GRE Tunnel configuration over MPLS

Unanswered Question
Jun 26th, 2007
User Badges:

HI,


I am configuring GRE tunnel between two PE's but tunnel is not coming up please advice how to proceed,


Configuration of PE1;


3845]

interface Tunnel100

ip vrf forwarding DCN-NEC

ip address 10.1.1.1 255.255.255.252

tunnel source 192.168.104.250

tunnel destination 199.168.99.253


ip route vrf DCN-NEC 199.168.99.253 255.255.255.255 91.8.4.5


Configuration on PE2:


mls mpls tunnel-recir


interface Tunnel100

ip vrf forwarding DCN-NEC

ip address 10.1.1.2 255.255.255.252

tunnel source 199.168.99.253

tunnel destination 192.168.104.250


ip route vrf DCN-NEC 192.168.104.250 255.255.255.255 91.8.5.129



Regards,

Prasad Desai

Datacraft India Ltd.



Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mohammedmahmoud Tue, 06/26/2007 - 04:01
User Badges:
  • Green, 3000 points or more

Hi,


Can you ping the tunnel destination from both sides ?


BR,

Mohammed Mahmoud.

swaroop.potdar Tue, 06/26/2007 - 05:23
User Badges:
  • Blue, 1500 points or more

Can you run it through these checks.


1) Does your tunnel come up without the "ip vrf forwarding" on the tunnel.


2) Looking closely at your config it seems that you are trying to reach the /32 subnets with the "ip route vrf:" route.

But you are using the same subnets are source and destination as well.


So to better troubleshoot can you specify your objective behind having a tunnel between 2 PE's. So that the right method, whether a VRF with a Global Tunnel or a VRF within a VRF Tunnel can be recommended and troubleshooted.


HTH-Cheers,

Swaroop

swaroop.potdar Tue, 06/26/2007 - 05:37
User Badges:
  • Blue, 1500 points or more

Hi Martin,


Glad to see you, and welcome back in the new role !!!


Cheers,

Swaroop

mheusing Tue, 06/26/2007 - 06:08
User Badges:
  • Cisco Employee,

Hi Swaroop,


Thank you, I am also glad to be back in the new role ;-)


Regarding the topic here: sorry, I gave the wrong example (GRE to CE and not between two PEs).

The tunnel destination in your config is actually in the VRF, but your static route points to the global ip, wich will not be found in the VRF (check with "show ip route vrf DCN-NEC").

In addition you do not have the static in your "show tech" output. and the tunnel config looks different.

Can you try on both PEs:

interface tunnel0

ip vrf forwarding DCN-NEC

ip address

tunnel source

tunnel destination

tunnel vrf DCN-NEC


OR try on both PEs:


interface tunnel0

ip vrf forwarding DCN-NEC

ip address

tunnel source

tunnel destination

Hope this helps!


Regards, Martin

prasaddesai.in Tue, 06/26/2007 - 21:45
User Badges:

Dear Martin


i tried ur both option in 1st option i used ip address as source of interface vlan 93 which is i configured for ip vrf forwarding DCN-NEC & destination ip address of vice versa but it is not working.


When i tried 2nd option i used loopback ip addresses of routers tunnel comes up.


i dont undestand why it is not up when i used ip addresses from ip vrf DCN-NEC.

swaroop.potdar Tue, 06/26/2007 - 23:08
User Badges:
  • Blue, 1500 points or more

When you use the source and destination from the DCN VRF it wont come up because the routes are not reachable in the global routing table.


To create a tunnel using a VRF source and destination you will have to use this feature.


http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00805e1e8e.html


Now when you use a PE loopback as source and destination, they are reachable in the global table, hence your tunnel comes up.


But still i am not sure what is to be achieved by creating a tunnel between two PE's and assigning a VRF to it.


If you are trying to create a inband DCN network through a MPLS network, then it would not be done like this.


Still waiting for more clear objectives about what you want to achieve here.


HTH-Cheers,

Swaroop

prasaddesai.in Wed, 06/27/2007 - 05:55
User Badges:

Thanks Swaroop for ur help , the page you have send is not available.


We are using vrf for DCN NEC . Idea behind configuring the tunnel is to form isis adjaency because DCN NEC have the area01 used in old DCN NEC & in our NEW MPlS network where we are migrating old DCN NEC we are using area01 as backbone & VRF use for that DCN is DCN-NEC.


So the idea was as the vrf Come up the tunnel interface will come up & isis adjancy will form.

swaroop.potdar Wed, 06/27/2007 - 06:07
User Badges:
  • Blue, 1500 points or more

Since you are trying to connect two endpoints of a VRF over a tunnel, why dont you create a tunnel directly between the CE. I am still not clear why do you need tunnels formed using the PE's and what will would be achieved.


And also you are trying to route OSI CLNS or IP or its both elements for the DCN.


A small diagram would be good.


HTH-Cheers,

Swaroop

prasaddesai.in Wed, 06/27/2007 - 21:36
User Badges:

Hi Swaroop ,


Since it is noted NEC has deployed single area through out the country and to migrate to the

proposed DCN architecture it is strongly recommended to custmor the area (NSAP address

change) at Server side. In case custmor does not agree to this change then GRE tunnel needs to be

configured between the NEC distribution and access locations to the core locations of NEW DCN.


Pls find the proposed DCN architecture diagram

inthat the down part is cutmor routers which will connect to PE router.


one thing i noticed when i use tunnel vrf DCN-NEC command using VRF ip addresses as Source & destination on 3845 PE router tunnel comes up but on cisco 6509 that command is not supported & ios of Cisco 6509 is SXF it is supported in SXB


As you mention tunnel will be between Core devices of new DCN & CE router & it is using OSI CLNS.





swaroop.potdar Thu, 06/28/2007 - 03:28
User Badges:
  • Blue, 1500 points or more

Hi Prasad,


Due to the inherent outage associated with the change of addressing on the server end, the customer may or may not agree for the the same.


So you may be left with the option of GRE tunnels. Since you will be running GRE from CE-CE (Devices connecting to PE's) you wont need to create tunnels between PE's. You can use any PE-CE protocol of choice and create these tunnels. (Tunnels from Acces to Distribution to Core all these would be CE's to the MPLS PE's and carrying the traffic inband)


the "tunnel vrf" command is not supported in SX release so you will have to upgrade only to SR release for the same. But again this is not required and of no use in this scenario as you will not create any tunnels between the PE;s.


HTH-Cheers,

Swaroop

prasaddesai.in Thu, 06/28/2007 - 21:59
User Badges:

Hi Swaroop ,


I have tried route(Destination specific) leakage from VRF to global routing table it is working ,Actually i dont need to do tunnel from PE to PE but as you mention tunnel will be form between ,


PE to Nec Distribution router,

PE to Nec Access router ,


Or PE to Nec distribution router only ,

If i do this how i will achive redundancy if tunnel fails ?




swaroop.potdar Fri, 06/29/2007 - 04:37
User Badges:
  • Blue, 1500 points or more

Hi Prasad,


Since the orginal question in the post is taken care of pls close the thread and unicast me on my mail id.


Also mention the details who is handling the case now and any preliminary document has been made or not.


As when last i was on it it was supposed to be a outofband parallel network. So fresh inputs would be needed to help on the same.


HTH-Cheers,

Swaroop

mheusing Wed, 06/27/2007 - 07:15
User Badges:
  • Cisco Employee,

Hi,


If I understand correctly you want to migrate an OSPF customer network to a MPLS VPN solution. If this is correct, then you still could use OSPF in the VRF environment.

The customer network might or might not use the same area as the ISP in the backbone, because both are well separated. The customer can also have the same area in different locations.

Example:

CE1(area1)-PE1-P-PE2-CE2(area1)

The PE1-P-PE2 IGP is completely invisible to the customer and thus could also be area1 (with different routes of course).

To achieve this you will have different OSPF processes for IGP and customer routing.

A sample PE config excerpt to highlight this:


ip vrf customer

rd 65000:1

route-target export 65000:1

route-target import 65000:1

!

interface Serial1/0

ip vrf forwarding customer

ip address 10.0.11.1 255.255.255.252

!

interface Serial1/1

ip vrf forwarding customer

ip address 10.1.11.1 255.255.255.252

!

interface FastEthernet2/0

ip address 10.0.0.1 255.255.255.252

!

router ospf 10

network 10.0.0.0 0.255.255.255 area 1

!

router ospf 123 vrf customer

domain-id 0.0.0.1

redistribute bgp 65000 subnets

network 10.0.0.0 0.255.255.255 area 1

router bgp 65000

!

address-family ipv4 vrf customer

redistribute ospf 123 match internal external 1 external 2

no auto-summary

no synchronization

exit-address-family


There will be no route exchange between VRF and core IGP.

Sure you can also setup your design, but I see some issues to be sorted out:

1) full mesh of tunnels or suboptimal pathes?

2) recursive routing - make sure the tunnel endpoints are not learned through the tunnel

3) scalability

Personal feeling without knowing full details: going along the design I tried to sketch above might be more simple.


Hope this helps!


Regards, Martin

swaroop.potdar Wed, 06/27/2007 - 07:28
User Badges:
  • Blue, 1500 points or more

Hi Martin, the MPLS and the DCN-NEC both belong to the same customer.


DCN-NEC is to manage their transmission equipments from NEC/Alcatel/Marconi and the likes. And connecting it inband through the MPLS network. Their DCN (data communication network) is consiting of legacy and hybrid elements some understanding only OSI and some both.


When I had worked with this customer I had vetted this quite some time before. Its now may be getting implemented.


Hence the need to run ISIS, and no OSPF.


Cheers,

Swaroop

mheusing Wed, 06/27/2007 - 08:36
User Badges:
  • Cisco Employee,

OK, I see, now I understand the issue.

But can you forward CLNS packets through a VRF interface? And even if, which routing protocoll do you use for PE-CE routing? There is only IPv4 or IPv6 supported, afaik.

So the main question is for me now as you already asked: Don?t they need CE to CE GRE tunnels? In case this is required, then the MPLS VPN setup is pretty simple following standard designs. You only need Tunnel endpoint routes. Actually and PE-CE IPv4 routing protocol will do from a connectivity perpective.

Correct me, if I am wrong.


Regards, Martin

swaroop.potdar Wed, 06/27/2007 - 08:58
User Badges:
  • Blue, 1500 points or more

Yes thats what i knew of the objectives a while before. And it can be done only with CE-CE GRE tunnels if inband or ATOM.


But the post here is a little deviated from the original objective, hence my emphasis on the current/new objective of post rather than a solution.


Cheers,

Swaroop

shivlu jain Fri, 06/29/2007 - 03:40
User Badges:
  • Silver, 250 points or more

hi prasad


i think u are mentioning wrong in the above.Becasue pe - pe we usually use pseudowire ,i think it should be pe to ce.


PE :----

interface Tunnel100

description ### MPLS HALDWANI ###

ip vrf forwarding AMAR

ip address 172.31.236.69 255.255.255.252

tunnel source 71.5.254.230

tunnel destination 71.26.11.26

end

ip route vrf AMAR 10.59.20.0 255.255.255.0 Tunnel100 name amarujala_haldwani


CE:->>

in ce only gre is used and the default route should be towards PE.



shivlu


Actions

This Discussion