MPLS Config

I want to create one scenario using L3 VPN MPLS.Can any one tell me what config is require on R1,R2,R3,R4 in MPLS cloud.
So that i can ping CE2 from CE1.
Pls find the attachment.
Thanx.....

Hello Arjun,
the following steps are required:
a) building the network infrastructure using an IGP: for example OSPF
Allocate /32 loopbacks on all R1-R4.
For example:
Ri : Loop0 ip address 10.250.250.i/32
int loop0
ip address 10.250.250.i 255.255.255.255
desc loop used as LDP router-id, BGP RID
network infrastructure:
let's suppose we use 10.10.10.0/24 with subnettting for all backbone links between R1-R4
OSPF config
router ospf 10
router-id 10.250.250.i
network 10.10.10.0 0.0.0.255 area 0
network 10.250.250.i 0.0.0.0 area 0
verify you can ping from loopback to loopback using extended ping
b) enable MPLS on all routers
ip cef
mpls ip
mpls label protocol ldp
mpls ldp router-id loop0 force
on all backbone interfaces with ip addresses in 10.10.10.0/24 add
int type x/y
mpls ip
verify again connectivity of loopbacks
verify with
sh mpls forwarding 10.250.250.i
what action is associated to each loopback
c) enable iBGP multiprotocol
let's use AS 65000
router bgp 65000
bgp router-id 10.250.250.i
no bgp default ipv4-unicast
neigh 10.250.250.j remote-as 65000
neigh 10.250.250.j update-source loop0
! do it for all three other routers
address-family vpnv4
neigh 10.250.250.j activate
neigh 10.250.250.j send-community both
! again do this for all three routers
use
sh ip bgp vpvn4 all summary to check
every router should see 0 prefixes from the other three
d) create the VRF
ip vrf TEST
rd 65000:101
route-target export 65000:1001
router-targer import 65000:1001
associate the link to CE with the VRF
int type x/y
ip vrf forwarding TEST
! caution you need to retype the ip address command as desired
router bgp 65000
address-family ipv4 vrf TEST
red connected
no sync
do this on both R1 and R2
now if you do
sh ip bgp v a s you should 1 prefix advertised by R1 and 1 by R2.
Note:
there can be some syntax errors
I wrote on the fly
Edit:
to be able to ping from LAN to LAN you need to decide how PE and CE should communicate.
the simplest solutions are:
static routes
or an eBGP session to be configured on the PE side under
router bgp 65000
address-family ipv4 vrf TEST
for static routes:
red static
for eBGP session:
neighbor CE-address remote-as 65200
for static routes the keyword vrf TEST has to be added to the command
Hope to help
Giuseppe

Similar Messages

MPLS Config on RV042

Hello all,
I am having 2 offices. 1 is my headoffice & other is my Branch Office.
I am having MPLS Connectivity at both ends & Internet Connectivity at Head office.
I am Having Cisco RV042 Routers at both ends. At my Head Office I terminated MPLS & Internet Link on RV042 & then i am having CISCO ASA 5510 Firewall.
I want to connect my 2 offices using MPLS & want my Branch office should get internet connetivity from my Headoffice Only Through MPLS.
& As i am having ASA 5510 a @ my Head office I want my Branch office traffic should follow the rules appliedin ASA Which is @ my Head office.
Head office LAN : 192.168.0.0/24
Branch Office LAN : 192.168.1.0 /24
Please Help me....

indy suggests you chat online with a engineer, which is a good idea.
Since you have both RV042 communicating on a MPLS network. and there is no need for the routers to anything but route then I am wondering if the RV042 are in gateway mode (the default) or router mode ?
Router mode will disable the NAT and firewall (i believe) and just allow IP routing between the two networks. I think this is the better mode for just routing between networks. Allow the ASA to perform the NATting and firewall.
A default route at the far end router and a static route pointing to the remote router . I have no idea of the gateway adresses or RV042 WAN addresses, so my screen capture below of the HQ router looks a but exaggerated. The HQ router also needs a default route that point to the ASA5505 as the next hop. But your question lacks a topology diagram that better explains your setup.
I have shown a screen capture using old software on the RV042 that shows the section you may have to adjust.
At least it's something to think about and try, before you chat with a technician
regards Dave

MPLS Config Help

This is driving me insane, it's not a difficult problem, I have a loopback in the VRF on both cores, configurations were copy and pasted to ensure they were identical, BGP peer's are up, redistribution is working fine, but I cannot ping between the loopbacks!
I have 2 6509's, connected with a 802.1q trunk
Configuration:
ip vrf Testing
rd 111:1
route-target both 111:1
int vlan 400
ip address 10.65.65.2 255.255.255.0
mpls ip
int loopback 0
ip address 10.65.64.255
router eigrp 64
no auto-summary
network 10.0.0.0 0.31.255.255
network 10.32.0.0 0.15.255.255
network 10.48.0.0 0.7.255.255
network 10.64.0.0 0.63.255.255
network 10.128.0.0 0.127.255.255
address-family ipv4 vrf Testing
no auto-summary
network 10.0.0.0 0.31.255.255
network 10.32.0.0 0.15.255.255
network 10.48.0.0 0.7.255.255
network 10.64.0.0 0.63.255.255
network 10.128.0.0 0.127.255.255
default-metric 10000 100 255 1 1500
autonomous 111
redistribute bgp 65064
router bgp 65064
no auto-summ
no synch
network 0.0.0.0
neighbor R peer-group
neighbor R remote-as 65064
neighbor R update-source loop 0
neighbor 10.65.64.254 peer-group R
address-family vpnv4
neighbor 10.65.64.254 peer-group R
neighbor R send-community both
address-family ipv4 vrf Testing
no auto-summ
no synch
redistribute eigrp 111
int loopback 99
ip vrf forward Testing
ip address 10.111.1.1 255.255.255.0
Router 1:
show ip bgp neighbor:
BGP neighbor is 10.65.64.254, remote AS 65064, internal link
Member of peer-group R for session parameters
BGP version 4, remote router ID 10.65.64.254
BGP state = Established, up for 03:36:33
For address family: VPNv4 Unicast
BGP table version 10, neighbor version 10/0
Output queue size : 0
Index 1, Offset 0, Mask 0x2
1 update-group member
R peer-group member
Community attribute sent to this neighbor
                                 Sent       Rcvd
Prefix activity:               ----       ----
    Prefixes Current:               2          1 (Consumes 68 bytes)
show ip route vrf Testing:
Gateway of last resort is not set
     10.0.0.0/24 is subnetted, 3 subnets
C       10.111.2.0 is directly connected, Loopback99
C       10.111.22.0 is directly connected, Loopback98
B       10.111.1.0 [200/0] via 10.65.64.254, 03:38:30
show mpls ldp neigh:
Peer LDP Ident: 10.65.64.254:0; Local LDP Ident 10.65.64.255:0
        TCP connection: 10.65.64.254.646 - 10.65.64.255.36970
        State: Oper; Msgs sent/rcvd: 793/795; Downstream
        Up time: 02:12:39
        LDP discovery sources:
          Vlan400, Src IP addr: 10.65.65.3
Router 2:
show ip bgp neighbor:
BGP neighbor is 10.65.64.255, remote AS 65064, internal link
Member of peer-group R for session parameters
BGP version 4, remote router ID 10.65.64.255
BGP state = Established, up for 03:39:34
For address family: VPNv4 Unicast
BGP table version 10, neighbor version 10/0
Output queue size : 0
Index 1, Offset 0, Mask 0x2
1 update-group member
R peer-group member
Community attribute sent to this neighbor
                                 Sent       Rcvd
Prefix activity:               ----       ----
    Prefixes Current:               1          2 (Consumes 136 bytes)
    Prefixes Total:                 1          3
    Implicit Withdraw:              0          1
    Explicit Withdraw:              0          0
    Used as bestpath:             n/a          2
    Used as multipath:            n/a          0
show ip route vrf Testing:
Gateway of last resort is not set
     10.0.0.0/24 is subnetted, 3 subnets
B       10.111.2.0 [200/0] via 10.65.64.255, 03:41:22
B       10.111.22.0 [200/0] via 10.65.64.255, 02:35:31
C       10.111.1.0 is directly connected, Loopback99
From router 2:
R2#ping vrf Testing 10.111.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.111.1.1, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R2#ping vrf Testing 10.111.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.111.2.1, timeout is 2 seconds:
Success rate is 0 percent (0/5)

Thanks for the reply, even with specifying a source address within the VRF I am unable to successfully ping.
R1#show ip bgp vpnv4 all labels
   Network          Next Hop      In label/Out label
Route Distinguisher: 111:1 (Testing)
   10.111.1.0/24    10.65.64.254    nolabel/26
   10.111.2.0/24    0.0.0.0         IPv4 VRF Aggr:26/nolabel(Testing)
   10.111.22.0/24   0.0.0.0         IPv4 VRF Aggr:26/nolabel(Testing)
The forwarding detail is actually a large output (several hundred interfaces active on this router), so I grabbed the Testing VRF and a random label:
26         Pop Label IPv4 VRF[V]      0             aggregate/Testing
        MAC/Encaps=0/0, MRU=0, Label Stack{}
        VPN route: Testing
        No output feature configured
31         No Label   10.6.16.0/24     0             Po1        10.64.1.254
        MAC/Encaps=14/14, MRU=1504, Label Stack{}
        0024509DE8000023EA356C000800
        No output feature configured
    Per-destination load-sharing, slots: 0 4 8 12
           No Label   10.6.16.0/24     0             Vl488      10.66.80.3
        MAC/Encaps=14/14, MRU=1504, Label Stack{}
        0024509DE8000023EA356C000800
        No output feature configured
    Per-destination load-sharing, slots: 1 5 9 13
           No Label   10.6.16.0/24     0             Vl493      10.66.85.3
        MAC/Encaps=14/14, MRU=1504, Label Stack{}
        0024509DE8000023EA356C000800
        No output feature configured
    Per-destination load-sharing, slots: 2 6 10 14
           No Label   10.6.16.0/24     0             Vl505      10.66.97.3
        MAC/Encaps=14/14, MRU=1504, Label Stack{}
        0024509DE8000023EA356C000800
        No output feature configured
    Per-destination load-sharing, slots: 3 7 11 15
R1#show mpls int detail
Interface Vlan400:
        IP labeling enabled (ldp)
        LSP Tunnel labeling not enabled
        BGP labeling not enabled
        MPLS operational
        MTU = 1500
R1#show ip cef vrf Testing 10.111.1.1 detail
10.111.1.0/24, epoch 3, flags rib defined all labels
NetFlow: Origin AS 0, Peer AS 0, Mask Bits 24
recursive via 10.65.64.254 label 26
    nexthop 10.64.1.254 Port-channel1 unusable: no label
R2#show ip bgp vpnv4 all labels
   Network          Next Hop      In label/Out label
Route Distinguisher: 111:1 (Testing)
   10.111.1.0/24    0.0.0.0         IPv4 VRF Aggr:26/nolabel(Testing)
   10.111.2.0/24    10.65.64.255    nolabel/26
   10.111.22.0/24   10.65.64.255    nolabel/26
26         Pop Label IPv4 VRF[V]      0             aggregate/Testing
        MAC/Encaps=0/0, MRU=0, Label Stack{}
        VPN route: Testing
        No output feature configured
37         No Label   10.6.124.0/24    0             Se7/1/1    point2point
        MAC/Encaps=4/4, MRU=4474, Label Stack{}
        0F000800
        No output feature configured
R2#show mpls int detail
Interface Vlan400:
        IP labeling enabled (ldp)
        LSP Tunnel labeling not enabled
        BGP labeling not enabled
        MPLS operational
        MTU = 1500
R2#show ip cef vrf Testing 10.111.2.1 detail
10.111.2.0/24, epoch 5, flags rib defined all labels
NetFlow: Origin AS 0, Peer AS 0, Mask Bits 24
recursive via 10.65.64.255 label 26
    nexthop 10.64.1.253 Port-channel1 unusable: no label

Is MPLS possible on a 1721?

hi all!
is it possible to use MPLS with a Cisco 1721?
If it is possible, what featureset shoud i use?
How could a MPLS-Config look like?
I hope you can help me!
thx
Richard

MPLS is not supported on 1721 .
Go to Feature Navigator tool at
www.cisco.com/go/fn .
Select "MPLS" as a feature. FN will show you all
supporting plattforms, IOS versions and feature sets.
Cheers
Andreas

About AToM (pe to pe)

7304做MPLS配置：MPLS VPN三层没有问题，二层VPN建立VC有问题，无法解决！！！请求关注！！！
Router#sh run
Building configuration...
Current configuration : 1802 bytes
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
enable password xxxx
hostname Router
logging snmp-authfail
logging queue-limit 100
ip subnet-zero
no ip domain-lookup
ip cef
ip vrf xjccw
rd ....
route-target export ....
route-target import ....
mpls ldp logging neighbor-changes
interface Loopback0
ip address 10.254.254.200 255.255.255.255
no ip route-cache
no ip mroute-cache
interface FastEthernet0
no ip address
no keepalive
shutdown
duplex auto
speed auto
interface GigabitEthernet0/0
description connect to GSR
mtu 1800
ip address 10.4.10.201 255.255.255.252
negotiation auto
tag-switching ip
interface GigabitEthernet0/1
mtu 1800
no ip address
negotiation auto
interface GigabitEthernet0/1.2
description connect to xjccw
encapsulation dot1Q 2
ip vrf forwarding xjccw
ip address 192.168.100.1 255.255.255.0
interface GigabitEthernet0/1.100
description connect to test_3550
encapsulation dot1Q 100
mpls l2transport route 10.254.254.129 100
tag-switching ip
router ospf 1
log-adjacency-changes
network 10.4.10.200 0.0.0.3 area 0
network 10.254.254.200 0.0.0.0 area 0
router bgp 100
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.254.254.129 remote-as 100
neighbor 10.254.254.129 update-source Loopback0
address-family ipv4
no auto-summary
no synchronization
exit-address-family
address-family ipv4 multicast
no auto-summary
exit-address-family
address-family vpnv4
neighbor 10.254.254.129 activate
neighbor 10.254.254.129 send-community extended
no auto-summary
exit-address-family
address-family ipv4 vrf xjccw
redistribute connected
no auto-summary
no synchronization
exit-address-family
ip classless
no ip http server
line con 0
logging synchronous
line aux 0
line vty 0 4
password xjccw
exec-timeout 0 0
end
在GSR上做完MPLS L2TRANSPORT ROUTE 10.254.254.129 10时出现如下情况：
MPLS config error: 10.4.10.202 is not a valid LDP id, use 10.254.254.129 instead
09:22:10: %LDP-5-NBRCHG: TDP Neighbor 10.254.254.129:0 is UP
09:22:10: %TDP-4-PTCL: peer 10.254.254.129:0, bad PIE len
09:22:10: PDU HDR:
09:22:10: 0x00 0x01 0x00 0x3E 0x0A 0xFE 0xFE 0x81 0x00 0x00 0x04 0x00
09:22:10: PIE HDR:
09:22:10: 0x0B 0x96 0x01 0x00
09:22:10: %LDP-5-NBRCHG: TDP Neighbor 10.254.254.129:0 is DOWN

刚开始在7206做实验，结果三层VPN和二层VPN都不通，郁闷中。。。。。。
升级其IOS，还是不行，只能在7304上做实验，结果。。。。。。。。
7206-test#sh run
Building configuration...
Current configuration : 1823 bytes
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname 7206-test
boot-start-marker
boot-end-marker
ip subnet-zero
ip cef
no ip domain-lookup
ip vrf xjccw1
rd ...
route-target export ...
route-target import ...
interface Loopback0
ip address 10.254.254.201 255.255.255.255
no ip directed-broadcast
interface FastEthernet0/0
no ip address
no ip directed-broadcast
duplex half
speed auto
interface FastEthernet0/0.101
description connect to sitB1_vc101_GSR
encapsulation dot1Q 101
no ip directed-broadcast
tag-switching ip
no cdp enable
xconnect 10.254.254.129 101 encapsulation mpls
interface FastEthernet0/0.105
description connect to xjccw1
encapsulation dot1Q 105
ip vrf forwarding xjccw1
ip address 192.168.10.1 255.255.255.0
no ip directed-broadcast
interface FastEthernet0/1
no ip address
no ip directed-broadcast
shutdown
duplex half
speed auto
interface POS2/0
description connect to GSR
ip address 10.4.10.205 255.255.255.252
no ip directed-broadcast
tag-switching ip
fair-queue 64 256 0
router ospf 1
log-adjacency-changes
network 10.4.10.204 0.0.0.3 area 0
network 10.254.254.201 0.0.0.0 area 0
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 10.254.254.129 remote-as 100
neighbor 10.254.254.129 update-source Loopback0
no auto-summary
address-family vpnv4
neighbor 10.254.254.129 activate
neighbor 10.254.254.129 send-community extended
exit-address-family
address-family ipv4 vrf xjccw1
redistribute connected
no auto-summary
no synchronization
exit-address-family
ip classless
line con 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
no cns aaa enable
end

EoMPLS over interface VLAN on 7600??

Hi all,
I ve read EoMPLS will not work on interface VLAN's in 7600 series routers... Is it for any specific IOS bug (if so is the same be fixed?) or the platform itsefl will not support...
Because we have an EoMPLS customer who is not able to work on interface VLAN..
Thanks in advance....

I got the below message as well:
LAB-R5-7604-CDAC-II(config-if)#mpls ip
MPLS CONFIG on LAN NOT RECOMMENDED: Cross-connect is currently configured
on interface vlans and WAN interfaces are facing the MPLS core.
By configuring MPLS on LAN interfaces, AToM on vlan interfaces may be non
functional.
LAB-R5-7604-CDAC-II(config-if)#mpls mtu 1546

VPLS problem

Hi dear all
Currently we are facing an issue in a VPLS network and I will appreciate your help if you know the solution, thanks in advance.
We have the following topology :
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin-top:0cm;
mso-para-margin-right:0cm;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0cm;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:Arial;
mso-bidi-theme-font:minor-bidi;
mso-ansi-language:EN-US;
mso-fareast-language:EN-US;}
All routers (PA,PB,PC) have Sup32-8GE-3B without any extra line cards . We configure VPLS on all routers. All routers have the following running configuration . Also verifications show that everything is ok .
1.    Is it possible to configure VPLS on Sup32-GE-3B without any extra line cards?
2.    Why configuration has been done but :
         a.    There is not communication between 3 Cust-A sites (L2 connectivity).
         b.    The following error message displayed when add “IP MPLS” command for uplinks.
MPLS CONFIG on LAN NOT RECOMMENDED: Cross-connect is currently configured on interface vlans   and WAN interfaces are facing the MPLS core. By configuring MPLS on LAN interfaces, AToM on vlan interfaces may be non functional.
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin-top:0cm;
mso-para-margin-right:0cm;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0cm;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:Arial;
mso-bidi-theme-font:minor-bidi;
mso-ansi-language:EN-US;
mso-fareast-language:EN-US;}
PA-7609#sh run
Building configuration...
Current configuration : 4030 bytes
! Last configuration change at 14:54:05 UTC Thu Jul 29 2010
! NVRAM config last updated at 14:07:27 UTC Thu Jul 29 2010
upgrade fpd auto
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service counters max age 5
hostname PA-7609
boot-start-marker
boot system sup-bootdisk:c7600s3223-advipservicesk9-mz.122-33.SRB7.bin
boot-end-marker
enable secret 5 $1$FIyH$5AHHV2qA0noZemUJhZBCL0
no aaa new-model
platform vfi dot1q-transparency
ip subnet-zero
ip vrf forwarding
no ip domain-lookup
ipv6 mfib hardware-switching replication-mode ingress
vtp mode transparent
mls ip multicast flow-stat-timer 9
mls flow ip interface-full
no mls flow ipv6
no mls acl tcam share-global
mls cef error action reset
mpls label protocol ldp
spanning-tree mode pvst
spanning-tree extend system-id
system flowcontrol bus auto
diagnostic cns publish cisco.cns.device.diag_results
diagnostic cns subscribe cisco.cns.device.diag_commands
redundancy
mode rpr
main-cpu
auto-sync running-config
vlan internal allocation policy ascending
vlan dot1q tag native
vlan access-log ratelimit 2000
vlan 100
pseudowire-class mpls
encapsulation mpls
l2 router-id 10.1.1.1
l2 vfi VPLS1 autodiscovery
vpn id 100
interface Loopback1
ip address 10.1.1.1 255.255.255.255
interface GigabitEthernet5/1
no ip address
shutdown
interface GigabitEthernet5/2
no ip address
shutdown
interface GigabitEthernet5/3
no ip address
shutdown
interface GigabitEthernet5/4
no ip address
shutdown
interface GigabitEthernet5/5
no ip address
shutdown
interface GigabitEthernet5/6
no ip address
shutdown
interface GigabitEthernet5/7
no ip address
shutdown
interface GigabitEthernet5/8
no ip address
shutdown
interface GigabitEthernet5/9
no ip address
shutdown
interface GigabitEthernet6/1
ip address 192.168.0.1 255.255.255.252
mpls ip
interface GigabitEthernet6/2
ip address 172.16.0.1 255.255.255.252
mpls ip
interface GigabitEthernet6/3
ip address 192.168.1.18 255.255.255.252
mpls ip
interface GigabitEthernet6/3.200
encapsulation dot1Q 300
interface GigabitEthernet6/4
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100
switchport mode trunk
interface GigabitEthernet6/5
no ip address
shutdown
interface GigabitEthernet6/6
no ip address
interface GigabitEthernet6/7
no ip address
interface GigabitEthernet6/8
no ip address
interface GigabitEthernet6/9
ip address 200.200.200.1 255.255.255.0
interface Vlan1
no ip address
shutdown
interface Vlan100
no ip address
xconnect vfi VPLS1
router ospf 1
log-adjacency-changes
network 10.1.1.0 0.0.0.255 area 0
network 172.16.0.0 0.0.0.255 area 0
network 192.168.0.0 0.0.0.255 area 0
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
bgp update-delay 1
neighbor 10.1.1.2 remote-as 1
neighbor 10.1.1.2 update-source Loopback1
neighbor 10.1.1.3 remote-as 1
neighbor 10.1.1.3 update-source Loopback1
address-family ipv4
no synchronization
no auto-summary
exit-address-family
address-family l2vpn vpls
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community extended
neighbor 10.1.1.3 activate
neighbor 10.1.1.3 send-community extended
exit-address-family
ip classless
no ip http server
no ip http secure-server
mpls ldp router-id Loopback1
bridge 1 protocol vlan-bridge
control-plane
line con 0
stopbits 1
line vty 0 4
session-timeout 60 output
privilege level 15
password 7 12485744532B4F
login
line vty 5 15
session-timeout 60 output
privilege level 15
password 7 12485744532B4F
login
line vty 16
privilege level 15
password 7 055A545C606C0D
login
ntp master 1
mac-address-table synchronize
no mac-address-table learning vlan 2 module 5
mac-address-table learning vlan 100 module 5
no mac-address-table learning vlan 2 module 6
mac-address-table learning vlan 100 module 6
End
PB-7609#sh run
Building configuration...
Current configuration : 3683 bytes
upgrade fpd auto
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service counters max age 10
hostname PB-7609
boot-start-marker
boot system sup-bootdisk:c7600s3223-advipservicesk9-mz.122-33.SRB7.bin
boot-end-marker
enable secret 5 $1$1YCM$KJ9TC73PD.1v2x8jrVS3S/
no aaa new-model
ip subnet-zero
no ip domain-lookup
ipv6 mfib hardware-switching replication-mode ingress
mls ip multicast flow-stat-timer 9
mls flow ip interface-full
no mls flow ipv6
no mls acl tcam share-global
mls cef error action reset
mpls label protocol ldp
spanning-tree mode pvst
spanning-tree extend system-id
system flowcontrol bus auto
diagnostic cns publish cisco.cns.device.diag_results
diagnostic cns subscribe cisco.cns.device.diag_commands
redundancy
mode rpr
main-cpu
auto-sync running-config
vlan internal allocation policy ascending
vlan dot1q tag native
vlan access-log ratelimit 2000
pseudowire-class mpls
encapsulation mpls
l2 router-id 10.1.1.2
l2 vfi VPLS1 autodiscovery
vpn id 100
interface Loopback1
ip address 10.1.1.2 255.255.255.255
interface GigabitEthernet5/1
no ip address
shutdown
interface GigabitEthernet5/2
no ip address
shutdown
interface GigabitEthernet5/3
no ip address
shutdown
interface GigabitEthernet5/4
no ip address
shutdown
interface GigabitEthernet5/5
no ip address
shutdown
interface GigabitEthernet5/6
no ip address
shutdown
interface GigabitEthernet5/7
no ip address
shutdown
interface GigabitEthernet5/8
no ip address
shutdown
interface GigabitEthernet5/9
no ip address
shutdown
interface GigabitEthernet6/1
ip address 192.168.0.2 255.255.255.252
mpls ip
interface GigabitEthernet6/2
ip address 172.16.0.5 255.255.255.252
mpls ip
interface GigabitEthernet6/3
no ip address
shutdown
interface GigabitEthernet6/4
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100
switchport mode trunk
l2protocol-tunnel cdp
l2protocol-tunnel stp
l2protocol-tunnel vtp
no cdp enable
spanning-tree bpdufilter enable
interface GigabitEthernet6/5
no ip address
shutdown
interface GigabitEthernet6/6
no ip address
shutdown
interface GigabitEthernet6/7
no ip address
interface GigabitEthernet6/8
no ip address
interface GigabitEthernet6/9
ip address 200.200.200.2 255.255.255.0
interface Vlan1
no ip address
shutdown
interface Vlan100
no ip address
xconnect vfi VPLS1
router ospf 1
log-adjacency-changes
network 10.1.1.0 0.0.0.255 area 0
network 172.16.0.0 0.0.0.255 area 0
network 192.168.0.0 0.0.0.255 area 0
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
bgp update-delay 1
neighbor 10.1.1.1 remote-as 1
neighbor 10.1.1.1 update-source Loopback1
neighbor 10.1.1.3 remote-as 1
neighbor 10.1.1.3 update-source Loopback1
address-family ipv4
no synchronization
no auto-summary
exit-address-family
address-family l2vpn vpls
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community extended
neighbor 10.1.1.3 activate
neighbor 10.1.1.3 send-community extended
exit-address-family
ip classless
no ip http server
no ip http secure-server
mpls ldp router-id Loopback1
control-plane
line con 0
stopbits 1
line vty 0 4
session-timeout 60 output
privilege level 15
password 7 12485744532B4F
login
line vty 5 15
session-timeout 60 output
privilege level 15
password 7 12485744532B4F
login
line vty 16
privilege level 15
password 7 1543595F450A68
login
mac-address-table synchronize
mac-address-table learning vlan 100 module 5
mac-address-table learning vlan 100 module 6
End
PC-7609#sh run
Building configuration...
Current configuration : 3896 bytes
upgrade fpd auto
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service counters max age 10
hostname PC-7609
boot-start-marker
boot system sup-bootdisk:c7600s3223-advipservicesk9-mz.122-33.SRB7.bin
boot-end-marker
enable secret 5 $1$cL//$YpRw8OQfCv2vYXZIvORkU.
no aaa new-model
ip subnet-zero
no ip domain-lookup
ipv6 mfib hardware-switching replication-mode ingress
vtp mode transparent
mls ip multicast flow-stat-timer 9
mls flow ip interface-full
no mls flow ipv6
no mls acl tcam share-global
mls cef error action reset
mpls ldp explicit-null
mpls label protocol ldp
spanning-tree mode pvst
spanning-tree extend system-id
system flowcontrol bus auto
diagnostic cns publish cisco.cns.device.diag_results
diagnostic cns subscribe cisco.cns.device.diag_commands
redundancy
mode sso
main-cpu
auto-sync running-config
vlan internal allocation policy ascending
vlan dot1q tag native
vlan access-log ratelimit 2000
vlan 100
pseudowire-class mpls
encapsulation mpls
l2 router-id 10.1.1.3
l2 vfi VPLS1 autodiscovery
vpn id 100
interface Loopback1
ip address 10.1.1.3 255.255.255.255
interface GigabitEthernet5/1
no ip address
shutdown
interface GigabitEthernet5/2
no ip address
shutdown
interface GigabitEthernet5/3
no ip address
shutdown
interface GigabitEthernet5/4
no ip address
shutdown
interface GigabitEthernet5/5
no ip address
shutdown
interface GigabitEthernet5/6
no ip address
shutdown
interface GigabitEthernet5/7
no ip address
shutdown
interface GigabitEthernet5/8
no ip address
shutdown
interface GigabitEthernet5/9
no ip address
shutdown
interface GigabitEthernet6/1
ip address 172.16.0.2 255.255.255.252
mpls ip
interface GigabitEthernet6/2
ip address 172.16.0.6 255.255.255.252
mpls ip
interface GigabitEthernet6/3
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100
switchport mode trunk
l2protocol-tunnel cdp
l2protocol-tunnel stp
l2protocol-tunnel vtp
no cdp enable
spanning-tree bpdufilter enable
interface GigabitEthernet6/4
ip address 192.168.1.9 255.255.255.252
mpls ip
interface GigabitEthernet6/5
no ip address
no cdp enable
interface GigabitEthernet6/6
no ip address
interface GigabitEthernet6/7
no ip address
interface GigabitEthernet6/8
no ip address
interface GigabitEthernet6/9
ip address 200.200.200.3 255.255.255.0
speed 10
duplex half
interface Vlan1
no ip address
shutdown
interface Vlan100
no ip address
xconnect vfi VPLS1
router ospf 1
log-adjacency-changes
network 10.1.1.0 0.0.0.255 area 0
network 172.16.0.0 0.0.0.255 area 0
network 192.168.0.0 0.0.0.255 area 0
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
bgp update-delay 1
neighbor 10.1.1.1 remote-as 1
neighbor 10.1.1.1 update-source Loopback1
neighbor 10.1.1.2 remote-as 1
neighbor 10.1.1.2 update-source Loopback1
address-family ipv4
no synchronization
no auto-summary
exit-address-family
address-family l2vpn vpls
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community extended
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community extended
exit-address-family
ip classless
no ip http server
no ip http secure-server
mpls ldp router-id Loopback1
bridge 1 protocol vlan-bridge
control-plane
line con 0
stopbits 1
line vty 0 4
session-timeout 60 output
privilege level 15
password 7 12485744532B4F
login
line vty 5 15
session-timeout 60 output
privilege level 15
password 7 12485744532B4F
login
line vty 16
privilege level 15
password 7 075E731F0F295A
login
mac-address-table synchronize
no mac-address-table learning vlan 4
mac-address-table learning vlan 100 module 5
no mac-address-table learning vlan 4 module 6
mac-address-table learning vlan 100 module 6
end
Verification
PA-7609#sh mpls ldp neighbor
    Peer LDP Ident: 200.200.200.2:0; Local LDP Ident 200.200.200.1:0
        TCP connection: 200.200.200.2.11362 - 200.200.200.1.646
        State: Oper; Msgs sent/rcvd: 136/137; Downstream
        Up time: 01:40:27
        LDP discovery sources:
          GigabitEthernet6/1, Src IP addr: 192.168.0.2
          Targeted Hello 10.1.1.1 -> 10.1.1.2, active, passive
        Addresses bound to peer LDP Ident:
         200.200.200.2   192.168.0.2     172.16.0.5      10.1.1.2
    Peer LDP Ident: 200.200.200.3:0; Local LDP Ident 200.200.200.1:0
        TCP connection: 200.200.200.3.64421 - 200.200.200.1.646
        State: Oper; Msgs sent/rcvd: 137/130; Downstream
        Up time: 01:40:26
        LDP discovery sources:
          Targeted Hello 10.1.1.1 -> 10.1.1.3, active, passive
          GigabitEthernet6/2, Src IP addr: 172.16.0.2
        Addresses bound to peer LDP Ident:
          200.200.200.3   172.16.0.2      172.16.0.6      10.1.1.3
PA-7609#sh ip bgp l2vpn vpls all
BGP table version is 18, local router ID is 10.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:100
*> 1:100:10.1.1.1/96                     0.0.0.0                            32768 ?
*>i1:100:10.1.1.2/96                     10.1.1.2                 0    100      0 ?
*>i1:100:10.1.1.3/96                     10.1.1.3                 0    100      0 ?
PA-7609#show xconnect all
Legend: XC ST=Xconnect State, S1=Segment1 State, S2=Segment2 State
UP=Up, DN=Down, AD=Admin Down, IA=Inactive, NH=No Hardware
XC ST Segment 1                         S1 Segment 2                         S2
------+---------------------------------+--+---------------------------------+--
UP     vfi VPLS1                        UP mpls 10.1.1.2:100                 UP
UP     vfi VPLS1                        UP mpls 10.1.1.3:100                 UP
UP     ac   Vl100 100(Eth VLAN)          UP vfi VPLS1                    UP
PA-7609#sh mac-address-table dynamic
Legend: * - primary entry
        age - seconds since last seen
        n/a - not available
vlan   mac address     type    learn     age              ports
------+----------------+--------+-----+----------+--------------------------
No entries present.

Hi,
If you need to run VPLS then you core facing card need to do imposition/disposition. I doubt if the sup32 gig ports can do so. For VPLS to work on 7600 any one of following card is needed.
PWAN2 (OSM)
ES+ (ES40)
ES20
SIP-400
SIP-600
If you have say a lan card like 6748 or 6724 towards core and try to bring up VPLS, it will allow you to provision but VC might not come up. The other message you are getting is normal when you try to enable mpls on a lan card. I think this can be safely ignored.
Thanks,
Madhu

How to config MPLS with DHCP

hi, i am novice in MPLS
please help me to config below scenario , i want to config DHCP service on CE router (in picture:: CE2: Customer B )
which other CE (like CE1) can get IP address
assume that we have different IP range
i want to enable DHCP only on CE router Not on PE
if possible please please put me sample config :)
tnx a lot

dear friend please help me......

MPLS over GRE sample config....

can any body paste a working of MPLS over GRE....
i am looking for tunnel config and any related global config...
thanks
Umar

You can try this link for GRE configuration
http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a00801e1294.shtml

BRAS Config for MPLS carrying PPPoE

Hi all
DSLAM----(PPPoE)---7600----(Xconnect)----7600----(VLAN/PPPoE)---(BRAS ASR1K)
we currently have a distributed access network where the DSLAMs send us PPPoE packets which we are wrapping into xconnects back to a central BRAS.
the xconnects terminate on the upstream device to the BRAS. The BRAS is connected by a VLAN trunk and each DSLAM is identified by a unique VLAN-ID.
so the BRAS gets native PPPoE frames.
I wish to extend the MPLS to the BRAS itself. So that the xconnect ( or VPLS ) terminates on the BRAS itself.
I cant see how to stitch in the PPPoE features to get this to work.
I was thinking about an external looping cable on the same BRAS device but thats a bit crap
Is there a more elegant solution?
many thanks

Hi,
You can try pseudowire headend configuration. But I am not sure its avaliable for AS1K.
http://www.cisco.com/en/US/docs/routers/crs/software/crs_r4.1/lxvpn/configuration/guide/vc41vpls.html#wp1323446

Asa 5505 site to site VPN between A to B site, then B site MPLS to internal network

Dear all
I am setting up site to site VPN between two site A to B site. Two local site of A and B are connected fine. however for my site B have another internal MPLS to other site. The connection fine from LAN A all the way to LAN B MPLS router, but it cannot be connect to other MPLS site. If I did the MPLS traceroute from other site. It can be reached of LAN B internal router. Therefore, I am confusing which part of my configuration go wrong and any document for my reference. Thank you very much.
Local LAN A (5505 ASA)---------(5505 ASA) Local LAN B-----------B Internal router---------B MPLS router-------------other site.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>xxxxxxxxxxxxxxx

Dear Harish
for LAN B MPLS. All 11.20.0.0/16 will route to LAN B internal router 10.14.128.252
If traceroute from other 11.0.0.0 site to 11.20.128.250, it can reach until LAN B ASA 11.14.127.223
11.20.128.250 11.14.128.223 11.14.128.252 11.14.128.253 11.0.0.0
Local LAN A (5505 ASA)---------(5505 ASA) Local LAN B-----------B Internal router---------B MPLS router-------------other site.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>xxxxxxxxxxxxxxx
if traceroute from 10.20.0.0, it can reach until LAN B MPLS router 11.14.128.253
For config file post. Can I have your email address to direct send to you. Thank you very much.

Problems setting up MPLS

A Chairde,
Am having problems setting up MPLS between a AS5350 and 7609 , I have used commands stated in this link, enable MPLS incrementally on a network.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/switch_c/xcprt4/xcdtagc.pdf
The commands below are added to each router, and some troubleshooting.
7609
ip cef distributed
interface Loopback0
ip address 192.168.254.1 255.255.255.255
tag-switching advertise-tags
interface GigabitEthernet3/12
ip address 192.168.230.162 255.255.255.248
mpls label protocol tdp
tag-switching ip
AS5350
ip cef
mpls label protocol tdp
tag-switching advertise-tags
interface Loopback0
ip address 192.168.254.2 255.255.255.255
interface FastEthernet0/0
ip address 192.168.230.161 255.255.255.248
duplex auto
speed auto
mpls ip
h323-gateway voip interface
h323-gateway voip id cnibhco111 ipaddr 192.168.230.129 1719
h323-gateway voip h323-id cnibhco112
h323-gateway voip tech-prefix 71401
h323-gateway voip tech-prefix 0030
h323-gateway voip bind srcaddr 192.168.230.161
ip rsvp bandwidth 64 64
cnibhco112#sh tag-switching tdp neighbor
Peer TDP Ident: 192.168.254.1:0; Local TDP Ident 192.168.230.161:0
TCP connection: 192.168.254.1.49842 - 192.168.230.161.711
State: Oper; PIEs sent/rcvd: 18/23; Downstream
Up time: 00:12:54
TDP discovery sources:
FastEthernet0/0, Src IP addr: 192.168.230.162
Addresses bound to peer TDP Ident:
192.168.100.17 192.168.100.25 159.107.212.49 172.16.8.81
192.168.230.130 192.168.230.77 192.168.230.81 192.168.254.1
192.168.210.6 192.168.127.6 192.168.210.106 192.168.127.66
192.168.127.138 192.168.210.146 192.168.210.142 192.168.210.122
192.168.210.17 192.168.230.140 192.168.230.26 192.168.230.74
192.168.230.10 192.168.230.14 192.168.127.130 192.168.127.142
192.168.230.6 192.168.230.70 192.168.230.34 192.168.210.178
192.168.200.25 192.168.210.126 192.168.232.1 192.168.231.1
192.168.200.17 192.168.210.102 190.168.200.245 190.168.200.225
190.168.201.241 192.168.230.98 192.168.210.14 190.168.201.201
190.168.201.209 192.168.210.162 192.168.210.210 190.168.201.205
192.168.230.38 190.168.200.249 190.168.200.217 190.168.200.253
192.168.230.162
cnibhco112#
cnibhco112#sh tag-switching forwarding-table 192.168.254.1 detail
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
cnibhco112#traceroute 192.168.254.1
Type escape sequence to abort.
Tracing the route to 192.168.254.1
1 192.168.230.162 0 msec 0 msec *
cnibhco112#traceroute 192.168.230.162
Type escape sequence to abort.
Tracing the route to 192.168.230.162
1 192.168.230.162 0 msec 0 msec *
cnibhco112#

Ro,
Thanks for the respone, have been playin, with MPLS for last few hours.
The routing between the loopbacks is now working, can PING 7609 Loopback from AS5350 ,and vice versa. (used static routes).
Having problem with TDP / LDP on routers,
mpls label protocol ldp / tdp command works correctly on both routers, but the
tag-switching tdp router-id Loopback0 force
command works on the 7609, but when I add it onto the AS5350 , the command "mpls ldp router-id Loopback0 force" appears on the startup script.
The opposite is true for the 7609 , you add MPLS LDP command, and TAG-SWITCHING command appears instead.
Any Ideas, as different configs of this leave me with forwarding table with both tags added, but not been able to ping the loopbacks !!!
When I can ping bot loopbacks, the OUTGOING TAG , disapears.....
Problem is LOOPBACK Commands on bot routers default to LDP (AS5350) , or TDP (7609). Any Ideas ...
mpls label protocol tdp
tag-switching tdp router-id Loopback0 force
mpls label protocol tdp
mpls ldp router-id Loopback0 force
cnibhco100#sh tag-switching forwarding-table 192.168.254.2 detail
Local Outgoing Prefix Bytes tag Outgoing Next Ho
tag tag or VC or Tunnel Id switched interface
18 17 192.168.254.0/24 0 Gi3/12 192.168.2
MAC/Encaps=14/18, MRU=1500, Tag Stack{17}
00097CA3293000127FCDBA808847 00011000
No output feature configured
Per-packet load-sharing
cnibhco100#traceroute 192.168.254.2
Type escape sequence to abort.
Tracing the route to 192.168.254.2
1 192.168.230.161 [MPLS: Label 17 Exp 0] 0 msec 0 msec 0 msec
2 192.168.230.162 0 msec 0 msec 0 msec
But no PINGING 192.168.254.2
cnibhco112#sh tag-switching forwarding-table 192.168.254.1 detail
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
17 18 192.168.254.0/24 1915668 Fa0/0 192.168.230.162
MAC/Encaps=14/18, MRU=1500, Tag Stack{18}
00127FCDBA8000097CA329308847 00012000
No output feature configured
Per-packet load-sharing
cnibhco100#sh tag-switching forwarding-table 192.168.254.2 detail
Local Outgoing Prefix Bytes tag Outgoing Next Ho
tag tag or VC or Tunnel Id switched interface
18 17 192.168.254.0/24 752551 Gi3/12 192.168.2
MAC/Encaps=14/18, MRU=1500, Tag Stack{17}
00097CA3293000127FCDBA808847 00011000
No output feature configured
Per-packet load-sharing
WHEN BOTH LOCAL AND OUTGOING TAG, CANNOT PING EITHER WAY !!!
HAVE LABEL PROTOCOL AND LOOPBACK FORCE on AS5350
HAVE LABEL PROTOCOL ON 7609
WHEN ADD LOOPBACK FORCE on 7609 , CAN PING BOTH LOOPBACKS,
BUT OUTGOING TAG DISAPEARS
cnibhco112#PING 192.168.254.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.254.2, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
cnibhco112#sh tag-switching forwarding-table 192.168.254.1 detail
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
17 Untagged 192.168.254.0/24 598678 Fa0/0 192.168.230.162
MAC/Encaps=0/0, MRU=1504, Tag Stack{}
No output feature configured
Per-packet load-sharing
cnibhco112#
mpls label protocol tdp
tag-switching tdp router-id Loopback0 force

MPLS pseudowire Up on one side Down on the other

Hello,
I'm trying to setup another pseudowire between a 6509-E 12.2(17r)S4 and a 7201 12.4(12.2r)T. The 6509 says the vc is up:
Switch#show mpls l2transport vc
Local intf     Local circuit              Dest address    VC ID      Status
Gi4/1           Ethernet                   172.29.255.7    77         UP
But on the 7201 I'm getting:
Router#show mpls l2transport vc
Local intf     Local circuit              Dest address    VC ID      Status
Gi0/3          Ethernet                   172.29.255.10   77         DOWN
When I run show mpls l2transport vc detail it looks like:
Switch:
VC statistics:
    transit packet totals: receive 0, send 35308
    transit byte totals:   receive 0, send 2745983
    transit packet drops: receive 0, send 0
Router:
VC statistics:
    packet totals: receive 35414, send 0
    byte totals:   receive 2754295, send 0
    packet drops: receive 0, seq error 0, send 1421389
Weird that the switch is sending but not receiving and the router is receiving but not sending.
The topoligy is:
[6509-E] <-> [7201transit] <-> [7201]
The transit router has mpls ip enabled and has another functional pseudowire running across it.
Thanks in advance I'm pretty new to MPLS, please let me know if you need more information, I can post configs etc.
--Will

Hey Negandra,
Thank you for your response! How do I know if I have SIP/ES/ES+ cards? The two types of cards I have in the chassis are:
48 SFM-capable 48 port 10/100/1000mb RJ45 WS-X6548-GE-TX
24 CEF720 24 port 1000mb SFP
Are either of those capable?
--Will
*EDIT*
Also I have tried to terminate the pseudowire to a SVI on the 6509-E but I can't get it to come online.
CORE#show mpls l2transport vc
Local intf     Local circuit              Dest address    VC ID      Status
Gi4/3          Ethernet                   172.x.x.x    2          ADMIN DOWN
Gi3/46         Ethernet                   172.x.x.x    123        UP
Gi4/48         Ethernet                   172.x.x.x    1337       DOWN
Gi4/5          Ethernet                   172.x.x.x    4          ADMIN DOWN
Vl7            Eth VLAN 7                 172.x.x.x    7          DOWN
CORE#show run int vlan7
Building configuration...
Current configuration : 91 bytes
interface Vlan7
no ip address
xconnect 172.29.255.7 7 encapsulation mpls
end
If I configure the pseudowire on a physical interface on the switch it comes up, what am I missing? Hardware limitation?
Thanks in advance,
--Will

QoS best practise in MPLS

Hi, I'm having a scenarios for applying QoS on the entire customer network. Its something like this:
i. Equipment -> Layer2 SW -> PE VRF -> P
The equipment's traffics are not marked with anything at least, the equipment gateway would be the PE VRF. I'm thinking of such QoS in these scenarios:
i. PE ingress, match any based on the VRF and set dscp marking from here
ii. PE egress, match by the dscp marked @ the ingress interface and perform policing/shaping and then conversion to MPLS Experimental bit
iii. P ingress, implement congestion avoidance here, as far as I understand, congestion avoidance are based on dscp, if I perform DSCP convertion to EXP bit in the PE egress interface, would the P ingress interface still use the congestion avoidance?
I'm venturing into the possibility on how the QoS is best implemented in such scenarios, and appreciate if you guys with such experiences to shed some lights and ideas here...
Thanks and have a nice day

can I safely says the approach would be something like this?
@ the PE
Router(config)# policy-map policy1
Router(config-pmap)# class class1
Router(config-pmap-c)# configure the dscp marking
check-in this policy as input under the vrf table as this is where the traffic would initiate from the equipment
Router(config)# policy-map policy2
Router(config-pmap)# class class2
Router(config-pmap-c)# match the dscp marked @ the input vrf
Router(config-pmap-c)# set the mpls experimental topmost bit
Router(config-pmap-c)# policing the traffic based on bandwidth percent or CIR
check-in this policy as input @ the PE egress interfaces -> P routers, means the PE egress interface will perform the EXP marking based on the DSCP bit and perform the policing here, would be be efficient way of doing QoS?
Then from there onwards, P routers only based on the EXP bit to adjust the congestion avoidance? But I saw we can use random-detect dscp @ the P routers, is there any congestion avoidance using the EXP bit @ the P routers end? As if we set the EXP bit on the PE egress interface, P routers would not be able to configure congestion avoidance based on the DSCP right?
I'm just venturing out the easier and cleaner way to configure the QoS so configuration maintenance would be better in near future.
Thanks for your suggestion bro

Scenario Config

Hi,
I have main router CISCO 3825 VO4 and main switch C3560 48P
and you will see here the running configuration in the router
Plz can any one tell me his opinion in this scenario
and if you can give me any concepts or ideas to improve it
show run
Building configuration...
version 12.4
service config
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime
service password-encryption
service compress-config
hostname mainRouter
boot-start-marker
boot system flash c3825-advsecurityk9-mz.124-22.T.bin
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging message-counter syslog
no logging buffered
enable secret 5 ##############
aaa new-model
aaa authentication login TEMP group tacacs+ local enable
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa accounting exec default
action-type start-stop
group tacacs+
aaa accounting commands 1 default
action-type start-stop
group tacacs+
aaa accounting commands 15 default
action-type start-stop
group tacacs+
aaa accounting system default
action-type start-stop
group tacacs+
aaa session-id common
dot11 syslog
no ip source-route
ip cef
no ip bootp server
no ip domain lookup
ip domain name mydomain.com
ip name-server (IP of Internet Server)
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-#########
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-#########
revocation-check none
rsakeypair TP-self-signed-#########
crypto pki certificate chain TP-self-signed-##########
certificate self-signed 01
30820248 308201B1 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32343035 39353035 3533301E 170D3039 30323039 31303036
34315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
ets….
archive
log config
logging enable
hidekeys
crypto isakmp policy 10
encr aes
authentication pre-share
crypto isakmp key ############# address (Location2) no-xauth
crypto ipsec transform-set AES ah-sha-hmac esp-aes 256
crypto ipsec profile Main-location-to-location2-GRE-IPSec
set transform-set AES
ip tcp synwait-time 10
ip telnet source-interface GigabitEthernet0/1.8
ip ssh source-interface Tunnel0
ip ssh logging events
ip ssh version 2
ip scp server enable
interface Loopback0
ip address 10.0.0.254 255.255.255.248
interface Tunnel0
description - GRE/IPSec Tunnel to location2
ip address 10.0.0.15 255.255.255.252
tunnel source (Main-location-IP)
tunnel destination (location2-IP)
interface GigabitEthernet0/0
description - fibre link to My ISP
no ip address
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
no mop enabled
interface GigabitEthernet0/0.444
description - MPLS VLAN 444
encapsulation dot1Q 444
ip address (Real IP 1)
ip flow ingress
ip virtual-reassembly
no cdp enable
interface GigabitEthernet0/0.461
description - VPN VLAN 461
encapsulation dot1Q 461
ip address (Real IP 2)
interface GigabitEthernet0/1
description - Main Router to main Switch
no ip address
ip nbar protocol-discovery
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
interface GigabitEthernet0/1.8
encapsulation dot1Q 8
ip address (Real IP)
interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip address 10.0.0.12 255.255.255.252
interface Group-Async0
physical-layer async
no ip address
encapsulation slip
no group-range
router eigrp 1
redistribute ospf 1 metric 1 1 1 1 1 route-map OSPF2EIGRP
passive-interface GigabitEthernet0/0.444
passive-interface GigabitEthernet0/1.8
network 10.0.0.14 0.0.0.3
auto-summary
router ospf 1
router-id 10.0.0.254
log-adjacency-changes
redistribute eigrp 1 metric 10 subnets route-map EIGRP2OSPF
redistribute bgp 64917 metric 10 subnets route-map BGP2OSPF
network 10.0.0.12 0.0.0.0 area 1
router bgp 64917
no synchronization
bgp log-neighbor-changes
redistribute ospf 1 route-map OSPF2BGP
neighbor (Real IP) remote-as 65000
no auto-summary
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 (IP of ISP)
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip tacacs source-interface Tunnel0
ip access-list standard Group1
permit (Some IPs)
deny   any
ip access-list standard Group2
permit (Some IPs)
deny   any
ip access-list standard Group3
permit (Some IPs)
deny   any log
ip access-list standard Group4
permit (Some IPs)
deny   any log
logging trap debugging
logging facility local4
logging source-interface Tunnel0
route-map BGP2OSPF permit 10
match ip address Group1
route-map OSPF2BGP permit 10
match ip address Group3
route-map OSPF2EIGRP permit 10
match ip address Group3
route-map EIGRP2OSPF permit 10
match ip address Group2
tacacs-server host (tacacs-Server-IP) key 7 ###############
control-plane
line con 0
login authentication TEMP
transport output telnet
line aux 0
login authentication TEMP
transport output telnet
line vty 0 4
access-class Group4 in
login authentication TEMP
transport input telnet ssh
line vty 5 15
access-class Group4 in
login authentication TEMP
transport input telnet ssh
scheduler allocate 20000 1000
end

Hi Ecommerce Developer,
Thanks again for your prompt response.
Please find below my answers to your questions:
1 Have you first imported SCA files in Track and then deploy it on your Dev System?
A)Yes, we imported the SCAs first, deployed in the track to the dev system then
2 Have your developer has any open activity on their Local NWDS?
I am checking that with the developers. Incase they are some, they will delete it asap. Also, when they are trying to release any open activity, theya re getting that xcm error as reported earlier. So, they are deleting the same.
A) After deleting should i check in all the 3 standard components again to the Dev track {not to the consolidation track?}?
3 I think you have imported SCA files in your eCommerce Developer track and then your developer sync. their code through NWDS and overright their changes and when they deploy it on Their Local or on Development Server Developer lost some of their customization. Is it right?
A) Yes, absolutely right after the developers synced, they lost lots of customzing things and were able to see a mixed
4 As you have written developer can see their code, where they can see their code on Local NWDS or in DTR Version History?
A) They can see there code on there local NWDS system.
5 Look and feel changed on Developer's local system and Development box or only on Developer Box?
A) As I said, after the developers synced, they are able to see mixed hybrid webshop. This hybrid webshop has most of the custom code but the look and feel, the graphics, the images and all are missing.
Also, one strange thing which we have noticed is.
We had an old ear fille. When we deploy that ear file directly via sdm, the crm webshop on the dev box works fine.
But when release the same activity from nwds and then deploy via NWDI to the same crm webshop on the dev box, i get the run time error? Why is this happening?
Thanks again for your feedback.
Eagerly awaiting your response.
Regards,
Rajeet
+41 76 525 0440

MPLS Config

Similar Messages

Maybe you are looking for