Im having some problems with EIGRP redistribution in to MP-BGP for VPN connectivity. Trying to pass the MPLS exam but I havent taken the BSCI exam yet so Im having to learn as I go (not as painful as I thought it would be). Route redistribution is giving me the most problems right now, obviously.

If anyone has some quick "gotchas" to share that'd be cool. I have a mid term tuesday so it will be later this week before I can post configs.

3/16/2008 10:42:02 PM

wut?

3/16/2008 10:46:19 PM

exactly the response I get from most people

3/16/2008 11:15:35 PM

I think you're probably going to have to be a bit more specific than you have been to get any useful advice. A countless number of books have been written about MPLS VPNs and routing redistribution- it's not really a task best summarized in a quick list of 'gotchas' on a college message board.

If you want to post more details regarding your current configs, show command output, and exactly what the perceived problem is, I'd be more than happy to help the best that I can.

Good luck

3/16/2008 11:39:27 PM

Thanks - Ill do that.

In short, I can get static routes to redistribute in to MP-BGP just fine. I even think I got RIP working (have to look back through the saved configs).

My problem was getting EIGRP to work. I think the problem is that I am using EIGRP as the backbone IGP as well as the PE-CE RP. I dont know if you have to use a entirely separate EIGRP process for the PE-CE RP if youre using EIGRP as the IGP in the cloud as well. :shrug: I dunno, but Ill post everything I got in a few days. Ive failed this exam twice already so... yea, retooling etc at the moment.

I appreciate the help in advance!

3/16/2008 11:58:16 PM

If you can, you'll want to pick up "MPLS and VPN Architectures, Volume II" by Guichard and Apcar. For your issue in particular, PE-CE routing, you'll want to start around page 152.

To answer your question regarding the separation of EIGRP processes, iirc this should be accomplished by creating separate VRFs each associated with a particular EIGRP AS number. Interconnecting these sites will be accomplished just like any other CE->PE situation, by redistributing these VRFs into your BGP process. Not sure how complex your particular situation is, but you should be able to get rolling from there.

The only 'gotchas' that come to mind immediately are to be cautious of the implications of synchronization (although I think this is automatically disabled with vrfs???) in bgp and auto-summary in eigrp, but that's probably something you've already bumped into with the protocol.

3/17/2008 1:00:20 AM

Just realized you were the cisco fan boi from the other thread! No more advice for you, sir

3/17/2008 1:06:21 AM

^^ auto summary wont prevent the MPLS VPN from working, but what it will do is cause an unnecessary L3 lookup in the forwarding (data plane) path of the packets from A to B.

Ill take a look at the MPLS/VPN Vol 2. I have the Vol 1 "CCIP" edition but I think the "Vol 1 and Vol 2" books are newer. I also have the MPLS fundamentals, and Configuring MPLS on Cisco IOS software books which have been helpful. At this point Im kinda lost in my ways a bit.

3/17/2008 7:39:51 AM

I have never seen a real customer using eigrp as the real core RP underneath their mpls vpn/bgp network.

However, using eigrp as the pe-ce protocol is pretty common.

When configuring eigrp for use as the "global" and vrf RP, you have to do the following:

router eigrp 100
no auto
address-family ipv4
network x.x.x.x
(other regular igp commands that you want to use in the baseline eigrp network
address-family ipv4 vrf VPN1
autonomous-system 100
network y.y.y.y
redistribute bgp 65000
address-family ipv4 vrf VPN2
autonomous-system 100
network z.z.z.z
redistribute bgp 65000

Thats pretty much the general eigrp shell to use in terms of mpls vpn environments.

Rob

3/17/2008 2:54:53 PM

yea.. I def need you guys to look at the configs then.

Ill post them tomorrow night. Tonight I cram for an exam yaay!!!!

3/17/2008 3:19:43 PM

How'd that exam go? Which exam was it, exactly?

3/18/2008 1:33:05 PM

robster giving more advice to tww than he does to customers

3/19/2008 10:45:50 PM

Mid term went well. It was for a system design and analysis course. I put in a 12 hour shift today and have some urgent tasks I need to complete by cob tomorrow by I'll load the configs in webiou and post the info tomorrow.

I'm surprised how many cisco engineers are on this board. I couldn't even get this toe of response on the groupstudy listserv...

3/19/2008 9:54:42 PM

that's where all the cool kids work

3/19/2008 11:20:03 PM

^^^ pmcassel only makes jokes because I ignore his stupid questions all day, as he sits across the aisle from me.

3/21/2008 6:41:56 AM

I lost my eigrp>bgp redistribution configs for MPLS VPN, have to re-do them.

I was thinking of rick rolling the for-sale list.

Good idea for a Friday?

[ ] confirm
[ ] deny

[Edited on March 21, 2008 at 8:54 AM. Reason : .]

3/21/2008 8:54:01 AM

One important question before I re-create this.

Here is the toplogy




note: the network between R3 and R4 is 10.0.1.x

Since both sides of the network are simply config mirrors of each other (what is done on one side is the method implemented on the other), lets focus on the left side of this toplogy.

Understand that R2 (PE1a) is merely passing routes from R1 (cust1) to R3 (PE1).

What I have been doing is creating 2 EIGRP processes (1 and 100). Process 1 is for the backbone network through the cloud (10.0.1.x and the loopback 100.0.0.3). The customer facing networks are in EIGRP 100 (192.168.0.x, 100.0.0.2, 10.0.0.x, and 50.0.0.1).

On the PE I would redistribute EIGRP 100 in BGP, visa versa.

Now admittedly, in looking at this again after Ive cooled off I think I have identified some errors on my own.

I do believe if I were to do it this way the loopback ip on R3 would need to be in EIGRP process 100, not in the "backbone" process 1.

However, before I travel down that path should 2 EIGRP processes even be used? I dont know why I did this other than to try to "segment" the routes in EIGRP (mostly bc I not familiar with advanced EIGRP configs).

Shouldnt this all be done within one EIGRP process and just put the customer facing route in the EIGRP IPv4 address family?

I do believe this to be solely an EIGRP issue and not an issue with the BGP config (BGP config is pretty straight forward)

Here are the sh ip route and sh ip eigrp neigh outputs from R2 (PE1a) and R3 (PE1)

PE1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     100.0.0.0/32 is subnetted, 2 subnets
D       100.0.0.7 [90/3833856] via 10.0.1.2, 02:01:05, Serial0/0
C       100.0.0.3 is directly connected, Loopback0
     200.0.0.0/32 is subnetted, 3 subnets
D       200.0.0.4 [90/2297856] via 10.0.1.2, 23:46:07, Serial0/0
D       200.0.0.5 [90/2809856] via 10.0.1.2, 08:06:35, Serial0/0
D       200.0.0.6 [90/3321856] via 10.0.1.2, 02:01:05, Serial0/0
     172.16.0.0/24 is subnetted, 2 subnets
D       172.16.0.0 [90/2681856] via 10.0.1.2, 23:46:07, Serial0/0
D       172.16.1.0 [90/3193856] via 10.0.1.2, 08:06:35, Serial0/0
     10.0.0.0/24 is subnetted, 2 subnets
D       10.0.2.0 [90/3705856] via 10.0.1.2, 02:01:05, Serial0/0
C       10.0.1.0 is directly connected, Serial0/0


PE1#sh ip eigrp nei
IP-EIGRP neighbors for process 1
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   10.0.1.2                Se0/0             12 1d00h      39   234  0  24
IP-EIGRP neighbors for process 100

PE1a#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     50.0.0.0/32 is subnetted, 1 subnets
D       50.0.0.1 [90/2297856] via 10.0.0.1, 09:24:29, Serial1/0
     100.0.0.0/32 is subnetted, 1 subnets
C       100.0.0.2 is directly connected, Loopback0
     10.0.0.0/24 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, Serial1/0
C    192.168.0.0/24 is directly connected, Serial0/0


PE1a#sh ip eigrp nei
IP-EIGRP neighbors for process 100
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   10.0.0.1                Se1/0             14 09:24:45   40   240  0  7

3/21/2008 10:38:49 AM

You havent really cleared up what you are actually trying to accomplish in terms of overall design here.

CsC is a term that is used more and more loosely these days.

In terms of MPLS VPN, it appears from your image that you are just trying to run MPLS ONLY in the CsC network, not in the ISPa networks.

If this is true, then I dont think it matters what you do with EIGRP on the ISP network.

From the diagram, it seems that you would just want to advertise all EIGRP routes (which would include the end customers 50.0.0.x loopbacks, from the PE1 (R3 and R7 routers) to the CSC PE routers (R4 and R6, respectively).

Then, via MP-BGP, the two CsC PE routers would exchange routes for that ISPa VPN, and the ISP essentially has one big Continuous network, instead of two broken apart networks on the other side of the world from each other.

So, really, this isnt CsC, but rather just basic MPLS VPN.

Now, if you wanted to really truely extend this into CsC, then you should stop worrying about connecting EIGRP as one giant IGP, because in the real world, ISPa would not have a shared IGP with the CsC network which would support its backbone connection from the left network to the right network. Instead, your main goal would be to use the CsC network to create the Virtual IGP between Left and Right ISPa networks, and then use that virtual IGP as the backbone for your ISPa MPLS VPN, which would connect Customer Yellow to its remote sites as if they were one big continuous network as well.

3/21/2008 8:57:53 PM

Quote :

"rather just basic MPLS VPN."

Yes.

All Im doing is a basic simple MPLS VPN all within one BGP AS.

Im only having problems with the PE-CE protocol redistributing in to MP-BGP.

Once I get one site on each side up and running then I can move toward using different PE-CE protocols, and from there I can move to using 2 different BGP AS's, and after all that I can move to doing some traffic engineering configurations (as simple and impractical as it might be with this topology).

This webiou example is just giving me the stick time to help me further understand implementation and configuration for the MPLS exam.


I verified with one of the contractors who teached the MPLS 5 day class here that I need to contain all EIGRP networks within one EIGRP process and just advertise the cu networks in the ipv4 address family.

I dont know why I am making this so much harder than it needs to be.

3/22/2008 9:13:40 AM

Yeah, so at the CsC PE on the left, you want to configure eigrp with a vrf. Then redistribute that eigrp vrf into the bgp address family. That will send all the eigrp routes on the left to the other PE on the right, where you will redistribute bgp address family vrf ISPa into eigrp address family vrf ISPa.

SO, the example eigrp config I sent you would be used on router 4 and 6. And you would make the interface connecting R4 to R3 (s1/0 on R4) ip vrf forwarding ISPa, as well as S0/0 on R6 which is connected to R7.

ISPa would not have any vrf aware interfaces, nor would it have vrfs configured at all.


Get it?

3/22/2008 11:50:20 AM

Oh yea - I know how the operation of an MPLS VPN occurs and can explain that just fine. Every component of the network is configured as its supposed to be, I just effed it all up with the EIGRP config.

Ill work on it when I get off shift and post the configs. Been one hell of a week.

My problem was the specific configuration of EIGRP and why I was separating the routes in 2 different processes. Silly me.

3/22/2008 11:53:21 AM

Here is a great simple example from the config guide:

http://www.cisco.com/en/US/docs/ios/12_4/ip_route/configuration/guide/h_eipece_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1027258

EIGRP MPLS VPN Configuration Example

The following configuration example in global configuration mode creates a VRF named RED and associates it with an interface:

ip vrf RED

 rd 100:1

 route-target both 100:1

 exit

interface FastEthernet 0/0

 ip vrf forwarding RED

 ip address 10.0.0.1 255.255.255.0

 end

BGP Network Configuration Example

The following configuration example shows the minimum BGP configuration required on the PE routers to support the EIGRP MPLS VPN:

router bgp 10

 no synchronization

 neighbor 10.0.0.1 remote-as 10

 neighbor 10.0.0.1 update-source loopback 0

 address-family vpnv4 

 neighbor 10.0.0.1 activate

 neighbor 10.0.0.1 send-community extended 

 exit-address-family

 address-family ipv4 vrf RED

 redistribute eigrp 101

 no synchronization

 exit-address-family

EIGRP Redistribution Example

The following configuration example configures EIGRP redistribution through the MPLS VPN over the BGP core network:

router eigrp 1

 address-family ipv4 vrf RED

 network 172.16.0.0 0.0.255.255

 redistribute bgp 10 metric 10000 100 255 1 1500

 autonomous-system 101

 exit-address-family 

3/22/2008 11:54:25 AM

^ yes!


All I would need to do to that is add the backbone EIGRP networks in to the global EIGRP config and thats all she wrote!

3/22/2008 11:57:22 AM

This thread makes me glad I'm not pursuing my cisco certs anymore and got a new job in a new direction

3/22/2008 12:01:19 PM

Cisco sets the bar pretty high I have to admit.

Although Im kind of glad given the average salaries of some of the certifications.

3/22/2008 12:02:11 PM

Quote :

"^^^ pmcassel only makes jokes because I ignore his stupid questions all day, as he sits across the aisle from me."

im a newbie, i'll give you that
all 4 questions ive asked you over the last month have been pretty good

but at least i knew that the gym spitter wasn't an eyewash

3/23/2008 11:45:32 AM

going for CCIP soon, increasingly scared

3/23/2008 11:50:48 PM

^ I recommend taking the BGP+MPLS test if still possible rather than the BGP test then the MPLS test, it is a bit easier that way

3/24/2008 7:09:49 AM

You SHOULD proceed through the CCIP in this order:

1 BSCI, 2 BGP, 3 QoS, 4 MPLS

However, if you are going to take the MPLS+BGP exam, do so after the BCSI.

There really arent any questions regarding QoS other than look at the interface config and identify why it wont work (what command is missing), etc.

You really dont need the BSCI before the MPLS but trust me, after doing it this way myself, just make it easier on yourself and take the BCSI first. You have to remember that the MPLS exam is IMPLEMENTING MPLS, which means its pretty lab/configuration based for a typical exam.

3/24/2008 7:46:15 AM

Although we really dont have many openings at the moment.. If anybody wants to work on a real mpls network and apply at Verizon Business, let me know so I can get a recruiting bonus

3/25/2008 7:57:19 AM

Although we really don't have many openings at the moment.. If anybody wants to troubleshoot many real mpls networks and apply at Cisco Systems, let me know so I can get a recruiting bonus.

3/25/2008 8:01:42 AM

RPs are teh suck, VoIP ftw

3/25/2008 10:39:37 AM

^^^ Ive got my resume out looking at external opportunities.

^^ Oh, hai!

[Edited on March 25, 2008 at 11:25 AM. Reason : .]

3/25/2008 11:25:07 AM

I corrected EIGRP and am running everything under the same process.

However routes are not being sent across via MP-BGP. I think it might have something to do with incorrectly implementing the AS numbers in the redistribution. I was unsure if you referenced the EIGRP or BGP AS under the BGP ipv4 vrf add-family and visa versa with the redistribution statement in EIGRP.

The correct routes from each side are showing up correctly in the sh ip route vrf [name]

Here are the configs:

PE1#sh run 
Building configuration...

Current configuration : 1539 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE1
!
boot-start-marker
boot-end-marker
!
!
clock timezone PST -8
no aaa new-model
ip subnet-zero
ip cef
!
ip vrf cust1
 rd 1:1
 route-target export 1:1
 route-target import 1:1
!         
!
!
interface Loopback0
 ip address 100.0.0.3 255.255.255.255
 no clns route-cache
!
interface Serial0/0
 ip address 10.0.1.1 255.255.255.0
 tag-switching ip
 serial restart-delay 0
 no clns route-cache
!
interface Serial1/0
 ip vrf forwarding cust1
 ip address 192.168.0.2 255.255.255.0
 serial restart-delay 0
 no clns route-cache
!
router eigrp 1
 network 10.0.1.0 0.0.0.255
 no auto-summary
 !
 address-family ipv4 vrf cust1
 redistribute bgp 100 metric 1000 100 255 1 1500
 network 100.0.0.3 0.0.0.0
 network 192.168.0.0
 no auto-summary
 autonomous-system 1
 exit-address-family
!
router bgp 100
 no synchronization
 bgp log-neighbor-changes
 neighbor 100.0.0.7 remote-as 100
 neighbor 100.0.0.7 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
 neighbor 100.0.0.7 activate
 neighbor 100.0.0.7 send-community both
 exit-address-family
 !
 address-family ipv4 vrf cust1
 redistribute eigrp 1
 no auto-summary
 no synchronization
 exit-address-family
!
ip classless
no ip http server
!
!
!
!
!
line con 0
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
 login
 transport preferred all
 transport input all
 transport output all
!
end

PE2#sh run 
Building configuration...

Current configuration : 1539 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE2
!
boot-start-marker
boot-end-marker
!
!
clock timezone EST -5
no aaa new-model
ip subnet-zero
ip cef
!
ip vrf cust2
 rd 2:1
 route-target export 1:1
 route-target import 1:1
!         
!
!
interface Loopback0
 ip address 100.0.0.7 255.255.255.255
 no clns route-cache
!
interface Serial0/0
 ip vrf forwarding cust2
 ip address 192.168.2.1 255.255.255.0
 serial restart-delay 0
 no clns route-cache
!
interface Serial1/0
 ip address 10.0.2.2 255.255.255.0
 tag-switching ip
 serial restart-delay 0
 no clns route-cache
!
router eigrp 1
 network 10.0.2.0 0.0.0.255
 no auto-summary
 !
 address-family ipv4 vrf cust2
 redistribute bgp 100 metric 1000 100 255 1 1500
 network 100.0.0.7 0.0.0.0
 network 192.168.2.0
 no auto-summary
 autonomous-system 1
 exit-address-family
!
router bgp 100
 no synchronization
 bgp log-neighbor-changes
 neighbor 100.0.0.3 remote-as 100
 neighbor 100.0.0.3 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
 neighbor 100.0.0.3 activate
 neighbor 100.0.0.3 send-community both
 exit-address-family
 !
 address-family ipv4 vrf cust2
 redistribute eigrp 1
 no auto-summary
 no synchronization
 exit-address-family
!
ip classless
no ip http server
!
!
!
!
!
line con 0
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
 login
 transport preferred all
 transport input all
 transport output all
!
end

3/25/2008 12:46:07 PM

Are you still doing CsC? I ask because I am wondering if your underlying mpls scheme from PE1 to PE2 is setup correctly.

Also, post the output from show ip bgp vpnv4 summ, show ip route vrf cust2, etc.

3/25/2008 1:40:07 PM

Ugh. I have to teach a class on OSPF and MPLS next week. The OSPF part is a breeze. Been too long away from MPLS for the lecture to be anything more than an intro.

3/25/2008 1:45:16 PM

wut, This is how the ISP side of a CsC network should be setup.


(from the mpls csc guide) ...

http://www.cisco.com/en/US/docs/ios/12_0st/12_0st14/feature/guide/csc.html#wp1046565

Look at the diagram there. The ISP mp-bgp connection is done between the far end PEs, not the ISP-CEs that are connected to the CsC network.

[Edited on March 25, 2008 at 1:50 PM. Reason : .]

3/25/2008 1:50:22 PM

^^ where do you teach at? Whats the audience?

How much will you pay me to do the MPLS part

3/25/2008 1:51:41 PM

Honestly I dont know what CsC is. If youre wondering from whats written on the picture then no.

Ignore the shaded areas of that picture and just think of this as 9 daisy chained routers together. R3 and R7 are the PE's - ignore the blue and yellow shaded logical designations.

R2 is just passing routes from R1 to R3, its not doing anything invasive.

This is pulled from R7 in the picture.

PE2#sh ip bgp vpnv4 all
BGP table version is 11, local router ID is 100.0.0.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 2:1 (default for vrf cust2)
*> 10.0.0.0         192.168.2.2        2681856         32768 ?
*> 50.0.0.9/32      192.168.2.2        2809856         32768 ?
*> 192.168.2.0      0.0.0.0                  0         32768 ?



PE2#sh ip route vrf cust2

Routing Table: cust2
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     50.0.0.0/32 is subnetted, 1 subnets
D       50.0.0.9 [90/2809856] via 192.168.2.2, 01:51:15, Serial0/0
D    10.0.0.0/8 [90/2681856] via 192.168.2.2, 01:51:15, Serial0/0
C    192.168.2.0/24 is directly connected, Serial0/0



PE2# sh ip cef vrf cust2
Prefix              Next Hop             Interface
0.0.0.0/0           drop                 Null0 (default route handler entry)
0.0.0.0/32          receive
10.0.0.0/8          192.168.2.2          Serial0/0
50.0.0.9/32         192.168.2.2          Serial0/0
192.168.2.0/24      attached             Serial0/0
192.168.2.0/32      receive
192.168.2.1/32      receive
192.168.2.255/32    receive
224.0.0.0/4         drop
224.0.0.0/24        receive
255.255.255.255/32  receive


PE2#sh ip bgp ipv4 unicast summary 
BGP router identifier 100.0.0.7, local AS number 100
BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
100.0.0.3       4   100      21      17        0    0    0 1d00h    Active

3/25/2008 2:08:28 PM

show ip bgp vpnv4 summ

show mpls for

3/25/2008 4:17:41 PM

Quote :

"PE2#sh ip bgp vpnv4 summ ^ % Invalid input detected at '^' marker. "

Thats why I gave you the sh ip bgp vpnv4 all output - there is no summary command.

PE2#sh mpls forwarding-table 
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop    
tag    tag or VC   or Tunnel Id      switched   interface              
16     Untagged    200.0.0.6/32      0          Se1/0      point2point  
17     Untagged    172.16.1.0/24     0          Se1/0      point2point  
18     Untagged    200.0.0.5/32      0          Se1/0      point2point  
19     Untagged    172.16.0.0/24     0          Se1/0      point2point  
20     Untagged    200.0.0.4/32      0          Se1/0      point2point  
21     Untagged    10.0.1.0/24       0          Se1/0      point2point  
22     Untagged    50.0.0.9/32[V]    0          Se0/0      point2point  
23     Untagged    10.0.0.0/8[V]     0          Se0/0      point2point  
24     Aggregate   192.168.2.0/24[V] 0                                  

Hrmm I think MPLS isnt turned on in the P network somewhere.

PE2#sh mpls ldp bindings 
  tib entry: 10.0.1.0/24, rev 14
	local binding:  tag: 21
  tib entry: 10.0.2.0/24, rev 16
	local binding:  tag: imp-null
  tib entry: 100.0.0.7/32, rev 15
	local binding:  tag: imp-null
  tib entry: 172.16.0.0/24, rev 10
	local binding:  tag: 19
  tib entry: 172.16.1.0/24, rev 6
	local binding:  tag: 17
  tib entry: 200.0.0.4/32, rev 12
	local binding:  tag: 20
  tib entry: 200.0.0.5/32, rev 8
	local binding:  tag: 18
  tib entry: 200.0.0.6/32, rev 4
	local binding:  tag: 16


PE2#sh mpls ldp neighbor 

3/26/2008 12:33:45 PM

Yup, I was right.

router eigrp 1
 network 10.0.2.0 0.0.0.255
 no auto-summary
 !
 address-family ipv4 vrf cust2
 redistribute bgp 100 metric 1000 100 255 1 1500
 network 100.0.0.7 0.0.0.0
 network 192.168.2.0
 no auto-summary
 autonomous-system 1
 exit-address-family
          
PE2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
PE2(config)#router eigrp 1
PE2(config-router)#add
PE2(config-router)#address-family ipv4 vrf cust2
PE2(config-router-af)#no network 100.0.0.7 0.0.0.0
PE2(config-router-af)#exiot
                         ^
% Invalid input detected at '^' marker.

PE2(config-router-af)#exit
PE2(config-router)#router eigrp 1
PE2(config-router)#net 100.0.0.7 0.0.0.0
PE2(config-router)#end
PE2#wr
Building configuration...
[OK]
PE2#
*Mar 26 17:55:12.464: %LDP-5-NBRCHG: TDP Neighbor 200.0.0.6:0 is UP
*Mar 26 17:55:12.784: %SYS-5-CONFIG_I: Configured from console by console
PE2#
*Mar 26 17:56:18.716: %BGP-5-ADJCHANGE: neighbor 100.0.0.3 Up 
PE2#sh mpls for
PE2#sh mpls forwarding-table 
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop    
tag    tag or VC   or Tunnel Id      switched   interface              
16     Pop tag     200.0.0.6/32      0          Se1/0      point2point  
17     Pop tag     172.16.1.0/24     0          Se1/0      point2point  
18     16          200.0.0.5/32      0          Se1/0      point2point  
19     17          172.16.0.0/24     0          Se1/0      point2point  
20     19          200.0.0.4/32      0          Se1/0      point2point  
21     20          10.0.1.0/24       0          Se1/0      point2point  
22     Untagged    50.0.0.9/32[V]    0          Se0/0      point2point  
23     Untagged    10.0.0.0/8[V]     0          Se0/0      point2point  
24     Aggregate   192.168.2.0/24[V] 0                                  
25     21          100.0.0.3/32      0          Se1/0      point2point  
PE2#

3/26/2008 12:58:24 PM

yup I fixted it

PE2#sh ip cef vrf cust2
Prefix              Next Hop             Interface
0.0.0.0/0           drop                 Null0 (default route handler entry)
0.0.0.0/32          receive
10.0.0.0/8          192.168.2.2          Serial0/0
10.0.0.0/24         10.0.2.1             Serial1/0
50.0.0.1/32         10.0.2.1             Serial1/0
50.0.0.9/32         192.168.2.2          Serial0/0
100.0.0.2/32        10.0.2.1             Serial1/0
192.168.0.0/24      10.0.2.1             Serial1/0
192.168.2.0/24      attached             Serial0/0
192.168.2.0/32      receive
192.168.2.1/32      receive
192.168.2.255/32    receive
224.0.0.0/4         drop
224.0.0.0/24        receive
255.255.255.255/32  receive



PE2#ping vrf cust2 50.0.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 50.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/51/88 ms
PE2#

3/26/2008 12:59:50 PM

Yeah it wasnt looking like you had labels, or vpnv4 routes for that matter...

Gotta have that core working!!

BTW, show ip cef vrf NAME shows you the next hop (p device), not pe device, unless directly connecting PE routers.

show ip bgp vrf NAME (or whatever) will show you the next hop PE device, and then you would do a global route/mpls label lookup for that next hop PE address to determine how the packet will be switched through the MPLS core.

Good job fixing your lab though. Run through it a few more times, and youll have a pretty good grasp of this stuff, for sure.

3/26/2008 9:11:54 PM

I forget the command but its in the 5 day MPLS class book we have internally. I just know it showed you the next hop for the VPN which would have been the remote PE label. Ill have to look it up when I get home.

Thanks for the encouragement though.

I will spend a few days just wr erasing the PE and rebuilding the config so I get used to it and memorize it. One of the things that makes this difficult is that there are so many different components to this type of L3 vpn. It turns from troubleshooting an issue hierarchically (l2 to l3 etc) to horizontally (is it bgp, eigrp, mpls, ldp neighbor configured, etc).

For now Id say Im 70% ready for the exam again.

For the PE-CE protocols Im good now with

static
ripv2
eigrp

but I need work on using

bgp
ospf - Im god aweful with OSPF, especially if its used in the backbone. I remember the lab we had in the class and had to create a super backbone etc etc. I had nightmares from that portion of the class.

3/27/2008 10:42:42 AM

Yeah, I would practice with an OSPF core from here on out if I were you. Thats really the main way people implement it these days (along with IS-IS). Also, make it a bgp free core, and try using a route-reflector (not configured with mpls) to get it all working. That is the ideal topology, and if you understood the intricacies of it, your knowledge would be pretty valuable, and you would be very close to the CCIE-SP and CCIP in my opinion.

3/28/2008 6:33:31 AM

Well the good news is that I understand everything you said. The bad news is that it will take a good while to figure out how to implement that with webIOU. In other words Ill have to figure out where to put what in that topology.

Baby steps I suppose...

3/28/2008 7:49:45 AM

or use the real version, and make up your own topo alot easier. You can run it on the internal servers, you know, where the releases are kept.

3/28/2008 8:55:17 AM

Quote :

"OSPF core "

Quote :

"along with IS-IS"

Agreed- and a requirement if you're going to deploy mpls-te.

3/28/2008 9:33:21 AM

Of course its a requirement to run OSPF or IS-IS for MPLS TE. Those are the only 2 protocols that have been extended for TE.

However, TE is a very very small portion of the CCIP MPLS exam. And if you do get questions on it, they are typically very superficial.

3/28/2008 9:51:31 AM