Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Contrail] User-specified BGP_ASN not effective after deployment in 5.0.0.0/5.0.1.0 releases

0

0

Article ID: KB34062 KB Last Updated: 05 Apr 2019Version: 1.0
Summary:

Due to a missing command in the provision script listed below, the user-specified, non-default BGP_ASN value in the yaml file is not effective after deployment. This behavior is found in Contrail releases 5.0.0.0 and 5.0.1.0, and has been fixed in Contrail release 5.0.2.0 and later.

  python /opt/contrail/utils/provision_control.py \
    --api_server_ip $CONFIG_POD_IP --api_server_port 8082 \
    --admin_user admin \
    --admin_password password \
    --admin_tenant_name admin \
    --router_asn $BGP_ASN

This article describes how to debug such a scenario and a way to recover from the problem without deleting the controller pod.

 

Symptoms:

After deployment of the Contrail 5.0.1.0-ocata multinode cluster, it is seen that BGP peering between control nodes has been established by using the default ASN value of 64512 instead of the one that was specified (65040) by the user.

When configmap and env data within each controller container are checked, the user-defined ASN value of 65040 is shown. However, the Contrail WebUI and introspect (see the image that follows) show that the controllers are using the default value of 64512 for BGP peering.

 
$ kubectl get configmap -n contrail contrail-controller-env -o yaml
apiVersion: v1
data:
  BGP_ASN: "65040"

$ kubectl exec -it -n contrail contrail-control-26wjh -- /bin/bash
Defaulting container name to contrail-control.
Use 'kubectl describe pod/contrail-control-26wjh -n contrail' to see all of the containers in this pod.
(control-control)[root@c004 /]$ env | grep BGP
BGP_ASN=65040
BGP_PORT=1179
(control-control)[root@c004 /]$ exit

$ kubectl exec -it -n contrail contrail-control-9bw8p -- /bin/bash
Defaulting container name to contrail-control.
Use 'kubectl describe pod/contrail-control-9bw8p -n contrail' to see all of the containers in this pod.
(control-control)[root@c003 /]$ env | grep BGP
BGP_ASN=65040
BGP_PORT=1179
(control-control)[root@c003 /]$ exit

$ kubectl exec -it -n contrail contrail-control-cdzzr -- /bin/bash
Defaulting container name to contrail-control.
Use 'kubectl describe pod/contrail-control-cdzzr -n contrail' to see all of the containers in this pod.
(control-control)[root@c005 /]$ env | grep BGP
BGP_ASN=65040
BGP_PORT=1179
 

The introspect queries too show that the controllers are using 64512 for BGP peerings.

 
Ubuntu@c003:~/tools$ kubectl exec -it -n contrail contrail-config-6n8w7 -- ist ctr nei
Defaulting container name to contrail-config-api.
Use 'kubectl describe pod/contrail-config-6n8w7 -n contrail' to see all of the containers in this pod.
+-------------+---------------+----------+----------+-----------+-------------+------------+------------+-----------+
| peer | peer_address | peer_asn | encoding | peer_type | state | send_state | flap_count | flap_time |
+-------------+---------------+----------+----------+-----------+-------------+------------+------------+-----------+
| c003 | 172.29.21.134 | 64512 | BGP | internal | Established | in sync | 0 | n/a |
| mtn9r03c005 | 172.29.21.136 | 64512 | BGP | internal | Established | in sync | 0 | n/a |
+-------------+---------------+----------+----------+-----------+-------------+------------+------------+-----------+
Ubuntu@c003:~/tools$ kubectl exec -it -n contrail contrail-config-dfxx2 -- ist ctr nei
Defaulting container name to contrail-config-api.
Use 'kubectl describe pod/contrail-config-dfxx2 -n contrail' to see all of the containers in this pod.
+-------------+---------------+----------+----------+-----------+-------------+------------+------------+-----------+
| peer | peer_address | peer_asn | encoding | peer_type | state | send_state | flap_count | flap_time |
+-------------+---------------+----------+----------+-----------+-------------+------------+------------+-----------+
| c004 | 172.29.21.135 | 64512 | BGP | internal | Established | in sync | 0 | n/a |
| mtn9r03c005 | 172.29.21.136 | 64512 | BGP | internal | Established | in sync | 0 | n/a |
+-------------+---------------+----------+----------+-----------+-------------+------------+------------+-----------+
ubuntu@c003:~/tools$ kubectl exec -it -n contrail contrail-config-xc6nn -- ist ctr nei
Defaulting container name to contrail-config-api.
Use 'kubectl describe pod/contrail-config-xc6nn -n contrail' to see all of the containers in this pod.
+-------------+---------------+----------+----------+-----------+-------------+------------+------------+-----------+
| peer | peer_address | peer_asn | encoding | peer_type | state | send_state | flap_count | flap_time |
+-------------+---------------+----------+----------+-----------+-------------+------------+------------+-----------+
| c003 | 172.29.21.134 | 64512 | BGP | internal | Established | in sync | 0 | n/a |
| c004 | 172.29.21.135 | 64512 | BGP | internal | Established | in sync | 0 | n/a |
+-------------+---------------+----------+----------+-----------+-------------+------------+------------+-----------+
 

 

Cause:

The Contrail provision script between Contrail 3.2.x releases and Contrail 5.0.x releases was compared and the following command was found to be missing in Contrail release 5.0.x:

  python /opt/contrail/utils/provision_control.py \
    --api_server_ip $CONFIG_POD_IP --api_server_port 8082 \
    --admin_user admin \
    --admin_password password \
    --admin_tenant_name admin \
    --router_asn $BGP_ASN

 

Solution:

The solution to this problem is to add an individual call for provision_control to register the global ASN. This has been done in Contrail release 5.0.2.0 and later, in order to set the global ASN number to the BGP_ASN value. It is missing in Contrail's 5.0.0.0/5.0.1.0’s provision_control.py script.

Meanwhile, a workaround for Contrail 5.0.0.0 and 5.0.1.0 releases is to manually modify the global ASN value on the WebUI to the desired value.

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search