Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3286
Views
11
Helpful
31
Replies

VPLS over GRE Tunnel

Go to solution
NUSFETLEN
Level 1
Level 1

‎06-25-2023 12:16 PM

I have created the below network setup, trying to get VPLS running over GRE P-P tunnel. The GRE Tunnel is Up. MPLS seems working OK, I can ping from 172.16.18.0 to 172.16.160.0. However, VPLS comes Up (VC is Up) but doesn't forward traffic between sites withing VLAN 14 and VLAN 97. The "sh mpls forwarding" shows no outgoing interface for vfi 14 and vfi 97. 

Do I miss anything in the config? 

 

NUSFETLEN_1-1687720501030.png

 

Labels:
4 Accepted Solutions

Accepted Solutions

Go to solution
Ramblin Tech
Spotlight
Spotlight
In response to NUSFETLEN

‎06-26-2023 02:09 PM

IIRC, CSR1Kv has a functioning L2VPN data plane; I am doubtful that IOSvL2 does. I believe IOSvL2 was created many years ago to support "switchport" bridging configurations, back when IOU/IOL images did not.

As for your question "If it doesn't support VPLS, why does it allow the commands?", that question has been frustrating many people, inside and outside of Cisco, for quite some time. Many platforms have IOS parsers that accept unsupported commands, with the lack of support coming from either no devtest program to insure that the command functions properly, or that there is not all of the necessary hw/sw infrastructure implemented on the platform to provide any support at all. At best, the unsupported commands are documented somewhere for the platform, but typically the answer will come back from the BE/BU that if the command is not explicitly in the PD docs for that platform, then it is unsupported.  The gotcha here is that there may not be any docs for IOSvL2 at all.

Disclaimer: I am long in CSCO

View solution in original post

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee
In response to NUSFETLEN

‎06-26-2023 02:41 PM - edited ‎06-26-2023 03:23 PM

Hi @NUSFETLEN ,

It is often the case with devices supported in CML, ads they are virtual devices. These virtual devices will often support a given feature at the control plane level, but don't support it at the data plane level, as this is normally implemented in HW at the line card level on the physical device.

BTW, your scenario should work on CSR1000v with small modifications.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

Go to solution
NUSFETLEN
Level 1
Level 1
In response to Harold Ritter

‎06-26-2023 04:34 PM

I've changed  IOSvL2 to CSR1000v. Now it is working perfect. Thanks 

View solution in original post

0 Helpful

Go to solution
NUSFETLEN
Level 1
Level 1

‎06-29-2023 07:37 PM

I've finally ended up with the below setup and deployed it on the real hardware (C1111-8P router). I've used L2TP instead of VPLS. For some reason the hardware doesn't allow STP BPDU through VPLS, however, it does allow STP BPDU through L2TP. I need this L2VPN as a redundant connection for the Dark Fiber we have between these two sites. So, if STP BPDU is not allowed through L2VPN it might be a potential for traffic loop. If you have any ideas to overcome this hardware limitation it would be very helpful, cause i prefer to have VPLS as L2VPN.

NUSFETLEN_0-1688092637343.png

 

View solution in original post

0 Helpful
31 Replies 31

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee

‎06-25-2023 12:57 PM - edited ‎06-25-2023 12:58 PM

Hi @NUSFETLEN ,

What are the 2 routers terminating the tunnel interface?

A few things I would recommend changing:

1. Use Lo0 address as the neighbor address for both VFIs.

2. Advertise the lo0 interface in OSPF so it reachable from the other side.

4. Make sure the loopback interface address from the other side is received both from OSPF and LDP (show mpls ldp binding).

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Go to solution
NUSFETLEN
Level 1
Level 1
In response to Harold Ritter

‎06-25-2023 09:21 PM

Hi Harold,

The routers I consider is ISR1100, but I'm trying this setup in CML for now.

I've modified the setup as you suggested but with no luck, unfortunately. Kindly take a look at the below setup and show commands output. Perhaps I'm still missing something.

NUSFETLEN_0-1687753254323.png

 

Go to solution
MHM Cisco World
VIP
VIP
In response to NUSFETLEN

‎06-26-2023 03:48 AM - edited ‎06-27-2023 06:53 AM

l2vpn xconnect context MHM

 member GigabitEthernet1 service-instance xx

 member pseudowirexx x.x.x.x YY encapsulation mpls

this way config VPWS in IOS XE I think your command before is wrong, 
first try direct connection then try using GRE tunnel

Why I suggest vpws because you have only one peer you dont have multi peers so that you need vpls 

 

0 Helpful

Go to solution
NUSFETLEN
Level 1
Level 1
In response to MHM Cisco World

‎06-26-2023 11:48 AM

The command you are referring to belongs to VPWS. I need to setup VPLS over GRE which is not working so far. I may need to try your command if I fail to get VPLS operational. L2VPN is working fine on this network connection over IP, but I need to extend L2 to the remote site over VPLS/GRE.

Go to solution
NUSFETLEN
Level 1
Level 1
In response to MHM Cisco World

‎06-26-2023 01:24 PM

I've made a direct connection like below (the dashed line), however, it is still not running. So, probably CML doesn't support it (assuming the config is correct). As Cisco states there should be three separate steps of how the router processes VPLS/GRE: 1) Encapsulate Ethernet into VPLS/MPLS; 2) Encapsulate VPLS/MPLS into GRE; 3) Encapsulate VPLS/MPLS/GRE into new Ethernet.

NUSFETLEN_0-1687811086847.png

 

0 Helpful

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee
In response to NUSFETLEN

‎06-26-2023 01:32 PM

Hi @NUSFETLEN ,

I missed the fact that you are running this in CML. What device do you use in CML for the tunnel endpoints? It is possible that it is not supported indeed.

Regards, 

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

Go to solution
NUSFETLEN
Level 1
Level 1
In response to Harold Ritter

‎06-26-2023 01:53 PM

I'm using IOSvL2. If it doesn't support VPLS, why does it allow the commands? Perhaps the real boxes would allow the VPLS to run, so VPLS needs the real equipment.

0 Helpful

Go to solution
Ramblin Tech
Spotlight
Spotlight
In response to NUSFETLEN

‎06-26-2023 02:09 PM

IIRC, CSR1Kv has a functioning L2VPN data plane; I am doubtful that IOSvL2 does. I believe IOSvL2 was created many years ago to support "switchport" bridging configurations, back when IOU/IOL images did not.

As for your question "If it doesn't support VPLS, why does it allow the commands?", that question has been frustrating many people, inside and outside of Cisco, for quite some time. Many platforms have IOS parsers that accept unsupported commands, with the lack of support coming from either no devtest program to insure that the command functions properly, or that there is not all of the necessary hw/sw infrastructure implemented on the platform to provide any support at all. At best, the unsupported commands are documented somewhere for the platform, but typically the answer will come back from the BE/BU that if the command is not explicitly in the PD docs for that platform, then it is unsupported.  The gotcha here is that there may not be any docs for IOSvL2 at all.

Disclaimer: I am long in CSCO

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee
In response to NUSFETLEN

‎06-26-2023 02:41 PM - edited ‎06-26-2023 03:23 PM

Hi @NUSFETLEN ,

It is often the case with devices supported in CML, ads they are virtual devices. These virtual devices will often support a given feature at the control plane level, but don't support it at the data plane level, as this is normally implemented in HW at the line card level on the physical device.

BTW, your scenario should work on CSR1000v with small modifications.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Go to solution
NUSFETLEN
Level 1
Level 1
In response to Harold Ritter

‎06-26-2023 03:50 PM

which small modifications?

0 Helpful

Go to solution
Harold Ritter
Cisco Employee
Cisco Employee
In response to NUSFETLEN

‎06-27-2023 06:45 AM - edited ‎06-27-2023 06:47 AM

Hi @NUSFETLEN ,

Your new configuration works well for point to point configuration. You could do VPLS instead as in your original configuration. You would need the following:

interface GigabitEthernet1

 service instance 14 ethernet

  encapsulation dot1q 14

  bridge-domain 14

 !

 service instance 97 ethernet

  encapsulation dot1q 97

  bridge-domain 97

 !

l2 vfi 14 manual

 vpn id 14

 bridge-domain 14

 neighbor 10.2.1.1 encapsulation mpls

l2 vfi SP manual

 vpn id 97

 bridge-domain 97

 neighbor 10.2.1.1 encapsulation mpls

This would be helpful if you need to add additional sites to the mix.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

Go to solution
NUSFETLEN
Level 1
Level 1
In response to Harold Ritter

‎06-26-2023 04:34 PM

I've changed  IOSvL2 to CSR1000v. Now it is working perfect. Thanks 

0 Helpful

Go to solution
NUSFETLEN
Level 1
Level 1
In response to NUSFETLEN

‎06-26-2023 04:53 PM

The below is the final operational configuration. VPLS allows HSRP and Ethernet traffic, except STP BPDU.

NUSFETLEN_0-1687823621941.png

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to NUSFETLEN

‎06-27-2023 06:51 AM

Can you share config'

The config you share before not work' I alreay run lab gns3 csr1000 but under vlan there is no vfi.

Can you share config I need to take look

0 Helpful
Customers Also Viewed These Support Documents