Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

vpnv4 route already propagated into PE but failed to ping

Hi there,

I'm trying to figure out what can cause this such a problem during my lab testing.Here is the scenario:

CE1--PE1--P1-P2--PE2--CE2

From CE, I can ping each interface except interface facing the P.

This is apply to other PE too.But from each PE's I can VRF ping to only connected CE's.

I have already check the bgp vpnv4, the route already installed at each PE's which reflect both CE's.From the IP reachability, no problem at all. The iBGP between PE is establised.

I have already VRF ping from ingress PE1 to egress PE2 and failed, perhaps due to fail ping from CE1 to PE1 interface that is connected to P1?

Any ideas what can gone wrong?

Thanks in advance.

maher

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: vpnv4 route already propagated into PE but failed to ping

I suspected that you were right about the harware issue. That is why I asked you to run a basic ping test. I'm glad you found the problem.

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
13 REPLIES
Cisco Employee

Re: vpnv4 route already propagated into PE but failed to ping

While pinging from the PE across the MPLS cloud, make sure that you specify the source address. By default the PE will select the IP address of the first interface in that VRF (as listed in "sh ip vrf int") as its sourec IP address. If that address is not advertised to the remote PE/CE, you might have problem pinging.

When pinging from the PE to the CE, the IP address of the interface to that CE is used. That would explain why you were able to ping the directly connected CE but not the remote PE/CE.

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: vpnv4 route already propagated into PE but failed to ping

Hi,

Thanks for the info.However, I still can't ping the on PE1 interface which is connected to P1.Assume that:

CE1(10.10.10.1/24)---(10.10.10.2/24)PE1(200.200.200.1/30)-----(200.200.200.2/30)P1

I have already used extended ping but failed to ping the address 200.200.200.1 from 10.10.10.1

Thanks in advance.

maher

Cisco Employee

Re: vpnv4 route already propagated into PE but failed to ping

Maher,

Is this interface part of the VRF? From your diagram, it is the interface between the PE and P router and therfore shouldn't really be part of the VRF. Could you please clarify.

I'm glad the extended ping did it for you.

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: vpnv4 route already propagated into PE but failed to ping

Hi Hritter,

Thanks for the query.You are right.The interface between PE and P router is not part of the VRF.

Consider the following diagram below:

CE1(10.10.10.1/24)---(10.10.10.2/24)PE1(200.200.200.1/30)-----(200.200.200.2/30)P1

From the CE1, I have configured a static route pointing to 10.10.10.2 . In the PE1, I have also configured a static route:

ip route vrf vrf1 10.10.10.0 255.255.255.0 s0

But the CE1 still cannot comunicate(ping) on the inteface facing to PE and P router.

Thanks in advance.

maher

Cisco Employee

Re: vpnv4 route already propagated into PE but failed to ping

It is usually not desirable for a CE router to be able to ping an address being part of the SP core network. In your scenario the issue is that 200.200.200.0/30 is not present in the VRF table vrf1. Even if you configure a static route on the CE, the packet will be dropped once it gets to the PE. You could always allow CE1 to ping 200.200.200.1 by adding the following route in the vrf table but it won't buy you much.

ip route vrf vrf1 200.200.200.0 255.255.255.252 Serial3/0 (or whatever the interface between Pe1 and P is).

This is not used in SP configurations though.

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: vpnv4 route already propagated into PE but failed to ping

Hi again,

Thanks for the tips for SP best current practices.I have already configured to PE's using iBGP.Consider the following ascii diagram:

CE1---PE1--[MPLS-Cloud]--PE2--CE2

I suspect that it's a BGP problem:

PE1#sh ip bgp neighbors

BGP neighbor is 200.200.0.10, remote AS 100, internal link

BGP version 4, remote router ID 200.200.0.10

BGP state = Established, up for 00:19:59

Last read 00:00:59, hold time is 180, keepalive interval is 60 seconds

Neighbor capabilities:

Route refresh: advertised and received

Address family IPv4 Unicast: received

Address family VPNv4 Unicast: advertised and received

PE2#sh ip bgp summary

BGP router identifier 200.200.0.10, local AS number 100

BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

200.200.0.7 4 100 3706 3713 0 0 0 00:20:35 (NoNeg)

PE2#sh ip bgp neighbors

BGP neighbor is 200.200.0.7, remote AS 100, internal link

BGP version 4, remote router ID 200.200.0.7

BGP state = Established, up for 00:21:03

Last read 00:00:03, hold time is 180, keepalive interval is 60 seconds

Neighbor capabilities:

Route refresh: advertised and received(old & new)

Address family IPv4 Unicast: advertised

Address family VPNv4 Unicast: advertised and received

If you noticed, the is no message on PE1 when I issue command sh ip bgp summary but on the other end, it shows.What really happen actually?Perhaps due to that, the vpnv4 route already propagated but...

The reachability on the MPLS core is reachable.Maybe this prevent from CE1 to CE2 to communicate?

Thanks in advance.

maher

New Member

Re: vpnv4 route already propagated into PE but failed to ping

Hi there,

I guess, perhaps I spot an TDP break at PE2 whereby on PE1(s0) which is connected to MPLS Core:

PE1#sh tag tdp discovery

Local TDP Identifier:

200.200.0.7:0

TDP Discovery Sources:

Interfaces:

Serial0: xmit/recv

TDP Id: 61.6.0.2:0

This is an output from PE2:

PE2#sh tag tdp discovery

Local TDP Identifier:

200.200.0.10:0

TDP Discovery Sources:

Interfaces:

FastEthernet1/0: xmit

It should be xmit and recv right?If yes, how do i fix this error?

Thanks in advance.

maher

Cisco Employee

Re: vpnv4 route already propagated into PE but failed to ping

You are correct. it should be xmit/recv just like the session on PE1. Go on the interface facing PE2 and make sure "mpls ip" or "tag-switching ip" is configured. Also make sure that the protocol is configured as TDP and not LDP.

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: vpnv4 route already propagated into PE but failed to ping

Hi Hritter,

Thanks for the info.However, I have tried to solve with replacing the respective interface.Already check like tag-switching ip, ip cef and etc.And it works!

Perhaps hardware faulty?What do you think?

Regards,

maher

Cisco Employee

Re: vpnv4 route already propagated into PE but failed to ping

To see if it is faulty hardware of a configuraion issue, try to ping from one router to the other. If that works the issue is most probably with the configuration. Do you by any chance have an ACL apply between PE2 and the facing P router. Can you do a "sh tag tdp dis" on the P router and provide us with the output.

Thanks,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: vpnv4 route already propagated into PE but failed to ping

Hi Hritter,

Actually, in my implementation, there is no access-list and route-map at all.Just by swapping interface the tx and rx appears to be up.Anyway, here is my P routers sh tag tdp dis:

P2#sh tag-switching tdp discovery

Local TDP Identifier:

200.200.0.2:0

TDP Discovery Sources:

Interfaces:

Serial1: xmit/recv

TDP Id: 200.200.0.3:0

Serial2: xmit/recv

TDP Id: 200.200.0.7:0

P1#sh tag tdp dis

Local TDP Identifier:

200.200.0.3:0

TDP Discovery Sources:

Interfaces:

Serial0: xmit/recv

TDP Id: 200.200.0.1:0

Serial1: xmit/recv

TDP Id: 200.200.0.2:0

regards,

maher

Cisco Employee

Re: vpnv4 route already propagated into PE but failed to ping

I suspected that you were right about the harware issue. That is why I asked you to run a basic ping test. I'm glad you found the problem.

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: vpnv4 route already propagated into PE but failed to ping

Hi Hritter,

Thanks for you support.I really appreciate.

maher

372
Views
13
Helpful
13
Replies
CreatePlease login to create content