04-15-2024 10:54 AM
Hi
I'm trying to extended a L2 segment using MPLS L2vpn over GRE. I am able to establish the tunnel and get ospf and mpls adjacency also the xconnect between the peer is up but my 2 test pc cant reach each other.
This is my PE3 config.
interface GigabitEthernet0/0/0/0
mtu 1560
!
interface GigabitEthernet0/0/0/0.101 l2transport
encapsulation untagged
!
interface tunnel-ip10
ipv4 address 10.2.3.2 255.255.255.252
tunnel source GigabitEthernet0/0/0/1
tunnel destination 172.16.50.2
!
router static
address-family ipv4 unicast
172.16.50.0/30 GigabitEthernet0/0/0/1 172.16.51.1
!
!
router ospf 1
nsr
router-id 3.3.3.3
mpls ldp auto-config
nsf cisco
area 1
network point-to-point
mpls traffic-eng
interface Loopback0
!
interface tunnel-ip10
!
!
mpls traffic-eng router-id Loopback0
!
mpls traffic-eng
!
mpls ldp
log
hello-adjacency
neighbor
nsr
graceful-restart
!
discovery
hello holdtime 5
hello interval 1
!
router-id 3.3.3.3
!
mpls oam
!
l2vpn
router-id 3.3.3.3
xconnect group test
p2p test
interface GigabitEthernet0/0/0/0.101
neighbor ipv4 1.1.1.1 pw-id 55555
RP/0/RP0/CPU0:PE3#sh cef tunnel-ip10
Mon Apr 15 17:21:14.820 UTC
Prefix Next Hop Interface
------------------- ------------------- ------------------
1.1.1.1/32 10.2.3.1/32 tunnel-ip10
2.2.2.2/32 10.2.3.1/32 tunnel-ip10
10.1.2.0/30 10.2.3.1/32 tunnel-ip10
10.2.3.0/30 attached tunnel-ip10
10.2.3.0/32 broadcast tunnel-ip10
10.2.3.2/32 receive tunnel-ip10
10.2.3.3/32 broadcast tunnel-ip10
RP/0/RP0/CPU0:PE3#sh ospf neighbor
Mon Apr 15 17:21:42.745 UTC
* Indicates MADJ interface
# Indicates Neighbor awaiting BFD session up
Neighbors for OSPF 1
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 FULL/ - 00:00:39 10.2.3.1 tunnel-ip10
Neighbor is up for 00:07:56
Total neighbor count: 1
RP/0/RP0/CPU0:PE3#sh mpls ldp neighbor
Mon Apr 15 17:21:50.007 UTC
Peer LDP Identifier: 1.1.1.1:0
TCP connection: 1.1.1.1:646 - 3.3.3.3:21530
Graceful Restart: No
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 26/19; Downstream-Unsolicited
Up time: 00:07:55
LDP Discovery Sources:
IPv4: (1)
Targeted Hello (3.3.3.3 -> 1.1.1.1, active)
IPv6: (0)
Addresses bound to this peer:
IPv4: (2)
1.1.1.1 10.1.2.1
IPv6: (0)
Peer LDP Identifier: 2.2.2.2:0
TCP connection: 2.2.2.2:646 - 3.3.3.3:23252
Graceful Restart: No
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 12/11; Downstream-Unsolicited
Up time: 00:01:59
LDP Discovery Sources:
IPv4: (1)
tunnel-ip10
IPv6: (0)
Addresses bound to this peer:
IPv4: (4)
2.2.2.2 10.1.2.2 10.2.3.1 172.16.50.2
IPv6: (0)
RP/0/RP0/CPU0:PE3#sh ip route
Mon Apr 15 17:21:55.506 UTC
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR, l - LISP
A - access/subscriber, a - Application route
M - mobile route, r - RPL, t - Traffic Engineering, (!) - FRR Backup path
Gateway of last resort is not set
O 1.1.1.1/32 [110/1002] via 10.2.3.1, 00:08:09, tunnel-ip10
O 2.2.2.2/32 [110/1001] via 10.2.3.1, 00:08:09, tunnel-ip10
L 3.3.3.3/32 is directly connected, 02:11:35, Loopback0
O 10.1.2.0/30 [110/1001] via 10.2.3.1, 00:08:09, tunnel-ip10
C 10.2.3.0/30 is directly connected, 01:52:52, tunnel-ip10
L 10.2.3.2/32 is directly connected, 01:52:52, tunnel-ip10
L 127.0.0.0/8 [0/0] via 0.0.0.0, 02:11:38
S 172.16.50.0/30 [1/0] via 172.16.51.1, 02:11:35, GigabitEthernet0/0/0/1
C 172.16.51.0/30 is directly connected, 02:11:35, GigabitEthernet0/0/0/1
L 172.16.51.2/32 is directly connected, 02:11:35, GigabitEthernet0/0/0/1
RP/0/RP0/CPU0:PE3#sh l2vpn xc
Mon Apr 15 17:22:15.036 UTC
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed,
LU = Local Up, RU = Remote Up, CO = Connected, (SI) = Seamless Inactive
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ ----------------------------- -----------------------------
test test UP Gi0/0/0/0.101 UP 1.1.1.1 55555 UP
----------------------------------------------------------------------------------------
04-17-2024 06:33 AM
Hi @jm-barreto ,
I searched internally and saw similar cases. It appears that l2vpn over mpls over gre is not supported on the NCS540.
That would explain the behavior you are seeing, despite the fact that your configurations look fine.
Regards,
04-17-2024 09:27 AM
Thank for the information. I do a similar lab but using Cisco 3600ME and it happen the same. I do some packet capture and notice that when i do icmp from PC behind PE1 to PC on PE3, the PC on PE3 see the icmp and reply back but the PC on PE1 do not get the reply. I made some capture to the tunnel interface on PE3 and see those reply being encapsulated to the GRE tunnel but PE2 never get those. Its like one side comunication. So i change the topology of my lab and add a 4th PE behind PE3 and made the L2VPN between PE1 and PE4 and now its working.
Sadly i dont have many NCS540 available to replicate this and see if working or not.
I was following this documentation:
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-12/configuration_guide/mpls/b_1612_mpls_9300_cg/configuring_mpls_layer_2_vpn_over_gre.pdf
And from all of the scenario the one that work form me is the last one.
I will try to add one of my NCS540 to the 3600ME lab and see if i can make it work. I will share my result once i recreate the lab.
Thank again for all the help
04-17-2024 09:52 AM
Hi @jm-barreto ,
I think moving the l2vpn function to another PE should make it work with the NCS540 too. Please keep us posted.
Regards,
04-19-2024 01:21 PM
Hi @Harold Ritter
The lab work with the NCS540 and 3600 as GRE speaker and moving the l2vpn/ to another PE behind the PEs that are doing the GRE tunnel. I inject real traffic from my lab lan in 1 side to a PC to the other side. And the problem that I facing now is I think mtu or tcp mss. The PC get ip via dhcp and its able to get out to internet but some web page dont load or take a while to load. The 3600ME do not support changing the mtu in the tunnel interface, it let me adjust the tcp mss. On the NCS540 it let me change the MTU but the tcp adjust-mss, the only option that give me is enable or disable, I cant specify the mss.
So I kind of stuck to where I can adjust mtu or mss.
I will appreciate any help you can provide me.
Thanks
04-17-2024 06:50 AM
Let me check friend update you tonight.
Thanks for waiting
MHM
04-17-2024 09:06 AM
Thanks for the help
04-17-2024 03:49 PM - edited 04-17-2024 03:55 PM
You mention you can run some lab
So try below
The IP you use for xconnect must reachable via tunnel (not via opsf)
So add static route for xconnect IP and check in lab the l2vpn
04-18-2024 06:58 AM
Thanks for the info. That scenario is not the same as mine. My tunnel is between R2 and R3. This is because R3 will be on a remote site that i can connect it to my MPLS core network via Fiber or Fixed Wireless. On R3 site we have satellite internet, using that connection we want to do a tunnel GRE to one of our PE that is connected to or MPLS core network to make PE 3 part of that mpls via the tunnel.
04-18-2024 07:20 AM
Note to consider
1- tunnel IP and tunnel source can not be in same IGP
2- Mpls label is build label by label'
The top label must be label of tunnel destination
The bottom label must be the label of VC'
The top label is know from all router in path and that correct since the tunnel src/dest is know by let called it mpls underlaying
The bottom must know only by two end
In PE when it recieve l2pack it must use tunnel as egress point for xconnect.
Hope this clear to you
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide