No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

PPPoE L3VPN users branches cannot communicate with each other

Publication Date:  2012-07-27 Views:  34 Downloads:  0
Issue Description
ME60 is working as PE, in the MPLS backbone network, users accessing the ME60 by PPPoE are assigned by domain in a certain VPN instance..
and the Router from the users side is working as normal router with a private network attached to it "no NAT"

some users with deferent branches cannot use the backbone network for communication
Users==>DSLAM==>ME60==>IPBB

Alarm Information
Null
Handling Process
after users log in we  can see that the static route which is received by AAA server is installed in the routing table inside the VPN instance of the users domain...
but it is not seen by MPBGP on the other ME60s, because the route is considered as UNR route and should be imported to the MPBGP VPNv4 address family "it is not a direct route"

by adding the "import UNR" to the ipv4-family vpn-instance mpls.pdn2.sy configuration, we can see that those static routes are visible by all other PE's, and the connectivity is ok
Root Cause
1- Check the PPPoE configuration for the users access

interface gigabitethernet1/0/0
 pppoe-server bind virtual-template 1
 bas
 #
  access-type layer2-subscriber

2- Check the radius configuration on the ME60

 radius-server source interface loopback2
radius-server group radius1
 radius-server authentication 10.100.249.20 1812 weight 0
 radius-server shared-key huawei1

3- Check the VPNv4 BGP configuration and peering between ME60s "PE"

bgp 29256
 router-id 10.100.8.3
 group pdn2 internal
 peer pdn2 connect-interface loopback0
 peer 10.100.0.1 as-number 29256
 peer 10.100.0.1 group pdn2
 peer 10.100.0.1 description dam:th_co_ne5000_01
 peer 10.100.1.1 as-number 29256
 peer 10.100.1.1 group pdn2
 peer 10.100.1.1 description dam:bg_co_ne5000_01
 #
 ipv4-family unicast
  undo synchronization
  undo peer pdn2 enable
  undo peer 10.100.0.1 enable            
  undo peer 10.100.1.1 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer pdn2 enable
  peer pdn2 advertise-community
  peer 10.100.0.1 enable
  peer 10.100.0.1 group pdn2
  peer 10.100.1.1 enable
  peer 10.100.1.1 group pdn2
 #
 ipv4-family vpn-instance mpls.pdn2.sy
  import-route direct

4- Check the VPN instance configuration

ip vpn-instance mpls.pdn2.sy
 route-distinguisher 200:2
 vpn-target 200:2 export-extcommunity
 vpn-target 200:2 import-extcommunity

5- check that the users domain is assigned to the correct VPN instance

 domain mpls.pdn2.sy
  authentication-scheme radius
  accounting-scheme radius
  vpn-instance mpls.pdn2.sy
  radius-server group radius1

5- After checking that all the mentioned issues are ok
we can see that users accessing the ME60 by PPPoE receiving the following attributes from the AAA server
Framed-IP : 172.16.1.5
Framed-Route: 192.168.40.0 /24 172.16.1.5

the framed route is for the customers private network which should be advertised by MPBGP..



Suggestions
the following is an example of the correct configuration for PPPoE users with L3VPN and static routes that are received by AAA server..
NOTE: the wan IP of the user and the routes that are received by RADIUS are considered as unr routes and not direct or static..

ip vpn-instance mpls.pdn2.sy
 route-distinguisher 200:2
 vpn-target 200:2 export-extcommunity
 vpn-target 200:2 import-extcommunity
#
 radius-server source interface loopback2
radius-server group radius1
 radius-server authentication 10.100.249.20 1812 weight 0
 radius-server shared-key huawei1
#

aaa
 authentication-scheme default0
 authentication-scheme default1
 authentication-scheme radius   
 #
 accounting-scheme default0
 accounting-scheme default1
 accounting-scheme radius
 #
domain mpls.pdn2.sy
  authentication-scheme radius
  accounting-scheme radius
  vpn-instance mpls.pdn2.sy
  radius-server group radius1
 #
interface gigabitethernet1/0/0
 pppoe-server bind virtual-template 1
 bas
 #
  access-type layer2-subscriber

bgp 29256
 router-id 10.100.8.3
 group pdn2 internal
 peer pdn2 connect-interface loopback0
 peer 10.100.0.1 as-number 29256
 peer 10.100.0.1 group pdn2
 peer 10.100.0.1 description dam:th_co_ne5000_01
 peer 10.100.1.1 as-number 29256
 peer 10.100.1.1 group pdn2
 peer 10.100.1.1 description dam:bg_co_ne5000_01
 #
 ipv4-family unicast
  undo synchronization
  undo peer pdn2 enable
  undo peer 10.100.0.1 enable            
  undo peer 10.100.1.1 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer pdn2 enable
  peer pdn2 advertise-community
  peer 10.100.0.1 enable
  peer 10.100.0.1 group pdn2
  peer 10.100.1.1 enable
  peer 10.100.1.1 group pdn2
 #
 ipv4-family vpn-instance mpls.pdn2.sy
  import-route direct
  import-route unr




END