LDP on MPLS VPN?

I have an MPLS VPN configured between two PEs. I haven't enabled LDP, but when i do ' show mpls ldp binding' i see some label binding info.
Does LDP get enabled automatically when i configure L3VPN or what does it do?
thanks
Gopal.

If you do a "show ip cef" for the egress PE loopback address and the egress interface is a tunnel then you are definitely using RSVP.
In the case of MPLS VPN, when a packet is received from the MPLS cloud, the outer label will already be stripped by the P router (Penultimate Hop Popping) as you mentioned. The egress PE will lookup the inner label in the LFIB (not the LIB) and forward the packet to the proper VRF interface.
The LIB is actually not used to forward packets but rather as input, along with the FIB, to create the LFIB.
Here's a summary of what forwarding table is used per device:
ingress PE: FIB
P router(s): LFIB
egress PE: FIB (in the case there is no inner label) and LFIB (in the case there is a inner label)
Let me know if I answered your questions,

Similar Messages

GRE with VRF on MPLS/VPN

Hi.
Backbone network is running MPLS/VPN.
I have one VRF (VRF-A) for client VPN network.
One requirement is to configure another VRF (VRF-B) for this client for a separate public VRF connection.
Sub-interfacing not allowed on CE-to-PE due to access provider limitation.
So GRE is our option.
CE config:
Note: CE is running on global. VRF-A is configured at PE.
But will add VRF-B here for the requirement.
interface Tunnel0
ip vrf forwarding VRF-B
ip address 10.12.25.22 255.255.255.252
tunnel source GigabitEthernet0/1
tunnel destination 10.12.0.133
PE1 config:
interface Tunnel0
ip vrf forwarding VRF-B
ip address 10.12.25.21 255.255.255.252
tunnel source Loopback133
tunnel destination 10.12.26.54
tunnel vrf VRF-A
Tunnel works and can ping point-to-point IP address.
CE LAN IP for VRF-B is configured as static route at PE1
PE1:
ip route vrf VRF-B 192.168.96.0 255.255.255.0 Tunnel0 10.12.25.22
But from PE2 which is directly connected to PE1 (MPLS/LDP running), connectivity doesnt works.
From PE2:
- I can ping tunnel0 interface of PE1
- I cant ping tunnel0 interface of CE
Routing is all good and present in the routing table.
From CE:
- I can ping any VRF-B loopback interface of PE1
- But not VRF-B loopback interfaces PE2 (even if routing is all good)
PE1/PE2 are 7600 SRC3/SRD6.
Any problem with 7600 on this?
Need comments/suggestions.

Hi Allan,
what is running between PE1 and PE2 ( what I mean is any routing protocol).
If No, then PE2 has no ways of knowing GRE tunnel IP prefixes and hence I suppose those will not be in its CEF table...
If Yes, then check are those Prefixes available in LDP table...
Regards,
Smitesh

Configuring MPLS VPN using static routing

Hi,
I am managed to set up a BGP/MPLS VPN in a laboratory using CS3620 routers running IOS 12.2(3) with ISIS. I am thinking of using static routes among the PE and P routers instead of a IGP. Does anyone know if Cisco routers supports static configuration of LSP? I have tried but could not get it work.

You can very well run MPLS with static routing in the core, as in Cisco we have to meet 2 criterias to have a MPLS forwarding Table.
1) Creating the LIB
This thing lies in having LDP neighborship netween two peers and you have Label bindings.
This is irrespective of what is the best next hop to reach the advertising peers LDP_ID.
2) Creating the LFIB
Now after considering all the Label bindings, the LDP_ID which can be reached out an interface
as a next hop, those Label bindings get installed in the LFIB.
So considering the above two points, we have to be careful in static routes
only for interfaces like Ethernet (Multiaccess Segments).
As in CEF when you give a static route pointing to an Ethernet Interface, CEF creates a
GLean Adjacency (Meaning there could be multiple hosts as the next hop on this segement, and it will glean for the right next-hop)
Now you may observe that when you give a static route only pointing to an Ethernet interface,
you LDP adjacency may come up and you may exchange the bindings with each other. But the Label Forarding Table is not created. This is bcos of this being a Multiaccess interface. And you have
Glean For it. If its a Normal WAN interface like Serial or POS, then there is no problem of
GLean and you would have a Valid Cached Adjacency.
So to avoid probelems with Ethernet interfaces you can simply specify the next-hop-ip address.
For Eg: ip route 10.10.31.250 255.255.255.255 10.10.31.226 (Without the Interface)
ip route 10.10.31.250 255.255.255.255 fa0/0 10.10.31.226 (Or with the Interface)
Only Difference in both is in the first one it has to do a recursive lookup for the outgoing interface. Otherwise both work well. And you can have static routes in your network
running MPLS.
And doing this CEF would would work as it should and you would have a Valid Cached Adjacency.
So this is applicable for Cisco devices which use CEF, including 6500 with SUP720.
HTH-Cheers,
Swaroop

MPLS VPN without Signalling Protocol in CORE

Hi,
I heard its possible to run L3 MPLS VPN between two sites across SP core without having any Signalling protocol (TDP/LDP)enabled on the core,the only constraint is running two TE tunnels between the two PE routers connected to CE. Is it possible. Can someone explain elaborately, pls?

Some more details regarding the behavior as to why LDP/TDP is not required in case of end-to-end TE tunnel between the PE's.
Using TE also the LSP is dynamically built untill and unless you are using explicitly defined TE tunnels.
Also do note that when you have TE tunnels end to end your egress PE receives the packet with the VPN label only and then takes the appropriate action as per the VPN forwarding table.
In case you dont have end to end TE tunnels you will have to enable LDP on the tunnels to carry the VPN labels untouched till the egress PE.( As in case if the tunnels are not end to end and are terminating on a P' which doesnt have any VPN information the packet would be dropped, so enabling LDP becomes a must.)
Here is a detailed document explaining the beahaviour in more detail and explains when LDP should be enabled or disabled with illustrations.
http://www.cisco.com/en/US/tech/tk436/tk428/technologies_tech_note09186a0080125b01.shtml
HTH-Cheers,
Swaroop

L3-MPLS VPN Convergence

Perhaps someone on this group can identify the missing timers/processing-delays in end-to-end client route convergence
Scenarios:
a) BGP New route Advertised by Cleint(CPE1)
b) BGP Route withdrawn by Client(CPE1)
PE-to-RR i-M-BGP (Logical)
========= ----RR------ ======
" | | "
CPE1---->PE1------->P1-------->P2---->PE2----->CPE2
| |
--------->P3-------->P4-------
Routing:
- eBGP btw CPE and PE (any routing prot within Cust site),
- OSPF, LDP in Core,
Timers/Steps I'm aware of:
- Advertisement of routes from CE to PE and placement into VRF
- Propagation of routes across the MPLS VPN backbone
- Import process of these routes into relevant VRFs
- Advertisement of VRF routes to attached VPN sites
- BGP advertisement-interval: Default = 5 seconds for iBGP, 30 for eBGP
- BGP Import Process: Default = 15 seconds
- BGP Scanner Process Default = 60 seconds
Would appreciate if you someone can identify any missing process-delay, timers? specially w.r.t RR.
Thanks
SH

Check the LDP/TDP timers in the core. Remember if a link fails in the core, reroute occurs, LDP/TDP binding needs to be renewed. tags are binded on those routes being in the routing table (IGP). So, there is a delay possible from a core prespective:
mpls ldp holdtime
mpls ldp discovery hello [holdtime | interval]
In case you are using TE check these:
mpls traffic-eng topology holddown
mpls traffic-eng signalling forwarding sync
mpls traffic-eng fast-reroute timers promotion
I believe the latter one onyl applies to SDH. In which you use segment loss feature.
Regards,
Frank

Injecting Global default Routes into a MPLS VPN

Hi,
I have a PE router running MPBGP which receives two default routes to the internet through an IPV4 BGP session. I need to import these routes in to a VRF and export them to different customer VRFs so that these VRFs are able to access Internet.
I have used the feature called "BGP Support for IP Prefix Import from Global Table into a VRF Table" (URL:http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00803b8db9.html#wp1063870)
and imported these routes into a VRF.
The issue is these routes are not propagated to any of the other PE routers which has customer VRFs configured.
Has anybody tried this or a similar method to inject a dynamic default route into a MPLS VPN.
Any suggestions would be highly appreciated.
Thanks
Subhash

Hi Subhash,
is there anything preventing you from terminating your internet BGP sessions in a VRF? Then everything should go smoothly, i.e. standard VRF import/export.
So possibility A) create a VRF Internet, move bgp neighbor commands there and use filters preventing anything but the default route, then use route targets to distribute the default route into other VRFs.
Possibility B) use static routing with packet leaking. Could look like this:
ip route vrf Internet 0.0.0.0 0.0.0.0 global
ip route vrf Internet 0.0.0.0 0.0.0.0 global 250
ip route Serial0/0 !assuming this is where the customer router connects.
Note: the BGP peer IP does not have to be directly connected! There has to be a LDP label for it though. so include your BGP peers network into your IGP and the backup will work, when you loose the link to the peer.
Hope this helps! Please rate all posts.
Regards, Martin

MPLS Tags not appearing on one side of new MPLS VPN

I have an already existing 6509 that is going to provide the entire MPLS routing table via route reflector to a new 6509. Here are the relevant configs:
EXISTING 6509 (Router A)
interface Loopback0
ip address 10.255.2.2 255.255.255.255
end
router bgp 23532
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.255.2.3 remote-as 23532
neighbor 10.255.2.3 update-source Loopback0
address-family ipv4 mdt
neighbor 10.255.2.3 activate
neighbor 10.255.2.3 send-community extended
neighbor 10.255.2.3 route-reflector-client
neighbor 10.255.2.3 soft-reconfiguration inbound
exit-address-family
address-family vpnv4
neighbor 10.255.2.3 activate
neighbor 10.255.2.3 send-community extended
neighbor 10.255.2.3 route-reflector-client
neighbor 10.255.2.3 next-hop-self
bgp redistribute-internal
exit-address-family
address-family ipv4 vrf CustomerA
redistribute connected
redistribute static
no synchronization
bgp redistribute-internal
exit-address-family
DAL-COLO-6509-1#show mpls ldp neighbor 10.255.2.3
Peer LDP Ident: 10.255.2.3:0; Local LDP Ident 10.255.2.2:0
TCP connection: 10.255.2.3.16271 - 10.255.2.2.646
State: Oper; Msgs sent/rcvd: 647/646; Downstream
Up time: 06:07:30
LDP discovery sources:
Vlan65, Src IP addr: X.X.X.69
Addresses bound to peer LDP Ident:
10.255.2.3 X.X.X.69 X.X.X.254 10.10.1.31
DAL-COLO-6509-1#show mpls forwarding-table 10.255.2.3 detail
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
257 Pop Label 10.255.2.3/32 22272 Vl65 X.X.X.69
MAC/Encaps=14/14, MRU=1584, Label Stack{}
001CB14458000009B6A4B8008847
No output feature configured
DAL-COLO-6509-1#show mpls ldp bindings 10.255.2.3 32
lib entry: 10.255.2.3/32, rev 4933
local binding: label: 257
remote binding: lsr: 10.255.2.1:0, label: 131
remote binding: lsr: 10.255.2.3:0, label: imp-null
DAL-COLO-6509-1#traceroute 10.255.2.3
Type escape sequence to abort.
Tracing the route to 10.255.2.3
1 69-69.netblk-66-60-69.yada.net (X.X.X.69) 0 msec * 0 msec
DAL-COLO-6509-1#
New 6509 (Router B)
router bgp 23532
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.255.2.2 remote-as 23532
neighbor 10.255.2.2 update-source Loopback0
address-family ipv4 mdt
neighbor 10.255.2.2 activate
neighbor 10.255.2.2 send-community both
neighbor 10.255.2.2 soft-reconfiguration inbound
exit-address-family
address-family vpnv4
neighbor 10.255.2.2 activate
neighbor 10.255.2.2 send-community both
neighbor 10.255.2.2 next-hop-self
bgp redistribute-internal
exit-address-family
address-family ipv4 vrf CustomerA
redistribute connected
redistribute static
no synchronization
bgp redistribute-internal
exit-address-family
Br26-COLO-6509-1#show mpls ldp neighbor 10.255.2.2
Peer LDP Ident: 10.255.2.2:0; Local LDP Ident 10.255.2.3:0
TCP connection: 10.255.2.2.646 - 10.255.2.3.16271
State: Oper; Msgs sent/rcvd: 657/657; Downstream
Up time: 06:16:40
LDP discovery sources:
Vlan65, Src IP addr: X.X.X.70
Addresses bound to peer LDP Ident:
10.255.2.2 X.X.X.10 X.X.X.14 X.X.X.5
66.60.70.18 66.60.75.252 66.60.72.65 66.60.75.81
10.10.1.40 66.60.70.17 X.X.X.17 66.60.73.161
X.X.X.70
Br26-COLO-6509-1#show mpls forwarding-table 10.255.2.2 detail
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
40 Pop Label 10.255.2.2/32 0 Vl65 X.X.X.70
MAC/Encaps=14/14, MRU=1584, Label Stack{}
0009B6A4B800001CB14458008847
No output feature configured
Br26-COLO-6509-1#show mpls ldp bindings 10.255.2.2 32
lib entry: 10.255.2.2/32, rev 40
local binding: label: 40
remote binding: lsr: 10.10.1.30:0, label: 29
remote binding: lsr: 10.255.2.2:0, label: imp-null
Br26-COLO-6509-1#traceroute 10.255.2.2
Type escape sequence to abort.
Tracing the route to 10.255.2.2
1 70-69.netblk-66-60-69.yada.net (X.X.X.70) 0 msec * 0 msec
Br26-COLO-6509-1#
Im seeing label switching coming from the old switch (which has several MPLS VPN connections already). Im not seeing anything from the new switch. OSPF is the routing protocol between the interfaces, and shows to be working fine. LDP neighbor relationship seems to be good- just tagging isn’t occurring going back toward the old switch. Any suggestions?
Thanks
Greg

Yes- that is the problem we are trying to fix.
Br26-COLO-6509-1#sh ver
Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-M), Version 12.2(33)SXI13, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Tue 11-Mar-14 04:53 by prod_rel_team
ROM: System Bootstrap, Version 12.2(17r)SX5, RELEASE SOFTWARE (fc1)
Br26-COLO-6509-1 uptime is 1 day, 49 minutes
Uptime for this control processor is 1 day, 49 minutes
Time since Br26-COLO-6509-1 switched to active is 1 day, 48 minutes
System returned to ROM by reload at 09:20:45 CDT Wed May 7 2014 (SP by reload)
System restarted at 09:24:29 CDT Wed May 7 2014
System image file is "disk0:s72033-adventerprisek9_wan-mz.122-33.SXI13.bin"
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco WS-C6509-E (R7000) processor (revision 1.3) with 458720K/65536K bytes of memory.
Processor board ID SMG1125N74N
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
Last reset from s/w reset
5 Virtual Ethernet interfaces
154 Gigabit Ethernet interfaces
1917K bytes of non-volatile configuration memory.
8192K bytes of packet buffer memory.
65536K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x2102
Yes- we do have a Sup7303B in this switch.

MPLS vpn test lab

I am trying to setup a basic lab. I have the following setup:-
CE1->PE1->P1->PE2->CE2. I have attached the relevant configs.
All the CE & PE routers are 2600's and the P1 router is a 7206VXR. I am running OSPF in the MPLS network between the PE & P routers. I am using ldp as the label distribution protocol. BGP is running between the CE & PE routers.
I have a couple of questions:-
1) Basic MPLS setup. I think this is working in that if i ping from the LAN side of the CE1 to the LAN side of the CE2 it works. The P1 router has no knowledge of these subnets. However a "sh mpls forwarding-table" command on the PE routers shows no bytes tag switched and yet if i do a "debug mpls packet" on the P1 router i can see the packets going through. If the P1 router doesn't know the LAN subnets then am i right to assume it must be label switching ?
2) The configs attached are to test a VPN setup. I have the MPLS & VPN architectures book and i have gone through all the show commands to troubleshoot and it all looks right. The routes are in the vrf routing table, the mpls forwarding table looks okay but i cannot ping from CE1 to CE2.
If i debug on the P1 router i can see the packets coming in with 2 labels as expected but i can't see them being transmitted.
I have done some searching and know that 2600's are not officially supported but my understanding is that the features i need are on the routers. I have tried a number of different IOS versions but to no avail.
Any help would be much appreciated
Jon

thanks for your responses
1) yes it's a typo, i do have the "ip vrf forwarding NR_prod" on the fa0/0 interfaces on the PE routers.
2) Basic mpls - i meant no VPN's etc. I have ospf between the PE & P routers. I have MP-BGP between PE1 & PE2. Between the PE & CE routers i am running standard BGP.
3) All 2600 routers are 2621XM's. The IOS i am trying with is c2600-spservicesk9-mz.123-4.T4.bin altho i have also tried c2600-spservicesk9-mz.123-8.T10.bin and c2600-telco-mz.123-7.T12.bin.
4) On the 7200 i'm running c7200-p-mz.123-16.bin and have also tried c7200-p-mz.124-5.bin
5) The packet from PE1 comes into the P1 router labelled as 19/24. The mpls forwarding table on P1 has the entry
19 Untagged 81.144.17.55/32 2137750 Fa0/1 172.16.1.6
which is correct as far as i can see as this is PE2.
I have included the sh mpls output from the P1 router and a sh ver of one of the PE routers ( they are both the same ).
Once again, many thanks for your replies.

MPLS-VPN Label

In MPLS-VPN the forward of packets based on the LFIB tabel and the first label (NextHope)
label is advertised through the LDP and the second label (VPN label) is annouced via
MP-BGP, the problem is that when i check the FIB tabel of the customer VRF i can see both labels
but when i check the customer LFIB i did't see the second label=VPN!! so is that the VPN labels stors
only in the FIB and if right how is that while the forward always based on the LFIB
kindly advice
Router#show ip cef vrf cust det
10.10.44.0/30, version 1499, epoch 0, cached adjacency to Switch1.2
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Sw1.2, point2point, tags imposed: {83 544}
via x.x.x.x, 0 dependencies, recursive
next hop x.x.x.x, Switch1.2 via x.x.x.x/32
Router#show tag for vrf cust
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
126 Untagged 10.10.52.8/29[V] 55708 Sw1.87 point2point
253 Untagged 10.10.52.4/30[V] 0 Sw1.87 point2point
263 Aggregate 10.10.52.0/30[V] 0
284 Untagged 10.230.52.0/22[V] 8616469838 Sw1.87 point2point

Hello,
the command "show mpls forwarding-table vrf cust" asks for a list of all locally assigned VPN labels! As the network 10.10.44.0/30 is learned via BGP, there is no locally assigned VPN label - hence it will not show up in the LFIB.
Another explanation would be: traffic towards 10.10.44.0/30 is received from the CE in the form of IP packets. So the PE has to perform an IP lookup and that means it is the FIB´s "business" to attach labels. LFIB has nothing to do with it. As you have seen the FIB however "knows" what to do, so everything is fine - cust is happy ;-)
Hope this helps! PLease rate all posts.
Regards, Martin

MPLS VPN / BGP Netflow Issue

I have followed all of the configuration steps given for egress accounting with netflow on a MPLS VPN link. However, it is only showing flows coming into the router. I need to be able to account both ways- any recommendations? Config below:
interface Multilink12
mtu 1580
ip address XX.XX.XX.XX 255.255.255.252
no ip redirects
no ip unreachables
ip pim sparse-mode
ip route-cache flow
mpls netflow egress
mpls label protocol ldp
mpls ip
ppp multilink
ppp multilink group 12
ip flow-export source FastEthernet0/0/0.10
ip flow-export version 5
ip flow-export destination XX.XX.XX.XX 9996
IP packet size distribution (10730093 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .098 .645 .011 .016 .012 .009 .010 .000 .001 .000 .001 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .002 .185 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 4456704 bytes
4 active, 65532 inactive, 464700 added
6109192 ager polls, 0 flow alloc failures
Active flows timeout in 1 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 336520 bytes
0 active, 16384 inactive, 20706 added, 20706 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 7 0.0 20 233 0.0 7.0 11.3
TCP-FTP 3 0.0 1 40 0.0 0.4 1.6
TCP-WWW 5757 0.0 6 389 0.0 1.1 3.0
TCP-SMTP 7 0.0 1 40 0.0 0.7 1.6
TCP-X 244 0.0 1 54 0.0 0.0 1.5
TCP-other 304762 0.2 7 346 1.6 2.2 4.8
UDP-DNS 346 0.0 1 127 0.0 0.0 15.4
UDP-NTP 3323 0.0 1 80 0.0 0.0 15.4
UDP-other 131041 0.0 62 341 5.4 17.6 13.2
ICMP 64291 0.0 1 79 0.0 0.0 15.4
Total: 509781 0.3 21 341 7.1 5.9 8.3
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Mu12 10.50.66.218 Null 10.105.0.1 11 0675 00A1 84
Mu12 10.50.66.218 Null 10.105.19.10 11 0675 00A1 2
Mu12 10.50.66.218 Null 10.105.19.3 11 0675 00A1 4
Mu12 10.50.66.42 Null 10.105.19.10 06 0B3C 01BD 12

Update on this- Im now receiving all traffic incoming into the interface, but am tracking only about 10% of the outgoing traffic- revised config below:
ip flow-cache timeout active 1
ip flow-cache mpls label-positions 1 2 3
ipv6 flow-cache mpls label-positions 1 2 3
interface Multilink12
mtu 1580
ip address XX.XX.XX.XX 255.255.255.252
no ip redirects
no ip unreachables
ip flow ingress
ip flow egress
ip pim sparse-mode
ip route-cache flow
mpls netflow egress
mpls label protocol ldp
mpls ip
ppp multilink
ppp multilink group 12
service-policy output cbwfq-voice20per
ip flow-export source FastEthernet0/0/0.10
ip flow-export version 9 origin-as
ip flow-export destination XX.XX.XX.XX 9996

MPLS TE with MPLS VPN

Hi there,
I'm looking for some basic configuration to turn on mpls te over existing mpls vpn. Worried to effect mpls vpn customers.
Perhaps a link would be great!
thanks in advance.
maher

There is many scenarios involving TE and MPLS VPN.
If you have MPLS TE from ingress to egress PE, the lsp used to go from one PE to the other is signalled using RSVP instead of LDP/TDP.
If you configure TE between the core routers then you need to runn LDP/TDP on the tunnel interface for LDP to learn labels via that pseudo interface. This second scenario involves that at some point up to 3 labels (TE lsp label, IGP label, service label) might be applied to the MPLS packets instead of your regular 2 label (IGP label, service label).
Hope this helps,

Traceroute issue- MPLS VPN on directly connected interfaces

I have 2 Catalyst 6509 Switches that Im trying to bring up and MPLS VPN connection between. The loopbacks can ping each other, as well as the directly connected interfaces (the interfaces travel through 2 switches, but no routing etc in between). An OSPF neighbor relationship DOES come up, and the routing tables appear normal. However, the MPLS VPN does NOT come up.
After further review, I found that the routing tables are correct on either side for the loopbacks (public addresses X’d out on first 3 octets):
SWITCH A:
Bryan-26th-CAT-2#sh ip route 10.255.2.2
Routing entry for 10.255.2.2/32
Known via "ospf 23532", distance 110, metric 2, type intra area
Last update from X.X.X.70 on Vlan65, 00:10:25 ago
Routing Descriptor Blocks:
* X.X.X.70, from 10.255.2.2, 00:10:25 ago, via Vlan65
Route metric is 2, traffic share count is 1
SWITCH B:
DAL-COLO-6509-1#sh ip route 10.255.2.3
Routing entry for 10.255.2.3/32
Known via "ospf 23532", distance 110, metric 2, type intra area
Last update from X.X.X.69 on Vlan65, 02:26:50 ago
Routing Descriptor Blocks:
* X.X.X.69, from 10.255.2.3, 02:26:50 ago, via Vlan65
Route metric is 2, traffic share count is 1
This is exactly the same for the directly connected interfaces on VLAN65. (X.X.X.69 and X.X.X.70). The ARP cache also shows to be correct:
SWITCH A:
Bryan-26th-CAT-2#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet X.X.X.70 147 0009.b6a4.b800 ARPA Vlan65
Internet X.X.X.69 - 001c.b144.5800 ARPA Vlan65
SWITCH B:
DAL-COLO-6509-1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet X.X.X.70 - 0009.b6a4.b800 ARPA Vlan65
Internet X.X.X.69 141 001c.b144.5800 ARPA Vlan65
And once again, the OSPF Neighbor relationship does come up:
SWITCH A:
Bryan-26th-CAT-2# sh ip ospf neigh
Neighbor ID Pri State Dead Time Address Interface
10.255.2.2 1 FULL/BDR 00:00:30 X.X.X.70 Vlan65
SWITCH B:
DAL-COLO-6509-1#sh ip ospf neig
Neighbor ID Pri State Dead Time Address Interface
10.255.2.3 1 FULL/DR 00:00:33 X.X.X.69 Vlan65
In the Troubleshooting MPLS VPN manuals- it shows to test trace routes. All of our other connections like this the trace routes work fine. In this case though, I cannot trace route not only between the loopback interfaces, but between the DIRECTLY CONNECTED interfaces. I don’t know what this is. It should simply be a one hop trace route. I believe this is what is keeping the MPLS VPN from coming up. Any ideas? Here are the relevant OSPF configs and interface configs as well:
SWITCH A:
interface Vlan65
description Connection to DAL-COLO-6509-2
mtu 1580
ip address X.X.X.69 255.255.255.252
no ip redirects
no ip unreachables
ip pim sparse-dense-mode
ip ospf mtu-ignore
mpls label protocol ldp
mpls ip
router ospf 23532
log-adjacency-changes
redistribute connected subnets
redistribute static subnets
passive-interface default
no passive-interface Vlan65
network 10.255.2.3 0.0.0.0 area 0
network X.X.X.69 0.0.0.0 area 0
SWITCH B:
interface Vlan65
description Connection to Bryan-26th-CAT-2
mtu 1580
ip address X.X.X.70 255.255.255.252
no ip redirects
no ip unreachables
ip pim sparse-dense-mode
ip ospf mtu-ignore
mpls label protocol ldp
mpls ip
router ospf 23532
log-adjacency-changes
redistribute connected subnets
redistribute static subnets
passive-interface default
no passive-interface Vlan65
network 10.255.2.2 0.0.0.0 area 0
network X.X.X.70 0.0.0.0 area 0
Any ideas would be appreciated.
Thanks
Greg

Greg,
Can you explain more about your issue?. When you say MPLS VPN is not coming up, do you mean the ping (or traffic) from CE connected to one 6509 is not traversing the MPLS cloud to otehr CE connected to remote 6509?.
Do you have VRF enabled with respective RT import/export?. Do you have MP-BGP with VPNv4 AF enabled?.
To confirm if basic MPLS is working fine, Can you check if you have LDP neighborship up and running?. Use "show mpls ldp neighbor" to see the session.
Also do a "ping mpls ipv4 <remote-loopback> <mask>" and see if it works?.
-Nagendra

Performance end to end testing and comparison between MPLS VPN and VPLS VPN

Hi,
I am student of MSc Network Security and as for my project which is " Comparison between MPLS L3 VPN and VPLS VPN, performance monitoring by end to end testing " I have heard a lot of buzz about VPLS as becoming NGN, I wanted to exppore that and produce a comparison report of which technology is better. To accomplish this I am using GNS3, with respect to the MPLS L3 VPN lab setup that is not a problem but I am stuck at the VPLS part how to setup that ? I have searched but unable to find any cost effective mean, even it is not possible in the university lab as we dont have 7600 series
I would appreciate any support, guidence, advice.
Thanks
Shahbaz

Hi Shahbaz,
I am not completely sure I understand your request.
MPLS VPN and VPLS are 2 technologies meant to address to different needs, L3 VPN as opposed as L2 VPN. Not completely sure how you would compare them in terms of performance. Would you compare the performance of a F1 racing car with a Rally racing car?
From the ISP point of view there is little difference (if we don't want to consider the specific inherent peculiarities of each technology) , as in the very basic scenarios we can boil down to the following basic operations for both:
Ingress PE impose 2 labels (at least)
Core Ps swap top most MPLS label
Egress PE removes last label exposing underlying packet or frame.
So whether the LSRs deal with underlying L2 frames or L3 IP packets there is no real difference in terms of performance (actually the P routers don't even notice any difference).
About simulators, I am not aware of anyone able to simulate a L2 VPN (AtoM or VPLS).
Riccardo

Centralize internet access in MPLS VPN

Can i implement Centralize internet access (the Hub CE Router to performs NAT) in cisco MPLS VPN solution?
If so, is there any example about that? i can't find it at CCO~
Thanks a lot~

If you run dynamic routing protocol in PE-CE,like rip2,ospf,bgp,do the following task.
1:set a default route in HUB CE;and generate the default route under its dynamic protocol.
2:in other CEs, make sure they can learn this route.
If you run static route and vrf static route between CE and PE,do the following task.
1.set default route in HUB CE, and set default route in other CEs.
2.In all PEs,redistribute the connected and static rotues to address-family ipv4 of customer vrf.
3.set the customer vrf default route in all PE which connected your all CEs.
Note: make sure all PEs can reach the GW address of vrf deafult route. GW IP address is the interface of which HUB CE towards PE.
command: "ip route vrf 0.0.0.0 0.0.0.0 global.
TRY

Selective Route Import/Export in MPLS VPN

Champs
I have multiple brach locations and 3 DC locations.DC locations host my internal applications , DC's also have central Internet breakout for the region. My requirement is to have full mesh MPLS-VPN but at same time brach location Internet access should be from nearest IDC in the region if nearest IDC is not availalbe it should go to second nearest DC for internet.I have decided which are primary and seconday DC for Internet breakout. How can this be achieved in MPLS-VPN scenario.Logically i feel , i have to announce specific LAN subnet and default route(with different BGP attribute like AS Path) from all 3 DCs. Spokes in the specific region should be able to import default route from primary DC and secondary DCs only using some route filter?
Regards
V

Hello Aaron,
the route example works for all routers except the one, where the VRF vpn2 is configured. What you can do for management purposes is either to connect through a neighbor router using packet leaking or configure another Loopback into VRF vpn2.
The last option (and my recommendation) is to establish another separate IP connection from your NMS to the MPLS core. Once VRFs are failing (for whatever reason, f.e. erroneously deleted) you might just not get connectivity to your backbone anymore to repair what went wrong.
So I would create an "interconnection router" with an interface in the VRF vpn2 and one interface in global IP routing table. This way you will still be able to access PEs, even if VRFs or MBGP is gone.
Hope this helps! Please rate all posts.
Regards, Martin

LDP on MPLS VPN?

Similar Messages

Maybe you are looking for