cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3750
Views
1
Helpful
23
Replies

MPLS EVPN

mmaamm238
Level 1
Level 1

Hi,

I have configured MPLS EVPN and control plane seems to work but cannot ping from one BD-VIF to another BD-VIF. MPLS VPN over DMVPN works already and I added EVPN to it.

I used this link for configuration:

https://www.cisco.com/c/en/us/td/docs/routers/ios/config/17-x/mpls/b-mpls/m-ce-evpn-single-homing.html

How can I troubleshoot it?

 

sh bgp l2vpn evpn

*>i [2][10.1.1.1:10][0][48][000100010002][32][99.0.0.3]/24
<<IP RR2>> 0 100 0 ?
*> [2][10.1.1.1:10][0][48][000100010003][32][99.0.0.1]/24
:: 32768 ?
*>i [2][10.1.1.1:10][0][48][000100010004][32][99.0.0.2]/24
<<IP Spoke2>> 0 100 0 ?
* i <<IP Spoke2>> 0 100 0 ?
*>i [3][10.1.1.1:10][0][32][<<IP RR2>>]/17
<<IP RR2>> 0 100 0 ?
*> [3][10.1.1.1:10][0][32][192.168.252.72]/17
:: 32768 ?
*>i [3][10.1.1.1:10][0][32][<<IP Spoke2>>]/17
<<IP Spoke2>> 0 100 0 ?
* i <<IP Spoke2>> 0 100 0 ?

 

sh l2vpn evpn evi

EVI BD Ether Tag BUM Label Unicast Label Pseudoport
----- ----- ---------- --------- ------------- ------------------
10 10     0           58              340              Po3:10
                                            245               BD-VIF10

 

sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 99.0.0.1 - 0001.0001.0003 ARPA BD-VIF10
Internet 99.0.0.3 6 0001.0001.0002 ARPA BD-VIF10

 

p 99.0.0.3 so 99.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 99.0.0.3, timeout is 2 seconds:
Packet sent with a source address of 99.0.0.1
.....
Success rate is 0 percent (0/5)

 

 

23 Replies 23

Share traceroute mpls add verbose in end to see retrun code.

MHM

Hi MHM,

trac mpls ipv4 <Loopback of RR2>/32 so <Loopback of Spoke1> verbose
Tracing MPLS Label Switched Path to <Loopback of RR2>/32, timeout is 2 seconds

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'l' - Label switched with FEC change, 'd' - see DDMAP for return code,
'X' - unknown return code, 'x' - return code 0

Type escape sequence to abort.
0 <Tunnel IP of Spoke1> <Tunnel IP of RR2> MRU 1472 [Labels: implicit-null Exp: 0]
! 1 <Tunnel IP of RR2> 8 ms, ret code 3

Harold Ritter
Spotlight
Spotlight

Hi @mmaamm238 ,

Sorry for not following up earlier on this issue. It appears the issue is with the BDI interface not being up on RR2 as there is no attachment circuit on this router. Can you please provide a "show bridge-domain 10" from RR2 to confirm this?

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

mmaamm238
Level 1
Level 1

Hi Harold,

Yes. You are correct.

RR2#show bridge-domain 10
Bridge-domain 10 (2 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
Unknown Unicast Flooding Suppression: Disabled
Maximum address limit: 65536
BDI10 (down)
EVPN Instance 10
AED MAC address Policy Tag Age Pseudoport
-----------------------------------------------------------------------------
- 0001.0001.0002 to_bdi static 0 BDI10

Regards

Hi @mmaamm238 ,

Thanks for confirming. This is indeed the reason you can't ping between Spoke1 and RR2.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Hi Harold,

Thank you. How can I solve it?

What was the problem with BD-VIF?

Regards,

Hi @mmaamm238 ,

After validation, the BD-VIF approach should work too. Can you please go back to your original configuration with the BD-VIF, but with a slight modification on Spoke1 and RR2:

l2vpn evpn

no mpls label mode 

This should allow you to ping between the two BD-VIFs.

Regards,

 

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Hi Harold,

It was successful.

Thank you very very much.

It took some months to resolve.

Can you explain it to me?

Regards,

Hi @mmaamm238 ,

According to the documentation, per-ce will allocate one label per access port, but you do not have an access port on RR2. This would be the source of the issue.

https://www.cisco.com/c/en/us/td/docs/routers/ios/config/17-x/mpls/b-mpls/m-ce-evpn-single-homing.html

Regards,

 

Regards,
Harold Ritter, CCIE #4168 (EI, SP)