Cisco & Juniper MPLS

Hi,
I am going to setup MPLS between some Cisco routers, switchs and Juniper routers. Is there anything need to pay attention to?
Thanks!

Hi Harold Ritter,
As a part of your conversation. I would like to clarify one doubt. As my knowledge I know if we want to enable MPLS
in Cisco routers we should enable CEF first. Because then it can create adjaceny table and FIB and based on FIB it can create LFIB. My doubt is how about the same in other vendor routers( eg:Alcatel, Juniper). How those routers creates LFIB and eanble on routers. What all routing table structures they(other vendors)use to fuction MPLS and which table is equivalent of adjaceny table .I expect your precious reply for the same.
Thanks,

Similar Messages

Administration of ASA5520 and cisco router mpls 1900

Hi
i just want to administor cisco
ASA5520 and cisco router mpls 1900
can some tell me as admin what to check as u get into office /reguraly in cisco asa 5520 and vpn mpls router for administrator ,right now its working as configured by supplier for remote sites to connect HQ and access several server
My interest to know what are the basic day to day checkup on cisco asa5520 working as ips and cisco asa 5520 working as content filtering and cisco vpn mpls
thx ,attached pic for ur view
J

Hello Malai,
This question is subjective, I mean you can check the statistics on the CSC module for logs of the users going to blacklisted sites.
You can check the CPU for the ASA's and IPS.
You can monitor the amount of traffic traversing the interfaces of the ASA, you can determine witch host is using most of the bandwith,etc.
Its pretty basic administration stuff
Regards,
Julio
Rate all the helpful posts

FRoMPLS between Cisco & Juniper

Hi!
I'm trying to set up a FRoMPLS connection between a Cisco and a Juniper router. The same config. works fine between Ciscos.
The mpls l2transport vc is not working.

The CW is find. The Martini draft specifies that the CW is required but that its use is optional. It the case it is not used it has to be set to 0, which is the case here.
So what doesn't work now. You can't pass traffic from one CE to the other?

Cisco huawei mpls l2vpn

Hi All,
While i m doing for the remote ldp formation between this devices of cisco 3600 & huawei 5700,
attached the configs of these 2 nodes.what could be the possible reason for this..
witch(config-router)#do sh mpls l2 vc
Local intf Local circuit Dest address VC ID Status
Vl2292 Eth VLAN 2292 10.50.1.1 2292 DOWN
VFI 2293 vfi 10.50.1.1 2293 DOWN
Switch(config-router)#do sh mpls l2 vc det
Local interface: Vl2292 down, line protocol down, Eth VLAN 2292 down
Destination address: 10.50.1.1, VC ID: 2292, VC status: down
Last error: Local peer access circuit is down
Output interface: none, imposed label stack {}
Preferred path: not configured
Default path: no route
No adjacency
Create time: 04:16:50, last status change time: 04:20:09
Last label FSM state change time: 04:16:49
Signaling protocol: LDP, peer unknown
Targeted Hello: 10.50.2.2(LDP Id) -> 10.50.1.1, LDP is DOWN, no binding
Graceful restart: not configured and not enabled
Non stop routing: not configured and not enabled
Status TLV support (local/remote) : enabled/None (no remote binding)
Thanks
anand

Hi Nagendra,
This is directly connected switch for which i ma trying to establish a remote ldp,
sh mpls interfaces, states the tu1 as down, is there anything wrong in here
Switch# show mpls interfaces
Interface IP Tunnel BGP Static Operational
Vlan21 Yes (ldp) No No No Yes
Tunnel1 Yes No No No No
interface Tunnel1
ip unnumbered Loopback0
mpls ip
mpls label protocol ldp
tunnel destination 10.50.1.1
end
also the preferre path in
pseudowire-class TEST
! Incomplete config [Unconfigured or invalid tunnel interface]
encapsulation mpls
preferred-path interface Tunnel1 disable-fallback
! Incomplete or invalid tunnel interface
Please suggest on this..
Thanks
kumar

Cisco 7600 MPLS and set Qos group

Hi, i'm am trying to use to following class-maps and policy maps on a Cisco 7600. The same maps have been used on both 3700 series and 7200 series. However when i try to apply IP_TO_MPLS_OUT and MPLS_TO_IP_IN on the 7600 (with SUP32 and 48 port gigabit blade) i get a message on the console
"set qos group" not supported.
I used the QoS group to carry the MPLS EXP value (as label would is popped) and this works well.
How can i get the QoS group to work on the 7600, if not is there a valid workaround?
Many thanks for your help.
policy-map IP_TO_MPLS_OUT
class qosgrp5
set mpls experimental topmost 5
priority percent 10
class qosgrp4
bandwidth remaining percent 50
set mpls experimental topmost 4
class qosgrp2
bandwidth remaining percent 20
set mpls experimental topmost 2
class class-default
bandwidth remaining percent 30
random-detect
set mpls experimental topmost 1
policy-map CE_OUT
class qosgrp5
set ip precedence 5
class qosgrp4
set ip precedence 4
class qosgrp2
set ip precedence 2
policy-map MPLS_TO_IP_IN
class MPLS_EXP5
set qos-group 5
class MPLS_EXP4
set qos-group 4
class MPLS_EXP2
set qos-group 2

Hi,
I'm not aware that you can use qos groups on c7600 (LAN ports ?).
For the MPLS_TO_IP direction you can use 'mpls propagate-cos' on the egress interface as workaround. This rewrites the egress IP ToS with the internal DSCP (which is inferred from the topmost MPLS label).
For the IP_TO_MPLS direction you could just match on the original DSCP ?
cheers,
Stefan

Mpls over atm ppp over aal5

Hi,
Does cisco support mpls over atm-ppp-llc
per RFC 2354(PPP over AAL5).
Something like a scenario if Cisco acts as a PE and it gets frames with mpls over atm-ppp-llc from a connected CE ,is it supported in cisco , or it will drop the frames ?
Running mpls over ce-pe link is mandatory for the specific scenario.
Thanks
Thanks in advance

Hello,
The MPLS should be supported also on PPP over AAL5. Simply use the "mpls ip" command on the Virtual-Template or the Dialer interface you are using on top of the ATM VC to set up the PPP interface.
The 3640 with proper IOS can support the PE functions. The Enterprise feature sets should be equipped with all features necessary to provide a PE router functionality - basically, the VRF, MPLS, LDP, MPLS VPN support, BGP, BGP VPNv4 support, IGP protocols with VRF support and that should be sufficient.
Best regards,
Peter

MPLS Route Descriptor? What is it?

What is an MPLS Route Descriptor?
I'm trying to find a good definition of examples.
Thank you

Hi,
This book is one of the best MPLS books:
Cisco Press MPLS Fundamentals Nov 2006 by Luc De Ghein, CCIE No. 1897
You can also review the BGP/MPLS VPNs RFC:
http://www.rfc-editor.org/rfc/rfc2547.txt
And you can also review this document for briefing about configuring RD:
http://www.cisco.com/en/US/docs/ios/12_1/switch/command/reference/xrdscmd4.html#wp1035035
HTH,
Mohammed Mahmoud.

Job Requirements - MPLS experience

I'm a CCNP and have decent experience in the industry, however I have not worked for a service provider and do not have direct MPLS experience - only the education required for the CCNP tests. My understanding of MPLS is that it is a service provider technology that allows that provider to securely, quickly and efficiently provide virtual networks for their clients which will allow internal addressing to span the provider network, even if multiple clients use the same internal addressing. The end clients only use their standard routing protocols across the provider network and do not need to know anything about MPLS since it is transparent to them. Lately I’ve been seeing a few whitepapers that talk about using MPLS within large campus environments but I would be a bit surprised to see this used a lot because of the size of the campus that be able to gain the benefits of using it. (am I wrong?)
What I’m seeing lately though is that there are a lot of job advertisements that are looking for MPLS experience and are not talking to you unless you have it. In your opinion are they looking for 1) a former service provider engineer, 2) a person who worked for a client who used MPLS and although they won’t directly implement it they want someone familiar with it to support their traffic going across the MPLS, 3) someone to locally implement MPLS (and therefore my supposition from above IS wrong) or 4) they are looking for someone to continue to ‘bull’ them and tell them that they have experience when they don’t really have it?
I’m looking for opinions regarding the job economy out there. I know that you can’t know for sure what they are looking for unless you’ve placed the ad yourself. Please feel free to educate me as well if I’m making wrong assumptions. Thanks.

actually, i could suggest cutting up your network and using bgp (ibgp not ebgp (unless you use a confed). the igp would be there to support ibgp. ibgp carries your IPv4 'customer' routing as it gives good control of ipv4 routing information flow (using tools like communities). this leaves the igp free to just support the infrastructure.
if you then throw mpls into the mix, it allows you to run multiprotocol bgp on top of the igp and ipv4 bgp. it also facilitates easy layer 2 circuits over your ip infrastructure (atom eompls), and engineer how those circuits work (mpls-te). mp-bgp also allows you to run mpls layer 3 vpn's (address-family vpnv4), which you could use as an alternative vlan technologies. when you are dealing with vlans, it is probably more difficult to control routing info flow between vlans - you need private vlans, acls etc, and you also need to extend this layer 2 across your network, introducing stp into the backbone. basically, i think managing l2 networks is more of a headache than managing l3 networks
with mpls layer 3 vpn, you can use overlapping vpns to achieve similar results to vlans, but without the l2 headache. it also allows you to easily run centralized services such as DHCP/NAT, provide multicast services inside mpls vpns, and provide internet access methods as well.
if you then think that you can provide ipv6 over an ipv4 network (without migrating to ospfv3 or isis or running 6to4 tunnels) using mp-bgp cisco 6pe, it makes it an attractive method of migrating to ipv6 without disrupting your core.
get hold of a book and read about overlapping vpns... cisco press mpls vpn architectures. you will then see the benefits of this over some enterprise type technologies.

Cat3750 Metro

Hi.
I have a question regarding cat3750 QoS and EoMPLS.
I am considering deploying a cat3750 metro for 2 services:
1) Ethernet best effort access
2) L2 VPN (Transparent LAN with custommer VLANs)
The setup would be custommer facing cat3750 metro and a 7204VXR in the main POP.
In situation #1 the cat3750 would be the L3 gateway for the custommer and i would need to do 2 stage traffic shaping. Stage 1, custommer physically connected to a port on cat3750 is being shaped up to lets say 10Mbps. Since it's shared bandwidth service, there would be Y number of customers per group of same 10Mbps egressing the switch so in stage 2 i need to re-shape the aggregate traffic to the same 10Mbps egressing the switch.
Situation #2 is TLS service from location A to location B with a cat3750 on each end with custommer connected to both. Also 7204VXR are at both edges (PE) with Juniper MPLS routers oin the core.
Situation #2 should have priority over #1.
Would this be possible with a cat3750 and 72xx ?
Thanx
Paul

The following document and some of the links in the document give you a better idea,
http://www.cisco.com/en/US/about/ac123/ac114/ac173/ac205/about_cisco_packet_feature09186a0080101513.html

QVPN for Linux?

Is there a QVPN Client equivalent for Linux?
After some struggles, I have QVPN 1.4.1.2 working properly on my laptop, and when running under Vista it will connect to my WRVS4400N. However, I run Ubuntu Linux most of the time (it's a dual boot laptop) and it would be great to have a native QVPN clone for Linux that works with the WRVS4400N.
QVPN running under under Linux Wine will connect but it requires an IP address (vs. a domain name) to connect, and once connected it fails with ping problems. I have QVPNworking properly in an Oracle Virtualbox Linux Host and a Vista Guest machine, but as always Vista is slow, buggy, etc.
I have explored the various options inside the Linux network connection manager, (anyconnect, VPNC, StrongSwan, OpenVPN, PPTP) and none of them offer the same sort of username, password, and certificate mechanism that it required by QVPN and the WRVS4400N.
So does Cisco or any other supplier have a QVPN clone / equivalent for Linux that will work with the WRVS4400N?
Thanks!

Thanks for the reply, but I'd rather not purchase a VPN client when linux has a number of opensource cllients available. What I am lacking is any documentation or guidance from Cisco regarding how to configure a linux client. Are you familiar with the linux network manager applet? see: http://projects.gnome.org/NetworkManager/ It supports the following VPN types:
Cisco Anyconnect Compatible VPN (openconnect) ~ compatible with Cisco Anyconnect SSL VPN
Cisco Compatible VPN (vpnc) ~ compatible with various Cisco, Juniper, Netscreen, and Sonicwall IPSec-based VPN Gateways
IPSec/IKEv2 (strongswan) ~ IPsec with IKEv2 key exchange protocol
OpenVPN ~ Compatible with the OpenVPN server
Point-to-Point Tunnelling Protocol (PPTP) ~ Compatible with Microsoft and other PPTP VPN Servers
In reviewing these various client types, I am not sure which one to use, where to install the client certificate, etc. Some of these client methods require a specific flavor of 3DES, authentication, and other protocol/parameter settings. Excuse the rant, but Cisco is clearly remiss in not providing clients for all popular OS's, or at a minimum for not providing documentation that would enable the WRVS4400N VPN functions to be used with clients other than QVPN and OS's other than Windows.
In Windows, QVPN requres a username, password, server address, port, and installing the client certificate .PEM in the appropriate directory, disabling block WAN request in the router, etc. ~ but all of the protocols and configuration details that are being used are undocumented making it difficult to impossible properly use or configure a client other than QVPN.
Has anyone at Cisco (or a participant in this forum) used a Linux client to connect to the WRVS4400N? If so, how should it be configured?
Thanks

Servers and no routers

150 hosts
6 servers
miles of wire in a moderate sized building
no routers
only $15-$20 switches
how normal is this approach to routing a school
with ip phones, wifi... etc... using permissions on servers instead of routers?

I'm not sure what you're asking. Because you've mentioned there is no router, are you concerned with wanting to offer internet connectivity, or are you just concerned that the cheapo switches or hubs are being use, or both?
And yes, I've seen this setup numerous times with various customers on a budget. Hey, it works, not really efficiently since the retail-box store switches have more like a (going on memory) a 70% efficiency rate of packets drops.
For switches that you can't buy at Best Buy or any other retail box store, such as a 48 port Linksys Business class switch to a 48 port Cisco Catalyst, they are really close to efficiency, but of course the Cisco version has more features. The following
is 6 years old, and I can't find the link I was thinking about when I mentioned the 70% info above, but this gives you an idea.
Buying the best switch: Linksys vs. Cisco
http://www.techrepublic.com/article/buying-the-best-switch-linksys-vs-cisco/
The answer is, you're best bet is if you are budget conscious, to get a Linksys business class switches, and if not, get a Cisco switch. But for 150 + 6 servers, you would need stackable switches, because with the multiple 24 or 48 port switches (you didn't
mention what you have), there will definitely be packet drops and delays if they are setup in a spanning tree. The higher end stackable switches are interconnected through a fiber backbone so they all are literally on the same "switch" efficiency wise.
Yea, you'll pay for it, but the results is a much, much faster network with less packet drops. Contact your Cisco, Juniper, or whatever, channel partner for switch suggestions and pricing.
And if you want internet connectivity, then a Cisco ASA 550x series would work fine. That is if you do want it, but not sure based on your post. I wouldn't use Windows RRAS for this. It's best to use a dedicated device that is designed for this.
Ace Fekay
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
This post is provided AS-IS with no warranties or guarantees and confers no rights.

PE-CE Dynamic routing

I am running a PE-CE vpn routing. Now my client wants to access a particulat ip which is on internet and may be the demand can be increased and he doesnot want to add the addtional static routes for this. Can we have any routing solution which can solve the purpose. Please post your comments.
regards
shivlu

Hi Shivlu,
What i understand is, This is an VPN customer and you running dynamic routing protocol (RIPv2/OSPF/EIGRP/BGP) as PE-CE, the customer want to access specific destination address on the internet (google.com) for example, so now we talking about how to make this route reachable through the customer VPN, i think Route Leaking in MPLS/VPN will solve your issue, but in this case you should consider the customer address space issue, i mean how the customer private routes will talk to internet destination, there is a NAT device should be in the path to NAT the customer private address.
This is a very simple URL by Cisco explaning MPLS Route Leaking:
http://www.cisco.com/en/US/tech/tk436/tk832/technologies_configuration_example09186a0080231a3e.shtml
In this case you will add 2 static routes on your PE and redistribute it by the customer PE-CE routing protocol.
Correct me if i didn't get your point
Best Regards,
Mounir Mohamed

What is the maximum number of physical link we can bind to a ether-channel and port-channel

Hi,
I was studying about port-channel & ether-channel and found that, it can be bind up-to 8 ports. So maximum number, we can have of 8 ports or more ?
For binding we should have minimum of 2 ports or 1 ports will work ? For load-balancing purpose, is the port no. would be in a bundle of 2,4 and 8 ?
Thanks

Hi Kathik,
I have gone through one document. It's saying the below mentioned things :
Jun 7, 2012 9:36 PM (in response to Sarabjit)
Re: What is the maximum number of etherchannels we can have?
The maximum number of Etherchannels varies from platform to platform. The maximum number of ports in an etherchannel is either 8 ro 16 depending on the platform. The minimum number of ports in an etherchannel bundle is 1.
Jun 8, 2012 1:27 AM (in response to Sarabjit)
Re: What is the maximum number of etherchannels we can have?
Etherchannels is a Cisco term. Other vendors call them 802.3ad trunks. It's common to see something like this in datasheets:
48 ports 10/100/1000 Mbit/s
802.3ad:
Maximum of 32 groups
Maximum of 8 ports per group
The document url is https://learningnetwork.cisco.com/thread/43680
The another document says the below mentioned things :
Matrix of Load Balancing Methods
This matrix consolidates the load balancing methods that this document describes:
Platform
Address Used in XOR
Source-Based?
Destination-Based?
Source-Destination-Based?
Load Balancing Method—Configurable/Fixed?
6500/6000
Layer 2, Layer 3 addresses, Layer 4 information, or MPLS information2
Yes
Yes
Yes
Configurable
5500/5000
Layer 2 address only
Yes
Cannot change the method
4500/4000
Layer 2, Layer 3 addresses, or Layer 4 information
Yes
Yes
Yes
Configurable
2900XL/3500XL
Layer 2 address only
Yes
Yes
Configurable
3750/3560
Layer 2 or Layer 3 address only
Yes
Yes
Yes
Configurable
2950/2955/3550
Layer 2 address only1
Yes
Yes
—1
Configurable
1900/2820
These platforms use a special method of load balancing. See theCatalyst 1900/2820 section for details.
8500
Layer 3 address only
Yes
Cannot change the method
1 For the 3550 series switch, when source-MAC address forwarding is used, load distribution based on the source and destination IP address is also enabled for routed IP traffic. All routed IP traffic chooses a port based on the source and destination IP address.
2 For the 6500 series switches that run Cisco IOS, MPLS layer 2 information can also be used for load balancing MPLS packets.
The document url is http://www.cisco.com/c/en/us/support/docs/lan-switching/etherchannel/12023-4.html
Another document says the below mentioned things for load-balancing :
inally, here is full list of valid load-distribution methods:
•dst-ip—Load distribution on the destination IP address
•dst-mac—Load distribution on the destination MAC address
•dst-port—Load distribution on the destination TCP/UDP port
•src-dst-ip—Load distribution on the source XOR destination IP address
•src-dst-mac—Load distribution on the source XOR destination MAC address
•src-dst-port—Load distribution on the source XOR destination TCP/UDP port
•src-ip—Load distribution on the source IP address
•src-mac—Load distribution on the source MAC address
•src-port—Load distribution on the source port
The document url is https://learningnetwork.cisco.com/thread/63064
Please suggest.

Implementing QOS

I want to implement QOS for VOIP traffic between Branch Office IP phones and Headoffice PABX.
Basic network diagram is as follows
Nortel IP PHONES (Branch Office)
|
L2 ordinary Switch
|
Cisco 1841
|
|
-----MPLS WAN-----
|
|
Cisco 1841
|
Cisco ASA
|
Cisco 3560 (with multiple VLANs)
|
NORTEL PABX (Headoffice)
Regards,
Muhammad

hello muhammad,
you will need to configure a low-latency queueing strategy giving priority & bandwidth allocation to voice traffic. you can use this sample config and build upon this:
router(config)# class-map voice
router(config-cmap)# match access-group 102
router(config)# policy-map policy1
router(config-pmap)# class voice
router(config-pmap-c)# priority 50
router(config-pmap)# class bar
router(config-pmap-c)# bandwidth 20
router(config-pmap)# class class-default
router(config-pmap-c)# fair-queue
router(config)# access-list 102 permit udp host 10.10.10.10 host 10.10.10.20 range
16384 20000
router(config)# access-list 102 permit udp host 10.10.10.10 host 10.10.10.20 range
53000 56000
interface serial0/1
service-policy output policy1
if you have other traffics, u can configure the classmaps accordingly... you can read about LLQ for more info:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ftllqpct.htm
hope this helps..all the best.. rate replies if found useful..
Raj

CE's on same subnet (Tunnel?)

I have a requirement to setup a VRF over 2 PE's where there is a CE hanging of each PE running the same subnet (192.168.5.n/24) - The CE's addressing cannot be modified.
I'm assuming I will need to setup a tunnel?
Any suggestions greatly appreciated.

Paresh,
In the example URL I provided( http://book.itzero.com/read/cisco/0510/Cisco.Press.MPLS.Configuration.on.Cisco.IOS.Software.Oct.2005.eBook-DDU_html/1587051990/ch11lev1sec2.html ), it states there is no awareness of the MPLS backbone to the end-user routers:
"There is no requirement that the VLAN identifier should be the same at both the ends. The most important detail is the VC identifier. The value 100 is used on both PE1 and PE2. From the end-user perspective, the EoMPLS service appears as an extension of their Ethernet segment (or in this case, a VLAN). There is no awareness of the MPLS backbone to the end-user routers"
The sample vlan config also doesn't mention any requirement to have MPLS out to CE's:
PE1(config)#interface FastEthernet5/0.100
PE1(config-subif)# encapsulation dot1Q 100
PE1(config-subif)# no cdp enable
PE1(config-subif)# xconnect 10.10.10.102 100 encapsulation mpls
PE2(config)#interface FastEthernet5/0.100
PE2(config-subif)# encapsulation dot1Q 100
PE2(config-subif)# no cdp enable
PE2(config-subif)# xconnect 10.10.10.101 100 encapsulation mpls
Unless Im missing something?

Cisco & Juniper MPLS

Similar Messages

Maybe you are looking for