07-27-2010 02:16 AM - edited 03-04-2019 09:11 AM
Hello :
I have one problem establishing conection between two VPN sites. I have CE-PE routing protocol running OSPF. I am
sharing the topology and I want to achieve.
CE(R7)______PE1-----------------------PE2___________CE (BB1)VPN_A)
| |
| |
P________________________P
ON CE (R7)
I could able to see the routes of BB1. But unable to ping R7 to BB1 vice versa. PE1 & 2 both are running MPBGP and customer
OSPF routes have been redistributed into MPBGP. Lets say an example if i want to ping loopback address of BB1 from R7 , I am
unable to ping. I see the routes are being advertised in R7. Next hop is reachable. If I do trace route , I see the packet is
dropping on after it hits the PE1 router.
Any thought would be much appreciated.
07-27-2010 05:17 AM
You may have a problem with labels within the MPLS Backbone.
Check the mpls forwarding table on all P and PE routers.
Regards,
Edison
07-27-2010 08:42 AM
Hello Edison :
Thanks for your reply. This is the following MPLS forwarding table I have for my two cores ( R1 & R5).
R1
===========
R1#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id Switched interface
16 Pop Label 5.5.5.5/32 0 Gi2/0 10.2.1.2
17 Pop Label 10.1.2.0/24 570 Gi2/0 10.2.1.2
18 18 6.6.6.6/32 79960 Gi2/0 10.2.1.2
19 Pop Label 3.3.3.3/32 64200 Gi1/0 10.1.1.3
R1#show mpls
R1#show mpls for
R1#show mpls forwarding-table 10.10.10.10
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id Switched interface
This is 10.10.10.10 is loopback address of BB1 I was trying ping but apparantly it is failing. How to fix that? I have mpls runnning all interface in P routers.
07-27-2010 11:58 AM
Hi Sam
If possible can you share the config , it will help us to understand the your topology & able to trouble shoot.
or Please refer the below document where the same configuration is done.
Note : Your 10.10.10.10 is loopback IP on BB1 is not is MPLS lable table , You should check in show mpls forwarding-table vrf ( name )
or check sh ip bgp vpnv4 vrf (name) ----wether you are able to see the route 10.10.10.10.
https://supportforums.cisco.com/docs/DOC-11383
Regards
Chetan Kumar
07-27-2010 01:18 PM
Hello.
Ensure that BB1s loopback (10.10.10.10) and R7's loopback is reachable via OSPF. make sure that the PE routers are advertising those loopbacks into the OSPF process. Also ensure that the P routers are advertising their loopbacks into OSPF. They must advertise their loopbacks because thats what MPLS will use to peer with. IP cef should be enabled by default. If not, enable it on all P and PE routers.
Also it wont hurt to issue the following command to check if all your PE and P routers have neighbor adjacencies - sh mpls ldp nei
In your topology the P routers should have 2 LDP neighbors - 1 to the adjacent PE router and 1 to the other P router.
If you dont see all the adjacencies, configure mpls ip on all the adjacent interfaces so that they can form adjacencies.
loopback advertisement example
router ospf 1
network 10.10.10.10 0.0.0.0 area 0
on the P routers do a sh ip ro ospf and check to ensure that you see 10.10.10.10 and also the loopback of R7.
also on the P routers do a sh ip cef 10.10.10.10 ---- you should see a forwarding path now in the CEF table
also check the MPLS forwarding table - sh mpls forwarding-table 10.10.10.10 --- you should see an entry now in the MPLS forwarding table.
the reason you cant ping from one end to another is because your core network does not have a label forwarding path to the loopbacks of the PE routers.
fix the MPLS core and you'll most likely fix the VPN, unless you have some other configuration issues at the PE.
Please remember to rate if it helps.
07-28-2010 01:59 AM
Dear All :
Thanks for your valuable suggestions. I guess I have already built end to end MPLS path. However, I am attaching the config
details of each router. Maybe I am missing some config.
R3:(PE1)
==============
R3#sh ip bgp vpnv4 vrf VPN_A 10.10.10.10
BGP routing table entry for 10:3:10.10.10.10/32, version 10
Paths: (1 available, best #1, table VPN_A)
Not advertised to any peer
200, imported path from 10:6:10.10.10.10/32
6.6.6.6 (metric 4) from 6.6.6.6 (6.6.6.6)
Origin incomplete, metric 65, localpref 100, valid, external, best
Extended Community: RT:10:6 OSPF DOMAIN ID:0x0005:0x000000020200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:12.1.1.2:0
mpls labels in/out nolabel/21
I do see route of BB1. Same for R6 (PE2) as well.
R6 ( PE2)
=========
R6#show ip bgp vpnv4 vrf VPN_A 10.10.10.10
BGP routing table entry for 10:6:10.10.10.10/32, version 4
Paths: (1 available, best #1, table VPN_A)
Advertised to update-groups:
1
Local
12.1.1.3 from 0.0.0.0 (6.6.6.6)
Origin incomplete, metric 65, localpref 100, weight 32768, valid, sourced, best
Extended Community: RT:10:6 OSPF DOMAIN ID:0x0005:0x000000020200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:12.1.1.2:0
mpls labels in/out 21/nolabel
R7
========
R7#sh ip route 10.10.10.10
Routing entry for 10.10.10.10/32
Known via "ospf 1", distance 110, metric 3, type inter area
Last update from 10.1.1.2 on GigabitEthernet1/0, 01:44:30 ago
Routing Descriptor Blocks:
* 10.1.1.2, from 33.33.33.33, 01:44:30 ago, via GigabitEthernet1/0
Route metric is 3, traffic share count is 1
I do have a route to BB1.
LDP path is built R3 to R6.
I am attaching the config.
Regards
Arjun
07-28-2010 02:02 AM
07-28-2010 03:24 AM
Hi,
Could you please post the following:
1- show mpls ldp binding 10.10.10.0 from (R3 & R6)
2- show mpls forwarding-table from (R3 & R6)
Mohamed
07-28-2010 04:24 AM
Hi ,
As per your attached the configuration, I will suggest you
1.Plz modify the ip vrf config on both the routers.
ip vrf VPN_A
rd 10:3
route-target import 10:3
route-target export 10:3
Configure same on R3 and R6, No need of different route-targets, Since its a simple vpn. Use of multiple route targets values are recommended in complex VPN's.
2. No need to configure mpls ip for vrf interface.
3. why R6 is having
router ospf 2 vrf VPN_A
network 10.0.0.0 0.255.255.255 area 0 (since S3/0 interface is having ip add 12.1.1.0/24, No need of this)
4.Is the MPLS clould is having two AS ? if its simple VPN use single AS and run IBGP between R3 & R6, Then form MP-BGP neighborship,otherwise if bgp neighborship should be proper.
5. Use /32 mask for loopback interface in R3 and R6 which are used for BGP peering, make sure both are reachable by IGP.
At last you can confirm the result with with following commands on both routers R3 and R6 ,
show ip bgp vpnv4 all
sh ip route vrf VPN_A
ping vrf VPN_A x.x.x.x
For a similar example in GNS3 , Plz find the attachment of lab and you can visit below link :
http://startnetworks.blogspot.com/2010/07/mpls-l3-vpnsham-link-as-override.html
Uttam
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide