cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3452
Views
0
Helpful
9
Replies

vrf route flapping

csc010854800
Level 1
Level 1

Hi ,

my link is perfect but still routes in the vrf are flapping . i am not able to ping other ip address in the same PAO even the route exists .

sh run is shown here


!
!
ip cef
!
!
ip vrf PAO
rd 4758:57
route-target export 4758:57
route-target import 4758:57
!

!
multilink bundle-name authenticated
mpls label protocol ldp
no mpls ldp advertise-labels
mpls ldp advertise-labels for MPLS_Loopbacks
!
!
voice-card 0
no dspfarm
!

interface Loopback1
ip address 10.255.246.209 255.255.255.255
!
interface GigabitEthernet0/0
description "10 MBPS  LINK "
bandwidth 10000
ip address 10.23.255.74 255.255.255.252
duplex full
speed 100
mpls label protocol ldp
mpls ip
!
interface GigabitEthernet0/1
description "LAN"
no ip address
ip access-group SPAM in
ip access-group SPAM out
ip route-cache flow
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
encapsulation dot1Q 1 native
ip address 10.24.5.1 255.255.255.0 secondary
ip address 10.24.4.1 255.255.255.0 secondary
ip address 10.24.117.1 255.255.255.0
ip access-group SPAM in
ip access-group SPAM out
!
interface GigabitEthernet0/1.2
encapsulation dot1Q 58
ip vrf forwarding PAO
ip address 10.54.0.1 255.255.255.192
!
interface GigabitEthernet0/1.3
encapsulation dot1Q 57
ip vrf forwarding PAO
ip address 10.54.12.1 255.255.255.192
!
router bgp 4758
bgp router-id 10.255.246.209
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor RR_ROUTER peer-group
neighbor RR_ROUTER remote-as 4758
neighbor RR_ROUTER update-source Loopback1
neighbor 10.255.254.1 peer-group RR_ROUTER
neighbor 10.255.255.1 peer-group RR_ROUTER
!
address-family ipv4
neighbor RR_ROUTER send-community both
neighbor RR_ROUTER next-hop-self
neighbor 10.255.254.1 activate
neighbor 10.255.255.1 activate
no auto-summary
no synchronization
network 10.24.4.0 mask 255.255.255.0
network 10.24.5.0 mask 255.255.255.0
network 10.24.112.0 mask 255.255.255.0
exit-address-family
!
address-family vpnv4
neighbor RR_ROUTER send-community extended
neighbor RR_ROUTER next-hop-self
neighbor 10.255.254.1 activate
neighbor 10.255.255.1 activate
exit-address-family
!
address-family ipv4 vrf PAO
redistribute connected
redistribute static
no synchronization
exit-address-family
!
ip route 0.0.0.0 0.0.0.0 10.23.255.73
!
!
no ip http server
no ip http secure-server
ip tacacs source-interface GigabitEthernet0/0
!
ip access-list standard MPLS_Loopbacks
permit 10.255.240.0 0.0.7.255
permit 10.255.248.0 0.0.7.255
!
ip access-list extended SPAM
deny   udp any any range 135 netbios-ss
deny   tcp any any range 135 139
deny   tcp any any eq 1214
deny   udp any any eq 1214
deny   tcp any any eq 2754
deny   tcp any any eq 2745
deny   udp any any eq 1434
deny   tcp any any eq 445
deny   tcp any any eq 593
deny   tcp any any eq 4444
deny   udp any any eq tftp
deny   tcp any any eq 6346
deny   udp any any eq 6346
permit ip any any
!
access-list 18 permit 10.1.16.65
access-list 23 permit 10.1.16.0 0.0.3.

Kindly suggest anything .

9 Replies 9

Nagendra Kumar Nainar
Cisco Employee
Cisco Employee

Hi,

Can you explain more about the issue?. Which addr are you trying to reach?. Is it towards core or towards CE?.

Please collect the below,

show ip route vrf

show ip cef vrf

This will help us to proceed further on troubleshooting.

Regards,

Nagendra

Hi Nagendra,

i have taken the output at two different moments ,

1st moment :

MOF-PETRO#sh ip route vrf PAO 10.54.18.65
% Subnet not in table
MOF-PETRO#sh ip cef vrf PAO 10.54.18.65
0.0.0.0/0, version 4382, epoch 0, attached, default route handler
0 packets, 0 bytes
  via 0.0.0.0, 0 dependencies
    valid no route adjacency

2 nd moment :

MOF-PETRO#sh ip cef vrf PAO 10.54.18.65
10.54.18.64/26, version 4957, epoch 0, cached adjacency 10.23.255.73
0 packets, 0 bytes
  tag information set
    local tag: VPN-route-head
    fast tag rewrite with
        Recursive rewrite via 0.0.0.0/0, tags imposed {3591}
  via 10.255.246.74, 0 dependencies, recursive
    next hop 10.23.255.73, GigabitEthernet0/0
    valid cached adjacency
    tag rewrite with
        Recursive rewrite via 0.0.0.0/0, tags imposed {3591}
MOF-PETRO#sh ip route vrf PAO 10.54.18.65
Routing entry for 10.54.18.64/26
  Known via "bgp 4758", distance 200, metric 0, type internal
  Last update from 10.255.246.74 00:00:04 ago
  Routing Descriptor Blocks:
  * 10.255.246.74 (Default-IP-Routing-Table), from 10.255.254.1, 00:00:04 ago
      Route metric is 0, traffic share count is 1
      AS Hops 0

MOF-PETRO#sh ip bgp 10.54.12.0
BGP routing table entry for 10.54.0.0/17, version 265281
Paths: (1 available, no best path)
Flag: 0x820
  Not advertised to any peer
  Local
    10.255.240.245 (inaccessible) from 10.255.254.1 (10.255.254.1)
      Origin IGP, metric 0, localpref 100, valid, internal
      Originator: 10.255.240.245, Cluster list: 0.0.18.150

MOF-PETRO#sh ip bgp 10.54.18.65
BGP routing table entry for 10.54.0.0/17, version 275080
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
  Not advertised to any peer
  Local
    10.255.240.245 from 10.255.254.1 (10.255.254.1)
      Origin IGP, metric 0, localpref 100, valid, internal, best
      Originator: 10.255.240.245, Cluster list: 0.0.18.150

The route i am trying to reach is another CE's ip address.

Hi

Can you check the i-BGP neighbor & post the output for same & also check the i-BGP next hop Ip address  in routing table or check the connectvity between you i-BGP neighbors. May be you have an IGP issue so your update of VPNv4 are getting dropped.

Regards

Chetan Kumar

http://chetanress.blogspot.com

there is  one problem in this config , loopback ip address 10.255.246.209 is not announced anywhere .

can anyone suggest me how to announce this ip address. whether it will announced through BGP or through statis ip address ??

Hi,

        It seems you are not running IGP, only option is to have static route. And have check on rechability from PE's to the next-hop ips for the route you are receiving via M-BGP. And  if  problem is not solved,  upload the n/w diag with segments you are using that wud give clear picture on ur issue.

Regards,

V Dinesh Kumar

Hi

.

When you use update source with BGP then it use that IP as a source to form an neighbor ship & if that Source IP is not reachable then it won't form neighbor ship. In case of directly connected network it won't require any route becasue they can reach each other.

You have to use static route to reach loopback IP of both PE or else you need to run any IGP Protocol to achive the same

I suggest you to have any IGP to run  in production network becasue running static route is very tedious job & to maintain also & if you are in testing phase the i suggest you to go with static routing.

Regards

Chetan Kumar

http://chetanress.blogspot.com

u1kumar2002
Level 1
Level 1

Hi,

    I gone thru your config and your query about loopback interface advertisement.

It is necessary to advertise loopback ip address of all routers in MPLS cloud. Since you are making ibgp neighboriship with loopback interface. So it should be reachable, it is must. Other wise your neighborship will not form. that is reason your VPNv4 routes are not exchanging in PE routers.

To confirm you VPNv4 neighborship show ip bgp vpnv4 all summary----- you can see neighbor router.

Here is a example of MPLS L3 VPN : refer the config of VRF VPN_B

http://startnetworks.blogspot.com/2010/07/mpls-l3-vpnsham-link-as-override.html

Hope this example will help you to solve your issue.

Do rate for helpful posts....

Uttam

http://www.startnetworks.blogspot.com/

Hi ,

You are correct , after announcing loopback ip address through IGP , my BGP session starts working and it remains stable.

What i didn't able to understand is i have not redistributed ospf in my BGP , neither BGP into ospf , then how come that we need ospf for proper BGP functionality , plz explain ....

also , why did announcing loopback into BGP didn't help ???

Hi

--------- > What i didn't able to understand is i have not redistributed ospf in my BGP , neither BGP into ospf , then how come that we need ospf for proper BGP functionality , plz explain

You was trying to configure BGP neighbour which are in different subnet ( Means using loop Back )

Take an example  :

PE1  --- 1.1.1.1 ( Loopback IP )  ----- 10.1.1.1  -- Physical interface IP  that connect tp PE2

PE2  --- 2.2.2.2 ( Loopback IP )  ----- 10.1.1.2  -- Physical interface IP  that connect to PE1

Here if you try to configure BGP neighbor using loopback IP , Then How both PE router will come that how to reach each other means Loopback IP's not physical IP's .What is the gateway to reach the loopback IP's

( Simply a part of routing  -- to check you can ping the loopback IP's but it won't ping  that's the reason that you need IGP to route loopback IP's .)

In BGP you can form neighbor when the destination or remote neighbor is reachable  & that is possible through IGP.

--------- > why did announcing loopback into BGP didn't help ???

Because if your BGP neighbor is not form then advertising BGP route will not prorogate to remote neighbor.

Regrads

Chetan Kumar

http://chetanress.blogspot.com