09-16-2009 02:40 AM
Hi
This conversation was once initiated and I tried looking for it but I can't remember under which topic it was done, getting back to the problem. my questions are based on the document "Designing MPLS Extensions for Customer Edge Routers"
url: www.cisco.com/warp/public/cc/pd/rt/2600/prodlit/1575_pp.pdf
I am using a sketch on page 11 for router 3640-PE-WEST-1 chart shows this router as running ospf for all it's vrf's (sub-interfaces), but I don't see those configs on the configs shown for this router,
1. Aren't we suppose to have the OSPF process configs for this router? If yes do they look like this:
router ospf 11 vrf V1(vpn1)
area 11 virual-link 220.1.65.6
router ospf 12 vrf V2(vpn2)
area 11 virual-link 220.1.65.10 for all other sub-interfaces using the same configs?
2. I only see 1 sub-interface configuration, should I assume there are other sub-interfaces configurations but not shown? (page 13)
3. For BGP process 1 they used the update source loopback, so my understanding is there should be another routing protocol that advertises these loopbacks between the PE routers. Am I right? (page 13)
If yes, can it be an ospf if yes still how can they do that if we have ospf processes running per vrf?
Router 2611-CE-4
On page 16 and 17, BGP process shows many address-families configured.
4. Can it work well if I were to configure the address-family for vrf vrflite3 only and leave out the rest of the other address-families?
5. One last question is the configs for the VXR is it the same as on the 2611-CE-4 or they different since all the site's can communicate with the router VXR? What I don't know is are they all pointing to maybe one point (ip address or there are different network like vrflite vpn's shown for router 2611?
Regards
Mpho
Solved! Go to Solution.
09-16-2009 07:01 AM
Hello Mpho,
yes you're right the VXR on the left upper corner of figure 8 on pag. 11 is another multi-VRF CE.
in your case:
being multilayer switches you can use SVI and you can configure the physical links as L2 trunks.
int vlan 100
ip vrf forwarding VRF100
ip addr 10.10.10.1 255.255.255.0
int gix/y
switchport
switchport enc dot1q
switchport mode trunk
switchport trunk allowed vlan 100,200,300
this allows you also to have links between the two PE nodes and between the two CE nodes.
It is very handy and we use it in multiple scenarios.
Hope to help
Giuseppe
09-16-2009 05:12 AM
Hello Mpho,
you are wellcome.
1)
3640-PE-WEST-1 should have for each VRF a router ospf process with a network area command and redistribute BGP like it happens on the multi VRF CE.
the difference between the PE and the CE is that the PE has an MPLS backbone link that is used for forwarding MPLS frames for all VRFs.
no virtual link are needed here.
There are cases where sham-links are used to handle the fact that VRF sites are interconnected with links not managed by the service provider but that is a different thing.
you are right OSPF processes config is not reported for the PE node.
2)
yes there is one subif for each VRF as I wrote in the other thread PE-multiVRF CE use back to back VRF links.
So one link for each VRF is needed: it can be a FR subif with a DLCI or a vlan based subif with a vlan-id.
3)
yes it is not reported but a classless protocol is needed (OSPF, ISIS or EIGRP) is needed to make LDP and BGP working in the backbone.
the protocol can be an OSPF process or it can be a different protocol the requirement is that is able to handle subnet masks (that carry them in its updates) so even RIPv2 could be used (in a lab not in real world)
4) to see the multiVRF CE concept in action I would suggest you to configure at least two VRFs they are enough.
5)
the VXR should be a PE so its config should look like that of 3640-PE-WEST-1.
Hope to help
Giuseppe
09-16-2009 05:56 AM
Hi Giuseppe
This is a connection of one side. In my case I have two routers 7600 that are PE's and 2 6509's that are multi vrf CE's, between the PE and a multi vrf CE(6509) the connection is gig ethernet SFP links. Again from the 6509 to the CE-router(1841)ethernet port and will creating sub-interfaces, does my concept sounds feasible?
VXR is not a PE but an RSP-PE-EAST-4 is a PE, VXR looks more like another Multi-vrf-ce please confirm.
Thanks and regards
Mpho
09-16-2009 07:01 AM
Hello Mpho,
yes you're right the VXR on the left upper corner of figure 8 on pag. 11 is another multi-VRF CE.
in your case:
being multilayer switches you can use SVI and you can configure the physical links as L2 trunks.
int vlan 100
ip vrf forwarding VRF100
ip addr 10.10.10.1 255.255.255.0
int gix/y
switchport
switchport enc dot1q
switchport mode trunk
switchport trunk allowed vlan 100,200,300
this allows you also to have links between the two PE nodes and between the two CE nodes.
It is very handy and we use it in multiple scenarios.
Hope to help
Giuseppe
09-16-2009 11:22 AM
Do I use the above configs between the PE and between the ce as well? Another thing that I have noticed is on the routers when I try to configure the vlan it dont accept the hundred it must be configured with the value more than a thousand, I can't remember the exact number.
09-16-2009 12:01 PM
I meant: Do I use the above configs between the PE and multi vrf-ce and between the ce and multi vrf-ce as well? Another thing that I have noticed is on the routers when I try to configure the vlan it dont accept the hundred it must be configured with the value more than a thousand, I can't remember the exact number.
09-16-2009 12:06 PM
Hello Mpho,
you are not obliged to have a CE downstream to a multi VRF CE it depends on the scenario.
about vlan creation:
you need to create the vlan at layer2 first with
conf t
vlan 100
! this creates L2 broadcast domain
then
you can do what I've suggested before.
also check the vtp status of devices this can influence the possibility to create vlans or not
you can create L2 vlans on:
vtp servers or vtp transparent nodes
vtp controls vlans 1-1005 so what you say point to VTP
Hope to help
Giuseppe
09-21-2009 12:36 PM
Hi - I have tried to configure multi vrf ce but it don't work, there is something that I'm not doing right. I truly can't understand this thing. I want to know how to configure this.
Sw6509 (CE)- Router7613(PE) - Router7609 - sw6509(CE)
1. Can I use only BGP to configure mv-ce?
2.In a case whereby I use OSPF(global) as IGP between the two PE's and ospf as a routing protocol between the PE and CE, do I run an OSPF vrf instance for every sub-interface that is connected between the PE and CE?
3. Do I redistribute the OSPF vrf routes into BGP vrf and BGP vrf routes into OSPF vrf routes?
09-21-2009 01:03 PM
Hello Mpho,
1) you can use BGP but both devices have the eBGP sessions under vrf address family
multiVRF CE
ip vrf VRFA
rd 65000:100
route-target both 65000:101
ip vrf VRFB
rd 65000:200
route-target both 65000:201
router bgp 65000
no bgp default ipv4-unicast
address-family vrf VRFA
neigh 10.10.10.2 remote-as 6600
neigh 10.10.10.2 activate
redistribute connected
address-family vrf VRFB
neigh 10.20.10.2 remote-as 6600
neigh 10.20.10.2 activate
redistribute connected
int vlan 100
ip vrf forwarding VRFA
ip address 10.10.10.1 255.255.255.0
no shut
int vlan 200
ip vrf forwarding VRFB
ip address 10.20.10.1 255.255.255.0
int vlan 101
ip vrf forwarding VRFA
ip address 10.100.10.1 255.255.255.0
no shut
int vlan 201
ip vrf forwarding VRFB
ip address 10.20.20.1 255.255.255.0
int gi3/4
desc interface to PE
switchport
switchport enc dot1q
switchport mode trunk
switchport trunk allowed vlan 100,200
int gi3/5
switchport
switchport mode access
switchport access vlan 101
desc interface to client vlan in VRFA
int gi3/6
switchport
switchport mode access
switchport access vlan 102
desc interface to client vlan in VRFB
what changes on PE node is the configuration of OSPF as IGP and of MPLS.
2)
yes as in the whitepaper
3)
yes as in the whitepaper
Hope to help
Giuseppe
09-22-2009 12:43 AM
If I use the trunk link between the PE and CE, on the router side how am I going to get these routes accross the MPLS back bone to the remote side? Is there a detalied document that I can use/read?
09-22-2009 02:11 AM
Hello Mpho,
the configuration on the PE side is the same with the addition of MPLS, MP BGP and LDP.
the L2 trunk towards multiVRF CE carries vlans 100,200,
a L3 SVI interface for each Vlan 100 is associated to the right VRF.
an eBGP session is configured under the corresponding BGP address-family.
OSPF is configured on links between PE nodes.
LDP is configured on links between PE nodes.
OSPF has to advertise the loopback used as LDP router-id to make LDP sessions to come up.
use the same loopback as BGP source-address on iBGP sessions
int loop1
ip address 172.16.60.1 255.255.255.255
mpls label protocol ldp
mpls ldp router-id loop1 force
router ospf 10
network 172.16.60.1 0.0.0.0 area 0
network 172.16.20.0 0.0.0.255 area 0
router bgp 6600
neigh 172.16.60.2 remote-as 6600
neigh 172.16.60.2 update-source loop1
address-family vpvn4
neigh 172.16.60.2 activate
neigh 172.16.60.2 send-community both
int gi4/7
desc backbone
ip address 172.16.20.1 255.255.255.0
mpls ip
mpls mtu 1512
there are some things to be aware of:
if you create the loop1 after having enabled mpls to have it to become the LDP router-id you need the command with the force option.
use /32 loopbacks or you need ip ospf network point-to-point under loop config to have OSPF advertise the correct mask.
check with sh mpls forw 172.16.60.2 that the action is POP TAG.
before setting up the eBGP sessions in VRFs you should be able to ping from CE1:vlan100 to CE2:vlan102 at the other end exactly as in a standard MPLS VPN setup.
So the suggestion is a step by step approach.
First make working the PE-PE communication and verify VPN connectivity from CE to CE.
then add the eBGP sessions in VRF both on PE side and on multiVRF side.
Do this on site1 and use CE of site2 to verify it can reach in each VRF the subnets advertised by multiVRF CE1 of site1.
Finally add the eBGP session in VRF on multiVRF CE2 and PE2
verify end-to-end connectivity using extended ping in VRF
ping vrf VRFA enter
notice that CE needs to use this command too because they see the PE node as a device in a VRF.
You have already setup an MPLS VPN lab so you just need to build over it.
Hope to help
Giuseppe
09-22-2009 03:51 AM
I am only loosing you on these below configs, did you use different ip on all of these vlans. I thought trunk dont need ip addresses. Can you clearify please?
int vlan 100
ip vrf forwarding VRFA
ip address 10.10.10.1 255.255.255.0
no shut
int vlan 200
ip vrf forwarding VRFB
ip address 10.20.10.1 255.255.255.0
int vlan 101
ip vrf forwarding VRFA
ip address 10.100.10.1 255.255.255.0
no shut
int vlan 201
ip vrf forwarding VRFB
ip address 10.20.20.1 255.255.255.0
09-22-2009 04:18 AM
Hello Mpho,
the L2 trunk is useless without ip addresses associated to SVIs.
VRFA:
vlan101 represents the client vlan ip subnet that has to be advertised to PE on an eBGP session in BGP af vrf VRFA.
vlan100: represents the vrf access link to PE node for VRFA
so it is
PE1--- vlan100 --- multiVRF-CE1--- vlan101
VRFB:
PE1--- vlan200 --- multiVRF-CE1--- vlan201
again vlan201 represents a customer route in VRFB to be advertised to PE on eBGP session in af vrf VRFB
whole chain topology for VRFA
vlan101 --- MultiVRFCE1--- vlan100-- PE1
PE1 --- MPLS --- PE2-- vlan 102--MultiVRFCE2 -- vlan103
whole chain topology for VRFB
vlan201 --- MultiVRFCE1--- vlan200-- PE1
PE1 --- MPLS --- PE2-- vlan 202--MultiVRFCE2 -- vlan203
you need something to advertise over BGP sessions my suggestion is that it can be another SVI mapped to same VRF or you can use a loopback interface.
if you look at figure 8 of the document you have attached in first post the scenario is similar.
Hope to help
Giuseppe
09-22-2009 07:14 AM
I will use this configs tomorrow, it starting to make sense a bit. at the moment there are other configs that I used but PE can only ping it's immediate connected routes, it can't ping the remote side through the MPLS. When I do sh ip route it can see the routes but it can't ping them.. I have configured "redistribute connected under my vrf's.
What could be a problem?
Does this mean anything?
CR7613PE#sh mpls forwarding-table vrf vpntest1
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id Switched interface
18 No Label 192.4.1.0/24[V] 0 Gi10/21.100 172.100.0.2
19 No Label 111.111.111.111/32[V] \
0 Gi10/21.100 172.100.0.2
21 No Label 100.0.0.0/24[V] 0 Gi10/21.100 172.100.0.2
22 Pop Label IPv4 VRF[V] 0 aggregate/vpntest1
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id Switched interface
23 Pop Label IPv4 VRF[V]
CR7609PE#sh mpls forwarding-table vrf vpntest1
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id Switched interface
18 No Label 155.239.247.0/24[V] \
0 Gi2/0/1.100 172.200.0.2
23 No Label 222.222.222.222/32[V] \
0 Gi2/0/1.100 172.200.0.2
24 Pop Label IPv4 VRF[V] 0 aggregate/vpntest1
CR7609PE#sh mpls forwarding-table vrf vpntest2
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id Switched interface
19 No Label 200.200.200.200/32[V] \
0 Gi2/0/1.200 172.200.0.6
21 No Label 155.239.248.0/24[V] \
0 Gi2/0/1.200 172.200.0.6
25 Pop Label IPv4 VRF[V] 0 aggregate/vpntest2
0 aggregate/vpntest2
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide