[f-nsp] L3VPN issue

Pavel Lunin plunin at senetsy.ru
Wed Mar 6 10:29:09 EST 2013 

Hi,

I'm a bit stuck with a pretty simple L3VPN lab config on CER2024.

I mostly work with Juniper and haven't configured MPLS stuff on Brocade
for edges. Though I have, but a couple of years ago :)

I just needed a basic lab setup to test a couple of things (not the
L3VPN itself) and it turned out I can't even get it up. I see the router
receives an update from neighbor but doesn't show anything about it.
Just silently ignores it. Moreover it does not advertise and vpn routes.

I even thought it could be a license issue, but the box has advanced
premium license, and I have checked some other MPLS stuff covered with
the license (Martini VLL) and it works just fine.

> SSH at cer.lab#sho version | i Lic
> License: ADV_SVCS_PREM (LID: rXXXXXXXX)

Could someone bother to skim through my output and check whether I miss
something really simple or it rather seem to be a software issue and
should be escalated to Brocade TAC.

BTW I tried IronWare 5.3.0c, 5.4.0a and 5.4.0b. So it seems pretty
unrealistic that such basic a showstopper bug can exist in three releases.

Here are some configs and diagnostics. Sorry, I know it's a bit too long
for the list :)

VRF:
> SSH at cer.lab#sho run | beg l3vpn
> vrf l3vpn-cust-321
>  rd 65500:321
>  route-target export 65500:321
>  route-target import 65500:321
>  address-family ipv4
>    route-target export 65500:321
>    route-target import 65500:321
>  ip route 10.3.33.0/24 10.3.21.2
>  exit-address-family
> exit-vrf
>

CE facing iface:
> SSH at cer.lab#sho run interface ve 32
> interface ve 32
>  vrf forwarding l3vpn-cust-321
>  ip address 10.3.21.1/24
> !
BTW, CE-PE link is OK, pingable etc.

> SSH at cer.lab#sho ip vrf l3vpn-cust-321
> VRF l3vpn-cust-321, default RD 65500:321, Table ID 2
> Label: 500001,  Label-Switched Mode: OFF
> IP Router-Id: 10.3.21.1
>   Interfaces:
>     v32
>   Export VPN route-target communities:
>     RT:65500:321           
>   Import VPN route-target communities:
>     RT:65500:321           
>   No import route-map
>   No export route-map
>
>   Address Family IPv4
>     Max Routes: 1024
>     Number of Unicast Routes: 2
>     Export VPN route-target communities:
>     RT:65500:321           
>     Import VPN route-target communities:
>     RT:65500:321           
> SSH at cer.lab#
>
> SSH at cer.lab#sho ip route vrf l3vpn-cust-321
> Total number of IP routes: 2
> Type Codes - B:BGP D:Connected I:ISIS O:OSPF R:RIP S:Static; Cost -
> Dist/Metric
> BGP  Codes - i:iBGP e:eBGP
> ISIS Codes - L1:Level-1 L2:Level-2
> OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2 s:Sham Link
>         Destination        Gateway         Port          Cost         
> Type Uptime
> 1       10.3.21.0/24       DIRECT          ve 32         0/0          
> D    1d1h 
> 2       10.3.33.0/24       10.3.21.2       ve 32         1/1          
> S    1d1h 


BGP:
> SSH at cer.lab#show ip bgp config
> Current BGP configuration:
>
> router bgp
>  local-as 65500
>  capability as4 enable
>  neighbor 172.19.126.11 remote-as 65500
>  neighbor 172.19.126.11 update-source loopback 1
>  neighbor 172.19.126.11 soft-reconfiguration inbound
>  neighbor 172.19.126.77 remote-as 65500
>  neighbor 172.19.126.77 update-source loopback 1
>  neighbor 172.19.126.77 soft-reconfiguration inbound
>  
>  address-family ipv4 unicast
>  exit-address-family
>  
>  address-family ipv4 multicast
>  exit-address-family
>  
>  address-family ipv6 unicast
>  neighbor 172.19.126.11 activate
>  exit-address-family
>  
>  address-family ipv6 multicast
>  exit-address-family                                             
>                                                                  
>  address-family vpnv4 unicast                                    
>  neighbor 172.19.126.11 activate                                 
>  neighbor 172.19.126.11 send-community both
>  neighbor 172.19.126.77 activate
>  neighbor 172.19.126.77 send-community extended
>  exit-address-family
>  
> end of BGP configuration
Both peers are JUNOS based.

.11 is a Route Reflector, the .77 is a remote PE for this VPN. I first
started with just an RR but thought IronWare might dislike something
about Juniper's cluster ID or something and tried with a direct session.

I see the peers advertise VPN routes and CER receives it, but:
> SSH at cer.lab#show ip bgp vpnv4 summary
>   BGP4 Summary
>   Router ID: 172.19.126.55   Local AS Number: 65500
>   Confederation Identifier: not configured
>   Confederation Peers:
>   Maximum Number of IP ECMP Paths Supported for Load Sharing: 1
>   Number of Neighbors Configured: 2, UP: 2
>   Number of Routes Installed: 0
>   Number of Routes Advertising to All Neighbors: 0 (0 entries)
>   Number of Attribute Entries Installed: 0
>   Neighbor Address  AS#         State     Time     Rt:Accepted
> Filtered Sent     ToSend
>   172.19.126.11     65500       ESTAB     1d 0h20m    0       
> 0        0        0       
>   172.19.126.77     65500       ESTAB     1d 0h20m    0       
> 0        0        0       
> SSH at cer.lab#

CER does really receive the VPN updates from the peers:
> SSH at cer.lab#show deb
> Debug message destination:  SSH session 1
> Debug MAC is set to: All.
> IP Routing:
>      BGP:  bgp debugging is on
>      BGP:  updates RX debugging is on
>      BGP:  updates TX debugging is on
>      BGP:  route-selection debugging is on
>      BGP:  VPNV4 Unicast Address Family debugging is on
> SSH at cer.lab#
> SSH at cer.lab#clear ip bg nei 172.19.126.11
> SSH at cer.lab#
> SSH at cer.lab#Mar  6 13:24:43.975 BGP: BGP: 172.19.126.11  rcv UPDATE
> w/attr: Origin=IGP AS_PATH= LOCAL_PREF=100 EXTENDED_COMMUNITY= RT
> 65500:321 ORIGINATOR_ID=172.19.126.77 CLUSTER_LIST=0.0.255.220
> *NextHop=0:0:172.19.126.77 *
> Mar  6 13:24:43.975 BGP: (4): 172.19.126.11 rcv UPDATE Label=299936
> 65500:321:10.3.44.0/24
> Mar  6 13:24:43.975 BGP: (4): 172.19.126.11 rcv UPDATE Label=299920
> 65500:321:10.3.23.1/32
> SSH at cer.lab#

But no further sign of these updates:
> SSH at cer.lab#sho ip bgp vpnv4
> BGP VPNv4 Routing Table is empty
> SSH at cer.lab#sho ip bgp vpnv4
> BGP VPNv4 Routing Table is empty
>
> SSH at cer.lab#show ip bgp vpnv4 filtered-routes
> BGP has no filtered route

LSP to remote PE is up and running (mpls ping is OK, Martini VLL works
across LDP LSP, etc)

> SSH at cer.lab#show mpls lsp
> Note: LSPs marked with * are taking a Secondary Path
>                                Admin Oper  Tunnel   Up/Dn Retry Active
> Name           To              State State Intf     Times No.   Path
> 55-to-11       172.19.126.11   UP    UP    tnl0     3     0    
> --         
> 55-to-33       172.19.126.33   UP    UP    tnl1     1     0    
> --         
> 55-to-77       172.19.126.77   UP    UP    tnl2     3     0    
> --         
> 55-to-99       172.19.126.99   UP    UP    tnl3     3     0     -- 

> SSH at cer.lab#sho mpls route 172.19.126.77
> R:RSVP L:LDP S:Static O:Others
>       Destination          Gateway           Tnnl    Port   Label  Sig
> Cost Use
> 1     172.19.126.77/32     172.19.126.77     tnl2    e1/7   301216 R  
> 0    0
> 2     172.19.126.77/32     172.19.126.11     tnl5    e1/7   300960 L  
> 0    0

(Also tried LDP and RSVP only config).

Zero routes received, zero filtered, zero sent:
> SSH at cer.lab#sho ip bgp vpnv4 summary
>   BGP4 Summary
>   Router ID: 172.19.126.55   Local AS Number: 65500
>   Confederation Identifier: not configured
>   Confederation Peers:
>   Maximum Number of IP ECMP Paths Supported for Load Sharing: 1
>   Number of Neighbors Configured: 2, UP: 2
>   Number of Routes Installed: 0
>   Number of Routes Advertising to All Neighbors: 0 (0 entries)
>   Number of Attribute Entries Installed: 0
>   Neighbor Address  AS#         State     Time     Rt:Accepted
> Filtered Sent     ToSend
>   172.19.126.11     65500       ESTAB     0h 0m57s    0       
> 0        0        0       
>   172.19.126.77     65500       ESTAB     1d 0h21m    0       
> 0        0        0       

At the same time plain IP and IPv6 routes are received through the same
iBGP sessions and work as expected:
> SSH at cer.lab#sh ip bgp
> Total number of BGP Routes: 1
> Status codes: s suppressed, d damped, h history, * valid, > best, i
> internal, S stale
> Origin codes: i - IGP, e - EGP, ? - incomplete
>     Network            Next Hop        MED    LocPrf     Weight Path
> *>i 0.0.0.0/0          172.19.126.11          100        0      i

> SSH at cer.lab#sh ipv6 bgp  
> Total number of BGP Routes: 1
> Status codes: s suppressed, d damped, h history, * valid, > best, i
> internal, S stale
> Origin codes: i - IGP, e - EGP, ? - incomplete
>     Network            Next Hop        MED    LocPrf     Weight Path
> *>i ::/0               ::ffff:172.19.126.11
>                                               100        0      i


VRF, just in case:
> SSH at cer.lab#show ip vrf l3vpn-cust-321
> VRF l3vpn-cust-321, default RD 65500:321, Table ID 2
> Label: 500001,  Label-Switched Mode: OFF
> IP Router-Id: 10.3.21.1
>   Interfaces:
>     v32
>   Export VPN route-target communities:
>     RT:65500:321           
>   Import VPN route-target communities:
>     RT:65500:321           
>   No import route-map
>   No export route-map
>
>   Address Family IPv4
>     Max Routes: 1024
>     Number of Unicast Routes: 2
>     Export VPN route-target communities:
>     RT:65500:321           
>     Import VPN route-target communities:
>     RT:65500:321 


-- 
Pavel Lunin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20130306/74580461/attachment.html>

More information about the foundry-nsp mailing list