CCIE Ep 18 Lab3ling.m4vp
17 min readOct 28, 2022
Hey Folks, in this post I'll cover MPLS aspects. Including the control plane and data plane. I hope you enjoy it.
I would to remind posts in this blog don't have the intention to be formal documentation. Instead, sharing my notes and evolution inside CCIE Enterprise Infrastructure exam topics.
I'd strongly recommend you spend more time in formal documentation by vendor and RFCs. By the way, gonna sip some of your favorite tea or I would like to recommend any Brazillian black coffee.
Multiple Lable Switch Protocol
MPLS network makes the forward decision based on labels instead of the destination IP address. MPLS inserts a new 32 bits header between L2 and L3 headers.
- Label: 20 bits field, labels could take value from 0 to 1048575.
- Exp: 3 bits field, experimental used for QoS proposal.
- S: 1 bit field, Bottom of Stack. This means that label is the least of the stack.
- TTL: 8 bits field, time to live.
As you know, IP forward uses two data structures: RIB (control plane) and FIB (data plane). When we are talking about MPLS, there's LIB (control plane) and LFIB (data plane).
Routing protocols on RIB offer IP prefixes to the FIB table. In the same way, Label protocols on LIB (LDP, RSVP, MP-BGP) offer labels to LFIB.
Commonly terms
LSR: Label Switch Router, any router that makes forwarding decisions using a label.
Ingress LSR: Receives IP pacote and do Push to insert label. Costumer facing router.
Intermediate LSR: "backbone router" do swap, changing Label id.
Egress LSR: Receives MPLS packets and removes MPLS header, POP operations.
LSP: Label Switches Path, the entire path between Ingress and Egress LSR.
CE: Customer router ( no MPLS router)
PE: Provide Edge router
P: Provide router
Basic forwarding using labs
IP to IP: No MPLS enabled.
IP to Label: Push, insert labels.
Label to Label: Swap, changing label.
Label to IP: Pop, drop label, and MPLS header.
Penultimate Hop Pop: PHP, Egress LSR report prefix with label 3 (implicit Null) to avoid receiving label packet (label binding). In this way, ELSR doesn't need lookup inside LFIB and FIB.
Label Distribuition Protocol
LDP is the most common protocol used to select and distribute labels on MPLS cloud network.
LDP session, like BGP, is established over TCP but using 646 port.
Important to know that some labels 0–15 are special and are already allocated or reserved for future reasons.
Label 0: Explicit Null, the same way as label 3 but used for QoS proposes.
Label 1: Router Alert Label, Meaning the packet must use Software-switched. used to inspect/debug/troubleshoot proposes.
Label 3: Implicit Null, Penultimate Hop pop.
LDP hello packets are sent to multicast IP 244.0.0.2 port UDP 646
LDP Session keep alive over TCP 646
R1#show mpls ldp neighbor
Peer LDP Ident: 10.255.255.3:0; Local LDP Ident 10.255.255.1:0
TCP connection: 10.255.255.3.22922 - 10.255.255.1.646
State: Oper; Msgs sent/rcvd: 126/119; Downstream
Up time: 00:59:08
LDP discovery sources:
Ethernet0/1, Src IP addr: 10.10.13.2
Addresses bound to peer LDP Ident:
10.255.255.3 10.10.13.2
Peer LDP Ident: 10.255.255.5:0; Local LDP Ident 10.255.255.1:0
TCP connection: 10.255.255.5.52700 - 10.255.255.1.646
State: Oper; Msgs sent/rcvd: 123/118; Downstream
Up time: 00:58:36
LDP discovery sources:
Ethernet0/2, Src IP addr: 10.10.15.2
Addresses bound to peer LDP Ident:
10.255.255.5 10.10.15.2
Peer LDP Ident: 10.255.255.2:0; Local LDP Ident 10.255.255.1:0
TCP connection: 10.255.255.2.11975 - 10.255.255.1.646
State: Oper; Msgs sent/rcvd: 125/121; Downstream
Up time: 00:57:51
LDP discovery sources:
Ethernet0/0, Src IP addr: 10.10.12.2
Addresses bound to peer LDP Ident:
10.255.255.2 10.10.12.2 10.10.24.1 10.10.26.1## LIB ##
R1#show mpls ldp bindings
lib entry: 10.10.12.0/30, rev 53
local binding: label: imp-null
remote binding: lsr: 10.255.255.2:0, label: imp-null --> Label 3
remote binding: lsr: 10.255.255.3:0, label: 23
remote binding: lsr: 10.255.255.5:0, label: 24
lib entry: 10.10.13.0/30, rev 43
local binding: label: imp-null
remote binding: lsr: 10.255.255.3:0, label: imp-null
remote binding: lsr: 10.255.255.2:0, label: 17
remote binding: lsr: 10.255.255.5:0, label: 22
lib entry: 10.10.15.0/30, rev 49
local binding: label: imp-null
remote binding: lsr: 10.255.255.3:0, label: 24
remote binding: lsr: 10.255.255.5:0, label: imp-null
remote binding: lsr: 10.255.255.2:0, label: 19
lib entry: 10.10.24.0/30, rev 57
local binding: label: 21
remote binding: lsr: 10.255.255.2:0, label: imp-null
remote binding: lsr: 10.255.255.3:0, label: 22
remote binding: lsr: 10.255.255.5:0, label: 21
lib entry: 10.10.26.0/30, rev 59
local binding: label: 26
remote binding: lsr: 10.255.255.2:0, label: imp-null
remote binding: lsr: 10.255.255.5:0, label: 28
remote binding: lsr: 10.255.255.3:0, label: 28
lib entry: 10.255.255.1/32, rev 26
local binding: label: imp-null
remote binding: lsr: 10.255.255.3:0, label: 25
remote binding: lsr: 10.255.255.5:0, label: 26
remote binding: lsr: 10.255.255.2:0, label: 24
lib entry: 10.255.255.2/32, rev 30
local binding: label: 25
remote binding: lsr: 10.255.255.5:0, label: 27
remote binding: lsr: 10.255.255.2:0, label: imp-null
remote binding: lsr: 10.255.255.3:0, label: 27
lib entry: 10.255.255.3/32, rev 24
local binding: label: 23
remote binding: lsr: 10.255.255.3:0, label: imp-null
remote binding: lsr: 10.255.255.5:0, label: 25
remote binding: lsr: 10.255.255.2:0, label: 23
lib entry: 10.255.255.4/32, rev 61
local binding: label: 27
remote binding: lsr: 10.255.255.3:0, label: 29
remote binding: lsr: 10.255.255.2:0, label: 26
remote binding: lsr: 10.255.255.5:0, label: 29
lib entry: 10.255.255.5/32, rev 28
local binding: label: 24
remote binding: lsr: 10.255.255.3:0, label: 26
remote binding: lsr: 10.255.255.5:0, label: imp-null
remote binding: lsr: 10.255.255.2:0, label: 25 10.10.26.1R1#show mpls ldp bindings
lib entry: 10.255.255.1/32, rev 26
local binding: label: imp-null
remote binding: lsr: 10.255.255.3:0, label: 25
remote binding: lsr: 10.255.255.5:0, label: 26
remote binding: lsr: 10.255.255.2:0, label: 24
lib entry: 10.255.255.2/32, rev 30
local binding: label: 25
remote binding: lsr: 10.255.255.5:0, label: 27
remote binding: lsr: 10.255.255.2:0, label: imp-null ---> label 3
remote binding: lsr: 10.255.255.3:0, label: 27
lib entry: 10.255.255.3/32, rev 24
local binding: label: 23
remote binding: lsr: 10.255.255.3:0, label: imp-null ---> label 3
remote binding: lsr: 10.255.255.5:0, label: 25
remote binding: lsr: 10.255.255.2:0, label: 23
lib entry: 10.255.255.5/32, rev 28
local binding: label: 24
remote binding: lsr: 10.255.255.3:0, label: 26
remote binding: lsr: 10.255.255.5:0, label: imp-null ---> label 3
remote binding: lsr: 10.255.255.2:0, label: 25## LFIB ##
R1# show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
21 Pop Label 10.10.24.0/30 0 Et0/0 10.10.12.2
23 Pop Label 10.255.255.3/32 0 Et0/1 10.10.13.2
24 Pop Label 10.255.255.5/32 0 Et0/2 10.10.15.2
25 Pop Label 10.255.255.2/32 0 Et0/0 10.10.12.2
26 Pop Label 10.10.26.0/30 0 Et0/0 10.10.12.2
27 26 10.255.255.4/32 0 Et0/0 10.10.12.2
MPLS LDP base configurations
— First, must specify with interfaces will be MPLS enabled. And,
— Choose LDP as the distribution label protocol.
R1#show running-config | in mpls|Ethernet
mpls label protocol ldp
!
mpls ldp router-id Loopback0 force
!
interface Ethernet0/0
mpls ip
interface Ethernet0/1
mpls ip
interface Ethernet0/2
mpls ip
interface Ethernet0/3R1#show mpls interfaces
Interface IP Tunnel BGP Static Operational
Ethernet0/0 Yes (ldp) No No No Yes
Ethernet0/1 Yes (ldp) No No No Yes
Ethernet0/2 Yes (ldp) No No No Yes
Verify Label forwarding
#### IP Layer
R3#ping 10.255.255.6 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.255.255.6, timeout is 2 seconds:
Packet sent with a source address of 10.255.255.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R3#R3#traceroute 10.255.255.6 source lo0
Type escape sequence to abort.
Tracing the route to 10.255.255.6
VRF info: (vrf in name/id, vrf out name/id)
1 10.10.13.1 [MPLS: Label 20 Exp 0] 2 msec 0 msec 1 msec
2 10.10.12.2 [MPLS: Label 16 Exp 0] 0 msec 0 msec 2 msec
3 10.10.26.2 1 msec * 1 msec#### Label Forward
R3#show mpls forwarding-table 10.255.255.6
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
17 20 10.255.255.6/32 0 Et1/3 10.10.13.1R3#ping mpls ipv4 10.255.255.6/32 source 10.255.255.3
Sending 5, 100-byte MPLS Echos to 10.255.255.6/32,
timeout is 2 seconds, send interval is 0 msec:Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 50/94/111 msR3#traceroute mpls ipv4 10.255.255.6/32 source 10.255.255.3
Tracing MPLS Label Switched Path to 10.255.255.6/32, timeout is 2 secondsCodes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0Type escape sequence to abort.
0 10.10.13.2 MRU 1500 [Labels: 20 Exp: 0] --> outgoing label
L 1 10.10.13.1 MRU 1500 [Labels: 16 Exp: 0] 88 ms -> swap label
L 2 10.10.12.2 MRU 1504 [Labels: implicit-null Exp: 0]13 ms label3
! 3 10.10.26.2 43 ms --> label-to-IP
R3#
MPLS VPN — L3VPN
VPN means the creation of a virtual private network and doesn't matter which application or protocol is used. L3 in this case means the customer router will bring up route adj to the Service provider ( OSPF, EIGRP, BGP, etcetera).
To identify prefixes as part of one VRF/VPN we a special field call Route Distinguisher (RD). When matching Prefixes + RD a new address family called VPNv4 is used.
Also, we can use another Route Target (RT) that is an extended community of MP-BGP to allow import and export NLRI among different RD/VPN/VRF.
Note: BGP FREE CORE, this technique is used on VPNv4/v6 L3VPN network. BGP session is brought up only among PE routers.
Label stack
Maybe you remember, the MPLS network is label-forwarding based. When L3VPN is activated, more than one label (VPN label) is inserted. Will take a look at this after in this post.
Tasks:
Use AS1000 as transport using VPNv4/v6;
Leak cloud server network (AS65003) into Customer-YY;
Set up route-reflect-client.
- Create VRF for IPv4 and IPv6 families on PE router
!Both PE
vrf definition CUSTOMER-YY-v4-v6
rd 10000:5
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family!PE R6
vrf definition CLOUD-PARTNER-v4-v6
rd 10000:65003
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family!PE R3
interface Ethernet0/0
description FACING CUSTOMER YY
vrf forwarding CUSTOMER-YY-v4-v6
ip address 100.30.110.1 255.255.255.252
ipv6 address 2001:DB8:A:A::A/64R3#show vrf brief
Name Default RD Protocols Interfaces
CUSTOMER-YY-v4-v6 10000:55 ipv4,ipv6 Et0/0!PE R6
interface Ethernet0/1.55
description CUSTOMER-YY-v4-v6
encapsulation dot1Q 55
vrf forwarding CUSTOMER-YY-v4-v6
ip address 100.60.70.1 255.255.255.252
ipv6 address 2001:DB8:A:B::A/64
!
interface Ethernet0/0.3
description FACING CLOUD SERVER PARTNER
encapsulation dot1Q 3
vrf forwarding CLOUD-PARTNER-v4-v6
ip address 100.60.70.1 255.255.255.0R6#show vrf brief
Name Default RD Protocols Interfaces
CLOUD-PARTNER-v4-v6 10000:65003 ipv4,ipv6 Et0/0.3
CUSTOMER-YY-v4-v6 10000:55 ipv4,ipv6 Et0/1.55
- Bring up Ibgp sessions
!PE R3 Reflector server
router bgp 10000
bgp log-neighbor-changes
bgp listen range 10.255.255.0/24 peer-group IBGP
no bgp default ipv4-unicast
neighbor IBGP peer-group
neighbor IBGP remote-as 10000
neighbor IBGP update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor IBGP activate
neighbor IBGP send-community extended
neighbor IBGP route-reflector-client
exit-address-family
!
address-family vpnv6
neighbor IBGP activate
neighbor IBGP send-community extended
neighbor IBGP route-reflector-client
exit-address-familyR3#show bgp all summary | begin Neighbor
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
*10.255.255.6 4 10000 12 11 10 0 0 00:04:57 3
* Dynamically created based on a listen range command
Dynamically created neighbors: 1, Subnet ranges: 1BGP peergroup IBGP listen range group members:
10.255.255.0/24For address family: VPNv6 Unicast
BGP router identifier 100.255.254.3, local AS number 10000
BGP table version is 1, main routing table version 1Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
*10.255.255.6 4 10000 12 11 1 0 0 00:04:57 0
* Dynamically created based on a listen range command
Dynamically created neighbors: 1, Subnet ranges: 1BGP peergroup IBGP listen range group members:
10.255.255.0/24Total dynamically created neighbors: 1/(100 max), Subnet ranges: 1!PE R6
router bgp 10000
bgp router-id 100.255.254.6
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 10.255.255.3 remote-as 10000
neighbor 10.255.255.3 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 10.255.255.3 activate
neighbor 10.255.255.3 send-community extended
exit-address-family
!
address-family vpnv6
neighbor 10.255.255.3 activate
neighbor 10.255.255.3 send-community extended
exit-address-familyR6#show bgp all summary | begin Neighbor
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.255.255.3 4 10000 10 11 6 0 0 00:03:45 1For address family: VPNv6 Unicast
BGP router identifier 100.255.254.6, local AS number 10000
BGP table version is 1, main routing table version 1Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.255.255.3 4 10000 10 11 1 0 0 00:03:45 0
- Bring up ebgp sessions
!PE R3
address-family ipv4 vrf CUSTOMER-YY-v4-v6
neighbor 100.30.110.2 remote-as 65001
neighbor 100.30.110.2 activate
exit-address-family
! using ipv4 session to transport IPV6 NRLI
address-family ipv6 vrf CUSTOMER-YY-v4-v6
neighbor 100.30.110.2 remote-as 65001
neighbor 100.30.110.2 activate
exit-address-familyeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
*10.255.255.6 4 10000 87 85 12 0 0 01:12:44 2
100.30.110.2 4 65001 37 37 12 0 0 00:29:33 0
* Dynamically created based on a listen range command
Dynamically created neighbors: 1, Subnet ranges: 1BGP peergroup IBGP listen range group members:
10.255.255.0/24For address family: VPNv6 Unicast
BGP router identifier 100.255.254.3, local AS number 10000
BGP table version is 1, main routing table version 1Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
*10.255.255.6 4 10000 87 85 1 0 0 01:12:44 0
100.30.110.2 4 65001 37 37 1 0 0 00:29:33 0!PE R6
address-family ipv4 vrf CLOUD-PARTNER-v4-v6
neighbor 100.60.70.2 remote-as 65003
neighbor 100.60.70.2 activate
exit-address-family
!
address-family ipv6 vrf CLOUD-PARTNER-v4-v6
neighbor 2001:DB8:A:C::2 remote-as 65003
neighbor 2001:DB8:A:C::2 activate
exit-address-family
!
address-family ipv4 vrf CUSTOMER-YY-v4-v6
neighbor 100.60.70.2 remote-as 65003
neighbor 100.60.70.2 activate
exit-address-family
!
address-family ipv6 vrf CUSTOMER-YY-v4-v6
neighbor 2001:DB8:A:B::2 remote-as 65003
neighbor 2001:DB8:A:B::2 activate
exit-address-familyNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.255.255.3 4 10000 86 89 7 0 0 01:13:57 1
100.60.70.2 4 65003 9 9 7 0 0 00:04:43 0
100.60.70.2 4 65002 10 10 7 0 0 00:05:51 0For address family: VPNv6 Unicast
BGP router identifier 100.255.254.6, local AS number 10000
BGP table version is 1, main routing table version 1Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.255.255.3 4 10000 86 89 1 0 0 01:13:57 0
2001:DB8:A:B::2 4 65003 7 7 1 0 0 00:03:30 0
2001:DB8:A:C::2 4 65002 9 9 1 0 0 00:05:18 0
R6#!CE AS 65001 Customer YY Site
router bgp 65001
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 100.30.110.1 remote-as 10000
!
address-family ipv4
neighbor 100.30.110.1 activate
exit-address-family
!
address-family ipv6
neighbor 100.30.110.1 activate
exit-address-family!CE AS 65003 Customer YY site
router bgp 65003
bgp log-neighbor-changes
neighbor 2001:DB8:A:B::A remote-as 10000
neighbor 100.60.70.1 remote-as 10000
!
address-family ipv4
no neighbor 2001:DB8:A:B::A activate
neighbor 100.60.70.1 activate
exit-address-family
!
address-family ipv6
neighbor 2001:DB8:A:B::A activate
exit-address-family!CE 65002 Cloud Delivery DC
router bgp 65002
bgp log-neighbor-changes
neighbor 2001:DB8:A:C::A remote-as 10000
neighbor 100.60.70.1 remote-as 10000
!
address-family ipv4
no neighbor 2001:DB8:A:C::A activate
neighbor 100.60.70.1 activate
exit-address-family
!
address-family ipv6
neighbor 2001:DB8:A:C::A activate
exit-address-family
- Advertise NRLI to SP
!CE AS 65001 Customer YY Site
interface Loopback10
ip address 10.1.0.1 255.255.0.0
ip ospf network point-to-point
ip ospf 10 area 0
ipv6 address 2001:DB8:10::1/48OSPF Router with ID (100.30.110.2) (Process ID 10)Router Link States (Area 0)LS age: 7
Options: (No TOS-capability, DC)
LS Type: Router Links
Link State ID: 100.30.110.2
Advertising Router: 100.30.110.2
LS Seq Number: 80000004
Checksum: 0x64D9
Length: 36
Number of Links: 1Link connected to: a Stub Network
(Link ID) Network/subnet number: 10.1.0.0
(Link Data) Network Mask: 255.255.0.0
Number of MTID metrics: 0
TOS 0 Metrics: 1R11#$v6 unicast neighbors 100.30.110.1 advertised-routes | begin Network
Network Next Hop Metric LocPrf Weight Path
*> 2001:DB8:10::/48 :: 0 32768 iTotal number of prefixes 1
R11#show ip bgp neighbors 100.30.110.1 advertised-routes | begin Network
Network Next Hop Metric LocPrf Weight Path
*> 10.1.0.0/16 0.0.0.0 0 32768 ?Total number of prefixes 1!CE AS 65003 Customer YY Site
address-family ipv4
network 10.2.0.0 mask 255.255.0.0
no neighbor 2001:DB8:A:B::A activate
neighbor 100.60.70.1 activate
exit-address-family
!
address-family ipv6
network 2001:DB8:2::/48
neighbor 2001:DB8:A:B::A activate
R7#$v4 unicast neighbors 100.60.70.1 advertised-routes | begin Network
Network Next Hop Metric LocPrf Weight Path
*> 10.2.0.0/16 0.0.0.0 0 32768 iTotal number of prefixes 1
R70#$v6 unicast neighbors 2001:DB8:A:B::A advertised-routes | begin Network
Network Next Hop Metric LocPrf Weight Path
*> 2001:DB8:2::/48 :: 0 32768 iTotal number of prefixes 1
R7#!CE 65002 Cloud Delivery DC
router bgp 65002
bgp log-neighbor-changes
neighbor 2001:DB8:A:C::A remote-as 10000
neighbor 100.60.70.1 remote-as 10000
!
address-family ipv4
redistribute eigrp 65006
no neighbor 2001:DB8:A:C::A activate
neighbor 100.60.70.1 activate
exit-address-family
!
address-family ipv6
neighbor 2001:DB8:A:C::A activate
exit-address-familyrouter eigrp ccie
!
address-family ipv4 unicast autonomous-system 65006
!
topology base
redistribute bgp 65002 metric 100000 1 255 1 1500
exit-af-topology
network 192.0.2.0 0.0.0.7
- Import and export prefix among same VPN
!PE R3
vrf definition CUSTOMER-YY-v4-v6
rd 10000:55
route-target export 10000:55
route-target import 10000:55
!
address-family ipv4
exit-address-family
!
address-family ipv6
route-target export 10000:55
route-target import 10000:55
exit-address-family!PE R6
vrf definition CLOUD-PARTNER-v4-v6
rd 10000:65003
route-target export 10000:65003
route-target import 10000:65003
!
address-family ipv4
exit-address-family
!
address-family ipv6
route-target export 10000:65003
route-target import 10000:65003
exit-address-family
!
vrf definition CUSTOMER-YY-v4-v6
rd 10000:55
route-target export 10000:55
route-target import 10000:55
!
address-family ipv4
exit-address-family
!
address-family ipv6
route-target export 10000:55
route-target import 10000:55
exit-address-family
- Verify prefix
!CE AS 65003 Customer YY Site
R7#show ip route bgp | begin Gateway
Gateway of last resort is not set10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
B 10.1.0.0/16 [20/0] via 100.60.70.1, 00:04:39R7#show ipv6 route bgp | begin GatewayR7#show bgp ipv6 unicast neighbors 2001:DB8:A:B::A routesTotal number of prefixes 0R7#show bgp ipv6 unicast neighbors 2001:DB8:A:B::A advertised-routes
BGP table version is 2, local router ID is 10.6.14.14
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not foundNetwork Next Hop Metric LocPrf Weight Path
*> 2001:DB8:2::/48 :: 0 32768 iTotal number of prefixes 1
R7#!CE AS 65001 Customer YY Site
R11#show ip route bgp | be Gateway
Gateway of last resort is not set10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
B 10.2.0.0/16 [20/0] via 100.30.110.1, 00:08:18
R11#show bgp ipv6 unicast
BGP table version is 2, local router ID is 10.1.255.11
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not foundNetwork Next Hop Metric LocPrf Weight Path
* 2001:DB8:2::/48 ::FFFF:100.30.110.1
0 10000 65003 i
*> 2001:DB8:10::/48 :: 0 32768 i
Next hop attribute for NRLI IPv6 is not valid. This means R3 cannot offer it to FIB and send it to the next neighbor.
To solve this problem, we'll use route-map to change Next-hop attribute
!CE AS 65001 Customer YY Site
route-map NEXT-HOPv6 permit 10
set ipv6 next-hop 2001:DB8:A:A::Arouter bgp 65001
address-family ipv6
network 2001:DB8:10::/48
neighbor 100.30.110.1 activate
neighbor 100.30.110.1 route-map NEXT-HOPv6 in
exit-address-family!PE R3
route-map NEXT-HOPv6 permit 10
set ipv6 next-hop 2001:DB8:A:A::2router bgp 10000
address-family ipv6 vrf CUSTOMER-YY-v4-v6
neighbor 100.30.110.2 remote-as 65001
neighbor 100.30.110.2 activate
neighbor 100.30.110.2 route-map NEXT-HOPv6 in
R11#ping 2001:DB8:2::1 source 2001:DB8:10::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:2::1, timeout is 2 seconds:
Packet sent with a source address of 2001:DB8:10::1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms- VRF leak to allow CUSTOMER SITE AS65001 to access Cloud Services
A new Route-target will create 10000:1920, and be used to import/export Cloud into Customer and vice versa.
!PE R6
vrf definition CUSTOMER-YY-v4-v6
rd 10000:55
route-target export 10000:55
route-target export 10000:1920
route-target import 10000:55
route-target import 10000:1920
!
vrf definition CLOUD-PARTNER-v4-v6
rd 10000:65003
route-target export 10000:65003
route-target export 10000:1920
route-target import 10000:65003
route-target import 10000:1920!PE R3
vrf definition CUSTOMER-YY-v4-v6
rd 10000:55
route-target export 10000:55
route-target export 10000:1920
route-target import 10000:55
route-target import 10000:1920
Verification
R11#show ip route bgp | be Gateway
Gateway of last resort is not set10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
B 10.2.0.0/16 [20/0] via 100.30.110.1, 00:13:02
192.0.2.0/29 is subnetted, 1 subnets
B 192.0.2.0 [20/0] via 100.30.110.1, 00:01:52
R11#ping 10.2.0.1 source lo10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.0.1, timeout is 2 seconds:
Packet sent with a source address of 10.1.0.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/6 ms
R11#traceroute 10.2.0.1 source lo10
Type escape sequence to abort.
Tracing the route to 10.2.0.1
VRF info: (vrf in name/id, vrf out name/id)
1 100.30.110.1 0 msec 0 msec 1 msec
2 10.10.13.1 [MPLS: Labels 20/22 Exp 0] 1 msec 1 msec 2 msec
3 10.10.12.2 [MPLS: Labels 16/22 Exp 0] 1 msec 1 msec 1 msec
4 100.60.70.1 [MPLS: Label 22 Exp 0] 1 msec 1 msec 1 msec
5 100.60.70.2 1 msec * 2 msec
Note, MPLS TTL shares information with TTL IP heard. We can hide backbone label information.
On all MPLS routers
no mpls ip propagate-ttl forwardedDiff
R11#ping 10.2.0.1 source lo10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.0.1, timeout is 2 seconds:
Packet sent with a source address of 10.1.0.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R11#traceroute 10.2.0.1 source lo10
Type escape sequence to abort.
Tracing the route to 10.2.0.1
VRF info: (vrf in name/id, vrf out name/id)
1 100.30.110.1 1 msec 0 msec 0 msec
2 100.60.70.1 [MPLS: Label 22 Exp 0] 1 msec 1 msec 1 msec
3 100.60.70.2 1 msec * 1 msec
Another great to is sabe label allocation, and allocated label based on VRf instead of prefixes.
mpls label mode all-vrfs protocol bgp-vpnv6 per-vrf
mpls label mode all-vrfs protocol bgp-vpnv4 per-vrf
- Allow Default route via DC cloud service
router eigrp ccie
!
address-family ipv4 unicast autonomous-system 65006
!
topology base
redistribute bgp 65002 metric 100000 1 255 1 1500router bgp 65002
address-family ipv4
redistribute eigrp 65006
no neighbor 2001:DB8:A:C::A activate
neighbor 100.60.70.1 activate
default-information originate
Testing Services
Great resources
MPLS Basic MPLS Configuration Guide, Cisco. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_basic/configuration/xe-16/mp-basic-xe-16-book/multiprotocol-label-switching-mpls-on-cisco-routers.html
Layer 3 VPN (L3VPN), Cisco.
https://www.cisco.com/c/en/us/products/ios-nx-os-software/layer-3-vpns-l3vpn/index.html
BGP Free Core, By Leonardo Furtado, youtube channel.
watch here https://www.youtube.com/watch?v=OokjEVYf6FM
CCIE Routing and Switch v5.0, Volume 2, 5th Edition. By Narbik Kocharians, Terry Vinson.
MPLS Fundamentals, LiveLesson, Luc De Ghein (Cisco Press).
