Junos OS

 View Only
last person joined: 6 days ago 

Ask questions and share experiences about Junos OS.

Juniper to Cisco Back to Back vrf ping fails (works if int is outside vrf)

  • 1.  Juniper to Cisco Back to Back vrf ping fails (works if int is outside vrf)

    Posted 07-09-2024 19:51

    Trying to setup a test between Juniper EX and Cisco ASR.

    This is a point to point link, where each device has the interface inside a VRF.

    I can ping when the Juniper interface is not in a routing-instance. However, when place in a routing instance, I cannot longer ping.

    I'm wondering if I'm missing something on the EX configuration.

    Please note there is a cisco switch in between:

    Cisco ASR1000 -  Cisco 3600 sw - Juniper Ex2300

    ### Cisco Config ###
     
    interface GigabitEthernet0/0/1
     description Cisco 3600-sw T1/0/1
     mtu 9192
     no ip address
     negotiation auto
     channel-group 10
     
    interface Port-channel10
     description Cisco 3600-sw Po1
     mtu 9192
     no ip address
     negotiation auto
     
    interface Port-channel10.102
     description Jup-EX 2300 ae10.102 CRX-TEST Default
     encapsulation dot1Q 102
     vrf forwarding CRX-TEST
     ip address 192.168.100.9 255.255.255.252
     ip mtu 1500
     
    vrf definition CRX-TEST
     rd 10:100
     route-target export 10:100
     route-target import 10:100
     !
     address-family ipv4
     exit-address-family
    !
    router bgp 65000
     !
     address-family ipv4 vrf CRX-TEST
      redistribute connected
      redistribute static
     exit-address-family
    !
     
    asr1000#sh ip route vrf CRX-TEST
     
    Routing Table: CRX-TEST
    ...
     
    C        192.168.100.0/30 is directly connected, Port-channel10.100
    L        192.168.100.1/32 is directly connected, Port-channel10.100
    B        192.168.100.4/30 [200/0] via 10.1.255.2, 1d01h
    C        192.168.100.8/30 is directly connected, Port-channel10.102
    L        192.168.100.9/32 is directly connected, Port-channel10.102
    B        192.168.100.12/30 [200/0] via 10.1.255.2, 1d00h
    asr1000#
     
    asr1000#sh ip arp vrf CRX-TEST
    Protocol  Address          Age (min)  Hardware Addr   Type   Interface
    Internet  192.168.100.1              -   70e4.xxxx.xxxx  ARPA   Port-channel10.100
    Internet  192.168.100.2              6   cce1.xxxx.xxxx  ARPA   Port-channel10.100
    Internet  192.168.100.9              -   70e4.xxxx.xxxx  ARPA   Port-channel10.102
    Internet  192.168.100.10            11   cce1.xxxx.xxxx  ARPA   Port-channel10.102
    asr1000#
     
    asr1000#ping vrf CRX-TEST 192.168.100.10  source 192.168.100.9               
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 192.168.100.10, timeout is 2 seconds:
    Packet sent with a source address of 192.168.100.9 
    .....
    Success rate is 0 percent (0/5)
    asr1000#
     
     
    ### Juniper Config ###
     
    root@Jup-EX 2300> show configuration interfaces ge-0/1/2 
    description "Cisco 3600-sw T1/0/0";
    ether-options {
        802.3ad ae10;
    }
     
    {master:0}
    root@Jup-EX 2300> 
     
    root@Jup-EX 2300> show configuration interfaces ae10 
    description "Cisco 3600-sw T1/0/0";
    flexible-vlan-tagging;
    mtu 9192;
    encapsulation flexible-ethernet-services;
    aggregated-ether-options {
        minimum-links 1;
        link-speed 1g;
    }
    unit 100 {
        description "asr1000 Po10.100 Customer-A";
        vlan-id 100;
        family inet {
            mtu 1500;
            address 192.168.100.2/30;
        }
    }
    unit 102 {
        description "asr1000 Po10.102 VRF Default Route";
        vlan-id 102;
        family inet {
            mtu 1500;
            address 192.168.100.10/30;
        }
    }
     
    {master:0}
    root@Jup-EX 2300> 
     
    root@Jup-EX 2300> show configuration routing-instances OUT-VRF 
    instance-type virtual-router;
    interface ae0.104;
    interface ae10.102;
     
    {master:0}
    root@Jup-EX 2300> 
     
    root@Jup-EX 2300> ping routing-instance OUT-VRF 192.168.100.9 source 192.168.100.10    
    PING 192.168.100.9 (192.168.100.9): 56 data bytes
    ^C
    --- 192.168.100.9 ping statistics ---
    4 packets transmitted, 0 packets received, 100% packet loss
     
    {master:0}
    root@Jup-EX 2300> show route
     
    OUT-VRF.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
     
    192.168.100.8/30      *[Direct/0] 00:00:27
                        >  via ae10.102
    192.168.100.10/32     *[Local/0] 00:00:27
                           Local via ae10.102
    10.0.100.0/24      *[Direct/0] 00:00:28
                        >  via ae0.104
    10.0.100.1/32      *[Local/0] 00:00:28
                           Local via ae0.104
     
    root@Jup-EX 2300> show arp no-resolve vpn sbco    
    MAC Address       Address         Interface                Flags
    70:e4:xx:xx:xx:xx 192.168.100.9      ae10.102                  none
     
     
    ### If interface is outside vrf, ping works ###
     
    root@Jup-EX 2300> configure 
    Entering configuration mode
     
    {master:0}[edit]
    root@Jup-EX 2300# delete routing-instances OUT-VRF interface ae10.102 
     
    {master:0}[edit]
    root@Jup-EX 2300# commit 
    configuration check succeeds
    commit complete
     
    {master:0}[edit]
    root@Jup-EX 2300# 
     
     
    asr1000#ping vrf CRX-TEST 192.168.100.10  source 192.168.100.9
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 192.168.100.10, timeout is 2 seconds:
    Packet sent with a source address of 192.168.100.9 
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 9/11/14 ms
    asr1000#
     
     
     
     
     



    ------------------------------
    TONY ESPARZA
    ------------------------------