Thursday, August 26, 2010

OL - ISIS

Notes:

I've been working through ISIS since I'm not very familiar with it. ISIS by default creates Level 1 (intra area) and Level 2 (inter area) adjacencies with other ISIS routers. You can limit the type on a per interface level ['isis circuit-type'] or on a per process level ['is-type']. Same with authentication, you can do on s per link or on a per process level and authentication supports clear text as well as MD5 hash.

Level 2 is considered the 'backbone' area as all other level1 router need to connect and transit a level 2 area to get to another level 1 router. Level 1-2 routers automatically redistribute level1 prefixes into level 2. In order to redistribute Level 2 into Level 1 you need to configure 'redistribute isis ip level-2 into level-1 route-map/distribute-list'. The route-map doesn't need to contain any entries, it just needs to exist.

Default-information originate by default will originate only a L2 default, in order to generate and L1 default create a route-map, set level level-1 and then append the route map to the default-information originate.

Metrics, without metric-style wide configured, isis defaults to max metric of 63, enabling wide metrics lets you go far beyond that. The default metric of any interface is 10 and can be changed.

Priority, the default priority is 64 with the max being 127. Priority is used to determine who will be the DIS on a multi access segment like ethernet.

Summary-address, can summarize groups of addresses for a given level. The metric used to advertise the summary is the smallest metric of all the more specific routes.



Monday, August 23, 2010

OL - PPPoE

Notes:

PPPoE can be configured in a many different ways. One of the simplest is demonstrated here. R1 is the client and R2 is the server.

Summary Steps:
Order of Operation is important!

For the client:
1. under the FastE interface, enable pppoe 'pppoe-enable'
2. create a dialer interface, assign an IP, encaps PPP, and associate the this interface to a dialer pool
3. under the FastE interface, associate this interface to the dialer pool

For the server:
1. enable vpdn 'vpdn enable', create a vpdn-group 'vpdn-group CISCO', under the group 'accept-dailin' to make it a server, designate a virtual-template 'virtual-template 1' and configure the protocol to pppoe 'protocol pppoe'
2. configure the virtual-template with an IP (note the default encaps for the Virtual template is ppp)
3. under the FastE interface, enable pppoe.
Config:
R1
interface FastEthernet1/0
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dialer1
ip address 150.1.12.1 255.255.255.0
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent

R2
vpdn enable
!
vpdn-group CISCO
! Default L2TP VPDN group
accept-dialin
protocol pppoe
virtual-template 1
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
pppoe enable group global
!
interface Virtual-Template1
ip address 150.1.12.2 255.255.255.0
!

For DocCD reference, under 12.2 configuration guides, Wide-Area Networking, Configuring Broadband Access... [DocCD Ref]

Sunday, August 22, 2010

INE Vol 1 multicast - Lab 12 - Multicast BGP

Notes:

Nothing really to difficult here. This lab uses AFI and SAFI for ipv4 multicast.

Some things to note:
1. On the router connecting to the receiver, disable ip mroute-cache.
2. Disabling Fast Switching via the "no ip route-cache" command helps ensure that the packets are process switched.


INE Vol 1 multicast - Lab 11 - Anycast RP

Notes:

This lab demonstrates an application of MSDP by using AnycastRP in a single PIM-SM domain. AnycastRP is used to provide RP redundancy within a PIM-SM domain and can provide load balancing.

Anycast RP uses an additional loopback on 2 or more routers with the same /32 ip address. This IP address is now the IP for the RP and must be known to all PIM-SM routers either via a static rp, autorp, or bsr.

MSDP is used to connect the 2 or more routers with this additional loopback so they can exchange RP source information.

The same reference as the last lab provides a better description and details.


Config:
R1 and R5 as the RP using AnycastRP (similar config on R5)

hostname R1
!
no ip domain lookup
ip multicast-routing
no ipv6 cef
!
multilink bundle-name authenticated
!
interface Loopback0
ip address 150.1.1.1 255.255.255.255
!
interface Loopback1
ip address 150.1.255.255 255.255.255.255
!
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
!
interface Serial1/0.12 point-to-point
ip address 150.1.12.1 255.255.255.0
ip pim sparse-mode
snmp trap link-status
frame-relay interface-dlci 102
!
interface Serial1/1
ip address 150.1.13.1 255.255.255.0
ip pim sparse-mode
serial restart-delay 0
!
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
ip pim rp-address 150.1.255.255
ip msdp peer 150.1.5.5 connect-source Loopback0


INE Vol 1 multicast - Lab 10 - MSDP

Notes:

This Lab deals with MSDP, Multicast Source Discovery Protocol, which allows RPs in different domains to exchange information about Multicast Sources. This is used in PIM Sparse mode. Since RPs know about the receivers in its own domains but couldn't know about sources in other domains, MSDP is used to exchange the information about sources so that multicast traffic can flow between domains. Below is a good description on MSDP.


Config:
R2 and R4 are RPs for their respective PIM Sparse multicast domains, they are also edge routers in their own domains and peer via eBGP.

hostname R2
!
no ip domain lookup
ip multicast-routing
!
interface Loopback0
ip address 150.1.2.2 255.255.255.255
!
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
!
interface Serial1/0.21 point-to-point
ip address 150.1.12.2 255.255.255.0
ip pim sparse-mode
snmp trap link-status
frame-relay interface-dlci 201
!
interface FastEthernet2/0
ip address 150.1.24.2 255.255.255.0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 150.1.2.2 0.0.0.0 area 0
network 150.1.12.2 0.0.0.0 area 0
default-information originate always
!
router bgp 1
no synchronization
bgp log-neighbor-changes
redistribute ospf 1
neighbor 150.1.24.4 remote-as 2
no auto-summary
!
ip pim rp-address 150.1.24.2
ip msdp peer 150.1.24.4 remote-as 2

R4
hostname R4
!
no ip domain lookup
ip multicast-routing
!
interface Loopback0
ip address 150.1.4.4 255.255.255.255
!
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
!
interface Serial1/0.45 point-to-point
ip address 150.1.45.4 255.255.255.0
ip pim sparse-mode
snmp trap link-status
frame-relay interface-dlci 405
!
interface FastEthernet2/0
ip address 150.1.24.4 255.255.255.0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 150.1.4.4 0.0.0.0 area 0
network 150.1.45.4 0.0.0.0 area 0
default-information originate always
!
router bgp 2
no synchronization
bgp log-neighbor-changes
redistribute ospf 1
neighbor 150.1.24.2 remote-as 1
no auto-summary
!
ip pim rp-address 150.1.24.4
ip msdp peer 150.1.24.2

Verification:
R6 - router closest to the receiver

R6#sh ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group,
V - RD & Vector, v - Vector
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 224.1.1.1), 00:00:20/stopped, RP 150.1.24.4, flags: SJC
Incoming interface: FastEthernet1/0, RPF nbr 150.1.56.5
Outgoing interface list:
FastEthernet1/1, Forward/Sparse, 00:00:20/00:02:39

(10.1.37.7, 224.1.1.1), 00:00:19/00:02:41, flags: JT
Incoming interface: FastEthernet1/0, RPF nbr 150.1.56.5
Outgoing interface list:
FastEthernet1/1, Forward/Sparse, 00:00:19/00:02:40

(*, 224.0.1.40), 00:00:20/00:02:39, RP 150.1.24.4, flags: SJPCL
Incoming interface: FastEthernet1/0, RPF nbr 150.1.56.5
Outgoing interface list: Null

R6#

Saturday, August 21, 2010

INE Vol 1 multicast - Lab 9 - Bootstrap Router

Notes:

Similar to autoRP, BSR has a similar concept to autoRP and Mapping Agent. The "autoRP" equivalent in BSR is "ip pim rp-candidate " and the equivalent to the Mapping Agent is "ip pim bsr-candidate "

Config:
R1 - RP Candidate

interface Loopback0
ip address 150.1.1.1 255.255.255.255
ip pim sparse-mode
!
ip pim rp-candidate Loopback0

R5 - BSR

R5#sh run int l 0
Building configuration...

Current configuration : 85 bytes
!
interface Loopback0
ip address 150.1.5.5 255.255.255.255
ip pim sparse-mode
end

R5#sh run | i bsr
ip pim bsr-candidate Loopback0 0
R5#

INE Vol 1 multicast - Lab 8 - AutoRP and Default RP Placement

Notes:

This lab uses both autoRP and static RP while in Sparse mode. When both are configured, autoRP takes precedence and if for whatever reason the RP info is lost, it falls to the statically configured RP.

You can also limit the groups that a particular RP will be the RP for.

Config:
R2 - the autoRP candidate
!
ip pim rp-address 150.1.2.2 1
ip pim send-rp-announce Loopback0 scope 16
ip pim send-rp-discovery Loopback0 scope 16
!
logging alarm informational
access-list 1 permit 224.0.1.39
access-list 1 permit 224.0.1.40
!

R1-R6 (minus R4), the other PIM routers
!
ip pim rp-address 150.1.2.2 1
!
logging alarm informational
access-list 1 permit 224.0.1.39
access-list 1 permit 224.0.1.40

Verification:
R1#sh ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/4
RP 150.1.2.2 (?), v2v1
Info source: 150.1.2.2 (?), elected via Auto-RP
Uptime: 00:13:45, expires: 00:02:10
Acl: 1, Static
RP: 150.1.2.2 (?)
R1#

Removed autoRP from R2
R1#sh ip pim rp mapping
PIM Group-to-RP Mappings

Acl: 1, Static
RP: 150.1.2.2 (?)
R1#
R1#

INE Vol 1 multicast - Lab 7 - PIM NBMA Mode

Notes:

In this lab, R1 has a frame-relay multipoint interface via the physical serial interface which is to test the use of ip pim nbma mode.


[excerpt]
This PIM feature allows the router to only send packets to those neighbors that want to receive them. A router in PIM NBMA mode treats each remote PIM neighbor as if it were connected to the router through a point-to-point link.

Configs:
R1 - NBMA mode router

R1#sh run
Building configuration...

hostname R1
!
logging message-counter syslog
!
no ip domain lookup
ip multicast-routing
no ipv6 cef
!
interface Loopback0
ip address 150.1.1.1 255.255.255.255
ip pim sparse-mode
!
interface Serial1/0
ip address 150.1.125.1 255.255.255.0
ip pim nbma-mode
ip pim sparse-mode
encapsulation frame-relay
ip ospf network point-to-multipoint
serial restart-delay 0
frame-relay map ip 150.1.125.2 102 broadcast
frame-relay map ip 150.1.125.5 105 broadcast
no frame-relay inverse-arp
!
interface Serial1/1
ip address 150.1.13.1 255.255.255.0
ip pim sparse-mode
serial restart-delay 0
!
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
ip pim rp-address 150.1.1.1
ip pim autorp listener

INE Vol 1 multicast - Lab 6 - AutoRP Listener

Notes:

Autorp listener is used in Sparse mode to ensure that the RP can talk to the Mapping Agent 224.0.1.39 and that the Mapping Agent can talk to the rest of the routers 224.0.1.40, which is accomplished by allowing these 2 groups to speak in Dense mode.

The Lab asks that we do not allow Dense mode fallback however since this is strictly Sparse mode, there is no possibility of this falling back to Dense mode. "no ip pim dm-fallback" should be used in Sparse-Dense mode, to stop the routers from speaking in Dense Mode if RP info is lost, since RPs are not used in Dense mode.

Configs:
No configs necessary as the only difference between Sparse mode and Sparse-Dense mode is "ip pim autorp listener"

Good Ref

*** INE Vol 1 Multicast note. No ip mroute-cache and autorp listener.

Wanted to put a little marker to remember that on the router closest to the Receiver, you need to disable ip mroute-cache.

#no ip mroute-cache

on the interface pointing to the receiver router.

auto-rp listener - to be used in Sparse mode only - enables 224.0.1.39 and .40 the RP candidate and Mapping Agent to use Dense mode to get the RP mappings out to the other routers.

INE Vol 1 multicast - Lab 5 - AutoRP - Multiple Candidate RP

Notes:

The objective of this lab is to use 2 separate routers R2 and R4 for the RPs for different multicast groups, 224.0.0.0/5 and 232.0.0.0/5, respectively. The task also designates only 1 Mapping Agent.

The configuration is the same as the last lab, lab 4, except for designating a group-list on the RPs.

I stumbled when creating the ACL for the group list, instead of using the wild card mask 7.255.255.255, used 31.255.255.255. I should have just done it the right way 8 bits minus 5 bits is 3 bits. 3 bits in decimal is 7.

Configs:
R2 - RP for 224.0.0.0/5
!
ip pim send-rp-announce Loopback0 scope 16 group-list 1
!
logging alarm informational
access-list 1 permit 224.0.0.0 7.255.255.255

R4 - RP for 232.0.0.0/5
ip pim send-rp-announce Loopback0 scope 16 group-list 1
!
logging alarm informational
access-list 1 permit 232.0.0.0 7.255.255.255


Verification:
R6#sh ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group,
V - RD & Vector, v - Vector
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 232.1.1.1), 00:02:21/stopped, RP 150.1.4.4, flags: SJC
Incoming interface: FastEthernet1/0, RPF nbr 150.1.56.5
Outgoing interface list:
FastEthernet1/1, Forward/Sparse-Dense, 00:02:21/00:02:35

(10.1.37.7, 232.1.1.1), 00:00:27/00:02:50, flags: JT
Incoming interface: FastEthernet1/0, RPF nbr 150.1.56.5
Outgoing interface list:
FastEthernet1/1, Forward/Sparse-Dense, 00:00:27/00:02:35

(*, 224.1.1.1), 00:02:22/stopped, RP 150.1.2.2, flags: SJC
Incoming interface: FastEthernet1/0, RPF nbr 150.1.56.5
Outgoing interface list:
FastEthernet1/1, Forward/Sparse-Dense, 00:02:22/00:02:42

(10.1.37.7, 224.1.1.1), 00:00:37/00:02:55, flags: JT
Incoming interface: FastEthernet1/0, RPF nbr 150.1.56.5
Outgoing interface list:
FastEthernet1/1, Forward/Sparse-Dense, 00:00:37/00:02:42

(*, 224.0.1.39), 00:02:40/stopped, RP 0.0.0.0, flags: DC
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
FastEthernet1/0, Forward/Sparse-Dense, 00:02:40/00:00:00

(150.1.4.4, 224.0.1.39), 00:00:37/00:02:22, flags: PTX
Incoming interface: FastEthernet1/0, RPF nbr 150.1.56.5
Outgoing interface list: Null

(150.1.2.2, 224.0.1.39), 00:00:39/00:02:20, flags: PTX
Incoming interface: FastEthernet1/0, RPF nbr 150.1.56.5
Outgoing interface list: Null

(*, 224.0.1.40), 00:02:47/stopped, RP 0.0.0.0, flags: DCL
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
FastEthernet1/0, Forward/Sparse-Dense, 00:02:47/00:00:00

(150.1.5.5, 224.0.1.40), 00:00:39/00:02:22, flags: PLTX
Incoming interface: FastEthernet1/0, RPF nbr 150.1.56.5
Outgoing interface list: Null
R6#sh ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/5
RP 150.1.2.2 (?), v2v1
Info source: 150.1.5.5 (?), elected via Auto-RP
Uptime: 00:00:43, expires: 00:02:16
Group(s) 232.0.0.0/5
RP 150.1.4.4 (?), v2v1
Info source: 150.1.5.5 (?), elected via Auto-RP
Uptime: 00:00:41, expires: 00:02:17
R6#

INE Vol 1 multicast - Lab 4 - AutoRP

Notes:

Previous lab asked you to use a static rp address, in this lab, the objective is to use Auto RP.
Configure the network to support PIM Sparse Dense mode and designate which router will be the RP and which router the Mapping Agent (can be 1 and the same), usually using a loopback interface.

Configs:

R1 as the RP
R1#sh run
Building configuration...

Current configuration : 2367 bytes
!
hostname R1
no aaa new-model
ip source-route
ip cef
!
no ip domain lookup
ip multicast-routing
no ipv6 cef
!
interface Loopback0
ip address 150.1.1.1 255.255.255.255
ip pim sparse-dense-mode
!
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
!
interface Serial1/0.12 point-to-point
ip address 150.1.12.1 255.255.255.0
ip pim sparse-dense-mode
snmp trap link-status
frame-relay interface-dlci 102
!
interface Serial1/1
ip address 150.1.13.1 255.255.255.0
ip pim sparse-dense-mode
serial restart-delay 0
!
!
interface FastEthernet2/0
ip address 150.1.15.1 255.255.255.0
ip pim sparse-dense-mode
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
ip pim send-rp-announce Loopback0 scope 16
!

R5 - Mapping Agent

R5#sh run
Building configuration...

Current configuration : 2331 bytes
!
upgrade fpd auto
version 12.4

hostname R5

ip source-route
ip cef
!
no ip domain lookup
ip multicast-routing
no ipv6 cef
!
multilink bundle-name authenticated
!
interface Loopback0
ip address 150.1.5.5 255.255.255.255
ip pim sparse-dense-mode
!
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
!
interface Serial1/0.54 point-to-point
ip address 150.1.45.5 255.255.255.0
ip pim sparse-dense-mode
snmp trap link-status
frame-relay interface-dlci 504
!
interface FastEthernet2/0
ip address 150.1.56.5 255.255.255.0
ip pim sparse-dense-mode
duplex auto
speed auto
!
interface FastEthernet2/1
ip address 150.1.15.5 255.255.255.0
ip pim sparse-dense-mode
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
ip pim send-rp-discovery Loopback0 scope 16

INE Vol 1 multicast - Lab 3 - Multicast RPF Failure

Notes:

This lab tests your understanding regarding uRPF for multicast. R1 and R5 have a high speed link, ie. FastEthernet connecting them, they also have another path through frame-relay and through other routers making it a less preferred path, however, pim isn't configured across the high speed link. This is where multicast gets "broken". Because data traffic will flow through the high speed link and will also carry multicast traffic, you either need to enable PIM on the high speed link OR use static mroutes to point through the less preferred path.

Config:

R1 - R5 have a high speed connection, FastE, with no PIM configured - they also have a low speed connection with PIM configured.

R5#sh run
Building configuration...

Current configuration : 2247 bytes
!

hostname R5
!
ip cef
!
no ip domain lookup
ip multicast-routing
no ipv6 cef
!
multilink bundle-name authenticated
!
interface Loopback0
ip address 150.1.5.5 255.255.255.255
!
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
!
interface Serial1/0.54 point-to-point
ip address 150.1.45.5 255.255.255.0
ip pim dense-mode
snmp trap link-status
frame-relay interface-dlci 504
!
interface FastEthernet2/0
ip address 150.1.56.5 255.255.255.0
ip pim dense-mode
duplex auto
speed auto
!
interface FastEthernet2/1
ip address 150.1.15.5 255.255.255.0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip mroute 10.1.37.7 255.255.255.255 Serial1/0.54

Verification:
Before applying the static mroute to R4 and R5
R5#sh ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group,
V - RD & Vector, v - Vector
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 224.0.1.40), 00:00:02/00:02:57, RP 0.0.0.0, flags: DCL
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
FastEthernet2/0, Forward/Dense, 00:00:02/00:00:00
Serial1/0.54, Forward/Dense, 00:00:02/00:00:00

R5#

After applying the static mroute to R4 and R5
R5#sh ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group,
V - RD & Vector, v - Vector
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 224.1.1.1), 00:00:14/stopped, RP 0.0.0.0, flags: D
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
FastEthernet2/0, Forward/Dense, 00:00:14/00:00:00
Serial1/0.54, Forward/Dense, 00:00:14/00:00:00

(10.1.37.7, 224.1.1.1), 00:00:14/00:02:52, flags: T
Incoming interface: Serial1/0.54, RPF nbr 150.1.45.4, Mroute
Outgoing interface list:
FastEthernet2/0, Forward/Dense, 00:00:14/00:00:00

(*, 224.0.1.40), 00:03:16/00:01:53, RP 0.0.0.0, flags: DCL
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
FastEthernet2/0, Forward/Dense, 00:03:16/00:00:00
Serial1/0.54, Forward/Dense, 00:03:16/00:00:00

R5#

Friday, August 20, 2010

INE Vol 1 multicast - Lab 1 & 2 - Dense & Sparse mode

Notes:

Pretty straight forward. Dense uses a PUSH model and floods the mcast traffic whereas sparse uses a PULL model and receivers must join an mcast group.

Dense - you don't need an RP, Sparse - you need an RP, static or auto.


Lab is scheduled.

Scheduled the lab... no turning back now :)

Thursday, August 19, 2010

INE Vol 1 - Second Pass (minus Multicast) completed

Finished 26 labs of INE Vol1, still have to do the Multicast labs but thought I'd give my thoughts on these so far.

Overall, these labs certainly focused more on MPLS VPNs and their capabilities, applications, etc. then IPX Vol 1. I think I can get through 90% of them just by looking at the diagram and the Objective which I take is a good sign that I can infer whats needed.

I plan on going over everything again, doing an assessment of where I am in relation to the blue print and then tackling another workbook. Reviewing MPLS Fundamentals. And finally tackling the Vol 2 labs.

INE Vol 1 - Lab 26 - Multicast over MPLS VPNs ?

Notes:

For the second time, I couldn't get the tunnel to show up on PE R3 when executing a "show ip pim vrf SW1-SW2 neighbor"

I see the tunnel interface as up/up but I can't seem to see the other end, R6 the remote PE, as neighbor through the tunnel.

I did a show ip pim mdt and shows the loopback.

Not sure what's wrong...

Configs:

R3 -PE
hostname R3
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
ip source-route
ip cef
!
no ip domain lookup
ip vrf SW1-SW2
rd 1:2
route-target export 1:2
route-target import 1:2
mdt default 232.0.0.1
!
ip multicast-routing
ip multicast-routing vrf SW1-SW2
no ipv6 cef
!
interface Loopback0
ip address 150.1.3.3 255.255.255.255
ip router isis
ip pim sparse-mode
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
ip address 150.1.13.3 255.255.255.0
ip router isis
ip pim sparse-mode
mpls ip
serial restart-delay 0
!
interface FastEthernet2/0
ip vrf forwarding SW1-SW2
ip address 10.1.37.3 255.255.255.0
ip pim sparse-mode
duplex auto
speed auto
!
interface FastEthernet2/1
no ip address
shutdown
duplex auto
speed auto
!
router isis
net 00.0000.0000.0003.00
is-type level-2-only
log-adjacency-changes
!
router rip
!
address-family ipv4 vrf SW1-SW2
redistribute bgp 100 metric 1
network 10.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 100
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 150.1.6.6 remote-as 100
neighbor 150.1.6.6 update-source Loopback0
!
address-family vpnv4
neighbor 150.1.6.6 activate
neighbor 150.1.6.6 send-community extended
exit-address-family
!
address-family ipv4 vrf SW1-SW2
redistribute rip
no synchronization
exit-address-family
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip pim ssm default
ip pim vrf SW1-SW2 rp-address 10.1.37.7
!

R6 - PE router
hostname R6
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
ip source-route
ip cef
!
!
!
!
no ip domain lookup
ip vrf SW1-SW2
rd 1:2
route-target export 1:2
route-target import 1:2
mdt default 232.0.0.1
!
ip multicast-routing
ip multicast-routing vrf SW1-SW2
no ipv6 cef
!
interface Loopback0
ip address 150.1.6.6 255.255.255.255
ip router isis
ip pim sparse-mode
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
ip address 150.1.56.6 255.255.255.0
ip router isis
ip pim sparse-mode
duplex auto
speed auto
mpls ip
!
interface FastEthernet1/1
ip vrf forwarding SW1-SW2
ip address 10.1.68.6 255.255.255.0
ip pim sparse-mode
duplex auto
speed auto
!
router isis
net 00.0000.0000.0006.00
is-type level-2-only
log-adjacency-changes
!
router rip
!
address-family ipv4 vrf SW1-SW2
redistribute bgp 100 metric 1
network 10.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 100
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 150.1.3.3 remote-as 100
neighbor 150.1.3.3 update-source Loopback0
!
address-family vpnv4
neighbor 150.1.3.3 activate
neighbor 150.1.3.3 send-community extended
exit-address-family
!
address-family ipv4 vrf SW1-SW2
redistribute rip
no synchronization
exit-address-family
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip pim ssm default
ip pim vrf SW1-SW2 rp-address 10.1.37.7
!

Wednesday, August 18, 2010

INE Vol 1 - Lab 25 - MPLS QoS

Notes:

QoS in MPLS is similar to doing a translation on PEs.

The objective was to guarantee 640 kbps of Voice traffic as a priority through the SP. Therefor, on the PEs, you need to classify VOIP coming from the CE and also VOIP-Translated coming from the P. Keep in mind that within the MPLS VPN, the labels carry EXP bits (3) so with the SP network you should be dealing with EXP exclusively.


Config:
R3 - PE router
class-map match-all VoIP
match access-group name VoIP
class-map match-all QOS_GROUP_5
match qos-group 5
class-map match-all MPLS_EXP_5
match mpls experimental topmost 5

policy-map TO_P
class MPLS_EXP_5
priority 640
class MPLS_EXP_1
bandwidth 1000
random-detect

policy-map FROM_P
class MPLS_EXP_5
set qos-group 5
class MPLS_EXP_1
set qos-group 1

policy-map TO_CE
class QOS_GROUP_5
priority 640
class QOS_GROUP_1
bandwidth 1000
random-detect

policy-map FROM_CE
class VoIP
set qos-group 5
set mpls experimental imposition 5
class class-default
set qos-group 1
set mpls experimental imposition 1

Saturday, August 14, 2010

INE Vol 1 - Lab 24 - MPLS TE Unequal Cost Load Balancing

Notes:

The objective asks you to configure TE tunnels with a total of 10 Mbps between 2 PE routers, R3 and R4. One third of the traffic between these PEs need to transit thru R5.

In order to accomplish this, I created to TE tunnels, Tun 0 and Tun 1, both explicit paths. Tun 0 bypassed R5 and Tun 1 went thru R5. The setup is identical until you get to the tunnels bandwidth statement. Since 1/3 has to go through R5, tunnel 1 has a bandwidth of 3333 kbps and tunnel 0 has 6667 kbps.

This is a good exercise to show that the RSVP Total BW is 10 Mbps so the sum of the individual tunnel bandwidths must be no more then 10 Mbps. This also achieves unequal cost load balancing via the bandwidth statements.

Config:
R3 - PE and TE Head End
interface Loopback0
ip address 150.1.3.3 255.255.255.255
!
interface Tunnel0
ip unnumbered Loopback0
tunnel destination 150.1.4.4
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng priority 3 3
tunnel mpls traffic-eng bandwidth 6667
tunnel mpls traffic-eng path-option 1 explicit name THRU_R4
no routing dynamic
!
interface Tunnel1
ip unnumbered Loopback0
tunnel destination 150.1.4.4
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng priority 3 3
tunnel mpls traffic-eng bandwidth 3333
tunnel mpls traffic-eng path-option 1 explicit name THRU_R5
no routing dynamic
!
interface Serial1/0
bandwidth 155000
ip address 150.1.13.3 255.255.255.0
mpls traffic-eng tunnels
mpls ip
fair-queue 64 256 313
serial restart-delay 0
ip rsvp bandwidth 10000
!
interface FastEthernet2/0
ip vrf forwarding SW1-SW2
ip address 10.1.37.3 255.255.255.0
duplex auto
speed auto
!
router ospf 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
log-adjacency-changes
network 150.1.0.0 0.0.255.255 area 0
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 150.1.4.4 remote-as 1
neighbor 150.1.4.4 update-source Loopback0
!
address-family vpnv4
neighbor 150.1.4.4 activate
neighbor 150.1.4.4 send-community extended
neighbor 150.1.4.4 next-hop-self
exit-address-family
!
address-family ipv4 vrf SW1-SW2
neighbor 10.1.37.7 remote-as 2
neighbor 10.1.37.7 activate
no synchronization
exit-address-family
!
ip explicit-path name THRU_R4 enable
next-address 150.1.13.1
next-address 150.1.12.2
next-address 150.1.24.4
next-address 150.1.4.4
!
ip explicit-path name THRU_R5 enable
next-address 150.1.13.1
next-address 150.1.12.2
next-address 150.1.25.5
next-address 10.1.45.4
next-address 150.1.4.4

INE Vol 1 - Lab 23 - MPLS TE Explicit PE to PE tunnels

Notes:

*** Rule of thumb to simplify this configuration. After the MPLS VPN network is setup, think of it as overlaying TE on top. Go from General to Specific, meaning General = enabling MPLS TE on a global level, router wide. Then go to more Specific, like enabling MPLS TE in the link state IGP routing protocol, and then even more specific on the interfaces enabling RSVP and TE and then last step create the tunnel interfaces.

This lab is identical to the previous except for the TE tunnels using an explicit path list, hop by hop list, instead of a dynamic path like the last lab.

REMEMBER, the next-address is the next hop's inbound interface (looking from a downstream perspective).

Config:
R3 - PE and Tunnel head end
R3#sh run | b ipv6
no ipv6 cef
!
multilink bundle-name authenticated
mpls traffic-eng tunnels
!
interface Loopback0
ip address 150.1.3.3 255.255.255.255
!
interface Tunnel0
ip unnumbered Loopback0
tunnel destination 150.1.4.4
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng priority 4 4
tunnel mpls traffic-eng bandwidth 10000
tunnel mpls traffic-eng path-option 1 explicit name PATH
no routing dynamic
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
bandwidth 155000
ip address 150.1.13.3 255.255.255.0
mpls traffic-eng tunnels
mpls ip
fair-queue 64 256 313
serial restart-delay 0
ip rsvp bandwidth 10000
!
interface FastEthernet2/0
ip vrf forwarding SW1-SW2
ip address 10.1.37.3 255.255.255.0
duplex auto
speed auto
!
router ospf 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
log-adjacency-changes
network 150.1.0.0 0.0.255.255 area 0
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 150.1.4.4 remote-as 1
neighbor 150.1.4.4 update-source Loopback0
!
address-family vpnv4
neighbor 150.1.4.4 activate
neighbor 150.1.4.4 send-community extended
neighbor 150.1.4.4 next-hop-self
exit-address-family
!
address-family ipv4 vrf SW1-SW2
neighbor 10.1.37.7 remote-as 2
neighbor 10.1.37.7 activate
no synchronization
exit-address-family
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
ip explicit-path name PATH enable
next-address 150.1.13.1
next-address 150.1.12.2
next-address 150.1.25.5
next-address 10.1.45.4
next-address 150.1.4.4
!
logging alarm informational
!

Friday, August 13, 2010

INE Vol 1 - Lab 22 MPLS TE - Dynamic PE to PE tunnels

Notes:

Remember to configure the bandwidth statement on serial interfaces, this is especially important if you plan on using RSVP and reserving a large amount of BW because you won't be able to reserve say 10 Megs if the serial link is only 1.5 Meg.

Summary of configuration steps:
1. Enable MPLS Traffic Engineering tunnels globally
2. Ensure the Link State protocol is configured to support Traffic Engineering Tunnels and remember to use a /32 router-id loopback for MPLS TE
3. Ensure the links are configured for RSVP and MPLS TE
4. Create Tunnel Interfaces; use ip unnumbered for address, set a tunnel destination IP (the other loopback), autoroute announce so the tunnel is in the IGP, set bandwith, priority, and path-options.

Don't forget that the destination IPs need to be in IGP as well as do the MPLS TE router-ids. And that TE is unidirectional.

Configs:
R3 - PE and Tunnel Head End

R3#sh run | b no ipv6
no ipv6 cef
!
multilink bundle-name authenticated
mpls traffic-eng tunnels
!
archive
log config
hidekeys
!
interface Loopback0
ip address 150.1.3.3 255.255.255.255
!
interface Tunnel0
ip unnumbered Loopback0
tunnel destination 150.1.4.4
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng priority 6 6
tunnel mpls traffic-eng bandwidth 10000
tunnel mpls traffic-eng path-option 1 dynamic
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
bandwidth 155000
ip address 150.1.13.3 255.255.255.0
mpls traffic-eng tunnels
mpls ip
serial restart-delay 0
ip rsvp bandwidth 155000 155000

interface FastEthernet2/0
ip vrf forwarding SW1-SW2
ip address 10.1.37.3 255.255.255.0
duplex auto
speed auto
!
router ospf 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
log-adjacency-changes
network 150.1.0.0 0.0.255.255 area 0
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 150.1.4.4 remote-as 1
neighbor 150.1.4.4 update-source Loopback0
!
address-family vpnv4
neighbor 150.1.4.4 activate
neighbor 150.1.4.4 send-community extended
neighbor 150.1.4.4 next-hop-self
exit-address-family
!
address-family ipv4 vrf SW1-SW2
neighbor 10.1.37.7 remote-as 2
neighbor 10.1.37.7 activate
no synchronization
exit-address-family
!
ip forward-protocol nd

Verify:
R3#sh mpls traffic-eng tunnels brief
Signalling Summary:
LSP Tunnels Process: running
Passive LSP Listener: running
RSVP Process: running
Forwarding: enabled
Periodic reoptimization: every 3600 seconds, next in 1716 seconds
Periodic FRR Promotion: Not Running
Periodic auto-bw collection: every 300 seconds, next in 216 seconds
TUNNEL NAME DESTINATION UP IF DOWN IF STATE/PROT
R3_t0 150.1.4.4 - Se1/0 up/up
R4_t0 150.1.3.3 Se1/0 - up/up
Displayed 1 (of 1) heads, 0 (of 0) midpoints, 1 (of 1) tails
R3#

Good Reference

Thursday, August 12, 2010

INE Vol 1 - Lab 21 - Controlling MPLS Label Distribution

Notes:
This lab asks you to limit the traffic that should be label switched. It states that only traffic between R3 and R6's (the PEs) Loopbacks should be label switched. In order to do so, on the PE and P nodes, use 'mpls ldp advertise-labels for #' and an ACL to limit what prefixes are allowed to be labeled and what prefixes are not.

Config:
R1 - P node
R1#sh run | i 99
mpls ldp advertise-labels for 99
access-list 99 permit 150.1.3.3
access-list 99 permit 150.1.6.6
access-list 99 deny any log
R1#

INE Vol 1 - Lab 20 - VRF Lite

Notes:

It IS pretty straight forward, except for the fact that in GNS3, I used a single serial interface with 2 sub interfaces to another router. HDLC, nothing fancy, but wasn't able to ping on the sub-interfaces. I ended up making a separate physical connection for R3 to R1 and my configuration worked.

On point, this lab demonstrated the use of VRF lite to use a Managed CE with sub interfaces to the PE and segment traffic.


Monday, August 9, 2010

INE Vol 1 - Lab 19 - CSC Hierarchical MPLS VPNs

Notes:

Fairly similar to the previous lab, same concepts with supporting more then 1 Enterprise end customer.

I would recommend review Lab 17 as it's not as intuitive as 18 or 19.


INE Vol 1 - Lab 18 - CSC MPLS enabled Customer Carrier

Notes:
This Lab was much more intuitive, probably from struggling and figuring out the previous lab, and I was able to configure the topology without viewing the instructions. From the Objective and from the diagram, I understood that the Customer Carrier was supporting MPLS and MPLS VPNs, the Provider Carrier didn't change much as they too support MPLS VPNs. Providing IGP transport for R3 and R6, the Customer Carrier's PE routers, was straight forward. Since R3 and R6 participate in OSPF and R2 and R4's link into OSPF was through a VRF, redistribution for Carrier Providers PE's was necessary. Once R3 had reachability to R6, vpnv4 iBGP was established spanning the Provider Carrier's network. Finally, putting the Customer PE interfaces into a vrf for PE-CE connectivity and establishing eBGP with the Enterprise client routers, full reachability was established.

Remember to ensure MPLS is enabled through out the network up until the Enterprise connectivity links.

Configs:
R2 - Provider Carrier's PE
R2#srb
router ospf 100 vrf AS1
log-adjacency-changes
redistribute bgp 2 subnets
network 150.1.12.2 0.0.0.0 area 0
!
router ospf 1
log-adjacency-changes
network 150.1.24.2 0.0.0.0 area 0
!
router bgp 2
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 150.1.24.4 remote-as 2
!
address-family vpnv4
neighbor 150.1.24.4 activate
neighbor 150.1.24.4 send-community extended
exit-address-family
!
address-family ipv4 vrf AS1
redistribute ospf 100 vrf AS1
no synchronization
exit-address-family

R3 - Customer Carrier's PE
R3#srb
router ospf 1
log-adjacency-changes
network 150.1.3.3 0.0.0.0 area 0
network 150.1.13.3 0.0.0.0 area 0
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 150.1.6.6 remote-as 1
neighbor 150.1.6.6 update-source Loopback0
!
address-family vpnv4
neighbor 150.1.6.6 activate
neighbor 150.1.6.6 send-community extended
neighbor 150.1.6.6 next-hop-self
exit-address-family
!
address-family ipv4 vrf CUST
neighbor 10.1.37.7 remote-as 65001
neighbor 10.1.37.7 activate
no synchronization
exit-address-family
!

INE Vol 1 - Lab 17 - CSC IP only Customer Carrier

Notes:
The purpose of this lab was to utilize another carrier as transport for a customer carrier to provide IP services to their end customers, presumably enterprise clients. The SP carrier uses R2 and R4 and BGP between them as well as MPLS and MPLS VPNs down to R1 and R5 (the customer carrier's upstream routers). Being how this is an "IP Only" Customer Carrier BGP was only ipv4, however, R2 and R4 were VPNv4 for label transport/MPLS VPN.

I attempted to configure this lab and all the previous labs just from the Objective and the diagram without reading the specific tasks, this one was a difficult in doing that because the peering between BGP ASes was evident from the diagram. I ended up trying to peer AS1 and AS2 but instead should have redistributed OSPF vrf into ipv4 bgp vrf... etc.

This is a great lab to review again.

Configs:
R2 - SP Carrier Router
R2#sri s1/0.21
Building configuration...

Current configuration : 172 bytes
!
interface Serial1/0.21 point-to-point
ip vrf forwarding AS1
ip address 150.1.12.2 255.255.255.0
snmp trap link-status
mpls ip
frame-relay interface-dlci 201
end

R2#sri f2/0
Building configuration...

Current configuration : 104 bytes
!
interface FastEthernet2/0
ip address 150.1.24.2 255.255.255.0
duplex auto
speed auto
mpls ip
end

R2#srb
router ospf 1 vrf AS1
log-adjacency-changes
redistribute bgp 2 subnets
network 150.1.12.2 0.0.0.0 area 0
!
router ospf 100
log-adjacency-changes
network 150.1.24.2 0.0.0.0 area 0
!
router bgp 2
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 150.1.12.1 remote-as 1
neighbor 150.1.24.4 remote-as 2
!
address-family vpnv4
neighbor 150.1.24.4 activate
neighbor 150.1.24.4 send-community extended
exit-address-family
!
address-family ipv4 vrf AS1
redistribute ospf 1 vrf AS1
no synchronization
exit-address-family

R1 - Customer Carrier Router
R1#sri s1/0.12
Building configuration...

Current configuration : 149 bytes
!
interface Serial1/0.12 point-to-point
ip address 150.1.12.1 255.255.255.0
snmp trap link-status
mpls ip
frame-relay interface-dlci 102
end

R1#sri s1/1
Building configuration...

Current configuration : 88 bytes
!
interface Serial1/1
ip address 150.1.13.1 255.255.255.0
serial restart-delay 0
end

R1#srb
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 150.1.2.2 remote-as 2
neighbor 150.1.2.2 update-source Loopback0
neighbor 150.1.5.5 remote-as 1
neighbor 150.1.5.5 update-source Loopback0
neighbor 150.1.13.3 remote-as 1
!
address-family ipv4
neighbor 150.1.5.5 activate
neighbor 150.1.5.5 route-reflector-client
neighbor 150.1.13.3 activate
neighbor 150.1.13.3 route-reflector-client
no auto-summary
no synchronization
exit-address-family

R3 - Customer Provider Edge Router
R3#srb
router ospf 1
log-adjacency-changes
network 150.1.3.3 0.0.0.0 area 0
network 150.1.13.3 0.0.0.0 area 0
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.1.37.7 remote-as 65001
neighbor 150.1.13.1 remote-as 1
!
address-family ipv4
neighbor 10.1.37.7 activate
neighbor 150.1.13.1 activate
neighbor 150.1.13.1 next-hop-self
no auto-summary
no synchronization
exit-address-family
!

Friday, August 6, 2010

INE Vol 1 - Lab 16 - Inter-AS MPLS VPNs with Multihop MP-eBGP for VPNv4 Exchange

Notes:

The last 3 labs have been a similar problem with 3 different solutions. This one uses MP-eBGP to peer across different ASes for PEs (that are in different ASes). In order to accomplish this, the ipv4 bgp peering between R2 and R4 need to advertise the loopbacks of R3 and R6 (PE in AS1 and PE in AS2, respectively), they also need to advertise or redistribute into the IGP so the R3 and R6 can know of each other's loopback for MP-eBGP multihop peering. Don't forget to send-label for ipv4 peering. Finally, VPNv4 peer between R3 and R6.

Configs:
R2 - AS1 ipv4 peering point to AS2
R2#sh run | b router
router ospf 1
log-adjacency-changes
redistribute bgp 1 subnets route-map LOOP6
network 150.1.2.2 0.0.0.0 area 0
network 150.1.12.2 0.0.0.0 area 0
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 150.1.24.4 remote-as 2
!
address-family ipv4
neighbor 150.1.24.4 activate
neighbor 150.1.24.4 send-label
no auto-summary
no synchronization
network 150.1.3.3 mask 255.255.255.255
exit-address-family
!
R4 - AS2 ipv4 peering point to R2
router isis
net 00.0000.0000.0004.00
is-type level-2-only
redistribute bgp 2 route-map LOOP3
!
router bgp 2
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 150.1.24.2 remote-as 1
!
address-family ipv4
neighbor 150.1.24.2 activate
neighbor 150.1.24.2 send-label
no auto-summary
no synchronization
network 150.1.6.6 mask 255.255.255.255
exit-address-family
!
R3 - AS1 PE - ebgp vpnv4 multihop peering to R6
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 150.1.6.6 remote-as 2
neighbor 150.1.6.6 ebgp-multihop 255
neighbor 150.1.6.6 update-source Loopback0
!
address-family vpnv4
neighbor 150.1.6.6 activate
neighbor 150.1.6.6 send-community extended
exit-address-family

R6 - AS2 PE - ebgp vpnv4 multihop peering to R3
router bgp 2
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 150.1.3.3 remote-as 1
neighbor 150.1.3.3 ebgp-multihop 255
neighbor 150.1.3.3 update-source Loopback0
!
address-family vpnv4
neighbor 150.1.3.3 activate
neighbor 150.1.3.3 send-community extended
exit-address-family
!

Thursday, August 5, 2010

INE Vol 1 - Lab 15 - Inter-AS MPLS VPNs with MP-eBGP for VPNv4 Exchange

Notes:

Same physical setup as the previous lab, the important point to note here, is that if a you are using VPNv4 for route exchange between ASes, hence Inter-AS, then you have to disable BGP's default behavior of filter route-targets that it doesn't need. "Doesn't need" meaning no interfaces that are configured for that VRF.

R2 and R4 are "PEs" and they sit in 2 different BGP ASes, the eBGP peer in the VPNv4 AFI (MP-eBGP) but they won't have the VPNv4 routes from their respective PEs since they don't have interfaces in the particular VRFs. This means those VPNv4 routes are filter until you disable the feature.

Configs:
R2
R2#sh run | b router bgp
router bgp 1
no bgp default ipv4-unicast
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 150.1.3.3 remote-as 1
neighbor 150.1.3.3 update-source Loopback0
neighbor 150.1.24.4 remote-as 2
!
address-family vpnv4
neighbor 150.1.3.3 activate
neighbor 150.1.3.3 send-community extended
neighbor 150.1.3.3 next-hop-self
neighbor 150.1.24.4 activate <- notice there's no "next-hop-self" because ebgp next hop is the
neighbor 150.1.24.4 send-community extended neighbor
exit-address-family
!
R4
router bgp 2
no bgp default ipv4-unicast
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 150.1.6.6 remote-as 2
neighbor 150.1.6.6 update-source Loopback0
neighbor 150.1.24.2 remote-as 1
!
address-family vpnv4
neighbor 150.1.6.6 activate
neighbor 150.1.6.6 send-community extended
neighbor 150.1.6.6 next-hop-self
neighbor 150.1.24.2 activate
neighbor 150.1.24.2 send-community extended
exit-address-family
!

INE Vol 1 - Lab 14 - Inter-AS MPLS VPNs with Back to Back VRF

Notes:
As the title suggests, or rather blatantly states, 2 BGP ASes that are MPLS enabled with an interconnect between R2 and R4, a VPN that spans both ASes.

So how is this accomplished? R2 and R4 have dot1q trunk between them and each subinterface belongs to a separate VRF. IPV4 eBGP between them. For the purpose of trying to keep it straight and simple. R2 and R4 both seem to act as PEs and CEs at the same time. The connections between them belong to VRFs and no label distribution protocol is deployed.

For example, R2 sends all it's routes in the VRFs via ebgp (the CE-PE routing protocol) R4 then sends them to the other PE via VPNv4 routes. And vice versa, R4 sends all it's routes in the VRFs via the same eBGP (CE-PE routing protocol) connections to R2 and then R2 sends them as VPNv4 routes to the other PE in it's AS.

Config:
R2
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 150.1.3.3 remote-as 1
neighbor 150.1.3.3 update-source Loopback0
neighbor 150.1.100.4 remote-as 2
neighbor 150.1.200.4 remote-as 2
!
address-family vpnv4
neighbor 150.1.3.3 activate
neighbor 150.1.3.3 send-community extended
neighbor 150.1.3.3 next-hop-self
exit-address-family
!
address-family ipv4 vrf SW2-BB2
neighbor 150.1.200.4 remote-as 2
neighbor 150.1.200.4 activate
no synchronization
exit-address-family
!
address-family ipv4 vrf SW1-BB1
neighbor 150.1.100.4 remote-as 2
neighbor 150.1.100.4 activate
no synchronization
exit-address-family

R2#sh run int f2/0.100
Building configuration...

Current configuration : 127 bytes
!
interface FastEthernet2/0.100
encapsulation dot1Q 100
ip vrf forwarding SW1-BB1
ip address 150.1.100.2 255.255.255.0
end

R2#sh run int f2/0.200
Building configuration...

Current configuration : 127 bytes
!
interface FastEthernet2/0.200
encapsulation dot1Q 200
ip vrf forwarding SW2-BB2
ip address 150.1.200.2 255.255.255.0
end

R4
router bgp 2
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 150.1.6.6 remote-as 2
neighbor 150.1.6.6 update-source Loopback0
!
address-family vpnv4
neighbor 150.1.6.6 activate
neighbor 150.1.6.6 send-community extended
neighbor 150.1.6.6 next-hop-self
exit-address-family
!
address-family ipv4 vrf SW2-BB2
neighbor 150.1.200.2 remote-as 1
neighbor 150.1.200.2 activate
no synchronization
exit-address-family
!
address-family ipv4 vrf SW1-BB1
neighbor 150.1.100.2 remote-as 1
neighbor 150.1.100.2 activate
no synchronization
exit-address-family
!
!
interface FastEthernet2/0.100
encapsulation dot1Q 100
ip vrf forwarding SW1-BB1
ip address 150.1.100.4 255.255.255.0
!
interface FastEthernet2/0.200
encapsulation dot1Q 200
ip vrf forwarding SW2-BB2
ip address 150.1.200.4 255.255.255.0
!