cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7138
Views
0
Helpful
18
Replies

GRE Tunnel configuration over MPLS

prasaddesai.in
Level 1
Level 1

HI,

I am configuring GRE tunnel between two PE's but tunnel is not coming up please advice how to proceed,

Configuration of PE1;

3845]

interface Tunnel100

ip vrf forwarding DCN-NEC

ip address 10.1.1.1 255.255.255.252

tunnel source 192.168.104.250

tunnel destination 199.168.99.253

ip route vrf DCN-NEC 199.168.99.253 255.255.255.255 91.8.4.5

Configuration on PE2:

mls mpls tunnel-recir

interface Tunnel100

ip vrf forwarding DCN-NEC

ip address 10.1.1.2 255.255.255.252

tunnel source 199.168.99.253

tunnel destination 192.168.104.250

ip route vrf DCN-NEC 192.168.104.250 255.255.255.255 91.8.5.129

Regards,

Prasad Desai

Datacraft India Ltd.

18 Replies 18

mohammedmahmoud
Level 11
Level 11

Hi,

Can you ping the tunnel destination from both sides ?

BR,

Mohammed Mahmoud.

Hi,

You might want to follow the config guide found at "GRE Tunnel with VRF Configuration Example"

http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a00801e1294.shtml

This should work with the proper IOS version installed.

Hope this helps!

Regards, Martin

Can you run it through these checks.

1) Does your tunnel come up without the "ip vrf forwarding" on the tunnel.

2) Looking closely at your config it seems that you are trying to reach the /32 subnets with the "ip route vrf:" route.

But you are using the same subnets are source and destination as well.

So to better troubleshoot can you specify your objective behind having a tunnel between 2 PE's. So that the right method, whether a VRF with a Global Tunnel or a VRF within a VRF Tunnel can be recommended and troubleshooted.

HTH-Cheers,

Swaroop

Hi Martin,

Glad to see you, and welcome back in the new role !!!

Cheers,

Swaroop

Hi Swaroop,

Thank you, I am also glad to be back in the new role ;-)

Regarding the topic here: sorry, I gave the wrong example (GRE to CE and not between two PEs).

The tunnel destination in your config is actually in the VRF, but your static route points to the global ip, wich will not be found in the VRF (check with "show ip route vrf DCN-NEC").

In addition you do not have the static in your "show tech" output. and the tunnel config looks different.

Can you try on both PEs:

interface tunnel0

ip vrf forwarding DCN-NEC

ip address

tunnel source

tunnel destination

tunnel vrf DCN-NEC

OR try on both PEs:

interface tunnel0

ip vrf forwarding DCN-NEC

ip address

tunnel source

tunnel destination

Hope this helps!

Regards, Martin

Dear Martin

i tried ur both option in 1st option i used ip address as source of interface vlan 93 which is i configured for ip vrf forwarding DCN-NEC & destination ip address of vice versa but it is not working.

When i tried 2nd option i used loopback ip addresses of routers tunnel comes up.

i dont undestand why it is not up when i used ip addresses from ip vrf DCN-NEC.

When you use the source and destination from the DCN VRF it wont come up because the routes are not reachable in the global routing table.

To create a tunnel using a VRF source and destination you will have to use this feature.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00805e1e8e.html

Now when you use a PE loopback as source and destination, they are reachable in the global table, hence your tunnel comes up.

But still i am not sure what is to be achieved by creating a tunnel between two PE's and assigning a VRF to it.

If you are trying to create a inband DCN network through a MPLS network, then it would not be done like this.

Still waiting for more clear objectives about what you want to achieve here.

HTH-Cheers,

Swaroop

Thanks Swaroop for ur help , the page you have send is not available.

We are using vrf for DCN NEC . Idea behind configuring the tunnel is to form isis adjaency because DCN NEC have the area01 used in old DCN NEC & in our NEW MPlS network where we are migrating old DCN NEC we are using area01 as backbone & VRF use for that DCN is DCN-NEC.

So the idea was as the vrf Come up the tunnel interface will come up & isis adjancy will form.

Since you are trying to connect two endpoints of a VRF over a tunnel, why dont you create a tunnel directly between the CE. I am still not clear why do you need tunnels formed using the PE's and what will would be achieved.

And also you are trying to route OSI CLNS or IP or its both elements for the DCN.

A small diagram would be good.

HTH-Cheers,

Swaroop

Hi Swaroop ,

Since it is noted NEC has deployed single area through out the country and to migrate to the

proposed DCN architecture it is strongly recommended to custmor the area (NSAP address

change) at Server side. In case custmor does not agree to this change then GRE tunnel needs to be

configured between the NEC distribution and access locations to the core locations of NEW DCN.

Pls find the proposed DCN architecture diagram

inthat the down part is cutmor routers which will connect to PE router.

one thing i noticed when i use tunnel vrf DCN-NEC command using VRF ip addresses as Source & destination on 3845 PE router tunnel comes up but on cisco 6509 that command is not supported & ios of Cisco 6509 is SXF it is supported in SXB

As you mention tunnel will be between Core devices of new DCN & CE router & it is using OSI CLNS.

Hi Prasad,

Due to the inherent outage associated with the change of addressing on the server end, the customer may or may not agree for the the same.

So you may be left with the option of GRE tunnels. Since you will be running GRE from CE-CE (Devices connecting to PE's) you wont need to create tunnels between PE's. You can use any PE-CE protocol of choice and create these tunnels. (Tunnels from Acces to Distribution to Core all these would be CE's to the MPLS PE's and carrying the traffic inband)

the "tunnel vrf" command is not supported in SX release so you will have to upgrade only to SR release for the same. But again this is not required and of no use in this scenario as you will not create any tunnels between the PE;s.

HTH-Cheers,

Swaroop

Hi Swaroop ,

I have tried route(Destination specific) leakage from VRF to global routing table it is working ,Actually i dont need to do tunnel from PE to PE but as you mention tunnel will be form between ,

PE to Nec Distribution router,

PE to Nec Access router ,

Or PE to Nec distribution router only ,

If i do this how i will achive redundancy if tunnel fails ?

Hi Prasad,

Since the orginal question in the post is taken care of pls close the thread and unicast me on my mail id.

Also mention the details who is handling the case now and any preliminary document has been made or not.

As when last i was on it it was supposed to be a outofband parallel network. So fresh inputs would be needed to help on the same.

HTH-Cheers,

Swaroop

Hi,

If I understand correctly you want to migrate an OSPF customer network to a MPLS VPN solution. If this is correct, then you still could use OSPF in the VRF environment.

The customer network might or might not use the same area as the ISP in the backbone, because both are well separated. The customer can also have the same area in different locations.

Example:

CE1(area1)-PE1-P-PE2-CE2(area1)

The PE1-P-PE2 IGP is completely invisible to the customer and thus could also be area1 (with different routes of course).

To achieve this you will have different OSPF processes for IGP and customer routing.

A sample PE config excerpt to highlight this:

ip vrf customer

rd 65000:1

route-target export 65000:1

route-target import 65000:1

!

interface Serial1/0

ip vrf forwarding customer

ip address 10.0.11.1 255.255.255.252

!

interface Serial1/1

ip vrf forwarding customer

ip address 10.1.11.1 255.255.255.252

!

interface FastEthernet2/0

ip address 10.0.0.1 255.255.255.252

!

router ospf 10

network 10.0.0.0 0.255.255.255 area 1

!

router ospf 123 vrf customer

domain-id 0.0.0.1

redistribute bgp 65000 subnets

network 10.0.0.0 0.255.255.255 area 1

router bgp 65000

!

address-family ipv4 vrf customer

redistribute ospf 123 match internal external 1 external 2

no auto-summary

no synchronization

exit-address-family

There will be no route exchange between VRF and core IGP.

Sure you can also setup your design, but I see some issues to be sorted out:

1) full mesh of tunnels or suboptimal pathes?

2) recursive routing - make sure the tunnel endpoints are not learned through the tunnel

3) scalability

Personal feeling without knowing full details: going along the design I tried to sketch above might be more simple.

Hope this helps!

Regards, Martin

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: