BGP VPNv4 VRF routes not sent to CE router
I am having issues in a MPLS VPNv4 BGP setup where the CE is not receiving any BGP routes from the PE.
PE2 Cisco BGP config:
router bgp 1
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 update-source Loopback0
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community both
exit-address-family
!
address-family ipv4 vrf CUST-1
neighbor 10.10.20.2 remote-as 200
neighbor 10.10.20.2 activate
exit-address-family
!
CE2 Cisco BGP config:
router bgp 200
bgp log-neighbor-changes
redistribute connected
neighbor 10.10.20.1 remote-as 1
neighbor 10.10.20.1 soft-reconfiguration inbound
!
If you need more info please let me know (I can attach the full config if you want).
CE2_startup-config.cfg
PE2_startup-config.cfg
PE2 Cisco BGP config:
router bgp 1
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 update-source Loopback0
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community both
exit-address-family
!
address-family ipv4 vrf CUST-1
neighbor 10.10.20.2 remote-as 200
neighbor 10.10.20.2 activate
exit-address-family
!
CE2 Cisco BGP config:
router bgp 200
bgp log-neighbor-changes
redistribute connected
neighbor 10.10.20.1 remote-as 1
neighbor 10.10.20.1 soft-reconfiguration inbound
!
If you need more info please let me know (I can attach the full config if you want).
CE2_startup-config.cfg
PE2_startup-config.cfg
ASKER
Both VRF definitions match.
The remote PE/CE and local CE routes are on the PE's. The remote CE is not advertised to the attached CEs in the same VRF.
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
B 10.10.10.0/30 [200/0] via 1.1.1.1, 07:39:12
C 10.10.20.0/30 is directly connected, Ethernet0/0
L 10.10.20.1/32 is directly connected, Ethernet0/0
B 192.168.100.0/24 [200/0] via 1.1.1.1, 07:39:12
B 192.168.200.0/24 [20/0] via 10.10.20.2, 07:39:12
PE2#show ip cef vrf CUST-1
Prefix Next Hop Interface
0.0.0.0/0 no route
0.0.0.0/8 drop
0.0.0.0/32 receive
10.10.10.0/30 172.16.2.2 Ethernet0/1
10.10.20.0/30 attached Ethernet0/0
10.10.20.0/32 receive Ethernet0/0
10.10.20.1/32 receive Ethernet0/0
10.10.20.2/32 attached Ethernet0/0
10.10.20.3/32 receive Ethernet0/0
127.0.0.0/8 drop
192.168.100.0/24 172.16.2.2 Ethernet0/1
192.168.200.0/24 10.10.20.2 Ethernet0/0
224.0.0.0/4 drop
224.0.0.0/24 receive
240.0.0.0/4 drop
255.255.255.255/32 receive
The remote PE/CE and local CE routes are on the PE's. The remote CE is not advertised to the attached CEs in the same VRF.
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
B 10.10.10.0/30 [200/0] via 1.1.1.1, 07:39:12
C 10.10.20.0/30 is directly connected, Ethernet0/0
L 10.10.20.1/32 is directly connected, Ethernet0/0
B 192.168.100.0/24 [200/0] via 1.1.1.1, 07:39:12
B 192.168.200.0/24 [20/0] via 10.10.20.2, 07:39:12
PE2#show ip cef vrf CUST-1
Prefix Next Hop Interface
0.0.0.0/0 no route
0.0.0.0/8 drop
0.0.0.0/32 receive
10.10.10.0/30 172.16.2.2 Ethernet0/1
10.10.20.0/30 attached Ethernet0/0
10.10.20.0/32 receive Ethernet0/0
10.10.20.1/32 receive Ethernet0/0
10.10.20.2/32 attached Ethernet0/0
10.10.20.3/32 receive Ethernet0/0
127.0.0.0/8 drop
192.168.100.0/24 172.16.2.2 Ethernet0/1
192.168.200.0/24 10.10.20.2 Ethernet0/0
224.0.0.0/4 drop
224.0.0.0/24 receive
240.0.0.0/4 drop
255.255.255.255/32 receive
ASKER
PE2#show mpls ldp bindings
lib entry: 1.1.1.1/32, rev 11
local binding: label: 19
remote binding: lsr: 2.2.2.2:0, label: 19
lib entry: 2.2.2.2/32, rev 7
local binding: label: 17
remote binding: lsr: 2.2.2.2:0, label: imp-null
lib entry: 3.3.3.3/32, rev 5
local binding: label: imp-null
remote binding: lsr: 2.2.2.2:0, label: 18
lib entry: 172.16.1.0/30, rev 9
local binding: label: 18
remote binding: lsr: 2.2.2.2:0, label: imp-null
lib entry: 172.16.2.0/30, rev 3
local binding: label: imp-null
remote binding: lsr: 2.2.2.2:0, label: imp-null
PE2#trace
PE2#traceroute 1.1.1.1 so
PE2#traceroute 1.1.1.1 source 3.3.3.3
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.2.2 [MPLS: Label 19 Exp 0] 4 msec 5 msec 4 msec
2 172.16.1.1 3 msec 5 msec 1 msec
lib entry: 1.1.1.1/32, rev 11
local binding: label: 19
remote binding: lsr: 2.2.2.2:0, label: 19
lib entry: 2.2.2.2/32, rev 7
local binding: label: 17
remote binding: lsr: 2.2.2.2:0, label: imp-null
lib entry: 3.3.3.3/32, rev 5
local binding: label: imp-null
remote binding: lsr: 2.2.2.2:0, label: 18
lib entry: 172.16.1.0/30, rev 9
local binding: label: 18
remote binding: lsr: 2.2.2.2:0, label: imp-null
lib entry: 172.16.2.0/30, rev 3
local binding: label: imp-null
remote binding: lsr: 2.2.2.2:0, label: imp-null
PE2#trace
PE2#traceroute 1.1.1.1 so
PE2#traceroute 1.1.1.1 source 3.3.3.3
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.2.2 [MPLS: Label 19 Exp 0] 4 msec 5 msec 4 msec
2 172.16.1.1 3 msec 5 msec 1 msec
ASKER
PE1#show ip bgp vpnv4 vrf CUST-1
BGP table version is 21, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf CUST-1)
r> 10.10.10.0/30 10.10.10.2 0 0 200 ?
*>i 10.10.20.0/30 3.3.3.3 0 100 0 200 ?
*> 192.168.100.0 10.10.10.2 0 0 200 ?
*>i 192.168.200.0 3.3.3.3 0 100 0 200 ?
PE1#
PE2#show ip bgp vpnv4 vrf CUST-1
BGP table version is 7, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf CUST-1)
*>i 10.10.10.0/30 1.1.1.1 0 100 0 200 ?
r> 10.10.20.0/30 10.10.20.2 0 0 200 ?
*>i 192.168.100.0 1.1.1.1 0 100 0 200 ?
*> 192.168.200.0 10.10.20.2 0 0 200 ?
BGP table version is 21, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf CUST-1)
r> 10.10.10.0/30 10.10.10.2 0 0 200 ?
*>i 10.10.20.0/30 3.3.3.3 0 100 0 200 ?
*> 192.168.100.0 10.10.10.2 0 0 200 ?
*>i 192.168.200.0 3.3.3.3 0 100 0 200 ?
PE1#
PE2#show ip bgp vpnv4 vrf CUST-1
BGP table version is 7, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf CUST-1)
*>i 10.10.10.0/30 1.1.1.1 0 100 0 200 ?
r> 10.10.20.0/30 10.10.20.2 0 0 200 ?
*>i 192.168.100.0 1.1.1.1 0 100 0 200 ?
*> 192.168.200.0 10.10.20.2 0 0 200 ?
AS path on both sides is the same (the same AS number on both CE routers, loop preventing mechanism most likely is blocking route import).
Try to issue on CE routers:
(config-router)# neighbor 1.1.1.1 allowas-in
clear ip bgp *
(config-router)# neighbor 3.3.3.3 allowas-in
clear ip bgp *
Other solution could be to configure as-override on PE routers.
(config-router)#address-fa
(config-router-af)#neighbo
There is a rib failure for:
r> 10.10.20.0/30 10.10.20.2 0 0 200 ?
r> 10.10.10.0/30 10.10.10.2 0 0 200 ?
Try to issue on CE routers:
(config-router)# neighbor 1.1.1.1 allowas-in
clear ip bgp *
(config-router)# neighbor 3.3.3.3 allowas-in
clear ip bgp *
Other solution could be to configure as-override on PE routers.
(config-router)#address-fa
(config-router-af)#neighbo
There is a rib failure for:
r> 10.10.20.0/30 10.10.20.2 0 0 200 ?
r> 10.10.10.0/30 10.10.10.2 0 0 200 ?
ASKER
As this is a VIRL environment i think I am looking at a bug in the environment.
(%AMDP2_FE-6-EXCESSCOLL) on all devices (IOS 15.5 code).
And about the RIB failures, those are due to BGP announcing routes that are known with a better AD (and discarded).
(%AMDP2_FE-6-EXCESSCOLL) on all devices (IOS 15.5 code).
And about the RIB failures, those are due to BGP announcing routes that are known with a better AD (and discarded).
Just to confirm. You have double-checked the vrf assignment of the interfaces on your PE's attached to your CE's. Also when you do a traceroute on the VRF from the far end CE, it is making it to the PE router attached to the CE with the issue?
ASKER
PC-1> trace 192.168.200.10
trace to 192.168.200.10, 8 hops max, press Ctrl+C to stop
1 192.168.100.1 1.252 ms 0.252 ms 0.165 ms
2 10.10.10.1 1.293 ms 0.297 ms 0.320 ms
3 172.16.1.2 1.469 ms 0.607 ms 0.526 ms
4 10.10.20.1 1.189 ms 0.473 ms 0.557 ms
5 10.10.20.2 1.894 ms 0.955 ms 0.581 ms
6 *192.168.200.10 2.357 ms (ICMP type:3, code:3, Destination port unreachable)
PC-1>
This is an issue... it's going through the IGP and I am seeing the IGP... this should not be the case when MPLS/BGP is fully working...
trace to 192.168.200.10, 8 hops max, press Ctrl+C to stop
1 192.168.100.1 1.252 ms 0.252 ms 0.165 ms
2 10.10.10.1 1.293 ms 0.297 ms 0.320 ms
3 172.16.1.2 1.469 ms 0.607 ms 0.526 ms
4 10.10.20.1 1.189 ms 0.473 ms 0.557 ms
5 10.10.20.2 1.894 ms 0.955 ms 0.581 ms
6 *192.168.200.10 2.357 ms (ICMP type:3, code:3, Destination port unreachable)
PC-1>
This is an issue... it's going through the IGP and I am seeing the IGP... this should not be the case when MPLS/BGP is fully working...
ASKER
Hop1 = PE1 (CE router)
Hop2 = PE1 (PE1 Cust-1 VRF)
Hop3 = P1 (Core P router IGP address)
Hop4 = PE2 (Cust-1 VRF)
Hop5 = CE router
Hop6 = Should be PC-2
Hop2 = PE1 (PE1 Cust-1 VRF)
Hop3 = P1 (Core P router IGP address)
Hop4 = PE2 (Cust-1 VRF)
Hop5 = CE router
Hop6 = Should be PC-2
Are you wanting to not see the MPLS hops and just want to see a CE to CE hop? If so, you need to disable the TTL propagation in MPLS.
Keeping the TTL is good for troubleshooting though. In productions environments it's usually disabled.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
show ip route vrf CUST-1 [prefix]
show ip cef vrf CUST-1 [ip-prefix]
I don't see ldp configured on PE device, so I don't know how you advertise labels in the mpls network.
Check route distinguisher, import and export route targets do they match on both sides:
vrf definition CUST-1
rd 100:1
route-target export 1:100
route-target import 1:100
You can check your configuration against - Multiprotocol BGP MPLS VPN page 12
For way much more technology details and how to verify each step I would suggest excellent videos - MPLS L3VPN Part 2 with Narbik Kocharians