Solved: Re: MPLS EVPN

mmaamm238 · ‎11-19-2024

Hi,

I have configured MPLS EVPN and control plane seems to work but cannot ping from one BD-VIF to another BD-VIF. MPLS VPN over DMVPN works already and I added EVPN to it.

I used this link for configuration:

https://www.cisco.com/c/en/us/td/docs/routers/ios/config/17-x/mpls/b-mpls/m-ce-evpn-single-homing.html

How can I troubleshoot it?

sh bgp l2vpn evpn

*>i [2][10.1.1.1:10][0][48][000100010002][32][99.0.0.3]/24
<<IP RR2>> 0 100 0 ?
*> [2][10.1.1.1:10][0][48][000100010003][32][99.0.0.1]/24
:: 32768 ?
*>i [2][10.1.1.1:10][0][48][000100010004][32][99.0.0.2]/24
<<IP Spoke2>> 0 100 0 ?
* i <<IP Spoke2>> 0 100 0 ?
*>i [3][10.1.1.1:10][0][32][<<IP RR2>>]/17
<<IP RR2>> 0 100 0 ?
*> [3][10.1.1.1:10][0][32][192.168.252.72]/17
:: 32768 ?
*>i [3][10.1.1.1:10][0][32][<<IP Spoke2>>]/17
<<IP Spoke2>> 0 100 0 ?
* i <<IP Spoke2>> 0 100 0 ?

sh l2vpn evpn evi

EVI BD Ether Tag BUM Label Unicast Label Pseudoport
----- ----- ---------- --------- ------------- ------------------
10 10 0 58 340 Po3:10
245 BD-VIF10

sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 99.0.0.1 - 0001.0001.0003 ARPA BD-VIF10
Internet 99.0.0.3 6 0001.0001.0002 ARPA BD-VIF10

p 99.0.0.3 so 99.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 99.0.0.3, timeout is 2 seconds:
Packet sent with a source address of 99.0.0.1
.....
Success rate is 0 percent (0/5)

Harold Ritter · ‎12-15-2024

Hi @mmaamm238 ,

After validation, the BD-VIF approach should work too. Can you please go back to your original configuration with the BD-VIF, but with a slight modification on Spoke1 and RR2:

l2vpn evpn

no mpls label mode

This should allow you to ping between the two BD-VIFs.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

View solution in original post

Harold Ritter · ‎11-21-2024

Hi @mmaamm238 ,

Can you please provide the configuration for the two devices.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

mmaamm238 · ‎11-23-2024

Hi Harold,

MPLS VPN over DMVPN have configured already and is working. Now I only added these configs:

Harold Ritter · ‎11-23-2024

Hi @mmaamm238 ,

You need to add the following on both Spoke1 and RR2:

interface BD-VIF10

encapsulation dot1q 10

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

mmaamm238 · ‎11-23-2024

Hi Harold,

I cannot enter encapsulation dot1q 10 under interface BD-VIF10.

Error: % Invalid input detected at '^' marker.

Harold Ritter · ‎11-24-2024

Hi @mmaamm238 ,

Try using a bridge domain interface instead of a bridge domain virtual IP interface.

bridge-domain 10

no member bd-vif 10

member bdi 10

!

interface bdi 10

ip address 99.0.0.1 255.255.255.0

encapsulation dot1q 10

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

mmaamm238 · ‎11-25-2024

Hi Harold,

It does not accept member bdi 10 under bridge-domain 10.

Error: % Incomplete command.

Harold Ritter · ‎11-25-2024

Hi @mmaamm238 ,

Sorry. You do not need to put the BD interface under the bridge-domain.

Are you able to ping without it.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

mmaamm238 · ‎11-25-2024

Hi Harold,

Without putting BD interface under the bridge-domain, I cannot ping and even control plane does not show MAC and IP.

Harold Ritter · ‎11-26-2024

Hi @mmaamm238 ,

Can please provide more information about the platform is being used for the two devices and what OS version?

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

mmaamm238 · ‎11-26-2024

Hi Harold,

Spoke is 4451-X and IOS is 17.12.4

RR is ASR1001-HX and IOS is 17.12.3

MHM Cisco World · ‎11-25-2024

You use physical or LO to establish bgp between VTEP?

You need to use LO or use physical interface that not use in mpls labeling.

Use LO under bgp then check ping

MHM

mmaamm238 · ‎11-25-2024

Hi MHM,

I do not use VXLAN.

I use Loopback for update source in BGP but cannot ping.

MHM Cisco World · ‎11-26-2024

I know friend you run EVPN but FYI it same

now from spoke

ping mpls RR using source LO of Spoke

see in which Hop/s the MPLS label is failed

MHM

mmaamm238 · ‎11-26-2024

Hi MHM,

ping mpls ipv4 <Loopback of RR2>/32 source <Loopback of Spoke1>
Sending 5, 72-byte MPLS Echos to <Loopback of RR2>/32,
timeout is 2 seconds, send interval is 0 msec:

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'l' - Label switched with FEC change, 'd' - see DDMAP for return code,
'X' - unknown return code, 'x' - return code 0

Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/8/15 ms
Total Time Elapsed 41 ms

It works and no problem. As I said MPLS VPN over DMVPN is already configured and works. I only added EVPN to it.