Solved: Connection between 2 MPLS failed

saul.reyes · ‎08-20-2013

Hi actually we have the follow topology network:

We try to merge both MPLS with inter -AS we have table on BGP for vrf prueba and announce and advertise the loopback 400 but is unreacheble for ping the network

Configuration on cisco ASR-1:

vrf prueba

address-family ipv4 unicast

import route-policy pass-all

import route-target

64512:2005

!

export route-policy pass-all

export route-target

64512:2005

interface Loopback400

vrf prueba

ipv4 address 172.16.162.12 255.255.255.255

interface GigabitEthernet0/2/0/17

cdp

mtu 1550

ipv4 address 172.16.19.130 255.255.255.252

router bgp 64512

bgp router-id 172.16.161.1

address-family ipv4 unicast

!

address-family vpnv4 unicast

!

neighbor 172.16.19.129

remote-as 2005

address-family vpnv4 unicast

route-policy pass-all in

route-policy pass-all out

vrf prueba

rd 64512:2005

address-family ipv4 unicast

redistribute connected

redistribute static

mpls ldp

router-id 172.16.14.1

interface Bundle-Ether100

!

interface GigabitEthernet0/2/0/17

discovery transport-address interface

RP/0/RSP1/CPU0:ED_MEX_1#sho route vrf prueba

Tue Aug 20 13:05:54.483 UTC

Codes: C - connected, S - static, R - RIP, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, su - IS-IS summary null, * - candidate default

U - per-user static route, o - ODR, L - local, G - DAGR

A - access/subscriber, - FRR Backup path

Gateway of last resort is not set

B 172.16.162.11/32 [20/0] via 172.16.19.129 (nexthop in vrf default), 01:31:00

L 172.16.162.12/32 is directly connected, 02:48:01, Loopback400

RP/0/RSP1/CPU0:ED_MEX_1#ping vrf prueba 172.16.162.11

Tue Aug 20 13:06:43.515 UTC

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.162.11, timeout is 2 seconds:

UUUUU

Success rate is 0 percent (0/5)

RP/0/RSP1/CPU0:ED_MEX_1#sho bgp vpnv4 unicast

Tue Aug 20 13:07:12.093 UTC

BGP router identifier 172.16.161.1, local AS number 64512

BGP generic scan interval 60 secs

BGP table state: Active

Table ID: 0x0 RD version: 4750076

BGP main routing table version 2221719

BGP scan interval 60 secs

Status codes: s suppressed, d damped, h history, * valid, > best

i - internal, r RIB-failure, S stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 64512:2005 (default for vrf prueba)

*> 172.16.162.11/32 172.16.19.129 0 0 2005 i

*> 172.16.162.12/32 0.0.0.0 0 32768 ?

Peer LDP Identifier: 150.220.250.1:0

TCP connection: 172.16.19.129:646 - 172.16.19.130:53085

Graceful Restart: No

Session Holdtime: 180 sec

State: Oper; Msgs sent/rcvd: 40/221; Downstream-Unsolicited

Up time: 00:28:04

LDP Discovery Sources:

GigabitEthernet0/2/0/17

Addresses bound to this peer:

150.220.2.57 150.220.250.1 150.220.250.209 150.220.253.1

150.228.30.101 150.228.110.100 150.228.115.101 172.16.12.9

172.16.12.157 172.16.18.5 172.16.19.129 172.16.49.17

172.17.0.1 189.1.9.1 189.1.9.13 189.1.9.153

189.1.9.201 189.1.11.13

Configuration on Cisco 7600:

ip vrf prueba

rd 64512:2005

route-target export 64512:2005

route-target import 64512:2005

interface Loopback400

ip vrf forwarding prueba

ip address 172.16.162.11 255.255.255.255

interface GigabitEthernet9/10

ip address 172.16.19.129 255.255.255.252

speed nonegotiate

mpls mtu 1550

mpls ldp discovery transport-address interface

mpls bgp forwarding

mpls label protocol ldp

mpls ip

router bgp 2005

bgp router-id 150.220.250.1

bgp log-neighbor-changes

neighbor 172.16.19.130 remote-as 64512

address-family ipv4

no synchronization

redistribute connected

neighbor 172.16.19.130 activate

maximum-paths 2

no auto-summary

exit-address-family

address-family vpnv4

neighbor 172.16.19.130 activate

neighbor 172.16.19.130 send-community both

neighbor 172.16.19.130 next-hop-self

neighbor 172.16.19.130 inter-as-hybrid

exit-address-family

address-family ipv4 vrf prueba

no synchronization

network 172.16.162.11 mask 255.255.255.255

exit-address-family

PE_MEX_1#sho ip vrf prueba

Name Default RD Interfaces

prueba 64512:2005 Lo400

PE_MEX_1#sho ip route vrf prueba

Routing Table: prueba

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is not set

172.16.0.0/32 is subnetted, 2 subnets

C 172.16.162.11 is directly connected, Loopback400

B 172.16.162.12 [20/0] via 172.16.19.130, 01:25:19

PE_MEX_1#ping vrf prueba 172.16.162.12

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.162.12, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

Someone have a idea what happen with this, or if is necesary integrate other command

Best Regards

Harold Ritter · ‎08-20-2013

Hi Saul,

One more thing. You probably want to configure the following commands on the IOS and IOS-XR side respectively, so that routes are kept on the ASBR even though the VRF might not exist locally.

IOS:

router bgp 2005

no bgp default route-target filter

IOS-XR:

router bgp 64512

!

address-family vpnv4 unicast

retain route-target all

Also, you need to enable MPLS on the interAS link (equivalent of "mpls bgp forwarding" on the IOS side) with the following command:

router bgp 64512

mpls activate

interface GigabitEthernet0/2/0/17

!

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

Michel Bou Sleiman · ‎08-21-2013

Dear Saul,

you could try to ping with a source address as a starter... and do a traceroute to see what might be going on.

if you could post the config from ASBR-B and Carmen and the "show bgp vpnv4 all " and "show mpls forwarding-table" from all routers, it would help us to see what is missing.

is this a production? if not then you could run a "debug mpls packet" as well

Thanks,

Michel.

View solution in original post

Harold Ritter · ‎08-20-2013

Hi Saul,

It looks like you want to configure interAS option b (ebgp vpnv4). You do not need to run LDP between the two ASes.

One very important thing though is to configure a static route on the XR side as follow.

router static

address-family ipv4 unicast

172.16.19.129/32 GigabitEthernet0/2/0/17



Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Harold Ritter · ‎08-20-2013

Hi Saul,

One more thing. You probably want to configure the following commands on the IOS and IOS-XR side respectively, so that routes are kept on the ASBR even though the VRF might not exist locally.

IOS:

router bgp 2005

no bgp default route-target filter

IOS-XR:

router bgp 64512

!

address-family vpnv4 unicast

retain route-target all

Also, you need to enable MPLS on the interAS link (equivalent of "mpls bgp forwarding" on the IOS side) with the following command:

router bgp 64512

mpls activate

interface GigabitEthernet0/2/0/17

!

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

saul.reyes · ‎08-20-2013

Thanks soo much Harold

with the Static route

router static

address-family ipv4 unicast

172.16.19.129/32 GigabitEthernet0/2/0/17

the trouble is resolve but

when we try to make other vrf for Inter-AS we need a static route for each one?

best regards

Harold Ritter · ‎08-20-2013

Hi Saul,

I am glad to hear it works now. You only need to add one static route for each neighbor ASBR. So if you only add additional VRFs, there is no need to add any additionnal static route.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

saul.reyes · ‎08-20-2013

The other trouble with the traffic when we active the vrf prueba on other router en MPLS-A can ping to ASBR MPLS-A but it´s impossible to ping the ASBR-B we need to redistributed the OSPF internal to BGP

ASBR-A#ping vrf prueba 172.16.16.129

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.16.129, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 64/67/72 ms

ASBR-A#ping vrf prueba 172.16.162.11

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.162.11, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

CARMEN

carmen#sho ip route vrf prueba

Routing Table: prueba

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP

+ - replicated route, % - next hop override

Gateway of last resort is not set

172.16.0.0/32 is subnetted, 4 subnets

C 172.16.16.129 is directly connected, Loopback400

B 172.16.162.11 [200/0] via 150.220.250.1, 01:28:10

B 172.16.162.12 [200/0] via 172.16.19.130, 01:28:10

B 172.16.162.30 [200/0] via 150.220.250.1, 01:28:10

carmen#ping vrf prueba 172.16.162.12

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.162.12, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

carmen#ping vrf prueba 172.16.162.11

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.162.11, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 60/65/72 ms

the routing configuration on ASBR-A

router ospf 1

router-id 150.220.250.1

log-adjacency-changes

network 150.220.1.0 0.0.0.3 area 0

network 150.220.1.16 0.0.0.3 area 0

network 150.220.2.12 0.0.0.3 area 0

network 150.220.2.16 0.0.0.3 area 0

network 150.220.2.56 0.0.0.3 area 0

network 150.220.2.64 0.0.0.3 area 0

network 150.220.2.252 0.0.0.3 area 0

network 150.220.21.12 0.0.0.3 area 0

network 150.220.21.16 0.0.0.3 area 0

network 150.220.30.4 0.0.0.3 area 0

network 150.220.31.24 0.0.0.3 area 0

network 150.220.51.0 0.0.0.3 area 0

network 150.220.250.1 0.0.0.0 area 0

network 150.220.250.208 0.0.0.3 area 0

network 172.16.12.44 0.0.0.3 area 0

network 172.16.12.48 0.0.0.3 area 0

network 172.16.12.156 0.0.0.3 area 0

network 172.16.49.16 0.0.0.3 area 0

network 172.17.0.1 0.0.0.0 area 0

network 189.1.9.0 0.0.0.3 area 0

network 189.1.9.4 0.0.0.3 area 0

network 189.1.9.8 0.0.0.3 area 0

network 189.1.9.12 0.0.0.3 area 0

network 189.1.9.36 0.0.0.3 area 0

network 189.1.9.152 0.0.0.3 area 0

network 189.1.9.156 0.0.0.3 area 0

network 189.1.9.200 0.0.0.3 area 0

network 189.1.11.12 0.0.0.3 area 0

maximum-paths 8

default-information originate metric-type 1

mpls traffic-eng router-id Loopback0

mpls traffic-eng area 0

!

router bgp 2005

bgp router-id 150.220.250.1

no bgp default route-target filter

bgp log-neighbor-changes

neighbor 150.220.250.31 remote-as 2005

neighbor 150.220.250.31 update-source Loopback0

neighbor 150.220.250.202 remote-as 2005

neighbor 150.220.250.202 update-source Loopback0

neighbor 150.228.22.101 remote-as 64912

neighbor 150.228.22.101 shutdown

neighbor 172.16.19.130 remote-as 64512

!

address-family ipv4

no synchronization

neighbor 150.220.250.31 activate

neighbor 150.220.250.202 activate

neighbor 150.228.22.101 activate

neighbor 150.228.22.101 distribute-list defa-git out

neighbor 172.16.19.130 activate

maximum-paths 2

no auto-summary

exit-address-family

address-family vpnv4

neighbor 150.220.250.31 activate

neighbor 150.220.250.31 send-community both

neighbor 150.220.250.202 activate

neighbor 150.220.250.202 send-community both

neighbor 172.16.19.130 activate

neighbor 172.16.19.130 send-community both

neighbor 172.16.19.130 next-hop-self

neighbor 172.16.19.130 inter-as-hybrid

exit-address-family

address-family ipv4 vrf prueba

no synchronization

network 172.16.162.11 mask 255.255.255.255

network 172.16.162.30 mask 255.255.255.255

exit-address-family

you can help me with something, we thing that´s a redistribution but we try to put into the OSPF and BGP on ASBR-A but failed

Best Regards

Michel Bou Sleiman · ‎08-21-2013

Dear Saul,

you could try to ping with a source address as a starter... and do a traceroute to see what might be going on.

if you could post the config from ASBR-B and Carmen and the "show bgp vpnv4 all " and "show mpls forwarding-table" from all routers, it would help us to see what is missing.

is this a production? if not then you could run a "debug mpls packet" as well

Thanks,

Michel.

Harold Ritter · ‎08-21-2013

Hi Saul,

The one thing I see that is not right is the following:

B 172.16.162.12 [200/0] via 172.16.19.130, 01:28:10

The next hop that Carmen sees should be ASBR-A neighbor address.

Could you please remove the following lines from ASBR-A configuration.

neighbor 172.16.19.130 next-hop-self

neighbor 172.16.19.130 inter-as-hybrid

They are not required and could be causing issue.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

saul.reyes · ‎08-21-2013

Harold thanks

we only put next-hop-self on route reflectors and ping is successfull

the final configuration on cisco 7600 is:

router bgp 2005

bgp router-id 150.220.250.1

no bgp default route-target filter

bgp log-neighbor-changes

neighbor 150.220.250.31 remote-as 2005

neighbor 150.220.250.31 update-source Loopback0

neighbor 150.220.250.202 remote-as 2005

neighbor 150.220.250.202 update-source Loopback0

neighbor 150.228.22.101 remote-as 64912

neighbor 150.228.22.101 shutdown

neighbor 172.16.19.130 remote-as 64512

!

address-family ipv4

no synchronization

neighbor 150.220.250.31 activate

neighbor 150.220.250.202 activate

neighbor 150.228.22.101 activate

neighbor 150.228.22.101 distribute-list defa-git out

neighbor 172.16.19.130 activate

maximum-paths 2

no auto-summary

exit-address-family

!

address-family vpnv4

neighbor 150.220.250.31 activate

neighbor 150.220.250.31 send-community both

neighbor 150.220.250.31 next-hop-self

neighbor 150.220.250.202 activate

neighbor 150.220.250.202 send-community both

neighbor 150.220.250.202 next-hop-self

neighbor 172.16.19.130 activate

neighbor 172.16.19.130 send-community both

exit-address-family

thanks

Best Regards

Harold Ritter · ‎08-21-2013

Hi Saul,

The next-hop-self is usually not required for the VPNv4 address family as it is normally done automatically. It might be just a glitch that could have been triggered by the previous statements that you removed.I am glad to hesr that it works now.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México