INE Vol 1 multicast - Lab 3 - Multicast RPF Failure (3rd Pass)

So this lab deals with Multicast with broken uRPF due to PIM no being enabled on preferred route/link.

The best way to determine where the problem is, is to use "no ip mroute-cache" on the the PIM enabled interfaces and to "debug ip mpacket". Of course, you'll want to log this to the buffer and not the console.

Doing this at each step of the way, you'll find that R4 is preferring a NON-PIM link to get back to the source.

*Oct 28 18:38:27.499: IP(0): s=10.1.37.7 (FastEthernet2/0) d=224.1.1.1 id=133, ttl=251, prot=1, len=114(100), not RPF interface

This should be an indication that path isn't taking the correct interface back to the source. A static mroute fixes this issue.

INE Vol 1 - Lab 26 - Multicast over MPLS VPNs (3rd pass) - BGP MDT SAFI!!!

For the IOS I'm using for my lab 12.4(20)T, it's necessary to configure BGP address-family MDT for the MDT tunnel to come up.

Otherwise everything else in this lab is straight forward. Configure Multicast throughout the SP and Enterprise devices, enable Multicast on the PE's for the specific VPN and if using static RPs remember to configure the RP address in the VRF on the PEs.

INE Vol 1 - Lab 22 MPLS TE - Dynamic PE to PE tunnels (3rd Pass)

In this lab, it states that you should enable mpls ip on the links but in reality you don't have to since RSVP will take care of the IGP labeling for the BGP next hop and VPNv4 BGP takes care of the Customer prefixes. I did this lab without enable ldp/tdp and it worked as expected.

Just as a review, there are 5 major steps.

Step 1: Enable MPLS traffic-eng tunnels globally

Step 2: Enable MPLS traffic-eng tunnels in the IGP

OSPF - mpls traffic-eng area 0 & mpls traffic-eng router l 0

ISIS - metric-style wide, mpls traffic-eng [level1 | level 2], mpls traffic-eng router l 0

Step 3: Enable MPLS traffic-eng on the interface as well as IP RSVP on the interface

Step 4: Create a tunnel interface and configure as an mpls traffic-eng tunn

Step 5: Ensure that the tunnel is taken for some/all traffic, autoroute announce, static routing, pbr, etc.

INE Vol 1 - Lab 21 - Controlling MPLS Label Distribution (3rd Pass)

Don't forget when restricting label advertisements using "mpls ldp advertise-label for X to Y" that you need to disable mpls ldp advertise-labels for ALL labels which is on be default and won't show up in the config.

Use:

no mpls ldp advertise-labels

mpls advertise-labels for X to Y

INE Vol 1 - Lab 20 - VRF Lite (twist)

I redid this lab again and this time I introduced my own twist. Instead of running a dynamic routing protocol between the VRF lite router and the PE, try using static routes and then try using static default routes. Turns out it's a fun redistribution exercise.

** Also be aware that for sub-interfaces on a serial link wasn't working correctly for me but once I used 2 physical serial interfaces instead of 1 with 2 subs, everything came up correctly.

INE Vol 1 - Lab 16 - Inter-AS MPLS VPNs with Multihop MP-eBGP for VPNv4 Exchange (3rd Pass)

This time around, I forgot I needed to redistribute from IPv4 Unicast BGP into IGP. This is required because when the VPNv4 BGP peers recurse to IGP (putting the IGP label on top of the VPN label), it has to know of the loopback in IGP. Even if it knows it by IPv4 BGP, that's not an IGP so it still won't work (meaning you may see the routes appear on the CEs but pings will fail, because the labeling is failing).

Other things to note, MP-eBGP multi hop and IPv4 Send-label are required.

IPv4 BGP Send-label to get labels across the Inter AS connection.

INE Vol 1 - Lab 15 - Inter-AS w/ MP-eBGP (3rd Pass)

Redoing this lab was good. Caught some silly mistake be trouble shooting.

1. Ensuring the control plane, ie. the BGP VPNv4 tables, look good, meaning you're receiving BGP routes. If you're not, then check to make sure you have next-hop-self enabled where appropriate and that you are not filtering route-targets by default on certain BGP-ASBR routers

2. Once the routes appear on the CEs, ping, if ping fails, then check step by step LDP and make sure labels are assigned for the destinations. A common mistake, if you have a loopback configured but not in IGP then you're LDP peering won't come up since it'll use the loopback as it's ID but the peers won't have reachability to it (unless you put it in IGP).

INE Vol 1 - Lab 14 - Inter AS Back to Back VRFs

Re-doing this lab, I used different RDs and Route-Targets in the 2 different ASes and I wasn't able to get connectivity. My thoughts were that the ASes were independent of each other being that they are doing the PE-CE transition into IP routing to exchange routes.

When I reconfigured the VRFs to be uniform through out the 2 the ASes, everything worked.

OL - MPLS Label filtering

Notes:

Atleast 2 ways to accomplish label filtering, meaning appending label to prefix. Outbound filtering and Inbound filtering.

Configs:

Outbound Filtering

no mpls ldp advertise-labels

mpls ldp advertise-labels for 51 to 50

Access List 51 is ACL for the prefixes and ACL 50 is the ACL for the LDP neighbor

Inbound Filtering

mpls ldp neighbor 1.1.1.1 labels accept 99

Access List 99 is the ACL for the prefixes

OL - L2TPv3

Notes:

The difference between AToM and L2TP is that AToM is over an MPLS network whereas L2TP is over straight IP.

The concepts are very similar. The CE facing interfaces on the PEs need to create a VC across IP (for L2TP or MPLS for AToM). This requires pseudowires to make that connection.

With both AToM, the use of LDP neighbor/peer of the remote PE is used but in L2TP, under the pseudowire-class, you need to define a ip local inteface loop 0. And then use the peer's loopback as the xconnect's peer.

Config:

R3 - PE

l2tp-class L2TP

authentication

password 7 047822352C0E

!

pseudowire-class L2TP

encapsulation l2tpv3

protocol l2tpv3 L2TP

ip local interface Loopback0

!

!

interface FastEthernet1/1

no ip address

duplex auto

speed auto

no cdp enable

no clns route-cache

xconnect 4.4.4.4 12 pw-class L2TP

OL - ATOM

Notes:

I've created my own lab to test out the different types of Layer 2 protocols I can transport over MPLS.

There are, at a basic level, 2 parts to enabling AToM. First, create a pseudowire-class and second, create the VC via an xconnect statement under the CE facing interface on the PE.

Of course, the prerequisite for this to work is that MPLS is enabled throughout the core network.

Also, note that to make life easier use 'mpls ldp router-id loop 0 force'. You have to designate the other PE as peer in xconnect which will be the ldp router id.

Layer 2 protocols that can be transported are EoMPLS, FRoMPLS, PPPoMPLS, HDLCoMPLS, and ATMoMPLS (can't emulate in dynamips, as the PA-A1 doesn't support it).

Config:

R3 - PE

mpls ldp router-id Loopback0 force

mpls label protocol ldp

pseudowire-class EOMPLS

encapsulation mpls

!

interface Loopback0

ip address 3.3.3.3 255.255.255.255

no clns route-cache

!

interface FastEthernet1/0

ip address 150.1.35.3 255.255.255.0

duplex auto

speed auto

mpls ip

no clns route-cache

!

interface FastEthernet1/1.100

description EoMPLS

encapsulation dot1Q 100

no cdp enable

xconnect 4.4.4.4 100 pw-class EOMPLS

!

interface Serial2/0

description HDLCoMPLS

no ip address

serial restart-delay 0

no cdp enable

no clns route-cache

xconnect 4.4.4.4 67 pw-class EOMPLS

!

interface Serial2/1

description FRoMPLS

no ip address

serial restart-delay 0

no cdp enable

no clns route-cache

xconnect 4.4.4.4 607 pw-class EOMPLS

!

interface FastEthernet3/0

ip address 150.1.34.3 255.255.255.0

shutdown

duplex auto

speed auto

mpls ip

no clns route-cache

!

CE config

The CE's are generally configured like back to back CE to CE connections with nothing but a pseudo wire connecting the two. * Remember for FRoMPLS though, you'll want once side to act as Frame switch and that interface to be DCE.

OL - ISIS

Notes:

I've been working through ISIS since I'm not very familiar with it. ISIS by default creates Level 1 (intra area) and Level 2 (inter area) adjacencies with other ISIS routers. You can limit the type on a per interface level ['isis circuit-type'] or on a per process level ['is-type']. Same with authentication, you can do on s per link or on a per process level and authentication supports clear text as well as MD5 hash.

Level 2 is considered the 'backbone' area as all other level1 router need to connect and transit a level 2 area to get to another level 1 router. Level 1-2 routers automatically redistribute level1 prefixes into level 2. In order to redistribute Level 2 into Level 1 you need to configure 'redistribute isis ip level-2 into level-1 route-map/distribute-list'. The route-map doesn't need to contain any entries, it just needs to exist.

Default-information originate by default will originate only a L2 default, in order to generate and L1 default create a route-map, set level level-1 and then append the route map to the default-information originate.

Metrics, without metric-style wide configured, isis defaults to max metric of 63, enabling wide metrics lets you go far beyond that. The default metric of any interface is 10 and can be changed.

Priority, the default priority is 64 with the max being 127. Priority is used to determine who will be the DIS on a multi access segment like ethernet.

Summary-address, can summarize groups of addresses for a given level. The metric used to advertise the summary is the smallest metric of all the more specific routes.

[DOC CD REF]

OL - PPPoE

Notes:

PPPoE can be configured in a many different ways. One of the simplest is demonstrated here. R1 is the client and R2 is the server.

Summary Steps:

Order of Operation is important!

For the client:

1. under the FastE interface, enable pppoe 'pppoe-enable'

2. create a dialer interface, assign an IP, encaps PPP, and associate the this interface to a dialer pool

3. under the FastE interface, associate this interface to the dialer pool

For the server:

1. enable vpdn 'vpdn enable', create a vpdn-group 'vpdn-group CISCO', under the group 'accept-dailin' to make it a server, designate a virtual-template 'virtual-template 1' and configure the protocol to pppoe 'protocol pppoe'

2. configure the virtual-template with an IP (note the default encaps for the Virtual template is ppp)

3. under the FastE interface, enable pppoe.

Config:

R1

interface FastEthernet1/0

no ip address

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

!

interface Dialer1

ip address 150.1.12.1 255.255.255.0

encapsulation ppp

dialer pool 1

dialer idle-timeout 0

dialer persistent

R2

vpdn enable

!

vpdn-group CISCO

! Default L2TP VPDN group

accept-dialin

protocol pppoe

virtual-template 1

!

interface FastEthernet1/0

no ip address

duplex auto

speed auto

pppoe enable group global

!

interface Virtual-Template1

ip address 150.1.12.2 255.255.255.0

!

For DocCD reference, under 12.2 configuration guides, Wide-Area Networking, Configuring Broadband Access... [DocCD Ref]

INE Vol 1 multicast - Lab 12 - Multicast BGP

Notes:

Nothing really to difficult here. This lab uses AFI and SAFI for ipv4 multicast.

Some things to note:

1. On the router connecting to the receiver, disable ip mroute-cache.

2. Disabling Fast Switching via the "no ip route-cache" command helps ensure that the packets are process switched.

INE Vol 1 multicast - Lab 11 - Anycast RP

Notes:

This lab demonstrates an application of MSDP by using AnycastRP in a single PIM-SM domain. AnycastRP is used to provide RP redundancy within a PIM-SM domain and can provide load balancing.

Anycast RP uses an additional loopback on 2 or more routers with the same /32 ip address. This IP address is now the IP for the RP and must be known to all PIM-SM routers either via a static rp, autorp, or bsr.

MSDP is used to connect the 2 or more routers with this additional loopback so they can exchange RP source information.

The same reference as the last lab provides a better description and details.

[Good Ref]

Config:

R1 and R5 as the RP using AnycastRP (similar config on R5)

hostname R1

!

no ip domain lookup

ip multicast-routing

no ipv6 cef

!

multilink bundle-name authenticated

!

interface Loopback0

ip address 150.1.1.1 255.255.255.255

!

interface Loopback1

ip address 150.1.255.255 255.255.255.255

!

interface Serial1/0

no ip address

encapsulation frame-relay

serial restart-delay 0

no frame-relay inverse-arp

!

interface Serial1/0.12 point-to-point

ip address 150.1.12.1 255.255.255.0

ip pim sparse-mode

snmp trap link-status

frame-relay interface-dlci 102

!

interface Serial1/1

ip address 150.1.13.1 255.255.255.0

ip pim sparse-mode

serial restart-delay 0

!

router ospf 1

log-adjacency-changes

network 0.0.0.0 255.255.255.255 area 0

!

ip pim rp-address 150.1.255.255

ip msdp peer 150.1.5.5 connect-source Loopback0

INE Vol 1 multicast - Lab 10 - MSDP

Notes:

This Lab deals with MSDP, Multicast Source Discovery Protocol, which allows RPs in different domains to exchange information about Multicast Sources. This is used in PIM Sparse mode. Since RPs know about the receivers in its own domains but couldn't know about sources in other domains, MSDP is used to exchange the information about sources so that multicast traffic can flow between domains. Below is a good description on MSDP.

[Good Ref]

Config:

R2 and R4 are RPs for their respective PIM Sparse multicast domains, they are also edge routers in their own domains and peer via eBGP.

hostname R2

!

no ip domain lookup

ip multicast-routing

!

interface Loopback0

ip address 150.1.2.2 255.255.255.255

!

interface Serial1/0

no ip address

encapsulation frame-relay

serial restart-delay 0

no frame-relay inverse-arp

!

interface Serial1/0.21 point-to-point

ip address 150.1.12.2 255.255.255.0

ip pim sparse-mode

snmp trap link-status

frame-relay interface-dlci 201

!

interface FastEthernet2/0

ip address 150.1.24.2 255.255.255.0

duplex auto

speed auto

!

router ospf 1

log-adjacency-changes

network 150.1.2.2 0.0.0.0 area 0

network 150.1.12.2 0.0.0.0 area 0

default-information originate always

!

router bgp 1

no synchronization

bgp log-neighbor-changes

redistribute ospf 1

neighbor 150.1.24.4 remote-as 2

no auto-summary

!

ip pim rp-address 150.1.24.2

ip msdp peer 150.1.24.4 remote-as 2

R4

hostname R4

!

no ip domain lookup

ip multicast-routing

!

interface Loopback0

ip address 150.1.4.4 255.255.255.255

!

interface Serial1/0

no ip address

encapsulation frame-relay

serial restart-delay 0

no frame-relay inverse-arp

!

interface Serial1/0.45 point-to-point

ip address 150.1.45.4 255.255.255.0

ip pim sparse-mode

snmp trap link-status

frame-relay interface-dlci 405

!

interface FastEthernet2/0

ip address 150.1.24.4 255.255.255.0

duplex auto

speed auto

!

router ospf 1

log-adjacency-changes

network 150.1.4.4 0.0.0.0 area 0

network 150.1.45.4 0.0.0.0 area 0

default-information originate always

!

router bgp 2

no synchronization

bgp log-neighbor-changes

redistribute ospf 1

neighbor 150.1.24.2 remote-as 1

no auto-summary

!

ip pim rp-address 150.1.24.4

ip msdp peer 150.1.24.2

Verification:

R6 - router closest to the receiver

R6#sh ip mroute

IP Multicast Routing Table

Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,

L - Local, P - Pruned, R - RP-bit set, F - Register flag,

T - SPT-bit set, J - Join SPT, M - MSDP created entry,

X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,

U - URD, I - Received Source Specific Host Report,

Z - Multicast Tunnel, z - MDT-data group sender,

Y - Joined MDT-data group, y - Sending to MDT-data group,

V - RD & Vector, v - Vector

Outgoing interface flags: H - Hardware switched, A - Assert winner

Timers: Uptime/Expires

Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 224.1.1.1), 00:00:20/stopped, RP 150.1.24.4, flags: SJC

Incoming interface: FastEthernet1/0, RPF nbr 150.1.56.5

Outgoing interface list:

FastEthernet1/1, Forward/Sparse, 00:00:20/00:02:39

(10.1.37.7, 224.1.1.1), 00:00:19/00:02:41, flags: JT

Incoming interface: FastEthernet1/0, RPF nbr 150.1.56.5

Outgoing interface list:

FastEthernet1/1, Forward/Sparse, 00:00:19/00:02:40

(*, 224.0.1.40), 00:00:20/00:02:39, RP 150.1.24.4, flags: SJPCL

Incoming interface: FastEthernet1/0, RPF nbr 150.1.56.5

Outgoing interface list: Null

R6#

INE Vol 1 multicast - Lab 9 - Bootstrap Router

Notes:

Similar to autoRP, BSR has a similar concept to autoRP and Mapping Agent. The "autoRP" equivalent in BSR is "ip pim rp-candidate " and the equivalent to the Mapping Agent is "ip pim bsr-candidate "

Config:

R1 - RP Candidate

interface Loopback0

ip address 150.1.1.1 255.255.255.255

ip pim sparse-mode

!

ip pim rp-candidate Loopback0

R5 - BSR

R5#sh run int l 0

Building configuration...

Current configuration : 85 bytes

!

interface Loopback0

ip address 150.1.5.5 255.255.255.255

ip pim sparse-mode

end

R5#sh run | i bsr

ip pim bsr-candidate Loopback0 0

R5#

INE Vol 1 multicast - Lab 8 - AutoRP and Default RP Placement

Notes:

This lab uses both autoRP and static RP while in Sparse mode. When both are configured, autoRP takes precedence and if for whatever reason the RP info is lost, it falls to the statically configured RP.

You can also limit the groups that a particular RP will be the RP for.

Config:

R2 - the autoRP candidate

!

ip pim rp-address 150.1.2.2 1

ip pim send-rp-announce Loopback0 scope 16

ip pim send-rp-discovery Loopback0 scope 16

!

logging alarm informational

access-list 1 permit 224.0.1.39

access-list 1 permit 224.0.1.40

!

R1-R6 (minus R4), the other PIM routers

!

ip pim rp-address 150.1.2.2 1

!

logging alarm informational

access-list 1 permit 224.0.1.39

access-list 1 permit 224.0.1.40

Verification:

R1#sh ip pim rp mapping

PIM Group-to-RP Mappings

Group(s) 224.0.0.0/4

RP 150.1.2.2 (?), v2v1

Info source: 150.1.2.2 (?), elected via Auto-RP

Uptime: 00:13:45, expires: 00:02:10

Acl: 1, Static

RP: 150.1.2.2 (?)

R1#

Removed autoRP from R2

R1#sh ip pim rp mapping

PIM Group-to-RP Mappings

Acl: 1, Static

RP: 150.1.2.2 (?)

R1#

R1#

INE Vol 1 multicast - Lab 7 - PIM NBMA Mode

Notes:

In this lab, R1 has a frame-relay multipoint interface via the physical serial interface which is to test the use of ip pim nbma mode.

Good Ref

[excerpt]

This PIM feature allows the router to only send packets to those neighbors that want to receive them. A router in PIM NBMA mode treats each remote PIM neighbor as if it were connected to the router through a point-to-point link.

Configs:

R1 - NBMA mode router

R1#sh run

Building configuration...

hostname R1

!

logging message-counter syslog

!

no ip domain lookup

ip multicast-routing

no ipv6 cef

!

interface Loopback0

ip address 150.1.1.1 255.255.255.255

ip pim sparse-mode

!

interface Serial1/0

ip address 150.1.125.1 255.255.255.0

ip pim nbma-mode

ip pim sparse-mode

encapsulation frame-relay

ip ospf network point-to-multipoint

serial restart-delay 0

frame-relay map ip 150.1.125.2 102 broadcast

frame-relay map ip 150.1.125.5 105 broadcast

no frame-relay inverse-arp

!

interface Serial1/1

ip address 150.1.13.1 255.255.255.0

ip pim sparse-mode

serial restart-delay 0

!

router ospf 1

log-adjacency-changes

network 0.0.0.0 255.255.255.255 area 0

!

ip pim rp-address 150.1.1.1

ip pim autorp listener

INE Vol 1 multicast - Lab 6 - AutoRP Listener

Notes:

Autorp listener is used in Sparse mode to ensure that the RP can talk to the Mapping Agent 224.0.1.39 and that the Mapping Agent can talk to the rest of the routers 224.0.1.40, which is accomplished by allowing these 2 groups to speak in Dense mode.

The Lab asks that we do not allow Dense mode fallback however since this is strictly Sparse mode, there is no possibility of this falling back to Dense mode. "no ip pim dm-fallback" should be used in Sparse-Dense mode, to stop the routers from speaking in Dense Mode if RP info is lost, since RPs are not used in Dense mode.

Configs:

No configs necessary as the only difference between Sparse mode and Sparse-Dense mode is "ip pim autorp listener"

Good Ref

*** INE Vol 1 Multicast note. No ip mroute-cache and autorp listener.

Wanted to put a little marker to remember that on the router closest to the Receiver, you need to disable ip mroute-cache.

#no ip mroute-cache

on the interface pointing to the receiver router.

auto-rp listener - to be used in Sparse mode only - enables 224.0.1.39 and .40 the RP candidate and Mapping Agent to use Dense mode to get the RP mappings out to the other routers.

INE Vol 1 multicast - Lab 5 - AutoRP - Multiple Candidate RP

Notes:

The objective of this lab is to use 2 separate routers R2 and R4 for the RPs for different multicast groups, 224.0.0.0/5 and 232.0.0.0/5, respectively. The task also designates only 1 Mapping Agent.

The configuration is the same as the last lab, lab 4, except for designating a group-list on the RPs.

I stumbled when creating the ACL for the group list, instead of using the wild card mask 7.255.255.255, used 31.255.255.255. I should have just done it the right way 8 bits minus 5 bits is 3 bits. 3 bits in decimal is 7.

Configs:

R2 - RP for 224.0.0.0/5

!

ip pim send-rp-announce Loopback0 scope 16 group-list 1

!

logging alarm informational

access-list 1 permit 224.0.0.0 7.255.255.255

R4 - RP for 232.0.0.0/5

ip pim send-rp-announce Loopback0 scope 16 group-list 1

!

logging alarm informational

access-list 1 permit 232.0.0.0 7.255.255.255

Verification:

R6#sh ip mroute

IP Multicast Routing Table

Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,

L - Local, P - Pruned, R - RP-bit set, F - Register flag,

T - SPT-bit set, J - Join SPT, M - MSDP created entry,

X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,

U - URD, I - Received Source Specific Host Report,

Z - Multicast Tunnel, z - MDT-data group sender,

Y - Joined MDT-data group, y - Sending to MDT-data group,

V - RD & Vector, v - Vector

Outgoing interface flags: H - Hardware switched, A - Assert winner

Timers: Uptime/Expires

Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 232.1.1.1), 00:02:21/stopped, RP 150.1.4.4, flags: SJC

Incoming interface: FastEthernet1/0, RPF nbr 150.1.56.5

Outgoing interface list:

FastEthernet1/1, Forward/Sparse-Dense, 00:02:21/00:02:35

(10.1.37.7, 232.1.1.1), 00:00:27/00:02:50, flags: JT

Incoming interface: FastEthernet1/0, RPF nbr 150.1.56.5

Outgoing interface list:

FastEthernet1/1, Forward/Sparse-Dense, 00:00:27/00:02:35

(*, 224.1.1.1), 00:02:22/stopped, RP 150.1.2.2, flags: SJC

Incoming interface: FastEthernet1/0, RPF nbr 150.1.56.5

Outgoing interface list:

FastEthernet1/1, Forward/Sparse-Dense, 00:02:22/00:02:42

(10.1.37.7, 224.1.1.1), 00:00:37/00:02:55, flags: JT

Incoming interface: FastEthernet1/0, RPF nbr 150.1.56.5

Outgoing interface list:

FastEthernet1/1, Forward/Sparse-Dense, 00:00:37/00:02:42

(*, 224.0.1.39), 00:02:40/stopped, RP 0.0.0.0, flags: DC

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list:

FastEthernet1/0, Forward/Sparse-Dense, 00:02:40/00:00:00

(150.1.4.4, 224.0.1.39), 00:00:37/00:02:22, flags: PTX

Incoming interface: FastEthernet1/0, RPF nbr 150.1.56.5

Outgoing interface list: Null

(150.1.2.2, 224.0.1.39), 00:00:39/00:02:20, flags: PTX

Incoming interface: FastEthernet1/0, RPF nbr 150.1.56.5

Outgoing interface list: Null

(*, 224.0.1.40), 00:02:47/stopped, RP 0.0.0.0, flags: DCL

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list:

FastEthernet1/0, Forward/Sparse-Dense, 00:02:47/00:00:00

(150.1.5.5, 224.0.1.40), 00:00:39/00:02:22, flags: PLTX

Incoming interface: FastEthernet1/0, RPF nbr 150.1.56.5

Outgoing interface list: Null

R6#sh ip pim rp mapping

PIM Group-to-RP Mappings

Group(s) 224.0.0.0/5

RP 150.1.2.2 (?), v2v1

Info source: 150.1.5.5 (?), elected via Auto-RP

Uptime: 00:00:43, expires: 00:02:16

Group(s) 232.0.0.0/5

RP 150.1.4.4 (?), v2v1

Info source: 150.1.5.5 (?), elected via Auto-RP

Uptime: 00:00:41, expires: 00:02:17

R6#

INE Vol 1 multicast - Lab 4 - AutoRP

Notes:

Previous lab asked you to use a static rp address, in this lab, the objective is to use Auto RP.

Configure the network to support PIM Sparse Dense mode and designate which router will be the RP and which router the Mapping Agent (can be 1 and the same), usually using a loopback interface.

Configs:

R1 as the RP

R1#sh run

Building configuration...

Current configuration : 2367 bytes

!

hostname R1

no aaa new-model

ip source-route

ip cef

!

no ip domain lookup

ip multicast-routing

no ipv6 cef

!

interface Loopback0

ip address 150.1.1.1 255.255.255.255

ip pim sparse-dense-mode

!

interface Serial1/0

no ip address

encapsulation frame-relay

serial restart-delay 0

no frame-relay inverse-arp

!

interface Serial1/0.12 point-to-point

ip address 150.1.12.1 255.255.255.0

ip pim sparse-dense-mode

snmp trap link-status

frame-relay interface-dlci 102

!

interface Serial1/1

ip address 150.1.13.1 255.255.255.0

ip pim sparse-dense-mode

serial restart-delay 0

!

!

interface FastEthernet2/0

ip address 150.1.15.1 255.255.255.0

ip pim sparse-dense-mode

duplex auto

speed auto

!

router ospf 1

log-adjacency-changes

network 0.0.0.0 255.255.255.255 area 0

!

ip pim send-rp-announce Loopback0 scope 16

!

R5 - Mapping Agent

R5#sh run

Building configuration...

Current configuration : 2331 bytes

!

upgrade fpd auto

version 12.4

hostname R5

ip source-route

ip cef

!

no ip domain lookup

ip multicast-routing

no ipv6 cef

!

multilink bundle-name authenticated

!

interface Loopback0

ip address 150.1.5.5 255.255.255.255

ip pim sparse-dense-mode

!

interface Serial1/0

no ip address

encapsulation frame-relay

serial restart-delay 0

no frame-relay inverse-arp

!

interface Serial1/0.54 point-to-point

ip address 150.1.45.5 255.255.255.0

ip pim sparse-dense-mode

snmp trap link-status

frame-relay interface-dlci 504

!

interface FastEthernet2/0

ip address 150.1.56.5 255.255.255.0

ip pim sparse-dense-mode

duplex auto

speed auto

!

interface FastEthernet2/1

ip address 150.1.15.5 255.255.255.0

ip pim sparse-dense-mode

duplex auto

speed auto

!

router ospf 1

log-adjacency-changes

network 0.0.0.0 255.255.255.255 area 0

!

ip pim send-rp-discovery Loopback0 scope 16

INE Vol 1 multicast - Lab 3 - Multicast RPF Failure

Notes:

This lab tests your understanding regarding uRPF for multicast. R1 and R5 have a high speed link, ie. FastEthernet connecting them, they also have another path through frame-relay and through other routers making it a less preferred path, however, pim isn't configured across the high speed link. This is where multicast gets "broken". Because data traffic will flow through the high speed link and will also carry multicast traffic, you either need to enable PIM on the high speed link OR use static mroutes to point through the less preferred path.

Config:

R1 - R5 have a high speed connection, FastE, with no PIM configured - they also have a low speed connection with PIM configured.

R5#sh run

Building configuration...

Current configuration : 2247 bytes

!

hostname R5

!

ip cef

!

no ip domain lookup

ip multicast-routing

no ipv6 cef

!

multilink bundle-name authenticated

!

interface Loopback0

ip address 150.1.5.5 255.255.255.255

!

interface Serial1/0

no ip address

encapsulation frame-relay

serial restart-delay 0

no frame-relay inverse-arp

!

interface Serial1/0.54 point-to-point

ip address 150.1.45.5 255.255.255.0

ip pim dense-mode

snmp trap link-status

frame-relay interface-dlci 504

!

interface FastEthernet2/0

ip address 150.1.56.5 255.255.255.0

ip pim dense-mode

duplex auto

speed auto

!

interface FastEthernet2/1

ip address 150.1.15.5 255.255.255.0

duplex auto

speed auto

!

router ospf 1

log-adjacency-changes

network 0.0.0.0 255.255.255.255 area 0

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

ip mroute 10.1.37.7 255.255.255.255 Serial1/0.54

Verification:

Before applying the static mroute to R4 and R5

R5#sh ip mroute

IP Multicast Routing Table

Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,

L - Local, P - Pruned, R - RP-bit set, F - Register flag,

T - SPT-bit set, J - Join SPT, M - MSDP created entry,

X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,

U - URD, I - Received Source Specific Host Report,

Z - Multicast Tunnel, z - MDT-data group sender,

Y - Joined MDT-data group, y - Sending to MDT-data group,

V - RD & Vector, v - Vector

Outgoing interface flags: H - Hardware switched, A - Assert winner

Timers: Uptime/Expires

Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 224.0.1.40), 00:00:02/00:02:57, RP 0.0.0.0, flags: DCL

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list:

FastEthernet2/0, Forward/Dense, 00:00:02/00:00:00

Serial1/0.54, Forward/Dense, 00:00:02/00:00:00

R5#

After applying the static mroute to R4 and R5

R5#sh ip mroute

IP Multicast Routing Table

Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,

L - Local, P - Pruned, R - RP-bit set, F - Register flag,

T - SPT-bit set, J - Join SPT, M - MSDP created entry,

X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,

U - URD, I - Received Source Specific Host Report,

Z - Multicast Tunnel, z - MDT-data group sender,

Y - Joined MDT-data group, y - Sending to MDT-data group,

V - RD & Vector, v - Vector

Outgoing interface flags: H - Hardware switched, A - Assert winner

Timers: Uptime/Expires

Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 224.1.1.1), 00:00:14/stopped, RP 0.0.0.0, flags: D

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list:

FastEthernet2/0, Forward/Dense, 00:00:14/00:00:00

Serial1/0.54, Forward/Dense, 00:00:14/00:00:00

(10.1.37.7, 224.1.1.1), 00:00:14/00:02:52, flags: T

Incoming interface: Serial1/0.54, RPF nbr 150.1.45.4, Mroute

Outgoing interface list:

FastEthernet2/0, Forward/Dense, 00:00:14/00:00:00

(*, 224.0.1.40), 00:03:16/00:01:53, RP 0.0.0.0, flags: DCL

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list:

FastEthernet2/0, Forward/Dense, 00:03:16/00:00:00

Serial1/0.54, Forward/Dense, 00:03:16/00:00:00

R5#

INE Vol 1 multicast - Lab 1 & 2 - Dense & Sparse mode

Notes:

Pretty straight forward. Dense uses a PUSH model and floods the mcast traffic whereas sparse uses a PULL model and receivers must join an mcast group.

Dense - you don't need an RP, Sparse - you need an RP, static or auto.

Lab is scheduled.

Scheduled the lab... no turning back now :)

INE Vol 1 - Second Pass (minus Multicast) completed

Finished 26 labs of INE Vol1, still have to do the Multicast labs but thought I'd give my thoughts on these so far.

Overall, these labs certainly focused more on MPLS VPNs and their capabilities, applications, etc. then IPX Vol 1. I think I can get through 90% of them just by looking at the diagram and the Objective which I take is a good sign that I can infer whats needed.

I plan on going over everything again, doing an assessment of where I am in relation to the blue print and then tackling another workbook. Reviewing MPLS Fundamentals. And finally tackling the Vol 2 labs.

INE Vol 1 - Lab 26 - Multicast over MPLS VPNs ?

Notes:

For the second time, I couldn't get the tunnel to show up on PE R3 when executing a "show ip pim vrf SW1-SW2 neighbor"

I see the tunnel interface as up/up but I can't seem to see the other end, R6 the remote PE, as neighbor through the tunnel.

I did a show ip pim mdt and shows the loopback.

Not sure what's wrong...

Configs:

R3 -PE

hostname R3

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

!

no aaa new-model

ip source-route

ip cef

!

no ip domain lookup

ip vrf SW1-SW2

rd 1:2

route-target export 1:2

route-target import 1:2

mdt default 232.0.0.1

!

ip multicast-routing

ip multicast-routing vrf SW1-SW2

no ipv6 cef

!

interface Loopback0

ip address 150.1.3.3 255.255.255.255

ip router isis

ip pim sparse-mode

!

interface FastEthernet0/0

no ip address

shutdown

duplex half

!

interface Serial1/0

ip address 150.1.13.3 255.255.255.0

ip router isis

ip pim sparse-mode

mpls ip

serial restart-delay 0

!

interface FastEthernet2/0

ip vrf forwarding SW1-SW2

ip address 10.1.37.3 255.255.255.0

ip pim sparse-mode

duplex auto

speed auto

!

interface FastEthernet2/1

no ip address

shutdown

duplex auto

speed auto

!

router isis

net 00.0000.0000.0003.00

is-type level-2-only

log-adjacency-changes

!

router rip

!

address-family ipv4 vrf SW1-SW2

redistribute bgp 100 metric 1

network 10.0.0.0

no auto-summary

version 2

exit-address-family

!

router bgp 100

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 150.1.6.6 remote-as 100

neighbor 150.1.6.6 update-source Loopback0

!

address-family vpnv4

neighbor 150.1.6.6 activate

neighbor 150.1.6.6 send-community extended

exit-address-family

!

address-family ipv4 vrf SW1-SW2

redistribute rip

no synchronization

exit-address-family

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

ip pim ssm default

ip pim vrf SW1-SW2 rp-address 10.1.37.7

!

R6 - PE router

hostname R6

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

!

no aaa new-model

ip source-route

ip cef

!

!

!

!

no ip domain lookup

ip vrf SW1-SW2

rd 1:2

route-target export 1:2

route-target import 1:2

mdt default 232.0.0.1

!

ip multicast-routing

ip multicast-routing vrf SW1-SW2

no ipv6 cef

!

interface Loopback0

ip address 150.1.6.6 255.255.255.255

ip router isis

ip pim sparse-mode

!

interface FastEthernet0/0

no ip address

shutdown

duplex half

!

interface FastEthernet1/0

ip address 150.1.56.6 255.255.255.0

ip router isis

ip pim sparse-mode

duplex auto

speed auto

mpls ip

!

interface FastEthernet1/1

ip vrf forwarding SW1-SW2

ip address 10.1.68.6 255.255.255.0

ip pim sparse-mode

duplex auto

speed auto

!

router isis

net 00.0000.0000.0006.00

is-type level-2-only

log-adjacency-changes

!

router rip

!

address-family ipv4 vrf SW1-SW2

redistribute bgp 100 metric 1

network 10.0.0.0

no auto-summary

version 2

exit-address-family

!

router bgp 100

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 150.1.3.3 remote-as 100

neighbor 150.1.3.3 update-source Loopback0

!

address-family vpnv4

neighbor 150.1.3.3 activate

neighbor 150.1.3.3 send-community extended

exit-address-family

!

address-family ipv4 vrf SW1-SW2

redistribute rip

no synchronization

exit-address-family

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

ip pim ssm default

ip pim vrf SW1-SW2 rp-address 10.1.37.7

!

INE Vol 1 - Lab 25 - MPLS QoS

Notes:

QoS in MPLS is similar to doing a translation on PEs.

The objective was to guarantee 640 kbps of Voice traffic as a priority through the SP. Therefor, on the PEs, you need to classify VOIP coming from the CE and also VOIP-Translated coming from the P. Keep in mind that within the MPLS VPN, the labels carry EXP bits (3) so with the SP network you should be dealing with EXP exclusively.

Config:

R3 - PE router

class-map match-all VoIP

match access-group name VoIP

class-map match-all QOS_GROUP_5

match qos-group 5

class-map match-all MPLS_EXP_5

match mpls experimental topmost 5

policy-map TO_P

class MPLS_EXP_5

priority 640

class MPLS_EXP_1

bandwidth 1000

random-detect

policy-map FROM_P

class MPLS_EXP_5

set qos-group 5

class MPLS_EXP_1

set qos-group 1

policy-map TO_CE

class QOS_GROUP_5

priority 640

class QOS_GROUP_1

bandwidth 1000

random-detect

policy-map FROM_CE

class VoIP

set qos-group 5

set mpls experimental imposition 5

class class-default

set qos-group 1

set mpls experimental imposition 1

INE Vol 1 - Lab 24 - MPLS TE Unequal Cost Load Balancing

Notes:

The objective asks you to configure TE tunnels with a total of 10 Mbps between 2 PE routers, R3 and R4. One third of the traffic between these PEs need to transit thru R5.

In order to accomplish this, I created to TE tunnels, Tun 0 and Tun 1, both explicit paths. Tun 0 bypassed R5 and Tun 1 went thru R5. The setup is identical until you get to the tunnels bandwidth statement. Since 1/3 has to go through R5, tunnel 1 has a bandwidth of 3333 kbps and tunnel 0 has 6667 kbps.

This is a good exercise to show that the RSVP Total BW is 10 Mbps so the sum of the individual tunnel bandwidths must be no more then 10 Mbps. This also achieves unequal cost load balancing via the bandwidth statements.

Config:

R3 - PE and TE Head End

interface Loopback0

ip address 150.1.3.3 255.255.255.255

!

interface Tunnel0

ip unnumbered Loopback0

tunnel destination 150.1.4.4

tunnel mode mpls traffic-eng

tunnel mpls traffic-eng autoroute announce

tunnel mpls traffic-eng priority 3 3

tunnel mpls traffic-eng bandwidth 6667

tunnel mpls traffic-eng path-option 1 explicit name THRU_R4

no routing dynamic

!

interface Tunnel1

ip unnumbered Loopback0

tunnel destination 150.1.4.4

tunnel mode mpls traffic-eng

tunnel mpls traffic-eng autoroute announce

tunnel mpls traffic-eng priority 3 3

tunnel mpls traffic-eng bandwidth 3333

tunnel mpls traffic-eng path-option 1 explicit name THRU_R5

no routing dynamic

!

interface Serial1/0

bandwidth 155000

ip address 150.1.13.3 255.255.255.0

mpls traffic-eng tunnels

mpls ip

fair-queue 64 256 313

serial restart-delay 0

ip rsvp bandwidth 10000

!

interface FastEthernet2/0

ip vrf forwarding SW1-SW2

ip address 10.1.37.3 255.255.255.0

duplex auto

speed auto

!

router ospf 1

mpls traffic-eng router-id Loopback0

mpls traffic-eng area 0

log-adjacency-changes

network 150.1.0.0 0.0.255.255 area 0

!

router bgp 1

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 150.1.4.4 remote-as 1

neighbor 150.1.4.4 update-source Loopback0

!

address-family vpnv4

neighbor 150.1.4.4 activate

neighbor 150.1.4.4 send-community extended

neighbor 150.1.4.4 next-hop-self

exit-address-family

!

address-family ipv4 vrf SW1-SW2

neighbor 10.1.37.7 remote-as 2

neighbor 10.1.37.7 activate

no synchronization

exit-address-family

!

ip explicit-path name THRU_R4 enable

next-address 150.1.13.1

next-address 150.1.12.2

next-address 150.1.24.4

next-address 150.1.4.4

!

ip explicit-path name THRU_R5 enable

next-address 150.1.13.1

next-address 150.1.12.2

next-address 150.1.25.5

next-address 10.1.45.4

next-address 150.1.4.4

INE Vol 1 - Lab 23 - MPLS TE Explicit PE to PE tunnels

Notes:

*** Rule of thumb to simplify this configuration. After the MPLS VPN network is setup, think of it as overlaying TE on top. Go from General to Specific, meaning General = enabling MPLS TE on a global level, router wide. Then go to more Specific, like enabling MPLS TE in the link state IGP routing protocol, and then even more specific on the interfaces enabling RSVP and TE and then last step create the tunnel interfaces.

This lab is identical to the previous except for the TE tunnels using an explicit path list, hop by hop list, instead of a dynamic path like the last lab.

REMEMBER, the next-address is the next hop's inbound interface (looking from a downstream perspective).

Config:

R3 - PE and Tunnel head end

R3#sh run | b ipv6

no ipv6 cef

!

multilink bundle-name authenticated

mpls traffic-eng tunnels

!

interface Loopback0

ip address 150.1.3.3 255.255.255.255

!

interface Tunnel0

ip unnumbered Loopback0

tunnel destination 150.1.4.4

tunnel mode mpls traffic-eng

tunnel mpls traffic-eng autoroute announce

tunnel mpls traffic-eng priority 4 4

tunnel mpls traffic-eng bandwidth 10000

tunnel mpls traffic-eng path-option 1 explicit name PATH

no routing dynamic

!

interface FastEthernet0/0

no ip address

shutdown

duplex half

!

interface Serial1/0

bandwidth 155000

ip address 150.1.13.3 255.255.255.0

mpls traffic-eng tunnels

mpls ip

fair-queue 64 256 313

serial restart-delay 0

ip rsvp bandwidth 10000

!

interface FastEthernet2/0

ip vrf forwarding SW1-SW2

ip address 10.1.37.3 255.255.255.0

duplex auto

speed auto

!

router ospf 1

mpls traffic-eng router-id Loopback0

mpls traffic-eng area 0

log-adjacency-changes

network 150.1.0.0 0.0.255.255 area 0

!

router bgp 1

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 150.1.4.4 remote-as 1

neighbor 150.1.4.4 update-source Loopback0

!

address-family vpnv4

neighbor 150.1.4.4 activate

neighbor 150.1.4.4 send-community extended

neighbor 150.1.4.4 next-hop-self

exit-address-family

!

address-family ipv4 vrf SW1-SW2

neighbor 10.1.37.7 remote-as 2

neighbor 10.1.37.7 activate

no synchronization

exit-address-family

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

!

ip explicit-path name PATH enable

next-address 150.1.13.1

next-address 150.1.12.2

next-address 150.1.25.5

next-address 10.1.45.4

next-address 150.1.4.4

!

logging alarm informational

!

INE Vol 1 - Lab 22 MPLS TE - Dynamic PE to PE tunnels

Notes:

Remember to configure the bandwidth statement on serial interfaces, this is especially important if you plan on using RSVP and reserving a large amount of BW because you won't be able to reserve say 10 Megs if the serial link is only 1.5 Meg.

Summary of configuration steps:

1. Enable MPLS Traffic Engineering tunnels globally

2. Ensure the Link State protocol is configured to support Traffic Engineering Tunnels and remember to use a /32 router-id loopback for MPLS TE

3. Ensure the links are configured for RSVP and MPLS TE

4. Create Tunnel Interfaces; use ip unnumbered for address, set a tunnel destination IP (the other loopback), autoroute announce so the tunnel is in the IGP, set bandwith, priority, and path-options.

Don't forget that the destination IPs need to be in IGP as well as do the MPLS TE router-ids. And that TE is unidirectional.

Configs:

R3 - PE and Tunnel Head End

R3#sh run | b no ipv6

no ipv6 cef

!

multilink bundle-name authenticated

mpls traffic-eng tunnels

!

archive

log config

hidekeys

!

interface Loopback0

ip address 150.1.3.3 255.255.255.255

!

interface Tunnel0

ip unnumbered Loopback0

tunnel destination 150.1.4.4

tunnel mode mpls traffic-eng

tunnel mpls traffic-eng autoroute announce

tunnel mpls traffic-eng priority 6 6

tunnel mpls traffic-eng bandwidth 10000

tunnel mpls traffic-eng path-option 1 dynamic

!

interface FastEthernet0/0

no ip address

shutdown

duplex half

!

interface Serial1/0

bandwidth 155000

ip address 150.1.13.3 255.255.255.0

mpls traffic-eng tunnels

mpls ip

serial restart-delay 0

ip rsvp bandwidth 155000 155000

interface FastEthernet2/0

ip vrf forwarding SW1-SW2

ip address 10.1.37.3 255.255.255.0

duplex auto

speed auto

!

router ospf 1

mpls traffic-eng router-id Loopback0

mpls traffic-eng area 0

log-adjacency-changes

network 150.1.0.0 0.0.255.255 area 0

!

router bgp 1

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 150.1.4.4 remote-as 1

neighbor 150.1.4.4 update-source Loopback0

!

address-family vpnv4

neighbor 150.1.4.4 activate

neighbor 150.1.4.4 send-community extended

neighbor 150.1.4.4 next-hop-self

exit-address-family

!

address-family ipv4 vrf SW1-SW2

neighbor 10.1.37.7 remote-as 2

neighbor 10.1.37.7 activate

no synchronization

exit-address-family

!

ip forward-protocol nd

Verify:

R3#sh mpls traffic-eng tunnels brief

Signalling Summary:

LSP Tunnels Process: running

Passive LSP Listener: running

RSVP Process: running

Forwarding: enabled

Periodic reoptimization: every 3600 seconds, next in 1716 seconds

Periodic FRR Promotion: Not Running

Periodic auto-bw collection: every 300 seconds, next in 216 seconds

TUNNEL NAME DESTINATION UP IF DOWN IF STATE/PROT

R3_t0 150.1.4.4 - Se1/0 up/up

R4_t0 150.1.3.3 Se1/0 - up/up

Displayed 1 (of 1) heads, 0 (of 0) midpoints, 1 (of 1) tails

R3#

Good Reference

INE Vol 1 - Lab 21 - Controlling MPLS Label Distribution

Notes:

This lab asks you to limit the traffic that should be label switched. It states that only traffic between R3 and R6's (the PEs) Loopbacks should be label switched. In order to do so, on the PE and P nodes, use 'mpls ldp advertise-labels for #' and an ACL to limit what prefixes are allowed to be labeled and what prefixes are not.

Config:

R1 - P node

R1#sh run | i 99

mpls ldp advertise-labels for 99

access-list 99 permit 150.1.3.3

access-list 99 permit 150.1.6.6

access-list 99 deny any log

R1#

INE Vol 1 - Lab 20 - VRF Lite

Notes:

It IS pretty straight forward, except for the fact that in GNS3, I used a single serial interface with 2 sub interfaces to another router. HDLC, nothing fancy, but wasn't able to ping on the sub-interfaces. I ended up making a separate physical connection for R3 to R1 and my configuration worked.

On point, this lab demonstrated the use of VRF lite to use a Managed CE with sub interfaces to the PE and segment traffic.

INE Vol 1 - Lab 19 - CSC Hierarchical MPLS VPNs

Notes:

Fairly similar to the previous lab, same concepts with supporting more then 1 Enterprise end customer.

I would recommend review Lab 17 as it's not as intuitive as 18 or 19.

INE Vol 1 - Lab 18 - CSC MPLS enabled Customer Carrier

Notes:

This Lab was much more intuitive, probably from struggling and figuring out the previous lab, and I was able to configure the topology without viewing the instructions. From the Objective and from the diagram, I understood that the Customer Carrier was supporting MPLS and MPLS VPNs, the Provider Carrier didn't change much as they too support MPLS VPNs. Providing IGP transport for R3 and R6, the Customer Carrier's PE routers, was straight forward. Since R3 and R6 participate in OSPF and R2 and R4's link into OSPF was through a VRF, redistribution for Carrier Providers PE's was necessary. Once R3 had reachability to R6, vpnv4 iBGP was established spanning the Provider Carrier's network. Finally, putting the Customer PE interfaces into a vrf for PE-CE connectivity and establishing eBGP with the Enterprise client routers, full reachability was established.

Remember to ensure MPLS is enabled through out the network up until the Enterprise connectivity links.

Configs:

R2 - Provider Carrier's PE

R2#srb

router ospf 100 vrf AS1

log-adjacency-changes

redistribute bgp 2 subnets

network 150.1.12.2 0.0.0.0 area 0

!

router ospf 1

log-adjacency-changes

network 150.1.24.2 0.0.0.0 area 0

!

router bgp 2

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 150.1.24.4 remote-as 2

!

address-family vpnv4

neighbor 150.1.24.4 activate

neighbor 150.1.24.4 send-community extended

exit-address-family

!

address-family ipv4 vrf AS1

redistribute ospf 100 vrf AS1

no synchronization

exit-address-family

R3 - Customer Carrier's PE

R3#srb

router ospf 1

log-adjacency-changes

network 150.1.3.3 0.0.0.0 area 0

network 150.1.13.3 0.0.0.0 area 0

!

router bgp 1

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 150.1.6.6 remote-as 1

neighbor 150.1.6.6 update-source Loopback0

!

address-family vpnv4

neighbor 150.1.6.6 activate

neighbor 150.1.6.6 send-community extended

neighbor 150.1.6.6 next-hop-self

exit-address-family

!

address-family ipv4 vrf CUST

neighbor 10.1.37.7 remote-as 65001

neighbor 10.1.37.7 activate

no synchronization

exit-address-family

!

INE Vol 1 - Lab 17 - CSC IP only Customer Carrier

Notes:

The purpose of this lab was to utilize another carrier as transport for a customer carrier to provide IP services to their end customers, presumably enterprise clients. The SP carrier uses R2 and R4 and BGP between them as well as MPLS and MPLS VPNs down to R1 and R5 (the customer carrier's upstream routers). Being how this is an "IP Only" Customer Carrier BGP was only ipv4, however, R2 and R4 were VPNv4 for label transport/MPLS VPN.

I attempted to configure this lab and all the previous labs just from the Objective and the diagram without reading the specific tasks, this one was a difficult in doing that because the peering between BGP ASes was evident from the diagram. I ended up trying to peer AS1 and AS2 but instead should have redistributed OSPF vrf into ipv4 bgp vrf... etc.

This is a great lab to review again.

Configs:

R2 - SP Carrier Router

R2#sri s1/0.21

Building configuration...

Current configuration : 172 bytes

!

interface Serial1/0.21 point-to-point

ip vrf forwarding AS1

ip address 150.1.12.2 255.255.255.0

snmp trap link-status

mpls ip

frame-relay interface-dlci 201

end

R2#sri f2/0

Building configuration...

Current configuration : 104 bytes

!

interface FastEthernet2/0

ip address 150.1.24.2 255.255.255.0

duplex auto

speed auto

mpls ip

end

R2#srb

router ospf 1 vrf AS1

log-adjacency-changes

redistribute bgp 2 subnets

network 150.1.12.2 0.0.0.0 area 0

!

router ospf 100

log-adjacency-changes

network 150.1.24.2 0.0.0.0 area 0

!

router bgp 2

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 150.1.12.1 remote-as 1

neighbor 150.1.24.4 remote-as 2

!

address-family vpnv4

neighbor 150.1.24.4 activate

neighbor 150.1.24.4 send-community extended

exit-address-family

!

address-family ipv4 vrf AS1

redistribute ospf 1 vrf AS1

no synchronization

exit-address-family

R1 - Customer Carrier Router

R1#sri s1/0.12

Building configuration...

Current configuration : 149 bytes

!

interface Serial1/0.12 point-to-point

ip address 150.1.12.1 255.255.255.0

snmp trap link-status

mpls ip

frame-relay interface-dlci 102

end

R1#sri s1/1

Building configuration...

Current configuration : 88 bytes

!

interface Serial1/1

ip address 150.1.13.1 255.255.255.0

serial restart-delay 0

end

R1#srb

router ospf 1

log-adjacency-changes

network 0.0.0.0 255.255.255.255 area 0

!

router bgp 1

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 150.1.2.2 remote-as 2

neighbor 150.1.2.2 update-source Loopback0

neighbor 150.1.5.5 remote-as 1

neighbor 150.1.5.5 update-source Loopback0

neighbor 150.1.13.3 remote-as 1

!

address-family ipv4

neighbor 150.1.5.5 activate

neighbor 150.1.5.5 route-reflector-client

neighbor 150.1.13.3 activate

neighbor 150.1.13.3 route-reflector-client

no auto-summary

no synchronization

exit-address-family

R3 - Customer Provider Edge Router

R3#srb

router ospf 1

log-adjacency-changes

network 150.1.3.3 0.0.0.0 area 0

network 150.1.13.3 0.0.0.0 area 0

!

router bgp 1

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 10.1.37.7 remote-as 65001

neighbor 150.1.13.1 remote-as 1

!

address-family ipv4

neighbor 10.1.37.7 activate

neighbor 150.1.13.1 activate

neighbor 150.1.13.1 next-hop-self

no auto-summary

no synchronization

exit-address-family

!

INE Vol 1 - Lab 16 - Inter-AS MPLS VPNs with Multihop MP-eBGP for VPNv4 Exchange

Notes:

The last 3 labs have been a similar problem with 3 different solutions. This one uses MP-eBGP to peer across different ASes for PEs (that are in different ASes). In order to accomplish this, the ipv4 bgp peering between R2 and R4 need to advertise the loopbacks of R3 and R6 (PE in AS1 and PE in AS2, respectively), they also need to advertise or redistribute into the IGP so the R3 and R6 can know of each other's loopback for MP-eBGP multihop peering. Don't forget to send-label for ipv4 peering. Finally, VPNv4 peer between R3 and R6.

Configs:

R2 - AS1 ipv4 peering point to AS2

R2#sh run | b router

router ospf 1

log-adjacency-changes

redistribute bgp 1 subnets route-map LOOP6

network 150.1.2.2 0.0.0.0 area 0

network 150.1.12.2 0.0.0.0 area 0

!

router bgp 1

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 150.1.24.4 remote-as 2

!

address-family ipv4

neighbor 150.1.24.4 activate

neighbor 150.1.24.4 send-label

no auto-summary

no synchronization

network 150.1.3.3 mask 255.255.255.255

exit-address-family

!

R4 - AS2 ipv4 peering point to R2

router isis

net 00.0000.0000.0004.00

is-type level-2-only

redistribute bgp 2 route-map LOOP3

!

router bgp 2

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 150.1.24.2 remote-as 1

!

address-family ipv4

neighbor 150.1.24.2 activate

neighbor 150.1.24.2 send-label

no auto-summary

no synchronization

network 150.1.6.6 mask 255.255.255.255

exit-address-family

!

R3 - AS1 PE - ebgp vpnv4 multihop peering to R6

!

router bgp 1

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 150.1.6.6 remote-as 2

neighbor 150.1.6.6 ebgp-multihop 255

neighbor 150.1.6.6 update-source Loopback0

!

address-family vpnv4

neighbor 150.1.6.6 activate

neighbor 150.1.6.6 send-community extended

exit-address-family

R6 - AS2 PE - ebgp vpnv4 multihop peering to R3

router bgp 2

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 150.1.3.3 remote-as 1

neighbor 150.1.3.3 ebgp-multihop 255

neighbor 150.1.3.3 update-source Loopback0

!

address-family vpnv4

neighbor 150.1.3.3 activate

neighbor 150.1.3.3 send-community extended

exit-address-family

!