Trying to connect 2 PEs and one ASBR in one AS to second AS with one ASBR and one PE:
PE1 ---- PE2
One of the PEs in the AS1 running 12.2T on c3640 and as it looks like doesn't inject its neighboring PEs/ASBR tags into TFIB which makes VPN connected to it unaccessible. Second PE in the same AS1 has identical config and full Inter-AS connectivity. As well PE1 cannot get to VPN on PE2 (due to reason above). PE2 from AS2 can get to VPN on PE1 in AS1. Configs on all PEs are identical, control plane is fine so the only problem is with that 12.2 router.
How can I make it work on 12.2T PE without performing IOS upgrade ?
1) Which Inter-AS Option are you implementing as per RFC2547bis.
2) Can u show some output which you used to confirms the break in the forwarding plane and proper functionality of the control plane.
No RRs, no IGP on Inter-AS link, no redistribute connected on ASBRs. MP-eBGP
peering between ASBRs and Next-hop-self
through IPv4&VPNv4 peerings towards PEs on
I've attached some outputs and configs.
Please review and let me know if you can
see anything. Again, when all routers are
12.3/12.4 I have no issues at all it is only
that PE with 12.2T. I tested it in my lab and had similar results.
Coudn't attach PE2 from AS1 the one that runs 12.2T code .....not allowed more than 3
The output from of show ip bgp vpnv4 all and sjow mpls forwarding from your PE2-AS1 would have been very important to understand more.
Anyways, you are receiving the updates from MPBGP but the same updates are not being installed into the forwarding table ??
Some questions if this is right.
1) are you able to communicate form PE2-AS1 to other VPN's in the same AS.
2) Can u send the output of PE2-AS1 bgp vpnv4 and forwarding table.
Are your LDP or TDP sessions on the PE2 up? Note that the default distribution protocol was changed somewhere within 12.2 and 12.3 (can't remember exactly).
PE2 should have no business with the Inter-AS configuration, so I suspect that there is a problem with either TDP or LDP on the router.
It is TDP, I'll check if it is the case
What did you mean by " PE2 should have no
business with Inter-AS config" In fact it is
since VPN connected to that PE is as well
in the second AS too (since it is the same
company we're talking about ...just different sites)
What I mean by " PE2 should have no
business with Inter-AS config" is that the configuration to enable the Inter-AS configuration does not reside on the PE2, but on the ASBR. The PE does not have to support the Inter-AS feature, nor does it need any extra configuration asides what will allow it to communicate within its AS.
Absolutely agree on that....PE has nothing
to do with Inter-AS options in place so the
issue is on that specific router (PE2-AS1)
Output for PE2-AS1 attached. as you can see
the difference between the rest of the PEs
is that one has no entries for its VPNV4 neighbors in its TFIB. PE2-AS1 cannot communicate (VPN wise of course) to any other
PE within its AS and accross AS either.
All your outgoing labels are untagged. This implies that it has not recieved any labels from its neighbors. The most likely reason for this is that it has not formed any LDP/TDP adjacency with the neighbors. Confirm this with the following commands
show mpls ldp neigh
show tag tdp neigh
sh mpls ldp discovery
sh tag tdp discovery
show mpls inter
show tag inter
(I included both mpls and tag-switching commands, but they are equivalent, only that some old IOS do not have some commands).
I'll give it a shot today and see if it is
the case. Current mpls global config on 12.2 router I have is:
mpls label range 8000 8999
mpls label protocol tdp
tag-switching tdp router-id Loopback0
Which specifies tdp globally......why would I have TDP adjacencies in place when image is
12.3/12.4 and not in 12.2T regtardless of the
defaults ....since I don't use defaults in that case ?
All TDP adjacencies are in place
sh mpls ldp neighbor
Peer LDP Ident: 184.108.40.206:0; Local LDP Ident 220.127.116.11:0
TCP connection: 18.104.22.168.646 - 22.214.171.124.11033
State: Oper; Msgs sent/rcvd: 12/13; Downstream
Up time: 00:01:31
LDP discovery sources:
Ethernet1/0.34, Src IP addr: 126.96.36.199
Addresses bound to peer LDP Ident:
188.8.131.52 184.108.40.206 220.127.116.11 18.104.22.168
Peer TDP Ident: 22.214.171.124:0; Local TDP Ident 126.96.36.199:0
TCP connection: 188.8.131.52.711 - 184.108.40.206.11034
State: Oper; PIEs sent/rcvd: 5/5; Downstream
Up time: 00:01:31
TDP discovery sources:
Ethernet1/0.23, Src IP addr: 220.127.116.11
Addresses bound to peer TDP Ident:
18.104.22.168 22.214.171.124 126.96.36.199
I have seen the attachments given by you.
You can go to the ASBR-AS1 and enable this command on the interface connecting to the PE2-AS1. "mpls label protocol both"
This should solve the problem.
Do let me know.
I'll check it today soon.....and let you know
paying extra attention on LDP/TDP adjacencies
as it was expressed by other guys as well that it can be a reason of that issue.
Looks like all TDP adjacencies (ASBR and other PE run TDP) are okay so I don't see the
reason of putting both protocols in place.
Please see the attachmnet
sh mpls ldp discovery
Local LDP Identifier:
FastEthernet0/0.24 (tdp): xmit/recv
TDP Id: 188.8.131.52:0
FastEthernet0/0.34 (tdp): xmit/recv
TDP Id: 184.108.40.206:0 <- PE2-AS1
To understand the problem much better,can you take the output as below all all the PE routers.
1) show ip bgp vpnv4 all
2) show mpls forwarding
3) show mpls ldp discovery
Please execute all these commands on all the routers.
Well..You have a very peculiar scenario indeed. You dont have any IGP labels in your forwarding table.
Ok, now this scenario somewhat has no relevance with your poster INTER_AS. but anyways, you can paste in the output of
"show ip cef 220.127.116.11 detail"
"show ip cef 18.104.22.168 detail"
I guess I'm giving up on this stage now....
it looks like an obvious bug: routes are in
FIB but labels for them are not generated.
As soon as I put any other IOS higher than
12.2(11)T11 this issue is gone automatically.
Looks like most of 12.2 are afected with all
kind of MPLS related issues/bugs.....another one I've seen on 12.2T15 is when all labels
disappear from LFIB as soon as vrf NAT activated and 0.0.0.0/0 get sent over vrf
address family towards remote PEs.