MPLS ISCW lab problems

Hi,

I've been going through the MPLS labs for the ISCW and have hit an issue. The lab is from the CCNP2_lab_4_2 series.

Connectivity goes as: HQ (CE) ---> ISP1 (PE) ---> ISP2 (P) ---> ISP3 (PE) ---> BRANCH (CE)

Routes from HQ:

HQ#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 4 subnets
D 172.16.200.0
[90/3072] via 172.16.100.254, 00:12:55, GigabitEthernet1/0
D 172.16.20.0
[90/131072] via 172.16.100.254, 00:12:55, GigabitEthernet1/0
C 172.16.10.0 is directly connected, Loopback0
C 172.16.100.0 is directly connected, GigabitEthernet1/0

VRF CustomerA routers at ISP1:

ISP1#sh ip route vrf CustomerA

Routing Table: CustomerA
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 4 subnets
B 172.16.200.0 [200/0] via 10.0.3.1, 00:09:15
B 172.16.20.0 [200/130816] via 10.0.3.1, 00:09:15
D 172.16.10.0 [90/130816] via 172.16.100.1, 00:10:07, GigabitEthernet2/0
C 172.16.100.0 is directly connected, GigabitEthernet2/0[/color]

The routing is the same the opposite way apart from the obvious IP addresses being different.

I basicically cannot ping across the MPLS VPN even though i do see a route from the HQ and ISP1:

HQ#ping 172.16.20.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

ISP1#ping vrf CustomerA 172.16.20.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Why would the pings not work if the routing is ok?
With some debugging i have worked out that the (P) router is unable to route to destination 172.16.20.1. But i'm confused as there is BGP peering between the the two PE routers, so wndering why it full fail on the P.
OSPF is running between the ISP environment and the routing is fine there.

Please let me know if you would like to see the full configs or any other show outputs.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

pild

can you show as: sh ip bgp summary ???

ump001

ISP1#sh ip bgp summary
BGP router identifier 10.0.1.1, local AS number 100
BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.0.3.1 4 100 193 198 1 0 0 01:56:30 0

dtlokee

Do you have a LSP through the core for the BGP next hop address? How did you configure the peering session (loopbacks?)? It would help to know your IP addressing.

ump001

Hi,

Yes i do have LSP path through thr CORE, can ping PE to PE loopbacks.

Set is as follows:

CE ---> ISP1 (PE) ---> ISP2 (P) ---> ISP3 (PE) ---> CE2

ISP1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C 10.0.12.0/24 is directly connected, FastEthernet1/0
O 10.0.3.1/32 [110/3] via 10.0.12.2, 01:58:20, FastEthernet1/0
O 10.0.2.1/32 [110/2] via 10.0.12.2, 01:58:20, FastEthernet1/0
C 10.0.1.0/24 is directly connected, Loopback0
O 10.0.23.0/24 [110/2] via 10.0.12.2, 01:58:20, FastEthernet1/0

ISP1#sh ip int br
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES NVRAM administratively down down
FastEthernet1/0 10.0.12.1 YES NVRAM up up
FastEthernet1/1 unassigned YES NVRAM administratively down down
GigabitEthernet2/0 172.16.100.254 YES NVRAM up up
Loopback0 10.0.1.1 YES manual up up

ISP2#sh ip int br
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES NVRAM administratively down down
FastEthernet1/0 10.0.12.2 YES NVRAM up up
FastEthernet1/1 10.0.23.2 YES NVRAM up up
FastEthernet2/0 unassigned YES NVRAM administratively down down
Loopback0 10.0.2.1 YES NVRAM up up
ISP2#

ISP3#sh ip int br
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES NVRAM administratively down down
FastEthernet1/0 10.0.23.3 YES NVRAM up up
FastEthernet1/1 unassigned YES NVRAM administratively down down
GigabitEthernet2/0 172.16.200.254 YES NVRAM up up
Loopback0 10.0.3.1 YES manual up up

I have also done some debugging. Switched off ip cef at ISP1 and ISP2, then pinged CE2 from CE1, i can see that destination shows unroutable at ISP2, however i cant see any issues with my config.

I can see the routes for CE2 (172.16.20.0) at CE1 and ISP2, but cannot ping across the MVPN?

Please let me know if you would like to see the sh run's.

jezg76

I threw that lab in GNS3, which I have done a bunch of times just trying to get a feel for the process, and I did what I *always* seem to do.

It's the last step of the configuration in the lab manual but I always do the following:

router eigrp 100
redistribute bgp 100 metric 64 1000 255 1 1500

As opposed to:

router eigrp 100
address-family ipv4 vrf customer
redistribute bgp 100 metric 64 1000 255 1 1500

Any chance that happened?

Are the routes on the BRANCH (CE2) being learned?

I do notice this lab really stresses my laptop when I run it. Sometimes it makes weird things happen...

ump001

hi,

yes the redistribution has been configured under the EIGRP address family. Below is a show run of ISP2, which is mirrored on ISP3 with the obvious IP's being different, i've also included the show ip route from CE2, which also looks ok:

ISP1#sh run
Building configuration...

Current configuration : 1643 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
ip cef
!
!
ip vrf CustomerA
rd 100:1
route-target export 1:100
route-target import 1:100
!
!
!
!
!
interface Loopback0
ip address 10.0.1.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
ip address 10.0.12.1 255.255.255.0
duplex auto
speed auto
mpls ip
mpls mtu 1508
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet2/0
ip vrf forwarding CustomerA
ip address 172.16.100.254 255.255.255.0
negotiation auto
!
router eigrp 100
no auto-summary
!
address-family ipv4 vrf CustomerA
redistribute bgp 100 metric 64 1000 255 1 1500
network 10.0.0.0
network 172.16.0.0
no auto-summary
autonomous-system 1
exit-address-family
!
router ospf 1
log-adjacency-changes
network 10.0.0.0 0.255.255.255 area 0
!
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 10.0.3.1 remote-as 100
neighbor 10.0.3.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 10.0.3.1 activate
neighbor 10.0.3.1 send-community both
exit-address-family
!
address-family ipv4 vrf CustomerA
redistribute connected
redistribute eigrp 1
no synchronization
exit-address-family
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!

!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end

ISP1#

==============

BRANCH#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 4 subnets
C 172.16.200.0 is directly connected, GigabitEthernet1/0
C 172.16.20.0 is directly connected, Loopback0
D 172.16.10.0
[90/131072] via 172.16.200.254, 00:40:48, GigabitEthernet1/0
D 172.16.100.0
[90/3072] via 172.16.200.254, 00:40:48, GigabitEthernet1/0

Kinda baffled to be honest