02-16-2022 01:07 PM
Dear
I am implementing a topology of MPLS L3VPN where the connection between the PE and CE is through a GRE tunnel, but even though the tunnel establish, I have no communication between the two CE's through which the VRF passes.
VRF and OK routing, Top and second label OK, I have validated IP CEF, FEC MPLS, MPLS capabilities, but have not succeeded in solving this problem. I am using the Catalyst 3650 switch for PE and 2901 for CE, when I change the PE to a router rather than switch the problem does not occur and with the same configuration I can communication between CE-CE, would it be a limitation of mpls on cisco switches of this model? I've already updated iOS version too, and it didn't solve the problem. Has anyone ever faced a similar problem?
I saw in cisco documentation on MPLS over GRE that the examples given are for PE-PE, PE-P, and P-P. Would it be implied that PE-CE with GRE does not work?
02-16-2022 01:51 PM
PE have VRF for this CE,
are the tunnel in same VRF ? or only the source of tunnel are in same VRF?
02-16-2022 04:24 PM
Thanks for the answer,
I configured the tunnel in the same VRF using the tunnel vrf vrfname command. The GRE Tunnel is UP, I even went up a /30 network on the tunnel interface and I have communication on that network.
The PE I use is a Catalyst 3650 Switch, I can perform exactly the same configuration on a Cisco router instead of a Switch and replace the PE with this router and it works perfectly, without any problem.
I did a SPAN on the PE and analyzed with Wireshark the traffic received on the CE-PE interface and I see that the ICMP request made on the CE to CE is seen on the interface, but shows "no response found!". When I analize the interface between PE-P (where the request should be forwarded) we don't see the ICMP Request forwarded.
When replacing the catalyst 3650 switch with the 2901 router and doing the same SPAN, we see the ICMP request being received on the CE-PE interface and forwarded on the PE-P interface. My question is: Is there any limitation that justifies the same configuration working on the router, but not on the switch?
I'll try to draw the topology to make it easier to understand.
02-16-2022 05:12 PM
Many months ago I see same issue, the issue that the SW not support GRE or it have some issue with GRE tunnel so even the tunnel up it not work properly.
02-16-2022 05:56 PM
And what did you do? Replace the equipment with a more current one? I'm considering this option because changing the topology and removing L3VPN from the Switch will be complicated for me.
02-17-2022 10:51 AM
Support is available for Virtual Routing and Forwarding-aware tunnels. However the tunnel vrf <vrf_name> command is not supported.Thisalsomeansthattunnelsourceand egress interface of GRE packets are in global VRF.
I see same issue not in real but in cisco community, please read the above doc. from cisco and the limitation for GRE tunnel.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide