Monthly Archives: October 2010

24 Oct

No EIGRP neighbor authentication on ASR9K

Cisco representative has tried to tell me lately there is feature parity between platforms on IOS XR. In general maybe there is, but in details not. My previous example about lack of GRE tunnels is not valid anymore as this feature has been added in release 3.9.2 on ASR 9000 routers. The configuration of GRE tunnels would not be commited previously because it was not supported.

Things are different when you try to implement authentication for EIGRP neighbors using key chains. This feature, according to official configuration guide, is not supported in IOS XR on ASR 9000 platform, but is supported on CRS-1. So the configuration like that should not be validated and commited

key chain test
 key 1
  key-string password 12345
!
router eigrp 65500
 address-family ipv4
  interface Bundle-Ether1.100
   authentication keychain test

To bad in this case, even if this feature is not supported, IOS XR CLI would let configuration to be commited. Just no neighborship will be established ever that link.

EIGRP authentication is not supported on 3.9 nor 4.0 release of IOS XR.

07 Oct

Different default BGP prefix policy on ASR9k

ASR9000 and it’s IOS XR required administrator to apply routing policy for every neighbor. This behavior is different from IOS where if no policy were applied router accepts and sends all prefixes without limitation. So if we make following configuration:

router bgp 65374
  neighbor 10.129.11.51
  remote-as 1234
  ebgp-multihop 10
  update-source Bundle-Ether1.260
  graceful-restart
  address-family ipv4 unicast
   soft-reconfiguration inbound always

router will inform us, that no prefixes will be send nor received on this session

RP/0/RSP0/CPU0:Aug 20 08:56:13.388 : bgp[137]: %ROUTING-BGP-6-NBR_NOPOLICY : No inbound IPv4 Unicast policy is configured for eBGP neighbor 10.129.11.51. 
No IPv4 Unicast prefixes will be accepted from the neighbor until inbound policy is configured. 
RP/0/RSP0/CPU0:Aug 20 08:56:13.388 : bgp[137]: %ROUTING-BGP-6-NBR_NOPOLICY : No outbound IPv4 Unicast policy is configured for eBGP neighbor 10.129.11.51. 
No IPv4 Unicast prefixes will be sent to the neighbor until outbound policy is configured.

So proper configuration always have to contain policy attached to neighbor in proper address-family. In following example we’re making router send and accept all prefixes

route-policy Accept-All
  pass
end-policy
!
router bgp 65374
 neighbor 10.129.11.51
  remote-as 1234
  ebgp-multihop 10
  update-source Bundle-Ether1.260
  address-family ipv4 unicast
   route-policy Accept-All in
   route-policy Accept-All out
   soft-reconfiguration inbound always

update: As my friend considered this is default behavior for eBGP peers only, for iBGP it works like in in standard IOS and all prefixes are passed to neighbors by default.