Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Unbale to configure MPLS VPN in the below scenario

Hi Experts,

I tried in my GNS3 lab for configuring MPLS VPN lab with the below attached scenario and configurations.

I am struggling to know what else should be configured on the P/PE /CE devices.

MPLS Flow diagram

R7-CE-Cust A

|

|

R3-PE--R4-P.Router---R5-PE--R8-CE-CustB

| |

| |

| R2 CE-CustA

R1( CE- CustB)

Please refer the attached diagram and configuration .

Request you to suggest with valuable posts to configure MPLS VPN with the below scenario.

Also Can any one confirm me if i can use 7206 vxr router in GNS3 lab along with IOS c7200-jk9s-mz.124-23.bin .

Highly appreciate your earliest response and posts.

Configuration attached for reference.

Thanks in advance!

Regards,

Mirza.

22 REPLIES
Silver

Re: Unbale to configure MPLS VPN in the below scenario

core backbone links should be configured with

mpls ip

mpls label protcol ldp

same above mentioned commands need to be enabled in global config also

mpls ip

mpls label protcol ldp

mpls ldp advertise-labels

under bgp address familiy of customer enable redistribute connetced and satatic

under Mp-iBGP use loopback as update source

You can refer my blog and find lot of good material http://shivlu.blogspot.com

regards

shivlu jain

regards

shivlu jain

Bronze

Re: Unbale to configure MPLS VPN in the below scenario

Hi,

As shivlu has said, configure the following

(config)# mpls ip

(config)# mpls label protcol ldp

(config-if)# mpls ip

(config-if)# mpls label protcol ldp

Are you running an IGP routing protocol between your backbone routers R3-R6? For the MPLS VPN to work then the loopback IPs of all the backbone routers must be known. ISPs will normally run ISIS in their backbone for this, however you can just configure static routes for GNS3. I see you've already configured the MP-BPG to use update-source loopback which is correct.

Once you've configured the routing for the loopbacks and enabled mpls then it should all start working.

You can check that LDP has created all the VPNV4 labels using the following on R3/R5/R6

sh mpls forwarding-table

You should see the VPNV4 routes with a [V] (on regular IOS) and you should see labels for all the MP-BGP neighbor loopbacks. Also you can see if your exchanging VPNV4 routes by typing the following

sh ip bgp vpnv4 all summary

sh ip bgp vpnv4 rd 1:1

sh ip bgp vpnv4 rd 1:1 x.x.x.x/24

For the code level, I use the "telco" image for GNS3 as it's small and includes MPLS/BGP. As long as it takes the "mpls ip" command you're OK.

Regards

New Member

Re: Unbale to configure MPLS VPN in the below scenario

Thanks Shivlu for your posts.

I am still unable to establish MPLS VPN using the below scenario with your above posts.::(.

Can you or somebody go through my configs attached and suggest the missing configurations for MPLS VPN.

I have to setup this task in my organsation.

Highly appreciate your efforts.

Thanks ,Mirza.

Bronze

Re: Unbale to configure MPLS VPN in the below scenario

Hi,

Can you please post the output of the following from R3

sh mpls forwarding-table

sh ip bgp vpnv4 all summary

sh ip ro 150.1.5.5

sh ip ro 150.1.6.6

sh run int lo0

Regards

Silver

Re: Unbale to configure MPLS VPN in the below scenario

can you check whether your mpls ldp neighbors is coming up or not.

Command for check:-

show mpls ldp neighbors

regards

shivlu jain

New Member

Re: Unbale to configure MPLS VPN in the below scenario

Hi James/Shivlu & Experts,

Thanks for your continuous follow-up.

Currently my MP-BGP established . I am still confused to configure static routes from where to where & MPLS commands if any missed out.

Attaching you the existing config and show commands for your reference.

I suspect i am missing something on static routes may be.

Highly appreciate your efforts.

Thanks ,

Mirza.

New Member

Re: Unbale to configure MPLS VPN in the below scenario

Hello

are u running any IGP to ensure the reachability of the IBGP neighbors within AS 101. if not how is the reachability achieved

New Member

Re: Unbale to configure MPLS VPN in the below scenario

Hello,

I am using Static route on R3/R5/R6 on PE routers and also on R4- P router.

also using redistribute connected on on R3/R5/R6 .

Would you plz go through my previous post which are attached with configurations and let me know if i missed out any or wrongly configured.

Thanks,

Mirza.

Bronze

Re: Unbale to configure MPLS VPN in the below scenario

Hi Mirza,

Thanks for posting the output. I've spotted a couple of things.

1) Please change all of your loopback addresses to have a /32 subnet mask. I've noticed that one of them is a /24. This can cause problems with LDP.

2) For MP-BGP to come up you must have a route for the peers router-id otherwise LDP won't create a label. On R3 you don't have a route for 150.1.5.5 or .6. If you are using static routes please ensure that all the PE routers (and R4) can route to each others loopback addresses. Otherwise you need to run ISIS in your core.

You can see from "sh ip bgp vpnv4 all summary" that MP-BGP is down because no routes have been exchanged to 150.1.5.5 and .6 (due to no routes).

Also "sh mpls forwarding-table" is only showing locally attached routes, you have no labels for remote subnets

Regards

New Member

Re: Unbale to configure MPLS VPN in the below scenario

Hello James,

Thanks for your above Inputs.

Should my static route look likes this?

R3:

ip route 150.1.3.3 255.255.255.255 150.1.6.6.

ip route 150.1.3.3 255.255.255.255 150.1.5.5.

Similarly on R5 & R6.

but still result is same.

Could you plz go through my static routes and eigrp config in the attached.

I am using eigrp on R1/R2/R7/R8 - does it reqd.

Can u suggest wht comand shld i use to see R5& R6 routes from R3 loc.

Sincerely thanking you for your continuous advice.

Thanks,

Mirza.

Bronze

Re: Unbale to configure MPLS VPN in the below scenario

Hi Mirza,

Your static routes on R3 for example will be

ip route 150.1.5.5 255.255.255.255 192.168.34.2

ip route 150.1.6.6 255.255.255.255 192.168.36.2

On R4 they will be

ip route 150.1.5.5 255.255.255.255 192.168.45.1

ip route 150.1.3.3 255.255.255.255 192.168.34.1

In the core the important thing is to have all the MP-BGP loopbacks present in order to bring up MP-BGP. You also need LDP enabled everywhere.

Normally these routes are distributed via ISIS in a production core. Hopefully this will be enough to get MP-BGP. Once the MP-BGP is up all the routes for each remote vrf should get populated.

Remember to use the following to validate your configurations

sh mpls forwarding-table

sh ip bgp vpnv4 all summary

Regards

New Member

Re: Unbale to configure MPLS VPN in the below scenario

Hello James,

Finally my MP-BGP came-up after a long trouble :)

After this , I wanted to know will I be able to ping from to the follwoing .

R3- R5 /R3-R7/R3-R8/R3-R2 .currently i am not able to ping these.

Also currently i am not able to see 150.1.5.5 & 150.1.6.6 from R3 by the below commmand.

R3 :- sh ip bgp 150.1.5.5

sh ip bgp 150.1.6.6/150.1.3.3

shows error as network not in table

where as can see routes of 150.1.1.1.

Can you also check my RIP on R1/R2/R7/R8..does it reqd.I want to ping from R1-R8/R1-R7 ....

I am very delighted to reach at this stage of MPLS with all your & Shivlu support.

Attaching the configurations & output result for reference.

Thanks,

Mirza.

New Member

Re: Unbale to configure MPLS VPN in the below scenario

Hi Mirzaak,

I have built your topology and configure basic MPLS VPN by using 3600 routers on the core (r3,r4,r5,r6) and 2600 for the CEs. But since i want to do it very quickly, i did not use any frame relay switch, so all serial are back to back hdlcs.

I use OSPF for core routing.

LDP for mpls labels

For Customer B i run Ospf between them and for customer A one site runs BGP and the other runs eigrp.

This should be a very basic setup.

From your configs, some of the errors have been corrected by others, but i suppose your redistribution was not correct and you do not have next hop self in the vpnv4 neighbors.

i attached here a zip file containing the NET file saved by GNS3 and also all the router final config.

Hope this helps.

It sure helps me practice :)

New Member

Re: Unbale to configure MPLS VPN in the below scenario

Hi Maldin,

Thanks for your Posts and it looks good.

I shall simulate them once i achieve complete Lab for my above scenario.

Attaching my current scenario diagram for you, for which i have used 7206 vxr module for all routers.

Thanks,

Mirza.

New Member

Re: Unbale to configure MPLS VPN in the below scenario

Hi James & Shivlu,

Could you please send your inputs on my previous Post.

Appreciate your efforts on my query.

Thanks,

Mirza.

New Member

Re: Unbale to configure MPLS VPN in the below scenario

Mirza,

I build the topology i posted based on your diagram including the IP addresses, except for some loopbacks that were not there.

I also remove the static route in R4. The bgp for vpnv4 only runs on r3, r5 and r6. r4 is a pure P router with no bgp.

i suggest you load the net file i include and see first. There is no use of using 7206 vxr unless you want to try the AToM feature.

With the topology i gave you it should be able to do MPLS Te and also MPLS Multicast.

New Member

Re: Unbale to configure MPLS VPN in the below scenario

Hello Maldin,

Let me for sure try to understand your above posts :), as i was more focused to resolve my existing issue so was concentrating on it.

Can u post some good scenario on MPLS TE..

Thanks,

Mirza.

New Member

Re: Unbale to configure MPLS VPN in the below scenario

Hello James,

I have a got doubt on the above static route configuration :( that why do we need to configure Static route from R3- R5/R6 and vice versa from remaining PE's.

As we already have IBGP configured with a full mesh between PE router.

Can u please expalin to me.

Appreciate your valuable response.

Thanks,

Mirza.

Bronze

Re: Unbale to configure MPLS VPN in the below scenario

Hello Mirza,

Let me explain generally how an MPLS network is setup. For the routing then normally you will have the following setup.

CE-PE eBGP is configured

PE-PE MP-BGP is configured to distribute customer routes

PE-P-PE ISIS is configure to distribute PE/P loopback addreses to allow the MP-BGP sessions to come up.

The BGP session between each PE router is distributing VPN4 routes NOT routes from the global routing table. ie routes between VRFs

A good book on MPLS is "MPLS fundamentals" or the "MPLS & VPN Architecture" books.

Regards

James

New Member

Re: Unbale to configure MPLS VPN in the below scenario

Hi James,

My Sincere admiration to you for your above all posts.

I have successfully configured (believe so :) ) MPLS- VPN.

Following are my queries at the end of this excercise.

1) Can i ping from R1 to R8 IP.

2) Can i ping R3 to R5 IP's ( if not why)

3) Can i ping from R3 to R8 Interface IP.

4) Is there any way i can get output for the below command ....( by adding some more confiuration)

R3#sh ip route 150.1.7.7

5) In real scenarion does CustB VRF R1 & R8 /Cust A VRF routers R2 & R7 ping/communicate each other ? If not how packet will reach?

once again great thanks for your great explanation!

attaching my Show results/config /diagrams for your reference.

Thanks,

Mirza.

Bronze

Re: Unbale to configure MPLS VPN in the below scenario

Hi Mirza,

Well done configuring MPLS VPN !! Here are some answers to your questions

1) Yes, this is because you have reditribute connected. You can also try pinging from the insed interface ie "ping x.x.x.x source fa0/1"

2) Not required for MPLS to work, it depends on your global routing tables on the PE and P routers. If you have all the routes in there then it will work.

3) No. But you can ping from the VRF ie "ping vrf CustB x.x.x.x"

4) This IP is R7 loopback address. This address isn't in the global routing table but should be in VRF CustA, so you can do "sh ip route vrf CustA 150.1.7.7"

5) In real world this is not that common. However maybe a large company has two MPLS networks ie EMEA and America or ABC-Electronics & ABC-VideoGames. Then you may want to have customers talk to each other. This can be done with the following

ip vrf CustA

rd 100:1

route-target export 1000:1

route-target import 1000:1

route-target export 1000:100

ip vrf CustB

rd 100:2

route-target export 2000:1

route-target import 2000:1

route-target import 1000:100

Where RT 1000:1 is just used for CustA to talk to other CustA sites, similarly for 2000:1 and RT 1000:10 is used to put routes from CustA into CustB. Of course you would need to put some routes back the other way. This will do all routes, however you can also select routes to export with the following

ip vrf CustA

export map EXPORT_MAP

!

route-map EXPORT_MAP permit 10

match ip address prefix-list exported-routes-list

set extcommunity rt 1000:1

Regards

New Member

Re: Unbale to configure MPLS VPN in the below scenario

Hi James,

Query 1 : i tried using extended ping to 150.1.8.8 from R1 keeping sourece as loopback..but unbale to ping

Quer2: Can u plz identify if any thing missing between R3-R4-R5 config part.

Query3: I am unable to ping from R3 using the comand --ping vrf CustB 150.1.8.8.

Query 4 & 5 i am able to completely understand :)

Thanks for the awesome explanations.

Thanks ,

Mirza.

581
Views
21
Helpful
22
Replies
CreatePlease to create content