Handling default routes in MPLS L3 VPN

Hi,
I am trying this configuration where the Blue and Red routers are acting as hosts.


I can make the Blues talk with the Blues and the Reds talk with the Reds. Now I want Red1 to talk with Blue1 but only via CiscoIOSv-2.

I have installed default routes at CiscoIOSv-1 that show up at the respective VRF routing tables using the commands:

ip route vrf blue 0.0.0.0 0.0.0.0 2.2.2.2 global
ip route vrf red 0.0.0.0 0.0.0.0 2.2.2.2 global

My problem is that when I ping from Blue1 to Red1 the ICMP packets do not carry a Blue tag in the provider’s network. Only when I ping from Blue1 to Blue2 they do. It seems that CiscoIOSv-1 is ignoring the association between the default route and the Blue Route Tag. Any idea of what is wrong?

The BGP configuration of CiscoIOSv-1 is:

router bgp 100
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback0
address-family vpnv4
neighbor 2.2.2.2 activate
exit
address-family ipv4 vrf blue
redistribute connected
exit
address-family ipv4 vrf red
redistribute connected

and the configuration of the VRFs is:

ip vrf blue
rd 1:1
route-target both 1:1
ip vrf red
rd 2:2
route-target both 2:2

Hello Rui

It looks like you’re trying to allow different VRFs to communicate with each other using VRF route leaking. This is done in an environment where you have VRFs, but not when you incorporate MPLS L3 VPN. An example of VRF route leaking (without MPLS) can be found here:

You need to employ route leaking within an MPLS environment. This is achieved using the import and export keywords under the VRF configuration. You can find a detailed lesson on this here:

Take a look at this, and if you have any further questions, let us know!

I hope this has been helpful!

Laz

Thanks Laz for your reply.

I looked at the MPLS VPN Extranet Route Leaking lesson, but it doesn´t address the issue of default routes. And that is my problem! The route leaking seems Ok, but not with default routes.

For convenience, I include here a new image of my setup. In my setup, I do not have CE routers.

At PE2, besides the VRF configurations show above for PE1 (CiscoIOSv-1), I did the following configurations for route leaking:

ip vrf blue
route-target import 2:2
ip vrf red
route-target import 1:1

With this I got the following blue routing table at PE2:

B*    0.0.0.0/0 [200/0] via 1.1.1.1, 00:11:41
      10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
B        10.10.1.0/24 [200/0] via 1.1.1.1, 00:11:41
C        10.10.2.0/24 is directly connected, GigabitEthernet0/0
L        10.10.2.2/32 is directly connected, GigabitEthernet0/0
      11.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
B        11.11.1.0/24 [200/0] via 1.1.1.1, 00:11:41
B        11.11.2.0/24 is directly connected, 00:11:41, GigabitEthernet0/1
L        11.11.2.2/32 is directly connected, GigabitEthernet0/1

This seems Ok. As mentioned above the problem is with the default routes, and starts at PE1.

When I ping from Blue1 to Red1, the ICMP Echo Request packets observed in the link between PE1 and P (using Wireshark) only carry one tag, which is the one related to the MPLS underlay. They do not carry the second tag identifying the blue network. Therefore, the packets are not received by the blue VRF of PE2. It seems that PE1 is ignoring the association between the default route and the blue Route Tag.

I believe that configurations with default routes should be common. Any idea of what is wrong?

Hi @rui.valadas ,

I did some labbing today and I have two working examples with default routes:

  • One where you leak the default route from one VRF into another VRF.
  • Another one where you have a default route to the global routing table.

Instead of a quick answer now, I’ll create two lessons for this next week, that should help…stay tuned :grin:

Rene

1 Like