I am attempting to establish SAA Echos over an MPLS VPN and have been unsuccessful to date.

I have set up customer to customer VPNs using the VRF name "vpn-test-PMT". Doing a VRF ping, I am able to VRF ping across VPN to a linux box that I have set up in the other customer network using the VRF forwarded FE sub-interface as the source:

ping vrf vpn-test-PMT ip 172.xx.xx.33 source FastEthernet0/0.300

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.xx.xx.33, timeout is 2 seconds:

Packet sent with a source address of 172.xx.xx.4

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

I have configured an SAA instance to ICMP from customer to customer using the same sub-interface as the source. My intent is to export that info to a performance monitoring tool for analysis.

Here's the config I used:

rtr 3

type echo protocol ipIcmpEcho 172.xx.xx.33

vrf vpn-test-PMT

rtr schedule 3 start-time now

Using the above command, I get timeouts on the operational-status output. According to Cisco, I do not need to configure the source address if using a VRF because the source will be automagically selected. (I tried anyway, and still no joy)

I am confused because I'm thinking that if a VRF ping works, so too should an SAA echo using the same endpoints. The respective endpoints are both listed in the VRF via "sh ip ro vrf vpn-test-PMT".

Has anyone else out there configured SAA over MPLS VPNs and have any nuggets of knowledge to pass on?

Thanks!