Solved: Route leaking issues? - Page 2

Shawnw4401 · ‎05-26-2017

Hello,

I am quite puzzled with the issue I am having. In my test, I had route-leaking setup. Saved the configurations and turned off the router. Next time I boot up the routers, my route-leaking isn't working.

Problem:
1) Computer VRF cannot ping any 10.1.0.0/30 or 10.1.0.4/30 IP address.
2) Servers VRF cannot ping any 10.1.0.0/30, 10.1.0.4/30, 10.2.0.0/30 or 10.2.0.4/30 IP address.
3) Wi-Fi VRF cannot ping any 10.2.0.0/30 or 10.2.0.4/30 IP address.

Router A)

version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname External_Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
ip cef
!
!
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
voice-card 0
!
!
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO3845-MB sn FOC105013BA
vtp domain MyTestLab.com
vtp mode transparent
vtp version 2
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1100
ip address 10.255.254.254 255.255.255.255
!
interface Loopback1200
ip address 10.255.255.254 255.255.255.255
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/0.1100
description LAN Network
encapsulation dot1Q 1100
ip address 10.1.0.5 255.255.255.252
!
interface GigabitEthernet0/0.1200
description Wi-Fi Network
encapsulation dot1Q 1200
ip address 10.2.0.5 255.255.255.252
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1.1100
description LAN Network
encapsulation dot1Q 1100
ip address 10.1.0.2 255.255.255.252
!
interface GigabitEthernet0/1.1200
description Wi-Fi Network
encapsulation dot1Q 1200
ip address 10.2.0.2 255.255.255.252
!
interface FastEthernet0/0/0
no ip address
!
interface FastEthernet0/0/1
no ip address
!
interface FastEthernet0/0/2
no ip address
!
interface FastEthernet0/0/3
no ip address
!
interface Vlan1
no ip address
!
router ospf 1100
router-id 10.255.254.254
network 10.1.0.0 0.0.0.3 area 0
network 10.1.0.4 0.0.0.3 area 0
network 10.255.254.254 0.0.0.0 area 0
!
router ospf 1200
router-id 10.255.255.254
network 10.2.0.0 0.0.0.3 area 0
network 10.2.0.4 0.0.0.3 area 0
network 10.255.255.254 0.0.0.0 area 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 10.1.0.1
ip route 0.0.0.0 0.0.0.0 10.2.0.1
ip route 10.25.0.0 255.255.255.240 GigabitEthernet0/0.1100 10.1.0.6
ip route 10.49.0.32 255.255.255.240 GigabitEthernet0/0.1200 10.2.0.6
ip route 10.71.0.16 255.255.255.240 GigabitEthernet0/0.1100 10.1.0.6
ip route 10.71.0.16 255.255.255.240 GigabitEthernet0/0.1200 10.2.0.6
!
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
exec-timeout 0 0
login local
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000

Router B)

version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Internal_Router
!
boot-start-marker
boot-end-marker
!
!
!card type command needed for slot 1
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
ip vrf Computers
rd 1025:1
route-target export 1025:1
route-target import 1071:1
!
ip vrf MGMT
rd 1300:1
!
ip vrf Servers
rd 1071:1
route-target export 1071:1
route-target import 1049:1
route-target import 1025:1
!
ip vrf Wi-Fi
rd 1049:1
route-target export 1049:1
route-target import 1071:1
!
ip cef
!
!
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
voice-card 0
!
!
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO3845-MB sn FOC1411592J
!
redundancy
!
!
!
!
!
!
!
!
!
!
interface Loopback1025
ip vrf forwarding Computers
ip address 10.10.25.255 255.255.255.255
!
interface Loopback1049
ip vrf forwarding Wi-Fi
ip address 10.10.49.255 255.255.255.255
!
interface Loopback1071
ip vrf forwarding Servers
ip address 10.10.71.255 255.255.255.255
!
interface Loopback1100
ip address 10.255.254.253 255.255.255.255
!
interface Loopback1200
ip address 10.255.255.253 255.255.255.255
!
interface Loopback1300
ip vrf forwarding MGMT
ip address 10.10.130.255 255.255.255.255
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/0.1025
encapsulation dot1Q 1025
ip vrf forwarding Computers
ip address 10.25.0.1 255.255.255.240
!
interface GigabitEthernet0/0.1049
encapsulation dot1Q 1049
ip vrf forwarding Wi-Fi
ip address 10.49.0.33 255.255.255.240
!
interface GigabitEthernet0/0.1071
encapsulation dot1Q 1071
ip vrf forwarding Servers
ip address 10.71.0.17 255.255.255.240
!
interface GigabitEthernet0/0.1300
encapsulation dot1Q 1300
ip vrf forwarding MGMT
ip address 10.3.0.1 255.255.255.240
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1.1100
description LAN Network
encapsulation dot1Q 1100
ip address 10.1.0.6 255.255.255.252
!
interface GigabitEthernet0/1.1200
description Wi-Fi Network
encapsulation dot1Q 1200
ip address 10.2.0.6 255.255.255.252
!
router ospf 1100
router-id 10.255.254.253
network 10.1.0.4 0.0.0.3 area 0
network 10.255.254.253 0.0.0.0 area 0
!
router ospf 1200
router-id 10.255.255.253
network 10.2.0.4 0.0.0.3 area 0
network 10.255.255.253 0.0.0.0 area 0
!
router bgp 1300
bgp router-id 10.10.130.255
bgp log-neighbor-changes
!
address-family ipv4
redistribute connected
exit-address-family
!
address-family ipv4 vrf Computers
bgp router-id 10.10.25.255
redistribute connected
exit-address-family
!
address-family ipv4 vrf Servers
bgp router-id 10.10.71.255
redistribute connected
exit-address-family
!
address-family ipv4 vrf Wi-Fi
bgp router-id 10.10.49.255
redistribute connected
exit-address-family
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 10.1.0.5
ip route 0.0.0.0 0.0.0.0 10.2.0.5
ip route 10.25.0.0 255.255.255.240 GigabitEthernet0/0.1025
ip route 10.49.0.32 255.255.255.240 GigabitEthernet0/0.1049
ip route 10.71.0.16 255.255.255.240 GigabitEthernet0/0.1071
ip route vrf Computers 0.0.0.0 0.0.0.0 GigabitEthernet0/1.1100 10.1.0.5 global
ip route vrf Servers 0.0.0.0 0.0.0.0 GigabitEthernet0/1.1100 10.1.0.5 global
ip route vrf Servers 0.0.0.0 0.0.0.0 GigabitEthernet0/1.1200 10.2.0.5 global
ip route vrf Wi-Fi 0.0.0.0 0.0.0.0 GigabitEthernet0/1.1200 10.2.0.5 global
!
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
login local
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000

I am pretty sure I am not messing anything. Also, I tried re-doing BGP, but once I deleted the BGP and re-add the same commands, BGP wouldn't work anymore. I had to reload the router to fix that issue. Any help would be greatly appreciated. Thank you!

Francesco Molino · ‎05-30-2017

Ok i can help you on Wireshark.

Do you mind sending me the full config (password removed) of your 2 routers?

Also give me more info about equipments you're using (model and version)

Thanks

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Shawnw4401 · ‎05-30-2017

Francesco,

Here are those documents (sorry it took so long too).

Both routers are a 3845 version 15.1(4)M9.

Francesco Molino · ‎06-01-2017

Hi

I'm sorry for my late answer í was out for couple of days.

I'll review your files.

In which timezone are you?

We can eventually do a quick WebEx to review it.

Before doing that, on your router, in the enable mode, can you validate you have the command monitor capture point and buffer?

Thanks

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Shawnw4401 · ‎06-02-2017

Francesco,

I am in central timezone. I can do a WebEx anytime between 5 PM to 10 PM (1700-2200) CST.

If you would like to do it over a weekend, I am available at any time though.

Francesco Molino · ‎06-02-2017

Hi.

Your internal router text file isn't the right one. On this file, there is still the external router config.

Are you available now to do a troubleshooting session?

Thanks

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Shawnw4401 · ‎06-02-2017

Francesco,

Sorry, I wasn't able to do anything today. I will get you the configs. Let me know what time works best for you with the timezone. I'll make sure I set the time aside to be able to troubleshoot.

Francesco Molino · ‎06-03-2017

Hey,

Based on your latest config and debug messages on external routers, everything seems to be fine.

I'm in EST timezone and I'm available today if you can. Let me by pinging me through private chat.

Thanks

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Shawnw4401 · ‎06-03-2017

Francesco,

I am available today as well. Now if you'd like.

Francesco Molino · ‎06-03-2017

Hey,

We've done a private troubleshooting session.

We've issue the command ip routing protocol purge interface to force a purge of the RIB for interface going down. We've shutted down ospf neighbor with ASA firewall to be sure that there wasn't any issue related with ASA.

Everything works perfectly. Bring back ASA, add route-map to redistribute specific subnets on different ospf process with ASA.

Thanks

PS: Please mark as correct answer if this answered your question

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question