I setup a service provider lab in unetlab using vmx version 14.1R1.10 .
The IGP for running the RSVP and MPLS between P and PE routers is using OSPF.
PE and PE is using Ibgp.
Also there is tunnel configured between PE and PE.
This seems like simple setup.
But the PE can only ping the CE that is connected to it not the remote CE.
One CE is connected to PE using static and another is using EBGP.
Hope you guys can share some inputs.
VMX2 show cmd output.
root> show route table bgp.l3vpn.0
bgp.l3vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both
65500:1:10.0.31.0/30 *[BGP/170] 01:11:11, localpref 100, from 192.168.16.1 AS path: I, validation-state: unverified > to 10.0.0.2 via ge-0/0/0.0, label-switched-path RoutervMX2-PE-to-RoutervMX1-PE65500:1:192.168.14.1/32 *[BGP/170] 01:18:04, localpref 100, from 192.168.16.1 AS path: 65530 I, validation-state: unverified > to 10.0.0.2 via ge-0/0/0.0, label-switched-path RoutervMX2-PE-to-RoutervMX1-PE
root> show bgp summaryGroups: 1 Peers: 1 Down peers: 0Table Tot Paths Act Paths Suppressed History Damp State Pendingbgp.l3vpn.0 2 2 0 0 0 0Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...192.168.16.1 65500 224 228 0 0 1:37:21 Establ bgp.l3vpn.0: 2/2/2/0 VPN2.inet.0: 2/2/2/0
root> show mpls lspIngress LSP: 1 sessionsTo From State Rt P ActivePath LSPname192.168.16.1 192.168.19.1 Up 0 * RoutervMX2-PE-to-RoutervMX1-PETotal 1 displayed, Up 1, Down 0
Egress LSP: 1 sessionsTo From State Rt Style Labelin Labelout LSPname192.168.19.1 192.168.16.1 Up 0 1 FF 3 - RoutervMX3-PE-to-RoutevMX2-PETotal 1 displayed, Up 1, Down 0
Transit LSP: 0 sessionsTotal 0 displayed, Up 0, Down 0
root> show ospf neighborAddress Interface State ID Pri Dead10.0.0.2 ge-0/0/0.0 Full 192.168.17.1 128 33
Attached is the config of each VMX and show logs as well.
Below is the diagram.
You don't need to worry - the BGP route default state is "unverified" because You haven't set up RPKI origin validation
Hi"Unverified" does not indicate an invalid path, but warns that this path has not been validated by Origin validation configuration.Origin validation helps to prevent the unintentional advertisement of routes. Please refer the below Juniper KB on Unverified validation state.KB27919 [Junos Platform] What does "validation-state: unverified" mean in show route command during BGP configuration?To understand the benefits of Origin Validation please refer the below detailed article.http://www.juniper.net/documentation/en_US/junos/topics/topic-map/bgp-origin-as-validation.html
Thanks for your reply.
Actually the issue was PE could not ping remote CE,
e.g VMX2 can't ping VMX5. VMX3 can't ping VMX6.
I managed to make it work now. PE to PE and CE to CE connection is good.
Once again thanks for your time.
Hi Folks,You can give shot with these topologies [ALL IN ONE SINGLE BOX]!
I'm kinda having a very similar issue, where I can't ping the CE from non-directly connected PE, or CE from another site.
I wonder if you would like to share what made that work for you. Thanks.