12-17-2022 06:15 AM
Hi,
I am setting up an MPLS over FlexVPN infrastructure.
FlexVPN and BGP work well as NLRIs are well received via VPNV4. However, these networks in the VRFs fail to communicate because the labels are not installed in the MPLS forwarding table.
Attached is the diagram describing the architecture I used as well as the configurations implemented.
Could someone explain what could prevent MPLS from working please? Is there a setting I forgot?
Thanks in advance,
Chris
Solved! Go to Solution.
12-19-2022 04:15 AM - edited 12-19-2022 06:09 AM
Hi, your configuration is pretty wired, but core issue is probably the same, like in other threads, take a look here MPLS over FLEX VPN shortcut does not work - NHRP error: Could not find AVL node for vrf - Page 2 - Cisco Community (I saw also the AVL error in debugs)
I wasn't able to finish configuration, but I was able to rectify some points in your config. You can find all changes in attached files, I changed port channels with sub-interfaces and Vlans, against common routed interfaces on the same subnet, connected with generic Ethernet switch. Some important points:
The main problem I encountered, just like all the others, whose posts I read during my investigation on this topic, is all about MPLS label reservation and distribution
SPOKE2#show mpls interfaces
Interface IP Tunnel BGP Static Operational
Tunnel0 No No Yes No Yes
Virtual-Template1 No No No No No
SPOKE2#show mpls forwarding-table vrf COE
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 10.55.1.1/32[V] 0 aggregate/COE
I checked a lot of different configuration options, for example I configured HUB as RR for VPNv4, set RR as next-hop self, 'mpls bgp forwarding' on tunnel interface; I added static routes for BGP next-hop addresses
SPOKE2#sh run | in ip route
ip route 172.16.1.0 255.255.255.0 Tunnel0 172.16.0.1 name SPOKEs
Route Distinguisher: 1:1 (default for vrf COE)
*>i 0.0.0.0 172.16.0.1 0 100 0 ?
*>i 10.33.1.1/32 172.16.0.1 0 100 0 ?
*> 10.55.1.1/32 0.0.0.0 0 32768 ?
*>i 10.242.1.1/32 172.16.1.8 0 100 0 ?
But in the end there are no labels reserved.
Meanwhile I read, that the labels should be distributed via IKEv2, via NHRP, via BGP - I'm confused with all the different statements, but I think it should be NHRP, doesn't it?
12-18-2022 02:24 PM
No body answer you yet,
I am here I will check your config.
what about your previous post. do you try my solution ?
12-19-2022 02:15 AM
Hello,
Yes your solution works fine (using eBGP instead of iBGP). However, the goal being to use MPLS NHRP rather than LDP I opened this post in order to set up this with FlexVPN.
Thanks again for your help my friend
12-19-2022 04:15 AM - edited 12-19-2022 06:09 AM
Hi, your configuration is pretty wired, but core issue is probably the same, like in other threads, take a look here MPLS over FLEX VPN shortcut does not work - NHRP error: Could not find AVL node for vrf - Page 2 - Cisco Community (I saw also the AVL error in debugs)
I wasn't able to finish configuration, but I was able to rectify some points in your config. You can find all changes in attached files, I changed port channels with sub-interfaces and Vlans, against common routed interfaces on the same subnet, connected with generic Ethernet switch. Some important points:
The main problem I encountered, just like all the others, whose posts I read during my investigation on this topic, is all about MPLS label reservation and distribution
SPOKE2#show mpls interfaces
Interface IP Tunnel BGP Static Operational
Tunnel0 No No Yes No Yes
Virtual-Template1 No No No No No
SPOKE2#show mpls forwarding-table vrf COE
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 10.55.1.1/32[V] 0 aggregate/COE
I checked a lot of different configuration options, for example I configured HUB as RR for VPNv4, set RR as next-hop self, 'mpls bgp forwarding' on tunnel interface; I added static routes for BGP next-hop addresses
SPOKE2#sh run | in ip route
ip route 172.16.1.0 255.255.255.0 Tunnel0 172.16.0.1 name SPOKEs
Route Distinguisher: 1:1 (default for vrf COE)
*>i 0.0.0.0 172.16.0.1 0 100 0 ?
*>i 10.33.1.1/32 172.16.0.1 0 100 0 ?
*> 10.55.1.1/32 0.0.0.0 0 32768 ?
*>i 10.242.1.1/32 172.16.1.8 0 100 0 ?
But in the end there are no labels reserved.
Meanwhile I read, that the labels should be distributed via IKEv2, via NHRP, via BGP - I'm confused with all the different statements, but I think it should be NHRP, doesn't it?
12-19-2022 07:47 AM
I have just test it and it works. About the label, yes it is distributed by NHRP and MP-BGP.
Thanks again for your help my friend.
12-19-2022 10:45 AM
What did you tested and what worked for you?
I found a lot of threads, where it didn‘t worked and not a single one, where anything worked as intended. Probably, people start a discussion only if it doesn’t work as expected, but nevertheless I wasn’t able to find a working configuration for my lab.
I study right now for SPRI exam and MPLS label distribution possibilities is one of exam topics; NHRP wasn’t mentioned between them (if I remember it right, those ware LDP, RSVP, BGP and ISIS/OSPF opaque LSAs) - so I’m very exited to see, how NHRP does it.
12-20-2022 03:32 AM
Before the networks in the VRFs could not join each other. My mistake was to use OSPF to route loopbacks for BGP peering. But in this type of topology we don't need OSPF. When I removed it and mounted the BGP peering directly with the Tunnels interfaces it worked better as you can see in the screenshot below
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide