Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2373
Views
5
Helpful
10
Replies

MPLS layer 2 vpn

olly ahmed
Level 1
Level 1

‎08-10-2016 09:11 AM - edited ‎03-05-2019 04:28 AM

Can anyone help me to understand the issue. From provider's perspective client is asking for layer 2 vpn connection between their 2 sites as well as they wants their 2 sites router will discover one another by layer 2 such as cdp. For more clarification, suppose client has two sites with router R1 for site 1 and R2 for site 2. They wants to connect these two routers directly where these devices will discover one another by cdp. From attached network diagram R5 & R6 are client router for for two sites. R1,R2 & R3 consists MPLS network. Client wants R5 will get R6 as cdp neighbor. If you need more information please let me know.

Labels:
Preview file
20 KB
0 Helpful
10 Replies 10

Peter Paluch
Cisco Employee
Cisco Employee

‎08-10-2016 11:32 AM

Hi,

May I ask you a few questions to clarify the issue?

suppose client has two sites with router R1 for site 1 and R2 for site 2

Topologically, this does not make sense. Did you perhaps mean to say that site 1 is R3 and site 2 is R2? If so, who owns the R3 and R2 routers and what is their function? Are they PE (provider edge) or CE (customer edge) routers?

From attached network diagram R5 & R6 are client router for for two sites. R1,R2 & R3 consists MPLS network. Client wants R5 will get R6 as cdp neighbor.

If R1, R2, and R3 comprise the MPLS network and R5 and R6 are client routers then I asume that R3+R2 are PE routers and R5+R6 are CE routers, and we want the CE routers to think they are connected via a direct link.

If I got this correctly, then - yes, this is a simple case of a L2VPN, a pseudowire. R3 has to be configured on its link to R5 to forward every received frame to R2 via a LSP, and, similarly, R2 has to be configured on its link to R6 to forward every received frame to R3.

This would be an IOS-based configuration for the routers:

R3:

interface Loopback0
 description => Router ID <=
 ip address 10.255.255.3 255.255.255.255
 ip ospf 1 area 0
!
mpls ldp router-id Loopback0 force
!
interface FastEthernet0/1
 description => To R5 <=
 xconnect 10.255.255.2 1 encapsulation mpls
 no shutdown

R2:

interface Loopback0
 description => Router ID <=
 ip address 10.255.255.2 255.255.255.255
 ip ospf 1 area 0
!
mpls ldp router-id Loopback0 force
!
interface FastEthernet0/1
 description => To R6 <=
 xconnect 10.255.255.3 1 encapsulation mpls
 no shutdown

The loopbacks on R2 and R3 must be reachable over the MPLS cloud (R2-R1-R3 and vice versa), hence the OSPF running on those loopbacks. I have not included the basic MPLS configuration of the interfaces from R2 and R3 toward R1 - I assume this is already done. The actual pseudowire can be configured using a single xconnect command on the PE interface toward the CE. The number "1" in the xconnect is a so-called pseudowire ID, and must identical on both ends of the pseudowire. This is how the R2 and R3 know that these two interfaces should be linked together.

If you need a IOS-XE configuration that uses a newer l2vpn configuration style, or an IOS-XR configuration, please let me know.

Best regards,
Peter

0 Helpful

olly ahmed
Level 1
Level 1
In response to Peter Paluch

‎08-11-2016 08:37 AM

Hi Peter,

Thanks for your kind reply and cooperation. But I think you could not get my point perfectly.My question was, is it possible to configure MPLS layer 2 so that two CE routers can discover one another in CDP neighbor table. So that CEs can assume that they are directly connected. Please let me know if you could not get my point exactly due to my inefficiency in writing English.

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to olly ahmed

‎08-11-2016 12:56 PM

Hello,

My question was, is it possible to configure MPLS layer 2 so that two CE routers can discover one another in CDP neighbor table.

Yes, absolutely. That is the point of MPLS Layer2 VPN - to carry frames, regardless of their content (CDP, IPv4, IPv6, ARP, ...), across the pseudowire between the customer's locations.

The configuration example I have posted will accomplish exactly that: R5 and R6 will see each other in the CDP table, and if you configure R5 and R6 with IP addresses on a common IP network (e.g. R5 = 10.0.56.5/24, R6 = 10.0.56.6/24), they will be able to ping each other directly.

Please let me know if you could not get my point exactly due to my inefficiency in writing English.

I was not entirely sure what exactly you were asking about - but I am not a native speaker, either. Don't worry - all is okay.

Best regards,
Peter

0 Helpful

olly ahmed
Level 1
Level 1
In response to Peter Paluch

‎08-12-2016 07:45 AM

Hi Peter,

Thanks again. Please see below configuration output and suggest if I need any addition to this configuration. Though I configured MPLS L2 but  one CE router is not getting other CE in its CDP neighbor table.

Configuration on R3 (PE2)
===================

interface FastEthernet1/0.10
encapsulation dot1Q 10
no cdp enable
xconnect 2.2.2.2 10 encapsulation mpls

Configuratoin on R2 (PE1)
===================

interface FastEthernet1/0.10
encapsulation dot1Q 10
no cdp enable
xconnect 3.3.3.3 10 encapsulation mpls


Output of R4 (CE1)
==================

R4#ping 22.22.22.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.22.22.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 104/127/152 ms

R4#show cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID
IOU1 Fas 0/0 137 R S I Linux Uni Eth 0/1
R4#


Output of R6 (CE2)
==================

R6#ping 22.22.22.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.22.22.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 116/120/128 ms
R6#sho cdp nei
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID
IOU2 Fas 0/0 151 R S I Linux Uni Eth 0/1
R6#

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to olly ahmed

‎08-13-2016 12:46 AM

Hello,

Your configuration is correct for the most part.

The problem is that you are only carrying VLAN10-tagged frames across the L2VPN, because you have configured the xconnect command on the Fa1/0.10 subinterface that processes VLAN10 frames only. CDP, however, is carried in VLAN1, and because VLAN1 is treated as a native VLAN by default, CDP is essentially sent untagged from router Ethernet ports. Your configuration does not carry untagged frames across the L2VPN, and that is why R4 and R6 cannot see each other in CDP.

So to allow R4 and R6 to see themselves in CDP, you need to make sure that you also carry untagged frames across the L2VPN. There are two ways of doing it. The first, less scalable way is to add another pseudowire that specifically carries untagged frames only. This is done by creating a new pair of subinterfaces that match the VLAN1 and specifically say that the frames can also be untagged:

R3:

interface FastEthernet1/0.1
 encapsulation dot1Q 1 native
 xconnect 2.2.2.2 1 encapsulation mpls

R2:

interface FastEthernet1/0.1
 encapsulation dot1Q 1 native
 xconnect 3.3.3.3 1 encapsulation mpls

Another way is remove all subinterfaces from your PE routers altogether, and set up the xconnect on the physical Fa1/0 interface itself. This configuration will carry all frames, untagged and tagged, regardless of the tag value, between your CE routers:

R3:

no interface Fa1/0.10
!
interface FastEthernet1/0
 xconnect 2.2.2.2 123 encapsulation mpls

R2:

no interface Fa1/0.10
!
interface FastEthernet1/0
 xconnect 3.3.3.3 123 encapsulation mpls

Try this out!

Best regards,
Peter

olly ahmed
Level 1
Level 1
In response to Peter Paluch

‎08-17-2016 07:33 AM

Hi Peter,

Thanks for your reply. 

But I can not configure MPLS layer 2 int physical interface. I am getting below error. Can you tell me why I am getting this error ? I can remember I configured MPLS layer 2 vpn on physical interface 1 year ago in gns3. But now could not.

R3(config-if)#xconnect 2.2.2.2 200 pw-class mpls
MPLS encap is not supported on this circuit

R3#show version
Cisco IOS Software, 7200 Software (C7200-JK9S-M), Version 12.4(13b), RELEASE SOFTWARE (fc3)

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to olly ahmed

‎08-17-2016 08:35 AM

Hello Ahmed,

Hmm, that's curious. Can you please share the configuration of the entire router?

Best regards,
Peter

0 Helpful

romain.pirotte
Level 1
Level 1
In response to Peter Paluch

‎09-19-2016 02:18 AM

Hello,

I am also interested

Best regards,

Romain

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to olly ahmed

‎08-17-2016 08:46 AM

Hello Ahmed,

One more thing - please include the output of show diag and show inventory (whichever is supported on your IOS), even if you are running the topology in GNS3. Thanks!

Best regards,
Peter

0 Helpful

Nuhu_20071
Level 1
Level 1
In response to Peter Paluch

‎08-30-2018 06:58 AM

Dear Peter, 

Good to see your solution for MPLS VPN layer2 ......

Can you guide if we need redundant MPLS layer2 VPN  connectivity how to configure ....

 

Best Regards

Nuhu 

0 Helpful
Customers Also Viewed These Support Documents