05-22-2013 11:42 AM
Hi
Actually we have a network operate VRF on two EDGE (ASR9000) the diagram is this:
we try to configurate a MPLS conection between ASR (PE-1) and ASR (PE-2) try to use MPLS LDP and use a VRF OAM between this devices but the comunication is not possible
MPLS LDP is the option? or L2VPN or EoMPLS for this connection?
the actually configuration is:
ASR-2
mpls ldp
router-id 172.16.14.1
discovery hello holdtime 30
discovery hello interval 10
graceful-restart
explicit-null
interface Bundle-Ether100
ASR-1
mpls ldp
router-id 172.16.14.2
discovery hello holdtime 30
discovery hello interval 10
graceful-restart
explicit-null
interface Bundle-Ether100
but the VRF OAM only configurated between PE-1 and PE-2 is not neighbord
We don´t know if we are using the correct concept to connect the devices, can help us
thanks
Best Regards
Solved! Go to Solution.
05-22-2013 04:55 PM
Hi Saul,
The reason you can not ping from asr9k-1 to asr9k-2 is that you do not run mpls vpn (bgp vpnv4) between the two. What do you need that vrf for? If it just to provide connectivity between loopback interfaces for vrf OAM on asr9k-1 and 2, I do not really see the point.
Regards
05-22-2013 02:44 PM
Hi Saul,
I am not sure what you are trying to achieve. You want to run mpls vpn between the two asr9k to extend a VRF called OAM, right? If so, ldp is definitely one way to do it. The reason why the ldp session does not come up might be that you do not have loopback address reachability from one asr to the other. Do you run and IGP between the two asr?
Regards
05-22-2013 04:37 PM
Harold, thanks for your comments
we are making change for your comments and the final diagrame is:
on ASR9K - PE-1 we have configurated VRF, IGP and Conectivity for BUNDLE-Ethe 100 conectivity
ASR9K (PE-1):
vrf OAM
address-family ipv4 unicast
import route-policy pass-all
import route-target
64518:64518
!
export route-policy pass-all
export route-target
64518:64518
interface Bundle-Ether100
ipv4 address 172.16.14.1 255.255.255.252
interface Loopback10
vrf OAM
ipv4 address 172.16.162.1 255.255.255.255
router ospf 100
router-id 172.16.14.1
mpls ldp sync
mpls ldp auto-config
area 0
interface Bundle-Ether100
mpls ldp
router-id 172.16.14.1
interface Bundle-Ether100
ASR9K (PE-2):
vrf OAM
address-family ipv4 unicast
import route-policy pass-all
import route-target
64518:64518
!
export route-policy pass-all
export route-target
64518:64518
interface Bundle-Ether100
ipv4 address 172.16.14.2 255.255.255.252
interface Loopback10
vrf OAM
ipv4 address 172.16.162.2 255.255.255.255
router ospf 100
router-id 172.16.14.2
mpls ldp sync
mpls ldp auto-config
area 0
interface Bundle-Ether100
mpls ldp
router-id 172.16.14.2
interface Bundle-Ether100
when we verifying the MPLS neighbor is UP
RP/0/RSP0/CPU0:ED_MEX_1#sho mpls ldp neighbor
Wed May 22 18:29:03.496 UTC
Peer LDP Identifier: 172.16.14.2:0
TCP connection: 172.16.14.2:39527 - 172.16.14.1:646
Graceful Restart: No
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 25/25; Downstream-Unsolicited
Up time: 00:18:46
LDP Discovery Sources:
Bundle-Ether100
Addresses bound to this peer:
172.16.14.2
RP/0/RSP0/CPU0:ED_MEX_2#sho mpls ldp neighbor
Wed May 22 16:24:53.223 UTC
Peer LDP Identifier: 172.16.14.1:0
TCP connection: 172.16.14.1:646 - 172.16.14.2:39527
Graceful Restart: No
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 26/26; Downstream-Unsolicited
Up time: 00:19:19
LDP Discovery Sources:
Bundle-Ether100
Addresses bound to this peer:
172.16.14.1
on OSPF 100 the neighbor is UP
RP/0/RSP0/CPU0:ED_MEX_2#sho ospf neighbor
Wed May 22 16:26:15.169 UTC
* Indicates MADJ interface
Neighbors for OSPF 100
Neighbor ID Pri State Dead Time Address Interface
172.16.14.1 1 FULL/BDR 00:00:31 172.16.14.1 Bundle-Ether100
Neighbor is up for 00:54:34
Total neighbor count: 1
RP/0/RSP0/CPU0:ED_MEX_1#sho ospf neighbor
Wed May 22 18:31:18.614 UTC
* Indicates MADJ interface
Neighbors for OSPF 100
Neighbor ID Pri State Dead Time Address Interface
172.16.14.2 1 FULL/DR 00:00:36 172.16.14.2 Bundle-Ether100
Neighbor is up for 00:54:59
Total neighbor count: 1
but when try to send a PING from Loopback 10 from ASR 1 to ASR 2 ocurre this one and viceverse
RP/0/RSP0/CPU0:ED_MEX_1#ping vrf OAM 172.16.162.1
Wed May 22 18:32:54.046 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.162.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
RP/0/RSP0/CPU0:ED_MEX_1#ping vrf OAM 172.16.162.2
Wed May 22 18:32:57.794 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.162.2, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)
the routing table for OAM on ASR-1 is:
RP/0/RSP0/CPU0:ED_MEX_1#sho route vrf OAM
Wed May 22 18:33:59.485 UTC
Codes: C - connected, S - static, R - RIP, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, - FRR Backup path
Gateway of last resort is not set
L 172.16.162.1/32 is directly connected, 00:34:13, Loopback10
for ASR-2
RP/0/RSP0/CPU0:ED_MEX_2#sho route vrf OAM
Wed May 22 16:30:23.400 UTC
Codes: C - connected, S - static, R - RIP, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, - FRR Backup path
Gateway of last resort is not set
L 172.16.162.2/32 is directly connected, 00:34:47, Loopback10
i don´t know if need something on OSPF
Best Regards
05-22-2013 04:55 PM
Hi Saul,
The reason you can not ping from asr9k-1 to asr9k-2 is that you do not run mpls vpn (bgp vpnv4) between the two. What do you need that vrf for? If it just to provide connectivity between loopback interfaces for vrf OAM on asr9k-1 and 2, I do not really see the point.
Regards
05-23-2013 08:49 AM
Hi Harold
thanks for your answer, the loopbacks are for management and traffic for traps of SNMP, and would you like to be this traffic isolated for this one and only connected for this VRF, but with your observations think that we make things wrong with this.
we try to enable the Vpnv4 on BGP for the neighboar and evaluating the concept to do this.
thanks so much Harold
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide