Solved: MPLS L3VPN connectivity issue between CEs - Page 2

bassomarco1998 · ‎11-14-2023

Hi all,

I configured the following lab to understand how the L3VPN service works. I set up everything except MPLS within AS 2. In the CE routers, I configured 2 loopbacks (R1: 1.1.1.1/32 and R4: 4.4.4.4/32) and advertised them via BGP. I then created a VRF "VRFA" on both routers and assigned the PE interfaces connected to the CEs to that VRF.

However, if I try to ping from loopback 1.1.1.1 to loopback 4.4.4.4, it doesn't work. This is because the VRF's routing table doesn't contain the subnet of the R2-R3 connection. How can this problem be resolved? Is it mandatory to use MPLS for this case?

Here ere are the R2's RIB (global and VRF).

R2#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

      192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.0.0/24 is directly connected, Ethernet0/1
L        192.168.0.2/32 is directly connected, Ethernet0/1

R2#sh ip route vrf VRFA

Routing Table: VRFA
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

      1.0.0.0/32 is subnetted, 1 subnets
B        1.1.1.1 [20/0] via 10.0.0.1, 00:21:01
      2.0.0.0/32 is subnetted, 1 subnets
C        2.2.2.2 is directly connected, Loopback1
      3.0.0.0/32 is subnetted, 1 subnets
B        3.3.3.3 [200/0] via 192.168.0.3, 00:21:01
      4.0.0.0/32 is subnetted, 1 subnets
B        4.4.4.4 [200/0] via 192.168.0.3, 00:13:15
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.0.0.0/24 is directly connected, Ethernet0/0
L        10.0.0.2/32 is directly connected, Ethernet0/0

Thanks!

bassomarco1998 · ‎11-14-2023

> MPLS table and RIB table

Is the RIB table you are referring to the global one?

MHM Cisco World · ‎11-14-2023

RIB VRF

bassomarco1998 · ‎11-14-2023

But Harold said that the router will use the Global RIB, not the custom VRF

MHM Cisco World · ‎11-14-2023

The RIB global job end when mpls table build it not use any more. That why mpls is mandatory' your original topolgy config vpnv4 without mpls it will not work even if next-hop is in global RIB. It need mpls table.

That what I know.

MHM

Harold Ritter · ‎11-14-2023

Hi @bassomarco1998 ,

Two things here:

1. lookup for packets coming from R1 will be performed in the VRF RIB (or more specifically VRF FIB).

2. Routes received from VPNv4 will be installed in the VRF RIB and the next hop resolution for these routes will be via the global routing table and have to be via an MPLS enabled path.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Harold Ritter · ‎11-14-2023

Hi @bassomarco1998 ,

Yes, you need to run MPLS between R2 and R3 to provide L3VPN services to R1 and R4.

BTW, it would be preferable to configure a loopback interface on both R2 and R3, advertise in the IGP between R2 and R3 and use the loopback to configure the VPNv4 session between these two routers.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

bassomarco1998 · ‎11-14-2023

Thank you, @Harold Ritter , for your response.

However, there's something that isn't clear to me. Let's assume I've configured VPNv4 peering between the loopbacks of R2 and R3.

When I perform the ping (src: 1.1.1.1, dst: 4.4.4.4), the ICMP packets arrive on interface e0/0 of R2. At this point, R2 consults the RIB related to VRF 'VRFA'. However, the next hop appears to be the loopback of R3, which isn't part of the VRFA. So, my question is: why should the R1-R4 connectivity work when I configure MPLS? Wouldn't the RIB of VRFA on R2 remain unchanged?"

Harold Ritter · ‎11-14-2023

Hi @bassomarco1998 ,

> However, the next hop appears to be the loopback of R3, which isn't part of the VRFA

The next hop resolution for VPNv4 routes take place in the global routing table and the routes are then imported in the VRF.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México