MPLS Encapsulation failed !!!

srowles · ‎03-08-2006

Hi

I seem to be having a problem with a MPLS VPN scenario which I have set up in a lab.

I have two routers (a 7301 and a 2651XM) connected together over ethernet.

I have the following VRFs configured on both

7501 (running Version 12.4(2)T1):

sh ip route vrf companyX.com

Gateway of last resort is not set

10.0.0.0/32 is subnetted, 1 subnets

C 10.10.10.1 is directly connected, Loopback100

30.0.0.0/32 is subnetted, 1 subnets

B 30.30.30.1 [200/0] via 50.0.0.2, 00:45:13

sh ip route vrf companyY.com

Gateway of last resort is not set

40.0.0.0/32 is subnetted, 1 subnets

B 40.40.40.1 [200/0] via 50.0.0.2, 00:46:08

10.0.0.0/32 is subnetted, 1 subnets

C 10.10.20.1 is directly connected, Loopback101

2651XM (running Version 12.3(17a)):

sh ip route vrf companyX.com

Gateway of last resort is not set

10.0.0.0/32 is subnetted, 1 subnets

B 10.10.10.1 [200/0] via 50.0.0.1, 00:47:42

30.0.0.0/32 is subnetted, 1 subnets

C 30.30.30.1 is directly connected, Loopback100

sh ip route vrf companyY.com

Gateway of last resort is not set

40.0.0.0/32 is subnetted, 1 subnets

C 40.40.40.1 is directly connected, Loopback101

10.0.0.0/32 is subnetted, 1 subnets

B 10.10.20.1 [200/0] via 50.0.0.1, 00:48:

When I try and ping one of the remote BGP learned addresses I get "MPLS encapsulation failed" (while running debug ip packet).

This is the first time that I've tried to configure MPLS VPNs and I am wondering what I'm doing wrong so any help will be much appreciated.

Harold Ritter · ‎03-08-2006

Could you please post the configs for both routers.

Thanks,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

srowles · ‎03-10-2006

Hi

Here are the configs for my two routers:

Config on 7301:

version 12.4

!

resource policy

!

ip subnet-zero

ip cef

!

no ip dhcp use vrf connected

!

ip vrf companyX.com

rd 5089:100

route-target export 5089:100

route-target import 5089:100

!

ip vrf companyY.com

rd 5089:101

route-target export 5089:101

route-target import 5089:101

!

mpls label protocol ldp

!

interface Loopback5

ip address 50.0.0.1 255.255.255.255

ip router isis core

!

interface Loopback100

ip vrf forwarding companyX.com

ip address 10.10.10.1 255.255.255.255

!

interface Loopback101

ip vrf forwarding companyY.com

ip address 10.10.20.1 255.255.255.255

!

interface GigabitEthernet0/0

ip address 212.134.79.228 255.255.255.248

duplex auto

speed auto

media-type rj45

no negotiation auto

!

interface GigabitEthernet0/1

ip vrf forwarding companyX.com

ip address 10.50.2.1 255.255.255.0

shutdown

duplex auto

speed auto

media-type rj45

no negotiation auto

!

interface GigabitEthernet0/2

ip address 20.0.0.1 255.255.255.0

ip router isis core

duplex full

speed 100

media-type rj45

no negotiation auto

mpls ip

mpls mtu 1508

!

router isis core

net 49.0001.0000.0000.0001.00

is-type level-2-only

log-adjacency-changes

!

router bgp 5089

no synchronization

bgp log-neighbor-changes

neighbor 50.0.0.2 remote-as 5089

neighbor 50.0.0.2 password cisco

neighbor 50.0.0.2 update-source Loopback5

no auto-summary

!

address-family vpnv4

neighbor 50.0.0.2 activate

neighbor 50.0.0.2 send-community both

exit-address-family

!

address-family ipv4 vrf companyY.com

redistribute connected

no auto-summary

no synchronization

exit-address-family

!

address-family ipv4 vrf companyX.com

redistribute connected

no auto-summary

no synchronization

exit-address-family

!

ip route 0.0.0.0 0.0.0.0 212.134.79.225

---------------------------------------------------------------------------------------------------------------------------

Config on 2651XM:

version 12.3

!

hostname PE-CE

!

ip subnet-zero

ip cef

!

ip vrf companyX.com

rd 5089:100

route-target export 5089:100

route-target import 5089:100

!

ip vrf companyY.com

rd 5089:101

route-target export 5089:101

route-target import 5089:101

!

ip audit po max-events 100

mpls label protocol ldp

no mpls ldp logging neighbor-changes

!

interface Loopback5

ip address 50.0.0.2 255.255.255.255

ip router isis core

!

interface Loopback100

ip vrf forwarding companyX.com

ip address 30.30.30.1 255.255.255.255

!

interface Loopback101

ip vrf forwarding companyY.com

ip address 40.40.40.1 255.255.255.255

!

interface FastEthernet0/0

ip address 20.0.0.2 255.255.255.0

ip router isis core

speed 100

full-duplex

tag-switching mtu 1508

tag-switching ip

!

interface FastEthernet0/1

ip address 10.60.2.1 255.255.255.0

duplex auto

speed auto

!

router isis core

net 49.0001.0000.0000.0002.00

is-type level-2-only

log-adjacency-changes

!

router bgp 5089

no synchronization

bgp log-neighbor-changes

neighbor 50.0.0.1 remote-as 5089

neighbor 50.0.0.1 update-source Loopback5

neighbor 50.0.0.1 password xxxx

no auto-summary

!

address-family vpnv4

neighbor 50.0.0.1 activate

neighbor 50.0.0.1 send-community both

exit-address-family

!

address-family ipv4 vrf companyY.com

redistribute connected

no auto-summary

no synchronization

exit-address-family

!

address-family ipv4 vrf companyX.com

redistribute connected

no auto-summary

no synchronization

exit-address-family

!

ip classless

Thanks in advance for your help..

mheusinger · ‎03-08-2006

Hello,

you should first check, whether LDP is up and running ("show mpls ldp discovery" or "show mpls ldp neighbor"). Also have a look whether CEF is turned on and uses the labels: "show ip cef detail" "show ip cef vrf companyY.com detail" and show mpls forwarding-table.

So include into config as a minimum:

ip cef

interface Ethernet0/0

ip address 1.2.3.4 255.255.255.0

mpls ip

mpls mtu 1508

Can you post the output of those show commands above?

Hope this helps! Please rate all posts.

Regards, Martin

srowles · ‎03-10-2006

Hi

Thanks for the response. I have added the "mpls mtu 1508" command to the config but still have the same problem.

I am attaching the confis for both routers and the outputs from the show commands that you have suggested. It was too many characters to paste directly into the notes..

Thanks in advance for any observations and comments.

Harold Ritter · ‎03-10-2006

Your configurations looks good. Could you please tell us on which router and what is the exact command you use to trigger the error message.

Thanks,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

ft · ‎03-11-2006

A question, Do you connect 7301 and 2651XM with a cable or a switch?

If with a switch, you should use a switch support jambo frames.

srowles · ‎03-13-2006

Hi

As can be seen from the following output my problem seems to have gone away:

sh access-list 100

Extended IP access list 100

10 permit icmp any any

Tel-MLVPAM-01#debug ip packet 100

IP packet debugging is on for access list 100

Tel-MLVPAM-01#sh ip route vrf companyY.com

Routing Table: companyY.com

Gateway of last resort is not set

40.0.0.0/32 is subnetted, 1 subnets

B 40.40.40.1 [200/0] via 50.0.0.2, 00:22:37

10.0.0.0/32 is subnetted, 1 subnets

C 10.10.20.1 is directly connected, Loopback101

Tel-MLVPAM-01#ping vrf companyY.com 40.40.40.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 40.40.40.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

Tel-MLVPAM-01#

Mar 13 10:01:42.429: IP: tableid=2, s=10.10.20.1 (local), d=40.40.40.1 (GigabitEthernet0/2), routed via FIB

Mar 13 10:01:42.429: IP: s=10.10.20.1 (local), d=40.40.40.1 (GigabitEthernet0/2), len 100, sending

Mar 13 10:01:42.429: IP: tableid=2, s=40.40.40.1 (GigabitEthernet0/2), d=10.10.20.1 (Loopback101), routed via RIB

Mar 13 10:01:42.429: IP: s=40.40.40.1 (GigabitEthernet0/2), d=10.10.20.1, len 100, rcvd 4

Mar 13 10:01:42.429: IP: tableid=2, s=10.10.20.1 (local), d=40.40.40.1 (GigabitEthernet0/2), routed via FIB

Mar 13 10:01:42.429: IP: s=10.10.20.1 (local), d=40.40.40.1 (GigabitEthernet0/2), len 100, sending

Mar 13 10:01:42.433: IP: tableid=2, s=40.40.40.1 (GigabitEthernet0/2), d=10.10.20.1 (Loopback101), routed via RIB

Mar 13 10:01:42.433: IP: s=40.40.40.1 (GigabitEthernet0/2), d=10.10.20.1, len 100, rcvd 4

Mar 13 10:01:42.433: IP: tableid=2, s=10.10.20.1 (local), d=40.40.40.1 (GigabitEthernet0/2), routed via FIB

Mar 13 10:01:42.433: IP: s=10.10.20.1 (local), d=40.40.40.

Tel-MLVPAM-01#1 (GigabitEthernet0/2), len 100, sending

Mar 13 10:01:42.433: IP: tableid=2, s=40.40.40.1 (GigabitEthernet0/2), d=10.10.20.1 (Loopback101), routed via RIB

Mar 13 10:01:42.433: IP: s=40.40.40.1 (GigabitEthernet0/2), d=10.10.20.1, len 100, rcvd 4

Mar 13 10:01:42.433: IP: tableid=2, s=10.10.20.1 (local), d=40.40.40.1 (GigabitEthernet0/2), routed via FIB

Mar 13 10:01:42.433: IP: s=10.10.20.1 (local), d=40.40.40.1 (GigabitEthernet0/2), len 100, sending

Mar 13 10:01:42.437: IP: tableid=2, s=40.40.40.1 (GigabitEthernet0/2), d=10.10.20.1 (Loopback101), routed via RIB

Mar 13 10:01:42.437: IP: s=40.40.40.1 (GigabitEthernet0/2), d=10.10.20.1, len 100, rcvd 4

Mar 13 10:01:42.437: IP: tableid=2, s=10.10.20.1 (local), d=40.40.40.1 (GigabitEthernet0/2), routed via FIB

Mar 13 10:01:42.437: IP: s=10.10.20.1 (local), d=40.40.40.1 (GigabitEthernet0/2), len 100, sending

Mar 13 10:01:42.437: IP: tableid=2, s=40.40.40.1 (GigabitEthernet0/2), d=10.10.20.1 (Loopback101), routed via RIB

Mar 13 10:01:42.437: IP: s=40.40.40.1 (GigabitEthernet0/2), d=10.10.20.1, len 100, rcvd 4

Tel-MLVPAM-01#

This is where I was previously getting the "MPLS Encapsulation Failed" Message.

It seems that a weekend away and the purchase of a Cisco Press book on MPLS seems to have fixed the problem with no further action.

I did actually remove the MPLS configuration and re-configure it on Friday, prior to posting the configs. At that time I still had the problem however. I then switched the routers (a 7301 and a 2651XM) off for the weekend. So perhaps there was some misconfiguration and bad cache entries.

Anyway, now that that problem seems to have gone away, I can continue with my testing and hopefully improve my understanding of MPLS in the process.

Thanks to everyone for your comments and assistance.