ping between vprn

[dolan23]

Hello everyone

Im new in the world of Nokia and I have a question about VPRN

I configured 2 interfaces but I can't ping between them

The router A is

Code: Select all

vprn 120 customer 1 create
            description "NET_CAMP"
            route-distinguisher 65500:120
            auto-bind mpls
            vrf-target target:65500:120
            interface "node_A" create
                address 172.25.94.44/28
                vrrp 65
                    backup 172.25.94.33
                    priority 230
                    ping-reply
                    traceroute-reply
                    init-delay 300
                exit
                sap 1/1/26:200 create
                exit
            exit
            no shutdown
       exit

The router B is

Code: Select all

vprn 120 customer 1 create
            description "NET_CAMP"
            route-distinguisher 65500:120
            auto-bind mpls
            vrf-target target:65500:120
            interface "node_B" create
                address 172.25.94.43/28
                vrrp 65
                    backup 172.25.94.33
                    priority 220
                    ping-reply
                    traceroute-reply
                    init-delay 300
                exit
                sap 1/1/26:200 create
                exit
            exit
            no shutdown
        exit
  

any idea can help me, thanks

[paramount]

Hi,

Are you referencing the VRF instance with your ping command - ie ping router 120 x.x.x.x?
I take it 1/1/26 is physically connected to the remote 1/1/26?

Can you share the output of 'show router 120 route-table'

Thanks
Paramount

[dolan23]

Hi thanks for the input. Sorry for responding so late, but I was trying to simulate my question in eve-ng to better understand how routers work.

Captura de pantalla 2023-12-10 043426.png

I did two scenarios
In the first one, I configured 1 vprn on each router with different networks, which achieved ping between all the devices
Router A: 192.168.77.1
PC A: 192.168.77.2
Router B: 192.168.88.1
PC B: 192.168.88.2

show router 120 route-table router A

Code: Select all

A:A# show router 120 route-table 

===============================================================================
Route Table (Service: 120)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric   
-------------------------------------------------------------------------------
192.168.77.0/24                               Local   Local     00h52m31s  0
       to_PCA                                                       0
192.168.88.0/24                               Remote  BGP VPN   00h19m07s  170
       10.100.10.5 (tunneled)                                       0
-------------------------------------------------------------------------------
No. of Routes: 2

show router 120 route-table router B

Code: Select all

A:B# show router 120 route-table 

===============================================================================
Route Table (Service: 120)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric   
-------------------------------------------------------------------------------
192.168.77.0/24                               Remote  BGP VPN   00h51m00s  170
       10.100.10.1 (tunneled)                                       0
192.168.88.0/24                               Local   Local     00h18m30s  0
       to_PCB                                                       0
-------------------------------------------------------------------------------
No. of Routes: 2

In the second scenario I configured all the devices on the same subnet. With which I achieve ping only between the local devices routerA-PCA, routerB-PCB.
Router A: 192.168.77.1
PC A: 192.168.77.2
Router B: 192.168.77.3
PC B: 192.168.77.4

show router 120 route-table router A

Code: Select all

A:A# show router 120 route-table 

===============================================================================
Route Table (Service: 120)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric   
-------------------------------------------------------------------------------
192.168.77.0/24                               Local   Local     01h11m22s  0
       to_PCA                                                       0
-------------------------------------------------------------------------------
No. of Routes: 1

show router 120 route-table router B

Code: Select all

A:B-2# show router 120 route-table 

===============================================================================
Route Table (Service: 120)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric   
-------------------------------------------------------------------------------
192.168.77.0/24                               Local   Local     02h13m08s  0
       to_PCB                                                       0
-------------------------------------------------------------------------------
No. of Routes: 1

I only achieved ping between the devices when I propagate the vlan through the switches, as you shared in your answer.

With all of the above, my question is whether vprn can be pinged with interfaces within the same subnet, or being on the same subnet makes it not feasible.
Is there a way to ping the IPs of devices B from devices A and vice versa?
Is it only possible to ping devices using scenario 1?

If you have any idea how it could be solved it would be helpful.

Thanks

[paramount]

Hi,

OK, so this is expected behaviour what you are seeing. The VPRN is essentially a router within a configuration.
What you are asking is to extend a single router interface out in two directions - one to local PC and one to the remote SR router. This would not normally work without a layer 2 network in between. Your single interface has to route out one interface - so it will route out of the local interface (as that takes priority over any BGP learned routes). That's why you can only ping locally from each router.

If you really want to achieve this just using the Nokia SROS, you can do it using a routed VPLS instance (or EPVN etc). This is akin to a Cisco IRB type of interface tied to a VLAN.

To achieve this you would do the following:

Code: Select all

      R1                                                               R2
VPRN Interface (no SAP, but VPLS name)           VPRN Interface (no SAP, but VPLS name)
       |                                                                 |
r-VPLS instance  -------------------------MPLS SDP----------------- r-VPLS instance               (with allow-ip-int binding and VPLS name set - both VPLSs).
       |                                                                 |
SAP to local PC                                             SAP to local PC

In the above diagram, you wouldn't need to link the VPRNs together - they could be separate routers. You should be able to ping from each device to all of the other interfaces.

Hope this makes sense,

Paramount

[dolan23]

Thanks for your answer, the diagram helps a lot, now I understand a little more, I will try to implement it and come back with positive results.

[paramount]

Of course, glad it was helpful.

Let us know if you hit any issues,

Paramount

[dolan23]

Hi, I tried to replicate the design given in the previous answer, but I did not succeed in pinging all the devices, the router configuration is as follows:

Router A

Code: Select all

vprn 120 customer 1 create
            autonomous-system 65500
            route-distinguisher 65500:120
            auto-bind-tunnel
                resolution-filter
                    rsvp
                exit
                resolution filter
            exit
            vrf-target target:65500:120
            interface "to_PCA" create
                address 192.168.77.1/24
                vpls "vpls1200"
                exit
            exit
            no shutdown
        exit

Code: Select all

vpls 1200 customer 1 create
            description "vpls_1200"
            allow-ip-int-bind
            exit
            split-horizon-group "camp" create
            exit
            stp
                no shutdown
            exit
            service-name "vpls1200"
            sap 1/1/3:200 create
                no shutdown
            exit
            spoke-sdp 103:1200 create
                no shutdown
            exit
            no shutdown
        exit
        

in router B is the same configuration

On the first try, I was able to ping from router A to pc A, but not from router B to pc B, I only managed to ping between router B and pc B when I shutdown the port to router A.
Then I enabled stp in vpls 1200 and I could ping between router B and pc B, and between router A and pc A, but never between them.

Attached are some show commands
Router A

Code: Select all

 show router 120 interface 
===============================================================================
Interface Table (Service: 120)
===============================================================================
Interface-Name                   Adm       Opr(v4/v6)  Mode    Port/SapId
   IP-Address                                                  PfxState
-------------------------------------------------------------------------------
to_PCA                           Up        Up/Down     VPRN    rvpls
   192.168.77.1/24                                             n/a
-------------------------------------------------------------------------------

Code: Select all

show router 120 arp 
===============================================================================
ARP Table (Service: 120)
===============================================================================
IP Address      MAC Address       Expiry    Type   Interface
-------------------------------------------------------------------------------
192.168.77.1    02:01:ff:00:03:ed 00h00m00s Oth[I] to_PCA
192.168.77.2    00:50:79:66:68:2c 01h56m59s Dyn[I] to_PCA

Router B

Code: Select all

show router 120 interface 
===============================================================================
Interface Table (Service: 120)
===============================================================================
Interface-Name                   Adm       Opr(v4/v6)  Mode    Port/SapId
   IP-Address                                                  PfxState
-------------------------------------------------------------------------------
to_PCB                           Up        Up/Down     VPRN    rvpls
   192.168.77.3/24                                             n/a
-------------------------------------------------------------------------------

Code: Select all

show router 120 arp 
===============================================================================
ARP Table (Service: 120)
===============================================================================
IP Address      MAC Address       Expiry    Type   Interface
-------------------------------------------------------------------------------
192.168.77.2    00:50:79:66:68:2c 02h06m28s Dyn[I] to_PCB
192.168.77.3    02:01:ff:00:03:ed 00h00m00s Oth[I] to_PCB

From the arp tables, I think the problem is that both interfaces have the same mac and that's why it doesn't work, I don't know if there is a way to fix that.

After seeing that the problem was due to the mac, I made another configuration keeping the same physical layout.
What I did was to configure only vpls on router B, to communicate directly with pc B, bypassing the interface of router B, but keeping it on router A.
With this I managed to ping both pc's and router A.

Router B

Code: Select all

 vpls 1200 customer 1 create
            stp
                shutdown
            exit
            sap 1/1/3:200 create
                no shutdown
            exit
            spoke-sdp 103:1200 create
                no shutdown
            exit
            no shutdown
        exit

Do you know if there is any way to fix the mac problem seen in the r-vpls configuration?
Anyway thanks to that idea I was able to move on to the next one, thanks.

[dolan23]

I add: now I have used the command "configure service vprn interface mac" to give a new mac to the interface of router B, but it didn't solve the ping problem either.
The logs showed this.
Router A

Code: Select all

100 2017/07/20 00:32:59.21 UTC WARNING: STP #2026 Base 80-00-02-01-ff-00-00-00
"The Stp Exception condition has changed to none in service 1200 (customer 1) on SDP Bind 103:1200"

99 2017/07/20 00:32:29.21 UTC WARNING: STP #2026 Base 80-00-02-01-ff-00-00-00
"The Stp Exception condition has changed to downstreamLoopDetected in service 1200 (customer 1) on SDP Bind 103:1200"

98 2017/07/20 00:30:20.10 UTC WARNING: STP #2014 Base 80-00-02-01-ff-00-00-00
"Topology change for service 1200 (customer 1) due to SDP Bind 103:1200 state change from learning to forwarding"

Router B

Code: Select all

92 2017/07/20 00:33:03.92 UTC WARNING: STP #2014 Base 80-00-02-01-ff-00-00-00
"Topology change for service 1200 (customer 1) due to SDP Bind 103:1200 state change from learning to forwarding"

91 2017/07/20 00:33:03.92 UTC WARNING: STP #2026 Base 80-00-02-01-ff-00-00-00
"The Stp Exception condition has changed to none in service 1200 (customer 1) on SDP Bind 103:1200"

90 2017/07/20 00:29:57.04 UTC WARNING: STP #2026 Base 80-00-02-01-ff-00-00-00
"The Stp Exception condition has changed to downstreamLoopDetected in service 1200 (customer 1) on SDP Bind 103:1200"

So I disabled stp on both routers and now all devices can ping each other.

Then I made a connection between the switches with vlan 200 and pinged again, and after a while it also worked.

vlan 200 between switch

I understand that this generates a loop in the network, currently only the command "split-horizon-group" is configured in the vpls, my question is, is this enough to avoid a loop, or should I also add stp or another command in some device in the network?

Thanks for the help.

[paramount]

Hi,

Did you get this resolved in the end? I am not fully seeing why with your initial topology you were seeing a loop.
Assuming you are pinging from VPC-A-4 - before you joined the switches together, your traffic path should be:

VPC-A-4 ---- sw-A-4 ----- router A-4 r-VPLS ----- router A-4 VPRN interface
or
VPC-A-4 ---- sw-A-4 ----- router A-4 r-VPLS --- spoke SDP ---- router B-4 r-VPLS

I suspect actually, it's the STP bridge IDs that are non-unique so it believes there is a loop there - these will be based upon a MAC address.
You could change the STP priority on one end, and I think that should then give a unique bridge ID, so they should not then detect a loop.

Paramount

[dolan23]

Hi thanks for the reply, I will try what you mention to see if I solve the problem of the first topology.
Anyway with the changes I made in the second configuration it was enough for what I needed.
I will comment once I make the STP priority changes.