Thanks for the response Paul.

1) "ip routing" can't be disabled on the access layer switches. It kills my Out-of-Band access into each switch. I believe that Cisco VIRL in software is using routing to access these virtual devices.

2) "preemption" is now enabled on each vLAN of the CTvSWT01 distribution layer switch.

3) "ping" of the access layer switches from the distribution layer switches CTvSWT01 and CTvSWT02 (Source is gi0/1 on each):

From CTvSWT01:

CTvSWT01#ping
Protocol [ip]:
Target IP address: 10.24.1.5
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: GigabitEthernet0/1
.

.

.
Sending 5, 100-byte ICMP Echos to 10.24.1.5, timeout is 2 seconds:
Packet sent with a source address of 10.24.128.17
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

From CTvSWT02:

CTvSWT02#ping
Protocol [ip]:
Target IP address: 10.24.1.6
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: GigabitEthernet0/1
.

.

.
Sending 5, 100-byte ICMP Echos to 10.24.1.6, timeout is 2 seconds:
Packet sent with a source address of 10.24.128.21
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms

4) For OSPF Neigbors on distribution switch CTvSWT01:

Neighbor ID     Pri   State           Dead Time   Address         Interface
CTvRTR01      1   FULL/BDR        00:00:39    10.24.128.18    GigabitEthernet0/1
CTvSWT02      1   FULL/DR          00:00:34    10.24.12.3        Vlan12
CTvSWT02      1   FULL/DR          00:00:33    10.24.11.3        Vlan11
CTvSWT02      1   FULL/DR          00:00:34    10.24.1.3          Vlan1

For OSPF Neigbors on distribution switch CTvSWT02:

Neighbor ID     Pri   State           Dead Time   Address         Interface
CTvRTR02       1   FULL/DR          00:00:38    10.24.128.22    GigabitEthernet0/1
CTvSWT01      1   FULL/BDR        00:00:34    10.24.12.2        Vlan12
CTvSWT01      1   FULL/BDR        00:00:33    10.24.11.2        Vlan11
CTvSWT01      1   FULL/BDR        00:00:36    10.24.1.2          Vlan1

Hello

Cheers for the validation- so this means the rtrs L3 from their direct links to the distribution switchs will work and maybe this is just missing advertised prefix 

i suppose you've pinged with source testing from tthe other L3 interfaces?

What exactly is failing

res

paul

Thanks Paul.

Yes. It works for VLAN 1 when the access layer switch vLAN 1 IPs are the destination.  The two hosts in question are in vLAN 11 and 12 with IPs 10.24.11.100 and 10.24.12.100 respectively.  They do not work when pinging from the routed network/devices but are pinging from the switched networks/devices.  So, it fails from the two wan routers but is a success from the two distribution switches they are connected to. The reason why it's failing isn't obvious to me since I believe I have all the devices configured appropriately.

From the RTR (CTvRTR01) <-- Fails

CTvRTR01#ping        
Protocol [ip]:
Target IP address: 10.24.12.100
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Ingress ping [n]:
Source address or interface: GigabitEthernet0/1

Sending 5, 100-byte ICMP Echos to 10.24.12.100, timeout is 2 seconds:
Packet sent with a source address of 10.24.128.10
.....
Success rate is 0 percent (0/5)
Sending 5, 100-byte ICMP Echos to 10.24.12.100, timeout is 2 seconds:
Packet sent with a source address of 10.24.128.10

From the switch (CTvSWT01) <-- Success

CTvSWT01#ping
Protocol [ip]:
Target IP address: 10.24.12.100
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.24.12.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
CTvSWT01#

Thanks for the response Jon.

The LXC's are configured as follows (IP and default gateway).  Below is just a simple script that turns up the Ethernet interfaces on each:

For LXC-3

    #!/bin/sh
    ifconfig eth1 up 10.24.12.100 netmask 255.255.255.0
    route add -net 10.0.0.0/16 gw 10.24.12.1 dev eth1
    exit 0

and for LXC-2

    #!/bin/sh
    ifconfig eth1 up 10.24.11.100 netmask 255.255.255.0
    route add -net 10.0.0.0/16 gw 10.24.11.1 dev eth1
    exit 0

What happens if you ping the hosts from the core/district switches but use source interface as the one connecting to the routers ?

Jon

Hello

No problem - glad it's sorted 

@Jon -Well spotted mate

res 

paul

Sent from iPhone 

Hi Paul

Thanks.

I'm on an iPhone like you but not using app yet as locked out apple App Store (forgot password for Apple ID).

Does it make it easier to use the site ?

And how are the CCIE studies going !

Jon

Hello Jon

Only noticed your question regards my studies mate - apologies for replying.

Basically they have been on hold -due to work, family commitments....I even took about 4 months off here which is very unusual - i am in no rush.

I see you a super blue now or have you been for a while, I guess your going for that magical 40K mark then?

res
Paul

Hi Paul 

I think the no rush attitude is the best way to approach it to be honest and it means we see more of you on here :) 

I am in no rush to get to the next badge which is just as well as I don't seem able to score as I did in previous times !

Jon