cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2211
Views
10
Helpful
10
Replies

GRE Tunnel interfaces in MPLS VRF

zahid.hassan
Level 1
Level 1

Dear All,

I am having to configure a GRE tunnel between a

Cisco 2600 and SUP-720 acting as MPLS PE.

GRE

CE (2600) <--------> PE (SUP-720)

The tunnel interface on the SUP-720 is in a VRF and I can connect

to the other interfaces connected locally on the same PE from the CE.

However, I am not being able connect to any other interfaces on the same VRF which are configured on any other PE routers.

So basically I can only connect to routes which are local to the PE where the GRE tunnel terminates.

Here is my config:

PE (SUP-720)

!

interface Tunnel1

ip vrf forwarding test

ip address 192.168.1.1 255.255.255.252

ip mtu 1460

keepalive 10 3

tunnel source 219.168.33.6

tunnel destination 211.151.241.108

tunnel mode ipip

end

!

CE (2600)

!

interface Tunnel1

ip address 192.168.1.2 255.255.255.252

ip mtu 1460

keepalive 10 3

tunnel source 211.151.241.108

tunnel destination 219.168.33.6

tunnel mode ipip

end

!

Also I am seeing packets hitting the CE from the PE but not getting back to the PE.

I am running OSPF over the tunnel and I have all the necessary routes in place.

Has anyone experienced anything similar ?

Any help or input will be very much appreciated.

Regards,

Zahid

10 Replies 10

pankajkulkarni
Level 1
Level 1

Zahid,

There are 2 configuration changes you'll have to make to get this working -

1. "Tunnel keepalives" is supported only with GRE encapsulation. This feature isn't available with encapsulation IPIP.

Refer to link below for more information on tunnel keepalives -

http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087cec.html

2. While configuring tunnels with VRFs use the "tunnel vrf " command under the tunnel interface configuration mode to specify which VRF the tunnel destination exists. It is possible to establish tunnels across different VRFs.

eg.

interface Tunnel1

ip vrf forwarding ISDNPE

ip address 12.1.2.3 255.255.255.0

tunnel source GigabitEthernet0/3.2

tunnel destination 192.168.12.1

tunnel mode ipip

tunnel vrf ISDNPE

no clns route-cache

Refer to the link below for further information -

http://www.cisco.com/en/US/partner/tech/tk436/tk428/technologies_configuration_example09186a00801e1294.shtml

I hope this helps, do rate all posts.

Regards,

Pankaj

Pankaj,

Many thanks for the reply.

I have added the tunnel vrf command and changed the mode to GRE.

Unfortunately, this hasn't made any difference.

I am wondering if there is any know issue with tag-switching GRE packets on 6500/SUP-720 running 12.2(18)SXD3.

Anything else that you can think of ?

Regards,

Zahid

Zahid,

Are you trying to configure GRE tunnel between the PE-CE or across the MPLS backbone?

Incase you are attempting tunnel between PE-CE the configuration snapshot I provided in my earlier post is adeqaute to establish connectivity, infact it was taken from a working setup.

Could you send me the information below which will help me analyze better.

1. Network diagram

2. configuration of all routers.

3. show command output for relevant routers

show ip ospf nei,

show int tunnel ,

show ip route vrf

show ip bgp vpnv4 vrf

Regards,

Pankaj

Pankaj,

I tested this same configuration by terminating the tunnel at the PE end on a 7200/NPE-G1 and it works fine.

So it looks like there is an issue with

tag-switching GRE packets on the SUP-720 (12.2(18)SXD3).

Thanks again for all your input on this.

Regards,

Zahid

oettls
Level 1
Level 1

Hi Zahid,

check out the global command:

'mls mpls tunnel-recir'

It enables packet recirculation to the SUP720 when labels on tunneled packets are imposed if I remember correctly.

hope this helps

cheers,

Stefan

1) Keepalives will help you bring the tunnel status down if its not up end to end. But as pointed it can be done on a GRE encap only.

2) Tunnel VRF command is use for a different purpose (ie: when you want to tunnel one VRF into another) So that wouldnt be of much help.

On the contrary if you run the current config on lets say a 2600 PE and a 2600 CE it will definately work.

So this is pointing to a problem somewhere else, as you also see the routes at all the points from where you want to reach the CE or vice versa.

Can you also give an o/p of "show erm statistics" after running a ping test couple of times.

HTH-Cheers,

Swaroop

Hello Swaroop,

I was configuring a GRE tunnel between a PE (7206) and CE (1750). One end of the tunnel belonged to the VRF instance.

Without the "tunnel vrf" command the tunnel status was asymmetric. On the CE router the status was UP/UP (status/line protocol) whereas on the PE end it was UP/Down.

This state got resolved upon adding the vrf tunnel command.

Regards,

Pankaj

Hello Pankaj,

COnventionally when we configure a GRE tunnel the source and destination are supposed to be reachable via the Global Routing Table.

But by using this feature We can configure a GRE tunnel using the source and destination from a VRF.

So essentially when we configure a GRE tunnel, lets say Tu10, then if we pick up the source and destination from a VRF x then we have to specify this using the command VRF x. And use the tunnel so created for whatever purpose.

Here is the feature reference.

http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps5207/products_feature_guide09186a00801a8939.html

So were you trying to use a Tunnel source and destination form a VRF or Global Table, when you were configuring btwn 7206 and 1750.

Now in the current scenario, the Tunnel is already up and functional and OSPF adjaceny has been formed over it. So I was pondering on the possibility of the problem existing somewhere else. Which is difficult to define with the information in hand currently.

Correct me if wrong.

HTH-Cheers,

Swaroop

Hello Swaroop,

I doubt the tunnel would have come UP without the "tunnel vrf" command in place. Unless, the tunnel is UP neither would be OSPF adjacency be formed. Zahid could confirm this for us.

I had tried this scenario in the lab and found that the tunnel stays DOWN unless the command is applied.

I agree with you and hope Zahid would share more information which should be handy to identify the problem.

Regards,

Pankaj

Hi Pankaj,

I configured the tunnel without the "tunnel vrf" command and its works fine.

Regards,

Zahid

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: