Eduardo, 1) I am embarrassed

Mark Schwartz · ‎02-04-2015

Hello,

I have been going over labs, etc., using GNS3 for MPLS, VRF's, etc. Came across something that has me

scratching my head.

Simple two router setup. Each router directly connected to each other via Gi 1/0.

I am providing all configs and relevant outputs at the bottom of this post.

Fist set of configs is extremely bare bones. However, the non-vrf router (R2) says BGP status is 'Established' but the

vrf router (R1) says 'Idle'. They are directly connected so I should not need any routes.

When I debug R1 it says: Active open failed - update-source NULL is not available, open active delayed

(see bottom of post for outputs).

Then I went a little crazy and used loopbacks with explicit static routes (second set of configs). Here I can ping from

R2's loopback to R1's Gi 1/0 interface, but I cannot ping from R1's loopback to R2's Gi 1/0 interface (again, output provided at

bottom). I simply do not see why connectivity is broken from R1 using the vrf. The routing table on R1 shows a valid route

to R2's connected interface (and lo0 for that matter, but I can't ping loopback to loopback in either direction. Routing tables

on both routers show routes are present).

If I get rid of the vrf I can get it all working in 30 seconds.

I must be doing something wrong but I am at a loss to see what I am missing.

If somebody could please point out my error I would really appreciate it.

Thanks in advance,

-- Mark

R1
vrf definition BGP
rd 1:1
route-target export 1:1
route-target import 1:1
!
address-family ipv4
exit-address-family
!
ip cef
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface GigabitEthernet1/0
vrf forwarding BGP
ip address 10.1.1.1 255.255.255.252
negotiation auto
!
interface GigabitEthernet2/0
ip address 10.2.1.1 255.255.255.252
negotiation auto
!
router bgp 100
bgp log-neighbor-changes
neighbor 10.1.1.2 remote-as 200
!
address-family ipv4 vrf BGP
neighbor 10.1.1.2 remote-as 200
neighbor 10.1.1.2 activate
exit-address-family

R2
ip cef
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex full
!
interface GigabitEthernet1/0
ip address 10.1.1.2 255.255.255.252
negotiation auto
!
interface GigabitEthernet2/0
ip address 10.2.1.2 255.255.255.252
negotiation auto
!
router bgp 200
bgp log-neighbor-changes
neighbor 10.1.1.1 remote-as 100

R1#sh ip bgp neigh
BGP neighbor is 10.1.1.2, remote AS 200, external link
BGP version 4, remote router ID 0.0.0.0
BGP state = Idle
Neighbor sessions:
0 active, is not multisession capable (disabled)

BGP: 10.1.1.2 Active open failed - update-source NULL is not available, open active delayed

R2#sh ip bgp neigh
BGP neighbor is 10.1.1.1, remote AS 100, external link
BGP version 4, remote router ID 1.1.1.1
BGP state = Established, up for 00:00:26
Last read 00:00:26, last write 00:00:26, hold time is 180, keepalive interval is 60 seconds
Neighbor sessions:
1 active, is not multisession capable (disabled)

====================================================

R1
vrf definition BGP
rd 1:1
route-target export 1:1
route-target import 1:1
!
address-family ipv4
exit-address-family
!
ip cef
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface GigabitEthernet1/0
vrf forwarding BGP
ip address 10.1.1.1 255.255.255.252
negotiation auto
!
interface GigabitEthernet2/0
ip address 10.2.1.1 255.255.255.252
negotiation auto
!
router bgp 100
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 update-source Loopback0
!
address-family ipv4 vrf BGP
neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 ebgp-multihop 3
neighbor 2.2.2.2 activate
exit-address-family
!
ip route vrf BGP 2.2.2.2 255.255.255.255 GigabitEthernet1/0 10.1.1.2
!
R2
ip cef
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface GigabitEthernet1/0
ip address 10.1.1.2 255.255.255.252
negotiation auto
!
interface GigabitEthernet2/0
ip address 10.2.1.2 255.255.255.252
negotiation auto
!
router bgp 200
bgp log-neighbor-changes
network 2.2.2.2 mask 255.255.255.255
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 ebgp-multihop 3
neighbor 1.1.1.1 update-source Loopback0
!
ip route 1.1.1.1 255.255.255.255 GigabitEthernet1/0

R1#ping 10.1.1.2 so lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
.....
Success rate is 0 percent (0/5)

R1#sh ip route vrf BGP | beg Gate
Gateway of last resort is not set

      2.0.0.0/32 is subnetted, 1 subnets
S        2.2.2.2 [1/0] via 10.1.1.2, GigabitEthernet1/0
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.1.1.0/30 is directly connected, GigabitEthernet1/0
L        10.1.1.1/32 is directly connected, GigabitEthernet1/0

R2#ping 10.1.1.1 so lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/30/36 ms

eduardopozo56 · ‎02-04-2015

On R1 (the vrf router) remove all the neighbor statements from the parent BGP protocol, all statements for the 10.1.1.2 neighbor should be inside the "address-family ipv4 vrf BGP"

With the static routes, your ping is failing because you are not adding the "vrf BGP" to your ping command.
I just did your topology on a lab and had 0 issues.

Some of the config:

R1:

ip vrf BGP
 rd 1:1   
 route-target export 1:1
 route-target import 1:1

!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 ip vrf forwarding BGP
 ip address 10.1.1.1 255.255.255.252
 duplex auto
 speed auto
!

router bgp 100
 no synchronization
 bgp log-neighbor-changes
 no auto-summary
 !
 address-family ipv4 vrf BGP
  neighbor 10.1.1.2 remote-as 200
  neighbor 10.1.1.2 activate
  no synchronization
 exit-address-family
!
R2:
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.1.1.2 255.255.255.252
 duplex auto
 speed auto
!
router bgp 200
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.1.1.1 remote-as 100
 no auto-summary
!
R2#sh ip bgp summ
BGP router identifier 2.2.2.2, local AS number 200
BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.1.1.1        4   100       8       8        1    0    0 00:05:33        0
—
R1#sh ip bgp vpnv4 all summ
BGP router identifier 1.1.1.1, local AS number 100
BGP table version is 1, main routing table version 1
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.1.1.2        4   200       8       8        1    0    0 00:05:52        0

Jon Marshall · ‎02-04-2015

Eduardo

Do you know of a command equivalent of "sh ip bgp summary" that you can use for a VRF neighbor ?

I can never seem to find one ?

Jon

eduardopozo56 · ‎02-04-2015

Yes, i did use it on my example, all the "vrf neighbors" are under the vpnv4 or vpnv6

R1#sh ip bgp vpnv4 all summ

It might change a little bit depending on the address family that you are using for the adjacency, you can start with "show ip bgp vpnv4 ?" and go from there

Jon Marshall · ‎02-04-2015

Yes, i did use it on my example, all the "vrf neighbors" are under the vpnv4 or vpnv6

So you did, I should have read your response more carefully.

Many thanks

Jon

Mark Schwartz · ‎02-04-2015

Eduardo,

1) I am embarrassed by the ping error. I know better than that. I think I was just a bit

flustered by the BGP neighbor not coming up.

2) After removing the neighbor statement from the parent it works.

Thank you!!

Sincerely,

Mark

Jon Marshall · ‎02-04-2015

Just to add to Eduardo's post.

It was actually working even with the error messages.

These are seen because you have, as Eduardo says, a neighbour statement under the main BGP configuration.

But the routes are still exchanged, I tested it in a lab.

When you did a "sh ip bgp summary" and it showed idle you were looking at the non VRF summary but your VRF peering was actually working.

That is why the other end shows up.

So it exchanged routes with or without the main bgp neighbor statement.

The only difference being without it, you don't get the error messages.

Jon

Mark Schwartz · ‎02-04-2015

Jon,

Thank you for the explanation. That helps.

Sincerely,

Mark

BGP neighbor over vrf