Solved: Fail-over config

Udeme · ‎05-05-2020

Hello @All,

I am new here so please pardon me i have broken a protocol.

I currently have a VPNV4 running to serve customers on both PE1 & PE2 respectively bur i introduced L3sw on both ends to carry out fail-over should PE1/PE2 disconnects from Core, but i am stock.

Kindly help out here.

Br...

Giuseppe Larosa · ‎05-06-2020

Hello @Udeme ,

an MPLS L3 VPN service requires both a control plane (MP BGP) and an MPLS forwarding plane.

Creating a backup path between PE1 and PE2 with two L3 switches will provide an IP only path that cannot be used by forwarding plane to forward MPLS packets. It is not enough to run OSPF or other IGP on the backup path also LDP has to be run and labels have to be exchanged for the remote PE loopback address.

You can use the L3 switches to create a backup path between CE routers but not between PE routers that need to run all the MPLS related protocols (LDP).

In addition an IP only path of IGP equal cost or better cost is preferred over MPLS enabled paths and this breaks the MPLS L3 VPN connectivity. This is likely what is happening in your lab.

To demonstrate this is just enough to increase the ip ospf cost on the backup path and you should be able to restore MPLS L3 VPN connectivity.

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎05-06-2020

Hello @Udeme ,

if you want to create a valid MPLS backup path between PE1 and PE2 nodes you need to put in place other routers and to run LDP, OSPF over them. The L3 switches are not enough if they are not able to run LDP.

>> I clearly understand your outlined, the L3 SW should be used to protect the CEs but this means the protection path for the CEs will no longer be on L3 but L2 allowing the Customers to the routing themselves.

This actually depends on the protocol used between PE and CE for example OSPF allows to use sham-links between the PE nodes to make remote site routes to appear as O instead of O IA ( OSPF inter area) and tuning the cost of the sham-links you can decide how the IP only backup path between CE nodes is used (as primary path or secondary path).

Other routing protocols lack this capability to manage a L3 routed backup path between VRF sites.

Hope to help

Giuseppe

View solution in original post

balaji.bandi · ‎05-05-2020

Please provide the relavant configuration, to Look, Failover testing, are you shutdown one side of the Link and it fails to other PEm is this correct ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

paul driver · ‎05-06-2020

Hello
Assumption here is your primary path is via the PE rtrs and the secondary path is via the L3 Switches and that you wish to provide a resilient path via the L3 switches if you happen to incur a dual failure of the PE rtrs?.

Can you confirm what routing do you have in place towards the PE and L3 switches

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Giuseppe Larosa · ‎05-06-2020

Hello @Udeme ,

an MPLS L3 VPN service requires both a control plane (MP BGP) and an MPLS forwarding plane.

Creating a backup path between PE1 and PE2 with two L3 switches will provide an IP only path that cannot be used by forwarding plane to forward MPLS packets. It is not enough to run OSPF or other IGP on the backup path also LDP has to be run and labels have to be exchanged for the remote PE loopback address.

You can use the L3 switches to create a backup path between CE routers but not between PE routers that need to run all the MPLS related protocols (LDP).

In addition an IP only path of IGP equal cost or better cost is preferred over MPLS enabled paths and this breaks the MPLS L3 VPN connectivity. This is likely what is happening in your lab.

To demonstrate this is just enough to increase the ip ospf cost on the backup path and you should be able to restore MPLS L3 VPN connectivity.

Hope to help

Giuseppe

Udeme · ‎05-06-2020

Dear Larosa,

Thank you for the +ve feedback.

I clearly understand your outlined, the L3 SW should be used to protect the CEs but this means the protection path for the CEs will no longer be on L3 but L2 allowing the Customers to the routing themselves.

So you are saying i have to create another path(back up) and allow it run IPMPLS if i still want to carry CEs services via VPNV4 tunnels???

Giuseppe Larosa · ‎05-06-2020

Hello @Udeme ,

if you want to create a valid MPLS backup path between PE1 and PE2 nodes you need to put in place other routers and to run LDP, OSPF over them. The L3 switches are not enough if they are not able to run LDP.

>> I clearly understand your outlined, the L3 SW should be used to protect the CEs but this means the protection path for the CEs will no longer be on L3 but L2 allowing the Customers to the routing themselves.

This actually depends on the protocol used between PE and CE for example OSPF allows to use sham-links between the PE nodes to make remote site routes to appear as O instead of O IA ( OSPF inter area) and tuning the cost of the sham-links you can decide how the IP only backup path between CE nodes is used (as primary path or secondary path).

Other routing protocols lack this capability to manage a L3 routed backup path between VRF sites.

Hope to help

Giuseppe