Solved: Re: PfR Proof-of-Concept Lap GNS3

vakas10 · ‎04-07-2018

Hello All,

I am currently implementing this PfR solution (http://docwiki.cisco.com/wiki/PfR3:Solutions:IWAN) using Cisco VIRL IOSv 15.6 in GNS3. I choose to implement EIGRP in place of BGP. The DMVPN tunnels are working fine for both MPLS and INET simulation. However, I am stuck with the PfR implementation.

The Hub MC and Hub BRs are not communicating with each other and the loopback IPs on them are also not able to ping each other. As a result, the Hub MC is unable to push policies to other routers.

How can I fix this issue? Do I need to have EIGRP neighbourship with the Hub MC router as well? Can anyone please go through the link once and let me know the problem.

Many thanks,

Renan Abreu · ‎04-11-2018

The HUB MC should have connectivity to the HUB BRs and to the branches, this is not related to iWAN traffic itself. You do not need to use EIGRP, just think of this as a regular L3VPN where you keep EIGRP/BGP on the WAN connections but you still need to redistribute those routes to your LAN. This could be achieved with a default route if you want to, but again, that connectivity needs to be there.

View solution in original post

Georg Pauwen · ‎04-07-2018

Hello,

post your GNS3 project file. Which part of the linked document are you referring to ?

vakas10 · ‎04-07-2018

Kindly download the gns project file (http://s000.tinyupload.com/index.php?file_id=97579340396807441967), was not allowed to upload it. Image used is vios-adventerprisek9-m.vmdk.SPA.156-1.

I enabled EIGRP on the Hub MC (Not in this attached file, This is the part where Hub MC has no communication with any other router) and it started to work, still not getting the right PfR results but at least now able to push policies and connect with the BRs. Awaiting your valuable comments, thanks!

Georg Pauwen · ‎04-08-2018

Hello,

I cannot open the project unfortunately. Can you post the relevant configs ?

vakas10 · ‎04-11-2018

I am using the same configs in the tutorial. (http://docwiki.cisco.com/wiki/PfR3:Solutions:IWAN)

Renan Abreu · ‎04-11-2018

It sounds like a routing problem, the communication between loopbacks should occur for your iWAN to go up. Are you learning routes on your EIGRP? if you do a show ip route on your branch BR, do you see the IP for the HUB MC in there?

Would you please send the commands below?

show ip route

HUB
sh domain <name> master status
sh domain <name> border status

sh domain <name> border parent-route

Spoke
sh domain <name> master status

sh domain <name> border status
sh domain <name> border parent-route

vakas10 · ‎04-11-2018

After enabling EIGRP on the Hub MC, the iWAN is up now but I am not sure if you have to enable EIGRP on the hub MC as well. Below is the output of commands you asked.

Branch_MC-BR#sh ip route eigrp

p 10.0.0.0/8 is variably subnetted, 5 subnets, 4 masks
D p 10.0.0.0/8 [90/38405120] via 192.168.200.12, 00:01:18, Tunnel200
[90/38405120] via 192.168.100.11, 00:01:18, Tunnel100
D p 10.1.0.0/16 [90/38405120] via 192.168.200.12, 00:01:18, Tunnel200
[90/38405120] via 192.168.100.11, 00:01:18, Tunnel100

*****************************************************************************************

HUB_MC#sh domain IWAN master status

*** Domain MC Status ***

Master VRF: Global

Instance Type: Hub
Instance id: 0
Operational status: Up
Configured status: Up
Loopback IP Address: 10.1.0.10
Global Config Last Publish status: Peering Success
Load Balancing:
Admin Status: Enabled
Operational Status: Up
Enterprise top level prefixes configured: 1
Max Calculated Utilization Variance: 0%
Last load balance attempt: never
Last Reason: Variance less than 20%
Total unbalanced bandwidth:
External links: 0 Kbps Internet links: 0 Kbps
External Collector: 10.151.1.95 port: 2055
Route Control: Enabled
Transit Site Affinity: Enabled
Load Sharing: Enabled
Mitigation mode Aggressive: Disabled
Policy threshold variance: 20
Minimum Mask Length: 28
Syslog TCA suppress timer: 180 seconds
Traffic-Class Ageout Timer: 5 minutes
Channel Unreachable Threshold Timer: 4 seconds
Minimum Packet Loss Calculation Threshold: 15 packets
Minimum Bytes Loss Calculation Threshold: 1 bytes

Borders:
IP address: 10.1.0.11
Version: 2
Connection status: CONNECTED (Last Updated 00:04:30 ago )
Interfaces configured:
Name: Tunnel100 | type: external | Service Provider: MPLS path-id:1 | Status: UP | Zero-SLA: NO | Path of Last Resort: Disabled
Number of default Channels: 0

Tunnel if: Tunnel0

IP address: 10.1.0.12
Version: 2
Connection status: CONNECTED (Last Updated 00:04:28 ago )
Interfaces configured:
Name: Tunnel200 | type: external | Service Provider: INET path-id:2 | Status: UP | Zero-SLA: NO | Path of Last Resort: Disabled
Number of default Channels: 0

Tunnel if: Tunnel0

*********************************************************************************************

Hub_BR1_MPLS#sh domain IWAN border status

Wed Apr 11 19:07:04.713
--------------------------------------------------------------------
**** Border Status ****

Instance Status: UP
Present status last updated: 00:06:22 ago
Loopback: Configured Loopback0 UP (10.1.0.11)
Master: 10.1.0.10
Master version: 2
Connection Status with Master: UP
MC connection info: CONNECTION SUCCESSFUL
Connected for: 00:04:24
External Collector: 10.151.1.95 port: 2055
Route-Control: Enabled
Asymmetric Routing: Disabled
Minimum Mask length: 28
Sampling: off
Channel Unreachable Threshold Timer: 4 seconds
Minimum Packet Loss Calculation Threshold: 15 packets
Minimum Byte Loss Calculation Threshold: 1 bytes
Monitor cache usage: 2000 (20%) Auto allocated
Minimum Requirement: Met
External Wan interfaces:
Name: Tunnel100 Interface Index: 10 SNMP Index: 7 SP: MPLS path-id: 1 Status: UP Zero-SLA: NO Path of Last Resort: Disabled

Auto Tunnel information:

Name:Tunnel0 if_index: 11
Virtual Template: Not Configured
Borders reachable via this tunnel: 10.1.0.12

***********************************************************************************************

Hub_BR1_MPLS#sh domain IWAN border parent-route
Border Parent Route Details:

Prot: EIGRP, Network: 10.3.0.31/32, Gateway: 192.168.100.31, Interface: Tunnel100, Ref count: 1

*************************************************************************************************

Branch_MC-BR#sh domain IWAN master status

*** Domain MC Status ***

Master VRF: Global

Instance Type: Branch
Instance id: 0
Operational status: Up
Configured status: Up
Loopback IP Address: 10.3.0.31
Load Balancing:
Operational Status: Up
Max Calculated Utilization Variance: 0%
Last load balance attempt: never
Last Reason: Variance less than 20%
Total unbalanced bandwidth:
External links: 0 Kbps Internet links: 0 Kbps
External Collector: 10.151.1.95 port: 2055
Route Control: Enabled
Transit Site Affinity: Enabled
Load Sharing: Enabled
Mitigation mode Aggressive: Disabled
Policy threshold variance: 20
Minimum Mask Length: 28
Syslog TCA suppress timer: 180 seconds
Traffic-Class Ageout Timer: 5 minutes
Minimum Packet Loss Calculation Threshold: 15 packets
Minimum Bytes Loss Calculation Threshold: 1 bytes
Minimum Requirement: Met

Borders:
IP address: 10.3.0.31
Version: 2
Connection status: CONNECTED (Last Updated 00:06:56 ago )
Interfaces configured:
Name: Tunnel200 | type: external | Service Provider: INET | Status: UP | Zero-SLA: NO | Path of Last Resort: Disabled
Number of default Channels: 0

Path-id list: 0:2

Path-id list: 0:1

Tunnel if: Tunnel0

***********************************************************************************************

Branch_MC-BR#sh domain IWAN border status

Wed Apr 11 17:08:40.831
--------------------------------------------------------------------
**** Border Status ****

Instance Status: UP
Present status last updated: 00:07:41 ago
Loopback: Configured Loopback0 UP (10.3.0.31)
Master: 10.3.0.31
Master version: 2
Connection Status with Master: UP
MC connection info: CONNECTION SUCCESSFUL
Connected for: 00:07:16
External Collector: 10.151.1.95 port: 2055
Route-Control: Enabled
Asymmetric Routing: Disabled
Minimum Mask length: 28
Sampling: off
Channel Unreachable Threshold Timer: 4 seconds
Minimum Packet Loss Calculation Threshold: 15 packets
Minimum Byte Loss Calculation Threshold: 1 bytes
Monitor cache usage: 2000 (20%) Auto allocated
Minimum Requirement: Met
External Wan interfaces:
Name: Tunnel200 Interface Index: 11 SNMP Index: 8 SP: INET Status: UP Zero-SLA: NO Path of Last Resort: Disabled Path-id List: 0:2
Name: Tunnel100 Interface Index: 10 SNMP Index: 7 SP: MPLS Status: UP Zero-SLA: NO Path of Last Resort: Disabled Path-id List: 0:1

Auto Tunnel information:

Name:Tunnel0 if_index: 12
Virtual Template: Not Configured
Borders reachable via this tunnel:

***************************************************************************************************

Branch_MC-BR#sh domain IWAN border parent-route
Border Parent Route Details:

Prot: EIGRP, Network: 10.1.0.0/16, Gateway: 192.168.200.12, Interface: Tunnel200, Ref count: 1
Prot: EIGRP, Network: 10.1.0.0/16, Gateway: 192.168.100.11, Interface: Tunnel100, Ref count: 1
Prot: NHRP, Network: 10.1.0.10/32, Gateway: 0.0.0.0, Interface: Tunnel200, Ref count: 1
Prot: NHRP, Network: 10.1.0.10/32, Gateway: 0.0.0.0, Interface: Tunnel100, Ref count: 1

***************************************************************************************************

Renan Abreu · ‎04-11-2018

The HUB MC should have connectivity to the HUB BRs and to the branches, this is not related to iWAN traffic itself. You do not need to use EIGRP, just think of this as a regular L3VPN where you keep EIGRP/BGP on the WAN connections but you still need to redistribute those routes to your LAN. This could be achieved with a default route if you want to, but again, that connectivity needs to be there.