The MPLS-OPS Archive

[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index][Thread Index][Author Index][Subject Index]

RE: MPLS VPN using GRE/IPSEC between PE

From: "Luan Nguyen" <uulmnguyen@hotmail.com>
Date: Wed, 23 Jul 2003 22:30:56 -0400
Cc: <mpls-ops@mplsrc.com>
Importance: Normal
Resent-Date: Wed, 23 Jul 2003 22:59:45 -0400
To: "'Rajiv Asati'" <rajiva@cisco.com>
X-OriginalArrivalTime: 24 Jul 2003 02:34:54.0230 (UTC) FILETIME=[2A3B3360:01C3518C]
X-Originating-Email: [uulmnguyen@hotmail.com]
X-Originating-IP: [166.50.142.111]

Hi Rajiv,

Nope. No label values.  
2651XM2#show ip cef vrf CUST_1 172.16.248.0 detail
172.16.248.0/24, version 30, epoch 0
0 packets, 0 bytes
  via 204.177.181.253, 0 dependencies, recursive
    next hop 204.177.181.253, Tunnel10000 via 204.177.181.253/32
    valid adjacency


2651XM1#show ip cef vrf CUST_1 172.16.242.0 detail
172.16.242.0/24, version 19, epoch 0
0 packets, 0 bytes
  via 204.177.181.252, 0 dependencies, recursive
    next hop 204.177.181.252, Tunnel10000 via 204.177.181.252/32
    valid adjacency

is the mpls required to be configured on gre tunnel cisco specific
implementation?  Other vendors like juniper or redback probably don't do
this no?  redback claims they do "soft" gre which they don't require the
tunnel interface configured, rather the router will add the gre header
on the fly.  I am new to this...from what I understand, if you don't run
mpls in the core, you don't really need the top label? Since gre will do
that for you right?
Another dumb question is could I use the gre/ipsec tunnel to just
establish the mbgp session while use mpls to do actual traffic
forwarding - pretending my core do mpls?
The ipsec part is for extra security.
I am running IP/IDS/FW/3DES now - can't tag-switching ip.  Will change
to enterprise and see.

Thanks.

-luan


-----Original Message-----
From: Rajiv Asati [mailto:rajiva@cisco.com] 
Sent: Wednesday, July 23, 2003 6:18 PM
To: Luan Nguyen
Cc: mpls-ops@mplsrc.com
Subject: Re: [MPLS-OPS]: MPLS VPN using GRE/IPSEC between PE

Luan,

Take a look at the "sh ip cef vrf <vrf> <prefix>". Do you see any label 
values ?
Usually, MPLS is required to be configured on the GRE tunnel ?

Do you really want IPSEC between PEs ? WHat's the motivation ?

Cheers,
Rajiv

At 03:50 PM 7/23/2003, Luan Nguyen wrote:
>Hello,
>I have a set up like this: 
>cisco2621A----ethernet/BGP----PE1--------GRE/IPSEC-------PE2----Etherne
t
>/BGP---cisco2621C
>running eigrp inside the tunnel to advertise the loopback for the mbgp
peers
>PEs = 2651xm running 12.3.1a enterprise 3DES.
> From the CEs, routing table does have route between them - mbgp 
> established and carried routes but i can't ping from sun box behind
the 
> one CE to the other sun box behind the other CE.  Traceroute die at
the 
> PE. Anyone knows what could be wrong?  do i need to run tag-switching 
> inside the tunnel?
>
>Thanks.
>
>Regards,
>
>--luan
>
>Here are some show routes
>
>2621A#show ip route
>Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -
BGP
>       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1
>- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF 
>external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 -
IS-IS 
>level-1, L2 - IS-IS level-2, ia - IS-IS inter area
>       * - candidate default, U - per-user static route, o - ODR
>       P - periodic downloaded static route
>
>Gateway of last resort is 192.168.1.1 to network 0.0.0.0
>
>     10.0.0.0/24 is subnetted, 2 subnets
>C       10.242.1.0 is directly connected, FastEthernet0/1
>B       10.242.2.0 [20/0] via 192.168.1.1, 00:27:08
>     192.168.1.0/30 is subnetted, 1 subnets
>C       192.168.1.0 is directly connected, FastEthernet0/0
>S*   0.0.0.0/0 [1/0] via 192.168.1.1
>2621A#show ip int brief
>Interface                  IP-Address      OK? Method Status
>
>Protocol
>FastEthernet0/0            192.168.1.2     YES manual up
>
>up
>FastEthernet0/1            10.242.1.1      YES manual up
>
>up
>2621C#show ip route
>Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -
BGP
>       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1
>- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF 
>external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 -
IS-IS 
>level-1, L2 - IS-IS level-2, ia - IS-IS inter area
>       * - candidate default, U - per-user static route, o - ODR
>       P - periodic downloaded static route
>
>Gateway of last resort is 192.168.2.1 to network 0.0.0.0
>
>     10.0.0.0/24 is subnetted, 2 subnets
>B       10.242.1.0 [20/0] via 192.168.2.1, 00:23:37
>C       10.242.2.0 is directly connected, Ethernet0/1
>     192.168.2.0/30 is subnetted, 1 subnets
>C       192.168.2.0 is directly connected, Ethernet0/0
>S*   0.0.0.0/0 [1/0] via 192.168.2.1
>
>2651XM1#show ip route vrf customer1
>
>Routing Table: customer1
>Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
>       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1
>- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF 
>external type 1, E2 - OSPF external type 2
>       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS 
> level-2 ia - IS-IS inter area, * - candidate default, U - per-user
static route
>       o - ODR, P - periodic downloaded static route
>
>Gateway of last resort is not set
>
>     10.0.0.0/24 is subnetted, 2 subnets
>B       10.242.1.0 [20/0] via 192.168.1.2, 00:29:08
>B       10.242.2.0 [200/0] via 204.177.181.252, 00:17:55
>     192.168.1.0/30 is subnetted, 1 subnets
>C       192.168.1.0 is directly connected, FastEthernet0/0
>
>2651XM2#show ip route vrf customer1
>
>Routing Table: customer1
>Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
>       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1
>- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF 
>external type 1, E2 - OSPF external type 2
>       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS 
> level-2 ia - IS-IS inter area, * - candidate default, U - per-user
static route
>       o - ODR, P - periodic downloaded static route
>
>Gateway of last resort is not set
>
>     10.0.0.0/24 is subnetted, 2 subnets
>B       10.242.1.0 [200/0] via 204.177.181.253, 00:15:45
>B       10.242.2.0 [20/0] via 192.168.2.2, 00:15:13
>     192.168.2.0/30 is subnetted, 1 subnets
>C       192.168.2.0 is directly connected, FastEthernet0/0
>
>_________________________________________________________________
>MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
>http://join.msn.com/?page=features/virus
>
>-------
>The MPLS-OPS Mailing List
>Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
>Archive: http://www.mplsrc.com/mpls-ops_archive.shtml


-------
The MPLS-OPS Mailing List
Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
Archive: http://www.mplsrc.com/mpls-ops_archive.shtml

-------
The MPLS-OPS Mailing List
Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
Archive: http://www.mplsrc.com/mpls-ops_archive.shtml

Follow-Ups:
- RE: MPLS VPN using GRE/IPSEC between PE
  - From: Rajiv Asati <rajiva@cisco.com>

References:
- Re: MPLS VPN using GRE/IPSEC between PE
  - From: Rajiv Asati <rajiva@cisco.com>