The topology goes like this :

PE1(vpn_A) - P - P - PE2(vpn_B). The 2 PE'S. the CE'S. In the routing table of PE1 there is a route to PE2. On the PE2 there is a route for PE1 vnp_A. Both have vlan interfaces configured for example on PE1 :

interface Vlan107

ip vrf forwarding vpn_A

ip address 192.168.1.240 255.255.255.0.

The vrf config on both PE'S :

ip vrf vpn_A

rd 1234:260

route-target export 1234:260

route-target export 1234:950

route-target import 1234:260

route-target import 1234:95

ip vrf Vpn_B

rd 1234:95

route-target export 1234:95

route-target import 1234:950

route-target import 1234:95.

hope this in enough

Hi

Can you provide

Full config of PE1 and PE2.

Jon

I am really sorry this is impossible, huge config and i am in a productive network.Can i send anything else?

No Problem, i understand. If possible could you provide the outputs of the following commands from both PE's

1) sh ip ro vrf VPN_A

sh ip ro vrf VPN_B

2) sh mpls forwarding-table

3) sh mpls forwarding-table vrf VPN_A

sh mpls forwarding-table vrf VPN_B

Jon

show ip route vrf vpn_A

C 192.168.1.0/24 is directly connected, Vlan107

B 192.168.199.0/24 [200/0] via Pe2's_loopback, 19:01:05

show mpls forwarding-table vrf vpn_A

Local Outgoing Prefix Bytes tag Outgoing Next Hop

tag tag or VC or Tunnel Id switched interface

822 Aggregate vrf:vpn_A 40096523

823 Untagged 192.168.10.0/24[V] \

20828455849 Vl107 192.168.1.83

824 Untagged 192.168.30.0/24[V] \

1103199 Vl107 192.168.1.4

show ip route vrf vpn_B

B 192.168.1.0/24 [200/0] via Pe1's_loopback, 1d05h

show mpls forwarding-table vrf vpn_B

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or VC or Tunnel Id Switched interface

593 Pop Label IPv4 VRF[V] 15550 aggregate/vpn_B

2981 No Label 192.168.199.0/24[V] \

83985816861 Vl110 P2_PUBLIC_ADDR...

I have another PE with same config and when i do show ip route vrf command for the vpn_B there a line saying "MPLS REQUIRED" which does not appear in the PE1.also they have a diff in the config :

address-family ipv4 vrf vpn_A

redistribute connected

redistribute static route-map SetPreference50

no auto-summary

no synchronization

exit-address-family

address-family ipv4 vrf vpn_A

redistribute connected

redistribute static route-map SetPreference50

no synchronization

exit-address-family

Hi,

No auto-summary does not matter here. It is required only when u are using RIP, EIGRP etc.

If it is showing "MPLS required".. cross varify you have enabled mpls ip @ global configuration and @ interface configuration. If u have not enabled it @ interface or global, u can still see the routes as routes go via MPBGP but u can not ping each other.

Regards

Vikas Sharma

mpls ip is enabled both globally and locally. In fact i have noticed that in PE1 there is no vrf vpn_B and an address family for vpn_B. How can i clear this bgp route in this specific vrf?

Vasileios, there is nothing wrong with your setup at all. Please see the explanation below.

1) show mpls forwarding vrf x.

this command gives you output of the nexthop and the label reuqired only of the routes it is originating itself, and not for the remote routes.

For eg: On Pex-CEx.

If the PEx has received 10.1.1.1 route from CEx , then only you will see the nexthop and local label for the prefix in show mpls forwarding vrf x. If a route for eg 20.1.1.1 was received from PEy then it wont show up in show mpls forwarding vrf x but will only show up in show ip route vrf x.

2) MPLS Required: on the contrary this means that to switch the packets to that nexthop MPLS is required. If you do a show ip route vrf x x.x.x.x then you will see MPLS required mentioned for each and every route in that vrf except for routes which which were originated locally form a directly connected CE.

Referring to the example above in point 1, the same 10.1.1.1 route wont need MPLS as its connected to local CEx so there wont be MPLS required for show ip route vrf x.

But for 20.1.1.1 there wont be MPLS forwarding entry but there would be a MPLS reuqired entry in show ip route, as to reach this prefix on a remote PE MPLS is required till the remote PE.

So what you are seeing is normal.

HTH-Cheers,

Swaroop

Goodmorning and thanx for the responses. The weird thing is that the vrf routing table has the right routes, other vrf on the same router having the exact destination works just fine. We have don the whole mpls vpn on the router from the beginning, but nothing changed? Could it be an interface problem?

As mentioned in my earlier post, all the outputs you put across were normal and nothing was wrong with them, if you see when it works then also the outputs would be similar.

You might have had a problem at the IGP-LSP level when you were troubleshooting the VRF labels :-)

HTH-Cheers,

Swaroop

The isis is the IGP and works fine with the other vpns. The problem remains for days now and nothing indicates a problem in the IGP. I have really tried everything and nothing worked. Similar vpn that take the also take the routes from the main vpn work just fine.

Hi,

Just a small note: "show mpls forwarding" does only list the locally assigned labels other than "implicit null". Thus not every network will show up here, especially networks learned through BGP in a VRF do usually not have a locally assigned label and thus do not show up.

The command to look at is "show ip cef vrf ... detail" which will tell you, which label stack is implemented when sending a packet towards the specified destination network. In case you have multiple pathes to the BGP next hop you might see a "recursive" statement, i.e. you need another "show ip cef" for the BGP next hop to see the full label stack.

Hope this helps! Please rate all posts.

Regards, Martin