In this blog we will do Inter-AS Mpls VPN with multihop VPNv4 route exchange configuration at AS edge PE routers.Here is the topology for this blog:
We will run Eigrp 100 as vrf routing protocol between CE-1 and AS1234-PE1 routers.
We will run rip as vrf routing protocol between CE-2 and AS5678-PE1 routers.
We will eBGP vpnv4 between PE-2 routers.
We will run OSPF as IGP and MP-BGP between AS1234 PE1-PE2 and P routers.P router will be route-reflector.
We will run OSPF as IGP and MP-BGP between AS5678 PE1-PE2 and P routers.P router will be route-reflector.
All routers in this example are Cisco Systems 3725 router.Any other Cisco router that support Mpls VPN could be used for this example.Cisco IOS version should be checked on routers before configuring Inter-AS Mpls VPN with multihop VPNv4 route exchange
Here is the configurations:
Configuration of CE-1
interface Loopback0
ip address 1.1.1.1 255.255.255.255
interface Loopback11
ip address 11.11.11.11 255.255.255.255
interface FastEthernet0/0
ip address 12.12.12.1 255.255.255.0
router eigrp 100
redistribute connected
network 1.0.0.0
network 12.12.12.1 0.0.0.0
no auto-summary
Configuration of AS1234-PE1
ip vrf a
rd 1234:1
route-target export 1234:1
route-target import 1234:1
route-target import 5678:1
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
ip ospf 1 area 0
!
interface FastEthernet0/0
ip address 192.168.23.2 255.255.255.0
ip ospf network point-to-point
mpls ip
!
interface FastEthernet0/1
ip vrf forwarding a
ip address 12.12.12.2 255.255.255.0
router eigrp 1
no auto-summary
!
address-family ipv4 vrf a
redistribute bgp 1234
network 12.12.12.2 0.0.0.0
default-metric 1000 100 255 1 1500
no auto-summary
autonomous-system 100
exit-address-family
!
router ospf 1
log-adjacency-changes
network 192.168.0.0 0.0.255.255 area 0
!
router bgp 1234
no synchronization
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 1234
neighbor 3.3.3.3 update-source Loopback0
neighbor 7.7.7.7 remote-as 5678
neighbor 7.7.7.7 ebgp-multihop 255
neighbor 7.7.7.7 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
neighbor 7.7.7.7 activate
neighbor 7.7.7.7 send-community extended
exit-address-family
!
address-family ipv4 vrf a
redistribute connected
redistribute static
redistribute eigrp 100
no synchronization
exit-address-family
Configuration of AS1234-P
interface Loopback0
ip address 3.3.3.3 255.255.255.255
ip ospf 1 area 0
!
interface FastEthernet0/0
ip address 192.168.23.3 255.255.255.0
ip ospf network point-to-point
mpls ip
!
interface FastEthernet0/1
ip address 192.168.34.3 255.255.255.0
mpls ip
!
router ospf 1
log-adjacency-changes
network 192.168.0.0 0.0.255.255 area 0
!
router bgp 1234
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 1234
neighbor 2.2.2.2 update-source Loopback0
neighbor 4.4.4.4 remote-as 1234
neighbor 4.4.4.4 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
neighbor 2.2.2.2 route-reflector-client
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
neighbor 4.4.4.4 route-reflector-client
exit-address-family
Configuration of AS1234-PE2:
interface Loopback0
ip address 4.4.4.4 255.255.255.255
ip ospf 1 area 0
!
interface FastEthernet0/0
ip address 192.168.34.4 255.255.255.0
mpls ip
!
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.45.4 255.255.255.0
!
router ospf 1
log-adjacency-changes
redistribute bgp 1234 subnets
passive-interface FastEthernet0/1.10
network 192.168.0.0 0.0.255.255 area 0
!
router bgp 1234
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 1234
neighbor 3.3.3.3 update-source Loopback0
neighbor 192.168.45.5 remote-as 5678
!
address-family ipv4
neighbor 3.3.3.3 activate
neighbor 192.168.45.5 activate
neighbor 192.168.45.5 route-map as5678-out out
neighbor 192.168.45.5 send-label
no auto-summary
no synchronization
network 2.2.2.2 mask 255.255.255.255
exit-address-family
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
neighbor 3.3.3.3 next-hop-self
exit-address-family
ip prefix-list PE seq 5 permit 2.2.2.2/32
!
route-map as5678-out permit 10
match ip address prefix-list PE
set mpls-label
Configuration AS5678-PE2
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.56.5 255.255.255.0
mpls ip
!
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.45.5 255.255.255.0
!
router ospf 1
router-id 5.5.5.5
log-adjacency-changes
redistribute bgp 5678 subnets
passive-interface FastEthernet0/1.10
network 5.5.5.5 0.0.0.0 area 0
network 192.168.0.0 0.0.255.255 area 0
!
router bgp 5678
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 6.6.6.6 remote-as 5678
neighbor 6.6.6.6 update-source Loopback0
neighbor 192.168.45.4 remote-as 1234
!
address-family ipv4
neighbor 6.6.6.6 activate
neighbor 192.168.45.4 activate
neighbor 192.168.45.4 route-map as1234-out out
neighbor 192.168.45.4 send-label
no auto-summary
no synchronization
network 7.7.7.7 mask 255.255.255.255
exit-address-family
!
address-family vpnv4
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 send-community extended
neighbor 6.6.6.6 next-hop-self
exit-address-family
!
ip prefix-list PE seq 5 permit 7.7.7.7/32
!
route-map as1234-out permit 10
match ip address prefix-list PE
set mpls-label
Configuration of AS5678-P:
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.56.6 255.255.255.0
mpls ip
!
interface FastEthernet0/1
ip address 192.168.67.6 255.255.255.0
mpls ip
!
router ospf 1
router-id 6.6.6.6
log-adjacency-changes
network 6.6.6.6 0.0.0.0 area 0
network 192.168.0.0 0.0.255.255 area 0
!
router bgp 5678
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 5.5.5.5 remote-as 5678
neighbor 5.5.5.5 update-source Loopback0
neighbor 7.7.7.7 remote-as 5678
neighbor 7.7.7.7 update-source Loopback0
!
address-family ipv4
neighbor 5.5.5.5 activate
neighbor 7.7.7.7 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 send-community extended
neighbor 5.5.5.5 route-reflector-client
neighbor 7.7.7.7 activate
neighbor 7.7.7.7 send-community extended
neighbor 7.7.7.7 route-reflector-client
exit-address-family
Configuration AS5678-PE1:
ip vrf a
rd 5678:1
route-target export 5678:1
route-target import 5678:1
route-target import 1234:1
!
interface Loopback0
ip address 7.7.7.7 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.67.7 255.255.255.0
mpls ip
!
interface FastEthernet0/1
ip vrf forwarding a
ip address 78.78.78.7 255.255.255.0
!
router ospf 1
router-id 7.7.7.7
log-adjacency-changes
network 7.7.7.7 0.0.0.0 area 0
network 192.168.0.0 0.0.255.255 area 0
!
router rip
!
address-family ipv4 vrf a
redistribute bgp 5678 metric 1
network 78.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 5678
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 1234
neighbor 2.2.2.2 ebgp-multihop 255
neighbor 2.2.2.2 update-source Loopback0
neighbor 6.6.6.6 remote-as 5678
neighbor 6.6.6.6 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 send-community extended
exit-address-family
!
address-family ipv4 vrf a
redistribute rip
no synchronization
exit-address-family
Configuration of CE-2
interface Loopback0
ip address 8.8.8.8 255.255.255.255
!
interface FastEthernet0/0
ip address 78.78.78.8 255.255.255.0
!
router rip
version 2
network 8.0.0.0
network 78.0.0.0
no auto-summary
Lets check reachability between CE routers:
CE1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
8.0.0.0/32 is subnetted, 1 subnets
D EX 8.8.8.8 [170/2611200] via 12.12.12.2, 00:31:15, FastEthernet0/0
78.0.0.0/24 is subnetted, 1 subnets
D EX 78.78.78.0 [170/2611200] via 12.12.12.2, 00:31:15, FastEthernet0/0
11.0.0.0/32 is subnetted, 1 subnets
C 11.11.11.11 is directly connected, Loopback11
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, FastEthernet0/0
R1#ping 8.8.8.8 source 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 632/844/1064 ms
CE1#trace
Protocol [ip]:
Target IP address: 8.8.8.8
Source address: 1.1.1.1
Numeric display [n]: yes
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 8.8.8.8
1 12.12.12.2 244 msec 132 msec 256 msec
2 192.168.23.3 [MPLS: Labels 20/20 Exp 0] 736 msec 896 msec 1244 msec
3 192.168.34.4 [MPLS: Labels 20/20 Exp 0] 1444 msec 784 msec 788 msec
4 192.168.45.5 [MPLS: Labels 16/20 Exp 0] 1008 msec 1404 msec 1304 msec
5 192.168.56.6 [MPLS: Labels 16/20 Exp 0] 2000 msec 1968 msec 1756 msec
6 78.78.78.7 [MPLS: Label 20 Exp 0] 2272 msec 2388 msec 2812 msec
7 78.78.78.8 1704 msec 1092 msec 2160 msec
Lets check the vrf a routing tables and LSP:
AS1234-PE#show ip route vrf a
Routing Table: a
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
D 1.1.1.1 [90/409600] via 12.12.12.1, 00:09:53, FastEthernet0/1
8.0.0.0/32 is subnetted, 1 subnets
B 8.8.8.8 [20/1] via 7.7.7.7, 00:00:08
78.0.0.0/24 is subnetted, 1 subnets
B 78.78.78.0 [20/0] via 7.7.7.7, 00:00:09
11.0.0.0/32 is subnetted, 1 subnets
D EX 11.11.11.11 [170/409600] via 12.12.12.1, 00:09:53, FastEthernet0/1
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, FastEthernet0/1
AS1234-PE#show ip cef vrf a 8.8.8.8
8.8.8.8/32, version 14, epoch 0, cached adjacency 192.168.23.3
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Fa0/0, 192.168.23.3, tags imposed: {20 20}
via 7.7.7.7, 0 dependencies, recursive
next hop 192.168.23.3, FastEthernet0/0 via 7.7.7.7/32
valid cached adjacency
tag rewrite with Fa0/0, 192.168.23.3, tags imposed: {20 20}
We see that VPN label is 20 and transport label is 20 for next-hop 7.7.7.7
Lets check AS1234-P`s LFIB table for transport label 20:
AS1234-P #sh mpls forwarding-table labels 20
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
20 20 7.7.7.7/32 1084 Fa0/1 192.168.34.4
Edge router`s LFIB table:
AS1234-Edge#show mpls forwarding-table labels 20
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
20 16 7.7.7.7/32 1677 Fa0/1.10 192.168.45.5
This transport label for 7.7.7.7 is 16.This label comes via BGP (we had added send-label for tunnels.See the configurations of edge routers.)
AS1234-Edge #show ip bgp neighbor 192.168.45.5
BGP neighbor is 192.168.45.5, remote AS 5678, external link
BGP version 4, remote router ID 5.5.5.5
BGP state = Established, up for 00:13:37
Last read 00:00:37, last write 00:00:36, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
ipv4 MPLS Label capability: advertised and received
AS5678-Edge#show mpls forwarding-table labels 16
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 16 7.7.7.7/32 2025 Fa0/0 192.168.56.6
AS5678-P#show mpls forwarding-table labels 16
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 7.7.7.7/32 7779 Fa0/1 192.168.67.7
PHP router removes the outer tag and last PE router has only vpn label:
AS5678-PE#sh mpls forwarding-table labels 20
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
20 Untagged 8.8.8.8/32[V] 84 Fa0/1 78.78.78.8
We see that end-to-end LSP is working.
Inter-AS Mpls VPN with multihop VPNv4 route exchange configuration`s key points:
- Send-label command between Inter-AS routers
- Redistribution of eBGP into IGP on Inter-AS routers.But be careful, only loopback ip addresses of neighbor AS should be redistributed.
- When route-map is done between Inter-AS peers, send-label command doesnt work by itself.There should also be set mpls-label command under route-map.
No comments:
Post a Comment