Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
674
Views
0
Helpful
7
Replies

MPLS-TE for VPN isn't working

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎10-07-2011 08:50 AM - edited ‎03-04-2019 01:51 PM

Ok, here goes:

I have a vrf that I've configured to use a certain tunnel. I've verified that traffic is moving over the tunnel. When I put my bgp next-hop under the vrf, I lose all traffic across the tunnel. I'm running eigrp between the ce-pe, so I'm not sure if that's the problem. Does it only work with bgp peers? Here's the config on the routers, and this is in gns3:

PE-A

ip vrf Dragon

rd 100:100

route-target export 100:100

route-target import 100:100

bgp next-hop Loopback30

interface Tunnel2

ip unnumbered Loopback3

tunnel destination 9.9.9.9

tunnel mode mpls traffic-eng

tunnel mpls traffic-eng autoroute announce

tunnel mpls traffic-eng priority 7 7

tunnel mpls traffic-eng bandwidth  512

tunnel mpls traffic-eng path-option 1 explicit name Dragon

tunnel mpls traffic-eng path-option 2 dynamic

no routing dynamic

interface Loopback30

ip address 30.30.30.30 255.255.255.255

end

ip route 19.19.19.19 255.255.255.255 Tunnel2

PE-B

ip vrf Dragon

rd 100:101

route-target export 100:100

route-target import 100:100

bgp next-hop Loopback19

!

interface Tunnel2

ip unnumbered Loopback1

tunnel destination 3.3.3.3

tunnel mode mpls traffic-eng

tunnel mpls traffic-eng autoroute announce

tunnel mpls traffic-eng path-option 1 dynamic

no routing dynamic

end

interface Loopback19

ip address 19.19.19.19 255.255.255.255

end

ip route 30.30.30.30 255.255.255.255 Tunnel2

I can ping 19.19.19.19 sourc from 30.30.30.30 and vice versa, so I believe the tunnels are passing traffic fine. Any help would be appreciated; this is irritating

HTH, John *** Please rate all useful posts ***
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎10-07-2011 10:52 AM

I haven't done this in a while and I can't test at the moment but from what I recall, you need to enable MPLS on the TE so there is a label formed for the next hop (your new loopbacks).

View solution in original post

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame
In response to John Blakley

‎10-07-2011 12:13 PM

Yeah, I never trust those txload, rxload counters - I usually go with the packet input/output counters.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎10-07-2011 10:52 AM

I haven't done this in a while and I can't test at the moment but from what I recall, you need to enable MPLS on the TE so there is a label formed for the next hop (your new loopbacks).

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to Edison Ortiz

‎10-07-2011 11:37 AM

I definitely see traffic going over the tunnel now. I enabled mpls on the tunnel interfaces, but none of the documentation that I've found mentioned doing that. The weird thing that I see now is this. From doing a ping on the CE side to another router through the mpls network, I can see the traffic going from PE-A to PE-B on the tunnel interface:

PE-A

R3#sh int tu2 | inc txload

     reliability 255/255, txload 32/255, rxload 1/255

PE-B

R9(config-if)#do sh int tu2 | inc txload

     reliability 255/255, txload 25/255, rxload 1/255

Why is PE-B showing txload also since it's the receiving side? Is this because the tunnels are one way?

Thanks Edison!

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame
In response to John Blakley

‎10-07-2011 12:05 PM

Are you pinging? It has to reply hence transmit

BTW, I'm surprised the documentation didn't include that as a requirement. You created the loopbacks in the global routing table and now they are being used as next-hop for VPNs. Usually, the next-hop is your BGP VPNv4 peer between PEs and that exchange is labeled. You need to duplicate this design with your new loopbacks.

Before applying MPLS on the TE, any traffic entering the tunnel wasn't labeled so when you created the static route and pointed to the tunnel, a label was not formed.

You can verify with the show mpls forwarding command and you will see labels for the bgp next-hop on each router.

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to Edison Ortiz

‎10-07-2011 12:11 PM

Um, yeah Wouldn't I be seeing receive on the other side also?

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame
In response to John Blakley

‎10-07-2011 12:13 PM

Yeah, I never trust those txload, rxload counters - I usually go with the packet input/output counters.

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to Edison Ortiz

‎10-07-2011 12:20 PM

Are you talking about the 5 minute counters? My output is the only thing increasing for both sides. Oh well, it's working...

PE-A:

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 248000 bits/sec, 32 packets/sec

PE-B:

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 241000 bits/sec, 29 packets/sec

My counter is increasing to the customer side that I'm pinging that belongs to the same vrf:

CE-B

  reliability 255/255, txload 53/255, rxload 53/255

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎10-07-2011 01:20 PM

As expected due to the unidirectional behavior with MPLS TE

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card