Hi Kostas,

Kostas_Dimitras · ‎07-08-2017

I have the topology as shown in the image above, in which I have configured VPN over an MPLS network, in which the two customer edge routers cannot communicate.

Routers R2 and R3 are my provider edge routers and R1, R6 are my customer edge routers. Connectivity is as follows R2< - >R1 and R3< - >R6.

For example if I try to ping from router R1 the address 6.0.0.1 it will fail. With traceroute i saw that it goes to the next step but router R2 can't find the way to network 6.0.0.0/24. I include the results from the available routes on the global routing table and the vrf's routing table. It's my first time trying to configure VPN over MPLS so I don't know if this is the way it should work.

R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

2.0.0.0/24 is subnetted, 1 subnets
C 2.0.0.0 is directly connected, Loopback1
3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
O 3.0.0.1/32 [110/2] via 192.168.1.2, 00:08:06, FastEthernet1/1
B 3.0.0.0/24 [200/0] via 3.0.0.1, 00:07:55
4.0.0.0/32 is subnetted, 1 subnets
O 4.0.0.1 [110/2] via 192.168.2.2, 00:08:06, FastEthernet1/0
5.0.0.0/32 is subnetted, 1 subnets
O 5.0.0.1 [110/3] via 192.168.2.2, 00:08:06, FastEthernet1/0
[110/3] via 192.168.1.2, 00:08:06, FastEthernet1/1
O 192.168.4.0/24 [110/2] via 192.168.1.2, 00:08:06, FastEthernet1/1
C 192.168.1.0/24 is directly connected, FastEthernet1/1
C 192.168.2.0/24 is directly connected, FastEthernet1/0
O 192.168.3.0/24 [110/2] via 192.168.2.2, 00:08:07, FastEthernet1/0

R2#sh ip route vrf customer1

Routing Table: customer1
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/24 is subnetted, 1 subnets
B 1.0.0.0 [20/0] via 195.160.1.1, 00:08:03
6.0.0.0/24 is subnetted, 1 subnets
B 6.0.0.0 [200/0] via 3.0.0.1, 00:07:49
195.160.1.0/30 is subnetted, 1 subnets
C 195.160.1.0 is directly connected, FastEthernet0/0

I also present you my configs for the PE and CE routers.

R2 configuration file

R2#sh run
Building configuration...

Current configuration : 2098 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip vrf customer1
rd 1111:1
route-target export 1111:1
route-target import 1111:1
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Loopback1
ip address 2.0.0.1 255.255.255.0
!
interface FastEthernet0/0
ip vrf forwarding customer1
ip address 195.160.1.2 255.255.255.252
duplex half
!
interface FastEthernet1/0
ip address 192.168.2.1 255.255.255.0
duplex auto
speed auto
mpls ip
!
interface FastEthernet1/1
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
mpls ip
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
redistribute connected
redistribute bgp 1111
network 2.0.0.0 0.255.255.255 area 0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
network 195.160.1.0 0.0.0.3 area 2
!
router bgp 1111
bgp log-neighbor-changes
neighbor 3.0.0.1 remote-as 1111
neighbor 3.0.0.1 update-source Loopback1
!
address-family ipv4
redistribute connected
neighbor 3.0.0.1 activate
neighbor 3.0.0.1 next-hop-self
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 3.0.0.1 activate
neighbor 3.0.0.1 send-community extended
exit-address-family
!
address-family ipv4 vrf customer1
neighbor 195.160.1.1 remote-as 1010
neighbor 195.160.1.1 activate
neighbor 195.160.1.1 as-override
no synchronization
exit-address-family
!
!
no ip http server
no ip http secure-server
!
!
no cdp log mismatch duplex
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

R3 configuration file

R3#sh run
Building configuration...

Current configuration : 2075 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
ip vrf customer1
rd 1111:1
route-target export 1111:1
route-target import 1111:1
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Loopback1
ip address 3.0.0.1 255.255.255.0
!
interface FastEthernet0/0
ip vrf forwarding customer1
ip address 196.170.2.1 255.255.255.252
duplex half
!
interface FastEthernet1/0
ip address 192.168.4.1 255.255.255.0
duplex auto
speed auto
mpls ip
!
interface FastEthernet1/1
ip address 192.168.1.2 255.255.255.0
duplex auto
speed auto
mpls ip
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
router-id 3.3.3.3
log-adjacency-changes
redistribute connected
network 3.0.0.0 0.255.255.255 area 0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.4.0 0.0.0.255 area 0
network 196.170.2.0 0.0.0.3 area 3
!
router bgp 1111
bgp log-neighbor-changes
neighbor 2.0.0.1 remote-as 1111
neighbor 2.0.0.1 update-source Loopback1
!
address-family ipv4
redistribute connected
neighbor 2.0.0.1 activate
neighbor 2.0.0.1 next-hop-self
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 2.0.0.1 activate
neighbor 2.0.0.1 send-community extended
exit-address-family
!
address-family ipv4 vrf customer1
neighbor 196.170.2.2 remote-as 2020
neighbor 196.170.2.2 activate
neighbor 196.170.2.2 as-override
no synchronization
exit-address-family
!
!
no ip http server
no ip http secure-server
!
!
no cdp log mismatch duplex
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

Configuration file for CE R1 (Only eBGP is configured)

R1#sh run
Building configuration...

Current configuration : 1258 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!

ip tcp synwait-time 5
!
!
!
!
!
interface Loopback1
ip address 1.0.0.1 255.255.255.0
!
interface FastEthernet0/0
ip address 195.160.1.1 255.255.255.252
duplex half
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/1
no ip address
shutdown
duplex auto
speed auto
!
router bgp 1010
no synchronization
bgp log-neighbor-changes
network 1.0.0.0 mask 255.255.255.0
neighbor 195.160.1.2 remote-as 1111
no auto-summary
!
!
no ip http server
no ip http secure-server
!
!
no cdp log mismatch duplex
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

Configuration file for CE R6 (Only eBGP is configured)

R6#sh run
Building configuration...

Current configuration : 1258 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R6
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Loopback1
ip address 6.0.0.1 255.255.255.0
!
interface FastEthernet0/0
ip address 196.170.2.2 255.255.255.252
duplex half
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/1
no ip address
shutdown
duplex auto
speed auto
!
router bgp 2020
no synchronization
bgp log-neighbor-changes
network 6.0.0.0 mask 255.255.255.0
neighbor 196.170.2.1 remote-as 1111
no auto-summary
!
!
no ip http server
no ip http secure-server
!
!
no cdp log mismatch duplex
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

Kostas_Dimitras · ‎07-08-2017

I wanted to also add one last piece of information that might be relevant. When I display the mpls forwarding-table there are some untagged outgoing interfaces. I don't know why this happens since I believe I have configured it correctly.

R2#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 192.168.4.0/24 0 Fa1/1 192.168.1.2
17 Pop tag 192.168.3.0/24 0 Fa1/0 192.168.2.2
18 Untagged 3.0.0.1/32 0 Fa1/1 192.168.1.2
19 Untagged 4.0.0.1/32 0 Fa1/0 192.168.2.2
20 18 5.0.0.1/32 0 Fa1/0 192.168.2.2
18 5.0.0.1/32 0 Fa1/1 192.168.1.2
21 Untagged 1.0.0.0/24[V] 0 Fa0/0 195.160.1.1

R3#sh mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 192.168.3.0/24 0 Fa1/0 192.168.4.2
17 17 4.0.0.1/32 0 Fa1/0 192.168.4.2
19 4.0.0.1/32 0 Fa1/1 192.168.1.1
18 Untagged 5.0.0.1/32 0 Fa1/0 192.168.4.2
19 Pop tag 192.168.2.0/24 0 Fa1/1 192.168.1.1
20 Untagged 2.0.0.1/32 0 Fa1/1 192.168.1.1
21 Untagged 6.0.0.0/24[V] 0 Fa0/0 196.170.2.2

Report Inappropriate Content · ‎07-19-2017

Hi Kostas,

LDP is advertising Lo1 with /24 but OSPF is advertising with /32 (default behaviour for a loopback interface).

You must configure Lo1 interface in R2 and R3 with a subnet mask /32 otherwise please configure ip ospf network point-to-point under interface Lo1 specific config mode.

My advice is to simplify the configuration in R2 and R3. Please let me know if you more help.

Kind regards,

Marius

Kostas_Dimitras · ‎07-19-2017

I actually did this yesterday and it worked just fine. It wouldn't work if I advertised them as /24 though. I thought it was weird but now it works fine!

VPN over MPLS configured but CE routers cannot ping each other.