06-26-2007 03:19 AM
HI,
I am configuring GRE tunnel between two PE's but tunnel is not coming up please advice how to proceed,
Configuration of PE1;
3845]
interface Tunnel100
ip vrf forwarding DCN-NEC
ip address 10.1.1.1 255.255.255.252
tunnel source 192.168.104.250
tunnel destination 199.168.99.253
ip route vrf DCN-NEC 199.168.99.253 255.255.255.255 91.8.4.5
Configuration on PE2:
mls mpls tunnel-recir
interface Tunnel100
ip vrf forwarding DCN-NEC
ip address 10.1.1.2 255.255.255.252
tunnel source 199.168.99.253
tunnel destination 192.168.104.250
ip route vrf DCN-NEC 192.168.104.250 255.255.255.255 91.8.5.129
Regards,
Prasad Desai
Datacraft India Ltd.
06-26-2007 04:01 AM
Hi,
Can you ping the tunnel destination from both sides ?
BR,
Mohammed Mahmoud.
06-26-2007 04:20 AM
Hi,
You might want to follow the config guide found at "GRE Tunnel with VRF Configuration Example"
http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a00801e1294.shtml
This should work with the proper IOS version installed.
Hope this helps!
Regards, Martin
06-26-2007 05:23 AM
Can you run it through these checks.
1) Does your tunnel come up without the "ip vrf forwarding" on the tunnel.
2) Looking closely at your config it seems that you are trying to reach the /32 subnets with the "ip route vrf:" route.
But you are using the same subnets are source and destination as well.
So to better troubleshoot can you specify your objective behind having a tunnel between 2 PE's. So that the right method, whether a VRF with a Global Tunnel or a VRF within a VRF Tunnel can be recommended and troubleshooted.
HTH-Cheers,
Swaroop
06-26-2007 05:37 AM
Hi Martin,
Glad to see you, and welcome back in the new role !!!
Cheers,
Swaroop
06-26-2007 06:08 AM
Hi Swaroop,
Thank you, I am also glad to be back in the new role ;-)
Regarding the topic here: sorry, I gave the wrong example (GRE to CE and not between two PEs).
The tunnel destination in your config is actually in the VRF, but your static route points to the global ip, wich will not be found in the VRF (check with "show ip route vrf DCN-NEC").
In addition you do not have the static in your "show tech" output. and the tunnel config looks different.
Can you try on both PEs:
interface tunnel0
ip vrf forwarding DCN-NEC
ip address
tunnel source
tunnel destination
tunnel vrf DCN-NEC
OR try on both PEs:
interface tunnel0
ip vrf forwarding DCN-NEC
ip address
tunnel source
tunnel destination
Hope this helps!
Regards, Martin
06-26-2007 09:45 PM
Dear Martin
i tried ur both option in 1st option i used ip address as source of interface vlan 93 which is i configured for ip vrf forwarding DCN-NEC & destination ip address of vice versa but it is not working.
When i tried 2nd option i used loopback ip addresses of routers tunnel comes up.
i dont undestand why it is not up when i used ip addresses from ip vrf DCN-NEC.
06-26-2007 11:08 PM
When you use the source and destination from the DCN VRF it wont come up because the routes are not reachable in the global routing table.
To create a tunnel using a VRF source and destination you will have to use this feature.
http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00805e1e8e.html
Now when you use a PE loopback as source and destination, they are reachable in the global table, hence your tunnel comes up.
But still i am not sure what is to be achieved by creating a tunnel between two PE's and assigning a VRF to it.
If you are trying to create a inband DCN network through a MPLS network, then it would not be done like this.
Still waiting for more clear objectives about what you want to achieve here.
HTH-Cheers,
Swaroop
06-27-2007 05:55 AM
Thanks Swaroop for ur help , the page you have send is not available.
We are using vrf for DCN NEC . Idea behind configuring the tunnel is to form isis adjaency because DCN NEC have the area01 used in old DCN NEC & in our NEW MPlS network where we are migrating old DCN NEC we are using area01 as backbone & VRF use for that DCN is DCN-NEC.
So the idea was as the vrf Come up the tunnel interface will come up & isis adjancy will form.
06-27-2007 06:07 AM
Since you are trying to connect two endpoints of a VRF over a tunnel, why dont you create a tunnel directly between the CE. I am still not clear why do you need tunnels formed using the PE's and what will would be achieved.
And also you are trying to route OSI CLNS or IP or its both elements for the DCN.
A small diagram would be good.
HTH-Cheers,
Swaroop
06-27-2007 09:36 PM
Hi Swaroop ,
Since it is noted NEC has deployed single area through out the country and to migrate to the
proposed DCN architecture it is strongly recommended to custmor the area (NSAP address
change) at Server side. In case custmor does not agree to this change then GRE tunnel needs to be
configured between the NEC distribution and access locations to the core locations of NEW DCN.
Pls find the proposed DCN architecture diagram
inthat the down part is cutmor routers which will connect to PE router.
one thing i noticed when i use tunnel vrf DCN-NEC command using VRF ip addresses as Source & destination on 3845 PE router tunnel comes up but on cisco 6509 that command is not supported & ios of Cisco 6509 is SXF it is supported in SXB
As you mention tunnel will be between Core devices of new DCN & CE router & it is using OSI CLNS.
06-28-2007 03:28 AM
Hi Prasad,
Due to the inherent outage associated with the change of addressing on the server end, the customer may or may not agree for the the same.
So you may be left with the option of GRE tunnels. Since you will be running GRE from CE-CE (Devices connecting to PE's) you wont need to create tunnels between PE's. You can use any PE-CE protocol of choice and create these tunnels. (Tunnels from Acces to Distribution to Core all these would be CE's to the MPLS PE's and carrying the traffic inband)
the "tunnel vrf" command is not supported in SX release so you will have to upgrade only to SR release for the same. But again this is not required and of no use in this scenario as you will not create any tunnels between the PE;s.
HTH-Cheers,
Swaroop
06-28-2007 09:59 PM
Hi Swaroop ,
I have tried route(Destination specific) leakage from VRF to global routing table it is working ,Actually i dont need to do tunnel from PE to PE but as you mention tunnel will be form between ,
PE to Nec Distribution router,
PE to Nec Access router ,
Or PE to Nec distribution router only ,
If i do this how i will achive redundancy if tunnel fails ?
06-29-2007 04:37 AM
Hi Prasad,
Since the orginal question in the post is taken care of pls close the thread and unicast me on my mail id.
Also mention the details who is handling the case now and any preliminary document has been made or not.
As when last i was on it it was supposed to be a outofband parallel network. So fresh inputs would be needed to help on the same.
HTH-Cheers,
Swaroop
06-27-2007 07:15 AM
Hi,
If I understand correctly you want to migrate an OSPF customer network to a MPLS VPN solution. If this is correct, then you still could use OSPF in the VRF environment.
The customer network might or might not use the same area as the ISP in the backbone, because both are well separated. The customer can also have the same area in different locations.
Example:
CE1(area1)-PE1-P-PE2-CE2(area1)
The PE1-P-PE2 IGP is completely invisible to the customer and thus could also be area1 (with different routes of course).
To achieve this you will have different OSPF processes for IGP and customer routing.
A sample PE config excerpt to highlight this:
ip vrf customer
rd 65000:1
route-target export 65000:1
route-target import 65000:1
!
interface Serial1/0
ip vrf forwarding customer
ip address 10.0.11.1 255.255.255.252
!
interface Serial1/1
ip vrf forwarding customer
ip address 10.1.11.1 255.255.255.252
!
interface FastEthernet2/0
ip address 10.0.0.1 255.255.255.252
!
router ospf 10
network 10.0.0.0 0.255.255.255 area 1
!
router ospf 123 vrf customer
domain-id 0.0.0.1
redistribute bgp 65000 subnets
network 10.0.0.0 0.255.255.255 area 1
router bgp 65000
!
address-family ipv4 vrf customer
redistribute ospf 123 match internal external 1 external 2
no auto-summary
no synchronization
exit-address-family
There will be no route exchange between VRF and core IGP.
Sure you can also setup your design, but I see some issues to be sorted out:
1) full mesh of tunnels or suboptimal pathes?
2) recursive routing - make sure the tunnel endpoints are not learned through the tunnel
3) scalability
Personal feeling without knowing full details: going along the design I tried to sketch above might be more simple.
Hope this helps!
Regards, Martin
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: