MPLS over GRE on NCS5500
For the artical, will summary how to mpls over gre on NCS5500, NCS5500 only enable decap mode of GRE(6.1.x support the feature), that feature will flexible terminal GRE session that from DC servers. Btw, in order to verify packets from the tester, will capture packets by ERSPAN on NCS55A1.
Topology
- NCS55A1-2 learn eBGP route 200.1.0.0/24 from tester 5/2
- Ony IPv4/IGP forwarding from Terster 5/1 -> 55A1-1 -> 55A1-2
- Send traffics(GRE + EPE ) from tester 5/1, and terminate at NCS55A1-2, then forward to EPE link
NCS55A1-2 Config
Basic config that include EPE config
RP/0/RP0/CPU0:55A1-2#sh run router bgp Thu Aug 8 12:25:30.715 UTC router bgp 11 bgp router-id 192.168.0.2 address-family ipv4 unicast ! neighbor 52.1.1.1 remote-as 100 egress-engineering <<< enable EPE address-family ipv4 unicast route-policy pass in route-policy pass out ! ! ! RP/0/RP0/CPU0:55A1-2#sh run router isis Thu Aug 8 12:37:25.495 UTC router isis frank is-type level-2-only net 49.1921.6800.0002.00 address-family ipv4 unicast metric-style wide router-id Loopback0 ! interface Loopback0 passive circuit-type level-2-only address-family ipv4 unicast ! ! interface HundredGigE0/0/0/10 circuit-type level-2-only point-to-point address-family ipv4 unicast metric 1 ! ! !
Enable GRE and only decap mode
RP/0/RP0/CPU0:55A1-2#sh run int tunnel-ip 1 Thu Aug 8 12:45:44.154 UTC interface tunnel-ip1 ipv4 unnumbered Loopback0 tunnel mode gre ipv4 decap tunnel source Loopback0 !
Enable MPLS forwarding for GRE
At default, even if you enable EPE on BGP, but GRE port is only IPv4, so only check FIB when packets com in and terminate GRE, but not check LFIB, that will drop packets that with EPE label. We need to let traffics check LFIB, but not FIB, so enable MPLS for the GRE port. That only local enable, no any LDP neighbor, that likes a switch that from FIB to LFIB.
RP/0/RP0/CPU0:55A1-2#sh run mpls ldp Thu Aug 8 12:37:40.608 UTC mpls ldp router-id 192.168.0.2 address-family ipv4 ! interface tunnel-ip1 ! !
Tester 5/1 Config
Check Traffics status
EPE label info on NCS55A1-2
RP/0/RP0/CPU0:55A1-2#sh bgp egress-engineering Fri Aug 9 08:01:08.736 UTC Egress Engineering Peer Set: 52.1.1.1/32 (0x7ff14309ee80) Nexthop: 52.1.1.1 Version: 10, rn_version: 10 Flags: 0x00000006 Local ASN: 11 Remote ASN: 100 Local RID: 192.168.0.2 Remote RID: 192.0.0.1 Local Address: 52.1.1.2 First Hop: 52.1.1.1 NHID: 2 IFH: 0x128 Label: 24002, Refcount: 3 <<<<< rpc_set: 0x7ff104001208, ID: 4 RP/0/RP0/CPU0:55A1-2# RP/0/RP0/CPU0:55A1-2#sh route bgp Fri Aug 9 08:02:00.538 UTC B 200.1.0.0/24 [20/0] via 52.1.1.1, 00:01:40 <<< B 200.2.0.0/24 [20/0] via 52.1.1.1, 00:01:40 RP/0/RP0/CPU0:55A1-2#sh mpls for Fri Aug 9 08:02:08.841 UTC Local Outgoing Prefix Outgoing Next Hop Bytes Label Label or ID Interface Switched ------ ----------- ------------------ ------------ --------------- ------------ 24000 Unlabelled 192.168.0.1/32 Hu0/0/0/10 12.1.1.1 1688 24002 Pop No ID Hu0/0/0/11 52.1.1.1 0 <<<
Input/output rate on NCS55A1-1, about 930M
RP/0/RP0/CPU0:55A1-1#monitor interface hundredGigE 0/0/0/10 hundredGigE 0/0/0/11 Fri Aug 9 08:04:44.675 UTC 55A1-1 Monitor Time: 00:01:42 SysUptime: 913:04:28 Last Clear: 00:01:00 Protocol:General Interface In(bps) Out(bps) InBytes/Delta OutBytes/Delta Hu0/0/0/10 1000/ 0% 933.0M/ 0% 7821/0 5.0G/238.4M Hu0/0/0/11 933.0M/ 0% 0/ 0% 5.0G/238.4M 133/0 Quit='q', Clear='c', Freeze='f', Thaw='t', Next set='n', Prev set='p', Bytes='y', Packets='k' (General='g', IPv4 Uni='4u', IPv4 Multi='4m', IPv6 Uni='6u', IPv6 Multi='6m')
Input/output rate on NCS55A1-2, about 900M(gre+ip header)
RP/0/RP0/CPU0:55A1-2#monitor interface hundredGigE 0/0/0/10 hundredGigE 0/0/0/11 Fri Aug 9 08:07:22.480 UTC 55A1-2 Monitor Time: 00:01:18 SysUptime: 913:04:34 Last Clear: 00:00:26 Protocol:General Interface In(bps) Out(bps) InBytes/Delta OutBytes/Delta Hu0/0/0/10 953.9M/ 0% 1000/ 0% 6.2G/238.5M 9217/0 Hu0/0/0/11 0/ 0% 900.1M/ 0% 266/0 5.8G/225.1M Quit='q', Clear='c', Freeze='f', Thaw='t', Next set='n', Prev set='p', Bytes='y', Packets='k' (General='g', IPv4 Uni='4u', IPv4 Multi='4m', IPv6 Uni='6u', IPv6 Multi='6m')
After checked, both porta belong to NPU0
RP/0/RP0/CPU0:55A1-2#show contr npu voq-usage interface all instance all location 0/0/CPU0 Fri Aug 9 08:12:35.181 UTC ------------------------------------------------------------------- Node ID: 0/0/CPU0 Intf Intf NPU NPU PP Sys VOQ Flow VOQ Port name handle # core Port Port base base port speed (hex) type ---------------------------------------------------------------------- Hu0/0/0/0 d0 0 1 21 21 1024 5384 local 100G Hu0/0/0/1 d8 0 0 17 17 1032 5400 local 100G Hu0/0/0/2 e0 0 1 13 13 1040 5400 local 100G Hu0/0/0/3 e8 0 0 9 9 1048 5416 local 100G Hu0/0/0/4 f0 0 1 5 5 1056 5416 local 100G Hu0/0/0/5 f8 0 0 1 1 1064 5432 local 100G Hu0/0/0/6 100 0 1 69 69 1072 5432 local 100G Hu0/0/0/7 108 0 0 65 65 1080 5448 local 100G Hu0/0/0/8 110 0 1 61 61 1088 5448 local 100G Hu0/0/0/9 118 0 0 57 57 1096 5464 local 100G Hu0/0/0/10 120 0 1 53 53 1104 5464 local 100G <<< Hu0/0/0/11 128 0 0 49 49 1112 5480 local 100G <<< Hu0/0/0/12 130 1 1 21 121 1120 5384 local 100G Hu0/0/0/13 138 1 0 17 117 1128 5384 local 100G Hu0/0/0/14 140 1 1 13 113 1136 5400 local 100G Hu0/0/0/15 148 1 0 9 109 1144 5400 local 100G Hu0/0/0/16 150 1 1 5 105 1152 5416 local 100G Hu0/0/0/17 158 1 0 1 101 1160 5416 local 100G Hu0/0/0/18 160 1 1 69 169 1168 5432 local 100G Hu0/0/0/19 168 1 0 65 165 1176 5432 local 100G Hu0/0/0/20 170 1 1 61 161 1184 5448 local 100G Hu0/0/0/21 178 1 0 57 157 1192 5448 local 100G Hu0/0/0/22 180 1 1 53 153 1200 5464 local 100G Hu0/0/0/23 188 1 0 49 149 1208 5464 local 100G
After changing the label to 24003 at tester 5/1
RP/0/RP0/CPU0:55A1-2#show controllers npu stats traps-all instance 0 location 0/0/cpu0 | ex "0 0" Fri Aug 9 08:48:48.065 UTC Trap Type NPU Trap TrapStats Policer Packet Packet ID ID ID Accepted Dropped ============================================================================================== RxTrapL2Cache_CDP 0 30 0x1e 32002 1 0 RxTrapMplsUnknownLabel 0 90 0x5a 32020 2995 14419817 <<< RxTrapReceive 0 150 0x96 32019 5 0 RxTrapUserDefine_RECEIVE_L2 0 161 0xa1 32019 7 0 RP/0/RP0/CPU0:55A1-2# RP/0/RP0/CPU0:55A1-2#monitor interface hundredGigE 0/0/0/10 hundredGigE 0/0/0/11 Fri Aug 9 08:48:58.651 UTC 55A1-2 Monitor Time: 00:00:16 SysUptime: 913:45:08 Protocol:General Interface In(bps) Out(bps) InBytes/Delta OutBytes/Delta Hu0/0/0/10 958.2M/ 0% 1000/ 0% 2.7T/238.4M 14.6M/0 <<< no output Hu0/0/0/11 0/ 0% 0/ 0% 149737/0 2.0T/0 Quit='q', Clear='c', Freeze='f', Thaw='t', Next set='n', Prev set='p', Bytes='y', Packets='k' (General='g', IPv4 Uni='4u', IPv4 Multi='4m', IPv6 Uni='6u', IPv6 Multi='6m') RP/0/RP0/CPU0:55A1-2#sh mpls for <<< no 24003 Fri Aug 9 08:49:24.449 UTC Local Outgoing Prefix Outgoing Next Hop Bytes Label Label or ID Interface Switched ------ ----------- ------------------ ------------ --------------- ------------ 24000 Unlabelled 192.168.0.1/32 Hu0/0/0/10 12.1.1.1 1688 24002 Pop No ID Hu0/0/0/11 52.1.1.1 0
Capture packets by ERSPAN at NCS55A1-1
IXIA couldn’t capture output data traffic that generates from the port, so we monitor input traffic on 0/0/0/11 of ncs55A1-1, then loop back to IXIA by ERSPAN, then capture income packets on the IXIA port~ 🙂 Attached capture file: erspan.pcapng
Due to only testing, so not add acl on erspan, in production network, maybe need the acl.
RP/0/RP0/CPU0:55A1-1(config-static-afi)#show config Fri Aug 9 09:05:04.725 UTC Building configuration... !! IOS XR Configuration 6.6.1 monitor-session frank ethernet destination interface tunnel-ip1 ! interface tunnel-ip1 ipv4 unnumbered Loopback0 tunnel mode gre ipv4 encap tunnel source Loopback0 tunnel destination 192.168.0.10 ! router static address-family ipv4 unicast 192.168.0.10/32 HundredGigE0/0/0/11 51.1.1.2 ! ! interface HundredGigE0/0/0/11 monitor-session frank ethernet direction rx-only port-level ! ! end RP/0/RP0/CPU0:55A1-1(config-static-afi)# commit