06-01-2020 11:42 AM
Hello everybody,
I have the following topology. Network A needs to talk to Network B.
I created Customer VRF on the middle PE (PE-X) and I successfully saw the routes from both sides, however Network A still cannot ping network B. also, traceroute shows astrisks.
I got a solution by enabling address-family vrf CustomerX under MP-BGP.
Can anybody explain why this solved the problem?
06-01-2020 12:40 PM - edited 06-01-2020 12:47 PM
Are network A and network B the only two networks you advertise? If so, make sure use them as the source when you ping the other side (ie. ping <network B> source <network A> and vice versa.
> I got a solution by enabling address-family vrf CustomerX under MP-BGP.
You mean enabling it on PE-X?
By the way, did you configure as a route-reflector for address-family vpnv4?
Regards,
06-01-2020 12:48 PM - edited 06-01-2020 12:49 PM
Thank you Harold.
Yes, I am sure of the ping's source.
and Yes, I mean enabling "address-family ipv4 vrf Customer" on PE-X.
By the way, it is not a router.
PE-1 is an ASR
PE-2 and PE-X is a nexus N7K.
So, the correct syntax is:
router bgp 65000 vrf Customer address-family ipv4 unicast !
06-01-2020 01:28 PM - edited 06-01-2020 01:30 PM
Hi Mohammad,
You do not need to enable "address-family ipv4 vrf Customer" on PE-X, unless there are actually local customers belonging to that VRF.
On the other hand, Do you have a direct VPNv4 session between PE1 and PE2 or do PE1 and PE2 only have a BGP session to PE-X? If so, PE-X needs to reflect VPNv4 routes from PE1 to PE2 and vice versa, in which case it needs to be configured as a route reflector for that address family.
Regards,
06-01-2020 01:53 PM
@Harold Ritter wrote:You do not need to enable "address-family ipv4 vrf Customer" on PE-X, unless there are actually local customers belonging to that VRF.
Yes, and that is why I am asking for explanation.
On the other hand, Do you have a direct VPNv4 session between PE1 and PE2 or do PE1 and PE2 only have a BGP session to PE-X? If so, PE-X needs to reflect VPNv4 routes from PE1 to PE2 and vice versa, in which case it needs to be configured as a route reflector for that address family.
Yes, there is a full mesh BGP session for both IPv4 and VPNv4.
06-01-2020 02:19 PM
Can you confirm that LDP sessions are up between PE1 and PE-X and between PE2 and PE-X?
Regards,
06-01-2020 02:31 PM
LDP sessions between PE-1 and PE-x AND PE-2 and PE-x are up for weeks.
Actually, this is not the first abnormal behavior between Nexus and ASR.
I have very strange cases. For example, BGP will never install routes in the routing table unless the bgp neighbor is learned via EIGRP. However, routes are there in BGP table. Static routing and OSPF makes BGP stuck and reject all routes. This is a very strange behavior.
ASR itself, has many GP session with other routers. It is stable.
Nexus itself, has another BGP session with another Nexus and BGP neighbor is learned via OSPF. No problem at all.
Only Nexus and ASR shows misbehavior.
06-01-2020 05:31 PM
Could you please post the configuration for PE1, PE-X and PE2.
Regards,
06-02-2020 04:06 AM
Actually, it is a classified information that i cannot expose without customer permission. However, I will establish a lab with c7200 routers to simulate the case and post the configuration.
I am sure, c7200 will work correctly, as the problem is between nexus and ASR.
The purpose of the lab is to show you how devices are configured, but not to replicate the behavior.
Give me some time, and I will reply back to this thread.
06-02-2020 06:34 AM - edited 06-02-2020 09:13 AM
In the meantime, it would be useful to do a "show ip cef vrf <vrf-name> <network a> det" from PE1 and vice versa on PE2 in the customer network to verify that the label stack is fine.
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide