[c-nsp] Aggregate label not generated

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Thu Jun 19 05:10:55 EDT 2008 

Pshem Kowalczyk <mailto:pshem.k at gmail.com> wrote on Thursday, June 19,
2008 10:23 AM:

> Hi,
>>> The question here is why is there no label on PE1 at all? It has a
>>> locally connected interface that gets into bgp using a network
>>> statement - it should generate a label for it. Unless I'm completely
>>> wrong here ...
>> 
>> right, PE1 should generate a label, possibly a bug related to the 0/1
>> prefix. Do you see a lable generated for the 128/1?
> 
> 
> There is a label for the 128/1.

Ok. And does traffic towards prefixes in the 128/1 work, i.e. is
correctly forwarded from the 28xx to the 6500 and back via the MPLS
cloud to another PE?

>> Regarding your overall idea/approach: My gut doesn't like it ;-) in
>> the older LFIB infrastructure (i.e. pre-12.2SB/33S/some-other),
>> packets coming from the MPLS cloud to a PE and going back out to
>> another PE doesn't always work. In my opinion, a 2547-architecture
>> really asks for a PE to hold all routes for a given VPN, and if this
>> number is too high (I don't think a 28xx is too weak to hold 40k
>> pfx), build a hub&spoke VPN where the default is generated by some
>> hub-CE, rather than on the hub-PE.
> 
> Unfortunately due to amount of traffic (majority of the traffic
> (>1Gb/s) goes between those two PEs) and some other physical
> constrains (in the PoP where those two 6500s sit we ran out of space
> and air con)  we can't add anything that could do a proper layer 3
> lookup.
> 
> So to just sum up:
> 1. it might be a bug or
> 2. i shouldn't expect it to work altogether ;-)

I guess both :-) At least in SXF and earlier, I wouldn't be terribly
surprised if traffic PE1 --> PE2 --> PE3 (where PE2 does an aggregate
lookup pointing to a distant PE3) doesn't work reliably.

> Perhaps I asked a wrong question here.
> Is there a way to force a layer3 lookup on a PE within a vrf?

Using an aggregate label, as you've done. However: The key is the packet
path. Is it tag2ip (i.e. leaves the aggregate as an IP) or tag2tag (i.e.
packet goes back out via MPLS). I think (not 100% sure) you need the new
MFI infrastructure in 12.2(33)SXH for the latter case. 

	oli

More information about the cisco-nsp mailing list