[GTER] RES: RES: RES: RES: RES: RES: RES: Res: Re: Res: RES: Duvida VRF+ BGP

Luis Fernando Goncalves lgoncalves at marcopolonetwork.com
Mon Dec 7 12:06:06 -02 2009


Isso... eu chamo de VRF-INTERNA a VRF que se comunica com meus firewalls / rede interna...

-----Mensagem original-----
De: gter-bounces at eng.registro.br [mailto:gter-bounces at eng.registro.br] Em nome de Alexandre Castro
Enviada em: segunda-feira, 7 de dezembro de 2009 11:59
Para: 'Grupo de Trabalho de Engenharia e Operacao de Redes'
Assunto: [GTER] RES: RES: RES: RES: RES: RES: Res: Re: Res: RES: Duvida VRF+ BGP

Luis, 

Sua topologia é essa?

PE<>CE - BGP 
PE <> PE - BGP vpnv4
PE <> outro CE - BGP

CE <> PE<> Backbone <> PE <> CE

Não entendi essa VRF-INTERNA, vc chama vrf-interna de rotas vpnv4??

[]'s

Alexandre

-----Mensagem original-----
De: gter-bounces at eng.registro.br [mailto:gter-bounces at eng.registro.br] Em nome de Luis Fernando Goncalves
Enviada em: segunda-feira, 7 de dezembro de 2009 11:14
Para: Grupo de Trabalho de Engenharia e Operacao de Redes
Assunto: [GTER] RES: RES: RES: RES: RES: Res: Re: Res: RES: Duvida VRF + BGP

Então, do cliente ele consegue chegar até o meu router... mas no meu router ele morre... o que parece estar acontecendo é que da VRF-CLIENTE o pacote não consegue chegar na VRF-INTERNA...

Olha o show ip...

#sh ip route vrf 30_CLIENTE

     192.168.104.0/30 is subnetted, 1 subnets
C       192.168.104.4 is directly connected, Vlan30
     89.9.0.0/26 is subnetted, 1 subnets
B       89.9.6.92 [20/0] via 10.40.1.68 (10_UNTRD), 4d18h
     95.10.49.0/27 is subnetted, 1 subnets
S       95.10.49.32 [1/0] via 192.168.104.5

# sh ip route vrf 10_UNTRD

     192.168.104.0/30 is subnetted, 2 subnets
B       192.168.104.4 is directly connected, 4d18h, Vlan30
B       192.168.104.12 [200/0] via 10.40.1.98, 2d18h
     89.9.0.0/26 is subnetted, 1 subnets
S       89.9.6.92 [1/0] via 10.40.1.68
     95.10.49.0/27 is subnetted, 1 subnets
B       95.10.49.32 [20/10] via 192.168.104.5 (30_CLIENTE), 00:15:05


-----Mensagem original-----
De: gter-bounces at eng.registro.br [mailto:gter-bounces at eng.registro.br] Em nome de Alexandre Castro
Enviada em: segunda-feira, 7 de dezembro de 2009 11:03
Para: 'Grupo de Trabalho de Engenharia e Operacao de Redes'
Assunto: [GTER] RES: RES: RES: RES: Res: Re: Res: RES: Duvida VRF + BGP

Ok, vc vê suas rotas no seu backbone dos 2 lados correto? 
Do PE <> Cliente é via BGP ou rota estática? 
Pode ser que o pacote consiga ir mas não sabe retornar , para isso precisaria ver como está os roteadores clientes!

[]'s
Alexandre

-----Mensagem original-----
De: gter-bounces at eng.registro.br [mailto:gter-bounces at eng.registro.br] Em nome de Luis Fernando Goncalves
Enviada em: segunda-feira, 7 de dezembro de 2009 10:54
Para: Grupo de Trabalho de Engenharia e Operacao de Redes
Assunto: [GTER] RES: RES: RES: Res: Re: Res: RES: Duvida VRF + BGP

Sim, os labels estão ok.
Temos caminhos redundantes sim... tenho dois switches que se falam via iBGP porém os depois estão configurados "corretamente";
Tenho algumas rotas estáticas mas que servem para outras VRFs...


-----Mensagem original-----
De: gter-bounces at eng.registro.br [mailto:gter-bounces at eng.registro.br] Em nome de Alexandre Castro
Enviada em: segunda-feira, 7 de dezembro de 2009 10:23
Para: 'Grupo de Trabalho de Engenharia e Operacao de Redes'
Assunto: [GTER] RES: RES: Res: Re: Res: RES: Duvida VRF + BGP

Os labels que a origem e destino envia (PE's), estão corretos?
Existem caminhos redundantes no seu backbone, as vezes em algum link falta o MPLS , ai quebra o label e vc não consegue fazer nada!
É tudo BGP ou tem rotas estáticas nos PE's e depois isso é redistribuído?

[]'s

Alexandre

-----Mensagem original-----
De: gter-bounces at eng.registro.br [mailto:gter-bounces at eng.registro.br] Em nome de Luis Fernando Goncalves
Enviada em: segunda-feira, 7 de dezembro de 2009 10:09
Para: Grupo de Trabalho de Engenharia e Operacao de Redes
Assunto: [GTER] RES: Res: Re: Res: RES: Duvida VRF + BGP

Pessoal,

Adicionei na configuração do neighbor do cliente a opção de send-community both... todos os comandos passados pelo documento estão ok, ou seja, eu consigo visualizar para onde eu tenho que mandar o pacote em cada VRF, mas mesmo assim não está rolando...

Eu tinha uma access-list 80 com deny any... e adicionei uma outra com 79 permit any.... e nada...

Alguma outra idéia???

-----Mensagem original-----
De: gter-bounces at eng.registro.br [mailto:gter-bounces at eng.registro.br] Em nome de Luis Fernando Goncalves
Enviada em: domingo, 6 de dezembro de 2009 12:53
Para: gter at eng.registro.br
Assunto: [GTER] Res: Re: Res: RES: Duvida VRF + BGP

Gustavo,

Na VRF do cliente eu exporto a configurcao dessa VRF e importo a configuracao da VRF intera e vice-versa não uso essa opcao... Será q eh por isso? Vou fazer o teste hj a noite...

Obrigado,
Luis
 

----- Mensagem original -----
De: gter-bounces at eng.registro.br <gter-bounces at eng.registro.br>
Para: Grupo de Trabalho de Engenharia e Operacao de Redes <gter at eng.registro.br>
Enviada em: Sun Dec 06 09:32:10 2009
Assunto: Re: [GTER] Res: RES: Duvida VRF + BGP

Como está a configuração da AF vpnv4 unicast no bgp?
Incluiu send-community both na declaração do neighbor?
Tente seguir as orientações deste documento para detectar aonde está o
problema:
http://www.cisco.com/en/US/tech/tk436/tk428/technologies_tech_note09186a0080093fcd.shtml

Abs, Gustavo Albuquerque

2009/12/6 Luis Fernando Goncalves <lgoncalves at marcopolonetwork.com>

> Pessoal,
>
> A saga continua... Agora o cliente esta recebendo o anuncio de minhas rotas
> normalente, ou seja, atraves do comandos sh ip bgp e sh ip route dentro das
> VRF eu consigo visualizar corretamente tanto origem qto destino porem quando
> o cliente tenta acessar meu servidor ele chega ate eu router e para...
>
> Pelo eu pude entender meu router não esta conseguindo roter de uma VRF
> (cliente -  interna) para outra (mesmo abas conhecendo as devidas rotas).
> Alguma ideia do que possa estar acontecendo?
>
> Obrigado,
> Luis Fernando
>
--
gter list    https://eng.registro.br/mailman/listinfo/gter

This email message including any attachments is for the sole use of the intended recipient(s) and may contain confidential and/ or privileged information.  It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction.  All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect the views of Marco Polo Network Inc., its affiliates, subsidiaries or agents (collectively Marco Polo).  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.  Marco Polo reserves the right to monitor and retain all incoming and outgoing communications as permitted by applicable law.
Email communications may contain viruses or other defects. Marco Polo does not accept liability nor does it warrant that email communications are virus or defect free.

--
gter list    https://eng.registro.br/mailman/listinfo/gter

This email message including any attachments is for the sole use of the intended recipient(s) and may contain confidential and/ or privileged information.  It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction.  All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect the views of Marco Polo Network Inc., its affiliates, subsidiaries or agents (collectively Marco Polo).  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.  Marco Polo reserves the right to monitor and retain all incoming and outgoing communications as permitted by applicable law.
Email communications may contain viruses or other defects. Marco Polo does not accept liability nor does it warrant that email communications are virus or defect free.

--
gter list    https://eng.registro.br/mailman/listinfo/gter

--
gter list    https://eng.registro.br/mailman/listinfo/gter

This email message including any attachments is for the sole use of the intended recipient(s) and may contain confidential and/ or privileged information.  It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction.  All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect the views of Marco Polo Network Inc., its affiliates, subsidiaries or agents (collectively Marco Polo).  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.  Marco Polo reserves the right to monitor and retain all incoming and outgoing communications as permitted by applicable law.
Email communications may contain viruses or other defects. Marco Polo does not accept liability nor does it warrant that email communications are virus or defect free.

--
gter list    https://eng.registro.br/mailman/listinfo/gter

--
gter list    https://eng.registro.br/mailman/listinfo/gter

This email message including any attachments is for the sole use of the intended recipient(s) and may contain confidential and/ or privileged information.  It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction.  All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect the views of Marco Polo Network Inc., its affiliates, subsidiaries or agents (collectively Marco Polo).  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.  Marco Polo reserves the right to monitor and retain all incoming and outgoing communications as permitted by applicable law.
Email communications may contain viruses or other defects. Marco Polo does not accept liability nor does it warrant that email communications are virus or defect free.

--
gter list    https://eng.registro.br/mailman/listinfo/gter

--
gter list    https://eng.registro.br/mailman/listinfo/gter

This email message including any attachments is for the sole use of the intended recipient(s) and may contain confidential and/ or privileged information.  It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction.  All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect the views of Marco Polo Network Inc., its affiliates, subsidiaries or agents (collectively Marco Polo).  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message.  Marco Polo reserves the right to monitor and retain all incoming and outgoing communications as permitted by applicable law.
Email communications may contain viruses or other defects. Marco Polo does not accept liability nor does it warrant that email communications are virus or defect free.



More information about the gter mailing list