L3VPN VPNV6 not forwarding with tnl-policy

Created: Aug 19, 2019 12:42:33Latest reply: Aug 19, 2019 14:37:54 149 2 1 0
  Rewarded Hi-coins: 0 (problem resolved)

We have set all up the following scenario:


CustA <- PE1 <> PE2 -> CustB


We're using MPLS to establish a TE tunnel, MP-BGP to "route" the vpn-instances


IPv4 is working flawlessly CustA can ping CustB, no problem, everthing is perfect

IPv6 not the same history, CustA can ping the PE1, but not the CustB or neither PE2


When we remove the "tnl-policy" IPv6 starts to work, just like IPv4 is doing...


ipv6-family

  route-distinguisher 200:2

  tnl-policy POLICY_1

  vpn-target 100:2202 export-extcommunity

  vpn-target 100:2202 import-extcommunity


-----------------------------------------------------------


PE1 display curr:

ip vpn-instance CUST1

 ipv4-family

  route-distinguisher 100:1

  tnl-policy POLICY_1

  vpn-target 100:2201 export-extcommunity

  vpn-target 100:2201 import-extcommunity

 ipv6-family

  route-distinguisher 100:2

  tnl-policy POLICY_1

  vpn-target 100:2202 export-extcommunity

  vpn-target 100:2202 import-extcommunity

#

mpls lsr-id "PE1"

mpls

 mpls te

 mpls te auto-frr

 mpls rsvp-te

 mpls te cspf

#

interface LoopBack1

 ip address "PE1" 255.255.255.255

#

interface Eth-Trunk1

    description TO->PE2

    undo port-switch

    ip address "192.168.0.0 255.255.255.252"

    mpls

    mpls te

    mpls rsvp-te

    mpls rsvp-te bfd enable

    mpls ldp

    statistic enable both

#

interface Eth-Trunk2

    description CUSTOMERS

    port link-type trunk

#

interface Eth-Trunk2.2008

    description CUST1-MAIN

    dot1q termination vid 2008

    ip binding vpn-instance CUST1

    ipv6 enable

    ip address "192.168.100.0 255.255.255.252"

    ipv6 address FDDD:0:0:1001::2/64

#

interface Tunnel1

 description TO->PE2

 ip address unnumbered interface LoopBack1

 tunnel-protocol mpls te

 destination "PE2"

 mpls te tunnel-id 1

 mpls te record-route label

 mpls te backup hot-standby

 mpls te backup ordinary best-effort

 mpls te reoptimization frequency 300

 mpls te reserved-for-binding

 mpls te commit

 mpls

#

bgp 1234

 peer "PE2" as-number 1234

 peer "PE2" connect-interface LoopBack1

 #

 ipv4-family unicast

  undo synchronization

  peer "PE2" enable

 #

 ipv6-family unicast

  undo synchronization

 #

 ipv4-family vpnv4

  policy vpn-target

  peer "PE2" enable

  peer "PE2" default-originate vpn-instance CUST1

 #

 ipv4-family vpn-instance CUST1

  import-route direct

  import-route static

 #

 ipv6-family vpnv6

  policy vpn-target

  peer "PE2" enable

 #

 ipv6-family vpn-instance CUST1

  import-route direct

  import-route static

#

ospf 1 router-id "PE1"

 opaque-capability enable

 area 0.0.0.0

  network "192.168.0.0 0.0.0.3"

  mpls-te enable

#

tunnel-policy POLICY_1

 tunnel binding destination "PE2" te Tunnel1


  • x
  • convention:

Featured Answers
Popeye_Wang
Admin Created Aug 19, 2019 13:26:46 Helpful(0) Helpful(0)

There is a limitation with ipv6 VPN on the switch, it can't support iterate te lsp.
  • x
  • convention:

All Answers
Popeye_Wang
Popeye_Wang Admin Created Aug 19, 2019 13:26:46 Helpful(0) Helpful(0)

There is a limitation with ipv6 VPN on the switch, it can't support iterate te lsp.
  • x
  • convention:

mitchell.peixer
mitchell.peixer Created Aug 19, 2019 14:37:54 Helpful(0) Helpful(0)

We're using S6720-EI is a fix possible through a firmware upgrade "in near future"?

Our switchs are currently on R010 SPH019
  • x
  • convention:

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login