Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

MPLS VPN problem

I'm trying to establish a mpls VPN between two CE routers. The routes are receiving each other, but i can't ping between them.

Riyadh_POP#sh ip bgp vpnv4 *

BGP table version is 7, local router ID is 217.26.82.3

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:101 (default for vrf mpls-test)

*>i172.16.18.36/30 172.16.12.13 0 100 0 ?

*>i192.168.0.0 172.16.12.13 28416 100 0 ?

*> 192.168.50.0/30 0.0.0.0 0 32768 ?

Riyadh_POP#ping vrf mpls-test 192.168.50.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.50.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Riyadh_POP#ping vrf mpls-test 172.16.18.37

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.18.37, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

on the other PE router

WL-Router#ping vrf mpls-test 192.168.50.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.50.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

WL-Router#ping vrf mpls-test 172.16.18.37

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.18.37, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Any Clues ?

Regards

Haris P

1 ACCEPTED SOLUTION

Accepted Solutions

Re: MPLS VPN problem

Haris,

Are the loopbacks configured as /24 or /32 ? As a rule If the MPLS cloud IGP is OSPF, take care that by default the loopback will be advertised by OSPF as /32 prefix, and since the egress router (lets assume that it has the prefix as a connected /24) will advertise the LDP binding as /24 to the P router, the problem is that the P router doesn't have the /24 prefix in its routing table, rather it has the /32 route and thus both the PE and P create bindings for different prefixes (PE for /24 and P for /32) and thus both drop the exchanged binding from each other since it is not in their routing table, this results in that the packets will be dropped on the P router - The solution is to either use /32 loopbacks, or use the ip ospf network point-to-point under the loopbacks.

BR,

Mohammed Mahmoud.

15 REPLIES
Silver

Re: MPLS VPN problem

Hi,

Config looks generally ok, there are bits that could be tidied up.

Could you post the full configs, as you havent gave us any of the ip addressing.

Cheers,

LR

Bronze

Re: MPLS VPN problem

Hi ,

The diagram for my scenario is attached

Silver

Re: MPLS VPN problem

HI,

From looking at this, you are peering VPNV4 between PE1 and PE2, PE2 looks like a P router, not a PE router, was does PE3 do?

Can you post the full configs as it will be easier for us to help out!

Also PE1 doesnt have update-source on it the remote PE, what does the remote PE show as the next hop for the VPNV4 routes? PE1 loopback or 172.16.26.13?

Cheers,

LR

Silver

Re: MPLS VPN problem

please drfine autonoumus system comman in the bgp for eigrp process and neighbor command also.

regards

shivlu

Bronze

Re: MPLS VPN problem

Dear Lee ,

The PE1 , PE 2, PE3 all are PE Routers . In this case im trying to establish a MPLS VPN connection from PE1 to PE3 which ofcouse goes thru PE2 .

There is no update souce on the router because it's not using the loopback interface . I tried putting " neighbor 72.16.12.13 update-source FastEthernet4/0.10 " under bgp , but no result .

Regards

Haris

Re: MPLS VPN problem

Hi Haris,

Though you are receving all the routes and not able to ping means, on the LSP from one PE to other PE some where the interface is not enabled with MPLS.

pls check all the interfaces in the LSP path from both sides whether the MPLS is enabled on the interfaces or not?

Regards,

RAj

Re: MPLS VPN problem

Hi Haris,

In my previous message I mentioned the term LSP,if any interface is not enabled with MPLS LSP will not get formed.

what i menat was , take the traceroute from one end to other end from both sides and in that path make sure all the interfaces are enabled with MPLS.

Regards,

RAj

Bronze

Re: MPLS VPN problem

Dears ,

Thanks for your reply . MPLS ip is present in all the interfaces in the path.

Also mpls config. under my ATM interface is as shown , whether some thing else is needed for ATM interface ?

nterface ATM3/0.500 point-to-point

ip address 10.250.0.2 255.255.255.0

tag-switching ip

pvc 0/399

encapsulation aal5snap

I cant provide compleete config , but a partial config. can be provided

Re: MPLS VPN problem

Hi Haris,

Unfortunately the information provided by yourself is incomplete, what is the IGP used and which PE routers are we talking about and on which PE routers is the VRF defined, as a rule of thumb (might not be your case, so please elaborate on your setup), MP-iBGP peering between the PE routers must not be done via the P-PE connected interfaces IP addresses (most recommended to use loopback IPs), because due to PHP the P router just before the last P router connected to the PE will be responsible of the PHP (since the IP is directly connected to the last P router), and thus the last P router will receive the packet with one label, which is the VPN label, and since the P router is unaware of the VPN label it will drop the packet. To formulate this in your scenario, then if we are talking about PE1 and PE3, thus PE2 will receive that packet with only the VPN label and will drop it, thus please do the peering using loopback IPs and get back to us.

BR,

Mohammed Mahmoud.

Bronze

Re: MPLS VPN problem

Dear Mahmoud ,

thanks for the reply , i tried with loopback interface on PE3 for iBGP , but no luck . attached is my diagram . I have ospf running between PE1 and PE2 which is basically located on the same place , while PE3 is located on our remote office to where we are using static routes

Regards,

Haris

Re: MPLS VPN problem

Haris,

Are the loopbacks configured as /24 or /32 ? As a rule If the MPLS cloud IGP is OSPF, take care that by default the loopback will be advertised by OSPF as /32 prefix, and since the egress router (lets assume that it has the prefix as a connected /24) will advertise the LDP binding as /24 to the P router, the problem is that the P router doesn't have the /24 prefix in its routing table, rather it has the /32 route and thus both the PE and P create bindings for different prefixes (PE for /24 and P for /32) and thus both drop the exchanged binding from each other since it is not in their routing table, this results in that the packets will be dropped on the P router - The solution is to either use /32 loopbacks, or use the ip ospf network point-to-point under the loopbacks.

BR,

Mohammed Mahmoud.

Bronze

Re: MPLS VPN problem

Dears ,

The loopbacks are configured as /32 only , I tried to configure one MPLS VPN between PE1 and PE2 and it worked fine . But to PE3 the same problem . PE3 is connected through ATM interface and there is only one command I put to enable mpls switching , it's tag-switching ip , but while in ethernet it's " mpls ip " . when I'm putting mpls ip under atm interface it's coming as "tag switching ip" . Whether it can be the problem .

interface ATM3/0.500 point-to-point

tag-switching ip

Whether configuring GRE will solve my issue ? ie a GRE between PE1 and PE3 thru ATM link

interface Tunnel1

ip address 10.20.20.2 255.255.255.252

ip mtu 1492

tag-switching mtu 1500

ip tcp adjust-mss 1444

tag-switching ip

keepalive 10 3

Is there is any other things to be considered while configuring mpls over atm . I also want to limit mtu to 1500

Regards,

Haris

Re: MPLS VPN problem

Hi Haris,

From your diagram PE3 is not part of the OSPF domain, it is just running static routes, for LDP exchanged bindings to be inserted into the LFIB, there must be valid exact routes in the routing tables, this means PE3 must have specific static routes for all the essential IPs and the same goes to PE1 and PE2, why not making PE3 part of the OSPF domain and solve this mess.

And by the way, the tag-swithcing ip issue you have stated doesn't induce any problem, it is just how the IOS stores it, moreover this behavior is modified in modern IOS codes, but the thing that you always need to take care of is that starting from IOS release 12.4(3) the default MPLS label distribution protocol changed from TDP to LDP, and thus you must always make sure that you have the correct protocol running on all your LSRs if you are using different IOS codes on them.

BR,

Mohammed Mahmoud.

Bronze

Re: MPLS VPN problem

Dears ,

As Mahmoud said , In MPLS VPN, there should have a specific /32 route for each PE.I tried static routes on PE's so that each PE's learn each other's loopbacks as a /32 IGP route and then it worked

I added the following Static routes on PE3

ip route 172.16.12.6 255.255.255.255 10.250.0.1

ip route 172.16.12.13 255.255.255.255 10.250.0.1

on PE2

ip route 172.16.22.137 255.255.255.255 10.250.0.2

Regards,

Haris

Re: MPLS VPN problem

Hi Haris,

I am glade it worked out, yes there should be exact routes in the routing table for the LDP exchanged bindings to be used in the forwarding plane.

BR,

Mohammed Mahmoud.

528
Views
5
Helpful
15
Replies