cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
748
Views
5
Helpful
2
Replies

MP BGP MPLS VPN WITH DMVPN IVRF & FVRF

arreddy91
Level 1
Level 1

I've been trying to create the DMVPN IVRF but i am stuck at the BGP dataplane. as per the snap R6-R10 are CE routers they are able to learn the routes through FVRF vrf but not able to ping it. I have configured vpnv4 neighborship with Router Reflector R11 from the R1-R5. and using vrf CUST-A as a PE-CE. I need to ping this R6 to R7, R8, R9, R10 loopback IP's and vice versa. configuration files attachedDMVPN IVRF.JPG

2 Replies 2

Can you share the config here for HQ and only one branch, 
I couldn't open the Zip files

PE Router (CSR1)

==================

!
! Last configuration change at 07:00:11 UTC Mon Apr 5 2021
!
version 16.11
service timestamps debug datetime msec
service timestamps log datetime msec
! Call-home is enabled by Smart-Licensing.
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
vrf definition CUST-A
rd 100:1
!
address-family ipv4
route-target export 100:1
route-target import 100:1
exit-address-family
!
!
no aaa new-model
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
!
!
!
!
!
!
!
no ip domain lookup
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-3952242048
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3952242048
revocation-check none
rsakeypair TP-self-signed-3952242048
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-3952242048
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33393532 32343230 3438301E 170D3231 30343035 30363539
30305A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 39353232
34323034 38308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100E4E0 98306F18 5C4377EA 3E16C4F5 4810B7BB B03E22EE 30DE0868
DBF98DCD 1DD4C399 44232D66 975EBB61 AE3DD53B 95C2855A C5E8497C 7FB61B6B
520A1809 62A1692A 1A2ED060 7608A674 3245E61C C1FD18DB 8CF8DC58 3C42A1AC
26FBD9B4 44911AF3 AE7C480B 8878EE49 FBC9173A 56D1C4D3 B246DD2C D22326F4
ECB67942 67586059 60C424AB D87699E3 5FEEBB88 A42BCFC4 B38CA547 9E99216B
6AD96DFB 10725B10 E0518898 959DFAFF C9DF9870 182132F4 E099FFED 362B62EA
2A043451 0366FCE9 FF37EAD4 51838093 0F6FF196 59722E41 198C0030 EFAE0CB7
745D02E1 F5F88A47 16B8AFF7 40EEDAFB EE3EA659 88A4ADEB 76DC4F0B FE5B6B6F
C66CF947 CCE30203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 14E7609D 2311C96A 234B091C 27B54109 4CFD0081
0A301D06 03551D0E 04160414 E7609D23 11C96A23 4B091C27 B541094C FD00810A
300D0609 2A864886 F70D0101 05050003 82010100 436DE74A A0CEF2AD E9284A6A
4CB03439 3EA39BFC 43FB95CF 7244FD69 849DD8F7 CA095C2B 51E312BD 8C0AA0E8
567B49CF 97DCEBF4 B732CD23 0074D0A2 C094E38C EDFA5769 EB05276C 97376ADB
1B9D1043 FCC42A6A 63EDDCD7 F92EE305 35ED200B 59723A03 9840A7FC 1197BCCD
A27153D6 3D5508D8 F857427B C0BE8777 F364FC39 DBA3BD4B 430154BC 44363251
AECA3DCD 4DDF6CD4 188A1506 CAE9125D B301E983 83A6B832 6D84EEA1 1B2A9FEC
52B179D4 34BEFD83 E2E95D6A 86BF44C8 EFE4C289 B903447F 1B481A77 BBC608D7
A9D2E3A6 BAAC6BA9 E85729C9 250DAC91 C7BCCB6C 0D36A0C5 96B8E772 5B076F44
42AF6E51 DB860F28 EF5DF46A E2BFA0E4 719AF32F
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
!
license udi pid CSR1000V sn 913JS06QVUR
diagnostic bootup level minimal
!
spanning-tree extend system-id
memory free low-watermark processor 80526
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
no shutdown
ip address 10.1.1.1 255.255.255.0
!
interface GigabitEthernet1
no shutdown
ip address 192.1.10.1 255.255.255.0
negotiation auto
mpls ip
no mop enabled
no mop sysid
!
interface GigabitEthernet2
no shutdown
ip address 192.1.100.1 255.255.255.0
negotiation auto
mpls ip
no mop enabled
no mop sysid
!
interface GigabitEthernet3
no shutdown
vrf forwarding CUST-A
ip address 192.1.16.1 255.255.255.0
negotiation auto
no mop enabled
no mop sysid
!
interface GigabitEthernet4
no shutdown
no ip address
shutdown
negotiation auto
no mop enabled
no mop sysid
!
router ospf 100
router-id 0.0.0.1
network 10.0.0.0 0.255.255.255 area 0
network 192.1.10.0 0.0.0.255 area 0
network 192.1.100.0 0.0.0.255 area 0
!
router bgp 100
bgp log-neighbor-changes
neighbor 10.11.11.11 remote-as 100
neighbor 10.11.11.11 update-source Loopback0
neighbor 10.11.11.11 soft-reconfiguration inbound
!
address-family vpnv4
neighbor 10.11.11.11 activate
neighbor 10.11.11.11 send-community extended
exit-address-family
!
address-family ipv4 vrf CUST-A
neighbor 192.1.16.6 remote-as 65006
neighbor 192.1.16.6 activate
exit-address-family
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
!
!
!
mpls ldp router-id Loopback0
!
!
!
control-plane
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line vty 0 4
exec-timeout 0 0
login
transport input none
!
!
!
!
!
!
end

=========================

=========================

CE Router (CSR6)

==================

!
! Last configuration change at 07:00:44 UTC Mon Apr 5 2021
!
version 16.11
service timestamps debug datetime msec
service timestamps log datetime msec
! Call-home is enabled by Smart-Licensing.
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform console serial
!
hostname R6
!
boot-start-marker
boot-end-marker
!
!
vrf definition FVRF
rd 65006:1
!
address-family ipv4
exit-address-family
!
!
no aaa new-model
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
!
!
!
!
!
!
!
no ip domain lookup
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1346874287
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1346874287
revocation-check none
rsakeypair TP-self-signed-1346874287
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-1346874287
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31333436 38373432 3837301E 170D3231 30343035 30373030
31345A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 33343638
37343238 37308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100931D 9A82A976 70FB35BF 84F8D62C EEBDE841 4F62BA0E 99D2BD1B
68C9EAC0 B03DD93C E56FA02B C06DEC04 9DA6500B 6DE46698 BEB1DC07 C12E54A1
9618AA29 FFCE228C 2F756A46 57A2E84F C4CECB2B 7CC25219 13DEE871 AA54075C
BB7A7806 64A59503 8A7B7E37 D26742A8 A6C2FB29 B18B1F47 7991AC10 13716289
12550EEF 354A4DFE E3AF42DB 0A6A3D38 795C30A9 7DACA968 46DEAAB2 1E072170
0B362FF8 42ED5B76 ECF37724 02D88957 A9C46E97 32045E7F D7A26316 D3DDAE95
39D2CD43 9FFCFAF1 5CD1A5A7 19217B5C 746D6D7A 53A1F510 4B1E4807 83EDB251
F2E51E3C 5AE61DA7 7F798380 7315E130 9D89E594 F4DEECBB BE657218 D2467AC9
9A2400AB 36990203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 140D3E10 9BD455EA 2A5EFA64 50B77FE0 1945F95D
3C301D06 03551D0E 04160414 0D3E109B D455EA2A 5EFA6450 B77FE019 45F95D3C
300D0609 2A864886 F70D0101 05050003 82010100 5E95D73C 244B30EA 5DE7542C
EBC18CEF 1FFF51E1 70103416 D06C367B E547D1C6 A30DA4F8 9941B293 83A7594D
7DF6AB39 689DC1E8 C9A74A5F 5B077C6E C9019B87 606529E8 997879D0 AC8B671C
0CC42311 F20CE203 2A905D99 62B7FF62 E5F62F88 1D04DC2D 47178220 8456F47C
8098E8FE 7B67B398 90EE6607 4B35795C 27C2342E EEBB1436 587C95E2 7FEFEBBD
65F7AAFB A69F99DF 0ABFEF19 E1AE4144 25E991A4 4FC6741F 51A9C742 EC93819B
5FDCC9F5 83CDB6BE B0C23583 8B2EA94C 558F0E63 0882BC9F 2B764BD1 454409D2
2788B2ED 40DE96B3 7070AD9D 6E26D99F 1EAF38B2 7345A0E0 FCF48BB2 0E537E92
F5099F03 85A6D9C4 7B0D0761 DDF2BB9A 3F9B696F
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
!
license udi pid CSR1000V sn 9AVYB82T8PJ
diagnostic bootup level minimal
!
spanning-tree extend system-id
memory free low-watermark processor 80526
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
no shutdown
vrf forwarding FVRF
ip address 10.6.6.6 255.255.255.0
!
interface GigabitEthernet1
no shutdown
vrf forwarding FVRF
ip address 192.1.16.6 255.255.255.0
negotiation auto
no mop enabled
no mop sysid
!
interface GigabitEthernet2
no shutdown
no ip address
shutdown
negotiation auto
no mop enabled
no mop sysid
!
interface GigabitEthernet3
no shutdown
no ip address
shutdown
negotiation auto
no mop enabled
no mop sysid
!
interface GigabitEthernet4
no shutdown
no ip address
shutdown
negotiation auto
no mop enabled
no mop sysid
!
router bgp 65006
bgp router-id 10.6.6.6
bgp log-neighbor-changes
!
address-family ipv4 vrf FVRF
network 10.6.6.0 mask 255.255.255.0
neighbor 192.1.16.1 remote-as 100
neighbor 192.1.16.1 activate
exit-address-family
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line vty 0 4
exec-timeout 0 0
login
transport input none
!
!
!
!
!
!
end

=====================

=====================