06-07-2008 03:17 PM
I have two PE routers connected to each other through a P router. The three are running eigrp and mpls. A MP-BGP session is run between the two PE routers, with OSPF running between the PE and CE routers. I am receiving ospf routes just fine over the MPLS-VPN, how any traffic that is sent is being dropped on the closest PE router. I'm assuming when traffic is arriving for another VPN site, the PE router doesnt know how to route the traffic.
Here is some relevent info.
PE-102
ip vrf test
rd 1:10
route-target export 100:10
route-target import 100:10
ip cef
!
!
!
interface Ethernet0/0
no ip address
shutdown
!
interface Serial1/0
ip vrf forwarding test
ip address 192.168.1.2 255.255.255.0
no fair-queue
!
interface Serial2/0
ip address 192.168.2.1 255.255.255.0
tag-switching ip
!
interface Serial3/0
no ip address
!
router eigrp 1
redistribute connected
network 192.168.1.0
network 192.168.2.0
no auto-summary
no eigrp log-neighbor-changes
!
router ospf 1 vrf test
log-adjacency-changes
redistribute bgp 1 metric 20 subnets
network 192.168.1.0 0.0.0.255 area 0
!
router bgp 1
no synchronization
no bgp default ipv4-unicast
bgp log-neighbor-changes
network 192.168.1.0
network 192.168.2.0
neighbor 192.168.3.2 remote-as 1
neighbor 192.168.3.2 activate
no auto-summary
!
address-family ipv4 vrf test
redistribute ospf 1 match internal external 1 external 2
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 192.168.3.2 activate
neighbor 192.168.3.2 send-community extended
no auto-summary
exit-address-family
PE 104
ip vrf test
rd 1:10
route-target export 100:10
route-target import 100:10
ip cef
!
!
!
interface Ethernet0/0
no ip address
shutdown
!
interface Serial1/0
ip address 192.168.3.2 255.255.255.0
tag-switching ip
no fair-queue
!
interface Serial2/0
ip vrf forwarding test
ip address 192.168.4.1 255.255.255.0
!
interface Serial3/0
ip vrf forwarding test
ip address 192.168.8.1 255.255.255.0
!
router eigrp 1
redistribute connected
network 192.168.3.0
network 192.168.4.0
network 192.168.8.0
no auto-summary
no eigrp log-neighbor-changes
!
router ospf 1 vrf test
log-adjacency-changes
redistribute bgp 1 metric 20 subnets
network 192.168.4.0 0.0.0.255 area 0
network 192.168.8.0 0.0.0.255 area 0
!
router bgp 1
no synchronization
no bgp default ipv4-unicast
bgp log-neighbor-changes
network 192.168.3.0
network 192.168.4.0
network 192.168.8.0
neighbor 192.168.2.1 remote-as 1
neighbor 192.168.2.1 activate
no auto-summary
!
address-family ipv4 vrf test
redistribute ospf 1 match internal external 1 external 2
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 192.168.2.1 activate
neighbor 192.168.2.1 send-community extended
no auto-summary
exit-address-family
102#show ip route vrf test
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
B 192.168.8.0/24 [200/0] via 192.168.3.2, 00:01:58
B 192.168.6.0/24 [200/128] via 192.168.3.2, 00:01:58
B 192.168.7.0/24 [200/128] via 192.168.3.2, 00:01:58
O IA 192.168.16.0/24 [110/128] via 192.168.1.1, 00:02:24, Serial1/0
C 192.168.1.0/24 is directly connected, Serial1/0
06-07-2008 05:13 PM
I figured out my issue. The next hop for all vpn/mpls routes was the directly connected interface between the P and PE router (the neighbor command was pointing to the direct serial int, not the loopback). Therefore, the P router was POPing the tag because of Penultimate Hopping, and trying to do a lookup on the vpn label. Since the P router has no clue about how to route the vpn label, it was dropping the packet. So I recreated the BGP sessions pointing to their loopback addresses and things worked fine.
So my question is now, is there a way to overcome this without using loopback interfaces. I know loopback interfaces are recommended for bgp anyways to provide reliability, but it seems that if this were a unspoken requirement for MPLS/VPN, then it would be more well known.
06-08-2008 06:55 AM
Hi,
If next hop for MPBGP routes is the directly connected interface for P router, the P router who will be responsible for distributing ldp label for this subnet so the tag POPing will happen on the ingress PE router so you need next hop with ldp label has been distributed the egress PE router.
Regards,W.Amer
06-08-2008 11:33 AM
I had the exact same issue and was also surprised that it wasn't as well known as you would think it should be. Perhaps were just looking in the wrong places :-)
See this previous thread which was when i asked pretty much the same thing. There is a suggestion in the last post of the thread of a different way to do things but i never got around to trying it out. Harold Ritter who originally answered the question is very experienced in all things MPLS.
Oh and please try to ignore that fact i keep referring to penultimate pop hopping rather than what it should be which is penultimate hop popping - seem to have a bit of a block with this !
Jon
06-08-2008 11:45 AM
Hi Jon,
Sure it is very useful memories.
Regards,W.Amer
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: