Multiple VRF routing problem

K3ra · ‎10-02-2020

Hi All,

my first post disappeared so I open a new one.

I'm playing with following scenario and I faced some problem: ( please see attached topology file ).

R3 - R4 iBGP

R9 to R3 and R4 eBGP

R9#sh ip bgp summary 
BGP router identifier 9.9.9.9, local AS number 9
BGP table version is 1, main routing table version 1

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
3.3.3.3         4            1      31      28        1    0    0 00:18:34        0
4.4.4.4         4            1      32      28        1    0    0 00:19:06        0

Ping inside VRF A from left to right is working, the same for VRF B.

R6#sh ip route
Gateway of last resort is not set
6.0.0.0/32 is subnetted, 1 subnets
C        6.6.6.6 is directly connected, Loopback0
      7.0.0.0/32 is subnetted, 1 subnets
O IA     7.7.7.7 [110/21] via 172.16.1.1, 00:11:10, Ethernet0/3
      172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
C        172.16.1.0/24 is directly connected, Ethernet0/3
L        172.16.1.2/32 is directly connected, Ethernet0/3
O IA     172.16.2.0/24 [110/11] via 172.16.1.1, 00:11:10, Ethernet0/3

R6#ping 7.7.7.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/6 ms

R6#traceroute 7.7.7.7 numeric 

VRF info: (vrf in name/id, vrf out name/id)
  1 172.16.1.1 5 msec 4 msec 5 msec
  2 10.10.13.1 [MPLS: Labels 16/25 Exp 0] 5 msec 5 msec 5 msec
  3 172.16.2.1 [MPLS: Label 25 Exp 0] 5 msec 6 msec 5 msec
  4 172.16.2.2 5 msec *  1 msec

I added 3rd VRF AB on R9. I would like to ping from R9 - lo99 (vrf AB ) ping R7 - lo0 but it fail. Route is injected:

R9#ping vrf AB 7.7.7.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

R9#sh ip route vrf AB

Gateway of last resort is not set

      7.0.0.0/32 is subnetted, 1 subnets
B        7.7.7.7 [20/10] via 4.4.4.4, 00:02:52
      44.0.0.0/32 is subnetted, 1 subnets
B        44.44.44.44 [20/0] via 4.4.4.4, 00:26:40
      99.0.0.0/32 is subnetted, 1 subnets
C        99.99.99.99 is directly connected, Loopback99
      172.16.0.0/24 is subnetted, 1 subnets
B        172.16.2.0 [20/0] via 4.4.4.4, 00:26:40
Route back from R7 to R9 lo99

R7#sh ip route
Gateway of last resort is not set

      6.0.0.0/32 is subnetted, 1 subnets
O IA     6.6.6.6 [110/21] via 172.16.2.1, 00:27:22, Ethernet0/3
      7.0.0.0/32 is subnetted, 1 subnets
C        7.7.7.7 is directly connected, Loopback0
      44.0.0.0/32 is subnetted, 1 subnets
O E2     44.44.44.44 [110/1] via 172.16.2.1, 00:27:29, Ethernet0/3
      99.0.0.0/32 is subnetted, 1 subnets
O E2     99.99.99.99 [110/1] via 172.16.2.1, 00:27:22, Ethernet0/3
      172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
O IA     172.16.1.0/24 [110/11] via 172.16.2.1, 00:27:22, Ethernet0/3
C        172.16.2.0/24 is directly connected, Ethernet0/3
L        172.16.2.2/32 is directly connected, Ethernet0/3

I attach the configuration of R4

R4:
!
ip vrf A
 rd 100:2
 route-target export 100:2
 route-target import 100:1
!
ip vrf AB
 rd 300:1
 route-target export 300:1
 route-target import 300:1
 route-target import 200:2
!
ip vrf B
 rd 200:2
 route-target export 200:2
 route-target import 200:1
 route-target import 300:1
!
interface Loopback0
 ip address 4.4.4.4 255.255.255.255
 ip ospf 1 area 0
!
interface Loopback44
 ip vrf forwarding AB
 ip address 44.44.44.44 255.255.255.255
!
interface Ethernet0/0
 ip address 10.10.14.2 255.255.255.252
 ip ospf 1 area 0
!
interface Ethernet0/1
 ip address 10.10.24.2 255.255.255.252
 ip ospf 1 area 0
!
interface Ethernet0/2
 ip vrf forwarding A
 ip address 192.168.2.1 255.255.255.0
 ip ospf 3 area 3
!
interface Ethernet0/3
 ip vrf forwarding B
 ip address 172.16.2.1 255.255.255.0
 ip ospf 3467 area 3467
!
router ospf 3 vrf A
 redistribute bgp 1 subnets
!
router ospf 3467 vrf B
 redistribute bgp 1 subnets
!
router ospf 1
 mpls ldp autoconfig
 router-id 4.4.4.4
!         
router bgp 1
 bgp router-id 4.4.4.4
 bgp log-neighbor-changes
 neighbor 3.3.3.3 remote-as 1
 neighbor 3.3.3.3 update-source Loopback0
 neighbor 9.9.9.9 remote-as 9
 neighbor 9.9.9.9 ebgp-multihop 5
 neighbor 9.9.9.9 update-source Loopback0
 neighbor 9.9.9.9 next-hop-self
 !
 address-family vpnv4
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 send-community extended
  neighbor 9.9.9.9 activate
  neighbor 9.9.9.9 send-community extended
  neighbor 9.9.9.9 route-map R7 out
 exit-address-family
 !
 address-family ipv4 vrf A
  redistribute ospf 3
 exit-address-family
 !
 address-family ipv4 vrf AB
  redistribute connected
 exit-address-family
 !
 address-family ipv4 vrf B
  redistribute ospf 3467
 exit-address-family
!
route-map R7 permit 10
 match ip address 1
 set metric 10
!
route-map R7 permit 20
!
!
access-list 1 permit 7.7.7.7

R9.

R9:
ip vrf AB
 rd 300:1
 route-target export 300:1
 route-target import 300:1
 route-target import 200:2
!
interface Loopback0
 ip address 9.9.9.9 255.255.255.255
!
interface Loopback99
 ip vrf forwarding AB
 ip address 99.99.99.99 255.255.255.255
!
interface Ethernet0/0
 no ip address
 shutdown
!
interface Ethernet0/1
 no ip address
 shutdown
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 ip address 192.168.9.2 255.255.255.0
!
router bgp 9
 bgp router-id 9.9.9.9
 bgp log-neighbor-changes
 neighbor 3.3.3.3 remote-as 1
 neighbor 3.3.3.3 ebgp-multihop 5
 neighbor 3.3.3.3 update-source Loopback0
 neighbor 4.4.4.4 remote-as 1
 neighbor 4.4.4.4 ebgp-multihop 5
 neighbor 4.4.4.4 update-source Loopback0
 neighbor 4.4.4.4 next-hop-self
 !
 address-family vpnv4
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 send-community extended
  neighbor 4.4.4.4 activate
  neighbor 4.4.4.4 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf AB
  redistribute connected
 exit-address-family
!
ip route 0.0.0.0 0.0.0.0 Ethernet0/3
!
R9#sh ip bgp all    
For address family: IPv4 Unicast
     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 200:2
 *   7.7.7.7/32       3.3.3.3                100             0 1 ?
 *>                   4.4.4.4                 10             0 1 ?
 *   172.16.2.0/24    3.3.3.3                                0 1 ?
 *>                   4.4.4.4                  0             0 1 ?
Route Distinguisher: 300:1 (default for vrf AB)
 *>  7.7.7.7/32       4.4.4.4                 10             0 1 ?
 *>  44.44.44.44/32   4.4.4.4                  0             0 1 ?
 *>  99.99.99.99/32   0.0.0.0                  0         32768 ?
 *>  172.16.2.0/24    4.4.4.4                  0             0 1 ?

Can somebody help me with this ? I'm pretty sure I miss something. If any other outputs needed please let me know.

thanks.

K3ra · ‎10-02-2020

I added also default route on R9 VRF AB pointing to global routing table.

ip route vrf AB 0.0.0.0 0.0.0.0 Ethernet0/3 192.168.9.1 global

192.168.9.1 is R2. Even I use source of lo9 which is known by R2, ping fail.

R9#ping vrf AB 192.168.9.1 source lo0 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.9.1, timeout is 2 seconds:
Packet sent with a source address of 9.9.9.9 
.....
Success rate is 0 percent (0/5)

From R2.

R2#sh ip route 9.9.9.9
Routing entry for 9.9.9.9/32
  Known via "static", distance 1, metric 0
  Redistributing via ospf 1
  Advertised by ospf 1 subnets
  Routing Descriptor Blocks:
  * 192.168.9.2
      Route metric is 0, traffic share count is 1
R2#
R2#ping 9.9.9.9
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/4/9 ms

I tried also impor map on VRF setting - failed. I'm running out of ideas...

MHM Cisco World · ‎10-12-2020

I make video about use VRF in MPLS in my Facebook page,
please visit it
MHM Cisco World <-- this my page