On Sat, 28 Jul 2001, Eric Osborne wrote:
> What do 'show ip route vrf <foo>' show you on PE1 and PE2? Or 'debug
> ip {icmp|packet}' on the CEs to see if you're getting the pings? Can
> you ping from PE1 to PE2 within the vrf?
show ip route vrf <foo> showed all the routes were being propogated. It
looks like neglecting to set tag-switching mtu 1520 on the ethernet
interfaces connecting PE1 and PE2 was the problem. When doing a ping from
CE3 to CE1 with a size of 1500, and debug ip packet on CE1, I could see
CE1 receiving the echo requests as fragments that added up to 1520, and it
claimed to be sending responses, but it's PE seemed to be dropping the
replies. I think I understand why a >1500 octet packet wouldn't make it
through without some special config to handle large packets...but why
did I run into the same problem with ~100 byte packets?
With the addition of 'tag-switching mtu 1520', my test network works now,
so now I have more questions :)
Due to MPLS making the packets potentially bigger than lots of the
interface MTU's on our network, I assume all core routers between MPLS VPN
PE's will have to at least support 'tag-switching ip' and have
'tag-switching mtu 1520' on interfaces that will send/receive MPLS VPN
traffic. Is that so? In the example at:
http://www.cisco.com/warp/public/105/mpls_vpn_basic.html
why is the tag-switching mtu only set in Pomerol's config and none of the
others?
What tricks will we need to support MPLS VPN CE's connecting to our
network via DSL (PPPoverATM or l2tp) which would normally show up as
virtual access interfaces on 3640's with IMA-T1 cards? Are there ways to
put the virtual interface in vrfs via radius attributes?
-- ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:47 EDT