The MPLS-OPS Archive[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] RE: MPLS VPN using GRE/IPSEC between PE
Hello,
So I change ios to enterprise and reload the 2 pe routers and all
sudden:
2651XM1#show ip cef vrf CUST_1 172.16.242.0 detail
172.16.242.0/24, version 15, epoch 0
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with
Recursive rewrite via NULL, tags imposed {18}
via 204.177.181.252, 0 dependencies, recursive
next hop 204.177.181.252, Tunnel10000 via 204.177.181.252/32
valid adjacency
tag rewrite with
Recursive rewrite via NULL, tags imposed {18}
2651XM1#show ip cef vrf CUST_1 172.16.248.0 detail
172.16.248.0/24, version 12, epoch 0, cached adjacency 192.168.1.2
0 packets, 0 bytes
tag information set
local tag: 17
via 192.168.1.2, 0 dependencies, recursive
next hop 192.168.1.2, FastEthernet0/0 via 192.168.1.2/32
valid cached adjacency
tag rewrite with Fa0/0, 192.168.1.2, tags imposed: {}
2651XM2#show ip cef vrf CUST_1 172.16.248.0 detail
172.16.248.0/24, version 18, epoch 0
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with
Recursive rewrite via NULL, tags imposed {17}
via 204.177.181.253, 0 dependencies, recursive
next hop 204.177.181.253, Tunnel10000 via 204.177.181.253/32
valid adjacency
tag rewrite with
Recursive rewrite via NULL, tags imposed {17}
2651XM2#show ip cef vrf CUST_1 172.16.242.0 detail
172.16.242.0/24, version 16, epoch 0, cached adjacency 192.168.2.2
0 packets, 0 bytes
tag information set
local tag: 18
via 192.168.2.2, 0 dependencies, recursive
next hop 192.168.2.2, FastEthernet0/0 via 192.168.2.2/32
valid cached adjacency
tag rewrite with Fa0/0, 192.168.2.2, tags imposed: {}
Still can't ping:
2621A#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 192.168.1.1 to network 0.0.0.0
172.16.0.0/24 is subnetted, 2 subnets
C 172.16.248.0 is directly connected, Loopback0
B 172.16.242.0 [20/0] via 192.168.1.1, 00:01:24
10.0.0.0/24 is subnetted, 3 subnets
B 10.242.22.0 [20/0] via 192.168.1.1, 00:01:25
C 10.242.1.0 is directly connected, FastEthernet0/1
B 10.242.2.0 [20/0] via 192.168.1.1, 00:01:24
192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.0 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 192.168.1.1
2621A#show ip int brief
Interface IP-Address OK? Method Status
Protocol
FastEthernet0/0 192.168.1.2 YES manual up
up
FastEthernet0/1 10.242.1.1 YES manual up
up
Loopback0 172.16.248.1 YES manual up
up
2621A#ping
Protocol [ip]:
Target IP address: 172.16.242.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 172.16.248.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.242.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Then putting on tag-switching ip command on tunnel interface
2651XM1#show ip cef vrf CUST_1 172.16.248.0 detail
172.16.248.0/24, version 12, epoch 0, cached adjacency 192.168.1.2
0 packets, 0 bytes
tag information set
local tag: 17
via 192.168.1.2, 0 dependencies, recursive
next hop 192.168.1.2, FastEthernet0/0 via 192.168.1.2/32
valid cached adjacency
tag rewrite with Fa0/0, 192.168.1.2, tags imposed: {}
2651XM1#show ip cef vrf CUST_1 172.16.242.0 detail
172.16.242.0/24, version 15, epoch 0
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Tu10000, point2point, tags imposed: {18}
via 204.177.181.252, 0 dependencies, recursive
next hop 204.177.181.252, Tunnel10000 via 204.177.181.252/32
valid adjacency
tag rewrite with Tu10000, point2point, tags imposed: {18}
Jul 23 23:46:34.082 EDT: %SYS-5-CONFIG_I: Configured from console by
cshow ip cef vrf CUST_1 172.16.248.0 detail
172.16.248.0/24, version 18, epoch 0
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with
Recursive rewrite via 204.177.181.253/32, tags imposed {17}
via 204.177.181.253, 0 dependencies, recursive
next hop 204.177.181.253, Tunnel10000 via 204.177.181.253/32
valid adjacency
tag rewrite with
Recursive rewrite via 204.177.181.253/32, tags imposed {17}
2651XM2#show ip cef vrf CUST_1 172.16.248.0 detail
172.16.248.0/24, version 18, epoch 0
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with
Recursive rewrite via 204.177.181.253/32, tags imposed {17}
via 204.177.181.253, 0 dependencies, recursive
next hop 204.177.181.253, Tunnel10000 via 204.177.181.253/32
valid adjacency
tag rewrite with
Recursive rewrite via 204.177.181.253/32, tags imposed {17}
2651XM2#show ip cef vrf CUST_1 172.16.242.0 detail
172.16.242.0/24, version 16, epoch 0, cached adjacency 192.168.2.2
0 packets, 0 bytes
tag information set
local tag: 18
via 192.168.2.2, 0 dependencies, recursive
next hop 192.168.2.2, FastEthernet0/0 via 192.168.2.2/32
valid cached adjacency
tag rewrite with Fa0/0, 192.168.2.2, tags imposed: {}
2651XM2#
Jul 23 23:47:23.712 EDT: %LDP-5-NBRCHG: TDP Neighbor 204.177.181.253:0
is UP
2651XM2#show ip cef vrf CUST_1 172.16.242.0 detail
172.16.242.0/24, version 16, epoch 0, cached adjacency 192.168.2.2
0 packets, 0 bytes
tag information set
local tag: 18
via 192.168.2.2, 0 dependencies, recursive
next hop 192.168.2.2, FastEthernet0/0 via 192.168.2.2/32
valid cached adjacency
tag rewrite with Fa0/0, 192.168.2.2, tags imposed: {}
2651XM2#show ip cef vrf CUST_1 172.16.248.0 detail
172.16.248.0/24, version 18, epoch 0
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Tu10000, point2point, tags imposed: {17}
via 204.177.181.253, 0 dependencies, recursive
next hop 204.177.181.253, Tunnel10000 via 204.177.181.253/32
valid adjacency
tag rewrite with Tu10000, point2point, tags imposed: {17}
Still can't ping :(
2621A#ping
Protocol [ip]:
Target IP address: 172.16.242.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 172.16.248.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.242.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Midnight already - guess I go to sleep and dream about ping would work
:)
Any pointers or explanation would be greatly appreciated.
-luan
-----Original Message-----
From: Rajiv Asati [mailto:rajiva@cisco.com]
Sent: Wednesday, July 23, 2003 6:18 PM
To: Luan Nguyen
Cc: mpls-ops@mplsrc.com
Subject: Re: [MPLS-OPS]: MPLS VPN using GRE/IPSEC between PE
Luan,
Take a look at the "sh ip cef vrf <vrf> <prefix>". Do you see any label
values ?
Usually, MPLS is required to be configured on the GRE tunnel ?
Do you really want IPSEC between PEs ? WHat's the motivation ?
Cheers,
Rajiv
At 03:50 PM 7/23/2003, Luan Nguyen wrote:
>Hello,
>I have a set up like this:
>cisco2621A----ethernet/BGP----PE1--------GRE/IPSEC-------PE2----Etherne
t
>/BGP---cisco2621C
>running eigrp inside the tunnel to advertise the loopback for the mbgp
peers
>PEs = 2651xm running 12.3.1a enterprise 3DES.
> From the CEs, routing table does have route between them - mbgp
> established and carried routes but i can't ping from sun box behind
the
> one CE to the other sun box behind the other CE. Traceroute die at
the
> PE. Anyone knows what could be wrong? do i need to run tag-switching
> inside the tunnel?
>
>Thanks.
>
>Regards,
>
>--luan
>
>Here are some show routes
>
>2621A#show ip route
>Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -
BGP
> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1
>- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF
>external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 -
IS-IS
>level-1, L2 - IS-IS level-2, ia - IS-IS inter area
> * - candidate default, U - per-user static route, o - ODR
> P - periodic downloaded static route
>
>Gateway of last resort is 192.168.1.1 to network 0.0.0.0
>
> 10.0.0.0/24 is subnetted, 2 subnets
>C 10.242.1.0 is directly connected, FastEthernet0/1
>B 10.242.2.0 [20/0] via 192.168.1.1, 00:27:08
> 192.168.1.0/30 is subnetted, 1 subnets
>C 192.168.1.0 is directly connected, FastEthernet0/0
>S* 0.0.0.0/0 [1/0] via 192.168.1.1
>2621A#show ip int brief
>Interface IP-Address OK? Method Status
>
>Protocol
>FastEthernet0/0 192.168.1.2 YES manual up
>
>up
>FastEthernet0/1 10.242.1.1 YES manual up
>
>up
>2621C#show ip route
>Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -
BGP
> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1
>- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF
>external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 -
IS-IS
>level-1, L2 - IS-IS level-2, ia - IS-IS inter area
> * - candidate default, U - per-user static route, o - ODR
> P - periodic downloaded static route
>
>Gateway of last resort is 192.168.2.1 to network 0.0.0.0
>
> 10.0.0.0/24 is subnetted, 2 subnets
>B 10.242.1.0 [20/0] via 192.168.2.1, 00:23:37
>C 10.242.2.0 is directly connected, Ethernet0/1
> 192.168.2.0/30 is subnetted, 1 subnets
>C 192.168.2.0 is directly connected, Ethernet0/0
>S* 0.0.0.0/0 [1/0] via 192.168.2.1
>
>2651XM1#show ip route vrf customer1
>
>Routing Table: customer1
>Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1
>- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF
>external type 1, E2 - OSPF external type 2
> i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
> level-2 ia - IS-IS inter area, * - candidate default, U - per-user
static route
> o - ODR, P - periodic downloaded static route
>
>Gateway of last resort is not set
>
> 10.0.0.0/24 is subnetted, 2 subnets
>B 10.242.1.0 [20/0] via 192.168.1.2, 00:29:08
>B 10.242.2.0 [200/0] via 204.177.181.252, 00:17:55
> 192.168.1.0/30 is subnetted, 1 subnets
>C 192.168.1.0 is directly connected, FastEthernet0/0
>
>2651XM2#show ip route vrf customer1
>
>Routing Table: customer1
>Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1
>- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF
>external type 1, E2 - OSPF external type 2
> i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
> level-2 ia - IS-IS inter area, * - candidate default, U - per-user
static route
> o - ODR, P - periodic downloaded static route
>
>Gateway of last resort is not set
>
> 10.0.0.0/24 is subnetted, 2 subnets
>B 10.242.1.0 [200/0] via 204.177.181.253, 00:15:45
>B 10.242.2.0 [20/0] via 192.168.2.2, 00:15:13
> 192.168.2.0/30 is subnetted, 1 subnets
>C 192.168.2.0 is directly connected, FastEthernet0/0
>
>_________________________________________________________________
>MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
>http://join.msn.com/?page=features/virus
>
>-------
>The MPLS-OPS Mailing List
>Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml
>Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
-------
The MPLS-OPS Mailing List
Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml
Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
-------
The MPLS-OPS Mailing List
Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml
Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
|
|