cisco 1700 with MP-BGP and VRF support

mesuti · ‎03-16-2004

I have a Cisco 1721 with MP-BGP Support, you can create VRFs with it and every other MPLSVPN feature, but the commands for MPLS switching are not supported like Router(config-if)mpls ip , I read in some forums that you can create MPLS VPN without enabling MPLS at all, just with MPBGP, but I couldn't do it myself, Can someone tell me how to make it work or what can I do with a Cisco 1721 that supports MP-BGP?

thanks in advance

Harold Ritter · ‎03-17-2004

MPLS VPN requires MPLS support at least on the PE router. Without MPLS, you can always use the VRF feature to create multiple RIBs on the router (VRF lite).

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

ashraf.ali · ‎03-18-2004

Probably you can connect the 1750 router to a MPLS enabled router on a back-to-back x-connect, and still route VRF traffic through that. But your MP-BGP should start from the MPLS enabled router only.

dlasher · ‎04-07-2004

I've run into the same issue. VRF-"lite" is really MPLS-99%, IE all features work, MP-BGP peer sessions, routes in VRF's etc, just no tag-switching on the interfaces.

One of the suggestions the TAC offered was to use some form of encapsulation (frame-relay or Dot1Q) to explode the VRF's apart from the PE to CE then put them back into VRF's on the 17xx (CE).

mesuti · ‎04-08-2004

thanks very much,

Can I use dot1q encapsulation on ethernet interfaces by creating sub-interfaces between those routers (PE and CE)?

What were the other suggestions by TAC?

best regards

Mesuti

ashraf.ali · ‎04-11-2004

Yes you can do that. I have done it myself and it works. The only drawback is that it does not support

QoS in the PE-CE Vlan sub-interfaces.

miguelantonio.luna · ‎04-13-2004

You can enable VRF-Lite without MP-BGP or MPLS transport. It's not mandatory. I Made for a customer a design that uses multi-vrf via IpSec on 1711 and 1712 routers (GRE/IPSec with dynamic routing per VPN). This emulates multiple routers and multiple serial lines via Internet. That kind of designs are possible. Multi-vrf allows U to have per VPN default routing. In my design I use per VPN OSPF process, but MP-BGP is another possibility to transport per VPN routes.

Darren Ramsey · ‎04-14-2004

Can you post a sample config using VRF-Lite and GRE?

miguelantonio.luna · ‎04-15-2004

Here is an example. Take care about overhead for packets like VoIP. The overhead is 88 bytes.

The packet semms something like that.

IpHeader-pub@ - NAT-Tudp4500 - ESP - IpHeader-priv@(vrf discriminator) - GRE - Original IP Header - Data - Esp Trailer.

In this case you neet tunnel-mode because you use

private @ in order to determine vrf (vrf discriminator).

This is a LAB config, all other security parameters you need on a router are not configured. If you add access-list on the external interface of REMOTE you have to understand every encapsulation step in order to well tune it.

Good reading.

The PPT draw shows physically and logically views.

PS, take care about fragmentation issues, the problematic is still not well managed by the routers, I could not made Tunnel-path-mtu discovery work with vrf's. The workaround is to fragment packets. It's not good for performance but actually there is no other solution concerning that.

Kind Regards

Miguel

miguelantonio.luna · ‎04-15-2004

PS to my last update...

You really need to use C1700-ADVSECURITYK9-M), Version 12.3(7)T on the router,

During my first tests this was only working on 2600, because a bug was present. I identified the bug and the developpement made trhe fix recently.

Kind Regards

Miguel.