Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
623
Views
0
Helpful
0
Replies

APIC-EM - MPLS Site provision question

Jose Antonio Carvalho
Level 1
Level 1

‎09-01-2017 10:23 AM - edited ‎03-01-2019 04:40 AM

APIC-EM: APIC-EM-1.5.0.1368.

IWAN App: iwan-1.5.1.371

PnP App: pnp-app-1.5.1.35


Hello,


I've being trying to setup a couple of branches with IWAN. APIC-EM is reachable from INET (static nat to the inside) and from the MPLS through BGP advertisement. The Branch with only INET link works flawlessly (NAT option used in APIC-EM), the problems start when the MPLS is in use.


Config:

*** Interface connecting to PE PPP

interface GigabitEthernet1

ip address 198.10.1.2 255.255.255.252

negotiation auto

*** BGP Peering with MPLS PE ***

router bgp 65003

bgp log-neighbor-changes

network 198.10.1.0 mask 255.255.255.252

neighbor 198.10.1.1 remote-as 600

Neighbor UP:

R31#show ip protocols

....

Routing Protocol is "bgp 65003"

  Outgoing update filter list for all interfaces is not set

  Incoming update filter list for all interfaces is not set

  IGP synchronization is disabled

  Automatic route summarization is disabled

  Neighbor(s):

    Address          FiltIn FiltOut DistIn DistOut Weight RouteMap

    198.10.1.1                                          

  Maximum path: 1

  Routing Information Sources:

    Gateway         Distance      Last Update

    198.10.1.1            20      00:47:26

  Distance: external 20 internal 200 local 200

....

Log:

.Sep  1 13:29:23.392: %DUAL-5-NBRCHANGE: EIGRP-IPv4 400: Neighbor 192.168.66.2 (Tunnel10) is up: new adjacency

.Sep  1 13:29:36.494: %PIM-5-NBRCHG: neighbor 192.168.66.2 UP on interface Tunnel10

.Sep  1 13:29:36.495: %PIM-5-DRCHG: DR change from neighbor 192.168.66.3 to 192.168.66.2 on interface Tunnel10

.Sep  1 13:29:40.584: %CRYPTO-6-IKMP_NO_ID_CERT_ADDR_MATCH: (NOT ERROR BUT WARNING ONLY)ID of 172.16.12.254 (type 1) and certificate addr with

.Sep  1 13:29:40.584: %CRYPTO-6-IKMP_NO_ID_CERT_ADDR_MATCH: (NOT ERROR BUT WARNING ONLY)ID of 172.16.12.254 (type 1) and certificate addr with

.Sep  1 13:29:43.518: %DUAL-5-NBRCHANGE: EIGRP-IPv4 400: Neighbor 192.168.66.1 (Tunnel10) is up: new adjacency

.Sep  1 13:29:46.785: %PIM-5-NBRCHG: neighbor 192.168.66.1 UP on interface Tunnel10

R31#     

.Sep  1 13:31:14.011: %BGP-3-NOTIFICATION: sent to neighbor 198.10.1.1 4/0 (hold time expired) 0 bytes

.Sep  1 13:31:14.011: %BGP-5-NBR_RESET: Neighbor 198.10.1.1 reset (BGP Notification sent)

.Sep  1 13:31:14.012: %BGP-5-ADJCHANGE: neighbor 198.10.1.1 Down BGP Notification sent

.Sep  1 13:31:14.012: %BGP_SESSION-5-ADJCHANGE: neighbor 198.10.1.1 IPv4 Unicast topology base removed from session  BGP Notification sent


Configuration GigabitEthernet1 after IWAN changes:

interface GigabitEthernet1

bandwidth 300000

ip vrf forwarding IWAN-TRANSPORT-1

ip address 198.10.1.2 255.255.255.252

negotiation auto

end


This makes the BGP peering to be removed and IWAN setup fail.

I've tried a couple of options without success:

  • I've added the BGP into vrf after, but the PFR doesn't get used because the site still appears as failed in IWAN app and needs to be removed before it's added again.
  • Tried to create the vrf and BGP in vrf before IWAN deployment. It's fails since IWAN validates for existing vrf's.

Anyone can shed some light for possible solutions ?

Thank you

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents