Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
845
Views
0
Helpful
4
Replies

Valid route isn't being pinged

fin6erfin6er
Level 1
Level 1

‎02-01-2013 12:17 AM

Good morning, I have the scheme, including three devices: C7200, ASR9k, C7600. C7200 and ASR are in the same AS (iBGP-vpnv4 peers). ASR and C7600 - eBGP-vpnv4 peers. All relationships have been established. I can ping 7600 from ASR within vrf, but I can't ping 7600 from C7200 in the same vrf, even though valid route from C7600 is present in C7200's routing table. There is full-mesh route-target vpn topology and there is no any route policies or filters.

Possibly, does anyone have some ideas? I could send the topology or config list, if you need. Thanks.

Labels:
0 Helpful
4 Replies 4

rsimoni
Cisco Employee
Cisco Employee

‎02-01-2013 06:26 AM

Hi Alexander,

w/o topology is impossible to understand what you are talking about.

Please attach it including info about the vrf you mentioned.

Riccardo

0 Helpful

fin6erfin6er
Level 1
Level 1
In response to rsimoni

‎02-05-2013 12:51 AM

Here's topology:

There're config lists of all three devices below:

C7600 - Version 12.2(33r)SRC3, RELEASE SOFTWARE (fc1):

mpls label protocol ldp

------

router bgp 65001

bgp router-id 10.100.100.1

no bgp default ipv4-unicast

no bgp default route-target filter

bgp log-neighbor-changes

neighbor 10.100.100.2 remote-as 65001

neighbor 10.100.100.2 ebgp-multihop 5

neighbor 10.100.100.2 update-source Loopback0

!

address-family ipv4

no synchronization

no auto-summary

exit-address-family

!

address-family vpnv4

neighbor 10.100.100.2 activate

neighbor 10.100.100.2 send-community extended

exit-address-family

address-family ipv4 vrf TEST

no synchronization

redistribute connected

exit-address-family

------

ip vrf TEST

rd 911:911

route-target export 911:911

route-target import 911:911

-------

interface GigabitEthernet1/4

description -ASR-as65002--

mtu 1546

ip address 10.10.10.1 255.255.255.252

speed nonegotiate

mpls bgp forwarding

mpls ip

end

interface Loopback0

ip address 10.100.100.1 255.255.255.255

end

interface Loopback2

ip vrf forwarding TEST

ip address 1.1.1.1 255.255.255.255

end

---------

show bgp vpnv4 unicast vrf TEST

Network          Next Hop            Metric LocPrf Weight Path

Route Distinguisher: 911:911 (default for vrf TEST)

*> 1.1.1.1/32       0.0.0.0                  0         32768 ?

*> 2.2.2.2/32       10.100.100.2                            0 65002 ?

*> 3.3.3.3/32       10.100.100.2                            0 65002 ?

ping vrf TEST 2.2.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

ping vrf TEST 3.3.3.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

ASR9k - Cisco IOS XR Software, Version 4.2.0[Default]

router bgp 65002

nsr

bgp router-id 10.100.100.2

bgp graceful-restart

ibgp policy out enforce-modifications

address-family ipv4 unicast

maximum-paths ibgp 8

!

address-family vpnv4 unicast

retain route-target all

neighbor 10.100.100.1

remote-as 65001

ebgp-multihop 5

update-source Loopback0

address-family vpnv4 unicast

route-policy PASS-ALL in

route-policy PASS-ALL out

neighbor 10.100.100.3

remote-as 65001

update-source Loopback0

address-family vpnv4 unicast

route-policy PASS-ALL in

route-policy PASS-ALL out

next-hop-self

route-policy PASS-ALL

pass

end-policy

vrf TEST

rd 911:911

address-family ipv4 unicast

redistribute connected

allocate-label all

!

!

!

vrf TEST

address-family ipv4 unicast

import route-target

911:911

!

export route-target

911:911

!

interface Loopback2

vrf TEST

ipv4 address 2.2.2.2 255.255.255.255

interface Loopback0

ipv4 address 10.100.100.2 255.255.255.255

interface GigabitEthernet0/2/0/1

mtu 1546

ipv4 address 10.10.10.2 255.255.255.252

interface TenGigE0/1/0/7

mtu 1546

ipv4 address 10.10.10.5 255.255.255.252

----

mpls ldp

nsr

log

neighbor

!

interface GigabitEthernet0/2/0/1

!

interface TenGigE0/1/0/7

-----

show bgp vpnv4 unicast vrf TEST

Network            Next Hop            Metric LocPrf Weight Path

Route Distinguisher: 911:911 (default for vrf TEST)

*> 1.1.1.1/32         10.100.100.1             0             0 65001 ?

*> 2.2.2.2/32         0.0.0.0                  0         32768 ?

*>i3.3.3.3/32         10.100.100.3             0    100      0 ?

C7200 - IOS (tm) 7200 Software (C7200-JK9O3S-M), Version 12.3(15b), RELEASE SOFTWARE (fc1)

ip cef

mpls label protocol ldp

----

router bgp 65002

bgp log-neighbor-changes

neighbor 2.2.2.2 remote-as 65002

neighbor 2.2.2.2 update-source LoopBack0

!

address-family ipv4

no synchronization

no auto-summary

exit-address-family

!

address-family vpnv4

neighbor 2.2.2.2 activate

neighbor 2.2.2.2 send-community both

exit-address-family

!

address-family ipv4 vrf TEST

redistribute connected

redistribute static

no auto-summary

no synchronization

exit-address-family

------

ip vrf TEST

rd 911:911

route-target export 911:911

route-target import 911:911

-------

!

interface GigabitEthernet0/3

description -ASR-as65002--

mtu 1546

ip address 10.10.10.6 255.255.255.252

duplex auto

speed auto

media-type gbic

no negotiation auto

tag-switching ip

interface Loopback0

ip address 10.100.100.3 255.255.255.255

end

interface Loopback2

ip vrf forwarding TEST

ip address 3.3.3.3 255.255.255.255

end

-------

show ip bgp vpnv4 vrf TEST

Network          Next Hop            Metric LocPrf Weight Path

Route Distinguisher: 911:911 (default for vrf TEST)

*> 3.3.3.3/32       0.0.0.0                  0         32768 ?

*>i2.2.2.2/32       10.100.100.2                           0 ?

*>i1.1.1.1/32       10.100.100.2                           0 65001 ?

ping vrf TEST 2.2.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

ping vrf TEST 1.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

As you can see, C7600 and C7200 don't ping each other in spite of the valid routes in bgp table. ASR pings both C7200 and C7600. We tried to replace C7600 with another C7200 and the scheme has worked. I suspect that the trouble is in C7600, but what could it be?

0 Helpful

Pavol Golis
Cisco Employee
Cisco Employee
In response to fin6erfin6er

‎02-05-2013 10:19 AM

Looks like there is Inter-AS VPN between 7600 and ASR-9k while 7200 is acting as PE within ASR9k's domain, which Inter-AS option (A,B,C) are you trying to achieve here ?

- use debug ip icmp on 7600/7200 to narrow down direciton of drop

- use show ip cef/show ip route, show mpls forw, sh mpls ldp.. show ip bgp is too high

- provide IGP configs

- mark interfaces in topology provided

Most likely you have problems on MPLS layer.

0 Helpful

fin6erfin6er
Level 1
Level 1
In response to Pavol Golis

‎02-06-2013 05:17 AM

Fixed interfaces on topology screenshot.

I'm trying to achieve Inter-AS option B with eBGP for VPNv4 provided.

On ASBRs I use /32 static routes for eBGP peers and OSPF in AS65002 domain.

C7600:

ip route 10.100.100.2 255.255.255.255 10.10.10.2

ASR:

router static

address-family ipv4 unicast

10.100.100.1/32 GigabitEthernet0/2/0/1

router ospf 1

area 0

interface TenGigE0/1/0/7

interface Loopback0

C7200:

router ospf 1

network 10.10.10.4 0.0.0.3 area 0

network 10.100.100.3 0.0.0.0 area 0

icmp debug on 7600/7200 detected the absence of ICMP replies (only requests) on both devices when I was pinging each other.

What else could you recommend?

0 Helpful
Customers Also Viewed These Support Documents