Re: MPLS VPN without LDP

mmaamm238 · ‎07-06-2024

I have 5 routers that have been configured for MPLS VPN without LDP.

R1, R2, and R3 are connected to R4 and R33 is connected to R3.

Both overlay and underlay are in BGP (VPNV4 and IPV4) but I want to separate them and not use BGP for underlay.

In R33 when I add ip route 10.10.0.1 255.255.255.255 192.168.33.3 it stops working:

R33#sh ip cef vrf VRF1 10.21.0.1
10.21.0.1/32
recursive via 192.168.33.3 unusable: no label
R33#

Why I cannot use any route except BGP in the underlay?

Harold Ritter · ‎07-06-2024

Hi @mmaamm238 ,

For MPLS VPN (L3VPN) to work you need 2 labels, a service label learnt via VPNv4 and the IGP label that can be learnt via several different techniques (LDP, RSVP, BGP LU, static label binding, etc).

The most common way to signal the IGP label is LDP. I am not sure why you do not want to use LDP nor BGP LU, but I would definitely recommend not to go down the static label binding path, as it would require a fair amount of work.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

mmaamm238 · ‎07-08-2024

Hi Harold,

I used to configure it using LDP but over DMVPN network with "mpls ip" command, direct spoke to spoke tunnel does not come up.

Since my real routers are old and they do not support "mpls nhrp" nor segment routing I decided to go for "mpls bgp forwarding" and since all routers are not DMVPN spokes but some of them are directly connected to other spokes, I configured another BGP peering between a spoke and a router behind a spoke but I do not want such an extra BGP peering and want to use IGP. Since "mpls ip" and "mpls bgp forwarding" cannot coexist I need to remove LDP configurations.

M02@rt37 · ‎07-07-2024

Hello @mmaamm238

Proper label distribution is crucial for the correct forwarding of packets in MPLS VPN L3VPN.

Two labels are typically used: a service label and an IGP label. The service label, which identifies the VPN, is learned via BGP with the VPNv4 address family, while the IGP label, which facilitates transport across the MPLS backbone, can be learned through various methods such as LDP, RSVP, BGP LU (BGP Label Unicast), or static label binding. The most common and straightforward method to signal the IGP label is LDP, as it automates the distribution of labels across the network. If LDP or BGP LU is not being used, it can lead to issues like the one you're experiencing on R33, where a static route without label information results in an unusable route due to the absence of a required MPLS label. Static label binding is another technique, but it is highly manual and labor-intensive, making it less practical for most environments.

It is strongly recommend enabling LDP or considering BGP LU for label distribution to ensure the underlay network can properly support MPLS forwarding. This will involve configuring LDP on all relevant interfaces and ensuring the IGP (such as OSPF or IS-IS) is in place for underlay routing. For instance, configuring OSPF on the routers with appropriate network statements and enabling MPLS on interfaces will automate label distribution and resolve the routing issues seen with static routes lacking MPLS labels.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

MHM Cisco World · ‎07-07-2024

share the topology I need to see it

MHM

mmaamm238 · ‎07-08-2024

Hi MHM,

Here it is

Harold Ritter · ‎07-07-2024

Hi @sayeed7393 ,

> ip route 10.10.0.1 255.255.255.255 192.168.33.3 name STATIC_ROUTE label 100

This would definitely not be the way to statically assign the MPLS label binding. Where does that information come from?

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Harold Ritter · ‎07-07-2024

Hi @mmaamm238 ,

I just look at your configurations and it will not work the way you have it configured.

For BGP LU to be used as a replacement to LDP, it would need to be configured hop by hop (R33 to R3 and R3 to R1).

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

MHM Cisco World · ‎07-07-2024

We use mpls to pass traffic over hops dont have IP in routing table

Here if you dont want use mpls you can use GRE' i.e. build underlying and overlaying.

Underlying is gre

Overlaying is bgp.

MHM

mmaamm238 · ‎07-08-2024

Hi MHM,

I have DMVPN for underlay and BGP for overlay but some routers are behind DMVPN spokes like the topology above.

R1(Hub & RR) ---- R4(Transit) ---- R3(Spoke) ---- R33

Maybe I should consider adding R33 as another spoke to DMVPN although it is directly connected to R3 and they can have IGP but it adds complexity:

1. In real world I have multiple DMVPNs between R1 and R3 over different links for redundancy

2. The traffic between R3 and R33

MHM Cisco World · ‎07-08-2024

you mention that some router not use DMVPN so I work on this point

I use GRE tunnel between R1 and R3
I advertise LO which is use later as update source of VPNv4 via tunnel (overlaying) not underlaying
I run MPLS IP which is mandatory for VPNv4 ONLY, if you want to run BGP then no need MPLS
in my lab I run MPLS IP under tunnel because I use VPNv4 to advertise vrf red and blue prefix between R1 and R3

R2#show run
R2#show running-config
*Jul 9 07:07:58.743: %SYS-5-CONFIG_I: Configured from console by console
R2#show running-config
Building configuration...

Current configuration : 1194 bytes
!
! Last configuration change at 07:07:58 UTC Tue Jul 9 2024
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 100.0.0.2 255.255.255.0
duplex full
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
ip address 200.0.0.2 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet2/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
!
router ospf 100
network 100.0.0.0 0.0.0.255 area 0
network 200.0.0.0 0.0.0.255 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

R1#show ru
*Jul 9 07:02:42.571: %SYS-5-CONFIG_I: Configured from console by console
R1#show run
R1#show running-config
Building configuration...

Current configuration : 2116 bytes
!
! Last configuration change at 07:02:42 UTC Tue Jul 9 2024
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
ip vrf blue
rd 10:10
route-target export 10:10
route-target import 10:10
!
ip vrf red
rd 1:1
route-target export 1:1
route-target import 1:1
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Loopback10
ip vrf forwarding red
ip address 10.0.0.1 255.255.255.0
!
interface Loopback100
ip vrf forwarding blue
ip address 100.0.0.1 255.255.255.0
!
interface Tunnel0
ip address 5.0.0.1 255.255.255.0
mpls ip
tunnel source FastEthernet0/0
tunnel destination 200.0.0.3
!
interface FastEthernet0/0
ip address 100.0.0.1 255.255.255.0
duplex full
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet2/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
!
router ospf 100
network 100.0.0.0 0.0.0.255 area 0
!
router ospf 5
network 1.1.1.1 0.0.0.0 area 0
network 5.0.0.0 0.0.0.255 area 0
!
router bgp 100
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
!
address-family ipv4 vrf blue
redistribute connected
exit-address-family
!
address-family ipv4 vrf red
redistribute connected
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!

R3#show run
R3#show running-config
Building configuration...

Current configuration : 2116 bytes
!
! Last configuration change at 06:59:41 UTC Tue Jul 9 2024
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
ip cef
!
ip vrf blue
rd 30:30
route-target export 10:10
route-target import 10:10
!
ip vrf red
rd 3:3
route-target export 1:1
route-target import 1:1
!
!
!
!
!
!
no ip domain lookup
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Loopback20
ip vrf forwarding red
ip address 20.0.0.3 255.255.255.0
!
interface Loopback200
ip vrf forwarding blue
ip address 200.0.0.3 255.255.255.0
!
interface Tunnel0
ip address 5.0.0.3 255.255.255.0
mpls ip
tunnel source FastEthernet1/1
tunnel destination 100.0.0.1
!
interface FastEthernet0/0
no ip address
shutdown
duplex full
!
interface FastEthernet1/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet1/1
ip address 200.0.0.3 255.255.255.0
speed auto
duplex auto
!
interface FastEthernet2/0
no ip address
shutdown
speed auto
duplex auto
!
interface FastEthernet2/1
no ip address
shutdown
speed auto
duplex auto
!
router ospf 100
network 200.0.0.0 0.0.0.255 area 0
!
router ospf 5
network 3.3.3.3 0.0.0.0 area 0
network 5.0.0.0 0.0.0.255 area 0
!
router bgp 100
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf blue
redistribute connected
exit-address-family
!
address-family ipv4 vrf red
redistribute connected
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
!
!
end

mmaamm238 · ‎07-23-2024

Hi MHM,

Thank you for your time

As I said before I don't want to use LDP hence "mpls ip" because it does not work in DMVPN for direct spoke to spoke traffic

MHM Cisco World · ‎07-25-2024

IF THE LABEL not NEED
you can use tunnel between each two router i.e. the tunnel will use same source and different destination
that will make packet forwarding need need any label

MHM

mmaamm238 · ‎08-04-2024

I need labels but I want to do not use "mlps ip" because it does not work in DMVPN direct spoke to spoke hence I decided to switch to "mpls bgp forwarding" but as some routers are not in DMVPN but directly connected to DMVPN routers they are not seeing route reflectors without neighboring with DMVPN routers and this further BGP peering is hard and complex and I search for a solution to not use this extra BGP peering. I prefer to not use BGP in underlay.