In continuation of my previous posts on MPLS, lets talk about EIGRP as the PE to CE protocol.
Now while one might initially think that this is just as easy as RIP and Static routes, there are some added complexities with EIGRP. What complexities am I referring to? Well when configuring EIGRP on a PE router one needs to be aware of the Autonomous System number relationship. Normally you just create router eigrp AS and that is all you do, but when you have a PE router you need to use the address-family command and then specifically the autonomous-system # for that VRF. This has a big of complexities, but nothing that is a big deal. Just one more thing to remember.
So, lets add EIGRP AS 14 to VRF Green (R1 and R4) as well as the PE (R2 and R5) and configure redistribution. For reference I have already removed the RIP configurations.
First up, the CE routers:
R1:
Rack1R1(config)#router eigrp 14
Rack1R1(config-router)#no au
Rack1R1(config-router)#net 192.168.253.1 0.0.0.0
Rack1R1(config-router)#net 192.168.21.1 0.0.0.0
R4:
Rack1R4(config)#router eigrp 14
Rack1R4(config-router)#no au
Rack1R4(config-router)#net 192.168.253.4 0.0.0.0
Rack1R4(config-router)#net 192.168.54.4 0.0.0.0
And now the PE routers. Just have to remember that we need to use Address Family here as well as configured redistribution under BGP
R2:
Rack1R2(config)#router eigrp 1
Rack1R2(config-router)#address-family ipv4 vrf Green
Rack1R2(config-router-af)#autonomous-system 14
Rack1R2(config-router-af)#net 192.168.21.2 0.0.0.0
*Sep 12 15:00:13.049: %DUAL-5-NBRCHANGE: IP-EIGRP(1) 14: Neighbor 192.168.21.1 (Serial4/0.21) is up: new adjacency
Rack1R2(config-router-af)#redistribute bgp 1 metric 100 100 255 1 1500
Rack1R2(config-router-af)#router bgp 1
Rack1R2(config-router)#address-family ipv4 vrf Green
Rack1R2(config-router-af)#redistribute eigrp 14
Real quick we should check the VPNv4 tables on R2 to make sure that we see what we expect to see:
Rack1R2#sh ip bgp vpnv4 vrf Green
BGP table version is 51, local router ID is 220.61.253.2
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:14 (default for vrf Green)
*> 192.168.21.0 0.0.0.0 0 32768 ?
*>i192.168.54.0 220.61.253.5 0 100 0 ?
*> 192.168.253.1/32 192.168.21.1 2297856 32768 ?
Rack1R2#
Looks good, now onto R5!
R5:
Rack1R5(config)#router eigrp 1
Rack1R5(config-router)#address-family ipv4 vrf Green
Rack1R5(config-router-af)#no au
Rack1R5(config-router-af)#autonomous-system 14
Rack1R5(config-router-af)#net 192.168.54.5 0.0.0.0
*Sep 12 16:32:22.625: %DUAL-5-NBRCHANGE: IP-EIGRP(1) 14: Neighbor 192.168.54.4 (Serial0/0/0.1) is up: new adjacency
Rack1R5(config-router-af)#redistribute bgp 1 metric 100 100 255 1 1500
Rack1R5(config-router-af)#router bgp 1
Rack1R5(config-router)#address-family ipv4 vrf Green
Rack1R5(config-router-af)#redistribute eigrp 14
Now lets look at the VPNv4 routes on R5:
Rack1R5#sh ip bgp vpnv4 vrf Green
BGP table version is 27, local router ID is 220.61.253.5
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:14 (default for vrf Green)
*>i192.168.21.0 220.61.253.2 0 100 0 ?
*> 192.168.54.0 0.0.0.0 0 32768 ?
*>i192.168.253.1/32 220.61.253.2 2297856 100 0 ?
*> 192.168.253.4/32 192.168.54.4 2297856 32768 ?
Rack1R5#
Looks good – lets check the routing table on R4:
Rack1R4#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
D 192.168.21.0/24 [90/2681856] via 192.168.54.5, 00:10:53, Serial0/0/0.1
C 192.168.54.0/24 is directly connected, Serial0/0/0.1
192.168.253.0/32 is subnetted, 2 subnets
C 192.168.253.4 is directly connected, Loopback0
D 192.168.253.1 [90/2809856] via 192.168.54.5, 00:10:53, Serial0/0/0.1
Rack1R4#
We have routes to R1 loopback on R4, and if you notice is an internal route – AD of 90.
Lets try a PING and test connectivity:
Rack1R4#p 192.168.253.1 so l0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.253.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.253.4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 112/114/116 ms
Rack1R4#
Looking good and that is all set!
Lets cover another interesting part of MPLS and EIGRP.
What would happen if you had a leased line bewteen two sites as well as an MPLS conenction, hmm. How would you prevent a routing loop from occoring or a sub-optimal path from happening? That is where SoO come into play.
So, lets configure VRF Blue for EIGRP AS 36 as well as the PEs R2 and R5 to redistribute the routes. After we get the basic configuration done and verified, we will then bring up a link between R3 and R6 and take care of the potential problems.
R3
Rack1R3(config)#router eigrp 36
Rack1R3(config-router)#network 192.168.23.3 0.0.0.0
Rack1R3(config-router)#network 192.168.253.3 0.0.0.0
Rack1R3(config-router)#no auto-summary
R2
Rack1R2(config)#router eigrp 1
Rack1R2(config-router)#address-family ipv4 vrf Blue
Rack1R2(config-router)#no auto-summary
Rack1R2(config-router)#autonomous-system 36
Rack1R2(config-router)#network 192.168.23.2 0.0.0.0
Rack1R2(config-router)#redistribute bgp 1 metric 100 100 100 100 1500
Rack1R2(config)#router bgp 1
Rack1R2(config-router)#address-family ipv4 vrf Blue
Rack1R2(config-router-af)#redistribute eigrp 36
R5
Rack1R5(config)#router eigrp 1
Rack1R5(config-router)#address-family ipv4 vrf Blue
Rack1R5(config-router)#no auto-summary
Rack1R5(config-router)#network 192.168.56.5 0.0.0.0
Rack1R5(config-router)#autonomous-system 36
Rack1R5(config-router)#redistribute bgp 1 metric 100 100 100 100 1500
Rack1R5(config)#router bgp 1
Rack1R5(config-router)#address-family ipv4 vrf Blue
Rack1R5(config-router-af)#redistribute eigrp 36
R6
Rack1R6(config)#router eigrp 36
Rack1R6(config-router)#no auto-summary
Rack1R6(config-router)#network 192.168.56.6 0.0.0.0
Rack1R6(config-router)#network 192.168.253.6 0.0.0.0
So, lets take a look at R6 and see if we see R3’s routes as well as can ping from loopback to loopback:
Rack1R6#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
C 192.168.56.0/24 is directly connected, Serial0/0/0.1
D 192.168.23.0/24 [90/2681856] via 192.168.56.5, 00:10:39, Serial0/0/0.1
192.168.253.0/32 is subnetted, 2 subnets
C 192.168.253.6 is directly connected, Loopback0
D 192.168.253.3 [90/2809856] via 192.168.56.5, 00:10:39, Serial0/0/0.1
Rack1R6#
Rack1R6#p 192.168.253.3 so l0 t 1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.253.3, timeout is 1 seconds:
Packet sent with a source address of 192.168.253.6
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 112/114/116 ms
Rack1R6#
Ahh, now lets us add some complexitiy to the design. We will add a WAN connection directly between R3 and R6, creating a back-door link in the network.
Ok, lets get the serial link up and running:
R3:
Rack1R3(config)#int ser 0/0/0.2 p
Rack1R3(config-if)#ip add 192.168.36.3 255.255.255.0
Rack1R3(config-if)#frame-relay interface-dlci 306
R6:
Rack1R6(config)#interface Serial0/0/0.2 point-to-point
Rack1R6(config-if)#ip address 192.168.36.6 255.255.255.0
Rack1R6(config-if)#frame-relay interface-dlci 603
Now a quick PING interface to interface so that we can verify that it is working:
Rack1R6#p 192.168.36.3 t 1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.36.3, timeout is 1 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/56/56 ms
Rack1R6#
Good, now lets add it to EIGRP and see what happens. But before we do, lets take a look at the routing tables on R3:
Rack1R3#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
D 192.168.56.0/24 [90/2681856] via 192.168.23.2, 00:00:03, Serial0/0/0.1
C 192.168.23.0/24 is directly connected, Serial0/0/0.1
C 192.168.36.0/24 is directly connected, Serial0/0/0.2
192.168.253.0/32 is subnetted, 2 subnets
D 192.168.253.6 [90/2809856] via 192.168.23.2, 00:00:03, Serial0/0/0.1
C 192.168.253.3 is directly connected, Loopback0
Rack1R3#
Ok, so right now the route to the loopback of R6 is via R2, the PE Router. So, lets get this link in EIGRP
R6:
Rack1R6(config)#router eigrp 36
Rack1R6(config-router)#net 192.168.36.6 0.0.0.0
R3:
Rack1R3(config-fr-dlci)#router eigrp 36
Rack1R3(config-router)#network 192.168.36.3 0.0.0.0
*Sep 16 02:07:41.304: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 36: Neighbor 192.168.36.6 (Serial0/0/0.2) is up: new adjacency
Now, lets take a look at the routing table on R3.
Rack1R3#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
D 192.168.56.0/24 [90/2681856] via 192.168.36.6, 00:00:47, Serial0/0/0.2
[90/2681856] via 192.168.23.2, 00:00:47, Serial0/0/0.1
C 192.168.23.0/24 is directly connected, Serial0/0/0.1
C 192.168.36.0/24 is directly connected, Serial0/0/0.2
192.168.253.0/32 is subnetted, 2 subnets
D 192.168.253.6 [90/2297856] via 192.168.36.6, 00:00:47, Serial0/0/0.2
C 192.168.253.3 is directly connected, Loopback0
Rack1R3#
The route is now via the point-to-point link. Lets change this so that the preferred path is via the MPLS network. To do this we will need to tweak the interface metrics – so lets change the delay on both ends to 50000 usecs. But first we should look at our existing delay before changing it.
R3:
Rack1R3#sh int ser 0/0/0.1
Serial0/0/0.1 is up, line protocol is up
Hardware is GT96K Serial
Internet address is 192.168.23.3/24
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation FRAME-RELAY
CRC checking enabled
Last clearing of “show interface” counters never
Rack1R3#sh int ser 0/0/0.2
Serial0/0/0.2 is up, line protocol is up
Hardware is GT96K Serial
Internet address is 192.168.36.3/24
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation FRAME-RELAY
CRC checking enabled
Last clearing of “show interface” counters never
Rack1R3#
Now, lets change that delay:
Rack1R3(config-subif)#int ser 0/0/0.2
Rack1R3(config-subif)#delay 5000
Rack1R3(config-subif)#do show int ser 0/0/0.2
Serial0/0/0.2 is up, line protocol is up
Hardware is GT96K Serial
Internet address is 192.168.36.3/24
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation FRAME-RELAY
CRC checking enabled
Last clearing of “show interface” counters never
Rack1R3(config-subif)#
There, that is set to 50000 usec now.
R6
Rack1R6(config)#int ser 0/0/0.2
Rack1R6(config-subif)#delay 5000
Rack1R6(config-subif)#do show int ser 0/0/0.2
Serial0/0/0.2 is up, line protocol is up
Hardware is GT96K Serial
Internet address is 192.168.36.6/24
MTU 1500 bytes, BW 1544 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation FRAME-RELAY
CRC checking enabled
Last clearing of “show interface” counters never
Rack1R6(config-subif)#
That side is done as well.
Now, lets look at the routing table on R3:
Rack1R3#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
D 192.168.56.0/24 [90/2681856] via 192.168.23.2, 00:00:52, Serial0/0/0.1
C 192.168.23.0/24 is directly connected, Serial0/0/0.1
C 192.168.36.0/24 is directly connected, Serial0/0/0.2
192.168.253.0/32 is subnetted, 2 subnets
D 192.168.253.6 [90/2809856] via 192.168.23.2, 00:00:52, Serial0/0/0.1
C 192.168.253.3 is directly connected, Loopback0
Rack1R3#
Good. We are now using the MPLS link for the connectivity.
Site of Origin, or SoO, is an extended BGP community that provides a way to identify routes that have originated from a site and prevents the re-advertisement of that route back to the source. This allows us to filter MPLS VPN traffic and prevent routing loops from occuring in mixed networks that contain both MPLS VPNs an backdoor links.
Lets get it configured on the PE routers and I will explain what we are doing.
R5
First thing to do is create a route-map
Rack1R5(config)#route-map SoO_36 permit 10
Now we can set the extended community attribute, here 36:5 (AS 36 PE 5 is the numbering I used)
Rack1R5(config-route-map)#set extcommunity soo 36:5
Now we need to apply it to the interface facing R6. The command for this is vrf sitemap
Rack1R5(config-route-map)#int ser 0/0/0.2
Rack1R5(config-subif)#ip vrf sitemap SoO_36
Rack1R5(config-subif)#
As you can see, the EIGRP neighbors bounce while the sitemap is applied.
*Oct 7 21:11:11.875: %DUAL-5-NBRCHANGE: IP-EIGRP(2) 36: Neighbor 192.168.56.6 (Serial0/0/0.2) is down: SoO changed
Rack1R5(config-subif)#
*Oct 7 21:11:13.111: %DUAL-5-NBRCHANGE: IP-EIGRP(2) 36: Neighbor 192.168.56.6 (Serial0/0/0.2) is up: new adjacency
Rack1R5(config-subif)#
R2
Rack1R2(config)#route-map SoO_36 permit 10
Rack1R2(config-route-map)#set extcommunity soo 36:2
Rack1R2(config)#int ser 4/0.2
Rack1R2(config-subif)#ip vrf sitemap SoO_36
Rack1R2(config-subif)#
*Oct 7 19:44:42.981: %DUAL-5-NBRCHANGE: IP-EIGRP(1) 36: Neighbor 192.168.23.3 (Serial4/0.2) is down: SoO changed
Rack1R2(config-subif)#
*Oct 7 19:44:47.081: %DUAL-5-NBRCHANGE: IP-EIGRP(1) 36: Neighbor 192.168.23.3 (Serial4/0.2) is up: new adjacency
Rack1R2(config-subif)#
Now lets check to see if the SoO is there – first the PE routers:
R2
Rack1R2#sh ip bgp vpnv4 all 192.168.253.3
BGP routing table entry for 2:36:192.168.253.3/32, version 48
Paths: (1 available, best #1, table Blue)
Advertised to update-groups:
1
Local
192.168.23.3 from 0.0.0.0 (220.61.253.2)
Origin incomplete, metric 2297856, localpref 100, weight 32768, valid, sourced, best
Extended Community: SoO:36:2 RT:2:36
Cost:pre-bestpath:128:2297856 (default-2145185791) 0x8800:32768:0
0x8801:36:640000 0x8802:65281:1657856 0x8803:65281:1500
mpls labels in/out 28/nolabel
R5
Rack1R5#sh ip bgp vpnv4 all 192.168.253.6
BGP routing table entry for 2:36:192.168.253.6/32, version 19
Paths: (1 available, best #1, table Blue)
Flag: 0x820
Advertised to update-groups:
1
Local
192.168.56.6 from 0.0.0.0 (220.61.253.5)
Origin incomplete, metric 2297856, localpref 100, weight 32768, valid, sourced, best
Extended Community: SoO:36:5 RT:2:36
Cost:pre-bestpath:128:2297856 (default-2145185791) 0x8800:32768:0
0x8801:36:640000 0x8802:65281:1657856 0x8803:65281:1500
mpls labels in/out 29/nolabel
There we go, route is being tagged with an SoO value of 36:5 or 36:2 depending on which router originated it.
Now one last thing to check, lets too at EIGRP on R3 for R6 loopback that we are learning from R2:
Rack1R3#sh ip eigrp topology 192.168.253.6/32
IP-EIGRP (AS 36): Topology entry for 192.168.253.6/32
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 2809856
Routing Descriptor Blocks:
192.168.23.2 (Serial0/0/0.1), from 192.168.23.2, Send flag is 0x0
Composite metric is (2809856/2297856), Route is Internal
Vector metric:
Minimum bandwidth is 1544 Kbit
Total delay is 45000 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 2
Extended Community: SoO:36:5
As you can see, we have the SoO Extended Community attribute in EIGRP, this if we re-advertise that to R5 it will be filtered.