06-13-2007 10:13 AM
Hi all
Below is my simple network
CE8--PE2---PE3---CE2 ( One VPN Green)
I am running rip between PE and CE , attached are the configs for all Routers.
Plus Ip route on the CE's and sh ip route vrf Green on both the PE's
What i am doing wrong, please have a look at the configs and advise
thanks
MM
06-13-2007 10:26 AM
The issue is that on PE3, OSPF advertises the loopback interface subnet as a /32, because the default interface type for the loopback interface is "Loopback" and LDP advertises a label for a /24 (netmask configured on the loopback interface). This mismatch causes PE2 not to have an IGP label to get to the egress PE (PE3), which breaks the l3vpn connectivity.
The solution is to change the interface loopback interface netmask on PE3 from a /24 to a /32.
06-13-2007 11:43 AM
Thanks Harold
I have changed the netmask for the loopback interface on PE3 but i still have the same problem. I seem to have routes from the PE's connecting the VPN (i.e the connected interfaces)in the MP-BGP but not the Loopbacks of the CE's.
See below, i am doing the redistribution wrong ?
PE2#sh ip route vrf Green
Routing Table: Green
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 2 subnets
B 10.23.1.0 [200/0] via 10.1.1.3, 00:13:57
C 10.82.1.0 is directly connected, FastEthernet0/0.82
PE2#sh ip bgp vpnv4 vrf Green
BGP table version is 5, local router ID is 10.1.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf Green)
*>i10.23.1.0/24 10.1.1.3 0 100 0 ?
*> 10.82.1.0/24 0.0.0.0 0 32768 ?
PE2#ping vrf Green ip 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
PE2#
PE3#sh ip route vr
PE3#sh ip route vrf Green
Routing Table: Green
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 2 subnets
C 10.23.1.0 is directly connected, FastEthernet0/0.23
B 10.82.1.0 [200/0] via 10.1.1.2, 00:14:11
PE3#sh ip bgp vpnv4 vrf Green
BGP table version is 5, local router ID is 10.1.1.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf Green)
*> 10.23.1.0/24 0.0.0.0 0 32768 ?
*>i10.82.1.0/24 10.1.1.2 0 100 0 ?
I can ping the interfaces within the VRF on the PE's but not any on the CE's
PE2#ping v
PE2#ping vrf Green ip 10.23.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.23.1.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
PE2#ping vrf Green ip 10.23.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.23.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/76/180 ms
PE2#
PE3#ping vrf Green ip 10.82.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.82.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/134/252 ms
PE3#ping vrf Green ip 10.82.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.82.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
thanks
MM
06-13-2007 12:37 PM
Pls see your PE2 and PE3 config you are missing the network statement in the RIP address family.
For a VRF specific instance you should use the network statement for that VRF in the address family VRF of RIP.
And only for Global RIP peering you should use the network statement in the RIP main process.
router rip
v2
network x.x.x.x (use this only for global peering)
address-family ipv4 vrf x
network x.x.x.x (you have to use this one for your VRF)
Here is a link as well to configure VPN with RIP as PE-CE.
http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a008009445c.shtml
HTH-Cheers,
Swaroop
06-14-2007 12:34 AM
Thanks swaroop
Your advise solved my problem
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: