Shafagh.com

18 Oct

CCIE SP – IP Multicast Anycast RP

Posted by Shafagh in Multicast, SP. Leave a Comment

In the previous port, we reviewed MSDP, Multicast Source Discovery Protocol (MSDP) is the key protocol that makes Anycast RP possible. The Anycast RP uses MSDP for redundancy and failover between RPs in Protocol Independent Multicast sparse mode (PIM-SM) networks. Rendezvous Points can share one IP address (same-address allocated to their loopback) and load-balance multicast traffic within the network. Data is routed to the nearest and the best destination as viewed by the routing topology. RP can be configured statically by “ip pim rp-address” command or dynamically using Auto-RP or PIMv2 (BSR).

Note: adding a new loopback can change your OSPF/BGP/LDP Router-ID, it’s always recommended to hard-code your router-ID by router-id command.

Example:

Multicast path is: R7-> R5 –> R3 –> R1 –> R2 –> R4 –> R6 –> R8

R1:
interface Loopback0
ip address 10.10.1.1 255.255.255.255
ip pim sparse-mode
!
interface Loopback69
ip address 10.10.69.69 255.255.255.255
ip pim sparse-mode
!
interface FastEthernet0/0
ip pim sparse-mode
!
interface ATM2/0
ip pim sparse-mode
!
!
router ospf 1
router-id 10.10.1.1
network 10.10.0.0 0.0.255.255 area 0
!
ip pim autorp listener
ip pim send-rp-announce Loopback69 scope 255
ip pim send-rp-discovery Loopback69 scope 255
ip msdp peer 10.10.12.2 connect-source FastEthernet0/0
!

R2:
interface Loopback0
ip address 10.10.2.2 255.255.255.255
ip pim sparse-mode
!
interface Loopback69
ip address 10.10.69.69 255.255.255.255
ip pim sparse-mode
!
interface Ethernet0/0
ip pim sparse-mode
!
interface Serial1/0
ip pim sparse-mode
!
router ospf 1
router-id 10.10.2.2
network 10.10.0.0 0.0.255.255 area 0
!
ip pim bsr-candidate Loopback69 0
ip pim rp-candidate Loopback69
ip msdp peer 10.10.12.1 connect-source Ethernet0/0
!

R2#sh ip msdp sa-cache
MSDP Source-Active Cache – 1 entries
(10.10.57.7, 224.100.100.100), RP 10.10.69.69,
AS ?,00:00:15/00:05:44, Peer 10.10.12.1

R5#sh ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/4
RP 10.10.69.69 (?), v2v1
Info source: 10.10.69.69 (?), elected via Auto-RP

R6#sh ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/4
RP 10.10.69.69 (?), v2
Info source: 10.10.69.69 (?), via bootstrap

For more information:

http://www.cisco.com/en/US/docs/ios/solutions_docs/
ip_multicast/White_papers/anycast.html

18 Oct

CCIE SP – Multicast BGP

Posted by Shafagh in MPLS, Multicast, SP. 1 Comment

Multicast BGP feature adds capabilities to BGP to enable multicast routing to connect multicast topologies within and between BGP autonomous systems. MBGP is an enhanced BGP that carries IP multicast routes. PIM uses the multicast BGP database to perform Reverse Path Forwarding (RPF) lookups for multicast-capable sources. In our example, we will create a simple RPF failure in the network and then we will solve it by the multicast BGP. Example:

All routers are configured with PIM dense mode end-to-end. The multicast traffic path is:

R7 –> R5 –> R3 –> R1 –> R2 –> R4 –> R6 –> R8

Due to existence of eBGP between R3 and R4, Unicast path is:

R7 –> R5 –> R3 –> R4 –> R6 –> R8

So there’s an RPF failure, detected by R4… We can solve it either statically by “ip mroute” command or dynamically by MBGP.

Note: MBGP’s duty is to solve RPF failure, In fact multicast BGP routes are preferred over BGP unicast routes. We still need PIM for end to end delivery of IP multicast packets.

Configuration

R5:
ip multicast-routing
!
interface Ethernet0/0
ip pim dense-mode
!
interface Ethernet0/3
ip pim dense-mode
!

R3:
ip multicast-routing
!
interface FastEthernet0/0
ip pim dense-mode
!
interface ATM2/0
ip pim dense-mode
!

R1:
ip multicast-routing
!
interface FastEthernet0/0
ip pim dense-mode
!
interface ATM2/0
ip pim dense-mode
!
router bgp 135
neighbor 10.10.12.2 remote-as 246
neighbor 10.10.13.3 remote-as 135
!
address-family ipv4
neighbor 10.10.12.2 activate
neighbor 10.10.13.3 activate
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 multicast
neighbor 10.10.12.2 activate
no auto-summary
network 10.10.57.0 mask 255.255.255.0
exit-address-family
!
R2:
ip multicast-routing
!
interface Ethernet0/0
ip pim dense-mode
!
interface Serial1/0
ip pim dense-mode
!
router bgp 246
neighbor 10.10.12.1 remote-as 135
neighbor 10.10.24.4 remote-as 246
!
address-family ipv4
neighbor 10.10.12.1 activate
neighbor 10.10.24.4 activate
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 multicast
neighbor 10.10.12.1 activate
neighbor 10.10.24.4 activate
no auto-summary
no synchronization
exit-address-family
!
R4:
ip multicast-routing
!
interface Ethernet0/0
ip pim dense-mode
!
interface Serial1/0
ip pim dense-mode
!
router bgp 246
neighbor 10.10.24.2 remote-as 246
neighbor 10.10.34.3 remote-as 135
neighbor 10.10.46.6 remote-as 246
!
address-family ipv4
neighbor 10.10.24.2 activate
neighbor 10.10.24.2 route-reflector-client
neighbor 10.10.34.3 activate
neighbor 10.10.46.6 activate
neighbor 10.10.46.6 route-reflector-client
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 multicast
neighbor 10.10.24.2 activate
no auto-summary
no synchronization
exit-address-family
!
R6:
ip multicast-routing
!
interface Ethernet0/0
ip pim dense-mode
!
interface Ethernet0/3
ip pim dense-mode
!
R8:
interface Ethernet0/0
ip address 10.10.68.8 255.255.255.0
ip igmp join-group 224.69.69.69
!

Verification

R7#ping
Protocol [ip]:
Target IP address: 224.69.69.69
Repeat count [1]: 100
Extended commands [n]: y
Interface [All]: ethernet0/0
Time to live [255]:
Source address: 10.10.57.7
Sending 100, 100-byte ICMP Echos to 224.69.69.69:
Packet sent with a source address of 10.10.57.7

Reply to request 0 from 10.10.68.8
Reply to request 1 from 10.10.68.8
Reply to request 2 from 10.10.68.8

R2#sh ip bgp ipv4 multicast

Network Next Hop Metric LocPrf Weight Path
*> 10.10.57.0/24 10.10.12.1 12 0 135 i

R2#sh ip bgp

   Network          Next Hop   Metric LocPrf Weight Path
* i10.10.57.0/24    10.10.34.3 0    100      0 135 i
*>                  10.10.12.1                0 135 i
r>i10.10.68.0/24    10.10.46.6 0    100      0 i

R4#sh ip bgp ipv4 multicast

Network Next Hop Metric LocPrf Weight Path
*>i10.10.57.0/24 10.10.12.1 12 100 0 135 i

R4#sh ip rpf event
Last 15 triggered multicast RPF check events

RPF backoff delay: 500 msec
RPF maximum delay: 5 sec

DATE/TIME          BACKOFF PROTOCOL   EVENT      RPF CHANGES
Mar 1 00:20:24.767 500 msec BGP        Route Modified 1
Mar 1 00:05:08.631 500 msec OSPF       Route UP        0
Mar 1 00:05:05.851 500 msec BGP        Route UP        0
Mar 1 00:05:01.595 500 msec PIM        Nbr UP          0
Mar 1 00:03:08.263 500 msec OSPF       Route UP        0
Mar 1 00:03:00.531 500 msec PIM        Nbr UP          0
Mar 1 00:01:22.611 500 msec Connected Route UP        0
Mar 1 00:01:02.747 500 msec Connected Route Down      0
Mar 1 00:00:51.635 500 msec PIM        Nbr UP          0
Mar 1 00:00:44.995 500 msec OSPF       Route UP        0
Mar 1 00:00:28.915 500 msec Connected Route UP        0

R4#sh ip rpf 10.10.57.7
RPF information for ? (10.10.57.7)
RPF interface: Serial1/0
RPF neighbor: ? (10.10.24.2)
RPF route/mask: 10.10.57.0/24
RPF type: mbgp
RPF recursion count: 0
Doing distance-preferred lookups across tables

R4#sh ip mroute
IP Multicast Routing Table

(*, 224.0.1.40), 01:34:08/00:02:39, RP 0.0.0.0, flags: DCL
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Ethernet0/0, Forward/Dense, 01:19:37/00:00:00

(*, 224.69.69.69), 00:10:43/stopped, RP 0.0.0.0, flags: D
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Serial1/0, Forward/Dense, 00:10:43/00:00:00
Ethernet0/0, Forward/Dense, 00:10:43/00:00:00

(10.10.57.7, 224.69.69.69), 00:10:43/00:00:02, flags: T
Incoming interface: Serial1/0, RPF nbr 10.10.24.2, Mbgp
Outgoing interface list:
Ethernet0/0, Forward/Dense, 00:10:23/00:00:00

17 Oct

CCIE SP – MSDP

Posted by Shafagh in MPLS, Multicast, SP. Leave a Comment

MSDP or Multicast Source Distribution Protocol allows multicast sources for a group to be known to all rendezvous points (RPs) in different domains. Each PIM-SM domain uses its own RP and MSDP connects source based trees to destination trees. MSDP uses TCP as control protocol and you will require end to end multicast routing protocol such as PIM. At boundries (Autonomous systems) we will filter RP announcements from other autonomous systems. Example:

Our example is very simple, two multicast domains with no RPF failure and end-to-end PIM sparse mode between R5 and R6. Multicast source is R7 (sending Ping to multicast group) and R8 as multicast member (IGMP join). R1 is Auto-RP MA and RP for AS135 and R2 is BSR for AS246. R1 and R2 communicate with MSDP language and deliver SA (Source Active) messages to each-others as peers, in this way each RP is infromed about active sources in different domain and can join its memebers to that multicast tree (S,G) to (*,G). To debug MSDP messages we can use “debug ip msdp peer” and “debug ip msdp routes”

Multicast path from source to member is:

R7 –> R5 –> R3 -> R1 –> R2 –> R4 –> R6 –> R8

R7#trace 10.10.68.8

1 10.10.57.5
2 10.10.35.3
3 10.10.13.1
4 10.10.12.2
5 10.10.24.4
6 10.10.46.6
7 10.10.68.8

Configuration

R7:

R7#ping
Protocol [ip]:
Target IP address: 224.69.69.69
Repeat count [1]: 10
Extended commands [n]: y
Interface [All]: ethernet0/0
Source address: 10.10.57.7

Sending 10, 100-byte ICMP Echos to 224.69.69.69, timeout is 2 seconds:
Packet sent with a source address of 10.10.57.7
..

R5:

ip multicast-routing
!
interface Ethernet0/0
ip address 10.10.35.5 255.255.255.0
ip pim sparse-mode
!
interface Ethernet0/3
ip address 10.10.57.5 255.255.255.0
ip pim sparse-mode
!
ip pim autorp listener
!

R3:

ip multicast-routing
!
interface FastEthernet0/0
ip address 10.10.35.3 255.255.255.0
ip pim sparse-mode
!
interface ATM2/0
ip address 10.10.13.3 255.255.255.0
ip pim sparse-mode
!
ip pim autorp listener
!

R1:

ip multicast-routing
!
interface Loopback0
ip address 10.10.1.1 255.255.255.255
ip pim sparse-mode
!
interface FastEthernet0/0
ip address 10.10.12.1 255.255.255.0
ip pim bsr-border
ip pim sparse-mode
ip multicast boundary 1
!
interface ATM2/0
ip address 10.10.13.1 255.255.255.0
ip pim sparse-mode
!
ip pim autorp listener
ip pim send-rp-announce Loopback0 scope 255
ip pim send-rp-discovery Loopback0 scope 255
ip msdp peer 10.10.12.2 connect-source FastEthernet0/0
!
access-list 1 deny 224.0.1.39
access-list 1 deny 224.0.1.40
access-list 1 permit any
!

R2:

ip multicast-routing
!
interface Loopback0
ip address 10.10.2.2 255.255.255.255
ip pim sparse-mode
!
interface Ethernet0/0
ip address 10.10.12.2 255.255.255.0
ip pim bsr-border
ip pim sparse-mode
ip multicast boundary 1
!
interface Serial1/0
ip address 10.10.24.2 255.255.255.0
ip pim sparse-mode
!
ip pim bsr-candidate Loopback0 0
ip pim rp-candidate Loopback0
ip msdp peer 10.10.12.1 connect-source Ethernet0/0
!
access-list 1 deny 224.0.1.39
access-list 1 deny 224.0.1.40
access-list 1 permit any
!

R4:

ip multicast-routing
!
interface Ethernet0/0
ip address 10.10.46.4 255.255.255.0
ip pim sparse-mode
!
interface Serial1/0
ip address 10.10.24.4 255.255.255.0
ip pim sparse-mode
!

R6:

ip multicast-routing
!
interface Ethernet0/0
ip address 10.10.46.6 255.255.255.0
ip pim sparse-mode
!
interface Ethernet0/3
ip address 10.10.68.6 255.255.255.0
ip pim sparse-mode
!

R8:

interface Ethernet0/0
ip address 10.10.68.8 255.255.255.0
ip igmp join-group 224.69.69.69
!

Verification

At this point, R8 joins multicast tree and R2 is aware of multicast source through MSDP SA messages from R1 and can responses are sent back from R8 to R7:

R7#ping
Protocol [ip]:
Target IP address: 224.69.69.69
Repeat count [1]: 10
Extended commands [n]: y
Interface [All]: ethernet0/0
Source address: 10.10.57.7

Sending 10, 100-byte ICMP Echos to 224.69.69.69, timeout is 2 seconds:
Packet sent with a source address of 10.10.57.7
..
Reply to request 3 from 10.10.68.8
Reply to request 4 from 10.10.68.8
Reply to request 5 from 10.10.68.8
Reply to request 6 from 10.10.68.8
Reply to request 7 from 10.10.68.8
Reply to request 8 from 10.10.68.8
Reply to request 9 from 10.10.68.8

R1#sh ip pim rp mapping
PIM Group-to-RP Mappings
This system is an RP (Auto-RP)
This system is an RP-mapping agent (Loopback0)

Group(s) 224.0.0.0/4
RP 10.10.1.1 (?), v2v1
Info source: 10.10.1.1 (?), elected via Auto-RP
Uptime: 17:03:06, expires: 00:02:52

R1#sh ip mroute
IP Multicast Routing Table
Flags: D – Dense, S – Sparse, B – Bidir Group, C – Connected,
       L – Local, P – Pruned, T – SPT-bit set, J – Join SPT,
       M – MSDP created entry,
       A – Candidate for MSDP Advertisement

(*, 224.0.1.39), 17:04:10/stopped, RP 0.0.0.0, flags: DCL
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Loopback0, Forward/Sparse, 17:03:11/00:00:00
ATM2/0, Forward/Sparse, 17:04:10/00:00:00

(10.10.1.1, 224.0.1.39), 17:04:10/00:02:49, flags: LTA
Incoming interface: Loopback0, RPF nbr 0.0.0.0
Outgoing interface list:
ATM2/0, Forward/Sparse, 17:03:11/00:00:00

(*, 224.0.1.40), 17:06:10/stopped, RP 0.0.0.0, flags: DCL
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Loopback0, Forward/Sparse, 17:03:11/00:00:00
ATM2/0, Forward/Sparse, 17:06:10/00:00:00

(10.10.1.1, 224.0.1.40), 17:03:10/00:02:54, flags: LTA
Incoming interface: Loopback0, RPF nbr 0.0.0.0
Outgoing interface list:
ATM2/0, Forward/Sparse, 17:03:11/00:00:00

(*, 224.69.69.69), 00:01:50/stopped, RP 10.10.1.1, flags: SP
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list: Null

(10.10.57.7, 224.69.69.69), 00:01:50/00:01:54, flags: TA
Incoming interface: ATM2/0, RPF nbr 10.10.13.3
Outgoing interface list:
FastEthernet0/0, Forward/Sparse, 00:01:49/00:02:39

R1#sh ip msdp peer
MSDP Peer 10.10.12.2 (?), AS 246
Description:
Connection status:
    State: Up, Resets: 0,
    Connection source: FastEthernet0/0 (10.10.12.1)
    Uptime(Downtime): 14:14:08, Messages sent/received: 922/854
    Output messages discarded: 0
    Connection and counters cleared 14:16:09 ago
SA Filtering:
    Input (S,G) filter: none, route-map: none
    Input RP filter: none, route-map: none
    Output (S,G) filter: none, route-map: none
    Output RP filter: none, route-map: none
SA-Requests:
    Input filter: none
Peer ttl threshold: 0
SAs learned from this peer: 0
Input queue size: 0, Output queue size: 0

R2 Verification

R2#sh ip pim rp mapping
PIM Group-to-RP Mappings
This system is a candidate RP (v2)
This system is the Bootstrap Router (v2)

Group(s) 224.0.0.0/4
RP 10.10.2.2 (?), v2
Info source: 10.10.2.2 (?), via bootstrap, priority 0
holdtime 150 Uptime: 16:13:59, expires: 00:01:27

R2#sh ip msdp summary
MSDP Peer Status Summary
Peer Address     AS    State    Uptime/ Reset SA    Peer Name
                                Downtime Count Count
10.10.12.1       135   Up       14:15:47 0     1     ?

R2#sh ip mroute

(*, 224.0.1.40), 16:22:23/00:02:02, RP 0.0.0.0, flags: DPL
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list: Null

(*, 224.69.69.69), 01:17:15/stopped, RP 10.10.2.2, flags: S
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Serial1/0, Forward/Sparse, 01:17:15/00:03:03

(10.10.57.7, 224.69.69.69), 00:00:02/00:02:57, flags: M
Incoming interface: Ethernet0/0, RPF nbr 10.10.12.1
Outgoing interface list:
Serial1/0, Forward/Sparse, 00:00:02/00:03:28

R6 Verification

R6#sh ip mroute

(*, 224.0.1.40), 16:17:35/00:02:49, RP 0.0.0.0, flags: DCL
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Ethernet0/0, Forward/Sparse, 16:17:35/00:02:49

(*, 224.69.69.69), 01:13:28/stopped, RP 10.10.2.2, flags: SJC
Incoming interface: Ethernet0/0, RPF nbr 10.10.46.4
Outgoing interface list:
Ethernet0/3, Forward/Sparse, 01:13:28/00:02:30

(10.10.57.7, 224.69.69.69), 00:00:02/00:02:57, flags: JT
Incoming interface: Ethernet0/0, RPF nbr 10.10.46.4
Outgoing interface list:
Ethernet0/3, Forward/Sparse, 00:00:02/00:02:57

R6#sh ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/4
RP 10.10.2.2 (?), v2
Info source: 10.10.2.2 (?), via bootstrap, priority 0, holdtime 150
Uptime: 16:15:26, expires: 00:02:27

15 Oct

CCIE SP – MPLS VPN Carrier Supporting Carrier

Posted by Shafagh in IP Routing, MPLS, SP. Leave a Comment

The carrier supporting carrier feature enables one MPLS VPN-based service provider to allow other service providers (Tier2) to use its backbone network for connectivity of their POPs. It is also called a carrier-of-carriers VPN. It is a two-tiered relationship between a provider carrier and a customer carrier. In a carrier-of-carriers VPN, the provider carrier provides a VPN backbone network for the customer carrier. The customer carrier, in turn, provides layer 3 VPN or Internet services to its end customers.

You may say that: “so what’s the difference between MPLS VPN and CSC? in MPLS VPN we do the same thing for customers!” well, It is true with one exception, in CSC, the provider carrier does not like to have all routing information for it’s customer carriers, the provider only delivers customers tag regardless of the final destination. In this case customer (Tier 2 ISP) sends labeled traffic to carrier (Tier 1 ISP) just to deliver it to the next-hop on the other side of the network.

Example 1:

In our example, R1 and R2 are CSC_PE while R3 and R4 are CSC_CE, acting like CE routers for the provider carrier’s PE routers and the only difference is that customer carrier speaks in label language. So whenever we run a label protocol on a VRF port – then it is CSC.

Note: To the customer carrier, the router it uses to connect to the provider carrier’s VPN is a PE router. However, the provider carrier views this device as a CE router (http://www.juniper.net/techpubs/software/erx/junose53/swconfig-routing-vol2/html/bgp-mpls-vpns-config12.html)

Configuration

R1:
ip vrf A
rd 10.10.1.1:1
route-target export 666:1
route-target import 666:1
!
interface Loopback0
ip address 10.10.1.1 255.255.255.255
ip router isis
!
interface FastEthernet0/0
ip address 10.10.12.1 255.255.255.0
ip router isis
mpls label protocol ldp
mpls ip
!
interface ATM2/0
ip vrf forwarding A
ip address 10.10.13.1 255.255.255.0
ip ospf network point-to-point
mpls ip
pvc 100/0
protocol ip 10.10.13.3 broadcast
!
!
router ospf 10 vrf A
redistribute bgp 666 subnets
network 10.10.13.1 0.0.0.0 area 0
area 0 sham-link 10.10.134.1 10.10.134.2
!
router isis
net 69.0000.0000.0001.00
is-type level-2-only
!
router bgp 666
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.10.2.2 remote-as 666
neighbor 10.10.2.2 update-source Loopback0
!
address-family vpnv4
neighbor 10.10.2.2 activate
neighbor 10.10.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf A
redistribute ospf 10 vrf A
no auto-summary
no synchronization
exit-address-family
!

R2:
ip vrf A
rd 10.10.2.2:1
route-target export 666:1
route-target import 666:1
!
interface Loopback0
ip address 10.10.2.2 255.255.255.255
ip router isis
!
interface Ethernet0/0
ip address 10.10.12.2 255.255.255.0
ip router isis
mpls label protocol ldp
mpls ip
!
interface Serial1/0
ip vrf forwarding A
ip address 10.10.24.2 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-point
mpls ip
frame-relay map ip 10.10.24.2 204
frame-relay map ip 10.10.24.4 204 broadcast
no frame-relay inverse-arp
!
router ospf 10 vrf A
redistribute bgp 666 subnets
network 10.10.24.2 0.0.0.0 area 0
area 0 sham-link 10.10.134.2 10.10.134.1
!
router isis
net 69.0000.0000.0002.00
is-type level-2-only
!
router bgp 666
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.10.1.1 remote-as 666
neighbor 10.10.1.1 update-source Loopback0
!
address-family ipv4
neighbor 10.10.1.1 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 10.10.1.1 activate
neighbor 10.10.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf A
redistribute ospf 10 vrf A
no synchronization
exit-address-family
!

R3:
interface ATM2/0
ip address 10.10.13.3 255.255.255.0
ip ospf network point-to-point
mpls ip
pvc 100/0
protocol ip 10.10.13.1 broadcast
!
!
router ospf 10
network 10.10.3.3 0.0.0.0 area 0
network 10.10.13.3 0.0.0.0 area 0
network 10.10.35.3 0.0.0.0 area 0
!
router bgp 3456
no synchronization
neighbor 10.10.4.4 remote-as 3456
neighbor 10.10.4.4 update-source Loopback0
neighbor 10.10.35.5 remote-as 3456
neighbor 10.10.35.5 route-reflector-client
no auto-summary
!

R4:
interface Serial1/0
ip address 10.10.24.4 255.255.255.0
encapsulation frame-relay
ip ospf network point-to-point
mpls ip
frame-relay map ip 10.10.24.2 402 broadcast
frame-relay map ip 10.10.24.4 402
no frame-relay inverse-arp
!
router ospf 10
network 10.10.4.4 0.0.0.0 area 0
network 10.10.24.4 0.0.0.0 area 0
network 10.10.46.4 0.0.0.0 area 0
!
router bgp 3456
no synchronization
bgp log-neighbor-changes
neighbor 10.10.3.3 remote-as 3456
neighbor 10.10.3.3 update-source Loopback0
neighbor 10.10.46.6 remote-as 3456
neighbor 10.10.46.6 route-reflector-client
no auto-summary
!

R5:
router ospf 10
network 10.10.35.5 0.0.0.0 area 0
!
router rip
version 2
redistribute bgp 3456 metric transparent
passive-interface default
no passive-interface Ethernet0/2
no passive-interface Ethernet0/3
network 10.0.0.0
no auto-summary
!
router bgp 3456
no synchronization
bgp log-neighbor-changes
bgp redistribute-internal
network 10.10.7.7 mask 255.255.255.255
network 10.10.9.9 mask 255.255.255.255
neighbor 10.10.35.3 remote-as 3456
neighbor 10.10.35.3 next-hop-self
no auto-summary
!

R6:
router ospf 10
network 10.10.46.6 0.0.0.0 area 0
!
router rip
version 2
redistribute bgp 3456 metric transparent
passive-interface default
no passive-interface Ethernet0/2
no passive-interface Ethernet0/3
network 10.0.0.0
no auto-summary
!
router bgp 3456
no synchronization
bgp log-neighbor-changes
bgp redistribute-internal
network 10.10.8.8 mask 255.255.255.255
network 10.10.10.10 mask 255.255.255.255
neighbor 10.10.46.4 remote-as 3456
neighbor 10.10.46.4 next-hop-self
no auto-summary
!

CE:
R7#trace 10.10.8.8 source 10.10.7.7

1 10.10.57.5
2 10.10.35.3
3 10.10.13.1 [MPLS: Label 22 Exp 0]
4 10.10.24.2 [MPLS: Label 21 Exp 0]
5 10.10.24.4
6 10.10.46.6
7 10.10.68.8

R8#trace 10.10.7.7 source 10.10.8.8

1 10.10.68.6
2 10.10.46.4
3 10.10.12.2 [MPLS: Label 20 Exp 0]
4 * * *
5 10.10.13.3
6 10.10.35.5
7 10.10.57.7

What if the customer carrier wants to run MPLS VPN, it’s same as previous example with minor adjustments.

Example 2:

In our second example, MP-iBGP is used between customer carrier and OSPF as IGP. LSP is end to end from PE to PE.

R1:

ip vrf A
rd 10.10.1.1:1
route-target export 666:1
route-target import 666:1
!
interface Loopback0
ip address 10.10.1.1 255.255.255.255
ip router isis
!
interface Loopback2
ip vrf forwarding A
ip address 10.10.134.1 255.255.255.255
!
interface FastEthernet0/0
ip address 10.10.12.1 255.255.255.0
ip router isis
mpls label protocol ldp
mpls ip
!
interface ATM2/0
ip vrf forwarding A
ip address 10.10.13.1 255.255.255.0
ip ospf network point-to-point
mpls ip
pvc 100/0
protocol ip 10.10.13.3 broadcast
!
!
router ospf 10 vrf A
log-adjacency-changes
area 0 sham-link 10.10.134.1 10.10.134.2
redistribute bgp 666 subnets
network 10.10.13.1 0.0.0.0 area 0
!
router isis
net 69.0000.0000.0001.00
is-type level-2-only
!
router bgp 666
no bgp default ipv4-unicast
neighbor 10.10.2.2 remote-as 666
neighbor 10.10.2.2 update-source Loopback0
!
address-family vpnv4
neighbor 10.10.2.2 activate
neighbor 10.10.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf A
redistribute ospf 10 vrf A
no auto-summary
no synchronization
network 10.10.134.1 mask 255.255.255.255
exit-address-family
!

R3:

interface ATM2/0
ip address 10.10.13.3 255.255.255.0
ip ospf network point-to-point
mpls ip
pvc 100/0
protocol ip 10.10.13.1 broadcast
!
!
router ospf 10
network 10.10.3.3 0.0.0.0 area 0
network 10.10.13.3 0.0.0.0 area 0
network 10.10.35.3 0.0.0.0 area 0
!

R5:

ip vrf A
rd 10.10.5.5:1
route-target export 56:1
route-target import 56:1
!
ip vrf B
rd 10.10.5.5:2
route-target export 56:2
route-target import 56:2
!
router ospf 10
network 10.10.5.5 0.0.0.0 area 0
network 10.10.35.5 0.0.0.0 area 0
!
router rip
version 2
no auto-summary
!
address-family ipv4 vrf B
redistribute bgp 56 metric transparent
network 10.0.0.0
no auto-summary
exit-address-family
!
address-family ipv4 vrf A
redistribute bgp 56 metric transparent
network 10.0.0.0
no auto-summary
exit-address-family
!
router bgp 56
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.10.6.6 remote-as 56
neighbor 10.10.6.6 update-source Loopback0
!
address-family vpnv4
neighbor 10.10.6.6 activate
neighbor 10.10.6.6 send-community extended
exit-address-family
!
address-family ipv4 vrf B
redistribute rip
no synchronization
exit-address-family
!
address-family ipv4 vrf A
redistribute rip
no synchronization
exit-address-family
!

CE:
R7#traceroute 10.10.8.8 source 10.10.7.7

1 10.10.57.5
2 10.10.35.3 [MPLS: Labels 19/22 Exp 0]
3 10.10.13.1 [MPLS: Labels 23/22 Exp 0]
4 10.10.24.2 [MPLS: Labels 23/22 Exp 0]
5 10.10.24.4 [MPLS: Labels 19/22 Exp 0]
6 10.10.68.6 [MPLS: Label 22 Exp 0]
7 10.10.68.8

In this case as we have only two routers at provider’s core, we do not see a third label in the label stack.

14 Oct

CCIE SP – Inter-AS MP-BGP with RR

Posted by Shafagh in IP Routing, Multicast, SP. 4 Comments

In MP-BGP, VPN label assignment is always performed by BGP next hop. In the following picture, if we create eBGP relationship beween R3 and R1 (instead of R2), VPN label from CE (R5) to other CE (R4) will point to R1 as R1 is the next hop for R3. The reason behind this is simple, it’s the normal BGP behaviour which always change the next hop at AS boundries, from iBGP to eBGP.

The problem that might happen with this kind of label assignment is that R1 puts itself in traffic path, while its not required. The solution is simple, on R1 set “next-hop-unchanged” for R3, keep in mind that, then R3 should also have a route to R2. Compare client trace route before and after the next-hop change:

Before:

R5#trace 150.1.4.4 source 150.1.5.5

1 172.16.35.3
2 172.16.30.10 [MPLS: Labels 17/16 Exp 0]
3 172.16.70.7 [MPLS: Labels 20/16 Exp 0]
4 172.16.67.6 [MPLS: Labels 18/16 Exp 0]
5 172.16.16.1 [MPLS: Labels 18/16 Exp 0]
6 172.16.24.2 [MPLS: Label 16 Exp 0]
7 172.16.24.4

After:

R5#trace 150.1.4.4 source 150.1.5.5

1 172.16.35.3 508 msec 244 msec 272 msec
2 172.16.30.10 [MPLS: Labels 17/16 Exp 0]
3 172.16.70.7 [MPLS: Labels 20/16 Exp 0]
4 172.16.67.6 [MPLS: Labels 18/16 Exp 0]
5 172.16.24.2 [MPLS: Label 16 Exp 0]
6 172.16.24.4

Notes:

If we configure R1 as RR (Route Reflector) and R6 as RR-Client, then we do not need to configure “no bgp default route-target filter”, because RR never filters route-targets by default.
Routes to R1 (AS600 eBGP) and R2 (AS 600 PE) are required for R3 (AS700 eBGP PE).
If you use a route map at ASBRs don’t forget to “set mpls-label” as long as end-to-end LSP is required for MP-BGP VPN to work.

Configurations

R3:

router bgp 700
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 600
neighbor 1.1.1.1 ebgp-multihop 5
neighbor 1.1.1.1 update-source Loopback0
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf A
redistribute rip
no synchronization
exit-address-family
!

R6:

router ospf 10
log-adjacency-changes
redistribute bgp 600 subnets route-map AS700->MPBGP
network 6.6.6.6 0.0.0.0 area 0
network 172.16.16.0 0.0.0.255 area 0
network 172.16.26.0 0.0.0.255 area 0
!
router bgp 600
bgp log-neighbor-changes
neighbor 172.16.67.7 remote-as 700
!
address-family ipv4
neighbor 172.16.67.7 activate
neighbor 172.16.67.7 send-label
no auto-summary
no synchronization
network 1.1.1.1 mask 255.255.255.255
network 2.2.2.2 mask 255.255.255.255
exit-address-family
!
ip prefix-list AS700->MPBGP seq 5 permit 3.3.3.3/32
!
route-map AS700->MPBGP permit 10
match ip address prefix-list AS700->MPBGP
!

R1:

router bgp 600
no synchronization
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 600
neighbor 2.2.2.2 update-source Loopback0
neighbor 3.3.3.3 remote-as 700
neighbor 3.3.3.3 ebgp-multihop 5
neighbor 3.3.3.3 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
neighbor 3.3.3.3 next-hop-unchanged
exit-address-family
!

R2:

router bgp 600
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 600
neighbor 1.1.1.1 update-source Loopback0
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf A
redistribute rip
no synchronization
exit-address-family
!

If R1 acts as Route Reflector then there’s no need of “no bgp default route-target filter”:

R1:

router bgp 600
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 600
neighbor 2.2.2.2 update-source Loopback0
neighbor 3.3.3.3 remote-as 700
neighbor 3.3.3.3 ebgp-multihop 5
neighbor 3.3.3.3 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
neighbor 2.2.2.2 route-reflector-client
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
neighbor 3.3.3.3 next-hop-unchanged
exit-address-family
!

13 Oct

CCIE SP – Multihop MP-BGP for Inter-AS MPLS VPN

Posted by Shafagh in IP Routing, MPLS, SP. Leave a Comment

The third option for Inter-AS MPLS VPN is using multihop feature of eBGP between VPNv4 PE routers directly from one SP to another one. In the previous posts, we reviewed two other options:

Back to back VRF Inter-AS MPLS VPN

External MP-BGP for VPNv4

In the multihop MP-eBGP, LSP is built end-to-end by PE routers between providers. ASBRs only provide routing between PE routers within two autonomous systems. With having PE routing information, VPNv4 BGP can be built directly from one VRF to another VRF by eBGP multihop between MP-BGP neighbors at different autonomous systems. So that VPN PE routers do not need to run BGP with anyone else and routing information is not exchanged with ASBRs. Let’s go back to our example:

Now we extend the VPN with end-to-end LSP from AS700 VPN-PE (R3) to other PE (R2) at AS 600:

ASBRs (R6 & R7) exchange routes for R2 and R3 reachability.
R6 advertises prefix 2.2.2.2/32 and R7 advertises 3.3.3.3/32 (both ASBR advertise internal MP-eBGP PE routers)
R6 and R7 redistribute the received BGP route of other PE to their IGP for creating multihop reachability.
R6 and R7, exchange labels by “neighbor x.x.x.x send-label” command to join the end to end LSP.

PE Configuration

R3:

ip vrf A
rd 3.3.3.3:1
route-target export 700:1
route-target import 600:1
!
router ospf 1
mpls ldp autoconfig area 0
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
router rip
version 2
no auto-summary
!
address-family ipv4 vrf A
redistribute bgp 700 metric transparent
network 172.16.0.0
no auto-summary
exit-address-family
!
router bgp 700
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 600
neighbor 2.2.2.2 ebgp-multihop 6
neighbor 2.2.2.2 update-source Loopback0
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf A
redistribute rip
no synchronization
exit-address-family
!

R3#sh ip bgp vpn all
BGP table version is 24, local router ID is 3.3.3.3

   Network          Next Hop        Metric Weight Path
Route Distinguisher: 2.2.2.2:1
*> 150.1.4.4/32     2.2.2.2              1       0 600 ?
*> 172.16.24.0/24   2.2.2.2              0       0 600 ?
*> 172.16.45.0/24   2.2.2.2              1       0 600 ?
Route Distinguisher: 3.3.3.3:1 (default for vrf A)
*> 150.1.4.4/32     2.2.2.2              1       0 600 ?
*> 150.1.5.5/32     172.16.35.5          1       32768 ?
*> 172.16.24.0/24   2.2.2.2              0       0 600 ?
*> 172.16.35.0/24   0.0.0.0              0       32768 ?
* 172.16.45.0/24   2.2.2.2              1       0 600 ?
*>                  172.16.35.5          1       32768 ?

R3#sh ip bgp vpn all label
   Network          Next Hop      In label/Out label
Route Distinguisher: 2.2.2.2:1
   150.1.4.4/32     2.2.2.2         nolabel/16
   172.16.24.0/24   2.2.2.2         nolabel/20
   172.16.45.0/24   2.2.2.2         nolabel/21
Route Distinguisher: 3.3.3.3:1 (A)
   150.1.4.4/32     2.2.2.2         nolabel/16
   150.1.5.5/32     172.16.35.5     24/nolabel
   172.16.24.0/24   2.2.2.2         nolabel/20
   172.16.35.0/24   0.0.0.0         23/aggregate(A)
   172.16.45.0/24   2.2.2.2         22/21
                    172.16.35.5     22/nolabel

R3#sh mpls forwarding-table
Local Outgoing    Prefix             Outgoing Next Hop
tag    tag or VC   or Tunnel Id       interface
16     17          2.2.2.2/32         Et0/0     172.16.30.10
17     Pop tag     172.16.70.0/24     Et0/0     172.16.30.10
18     16          7.7.7.7/32         Et0/0     172.16.30.10
20     Pop tag     10.10.10.10/32     Et0/0     172.16.30.10
22     Untagged    172.16.45.0/24[V] Et0/1     172.16.35.5
23     Aggregate   172.16.35.0/24[V]
24     Untagged    150.1.5.5/32[V]    Et0/1     172.16.35.5

R0:

R0#sh mpls forwarding-table
Local Outgoing    Prefix            Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      interface
16     Pop tag     7.7.7.7/32        Et0/0      172.16.70.7
17     20          2.2.2.2/32        Et0/0      172.16.70.7
19     Pop tag     3.3.3.3/32        Et0/1      172.16.30.3

R7:

router ospf 10
log-adjacency-changes
redistribute bgp 700 metric-type 1 subnets route-map AS600->MPBGP
network 7.7.7.7 0.0.0.0 area 0
network 172.16.70.0 0.0.0.255 area 0
!
router bgp 700
bgp log-neighbor-changes
neighbor 172.16.67.6 remote-as 600
!
address-family ipv4
neighbor 172.16.67.6 activate
neighbor 172.16.67.6 send-label
no auto-summary
no synchronization
network 3.3.3.3 mask 255.255.255.255
exit-address-family
!
ip prefix-list AS600->MPBGP seq 5 permit 2.2.2.2/32
!
route-map AS600->MPBGP permit 10
match ip address prefix-list AS600->MPBGP
!

R7#sh mpls forwarding-table
Local Outgoing    Prefix            Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      interface
16     19          3.3.3.3/32        Et0/0      172.16.70.10
17     Pop tag     172.16.30.0/24    Et0/0      172.16.70.10
18     Pop tag     10.10.10.10/32    Et0/0      172.16.70.10
19     Pop tag     172.16.67.6/32    Et0/1.10   172.16.67.6
20     18          2.2.2.2/32        Et0/1.10   172.16.67.6

CE Router:

R5#trace 150.1.4.4 source 150.1.5.5

1 172.16.35.3
2 172.16.30.10 [MPLS: Labels 17/16 Exp 0]
3 172.16.70.7 [MPLS: Labels 20/16 Exp 0]
4 172.16.67.6 [MPLS: Labels 18/16 Exp 0]
5 172.16.16.1 [MPLS: Labels 18/16 Exp 0]
6 172.16.24.2 [MPLS: Label 16 Exp 0]
7 172.16.24.4

12 Oct

CCIE SP – External MP-BGP for VPNv4

Posted by Shafagh in IP Routing, MPLS, SP. Leave a Comment

In the previous post, we reviewed VRF-to-VRF Inter-AS MPLS VPNs, now we want to go over the other option, which is the use of MP-eBGP at ASBRs for prefix exchange. This method is more scalable and felixable than back-to-back VRFs and only one interface is required between providers routers.

No VRF is required.
Automatic Route filtering must be disabled (no bgp default route-target filter)
MPLS Label switching between providers is required (using MP-eBGP)
Next-hop-self is required on ASBRs for internal PE neighbors.
Eliminates the need of any other label protocol like LDP/TDP between two ASBRs.
non-VPN networks can act as transit network for VPN traffic.

With reference to our previous setup, we are going to create MP-iBGP between PEs inside AS and MP-eBGP between ASBRs.

PE Configurations

R3:

ip vrf A
rd 3.3.3.3:1
route-target export 700:1
route-target import 600:1
!
router ospf 1
mpls ldp autoconfig area 0
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
router rip
version 2
no auto-summary
!
address-family ipv4 vrf A
redistribute bgp 700 metric transparent
network 172.16.0.0
no auto-summary
exit-address-family
!
router bgp 700
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 7.7.7.7 remote-as 700
neighbor 7.7.7.7 update-source Loopback0
!
address-family vpnv4
neighbor 7.7.7.7 activate
neighbor 7.7.7.7 send-community extended
exit-address-family
!
address-family ipv4 vrf A
redistribute rip
no synchronization
exit-address-family
!

R7:
router bgp 700
no bgp default ipv4-unicast
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 700
neighbor 3.3.3.3 update-source Loopback0
neighbor 172.16.67.6 remote-as 600
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
neighbor 3.3.3.3 next-hop-self
neighbor 172.16.67.6 activate
neighbor 172.16.67.6 send-community extended
exit-address-family
!

R7#sh mpls forwarding-table
Local Outgoing   Prefix         Bytes tag Outgoing Next Hop
tag    tag or VC or Tunnel Id   switched interface
16     19         3.3.3.3/32               Et0/0    172.16.70.10
17     Pop tag    172.16.30.0/24           Et0/0    172.16.70.10
18     Pop tag    10.10.10.10/32           Et0/0    172.16.70.10
19     26         2.2.2.2:1:172.16.24.0/24 Et0/1.10 172.16.67.6
20     25         2.2.2.2:1:150.1.4.4/32   Et0/1.10 172.16.67.6
21     24         2.2.2.2:1:172.16.45.0/24 Et0/1.10 172.16.67.6
22     Pop tag    172.16.67.6/32           Et0/1.10 172.16.67.6
23     24         3.3.3.3:1:150.1.5.5/32   Et0/0    172.16.70.10
24     22         3.3.3.3:1:172.16.45.0/24 Et0/0    172.16.70.10
25     23         3.3.3.3:1:172.16.35.0/24 Et0/0    172.16.70.10

R7#sh ip bgp vpnv4 all labels
   Network          Next Hop      In label/Out label
Route Distinguisher: 2.2.2.2:1
   150.1.4.4/32     172.16.67.6     20/25
   172.16.24.0/24   172.16.67.6     19/26
   172.16.45.0/24   172.16.67.6     21/24
Route Distinguisher: 3.3.3.3:1
   150.1.5.5/32     3.3.3.3         23/24
   172.16.35.0/24   3.3.3.3         25/23
   172.16.45.0/24   3.3.3.3         24/22

CE Trace-route

R5#sh ip route

     172.16.0.0/24 is subnetted, 3 subnets
C       172.16.45.0 is directly connected, Ethernet0/3
C       172.16.35.0 is directly connected, Ethernet0/0
R       172.16.24.0 [120/1] via 172.16.35.3, 00:00:25, Ethernet0/0
     150.1.0.0/32 is subnetted, 2 subnets
C       150.1.5.5 is directly connected, Loopback0
R       150.1.4.4 [120/1] via 172.16.35.3, 00:00:25, Ethernet0/0

R5#trace 150.1.4.4 source 150.1.5.5

1 172.16.35.3
2 172.16.30.10 [MPLS: Labels 16/20 Exp 0]
3 172.16.70.7 [MPLS: Label 20 Exp 0]
4 172.16.67.6 [MPLS: Label 25 Exp 0]
5 172.16.16.1 [MPLS: Labels 18/16 Exp 0]
6 172.16.24.2 [MPLS: Label 16 Exp 0]
7 172.16.24.4

12 Oct

CCIE SP – Back to Back VRF Inter-AS MPLS VPN

Posted by Shafagh in IP Routing, MPLS, SP. Leave a Comment

When customer’s sites are connected to different MPLS providers, there are several options available for providers to connect customer sites just like regular MLPS VPNs transparent to customers. In our example below, the Customer1 has two sites, each connected to an individual service provider. Service providers have several options to achieve this goal, the simplest one – is the VRF-to-VRF (as stated in RFC 4364) or the back-to-back VRF (as named by Cisco). SP connects to other SP through a VRF just like the way they connect to CE so that they can exchange IPv4 routes on that connection point. Each sub-interface between SP to SP has to be dedicated to a single VRF (single customer VPN). These PE routers between service providers are called ASBR. (R6 and R7 in our example)

In this method IP packets are forwarded between ASBRs and no form of LSP exists between providers. Although this form of connectivity is very basic however this is the widely deployed Inter-AS option used today.

CE routers (4 & 5) communicate with PE (R2 & R3) using RIP.
PE routers redistribute RIP routes into MP-iBGP (RT=600:1 & RT=700:1)
PE routers send routes to ASBR PE routers (R6 & R7) using MPLS Core.
ASBR routers redistribute MP-iBGP into RIP and send them to VRF.
ASBR routers recieve routes through RIP and export them as RT:600:1 fo AS700 and RT:700:1 for AS600 and import them on PE and redistribute them back to RIP for CE routers.

PE and ASBR Configuration of AS700

R3:

ip vrf A
rd 3.3.3.3:1
route-target export 700:1
route-target import 600:1
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Ethernet0/0
ip address 172.16.30.3 255.255.255.0
!
interface Ethernet0/1
ip vrf forwarding A
ip address 172.16.35.3 255.255.255.0
!
router ospf 1
mpls ldp autoconfig area 0
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
router rip
version 2
no auto-summary
!
address-family ipv4 vrf A
redistribute bgp 700 metric transparent
network 172.16.0.0
no auto-summary
exit-address-family
!
router bgp 700
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 7.7.7.7 remote-as 700
neighbor 7.7.7.7 update-source Loopback0
!
address-family vpnv4
neighbor 7.7.7.7 activate
neighbor 7.7.7.7 send-community extended
exit-address-family
!
address-family ipv4 vrf A
redistribute rip
no synchronization
exit-address-family
!

R7:

ip vrf A
rd 7.7.7.7:1
route-target export 600:1
route-target import 700:1
!
interface Loopback0
ip address 7.7.7.7 255.255.255.255
!
interface Ethernet0/0
ip address 172.16.70.7 255.255.255.0
mpls ip
!
interface Ethernet0/1.10
encapsulation dot1Q 10
ip vrf forwarding A
ip address 172.16.67.7 255.255.255.0
!
router ospf 10
log-adjacency-changes
network 7.7.7.7 0.0.0.0 area 0
network 172.16.70.0 0.0.0.255 area 0
!
router rip
version 2
no auto-summary
!
address-family ipv4 vrf A
redistribute bgp 700 metric transparent
network 172.16.0.0
no auto-summary
exit-address-family
!
router bgp 700
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 700
neighbor 3.3.3.3 update-source Loopback0
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
!
address-family ipv4 vrf A
redistribute rip
no synchronization
exit-address-family
!

PE and ASBR Configration of AS600

R2:

ip vrf A
rd 2.2.2.2:1
route-target export 600:1
route-target import 700:1
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Ethernet0/0
ip address 172.16.12.2 255.255.255.0
!
interface Ethernet0/2
ip vrf forwarding A
ip address 172.16.24.2 255.255.255.0
!
router ospf 1
mpls ldp autoconfig area 0
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
router rip
version 2
no auto-summary
!
address-family ipv4 vrf A
redistribute bgp 600 metric transparent
network 172.16.0.0
no auto-summary
exit-address-family
!
router bgp 600
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 6.6.6.6 remote-as 600
neighbor 6.6.6.6 update-source Loopback0
!
address-family vpnv4
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 send-community extended
exit-address-family
!
address-family ipv4 vrf A
redistribute rip
no synchronization
exit-address-family
!

R6:

ip vrf A
rd 6.6.6.6:1
route-target export 700:1
route-target import 600:1
!
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface Ethernet0/0
ip address 172.16.16.6 255.255.255.0
mpls ip
!
interface Ethernet0/1.10
encapsulation dot1Q 10
ip vrf forwarding A
ip address 172.16.67.6 255.255.255.0
!
router ospf 10
log-adjacency-changes
network 6.6.6.6 0.0.0.0 area 0
network 172.16.16.0 0.0.0.255 area 0
!

router rip
version 2
no auto-summary
!
address-family ipv4 vrf A
redistribute bgp 600 metric transparent
network 172.16.0.0
no auto-summary
exit-address-family
!
router bgp 600
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 600
neighbor 2.2.2.2 update-source Loopback0
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf A
redistribute rip
no synchronization
exit-address-family
!

CE Routers

R4#sh ip route

     172.16.0.0/24 is subnetted, 4 subnets
C       172.16.45.0 is directly connected, Ethernet0/3
R       172.16.35.0 [120/2] via 172.16.24.2, 00:00:02, Ethernet0/0
C       172.16.24.0 is directly connected, Ethernet0/0
R       172.16.67.0 [120/1] via 172.16.24.2, 00:00:02, Ethernet0/0
     150.1.0.0/32 is subnetted, 2 subnets
R       150.1.5.5 [120/3] via 172.16.24.2, 00:00:02, Ethernet0/0
C       150.1.4.4 is directly connected, Loopback0

R4#ping 150.1.5.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.5.5, timeout is 2 seconds:
.!!!!

R4#traceroute 150.1.5.5 source 150.1.4.4

Type escape sequence to abort.
Tracing the route to 150.1.5.5

1 172.16.24.2
2 172.16.12.1 [MPLS: Labels 16/22 Exp 0]
3 172.16.67.6 [MPLS: Label 22 Exp 0]
4 172.16.67.7
5 172.16.70.10 [MPLS: Labels 19/16 Exp 0]
6 172.16.35.3 [MPLS: Label 16 Exp 0]
7 172.16.35.5

11 Oct

CCIE SP – BGP as PE-CE

Posted by Shafagh in IP Routing, MPLS, SP. Leave a Comment

Usually service providers assign a unique AS number to each customer’s site for MPLS BGP routing (between PE and CE)… In our example, the Customer1, our favorite customer has four sites using R4, R5, R6 and R7 from AS64 to 67 to use MPLS backbone as transit network to deliver their applications. Customer1 is peering with AS666 (Provider) at each location:

Customer configuration on R4, R5, R6 and R7 is almost similar to each other:

R4:

router bgp 64
no synchronization
bgp log-neighbor-changes
network 150.1.4.4 mask 255.255.255.255
neighbor 172.16.24.2 remote-as 666
no auto-summary

Configuration of PE

R2:

ip vrf CUSTOMER1
rd 2.2.2.2:1
route-target export 666:1
route-target import 666:1
!
router bgp 666
no synchronization
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 666
neighbor 3.3.3.3 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
!
address-family ipv4 vrf CUSTOMER1
neighbor 172.16.24.4 remote-as 64
neighbor 172.16.24.4 activate
neighbor 172.16.26.6 remote-as 66
neighbor 172.16.26.6 activate
no synchronization
exit-address-family
!

R3:

ip vrf CUSTOMER1
rd 3.3.3.3:1
route-target export 666:1
route-target import 666:1
!
router bgp 666
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 666
neighbor 2.2.2.2 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf CUSTOMER1
neighbor 172.16.35.5 remote-as 65
neighbor 172.16.35.5 activate
neighbor 172.16.37.7 remote-as 67
neighbor 172.16.37.7 activate
no synchronization
network 30.30.30.30 mask 255.255.255.255
exit-address-family
!

R3#sh ip bgp vpnv4 vrf CUSTOMER1 summary
BGP router identifier 3.3.3.3, local AS number 666
BGP table version is 7, main routing table version 7
4 network entries using 548 bytes of memory
4 path entries using 272 bytes of memory
7/4 BGP path/bestpath attribute entries using 868 bytes of memory
4 BGP AS-PATH entries using 96 bytes of memory
1 BGP extended community entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1808 total bytes of memory
BGP activity 59/55 prefixes, 225/221 paths, scan interval 15 secs

Neighbor     V AS Rcvd Sent TblVer InQ OutQ Up/Down State/PfxRcd
172.16.35.5 4 65   98 101      7   0    0 01:33:48       1
172.16.37.7 4 67   99 102      7   0    0 01:34:07       1

R3#sh ip bgp vpnv4 all
BGP table version is 7, local router ID is 3.3.3.3

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 2.2.2.2:1 (default for vrf CUSTOMER1)
*>i150.1.4.4/32     2.2.2.2                  0    100      0 64 i
*> 150.1.5.5/32     172.16.35.5              0             0 65 i
*>i150.1.6.6/32     2.2.2.2                  0    100      0 66 i
*> 150.1.7.7/32     172.16.37.7              0             0 67 i

And the Customer1 routing table:

R7#sh ip route

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.37.0 is directly connected, Ethernet0/0
     150.1.0.0/32 is subnetted, 3 subnets
C       150.1.7.7 is directly connected, Loopback0
B       150.1.6.6 [20/0] via 172.16.37.3, 01:28:18
B       150.1.5.5 [20/0] via 172.16.37.3, 01:37:56
B       150.1.4.4 [20/0] via 172.16.37.3, 01:35:49

R7#ping 150.1.4.4 source 150.1.7.7
!!!!!
R7#ping 150.1.5.5 source 150.1.7.7
!!!!!
R7#ping 150.1.6.6 source 150.1.7.7
!!!!!

Now, what might happen if we put all customer’s sites into one autonomous system?

BGP has a loop prevention mechanism called AS_Path: If you see your own AS in an update, drop it… It’s a loop. Let’s try it and watch it in action:

PE Configuration

R2:
router bgp 666
no synchronization
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 666
neighbor 3.3.3.3 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
!
address-family ipv4 vrf CUSTOMER1
neighbor 172.16.24.4 remote-as 69
neighbor 172.16.24.4 activate
neighbor 172.16.26.6 remote-as 69
neighbor 172.16.26.6 activate
no synchronization
network 20.20.20.20 mask 255.255.255.255
exit-address-family

R3:

router bgp 666
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 666
neighbor 2.2.2.2 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf CUSTOMER1
neighbor 172.16.35.5 remote-as 69
neighbor 172.16.35.5 activate
neighbor 172.16.37.7 remote-as 69
neighbor 172.16.37.7 activate
no synchronization
network 30.30.30.30 mask 255.255.255.255
exit-address-family

From PE’s point of view, there’s no problemo:

R3#sh ip bgp vpn vrf CUSTOMER1
BGP table version is 11, local router ID is 30.30.30.30

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 3.3.3.3:1 (default for vrf CUSTOMER1)
*>i20.20.20.20/32   2.2.2.2                  0    100      0 i
*> 30.30.30.30/32   0.0.0.0                  0         32768 i
*>i150.1.4.4/32     2.2.2.2                  0    100      0 69 i
*> 150.1.5.5/32     172.16.35.5              0             0 69 i
*>i150.1.6.6/32     2.2.2.2                  0    100      0 69 i
*> 150.1.7.7/32     172.16.37.7              0             0 69 i

But look at CE (R4):

BGP(0): 172.16.24.2 rcv UPDATE about 150.1.7.7/32 — DENIED due to: AS-PATH contains our own AS;
BGP(0): 172.16.24.2 rcv UPDATE about 150.1.5.5/32 — DENIED due to: AS-PATH contains our own AS;
BGP(0): 172.16.24.2 rcv UPDATE about 150.1.6.6/32 — DENIED due to: AS-PATH contains our own AS;
BGP(0): Revise route installing 1 of 1 routes for 20.20.20.20/32 -> 172.16.24.2(main) to main IP table
BGP(0): Revise route installing 1 of 1 routes for 30.30.30.30/32 -> 172.16.24.2(main) to main IP table

R4#sh ip bgp
BGP table version is 4, local router ID is 150.1.4.4

   Network          Next Hop            Metric LocPrf Weight Path
*> 20.20.20.20/32   172.16.24.2              0             0 666 i
*> 30.30.30.30/32   172.16.24.2                            0 666 i
*> 150.1.4.4/32     0.0.0.0                  0         32768 i

CE does not accept routes to other CE routers as those are in its own AS. AS_PATH loop prevention method does not let them to install in RIB. There are two methods to solve this issue as workaround:

BGP AS-Override
BGP AllowAS-in

The first method replaces customer’s AS number with provider’s AS (by the PE).

The second method ignores own AS in AS_PATH (by CE).

Now, let’s try both:

BGP AS_Override

R2(config)#router bgp 666
R2(config-router)#add ipv4 vrf CUSTOMER1
R2(config-router-af)#neighbor 172.16.24.4 as-override
R2(config-router-af)#
%BGP-5-ADJCHANGE: neighbor 172.16.24.4 vpn vrf CUSTOMER1 Down AS-override change
%BGP-5-ADJCHANGE: neighbor 172.16.24.4 vpn vrf CUSTOMER1 Up

R4#sh ip bgp
BGP table version is 11, local router ID is 150.1.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

   Network          Next Hop    Metric LocPrf Weight Path
*> 20.20.20.20/32   172.16.24.2      0             0 666 i
*> 30.30.30.30/32   172.16.24.2                    0 666 i
*> 150.1.4.4/32     0.0.0.0          0         32768 i
*> 150.1.5.5/32     172.16.24.2                    0 666 666 i
*> 150.1.6.6/32     172.16.24.2                    0 666 666 i
*> 150.1.7.7/32     172.16.24.2                    0 666 666 i

BGP AllowAS_in

R5(config)#router bgp 69
R5(config-router)#neighbor 172.16.35.3 allowas-in
R5(config-router)#do cle ip bgp *
*Mar 3 07:48:05.946: %BGP-5-ADJCHANGE: neighbor 172.16.35.3 Down User reset
*Mar 3 07:48:06.918: %BGP-5-ADJCHANGE: neighbor 172.16.35.3 Up

R5(config-router)#^Z
R5#sh ip bgp
BGP table version is 7, local router ID is 150.1.5.5

   Network          Next Hop            Metric LocPrf Weight Path
*> 20.20.20.20/32   172.16.35.3                            0 666 i
*> 30.30.30.30/32   172.16.35.3              0             0 666 i
*> 150.1.4.4/32     172.16.35.3                            0 666 69 i
*> 150.1.5.5/32     0.0.0.0                  0         32768 i
*> 150.1.6.6/32     172.16.35.3                            0 666 69 i
*> 150.1.7.7/32     172.16.35.3                            0 666 69 i

AS_PATH loop prevention method is a good thing. When we ignore it, some bad things might happen to us… and BGP Site of Origin is introduced… BGP SOO keeps track of updates and the location that they are originated from, in an extended community, just like EIGRP SOO that we covered earlier.

BGP SOO is an extended community that helps us to prevent loop and suboptimal routing especially when a backdoor link is present in the network. We set it on PE routers as ingress route-map inside BGP configuration. If you want to do this for other routing protocols, you have to set it on interface with ip vrf site-map command.

R3(config)#route-map SOO
R3(config-route-map)#set extcommunity soo 666:1
R3(config-route-map)#router bgp 666
R3(config-router)#address-family ipv4 vrf CUSTOMER1
R3(config-router-af)#neighbor 172.16.35.5 route-map SOO in

…

R2#sh ip bgp vpnv4 all 150.1.5.5
BGP routing table entry for 2.2.2.2:1:150.1.5.5/32, version 58
Paths: (1 available, best #1, table CUSTOMER1)
Flag: 0×820
Advertised to update-groups:
     2          3
69, imported path from 3.3.3.3:1:150.1.5.5/32
    3.3.3.3 (metric 31) from 3.3.3.3 (3.3.3.3)
      Origin IGP, metric 0, localpref 100, valid, internal, best
      Extended Community: SoO:666:1 RT:666:1
      mpls labels in/out nolabel/23

Note: Don’t forget to set BGP SOO at each ingress point at each PE per CE neighbor.

11 Oct

CCIE SP – OSPF Super-Backbone

Posted by Shafagh in IP Routing, MPLS, SP. Leave a Comment

Once upon a time there was RIP and not so many problems with its simplicity! Nowadays networks are larger in scale and more complex in action, convergence time and redundancy are more important than ever. It’s not too bad, lots of fun for us… Once the customers want to use OSPF on C Routers, we have to provide OSPF on each PE and span customer area across MPLS backbone. It’s not difficult but there were some conceptual problems at first! Consistency of area LSAs while we are redistributing them on each PE router from OSPF to BGP and vice versa became an issue… Routes inside an area became IA (Inter-Area) across the MPLS network, reported by LSA type 3 network summary.

The Solution is simple, extend the customer backbone area across MPLS backbone using some virtual links… called “Sham Link”. Sham links help us to deliver routes as intra-area – regular routes – not the inter-area, resulting in better route selection. OSPF prefers intra-area routes to inter-area then external and after all NSSA external routes so it’s important to have routes as intra-area inside one area… Now let’s bring an example and the interesting part of configuration:

MPLSVPN-OSPF

Customer1, our favorite customer has 4 sites and area 0 is used and configured on all CE routers. Our mission is to make them connected to work! Now let’s start it without sham links and see what might happen. Configuration on CE routers:

router ospf 100
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0

Note1: By default OSPF external routes are not redistributed using “redistributed ospf”. Make sure to include the “external” keyword while configuring redistribution.

Note2: By default OSPF Domain-ID equals to Process-ID, so routers with same Process-ID are considered to be in same OSPF domain. When you use different OSPF Process-IDs make sure to modify Domain-ID to be equal between neighbors, unless you want to have your routes treated as the External-Type-2 for other OSPF routers in different domain.

PE Configuration:

router ospf 666 vrf CUSTOMER1
domain-id 0.0.0.10
redistribute bgp 666 subnets
network 172.16.0.0 0.0.255.255 area 0
!
router bgp 666
no synchronization
neighbor 3.3.3.3 remote-as 666
neighbor 3.3.3.3 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
!
address-family ipv4 vrf CUSTOMER1
redistribute ospf 666 vrf CUSTOMER1 match internal external 1 external 2
no synchronization
exit-address-family

R2#sh ip route vrf CUSTOMER1

     172.16.0.0/24 is subnetted, 5 subnets
B       172.16.45.0 [200/110] via 3.3.3.3, 00:02:52
B       172.16.37.0 [200/0] via 3.3.3.3, 00:02:52
B       172.16.35.0 [200/0] via 3.3.3.3, 00:02:52
C       172.16.24.0 is directly connected, Ethernet0/2
C       172.16.26.0 is directly connected, Ethernet0/1
     150.1.0.0/32 is subnetted, 4 subnets
B       150.1.7.7 [200/11] via 3.3.3.3, 00:02:52
O       150.1.6.6 [110/11] via 172.16.26.6, 00:03:07, Ethernet0/1
B       150.1.5.5 [200/11] via 3.3.3.3, 00:02:52
O       150.1.4.4 [110/11] via 172.16.24.4, 00:03:07, Ethernet0/2

R4#sh ip route

     172.16.0.0/24 is subnetted, 5 subnets
O IA    172.16.45.0 [110/120] via 172.16.24.2, 00:04:05, Ethernet0/0
O IA    172.16.37.0 [110/11] via 172.16.24.2, 00:04:05, Ethernet0/0
O IA    172.16.35.0 [110/11] via 172.16.24.2, 00:04:05, Ethernet0/0
C       172.16.24.0 is directly connected, Ethernet0/0
O       172.16.26.0 [110/20] via 172.16.24.2, 00:04:06, Ethernet0/0
     150.1.0.0/32 is subnetted, 4 subnets
O IA    150.1.7.7 [110/21] via 172.16.24.2, 00:04:06, Ethernet0/0
O       150.1.6.6 [110/21] via 172.16.24.2, 00:04:06, Ethernet0/0
O IA    150.1.5.5 [110/21] via 172.16.24.2, 00:04:05, Ethernet0/0
C       150.1.4.4 is directly connected, Loopback0

But once we connect the backdoor link between R4 and R5:

R4(config)#int e 0/3
R4(config-if)#no shut
%LINK-3-UPDOWN: Interface Ethernet0/3, changed state to up

R4(config-if)#ip os cost 100
R4(config-if)#do sh ip route

     172.16.0.0/24 is subnetted, 5 subnets
C       172.16.45.0 is directly connected, Ethernet0/3
O       172.16.37.0 [110/120] via 172.16.45.5, 00:00:22, Ethernet0/3
O       172.16.35.0 [110/110] via 172.16.45.5, 00:00:22, Ethernet0/3
C       172.16.24.0 is directly connected, Ethernet0/0
O       172.16.26.0 [110/20] via 172.16.24.2, 00:00:22, Ethernet0/0
     150.1.0.0/32 is subnetted, 4 subnets
O       150.1.7.7 [110/121] via 172.16.45.5, 00:00:22, Ethernet0/3
O       150.1.6.6 [110/21] via 172.16.24.2, 00:00:22, Ethernet0/0
O       150.1.5.5 [110/101] via 172.16.45.5, 00:00:22, Ethernet0/3
C       150.1.4.4 is directly connected, Loopback0

Even after increasing the backdoor cost by ‘ip ospf cost’ command, routes through backdoor are prefered, why? Because intra-area routes are better than inter-area routes regardless of metric. Now the magical ‘sham-link’ comes into the play:

R2:

R2(config)#int loopback 1
%LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1, changed state to up

R2(config-if)#ip address 20.20.20.20 255.255.255.255
R2(config-if)#router bgp 666
R2(config-router)#address-family ipv4 vrf CUSTOMER1
R2(config-router-af)#network 20.20.20.20 mask 255.255.255.255
R2(config-router-af)#exit
R2(config-router)#router ospf 666 vrf CUSTOMER1
R2(config-router)#area 0 sham-link 20.20.20.20 30.30.30.30

%OSPF-5-ADJCHG: Process 666, Nbr 172.16.37.3 on OSPF_SL0 from LOADING to FULL, Loading Done

R2#sh ip os 666 sham
Sham Link OSPF_SL0 to address 30.30.30.30 is up
Area 0 source address 20.20.20.20
Run as demand circuit
DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40,
    Hello due in 00:00:02
    Adjacency State FULL (Hello suppressed)
    Index 3/3, retransmission queue length 0, number of retransmission 2
    First 0×0(0)/0×0(0) Next 0×0(0)/0×0(0)
    Last retransmission scan length is 1, maximum is 6
    Last retransmission scan time is 0 msec, maximum is 0 msec

R2#sh ip route vrf CUSTOMER1

     20.0.0.0/32 is subnetted, 1 subnets
C       20.20.20.20 is directly connected, Loopback1
     172.16.0.0/24 is subnetted, 5 subnets
O       172.16.45.0 [110/110] via 172.16.24.4, 00:02:00, Ethernet0/2
O       172.16.37.0 [110/11] via 3.3.3.3, 00:02:00
O       172.16.35.0 [110/11] via 3.3.3.3, 00:02:00
C       172.16.24.0 is directly connected, Ethernet0/2
C       172.16.26.0 is directly connected, Ethernet0/1
     150.1.0.0/32 is subnetted, 4 subnets
O       150.1.7.7 [110/12] via 3.3.3.3, 00:02:00
O       150.1.6.6 [110/11] via 172.16.26.6, 00:02:00, Ethernet0/1
O       150.1.5.5 [110/12] via 3.3.3.3, 00:02:01
O       150.1.4.4 [110/11] via 172.16.24.4, 00:02:01, Ethernet0/2
     30.0.0.0/32 is subnetted, 1 subnets
B       30.30.30.30 [200/0] via 3.3.3.3, 00:03:09

R4#show ip route

     20.0.0.0/32 is subnetted, 1 subnets
O E2    20.20.20.20 [110/1] via 172.16.24.2, 00:02:34, Ethernet0/0
     172.16.0.0/24 is subnetted, 5 subnets
C       172.16.45.0 is directly connected, Ethernet0/3
O       172.16.37.0 [110/21] via 172.16.24.2, 00:02:34, Ethernet0/0
O       172.16.35.0 [110/21] via 172.16.24.2, 00:02:34, Ethernet0/0
C       172.16.24.0 is directly connected, Ethernet0/0
O       172.16.26.0 [110/20] via 172.16.24.2, 00:02:34, Ethernet0/0
     150.1.0.0/32 is subnetted, 4 subnets
O       150.1.7.7 [110/22] via 172.16.24.2, 00:02:34, Ethernet0/0
O       150.1.6.6 [110/21] via 172.16.24.2, 00:02:34, Ethernet0/0
O       150.1.5.5 [110/22] via 172.16.24.2, 00:02:34, Ethernet0/0
C       150.1.4.4 is directly connected, Loopback0
     30.0.0.0/32 is subnetted, 1 subnets
O E2    30.30.30.30 [110/1] via 172.16.24.2, 00:02:35, Ethernet0/0

R3:

interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Loopback1
ip vrf forwarding CUSTOMER1
ip address 30.30.30.30 255.255.255.255
!
interface Ethernet0/0
ip address 172.16.30.3 255.255.255.0
!
interface Ethernet0/1
ip vrf forwarding CUSTOMER1
ip address 172.16.35.3 255.255.255.0
!
interface Ethernet0/2
ip vrf forwarding CUSTOMER1
ip address 172.16.37.3 255.255.255.0
!
router ospf 666 vrf CUSTOMER1
domain-id 0.0.0.10
log-adjacency-changes
area 0 sham-link 30.30.30.30 20.20.20.20
redistribute bgp 666 subnets
network 172.16.0.0 0.0.255.255 area 0
!
router ospf 1
mpls ldp autoconfig area 0
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
router bgp 666
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 666
neighbor 1.1.1.1 update-source Loopback0
neighbor 2.2.2.2 remote-as 666
neighbor 2.2.2.2 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf CUSTOMER1
redistribute ospf 666 vrf CUSTOMER1 match internal external 1 external 2
no synchronization
network 30.30.30.30 mask 255.255.255.255
exit-address-family
!

R3#show ip ospf 666 neighbor

Neighbor ID   Pri   State      Dead Time   Address       Interface
150.1.7.7       1   FULL/DR    00:00:34    172.16.37.7   Ethernet0/2
150.1.5.5       1   FULL/DR    00:00:36    172.16.35.5   Ethernet0/1
172.16.26.2     0   FULL/ -      -        20.20.20.20   OSPF_SL0

Final Note: The sham link source and destination should not be included in OSPF network that’s why we are advertising them in BGP domain.

« Older Entries

Newer Entries »

	CCIE SP Lab Blog on CCIE SP – Multicast…
	ndmtech on Cisco VPN Client for Windows…
	Shafagh on Xirrus
	Abdullah on Xirrus
	Shafagh on Xirrus

Shafagh.com Shafagh Zandi Official Blog

Configuration

Verification

Configuration

Verification

R2 Verification

R6 Verification

Configuration

Configurations

PE Configuration

PE Configurations

CE Trace-route

PE and ASBR Configuration of AS700

PE and ASBR Configration of AS600

CE Routers

Configuration of PE

PE Configuration

BGP AS_Override

BGP AllowAS_in

PE Configuration:

R2:

R3:

Author:

Recent Posts

Categories

Archives

Recent Comments

RSS Feed

Blogroll

Links

CCIE Training