Tags
Next up is MPLS VPN; actually VPNv4 routes are what these actually are since we are only passing IPv4 traffic in this example.
So we have this diagram below – CE1 and CE2 are the customer routers and both are running OSPF in Area 0. They need to talk to each other but do not have a direct connection available, so they have contracted us to provide connectivity via MPLS between them. What we will now do is build a pseudo MPLS network between PE1 and PE2, establish an iBGP peering, create the associated customer VRF and then peer with the customer via OSPF Area 0.
So, first up lets configure CE1 using an IP of 10.3.3.3/32 for the loopback and 10.1.13.3/24 for the link facing PE1.
CE1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
First up, Loopback 0. Since this is IOS, you will need to use the full dotted decimal subnet mask
CE1(config)#int loop0
CE1(config-if)#ip add 10.3.3.3 255.255.255.255
Now for the interface facing the PE (here f0/0)
CE1(config-if)#int f0/0
CE1(config-if)#ip add 10.1.13.3 255.255.255.0
CE1(config-if)#no shut
CE1(config-if)#^Z
CE1#
Ok, now lets get CE2 done since it basically the same – but here we will use 10.4.4.4/32 and 10.4.24.4/24
CE2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
First up, Loopback 0. Since this is IOS, you will need to use the full dotted decimal subnet mask
CE2(config)#int loop0
CE2(config-if)#ip add 10.3.4.4 255.255.255.255
Now for the interface facing the PE (here f0/0)
CE2(config-if)#int f0/0
CE2(config-if)#ip add 10.1.24.4 255.255.255.0
CE2(config-if)#no shut
CE2(config-if)#^Z
CE2#
Now we can do the OSPF configs for these routers. Since this is a lab, I am just going to put the 10/8 network in Area 0. So, first up – CE1
CE1(config)#router ospf 1
CE1(config-router)#net 10.0.0.0 0.255.255.255 a 0
CE1(config-router)#
And now CE2:
CE2(config)#router ospf 1
CE2(config-router)#net 10.0.0.0 0.255.255.255 a 0
CE2(config-router)#
Easy part done, now to build the PE nework.
For the PE network we are going to use ISIS for our internal routing protocol and then use BGP on top of that to connect the routers together to pass the VPNv4 routes. Why ISIS you ask? It is because you can use one process for IPv4 and IPv6 traffic. With OSPF you need to run two processes, OSPF for IPv4 and OSPFv3 for IPv6. A single process makes it easier to support as well as if new protocols come around, ISIS won’t really care since it is not IP based (CLNS based).
Ok, time to get some IP addresses on PE1. We will use G0/1/0/11 for connection to PE2 and also create Loopback0. The IPs for the connection to PE2 will be 150.1.12.0/24 and the Loopback will be 150.1.1.1/32.
RP/0/RSP0/CPU0:R1#conf t
Fri Apr 20 00:34:18.971 UTC
RP/0/RSP0/CPU0:R1(config)#int g0/1/0/11
RP/0/RSP0/CPU0:R1(config-if)#ip add 150.1.12.1/24
RP/0/RSP0/CPU0:R1(config-if)#no shut
RP/0/RSP0/CPU0:R1(config-if)#commit
Fri Apr 20 00:34:25.555 UTC
RP/0/RSP0/CPU0:R1(config-if)#
RP/0/RSP0/CPU0:R1(config-if)#int loop0
RP/0/RSP0/CPU0:R1(config-if)#ip add 150.1.1.1/32
RP/0/RSP0/CPU0:R1(config-if)#commit
Fri Apr 20 00:34:39.839 UTC
RP/0/RSP0/CPU0:R1(config-if)#
Ok, lets get PE2 done now and test the interface connectivity. After we confirm that, we can do ISIS.
RP/0/RSP0/CPU0:R2#conf t
Fri Apr 20 00:35:39.031 UTC
RP/0/RSP0/CPU0:R2(config)#int g0/1/0/11
RP/0/RSP0/CPU0:R2(config-if)#ip add 150.1.12.2/24
RP/0/RSP0/CPU0:R2(config-if)#no shut
RP/0/RSP0/CPU0:R2(config-if)#int loop0
RP/0/RSP0/CPU0:R2(config-if)#ip add 150.2.2.2/32
RP/0/RSP0/CPU0:R2(config-if)#comm
Fri Apr 20 00:35:54.565 UTC
RP/0/RSP0/CPU0:R2(config-if)#
Ok, now lets do a PING test to see if we have connectivity:
RP/0/RSP0/CPU0:R2#ping 150.1.12.1
Fri Apr 20 00:36:09.946 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
RP/0/RSP0/CPU0:R2#
Good, now onto ISIS.
For this we will use ISIS area 49.0000.0000.000X.00 where X = Router number and Level-2 only area.
PE1:
Lets define the routing process – Core
RP/0/RSP0/CPU0:R1(config)#router isis Core
Set are Network ID
RP/0/RSP0/CPU0:R1(config-isis)#net 49.0000.0000.0001.00
And our IS Type
RP/0/RSP0/CPU0:R1(config-isis)#is-type level-2
Set the loopback interface into ISIS and place it in PASSIVE mode
RP/0/RSP0/CPU0:R1(config-isis)#int loop0
RP/0/RSP0/CPU0:R1(config-isis-if)#passive
RP/0/RSP0/CPU0:R1(config-isis-if)#address-family ipv4 un
RP/0/RSP0/CPU0:R1(config-isis-if-af)#exit
Now for g0/1/0/11
RP/0/RSP0/CPU0:R1(config-isis-if)#int g0/1/0/11
RP/0/RSP0/CPU0:R1(config-isis-if)#address-family ipv4 unicast
RP/0/RSP0/CPU0:R1(config-isis-if-af)#exit
And finally, commit our changes.
RP/0/RSP0/CPU0:R1(config-isis-if)#commit
Fri Apr 20 01:02:31.714 UTC
Now, lets get PE2 setup the same way:
RP/0/RSP0/CPU0:R2(config)#router isis Core
RP/0/RSP0/CPU0:R2(config-isis)#net 49.0000.0000.0002.00
RP/0/RSP0/CPU0:R2(config-isis)#is-type level-2
RP/0/RSP0/CPU0:R2(config-isis)#int loop0
RP/0/RSP0/CPU0:R2(config-isis-if)#passive
RP/0/RSP0/CPU0:R2(config-isis-if)#address-family ipv4 u
RP/0/RSP0/CPU0:R2(config-isis-if-af)#exit
RP/0/RSP0/CPU0:R2(config-isis-if)#exit
RP/0/RSP0/CPU0:R2(config-isis)#int g0/1/0/11
RP/0/RSP0/CPU0:R2(config-isis-if)#address-family ipv4 un
RP/0/RSP0/CPU0:R2(config-isis-if-af)#exit
RP/0/RSP0/CPU0:R2(config-isis-if)#commit
Ok, lets check our ISIS neighbors
RP/0/RSP0/CPU0:R2#sh isis neighbors
Fri Apr 20 01:10:31.813 UTC
IS-IS Core neighbors:
System Id Interface SNPA State Holdtime Type IETF-NSF
R1 Gi0/1/0/11 6c9c.ed26.ab91 Up 22 L2 Capable
Total neighbor count: 1
RP/0/RSP0/CPU0:R2#
Yup, all neighbored up. Time to check the routes:
RP/0/RSP0/CPU0:R2#sh ip route isis
Fri Apr 20 01:10:54.269 UTC
i L2 150.1.1.1/32 [115/10] via 150.1.12.1, 00:07:06, GigabitEthernet0/1/0/11
RP/0/RSP0/CPU0:R2#
Cool, we have a Level2 route to 150.1.1.1 via R1. Now, lets PING to make sure.
RP/0/RSP0/CPU0:R2#ping 150.1.1.1 so l0
Fri Apr 20 01:11:26.132 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
RP/0/RSP0/CPU0:R2#
Connectivity is working, cool!
Next up, LDP.
First up PE1:
RP/0/RSP0/CPU0:R1(config)#mpls ldp
Like all other IOS XR commands, you assign the interfaces under the protocol.
RP/0/RSP0/CPU0:R1(config-ldp)#int g0/1/0/11
RP/0/RSP0/CPU0:R1(config-ldp-if)#comm
Fri Apr 20 01:18:00.216 UTC
RP/0/RSP0/CPU0:R1(config-ldp-if)#
Ok, PE2
RP/0/RSP0/CPU0:R2(config)#mpls ldp
RP/0/RSP0/CPU0:R2(config-ldp)#int g0/1/0/11
RP/0/RSP0/CPU0:R2(config-ldp-if)#comm
Fri Apr 20 01:18:08.116 UTC
Now lets check our LDP neighbors:
RP/0/RSP0/CPU0:R2#sh mpls ldp neighbor
Fri Apr 20 01:21:21.957 UTC
Peer LDP Identifier: 150.1.1.1:0
TCP connection: 150.1.1.1:646 – 150.2.2.2:43857
Graceful Restart: No
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 12/10; Downstream-Unsolicited
Up time: 00:00:26
LDP Discovery Sources:
GigabitEthernet0/1/0/11
Addresses bound to this peer:
150.1.1.1 150.1.12.1
RP/0/RSP0/CPU0:R2#
Cool, we have a LDP session with PE1 and we can see the IPs bound to the peer.
We are getting there, we still have BGP, VRF, and the OSPF configuration to do yet. We will save the BGP part until last – so for now, VRF time.
For this example, we will call our VRF R3R4 since we are connecting R3 (CE1) and R4 (CE2).
PE1 up first:
RP/0/RSP0/CPU0:R1#conf t
Fri Apr 20 01:38:35.869 UTC
Lets define the name of our VRF
RP/0/RSP0/CPU0:R1(config)#vrf R3R4
Now we need to configure the appropriate address family, ipv4 unicast.
RP/0/RSP0/CPU0:R1(config-vrf)# address-family ipv4 unicast
Now we need to define our route-targets that we are going to import, and export. What is a route-target? Quickly it is a 64-bit BGP community that is used for tagging prefixes, making every prefix unique and also allows the remote PE routers to know what routes belong to what VRF (import).
For this example, we will use 100:100 for both.
RP/0/RSP0/CPU0:R1(config-vrf-af)# import route-target
RP/0/RSP0/CPU0:R1(config-vrf-import-rt)# 100:100
RP/0/RSP0/CPU0:R1(config-vrf-import-rt)# export route-target
RP/0/RSP0/CPU0:R1(config-vrf-export-rt)# 100:100
And commit the changes.
RP/0/RSP0/CPU0:R1(config-vrf-export-rt)#commit
Fri Apr 20 01:38:39.866 UTC
Now we can create the same VRF with the same route-targets:
RP/0/RSP0/CPU0:R2(config)#vrf R3R4
RP/0/RSP0/CPU0:R2(config-vrf)# address-family ipv4 unicast
RP/0/RSP0/CPU0:R2(config-vrf-af)# import route-target
RP/0/RSP0/CPU0:R2(config-vrf-import-rt)# 100:100
RP/0/RSP0/CPU0:R2(config-vrf-import-rt)# export route-target
RP/0/RSP0/CPU0:R2(config-vrf-export-rt)# 100:100
RP/0/RSP0/CPU0:R2(config-vrf-export-rt)#comm
Fri Apr 20 01:45:18.380 UTC
Ok, time to check to see if the VRF is there:
RP/0/RSP0/CPU0:R2#sh vrf R3R4
Fri Apr 20 01:45:52.204 UTC
VRF RD RT AFI SAFI
R3R4 100:100 import 100:100 IPV4 Unicast
export 100:100 IPV4 Unicast
RP/0/RSP0/CPU0:R2#
Yup, we have a VRF. Now we can assign the interfaces facing the CE routers to the appropriate VRF, configure the IP addresses, and then do a PING test across the interface.
PE1:
RP/0/RSP0/CPU0:R1#conf t
Fri Apr 20 01:48:48.712 UTC
Lets get to our interface, G0/1/0/19
RP/0/RSP0/CPU0:R1(config)#interface GigabitEthernet0/1/0/19
Now we can assign the VRF of R3R4
RP/0/RSP0/CPU0:R1(config-if)# vrf R3R4
Configure our IP
RP/0/RSP0/CPU0:R1(config-if)# ipv4 address 10.1.13.1 255.255.255.0
Since this is a 100M link, we will need to hard code it for the GBICs sake.
RP/0/RSP0/CPU0:R1(config-if)# speed 100
And Commit our changes
RP/0/RSP0/CPU0:R1(config-if)#comm
Fri Apr 20 01:48:51.120 UTC
RP/0/RSP0/CPU0:R1(config-if)#
Once that is done, let do PE2 the same way.
PE2:
RP/0/RSP0/CPU0:R2#conf t
Fri Apr 20 01:48:45.677 UTC
RP/0/RSP0/CPU0:R2(config)#interface GigabitEthernet0/1/0/19
RP/0/RSP0/CPU0:R2(config-if)# vrf R3R4
RP/0/RSP0/CPU0:R2(config-if)# ipv4 address 10.1.24.2 255.255.255.0
RP/0/RSP0/CPU0:R2(config-if)# speed 100
RP/0/RSP0/CPU0:R2(config-if)#commit
Fri Apr 20 01:48:51.059 UTC
RP/0/RSP0/CPU0:R2(config-if)#
Now we can test a ping from PE1 to CE1 and PE2 to CE2.
RP/0/RSP0/CPU0:R1#ping 10.1.13.3
Fri Apr 20 01:57:01.969 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.13.3, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)
RP/0/RSP0/CPU0:R1#
Hmm, that failed – why? Well, when an interface lives in a VRF, you need to PING from that VRF.
Lets try that again using VRF R3R4
RP/0/RSP0/CPU0:R1#ping vrf R3R4 10.1.13.3
Fri Apr 20 01:57:11.522 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.13.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
RP/0/RSP0/CPU0:R1#
There, that worked. Lets check R2
RP/0/RSP0/CPU0:R2#ping vrf R3R4 10.1.24.4
Fri Apr 20 01:56:49.742 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.24.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
RP/0/RSP0/CPU0:R2#
Ok, we have connectivity. Now we can get OSPF working between the PE and the CEs.
First up, PE1
We need to specify what we want to call our OSPF process, here I just used R3R4
RP/0/RSP0/CPU0:R1(config)#router ospf R3R4
Now we need to configure OSPF for the VRF
RP/0/RSP0/CPU0:R1(config-ospf)# vrf R3R4
Now for the area
RP/0/RSP0/CPU0:R1(config-ospf-vrf)# area 0
And then place the interfaces that we want in area 0
RP/0/RSP0/CPU0:R1(config-ospf-vrf-ar)# interface GigabitEthernet0/1/0/19
And commit our changes ( I just hit CTRL-Z)
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:yes
RP/0/RSP0/CPU0:R1#
Ok, that is PE1 – now for PE2
RP/0/RSP0/CPU0:R2#conf t
Fri Apr 20 02:13:03.521 UTC
RP/0/RSP0/CPU0:R2(config)#router ospf R3R4
RP/0/RSP0/CPU0:R2(config-ospf)# vrf R3R4
RP/0/RSP0/CPU0:R2(config-ospf-vrf)# area 0
RP/0/RSP0/CPU0:R2(config-ospf-vrf-ar)# interface GigabitEthernet0/1/0/19
RP/0/RSP0/CPU0:R2(config-ospf-vrf-ar-if)#exit
RP/0/RSP0/CPU0:R2(config-ospf-vrf-ar)#exit
RP/0/RSP0/CPU0:R2(config-ospf-vrf)#exit
RP/0/RSP0/CPU0:R2(config-ospf)#com
Fri Apr 20 02:13:14.843 UTC
RP/0/RSP0/CPU0:R2(config-ospf)#
Ok, PE2 done. Now we can check for OSPF neighbor in that VRF.
To do that, we need to use the following command: show ospf (OSPF Process) vrf (VRF Name) neighbor
RP/0/RSP0/CPU0:R1#sh ospf R3R4 vrf R3R4 neighbor
Fri Apr 20 02:18:16.826 UTC
* Indicates MADJ interface
Neighbors for OSPF R3R4, VRF R3R4
Neighbor ID Pri State Dead Time Address Interface
10.3.3.3 1 FULL/DR 00:00:39 10.1.13.3 GigabitEthernet0/1/0/19
Neighbor is up for 00:00:05
Total neighbor count: 1
RP/0/RSP0/CPU0:R1#
Ok, lets check PE2:
RP/0/RSP0/CPU0:R2#sh ospf R3R4 vrf R3R4 neighbor
Fri Apr 20 02:19:19.588 UTC
* Indicates MADJ interface
Neighbors for OSPF R3R4, VRF R3R4
Neighbor ID Pri State Dead Time Address Interface
10.4.4.4 1 FULL/DR 00:00:39 10.1.24.4 GigabitEthernet0/1/0/19
Neighbor is up for 00:00:03
Total neighbor count: 1
RP/0/RSP0/CPU0:R2#
Ok, both PE routers are neighbored up with the CE routers.
Now, if we look at CE1’s routing table – what will we see?
CE1#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.13.0/24 is directly connected, FastEthernet0/0
C 10.3.3.3/32 is directly connected, Loopback0
CE1#
We only see our local routes, nothing from CE2 yet. This is because we have not built the VPNv4 session between PE1 and PE2 yet. We need to configure BGP VPNv4 in order to get the two PE routers to pass the tagged routes to each other. So, onto BGP we go!
For this we will peer with PE2 loopback (150.2.2.2) using AS 1.
PE1 first:
RP/0/RSP0/CPU0:R1#conf t
Fri Apr 20 02:21:32.174 UTC
First we define our BGP process and AS number
RP/0/RSP0/CPU0:R1(config)#router bgp 1
Enable vpv4 address family
RP/0/RSP0/CPU0:R1(config)#address-family vpnv4 unicast
Now we can configure our neighbor and all the info.
RP/0/RSP0/CPU0:R1(config-bgp-af)# neighbor 150.2.2.2
RP/0/RSP0/CPU0:R1(config-bgp-nbr)# remote-as 1
Remember to specify the loopback as the update-source
RP/0/RSP0/CPU0:R1(config-bgp-nbr)# update-source Loopback0
Now we can enable VPNv4 address family with that neighbor
RP/0/RSP0/CPU0:R1(config-bgp-nbr)# address-family vpnv4 unicast
Now we can configure the VRF parameters that BGP needs to know
First define our VRF
RP/0/RSP0/CPU0:R1(config-bgp-nbr-af)# vrf R3R4
Assign our Route Distinguisher (RD)
RP/0/RSP0/CPU0:R1(config-bgp-vrf)# rd 100:100
Enable IPv4 Unicse for this VRF
RP/0/RSP0/CPU0:R1(config-bgp-vrf)# address-family ipv4 unicast
And finally redistribute our OSPF learned routes into BGP VRF R3R4
RP/0/RSP0/CPU0:R1(config-bgp-vrf-af)# redistribute ospf R3R4 match internal external
RP/0/RSP0/CPU0:R1(config-bgp-vrf-af)#
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:yes
RP/0/RSP0/CPU0:R1#
Ok, now that that is done – we need to do the same thing on PE2
RP/0/RSP0/CPU0:R2(config)#router bgp 1
RP/0/RSP0/CPU0:R2(config-bgp)# address-family ipv4 unicast
RP/0/RSP0/CPU0:R2(config-bgp-af)# address-family vpnv4 unicast
RP/0/RSP0/CPU0:R2(config-bgp-af)# neighbor 150.1.1.1
RP/0/RSP0/CPU0:R2(config-bgp-nbr)# remote-as 1
RP/0/RSP0/CPU0:R2(config-bgp-nbr)# update-source Loopback0
RP/0/RSP0/CPU0:R2(config-bgp-nbr)# address-family vpnv4 unicast
RP/0/RSP0/CPU0:R2(config-bgp-nbr-af)# vrf R3R4
RP/0/RSP0/CPU0:R2(config-bgp-vrf)# rd 100:100
RP/0/RSP0/CPU0:R2(config-bgp-vrf)# address-family ipv4 unicast
RP/0/RSP0/CPU0:R2(config-bgp-vrf-af)# redistribute ospf R3R4 match internal external
RP/0/RSP0/CPU0:R2(config-bgp-vrf-af)#exit
RP/0/RSP0/CPU0:R2(config-bgp-vrf)#exit
RP/0/RSP0/CPU0:R2(config-bgp-vrf)#comm
Fri Apr 20 02:27:10.491 UTC
Ok, since this is a VPNv4 neighbor we need to check to see if we are neighbored up:
RP/0/RSP0/CPU0:R2#sh bgp vpnv4 unicast summary
Fri Apr 20 02:28:05.467 UTC
BGP router identifier 150.2.2.2, local AS number 1
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 3889240856
BGP main routing table version 25
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer
Speaker 25 25 25 25 25 25
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
150.1.1.1 0 1 14168 14173 25 0 0 00:00:48 2
RP/0/RSP0/CPU0:R2#
Yup, we are up and we can see what we are receiving 2 prefixes as well! Wonder what they are? To find out, use the show bgp vpnv4 unicast command
RP/0/RSP0/CPU0:R2#sh bgp vpnv4 unicast
Fri Apr 20 02:29:01.202 UTC
BGP router identifier 150.2.2.2, local AS number 1
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 3889240856
BGP main routing table version 25
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i – internal, r RIB-failure, S stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:100 (default for vrf R3R4)
*>i10.1.13.0/24 150.1.1.1 0 100 0 ?
*> 10.1.24.0/24 0.0.0.0 0 32768 ?
*>i10.3.3.3/32 150.1.1.1 2 100 0 ?
*> 10.4.4.4/32 10.1.24.4 2 32768 ?
Processed 4 prefixes, 4 paths
RP/0/RSP0/CPU0:R2#
Nice, we can see we have routes from CE1 and CE2.
Now, lets see if CE1 has routes to CE2
CE1#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.13.0/24 is directly connected, FastEthernet0/0
C 10.3.3.3/32 is directly connected, Loopback0
CE1#
Nope, hmm. What did we forget? I know, we redistributed OSPF into BGP, but we did not redistribute BGP into OSPF. Lets get that fixed.
PE1:
RP/0/RSP0/CPU0:R1(config)#router ospf R3R4
RP/0/RSP0/CPU0:R1(config-ospf)#vrf R3R4
RP/0/RSP0/CPU0:R1(config-ospf-vrf)# redistribute bgp 1
RP/0/RSP0/CPU0:R1(config-ospf-vrf)#comm
Fri Apr 20 02:31:44.637 UTC
RP/0/RSP0/CPU0:R1(config-ospf-vrf)#
And on PE2:
RP/0/RSP0/CPU0:R2(config)#
RP/0/RSP0/CPU0:R2(config)#router ospf R3R4
RP/0/RSP0/CPU0:R2(config-ospf)#vrf R3R4
RP/0/RSP0/CPU0:R2(config-ospf-vrf)# redistribute bgp 1
RP/0/RSP0/CPU0:R2(config-ospf-vrf)# ^Z
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:yes
RP/0/RSP0/CPU0:R2#
Ok, lets check CE1 for routes to CE2 now
CE1#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.1.13.0/24 is directly connected, FastEthernet0/0
C 10.3.3.3/32 is directly connected, Loopback0
O IA 10.4.4.4/32 [110/12] via 10.1.13.1, 00:00:51, FastEthernet0/0
O IA 10.1.24.0/24 [110/11] via 10.1.13.1, 00:00:51, FastEthernet0/0
CE1#
There they are, lets do a PING
CE1#ping 10.4.4.4 so l0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 10.3.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
CE1#
Nice, we can PING!
Now, one other thing that you should notice with the CE1 routing table, routes to CE2 are seen as O IA, OSPF InterArea routes. This is what is expected when you run the same CE OSPF process ID over a MPLS network – the BGP will carry the extra attributes creating what is called a Super Backbone.
When we decode the BGP route information using the show bgp vpnv4 unicast vrf R3R4 10.1.13.0/24 command, we get the following output – notice the extended community information, this is where the extra information is carried. We will actually pull up both 10.1.13.0 and 10.1.14.0 so you can see.
RP/0/RSP0/CPU0:R2#sh bgp vpnv4 unicast vrf R3R4 10.1.13.0 Fri Apr 20 02:45:47.177 UTC BGP routing table entry for 10.1.13.0/24, Route Distinguisher: 100:100 Versions: Process bRIB/RIB SendTblVer Speaker 24 24 Last Modified: Apr 20 02:27:22.347 for 00:18:24 Paths: (1 available, best #1) Not advertised to any peer Path #1: Received by speaker 0 Not advertised to any peer Local 150.1.1.1 (metric 10) from 150.1.1.1 (150.1.1.1) Received Label 16001 Origin incomplete, metric 0, localpref 100, valid, internal, best, group-best, import-candidate, imported Received Path ID 0, Local Path ID 1, version 24 Extended community: RT:100:100 OSPF route-type:0:2:0x0 OSPF router-id:150.1.1.1 RP/0/RSP0/CPU0:R2#sh bgp vpnv4 unicast vrf R3R4 10.1.24.0 Fri Apr 20 03:23:37.990 UTC BGP routing table entry for 10.1.24.0/24, Route Distinguisher: 100:100 Versions: Process bRIB/RIB SendTblVer Speaker 20 20 Local Label: 16001 Last Modified: Apr 20 02:19:16.347 for 01:04:21 Paths: (1 available, best #1) Advertised to peers (in unique update groups): 150.1.1.1 Path #1: Received by speaker 0 Advertised to peers (in unique update groups): 150.1.1.1 Local 0.0.0.0 from 0.0.0.0 (150.2.2.2) Origin incomplete, metric 0, localpref 100, weight 32768, valid, redistributed, best, group-best, import-candidate Received Path ID 0, Local Path ID 1, version 20 Extended community: RT:100:100 OSPF route-type:0:2:0x0 OSPF router-id:150.2.2.2 RP/0/RSP0/CPU0:R2#
There is a way to prevent this from happening and that is to create a Domain-ID for the OSPF process on one of the PE routers.
RP/0/RSP0/CPU0:R2#conf t
Fri Apr 20 03:30:11.463 UTC
Navigate to the OSPF VRF process
RP/0/RSP0/CPU0:R2(config)#router ospf R3R4
RP/0/RSP0/CPU0:R2(config-ospf)#vrf R3R4
Now, lets see what Domain-id types we have – See RFC 4577 for more info on these.
RP/0/RSP0/CPU0:R2(config-ospf-vrf)#domain-id type ?
0005 Type 0x0005
0105 Type 0x0105
0205 Type 0x0205
8005 Type 0x8005
RP/0/RSP0/CPU0:R2(config-ospf-vrf)#domain-id type 0005 value ?
WORD OSPF domain ID ext. community value in Hex (6 octets)
Now lets set it to a value
RP/0/RSP0/CPU0:R2(config-ospf-vrf)#domain-id type 0105 value AABBCCDDEEFF
When you do this, the routes on CE are now E2 routes:
CE1#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.1.13.0/24 is directly connected, FastEthernet0/0
C 10.3.3.3/32 is directly connected, Loopback0
O E2 10.4.4.4/32 [110/2] via 10.1.13.1, 01:04:24, FastEthernet0/0
O E2 10.1.24.0/24 [110/1] via 10.1.13.1, 01:04:24, FastEthernet0/0
CE1#
This can also work in reverse, if you want to create a SuperBackbone but the OSPF processes are different, you can set the domain-id to be the same.
RP/0/RSP0/CPU0:R1(config-ospf-vrf)#domain-id type 0105 value AABBCCDDEEFF
CE1#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS
ia – IS-IS inter area, * – candidate default, U – per-user
o – ODR, P – periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.1.13.0/24 is directly connected, FastEthernet0/0
C 10.3.3.3/32 is directly connected, Loopback0
O IA 10.4.4.4/32 [110/12] via 10.1.13.1, 00:00:04, FastEthernet0/0
O IA 10.1.24.0/24 [110/11] via 10.1.13.1, 00:00:04, FastEthernet0/0
CE1#
There, back to IA routes again.
There is much more to domain-id, but I will save that for another day.