From Provider Router I can ping internal Customer router, opposite fails

Answered Question
Jul 20th, 2009

Hi, can someone help me determine what I am missing:

CRA router---GWA---PE2---P---NAP

From GWA I can ping NAP router OK.

From NAP router, I can ping CRA and GWA.

From CRA, ping times out to NAP.

From CRA, I did trace NAP and I see the traffic is dying on CRA interface.

However I still could not determine what is wrong. GWA routing table is complete and perfect. CRA is directly connected to GWA.

Please find attached GWA, CRA and PE2 show run.

(I am reposting this for clarity.)

I have this problem too.
0 votes
Correct Answer by Tony.henry about 7 years 6 months ago

NAP isn't PE2? is it? the redistribute connected only redistributes interfaces connected to the PE2 router, if NAP is a different router like your ascii drawing indicates to me, then it's not connected to PE2.

Tony

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
spremkumar Mon, 07/20/2009 - 19:00

Hi

Which IP address on NAP router you are trying to ping from CRA and vice versa.

regds

Tony.henry Mon, 07/20/2009 - 19:05

News2010a.

PE2 doesn't appear to have redistribution set between ISIS and BGP or BGP and ISIS.

As NAP can only be learnt from ISIS through PE2 I'd reckon that will be the problem.

HTH

Tony

news2010a Mon, 07/20/2009 - 22:13

Hi Tony Henry, when I did on PE2 the 'redistribute connected', did I not take care of that? I may be wrong though... let me try to redistribute isis into BGP and see if that improves it.

(...)

!

router bgp 1

no synchronization

bgp log-neighbor-changes

redistribute connected

(...)

Correct Answer
Tony.henry Mon, 07/20/2009 - 23:20

NAP isn't PE2? is it? the redistribute connected only redistributes interfaces connected to the PE2 router, if NAP is a different router like your ascii drawing indicates to me, then it's not connected to PE2.

Tony

Tony.henry Mon, 07/20/2009 - 23:22

while I'm at it I wouldn't mind seeing the results from a show IP route for NAP from each router, that will clarify my earlier thoughts.

Tony

news2010a Tue, 07/21/2009 - 19:15

You are right that "Provider" routers know about NAP via isis. Regarding the issue that I could not ping NAP from CRA, I did a redistribution on GWA:

!

router bgp 65001

redistribute ospf 1

!

and now I can ping NAP from CRA. It makes sense to me. However, now from NAP I can't ping CRA. That is strange. Note that NAP tells me that it knows the route to CRA. If so, do you know why I can't ping it?

PE2#show ip route nap

Routing entry for 192.168.1.1/32

Known via "isis", distance 115, metric 20, type level-2

Redistributing via isis

Last update from 192.168.1.21 on Serial0/0.1, 00:58:46 ago

Routing Descriptor Blocks:

* 192.168.1.21, from 192.168.1.1, via Serial0/0.1

Route metric is 20, traffic share count is 1

PE2#telnet nap

Trying NAP (192.168.1.1)... Open

NAP#ping cra

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 201.1.0.2, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

NAP#show ip route cra

Routing entry for 201.1.0.2/32

Known via "bgp 1", distance 200, metric 0

Tag 65001, type internal

Last update from 150.1.0.6 00:04:00 ago

Routing Descriptor Blocks:

* 150.1.0.6, from 192.168.1.5, 00:04:00 ago

Route metric is 0, traffic share count is 1

AS Hops 1

NAP#telnet pe2

Trying PE2 (192.168.1.2)... Open

PE2#telnet cra

Trying CRA (201.1.0.2)... Open

CRA#ping nap

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 236/343/452 ms

CRA#show ip route nap

% Network not in table

CRA#

news2010a Tue, 07/21/2009 - 20:21

OK, so I did on PE2:

router bgp 1

redist isis level-1-2

and now I can ping CRA from NAP router. I can also ping NAP router from CRA. Problem solved!!

The only thing I still don't understand is how come from the NAP router, I did 'show ip route CRA' and the routing information was there already even before the isis redistribution. Then I still needed to do a redist from isis into BGP 1 in order to make it work.

Any ideas?

Tony.henry Tue, 07/21/2009 - 21:26

News2010a,

Sorry haven't a clue. I can only assume that they may have been caught up in the default routing that you've got set up some how.

I'm glad it works. you could remove the redistribuiton and give us a look at the sho ip routes and trace routes so I can have a go at explaining it to you?

A question that I have is why are you running three seperate routing protocols. is this a lab that you've got somewhere?

Tony

Tony

news2010a Tue, 07/21/2009 - 22:04

Yes, it is a lab exercise. Once I get access to the lab again tomorrow I should be able to post it. Thank you.

Actions

This Discussion