Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

cisco 1700 with MP-BGP and VRF support

I have a Cisco 1721 with MP-BGP Support, you can create VRFs with it and every other MPLSVPN feature, but the commands for MPLS switching are not supported like Router(config-if)mpls ip , I read in some forums that you can create MPLS VPN without enabling MPLS at all, just with MPBGP, but I couldn't do it myself, Can someone tell me how to make it work or what can I do with a Cisco 1721 that supports MP-BGP?

thanks in advance

9 REPLIES
Cisco Employee

Re: cisco 1700 with MP-BGP and VRF support

MPLS VPN requires MPLS support at least on the PE router. Without MPLS, you can always use the VRF feature to create multiple RIBs on the router (VRF lite).

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: cisco 1700 with MP-BGP and VRF support

Probably you can connect the 1750 router to a MPLS enabled router on a back-to-back x-connect, and still route VRF traffic through that. But your MP-BGP should start from the MPLS enabled router only.

New Member

Re: cisco 1700 with MP-BGP and VRF support

I've run into the same issue. VRF-"lite" is really MPLS-99%, IE all features work, MP-BGP peer sessions, routes in VRF's etc, just no tag-switching on the interfaces.

One of the suggestions the TAC offered was to use some form of encapsulation (frame-relay or Dot1Q) to explode the VRF's apart from the PE to CE then put them back into VRF's on the 17xx (CE).

New Member

Re: cisco 1700 with MP-BGP and VRF support

thanks very much,

Can I use dot1q encapsulation on ethernet interfaces by creating sub-interfaces between those routers (PE and CE)?

What were the other suggestions by TAC?

best regards

Mesuti

New Member

Re: cisco 1700 with MP-BGP and VRF support

Yes you can do that. I have done it myself and it works. The only drawback is that it does not support

QoS in the PE-CE Vlan sub-interfaces.

Re: cisco 1700 with MP-BGP and VRF support

You can enable VRF-Lite without MP-BGP or MPLS transport. It's not mandatory. I Made for a customer a design that uses multi-vrf via IpSec on 1711 and 1712 routers (GRE/IPSec with dynamic routing per VPN). This emulates multiple routers and multiple serial lines via Internet. That kind of designs are possible. Multi-vrf allows U to have per VPN default routing. In my design I use per VPN OSPF process, but MP-BGP is another possibility to transport per VPN routes.

Re: cisco 1700 with MP-BGP and VRF support

Can you post a sample config using VRF-Lite and GRE?

Re: cisco 1700 with MP-BGP and VRF support

Here is an example. Take care about overhead for packets like VoIP. The overhead is 88 bytes.

The packet semms something like that.

IpHeader-pub@ - NAT-Tudp4500 - ESP - IpHeader-priv@(vrf discriminator) - GRE - Original IP Header - Data - Esp Trailer.

In this case you neet tunnel-mode because you use

private @ in order to determine vrf (vrf discriminator).

This is a LAB config, all other security parameters you need on a router are not configured. If you add access-list on the external interface of REMOTE you have to understand every encapsulation step in order to well tune it.

Good reading.

The PPT draw shows physically and logically views.

PS, take care about fragmentation issues, the problematic is still not well managed by the routers, I could not made Tunnel-path-mtu discovery work with vrf's. The workaround is to fragment packets. It's not good for performance but actually there is no other solution concerning that.

Kind Regards

Miguel

Re: cisco 1700 with MP-BGP and VRF support

PS to my last update...

You really need to use C1700-ADVSECURITYK9-M), Version 12.3(7)T on the router,

During my first tests this was only working on 2600, because a bug was present. I identified the bug and the developpement made trhe fix recently.

Kind Regards

Miguel.

822
Views
10
Helpful
9
Replies