MPLS over encryption

Similar Messages

• MPLS over GRE Support (Platform)

  Hello,
  I am looking to run MPLS over GRE (over the Public Internet) probably with IPSec for obvious reasons. CFN seems to suggest only the Cat6k with SUP-VS-2T or the Catalyst 6800 is capable of MPLS over GRE functionality... 
  I currently have 2 x Cisco 7200 VXR platforms (7204 & 7206) with the NPE-G2 processing engine and was wondering if we added the VSA encryption module (C7200-VSA=) would be enough to get a reliable MPLS over GRE tunnel functionality. 
  The tunnel with Encryption would ideally support up to 500Mbps. 
  My other alternative is to upgrade/replace the VXRs with ASRs (1002 or similar) but again CFN is unclear if the ASR100x platform is capable of delivering MPLS over GRE + IPSec.
  Thanks,

  MPLS over GRE is not supported in Hardware for sup720. This is a PFC3 hardware limitation. Your options would be to use SPA-400 or Enhanced FlexWan.

• Welcome to the MPLS over ATM Discussion

  Welcome to the Cisco Networking Professionals Connection Service Provider Forum. This conversation will provide you the opportunity to discuss issues surrounding MPLS over ATM. We encourage everyone to share their knowledge and start conversations on issues such as Frame-based MPLS networks, multiservice networks, VPN scalability, multiple service classes, multicast, VoIP and any other topic concerning MPLS over ATM.
  Remember, just like in the workplace, be courteous to your fellow forum participants. Please refrain from using disparaging or obscene language or posting advertisements.
  We encourage you to tell your fellow networking professionals about the site. If you would like us to send them a personal invitation simply send their names and e-mail addresses along with your name to us at [email protected]

  This is easily done with dial peer statements . The dial peer in your originating router must route the calls to the terminating router first. That would look like :
  dial-peer voice xxxxx voip ( the xxxxx is just a tag)
  destination-pattern 45... (that would route any 5-digit calls beginning with 45)
  session-target ipv4:xxx.xxx.xxx.xxx (ip address of the terminating router)
  If digitones are to be dialed after the connection is established, use the statement:
  dtmf-relay-h.245-alphanumeric
  You could also use a statement to specify the codec to be used:
  codec g711ulaw
  You would need multiple voip dial peers if the calls were going to different routers based on the dialed digits. If all calls are sent to the same terminating router, use all wild cards in the dest-pattern statement.
  At the terminating router configure pots dial peers:
  dial-peer voice xxxxx pots
  dest-pattern 45...
  port x/x (whichever port the call is to be terminated on)
  prefix 45 (this re-inserts matched digits which are stripped off by the pots dp)
  Repeat for other ports which will receive calls.
  Paul

• MPLS over non-MPLS network

  A Chairde,
  I am nearly sure the answer is no, but will ask anyway.
  I want to connect two private networks over a corporate WAN , and am looking to keep the router traffic (BGP) and routing traffic under control.
  I only have control of the two lab routers, the routers in middle are controlled by IT dept. , is there anyway of setting up MPLS with this scenario ???
  Any other suggestions ......

  You could indeed run MPLS over a GRE interface.
  If you want to run MPLS VPN, then I would suggest configuring MPLS VPN over l2tpv3. See the following URL for more details:
  http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00802b4817.html
  Let me know if I answered your question,

• MPLS over GRE Tunnel

  Hi,
  Can any one guide me about the benefits of MPLS over GRE Tunnels. Do this serve the purpose of MPLS (except TE, which is suppose is not possible on GRE Tunnels) as Layer-3 is already involved before Label Switching even starts.
  thanx and regards,
  Shakeel Ahmad

  I have a problem with MPLS over GRE. When i try to apply a policy to shape the traffic it seems that the default-class dosent see the mpls packets.
  Im trying to shape the traffic to 256k but it seems that the shaping never are activated.
  Anyone have any idea how to solve this?
  Example:
  class-map match-all PING
  match access-group 171
  policy-map class-default
  class PING
  bandwidth percent 15
  policy-map PING
  class class-default
  shape average 256000
  service-policy class-default
  INterfacexx
  service-policy output PING
  access-list 171 permit icmp any any

• Sup32 and mpls over gre

  does sup32 on 7600 router support mpls over gre, my uplinks
  to the core are connected via sup32?

  Hello Atif,
  in the following link the datasheet of sup32
  http://www.cisco.com/en/US/prod/collateral/modules/ps2797/ps5972/product_data_sheet0900aecd801c5cab_ps368_Products_Data_Sheet.html
  table1 contains the following:
  Hardware-enabled MPLS-Enables use of VPNs and Layer 2 tunneling while improving traffic engineering for QoS and adding multiprotocol support
  • Hardware-enabled IPv6-Expands available IP addresses, enabling better address allocation and address aggregation and supporting greater end-to-end connectivity and services
  • Hardware-enabled GRE tunnels for IP traffic
  be aware that performances are limited in comparison to sup720 as it is shown in table2.
  Hope to help
  Giuseppe

• MPLS over GRE sample config....

  can any body paste a working of MPLS over GRE....
  i am looking for tunnel config and any related global config...
  thanks
  Umar

  You can try this link for GRE configuration
  http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a00801e1294.shtml

• MPLS over GRE tunnles

  HI : Are there any MTU issues of running MPLS over GRE tunnels??
  what will be the MTU size ?
  thnak you

  GRE has an overhead of 24 bytes, and can directly interfere with the MPLS overhead. The MTU associated with an MPLS packet is broken down like so:
  Ethernet Payload - 1500
  802.1q header - 18
  AToM Header - 4 (Required for ATM and FR only)
  AToM Label - 4
  LDP Label - 4
  TE Label - 4
  MPLS Fast Reroute - 4
  Total = 1538
  Granted, you may not configure all of those features above into your MPLS network, this is a good baseline to use for the MPLS MTU. You need to configure the core network to accept an MTU of at least 1538 bytes, without GRE.
  You need to ensure that your GRE tunnels can support an MTU greater than 1562 if you plan to implement additional MPLS features like TE and AToM.

• Difrence between ... MPLS over Frame-Relay ATM

  Hai all,
  Sorry to ask very basic quiestion ..can some one tell what is the difrnce and advantage of MPLS over ATM and Frame-Relay ......pls provide me a better link ..for refrnce
  Thanks in advance
  Lijesh

  MPLS over ATM or MPLS over Frame-Relay it's not good idea, because if you use cell-mode labeling, you find someone limitation at this technology. DLCI and VPI/VCI value at this protocols it's not have large space. If you know how operate cell-mode, try to look at just for sample bits length with DLCI value at Frame-Relay protocol or VPI/VCI value at ATM protocol… Of course you can use same cheat like VCI-merge, but I think it's not very good idea.
  Building new network infrastructure at this protocols it's not good idea… It's good idea to fast implement MPLS technology in old network infrastructure build with this protocols (just for sample, you can linked ATM forwarding plane and MPLS forwarding plane (in this situation you can abandon to use fixed configuration VPI/VCI for IP network and can use benefits offered ATM technology with MPLS)), but not for new network infrastructure. If you need to offer services with this protocols, you can use Any Transport Over MPLS technology.
  For more information look at this page - http://www.cisco.com/en/US/tech/tk436/tk798/tsd_technology_support_protocol_home.html

• MPLS over IPv6?

  I've heard IPv6 over MPLS lots of times, but never heard of MPLS over IPv6.
  Is it possible to employ MPLS over pre-exist IPv6 network? If not currently, any research?

  I have heard too much going on in this field. Any particular interest?

• Mpls over atm ppp over aal5

  Hi,
  Does cisco support mpls over atm-ppp-llc
  per RFC 2354(PPP over AAL5).
  Something like a scenario if Cisco acts as a PE and it gets frames with mpls over atm-ppp-llc from a connected CE ,is it supported in cisco , or it will drop the frames ?
  Running mpls over ce-pe link is mandatory for the specific scenario.
  Thanks
  Thanks in advance

  Hello,
  The MPLS should be supported also on PPP over AAL5. Simply use the "mpls ip" command on the Virtual-Template or the Dialer interface you are using on top of the ATM VC to set up the PPP interface.
  The 3640 with proper IOS can support the PE functions. The Enterprise feature sets should be equipped with all features necessary to provide a PE router functionality - basically, the VRF, MPLS, LDP, MPLS VPN support, BGP, BGP VPNv4 support, IGP protocols with VRF support and that should be sufficient.
  Best regards,
  Peter

• MPLS over ATM - VP Tunnel (cell) or VC (frame)?

  Does anybody use the MPLS over VP tunnel with the Cisco 8540 ATM MPLS core? Is it a stable solution or one should better leave the ATM MPLS cell mode and convert to frame mode over ATM?

  Both Cell mode and frame mode are stable solutions. But the scenario where we use them are different. I see that Cisco 8540 ATM MPLS Core is used. In this case, I would say that cell mode MPLS is a better solution for the following reason(s); In normal (non-MPLS) ATM core the L2 topology might be different from L3 topology. Say for example, a destination IP (a.b.c.d) might be shown as 3 hops (routers) away but there can be even 10 or more ATM switches in between. In this case the L2 topology might not be an optimal path. Hence we go for cell mode operation, where we form a full mesh topology and hence an optimal path.

• MPLS over ATM encapsulation

  Hello,
  During I was doing an MPLS interoperability test between our ATM-LER and Cisco 7204 router, I found an implementation difference wrt MPLS over ATM encapsulation between two systems. Our system encapsulates an MPLS packet with null shim label(=0), while Cisco router does it with non-null shim label(!= 0), I guest it may be a VCD value that is internally used in Cisco system. I think that an MPLS over ATM packet should be encapsulated with null label value in the top shim header in accordance with RFC 3035 described below.
  "If the packet has a label stack with n entries, it MUST carry a shim with n entries. The actual value of the top label is encoded in the VPI/VCI field. The label value of the top entry in the shim (which is just a "placeholder" entry) MUST be set to 0 upon transmission, and MUST be ignored upon reception. The packet's outgoing TTL, and its CoS, are carried in the TTL and CoS fields respectively of the top stack entry in the shim."
  Any response will be greatly appreciated.
  Best regards,
  Yongjun.

  No, I'm NOT requesting a new feature, but talking about compliance with
  the MPLS standard, RFC 3035, "MPLS using LDP and ATM VC Switching". What I'm saying is that Cisco router sends an MPLS packet on LC-ATM interface with a VCD (some sort of connection identifer in Cisco router) value set on the top-of-stack label, while the standard specifies the top-of-stack label should be used only for a placeholder and thus MUST be set to '0'. To my best knowledge, most of edge ATM-LSR systems set the top label value to '0' in accordance with RFC 3035. If the ingress edge ATM-LSR (Cisco) forwards an MPLS packet with non-zero label on the top-of-stack, then the egress ATM-LSR has two choices, one is just to ignore the non-zero label value, (causing no problem), the other is to discard the MPLS packet because the top-of-stack label should have been zero and non-zero is invalid. If any implementation selects the latter option, it may not be possible to interoperate with Cisco system through LC-ATM interface.
  Regards,
  Yongjun.

• MPLS over ATM and Private IP addresses

  Are there any caveats using private IP addresses at one site and public registered IP addresses at another site connecting with MPLS over ATM thru our ISP?

  No. You should be able to configure this using NAT.

• Why we choose mpls over point to point only because it is cheap

  I need a document explaining the advantages and disadvantages of converting point to point connectivity to MPLS and the plan / suggestion to overcome the disadvantages

  Hi,
  Converting a network that consists of point-to-point links to run MPLS can have benefits. This is regardless of the type of links you have in the network.
  One starting point could be this one:
  http://en.wikipedia.org/wiki/Multiprotocol_Label_Switching
  The big benefit that comes with deploying MPLS in your network is the ability to run the MPLS applications. Here are the most important ones:
  -MPLS VPN - Layer 3 (with multicast)
  -MPLS VPN - Layer 2 - point-to-point or point-to-multipoint
  -MPLS Traffic Engineering - point-to-point or point-to-multipoint
  Each of these have their benefits, while running over a one common network : an IP network with MPLS enabled.
  The most important benefits are:
  L3 VPN : obviously gives you seperated VPNs, with the possibility of overlapping IP subnets
                extreme easy provisioning of layer 3 VPNs
  L2 VPN: supports transporting most supported layer 2 protocols, even protocols with clocking information
  MPLS TE: steering of traffic through the network and extremely fast traffic protection
  These are just the most important ones.
  All of these applications run on one common network, while before MPLS, one needed to have multiple carrying networks (e.g. one Frame-Relay network, one ATM network, one IP network) in order to provide all the same functionality.
  Regards,
  Luc