MPLS Layer 3 VPN Configuration


(Rene Molenaar) #1

This topic is to discuss the following lesson:


(Edwin P) #2

Great stuff Rene
Somehow, after seeing how it’s configured, it makes more sense now
This is all new to me, but since it’s explained in plain english again … :wink:
Thanks for this!


(Shannon S) #3

Hi Rene,

Many thanks! Was reading the CiscoPress MPLS Fundamentals book, but it was taking too long to get to the point for MPLS L3 VPNs. This lesson was worth going through in a short time and now I know a lot more. I was able to work with GNS3 to try out the topology and everything worked perfectly. I will go back to the book to reinforce what I’ve learned here.

Thank you for breaking it down in plain English!

Best regards,

Shannon


(Rene Molenaar) #4

Hi Shannon,

Glad to hear you like it! Now you know the basics, you’ll probably get a lot more value out of the book.

I noticed your idea about VPLS btw, I’ll add something soon.

Rene


(Marcin B) #5

Great as always. Just one minor issue. On the first topology picture, shouldnt the provider AS number be 123 as you stated in text instead of AS 234 or vice versa?


(Rene Molenaar) #6

Hi Marcin,

Glad to hear you like it! Just changed the AS number, it should be 234.

Rene


(John S) #7

Rene, you are the best!!! Excellent very informative lesson :slight_smile:


(Georgi T) #8

hey Renee ;

for some reason I cant ping from CE to CE2 .when I do traceroute 5.5.5.5 source lo0 I can see the next hop PE1 router and it stops there .same thing for the CE2 .I went through all the configuration and everything seems ok .and CE 1 bgp routing table I can see 5.5.5.5 as *> and for the CE2 i can see *>1.1.1.1 but I dont understand why I cant ping .do you have any recommandation ?


(Rene Molenaar) #9

Hi Georgi,

There’s a lot of things that could go wrong with MPLS VPN. Here’s what you should check and in what order:

  1. Make sure your PE/P routers have established LDP neighbor adjacencies using loopback interfaces as the transport addresses.

  2. Make sure the VRF is created on both PE routers.

  3. Make sure you use the correct RD for each VRF.

  4. Make sure you have the correct import/export route-targets.

  5. Check if you see routes in the VRF routing table on the PE routers.

  6. Check if you have an IBGP neighbor adjacency between the PE routers for the VPN address-family.

  7. Make sure that extended communities are sent between the PE routers.

  8. Make sure you see VPN routes on each PE router.

  9. Make sure you see routes on both CE routers.

In your case it sounds like something is wrong with the LSP (Label switched path). Do you have labels for the loopback interfaces on your P router?

If your PE routers were able to exchange VPN routes then it’s still possible that your traffic gets dropped by the P/PE routers if LDP is not working properly.

Rene


(Georgi T) #10

thank you so much for respond and all those troubleshooting methods for MPLS . I found the problem as you said P router didnt established LDP neighboorship with PE1 .but I do have one more question Rene . I recently started to this ISP company and my background is LAN networks actually .

in our company we do have another ISP involves sometimes for MPLS its called layer 3 NNI MPLS .they do connected to each other crossconnect and they use sub interfaces with vlans on router .do you have any topics about it or is there any diagrams I can work on it .?


(Rene Molenaar) #11

Hi Georgi,

Good to hear you figured it out.

I don’t have anything on inter-AS MPLS at the moment but there’s quite some material out there. Try looking for MPLS Option A,B and C and you’ll find quite some information. I might add something in the future for this once I’m done with the R&S material.

Rene

 


(Georgi T) #12

thanks for your help rene . I didnt know its called inter AS-MPLS so I found some good information about it online .

thanks again .


(Shannon S) #13

Hi Rene,

Thank you and looking forward to lessons on VPLS!

Best regards,

Shannon


(rouzbeh t) #14

Hello Rene,

I am just wondering what is the difference between “vrf definition CUSTOMER” and “ip vrf CUSTOMER” that you used in your vrf definition on PE routers?

Another question, what is the reason we dont configure full mesh IBGP in AS 234? we do we just config IBGP between PE1 and PE2?

Thank you


(Rene Molenaar) #15

Hi Rouzbeh,

The difference between the two is that “vrf definition” is for multiprotocol VRF while “ip vrf” is for IPv4 only.

We don’t need IBGP on the P router since it’s switching based on the labels, it doesn’t require an entire routing table. It’s one of the advantages of MPLS, we have a BGP-free core.

Rene


(rouzbeh t) #16

Thank you for the answer


(Davis W) #17

Hi Rene,

If both end customer CE router using the same BGP AS number, possible they can exchange the route?

Davis


(Rene Molenaar) #18

Hi Davis,

There’s a workaround for this. Take a look at the following two lessons:


Rene


(siva v) #19

Rene: Thanks for the fantastic explanation.

I have encountered following log message when setting this up. Can you confirm if we need to make the Loopback Interfaces as /32 s across the MPLS core ?

 

*Jan 15 01:49:04.853: %BGP-4-VPNV4NH_MASK: Nexthop 1.1.1.1 may not be reachable from neigbor 2.2.2.2 - not /32 mask


(siva v) #20

I suffered almost 2 days with no success of bringing this setup UP. I learned the hard lesson … issue i faced was with VRF definition…

I overlooked at the difference between “vrf definition” vs "ip vrf “vrfname” " commands… I defined my whole lab using “vrf definition” commands and failed to bring things UP.

Note: IP VRF defines VPN for only IPV4, where as VRF definition command is meant for multi-af