MPLS / VRF

Hello,
how is it possible that VRF can be routed from one site to another site by the core routers?
It is clear that the VRF must be configured and each interface is to be assigned.
In addition, the IGP / redistribution between PE-CE and MP-BGP is to be configured.
I found the following configurations in the documentation to configure the PE-Routers in the Core:
(Configuring MP-BGP):
PE 1:
router bgp 1
x.x.x.x neighbor remote-as 1
x.x.x.x neighbor update-source loopback0
address-family vpnv4
neighbor x.x.x.x activate
x.x.x.x neighbor send-community Both
exit-address family
PE 2:
router bgp 1
x.x.x.x neighbor remote-as 1
x.x.x.x neighbor update-source loopback0
address-family vpnv4
neighbor x.x.x.x activate
x.x.x.x neighbor send-community Both
exit-address family
What additional commands are required that a router from one location can ping a router to another location in the same VRF successful?
Thanks for your help!

Hello, 
From the above configuration it looks like that you have configured MP-BGP. This is important for VRF to VRF communication over MPLS enabled backbone (MPLS VPN) since  MP-BGP propagates virtual routing and forwarding (VRF) reachability information to all members of a VPN community. MP-BGP peering must be configured on all PE devices within a VPN community. 
Below are 2 links which clearly suggests what all things are required for VRF to VRF communication and reason for it. 
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/15-mt/mp-l3-vpns-15-mt-book/mp-bgp-mpls-vpn.html
http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/13733-mpls-vpn-basic.html
HTH,
Nikhil 

Similar Messages

  • Should Wireless be in its own MPLS VRF?

    Hi,
    I already have an answer I like on this one, "YES!".
    Unfortunately I don't live in Mike-land while I'm at work. I need some reference architectures or authoritative security guides that explain why this is a best-practice, (at least where MPLS VRF's are available for use).
    My short list of reasons is:
    - More refined segementation
    - Easier standardization practices and associated documentation for tier I/IIs support staffs
    - Easier to trouble-shoot when route tables are differentiated, (wireless VRF's and wired VRF's)
    - Easier to observe and isolate traffic, (at firewall or router) in case of security breach
    ...I could go on.
    Any good documentation on this out there?  I can't find much.
    Any help appreciated,
    M.

    As Malcolm says, don't partition. You have a relatively small drive and partitioning will cramp OSX which needs a lot of free disk space to run optimally. The only reason I can see to put OSX on its own partition is if you want to have multiple copies on a computer. The other reason to partition is for convenience in making backups but that's going beyond your immediate question.

  • Full internet routes in MPLS-VRF

    hi~ all
    I just have some confused , whether it's good way load full internet routes in MPLS VRF , which there's no any service routing in core network but topology routing . but there's dual upstream ISP connecting ASBR , I'm afraid if I load these two full internet routes into VRF on 7600 , is it possible ? does it take so long time for loading routes in VRF ?
    could someone give me some proposal about it or some experience about internet routes in VRF , thanks.

    Its not a good practise to load all the internet rouetes in the vrf. Do use vrf leaking. For this create a vrf of named internet which will be loaded with the default route and export that route with the rd and mport that route in your particular vrf. With this you will be having only 1 route in the vrf.
    regards
    shivlu

  • MPLS VRFs and DMVPN

    Hello,
    we try to build a DMVPN Solution and try to integrate this solution into our MPLS network.
    Can anybody give me some informations about DMVPN and MPLS VRF configuration.
    Thanks
    Peer

    Try this link, might help http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110ba1.html

  • Carrying CLNS inside MPLS VRF

    Is there a way to carry CLNS traffic inside MPLS VRF?

    To configure a router running Intermediate System-to-Intermediate System (IS-IS) so that it floods Multiprotocol Label Switching (MPLS) traffic engineering (TE) link information into the indicated IS-IS level, use the mpls traffic-eng command in router configuration mode

  • MPLS Vrf opsf interfaces not working

    P/PE router VRF ospf interfaces unable to receive or advertised routing to and from CE router.
    Config attahced.
    Routes from PE VRF nortel shld be forwarded to CE router
    So are routes from CE 50.50.50.0 network
    Any ideas?

    Hello,
    Looks to me as if you did not start the ospf process in the VRF. So adjust the config according to:
    interface Serial2/0
    description MPLS VRF 1:1 connection to Cisco 2611 PPP
    ip vrf forwarding nortel
    ip address 200.0.30.1 255.255.255.0
    encapsulation ppp
    clock rate 128000
    interface FastEthernet4/0
    description MPLS connection for vrf Nortel 1:1
    ip vrf forwarding nortel
    ip address 70.70.70.1 255.255.255.0
    duplex auto
    speed auto
    no router ospf 1
    router ospf 1 vrf nortel
    network 200.0.30.0 0.0.0.255 area 0
    network 70.70.70.1 0.0.0.0 area 0 !In case you want OSPF over this interface as well
    With the current config I would assume that you do not see an OSPF adjacency on the CE.
    Hope this helps! Please rate all posts.
    Regards, Martin

  • QoS MPLS VRFs

    Hi guys,
    we are creating a new  MPLS cloud with the following VRFs: VRF- Voice, VRF- Data and VRF - Citrix.
    My question is: is VRF traffic indepedent from other VRFs (talking about QoS) or I have to request to my MPLS provider to apply QoS?
    I would like to have 3 Levels of QoS: Voice, Citrix and Data (that matches with the VRFs).
    So it is QoS needed on the MPLS Provider side to increase my traffic performance for voice and Citrix?
    Thank you very much for your help.
    Jordi

    Hi Jordi
    You will need to have QOS configured for all the VRFs separately because of two main reasons:
    1. Creating a VRF doesn't guarantee that you will get priority.
    2. After the traffic enters the Service Provider backbone its all MPLS traffic and many customers share the same backbone, so to have an effective treatment of your traffic you will need to define proper QOS.
    Regads
    Vivek

  • MPLS VRFs hanging routes

    Hi all,
    We've a cell-based MPLS network (based on BPX 8600/LSC 7200 acting as the P and MGXs with RPMs acting as the PEs and connected with E3s to the BPX).
    On those PEs...we're running MPLS VPNs for our customers and there're 2 PEs acting as Route Reflectors for all the other PEs for reflecting the MP-BGP routes for the VRFs.
    The problem is that with any RPM reloads or any interface flapping or without any reason....all of a sudden we found that a VRF customer that has for example 2 branches....one of them connected to POPX and the other branch connected to POPY complaining that there's no connectivity bet the 2 branches although when issuing the command " sh ip route vrf Customer AAA " on the PE of POPX we found that the IBGP routes of the other branch are present in its VRF routing table.....but still the 2 branches cannot ping each other.
    The same problem may be repeated for all VRF customers connected bet those 2 POPs and aren't solved except when issuing the command on the PE of POP X "clear ip route (lpbk add of the PE in POPY)"
    After that command....everything is OK and the 2 branches can ping each other without problems.
    After some investigation...we found that this problem is due to an LSC bug....the suspected bugs were CSCea21665 and CSCea74222 and the workaround for those bugs are "clear ip route (Remote PE lpbk add)"
    As listed in those bugs also that the fix for them is in IOS 12.2(15)T05 and higher....so we upgraded our LSC from ver 12.2(8)T4 to the latest
    12.2(19).
    Unfortunately we found that the problem is not yet solved and still the same syptoms appers for the VRFs.....and that mean that upgrading the IOS ver for the LSc is not enough and there's a step yet missing for avoiding that fatal problem.
    So has anyone faced this problem before ??? and if yes what were the steps done to avoid it other than the famous workaround "clear ip route (Remote PE lpbk add)"???

    Mohamed,
    I red your problem, because I'm interested on all the WAN switching staff.
    Look at bug CSCea21665 on CCO, the fix is not integrated in 12.2 main line, so you have to go to one of the following minimum IOS 12.2(15)T05, 12.2(17.6)S, 12.3(1.9), 12.3(1.9)T, 12.0(25.3)S01, 12.2(11)T09, 12.2(15)ZK, 12.3(2.3)B, 12.2(15)ZK01.
    Look at Bug CSCea74222, it's fixed in
    12.2(15)T03, 12.3(1.5), 12.3(1.5)T, 12.2(17.3)S, 12.2(15)ZK, 12.3(2.3)B
    From that two bugs, do not use 12.2 main line, the fix is not integrated.
    Don't use 12.3, it's to new ;-))
    I would recommend 12.2(15)T05 or higher, that means 12.2(15)T07
    Than you shouldn't see the problem again.
    regards
    Dietmar

  • MPLS VRF Routes Leaking

    I am designing network to deploy MPLS L3 VPN services for 2000+ branch locations of 1 customer.
    Cisco 7600 series router is used as PE along with FWSM that points towards Global Routing Table (Internet Gateway).
    Customer is requiring the access for internet along with VPN services to all the 2000+ locations.
    What is the best solution to prefer that meets the requirements & also avoids the security loopholes ?

    you could do one of the following ways to implement Internet access for L3 MPLS VPN
    1. using a separate PE interface in global routing table: in this case the FWSM and an interface in the PE/PEs will require to be in the the global routing table to have the Internet access and then you can inject that route to the VRF/VRFs
    2. Internet access using route leaking between VRFs and the global route table: by using this method you will need to configure a static default route with a next hop as an Internet gateway in your case the FWSM, reachable through the global routing table, this VRF default route need to be injected/redistributed in  the PE-CE routing (MP-BGP) to provide the outbound Internet connectivity to your  VRFs.
    inbound traffic from Internet will require either NATed VRF or a static routes from the global routing table points to the VRF interface
    3. the other method is the used of shared service: with this method you need to put the Internet service FWSM in its own VRF then you can control the import and export between the Internet VRF and other VRFs through import/export of the VRFs route-target values
    good luck
    if helpful Rate

  • IOS Upgrade originating from a MPLS VRF

    What is equivalant MPLS "copy tftp flash" command to copy an image from a TFTP server located in a VRF? I can't get the router to pull IOS images unless the TFTP server is located in the Global Routing Table. I do realize this may be a stupid question btw... :)

    Martin,
    You are correct that the "ip tftp source-interface" command will get it to work but only for images integrating CSCea89507.
    Use the following link to find out in which images this DDTS is integrated:
    http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCea89507
    Hope this helps,

  • Problème MTU on MPLS Vrf

    Hello,
    I realize a laboratory L2 and L3 MPLS VPN.
    I use the ME-3800X. I have a problem with the MTU.
    PING 1500 byte or more between two host at each end of the network is OK
    The VRFs L3 and EoMPLS are almost OK
    But the 1500 byte or more of a VLAN interface of ME-3800 to a host outside the MPLS network is not good.
    A 64-byte ping is OK.
    The backbone-side interfaces have an MTU 1526.
    If anyone can help me, I would send you a diagram.
    Thank you

    Excuse me for being late.
    > why don't you use a simpler approach and configure a higher MTU on  all links end to end and avoid big headaches calculating the exact size  of packets >before and after n mpls labels?
    >ME3800x supports MTU up to 9800 by the way.
    >On MPLS core interfaces the more MTU the better, that's the golden rule!
    This is what I did.
    The probleme is not the MTU in the core, The problem is the return of the ping reply that are greater than 1500 bytes.
    the interface Vlan of ME-3800X sends a packet of size MTU of outgoing interface tengigabit (MTU1530).
    Once arrived  on the LAN, the packet is rejected.
    I send you a diagram as soon as possible!!!
    For EoMPLS is OK.
    One ticket is open at Cisco via my provider NextiraOne
    Cordialy,

  • Extending a MPLS VRF from a local to a remote location

    I am building a L3 MPLS network in our configuration center in Chicago.  The challenge at hand is that during user acceptance testing of all applications a group of individual will need to travel from So. Florida to Chicago and our management would like to test some/all these applications remotely.  What will be the best way to extend the VRF from one location to another.  My original thought is to request a dark fiber from the service provider and extend the CE device to our lab. 
    Any ideas....

    If you use this fiber and configure the interface of router in Chicago Center to belong a VRF the traffic work, only for this VRF. However you will not be extending your domain MPLS until the other point. Ideally, is necessary all sets to participate in the infrastructure domain and thus can configure any MPLS VPNs as necessary.
    tks,
    Fábio

  • TACACS aware MPLS VRF

    Hello,
    we are building MPLS VPN network that includes CE routers with ISDN BRI backup to MPLS VPN core, using L2TP dial-in access. Domain authentication and user authentication for CE routers are done at RADIUS server, through AV pairs which place the CE router in proper VRF.
    Question is: could this be achieved with TACACS server as well? Could TACACS server place CE routers in proper VRF? If this is not supported, is there a plan to support it?
    Thanks a lot for your help!

    Going by what I know, vrf is configured on PE. The CE doesn't have any knowledge of vrf. Am I missing something?

  • MPLS VRF configuartion on CE router

    I have following Secinario.
    CE1----PE1---P---PE2---CE1
    ---CE2
    From PE2 to CE2 there two links.
    Customer want VRF configuartion on the CE2 router on one link.
    I have confirgured the VRF in between PE2 and CE2 on one link.Also configured Rd and RT parameter in the VRF.
    I am useing BGP as routing protocol in between PE and CE.Can you please let me know should i have to configure MP-BGP in between PE2 and CE2 to carry RD and RT values from CE2 to PE2 ?

    only if you extending MPLS VPN down to your CE. MP-BGP propgates VPNv4 updates tagged with a VPN label among PE routers only.
    Normally an IGP protocol such as OSPF is used between PE-CE. You can configure OSPF in the VRF associated with the VPN and associate the interface connected to the CE with the VRF. OSPF routes can then propagate from a CE to a PE when an OSPF adjacency has formed between the two routers. OSPF adds routes to the VRF's forwarding table at the PE side with routes learned from the CE.
    see this http://www.juniper.net/techpubs/software/erx/erx50x/swconfig-routing-vol2/html/bgp-mpls-vpns-config5.html

  • MPLS VRF Management

    Hi,
    After upgrading the network to MPLS, i have some problems about the management Ps and PEs routers. I want to use "VRF Management" to manage these devices but i have no infomation how to config it.
    - For PEs i think i should use the second loopback to add to VRF admin;
    - For Ps no solution.
    Please show me some links or example useful.
    Thanks for your help

    Hi,
    To access P routers from a VRF environment you can use two scenarios:
    1) connect a P router interface to the PE in the Mgmt VRF
    2) use packet leaking.
    For managing other dveices in different VRFs:
    3) central service VPN
    Option 1) is giving you plain IP connectivity into the core and you could also connect your Mgmt LAN directly to the core. The advantage of a direct connection: you do not rely on VRF related features to be configured correctly on the access PE to connect to P (and PE) routers.
    An example: if someone deletes the Mgmt VRF, all IP addresses on all VRF interfaces in that VRF will be removed. You might end up with no connectivity even to the PE, where the "accident" happened.
    Option 2) allows access to the global routing table through a VRF. The configuration could look like this:
    ip vrf Mgmt
    rd 65000:161
    export map MgmtLAN
    route-target import 65000:162
    interface Serial0/0
    description to a P router
    ip address 10.1.1.1 255.255.255.252
    interface Serial 0/1
    description to the Mgmt LAN
    ip vrf forwarding Mgmt
    ip address 192.168.1.1 255.255.255.252
    ip route vrf Mgmt 10.1.1.0 255.255.255.0 10.1.1.2 global
    ! Assuming the core IP adresses for management are from 10.1.1.0/24 this will send packets arriving in the VRF to the P routers
    ip route 192.168.161.0/24 Serial0/1
    ! assuming the Mgmt LAN is 192.168.161.0/24 this will forward packets arriving from the P routers to the Mgmt LAN behind Serial0/1
    Option 3) central service VPN for managing devices in different VRFs
    ip vrf Mgmt
    rd 65000:161
    export map MgmtLAN
    route-target import 65000:162
    ip vrf Customer
    rd 65000:666
    route-target export 65000:666
    route-target import 65000:666 !normal customer RTs
    route-target import 65000:161 ! this will import the Mgmt LAN network
    export map MgmtLoopbacks
    ! this will ensure only management IPs will be imported into the Mgmt VRF and not all customer routes from all VRFs.
    interface Loopback161
    description PE Mgmt IP
    ip vrf forwarding Mgmt
    ip address 10.1.2.123 255.255.255.255
    interface Serial 0/1
    description to the Mgmt LAN
    ip vrf forwarding Mgmt
    ip address 192.168.1.1 255.255.255.252
    route-map MgmtLAN
    match ip address 1
    set extcommunity rt 65000:161
    route-map MgmtLoopbacks
    match ip address 2
    set extcommunity rt 65000:162 additive
    access-list 1 permit host 192.168.161.0
    !Only announce the Mgmt LAN
    access-list 2 permit host 192.168.162.1
    access-list 2 permit host 192.168.162.2
    access-list 2 permit host 192.168.162.3
    ! list the Loopback IPs of devices to manage
    From a routing point of view you would need to make sure to route all required IPs with BGP and IGP in the Mgmt environment, as well as the core.
    Hope this helps! Please use the rating system.
    Regards, Martin

Maybe you are looking for

  • Insert filename in Pages document

    When I was working with Word for Windows there was an insert feature that allowed me to insert the path and filename in my documents. Very helpful since I do a lot of correspondence and keeping track of letters can get hectic. I've looked high and lo

  • BAPI_PO_CHANGE Sub-contracting PO

    Hello experts, we are using BAPI_PO_CHANGE to change the Item Category of a material in a purchase order to L (sub-contracting) when we do we receive the error message in the BAPI u201CNot possible to determine any componentsu201D due to the fact the

  • Abap WebDynpro: Table Maintenance Generator ??

    ...in ABAP Dictionary there is a tool for generating Table Maintenance for classical "Screen Painter" Dynpro. Is there (or will there ever be?) a similiar tool for generating Table Maintenance for WebDynpro ?

  • Ipod with doc suddenly is unable to be seen by Itunes or Mac

    I have a 15G Ipod that was working fine up until a couple of weeks ago. I suspect that it was just about the time that my OSX upgraded to Itunes 7.02, but I can't say for sure. Now the ipod will not mount on the mac/ I have tried on my powerbook 500

  • Lightroom 4.1 RC2 (1:1 previews, slow editing large files, stops working)

    I am running win7 64 bit with 12GB RAM and installed  Lightroom 4.1 RC2. 1) I am (trying) to edit large panoramic files, and the 1:1 preview images do not seem to be saved from session to session. Images take quite a while to load in Library and even