MPLS and VRF's

Answered Question
May 11th, 2007

Hi, I wonder can someone explain something to me. I am trying to telnet to a remote management loopback ip address in a VRF from my PC. The host ip address is I can see the packet all the way through to the CE router. The route has been added to the VRF on the router but when i check the bgp vrf table, the next hop is rather than the other end of the WAN link on the PE.

So, the tcp packet never reaches the end-device.

If I remove the host route from the VRF on this router, I can now get to the end device and when I do a traceroute, I can see the traceroute leaving the router and hitting the 1st hop on the PE.

Any idea what the means in the next hop column and where it is picking this up?




bo_Test_7204_MPLS#sh ip bgp vpnv4 vrf Test

BGP table version is 853, local router ID is

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 12641:259444 (default for vrf Astron)

*> 0 32768 ?

*> 0 32768 ?

*> 0 12641 2856 64523 i

*> 0 32768 i

r> 0 12641 2856 64523 ?

*> 0 32768 i


I have this problem too.
0 votes
Correct Answer by Harold Ritter about 9 years 5 months ago

I'm glad you found the issue.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Harold Ritter Fri, 05/11/2007 - 08:58


The simply means that the BGP prefix is originated by the local router, which should be the case here.

What is the destination IP address you are trying to telnet to?

Can you do a "show ip ro vrf Astron" to see if both the source and destination are present.

Hope this helps,

maryodriscoll Mon, 05/14/2007 - 03:30

This router sits behind a firewall. I am trying to telnet from a device to end destination router)

Schematic is :-

Host device - Customer LAN - Firewall - Router - MPLS WAN cloud - CE router

The routes do appear in the show ip ro vrf Astron. For some reason when I do a traceroute from this router, the packet never leaves the router. If I remove the static route which is pointing out the wan interface, the traceroute finally leaves the router and heads out over the WAN

plus the vrf.

Harold Ritter Mon, 05/14/2007 - 05:25


On which PE do you configure the static host route? On the far end PE (connected to CE This is really where it should be configured.

Hope this helps,

Harold Ritter Mon, 05/14/2007 - 05:41

One more thing, in relation to the diagram you provided, where does the traceroute stop when you remove the static route? The issue might be that either the remote PE or CE don't have a route back to the source ( or is this source natted?).

Hope this helps,

maryodriscoll Mon, 05/14/2007 - 06:53

Sorry, an addendum to my previous email -

Schematic is :-

Host device - Customer LAN - Firewall - CE Router - MPLS WAN cloud - CE router The is configured on the CE Router just before the MPLS WAN cloud.

Traceroute output before I remove the static route


Type escape sequence to abort.

Tracing the route to

1 * * *

2 *

When I remove the static route for, I can now see an incoming BGP route for with a next hop of This is the PE my CE Router has a BGP neighbor established with. I can now telnet to the CE Router and can ping this address from the HOst device 19.467.240.66.

*> 0 12641 2856 64523 i

bjornarsb Sat, 05/12/2007 - 08:45


When you configure the host route what have configured as next hop ?

host route is probarly invalid.

Why do you need a host route when i works useing default gateway for that vrf?

And check if the loopback that you are trying to reach is configured in the actual vrf.

Loopbacks is mostly used for BGP.




This Discussion