Solved: BGP in PE-CE and MP-BGP running together, unable to reach specific IPs in CE

Arun Nair · ‎10-22-2011

Hi experts,

I am just starting out with CCIE(R & S and SP, dont know which one I'm gonna give, I love both). I am just trying to come up with a lab design that I will be constructing based on my mistakes and experiences. I'd like you all to help me out here with this scenario.

The routers I am working on as of now are the ones connected to the FR switch(less important, just plain OSPF over broadcast network), CE4, CE1, CE2, PE1 and PE4.

I am running BGP between CE1-PE1, CE2-PE4, and OSPF between CE1-CE4. MP-BGP runs creating the super backbone between PE1 and PE4(PE2 is just a P router, never found the time to really rename it).

Relevant outputs are given below:

CE1#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets

B 1.1.1.1 [20/0] via 10.1.1.10, 01:01:21

50.0.0.0/32 is subnetted, 1 subnets

O 50.50.50.50 [110/75] via 10.1.1.1, 00:59:57, Ethernet0/0

70.0.0.0/32 is subnetted, 1 subnets

O 70.70.70.70 [110/75] via 10.1.1.1, 00:59:57, Ethernet0/0

33.0.0.0/32 is subnetted, 1 subnets

O 33.33.33.33 [110/21] via 10.1.1.1, 00:59:57, Ethernet0/0

80.0.0.0/32 is subnetted, 1 subnets

O 80.80.80.80 [110/75] via 10.1.1.1, 00:59:57, Ethernet0/0

20.0.0.0/32 is subnetted, 1 subnets

O 20.20.20.20 [110/75] via 10.1.1.1, 00:59:57, Ethernet0/0

172.19.0.0/16 is variably subnetted, 5 subnets, 2 masks

B 172.19.20.0/30 [20/0] via 10.1.1.10, 00:45:06

O 172.19.10.4/32 [110/138] via 10.1.1.1, 00:59:57, Ethernet0/0

O 172.19.10.1/32 [110/74] via 10.1.1.1, 00:59:57, Ethernet0/0

O 172.19.10.3/32 [110/10] via 10.1.1.1, 00:59:57, Ethernet0/0

O 172.19.10.2/32 [110/74] via 10.1.1.1, 00:59:57, Ethernet0/0

111.0.0.0/32 is subnetted, 1 subnets

C 111.111.111.111 is directly connected, Loopback1

40.0.0.0/32 is subnetted, 1 subnets

O 40.40.40.40 [110/139] via 10.1.1.1, 00:59:57, Ethernet0/0

10.0.0.0/30 is subnetted, 4 subnets

C 10.1.1.8 is directly connected, Ethernet0/1

C 10.1.1.0 is directly connected, Ethernet0/0

O 10.1.1.4 [110/20] via 10.1.1.1, 00:59:57, Ethernet0/0

B 10.1.1.32 [20/0] via 10.1.1.10, 01:01:21

11.0.0.0/24 is subnetted, 1 subnets

C 11.11.11.0 is directly connected, Loopback0

90.0.0.0/32 is subnetted, 1 subnets

O 90.90.90.90 [110/75] via 10.1.1.1, 00:59:57, Ethernet0/0

60.0.0.0/32 is subnetted, 1 subnets

O 60.60.60.60 [110/75] via 10.1.1.1, 00:59:57, Ethernet0/0

30.0.0.0/32 is subnetted, 1 subnets

O 30.30.30.30 [110/11] via 10.1.1.1, 00:59:57, Ethernet0/0

CE1#sh ip bgp su

BGP router identifier 111.111.111.111, local AS number 2

BGP table version is 25, main routing table version 25

20 network entries using 2340 bytes of memory

21 path entries using 1092 bytes of memory

14/12 BGP path/bestpath attribute entries using 1736 bytes of memory

2 BGP AS-PATH entries using 48 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 5216 total bytes of memory

BGP activity 21/1 prefixes, 22/1 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

10.1.1.10 4 1 71 78 25 0 0 01:02:01 4

CE1#sh ip ospf ne

Neighbor ID Pri State Dead Time Address Interface

30.30.30.30 0 FULL/ - 00:00:30 10.1.1.1 Ethernet0/0

CE1#

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

PE1#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

200.200.200.0/32 is subnetted, 2 subnets

C 200.200.200.200 is directly connected, Loopback1

O 200.200.200.201 [110/21] via 10.1.1.22, 01:03:42, Ethernet1/1

[110/21] via 10.1.1.18, 01:03:42, Ethernet1/0

10.0.0.0/30 is subnetted, 5 subnets

O 10.1.1.24 [110/20] via 10.1.1.22, 01:03:42, Ethernet1/1

O 10.1.1.28 [110/20] via 10.1.1.18, 01:03:42, Ethernet1/0

C 10.1.1.16 is directly connected, Ethernet1/0

C 10.1.1.20 is directly connected, Ethernet1/1

O 10.1.1.36 [110/20] via 10.1.1.18, 01:03:42, Ethernet1/0

PE1#

PE1#sh ip route vrf CE1

Routing Table: CE1

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets

C 1.1.1.1 is directly connected, Loopback0

50.0.0.0/32 is subnetted, 1 subnets

B 50.50.50.50 [20/75] via 11.11.11.11, 01:01:41

70.0.0.0/32 is subnetted, 1 subnets

B 70.70.70.70 [20/75] via 11.11.11.11, 01:01:41

33.0.0.0/32 is subnetted, 1 subnets

B 33.33.33.33 [20/21] via 11.11.11.11, 01:02:55

80.0.0.0/32 is subnetted, 1 subnets

B 80.80.80.80 [20/75] via 11.11.11.11, 01:01:41

20.0.0.0/32 is subnetted, 1 subnets

B 20.20.20.20 [20/75] via 11.11.11.11, 01:01:10

172.19.0.0/16 is variably subnetted, 5 subnets, 2 masks

B 172.19.20.0/30 [200/0] via 200.200.200.201, 00:47:01

B 172.19.10.4/32 [20/138] via 11.11.11.11, 01:01:41

B 172.19.10.1/32 [20/74] via 11.11.11.11, 01:01:41

B 172.19.10.3/32 [20/10] via 11.11.11.11, 01:02:25

B 172.19.10.2/32 [20/74] via 11.11.11.11, 01:01:10

40.0.0.0/32 is subnetted, 1 subnets

B 40.40.40.40 [20/139] via 11.11.11.11, 01:01:41

10.0.0.0/30 is subnetted, 4 subnets

C 10.1.1.8 is directly connected, Ethernet1/2

B 10.1.1.0 [20/0] via 11.11.11.11, 01:02:55

B 10.1.1.4 [20/20] via 11.11.11.11, 01:02:55

B 10.1.1.32 [200/0] via 200.200.200.201, 01:03:18

11.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

S 11.11.11.11/32 [1/0] via 10.1.1.9, Ethernet1/2

B 11.11.11.0/24 [20/0] via 11.11.11.11, 01:02:55

90.0.0.0/32 is subnetted, 1 subnets

B 90.90.90.90 [20/75] via 11.11.11.11, 01:01:41

60.0.0.0/32 is subnetted, 1 subnets

B 60.60.60.60 [20/75] via 11.11.11.11, 01:01:41

30.0.0.0/32 is subnetted, 1 subnets

B 30.30.30.30 [20/11] via 11.11.11.11, 01:02:55

PE1#

PE1#sh ip bg

PE1#sh ip bgp vpa

PE1#sh ip bgp vpn

PE1#sh ip bgp vpnv4 all

BGP table version is 31, local router ID is 200.200.200.200

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:1 (default for vrf CE1)

*> 1.1.1.1/32 0.0.0.0 0 32768 i

*> 10.1.1.0/30 11.11.11.11 0 0 2 ?

*> 10.1.1.4/30 11.11.11.11 20 0 2 ?

*> 10.1.1.8/30 0.0.0.0 0 32768 ?

* 11.11.11.11 0 0 2 ?

*>i10.1.1.32/30 200.200.200.201 0 100 0 ?

*> 11.11.11.0/24 11.11.11.11 0 0 2 ?

*> 20.20.20.20/32 11.11.11.11 75 0 2 ?

*> 30.30.30.30/32 11.11.11.11 11 0 2 ?

*> 33.33.33.33/32 11.11.11.11 21 0 2 ?

*> 40.40.40.40/32 11.11.11.11 139 0 2 ?

*> 50.50.50.50/32 11.11.11.11 75 0 2 ?

*> 60.60.60.60/32 11.11.11.11 75 0 2 ?

*> 70.70.70.70/32 11.11.11.11 75 0 2 ?

*> 80.80.80.80/32 11.11.11.11 75 0 2 ?

*> 90.90.90.90/32 11.11.11.11 75 0 2 ?

*> 172.19.10.1/32 11.11.11.11 74 0 2 ?

*> 172.19.10.2/32 11.11.11.11 74 0 2 ?

*> 172.19.10.3/32 11.11.11.11 10 0 2 ?

*> 172.19.10.4/32 11.11.11.11 138 0 2 ?

*>i172.19.20.0/30 200.200.200.201 0 100 0 3 i

PE1#

PE1#sh ip bgp vpnv4 all su

BGP router identifier 200.200.200.200, local AS number 1

BGP table version is 31, main routing table version 31

20 network entries using 2740 bytes of memory

21 path entries using 1428 bytes of memory

23/13 BGP path/bestpath attribute entries using 2852 bytes of memory

2 BGP AS-PATH entries using 48 bytes of memory

2 BGP extended community entries using 48 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 7116 total bytes of memory

BGP activity 21/1 prefixes, 22/1 paths, scan interval 15 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

11.11.11.11 4 2 79 72 31 0 0 01:03:07 17

200.200.200.201 4 1 70 83 31 0 0 01:04:17 2

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

PE4#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

200.200.200.0/32 is subnetted, 2 subnets

O 200.200.200.200 [110/21] via 10.1.1.29, 01:04:40, Ethernet1/0

[110/21] via 10.1.1.25, 01:04:40, Ethernet1/1

C 200.200.200.201 is directly connected, Loopback1

10.0.0.0/30 is subnetted, 5 subnets

C 10.1.1.24 is directly connected, Ethernet1/1

C 10.1.1.28 is directly connected, Ethernet1/0

O 10.1.1.16 [110/20] via 10.1.1.29, 01:04:40, Ethernet1/0

O 10.1.1.20 [110/20] via 10.1.1.25, 01:04:40, Ethernet1/1

O 10.1.1.36 [110/20] via 10.1.1.29, 01:04:40, Ethernet1/0

PE4#

PE4#sh ip route vp

PE4#sh ip route vpn

PE4#sh ip bg

PE4#sh ip bgp vp

PE4#sh ip bgp vpnv4 all

BGP table version is 46, local router ID is 200.200.200.201

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:1 (default for vrf CE2)

*>i1.1.1.1/32 200.200.200.200 0 100 0 i

*>i10.1.1.0/30 200.200.200.200 0 100 0 2 ?

*>i10.1.1.4/30 200.200.200.200 20 100 0 2 ?

*>i10.1.1.8/30 200.200.200.200 0 100 0 ?

* 10.1.1.32/30 12.12.12.12 0 0 3 i

*> 0.0.0.0 0 32768 ?

*>i11.11.11.0/24 200.200.200.200 0 100 0 2 ?

*>i20.20.20.20/32 200.200.200.200 75 100 0 2 ?

*>i30.30.30.30/32 200.200.200.200 11 100 0 2 ?

*>i33.33.33.33/32 200.200.200.200 21 100 0 2 ?

*>i40.40.40.40/32 200.200.200.200 139 100 0 2 ?

*>i50.50.50.50/32 200.200.200.200 75 100 0 2 ?

*>i60.60.60.60/32 200.200.200.200 75 100 0 2 ?

*>i70.70.70.70/32 200.200.200.200 75 100 0 2 ?

*>i80.80.80.80/32 200.200.200.200 75 100 0 2 ?

*>i90.90.90.90/32 200.200.200.200 75 100 0 2 ?

*>i172.19.10.1/32 200.200.200.200 74 100 0 2 ?

*>i172.19.10.2/32 200.200.200.200 74 100 0 2 ?

*>i172.19.10.3/32 200.200.200.200 10 100 0 2 ?

*>i172.19.10.4/32 200.200.200.200 138 100 0 2 ?

*> 172.19.20.0/30 12.12.12.12 0 0 3 i

PE4#

PE4#sh ip bgp vpnv4 all su

BGP router identifier 200.200.200.201, local AS number 1

BGP table version is 46, main routing table version 46

20 network entries using 2740 bytes of memory

21 path entries using 1428 bytes of memory

15/13 BGP path/bestpath attribute entries using 1860 bytes of memory

2 BGP AS-PATH entries using 48 bytes of memory

2 BGP extended community entries using 48 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 6124 total bytes of memory

BGP activity 21/1 prefixes, 22/1 paths, scan interval 15 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

12.12.12.12 4 3 53 76 46 0 0 00:48:21 2

200.200.200.200 4 1 84 71 46 0 0 01:05:15 18

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

CE2#ter len 0

CE2#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets

B 1.1.1.1 [20/0] via 10.1.1.34, 00:48:51

50.0.0.0/32 is subnetted, 1 subnets

B 50.50.50.50 [20/0] via 10.1.1.34, 00:48:51

100.0.0.0/30 is subnetted, 1 subnets

C 100.100.100.0 is directly connected, Serial1/0

70.0.0.0/32 is subnetted, 1 subnets

B 70.70.70.70 [20/0] via 10.1.1.34, 00:48:51

33.0.0.0/32 is subnetted, 1 subnets

B 33.33.33.33 [20/0] via 10.1.1.34, 00:48:51

80.0.0.0/32 is subnetted, 1 subnets

B 80.80.80.80 [20/0] via 10.1.1.34, 00:48:51

20.0.0.0/32 is subnetted, 1 subnets

B 20.20.20.20 [20/0] via 10.1.1.34, 00:48:51

172.19.0.0/16 is variably subnetted, 5 subnets, 2 masks

C 172.19.20.0/30 is directly connected, Ethernet0/1

B 172.19.10.4/32 [20/0] via 10.1.1.34, 00:48:51

B 172.19.10.1/32 [20/0] via 10.1.1.34, 00:48:51

B 172.19.10.3/32 [20/0] via 10.1.1.34, 00:48:51

B 172.19.10.2/32 [20/0] via 10.1.1.34, 00:48:51

40.0.0.0/32 is subnetted, 1 subnets

B 40.40.40.40 [20/0] via 10.1.1.34, 00:48:51

10.0.0.0/30 is subnetted, 4 subnets

B 10.1.1.8 [20/0] via 10.1.1.34, 00:48:51

B 10.1.1.0 [20/0] via 10.1.1.34, 00:48:51

B 10.1.1.4 [20/0] via 10.1.1.34, 00:48:51

C 10.1.1.32 is directly connected, Ethernet0/0

11.0.0.0/24 is subnetted, 1 subnets

B 11.11.11.0 [20/0] via 10.1.1.34, 00:48:51

12.0.0.0/32 is subnetted, 1 subnets

C 12.12.12.12 is directly connected, Loopback0

90.0.0.0/32 is subnetted, 1 subnets

B 90.90.90.90 [20/0] via 10.1.1.34, 00:48:51

60.0.0.0/32 is subnetted, 1 subnets

B 60.60.60.60 [20/0] via 10.1.1.34, 00:48:51

30.0.0.0/32 is subnetted, 1 subnets

B 30.30.30.30 [20/0] via 10.1.1.34, 00:48:51

CE2#

CE2#sh ip bg

CE2#sh ip bgp su

BGP router identifier 172.19.20.1, local AS number 3

BGP table version is 21, main routing table version 21

20 network entries using 2340 bytes of memory

21 path entries using 1092 bytes of memory

6/4 BGP path/bestpath attribute entries using 744 bytes of memory

2 BGP AS-PATH entries using 48 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 4224 total bytes of memory

BGP activity 20/0 prefixes, 21/0 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

10.1.1.34 4 1 76 53 21 0 0 00:48:54 19

CE2#

CE2#sh ip ospf ne

CE2#

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

CE4#

CE4#sh ip rout

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets

O E2 1.1.1.1 [110/1] via 10.1.1.2, 01:03:56, Ethernet1/0

50.0.0.0/32 is subnetted, 1 subnets

O 50.50.50.50 [110/65] via 172.19.10.1, 01:03:56, Serial0/0

70.0.0.0/32 is subnetted, 1 subnets

O 70.70.70.70 [110/65] via 172.19.10.1, 01:03:56, Serial0/0

33.0.0.0/32 is subnetted, 1 subnets

O 33.33.33.33 [110/11] via 10.1.1.6, 01:03:56, Ethernet1/1

80.0.0.0/32 is subnetted, 1 subnets

O 80.80.80.80 [110/65] via 172.19.10.1, 01:03:56, Serial0/0

20.0.0.0/32 is subnetted, 1 subnets

O 20.20.20.20 [110/65] via 172.19.10.2, 01:03:56, Serial0/0

172.19.0.0/16 is variably subnetted, 5 subnets, 3 masks

O E2 172.19.20.0/30 [110/1] via 10.1.1.2, 00:49:05, Ethernet1/0

O 172.19.10.4/32 [110/128] via 172.19.10.1, 01:03:56, Serial0/0

O 172.19.10.1/32 [110/64] via 172.19.10.1, 01:03:56, Serial0/0

C 172.19.10.0/24 is directly connected, Serial0/0

O 172.19.10.2/32 [110/64] via 172.19.10.2, 01:03:56, Serial0/0

40.0.0.0/32 is subnetted, 1 subnets

O 40.40.40.40 [110/129] via 172.19.10.1, 01:03:56, Serial0/0

10.0.0.0/30 is subnetted, 4 subnets

O 10.1.1.8 [110/20] via 10.1.1.2, 01:03:56, Ethernet1/0

C 10.1.1.0 is directly connected, Ethernet1/0

C 10.1.1.4 is directly connected, Ethernet1/1

O E2 10.1.1.32 [110/1] via 10.1.1.2, 01:03:56, Ethernet1/0

11.0.0.0/32 is subnetted, 1 subnets

O 11.11.11.11 [110/11] via 10.1.1.2, 01:03:56, Ethernet1/0

90.0.0.0/32 is subnetted, 1 subnets

O 90.90.90.90 [110/65] via 172.19.10.1, 01:03:56, Serial0/0

60.0.0.0/32 is subnetted, 1 subnets

O 60.60.60.60 [110/65] via 172.19.10.1, 01:03:56, Serial0/0

30.0.0.0/32 is subnetted, 1 subnets

C 30.30.30.30 is directly connected, Loopback0

CE4#

CE4#sh ip ospf ne

Neighbor ID Pri State Dead Time Address Interface

20.20.20.20 0 FULL/ - 00:01:45 172.19.10.2 Serial0/0

90.90.90.90 0 FULL/ - 00:01:33 172.19.10.1 Serial0/0

33.33.33.33 0 FULL/ - 00:00:33 10.1.1.6 Ethernet1/1

111.111.111.111 0 FULL/ - 00:00:34 10.1.1.2 Ethernet1/0

CE4#

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Things I am not understanding here are the following:

1. I try pinging from CE2/PE4 to 10.1.1.2/10.1.1.1. They dont ping. The other way around(i.e. pinging from CE4 to 10.1.1.33/10.1.1.34 is a no no).

2. As soon as I remove the redistribution of connected routes in BGP address-family ipv4 on PE1 and PE4, I lose connectivity between CEs. The only subnets pinging with the redistribution configured are the connected routes on each CE.

3. Why dont I understand these things!!!!???????? Ive been bugged up and usually I am lazy enough to even create a new post(you might find this is the first post from my end), but things are going really bad around my learning curve lately, so I decided to buckle up and hence ended up with this post(usually I try to figure it out by myself(of course through Brian McGahans blog posts and through great stuff contributed by the other demi-Gods.)

Configs for all the other routers are given below. Please do not bother about the other routers since I have just IPed them, no other useful configuration exists.

Peter Paluch · ‎10-23-2011

Hi Arun and Varma,

Please allow me to join the discussion.

One of your earliest posts caught my attention, in particular:

PE4#sh ip cef vrf CE2 30.30.30.30

30.30.30.30/32, version 21, epoch 0, per-destination sharing

0 packets, 0 bytes

tag information set

local tag: VPN-route-head

fast tag rewrite with

Recursive rewrite via 200.200.200.200/32, tags imposed {26}

via 200.200.200.200, 0 dependencies, recursive

next hop 10.1.1.29, Ethernet1/0 via 200.200.200.200/32

valid adjacency

tag rewrite with

Recursive rewrite via 200.200.200.200/32, tags imposed {26}

Recursive load sharing using 200.200.200.200/32.

PE4#

If I am interpreting this output correctly, the 30.30.30.30/32 network is located at CE4 behind PE1. Furthermore, PE4 and PE1 are not directly connected. We should therefore be seeing two labels here: the top label describing the LSP towards PE1, the bottom label identifying the network 30.30.30.30/32 in the appropriate VRF on PE1. However, there is only a single label indicated here, and that is suspicious. This would be my personal course of action: to determine what does this particular label describe, and why is the second label missing.

Useful commands on PE4:

show ip bgp vpnv4 all labels

show mpls forwarding-table

Best regards,

Peter

View solution in original post

Vaibhava Varma · ‎10-24-2011

Hi Arun

No we do not need to enable mpls on the loopbacks.

Secondly the above output is just showing the VPN labels and not the label stack with transport labels

I just double checked over this using c7200 in Lab. Did you use c3600 in your lab as when we use 3600 the CEF output has different format.

*************

c3600

*********

PE4#sh ip cef vrf CE2 30.30.30.30 detail

30.30.30.30/32, version 8, epoch 0, per-destination sharing

0 packets, 0 bytes

tag information set

local tag: VPN-route-head

fast tag rewrite with

Recursive rewrite via 200.200.200.200/32, tags imposed {23}

via 200.200.200.200, 0 dependencies, recursive

next hop 10.1.1.29, Ethernet1/0 via 200.200.200.200/32

valid adjacency

tag rewrite with

Recursive rewrite via 200.200.200.200/32, tags imposed {23}

Recursive load sharing using 200.200.200.200/32.

PE4#

PE4#traceroute vrf CE2 30.30.30.30

Type escape sequence to abort.

Tracing the route to 30.30.30.30

1 10.1.1.29 [MPLS: Labels 17/23 Exp 0] 104 msec 176 msec 84 msec

2 10.1.1.17 [MPLS: Label 23 Exp 0] 76 msec 104 msec 112 msec

3 10.1.1.9 64 msec 168 msec 72 msec

4 10.1.1.1 144 msec * 188 msec

PE4#

PE4#show mpls forwarding-table 200.200.200.200

Local Outgoing Prefix Bytes tag Outgoing Next Hop

tag tag or VC or Tunnel Id switched interface

18 17 200.200.200.200/32 \

0 Et1/0 10.1.1.29

PE4#

********

c7200

*********

PE4#sh ip bgp vpnv4 all labels

Network Next Hop In label/Out label

Route Distinguisher: 1:1 (CE2)

1.1.1.1/32 200.200.200.200 nolabel/18

10.1.1.0/30 200.200.200.200 nolabel/21

10.1.1.8/30 200.200.200.200 nolabel/19

10.1.1.32/30 12.12.12.12 18/nolabel

0.0.0.0 18/nolabel(CE2)

11.11.11.0/24 200.200.200.200 nolabel/20

12.12.12.12/32 12.12.12.12 19/nolabel

30.30.30.30/32 200.200.200.200 nolabel/22

PE4#tr

PE4#traceroute v

PE4#traceroute vrf CE2 11.11.11.11

Type escape sequence to abort.

Tracing the route to 11.11.11.11

1 10.1.1.29 [MPLS: Labels 16/20 Exp 0] 152 msec 168 msec 84 msec

2 10.1.1.10 [MPLS: Label 20 Exp 0] 156 msec 108 msec 204 msec

3 10.1.1.9 164 msec * 112 msec

PE4#traceroute vrf CE2 30.30.30.30

Type escape sequence to abort.

Tracing the route to 30.30.30.30

1 10.1.1.29 [MPLS: Labels 16/22 Exp 0] 180 msec 144 msec 148 msec

2 10.1.1.10 [MPLS: Label 22 Exp 0] 132 msec 92 msec 172 msec

3 10.1.1.9 148 msec 156 msec 84 msec

4 10.1.1.1 168 msec * 132 msec

PE4#

The issue is somewhere related to an unexpected GNS behaviour nothing much else.

Regards

Varma

View solution in original post

Arun Nair · ‎10-22-2011

Some ping outputs from the routers. Sorry for the wrong input given above. Apologies:

Corrections:

1. From CE1, I am able to ping everything in CE2.

2. From CE4, I am unable to ping anything in CE2.

3. From CE2, I am able to ping only 10.1.1.8/30 and 1.1.1.1/32 of PE1.

CE2#p 1.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 20/45/92 ms

CE2#p 50.50.50.50

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 50.50.50.50, timeout is 2 seconds:

...

Success rate is 0 percent (0/3)

CE2#p 33.33.33.33

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:

..

Success rate is 0 percent (0/2)

CE2#p 80.80.80.80

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 80.80.80.80, timeout is 2 seconds:

.

Success rate is 0 percent (0/1)

CE2#p 20.20.20.20

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 20.20.20.20, timeout is 2 seconds:

.

Success rate is 0 percent (0/1)

CE2#p 10.1.1.9

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.9, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 36/87/236 ms

CE2#p 10.1.1.10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.10, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/41/92 ms

CE2#p 10.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

.

Success rate is 0 percent (0/1)

CE2#p 10.1.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:

..

Success rate is 0 percent (0/2)

CE2#p 11.11.11.11

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:

..

Success rate is 0 percent (0/2)

CE2#p 30.30.30

% Unrecognized host or address, or protocol not running.

CE2#p 30.30.30.30

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 30.30.30.30, timeout is 2 seconds:

.

Success rate is 0 percent (0/1)

CE2#p 90.90.90.90

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 90.90.90.90, timeout is 2 seconds:

.

Success rate is 0 percent (0/1)

CE2#p 60.60.60.60

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 60.60.60.60, timeout is 2 seconds:

..

Success rate is 0 percent (0/2)

CE2#

-------------------------------------------------------------------------------------------------------------------------------------------------------------

CE1#p 12.12.12.21

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 12.12.12.21, timeout is 2 seconds:

.

Success rate is 0 percent (0/1)

CE1#p 12.12.12.12

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 12.12.12.12, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 32/87/188 ms

CE1#

CE1#p 172.19.20.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.19.20.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 32/62/120 ms

CE1#p 10.1.1.33

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.33, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 32/84/172 ms

CE1#p 10.1.1.34

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.34, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 16/60/124 ms

CE1#p 1.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/24/68 ms

CE1#

---------------------------------------------------------------------------------------------------------------------------------------------------------------------

CE4#p 172.19.20.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.19.20.1, timeout is 2 seconds:

..

Success rate is 0 percent (0/2)

CE4#p 10.1.1.34

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.34, timeout is 2 seconds:

..

Success rate is 0 percent (0/2)

CE4#p 10.1.1.33

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.33, timeout is 2 seconds:

..

Success rate is 0 percent (0/2)

CE4#p 12.12.12.12

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 12.12.12.12, timeout is 2 seconds:

..

Success rate is 0 percent (0/2)

CE4#

Vaibhava Varma · ‎10-22-2011

Hi Arun

Regarding your toplogy and for the CCIE preparation my inputs would be as below:

1. While troubleshooting any routing issue we should make sure that we have both forward and reverse routing available between the source and destination in question, e,g if we are pinging from A to B then we should make sure that A has routes for B along the desired path and B has routes for A along the desired path

2. When the routing part is verified we should look at the underlying transport layer if the reachability is through on the transport layer. For e,g in the case of MPLS VPN transport the PE routers should have a valid cef entry for reaching the routes in question across the MP-iBGP domain. The right command would be to issue " sh ip cef vrf "vrf_name" "prefix_in_question" detail"

I would personally advise you to focus on just one prefix in question which has routing issues and verify using above details. If you still face issues do let know if something can be looked upon.

Remember routing is always between endpoints and underlying transport is always transparent if the routing table has the correct routes as we expect them to be.

Hope this helps you in doing further research on your issue.

Regards

Varma

Arun Nair · ‎10-22-2011

Thanks Vaibhava. I am on my way to check this out. Will post my inputs in a jiffy.

Arun Nair · ‎10-22-2011

Hi Vaibhava,

Just as I thought, LDP is through and labels are being distributed to routes.

I always keep an eye on the routing table of the CEs to see whether they are learning routes through the advertising protocol, although I usually do not double check them. In this case, the CEs have all the routes in their BGP table as well as routing table.

Also, just to confirm the above point, you would see that I have rashly redistributed connected as well as dynamic routes across BGP and OSPF. So the routing table sync is out of the equation I guess.

Please suggest.

CEF output is as follows for the unreachable prefix of CE1, in PE4.

PE4#ping vrf CE2 30.30.30.30

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 30.30.30.30, timeout is 2 seconds:

..

Success rate is 0 percent (0/2)

PE4#sh ip cef vrf CE2 30.30.30.30

30.30.30.30/32, version 21, epoch 0, per-destination sharing

0 packets, 0 bytes

tag information set

local tag: VPN-route-head

fast tag rewrite with

Recursive rewrite via 200.200.200.200/32, tags imposed {26}

via 200.200.200.200, 0 dependencies, recursive

next hop 10.1.1.29, Ethernet1/0 via 200.200.200.200/32

valid adjacency

tag rewrite with

Recursive rewrite via 200.200.200.200/32, tags imposed {26}

Recursive load sharing using 200.200.200.200/32.

PE4#

Am I going wrong with interpreting the CEF output??

Vaibhava Varma · ‎10-22-2011

Hi Arun

The CEF entry is fine and the hop-by-hop routing also seems fine.

what does the traceroute from PE4 and CE2 to 30.30.30.30 depicting the point of packet drop ?

Regards

Varma

Arun Nair · ‎10-22-2011

Hi Vaibhava,

The packet falls on the first hop from PE4 and falls on the p2p IP of PE4 from CE2.

For the other prefixes, I was able to see the MPLS labels all through the path from CE2 to PE1.

Vaibhava Varma · ‎10-22-2011

Hi Arun

Can you please share both the traceroutes ie

1) for the working prefix from CE2 to CE1/CE4 and other from non-working prefix from CE2 to CE1/CE4.

2) Similarly from PE4 to CE1/CE4 for working prefix and PE4 to CE1/CE4 for non-working prefix

Regards

Varma

Arun Nair · ‎10-23-2011

Traceroutes for CE2: PS that only one prefix(10.1.1.8/30) on CE1 will be reachable from CE2. Its a one way reachability issue.

CE2#traceroute 30.30.30.30 //Loopback for CE4

Type escape sequence to abort.

Tracing the route to 30.30.30.30

1 10.1.1.34 48 msec 48 msec 24 msec

2 * * *

3 * * *

4

CE2#

CE2#trace

CE2#traceroute 10.1.1.9 //p2p IP between PE1 and CE1 on CE1

Type escape sequence to abort.

Tracing the route to 10.1.1.9

1 10.1.1.34 56 msec 60 msec 8 msec

2 10.1.1.29 [MPLS: Labels 18/21 Exp 0] 56 msec 36 msec 28 msec

3 10.1.1.10 [AS 1] [MPLS: Label 21 Exp 0] 72 msec 40 msec 28 msec

4 10.1.1.9 [AS 1] 68 msec * 72 msec

CE2#

CE2#traceroute 1.1.1.1 //Loopback for PE1

Type escape sequence to abort.

Tracing the route to 1.1.1.1

1 10.1.1.34 32 msec 60 msec 8 msec

2 10.1.1.29 [MPLS: Labels 18/20 Exp 0] 76 msec 4 msec 64 msec

3 1.1.1.1 [AS 1] [MPLS: Label 20 Exp 0] 96 msec * 100 msec

CE2#

------------------------------------------------------------------------------------------------------------------------------------------------------------

Traceroutes for PE4 to PE1 and CE1/CE4

PE4#traceroute vrf CE2 30.30.30.30

Type escape sequence to abort.

Tracing the route to 30.30.30.30

1 * * *

2

PE4#trace

PE4#traceroute 1.1.1.1

Type escape sequence to abort.

Tracing the route to 1.1.1.1

1 *

PE4#trace

PE4#traceroute vr

PE4#traceroute vrf CE2 1.1.1.1

Type escape sequence to abort.

Tracing the route to 1.1.1.1

1 10.1.1.29 [MPLS: Labels 18/20 Exp 0] 72 msec 184 msec 112 msec

2 1.1.1.1 [MPLS: Label 20 Exp 0] 120 msec * 56 msec

PE4#

PE4#trace

PE4#traceroute vrf

PE4#traceroute vrf CE2 10.1.1.9

Type escape sequence to abort.

Tracing the route to 10.1.1.9

1 10.1.1.29 [MPLS: Labels 18/21 Exp 0] 84 msec 52 msec 24 msec

2 10.1.1.10 [MPLS: Label 21 Exp 0] 36 msec 32 msec 16 msec

3 10.1.1.9 48 msec * 64 msec

PE4#

----------------------------------------------------------------------------------------------------------------------------------------------------------------

Traceroutes from PE1 to PE4, CE2, CE1, CE4: All IPs are reachable from here on either ends.

PE1#trace

PE1#traceroute vrf CE1 10.1.1.33 //IP on CE2

Type escape sequence to abort.

Tracing the route to 10.1.1.33

1 10.1.1.18 [MPLS: Labels 19/19 Exp 0] 68 msec 72 msec 16 msec

2 10.1.1.34 [MPLS: Label 19 Exp 0] 52 msec 8 msec 12 msec

3 10.1.1.33 120 msec * 100 msec

PE1#traceroute vrf CE1 10.1.1.34 //IP on PE4

Type escape sequence to abort.

Tracing the route to 10.1.1.34

1 10.1.1.18 [MPLS: Labels 19/19 Exp 0] 80 msec 76 msec 24 msec

2 10.1.1.34 [MPLS: Label 19 Exp 0] 64 msec * 104 msec

PE1#trace

PE1#traceroute vr

PE1#traceroute vrf CE1 12.12.12.12 //IP on CE2

Type escape sequence to abort.

Tracing the route to 12.12.12.12

1 10.1.1.18 [MPLS: Labels 19/20 Exp 0] 292 msec 8 msec 108 msec

2 10.1.1.34 [MPLS: Label 20 Exp 0] 32 msec 8 msec 32 msec

3 10.1.1.33 48 msec * 60 msec

PE1#

PE1#trace

PE1#traceroute v

PE1#traceroute vrf CE1 30.30.30.30 //IP on CE4

Type escape sequence to abort.

Tracing the route to 30.30.30.30

1 10.1.1.9 96 msec 60 msec 4 msec

2 10.1.1.1 188 msec * 116 msec

PE1#traceroute vrf CE1 172.19.10.3 //Belongs to one of the routers connected to FR sw.

Type escape sequence to abort.

Tracing the route to 172.19.10.3

1 10.1.1.9 76 msec 100 msec 252 msec

2 10.1.1.1 72 msec * 72 msec

PE1#

--------------------------------------------------------------------------------------------------------------------------------------------------

Traceroutes from CE1 to PE4, CE2

CE1#traceroute 10.1.1.33

Type escape sequence to abort.

Tracing the route to 10.1.1.33

1 10.1.1.10 96 msec 24 msec 24 msec

2 10.1.1.18 [MPLS: Labels 19/19 Exp 0] 64 msec 36 msec 120 msec

3 10.1.1.34 [AS 1] [MPLS: Label 19 Exp 0] 104 msec 100 msec 60 msec

4 10.1.1.33 [AS 1] 324 msec * 32 msec

CE1#

CE1#traceroute 12.12.12.12

Type escape sequence to abort.

Tracing the route to 12.12.12.12

1 10.1.1.10 52 msec 60 msec 8 msec

2 10.1.1.18 [MPLS: Labels 19/20 Exp 0] 84 msec 60 msec 52 msec

3 10.1.1.34 [AS 1] [MPLS: Label 20 Exp 0] 28 msec 44 msec 52 msec

4 10.1.1.33 [AS 1] 36 msec * 92 msec

CE1#

CE1#traceroute 10.1.1.34

Type escape sequence to abort.

Tracing the route to 10.1.1.34

1 10.1.1.10 60 msec 44 msec 8 msec

2 10.1.1.18 [MPLS: Labels 19/19 Exp 0] 36 msec 52 msec 40 msec

3 10.1.1.34 [AS 1] [MPLS: Label 19 Exp 0] 68 msec * 84 msec

CE1#

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Traceroutes from CE4:

CE4#traceroute 1.1.1.1 //IP on PE1

Type escape sequence to abort.

Tracing the route to 1.1.1.1

1 10.1.1.2 84 msec 68 msec 44 msec

2 10.1.1.10 140 msec * 64 msec

CE4#

CE4#trace

CE4#traceroute 172.19.20.1 //IP on CE2

Type escape sequence to abort.

Tracing the route to 172.19.20.1

1 10.1.1.2 156 msec 64 msec 116 msec

2 10.1.1.10 180 msec 212 msec 4 msec

3 * * *

4

CE4#traceroute 12.12.12.12 //IP on CE2

Type escape sequence to abort.

Tracing the route to 12.12.12.12

1 10.1.1.2 92 msec 52 msec 12 msec

2 10.1.1.10 32 msec 64 msec 16 msec

3 * * *

4

CE4#

CE4#trace

CE4#traceroute 10.1.1.33

Type escape sequence to abort.

Tracing the route to 10.1.1.33 //IP on CE2

1 10.1.1.2 44 msec 84 msec 4 msec

2 10.1.1.10 28 msec 36 msec 8 msec

3 * *

CE4#traceroute 10.1.1.34 //IP on PE4

Type escape sequence to abort.

Tracing the route to 10.1.1.34

1 10.1.1.2 52 msec 44 msec 4 msec

2 10.1.1.10 20 msec 60 msec 36 msec

3 * *

CE4#

Vaibhava Varma · ‎10-23-2011

Hi Arun

Very strange to note is that the trace from PE4 to CE4 Loopback learnt across MPLS backbone is not at all initiating as if its has no route...Even though the VRF RT at PE4 shows the route...Can you try clearing the route 30.30.30.30/32 and 10.1.1.0/30 on PE4 under VRF context CE2 and try once...This is pretty not the expected behaviour when we have the route and a valid CEF entry/

Traceroutes for PE4 to PE1 and CE1/CE4

PE4#traceroute vrf CE2 30.30.30.30

Type escape sequence to abort.

Tracing the route to 30.30.30.30

1 * * *

2

PE4#trace

Regards

Varma

Arun Nair · ‎10-23-2011

Hi Vaibhava,

Same output.

PE4#traceroute vrf CE2 30.30.30.30

Type escape sequence to abort.

Tracing the route to 30.30.30.30

1 * * *

2 *

PE4#

Just a doubt though. I have the next hop self command on PE1 awa PE4. Now, if you see the vrf CE2 routing table, you would find that next hop is 200.200.200.200, but I do not have a route to 200.200.200.200 in the CE2 vrf routing table. Would this be a reason why prefixes are not reachable?

But if that is the case, then I should not be able to ping 10.1.1.32/30 from vrf CE1 of PE1, as I dont have a route to 200.200.200.201 which is the loopback of PE4.

FYI

PE1#sh ip route vrf CE1

Routing Table: CE1

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets

C 1.1.1.1 is directly connected, Loopback0

50.0.0.0/32 is subnetted, 1 subnets

B 50.50.50.50 [20/75] via 11.11.11.11, 02:12:31

70.0.0.0/32 is subnetted, 1 subnets

B 70.70.70.70 [20/75] via 11.11.11.11, 02:12:31

33.0.0.0/32 is subnetted, 1 subnets

B 33.33.33.33 [20/21] via 11.11.11.11, 02:13:04

80.0.0.0/32 is subnetted, 1 subnets

B 80.80.80.80 [20/75] via 11.11.11.11, 02:12:31

20.0.0.0/32 is subnetted, 1 subnets

B 20.20.20.20 [20/75] via 11.11.11.11, 02:12:32

172.19.0.0/16 is variably subnetted, 5 subnets, 2 masks

B 172.19.20.0/30 [200/0] via 200.200.200.201, 02:13:37

B 172.19.10.4/32 [20/138] via 11.11.11.11, 02:12:32

B 172.19.10.1/32 [20/74] via 11.11.11.11, 02:12:32

B 172.19.10.3/32 [20/10] via 11.11.11.11, 02:13:04

B 172.19.10.2/32 [20/74] via 11.11.11.11, 02:12:32

40.0.0.0/32 is subnetted, 1 subnets

B 40.40.40.40 [20/139] via 11.11.11.11, 02:12:32

10.0.0.0/30 is subnetted, 4 subnets

C 10.1.1.8 is directly connected, Ethernet1/2

B 10.1.1.0 [20/0] via 11.11.11.11, 02:13:04

B 10.1.1.4 [20/20] via 11.11.11.11, 02:13:04

B 10.1.1.32 [200/0] via 200.200.200.201, 02:13:37

11.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

S 11.11.11.11/32 [1/0] via 10.1.1.9, Ethernet1/2

B 11.11.11.0/24 [20/0] via 11.11.11.11, 02:13:04

12.0.0.0/32 is subnetted, 1 subnets

B 12.12.12.12 [200/0] via 200.200.200.201, 02:13:37

90.0.0.0/32 is subnetted, 1 subnets

B 90.90.90.90 [20/75] via 11.11.11.11, 02:12:32

60.0.0.0/32 is subnetted, 1 subnets

B 60.60.60.60 [20/75] via 11.11.11.11, 02:12:32

30.0.0.0/32 is subnetted, 1 subnets

B 30.30.30.30 [20/11] via 11.11.11.11, 02:13:05

PE1#

PE1#trace

PE1#traceroute vr

PE1#traceroute vrf CE1 200.200.200.201

Type escape sequence to abort.

Tracing the route to 200.200.200.201

1 *

PE1#traceroute vrf CE1 10.1.1.33

Type escape sequence to abort.

Tracing the route to 10.1.1.33

1 10.1.1.18 [MPLS: Labels 19/19 Exp 0] 116 msec 60 msec 60 msec

2 10.1.1.34 [MPLS: Label 19 Exp 0] 92 msec 44 msec 20 msec

3 10.1.1.33 144 msec * 68 msec

PE1#

Vaibhava Varma · ‎10-23-2011

Hi Arun

200.200.200.200/201 are the MP-iBGP next-hops which are reachable via IGP and need not to be present in VRF-RT.

MPLS VPN has a two label stack where top label is the Transport IGP label for the MP-iBGP next hop reachability and the bottom label is the VPN Label to identifiy the outgoing interface in a particuar VPN on the egress.

Not sure why the trace is not initializing at all. If interested to dig deeper then we can try below to dive into more depth :-)

Please try below debug on PE4 with logging-console enables while running ping/traceroute from PE4 under VRF context to 30.30.30.30 and 10.1.1.1/10.1.1.2 and explicit source as 10.1.1.34 and capture the output debug and show access-list 140

debug ip packet 140

debug ip icmp

!

access-list 140 permit ip host 10.1.1.34 host 30.30.30.30 log

access-list 140 permit ip host 10.1.1.34 10.1.1.0 0.0.0.3 log

Hope other experts also share their view on this strange but interesting issue.

Regards

Varma

Arun Nair · ‎10-23-2011

Hi Vaibhava,

Please do not see this as an issue, as it might also be caused due to my misunderstanding of concepts. I might be going wrong somewhere.

Outputs are posted below. I think maybe there is some GNS bug, since I tried creating a smaller setup with the same design(5 rtrs, 2PE, 2CE and 1P, BGP b/w PE-CE, MP-VPN b/w PE-PE). The thing worked. Although I have another doubt in this smaller setup which I will get back to later.

PE4(config)#access-list 140 permit ip host 10.1.1.34 host 30.30.30.30 log

PE4(config)#access-list 140 permit ip host 10.1.1.34 10.1.1.0 0.0.0.3 log

PE4(config)#

PE4(config)#debug ip packet 140

^

% Invalid input detected at '^' marker.

PE4(config)#debug ip icmp

^

% Invalid input detected at '^' marker.

PE4(config)#!

PE4(config)#exit

PE4#debug ip packet 140

IP packet debugging is on for access list 140

PE4#debug ip icmp

ICMP packet debugging is on

PE4#!

PE4#

*Oct 23 17:10:27.246: %SYS-5-CONFIG_I: Configured from console by console

PE4#conf t

Enter configuration commands, one per line. End with CNTL/Z.

PE4(config)#log

PE4(config)#logg

PE4(config)#logging con

PE4(config)#logging console en

Translating "console"

^

% Invalid input detected at '^' marker.

PE4(config)#logging console

PE4(config)#

PE4(config)#exi

PE4#

*Oct 23 17:10:39.538: %SYS-5-CONFIG_I: Configured from console by console

PE4#p vrf CE2 30.30.30.30 sou

PE4#ping vrf CE2 30.30.30.30 source 10.1.1.34

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 30.30.30.30, timeout is 2 seconds:

Packet sent with a source address of 10.1.1.34

*Oct 23 17:10:58.194: %SEC-6-IPACCESSLOGDP: list 140 permitted icmp 10.1.1.34 -> 30.30.30.30 (0/0), 1 packet

*Oct 23 17:10:58.198: IP: tableid=1, s=10.1.1.34 (local), d=30.30.30.30 (Ethernet1/0), routed via FIB

*Oct 23 17:10:58.202: IP: s=10.1.1.34 (local), d=30.30.30.30 (Ethernet1/0), len 100, sending.

*Oct 23 17:11:00.194: IP: tableid=1, s=10.1.1.34 (local), d=30.30.30.30 (Ethernet1/0), routed via FIB

*Oct 23 17:11:00.198: IP: s=10.1.1.34 (local), d=30.30.30.30 (Ethernet1/0), len 100, sending.

*Oct 23 17:11:02.194: IP: tableid=1, s=10.1.1.34 (local), d=30.30.30.30 (Ethernet1/0), routed via FIB

*Oct 23 17:11:02.198: IP: s=10.1.1.34 (local), d=30.30.30.30 (Ethernet1/0), len 100, sending.

*Oct 23 17:11:04.194: IP: tableid=1, s=10.1.1.34 (local), d=30.30.30.30 (Ethernet1/0), routed via FIB

*Oct 23 17:11:04.198: IP: s=10.1.1.34 (local), d=30.30.30.30 (Ethernet1/0), len 100, sending.

*Oct 23 17:11:06.194: IP: tableid=1, s=10.1.1.34 (local), d=30.30.30.30 (Ethernet1/0), routed via FIB

*Oct 23 17:11:06.198: IP: s=10.1.1.34 (local), d=30.30.30.30 (Ethernet1/0), len 100, sending.

Success rate is 0 percent (0/5)

PE4#

PE4#ping vrf CE2 10.1.1.1 source 10.1.1.34

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

Packet sent with a source address of 10.1.1.34

*Oct 23 17:11:19.202: %SEC-6-IPACCESSLOGDP: list 140 permitted icmp 10.1.1.34 -> 10.1.1.1 (0/0), 1 packet

*Oct 23 17:11:19.206: IP: tableid=1, s=10.1.1.34 (local), d=10.1.1.1 (Ethernet1/0), routed via FIB

*Oct 23 17:11:19.210: IP: s=10.1.1.34 (local), d=10.1.1.1 (Ethernet1/0), len 100, sending.

*Oct 23 17:11:21.202: IP: tableid=1, s=10.1.1.34 (local), d=10.1.1.1 (Ethernet1/0), routed via FIB

*Oct 23 17:11:21.206: IP: s=10.1.1.34 (local), d=10.1.1.1 (Ethernet1/0), len 100, sending.

*Oct 23 17:11:23.202: IP: tableid=1, s=10.1.1.34 (local), d=10.1.1.1 (Ethernet1/0), routed via FIB

*Oct 23 17:11:23.206: IP: s=10.1.1.34 (local), d=10.1.1.1 (Ethernet1/0), len 100, sending.

*Oct 23 17:11:25.202: IP: tableid=1, s=10.1.1.34 (local), d=10.1.1.1 (Ethernet1/0), routed via FIB

*Oct 23 17:11:25.206: IP: s=10.1.1.34 (local), d=10.1.1.1 (Ethernet1/0), len 100, sending.

*Oct 23 17:11:27.202: IP: tableid=1, s=10.1.1.34 (local), d=10.1.1.1 (Ethernet1/0), routed via FIB

*Oct 23 17:11:27.206: IP: s=10.1.1.34 (local), d=10.1.1.1 (Ethernet1/0), len 100, sending.

Success rate is 0 percent (0/5)

PE4#

PE4#ping vrf CE2 10.1.1.2 source 10.1.1.34

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:

Packet sent with a source address of 10.1.1.34

*Oct 23 17:11:34.230: %SEC-6-IPACCESSLOGDP: list 140 permitted icmp 10.1.1.34 -> 10.1.1.2 (0/0), 1 packet

*Oct 23 17:11:34.234: IP: tableid=1, s=10.1.1.34 (local), d=10.1.1.2 (Ethernet1/0), routed via FIB

*Oct 23 17:11:34.234: IP: s=10.1.1.34 (local), d=10.1.1.2 (Ethernet1/0), len 100, sending.

*Oct 23 17:11:36.230: IP: tableid=1, s=10.1.1.34 (local), d=10.1.1.2 (Ethernet1/0), routed via FIB

*Oct 23 17:11:36.234: IP: s=10.1.1.34 (local), d=10.1.1.2 (Ethernet1/0), len 100, sending.

*Oct 23 17:11:38.230: IP: tableid=1, s=10.1.1.34 (local), d=10.1.1.2 (Ethernet1/0), routed via FIB

*Oct 23 17:11:38.234: IP: s=10.1.1.34 (local), d=10.1.1.2 (Ethernet1/0), len 100, sending.

*Oct 23 17:11:40.230: IP: tableid=1, s=10.1.1.34 (local), d=10.1.1.2 (Ethernet1/0), routed via FIB

*Oct 23 17:11:40.234: IP: s=10.1.1.34 (local), d=10.1.1.2 (Ethernet1/0), len 100, sending.

*Oct 23 17:11:42.230: IP: tableid=1, s=10.1.1.34 (local), d=10.1.1.2 (Ethernet1/0), routed via FIB

*Oct 23 17:11:42.234: IP: s=10.1.1.34 (local), d=10.1.1.2 (Ethernet1/0), len 100, sending.

Success rate is 0 percent (0/5)

PE4#

PE4#show

PE4#show ac

PE4#show acce

PE4#show access-l

PE4#show access-lists 140

Extended IP access list 140

10 permit ip host 10.1.1.34 host 30.30.30.30 log (10 matches)

20 permit ip host 10.1.1.34 10.1.1.0 0.0.0.3 log (20 matches)

PE4#

Vaibhava Varma · ‎10-23-2011

Hi Arun

Definitely this is something very unexpected behaviour as I don't find anything here wrong on the routing/mpls layer to let it not work.

I was looking for an "unroutable" message though to see if its something with improper FIB/LFIB entry but thats not the case. May be its good to leave the particular behaviour at this point of time and move ahead.

All the best with your CCIE Prep :-)

Regards

Varma

Kishore Chennupati · ‎10-23-2011

Hi Arun,

Peter is spot on Not to say I know any better than him.

PE4#traceroute vrf CE2 30.30.30.30
Type escape sequence to abort.

Tracing the route to 30.30.30.30

1 * * *

2

PE4#trace

I have observed this behaviour normally when you don't have the VPN label.So you might have the trasport label but not the VPN label. Please see below

PE32#traceroute vrf CustA 10.1.31.16

Type escape sequence to abort.

Tracing the route to 10.1.31.16

1 150.3.31.18 [MPLS: Label 21 Exp 0] 24 msec 28 msec 32 msec << You should see this but you don't

2 150.3.31.17 80 msec 12 msec 36 msec

3 * * *

4 * * *

5 * * *

6 * * *

7 * * *

8 * * *

9 * * *

10

PE32#sh ip cef vrf CustA 10.1.31.16

10.1.31.16/28

, version 10, epoch 0

0 packets, 0 bytes

tag information set

local tag: VPN-route-head

fast tag rewrite with Tu0, point2point, tags imposed: {16 21}

via 192.168.3.17, 0 dependencies, recursive

next hop 192.168.3.17, Tunnel0 via

192.168.3.17/32

valid adjacency

tag rewrite with Tu0, point2point, tags imposed: {16 21}

PE32#

Arun,

Can you do a "sh ip cef vrf CE2 30.30.30.30" and see if PE1 cef is actually allocating a label to it.

For eg: In my case on my PE1 the cef allocates a label 21 which is the VPN label which gets shipped towards PE32

PE31#sh ip cef vrf CustA 10.1.31.16

10.1.31.16/28

, version 9, epoch 0, cached adjacency 150.3.31.17

0 packets, 0 bytes

tag information set

local tag: 21

via 150.3.31.17, 0 dependencies, recursive

next hop 150.3.31.17, Ethernet1/2 via

150.3.31.17/32

valid cached adjacency

tag rewrite with Et1/2, 150.3.31.17, tags imposed: {}

PE31#

HTH