Solved: Stuck on this network - Page 4

Steven Williams · ‎01-28-2014

Routers 1 - 8 are running IS-IS and they are tag-switching. I can reach all routers loopbacks within the core network.

Now I am peering eBGP with R4 and R7 and I have R4 and R7 peering iBGP. Now from R4 and R7 I can see routes from end to end, but R12 and R9 cannot see each others routes/networks.

I need to redistribute these from R4 and R7 so that R9 and R12 can see them....How can I do this without those routers seeing all the subnets and routes in the core of the network?

Steven Williams · ‎01-29-2014

R4#show tag-switching tdp bindings
tib entry: 10.1.1.0/30, rev 24
        local binding: tag: 20
tib entry: 10.1.1.4/30, rev 28
        local binding: tag: 24
tib entry: 10.1.1.8/30, rev 20
        local binding: tag: 17
tib entry: 10.1.1.12/30, rev 21
        local binding: tag: imp-null
tib entry: 10.1.1.16/30, rev 33
        local binding: tag: 28
tib entry: 10.1.1.20/30, rev 34
        local binding: tag: 29
tib entry: 10.1.1.24/30, rev 31
        local binding: tag: 26
tib entry: 10.1.1.28/30, rev 32
        local binding: tag: 27
tib entry: 10.10.10.1/32, rev 25
        local binding: tag: 21
tib entry: 10.10.10.2/32, rev 22
        local binding: tag: 18
tib entry: 10.10.10.3/32, rev 23
        local binding: tag: 19
tib entry: 10.10.10.4/32, rev 29
        local binding: tag: imp-null
tib entry: 10.10.10.5/32, rev 30
        local binding: tag: 25
tib entry: 10.10.10.6/32, rev 26
        local binding: tag: 22
tib entry: 10.10.10.7/32, rev 27
        local binding: tag: 23
tib entry: 10.10.10.8/32, rev 19
        local binding: tag: 16
tib entry: 172.16.9.0/30, rev 18
        local binding: tag: imp-null
R4#

Jon Marshall · ‎01-29-2014

On R4 if you look at the output of "sh mpls forwarding-table" you can see all outgoing packets are untagged. What this means is that no label is added to the packet when it is sent to the P device.

What i do not understand in on R4 the "sh ip route" is not showing a route for 10.10.10.7 unless you did not post the full output ?

i can't help with IS-IS so i don't know why R4 does not get that route but we need all P/PE devices to have full routing tables and just looking at R4 they don't.

If you want to troubleshoot the MPLS part then you could switch to EIGRP/OSPF which i am familiar with or you can troubleshoot the IS-IS part.

Jon

Steven Williams · ‎01-29-2014

R4#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

B    192.168.12.0/24 [200/0] via 10.10.10.7, 02:37:04
B    192.168.9.0/24 [20/0] via 172.16.9.1, 02:37:04
     172.16.0.0/30 is subnetted, 2 subnets
B       172.16.12.0 [200/0] via 10.10.10.7, 02:37:04
C       172.16.9.0 is directly connected, FastEthernet0/0
B    192.168.99.0/24 [20/0] via 172.16.9.1, 02:37:04
     10.0.0.0/8 is variably subnetted, 16 subnets, 2 masks
i L1    10.10.10.8/32 [115/40] via 10.1.1.13, Serial1/0
i L1    10.1.1.8/30 [115/30] via 10.1.1.13, Serial1/0
C       10.1.1.12/30 is directly connected, Serial1/0
i L1    10.10.10.2/32 [115/20] via 10.1.1.13, Serial1/0
i L1    10.10.10.3/32 [115/30] via 10.1.1.13, Serial1/0
i L1    10.1.1.0/30 [115/20] via 10.1.1.13, Serial1/0
i L1    10.10.10.1/32 [115/20] via 10.1.1.13, Serial1/0
i L1    10.10.10.6/32 [115/40] via 10.1.1.13, Serial1/0
i L1    10.10.10.7/32 [115/40] via 10.1.1.13, Serial1/0
i L1    10.1.1.4/30 [115/20] via 10.1.1.13, Serial1/0
C       10.10.10.4/32 is directly connected, Loopback0
i L1    10.10.10.5/32 [115/30] via 10.1.1.13, Serial1/0
i L1    10.1.1.24/30 [115/30] via 10.1.1.13, Serial1/0
i L1    10.1.1.28/30 [115/30] via 10.1.1.13, Serial1/0
i L1    10.1.1.16/30 [115/20] via 10.1.1.13, Serial1/0
i L1    10.1.1.20/30 [115/30] via 10.1.1.13, Serial1/0
B       192.168.112.0/24 [200/0] via 10.10.10.7, 02:37:07

Jon Marshall · ‎01-29-2014

Steven

Can you help me out a bit ie. is the last output because you have changed something or is it because you didn't include the full routing table in the first output ? I need to know because if you have changed something we then need to look at the mpls tables again.

If you didn't change anything can you post the full config of R4.

Jon

Steven Williams · ‎01-29-2014

I removed ISIS config from R4 and re-configured it. Outgoing routes are still untagged though.

show run
Building configuration...

Current configuration : 1298 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R4
!
!
ip subnet-zero
!
!
no ip domain-lookup
ip domain-name lab.local
!
ip cef
call rsvp-sync
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.10.10.4 255.255.255.255
ip router isis
!
interface FastEthernet0/0
ip address 172.16.9.2 255.255.255.252
duplex auto
speed auto
!
interface Serial1/0
ip address 10.1.1.14 255.255.255.252
ip router isis
tag-switching ip
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router isis
net 49.0001.0000.0000.0004.00
is-type level-1
!
router bgp 65000
no synchronization
bgp log-neighbor-changes
neighbor 10.10.10.7 remote-as 65000
neighbor 10.10.10.7 update-source Loopback0
neighbor 10.10.10.7 next-hop-self
neighbor 172.16.9.1 remote-as 64709
neighbor 172.16.9.1 update-source FastEthernet0/0
!
ip classless
no ip http server
!
!
!
dial-peer cor custom
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
end

R4#show mpls fo
R4#show mpls forwarding-table
Local Outgoing    Prefix            Bytes tag Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     Untagged    10.10.10.8/32     0          Se1/0      point2point
17     Untagged    10.1.1.8/30       0          Se1/0      point2point
18     Untagged    10.10.10.2/32     0          Se1/0      point2point
19     Untagged    10.10.10.3/32     0          Se1/0      point2point
20     Untagged    10.1.1.0/30       0          Se1/0      point2point
21     Untagged    10.10.10.1/32     0          Se1/0      point2point
22     Untagged    10.10.10.6/32     0          Se1/0      point2point
23     Untagged    10.10.10.7/32     0          Se1/0      point2point
24     Untagged    10.1.1.4/30       0          Se1/0      point2point
25     Untagged    10.10.10.5/32     0          Se1/0      point2point
26     Untagged    10.1.1.24/30      0          Se1/0      point2point
27     Untagged    10.1.1.28/30      0          Se1/0      point2point
28     Untagged    10.1.1.16/30      0          Se1/0      point2point
29     Untagged    10.1.1.20/30      0          Se1/0      point2point
R4#

Jon Marshall · ‎01-29-2014

Can you check all the routing tables and mpls forwarding tables on all the other routers (R1/R2/R3/R7) and check for the same things.

On the PE any internal networks on other devices should have a label assigned. On P routers most should have incoming and outgoing labels.

Jon

Steven Williams · ‎01-29-2014

R1, R2, R3 show values. R7 also defines untagged on all routes. Seems to be an issue with the PE's.

I dont think I need to run ISIS on the outside interface....that wouldnt make sense as its supposed to use BGP and you wouldnt want the CE knowing about ISIS in the core, right?

Jon Marshall · ‎01-29-2014

No, you definitely don't want to run it on the PE to CE device.

If both R4 and R7 have full IP routing tables now, can you shut down the serial interfaces and then bring them back up.

Jon

Jon Marshall · ‎01-29-2014

Steven

The issue seems to be the propogation of the label bindings. The output of "sh tag-switching tdp bindings" on R4 has no outgoing labels hence the reason the mpls forwarding table on R4 shows all outgoing label entries as untagged.

On each PE/P router can you do "sh tag-switching tdp discovery" and check that each router is seeing the directly connected routers in the output. You should see an entry for each directly connected router.

Also on each PE/P router can you run "sh tag-switching tdp bindings". You should see an entry for local binding but there should also be entries per destination prefix for remote bindings (which we are not seeing on the PE routers).

This should help narrow it down.

Jon

Steven Williams · ‎01-30-2014

Ok so on R4 I see this:

R4#show tag-switching tdp di
R4#show tag-switching tdp discovery
Local TDP Identifier:
    10.10.10.4:0
TDP Discovery Sources:
    Interfaces:
        Serial1/0: xmit

R4#

But on R1 (P) I see this:

R1#show tag-switching tdp discovery

Local TDP Identifier:

10.10.10.1:0

Discovery Sources:

Interfaces:

Serial0/0 (ldp): xmit

Serial0/1 (ldp): xmit/recv

LDP Id: 10.10.10.3:0

Serial0/2 (ldp): xmit/recv

LDP Id: 10.10.10.2:0

Serial0/3 (ldp): xmit

R1#

So from what you are telling me I should see 10.10.10.1 listed under R4 since they are attached?

Jon Marshall · ‎01-30-2014

Steven

So from what you are telling me I should see 10.10.10.1 listed under R4 since they are attached?

Yes you should. Each P/PE router would assign a label to each route and then send these labels to each neighbor. But R4 is not seeing R1 as a neighbor so it is not receiving the labels and that is why it's MPLS forwarding table is showing eveything as untagged.

Sounds like R7 also has this problem.

Can you check on all P routers (R1/R2/R3) that you have enabled tag switching on all the interfaces. If you have we may need to look at some debugging to see why it is not establishing a TDP neighhborship.

Jon

Steven Williams · ‎01-30-2014

Well WOW!! Must have been an issue with the 3620 routers/IOS in GNS3, replaced all the PE routers with 3640's and BAM!! Everything works now as it should.

R9#ping 192.168.12.1 source 192.168.9.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.9.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/99/120 ms
R9#

R12#ping 192.168.9.1 source 192.168.12.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.9.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.12.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 96/110/128 ms
R12#

R4#show tag-switching tdp discovery

Local TDP Identifier:

10.10.10.4:0

Discovery Sources:

Interfaces:

Serial1/0 (ldp): xmit/recv

LDP Id: 10.10.10.1:0

R4#show mpls for

R4#show mpls forwarding-table

Local Outgoing Prefix Bytes tag Outgoing Next Hop

tag tag or VC or Tunnel Id switched interface

16 Pop tag 10.10.10.1/32 0 Se1/0 point2point

17 17 10.10.10.2/32 0 Se1/0 point2point

18 Pop tag 10.1.1.4/30 0 Se1/0 point2point

19 Pop tag 10.1.1.0/30 0 Se1/0 point2point

20 Pop tag 10.1.1.16/30 0 Se1/0 point2point

21 18 10.1.1.28/30 0 Se1/0 point2point

22 19 10.10.10.3/32 0 Se1/0 point2point

23 20 10.10.10.7/32 0 Se1/0 point2point

24 21 10.1.1.20/30 0 Se1/0 point2point

25 22 10.1.1.24/30 0 Se1/0 point2point

26 23 10.1.1.8/30 0 Se1/0 point2point

27 24 10.10.10.5/32 0 Se1/0 point2point

28 25 10.10.10.8/32 0 Se1/0 point2point

29 26 10.10.10.6/32 0 Se1/0 point2point

Jon Marshall · ‎01-30-2014

Steven

Glad to hear it's working.

Sometimes it's better when it doesn't work like this because you tend to learn a lot more trying to fix it.

Jon

Steven Williams · ‎01-30-2014

I am still a bit confused on how the CE knows how to get there when it cant see the physical path to the other side...

Jon Marshall · ‎01-30-2014

Steven

The CE device has routes to the remote networks with a next hop of the local PE device. It simply sends the packet to the PE device.

This is normal routing ie. routers generally can't see the physical path all the way to the destination.

Did you mean to say PE rather than CE ?

Jon