Thanks for the responce.

Can you please brief me in details what would be the issues ?

Explanation A VPNv4 route is being sent to the IBGP neighbor indicated in the messages. The next hop is one of the directly connected physical interfaces. It is possible that the label for the address of the next hop is being removed in the MPLS cloud one hop too soon. Because the provider (P) routers do not store VPN information, they do not know where to forward packets that carry the BGP label. If the address is not available at the correct hop, it could break connectivity between VPN sites.

regards

shivlu jain

But why can‘t physical interfaces be used ? They became neighbors through those interfaces and shared prefixes via them.

Hi @imanless ,

Using the loopback interface for VPNv4 peer establishment is a requirement. Let me give an example of what happens if the physical interface is used instead of the loopback interface.

PE1 <-- subnet 1 --> P1 <--subnet 2--> PE2 

PE2 uses the physical interface (subnet 2) to establish the VPNv4 MP-BGP session and sets the next hop to the IP address on this subnet. PE2 also advertises this subnet in the IGP and LDP with a label value of 3 (implicit NULL) by default. P1 is also directly connected to subnet 2 and advertises it in the IGP and LDP with a label value of 3.

PE1 receives the VPNv4 advertisement from PE2 (either directly to via a RR) with the next hop being set to PE2 IP address on subnet 2. Since PE1 also receives subnet 2 with a label value of 3 from P1 via LDP, it considers itself as the penultimate router in the LSP and pop the top label when sending traffic to any VPNv4 destination received from PE2. P1 receives the traffic with the VPNv4 label as the top label and drops the traffic.

Please let me know if this explanation answer your question.

Regards,

In my case, I have 3 P routers, running MPLS and OSPF as an IGP. They all have LDP Neighborships established. At R1-PE,  the label for 10.45.0.5 is not an imp-NULL label rather its 205. The routes are all shared to the customers, but ping is not possible unless I change the MP-BGP Neighborships from physical interfaces to loopback interfaces. 

Hi @imanless ,

The issue happens on the last hop router (LHR) for the LSP. In your topology it happens on R4-P. R3-P receives the implicit null from R4-P (LHR) as it is directly connected to 10.45.0.0/24. R3-P performs the penultimate hop popping as a consequence of receiving an implicit null label and forwards the packets with only the service label (vpnv4 label) to R4-P, which drops the packets as it is a P router and doesn't have this label installed in its label forwarding table (LFIB).

Regards,

ah ok ok. understood. thank you so much.

You are very welcome @imanless 

How about using a DMVPN tunnel IP as the iBGP peer address, rather than a loopback, still an issue, or no? THX!

Make new post it better and provide more detail 

Thanks 

MHM

Well, its the same issue, except my iBGP peer is a DMVPN Hub Tunnel IP address.

So I only get this message (%BGP-4-vpnv4NH_IF:next-hop x.x.x.x may not be reachable from neighbor x.x.x.x - not a loopback.) on XE 17.9.5a, (the rest of network is 17.9.4a)

Its MPLSoDMVPN, and all the iBGP peers on this DMVPN are the tunnel IPAs.

I'm not aware of any connectivity problems at all, just curious about the message, and the explanation Harold Ritter makes sense to me, as the iBGP peers from hub to spoke are on the same L3 subnet.

Just want to head off a problem is all... if it is a problem ie: should my iBGP peers be a loopback instead?

Thx, Tony

Just please add new post'

This old post so maybe me only notice it' if you make new post all will read and share there opinion 

MHM