Trying to setup a test between Juniper EX and Cisco ASR.
This is a point to point link, where each device has the interface inside a VRF.
I can ping when the Juniper interface is not in a routing-instance. However, when place in a routing instance, I cannot longer ping.
I'm wondering if I'm missing something on the EX configuration.
Please note there is a cisco switch in between:
Cisco ASR1000 - Cisco 3600 sw - Juniper Ex2300
### Cisco Config ###
interface GigabitEthernet0/0/1
description Cisco 3600-sw T1/0/1
mtu 9192
no ip address
negotiation auto
channel-group 10
interface Port-channel10
description Cisco 3600-sw Po1
mtu 9192
no ip address
negotiation auto
interface Port-channel10.102
description Jup-EX 2300 ae10.102 CRX-TEST Default
encapsulation dot1Q 102
vrf forwarding CRX-TEST
ip address 192.168.100.9 255.255.255.252
ip mtu 1500
vrf definition CRX-TEST
rd 10:100
route-target export 10:100
route-target import 10:100
!
address-family ipv4
exit-address-family
!
router bgp 65000
!
address-family ipv4 vrf CRX-TEST
redistribute connected
redistribute static
exit-address-family
!
asr1000#sh ip route vrf CRX-TEST
Routing Table: CRX-TEST
...
C 192.168.100.0/30 is directly connected, Port-channel10.100
L 192.168.100.1/32 is directly connected, Port-channel10.100
B 192.168.100.4/30 [200/0] via 10.1.255.2, 1d01h
C 192.168.100.8/30 is directly connected, Port-channel10.102
L 192.168.100.9/32 is directly connected, Port-channel10.102
B 192.168.100.12/30 [200/0] via 10.1.255.2, 1d00h
asr1000#
asr1000#sh ip arp vrf CRX-TEST
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.100.1 - 70e4.xxxx.xxxx ARPA Port-channel10.100
Internet 192.168.100.2 6 cce1.xxxx.xxxx ARPA Port-channel10.100
Internet 192.168.100.9 - 70e4.xxxx.xxxx ARPA Port-channel10.102
Internet 192.168.100.10 11 cce1.xxxx.xxxx ARPA Port-channel10.102
asr1000#
asr1000#ping vrf CRX-TEST 192.168.100.10 source 192.168.100.9
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.10, timeout is 2 seconds:
Packet sent with a source address of 192.168.100.9
.....
Success rate is 0 percent (0/5)
asr1000#
### Juniper Config ###
root@Jup-EX 2300> show configuration interfaces ge-0/1/2
description "Cisco 3600-sw T1/0/0";
ether-options {
802.3ad ae10;
}
{master:0}
root@Jup-EX 2300>
root@Jup-EX 2300> show configuration interfaces ae10
description "Cisco 3600-sw T1/0/0";
flexible-vlan-tagging;
mtu 9192;
encapsulation flexible-ethernet-services;
aggregated-ether-options {
minimum-links 1;
link-speed 1g;
}
unit 100 {
description "asr1000 Po10.100 Customer-A";
vlan-id 100;
family inet {
mtu 1500;
address 192.168.100.2/30;
}
}
unit 102 {
description "asr1000 Po10.102 VRF Default Route";
vlan-id 102;
family inet {
mtu 1500;
address 192.168.100.10/30;
}
}
{master:0}
root@Jup-EX 2300>
root@Jup-EX 2300> show configuration routing-instances OUT-VRF
instance-type virtual-router;
interface ae0.104;
interface ae10.102;
{master:0}
root@Jup-EX 2300>
root@Jup-EX 2300> ping routing-instance OUT-VRF 192.168.100.9 source 192.168.100.10
PING 192.168.100.9 (192.168.100.9): 56 data bytes
^C
--- 192.168.100.9 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
{master:0}
root@Jup-EX 2300> show route
OUT-VRF.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.100.8/30 *[Direct/0] 00:00:27
> via ae10.102
192.168.100.10/32 *[Local/0] 00:00:27
Local via ae10.102
10.0.100.0/24 *[Direct/0] 00:00:28
> via ae0.104
10.0.100.1/32 *[Local/0] 00:00:28
Local via ae0.104
root@Jup-EX 2300> show arp no-resolve vpn sbco
MAC Address Address Interface Flags
70:e4:xx:xx:xx:xx 192.168.100.9 ae10.102 none
### If interface is outside vrf, ping works ###
root@Jup-EX 2300> configure
Entering configuration mode
{master:0}[edit]
root@Jup-EX 2300# delete routing-instances OUT-VRF interface ae10.102
{master:0}[edit]
root@Jup-EX 2300# commit
configuration check succeeds
commit complete
{master:0}[edit]
root@Jup-EX 2300#
asr1000#ping vrf CRX-TEST 192.168.100.10 source 192.168.100.9
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.10, timeout is 2 seconds:
Packet sent with a source address of 192.168.100.9
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 9/11/14 ms
asr1000#
------------------------------
TONY ESPARZA
------------------------------