cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2646
Views
15
Helpful
6
Replies

MPLS over FlexVPN

clukongo
Level 1
Level 1

Hi,

I am setting up an MPLS over FlexVPN infrastructure.
FlexVPN and BGP work well as NLRIs are well received via VPNV4. However, these networks in the VRFs fail to communicate because the labels are not installed in the MPLS forwarding table.
Attached is the diagram describing the architecture I used as well as the configurations implemented.
Could someone explain what could prevent MPLS from working please? Is there a setting I forgot?

Thanks in advance,

Chris

1 Accepted Solution

Accepted Solutions

Thomas Schmitt
Level 1
Level 1

Hi, your configuration is pretty wired, but core issue is probably the same, like in other threads, take a look here MPLS over FLEX VPN shortcut does not work - NHRP error: Could not find AVL node for vrf - Page 2 - Cisco Community (I saw also the AVL error in debugs)

I wasn't able to finish configuration, but I was able to rectify some points in your config. You can find all changes in attached files, I changed port channels with sub-interfaces and Vlans, against common routed interfaces on the same subnet, connected with generic Ethernet switch. Some important points:

  1. Tunnel Interfaces are required only on spoke routers for connection to hub; just delete your mGRE construct
  2. You don't need OSPF in this setup, just remove it
  3. Create Lo0 on HUB router, it will be your BGP router ID; I took 172.16.0.1/32
  4. Use BGP dynamic peer groups on hub
  5. There are also a lot of small changes, refer to MPLS over FLEX-VPN Guide
  6. You don't need default route on every router, just in VRF from HUB

The main problem I encountered, just like all the others, whose posts I read during my investigation on this topic, is all about MPLS label reservation and distribution

SPOKE2#show mpls interfaces
Interface IP Tunnel BGP Static Operational
Tunnel0 No No Yes No Yes
Virtual-Template1 No No No No No
SPOKE2#show mpls forwarding-table vrf COE
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 10.55.1.1/32[V] 0 aggregate/COE

I checked a lot of different configuration options, for example I configured HUB as RR for VPNv4, set RR as next-hop self, 'mpls bgp forwarding' on tunnel interface; I added static routes for BGP next-hop addresses

SPOKE2#sh run | in ip route
ip route 172.16.1.0 255.255.255.0 Tunnel0 172.16.0.1 name SPOKEs
Route Distinguisher: 1:1 (default for vrf COE)
*>i 0.0.0.0 172.16.0.1 0 100 0 ?
*>i 10.33.1.1/32 172.16.0.1 0 100 0 ?
*> 10.55.1.1/32 0.0.0.0 0 32768 ?
*>i 10.242.1.1/32 172.16.1.8 0 100 0 ?

But in the end there are no labels reserved.

Meanwhile I read, that the labels should be distributed via IKEv2, via NHRP, via BGP - I'm confused with all the different statements, but I think it should be NHRP, doesn't it?

View solution in original post

6 Replies 6

No body answer you yet, 
I am here I will check your config.
what about your previous post. do you try my solution ?

Hello,

Yes your solution works fine (using eBGP instead of iBGP). However, the goal being to use MPLS NHRP rather than LDP I opened this post in order to set up this with FlexVPN.
Thanks again for your help my friend

Thomas Schmitt
Level 1
Level 1

Hi, your configuration is pretty wired, but core issue is probably the same, like in other threads, take a look here MPLS over FLEX VPN shortcut does not work - NHRP error: Could not find AVL node for vrf - Page 2 - Cisco Community (I saw also the AVL error in debugs)

I wasn't able to finish configuration, but I was able to rectify some points in your config. You can find all changes in attached files, I changed port channels with sub-interfaces and Vlans, against common routed interfaces on the same subnet, connected with generic Ethernet switch. Some important points:

  1. Tunnel Interfaces are required only on spoke routers for connection to hub; just delete your mGRE construct
  2. You don't need OSPF in this setup, just remove it
  3. Create Lo0 on HUB router, it will be your BGP router ID; I took 172.16.0.1/32
  4. Use BGP dynamic peer groups on hub
  5. There are also a lot of small changes, refer to MPLS over FLEX-VPN Guide
  6. You don't need default route on every router, just in VRF from HUB

The main problem I encountered, just like all the others, whose posts I read during my investigation on this topic, is all about MPLS label reservation and distribution

SPOKE2#show mpls interfaces
Interface IP Tunnel BGP Static Operational
Tunnel0 No No Yes No Yes
Virtual-Template1 No No No No No
SPOKE2#show mpls forwarding-table vrf COE
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 10.55.1.1/32[V] 0 aggregate/COE

I checked a lot of different configuration options, for example I configured HUB as RR for VPNv4, set RR as next-hop self, 'mpls bgp forwarding' on tunnel interface; I added static routes for BGP next-hop addresses

SPOKE2#sh run | in ip route
ip route 172.16.1.0 255.255.255.0 Tunnel0 172.16.0.1 name SPOKEs
Route Distinguisher: 1:1 (default for vrf COE)
*>i 0.0.0.0 172.16.0.1 0 100 0 ?
*>i 10.33.1.1/32 172.16.0.1 0 100 0 ?
*> 10.55.1.1/32 0.0.0.0 0 32768 ?
*>i 10.242.1.1/32 172.16.1.8 0 100 0 ?

But in the end there are no labels reserved.

Meanwhile I read, that the labels should be distributed via IKEv2, via NHRP, via BGP - I'm confused with all the different statements, but I think it should be NHRP, doesn't it?

I have just test it and it works. About the label, yes it is distributed by NHRP and MP-BGP.

Thanks again for your help my friend.

What did you tested and what worked for you?

I found a lot of threads, where it didn‘t worked and not a single one, where anything worked as intended. Probably, people start a discussion only if it doesn’t work as expected, but nevertheless I wasn’t able to find a working configuration for my lab.

I study right now for SPRI exam and MPLS label distribution possibilities is one of exam topics; NHRP wasn’t mentioned between them (if I remember it right, those ware LDP, RSVP, BGP and ISIS/OSPF opaque LSAs) - so I’m very exited to see, how NHRP does it.  

 


Before the networks in the VRFs could not join each other. My mistake was to use OSPF to route loopbacks for BGP peering. But in this type of topology we don't need OSPF. When I removed it and mounted the BGP peering directly with the Tunnels interfaces it worked better as you can see in the screenshot below

clukongo_0-1671535917276.png

 

Review Cisco Networking for a $25 gift card