[c-nsp] Emulating the L2 aspect of VPLS with VRF-lite

Justin Shore justin at justinshore.com
Fri Apr 3 17:11:40 EDT 2009 

Sorry for the length.  I have another Friday mind-bender.

We're going into an agreement with a new customer to replace their 
existing shared radio infrastructure with several bonded PtP DS1s at a 
number of sites and a DS3 at a main site.  The owner of the radios 
infrastructure currently places the WAN-facing interface of all of this 
customer's routers into a common VLAN (ie all WAN-facing routers have a 
connected route to a like interface on all other WAN routers).  The 
customer currently establishes IPSec-protected GRE tunnels from each 
router to every other router using the connected interfaces.  Then they 
run EIGRP over top of the GRE tunnels.  The radio links emulate the L2 
aspect of VPLS or an E-LAN service with that simple little VLAN.

I'm trying to do something similar with completely different hardware. 
I can't reach any of these sites with VLAN-capable hardware yet.  Most 
of the sites are getting several bonded DS1s.  One main site is getting 
a DS3 over Overture (Ethernet bridged over the DS3 and handed off as 
Ethernet on both ends; the 7206 gets it as a sub-int on a GigE port). 
My initial thought was to put each of the customer's MLPPP interfaces as 
well as the GigE sub-int for the Ethernet site into a VRF.  Each 
separate interface would be a /30 and I'd be a routed hop in the middle 
inside of their VRF (everything comes back ultimately to a single 7200). 
  They could tunnel across me if they wanted with a few additional 
statics to populate the RIB with next-hop information of the other 
routers.  I'm confident that this would work however I think there may 
be a better way that minimizes our potential involvement in the middle. 
  Thinking about it a bit more I decided that I could provide a L2 
service by making each of the MLPPP interfaces and the GigE sub-int 
unnumbered up to a common loopback.  Each customer WAN-facing interface 
would be addressed from a common subnet.  They should then also be able 
to directly communicate with one another across the loopback and 
establish routing adjacencies and/or build GRE tunnels with the hosts in 
that common connected route.

That's where I'm at right now.  I have 2 test routers with a DS1 bundle 
on each back to the 7200.  Each bundle is in the customer VRF.  I have 
another router doing Ethernet into a 4948 access switchport.  That 
unique VLAN gets trunked up to the 7200 on an on-board GigE interface. 
The corresponding sub-int on the 7200 is in the customer VRF and is 
unnumbered back to the dedicated customer loopback.  The only error I 
got in the process was when I did the unnumbered on the sub-int.

003018: Apr  3 13:15:29 CDT: %OSPF-4-NO_IPADDRESS_ON_INT: No IP address 
for interface GigabitEthernet0/2.1001

That's just OSPF whining and shouldn't be a problem.  I set up OSPF on 
all WAN-facing interfaces on the CE lab routers.  For grins I also set 
up OSPF inside the VRF on the PE.  I can ping between the DS1 routers 
and the 7200.  However I can not ping the Ethernet CE router from 
anywhere.  I also can not establish OSPF adjacencies between any of the 
CEs or the PE.  Debugging the OSPF packets I see packets going out from 
the CEs but nothing coming in.  From the PE I see nothing at all.

Should this ip unnumbered design work?  Any idea what's dropping the 
OSPF packets along the way?

I'm working on the problem while typing this and I have an update on 
what I wrote above.  I now have OSPF adjacencies between the DS1 CPEs 
and the 7200.  It turns out I needed to put the MLPPP interface into the 
VRF as well even though the ip unnumbered interface as in the VRF 
already.  However this points out a problem.  I am unable to establish 
an adjacency between the DS1 CPEs.  The CPEs only claim to see OSPF 
packets from the 7200.  Is that normal?  I also just noticed that I can 
no longer ping between DS1 CPEs.  I'm not sure if this isn't being 
consistent or I should call it a day.

I should be able to do the VRF with the L3 hop in the middle if nothing 
else.  I'd rather that be my fall-back position though.  Any other 
suggestions on how to accomplish this would be much appreciated.  I'm 
sure there are other ways to do something similar.

Thanks
  Justin

More information about the cisco-nsp mailing list