Help. L2TP with MPLS not working. Cisco C8500

weardfear · ‎02-10-2023

Hey Guys,

I come to you in dire need.

Software Version:
Cisco IOS XE Software, Version 17.04.01a
Cisco IOS Software [Bengaluru], c8000aes Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.4.1a, RELEASE SOFTWARE (fc4)

Background:
I have a ton of routers i need to peer with our MPLS network, these routers have dynamically assigned IP addresses, so i can't just make a GRE (They run on LTE/4G).
I am currently attempting this with L2TP, i attempted with PPTP which caused the router to crash (Atleast that's what the crash log said)
I am limitted to protocols supported by Mikrotik(RouterOS) which are: PPP, PPTP, SSTP, L2TP, OVPN. (Just mentioning all).

Troubleshooting:
The forwarding of the packages on the C8500 works perfectly fine as long as an MPLS header is not attached to the package.
The Cisco router refuses to forward a MPLS package out the virtual-access interface. The Mikrotik router has no issue forwarding a MPLS package through the tunnel.
Going through the awesome "new" platform packet tracer i am getting this error on the subinterface , and not on the virtual-access interface.

Packet: 799 CBUG ID: 3852
Summary
Input : TenGigabitEthernet0/1/2.1618
Output : EVSI46
State : DROP 109 (EssUnsupPktType)
Timestamp
Start : 1252828739336 ns (02/10/2023 09:08:32.422632 UTC)
Stop : 1252828744370 ns (02/10/2023 09:08:32.422637 UTC)
Path Trace
Feature: IPV4(Input)
Input : TenGigabitEthernet0/1/2.1618
Output : <unknown>
Source : 10.249.64.3
Destination : 172.22.5.70
Protocol : 17 (UDP)
SrcPort : 1701
DstPort : 1701
Feature: FlowDB
Event: INGRESS
FlowDB Entry: 0x0c267080
FlowDB Epoch: 0
PPID : 3
Entry Tuple Data:
Type: IPv4
Source Addr: 10.249.64.3
Destination Addr: 172.22.5.70
VRF-ID: 0
Protocol: UDP
Src Port: 1701
Dst Port: 1701
Feature: DEBUG_COND_INPUT_PKT
Entry : Input - 0x814d0b80
Input : TenGigabitEthernet0/1/2.1618
Output : <unknown>
Lapsed time : 289 ns
Feature: IPV4_INPUT_DST_LOOKUP_ISSUE
Entry : Input - 0x814fc934
Input : TenGigabitEthernet0/1/2.1618
Output : <unknown>
Lapsed time : 258 ns
Feature: IPV4_INPUT_ARL_SANITY
Entry : Input - 0x814d29cc
Input : TenGigabitEthernet0/1/2.1618
Output : <unknown>
Lapsed time : 473 ns
Feature: IPV4_INPUT_DST_LOOKUP_CONSUME
Entry : Input - 0x814fc930
Input : TenGigabitEthernet0/1/2.1618
Output : <unknown>
Lapsed time : 270 ns
Feature: IPV4_INPUT_FOR_US_MARTIAN
Entry : Input - 0x814fc93c
Input : TenGigabitEthernet0/1/2.1618
Output : <unknown>
Lapsed time : 892 ns
Feature: DEBUG_COND_APPLICATION_IN
Entry : Input - 0x814d0b70
Input : TenGigabitEthernet0/1/2.1618
Output : <unknown>
Lapsed time : 264 ns
Feature: DEBUG_COND_APPLICATION_IN_CLR_TXT
Entry : Input - 0x814d0b6c
Input : TenGigabitEthernet0/1/2.1618
Output : <unknown>
Lapsed time : 190 ns
Feature: IPV4_INPUT_LOOKUP_PROCESS
Entry : Input - 0x814fc948
Input : TenGigabitEthernet0/1/2.1618
Output : <unknown>
Lapsed time : 670 ns
Feature: IPV4_INPUT_IPOPTIONS_PROCESS
Entry : Input - 0x814fce60
Input : TenGigabitEthernet0/1/2.1618
Output : <unknown>
Lapsed time : 258 ns
Feature: STILE_LEGACY_DROP
Entry : Input - 0x8150d0e0
Input : EVSI46
Output : <unknown>
Lapsed time : 147 ns
Feature: INGRESS_MMA_LOOKUP_DROP
Entry : Input - 0x81506d68
Input : EVSI46
Output : <unknown>
Lapsed time : 295 ns
Feature: INPUT_DROP_FNF_AOR
Entry : Input - 0x814f7cb4
Input : EVSI46
Output : <unknown>
Lapsed time : 430 ns
Feature: INPUT_FNF_DROP
Entry : Input - 0x814e170c
Input : EVSI46
Output : <unknown>
Lapsed time : 283 ns
Feature: INPUT_DROP_FNF_AOR_RELEASE
Entry : Input - 0x814f7cb0
Input : EVSI46
Output : <unknown>
Lapsed time : 344 ns
Feature: INPUT_DROP
Entry : Input - 0x814ce88c
Input : EVSI46
Output : <unknown>
Lapsed time : 215 ns
Feature: IPV4_INPUT_GOTO_OUTPUT_FEATURE
Entry : Input - 0x814d4488
Input : EVSI46
Output : <unknown>
Lapsed time : 12775 ns

I'm a bit tempted to attempt just adding a GRE on top of the L2TP and running the needed protocols in that, this would be an absolute last resort though.
Maybe you guys might even have a better solution to this ?