Recent Forum Posts
From categories:
page 1 of 212next »


I have the following configuration for a RT translation but seems not working:

ip extcommunity-list standard RT-TRANSLATION-IN permit rt 2:200

route-map RM-RT-TRANSLATION-IN permit 10
match extcommunity RT-TRANSLATION-IN
set extcommunity rt 2:202

address-family vpnv4
neighbor activate
neighbor send-community both
neighbor route-map RM-RT-TRANSLATION-IN in

On ASBR I can see the route-map counter at zero:

ASBR-R7#show route-map
route-map RM-RT-TRANSLATION-IN, permit, sequence 10
Match clauses:
extcommunity (extcommunity-list filter):RT-TRANSLATION-IN
Set clauses:
extended community RT:2:202
Policy routing matches: 0 packets, 0 bytes

On ASBR's neighbor I can see the route imported with the "wrong" RT ( should have from rt 2:200 to rt: 2:202)

Route Distinguisher: 2:200

*>i10.0.20.0/24 0 100 0 65000 ?
Route Distinguisher: 2:202
*>i10.0.15.0/24 2662400 100 0 ?

However, on PE router I can see that it recognizes the route under the right VRF despite the wrong rt

Route Distinguisher: 2:200
*>i 0 100 0 65000 ?
Route Distinguisher: 2:202 (default for vrf BLUE)
*> 2662400 32768 ?
*>i 0 100 0 65000 ?

Can someone explain me why:

Route-Map doesn't work
PE imports the route under the right VRF despite the wrong RT
I can tell you that:

The route is received correctly with the rt 2:200 (verified via pcap trace)
The PE's VRF import target only 2:202

I had the same problem on the neighbor ASBR IOS-XR. I'm quite sure is my configuration error but I cannot spot it.

Inter-AS Option AB by kemotkemot, 05 May 2015 00:42
RFC3931 L2TPv3 by kemotkemot, 04 May 2015 02:22
H-VPLS by kemotkemot, 02 May 2015 20:58

Do the typhoon line cards not support the profile scale option?

RP/0/RSP0/CPU0:r1#sh hw-module profile scale
Fri Nov 21 16:32:07.120 UTC

                Node: 0/0/CPU0:

Memory Resources for All NPs
Feature/Scale profiles not supported on this line card type.
Typhoon Line cards scale by kemotkemot, 21 Nov 2014 16:32

What area should the clns filter-set match on?

What area to match on? by kemotkemot, 04 Feb 2014 03:16

By default IOS-XR has a nexthop trigger-delay set to 3000 msec for critical and 10000 msec for non-critical. Does this timer have to be changed to optimize PIC to converge on PIC Core failures?

Next-hop Tracking Delay and PIC by kemotkemot, 27 Nov 2013 21:17

What about uni-vlan isolated being changed to uni-vlan community? Would that still be a problem with potential loops?

No, because each UNI port can not send any traffic to another UNI port on the same VLAN, just like with private-vlans or port-security.

Wouldn't disabling the STP on UNI port create potential loops?

Cisco only implemented many-to-one protection. Juniper has both implemented.

I'm reading up on MPLS TE FRR and saw something about two ways of protecting Links and Node:
1. one to one protection
2. many to one protection (facility protection)

This is based on RFC4090 (

So my question… has Cisco or Juniper implemented the one to one protections? I can't seem to find any way of configuring that.

After configuring a attribute-flag, my tunnels went down. I'm not sure, maybe has to do with the default Affinity and Mask setup on tunnels? The defaults are Affinity: 0x0/0xFFFF.

Tearing Tunnels down? by kemotkemot, 12 Sep 2013 16:29

There is not easy way, but IOS output give you a indication where the problem could be:

R2#sh mpls traffic-eng tunnels tunnel 36

Name: R2_t36                              (Tunnel36) Destination:
    Admin: up         Oper: down   Path: not valid   Signalling: Down
    path option 1, type explicit R3R6

  Config Parameters:
    Bandwidth: 500      kbps (Global)  Priority: 5  5   Affinity: 0x0/0xFFFF
    Metric Type: TE (default)
    AutoRoute: enabled  LockDown: disabled Loadshare: 500 [0] bw-based
    auto-bw: disabled

  Shortest Unconstrained Path Info:
    Path Weight: 2 (TE)
    Explicit Route:
      Time since created: 40 minutes, 38 seconds
      Time since path change: 1 minutes, 56 seconds
      Number of LSP IDs (Tun_Instances) used: 65
    Prior LSP: [ID: 59]
      ID: path option 1 [65]
      Removal Trigger: path error
      Last Error: CTRL:: Can't use link on node   <----R3 link with IP potential problem.

Output above indicated a problem with the R3's interface. I would investigate if RSVP bandwidth is enabled on it and if there is enough available bandwidth to reserve. I wish there was a better way.

How do you troubleshoot if the tunnel is not coming up after specifying the bandwidth requirement?

When I'm testing this in GNS3, I'm having a problem maintaining the session. I'm not sure if the order of operation is relevant.

  • Start off with password key configured, then password requirement, the session is reset.
R4(config)#mpls ldp password option 10 for 3 LDP-KEY
R4(config)#MPLs LDp PASSword REquired FOR 3
*Jul  8 23:47:34.471: %LDP-5-NBRCHG: LDP Neighbor (3) is DOWN (Session's MD5 password changed)
*Jul  8 23:47:37.259: %LDP-5-NBRCHG: LDP Neighbor (2) is UP
  • Start off with password requirement, session is reset right away.
R4(config)#mpls ldp password required for  3
*Jul  8 23:50:10.635: %LDP-5-NBRCHG: LDP Neighbor (2) is DOWN (Session's MD5 password changed)
*Jul  8 23:50:12.347: %LDP-4-PWD: MD5 protection is required for peer, no password configured

I'm not sure what the holddown timer does. When I did my testing, I could not get any new results with it.

LDP IGP Holdown? by kemotkemot, 03 Jul 2013 01:50
page 1 of 212next »
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License