cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1760
Views
0
Helpful
12
Replies

A question about MPLS VPN with static routes

mesuti
Level 1
Level 1

I have a problem with establishing vpn connection between two clients without mpls switching, these are PE configurations.

Router A - Cisco 3640

Router B - Cisco 1721

Router A

ip vrf CustomerA

rd 1:1

route-target export 1:1

route-target import 1:1

ip cef

!

interface Ethernet0/0

ip address 10.0.0.1 255.255.255.0

half-duplex

!

interface Ethernet0/1

ip vrf forwarding Customer A

ip address 10.1.0.254 255.255.255.0

half-duplex

!

router bgp 1

bgp log-neighbor-changes

neighbor 10.0.0.2 remote-as 1

!

address-family ipv4 vrf Customer A

redistribute connected

redistribute static

no auto-summary

no synchronization

exit-address-family

!

address-family vpnv4

neighbor 10.0.0.2 activate

neighbor 10.0.0.2 next-hop-self

neighbor 10.0.0.2 send-community extended

exit-address-family

!

ip classless

ip route vrf CustomerA 10.3.0.0 255.255.255.0 Ethernet0/1 10.1.0.97

ip http server

Router B

ip vrf CustomerB

rd 1:1

route-target export 1:1

route-target import 1:1

!

ip cef

!

interface FastEthernet0

ip address 10.0.0.2 255.255.255.0

speed auto

!

interface FastEthernet0.1

encapsulation dot1Q 2

ip vrf forwarding CustomerB

ip address 10.2.0.254 255.255.255.0

!

router bgp 1

synchronization

bgp log-neighbor-changes

neighbor 10.0.0.1 remote-as 1

auto-summary

!

address-family vpnv4

neighbor 10.0.0.1 activate

neighbor 10.0.0.1 send-community extended

neighbor 10.0.0.1 next-hop-self

auto-summary

exit-address-family

!

address-family ipv4 vrf CustomerB

redistribute connected

redistribute static

no auto-summary

no synchronization

exit-address-family

!

ip classless

ip route vrf mm 192.168.1.0 255.255.255.0 FastEthernet0.1 10.2.0.1

no ip http server

Router A

RouterA#show ip route vrf CustomerA

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 3 subnets

C 10.2.0.0 is directly connected, FastEthernet0.1

B 10.3.0.0 [200/0] via 10.0.0.1, 13:10:09

B 10.1.0.0 [200/0] via 10.0.0.1, 13:10:09

S 192.168.1.0/24 [1/0] via 10.2.0.1, FastEthernet0.1

RouterA#show ip bgp vpnv4 all

BGP table version is 10, local router ID is 10.0.0.1

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:1 (default for vrf CustomerA)

*> 10.1.0.0/24 0.0.0.0 0 32768 ?

*>i10.2.0.0/24 10.0.0.2 0 100 0 ?

*> 10.3.0.0/24 10.1.0.97 0 32768 ?

*>i192.168.1.0 10.0.0.2 0 100 0 ?

RouterB#show ip route vrf CustomerB

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 3 subnets

B 10.2.0.0 [200/0] via 10.0.0.2, 13:12:30

S 10.3.0.0 [1/0] via 10.1.0.97, Ethernet0/1

C 10.1.0.0 is directly connected, Ethernet0/1

B 192.168.1.0/24 [200/0] via 10.0.0.2, 13:12:30

RouterA#show ip bgp vpnv4 all

BGP table version is 54, local router ID is 10.0.0.2

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:1 (default for vrf CustomerB)

*>i10.1.0.0/24 10.0.0.1 0 100 0 ?

*> 10.2.0.0/24 0.0.0.0 0 32768 ?

*>i10.3.0.0/24 10.0.0.1 0 100 0 ?

*> 192.168.1.0 10.2.0.1 0 32768 ?

12 Replies 12

Can you give a more detailed description of the problem that you are having? Your title suggests it is related to the static route. but we will need a bit more to go on than that :)

Excuse me for not being so clear in the question that I asked, I want to connect two hosts with MPLS VPN (simple MPLS VPN), and I'm using static routes for routing Ce - Pe,the problem is that the hosts cannot ping each other I just wanted to know if the configurations that I sent you in the forum are alright?

thank you for your help :)

Hi,

Looks like you have pasted the output of Router A into Router B :)

Have you configured default route in your CEs pointing to your CE interface connected to PE ?

You need to configure this in order to ping from ce-ce.

Also are you able to ping from PE to its directly connected CE using the vrf ping command ?

Let me know if it works for you.

-Waris

Hi,

Yes, I have configured the default route from CE router to PE router, and also used ping vrf command on PE A to VRF of CustomerB and the opposite.

ping vrf CustomerA 10.3.0.1 - unsuccessful

ping vrf CustomerB 192.168.1.2 - unsuccessful

ping 10.1.0.254 (from CustomerA) - successful

ping 10.2.0.254 (from CustomerB) - successful

I've read that MPLS VPN can work without mpls switching, is it true?

maybe I should start from the beginning and see if it works,

thank you very much

lj
Level 1
Level 1

¼ì²éÒ»ÏÂPE¡¢P·ÓÉÆ÷ÉϵÄMPLS±ê¼ÇÅäÖÃ

pyouman
Level 1
Level 1

You will have to enable tag switching on the PE to PE interfaces, and since they are ethernet interfaces should also increase the tag-switch MTU size to support customer 1500byte frames:

Router A

interface Ethernet0/0

ip address 10.0.0.1 255.255.255.0

tag-switch ip

tag-switch mtu 1536

Router B

interface FastEthernet0

ip address 10.0.0.2 255.255.255.0

tag-switch ip

tag-switch mtu 1536

Hope this helps

Cheers

Pete

Hi,

From what I read so far, I've seen that there's no need to have LDP or TDP for mpls switching, you can do MPLS VPNs, without "MPLS":),

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.ee8ea4d/0#selected_message

and by the way one router that I used in the example is 1721, which supports only VRFs and MP-BGP, all that is required to do MPLS VPN, it doesn't support commands like "mpls ip" or "tag-switching ip" at all.

Best Regards

The article talks about PE-PE directly connected.In that case ingress router won't push any IGP label since its the PHP.It'll only impose the VPN label.

If you are using PE-P-PE then you you need to do full mesh if you are not using MPLS.

In your case there seems to be no configuration fault.I assume little troubleshooting can solve this problem.Check if the routes are there ?Then use ping to find out exactly where are the packets are getting dropped.

Hope it helps.

-Waris

pcollard
Level 1
Level 1

Perhaps your configuration is not complete. You need to have this command :

"ip bgp-community new-format"

But I'm not sure than you can use MP-BGP without MPLS because when Router A sends packet to RouterB, it push a VPN label and I don't see how Router B can interpret this label without mpls configuration on it's FastEthernet0 interface.

But if you just need to have two PE directly connected, why do you use MP-BGP. You can use OPSF with VRF statement.

Bye

hi,

In my example the router B is a Cisco 1721 router, which cannot do MPLS switching, it only supports VRFs with MP-BGP. So since it supports the VRF commands but not MPLS commands like mpls ip or tag-switching ip, I think that it should work, if Router A wants to communicate with Router B , i sends the packets with VPN label to Router B and it routes the packet to a particular VRF, so this must be how router B understands how to interpret the label

and I think that only MP-BGP can transport VPNv4 packets, ospf can only be a routing protocol between CE and PE ,

router ospf 2 vrf xxx

it assigns one of its processes to a specified VRF ( C network)

thank you in advance

The only question than I have, it's how the router B can interpret a labelled packet while it has no label switching on its interface. Because the label is placed betwteen L2 header and L3 header. Furthermore, the incoming interface doesn't have VRF knowledge.

For me MP-BGP is not the only protocol who can transport VPNv4 packet but it's the only who can send VPNv4 update accross a backbone.

In your case, you can use OSPF. The only problem is than you need to have one connection by VPN between router A and Router B. So you can use one GRE tunnel by VPN and you configure it in the good VRF. In this case you don't have two PE but two CE multi-VRF.

Thank's

mark-obrien
Level 4
Level 4

In Router B, you have switched the names of the VRF. In interface FastEthernet0.1, you have specified that it forward VRF CustomerB. Your static route statement points the route toward FastEthernet0.1 in VRF mm. You need VRF name consistency within the PE router.

HTH

Mark

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: