Re: MPLS L3VPN ping fails in Inter-AS Option C

JOKERR · ‎01-19-2024

Hello,

I am facing ping issues between CE-CE in Inter-AS Option C. I have routes learned and MPLS path established. Traceroute shows that ping is failing at PE router. This is same from both sides.

XE-R1#sh ip route
Gateway of last resort is not set

      1.0.0.0/32 is subnetted, 1 subnets
C        1.1.1.1 is directly connected, Loopback0
      16.0.0.0/32 is subnetted, 1 subnets
O E2     16.16.16.16 [110/2] via 81.1.1.1, 01:11:59, GigabitEthernet4
      81.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        81.1.1.0/24 is directly connected, GigabitEthernet4
L        81.1.1.2/32 is directly connected, GigabitEthernet4
      82.0.0.0/24 is subnetted, 1 subnets
O E2     82.1.1.0 [110/1] via 81.1.1.1, 01:41:50, GigabitEthernet4

But Traceroute fails to R16.

XE-R1#traceroute 16.16.16.16 so lo0
Type escape sequence to abort.
Tracing the route to 16.16.16.16
VRF info: (vrf in name/id, vrf out name/id)
  1 81.1.1.1 58 msec 1 msec 0 msec
  2  *  *  *
  3  *  *  *
  4  *

I have BGP labels and MPLS path established to the next hop.

XE-R3#show bgp vpnv4 uni all labels
   Network          Next Hop      In label/Out label
Route Distinguisher: 3:35 (RED)
   1.1.1.1/32       81.1.1.2        3010/nolabel
   16.16.16.16/32   55.55.55.55     nolabel/555012
   81.1.1.0/24      0.0.0.0         3011/nolabel(RED)
   82.1.1.0/24      55.55.55.55     nolabel/555000

And MPLS forwarding table shows all labels for XR-R5's loopback

XE-R3#sh mpls forwarding-table
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
3000  [T]  Pop Label  0/1[TE-Bind]     0             Tu0        point2point
3001       Pop Label  4.4.4.4/32       0             Gi3        16.1.1.1
3002       Pop Label  2.2.2.2/32       0             Gi2        13.1.1.1
3003       Pop Label  14.1.1.0/24      0             Gi2        13.1.1.1
           Pop Label  14.1.1.0/24      0             Gi3        16.1.1.1
3004       Pop Label  15.1.1.0/24      0             Gi3        16.1.1.1
3005       Pop Label  17.1.1.0/24      0             Gi1        12.1.1.2
           Pop Label  17.1.1.0/24      0             Gi3        16.1.1.1
3006       Pop Label  10.1.1.0/24      0             Gi2        13.1.1.1
3007       Pop Label  6.6.6.6/32       0             Gi1        12.1.1.2
3008       Pop Label  11.1.1.0/24      0             Gi1        12.1.1.2
3009  [T]  Pop Label  5.5.5.5/32       0             Tu0        point2point
3010       No Label   1.1.1.1/32[V]    0             Gi4        81.1.1.2
3011       No Label   81.1.1.0/24[V]   0             aggregate/RED
3012  [T]  5011       55.55.55.55/32   0             Tu0        point2point

I can also do a MPLS traceroute and it works with TE Tunnels also

XE-R3#traceroute mpls ipv4 55.55.55.55/32 source 3.3.3.3
Tracing MPLS Label Switched Path to 55.55.55.55/32, timeout is 2 seconds

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
  'L' - labeled output interface, 'B' - unlabeled output interface,
  'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
  'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
  'P' - no rx intf label prot, 'p' - premature termination of LSP,
  'R' - transit router, 'I' - unknown upstream index,
  'l' - Label switched with FEC change, 'd' - see DDMAP for return code,
  'X' - unknown return code, 'x' - return code 0

Type escape sequence to abort.
  0 13.1.1.2 MRU 1500 [Labels: 2009/5011 Exp: 0/0]
L 1 13.1.1.1 MRU 1500 [Labels: 4008/5011 Exp: 0/0] 94 ms
L 2 14.1.1.1 MRU 1500 [Labels: 6000/5011 Exp: 0/0] 83 ms
L 3 17.1.1.2 MRU 1500 [Labels: implicit-null/5011 Exp: 0/0] 99 ms
L 4 11.1.1.1 MRU 1500 [Labels: 111003 Exp: 0] 80 ms
L 5 100.1.1.2 MRU 1500 [Labels: 222011/implicit-null Exp: 0/0] 26 ms
L 6 21.1.1.2 MRU 1500 [Labels: 333010/implicit-null Exp: 0/0] 23 ms
L 7 24.1.1.1 MRU 1500 [Labels: 444011/implicit-null Exp: 0/0] 23 ms
L 8 23.1.1.2 MRU 1500 [Labels: implicit-null/implicit-null Exp: 0/0] 23 ms
! 9 19.1.1.2 24 ms

CEF entries

XE-R3#sh ip cef vrf RED 16.16.16.16
16.16.16.16/32
  nexthop 5.5.5.5 Tunnel0 label 5011-(local:3012) 555012

Same thing happens from the other PE side.

XE-R16#sh ip route
Gateway of last resort is not set

      1.0.0.0/32 is subnetted, 1 subnets
O E2     1.1.1.1 [110/2] via 82.1.1.1, 01:18:22, GigabitEthernet2
      16.0.0.0/32 is subnetted, 1 subnets
C        16.16.16.16 is directly connected, Loopback0
      81.0.0.0/24 is subnetted, 1 subnets
O E2     81.1.1.0 [110/1] via 82.1.1.1, 01:18:22, GigabitEthernet2
      82.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        82.1.1.0/24 is directly connected, GigabitEthernet2
L        82.1.1.2/32 is directly connected, GigabitEthernet2

XE-R16#traceroute 1.1.1.1 so lo0
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
  1 82.1.1.1 12 msec 2 msec 1 msec
  2  *  *  *
  3  *  *  *
  4  *  *  *
  5  *  *  *

I am not sure if I am missing any config. Can someone please help with this? I am stuck here and can't move forward.

Thank you.

Giuseppe Larosa · ‎01-24-2024

Hello @JOKERR ,

I would suggest you to simplify your lab: remove all traffic engineering stuff and focus on the inter AS L3 VPN first.

Hope to help

Giuseppe

JOKERR · ‎01-25-2024

Hello Giuseppe,

Thank you for reply. I did shut off TE tunnels and tried. But facing same issue.

Giuseppe Larosa · ‎01-25-2024

Hello @JOKERR ,

on the ASBR routers you should set next-hop self towards MP iBGP neighbors in address family vpnv4 or follow @Harold Ritter 's suggestion to use BGP labelled unicast BGP LU as a way to fix the data plane

Hope to help

Giuseppe

villerblender87 · ‎01-25-2024

Routing Configuration Check:
- Use AI-driven analysis tools to inspect the routing configurations on both ends of the MPLS Layer 3 VPN in Inter-AS Option C. Ensure that the routes are correctly distributed and reachable between the autonomous systems.
Label Distribution Verification:
- Employ AI algorithms to analyze the label distribution mechanisms. Verify that the correct labels are assigned and distributed across the Multiprotocol Label Switching (MPLS) network for the Layer 3 VPN routes.
Inter-AS Option C Implementation:
- Utilize AI-enhanced diagnostics to validate the correct implementation of Inter-AI Option C. Ensure that the Autonomous System Border Routers (ASBRs) are appropriately configured to facilitate the exchange of VPN routes.
Firewall and Security Policies:
- Leverage Ai based security analysis to review firewall and security policies between the autonomous systems. Confirm that there are no restrictions or misconfigurations preventing ICMP traffic, such as ping, between the VPN sites.
Traffic Engineering Considerations:
- Use AI insights to examine any Traffic Engineering (TE) configurations that might impact the path selection of MPLS L3VPN traffic. Ensure that TE parameters align with the desired network behavior.
Logging and Tracing:
- Employ AI-driven log analysis to trace any potential issues in real-time. Analyze logs for error messages or anomalies that could shed light on why the MPLS L3VPN ping is failing in Inter-AS Option C.
Vendor-Specific Considerations:
- If applicable, consult vendor-specific documentation or AI-powered vendor support tools to address any known issues or best practices related to MPLS L3VPN in an Inter-AS Option C scenario.

Harold Ritter · ‎01-25-2024

Hi @JOKERR ,

Your configurations look good. It might be some limitations with the support of LDP over TE tunnels on the XR side. You could verify by running the following command on XR-R5 and see if a label is imposed:

show cef 3.3.3.3 detail

What XRv version do you use in your simulation?

Could you try extending the BGP LU from XR-R1 to XR-R5, advertise XR-R5 loopback IP address locally and see if it fixes the issue.

XR-R1:

router isis ISP-2

address-family ipv4 unicast

no redistribute bgp 12345 level-1-2

!

router bgp 12345

address-family ipv4 uni

no network 55.55.55.55/32

neighbor 55.55.55.55

remote-as 12345

update-source Loopback0

address-family ipv4 labeled-unicast

next-hop-self

XR-R5:

router bgp 12345

address-family ipv4 unicast

network 55.55.55.55/32

allocate-label all

!

neighbor 11.11.11.11

remote-as 12345

update-source Loopback0

address-family ipv4 labeled-unicast

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

MPLS L3VPN ping fails in Inter-AS Option C

MPLS na Prática: Implementando MPLS L3VPN

MPLS L3VPN Internet Access (Option 1)

Inter-AS SR-MPLS option C with IOS-XE 17.13.01a

MPLS L3VPN Internet Access (Option 2)

MPLS L3VPN connectivity issue between CEs