From: Alexander Arsenyev (GU/ETL) (alexander.arsenyev@ericsson.com)
Date: Wed Nov 17 2004 - 21:29:58 GMT-3
Another go:
Do You have parallel paths between R3 and R5? Please post a "show ip route 192.168.1.1"
and "show ip route 192.168.3.3" printouts from R5.
Thanks
Alex
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Dalu-Chandu, Jay
Sent: 11 November 2004 12:20
To: McCallum, Robert
Cc: comserv@groupstudy.com; ccielab@groupstudy.com; Mark Lewis; Mike
Bernico
Subject: RE: MPLS/VPN/ISIS
Robert
Relevant portions for each router config listed below. As you can see it is
very basic. What I can't work out is why received labels are not populated
into the LFIB? Let me know if you spot anything obvious?
Thanks Jay
----------------------------------------------------------------------------
---------------
hostname R1
!
ip cef
!
ip vrf cisco
rd 300:5
route-target export 300:5
route-target import 300:5
!
ip multicast-routing
mpls label protocol ldp
tag-switching tdp router-id Loopback0
!
interface Loopback0
ip address 192.168.1.1 255.255.255.255
no clns route-cache
!
interface Loopback100
ip vrf forwarding cisco
ip address 1.1.1.1 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
ip address 172.16.136.1 255.255.255.192
ip router isis
ip pim sparse-dense-mode
duplex full
standby ip 172.16.136.10
standby priority 200
standby preempt
!
interface Ethernet2/0
ip address 172.16.15.1 255.255.255.240
duplex half
no clns route-cache
!
interface Serial4/0
no ip address
encapsulation frame-relay
no frame-relay inverse-arp
frame-relay lmi-type ansi
!
interface Serial4/0.1 point-to-point
ip address 150.50.100.10 255.255.255.252
ip router isis
tag-switching ip
frame-relay interface-dlci 103
!
router isis
net 49.0001.1921.6800.1001.00
is-type level-1
area-password lab
metric-style wide
passive-interface Loopback0
!
router bgp 100
no synchronization
bgp log-neighbor-changes
timers bgp 10 30
neighbor 192.168.3.3 remote-as 100
neighbor 192.168.3.3 update-source Loopback0
neighbor 192.168.4.4 remote-as 100
neighbor 192.168.4.4 update-source Loopback0
neighbor 192.168.5.5 remote-as 100
neighbor 192.168.5.5 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 192.168.4.4 activate
neighbor 192.168.4.4 send-community extended
neighbor 192.168.5.5 activate
neighbor 192.168.5.5 send-community extended
exit-address-family
!
address-family ipv4 vrf cisco
redistribute connected
no auto-summary
no synchronization
exit-address-family
!
------------------------------------------------------------
hostname R3
!
username User_B password 0 serial
ip subnet-zero
ip cef
!
no ip domain lookup
ip multicast-routing
mpls label range 300 400
mpls label protocol ldp
tag-switching tdp router-id Loopback0
!
interface Loopback0
ip address 192.168.3.3 255.255.255.255
ip pim sparse-dense-mode
!
interface Loopback100
ip address 192.168.100.1 255.255.255.0
!
interface Loopback101
ip address 192.168.101.1 255.255.255.0
!
interface FastEthernet0/0
ip address 172.16.136.3 255.255.255.192
ip router isis
ip pim sparse-dense-mode
speed 100
full-duplex
standby ip 172.16.136.10
standby priority 210
standby preempt
standby track Serial0/3 50
!
interface Serial0/0
no ip address
encapsulation frame-relay
no frame-relay inverse-arp
frame-relay lmi-type ansi
!
interface Serial0/0.1 point-to-point
ip address 150.50.100.5 255.255.255.252
ip router isis
frame-relay interface-dlci 302
!
interface Serial0/0.2 point-to-point
ip address 150.50.100.9 255.255.255.252
ip router isis
tag-switching ip
frame-relay interface-dlci 301
!
interface Serial0/0.3 point-to-point
ip address 150.50.100.13 255.255.255.252
ip router isis
tag-switching ip
frame-relay interface-dlci 304
!
interface Serial0/3
bandwidth 128000
ip address 172.16.35.6 255.255.255.252
ip router isis
ip pim sparse-dense-mode
encapsulation ppp
tag-switching ip
clockrate 128000
ppp quality 80
ppp authentication pap
ppp pap sent-username User_A password 0 serial
!
router isis
net 49.0001.1921.6800.3003.00
area-password lab
metric-style wide
redistribute isis ip level-2 into level-1 route-map AS-loopbacks
passive-interface Loopback0
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 192.168.100.0
network 192.168.101.0
aggregate-address 192.168.100.0 255.255.254.0 summary-only
timers bgp 10 30
neighbor 192.168.1.1 remote-as 100
neighbor 192.168.1.1 update-source Loopback0
neighbor 192.168.4.4 remote-as 100
neighbor 192.168.4.4 update-source Loopback0
neighbor 192.168.5.5 remote-as 100
neighbor 192.168.5.5 update-source Loopback0
no auto-summary
!
ip classless
!
ip prefix-list match-AS-loopbacks seq 5 permit 192.168.5.5/32
route-map AS-loopbacks permit 10
match ip address prefix-list AS-loopbacks
!
------------------------------------------------------------
hostname R5
!
username User_A password 0 serial
ip subnet-zero
!
ip vrf cisco
rd 300:5
route-target export 300:5
route-target import 300:5
!
ip multicast-routing
ip cef
mpls label range 500 600
mpls label protocol ldp
tag-switching tdp router-id Loopback0
!
interface Loopback0
ip address 192.168.5.5 255.255.255.255
no clns route-cache
!
interface FastEthernet1/0
ip address 172.16.137.5 255.255.255.0
ip router isis
ip pim sparse-dense-mode
duplex full
!
interface ATM2/0
no ip address
atm uni-version 4.0
no atm ilmi-keepalive
no clns route-cache
!
interface ATM2/0.1 point-to-point
ip vrf forwarding cisco
ip address 172.16.56.5 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 5 cisco
pvc 0/32
oam-pvc manage 3
encapsulation aal5snap
protocol ip inarp
!
!
interface Ethernet3/0
ip address 172.16.15.5 255.255.255.240
duplex half
no clns route-cache
!
interface Serial4/3
bandwidth 128000
ip address 172.16.35.5 255.255.255.252
ip router isis
ip pim sparse-dense-mode
rate-limit input access-group 100 64000 16000 16000 conform-action transmit
exceed-action drop
encapsulation ppp
tag-switching ip
serial restart-delay 0
ppp quality 80
ppp authentication pap
ppp pap sent-username User_B password 0 serial
!
router ospf 6 vrf cisco
log-adjacency-changes
redistribute bgp 100 subnets
network 172.16.56.4 0.0.0.3 area 0
!
router isis
net 49.0005.0010.0d62.dc1c.00
is-type level-2-only
metric-style wide
passive-interface Loopback0
!
router bgp 100
no bgp default ipv4-unicast
bgp log-neighbor-changes
timers bgp 10 30
neighbor 192.168.1.1 remote-as 100
neighbor 192.168.1.1 update-source Loopback0
neighbor 192.168.3.3 remote-as 100
neighbor 192.168.3.3 update-source Loopback0
neighbor 192.168.4.4 remote-as 100
neighbor 192.168.4.4 update-source Loopback0
!
address-family ipv4
neighbor 192.168.1.1 activate
neighbor 192.168.3.3 activate
neighbor 192.168.4.4 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 192.168.1.1 activate
neighbor 192.168.1.1 send-community extended
neighbor 192.168.4.4 activate
neighbor 192.168.4.4 send-community extended
exit-address-family
!
address-family ipv4 vrf cisco
redistribute connected
redistribute ospf 6 match internal external 1 external 2
no auto-summary
no synchronization
exit-address-family
!
ip classless
no ip http server
!
ip pim rp-address 192.168.3.3
!
access-list 100 permit tcp any any eq www
!
-----Original Message-----
From: McCallum, Robert [mailto:robert.mccallum@thus.net]
Sent: 11 November 2004 11:23
To: Dalu-Chandu, Jay
Cc: comserv@groupstudy.com; ccielab@groupstudy.com; Mark Lewis; Mike Bernico
Subject: RE: MPLS/VPN/ISIS
Jay,
Below you speak about being unable to ping from a vrf perspective. Then
your pings show a normal mpls ping? Can you list the show mpls for vrf
whatever it is? Infact can you list your configs of each router that would
probably be easier.
Robert McCallum
CCIE #8757 R&S
01415663448
07818002241
> -----Original Message-----
> From: Dalu-Chandu, Jay [mailto:JD163604@NCR.COM]
> Sent: 11 November 2004 11:10
> To: McCallum, Robert
> Cc: comserv@groupstudy.com; ccielab@groupstudy.com; Mark Lewis; Mike
> Bernico
> Subject: RE: MPLS/VPN/ISIS
>
>
> Robert,
>
> You've seen this before I take it?
>
> R5#show mpls ldp neighbor
> Peer LDP Ident: 192.168.3.3:0; Local LDP Ident 192.168.5.5:0
> TCP connection: 192.168.3.3.646 - 192.168.5.5.11009
> State: Oper; Msgs sent/rcvd: 53/54; Downstream
> Up time: 00:31:33
> LDP discovery sources:
> Serial4/3, Src IP addr: 172.16.35.6
> Addresses bound to peer LDP Ident:
> 172.16.136.3 150.50.100.5 150.50.100.9
> 150.50.100.13
> 172.16.35.6 192.168.3.3 192.168.100.1
> 192.168.101.1
> 172.16.136.10
>
> R1#show mpls ldp neigh
> Peer LDP Ident: 192.168.3.3:0; Local LDP Ident 192.168.1.1:0
> TCP connection: 192.168.3.3.11650 - 192.168.1.1.646
> State: Oper; Msgs sent/rcvd: 33/35; Downstream
> Up time: 00:14:10
> LDP discovery sources:
> Serial4/0.1, Src IP addr: 150.50.100.9
> Addresses bound to peer LDP Ident:
> 172.16.136.3 172.16.35.6 192.168.3.3
> 192.168.100.1
> 192.168.101.1 172.16.136.10 150.50.100.5
> 150.50.100.13
> 150.50.100.9
> R1#
>
> Regards
>
> Jay
>
>
> -----Original Message-----
> From: McCallum, Robert [mailto:robert.mccallum@thus.net]
> Sent: 11 November 2004 10:30
> To: Dalu-Chandu, Jay; Mike Bernico
> Cc: comserv@groupstudy.com; ccielab@groupstudy.com; Mark Lewis
> Subject: RE: MPLS/VPN/ISIS
>
> you have a host route untagged - BAD NEWS. Can you show a show mpls
> neighbor.
>
> Robert McCallum
> CCIE #8757 R&S
> 01415663448
> 07818002241
>
> > -----Original Message-----
> > From: Dalu-Chandu, Jay [mailto:JD163604@NCR.COM]
> > Sent: 11 November 2004 09:57
> > To: Mike Bernico
> > Cc: comserv@groupstudy.com; ccielab@groupstudy.com; Mark Lewis
> > Subject: RE: MPLS/VPN/ISIS
> >
> >
> > Mike,
> >
> > Thanks for your advice. I have done all the basic checks and
> > confirmed my configuration. I have also tested this
> scenario using 3
> > different routers successfully.
> >
> > I have tried clearing the cef table and reloading R5 but the same
> > problem persists. I have noticed that labels are being
> propagated and
> > received for R1's loopback address but not installed in the
> Lfib. See
> > commands below;
> >
> > R5#show mpls ldp bindings 192.168.1.1 32
> > tib entry: 192.168.1.1/32, rev 65
> > local binding: tag: 508
> > remote binding: tsr: 192.168.3.3:0, tag: 307 R5#show mpls
> > forwarding-table 192.168.1.1
> > Local Outgoing Prefix Bytes tag Outgoing Next Hop
> > tag tag or VC or Tunnel Id switched interface
> > 508 Untagged 192.168.1.1/32 0 Se4/3
> point2point
> > R5#show ip cef 192.168.1.1
> > 192.168.1.1/32, version 47, epoch 0, cached adjacency to
> > Serial4/3 0 packets, 0 bytes
> > tag information set, shared
> > local tag: 508
> > via 172.16.35.6, Serial4/3, 1 dependency
> > next hop 172.16.35.6, Serial4/3
> > valid cached adjacency
> > tag rewrite with Se4/3, point2point, tags imposed: {}
> >
> > The mpls ping command is available and works both ways. R5#ping tag
> > 192.168.1.1
> >
> > Type escape sequence to abort.
> > Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2
> > seconds: !!!!! Success rate is 100 percent (5/5), round-trip
> > min/avg/max = 16/16/20 ms R5#
> >
> > R1#ping tag 192.168.5.5
> >
> > Type escape sequence to abort.
> > Sending 5, 100-byte ICMP Echos to 192.168.5.5, timeout is 2
> > seconds: !!!!! Success rate is 100 percent (5/5), round-trip
> > min/avg/max = 16/16/20 ms R1#
> >
> > Any further thoughts?
> >
> > Regards
> >
> > Jay
> >
> > -----Original Message-----
> > From: Mike Bernico [mailto:mbernico@illinois.net]
> > Sent: 10 November 2004 19:45
> > To: Dalu-Chandu, Jay; comserv@groupstudy.com; ccielab@groupstudy.com
> > Subject: RE: MPLS/VPN/ISIS
> >
> > Hard to say without your configs. Here are some things to try that
> > might help...
> >
> > Since you're only getting one label in your cef show
> command, you must
> > be missing one.
> >
> > Does your version of IOS support mpls ping? That definitely helps.
> > If it does, do an extended mpls ping from loopback to loopback and
> > verify you've got yourself an LSP that works.
> >
> > It sounds like you've already done the most important part,
> by making
> > sure that the exact route exists end-to-end for your loopbacks.
> >
> > Also you should probably verify the obvious stuff if you
> haven't. LDP
> > neighbors, cef on all routers, stuff like that.
> >
> > Also maybe use "show mpls forwarding-table" to check the lsp by hand
> > if you can't mpls ping.
> >
> > Ok, so then if all that works, maybe it is the label BGP sends?
> > Possibly check to make sure that neighbor x.x.x.x send-community
> > extended is turned on.
> >
> > Anyway, that's what I'd try first. Let me know what it is when you
> > find it!
> >
> > Good Luck,
> > Mike
> >
> >
> >
> >
> > -----Original Message-----
> > From: Dalu-Chandu, Jay [mailto:JD163604@NCR.COM]
> > Sent: Wednesday, November 10, 2004 11:50 AM
> > To: comserv@groupstudy.com; ccielab@groupstudy.com
> > Subject: MPLS/VPN/ISIS
> >
> > Guys,
> >
> > I have a question regarding a sample lab configuration I'm currently
> > working on. The IGP used is ISIS with two areas
> > 49.0001 and 49.0005. Within area 1 I have an L1 only
> router attached
> > to a L1L2 router, which is in turn attached to a L2 router
> in area 5.
> >
> > R1(L1)--------R3(L1/L2)----------R5(L2)
> >
> > R1 and R5 are PE routers, R3 is a P router. A BGP relationship for
> > vpnv4 has been established to the loopbacks of the PE
> devices. I can
> > see the vrf routes associated on each PE device. When I
> try to ping
> > an IP address within the vrf from R1 to R5 I see cef drops
> (debug ip
> > cef drops). I notice that no label exists for the
> next-hop-address of
> > R5 because I am only receiving the default from R3. To
> correct this I
> > route-leaked L2 into L1 for R5's loopback.
> >
> > Now I have a label and no more cef packet drops on R1. But I still
> > cannot ping. R5 complains that it does not have a parent
> tag when I
> > try pinging from there (debug ip cef drops). I also notice
> that only
> > a single label is imposed when looking at show ip cef vrf
> xxx A.B.C.D?
> > Can anyone help, am I missing something obvious?
> >
> > Regards
> >
> > Jay Dalu-Chandu
> >
> > --
> > Network Consultant (BEng, CCNP)
> > NCR UK Limited
> > Mobile: 07803231944
> > Email: jay.dalu-chandu@ncr.com
> >
> >
> _____________________________________________________________________
> > Subscription information:
> http://www.groupstudy.com/list/comserv.html
> >
> >
> ______________________________________________________________
> > _________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:47 GMT-3