On Sat, Jul 28, 2001 at 08:25:39PM -0400, jlewis@lewis.org wrote:
> On Sat, 28 Jul 2001, Eric Osborne wrote:
>
> > What do 'show ip route vrf <foo>' show you on PE1 and PE2? Or 'debug
> > ip {icmp|packet}' on the CEs to see if you're getting the pings? Can
> > you ping from PE1 to PE2 within the vrf?
>
> show ip route vrf <foo> showed all the routes were being propogated. It
> looks like neglecting to set tag-switching mtu 1520 on the ethernet
> interfaces connecting PE1 and PE2 was the problem. When doing a ping from
> CE3 to CE1 with a size of 1500, and debug ip packet on CE1, I could see
> CE1 receiving the echo requests as fragments that added up to 1520, and it
> claimed to be sending responses, but it's PE seemed to be dropping the
> replies. I think I understand why a >1500 octet packet wouldn't make it
> through without some special config to handle large packets...but why
> did I run into the same problem with ~100 byte packets?
offhand, NFC. What's the MTU or IP mtu of the interface?
>
> With the addition of 'tag-switching mtu 1520', my test network works now,
> so now I have more questions :)
>
> Due to MPLS making the packets potentially bigger than lots of the
> interface MTU's on our network, I assume all core routers between MPLS VPN
> PE's will have to at least support 'tag-switching ip' and have
> 'tag-switching mtu 1520' on interfaces that will send/receive MPLS VPN
> traffic. Is that so? In the example at:
> http://www.cisco.com/warp/public/105/mpls_vpn_basic.html
> why is the tag-switching mtu only set in Pomerol's config and none of the
> others?
>
"If a tagged IP packet exceeds the MTU set for the interface, the
Cisco IOS software will fragment it. All devices on a physical medium
must have the same protocol MTU in order to
operate."
so assuming that all traffic entering your network is at most 1500
bytes (i.e. everything comes in via dial or ethernet, you don't have
GigE hosts sending out 9k frames or any FDDI/TokenRing-attached
hosts), you only need this command on intefaces with a 1500-byte MTU.
Ethernet, FastEthernet, and Serial are the only ones that come to
mind.
> What tricks will we need to support MPLS VPN CE's connecting to our
> network via DSL (PPPoverATM or l2tp) which would normally show up as
> virtual access interfaces on 3640's with IMA-T1 cards? Are there ways to
> put the virtual interface in vrfs via radius attributes?
whooo..that's an access/dial question, isn't it? excuse me while my
eyes cross and I mumble incoherently...:)
The short answer is yeah, this is possible. As I understand radius,
you can send the VHG per-interface commands; just send 'ip vrf <x>'
based on authentication data. But of course you need to be wary of
the "is it supported?" dance. Lemme go ping some folks, or let's see
if Siva knows. :) What code version are you looking at?
eric
>
> --
> ----------------------------------------------------------------------
> Jon Lewis *jlewis@lewis.org*| I route
> System Administrator | therefore you are
> Atlantic Net |
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
>
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:47 EDT