11-14-2007 08:08 AM
Hi All
I have setup the following MPLS-VPN network.
VPN Green ---Ce8 (Site A)--->pe2--->pe3--->Ce2 (Site B)
VPN Green IGP is eigrp and VPN routes are all propagated fine and all Sites can see eachther.
Internet access is through an interface on pe3 connecting to the internet gateway.This is the default route in the global table.
c8 has a subinterface that i use for the internet connection from VPN Green. I have configured the vrf static route for internet connectivity on pe2 pointing to the next-hop subinterface on ce8, and also configured the reverse route from the internet.
From Ce8, i can ping the internet fine and under Ce8 (which is part of VPN Green), i can see the internet route that i configured under pe2 being advertised as below
D*EX 0.0.0.0/0 [170/30720] via 10.82.1.2, 01:03:57, FastEthernet0/0.82
BUT, this same route is not being propagated in the other sites i.e Ce2, so that means i can not get to the internet . I have tried putting a static route in ce 2 point to ce8 but still no luck.
How can i get the default route thats in ce 8 be propagated and used in ce2?
Regards
Maamun
11-15-2007 08:21 AM
Maamun, you can originate a default in the ipv4 vrf address family in BGP on PE2 which connects to CE8. This will enable the other side to have a default as well.
Or you can have a similar static route at the other PE3 which connects to CE2.
Also here is a document which will walk you through such a setup and the config details.
http://www.cisco.com/warp/public/105/internet_access_mpls_vpn.html
HTH-Cheers,
Swaroop
11-15-2007 02:12 PM
Hi Swaroop
As always, you help is always appreciated. I have looked at the link you gave me but it looks like the same thing i did. My issue really is , i have the default route in the Ce8 but not in ce2, attached is the Configs for all the routers. maybe i have missed something. I want to use CE8 as a hub for the internet connectivity, i dont want to put other static routes on pe3 to enable ce2 to route to RR (Internet). Traffic Must go through ce2 to go to the internet
Thanks in advance
Maamun
11-17-2007 12:42 AM
Maamun,
Try changing the config as below, it should be working.
PE2:
!
interface FastEthernet0/0.82
encapsulation dot1Q 82
ip vrf forwarding green
ip address 10.82.1.2 255.255.255.0
no mpls label protocol ldp
no mpls ip
!
interface FastEthernet0/0.83
encapsulation dot1Q 83
ip vrf forwarding greeninternet
ip address 10.83.1.2 255.255.255.0
!
ip route 10.0.0.0 255.0.0.0 FastEthernet0/0.83 10.83.1.1
ip route vrf greeninternet 0.0.0.0 0.0.0.0 172.16.30.254 global
no ip route 10.82.1.0 255.255.255.0 FastEthernet0/0.83 10.83.1.1
no ip route vrf green 0.0.0.0 0.0.0.0 172.16.30.254 global
CE8:
!
interface FastEthernet0/0.82
encapsulation dot1Q 82
ip address 10.82.1.1 255.255.255.0
no mpls label protocol ldp
no mpls ip
!
interface FastEthernet0/0.83
encapsulation dot1Q 83
ip address 10.83.1.1 255.255.255.0
no cdp enable
!
ip route 0.0.0.0 0.0.0.0 10.83.1.2
!
router eigrp 100
network 8.8.8.8 0.0.0.0
network 10.82.1.0 0.0.0.255
redistribute static
default-information originate <--towards PE2 and should be passed down in similar fashion to PE3 and CE2
no auto-summary
!
This will help CE8 act as the HUB and all the internet traffic will traverse via the HUB before exiting out.
HTH-Cheers,
Swaroop
11-18-2007 11:28 AM
Hi Swaroop
I am sure the changed config you gave me should work but it means i create a vrf for internet connectivity and also configure route targets etc for any vpn that needs internet. Thats not what i want to do. If i create the internet vrf, my default route that i have originated in the core IGP-OSPF disappears. I dont want that either. Ce8 should be the Hub for internet connectivity for all the other sites through the internet sub-interface
What i have done is be able to get ce8 to get to the internet as it has the global default route that i configured on pe2. Is there a flaw in my design or is there a way i can originate that global default injected into ce8-vrf green to the rest of the VPN sites like ce2? I have tried the default-information originate in eigrp but i cant seem to find that command , all i can see is default-information -in -out or allowed, do they have the same feature ?
Maamun
11-18-2007 01:36 PM
Maamun,
There is no creation of internet VRF, i have named it as greeninternet to diffrentiate between the normal and this vrf. this grreninternet vrf is standalone on this PE only.
CE8 host reach the internet through the interface which is in greeninternet. all other CE;s in green vrf come to CE8 and then exit out of the interface connected to greeninternet.
There is no default-information originate command for eigrp, and you wont need it as in the given config before, its getting redistibuted, so you will receive it at the PE, at the PE in your vrf
address family implement a default originate to propogate a default form the HUb to all your other spoke CE's.
To avoid confusion pls implement the config and check.
Also if this is for a lab or a small setup this is fine, would not be a recommended design for larger scale deployments.
HTH-Cheers,
Swaroop
11-19-2007 11:22 AM
Maamun,
if you have any doubts regarding implementing the recommendation, do reply back i will send you a working config.
HTH-Cheers,
Swaroop
11-20-2007 02:32 PM
Hi Swaroop
As always, i appreciate your help, i was careful enough to try the config you gave me b4 i posted my last post. I think there was some misunderstading between our communications on what i was traveling to achieve.
I have been busy with for the last fews days, I am going to try again what you suggested, Please dont provide new configs yet, i will post my results i soon as i can
Regards
Maamun
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide