Shortcut from Site to Hub in other Region

[scan5415]

Dear Team

I found out that shortcuts between Site1-1 in West Region to Hub in East Region does not really work. On the one hand, I think the Neighbor group on the hubs is missing.

For this reason I have extended the “Project” file:

'Hub-West': {
      'lo_bgp': 'x.x.x.x',
      'peering': {
        'EDGE_EAST': {
            'dynamic_bgp': true,
            ...
            'remote_region': true,
            'as': 65001
        }
      }
}

The addition also requires an adjustment to the “03 hub routing”:

{% for p in peering %}
      {% set remote_as = peering[p].as if peering[p].remote_region|default(false) else project.regions[region].as %}  <----
  config neighbor-group
    edit {{ p }}
      set soft-reconfiguration enable
      set capability-graceful-restart enable
      set advertisement-interval 1
      set next-hop-self enable
      set remote-as {{ remote_as }}
      set interface "Lo"
      set update-source "Lo"
      unset route-reflector-client{{'-vpnv4' if not multi_vrf}}
      {% if not peering[p].dynamic_bgp and project.intrareg_advpn|default(true) %}
      set route-reflector-client{{'-vpnv4' if multi_vrf}} enable
      {% else %}
      set route-reflector-client{{'-vpnv4' if multi_vrf}} disable
      {% endif %}
      {% if peering[p].remote_region|default(false) %}                    <-----
      set route-map-out{{'-vpnv4' if multi_vrf}} "LAN_OUT"                    <-----
      {% endif %}                    <-----
      {% if multi_vrf %}
      set soft-reconfiguration-vpnv4 enable
      set capability-graceful-restart-vpnv4 enable
      {% else %}
      unset soft-reconfiguration-vpnv4
      unset capability-graceful-restart-vpnv4
      {% endif %}
    next
  end
  config neighbor-range
    edit {{ 100 + loop.index }}
      set prefix {{ peering[p].lo_summary }}
      set neighbor-group "{{ p }}"
    next
  end
  {% endfor %}

I don't know if I have misunderstood an existing option, but I have not found any other solution.

[dmitryperets]

Hi @scan5415,

Thanks for reporting this. You are right, we didn't generate the necessary neighbor-group for the remote regions on the Hubs, so Spoke-to-Hub shortcuts do not work with Dynamic BGP.

We are going to fix it, but we prefer to implement a generic solution with the new remote-as-filter feature (see here). This will allow us to create a single neighbor-group to accomodate Spokes from all remote regions, not just from the West region, as in our simple example. The same feature will be used on the Spokes, to avoid the need for multiple neighbor-groups.

Unfortunately, we have to wait for FOS 7.4.5, because at the moment this feature is broken. That's why our Jinja currently generates a separate neighbor-group for each remote region on Spokes. Once FOS 7.4.5 is out, we will update the templates, and now we will also remember to add the missing neighbor-group on the Hubs!

[dmitryperets]

Hi,

FOS 7.4.5 is now out, so I am planning to merge the remote-as-filter implementation. I will allow Spoke-to-Hub shortcuts at the same time. The feature branch has been pushed, I'll merge it after some more testing. This is tracked in #29.

Please note that this change does not handle the Spoke-to-Hub overlay path stickiness in any way. Normally, we do not enable ADVPN 2.0 on the Hubs, hence in theory you can have an issue with establishing a Spoke-to-Hub shortcut, if you do not have the overlay stickiness on the Hubs. This could be solved by enabling ADVPN 2.0 on the Hubs (including the extra-regional tunnels as members), but that is outside the scope of the Jinja Orchestrator anyway. There will be a better solution for this coming in 7.6, so we might return to it later.

But as long as you are able to build the Spoke-to-Hub shortcut, the routing will now work fine, thanks to #29 (see the details there, it's an optional parameter disabled by default).