02-27-2006 04:15 AM
Hi,
I have connected two PE routers (3620) via serial cable and on each PE a CE router (2503).
From my point of view, I think that I have configured everthing correct for MPLS VPN.
In detail:
The vrfs contains the routes from the PE neighbor via MB-BGP. The vpnv4 routing table in each PE router looks like correct.
The ping vrf ... from one PE router to the other is not working. Now, I assume, that it is required to have a P router between the two PE's. Is this assumption correct, or have I configured something wrong?
Maybe someone can give me a hint for furhter trobleshooting.
Is a lab setup only with directly connected PE router a non valid configuration?
Frank
Solved! Go to Solution.
02-28-2006 07:04 AM
Hello,
there one problem: PE-CE IP addresses are not included into BGP.
router bgp 65000
address-family ip vrf CustomerA
redistribute connected !This is most likely missing
redistribute static
no synch
no auto-summary
Hope this helps! Please rate all posts.
Regards, Martin
02-28-2006 09:07 AM
Without redistributing connected addresses, the remote PEs and CEs will not have the routes for the WAN interfaces in their routing tables. Hence, normal pings from inside the CE router will not be successful. Though, pings sourcing from other addresses advertised will be successful.
Sometimes, rather than using the redistribute connected command, you could use the network command to inject the prefix into BGP.
With respect to using dynamic protocol, from laws of redistribution, the redistribution of connected networks should be required, but practically, it seems not to be so. Maybe someone else can throw more light on this.
02-28-2006 09:19 AM
Hello Frank,
"red connected" is needed for static and eBGP PE-CE protocol. The underlying reason is, that BGP does not include any network on its own. In case you have OSPF, ISIS, RIPv2 or EIGRP the connected links are included automatically.
Hope this helps! Great that you are happy now!
Regards, Martin
02-27-2006 05:58 AM
It is not required to have a P router. Having two PE connected directly to one another is perfectly acceptable.
Make sure CEF is enabled on both PE routers. Without CEF, everything will seem to be fine from the control plane standpoint (as you are experiencing) but will not work at the data plane level.
Hope this helps,
02-27-2006 07:36 AM
Hello,
also make sure to have labels for the PE BGP next hops. You can check the settings with:
show mpls ldp discovery
local LDP ID
192.168.1.1:0 !(should be PE loopback)
interface Ethernet0/0 (LDP): xmit/recv !(make sure thee protocol matches and the neighbor PE is seen)
192.168.1.2:0 (neighboring PE)
Interfaces and output might be different, but I hope you get the idea.
Next check for the existence of an LSP between the BGP next hops:
show mpls forwarding-table
local tag outgoing tag destination
1234 pop 192.168.1.2/32
and similar entries in the other PE. It is important to have "pop/imp-null" and not "untagged". In the latter case the VPN label would not be sent.
And finally "the truth": CEF, as Harold already pointed out.
show ip cef vrf Kunde1 1.1.1.1
... tags imposed {17}
should be there twice.
As a last hint: make sure the network between PE and CE is included in the BGP updates:
router bgp 65000
address-family ipv4 vrf Kunde1
redistribute connected
Hope this helps! Please rate all posts.
Regards, Martin
02-28-2006 04:45 AM
Thanks a lot for the detailed input.
I have checked my data plane configuration and have found following problem:
The "show tag-switching interfaces detail" stated:
Bern#sh tag-switching int detail
Interface Serial0/0:
IP tagging enabled
TSP Tunnel tagging not enabled
Tag Frame Relay Transport tagging not enabled
BGP tagging not enabled
Tagging operational
Fast Switching Vectors:
IP to Tag Fast Switching Vector
Tag Switching Turbo Vector
MTU = 1504
IP tagging is enabled but the TSP tunnel tagging is not enabled.
How can I enable the TSP (LDP) tunnel tagging? I cannot find any command about this. Maybe my LAb equipment doesn't support this.
All the other configuration steps are o.k..
It would be great for an additional hint. Thanks in advance.
Frank
02-28-2006 05:11 AM
Hello,
TSP tunnel tagging is refering to MPLS Traffic Engineering. And I think you didn´t configure it - it is not a prerequisite for MPLS L3VPN anyhow.
Can you post a "show ip route vrf ..." just to make sure, that all networks are there (source and destination IPs) to ping successfully.
Check please: "ping PE by each CE (Loopback)"; "Show ip route" on each CE. Maybe it is a pure IP problem (wrong IP, wrong mask, no redistribution).
Can you also post "show tag forwarding-table" and "show ip bgp vpnv4 all" plus "show ip bgp vpnv4 all 1.2.3.4" where 1.2.3.4 would be the network in the VRF on each PE.
Hope this helps! Please rate all posts.
Regards, Martin
02-28-2006 06:16 AM
Hi,
After reading some CCO pages, I found the usage for TSP (LDP) tunneling - MPLS-TE.
Of course, I can send some outputs from my configuration.
But before I will do this, I will check some of your comments.
One question: Is it really possible to ping the loopback interface of the PE router from the CE? You mean, a ping should be possibel form CE1 to loopback PE1 and loopback PE2?
This is not working! Is this still the problem? I can ping from CE1 to vrf PE1 and can ping from CE2 to vrf PE2.
Ping is also possible between PE1 loopback and PE2 loopback.
Frank
02-28-2006 06:32 AM
Hello,
The CEs will not be able to ping the PE Loopbacks, which are in the global IP routing table. You could configure a further Loopback into a VRF. But this is not needed for normal operation.
One of the charming parts of MPLS L3VPN is the separation of IP addresses - Customers are separate from SP core.
As you have PE-CE connectivity your problem is either control plane (IP routing) or data plane (label switching).
From an IP routing perspective: Do you get CE2 routes on CE1 and vice versa? What is your PE-CE routing protocol?
Regards, Martin
02-28-2006 06:38 AM
02-28-2006 07:04 AM
Hello,
there one problem: PE-CE IP addresses are not included into BGP.
router bgp 65000
address-family ip vrf CustomerA
redistribute connected !This is most likely missing
redistribute static
no synch
no auto-summary
Hope this helps! Please rate all posts.
Regards, Martin
02-28-2006 07:47 AM
Martin,
Thanks a lot. "All" my problems are solved. During the course "implementing Cisco MPLS", we didn't configure static PE CE routing and now I'll check the course material, whether there is an information about this command.
If I understood the redistribution correctly, for dynamic routing between CE PE there is no "redistribute connected command required, or is it necessary for every CE PE routing issue.
Thanks a lot. My configuration is running as I have expected. I hope that I can support you in the future.
Frank
02-28-2006 09:07 AM
Without redistributing connected addresses, the remote PEs and CEs will not have the routes for the WAN interfaces in their routing tables. Hence, normal pings from inside the CE router will not be successful. Though, pings sourcing from other addresses advertised will be successful.
Sometimes, rather than using the redistribute connected command, you could use the network command to inject the prefix into BGP.
With respect to using dynamic protocol, from laws of redistribution, the redistribution of connected networks should be required, but practically, it seems not to be so. Maybe someone else can throw more light on this.
02-28-2006 09:19 AM
Hello Frank,
"red connected" is needed for static and eBGP PE-CE protocol. The underlying reason is, that BGP does not include any network on its own. In case you have OSPF, ISIS, RIPv2 or EIGRP the connected links are included automatically.
Hope this helps! Great that you are happy now!
Regards, Martin
02-27-2006 07:38 AM
I strongly agree with Harold. You having the right routing table (control plane) does not mean everything will work on the data plane. Aside the CEF, confirm also that MPLS is enabled and that labels have been exchanged. Despite the fact that the PEs are directly connected, VPN labels are still exchanged.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide