The MPLS-OPS Archive

[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index][Thread Index][Author Index][Subject Index]
RE: MPLS VPN using GRE/IPSEC between PE

From: Rajiv Asati <rajiva@cisco.com>
Date: Thu, 24 Jul 2003 00:00:43 -0400
Cc: <mpls-ops@mplsrc.com>
Resent-Date: Thu, 24 Jul 2003 00:27:07 -0400
To: "Luan Nguyen" <uulmnguyen@hotmail.com>
X-Sender: rajiva@dingdong.cisco.com
Luan,

Please read my previous email for the explanation.
You need MPLS/LDP to find the label to get to the remote PE.
>         Recursive rewrite via NULL, tags imposed {18}
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
It can't find the label for the remote PE=204.177.181.252/32. Hence, the 
pings are not going to go through.

Cheers,
Rajiv

At 11:48 PM 7/23/2003, Luan Nguyen wrote:
>Hello,
>So I change ios to enterprise and reload the 2 pe routers and all
>sudden:
>
>2651XM1#show ip cef vrf CUST_1 172.16.242.0 detail
>172.16.242.0/24, version 15, epoch 0
>0 packets, 0 bytes
>   tag information set
>     local tag: VPN-route-head
>     fast tag rewrite with
>         Recursive rewrite via NULL, tags imposed {18}
>   via 204.177.181.252, 0 dependencies, recursive
>     next hop 204.177.181.252, Tunnel10000 via 204.177.181.252/32
>     valid adjacency
>     tag rewrite with
>         Recursive rewrite via NULL, tags imposed {18}
>2651XM1#show ip cef vrf CUST_1 172.16.248.0 detail
>172.16.248.0/24, version 12, epoch 0, cached adjacency 192.168.1.2
>0 packets, 0 bytes
>   tag information set
>     local tag: 17
>   via 192.168.1.2, 0 dependencies, recursive
>     next hop 192.168.1.2, FastEthernet0/0 via 192.168.1.2/32
>     valid cached adjacency
>     tag rewrite with Fa0/0, 192.168.1.2, tags imposed: {}
>2651XM2#show  ip cef vrf CUST_1 172.16.248.0 detail
>172.16.248.0/24, version 18, epoch 0
>0 packets, 0 bytes
>   tag information set
>     local tag: VPN-route-head
>     fast tag rewrite with
>         Recursive rewrite via NULL, tags imposed {17}
>   via 204.177.181.253, 0 dependencies, recursive
>     next hop 204.177.181.253, Tunnel10000 via 204.177.181.253/32
>     valid adjacency
>     tag rewrite with
>         Recursive rewrite via NULL, tags imposed {17}
>2651XM2#show  ip cef vrf CUST_1 172.16.242.0 detail
>172.16.242.0/24, version 16, epoch 0, cached adjacency 192.168.2.2
>0 packets, 0 bytes
>   tag information set
>     local tag: 18
>   via 192.168.2.2, 0 dependencies, recursive
>     next hop 192.168.2.2, FastEthernet0/0 via 192.168.2.2/32
>     valid cached adjacency
>     tag rewrite with Fa0/0, 192.168.2.2, tags imposed: {}
>
>Still can't ping:
>2621A#show ip route
>Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
>        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
>        E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
>        i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
>inter area
>        * - candidate default, U - per-user static route, o - ODR
>        P - periodic downloaded static route
>
>Gateway of last resort is 192.168.1.1 to network 0.0.0.0
>
>      172.16.0.0/24 is subnetted, 2 subnets
>C       172.16.248.0 is directly connected, Loopback0
>B       172.16.242.0 [20/0] via 192.168.1.1, 00:01:24
>      10.0.0.0/24 is subnetted, 3 subnets
>B       10.242.22.0 [20/0] via 192.168.1.1, 00:01:25
>C       10.242.1.0 is directly connected, FastEthernet0/1
>B       10.242.2.0 [20/0] via 192.168.1.1, 00:01:24
>      192.168.1.0/30 is subnetted, 1 subnets
>C       192.168.1.0 is directly connected, FastEthernet0/0
>S*   0.0.0.0/0 [1/0] via 192.168.1.1
>2621A#show ip int brief
>Interface                  IP-Address      OK? Method Status
>Protocol
>FastEthernet0/0            192.168.1.2     YES manual up
>up
>FastEthernet0/1            10.242.1.1      YES manual up
>up
>Loopback0                  172.16.248.1    YES manual up
>up
>2621A#ping
>Protocol [ip]:
>Target IP address: 172.16.242.1
>Repeat count [5]:
>Datagram size [100]:
>Timeout in seconds [2]:
>Extended commands [n]: y
>Source address or interface: 172.16.248.1
>Type of service [0]:
>Set DF bit in IP header? [no]:
>Validate reply data? [no]:
>Data pattern [0xABCD]:
>Loose, Strict, Record, Timestamp, Verbose[none]:
>Sweep range of sizes [n]:
>Type escape sequence to abort.
>Sending 5, 100-byte ICMP Echos to 172.16.242.1, timeout is 2 seconds:
>.....
>Success rate is 0 percent (0/5)
>
>Then putting on tag-switching ip command on tunnel interface
>2651XM1#show ip cef vrf CUST_1 172.16.248.0 detail
>172.16.248.0/24, version 12, epoch 0, cached adjacency 192.168.1.2
>0 packets, 0 bytes
>   tag information set
>     local tag: 17
>   via 192.168.1.2, 0 dependencies, recursive
>     next hop 192.168.1.2, FastEthernet0/0 via 192.168.1.2/32
>     valid cached adjacency
>     tag rewrite with Fa0/0, 192.168.1.2, tags imposed: {}
>2651XM1#show ip cef vrf CUST_1 172.16.242.0 detail
>172.16.242.0/24, version 15, epoch 0
>0 packets, 0 bytes
>   tag information set
>     local tag: VPN-route-head
>     fast tag rewrite with Tu10000, point2point, tags imposed: {18}
>   via 204.177.181.252, 0 dependencies, recursive
>     next hop 204.177.181.252, Tunnel10000 via 204.177.181.252/32
>     valid adjacency
>     tag rewrite with Tu10000, point2point, tags imposed: {18}
>
>
>Jul 23 23:46:34.082 EDT: %SYS-5-CONFIG_I: Configured from console by
>cshow  ip cef vrf CUST_1 172.16.248.0 detail
>172.16.248.0/24, version 18, epoch 0
>0 packets, 0 bytes
>   tag information set
>     local tag: VPN-route-head
>     fast tag rewrite with
>         Recursive rewrite via 204.177.181.253/32, tags imposed {17}
>   via 204.177.181.253, 0 dependencies, recursive
>     next hop 204.177.181.253, Tunnel10000 via 204.177.181.253/32
>     valid adjacency
>     tag rewrite with
>         Recursive rewrite via 204.177.181.253/32, tags imposed {17}
>2651XM2#show  ip cef vrf CUST_1 172.16.248.0 detail
>172.16.248.0/24, version 18, epoch 0
>0 packets, 0 bytes
>   tag information set
>     local tag: VPN-route-head
>     fast tag rewrite with
>         Recursive rewrite via 204.177.181.253/32, tags imposed {17}
>   via 204.177.181.253, 0 dependencies, recursive
>     next hop 204.177.181.253, Tunnel10000 via 204.177.181.253/32
>     valid adjacency
>     tag rewrite with
>         Recursive rewrite via 204.177.181.253/32, tags imposed {17}
>2651XM2#show  ip cef vrf CUST_1 172.16.242.0 detail
>172.16.242.0/24, version 16, epoch 0, cached adjacency 192.168.2.2
>0 packets, 0 bytes
>   tag information set
>     local tag: 18
>   via 192.168.2.2, 0 dependencies, recursive
>     next hop 192.168.2.2, FastEthernet0/0 via 192.168.2.2/32
>     valid cached adjacency
>     tag rewrite with Fa0/0, 192.168.2.2, tags imposed: {}
>2651XM2#
>Jul 23 23:47:23.712 EDT: %LDP-5-NBRCHG: TDP Neighbor 204.177.181.253:0
>is UP
>2651XM2#show  ip cef vrf CUST_1 172.16.242.0 detail
>172.16.242.0/24, version 16, epoch 0, cached adjacency 192.168.2.2
>0 packets, 0 bytes
>   tag information set
>     local tag: 18
>   via 192.168.2.2, 0 dependencies, recursive
>     next hop 192.168.2.2, FastEthernet0/0 via 192.168.2.2/32
>     valid cached adjacency
>     tag rewrite with Fa0/0, 192.168.2.2, tags imposed: {}
>2651XM2#show  ip cef vrf CUST_1 172.16.248.0 detail
>172.16.248.0/24, version 18, epoch 0
>0 packets, 0 bytes
>   tag information set
>     local tag: VPN-route-head
>     fast tag rewrite with Tu10000, point2point, tags imposed: {17}
>   via 204.177.181.253, 0 dependencies, recursive
>     next hop 204.177.181.253, Tunnel10000 via 204.177.181.253/32
>     valid adjacency
>     tag rewrite with Tu10000, point2point, tags imposed: {17}
>
>Still can't ping :(
>
>2621A#ping
>Protocol [ip]:
>Target IP address: 172.16.242.1
>Repeat count [5]:
>Datagram size [100]:
>Timeout in seconds [2]:
>Extended commands [n]: y
>Source address or interface: 172.16.248.1
>Type of service [0]:
>Set DF bit in IP header? [no]:
>Validate reply data? [no]:
>Data pattern [0xABCD]:
>Loose, Strict, Record, Timestamp, Verbose[none]:
>Sweep range of sizes [n]:
>Type escape sequence to abort.
>Sending 5, 100-byte ICMP Echos to 172.16.242.1, timeout is 2 seconds:
>.....
>Success rate is 0 percent (0/5)
>
>Midnight already - guess I go to sleep and dream about ping would work
>:)
>Any pointers or explanation would be greatly appreciated.
>
>-luan
>
>-----Original Message-----
>From: Rajiv Asati [mailto:rajiva@cisco.com]
>Sent: Wednesday, July 23, 2003 6:18 PM
>To: Luan Nguyen
>Cc: mpls-ops@mplsrc.com
>Subject: Re: [MPLS-OPS]: MPLS VPN using GRE/IPSEC between PE
>
>Luan,
>
>Take a look at the "sh ip cef vrf <vrf> <prefix>". Do you see any label
>values ?
>Usually, MPLS is required to be configured on the GRE tunnel ?
>
>Do you really want IPSEC between PEs ? WHat's the motivation ?
>
>Cheers,
>Rajiv
>
>At 03:50 PM 7/23/2003, Luan Nguyen wrote:
> >Hello,
> >I have a set up like this:
> >cisco2621A----ethernet/BGP----PE1--------GRE/IPSEC-------PE2----Etherne
>t
> >/BGP---cisco2621C
> >running eigrp inside the tunnel to advertise the loopback for the mbgp
>peers
> >PEs = 2651xm running 12.3.1a enterprise 3DES.
> > From the CEs, routing table does have route between them - mbgp
> > established and carried routes but i can't ping from sun box behind
>the
> > one CE to the other sun box behind the other CE.  Traceroute die at
>the
> > PE. Anyone knows what could be wrong?  do i need to run tag-switching
> > inside the tunnel?
> >
> >Thanks.
> >
> >Regards,
> >
> >--luan
> >
> >Here are some show routes
> >
> >2621A#show ip route
> >Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -
>BGP
> >       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>N1
> >- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF
> >external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 -
>IS-IS
> >level-1, L2 - IS-IS level-2, ia - IS-IS inter area
> >       * - candidate default, U - per-user static route, o - ODR
> >       P - periodic downloaded static route
> >
> >Gateway of last resort is 192.168.1.1 to network 0.0.0.0
> >
> >     10.0.0.0/24 is subnetted, 2 subnets
> >C       10.242.1.0 is directly connected, FastEthernet0/1
> >B       10.242.2.0 [20/0] via 192.168.1.1, 00:27:08
> >     192.168.1.0/30 is subnetted, 1 subnets
> >C       192.168.1.0 is directly connected, FastEthernet0/0
> >S*   0.0.0.0/0 [1/0] via 192.168.1.1
> >2621A#show ip int brief
> >Interface                  IP-Address      OK? Method Status
> >
> >Protocol
> >FastEthernet0/0            192.168.1.2     YES manual up
> >
> >up
> >FastEthernet0/1            10.242.1.1      YES manual up
> >
> >up
> >2621C#show ip route
> >Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B -
>BGP
> >       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>N1
> >- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF
> >external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 -
>IS-IS
> >level-1, L2 - IS-IS level-2, ia - IS-IS inter area
> >       * - candidate default, U - per-user static route, o - ODR
> >       P - periodic downloaded static route
> >
> >Gateway of last resort is 192.168.2.1 to network 0.0.0.0
> >
> >     10.0.0.0/24 is subnetted, 2 subnets
> >B       10.242.1.0 [20/0] via 192.168.2.1, 00:23:37
> >C       10.242.2.0 is directly connected, Ethernet0/1
> >     192.168.2.0/30 is subnetted, 1 subnets
> >C       192.168.2.0 is directly connected, Ethernet0/0
> >S*   0.0.0.0/0 [1/0] via 192.168.2.1
> >
> >2651XM1#show ip route vrf customer1
> >
> >Routing Table: customer1
> >Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
> >       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>N1
> >- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF
> >external type 1, E2 - OSPF external type 2
> >       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
> > level-2 ia - IS-IS inter area, * - candidate default, U - per-user
>static route
> >       o - ODR, P - periodic downloaded static route
> >
> >Gateway of last resort is not set
> >
> >     10.0.0.0/24 is subnetted, 2 subnets
> >B       10.242.1.0 [20/0] via 192.168.1.2, 00:29:08
> >B       10.242.2.0 [200/0] via 204.177.181.252, 00:17:55
> >     192.168.1.0/30 is subnetted, 1 subnets
> >C       192.168.1.0 is directly connected, FastEthernet0/0
> >
> >2651XM2#show ip route vrf customer1
> >
> >Routing Table: customer1
> >Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
> >       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>N1
> >- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF
> >external type 1, E2 - OSPF external type 2
> >       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
> > level-2 ia - IS-IS inter area, * - candidate default, U - per-user
>static route
> >       o - ODR, P - periodic downloaded static route
> >
> >Gateway of last resort is not set
> >
> >     10.0.0.0/24 is subnetted, 2 subnets
> >B       10.242.1.0 [200/0] via 204.177.181.253, 00:15:45
> >B       10.242.2.0 [20/0] via 192.168.2.2, 00:15:13
> >     192.168.2.0/30 is subnetted, 1 subnets
> >C       192.168.2.0 is directly connected, FastEthernet0/0
> >
> >_________________________________________________________________
> >MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
> >http://join.msn.com/?page=features/virus
> >
> >-------
> >The MPLS-OPS Mailing List
> >Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
> >Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
>
>
>-------
>The MPLS-OPS Mailing List
>Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
>Archive: http://www.mplsrc.com/mpls-ops_archive.shtml


-------
The MPLS-OPS Mailing List
Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
References:
- Re: MPLS VPN using GRE/IPSEC between PE
  - From: Rajiv Asati <rajiva@cisco.com>
- RE: MPLS VPN using GRE/IPSEC between PE
  - From: "Luan Nguyen" <uulmnguyen@hotmail.com>