×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

RIP to CE (L2TP VPDN DSL Connection)

Unanswered Question
Mar 5th, 2006
User Badges:

Hi,


Just attempting to have CE advertise the LAN subnet to PE, without success.


On CE(No NAT enabled), I currently have:


!

interface Ethernet0

description LAN

ip address 192.168.1.1 255.255.255.0

no keepalive

!


!

router rip

version 2

redistribute static

network 192.168.1.0

!


#show ip rip database

0.0.0.0/0 auto-summary

0.0.0.0/0 redistributed

[1] via 0.0.0.0,

192.168.1.0/24 auto-summary

192.168.1.0/24 directly connected, Ethernet0


Then on PE:



router rip

version 2

!

address-family ipv4 vrf TEST10

redistribute bgp 17766 metric transparent

network 10.0.0.0

network 192.168.1.0

no auto-summary

version 2

exit-address-family


#show ip rip database vrf TEST10

10.0.0.0/8 auto-summary

10.0.0.0/24 directly connected, Loopback10

10.0.2.1/32 directly connected, Virtual-Access7

10.0.2.2/32 directly connected, Loopback11

10.0.3.0/24 redistributed

[1] via 203.149.76.248,

10.0.5.0/24 redistributed

[1] via 203.149.76.249,

10.0.6.0/24 redistributed

[1] via 203.149.76.250,

10.0.7.0/24 redistributed

[1] via 203.149.76.247,


PE can successfully get to CE WAN (10.0.2.1), but not the CE LAN.


Regards,

MB

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mheusinger Sun, 03/05/2006 - 23:52
User Badges:
  • Green, 3000 points or more

Hello,


you need to include the PE-CE network into your RIP processes. The config should look like:


CE:

router rip

version 2

redistribute static

network 192.168.1.0

network 10.0.0.0

no auto-summary


PE:

router rip

version 2

!

address-family ipv4 vrf TEST10

redistribute bgp 17766 metric 2

network 10.0.0.0

network 192.168.1.0

no auto-summary

version 2

exit-address-family


router bgp 17766

address-family ipv4 vrf TEST10

redistribute rip

no synchronization

no auto-summary

exit-address-family


I would also advise you to use a fixed metric, otherwise you might encounter problems, when redsitributing routes with a BGP MED larger than 15, because RIP will try to use this as hop count and find it to be "unreachable".

A helpful command for troubleshooting in this context is "show ip protocols vrf TEST10" on the PE (without vrf on the CE). You should see the other side as routing information source.


Hope this helps! Please rate all posts.


Regards, Martin

mbellears2 Mon, 03/06/2006 - 01:52
User Badges:

Thanks for the response - I now have what you suggested, but PE is still not receiving the CE LAN subnet:


PE:


ip vrf TEST10

rd 17766:10

route-target export 17766:10

route-target import 17766:10

maximum routes 256 75


router rip

version 2

!

address-family ipv4 vrf TEST10

redistribute bgp 17766 metric 2

network 10.0.0.0

network 192.168.1.0

no auto-summary

version 2

exit-address-family

!


router bgp 17766

address-family ipv4 vrf TEST10

redistribute connected

redistribute static

redistribute rip

no auto-summary

no synchronization

exit-address-family


CE:


!

router rip

version 2

redistribute static

network 10.0.0.0

network 192.168.1.0

no auto-summary

!


Then CE Rip:


test# show ip rip database

0.0.0.0/0 auto-summary

0.0.0.0/0 redistributed

[1] via 0.0.0.0,

10.0.0.0/8 auto-summary

10.0.2.1/32 directly connected, Dialer1

10.0.2.2/32 directly connected, Dialer1

192.168.1.0/24 auto-summary

192.168.1.0/24 directly connected, Ethernet0



PE Rip:


#show ip rip database vrf TEST10

10.0.0.0/8 auto-summary

10.0.0.0/24 directly connected, Loopback10

10.0.2.1/32 directly connected, Virtual-Access7

10.0.2.2/32 directly connected, Loopback11

10.0.3.0/24 redistributed

[2] via 203.149.76.248,

10.0.5.0/24 redistributed

[2] via 203.149.76.249,

10.0.6.0/24 redistributed

[2] via 203.149.76.250,

10.0.7.0/24 redistributed

[2] via 203.149.76.247,


And I'm not seeing the CE as a routing info source:(Do I have to enable rip on my VirtualTemplate?)


#show ip protocols vrf TEST10

Routing Protocol is "bgp 17766"

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

IGP synchronization is disabled

Automatic route summarization is disabled

Redistributing: connected, static, rip

Maximum path: 1

Routing Information Sources:

Gateway Distance Last Update

203.149.76.247 200 1w2d

203.149.76.245 200 3w4d

203.149.76.250 200 1w2d

203.149.76.248 200 2w5d

203.149.76.249 200 3w4d

Distance: external 20 internal 200 local 200


Routing Protocol is "rip"

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Sending updates every 30 seconds, next due in 25 seconds

Invalid after 180 seconds, hold down 180, flushed after 240

Redistributing: bgp 17766, rip

Default version control: send version 2, receive version 2

Interface Send Recv Triggered RIP Key-chain

Loopback10 2 2

Loopback11 2 2

Maximum path: 4

Routing for Networks:

10.0.0.0

192.168.1.0

Routing Information Sources:

Gateway Distance Last Update

Distance: (default is 120)



mheusinger Mon, 03/06/2006 - 07:31
User Badges:
  • Green, 3000 points or more

Hello,


my assumption was, that the network between CE and PE (namely the interface IPs) are in the range 10.0.0.0/8.

In case you have a virtual template starting connectivity between PE and CE then you should include it´s IP address as network statement.


The network statements in RIP identify the interfaces on which RIP updates should be sent and which networks to include in the updates. So make sure that the PE-CE interfaces are included.


Hope this helps! Please rate all posts.


Regards, Martin

mbellears2 Mon, 03/06/2006 - 14:25
User Badges:

Thanks again for your assistance with this.


I have added the Loopbacks IP to rip:


PE:


!

interface Virtual-Template1

description L2TP-1 Termination

ip unnumbered Loopback1

qos pre-classify

ppp authentication chap callin

!


!

interface Loopback1

description BNE-LNS-1 Interface

ip address 203.149.76.243 255.255.255.255

!


!

router rip

version 2

!

address-family ipv4 vrf TEST10

redistribute bgp 17766 metric 2

network 10.0.0.0

network 192.168.1.0

network 203.149.76.0

no auto-summary

version 2

exit-address-family

!


but still no joy in rip:


#show ip rip database vrf TEST10

10.0.0.0/8 auto-summary

10.0.0.0/24 directly connected, Loopback10

10.0.2.1/32 directly connected, Virtual-Access7

10.0.2.2/32 directly connected, Loopback11

10.0.3.0/24 redistributed

[2] via 203.149.76.248,

10.0.5.0/24 redistributed

[2] via 203.149.76.249,

10.0.6.0/24 redistributed

[2] via 203.149.76.250,

10.0.7.0/24 redistributed

[2] via 203.149.76.247,



#show ip protocols vrf TEST10

Routing Protocol is "bgp 17766"

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

IGP synchronization is disabled

Automatic route summarization is disabled

Redistributing: connected, static, rip

Maximum path: 1

Routing Information Sources:

Gateway Distance Last Update

203.149.76.247 200 1w2d

203.149.76.245 200 3w4d

203.149.76.250 200 1w3d

203.149.76.248 200 2w5d

203.149.76.249 200 3w4d

Distance: external 20 internal 200 local 200


Routing Protocol is "rip"

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Sending updates every 30 seconds, next due in 20 seconds

Invalid after 180 seconds, hold down 180, flushed after 240

Redistributing: bgp 17766, rip

Default version control: send version 2, receive version 2

Interface Send Recv Triggered RIP Key-chain

Loopback10 2 2

Loopback11 2 2

Maximum path: 4

Routing for Networks:

10.0.0.0

192.168.1.0

203.149.76.0

Routing Information Sources:

Gateway Distance Last Update

Distance: (default is 120)



Note: If I add the following static route, I can successfully get to CE LAN:


ip route vrf TEST10 192.168.1.0 255.255.255.0 10.0.2.1



Giuseppe Larosa Fri, 03/10/2006 - 08:30
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello,


you have linked virtual-template1 to loopback1, did you mean loop10 instead ?


Loop1 is a backbone interface from your configuration:


interface Loopback1

description BNE-LNS-1 Interface

ip address 203.149.76.243 255.255.255.255

!


in the RIP database for VRF TEST10 loop10, loop11 and Virtual-Access 7 are listed.


Been loop1 in the global routing table the network command under rip af vrf TEST10 is not working.

For this reason RIP messages from CE router are probably ignored and so the PE cannot learn the Customer LAN network


Hope to help


giuslar


mbellears2 Sun, 03/12/2006 - 15:01
User Badges:

Thanks for the reply - Loop10 is being assigned to DSL Int upon connection:


Radius reply attribute:


lcp:interface-config=ip vrf forwarding TEST10 \nip unnumbered Loopback10


interface Loopback10

ip vrf forwarding TEST10

ip address 10.0.0.1 255.255.255.0


So how do you suggest I modify my config so that the PE can talk rip to CE?


Regards,

MB



balajitvk Mon, 03/13/2006 - 01:42
User Badges:
  • Silver, 250 points or more

hi bell,


On the PE do u have any interface with same ip subnet of CE LAN(192.168.1.0).


If not why ur advertising that n/w from PE too.(network 192.168.1.0). Try by removing that line from rip on PE.


Hope this will help,

Rgs.

Giuseppe Larosa Tue, 03/14/2006 - 00:49
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello,

I would try to link virtual-template 1 to Loop10 instead of Loop1 so that both Virtual-Access 7 and Virtual-Template 1 are members of VRF TEST10.

Interface Virtual-Access is derived from Virtual-template 1 and from RADIUS reply and currently VT1 is a member of global routing table and the Virtual-Access is member of VRF.

This mismatch could cause the problem you see


hope to help


giuslar



mbellears2 Tue, 03/14/2006 - 03:12
User Badges:

Unfortunately I cannot link virt template to loop10 - This virt template is used for all vpdn connections (vrf + non-vrf)

Giuseppe Larosa Wed, 03/15/2006 - 00:11
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

OK I see,

But IF you are using the Virtual-Template 1 just as a Front End for PPP CHAP authentication and RADIUS reply provides L3 info for both VRF and non VRF users


THEN I would try to use "no ip address" within Virtual-template 1 configuration to give it a neutral role.


I tried this on a similar context of ISDN direct access to MPLS VPN (without using L2TP), with some users members of VRFs and other that are in the global table and for me worked (I was using eBGP sessions actually for PE-CE communication) also at the same time on multiple clients.

In my case virtual-template was without IP address and all L3 info was provided by the RADIUS server.


Another idea could be to try to use the neighbor command within rip address-family vrf TEST10 on the PE router and on the CE router rip process just to avoid any issue with multicast on the PPP over L2TP link ( RIP updates are TX/RX as unicast)


hope to help

giuslar

Actions

This Discussion