Inter AS VPN and Netflow Problem

Unanswered Question
Feb 8th, 2007

Hi, i have a bgp router(7206), which acts as mpls-pe router in direction to our mpls cloud and as a bgp border router to a different providers mpls cloud.

as described in cisco doku, there is no labeldistribution between the bgp as borderrouter.


if the 7206 gets a packet from a customer in my mpls cloud, the packet has a vrf label and a transportlabel.

when this paket has to go to the other as (to the mpls cloud of the different provider), the interface (gig0/2.541)drops one label (the transport) and forwards the paket with the vrf label to the inter as link.

we have a crannog tool which analysis our flow.

if i look at gig0/2.541 i have very, very strange pakets (ip- source-adr) which are not possible on this link.

i think the problem is that netflow does not know that there is a vrf label in this paket and so it thinks the vrf label belongs to the adresss.

any idea ??

mplsrbgope02#sh ip cache flow | in 58.17

Gi0/2.190 AT3/0.78 92 0000 0000 1

Gi0/2.190 AT3/0.77 10 0000 0000 1

Gi0/2.190 Gi0/2.541 01 0000 0000 1

Gi0/2.190 Gi0/2.541 00 0000 0000 1

Gi0/2.190 Gi0/2.541 67 0000 0000 1

Gi0/1.194 AT3/0.188 01 0000 0800 1

AT3/0.188 Gi0/1.194 01 0000 0000 1

Gi0/2.190 Gi0/2.541 B0 0000 0000 1


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
oettls Thu, 02/08/2007 - 02:05


just to be sure:

your topology is the Inter-AS Option B of RFC2547bis ?

What code do you run on your gateway router ? There is a MPLS-aware Netflow feature which also has some restrictions. Perhaps you can check:

you'll have to use V9 exports in order to implement that feature ...



rabeder Thu, 02/08/2007 - 02:36


thanks for answer.

i am using inter-as mpls vpn as described in:

my 7206 uses ios:

System image file is "disk2:c7200-js-mz.123-15a.bin"


i have netlow version 9 enabeld, but i dont want to see labels in netflow - i only want that the router or netflow "knows" that ther is a label (vrf-label) on the link to the other as - so that netflow has the right source ip address.

here is the relavant konfig:

the link to MY mpls-cloud:

interface GigabitEthernet0/2.190

encapsulation dot1Q 190

ip address

ip flow ingress

mpls label protocol ldp

tag-switching mtu 1512

tag-switching ip

and here is the konfig of the link to the other providers as:

interface GigabitEthernet0/2.541

bandwidth 96000

encapsulation dot1Q 541

ip address

ip flow ingress

mpls netflow egress

tag-switching mtu 1512

rabeder Thu, 02/08/2007 - 05:03


i found the reason for the wrong ip-addresses in the netflow output:

it was the "mpls netflow egress" command on the gig0/2.541 interface !!


This Discussion