cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
751
Views
25
Helpful
5
Replies

PE-CE over Tunnel GRE

lelisguilherme
Level 1
Level 1

Dear

 

I am implementing a topology of MPLS L3VPN where the connection between the PE and CE is through a GRE tunnel, but even though the tunnel establish, I have no communication between the two CE's through which the VRF passes.

 

VRF and OK routing, Top and second label OK, I have validated IP CEF, FEC MPLS, MPLS capabilities, but have not succeeded in solving this problem. I am using the Catalyst 3650 switch for PE and 2901 for CE, when I change the PE to a router rather than switch the problem does not occur and with the same configuration I can communication between CE-CE, would it be a limitation of mpls on cisco switches of this model? I've already updated iOS version too, and it didn't solve the problem. Has anyone ever faced a similar problem?

 

I saw in cisco documentation on MPLS over GRE that the examples given are for PE-PE, PE-P, and P-P. Would it be implied that PE-CE with GRE does not work?

5 Replies 5

PE have VRF for this CE, 
are the tunnel in same VRF ? or only the source of tunnel are in same VRF?

Thanks for the answer,

 

I configured the tunnel in the same VRF using the tunnel vrf vrfname command. The GRE Tunnel is UP, I even went up a /30 network on the tunnel interface and I have communication on that network.

The PE I use is a Catalyst 3650 Switch, I can perform exactly the same configuration on a Cisco router instead of a Switch and replace the PE with this router and it works perfectly, without any problem.

I did a SPAN on the PE and analyzed with Wireshark the traffic received on the CE-PE interface and I see that the ICMP request made on the CE to CE is seen on the interface, but shows "no response found!". When I analize the interface between PE-P (where the request should be forwarded) we don't see the ICMP Request forwarded.


When replacing the catalyst 3650 switch with the 2901 router and doing the same SPAN, we see the ICMP request being received on the CE-PE interface and forwarded on the PE-P interface. My question is: Is there any limitation that justifies the same configuration working on the router, but not on the switch?

I'll try to draw the topology to make it easier to understand.

Many months ago I see same issue, the issue that the SW not support GRE or it have some issue with GRE tunnel so even the tunnel up it not work properly.

And what did you do? Replace the equipment with a more current one? I'm considering this option because changing the topology and removing L3VPN from the Switch will be complicated for me.

Support is available for Virtual Routing and Forwarding-aware tunnels. However the tunnel vrf <vrf_name> command is not supported.Thisalsomeansthattunnelsourceand egress interface of GRE packets are in global VRF.

 

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/catalyst3850/software/release/16-1/workflows/gre-feature-guide.pdf

 

I see same issue not in real but in cisco community, please read the above doc. from cisco and the limitation for GRE tunnel.