Solved: Re: eBGP vpnv4 route ping failure

ElshanMammadli5597 · ‎07-08-2023

We have faced routing issue with

bgp

We can see

vrf routes

which learns from

ebgp peer

Routes installed in

vrf routing

table but ping is fail. between

ebgp peers  runs ISIS as IGP

Between

ebgp peers

have one node and it is runs as transit role. in this transit routers have isis and mpls. remote

ebgp peer learns vrf router

from

ibgp peer.

We can see routes in both side. Everthing seems normally but ping is fail

Simple topology have attached

Harold Ritter · ‎07-10-2023

Hi @ElshanMammadli5597 ,

1. Can you replace

ebgp-multihop 10 by ebgp-multihop 10 mpls on both NCS55A2 and Remote N540L

2. Can you provide the output for

show cef vrf azercell 10.22.99.0/24 det from NCS55A2

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

View solution in original post

MHM Cisco World · ‎07-08-2023

CE-PE-P-PE-CE

you want to ping from

PE to CE

?
if Yes

use ping vrf x.x.x.x source interface/IP <PE IP in same VRF>

ElshanMammadli5597 · ‎07-08-2023

Thanks . Yes i try to ping from PE to PE and to CE like

ping vrf azercell x.x.x.x source interface xxx

But resul is same. ping is unreachible

MHM Cisco World · ‎07-08-2023

show ip route vrf azercell 10.130.73.73

share this please

ElshanMammadli5597 · ‎07-08-2023

MHM Cisco World · ‎07-08-2023

the destination in

RIB VRF

that OK
NOW let check label for this

prefix

show ip bgp vpnv4 vrf azercell 10.130.73.73

ElshanMammadli5597 · ‎07-08-2023

The

OS is XR

in router. the command

sintaksis

is not same but similar

MHM Cisco World · ‎07-08-2023

this simple lab, I test

ping from PE to CE

same issue as yours and

ping from CE to CE

is success.
in my lab I know exactly what happened, I dont

redistribute

connect into routing protocol (

VRF

aware).
the

show ip bgp vpnv4 all

only display route for

CE's not prefix for connect PE-CE

with

redistribute

connect then I start to appear

MHM Cisco World · ‎07-09-2023

sorry I forget to attach this photo
the ping success after I add

redistribute connect in PE R1

M02@rt37 · ‎07-08-2023

Hello @ElshanMammadli5597,

Please add source to your ping test.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

ElshanMammadli5597 · ‎07-08-2023

i am also try this method. ping from source

 ip.add.

I can see

source ip add in remote side

Maybe issus is releated

mpls and bgp

configuration. I write simple

vpn4 bgp cfg

Maybe we have to add extra attribute

Harold Ritter · ‎07-08-2023

Hi @ElshanMammadli5597 ,

It could be that the end to end LSP is not setup properly.

From the

NCS55A2

can you perform the following command to verify whether you have a functioning end to end LSP or not.

ping mpls ipv4 10.79.32.130/32 source 172.20.19.17

And from the ASR920:

ping mpls ipv4 172.20.19.17/32 source 10.79.32.130

Also, I see all the

VPNv4 prefixes on the NCS55A2 with a next hop of 10.79.32.102

This is incorrect and breaks the end to end LSP. You should use the

next-hop

unchanged when you announce the

VPNv4 prefixes

from the middle router

(Remote N540L) to the NCS55A2

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

ElshanMammadli5597 · ‎07-09-2023

Hello Mr Harold Ritter

Thanks for detailed information.

In our topology run two

igp

protocols. Between

NCS55A2

and Remote runs

ISIS and runs OSPD

from Remote

N540 direction ASR920. So NCS55A2 dont know 10.79.32.130

I have to

redistrubute isis to ospf

and back to see each other.

Harold Ritter · ‎07-09-2023

Hi @ElshanMammadli5597

Thanks for the info.

I forgot to mention that you need to configure

mpls oam

on all the routers in order to run the

ping mpls

Please make the change on all routers and retry the

ping mpls

command.

> I have to

redistrubute isis to ospf

and back to see each other.

This is expected. When I mentioned that you needed to have an end to end LSP, it didn't mean having one end to end IGP.

Did you also change the configuration on the middle router

(Remote N540L)

to use the

next-hop-unchanged

under the

address-family vpnv4

as follow:

router bgp 65030

neighbor 172.20.19.17

address-family vpnv4 unicast

next-hop-unchanged

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

ElshanMammadli5597 · ‎07-09-2023

Hi @Harold Ritter

mpls oam

have configured end to end. I have also added

next-hop-unchanged

But result is same. We have two route which origin is Remote

N540L

i can not ping that ip add also. I think that issue related to AS number or

bgp

config and middle router . Becasue

AS34170

is public AS ,

AS65030

is private AS.