cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9766
Views
15
Helpful
15
Replies

Ask the Expert:Troubleshooting MPLS L3 VPN

ciscomoderator
Community Manager
Community Manager

Read the bioWith Amit Dutta

Welcome to the Cisco Support Community Ask the Expert conversation. Learn to troubleshoot multiprotocol label switching (MPLS) Layer 3  (L3) virtual private networks (VPNs), to locate and resolve, Multiprotocol BGP  (MP-BGP), CE-PE routing, Inter-Virtual Routing and Forwarding (VRF) routing,  route exchanges, path failures, configuration problems and some platform level  debugs

Amit Dutta is part of the High Touch Technical Support(HTTS)  routing protocols team. He is an experienced support engineer for Cisco’s major  customers, troubleshooting routing, Multiprotocol Label Switching, Multicast,  Layer 2/Layer 3 VPNs, and platform-specific issues. He holds a master of science degree from the University of York, UK. 

Remember to use the rating system to let Amit know if you have received an adequate response. 

Amit might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Service Providers sub-community discussion forum shortly after the event. This event lasts through May 18 , 2012. Visit this forum often to view responses to your questions and the questions of other community members.

      

15 Replies 15

"This event lasts through March 18 , 2012"


Is the date correct???

Do you mean May 18?

Regards,

Vasilis


Hi Vasilis,

That is correct. I am asking the moderators to change it asap.

Thanks for pointing it out.

Regards

Amit

prasetyatama
Level 1
Level 1

Hi guys,

i'd like to ask you.

i've a final project about "how to stream the video with mpls network", but im confused in vpn n mpls configuration, anyone could help me? what should i choose for vpn service, vll, vpls or vprn?

here is my topology :

the result is, computer client could stream the video n sound from server. oh yeah, i forget, what kind of application should i use for client?

thanks alot guys, i need ur suggestion

Hello Muhammad,

Thank you for the post. I have seen that you have already posted this under the MPLS section and it would be best to track it there.

Just to answer your question though, In this scenario you can use gre based mvpn architecture for your needs.

Here are some links to get you started:

MVPN design:

http://www.cisco.com/en/US/tech/tk828/tech_digest09186a00801a64a3.html

Configuration guidelines:

http://www.cisco.com/en/US/docs/ios/ipmulti/configuration/guide/imc_cfg_mc_vpn.pdf

http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti_mvpn/configuration/15-1s/imc-mvpn-15-1s-book.pdf

Hope this helps.

If you need any troubleshooting assistance please od post back.

Regards

Hi Amit,

Nice to see you!

I had a question, not sure if this is correct place to ask but anyway posting here.

I read that RD has a local scope to router and it can be same for two different Customer if configured on different PE's.

For example let's assume I have two Customer configured with same RD on different PE using same private address space. So if we follow default BGP selection criteria there is nothing in regard to RD (not sure). In this case i observed that when this update goes to RR it discard on route and forward only one route (based on BGP selection criteria) to clients.

So don't you think that saying 'RD has local scope' is somehow wrong or do you have some more info. to address this issue.

Regards # Mahesh

please help me, i am prepearing for CCIP exam and i have to pass two exams

  1. 642-691 BGP + MPLS
  2. 642-642 Qos

but the CCIP will be retired after 27th of july so because of that is it possible to pass the 642-691 BGP + MPLS before the July 27th and after that like in December i will go for the 642-642 Qos.

in this conditions can i  get the CCIP certification .

Amit,

I have following two questions:

What is the difference between RT and RD? and Can I use same RT and RD on both ends?

Kind Regards,

Lisa

Hi Lisa,

RD is route distinguisher. If two CE's connected to the same PE is using the same address range, to uniquely distinguish, over the backbone that these two same addres ranges infact belong to two different customers and need to be handled seperately.

So a normal ipv4 address is converted from a 32 bit entity to 96 bit enity and transported over MP-BGP.

RT is route Target, meaning this specifies which routes need to go to which VRF. When RD added routes are transported over MP-BGP, the remote end PE will have no idea on where to import these routes. The remote PE will recieve  for example 1:1:192.168.1.1 for customer A and 2:2:192.168.1.1 for customer B. RT values which are again transported over MP BGP community identifies the VRF, where the remote PE must extract the prefix from BGP and add them.

Yes, you can have the same RD and RT value for one single customer. You can use the same RD value for a different customer on a different PE but that is not really recommended. However you cannot re-use RT values. The RT values have to be unique for each customer otherwise you will wrongly import routes not meant for that VRF.

Here is a lInk for further reading:

http://www.cisco.com/en/US/docs/net_mgmt/vpn_solutions_center/1.1/user/guide/VPN_UG1.html#wp1019044

Hope this helps.

Regards

Amit

Hi Wessam,

Wrong blog to post this. Please try the certifications site.

Regards

HI Mahesh,

How are you? Nice to see you here too!

Well in a gist, Lets say you have CE1, CE2 , CE3 connected to the same PE and all are using the 10.0.0.0/24 address range. On the CE side you will have three VRF's or completely different routing tables, but how will this looks like on the core side? To distinguish or make these routes unique, RD is used.

So the three routes will look like 1:1:10.1.1.1, 2:2:10.1.1.1 and 3:3:10.1.1.1 for each CE respectively. I am assunimg RD of 1:1, 2:2 and 3:3 for CE1, CE2 and CE3 here. As you can see RD only distinguishes each of the routes within the router, just to make sure the correct route goes to the correct CE. But now if these routes reach the remote PE, how will the remote PE know which VRF's these routes belong too? VRF's are local in nature too, and RD's may or may not be deifferent for them. So who will the remote PE make this decision?

It cant. Hence RD is local. To make sure which routes go to which VRF you need RT.Route targets are used to tell the different PE's which routes belong to which VRF. Thats the reason RT has to match and has a global scope. Other than that nothing really needs to be the same.

Here is a link for a good read.

http://www.cisco.com/en/US/docs/net_mgmt/vpn_solutions_center/1.1/user/guide/VPN_UG1.html#wp1019044

Best Regards

Amit

Thanks Amit for your valuable time!

Let me put my question in different way..

Let's assume we have two CE's (CE1 and CE2) and both are meshed to two different PE (PE1 and PE2 respectively).

Both are using same address space (10.10.10.0/24 advt. through some PE-CE protocol) and both are configured with same RD (1:1). Now let's say both PE's are having IBGP session with RR. So when both route is propogated to RR it will choose only one and discard one because of same RD. So here my question is can we really say that RD has local scope because in terms of MPLS we say that we can use same address space but we also say that RD has local scope.

It is understood that no provider will use same RD for two different customer because they maintain data customerwise.

But somehow i feel that statement 'RD has local scope' is not applicable for this kind of scenario.

Please let me know if need more inputs

Regards # Mahesh

Hi Mahesh,

If I am reading your question correctly, the RR has no idea about VRF's and route targets so to the RR these routes are redundant, same entities coming from different hops. It will do the BGP selection criteria on it and discard one of them, which exactly proves that RD is local to the PE. That RD will have no value to the remote PE as well. Because without RT it wouldnt know where to import.

Also you should not have same RD for different customers on the same PE. That will cause confusion as you know

Regards

kruppate
Level 1
Level 1

Hello Amit,

how are you ?

I don't know this is right place for my issue or not !!!!

I was looking for support contact troubleshoot with Virtual Machines.

I have assigned 2 virtual machine and somebody power off those 2 , now i don't have full access of Vcenter so i can't power up those 2...so do you have any information that where i have to get support i already try 2 places for support but they can't .....so you have any information for the support for this Virtual Machine issues...

I appreciate you ..for help...

Regards,

Krupesh Patel

Hi Krupesh,

Wrong forum

You can try the UCS guys, they can help you out.

Regards