MPLS VPN problem

Answered Question
Jun 25th, 2008
User Badges:
  • Bronze, 100 points or more

I'm trying to establish a mpls VPN between two CE routers. The routes are receiving each other, but i can't ping between them.



Riyadh_POP#sh ip bgp vpnv4 *

BGP table version is 7, local router ID is 217.26.82.3

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete


Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:101 (default for vrf mpls-test)

*>i172.16.18.36/30 172.16.12.13 0 100 0 ?

*>i192.168.0.0 172.16.12.13 28416 100 0 ?

*> 192.168.50.0/30 0.0.0.0 0 32768 ?

Riyadh_POP#ping vrf mpls-test 192.168.50.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.50.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Riyadh_POP#ping vrf mpls-test 172.16.18.37

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.18.37, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)



on the other PE router


WL-Router#ping vrf mpls-test 192.168.50.1


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.50.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

WL-Router#ping vrf mpls-test 172.16.18.37


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.18.37, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms



Any Clues ?


Regards

Haris P



Correct Answer by mohammedmahmoud about 8 years 11 months ago

Haris,


Are the loopbacks configured as /24 or /32 ? As a rule If the MPLS cloud IGP is OSPF, take care that by default the loopback will be advertised by OSPF as /32 prefix, and since the egress router (lets assume that it has the prefix as a connected /24) will advertise the LDP binding as /24 to the P router, the problem is that the P router doesn't have the /24 prefix in its routing table, rather it has the /32 route and thus both the PE and P create bindings for different prefixes (PE for /24 and P for /32) and thus both drop the exchanged binding from each other since it is not in their routing table, this results in that the packets will be dropped on the P router - The solution is to either use /32 loopbacks, or use the ip ospf network point-to-point under the loopbacks.


BR,

Mohammed Mahmoud.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
lee.reade Wed, 06/25/2008 - 03:54
User Badges:
  • Silver, 250 points or more

Hi,


Config looks generally ok, there are bits that could be tidied up.


Could you post the full configs, as you havent gave us any of the ip addressing.


Cheers,


LR

lee.reade Wed, 06/25/2008 - 07:33
User Badges:
  • Silver, 250 points or more

HI,


From looking at this, you are peering VPNV4 between PE1 and PE2, PE2 looks like a P router, not a PE router, was does PE3 do?


Can you post the full configs as it will be easier for us to help out!


Also PE1 doesnt have update-source on it the remote PE, what does the remote PE show as the next hop for the VPNV4 routes? PE1 loopback or 172.16.26.13?



Cheers,


LR

shivlu jain Thu, 06/26/2008 - 00:28
User Badges:
  • Silver, 250 points or more

please drfine autonoumus system comman in the bgp for eigrp process and neighbor command also.


regards

shivlu

Haris P Thu, 06/26/2008 - 05:26
User Badges:
  • Bronze, 100 points or more

Dear Lee ,


The PE1 , PE 2, PE3 all are PE Routers . In this case im trying to establish a MPLS VPN connection from PE1 to PE3 which ofcouse goes thru PE2 .


There is no update souce on the router because it's not using the loopback interface . I tried putting " neighbor 72.16.12.13 update-source FastEthernet4/0.10 " under bgp , but no result .


Regards

Haris

DishnetWireless... Thu, 06/26/2008 - 01:52
User Badges:

Hi Haris,


Though you are receving all the routes and not able to ping means, on the LSP from one PE to other PE some where the interface is not enabled with MPLS.


pls check all the interfaces in the LSP path from both sides whether the MPLS is enabled on the interfaces or not?


Regards,

RAj

DishnetWireless... Thu, 06/26/2008 - 03:14
User Badges:

Hi Haris,


In my previous message I mentioned the term LSP,if any interface is not enabled with MPLS LSP will not get formed.


what i menat was , take the traceroute from one end to other end from both sides and in that path make sure all the interfaces are enabled with MPLS.


Regards,

RAj

Haris P Thu, 06/26/2008 - 05:16
User Badges:
  • Bronze, 100 points or more

Dears ,


Thanks for your reply . MPLS ip is present in all the interfaces in the path.


Also mpls config. under my ATM interface is as shown , whether some thing else is needed for ATM interface ?


nterface ATM3/0.500 point-to-point

ip address 10.250.0.2 255.255.255.0

tag-switching ip

pvc 0/399

encapsulation aal5snap


I cant provide compleete config , but a partial config. can be provided



mohammedmahmoud Thu, 06/26/2008 - 07:15
User Badges:
  • Green, 3000 points or more

Hi Haris,


Unfortunately the information provided by yourself is incomplete, what is the IGP used and which PE routers are we talking about and on which PE routers is the VRF defined, as a rule of thumb (might not be your case, so please elaborate on your setup), MP-iBGP peering between the PE routers must not be done via the P-PE connected interfaces IP addresses (most recommended to use loopback IPs), because due to PHP the P router just before the last P router connected to the PE will be responsible of the PHP (since the IP is directly connected to the last P router), and thus the last P router will receive the packet with one label, which is the VPN label, and since the P router is unaware of the VPN label it will drop the packet. To formulate this in your scenario, then if we are talking about PE1 and PE3, thus PE2 will receive that packet with only the VPN label and will drop it, thus please do the peering using loopback IPs and get back to us.


BR,

Mohammed Mahmoud.

Haris P Thu, 06/26/2008 - 08:05
User Badges:
  • Bronze, 100 points or more

Dear Mahmoud ,


thanks for the reply , i tried with loopback interface on PE3 for iBGP , but no luck . attached is my diagram . I have ospf running between PE1 and PE2 which is basically located on the same place , while PE3 is located on our remote office to where we are using static routes


Regards,

Haris



Attachment: 
Correct Answer
mohammedmahmoud Thu, 06/26/2008 - 09:32
User Badges:
  • Green, 3000 points or more

Haris,


Are the loopbacks configured as /24 or /32 ? As a rule If the MPLS cloud IGP is OSPF, take care that by default the loopback will be advertised by OSPF as /32 prefix, and since the egress router (lets assume that it has the prefix as a connected /24) will advertise the LDP binding as /24 to the P router, the problem is that the P router doesn't have the /24 prefix in its routing table, rather it has the /32 route and thus both the PE and P create bindings for different prefixes (PE for /24 and P for /32) and thus both drop the exchanged binding from each other since it is not in their routing table, this results in that the packets will be dropped on the P router - The solution is to either use /32 loopbacks, or use the ip ospf network point-to-point under the loopbacks.


BR,

Mohammed Mahmoud.

Haris P Sat, 06/28/2008 - 06:23
User Badges:
  • Bronze, 100 points or more

Dears ,


The loopbacks are configured as /32 only , I tried to configure one MPLS VPN between PE1 and PE2 and it worked fine . But to PE3 the same problem . PE3 is connected through ATM interface and there is only one command I put to enable mpls switching , it's tag-switching ip , but while in ethernet it's " mpls ip " . when I'm putting mpls ip under atm interface it's coming as "tag switching ip" . Whether it can be the problem .



interface ATM3/0.500 point-to-point

tag-switching ip


Whether configuring GRE will solve my issue ? ie a GRE between PE1 and PE3 thru ATM link


interface Tunnel1

ip address 10.20.20.2 255.255.255.252

ip mtu 1492

tag-switching mtu 1500

ip tcp adjust-mss 1444

tag-switching ip

keepalive 10 3


Is there is any other things to be considered while configuring mpls over atm . I also want to limit mtu to 1500


Regards,

Haris


mohammedmahmoud Sat, 06/28/2008 - 06:48
User Badges:
  • Green, 3000 points or more

Hi Haris,


From your diagram PE3 is not part of the OSPF domain, it is just running static routes, for LDP exchanged bindings to be inserted into the LFIB, there must be valid exact routes in the routing tables, this means PE3 must have specific static routes for all the essential IPs and the same goes to PE1 and PE2, why not making PE3 part of the OSPF domain and solve this mess.


And by the way, the tag-swithcing ip issue you have stated doesn't induce any problem, it is just how the IOS stores it, moreover this behavior is modified in modern IOS codes, but the thing that you always need to take care of is that starting from IOS release 12.4(3) the default MPLS label distribution protocol changed from TDP to LDP, and thus you must always make sure that you have the correct protocol running on all your LSRs if you are using different IOS codes on them.



BR,

Mohammed Mahmoud.

Haris P Sun, 07/06/2008 - 21:53
User Badges:
  • Bronze, 100 points or more

Dears ,


As Mahmoud said , In MPLS VPN, there should have a specific /32 route for each PE.I tried static routes on PE's so that each PE's learn each other's loopbacks as a /32 IGP route and then it worked


I added the following Static routes on PE3

ip route 172.16.12.6 255.255.255.255 10.250.0.1

ip route 172.16.12.13 255.255.255.255 10.250.0.1

on PE2

ip route 172.16.22.137 255.255.255.255 10.250.0.2


Regards,

Haris


mohammedmahmoud Sun, 07/06/2008 - 22:36
User Badges:
  • Green, 3000 points or more

Hi Haris,


I am glade it worked out, yes there should be exact routes in the routing table for the LDP exchanged bindings to be used in the forwarding plane.



BR,

Mohammed Mahmoud.

Actions

This Discussion