cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
645
Views
5
Helpful
8
Replies

Inter-AS MPLS VPN Problem

rivalino_ymt
Level 1
Level 1

Hi all,

I need help. For days, I spent my time to check my config many times. So far, I still did not get the clue what happen to my config. I am setting up Inter-AS MPLS VPN, with VPNv4 eBGP session between ASBR. Both CE have their complete route between each other. Both PE also has complete routing table on its VRF. But, I still can not ping end-to-end. What's the problem. FYI, I am running MPLS on 2801 box with IOS c2801-adventerprisek9-mz.123-14.YT.bin.

my topology is simple, as follow:

CE1--PE1--ASPE1--ASPE2--PE2--CE2

Can you give comment on my config?

Thank for your help,

Rivalino

8 Replies 8

Harold Ritter
Cisco Employee
Cisco Employee

Your configs look good. Could you please post the output of the following commands:

from PE1:

sh ip cef vrf TES 6.6.6.6

sh ip cef vrf TES 56.56.56.0

show mpls forw det

from PE2:

sh ip cef vrf TES 1.1.1.1

sh ip cef vrf TES 12.12.12.0

show mpls forw det

From ASPE1 and ASPE2:

sh mpls for detail

Thanks,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

romccallum
Level 4
Level 4

you are not advertising the dmz link in your IGP. Add network 34.34.34.0 0.0.0.255 under your ospf statements on each asbr pe and you will then be fine. Oh and you will need to passive interface that baby as well or else you shall have an ospf neighbour. OR just do a redist connected.

It has to be something else since next-hop-self is configured on both ASBRs and looking at the routes on the PEs we can see the next hop is the ASBR loopback address.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Here I attach the output command you ask for. Btw, I had put command 'next-hop-self' on both AS-PE1 and AS-PE2, it means i do not need to advertise network 34.34.34.0 to ospf.

Thanks for your help,

Rival

Looking at the output you just provided, it looks like there is something wrong with LDP session between PE1 and AS-PE1 and between PE2 and AS-PE2. The reason I'm saying that is on PE1 the LFIB entry for 3.3.3.3 shows as untagged when it should be "Pop tag"

Can you join a "sh mpls ldp nei" and "sh mpls ldp dis" on PE1, PE2, AS-PE1 and AS-PE2.

Also "show mpls ldp bind 3.3.3.3 32" from PE1 and "show mpls ldp bind 4.4.4.4 32" from PE2.

Thanks,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hi,

I surprise to know that ldp neighbor is not up. You can see at attachment. What you said, that LFIB entry for 3.3.3.3 on PE1 should be "Pop tag", I think it should be untagged ,since from PE1 to reach 3.3.3.3 is only one hop away. And PE1 is th first LSR in this case, it receive untagged packet from CE1, then he should not do 'pop tagging' since it receive untagged label. Am I right?

So, what about my config? It seems ios problem..!?

Thanks,

Rivalino

The issue is really with the LDP session not being setup properly. The "no route" on both PE1 and PE2 is what is causing the issue.

PE1#sh mpls ldp dis

Local LDP Identifier:

23.23.23.2:0

Discovery Sources:

Interfaces:

FastEthernet0/1 (ldp): xmit/recv

LDP Id: 34.34.34.3:0; no route

PE2#sh mpl ld dis

Local LDP Identifier:

5.5.5.5:0

Discovery Sources:

Interfaces:

FastEthernet0/1 (ldp): xmit/recv

LDP Id: 34.34.34.4:0; no route

This is because AS-PE1 and AS-PE2 use the serial interface address as ther LDP router-id instead of the loopback interface IP address.

Make sure that all routers use the loopback interface IP address instead by configuring the following command:

mpls ldp router-id loopback 0 force

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hi,

It solves my problem. Now CE1 can reach CE2.

Thanks for your help :))))))

Rivalino

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: