Re: MPLS VPN problem from Serdar Kut on 2011-12-11 (Ccielab archives 12/2011)

From: Serdar Kut <kutserdar_at_gmail.com>
Date: Sun, 11 Dec 2011 23:46:38 +0200

Hi Bryan,

First of all, Lo0 is not under vrf VPN_AB instance, so you can't ping them
under vrf.

You have "mpls ldp discovery transport-address interface" and "mpls label
protocol tdp" under you serial if config. any reason for that? You'd better
choose one, ldp or tdp. hence your protocol is tdp, can you get sh
tag-switching tdp discovery and sh tag-switching tdp bindings outputs and
we'll see if you have label bindings for 150.1.4.4 and 150.1.5.5. As you
know general rule for mpls vpn packet forwarding is an end to end LSP
between BGP VPNv4 peering PE nodes, even your PEs are directly connected
and PHP in place. The outer label is the one for 150.1.5.5 for R5 destined
packets and inner label is the one for 136.1.57.0. Hence R5 is next hop for
R4, PHP comes in place and your packet now has only vpnv4 label when it
goes out to R5.
enable debug mpls packet detail on both R4 and R5 to see what's happening
while you are trying ping.

And also sh ip bgp vpnv4 all tags output will let us know if VPN labels
assignments are OK.

hth
Serdar

On Sun, Dec 11, 2011 at 10:00 PM, Bryan Stair <uptown.ccie_at_gmail.com> wrote:

> Gents,
>
> Need a little help on this not sure what's wrong. I setup MPLS VPN between
> 2 routers say R4/R5. I believe I have everything setup correctly, however I
> cannot ping the vrf forwarding interfaces between the VPN. The routes are
> in the vrf routing table, but if I show cef entries for the vrf it states
> it unusable. Configs are included can a new set of eyes tell me whats
> wrong.
>
> R4
>
> ip vrf VPN_AB
> rd 100:47
> route-target export 100:47
> route-target import 100:74
> !
> interface Loopback0
> ip address 150.1.4.4 255.255.255.255
> !
> interface Ethernet0/1
> ip vrf forwarding VPN_AB
> ip address 136.1.44.4 255.255.255.0
> !
> interface Serial2/0
> ip address 136.1.245.4 255.255.255.0
> ip pim sparse-dense-mode
> encapsulation frame-relay
> ip ospf authentication message-digest
> ip ospf message-digest-key 1 md5 CISCO
> ip ospf network point-to-multipoint
> mpls ldp discovery transport-address interface
> mpls label protocol tdp
> mpls ip
> serial restart-delay 0
> frame-relay map ip 136.1.245.5 405 broadcast
> no frame-relay inverse-arp
> frame-relay lmi-type ansi
> !
> interface Serial2/1
> ip address 136.1.45.4 255.255.255.0
> encapsulation ppp
> ip ospf cost 65534
> mpls ldp discovery transport-address interface
> mpls label protocol tdp
> mpls ip
> serial restart-delay 0
> ppp authentication pap
> ppp pap sent-username R4 password 0 CISCO
> !
> router bgp 200
> no synchronization
> bgp router-id 150.1.4.4
> bgp log-neighbor-changes
> neighbor 150.1.5.5 remote-as 200
> neighbor 150.1.5.5 update-source Loopback0
> no auto-summary
> !
> address-family vpnv4
> neighbor 150.1.5.5 activate
> neighbor 150.1.5.5 send-community both
> exit-address-family
> !
> address-family ipv4 vrf VPN_AB
> redistribute connected
> no synchronization
> exit-address-family
>
> R4#sh ip route vrf VPN_AB
> Routing Table: VPN_AB
> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
> E1 - OSPF external type 1, E2 - OSPF external type 2
> i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
> ia - IS-IS inter area, * - candidate default, U - per-user static
> route
> o - ODR, P - periodic downloaded static route
> Gateway of last resort is not set
> 136.1.0.0/24 is subnetted, 2 subnets
> C 136.1.44.0 is directly connected, Ethernet0/1
> B 136.1.57.0 [200/0] via 150.1.5.5, 00:27:10
>
> R4#sh ip cef vrf VPN_AB 150.1.5.5
> 0.0.0.0/0
> no route
> R4#sh ip cef vrf VPN_AB 136.1.57.5
> 136.1.57.0/24
> nexthop 136.1.245.5 Serial2/0 unusable: no label
> R4#ping vrf VPN_AB 136.1.57.5 source e0/1
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 136.1.57.5, timeout is 2 seconds:
> Packet sent with a source address of 136.1.44.4
> .....
> Success rate is 0 percent (0/5)
>
>
> ############################################################################
>
> R5
> !
> ip vrf VPN_AB
> rd 100:47
> route-target export 100:74
> route-target import 100:47
> !
> interface Loopback0
> ip address 150.1.5.5 255.255.255.255
> !
> interface Ethernet0/1
> ip vrf forwarding VPN_AB
> ip address 136.1.57.5 255.255.255.0
> !
> interface Serial2/0.245 multipoint
> ip address 136.1.245.5 255.255.255.0
> ip ospf authentication message-digest
> ip ospf message-digest-key 1 md5 CISCO
> ip ospf network point-to-multipoint
> snmp trap link-status
> mpls ldp discovery transport-address interface
> mpls label protocol tdp
> mpls ip
> frame-relay map ip 136.1.245.2 502 broadcast
> frame-relay map ip 136.1.245.4 504 broadcast
> !
> interface Serial2/1
> ip address 136.1.45.5 255.255.255.0
> encapsulation ppp
> ip ospf cost 65534
> mpls ldp discovery transport-address interface
> mpls label protocol tdp
> mpls ip
> serial restart-delay 0
> ppp authentication pap
> ppp pap sent-username R5 password 0 CISCO
> !
> router bgp 200
> no synchronization
> bgp router-id 150.1.5.5
> bgp log-neighbor-changes
> neighbor 136.1.15.1 remote-as 100
> neighbor 136.1.245.2 remote-as 300
> neighbor 136.1.245.2 weight 100
> neighbor 150.1.4.4 remote-as 200
> neighbor 150.1.4.4 update-source Loopback0
> neighbor 192.10.1.254 remote-as 254
> neighbor 192.10.1.254 password CISCO
> no auto-summary
> !
> address-family vpnv4
> neighbor 150.1.4.4 activate
> neighbor 150.1.4.4 send-community both
> exit-address-family
> !
> address-family ipv4 vrf VPN_AB
> redistribute connected
> no synchronization
> exit-address-family
>
> R5#SH IP ROUTE VRF VPN_AB
> Routing Table: VPN_AB
> Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
> E1 - OSPF external type 1, E2 - OSPF external type 2
> i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
> ia - IS-IS inter area, * - candidate default, U - per-user static
> route
> o - ODR, P - periodic downloaded static route
> Gateway of last resort is not set
> 136.1.0.0/24 is subnetted, 2 subnets
> B 136.1.44.0 [200/0] via 150.1.4.4, 00:27:59
> C 136.1.57.0 is directly connected, Ethernet0/1
>
> R5#SH ip cef vrf VPN_AB 150.1.4.4
> 0.0.0.0/0
> no route
> R5#
> R5#
> R5#SH ip cef vrf VPN_AB 136.1.44.4
> 136.1.44.0/24
> nexthop 136.1.245.4 Serial2/0.245 unusable: no label
>
> R5#ping vrf VPN_AB 136.1.44.4 SOurce e0/1
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 136.1.44.4, timeout is 2 seconds:
> Packet sent with a source address of 136.1.57.5
> .....
> Success rate is 0 percent (0/5)
>
>
> Thanks
>
> Bryan
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Sun Dec 11 2011 - 23:46:38 ART

This archive was generated by hypermail 2.2.0 : Sun Jan 01 2012 - 08:27:00 ART