cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
782
Views
0
Helpful
3
Replies

Penultimate Pop hopping

Jon Marshall
Hall of Fame
Hall of Fame

Hi

Firstly apologies for the rather basic question, i suspect i am being a little thick here, but i just need something confirming.

Attached is a visio of a very basic MPLS setup, no VPN's, no TE.

When i first set this up i used the physcial interface addresses for the IBGP peering between the PE routers ie.

R2 - 192.168.5.2

R3 - 192.168.6.2

The problem here was that on the P router (R1) when i did a "show mpls forwarding-table" there were no entries.

On R2 the action to reach R3 was to pop the tag. Now i'm assuming that was because of penultimate pop hopping ?

Problem was, once i exchanged routes between SW3 and R4 i could not ping from 10.100.1.1 to 10.90.1.1. The reason being i assume because the packet gets to R3, R3 does not apply an MPLS label but just forwards on to R1 and R1 does not have a route for 10.90.1.1 because only the PE routers are aware of this network.

So i then added loopback 1 interfaces on both PE routers and used these to peer R2 with R3. R1 now had entries in it's MPLS forwarding table and i could ping from 10.100.1.1 to 10.90.1.1.

So my question is twofold

1) Can i not peer between R2 & R3 on the physical interface addresses for IBGP because of penultimate pop hopping.

2) Is there anything i could have done with the original setup to make it work.

Have i just completely misunderstood it all :)

Jon

1 Accepted Solution

Accepted Solutions

Harold Ritter
Cisco Employee
Cisco Employee

1) You indeed need to peer on the PE loopback addresses for the reason you just explained. If you use the IP address of the physical interface between the P and PE then the ingress PE performs the PHP as the destination is directly connected to the P router and therefore the ingress PE becomes the penultimate hop router.

2) Using the PE loopback address to iBGP peer is the right thing to do. Anything else would go against best practices and recommendations.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

3 Replies 3

Harold Ritter
Cisco Employee
Cisco Employee

1) You indeed need to peer on the PE loopback addresses for the reason you just explained. If you use the IP address of the physical interface between the P and PE then the ingress PE performs the PHP as the destination is directly connected to the P router and therefore the ingress PE becomes the penultimate hop router.

2) Using the PE loopback address to iBGP peer is the right thing to do. Anything else would go against best practices and recommendations.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Harold

Many thanks for the sanity check, i wasted a bit too much time on that one !

Jon

cheky
Level 1
Level 1

Hi Jon,

Try to add a command in r2 & r3:

mpls ldp advertise-labels interface the_interface_connect_to_r1

Tell us if it works.

And I suggest to use loopback interface for IBGP in working environment.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: