cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2140
Views
0
Helpful
25
Replies

MPLS - Basic question about CE's

louis0001
Level 3
Level 3

This is a very simple question so don't laugh!

We have 10 837's that are about to migrate to an MPLS network.

We will be using BT Clear IP for the ADSL.

I realise that there isn't much to setup on our CE routers apart from adding static routes.

Our internal address range for one of our routers (SITE A) is 10.10.1.0/24.

BT (our MPLS provider) have provided:

PE Router IP: 81.141.*.*
Routing Type : STATIC Loop Back IP Address: 192.168.100.1

Address Prefix: 192.168.100.1

Mask: 255.255.255.255

So if I put 192.168.100.1 as the static IP for the WAN interface or create a eg loopback0 interface?

The 837 doesn't like the /32 mask either so it's proving to be a bit of a pain to get it going.

I would have thought it would of went something like:

SITE A:

WAN IP = 192.168.100.1/32

LAN IP = 10.10.1.0/24

SITE B

WAN IP = 192.168.100.5/32

LAN IP 10.10.2.0/24

STATIC ROUTES:

SITE A

ip route 10.10.2.0/24 via 192.168.100.5

SITE B

ip route 10.10.1.0/24 via 192.168.100.1

I can actually ping SITE B's external interface from SITE A's LAN and vice versa.

But I can't seem to go from LAN to LAN.

Any ideas would be apreciated.

Apologies for the basic question......

25 Replies 25

Hi, I'm a little closer now.

Believe it or not, I wasn't given the full details on the spreadsheet and the column with AS numbers was missing.

Now that I have that, I have BGP working on it and the ip routing table is showing lots of ip routes.

The only issue I have now is that although I can reach destinations from the router itself eg ping 10.10.1.1 etc, I can't seem to do it from the LAN.

I've tried NAT, no NAT etc and it still doesn't go. The clients on the LAN are picking up an dhcp lease and can ping the router. They can't however, ping the beyond that.

Config is below..... I'm sure I'm missing something simple:

!This is the running config of the router: 10.10.1.1

!----------------------------------------------------------------------------

!version 12.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router1

!

boot-start-marker

boot-end-marker

!

enable secret 5 XXXXXXXXXXXX

!

username XXXXXXXX privilege 15 password 0 XXXXXXXXXXXXXXX

no aaa new-model

ip subnet-zero

!

!

!

ip dhcp pool SITE_A_CLIENTS

   network 10.10.1.0 255.255.255.0

   default-router 10.10.1.1

   dns-server 10.10.1.10 10.10.1.11

!

!

ip domain name XXXXXXXX.local

ip cef

ip ids po max-events 100

ip ssh version 1

no ftp-server write-enable

!

!

!

!

!

!

!

interface Loopback0

ip address 192.168.100.1 255.255.255.255

!

interface Ethernet0

ip address 10.10.1.1 255.255.255.0

hold-queue 100 out

!

interface Ethernet2

no ip address

shutdown

hold-queue 100 out

!

interface ATM0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

pvc 0/38

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

!

!

interface FastEthernet1

no ip address

duplex auto

speed auto

!

interface FastEthernet2

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet3

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet4

no ip address

shutdown

duplex auto

speed auto

!

interface Dialer0

ip unnumbered Loopback0

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname XXXXXXXXXXX@adslconnect.bt.com

ppp chap password 0 XXXXXXXXXX

ppp pap sent-username XXXXXXXXXX@adslconnect.bt.com password 0 XXXXXXXXXXX

!

router bgp 55010

no synchronization

bgp log-neighbor-changes

network 10.10.1.0

neighbor xxx.xxx.xxx.xxx remote-as 2856

no auto-summary

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

!

no ip http server

no ip http secure-server

!

!

dialer-list 1 protocol ip permit

!

!

control-plane

!

!

line con 0

no modem enable

transport preferred all

transport output all

line aux 0

transport preferred all

transport output all

line vty 0 4

access-class 1 in

exec-timeout 60 0

privilege level 15

password XXXXXXX

login local

transport preferred ssh

transport input ssh

transport output all

!

scheduler max-task-time 5000

end

mfurnival wrote:

Yes, it is possible that the ISP is adding the routes to your VRF via RADIUS attributes when you authenticate your PPP session. Have you been asked to provide your LAN subnets to BT for each site?

Most of the sites are IP Connect Plus and only ask for a loopback.

However, there are 2 sites that use "ADSL max" and they have asked for the LAN ip range of those sites as well as the loopback.

Sounds like you are nearly there.

Forget about NAT - you don't need it in this setup.

Can you post a:

"show ip route"

"show ip bgp"

"show ip bgp summary"

What address are you trying to ping from the LAN clients?

I'm trying to ping another LAN that is on the mpls network and is definetely working.

Ping from ROUTER of SITE A:

10.10.1.1 = OK (LAN side of SITE A)

192.168.100.1 = OK (loopback address & ip unnumbered address of ADSL)

81.141.*.* = OK (PE Router and next hop)

192.168.100.12 = OK (ip address of ROUTER on SITE B)

10.10.12.1 = OK (LAN side of SITE B)

So it looks ok.

Ping from LAPTOP on LAN of SITE A:

10.10.1.1 = OK (LAN side of SITE A)

192.168.100.1 = OK (loopback address & ip unnumbered address of ADSL)

ALL other pings externally FAIL (can't even ping PE Router)

Could it be that the other sites don't know how to get back to 10.10.1.0/24?

Yes, I suspect that is the case.

Under BGP you have a statement:

network 10.10.1.0

You would normally add a network mask to this as BGP will only advertise a network into BGP when it has the matching route in its routing table. You can try changing it to:

network 10.10.1.0 netmask 255.255.255.0

Or (preferably) I would just do "redistribute connected" under BGP.

Hi all,

sorry been away for a while. Just to let you know, we now have success.

So for anybody in the future who comes across this, our main sticking points with this were:

1. Not given the full details ie the AS#

2. Loopbacks have to be configured on ADSL as they generally have a /32 and use ip unnumbered loopback0

3. Our core network routes needed changing to be able to reply back to the router's lan

4. Due to using loopbacks, use "neighbor xxx.xxx.xxx.xxx update-source loopback" to force BGP to use the loopback address

And the one that really had me going was:

"neighbor xxx.xxx.xxx.xxx disable-connected-check" which was strange because i didn't need it with the first router which used the same model and firmware.

So config ended up like:

router bgp 55010

no synchronization

bgp log-neighbor-changes

network 10.10.1.0 mask 255.255.255.0

neighbor xxx.xxx.xxx.xxx remote-as 2856

neighbor xxx.xxx.xxx.xxx update-source loopback0

neighbor xxx.xxx.xxx.xxx disable-connected-check

redistribute connected

no auto-summary

So all in all, we are there and thank you to everyone who contributed and offered assistance in this thread.

Correct answer has to go to mfurnival as he's been extremely helpful.

Thank you.

Glad you got it working louis - I have never come across that "disable-connected-check" command before so I have learnt something new this morning.

Just another quick question on here as I've been asked this and I honestly don't know the answer.

Can you use any old router as a CE Router.

For the above connections, our MPLS provider gave us AS# and only asked for loopbacks to be specified and the only way we could get this to work was by configuring BGP.

We also have a couple of other ADSL connections where our provider has asked us to provide a loopback AND a lan subnet. They haven't supplied AS#'s for these connections.

So to me, it looks like the provider is going to populate the routing table with the Lan's on these connections so any old router could be used.

Whereas with the connections where they haven't asked for the lan subnet and provided us with AS#'s, we can only use BGP to populate the routing table? Or can static routes be used here?

I am a bit confused about what you are asking here. Let me try and explain.

Any Cisco router can use a loopback address - the use of loopbacks is mainly for administration purposes and allows you to have a hardware independent interface that can be used for management or sourcing control plane traffic.

The ability to run BGP is dependent on the IOS feature set you are running on the router rather than the router model.

In my experience you would either do the following in MPLS environments:

1. Run BGP with the provider and redistribute your local subnets into BGP on your CE router usually over some sort of ethernet access circuit (typically where you have a higher spec router).

2. Run some other routing protocol (RIP / OSPF / EIGRP) over a DSL type connection.

3. Don't run any routing protocol over the WAN link and the provider would insert LAN subnet routes into the VRF via RADIUS attributes.

So don't get bogged down with the link between AS numbers and loopbacks - this is just good practice. In reality all of your routers should have loopback addresses.

I think you have answered my question there as well.

The connections that I'm refering to are DSL connections.

Our provider has given us 2 types, which are IP Clear Connect Plus & IP Clear Connect Max.

For the first type, they only asked us to specify our loopback addresses.

For the second type, they asked us to specify a loopback address and the lan subnet that we inteneded to use.

So, to me, for the first type..... it looks as though we have to advertise our routes into the vrf via BGP as that is all they use.

However, the second type already has the lan specified into the vrf by the providers so it looks as though any old router would work with this (as it doesn't have to use BGP and its subnet is already in the vrf)

So, going back to the first type (without the provider specifying the lan subnet), is it possible to use a router on this type of connection that doesn't use BGP?

Well you would have to run some sort of routing protocol (whether it be BGP or something else) in order to tell the provider what subnets you have on that site - how else would they know otherwise? But with any routing protocol the provider has to be doing the same thing on their PE or it won't work - for example you could enable RIP / EIGRP / OSPF on your WAN interface but learn nothing from the cloud if the provider has not enabled it on their side - likewise, anything you advertise out will not be learnt by the PE if they are not running a routing protocol.

So the answer is - if you have not told your provider that site x has subnet x.x.x.x locally then you must then use some sort of routing protocol to get it working. 

Great. Exactly what I though as I'm being badgered to put another type of router on there that doesn't support BGP and I couldn't see how you would do it without some form of routing protocol.

The first type of connection doesn't give us that option whereas the second type does.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco