annuler
Affichage des résultats de 
Rechercher plutôt 
Vouliez-vous dire : 
cancel
3638
Visites
35
Compliment
18
Réponses

MPLS over DMVPN Phase 3 (spoke to spoke)

clukongo
Level 1
Level 1

Hello,

I am working on setting up an MPLS over DMVPN infrastructure with spoke to spoke tunnels (phase 3).
According to the theory, we just need to replace the MPLS IP command used when we are in phase 1 (Hub and spokes) by MPLS NHRP or mpls bgp forwarding.
I applied this command but impossible to ping equipments in the VRF (COE). On the other hand, BGP peering goes up well but the problem seems to be on the MPLS part (label switching).
I attach the configurations of the 3 equipments as well as a diagram which makes it possible to illustrate the topology.
Can anyone help me to solve this problem please?

Thanks in advance,

Chris

1 SOLUTION APPROUVÉE
18 RÉPONSES 18

clukongo
Level 1
Level 1

Attachments

will check and answer you tonight 

you use Lo as update source, and this Loopback 6757 but this LO is not known by other BGP peer. 
you need to advertise it via OSPF which run over DMVPN tunnel (global mode).

Hi,

Thanks for your feedback.
The loopback is announced thanks to the route-map which is redistributed in OSPF as you can see in the configuration below and as I said the BGP peering goes up well and the NLRIs are well announced but the Ping from end to end end in the VRF probably does not pass because the MPLS does not work well.

-----------

route-map CONNECTED_to_OSPF permit 6757
match interface Loopback6757
set metric 1
set metric-type type-1
!

router ospf 6757
router-id 192.168.33.1
ispf
log-adjacency-changes detail
area 6757 authentication message-digest
redistribute connected subnets route-map CONNECTED_to_OSPF
passive-interface default
no passive-interface Tunnel10
network 10.0.0.0 0.0.0.255 area 6757
!

 

Attached are the tests to better illustrate what I observed.

Rgds

Screenshot (19).png

I do lab and I success ping to hub and between spoke.
I think I know the issue here 
when we use OSPF in DMVPN with network type broadcast we must sure that HUB is elect as DR of that broadcast domain.

so what you need is 
ip ospf priority 100 << under dmvpn tunnel of hub 
then clear ip ospf process 
and test again 

I agree with your comment.
But the real problem is not at the level of the OSPF routing because the loopbacks are well routed, which also makes it possible to raise the BGP peerings which use them as update source.
The problem is that although the prefixes in the VRF COE appear well in the routing table, it is impossible to make them communicate from end to end and this because the MPLS seems to have a problem and I cannot find where it is. blocked.

clukongo_0-1669899737954.png

Below is an article that describes this type of infrastructure :

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_dmvpn/configuration/xe-17/sec-conn-dmvpn-xe-17-book/sec-conn-dmvpn-configure.html

 

 

do you change the ospf priority ? if yes then 
you need to force the MPLS to re-exchange the label.

and one more think 
I used Lo (you have two Lo use one in global table) as router-id of MPLS LDP. 
config MPLS LDP router-id 
then force the MPLS to re-exchange. 

your config is OK from my view except point I mention above 

Yes, I have changed the priority on the Hub.
I also added MPLS LDP router-id.
But from what I understood we don't use LDP when we are in spoke to spoke mode (Phase 3), that's why I used the MPLS NHRP command instead of MPLS IP on the Tunnel.
Please, can you tell me how to force the MPLS to re-exchange? Because the networks in the VRF COE (Lo 202) still can not ping each other

just shut/no shut tunnel down in hub and check again 

phase3 of DMVPN ? but I dont see redirect and shortcut in your config so it phase2 not phase3

in my lab I use phase2 and Hub is RR of iBGP.
I use mpls ip which from cisco doc. is same as MPLS NHRP

from cisco Doc.
""Using the mpls ip command performs the same function as mpls nhrp command but enables LDP also, which is not recommended.""

Sorry, it doesn't appear in the conf I sent you because I had probably removed it during testing.

Below is the configuration I used for phase 3

clukongo_0-1669908131788.png

clukongo_1-1669908179243.png

 

 

For phase 1 or 2 it worked fine because I am using LDP (mpls ip). My problem is that I can't get it to work in phase 3 (MPLS NHRP). Is there anything else I should enable in VPNV4?

By using the following config the network in the VRF COE of the Hub can join those of the Spokes now.

clukongo_0-1669918104451.png

clukongo_2-1669918205643.png

But for now I'm trying to understand why the Spokes can't join each other

clukongo_5-1669918309224.png

 

I will work in lab using mpls nhrp.