Routing Over XO Communications MPLS
I was trying to help setup a site to site connection over XO Communications MPLS. I was able to get the WAN interface of site A to ping the WAN interface of site B. But it wasn't clear how I could not get connection beyond that WAN interface. The setup:
Site A [FE0/1 10.10.10.10/24 LAN, FE1/1 192.168.10.1 WAN]--------{192.168.10.2 XO Comm MPLS Cloud .. }
|||||||
Site B [FE0/1 10.10.20.10/24 LAN, FE/1/1 192.168.20.1 WAN]-------{192.168.20.2 XO Comm MPLS Cloud .. }
Site A: ip route 192.168.20.1 255.255.255.255 192.168.10.2
ip route 10.10.20.10 255.255.255.255 192.168.10.2
Site B: ip route 192.168.10.1 255.255.255.255 192.168.20.2
ip route 10.10.10.10 255.255.255.255 192.168.20.2
Site A# ping 192.168.20.1 [SUCCESS!]
Site A# ping 10.10.20.10 [FAIL]
Site B# ping 192.168.10.2 [SUCCESS!]
Site B# ping 10.10.10.10 [FAIL]
How do I fix it so that I can ping the LAN over this MPLS connection to/from either side? Does it involve setting up a routing protocol within XO? I googled for a design guide but couldn't find one. As the holiday is coming I'm not sure folks I'm trying to help will be able to make contact with their tech rep.
ps I also tried..
Site A ip route 10.10.20.10 255.255.255.255 192.168.20.1
Site B ip route 10.10.10.10 255.255.255.255 192.168.10.1
..on the hunch that perhaps site the cloud knew how to reach those directly connected points the pathing to the LAN beyond would work. But alas that didn't work either.
Site A [FE0/1 10.10.10.10/24 LAN, FE1/1 192.168.10.1 WAN]--------{192.168.10.2 XO Comm MPLS Cloud .. }
|||||||
Site B [FE0/1 10.10.20.10/24 LAN, FE/1/1 192.168.20.1 WAN]-------{192.168.20.2 XO Comm MPLS Cloud .. }
Site A: ip route 192.168.20.1 255.255.255.255 192.168.10.2
ip route 10.10.20.10 255.255.255.255 192.168.10.2
Site B: ip route 192.168.10.1 255.255.255.255 192.168.20.2
ip route 10.10.10.10 255.255.255.255 192.168.20.2
Site A# ping 192.168.20.1 [SUCCESS!]
Site A# ping 10.10.20.10 [FAIL]
Site B# ping 192.168.10.2 [SUCCESS!]
Site B# ping 10.10.10.10 [FAIL]
How do I fix it so that I can ping the LAN over this MPLS connection to/from either side? Does it involve setting up a routing protocol within XO? I googled for a design guide but couldn't find one. As the holiday is coming I'm not sure folks I'm trying to help will be able to make contact with their tech rep.
ps I also tried..
Site A ip route 10.10.20.10 255.255.255.255 192.168.20.1
Site B ip route 10.10.10.10 255.255.255.255 192.168.10.1
..on the hunch that perhaps site the cloud knew how to reach those directly connected points the pathing to the LAN beyond would work. But alas that didn't work either.
ASKER
The actual reply to the pings to the FE0/1 was UUUUU unreachable. They were definitely up as local LAN hosts could reach them.
Are you saying that having a route depending on another route would work? That is - I know how to get to 192.168.20.1 so routing to 10.10.20.1via 192.168.20.1 should work since they're on the same box?
Are you saying that having a route depending on another route would work? That is - I know how to get to 192.168.20.1 so routing to 10.10.20.1via 192.168.20.1 should work since they're on the same box?
U - typically means no route to host. Each router checks its own routing table to find path to destination. If no matching route is found in routing table packet is dropped and host unreachable message is sent.
Do traceroute to find out where ping stops and check routes on device where ping ends.
So, answer on both of your questions is: "Yes".
But, again, every router along the path checks its own routing table if destination address is present in routing table, if there is no matching route packet will be dropped along the way (or sent in the wrong direction since typically if the best matching route is default route packet will end up on internet and ISP will drop it since destination addresses are from private address space range). Since routers can ping each others WAN interface, but not inside interface problem can be routing. Also I wrote that if traffic is natted it should work, but it would work just to ping WAN interface IP address from hosts in 10.x.x.x networks from other end. In that cast without additional router configuration ping from hosts in 10.10.10.x network to hosts in 10.10.20.x network can't work without additional configuration (e.g static NAT).
Do traceroute to find out where ping stops and check routes on device where ping ends.
So, answer on both of your questions is: "Yes".
But, again, every router along the path checks its own routing table if destination address is present in routing table, if there is no matching route packet will be dropped along the way (or sent in the wrong direction since typically if the best matching route is default route packet will end up on internet and ISP will drop it since destination addresses are from private address space range). Since routers can ping each others WAN interface, but not inside interface problem can be routing. Also I wrote that if traffic is natted it should work, but it would work just to ping WAN interface IP address from hosts in 10.x.x.x networks from other end. In that cast without additional router configuration ping from hosts in 10.10.10.x network to hosts in 10.10.20.x network can't work without additional configuration (e.g static NAT).
ASKER
So I played with this a bit more..
Whether I make the next how to remote LAN the next hop in the cloud or if I make the next hop the WAN on the far side device - the answer is the same from the cloud. First hop succeed and second device says 5.5.3.50 !N !N !N !N with a traceroute. Ping gives me UUUU. I tried specifying the interface in the ping too hoping that would assure the return packet would know where to go. But still - no luck.
Probably the next step will be a GRE tunnel or some kind of dynamic routing protocol.
Whether I make the next how to remote LAN the next hop in the cloud or if I make the next hop the WAN on the far side device - the answer is the same from the cloud. First hop succeed and second device says 5.5.3.50 !N !N !N !N with a traceroute. Ping gives me UUUU. I tried specifying the interface in the ping too hoping that would assure the return packet would know where to go. But still - no luck.
Probably the next step will be a GRE tunnel or some kind of dynamic routing protocol.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for helping me think it through.
You are welcome.
static routes should be (I will assume /24 subnet):
Site A
ip route 10.10.20.0 255.255.255.0 192.168.10.2
Site B
ip route 10.10.10.0 255.255.255.0 192.168.20.2
So your static routes basically look good.
You can create tunnel between Site A and Site B to solve problem.
Also possible solution is to NAT traffic on WANs (Fe1/1).
But both of those are workarounds.
If ping is not working for 10.10.10.10 & 10.10.20.10 - what is status of the Fa0/1 interfaces????
Did you try traceroute to 10.10.10.10 & 10.10.20.10 to check where ping is lost?
There are few possible reasons:
- routers along the way do not have proper routes (MPLS Cloud routers should just forward traffic between site if those are properly configured, but if those are not it can be a problem - for ping 192.168.10.1 & 192.168.20.1 are directly connected interfaces to MPLS routers)
- ACL is blocking traffic
- interfaces that you are trying to ping are down
#sh ip interfaces brief
Fa0/1 on both devices should be in up up state
Dynamic routing can work, but it should also work with static routes.