Solved: VPLS over GRE Tunnel - Page 2

NUSFETLEN · ‎06-25-2023

I have created the below network setup, trying to get VPLS running over GRE P-P tunnel. The GRE Tunnel is Up. MPLS seems working OK, I can ping from 172.16.18.0 to 172.16.160.0. However, VPLS comes Up (VC is Up) but doesn't forward traffic between sites withing VLAN 14 and VLAN 97. The "sh mpls forwarding" shows no outgoing interface for vfi 14 and vfi 97.

Do I miss anything in the config?

NUSFETLEN · ‎06-27-2023

Tharpe-DSW#sh run
!
pseudowire-class vpls14
encapsulation mpls
!
l2 vfi 14 manual
vpn id 14
neighbor 10.2.1.1 pw-class vpls14
!
l2 vfi SP manual
vpn id 97
neighbor 10.2.1.1 pw-class vpls14
!
interface Loopback0
ip address 10.1.1.1 255.255.255.255
ip ospf 1 area 0
!
interface Tunnel100
ip address 10.10.1.2 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1360
ip ospf network point-to-point
ip ospf 1 area 0
mpls ip
tunnel source 172.26.1.2
tunnel destination 172.25.1.2
!
interface GigabitEthernet2
ip address 172.26.1.2 255.255.255.252
!
interface g1.14
xconnect vfi 14
!
interface g1.97
xconnect vfi SP
!
ip route 0.0.0.0 0.0.0.0 172.26.1.1

TLH-DSW#sh run
!
pseudowire-class vpls14
encapsulation mpls
!
l2 vfi 14 manual
vpn id 14
neighbor 10.1.1.1 pw-class vpls14
!
l2 vfi SP manual
vpn id 97
neighbor 10.1.1.1 pw-class vpls14
!
interface Loopback0
ip address 10.2.1.1 255.255.255.255
ip ospf 1 area 0
!
interface Tunnel100
ip address 10.10.1.1 255.255.255.252
ip mtu 1400
ip tcp adjust-mss 1360
ip ospf network point-to-point
ip ospf 1 area 0
mpls ip
tunnel source g2
tunnel destination 172.26.1.2
!
interface GigabitEthernet2
ip address 172.25.1.2 255.255.255.0
!
interface g1.14
no ip address
xconnect vfi 14
!
interface g1.97
no ip address
xconnect vfi SP
!
ip route 0.0.0.0 0.0.0.0 172.25.1.1

MHM Cisco World · ‎06-27-2023

This config make sense'

Sorry last thing if you disable gre tunnel ca vpls still work?

Neighbor under l2 vfi use different IP than gre tunnel ip'

So we dont need to specify router-id under l2vpn.

Just want to check

Thanks

MHM

Harold Ritter · ‎06-26-2023

Hi @NUSFETLEN ,

Thanks for the additional information. Can you provide the output for the following commands from both routers:

show mpls ldl dis

show mpls ldp neighbor

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

NUSFETLEN · ‎06-26-2023

sh mpls ldp dis
Local LDP Identifier:
10.2.1.1:0
Discovery Sources:
Interfaces:
Tunnel100 (ldp): xmit/recv
LDP Id: 10.1.1.1:0
Targeted Hellos:
10.2.1.1 -> 10.1.1.1 (ldp): active/passive, xmit/recv
LDP Id: 10.1.1.1:0

sh mpls ldp neighbor
Peer LDP Ident: 10.1.1.1:0; Local LDP Ident 10.2.1.1:0
TCP connection: 10.1.1.1.646 - 10.2.1.1.35472
State: Oper; Msgs sent/rcvd: 17/13; Downstream
Up time: 00:01:28
LDP discovery sources:
Tunnel100, Src IP addr: 10.10.1.2
Targeted Hello 10.2.1.1 -> 10.1.1.1, active, passive
Addresses bound to peer LDP Ident:
10.1.1.1 172.26.1.2 172.16.160.20 10.10.1.2

sh ip ospf nei

Neighbor ID Pri State Dead Time Address Interface
10.1.1.1 0 FULL/ - 00:00:32 10.10.1.2 Tunnel100

sh mpls for
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 No Label l2ckt(97) 0 none point2point
18 Pop Label 172.16.160.0/24 0 Tu100 point2point
19 Pop Label 10.1.1.1/32 0 Tu100 point2point
20 No Label l2ckt(14) 0 none point2point

Harold Ritter · ‎06-26-2023

Hi @NUSFETLEN ,

It looks better now as you have "Pop Label" rather than "No Label" for the facing lo0 address. Is it still not working?

If so, can you provide the output for "sh mpls l2 vc det" from both sides.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

NUSFETLEN · ‎06-26-2023

TLH-DSW#sh mpls l2 vc

Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
VFI 14 VFI 10.1.1.1 14 UP
VFI SP VFI 10.1.1.1 97 UP
TLH-DSW#
TLH-DSW#
TLH-DSW#sh mpls l2 vc det
Local interface: VFI 14 VFI up
Interworking type is Ethernet
Destination address: 10.1.1.1, VC ID: 14, VC status: up
Output interface: Tu100, imposed label stack {24}
Preferred path: not configured
Default path: active
Next hop: point2point
Create time: 01:01:39, last status change time: 00:01:23
Signaling protocol: LDP, peer 10.1.1.1:0 up
Targeted Hello: 10.2.1.1(LDP Id) -> 10.1.1.1
Status TLV support (local/remote) : enabled/not supported
Label/status state machine : established, LruRru
Last local dataplane status rcvd: no fault
Last local SSS circuit status rcvd: no fault
Last local SSS circuit status sent: no fault
Last local LDP TLV status sent: no fault
Last remote LDP TLV status rcvd: not sent
MPLS VC labels: local 20, remote 24
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 0, send 0
byte totals: receive 0, send 0
packet drops: receive 0, send 0

Local interface: VFI SP VFI up
Interworking type is Ethernet
Destination address: 10.1.1.1, VC ID: 97, VC status: up
Output interface: Tu100, imposed label stack {23}
Preferred path: not configured
Default path: active
Next hop: point2point
Create time: 01:01:39, last status change time: 00:01:23
Signaling protocol: LDP, peer 10.1.1.1:0 up
Targeted Hello: 10.2.1.1(LDP Id) -> 10.1.1.1
Status TLV support (local/remote) : enabled/not supported
Label/status state machine : established, LruRru
Last local dataplane status rcvd: no fault
Last local SSS circuit status rcvd: no fault
Last local SSS circuit status sent: no fault
Last local LDP TLV status sent: no fault
Last remote LDP TLV status rcvd: not sent
MPLS VC labels: local 24, remote 23
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 0, send 0
byte totals: receive 0, send 0
packet drops: receive 0, send 0

NUSFETLEN · ‎06-26-2023

Sorry, I've send you only one side. Let me send both sides now:

NUSFETLEN · ‎06-29-2023

I've finally ended up with the below setup and deployed it on the real hardware (C1111-8P router). I've used L2TP instead of VPLS. For some reason the hardware doesn't allow STP BPDU through VPLS, however, it does allow STP BPDU through L2TP. I need this L2VPN as a redundant connection for the Dark Fiber we have between these two sites. So, if STP BPDU is not allowed through L2VPN it might be a potential for traffic loop. If you have any ideas to overcome this hardware limitation it would be very helpful, cause i prefer to have VPLS as L2VPN.

MHM Cisco World · ‎06-30-2023

MHM Cisco World · ‎07-01-2023

Note' this work fine if SP is IP core

If SP mpls core' I search for solutions to separate the label exchange via gre tunnel than label exchange with SP.

We use gre for ldp signalling here.

NUSFETLEN · ‎07-02-2023

As I mentioned in my latest post, I setup L2TPv3 based P-t-P tunnel (L2TPv3 over MPLS/GRE; I'm still using MPLS/GRE hoping to implement VPLS finally) instead of VPLS because the second one doesn't allow STP BPDU to go through. Do you know a way to set VPLS to allow STP BPDU to go through? Does it depend on the hardware used (C1111-8P router)? When I try to permit STP BPDU I get a warning error.

MHM Cisco World · ‎07-02-2023

if you have only two site you need to L2 connect over GRE/L2tpv3 or GRE/MPLS why you want VPLS ?
it two sites two points VPWS is OK
if you wan to run VPLS, please share last config that not work for you let me double check it.

NUSFETLEN · ‎07-02-2023

I consider VPLS because we have more than two sites. The VPLS config is below:

MHM Cisco World · ‎07-02-2023

Freind from my first looking this is not VPLS, it is VPWS
you right config VPLS vfi manual but you dont add neighbor under the vfi.
it is VPWS you config xconnect under each interface.
for STP BPDU I will check how you can allow it under pw-class

NUSFETLEN · ‎07-02-2023

I'm very sorry, I've uploaded the wrong config. The below is the correct one. The VPLS allows HSRP to go through but not STP. When I try allow STP under VFI I get this:

TLH-DSW(config-vfi)#forward permit l2protocol all
% % Command rejected - BPDU pseudowire config not allowed