MPLS Customer router physical interface

My provider wants to sell me MPLS services but I can't seem to get a straight answer regarding what the physical interface on my customer router needs to be. Some personnel tell me it will be a normal ethernet connection, other say it'll be a DS3 or T1 connection depending on the speed.
Please give me some advice on what to expect regarding an MPLS circuit? Or point me to some good documentation to maybe I can communicate better with the service provider.
Thank you.

Hi Tod
Few points from my side for your query
Access Link should be considered based on whether we are going for MPLS L3 VPN or MPLS L2 VPN Soilution
MPLS L3 VPN from my understanding is independent of Access Media but the Access Media will definitely put different hardware requirements for your Customer Edge Router
The Access Link Type and Bandwidth would vary depending upon the BW requirements for the network. The T1/T3 or a Subrate T3 Access Links would be a choice when we have BW requirements in that range(<45 Megs)
Using FE as an Acces link would require SP to provide Colocation Services or rather go for spanning a Fiber out from their Colo and deploying Optical Mux at Customer Premises and again suitable for BW requirements more than 45 Megs
MPLS L2 VPN
Ethernet is the choice for taking MPLS L2 VPN Services to connect your different branches in a point-to-multipoint fashion using VPLS at SP end.
You can go through the Cisco Doc - "Layer 3 MPLS VPN Enterprise Consumer Guide" which should help you gain more insight for choosing the PE-CE Routing Protocol and other points to consider for an MPLS L3 VPN Service.
Thats from my understanding. Hope you will get more good advises on this.
Regards
Vaibhava Varma

Similar Messages

Multiple Public IP's on one physical interface for devices behind Router.

Hi guys, I am trying to find information on applying multiple IP addresses to a router
basically one for the Router itself and then some for the devices behind the router, Which i am sure I need to apply some 1 to 1 NATs. I just do not know if i need to specify all the IP addresses on the main interface.
Example being I have a router with WAN ip of xxx.xxx.xxx.xxx/25 , it only has 2 interface one for WAN one for LAN, i have a server I would like assigned its own public IP address. but still on the same LAN network.
Could someone help me out and point me in the right direction with a sample config

I agree with the previous response that you need a static NAT to allow outside resources to initiate traffic to your server. You also will need NAT or PAT using the router interface address to allow the other hosts in your network to access outside.
You do not need to configure any other of the addresses on the router interface other than the primary IP that you assign to the router interface. As long as the other addresses are used for NAT/PAT they are configured in the nat statements and not on the physical interface.
HTH
Rick

Physical Interface not present in show ip route connected

Hi,
Thanks for reading my post.
I have a reccurent issue with a CISCO881-K9.
My WAN interface is regularly unsuable even if it's UP/UP. I can't even ping the interface from the router itself.
A reboot solves the issue. But now I have time and I'd like to get a proper understanding of what's going on.
The route doesn't appear in "show ip route connected".
Router#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0              unassigned      YES unset up                    up
FastEthernet1              unassigned      YES unset down                  down
FastEthernet2              unassigned      YES unset down                  down
FastEthernet3              unassigned      YES unset down                  down
FastEthernet4              X.Y.Z.82    YES NVRAM up                    up
Loopback0                  10.31.129.5     YES NVRAM up                    up
NVI0                       X.Y.Z.82    YES unset up                    up
Tunnel0                    10.32.129.1     YES NVRAM up                    down
Vlan1                      172.22.129.102 YES NVRAM up                    up
Router#ping X.Y.Z.82
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to X.Y.Z.82, timeout is 2 seconds:
Success rate is 0 percent (0/5)
Router#
Router#show ip route
Gateway of last resort is X.Y.Z.81 to network 0.0.0.0
S*    0.0.0.0/0 [1/0] via X.Y.Z.81
      10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
R        10.30.129.0/24 [120/1] via 172.22.129.101, 00:00:08, Vlan1
R        10.31.129.1/32 [120/1] via 172.22.129.101, 00:00:08, Vlan1
C        10.31.129.5/32 is directly connected, Loopback0
      172.22.0.0/16 is variably subnetted, 3 subnets, 2 masks
S        172.22.128.0/24 [1/0] via 172.28.28.254
C        172.22.129.0/24 is directly connected, Vlan1
L        172.22.129.102/32 is directly connected, Vlan1
      172.27.0.0/24 is subnetted, 1 subnets
S        172.27.0.0 [1/0] via 172.28.28.254
      172.28.0.0/24 is subnetted, 1 subnets
R        172.28.28.0 [120/2] via 172.22.129.101, 00:00:08, Vlan1
      172.30.0.0/24 is subnetted, 1 subnets
S        172.30.1.0 [1/0] via 172.28.28.254
      172.31.0.0/24 is subnetted, 1 subnets
S        172.31.0.0 [1/0] via 172.28.28.254
S     192.0.0.0/16 [1/0] via 172.28.28.254
      192.168.48.0/32 is subnetted, 1 subnets
S        192.168.48.247 [1/0] via 172.28.28.254
      192.168.84.0/32 is subnetted, 1 subnets
S        192.168.84.247 [1/0] via 172.28.28.254
S     192.168.101.0/24 [1/0] via 172.28.28.254
R     192.168.104.0/24 [120/2] via 172.22.129.101, 00:00:08, Vlan1
Router#show ip route connected
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override
Gateway of last resort is X.Y.Z.81 to network 0.0.0.0
      10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C        10.31.129.5/32 is directly connected, Loopback0
      172.22.0.0/16 is variably subnetted, 3 subnets, 2 masks
C        172.22.129.0/24 is directly connected, Vlan1
L        172.22.129.102/32 is directly connected, Vlan1
interface FastEthernet4
description WAN
ip address X.Y.Z.82 255.255.255.252
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
ip tcp adjust-mss 1300
duplex full
speed 100
keepalive 3
crypto map MYSTREAM-MAP
hold-queue 224 in
end
Router#show interfaces fastEthernet 4
FastEthernet4 is up, line protocol is up
Hardware is PQII_PRO_UEC, address is 4403.a738.3c02 (bia 4403.a738.3c02)
Description: WAN
Internet address is X.Y.Z.82/30
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (3 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:06, output 00:00:35, output hang never
Last clearing of "show interface" counters never
Input queue: 0/224/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
     26675 packets input, 1826301 bytes
     Received 12230 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     44029 packets output, 8969818 bytes, 0 underruns
     0 output errors, 0 collisions, 4 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     3 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
Could you help on this? Or lead me to Tshoot that problem.
By the way the interface 4 is connected to an ISP Modem (TWC in US).
Thanks,
William

Hi,
Thanks for your answer. I've checked the release notes and there is no bug about that.
I think I must use the WAN interface which is fastethernet 4. I'm not able to change the patch cable for now.
What could be the cause?
show version
Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Wed 21-Mar-12 00:27 by prod_rel_team
ROM: System Bootstrap, Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
Router uptime is 1 week, 3 hours, 6 minutes
System returned to ROM by reload at 08:12:54 UTC Fri Oct 3 2014
System restarted at 08:14:30 UTC Fri Oct 3 2014
System image file is "flash:c880data-universalk9-mz.151-4.M4.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command
If you require further assistance please contact us by sending email to
[email protected]
Cisco 881 (MPC8300) processor (revision 1.0) with 236544K/25600K bytes of memory.
Processor board ID FGL1652265J
5 FastEthernet interfaces
1 Virtual Private Network (VPN) Module
256K bytes of non-volatile configuration memory.
125440K bytes of ATA CompactFlash (Read/Write)
License Info:
License UDI:
Device#   PID                   SN
*0        CISCO881-K9           FGL1652265J
License Information for 'c880-data'
    License Level: advsecurity   Type: Permanent
    Next reboot license Level: advsecurity
Configuration register is 0x2102

No route after Interface change in VRF

Hi Everyone,
I have had a couple of strange incidents where changing a physical interface or ip address on an interface causes routing problems. We are running ASR9010 on IOS-XR 4.2.3
Case 1:
Changed a physical interface gi0/0/0/1.12 to BE21.12 on a vrf.
I lost static routes and had to remove and re-apply.
Case2:
Changed the IP address to a different network 172.17.254.126/27 to 172.27.254.126/27
ARP OK and ping from VRF or local device in other VRF OK, however host on connected interface cannot be pinged from across MPLS. Connected route is carried across MPLS OK. We will be trying to remove the entire interface and vrf config and re-apply.
EDIT: We re-applied config after removing and commiting. It is now working.
Any ideas or clues?
Cheers
Mike

Thanks,
The basic thing for case 2 is:
Customer --> VRF Gateway- Ping OK
RP/0/RSP0/CPU0:macq-syd-intel2-asr9010-01#ping vrf BACKUP-MANAGEMENT 172.27.254.99
Fri Feb 14 12:42:49.771 EST
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.27.254.99, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
Server --> MPLS --> VRF Gateway - Ping OK
> ping routing-instance BACKUP_SERVERS 172.27.254.126
PING 172.27.254.126 (172.27.254.126): 56 data bytes
64 bytes from 172.27.254.126: icmp_seq=0 ttl=255 time=1.126 ms
64 bytes from 172.27.254.126: icmp_seq=1 ttl=255 time=1.029 ms
64 bytes from 172.27.254.126: icmp_seq=2 ttl=255 time=1.097 ms
64 bytes from 172.27.254.126: icmp_seq=3 ttl=255 time=0.998 ms
64 bytes from 172.27.254.126: icmp_seq=4 ttl=255 time=1.032 ms
^C
--- 172.27.254.126 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.998/1.056/1.126/0.047 ms
Server --> MPLS --> VRF --> Customer - Destination Unreachable
> ping routing-instance BACKUP_SERVERS 172.27.254.99
PING 172.27.254.99 (172.27.254.99): 56 data bytes
76 bytes from 124.47.128.30: Destination Net Unreachable
Vr HL TOS Len   ID Flg off TTL Pro cks      Src      Dst
4 5 00 0054 940d   0 0000 40 01 3404 172.28.91.252 172.27.254.99
76 bytes from 124.47.128.30: Destination Net Unreachable
Vr HL TOS Len   ID Flg off TTL Pro cks      Src      Dst
4 5 00 0054 a361   0 0000 40 01 24b0 172.28.91.252 172.27.254.99
76 bytes from 124.47.128.30: Destination Net Unreachable
Vr HL TOS Len   ID Flg off TTL Pro cks      Src      Dst
4 5 00 0054 a8ae   0 0000 40 01 1f63 172.28.91.252 172.27.254.99
76 bytes from 124.47.128.30: Destination Net Unreachable
Vr HL TOS Len   ID Flg off TTL Pro cks      Src      Dst
4 5 00 0054 ad11   0 0000 40 01 1b00 172.28.91.252 172.27.254.99
76 bytes from 124.47.128.30: Destination Net Unreachable
Vr HL TOS Len   ID Flg off TTL Pro cks      Src      Dst
4 5 00 0054 b5ab   0 0000 40 01 1266 172.28.91.252 172.27.254.99
--- 172.27.254.99 ping statistics ---
9 packets transmitted, 0 packets received, 100% packet loss
RP/0/RSP0/CPU0:macq-syd-intel2-asr9010-01#ping vrf BACKUP-MANAGEMENT 172.27.254.99
Fri Feb 14 12:42:49.771 EST
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.27.254.99, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
RP/0/RSP0/CPU0:macq-syd-intel2-asr9010-01#    sh arp vrf M2MGMT23509001
Fri Feb 14 12:56:57.313 EST
0/1/CPU0
Address         Age        Hardware Addr   State      Type Interface
172.27.254.99   00:14:08   0050.5682.66c0 Dynamic    ARPA Bundle-Ether2.12
172.27.254.124 03:08:07   0050.5682.565c Dynamic    ARPA Bundle-Ether2.12
172.27.254.126 -          6c9c.ed03.8eb2 Interface ARPA Bundle-Ether2.12
RP/0/RSP0/CPU0:macq-syd-intel2-asr9010-01#    sh arp vrf M2MGMT23509001
Fri Feb 14 12:57:25.328 EST
VRF Gateway --> MPLS --> Server - Ping OK
RP/0/RSP0/CPU0:macq-syd-intel2-asr9010-01#ping vrf M2MGMT23509001 172.28.91.19
Fri Feb 14 13:00:13.402 EST
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.28.91.19, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
RP/0/RSP0/CPU0:macq-syd-intel2-asr9010-01#sh run router bgp 17477 vrf M2MGMT23509001
Fri Feb 14 13:02:11.425 EST
router bgp 17477
vrf M2MGMT23509001
rd auto
label-allocation-mode per-vrf
address-family ipv4 unicast
   redistribute connected
RP/0/RSP0/CPU0:macq-syd-intel2-asr9010-01#sho route vrf M2MGMT23509001
Fri Feb 14 13:03:46.700 EST
Codes: C - connected, S - static, R - RIP, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
       U - per-user static route, o - ODR, L - local, G - DAGR
       A - access/subscriber, - FRR Backup path
Gateway of last resort is not set
B    10.117.24.0/23 [20/0] via 172.27.0.110 (nexthop in vrf BACKUP-MANAGEMENT), 1d01h
B    10.135.0.0/24 [20/0] via 172.27.0.110 (nexthop in vrf BACKUP-MANAGEMENT), 1d01h
B    10.135.2.0/24 [20/0] via 172.27.0.110 (nexthop in vrf BACKUP-MANAGEMENT), 1d01h
C    172.27.254.96/27 is directly connected, 2d02h, Bundle-Ether2.12
L    172.27.254.126/32 is directly connected, 2d02h, Bundle-Ether2.12
B    172.28.1.240/28 [200/0] via 125.7.35.120 (nexthop in vrf default), 6d22h
B    172.28.91.0/24 [200/0] via 125.7.35.120 (nexthop in vrf default), 6d22h
B    172.28.92.0/24 is directly connected, 1d01h, Bundle-Ether4 (nexthop in vrf BACKUP-SERVER)

How to make ASR9000 bridge domain forward traffic between sub interfaces of same physical interface?

Hi,
I regularly use bridge domains to connect sub interfaces on different vlans using this sort of configuration:
interface GigabitEthernet0/0/0/5.21 l2transport
description CUSTOMER A WAN
encapsulation dot1q 21
rewrite ingress tag pop 1 symmetric
interface GigabitEthernet0/0/0/10.3122 l2transport
description CUSTOMER A CORE
encapsulation dot1q 3122
rewrite ingress tag pop 1 symmetric
l2vpn
bridge group WANLINKS
bridge-domain CUSTOMERA
   interface GigabitEthernet0/0/0/5.21
   interface GigabitEthernet0/0/0/10.3122
When I try to use the same method to bridge two sub interfaces on the same physical interface so as to create a L2 VPN no data flows:
interface GigabitEthernet0/0/0/5.21 l2transport
description CUSTOMER A WAN
encapsulation dot1q 21
rewrite ingress tag pop 1 symmetric
interface GigabitEthernet0/0/0/5.22 l2transport
description CUSTOMER A WAN2
encapsulation dot1q 22
rewrite ingress tag pop 1 symmetric
l2vpn
bridge group WANLINKS
bridge-domain CUSTOMERA
   interface GigabitEthernet0/0/0/5.21
   interface GigabitEthernet0/0/0/5.22
If I add a BVI interface to the bridge domain then the CE devices at the remote end of the WAN interface can both ping the BVI IP but they remain unable to ping each other.
Is this because tag rewrites are not happening since packets don't leave the physical interface?
How can I work around this and establish a L2 connection between the two subinterfaces?
Thank you

a vlan is usually the equivalent of an l3 subnet, so linking 2 vlans together in the same bridge domain, likely needs to come with some sort of routing (eg a BVI interface).
If these 2 vlans are still in the same subnet, then there is still arp going on, from one host to the other that traverses the bD.
you will need to verify the state of the AC, the forwarding in the BD and see if something gets dropped somewhere and follow the generic packet troubleshooting guides (see support forums for that also).
that might give a hint to what the precise issue in your forwarding is.
regards
xander

The difference between IEEE802.1Q Native VLAN sub-interface and Physical interface?

Hello
I think the following topologies are supported for Cisco Routers
And the Physical interface also can be using as Native VLAN interface right?
Topology 1.
R1 Gi0.1 ------ IEEE802.1Q Tunneling L2SW ------ Gi0 R2
R1 - configuration
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
ip address 10.0.0.1 255.255.255.0
Topology 2.
R1 Gi0 ------ IEEE802.1Q Tunneling L2SW ------ Gi0 R2
interface GigabitEthernet0
ip address 10.0.0.1 255.255.255.0
And is it ok to use the physical interface and sub-interface with dynamic routing such as EIGRP or OSPF etc?
R1 Gi 0 ---- Point to Multipoint EIGRP or OSPF ---- Gi0 R2 / R3
Gi 0.20--- Point to Point EIGRP or OSPF --- Gi0.10 R4 (same VLAN-ID)
R1 - configuration
interface GigabitEthernet0
ip address 10.0.0.1 255.255.255.0
interface GigabitEthernet8.20
encapsulation dot1Q 20
ip address 20.0.0.1 255.255.255.0
Any information is very appreciated. but if there is any CCO document please let me know.
Thank you very much and regards,
Masanobu Hiyoshi

Hello,
The diagram is helpful.
If I am getting you correctly, you have three routers interconnected by a switch, and you want them to operate in a hub-and-spoke fashion even though the switch is capable of allowing direct communication between any of these routers.
Your first scenario is concerned with all three routers being in the same VLAN, and by using neighbor commands, you force these routers to establish targeted EIGRP adjacencies R1-R2 and R1-R3, with R1 being the hub.
Your second scenario is concerned with creating one VLAN per spoke, having subinterfaces for each spoke VLAN created on R1 as the router, and putting each spoke just in its own VLAN.
Your scenarios are not really concerned with the concept of native VLAN or the way it is configured, to be honest. Whether you use a native VLAN in either of your scenarios, or whether you configure the native VLAN on a subinterface or on the physical interface makes no difference. There is simply no difference to using or not using a native VLAN in any of your scenarios, and there is no difference to the native VLAN configuration being placed on a physical interface or a subinterface. It's as plain as that. Both your scenarios will work.
My personal opinion, though, is that forcing routers on a broadcast multi-access segment such as Ethernet to operate in a hub-and-spoke fashion is somewhat artificial. Why would you want to do this? Both scenarios have drawbacks: in the first scenario, you need to add a neighbor statement for each spoke to the hub, limiting the scalability. In the second scenario, you waste VLANs and IP subnets if there are many spokes. The primary question is, though: why would you want an Ethernet segment to operate as a hub-and-spoke network? Sure, these things are done but they are motivated by specific needs so I would like to know if you have any.
Even if you needed your network to operate in a hub-and-spoke mode, there are more efficient means of achieving that: Cisco switches support so-called protected ports that are prevented from talking to each other. By configuring the switch ports to spokes as protected, you will prevent the spokes from seeing each other. You would not need, then, to configure static neighbors in EIGRP, or to waste VLANs for individual spokes. What you would need to do would be deactivating the split horizon on R1's interface, and using the ip next-hop-self eigrp command on R1 to tweak the next hop information to point to R1 so that the spokes do not attempt to route packets to each other directly but rather route them over R1.
I do not believe I have seen any special CCO documents regarding the use of physical interfaces or subinterfaces for native VLAN or for your scenarios.
Best regards,
Peter

Apply WCCP redirect to logical or physical interface?

If there is a logical subinterface configured under its physical interface (for example serial0/0/0.100 for routing), I should apply WCCP redirect (ip wccp 62 redirect in) to the logical interface, not the physical interface. Is that correct?
Thanks

Yes. You apply WCCP redirect to subinterface if you are using sub interfaces.
Regards.
PS: Please mark this Answered, if it answers your question.

Physical interface Default Gateway connecting VPN with AnyConnect

When I connect vpn with AnyConnect, I can't see default gateway on Physical Interface.
before connect vpn
==========================================
C:\WINDOWS\system32>ipconfig
Windows IP Configuration
Ethernet adapter Local Area
        Connection-specific DNS Suffix . :
        IP Address. . . . . . . . . . . . : 10.1.1.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.1.1.10
after connect vpn with anyconnect
==========================================
C:\WINDOWS\system32>
C:\WINDOWS\system32>ipconfig
Windows IP Configuration
Ethernet adapter Local Area
        Connection-specific DNS Suffix . :
        IP Address. . . . . . . . . . . . : 10.1.1.100
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . :'Can't see default gateway'
Is this the specification of Anyconnect?

Nyanko,
This will happen when you are using tunnel all as the split tunneling policy, the computer will encrypt all the traffic so the default gateway will be removed from the physical connection and placed into the virtual adapter. If you take a look at the routing table you will see that what really happens is that the original default route's metric will be changed so that it is higher than the one injected by the virtual adapter, once you disconnect it should go back to normal.
Further information on split tunneling:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080975e83.shtml
HTH
Jonnathan

Participation In Customer Routing.

Hello ,
I am sending one question which I believe was wrongly answered on Cisco forum.In forum the answer guessed is A but I think the answer is B.I am also giving some explaination.
Which one of the following is true?
A. MPLS and traditional peer-to-peer VPNs require the service provider to participate in
the customer routing.
B. MPLS and traditional peer-to-peer VPNs require that the customer routing is
transparent to the service provider.
C. MPLS VPNs require the use of link-state routing protocols, traditional peer-to-peer
VPN implementations require distance vector protocols.
D. MPLS VPNs are constructed using dynamic routing protocols; traditional peer-topeer
VPN implementations are constructed using static routes.
Consider the scenario. BGP/MPLS VPN is considered as provider provisioned VPN, where the edge
router takes part in provisioning VPN service.
example: VPN A has three sites, 1, 2, 3 connected to PE1, PE2, PE3
respectively.
VPN A Customer routes from site 1 may or may not be directly reachable from
site 2, and site 3, depending on how they are provisioned by the Service
provider at PE. Infact customer has to depend on Provider for this
configuration.
But the core routers in the provider network, is not aware of existence of
any VPN and does not process any route which belongs to customer network,
outside the provider's network.
That is what my interpretation is.
In that respect, the customer routing is transparent to the provider.
Request all of you to comment and come to the conclusion this is important question from Cisco 640-910 examination point of view also.
Regards ,
Ranjeet Badhe
Engineer (Access Networks)

Agreed, the answer should be B not A.

Router vpn interface

Hi,
I ususally use cisco asa to connect site to site vpn. The outside Eth0/0 intereface I ususally use for public internet static IP and eth0/1 to connect internal network.
For router. I have saw a lot of example over the web. It usually use FE0/1 for public internet static IP for both site to site VPN connection point and FE0/0 for internal network. Could you tell me why ? My concept is outside interface of FE0/0 must use for public IP address because the less security level. Please help to explain. Thank you

Hi,
The interface ID doesnt have anything to do with the interfaces security on its own. On an ASA the "security-level" is used to define which is the least secure interface (the one facing Internet), not the port ID.
You are free to use any physical interface on a Cisco Router or ASA to whatever purpose you want.
Most people tend to use the port with the ID 0/0 for "outside" and the others for local network connections.
There is nothing stopping you from using something different.
- Jouni

Why assign IP addresses to router/switch interfaces?

I get why I would ever want to assign a IP address to a router or switch, for remote login and IP for hosts to reach it. But why assign IP addresses to the interfaces? Is it so the router/switch knows which port to send the packet out? Route summation? But I thought they do that through the routing table, like " that address is out this port".
So why would we ever need to assign IP addresses to specific port interfaces?

Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
You normally assign IP addresses to L3 interfaces so other L3 devices have an IP address to forward traffic to. (L2 IP address are generally only used for management.)
Suppose you had Host (192.168.1.5/24) <> R1 <> R2 <> (192.168.2.8/24) Host, and you want the two hosts to intercommunicate. How would you get this to work?
You might started by providing interface IPs on the router interfaces facing the host, such as:
Host (192.168.1.5/24) <> (192.168.1.1/24) R1 <> R2 (192.168.2.1/24) <> (192.168.2.8/24) Host
You then configure "gateway" IPs on both hosts:
Host (192.168.1.5/24 - GW 192.168.1.1) <> (192.168.1.1/24) R1 <> R2 (192.168.2.1/24) <> (192.168.2.8/24 - GW 192.168.2.1) Host
Now each hosts "knows" to send all its off local subnet, traffic physically to the GW IP. So, for example, if 192.168.1.5 want to sent to 192.168.2.8, it would forward the traffic to the GW IP, 192.168.1.1. This is a example of why you want an IP on the router's L3 interface.
Next we want R1 to forward the packet to R2, but it too needs a "next hop" IP address, so we assign addresses on the link between the two router, e.g.:
Host (192.168.1.5/24 - GW 192.168.1.1) <> (192.168.1.1/24) R1 (192.168.3.1/24) <> (192.168.3.2/24) R2 (192.168.2.1/24) <> (192.168.2.8/24 - GW 192.168.2.1) Host
R1 then needs to "know" where to send packets with an destination IP network of 192.168.2.0/24, in this case, it need to "know" to send the to IP 192.168.3.2. When it does, R2, having and interface with 192.168.2.1, will also know 192.168.2.8 can be reached by sending the packet out that interface.
Hopefully, the above will show why IP addresses on router L3 interfaces are needed.
BTW, normally for the R1<>R2 link, you would assign a /30 or /31 network or you might use "unnumbered" interfaces (which "borrow" IPs from another interface).

"mpls ip" global vs interface level command

What is the purpose of "mpls ip" global command? I think just enabling mpls on an interface by using "mpls ip" should be sufficient, but then what is the purpose of the global level command?

Usage Guidelines
Globally enabling MPLS forwarding does not enable it on the interfaces. You must enable MPLS forwarding on the interfaces separately.
MPLS forwarding of packets along normally routed paths (also called dynamic label switching) is enabled by this command. For a given interface to perform dynamic label switching, this switching function must be enabled.
The no form of this command stops dynamic label switching for all the interfaces regardless of the interface configuration; it also stops distribution of labels for dynamic label switching. However, the no form of this command does not affect the sending of labeled packets through the LSP tunnels.
link:
http://www.cisco.com/c/en/us/td/docs/optical/cpt/r9_3/command/reference/cpt93_cr/cpt93_cr_chapter_010.html#wp1254011620
HTH

Do gatekeepers need a dedicated physical interface

I recently took control of a network that has several h323 vtc endpoints registered to a gatekeeper.
The 3700 router that is the gatekeeper has a physical interface that appears to only exist to be the IP address of the gatekeeper. The 3700 router has other physical interfaces such as the serial interface to the WAN plus the gateway interface for the LAN.
The 10/100 interface with the gatekeeper IP address has no other configuration besides the "ip address" command. It is also physically connected to the switch.
All the gatekeeper unique configs are in the gatekeeper config on the 3700.
Do I really need to dedicate a physical interface so be the gatekeeper? Can I usa loopback interface or use my gateway ip address?
Thank you.

We've redeployed out gatekeeper using /32 loop back interfaces. We have 2 routers each with a /32 loop back. Then we have 1 gatekeeper on each router configred in a cluster with each other. It works great. Now we can use that physical interface for something else and we have redundancy.
Thanks for the input.

Critical physical interface or critical service ?

Hi,
I use a one arm solution ( Trunk interface) in active/standby environment made by 2 CSS 11501, working in router mode. They, each, connect to a separte swicth through the trunk interface. In such configuation, I ask,if configuring critical physical interface is suficient? the switchs are connect through a trunk interface also, and the server and client side are distributed among them in their respectives VLANS.
David

David,
The trunk with the switch could be up but the servers or the default gateway not reachable.
You could add a critical service for the gateway.
Gilles.

Network = 2 subnet on 1 physical interface on 1 VLAN

Hello,
For migration purpose I will need to configure a physical interface to be at the same time on two different subnet on only 1 physical interface.
On router it is called secondary IP but I don't know if sun is able to do that. I have no routing trouble as Sun servers are just talking in local.
example:
10.0.0.1---------
| ----------> same physical (if) and logical network (VLAN)
192.168.0.2----
Any clue would be helpfull
Thanks !

Ok I have done test and I know that it is possible but I have 2 bugs :
-when restarting my server I get an error and must restart manually my interfaces ( exit status 96 ...) and manually add my default route which was not taken...
- I must specify my subnet in the hostname.ce0 for IP addresses that are in a "sub-network"
here is my config :
# cat /etc/hostname.ce0
toto + netmask 255.255.252.0 + up
addif test + netmask + up
# cat /etc/hosts
10.170.225.205 toto loghost hostname
127.0.0.1 localhost loopback
192.168.0.1 test
192.168.0.2 test2
# cat /etc/inet/ipnodes
::1 localhost
10.170.225.205 toto loghost hostname
127.0.0.1 localhost loopback
192.168.0.1 test
192.168.0.2 test2
# cat /etc/netmasks
10.170.224.0 255.255.252.0
192.168.0.0 255.255.255.0
# cat /etc/defaultrouter
10.170.227.254
Thansk for any help !!
JF

MPLS Customer router physical interface

Similar Messages

Maybe you are looking for