Why can't I ping outside from BGP iosv-3?
-
Flat connects out to my 60E. I can ping 192.168.1.5 my Ubuntu server from
iosv-9>
iosv-9>en
Password:
iosv-9#ping 192.168.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.5, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 8/9/11 ms
iosv-9#ping 192.168.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/10/13 ms
iosv-9#iosv-12#ping 192.168.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms
iosv-12#iosv-13>
iosv-13>en
Password:
iosv-13#ping 192.168.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/11/13 ms
iosv-13#I can never ping from the BGP router on the opposite side of flat, iosv-3
iosv-3#ping 192.168.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.5, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
iosv-3#
iosv-3#
iosv-3#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfRGateway of last resort is 10.23.23.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 10.23.23.1
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.23.23.0/30 is directly connected, GigabitEthernet0/1
L 10.23.23.2/32 is directly connected, GigabitEthernet0/1
172.16.0.0/16 is variably subnetted, 9 subnets, 2 masks
C 172.16.16.0/30 is directly connected, GigabitEthernet0/3
L 172.16.16.1/32 is directly connected, GigabitEthernet0/3
O 172.16.17.0/30 [110/2] via 172.16.16.2, 00:20:12, GigabitEthernet0/3
O 172.16.18.0/30 [110/3] via 172.16.16.2, 00:20:12, GigabitEthernet0/3
O 172.16.19.0/30 [110/4] via 172.16.16.2, 00:20:12, GigabitEthernet0/3
C 172.16.32.0/30 is directly connected, GigabitEthernet0/2
L 172.16.32.1/32 is directly connected, GigabitEthernet0/2
D 172.16.33.0/30
[90/3072] via 172.16.32.2, 00:20:50, GigabitEthernet0/2
D 172.16.34.0/30
[90/3328] via 172.16.32.2, 00:20:48, GigabitEthernet0/2
192.168.32.0/30 is subnetted, 1 subnets
B 192.168.32.0 [20/0] via 10.23.23.1, 00:20:19
192.168.33.0/30 is subnetted, 1 subnets
B 192.168.33.0 [20/120] via 10.23.23.1, 00:20:19
192.168.34.0/30 is subnetted, 1 subnets
B 192.168.34.0 [20/120] via 10.23.23.1, 00:20:19
192.168.35.0/30 is subnetted, 1 subnets
B 192.168.35.0 [20/120] via 10.23.23.1, 00:20:19
iosv-3#
iosv-3#ping fd80:db8:172::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FD80:DB8:172::2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
iosv-3#
iosv-3#
iosv-3#sh ipv6 route
IPv6 Routing Table - default - 27 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
lA - LISP away, a - Application
C FD10:23:23::/64 [0/0]
via GigabitEthernet0/1, directly connected
L FD10:23:23::2/128 [0/0]
via GigabitEthernet0/1, receive
C FD17:16:16::/127 [0/0]
via GigabitEthernet0/3, directly connected
L FD17:16:16::1/128 [0/0]
via GigabitEthernet0/3, receive
O FD17:16:16::2/127 [110/1]
via GigabitEthernet0/3, directly connected
O FD17:16:17::/127 [110/2]
via FE80::F816:3EFF:FE6F:3D25, GigabitEthernet0/3
O FD17:16:17::2/127 [110/2]
via FE80::F816:3EFF:FE6F:3D25, GigabitEthernet0/3
O FD17:16:18::/127 [110/3]
via FE80::F816:3EFF:FE6F:3D25, GigabitEthernet0/3
O FD17:16:18::2/127 [110/3]
via FE80::F816:3EFF:FE6F:3D25, GigabitEthernet0/3
O FD17:16:19::/127 [110/4]
via FE80::F816:3EFF:FE6F:3D25, GigabitEthernet0/3
O FD17:16:19::2/127 [110/4]
via FE80::F816:3EFF:FE6F:3D25, GigabitEthernet0/3
C FD17:16:32::/127 [0/0]
via GigabitEthernet0/2, directly connected
L FD17:16:32::1/128 [0/0]
via GigabitEthernet0/2, receive
D FD17:16:32::2/127 [90/3072]
via FE80::F816:3EFF:FE22:AC3B, GigabitEthernet0/2
D FD17:16:33::/127 [90/3072]
via FE80::F816:3EFF:FE22:AC3B, GigabitEthernet0/2
D FD17:16:33::2/127 [90/3328]
via FE80::F816:3EFF:FE22:AC3B, GigabitEthernet0/2
D FD17:16:34::/127 [90/3328]
via FE80::F816:3EFF:FE22:AC3B, GigabitEthernet0/2
D FD17:16:34::2/127 [90/3584]
via FE80::F816:3EFF:FE22:AC3B, GigabitEthernet0/2
B FD19:168:32::/127 [20/120]
via FE80::F816:3EFF:FE71:905D, GigabitEthernet0/1
B FD19:168:33::/127 [20/120]
via FE80::F816:3EFF:FE71:905D, GigabitEthernet0/1
B FD19:168:33::2/127 [20/120]
via FE80::F816:3EFF:FE71:905D, GigabitEthernet0/1
B FD19:168:34::/127 [20/120]
via FE80::F816:3EFF:FE71:905D, GigabitEthernet0/1
B FD19:168:34::2/127 [20/120]
via FE80::F816:3EFF:FE71:905D, GigabitEthernet0/1
B FD19:168:35::/127 [20/120]
via FE80::F816:3EFF:FE71:905D, GigabitEthernet0/1
B FD19:168:35::2/127 [20/120]
via FE80::F816:3EFF:FE71:905D, GigabitEthernet0/1
B FD80:DB8:172::/64 [20/120]
via FE80::F816:3EFF:FE71:905D, GigabitEthernet0/1
L FF00::/8 [0/0]
via Null0, receive
iosv-3#I will post the Sh run commands tonight with a link.
-
-
Just a quick skim of your route table from isov-3....I don't see the 192.168.1.x in your routing table. I would start there... I'll try to take a better look later if possible. Is your can you use extended ping to ping from another interface on isov-3?
-
I can never get it into BGP on the other side of flat. I put in the 0.0.0.0 0.0.0.0 route, it don't work in BGP. I can ping both 192.168.1.5 , 192.168.1.240 and FD80:DB8:172::2, which is on Internal 2 of 60E from every other router. Just never BGP routers on the opposite side of flat.
ON iosv-1
iosv-1#sh run | s inter
mmi polling-interval 60
interface Loopback0
description Loopback
no ip address
interface GigabitEthernet0/0
description OOB Management
vrf forwarding Mgmt-intf
ip address 10.255.2.155 255.255.0.0
duplex full
speed auto
media-type rj45
interface GigabitEthernet0/1
description to flat-1
ip address 172.16.1.203 255.255.255.0
duplex full
speed auto
media-type rj45
ipv6 address FD80:DB8:172::1/64
ipv6 enable
ipv6 rip RIPng default-information originate
interface GigabitEthernet0/2
description to iosv-10
ip address 192.168.33.1 255.255.255.252
duplex full
speed auto
media-type rj45
ipv6 address FD19:168:33::1/127
ipv6 enable
ipv6 rip RIPng enable
interface GigabitEthernet0/3
description to iosv-2
ip address 192.168.32.1 255.255.255.252
duplex full
speed auto
media-type rj45
ipv6 address FD19:168:32::1/127
ipv6 enable
ipv6 rip RIPng enable
iosv-1#I have 0.0.0.0 0.0.0.0 on every router.
-
-
Here is the complete Sh run, sh ip int br, sh ipv6 int br, sh ip route, and sh ipv6 route
-
I'm just starting to take a look at this question. Trying to isolate the issue.
What does
traceroute
show you from iosv-9 to 192.168.1.5 and from iosv-13 to 192.168.1.5?Can you also post your result of
show ip bgp
from iosv-3, iosv-2, and iosv-1 ?Can iosv-3 ping iosv-1 (192.168.32.x)?
-
BGP is on 2 and 3 not 1.
iosv-2#s ip bgp
BGP table version is 12, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not foundNetwork Next Hop Metric LocPrf Weight Path
*> 172.16.16.0/30 10.23.23.2 0 0 3 ?
*> 172.16.17.0/30 10.23.23.2 30 0 3 ?
*> 172.16.18.0/30 10.23.23.2 30 0 3 ?
*> 172.16.19.0/30 10.23.23.2 30 0 3 ?
*> 172.16.32.0/30 10.23.23.2 0 0 3 ?
*> 172.16.33.0/30 10.23.23.2 30 0 3 ?
*> 172.16.34.0/30 10.23.23.2 30 0 3 ?
*> 192.168.32.0/30 0.0.0.0 0 32768 ?
*> 192.168.33.0/30 192.168.32.1 120 32768 ?
*> 192.168.34.0/30 192.168.32.1 120 32768 ?
*> 192.168.35.0/30 192.168.32.1 120 32768 ?
iosv-2#iosv-3#sh ip bgp
BGP table version is 12, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not foundNetwork Next Hop Metric LocPrf Weight Path
*> 172.16.16.0/30 0.0.0.0 0 32768 ?
*> 172.16.17.0/30 172.16.16.2 30 32768 ?
*> 172.16.18.0/30 172.16.16.2 30 32768 ?
*> 172.16.19.0/30 172.16.16.2 30 32768 ?
*> 172.16.32.0/30 0.0.0.0 0 32768 ?
*> 172.16.33.0/30 172.16.32.2 30 32768 ?
*> 172.16.34.0/30 172.16.32.2 30 32768 ?
*> 192.168.32.0/30 10.23.23.1 0 0 2 ?
*> 192.168.33.0/30 10.23.23.1 120 0 2 ?
*> 192.168.34.0/30 10.23.23.1 120 0 2 ?
*> 192.168.35.0/30 10.23.23.1 120 0 2 ?
iosv-3#iosv-3#ping 192.168.32.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.32.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)iosv-1#sh ip int br
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 10.255.2.230 YES NVRAM up up
GigabitEthernet0/1 172.16.1.203 YES NVRAM up up
GigabitEthernet0/2 192.168.33.1 YES NVRAM up up
GigabitEthernet0/3 192.168.32.1 YES NVRAM up up
Loopback0 unassigned YES unset up up
iosv-1#iosv-3#ping 192.168.32.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.32.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/5 ms
iosv-3#iosv-2#sh ip int br
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 10.255.2.235 YES NVRAM up up
GigabitEthernet0/1 192.168.32.2 YES NVRAM up up
GigabitEthernet0/2 10.23.23.1 YES NVRAM up up
Loopback0 unassigned YES unset up up
iosv-2# -
I'm starting to work through some basics right now;
On the following link : http://www.scsiraidguru.com/VIRL/VIRLSims/IPv6NumberingwithIPv4/iosv-1ShIPRoute.txt
On iosv-1 your default route looks a little out of place to me since it's on the other side of isov-3
Also, I'm not seeing 192.16.1x in the routing table for iosv-1. I am seeing though a
172.16.1.0
from ge 0/1.The http://www.scsiraidguru.com/VIRL/VIRLSims/IPv6NumberingwithIPv4/iosv-1ShIPIntBr.txt
There is no 192.168.16.1.x connected to iosv-1.
This only leads to the mystery of who is answering 192.16.1.5?
`
-
172.16.1.203 is interface IOSv-1 to Flat.
172.16.1.1 is the Internal2 interface on Fortinet 60E. -
Right...but where is
192.16.1.5
? If the router iosv-1 cannot see192.16.1.x
, it cannot route it. According to your diagram, the directly connected interface to iosv-1 should be 192.16.1.x to flat but it's not?. Are you using Fortinet 60E as a router too? -
I found a typo on the diagram. The IOSv-1 address is 172.16.1.203 not 192. I will fix the diagram on the web site.
192.168.1.5 is my UbuntuWeb server on the HP DL360e Gen8. Every other IOSv-x device except 3 can ping it. The Fortinet 60E is a 10 port layer 3 routing firewall. 9 ports are LAN and 1 port is WAN.
iosv-1#sh ip int br
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 10.255.3.2 YES NVRAM up up
GigabitEthernet0/1 172.16.1.203 YES NVRAM up up
GigabitEthernet0/2 192.168.33.1 YES NVRAM up up
GigabitEthernet0/3 192.168.32.1 YES NVRAM up up
Loopback0 unassigned YES unset up up
iosv-1#G0/1 is 172.16.1.203. flat is 172.16.1.202. Internal2 on 60E is 172.16.1.1. WAN2(LAN port) 192.168.1.x / 24
Internal2 can route to WAN2 on the firewall. WAN2 is a LAN port not a WAN port. I could not change the name.
-
iosv-12#ping 192.168.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/7/9 ms
iosv-12#tr
iosv-12#traceroute 192.168.1.5
Type escape sequence to abort.
Tracing the route to 192.168.1.5
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.35.1 5 msec 5 msec 3 msec
2 192.168.34.1 6 msec 5 msec 6 msec
3 192.168.33.1 7 msec 10 msec 6 msec
4 172.16.1.1 6 msec 8 msec 5 msec
5 192.168.1.5 4 msec 4 msec 6 msec
iosv-12#iosv-13#ping 192.168.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 7/10/13 ms
iosv-13#
iosv-13#tr
iosv-13#traceroute 192.168.1.5
Type escape sequence to abort.
Tracing the route to 192.168.1.5
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.19.1 3 msec 4 msec 3 msec
2 172.16.18.1 4 msec 4 msec 6 msec
3 172.16.17.1 5 msec 6 msec 6 msec
4 172.16.16.1 8 msec 7 msec 6 msec
5 10.23.23.1 10 msec 9 msec 11 msec
6 192.168.32.1 12 msec 13 msec 14 msec
7 172.16.1.1 12 msec 11 msec 9 msec
8 192.168.1.5 9 msec 9 msec 9 msec
iosv-13#osv-9#ping 192.168.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.5, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 6/8/9 ms
iosv-9#
iosv-9#
iosv-9#tr
iosv-9#traceroute 192.168.1.5
Type escape sequence to abort.
Tracing the route to 192.168.1.5
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.34.1 3 msec 5 msec 3 msec
2 172.16.33.1 4 msec 5 msec 3 msec
3 172.16.32.1 7 msec 5 msec 8 msec
4 10.23.23.1 8 msec 6 msec 7 msec
5 192.168.32.1 9 msec 9 msec 8 msec
6 172.16.1.1 7 msec 8 msec 10 msec
7 192.168.1.5 6 msec 7 msec 9 msec
iosv-9# -
router rip
version 2
redistribute static metric 3
network 192.168.32.0
network 192.168.33.0
default-information originate
no auto-summary
!ip route 0.0.0.0 0.0.0.0 172.16.1.1
I created the static route and redistributed it in RIP and RIPng
-
Please show the
traceroute
from iosv-3? Trying to figure out where it failshave you also redistributed rip into BGP?
Thanks?
-
@ronnie-wong What every you need I will get you, I appreciate your help.
iosv-3#traceroute 192.168.1.5
Type escape sequence to abort.
Tracing the route to 192.168.1.5
VRF info: (vrf in name/id, vrf out name/id)
1 10.23.23.1 5 msec 5 msec 3 msec
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7
iosv-3#
iosv-3#
iosv-3#tr
iosv-3#traceroute 192.168.32.1
Type escape sequence to abort.
Tracing the route to 192.168.32.1
VRF info: (vrf in name/id, vrf out name/id)
1 10.23.23.1 4 msec 4 msec 3 msec
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * *
iosv-3#traceroute 192.168.32.2
Type escape sequence to abort.
Tracing the route to 192.168.32.2
VRF info: (vrf in name/id, vrf out name/id)
1 10.23.23.1 7 msec * 4 msec
iosv-3# -
iosv-2#sh run | s router
router rip
version 2
redistribute bgp 2 metric 3 route-map bgp-into-rip
network 192.168.32.0
no auto-summary
router bgp 2
bgp router-id 2.2.2.2
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor R3 peer-group
neighbor R3 remote-as 3
neighbor R36 peer-group
neighbor R36 remote-as 3
neighbor 10.23.23.2 peer-group R3
neighbor FD10:23:23::2 peer-group R36
!
address-family ipv4
redistribute rip metric 120
neighbor R3 next-hop-self
neighbor 10.23.23.2 activate
exit-address-family
!
address-family ipv6
redistribute rip RIPng metric 120
neighbor R36 next-hop-self
neighbor FD10:23:23::2 activate
exit-address-family
ipv6 router rip RIPng
redistribute bgp 2 metric 3 route-map bgp-into-rip
iosv-2# -
Alright, progress. The problem is IOSv-2. I won't have time to do much today but your trace route from either side of it is showing it to be the culprit. I have a made a simplified duplication of your topology just using bgp and rip and have the exact same issue. I'm believing it's a redistribution issue....but that's all I can do for now. :)
-
I have been looking at iosv-2 because it seems to be the problem. I just can't fi9ure out why. Everything can ping from EIGRP and OSPF to 192.168.1.5 except IOSv-3. I came to the same conclusion about redistribution being the issue. Looks like I followed everything correctly in BGP configuration. I thought about dropping the address-family and going direct to BGP on everything. I know you are busy. Don't worry about it. Thanks for you help.
Friday 8am: Hospital for C-Section
We bought a house today! Doing paperwork and going home tonight to box up stuff. -
I fixed it; probably don't need loopback.
add network mask statements on both 2 and 3
network 3.3.3.3 mask 255.255.255.255
network 10.23.23.0 mask 255.255.255.252ebgp-multihop 2 for peer-group.
iosv-3#sh run | s router
router eigrp 10
default-metric 10000000 1 255 1 1500
network 172.16.32.0 0.0.0.3
redistribute bgp 3 route-map bgp-into-eigrp
redistribute ospf 1
eigrp router-id 3.3.3.3
router ospf 1
router-id 3.3.3.3
redistribute eigrp 10 metric 30 subnets
redistribute bgp 3 subnets route-map bgp-into-ospf
network 172.16.16.0 0.0.0.3 area 0
default-metric 30
router bgp 3
bgp router-id 3.3.3.3
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor R2 peer-group
neighbor R2 remote-as 2
neighbor R2 ebgp-multihop 2
neighbor R26 peer-group
neighbor R26 remote-as 2
neighbor 2.2.2.2 peer-group R2
neighbor 10.23.23.1 peer-group R2
neighbor FD10:23:23::1 peer-group R26
!
address-family ipv4
network 3.3.3.3 mask 255.255.255.255
network 10.23.23.0 mask 255.255.255.252
redistribute ospf 1
redistribute eigrp 10
neighbor R2 next-hop-self
neighbor 10.23.23.1 activate
default-metric 30
exit-address-family
!
address-family ipv6
redistribute ospf 1
redistribute eigrp 10
neighbor R26 next-hop-self
neighbor FD10:23:23::1 activate
exit-address-family
ipv6 router eigrp 10
eigrp router-id 3.3.3.3
redistribute bgp 3 route-map bgp-into-eigrp
redistribute ospf 1
default-metric 10000000 1 255 1 1500
ipv6 router ospf 1
router-id 3.3.3.3
default-metric 30
redistribute bgp 3 route-map bgp-into-ospf
redistribute eigrp 10 metric 30
iosv-3#iosv-3#ping 192.168.1.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/6/8 ms
iosv-3#