Solved: Re: MPLS -MP-BGP with VRF configuration

R Manjunatha · ‎09-04-2023

Hello,

I configured the MP-BGP PE1 and PE3 Routers with VRF to segregate the customer's routes and CE1 and CE6 Routers default static route towards PE Routers. I could not be able to see any output after this command sh ip bgp vpnv4 all summary in both the PE routers and unable to ping between PE routers loopback address.

PE-1#ping 60.60.60.60
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 60.60.60.60, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)

PE-6#ping 10.10.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)

PE-1# sh ip bgp summ

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.20.70.70 4 100 220 222 2 0 0 03:17:46

PE-1#SH IP ROU VRF CA-1

Routing Table: CA-1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

10.0.0.0/32 is subnetted, 1 subnets
S 10.10.10.10 [1/0] via 172.16.1.1
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.1.0/30 is directly connected, Ethernet0/3
L 172.16.1.2/32 is directly connected, Ethernet0/3

hostname PE-1
!
boot-start-marker
boot-end-marker
!
!
vrf definition CA-1
rd 500:1
route-target export 500:1
route-target import 500:1
!
address-family ipv4
exit-address-family
!
!

interface Loopback0
ip address 10.20.10.10 255.255.255.255
!
interface Ethernet0/0
ip address 10.20.1.1 255.255.255.252
duplex auto
mpls label protocol ldp
mpls ip
!
interface Ethernet0/1
ip address 10.20.1.5 255.255.255.252
duplex auto
mpls label protocol ldp
mpls ip
!
interface Ethernet0/2
no ip address
shutdown
duplex auto
mpls label protocol ldp
mpls ip
!
interface Ethernet0/3
vrf forwarding CA-1
ip address 172.16.1.2 255.255.255.252
duplex auto
!
router ospf 10
router-id 1.1.1.1
network 10.20.0.0 0.0.255.255 area 0
!
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 10.20.70.70 remote-as 100
neighbor 10.20.70.70 update-source Loopback0
!
address-family ipv4
network 10.20.10.10 mask 255.255.255.255
neighbor 10.20.70.70 activate
neighbor 10.20.70.70 send-community extended
neighbor 10.20.70.70 next-hop-self
exit-address-family
!
address-family ipv4 vrf CA-1
redistribute connected
redistribute static
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route vrf CA-1 10.10.10.10 255.255.255.255 172.16.1.1

PE-3#sh ip bgp summary

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.20.10.10 4 100 230 228 2 0 0 03:25:14

PE-3#sh ip ROUte VRf CA-2

Routing Table: CA-2
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

60.0.0.0/32 is subnetted, 1 subnets
S 60.60.60.60 [1/0] via 172.16.2.2
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.2.0/30 is directly connected, Ethernet0/2
L 172.16.2.1/32 is directly connected, Ethernet0/2

hostname PE-3
!
boot-start-marker
boot-end-marker
!
!
vrf definition CA-2
rd 500:1
route-target export 500:1
route-target import 500:1
!
address-family ipv4
exit-address-family
!
!
no aaa new-model
!
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180

!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
mpls label range 800 899

interface Loopback0
ip address 10.20.70.70 255.255.255.0
!
interface Ethernet0/0
ip address 10.20.1.22 255.255.255.252
duplex auto
mpls label protocol ldp
mpls ip
!
interface Ethernet0/1
ip address 10.20.1.38 255.255.255.252
duplex auto
mpls label protocol ldp
mpls ip
!
interface Ethernet0/2
vrf forwarding CA-2
ip address 172.16.2.1 255.255.255.252
duplex auto
!
interface Ethernet0/3
no ip address
shutdown
duplex auto
!
router ospf 10
router-id 7.7.7.7
network 10.20.0.0 0.0.255.255 area 0
!
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 10.20.10.10 remote-as 100
neighbor 10.20.10.10 update-source Loopback0
!
address-family ipv4
network 10.20.70.70 mask 255.255.255.255
neighbor 10.20.10.10 activate
neighbor 10.20.10.10 send-community extended
neighbor 10.20.10.10 next-hop-self
exit-address-family
!
address-family ipv4 vrf CA-2
redistribute connected
redistribute static
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route vrf CA-2 60.60.60.60 255.255.255.255 172.16.2.2
!
ipv6 ioam timestamp
!

CE-1

interface Loopback0
ip address 10.10.10.10 255.255.255.255
!
interface Ethernet0/0
no ip address
shutdown
duplex auto
!
interface Ethernet0/1
no ip address
shutdown
duplex auto
!
interface Ethernet0/2
ip address 172.16.1.1 255.255.255.252
duplex auto
!
interface Ethernet0/3
no ip address
shutdown
duplex auto
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.16.1.2
!

CE-6

interface Loopback0
ip address 60.60.60.60 255.255.255.255
!
interface Ethernet0/0
no ip address
shutdown
duplex auto
!
interface Ethernet0/1
ip address 172.16.2.2 255.255.255.252
duplex auto
!
interface Ethernet0/2
no ip address
shutdown
duplex auto
!
interface Ethernet0/3
no ip address
shutdown
duplex auto
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 172.16.2.1

M02@rt37 · ‎09-04-2023

@R Manjunatha,

on you router bgp instance you need address-family vpnv4 configured !

Configure under this address-family neighborship.

https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/iosxr/ncs5xx/l3vpn/70x/b-l3vpn-cg-70x-ncs540/b-l3vpn-cg-70x-ncs540_chapter_01.html.xml

--- How MPLS L3VPN Works

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

M02@rt37 · ‎09-04-2023

Hello @R Manjunatha

Do

PE-1#ping 60.60.60.60 vrf <VRF NAME>

also there is an issue with static redistribution

Please share output on PE-01 of that command:

#show ip bgp vpnv4 vrf CA-1

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

M02@rt37 · ‎09-04-2023

@R Manjunatha,

on you router bgp instance you need address-family vpnv4 configured !

Configure under this address-family neighborship.

https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/iosxr/ncs5xx/l3vpn/70x/b-l3vpn-cg-70x-ncs540/b-l3vpn-cg-70x-ncs540_chapter_01.html.xml

--- How MPLS L3VPN Works

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

R Manjunatha · ‎09-04-2023

Yes...there was a misconfiguration. I configured address-family vpnv4.

But I am unable to ping CE1 to CE6

PE-1#SH IP ROU VRF CA-1

Routing Table: CA-1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

10.0.0.0/32 is subnetted, 1 subnets
S 10.10.10.10 [1/0] via 172.16.1.1
60.0.0.0/32 is subnetted, 1 subnets
B 60.60.60.60 [200/0] via 10.20.70.70, 00:21:07
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
C 172.16.1.0/30 is directly connected, Ethernet0/3
L 172.16.1.2/32 is directly connected, Ethernet0/3
B 172.16.2.0/30 [200/0] via 10.20.70.70, 00:21:07

PE-1#PING VRF CA-1 60.60.60.60
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 60.60.60.60, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

PE-1#show ip bgp vpnv4 vrf CA-1
BGP table version is 7, local router ID is 10.20.10.10
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 500:1 (default for vrf CA-1)
*> 10.10.10.10/32 172.16.1.1 0 32768 ?
*>i 60.60.60.60/32 10.20.70.70 0 100 0 ?
*> 172.16.1.0/30 0.0.0.0 0 32768 ?
*>i 172.16.2.0/30 10.20.70.70 0 100 0 ?

PE-3#show ip bgp vpnv4 vrf CA-2
BGP table version is 7, local router ID is 10.20.70.70
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 500:1 (default for vrf CA-2)
*>i 10.10.10.10/32 10.20.10.10 0 100 0 ?
*> 60.60.60.60/32 172.16.2.2 0 32768 ?
*>i 172.16.1.0/30 10.20.10.10 0 100 0 ?
*> 172.16.2.0/30 0.0.0.0 0 32768 ?

M02@rt37 · ‎09-04-2023

Ok @R Manjunatha,

do

PE-1#PING VRF CA-1 60.60.60.60 source 172.16.1.2

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

R Manjunatha · ‎09-04-2023

Thank you. it's working ...now.

M02@rt37 · ‎09-04-2023

Great!

You're very welcome @R Manjunatha.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.