GRE with VRF on MPLS/VPN

ar · ‎04-27-2012

Hi.

Backbone network is running MPLS/VPN.

I have one VRF (VRF-A) for client VPN network.

One requirement is to configure another VRF (VRF-B) for this client for a separate public VRF connection.

Sub-interfacing not allowed on CE-to-PE due to access provider limitation.

So GRE is our option.

CE config:

Note: CE is running on global. VRF-A is configured at PE.

But will add VRF-B here for the requirement.

interface Tunnel0

ip vrf forwarding VRF-B

ip address 10.12.25.22 255.255.255.252

tunnel source GigabitEthernet0/1

tunnel destination 10.12.0.133

PE1 config:

interface Tunnel0

ip vrf forwarding VRF-B

ip address 10.12.25.21 255.255.255.252

tunnel source Loopback133

tunnel destination 10.12.26.54

tunnel vrf VRF-A

Tunnel works and can ping point-to-point IP address.

CE LAN IP for VRF-B is configured as static route at PE1

PE1:

ip route vrf VRF-B 192.168.96.0 255.255.255.0 Tunnel0 10.12.25.22

But from PE2 which is directly connected to PE1 (MPLS/LDP running), connectivity doesnt works.

From PE2:

- I can ping tunnel0 interface of PE1

- I cant ping tunnel0 interface of CE

Routing is all good and present in the routing table.

From CE:

- I can ping any VRF-B loopback interface of PE1

- But not VRF-B loopback interfaces PE2 (even if routing is all good)

PE1/PE2 are 7600 SRC3/SRD6.

Any problem with 7600 on this?

Need comments/suggestions.

smitesh kharecha · ‎05-30-2012

Hi Allan,

what is running between PE1 and PE2 ( what I mean is any routing protocol).

If No, then PE2 has no ways of knowing GRE tunnel IP prefixes and hence I suppose those will not be in its CEF table...

If Yes, then check are those Prefixes available in LDP table...

Regards,

Smitesh

ar · ‎05-30-2012

PE1 and PE2 are running as MPLS EDGE.

So it has IGP and MP-iBGP.

This issue was resolved by 'mls mpls tunnel-recir".

thanks