03-21-2013 12:23 PM
Hi
I'm labbing a scenario where 2 SP networks are joined using Option B and a remote VPN site is connected to each. I have connectivity between sites across the ASBR's working OK. I now want to add in an Inter-AS TE tunnel between the egress PE's and route the VPN traffic over the TE LSP. The TE tunnel is in place but I cannot see how to force VPN traffic down the tunnel as the BGP next-hop for the prefixes is our own ASBR and not the PE in the other SP. Is there a way round this using Option B?
I can see how it can be done using Option C
Regards
Sent from Cisco Technical Support Android App
03-22-2013 08:08 AM
I don't see differences between doing it with option B or C.
In both cases, head end and tail end are located in different domains, which don't share IGP information.
I recommend you to familiarize with available implementation options watching the session BRKMPL-2105 (Inter-AS MPLS Solutions) at www.ciscolive365.com (free registration - at least it was last time I've checked).
Once you understand the options, check what is available in the hardware and software being used in your lab.
HTH, Gustavo
03-22-2013 09:46 AM
HI Gustavo
The Inter-AS VPN with Option B is working. I have an Inter-AS TE tunnel between the PE's and I can route L2VPN traffic through the TE tunnel. But I want to route the VPN traffic through the TE tunnel as well.
I cannot see a way of forcing VPN traffic through the TE tunnel because the BGP next-hop is never the remote PE's loopback. It's either my own ASBR's loopback (when using next-hop-self on the ASBR) or the neighbor ASBR's interface (when using redistribute connected) so the recursive lookup never selects the TE tunnel as the outgoing interface
Option C works because the BGP next-hop is the egress PE's loopback which I can statically route into a TE tunnel.
Regards
Lee
03-22-2013 10:01 AM
Ok, so you figured out a way of establishing a TE tunnel between the PEs in both ASes. My understanding was that this was a problem for you.
Now, regarding Inter-AS option B, I don't see a simple option to redirect traffic towards the tunnel. You may try source routing with PBR, but I am not sure it works and I am sure it is not scalable.
Is there a real application for all this effort or is it a pure academic exercise?
Regards
08-13-2013 05:15 PM
Hi Lee,
Even I tried this with Option-B but it wont work with usual procedures. The reason being the VPN label advertised by remote PE. The Inter-AS MPLS-TE tunnel is end-to-end. While the VPN label value changes at every ASBR. When you force the traffic over the MPLS-TE tunnel, the VPN label is never exposed until the traffic reaches the remote PE, and since the VPN label values wont match, the remote PE will drop it.
There must be other means to do this - may be some extra configurations/tweaking.
Edited: I should add that when PEs exchange VPNv4 prefixes directly (rather than through ASBRs like in Option-B), you can force the traffic between them statically, and this works. I have tested it.
Regards,
Amit.
03-22-2013 10:56 AM
Both. I'm studying Inter-AS MPLS for SP lab attempt but also have possible requirement to peer with another SP.
I've tried changing the next-hop in an import-map but that didn't work. I'll give PBR a try. It looks like there's no simple, scalable solution to this problem.
Thanks for your replies
Sent from Cisco Technical Support Android App
03-22-2013 02:11 PM
For CCIE SP, it is not on blueprint for the lab exam.
It contains Inter-AS for MPLS L3VPN, not for MPLS-TE.
I don't think Inter-AS MPLS TE is supported with the combination of hardware and software of the exam.
The blueprint and hardware and software used are documented on the Cisco Learning Network.
Cheers
Message was edited by: Andre Albuquerque
08-06-2013 05:21 AM
I am having the exact same issue with routing L3VPN traffic through the Inter-AS TE tunnel with option B. Is this possible?
08-13-2013 09:47 PM
can you try to usedestination IP in the hean end that point to the tail-end IP
and use static route that for this IP point to the TE tunnel
e.g.
tunnelx
tunnel destination 2.2.2.2
ip route 2.2.2.2 255.255.255.255 tunnel x
then you may staticaly route traffic to TE tunnel for Layer 3 VPN traffic or autoroute once the next hope is chnaged to 2.2.2.2
To change the next hope of L3VPN MP-iBGP using route-map by making it using the tailend IP (2.2.2.2 ) under the relevant bgp address-family/VPNv4 at the ASBR/RR toward the desired PE ( head end )
e.g
ASBR/RR
bgp xx
address-family vpnv4
neighbor [head-end/PE IP] route-map map1 out
set ip next-hope 2.2.2.2
route-map map1 permit
in the path option you should have both your AS ASBR and the remote AS ASBR IPs
in the ASBR of both ends in te phsycial interface facing the other AS:
int x/x
mpls traffic-eng passive-interface nbr-te-id [next-hop ASBR IP ] nbr-igp-id ospf [next-hop ASBR IP]
and let us know if this help !
Message was edited by: Marwan
08-13-2013 10:02 PM
Hi,
I was just trying to undertsand how this will work:
tunnelx
tunnel destination 2.2.2.2
ip route 2.2.2.2 255.255.255.255 tunnel x
You are trying to use the same IP as destination and then using the same IP for routing over the tunnel. In my opinion, this will cause recursive failure and the tunnel will flap. I havent really tested this but thinking with a generic tunnel config point of view!!
08-13-2013 10:34 PM
I agree with your point
however I THINK this is not like normal tunnel because this tunnel has path option where it will use to reach its destination
that has the 2 ASBRS in the path and those ASBRS should calculate and find the path !! but you can try it and update us as this is in theory only
by the way this idea from ciscolive slide of using the tunnel destination with static route !
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide