The MPLS-OPS Archive[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index][Thread Index][Author Index][Subject Index] RE: MPLS VPN using GRE/IPSEC between PE
Luan, You could use mGRE feature that doesn't require any MPLS/LDP on the GRE tunnel. http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a0080103d9d.html In your current case, mpls adjacency is required to be established and that's why the ldp is required to be enabled on the tunnel. This is the default case. Please keep in mind that this back-to-back tunnel between PEs, and hence, PEs will have "pop" labels to each other. >Another dumb question is could I use the gre/ipsec tunnel to just >establish the mbgp session while use mpls to do actual traffic >forwarding - pretending my core do mpls? Sure. Are you using "tunnel protection" feature to configure IPsec on the GRE tunnel ? Cheers, Rajiv At 10:30 PM 7/23/2003, Luan Nguyen wrote: >Hi Rajiv, > >Nope. No label values. >2651XM2#show ip cef vrf CUST_1 172.16.248.0 detail >172.16.248.0/24, version 30, epoch 0 >0 packets, 0 bytes > via 204.177.181.253, 0 dependencies, recursive > next hop 204.177.181.253, Tunnel10000 via 204.177.181.253/32 > valid adjacency > > >2651XM1#show ip cef vrf CUST_1 172.16.242.0 detail >172.16.242.0/24, version 19, epoch 0 >0 packets, 0 bytes > via 204.177.181.252, 0 dependencies, recursive > next hop 204.177.181.252, Tunnel10000 via 204.177.181.252/32 > valid adjacency > >is the mpls required to be configured on gre tunnel cisco specific >implementation? Other vendors like juniper or redback probably don't do >this no? redback claims they do "soft" gre which they don't require the >tunnel interface configured, rather the router will add the gre header >on the fly. I am new to this...from what I understand, if you don't run >mpls in the core, you don't really need the top label? Since gre will do >that for you right? >Another dumb question is could I use the gre/ipsec tunnel to just >establish the mbgp session while use mpls to do actual traffic >forwarding - pretending my core do mpls? >The ipsec part is for extra security. >I am running IP/IDS/FW/3DES now - can't tag-switching ip. Will change >to enterprise and see. > >Thanks. > >-luan > > >-----Original Message----- >From: Rajiv Asati [mailto:rajiva@cisco.com] >Sent: Wednesday, July 23, 2003 6:18 PM >To: Luan Nguyen >Cc: mpls-ops@mplsrc.com >Subject: Re: [MPLS-OPS]: MPLS VPN using GRE/IPSEC between PE > >Luan, > >Take a look at the "sh ip cef vrf <vrf> <prefix>". Do you see any label >values ? >Usually, MPLS is required to be configured on the GRE tunnel ? > >Do you really want IPSEC between PEs ? WHat's the motivation ? > >Cheers, >Rajiv > >At 03:50 PM 7/23/2003, Luan Nguyen wrote: > >Hello, > >I have a set up like this: > >cisco2621A----ethernet/BGP----PE1--------GRE/IPSEC-------PE2----Etherne >t > >/BGP---cisco2621C > >running eigrp inside the tunnel to advertise the loopback for the mbgp >peers > >PEs = 2651xm running 12.3.1a enterprise 3DES. > > From the CEs, routing table does have route between them - mbgp > > established and carried routes but i can't ping from sun box behind >the > > one CE to the other sun box behind the other CE. Traceroute die at >the > > PE. Anyone knows what could be wrong? do i need to run tag-switching > > inside the tunnel? > > > >Thanks. > > > >Regards, > > > >--luan > > > >Here are some show routes > > > >2621A#show ip route > >Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - >BGP > > D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area >N1 > >- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF > >external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - >IS-IS > >level-1, L2 - IS-IS level-2, ia - IS-IS inter area > > * - candidate default, U - per-user static route, o - ODR > > P - periodic downloaded static route > > > >Gateway of last resort is 192.168.1.1 to network 0.0.0.0 > > > > 10.0.0.0/24 is subnetted, 2 subnets > >C 10.242.1.0 is directly connected, FastEthernet0/1 > >B 10.242.2.0 [20/0] via 192.168.1.1, 00:27:08 > > 192.168.1.0/30 is subnetted, 1 subnets > >C 192.168.1.0 is directly connected, FastEthernet0/0 > >S* 0.0.0.0/0 [1/0] via 192.168.1.1 > >2621A#show ip int brief > >Interface IP-Address OK? Method Status > > > >Protocol > >FastEthernet0/0 192.168.1.2 YES manual up > > > >up > >FastEthernet0/1 10.242.1.1 YES manual up > > > >up > >2621C#show ip route > >Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - >BGP > > D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area >N1 > >- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF > >external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - >IS-IS > >level-1, L2 - IS-IS level-2, ia - IS-IS inter area > > * - candidate default, U - per-user static route, o - ODR > > P - periodic downloaded static route > > > >Gateway of last resort is 192.168.2.1 to network 0.0.0.0 > > > > 10.0.0.0/24 is subnetted, 2 subnets > >B 10.242.1.0 [20/0] via 192.168.2.1, 00:23:37 > >C 10.242.2.0 is directly connected, Ethernet0/1 > > 192.168.2.0/30 is subnetted, 1 subnets > >C 192.168.2.0 is directly connected, Ethernet0/0 > >S* 0.0.0.0/0 [1/0] via 192.168.2.1 > > > >2651XM1#show ip route vrf customer1 > > > >Routing Table: customer1 > >Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP > > D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area >N1 > >- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF > >external type 1, E2 - OSPF external type 2 > > i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS > > level-2 ia - IS-IS inter area, * - candidate default, U - per-user >static route > > o - ODR, P - periodic downloaded static route > > > >Gateway of last resort is not set > > > > 10.0.0.0/24 is subnetted, 2 subnets > >B 10.242.1.0 [20/0] via 192.168.1.2, 00:29:08 > >B 10.242.2.0 [200/0] via 204.177.181.252, 00:17:55 > > 192.168.1.0/30 is subnetted, 1 subnets > >C 192.168.1.0 is directly connected, FastEthernet0/0 > > > >2651XM2#show ip route vrf customer1 > > > >Routing Table: customer1 > >Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP > > D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area >N1 > >- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF > >external type 1, E2 - OSPF external type 2 > > i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS > > level-2 ia - IS-IS inter area, * - candidate default, U - per-user >static route > > o - ODR, P - periodic downloaded static route > > > >Gateway of last resort is not set > > > > 10.0.0.0/24 is subnetted, 2 subnets > >B 10.242.1.0 [200/0] via 204.177.181.253, 00:15:45 > >B 10.242.2.0 [20/0] via 192.168.2.2, 00:15:13 > > 192.168.2.0/30 is subnetted, 1 subnets > >C 192.168.2.0 is directly connected, FastEthernet0/0 > > > >_________________________________________________________________ > >MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. > >http://join.msn.com/?page=features/virus > > > >------- > >The MPLS-OPS Mailing List > >Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml > >Archive: http://www.mplsrc.com/mpls-ops_archive.shtml > > >------- >The MPLS-OPS Mailing List >Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml >Archive: http://www.mplsrc.com/mpls-ops_archive.shtml > >------- >The MPLS-OPS Mailing List >Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml >Archive: http://www.mplsrc.com/mpls-ops_archive.shtml ------- The MPLS-OPS Mailing List Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
|
|