[c-nsp] Cisco 10K MPLS VPN
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Wed Mar 19 13:49:48 EDT 2008
Well, you are not telling the headend (10K or 7200) what to forward down
the tunnel. Without any "tunnel mpls traffic-eng autoroute announce" or
static routes or forwarding-adjacency, no traffic will be sent over the
tunnel, so the IGP path towards the BGP next-hop will still point to
your outgoing interface, and unless you run LDP over this interface, the
PEs will not know about a label towards the other side.
In order to make this work, use autoroute and just let the 10k/7200 send
all traffic to the other side over the tunnel.
In addition, you are missing an "ip unnumbered loopback0" on the 10k's
Tunnel interface. Without this, the tunnel will not be elegible for any
form of IP routing/forwarding.
Assuming your BGP next-hop on the vpnv4 routes is also Loopback0 (i.e.
equal to your MPLS-TE router-id), you don't even need LDP on the tunnel,
but it doesn't hurt. You don't need the "mpls ldp neighbor
192.168.88.254 targeted" as we would build a targeted session once "mpls
ip" is enabled on the tunnel.
you can take a look at
http://www.cisco.com/warp/public/105/mplsvpnte.html. This doc is
somewhat outdated as it still talks about TDP, but gives some config
examples for various tunnel scenarios.
oli
FAHAD ALI KHAN <> wrote on Wednesday, March 19, 2008 9:26 AM:
> Here is the working configuration & when i disable LDP from Juniper
> core interfaces (fe-0/0/0 & fe-0/0/1)...MPLS VPNs sites get
> disconnected....
>
> C10K#sh run
> ip vrf vpn1
> description Test VPN 1
> rd 1241:100
> route-target export 1241:100
> route-target import 1241:100
> !
> mpls traffic-eng tunnels
> mpls ldp neighbor 192.168.88.254 password test
> mpls ldp neighbor 192.168.88.254 targeted ldp
> mpls ldp loop-detection
> no mpls ip propagate-ttl
> mpls label protocol ldp
> interface Tunnel2
> description *** C10008-PE to C7206VXR-PE ***
> no ip address
> mpls ip
> tunnel source Loopback0
> tunnel destination 192.168.88.254
> tunnel mode mpls traffic-eng
> tunnel mpls traffic-eng path-option 1 explicit name 10k-J4300-7206vxr
> ip rsvp bandwidth
> interface Loopback0
> description *** Loopback ***
> ip address 192.168.97.254 255.255.255.255
> ip rsvp bandwidth
> interface ATM1/0/0
> no ip address
> interface ATM1/0/0.5 point-to-point
> description *** ATM-2-ATM L2 ATOM 10K-7206 ***
> ip vrf forwarding vpn1
> ip address 192.168.10.11 255.255.255.248
> pvc 3/32
> protocol ip 192.168.10.9
> ubr 256
> !
> interface GigabitEthernet3/0/0
> mtu 1550
> !
> interface GigabitEthernet3/0/0.7
> description *** Connected to J4300A ***
> encapsulation dot1Q 296
> ip address 192.168.0.21 255.255.255.252
> ip mtu 1532
> mpls mtu 1520
> mpls traffic-eng tunnels
> mpls ip
> ip rsvp bandwidth
> !
> OSPF & BGP configuration ommited....
> !
> ip explicit-path name 10k-3845-7206vxr enable
> next-address 192.168.0.22
> next-address 192.168.0.18
> next-address 192.168.88.254
>
> mpls ldp router-id Loopback0 force
> ==================================================
> 7206VXR-DSL#sh run
> ip vrf vpn1
> rd 1241:100
> route-target export 1241:100
> route-target import 1241:100
> !
> mpls traffic-eng tunnels
> mpls ldp neighbor 192.168.97.254 password test
> mpls ldp neighbor 192.168.97.254 targeted ldp
> mpls ldp loop-detection
> no mpls ip propagate-ttl
> mpls label protocol ldp
> interface Tunnel1
> description C7206VXR-PE to C10008-PE
> ip unnumbered Loopback0
> mpls traffic-eng tunnels
> mpls ip
> tunnel source Loopback0
> tunnel destination 192.168.97.254
> tunnel mode mpls traffic-eng
> tunnel mpls traffic-eng path-option 1 explicit name 7206-3845-10k
> ip rsvp bandwidth
> !
> interface Loopback0
> description *** Loopback ***
> ip address 192.168.88.254 255.255.255.255
> !
> interface GigabitEthernet0/3
> description *** Connected to J4300 ***
> mtu 1546
> ip address 192.168.0.18 255.255.255.252
> ip mtu 1532
> mpls mtu 1520
> mpls traffic-eng tunnels
> mpls ip
> ip rsvp bandwidth
> !
> interface ATM1/0
> no ip address
> interface ATM1/0.4 point-to-point
> description *** Layer 2 connection 7206-10k ***
> mtu 1500
> ip vrf forwarding vpn1
> ip address 192.168.10.2 255.255.255.248
> pvc 3/100
> protocol ip 192.168.10.1
> ubr 256
> !
> OSPF & BGP configuration ommited
> !
> ip explicit-path name 7206-3845-10k enable
> next-address 192.168.0.17
> next-address 192.168.0.21
> next-address 192.168.97.254
> mpls ldp router-id Loopback0 force
> ===================================================
> interfaces {
> fe-0/0/0 {
> description "*** COnnected to 10K ***";
> mtu 1546;
> unit 0 {
> family inet {
> address 192.168.0.22/30;
> }
> family mpls;
> }
> }
> fe-0/0/1 {
> description "*** Connected to 7206 ***";
> mtu 1546;
> unit 0 {
> family inet {
> address 192.168.0.17/30;
> }
> family mpls;
> }
> }
> lo0 {
> unit 0 {
> family inet {
> address 192.168.120.254/32;
> }
> }
> }
> }
> routing-options {
> router-id 192.168.120.254;
> autonomous-system 1241;
> }
> protocols {
> rsvp {
> interface fe-0/0/0.0 {
> hello-interval 0;
> }
> interface fe-0/0/1.0 {
> hello-interval 0;
> }
> }
> mpls {
> no-propagate-ttl;
> explicit-null;
> interface fe-0/0/0.0;
> interface fe-0/0/1.0;
> }
> bgp {
> group Internal {
> type internal;
> local-address 192.168.120.254;
> authentication-key "$9$YkoaUfTTRSlMN-k.mPF/"; ##
> SECRET-DATA local-as 1241;
> neighbor 192.168.97.254;
> neighbor 192.168.88.254;
> }
> }
> ospf {
> traffic-engineering;
> area 0.0.0.0 {
> interface fe-0/0/0.0;
> interface fe-0/0/1.0;
> interface lo0.0 {
> passive;
> }
> }
> }
> ldp {
> strict-targeted-hellos;
> explicit-null;
> transport-address router-id;
> interface all;
> }
> }
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list