Hello,

also make sure to have labels for the PE BGP next hops. You can check the settings with:

show mpls ldp discovery

local LDP ID

192.168.1.1:0 !(should be PE loopback)

interface Ethernet0/0 (LDP): xmit/recv !(make sure thee protocol matches and the neighbor PE is seen)

192.168.1.2:0 (neighboring PE)

Interfaces and output might be different, but I hope you get the idea.

Next check for the existence of an LSP between the BGP next hops:

show mpls forwarding-table

local tag outgoing tag destination

1234 pop 192.168.1.2/32

and similar entries in the other PE. It is important to have "pop/imp-null" and not "untagged". In the latter case the VPN label would not be sent.

And finally "the truth": CEF, as Harold already pointed out.

show ip cef vrf Kunde1 1.1.1.1

... tags imposed {17}

should be there twice.

As a last hint: make sure the network between PE and CE is included in the BGP updates:

router bgp 65000

address-family ipv4 vrf Kunde1

redistribute connected

Hope this helps! Please rate all posts.

Regards, Martin

Thanks a lot for the detailed input.

I have checked my data plane configuration and have found following problem:

The "show tag-switching interfaces detail" stated:

Bern#sh tag-switching int detail

Interface Serial0/0:

IP tagging enabled

TSP Tunnel tagging not enabled

Tag Frame Relay Transport tagging not enabled

BGP tagging not enabled

Tagging operational

Fast Switching Vectors:

IP to Tag Fast Switching Vector

Tag Switching Turbo Vector

MTU = 1504

IP tagging is enabled but the TSP tunnel tagging is not enabled.

How can I enable the TSP (LDP) tunnel tagging? I cannot find any command about this. Maybe my LAb equipment doesn't support this.

All the other configuration steps are o.k..

It would be great for an additional hint. Thanks in advance.

Frank

Hello,

TSP tunnel tagging is refering to MPLS Traffic Engineering. And I think you didn´t configure it - it is not a prerequisite for MPLS L3VPN anyhow.

Can you post a "show ip route vrf ..." just to make sure, that all networks are there (source and destination IPs) to ping successfully.

Check please: "ping PE by each CE (Loopback)"; "Show ip route" on each CE. Maybe it is a pure IP problem (wrong IP, wrong mask, no redistribution).

Can you also post "show tag forwarding-table" and "show ip bgp vpnv4 all" plus "show ip bgp vpnv4 all 1.2.3.4" where 1.2.3.4 would be the network in the VRF on each PE.

Hope this helps! Please rate all posts.

Regards, Martin

Hi,

After reading some CCO pages, I found the usage for TSP (LDP) tunneling - MPLS-TE.

Of course, I can send some outputs from my configuration.

But before I will do this, I will check some of your comments.

One question: Is it really possible to ping the loopback interface of the PE router from the CE? You mean, a ping should be possibel form CE1 to loopback PE1 and loopback PE2?

This is not working! Is this still the problem? I can ping from CE1 to vrf PE1 and can ping from CE2 to vrf PE2.

Ping is also possible between PE1 loopback and PE2 loopback.

Frank

Hello,

The CEs will not be able to ping the PE Loopbacks, which are in the global IP routing table. You could configure a further Loopback into a VRF. But this is not needed for normal operation.

One of the charming parts of MPLS L3VPN is the separation of IP addresses - Customers are separate from SP core.

As you have PE-CE connectivity your problem is either control plane (IP routing) or data plane (label switching).

From an IP routing perspective: Do you get CE2 routes on CE1 and vice versa? What is your PE-CE routing protocol?

Regards, Martin

Hi,

I using static routing between CE and PE. Default route on CE and static routes in vrf PE.

Attached the "requested details". I hope it is not to much work for you.

Thanks in advance. Your comments are very useful.

Frank

Martin,

Thanks a lot. "All" my problems are solved. During the course "implementing Cisco MPLS", we didn't configure static PE CE routing and now I'll check the course material, whether there is an information about this command.

If I understood the redistribution correctly, for dynamic routing between CE PE there is no "redistribute connected command required, or is it necessary for every CE PE routing issue.

Thanks a lot. My configuration is running as I have expected. I hope that I can support you in the future.

Frank

I strongly agree with Harold. You having the right routing table (control plane) does not mean everything will work on the data plane. Aside the CEF, confirm also that MPLS is enabled and that labels have been exchanged. Despite the fact that the PEs are directly connected, VPN labels are still exchanged.