12-08-2003 01:06 AM
I have a problem with establishing vpn connection between two clients without mpls switching, these are PE configurations.
Router A - Cisco 3640
Router B - Cisco 1721
Router A
ip vrf CustomerA
rd 1:1
route-target export 1:1
route-target import 1:1
ip cef
!
interface Ethernet0/0
ip address 10.0.0.1 255.255.255.0
half-duplex
!
interface Ethernet0/1
ip vrf forwarding Customer A
ip address 10.1.0.254 255.255.255.0
half-duplex
!
router bgp 1
bgp log-neighbor-changes
neighbor 10.0.0.2 remote-as 1
!
address-family ipv4 vrf Customer A
redistribute connected
redistribute static
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 10.0.0.2 activate
neighbor 10.0.0.2 next-hop-self
neighbor 10.0.0.2 send-community extended
exit-address-family
!
ip classless
ip route vrf CustomerA 10.3.0.0 255.255.255.0 Ethernet0/1 10.1.0.97
ip http server
Router B
ip vrf CustomerB
rd 1:1
route-target export 1:1
route-target import 1:1
!
ip cef
!
interface FastEthernet0
ip address 10.0.0.2 255.255.255.0
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 2
ip vrf forwarding CustomerB
ip address 10.2.0.254 255.255.255.0
!
router bgp 1
synchronization
bgp log-neighbor-changes
neighbor 10.0.0.1 remote-as 1
auto-summary
!
address-family vpnv4
neighbor 10.0.0.1 activate
neighbor 10.0.0.1 send-community extended
neighbor 10.0.0.1 next-hop-self
auto-summary
exit-address-family
!
address-family ipv4 vrf CustomerB
redistribute connected
redistribute static
no auto-summary
no synchronization
exit-address-family
!
ip classless
ip route vrf mm 192.168.1.0 255.255.255.0 FastEthernet0.1 10.2.0.1
no ip http server
Router A
RouterA#show ip route vrf CustomerA
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 3 subnets
C 10.2.0.0 is directly connected, FastEthernet0.1
B 10.3.0.0 [200/0] via 10.0.0.1, 13:10:09
B 10.1.0.0 [200/0] via 10.0.0.1, 13:10:09
S 192.168.1.0/24 [1/0] via 10.2.0.1, FastEthernet0.1
RouterA#show ip bgp vpnv4 all
BGP table version is 10, local router ID is 10.0.0.1
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf CustomerA)
*> 10.1.0.0/24 0.0.0.0 0 32768 ?
*>i10.2.0.0/24 10.0.0.2 0 100 0 ?
*> 10.3.0.0/24 10.1.0.97 0 32768 ?
*>i192.168.1.0 10.0.0.2 0 100 0 ?
RouterB#show ip route vrf CustomerB
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 3 subnets
B 10.2.0.0 [200/0] via 10.0.0.2, 13:12:30
S 10.3.0.0 [1/0] via 10.1.0.97, Ethernet0/1
C 10.1.0.0 is directly connected, Ethernet0/1
B 192.168.1.0/24 [200/0] via 10.0.0.2, 13:12:30
RouterA#show ip bgp vpnv4 all
BGP table version is 54, local router ID is 10.0.0.2
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf CustomerB)
*>i10.1.0.0/24 10.0.0.1 0 100 0 ?
*> 10.2.0.0/24 0.0.0.0 0 32768 ?
*>i10.3.0.0/24 10.0.0.1 0 100 0 ?
*> 192.168.1.0 10.2.0.1 0 32768 ?
12-08-2003 03:54 AM
Can you give a more detailed description of the problem that you are having? Your title suggests it is related to the static route. but we will need a bit more to go on than that :)
12-08-2003 05:28 AM
Excuse me for not being so clear in the question that I asked, I want to connect two hosts with MPLS VPN (simple MPLS VPN), and I'm using static routes for routing Ce - Pe,the problem is that the hosts cannot ping each other I just wanted to know if the configurations that I sent you in the forum are alright?
thank you for your help :)
12-09-2003 02:21 AM
Hi,
Looks like you have pasted the output of Router A into Router B :)
Have you configured default route in your CEs pointing to your CE interface connected to PE ?
You need to configure this in order to ping from ce-ce.
Also are you able to ping from PE to its directly connected CE using the vrf ping command ?
Let me know if it works for you.
-Waris
12-09-2003 04:09 AM
Hi,
Yes, I have configured the default route from CE router to PE router, and also used ping vrf command on PE A to VRF of CustomerB and the opposite.
ping vrf CustomerA 10.3.0.1 - unsuccessful
ping vrf CustomerB 192.168.1.2 - unsuccessful
ping 10.1.0.254 (from CustomerA) - successful
ping 10.2.0.254 (from CustomerB) - successful
I've read that MPLS VPN can work without mpls switching, is it true?
maybe I should start from the beginning and see if it works,
thank you very much
12-10-2003 01:59 AM
¼ì²éÒ»ÏÂPE¡¢P·ÓÉÆ÷ÉϵÄMPLS±ê¼ÇÅäÖÃ
12-10-2003 05:03 PM
You will have to enable tag switching on the PE to PE interfaces, and since they are ethernet interfaces should also increase the tag-switch MTU size to support customer 1500byte frames:
Router A
interface Ethernet0/0
ip address 10.0.0.1 255.255.255.0
tag-switch ip
tag-switch mtu 1536
Router B
interface FastEthernet0
ip address 10.0.0.2 255.255.255.0
tag-switch ip
tag-switch mtu 1536
Hope this helps
Cheers
Pete
12-11-2003 01:01 AM
Hi,
From what I read so far, I've seen that there's no need to have LDP or TDP for mpls switching, you can do MPLS VPNs, without "MPLS":),
and by the way one router that I used in the example is 1721, which supports only VRFs and MP-BGP, all that is required to do MPLS VPN, it doesn't support commands like "mpls ip" or "tag-switching ip" at all.
Best Regards
12-13-2003 06:11 AM
The article talks about PE-PE directly connected.In that case ingress router won't push any IGP label since its the PHP.It'll only impose the VPN label.
If you are using PE-P-PE then you you need to do full mesh if you are not using MPLS.
In your case there seems to be no configuration fault.I assume little troubleshooting can solve this problem.Check if the routes are there ?Then use ping to find out exactly where are the packets are getting dropped.
Hope it helps.
-Waris
12-26-2003 01:30 AM
Perhaps your configuration is not complete. You need to have this command :
"ip bgp-community new-format"
But I'm not sure than you can use MP-BGP without MPLS because when Router A sends packet to RouterB, it push a VPN label and I don't see how Router B can interpret this label without mpls configuration on it's FastEthernet0 interface.
But if you just need to have two PE directly connected, why do you use MP-BGP. You can use OPSF with VRF statement.
Bye
12-26-2003 04:34 AM
hi,
In my example the router B is a Cisco 1721 router, which cannot do MPLS switching, it only supports VRFs with MP-BGP. So since it supports the VRF commands but not MPLS commands like mpls ip or tag-switching ip, I think that it should work, if Router A wants to communicate with Router B , i sends the packets with VPN label to Router B and it routes the packet to a particular VRF, so this must be how router B understands how to interpret the label
and I think that only MP-BGP can transport VPNv4 packets, ospf can only be a routing protocol between CE and PE ,
router ospf 2 vrf xxx
it assigns one of its processes to a specified VRF ( C network)
thank you in advance
12-26-2003 05:27 AM
The only question than I have, it's how the router B can interpret a labelled packet while it has no label switching on its interface. Because the label is placed betwteen L2 header and L3 header. Furthermore, the incoming interface doesn't have VRF knowledge.
For me MP-BGP is not the only protocol who can transport VPNv4 packet but it's the only who can send VPNv4 update accross a backbone.
In your case, you can use OSPF. The only problem is than you need to have one connection by VPN between router A and Router B. So you can use one GRE tunnel by VPN and you configure it in the good VRF. In this case you don't have two PE but two CE multi-VRF.
Thank's
12-29-2003 09:03 AM
In Router B, you have switched the names of the VRF. In interface FastEthernet0.1, you have specified that it forward VRF CustomerB. Your static route statement points the route toward FastEthernet0.1 in VRF mm. You need VRF name consistency within the PE router.
HTH
Mark
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: