[c-nsp] Cisco 10K MPLS VPN

Thu Mar 20 01:03:58 EDT 2008

Oli

*autoroute announce* will send all the traffic (IGP + VPN) towards tunnel,
where as i dont want to send IGP traffic but only VPN traffic.

Is there any way.....well u say static...managment of static will b a great
hurdle in routing of 1000s of VPNs routes...

Is there any solution, to this issue. As Juniper by default select RSVP
tunnel as the next-hop if BGP next-hop is also the same for the VPN route
and it seems to be pretty simple & straight forward.

All the suggestions will be welcome.

Regards

Fahad

On Wed, Mar 19, 2008 at 10:49 PM, Oliver Boehmer (oboehmer) <
oboehmer at cisco.com> wrote:

> Well, you are not telling the headend (10K or 7200) what to forward down
> the tunnel. Without any "tunnel mpls traffic-eng autoroute announce" or
> static routes or forwarding-adjacency, no traffic will be sent over the
> tunnel, so the IGP path towards the BGP next-hop will still point to
> your outgoing interface, and unless you run LDP over this interface, the
> PEs will not know about a label towards the other side.
>
> In order to make this work, use autoroute and just let the 10k/7200 send
> all traffic to the other side over the tunnel.
>
> In addition, you are missing an "ip unnumbered loopback0" on the 10k's
> Tunnel interface. Without this, the tunnel will not be elegible for any
> form of IP routing/forwarding.
>
> Assuming your BGP next-hop on the vpnv4 routes is also Loopback0 (i.e.
> equal to your MPLS-TE router-id), you don't even need LDP on the tunnel,
> but it doesn't hurt. You don't need the "mpls ldp neighbor
> 192.168.88.254 targeted" as we would build a targeted session once "mpls
> ip" is enabled on the tunnel.
>
> you can take a look at
> http://www.cisco.com/warp/public/105/mplsvpnte.html. This doc is
> somewhat outdated as it still talks about TDP, but gives some config
> examples for various tunnel scenarios.
>
>        oli
>
> FAHAD ALI KHAN <> wrote on Wednesday, March 19, 2008 9:26 AM:
>
> > Here is the working configuration & when i disable LDP from Juniper
> > core interfaces (fe-0/0/0 & fe-0/0/1)...MPLS VPNs sites get
> > disconnected....
> >
> > C10K#sh run
> > ip vrf vpn1
> >  description Test VPN 1
> >  rd 1241:100
> >  route-target export 1241:100
> >  route-target import 1241:100
> > !
> > mpls traffic-eng tunnels
> > mpls ldp neighbor 192.168.88.254 password test
> > mpls ldp neighbor 192.168.88.254 targeted ldp
> > mpls ldp loop-detection
> > no mpls ip propagate-ttl
> > mpls label protocol ldp
> > interface Tunnel2
> >  description *** C10008-PE to C7206VXR-PE ***
> >  no ip address
> >  mpls ip
> >  tunnel source Loopback0
> >  tunnel destination 192.168.88.254
> >  tunnel mode mpls traffic-eng
> >  tunnel mpls traffic-eng path-option 1 explicit name 10k-J4300-7206vxr
> >  ip rsvp bandwidth
> > interface Loopback0
> >  description *** Loopback ***
> >  ip address 192.168.97.254 255.255.255.255
> >  ip rsvp bandwidth
> > interface ATM1/0/0
> >  no ip address
> > interface ATM1/0/0.5 point-to-point
> >  description *** ATM-2-ATM L2 ATOM 10K-7206 ***
> >  ip vrf forwarding vpn1
> >  ip address 192.168.10.11 255.255.255.248
> >  pvc 3/32
> >   protocol ip 192.168.10.9
> >   ubr 256
> >  !
> > interface GigabitEthernet3/0/0
> >  mtu 1550
> > !
> > interface GigabitEthernet3/0/0.7
> >  description *** Connected to J4300A ***
> >  encapsulation dot1Q 296
> >  ip address 192.168.0.21 255.255.255.252
> >  ip mtu 1532
> >  mpls mtu 1520
> >  mpls traffic-eng tunnels
> >  mpls ip
> >  ip rsvp bandwidth
> > !
> > OSPF & BGP configuration ommited....
> > !
> > ip explicit-path name 10k-3845-7206vxr enable
> >  next-address 192.168.0.22
> >  next-address 192.168.0.18
> >  next-address 192.168.88.254
> >
> > mpls ldp router-id Loopback0 force
> > ==================================================
> > 7206VXR-DSL#sh run
> > ip vrf vpn1
> >  rd 1241:100
> >  route-target export 1241:100
> >  route-target import 1241:100
> > !
> > mpls traffic-eng tunnels
> > mpls ldp neighbor 192.168.97.254 password test
> > mpls ldp neighbor 192.168.97.254 targeted ldp
> > mpls ldp loop-detection
> > no mpls ip propagate-ttl
> > mpls label protocol ldp
> > interface Tunnel1
> >  description C7206VXR-PE to C10008-PE
> >  ip unnumbered Loopback0
> >  mpls traffic-eng tunnels
> >  mpls ip
> >  tunnel source Loopback0
> >  tunnel destination 192.168.97.254
> >  tunnel mode mpls traffic-eng
> >  tunnel mpls traffic-eng path-option 1 explicit name 7206-3845-10k
> >  ip rsvp bandwidth
> > !
> > interface Loopback0
> >  description *** Loopback ***
> >  ip address 192.168.88.254 255.255.255.255
> > !
> > interface GigabitEthernet0/3
> >  description *** Connected to J4300 ***
> >  mtu 1546
> >  ip address 192.168.0.18 255.255.255.252
> >  ip mtu 1532
> >  mpls mtu 1520
> >  mpls traffic-eng tunnels
> >  mpls ip
> >  ip rsvp bandwidth
> > !
> > interface ATM1/0
> >  no ip address
> > interface ATM1/0.4 point-to-point
> >  description *** Layer 2 connection 7206-10k ***
> >  mtu 1500
> >  ip vrf forwarding vpn1
> >  ip address 192.168.10.2 255.255.255.248
> >  pvc 3/100
> >   protocol ip 192.168.10.1
> >   ubr 256
> >  !
> > OSPF & BGP configuration ommited
> > !
> > ip explicit-path name 7206-3845-10k enable
> >  next-address 192.168.0.17
> >  next-address 192.168.0.21
> >  next-address 192.168.97.254
> > mpls ldp router-id Loopback0 force
> > ===================================================
> > interfaces {
> >     fe-0/0/0 {
> >         description "*** COnnected to 10K ***";
> >         mtu 1546;
> >         unit 0 {
> >             family inet {
> >                 address 192.168.0.22/30;
> >             }
> >             family mpls;
> >         }
> >     }
> >     fe-0/0/1 {
> >         description "*** Connected to 7206 ***";
> >         mtu 1546;
> >         unit 0 {
> >             family inet {
> >                 address 192.168.0.17/30;
> >             }
> >             family mpls;
> >         }
> >     }
> >     lo0 {
> >         unit 0 {
> >             family inet {
> >                 address 192.168.120.254/32;
> >             }
> >         }
> >     }
> > }
> > routing-options {
> >     router-id 192.168.120.254;
> >     autonomous-system 1241;
> > }
> > protocols {
> >     rsvp {
> >         interface fe-0/0/0.0 {
> >             hello-interval 0;
> >         }
> >         interface fe-0/0/1.0 {
> >             hello-interval 0;
> >         }
> >     }
> >     mpls {
> >         no-propagate-ttl;
> >         explicit-null;
> >         interface fe-0/0/0.0;
> >         interface fe-0/0/1.0;
> >     }
> >     bgp {
> >         group Internal {
> >             type internal;
> >             local-address 192.168.120.254;
> >             authentication-key "$9$YkoaUfTTRSlMN-k.mPF/"; ##
> >             SECRET-DATA local-as 1241;
> >             neighbor 192.168.97.254;
> >             neighbor 192.168.88.254;
> >         }
> >     }
> >     ospf {
> >         traffic-engineering;
> >         area 0.0.0.0 {
> >             interface fe-0/0/0.0;
> >             interface fe-0/0/1.0;
> >             interface lo0.0 {
> >                 passive;
> >             }
> >         }
> >     }
> >     ldp {
> >         strict-targeted-hellos;
> >         explicit-null;
> >         transport-address router-id;
> >         interface all;
> >     }
> > }
>  > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>