7600 as Backbone router for MPLS core

Similar Messages

• Path Selection for Routes Across MPLS Network

  Customer hub site has two CE routers with two links connected to two seperate PE routers in the Carrier's MPLS network. At the customer's remote site one CE router on a single link is connected to PE router in MPLS network.
  How can I configure the CE routers at the hub site to advertised the same network across the MPLS network to the CE router at the remote site? Also, how can I configure the CE router at the remote site to select on of the router as the primary and the other as secondary? Can I use local-preference on the CE router at the remote site to selected on path over the other.
  I'm not sure if this makes any sense. Any help will be appreciated. Thanks

  Even with multiple RDs for VRFs belonging to the same VPN, you still need IBGP multipath, correct? Multiple RDs is just to get around the RR restriction.
  Also, you posted this message a while back:
  "If you have many VPN customers all using the same addresses (most likely rfc1918), the fact that they have different RDs and that the PE prepends the RD to the prefixes exchanged between PEs will make the same prefixes different in the MPLS VPN core
  cust1 advertises 192.168.1.0/24 with RD 1:1 therefore
  VPNv4 prefix is 1:1:192.168.1.0
  cust2 advertises 192.168.1.0/24 with RD 1:2 therefore
  VPNv4 prefix is 1:2:192.168.1.0"
  My test lab does not support the IBGP multipath command, and thus even with different RDs, it still only installs one best path.
  I understand that RD = make unique VPNv4 routes in SP space, and that RT = what to import into the VRF. However, I am having a hard time visualizing the scenario with mutiple RDs for the same VPN for load balancing purposes. I am trying to understand the logic behind it.
  Per your example, if both 1:1 and 1:2 are received by the remote PE, assuming IBGP multipath is enabled, why would the remote PE load balance between the two links? Why would it assume that the hub subnets are reachable via two different PEs, and that it's not two different, isolated VPNs altogether?
  Is it b/c you imported both 1:1 and 1:2 into a VRF at the remote PE?

• MIB walk for a router with MPLS enabled interfaces

  To perform some testing in an agent I am building, I need a MIB walk for a router with MPLS enabled interfaces. I would greatly appreciate help with this MIB walk

  You can do a walk-through of the MIB by running a command such as getmany -v2c public mplsLsrMIB . For detailed instructions refer http://cisco.com/en/US/docs/ios/12_2t/12_2t2/feature/guide/lsrmibt.html.

• Looking for MPLS Guru

  Folks,
  I need some real world advice on choosing the right hardware for MPLS backbone. Presently we have 7600's, 7500's and 7200 vxr's and we want to build a MPLS backbone. My question is that is it advisable to choose 7500 and 7600(sup 720) as the core of the MPLS backbone and the 7200 stays at the edge.
  My understanding is that 7500 has been end of lifed and the 7600 is more of an edge router that does not support advanced features of MPLS. Could I use any of these routers at the edge and use 7200 vxr's at the core???
  Any thoughts would be highly appreciated.

  Being the geek that I am, I would say 7600s with Sup-720 3BXLs. When you are trying to choose an edge router, look at how many terminations, types of terminations, amount of traffic and peers, etc. If you are going to do heavy optical terminations, or a large number of peers (transit and Internet) I would use the 7600s. If you just need a stepping stone, the 7206VXR is a good router with the NPE-G1 engine. Also, the NPE-G2 engine is supposed to be released soon. This essentially doubles what the G1 can do. Hope this helps.

• Full internet routes in MPLS-VRF

  hi~ all
  I just have some confused , whether it's good way load full internet routes in MPLS VRF , which there's no any service routing in core network but topology routing . but there's dual upstream ISP connecting ASBR , I'm afraid if I load these two full internet routes into VRF on 7600 , is it possible ? does it take so long time for loading routes in VRF ?
  could someone give me some proposal about it or some experience about internet routes in VRF , thanks.

  Its not a good practise to load all the internet rouetes in the vrf. Do use vrf leaking. For this create a vrf of named internet which will be loaded with the default route and export that route with the rd and mport that route in your particular vrf. With this you will be having only 1 route in the vrf.
  regards
  shivlu

• Load-balancing in MPLS Core

  How is load-balancing achieved in MPLS L3 vpns and equal cost multiple links exist to reach egress PE along with per-destination load-balancing enabled on interfaces.
  I have tried to simulate the network below
  Ingress PE--->P1--->>P2--->Egress PE
  Multiple equal cost links exist between P1 and P2, cisco platform,LDP, IGP-ospf being used.

  Hi,
  Destination based load balancing in MPLS L3VPNs can be categorized into two scenarios:
  1) multiple pathes between two PE routers
  2) multiple access links to a single CE or site
  Your question as I understand it was about the first scenario. So let me first quickly review how customer traffic is forwarded between VRFs on two different PE routers.
  The VRF routing table will have BGP entries for the routes learned from the remote PE usually with next hop addresses being the remote PE loopback IP used for PE-to-PE BGP peering.
  The traffic will be forwarded across P routers using the label for the BGP next hop.
  Thus the load balancing accross the MPLS core in a first step is decided by the IGP, which has to insert several equal cost pathes into the global routing table for the BGP next hop networks (PE loopbacks).
  Side note: MPLS traffic engineering in the core would allow for unequal cost load balancing.
  The decision, which labeled packet to send across which path in the core is done by CEF using a hash algorithm. To achieve the same load balancing as with unlabeled IP traffic, a Cisco MPLS enabled router will look for the bottom label - the one with bottom-of-stack bit set to 1 - and try to determine, if the transported packet behind the bottom label is IP. If so, the hash is calculated for the customer IP header like for normal IP traffic. This ensures all traffic for a certain customer destination will always go through the same path. No unwanted packet reordering will occur.
  Be aware, that the customer IP packet header will only be used for CEF hash calculation, no IP lookup will be performed, as core routers in MPLS L3VPNs do not have any knowledge about customer addresses.
  As a side note: if the traffic transported is not IP (e.g. Ethernet over MPLS), the bottom label will be used for the CEF load balancing (e.g. the VC label).
  For the second scenario - CE load balancing with multihomed CE/sites - it is first required to have two equal cost entries in the VRF routing tables. The difference will be the two different PE BGP next hop addresses. The first load balancing decision is the performed by CEF based on the IP packet received by the CE and the VRF routing table entries. Once CEF decided, which VRF entry to use, the required BGP next hop label (and the VPN label) is applied and the packet is transported across the MPLS core. load balancing there is done as described above.
  Hope this helps! Please rate all posts.
  Regards, Martin

• Best Practice QOS in MPLS core

  Hi.
  Wath is the recommendation in configuring QOS in the core mpls (PE-P)
  we have a mixture of traffic of data, cell signalling, O&M, voice R4, IVR.etc. We have 7600 as PE and 12000 as P. The PE's have SIP-GE and WS-GE cards against the P. In some cases the traffic goes through two P's connected via SIP-GE cards. I Had seen that the WS cards have some special considerations about QOS.

  Hi,
  Here is a good starting point regarding the best practices:
  http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/VPNQoS.html
  The how to configure QoS for MPLS on 7600 :
  WS cards: http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/mplsqos.html
  SIP cards: http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/7600series/76cfgsip.html#wp1162382
  HTH
  Laurent.

• BGP Best Practice / Private-AS vs. Public-AS in the MPLS Core

  Dears,
  We have recently aquired a large network with ASR9K as Internet Gateways and non-Cisco devices in the MPLS Core.
  We would liike to know which is the best recommended solution to use Private MP-BGP AS in the MPLS Core or extend the IGW Public AS, knowing  that the IGW will be in a VRF and not the global routing table. Moreover, the clients of the MPLS Core have their own BGP Public AS and would need to connect to the MPLS Core to obtain internet services from the IGW.
  (Cust1)------EBGP------[VRF_Cust_1](MPLS CORE AS_2)[VRF_IGW]------EBGP-----(IGW AS_1) in the case of having a private BGP AS in the core
  (Cust1)------EBGP------[VRF_Cust_1](MPLS CORE AS_1)[VRF_IGW]------iBGP-----(IGW AS_1) in the case of having same public BGP AS in the core
  Waiting for your feedback and thoughts.
  Thanks,
  Michel.

  Michel,
  if your mpls core is also used for internet transit, then it is best to be a public AS.
  if not, then you can leave it be and remove the private AS at your border routers.
  If oyu are connecting multiple MPLS networks together to link L2 or L3 VPN services, I think it is easiest to have it all one AS, otherwise you end up with complex designs such as Carrier supporting Carrier (CSC) or Inter-AS option A (vrf lite), B (using vpnv4 at the inter AS gateay) or C (using vpnv4 at the interAS gateway with route reflectors in each AS peering with each other).
  regards
  xander
  Xander Thuijs CCIE #6775
  Principal Engineer 
  ASR9000, CRS, NCS6000 & IOS-XR

• 6500 TCAM usage for MPLS

  Hello!
  I'm using cat6500 WS-SUP720-3BXL as BGP router for 3 full view upstream an several clients. Different clients want to use different upstream for output traffic, but output should be redundant . So I should implement VRF + BGP.
  I have done the following config:
  =-=-=-=-=-=
  ip vrf Upsream1
  rd Y:Z
       import map Bacup1-rmap
  route-target export Y:Z
  route-target import N:M
  ip vrf Upsream2
  rd N:M
  import map Bacup2-rmap
  route-target import Y:Z
  route-target export N:M
  router bgp XXX
    address-family ipv4 vrf Upsream1
    neighbor Y.Y.Y.Y remote-as ZZZ
    neighbor description  GoodUplink
    address-family ipv4 vrf Upsream2
    neighbor N.N.N.N remote-as MMM
    neighbor description  BadUplink
  =-=-=-=-=-=
  after loading full view in to table I get error
  MLSCEF-SP-7-FIB_EXCEPTION: FIB TCAM exception, Some entries will be
  software switched
  #show platform hardware capacity forwarding
  L3 Forwarding Resources
  FIB TCAM usage:                     Total        Used       %Used
  72 bits (IPv4, MPLS, EoM)     1032192      1002192         95%
  144 bits (IP mcast, IPv6)        8192           8          1%
  detail:      Protocol                    Used       %Used
  IPv4                      600035         64%
  MPLS                       32992          31%
  =-=-=-=-=-=
  Command
  #show mpls forwarding-table
  show all routes with label.
  =-=-=-=-=-=
  Question: is can I some how use VRF+BGP but disable TCAM MPLS table usage, and label generation  for my platform?
  Cisco say
  Ipv4 routes ---1 TCAM entry
  ipv4 routes(vpn/vrf) -- 1 TCAM entry
  ipv4 multicast -- 2 TCAM entry
  ipv6 (anycast/unicast) -- 2 TCAM entry
  MPLS labels --  1 TCAM entry
  But look like BGP+VRF =2 TCAM entry.
  Is there any workaround to use 1 TCAM entry for one route in VRF from BGP for 6500?
  Thank you for answer!

  Hello! thanks for the tips. I found on the same forum an interesting solution of the problem.
  MPLS VPN—Per VRF Label
  http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_vpn_per_vrf_lbl.html
  With this tecnology ony one mpls lable used by one VRF:
  But it requires inclusion of beta-future in the network core.
  Who can tell how stable this feature  and whether it will be realised?
  Today I decided to use two technologies that have already passed the test of time.
  The first
  BGP Support for IP Prefix Import from Global Table into a VRF Table
  No MPLS LABEL for route from Global.
  http://www.cisco.com/en/US/docs/ios/12_2s/feature/guide/fs_bgivt.html
  Multi-VRF Selection Using Policy Based Routing (PBR)
  And http://www.cisco.com/en/US/docs/ios/12_2sr/12_2srb/feature/guide/srb2mvrf.html
  Sergiy A. Pyvovaroff

• L3 VPN and MPLS core

  Hi all,
  1) I am new to MPLS and trying to configure a scenario in a non production environment. Is it possible to have L3 VPN's without using BGP in MPLS core network? For some reason I am more inclined to use RIPv2, EIGRP or OSPF in the core.
  2) Is it possible to use 2600 series router as PE?
  Thanks in advance.

  hi SHAH
  to add to the nice cooments in the discussion
  the BGP used with mpls and L3 VPN called MP-BGP
  the VPN in with VRFs, RD and RT each one add to the ip packet an identifier to distingush the packet with the provider network from other packet and make it uniqe to pass these identifiers from router to router especiallt from PE router to PE router u need the BGP (MP-BGP)
  hope this helpful

• MPLS core questions

  Hi,
  I want to know the answers for the following failure scenario
  1.Unknown LSP connectivity problem: LSP connectivity problem ,Data plan issue, or unknown cause
  2.Distributed LFIB table discrepancy: There is a discrepancy in the LFIB table between the route processor and line cards
  3.Distributed LFIB table discrepancy: There is a discrepancy in the FIB table between the route processor and line cards

  hello dear mohisaxe,
  so sorry for the late response, yes we plan to use them on separate ports and both CE and use the same line card as both customer and MPLS core facing.
  just another quick question i have here:
  1- as Mr. Xander's information, MOD80 line card has 2 typhoons each of them can accommodate 32K PPPOE sessions with limitation of 64K limit per line card.
  2- as we have MOD160 line card with 4 typhoons, do we have the same limitation as above?
  thanks for your support :)

• Linksys WRT54G Router for Mac

  Does anybody know if this router works on a Mac, or if it has to be a special variation of this (there are several)?
  We have two Mac's:
  1) eMac: 700MHz PowerPC G4 running OSX 10.4.11
  2) Mac mini: 2.0GHZ Intel Core 2 Duo running OSX 10.5
  We use Firefox and/or Safari. We have no experience with routers, and if there's a better choise for a good price. you're welcome to come with suggestions
  Hope for a quick answer, as we have to decide tomorrow morning at the latest (taking over a house tomorrow, and seller has offered us this router for appr. 25€).

  Hi Stig Bach, and a warm welcome to the forums!
  Most routers do, but that's not the easiest...
  http://www.amazon.com/review/R1YR2ATYFYNM5N
  We can likely help you out no tter what Router you get, but maybe you'd like one of these...
  http://www.apple.com/airportextreme/
  We use Firefox and/or Safari.
  Matters not what you use, they're all the same, but many only have Windows® instructions... not that a Mac can't use them!
  If you want a Linksys, get a get the WRT54GL.

• Dynamic Routing for Failover L2L VPN

  Hi,
  Can someone offer me some guidance with this issue please?
  I've attached a simple diagram of our WAN for reference.
  Overview
  Firewall is ASA 5510 running 8.4(9)
  Core network at Head Office uses OSPF
  Static routes on ASA are redistributed into OSPF
  Static routes on ASA for VPN are redistributed into OSPF with Metric of 130 so redistributed BGP routes are preferred
  Core network has a static route of 10.0.0.0/8 to Corporate WAN, which is redistributed into OSPF
  Branch Office WAN uses BGP - Routes are redistributed into OSPF
  The routers at the Branch Office use VRRP for IP redundancy for the local clients default gateway.
  Primary Branch Office router will pass off VRRP IP to backup router when the WAN interface is down
  Backup BO router (.253) only contains a default route to internet
  Under normal operation, traffic to/from BO uses Local Branch Office WAN
  If local BO WAN link fails, traffic to/from BO uses IPSec VPN across public internet
  I'm trying to configure dynamic routing on our network for when a branch office fails over to the IPsec VPN. What I would like to happen (not sure if it's possible) is for the ASA to advertise the subnet at the remote end of the VPN back into OSPF at the Head Office.
  I've managed to get this to work using RRI, but for some reason the VPN stays up all the time when we're not in a failover scenario. This causes the ASA to add the remote subnet into it's routing table as a Static route, and not use the route advertised from OSPF from the core network. This prevents clients at the BO from accessing the Internet. If I remove the RRI setting on the VPN, the ASA learns the route to the subnet via the BO WAN - normal operation is resumed.
  I have configured the metric of the static routes that get redistributed into OSPF by the ASA to be higher than 110. This is so that the routes redistributed by BGP from the BO WAN into OSPF, are preferred. The idea being, that when the WAN link is available again, the routing changes automatically and the site fails back to the BO WAN.
  I suppose what I need to know is; Is this design feasible, and if so where am I going wrong?
  Thanks,
  Paul

  Hi Paul,
  your ASA keeps the tunnel alive only because that route exists on ASA.  Therefore you have to use IP-SLA on ASA to push network taffic "10.10.10.0/24" based on the echo-reply, by using IP-SLA
  Please look at example below, in the example below shows the traffic will flow via the tunnel, only in the event the ASA cannot reach network 10.10.10.0/24 via HQ internal network.
  This config will go on ASA,
  route inside 10.10.10.0 255.255.2550 10.0.0.2 track 10
  (assuming 10.0.0.2 the peering ip of inside ip address of router at HO)
  route outside 10.10.10.0 255.255.255.0 254 xxx.xxx.xxx.xxx
  (value 254 is higher cost of the route to go via IPSec tunnel and x =  to default-gateway of ISP)
  sla monitor 99
  type echo protocol ipIcmpEcho 10.10.10.254 interface inside
  num-packets 3
  frequency 10
  sla monitor schedule 99 life forever start-time now
  track 10 rtr 99 reachability
  Let me know, if this helps.
  thanks
  Rizwan Rafeek

• 3640 IOS for MPLS

  Can anyone advise about 3640 IOS version using for MPLS.I have 3640 router with 16 flash and 64 memory and I need to run MPLS with all LDP features.Which IOS I can use.

  To run MPLS LDP and couple of more MPLS and VPN features only feature set available with 64/16 Dram/Flash for a 3640 is 12.3 with Telco Feature Set.
  HTH-Cheers,
  Swaroop

• IOS for 2801 having support for MPLS

  Assalam o Alaikum,
  Is there any IOS for 2801 router which has the support for MPLS?

  Alaikum Al Salam,
  Please use Cisco Feature Navigator to find information about Cisco IOS software images and the supported features for your platform(s) :
  http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp
  Search by feature and choose MPLS, and then choose Cisco 2801 as the platform, you'll get a list of the IOSs that support MPLS on your platform, and please always check the required DRAM and Flash.
  BR,
  Mohammed Mahmoud.