Cant ping within the VRF

Unanswered Question
Jun 13th, 2007
User Badges:

Hi all


Below is my simple network


CE8--PE2---PE3---CE2 ( One VPN Green)


I am running rip between PE and CE , attached are the configs for all Routers.


Plus Ip route on the CE's and sh ip route vrf Green on both the PE's


What i am doing wrong, please have a look at the configs and advise


thanks


MM









  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
Harold Ritter Wed, 06/13/2007 - 10:26
User Badges:
  • Cisco Employee,

The issue is that on PE3, OSPF advertises the loopback interface subnet as a /32, because the default interface type for the loopback interface is "Loopback" and LDP advertises a label for a /24 (netmask configured on the loopback interface). This mismatch causes PE2 not to have an IGP label to get to the egress PE (PE3), which breaks the l3vpn connectivity.


The solution is to change the interface loopback interface netmask on PE3 from a /24 to a /32.

emaamur2006 Wed, 06/13/2007 - 11:43
User Badges:


Thanks Harold


I have changed the netmask for the loopback interface on PE3 but i still have the same problem. I seem to have routes from the PE's connecting the VPN (i.e the connected interfaces)in the MP-BGP but not the Loopbacks of the CE's.


See below, i am doing the redistribution wrong ?


PE2#sh ip route vrf Green


Routing Table: Green

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route


Gateway of last resort is not set


10.0.0.0/24 is subnetted, 2 subnets

B 10.23.1.0 [200/0] via 10.1.1.3, 00:13:57

C 10.82.1.0 is directly connected, FastEthernet0/0.82

PE2#sh ip bgp vpnv4 vrf Green

BGP table version is 5, local router ID is 10.1.1.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete


Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 100:1 (default for vrf Green)

*>i10.23.1.0/24 10.1.1.3 0 100 0 ?

*> 10.82.1.0/24 0.0.0.0 0 32768 ?

PE2#ping vrf Green ip 2.2.2.2


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

PE2#



PE3#sh ip route vr

PE3#sh ip route vrf Green


Routing Table: Green

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route


Gateway of last resort is not set


10.0.0.0/24 is subnetted, 2 subnets

C 10.23.1.0 is directly connected, FastEthernet0/0.23

B 10.82.1.0 [200/0] via 10.1.1.2, 00:14:11

PE3#sh ip bgp vpnv4 vrf Green

BGP table version is 5, local router ID is 10.1.1.3

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete


Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 100:1 (default for vrf Green)

*> 10.23.1.0/24 0.0.0.0 0 32768 ?

*>i10.82.1.0/24 10.1.1.2 0 100 0 ?



I can ping the interfaces within the VRF on the PE's but not any on the CE's


PE2#ping v

PE2#ping vrf Green ip 10.23.1.2


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.23.1.2, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

PE2#ping vrf Green ip 10.23.1.3


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.23.1.3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 28/76/180 ms

PE2#


PE3#ping vrf Green ip 10.82.1.2


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.82.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 32/134/252 ms

PE3#ping vrf Green ip 10.82.1.1


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.82.1.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)




thanks


MM







swaroop.potdar Wed, 06/13/2007 - 12:37
User Badges:
  • Blue, 1500 points or more

Pls see your PE2 and PE3 config you are missing the network statement in the RIP address family.


For a VRF specific instance you should use the network statement for that VRF in the address family VRF of RIP.


And only for Global RIP peering you should use the network statement in the RIP main process.



router rip

v2

network x.x.x.x (use this only for global peering)


address-family ipv4 vrf x

network x.x.x.x (you have to use this one for your VRF)


Here is a link as well to configure VPN with RIP as PE-CE.


http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a008009445c.shtml


HTH-Cheers,

Swaroop

Actions

This Discussion