 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
You cannot ping one CE router from the other if the VPN interface is a multiaccess interface, such as the fe-1/1/2.0 interface on Router CE1. To ping Router CE1 from Router CE2, you must either configure the vrf-table-label statement at the [edit routing-instances routing-instance-name] hierarchy level on Router PE1 or configure a static route on Router PE1 to the VPN interface of Router CE1. If you configure the vrf-table-label statement to ping a router, you cannot configure a static route.
If you configure a static route on Router PE1 to the VPN interface of Router CE1, its next hop must point to Router CE1 (at the [edit routing-instance routing-instance-name] hierarchy level), and this route must be announced from Router PE1 to Router PE2 as shown in the following configuration:
- [edit]
- routing-instances {
-
- direct-multipoint {
- instance-type vrf;
- interface fe-1/1/0.0;
- route-distinguisher 69:1;
- vrf-import direct-import;
- vrf-export direct-export;
-
- routing-options {
-
- static {
- route 192.168.192.4/32 next-hop 192.168.192.4;
- }
- }
-
- protocols {
-
- bgp {
-
- group to-vpn4 {
- peer-as 1;
- neighbor 192.168.192.4;
- }
- }
- }
- }
-
- policy-options {
-
- policy-statement direct-export {
-
- term a {
- from protocol bgp;
-
- then {
- community add direct-comm;
- accept;
- }
- }
-
- term b {
-
- from {
- protocol static;
- route-filter 192.168.192.4/32 exact;
- }
-
- then {
- community add direct-comm;
- accept;
- }
- }
-
- term d {
- then reject;
- }
- }
- }
- }
Now you can ping Router CE1 from Router CE2:
user@vpn5> ping 192.168.192.4 local
10.255.10.5 count 3
PING 192.168.192.4 (192.168.192.4): 56 data bytes 64 bytes from 192.168.192.4: icmp_seq=0 ttl=253 time=1.092 ms 64 bytes from 192.168.192.4: icmp_seq=1 ttl=253 time=1.019 ms 64 bytes from 192.168.192.4: icmp_seq=2 ttl=253 time=1.031 ms --- 192.168.192.4 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.019/1.047/1.092/0.032 ms
To determine the path between these two interfaces, use the traceroute command:
user@vpn5> traceroute 192.168.192.4
source 10.255.10.5
traceroute to 192.168.192.4 (192.168.192.4) from 10.255.10.5, 30 hops max, 40 byte packets
1 vpn-08-t3003.isp-core.net (192.168.193.2) 0.678 ms 0.549 ms 0.494 ms
2 vpn1-so-100.isp-core.net (192.168.192.100) 0.873 ms 0.847 ms 0.844 ms
MPLS Label=100021 CoS=0 TTL=1 S=1
3 vpn4-fe-112.isp-core.net (192.168.192.4) 0.825 ms 0.743 ms 0.764 ms
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |