Thursday 21 June 2012

MPLS: Inter-AS VPNs - Option (2A) – next-hop-self on ASBRs

MPLS: Inter-AS VPNs - Option (2A) – next-hop-self on ASBRs

Simple Topology to understand Inter-AS VPNs using Option 2A:



·         PE1, P1 and ASBR1 are part of AS 100.
·         PE2, P2 and ASBR2 are part of AS 200.
·         ASBR1 and ASBR2 are peering MP-BGP VPNv4.

Label Distribution:

·         LSP must be setup between PE1 & ASBR1 and PE2 and ASBR2 to build the transport label. (You can use LDP, TDP or RSVP-TE for label distribution).
·         Assume that PE2 is using label A to reach ASBR2's loopback and P2 is using label B to reach ASBR2’s loopback.
·         Assume that ASBR1 is using label E to reach P1’s loopback and P1 is using label F to reach PE1’s loopback.

·         CE1 will advertise its loopback 11.11.11.11 to PE1
·         PE1 assigns a label X to this prefix 11.11.11.11 and this is called VPN label.
·         Since PE1 has ibgp VPNV4 neighbor relationship with ASBR1, PE1 advertises this prefix to ASBR1 along with the label X.
·         For this prefix 11.11.11.11, ASBR1 will have next-hop of PE’1 loopback 1.1.1.1

·         Since ASBR1 has ASBR2 as ebgp VPNV4 neighbor, ASBR1 has to forward this prefix to ASBR2.
·         But, ASBR1 will change the next-hop to itself (7.7.7.7) for the prefix.
·         Also ASBR1 will assign a new VPN label since the next-hop value is changed, let’s say ASBR1 has assigned label Y.
·         ASBR1 advertises this prefix to ASBR2 along with the label Y.
·         For this prefix 11.11.11.11, ASBR2 will have next-hop as ASBR1’s ser1/1 interface address 100.1.78.7

·         Since ASBR2 has PE2 as ibgp VPNV4 neighbor, ASBR2 has to forward this prefix to PE2.
·         But, ASBR2 has next-hop-self command towards PE2, so it has to change the next-hop to itself (8.8.8.8) for the prefix.
·         Also ASBR2 will assign a new VPN Label since the next-hop is changed, let’s say the ASBR2 has assigned label Z.
·         ASBR 2 advertises this prefix to PE2 along with the label Z.
·         For this prefix 11.11.11.11, PE2 will have next-hop as ASBR2’s loopback, 8.8.8.8

·         PE2 advertises this route to CE2.

Actual Data path:

·         Let’s assume CE2 wants to send some data to CE1’s loopback 11.11.11.11
·         PE2 gets this request on the VRF link
·         To reach 11.11.11.11, PE2 will use label Z; and since the next-hop is 8.8.8.8, it will also use label A (this is called label stacking, lower label is VPN label Z, and top label is Transport label A) and sends it to P1.
·         P2 gets this MPLS packet and finds top label A and swaps it with label B and sends it to ASBR2.
·        
·         ASBR2 gets this MPLS packet and pops the top label and finds VPN Label Z.
·         ASBR2 swaps the VPN Label to Y and sends it to ASBR1.
·        
·         ASBR1 gets this packet and finds that, to reach 11.11.11.11, the label is X; and since the next-hop is 1.1.1.1, it will use label E (this is called label stacking, lower label is VPN label X, and top label is Transport label E) and sends it to P1.
·         P1 gets this MPLS Packet and swaps the top label E with label F and sends it to PE1.
·         PE1 pops the top label F and finds another label X.
·         PE1 performs another lookup on label X and finds that it belongs to VRF between PE1-CE1
·         Sends the unlabelled data to CE2.

To summarize:

·         The VPN label is not constant from PE1 to PE2.
·         It has changed twice in between,
·         Once by ASBR1 and then by ASBR2.
·         So, for the Data propagation, PE2 uses the label assigned by ASBR2, ASBR2 uses the label assigned by ASBR1 and ASBR uses the label assigned by PE1.
·         Transport label only is used between PE1 & ASBR1 and ASBR2 and PE2.
·         There is no transport label between ASBRs (we will see that in Inter-AS option 2C)


Configuration:

1.  Building the transport label between PE1 & ASBR1 and PE2 and ASBR2.
2.  Configuring VRF in PE1 and PE2
3.  Configuring CE-PE links
4.  Configure iBGP VPNV4 between PE1 & ASBR1 and PE2 and ASBR2.
5.  Redistribute between BGP and CE-PE protocol on PE1 and PE2
6.  Configure eBGP VPNV4 between ASBR1 and ASBR2.

Building the Transport Label between PE1 & ASBR1 and PE2 & ASBR2

PE1#show run | begin router ospf
router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 network 1.1.1.1 0.0.0.0 area 0
 network 100.1.12.1 0.0.0.0 area 0
!

P1#show run | begin router ospf
router ospf 1
 router-id 2.2.2.2
 log-adjacency-changes
 network 2.2.2.2 0.0.0.0 area 0
 network 100.1.12.2 0.0.0.0 area 0
 network 100.1.27.2 0.0.0.0 area 0
!

ASBR1#show run | begin router ospf
router-id 7.7.7.7
 log-adjacency-changes
 network 7.7.7.7 0.0.0.0 area 0
 network 100.1.27.7 0.0.0.0 area 0
!

PE1(config)#int ser1/1
PE1(config-if)#mpls ip
PE1(config-if)#
*Jun 21 13:55:35.627: %LDP-5-NBRCHG: LDP Neighbor 2.2.2.2:0 (1) is UP
PE1(config-if)#

P1(config)#int ser1/1
P1(config-if)#mpls ip
P1(config-if)#mpls ip
*Jun 21 13:55:34.619: %LDP-5-NBRCHG: LDP Neighbor 1.1.1.1:0 (1) is UP
P1(config-if)#int ser1/0
P1(config-if)#mpls ip
P1(config-if)#
*Jun 21 13:56:12.307: %LDP-5-NBRCHG: LDP Neighbor 7.7.7.7:0 (2) is UP
P1(config-if)#

ASBR1(config)#int ser1/0
ASBR1(config-if)#mpls ip
ASBR1(config-if)#
*Jun 21 13:56:04.315: %LDP-5-NBRCHG: LDP Neighbor 2.2.2.2:0 (1) is UP
ASBR1(config-if)#

PE1(config-if)#do trace 7.7.7.7 source 1.1.1.1

Type escape sequence to abort.
Tracing the route to 7.7.7.7

  1 100.1.12.2 [MPLS: Label 17 Exp 0] 76 msec 76 msec 48 msec
  2 100.1.27.7 44 msec *  56 msec
PE1(config-if)#

ASBR1(config-if)#do trace 1.1.1.1 source 7.7.7.7

Type escape sequence to abort.
Tracing the route to 1.1.1.1

  1 100.1.27.2 [MPLS: Label 16 Exp 0] 72 msec 72 msec 60 msec
  2 100.1.12.1 56 msec *  60 msec
ASBR1(config-if)#

Observations:

·         Connectivity is fine between PE1 and ASBR1.
·         LSP is successfully built between PE1 and ASBR1.

PE2#show run | begin router ospf
router-id 4.4.4.4
 log-adjacency-changes
 network 4.4.4.4 0.0.0.0 area 0
 network 100.1.34.4 0.0.0.0 area 0
!

P2#show run | begin router ospf
router-id 3.3.3.3
 log-adjacency-changes
 network 3.3.3.3 0.0.0.0 area 0
 network 100.1.34.3 0.0.0.0 area 0
 network 100.1.38.3 0.0.0.0 area 0
!

ASBR2#show run | begin router ospf
router-id 8.8.8.8
 log-adjacency-changes
 network 8.8.8.8 0.0.0.0 area 0
 network 100.1.38.8 0.0.0.0 area 0
!

PE2(config)#int ser1/1
PE2(config-if)#mpls ip
PE2(config-if)#
*Jun 21 13:55:12.139: %LDP-5-NBRCHG: LDP Neighbor 3.3.3.3:0 (1) is UP
PE2(config-if)#

P2(config)#int ser1/1
P2(config-if)#mpls ip
P2(config-if)#
*Jun 21 13:55:12.143: %LDP-5-NBRCHG: LDP Neighbor 4.4.4.4:0 (1) is UP
P2(config-if)#int ser1/0
P2(config-if)#mpls ip
P2(config-if)#
*Jun 21 13:55:46.103: %LDP-5-NBRCHG: LDP Neighbor 8.8.8.8:0 (2) is UP
P2(config-if)#

ASBR2(config)#int ser1/0
ASBR2(config-if)#mpls ip
ASBR2(config-if)#
*Jun 21 13:56:04.163: %LDP-5-NBRCHG: LDP Neighbor 3.3.3.3:0 (1) is UP
ASBR2(config-if)#

PE2(config-if)#do trace 8.8.8.8 source loop0

Type escape sequence to abort.
Tracing the route to 8.8.8.8

  1 100.1.34.3 [MPLS: Label 17 Exp 0] 72 msec 60 msec 48 msec
  2 100.1.38.8 28 msec *  68 msec
PE2(config-if)#

ASBR2(config-if)#do trace 4.4.4.4 source 8.8.8.8

Type escape sequence to abort.
Tracing the route to 4.4.4.4

  1 100.1.38.3 [MPLS: Label 16 Exp 0] 48 msec 60 msec 36 msec
  2 100.1.34.4 56 msec *  76 msec
ASBR2(config-if)#

Observations:

·         Connectivity is fine between PE2 and ASBR2.
·         LSP is successfully built between PE2 and ASBR2.

Configuring CE-PE Links (CE1-PE1 and CE2-PE2):

CE1(config-if)#do show run int ser1/0
Building configuration...

Current configuration : 102 bytes
!
interface Serial1/0
 ip address 10.1.15.5 255.255.255.0
 serial restart-delay 0
 no fair-queue
end

CE1(config-if)#do ping 10.1.15.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.15.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/40/72 ms
CE1(config-if)#

PE1(config-if)#do show run | begin ip vrf VPN_A
ip vrf VPN_A
 rd 100:1
 route-target export 100:1
 route-target import 100:1
!

PE1(config-if)#do show run int ser1/0
Building configuration...

Current configuration : 127 bytes
!
interface Serial1/0
 ip vrf forwarding VPN_A
 ip address 10.1.15.1 255.255.255.0
 serial restart-delay 0
 no fair-queue
end

PE1(config-if)#do ping vrf VPN_A 10.1.15.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.15.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/42/64 ms
PE1(config-if)#

Observations:

·         CE1-PE1 link is Up.
·         VRF is configured properly

CE2(config-if)#do show run int ser1/0
Building configuration...

Current configuration : 102 bytes
!
interface Serial1/0
 ip address 10.1.46.6 255.255.255.0
 serial restart-delay 0
 no fair-queue
end

CE2(config-if)#do ping 10.1.46.4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.46.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/39/60 ms
CE2(config-if)#

PE2(config-if)#do show run | begin ip vrf VPN_A
ip vrf VPN_A
 rd 100:1
 route-target export 100:1
 route-target import 100:1
!

PE2(config-if)#do show run int ser1/0
Building configuration...

Current configuration : 127 bytes
!
interface Serial1/0
 ip vrf forwarding VPN_A
 ip address 10.1.46.4 255.255.255.0
 serial restart-delay 0
 no fair-queue
end

PE2(config-if)#do ping vrf VPN_A 10.1.46.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.46.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/34/52 ms
PE2(config-if)#

Observations:

·         CE2-PE2 link is Up.
·         VRF is configured properly

Configuring OSPF as CE-PE protocol and CEs are advertising respective loopbacks into OSPF

CE1(config)#router ospf 100
CE1(config-router)#network 11.11.11.11 0.0.0.0 area 0
CE1(config-router)#network 10.1.15.5 0.0.0.0 area 0
CE1(config-router)#
*Jun 21 14:37:28.967: %OSPF-5-ADJCHG: Process 100, Nbr 10.1.15.1 on Serial1/0 from LOADING to FULL, Loading Done
CE1(config-router)#

PE1(config-router-af)#router ospf 100 vrf VPN_A
PE1(config-router)#network 10.1.15.1 0.0.0.0 area 0
PE1(config-router)#
*Jun 21 14:37:28.975: %OSPF-5-ADJCHG: Process 100, Nbr 11.11.11.11 on Serial1/0 from LOADING to FULL, Loading Done
PE1(config-router)#do show ip route vrf VPN_A

Routing Table: VPN_A
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 1 subnets
C       10.1.15.0 is directly connected, Serial1/0
     11.0.0.0/32 is subnetted, 1 subnets
O       11.11.11.11 [110/65] via 10.1.15.5, 00:02:47, Serial1/0
PE1(config-router)#do ping vrf VPN_A 11.11.11.11

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/42/92 ms
PE1(config-router)#

Observations:

·         OSPF configured properly between CE1 and PE1.
·         PE1 can ping CE1’s loopback 11.11.11.11

CE2(config-if)#router ospf 100
CE2(config-router)#router-id 12.12.12.12
CE2(config-router)#network 10.1.46.6 0.0.0.0 area 0
CE2(config-router)#network 12.12.12.12 0.0.0.0 area 0
*Jun 21 14:38:24.131: %OSPF-5-ADJCHG: Process 100, Nbr 10.1.46.4 on Serial1/0 from LOADING to FULL, Loading Done
CE2(config-router)#

PE2(config-router-af)#router ospf 100 vrf VPN_A
PE2(config-router)#network 10.1.46.4 0.0.0.0 area 0
PE2(config-router)#
*Jun 21 14:37:57.423: %OSPF-5-ADJCHG: Process 100, Nbr 12.12.12.12 on Serial1/0 from LOADING to FULL, Loading Done
PE2(config-router)#do show ip route vrf VPN_A

Routing Table: VPN_A
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 1 subnets
C       10.1.46.0 is directly connected, Serial1/0
     12.0.0.0/32 is subnetted, 1 subnets
O       12.12.12.12 [110/65] via 10.1.46.6, 00:02:49, Serial1/0
PE2(config-router)#do ping vrf VPN_A 12.12.12.12

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.12.12.12, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/44/64 ms
PE2(config-router)#

Observations:

·         OSPF configured properly between CE2 and PE2.
·         PE2 can ping CE1’s loopback 12.12.12.12

Configuring MP-IBGP VPNV4 between PE1-ASBR1 and PE2-ASBR2:

PE1(config-if)#router bgp 100
PE1(config-router)#bgp router-id 1.1.1.1
PE1(config-router)#no bgp default ipv4-unicast
PE1(config-router)#neighbor 7.7.7.7 remote-as 100
PE1(config-router)#neighbor 7.7.7.7 update-source loopback 0
PE1(config-router)#address-family vpnv4 unicast
PE1(config-router-af)#neighbor 7.7.7.7 activate
PE1(config-router-af)#
*Jun 21 14:20:16.323: %BGP-5-ADJCHANGE: neighbor 7.7.7.7 Up
PE1(config-router-af)#

ASBR1(config-if)#router bgp 100
ASBR1(config-router)#bgp router-id 7.7.7.7
ASBR1(config-router)#no bgp default ipv4-unicast
ASBR1(config-router)#neighbor 1.1.1.1 remote-as 100
ASBR1(config-router)#neighbor 1.1.1.1 update-source loopback 0
ASBR1(config-router)#address-family vpnv4 unicast
ASBR1(config-router-af)#neighbor 1.1.1.1 activate
ASBR1(config-router-af)#neighbor 1.1.1.1 next-hop-self
ASBR1(config-router-af)#
*Jun 21 14:20:07.467: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Up
ASBR1(config-router-af)#

PE2(config-if)#router bgp 200
PE2(config-router)#bgp router-id 4.4.4.4
PE2(config-router)#no bgp default ipv4-unicast
PE2(config-router)#neighbor 8.8.8.8 remote-as 200
PE2(config-router)#neighbor 8.8.8.8 update-source loopback 0
PE2(config-router)#address-family vpnv4 unicast
PE2(config-router-af)#neighbor 8.8.8.8 activate
PE2(config-router-af)#
*Jun 21 14:21:36.483: %BGP-5-ADJCHANGE: neighbor 8.8.8.8 Up
PE2(config-router-af)#

ASBR2(config-if)#router bgp 200
ASBR2(config-router)#bgp router-id 8.8.8.8
ASBR2(config-router)#no bgp default ipv4-unicast
ASBR2(config-router)#no bgp default route-target filter
ASBR2(config-router)#neighbor 4.4.4.4 remote-as 200
ASBR2(config-router)#neighbor 4.4.4.4 update-source loopback 0
ASBR2(config-router)#address-family vpnv4 unicast
ASBR2(config-router-af)#neighbor 4.4.4.4 activate
ASBR2(config-router-af)#neighbor 4.4.4.4 next-hop-self
ASBR2(config-router-af)#
*Jun 21 14:21:54.715: %BGP-5-ADJCHANGE: neighbor 4.4.4.4 Up
ASBR2(config-router-af)#

Configuring MP-EBGP VPNV4 between ASBRs:

ASBR1(config)#router bgp 100
ASBR1(config-router)#no bgp default route-target filter
ASBR1(config-router)#neighbor 100.1.78.8 remote-as 200
ASBR1(config-router)#address-family vpnv4 unicast
ASBR1(config-router-af)#neighbor 100.1.78.8 activate
ASBR1(config-router-af)#
*Jun 21 14:28:12.827: %BGP-5-ADJCHANGE: neighbor 100.1.78.8 Up
ASBR1(config-router-af)#

ASBR2(config)#router bgp 200
ASBR2(config-router)#no bgp default route-target filter
ASBR2(config-router)#neighbor 100.1.78.7 remote-as 100
ASBR2(config-router)#address-family vpnv4 unicast
ASBR2(config-router-af)#neighbor 100.1.78.7 activate
ASBR2(config-router-af)#
*Jun 21 14:28:13.111: %BGP-5-ADJCHANGE: neighbor 100.1.78.7 Up
ASBR2(config-router-af)#

Observations:

·         Neighbors are peering with directly connected interface addresses (This is as per the RFC)
·         no bgp default route-target filter command is applied.
·         Without this command, ASBRs will not install these VRF routes into their respective BGP tables as there is no local VRF is configured to import them.

Mutual redistribution between VRF OSPF and MP-BGP on PEs:

PE1(config)#router ospf 100 vrf VPN_A
PE1(config-router)#redistribute bgp 100 subnets
PE1(config-router)#

PE1(config-router)#router bgp 100
PE1(config-router)#address-family ipv4 vrf VPN_A
PE1(config-router-af)#redistribute ospf 100 vrf VPN_A
PE1(config-router-af)#


PE2(config)#router ospf 100 vrf VPN_A
PE2(config-router)#redistribute bgp 200 subnets
PE2(config)#router bgp 200
PE2(config-router)#address-family ipv4 vrf VPN_A
PE2(config-router-af)#redistribute ospf 100 vrf VPN_A
PE2(config-router-af)#

·         With this, configuration comes to an end.
·         CE routers should learn the routes from each other.

Verification:

PE1#show ip bgp vpnv4 all
BGP table version is 9, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*> 10.1.15.0/24     0.0.0.0                  0         32768 ?
*>i10.1.46.0/24     7.7.7.7                  0    100      0 200 ?
*> 11.11.11.11/32   10.1.15.5               65         32768 ?
*>i12.12.12.12/32   7.7.7.7                  0    100      0 200 ?
PE1#

CE1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.15.0 is directly connected, Serial1/0
O IA    10.1.46.0 [110/65] via 10.1.15.1, 00:13:44, Serial1/0
     11.0.0.0/32 is subnetted, 1 subnets
C       11.11.11.11 is directly connected, Loopback0
     12.0.0.0/32 is subnetted, 1 subnets
O IA    12.12.12.12 [110/65] via 10.1.15.1, 00:13:44, Serial1/0
CE1#ping 12.12.12.12

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.12.12.12, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 200/227/276 ms
CE1#

PE2#show ip bgp vpnv4 all
BGP table version is 9, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*>i10.1.15.0/24     8.8.8.8                  0    100      0 100 ?
*> 10.1.46.0/24     0.0.0.0                  0         32768 ?
*>i11.11.11.11/32   8.8.8.8                  0    100      0 100 ?
*> 12.12.12.12/32   10.1.46.6               65         32768 ?
PE2#

CE2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 2 subnets
O IA    10.1.15.0 [110/65] via 10.1.46.4, 00:14:32, Serial1/0
C       10.1.46.0 is directly connected, Serial1/0
     11.0.0.0/32 is subnetted, 1 subnets
O IA    11.11.11.11 [110/65] via 10.1.46.4, 00:14:32, Serial1/0
     12.0.0.0/32 is subnetted, 1 subnets
C       12.12.12.12 is directly connected, Loopback0
CE2#ping 11.11.11.11

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 156/207/296 ms
CE2#

Observations:

·         Mutual redistribution between OSPF VRF and MP-BGP is working fine.
·         CE routers are successfully learning the routers from other CE.
·         In PE2, next-hop is 8.8.8.8 (ASBR2) for 11.11.11.11/32
·         In PE1, next-hop is 7.7.7.7 (ASBR1) for 12.12.12.12/32

Let’s observe next-hop values on ASBRs:

ASBR1#show ip bgp vpnv4 all
BGP table version is 5, local router ID is 7.7.7.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1
*>i10.1.15.0/24     1.1.1.1                  0    100      0 ?
*> 10.1.46.0/24     100.1.78.8                             0 200 ?
*>i11.11.11.11/32   1.1.1.1                 65    100      0 ?
*> 12.12.12.12/32   100.1.78.8                             0 200 ?
ASBR1#

Observations:

·         Next-hop is 1.1.1.1 for the routes advertised by PE1 (11.11.11.11/32)
·         Next-hop is 100.1.78.8 for the routes advertised by PE2 (12.12.12.12/32); original next-hop 4.4.4.4 is changed by ASBR2 while sending it to ASBR1.

ASBR2#show ip bgp vpnv4 all
BGP table version is 5, local router ID is 8.8.8.8
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1
*> 10.1.15.0/24     100.1.78.7                             0 100 ?
*>i10.1.46.0/24     4.4.4.4                  0    100      0 ?
*> 11.11.11.11/32   100.1.78.7                             0 100 ?
*>i12.12.12.12/32   4.4.4.4                 65    100      0 ?
ASBR2#

Observations:

·         Next-hop is 4.4.4.4 for the routes advertised by PE2 (12.12.12.12/32)
·         Next-hop is 100.1.78.7 for the routes advertised by PE1 (11.11.11.11/32); original next-hop 1.1.1.1 is changed by ASBR1 while sending it to ASBR2.

Let’s see what is happening with the labels

We will observe labels for 11.11.11.11 and 12.12.12.12

PE1#show ip bgp vpnv4 all labels
   Network          Next Hop      In label/Out label
Route Distinguisher: 100:1 (VPN_A)
   10.1.15.0/24     0.0.0.0         19/aggregate(VPN_A)
   10.1.46.0/24     7.7.7.7         nolabel/23
   11.11.11.11/32   10.1.15.5       20/nolabel
   12.12.12.12/32   7.7.7.7         nolabel/22

PE1#show mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     Pop tag     2.2.2.2/32        0          Se1/1      point2point
17     Pop tag     100.1.27.0/24     0          Se1/1      point2point
18     17          7.7.7.7/32        0          Se1/1      point2point
19     Aggregate   10.1.15.0/24[V]   520
20     Untagged    11.11.11.11/32[V] 520        Se1/0      point2point
PE1#
PE1#show ip cef vrf VPN_A 12.12.12.12
12.12.12.12/32, version 10, epoch 0, cached adjacency to Serial1/1
0 packets, 0 bytes
  tag information set
    local tag: VPN-route-head
    fast tag rewrite with Se1/1, point2point, tags imposed: {17 22}
  via 7.7.7.7, 0 dependencies, recursive
    next hop 100.1.12.2, Serial1/1 via 7.7.7.7/32
    valid cached adjacency
    tag rewrite with Se1/1, point2point, tags imposed: {17 22}
PE1#


PE2#show ip bgp vpnv4 all labels
   Network          Next Hop      In label/Out label
Route Distinguisher: 100:1 (VPN_A)
   10.1.15.0/24     8.8.8.8         nolabel/21
   10.1.46.0/24     0.0.0.0         19/aggregate(VPN_A)
   11.11.11.11/32   8.8.8.8         nolabel/20
   12.12.12.12/32   10.1.46.6       20/nolabel

PE2#show mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     Pop tag     100.1.38.0/24     0          Se1/1      point2point
17     Pop tag     3.3.3.3/32        0          Se1/1      point2point
18     17          8.8.8.8/32        0          Se1/1      point2point
19     Aggregate   10.1.46.0/24[V]   520
20     Untagged    12.12.12.12/32[V] 520        Se1/0      point2point
PE2#
PE2#
PE2#show ip cef vrf VPN_A 11.11.11.11
11.11.11.11/32, version 14, epoch 0, cached adjacency to Serial1/1
0 packets, 0 bytes
  tag information set
    local tag: VPN-route-head
    fast tag rewrite with Se1/1, point2point, tags imposed: {17 20}
  via 8.8.8.8, 0 dependencies, recursive
    next hop 100.1.34.3, Serial1/1 via 8.8.8.8/32
    valid cached adjacency
    tag rewrite with Se1/1, point2point, tags imposed: {17 20}
PE2#


ASBR1#show ip bgp vpnv4 all labels
   Network          Next Hop      In label/Out label
Route Distinguisher: 100:1
   10.1.15.0/24     1.1.1.1         20/19
   10.1.46.0/24     100.1.78.8      23/22
   11.11.11.11/32   1.1.1.1         21/20
   12.12.12.12/32   100.1.78.8      22/23

ASBR1#show mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     16          1.1.1.1/32        0          Se1/0      point2point
17     Pop tag     2.2.2.2/32        0          Se1/0      point2point
18     Pop tag     100.1.12.0/24     0          Se1/0      point2point
19     Pop tag     100.1.78.8/32     0          Se1/1      point2point
20     19          100:1:10.1.15.0/24    \
                                     560        Se1/0      point2point
21     20          100:1:11.11.11.11/32    \
                                     560        Se1/0      point2point
22     23          100:1:12.12.12.12/32    \
                                     540        Se1/1      point2point
23     22          100:1:10.1.46.0/24    \
                                     540        Se1/1      point2point
ASBR1#


ASBR2#show ip bgp vpnv4 all labels
   Network          Next Hop      In label/Out label
Route Distinguisher: 100:1
   10.1.15.0/24     100.1.78.7      21/20
   10.1.46.0/24     4.4.4.4         22/19
   11.11.11.11/32   100.1.78.7      20/21
   12.12.12.12/32   4.4.4.4         23/20

ASBR2#show mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     Pop tag     100.1.34.0/24     0          Se1/0      point2point
17     Pop tag     3.3.3.3/32        0          Se1/0      point2point
18     16          4.4.4.4/32        0          Se1/0      point2point
19     Pop tag     100.1.78.7/32     0          Se1/1      point2point
20     21          100:1:11.11.11.11/32    \
                                     540        Se1/1      point2point
21     20          100:1:10.1.15.0/24    \
                                     540        Se1/1      point2point
22     19          100:1:10.1.46.0/24    \
                                     560        Se1/0      point2point
23     20          100:1:12.12.12.12/32    \
                                     560        Se1/0      point2point
ASBR2#

Observations:

·         PE1 has assigned label 20 for 11.11.11.11/32 and advertised to ASBR1 via iBGP and hence we see that ASBR1 is using 20 as out label (VPN label) for 11.11.11.11/32
·         ASBR1 has assigned a label 21 for 11.11.11.11/32 and advertised to ASBR2 via EBGP and hence we see that ASBR2 is using label 21 as out label for 11.11.11.11/32
·         ASBR2 has assigned label 20 for 11.11.11.11/32 and advertised to PE2 via iBGP and hence we see that PE2 is using label 20 as out label for 11.11.11.11/32
·         IN PE2, next-hop for 11.11.11.11/32 is ASBR2, 8.8.8.8 and it is using label 17 (transport label) reach 8.8.8.8.
·         This is clearly showing up in “show ip cef vrf VPN_A 11.11.11.11”, that PE2 is using {17 20} to reach 11.11.11.11/32

·         PE2 has assigned a label 20 for 12.12.12.12/32 and advertised to ASBR2 via iBGP and hence we see that ASBR2 is using 20 as out label (VPN Label) for 12.12.12.12/32
·         ASBR2 assigned a label 23 for 12.12.12.12/32 and advertised to ASBR1 via eBGP and hence we see that ASBR1 is using 23 as out label (VPN Label) for 12.12.12.12/32
·         ASBR1 has assigned a label 22 for 12.12.12.12/32 and advertised to PE1 via iBGP and hence we see that PE1 is using label 22 as out label for 12.12.12.12/32
·         In PE1, next-hop for 12.12.12.12/32 is ASBR1, 7.7.7.7 and it is using label 17 (transport label) to reach 7.7.7.7
·         This is clearly showing up in “show ip cef vrf VPN_A 12.12.12.12”, that PE1 is using {17 22} to reach 12.12.12.12/32

·         In/out labels are very clearly shown in “show ip bgp vpnv4 all labels” output   for ASBRs.

Let’s see the labels on P1 and P2 to understand the Transport label swapping:


P1#show mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     Pop tag     1.1.1.1/32        6708       Se1/1      point2point
17     Pop tag     7.7.7.7/32        10098      Se1/0      point2point
P1#


P2#show mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     Pop tag     4.4.4.4/32        7793       Se1/1      point2point
17     Pop tag     8.8.8.8/32        9133       Se1/0      point2point
P2#

CE1#traceroute 12.12.12.12

Type escape sequence to abort.
Tracing the route to 12.12.12.12

  1 10.1.15.1 44 msec 64 msec 28 msec
  2 100.1.12.2 [MPLS: Labels 17/22 Exp 0] 188 msec 216 msec 204 msec
  3 100.1.27.7 [MPLS: Label 22 Exp 0] 172 msec 252 msec 200 msec
  4 100.1.78.8 [MPLS: Label 23 Exp 0] 216 msec 204 msec 188 msec
  5 100.1.38.3 [MPLS: Labels 16/20 Exp 0] 184 msec 188 msec 180 msec
  6 10.1.46.4 [MPLS: Label 20 Exp 0] 132 msec 164 msec 180 msec
  7 10.1.46.6 240 msec *  204 msec
CE1#

CE2#traceroute 11.11.11.11

Type escape sequence to abort.
Tracing the route to 11.11.11.11

  1 10.1.46.4 32 msec 72 msec 32 msec
  2 100.1.34.3 [MPLS: Labels 17/20 Exp 0] 168 msec 168 msec 188 msec
  3 100.1.38.8 [MPLS: Label 20 Exp 0] 148 msec 212 msec 172 msec
  4 100.1.78.7 [MPLS: Label 21 Exp 0] 184 msec 168 msec 212 msec
  5 100.1.27.2 [MPLS: Labels 16/20 Exp 0] 168 msec 176 msec 248 msec
  6 10.1.15.1 [MPLS: Label 20 Exp 0] 140 msec 264 msec 204 msec
  7 10.1.15.5 188 msec *  228 msec
CE2#


CE2#ping 11.11.11.11

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 188/260/312 ms
CE2#

PE2#debug mpls packet
MPLS packet debugging is on
PE2#
*Jun 21 15:26:04.379: MPLS: Se1/1: recvd: CoS=0, TTL=250, Label(s)=19
*Jun 21 15:26:04.707: MPLS: Se1/1: recvd: CoS=0, TTL=250, Label(s)=19
*Jun 21 15:26:04.939: MPLS: Se1/1: recvd: CoS=0, TTL=250, Label(s)=19
*Jun 21 15:26:05.187: MPLS: Se1/1: recvd: CoS=0, TTL=250, Label(s)=19
PE2#
*Jun 21 15:26:05.411: MPLS: Se1/1: recvd: CoS=0, TTL=250, Label(s)=19
PE2#u all

P2#debug mpls packet
MPLS packet debugging is on
P2#
*Jun 21 15:26:04.123: MPLS: Se1/1: recvd: CoS=0, TTL=254, Label(s)=17/20
*Jun 21 15:26:04.123: MPLS: Se1/0: xmit: CoS=0, TTL=253, Label(s)=20
*Jun 21 15:26:04.355: MPLS: Se1/0: recvd: CoS=0, TTL=251, Label(s)=16/19
*Jun 21 15:26:04.355: MPLS: Se1/1: xmit: CoS=0, TTL=250, Label(s)=19
*Jun 21 15:26:04.451: MPLS: Se1/1: recvd: CoS=0, TTL=254, Label(s)=17/20
*Jun 21 15:26:04.451: MPLS: Se1/0: xmit: CoS=0, TTL=253, Label(s)=20
*Jun 21 15:26:04.671: MPLS: Se1/0: recvd: CoS=0, TTL=251, Label(s)=16/19
*Jun 21 15:26:04.671: MPLS: Se1/1: xmit: CoS=0, TTL=250, Label(s)=19
*Jun 21 15:26:04.727: MPLS: Se1/1: recvd: CoS=0, TTL=254, Label(s)=17/20
P2#

ASBR2#debug mpls packet
MPLS packet debugging is on
ASBR2#
*Jun 21 15:26:22.339: MPLS: Se1/0: recvd: CoS=0, TTL=253, Label(s)=20
*Jun 21 15:26:22.339: MPLS: Se1/1: xmit: CoS=0, TTL=252, Label(s)=21
*Jun 21 15:26:22.495: MPLS: Se1/1: recvd: CoS=0, TTL=252, Label(s)=22
*Jun 21 15:26:22.495: MPLS: Se1/0: xmit: CoS=0, TTL=251, Label(s)=16/19
*Jun 21 15:26:22.667: MPLS: Se1/0: recvd: CoS=0, TTL=253, Label(s)=20
*Jun 21 15:26:22.667: MPLS: Se1/1: xmit: CoS=0, TTL=252, Label(s)=21
*Jun 21 15:26:22.823: MPLS: Se1/1: recvd: CoS=0, TTL=252, Label(s)=22
*Jun 21 15:26:22.823: MPLS: Se1/0: xmit: CoS=0, TTL=251, Label(s)=16/19
*Jun 21 15:26:22.903: MPLS: Se1/0: recvd: CoS=0, TTL=253, Label(s)=20
*Jun 21 15:26:22.903: MPLS: Se1/1: xmit: CoS=0, TTL=252, Label(s)=21
*Jun 21 15:26:23.055: MPLS: Se1/1: recvd: CoS=0, TTL=252, Label(s)=22

ASBR1#debug mpls packet
MPLS packet debugging is on
ASBR1#
*Jun 21 15:26:22.191: MPLS: Se1/1: recvd: CoS=0, TTL=252, Label(s)=21
*Jun 21 15:26:22.191: MPLS: Se1/0: xmit: CoS=0, TTL=251, Label(s)=16/20
*Jun 21 15:26:22.311: MPLS: Se1/0: recvd: CoS=0, TTL=253, Label(s)=23
*Jun 21 15:26:22.315: MPLS: Se1/1: xmit: CoS=0, TTL=252, Label(s)=22
*Jun 21 15:26:22.503: MPLS: Se1/1: recvd: CoS=0, TTL=252, Label(s)=21
*Jun 21 15:26:22.503: MPLS: Se1/0: xmit: CoS=0, TTL=251, Label(s)=16/20
*Jun 21 15:26:22.643: MPLS: Se1/0: recvd: CoS=0, TTL=253, Label(s)=23
*Jun 21 15:26:22.643: MPLS: Se1/1: xmit: CoS=0, TTL=252, Label(s)=22
*Jun 21 15:26:22.739: MPLS: Se1/1: recvd: CoS=0, TTL=252, Label(s)=21


P1#debug mpls packet
MPLS packet debugging is on
P1#
*Jun 21 15:26:30.083: MPLS: Se1/0: recvd: CoS=0, TTL=251, Label(s)=16/20
*Jun 21 15:26:30.083: MPLS: Se1/1: xmit: CoS=0, TTL=250, Label(s)=20
*Jun 21 15:26:30.175: MPLS: Se1/1: recvd: CoS=0, TTL=254, Label(s)=17/23
*Jun 21 15:26:30.175: MPLS: Se1/0: xmit: CoS=0, TTL=253, Label(s)=23
*Jun 21 15:26:30.411: MPLS: Se1/0: recvd: CoS=0, TTL=251, Label(s)=16/20
*Jun 21 15:26:30.411: MPLS: Se1/1: xmit: CoS=0, TTL=250, Label(s)=20
*Jun 21 15:26:30.491: MPLS: Se1/1: recvd: CoS=0, TTL=254, Label(s)=17/23
*Jun 21 15:26:30.491: MPLS: Se1/0: xmit: CoS=0, TTL=253, Label(s)=23
*Jun 21 15:26:30.675: MPLS: Se1/0: recvd: CoS=0, TTL=251, Label(s)=16/20

PE1#debug mpls packet
MPLS packet debugging is on
PE1#
*Jun 21 15:26:31.067: MPLS: Se1/1: recvd: CoS=0, TTL=250, Label(s)=20
*Jun 21 15:26:31.067: MPLS: Se1/0: xmit: (no label)
*Jun 21 15:26:31.375: MPLS: Se1/1: recvd: CoS=0, TTL=250, Label(s)=20
*Jun 21 15:26:31.375: MPLS: Se1/0: xmit: (no label)
*Jun 21 15:26:31.615: MPLS: Se1/1: recvd: CoS=0, TTL=250, Label(s)=20
*Jun 21 15:26:31.615: MPLS: Se1/0: xmit: (no label)
*Jun 21 15:26:31.819: MPLS: Se1/1: recvd: CoS=0, TTL=250, Label(s)=20
*Jun 21 15:26:31.819: MPLS: Se1/0: xmit: (no label)
PE1#


Some more useful BGP troubleshooting commands:

PE2#show ip bgp vpnv4 all 11.11.11.11
BGP routing table entry for 100:1:11.11.11.11/32, version 5
Paths: (1 available, best #1, table VPN_A)
  Not advertised to any peer
  100
    8.8.8.8 (metric 129) from 8.8.8.8 (8.8.8.8)
      Origin incomplete, metric 0, localpref 100, valid, internal, best
      Extended Community: RT:100:1 OSPF DOMAIN ID:0x0005:0x000000640200
        OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.1.15.1:0
      mpls labels in/out nolabel/20
PE2#


ASBR2#show ip bgp vpnv4 all 11.11.11.11
BGP routing table entry for 100:1:11.11.11.11/32, version 3
Paths: (1 available, best #1, no table)
  Advertised to update-groups:
     1
  100
    100.1.78.7 from 100.1.78.7 (7.7.7.7)
      Origin incomplete, localpref 100, valid, external, best
      Extended Community: RT:100:1 OSPF DOMAIN ID:0x0005:0x000000640200
        OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.1.15.1:0
      mpls labels in/out 20/21
ASBR2#

ASBR1#show ip bgp vpnv4 all 11.11.11.11
BGP routing table entry for 100:1:11.11.11.11/32, version 3
Paths: (1 available, best #1, no table)
  Advertised to update-groups:
     2
  Local
    1.1.1.1 (metric 129) from 1.1.1.1 (1.1.1.1)
      Origin incomplete, metric 65, localpref 100, valid, internal, best
      Extended Community: RT:100:1 OSPF DOMAIN ID:0x0005:0x000000640200
        OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.1.15.1:0
      mpls labels in/out 21/20
ASBR1#


No comments:

Post a Comment