[c-nsp] MPLS VPN with PE over GRE tunnels

Ross Halliday ross.halliday at wtccommunications.ca
Tue Sep 20 12:32:13 EDT 2011


It seems I made an error in the subject of my message, should read "MPLS VPN with CE over GRE tunnels"... Looks like a few people didn't read far beyond the subject line :P

Thank you Gert and Cristophe, I will give that a test tonight. Does the same sort of gotcha exist on the 7200 platform? I moved the interfaces over to that router, which also runs MPLS, and before I corrected the VPNv4 iBGP relationships the traffic worked fine when the 7204 sent packets out labeled for that default route (which caused them to be sent back via OSPF into an SVI). Once I fixed the BGP peering so that the 7204 learned the far VPNv4 route properly it exhibited the same problem as the 6509. The 7204 is a dinky ol' NPE-225 running 12.4(22)T.

Reading that page that Cristophe linked, I'm curious why this isn't default behavior. Is it just some magic knob to stump people on a CCIE exam or is there some performance impact or other side effects?


Thanks
Ross Halliday



> -----Original Message-----
> From: Arie Vayner (avayner) [mailto:avayner at cisco.com]
> Sent: Tuesday, September 20, 2011 10:19 AM
> To: Gert Doering; Ross Halliday
> Cc: cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] MPLS VPN with PE over GRE tunnels
> 
> Sorry for double posting... This seems to be a good reference:
> http://www.cisco.com/en/US/prod/collateral/routers/ps9343/Deploying_and
> _
> Configuring_MPLS_Virtual_Private_Networks_In_IP_Tunnel_Environment.pdf
> 
> Arie
> 
> -----Original Message-----
> From: Arie Vayner (avayner)
> Sent: Tuesday, September 20, 2011 17:18
> To: 'Gert Doering'; Ross Halliday
> Cc: cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] MPLS VPN with PE over GRE tunnels
> 
> On 6500 if you want to use MPLS over GRE, you would need to have your
> core facing links (through which the GRE packets are sent/received) on
> a
> SIP400 card...
> 
> Alternatively, SUP2T can support this natively.
> http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_
> p
> aper_c11-652042.html#wp9000959
> 
> 
> Arie
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Gert Doering
> Sent: Tuesday, September 20, 2011 10:55
> To: Ross Halliday
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] MPLS VPN with PE over GRE tunnels
> 
> Hi,
> 
> On Mon, Sep 19, 2011 at 07:18:19PM -0400, Ross Halliday wrote:
> > Currently our network has one switch that is at the hub of our
> > transition to MPLS as we cut various devices over and wait for
> maintenance windows. It has:
> 
> This "switch" would be a 6500 with all these protocols being enabled,
> and the problem spot is "packet comes in MPLS-encapsulated and needs to
> leave GRE-encapsulated" (or return path)?
> 
> > Any help or suggestions would be very appreciated!
> 
> There was something about the 6500 architecture that certain
> combinations of ingress and egress need packets to go through the
> forwarding plane twice, and you need to enable "packet recirculation"
> for it to do that.
> 
> The command I could find for that is "mls mpls tunnel-recir", but you
> might want to verify with the docs whether this is what you want.
> 
> Cisco(config)#mls mpls ?
> ...
>   tunnel-recir     Recirculate Tunnel packets
> 
> gert
> 
> --
> USENET is *not* the non-clickable part of WWW!
> 
> //www.muc.de/~gert/
> Gert Doering - Munich, Germany
> gert at greenie.muc.de
> fax: +49-89-35655025
> gert at net.informatik.tu-muenchen.de



More information about the cisco-nsp mailing list