Inter AS VPN and Netflow Problem

Unanswered Question
Feb 8th, 2007

Hi, i have a bgp router(7206), which acts as mpls-pe router in direction to our mpls cloud and as a bgp border router to a different providers mpls cloud.

as described in cisco doku, there is no labeldistribution between the bgp as borderrouter.

but:

if the 7206 gets a packet from a customer in my mpls cloud, the packet has a vrf label and a transportlabel.

when this paket has to go to the other as (to the mpls cloud of the different provider), the interface (gig0/2.541)drops one label (the transport) and forwards the paket with the vrf label to the inter as link.

we have a crannog tool which analysis our flow.

if i look at gig0/2.541 i have very, very strange pakets (ip- source-adr) which are not possible on this link.

i think the problem is that netflow does not know that there is a vrf label in this paket and so it thinks the vrf label belongs to the adresss.

any idea ??

mplsrbgope02#sh ip cache flow | in 58.17

Gi0/2.190 61.17.58.179 AT3/0.78 10.48.38.20 92 0000 0000 1

Gi0/2.190 0.0.64.0 AT3/0.77 58.17.229.17 10 0000 0000 1

Gi0/2.190 58.17.208.13 Gi0/2.541 10.18.120.102 01 0000 0000 1

Gi0/2.190 58.17.208.14 Gi0/2.541 10.18.120.102 00 0000 0000 1

Gi0/2.190 58.17.144.171 Gi0/2.541 10.18.120.97 67 0000 0000 1

Gi0/1.194 10.18.120.225 AT3/0.188 10.20.58.17 01 0000 0800 1

AT3/0.188 10.20.58.17 Gi0/1.194 10.18.120.225 01 0000 0000 1

Gi0/2.190 58.17.161.218 Gi0/2.541 10.18.120.97 B0 0000 0000 1

mplsrbgope02#

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
oettls Thu, 02/08/2007 - 02:05

Hi,

just to be sure:

your topology is the Inter-AS Option B of RFC2547bis ?

What code do you run on your gateway router ? There is a MPLS-aware Netflow feature which also has some restrictions. Perhaps you can check:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_8/gt_mnf.htm

you'll have to use V9 exports in order to implement that feature ...

hth,

Stefan

rabeder Thu, 02/08/2007 - 02:36

hi,

thanks for answer.

i am using inter-as mpls vpn as described in:

http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a0080094472.shtml

my 7206 uses ios:

System image file is "disk2:c7200-js-mz.123-15a.bin"

!

i have netlow version 9 enabeld, but i dont want to see labels in netflow - i only want that the router or netflow "knows" that ther is a label (vrf-label) on the link to the other as - so that netflow has the right source ip address.

here is the relavant konfig:

the link to MY mpls-cloud:

interface GigabitEthernet0/2.190

encapsulation dot1Q 190

ip address 172.16.24.93 255.255.255.224

ip flow ingress

mpls label protocol ldp

tag-switching mtu 1512

tag-switching ip

and here is the konfig of the link to the other providers as:

interface GigabitEthernet0/2.541

bandwidth 96000

encapsulation dot1Q 541

ip address 172.20.7.49 255.255.255.252

ip flow ingress

mpls netflow egress

tag-switching mtu 1512

rabeder Thu, 02/08/2007 - 05:03

hi,

i found the reason for the wrong ip-addresses in the netflow output:

it was the "mpls netflow egress" command on the gig0/2.541 interface !!

Actions

This Discussion