08-17-2011 09:46 AM
With Nagendra Kumar
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to get an update on MPLS VPN from Cisco subject matter expert Nagendra Kumar. During the event you can ask questions on the common terminology, configuration, and best practices in setting up MPLS VPN networks. Nagendra is a customer support engineer in the Cisco High Touch Technical Support center in Bangalore, India, supporting Cisco's major service provider customers in routing and MPLS technologies. His areas of expertise include routing, switching, MPLS, and multicast. Previously at Cisco he worked as a technical marketing engineer for ISR platforms. He has been in the networking industry for 8 years and holds CCIE certification (#20987) in the Routing & Switching and Service Provider tracks.
Remember to use the rating system to let Nagendra know if you have received an adequate response.
You can also review the Live Webcast Video by Nagendra who gave the presentation.
Nagendra might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the the Service Provider discussion forum shortly after the event. This event lasts through August 26, 2011. Visit this forum often to view responses to your questions and the questions of other community members.
08-17-2011 02:49 PM
Very good presentation. Thanks.
I have 2 follow-up questions:
1) I see in your presentation setup that you create a 'router ospf 100 vrf one' process. With multiple VRF's does this suggest that an ospf process for each vrf needs to be created?
2) I have previously deployed private MPLS architecture such that the CE and PE functions resided on the same router. In this case I had been configuring BGP with 'Address-Fam ipv4 vrf x' and under that, redistributing only connected routes.
If all CE interfaces are directly connected SVI interfaces with VRF memberships applied, then is it correct to assume that I would NOT need 'redistribute ospf process vrf x' under 'address-fam ipv4 vrf one'?
(And if I'm thinking about this correctly, this arrangement also eliminate the need for a dedicated 'router ospf 100 vrf x' process. I'd just have loopbacks and P-facing interfaces in a global OSPF process table.)
------ EXAMPLE --------------
router ospf 65001
redistribute connected
passive-interface default
no passive-interface GigabitEthernet0/1
network 10.129.1.4 0.0.0.1 area 132
network 10.129.129.12 0.0.0.0 area 132
network 10.132.40.0 0.0.0.255 area 132
!
router bgp 65001
neighbor 10.129.129.5 remote-as 65001
neighbor 10.129.129.5 description P Router
!
address-family ipv4
no synchronization
network 10.129.129.12 mask 255.255.255.255
redistribute connected
redistribute static
neighbor 10.129.129.5 activate
neighbor 10.129.129.5 send-community both
neighbor 10.129.129.5 send-label
no auto-summary
exit-address-family
!
address-family vpnv4
neighbor 10.129.129.5 activate
neighbor 10.129.129.5 send-community both
exit-address-family
!
address-family ipv4 vrf x
no synchronization
redistribute connected
exit-address-family
!
address-family ipv4 vrf y
no synchronization
redistribute connected
exit-address-family
!
address-family ipv4 vrf z
no synchronization
redistribute connected
exit-address-family
08-17-2011 07:34 PM
Hello Mike
Here is a reply to few of your queries.
1) Yes, there will be a seperate ospf process created for every vrf. Altough you can create different process for the same vrf but for each different vrf, you cannot use the same ospf process. As you already know that the vrf routing table is different from the global routing table, so its always needed that seperate processes be maintained for each routing table.
2) For your second query, If the devices are connected via SVI, i dont think you need to redistribute the ospf process and also i dont think you will be running any ospf process for the SVI connected interfaces.
Hope this answers your query..:)
08-17-2011 10:26 PM
I have a question about path manipulation between a backup link and main MPLS circuit.
Suppose there are two customer VPN sites that are inter-connected with:
1. direct slow backup T1 link, and
2. primary DS3 MPLS
The goal is to have traffic route through the primary MPLS circuits.
If the two VPN sites run OSPF between each other, we can create a sham-link between the PE's and force traffic to go through MPLS.
What if the IGP between the two sites is EIGRP?
Is there an equivalence of OSPF's sham-link?
08-17-2011 11:53 PM
Hi huangedmc,
With EIGRP as PE-CE protocol, considering below 2 points as part of designing will help achieve your goal,
1. Having same EIGRP AS number on all PE devices for that VRF customer.
2. Manipulate BW/Delay parameters.
When a PE device redistribute vrf aware EIGRP into BGP, AS # will be carried as part of extended community in BGP Update to remote PE devices. Any remote PE device while redistributing BGP back into vrf aware EIGRP, will check if the AS # received in BGP Update and the EIGRP AS# to which this update is redistributed and see if they are same. If they are same, it will be advertised as Internal else will be advertised as external.
Once it is Internal, CE devices will decide the estpath based on lowest metric. So by manipulating the metric ( bya working on BW and or delay), your goal can be achieved.
Below is link which describes the extended community to carry EIGRP parameters,
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/fteipece.html
HTH,
Nagendra
08-18-2011 02:00 AM
Hi Nagendra
My question concerns supporting IPv6 over MPLS VPN.
I was reading the 2007 MPLS Fundamentals Guide by Luc De Ghein from Cisco Press on this topic.
It states that the only supported PE-CE IPv6 routing protocols were eBGP and static IPv6 routes.
Are other routing protocols such EIGRP IPv6 supported now?
If not are there any other options for supporting EIGRP IPv6 and VRF over MPLS on PE-CE's?
Thanks
Sean
08-18-2011 04:13 AM
Hi Sean,
Currently support for EIGRPv6 and OSPFv3 as PE-CE is not available with IOS and we have to use eBGP or static routes.
HTH,
Nagendra
08-18-2011 08:08 PM
Hi Nagendra,
+5, Thanks for your help. I have a follow question if I may.
I was reading a blog post on 6VPE that stated LDP does not support IPv6 prefixes.
Can you confirm is this is correct?
Thanks
Sean
08-18-2011 09:35 PM
Hi Sean,
Currently LDP cannot be used as signalling protocol for label allocation/advertisement. That is why MPLS VPN for IPv6 customer is still provided over IPv4 core (6VPE) and not yet migrated the core to IPv6
HTH,
Nagendra
08-18-2011 10:55 PM
Hi Nagendra,
MPLS VPN and vrf is it the similar? How you go about performing multicasting to Vrf?
Thank you.
08-19-2011 01:23 AM
Hi Lee,
VRF is one of the key element that helps provide MPLS VPN service. VRF is VPN Routing and Forwarding instance which will build its own RIB and FIB table. By having each VPN customer associated to different VRF, privacy is acheived between customers.
Regarding multicast for VRF customers, current implementation is not label switched. Instead, multicast will be enabled on SP core with different group for each vpn customer. PE device on receiving any customer multicast traffic will encapsulate using GRE with destination address as multicast group for corresponding VRF customer and send across to other PE devices.
Below is the link to get more details about MVPN,
http://www.cisco.com/en/US/tech/tk828/technologies_white_paper09186a00800a3db6.shtml
http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a0080242aa8.shtml
HTH,
Nagendra
08-19-2011 09:18 AM
Question - this is a pretty good presentation - can I share it within my company?
Thanks,
m.
08-19-2011 10:02 PM
Hi Mike,
Thanks for the comment on the presentation. Sure, you can share the presentation within your company. The video recording of the preso will be available soon if in case you are interested.
Thanks,
Nagedra
08-21-2011 03:18 AM
hi Nagendra Kumar
i use MPLS VPN in my network and will like to ask you the best practice in configuring route leaking. we use prefix and route map and then export the route map in the corresponding VRF. what's the best way you will recommend for us.
Many thanks
08-22-2011 09:55 PM
Hi Fred,
Current preffered way of Inter-VRF leaking in a controlled manner is to use export map and import map. This is also a scalabale solution and so my understandig is you dont need any changes until you face any issue with this solution.
HTH,
Nagendra
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide