Jan 15th, 2008


I am trying to get Inter-AS MPLS VPN working and have been following this example here "

Everything seems to be fine, the routing table is there with the expected routes, but however on the ASBRs there is no inner label for the Customer Network. Which means that it breaks the connectivity and I am not able to ping the Customer Site.

I have followed this example very religiously but I am stuck.

cpubob Wed, 01/16/2008 - 08:04

on your P routers that are ebgp neighbors, do you have the command "neighbor x.x.x.x send-label" or are you running ldp between your ebgp neighbors? Can you post the configs please.

swaroop.potdar Wed, 01/16/2008 - 10:39

The document you are following for the inter-as is option B.

Since you are getting the routes as desired from the remote as into the local as you must have received the labels as well for the customer prefixes.

Here is what you need to verify,

1) Check whether you have done a next-hop-self on each ASBR towards your IBGP peers.

2) Or if you have resdistributed connected into IGP at each ASBR.

This is to get NH reacability and build the LSP.



hadisharifi Wed, 01/16/2008 - 15:15

Hi Swaroop,

I have tried both redistribute connected and next-hop-self towards iBGP peers. I do get the correct next hop address for the customer routes but end to end connectivity doesn't happen.

For iBGP peering I am using static for routes for my IGP and I am not sure if that has got to do anything with it, because I don't see what else could be wrong.

hadisharifi Wed, 01/16/2008 - 15:08

Hi CPUBB, I haven't explicitly configured the neighbor x.x.x.x send-label, as I read it's done by default in the latest versions of the ios.

I am not runing LDP between the EBGP neighbors either. It's a pure EBGP config and activating the neighbor under VPNV4.

router bgp 65412

no bgp default ipv4-unicast

no bgp default route-target filter

neighbor remote-as 9718

address-family vpnv4

neighbor activate

neighbor send-community both


swaroop.potdar Wed, 01/16/2008 - 18:41


the example you are trying to perform is option B inter-as and doesnt require send label, and I am unable to confirm which current ios does send-label by default.

But you can confirm this by issuing,

"show ip bgp neigh x.x.x.x(remote ebgp peer ip), you should see Label Capability sent and received.

Since you are running static, and you must have done redistrbute connected in BGP itself but that wont create a label for the EBGP link, as BGP routes cannot be assigned a label.

If you want to run static only then can you verify if you are able to reach routes in a vrf on your local ASBR from you local AS PE.

If its a positive for the above then it should work with next-hop self towards your IBGP peers.

If it doesnt work still you can give an output of "show ip bgp vpnv4 all labels" from your ASBR and "show mpls forwarding" from your PE and ASBR.



hadisharifi Wed, 01/16/2008 - 19:07

Hi Swaroop.

I haven't enabled address-family ipv4 activation , do I need to do this? I don't see it being done as per the example on Cisco.

I am running static and I didn't redistribute connected in BGP but I did it in OSPF when I was running OSPF as IGP.

As I said now I am running static and I have configured next-hop-self towards the iBGP peers.

The routes are appearing in the customer VRF as expected but there is still no connectivty, but the funny thing is when I bring up the same customer VRF on either of the ASBRs, things start working straight away.

swaroop.potdar Wed, 01/16/2008 - 19:30

Yes you can email or attach it here in a zip.

Either ways its fine.



hadisharifi Wed, 01/16/2008 - 19:26

Hi Swaroop.

Yes, I can reach a vrf on the local ASBR from my local PE.

ASBR1#sh ip bgp vpn all la

Network Next Hop In label/Out label

Route Distinguisher: 9718:1

x.1.1.1/32 x.22.15.254 24/18

x.1.1.1/32 x.168.10.1 23/19

Route Distinguisher: 65412:2 (A)

x.1.1.1/32 19/aggregate(A)

x.1.1.1/32 x.22.15.254 nolabel/18

x.1.1.1/32 x.168.10.1 nolabel/19

ASBR1#sh mpls forwarding-table

Local Outgoing Prefix Bytes tag Outgoing Next Hop

tag tag or VC or Tunnel Id switched interface

16 Pop tag x.22.15.0/24 0 Fa0/0 x.22.225.2

17 Untagged x.22.31.0/24 0 Fa0/0 x.22.225.1

18 Pop tag x.168.10.1/32 0 Fa2/0 x.168.10.1

19 Aggregate x.1.1.1/32[V] 520

23 19 9718:1:x.1.1.1/32 \

1770 Fa2/0 x.168.10.1

PE#sh mpl forwarding-table

Local Outgoing Prefix Bytes tag Outgoing Next Hop

tag tag or VC or Tunnel Id switched interface

16 Untagged x.22.31.0/24 0 Fa0/0 x.22.225.1

17 Pop tag x.22.63.0/24 0 Fa0/0 x.22.225.3

18 Aggregate x.1.1.1/32[V] 520


swaroop.potdar Wed, 01/16/2008 - 21:05

Hi Hadi,

There seems to be no problem with your config.

But it seems that you are running old ios (12.2), so when you put static routes to a next hop ip on a broadcast media specify the interface and the nexthop ip together. when you do this you will see cef populating the label received via MPBGP in the forwarding table. (or else it may treat it as unusable)

verify this by "show ip cef vrf TEST"

Note: I did a quick check of you configs on my test topo, and it all worked fine with no problem, without the VRF A on ASBR1. But since I had new IOS even though my cef output shows as unusable but it still works. But i suspect in older ios that may not be the case.



hadisharifi Wed, 01/16/2008 - 21:18

Thanks Swaroop,

The IOS I am running is in my test LAB and even though I have changed the IGP from static to OSPF, it is still not working which might suggest that it's something to do with the IOS.

The real issue is with our production network where we are running IOS ver 12.1 and we are running static as our IGP. Changing the ios is not an option at the moment and possibly for sometime as there is no newer image for the particular platform we use.

Will changing the IGP form static to dynamic help? though I don't see it work in my lab.



hadisharifi Thu, 01/17/2008 - 01:33


I have found that my problem is with having /24 for my loopback address for bgp neighbor peering. As soon as that is changed to /32 everything works fine. But I have changed my igp to OSPF and have put the command "ip ospf network point-point" but still my ping doesn't work and I get the following debug out put on my local ASBR, I have enabled "debug mpls drop".

"*Jan 17 20:24:19.626: tagsw_switch_packet: Pkt drop -- rewrite null, incg label

19 hwinput Fa2/0"

swaroop.potdar Thu, 01/17/2008 - 10:08

If you are using OSPF you need to have a /32 loopback as a routerid, as what happens is when you have a /24 loopback OSPF advertises it as a /32 and hence 2 LDP peers dong agree on the binding for the prefix and you see no outgoing label for the loopback.

But since your OSPF domain had /32 loopback and only static domain had /24 I dont see a /24 loopback as a problem, as you can see valid label bindings from both peers and in the forwarding table for the loopback.

Now what you can try is, use a static route with outgoing interface and next hop ip together and check your connectivity. "



LSR2#show ip cef vrf TEST

recursive via unusable: no label



LSR2#conf t

LSR2(config)#no ip route

LSR2(config)#ip route fa0/0

LSR2#sh ip int brie

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 YES NVRAM up up

FastEthernet1/0 unassigned YES NVRAM up up

FastEthernet1/1 unassigned YES NVRAM administratively down down

Serial2/0 unassigned YES NVRAM administratively down down

Serial2/1 unassigned YES NVRAM administratively down down

Serial2/2 unassigned YES NVRAM administratively down down

Serial2/3 unassigned YES NVRAM administratively down down

ATM3/0 unassigned YES NVRAM administratively down down

Loopback0 YES manual up up

Loopback1 YES NVRAM up up

LSR2#show ip cef vrf TEST

nexthop FastEthernet0/0 label 20


LSR2#ping vrf TEST

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:


Success rate is 100 percent (5/5), round-trip min/avg/max = 104/306/548 ms




hadisharifi Thu, 01/17/2008 - 14:40


When I was running OSPF with /24 loopback, I had the ip ospf network point-point command configured. I still wasn't able to have connectivity, I also changed my static pointing to the outgoing interface and the next hop ip, it still didn't work. The only thing that seem to work so far is having a /32 loopback address.

I am going to rebuild the setup and try it again. The main reason to get this working with a /24 loopback is that our production network is configured with /24 loopback and static routing.

As per another Cisco example OSPF should work with a /24 as long as "ip ospf network point-pint is configured".


hadisharifi Thu, 01/17/2008 - 16:11


I have done exactly as you have said in your last post, I have changed my loopbacks to /24 and I have used a static route via the interface and next hop ip. I have checked everything on the PE "LSR2" and there is no issue in regards to the next hop ip with the correct mask, but I still can't ping through.

On my ASBR "LSR3" I don't have a route for the customer vrf on the local PE "LSR2". Here is the output:

Local Outgoing Prefix Bytes tag Outgoing Next Hop

tag tag or VC or Tunnel Id switched interface

16 Pop tag 0 Fa0/0

17 Pop tag 0 Fa2/0

18 20 9718:1: \

7198 Fa2/0

But if I check the forwarding table on the second ASBR, you can see the routes for both and

tag tag or VC or Tunnel Id switched interface

16 Pop tag 0 Fa0/0

17 Pop tag 0 Fa3/0

19 19 9718:1: \

7198 Fa3/0

20 17 9718:1: \

10148 Fa0/0

I have also enabled "debug mpls drop" on ASBR1 "LSR3" and I get this output on LSR3 when ping ing from LSR2 towards

*Jan 18 02:32:39.949: tagsw_switch_packet: Pkt drop -- rewrite null, incg label

19 hwinput Fa2/0




