07-19-2019 08:47 AM
I am currently testing PFRv3 in lab environment.
I have tried to make single HUB-MC with two other routers as MC-Borders.
on the Spoke side Branch MC and Border are on the same router.
However, the PFRv3 channels cannot go both to RX state:
From DMVPN HUB which is being used as Border - TX channels goes to Available state to Spoke.
R1-hub1_1#sh domain pfr vrf intranet border parent-route
Border Parent Route Details:
Prot: BGP, Network: 172.18.255.246/32, Gateway: 172.16.254.2, Interface: Tunnel0, Ref count: 1
R1-hub1_1#
But from Spoke Border to DMVPN HUB Border - TX is unreachable:
R2-spoke#sh domain pfr border channels parent-route
Border Channel Parent Route Details:
Channel id: 150, Dscp: defa [0], Site-Id: 172.18.255.252, Path: ISP_A, Interface: Tunnel0
Nexthop: 0.0.0.0 (Next lookup in 16384 msec), PFR-Label: 0:1 | 0:0 [0x10000]
Protocol: None
R2-spoke#
More details on configuration below:
ON MC:
R29-MC_hub01#sh run | s domain
no ip domain lookup
domain pfr
vrf default
border
master hub
source-interface Loopback11
site-prefixes prefix-list Hub_site_Prefix
monitor-interval 3 dscp default
enterprise-prefix prefix-list Enterprise_Prefix
class class1 sequence 5
match dscp af33 policy custom
priority 10 loss threshold 3
priority 20 one-way-delay threshold 50
R29-MC_hub01#sh domain pfr master channels su
R29-MC_hub01#sh domain pfr master channels summary
Ch-ID - Channel ID, SP - Service Provider
TCA - counts for Received/Processed/Unreachable
A - Available, UA - Un-Available
Ch-ID Dst-Site-ID DSCP SP pfr-Label Status TCA
3 172.18.255.246 default[0] ISP_B 0:0 | 0:2 [0x2] UA 0/0/0
4 172.18.255.246 default[0] ISP_A 0:0 | 0:1 [0x1] UA 307/0/307
R29-MC_hub01#sh domain pfr master channels
Legend: * (Value obtained from Network delay:)
Channel Id: 3 Dst Site-Id: 172.18.255.246 Link Name: ISP_B DSCP: default [0] pfr-label: 0:0 | 0:2 [0x2] TCs: 0 BackupTCs: 0
Channel Created: 02:43:02 ago
Provisional State: Initiated and open
Operational state: Not-Available(no next hop)(Channel in Initial state)
Channel to hub: FALSE
Inter-DC Channel: FALSE
Two-hop Channel: FALSE
Interface Type: External
Interface Id: 12
Supports Zero-SLA: Yes
Muted by Zero-SLA: No
Estimated Channel Egress Bandwidth: 0 Kbps
Immitigable Events Summary:
Total Performance Count: 0, Total BW Count: 0
ODE Statistics:
Received: 0
TCA Statistics:
Received: 0 ; Processed: 0 ; Unreach_rcvd: 0 ; Local Unreach_rcvd: 0
TCA lost byte rate: 0
TCA lost packet rate: 0
TCA one-way-delay: 0
TCA network-delay: 0
TCA jitter mean: 0
Channel Id: 4 Dst Site-Id: 172.18.255.246 Link Name: ISP_A DSCP: default [0] pfr-label: 0:0 | 0:1 [0x1] TCs: 0 BackupTCs: 0
Channel Created: 02:43:02 ago
Provisional State: Initiated and open
Operational state: Not-Available(Channel in Initial state)
Channel to hub: FALSE
Inter-DC Channel: FALSE
Two-hop Channel: FALSE
Interface Type: External
Interface Id: 14
Supports Zero-SLA: Yes
Muted by Zero-SLA: No
Estimated Channel Egress Bandwidth: 0 Kbps
Immitigable Events Summary:
Total Performance Count: 0, Total BW Count: 0
ODE Statistics:
Received: 0
ODE Stats Bucket Number: 1
Last Updated : 00:00:18 ago
Packet Count : 0
Byte Count : 0
One Way Delay : N/A
Loss Rate Pkts : N/A
Loss Rate Bytes: N/A
Jitter Mean : N/A
Unreachable : TRUE
ODE Stats Bucket Number: 2
Last Updated : 00:00:49 ago
Packet Count : 0
Byte Count : 0
One Way Delay : N/A
Loss Rate Pkts : N/A
Loss Rate Bytes: N/A
Jitter Mean : N/A
Unreachable : TRUE
TCA Statistics:
Received: 307 ; Processed: 0 ; Unreach_rcvd: 307 ; Local Unreach_rcvd: 307
TCA lost byte rate: 0
TCA lost packet rate: 0
TCA one-way-delay: 0
TCA network-delay: 0
TCA jitter mean: 0
Latest TCA Bucket
Last Updated : 00:00:18 ago
Local unreachable TCA received(Check for stale TCA 00:00:03 later)
R1-hub1_1 (is DMVPN Hub)
R1-hub1_1#sh run | s domain
no ip domain lookup
domain pfr
vrf intranet
border
source-interface Loopback11
master 172.18.255.252
domain pfr path ISP_A path-id 1
R1-hub1_1#wr
Building configuration...
[OK]
R1-hub1_1#sh run | s domain
no ip domain lookup
domain pfr
vrf intranet
border
source-interface Loopback11
master 172.18.255.252
domain pfr path ISP_A path-id 1
R1-hub1_1#sh domain pfr vrf intranet border channels summary
Ch-ID - Channel ID, SP - Service Provider
RX/TX - RX/TX Reachability
R - Reachable, UR - Un-Reachable
IN - Initial State, NR - No Route, UK - Unknown
Ch-ID Dst-Site-ID DSCP Next Hop SP pfr-Label RX/TX
4 172.18.255.246 default[0] 172.16.254.2 ISP_A 0:0 | 0:1 [0x1] IN/R
R1-hub1_1#sh domain pfr vrf intranet border par
R1-hub1_1#sh domain pfr vrf intranet border parent-route
Border Parent Route Details:
Prot: BGP, Network: 172.18.255.246/32, Gateway: 172.16.254.2, Interface: Tunnel0, Ref count: 1
R1-hub1_1#sh domain pfr vrf intranet border cha
R1-hub1_1#sh domain pfr vrf intranet border channels
Fri Jul 19 18:37:43.745
--------------------------------------------------------------------
Border Smart Probe Stats:
Smart probe parameters:
Source address used in the Probe: 172.18.255.252
Unreach time: 4 ms
Probe source port: 18000
Probe destination port: 19000
Interface Discovery: OFF
Probe freq for channels with traffic :10 secs
Discovery Probes: ON
Number of transit probes consumed :0
Number of transit probes re-routed: 0
DSCP's using this:
All the other DSCPs use the default interval: 10 secs
Channel id: 4
Channel create time: 02:41:56 ago
Site id : 172.18.255.246
DSCP : default[0]
Service provider : ISP_A
Pfr-Label : 0:0 | 0:1 [0x1]
Exit path-id sent on wire: 1
Exit dia bit: FALSE
Chan recv dia bit:FALSE
Number of Data Packets sent : 0
Number of Data Packets received : 0
Last Data Packet sent : NA
Last Data Packet Received : NA
Number of Probes sent : 9370
Number of Probes received : 0
Last Probe sent : 00:00:00 ago
Last Probe received : - ago
Channel counters clear time: - ago
Number of SMP Profile Bursts sent: 9585
Number of Active Channel Probes sent: 0
Number of Reachability Probes sent: 55
Number of Force Unreaches sent: 0
Channel state : Initiated and open
Channel next_hop : 172.16.254.2
RX Reachability : Initial State
TX Reachability : Reachable
Channel is sampling 0 flows
Channel remote end point: 0.0.0.0
Channel to hub: FALSE
Inter-DC Channel: FALSE
Version: 0
Interface Type: External
Supports Zero-SLA: Yes
Muted by Zero-SLA: No
Plr rx state: No
Plr tx count: 0
Plr establish state: No
Probe freq with traffic : 1 in 10000 ms
Probe status desc : Interface is down
R1-hub1_1#
SPOKE:
R2-spoke#sh run | s domain
no ip domain lookup
domain pfr
vrf default
border
source-interface Loopback11
master local
master branch
source-interface Loopback11
hub 172.18.255.252
domain pfr dynamic-path
R2-spoke#sh domain pfr border channels parent-route
Border Channel Parent Route Details:
Channel id: 150, Dscp: defa [0], Site-Id: 172.18.255.252, Path: ISP_A, Interface: Tunnel0
Nexthop: 0.0.0.0 (Next lookup in 12288 msec), PFR-Label: 0:1 | 0:0 [0x10000]
Protocol: None
R2-spoke#
*Jul 19 15:39:44.304: %CRYPTO-5-IPSEC_SETUP_FAILURE: IPSEC SETUP FAILED for local:10.25.1.1 local_id:10.25.1.1 remote:10.114.2.1 remote_id:10.114.2.1 IKE profile:None fvrf:None fail_reason:IPSec Proposal failure fail_class_cnt:1
R2-spoke#sh domain pfr border channels
Fri Jul 19 18:39:55.496
--------------------------------------------------------------------
Border Smart Probe Stats:
Smart probe parameters:
Source address used in the Probe: 172.18.255.246
Unreach time: 4 ms
Probe source port: 18000
Probe destination port: 19000
Interface Discovery: ON
Probe freq for channels with traffic :10 secs
Discovery Probes: OFF
Number of transit probes consumed :12
Number of transit probes re-routed: 0
DSCP's using this:
All the other DSCPs use the default interval: 10 secs
Channel id: 150
Channel create time: 01:27:11 ago
Site id : 172.18.255.252
DSCP : default[0]
Service provider : ISP_A
Pfr-Label : 0:1 | 0:0 [0x10000]
Exit path-id sent on wire: 0
Exit dia bit: FALSE
Chan recv dia bit:FALSE
Number of Data Packets sent : 0
Number of Data Packets received : 0
Last Data Packet sent : NA
Last Data Packet Received : NA
Number of Probes sent : 0
Number of Probes received : 5163
Last Probe sent : 01:27:11 ago
Last Probe received : 00:00:00 ago
Channel counters clear time: - ago
Number of SMP Profile Bursts sent: 5171
Number of Active Channel Probes sent: 0
Number of Reachability Probes sent: 1
Number of Force Unreaches sent: 0
Channel state : Discovered and open
Channel next_hop : 0.0.0.0
RX Reachability : Reachable
TX Reachability : Un-Reachable
Channel is sampling 0 flows
Channel remote end point: 172.16.254.1
Channel to hub: TRUE
Inter-DC Channel: FALSE
Version: 3
Interface Type: External
Supports Zero-SLA: Yes
Muted by Zero-SLA: No
Plr rx state: No
Plr tx count: 0
Plr establish state: No
Probe freq with traffic : 1 in 10000 ms
Probe status desc : Real Traffic absent on Channel
R2-spoke#
08-13-2019 06:59 PM
I consider the problem is that on Spoke router the next-hop is 0.0.0.0
Channel next_hop : 0.0.0.0
My main question is why it is so? and how can I change it to point to proper next-hop?
Here below the routing table for Spoke2 is shown:
B* 0.0.0.0/0 [20/0] via 10.25.1.2, 00:16:48 1.0.0.0/32 is subnetted, 1 subnets B 1.1.1.1 [200/0] via 172.16.254.1, 00:16:33 2.0.0.0/32 is subnetted, 1 subnets C 2.2.2.2 is directly connected, Loopback0 10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks C 10.25.1.0/30 is directly connected, Ethernet0/2.2 L 10.25.1.1/32 is directly connected, Ethernet0/2.2 C 10.210.1.0/30 is directly connected, Ethernet0/2.3 L 10.210.1.1/32 is directly connected, Ethernet0/2.3 11.0.0.0/32 is subnetted, 1 subnets B 11.11.11.11 [200/0] via 192.168.1.3, 00:16:33 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks C 172.16.254.0/24 is directly connected, Tunnel0 L 172.16.254.2/32 is directly connected, Tunnel0 172.18.0.0/32 is subnetted, 4 subnets C 172.18.255.246 is directly connected, Loopback11 B p 172.18.255.252 [200/0] via 192.168.11.29, 00:16:33 B 172.18.255.253 [200/0] via 192.168.1.3, 00:16:33 B 172.18.255.254 [200/0] via 172.16.254.1, 00:16:33 B p 192.168.1.0/24 [200/0] via 172.16.254.1, 00:16:33 192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.2.0/24 is directly connected, Ethernet0/3 L 192.168.2.1/32 is directly connected, Ethernet0/3 B 192.168.3.0/24 [200/0] via 172.16.254.3, 00:16:33 B 192.168.11.0/24 [200/0] via 172.16.254.1, 00:16:33 B 192.168.23.0/24 [200/0] via 172.16.254.23, 00:16:33 R2-spoke#
08-14-2019 12:46 AM
Hello,
it is hard to tell from what you posted if even the DMVPN is up and connected. Do you have the key chain configured correctly for PfR ?
Post the full running configurations of your hub and spoke...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide