Troubleshooting Juniper-Cisco Layer3 VPN



  • Hi Folks,

    I am trying to simulate Layer3 VPN between Juniper J2320 and Cisco 2611. However it seems that Juniper router is not sending VPN routes to Cisco router. I have verified the LDP, BGP and OSPF they are all operational. The attached document has got the configuration of Juniper and Cisco. Please help me out to fix this. This set up is in my home lab.

    Ranjeet

    VPN_Troubleshooting_Juniper_Cisco_Layer3.doc



  • 1, you wanna make sure your CE or host correctly set default gateway to the PE’s VRF interface IP;
    2, try setting vrf-table-label on the VRF on juniper side.
    3, Make sure all the related vrf interfaces are up and running;

    Question:

    On Cisco side, why FastEthernet0/1 is shutdown?



  • root@IBHANAN# run show route table inet.3

    inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

    • = Active Route, - = Last Active, * = Both

    97.9.15.2/32      *[LDP/9] 00:01:31, metric 1
                        > to 220.225.33.2 via ge-0/0/2.0

    root@IBHANAN# run show route table inet.0

    inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)

    • = Active Route, - = Last Active, * = Both

    97.9.15.0/24      *[Direct/0] 00:46:28
                        > via lo0.0
    97.9.15.1/32      *[Local/0] 00:46:28
                          Local via lo0.0
    97.9.15.2/32      *[OSPF/10] 00:19:19, metric 2
                        > to 220.225.33.2 via ge-0/0/2.0
    220.225.33.0/24    *[Direct/0] 00:20:05
                        > via ge-0/0/2.0
    220.225.33.1/32    *[Local/0] 00:46:00
                          Local via ge-0/0/2.0
    224.0.0.5/32      *[OSPF/10] 00:46:29, metric 1
                          MultiRecv

    root@IBHANAN> show route table mpls.0

    mpls.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)

    • = Active Route, - = Last Active, * = Both

    0                  *[MPLS/0] 00:48:15, metric 1
                          Receive
    1                  *[MPLS/0] 00:48:15, metric 1
                          Receive
    2                  *[MPLS/0] 00:48:15, metric 1
                          Receive
    299776            *[LDP/9] 00:20:51, metric 1
                        > to 220.225.33.2 via ge-0/0/2.0, Pop
    299776(S=0)        *[LDP/9] 00:20:51, metric 1
                        > to 220.225.33.2 via ge-0/0/2.0, Pop
    299792            *[VPN/170] 00:20:41
                        > to 200.200.200.2 via ge-0/0/1.0, Pop

    root@IBHANAN> show ldp database
    Input label database, 97.9.15.1:0–97.9.15.2:0
      Label    Prefix
        17    97.9.15.0/24
        16    97.9.15.1/32
          3    97.9.15.2/32
          3    220.225.33.0/24

    Output label database, 97.9.15.1:0–97.9.15.2:0
      Label    Prefix
          3    97.9.15.1/32
    299776    97.9.15.2/32

    root@IBHANAN> show ldp database
    Input label database, 97.9.15.1:0–97.9.15.2:0
      Label    Prefix
        17    97.9.15.0/24
        16    97.9.15.1/32
          3    97.9.15.2/32
          3    220.225.33.0/24

    Output label database, 97.9.15.1:0–97.9.15.2:0
      Label    Prefix
          3    97.9.15.1/32
    299776    97.9.15.2/32

    root@IBHANAN> show ldp neighbor
    Address            Interface          Label space ID        Hold time
    220.225.33.2      ge-0/0/2.0        97.9.15.2:0              12


    SHOW RUN

    root@IBHANAN# run show configuration

    Last commit: 2013-07-15 23:40:27 IST by root

    version 10.0R4.7;

    interfaces {
        ge-0/0/0 {
            unit 0;
        }
        fe-0/0/1 {
            unit 0;
        }
        ge-0/0/1 {
            unit 0 {
                family inet {
                    address 200.200.200.1/24;
                }
            }
        }
        ge-0/0/2 {
            unit 0 {
                family inet {
                    address 220.225.33.1/24;
                }
                family mpls;
            }
        }
        lo0 {
            unit 0 {
                family inet {
                    address 97.9.15.1/24;
                }
            }
        }
    }
    routing-options {
        router-id 97.9.15.1;
        autonomous-system 200;
    }
    protocols {
        mpls {
            interface ge-0/0/2.0;
        }
        bgp {
            group SESSION-ROUTER2600 {
                type internal;
                family inet-vpn {
                    unicast;
                }
                peer-as 200;
                neighbor 97.9.15.2;
            }
        }
        ospf {
            area 0.0.0.0 {
                interface ge-0/0/2.0;
                interface lo0.0;
            }
        }
        ldp {
            interface ge-0/0/2.0;
            interface all;
        }
    }
    policy-options {
        policy-statement London_Export {
            term 1 {
                from protocol static;
                then {
                    community add London;
                    accept;
                }
            }
            term 2 {
                then reject;
            }
        }
        policy-statement London_Import {
            term 1 {
                from {
                    protocol bgp;
                    community London;
                }
                then accept;
            }
            term 2 {
                then reject;
            }
        }
        community London members target:200:200;
    }
    security {
        forwarding-options {
            family {
                mpls {
                    mode packet-based;
                }
            }
        }
    }
    routing-instances {
        London {
            instance-type vrf;
            interface ge-0/0/1.0;
            route-distinguisher 200:200;
            vrf-import London_Import;
            vrf-export London_Export;
            vrf-target target:200:200;
            routing-options {
                static {
                    route 100.100.100.1/32 next-hop 200.200.200.2;
                }
            }
        }
    }

    [edit]
    root@IBHANAN#

    –-----------------------------------------------------------------------
    CISCO

    Hanuman>
    Hanuman>en
    Password:
    Password: sj  show run
    Building configuration…

    Current configuration : 1707 bytes
    !
    version 12.3
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname Hanuman
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 5 $1$RMZ5$60IY29i1BBont51p.5gPM/
    enable password password
    !
    no network-clock-participate slot 1
    no network-clock-participate wic 0
    no aaa new-model
    ip subnet-zero
    ip cef
    !
    !
    –More--         !
    no ip domain lookup
    ip vrf London
    rd 200:200
    route-target export 200:200
    route-target import 200:200
    !
    ip audit po max-events 100
    mpls label protocol ldp
    tag-switching tdp router-id Loopback0
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    –More--         !
    !
    !
    !
    !
    !
    !
    !
    interface Loopback0
    ip address 97.9.15.2 255.255.255.255
    !
    interface FastEthernet0/0
    ip address 220.225.33.2 255.255.255.0
    duplex auto
    speed auto
    tag-switching ip
    no cdp enable
    !
    interface FastEthernet0/1
    ip vrf forwarding London
    ip address 10.255.8.1 255.255.255.0
    shutdown
    duplex auto
    –More--          speed auto
    no cdp enable
    !
    router ospf 200
    router-id 97.9.15.2
    log-adjacency-changes
    network 97.9.15.0 0.0.0.255 area 0
    network 220.225.33.0 0.0.0.255 area 0
    !
    router bgp 200
    no synchronization
    bgp log-neighbor-changes
    neighbor 97.9.15.1 remote-as 200
    neighbor 97.9.15.1 update-source Loopback0
    no auto-summary
    !
    address-family vpnv4
    neighbor 97.9.15.1 activate
    neighbor 97.9.15.1 send-community both
    exit-address-family
    !
    address-family ipv4 vrf London
    redistribute static
    –More--          no auto-summary
    no synchronization
    exit-address-family
    !
    ip classless
    !
    no ip http server
    no ip http secure-server
    !
    dialer-list 1 protocol ip permit
    dialer-list 1 protocol ipx permit
    no cdp run
    !
    !
    !
    !
    !
    !
    !
    !
    !
    line con 0
    line aux 0
    –More--         line vty 0 4
    exec-timeout 35791 0
    password password
    login
    !
    !
    end

    Hanuman#show mpl
    Hanuman#show mpls for
    Hanuman#show mpls forwarding-table ?
      A.B.C.D    Destination prefix
      detail      Detailed information
      interface  Match outgoing interface
      labels      Match label values
      lsp-tunnel  LSP Tunnel id
      next-hop    Match next hop neighbor
      vrf        Show entries for a VPN Routing/Forwarding instance
      |          Output modifiers
      <cr>Hanuman#show mpls forwarding-table vrf
    Hanuman#show mpls forwarding-table vrf Lon
    Hanuman#show mpls forwarding-table vrf London
    Local  Outgoing    Prefix            Bytes tag  Outgoing  Next Hop   
    tag    tag or VC  or Tunnel Id      switched  interface             
    Hanuman#show      show mpls forwarding-table vrf Londonrun                            mpls forwarding-table vrf London          ?
      A.B.C.D    Destination prefix
      detail      Detailed information
      interface  Match outgoing interface
      labels      Match label values
      lsp-tunnel  LSP Tunnel id
      next-hop    Match next hop neighbor
      vrf        Show entries for a VPN Routing/Forwarding instance
      |          Output modifiers
      <cr>Hanuman#show mpls forwarding-table det
    Hanuman#show mpls forwarding-table detail
    Local  Outgoing    Prefix            Bytes tag  Outgoing  Next Hop   
    tag    tag or VC  or Tunnel Id      switched  interface             
    16    Pop tag    97.9.15.1/32      0          Fa0/0      220.225.33.1
    MAC/Encaps=14/14, MRU=1504, Tag Stack{}
    00239C7DFF82001201AE83008847
    No output feature configured
        Per-packet load-sharing
    17    Untagged    97.9.15.0/24      0          Fa0/0      220.225.33.1
    MAC/Encaps=0/0, MRU=1504, Tag Stack{}
    No output feature configured
        Per-packet load-sharing
    Hanuman#show mpl
    Hanuman#show mpls ld
    Hanuman#show mpls ldp ?
      backoff    LDP session setup backoff table
      bindings    Show the LDP Label Information Base (LIB))
      discovery  Display sources for locally generated LDP Discovery Hello PDUs
      neighbor    Display LDP neighbor information
      parameters  Display LDP configuration parameters

    Hanuman#show mpls ldp bin
    Hanuman#show mpls ldp bindings
      tib entry: 97.9.15.0/24, rev 8
    local binding:  tag: 17
      tib entry: 97.9.15.1/32, rev 6
    local binding:  tag: 16
    remote binding: tsr: 97.9.15.1:0, tag: imp-null
      tib entry: 97.9.15.2/32, rev 2
    local binding:  tag: imp-null
    remote binding: tsr: 97.9.15.1:0, tag: 299776
      tib entry: 220.225.33.0/24, rev 4
    local binding:  tag: imp-null
    Hanuman#</cr></cr>



  • show route table inet.3 // paste it here.


 

49
Online

38.4k
Users

12.7k
Topics

44.5k
Posts