MP-BGP and MPLS

Similar Messages

• MP-BGP and MPLS multipath load sharing

  Hi,
  I am trying to PoC MPLS multi path load sharing by using per-PE-per-VRF RDs in the network.
  I have a simple lab setup with AS65000 which consists of SITE1 PE1&PE2 routers (10.250.0.101 and 10.250.0.102), route reflector RR in the middle (10.250.0.55) and SITE2 PE1&PE2 routers (10.250.0.201 and 10.250.0.202). PE routers only do iBGP peering with centralized route reflector and passing route to 10.1.1.0/24 prefix (learned from single CE router) with 100:1 and 100:2 RDs for specific VRF.
  Route reflector gets routes with multiple RDs, makes copies of these routes in order to make local comparison to RD 55:55 configured, uses these routes and install multiple paths into its routing table (all PE routers and RR have "maximum-paths eibgp 4" configured):
  RR#sh ip bgp vpnv4 all
  BGP table version is 7, local router ID is 10.250.0.55
  Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
                r RIB-failure, S Stale
  Origin codes: i - IGP, e - EGP, ? - incomplete
     Network          Next Hop            Metric LocPrf Weight Path
  Route Distinguisher: 55:55 (default for vrf VRF-A) VRF Router ID 10.250.0.55
  * i10.1.1.0/24      10.250.0.102             0    100      0 65001 i
  *>i                 10.250.0.101             0    100      0 65001 i
  Route Distinguisher: 100:1
  *>i10.1.1.0/24      10.250.0.101             0    100      0 65001 i
  Route Distinguisher: 100:2
  *>i10.1.1.0/24      10.250.0.102             0    100      0 65001 i
  RR#sh ip route vrf VRF-A
  <output omitted>
       10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
  B       10.1.1.0/24 [200/0] via 10.250.0.102, 00:45:52
                            [200/0] via 10.250.0.101, 00:46:22
  BUT, for some reason RR doest reflects routes with multiple RDs down to SITE2 PE1&PE2 - its own clients:
  RR#sh ip bgp vpnv4 all neighbors 10.250.0.201 advertised-routes
  Total number of prefixes 0
  RR#sh ip bgp vpnv4 all neighbors 10.250.0.202 advertised-routes
  Total number of prefixes 0
  Here comes RR BGP configuration:
  router bgp 65000
  no synchronization
  bgp router-id 10.250.0.55
  bgp cluster-id 1.1.1.1
  bgp log-neighbor-changes
  neighbor 10.250.0.101 remote-as 65000
  neighbor 10.250.0.101 update-source Loopback0
  neighbor 10.250.0.101 route-reflector-client
  neighbor 10.250.0.101 soft-reconfiguration inbound
  neighbor 10.250.0.102 remote-as 65000
  neighbor 10.250.0.102 update-source Loopback0
  neighbor 10.250.0.102 route-reflector-client
  neighbor 10.250.0.102 soft-reconfiguration inbound
  neighbor 10.250.0.201 remote-as 65000
  neighbor 10.250.0.201 update-source Loopback0
  neighbor 10.250.0.201 route-reflector-client
  neighbor 10.250.0.201 soft-reconfiguration inbound
  neighbor 10.250.0.202 remote-as 65000
  neighbor 10.250.0.202 update-source Loopback0
  neighbor 10.250.0.202 route-reflector-client
  neighbor 10.250.0.202 soft-reconfiguration inbound
  no auto-summary
  address-family vpnv4
    neighbor 10.250.0.101 activate
    neighbor 10.250.0.101 send-community both
    neighbor 10.250.0.102 activate
    neighbor 10.250.0.102 send-community both
    neighbor 10.250.0.201 activate
    neighbor 10.250.0.201 send-community both
    neighbor 10.250.0.202 activate
    neighbor 10.250.0.202 send-community both
  exit-address-family
  address-family ipv4 vrf VRF-A
    maximum-paths eibgp 4
    no synchronization
    bgp router-id 10.250.0.55
    network 10.255.1.1 mask 255.255.255.255
  exit-address-family
  SITE1 PE1 configuration:
  router bgp 65000
  no synchronization
  bgp router-id 10.250.0.101
  bgp log-neighbor-changes
  neighbor 10.250.0.55 remote-as 65000
  neighbor 10.250.0.55 update-source Loopback0
  neighbor 10.250.0.55 soft-reconfiguration inbound
  no auto-summary
  address-family vpnv4
    neighbor 10.250.0.55 activate
    neighbor 10.250.0.55 send-community both
  exit-address-family
  address-family ipv4 vrf VRF-A
    neighbor 10.1.101.2 remote-as 65001
    neighbor 10.1.101.2 activate
    neighbor 10.1.101.2 soft-reconfiguration inbound
    maximum-paths eibgp 4
    no synchronization
    bgp router-id 10.250.0.101
  exit-address-family
  SITE1 PE2 configuration is similar to SITE1 PE1. They both do eBGP peering with dualhomed CE router in AS65001 which announces 10.1.1.0/24 prefix into VRF-A table.
  My question is: clearly, the issue is that RR doesn't reflect any routes to its clients (SITE2 PE1&PE2) for 10.1.1.0/24 prefix with 100:1 and 100:2 RDs that dont match it's locally configured RD 55:55 for VRF-A, although they are present in its BGP/RIB tables and used for multipathing. Is this an expected behavior or some feature limitation for specific platform or IOS version? Currently, in this test lab setup I run IOS 12.4(24)T8 on all the devices.
  Please, let me know if any further details are needed to get an idea of why this well known and widely used feature is not working correctly in my case. Thanks a lot!
  Regards,
  Sergey

  Hi Ashish,
  I tried to remove VRF and address family configurations completely from RR.
  router bgp 65000
  no synchronization
  bgp router-id 10.250.0.55
  bgp cluster-id 1.1.1.1
  bgp log-neighbor-changes
  neighbor 10.250.0.101 remote-as 65000
  neighbor 10.250.0.101 update-source Loopback0
  neighbor 10.250.0.101 route-reflector-client
  neighbor 10.250.0.101 soft-reconfiguration inbound
  neighbor 10.250.0.102 remote-as 65000
  neighbor 10.250.0.102 update-source Loopback0
  neighbor 10.250.0.102 route-reflector-client
  neighbor 10.250.0.102 soft-reconfiguration inbound
  neighbor 10.250.0.201 remote-as 65000
  neighbor 10.250.0.201 update-source Loopback0
  neighbor 10.250.0.201 route-reflector-client
  neighbor 10.250.0.201 soft-reconfiguration inbound
  neighbor 10.250.0.202 remote-as 65000
  neighbor 10.250.0.202 update-source Loopback0
  neighbor 10.250.0.202 route-reflector-client
  neighbor 10.250.0.202 soft-reconfiguration inbound
  no auto-summary
  address-family vpnv4
    neighbor 10.250.0.101 activate
    neighbor 10.250.0.101 send-community both
    neighbor 10.250.0.102 activate
    neighbor 10.250.0.102 send-community both
    neighbor 10.250.0.201 activate
    neighbor 10.250.0.201 send-community both
    neighbor 10.250.0.202 activate
    neighbor 10.250.0.202 send-community both
  exit-address-family
  After this, RR doesn't accept any routes at all from S1PE1&S1PE2 routers, thus not reflecting any routes down to its clients S2PE1&S2PE2 as well:
  S1PE1#sh ip bgp vpnv4 all
  BGP table version is 6, local router ID is 10.250.0.101
  Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
                r RIB-failure, S Stale
  Origin codes: i - IGP, e - EGP, ? - incomplete
     Network          Next Hop            Metric LocPrf Weight Path
  Route Distinguisher: 100:1 (default for vrf VRF-A) VRF Router ID 10.250.0.101
  *> 10.1.1.0/24      10.1.101.2               0             0 65001 i
  S1PE1#sh ip bgp vpnv4 all neighbors 10.250.0.55 advertised-routes
  BGP table version is 6, local router ID is 10.250.0.101
  Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
                r RIB-failure, S Stale
  Origin codes: i - IGP, e - EGP, ? - incomplete
     Network          Next Hop            Metric LocPrf Weight Path
  Route Distinguisher: 100:1 (default for vrf VRF-A) VRF Router ID 10.250.0.101
  *> 10.1.1.0/24      10.1.101.2               0             0 65001 i
  Total number of prefixes 1
  S1PE2#sh ip bgp vpnv4 all
  BGP table version is 6, local router ID is 10.250.0.102
  Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
                r RIB-failure, S Stale
  Origin codes: i - IGP, e - EGP, ? - incomplete
     Network          Next Hop            Metric LocPrf Weight Path
  Route Distinguisher: 100:2 (default for vrf VRF-A) VRF Router ID 10.250.0.102
  *> 10.1.1.0/24      10.1.201.2               0             0 65001 i
  S1PE2#sh ip bgp vpnv4 all neighbors 10.250.0.55 advertised-routes
  BGP table version is 6, local router ID is 10.250.0.102
  Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
                r RIB-failure, S Stale
  Origin codes: i - IGP, e - EGP, ? - incomplete
     Network          Next Hop            Metric LocPrf Weight Path
  Route Distinguisher: 100:2 (default for vrf VRF-A) VRF Router ID 10.250.0.102
  *> 10.1.1.0/24      10.1.201.2               0             0 65001 i
  Total number of prefixes 1
  RR#sh ip bgp vpnv4 all
  RR#sh ip bgp vpnv4 all neighbors 10.250.0.101 routes
  Total number of prefixes 0
  RR#sh ip bgp vpnv4 all neighbors 10.250.0.102 routes
  Total number of prefixes 0
  Any feedback is appreciated. Thanks.
  Regards,
  Sergey

• Layer 3 to the Access Layer and MPLS Design Considerations

  Hi,
  We are about to install a new network consisting of Cat 4500s with Sup7E at the Access Layer, with Nexus 7000 at the Distribution and Core layers.
  We have 14 floors with at least three 4500s on each floor. Within the office block where the Access Layer and Distribution Layer reside we need to support secure borderless networking using 802.1x to place users from different parts of the business into segregated networks at layer 3.
  All switches will have the feature sets to support MPLS/ VRF / OSPF / EIGRP / BGP etc.
  We quickly dismissed the idea of using VRF-Lite due to the sheer number of Vlans we would need to managage and maintain,  the point to point links alone just to get one additional VRF on each floor required far too many Vlans.
  As a result we are now considering deploying MPLS. The obvious benefits include scalability and manageability, the fact that all switch to switch links can now be routed, instead of having to using SVIs.
  My query is one of design surrounding MPLS and how this maps to an enterprise network with a routed access layer. Do Cat 4500s become the CEs and take part in MPLS / BGP and Label Distribution, or does the BGP peering and Label Distribution only occur between the Distrubtion - Core - Distrubtion layers, mapping to the PE - P - PE topology in an ISP environment, the access layer simply uses the IGP (OSPF in this case) to learn routes ?
  Any help would be greatly appreciated.
  Chris.

  Hi Andy,
  Thanks for your response.
  I have been doing a little bit more research it seems the Cat 4500s do not support MPLS!! Nor do Cisco have any plans to support it on this platform. I find this a little rediculous considering the level that Cisco are pitching this platform. With the Sup 7E only VRF Lite is supported, with plans to support EVN (which still uses trunk links for logical separation).
  So it looks like we are going to have to go back to the drawing board.
  (perhaps we should have gone HP or Juniper!)
  Chris.

• How to provied Redundancy for VRF MGMT with help of BGP over MPLS(MPBGP)

  Hi,
  Please find the Network Topology.
  This is One Remote site and mamaged by Mgmt office.
  All devices on remote site is accessed by MGMT Office. My organisation seek for Redundancy for Managing devices.
  My administration is from MGW to R1. I am new to MPLS.
  AS u can see in diagram, R1 have 3 VRF(Voice,Signal and MGMT).Currently i have primary link over whitch we are running MPBGP.
  Traffic from these VRF goes to this primary link. Currently Secondary link is not connected.
  Now my organisation proposed for  the  secondary  link  and they want that only traffic from VRF -- MGMT should go through MPLS RTR R2 (the secondary link ) , when the mgmt routes  not learned from MPLS  RTR R1 (Connected to the SP1 ).
  Current  R1 config
  There is IBGP betweem R1 to both MPLS RTR.
  BGP Config
  router bgp 64513
    synchronization disable
    neighbor 10.36.150.1 remote-as 64513
    neighbor 10.36.150.1 activate
    neighbor 10.36.150.1 update-source loopback1
    address-family ipv4 vrf signalling
      redistribute connected
      redistribute static
    $
    address-family ipv4 vrf voice
      redistribute connected
      redistribute static
    $
    address-family ipv4 vrf OAM-T
      redistribute connected
      redistribute static
    $
    address-family vpnv4
      neighbor 10.36.150.1 activate
      neighbor 10.36.150.1 send-community
    $
  !<ospfv2>
  router ospf 100
    interface gei-3/3
      network point-to-point
    $
    network 10.36.150.49 0.0.0.0 area 0.0.0.0  --- loopback ip (Configured)
    network 10.36.149.60 0.0.0.3 area 0.0.0.0 ---- p2p ip bet R1 and MPLS R1.(Configured)
  network 10.36.149.64 0.0.0.3 area 0.0.0.0 ---- p2p ip bet R1 and MPLS R2. ----------  (till now not configured as secondary link is not connected)
  router-id 10.36.150.49
  so what configuration need to done at R1  to achiev the redunancy for MGMT vrf ?
  if possible please reply with sample configuration.
  or
  IN MPBGP protocol, where i will apply routing policy to apply  as- path prepand    so that Route  would be secondary to  neighbor.
  IGP-OSPF and BGP over MPLS is running.
  on Which  address-familiy nbr,should i apply, is it in VPNV4 or IPV4 or IPV4  VRF ?
  if i want 10.36.128.0/26 prefix should go to Neigbhor MPLS R2, what should i use access-list or Prefix list?
  please provide the reply with its config .
  thanks in advance,
  Regards,
  Ajay
  Message was edited by: Ajaykumar yadav

  Hi,
  Please find the Network Topology.
  This is One Remote site and mamaged by Mgmt office.
  All devices on remote site is accessed by MGMT Office. My organisation seek for Redundancy for Managing devices.
  My administration is from MGW to R1. I am new to MPLS.
  AS u can see in diagram, R1 have 3 VRF(Voice,Signal and MGMT).Currently i have primary link over whitch we are running MPBGP.
  Traffic from these VRF goes to this primary link. Currently Secondary link is not connected.
  Now my organisation proposed for  the  secondary  link  and they want that only traffic from VRF -- MGMT should go through MPLS RTR R2 (the secondary link ) , when the mgmt routes  not learned from MPLS  RTR R1 (Connected to the SP1 ).
  Current  R1 config
  There is IBGP betweem R1 to both MPLS RTR.
  BGP Config
  router bgp 64513
    synchronization disable
    neighbor 10.36.150.1 remote-as 64513
    neighbor 10.36.150.1 activate
    neighbor 10.36.150.1 update-source loopback1
    address-family ipv4 vrf signalling
      redistribute connected
      redistribute static
    $
    address-family ipv4 vrf voice
      redistribute connected
      redistribute static
    $
    address-family ipv4 vrf OAM-T
      redistribute connected
      redistribute static
    $
    address-family vpnv4
      neighbor 10.36.150.1 activate
      neighbor 10.36.150.1 send-community
    $
  !<ospfv2>
  router ospf 100
    interface gei-3/3
      network point-to-point
    $
    network 10.36.150.49 0.0.0.0 area 0.0.0.0  --- loopback ip (Configured)
    network 10.36.149.60 0.0.0.3 area 0.0.0.0 ---- p2p ip bet R1 and MPLS R1.(Configured)
  network 10.36.149.64 0.0.0.3 area 0.0.0.0 ---- p2p ip bet R1 and MPLS R2. ----------  (till now not configured as secondary link is not connected)
  router-id 10.36.150.49
  so what configuration need to done at R1  to achiev the redunancy for MGMT vrf ?
  if possible please reply with sample configuration.
  or
  IN MPBGP protocol, where i will apply routing policy to apply  as- path prepand    so that Route  would be secondary to  neighbor.
  IGP-OSPF and BGP over MPLS is running.
  on Which  address-familiy nbr,should i apply, is it in VPNV4 or IPV4 or IPV4  VRF ?
  if i want 10.36.128.0/26 prefix should go to Neigbhor MPLS R2, what should i use access-list or Prefix list?
  please provide the reply with its config .
  thanks in advance,
  Regards,
  Ajay
  Message was edited by: Ajaykumar yadav

• BGP and MP-BGP

  What is difference between BGP and MP-BGP? and what is the exact application of both?

  Multiprotocol Extensions for BGP (MBGP), sometimes referred to as Multiprotocol BGP or Multicast BGP and defined in IETF RFC 4760, is an extension to Border Gateway Protocol that allows different types of addresses (known as address families) to be distributed in parallel. Whereas standard BGP supports only IPv4 unicast addresses, Multiprotocol BGP supports IPv4 and IPv6 addresses and it supports unicast and multicast variants of each. Multiprotocol BGP allows information about the topology of IP Multicast-capable routers to be exchanged separately from the topology of normal IPv4 unicast routers. Thus, it allows a multicast routing topology different from the unicast routing topology. Although MBGP enables the exchange of inter-domain multicast routing information, other protocols such as the Protocol Independent Multicast family are needed to build trees and forward multicast traffic.
  Multiprotocol BGP is also widely deployed in case of MPLS L3 VPN, to exchange VPN labels learned for the routes from the customer sites over the MPLS network, in order to distinguish between different customer sites when the traffic from the other customer sites comes to the PE router for routing.

• L3 VPN and MPLS core

  Hi all,
  1) I am new to MPLS and trying to configure a scenario in a non production environment. Is it possible to have L3 VPN's without using BGP in MPLS core network? For some reason I am more inclined to use RIPv2, EIGRP or OSPF in the core.
  2) Is it possible to use 2600 series router as PE?
  Thanks in advance.

  hi SHAH
  to add to the nice cooments in the discussion
  the BGP used with mpls and L3 VPN called MP-BGP
  the VPN in with VRFs, RD and RT each one add to the ip packet an identifier to distingush the packet with the provider network from other packet and make it uniqe to pass these identifiers from router to router especiallt from PE router to PE router u need the BGP (MP-BGP)
  hope this helpful

• WCCP-2 and MPLS

  Hi
  This is a question regarding WCCP-2 and MPLS as well.
  I have a customer who has Cisco Catalyst 6500 switches and would also like to run MPLS on the Network. MPLS as such is supported only on the Layer-3 modules. The customer has the GIG OSM modules and ATM modules in the switch. The GIG Modules connect to the Internet and the ATM modules connect to various of the branches. The Content Engines are connected to FastEthernet modules on the 6500 which do not support MPLS.
  Now to run WCCP-2 redirection, this would be done on the GIG interfaces with the "ip wccp redirect out" command on that interface in addition to the usual commands for WCCP-2. Now what happens is that the input packets received via the branches are all going to be MPLS tagged. Will these packets be redirected to the CE before they are sent off the output GIG interfaces.
  Also the customer require to run IP spoofing with WCCP-2. Will the same thing happen in the opposite direction.
  Will this work at all.
  Thanks

  You described the physical connection, but not logical structure.
  1. You did not mentioned does the customer have Layer 3 module installed in Catalyst 6500? Catalyst 6500 without RSM (route switch module) can not make desition on the 3d layer.
  All modules that you mentioned are 2d layer modules. Usually, when you have RSM, you create virtual interfaces, where you configure the routing or 3d layer information. Of course, you can configure it directly in the physical interface (you need to allow this fuction, by default, physical interfaces are switched ones).
  2. Catalyst 6500 - what role it has in MPLS network (CE, PE, something else)?
  3. What you mean under "sent to Internet"? Usually the packets to Internet are sent without MPLS tags. MPLS tags are used inside of MPLS backbone. The customer also receie pure IP-packet without any addtional tags.

• BGP and ASA NAT

  Hello Everyone,
  I have a need to multihome out two MAN links to the same ISP. The two links will connect via an ISR and will participate in an eBGP adjacency. On the internal side, iBGP will be used to create the alternate default route to the ISP. Each of the ISR’s downstream ports participates on the same Ethernet subnet. On the same subnet/broadcast domain, there are two ASA5510 appliances that will use HSRP to advertise the public IPv4 addresses and will NAT them into the private network.
  My question is, since the ASAs do not participate in BGP, and since we are going to NAT the traffic eliminating the need to use a route map to inject the default route into the downstream EIGRP network, would I simply build a static default route in the ASAs out the upsteam interfaces?  My initial thought is to not worry about recursive lookups because they are connected via Ethernet.
  ip route 0.0.0.0 0.0.0.0 fa0/0; and so on.
  I’ve attached a simple topology for reference.
  Thanks…Matt

  Yes Jcarvaja, HSRP is not a feature on the ASAs, and yes HSRP is difficult to setup natively to support active/active load balancing on any device. That's not really the point though is it. FHRP's are typically used for distribution switches and finely tuned to access layer 2 and layer 3 convergence, unless using GLBP (and even then should be considered). My mistake for using the term HSRP and thank you for pointing it out.
  As for the iBGP links, they represent the same subnet as I mentioned. The cat switches are there to facilitate physical restraints as each pair of ISRs and ASAs are two miles apart. Since the ASA's are performing NAT, they don't really participate in the BGP network and there is no need or capability to inject the BGP default route into the EIGRP network. They will participate in the downstream EIGRP network. If the MAN connection on one ISR goes down, then the iBGP route to the Internet will be graduated. I guess I could have indicated on the drawing that these were all a part of the same subnet. 
  How do I configure the ASA's static default route? Wouldn't I be able to inject  a static default route in each ASA using the ASA's outside interface when using active/active? If I have to, I could see if we can use EIGRP on the network upstream of the ASAs if there is no other way of doing this, but this is not preferred.
  Any help you can provide is greatly appreciated. 
  Thank you...Matt

• Frame Relay and MPLS

  Hi,
  I want to ask about the frame relay and MPLS.
  Frame Relay Scenerio
  The frames reached at the frame relay network and forwarded on the basis of DLCI. All the VCs are defined prior to the traffic on the network on the basis of DLCI (This is just like the MPLS network as packets are forwarded on the basis of Labels).
  Now my Question is How can MPLS is used in frame relay network or what are its affects in the presence of DLCI (As DLCIs are also performing the same task and also works on layer 2) or these two are different equivalent technologies ?

  Hi Muhammad,
  The answer is : MPLS is working on FR like it's working on ethernet. Because the FR and Ethernet are running on Layer2. It's told that MPLS is working at layer 2.5 , meaning that is between Layer 3 , and Layer 2. So in order to work it needs a layer2 forwarding in your case FR's DLCI. On top of the Layer 2 it is the MPLS header.
  Dan

• BGP and VPN

  Hi,
  We need to setup BGP network at our branch office so i wanted some of your opinions. Here is what I’m looking to setup.

  Here is what I’m looking to setup.
  2 Bandwidth providers FastE 10/100 with 4mb commit on both (multi-home)BGP.
  Routing a /27
  Usage is VPN ( 5 tunnels)and HTTP inbound and out.
  I would say a constant 30mb usage 24/7
  Not looking to go beyond 2 ISP and or 10/100
  1. How about a single  2821 Sec/K9 with 256 RAM for the route tables.
  2. Two 2811's, one 2811 with 256 RAM for the BGP and another 2811 Sec/K9 with 256 RAM for VPN.
  3. One 2811/2821 with 256 RAM for the BGP and another ASA for VPN

• MTU over DMVPN and MPLS

  Hello All,
  I have a query regarding MTU over both DMVPN and MPLS.
  I have been running the following command from a windows box
  ping x.x.x.x -f -l yyy     (yyyy being the buffer size) and x.x.x.x being my remote hosts
  I am using the same destination host and have two different paths to it. One over MPLS and one over a DMVPN.
  I would have expected to be able to send packets with a higher MTU over the MPLS but for both MPLS and DMVPN the maximum packet size I can send with the DF bit set is the same  (1372).
  Is this normal behaviour? I though MPLS would have less overhead, so my maximum packet size would be higher in my tests

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  Generally, MPLS supports an increased MTU, when adding MPLS labels, while VPN tunnels, like DMVPN, don't exceed original MTU, and so, it reduces payload space.  So, normally, you should see larger ping buffer DF support across MPLS than DMVPN.  However, "normal" can be very much impacted by actual device configurations, including making MTU for DF packets the same for either MPLS or DMVPN.  (For example, you might want to make the two paths alike so flows that for any reason need to be redirect from one media path to the other see a consistent MTU.)

• VRF lite and MPLS VRFs

  We have a CE router connected to PE router. The CE router is connected via 2 links to the PE router, because we need to create two VRFs on the PE for the traffic coming from the CE to separate the traffic, so we have one vrf per link. We are running OSPF between CE and PE.. Now we need to further separate the traffic up to the CE, so I’m thinking of using the VRF lite on the CE.. Can MPLS work with the VRF lite, and how to map the VRF lite VRFs on the CE to the MPLS VPN on the PE?
  Is there any config examples?
  Thanks in advance

  VRF Lite and MPLS-VPN act independently so they can work independently. And there is no specific need for mapping. If link is for VRF A on PE so you can make it part of vrf A in CE as well. Both VRFs are independent of each other.
  http://www.cisco.com/en/US/products/hw/switches/ps4324/products_configuration_guide_chapter09186a00801cddd9.html#1045190
  THis document is for 4500 but logic holds the same.

• BGP Redistribute-internal and MPLS

  Hi, usually when redistributing from BGP into IGP only EBGP routes are redistributed unless the bgp redistribute-internal command is configured which allows the redistribution of IBGP routes. However when doing the same redistribution on a PE router for a IGP running with the CE it seems that this command is not needed and IBGP routes still get redistributed into the IGP. It works without this command. Does anyone know why this is the case?
  I have been trying to understand this for some time now and it seems very trivial however its been bugging me and was hoping someone could clarify. Thx

  Hi Vikram,
  Well, look at it this way, in the case of MPLS VPN, BGP between the PEs (address-family ipv4 vrf x) is used to transport the customer routes between CEs, and thus it is very logical that it should redistribute all kind of routes (in the case of MPLS VPN the customer routes are always going to be iBGP anyway since they are redistributed from IGP (PE-CE) on another PE - except on the local router when the customer is using BGP as the PE-CE routing protocol) - using another prospective, redistributing iBGP routes into IGPs may cause routing loops to form within an autonomous system, but in the case of PE-CE the redistribution is done into a routing protocol outside the BGP domain (customer side).
  I hope that i've been informative.
  BR,
  Mohammed Mahmoud.

• Design Help with MPLS/BGP and Point to Point VPNs using OSPF as backup

  I need some advice on the configuration I want to implement. Basically we have a MPLS cloud using BGP. We are using OSPF for internal routing. Everything is working fine. Now we want to add a Point to Point VPN using new Cisco ASA's for a backup path at all of our remote locations. We want it to be on standby. I want to use OSPF for this. Miami and LA are datacenters. I want the VPN's to go into both datacenters if possible running OSPF for backups. I have a feeling this will be very tricky. I also wanted to use floating routes. Now I know I get the VPN's up and running using OSPF with no problem. Here are my questions:
  But being that I am using different areas, will OSPF through the VPN work correctly? I have the Cisco PDF on setting this up but it looks like they are using the same, AREA0, in the example.
  Can I get both VPN's to work with no problems? Or will it be too much of a pain?
  What would you guys suggest?
  Thanks.

  We are implementing the same solution, and was only able to make this work using HSRP one router for the MPLS connection and one for the VPN tunnel. I opened a TAC case and the tech couldn't get it to work either. I was able to establish the Lan-2-lan tunnel but triggering the route update was the problem. We ended up pulling our ASA5505's out and putting in 1841 routers.

• Cisco 1700 with MP-BGP and VRF support

  I have a Cisco 1721 with MP-BGP Support, you can create VRFs with it and every other MPLSVPN feature, but the commands for MPLS switching are not supported like Router(config-if)mpls ip , I read in some forums that you can create MPLS VPN without enabling MPLS at all, just with MPBGP, but I couldn't do it myself, Can someone tell me how to make it work or what can I do with a Cisco 1721 that supports MP-BGP?
  thanks in advance

  Here is an example. Take care about overhead for packets like VoIP. The overhead is 88 bytes.
  The packet semms something like that.
  IpHeader-pub@ - NAT-Tudp4500 - ESP - IpHeader-priv@(vrf discriminator) - GRE - Original IP Header - Data - Esp Trailer.
  In this case you neet tunnel-mode because you use
  private @ in order to determine vrf (vrf discriminator).
  This is a LAB config, all other security parameters you need on a router are not configured. If you add access-list on the external interface of REMOTE you have to understand every encapsulation step in order to well tune it.
  Good reading.
  The PPT draw shows physically and logically views.
  PS, take care about fragmentation issues, the problematic is still not well managed by the routers, I could not made Tunnel-path-mtu discovery work with vrf's. The workaround is to fragment packets. It's not good for performance but actually there is no other solution concerning that.
  Kind Regards
  Miguel