Solved: Re: VPLS over GRE Tunnel

NUSFETLEN · ‎06-25-2023

I have created the below network setup, trying to get VPLS running over GRE P-P tunnel. The GRE Tunnel is Up. MPLS seems working OK, I can ping from 172.16.18.0 to 172.16.160.0. However, VPLS comes Up (VC is Up) but doesn't forward traffic between sites withing VLAN 14 and VLAN 97. The "sh mpls forwarding" shows no outgoing interface for vfi 14 and vfi 97.

Do I miss anything in the config?

Ramblin Tech · ‎06-26-2023

IIRC, CSR1Kv has a functioning L2VPN data plane; I am doubtful that IOSvL2 does. I believe IOSvL2 was created many years ago to support "switchport" bridging configurations, back when IOU/IOL images did not.

As for your question "If it doesn't support VPLS, why does it allow the commands?", that question has been frustrating many people, inside and outside of Cisco, for quite some time. Many platforms have IOS parsers that accept unsupported commands, with the lack of support coming from either no devtest program to insure that the command functions properly, or that there is not all of the necessary hw/sw infrastructure implemented on the platform to provide any support at all. At best, the unsupported commands are documented somewhere for the platform, but typically the answer will come back from the BE/BU that if the command is not explicitly in the PD docs for that platform, then it is unsupported. The gotcha here is that there may not be any docs for IOSvL2 at all.

Disclaimer: I am long in CSCO

View solution in original post

Harold Ritter · ‎06-26-2023

Hi @NUSFETLEN ,

It is often the case with devices supported in CML, ads they are virtual devices. These virtual devices will often support a given feature at the control plane level, but don't support it at the data plane level, as this is normally implemented in HW at the line card level on the physical device.

BTW, your scenario should work on CSR1000v with small modifications.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

NUSFETLEN · ‎06-26-2023

I've changed IOSvL2 to CSR1000v. Now it is working perfect. Thanks

View solution in original post

NUSFETLEN · ‎06-29-2023

I've finally ended up with the below setup and deployed it on the real hardware (C1111-8P router). I've used L2TP instead of VPLS. For some reason the hardware doesn't allow STP BPDU through VPLS, however, it does allow STP BPDU through L2TP. I need this L2VPN as a redundant connection for the Dark Fiber we have between these two sites. So, if STP BPDU is not allowed through L2VPN it might be a potential for traffic loop. If you have any ideas to overcome this hardware limitation it would be very helpful, cause i prefer to have VPLS as L2VPN.

View solution in original post

Harold Ritter · ‎06-25-2023

Hi @NUSFETLEN ,

What are the 2 routers terminating the tunnel interface?

A few things I would recommend changing:

1. Use Lo0 address as the neighbor address for both VFIs.

2. Advertise the lo0 interface in OSPF so it reachable from the other side.

4. Make sure the loopback interface address from the other side is received both from OSPF and LDP (show mpls ldp binding).

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

NUSFETLEN · ‎06-25-2023

Hi Harold,

The routers I consider is ISR1100, but I'm trying this setup in CML for now.

I've modified the setup as you suggested but with no luck, unfortunately. Kindly take a look at the below setup and show commands output. Perhaps I'm still missing something.

MHM Cisco World · ‎06-26-2023

l2vpn xconnect context MHM

member GigabitEthernet1 service-instance xx

member pseudowirexx x.x.x.x YY encapsulation mpls

this way config VPWS in IOS XE I think your command before is wrong,
first try direct connection then try using GRE tunnel

Why I suggest vpws because you have only one peer you dont have multi peers so that you need vpls

NUSFETLEN · ‎06-26-2023

The command you are referring to belongs to VPWS. I need to setup VPLS over GRE which is not working so far. I may need to try your command if I fail to get VPLS operational. L2VPN is working fine on this network connection over IP, but I need to extend L2 to the remote site over VPLS/GRE.

NUSFETLEN · ‎06-26-2023

I've made a direct connection like below (the dashed line), however, it is still not running. So, probably CML doesn't support it (assuming the config is correct). As Cisco states there should be three separate steps of how the router processes VPLS/GRE: 1) Encapsulate Ethernet into VPLS/MPLS; 2) Encapsulate VPLS/MPLS into GRE; 3) Encapsulate VPLS/MPLS/GRE into new Ethernet.

Harold Ritter · ‎06-26-2023

Hi @NUSFETLEN ,

I missed the fact that you are running this in CML. What device do you use in CML for the tunnel endpoints? It is possible that it is not supported indeed.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

NUSFETLEN · ‎06-26-2023

I'm using IOSvL2. If it doesn't support VPLS, why does it allow the commands? Perhaps the real boxes would allow the VPLS to run, so VPLS needs the real equipment.

Ramblin Tech · ‎06-26-2023

IIRC, CSR1Kv has a functioning L2VPN data plane; I am doubtful that IOSvL2 does. I believe IOSvL2 was created many years ago to support "switchport" bridging configurations, back when IOU/IOL images did not.

As for your question "If it doesn't support VPLS, why does it allow the commands?", that question has been frustrating many people, inside and outside of Cisco, for quite some time. Many platforms have IOS parsers that accept unsupported commands, with the lack of support coming from either no devtest program to insure that the command functions properly, or that there is not all of the necessary hw/sw infrastructure implemented on the platform to provide any support at all. At best, the unsupported commands are documented somewhere for the platform, but typically the answer will come back from the BE/BU that if the command is not explicitly in the PD docs for that platform, then it is unsupported. The gotcha here is that there may not be any docs for IOSvL2 at all.

Disclaimer: I am long in CSCO

Harold Ritter · ‎06-26-2023

Hi @NUSFETLEN ,

It is often the case with devices supported in CML, ads they are virtual devices. These virtual devices will often support a given feature at the control plane level, but don't support it at the data plane level, as this is normally implemented in HW at the line card level on the physical device.

BTW, your scenario should work on CSR1000v with small modifications.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

NUSFETLEN · ‎06-26-2023

which small modifications?

Harold Ritter · ‎06-27-2023

Hi @NUSFETLEN ,

Your new configuration works well for point to point configuration. You could do VPLS instead as in your original configuration. You would need the following:

interface GigabitEthernet1

service instance 14 ethernet

encapsulation dot1q 14

bridge-domain 14

!

service instance 97 ethernet

encapsulation dot1q 97

bridge-domain 97

!

l2 vfi 14 manual

vpn id 14

bridge-domain 14

neighbor 10.2.1.1 encapsulation mpls

l2 vfi SP manual

vpn id 97

bridge-domain 97

neighbor 10.2.1.1 encapsulation mpls

This would be helpful if you need to add additional sites to the mix.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

NUSFETLEN · ‎06-26-2023

I've changed IOSvL2 to CSR1000v. Now it is working perfect. Thanks

NUSFETLEN · ‎06-26-2023

The below is the final operational configuration. VPLS allows HSRP and Ethernet traffic, except STP BPDU.

MHM Cisco World · ‎06-27-2023

Can you share config'

The config you share before not work' I alreay run lab gns3 csr1000 but under vlan there is no vfi.

Can you share config I need to take look