MPLS VPN Question

sampusarkar · ‎07-27-2010

Hello :

I have one problem establishing conection between two VPN sites. I have CE-PE routing protocol running OSPF. I am

sharing the topology and I want to achieve.

CE(R7)______PE1-----------------------PE2___________CE (BB1)VPN_A)

| |

P________________________P

ON CE (R7)

I could able to see the routes of BB1. But unable to ping R7 to BB1 vice versa. PE1 & 2 both are running MPBGP and customer

OSPF routes have been redistributed into MPBGP. Lets say an example if i want to ping loopback address of BB1 from R7 , I am

unable to ping. I see the routes are being advertised in R7. Next hop is reachable. If I do trace route , I see the packet is

dropping on after it hits the PE1 router.

Any thought would be much appreciated.

Edison Ortiz · ‎07-27-2010

You may have a problem with labels within the MPLS Backbone.

Check the mpls forwarding table on all P and PE routers.

Regards,

Edison

sampusarkar · ‎07-27-2010

Hello Edison :

Thanks for your reply. This is the following MPLS forwarding table I have for my two cores ( R1 & R5).

R1

===========

R1#show mpls forwarding-table

Local Outgoing      Prefix            Bytes Label   Outgoing   Next Hop
Label Label or VC   or Tunnel Id      Switched      interface
16     Pop Label     5.5.5.5/32        0             Gi2/0      10.2.1.2
17     Pop Label     10.1.2.0/24       570           Gi2/0      10.2.1.2
18     18            6.6.6.6/32        79960         Gi2/0      10.2.1.2
19     Pop Label     3.3.3.3/32        64200         Gi1/0      10.1.1.3
R1#show mpls
R1#show mpls for

R1#show mpls forwarding-table 10.10.10.10
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id Switched interface

This is 10.10.10.10 is loopback address of BB1 I was trying ping but apparantly it is failing. How to fix that? I have mpls runnning all interface in P routers.

Chetan Kumar Ress · ‎07-27-2010

Hi Sam

If possible can you share the config , it will help us to understand the your topology & able to trouble shoot.

or Please refer the below document where the same configuration is done.

Note : Your 10.10.10.10 is loopback IP on BB1 is not is MPLS lable table , You should check in show mpls forwarding-table vrf ( name )

or check sh ip bgp vpnv4 vrf (name) ----wether you are able to see the route 10.10.10.10.

https://supportforums.cisco.com/docs/DOC-11383

Regards

Chetan Kumar

west33637 · ‎07-27-2010

Hello.

Ensure that BB1s loopback (10.10.10.10) and R7's loopback is reachable via OSPF. make sure that the PE routers are advertising those loopbacks into the OSPF process. Also ensure that the P routers are advertising their loopbacks into OSPF. They must advertise their loopbacks because thats what MPLS will use to peer with. IP cef should be enabled by default. If not, enable it on all P and PE routers.

Also it wont hurt to issue the following command to check if all your PE and P routers have neighbor adjacencies - sh mpls ldp nei

In your topology the P routers should have 2 LDP neighbors - 1 to the adjacent PE router and 1 to the other P router.

If you dont see all the adjacencies, configure mpls ip on all the adjacent interfaces so that they can form adjacencies.

loopback advertisement example

router ospf 1

network 10.10.10.10 0.0.0.0 area 0

on the P routers do a sh ip ro ospf and check to ensure that you see 10.10.10.10 and also the loopback of R7.

also on the P routers do a sh ip cef 10.10.10.10 ---- you should see a forwarding path now in the CEF table

also check the MPLS forwarding table - sh mpls forwarding-table 10.10.10.10 --- you should see an entry now in the MPLS forwarding table.

the reason you cant ping from one end to another is because your core network does not have a label forwarding path to the loopbacks of the PE routers.

fix the MPLS core and you'll most likely fix the VPN, unless you have some other configuration issues at the PE.

Please remember to rate if it helps.

sampusarkar · ‎07-28-2010

Dear All :

Thanks for your valuable suggestions. I guess I have already built end to end MPLS path. However, I am attaching the config

details of each router. Maybe I am missing some config.

R3:(PE1)

==============

R3#sh ip bgp vpnv4 vrf VPN_A 10.10.10.10

BGP routing table entry for 10:3:10.10.10.10/32, version 10
Paths: (1 available, best #1, table VPN_A)
Not advertised to any peer
200, imported path from 10:6:10.10.10.10/32
    6.6.6.6 (metric 4) from 6.6.6.6 (6.6.6.6)
      Origin incomplete, metric 65, localpref 100, valid, external, best
      Extended Community: RT:10:6 OSPF DOMAIN ID:0x0005:0x000000020200
        OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:12.1.1.2:0
      mpls labels in/out nolabel/21

I do see route of BB1. Same for R6 (PE2) as well.

R6 ( PE2)

=========

R6#show ip bgp vpnv4 vrf VPN_A 10.10.10.10

BGP routing table entry for 10:6:10.10.10.10/32, version 4
Paths: (1 available, best #1, table VPN_A)
Advertised to update-groups:
1

Local
    12.1.1.3 from 0.0.0.0 (6.6.6.6)
      Origin incomplete, metric 65, localpref 100, weight 32768, valid, sourced, best
      Extended Community: RT:10:6 OSPF DOMAIN ID:0x0005:0x000000020200
        OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:12.1.1.2:0
      mpls labels in/out 21/nolabel

R7

========

R7#sh ip route 10.10.10.10

Routing entry for 10.10.10.10/32
Known via "ospf 1", distance 110, metric 3, type inter area
Last update from 10.1.1.2 on GigabitEthernet1/0, 01:44:30 ago
Routing Descriptor Blocks:
* 10.1.1.2, from 33.33.33.33, 01:44:30 ago, via GigabitEthernet1/0
Route metric is 3, traffic share count is 1

I do have a route to BB1.

LDP path is built R3 to R6.

I am attaching the config.

Regards

Arjun

sampusarkar · ‎07-28-2010

Please find the attachment.

Mohamed Sobair · ‎07-28-2010

Hi,

Could you please post the following:

1- show mpls ldp binding 10.10.10.0 from (R3 & R6)

2- show mpls forwarding-table from (R3 & R6)

Mohamed

u1kumar2002 · ‎07-28-2010

Hi ,

As per your attached the configuration, I will suggest you

1.Plz modify the ip vrf config on both the routers.
ip vrf VPN_A
rd 10:3
route-target import 10:3
route-target export 10:3
Configure same on R3 and R6, No need of different route-targets, Since its a simple vpn. Use of multiple route targets values are recommended in complex VPN's.
2. No need to configure mpls ip for vrf interface.
3. why R6 is having
router ospf 2 vrf VPN_A
network 10.0.0.0 0.255.255.255 area 0 (since S3/0 interface is having ip add 12.1.1.0/24, No need of this)
4.Is the MPLS clould is having two AS ? if its simple VPN use single AS and run IBGP between R3 & R6, Then form MP-BGP neighborship,otherwise if bgp neighborship should be proper.
5. Use /32 mask for loopback interface in R3 and R6 which are used for BGP peering, make sure both are reachable by IGP.
At last you can confirm the result with with following commands on both routers R3 and R6 ,
show ip bgp vpnv4 all
sh ip route vrf VPN_A
ping vrf VPN_A x.x.x.x

For a similar example in GNS3 , Plz find the attachment of lab and you can visit below link :

http://startnetworks.blogspot.com/2010/07/mpls-l3-vpnsham-link-as-override.html

Uttam