08-18-2016 12:00 PM
I have been practicing this lab and can't seem to get the tunnel up am I missing something? Customer R3 can ping Customer R4 but when I do a packet sniff packets are not showing ESP packets being sent.
When I do show mpls interface is shows the tunnel is down
R1
ip vrf BLUE
rd 400:1
route-target export 400:1
route-target import 400:2
interface Loopback0
ip address 10.10.10.1 255.255.255.255
ip ospf 65001 area 0
!
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.0
ip ospf 65001 area 0
duplex half
mpls ip
!
interface Ethernet1/0
ip vrf forwarding BLUE
ip address 172.168.2.1 255.255.255.0
duplex half
!
!
router ospf 400
router-id 10.10.10.1
log-adjacency-changes
!
router bgp 400
bgp router-id 10.10.10.1
bgp log-neighbor-changes
neighbor 11.11.11.1 remote-as 400
neighbor 11.11.11.1 update-source Loopback0
!
address-family ipv4
neighbor 11.11.11.1 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 11.11.11.1 activate
neighbor 11.11.11.1 send-community extended
exit-address-family
!
address-family ipv4 vrf BLUE
redistribute connected
neighbor 172.168.2.2 remote-as 500
neighbor 172.168.2.2 activate
no synchronization
exit-address-family
R2
ip vrf RED
rd 400:2
route-target export 400:2
route-target import 400:1
!
!
interface Loopback0
ip address 11.11.11.1 255.255.255.255
ip ospf 65001 area 0
!
interface FastEthernet0/0
ip address 1.1.1.2 255.255.255.0
ip ospf 65001 area 0
duplex half
mpls ip
!
interface Ethernet1/0
ip vrf forwarding RED
ip address 172.168.1.1 255.255.255.0
duplex half
!
!
router ospf 65001
router-id 11.11.11.1
log-adjacency-changes
!
router bgp 400
bgp router-id 11.11.11.1
bgp log-neighbor-changes
neighbor 10.10.10.1 remote-as 400
neighbor 10.10.10.1 update-source Loopback0
!
address-family ipv4
neighbor 10.10.10.1 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 10.10.10.1 activate
neighbor 10.10.10.1 send-community extended
exit-address-family
!
address-family ipv4 vrf RED
redistribute connected
neighbor 172.168.1.2 remote-as 500
neighbor 172.168.1.2 activate
no synchronization
exit-address-family
!
R3
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Ethernet1/0
ip address 172.168.2.2 255.255.255.0
duplex half
!
router bgp 500
bgp router-id 3.3.3.3
bgp log-neighbor-changes
neighbor 172.168.2.1 remote-as 400
!
address-family ipv4
redistribute connected
neighbor 172.168.2.1 activate
no auto-summary
no synchronization
exit-address-family
!R4
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
interface Ethernet1/0
ip address 172.168.1.2 255.255.255.0
duplex half
!
router bgp 500
bgp router-id 4.4.4.4
bgp log-neighbor-changes
neighbor 172.168.1.1 remote-as 400
!
address-family ipv4
redistribute connected
neighbor 172.168.1.1 activate
no auto-summary
no synchronization
exit-address-family
Solved! Go to Solution.
08-19-2016 06:21 AM
Hello Ubsaccount,
I am not sure I am following - are you expecting to see ESP "encrypted packets" between Customer 3 and Customer 4? If so, there is nothing in your configuration that specifies that. I am not sure about what tunnel you are referring to.
MPLS L3VPNs do not have to use encryption, and if the 'VPN' word is through you off, there are many ways of configuring VPN's which do not have to do with actual encryption. In this MPLS L3VPN scenario, it is a VPN because we are isolating this customers traffic from other customers using VRF's. No need for encryption, but you can add encryption between this transaction, but that would be up to your CE devices to setup that tunnel.
Thanks,
Victor Hugo Acevedo
08-19-2016 06:21 AM
Hello Ubsaccount,
I am not sure I am following - are you expecting to see ESP "encrypted packets" between Customer 3 and Customer 4? If so, there is nothing in your configuration that specifies that. I am not sure about what tunnel you are referring to.
MPLS L3VPNs do not have to use encryption, and if the 'VPN' word is through you off, there are many ways of configuring VPN's which do not have to do with actual encryption. In this MPLS L3VPN scenario, it is a VPN because we are isolating this customers traffic from other customers using VRF's. No need for encryption, but you can add encryption between this transaction, but that would be up to your CE devices to setup that tunnel.
Thanks,
Victor Hugo Acevedo
12-17-2016 12:23 PM
Thanks Victor you are correct! :) I was expecting to see ESP packets . Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide