MPLS BGP tagging
Hi all,
I would like to enable mpls bgp tagging on a FE interface, but without mpls ip labeling enabled, just like the following output.
I'm not sure how exactly to do that, can someone please help me to clarify.
PE1#sh mpls interfaces f11/1/0
Interface IP Tunnel Operational
FastEthernet11/1/0 No No Yes
PE1#sh mpls interfaces f11/1/0 detail
Interface FastEthernet11/1/0:
IP labeling not enabled<------
LSP Tunnel labeling not enabled
BGP tagging enabled<------
Tagging operational
Optimum Switching Vectors:
IP to MPLS Feature Vector
MPLS Feature Vector
Fast Switching Vectors:
IP to MPLS Fast Feature Switching Vector
MPLS Feature Vector
MTU = 1508
Hi,
look this link:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00806994d7.html
hope this helps,
Alexander
Similar Messages
-
MPLS BGP routes push to DMVPN spokes
I have an MPLS with BGP. I also have sites that are not connected directly to the MPLS, but have a s2s VPN to hub sites that are connected to the MPLS and that way they access the MPLS resources. I need to communicate the route changes to the MPLS when the DMVPN fails-over to another hub.
Currently this is my config:
Datacenter (MPLS only)
interface GigabitEthernet0/1
description MPLS
ip address 192.168.0.34 255.255.255.252
interface Vlan2
ip address 192.168.96.2 255.255.255.0
router bgp 65511
bgp log-neighbor-changes
network 192.168.96.0
neighbor 192.168.0.33 remote-as 65510
Hub site 1 (MPLS + internet)
interface Tunnel200
ip address 10.99.99.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication auth
ip nhrp map multicast dynamic
ip nhrp network-id 12345
ip nhrp holdtime 600
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 200
tunnel protection ipsec profile dmvpn
interface GigabitEthernet0/1
description MPLS
ip address 192.168.1.2 255.255.255.0 secondary
ip address 192.168.0.2 255.255.255.252
router bgp 65001
bgp log-neighbor-changes
network 192.168.1.0
network 192.168.21.0
!10.99 clients are DMVPN spokes
neighbor 10.99.99.3 remote-as 99010
neighbor 10.99.99.3 route-reflector-client
neighbor 10.99.99.21 remote-as 99001
neighbor 10.99.99.21 route-reflector-client
!as 65000 is the MPLS PE
neighbor 192.168.0.1 remote-as 65000
Hub Site 2, has the same configuration, except for local ip address and router BGP ID.
Spoke site:
interface Tunnel200
ip address 10.99.99.3 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication auth
ip nhrp map 10.99.99.1 PUBLIC_IP_HUB_1
ip nhrp map 10.99.99.16 PUBLIC_IP_HUB_2
ip nhrp network-id 12345
ip nhrp holdtime 600
ip nhrp nhs 10.99.99.1 priority 1
ip nhrp nhs 10.99.99.16 priority 5
ip nhrp nhs fallback 60
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel key 200
tunnel protection ipsec profile dmvpn
interface GigabitEthernet0/1
description Internal
ip address 192.168.3.1 255.255.255.192
router bgp 99010
bgp log-neighbor-changes
network 192.168.3.0
neighbor 10.99.99.1 remote-as 65001
neighbor 10.99.99.16 remote-as 65013
On this spoke site
#sh ip route
B 192.168.1.0/24 [20/0] via 10.99.99.1, 00:47:01
which is the HUB network, but the rest of the MPLS routes are not "learned".
What am I missing?
Thanks!Hi Jon, I've ommited the configuration of the MPLS provider routers in between. The DC is connected to a router that has the AS 65510.
DC:CPE---PE:{MPLS}PE---CPE:HUB---{internet}---Spoke
The DC is ok getting the network information via BGP:
#sh ip route
B 192.168.3.0/24 [20/0] via 192.168.0.33, 3d05h
B 192.168.21.0/24 [20/0] via 192.168.0.33, 3d05h
#sh ip bgp 192.168.21.0
BGP routing table entry for 192.168.21.0/24, version 559
Paths: (1 available, best #1, table default)
Not advertised to any peer
Refresh Epoch 1
65510 3549 6140 3549 65000
192.168.0.33 from 192.168.0.33 (###.###.###.###)
Origin IGP, localpref 100, valid, external, best
#sh ip route 192.168.21.0
Routing entry for 192.168.21.0/24
Known via "bgp 65511", distance 20, metric 0
Tag 65510, type external
Last update from 192.168.0.33 3d05h ago
Routing Descriptor Blocks:
* 192.168.0.33, from 192.168.0.33, 3d05h ago
Route metric is 0, traffic share count is 1
AS Hops 5
Route tag 65510
MPLS label: none
Spoke:
#sh ip bgp
BGP table version is 494, local router ID is 192.168.21.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.0.129.32/27 10.99.99.16 0 65013 65012 3549 ?
*> 192.168.96.0 10.99.99.16 0 65013 65012 3549 6745 65510 ?
#sh ip route 192.168.96.0
Routing entry for 192.168.96.0/24
Known via "bgp 99001", distance 20, metric 0
Tag 65013, type external
Last update from 10.99.99.16 00:02:11 ago
Routing Descriptor Blocks:
* 10.99.99.16, from 10.99.99.16, 00:02:11 ago
Route metric is 0, traffic share count is 1
AS Hops 5
Route tag 65013
MPLS label: none
#sh ip bgp 192.168.96.0
BGP routing table entry for 192.168.96.0/24, version 465
Paths: (1 available, best #1, table default)
Not advertised to any peer
Refresh Epoch 2
65013 65012 3549 6745 65510
10.99.99.16 from 10.99.99.16 (10.2.16.1)
Origin incomplete, localpref 100, valid, external, best
The route is not being updated to the rest of the routers, and the 192.168.21.0 network is still announced via the old route.
(from spoke)
ping 192.168.96.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.96.2, timeout is 2 seconds:
Success rate is 0 percent (0/5)
From DC
#traceroute 192.168.21.1
Type escape sequence to abort.
Tracing the route to 192.168.21.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.0.33 [AS 65510] 0 msec 0 msec 0 msec
2 172.50.1.33 [AS 65510] 56 msec 36 msec 36 msec
3 10.80.1.1 [AS 3549] 44 msec 44 msec 44 msec
4 10.80.1.2 [AS 3549] 172 msec 172 msec 168 msec
5 172.50.1.1 [AS 3549] 168 msec 168 msec 172 msec
6 172.50.1.2 [AS 3549] 180 msec 180 msec 176 msec
7 192.168.0.2 [AS 65000] 172 msec 172 msec 168 msec <- old route, should be 192.168.0.9
8 192.168.0.2 [AS 65000] !H * !H -
Design Help with MPLS/BGP and Point to Point VPNs using OSPF as backup
I need some advice on the configuration I want to implement. Basically we have a MPLS cloud using BGP. We are using OSPF for internal routing. Everything is working fine. Now we want to add a Point to Point VPN using new Cisco ASA's for a backup path at all of our remote locations. We want it to be on standby. I want to use OSPF for this. Miami and LA are datacenters. I want the VPN's to go into both datacenters if possible running OSPF for backups. I have a feeling this will be very tricky. I also wanted to use floating routes. Now I know I get the VPN's up and running using OSPF with no problem. Here are my questions:
But being that I am using different areas, will OSPF through the VPN work correctly? I have the Cisco PDF on setting this up but it looks like they are using the same, AREA0, in the example.
Can I get both VPN's to work with no problems? Or will it be too much of a pain?
What would you guys suggest?
Thanks.We are implementing the same solution, and was only able to make this work using HSRP one router for the MPLS connection and one for the VPN tunnel. I opened a TAC case and the tech couldn't get it to work either. I was able to establish the Lan-2-lan tunnel but triggering the route update was the problem. We ended up pulling our ASA5505's out and putting in 1841 routers.
-
hi guyz, i got three 2500 router with MPLS support, and a 2621 with Telco feature IOS. One 3620.....
4 routers can play MPLS & BGP / VPN ??Hi,
yes this is possible. F.e. CE1(3620) - PE1(2500MPLS) - PE2(2500MPLS) - CE2
In case you have Serial interfaces use Frame Relay with different, separate PVCs and you can also setup "redundancy" and the like.
If your 3620 and 2621 IOS supports tag-switching you could use them as PE routers. There is no need for a "P" router to test MPLS VPN.
Hope this helps! Please rate all posts.
Regards, Martin -
Dear Sir,
I am observing MPLS Outgoing tag is Untagged in all router .
This is an Provider edge router.There is no issue with Configuration.
Kindly see the below sh run config and find out what is the exact issue.
ERROR LOG
============
R2# sh mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Untagged 10.0.34.0/24 0 Fa0/1 10.0.23.3
==========
17 Untagged 5.5.5.5/32 0 Fa0/1 10.0.23.3
==========
18 Untagged 10.0.45.0/24 0 Fa0/1 10.0.23.3
==========
19 Untagged 1.1.1.1/32[V] 0 Fa0/0 10.1.12.1
==========
R2#
R2#sh run
===========
Building configuration...
Current configuration : 1863 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R2
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
ip vrf SITEA
rd 200:200
route-target export 200:200
route-target import 200:200
no ip domain lookup
mpls label protocol ldp
multilink bundle-name authenticated
archive
log config
hidekeys
ip tcp synwait-time 5
ip ssh version 1
interface Loopback0
ip address 2.2.2.2 255.255.255.255
interface FastEthernet0/0
ip vrf forwarding SITEA
ip address 10.1.12.2 255.255.255.0
duplex auto
speed auto
interface Serial0/0
no ip address
shutdown
clock rate 2000000
interface FastEthernet0/1
ip address 10.0.23.2 255.255.255.0
ip ospf network point-to-point
duplex auto
speed auto
mpls ip
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
router ospf 1
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 10.0.23.0 0.0.0.255 area 0
router bgp 200
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 5.5.5.5 remote-as 200
neighbor 5.5.5.5 update-source Loopback0
address-family vpnv4
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 send-community extended
exit-address-family
address-family ipv4 vrf SITEA
neighbor 10.1.12.1 remote-as 100
neighbor 10.1.12.1 activate
no synchronization
exit-address-family
ip forward-protocol nd
no ip http server
no ip http secure-server
no cdp log mismatch duplex
mpls ldp router-id Loopback0 force
control-plane
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
end
R2#sh ver
=============
Cisco IOS Software, 2600 Software (C2691-ADVIPSERVICESK9-M), Version 12.4(15)T11, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 28-Oct-09 19:00 by prod_rel_team
ROM: ROMMON Emulation Microcode
ROM: 2600 Software (C2691-ADVIPSERVICESK9-M), Version 12.4(15)T11, RELEASE SOFTWARE (fc2)
R2 uptime is 10 minutes
System returned to ROM by unknown reload cause - suspect boot_data[BOOT_COUNT] 0x0, BOOT_COUNT 0, BOOTDATA 19
System image file is "tftp://255.255.255.255/unknown"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 2691 (R7000) processor (revision 0.1) with 124928K/6144K bytes of memory.
Processor board ID XXXXXXXXXXX
R7000 CPU at 160MHz, Implementation 39, Rev 2.1, 256KB L2, 512KB L3 Cache
3 FastEthernet interfaces
1 Serial(sync/async) interface
DRAM configuration is 64 bits wide with parity enabled.
55K bytes of NVRAM.
1024K bytes of ATA System CompactFlash (Read/Write)
Configuration register is 0x2102
R2#sh inventory
NAME: "2691 chassis", DESCR: "2691 chassis"
PID: , VID: 0.1, SN: XXXXXXXXXXX
NAME: "WAN Interface Card - Serial (1T) on Slot 0 SubSlot 0", DESCR: "WAN Interface Card - Serial (1T)"
PID , VID: 2.1, SN: 16777216
NAME: "One port Fastethernet TX on Slot 1", DESCR: "One port Fastethernet TX"
PID: NM-1FE-TX= , VID: 1.0, SN: 7720321
Logs
=======
R2#sh mpls ldp neighbor
R2#sh mpls ldp neighbor
R2#sh mpls ldp discovery
Local LDP Identifier:
2.2.2.2:0
Discovery Sources:
Interfaces:
FastEthernet0/1 (ldp): xmit/recv
LDP Id: 3.3.3.3:0; no route
R2#Hi,
You should be able to view other's post. You can go to different community directory (for different technology deployment).
You can use the below Video for MPLS L3VPN,
https://supportforums.cisco.com/video/11928951/ask-experts-webcast-introduction-mpls-vpn
In addition, there are various documents as below,
https://supportforums.cisco.com/community/5891/mpls#quicktabs-community_activity=1
Hope this helps.
-Nagendra -
Hi dears,
I already have a MPLS network built on old Cisco 1841 with 12.4(24)T4 release, now for a new branch we move on new 2911 with 15.1(4)M3
To configure MPLS tag switching I apply on C1841 configuration like:
mpls label protocol ldp
interface Tunnel3
description tunnel with central
ip address x.x.x.x 255.255.255.252
mpls bgp forwarding
I try to "migrate" these configuration but the commands
mpls label protocol ldp
and under IF
mpls bgp forwarding
are not available!!
I search trough the documentation, but it's no clear if the command is unsupported in th 15.1(4)M3 release, in the feauture navigation tools MPLS is supported and also these command are linked from Cisco 15M&T command reference guide (http://www.cisco.com/en/US/products/ps10592/prod_command_reference_list.html)
I need to activate the feature in some way?
Could you help me?
Thanks
ValerioTo have that feature is necessary to activate license on DataK9 feauture
-
Layer 3 to the Access Layer and MPLS Design Considerations
Hi,
We are about to install a new network consisting of Cat 4500s with Sup7E at the Access Layer, with Nexus 7000 at the Distribution and Core layers.
We have 14 floors with at least three 4500s on each floor. Within the office block where the Access Layer and Distribution Layer reside we need to support secure borderless networking using 802.1x to place users from different parts of the business into segregated networks at layer 3.
All switches will have the feature sets to support MPLS/ VRF / OSPF / EIGRP / BGP etc.
We quickly dismissed the idea of using VRF-Lite due to the sheer number of Vlans we would need to managage and maintain, the point to point links alone just to get one additional VRF on each floor required far too many Vlans.
As a result we are now considering deploying MPLS. The obvious benefits include scalability and manageability, the fact that all switch to switch links can now be routed, instead of having to using SVIs.
My query is one of design surrounding MPLS and how this maps to an enterprise network with a routed access layer. Do Cat 4500s become the CEs and take part in MPLS / BGP and Label Distribution, or does the BGP peering and Label Distribution only occur between the Distrubtion - Core - Distrubtion layers, mapping to the PE - P - PE topology in an ISP environment, the access layer simply uses the IGP (OSPF in this case) to learn routes ?
Any help would be greatly appreciated.
Chris.Hi Andy,
Thanks for your response.
I have been doing a little bit more research it seems the Cat 4500s do not support MPLS!! Nor do Cisco have any plans to support it on this platform. I find this a little rediculous considering the level that Cisco are pitching this platform. With the Sup 7E only VRF Lite is supported, with plans to support EVN (which still uses trunk links for logical separation).
So it looks like we are going to have to go back to the drawing board.
(perhaps we should have gone HP or Juniper!)
Chris. -
NX-OS vrf bgp local-as interaction with L3vpn
I use standard MPLS BGP-L3vpn to forward traffic between VRFs on Nexus 7k routers. All of my VRFs are within the same BGP process, so have the same local-as.
I'd like to bring-up an eBGP session from one VRF to a carrier, but the carriers requires that they peer with a specific BGP ASN (call it "65432"). It doesn't look like NX-OS supports the "router bgp 1234, vrf VRF1 neighbor w.x.y.z local-as 65432" command. However, it does appear to support "router bgp 1234, vrf VRF1, local-as 65432".
My limited understanding is that this would prepend "65432" onto all routes advertised to all VRF1 neighbors? And that all neighbors defined under VRF1 on this router would learn routes from me with as-path "^65432 1234 ..."?
If so, would this have any affect on routes exchanged with other VRFs using import/export rd?It's tricky given that BGP's AD is always going to beat out EIGRP's all other things being equal. Most of the things you can do with BGP route-maps involve making one BGP route preferred over another.
You could inject the preferred path as a static route (AD = 1) to the firewall using an ip sla operation and having the static route track that. Once the ip sla operation fails, the static route is withdrawn and then the BGP-learned route (AD = 20) will take precedence. -
In ASR901 can you tag MSTP BPDU's
I have an ASR901 ring, dual homed to 2 ME3800's with a management VPLS connection between the 3800's. Running MPLS on all interfaces of the ring. Would like to use a VRF for in-band management of the 901's. These devices will be located at customer premises. I am using SVI's for MPLS interfaces and SVI's for in-band Management interfaces on the ring. Untagged encaps for MPLS and Tagged (vlan 2) for Management. In the 3800's, I have a VPLS to bring the traffic back to the Management router. So basically, in-band management uses a Layer 2 vlan switching on the ring, with vlan interfaces attached to a VRF. Customer traffic uses MPLS cross-connects.
Problem is the need for MSTP so management can be dual homed to both 3800's and Layer 2 Protocol forwarding over the VPLS in order for STP to work properly.
This doesn't work because the management traffic is tagged VLAN 2 and the BPDU's are untagged, therefore they are getting dropped at the service instance ingress to the 3800's (encap dot1q 2). Is there a way to tag MTSP BPDU's to make this work? MSTP is the only STP option on the ASR901.
Or is there a way to add a management interface to an EFP cross-connect? Or some other way to dual home the in-band management while using a VRF for management? Note ASR901 doesn't support VPLS.Thanks for the link but unfortunately it didn't help. Although I did follow the instructions on the link but without success, I noticed that the link spoke of the iPod nano (5th generation). I'm wondering if the tagging feature isn't available for the iphone 4s. I bet it is but something just isnt right.
-
7600 platform for MPLS based L2 and L3 services
Hi,
We are planning to deploy 7600s (testing to be done) for L2 and L3 services. Has anyone out there found some issues with both the layers functioning in unison on the same.
Thanks
Cheers,
~sultanHello Charles,
Thanks for you reply, actually I wanted to know more specific details, like IOS and modules being used by others, which you have stated.
I am planning to go for SIP-200 and SIP-400 with STM-1 POS, 2xGIG and FE8 modules.
Services would be EoMPLS, including VPLS and MPLS/BGP IP VPNs.
Thanks
Cheers
~sultan -
Hi!
My company has Cisco 6506 with SUP720-3BXL.
I'm trying to kill two birds with one stone
2 BGP Full View + MPLS VPN in one box.
I have a problem with more than 250k labels in LFIB.
Seems it creates a new label for each prefix recived from BGP.
How it can be turned off ?
IOS 12.2 SXH adv ent services.
L3 Forwarding Resources
FIB TCAM usage: Total Used %Used
72 bits (IPv4, MPLS, EoM) 524288 459356 88%
144 bits (IP mcast, IPv6) 262144 7 1%
detail: Protocol Used %Used
IPv4 243728 46%
MPLS 215627 41%
#sh mpls ip binding summary
Total number of prefixes: 211
Generic label bindings
assigned learned
prefixes in labels out labels
211 210 416
Total tib route info allocated: 194
bbn-ms-gw#debug bgp ipv4 unicast mpls
BGP MPLS labels debugging is on
2w0d: BGP: adding MPLS label to 202.52.15.0/24 sending labels not enabled
2w0d: BGP: adding MPLS label to 202.52.12.0/24 sending labels not enabled
Why it added MPLS label to prefix?
Noone told it to do that.Pavel,
Are the full Internet feeds in VRFs.
If so, IOS allocates one label per VRF prefix. you can use the following command to force IOS to allocate only 1 label per VRF:
mpls label mode { vrf | all-vrfs }protocol bgp_vpnv4 per-vrf
BTW, this is a hidden command.
Hope this helps, -
Hello group,
Recenlty I'm having some problem in my production PE routers. At times, the PE is not generating any MPLS VPN tag. When this happens, a syslog comes saying:
"Jun 30 10:16:16.169: %TFIB-4-FIBCBLK: Missing MPLS Forwarding Information Base table for tableid 65535 during Route Tag Change event"
On the PE, 'show ip cef vrf xxx prefix' does not show any local tag [attached].
So, on the upstream PE no MPLS-VPN tag is there except for the top most label for downstream PE.
To resolve this probelm, I enable and disable cef on the VPN interface by 'no ip cef/ ip cef' command. Then it works fine.
The IOS version is: c3745-js-mz.122-15.T14
Might be, someone in the group find any reason to this type of problem.
Regards,
Dabraj Sarkar
Grameenphone LtdDear Gautam,
Thanks for the response. Could you please explain non-recursive route in this context? I'm running static routing between PE-CE. Does non-recursive route mean that to configure exit interface along with next hop IP in the static route definition?
I'm trying to change the IOS. Any suggestion regarding stable S-train codes?
Regards,
Dabraj -
Can not enable tag-switching on the router
Good day for all,
i have 7206 g1 router with 7200 Software (C7200-JK9S-M), Version 12.3(4)T4 (enterprise)
and i can not enable mpls.
Router(config)#int gigabitEthernet 0/2.102
Router(config-subif)#mpls ip
% Tag switching not supported on interface GigabitEthernet0/2.102
this error on all interfaces
what is the problem? (cef enable)
Thank YouI have 2 identical 7206VXR, same IOS, same PAs
And one of em allows tag-switching on FasteEthernet 0/0.30 (dot1q), other - doesnt :(
--- rtr 1 ----
Cisco Internetwork Operating System Software
IOS (tm) 7200 Software (C7200-P-M), Version 12.2(18)S5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Sat 08-May-04 10:43 by nmasa
Image text-base: 0x60008FE0, data-base: 0x6151E000
ROM: System Bootstrap, Version 12.0(19990210:195103) [12.0XE 105], DEVELOPMENT SOFTWARE
BOOTLDR: 7200 Software (C7200-BOOT-M), Version 12.0(18)S, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
TV3 uptime is 3 weeks, 14 hours, 28 minutes
System returned to ROM by reload at 23:02:24 EEST Thu Aug 12 2004
System image file is "slot0:c7200-p-mz.122-18.S5.bin"
Last reload reason: Reload command
cisco 7206VXR (NPE300) processor (revision D) with 229376K/65536K bytes of memory.
Processor board ID 21265679
R7000 CPU at 262Mhz, Implementation 39, Rev 2.1, 256KB L2 Cache
6 slot VXR midplane, Version 2.0
Last reset from power-on
Channelized E1, Version 1.0.
X.25 software, Version 3.0.0.
Bridging software.
Primary Rate ISDN software, Version 1.1.
PCI bus mb0_mb1 has 200 bandwidth points
PCI bus mb2 has 0 bandwidth points
1 FastEthernet/IEEE 802.3 interface(s)
53 Serial network interface(s)
48 Channelized E1/PRI port(s)
125K bytes of non-volatile configuration memory.
20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K).
4096K bytes of Flash internal SIMM (Sector size 256K).
Configuration register is 0x2112
--- rtr 2 ---
Cisco Internetwork Operating System Software
IOS (tm) 7200 Software (C7200-P-M), Version 12.2(18)S5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Sat 08-May-04 10:43 by nmasa
Image text-base: 0x60008FE0, data-base: 0x6151E000
ROM: System Bootstrap, Version 12.0(19990210:195103) [12.0XE 105], DEVELOPMENT SOFTWARE
BOOTLDR: 7200 Software (C7200-BOOT-M), Version 12.0(9)S, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
TV1 uptime is 3 weeks, 14 hours, 39 minutes
System returned to ROM by reload at 22:51:22 EEST Thu Aug 12 2004
System restarted at 22:53:54 EEST Thu Aug 12 2004
System image file is "slot0:c7200-p-mz.122-18.S5.bin"
Last reload reason: Reload command
cisco 7206VXR (NPE300) processor (revision D) with 229376K/65536K bytes of memory.
Processor board ID 18285647
R7000 CPU at 262Mhz, Implementation 39, Rev 1.0, 256KB L2 Cache
6 slot VXR midplane, Version 2.0
Last reset from power-on
Channelized E1, Version 1.0.
X.25 software, Version 3.0.0.
Bridging software.
Primary Rate ISDN software, Version 1.1.
PCI bus mb0_mb1 has 200 bandwidth points
PCI bus mb2 has 0 bandwidth points
1 FastEthernet/IEEE 802.3 interface(s)
68 Serial network interface(s)
48 Channelized E1/PRI port(s)
125K bytes of non-volatile configuration memory.
20480K bytes of Flash PCMCIA card at slot 0 (Sector size 128K).
4096K bytes of Flash internal SIMM (Sector size 256K).
Configuration register is 0x102
TV3(config)#in fas 0/0.30
TV3(config-subif)#tag ip
% Tag switching not supported on interface FastEthernet0/0.30 -
L2 tunnel between me3600x and 3925
Hello,
We are currently trying to configure a l2tunnel between a ME3600X (running 15.3(3)S3 with the AdvancedMetroIPAccess licence) and a 3925 (running 15.0(1)M2 with the datak9 licence).
We are part of a CsC architecture, playing the role of the customer carrier, using BGP for label distribution between the Backbone carrier and the Customer carrier.
Our architecture is quite flat as the CE and PE roles are on the same routers.
we have the view on the following architecture and can configure the R1, RCV1, RCV2 and R2 routers :
R1 --- RCV1---(Backbone Carrier)---RCV2--- R2
We have 3 sites A,B and C but only 2 dark fibers to connect them.
We are using the CsC to build a L2 tunnel and close the triangle :
A-ME=tun=3925-B
df df
C
For year were using a 2911 and a 3900 to build the tunnel and it was good. The tunnel was build with an xconnect l2tpv3.
we replaced our 2911 for a ME3600X few weeks ago following the advice of our backbone CsC contact, and we are now facing the following problem :
the configuration we used is not working any more : we can build the tunnel but the spanning tree BDPU are not passing through (We use rstp for spanning-tree protocol).
3925 : ______________
pseudowire-class backup-sro-ypa
encapsulation l2tpv3
ip local interface GigabitEthernet0/0/0.777
interface GigabitEthernet0/1
description interface connecting site B
no ip address
duplex auto
speed auto
no keepalive
no cdp enable
xconnect 10.193.32.50 5 pw-class backup-sro-ypa
interface GigabitEthernet0/0/0.777
description interface facing the CsC
encapsulation dot1Q 777
ip address 10.193.32.42 255.255.255.252
mpls bgp forwarding
ME3600 : ______________
pseudowire-class backup-ypa-sro
encapsulation l2tpv3
sequencing both
ip local interface Vlan777
interface GigabitEthernet0/1
description interface facing the CsC
switchport trunk allowed vlan none
switchport mode trunk
mtu 1512
service instance 777 ethernet
description *** Transport vers to CsC***
encapsulation dot1q 777
rewrite ingress tag pop 1 symmetric
l2protocol tunnel
bridge-domain 777
interface GigabitEthernet0/2
description interface connecting site A
no switchport
no ip address
xconnect 10.193.32.42 5 encapsulation l2tpv3 pw-class backup-ypa-sro
interface Vlan777
description vers RCV
dampening
mtu 1512
ip address 10.193.32.50 255.255.255.252
no ip unreachables
mpls bgp forwarding
As we have no experience with the ME3600X and their EVC and service instance concepts we have a hard time figuring out what solution to use :
- According to this post l2tpv3 is not supported on the ME3600X : https://supportforums.cisco.com/discussion/11919131/configuring-pseudowire-between-3800-router-and-me3600x
- According to this one it seems possible to interoperate a tunnel between a 2911 and a Me3600 : https://supportforums.cisco.com/discussion/11848451/eompls-and-layer-2-tunneling
Our need is slightly different though, as we are trying to pass a dot1Q trunk in the tunnel.
We tried to switch to encapsulation mpls, with no luck so far...
Any help or feedback would be greatly appreciated.
Best Regards,
Jérôme SchlumbergerNews from the lab...
I decided to start again my config from scratch :
On the ME3600X___________ :
pseudowire-class backup-ypa-sro
encapsulation l2tpv3
ip local interface Vlan777
sequencing both
interface GigabitEthernet0/2
description *** Backup L2 VLans Internes avec RSROHES1 ***
no switchport
no ip address
no keepalive
no cdp enable
xconnect 10.193.32.42 5 pw-class backup-ypa-sro
On the 3900___________
pseudowire-class backup-sro-ypa
encapsulation l2tpv3
ip local interface GigabitEthernet0/0/0.777
sequencing both
interface GigabitEthernet0/1
description Tunnel_BB_HEIGVD
no ip address
duplex auto
speed auto
no keepalive
no cdp enable
xconnect 10.193.32.50 5 pw-class backup-sro-ypa
-> The "sequencing both" is mandatory to get the tunnel UP.
-> I configured l3 interfaces on the devices facing the ends of the tunnel and I can't ping them. Looking a little bit more carefully, I noticed that the arp table does not fill on the 3900, but it does on the 3600. I guessed that's a limitation on the 3600, but still not sure.
I then tried to switch to mpls encapsulation with the following configuration :
On the ME3600X_____________________________
pseudowire-class backup-ypa-sro
encapsulation mpls
interface GigabitEthernet0/2
description *** Backup L2 VLans Internes avec RSROHES1 ***
no switchport
no ip address
no cdp enable
xconnect 10.193.32.42 5 pw-class backup-ypa-sro
On the 3900___________
pseudowire-class backup-sro-ypa
encapsulation mpls
interface GigabitEthernet0/1
description Tunnel_BB_HEIGVD
no ip address
duplex auto
speed auto
no keepalive
no cdp enable
xconnect 10.193.32.50 5 pw-class backup-sro-ypa
This time, impossible to get the tunnel UP :
sh xconnect all detail :
XC ST Segment 1 S1 Segment 2 S2
------+---------------------------------+--+---------------------------------+--
DN ac Gi0/1(Ethernet) UP mpls 10.193.32.50:5 DN
Interworking: none Local VC label 147
Remote VC label unassigned
pw-class: backup-sro-ypa
Actually, as I am in a CsC architecture using BGB for label distribution with the CsC core, there is not ldp neighbor, and it seems to be the reason why I can't get the tunnel UP.
I am now trying to avoid ldp for the signaling of the tunnel using AToM Static Pseudowire Provisioning but I am to much of a newbie for that. I get a "Incomplete AToM manual config" when configuring the xconnect on the me3600...
Here is my config on the ME3600x so far :
pseudowire-class backup-ypa-sro
encapsulation mpls
protocol none
interface GigabitEthernet0/2
description *** Backup L2 VLans Internes avec RSROHES1 ***
no switchport
no ip address
no cdp enable
xconnect 10.193.32.42 5 encapsulation mpls manual pw-class backup-ypa-sro
! Incomplete AToM manual config
Funny, I tried to configure
RYPRC01(config-if-xconn)#mpls label 0 1048500
on the xconnect sub config section of the interface, but it won't appear in the config...
I am really stuck, and any help would really be appreciated.
Best Regards,
Jérôme Schlumberger -
VRF-Lite with 6500 w/ Sup720
I am working with a customer who would like to utilize path isolation in their network using VRF-Lite. I am currently debating between the use of GRE tunnels vs. VLANs between 3 core switches they currently have in place today. This is going to be overlay network on top of what they currently have. The core is all L2 today with 802.1q trunks between each of 3 cores in a ring topology. Closets are single homed into the core throughout.
My question is regarding GRE vs. VLANs. Currently, we are looking at having to deploy 12 VRFs to support 12 seperate network types they would like to isolate. The Access layer switches will trunk to the cores where the core will apply VRFs to specific VLANs based on their role.
Which is going to be a more scalable solution from a performance and adminstration standpoint. GRE, VLANs, or MPLS?
Currently the GRE implementation is going to require that we configure many loopbacks and tunnels on each core in order to get the VRFs talking to each other in each core. The VLAN approach will require 24 VLANs per core (assuming we would go with PTP vs Multipoint for routing inside the VRF).
Any thoughts on which way to proceed? From what i have read GRE is more appropriate when you have multiple hops between VRF tables, which in this case we do not. I am just concerned with loopbacks,tunnels, and then routing on top of that the GRE solution will lack scalability as they add more VRFs. A PTP VLAN will pose a similar problem without the need for loopbacks which should simplify the solution.
Can we use MPLS here and just do PE to PE MPLS and still get the VRF segmentation we need between cores?
I would like eventually migrate the entire core to L3 completely but today we are stuck with having to support legacy networks (DEC/LAT/SNA) and have to keep some L2 in place.
Whats the best approach here?Shine,
I actually ended up with basically the same design you are talking about here except that I ended up adding a couple 6500 +FWSM and NAC L3/L2 CAM/CAS into the mix.
Here is the high level overview
1. Every Closet had a minimum of 6 VLANs - unique to the stack or closet switch - Subnets were created for each VLAN as well - no spanning of L2 VLANs across switch stacks.
2. VLANs were assigned for - Voice, Data, LWAPP VLAN, Guest/Unauthorized, Switch/Device Management, and at least 1 special purpose VLAN - (Lab, Building Controls, Security, etc).
3. Then we trunked all the VLANs back to 1 of 3 cores - 6509s with Sup-720s
4. Each Core 6509 was configured for each L2 VLAN with a L3 SVI (The VLANs configured here were not configured on any other cores - we didn't have available fiber runs to do any type of redundant pathing across multiple cores so it wasn't valid in this design to configure VLAN SVIs on more than one core).
5. Each L3 SVI was assigned to the appropriate VRF based on use - Voice, Data, LWAPP, etc
6. Spanning-Tree Roots for all VLANs trunked to a core were specific to that core - they did not trunk between Cores - no loops
7. Each Core was connected via a L2 Trunk that carried Point to Point VLANs for VRFs traffic - We had an EIGRP AS assigned to each VRF on the link - so we had 6 VRFs and 6 EIGRP AS per trunk.
8. This design occurred on each core x2 as it connected to the other cores in a triangle core fashion.
9. Each of the Cores had a trunk to to 6500 with a FWSM configured - VRF/L3 PTP VLAN design continued here as well
10. The 6500+FWSM was configured with multiple SVIs and VRFs - we had to issue mult-vlan mode on the FWSM to get it to work.
11. Layer 2 NAC was configured with VLAN translation coming into the Core 6500/FWSM for Wireless in L2 InBand Mode - the L3 SVIs were configured on the clean side of the NAC CAM so traffic was pulled through the CAM from from the dirty side - where the controller mapped host SSIDs to appropriate VLANs. We only had to configure a couple host VLANs here - Guest and Private so this was not much of an issue - Private was NAC enabled, Guest VLAN/SVI was mapped to a DMZ on the firewall
12. For Layer 3 NAC we justed used an out of band CAM configurations with ACLs on the Unauthorized VLAN
It worked like a charm.
If I had to do it all over again I would go with MPLS/BGP for more scalability. Configuring trunks between the cores and then having the mulitple EIGRP AS/PTP VLANs works well in networks this small but it doesn't scale indefinately. It sounds like your network is quite large. I would look into MPLS between a set of at least 3-4 Core PE/CE devices. Do you plan on building a pure MPLS core for tagged switched traffic only? Is your campus and link make up significant enough to benefit from such a flexible design?
Maybe you are looking for
-
MacBook Pro Stuck In Sleep Mode - Won't Boot
LAPTOP 2008 17" aluminum Macbook Pro running Snow Leopard SCENARIO I was using my laptop, closed the lid and took it to the office. Removed it from the laptop bag and it would not come out of sleep mode using mouse / keys. I hit the power button once
-
TS3274 Solution to no video using Skype with my I Pad mini
I tried using ipad mini to Skype with a client in Oregon a few weeks ago. Great Audio but no video on either end. Does anyone have a solution?
-
Distribute contract to SRM-MDM 2.0 catalog in SRM 4.0
Hi, My client is using SRM 4.0 and need to distribute his contracts to SRM-MDM 2.0 catalog. Once you set the flag "Distribute contract to catalog" in the contract the XI Sender Interface that the system uses is CatalogUpdateNotification_Out form the
-
Hello, I want to know if it's posible data base acces from a Applet and how do it. The SQLException: No suitable Error is always in the output.The Applet code is: import java.applet.*; import java.awt.*; import java.util.*; import java.sql.*; import
-
Hi I have a report with prompts... I saved the report with "_save data with report_". If i didnt do the "save data with report" ,every time I run the report ,its asking for selecting Prompts. My question is when i run the report , It sho