Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
742
Views
5
Helpful
3
Replies

Inter vrf - MPLS link

WimVS
Level 1
Level 1

‎03-02-2020 03:01 AM

Hello

 

I'm trying to setup a poc where I want to interconnect vrf's.

2 Branches with different subnets connected with a mpls connection. 

 

I have following setup: 

PC1 ---- SW1 -----SW2----PC2

 

Config SW1:

 

ip vrf MGMNT
rd 65000:200
route-target export 65000:200
route-target import 65000:200

interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface GigabitEthernet0/1
 switchport access vlan 200
 switchport mode access
!
interface GigabitEthernet0/0
 no switchport
 ip address 10.10.10.1 255.255.255.252
 mpls ip
!
interface Vlan200
 ip vrf forwarding MGMNT
 ip address 10.100.10.1 255.255.255.0
!
router bgp 65000
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 65000
 neighbor 2.2.2.2 update-source Loopback0
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community both
  neighbor 2.2.2.2 next-hop-self
 exit-address-family
 !
 address-family ipv4 vrf MGMNT
  redistribute connected
 exit-address-family

!
ip route 2.2.2.2 255.255.255.255 10.10.10.2
!

 

Config SW2:

 

ip vrf MGMNT
 rd 65000:200
 route-target export 65000:200
 route-target import 65000:200
!

interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface GigabitEthernet0/1
 switchport access vlan 200
 switchport mode access
!
interface GigabitEthernet0/0
 no switchport
 ip address 10.10.10.2 255.255.255.252
 mpls ip
!
interface Vlan200
 ip vrf forwarding MGMNT
 ip address 10.200.10.1 255.255.255.0
!
router bgp 65000
 bgp log-neighbor-changes
 neighbor 1.1.1.1 remote-as 65000
 neighbor 1.1.1.1 update-source Loopback0
 !
 address-family vpnv4
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 send-community both
  neighbor 1.1.1.1 next-hop-self
 exit-address-family
 !
 address-family ipv4 vrf MGMNT
  redistribute connected
 exit-address-family
!

ip route 1.1.1.1 255.255.255.255 10.10.10.1

!

 

PC1:

ip: 10.100.10.10/24

PC2: 

ip: 10.200.10.10/24

 

Both PC's can ping their gateway. If I want to ping from one side to the other however, pings don't return.

I'm not sure what's wrong here or is the virtual setup the cause here.

 

Any help appreciated.

Thanks a lot.

 

Labels:
0 Helpful
3 Replies 3

WimVS
Level 1
Level 1

‎03-03-2020 01:33 AM

Some show commands:

 

Is it normal behavior that there is no label for that one subnet, while SW2 (mirror config) does get a label for it's subnet.

 

SW1#show mpls forwarding-table
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
17         Pop Label  2.2.2.2/32       0             Gi0/0      10.10.10.2
18         No Label   10.100.10.0/24[V]   \
                                       0             aggregate/MGMNT

 

SW2#show mpls forwarding-table
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
16         Pop Label  1.1.1.1/32       0             Gi0/0      10.10.10.1
18         Pop Label  10.200.10.0/24[V]   \
                                       13514         aggregate/MGMNT

 

 

SW1#show ip route vrf MGMNT
Routing Table: MGMNT
Gateway of last resort is not set
      10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C        10.100.10.0/24 is directly connected, Vlan100
L        10.100.10.1/32 is directly connected, Vlan100
B        10.200.10.0/24 [200/0] via 2.2.2.2, 00:30:53
 
SW2#show ip route vrf MGMNT
Routing Table: MGMNT
Gateway of last resort is not set
      10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
B        10.100.10.0/24 [200/0] via 1.1.1.1, 00:30:46
C        10.200.10.0/24 is directly connected, Vlan200
L        10.200.10.1/32 is directly connected, Vlan200
 
 
Kind regards.

 

 

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni
In response to WimVS

‎03-03-2020 11:44 AM

Hi,

 

    Control-plane works, as you see the routes; data-plane is the problem, due to the missing label on SW1; try rebooting it.

 

Regards,

Cristian Matei.

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to Cristian Matei

‎03-03-2020 01:12 PM

Hello Cristian,

thanks for having provided this useful suggestion!

At first sight SW1 looked like correct but compared to SW2 output the no label is like a ringing bell when troubleshooting MPLS issues.

 

control plane even when an IP only path exists.

the forwarding plane requires an MPLS end to end path working

 

L3 VPN use two labels the inner label is provided by MP BGP as an attribute of the MP NLRI.

 

SW1 failed to allocate a label to the locally attached route /FEC in VRF with real devices I would look to licensing problems in IOS XR or nexus NX OS but here the SW1 and SW2 are likely running IOS XE.

 

Best Regards

Giuseppe

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card