Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > MPLS VPN Issue - Can't Ping (MPLS Encapsulation Failed)

Reply
Thread Tools

MPLS VPN Issue - Can't Ping (MPLS Encapsulation Failed)

 
 
Peter Danes
Guest
Posts: n/a
 
      09-22-2008
Hi,

I copied the MPLS VPN configuration (with slight modifications) from the
following document but can't ping any remote addresses in the VRF.

http://www.cisco.com/en/U...ple09186a00800a6c11.shtml

The routing tables/path on all of the PE routers are correct and there
are no ACL's that would be restricting ICMP traffic.

I've also set the MTU/MPLS MTU and it still fails encapsulation.

Can anyone think of a reason why MPLS encapsulation is failing? I can a
provide a copy of the configuration on each router is required.

************************************************** ****************
Output of debug IP packet:

R5#ping vrf Customer_A 192.168.4.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.4.1, timeout is 2 seconds:

*Mar 1 05:58:55.021: IP: tableid=1, s=192.168.5.1 (local), d=192.168.4.1
(FastEthernet0/0), routed via FIB
*Mar 1 05:58:55.021: IP: s=192.168.5.1 (local), d=192.168.4.1
(FastEthernet0/0), len 100, sending
*Mar 1 05:58:55.021: IP: s=192.168.5.1 (local), d=192.168.4.1
(FastEthernet0/0), len 100, MPLS encapsulation failed
*Mar 1 05:58:55.390: IP: s=5.5.5.5 (local), d=224.0.0.10 (Loopback0),
len 60, sending broad/multicast
*Mar 1 05:58:55.390: IP: s=5.5.5.5 (Loopback0), d=224.0.0.10, len 60, rcvd 2
*Mar 1 05:58:55.450: IP: s=10.1.1.5 (local), d=224.0.0.10
(FastEthernet0/0), len 60, sending broad/multicast
*Mar 1 05:58:55.450: IP: s=10.1.1.5 (FastEthernet0/0), d=224.0.0.10, len
60, rcvd 2.
*Mar 1 05:58:56.584: IP: s=10.1.1.1 (FastEthernet0/0), d=224.0.0.10, len
60, rcvd 2
*Mar 1 05:58:57.025: IP: tableid=1, s=192.168.5.1 (local), d=192.168.4.1
(FastEthernet0/0), routed via FIB
*Mar 1 05:58:57.025: IP: s=192.168.5.1 (local), d=192.168.4.1
(FastEthernet0/0), len 100, sending
*Mar 1 05:58:57.025: IP: s=192.168.5.1 (local), d=192.168.4.1
(FastEthernet0/0), len 100, MPLS encapsulation failed.
*Mar 1 05:58:57.918: IP: s=10.1.1.5 (local), d=255.255.255.255
(FastEthernet0/0), len 48, sending broad/multicast
*Mar 1 05:58:58.130: IP: s=10.1.1.1 (FastEthernet0/0),
d=255.255.255.255, len 48, rcvd 0
*Mar 1 05:58:59.028: IP: tableid=1, s=192.168.5.1 (local), d=192.168.4.1
(FastEthernet0/0), routed via FIB
*Mar 1 05:58:59.028: IP: s=192.168.5.1 (local), d=192.168.4.1
(FastEthernet0/0), len 100, sending
*Mar 1 05:58:59.028: IP: s=192.168.5.1 (local), d=192.168.4.1
(FastEthernet0/0), len 100, MPLS encapsulation failed
*Mar 1 05:58:59.753: IP: s=5.5.5.5 (local), d=224.0.0.10 (Loopback0),
len 60, sending broad/multicast
*Mar 1 05:58:59.753: IP: s=5.5.5.5 (Loopback0), d=224.0.0.10, len 60,
rcvd 2.
*Mar 1 05:59:00.342: IP: s=10.1.1.5 (local), d=224.0.0.10
(FastEthernet0/0), len 60, sending broad/multicast
*Mar 1 05:59:00.342: IP: s=10.1.1.5 (FastEthernet0/0), d=224.0.0.10, len
60, rcvd 2
*Mar 1 05:59:01.027: IP: tableid=1, s=192.168.5.1 (local), d=192.168.4.1
(FastEthernet0/0), routed via FIB
*Mar 1 05:59:01.027: IP: s=192.168.5.1 (local), d=192.168.4.1
(FastEthernet0/0), len 100, sending
*Mar 1 05:59:01.027: IP: s=192.168.5.1 (local), d=192.168.4.1
(FastEthernet0/0), len 100, MPLS encapsulation failed
*Mar 1 05:59:01.512: IP: s=10.1.1.1 (FastEthernet0/0), d=224.0.0.10, len
60, rcvd 2
*Mar 1 05:59:01.941: IP: s=10.1.1.5 (local), d=255.255.255.255
(FastEthernet0/0), len 48, sending broad/multicast.
*Mar 1 05:59:02.894: IP: s=10.1.1.1 (FastEthernet0/0),
d=255.255.255.255, len 48, rcvd 0
*Mar 1 05:59:03.031: IP: tableid=1, s=192.168.5.1 (local), d=192.168.4.1
(FastEthernet0/0), routed via FIB
*Mar 1 05:59:03.031: IP: s=192.168.5.1 (local), d=192.168.4.1
(FastEthernet0/0), len 100, sending
*Mar 1 05:59:03.031: IP: s=192.168.5.1 (local), d=192.168.4.1
(FastEthernet0/0), len 100, MPLS encapsulation failed.
Success rate is 0 percent (0/5)
************************************************** ****************
 
Reply With Quote
 
 
 
 
Matthew Melbourne
Guest
Posts: n/a
 
      09-22-2008
In article <00e782bc$0$20311$(E-Mail Removed)>,
Peter Danes <(E-Mail Removed)> wrote:
> Hi,


> I copied the MPLS VPN configuration (with slight modifications) from the
> following document but can't ping any remote addresses in the VRF.


> http://www.cisco.com/en/U...ple09186a00800a6c11.shtml


> The routing tables/path on all of the PE routers are correct and there
> are no ACL's that would be restricting ICMP traffic.


> I've also set the MTU/MPLS MTU and it still fails encapsulation.


> Can anyone think of a reason why MPLS encapsulation is failing? I can a
> provide a copy of the configuration on each router is required.


The configs would be helpful. You do have a global 'ip cef' and 'mpls ip'
configured under all interfaces connecting P/PE routers?

Cheers,

Matt

--
Matthew Melbourne
 
Reply With Quote
 
 
 
 
Merv
Guest
Posts: n/a
 
      09-22-2008

Does R5 have a label for the destination being pinged ???

Without a label, MPLS cannot complete packet encap
 
Reply With Quote
 
Peter Danes
Guest
Posts: n/a
 
      09-22-2008
Matthew Melbourne wrote:
> In article <00e782bc$0$20311$(E-Mail Removed)>,
> Peter Danes <(E-Mail Removed)> wrote:
>> Hi,

>
>> I copied the MPLS VPN configuration (with slight modifications) from the
>> following document but can't ping any remote addresses in the VRF.

>
>> http://www.cisco.com/en/U...ple09186a00800a6c11.shtml

>
>> The routing tables/path on all of the PE routers are correct and there
>> are no ACL's that would be restricting ICMP traffic.

>
>> I've also set the MTU/MPLS MTU and it still fails encapsulation.

>
>> Can anyone think of a reason why MPLS encapsulation is failing? I can a
>> provide a copy of the configuration on each router is required.

>
> The configs would be helpful. You do have a global 'ip cef' and 'mpls ip'
> configured under all interfaces connecting P/PE routers?
>
> Cheers,
>
> Matt
>


Oops! The proper URL for the article I copied is:
http://www.cisco.com/en/US/tech/tk43...800a6c11.shtml.

The MPLS VPN configuration on each of my routers is as follows:

****** R6 ******
ip cef
ip vrf Customer_A
rd 100:110
route-target export 100:1000
route-target import 100:1000

ip vrf Customer_B
rd 100:120
route-target export 100:2000
route-target import 100:2000

interface Loopback101
ip vrf forwarding Customer_A
ip address 192.168.6.1 255.255.255.0

interface Loopback102
ip vrf forwarding Customer_B
ip address 192.168.6.1 255.255.255.0

interface fastEthernet0/0
tag-switching ip

router eigrp 100
network 6.6.6.6 0.0.0.0
network 10.2.2.0 0.0.0.255

router bgp 100
neighbor 4.4.4.4 remote-as 100
neighbor 4.4.4.4 update-source loopback0
neighbor 5.5.5.5 remote-as 100
neighbor 5.5.5.5 update-source loopback0

address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community both
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 send-community both
exit-address-family

address-family ipv4 vrf Customer_B
redistribute connected
no auto-summary
no synchronization
exit-address-family

address-family ipv4 vrf Customer_A
redistribute connected
no auto-summary
no synchronization
exit-address-family

****** R5 (Pescara) ******
ip cef
ip vrf Customer_A
rd 100:110
route-target export 100:1000
route-target import 100:1000

ip vrf Customer_B
rd 100:120
route-target export 100:2000
route-target import 100:2000

interface Loopback101
ip vrf forwarding Customer_A
ip address 192.168.5.1 255.255.255.0

interface Loopback102
ip vrf forwarding Customer_B
ip address 192.168.5.1 255.255.255.0

interface fastEthernet0/0
tag-switching ip

router eigrp 100
network 5.5.5.5 0.0.0.0
network 172.12.123.0 0.0.0.255
network 10.1.1.0 0.0.0.255

router bgp 100
neighbor 4.4.4.4 remote-as 100
neighbor 4.4.4.4 update-source loopback0
neighbor 6.6.6.6 remote-as 100
neighbor 6.6.6.6 update-source loopback0

address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community both
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 send-community both

exit-address-family

address-family ipv4 vrf Customer_B
redistribute connected
no auto-summary
no synchronization
exit-address-family

address-family ipv4 vrf Customer_A
redistribute connected
no auto-summary
no synchronization
exit-address-family

****** R4 (Pesaro) ******
ip cef

ip vrf Customer_A
rd 100:110
route-target export 100:1000
route-target import 100:1000
!
ip vrf Customer_B
rd 100:120
route-target export 100:2000
route-target import 100:2000

interface Loopback101
ip vrf forwarding Customer_A
ip address 192.168.4.1 255.255.255.0

interface Loopback102
ip vrf forwarding Customer_B
ip address 192.168.4.1 255.255.255.0
!

interface Loopback111
ip vrf forwarding Customer_A
ip address 192.168.44.1 255.255.255.0

interface serial0/0
tag-switching ip

router eigrp 100
network 10.3.3.0 0.0.0.255
network 4.4.4.4 0.0.0.0

address-family ipv4 vrf Customer_A
redistribute connected
redistribute bgp 100 metric 1500 6000 255 1 1500
network 172.12.23.0 0.0.0.255
no auto-summary
autonomous-system 10
exit-address-family

router bgp 100
neighbor 5.5.5.5 remote-as 100
neighbor 5.5.5.5 update-source Loopback0
neighbor 6.6.6.6 remote-as 100
neighbor 6.6.6.6 update-source loopback0

address-family vpnv4
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 send-community both
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 send-community both
exit-address-family

address-family ipv4 vrf Customer_B
redistribute connected
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf Customer_A
redistribute connected
redistribute eigrp 10
no auto-summary
no synchronization
exit-address-family

****** R3 (Pomerol) ******
ip cef

interface serial0/0
tag-switching ip

interface serial0/1
tag-switching ip

router eigrp 100
network 172.12.123.0 0.0.0.255
network 10.3.3.0 0.0.0.255
network 3.3.3.3 0.0.0.0

****** R2 (Pulligny) ******
ip cef

interface serial0/0
tag-switching ip

interface fastEthernet0/1
tag-switching ip

router eigrp 100
network 172.12.123.0 0.0.0.255
network 10.2.2.0 0.0.0.255
network 2.2.2.2 0.0.0.0

****** R1 (Pauillac) ******
ip cef

interface s0/0
tag-switching ip

interface fa0/0
tag-switching ip

router eigrp 100
network 172.12.123.0 0.0.0.255
network 10.1.1.0 0.0.0.255
network 1.1.1.1 0.0.0.0

****** R4 Output: ******
R4#sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 172.12.23.4 YES NVRAM up up
Serial0/0 10.3.3.4 YES NVRAM up up
Serial0/1 unassigned YES NVRAM administratively down down
Loopback0 4.4.4.4 YES NVRAM up up
Loopback101 192.168.4.1 YES NVRAM up up
Loopback102 192.168.4.1 YES NVRAM up up
Loopback111 192.168.44.1 YES NVRAM up up

R4#sh ip vrf int
Interface IP-Address VRF Protocol
Lo101 192.168.4.1 Customer_A up
Lo111 192.168.44.1 Customer_A up
Fa0/0 172.12.23.4 Customer_A up
Lo102 192.168.4.1 Customer_B up

R4#sh ip route vrf Customer_A
Routing Table: Customer_A
Gateway of last resort is not set

C 192.168.44.0/24 is directly connected, Loopback111
172.12.0.0/24 is subnetted, 1 subnets
C 172.12.23.0 is directly connected, FastEthernet0/0
C 192.168.4.0/24 is directly connected, Loopback101
B 192.168.5.0/24 [200/0] via 5.5.5.5, 00:00:40
B 192.168.6.0/24 [200/0] via 6.6.6.6, 00:12:29

R4#ping vrf Customer_A 192.168.5.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
......
Success rate is 0 percent (0/5)

R4#ping 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/65/68 ms
R4#

****** R5 Output: ******
R5# sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.1.1.5 YES NVRAM up up
Loopback0 5.5.5.5 YES NVRAM up up
Loopback101 192.168.5.1 YES NVRAM up up
Loopback102 192.168.5.1 YES NVRAM up up
R5#

R5#sh ip vrf int
Interface IP-Address VRF Protocol
Lo101 192.168.5.1 Customer_A up
Lo102 192.168.5.1 Customer_B up

R5#sh ip route vrf Customer_A
Routing Table: Customer_A
Gateway of last resort is not set

B 192.168.44.0/24 [200/0] via 4.4.4.4, 00:01:10
172.12.0.0/24 is subnetted, 1 subnets
B 172.12.23.0 [200/0] via 4.4.4.4, 00:01:10
B 192.168.4.0/24 [200/0] via 4.4.4.4, 00:01:10
C 192.168.5.0/24 is directly connected, Loopback101
B 192.168.6.0/24 [200/0] via 6.6.6.6, 00:01:10

R5#ping vrf Customer_A 192.168.4.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.4.1, timeout is 2 seconds:
......
Success rate is 0 percent (0/5)

R5#ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/65/68 ms
 
Reply With Quote
 
Peter Danes
Guest
Posts: n/a
 
      09-22-2008
Merv wrote:
> Does R5 have a label for the destination being pinged ???
>
> Without a label, MPLS cannot complete packet encap


Hmm, I don't see any labels for the vrf "Customer_A":

R5#show mpls ldp bind vrf Customer_A
TIB not enabled

But I do have labels for my global routing table:

R5#show mpls ldp bind
tib entry: 1.1.1.1/32, rev 16
local binding: tag: 23
remote binding: tsr: 1.1.1.1:0, tag: imp-null
tib entry: 2.2.2.2/32, rev 18
local binding: tag: 24
remote binding: tsr: 1.1.1.1:0, tag: 20
tib entry: 3.3.3.3/32, rev 20
local binding: tag: 25
remote binding: tsr: 1.1.1.1:0, tag: 21
tib entry: 4.4.4.4/32, rev 14
local binding: tag: 22
remote binding: tsr: 1.1.1.1:0, tag: 19
tib entry: 5.5.5.5/32, rev 2
local binding: tag: imp-null
remote binding: tsr: 1.1.1.1:0, tag: 22
tib entry: 6.6.6.6/32, rev 10
local binding: tag: 20
remote binding: tsr: 1.1.1.1:0, tag: 17
tib entry: 10.1.1.0/24, rev 4
local binding: tag: imp-null
remote binding: tsr: 1.1.1.1:0, tag: imp-null
tib entry: 10.2.2.0/24, rev 8
local binding: tag: 19
remote binding: tsr: 1.1.1.1:0, tag: 16
tib entry: 10.3.3.0/24, rev 12
local binding: tag: 21
remote binding: tsr: 1.1.1.1:0, tag: 18
tib entry: 10.11.11.0/24, rev 21
remote binding: tsr: 1.1.1.1:0, tag: imp-null
tib entry: 172.12.123.0/24, rev 6
local binding: tag: 18
remote binding: tsr: 1.1.1.1:0, tag: imp-null

Is the above expected or should I be looking into the "TIB not enabled"
message? I don't think I've even come across that term in my recent studies.

 
Reply With Quote
 
Peter Danes
Guest
Posts: n/a
 
      09-22-2008
Peter Danes wrote:
> Merv wrote:
>> Does R5 have a label for the destination being pinged ???
>>
>> Without a label, MPLS cannot complete packet encap

>
> Hmm, I don't see any labels for the vrf "Customer_A":
>
> R5#show mpls ldp bind vrf Customer_A
> TIB not enabled
>
> But I do have labels for my global routing table:
>
> R5#show mpls ldp bind
> tib entry: 1.1.1.1/32, rev 16
> local binding: tag: 23
> remote binding: tsr: 1.1.1.1:0, tag: imp-null
> tib entry: 2.2.2.2/32, rev 18
> local binding: tag: 24
> remote binding: tsr: 1.1.1.1:0, tag: 20
> tib entry: 3.3.3.3/32, rev 20
> local binding: tag: 25
> remote binding: tsr: 1.1.1.1:0, tag: 21
> tib entry: 4.4.4.4/32, rev 14
> local binding: tag: 22
> remote binding: tsr: 1.1.1.1:0, tag: 19
> tib entry: 5.5.5.5/32, rev 2
> local binding: tag: imp-null
> remote binding: tsr: 1.1.1.1:0, tag: 22
> tib entry: 6.6.6.6/32, rev 10
> local binding: tag: 20
> remote binding: tsr: 1.1.1.1:0, tag: 17
> tib entry: 10.1.1.0/24, rev 4
> local binding: tag: imp-null
> remote binding: tsr: 1.1.1.1:0, tag: imp-null
> tib entry: 10.2.2.0/24, rev 8
> local binding: tag: 19
> remote binding: tsr: 1.1.1.1:0, tag: 16
> tib entry: 10.3.3.0/24, rev 12
> local binding: tag: 21
> remote binding: tsr: 1.1.1.1:0, tag: 18
> tib entry: 10.11.11.0/24, rev 21
> remote binding: tsr: 1.1.1.1:0, tag: imp-null
> tib entry: 172.12.123.0/24, rev 6
> local binding: tag: 18
> remote binding: tsr: 1.1.1.1:0, tag: imp-null
>
> Is the above expected or should I be looking into the "TIB not enabled"
> message? I don't think I've even come across that term in my recent
> studies.
>


Further to the above:

R5#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Aggregate 192.168.5.0/24[V] 0
17 Aggregate 192.168.5.0/24[V] 0
18 Pop tag 172.12.123.0/24 0 Fa0/0 10.1.1.1
19 16 10.2.2.0/24 0 Fa0/0 10.1.1.1
20 17 6.6.6.6/32 0 Fa0/0 10.1.1.1
21 18 10.3.3.0/24 0 Fa0/0 10.1.1.1
22 19 4.4.4.4/32 0 Fa0/0 10.1.1.1
23 Pop tag 1.1.1.1/32 0 Fa0/0 10.1.1.1
24 20 2.2.2.2/32 0 Fa0/0 10.1.1.1
25 21 3.3.3.3/32 0 Fa0/0 10.1.1.1

R5#show mpls forwarding-table vrf Customer_A
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Aggregate 192.168.5.0/24[V] 0

It looks like the LFIB is missing a few entries.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Encapsulation in VPN karthikbalaguru Cisco 17 01-04-2010 08:32 AM
Help in understanding an MPLS network (MPLS newbie) ttripp Cisco 4 11-12-2007 10:29 PM
How activate TCP encapsulation on PIX 515 for Cisco VPN Clients? Otmar Spoettel Cisco 2 11-25-2005 09:15 PM
MPLS: DiffServ & TE paths are really required to deploy commercial VoIP over a MPLS network. Jimmi Cisco 0 08-16-2005 01:34 PM
Experts: Is it possible to combine policy-based MPLS-TE + MPLS-VPN ? Herbert Haas Cisco 0 01-09-2004 09:20 AM



Advertisments