[c-nsp] juniper/cisco inter-as vpn strangeness

Chris Evans chrisccnpspam2 at gmail.com
Sun Feb 20 07:54:32 EST 2011


Try pinging with a larger mtu?  Rule that out first I would say.
On Feb 20, 2011 7:40 AM, "Rutger Bevaart" <rutger at netnova.nl> wrote:
> Hello list,
>
> I'm puzzled by the following, maybe you've seen something like this as
well.
>
> We've setup an MPLS inter-AS VPN with us being a Cisco 7200 running
12.2(33)SRE2 and the other side a Juniper with unknown JUNOS release. BGP is
used to exchange the VPN routes and MPLS labels, this appears to work
fine...
>
> Partial config from the 7200,
>
> interface GigabitEthernet0/2
> description xconnect
> ip address X.114 255.255.255.252
> media-type rj45
> speed 100
> duplex full
> no negotiation auto
> mpls bgp forwarding
> !
> router bgp AS1
> bgp router-id
> no bgp default route-target filter
> bgp log-neighbor-changes
> neighbor X.113 remote-as AS2
> neighbor X.113 description nni
> neighbor X.113 password xyz
> !
> address-family ipv4
> no synchronization
> no neighbor X.113 activate
> no auto-summary
> exit-address-family
> !
> address-family vpnv4
> neighbor X.113 activate
> neighbor X.113 send-community extended
> neighbor X.113 route-map nba-glbx-customers in
> neighbor X.113 route-map nba-glbx-customers out
> neighbor X.113 maximum-prefix 10000
> exit-address-family
> !
> !
> address-family ipv4 vrf vpn-of-customer
> no synchronization
> redistribute connected metric 100
> exit-address-family
> !
>
> Now this all seems to work fine, I'm learning the routes through BGP and
(confirmed) the other end is learning my interfaces connected in this VPN as
well with correct RT's.
>
> 7200a#show ip bgp vpnv4 all
> BGP table version is 460, local router ID is 87.238.170.180
> Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
> r RIB-failure, S Stale, m multipath, b backup-path, x best-external
> Origin codes: i - IGP, e - EGP, ? - incomplete
>
> Network Next Hop Metric LocPrf Weight Path
> Route Distinguisher: AAA:2 (default for vrf vpn-of-customer)
> *> 192.168.253.0 0.0.0.0 100 32768 ?
> *> 192.168.254.254/32
> 0.0.0.0 100 32768 ?
> *> Y.204/30 X.113 0 2 3 4 i
> *> Y.206/32 X.113 0 2 3 4 i
>
> 7200a#show ip bgp vpnv4 all Y.206
> BGP routing table entry for AS1:2:Y.206/32, version 417
> Paths: (1 available, best #1, table vpn-mechtronics)
> Not advertised to any peer
> 2 3 4, imported path from x.y.z.36:11684:Y.206/32
> X.113 from X.113 (x.y.z.w)
> Origin IGP, localpref 100, valid, external, best
> Extended Community: RT:AS1:2
> mpls labels in/out nolabel/706208
>
> Thus, route is learned properly, traffic to it across the inter-AS link
will use MPLs label 706208.
>
> Now, Y.206 is the WAN IP of a branch office router within the VPN of the
customer. I can ping it through the inter-AS link,
>
> 7200a#ping vrf vpn-of-customer Y.206
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to Y.206, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 288/289/292 ms
>
> But I cannot telnet to it?? The Inter-As peer can telnet to it from the PE
router, the Y.206 router has a vanilla config. But through the NNI this is
not working.
>
> I did a debug ip packet on the internal link used a source (192.168.253.x)
for the telnet, and it seems that the three-way handshake is not completed.
>
> 7200a#telnet Y.206 /vrf vpn-of-customer
> Trying Y.206 ...
> % Connection timed out; remote host not responding
>
> Interface output drops are not increasing, no issues on the ethernet port,
no logging that points to an issue.
>
> Anybody have a clue on what could be causing this?
>
> Partial config of the Juniper available as well off list.
>
> Regards
> Rutger
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list