Tier-0 gateway not advertising routes received from one BGP peer to the other.
search cancel

Tier-0 gateway not advertising routes received from one BGP peer to the other.

book

Article ID: 421279

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • VMware NSX Tier-0 Logical Router (LR) receives routes from two different BGP neighbors.

  • When running get bgp 10.XX.XX.20/XX , it is seen in the command output,that the prefix is ​​advertised to both peers from which it was received from.

    edge-01(tier0_sr[2])> get bgp 10.XX.XX.0/XX
    BGP routing table entry for 10.XX.XX.0/XX
    Prefix advertised to: XX.XX.255.9 XX.XX.255.13 XX.XX.3.2 XX.XX.3.10
    2 Paths available:
    Aspath: 4XXXXXXXX9 4XXXXXXXX9 4XXXXXXXX9 4XXXXXXXX9 4XXXXXXXX9 4XXXXXXXX1, path-type as-sequence
    Origin incomplete, Metric 0, LocalPref 100, Weight 0, best, valid
    Peer is 1X.X.3.10 with router id 1XX.X4X.X.254

    Aspath: 4XXXXXX999 4xxxxxxxx9  4XXXXXX9 4XXXXXX9 42XXXXXX9 4XXXXXX1, path-type as-sequence
    Origin incomplete, Metric 0, LocalPref 100, Weight 0, best, valid
    Peer is 1X.X.3.2 with router id 1XX.X4X.X.254



  • When checking the advertised routes for the Tier-0 , it is observed that routes learned from one neighbour are actually not advertised back to the other neighbour, even though the configuration appears to allow it.

Environment

  • VMware NSX

Cause

This behaviour is due to the BGP Split Horizon rule, which prevents a BGP speaker from advertising a route back to the peer from which it was originally learned , when both of them have the same router ID.

Policy-wise, it should be possible to send these updates to both peers , hence the output of the command get bgp 10.XX.XX.20/XX , shows route being advertised to both neighbours.

At the time when the update needs to be sent, there is a split-horizon mechanism that detects that traffic is being sent  to the router ID of the origin of the prefix. Hence the route is not advertised.

Resolution

  • This is expected BGP behaviour observed when multiple external routers share the same BGP Router ID.

  • To ensure routes are advertised between the two external peers via the Tier-0 router, each external BGP router must be configured with a unique BGP Router ID.

  • Once the external routers are configured with distinct Router IDs, the NSX Tier-0 router will correctly identify the origin of each route and advertise the best path to the other neighbour, as the Split Horizon rule will no longer incorrectly trigger.
Powered by Wolken Software