cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
562
Views
0
Helpful
4
Replies

VPN communication

tsmarcyes
Level 1
Level 1

I have two PE routers connected to each other through a P router. The three are running eigrp and mpls. A MP-BGP session is run between the two PE routers, with OSPF running between the PE and CE routers. I am receiving ospf routes just fine over the MPLS-VPN, how any traffic that is sent is being dropped on the closest PE router. I'm assuming when traffic is arriving for another VPN site, the PE router doesnt know how to route the traffic.

Here is some relevent info.

PE-102

ip vrf test

rd 1:10

route-target export 100:10

route-target import 100:10

ip cef

!

!

!

interface Ethernet0/0

no ip address

shutdown

!

interface Serial1/0

ip vrf forwarding test

ip address 192.168.1.2 255.255.255.0

no fair-queue

!

interface Serial2/0

ip address 192.168.2.1 255.255.255.0

tag-switching ip

!

interface Serial3/0

no ip address

!

router eigrp 1

redistribute connected

network 192.168.1.0

network 192.168.2.0

no auto-summary

no eigrp log-neighbor-changes

!

router ospf 1 vrf test

log-adjacency-changes

redistribute bgp 1 metric 20 subnets

network 192.168.1.0 0.0.0.255 area 0

!

router bgp 1

no synchronization

no bgp default ipv4-unicast

bgp log-neighbor-changes

network 192.168.1.0

network 192.168.2.0

neighbor 192.168.3.2 remote-as 1

neighbor 192.168.3.2 activate

no auto-summary

!

address-family ipv4 vrf test

redistribute ospf 1 match internal external 1 external 2

no auto-summary

no synchronization

exit-address-family

!

address-family vpnv4

neighbor 192.168.3.2 activate

neighbor 192.168.3.2 send-community extended

no auto-summary

exit-address-family

PE 104

ip vrf test

rd 1:10

route-target export 100:10

route-target import 100:10

ip cef

!

!

!

interface Ethernet0/0

no ip address

shutdown

!

interface Serial1/0

ip address 192.168.3.2 255.255.255.0

tag-switching ip

no fair-queue

!

interface Serial2/0

ip vrf forwarding test

ip address 192.168.4.1 255.255.255.0

!

interface Serial3/0

ip vrf forwarding test

ip address 192.168.8.1 255.255.255.0

!

router eigrp 1

redistribute connected

network 192.168.3.0

network 192.168.4.0

network 192.168.8.0

no auto-summary

no eigrp log-neighbor-changes

!

router ospf 1 vrf test

log-adjacency-changes

redistribute bgp 1 metric 20 subnets

network 192.168.4.0 0.0.0.255 area 0

network 192.168.8.0 0.0.0.255 area 0

!

router bgp 1

no synchronization

no bgp default ipv4-unicast

bgp log-neighbor-changes

network 192.168.3.0

network 192.168.4.0

network 192.168.8.0

neighbor 192.168.2.1 remote-as 1

neighbor 192.168.2.1 activate

no auto-summary

!

address-family ipv4 vrf test

redistribute ospf 1 match internal external 1 external 2

no auto-summary

no synchronization

exit-address-family

!

address-family vpnv4

neighbor 192.168.2.1 activate

neighbor 192.168.2.1 send-community extended

no auto-summary

exit-address-family

102#show ip route vrf test

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is not set

B 192.168.8.0/24 [200/0] via 192.168.3.2, 00:01:58

B 192.168.6.0/24 [200/128] via 192.168.3.2, 00:01:58

B 192.168.7.0/24 [200/128] via 192.168.3.2, 00:01:58

O IA 192.168.16.0/24 [110/128] via 192.168.1.1, 00:02:24, Serial1/0

C 192.168.1.0/24 is directly connected, Serial1/0

4 Replies 4

tsmarcyes
Level 1
Level 1

I figured out my issue. The next hop for all vpn/mpls routes was the directly connected interface between the P and PE router (the neighbor command was pointing to the direct serial int, not the loopback). Therefore, the P router was POPing the tag because of Penultimate Hopping, and trying to do a lookup on the vpn label. Since the P router has no clue about how to route the vpn label, it was dropping the packet. So I recreated the BGP sessions pointing to their loopback addresses and things worked fine.

So my question is now, is there a way to overcome this without using loopback interfaces. I know loopback interfaces are recommended for bgp anyways to provide reliability, but it seems that if this were a unspoken requirement for MPLS/VPN, then it would be more well known.

Hi,

If next hop for MPBGP routes is the directly connected interface for P router, the P router who will be responsible for distributing ldp label for this subnet so the tag POPing will happen on the ingress PE router so you need next hop with ldp label has been distributed the egress PE router.

Regards,W.Amer

I had the exact same issue and was also surprised that it wasn't as well known as you would think it should be. Perhaps were just looking in the wrong places :-)

See this previous thread which was when i asked pretty much the same thing. There is a suggestion in the last post of the thread of a different way to do things but i never got around to trying it out. Harold Ritter who originally answered the question is very experienced in all things MPLS.

Oh and please try to ignore that fact i keep referring to penultimate pop hopping rather than what it should be which is penultimate hop popping - seem to have a bit of a block with this !

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Service%20Providers&topic=MPLS&topicID=.ee8558c&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cbe8a76/0#selected_message

Jon

Hi Jon,

Sure it is very useful memories.

Regards,W.Amer

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: