MPLS: Inter-AS VPNs - Option (2B) – Redistribute the link between ASBRs
Simple Topology to understand Inter-AS VPNs using Option 2B: (Redistribute the link between ASBRs)
· PE1, P1 and ASBR1 are part of AS 100.
· PE2, P2 and ASBR2 are part of AS 200.
· ASBR1 and ASBR2 are peering MP-BGP VPNv4.
· We need to redistribute the link between ASBRs into OSPF so that next-hop-self command is not required on ASBRs towards PEs, as PEs would know how to reach remote ASBR through OSPF.
· LSP1 - Between PE1 to ASBR2 + Between ASBR2 to PE2
· LSP2 – Between PE2 and ASBR1 + Between ASBR1 to PE1
Label Distribution:
· LSPs must be setup between PE1 to ASBR1, PE1 & ASBR2 and PE2 to ASBR2 & PE2 and ASBR1 to build the transport label. (You can use LDP, TDP or RSVP-TE for label distribution).
· Assume that PE2 is using label A to reach ASBR1’s Ser1/1 (100.1.78.7) and P2 is using label B to reach ASBR1’s Ser1/1 and ASBR2 is using label C to reach ASBR1’s Ser1/1.
· Assume that ASBR1 is using label E to reach P1’s loopback and P1 is using label F to reach PE1’s loopback.
· CE1 will advertise its loopback 11.11.11.11 to PE1
· PE1 assigns a label X to this prefix 11.11.11.11 and this is called VPN label.
· Since PE1 has ibgp VPNV4 neighbor relationship with ASBR1, PE1 advertises this prefix to ASBR1 along with the label X.
· For this prefix 11.11.11.11, ASBR1 will have next-hop as PE1’s loopback 1.1.1.1
· Since ASBR1 has ASBR2 as ebgp VPNV4 neighbor, ASBR1 has to forward this prefix to ASBR2.
· But, ASBR1 will change the next-hop to itself (7.7.7.7) for the prefix as it is ebgp update.
· Also ASBR1 will assign a new VPN label since the next-hop value is changed, let’s say ASBR1 has assigned label Y.
· ASBR1 advertises this prefix to ASBR2 along with the label Y.
· For this prefix 11.11.11.11, ASBR2 will have next-hop as ASBR1’s loopback 7.7.7.7
· Since ASBR2 has PE2 as ibgp VPNV4 neighbor, ASBR2 has to forward this prefix to PE2.
· ASBR2 need not change the next-hop value as next-hop-self command is not configured towards PE2, so it need not change the label value for 11.11.11.11
· ASBR 2 advertises this prefix to PE2 along with the label Y.
· For this prefix 11.11.11.11, PE2 will have next-hop as ASBR1’s ser1/1 interface address 100.1.78.7
· PE2 advertises this route to CE2.
Actual Data path:
· Let’s assume CE2 wants to send some data to CE1’s loopback 11.11.11.11
· PE2 gets this request on the VRF link
· To reach 11.11.11.11, PE2 will use label Y; and since the next-hop is 100.1.78.7, it will also use label A (this is called label stacking, lower label is VPN label Z, and top label is Transport label A) and sends it to P1.
· P2 gets this MPLS packet and finds top label A and swaps it with label B and sends it to ASBR2.
· ASBR2 gets this MPLS packet and finds the top label B and swaps it with C and sends it to ASBR1.
·
· Now ASBR1 gets this MPLS packet and pops the top label and finds VPN Label Y.
· ASBR1 swaps the VPN label with label X; and since the next-hop is 1.1.1.1, it will use label E (this is called label stacking, lower label is VPN label X, and top label is Transport label E) and sends it to P1.
· P1 gets this MPLS Packet and swaps the top label E with label F and sends it to PE1.
· PE1 pops the top label F and finds another label X.
· PE1 performs another lookup on label X and finds that it belongs to VRF between PE1-CE1
· Sends the unlabelled data to CE2.
To summarize:
· The VPN label is not constant from PE1 to PE2.
· It has changed once in between by ASBR1.
· So, for the Data propagation, PE2 uses the label assigned by ASBR1 and ASBR1 uses the label assigned by PE1.
· LSP1: Local PE to Remote ASBR
· LSP2: Remote ASBR to Remote PE
· If you take the prefix advertised by CE2, 12.12.12.12/32
· Initially PE2 will assign a label and that’s gets changed by ASBR2 while forwarding it to ASBR1 and ASBR1 will use the same label.
· If CE1 wants to reach 12.12.12.12/32, PE1 uses the label assigned by ASBR2 and ASBR2 uses the label assigned by PE2.
Configuration:
1. Building the transport label between PE1 & ASBR1 and PE2 and ASBR2.
2. Configuring VRF in PE1 and PE2
3. Configuring CE-PE links
4. Configure iBGP VPNV4 between PE1 & ASBR1 and PE2 and ASBR2.
5. Redistribute between BGP and CE-PE protocol on PE1 and PE2
6. Configure eBGP VPNV4 between ASBR1 and ASBR2.
Configuring IGP in AS 100 and AS 200 and redistributing the ASBR-link in IGP
PE1#show run | begin router ospf
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 100.1.12.1 0.0.0.0 area 0
!
P1#show run | begin router ospf
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 100.1.12.2 0.0.0.0 area 0
network 100.1.27.2 0.0.0.0 area 0
!
ASBR1#show run | begin router ospf
router-id 7.7.7.7
log-adjacency-changes
network 7.7.7.7 0.0.0.0 area 0
network 100.1.27.7 0.0.0.0 area 0
!
ASBR1(config)#route-map CONN
ASBR1(config-route-map)#match interface serial 1/1
ASBR1(config-route-map)#router ospf 1
ASBR1(config-router)#redistribute connected route-map CONN subnets
ASBR1(config-router)#router bgp 100
ASBR1(config-router)#address-family vpnv4 unicast
ASBR1(config-router-af)#do show run | i next-hop
neighbor 1.1.1.1 next-hop-self
ASBR1(config-router-af)#no neighbor 1.1.1.1 next-hop-self
ASBR1(config-router-af)#
PE1(config)#int ser1/1
PE1(config-if)#mpls ip
PE1(config-if)#
*Jun 21 13:55:35.627: %LDP-5-NBRCHG: LDP Neighbor 2.2.2.2:0 (1) is UP
PE1(config-if)#
P1(config)#int ser1/1
P1(config-if)#mpls ip
P1(config-if)#mpls ip
*Jun 21 13:55:34.619: %LDP-5-NBRCHG: LDP Neighbor 1.1.1.1:0 (1) is UP
P1(config-if)#int ser1/0
P1(config-if)#mpls ip
P1(config-if)#
*Jun 21 13:56:12.307: %LDP-5-NBRCHG: LDP Neighbor 7.7.7.7:0 (2) is UP
P1(config-if)#
ASBR1(config)#int ser1/0
ASBR1(config-if)#mpls ip
ASBR1(config-if)#
*Jun 21 13:56:04.315: %LDP-5-NBRCHG: LDP Neighbor 2.2.2.2:0 (1) is UP
ASBR1(config-if)#
PE1#show mpls for | i 100.1.78.8
22 19 100.1.78.8/32 0 Se1/1 point2point
PE1#
PE1(config-if)#do trace 7.7.7.7 source 1.1.1.1
Type escape sequence to abort.
Tracing the route to 7.7.7.7
1 100.1.12.2 [MPLS: Label 17 Exp 0] 76 msec 76 msec 48 msec
2 100.1.27.7 44 msec * 56 msec
PE1(config-if)#
ASBR1(config-if)#do trace 1.1.1.1 source 7.7.7.7
Type escape sequence to abort.
Tracing the route to 1.1.1.1
1 100.1.27.2 [MPLS: Label 16 Exp 0] 72 msec 72 msec 60 msec
2 100.1.12.1 56 msec * 60 msec
ASBR1(config-if)#
Observations:
· Connectivity is fine between PE1 and ASBR1.
· Transport label is built between PE1 and ASBR1.
· Transport label is built for the ASBR1-ASBR2 link
PE2#show run | begin router ospf
router-id 4.4.4.4
log-adjacency-changes
network 4.4.4.4 0.0.0.0 area 0
network 100.1.34.4 0.0.0.0 area 0
!
P2#show run | begin router ospf
router-id 3.3.3.3
log-adjacency-changes
network 3.3.3.3 0.0.0.0 area 0
network 100.1.34.3 0.0.0.0 area 0
network 100.1.38.3 0.0.0.0 area 0
!
ASBR2#show run | begin router ospf
router-id 8.8.8.8
log-adjacency-changes
network 8.8.8.8 0.0.0.0 area 0
network 100.1.38.8 0.0.0.0 area 0
!
PE2(config)#int ser1/1
PE2(config-if)#mpls ip
PE2(config-if)#
*Jun 21 13:55:12.139: %LDP-5-NBRCHG: LDP Neighbor 3.3.3.3:0 (1) is UP
PE2(config-if)#
P2(config)#int ser1/1
P2(config-if)#mpls ip
P2(config-if)#
*Jun 21 13:55:12.143: %LDP-5-NBRCHG: LDP Neighbor 4.4.4.4:0 (1) is UP
P2(config-if)#int ser1/0
P2(config-if)#mpls ip
P2(config-if)#
*Jun 21 13:55:46.103: %LDP-5-NBRCHG: LDP Neighbor 8.8.8.8:0 (2) is UP
P2(config-if)#
ASBR2(config)#int ser1/0
ASBR2(config-if)#mpls ip
ASBR2(config-if)#
*Jun 21 13:56:04.163: %LDP-5-NBRCHG: LDP Neighbor 3.3.3.3:0 (1) is UP
ASBR2(config-if)#
ASBR2(config)#route-map CONN
ASBR2(config-route-map)#match interface serial 1/1
ASBR2(config-route-map)#router ospf 1
ASBR2(config-router)#redistribute connected route-map CONN subnets
ASBR2(config-router)#router bgp 200
ASBR2(config-router)#do show run | i next-hop-self
neighbor 4.4.4.4 next-hop-self
ASBR2(config-router)#address vpnv4 uni
ASBR2(config-router-af)#no neighbor 4.4.4.4 next-hop-self
ASBR2(config-router-af)#
PE2(config-if)# PE2#show mpls forwarding-table | i 100.1.78.7
22 19 100.1.78.7/32 0 Se1/1 point2point
PE2#
PE2(config-if)# do trace 8.8.8.8 source loop0
Type escape sequence to abort.
Tracing the route to 8.8.8.8
1 100.1.34.3 [MPLS: Label 17 Exp 0] 72 msec 60 msec 48 msec
2 100.1.38.8 28 msec * 68 msec
PE2(config-if)#
ASBR2(config-if)#do trace 4.4.4.4 source 8.8.8.8
Type escape sequence to abort.
Tracing the route to 4.4.4.4
1 100.1.38.3 [MPLS: Label 16 Exp 0] 48 msec 60 msec 36 msec
2 100.1.34.4 56 msec * 76 msec
ASBR2(config-if)#
Observations:
· Connectivity is fine between PE2 and ASBR2.
· Transport label is built between PE2 and ASBR2.
· Transport label is built for the ASBR1-ASBR2 link
Configuring CE-PE Links (CE1-PE1 and CE2-PE2):
CE1(config-if)#do show run int ser1/0
Building configuration...
Current configuration : 102 bytes
!
interface Serial1/0
ip address 10.1.15.5 255.255.255.0
serial restart-delay 0
no fair-queue
end
CE1(config-if)#do ping 10.1.15.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.15.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/40/72 ms
CE1(config-if)#
PE1(config-if)#do show run | begin ip vrf VPN_A
ip vrf VPN_A
rd 100:1
route-target export 100:1
route-target import 100:1
!
PE1(config-if)#do show run int ser1/0
Building configuration...
Current configuration : 127 bytes
!
interface Serial1/0
ip vrf forwarding VPN_A
ip address 10.1.15.1 255.255.255.0
serial restart-delay 0
no fair-queue
end
PE1(config-if)#do ping vrf VPN_A 10.1.15.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.15.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/42/64 ms
PE1(config-if)#
Observations:
· CE1-PE1 link is Up.
· VRF is configured properly
CE2(config-if)#do show run int ser1/0
Building configuration...
Current configuration : 102 bytes
!
interface Serial1/0
ip address 10.1.46.6 255.255.255.0
serial restart-delay 0
no fair-queue
end
CE2(config-if)#do ping 10.1.46.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.46.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/39/60 ms
CE2(config-if)#
PE2(config-if)#do show run | begin ip vrf VPN_A
ip vrf VPN_A
rd 100:1
route-target export 100:1
route-target import 100:1
!
PE2(config-if)#do show run int ser1/0
Building configuration...
Current configuration : 127 bytes
!
interface Serial1/0
ip vrf forwarding VPN_A
ip address 10.1.46.4 255.255.255.0
serial restart-delay 0
no fair-queue
end
PE2(config-if)#do ping vrf VPN_A 10.1.46.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.46.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/34/52 ms
PE2(config-if)#
Observations:
· CE2-PE2 link is Up.
· VRF is configured properly
Configuring OSPF as CE-PE protocol and CEs are advertising respective loopbacks into OSPF
CE1(config)#router ospf 100
CE1(config-router)#network 11.11.11.11 0.0.0.0 area 0
CE1(config-router)#network 10.1.15.5 0.0.0.0 area 0
CE1(config-router)#
*Jun 21 14:37:28.967: %OSPF-5-ADJCHG: Process 100, Nbr 10.1.15.1 on Serial1/0 from LOADING to FULL, Loading Done
CE1(config-router)#
PE1(config-router-af)#router ospf 100 vrf VPN_A
PE1(config-router)#network 10.1.15.1 0.0.0.0 area 0
PE1(config-router)#
*Jun 21 14:37:28.975: %OSPF-5-ADJCHG: Process 100, Nbr 11.11.11.11 on Serial1/0 from LOADING to FULL, Loading Done
PE1(config-router)#do show ip route vrf VPN_A
Routing Table: VPN_A
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.15.0 is directly connected, Serial1/0
11.0.0.0/32 is subnetted, 1 subnets
O 11.11.11.11 [110/65] via 10.1.15.5, 00:02:47, Serial1/0
PE1(config-router)#do ping vrf VPN_A 11.11.11.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/42/92 ms
PE1(config-router)#
Observations:
· OSPF configured properly between CE1 and PE1.
· PE1 can ping CE1’s loopback 11.11.11.11
CE2(config-if)#router ospf 100
CE2(config-router)#router-id 12.12.12.12
CE2(config-router)#network 10.1.46.6 0.0.0.0 area 0
CE2(config-router)#network 12.12.12.12 0.0.0.0 area 0
*Jun 21 14:38:24.131: %OSPF-5-ADJCHG: Process 100, Nbr 10.1.46.4 on Serial1/0 from LOADING to FULL, Loading Done
CE2(config-router)#
PE2(config-router-af)#router ospf 100 vrf VPN_A
PE2(config-router)#network 10.1.46.4 0.0.0.0 area 0
PE2(config-router)#
*Jun 21 14:37:57.423: %OSPF-5-ADJCHG: Process 100, Nbr 12.12.12.12 on Serial1/0 from LOADING to FULL, Loading Done
PE2(config-router)#do show ip route vrf VPN_A
Routing Table: VPN_A
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.46.0 is directly connected, Serial1/0
12.0.0.0/32 is subnetted, 1 subnets
O 12.12.12.12 [110/65] via 10.1.46.6, 00:02:49, Serial1/0
PE2(config-router)#do ping vrf VPN_A 12.12.12.12
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.12.12.12, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/44/64 ms
PE2(config-router)#
Observations:
· OSPF configured properly between CE2 and PE2.
· PE2 can ping CE1’s loopback 12.12.12.12
Configuring MP-IBGP VPNV4 between PE1-ASBR1 and PE2-ASBR2:
PE1(config-if)#router bgp 100
PE1(config-router)#bgp router-id 1.1.1.1
PE1(config-router)#no bgp default ipv4-unicast
PE1(config-router)#neighbor 7.7.7.7 remote-as 100
PE1(config-router)#neighbor 7.7.7.7 update-source loopback 0
PE1(config-router)#address-family vpnv4 unicast
PE1(config-router-af)#neighbor 7.7.7.7 activate
PE1(config-router-af)#
*Jun 21 14:20:16.323: %BGP-5-ADJCHANGE: neighbor 7.7.7.7 Up
PE1(config-router-af)#
ASBR1(config-if)#router bgp 100
ASBR1(config-router)#bgp router-id 7.7.7.7
ASBR1(config-router)#no bgp default ipv4-unicast
ASBR1(config-router)#neighbor 1.1.1.1 remote-as 100
ASBR1(config-router)#neighbor 1.1.1.1 update-source loopback 0
ASBR1(config-router)#address-family vpnv4 unicast
ASBR1(config-router-af)#neighbor 1.1.1.1 activate
ASBR1(config-router-af)#
*Jun 21 14:20:07.467: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Up
ASBR1(config-router-af)#
PE2(config-if)#router bgp 200
PE2(config-router)#bgp router-id 4.4.4.4
PE2(config-router)#no bgp default ipv4-unicast
PE2(config-router)#neighbor 8.8.8.8 remote-as 200
PE2(config-router)#neighbor 8.8.8.8 update-source loopback 0
PE2(config-router)#address-family vpnv4 unicast
PE2(config-router-af)#neighbor 8.8.8.8 activate
PE2(config-router-af)#
*Jun 21 14:21:36.483: %BGP-5-ADJCHANGE: neighbor 8.8.8.8 Up
PE2(config-router-af)#
ASBR2(config-if)#router bgp 200
ASBR2(config-router)#bgp router-id 8.8.8.8
ASBR2(config-router)#no bgp default ipv4-unicast
ASBR2(config-router)#no bgp default route-target filter
ASBR2(config-router)#neighbor 4.4.4.4 remote-as 200
ASBR2(config-router)#neighbor 4.4.4.4 update-source loopback 0
ASBR2(config-router)#address-family vpnv4 unicast
ASBR2(config-router-af)#neighbor 4.4.4.4 activate
ASBR2(config-router-af)#
*Jun 21 14:21:54.715: %BGP-5-ADJCHANGE: neighbor 4.4.4.4 Up
ASBR2(config-router-af)#
Configuring MP-EBGP VPNV4 between ASBRs:
ASBR1(config)#router bgp 100
ASBR1(config-router)#no bgp default route-target filter
ASBR1(config-router)#neighbor 100.1.78.8 remote-as 200
ASBR1(config-router)#address-family vpnv4 unicast
ASBR1(config-router-af)#neighbor 100.1.78.8 activate
ASBR1(config-router-af)#
*Jun 21 14:28:12.827: %BGP-5-ADJCHANGE: neighbor 100.1.78.8 Up
ASBR1(config-router-af)#
ASBR2(config)#router bgp 200
ASBR2(config-router)#no bgp default route-target filter
ASBR2(config-router)#neighbor 100.1.78.7 remote-as 100
ASBR2(config-router)#address-family vpnv4 unicast
ASBR2(config-router-af)#neighbor 100.1.78.7 activate
ASBR2(config-router-af)#
*Jun 21 14:28:13.111: %BGP-5-ADJCHANGE: neighbor 100.1.78.7 Up
ASBR2(config-router-af)#
Observations:
· Neighbors are peering with directly connected interface addresses (This is as per the RFC)
· no bgp default route-target filter command is applied.
· Without this command, ASBRs will not install these VRF routes into their respective BGP tables as there is no local VRF is configured to import them.
Mutual redistribution between VRF OSPF and MP-BGP on PEs:
PE1(config)#router ospf 100 vrf VPN_A
PE1(config-router)#redistribute bgp 100 subnets
PE1(config-router)#
PE1(config-router)#router bgp 100
PE1(config-router)#address-family ipv4 vrf VPN_A
PE1(config-router-af)#redistribute ospf 100 vrf VPN_A
PE1(config-router-af)#
PE2(config)#router ospf 100 vrf VPN_A
PE2(config-router)#redistribute bgp 200 subnets
PE2(config)#router bgp 200
PE2(config-router)#address-family ipv4 vrf VPN_A
PE2(config-router-af)#redistribute ospf 100 vrf VPN_A
PE2(config-router-af)#
· With this, configuration comes to an end.
· CE routers should learn the routes from each other.
Verification:
PE1#show ip bgp vpnv4 all
BGP table version is 11, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*> 10.1.15.0/24 0.0.0.0 0 32768 ?
*>i10.1.46.0/24 100.1.78.8 0 100 0 200 ?
*> 11.11.11.11/32 10.1.15.5 65 32768 ?
*>i12.12.12.12/32 100.1.78.8 0 100 0 200 ?
PE1#
CE1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.15.0 is directly connected, Serial1/0
O IA 10.1.46.0 [110/65] via 10.1.15.1, 07:10:56, Serial1/0
11.0.0.0/32 is subnetted, 1 subnets
C 11.11.11.11 is directly connected, Loopback0
12.0.0.0/32 is subnetted, 1 subnets
O IA 12.12.12.12 [110/65] via 10.1.15.1, 07:10:55, Serial1/0
CE1#
CE1#ping 12.12.12.12
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.12.12.12, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 156/213/260 ms
CE1#
PE2#show ip bgp vpnv4 all
BGP table version is 11, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf VPN_A)
*>i10.1.15.0/24 100.1.78.7 0 100 0 100 ?
*> 10.1.46.0/24 0.0.0.0 0 32768 ?
*>i11.11.11.11/32 100.1.78.7 0 100 0 100 ?
*> 12.12.12.12/32 10.1.46.6 65 32768 ?
PE2#
CE2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 2 subnets
O IA 10.1.15.0 [110/65] via 10.1.46.4, 07:10:33, Serial1/0
C 10.1.46.0 is directly connected, Serial1/0
11.0.0.0/32 is subnetted, 1 subnets
O IA 11.11.11.11 [110/65] via 10.1.46.4, 07:10:33, Serial1/0
12.0.0.0/32 is subnetted, 1 subnets
C 12.12.12.12 is directly connected, Loopback0
CE2#ping 11.11.11.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 172/232/280 ms
CE2#
Observations:
· Mutual redistribution between OSPF VRF and MP-BGP is working fine.
· CE routers are successfully learning the routers from other CE.
· In PE2, next-hop is 100.1.78.7 (ASBR1) for 11.11.11.11/32
· In PE1, next-hop is 100.1.78.8 (ASBR2) for 12.12.12.12/32
Let’s observe next-hop values on ASBRs:
ASBR1#show ip bgp vpnv4 all
BGP table version is 5, local router ID is 7.7.7.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1
*>i10.1.15.0/24 1.1.1.1 0 100 0 ?
*> 10.1.46.0/24 100.1.78.8 0 200 ?
*>i11.11.11.11/32 1.1.1.1 65 100 0 ?
*> 12.12.12.12/32 100.1.78.8 0 200 ?
ASBR1#
Observations:
· For the routes originated by PE1, next-hop is 1.1.1.1 (PE1’s Loopback)
· For the routes originated by PE2, next-hop value is ASBR2’s Ser1/1 100.1.78.8
ASBR2#show ip bgp vpnv4 all
BGP table version is 5, local router ID is 8.8.8.8
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1
*> 10.1.15.0/24 100.1.78.7 0 100 ?
*>i10.1.46.0/24 4.4.4.4 0 100 0 ?
*> 11.11.11.11/32 100.1.78.7 0 100 ?
*>i12.12.12.12/32 4.4.4.4 65 100 0 ?
ASBR2#
Observations:
· For the routes originated by PE2, next-hop is 4.4.4.4 (PE2’s Loopback)
· For the routes originated by PE1, next-hop value is ASBR1’s Ser1/1 100.1.78.7
Let’s see what is happening with the labels
We will observe labels for 11.11.11.11 and 12.12.12.12
PE1#show ip bgp vpnv4 all labels
Network Next Hop In label/Out label
Route Distinguisher: 100:1 (VPN_A)
10.1.15.0/24 0.0.0.0 19/aggregate(VPN_A)
10.1.46.0/24 100.1.78.8 nolabel/22
11.11.11.11/32 10.1.15.5 20/nolabel
12.12.12.12/32 100.1.78.8 nolabel/23
PE1#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 2.2.2.2/32 0 Se1/1 point2point
17 Pop tag 100.1.27.0/24 0 Se1/1 point2point
18 17 7.7.7.7/32 0 Se1/1 point2point
19 Aggregate 10.1.15.0/24[V] 3764
20 Untagged 11.11.11.11/32[V] 4264 Se1/0 point2point
21 18 100.1.78.0/24 0 Se1/1 point2point
22 19 100.1.78.8/32 0 Se1/1 point2point
PE1#
PE1#show ip cef vrf VPN_A 12.12.12.12
12.12.12.12/32, version 12, epoch 0, cached adjacency to Serial1/1
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Se1/1, point2point, tags imposed: {19 23}
via 100.1.78.8, 0 dependencies, recursive
next hop 100.1.12.2, Serial1/1 via 100.1.78.8/32
valid cached adjacency
tag rewrite with Se1/1, point2point, tags imposed: {19 23}
PE1#
PE2#show ip bgp vpnv4 all labels
Network Next Hop In label/Out label
Route Distinguisher: 100:1 (VPN_A)
10.1.15.0/24 100.1.78.7 nolabel/20
10.1.46.0/24 0.0.0.0 19/aggregate(VPN_A)
11.11.11.11/32 100.1.78.7 nolabel/21
12.12.12.12/32 10.1.46.6 20/nolabel
PE2#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 100.1.38.0/24 0 Se1/1 point2point
17 Pop tag 3.3.3.3/32 0 Se1/1 point2point
18 17 8.8.8.8/32 0 Se1/1 point2point
19 Aggregate 10.1.46.0/24[V] 4284
20 Untagged 12.12.12.12/32[V] 3224 Se1/0 point2point
21 18 100.1.78.0/24 0 Se1/1 point2point
22 19 100.1.78.7/32 0 Se1/1 point2point
PE2#
PE2#show ip cef vrf VPN_A 11.11.11.11
11.11.11.11/32, version 16, epoch 0, cached adjacency to Serial1/1
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Se1/1, point2point, tags imposed: {19 21}
via 100.1.78.7, 0 dependencies, recursive
next hop 100.1.34.3, Serial1/1 via 100.1.78.7/32
valid cached adjacency
tag rewrite with Se1/1, point2point, tags imposed: {19 21}
PE2#
ASBR1#show ip bgp vpnv4 all labels
Network Next Hop In label/Out label
Route Distinguisher: 100:1
10.1.15.0/24 1.1.1.1 20/19
10.1.46.0/24 100.1.78.8 23/22
11.11.11.11/32 1.1.1.1 21/20
12.12.12.12/32 100.1.78.8 22/23
ASBR1#
ASBR2#show ip bgp vpnv4 all labels
Network Next Hop In label/Out label
Route Distinguisher: 100:1
10.1.15.0/24 100.1.78.7 21/20
10.1.46.0/24 4.4.4.4 22/19
11.11.11.11/32 100.1.78.7 20/21
12.12.12.12/32 4.4.4.4 23/20
ASBR2#
Observations:
· PE1 has assigned a label 20 for 11.11.11.11/32 and advertised to ASBR1 via IBGP and hence we see that ASBR1 is using 20 as the out label for 11.11.11.11/32.
· ASBR1 has assigned label 21 for 11.11.11.11/32 and advertised to ASBR2 via eBGP and hence we see that ASBR2 is using label 21 as out label to reach 11.11.11.11/32.
· ASBR2 didn’t change the VPN label 21 for 11.11.11.11/32 and the same has been advertised to PE2 via iBGP and hence we see that PE2 is using label 21 as out label for 11.11.11.11/32
· In PE2, next-hop for 11.11.11.11/32 is ASBR1 Ser1/1 100.1.78.7 and the out label for that is 19.
· This is clearly showing up in “show ip cef vrf VPN_A 11.11.11.11”, that PE2 is using {19 21} to reach 11.11.11.11/32
·
· PE2 has assigned label 20 for 12.12.12.12/32 and advertised to ASBR2 via IBGP and hence we see that ASBR2 is using label 20 as the out label for 12.12.12.12/32.
· ASBR2 has assigned label 23 for 12.12.12.12/32 and advertised to ASBR1 via EBGP and hence we see that ASBR1 is using label 23 as out label for 12.12.12.12/32
· ASBR1 didn’t change the VPN label for 12.12.12.12/32 and the same has been advertised to PE1 via iBGP and hence we see that PE1 is using label 23 as out label to reach 12.12.12.12/32.
· In PE1, next-hop for 12.12.12.12/32 is ASBR1 ser1/1 100.1.78.8 and the out label for that is 19.
· This is clearly showing up in “show ip cef vrf VPN_A 12.12.12.12”, that PE1 is using {19 23} to reach 12.12.12.12/32
· In/out labels are very clearly shown in “show ip bgp vpnv4 all labels” output for ASBRs.
Let’s see the labels on P1 and P2 to understand the Transport label swapping:
P2#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 4.4.4.4/32 51550 Se1/1 point2point
17 Pop tag 8.8.8.8/32 58315 Se1/0 point2point
18 Pop tag 100.1.78.0/24 0 Se1/0 point2point
19 19 100.1.78.7/32 2220 Se1/0 point2point
P2#
P1#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 1.1.1.1/32 43057 Se1/1 point2point
17 Pop tag 7.7.7.7/32 60034 Se1/0 point2point
18 Pop tag 100.1.78.0/24 0 Se1/0 point2point
19 19 100.1.78.8/32 2220 Se1/0 point2point
P1#
CE2#ping 11.11.11.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 184/264/348 ms
CE2#
PE2#debug mpls packet
MPLS packet debugging is on
PE2#
*Jun 21 22:13:11.633: MPLS: Se1/1: recvd: CoS=0, TTL=250, Label(s)=19
*Jun 21 22:13:11.929: MPLS: Se1/1: recvd: CoS=0, TTL=250, Label(s)=19
*Jun 21 22:13:12.133: MPLS: Se1/1: recvd: CoS=0, TTL=250, Label(s)=19
*Jun 21 22:13:12.365: MPLS: Se1/1: recvd: CoS=0, TTL=250, Label(s)=19
*Jun 21 22:13:12.569: MPLS: Se1/1: recvd: CoS=0, TTL=250, Label(s)=19
PE2#u all
All possible debugging has been turned off
PE2#
P2#debug mpls packet
MPLS packet debugging is on
P2#
*Jun 21 22:13:11.325: MPLS: Se1/1: recvd: CoS=0, TTL=254, Label(s)=19/21
*Jun 21 22:13:11.329: MPLS: Se1/0: xmit: CoS=0, TTL=253, Label(s)=19/21
*Jun 21 22:13:11.565: MPLS: Se1/0: recvd: CoS=0, TTL=251, Label(s)=16/19
*Jun 21 22:13:11.565: MPLS: Se1/1: xmit: CoS=0, TTL=250, Label(s)=19
*Jun 21 22:13:11.705: MPLS: Se1/1: recvd: CoS=0, TTL=254, Label(s)=19/21
*Jun 21 22:13:11.705: MPLS: Se1/0: xmit: CoS=0, TTL=253, Label(s)=19/21
*Jun 21 22:13:11.909: MPLS: Se1/0: recvd: CoS=0, TTL=251, Label(s)=16/19
*Jun 21 22:13:11.909: MPLS: Se1/1: xmit: CoS=0, TTL=250, Label(s)=19
ASBR2#debug mpls packet
MPLS packet debugging is on
ASBR2#
*Jun 21 22:13:29.541: MPLS: Se1/0: recvd: CoS=0, TTL=253, Label(s)=19/21
*Jun 21 22:13:29.541: MPLS: Se1/1: xmit: CoS=0, TTL=252, Label(s)=21
*Jun 21 22:13:29.737: MPLS: Se1/1: recvd: CoS=0, TTL=252, Label(s)=22
*Jun 21 22:13:29.737: MPLS: Se1/0: xmit: CoS=0, TTL=251, Label(s)=16/19
*Jun 21 22:13:29.889: MPLS: Se1/0: recvd: CoS=0, TTL=253, Label(s)=19/21
*Jun 21 22:13:29.889: MPLS: Se1/1: xmit: CoS=0, TTL=252, Label(s)=21
*Jun 21 22:13:30.089: MPLS: Se1/1: recvd: CoS=0, TTL=252, Label(s)=22
*Jun 21 22:13:30.089: MPLS: Se1/0: xmit: CoS=0, TTL=251, Label(s)=16/19
*Jun 21 22:13:30.165: MPLS: Se1/0: recvd: CoS=0, TTL=253, Label(s)=19/21
ASBR2#
ASBR1#debug mpls packet
MPLS packet debugging is on
ASBR1#
*Jun 21 22:13:29.285: MPLS: Se1/1: recvd: CoS=0, TTL=252, Label(s)=21
*Jun 21 22:13:29.285: MPLS: Se1/0: xmit: CoS=0, TTL=251, Label(s)=16/20
*Jun 21 22:13:29.485: MPLS: Se1/0: recvd: CoS=0, TTL=253, Label(s)=19/22
*Jun 21 22:13:29.485: MPLS: Se1/1: xmit: CoS=0, TTL=252, Label(s)=22
*Jun 21 22:13:29.693: MPLS: Se1/1: recvd: CoS=0, TTL=252, Label(s)=21
*Jun 21 22:13:29.693: MPLS: Se1/0: xmit: CoS=0, TTL=251, Label(s)=16/20
*Jun 21 22:13:29.833: MPLS: Se1/0: recvd: CoS=0, TTL=253, Label(s)=19/22
*Jun 21 22:13:29.833: MPLS: Se1/1: xmit: CoS=0, TTL=252, Label(s)=22
*Jun 21 22:13:29.921: MPLS: Se1/1: recvd: CoS=0, TTL=252, Label(s)=21
P1#debug mpls packet
MPLS packet debugging is on
P1#
*Jun 21 22:13:37.277: MPLS: Se1/0: recvd: CoS=0, TTL=251, Label(s)=16/20
*Jun 21 22:13:37.277: MPLS: Se1/1: xmit: CoS=0, TTL=250, Label(s)=20
*Jun 21 22:13:37.389: MPLS: Se1/1: recvd: CoS=0, TTL=254, Label(s)=19/22
*Jun 21 22:13:37.389: MPLS: Se1/0: xmit: CoS=0, TTL=253, Label(s)=19/22
*Jun 21 22:13:37.629: MPLS: Se1/0: recvd: CoS=0, TTL=251, Label(s)=16/20
*Jun 21 22:13:37.629: MPLS: Se1/1: xmit: CoS=0, TTL=250, Label(s)=20
*Jun 21 22:13:37.753: MPLS: Se1/1: recvd: CoS=0, TTL=254, Label(s)=19/22
*Jun 21 22:13:37.753: MPLS: Se1/0: xmit: CoS=0, TTL=253, Label(s)=19/22
*Jun 21 22:13:37.861: MPLS: Se1/0: recvd: CoS=0, TTL=251, Label(s)=16/20
*Jun 21 22:13:37.861: MPLS: Se1/1: xmit: CoS=0, TTL=250, Label(s)=20
PE1#debug mpls packet
MPLS packet debugging is on
PE1#
*Jun 21 22:13:38.257: MPLS: Se1/1: recvd: CoS=0, TTL=250, Label(s)=20
*Jun 21 22:13:38.257: MPLS: Se1/0: xmit: (no label)
*Jun 21 22:13:38.645: MPLS: Se1/1: recvd: CoS=0, TTL=250, Label(s)=20
*Jun 21 22:13:38.645: MPLS: Se1/0: xmit: (no label)
*Jun 21 22:13:38.817: MPLS: Se1/1: recvd: CoS=0, TTL=250, Label(s)=20
*Jun 21 22:13:38.817: MPLS: Se1/0: xmit: (no label)
*Jun 21 22:13:38.989: MPLS: Se1/1: recvd: CoS=0, TTL=250, Label(s)=20
*Jun 21 22:13:38.989: MPLS: Se1/0: xmit: (no label)
PE1#
CE1#trace 12.12.12.12
Type escape sequence to abort.
Tracing the route to 12.12.12.12
1 10.1.15.1 64 msec 48 msec 16 msec
2 100.1.12.2 [MPLS: Labels 19/23 Exp 0] 192 msec 184 msec 188 msec
3 100.1.27.7 [MPLS: Labels 19/23 Exp 0] 216 msec 252 msec 204 msec
4 100.1.78.8 [MPLS: Label 23 Exp 0] 224 msec 200 msec 188 msec
5 100.1.38.3 [MPLS: Labels 16/20 Exp 0] 220 msec 180 msec 232 msec
6 10.1.46.4 [MPLS: Label 20 Exp 0] 184 msec 152 msec 144 msec
7 10.1.46.6 236 msec * 220 msec
CE1#
CE2#trace 11.11.11.11
Type escape sequence to abort.
Tracing the route to 11.11.11.11
1 10.1.46.4 16 msec 92 msec 16 msec
2 100.1.34.3 [MPLS: Labels 19/21 Exp 0] 180 msec 184 msec 216 msec
3 100.1.38.8 [MPLS: Labels 19/21 Exp 0] 172 msec 188 msec 172 msec
4 100.1.78.7 [MPLS: Label 21 Exp 0] 168 msec 160 msec 204 msec
5 100.1.27.2 [MPLS: Labels 16/20 Exp 0] 220 msec 232 msec 172 msec
6 10.1.15.1 [MPLS: Label 20 Exp 0] 156 msec 184 msec 160 msec
7 10.1.15.5 212 msec * 212 msec
CE2#
No comments:
Post a Comment