FLEXoMPLS issue

test2000 · ‎01-20-2014

Hi there,

I have an issue where i am unable to route from the hub to the remote site when using FLEXoMPLS,

Everything works and the tunnel sets up fine, though the cloned virtual-access interface isn't used in any routing table as a recursive.

The route shoud be attached to the virtual-access interface

hub#sho ip cef vrf BLUE detail | sec label

192.168.99.0/24, epoch 0, flags rib defined all labels

recursive via 10.0.0.1 label 17

recursive via 0.0.0.0/0

recursive via 172.16.1.1

attached to Ethernet0/2

hub#

hub#sho ip int brie

...Loopback0 10.0.0.254 YES NVRAM up up

Virtual-Access1 10.0.0.254 YES unset up up

Virtual-Template1 10.0.0.254 YES unset up down

my hub configuration is attached....

any help would be appreciated!!

Marcin Latosiewicz · ‎01-20-2014

Lee,

Just for clarification, this is MPLS over Flex not Flex over MPLS :-)

I've been interested in this kind of deployment for a while, I'll try to setup it up tomorrow or the day after and see what I can get for you.

What's the IOS version you're running this one.

M.

test2000 · ‎01-20-2014

That would be great thanks.... I am planning to use this for approx 500 sites as VRFs are used at remotes and want to remain separate up to the headend...

The only version of code I have at the mo is 15.2T, hoping it isn't a bug...

Thx,
Lee

Sent from Cisco Technical Support iPad App

Marcin Latosiewicz · ‎01-21-2014

Lee,

Had some problems with 15.2, but tried with 15.4.1T1.

Hub#traceroute vrf BLUE 192.168.101.1 source e1/1

Type escape sequence to abort.

Tracing the route to 192.168.101.1

VRF info: (vrf in name/id, vrf out name/id)

1 192.168.101.1 6 msec * 5 msec

Hub#show ip cef vrf BLUE 192.168.101.1 det

192.168.101.0/24, epoch 0, flags rib defined all labels

recursive via 10.1.1.178 label 16

attached to Virtual-Access3

Hub#sh run | s r b

router bgp 65001

bgp log-neighbor-changes

bgp listen range 10.1.1.0/24 peer-group Spokes

neighbor Spokes peer-group

neighbor Spokes remote-as 65001

neighbor 2001:DB8:1999:: remote-as 65001

neighbor 2001:DB8:1999:: update-source Loopback100

neighbor 192.168.0.2 remote-as 65001

!

address-family ipv4

network 192.168.0.0

neighbor Spokes activate

no neighbor 2001:DB8:1999:: activate

neighbor 192.168.0.2 activate

neighbor 192.168.0.2 route-reflector-client

neighbor 192.168.0.2 next-hop-self all

neighbor 192.168.0.2 unsuppress-map ALL

exit-address-family

!

address-family vpnv4

neighbor Spokes activate

neighbor Spokes send-community extended

exit-address-family

!

address-family ipv6

neighbor 2001:DB8:1999:: activate

exit-address-family

!

address-family ipv4 vrf BLUE

network 192.168.0.0

redistribute connected

exit-address-family

Hub#sh ip route vrf BLUE

Routing Table: BLUE

(...)

Gateway of last resort is not set

192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.0.0/24 is directly connected, Ethernet1/1

L 192.168.0.1/32 is directly connected, Ethernet1/1

B 192.168.101.0/24 [200/0] via 10.1.1.178, 00:07:13

B 192.168.102.0/24 [200/0] via 10.1.1.179, 00:07:13

from spoke

Spoke1#traceroute vrf BLUE 192.168.0.1 source e1/1
Type escape sequence to abort.
Tracing the route to 192.168.0.1
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.0.1 5 msec *  6 msec
Spoke1#show ip cef vrf BLUE 192.168.0.1 det
192.168.0.0/24, epoch 0, flags rib defined all labels
  recursive via 10.1.1.1 label 16
    attached to Tunnel1
Spoke1#sh run | s r b
router bgp 65001
 bgp log-neighbor-changes
 network 192.168.101.0
 neighbor 10.1.1.1 remote-as 65001
 !
 address-family vpnv4
  neighbor 10.1.1.1 activate
  neighbor 10.1.1.1 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf BLUE
  network 192.168.101.0
  redistribute connected
 exit-address-family
Spoke1#sh ip route vrf BLUE
Routing Table: BLUE
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override
Gateway of last resort is not set
B     192.168.0.0/24 [200/0] via 10.1.1.1, 00:08:35
      192.168.101.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.101.0/24 is directly connected, Ethernet1/1
L        192.168.101.1/32 is directly connected, Ethernet1/1

test2000 · ‎01-21-2014

Thanks a lot Marvin!... So the IOS I have looks to be limited.

Out of interest does the virtual-access interface show in the global routing table?

Sent from Cisco Technical Support iPad App

Marcin Latosiewicz · ‎01-21-2014

Lee,

Hub#sh run | s Virtual

interface Virtual-Template1 type tunnel

ip unnumbered Loopback100

ip mtu 1400

ip nhrp network-id 2

ip nhrp redirect

ip tcp adjust-mss 1360

ipv6 unnumbered Loopback100

ipv6 enable

mpls bgp forwarding

tunnel path-mtu-discovery

tunnel protection ipsec profile default

Hub#show mpls forwarding-table

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface

16 No Label 192.168.0.0/24[V] \

0 aggregate/BLUE

Everything is global.

I'm wondering if this is actually a valid way to do things, let me pick brains of some of the MPLS folks here.

M.

test2000 · ‎01-22-2014

Hi Marcin,

I will have a topology of 4 ASR hub routers, 2 at one site, 2 in another. I am planning on the spoke routers having 4 tunnels constantly up, one to each hub. I have read in one of your web pages that Cisco recommend iBGP between hub and spoke routers. This is fine, though will need to route-reflect between all the hubs.

The tunnels will be authenticated with a RADIUS a the headend, hence I don't believe with shortcut routing we can authenticate against the RADIUS, or will the Hub router still proxy auth requests for spoke to spoke?

Cheers,

Lee.