MPLS VPN: controlling VPN labels
Hi experts.
Is there any way to control the value of the VPN label that BGP allocates for a specific interface in an MPLS/VPN scenario?
Thank you
Michele
Found!
Feature is "VRF Aware MPLS Static Labels", IOS rel. 12.0(26)S
Thanks
Michele
Similar Messages
-
In MPLS-VPN the forward of packets based on the LFIB tabel and the first label (NextHope)
label is advertised through the LDP and the second label (VPN label) is annouced via
MP-BGP, the problem is that when i check the FIB tabel of the customer VRF i can see both labels
but when i check the customer LFIB i did't see the second label=VPN!! so is that the VPN labels stors
only in the FIB and if right how is that while the forward always based on the LFIB
kindly advice
Router#show ip cef vrf cust det
10.10.44.0/30, version 1499, epoch 0, cached adjacency to Switch1.2
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Sw1.2, point2point, tags imposed: {83 544}
via x.x.x.x, 0 dependencies, recursive
next hop x.x.x.x, Switch1.2 via x.x.x.x/32
Router#show tag for vrf cust
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
126 Untagged 10.10.52.8/29[V] 55708 Sw1.87 point2point
253 Untagged 10.10.52.4/30[V] 0 Sw1.87 point2point
263 Aggregate 10.10.52.0/30[V] 0
284 Untagged 10.230.52.0/22[V] 8616469838 Sw1.87 point2pointHello,
the command "show mpls forwarding-table vrf cust" asks for a list of all locally assigned VPN labels! As the network 10.10.44.0/30 is learned via BGP, there is no locally assigned VPN label - hence it will not show up in the LFIB.
Another explanation would be: traffic towards 10.10.44.0/30 is received from the CE in the form of IP packets. So the PE has to perform an IP lookup and that means it is the FIB´s "business" to attach labels. LFIB has nothing to do with it. As you have seen the FIB however "knows" what to do, so everything is fine - cust is happy ;-)
Hope this helps! PLease rate all posts.
Regards, Martin -
MPLS Tags not appearing on one side of new MPLS VPN
I have an already existing 6509 that is going to provide the entire MPLS routing table via route reflector to a new 6509. Here are the relevant configs:
EXISTING 6509 (Router A)
interface Loopback0
ip address 10.255.2.2 255.255.255.255
end
router bgp 23532
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.255.2.3 remote-as 23532
neighbor 10.255.2.3 update-source Loopback0
address-family ipv4 mdt
neighbor 10.255.2.3 activate
neighbor 10.255.2.3 send-community extended
neighbor 10.255.2.3 route-reflector-client
neighbor 10.255.2.3 soft-reconfiguration inbound
exit-address-family
address-family vpnv4
neighbor 10.255.2.3 activate
neighbor 10.255.2.3 send-community extended
neighbor 10.255.2.3 route-reflector-client
neighbor 10.255.2.3 next-hop-self
bgp redistribute-internal
exit-address-family
address-family ipv4 vrf CustomerA
redistribute connected
redistribute static
no synchronization
bgp redistribute-internal
exit-address-family
DAL-COLO-6509-1#show mpls ldp neighbor 10.255.2.3
Peer LDP Ident: 10.255.2.3:0; Local LDP Ident 10.255.2.2:0
TCP connection: 10.255.2.3.16271 - 10.255.2.2.646
State: Oper; Msgs sent/rcvd: 647/646; Downstream
Up time: 06:07:30
LDP discovery sources:
Vlan65, Src IP addr: X.X.X.69
Addresses bound to peer LDP Ident:
10.255.2.3 X.X.X.69 X.X.X.254 10.10.1.31
DAL-COLO-6509-1#show mpls forwarding-table 10.255.2.3 detail
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
257 Pop Label 10.255.2.3/32 22272 Vl65 X.X.X.69
MAC/Encaps=14/14, MRU=1584, Label Stack{}
001CB14458000009B6A4B8008847
No output feature configured
DAL-COLO-6509-1#show mpls ldp bindings 10.255.2.3 32
lib entry: 10.255.2.3/32, rev 4933
local binding: label: 257
remote binding: lsr: 10.255.2.1:0, label: 131
remote binding: lsr: 10.255.2.3:0, label: imp-null
DAL-COLO-6509-1#traceroute 10.255.2.3
Type escape sequence to abort.
Tracing the route to 10.255.2.3
1 69-69.netblk-66-60-69.yada.net (X.X.X.69) 0 msec * 0 msec
DAL-COLO-6509-1#
New 6509 (Router B)
router bgp 23532
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.255.2.2 remote-as 23532
neighbor 10.255.2.2 update-source Loopback0
address-family ipv4 mdt
neighbor 10.255.2.2 activate
neighbor 10.255.2.2 send-community both
neighbor 10.255.2.2 soft-reconfiguration inbound
exit-address-family
address-family vpnv4
neighbor 10.255.2.2 activate
neighbor 10.255.2.2 send-community both
neighbor 10.255.2.2 next-hop-self
bgp redistribute-internal
exit-address-family
address-family ipv4 vrf CustomerA
redistribute connected
redistribute static
no synchronization
bgp redistribute-internal
exit-address-family
Br26-COLO-6509-1#show mpls ldp neighbor 10.255.2.2
Peer LDP Ident: 10.255.2.2:0; Local LDP Ident 10.255.2.3:0
TCP connection: 10.255.2.2.646 - 10.255.2.3.16271
State: Oper; Msgs sent/rcvd: 657/657; Downstream
Up time: 06:16:40
LDP discovery sources:
Vlan65, Src IP addr: X.X.X.70
Addresses bound to peer LDP Ident:
10.255.2.2 X.X.X.10 X.X.X.14 X.X.X.5
66.60.70.18 66.60.75.252 66.60.72.65 66.60.75.81
10.10.1.40 66.60.70.17 X.X.X.17 66.60.73.161
X.X.X.70
Br26-COLO-6509-1#show mpls forwarding-table 10.255.2.2 detail
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
40 Pop Label 10.255.2.2/32 0 Vl65 X.X.X.70
MAC/Encaps=14/14, MRU=1584, Label Stack{}
0009B6A4B800001CB14458008847
No output feature configured
Br26-COLO-6509-1#show mpls ldp bindings 10.255.2.2 32
lib entry: 10.255.2.2/32, rev 40
local binding: label: 40
remote binding: lsr: 10.10.1.30:0, label: 29
remote binding: lsr: 10.255.2.2:0, label: imp-null
Br26-COLO-6509-1#traceroute 10.255.2.2
Type escape sequence to abort.
Tracing the route to 10.255.2.2
1 70-69.netblk-66-60-69.yada.net (X.X.X.70) 0 msec * 0 msec
Br26-COLO-6509-1#
Im seeing label switching coming from the old switch (which has several MPLS VPN connections already). Im not seeing anything from the new switch. OSPF is the routing protocol between the interfaces, and shows to be working fine. LDP neighbor relationship seems to be good- just tagging isn’t occurring going back toward the old switch. Any suggestions?
Thanks
GregYes- that is the problem we are trying to fix.
Br26-COLO-6509-1#sh ver
Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-M), Version 12.2(33)SXI13, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Tue 11-Mar-14 04:53 by prod_rel_team
ROM: System Bootstrap, Version 12.2(17r)SX5, RELEASE SOFTWARE (fc1)
Br26-COLO-6509-1 uptime is 1 day, 49 minutes
Uptime for this control processor is 1 day, 49 minutes
Time since Br26-COLO-6509-1 switched to active is 1 day, 48 minutes
System returned to ROM by reload at 09:20:45 CDT Wed May 7 2014 (SP by reload)
System restarted at 09:24:29 CDT Wed May 7 2014
System image file is "disk0:s72033-adventerprisek9_wan-mz.122-33.SXI13.bin"
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco WS-C6509-E (R7000) processor (revision 1.3) with 458720K/65536K bytes of memory.
Processor board ID SMG1125N74N
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
Last reset from s/w reset
5 Virtual Ethernet interfaces
154 Gigabit Ethernet interfaces
1917K bytes of non-volatile configuration memory.
8192K bytes of packet buffer memory.
65536K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x2102
Yes- we do have a Sup7303B in this switch. -
Performance end to end testing and comparison between MPLS VPN and VPLS VPN
Hi,
I am student of MSc Network Security and as for my project which is " Comparison between MPLS L3 VPN and VPLS VPN, performance monitoring by end to end testing " I have heard a lot of buzz about VPLS as becoming NGN, I wanted to exppore that and produce a comparison report of which technology is better. To accomplish this I am using GNS3, with respect to the MPLS L3 VPN lab setup that is not a problem but I am stuck at the VPLS part how to setup that ? I have searched but unable to find any cost effective mean, even it is not possible in the university lab as we dont have 7600 series
I would appreciate any support, guidence, advice.
Thanks
ShahbazHi Shahbaz,
I am not completely sure I understand your request.
MPLS VPN and VPLS are 2 technologies meant to address to different needs, L3 VPN as opposed as L2 VPN. Not completely sure how you would compare them in terms of performance. Would you compare the performance of a F1 racing car with a Rally racing car?
From the ISP point of view there is little difference (if we don't want to consider the specific inherent peculiarities of each technology) , as in the very basic scenarios we can boil down to the following basic operations for both:
Ingress PE impose 2 labels (at least)
Core Ps swap top most MPLS label
Egress PE removes last label exposing underlying packet or frame.
So whether the LSRs deal with underlying L2 frames or L3 IP packets there is no real difference in terms of performance (actually the P routers don't even notice any difference).
About simulators, I am not aware of anyone able to simulate a L2 VPN (AtoM or VPLS).
Riccardo -
With Vignesh R. P.
Welcome to the Cisco Support Community Ask the Expert conversation.This is an opportunity to learn and ask questions about concept, configuration and troubleshooting Layer 2 MPLS VPN - Any Transport over MPLS (AToM) with Vignesh R. P.
Cisco Any Transport over MPLS (AToM) is a solution for transporting Layer 2 packets over an MPLS backbone. It enables Service Providers to supply connectivity between customer sites with existing data link layer (Layer 2) networks via a single, integrated, packet-based network infrastructure: a Cisco MPLS network. Instead of using separate networks with network management environments, service providers can deliver Layer 2 connections over an MPLS backbone. AToM provides a common framework to encapsulate and transport supported Layer 2 traffic types over an MPLS network core.
Vignesh R. P. is a customer support engineer in the Cisco High Touch Technical Support center in Bangalore, India, supporting Cisco's major service provider customers in routing and MPLS technologies. His areas of expertise include routing, switching, and MPLS. Previously at Cisco he worked as a network consulting engineer for enterprise customers. He has been in the networking industry for 8 years and holds CCIE certification in the Routing & Switching and Service Provider tracks.
Remember to use the rating system to let Vignesh know if you have received an adequate response.
Vignesh might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Service Provider sub-community discussion forum shortly after the event. This event lasts through through September 21, 2012. Visit this forum often to view responses to your questions and the questions of other community members.Hi Tenaro,
AToM stands for Any Transport over MPLS and it is Cisco's terminology used for Layer 2 MPLS VPN or Virtual Private Wire Service. It is basically a Layer 2 Point-to-Point Service. AToM basically supports various Layer 2 protocols like Ethernet, HDLC, PPP, ATM and Frame Relay.
The customer routers interconnect with the service provider routers at Layer 2. AToM eliminates the need for the legacy network from the service provider carrying these kinds of traffic and integrates this service into the MPLS network that already transports the MPLS VPN traffic.
AToM is an open standards-based architecture that uses the label switching architecture of MPLS and can be integrated into any network that is running MPLS. The advantage to the customer is that they do not need to change anything. Their routers that are connecting to the service provider routers can still use the same Layer 2 encapsulation type as before and do not need to run an IP routing protocol to the provider edge routers as in the MPLS VPN solution.
The service provider does not need to change anything on the provider (P) routers in the core of the MPLS network. The intelligence to support AToM sits entirely on the PE routers. The core label switching routers (LSRs) only switch labeled packets, whereas the edge LSRs impose and dispose of labels on the Layer 2 frames.
Whereas pseudowire is a connection between the PE routers and emulates a wire that is carrying Layer 2 frames. Pseudowires use tunneling. The Layer 2 frames are encapsulated into a labeled (MPLS) packet. The result is that the specific Layer 2 service—its operation and characteristics—is emulated across a Packet Switched Network.
Another technology that more or less achieves the result of AToM is L2TPV3. In the case of L2TPV3 Layer 2 frames are encapsulated into an IP packet instead of a labelled MPLS packet.
Hope the above explanation helps you. Kindly revert incase of further clarification required.
Thanks & Regards,
Vignesh R P -
Managing Route-Map based MPLS VPN
1) How to derive the VPN information of the MPLS VPN configured using route-maps? As I understand, stitching route-maps information to derive VPN is complex as it is difficult to derive & correlate the filters tied to each of the route-maps that are tied to a VRF :(
2) Is there any MIB to get from the MIB
a) Route-maps tied to each VRF
b) What is the filter associated with each route-map?
c) Definition of each of the above filter
It would have been nice if the route-maps' name had global-significance within AS, so that we could have treated route-maps, pretty much like the route-tragets. Alas, I doubt it is :(
It should be noted here that if the MPLS VPN is configured using route targets, the VPN information derivation is fairly straight forward throught MplsVpn MIB.
So, the question is what is the simplest way to derive the MPLS VPN info given that they are configured using route-maps in BGP for labelled-route-distribution & for the pkt association with the VRFs.
Thanks,
Suresh REach CE in a customer VPN is also added to the management VPN by selecting the Join the management VPN option in the service request user interface.
The function of the management route map is to allow only the routes to the specific CE into the management VPN. The Cisco IOS supports only one export route map and one import route map per VRF.
http://www.cisco.com/en/US/products/sw/netmgtsw/ps4748/products_user_guide_chapter09186a0080353ac3.html -
Troubleshooting of MPLS VPN 2 Network
I am at service provider. A user complains on Link down issue for MPLS L2VPN Link. And i log-in to user connected PE router and run the below mentioned command.
sh mpls l2transport vc 3407
Local intf Local circuit Dest address VC ID Status
Gi0/2.3407 Eth VLAN 3407 202.148.199.106 3407 UP
Guide me in analysing the output and further troubleshooting. Define the parameters observed for o\p of a command.Hi,
The P routers do not need VRFs or VPN labels because they are only transporting the packets towards the PEs. They do this by looking at the IGP label. This label is advertised by LDP. This is sometimes referred to as BGP free core. Although you will often have BGP running for other purposes on the P router.
Daniel Dib
CCIE #37149
Please rate helpful posts. -
Configuring MPLS VPN using static routing
Hi,
I am managed to set up a BGP/MPLS VPN in a laboratory using CS3620 routers running IOS 12.2(3) with ISIS. I am thinking of using static routes among the PE and P routers instead of a IGP. Does anyone know if Cisco routers supports static configuration of LSP? I have tried but could not get it work.You can very well run MPLS with static routing in the core, as in Cisco we have to meet 2 criterias to have a MPLS forwarding Table.
1) Creating the LIB
This thing lies in having LDP neighborship netween two peers and you have Label bindings.
This is irrespective of what is the best next hop to reach the advertising peers LDP_ID.
2) Creating the LFIB
Now after considering all the Label bindings, the LDP_ID which can be reached out an interface
as a next hop, those Label bindings get installed in the LFIB.
So considering the above two points, we have to be careful in static routes
only for interfaces like Ethernet (Multiaccess Segments).
As in CEF when you give a static route pointing to an Ethernet Interface, CEF creates a
GLean Adjacency (Meaning there could be multiple hosts as the next hop on this segement, and it will glean for the right next-hop)
Now you may observe that when you give a static route only pointing to an Ethernet interface,
you LDP adjacency may come up and you may exchange the bindings with each other. But the Label Forarding Table is not created. This is bcos of this being a Multiaccess interface. And you have
Glean For it. If its a Normal WAN interface like Serial or POS, then there is no problem of
GLean and you would have a Valid Cached Adjacency.
So to avoid probelems with Ethernet interfaces you can simply specify the next-hop-ip address.
For Eg: ip route 10.10.31.250 255.255.255.255 10.10.31.226 (Without the Interface)
ip route 10.10.31.250 255.255.255.255 fa0/0 10.10.31.226 (Or with the Interface)
Only Difference in both is in the first one it has to do a recursive lookup for the outgoing interface. Otherwise both work well. And you can have static routes in your network
running MPLS.
And doing this CEF would would work as it should and you would have a Valid Cached Adjacency.
So this is applicable for Cisco devices which use CEF, including 6500 with SUP720.
HTH-Cheers,
Swaroop -
MPLS VPN without Signalling Protocol in CORE
Hi,
I heard its possible to run L3 MPLS VPN between two sites across SP core without having any Signalling protocol (TDP/LDP)enabled on the core,the only constraint is running two TE tunnels between the two PE routers connected to CE. Is it possible. Can someone explain elaborately, pls?Some more details regarding the behavior as to why LDP/TDP is not required in case of end-to-end TE tunnel between the PE's.
Using TE also the LSP is dynamically built untill and unless you are using explicitly defined TE tunnels.
Also do note that when you have TE tunnels end to end your egress PE receives the packet with the VPN label only and then takes the appropriate action as per the VPN forwarding table.
In case you dont have end to end TE tunnels you will have to enable LDP on the tunnels to carry the VPN labels untouched till the egress PE.( As in case if the tunnels are not end to end and are terminating on a P' which doesnt have any VPN information the packet would be dropped, so enabling LDP becomes a must.)
Here is a detailed document explaining the beahaviour in more detail and explains when LDP should be enabled or disabled with illustrations.
http://www.cisco.com/en/US/tech/tk436/tk428/technologies_tech_note09186a0080125b01.shtml
HTH-Cheers,
Swaroop -
Why Cat6500 PE just can only show VPN label without IGP label ?
Hi,there:
We have a couple Cat6500 as our MPLS/VPN P, PE routers. But from the following first command output, we just only can see one label (VPN lable) 339 imposed,can't see the IGP label imposed.
From the second command we can see both IGP and VPN labels (339,224 or 339,20)are imposed.
Is there anybody can point out why the first command just can only show the VPN label ?
We're using Sup720 supervisor and 12.2(18)SXF9 IOS.
6500PE#sh ip cef vrf XYZ 172.212.0.0 255.255.0.0 detail
172.212.0.0/16, version 321, epoch 0
0 packets, 0 bytes
tag information set, all rewrites owned
local tag: VPN-route-head
fast tag rewrite with
Recursive rewrite via 172.17.0.213/32, tags imposed {339}
via 172.17.0.213, 0 dependencies, recursive
next hop 192.168.131.128, TenGigabitEthernet2/5 via 172.17.0.213/32 (Default)
valid adjacency
tag rewrite with
Recursive rewrite via 172.17.0.213/32, tags imposed {339}
Recursive load sharing using 172.17.0.213/32.
6500PE#sh mls cef vrf XYA 172.212.0.0
Codes: decap - Decapsulation, + - Push Label
Index Prefix Adjacency
108775 172.212.0.0/16 Te2/5 339(+),224(+) (Hash: 0001)
Te1/5 339(+),20(+) (Hash: 0002)
6500PEHi,Martin:
Thanks for your reply.
I tried these two commands, but just only could get IGP labels(20 and 224), no way to see the VPN label(339).
Any idea ?
Jerry
6500PE#sh ip cef 172.17.0.213 255.255.255.255 detail
172.17.0.213/32, version 1080, epoch 0
0 packets, 0 bytes
tag information set, shared, all rewrites owned
local tag: 171
via 192.168.130.128, TenGigabitEthernet1/5, 11 dependencies
traffic share 1
next hop 192.168.130.128, TenGigabitEthernet1/5
valid adjacency
tag rewrite with Te1/5, 192.168.130.128, tags imposed: {20}
via 192.168.131.128, TenGigabitEthernet2/5, 43 dependencies
traffic share 1
next hop 192.168.131.128, TenGigabitEthernet2/5
valid adjacency
tag rewrite with Te2/5, 192.168.131.128, tags imposed: {224}
0 packets, 0 bytes switched through the prefix
tmstats: external 0 packets, 0 bytes
internal 0 packets, 0 bytes
6500PE#sh
6500PE#show mpls forwarding-table 172.17.0.213 32 detail
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
171 20 172.17.0.213/32 0 Te1/5 192.168.130.128
MAC/Encaps=14/18, MRU=1548, Tag Stack{20}
001A6C9F0A44001CF9B3D0008847 00014000
No output feature configured
Per-destination load-sharing, slots: 0 2 4 6 8 10 12 14
224 172.17.0.213/32 0 Te2/5 192.168.131.128
MAC/Encaps=14/18, MRU=1548, Tag Stack{224}
001A6C9F12BC001CF9B3D0008847 000E0000
No output feature configured
Per-destination load-sharing, slots: 1 3 5 7 9 11 13 15
6500PE# -
Implemting a Sprint MPLS/VPN
Hello
I'm implmenting a Sprint MPLS/VPN network. This is a point to point between two of my locations. The connection is handed of to me as a serial connection and I will be connecting to cisco 2800 on bothe ends. Does anyone have what a sample config might look like for my Cisco rotuer?
Thanks in advanceHI, [Pls Rate if HELPS]
In addition to JOE POST,
You need to configure as normal CE Router. You can handover your Network Traffic either via some DYNAMIC Routing Protocols (BGP, EIGRP, OSPF, RIP) or Static Routing at LAST MILE towards your Service Provider.
At the Service Provider Side, the Connected Interface with your CE will be added with "ip vrf forwarding " command. Where seperate Routing instance will be maintained on top of Global Routing Table. The MPLS Labels are swapped over their Backbone / partner - NNI to carry your traffic over a Label Switched Path.
For an MPLS to work, the IP-CEF will be enabled. This kind of MPLS Technology, will enable fast processing of Packets and Traffic over the Large Scale Network.
Similarly the RT & RD Values are used to distinguish the Customer Prefixes. The RT export and Import will be done at end - to - end at Service Provider Side Routers to make the HO & BO to communicate.
The CE Router will not involve any MPLS / VRF Configuration Technology.
Hope I am Informative.
Pls Rate if HELPS
Best Regards,
Guru Prasad R -
Hi,
Could you please explain me how does a VPN label specify in MPLS VPNv4 by egress PE router and progagate to ingress PE router through MP-BGP? is there any documentation which is explained in detail?
I just know egress PE router sends a label to ingress PE router through MP-BGP and that label put on the stack label by ingress PE router but i don't know the procedure of producing this label and any mapping between RT and that label.
I would be appreciate if you advice me.
Thanks.
MehrdadHere's an example:
PERouter#sh mpls forwarding-table vrf VRFName 172.16.0.0 255.255.0.0 detail
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
284 Untagged 172.16.0.0/16[V] 9093088680 AT2/0.20048 point2point
MAC/Encaps=0/0, MRU=1504, Tag Stack{}
VPN route: VRFName
No output feature configured
Per-packet load-sharing
PERouter#
The above is an entry on the egress PE router. In this case, the inner label will be 284. This router will see an inner label (in fact, this will be the outer label with PHP in operation) and will do this FIB lookup which will tell it a few things:
1. The label needs to be popped since the outgoing packet is supposed to untagged.
2. The packet needs to be sent out through interface atm2/0.20048
Hope that helps.
Pls remember to rate posts.
Regards,
Paresh. -
Injecting Global default Routes into a MPLS VPN
Hi,
I have a PE router running MPBGP which receives two default routes to the internet through an IPV4 BGP session. I need to import these routes in to a VRF and export them to different customer VRFs so that these VRFs are able to access Internet.
I have used the feature called "BGP Support for IP Prefix Import from Global Table into a VRF Table" (URL:http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00803b8db9.html#wp1063870)
and imported these routes into a VRF.
The issue is these routes are not propagated to any of the other PE routers which has customer VRFs configured.
Has anybody tried this or a similar method to inject a dynamic default route into a MPLS VPN.
Any suggestions would be highly appreciated.
Thanks
SubhashHi Subhash,
is there anything preventing you from terminating your internet BGP sessions in a VRF? Then everything should go smoothly, i.e. standard VRF import/export.
So possibility A) create a VRF Internet, move bgp neighbor commands there and use filters preventing anything but the default route, then use route targets to distribute the default route into other VRFs.
Possibility B) use static routing with packet leaking. Could look like this:
ip route vrf Internet 0.0.0.0 0.0.0.0 global
ip route vrf Internet 0.0.0.0 0.0.0.0 global 250
ip route Serial0/0 !assuming this is where the customer router connects.
Note: the BGP peer IP does not have to be directly connected! There has to be a LDP label for it though. so include your BGP peers network into your IGP and the backup will work, when you loose the link to the peer.
Hope this helps! Please rate all posts.
Regards, Martin -
I am trying to setup a basic lab. I have the following setup:-
CE1->PE1->P1->PE2->CE2. I have attached the relevant configs.
All the CE & PE routers are 2600's and the P1 router is a 7206VXR. I am running OSPF in the MPLS network between the PE & P routers. I am using ldp as the label distribution protocol. BGP is running between the CE & PE routers.
I have a couple of questions:-
1) Basic MPLS setup. I think this is working in that if i ping from the LAN side of the CE1 to the LAN side of the CE2 it works. The P1 router has no knowledge of these subnets. However a "sh mpls forwarding-table" command on the PE routers shows no bytes tag switched and yet if i do a "debug mpls packet" on the P1 router i can see the packets going through. If the P1 router doesn't know the LAN subnets then am i right to assume it must be label switching ?
2) The configs attached are to test a VPN setup. I have the MPLS & VPN architectures book and i have gone through all the show commands to troubleshoot and it all looks right. The routes are in the vrf routing table, the mpls forwarding table looks okay but i cannot ping from CE1 to CE2.
If i debug on the P1 router i can see the packets coming in with 2 labels as expected but i can't see them being transmitted.
I have done some searching and know that 2600's are not officially supported but my understanding is that the features i need are on the routers. I have tried a number of different IOS versions but to no avail.
Any help would be much appreciated
Jonthanks for your responses
1) yes it's a typo, i do have the "ip vrf forwarding NR_prod" on the fa0/0 interfaces on the PE routers.
2) Basic mpls - i meant no VPN's etc. I have ospf between the PE & P routers. I have MP-BGP between PE1 & PE2. Between the PE & CE routers i am running standard BGP.
3) All 2600 routers are 2621XM's. The IOS i am trying with is c2600-spservicesk9-mz.123-4.T4.bin altho i have also tried c2600-spservicesk9-mz.123-8.T10.bin and c2600-telco-mz.123-7.T12.bin.
4) On the 7200 i'm running c7200-p-mz.123-16.bin and have also tried c7200-p-mz.124-5.bin
5) The packet from PE1 comes into the P1 router labelled as 19/24. The mpls forwarding table on P1 has the entry
19 Untagged 81.144.17.55/32 2137750 Fa0/1 172.16.1.6
which is correct as far as i can see as this is PE2.
I have included the sh mpls output from the P1 router and a sh ver of one of the PE routers ( they are both the same ).
Once again, many thanks for your replies. -
MPLS VPN / BGP Netflow Issue
I have followed all of the configuration steps given for egress accounting with netflow on a MPLS VPN link. However, it is only showing flows coming into the router. I need to be able to account both ways- any recommendations? Config below:
interface Multilink12
mtu 1580
ip address XX.XX.XX.XX 255.255.255.252
no ip redirects
no ip unreachables
ip pim sparse-mode
ip route-cache flow
mpls netflow egress
mpls label protocol ldp
mpls ip
ppp multilink
ppp multilink group 12
ip flow-export source FastEthernet0/0/0.10
ip flow-export version 5
ip flow-export destination XX.XX.XX.XX 9996
IP packet size distribution (10730093 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .098 .645 .011 .016 .012 .009 .010 .000 .001 .000 .001 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .002 .185 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 4456704 bytes
4 active, 65532 inactive, 464700 added
6109192 ager polls, 0 flow alloc failures
Active flows timeout in 1 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 336520 bytes
0 active, 16384 inactive, 20706 added, 20706 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 7 0.0 20 233 0.0 7.0 11.3
TCP-FTP 3 0.0 1 40 0.0 0.4 1.6
TCP-WWW 5757 0.0 6 389 0.0 1.1 3.0
TCP-SMTP 7 0.0 1 40 0.0 0.7 1.6
TCP-X 244 0.0 1 54 0.0 0.0 1.5
TCP-other 304762 0.2 7 346 1.6 2.2 4.8
UDP-DNS 346 0.0 1 127 0.0 0.0 15.4
UDP-NTP 3323 0.0 1 80 0.0 0.0 15.4
UDP-other 131041 0.0 62 341 5.4 17.6 13.2
ICMP 64291 0.0 1 79 0.0 0.0 15.4
Total: 509781 0.3 21 341 7.1 5.9 8.3
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Mu12 10.50.66.218 Null 10.105.0.1 11 0675 00A1 84
Mu12 10.50.66.218 Null 10.105.19.10 11 0675 00A1 2
Mu12 10.50.66.218 Null 10.105.19.3 11 0675 00A1 4
Mu12 10.50.66.42 Null 10.105.19.10 06 0B3C 01BD 12Update on this- Im now receiving all traffic incoming into the interface, but am tracking only about 10% of the outgoing traffic- revised config below:
ip flow-cache timeout active 1
ip flow-cache mpls label-positions 1 2 3
ipv6 flow-cache mpls label-positions 1 2 3
interface Multilink12
mtu 1580
ip address XX.XX.XX.XX 255.255.255.252
no ip redirects
no ip unreachables
ip flow ingress
ip flow egress
ip pim sparse-mode
ip route-cache flow
mpls netflow egress
mpls label protocol ldp
mpls ip
ppp multilink
ppp multilink group 12
service-policy output cbwfq-voice20per
ip flow-export source FastEthernet0/0/0.10
ip flow-export version 9 origin-as
ip flow-export destination XX.XX.XX.XX 9996
Maybe you are looking for
-
Migration to 11.1.2.2 problem, ApplicationModule not found.
Hi Guys, After migrating our existing oracle ADF application from version 11.1.1.3 to the new version 11.1.2.2 we faced the below error on several screens. It seems that for different reasons we are loosing the application module without even having
-
Importing data from SQL Server
I'm relatively new to Oracle, and my question is about importing data. I have an SQL 2000 server and I export a database using Microsoft OLE DB provider for Oracle. The process finished OK but when I tried to query the tables qith SQL Plus Worksheet,
-
Is it possible to shutdown a 9i physical standby database and take a cold backup that can then be restored on the primary server and brought up as the primary db? The backup would not be an RMAN backup, but instead just an OS file system backup. Than
-
Webblogic 10.3.3 automatically shuts down on OFM Configuration :
I am confuguring OFM 11.1.1.2.0 on Weblogic 10.3.3 on Windows Server 2003. However while Confuguring the Oracle Identity Manager Components, it fails while creating the Oracle HTTP Server. It says that it cannot connect to the Admin Server. At this p
-
Pro application support 2008 05 causes dropped frame warnings! stops audio
yep. downloaded the update, everything worked fine before. nothing in the system has changed. no you can not adjust audio levels while playing back. It just stops and gives a dropped frame warning. if you click dont warn again, it still stops playing