Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
944
Views
0
Helpful
2
Replies

Request assist with MPLS VRF L3VPN configration

JOHN DELANEY
Level 1
Level 1

‎06-03-2018 12:52 PM - edited ‎03-01-2019 03:17 PM

Capture.PNG

I have built a simulation network of five routers.
The objective is for L3Vpn to carry a single VRF between CE routers across a non-mpls backbone.

 

  • Two IOSv CE Routers CUSTA1 & CUSTA2 at opposite ends of the network.
  • Two IOSxr PE routers PE1 and PE2 connected to an IOSv router representing a non-MPLS network.
  • One IOSv router representing the non-mpls network.

 

  • From each PE router I am able to ping the connected CE using ping vrf V1 ip-address.
  • From CE routers I am not able to ping the remote CE router.
  • From PE routers I cannot ping the remote CE router. ping vrf V1 remote-ce-ip

I am not well versed with MPLS configuration and even less so with IOSxr.
I'd be really grateful if someone could review my configurations and help direct me to the missing link.

Thanks in advance: 

John D.

============================================================
========================ROUTER CUSTA1=======================
============================================================
CUSTA1#show run
Building configuration...

Current configuration : 2908 bytes
!
! Last configuration change at 18:41:48 UTC Sun Jun 3 2018
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CUSTA1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
redundancy
!        
interface GigabitEthernet0/1
 ip address 1.1.1.1 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 1.1.1.2
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
ipv6 ioam timestamp
!
control-plane
!
line con 0
line aux 0
line vty 0 4
 login
 transport input none
!
no scheduler allocate
!
end

CUSTA1#
======================================================================
================ROUTER PE1========================================

==================================================================
RP/0/0/CPU0:PE1#show run
Sun Jun  3 19:25:49.692 UTC
Building configuration...
!! IOS XR Configuration 6.1.3
!! Last configuration change at Sun Jun  3 19:25:41 2018 by cisco
!
hostname PE1
logging console debugging
vrf V1
 address-family ipv4 unicast
  import route-policy RP
  import route-target
   100:1
  !
  export route-policy RP
  export route-target
   100:1
  !
 !
!
interface Loopback0
 ipv4 address 3.3.3.2 255.255.255.255
!
interface GigabitEthernet0/0/0/0
 vrf V1
 ipv4 address 1.1.1.2 255.255.255.0
!
interface GigabitEthernet0/0/0/1
 ipv4 address 2.2.2.2 255.255.255.0
!
route-policy RP
  pass
end-policy
!
router bgp 100
 bgp router-id 2.2.2.2
 address-family ipv4 unicast
  network 1.1.1.0/24
  network 2.2.2.0/24
 !
 address-family vpnv4 unicast
 !
 neighbor 2.2.2.3
  remote-as 1000
  update-source GigabitEthernet0/0/0/1
  address-family ipv4 unicast
   route-policy RP in
   route-policy RP out
   next-hop-self
  !
 !
 neighbor 4.4.4.4
  remote-as 100
  update-source GigabitEthernet0/0/0/1
  address-family vpnv4 unicast
   route-policy RP in
   route-policy RP out
  !
 !
 vrf V1
  rd auto
  address-family ipv4 unicast
  !
 !
!
end

RP/0/0/CPU0:PE1#
================================================================

================================ROUTER ISP======================
================================================================
ISP#show run
Building configuration...

Current configuration : 3355 bytes
!
! Last configuration change at 16:59:36 UTC Sun Jun 3 2018
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISP
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
redundancy
!        
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!       
interface GigabitEthernet0/1
 ip address 2.2.2.3 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
!
interface GigabitEthernet0/2
 ip address 4.4.4.3 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
!
router bgp 1000
 bgp router-id interface Loopback0
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 100
 neighbor 4.4.4.4 remote-as 100
 !
 address-family ipv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 default-originate
  neighbor 4.4.4.4 activate
  neighbor 4.4.4.4 default-originate
 exit-address-family
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
ipv6 ioam timestamp
!
control-plane
!
line con 0
line aux 0
line vty 0 4
 login
 transport input none
!
no scheduler allocate
!
end

ISP#
===============================================================
======================ROUTER PE2===============================
===============================================================
RP/0/0/CPU0:PE2#show run
Sun Jun  3 19:28:20.462 UTC
Building configuration...
!! IOS XR Configuration 6.1.3
!! Last configuration change at Sun Jun  3 19:20:47 2018 by cisco
!
hostname PE2
vrf V1
 address-family ipv4 unicast
  import route-policy RP
  import route-target
   100:1
  !
  export route-policy RP
  export route-target
   100:1
  !
 !
!
interface GigabitEthernet0/0/0/0
 vrf V1
 ipv4 address 5.5.5.4 255.255.255.0
!
interface GigabitEthernet0/0/0/1
 ipv4 address 4.4.4.4 255.255.255.0
!
route-policy RP
  pass
end-policy
!
router bgp 100
 bgp router-id 4.4.4.4
 address-family ipv4 unicast
  redistribute connected
 !
 address-family vpnv4 unicast
 !
 neighbor 2.2.2.2
  remote-as 100
  update-source GigabitEthernet0/0/0/1
  address-family vpnv4 unicast
   route-policy RP in
   route-policy RP out
  !
 !
 neighbor 4.4.4.3
  remote-as 1000
  address-family ipv4 unicast
   route-policy RP in
   route-policy RP out
  !
 !
 vrf V1
  rd auto
  address-family ipv4 unicast
  !
 !
!
end

RP/0/0/CPU0:PE2#
==================================================================
=======================ROUTER CUSTA2==============================
===================================================================
CUSTA2#show run
Building configuration...

Current configuration : 2908 bytes
!
! Last configuration change at 18:38:33 UTC Sun Jun 3 2018
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CUSTA2
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
redundancy
!
interface GigabitEthernet0/1
 ip address 5.5.5.5 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 5.5.5.4
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
ipv6 ioam timestamp
!
control-plane
!
line con 0
line aux 0
line vty 0 4
 login
 transport input none
!
no scheduler allocate
!
end

CUSTA2#
===================================================

Labels:
0 Helpful
2 Replies 2

Harold Ritter
Cisco Employee
Cisco Employee

‎06-04-2018 05:42 AM

Hi John,

 

To deploy MPLS VPN through a non-MPLS service provider, you either need a form of tunneling technique or some form of L2 service via the non-MPLS service provider. I do not see that in your configurations.

 

The following document should be a good place to start understanding this concept.

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/xe-3s/mp-l3-vpns-xe-3s-book/mp-vpn-gre.html

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

JOHN DELANEY
Level 1
Level 1
In response to Harold Ritter

‎06-04-2018 01:36 PM

Would a GRE (tunnel-ip) interface using the 0/0/0/1 interfaces on both PE routers as source / destination fit your recommendation? Would I need to adjust MTU (layer 2, IP or MPLS) for MPLS traffic to traverse the GRE tunnel?

Thanks for your response.
0 Helpful
Customers Also Viewed These Support Documents