This is quite confusing :)

darvin_16 · ‎06-02-2017

Hi,

this is my first time to post here that is why i don't know how to start.

we have H.Q and remote site they are connected through isp mpls. And exchange route via bgp. The problem is that one of the subnets in our remote site is not reachable in H.Q Lan. H.Q router and core switch are in OSPF. But only vlan 701 in the remote sites are not reachable other vlans are reachable.

Things we tried.

1. Check any access-list that may block the subnets for vlan 701. There is none.

2.check the routing table in h.q core switch if the subnets of vlan 701 of the remote site is available and vice versa. The route is advertise both end learned the subnets.

3.vlan 701 in the remote site is reachable from the H.Q router.

4. We tried to transfer the subnets of vlan 701 in other remote site to check if there are any filtering specific for that subnet. When we transfer it is now reachable from the H.Q Lan.

5. We tried to remove the subinterface of the remote site router for vlan 701 and return again but still not reachable. Even try to change to other subinterface but still not ok.

6.we even try to use not vlan 701 and use other subnets in remote site and still not reaching the H.Q LAN.

i attached a simple diagram for our network. Remote 1 has the reachablity issue. Remote site 2 is the working site. We tried on remote site 2 the subnets in vlan 701 of remote site 1 and it works.

i hope someone will share their opiniom abour our problem.

thanks

Jon Marshall · ‎06-02-2017

Presumably the remote sites are using different IP subnets for vlan 701 ?

What does a traceroute show ?

Jon

darvin_16 · ‎06-02-2017

Hi jon,

Yes, vlan 701 is in different subnets and advertise using the bgp.

when i traceroute in the H.Q core switch the trace stops on H.Q router. It stops on the interface connecting HQ router and switch. But when i trace from the H.Q router it is successful.

Jon Marshall · ‎06-02-2017

What is the source IP address when you traceroute from the HQ core ?

Jon

darvin_16 · ‎06-02-2017

I don't put the source. So i believe the exit interface connecting to the HQ router will be the source of the traceroute.

Darvin

Jon Marshall · ‎06-02-2017

It would be and are you advertising that subnet with BGP ?

If not do a extended traceroute using an IP from a subnet you know you are advertising.

Jon

darvin_16 · ‎06-02-2017

From the core switch i can ping and reach the other subnet of the remote site. We have vlan 200 and 500 in the remote site and i can reach them from the core. Only the vlan 701 and any additional subnet are cannot reach from the HQ core switch. But the core learned the subnets of vlan 701.

Jon Marshall · ‎06-02-2017

So vlans 200 and 500 are routed on the same router as vlan 701 ?

And HQ core can ping those subnets but not 701 ?

Whereas HQ router can ping all subnets ?

Jon

darvin_16 · ‎06-02-2017

Yes, vlan 200,500 and 701 are on the same router . The set up on the remote site is router on a stick. One router with subinterface conecting to the LAN of the remote sites.

The router in HQ can reach all the subnets in the remote side including vlan 701.

Jon Marshall · ‎06-02-2017

From HQ core do a traceroute to an IP in either vlan 200 or 500 and then one in vlan 701 and post reaults.

Jon

darvin_16 · ‎06-04-2017

Hi jon,

attached file is the traceroute results of vlan 200 and vlan 701.

Vlan200- 10.8.120.1

vlan701- 10.8.29.161

HSO_B1B2_CS1 is the HQ core. And HSO_B1_R3 is HQ router.

10.8.61.6 and 10.8.61.21 are the 2 interface of HQ router connecting to HQ core.

I attached also the show ip route in the HQ core and router showing that it learned the subnet of vlan 701(10.8.29.160)

In the remote site . There is a default route 0.0.0.0 pointing out to the mpls.

darvin

Jon Marshall · ‎06-04-2017

It's late where I am but I'll pick this up tomorrow.

Just a quick question though.

In your first post point no. 4) is not very clear. Can you explain exactly what you did and what the results were.

Jon

darvin_16 · ‎06-05-2017

We have other remote site. What we did is that from remote site 1, we remove subnets of vlan 701 and add it on remote site 2. The results is it is reachable from the HQ Lan.

The reason we do this is to check if there is an access list anywhere in between that blocking the subnets of vlan 701.

But since the subnets is reachable when we transfer it to remote site 2, i think there is no filtering in between.

Darvin

Jon Marshall · ‎06-05-2017

This is quite confusing :)

Can you pick a subnet that does work in terms of ping from HQ switch and then attach "sh ip route" for that subnet so I can compare with what you have already sent.

Jon

chrihussey · ‎06-02-2017

Does the remote have the route to the HQ LAN?

Remote site reachability issue