09-02-2010 06:04 AM
I'm new to MPLS and I have a question related to the network design.
We are trying to do a layer 3 VPN across 2 geographically seperate sites.
We are using two ASR 1004's for the PE's at each site. My question is this: Do I have to have a CE router on the other side of each ASR to inject routes to get MP-BGP to work among the two PE routers?
Or (and what we are trying to do) is have the two ASR's and create VRF's to attach directly to different network segments.
I hope that makes sense.
Solved! Go to Solution.
09-15-2010 05:32 AM
Add an entry for loopback under OSPF as well
ASR1
router ospf 100
network 10.10.10.101 0.0.0.0 ar 0
network 192.168.1.0 0.0.0.255 ar 0
ASR2
router ospf 100
network 10.10.10.102 0.0.0.0 ar 0
network 192.168.1.0 0.0.0.255 ar 0
ASR1 should have an routing entry for 10.10.10.102
ASR2 should have an routing entry for 10.10.10.101
ASR1:
ping 10.10.10.102 source loop 0
should succeed
BGP:
show ip bgp vpnv4 all summ
to show if vpnv4 is up.
Jon
09-02-2010 07:59 AM
Hello Ryan,
>> Or (and what we are trying to do) is have the two ASR's and create VRF's to attach directly to different network segments.
this can be done you will need a redistribute connected in BGP under address-family vrf vrf-name or network commands
router bgp 65000
address-family vpnv4
address-family ipv4 vrf vrf0name
redistribute connected
Hope to help
Giuseppe
09-04-2010 04:59 AM
In Addition to Giuslar, If you have network expansion plan, try to go with route reflectors. Another thing if your customer is using static then you need to redistribute that static route in address-family vrf vrfname.
regards
Shivlu Jain
09-15-2010 04:40 AM
Thank you both for your reply. I have built out something like this in a lab enviroment. I'm somewhat stuck.
From each ASR I can ping a device attached to a network segment by a switch. What I can't do yet is ping from one server across the pipe to the other server sitting behind the other ASR (which would be the other site in our setup).
I also can't seem to get the MP-BGP to get the routes from PE - PE. I've attached a very quick drawing of what this setup looks like and also the configs from each ASR. I can ping the interfaces that directly connect the ASRs' but I can't ping them if I do a "ping vrf 905 192.168.X.X"
I'm hoping someone can help me out with this. If you need any more information please let me know.
09-15-2010 04:53 AM
Hi
Do you have OSPF adjacency? and are Loopback IP from both ASR in routing table?
See you are missing network 192.168.1.0 0.0.0.255 under router ospf
Jon
09-15-2010 05:24 AM
Ok I added the 192.168.1.0 0.0.0.255 is my ospf config. And no loopback IP's are not in the routing table. what would that entry look like?
Also i'm trying to debug the ospf now. Not having much luck though. Thanks for your help.
09-15-2010 05:32 AM
Add an entry for loopback under OSPF as well
ASR1
router ospf 100
network 10.10.10.101 0.0.0.0 ar 0
network 192.168.1.0 0.0.0.255 ar 0
ASR2
router ospf 100
network 10.10.10.102 0.0.0.0 ar 0
network 192.168.1.0 0.0.0.255 ar 0
ASR1 should have an routing entry for 10.10.10.102
ASR2 should have an routing entry for 10.10.10.101
ASR1:
ping 10.10.10.102 source loop 0
should succeed
BGP:
show ip bgp vpnv4 all summ
to show if vpnv4 is up.
Jon
09-15-2010 05:38 AM
Ok looks like I got that working. The adjacency's look good.
ASR1002-1#sh ip ospf neighbor
Neighbor ID     Pri   State           Dead Time   Address         Interface
10.10.10.102      0   FULL/  -        00:00:37    192.168.1.2     POS0/1/0
ASR1002-2#sh ip ospf neighbor
Neighbor ID     Pri   State           Dead Time   Address         Interface
10.10.10.101      0   FULL/  -        00:00:38    192.168.1.1     POS0/1/0
It seems the only part that is not working now is being able to ping from the 10.108 subnet to the 10.112 subnet. Which I think is a routing issue, but haven't wrapped my head around it. Here is what my routing tables for the VRF look like:
ASR1002-1#sh ip route vrf 905
Routing Table: 905
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
      10.0.0.0/24 is subnetted, 2 subnets
S        10.108.1.0 [1/0] via 172.16.200.2
B        10.112.1.0 [200/0] via 10.10.10.102, 00:18:18
      172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.16.200.0/30 is directly connected, GigabitEthernet0/0/0
L        172.16.200.1/32 is directly connected, GigabitEthernet0/0/0
      192.168.200.0/30 is subnetted, 1 subnets
B        192.168.200.0 [200/0] via 10.10.10.102, 00:18:18
ASR1002-2#sh ip route vrf 905
Routing Table: 905
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
      10.0.0.0/24 is subnetted, 2 subnets
B        10.108.1.0 [200/0] via 10.10.10.101, 00:26:08
S        10.112.1.0 [1/0] via 192.168.200.2
      172.16.0.0/30 is subnetted, 1 subnets
B        172.16.200.0 [200/0] via 10.10.10.101, 00:26:08
      192.168.200.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.200.0/30 is directly connected, GigabitEthernet0/0/0
L        192.168.200.1/32 is directly connected, GigabitEthernet0/0/0
09-15-2010 05:44 AM
A minor update:
From ASR1 : I can ping the 10.112.1.10 server that is behind ASR2. But from the server itself I can't ping 10.112.1.10
From ASR2: I can't ping the 10.108.1.10 server that is behind ASR1. Nor can I ping the 10.108.1.1 interface on the switch that ASR1 is connected to.
09-15-2010 05:59 AM
Something missing with routing on CE 10.108.1.1?
09-15-2010 06:10 AM
Yeah I had already jumped to that. The CE is actually a couple switches with routing enabled on them. But I threw in some routes on one of them and I now have full connectivity from the 10.108.1.10 server to the 10.112.1.10 server. It's not working the other direction but again it's probably a route. Thank you for your help. Your OSPF examples saved me a ton of work!
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide