MPLS Architecture Help

Answered Question
Sep 2nd, 2010

I'm new to MPLS and I have a question related to the network design.

We are trying to do a layer 3 VPN across 2 geographically seperate sites.

We are using two ASR 1004's for the PE's at each site.  My question is this:  Do I have to have a CE router on the other side of each ASR to inject routes to get MP-BGP to work among the two PE routers?

Or (and what we are trying to do) is have the two ASR's and create VRF's to attach directly to different network segments.

I hope that makes sense.

I have this problem too.
0 votes

Add an entry for loopback under OSPF as well

ASR1

router ospf 100

network 10.10.10.101 0.0.0.0 ar 0

network 192.168.1.0 0.0.0.255 ar 0

ASR2

router ospf 100

network 10.10.10.102 0.0.0.0 ar 0

network 192.168.1.0 0.0.0.255 ar 0

ASR1 should have an routing entry for 10.10.10.102

ASR2 should have an routing entry for 10.10.10.101

ASR1:

ping 10.10.10.102 source loop 0

should succeed

BGP:

show ip bgp vpnv4 all summ

to show if vpnv4 is up.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Giuseppe Larosa Thu, 09/02/2010 - 07:59

Hello Ryan,

>> Or (and what we are trying to do) is have the two ASR's and create VRF's to attach directly to different network segments.

this can be done you will need a redistribute connected in BGP under address-family vrf vrf-name or network commands

router bgp 65000

address-family vpnv4

address-family ipv4 vrf vrf0name

redistribute  connected

Hope to help

Giuseppe

shivlu jain Sat, 09/04/2010 - 04:59

In Addition to Giuslar, If you have network expansion plan, try to go with route reflectors. Another thing if your customer is using static then you need to redistribute that static route in address-family vrf vrfname.

regards

Shivlu Jain

http://www.mplsvpn.info

rdotson0990 Wed, 09/15/2010 - 04:40

Thank you both for your reply.  I have built out something like this in a lab enviroment.  I'm somewhat stuck.

From each ASR I can ping a device attached to a network segment by a switch.  What I can't do yet is ping from one server across the pipe to the other server sitting behind the other ASR (which would be the other site in our setup).

I also can't seem to get the MP-BGP to get the routes from PE - PE.  I've attached a very quick drawing of what this setup looks like and also the configs from each ASR.  I can ping the interfaces that directly connect the ASRs' but I can't ping them if I do a "ping vrf 905 192.168.X.X"  

I'm hoping someone can help me out with this. If you need any more information please let me know.

rdotson0990 Wed, 09/15/2010 - 05:24

Ok I added the 192.168.1.0 0.0.0.255 is my ospf config.  And no loopback IP's are not in the routing table.  what would that entry look like?

Also i'm trying to debug the ospf now.  Not having much luck though.  Thanks for your help.

Correct Answer

Add an entry for loopback under OSPF as well

ASR1

router ospf 100

network 10.10.10.101 0.0.0.0 ar 0

network 192.168.1.0 0.0.0.255 ar 0

ASR2

router ospf 100

network 10.10.10.102 0.0.0.0 ar 0

network 192.168.1.0 0.0.0.255 ar 0

ASR1 should have an routing entry for 10.10.10.102

ASR2 should have an routing entry for 10.10.10.101

ASR1:

ping 10.10.10.102 source loop 0

should succeed

BGP:

show ip bgp vpnv4 all summ

to show if vpnv4 is up.

Jon

rdotson0990 Wed, 09/15/2010 - 05:38

Ok looks like I got that working.  The adjacency's look good.

ASR1002-1#sh ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
10.10.10.102      0   FULL/  -        00:00:37    192.168.1.2     POS0/1/0
ASR1002-2#sh ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
10.10.10.101      0   FULL/  -        00:00:38    192.168.1.1     POS0/1/0

It seems the only part that is not working now is being able to ping from the 10.108 subnet to the 10.112 subnet.  Which I think is a routing issue, but haven't wrapped my head around it.  Here is what my routing tables for the VRF look like:

ASR1002-1#sh ip route vrf 905

Routing Table: 905
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is not set

      10.0.0.0/24 is subnetted, 2 subnets
S        10.108.1.0 [1/0] via 172.16.200.2
B        10.112.1.0 [200/0] via 10.10.10.102, 00:18:18
      172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.16.200.0/30 is directly connected, GigabitEthernet0/0/0
L        172.16.200.1/32 is directly connected, GigabitEthernet0/0/0
      192.168.200.0/30 is subnetted, 1 subnets
B        192.168.200.0 [200/0] via 10.10.10.102, 00:18:18

ASR1002-2#sh ip route vrf 905

Routing Table: 905
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is not set

      10.0.0.0/24 is subnetted, 2 subnets
B        10.108.1.0 [200/0] via 10.10.10.101, 00:26:08
S        10.112.1.0 [1/0] via 192.168.200.2
      172.16.0.0/30 is subnetted, 1 subnets
B        172.16.200.0 [200/0] via 10.10.10.101, 00:26:08
      192.168.200.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.200.0/30 is directly connected, GigabitEthernet0/0/0
L        192.168.200.1/32 is directly connected, GigabitEthernet0/0/0

rdotson0990 Wed, 09/15/2010 - 05:44

A minor update:

From ASR1 : I can ping the 10.112.1.10 server that is behind ASR2. But from the server itself I can't ping 10.112.1.10

From ASR2: I can't ping the 10.108.1.10 server that is behind ASR1.  Nor can I ping the 10.108.1.1 interface on the switch that ASR1 is connected to.

rdotson0990 Wed, 09/15/2010 - 06:10

Yeah I had already jumped to that.  The CE is actually a couple switches with routing enabled on them.  But I threw in some routes on one of them and I now have full connectivity from the 10.108.1.10 server to the 10.112.1.10 server.  It's not working the other direction but again it's probably a route.   Thank you for your help.  Your OSPF examples saved me a ton of work!

Actions

This Discussion