L3VPN MP-iBGP : MPLS Forward: Discarding

OTech · ‎07-06-2017

Hi there,

We are facing an issue with our L3VPN MP-BGP infrastructure.

We are working with about 30 "HPe FlexFabric 5930-2Slot+2QSFP+ JH178A", but we reproduce our problem on "HPe VSR1001" in GNS3.

A quick summary, two routers "HPe VSR1001 7.10.E0325" named "ARA-SVC-1" & "ARA-SVC-2" directly connected with two routed interfaces :

ARA-SVC-1 Ge15/0 <=>ARA-SVC-2 Ge15/0
ARA-SVC-1 Ge16/0 <=>ARA-SVC-2 Ge16/0

We are peering in iBGP (IPv4 and VPNv4). All routes are correctly propagated, but when we try to ping the LoopBack1 interface (in a VPN instance) from whichever switch, the packet is discarded directly by the sender.

We haven't the problem in the Loopback0 (without VPN instance).

We try :
- with an real interface : Same issue
- with only one interface : Same issue
- in eBGP : No problem

Any advice ?

Thanks

Error sent by the switch in debug :

*Jul  5 11:50:50:327 2017 ARA-SVC-2 MPLSFW/7/MPLSFW:
MPLS Forward: Receiving IP packet, len = 84, s = 1.1.1.2, d = 1.1.1.1, TOS = 0, TTL = 255.

*Jul  5 11:50:50:327 2017 ARA-SVC-2 MPLSFW/7/MPLSFW:
MPLS Forward: Discarding because failed to get fwd info by NID 4294967295!

Configurations :

ARA-SVC-1 :

#
ip vpn-instance VR_OT_LEGACY_BACKUP
route-distinguisher 65300:3
description VRF OT - BACKUP LEGACY
vpn-target 65300:3 import-extcommunity
vpn-target 65300:3 export-extcommunity
#
router id 10.201.18.1
#
mpls lsr-id 10.201.18.1
#
ip unreachables enable
ip ttl-expires enable
ip icmp source 10.201.18.1
ip icmp source vpn-instance VR_OT_LEGACY_BACKUP 1.1.1.1
#
interface LoopBack0
description UNDERLAY - Loopback
ip address 10.201.18.1 255.255.255.255
#
interface LoopBack1
ip binding vpn-instance VR_OT_LEGACY_BACKUP
ip address 1.1.1.1 255.255.255.255
#

#
interface GigabitEthernet15/0
port link-mode route
description ARA-SVC-2_15/0_iBGP
ip address 10.201.8.1 255.255.255.254
mpls enable
#
interface GigabitEthernet16/0
port link-mode route
description ARA-SVC-2_16/0_iBGP
ip address 10.201.8.3 255.255.255.254
mpls enable

#
bgp 64601
router-id 10.201.18.1
group GROUP-IBGP internal
peer GROUP-IBGP description iBGP
peer GROUP-IBGP route-update-interval 0
peer GROUP-IBGP timer keepalive 3 hold 9

peer 10.201.8.0 group GROUP-IBGP
peer 10.201.8.0 description ARA-SVC-2_15/0_iBGP
peer 10.201.8.0 connect-interface GigabitEthernet15/0
peer 10.201.8.0 bfd single-hop
peer 10.201.8.2 group GROUP-IBGP
peer 10.201.8.2 description ARA-SVC-2_16/0_iBGP
peer 10.201.8.2 connect-interface GigabitEthernet16/0
peer 10.201.8.2 bfd single-hop
#
address-family ipv4 unicast
default-route imported
balance eibgp 8
import-route direct route-policy DIRECTLY-CONNECTED-LOOPBACK
import-route static
peer GROUP-IBGP enable
peer GROUP-IBGP route-policy FROM_UND_SVC import
peer GROUP-IBGP route-policy TO_UND_SVC export
#
address-family vpnv4
undo policy vpn-target
peer GROUP-IBGP enable
peer GROUP-IBGP route-policy FROM_VPN_SVC import
peer GROUP-IBGP route-policy TO_VPN_SVC export
peer GROUP-IBGP next-hop-local
#
ip vpn-instance VR_OT_LEGACY_BACKUP
#
address-family ipv4 unicast
default-route imported
balance ebgp 8
import-route direct
import-route static
#
route-policy DIRECTLY-CONNECTED-LOOPBACK permit node 1
if-match interface LoopBack0
#
route-policy DIRECTLY-CONNECTED-LOOPBACK deny node 100
#
route-policy FROM_UND_SVC permit node 100
#
route-policy FROM_VPN_SVC permit node 10
if-match extcommunity 1
apply local-preference 50
#
route-policy FROM_VPN_SVC deny node 100
#
route-policy TO_UND_SVC permit node 100
#
route-policy TO_VPN_SVC permit node 10
if-match extcommunity 1
#
route-policy TO_VPN_SVC deny node 100
#
ip extcommunity-list 1 permit rt 65300:3
#

ARA-SVC-2 :

#
ip vpn-instance VR_OT_LEGACY_BACKUP
route-distinguisher 65300:3
description VRF OT - BACKUP LEGACY
vpn-target 65300:3 import-extcommunity
vpn-target 65300:3 export-extcommunity
#
router id 10.201.18.2
#
mpls lsr-id 10.201.18.2
#
ip unreachables enable
ip ttl-expires enable
ip icmp source 10.201.18.2
ip icmp source vpn-instance VR_OT_LEGACY_BACKUP 1.1.1.2
#
interface LoopBack0
description UNDERLAY - Loopback
ip address 10.201.18.2 255.255.255.255
#
interface LoopBack1
ip binding vpn-instance VR_OT_LEGACY_BACKUP
ip address 1.1.1.2 255.255.255.255
#

#
interface GigabitEthernet15/0
port link-mode route
description ARA-SVC-1_15/0_iBGP
ip address 10.201.8.0 255.255.255.254
mpls enable
#
interface GigabitEthernet16/0
port link-mode route
description ARA-SVC-1_16/0_iBGP
ip address 10.201.8.2 255.255.255.254
mpls enable

#
bgp 64601
router-id 10.201.18.2
group GROUP-IBGP internal
peer GROUP-IBGP description iBGP
peer GROUP-IBGP route-update-interval 0
peer GROUP-IBGP timer keepalive 3 hold 9

peer 10.201.8.1 group GROUP-IBGP
peer 10.201.8.1 description ARA-SVC-1_15/0_iBGP
peer 10.201.8.1 connect-interface GigabitEthernet15/0
peer 10.201.8.1 bfd single-hop
peer 10.201.8.3 group GROUP-IBGP
peer 10.201.8.3 description ARA-SVC-1_15/0_iBGP
peer 10.201.8.3 connect-interface GigabitEthernet16/0
peer 10.201.8.3 bfd single-hop
#
address-family ipv4 unicast
default-route imported
balance eibgp 8
import-route direct route-policy DIRECTLY-CONNECTED-LOOPBACK
import-route static
peer GROUP-IBGP enable
peer GROUP-IBGP route-policy FROM_UND_SVC import
peer GROUP-IBGP route-policy TO_UND_SVC export
#
address-family vpnv4
undo policy vpn-target
peer GROUP-IBGP enable
peer GROUP-IBGP route-policy FROM_VPN_SVC import
peer GROUP-IBGP route-policy TO_VPN_SVC export
peer GROUP-IBGP next-hop-local
#
ip vpn-instance VR_OT_LEGACY_BACKUP
#
address-family ipv4 unicast
default-route imported
balance ebgp 8
import-route direct
import-route static
#
route-policy DIRECTLY-CONNECTED-LOOPBACK permit node 1
if-match interface LoopBack0
#
route-policy DIRECTLY-CONNECTED-LOOPBACK deny node 100
#
route-policy FROM_UND_SVC permit node 100
#
route-policy FROM_VPN_SVC permit node 10
if-match extcommunity 1
apply local-preference 50
#
route-policy FROM_VPN_SVC deny node 100
#
route-policy TO_UND_SVC permit node 100
#
route-policy TO_VPN_SVC permit node 10
if-match extcommunity 1
#
route-policy TO_VPN_SVC deny node 100
#
ip extcommunity-list 1 permit rt 65300:3
#

Routes and PING tests :

<ARA-SVC-1>display bgp routing-table vpnv4

 BGP local router ID is 10.201.18.1
 Status codes: * - valid, > - best, d - dampened, h - history,
               s - suppressed, S - stale, i - internal, e - external
               Origin: i - IGP, e - EGP, ? - incomplete

 Total number of routes from all PEs: 2

 Route distinguisher: 65300:3(VR_OT_LEGACY_BACKUP)
 Total number of routes: 3

     Network            NextHop         MED        LocPrf     PrefVal Path/Ogn

* >  1.1.1.1/32         127.0.0.1       0                     32768   ?
* >i 1.1.1.2/32         10.201.8.0      0          50         0       ?
*  i                    10.201.8.2      0          50         0       ?

<ARA-SVC-1>ping -vpn-instance VR_OT_LEGACY_BACKUP 1.1.1.2
Ping 1.1.1.2 (1.1.1.2): 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out

--- Ping statistics for 1.1.1.2 in VPN instance VR_OT_LEGACY_BACKUP ---
5 packets transmitted, 0 packets received, 100.0% packet loss
<ARA-SVC-1>

<ARA-SVC-2>display bgp routing-table vpnv4

 BGP local router ID is 10.201.18.2
 Status codes: * - valid, > - best, d - dampened, h - history,
               s - suppressed, S - stale, i - internal, e - external
               Origin: i - IGP, e - EGP, ? - incomplete

 Total number of routes from all PEs: 2

 Route distinguisher: 65300:3(VR_OT_LEGACY_BACKUP)
 Total number of routes: 3

     Network            NextHop         MED        LocPrf     PrefVal Path/Ogn

* >i 1.1.1.1/32         10.201.8.1      0          50         0       ?
*  i                    10.201.8.3      0          50         0       ?
* >  1.1.1.2/32         127.0.0.1       0                     32768   ?

<ARA-SVC-2>display bgp routing-table ipv4 vpn-instance VR_OT_LEGACY_BACKUP

 Total number of routes: 3

 BGP local router ID is 10.201.18.2
 Status codes: * - valid, > - best, d - dampened, h - history,
               s - suppressed, S - stale, i - internal, e - external
               Origin: i - IGP, e - EGP, ? - incomplete

     Network            NextHop         MED        LocPrf     PrefVal Path/Ogn

* >i 1.1.1.1/32         10.201.8.1      0          50         0       ?
*  i                    10.201.8.3      0          50         0       ?
* >  1.1.1.2/32         127.0.0.1       0                     32768   ?

<ARA-SVC-2>ping -vpn-instance VR_OT_LEGACY_BACKUP 1.1.1.1
Ping 1.1.1.1 (1.1.1.1): 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out

--- Ping statistics for 1.1.1.1 in VPN instance VR_OT_LEGACY_BACKUP ---
5 packets transmitted, 0 packets received, 100.0% packet loss
<ARA-SVC-2>

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

L3VPN MP-iBGP : MPLS Forward: Discarding

L3VPN MP-iBGP : MPLS Forward: Discarding