cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4498
Views
0
Helpful
5
Replies

MPLS VPN CEs not pinging even with routes present

mayambanzumba
Level 1
Level 1

I have a strange issue whereby I have configured two PE routers and two P routers with 2 CEs, BGP is running between the CE routers and the PE routers, the IGP on the backbone is OSPF, when I do show ip bgp on the CE routers, the routes from the remote CE are clearly in the bgp table, but I am unable to ping them. I have checked on the two PE routers and they each have the routers from the VRF, but they cannot each ping the remote PE's vpn routes. I have have attached the configs

thanks

1 Accepted Solution

Accepted Solutions

shivlu jain
Level 5
Level 5

hi

as per your config the network which you are advertising in the BGP VRF Addressfamily for customer will carry the next hop but in your IGP routing table that is not available. That why you are not able to ping your customer becasue your next hop is not accessible in your IGP. SO for this use next-hop-self for your MP-BGP peering.Refer the document atatched.

regards

shivlu

View solution in original post

5 Replies 5

dodgerfan78
Level 1
Level 1

What is the bgp next-hop of the routes (show ip bgp)? You may need to use next-hop-self since your 192.168.0.0/30 and 172.16.0.0/30 networks are not being advertised.

shivlu jain
Level 5
Level 5

hi

as per your config the network which you are advertising in the BGP VRF Addressfamily for customer will carry the next hop but in your IGP routing table that is not available. That why you are not able to ping your customer becasue your next hop is not accessible in your IGP. SO for this use next-hop-self for your MP-BGP peering.Refer the document atatched.

regards

shivlu

n.nandrekar
Level 4
Level 4

Hi!

Most of the times the problem with such kind of problems (where control plane is up but dataplane is not) is the mpls path till the nexthop.

Can you check again if MPLS is enabled on all the interfaces in the MPLS core?

Can you do a traceroute to the bgp nexthop (remote PE) from the PE and check if MPLS path is being taken for the next-hop. the traceroute should return MPLS label for each router in the path except the last one.

There is possibility that if multiple paths are present and the bgp nexthop is prefered through non-mpls path.

Regards,

Niranjan

(pls rate if hepful)

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Mayamba,

some notes about your configs:

a) P1 and P2 should be out of the game for the ip ospf cost 100 on the links.

on PE1 do sh mpls forwarding 2.2.2.2

it needs to show POP TAG and not untagged in order to have a working forwarding plane

on PE2 check that sh mpls forw 1.1.1.1 has action POP TAG for the same reason.

If it shows different you need to restart the LDP session : shut the link between PE1 and PE2 for 180 seconds then reenable it sometimes this is needed to fix an LDP session

b) on CE routers remove all that routes to null0 if you want to be able to ping some of the prefixes your CEs are advertising.

c) it is good practice to use a private AS number on CE routers like 65000 (the last 1024 in the 16bit range) in real world AS 50 is someone else in the Internet

d) the BGP next-hop is changed to the PE's loopback address in the process of exporting the VRF routes to VPNv4 af so it shouldn't be necessary to use next-hop-self on af VPNv4. This can be needed in some scenarios of Inter-AS VPNs (multiple ISPs)

Hope to help

Giuseppe

Hello Guys, Issue resolved,

The problem was that the connected network from CE to the PE was not being advertised via BGP. There are three ways I resolved the problem, one is to add the connected network from the CE to the PE into CE BGP network statement. The other way is to add ''redistribute connected'' under the BGP address family of vrf custA or under BGP process of the CE routers.

Many thanks