Can't get 6VPE working - Page 2

magnus.maatta · ‎12-19-2013

Hi,

I've been trying to debug this problem for a few days now but I can't figure out what is wrong.

I configured BGP according to documentation on 3 of my routers which will have IPv6 for now

but I will focus on two of them as they are directly connected without any IPv4 MPLS cloud between

them.

So the setup is basicly:

I couldn't get the connectivity going between the peering router and the primary/secondary router, so I moved on to testing

between primary and secondary router instead.

BGP is setup with

address-family vpnv6

neighbor 83.150.xxx.xxx activate

neighbor 83.150.xxx.xxx send-community both

neighbor 83.150.zzz.zzz activate

neighbor 83.150.zzz.zzz send-community both

exit-address-family

address-family ipv6 vrf vrf230

redistribute connected

redistribute static

no synchronization

exit-address-family

Of course with modifications on each router so that it points to the other ones (and IPv4 is working fine).

ipv6 unicast routing have been enabled, ipv6 cef also.

So I setup one interface with one address on the primary router and another interface on the secondary router

and tried to ping from the vrf with IPv6 enabled (first making sure all tables look correct etc)

Secondary router preparations before test

secondary#show ipv6 cef vrf vrf230 2A00:1208:1000:100::FFFE/64 det

2A00:1208:1000:100::/64, epoch 1, flags attached, connected

attached to GigabitEthernet1/3.117

secondary#show mpls forwarding-table labels 45

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface

45 Pop Label IPv6 VRF[V] 8664 aggregate/vrf230

secondary#show mpls forwarding-table vrf vrf230 2A00:1208:0:10E6:1000:10B0:1:101/126

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface

None 53 2A00:1208:0:10E6:1000:10B0:1:100/12[V] \

0 Po1 83.150.188.129

secondary#show ipv6 cef vrf vrf230 2A00:1208:0:10E6:1000:10B0:1:101/126 det

2A00:1208:0:10E6:1000:10B0:1:100/126, epoch 1, flags rib defined all labels

recursive via 83.150.188.1 label 53

nexthop 83.150.188.129 Port-channel1 label explicit-null

secondary(config)#access-list 2700 permit any 45 any any

secondary#debug mpls packet 2700

Packet debugging is on with ACL 2700

secondary#debug ipv6 packet

3d08h: IPV6: source FE80::20B:45FF:FEB5:2F40 (local)

3d08h: dest FF02::1 (Port-channel1)

3d08h: traffic class 224, flow 0x0, len 72+0, prot 58, hops 255, originating

3d08h: IPv6: Sending on Port-channel1

Except for the above output and some other unrelated link-local activity there was no output at all.

Primary router preparation and test

This was done on the primary router (ping after enabling all debug on the secondary one).

primary#show mpls forwarding-table vrf vrf230 2A00:1208:1000:100::FFFE/64

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface

None 45 2A00:1208:1000:100::/64[V] \

0 Po1 83.150.188.130

primary#debug ipv6 packet

primary#ping vrf vrf230 ipv6 2A00:1208:1000:100::FFFE rep 1 source 2A00:1208:0:10E6:1000:10B0:1:101

Type escape sequence to abort.

Sending 1, 100-byte ICMP Echos to 2A00:1208:1000:100::FFFE, timeout is 2 seconds:

Packet sent with a source address of 2A00:1208:0:10E6:1000:10B0:1:101%vrf230

3d07h: IPv6: Looking up 2A00:1208:1000:100::FFFE [Source 2A00:1208:0:10E6:1000:10B0:1:101] in FIB

3d07h: FIBfwd-proc: vrf230:2A00:1208:1000:100::/64 proces level forwarding

3d07h: FIBfwd-proc: depth 0 first_idx 0 paths 1 long 0(0)

3d07h: FIBfwd-proc: try path 0 (of 1) v6-rnh-83.150.188.2[v4:Default] first short ext 67769AA8(0)

3d07h: FIBfwd-proc: v6-rnh-83.150.188.2[v4:Default] valid short

3d07h: FIBfwd-proc: label[0] 45 connid 0 link ILLEGAL

3d07h: FIBfwd-proc: ip_pak_table 503316481 ip_nh_table 0 if none nh 83.150.188.2 deag 0 via fib 527D5A98 path type recursive nexthop

3d07h: FIBfwd-proc: depth 1 first_idx 0 paths 1 long 0(0)

3d07h: FIBfwd-proc: try path 0 (of 1) v4-anh-83.150.188.130-Po1 first short ext 51244DC8(0)

3d07h: FIBfwd-proc: v4-anh-83.150.188.130-Po1 valid short

3d07h: FIBfwd-proc: label[1] 0 connid 0 link TAG

3d07h: FIBfwd-proc: ip_pak_table 503316481 ip_nh_table 65535 if Port-channel1 nh 83.150.188.130 deag 0 via fib 0 path type attached nexthop

3d07h: FIBfwd-proc: packet routed to Port-channel1 83.150.188.130(503316481) with labels 45 explicit-null

3d07h: IPv6: FIB lookup for 2A00:1208:1000:100::FFFE succeeded. if=Port-channel1, nexthop 2A00:1208:1000:100::FFFE

3d07h: IPV6: source 2A00:1208:0:10E6:1000:10B0:1:101 (local)

3d07h: dest 2A00:1208:1000:100::FFFE (Port-channel1)

3d07h: traffic class 0, flow 0x0, len 100+0, prot 58, hops 64, originating

3d07h: FIBfwd-proc: ip_pak_table 503316481 ip_nh_table 65535 if Port-channel1 nh 83.150.188.130 uhp 0 deag 0 ttlexp 0

3d07h: FIBfwd-proc: encapsulating link TAG ip_pak_table 503316481 ip_nh_table 65535 if Port-channel1 nh 83.150.188.130 uhp 0 deag 0 ttlexp 0

3d07h: IPv6: Sending on Port-channel1.

Success rate is 0 percent (0/1)

primary#show bgp vpnv6 unicast vrf vrf230

BGP table version is 55523, local router ID is 83.150.188.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 31331:230 (default for vrf vrf230)

*> 2A00:1208::/32 :: 0 32768 ?

* i2A00:1208:0:10E6:1000:1000:1:200/126

::FFFF:83.150.188.2

0 100 0 ?

*> :: 0 32768 ?

*> 2A00:1208:0:10E6:1000:10B0:1:100/126

:: 0 32768 ?

* i2A00:1208:1000::/64

::FFFF:83.150.188.2

0 100 0 ?

*> :: 0 32768 ?

*> 2A00:1208:1000:10::/64

:: 0 32768 ?

*>i2A00:1208:1000:100::/64

::FFFF:83.150.188.2

0 100 0 ?

*>i2A02:C58:F:B::/64

::FFFF:83.150.188.3

0 100 0 ?

primary#show ipv6 route vrf vrf230 2A00:1208:1000:100::FFFE/64

Routing entry for 2A00:1208:1000:100::/64

Known via "bgp 31331", distance 200, metric 0, type internal

Route count is 1/1, share count 0

Routing paths:

83.150.188.2%Default-IP-Routing-Table indirectly connected

MPLS label: 45

Last updated 1d22h ago

Ping works between routers on the linknet (if I add a linknet between them on a subinterface on the port-channel)

and also on one shared L2 subinterface where they both have an IP-address - but not via MPLS.

And as I said, the same goes for the internet router, can't ping that one either but to rule out any weirdness in the

MPLS cloud I tried debugging between the routers. I also get the same silence from the debugs if I turn the test the

other way around.

Anyone got any idea what's wrong ?

Version: 12.2(33)SXJ5

CPU: WS-SUP720-3BXL

Cisco 7606

magnus.maatta · ‎03-25-2014

This isn't solved yet for my part as I need to wait for a maintenance window, but in case someone else stumbles upon this, bug related to this issue: CSCui57810 .

Internal VRF VLAN ACL isn't set to permit ipv6 traffic:

#show tcam interface vlan 1021 acl in ipv6
* Global Defaults not shared

-------------------------------------------------------
ICMP Neighbor Discovery Packet Types:
na - neighbor advertisement ra - router advertisement
ns - neighbor solicit rs - router solicit
r - redirect

IPV6 Address Types:
full - IPv6 Full eui - IPv6 EUI
eipv4 - IPv6 embeded IPv4
-------------------------------------------------------

Entries from Bank 0

deny ipv6 any(eipv4) any (52 matches)
deny ipv6 any(eui) any (4 matches)
deny ipv6 any(full) any (194 matches)

Solution:

Remove mls mpls recir-agg

Remove vrf (all configuration related to it will be removed!)

Reconfigure vrf

(reload if still not working)