08-10-2010 02:04 AM
Hi ,
my link is perfect but still routes in the vrf are flapping . i am not able to ping other ip address in the same PAO even the route exists .
sh run is shown here
!
!
ip cef
!
!
ip vrf PAO
rd 4758:57
route-target export 4758:57
route-target import 4758:57
!
!
multilink bundle-name authenticated
mpls label protocol ldp
no mpls ldp advertise-labels
mpls ldp advertise-labels for MPLS_Loopbacks
!
!
voice-card 0
no dspfarm
!
interface Loopback1
ip address 10.255.246.209 255.255.255.255
!
interface GigabitEthernet0/0
description "10 MBPS LINK "
bandwidth 10000
ip address 10.23.255.74 255.255.255.252
duplex full
speed 100
mpls label protocol ldp
mpls ip
!
interface GigabitEthernet0/1
description "LAN"
no ip address
ip access-group SPAM in
ip access-group SPAM out
ip route-cache flow
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
encapsulation dot1Q 1 native
ip address 10.24.5.1 255.255.255.0 secondary
ip address 10.24.4.1 255.255.255.0 secondary
ip address 10.24.117.1 255.255.255.0
ip access-group SPAM in
ip access-group SPAM out
!
interface GigabitEthernet0/1.2
encapsulation dot1Q 58
ip vrf forwarding PAO
ip address 10.54.0.1 255.255.255.192
!
interface GigabitEthernet0/1.3
encapsulation dot1Q 57
ip vrf forwarding PAO
ip address 10.54.12.1 255.255.255.192
!
router bgp 4758
bgp router-id 10.255.246.209
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor RR_ROUTER peer-group
neighbor RR_ROUTER remote-as 4758
neighbor RR_ROUTER update-source Loopback1
neighbor 10.255.254.1 peer-group RR_ROUTER
neighbor 10.255.255.1 peer-group RR_ROUTER
!
address-family ipv4
neighbor RR_ROUTER send-community both
neighbor RR_ROUTER next-hop-self
neighbor 10.255.254.1 activate
neighbor 10.255.255.1 activate
no auto-summary
no synchronization
network 10.24.4.0 mask 255.255.255.0
network 10.24.5.0 mask 255.255.255.0
network 10.24.112.0 mask 255.255.255.0
exit-address-family
!
address-family vpnv4
neighbor RR_ROUTER send-community extended
neighbor RR_ROUTER next-hop-self
neighbor 10.255.254.1 activate
neighbor 10.255.255.1 activate
exit-address-family
!
address-family ipv4 vrf PAO
redistribute connected
redistribute static
no synchronization
exit-address-family
!
ip route 0.0.0.0 0.0.0.0 10.23.255.73
!
!
no ip http server
no ip http secure-server
ip tacacs source-interface GigabitEthernet0/0
!
ip access-list standard MPLS_Loopbacks
permit 10.255.240.0 0.0.7.255
permit 10.255.248.0 0.0.7.255
!
ip access-list extended SPAM
deny udp any any range 135 netbios-ss
deny tcp any any range 135 139
deny tcp any any eq 1214
deny udp any any eq 1214
deny tcp any any eq 2754
deny tcp any any eq 2745
deny udp any any eq 1434
deny tcp any any eq 445
deny tcp any any eq 593
deny tcp any any eq 4444
deny udp any any eq tftp
deny tcp any any eq 6346
deny udp any any eq 6346
permit ip any any
!
access-list 18 permit 10.1.16.65
access-list 23 permit 10.1.16.0 0.0.3.
Kindly suggest anything .
08-10-2010 02:13 AM
Hi,
Can you explain more about the issue?. Which addr are you trying to reach?. Is it towards core or towards CE?.
Please collect the below,
show ip route vrf
show ip cef vrf
This will help us to proceed further on troubleshooting.
Regards,
Nagendra
08-10-2010 02:38 AM
Hi Nagendra,
i have taken the output at two different moments ,
1st moment :
MOF-PETRO#sh ip route vrf PAO 10.54.18.65
% Subnet not in table
MOF-PETRO#sh ip cef vrf PAO 10.54.18.65
0.0.0.0/0, version 4382, epoch 0, attached, default route handler
0 packets, 0 bytes
via 0.0.0.0, 0 dependencies
valid no route adjacency
2 nd moment :
MOF-PETRO#sh ip cef vrf PAO 10.54.18.65
10.54.18.64/26, version 4957, epoch 0, cached adjacency 10.23.255.73
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with
Recursive rewrite via 0.0.0.0/0, tags imposed {3591}
via 10.255.246.74, 0 dependencies, recursive
next hop 10.23.255.73, GigabitEthernet0/0
valid cached adjacency
tag rewrite with
Recursive rewrite via 0.0.0.0/0, tags imposed {3591}
MOF-PETRO#sh ip route vrf PAO 10.54.18.65
Routing entry for 10.54.18.64/26
Known via "bgp 4758", distance 200, metric 0, type internal
Last update from 10.255.246.74 00:00:04 ago
Routing Descriptor Blocks:
* 10.255.246.74 (Default-IP-Routing-Table), from 10.255.254.1, 00:00:04 ago
Route metric is 0, traffic share count is 1
AS Hops 0
MOF-PETRO#sh ip bgp 10.54.12.0
BGP routing table entry for 10.54.0.0/17, version 265281
Paths: (1 available, no best path)
Flag: 0x820
Not advertised to any peer
Local
10.255.240.245 (inaccessible) from 10.255.254.1 (10.255.254.1)
Origin IGP, metric 0, localpref 100, valid, internal
Originator: 10.255.240.245, Cluster list: 0.0.18.150
MOF-PETRO#sh ip bgp 10.54.18.65
BGP routing table entry for 10.54.0.0/17, version 275080
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
Not advertised to any peer
Local
10.255.240.245 from 10.255.254.1 (10.255.254.1)
Origin IGP, metric 0, localpref 100, valid, internal, best
Originator: 10.255.240.245, Cluster list: 0.0.18.150
The route i am trying to reach is another CE's ip address.
08-10-2010 07:31 AM
Hi
Can you check the i-BGP neighbor & post the output for same & also check the i-BGP next hop Ip address in routing table or check the connectvity between you i-BGP neighbors. May be you have an IGP issue so your update of VPNv4 are getting dropped.
Regards
Chetan Kumar
08-12-2010 01:14 AM
there is one problem in this config , loopback ip address 10.255.246.209 is not announced anywhere .
can anyone suggest me how to announce this ip address. whether it will announced through BGP or through statis ip address ??
08-12-2010 04:39 AM
Hi,
It seems you are not running IGP, only option is to have static route. And have check on rechability from PE's to the next-hop ips for the route you are receiving via M-BGP. And if problem is not solved, upload the n/w diag with segments you are using that wud give clear picture on ur issue.
Regards,
V Dinesh Kumar
08-12-2010 06:29 AM
Hi
.
When you use update source with BGP then it use that IP as a source to form an neighbor ship & if that Source IP is not reachable then it won't form neighbor ship. In case of directly connected network it won't require any route becasue they can reach each other.
You have to use static route to reach loopback IP of both PE or else you need to run any IGP Protocol to achive the same
I suggest you to have any IGP to run in production network becasue running static route is very tedious job & to maintain also & if you are in testing phase the i suggest you to go with static routing.
Regards
Chetan Kumar
08-12-2010 10:24 AM
Hi,
I gone thru your config and your query about loopback interface advertisement.
It is necessary to advertise loopback ip address of all routers in MPLS cloud. Since you are making ibgp neighboriship with loopback interface. So it should be reachable, it is must. Other wise your neighborship will not form. that is reason your VPNv4 routes are not exchanging in PE routers.
To confirm you VPNv4 neighborship show ip bgp vpnv4 all summary----- you can see neighbor router.
Here is a example of MPLS L3 VPN : refer the config of VRF VPN_B
http://startnetworks.blogspot.com/2010/07/mpls-l3-vpnsham-link-as-override.html
Hope this example will help you to solve your issue.
Do rate for helpful posts....
Uttam
08-13-2010 01:50 AM
Hi ,
You are correct , after announcing loopback ip address through IGP , my BGP session starts working and it remains stable.
What i didn't able to understand is i have not redistributed ospf in my BGP , neither BGP into ospf , then how come that we need ospf for proper BGP functionality , plz explain ....
also , why did announcing loopback into BGP didn't help ???
08-13-2010 10:45 AM
Hi
--------- > What i didn't able to understand is i have not redistributed ospf in my BGP , neither BGP into ospf , then how come that we need ospf for proper BGP functionality , plz explain
You was trying to configure BGP neighbour which are in different subnet ( Means using loop Back )
Take an example :
PE1 --- 1.1.1.1 ( Loopback IP ) ----- 10.1.1.1 -- Physical interface IP that connect tp PE2
PE2 --- 2.2.2.2 ( Loopback IP ) ----- 10.1.1.2 -- Physical interface IP that connect to PE1
Here if you try to configure BGP neighbor using loopback IP , Then How both PE router will come that how to reach each other means Loopback IP's not physical IP's .What is the gateway to reach the loopback IP's
( Simply a part of routing -- to check you can ping the loopback IP's but it won't ping that's the reason that you need IGP to route loopback IP's .)
In BGP you can form neighbor when the destination or remote neighbor is reachable & that is possible through IGP.
--------- > why did announcing loopback into BGP didn't help ???
Because if your BGP neighbor is not form then advertising BGP route will not prorogate to remote neighbor.
Regrads
Chetan Kumar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide