Solved: Re: Label switching in VRF

APatotski · ‎01-26-2009

Does any body know how to configure label switching in VRF?

I have Tunnel 10 between two routers. The tunnel 10 is in VRF red. Below is the config.

ip vrf red

rd 10:10

route-target export 10:10

route-target import 10:10

!

mpls label protocol ldp

mpls ldp explicit-null

mpls ldp router-id vrf red Loopback1

!

interface Loopback0

ip address 172.22.17.3 255.255.255.255

!

interface Loopback1

ip vrf forwarding red

ip address 10.1.2.3 255.255.255.255

!

interface Tunnel10

ip vrf forwarding red

ip address 10.1.1.1 255.255.255.252

mpls ip

tunnel source Loopback0

tunnel destination 172.22.17.4

LDP is in UP state:

R3#sh mpls ldp neighbor vrf red

Peer LDP Ident: 10.1.2.4:0

No TCP connection; Downstream

Up time: 01:04:30

Peer LDP Ident: 10.1.2.4:0; Local LDP Ident 10.1.2.3:0

TCP connection: 10.1.2.4.18593 - 10.1.2.3.646

State: Oper; Msgs sent/rcvd: 73/72; Downstream

Up time: 01:02:38

LDP discovery sources:

Tunnel10, Src IP addr: 10.1.1.2

Addresses bound to peer LDP Ident:

10.1.2.4 10.1.1.2

But I have no any bindings:

R3#sh mpls ldp bindings vrf red detail

- Empty output .-

R3#

Could you help me?

Giuseppe Larosa · ‎01-27-2009

Hello Aliaksandr,

if you want to encrypt CE to CE you shouldn't use CsC (VRF or VRF).

I would :

build L2Tpv3 L2 transport CE to CE

on CE to backbone L3 IP interface

you then add a crypto map that will match:

L2TPv3 traffic carrying L2 ethernet frames

CE to CE ipv4 traffic

Actually I wonder if you really need a VRF in your case but I can understand it can help in segregating traffic (but you are using IPSec so the question arises)

EoMPLS would be ideal if no encyption of the L2 frames is required.

I think it can be a more clean design and you will however have to handle possible MTU issues just to say.

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎01-26-2009

Hello Aliaksandr,

to have mpls LDP bindings you need to advertise subnets over the link with a classless routing protocol (from RIPv2 to OSPF) in a PE-CE relationship.

the sh mpls ldp neigh says that:

the only addresses bounded to the peer are the GRE tunnel endpoints themselves

Then there is the nature of the link.

I don't know if it is possible to have Carrier Supporting Carrier over a GRE tunnel

see

http://www.cisco.com/en/US/solutions/collateral/ns341/ns524/ns562/ns577/net_implementation_white_paper0900aecd806a7df1.html

Hope to help

Giuseppe

APatotski · ‎01-27-2009

Giuseppe,

Thank you for reply.

I have connected CE router and configured dynamic routing protocol. On local and remote PE routers I can see the routes from CE in vrf red, but I do not see any label bindings.

Debug shows the following:

R3#debug mpls ldp bindings

LDP Label Information Base (LIB) changes debugging is on

R3#

*Jan 27 13:31:48.279: tc_handle_bg_timer_event: TC not enabled, ctx # 0(Default-

IP-Routing-Table)

R3#

Harold Ritter · ‎01-26-2009

Aliaksandr,

Unless you are going to deploy Carrier Supporting Carrier (CsC), you don't need to configure label switching within the VRF context. Can you please further explain what you are trying to achieve.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

APatotski · ‎01-26-2009

hritter,

Thank you for prompt reply.

I have two datacenters (DC) in different buildings. Now we have L2 VLAN for server clusters between DCs. We are required to encrypt all the traffic between DCs, including L2 Ethernet. The idea is to build EoMPLS. GRE will be encrypted with crypto map. I can not use GRT because GRT is already used in our aggregation switches (cat 6500).

Giuseppe Larosa · ‎01-27-2009

Hello Aliaksandr,

if you want to encrypt CE to CE you shouldn't use CsC (VRF or VRF).

I would :

build L2Tpv3 L2 transport CE to CE

on CE to backbone L3 IP interface

you then add a crypto map that will match:

L2TPv3 traffic carrying L2 ethernet frames

CE to CE ipv4 traffic

Actually I wonder if you really need a VRF in your case but I can understand it can help in segregating traffic (but you are using IPSec so the question arises)

EoMPLS would be ideal if no encyption of the L2 frames is required.

I think it can be a more clean design and you will however have to handle possible MTU issues just to say.

Hope to help

Giuseppe

APatotski · ‎01-28-2009

Hello Giuseppe,

Thank you for advice regarding L2TPv3.

I will test it in my lab to understand if it is a satisfied solution.

I will post the results.

Best Regards.

shivlu jain · ‎01-29-2009

APatotski

L2TPV3 is the trusted solution. We are serving more than 30% of clients on L2 solution.

Configuration is given below

pseudowire-class SHIVLU

encapsulation l2tpv3

ip local interface Loopback20

interface GigabitEthernet0/2.998

encapsulation dot1Q 998

xconnect 998 encapsulation l2tpv3 pw-class SHIVLU

end

the same will need to configure the another PE also.

how to check whether it is up or not

sh l2tun session circuit vcid 998

regards

shivlu jain

APatotski · ‎01-28-2009

Hello Giuseppe,

L2TPv3 is the satisfied solution in our network. Unfortunately we have to use global routing table. Nevertheless, I think it is the best of possible solutions.

Thank you for help!

Best Regards.