Solved: Re: VRF setup problem

elizabethf · ‎03-01-2023

Hello, I'm having quite some trouble setting up my VRFs and I was wondering if anyone here could tell me what I'm doing wrong. The network topology is as shown on the picture. I have to setup two VRFs using BGP - one for CE_Prague and CE_Warsaw, and another VRF for CE_Barcelona and CE_Florence. I already did that - I made a vrf named ELI for the first two, and a vrf named KATI for the second two. The problem is the two CE routers that belong to the same VRF cannot see each other, therefore, cannot ping each other which is the main task. I'm really stuck and I don't know what I'm supposed to do so I'd be very glad if any of you can help me.

Harold Ritter · ‎03-01-2023

Hi @elizabethf ,

I have various observations from the configs you posted.

- You have no VPNv4 configuration between the PE and the RR as noted by @MHM Cisco World .

- Your CE do not advertised their loop back addresses, which I suppose is the goal of the exercise.

for instance CE Warsaw should have a network statement as follow:

network 192.168.0.3 mask 255.255.255.248

- Since both CEs within the same VRF have the same AS, the update will not be accepted from one CE to the other, unless you configure the following on the BGP session towards the CE on the PE.

neighbor x.x.x.x as-override

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

MHM Cisco World · ‎03-01-2023

you need three step
redistribute the prefix from routing protocol you run between CE-PE into BGP (address ipv4 vrf)

redistribute the prefix from BGP into CE-PE routing protocol
last must sure the route-target in both side is mirror meaning
import in one side is same as export on other side, for lab it better use route-target both x:x

elizabethf · ‎03-01-2023

I use BGP between CE and PE, I have done everything and it still doesnt work...

MHM Cisco World · ‎03-01-2023

Did you redistreibte connect under add family ipv4 in both side?

If not only add redistrubte connect and check again

elizabethf · ‎03-01-2023

i redistributed the connected routes under both of them - the ipv4 family and the bgp.. they still can't see each other

MHM Cisco World · ‎03-01-2023

share the config of CE PE on both side

elizabethf · ‎03-01-2023

CE_xxx:

interface GigabitEthernet1/0

ip address 87.85.83.17 255.255.255.252

negotiation auto

!         

interface GigabitEthernet2/0

ip address 87.85.83.21 255.255.255.252

negotiation auto

!         

interface GigabitEthernet3/0

no ip address

shutdown 

negotiation auto

!         

interface GigabitEthernet4/0

no ip address

shutdown 

negotiation auto

!         

interface GigabitEthernet5/0

no ip address

shutdown

negotiation auto

!

interface GigabitEthernet6/0

no ip address

shutdown

negotiation auto

!

router bgp 65000

no synchronization

bgp log-neighbor-changes

neighbor 87.85.83.18 remote-as 1234

neighbor 87.85.83.22 remote-as 1234

no auto-summary

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!













PE_xxx

hostname xxx

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

!

no aaa new-model

ip source-route

no ip icmp rate-limit unreachable

ip cef    

!         

!

ip vrf ELI

rd 1:1

route-target export 1:1

route-target import 1:1

!

!

!

no ip domain lookup

no ipv6 cef

!

multilink bundle-name authenticated

mpls label protocol ldp

!

!

!

!

!

!

!

!

!

!         

!

!

!

!

!

!

archive

log config

  hidekeys

! 

!

!

!

!

ip tcp synwait-time 5

!

!

!

!

interface Loopback0

ip address 200.200.200.3 255.255.255.255

!

interface FastEthernet0/0

no ip address

shutdown

duplex half

!

interface GigabitEthernet1/0

ip address 87.85.80.17 255.255.255.252

negotiation auto

mpls ip

!

interface GigabitEthernet2/0

ip address 87.85.80.21 255.255.255.252

negotiation auto

mpls ip

!

interface GigabitEthernet3/0

no ip address

shutdown

negotiation auto

!

interface GigabitEthernet4/0

no ip address

shutdown

negotiation auto

!

interface GigabitEthernet5/0

ip address 87.85.83.26 255.255.255.252

negotiation auto

!

interface GigabitEthernet6/0

ip vrf forwarding ELI

ip address 87.85.83.18 255.255.255.252

negotiation auto

!

router ospf 1

mpls ldp autoconfig

log-adjacency-changes

redistribute connected subnets

redistribute bgp 1234 subnets

network 87.85.80.16 0.0.0.3 area 0

network 87.85.80.20 0.0.0.3 area 0

network 200.200.200.3 0.0.0.0 area 0

!

router bgp 1234

no synchronization

bgp log-neighbor-changes

bgp redistribute-internal

network 87.85.80.16 mask 255.255.255.252

network 87.85.83.16 mask 255.255.255.252

network 87.85.83.24 mask 255.255.255.252

network 200.200.200.8 mask 255.255.255.255

redistribute connected

neighbor 87.85.83.17 remote-as 65000

neighbor 87.85.83.25 remote-as 65000

neighbor 195.193.191.1 remote-as 1234

neighbor 195.193.191.5 remote-as 1234

neighbor 200.200.200.7 remote-as 1234

neighbor 200.200.200.7 update-source Loopback0

neighbor 200.200.200.8 remote-as 1234

neighbor 200.200.200.8 update-source Loopback0

no auto-summary

!

address-family ipv4 vrf ELI

  redistribute connected

  redistribute static

  neighbor 87.85.83.17 remote-as 65000

  neighbor 87.85.83.17 activate

  no synchronization

exit-address-family

!         

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

!

no cdp log mismatch duplex

!

!

!

!

!

mpls ldp router-id Loopback0

!

control-plane

!

!







PE_xxx

hostname xxx

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

!

no aaa new-model

ip source-route

no ip icmp rate-limit unreachable

ip cef    

!         

!         

ip vrf ELI

rd 1:1   

route-target export 1:1

route-target import 1:1

!         

!         

!         

no ip domain lookup

no ipv6 cef

!         

multilink bundle-name authenticated

mpls label protocol ldp

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

archive

log config

  hidekeys

! 

!         

!

!

!

ip tcp synwait-time 5

!

!

!

!

interface Loopback0

ip address 200.200.200.1 255.255.255.255

!

interface FastEthernet0/0

no ip address

shutdown

duplex half

!

interface GigabitEthernet1/0

ip address 87.85.80.1 255.255.255.252

negotiation auto

mpls ip

!

interface GigabitEthernet2/0

ip address 87.85.80.5 255.255.255.252

negotiation auto

mpls ip

!

interface GigabitEthernet3/0

ip vrf forwarding ELI

ip address 87.85.83.2 255.255.255.252

negotiation auto

!

interface GigabitEthernet4/0

ip address 87.85.83.10 255.255.255.252

negotiation auto

!

interface GigabitEthernet5/0

no ip address

shutdown

negotiation auto

!

interface GigabitEthernet6/0

no ip address

shutdown

negotiation auto

!

router ospf 1

mpls ldp sync

mpls ldp autoconfig

log-adjacency-changes

redistribute connected subnets

network 87.85.80.0 0.0.0.3 area 0

network 87.85.80.4 0.0.0.3 area 0

network 200.200.200.1 0.0.0.0 area 0

!

router bgp 1234

no synchronization

bgp log-neighbor-changes

network 87.85.80.0 mask 255.255.255.252

network 87.85.80.4 mask 255.255.255.252

network 87.85.83.0 mask 255.255.255.252

network 87.85.83.8 mask 255.255.255.252

redistribute connected

neighbor 87.85.83.1 remote-as 65000

neighbor 87.85.83.9 remote-as 65000

neighbor 195.193.191.1 remote-as 1234

neighbor 195.193.191.5 remote-as 1234

neighbor 200.200.200.7 remote-as 1234

neighbor 200.200.200.7 update-source Loopback0

neighbor 200.200.200.8 remote-as 1234

neighbor 200.200.200.8 update-source Loopback0

no auto-summary

!

address-family ipv4 vrf ELI

  redistribute connected

  redistribute static

  neighbor 87.85.83.1 remote-as 65000

  neighbor 87.85.83.1 activate

  no synchronization

exit-address-family

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

!

no cdp log mismatch duplex

!

!

!

!

!         

mpls ldp router-id Loopback0

!







CE_xxx

hostname xxxx

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

!

no aaa new-model

ip source-route

no ip icmp rate-limit unreachable

ip cef    

!         

!         

!         

!

no ip domain lookup

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

archive

log config

  hidekeys

! 

!

!

!

!

ip tcp synwait-time 5

!

!

!

!

interface Loopback0

ip address 192.168.0.3 255.255.255.248

!

interface FastEthernet0/0

no ip address

shutdown

duplex half

!

interface GigabitEthernet1/0

ip address 87.85.83.1 255.255.255.252

negotiation auto

!         

interface GigabitEthernet2/0

ip address 87.85.83.5 255.255.255.252

negotiation auto

!

interface GigabitEthernet3/0

no ip address

shutdown

negotiation auto

!

interface GigabitEthernet4/0

no ip address

shutdown

negotiation auto

!

interface GigabitEthernet5/0

no ip address

shutdown

negotiation auto

!

interface GigabitEthernet6/0

no ip address

shutdown

negotiation auto

!

router bgp 65000

no synchronization

bgp log-neighbor-changes

neighbor 87.85.83.2 remote-as 1234

neighbor 87.85.83.6 remote-as 1234

no auto-summary

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

!

no cdp log mismatch duplex

!

!

!

!

!

!

control-plane

!         

!

!

!

!

!

!

gatekeeper

shutdown

!

!

MHM Cisco World · ‎03-01-2023

you config is missing VPNv4 config
what you need


add LO in each PE 
advertise this LO in OSPF 
then 

router bgp x
neighbor LO-of-far-PE remote x
neighbor LO-of-far-PE update source LO-of-this-PE

address family vpnv4 unicast

neighbor LO-of-far-PE activate

elizabethf · ‎03-01-2023

I have two route reflectors, so the bgp sessions are established between RR and PE, I dont have PE to PE bgp configuration. So how am I supposed to do the vpnv4 configuration then? I'm sorry about my dumb questions but I'm a newbie.

MHM Cisco World · ‎03-01-2023

No
use same config I share above but not between

PE1-PE2 but between PE's-RR 
and then 
config in RR 
neighbour PE1-LO route-reflector-client 
neighbour PE2-LO route-reflector-client 
 neighbour PE1-LO activate 
 neighbour PE2-LO activate

Harold Ritter · ‎03-01-2023

Hi @elizabethf ,

I have various observations from the configs you posted.

- You have no VPNv4 configuration between the PE and the RR as noted by @MHM Cisco World .

- Your CE do not advertised their loop back addresses, which I suppose is the goal of the exercise.

for instance CE Warsaw should have a network statement as follow:

network 192.168.0.3 mask 255.255.255.248

- Since both CEs within the same VRF have the same AS, the update will not be accepted from one CE to the other, unless you configure the following on the BGP session towards the CE on the PE.

neighbor x.x.x.x as-override

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

elizabethf · ‎03-01-2023

Thank you very much for the answer, so I added a vpnv4 configuration on both of the Route Reflectors, and I also added the

as-override

command on the PE routers but I still can't get the CEs to recognise each other. I don't know what the issue could be... My teacher told me not to use the loopbacks on the CEs so that's why I haven't set them up yet.

MHM Cisco World · ‎03-01-2023

share the last config of

CE PE and RR

MHM Cisco World · ‎03-01-2023

redistribute connect under the address family ipv4 vrf <<- only correct this and try again 



address-family vpnv4

  neighbor 200.200.200.1 activate
 neighbor 200.200.200.1 route-reflector-client <<- you also need route-reflector-cleint under VPNv4 for ALL PE's

elizabethf · ‎03-01-2023

After doing all of the things you recommended, this is the routing table of CE_Warsaw

87.0.0.0/30 is subnetted, 4 subnets

B       87.85.83.16 [20/0] via 87.85.83.2, 00:35:22

B       87.85.83.20 [20/0] via 87.85.83.2, 00:35:34

C       87.85.83.0 is directly connected, GigabitEthernet1/0

C       87.85.83.4 is directly connected, GigabitEthernet2/0

so that means that CE_Warsaw now knows about the other CE in the VRF, and they can successfully ping each other. But when i type in sh ip bgp sum this is the result:

Neighbor        V          AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd

87.85.83.2      4       1234      45      41        9    0    0 00:36:24        4

87.85.83.6      4       1234      40      41        9    0    0 00:36:29        4

Is this how it's supposed to be? Shouldn't the route to CE_Prague be present in the bgp table since they are in the same VRF or?