5.5: Central Services VPN

Hi,

for some reason I cannot ping the loopback on R9 which is in vrf CENTRAL_SERVICES from any device. From all these devices I can get to all networks in the other VPNs, eg VRF 100, VRF200, VRF54.

The 192.168.1.0/24 network does show up in the vrf routing tables as expected and next hop/vpn/label info looks correct.

Currently I am just trying to reach the central services network 192.168.1.9 by pinging from R3 in the vrf with no luck.

I have pasted all the outputs below and double checked the configs so was wondering if anyone had issues with this part of the lab.

VRF routing table on R3
-------------------------
Routing Table: CENTRAL_SERVICES
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.30.0.0/24 is subnetted, 1 subnets
C 172.30.103.0 is directly connected, Ethernet1/0.3000
B 192.168.1.0/24 [200/0] via 150.1.9.9, 00:10:37

VPN label assigned to prefix
-----------------------------
R3#show ip bgp vpnv4 all l
Network Next Hop In label/Out label
Route Distinguisher: 12349:9 (CENTRAL_SERVICES)
172.30.103.0/24 0.0.0.0 30/aggregate(CENTRAL_SERVICES)
192.168.1.0 150.1.9.9 nolabel/16

Route or next hop which is pingable.
-----------------------------
R3#show ip route 150.1.9.9
Routing entry for 150.1.9.9/32
Known via "isis", distance 115, metric 40, type level-2
Redistributing via isis
Last update from 150.1.23.2 on Ethernet0/0, 3d18h ago
Routing Descriptor Blocks:
* 150.1.23.2, from 150.1.9.9, via Ethernet0/0
Route metric is 40, traffic share count is 1

Cef output for igp and vpn tag
-----------------------------
R3#show ip cef vrf CENTRAL_SERVICES 192.168.1.9
192.168.1.0/24, version 13, epoch 0, cached adjacency 150.1.23.2
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Et0/0, 150.1.23.2, tags imposed: {22 16}
via 150.1.9.9, 0 dependencies, recursive
next hop 150.1.23.2, Ethernet0/0 via 150.1.9.9/32
valid cached adjacency
tag rewrite with Et0/0, 150.1.23.2, tags imposed: {22 16}


Forwarding table info for next hop
-----------------------------
R3#show mpls forwarding-table 150.1.9.9
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
18 22 150.1.9.9/32 0 Et0/0 150.1.23.2


Transit router igp label for bgp next hop
-----------------------------
R2#show mpls forwarding-table | inc ^22
22 1/35 150.1.9.9/32 717065 AT2/0.1 point2point
R2#

R9 vc verfication
-----------------------------
R9#show atm vc
VCD / Peak Avg/Min Burst
Interface Name VPI VCI Type Encaps SC Kbps Kbps Cells Sts
0/0.1 25 1 35 TVC MUX UBR UP

R9#

VPN label correct.
-----------------------------
R9#show ip bgp vpnv4 all labels
Network Next Hop In label/Out label
Route Distinguisher: 12349:9 (CENTRAL_SERVICES)
192.168.1.0 0.0.0.0 16/nolabel




R9# show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id Switched interface
16 Pop Label 192.168.1.0/24[V] 0 aggregate/CENTRAL_SERVICES
19 1/35 150.1.2.2/32 0 AT0/0.1 point2point


Thx in advance

Comments

  • I found the problem, for some reason the connected network 172.30.103.3 which is in the central services vrf on R3 and configured in rip to be redistributed into bgp never made it to the CS vrf routing table on R9.

    After clearing, bouncing etc etc and not seeing it I finally removed the vrf config and reapplied it and its now there on the R9 VRF table for CS.

    Thx




Sign In or Register to comment.