I have a customer that needs to tunnel serial data from remote sites to a central site. This serial data is HDLC encapsulated and the remote site has a Cisco 1921 router with HWIC4A/S.
The central router is a Cisco 2951, also with HWIC4A/S.
This customer has several VPNs carried by a service provider through MPLS. One VPN is for operational traffic, one is for test traffic and so on.
They want to send the tunneled traffic through the operational VPN on the router doing tunneling through VRF lite. This does however not seem to be supported but I can't find any restrictions in the Cisco documentation.
Here is a working configuration:
pseudowire-class PW encapsulation l2tpv3 sequencing transmit protocol none ip local interface loopback0 ip tos value 128 ip ttl 10
interface Loopback0 ip address x.x.x.x 255.255.255.255
interface Serial0/0/0 description ### redacted ### no ip address no keepalive ignore dtr clock rate 19200 no cdp enable xconnect y.y.y.y 1001 encapsulation l2tpv3 manual pw-class PW l2tp id 61001 101
redacted#show l2tun session all
Session id 61001 is up, logical session id 65668, tunnel id n/a Remote session id is 101, remote tunnel id n/a Locally initiated session Unique ID is 24 Session Layer 2 circuit, type is HDLC, name is Serial0/0/0 Session vcid is 1001 Circuit state is UP Local circuit state is UP Remote circuit state is UP Call serial number is 0 Remote tunnel name is Internet address is y.y.y.y Local tunnel name is Internet address is x.x.x.x IP protocol 115 Session is manually signaled Session state is established, time since change 19:04:36 1087277 Packets sent, 0 received 21281118 Bytes sent, 0 received Last clearing of counters never Counters, ignoring last clear: 1087277 Packets sent, 0 received 21281118 Bytes sent, 0 received Receive packets dropped: out-of-order: 0 other: 0 total: 0 Send packets dropped: exceeded session MTU: 0 other: 0 total: 0 DF bit off, ToS reflect disabled, ToS value 128, TTL value 10 Sending UDP checksums are disabled Received UDP checksums are verified No session cookie information available FS cached header information: encap size = 28 bytes 45800014 00000000 0a738706 0a741822 0a74fbe7 00000065 00000000 Sequencing is on Ns 1087268, Nr 0, 0 out of order packets received Packets switched/dropped by secondary path: Tx 0, Rx 0 Conditional debugging is disabled SSM switch id is 4226, SSM segment id is 12422
The traffic is unidirectional so it's expected to only have packets sent and not received. This works fine. However, if put the loopback in a VRF, the tunnel still comes up but no traffic is forwarded.
int loopback 0
ip vrf forwarding OPER
This would stop the traffic from passing through the tunnel. I suspect that the Cisco implementation of L2TPv3 is not VRF aware but have been unable to get any confirmation so far.
Has anyone else tried to deploy this when sourcing from a VRF?