[asr9k] cgn/mpls
Hi, Community:
I've been trying to find the best solution for the following problem.
As I understand it, for me to send IP traffic to an ISM or VSM on an ASR9k for CGN(ex: NAT44), the solution would be to use ABF and configure the ISM/VSM as next-hop for pre-NAT outgoing traffic. My question is this: ABF deployment guide says that ABF does not support mpls-labeled traffic, in other words if an IP-packet I want to NAT comes in labeled, ABF would not be able to catch it an redirect it to VSM so it would be NATed. Can anybody share a posible (best) solution to this scenario?
Thanks,
c.
Thanks for your answer, nifevrie .
That's exactly the point, in my environment my PE (in this case a CMTS running mpls for l3vpn) has to have labels for L3VPN setup. This PE also has Internet access service. It connects to 2 ASR9000 P routers, that are the correct place for me to install an ISM or a VSM. So basically, the originating router would 'have to do PHP'.
So basically, for me to get to the CGN card, as far as I can tell, my 'only' option is the loop. I saw this being described in a CiscoLive presentation. Let's forget for a moment that is not an elegant solution, we're talking 10-20G of traffic here per POP. I cannot fathom telling my customer they have to invest in the CGN card AND 2-4 10G interfaces per loop, per ASR.
Seems to me it makes sense to work on ABF being able to catch mpls labels.
Regards,
c.
Similar Messages
-
Hi
I have two ASR9k with ISM modules running the CGN NAT service
I have configured two /21 pools on each box , which means 4096 IP address for each box , when I check the statistics
RP/0/RSP0/CPU0:CGN-3G-NAT1#show cgn nat44 nat1 statistics
Statistics summary of NAT44 instance: 'nat1'
Pool address used: 4096
RP/0/RSP0/CPU0:CGN-3G-NAT2#show cgn nat44 nat1 statistics
Statistics summary of NAT44 instance: 'nat1'
Pool address used: 3876
Why the 4096 is reduced on the second box ? and the value varies but did not reach even 4000 ?
Thanks
MohammadHi
You need CGN on ISM LC, and also CGN licences for the same
Regards,
Sandip -
Am having problem bringing up mpls l2vpn between asr9k and 7609 router . Below is my config. The interfaces are up, the vc working, but can't ping across.
AS9K
interface GigabitEthernet0/2/0/6.609 l2transport
encapsulation dot1q 609
rewrite ingress tag pop 1 symmetric
mtu 1526
pw-class TST
encapsulation mpls
transport-mode vlan
xconnect group TST
p2p TST
interface GigabitEthernet0/6.609
neighbor 2.2.2.2 pw-id 609
pw-class TST
7609
interface gig 3/4.609
encapsulation dot1q 609
xconnect 1.1.1.1 609 encapsulation mpls
***OUTPUT FROM ASR9K********
RP/0/RSP0/CPU0#sh l2vpn xconnect pw-class TST detail
Group X,X, state is up; Interworking none
AC: GigabitEthernet0/6.609, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [905, 905]
MTU 1512; XC ID 0x1040003; interworking none
Statistics:
packets: received 735789487, sent 725878036
bytes: received 405747931393, sent 184926449749
drops: illegal VLAN 0, illegal length 0
PW: neighbor 2.2.2.2, PW ID 609, state is up ( established )
PW class ENS, XC ID 0xc0000003
Encapsulation MPLS, protocol LDP
Source address 1.1.1.1
PW type Ethernet VLAN, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
Label 17442 847
Group ID 0x80003c0 0x0
Interface GigabitEthernet0/6.609 uknown
MTU 1512 1512
Control word disabled disabled
PW type Ethernet VLAN Ethernet VLAN
VCCV CV type 0x2 0x2
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
Outgoing Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225475
Statistics:
packets: received 725878036, sent 735789487
bytes: received 184926449749, sent 405747931393
*******7609 OUTPUT*******
Local interface: Gi1/3.609 up, line protocol up, Eth VLAN 609 up
Destination address: 1.1.1.1, VC ID: 609, VC status: up
Output interface: Gi2/4, imposed label stack {0 151644}******************This is my problem no imposed label on 7609
Preferred path: not configured
Default path: active
Next hop: 10.198.64.21
Create time: 00:00:16, last status change time: 00:00:16
Signaling protocol: LDP, peer 1.1.1.1 up
Targeted Hello: 2.2.2.2(LDP Id) -> 1.1.1.1, LDP is UP
Status TLV support (local/remote) : enabled/supported
LDP route watch : enabled
Label/status state machine : established, LruRru
Last local dataplane status rcvd: No fault
Last local SSS circuit status rcvd: No fault
Last local SSS circuit status sent: No fault
Last local LDP TLV status sent: No fault
Last remote LDP TLV status rcvd: No fault
Last remote LDP ADJ status rcvd: No fault
MPLS VC labels: local 505, remote 151644
Group ID: local 0, remote 134218688
MTU: local 1508, remote 1508
Remote interface description: GigabitEthernet0_6_.609
Sequencing: receive disabled, send disabled
Control Word: Off (configured: autosense)
SSO Descriptor: 1.1.1.1/609, local label: 505
SSM segment/switch IDs: 57633/24673 (used), PWID: 28772
VC statistics:
transit packet totals: receive 3, send 0
transit byte totals: receive 216, send 0
transit packet drops: receive 0, seq error 0, send 0Hello ogungbenro wale,
Would you be so kind to verify the output form 7600, since the config part does not correspond to VC you provided output for:
interface gig 3/4.609 <=
Local interface: Gi1/3.609 up, line protocol up, Eth VLAN 609 up <= -
BGP Best Practice / Private-AS vs. Public-AS in the MPLS Core
Dears,
We have recently aquired a large network with ASR9K as Internet Gateways and non-Cisco devices in the MPLS Core.
We would liike to know which is the best recommended solution to use Private MP-BGP AS in the MPLS Core or extend the IGW Public AS, knowing that the IGW will be in a VRF and not the global routing table. Moreover, the clients of the MPLS Core have their own BGP Public AS and would need to connect to the MPLS Core to obtain internet services from the IGW.
(Cust1)------EBGP------[VRF_Cust_1](MPLS CORE AS_2)[VRF_IGW]------EBGP-----(IGW AS_1) in the case of having a private BGP AS in the core
(Cust1)------EBGP------[VRF_Cust_1](MPLS CORE AS_1)[VRF_IGW]------iBGP-----(IGW AS_1) in the case of having same public BGP AS in the core
Waiting for your feedback and thoughts.
Thanks,
Michel.Michel,
if your mpls core is also used for internet transit, then it is best to be a public AS.
if not, then you can leave it be and remove the private AS at your border routers.
If oyu are connecting multiple MPLS networks together to link L2 or L3 VPN services, I think it is easiest to have it all one AS, otherwise you end up with complex designs such as Carrier supporting Carrier (CSC) or Inter-AS option A (vrf lite), B (using vpnv4 at the inter AS gateay) or C (using vpnv4 at the interAS gateway with route reflectors in each AS peering with each other).
regards
xander
Xander Thuijs CCIE #6775
Principal Engineer
ASR9000, CRS, NCS6000 & IOS-XR -
VPLS : VC UP but no data -- ASR9k & 7600 ES+
Dears
Would like your assistance please regarding below VPLS setup
VPLS is between ASR9k & 7600 ES+ card. VC is up but CEs are not able to ping each others
Lab Topology
CE <> Te0/1/0/3.55 ASR9K < -- mpls --> 7600 Gi4/2 <> CE
Any ideas ?
Note
ASR9k & 7600 are directly connected via same ES+ card
||||||||||||||||||||||||||||||||||||||||||||||||||
ASR9k
interface TenGigE0/1/0/3
cdp
interface TenGigE0/1/0/3.55 l2transport
encapsulation dot1q 55 exact
rewrite ingress tag pop 1 symmetric
l2vpn
pw-class PW-CLASS-TEST
encapsulation mpls
transport-mode ethernet
bridge group vpls-test
bridge-domain asr9k-7600
interface TenGigE0/1/0/3.55
vfi vlan-55
neighbor 6.6.6.6 pw-id 55
pw-class PW-CLASS-TEST
7600
ethernet evc test-vpls
interface GigabitEthernet4/2
no ip address
speed 1000
service instance 55 ethernet test-vpls
encapsulation dot1q 55
rewrite ingress tag pop 1 symmetric
bridge-domain 55
interface Vlan55
no ip address
xconnect vfi asr9k-7600
end
l2 vfi asr9k-7600 manual test-vpls
vpn id 55
neighbor 19.19.19.19 encapsulation mpls
||||||||||||
RP/0/RSP0/CPU0:XR1#sh l2vpn bridge-domain
Wed Oct 16 19:34:58.345 UTC
Legend: pp = Partially Programmed.
Bridge group: vpls-test, bridge-domain: asr9k-7600, id: 15, state: up, ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 1 (1 up), PBBs: 0 (0 up)
List of ACs:
Te0/1/0/3.55, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI vlan-55 (up)
Neighbor 6.6.6.6 pw-id 55, state: up, Static MAC addresses: 0
RP/0/RSP0/CPU0:XR1#
RP/0/RSP0/CPU0:XR1#sh l2vpn bridge-domain detail
Wed Oct 16 19:35:02.391 UTC
Legend: pp = Partially Programmed.
Bridge group: vpls-test, bridge-domain: asr9k-7600, id: 15, state: up, ShgId: 0, MSTi: 0
Coupled state: disabled
MAC learning: enabled
MAC withdraw: enabled
MAC withdraw for Access PW: enabled
MAC withdraw sent on bridge port down: disabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Bridge MTU: 1500
MIB cvplsConfigIndex: 16
Filter MAC addresses:
Create time: 16/10/2013 18:40:04 (00:54:57 ago)
No status change since creation
ACs: 1 (1 up), VFIs: 1, PWs: 1 (1 up), PBBs: 0 (0 up)
List of ACs:
AC: TenGigE0/1/0/3.55, state is up
Type VLAN; Num Ranges: 1
VLAN ranges: [55, 55]
MTU 1500; XC ID 0x44002e; interworking none
MAC learning: enabled
Flooding:
Broadcast & Multicast: enabled
Unknown unicast: enabled
MAC aging time: 300 s, Type: inactivity
MAC limit: 4000, Action: none, Notification: syslog
MAC limit reached: no
MAC port down flush: enabled
MAC Secure: disabled, Logging: disabled
Split Horizon Group: none
Dynamic ARP Inspection: disabled, Logging: disabled
IP Source Guard: disabled, Logging: disabled
DHCPv4 snooping: disabled
IGMP Snooping profile: none
Storm Control: disabled
Static MAC addresses:
Statistics:
packets: received 0, sent 2
bytes: received 0, sent 112
Storm control drop counters:
packets: broadcast 0, multicast 0, unknown unicast 0
bytes: broadcast 0, multicast 0, unknown unicast 0
Dynamic ARP inspection drop counters:
packets: 0, bytes: 0
IP source guard drop counters:
packets: 0, bytes: 0
List of Access PWs:
List of VFIs:
VFI vlan-55 (up)
PW: neighbor 6.6.6.6, PW ID 55, state is up ( established )
PW class PW-CLASS-TEST, XC ID 0xc000001d
Encapsulation MPLS, protocol LDP
Source address 19.19.19.19
PW type Ethernet, control word disabled, interworking none
PW backup disable delay 0 sec
Sequencing not set
PW Status TLV in use
MPLS Local Remote
Label 16052 63
Group ID 0xf 0x0
Interface vlan-55 unknown
MTU 1500 1500
Control word disabled disabled
PW type Ethernet Ethernet
VCCV CV type 0x2 0x12
(LSP ping verification) (LSP ping verification)
VCCV CC type 0x6 0x6
(router alert label) (router alert label)
(TTL expiry) (TTL expiry)
Incoming Status (PW Status TLV):
Status code: 0x0 (Up) in Notification message
MIB cpwVcIndex: 3221225501
Create time: 16/10/2013 18:51:28 (00:43:33 ago)
Last time status changed: 16/10/2013 18:52:43 (00:42:18 ago)
MAC withdraw message: send 0 receive 0
Static MAC addresses:
Statistics:
packets: received 0, sent 0
bytes: received 0, sent 0
DHCPv4 snooping: disabled
IGMP Snooping profile: none
VFI Statistics:
drops: illegal VLAN 0, illegal length 0
RP/0/RSP0/CPU0:XR1#
|||
NPE-3#show mpls l2 binding
Destination Address: 19.19.19.19,VC ID: 55
Local Label: 63
Cbit: 0, VC Type: Ethernet, GroupID: 0
MTU: 1500, Interface Desc: n/a
VCCV: CC Type: RA [2], TTL [3]
CV Type: LSPV [2], BFD/Raw [5]
Remote Label: 16052
Cbit: 0, VC Type: Ethernet, GroupID: 15
MTU: 1500, Interface Desc: vlan-55
VCCV: CC Type: RA [2], TTL [3]
CV Type: LSPV [2]
NPE-3#
NPE-3#show mpls l2 vc 55
Local intf Local circuit Dest address VC ID Status
VFI asr9k-7600 \
vfi 19.19.19.19 55 UP
NPE-3#
NPE-3#show mpls l2 vc 55 detail
Local interface: VFI asr9k-7600 vfi up
Interworking type is Ethernet
Destination address: 19.19.19.19, VC ID: 55, VC status: up
Output interface: none, imposed label stack {}
Preferred path: not configured
Default path: active
No adjacency
Create time: 00:53:12, last status change time: 00:40:59
Last label FSM state change time: 00:39:58
Last peer autosense occurred at: 00:40:59
Signaling protocol: LDP, peer 19.19.19.19:0 up
Targeted Hello: 6.6.6.6(LDP Id) -> 19.19.19.19, LDP is UP
Status TLV support (local/remote) : enabled/supported
LDP route watch : enabled
Label/status state machine : established, LruRru
Last local dataplane status rcvd: No fault
Last BFD dataplane status rcvd: Not sent
Last BFD peer monitor status rcvd: No fault
Last local AC circuit status rcvd: No fault
Last local AC circuit status sent: No fault
Last local PW i/f circ status rcvd: No fault
Last local LDP TLV status sent: No fault
Last remote LDP TLV status rcvd: No fault
Last remote LDP ADJ status rcvd: No fault
MPLS VC labels: local 63, remote 16052
Group ID: local 0, remote 15
MTU: local 1500, remote 1500
Remote interface description: vlan-55
Sequencing: receive disabled, send disabled
Control Word: Off (configured: autosense)
SSO Descriptor: 19.19.19.19/55, local label: 63
Dataplane:
SSM segment/switch IDs: 4200/110690 (used), PWID: 27
VC statistics:
transit packet totals: receive 0, send 0
transit byte totals: receive 0, send 0
transit packet drops: receive 0, seq error 0, send 0
NPE-3#
Many Thanks
Regards
Sherif IsmailHi Xander
First many thanks for your assistance
Have recheked CEs config and they are straight forward. [trunk interface allowing all vlans]
However I have added CE3/PE3 to topolgoy and results were somehow interesting
CE1(ME3800) -- PE1 (ASR9K) --- PE2 (7600) -- PE3 (7600) -- CE3 (ME3800)
|
CE2(ME3800)
Now both CE1/CE2 can ping CE3 but still no communication between CE1 & CE2
Dont know what could be the difference between CE2 & CE3. Only thing that comes to my mind is that with CE2, PE2 is directly connected to PE1. Dont know if this could be a problem or not as in this case MPLS label should be pop but still there is VC label
Another thing I removed "rewrite ingress tag pop 1 symmetric" from all PEs cause with this command CE3 (only) was receiving BPDU with different VLAN ! [dont know if this behavior is normal or not]
interface GigabitEthernet4/2
no ip address
speed 1000
service instance 55 ethernet
encapsulation dot1q 55
rewrite ingress tag pop 1 symmetric
bridge-domain 55
*Oct 24 21:57:14.158: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 2 on GigabitEthernet0/23 VLAN55.
*Oct 24 21:57:14.158: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet0/23 on VLAN0055. Inconsistent local vlan.
*Oct 24 21:57:15.158: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan55, changed state to down
UPE-42#
Once I remove it
UPE-42# *Oct 24 21:59:23.638: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet0/23 on VLAN0055. Port consistency restored
Now what do you think ? :]
Many Thanks
Regards
Sherif Ismail -
ASR9k L2VPN attachment circuit into switch (untagged frame)
Hi guys,
I'm trying to look at the best solution for creating a pseudo-wire on an ASR9k and extending the attachment circuit into either a 6500 or Nexus 6001 switch.
The attachment circuit needs to be untagged so the customer can push whatever VLAN they want onto their frames. The scenario I'm looking at would involve either a Nexus 6001 or 6500 which would sit downstream of the PE and provide the physical presentation to the customer.
I've thought of an EVC using a Dot1q tunnel with each customer associated with an S-tag on the PE and switch, but haven't tested this. Another way might be to use a bridge-domain to link two interfaces together on the PE, but this would still potentially require Q-in-Q to isolate each customer and allow each customer to push whatever C-tags they want onto the frames.
Any help on this would be much appreciated!
Stevethe best way to me, and i've tested this, would be:
customer--(dot1q)--qinq/tunnel----6500----(AC)---(dot1q-SVLAN)ASR9k(mpls)
that way you can provide vlan transparency without having to re-provision each customer. -
EVC Configuration Comparison 7600 vs ASR9k
Just curious to know if anyone has migrated from the 7600 metro series routers to ASR9ks.
specifically, how to translate the following from 7600 to ASR
ingress/egress traffic tagged with vlan200((7600/lo01.1.1.1/int gig3/0/0)(trunk port te1/0/0))<=mpls=>((trunk port te1/0/0)(7600/lo02.2.2.2/int gig3/0/0))ingress egress traffic tagged with vlan200
7600 router with lo0 of 1.1.1.1
using ldp
interface gig3/0/0
service instance 200 ethernet
encapsulation dot1q 200
xconnect 2.2.2.2 999 encapsulation mpls
7600 router with lo0 of 2.2.2.2
using ldp
interface gig3/0/0
service instance 200 ethernet
encapsulation dot1q 200
xconnect 1.1.1.1 999 encapsulation mpls
whats the equivalent on ASR9k?
static or dynamic point to point cross-connects?
l2vpn
xconnect group vlan200_traffic
interface gig0/0/0/3.200 l2transport
encapsulation dot1q 200
neighbor 2.2.2.2 pw-id 999
or
l2vpn
xconnect group vlan200_traffic
p2p vlan200
interface gig0/0/0/3.200
neighbor 2.2.2.2 pw-id 200
not really sure
Regards
JudeAnswered
-
What RFC for MPLS is supported?
Hi,
does anybody know what rfc's regarding mpls are supported by cisco (f.e. ASR9000 or Nexus 7000)?
TiA,
StephanHi Stephan,
this is the list for ASR9k:
RFC 2547, BGP/MPLS VPNs
RFC 2702, Requirements for Traffic Engineering Over MPLS
RFC 2858, Multiprotocol Extensions for BGP-4
RFC 3031, Multiprotocol Label Switching Architecture
RFC 3032, MPLS Label Stack Encoding
RFC 3063, MPLS Loop Prevention Mechanism
RFC 3140, Per Hop Behavior Identification Codes
RFC 3270, Multi-Protocol Label Switching (MPLS) Support of Differentiated Services (E-LSPs only)
RFC 3443, Time To Live (TTL) Processing in Multi-Protocol Label Switching (MPLS) Networks
RFC 3469, Framework for Multi-Protocol Label Switching (MPLS)-based Recovery
RFC 3564, Requirements for Support of Differentiated Services-aware MPLS Traffic Engineering
RFC 4124, Protocol Extensions for Support of Diffserv-aware MPLS Traffic Engineering
RFC 4125, Maximum Allocation Bandwidth Constraints Model for Diffserv-aware MPLS Traffic Engineering
RFC 4127, Russian Dolls Bandwidth Constraints Model for Diffserv-aware MPLS Traffic Engineering
RFC 4379, Detecting Multi-Protocol Label Switched (MPLS) Data Plane Failures.
RFC 3815, Definitions of Managed Objects for the Multiprotocol Label Switching (MPLS), Label Distribution Protocol (LDP)
RFC 4448, Encapsulation Methods for Transport of Ethernet over MPLS Networks
RFC 5462, Multiprotocol Label Switching (MPLS) Label Stack Entry: "EXP" Field Renamed to "Traffic Class" Field.
HTH,
Ivan. -
LLDP trasport over Pseudowire ASR9K
We are trying to transport LLDP over PW and CE devices can not see the LLDP neighbors one CE. Can anyone confirm ASR9K transport LLDP over PW as I did not find LLDP specific information on CCO and its not working ??
www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-1/interfaces/configuration/guide/hc41asr9kbook/hc41ethi.html
We could only see STP neighbor with this setup but not LLDP
Topology :
CE(LLDP Enabled) ------- ASR903 (PW End A)---------MPLS-------------ASR9K( PW End B)----- CE( LLDP Enabled)
IF we move the link from ASR9K to ASR903 , LLDP & STP neighbors can be seen on CE.
ASR9K Configuration :
RP/0/RSP0/CPU0:ASR9K#sh running-config int gig 0/5/1/1
Tue Mar 24 00:56:23.707 IST
interface GigabitEthernet0/5/1/1
mtu 9216
speed 1000
load-interval 30
RP/0/RSP0/CPU0:ASR9K#sh running-config int gig 0/5/1/1.100
Tue Mar 24 00:56:31.582 IST
interface GigabitEthernet0/5/1/1.4002 l2transport
encapsulation dot1q 100
rewrite ingress tag pop 1 symmetric
l2protocol cpsv tunnel
l2vpn
logging
pseudowire
xconnect group ABC_xconnect
p2p ABC
interface gig 0/5/1/1.100
neighbor ipv4 192.168.54.11 pw-id 1001
ASR903 Configuration
S2BLRACPTNXXXACR007#sh run int gig 0/3/4
Building configuration...
Current configuration : 342 bytes
interface GigabitEthernet0/3/4
mtu 9202
no ip address
negotiation auto
no keepalive
service instance 1 ethernet
encapsulation default
l2protocol tunnel stp lldp
xconnect 192.168.53.65 1001 encapsulation mpls
endI think you can create multiple templates and by using CBTS to route the desired traffic over the required TE tunnel combined with CBTS can achieve it
each template can has its own path calculation e.g DS-te or explicit path vs dynamic
hope this help -
NAT444 support on ASR9K without ISM board
Hi
I have a little confusion on ASR9k. we dont have ISM module on ASR9K so we're going to enable NAT444 (CG) , we're not sure this feature can support on this platform without ISM with XR 4.3 MPLS software. Would you please someone to resolve my doubt?
BRYou definitely need an ISM card in your ASR9k to support NAT44. This feature has been supported starting with 4.2.0.
Regards -
Global MTU configuration for ASR9K XR
Hi all,
Is there a command to globally change the MTU for all the interface in ASR9K XR? the default MTU 1518 is too small if I have MPLS enabled.
Thanks.Hi Yuyang,
As far as I know there is no such thing as global or system-wide MTU on ASR9000, you can adjust MTU on each interface or subinterface accordinghly.
wbr
/vadim -
MPLS TRUNK CONFIGURATION on TWO EDGE
Hi
Actually we have a network operate VRF on two EDGE (ASR9000) the diagram is this:
we try to configurate a MPLS conection between ASR (PE-1) and ASR (PE-2) try to use MPLS LDP and use a VRF OAM between this devices but the comunication is not possible
MPLS LDP is the option? or L2VPN or EoMPLS for this connection?
the actually configuration is:
ASR-2
mpls ldp
router-id 172.16.14.1
discovery hello holdtime 30
discovery hello interval 10
graceful-restart
explicit-null
interface Bundle-Ether100
ASR-1
mpls ldp
router-id 172.16.14.2
discovery hello holdtime 30
discovery hello interval 10
graceful-restart
explicit-null
interface Bundle-Ether100
but the VRF OAM only configurated between PE-1 and PE-2 is not neighbord
We don´t know if we are using the correct concept to connect the devices, can help us
thanks
Best RegardsHarold, thanks for your comments
we are making change for your comments and the final diagrame is:
on ASR9K - PE-1 we have configurated VRF, IGP and Conectivity for BUNDLE-Ethe 100 conectivity
ASR9K (PE-1):
vrf OAM
address-family ipv4 unicast
import route-policy pass-all
import route-target
64518:64518
export route-policy pass-all
export route-target
64518:64518
interface Bundle-Ether100
ipv4 address 172.16.14.1 255.255.255.252
interface Loopback10
vrf OAM
ipv4 address 172.16.162.1 255.255.255.255
router ospf 100
router-id 172.16.14.1
mpls ldp sync
mpls ldp auto-config
area 0
interface Bundle-Ether100
mpls ldp
router-id 172.16.14.1
interface Bundle-Ether100
ASR9K (PE-2):
vrf OAM
address-family ipv4 unicast
import route-policy pass-all
import route-target
64518:64518
export route-policy pass-all
export route-target
64518:64518
interface Bundle-Ether100
ipv4 address 172.16.14.2 255.255.255.252
interface Loopback10
vrf OAM
ipv4 address 172.16.162.2 255.255.255.255
router ospf 100
router-id 172.16.14.2
mpls ldp sync
mpls ldp auto-config
area 0
interface Bundle-Ether100
mpls ldp
router-id 172.16.14.2
interface Bundle-Ether100
when we verifying the MPLS neighbor is UP
RP/0/RSP0/CPU0:ED_MEX_1#sho mpls ldp neighbor
Wed May 22 18:29:03.496 UTC
Peer LDP Identifier: 172.16.14.2:0
TCP connection: 172.16.14.2:39527 - 172.16.14.1:646
Graceful Restart: No
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 25/25; Downstream-Unsolicited
Up time: 00:18:46
LDP Discovery Sources:
Bundle-Ether100
Addresses bound to this peer:
172.16.14.2
RP/0/RSP0/CPU0:ED_MEX_2#sho mpls ldp neighbor
Wed May 22 16:24:53.223 UTC
Peer LDP Identifier: 172.16.14.1:0
TCP connection: 172.16.14.1:646 - 172.16.14.2:39527
Graceful Restart: No
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 26/26; Downstream-Unsolicited
Up time: 00:19:19
LDP Discovery Sources:
Bundle-Ether100
Addresses bound to this peer:
172.16.14.1
on OSPF 100 the neighbor is UP
RP/0/RSP0/CPU0:ED_MEX_2#sho ospf neighbor
Wed May 22 16:26:15.169 UTC
* Indicates MADJ interface
Neighbors for OSPF 100
Neighbor ID Pri State Dead Time Address Interface
172.16.14.1 1 FULL/BDR 00:00:31 172.16.14.1 Bundle-Ether100
Neighbor is up for 00:54:34
Total neighbor count: 1
RP/0/RSP0/CPU0:ED_MEX_1#sho ospf neighbor
Wed May 22 18:31:18.614 UTC
* Indicates MADJ interface
Neighbors for OSPF 100
Neighbor ID Pri State Dead Time Address Interface
172.16.14.2 1 FULL/DR 00:00:36 172.16.14.2 Bundle-Ether100
Neighbor is up for 00:54:59
Total neighbor count: 1
but when try to send a PING from Loopback 10 from ASR 1 to ASR 2 ocurre this one and viceverse
RP/0/RSP0/CPU0:ED_MEX_1#ping vrf OAM 172.16.162.1
Wed May 22 18:32:54.046 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.162.1, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
RP/0/RSP0/CPU0:ED_MEX_1#ping vrf OAM 172.16.162.2
Wed May 22 18:32:57.794 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.162.2, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)
the routing table for OAM on ASR-1 is:
RP/0/RSP0/CPU0:ED_MEX_1#sho route vrf OAM
Wed May 22 18:33:59.485 UTC
Codes: C - connected, S - static, R - RIP, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, - FRR Backup path
Gateway of last resort is not set
L 172.16.162.1/32 is directly connected, 00:34:13, Loopback10
for ASR-2
RP/0/RSP0/CPU0:ED_MEX_2#sho route vrf OAM
Wed May 22 16:30:23.400 UTC
Codes: C - connected, S - static, R - RIP, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, - FRR Backup path
Gateway of last resort is not set
L 172.16.162.2/32 is directly connected, 00:34:47, Loopback10
i don´t know if need something on OSPF
Best Regards -
Could ASR9K performe NAT without ISM?
Hi
You need CGN on ISM LC, and also CGN licences for the same
Regards,
Sandip -
I have simple hub and spoke topology with ASR9K used as a hub and ASR1K's as spokes. ASR9K configured for l2vpn domain:
interface Loopback0
ipv4 address x.x.a.144 255.255.255.255
l2vpn
bridge group group_name
bridge-domain bd441
neighbor x.x.x.147 pw-id 441
neighbor x.x.y.127 pw-id 441
neighbor x.x.z.40 pw-id 441
routed interface BVI441
Two of ASR1K connected works fine, but x.x.x.147 (IOS XE 3.5.0) still shows VC status down.
Here is detailed debug outputs and configuration from x.x.x.147:
mpls label range 16000 1048575
mpls ldp router-id Loopback1 force
mpls ip
interface Loopback1
ip address x.x.x.147 255.255.255.255
interface TenGigabitEthernet0/1/0.441
encapsulation dot1Q 441
xconnect x.x.a.144 441 encapsulation mpls
interface TenGigabitEthernet1/0/0.997
encapsulation dot1Q 997
ip address x.x.g.194 255.255.255.252
mpls ip
router ospf 1
router-id x.x.x.147
redistribute connected subnets
network x.x.g.192 0.0.0.3 area 0
ASR1K#show mpls l2transport vc 441 detail
Local interface: Te0/1/0.441 up, line protocol up, Eth VLAN 441 up
Destination address: x.x.a.144, VC ID: 441, VC status: down
Output interface: none, imposed label stack {}
Preferred path: not configured
Default path: no route
No adjacency
Create time: 00:01:54, last status change time: 00:01:54
Signaling protocol: LDP, peer x.x.a.144:0 up
Targeted Hello: x.x.x.147(LDP Id) -> x.x.a.144, LDP is UP
Status TLV support (local/remote) : enabled/supported
LDP route watch : enabled
Label/status state machine : remote ready, LndRru
Last local dataplane status rcvd: No fault
Last BFD dataplane status rcvd: Not sent
Last local SSS circuit status rcvd: DOWN(not-forwarding)
Last local SSS circuit status sent: Not sent
Last local LDP TLV status sent: None
Last remote LDP TLV status rcvd: No fault
Last remote LDP ADJ status rcvd: No fault
MPLS VC labels: local unassigned, remote 16887
PWID: 4563
Group ID: local unknown, remote 47
MTU: local unknown, remote 1500
Remote interface description: Access PW
Sequencing: receive disabled, send disabled
Control Word: Off (configured: autosense)
VC statistics:
transit packet totals: receive 0, send 0
transit byte totals: receive 0, send 0
transit packet drops: receive 0, seq error 0, send 0
ASR1K(config-subif)# no xconnect x.x.a.144 441 encapsulation mpls
ASR1K(config-subif)# xconnect x.x.a.144 441 encapsulation mpls
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: FSM init LndRnd
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: Dataplane : No fault
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: FFD : No fault
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: AC status DOWN(not-forwarding)
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: Provisioned
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: Evt provision, idle -> provisioned
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: . Provision vc
Jan 12 14:49:25.644 EET: AToM LDP[x.x.a.144, 441]: LDP OPEN request
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: . NMS: VC oper state: DOWN
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: . NMS: err codes: no-fwdg
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: SYSLOG: VC is DOWN, PW Err
Jan 12 14:49:25.644 EET: AToM LDP[x.x.a.144, 441]: Signaling peer-id of VC changed to x.x.a.144
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: Evt remote ready, provisioned -> remote ready
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: . Receive remote vc label binding, instance 1
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: . Adjacency : No fault
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: .. S:Evt ADJ up in LndRnd
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: .. S:Evt dataplane clear fault in LndRnd
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: . Check if remote connected
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: .. Remote label is ready
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: .... S:Evt remote ready, LndRnd -> LndRrd
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: .... S:Evt remote up, LndRrd -> LndRru
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: .... S:Act send SSS(UP)
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: ..... [no service]
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: .... S:Evt ADJ up in LndRru
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: .... S:Act send SSS(UP)
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: ..... [no service]
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: .. Yes, connected
Jan 12 14:49:25.644 EET: AToM LDP[x.x.a.144]: Hello adj created with local address 0.0.0.0
Jan 12 14:49:25.644 EET: AToM LDP[x.x.a.144]: Opening session, 1 clients
Jan 12 14:49:25.644 EET: ldp-trgtnbr: x.x.a.144 -> x.x.a.144 Req active by client, MPLS AToM Circuit
Jan 12 14:49:25.644 EET: ldp-trgtnbr: Created avl tree for vrf default
Jan 12 14:49:25.644 EET: ldp-trgtnbr: x.x.a.144 allocated
Jan 12 14:49:25.644 EET: ldp-trgtnbr: x.x.a.144 Set peer start; flags 0x10
Jan 12 14:49:25.644 EET: ldp: ldp start; tbl 0
Jan 12 14:49:25.644 EET: ldp-trgtnbr: x.x.a.144 Defer peer cleanup; cleancnt 1
Jan 12 14:49:25.644 EET: ldp-trgtnbr: x.x.a.144 Set peer finished; flags 0x1F
Jan 12 14:49:25.644 EET: ldp-trgtnbr: x.x.a.144 ref count incremented to 1
Jan 12 14:49:25.644 EET: AToM LDP[x.x.a.144]: Session is up
Jan 12 14:49:25.644 EET: AToM LDP[x.x.a.144, 441]: LDP open
Jan 12 14:49:25.644 EET: AToM LDP[x.x.a.144, 441]: Signaling peer-id of VC changed to x.x.a.144
Jan 12 14:49:25.644 EET: AToM LDP[x.x.a.144, 441]: LDP UP
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: Evt ldp up in remote ready
Jan 12 14:49:25.644 EET: AToM[x.x.a.144, 441]: . Take no action
As for me VC still down becouse local SSS circuit still down.
Last local SSS circuit status rcvd: DOWN(not-forwarding)
I try to compare two debug outputs from this one and working ASR1K and see that's in work case session continues with suc
Jan 12 14:10:59: AToM MGR [x.x.a.144, 441]: Receive SSS STATUS(UP)
Jan 12 14:10:59: AToM MGR [x.x.a.144, 441]: . AC status UP
Jan 12 14:10:59: AToM MGR [x.x.a.144, 441]: ... S:Evt local up, LndRru->LnuRru
Jan 12 14:10:59: AToM MGR [x.x.a.144, 441]: .. Event local ready, state changed from remote ready to establishing
Jan 12 14:10:59: AToM MGR [x.x.a.144, 441]: .... Alloc local binding
What "SSS" mean, why it has status down and how to fix it?
ASR1K#show int TenGigabitEthernet 0/1/0.441
TenGigabitEthernet0/1/0.441 is up, line protocol is up
Thanks for any ideasHello,
from the logs I see the following:
1) There is no local MTU learnt. Could you please configure a MTU value on the local interface. You may configure a service instance on the router and then assign a MTU value to that service instance. this shall help to sync up the MTU between the ASR9k and the ASR1k
2) There is no local label seen. The above may be the cause for the same.
Please check and let me know if that helps.
Regards
Vinit -
ASR9k 4.3.4 SP6 installation and handling
Hello!
I recently installed SP6 for 4.3.4. The three mandatory SMUs were installed before that, so all went well. After the activation of the SP6 pie, the pie was both in active and in inactive list. After removing all inactive PIEs and SMUs the final show install active summary looks like this
RP/0/RSP0/CPU0:A9k#show ins active summary
Mon Mar 30 10:36:58.732 EEST
Default Profile:
SDRs:
Owner
Active Packages:
disk0:asr9k-mini-px-4.3.4
disk0:asr9k-base-4.3.4.sp6-1.0.0
disk0:iosxr-mgbl-4.3.4.sp6-1.0.0
disk0:iosxr-ce-4.3.4.sp6-1.0.0
disk0:iosxr-mcast-4.3.4.sp6-1.0.0
disk0:asr9k-fwding-4.3.4.sp6-1.0.0
disk0:asr9k-cpp-4.3.4.sp6-1.0.0
disk0:asr9k-os-mbi-4.3.4.sp6-1.0.0
disk0:iosxr-fwding-4.3.4.sp6-1.0.0
disk0:iosxr-routing-4.3.4.sp6-1.0.0
disk0:iosxr-mpls-4.3.4.sp6-1.0.0
disk0:iosxr-infra-4.3.4.sp6-1.0.0
disk0:asr9k-doc-px-4.3.4
disk0:asr9k-fpd-px-4.3.4
disk0:asr9k-mcast-px-4.3.4
disk0:asr9k-mgbl-px-4.3.4
disk0:asr9k-mpls-px-4.3.4
disk0:asr9k-k9sec-px-4.3.4
RP/0/RSP0/CPU0:A9k#
As I understand the SP6 has broken down to sub-pies for every package active on the box. So my questions are:
1. Can this be a problem for future SP or SMU installation under 4.3.4?
2. What we have to do if we want to add another package on the box, for example BNG? Do we have to add and activate SP6 pie again in order BNG_SP6 to be activated. If yes, can this affect the SP6 packages already activated ?
3. If we go for upgrade to 5.1.3 on this box, (without TURBOBOOT), are we expecting any problems with the current activated SMUs ?
Thank you,
Hristo1. By pie do you mean base packages were removed? Those should never be fully superceded. If you just meant the SMUs then as long as it is fully superceded (show install supercede) then it should only show up in inactive and install remove inactive should work.
2. If you wanted to add BNG after a SP then you would need to activate the SP again after the activation of the BNG pie. This may or may not require a reload, depends on the fixes etc in the SP
3. Shouldn't be any issues getting to 5.1.3, just make sure to follow the upgrade guide. Also since you already have a SP installed in 4.3.4 you can do an install activate with 5.1.3 base packages and a SP all at once plus use FPD auto-upgrade. If you were on 4.3.4 with no SP yet then you could not do this, this is because pre 5.1.1 had no concept of a SP (hence the SMUs needed to support SPs).
HTH,
Sam
Maybe you are looking for
-
Some of the build-in panels are grouped with my plugin's panel in InDesign CC
My settings for PanelList look like this: resource LocaleIndex (kSDKDefPanelResourceID) { kViewRsrcType, { kWildFS, k_Wild, kSDKDefPanelResourceID + index_enUS } /* PanelList definition. resource PanelList (kSDKDefPanelResourceID) // 1st panel
-
Possible entries for selection screen field
Hi, I have created a custom DDIC table Z_TAB which contains 3 fields of type char. The table contains about 100 rows of data. I want that at the selection screen, for each selection field a list of entries in the table should appear. E.g. Data rows:
-
I have PSE 7 & 10 & 11. These are installed on various machines. Win 8 laptop = PSE 11. MacBook = PSE 10, iMac = PSE 7, PC workstation Win 7 = PSE 10 & PSE 11. I can open NEF, NRW, RW2, DNG on any machine except PC Workstation. PC workstation Win 7 w
-
Is it possible to show frame edges in design mode?
Is it possible to show frame edges in design mode?
-
Converting an XDCAM 1080/60i 35 VBR timeline to SD 16:9 quicktime
I've created a project in an XDCAM 1080/60i 35VBR timeline. I'd like to export a standard definition 16 x 9 quicktime out of it for presentation purposes to people without the facility to play XDCAM discs. I know I can do this with FCP and/or Compres