Well just like Bob I was able to get this working in GNS3, however I used
my own configurations.
I'm still running BGP as PE-CE on one side, and RIPv2 as PE-CE on the
other. One thing that messed me up was that I was that I had the routes on
both sides but couldn't ping either! For me I found the issue by running
"show mpls forwarding-table" on all of my routers. What I found was that on
the last hop PE labels weren't being allocated and the outgoing interface
was "drop". The fix was to re-enable CEF on the PE router. You can see it
all below :)
Here is my topology and which routers are PE,CE,LSR.
R1 - CE
R2 - PE
R3 - LSR
R4 - LSR
R5 - PE
R6 - CE
R1---R2---R3---R4---R5---R6
The switches are transparent and irrelevant so they aren't shown.
On R2 and R5 I'm running VRF "A" with RD of 100:1.
RT's for both import/export are also 100:1
Interfaces connecting to R1 and R6 are in VRF "A"
core LSR/LSE routers will be running OSPF as IGP with ldp autoconfig
enabled to simplify MPLS configuration (I won't show this config to keep
the length of this email down)
On CE (R1) we will be running ASN 1
- We will advertise the loopback
On PE routers we will be running ASN 100
- PE to CE will EBGP peer using physical interface
- PE to PE will IBGP peer using loopbacks
On CE (R5) we will be running RIP in VRF "A"
- we will redistribute RIP into BGP and BGP into RIP
!!!!R1 CE config!!!!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
interface FastEthernet0/0
description ** CE to PE (R2) **
ip address 10.1.2.1 255.255.255.0
router bgp 1
no synchronization
bgp router-id 1.1.1.1
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 10.1.2.2 remote-as 100
no auto-summary
!!!!R2 PE config!!!!
vrf definition A
address-family ipv4
rd 100:1
route-target export 100:1
route-target import 100:1
interface FastEthernet1/0
vrf forwarding A
ip address 10.1.2.2 255.255.255.0
R2(config-if)#do ping vrf A 10.1.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.2.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 8/21/36 ms
router bgp 100
bgp router-id 2.2.2.2
bgp log-neighbor-changes
neighbor 5.5.5.5 remote-as 100
neighbor 5.5.5.5 update-source Loopback0
!
address-family ipv4
no synchronization
neighbor 5.5.5.5 activate
no auto-summary
exit-address-family
!
address-family vpnv4
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 send-community extended
exit-address-family
!
address-family ipv4 vrf A
no synchronization
neighbor 10.1.2.1 remote-as 1
neighbor 10.1.2.1 activate
exit-address-family
At this point EBGP peering between R1 and R2 is up and R2 see's R1's
loopback for VRF "A"
%BGP-5-ADJCHANGE: neighbor 10.1.2.1 vpn vrf A Up
R2#show bgp vpnv4 uni vrf A | beg Net
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf A)
*> 1.1.1.1/32 10.1.2.1 0 0 1 i
Now we will configure the other PE (R5)
!!!!R5 PE config!!!!
vrf definition A
rd 100:1
!
address-family ipv4
route-target export 100:1
route-target import 100:1
exit-address-family
interface POS2/0
vrf forwarding A
ip address 10.19.20.19 255.255.255.0
router rip
version 2
no auto-summary
!
address-family ipv4 vrf A
network 10.0.0.0
no auto-summary
redistribute bgp 100 metric transparent
version 2
exit-address-family
router bgp 100
bgp router-id 5.5.5.5
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback0
!
address-family ipv4
no synchronization
neighbor 2.2.2.2 activate
no auto-summary
exit-address-family
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf A
no synchronization
redistribute rip metric 3
exit-address-family
At this point our VPNv4 session comes up and we can see the route from R1
in RD 100:1
R5(config-router)# neighbor 2.2.2.2 upd lo0
R5(config-router)#do sh bgp vpnv4 uni rd 100:1 | beg Net
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf A)
*>i1.1.1.1/32 2.2.2.2 0 100 0 1 i
*> 10.19.20.0/24 0.0.0.0 0 32768 ?
Finally let's configure R6
!!!!R6 CE config!!!!
R6(config)#int lo0
R6(config-if)#ip address 6.6.6.6 255.255.255.255
R6(config-if)#exit
router rip
version 2
network 6.0.0.0
network 10.0.0.0
no auto-summary
Now let's verify routes and attempt to ping
R6(config)#do sh ip route rip | beg Gate
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
R 1.1.1.1 [120/1] via 10.19.20.19, 00:00:12, POS2/0
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
R 10.1.2.0/24 [120/1] via 10.19.20.19, 00:00:12, POS2/0
That looks good what about ping?
R6(config)#do ping 1.1.1.1 so lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 6.6.6.6
.....
Success rate is 0 percent (0/5)
That's not looking good what about routes on R1 the other CE?
R1#sh ip route bgp | beg Gate
Gateway of last resort is not set
6.0.0.0/32 is subnetted, 1 subnets
B 6.6.6.6 [20/0] via 10.1.2.2, 00:09:42
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
B 10.19.20.0/24 [20/0] via 10.1.2.2, 00:09:42
Looks good here as well. Ping work?
R1(config)#do ping 6.6.6.6 sour 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
...
Success rate is 0 percent (0/3)
Time to troubleshoot!! at this point I verified LDP neighbors and MPLS
forwarding tables and saw this on R5 (PE)
R5(config-router)#do sh mpls for
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 No Label 10.19.20.0/24 0 drop
17 No Label 6.6.6.6/32 0 drop
18 No Label 55.55.55.55/32 0 drop
19 No Label 4.4.4.4/32 0 drop
20 No Label 3.3.3.3/32 0 drop
21 No Label 2.2.2.2/32 0 drop
22 No Label 20.5.6.0/24 0 drop
23 No Label 20.4.6.0/24 0 drop
24 No Label 20.3.6.0/24 0 drop
25 No Label 20.2.3.0/24 0 drop
26 No Label 20.2.4.0/24 0 drop
27 No Label 20.3.4.0/24 0 drop
28 No Label 20.4.5.0/24 0 drop
R5(config-router)#
R5(config)#do sh ip cef
%IPv4 CEF not running
CEF isn't running which is a prerequisit to running MPLS/LDP. I will turn
it on and test again
R5(config)#ip cef
R5(config)#
R5(config)#do sh mpls for
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 No Label 10.19.20.0/24[V] 0 aggregate/A
17 No Label 6.6.6.6/32[V] 0 PO2/0 point2point
18 Pop Label 55.55.55.55/32 0 Fa0/0.519 20.5.19.5
19 16 4.4.4.4/32 0 Fa0/0.519 20.5.19.5
20 17 3.3.3.3/32 0 Fa0/0.519 20.5.19.5
21 18 2.2.2.2/32 0 Fa0/0.519 20.5.19.5
22 Pop Label 20.5.6.0/24 0 Fa0/0.519 20.5.19.5
23 19 20.4.6.0/24 0 Fa0/0.519 20.5.19.5
24 20 20.3.6.0/24 0 Fa0/0.519 20.5.19.5
25 21 20.2.3.0/24 0 Fa0/0.519 20.5.19.5
26 22 20.2.4.0/24 0 Fa0/0.519 20.5.19.5
27 23 20.3.4.0/24 0 Fa0/0.519 20.5.19.5
28 Pop Label 20.4.5.0/24 0 Fa0/0.519 20.5.19.5
R5(config)#
That looks better!
Can we ping from R1 to R6 and back?
R1#ping 6.6.6.6 source 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/67/112 ms
R6(config)#do ping 1.1.1.1 so 6.6.6.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 6.6.6.6
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/75/92 ms
R6(config)#
Now it's working!!
Hope this wasn't too long but I hope it helps.
Cheers!
On Fri, Feb 1, 2013 at 7:12 PM, Bob McCouch <[email protected]> wrote:
> Ed, hate to tell you man, but it worked just fine in my lab. I used your
> exact configs and worked out your P router configs in the middle. I didn't
> change a *thing* from your CE and PE configs, I just pasted them in to my
> lab.
>
> Here are my complete configs for the whole lab (plus the .net file):
>
> http://pastebin.com/HSv3Knyc
>
>
> R6#sh ver
> Cisco IOS Software, 3700 Software (C3745-ADVENTERPRISEK9-M), Version
> 12.4(15)T14, RELEASE SOFTWARE (fc2)
>
> It works:
>
> R5#show ip route
> <snip>
>
> 50.0.0.0/32 is subnetted, 1 subnets
> C 50.50.50.50 is directly connected, Loopback10
> 55.0.0.0/32 is subnetted, 1 subnets
> C 55.55.55.55 is directly connected, Loopback100
> 5.0.0.0/32 is subnetted, 1 subnets
> C 5.5.5.5 is directly connected, Loopback0
> 6.0.0.0/32 is subnetted, 1 subnets
> B 6.6.6.6 [20/0] via 10.10.45.4, 00:12:48
> 10.0.0.0/24 is subnetted, 5 subnets
> B 10.66.64.0 [20/0] via 10.10.45.4, 00:12:48
> B 10.66.65.0 [20/0] via 10.10.45.4, 00:12:48
> B 10.66.66.0 [20/0] via 10.10.45.4, 00:12:48
> B 10.10.16.0 [20/0] via 10.10.45.4, 00:12:48
> C 10.10.45.0 is directly connected, FastEthernet0/0
> R5#ping 6.6.6.6 so lo100
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
> Packet sent with a source address of 55.55.55.55
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 8/17/20 ms
>
> R5#trace ip 6.6.6.6 so lo100
>
> Type escape sequence to abort.
> Tracing the route to 6.6.6.6
>
> 1 10.10.45.4 4 msec 4 msec 8 msec
> 2 10.10.34.3 [MPLS: Labels 18/18 Exp 0] 4 msec 20 msec 16 msec
> 3 10.10.23.2 [MPLS: Labels 16/18 Exp 0] 16 msec 20 msec 20 msec
> 4 10.10.16.1 [AS 1] [MPLS: Label 18 Exp 0] 16 msec 16 msec 16 msec
> 5 10.10.16.6 [AS 1] 12 msec * 20 msec
>
>
>
> R6#show ip ro
>
> 55.0.0.0/32 is subnetted, 1 subnets
> R 55.55.55.55 [120/1] via 10.10.16.1, 00:00:24, FastEthernet0/0
> 6.0.0.0/32 is subnetted, 1 subnets
> C 6.6.6.6 is directly connected, Loopback0
> 10.0.0.0/24 is subnetted, 4 subnets
> C 10.66.64.0 is directly connected, Loopback102
> C 10.66.65.0 is directly connected, Loopback101
> C 10.66.66.0 is directly connected, Loopback100
> C 10.10.16.0 is directly connected, FastEthernet0/0
> R6#ping 55.55.55.55 so lo0
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 55.55.55.55, timeout is 2 seconds:
> Packet sent with a source address of 6.6.6.6
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 4/17/24 ms
>
> R6#trace ip 55.55.55.55 so lo0
>
> Type escape sequence to abort.
> Tracing the route to 55.55.55.55
>
> 1 10.10.16.1 4 msec 4 msec 4 msec
> 2 10.10.12.2 [MPLS: Labels 19/16 Exp 0] 0 msec 24 msec 16 msec
> 3 10.10.23.3 [MPLS: Labels 16/16 Exp 0] 12 msec 20 msec 16 msec
> 4 10.10.45.4 [MPLS: Label 16 Exp 0] 16 msec 20 msec 16 msec
> 5 10.10.45.5 16 msec * 16 msec
>
>
>
> On Fri, Feb 1, 2013 at 8:37 PM, Bodnar, Edward
> <[email protected]>wrote:
>
>> Was tinkering with static routes. Just removed it and still fails.
>>
>>
>>
>> From: Steve Di Bias [mailto:[email protected]]
>> Sent: Friday, February 01, 2013 8:33 PM
>> To: Bodnar, Edward
>> Cc: [email protected]; [email protected]
>> Subject: Re: [OSL | CCIE_RS] BGP PE - CE configuration
>>
>>
>>
>> "show ip route rip" on 6(CE)
>>
>> "show ip route bgp" on 5(CE)
>>
>>
>>
>> Post the successful pings from 6(CE) to 5(CE)
>>
>> Post the unsuccessful pings from 5(CE) to (6CE)
>>
>>
>>
>> Also 55.55.55.55 is your CE loopback on R5 so why do you have static
>> route to some other node?
>>
>>
>>
>> R5
>>
>>
>>
>> interface Loopback100
>>
>> ip address 55.55.55.55 255.255.255.255
>>
>>
>>
>> ip route 55.55.55.55 255.255.255.255 10.10.45.4
>>
>>
>>
>> On Fri, Feb 1, 2013 at 4:33 PM, Bodnar, Edward <[email protected]
>> <mailto:[email protected]>> wrote:
>>
>> So I have 6 total routers.
>>
>> RIP 6(CE)---1(PE)---2(P)---3(P)---4(PE)---5(CE) BGP
>>
>> I can ping from rip side to BGP routes. But cannot ping from BGP to rip
>> side.
>>
>>
>>
>>
>> -----Original Message-----
>> From: Tony Singh [mailto:[email protected]<mailto:
>> [email protected]>]
>> Sent: Friday, February 01, 2013 7:23 PM
>> To: Tony Singh
>>
>> Cc: Bodnar, Edward; [email protected]<mailto:
>> [email protected]>
>>
>> Subject: Re: [OSL | CCIE_RS] BGP PE - CE configuration
>>
>> Take that back, was thinking a use case at work where we have vrf
>> definitions to separate routing tables on the CE as we face PE
>>
>> Debug ip icmp
>>
>> ping vrf B 55.55.55.55
>>
>> From r4
>>
>> What happens
>>
>> As bob said check mpls ldp nei, also check not acl copp distribute or
>> filter list is in the way..
>>
>> --
>> BR
>>
>> Tony
>>
>> Sent from my iPad
>>
>> On 2 Feb 2013, at 00:01, Tony Singh <[email protected]<mailto:
>> [email protected]>> wrote:
>>
>> > Can't see vrf definition on R5 presumably your CE?
>> >
>> > --
>> > BR
>> >
>> > Tony
>> >
>> > Sent from my iPad
>> >
>> > On 1 Feb 2013, at 22:24, "Bodnar, Edward" <[email protected]
>> <mailto:[email protected]>> wrote:
>> >
>> >> I can never seem to get this to work. I can See routes end to end but
>> I am missing something when I use BGP as the PE - CE protocol. I thought
>> BGP was supposed to be the easy one J
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> I have full connectivity. And I can see routes Just can't ping.
>> >>
>> >>
>> >>
>> >> RT4:
>> >>
>> >> router bgp 1
>> >>
>> >> no bgp default ipv4-unicast
>> >>
>> >> bgp log-neighbor-changes
>> >>
>> >> neighbor 1.1.1.1 remote-as 1
>> >>
>> >> neighbor 1.1.1.1 update-source Loopback0
>> >>
>> >> neighbor 10.10.45.5 remote-as 5
>> >>
>> >> !
>> >>
>> >> address-family ipv4
>> >>
>> >> neighbor 1.1.1.1 activate
>> >>
>> >> neighbor 10.10.45.5 activate
>> >>
>> >> no auto-summary
>> >>
>> >> no synchronization
>> >>
>> >> exit-address-family
>> >>
>> >> !
>> >>
>> >> address-family vpnv4
>> >>
>> >> neighbor 1.1.1.1 activate
>> >>
>> >> neighbor 1.1.1.1 send-community both
>> >>
>> >> exit-address-family
>> >>
>> >> !
>> >>
>> >> address-family ipv4 vrf B
>> >>
>> >> neighbor 10.10.45.5 remote-as 5
>> >>
>> >> neighbor 10.10.45.5 activate
>> >>
>> >> no synchronization
>> >>
>> >> exit-address-family
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> R5(config-router)#do sh run | s bgp
>> >>
>> >> router bgp 5
>> >>
>> >> no synchronization
>> >>
>> >> bgp log-neighbor-changes
>> >>
>> >> network 55.55.55.55 mask 255.255.255.255
>> >>
>> >> neighbor 10.10.45.4 remote-as 1
>> >>
>> >> no auto-summary
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> _______________________________________________
>> >> For more information regarding industry leading CCIE Lab training,
>> please visit www.ipexpert.com<http://www.ipexpert.com>
>> >>
>> >> Are you a CCNP or CCIE and looking for a job? Check out
>> www.PlatinumPlacement.com<http://www.PlatinumPlacement.com>
>> >>
>> >> http://onlinestudylist.com/mailman/listinfo/ccie_rs
>> _______________________________________________
>> For more information regarding industry leading CCIE Lab training, please
>> visit www.ipexpert.com<http://www.ipexpert.com>
>>
>> Are you a CCNP or CCIE and looking for a job? Check out
>> www.PlatinumPlacement.com<http://www.PlatinumPlacement.com>
>>
>> http://onlinestudylist.com/mailman/listinfo/ccie_rs
>>
>>
>>
>>
>>
>>
>>
>> --
>>
>> Thank you,
>>
>>
>>
>> Steve Di Bias
>>
>> CCIE #32840
>>
>> _______________________________________________
>> For more information regarding industry leading CCIE Lab training, please
>> visit www.ipexpert.com
>>
>> Are you a CCNP or CCIE and looking for a job? Check out
>> www.PlatinumPlacement.com
>>
>> http://onlinestudylist.com/mailman/listinfo/ccie_rs
>>
>
>
--
Thank you,
Steve Di Bias
CCIE #32840
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
http://onlinestudylist.com/mailman/listinfo/ccie_rs
