[GTER] RES: RES: RES: RES: RES: RES: RES: RES: RES: Res: Re: Res: RES:Duvida VRF+ BGP
Luis Fernando Goncalves
lgoncalves at marcopolonetwork.com
Tue Dec 8 16:39:22 -02 2009
Alexandre,
Somente o diretamente conectado... na verdade acho q eu q não estou sabendo me explicar, eu tenho 1 equipamento (3560) e nesse equipamento tenho 2 VRFs, uma que se comunica com a rede interna (VRF 100) e outro que crie para se comunicar com o router do cliente (VRF 300). O problema que estou tendo é, eu não consigo rotear os pacotes que chegam através da VRF 300 para a VRF 100 (no mesmo equipamento), mesmo conhecendo as devidas redes (sh ip route).
Atenciosamente,
Luis Fernando Gonçalves
Project Manager
Marco Polo Network Latam Brasil
-----Mensagem original-----
De: gter-bounces at eng.registro.br [mailto:gter-bounces at eng.registro.br] Em nome de Alexandre Castro
Enviada em: segunda-feira, 7 de dezembro de 2009 20:23
Para: 'Grupo de Trabalho de Engenharia e Operacao de Redes'
Assunto: [GTER] RES: RES: RES: RES: RES: RES: RES: RES: Res: Re: Res: RES:Duvida VRF+ BGP
Desculpe Luis ainda não entendi direito essa topologia,pensei que fosse essa que te passei , ou seja
CE<>PE<>BACKBONE<>PE<>CE
Onde em cada PE tem uma configuração de route-target igual, ou pelo menos as de import vejam a export do outro lado e vice-versa!!!
Realmente não sei consigo te ajudar!
Talvez algo que te ajude, de cada PE vc pinga a rede do seu cliente ou somente o diretamente conectado??
[]'s
Alexandre
-----Mensagem original-----
De: gter-bounces at eng.registro.br [mailto:gter-bounces at eng.registro.br] Em nome de Luis Fernando Goncalves
Enviada em: segunda-feira, 7 de dezembro de 2009 12:06
Para: Grupo de Trabalho de Engenharia e Operacao de Redes
Assunto: [GTER] RES: RES: RES: RES: RES: RES: RES: Res: Re: Res: RES: Duvida VRF+ BGP
Isso... eu chamo de VRF-INTERNA a VRF que se comunica com meus firewalls / rede interna...
-----Mensagem original-----
De: gter-bounces at eng.registro.br [mailto:gter-bounces at eng.registro.br] Em nome de Alexandre Castro
Enviada em: segunda-feira, 7 de dezembro de 2009 11:59
Para: 'Grupo de Trabalho de Engenharia e Operacao de Redes'
Assunto: [GTER] RES: RES: RES: RES: RES: RES: Res: Re: Res: RES: Duvida VRF+ BGP
Luis,
Sua topologia é essa?
PE<>CE - BGP
PE <> PE - BGP vpnv4
PE <> outro CE - BGP
CE <> PE<> Backbone <> PE <> CE
Não entendi essa VRF-INTERNA, vc chama vrf-interna de rotas vpnv4??
[]'s
Alexandre
-----Mensagem original-----
De: gter-bounces at eng.registro.br [mailto:gter-bounces at eng.registro.br] Em nome de Luis Fernando Goncalves
Enviada em: segunda-feira, 7 de dezembro de 2009 11:14
Para: Grupo de Trabalho de Engenharia e Operacao de Redes
Assunto: [GTER] RES: RES: RES: RES: RES: Res: Re: Res: RES: Duvida VRF + BGP
Então, do cliente ele consegue chegar até o meu router... mas no meu router ele morre... o que parece estar acontecendo é que da VRF-CLIENTE o pacote não consegue chegar na VRF-INTERNA...
Olha o show ip...
#sh ip route vrf 30_CLIENTE
192.168.104.0/30 is subnetted, 1 subnets
C 192.168.104.4 is directly connected, Vlan30
89.9.0.0/26 is subnetted, 1 subnets
B 89.9.6.92 [20/0] via 10.40.1.68 (10_UNTRD), 4d18h
95.10.49.0/27 is subnetted, 1 subnets
S 95.10.49.32 [1/0] via 192.168.104.5
# sh ip route vrf 10_UNTRD
192.168.104.0/30 is subnetted, 2 subnets
B 192.168.104.4 is directly connected, 4d18h, Vlan30
B 192.168.104.12 [200/0] via 10.40.1.98, 2d18h
89.9.0.0/26 is subnetted, 1 subnets
S 89.9.6.92 [1/0] via 10.40.1.68
95.10.49.0/27 is subnetted, 1 subnets
B 95.10.49.32 [20/10] via 192.168.104.5 (30_CLIENTE), 00:15:05
-----Mensagem original-----
De: gter-bounces at eng.registro.br [mailto:gter-bounces at eng.registro.br] Em nome de Alexandre Castro
Enviada em: segunda-feira, 7 de dezembro de 2009 11:03
Para: 'Grupo de Trabalho de Engenharia e Operacao de Redes'
Assunto: [GTER] RES: RES: RES: RES: Res: Re: Res: RES: Duvida VRF + BGP
Ok, vc vê suas rotas no seu backbone dos 2 lados correto?
Do PE <> Cliente é via BGP ou rota estática?
Pode ser que o pacote consiga ir mas não sabe retornar , para isso precisaria ver como está os roteadores clientes!
[]'s
Alexandre
-----Mensagem original-----
De: gter-bounces at eng.registro.br [mailto:gter-bounces at eng.registro.br] Em nome de Luis Fernando Goncalves
Enviada em: segunda-feira, 7 de dezembro de 2009 10:54
Para: Grupo de Trabalho de Engenharia e Operacao de Redes
Assunto: [GTER] RES: RES: RES: Res: Re: Res: RES: Duvida VRF + BGP
Sim, os labels estão ok.
Temos caminhos redundantes sim... tenho dois switches que se falam via iBGP porém os depois estão configurados "corretamente";
Tenho algumas rotas estáticas mas que servem para outras VRFs...
-----Mensagem original-----
De: gter-bounces at eng.registro.br [mailto:gter-bounces at eng.registro.br] Em nome de Alexandre Castro
Enviada em: segunda-feira, 7 de dezembro de 2009 10:23
Para: 'Grupo de Trabalho de Engenharia e Operacao de Redes'
Assunto: [GTER] RES: RES: Res: Re: Res: RES: Duvida VRF + BGP
Os labels que a origem e destino envia (PE's), estão corretos?
Existem caminhos redundantes no seu backbone, as vezes em algum link falta o MPLS , ai quebra o label e vc não consegue fazer nada!
É tudo BGP ou tem rotas estáticas nos PE's e depois isso é redistribuído?
[]'s
Alexandre
-----Mensagem original-----
De: gter-bounces at eng.registro.br [mailto:gter-bounces at eng.registro.br] Em nome de Luis Fernando Goncalves
Enviada em: segunda-feira, 7 de dezembro de 2009 10:09
Para: Grupo de Trabalho de Engenharia e Operacao de Redes
Assunto: [GTER] RES: Res: Re: Res: RES: Duvida VRF + BGP
Pessoal,
Adicionei na configuração do neighbor do cliente a opção de send-community both... todos os comandos passados pelo documento estão ok, ou seja, eu consigo visualizar para onde eu tenho que mandar o pacote em cada VRF, mas mesmo assim não está rolando...
Eu tinha uma access-list 80 com deny any... e adicionei uma outra com 79 permit any.... e nada...
Alguma outra idéia???
-----Mensagem original-----
De: gter-bounces at eng.registro.br [mailto:gter-bounces at eng.registro.br] Em nome de Luis Fernando Goncalves
Enviada em: domingo, 6 de dezembro de 2009 12:53
Para: gter at eng.registro.br
Assunto: [GTER] Res: Re: Res: RES: Duvida VRF + BGP
Gustavo,
Na VRF do cliente eu exporto a configurcao dessa VRF e importo a configuracao da VRF intera e vice-versa não uso essa opcao... Será q eh por isso? Vou fazer o teste hj a noite...
Obrigado,
Luis
----- Mensagem original -----
De: gter-bounces at eng.registro.br <gter-bounces at eng.registro.br>
Para: Grupo de Trabalho de Engenharia e Operacao de Redes <gter at eng.registro.br>
Enviada em: Sun Dec 06 09:32:10 2009
Assunto: Re: [GTER] Res: RES: Duvida VRF + BGP
Como está a configuração da AF vpnv4 unicast no bgp?
Incluiu send-community both na declaração do neighbor?
Tente seguir as orientações deste documento para detectar aonde está o
problema:
http://www.cisco.com/en/US/tech/tk436/tk428/technologies_tech_note09186a0080093fcd.shtml
Abs, Gustavo Albuquerque
2009/12/6 Luis Fernando Goncalves <lgoncalves at marcopolonetwork.com>
> Pessoal,
>
> A saga continua... Agora o cliente esta recebendo o anuncio de minhas rotas
> normalente, ou seja, atraves do comandos sh ip bgp e sh ip route dentro das
> VRF eu consigo visualizar corretamente tanto origem qto destino porem quando
> o cliente tenta acessar meu servidor ele chega ate eu router e para...
>
> Pelo eu pude entender meu router não esta conseguindo roter de uma VRF
> (cliente - interna) para outra (mesmo abas conhecendo as devidas rotas).
> Alguma ideia do que possa estar acontecendo?
>
> Obrigado,
> Luis Fernando
>
--
gter list https://eng.registro.br/mailman/listinfo/gter
This email message including any attachments is for the sole use of the intended recipient(s) and may contain confidential and/ or privileged information. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect the views of Marco Polo Network Inc., its affiliates, subsidiaries or agents (collectively Marco Polo). Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Marco Polo reserves the right to monitor and retain all incoming and outgoing communications as permitted by applicable law.
Email communications may contain viruses or other defects. Marco Polo does not accept liability nor does it warrant that email communications are virus or defect free.
--
gter list https://eng.registro.br/mailman/listinfo/gter
This email message including any attachments is for the sole use of the intended recipient(s) and may contain confidential and/ or privileged information. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect the views of Marco Polo Network Inc., its affiliates, subsidiaries or agents (collectively Marco Polo). Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Marco Polo reserves the right to monitor and retain all incoming and outgoing communications as permitted by applicable law.
Email communications may contain viruses or other defects. Marco Polo does not accept liability nor does it warrant that email communications are virus or defect free.
--
gter list https://eng.registro.br/mailman/listinfo/gter
--
gter list https://eng.registro.br/mailman/listinfo/gter
This email message including any attachments is for the sole use of the intended recipient(s) and may contain confidential and/ or privileged information. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect the views of Marco Polo Network Inc., its affiliates, subsidiaries or agents (collectively Marco Polo). Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Marco Polo reserves the right to monitor and retain all incoming and outgoing communications as permitted by applicable law.
Email communications may contain viruses or other defects. Marco Polo does not accept liability nor does it warrant that email communications are virus or defect free.
--
gter list https://eng.registro.br/mailman/listinfo/gter
--
gter list https://eng.registro.br/mailman/listinfo/gter
This email message including any attachments is for the sole use of the intended recipient(s) and may contain confidential and/ or privileged information. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect the views of Marco Polo Network Inc., its affiliates, subsidiaries or agents (collectively Marco Polo). Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Marco Polo reserves the right to monitor and retain all incoming and outgoing communications as permitted by applicable law.
Email communications may contain viruses or other defects. Marco Polo does not accept liability nor does it warrant that email communications are virus or defect free.
--
gter list https://eng.registro.br/mailman/listinfo/gter
--
gter list https://eng.registro.br/mailman/listinfo/gter
This email message including any attachments is for the sole use of the intended recipient(s) and may contain confidential and/ or privileged information. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect the views of Marco Polo Network Inc., its affiliates, subsidiaries or agents (collectively Marco Polo). Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Marco Polo reserves the right to monitor and retain all incoming and outgoing communications as permitted by applicable law.
Email communications may contain viruses or other defects. Marco Polo does not accept liability nor does it warrant that email communications are virus or defect free.
--
gter list https://eng.registro.br/mailman/listinfo/gter
--
gter list https://eng.registro.br/mailman/listinfo/gter
This email message including any attachments is for the sole use of the intended recipient(s) and may contain confidential and/ or privileged information. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect the views of Marco Polo Network Inc., its affiliates, subsidiaries or agents (collectively Marco Polo). Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. Marco Polo reserves the right to monitor and retain all incoming and outgoing communications as permitted by applicable law.
Email communications may contain viruses or other defects. Marco Polo does not accept liability nor does it warrant that email communications are virus or defect free.
More information about the gter
mailing list