cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2817
Views
8
Helpful
4
Replies

Cant ping within the VRF

emaamur2006
Level 1
Level 1

Hi all

Below is my simple network

CE8--PE2---PE3---CE2 ( One VPN Green)

I am running rip between PE and CE , attached are the configs for all Routers.

Plus Ip route on the CE's and sh ip route vrf Green on both the PE's

What i am doing wrong, please have a look at the configs and advise

thanks

MM

4 Replies 4

Harold Ritter
Cisco Employee
Cisco Employee

The issue is that on PE3, OSPF advertises the loopback interface subnet as a /32, because the default interface type for the loopback interface is "Loopback" and LDP advertises a label for a /24 (netmask configured on the loopback interface). This mismatch causes PE2 not to have an IGP label to get to the egress PE (PE3), which breaks the l3vpn connectivity.

The solution is to change the interface loopback interface netmask on PE3 from a /24 to a /32.

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Thanks Harold

I have changed the netmask for the loopback interface on PE3 but i still have the same problem. I seem to have routes from the PE's connecting the VPN (i.e the connected interfaces)in the MP-BGP but not the Loopbacks of the CE's.

See below, i am doing the redistribution wrong ?

PE2#sh ip route vrf Green

Routing Table: Green

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 2 subnets

B 10.23.1.0 [200/0] via 10.1.1.3, 00:13:57

C 10.82.1.0 is directly connected, FastEthernet0/0.82

PE2#sh ip bgp vpnv4 vrf Green

BGP table version is 5, local router ID is 10.1.1.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 100:1 (default for vrf Green)

*>i10.23.1.0/24 10.1.1.3 0 100 0 ?

*> 10.82.1.0/24 0.0.0.0 0 32768 ?

PE2#ping vrf Green ip 2.2.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

PE2#

PE3#sh ip route vr

PE3#sh ip route vrf Green

Routing Table: Green

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 2 subnets

C 10.23.1.0 is directly connected, FastEthernet0/0.23

B 10.82.1.0 [200/0] via 10.1.1.2, 00:14:11

PE3#sh ip bgp vpnv4 vrf Green

BGP table version is 5, local router ID is 10.1.1.3

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 100:1 (default for vrf Green)

*> 10.23.1.0/24 0.0.0.0 0 32768 ?

*>i10.82.1.0/24 10.1.1.2 0 100 0 ?

I can ping the interfaces within the VRF on the PE's but not any on the CE's

PE2#ping v

PE2#ping vrf Green ip 10.23.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.23.1.2, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

PE2#ping vrf Green ip 10.23.1.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.23.1.3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 28/76/180 ms

PE2#

PE3#ping vrf Green ip 10.82.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.82.1.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 32/134/252 ms

PE3#ping vrf Green ip 10.82.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.82.1.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

thanks

MM

Pls see your PE2 and PE3 config you are missing the network statement in the RIP address family.

For a VRF specific instance you should use the network statement for that VRF in the address family VRF of RIP.

And only for Global RIP peering you should use the network statement in the RIP main process.

router rip

v2

network x.x.x.x (use this only for global peering)

address-family ipv4 vrf x

network x.x.x.x (you have to use this one for your VRF)

Here is a link as well to configure VPN with RIP as PE-CE.

http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a008009445c.shtml

HTH-Cheers,

Swaroop

Thanks swaroop

Your advise solved my problem

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: