MPLS Qs

Similar Messages

• In our enterprise MPLS network we are using 192.168.20.0/24 subnet, in this subnet we have not assigned the IP 192.168.20.200/30 & 204/30, But still these subnets are reachable . Are these NNI IP ...Please explain.

  In our enterprise MPLS network we are using 192.168.20.0/24 subnet, in this subnet we have not assigned the IP 192.168.20.200/30 & 204/30, But still these subnets are reachable . Are these NNI IP ...Please explain.

  I have checked with ISP, there response is like below:
  Those are the NNI to GBNET IPs for Dominican Republic. They are Network IPs. You should be able to ping them-that means they are working.
  WANRT01#show  ip route | include 192.168.20.20
  B        192.168.20.200/30 [20/0] via 192.168.20.226, 02:18:29
  B        192.168.20.204/30 [20/0] via 192.168.20.226, 02:18:29
  Here its shows from any of our MPLS site we are able to trace the IP and it seems like, 192.168.20.204/30 is one more site but in actual its not.
  INMUMWANRT01#ping 192.168.20.205
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 192.168.20.205, timeout is 2 seconds:
  Success rate is 100 percent (5/5), round-trip min/avg/max = 224/232/260 ms
  INMUMWANRT01#trace              
  INMUMWANRT01#traceroute 192.168.20.205
  Type escape sequence to abort.
  Tracing the route to 192.168.20.205
  VRF info: (vrf in name/id, vrf out name/id)
    1 192.168.20.226 24 msec 24 msec 24 msec
    2 192.168.20.206 [AS 8035] 232 msec 232 msec 252 msec
    3 192.168.20.205 [AS 8035] 224 msec 224 msec *

• Asa 5505 site to site VPN between A to B site, then B site MPLS to internal network

  Dear all
  I am setting up site to site VPN between two site A to B site.  Two local site of A and B are connected fine.  however for my site B have another internal MPLS to other site.  The connection fine from LAN A all the way to LAN B MPLS router, but it cannot be connect to other MPLS site.  If I did the MPLS traceroute from other site.  It can be reached of LAN B internal router.  Therefore, I am confusing which part of my configuration go wrong and any document for my reference.  Thank you very much.
  Local LAN A (5505 ASA)---------(5505 ASA) Local LAN B-----------B Internal router---------B MPLS router-------------other site.
  >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>xxxxxxxxxxxxxxx

  Dear Harish
  for LAN B MPLS.  All 11.20.0.0/16 will route to LAN B internal router 10.14.128.252
  If traceroute from other 11.0.0.0 site to 11.20.128.250, it can reach until LAN B ASA 11.14.127.223
  11.20.128.250                        11.14.128.223                           11.14.128.252           11.14.128.253              11.0.0.0
  Local LAN A (5505 ASA)---------(5505 ASA) Local LAN B-----------B Internal router---------B MPLS router-------------other site.
  >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>xxxxxxxxxxxxxxx
  if traceroute from 10.20.0.0, it can reach until LAN B MPLS router 11.14.128.253
  For config file post.  Can I have your email address to direct send to you.  Thank you very much.

• ASA 5505 to allow 2nd network segment through mpls

  I have been having a heck of a time trying to configure my 5505 to allow the second segment on my network to use the internet.
  Office 1 has a fiber internet connection, and all traffic flows fine.
  Office 2 had gotten it's internet from AT&T, via a network based firewall injecting a default route into the mpls cloud.
  both offices connunicate to each other through the mpls.
  When we added the fiber to office 1, we had the mpls people change the default internet route to the inside address of the 5505 and things worked fine.
  when AT&T attempted to remove the NBF defaut route, and inject the 5505's address as default, things didn't go so well.
  AT&T claims that it is within my nat cmmands on the 5505, but won't tell me anything else.  I assume that they are correct, and I assume that I am not good enough with the 5505 ASDM to tell it what to do.
  Office 1 uses 10.10.30.xx addresses and Office 2 uses 10.10.10.xx - the 5505 inside interface is 10.10.30.2 the internal interfaces of the mpls are 10.10.30.1 and 10.10.10.1
  I don't know what other information you would need, but am stuck here at Office 1 until I can get this working.
  Thanks

  Hi,
  Ok, so IF I have not understood anything wrong (which is still possible ), it would seem to me that the network mask of the ASA is atleast one reason that will cause problems for WI LAN if they try to use the Internet through the ASA5505 on the PA site.
  This is what I would presume will happen when a host on the WI LAN initiates a connection to the Internet
  WI PC 10.10.10.10 sends a TCP SYN to initiate/open a TCP connection with a Web server on the Internet
  The TCP SYN gets forwarded to the default gateway of the PC which is 10.10.10.1
  The TCP SYN packet traverses the ISP MPLS network all the way to the PA Site
  The PA Site 3900 has a default route probably towards PA ASA 10.10.30.2
  TCP SYN gets forwarded from the PA 3900 to the PA ASA according to the above mentioned default route on the PA 3900
  TCP SYN arrives on the ASA and gets forwarded to the Internet
  TCP SYN,ACK from the Web server arrives on the ASA
  ASA will ARP for the MAC address of the WI PC IP address of 10.10.10.10 because it thinks that the host is directly connected to the ASAs "inside" interface because of the "inside" interfaces large /16 network mask which contains addresses between 10.10.0.0 - 10.10.255.255
  The ARP request sent from the ASA never receives a reply since the WI PC isnt directly connected
  PA ASA will never be able to forward the traffic to the WI PC which is trying to open the connection to the Internet because of the above mentioned problem. Therefore the TCP connection from WI PC never succeeds and timeouts.
  Now you might ask, why does the connections between the PA and WI LAN work. To my understanding is that because the traffic from the PA hosts gets first forwarded to the PA 3900 then they have a working route to the WI LAN. The same way the WI LAN has a working route towards the PA LAN since the ASA isnt not involed in anyway.
  The PA Internet connection naturally works as the 10.10.30.0/24 hosts are directly connected to the ASA so the above mentioned ARP will not fail on their part and traffic is forwarded just fine between the PA LAN and the Internet.
  So to my understanding the solution to this problem would be to change the PA ASA "inside" subnet mask from 255.255.0.0 to 255.255.255.0.
  If you are unsure of the of this change I would suggest you do it when there is low network use (so you can revernt the change) Naturally if you are on the PA LAN then you can probably access the Console connection if something were to go wrong. I cant see any configurations on the PA ASA which would imply that you configure the device remotely through the Internet.
  Hope I made sense and hope this helps
  Naturally ask more if needed
  - Jouni

• Welcome to the MPLS over ATM Discussion

  Welcome to the Cisco Networking Professionals Connection Service Provider Forum. This conversation will provide you the opportunity to discuss issues surrounding MPLS over ATM. We encourage everyone to share their knowledge and start conversations on issues such as Frame-based MPLS networks, multiservice networks, VPN scalability, multiple service classes, multicast, VoIP and any other topic concerning MPLS over ATM.
  Remember, just like in the workplace, be courteous to your fellow forum participants. Please refrain from using disparaging or obscene language or posting advertisements.
  We encourage you to tell your fellow networking professionals about the site. If you would like us to send them a personal invitation simply send their names and e-mail addresses along with your name to us at [email protected]

  This is easily done with dial peer statements . The dial peer in your originating router must route the calls to the terminating router first. That would look like :
  dial-peer voice xxxxx voip ( the xxxxx is just a tag)
  destination-pattern 45... (that would route any 5-digit calls beginning with 45)
  session-target ipv4:xxx.xxx.xxx.xxx (ip address of the terminating router)
  If digitones are to be dialed after the connection is established, use the statement:
  dtmf-relay-h.245-alphanumeric
  You could also use a statement to specify the codec to be used:
  codec g711ulaw
  You would need multiple voip dial peers if the calls were going to different routers based on the dialed digits. If all calls are sent to the same terminating router, use all wild cards in the dest-pattern statement.
  At the terminating router configure pots dial peers:
  dial-peer voice xxxxx pots
  dest-pattern 45...
  port x/x (whichever port the call is to be terminated on)
  prefix 45 (this re-inserts matched digits which are stripped off by the pots dp)
  Repeat for other ports which will receive calls.
  Paul

• Problems setting up MPLS

  A Chairde,
  Am having problems setting up MPLS between a AS5350 and 7609 , I have used commands stated in this link, enable MPLS incrementally on a network.
  http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/switch_c/xcprt4/xcdtagc.pdf
  The commands below are added to each router, and some troubleshooting.
  7609
  ip cef distributed
  interface Loopback0
  ip address 192.168.254.1 255.255.255.255
  tag-switching advertise-tags
  interface GigabitEthernet3/12
  ip address 192.168.230.162 255.255.255.248
  mpls label protocol tdp
  tag-switching ip
  AS5350
  ip cef
  mpls label protocol tdp
  tag-switching advertise-tags
  interface Loopback0
  ip address 192.168.254.2 255.255.255.255
  interface FastEthernet0/0
  ip address 192.168.230.161 255.255.255.248
  duplex auto
  speed auto
  mpls ip
  h323-gateway voip interface
  h323-gateway voip id cnibhco111 ipaddr 192.168.230.129 1719
  h323-gateway voip h323-id cnibhco112
  h323-gateway voip tech-prefix 71401
  h323-gateway voip tech-prefix 0030
  h323-gateway voip bind srcaddr 192.168.230.161
  ip rsvp bandwidth 64 64
  cnibhco112#sh tag-switching tdp neighbor
  Peer TDP Ident: 192.168.254.1:0; Local TDP Ident 192.168.230.161:0
  TCP connection: 192.168.254.1.49842 - 192.168.230.161.711
  State: Oper; PIEs sent/rcvd: 18/23; Downstream
  Up time: 00:12:54
  TDP discovery sources:
  FastEthernet0/0, Src IP addr: 192.168.230.162
  Addresses bound to peer TDP Ident:
  192.168.100.17 192.168.100.25 159.107.212.49 172.16.8.81
  192.168.230.130 192.168.230.77 192.168.230.81 192.168.254.1
  192.168.210.6 192.168.127.6 192.168.210.106 192.168.127.66
  192.168.127.138 192.168.210.146 192.168.210.142 192.168.210.122
  192.168.210.17 192.168.230.140 192.168.230.26 192.168.230.74
  192.168.230.10 192.168.230.14 192.168.127.130 192.168.127.142
  192.168.230.6 192.168.230.70 192.168.230.34 192.168.210.178
  192.168.200.25 192.168.210.126 192.168.232.1 192.168.231.1
  192.168.200.17 192.168.210.102 190.168.200.245 190.168.200.225
  190.168.201.241 192.168.230.98 192.168.210.14 190.168.201.201
  190.168.201.209 192.168.210.162 192.168.210.210 190.168.201.205
  192.168.230.38 190.168.200.249 190.168.200.217 190.168.200.253
  192.168.230.162
  cnibhco112#
  cnibhco112#sh tag-switching forwarding-table 192.168.254.1 detail
  Local Outgoing Prefix Bytes tag Outgoing Next Hop
  tag tag or VC or Tunnel Id switched interface
  cnibhco112#traceroute 192.168.254.1
  Type escape sequence to abort.
  Tracing the route to 192.168.254.1
  1 192.168.230.162 0 msec 0 msec *
  cnibhco112#traceroute 192.168.230.162
  Type escape sequence to abort.
  Tracing the route to 192.168.230.162
  1 192.168.230.162 0 msec 0 msec *
  cnibhco112#

  Ro,
  Thanks for the respone, have been playin, with MPLS for last few hours.
  The routing between the loopbacks is now working, can PING 7609 Loopback from AS5350 ,and vice versa. (used static routes).
  Having problem with TDP / LDP on routers,
  mpls label protocol ldp / tdp command works correctly on both routers, but the
  tag-switching tdp router-id Loopback0 force
  command works on the 7609, but when I add it onto the AS5350 , the command "mpls ldp router-id Loopback0 force" appears on the startup script.
  The opposite is true for the 7609 , you add MPLS LDP command, and TAG-SWITCHING command appears instead.
  Any Ideas, as different configs of this leave me with forwarding table with both tags added, but not been able to ping the loopbacks !!!
  When I can ping bot loopbacks, the OUTGOING TAG , disapears.....
  Problem is LOOPBACK Commands on bot routers default to LDP (AS5350) , or TDP (7609). Any Ideas ...
  mpls label protocol tdp
  tag-switching tdp router-id Loopback0 force
  mpls label protocol tdp
  mpls ldp router-id Loopback0 force
  cnibhco100#sh tag-switching forwarding-table 192.168.254.2 detail
  Local Outgoing Prefix Bytes tag Outgoing Next Ho
  tag tag or VC or Tunnel Id switched interface
  18 17 192.168.254.0/24 0 Gi3/12 192.168.2
  MAC/Encaps=14/18, MRU=1500, Tag Stack{17}
  00097CA3293000127FCDBA808847 00011000
  No output feature configured
  Per-packet load-sharing
  cnibhco100#traceroute 192.168.254.2
  Type escape sequence to abort.
  Tracing the route to 192.168.254.2
  1 192.168.230.161 [MPLS: Label 17 Exp 0] 0 msec 0 msec 0 msec
  2 192.168.230.162 0 msec 0 msec 0 msec
  But no PINGING 192.168.254.2
  cnibhco112#sh tag-switching forwarding-table 192.168.254.1 detail
  Local Outgoing Prefix Bytes tag Outgoing Next Hop
  tag tag or VC or Tunnel Id switched interface
  17 18 192.168.254.0/24 1915668 Fa0/0 192.168.230.162
  MAC/Encaps=14/18, MRU=1500, Tag Stack{18}
  00127FCDBA8000097CA329308847 00012000
  No output feature configured
  Per-packet load-sharing
  cnibhco100#sh tag-switching forwarding-table 192.168.254.2 detail
  Local Outgoing Prefix Bytes tag Outgoing Next Ho
  tag tag or VC or Tunnel Id switched interface
  18 17 192.168.254.0/24 752551 Gi3/12 192.168.2
  MAC/Encaps=14/18, MRU=1500, Tag Stack{17}
  00097CA3293000127FCDBA808847 00011000
  No output feature configured
  Per-packet load-sharing
  WHEN BOTH LOCAL AND OUTGOING TAG, CANNOT PING EITHER WAY !!!
  HAVE LABEL PROTOCOL AND LOOPBACK FORCE on AS5350
  HAVE LABEL PROTOCOL ON 7609
  WHEN ADD LOOPBACK FORCE on 7609 , CAN PING BOTH LOOPBACKS,
  BUT OUTGOING TAG DISAPEARS
  cnibhco112#PING 192.168.254.2
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 192.168.254.2, timeout is 2 seconds:
  Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
  cnibhco112#sh tag-switching forwarding-table 192.168.254.1 detail
  Local Outgoing Prefix Bytes tag Outgoing Next Hop
  tag tag or VC or Tunnel Id switched interface
  17 Untagged 192.168.254.0/24 598678 Fa0/0 192.168.230.162
  MAC/Encaps=0/0, MRU=1504, Tag Stack{}
  No output feature configured
  Per-packet load-sharing
  cnibhco112#
  mpls label protocol tdp
  tag-switching tdp router-id Loopback0 force

• Performance end to end testing and comparison between MPLS VPN and VPLS VPN

  Hi,
  I am student of MSc Network Security and as for my project which is " Comparison between MPLS L3 VPN and VPLS VPN, performance monitoring by end to end testing " I have heard a lot of buzz about VPLS as becoming NGN, I wanted to exppore that and produce a comparison report of which technology is better. To accomplish this I am using GNS3, with respect to the MPLS L3 VPN lab setup that is not a problem but I am stuck at the VPLS part how to setup that ? I have searched but unable to find any cost effective mean, even it is not possible in the university lab as we dont have 7600 series
  I would appreciate any support, guidence, advice.
  Thanks
  Shahbaz

  Hi Shahbaz,
  I am not completely sure I understand your request.
  MPLS VPN and VPLS are 2 technologies meant to address to different needs, L3 VPN as opposed as L2 VPN. Not completely sure how you would compare them in terms of performance. Would you compare the performance of a F1 racing car with a Rally racing car?
  From the ISP point of view there is little difference (if we don't want to consider the specific inherent peculiarities of each technology) , as in the very basic scenarios we can boil down to the following basic operations for both:
  Ingress PE impose 2 labels (at least)
  Core Ps swap top most MPLS label
  Egress PE removes last label exposing underlying packet or frame.
  So whether the LSRs deal with underlying L2 frames or L3 IP packets there is no real difference in terms of performance (actually the P routers don't even notice any difference).
  About simulators, I am not aware of anyone able to simulate a L2 VPN (AtoM or VPLS).
  Riccardo

• MPLS from a customer view

  Scenario: I have thirty locations with one data center and one dr site. Each location has two pvcs. One for the data center one for the DR site. Question: If we switch to a MPLS network. It would be transparent to the because the router at each location would be a CE router or non-LSR. The provider would handle all the MPLS configuration. I hope this make sense.

  Yes, you are absolutely right.
  When we deployed MPLS at our domain, nothing had to be done at the CPEs. No changes had to be done at the CPEs templates. To our customers it's transparent the way we do packet forwarding. They don't have any idea that we do label switch instead of layer 3 forwarding.
  If you are moving to a MPLS-enabled carrier, you may contract a MPLS-enabled VPN service. With that you may have just one pvc at each site (if you need save some $$), or you may ask for a active & backup/standby pvc scheme. MPLS give to network administrator all flexibility to deploy any kind of connectivity request.
  Yours Truly.
  Murilo Pugliese.

• MPLS in the Enterprise

  Has any had any experience with using MPLS in the Enterprise? I would like to use MPLS to segment the different parts of my network. I basically have 4 different user bases at remote locations and several others including development in the corporate areas. I would like to use MPLS between all of my sites and basically have my current router act as the PE with the different interfaces be different sudo customers. Then once I have this set up I can use a firewall to touch each MPLS vrf to redistribute networks to the other networks so it appears that it is one big network but I then would have a single location to be able to administer policy and rules as to who can talk to who. I would like to hear if any one has done this and what problems and or benefits they received from doing this approach. I know it may seem like over kill but it would give me a definitive answer to say yes an out break of a virus on one segment would not be able to affect another vrf if they rules and what not were in place.

  Hi there,
  we run three sites with a pair of 7200 PE's at each site. This allows us to get our security partioned networks to all three sites very cost effectively.
  But beware, setting up basic VPN's is relatively easy compared to setting up tunnels and traffic engineering.

• Centralize internet access in MPLS VPN

  Can i implement Centralize internet access (the Hub CE Router to performs NAT) in cisco MPLS VPN solution?
  If so, is there any example about that? i can't find it at CCO~
  Thanks a lot~

  If you run dynamic routing protocol in PE-CE,like rip2,ospf,bgp,do the following task.
  1:set a default route in HUB CE;and generate the default route under its dynamic protocol.
  2:in other CEs, make sure they can learn this route.
  If you run static route and vrf static route between CE and PE,do the following task.
  1.set default route in HUB CE, and set default route in other CEs.
  2.In all PEs,redistribute the connected and static rotues to address-family ipv4 of customer vrf.
  3.set the customer vrf default route in all PE which connected your all CEs.
  Note: make sure all PEs can reach the GW address of vrf deafult route. GW IP address is the interface of which HUB CE towards PE.
  command: "ip route vrf 0.0.0.0 0.0.0.0 global.
  TRY

• Hotline is not working after migrating to MPLS

  Hi,
  I am facing one new problem, after migrating with MPLS link my customer not able to make calls. If he connecting to Leased Line then its working(OLD LINE). In data also we faced same problem, after removing the TCP Compression then only data also start to work. If any body aware of this type of problem can you please help me.
  Regards,
  Sunish

  The warranty entitles you to complimentary phone support for the first 90 days of ownership.

• Need suggestion whether to use ATM or MPLS in DSL implementation

  Presently i am working in ISP, and we are providing internet access via simple dialup, ISDN and IVS. and now we want to implement DSL i ve talk with few peoples regarding whether to use ATM or MPLS in DSL implementation but because they are solution providers so i think they are giving me expensive solution. as long as i know about this is,whole world is shifting from ATM to MPLS Technology. ATM implementation cost is very high. so i need suggestion from u because you also have practical exposure.

  I believe ATM is soon getting obsolete...

• MPLS TE equal or unequal load balancing doesn't work?

  Dear Sir!
  I've two MPLS TE tunnels from one PE to another PE.
  And there are traffic share count between them
  (as tunnel mpls traffic-eng load-share command define).
  But in real life all traffic from the same source to the same destination go through only one tunnel
  (as CEF define - i.e. how sh ip cef exact-route says).
  PEs are 3660 platforms with c3660-jk9o3s-mz.123-8.T
  installed.
  How can I correct this problem?
  Best regards,
  Maxim Denisov

  Dear Sir!
  I'm agree with you as MPLS TE tunnels are opened from PE to PE, so CEF does it work.
  But if I open this tunnels from P to PE, ONLY ONE of this tunnels are used instead of load-sharing, if traffic go from one source (of site1 of VPN1) to the same destination (located at site2 of VPN1).
  Why? Packet through P-devices swithes by labels, so I mean that CEF cannot does src-dst load sharing?
  My problem are that I must to do load sharing between this two tunnels in the case above.
  Q: How can I solve this problem?
  Best regards,
  Maxim Denisov

• MPLS TE equal or unequal load balancing doesn't work? - step2

  Previous question in thread:
  Dear Sir!
  I've two MPLS TE tunnels from one PE to another PE.
  And there are traffic share count between them
  (as tunnel mpls traffic-eng load-share command define).
  But in real life all traffic from the same source to the same destination go through only one tunnel
  (as CEF define - i.e. how sh ip cef exact-route says).
  PEs are 3660 platforms with c3660-jk9o3s-mz.123-8.T
  installed.
  How can I correct this problem?
  But this answer does not solved my issue:
  hritter - Network Consulting Engineer, CISCO SYSTEMS, CCIE
  Aug 4, 2004, 7:20am PST
  This is expected behavior since CEF is used at the head end to perform label imposition. I wouldn't recommend changing the default bahavior to per=packet loadsharing since this could lead to of of sequence packets, which could lower the overall performance.
  Hope this helps,
  so my secound question:
  Dear Sir!
  I'm agree with you as MPLS TE tunnels are opened from PE to PE, so CEF does it work.
  But if I open this tunnels from P to PE, ONLY ONE of this tunnels are used instead of load-sharing, if traffic go from one source (of site1 of VPN1) to the same destination (located at site2 of VPN1).
  Why? Packet through P-devices swithes by labels, so I mean that CEF cannot does src-dst load sharing?
  My problem are that I must to do load sharing between this two tunnels in the case above.
  Q: How can I solve this problem?
  Best regards,
  Maxim Denisov

  The per session load-balancing is also used by MPLS when multiple paths are available. Changing this behavior to per-packet is still not recommended.
  Hope this helps,

• Path Selection for Routes Across MPLS Network

  Customer hub site has two CE routers with two links connected to two seperate PE routers in the Carrier's MPLS network. At the customer's remote site one CE router on a single link is connected to PE router in MPLS network.
  How can I configure the CE routers at the hub site to advertised the same network across the MPLS network to the CE router at the remote site? Also, how can I configure the CE router at the remote site to select on of the router as the primary and the other as secondary? Can I use local-preference on the CE router at the remote site to selected on path over the other.
  I'm not sure if this makes any sense. Any help will be appreciated. Thanks

  Even with multiple RDs for VRFs belonging to the same VPN, you still need IBGP multipath, correct? Multiple RDs is just to get around the RR restriction.
  Also, you posted this message a while back:
  "If you have many VPN customers all using the same addresses (most likely rfc1918), the fact that they have different RDs and that the PE prepends the RD to the prefixes exchanged between PEs will make the same prefixes different in the MPLS VPN core
  cust1 advertises 192.168.1.0/24 with RD 1:1 therefore
  VPNv4 prefix is 1:1:192.168.1.0
  cust2 advertises 192.168.1.0/24 with RD 1:2 therefore
  VPNv4 prefix is 1:2:192.168.1.0"
  My test lab does not support the IBGP multipath command, and thus even with different RDs, it still only installs one best path.
  I understand that RD = make unique VPNv4 routes in SP space, and that RT = what to import into the VRF. However, I am having a hard time visualizing the scenario with mutiple RDs for the same VPN for load balancing purposes. I am trying to understand the logic behind it.
  Per your example, if both 1:1 and 1:2 are received by the remote PE, assuming IBGP multipath is enabled, why would the remote PE load balance between the two links? Why would it assume that the hub subnets are reachable via two different PEs, and that it's not two different, isolated VPNs altogether?
  Is it b/c you imported both 1:1 and 1:2 into a VRF at the remote PE?

• Urgent help need on configuring MPLS TE

  i found that CSPF is not finding other path still there is no bandwith on SPF path and tunnel1 remain down if i down second tunne2 then tunnel 1 comes up not try to use other interfaces which r free with enough bandwidth. all router have MPLS TE and RSVP.
  please read all in detail below
  my freinds i have one Q. for MPLS TE. i m using 3660 router for MPLS TE on dayanagen simulater. in this lab there is 5 routers with 512 kbp RSVP on each interface all router with MPLS TE. configure are as->
  R1 /0 ---R2 /0
  R2 ==== R3 have Two interfaces s1/1 and s1/3
  R2 /2-----R5 /2 interface connection
  R3 ---- R5 int connection
  R3 ---- R4 tunnel to R4 from R1,R2 with 300kb each
  tunnel1 on R1 to R4 with 300kb rsvp TE
  tunnel2 on R1 to R3 with 50kb rsvp TE
  tunnel1 on R2 to R4 with 300kb rsvp TE
  diagram like that below (ignore ..dots)
  R1---R2=====R3----R4
  .......I_______I
  ..........R5
  i created tunnels from R1----> R4 with 300Kb.
  second R1---->R5 with 50Kbp tunnel
  and
  on R2---->R4 tunnel with 300kbp.
  PROBLEM IS when R1 tunnel go via R2 to R4 it takes s1/1 interface with 300rsvp. means for R2 tunnel should find next interface for same destination R4 becaused there is not enough space.On one of remaining on interfaces on R2 s1/3 or S1/2 but R2-->R4 tunnel remain down. when i down R1---R4 tunnel R2--R4 tunnel comes up on same interface. NOW when i up R2 tunnel first and later R1. then same thing again R1 down and wait for R2 tunnel to go down.then up on same interface. if u see there is still two path r free to go R4 on R2
  1. R2 s1/3 ----> s1/3 of R3
  2. R2 s1/2 ---->s1/2 of R5 with both 512 kb RSVP
  there is using R2 s1/1 for tunnel
  why not with help of CSPF it takes other path when 512 link is also free on R2 router to same destination??? its on dyanamips is it can problem with simulater.
  it means that on R2 using SPF path for R4 for both tunnel and not trying to find other CSPF path thats why my two interfaces are free with 512kbp RSVP on same router R2. why not CSPF using other remaining path. and down one of tunnel because of there is no space on tht s1/1 interface........
  PLZZ ANSER ME I NEVA USE MPLS TE B4
  thanks in advance!

  sorry m8 for late reply i had sort the problem. it occur because i was using 4 router now when i used TE with 12 router on daynagen it is working fine.
  Question
  now i have one question. i am trying to use TE with MPLS VPN site to site. as you know site to site MPLS VPN send traffic both way from R1 to R2 and R2 to R1.
  but if i create MPLS TE tunnel1 on R1 to destination R2 then all traffic from R1 will go via tunnel1. but traffic from R2 wil go to R1 via normal route becasue tunnels is one way onli can see on R1
  that means i have to create tunnels at both end in opposite directions. please reply me.
  MPLS VPN site to site between R1 --- R2 have to create tunnels for both direction because tunnel work in on way?
  R1 ---->R2 tunnel1
  R1<-----R2 tunnel2
  thanks