Pseudowire over Traffic Enginnering MPLS
I think i have asked a similar question under MPLS..
But anyway has anyone used Pseudowire over Traffic Enginnering MPLS?
What i would like to do is setup the MPLS TE using OSPF, built layer 3 tunnels between sites and then use Pseudowire to extend vlans over the TE MPLS tunnels and isolate the vlans using VRF-Lite.
Advice pls..
Francisco
Hi Francisco,
You can map a PW to a MPLS-TE tunnel via the PW-class:
pseudowire-class TE
encapsulation mpls
preferred-path interface Tunnel0
interface Ethernet0/0
xconnect 1.1.1.1 10 pw-class TE
HTH
Laurent.
Similar Messages
-
Has anyone used Pseudowire over Traffic Enginnering MPLS?
What i would like to do is setup the MPLS TE using OSPF, built layer 3 tunnels between sites and then use Pseudowire to extend vlans over the TE MPLS tunnels and isolate the vlans using VRF-Lite.
Advice pls..
FranciscoHi Francisco,
You can map a PW to a MPLS-TE tunnel via the PW-class:
pseudowire-class TE
encapsulation mpls
preferred-path interface Tunnel0
interface Ethernet0/0
xconnect 1.1.1.1 10 pw-class TE
HTH
Laurent. -
Ethernet Pseudowire over IP/MPLS
Hello there,
Anyone has any case study example regarding transmitting Ethernet PW over MPLS/IP core network?
ThanksHi chris,
Here is a link gives you brilliant explanation and also exampls configuration for EoMPLS and other stuff.
In fact this is taken from the Layer 2 VPN Architectures book by Cisco Press. I found it extremely helpful. It covers both the modes RAW mode(port based) and TAGGED mode(vlan based mode)
http://fengnet.com/book/Layer%202%20VPN%20Architectures/ch07.html#idd1e13647
HTH
Kishore -
Hello All,
I have a query regarding MTU over both DMVPN and MPLS.
I have been running the following command from a windows box
ping x.x.x.x -f -l yyy (yyyy being the buffer size) and x.x.x.x being my remote hosts
I am using the same destination host and have two different paths to it. One over MPLS and one over a DMVPN.
I would have expected to be able to send packets with a higher MTU over the MPLS but for both MPLS and DMVPN the maximum packet size I can send with the DF bit set is the same (1372).
Is this normal behaviour? I though MPLS would have less overhead, so my maximum packet size would be higher in my testsDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Generally, MPLS supports an increased MTU, when adding MPLS labels, while VPN tunnels, like DMVPN, don't exceed original MTU, and so, it reduces payload space. So, normally, you should see larger ping buffer DF support across MPLS than DMVPN. However, "normal" can be very much impacted by actual device configurations, including making MTU for DF packets the same for either MPLS or DMVPN. (For example, you might want to make the two paths alike so flows that for any reason need to be redirect from one media path to the other see a consistent MTU.) -
Voice and Videoconferencing over Provider's MPLS network
We have a Callmanager 4.1(2) cluster and Unity UM at the HQ and two remote sites with around 50 IP phones each. We are also running Tandberg IP Videoconferencing units. The current IP WAN connection is P2P T1 connection. The exiting QOS configuration is based on P2P with T1 bandwidth -- We are migrating it to MCI's MPLS WAN. Does anyone have any sample configs for MCI's or other provider's MPLS QOS configurations? Or any experiences or suggestions?
Thanks!This URL might help you:
http://www.cisco.com/en/US/products/hw/modules/ps2831/products_data_sheet09186a008013155c.html -
Gre tunnel over 2 mpls routers
I have 2 sites and the voice server is in site A and Site B are the remote phones . Right now voice vlan go over the DMVPN we are facing some degraded performance and decided to move voice traffic to mpls .
We need to carry the multicast traffic as well which is not supported over our MPLS circuit. I have no idea why provider is not supporting multicast traffic over mpls circuit.
So we decided to create GRE tunnels to carry multicast traffic over MPLS .We have L3 switches on both sites Site A cisco 4500 and Site B cisco 3850 . and MPLS connectivity is reachable upto L3 core switches. With 3850 we had issue to create tunnels and i have upgraded the IOS after upgrading i came to know no more tunnels are supported on 3850. So cannot have Gre tunnel between our L3 switches over the MPLS.
My Question is can i ask the MPLS provider to setup tunnels on their routers which they are ready to help and point the static routes for voice vlan towards gre tunnels over mpls .
Can you advise any other solution or does this solution would work.?Aneesh,
Lost of connectivity between the two PEs would indeed cause the GRE tunnel interface to go down, assuming that you configure tunnel keepalives as follow:
int tu0
keepalive
Regards -
ATM over Ethernet and pseudowires
Hello.
Could somebody tell me if there is a Cisco Router that can work ATM over ethernet. This ATM circuits comming from an ethernet interface sholuld be transported as pseudowires through an IP/MPLS Backbone. Routers 12000 can do this? wich version do I need?
ThanksHi Narayan. Thank you.
I have now the following doubt. If we have the following topology:
lan-(CE)--ethe--(pe)--MPLS--(pe)--atm-(ce)-lan
Consider a lot of atm access at the right side, but we need to use only one vlan at the left side to connect all the remote atm sites.
You are telling me that we can convert the left CE in to a PE. But Can we maintain the router as a CE but terminating the ATM circuits (pseudowires) transported over one one vlan? ( atm over ethernet)
I appreciate everyting. -
Difrence between ... MPLS over Frame-Relay ATM
Hai all,
Sorry to ask very basic quiestion ..can some one tell what is the difrnce and advantage of MPLS over ATM and Frame-Relay ......pls provide me a better link ..for refrnce
Thanks in advance
LijeshMPLS over ATM or MPLS over Frame-Relay it's not good idea, because if you use cell-mode labeling, you find someone limitation at this technology. DLCI and VPI/VCI value at this protocols it's not have large space. If you know how operate cell-mode, try to look at just for sample bits length with DLCI value at Frame-Relay protocol or VPI/VCI value at ATM protocol⦠Of course you can use same cheat like VCI-merge, but I think it's not very good idea.
Building new network infrastructure at this protocols it's not good idea⦠It's good idea to fast implement MPLS technology in old network infrastructure build with this protocols (just for sample, you can linked ATM forwarding plane and MPLS forwarding plane (in this situation you can abandon to use fixed configuration VPI/VCI for IP network and can use benefits offered ATM technology with MPLS)), but not for new network infrastructure. If you need to offer services with this protocols, you can use Any Transport Over MPLS technology.
For more information look at this page - http://www.cisco.com/en/US/tech/tk436/tk798/tsd_technology_support_protocol_home.html -
Forest Trust RPC timeout across MPLS
Hi, I am having trouble setting up a Forest trust between two networks. The issue "seems" to be RPC timeout (i see RPC age-out on firewall) but i'm now wondering if it's actually the LDAP or KErberos thats failing first.
I have read that RPC needs to have the same path outgoing as incoming otherwise you can get SYN-ACK problems (especially through a firewall). So i need to try and work out why it doesnt work. It is laid out something like this.
Network 1 (domain BOB) (server 2008 R2 at domain functional level 2003)
Site1,Site2 and Site3 all connect to each other via Site-To-Site link provided by 3rd party. They all egress at Site1's ISA Firewall in a normal 3 leg perimeter config. All works fine
Network 2 (domain RITA) (server 2008 R2 at domain functional level 2003)
SiteA,B,C and D all connecto to each other over 3rd party MPLS (essentially Gig ethernet)
Site1 and SiteA are on the same premises in the same room. There is a spare NIC on the ISA server. So i configured the ISA with a NIC in the same subnet as SiteA (RITA domain) - ie i plugged RITA into BOB. I configured the ISA for routing. Allow ANY ANY
internal to RITA and ANY ANY RITA to internal
I set up conditional forwarders on both domains pointing at each other and can ping everything from the other sites. DNS is working fine. I can RDP across sites to each other's DCs. From a "network" point of view it all looks good (though in the
back of my mind i cant rule out the site to site or the MPLS links)
When i try and create the trust it fails very quickly with "Cannot Continue. The trust relationship cannot be created because the following error occurred: The operation failed. The error is: The remote procedure call failed"
I can do a portqry and see all RPC comms looks good
In ISA and another firewall i tried i can see the RPC ageing out. Have tried wireshark but hard to see whats going on
I used another server in the BOB domain and dcpromo'd it to a new domain in that subnet and tried setting up a trust. worked first time
Similarly i did the same at the RITA side and that worked too.
THere are no errors in DNS or the event logs on either side to suggest anything is failing. i tried verbose DNS logs but couldnt really follow them.
Help!! ThanksHi,
To verify if this is a network issue, please try to perform a network capture on the servers in both side.
We can use "IPv4.Address==xxx.xxx.xxx.xxx" to filter the traffic between the servers. Then compare the capture data from the servers. If all the packets have been forwarded, it should not be caused by network.
To download Network Monitor, please click the link below:
http://www.microsoft.com/en-hk/download/details.aspx?id=4865
About the question related to Directory Services, to get better help, please post your questions on the DS forum.
Here is the address:
https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverDS
Best Regards.
Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Hi all, it is just my curiousity that ended up with a small discussion like this. Here's about it...
My company has a main client which have tonnes of remote sites connecting to both their HQ and Disaster Recovery Centre. Some of the remote sites still running on frame-relay, while other is purely leased-line. There's a few question I wish I can clear up as follows:
i. When the client have frame-relay device, what we do is create a tunnel and route all the frame-relay traffic over. Is there any advantage if we change it over to MPLS?
ii. Even if comparing to leased-line services, what kind of advantages I can expect if our cliet migrate over to leased-line?
iii. If one customer is running purely on frame-relay connectivity, any difficulties will arise when they want to switch over to MPLS network?
I still never has any hands on experience on the MPLS, that's why need to gather some info in the first place, I'm currently have a glance through those MPLS guides and configuration examples, but I knew that perhaps in real-life network, things may differs, in the meanwhile I'm studying through it, hope to gather some precious opinions. RegardsHello,
Regarding answer iii: What you have to use inside the MPLS cloud is MBGP to route the customer prefixes. In your LAN however you will have an IGP like EIGRP. This means you need mutual redistribution between MBGP and your IGP. So a routing loop can occur once you have at least two pathes. An Example:
N1-CE1 - PE1 - PE2 - CE2
with: CE1 - PE1 using RIP, CE2 - PE2 using RIP, PE1 - PE2 using MBGP and a FR PVC between CE1 - CE2 using RIP
This would be the case when you migrate from FR to MPLS VPN and do not shut down FR the very moment you activate the MPLS links.
What can happen in this scenario is: CE1 is announcing Network N1 through RIP to CE2 directly over the FR PVC and also to PE1. PE1 will redistribute N1 into MBGP, send the prefix to PE2, which will redistribute N1 into RIP and send the update to CE2.
Now depending on implementation and metrics this will result in all traffic flowing over FR or MPLS (when adjusting metrics). No major problem yet.
The problem might occur once CE1 looses network N1. It will send an update directly to CE2 and to PE1 and a race condition exists. CE2 will still have one valid path to N1 learned from PE2 and announce this one to CE1, which will announce it to PE1 and then PE2, CE2, CE1 again and so on.
This is an intermittend or even persistent routing loop, depending on what you have done with hop count during redistribution.
By designing your overall routing solution carefully you can avoid this scenario.
Hope this helps! Please rate all posts.
Regards, Martin -
Hi,
Trying to build out an xconnect to follow a specific path (a longer path). I cannot get the tunnel to come up. I dont know what I missed. everything else looks ok. All interfaces are up and working, except the tunnel itself.
I've included the MPLS portion of the config, if I missed something let me know. I did enable the MPLS-TE in OSPF on the routers inbetween. I have connectivity inbetween.
Router 1:
ip cef
mpls label protocol ldp
mpls traffic-eng tunnels
mpls label protocol ldp
mpls traffic-eng tunnels
pseudowire-class 5001
encapsulation mpls
preferred-path interface Tunnel5001
interface Loopback10
ip address 10.201.1.4 255.255.255.255
interface Tunnel5001
ip unnumbered Loopback10
tunnel mode mpls traffic-eng
tunnel destination 10.201.1.2
tunnel mpls traffic-eng path-option 1 explicit name strict
tunnel mpls traffic-eng path-selection metric te
interface FastEthernet2/0
xconnect 10.201.1.2 5001 encapsulation mpls pw-class 5001
router ospf 100
router-id 10.201.1.4
mpls traffic-eng router-id Loopback10
mpls traffic-eng area 0
ip route 10.201.1.2 255.255.255.255 Tunnel5001
ip explicit-path name strict enable
next-address 10.201.1.3
next-address 10.201.1.1
next-address 10.201.1.2
Router 2:
ip cef
mpls label protocol ldp
mpls traffic-eng tunnels
pseudowire-class 5001
encapsulation mpls
preferred-path interface Tunnel5001
interface Loopback10
ip address 10.201.1.2 255.255.255.255
interface Tunnel5001
ip unnumbered Loopback10
tunnel mode mpls traffic-eng
tunnel destination 10.201.1.4
tunnel mpls traffic-eng path-option 1 explicit name strict
tunnel mpls traffic-eng path-selection metric te
interface FastEthernet2/0
xconnect 10.201.1.4 5001 encapsulation mpls pw-class 5001
router ospf 102
router-id 10.201.1.2
mpls traffic-eng router-id Loopback10
mpls traffic-eng area 0
ip route 10.201.1.4 255.255.255.255 Tunnel5001
ip explicit-path name strict enable
next-address 10.201.1.1
next-address 10.201.1.3
next-address 10.201.1.4
From router 1. Both Router 1 and Router 2 show the samething.
show mpls l2transport vc detail
Local interface: Fa2/0 up, line protocol up, Ethernet up
Destination address: 10.201.1.2, VC ID: 5001, VC status: up
Output interface: Fa1/1, imposed label stack {22}
Preferred path: Tunnel5001, no route
Default path: active
Next hop: 192.168.102.13
Create time: 00:10:13, last status change time: 00:10:13
Last label FSM state change time: 00:10:13
Signaling protocol: LDP, peer 10.201.1.2:0 up
Targeted Hello: 10.201.1.4(LDP Id) -> 10.201.1.2, LDP is UP
Status TLV support (local/remote) : enabled/supported
LDP route watch : enabled
Label/status state machine : established, LruRru
Last local dataplane status rcvd: No fault
Last BFD dataplane status rcvd: Not sent
Last BFD peer monitor status rcvd: No fault
Last local AC circuit status rcvd: No fault
Last local AC circuit status sent: No fault
Last local PW i/f circ status rcvd: No fault
Last local LDP TLV status sent: No fault
Last remote LDP TLV status rcvd: No fault
Last remote LDP ADJ status rcvd: No fault
MPLS VC labels: local 22, remote 22
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
Control Word: On (configured: autosense)
Dataplane:
SSM segment/switch IDs: 4101/4100 (used), PWID: 1
VC statistics:
transit packet totals: receive 0, send 0
transit byte totals: receive 0, send 0
transit packet drops: receive 0, seq error 0, send 0
show int tun 5001
Tunnel5001 is up, line protocol is down
Hardware is Tunnel
Interface is unnumbered. Using address of Loopback10 (10.201.1.4)
MTU 17936 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 10.201.1.4, destination 10.201.1.2
Tunnel protocol/transport Label Switching
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input never, output never, output hang never
Last clearing of "show interface" counters 00:27:10
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped outHi,
One issue what i can see is, you have mentioned loopback ips in the explicit-path not the interface ip addresses. This can not be strict path and you have to mention next-address as loose (which means router will refer IGP to reach the next-hop)
ip explicit-path name strict enable
next-address 10.201.1.1
next-address 10.201.1.3
next-address 10.201.1.4
Correct way
ip explicit-path name strict enable
next-address loose 10.201.1.1
next-address loose 10.201.1.3
next-address loose 10.201.1.4
To troubleshoot TE
- first you can remove the explicit path and try to bring it up with dynamic path, which will help to confirm that configuration is ok on all routers in the path
- i hope you have configured "ip rsvp" on all physical intrfaces.
- If with dynamic path option also link does not come up, please share output of command "show mpls traffic-eng tunnels tunnel5001
--Pls dont forget to rate helpful posts--
Regards,
Akash -
I'm trying to bootstrap myself on MPLS and ran into an unusual problem in the field.
We've got a mesh of routers setup to do tag switching amongst each other to support a few pseudo-wire MPLS point to point links for customers.
Our typical conf:
ip cef
mpls label protocol ldp
tag-switching tdp router-id Loopback0 force
int FastEthernet0/0
description WAN link
ip address 1.2.3.1 255.255.255.252
mpls label protocol ldp
tag-switching mtu 1532
tag-switching ip
int POS1/0
description Another WAN link
ip address 1.2.3.5 255.255.255.252
mpls label protocol ldp
tag-switching ip
int FastEthernet 2/0
description Non MPLS Cust Facing
ip address 10.10.0.1 255.255.255.0
int FastEthernet 2/1
description MPLS Pseudowire Cust Facing
mpls l2transport route 1.2.3.253 10101
Now, it was my understanding that the tag-switching mtu statement is only for tag-switched packets, untagged IP uses the interface's default mtu of 1500 if not otherwise adjusted. Someone removed the tag-switched mtu 1532 statement off a couple WAN links, and both MPLS and non pseudowire tagged traffic were affected. There was still basic L2/L3 connectivity, but larger IP packets were being dropped.
The observed behavior implied to me that all packets were being tagged, and reading up on the tag-switching command reference re-enforces that assumption. Dropping down to the lab, doing a ping between two routers with tag-switching setup and ldp neighborship established, neither echo requests or replies are tagged.
Where is the hole in my understanding of how this works?Your understanding is correct. By default LDP will allocate and advertise label for all prefixes and all traffic will be therefore label switched. You need to configure label filtering if you only need certain prefixes to have labels assigned and advertised by LDP.
Here's a brief example where only loopback addresses for the routers hosting the pseudowires are advertised.
no tag-switching advertise-tags
tag-switching advertise-tags for 1
access-list 1 permit 192.168.100.0 0.0.0.255
This same configuration need to be applied for all LDP enabled routers. It will only allow label advertisement for prefixes in the 192.168.100.0-192.168.100.255 range.
Regards -
Hi
just want to know how and what is the best way to route traffic over Inter-AS MPLS-TE using Option B for L2VPN and L3VPNSorry, my bad.....just tested this and it wont work. The reason I see is that the VPNv4 label changes at ASBRs during advertisement, but in data-plane the VPNv4 label is never changed at ASBR due to MPLS-TE transport label on top causing the remote-PE to drop traffic.
I think it would only work if PEs in different AS can exchange VPNv4 routes directly, rather than through ASBR.
Regards,
Amit. -
MPLS TE tunnel autoroute announce metric in SPF computation
Hi, I have a doubt whether MPLS TE tunnel metric is taking into SPF computation when the tunnel has "autoroute announce" configured.
From the book "MPLS traffice enginnering" written by Osbourn, IGP SPF computation is always performed before tunnel metric is modified, I found this is only true if IGP is ISIS, but if IGP is OSPF, tunnel metric specified by "autoroute metric" will always be taken into SPF computation, a.k.a, if tunnel metric is configured to be less than underlying IGP metric, a suboptimal routing will always happen to destination routers that are in between tunnel head and tunnel tail.
Any idea why there is a inconsistent behavior between OSPF and ISIS SPF computation? or I missed anything?Hi,
You're right. There is a different behavior between OSPF and ISIS on how they handle the autoroute metric feature.
ISIS: TE tunnel metric is not taken into account during SPF computation.
OSPF: TE tunnel metric is taken into account during SPF computation.
So playing with this feature can change the SPT if your IGP is OSPF.
The difference seems coming from the SPF implementation of OSPF and ISIS
HTH
Laurent. -
Hi,
We have several branch offices connected via a managed MPLS network. Each MPLS router in the branch office is connected to the local LAN switch, with its separate firewall and internet access router. How do we direct traffic from the local network (unmanaged) to the private IP addresses in the MPLS network (managed)? Can static routes be configured on the ASA5505 firewall to route traffic to MPLS router?
ISP router>local router>ASA5505 firewall>LAN switch>MPLS router>MPLS cloud.Said
Is the LAN switch layer 2 only or layer 3 capable. If you do not have access to the MPLS router you have 2 options
1) Add a route on the ASA for the private MPLS networks pointing to the MPLS router. You will need to enable hairpinning on the ASA.
Set the default-gateway of the clients on your LAN switch to be the ASA.
2) If your switch is a Layer 3 switch then you can do this in a much cleaner way. Create the L3 vlan interface(s) for the client vlan(s) on the switch and then you can use statics on the L3 switch eg.
ip route 0.0.0.0 0.0.0.0 "ASA inside interface"
ip route "MPLS private net" "subnet mask" "MPLS router inside interface"
Jon
Maybe you are looking for
-
Error: Class java.util.ArrayList not found in import
Bear with me, I'm learning. That's part of the problem. I'm trying to teach myself JSP using a book based on Tomcat, but running it on an Oracle 9iAS server that I don't control. (The DBAs do that.) I'm running into constant problems compiling and us
-
My iphone 4 has been locked and it shows the message as follows: "iphone is disabled please try after 15 minutes" and i don't remember the password
-
Cant find the little fox in the left hand corner
i cant find the little fox in the bottom left hand corner == This happened == Every time Firefox opened
-
I downloaded two songs from the lottery music store onto my iPhone 3 and played part of both of them and now I don't know where to find them? Please help me
-
Mainstage Starter Templates Not Loading
After updating to 2.1, I noticed the "Starter Templates" are not loading. I have reinstalled all Mainstage content but still not functioning. Any ideas? Thank you.