03-02-2020 03:01 AM
Hello
I'm trying to setup a poc where I want to interconnect vrf's.
2 Branches with different subnets connected with a mpls connection.
I have following setup:
PC1 ---- SW1 -----SW2----PC2
Config SW1:
ip vrf MGMNT
rd 65000:200
route-target export 65000:200
route-target import 65000:200
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface GigabitEthernet0/1
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet0/0
no switchport
ip address 10.10.10.1 255.255.255.252
mpls ip
!
interface Vlan200
ip vrf forwarding MGMNT
ip address 10.100.10.1 255.255.255.0
!
router bgp 65000
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 65000
neighbor 2.2.2.2 update-source Loopback0
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community both
neighbor 2.2.2.2 next-hop-self
exit-address-family
!
address-family ipv4 vrf MGMNT
redistribute connected
exit-address-family
!
ip route 2.2.2.2 255.255.255.255 10.10.10.2
!
Config SW2:
ip vrf MGMNT
rd 65000:200
route-target export 65000:200
route-target import 65000:200
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface GigabitEthernet0/1
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet0/0
no switchport
ip address 10.10.10.2 255.255.255.252
mpls ip
!
interface Vlan200
ip vrf forwarding MGMNT
ip address 10.200.10.1 255.255.255.0
!
router bgp 65000
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 65000
neighbor 1.1.1.1 update-source Loopback0
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community both
neighbor 1.1.1.1 next-hop-self
exit-address-family
!
address-family ipv4 vrf MGMNT
redistribute connected
exit-address-family
!
ip route 1.1.1.1 255.255.255.255 10.10.10.1
!
PC1:
ip: 10.100.10.10/24
PC2:
ip: 10.200.10.10/24
Both PC's can ping their gateway. If I want to ping from one side to the other however, pings don't return.
I'm not sure what's wrong here or is the virtual setup the cause here.
Any help appreciated.
Thanks a lot.
03-03-2020 01:33 AM
Some show commands:
Is it normal behavior that there is no label for that one subnet, while SW2 (mirror config) does get a label for it's subnet.
SW1#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
17 Pop Label 2.2.2.2/32 0 Gi0/0 10.10.10.2
18 No Label 10.100.10.0/24[V] \
0 aggregate/MGMNT
SW2#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 1.1.1.1/32 0 Gi0/0 10.10.10.1
18 Pop Label 10.200.10.0/24[V] \
13514 aggregate/MGMNT
03-03-2020 11:44 AM
Hi,
Control-plane works, as you see the routes; data-plane is the problem, due to the missing label on SW1; try rebooting it.
Regards,
Cristian Matei.
03-03-2020 01:12 PM
Hello Cristian,
thanks for having provided this useful suggestion!
At first sight SW1 looked like correct but compared to SW2 output the no label is like a ringing bell when troubleshooting MPLS issues.
control plane even when an IP only path exists.
the forwarding plane requires an MPLS end to end path working
L3 VPN use two labels the inner label is provided by MP BGP as an attribute of the MP NLRI.
SW1 failed to allocate a label to the locally attached route /FEC in VRF with real devices I would look to licensing problems in IOS XR or nexus NX OS but here the SW1 and SW2 are likely running IOS XE.
Best Regards
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide