MPLS - L3VPNs: Configuration and Verification
Before moving to Configuration, let’s understand some important terms in MPLS.
· CE: Customer Edge router, which is facing the Provider Edge router
· PE: Provider Edge router, the edge router in the Service Provider Network, which is facing the Customer router.
· P: Provider Router, which is in the Core Service Provider Network and not facing any Customer equipment.
· ASBR: Autonomous System Boundary Router, which is generally used to peer with some other AS.
· VRF: Virtual Routing and Forwarding.
o CE-PE link will be part of a VRF.
o The moment we configure any CE-PE link in a VRF, the link is removed from the global routing table and a separate routing table instance is created for that particular VRF.
· RD: Route Distinguisher
o RD is used to make the route Unique in the Service Provider Network
o This is mainly needed because all customers might use the same RFC 1918 Private address space and we need a mechanism to make the route unique.
o RD is 64 bit value that gets prepended to the prefix
o Format will be AS:number or ip-address:Number
o General usage is to configure with PE’s loopback address, so that it’s easy to troubleshoot if we know which PE is advertising the route
· RT: Route Target
o Route Targets control what are the routes that can be exported from VRF into BGP and vice versa
o All the different kinds of controlling in MPLS is mostly done using RTs
o A prefix can have more than one RT value
o 64 bit value
o Format will be AS:number or ip-address:Number
o General usage will be to use AS:number, it’s easy to troubleshoot if we know which AS has advertised this route.
o Route-target is carried as an Extended-community attribute in BGP
o By default VPNV4 sends Extended-community attribute, but it’s always good to make sure this before proceeding
o Also, if no locally configured VRF is configured to import a particular RT, the routes will not get downloaded to BGP table, this happens by default to save some memory.
o But if PE is acting as a RR or ASBR in case of inter-AS VPNs, we need to disable this default behavior using “no bgp default route-target filter”
o More about this will come in Inter-AS scenario
Now let’s understand how the label distribution and data flow happens in L3 VPNs using a basic Network topology:
Label distribution process:
· LSP must be setup between PE1 and PE2 (you can use TDP, LDP, RSVP-TE) and say PE2 is using label A to reach PE1’s loopback. This is called Transport Label.
· Also assume that P2 is using label B to reach PE1’s loopback and P1 is using label C to reach PE1’s loopback.
· CE1 will advertise its loopback 11.11.11.11 to PE1
· PE1 assigns a label X to this prefix 11.11.11.11 and this is called VPN label.
· Since PE1 has Ibgp VPNV4 neighbor relationship with PE2, PE1 advertises this prefix to PE2 along with the label X.
· For this prefix 11.11.11.11, PE2 will have next-hop of PE’1 loopback 1.1.1.1
· PE2 advertises this route to CE2.
Actual Data path:
· CE2 wants to send some data to CE1’s loopback 11.11.11.11
· PE2 gets this request on the VRF link
· To reach 11.11.11.11, it will use label X; and since the next-hop is 1.1.1.1 it will also use label A (this is called label stacking, lower label is VPN label X, and top label is Transport label A).
· P2 gets this MPLS packet and finds top label A and swaps it with label B and sends it to P1
· P1 gets this MPLS Packet and swaps the top label B with label C and sends it to PE1.
· PE1 pops the top label C and finds another label X.
· PE1 performs another lookup on label X and finds that it belongs to VRF between PE1-CE1
· Sends the unlabelled data to CE2.
Configuration:
1. Building the transport label between PE1 and PE2.
2. Configuring VRF in PE1 and PE2
3. Configuring CE-PE links
4. Configure BGP VPNV4 between PE1 and PE2
5. Redistribute between BGP and CE-PE protocol on PE1 and PE2
Building the Transport Label between PE1 and PE2
PE1(config-router)#do show run | begin router ospf
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 100.1.12.1 0.0.0.0 area 0
!
P1(config-if)#do show run | begin router ospf
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 100.1.12.2 0.0.0.0 area 0
network 100.1.23.2 0.0.0.0 area 0
!
P2(config-if)#do show run | begin router ospf
router ospf 1
router-id 3.3.3.3
log-adjacency-changes
network 3.3.3.3 0.0.0.0 area 0
network 100.1.23.3 0.0.0.0 area 0
network 100.1.34.3 0.0.0.0 area 0
!
PE2(config-router)#do show run | begin router ospf
router ospf 1
router-id 4.4.4.4
log-adjacency-changes
network 4.4.4.4 0.0.0.0 area 0
network 100.1.34.4 0.0.0.0 area 0
!
PE1(config-router)#do ping 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/93/124 ms
PE1(config-router)#
PE2(config-router)#do ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/97/160 ms
PE2(config-router)#
· PE1 can reach PE2’s loopback 4.4.4.4
· PE2 can reach PE1’s loopback 1.1.1.1
PE1(config-router)#int ser1/1
PE1(config-if)#mpls ip
PE1(config-if)#
*Jun 18 12:19:55.615: %LDP-5-NBRCHG: LDP Neighbor 2.2.2.2:0 (1) is UP
PE1(config-if)#
P1(config-if)#int ser1/1
P1(config-if)#mpls ip
P1(config-if)#int ser1/0
P1(config-if)#
*Jun 18 12:19:54.699: %LDP-5-NBRCHG: LDP Neighbor 1.1.1.1:0 (1) is UP
P1(config-if)#mpls ip
P1(config-if)#
*Jun 18 12:20:04.799: %LDP-5-NBRCHG: LDP Neighbor 3.3.3.3:0 (2) is UP
P1(config-if)#
P2(config-if)#int ser1/1
P2(config-if)#mpls ip
P2(config-if)#
*Jun 18 12:19:55.183: %LDP-5-NBRCHG: LDP Neighbor 4.4.4.4:0 (1) is UP
P2(config-if)#int ser1/0
P2(config-if)#mpls ip
P2(config-if)#
*Jun 18 12:20:05.679: %LDP-5-NBRCHG: LDP Neighbor 2.2.2.2:0 (2) is UP
P2(config-if)#
PE2(config-router)#int ser1/1
PE2(config-if)#mpls ip
PE2(config-if)#
*Jun 18 12:19:55.103: %LDP-5-NBRCHG: LDP Neighbor 3.3.3.3:0 (1) is UP
PE2(config-if)#
CE-PE Configuration:
CE1-PE1:
CE1(config-if)#do show run int ser1/0
Building configuration...
Current configuration : 87 bytes
!
interface Serial1/0
ip address 10.1.15.5 255.255.255.0
serial restart-delay 0
end
CE1(config-if)#
CE1#ping 10.1.15.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.15.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/42/112 ms
CE1#
PE1(config-if)#do show run | begin ip vrf VPN_A
ip vrf VPN_A
rd 1.1.1.1:100
route-target export 100:1
route-target import 100:1
!
PE1(config-if)#do show run int ser1/0
Building configuration...
Current configuration : 112 bytes
!
interface Serial1/0
ip vrf forwarding VPN_A
ip address 10.1.15.1 255.255.255.0
serial restart-delay 0
end
PE1(config-if)#
PE1#ping vrf VPN_A 10.1.15.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.15.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/34/76 ms
PE1#
CE2-PE2:
CE2(config-if)#do show run int ser1/0
Building configuration...
Current configuration : 87 bytes
!
interface Serial1/0
ip address 10.1.46.6 255.255.255.0
serial restart-delay 0
end
CE2(config-if)#
CE2#ping 10.1.46.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.46.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/42/88 ms
CE2#
PE2(config-if)#do show run | begin ip vrf VPN_A
ip vrf VPN_A
rd 4.4.4.4:100
route-target export 100:1
route-target import 100:1
!
PE2(config-if)#do show run int ser1/0
Building configuration...
Current configuration : 112 bytes
!
interface Serial1/0
ip vrf forwarding VPN_A
ip address 10.1.46.4 255.255.255.0
serial restart-delay 0
end
PE2(config-if)#
PE2#ping vrf VPN_A 10.1.46.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.46.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/40/64 ms
PE2#
Observations:
· VRF is configured properly
· CE-PE links are up
Configuring OSPF as CE-PE Protocol and advertising CE router’s loopbacks into OSPF:
CE1(config)#router ospf 100
CE1(config-router)#net
CE1(config-router)#network 10.1.15.5 0.0.0.0 area 0
CE1(config-router)#net
CE1(config-router)#network 11.11.11.11 0.0.0.0 area 0
CE1(config-router)#
*Jun 18 13:56:48.231: %OSPF-5-ADJCHG: Process 100, Nbr 10.1.15.1 on Serial1/0 from LOADING to FULL, Loading Done
CE1(config-router)#
PE1(config)#router ospf 100 vrf VPN_A
PE1(config-router)#net
PE1(config-router)#network 10.1.15.1 0.0.0.0 area 0
PE1(config-router)#
*Jun 18 13:56:54.991: %OSPF-5-ADJCHG: Process 100, Nbr 11.11.11.11 on Serial1/0 from LOADING to FULL, Loading Done
PE1(config-router)#
PE1(config-router)#do show ip route vrf VPN_A
Routing Table: VPN_A
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.15.0 is directly connected, Serial1/0
11.0.0.0/32 is subnetted, 1 subnets
O 11.11.11.11 [110/65] via 10.1.15.5, 00:00:22, Serial1/0
PE1(config-router)#
PE1(config-router)# do ping vrf VPN_A 11.11.11.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/35/48 ms
PE1(config-router)#
CE2(config)#router ospf 100
CE2(config-router)#net
CE2(config-router)#network 10.1.46.6 0.0.0.0 area 0
CE2(config-router)#network 12.12.12.12 0.0.0.0 area 0
CE2(config-router)#
*Jun 18 13:59:03.819: %OSPF-5-ADJCHG: Process 100, Nbr 10.1.46.4 on Serial1/0 from LOADING to FULL, Loading Done
CE2(config-router)#
PE2(config)#router ospf 100 vrf VPN_A
PE2(config-router)#network 10.1.46.4 0.0.0.0 area 0
PE2(config-router)#
*Jun 18 13:59:10.723: %OSPF-5-ADJCHG: Process 100, Nbr 12.12.12.12 on Serial1/0 from LOADING to FULL, Loading Done
PE2(config-router)#
PE2(config-router)#do ping vrf VPN_A 12.12.12.12
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.12.12.12, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/33/40 ms
PE2(config-router)#
Observations:
· OSPF has been configured successfully between CE1-PE1 and CE2-PE2
· PE1 can reach CE1 loopback 11.11.11.11
· PE2 can reach CE2 loopback 12.12.12.12
Configuring iBGP VPNV4 between PE1 and PE2:
PE1(config-router)#router bgp 100
PE1(config-router)#no bgp default ipv4-unicast
PE1(config-router)#neighbor 4.4.4.4 remote-as 100
PE1(config-router)#neighbor 4.4.4.4 update-source loopback 0
PE1(config-router)#address-family vpnv4 unicast
PE1(config-router-af)#neighbor 4.4.4.4 activate
PE1(config-router-af)#
*Jun 18 14:01:19.195: %BGP-5-ADJCHANGE: neighbor 4.4.4.4 Up
PE1(config-router-af)#
PE2(config-router)#router bgp 100
PE2(config-router)#no bgp default ipv4-unicast
PE2(config-router)#neighbor 1.1.1.1 remote-as 100
PE2(config-router)#neighbor 1.1.1.1 update-source loopback 0
PE2(config-router)#address-family vpnv4 unicast
PE2(config-router-af)#neighbor 1.1.1.1 activate
PE2(config-router-af)#
*Jun 18 14:01:19.459: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Up
PE2(config-router-af)#
Observations:
· PE1 and PE2 have IBGP VPNV4 neighbor relationship.
· But by default BGP negotiates ipv4 neighbor relationship, that’s why we need to disable this behavior using “no bgp default ipv4-unicast”
· Neighbor is activated under “address-family vpnv4 unicast”
Now, we need to redistribute the OSPF learnt routes into BGP and vice versa on PEs:
PE1(config-router)#router bgp 100
PE1(config-router)#address-family ipv4 vrf VPN_A
PE1(config-router-af)#redistribute ospf 100 vrf VPN_A
PE1(config-router-af)#
PE2(config-router)# router bgp 100
PE2(config-router)#address-family ipv4 vrf VPN_A
PE2(config-router-af)#redistribute ospf 100 vrf VPN_A
PE2(config-router-af)#
PE1(config-router-af)#router ospf 100 vrf VPN_A
PE1(config-router)#redistribute bgp 100 subnets
PE1(config-router)#
PE2(config-router-af)#router ospf 100 vrf VPN_A
PE2(config-router)#redistribute bgp 100 subnets
PE2(config-router)#
Now, let’s check BGP connectivity between PE1 and PE2:
PE1#show ip bgp vpnv4 all sum
BGP router identifier 1.1.1.1, local AS number 100
BGP table version is 9, main routing table version 9
6 network entries using 822 bytes of memory
6 path entries using 408 bytes of memory
5/4 BGP path/bestpath attribute entries using 620 bytes of memory
2 BGP extended community entries using 80 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1930 total bytes of memory
BGP activity 12/6 prefixes, 12/6 paths, scan interval 15 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
4.4.4.4 4 100 17 18 9 0 0 00:01:49 2
PE1#
PE1#show ip route vrf VPN_A
Routing Table: VPN_A
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.15.0 is directly connected, Serial1/0
B 10.1.46.0 [200/0] via 4.4.4.4, 00:34:07
11.0.0.0/32 is subnetted, 1 subnets
O 11.11.11.11 [110/65] via 10.1.15.5, 00:35:53, Serial1/0
12.0.0.0/32 is subnetted, 1 subnets
B 12.12.12.12 [200/65] via 4.4.4.4, 00:34:07
PE1#
Observations:
· OSPF->BGP Redistributing is working fine on PE2 and PE1 successfully learnt CE2’s loopback 12.12.12.12 and the PE2-CE2 link 10.1.46.0/24
PE2#show ip bgp vpnv4 all sum
BGP router identifier 4.4.4.4, local AS number 100
BGP table version is 9, main routing table version 9
6 network entries using 822 bytes of memory
6 path entries using 408 bytes of memory
5/4 BGP path/bestpath attribute entries using 620 bytes of memory
2 BGP extended community entries using 80 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1930 total bytes of memory
BGP activity 12/6 prefixes, 12/6 paths, scan interval 15 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 100 17 18 9 0 0 00:01:55 2
PE2#
*Jun 18 14:05:45.171: %SYS-5-CONFIG_I: Configured from console by console
PE2#
PE2#show ip route vrf VPN_A
Routing Table: VPN_A
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 2 subnets
B 10.1.15.0 [200/0] via 1.1.1.1, 00:33:54
C 10.1.46.0 is directly connected, Serial1/0
11.0.0.0/32 is subnetted, 1 subnets
B 11.11.11.11 [200/65] via 1.1.1.1, 00:33:54
12.0.0.0/32 is subnetted, 1 subnets
O 12.12.12.12 [110/65] via 10.1.46.6, 00:35:08, Serial1/0
PE2#
Observations:
· OSPF->BGP Redistributing is working fine on PE1 and PE2 successfully learnt CE1’s loopback 11.11.11.11 and the PE1-CE1 link 10.1.15.0/24
CE1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.15.0 is directly connected, Serial1/0
O IA 10.1.46.0 [110/65] via 10.1.15.1, 00:01:47, Serial1/0
11.0.0.0/32 is subnetted, 1 subnets
C 11.11.11.11 is directly connected, Loopback0
12.0.0.0/32 is subnetted, 1 subnets
O IA 12.12.12.12 [110/129] via 10.1.15.1, 00:01:47, Serial1/0
CE1#
CE1#ping 12.12.12.12
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.12.12.12, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 104/149/184 ms
CE1#
Observations:
· BGPÃ OSPF Redistributing is working fine on PE1 and CE1 successfully learnt CE2’s loopback 12.12.12.12 and the PE2-CE2 link 10.1.46.0/24
· Reachability is also fine between CE1 and CE2
CE2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 2 subnets
O IA 10.1.15.0 [110/65] via 10.1.46.4, 00:01:47, Serial1/0
C 10.1.46.0 is directly connected, Serial1/0
11.0.0.0/32 is subnetted, 1 subnets
O IA 11.11.11.11 [110/129] via 10.1.46.4, 00:01:47, Serial1/0
12.0.0.0/32 is subnetted, 1 subnets
C 12.12.12.12 is directly connected, Loopback0
CE2#
CE2#ping 11.11.11.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 96/151/188 ms
CE2#
Observations:
· BGP Ã OSPF Redistributing is working fine on PE2 and CE2 successfully learnt CE1’s loopback 11.11.11.11 and the PE1-CE1 link 10.1.15.0/24
· Reachability is also fine between CE1 and CE2
HAPPY! Happy!
Let’s see what is happening with the labels
We will observe labels for 11.11.11.11 and 12.12.12.12
PE1#show ip bgp vpnv4 all labels
Network Next Hop In label/Out label
Route Distinguisher: 1.1.1.1:100 (VPN_A)
10.1.15.0/24 0.0.0.0 23/aggregate(VPN_A)
10.1.46.0/24 4.4.4.4 nolabel/23
11.11.11.11/32 10.1.15.5 24/nolabel
12.12.12.12/32 4.4.4.4 nolabel/24
Route Distinguisher: 4.4.4.4:100
10.1.46.0/24 4.4.4.4 nolabel/23
12.12.12.12/32 4.4.4.4 nolabel/24
PE1#
PE1#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 2.2.2.2/32 0 Se1/1 point2point
17 16 100.1.34.0/24 0 Se1/1 point2point
18 Pop tag 100.1.23.0/24 0 Se1/1 point2point
19 18 4.4.4.4/32 0 Se1/1 point2point
20 17 3.3.3.3/32 0 Se1/1 point2point
23 Aggregate 10.1.15.0/24[V] 520
24 Untagged 11.11.11.11/32[V] 520 Se1/0 point2point
PE1#
PE1#show ip cef vrf VPN_A 12.12.12.12
12.12.12.12/32, version 12, epoch 0, cached adjacency to Serial1/1
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Se1/1, point2point, tags imposed: {18 24}
via 4.4.4.4, 0 dependencies, recursive
next hop 100.1.12.2, Serial1/1 via 4.4.4.4/32
valid cached adjacency
tag rewrite with Se1/1, point2point, tags imposed: {18 24}
PE1#
PE2#show ip bgp vpnv4 all labels
Network Next Hop In label/Out label
Route Distinguisher: 1.1.1.1:100
10.1.15.0/24 1.1.1.1 nolabel/23
11.11.11.11/32 1.1.1.1 nolabel/24
Route Distinguisher: 4.4.4.4:100 (VPN_A)
10.1.15.0/24 1.1.1.1 nolabel/23
10.1.46.0/24 0.0.0.0 23/aggregate(VPN_A)
11.11.11.11/32 1.1.1.1 nolabel/24
12.12.12.12/32 10.1.46.6 24/nolabel
PE2#
PE2#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 16 2.2.2.2/32 0 Se1/1 point2point
17 17 100.1.12.0/24 0 Se1/1 point2point
18 Pop tag 100.1.23.0/24 0 Se1/1 point2point
19 Pop tag 3.3.3.3/32 0 Se1/1 point2point
20 19 1.1.1.1/32 0 Se1/1 point2point
23 Aggregate 10.1.46.0/24[V] 520
24 Untagged 12.12.12.12/32[V] 520 Se1/0 point2point
PE2#
PE2#show ip cef vrf VPN_A 11.11.11.11
11.11.11.11/32, version 12, epoch 0, cached adjacency to Serial1/1
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Se1/1, point2point, tags imposed: {19 24}
via 1.1.1.1, 0 dependencies, recursive
next hop 100.1.34.3, Serial1/1 via 1.1.1.1/32
valid cached adjacency
tag rewrite with Se1/1, point2point, tags imposed: {19 24}
PE2#
Observations:
· PE1 has assigned label 24 for 11.11.11.11/32 and advertised to PE2 via BGP and hence we see that PE2 is sing 24 as out label (VPN label) for 11.11.11.11/32
· PE2 is using label 19 to reach 1.1.1.1, which is Next-hop for 11.11.11.11/32, we call this as Transport label
· This is clearly showing up in “show ip cef vrf VPN_A 11.11.11.11”, that PE2 is using {19 24} to reach 11.11.11.11/32
· VPN label 24 is the inner label and the Transport label 19 is the Top label.
· PE2 has assigned label 24 for 12.12.12.12/32 and advertised to PE1 via BGP and hence we see that PE1 is using label 24 for out label (VPN label) for 12.12.12.12/32
· PE1 is using label 18 to reach 4.4.4.4, which is next-hop for 11.11.11.11/32, we call this as Transport label
· This is clearly showing up in “show ip cef vrf VPN_A 12.12.12.12”, that PE1 is using {18 24} to reach 12.12.12.12/32
· VPN label 24 is the inner label and the Transport label 18 is the Top label.
Before enabling MPLS debugs to see this label stacking, lets see the MPLS forwarding table for P1 and P2 to get a better idea on transport label swapping in P1 and P2.
P2#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 2.2.2.2/32 0 Se1/0 point2point
17 Pop tag 100.1.12.0/24 636 Se1/0 point2point
18 Pop tag 4.4.4.4/32 5184 Se1/1 point2point
19 19 1.1.1.1/32 5348 Se1/0 point2point
P2#
P1#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 100.1.34.0/24 520 Se1/0 point2point
17 Pop tag 3.3.3.3/32 0 Se1/0 point2point
18 18 4.4.4.4/32 5340 Se1/0 point2point
19 Pop tag 1.1.1.1/32 5120 Se1/1 point2point
P1#
“debug mpls packet” output on PE2, P2, P1 and PE1:
CE2#ping 11.11.11.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 116/161/252 ms
CE2#
PE2#
*Jun 18 14:11:11.375: MPLS: Se1/1: recvd: CoS=0, TTL=252, Label(s)=23
*Jun 18 14:11:11.535: MPLS: Se1/1: recvd: CoS=0, TTL=252, Label(s)=23
*Jun 18 14:11:11.647: MPLS: Se1/1: recvd: CoS=0, TTL=252, Label(s)=23
*Jun 18 14:11:11.771: MPLS: Se1/1: recvd: CoS=0, TTL=252, Label(s)=23
*Jun 18 14:11:11.959: MPLS: Se1/1: recvd: CoS=0, TTL=252, Label(s)=23
PE2#
P2#
*Jun 18 14:11:11.251: MPLS: Se1/1: recvd: CoS=0, TTL=254, Label(s)=19/24
*Jun 18 14:11:11.251: MPLS: Se1/0: xmit: CoS=0, TTL=253, Label(s)=19/24
*Jun 18 14:11:11.391: MPLS: Se1/0: recvd: CoS=0, TTL=253, Label(s)=18/23
*Jun 18 14:11:11.391: MPLS: Se1/1: xmit: CoS=0, TTL=252, Label(s)=23
*Jun 18 14:11:11.455: MPLS: Se1/1: recvd: CoS=0, TTL=254, Label(s)=19/24
*Jun 18 14:11:11.455: MPLS: Se1/0: xmit: CoS=0, TTL=253, Label(s)=19/24
*Jun 18 14:11:11.563: MPLS: Se1/0: recvd: CoS=0, TTL=253, Label(s)=18/23
*Jun 18 14:11:11.563: MPLS: Se1/1: xmit: CoS=0, TTL=252, Label(s)=23
P2#u all
P1#
*Jun 18 14:11:00.715: MPLS: Se1/0: recvd: CoS=0, TTL=253, Label(s)=19/24
*Jun 18 14:11:00.715: MPLS: Se1/1: xmit: CoS=0, TTL=252, Label(s)=24
*Jun 18 14:11:00.799: MPLS: Se1/1: recvd: CoS=0, TTL=254, Label(s)=18/23
*Jun 18 14:11:00.799: MPLS: Se1/0: xmit: CoS=0, TTL=253, Label(s)=18/23
*Jun 18 14:11:00.891: MPLS: Se1/0: recvd: CoS=0, TTL=253, Label(s)=19/24
*Jun 18 14:11:00.891: MPLS: Se1/1: xmit: CoS=0, TTL=252, Label(s)=24
P1#u all
PE1#debug mpls packet
MPLS packet debugging is on
PE1#
*Jun 18 14:11:11.087: MPLS: Se1/1: recvd: CoS=0, TTL=252, Label(s)=24
*Jun 18 14:11:11.087: MPLS: Se1/0: xmit: (no label)
*Jun 18 14:11:11.271: MPLS: Se1/1: recvd: CoS=0, TTL=252, Label(s)=24
*Jun 18 14:11:11.271: MPLS: Se1/0: xmit: (no label)
*Jun 18 14:11:11.383: MPLS: Se1/1: recvd: CoS=0, TTL=252, Label(s)=24
*Jun 18 14:11:11.383: MPLS: Se1/0: xmit: (no label)
*Jun 18 14:11:11.535: MPLS: Se1/1: recvd: CoS=0, TTL=252, Label(s)=24
PE1#u all
All possible debugging has been turned off
PE1#
CE1#traceroute 12.12.12.12
Type escape sequence to abort.
Tracing the route to 12.12.12.12
1 10.1.15.1 48 msec 56 msec 24 msec
2 100.1.12.2 [MPLS: Labels 18/24 Exp 0] 168 msec 140 msec 140 msec
3 100.1.23.3 [MPLS: Labels 18/24 Exp 0] 136 msec 160 msec 164 msec
4 10.1.46.4 [MPLS: Label 24 Exp 0] 184 msec 68 msec 108 msec
5 10.1.46.6 148 msec * 164 msec
CE1#
CE2#traceroute 11.11.11.11
Type escape sequence to abort.
Tracing the route to 11.11.11.11
1 10.1.46.4 48 msec 28 msec 16 msec
2 100.1.34.3 [MPLS: Labels 19/24 Exp 0] 156 msec 188 msec 156 msec
3 100.1.23.2 [MPLS: Labels 19/24 Exp 0] 124 msec 156 msec 172 msec
4 10.1.15.1 [MPLS: Label 24 Exp 0] 96 msec 108 msec 140 msec
5 10.1.15.5 168 msec * 192 msec
CE2#
Some more useful BGP troubleshooting commands:
PE1#show ip bgp vpnv4 all
BGP table version is 9, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1.1.1.1:100 (default for vrf VPN_A)
*> 10.1.15.0/24 0.0.0.0 0 32768 ?
*>i10.1.46.0/24 4.4.4.4 0 100 0 ?
*> 11.11.11.11/32 10.1.15.5 65 32768 ?
*>i12.12.12.12/32 4.4.4.4 65 100 0 ?
Route Distinguisher: 4.4.4.4:100
*>i10.1.46.0/24 4.4.4.4 0 100 0 ?
*>i12.12.12.12/32 4.4.4.4 65 100 0 ?
PE1#
PE1#show ip bgp vpnv4 all 11.11.11.11
BGP routing table entry for 1.1.1.1:100:11.11.11.11/32, version 7
Paths: (1 available, best #1, table VPN_A)
Advertised to update-groups:
1
Local
10.1.15.5 from 0.0.0.0 (1.1.1.1)
Origin incomplete, metric 65, localpref 100, weight 32768, valid, sourced, best
Extended Community: RT:100:1 OSPF DOMAIN ID:0x0005:0x000000640200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.1.15.1:0
mpls labels in/out 24/nolabel
PE1#
PE1#show ip bgp vpnv4 all 12.12.12.12
BGP routing table entry for 1.1.1.1:100:12.12.12.12/32, version 9
Paths: (1 available, best #1, table VPN_A)
Not advertised to any peer
Local, imported path from 4.4.4.4:100:12.12.12.12/32
4.4.4.4 (metric 193) from 4.4.4.4 (4.4.4.4)
Origin incomplete, metric 65, localpref 100, valid, internal, best
Extended Community: RT:100:1 OSPF DOMAIN ID:0x0005:0x000000640200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.1.46.4:0
mpls labels in/out nolabel/24
BGP routing table entry for 4.4.4.4:100:12.12.12.12/32, version 5
Paths: (1 available, best #1, no table)
Not advertised to any peer
Local
4.4.4.4 (metric 193) from 4.4.4.4 (4.4.4.4)
Origin incomplete, metric 65, localpref 100, valid, internal, best
Extended Community: RT:100:1 OSPF DOMAIN ID:0x0005:0x000000640200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.1.46.4:0
mpls labels in/out nolabel/24
PE1#
PE2#show ip bgp vpnv4 all
BGP table version is 9, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1.1.1.1:100
*>i10.1.15.0/24 1.1.1.1 0 100 0 ?
*>i11.11.11.11/32 1.1.1.1 65 100 0 ?
Route Distinguisher: 4.4.4.4:100 (default for vrf VPN_A)
*>i10.1.15.0/24 1.1.1.1 0 100 0 ?
*> 10.1.46.0/24 0.0.0.0 0 32768 ?
*>i11.11.11.11/32 1.1.1.1 65 100 0 ?
*> 12.12.12.12/32 10.1.46.6 65 32768 ?
PE2#
PE2#show ip bgp vpnv4 all 12.12.12.12
BGP routing table entry for 4.4.4.4:100:12.12.12.12/32, version 9
Paths: (1 available, best #1, table VPN_A)
Advertised to update-groups:
1
Local
10.1.46.6 from 0.0.0.0 (4.4.4.4)
Origin incomplete, metric 65, localpref 100, weight 32768, valid, sourced, best
Extended Community: RT:100:1 OSPF DOMAIN ID:0x0005:0x000000640200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.1.46.4:0
mpls labels in/out 24/nolabel
PE2#
PE2#
PE2#show ip bgp vpnv4 all 11.11.11.11
BGP routing table entry for 1.1.1.1:100:11.11.11.11/32, version 5
Paths: (1 available, best #1, no table)
Not advertised to any peer
Local
1.1.1.1 (metric 193) from 1.1.1.1 (1.1.1.1)
Origin incomplete, metric 65, localpref 100, valid, internal, best
Extended Community: RT:100:1 OSPF DOMAIN ID:0x0005:0x000000640200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.1.15.1:0
mpls labels in/out nolabel/24
BGP routing table entry for 4.4.4.4:100:11.11.11.11/32, version 7
Paths: (1 available, best #1, table VPN_A)
Not advertised to any peer
Local, imported path from 1.1.1.1:100:11.11.11.11/32
1.1.1.1 (metric 193) from 1.1.1.1 (1.1.1.1)
Origin incomplete, metric 65, localpref 100, valid, internal, best
Extended Community: RT:100:1 OSPF DOMAIN ID:0x0005:0x000000640200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.1.15.1:0
mpls labels in/out nolabel/24
PE2#
No comments:
Post a Comment