not possible to change the routing administrative distance for eBGP/iBGP.

Comments anyone?
I will test this in reality when the second access is installed (still some weeks to go).

Hi

I'm preparing for a customer implementation where I will change the existing Aruba-CX 8360v2 VSX cluster with a single Internet access using static routing to a redundant Internet access using BGP. This is also the first step for multiple DC's connected to Internet.

So now my question. I have setup a simple setup using eve-ng with Cisco routers being the ISP and the Aruba-CX OVA Version: Virtual.10.07.0004 being the customer (without the VSX part)
I'm using Communities providing Local pref for the provider (standard setup for the ISP (instead of as-path prepend) and using local pref for the inbound routes from the provider which probably will be the default route only at this stage. All this looks good. 

The setup for the customer will be active standby using BGP meaning only one path will be active. On the provider side local pref works as expected with local pref value deciding the path. Now to my concern. when looking in the Aruba bgp table, "show bgp ipv4/ipv6 unicast" the local pref is ok, 300 on the "standby node iBGP path. BUT the best path in the table on the "standby node" is the eBGP with a local pref of 200. 

Looking in the Aruba doc and BGP best path algorithm it says that step 2 is local pref and ebgp and ibgp is further down in the table. This is what I expected but the outcome in reality doesn't follow that. Why? I assume I can tweak it by setting ibgp and ebgp to the same distance, not possible though in the OVA. Is there a difference in the Aruba-CX OVA compared to the real devices in scope 8360v2? Anyone that can sched some light on this behaviour?

Below the bgp output from the standby node. The eBGP link networks are /31 nets. OSPF for igp and loopback is used for update source for ibgp.

Hi
Many thanks for responding and yes that is my expectation that Local pref has precedence over eBGP in this case according to the best path algorithm.
Yes I'm aware of that and my workaround will be to set eBGP and iBGP with the same distance so that local pref will break the tie in favour for iBGP.

I will feed back here also if I see the same problem in the 8360v2 sw and open a TAC case,

What you observed with the OVA is wrong.

The BGP decision tree should be:

Please note that the admin distance does not come into the picture before step 8.

I can not check right now on OVA but you should have distance bgp command in router bgp section.

If so, please set same distance for both ebgp and ibgp although this is not expected in network industry.

If the behavior is the same on 8360, please open a TAC case.

Hi again

I have now tested with a newer version of Aruba-CX OVA, 

-----------------------------------------------------------------------------
ArubaOS-CX
(c) Copyright Hewlett Packard Enterprise Development LP
-----------------------------------------------------------------------------
Version      : Virtual.10.09.0002
Build Date   :
Build ID     : ArubaOS-CX:Virtual.10.09.0002:456cd71cc7cb:202112061706
Build SHA    : 456cd71cc7cb78a52d12445ff257fd49cf120ad9

Still the same problem, 

eBGP has precedence over Local Preference which is wrong. Also its not possible to change the routing administrative distance for eBGP/iBGP.

Comments anyone?
I will test this in reality when the second access is installed (still some weeks to go).

Hi

I'm preparing for a customer implementation where I will change the existing Aruba-CX 8360v2 VSX cluster with a single Internet access using static routing to a redundant Internet access using BGP. This is also the first step for multiple DC's connected to Internet.

So now my question. I have setup a simple setup using eve-ng with Cisco routers being the ISP and the Aruba-CX OVA Version: Virtual.10.07.0004 being the customer (without the VSX part)
I'm using Communities providing Local pref for the provider (standard setup for the ISP (instead of as-path prepend) and using local pref for the inbound routes from the provider which probably will be the default route only at this stage. All this looks good. 

The setup for the customer will be active standby using BGP meaning only one path will be active. On the provider side local pref works as expected with local pref value deciding the path. Now to my concern. when looking in the Aruba bgp table, "show bgp ipv4/ipv6 unicast" the local pref is ok, 300 on the "standby node iBGP path. BUT the best path in the table on the "standby node" is the eBGP with a local pref of 200. 

Looking in the Aruba doc and BGP best path algorithm it says that step 2 is local pref and ebgp and ibgp is further down in the table. This is what I expected but the outcome in reality doesn't follow that. Why? I assume I can tweak it by setting ibgp and ebgp to the same distance, not possible though in the OVA. Is there a difference in the Aruba-CX OVA compared to the real devices in scope 8360v2? Anyone that can sched some light on this behaviour?

Below the bgp output from the standby node. The eBGP link networks are /31 nets. OSPF for igp and loopback is used for update source for ibgp.

Hi,

Can you double check if iBGP route next-hop (172.16.184.243) is reachable? 

Hi,

Can you double check if iBGP route next-hop (172.16.184.243) is reachable? 

Hi

When I do setups like this I use next hop self on eBGP and use IGP and update source loopback interface for iBGP

Hi,

Can you double check if iBGP route next-hop (172.16.184.243) is reachable? 

Hi,

Can you double check if iBGP route next-hop (172.16.184.243) is reachable? 

Hi
Thanks for your input. I discovered that I had an IGP error that I didnt see previously. When correcting that it looks correct now. But I don't think that should impact the BGP table, just the reachability based on the forwarding table. At the moment I have a mix of 10.09 and 10.07. I will use 10.09 on both CX nodes and do some failovers between nodes based on failures to see how it behaves.

Hi,

Can you double check if iBGP route next-hop (172.16.184.243) is reachable? 

It seems stable now and my original issue was my mistake. Missing was IGP routing for the eBGP interface on both Aruba-CX switches. It stable now after correcting this. 

Hi
Thanks for your input. I discovered that I had an IGP error that I didnt see previously. When correcting that it looks correct now. But I don't think that should impact the BGP table, just the reachability based on the forwarding table. At the moment I have a mix of 10.09 and 10.07. I will use 10.09 on both CX nodes and do some failovers between nodes based on failures to see how it behaves.

Hi,

Can you double check if iBGP route next-hop (172.16.184.243) is reachable? 

Hello, 

Would you mind sharing for the community CLI output for show bgp ipv4 unicast and sh ip route,

so that it closes the topic. Thanks.

It seems stable now and my original issue was my mistake. Missing was IGP routing for the eBGP interface on both Aruba-CX switches. It stable now after correcting this. 

Hi
Thanks for your input. I discovered that I had an IGP error that I didnt see previously. When correcting that it looks correct now. But I don't think that should impact the BGP table, just the reachability based on the forwarding table. At the moment I have a mix of 10.09 and 10.07. I will use 10.09 on both CX nodes and do some failovers between nodes based on failures to see how it behaves.

Hi,

Can you double check if iBGP route next-hop (172.16.184.243) is reachable? 

Hi

Yes of course. All IPs are fake and I hope I haven't made a typo while changing to those.

The output below is from the two CX-OVA nodes (SW01 & SW02). Connectivity for this lab is one external for the eBGP on both nodes, one connection between the two nodes and one connection to an "internal" network from both CX nodes. I'm "controlling" the inbound path from the ISP side by using BGP communities and Local Preference and as seen in the output also Local Preference to control the outbound path. The output below show that SW02 have the primary path to/from the ISP. 

Hello, 

Would you mind sharing for the community CLI output for show bgp ipv4 unicast and sh ip route,

so that it closes the topic. Thanks.

It seems stable now and my original issue was my mistake. Missing was IGP routing for the eBGP interface on both Aruba-CX switches. It stable now after correcting this. 

Hi
Thanks for your input. I discovered that I had an IGP error that I didnt see previously. When correcting that it looks correct now. But I don't think that should impact the BGP table, just the reachability based on the forwarding table. At the moment I have a mix of 10.09 and 10.07. I will use 10.09 on both CX nodes and do some failovers between nodes based on failures to see how it behaves.

Hi,

Can you double check if iBGP route next-hop (172.16.184.243) is reachable?