cancel
Showing results for 
Search instead for 
Did you mean: 

mpls L3VPN between Cisco and Extreme Networks XOS devices

mpls L3VPN between Cisco and Extreme Networks XOS devices

Stefano_Dall_Os
New Contributor III
Hi everybody,
I'm trying to get L3VPN mpls working between Extreme Networks x460g2 and various cisco devices (3600, ASR920, 7600, 9000), and actually I'm stuck ...
Has anyone ever been able to do it?

I'll try to explain what I've done with some pictures and text information ...

Here are the L1 and L2/L3 schemes of version 1 of my lab ...

40ab4fb14f41484182f75b6310f0dc73_RackMultipart20170330-67611-119fmuq-MPLS_test_L1_version_1_inline.png



40ab4fb14f41484182f75b6310f0dc73_RackMultipart20170330-94705-13lkfzp-MPLS_test_L2_L3_version_1_inline.png



On each switch/router we have 2 loopback interfaces/vlans:
- 1 for OSPF 172.18.0.x/32
- 1 for iBGP 172.18.128.x/32
The «x» refers to the numeric ID of each switch/router, with the only exception of RFI1, where:
- OSPF loopback is 172.18.0.3/32
- iBGP loopback is 172.18.128.1/32
All switches are in the same OSPF area 172.18.128.217, and is the BGP AS 172. RFI1 is the RR for the BGP part, and the ONLY neighbor for each switch/router.

All ospf interfaces are PTP.
BGP and OSPF seems to work fine as soon as we DON’T enable MPLS.
LDP protocol seems to work well between the two vendors.
We created 2 VPN-VRF on every switch/router:
- vr-acme with RD 172:10 ad route-target 172:10 in both RX and TX, with a binded loopback interface 3.3.3.x/32
- vr-mgt_ool_104999 with RD 172:104999 and route-target 172:104999 in both RX ad TX, with a binded loopback interface 4.4.4.x/32

From my point of view, the main «suspect» is something in the routing part.
We changed the iBGP route priority in the extreme devices, to be similar to the Cisco administrative distance
configure iproute priority ibgp 4000
I still have doubts on «where» to put the priority of the MPLS.
I tried the default value, before iBGP or after iBGP, and the result is pretty close the same:
as soon as we enable the MPLS routing stuff, things start to work NOT in the way we expected/wanted.

Step1:
- We added the 2 loopback vlans and the ospf PTP vlan in the mpls and LDP «process».
- We enabled «mpls protocol ldp» and «mpls» itself
At this point, LDP starts to work, and we start to see some MPLS stuff, but the main goal, that is to see routing information on the two separate
VRF, is still not reached (we don’t see anything in the specific VRF routing table, as expected ... mpls routing is STILL not enabled)

Step2:
- We enable the MPLS routing
• enable iproute mpls-next-hop
• enable iproute mpls-next-hop vr vr-acme
• enable iproute mpls-next-hop vr vr-mgt_ool_104999
At this point, for a while (iBGP timeout), I see what I want to see in the VRF routing table (actually just the loopback interfaces binded to each VRF), but after the iBGP timeout, everything disappears.
The cause seems to be the fact that as soon as I enable the MPLS routing, I loose the reachability of the iBGP loopback interface, and from there I loose the iBPG neighborship.
And here is the MOST interesting part: the ISSUE is NOT everywhere, but just from a device
(and from that one, nothing works, like in a chain)
The «guilty device» is the FIRST cisco switch/router, no matter which model it is
(we tried to «switch» between cisco models, but nothing changed).

To be more specific, if we look at «version 1» of the test, if we try to ping from RFI1 using the iBGP loopback interface as source, and the iBGP
loopback interface of each other switch/router as the destination, we have:
- RFI1 can ping 217
- RFI1 can ping 216
- RFI1 CANNOT ping 213
- RFI1 CANNOT ping 214
- RFI1 CANNOT ping 215
Moreover: IF the chain is ONLY of extreme switches, everything works perfectly (still using RFI1, a cisco device, as RR ... same configuration ...)
Even more, just because RFI1 is a REAL production router, for a while I used a smaller set of devices.
Just take the same scheme of «version 1», remove RFI1, and take 217 as its replacement
(so 217 is the RR for iBGP, and all other router just have it as a neighbor).
In this way, everything works perfectly.

Here are pictures for version 2 of the same lab ... same results ...

40ab4fb14f41484182f75b6310f0dc73_RackMultipart20170330-45589-3deoju-MPLS_test_L1_version_2_inline.png



40ab4fb14f41484182f75b6310f0dc73_RackMultipart20170330-2593-zg6c1o-MPLS_test_L2_L3_version_2_inline.png

16 REPLIES 16

Stefano_Dall_Os
New Contributor III
Thanks Nikolay,
but I think that's not my case ...
it's not related to ARP ...

this is my output

VrId Gateway MAC Intf RCnt Flags
================================================================
3 003.003.003.216 00:00:00:00:00:00 0 1 ----L----
4 004.004.004.216 00:00:00:00:00:00 0 1 ----L----
2 010.151.217.005 00:04:96:98:FB:A8 3 4 RS-------
2 010.151.217.006 00:00:00:00:00:00 0 2 ----L----
2 010.151.217.009 00:00:00:00:00:00 0 2 ----L----
2 010.151.217.010 84:B8:02:69:3D:1F 4 1 RS-------
0 127.000.000.001 00:00:00:00:00:00 0 1 ----L----
2 172.018.000.216 00:00:00:00:00:00 0 1 ----L----
2 172.018.128.216 00:00:00:00:00:00 0 1 ----L----

and I don't see anything with the E flag ...

thanks again

best regards

Stefano

Necheporenko__N
Extreme Employee

Stefano_Dall_Os
New Contributor III
mmm ...
I'm still having issues ...
I tried to follow the suggestions,
but still it's NOT working as expected ...

this is the CISCO configuration "template"

!
ip vrf acme
rd 172:10
route-target export 172:10
route-target import 172:10
!
### THE OSPF LOOPBACK ###
interface Loopback0
ip address 172.18.0.213 255.255.255.255
!
### THE LOOPBACK related to one VRF ###
interface Loopback10
ip vrf forwarding acme
ip address 3.3.3.213 255.255.255.255
!
### THE BGP LOOPBACK ###
interface Loopback99
description IP riferimento Neighbor Mpls
ip address 172.18.128.213 255.255.255.255
!
interface GigabitEthernet0/1
no switchport
ip address 10.151.217.10 255.255.255.252
ip ospf network point-to-point
mpls ip
!
interface GigabitEthernet0/2
no switchport
ip address 10.151.217.17 255.255.255.252
ip ospf network point-to-point
mpls ip
!
router ospf 172
router-id 172.18.0.213
auto-cost reference-bandwidth 40000
area 172.18.128.217 nssa no-summary
passive-interface default
no passive-interface GigabitEthernet0/1
no passive-interface GigabitEthernet0/2
network 10.151.217.8 0.0.0.3 area 172.18.128.217
network 10.151.217.16 0.0.0.3 area 172.18.128.217
network 172.18.0.213 0.0.0.0 area 172.18.128.217
network 172.18.128.213 0.0.0.0 area 172.18.128.217
!
router bgp 172
bgp router-id 172.18.128.213
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 172.18.128.1 remote-as 172
neighbor 172.18.128.1 update-source Loopback99
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 172.18.128.1 activate
neighbor 172.18.128.1 send-community both
exit-address-family
!
address-family ipv4 vrf acme
redistribute connected
exit-address-family
!
mpls ldp router-id Loopback99 force
!

this is the EXTREME NETWORKS template

#
# Module vlan configuration.
#
configure vlan default delete ports all
configure vr VR-Default delete ports 1-34
create vr "vr-acme" type vpn-vrf vr "VR-Default"
create vr "vr-mgt_ool_104999" type vpn-vrf vr "VR-Default"
configure vlan default delete ports 1-34
enable jumbo-frame ports all
create vlan "vloop4000"
configure vlan vloop4000 tag 4000
enable loopback-mode vlan vloop4000
create vlan "vloop4009"
configure vlan vloop4009 tag 4009
enable loopback-mode vlan vloop4009
create vlan "vloop4010" vr vr-acme
configure vlan vloop4010 tag 4010
enable loopback-mode vlan vloop4010
create vlan "vloop4069" vr vr-mgt_ool_104999
configure vlan vloop4069 tag 4069
enable loopback-mode vlan vloop4069
create vlan "vp2p3001"
configure vlan vp2p3001 tag 3001
create vlan "vp2p3002"
configure vlan vp2p3002 tag 3002
configure vlan vp2p3001 add ports 1 untagged
configure vlan vp2p3002 add ports 2 untagged
configure vlan vloop4000 ipaddress 172.18.0.216 255.255.255.255
enable ipforwarding vlan vloop4000
configure vlan vloop4009 ipaddress 172.18.128.216 255.255.255.255
enable ipforwarding vlan vloop4009
configure vlan vp2p3001 ipaddress 10.151.217.6 255.255.255.252
enable ipforwarding vlan vp2p3001
configure vlan vp2p3002 ipaddress 10.151.217.9 255.255.255.252
enable ipforwarding vlan vp2p3002
configure vlan vloop4010 ipaddress 3.3.3.216 255.255.255.255
enable ipforwarding vlan vloop4010
configure vlan vloop4069 ipaddress 4.4.4.216 255.255.255.255
enable ipforwarding vlan vloop4069
configure vr vr-acme add protocol bgp
configure vr vr-mgt_ool_104999 add protocol bgp
configure vr vr-acme rd 172:10
configure vr vr-mgt_ool_104999 rd 172:104999
configure vr vr-acme route-target both add 172:10
configure vr vr-mgt_ool_104999 route-target both add 172:104999

#
# Module rtmgr configuration.
#
enable iproute mpls-next-hop
disable iproute ipv4 compression

#
# Module bgp configuration.
#
configure bgp AS-number 172
configure bgp routerid 172.18.128.216
enable bgp mpls-next-hop
enable bgp community format AS-number:number
create bgp neighbor 172.18.128.1 remote-AS-number 172
configure bgp neighbor 172.18.128.1 source-interface ipaddress 172.18.128.216
enable bgp neighbor 172.18.128.1
configure bgp neighbor 172.18.128.1 send-community both
configure bgp neighbor 172.18.128.1 next-hop-self
configure bgp neighbor 172.18.128.1 address-family vpnv4 next-hop-self
enable bgp neighbor 172.18.128.1 capability vpnv4
enable bgp export vr vr-acme direct address-family vpnv4
enable bgp export vr vr-acme bgp address-family vpnv4
enable bgp export vr vr-mgt_ool_104999 direct address-family vpnv4
enable bgp export vr vr-mgt_ool_104999 bgp address-family vpnv4
enable bgp

#
# Module bgp configuration on virtual router vr-acme.
#
virtual-router vr-acme
configure bgp AS-number 172
configure bgp routerid 172.18.128.216
enable bgp community format AS-number:number
enable bgp export remote-vpn address-family ipv4-unicast
enable bgp
virtual-router VR-Default

#
# Module bgp configuration on virtual router vr-mgt_ool_104999.
#
virtual-router vr-mgt_ool_104999
configure bgp AS-number 172
configure bgp routerid 172.18.128.216
enable bgp community format AS-number:number
enable bgp export remote-vpn address-family ipv4-unicast
enable bgp
virtual-router VR-Default

#
# Module mpls configuration.
#
configure mpls add vlan "vloop4000"
enable mpls vlan "vloop4000"
enable mpls ldp vlan "vloop4000"
configure mpls add vlan "vloop4009"
enable mpls vlan "vloop4009"
enable mpls ldp vlan "vloop4009"
configure mpls add vlan "vp2p3001"
enable mpls vlan "vp2p3001"
enable mpls ldp vlan "vp2p3001"
configure mpls add vlan "vp2p3002"
enable mpls vlan "vp2p3002"
enable mpls ldp vlan "vp2p3002"
configure mpls lsr-id 172.18.128.216
enable snmp traps mpls
enable mpls protocol ldp
enable mpls

#
# Module ospf configuration.
#
configure ospf routerid 172.18.0.216
enable ospf mpls-next-hop
configure ospf metric-table 10M 4000 100M 400 1G 40 10G 4 40G 1 100G 1
enable ospf
create ospf area 172.18.128.217
configure ospf area 172.18.128.217 nssa nosummary stub-default-cost 1000
configure ospf add vlan vloop4000 area 172.18.128.217 link-type point-to-point passive
configure ospf add vlan vloop4009 area 172.18.128.217 link-type point-to-point passive
configure ospf add vlan vp2p3001 area 172.18.128.217 link-type point-to-point
configure ospf add vlan vp2p3002 area 172.18.128.217 link-type point-to-point

I'm still having same issues ... with loss of BGP neighborship as soon as we "traverse" the first cisco device, so:
- 215 CANNOT ping
- 214 CANNOT ping
- 213 CANNOT ping

more over, leaving iproute priority default values, also 216 (the second extreme device) has the same issue ...
with

configure iproute priority mpls 3000
configure iproute priority ibgp 4000

at least 216 start to work again ...

thanks in advance

best regards

Stefano

Stefano_Dall_Os
New Contributor III
Hi,
and thanks a lot for the answer!

a couple of things ...
I'm checking the differences between your config and mine ...

you didn't enable the
"enable iproute mpls-next-hop"
on VRF vpn-a ...
you said it's only possible to enable mpls on just ONE vr ...
and I know it, but I thought since vpn-a is a VRF with vr-default as a "father" vr,
I thought I had to enable MPLS on all children VRFs ...

about these commands

# still assuming BGP for CE/PE
virtual-router vpn-a
configure bgp AS-number 65000
configure bgp routerid 172.16.0.2
create bgp neighbor 10.1.1.1 remote-AS-number 65100
enable bgp neighbor 10.1.1.1
enable bgp

# redistribution CE / PE
enable bgp export vr vpn-a direct address-family vpnv4
enable bgp export vr vpn-a bgp address-family vpnv4

# redistribution of remote routes
virtual-router vpn-a
enable bgp export remote-vpn

these are for the CE/PE connection, right?

anyway, I have to test what you suggested in my lab with the costumer ... let's see if it works ...

but have you ever had the chance to make Cisco and Extreme devices work together with mpls L3VPN ?!

thanks a lot

best regards

Stefano

looking at the Cisco and Extreme configuration I posted below, do you see anything wrong? ... anything that can prevent L3VPN to work as expected between the 2 vendors? ... do you have a typical CISCO config? ... thanks a lot ... 🙂
GTM-P2G8KFN