MPLS: Inter-AS VPNs – Option 2-C – Multi-hop between ASBRs
Simple Topology to understand Inter-AS VPNs using Option 2C: Multi-hop between ASBRs
· PE1, P1 and ASBR1 are part of AS 100.
· PE2, P2 and ASBR2 are part of AS 200.
· ASBR1 and ASBR2 are peering MP-BGP VPNv4 using loopbacks, ebgp-multi-hop is required (simply assume ASBRs are not directly connected, there might be some other routers in between)
Label Distribution:
· Label distribution is same as described in the previous posts Option 2A or 2B, except that now we need to enable MPLS between ASBRS to reach their loopbacks.
· Since ASBRs are not directly connected, we need to build the transport label to reach their loopbacks from each other. (I should run IGP between ASBRs)
· If I configure with next-hop-self command on ASBRs towards PEs, now I have Transport labels between ASBRs. This is only the difference.
I have used EIGRP between ASBRs:
ASBR1(config-router)#router eigrp 100
ASBR1(config-router)#network 100.1.78.7 0.0.0.0
ASBR1(config-router)#network 7.7.7.7 0.0.0.0
ASBR1(config-router)#no auto-summary
*Jun 21 22:54:12.453: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 100.1.78.8 (Serial1/1) is up: new adjacency
ASBR1(config-router)#int ser1/1
ASBR1(config-if)#mpls ip
ASBR1(config-if)#
*Jun 21 22:54:47.357: %LDP-5-NBRCHG: LDP Neighbor 8.8.8.8:0 (2) is UP
ASBR1(config-if)#
ASBR2(config-router)#router eigrp 100
ASBR2(config-router)#network 100.1.78.8 0.0.0.0
ASBR2(config-router)#no auto-summary
*Jun 21 22:54:12.757: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 100.1.78.7 (Serial1/1) is up: new adjacency
ASBR2(config-router)#network 8.8.8.8 0.0.0.0
ASBR2(config-router)#int ser1/1
ASBR2(config-if)#mpls ip
ASBR2(config-if)#
*Jun 21 22:54:47.581: %LDP-5-NBRCHG: LDP Neighbor 7.7.7.7:0 (2) is UP
ASBR2(config-if)#
EBGP between ASBRs using loopbacks
ASBR1(config-router)#do show run | begin router bgp 100
router bgp 100
bgp router-id 7.7.7.7
no bgp default ipv4-unicast
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
neighbor 8.8.8.8 remote-as 200
neighbor 8.8.8.8 ebgp-multihop 255
neighbor 8.8.8.8 update-source Loopback0
neighbor 100.1.78.8 remote-as 200
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
neighbor 1.1.1.1 next-hop-self
neighbor 8.8.8.8 activate
neighbor 8.8.8.8 send-community extended
exit-address-family
!
ASBR2(config-router-af)#do show run | begin router bgp 200
router bgp 200
bgp router-id 8.8.8.8
no bgp default ipv4-unicast
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 4.4.4.4 remote-as 200
neighbor 4.4.4.4 update-source Loopback0
neighbor 7.7.7.7 remote-as 100
neighbor 7.7.7.7 ebgp-multihop
neighbor 7.7.7.7 update-source Loopback0
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
neighbor 4.4.4.4 next-hop-self
neighbor 7.7.7.7 activate
neighbor 7.7.7.7 send-community extended
exit-address-family
!
PE1#show ip bgp vpnv4 all
BGP table version is 15, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*> 10.1.15.0/24 0.0.0.0 0 32768 ?
*>i10.1.46.0/24 7.7.7.7 0 100 0 200 ?
*> 11.11.11.11/32 10.1.15.5 65 32768 ?
*>i12.12.12.12/32 7.7.7.7 0 100 0 200 ?
PE1#
CE1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.15.0 is directly connected, Serial1/0
O IA 10.1.46.0 [110/65] via 10.1.15.1, 00:06:17, Serial1/0
11.0.0.0/32 is subnetted, 1 subnets
C 11.11.11.11 is directly connected, Loopback0
12.0.0.0/32 is subnetted, 1 subnets
O IA 12.12.12.12 [110/65] via 10.1.15.1, 00:06:17, Serial1/0
CE1#
CE1#ping 12.12.12.12
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.12.12.12, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 156/200/256 ms
CE1#
PE2#show ip bgp vpnv4 all
BGP table version is 9, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*>i10.1.15.0/24 8.8.8.8 0 100 0 100 ?
*> 10.1.46.0/24 0.0.0.0 0 32768 ?
*>i11.11.11.11/32 8.8.8.8 0 100 0 100 ?
*> 12.12.12.12/32 10.1.46.6 65 32768 ?
PE2#
CE2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 2 subnets
O IA 10.1.15.0 [110/65] via 10.1.46.4, 00:07:36, Serial1/0
C 10.1.46.0 is directly connected, Serial1/0
11.0.0.0/32 is subnetted, 1 subnets
O IA 11.11.11.11 [110/65] via 10.1.46.4, 00:07:36, Serial1/0
12.0.0.0/32 is subnetted, 1 subnets
C 12.12.12.12 is directly connected, Loopback0
CE2#
CE2#ping 11.11.11.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 144/184/240 ms
CE2#
Observations:
· Mutual redistribution between OSPF VRF and MP-BGP is working fine.
· CE routers are successfully learning the routers from other CE.
· In PE2, next-hop is 8.8.8.8 (ASBR2) for 11.11.11.11/32
· In PE1, next-hop is 7.7.7.7 (ASBR1) for 12.12.12.12/32
Let’s observe next-hop values on ASBRs:
ASBR1#show ip bgp vpnv4 all
BGP table version is 17, local router ID is 7.7.7.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1
*>i10.1.15.0/24 1.1.1.1 0 100 0 ?
*> 10.1.46.0/24 8.8.8.8 0 200 ?
*>i11.11.11.11/32 1.1.1.1 65 100 0 ?
*> 12.12.12.12/32 8.8.8.8 0 200 ?
ASBR1#
Observations:
· Next-hop is 1.1.1.1 for the routes advertised by PE1 (11.11.11.11/32)
· Next-hop is 8.8.8.8 for the routes advertised by PE2 (12.12.12.12/32); original next-hop 4.4.4.4 is changed by ASBR2 while sending it to ASBR1.
ASBR2#show ip bgp vpnv4 all
BGP table version is 17, local router ID is 8.8.8.8
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1
*> 10.1.15.0/24 7.7.7.7 0 100 ?
*>i10.1.46.0/24 4.4.4.4 0 100 0 ?
*> 11.11.11.11/32 7.7.7.7 0 100 ?
*>i12.12.12.12/32 4.4.4.4 65 100 0 ?
ASBR2#
Observations:
· Next-hop is 4.4.4.4 for the routes advertised by PE2 (12.12.12.12/32)
· Next-hop is 7.7.7.7 for the routes advertised by PE1 (11.11.11.11/32); original next-hop 1.1.1.1 is changed by ASBR1 while sending it to ASBR2.
Let’s see what is happening with the labels
We will observe labels for 11.11.11.11 and 12.12.12.12
PE1#show ip bgp vpnv4 all labels
Network Next Hop In label/Out label
Route Distinguisher: 100:1 (VPN_A)
10.1.15.0/24 0.0.0.0 21/aggregate(VPN_A)
10.1.46.0/24 7.7.7.7 nolabel/27
11.11.11.11/32 10.1.15.5 22/nolabel
12.12.12.12/32 7.7.7.7 nolabel/26
PE1#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 2.2.2.2/32 0 Se1/1 point2point
17 Pop tag 100.1.27.0/24 0 Se1/1 point2point
18 17 7.7.7.7/32 0 Se1/1 point2point
21 Aggregate 10.1.15.0/24[V] 520
22 Untagged 11.11.11.11/32[V] 1040 Se1/0 point2point
PE1#
PE1#show ip cef vrf VPN_A 12.12.12.12
12.12.12.12/32, version 20, epoch 0, cached adjacency to Serial1/1
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Se1/1, point2point, tags imposed: {17 26}
via 7.7.7.7, 0 dependencies, recursive
next hop 100.1.12.2, Serial1/1 via 7.7.7.7/32
valid cached adjacency
tag rewrite with Se1/1, point2point, tags imposed: {17 26}
PE1#
PE2#show ip bgp vpnv4 all labels
Network Next Hop In label/Out label
Route Distinguisher: 100:1 (VPN_A)
10.1.15.0/24 8.8.8.8 nolabel/25
10.1.46.0/24 0.0.0.0 21/aggregate(VPN_A)
11.11.11.11/32 8.8.8.8 nolabel/21
12.12.12.12/32 10.1.46.6 22/nolabel
PE2#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 100.1.38.0/24 0 Se1/1 point2point
17 Pop tag 3.3.3.3/32 0 Se1/1 point2point
18 17 8.8.8.8/32 0 Se1/1 point2point
21 Aggregate 10.1.46.0/24[V] 1040
22 Untagged 12.12.12.12/32[V] 520 Se1/0 point2point
PE2#
PE2#show ip cef vrf VPN_A 11.11.11.11
11.11.11.11/32, version 22, epoch 0, cached adjacency to Serial1/1
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Se1/1, point2point, tags imposed: {17 21}
via 8.8.8.8, 0 dependencies, recursive
next hop 100.1.34.3, Serial1/1 via 8.8.8.8/32
valid cached adjacency
tag rewrite with Se1/1, point2point, tags imposed: {17 21}
PE2#
ASBR1#show ip bgp vpnv4 all labels
Network Next Hop In label/Out label
Route Distinguisher: 100:1
10.1.15.0/24 1.1.1.1 23/21
10.1.46.0/24 8.8.8.8 27/26
11.11.11.11/32 1.1.1.1 25/22
12.12.12.12/32 8.8.8.8 26/27
ASBR1#
ASBR1#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 16 1.1.1.1/32 0 Se1/0 point2point
17 Pop tag 2.2.2.2/32 0 Se1/0 point2point
18 Pop tag 100.1.12.0/24 0 Se1/0 point2point
23 21 100:1:10.1.15.0/24 \
560 Se1/0 point2point
25 22 100:1:11.11.11.11/32 \
1120 Se1/0 point2point
26 27 100:1:12.12.12.12/32 \
540 Se1/1 point2point
27 26 100:1:10.1.46.0/24 \
1080 Se1/1 point2point
28 Pop tag 8.8.8.8/32 0 Se1/1 point2point
ASBR1#
ASBR2#show ip bgp vpnv4 all labels
Network Next Hop In label/Out label
Route Distinguisher: 100:1
10.1.15.0/24 7.7.7.7 25/23
10.1.46.0/24 4.4.4.4 26/21
11.11.11.11/32 7.7.7.7 21/25
12.12.12.12/32 4.4.4.4 27/22
ASBR2#
ASBR2#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 100.1.34.0/24 0 Se1/0 point2point
17 Pop tag 3.3.3.3/32 0 Se1/0 point2point
18 16 4.4.4.4/32 0 Se1/0 point2point
21 25 100:1:11.11.11.11/32 \
1080 Se1/1 point2point
25 23 100:1:10.1.15.0/24 \
540 Se1/1 point2point
26 21 100:1:10.1.46.0/24 \
1120 Se1/0 point2point
27 22 100:1:12.12.12.12/32 \
560 Se1/0 point2point
28 Pop tag 7.7.7.7/32 0 Se1/1 point2point
ASBR2#
Observation:
· Since I have used next-hop-self option, the VPN labels is changed twice by ASBRs between PEs.
· Now I have transport label between ASBRs, as of now it is implicit-null label (you can see a normal label if you have a router(s) between ASBRs)
P1#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 1.1.1.1/32 56121 Se1/1 point2point
17 Pop tag 7.7.7.7/32 70241 Se1/0 point2point
P1#
P2#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 4.4.4.4/32 64080 Se1/1 point2point
17 Pop tag 8.8.8.8/32 69271 Se1/0 point2point
P2#
CE1#trace 12.12.12.12
Type escape sequence to abort.
Tracing the route to 12.12.12.12
1 10.1.15.1 72 msec 64 msec 24 msec
2 100.1.12.2 [MPLS: Labels 17/26 Exp 0] 180 msec 184 msec 204 msec
3 100.1.27.7 [MPLS: Label 26 Exp 0] 188 msec 236 msec 220 msec
4 100.1.78.8 [MPLS: Label 27 Exp 0] 212 msec 236 msec 184 msec
5 100.1.38.3 [MPLS: Labels 16/22 Exp 0] 160 msec 200 msec 144 msec
6 10.1.46.4 [MPLS: Label 22 Exp 0] 216 msec 140 msec 188 msec
7 10.1.46.6 216 msec * 220 msec
CE1#
CE2#trace 11.11.11.11
Type escape sequence to abort.
Tracing the route to 11.11.11.11
1 10.1.46.4 72 msec 64 msec 28 msec
2 100.1.34.3 [MPLS: Labels 17/21 Exp 0] 216 msec 216 msec 220 msec
3 100.1.38.8 [MPLS: Label 21 Exp 0] 220 msec 228 msec 128 msec
4 100.1.78.7 [MPLS: Label 25 Exp 0] 204 msec 188 msec 188 msec
5 100.1.27.2 [MPLS: Labels 16/22 Exp 0] 268 msec 184 msec 188 msec
6 10.1.15.1 [MPLS: Label 22 Exp 0] 204 msec 164 msec 192 msec
7 10.1.15.5 248 msec * 192 msec
CE2#
No comments:
Post a Comment