Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CE's on same subnet (Tunnel?)

I have a requirement to setup a VRF over 2 PE's where there is a CE hanging of each PE running the same subnet (192.168.5.n/24) - The CE's addressing cannot be modified.

I'm assuming I will need to setup a tunnel?

Any suggestions greatly appreciated.

26 REPLIES
Purple

Re: CE's on same subnet (Tunnel?)

John,

I'm not sure a tunnel would help. In the context of layer 3 routing, if each CE advertises that 192.168.5.n/24 subnet to its PE, other PEs in the network will have the option to select between one of the two routes and will select one or the other. You will end up with traffic destined for that network being directed to one CE or the other and things would not work too well.

One option you have is to NAT all the traffic from both of the CEs and advertise the NATed address blocks into the MPLS cloud. That way, you won't have

duplicate networks in the MPLS cloud and the two CEs will be able to communicate with each other.

Hope that helps - pls rate the post if it does.

Paresh

New Member

Re: CE's on same subnet (Tunnel?)

Thanks for the quick response Paresh - So there's no way to establish a layer 2 tunnel between the two CE's?

Purple

Re: CE's on same subnet (Tunnel?)

You could possibly configure a GRE tunnel between the sites and then bridge over it but you will not solve the underlying problem of the duplicate networks...

Paresh

New Member

Re: CE's on same subnet (Tunnel?)

John,

What exactly is the topology here? Do you want both CE routers to be in the same VPN? If you have two CE devices that you want to belong to the same VPN (VRF) instance, you'll need to NAT. If the CE routers are to belong to different VPNs, you don't have a problem - the VRF functionality will keep the routes separate.

Jon

New Member

Re: CE's on same subnet (Tunnel?)

I would prefer not to do NAT - So if two seperate VPNs will solve my problem, I'm happy to go that way.

We basically have a backup network in one location that operates on the 192.168.5.n/24 network - We are moving one of the backup devices to a remote location, to give ourselves some goegraphic redundancy(For backups) - All backup clients backup to primary backup device, then to secondary (Hence the reason, we cannot change the IP of the secondary backup device). I was hoping there was a way to create a "layer 2" VRF so the 192.168.5.n/24 network could co-exist at both locations.

Purple

Re: CE's on same subnet (Tunnel?)

John,

The two-VRF solution allows you to use over-lapping space but you still will not be able to cummonicate between the 2 VLANs without doing NAT. So if that's what you want, your problem is still not solved...

Paresh

Silver

Re: CE's on same subnet (Tunnel?)

If you are using Ethernet, then probably you can extend the VLAN over the MPLS cloud(ATOM) and use the same IP Segments at either space. This will make ur n//w transparent to the SP core.

Or on a layer 3 solution you can do anycast and if the primary site fails the route is removed from the routing table and flaps to the 2nd site. Let me know if i came close to understanding your requirement.

New Member

Re: CE's on same subnet (Tunnel?)

Thanks for the response.

Yes we are using ethernet with dot1q - Do you have any links/examples on how to implement extending the vlan over the MPLS cloud?

Silver

Re: CE's on same subnet (Tunnel?)

New Member

Re: CE's on same subnet (Tunnel?)

Thanks for the url - I also did some searching last night and came across this : http://book.itzero.com/read/cisco/0510/Cisco.Press.MPLS.Configuration.on.Cisco.IOS.Software.Oct.2005.eBook-DDU_html/1587051990/ch11lev1sec2.html

Which uses xconnect - Is this also a viable option?

Purple

Re: CE's on same subnet (Tunnel?)

John,

I'm not sure if ATOM will work for you. Firstly, EoMPLS uses point-to-point links and that does not quite fit your requirements. Secondly, if you are going to be doing so, your PEs need to be running MPLS out to your CEs (a Carrier of Carriers setup)...

Paresh

New Member

Re: CE's on same subnet (Tunnel?)

Paresh,

In the example URL I provided( http://book.itzero.com/read/cisco/0510/Cisco.Press.MPLS.Configuration.on.Cisco.IOS.Software.Oct.2005.eBook-DDU_html/1587051990/ch11lev1sec2.html ), it states there is no awareness of the MPLS backbone to the end-user routers:

"There is no requirement that the VLAN identifier should be the same at both the ends. The most important detail is the VC identifier. The value 100 is used on both PE1 and PE2. From the end-user perspective, the EoMPLS service appears as an extension of their Ethernet segment (or in this case, a VLAN). There is no awareness of the MPLS backbone to the end-user routers"

The sample vlan config also doesn't mention any requirement to have MPLS out to CE's:

PE1(config)#interface FastEthernet5/0.100

PE1(config-subif)# encapsulation dot1Q 100

PE1(config-subif)# no cdp enable

PE1(config-subif)# xconnect 10.10.10.102 100 encapsulation mpls

__________________________________________________________________________

PE2(config)#interface FastEthernet5/0.100

PE2(config-subif)# encapsulation dot1Q 100

PE2(config-subif)# no cdp enable

PE2(config-subif)# xconnect 10.10.10.101 100 encapsulation mpls

Unless Im missing something?

Purple

Re: CE's on same subnet (Tunnel?)

Hi John,

Maybe you need to clarify your requirements to me... do you control the PEs ? I was under the impression that you had purchased a VPN solution for which you needed some mechanism on the CEs to merge two LANs....

If you do control the PEs, then AToM is certainly an option. But in such a case, you will need to configure your CE devices up as bridges so that the LAN can be truly extended between the two CEs. Then, you can use a xconnect to create the EoMPLS link between the two CEs.

Pls do remember to rate posts.

Paresh

New Member

Re: CE's on same subnet (Tunnel?)

Hi Paresh,

We do indeed control the PE's - Apologies if this wasn't made clear in my initial post.

Thanks for your assistance.

Purple

Re: CE's on same subnet (Tunnel?)

No probs, John.

Just another query: do these two sites need to communicate with any other sites apart from each other ?

Paresh

New Member

Re: CE's on same subnet (Tunnel?)

Not these two - but we may have that requirement down the track.

Silver

Re: CE's on same subnet (Tunnel?)

Hmm then you may have to move to VPLS soon enough ;-) or maybe you can do QinQ and transport it. The ideal thing to do for now would be to wait for those to come up.

Re: CE's on same subnet (Tunnel?)

Hello,

what you should look for is, whether there are any two hosts with exactly the same IP address in the 192.168.5.0/24 range. If so, then double NAT is the only solution at hand, i.e. you need to solve the problem at OSI Layer3, because within a single broadcast domain IP addresses need to be unique.

If you can make sure under any condition that there are no duplicate IP addresses assigned, then you can still use double NAT (source and destination) or create one OSI Layer2 broadcast domain. There are several possible approaches for this, like bridging, L2TPv3, EoMPLS or even VPLS.

The solution depends on your requirements, forseeable customer requests and hardware/software capabilities of involved equipment (and thus finally COST).

Hope this helps! Please rate all posts.

Regards, Martin

New Member

Re: CE's on same subnet (Tunnel?)

Hi Martin,

Definitely can gaurantee that there will not be two hosts with same IP in the 192.168.5.0/24 range.

We will have requiremtents (In the future) to be able to provide L2 VPNs for clients with varying tails (Eth, ATM + DSL), and leave all L3 configuration to them - VPLS certainly looks promising in this regard.

Thanks to all who replied.

New Member

Re: CE's on same subnet (Tunnel?)

Ok - Ran into a small problem attempting to use the "xconnect" method:

pseudowire-class ETHER-PW

encapsulation mpls

interface Port-channel1.590

encapsulation dot1Q 590

xconnect 10.10.10.102 590 pw-class ETHER-PW

MPLS encap is not supported on this circuit

Does mpls need to be enabled on the FE's ?

Silver

Re: CE's on same subnet (Tunnel?)

can you do a show mpls l2transport hw-capability on the interface and see if it supports egde functionality on Eth VLAN over MPLS. And iam doubtful about support on Port-channels as well.

Else you can try L2TPv3. Please note that EoMPLS is suported from min 7200

New Member

Re: CE's on same subnet (Tunnel?)

Ok - Got a working solution with L2TPv3:

PE1

pseudowire-class vlan-xconnect

encapsulation l2tpv3

ip local interface Loopback23

interface Port-channel1.590

encapsulation dot1Q 590

no snmp trap link-status

xconnect 10.10.10.102 590 pw-class vlan-xconnect

PE2

pseudowire-class vlan-xconnect

encapsulation l2tpv3

ip local interface Loopback23

!

interface FastEthernet0/0.590

encapsulation dot1Q 590

no snmp trap link-status

no cdp enable

xconnect 10.10.10.101 590 pw-class vlan-xconnect

!

And setup vlan 590 on switch ports - Initial testing appears good.

Thanks to all who provided help.

New Member

Re: CE's on same subnet (Tunnel?)

I am looking into using l2tpv3 to bridge multiple vlans between 2 data centers. would anything else be added to this configuration in order to extend the 802.1q trunk for more than one vlan across the tunnel?

I would have a 7206 with a gigabit interface acting as a trunk port, and i'd like to extend the vlans that connect on that trunk to the other site.

New Member

Re: CE's on same subnet (Tunnel?)

Hi Michael,

Just be wary on L2TPv3 - We see very high CPU utilisation whenever traffic passes over the tunnels(7204->7204 with NPE400's)....I've posted a question on this very topic, so hopefully it is a simple fix.

Re: CE's on same subnet (Tunnel?)

Hello,

I would assume you check with the feature navigator, whether EoMPLS for VLANs is supported in your IOS/hardware combination. Unfortunately there are still several limitations when it comes to EoMPLS.

You might need to use L2TPv3 in case EoMPLS is not yet supported on your platform.

Hope this helps! Please rate all posts.

Regards, Martin

Re: CE's on same subnet (Tunnel?)

Hello John,

Definately MPLS does NOT have to be enabled on a customer interface with EoMPLS or VLANoMPLS. This is not the reason for the message. If you could provide the hardware and IOS for more detailed help.

Could it be that VLANoMPLS is not supported on your hardware (Sup720?)?

Hope this helps!

Regards, Martin

241
Views
16
Helpful
26
Replies
CreatePlease to create content