Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

MPLS default route weirdness

Hello,

I currently have two ASRs back to back with MPLS enabled and an Internet service connected to the primary ASR. The internet service terminates inside of a VRF where I am receiving a default route via BGP from my ISP.

ISP(2.2.2.2/30)<--->(2.2.2.1/30)ASR1(10.10.10.1/30)<--->(10.10.10.2/30)ASR2

ASR1 Loopback = 1.1.1.1/32

ASR2 Loopback = 1.1.1.2/32

The routing table on ASR2 shows a default route via ASR1 and a summary route of my public IP range:

ASR2#show ip route vrf internet

Gateway of last resort is 10.10.10.1 to network 0.0.0.0

B*    0.0.0.0/0 [200/0] via 10.10.10.1, 00:35:33
      1.1.1.0/24 is variably subnetted, 2 subnets, 2 masks
B        1.1.1.0/24 [200/0] via 10.10.10.1, 00:35:33
C        1.1.1.2/32 is directly connected, Loopback1

However I am only able to ping ASR2s loopback (1.1.1.2) if I source the ping from ASR1s loopback (1.1.1.1) which is seen as part of a summary route, if I source the ping from ASR1s Internet facing interface (2.2.2.1) or a host on the Internet, it fails.

I can only get ping responses back if I use a source address that has a more specific route in the routing table of ASR2 than the default. If I ping an internet host from ASR

Any ideas on how to go about troubleshooting this issue? I created an access list that matched 1.1.1.2 and did a debug ip packet while I tried to ping from ASR2 to 8.8.8.8, I do not get a response but I do get output which indicates the packet is being forwarded. I ran the same debug on ASR1 at the same time but sawe no output.

Thanks,

Steve

16 REPLIES
Cisco Employee

Hi Steve,Do you have 2.2.2.1

Hi Steve,

Do you have 2.2.2.1/30 and 10.10.10.1/30 as part of same vrf in ASR1?. Can you share the configuration from ASR1 and ASR2 and routing table output from ASR1?.

 

HTH,

Nagendra

New Member

Hello Nagendra,Thanks for

Hello Nagendra,

Thanks for responding, here is the additional information:

ASR1 Configuration

ip vrf internet
 rd 65001:999
 route-target export 65001:999
 route-target import 65001:999
!
interface Loopback1
 ip vrf forwarding internet
 ip address 1.1.1.1 255.255.255.255
!
interface Loopback3100
 description ** MPLS/MP-BGP **
 ip address 10.255.255.1 255.255.255.255
!
interface Port-channel1.3100
 description ** Local Interconnect **
 encapsulation dot1Q 3100
 ip address 10.10.10.1 255.255.255.248
 mpls ip
!
interface GigabitEthernet0/0/3
 ip vrf forwarding internet
 ip address 2.2.2.1 255.255.255.252
!
ip route 10.255.255.2 255.255.255.255 10.10.10.2
!
router bgp 65001
 bgp log-neighbor-changes
 neighbor 10.255.255.2 remote-as 65001
 neighbor 10.255.255.2 update-source Loopback3100
 neighbor 10.255.255.2 send-community both
 !
 address-family vpnv4
  neighbor 10.255.255.2 activate
  neighbor 10.255.255.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf internet
  network 1.1.1.1 mask 255.255.255.255
  aggregate-address 1.1.1.0 255.255.255.0 summary-only
  neighbor 2.2.2.2 remote-as 65111
  neighbor 2.2.2.2 activate
 exit-address-family

ASR2 Configuration

ip vrf internet
 rd 65001:999
 route-target export 65001:999
 route-target import 65001:999
!
interface Loopback3100
 description ** MPLS/MP-BGP **
 ip address 10.255.255.2 255.255.255.255
!
interface Loopback1
 ip vrf forwarding internet
 ip address 1.1.1.2 255.255.255.255
!
interface Port-channel1.3100
 description ** Local Interconnect **
 encapsulation dot1Q 3100
 ip address 10.10.10.2 255.255.255.248
 mpls ip
!
ip route 10.255.255.1 255.255.255.255 10.10.10.1
!
router bgp 65001
 bgp log-neighbor-changes
 neighbor 10.255.255.1 remote-as 65001
 neighbor 10.255.255.1 update-source Loopback3100
 neighbor 10.255.255.1 send-community both
 !
 address-family vpnv4
  neighbor 10.255.255.1 activate
  neighbor 10.255.255.1 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf internet
  redistribute connected
 exit-address-family

ASR1 Routing Table (internet VRF)

Gateway of last resort is 2.2.2.2 to network 0.0.0.0

B*    0.0.0.0/0 [20/0] via 2.2.2.2, 1d20h
      2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        2.2.2.1/30 is directly connected, GigabitEthernet0/0/3
L        2.2.2.1/32 is directly connected, GigabitEthernet0/0/3
      1.1.1.0/24 is variably subnetted, 2 subnets, 2 masks
B        1.1.1.0/24 [200/0] via 0.0.0.0, 2d19h, Null0
C        1.1.1.1/32 is directly connected, Loopback1

B        1.1.1.2/32 [200/0] via 10.255.255.2, 17:22:48

ASR 2 Routing Table (internet VRF)

Gateway of last resort is 10.255.255.1 to network 0.0.0.0

B*    0.0.0.0/0 [200/0] via 10.255.255.1, 17:22:48
      1.1.1.0/24 is variably subnetted, 2 subnets, 2 masks
B        1.1.1.0/24 [200/0] via 10.255.255.1, 17:22:48
C        1.1.1.2/32 is directly connected, Loopback1

ASR1 Ping Test Results

ASR1#ping vrf internet 1.1.1.2 source loop101
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ASR1#ping vrf internet 1.1.1.2 source gig0/0/3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.1
.....
Success rate is 0 percent (0/5)

Hall of Fame Super Blue

SteveThere are a couple of

Steve

There are a couple of confusing things here.

Are the routing tables you posted the full route tables for the internet VRF ?

If so, a couple of commments -

1) you are redistributing connected on ASR2 but there is no sign of ASR2's loopback in ASR1's routing table ?

2) how is the ping working when you ping ASR2's loopback using ASR1s loopback as the source IP ?

I ask because ASR1 has no route to ASR2s loopback which would explain why when you ping an internet IP from ASR2 you see traffic leaving (because of the default route) but you don't see it coming back ie. it is getting dropped by the null0 route on ASR1.

But that doesn't explain why the ping between loopbacks is working.

So i may well be wrong but just wanted to clarify.

Jon

New Member

Hi Jon,1) I beleive ASR2 is

Hi Jon,

1) I beleive ASR2 is seeing ASR1s loopback as part of the summary because I have the aggregate-address for 1.1.1.0/24 configued on ASR1:

B        1.1.1.0/24 [200/0] via 10.255.255.1, 17:22:48

2) As above, interestingly if I configure either redistribute connected or network 2.2.2.1 mask 255.255.255.252 to ASR1s BGP process for vrf internet then I am able to ping ASR2s loopback but other hosts which would need to be routed via the default route on ASR2 still fail.

Steve

Hall of Fame Super Blue

Hi Steve1) I wasn't meaning

Hi Steve

1) I wasn't meaning ASR2 seeing ASR1's loopback because yes you have a summary route configured which ASR2 has in it's routing table.

What i meant was on ASR2 you have a redistribute connected under the BGP VRF configuration but ASR1 does not have a route for ASR2s loopback which is a connected interface so it should.

2) this has really confused me. If you look at ASR1s routing table that you posted there is no route for ASR2s loopback address so how does ASR1 know where to send it ?

I am obviously missing something here.

Jon

New Member

Hi Jon,You are not missing

Hi Jon,

You are not missing anything, I was. I neglegted to copy that route across when I posted it into the forum. Sorry about that, the route is there and I have added it into the original post.

Thanks,

Steve

Hall of Fame Super Blue

SteveThanks for that. I

Steve

Thanks for clarifying that. I thought i was going a bit mad smiley

In your original post the next hops on ASR2 are 10.10.10.1 but in the later post they are 10.255.255.1 instead.

Did you change something ?

Jon

New Member

Originally I had BGP

Originally I had BGP configured between the interface addresses of the ASRs but changed it to use loopbacks and added static routes. It didn't resolve my problem but I left the configuration using the loopbacks anyway.

steve

Hall of Fame Super Blue

SteveSo you are basically

Steve

So you are basically running MPLS between the routers without any P routers ?

Can you post a "sh mpls forwarding-table" from ASR2 ?

Jon
 

New Member

JonI am indeed running MPLS

Jon

I am indeed running MPLS between the two without any P routers. Interestingly I see no default route but I also see no entry for 1.1.1.1. The MPLS forwarding table on ASR1 likewise does not show an entry for 1.1.1.2.

ASR2#show mpls forwarding-table
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
18         Pop Label  10.255.255.1/32  0             Po1.3100   10.10.10.1
20         Pop Label  1.1.1.1.2/32[V]   \
                                       0             aggregate/internet

Hall of Fame Super Blue

SteveI have never done this

Steve

I have never done this ie. PE to PE without a P router so not sure what is going on.

Can you post the output of "sh mpls ldp bindings" so we can see what is labels are being assigned to the prefixes ?

By the way, is there a specific reason to run MPLS between the ASRs rather than just extend the VRF back to ASR2 ie. allocate the interfaces connecting the ASRs into the same VRF ?

Jon
 

Hall of Fame Super Blue

SteveIn addtion to the

Steve

In addtion to the previous output can you post a "sh mpls ldp neighbor" as well.

Jon

New Member

ASR2#sh mpls ldp bindings 

ASR2#sh mpls ldp bindings
  lib entry: 10.255.255.1/32, rev 2
        local binding:  label: 18
        remote binding: lsr: 10.255.255.1:0, label: imp-null
  lib entry: 10.255.255.2/32, rev 4
        local binding:  label: imp-null
        remote binding: lsr: 10.255.255.1:0, label: 22
  lib entry: 10.10.10.0/29, rev 6
        local binding:  label: imp-null
        remote binding: lsr: 10.255.255.1:0, label: imp-null

ASR2#show mpls ldp neighbor
    Peer LDP Ident: 10.255.255.1:0; Local LDP Ident 10.255.255.2:0
        TCP connection: 10.255.255.1.646 - 10.255.255.2.39626
        State: Oper; Msgs sent/rcvd: 2915/2914; Downstream
        Up time: 1d18h
        LDP discovery sources:
          Port-channel1.3100, Src IP addr: 10.10.10.2
        Addresses bound to peer LDP Ident:
          10.255.255.1    10.10.10.1

 

Hall of Fame Super Blue

SteveSorry to keep asking for

Steve

Sorry to keep asking for outputs but can you post "sh mpls forwarding-table vrf internet" assuming that command is available.

Jon

New Member

I am guessing the defaullt

I am guessing the defaullt route should be showing up?

ASR2#sh mpls forwarding-table vrf internet
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
20         Pop Label  1.1.1.2/32[V]   \
                                       0             aggregate/internet

Hall of Fame Super Blue

SteveTo be honest i would

Steve

To be honest i would have thought it would not just be the default but also the loopback of ASR1 which as you say is also not showing up.

Unfortunately i can't lab this up as i don't have anything to do it with.

The fact that when you ping from ASR2 to the internet and see traffic leaving but don't see anything on ASR1 suggests there is an issue with how the MPLS part is working but i can't see what it is at the moment.

I'll have a dig around to see if there is anything obvious.

Couple of questions -

1) before you set up the VPN part did you get the MPLS part working properly ?

2) i'm sure there is but is there a reason you need to run MPLS between the ASRs rather than simply allocating the interfaces connecting the ASRs into the VRF ?

Jon

112
Views
0
Helpful
16
Replies
CreatePlease to create content