03-29-2014 10:53 PM - edited 03-04-2019 10:41 PM
Hello,
I currently have two ASRs back to back with MPLS enabled and an Internet service connected to the primary ASR. The internet service terminates inside of a VRF where I am receiving a default route via BGP from my ISP.
ISP(2.2.2.2/30)<--->(2.2.2.1/30)ASR1(10.10.10.1/30)<--->(10.10.10.2/30)ASR2
ASR1 Loopback = 1.1.1.1/32
ASR2 Loopback = 1.1.1.2/32
The routing table on ASR2 shows a default route via ASR1 and a summary route of my public IP range:
ASR2#show ip route vrf internet
Gateway of last resort is 10.10.10.1 to network 0.0.0.0
B* 0.0.0.0/0 [200/0] via 10.10.10.1, 00:35:33
1.1.1.0/24 is variably subnetted, 2 subnets, 2 masks
B 1.1.1.0/24 [200/0] via 10.10.10.1, 00:35:33
C 1.1.1.2/32 is directly connected, Loopback1
However I am only able to ping ASR2s loopback (1.1.1.2) if I source the ping from ASR1s loopback (1.1.1.1) which is seen as part of a summary route, if I source the ping from ASR1s Internet facing interface (2.2.2.1) or a host on the Internet, it fails.
I can only get ping responses back if I use a source address that has a more specific route in the routing table of ASR2 than the default. If I ping an internet host from ASR
Any ideas on how to go about troubleshooting this issue? I created an access list that matched 1.1.1.2 and did a debug ip packet while I tried to ping from ASR2 to 8.8.8.8, I do not get a response but I do get output which indicates the packet is being forwarded. I ran the same debug on ASR1 at the same time but sawe no output.
Thanks,
Steve
03-30-2014 08:35 AM
Hi Steve,
Do you have 2.2.2.1/30 and 10.10.10.1/30 as part of same vrf in ASR1?. Can you share the configuration from ASR1 and ASR2 and routing table output from ASR1?.
HTH,
Nagendra
03-31-2014 08:44 AM
Hello Nagendra,
Thanks for responding, here is the additional information:
ASR1 Configuration
ip vrf internet
rd 65001:999
route-target export 65001:999
route-target import 65001:999
!
interface Loopback1
ip vrf forwarding internet
ip address 1.1.1.1 255.255.255.255
!
interface Loopback3100
description ** MPLS/MP-BGP **
ip address 10.255.255.1 255.255.255.255
!
interface Port-channel1.3100
description ** Local Interconnect **
encapsulation dot1Q 3100
ip address 10.10.10.1 255.255.255.248
mpls ip
!
interface GigabitEthernet0/0/3
ip vrf forwarding internet
ip address 2.2.2.1 255.255.255.252
!
ip route 10.255.255.2 255.255.255.255 10.10.10.2
!
router bgp 65001
bgp log-neighbor-changes
neighbor 10.255.255.2 remote-as 65001
neighbor 10.255.255.2 update-source Loopback3100
neighbor 10.255.255.2 send-community both
!
address-family vpnv4
neighbor 10.255.255.2 activate
neighbor 10.255.255.2 send-community extended
exit-address-family
!
address-family ipv4 vrf internet
network 1.1.1.1 mask 255.255.255.255
aggregate-address 1.1.1.0 255.255.255.0 summary-only
neighbor 2.2.2.2 remote-as 65111
neighbor 2.2.2.2 activate
exit-address-family
ASR2 Configuration
ip vrf internet
rd 65001:999
route-target export 65001:999
route-target import 65001:999
!
interface Loopback3100
description ** MPLS/MP-BGP **
ip address 10.255.255.2 255.255.255.255
!
interface Loopback1
ip vrf forwarding internet
ip address 1.1.1.2 255.255.255.255
!
interface Port-channel1.3100
description ** Local Interconnect **
encapsulation dot1Q 3100
ip address 10.10.10.2 255.255.255.248
mpls ip
!
ip route 10.255.255.1 255.255.255.255 10.10.10.1
!
router bgp 65001
bgp log-neighbor-changes
neighbor 10.255.255.1 remote-as 65001
neighbor 10.255.255.1 update-source Loopback3100
neighbor 10.255.255.1 send-community both
!
address-family vpnv4
neighbor 10.255.255.1 activate
neighbor 10.255.255.1 send-community extended
exit-address-family
!
address-family ipv4 vrf internet
redistribute connected
exit-address-family
ASR1 Routing Table (internet VRF)
Gateway of last resort is 2.2.2.2 to network 0.0.0.0
B* 0.0.0.0/0 [20/0] via 2.2.2.2, 1d20h
2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 2.2.2.1/30 is directly connected, GigabitEthernet0/0/3
L 2.2.2.1/32 is directly connected, GigabitEthernet0/0/3
1.1.1.0/24 is variably subnetted, 2 subnets, 2 masks
B 1.1.1.0/24 [200/0] via 0.0.0.0, 2d19h, Null0
C 1.1.1.1/32 is directly connected, Loopback1
B 1.1.1.2/32 [200/0] via 10.255.255.2, 17:22:48
ASR 2 Routing Table (internet VRF)
Gateway of last resort is 10.255.255.1 to network 0.0.0.0
B* 0.0.0.0/0 [200/0] via 10.255.255.1, 17:22:48
1.1.1.0/24 is variably subnetted, 2 subnets, 2 masks
B 1.1.1.0/24 [200/0] via 10.255.255.1, 17:22:48
C 1.1.1.2/32 is directly connected, Loopback1
ASR1 Ping Test Results
ASR1#ping vrf internet 1.1.1.2 source loop101
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ASR1#ping vrf internet 1.1.1.2 source gig0/0/3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.1
.....
Success rate is 0 percent (0/5)
03-31-2014 08:44 AM
Steve
There are a couple of confusing things here.
Are the routing tables you posted the full route tables for the internet VRF ?
If so, a couple of commments -
1) you are redistributing connected on ASR2 but there is no sign of ASR2's loopback in ASR1's routing table ?
2) how is the ping working when you ping ASR2's loopback using ASR1s loopback as the source IP ?
I ask because ASR1 has no route to ASR2s loopback which would explain why when you ping an internet IP from ASR2 you see traffic leaving (because of the default route) but you don't see it coming back ie. it is getting dropped by the null0 route on ASR1.
But that doesn't explain why the ping between loopbacks is working.
So i may well be wrong but just wanted to clarify.
Jon
03-31-2014 12:34 PM
Hi Jon,
1) I beleive ASR2 is seeing ASR1s loopback as part of the summary because I have the aggregate-address for 1.1.1.0/24 configued on ASR1:
B 1.1.1.0/24 [200/0] via 10.255.255.1, 17:22:48
2) As above, interestingly if I configure either redistribute connected or network 2.2.2.1 mask 255.255.255.252 to ASR1s BGP process for vrf internet then I am able to ping ASR2s loopback but other hosts which would need to be routed via the default route on ASR2 still fail.
Steve
03-31-2014 12:46 PM
Hi Steve
1) I wasn't meaning ASR2 seeing ASR1's loopback because yes you have a summary route configured which ASR2 has in it's routing table.
What i meant was on ASR2 you have a redistribute connected under the BGP VRF configuration but ASR1 does not have a route for ASR2s loopback which is a connected interface so it should.
2) this has really confused me. If you look at ASR1s routing table that you posted there is no route for ASR2s loopback address so how does ASR1 know where to send it ?
I am obviously missing something here.
Jon
03-31-2014 01:12 PM
Hi Jon,
You are not missing anything, I was. I neglegted to copy that route across when I posted it into the forum. Sorry about that, the route is there and I have added it into the original post.
Thanks,
Steve
03-31-2014 01:28 PM
Steve
Thanks for clarifying that. I thought i was going a bit mad
In your original post the next hops on ASR2 are 10.10.10.1 but in the later post they are 10.255.255.1 instead.
Did you change something ?
Jon
03-31-2014 01:37 PM
Originally I had BGP configured between the interface addresses of the ASRs but changed it to use loopbacks and added static routes. It didn't resolve my problem but I left the configuration using the loopbacks anyway.
steve
03-31-2014 02:03 PM
Steve
So you are basically running MPLS between the routers without any P routers ?
Can you post a "sh mpls forwarding-table" from ASR2 ?
Jon
03-31-2014 03:10 PM
Jon
I am indeed running MPLS between the two without any P routers. Interestingly I see no default route but I also see no entry for 1.1.1.1. The MPLS forwarding table on ASR1 likewise does not show an entry for 1.1.1.2.
ASR2#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
18 Pop Label 10.255.255.1/32 0 Po1.3100 10.10.10.1
20 Pop Label 1.1.1.1.2/32[V] \
0 aggregate/internet
03-31-2014 03:36 PM
Steve
I have never done this ie. PE to PE without a P router so not sure what is going on.
Can you post the output of "sh mpls ldp bindings" so we can see what is labels are being assigned to the prefixes ?
By the way, is there a specific reason to run MPLS between the ASRs rather than just extend the VRF back to ASR2 ie. allocate the interfaces connecting the ASRs into the same VRF ?
Jon
03-31-2014 03:36 PM
Steve
In addtion to the previous output can you post a "sh mpls ldp neighbor" as well.
Jon
03-31-2014 04:30 PM
ASR2#sh mpls ldp bindings
lib entry: 10.255.255.1/32, rev 2
local binding: label: 18
remote binding: lsr: 10.255.255.1:0, label: imp-null
lib entry: 10.255.255.2/32, rev 4
local binding: label: imp-null
remote binding: lsr: 10.255.255.1:0, label: 22
lib entry: 10.10.10.0/29, rev 6
local binding: label: imp-null
remote binding: lsr: 10.255.255.1:0, label: imp-null
ASR2#show mpls ldp neighbor
Peer LDP Ident: 10.255.255.1:0; Local LDP Ident 10.255.255.2:0
TCP connection: 10.255.255.1.646 - 10.255.255.2.39626
State: Oper; Msgs sent/rcvd: 2915/2914; Downstream
Up time: 1d18h
LDP discovery sources:
Port-channel1.3100, Src IP addr: 10.10.10.2
Addresses bound to peer LDP Ident:
10.255.255.1 10.10.10.1
03-31-2014 04:58 PM
Steve
Sorry to keep asking for outputs but can you post "sh mpls forwarding-table vrf internet" assuming that command is available.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide