14.4 still causing grief..

 

Hi all, I am hoping someone can shed some light as to why I
am experiencing the current behaviour. My config & show outputs look
identical to the INE solution guide, but I still cannot ping the recommended
interfaces. Is this a Dynamips behaviour? I know there has been a lot of
discussion in the past related to topic 14.4, but I can’t seem to find the
solution from those discussions. After 4 days of playing around I decided post
this, hope someone can help.  

 

The outputs are bellow;

 

 

 

------- R4 ------------

 

show command output

-----------------------

 

Rack1R4#sh bgp vpnv4 uni all | be Net

   Network          Next Hop            Metric LocPrf Weight Path

Route Distinguisher: 100:1

*>i155.1.58.0/24    150.1.5.5                0    100      0 ?

*>i155.1.67.0/24    150.1.6.6                0    100      0 ?

Route Distinguisher: 100:2

*>i155.1.5.0/24     150.1.5.5                0    100      0 ?

*>i155.1.76.0/24    150.1.6.6                0    100      0 ?

 

 

*****************************

Rack1R4#sh bgp vpnv4 uni all 155.1.76.0 255.255.255.0

BGP routing table entry for 100:2:155.1.76.0/24, version 5

Paths: (1 available, best #1, no table)

  Advertised to update-groups:

     1

  Local, (Received from a RR-client)

    150.1.6.6 (metric 2) from 150.1.6.6 (150.1.6.6)

      Origin incomplete, metric 0, localpref 100, valid, internal, best

      Extended Community: RT:100:2

      mpls labels in/out nolabel/106

******************************

 

 

Rack1R4#sh bgp vpnv4 uni all 155.1.67.0 255.255.255.0

BGP routing table entry for 100:1:155.1.67.0/24, version 4

Paths: (1 available, best #1, no table)

  Advertised to update-groups:

     1

  Local, (Received from a RR-client)

    150.1.6.6 (metric 2) from 150.1.6.6 (150.1.6.6)

      Origin incomplete, metric 0, localpref 100, valid, internal, best

      Extended Community: RT:100:1

      mpls labels in/out nolabel/105

*******************

Running Config

------------------------


Rack1R4#sh run | b r b

router bgp 100

 no bgp default ipv4-unicast

 bgp log-neighbor-changes

 neighbor 150.1.5.5 remote-as 100

 neighbor 150.1.5.5 update-source Loopback0

 neighbor 150.1.6.6 remote-as 100

 neighbor 150.1.6.6 update-source Loopback0

 !

 address-family vpnv4

 neighbor 150.1.5.5 activate

 neighbor 150.1.5.5 send-community extended

 neighbor 150.1.5.5 route-reflector-client

 neighbor 150.1.6.6 activate

 neighbor 150.1.6.6 send-community extended

 neighbor 150.1.6.6 route-reflector-client

 exit-address-family

!

 

 

------------- R5 --------------------

 

Rack1R5#sh ip vrf int

Interface              IP-Address      VRF                              Protocol

Fa0/0                  155.1.58.5      VPN_A                            up

Fa0/1                  155.1.5.5       VPN_B                            up

 

********************

Rack1R5#sh ip route vrf VPN_A | be Gat

Gateway of last resort is not set

 

     155.1.0.0/24 is subnetted, 2 subnets

C       155.1.58.0 is directly connected, FastEthernet0/0

B       155.1.67.0 [200/0] via 150.1.6.6, 00:02:22

 

**************************

Rack1R5#sh ip route vrf VPN_B | be Gat

Gateway of last resort is not set

 

     155.1.0.0/24 is subnetted, 2 subnets

C       155.1.5.0 is directly connected, FastEthernet0/1

B       155.1.76.0 [200/0] via 150.1.6.6, 00:02:26

 

**************************

Rack1R5#pin vrf VPN_A 155.1.67.6


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 155.1.67.6, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

Rack1R5#pin vrf VPN_B 155.1.76.6


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 155.1.76.6, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

*****************************

 

Rack1R5#sh ip bgp vpnv4 vrf VPN_A 155.1.67.0

BGP routing table entry for 100:1:155.1.67.0/24, version 8

Paths: (1 available, best #1, table VPN_A)

  Not advertised to any peer

  Local

    150.1.6.6 (metric 66) from 150.1.4.4 (150.1.4.4)

      Origin incomplete, metric 0, localpref 100, valid, internal, best

      Extended Community: RT:100:1

      Originator: 150.1.6.6, Cluster list: 150.1.4.4

      mpls labels in/out nolabel/105

**********************************

Rack1R5#sh mpls forw 150.1.6.6

Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop

tag    tag or VC   or Tunnel Id      switched   interface

106    102         150.1.6.6/32      0          Se1/1      point2point

*****************************

 

running config

---------------------

Rack1R5#sh run | b r b

router bgp 100

 no synchronization

 bgp log-neighbor-changes

 neighbor 150.1.4.4 remote-as 100

 neighbor 150.1.4.4 update-source Loopback0

 no auto-summary

 !

 address-family vpnv4

 neighbor 150.1.4.4 activate

 neighbor 150.1.4.4 send-community extended

 exit-address-family

 !

 address-family ipv4 vrf VPN_B

 redistribute connected

 redistribute static

 no synchronization

 exit-address-family

 !

 address-family ipv4 vrf VPN_A

 redistribute connected

 redistribute static

 no synchronization

 exit-address-family

!

 

 


------------ R6 --------------------

 

Rack1R6#sh ip route vrf VPN_A | be Gat

Gateway of last resort is not set

 

     155.1.0.0/24 is subnetted, 2 subnets

B       155.1.58.0 [200/0] via 150.1.5.5, 00:06:31

C       155.1.67.0 is directly connected, FastEthernet0/0.67

********************************************

 

Rack1R6#sh ip route vrf VPN_B | be Gat

Gateway of last resort is not set

 

     155.1.0.0/24 is subnetted, 2 subnets

B       155.1.5.0 [200/0] via 150.1.5.5, 00:06:37

C       155.1.76.0 is directly connected, FastEthernet0/0.76

*****************************

 

Rack1R6#sh run | b r b

router bgp 100

 no synchronization

 bgp log-neighbor-changes

 neighbor 150.1.4.4 remote-as 100

 neighbor 150.1.4.4 update-source Loopback0

 no auto-summary

 !

 address-family vpnv4

 neighbor 150.1.4.4 activate

 neighbor 150.1.4.4 send-community extended

 exit-address-family

 !

 address-family ipv4 vrf VPN_B

 redistribute connected

 redistribute static

 no synchronization

 exit-address-family

 !

 address-family ipv4 vrf VPN_A

 redistribute connected

 redistribute static

 no synchronization

 exit-address-family

*********************************

 

 

Comments

  • Are your previous tasks working fine? If yes then can your post the entire config?

  • As requested - here's the running config of the devices in question. 

     

    ----------- R4------------


    Building configuration...

     

    Current configuration : 2591 bytes

    !

    version 12.4

    service timestamps debug datetime msec

    service timestamps log datetime msec

    no service password-encryption

    !

    hostname Rack1R4

    !

    boot-start-marker

    boot-end-marker

    !

    enable password cisco

    !

    no aaa new-model

    memory-size iomem 5

    ip cef

    !

    !

    !

    !

    no ip domain lookup

    !         

    mpls label range 100 120

    mpls label protocol ldp

    mpls ldp neighbor 155.1.5.5 password CISCO

    mpls ldp neighbor 155.1.6.6 password CISCO

    no mpls ldp advertise-labels

    mpls ldp advertise-labels for 10

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !         

    !

    !

    !

    !

    interface Loopback0

     ip address 150.1.4.4 255.255.255.255

    !

    interface FastEthernet0/0

     ip address 204.12.1.4 255.255.255.0

     speed 100

     full-duplex

    !

    interface FastEthernet0/1

     ip address 155.1.146.4 255.255.255.0

     speed 100

     full-duplex

     mpls ldp discovery transport-address interface

     mpls ip

    !

    interface Serial1/0

     no ip address

     encapsulation frame-relay

     serial restart-delay 0

    !

    interface Serial1/0.1 point-to-point

     ip address 155.1.0.4 255.255.255.0

     ip ospf network broadcast

     frame-relay interface-dlci 405   

    !

    interface Serial1/1

     ip address 155.1.45.4 255.255.255.0

     mpls ip

     serial restart-delay 0

    !

    interface Serial1/2

     no ip address

     shutdown

     serial restart-delay 0

    !

    interface Serial1/3

     no ip address

     shutdown

     serial restart-delay 0

    !

    router ospf 1

     mpls ldp autoconfig

     router-id 150.1.4.4

     log-adjacency-changes

     network 0.0.0.0 255.255.255.255 area 0

    !

    router bgp 100

     no bgp default ipv4-unicast

     bgp log-neighbor-changes

     neighbor 150.1.5.5 remote-as 100

     neighbor 150.1.5.5 update-source Loopback0

     neighbor 150.1.6.6 remote-as 100

     neighbor 150.1.6.6 update-source Loopback0

     !

     address-family vpnv4

     neighbor 150.1.5.5 activate

     neighbor 150.1.5.5 send-community extended

     neighbor 150.1.5.5 route-reflector-client

     neighbor 150.1.6.6 activate

     neighbor 150.1.6.6 send-community extended

     neighbor 150.1.6.6 route-reflector-client

     exit-address-family

    !

    !         

    !

    ip http server

    no ip http secure-server

    !

    access-list 10 permit 150.1.0.0 0.0.255.255

    !

    !

    mpls ldp router-id Loopback0

    !

    !

    control-plane

    !

    !

    !

    !

    !

    !

    !

     

    line con 0

     exec-timeout 0 0

     privilege level 15

     logging synchronous

    line aux 0

     exec-timeout 0 0

     privilege level 15

    line vty 0 4

     password cisco

     login

    !

    !         

    end

     

    ------- R5 --------


    Building configuration...

     

    Current configuration : 2815 bytes

    !

    version 12.4

    service timestamps debug datetime msec

    service timestamps log datetime msec

    no service password-encryption

    !

    hostname Rack1R5

    !

    boot-start-marker

    boot-end-marker

    !

    enable password cisco

    !

    no aaa new-model

    memory-size iomem 5

    ip cef

    !

    !

    !

    !

    ip vrf VPN_A

     rd 100:1

     route-target export 100:1

     route-target import 100:1

    !

    ip vrf VPN_B

     rd 100:2

     route-target export 100:2

     route-target import 100:2

    !

    no ip domain lookup

    !

    mpls label range 100 120

    mpls label protocol ldp

    mpls ldp neighbor 155.1.4.4 password CISCO

    mpls ldp neighbor 155.1.6.6 password CISCO

    no mpls ldp advertise-labels

    mpls ldp request-labels for 10

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    interface Loopback0

     ip address 150.1.5.5 255.255.255.255

    !

    interface FastEthernet0/0

     ip vrf forwarding VPN_A

     ip address 155.1.58.5 255.255.255.0

     speed 100

     full-duplex

    !

    interface FastEthernet0/1

     ip vrf forwarding VPN_B

     ip address 155.1.5.5 255.255.255.0

     speed 100

     full-duplex

    !

    interface Serial1/0

     ip address 155.1.0.5 255.255.255.0

     encapsulation frame-relay

     ip ospf network broadcast

     serial restart-delay 0

     frame-relay map ip 155.1.0.1 501 broadcast

     frame-relay map ip 155.1.0.2 502 broadcast

     frame-relay map ip 155.1.0.3 503 broadcast

     frame-relay map ip 155.1.0.4 504 broadcast

    !

    interface Serial1/1

     ip address 155.1.45.5 255.255.255.0

     mpls ip

     serial restart-delay 0

    !

    interface Serial1/2

     no ip address

     shutdown

     serial restart-delay 0

    !

    interface Serial1/3

     no ip address

     shutdown

     serial restart-delay 0

    !

    router ospf 1

     router-id 150.1.5.5

     log-adjacency-changes

     network 0.0.0.0 255.255.255.255 area 0

    !

    router bgp 100

     no synchronization

     bgp log-neighbor-changes

     neighbor 150.1.4.4 remote-as 100

     neighbor 150.1.4.4 update-source Loopback0

     no auto-summary

     !

     address-family vpnv4

     neighbor 150.1.4.4 activate

     neighbor 150.1.4.4 send-community extended

     exit-address-family

     !

     address-family ipv4 vrf VPN_B

     redistribute connected

     redistribute static

     no synchronization

     exit-address-family

     !

     address-family ipv4 vrf VPN_A

     redistribute connected

     redistribute static

     no synchronization

     exit-address-family

    !

    !

    !

    ip http server

    no ip http secure-server

    !

    access-list 10 permit 150.1.0.0 0.0.255.255

    !

    !

    mpls ldp router-id Loopback0

    !

    !

    control-plane

    !

    !

    !

    !

    !

    !

    !

     

    line con 0

     exec-timeout 0 0

     privilege level 15

     logging synchronous

    line aux 0

     exec-timeout 0 0

     privilege level 15

    line vty 0 4

     password cisco

     login

    !

    !

    end

     

    -------- R6 ----------


    Building configuration...

     

    Current configuration : 3001 bytes

    !

    version 12.4

    service timestamps debug datetime msec

    service timestamps log datetime msec

    no service password-encryption

    !

    hostname Rack1R6

    !

    boot-start-marker

    boot-end-marker

    !

    enable password cisco

    !

    no aaa new-model

    memory-size iomem 5

    ip cef

    !

    !

    !

    !

    ip vrf VPN_A

     rd 100:1

     route-target export 100:1

     route-target import 100:1

    !

    ip vrf VPN_B

     rd 100:2

     route-target export 100:2

     route-target import 100:2

    !

    no ip domain lookup

    !

    mpls label range 100 120

    mpls label protocol ldp

    mpls ldp neighbor 155.1.5.5 password CISCO

    mpls ldp neighbor 155.1.4.4 password CISCO

    no mpls ldp advertise-labels

    mpls ldp advertise-labels for 10

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    interface Loopback0

     ip address 150.1.6.6 255.255.255.255

    !

    interface FastEthernet0/0

     no ip address

     speed 100

     full-duplex

    !

    interface FastEthernet0/0.67

     encapsulation dot1Q 67

     ip vrf forwarding VPN_A

     ip address 155.1.67.6 255.255.255.0

    !

    interface FastEthernet0/0.76

     encapsulation dot1Q 76

     ip vrf forwarding VPN_B

     ip address 155.1.76.6 255.255.255.0

    !

    interface FastEthernet0/0.146

     encapsulation dot1Q 146

     ip address 155.1.146.6 255.255.255.0

     mpls ldp discovery transport-address interface

     mpls ip

    !

    interface FastEthernet0/1

     no ip address

     shutdown

     duplex auto

     speed auto

    !

    interface FastEthernet0/1.146

    !

    interface Serial1/0

     ip address 54.1.1.6 255.255.255.0

     encapsulation frame-relay

     serial restart-delay 0

     frame-relay map ip 54.1.1.254 101 broadcast

     no frame-relay inverse-arp

    !

    interface Serial1/1

     no ip address

     shutdown

     serial restart-delay 0

    !

    interface Serial1/2

     no ip address

     shutdown

     serial restart-delay 0

    !

    interface Serial1/3

     no ip address

     shutdown

     serial restart-delay 0

    !

    router ospf 1

     router-id 150.1.6.6

     log-adjacency-changes

     network 0.0.0.0 255.255.255.255 area 0

    !

    router bgp 100

     no synchronization

     bgp log-neighbor-changes

     neighbor 150.1.4.4 remote-as 100

     neighbor 150.1.4.4 update-source Loopback0

     no auto-summary

     !

     address-family vpnv4

     neighbor 150.1.4.4 activate

     neighbor 150.1.4.4 send-community extended

     exit-address-family

     !

     address-family ipv4 vrf VPN_B

     redistribute connected

     redistribute static

     no synchronization

     exit-address-family

     !

     address-family ipv4 vrf VPN_A

     redistribute connected

     redistribute static

     no synchronization

     exit-address-family

    !

    !

    !

    ip http server

    no ip http secure-server

    !

    access-list 10 permit 150.1.0.0 0.0.255.255

    !

    !

    mpls ldp router-id Loopback0

    !

    !

    control-plane

    !

    !

    !

    !

    !

    !

    !

     

    line con 0

     exec-timeout 0 0

     privilege level 15

     logging synchronous

    line aux 0

     exec-timeout 0 0

     privilege level 15

    line vty 0 4

     password cisco

     login

    !

    !

    end

     

    ------ SW1 ------


    Building configuration...

     

    Current configuration : 2556 bytes

    !

    version 12.4

    service timestamps debug datetime msec

    service timestamps log datetime msec

    no service password-encryption

    !

    hostname Rack1SW1

    !

    boot-start-marker

    boot-end-marker

    !

    enable password cisco

    !

    no aaa new-model

    memory-size iomem 5

    ip cef

    !

    !

    !

    !

    ip vrf VPN_A

     rd 100:1

    !

    ip vrf VPN_B

     rd 100:2

    !

    no ip domain lookup

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    interface Loopback0

     ip address 150.1.7.7 255.255.255.0

    !

    interface Loopback101

     ip vrf forwarding VPN_A

     ip address 172.16.7.7 255.255.255.0

    !

    interface Loopback102

     ip vrf forwarding VPN_B

     ip address 192.168.7.7 255.255.255.0

    !

    interface FastEthernet0/0

     no ip address

     shutdown

     duplex auto

     speed auto

    !

    interface FastEthernet0/1

     no ip address

     shutdown

     duplex auto

     speed auto

    !

    interface FastEthernet1/0

    !

    interface FastEthernet1/1

    !

    interface FastEthernet1/2

    !

    interface FastEthernet1/3

     no switchport

     ip address 155.1.37.7 255.255.255.0

    !

    interface FastEthernet1/4

    !

    interface FastEthernet1/5

     switchport access vlan 58

     spanning-tree portfast

    !

    interface FastEthernet1/6

    !

    interface FastEthernet1/7

     switchport mode trunk

    !

    interface FastEthernet1/8

     switchport mode trunk

    !

    interface FastEthernet1/9

     switchport mode trunk

    !

    interface FastEthernet1/10

     switchport mode trunk

    !

    interface FastEthernet1/11

     switchport mode trunk

    !

    interface FastEthernet1/12

     switchport mode trunk

    !

    interface FastEthernet1/13

     switchport mode trunk

    !

    interface FastEthernet1/14

     switchport mode trunk

    !

    interface FastEthernet1/15

     switchport mode trunk

    !

    interface Vlan1

     no ip address

    !

    interface Vlan7

     ip address 155.1.7.7 255.255.255.0

    !

    interface Vlan67

     ip vrf forwarding VPN_A

     ip address 155.1.67.7 255.255.255.0

    !

    interface Vlan76

     ip vrf forwarding VPN_B

     ip address 155.1.76.7 255.255.255.0

    !

    interface Vlan79

     ip address 155.1.79.7 255.255.255.0

    !

    ip route vrf VPN_A 192.168.7.0 255.255.255.0 155.1.67.6

    ip route vrf VPN_B 172.16.7.0 255.255.255.0 155.1.76.6

    !

    !

    ip http server

    no ip http secure-server

    !

    !

    !

    !

    !

    control-plane

    !

    !

    !

    !

    !

    !

     

    line con 0

     exec-timeout 0 0

     privilege level 15

     logging synchronous

    line aux 0

    line vty 0 4

     password cisco

     login

    line vty 5 15

     password cisco

     login

    !

    !

    end

  • Assuming that all you previous tasks works fine, from your BGP config, i could only see that R4-R6 doesnt have "no bgp default ipv4-unicast" configured.

     

  • Hi,

      Based on your configuration, R5 is NOT advertising any labels, cause of the following configuration: "mpls ldp request-labels for", it should be "mpls ldp advertise-labels". Basically R5 is requesting labels for its Loopback interface and not advertising labels for it. Issue "show mpls forwarding-table on R4 and R6 and you will see an "Untagged" for R5 looback, which breaks connectivity in the MPLS VPN cloud.

    Good luck with your studies!

  • Many thanks Cristian!

     

    It's all good now. I wish I picked this problem. 

     

    Again, thank you

    Jit

  • Hi,

      No worries; work hard on config section first (do not start tshoot section/labs before you know technology), after start the tshoot and you will spot such things/errors.

    Good luck with your studies!

  • Great advice - thank you

     

    Rgds,

    Jit

  • Ahh....i didnt see that too... Thanks!

  • Thanks very much Cristian. 

     

    I spent 3 days all around the same issue. 






    image
  • Hi,

       You're mostly welcome; visit the forum more often, you may find the answer to your problems (networking related :) ) faster.

    Good luck with your studies!

  • I faced the problem here because of this command "address-family ipv4". The neighbor is activate under this command and after i delete then vpn works fine.
Sign In or Register to comment.