Lab Setup-men Part 2_norestriction
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Lab Setup-men Part 2_norestriction as PDF for free.
More details
- Words: 12,444
- Pages: 93
Lab Setup-MEN Part 2
PC-C
SW-C Fe 0/0/9 Ge 0/0/1
1/0/4
RT-C
1/0/6
1/0/8
1/0/0
1/0/4
1/0/2 2/1
1/2
2/4
1/1 2/0/2 1/0/2
2/2
1/3 1/1
2/0/4
1/2
RT-D 2/0/0
RT-A
1/0/0 RT-E
RT-B
1/4
RT-F
2/0/8 1/0/6
2/3 Ge0/1 Ge0/1 2/5
2/0/6
SW-D
Ge 0/0/1
Ge 0/0/1
SW-A Fe0/9
SW-B SW-E Fe 0/0/9
PC-A
CX600- RT-C, RT-D, RT-E C7609-RT-A, RT-B, RT-F C3400 – SW-A CX200D – SW-B, SW-C
PC-B
Lab1- Configuring Basic BGP Functions RT-C 1/0/0
1/0/2
1/2
2/1
2/2
RT-A
2/0/2
1/1
1/3 RT-B
2/0/4
1/0/2
2/0/0
1/1 1/2
1/0/0
RT-D
RT-E
RT-F
2/3 0/1
Group1- RT-A & RT-B Group2- RT-C & RT-D CX600- RT-C, RT-D, RT-E
Group3- RT-E & RT-F
C7609-RT-A, RT-B, RT-F
AS 65001
AS 65000
AS 65002
Summary IP-192.168.0.0/16
Summary IP-10.0.0.0/8
Summary IP-172.16.0.0/16
RT-A
RT-B
RT-E
Lo- 192.168.255.12/32
Lo- 10.0.255.11/32
Lo- 172.16.255.33/32
2/2 -10.0.1.2/30
1/1 -10.0.1.1/30
1/0/0 -10.0.2.2/30
2/1-192.168.0.1/30
1/2 -10.0.0.1/30
1/0/2 -172.16.0.1/30
2/3 -Switchport
1/3 -10.0.0.10/30
RT-F
RT-C
Lo- 172.16.255.23/32
Lo- 10.0.255.21/32
1/2 -172.16.0.2/30
1/0/0 -10.0.0.2/30
1/1 -192.168.0.2/30
1/0/2 -10.0.0.5/30 RT-D Lo- 10.0.255.31/32 2/0/0 -10.0.2.1/30 2/0/4 -10.0.0.9/30 2/0/2 -10.0.0.6/30 1
Configuration Procedure Step 1 1.
Clear the Configuration
2.
Change the hostname or sysname
3.
Configure the IP address for each interface Interface loopback0 Ip address 192.168.255.12 255.255.255.255 Interface gigabitethernet 2/2 Ip address 10.0.1.2 255.255.255.252 No shut/undo shut Negotiation auto (on CX port, if it is connected to Cisco)
Step 2 Configure IBGP connections. # Configure RT-B. RT-B(config)#router bgp 65000 RT-B(config-router)#neighbor 10.0.0.2 remote-as 65000 RT-B(config-router)#neighbor 10.0.0.9 remote-as 65000
# Configure RT-D. [RT-D] bgp 65000 [RT-D-bgp] peer 10.0.0.10 as-number 65000 [RT-D-bgp] peer 10.0.0.5 as-number 65000
# Configure RT-C. [RT-C] bgp 65000 [RT-C-bgp] peer 10.0.0.1 as-number 65000 [RT-C-bgp] peer 10.0.0.6 as-number 65000
# Configure RT-E. [RT-E] bgp 65002 [RT-E-bgp] peer 172.16.0.2 as-number 65002
# Configure RT-F. RT-F(config)#router bgp 65002 RT-F(config-router)#neighbor 172.16.0.1 remote-as 65002
2
Check:Disp bgp peer Show bgp neighbor Disp bgp routing-table Show ip route bgp There is no bgp routes in the routing table
Step 3 Configure EBGP. # Configure RT-A. RT-A(config)#router bgp 65001 RT-A(config-router)#neighbor 10.0.255.11 remote-as 65000 RT-A(config-router)#neighbor 10.0.255.11 update-source loopback0 RT-A(config-router)#neighbor 10.0.255.11 ebgp-multihop 3 RT-A(config)#ip route 10.0.0.0
255.0.0.0
10.0.1.1
RT-A(config-router)#neighbor 172.16.255.23 remote-as 65002 RT-A (config-router)#neighbor 172.16.255.23 update-source loopback0 RT-A(config-router)#neighbor 172.16.255.23 ebgp-multihop 3 RT-A(config)#ip route 172.16.0.0
255.255.0.0
192.168.0.2
# Configure RT-B. RT-B(config)#router bgp 65000 RT-B(config-router)#neighbor 192.168.255.12 remote-as 65001 RT-B(config-router)#neighbor 192.168.255.12 update-source loopback0 RT-B(config-router)#neighbor 192.168.255.12 ebgp-multihop 3 RT-B(config)#ip route 192.168.0.0
255.255.0.0
10.0.1.2
# Configure RT-D. [RT-D] bgp 65000 [RT-D-bgp] peer 172.16.255.33 as-number 65002 [RT-D-bgp] peer 172.16.255.33 connect-interface loopback0 [RT-D-bgp] peer 172.16.255.33 ebgp-max-hop 3 [RT-D] ip route-static 172.16.0.0
16
10.0.2.2
# Configure RT-E. [RT-E] bgp 65002 [RT-E-bgp] peer 10.0.255.31 as-number 65000 [RT-E-bgp] peer 10.0.255.31 connect-interface loopback0 [RT-E-bgp] peer 10.0.255.31 ebgp-max-hop 3 [RT-E] ip route-static 10.0.0.0
8
10.0.2.1
3
# Configure RT-F. RT-F(config)#router bgp 65002 RT-F(config-router)#neighbor 192.168.255.12 remote-as 65001 RT-F(config-router)#neighbor 192.168.255.12 update-source loopback0 RT-F(config-router)#neighbor 192.168.255.12 ebgp-multihop 3 RT-F(config)#ip route 192.168.0.0
255.255.0.0
192.168.0.1
# Display the connection status of the BGP peers. [CX] display bgp peer Cisco# show bgp neighbor It should be established
Step 4 Configure RT-A to advertise 100.0.0.0/8. Connect Switch to the gigaetherent interface Switch(config-if)# switchport mode trunk Switch(config-if)#switchport trunk allow vlan all Switch(config-if)#no shut Switch(config)# vlan 100 Switch(config)# interface vlan 100 Switch(config-if)#ip address 100.0.0.2
255.0.0.0
Switch(config-if)#no shut Switch(config)#ip default-gateway
100.0.0.1
[Quidway]ip route-static 0.0.0.0
0
vlanif 100
RT-A(config-if)#switchport RT-A(config-if)#switchport trunk encaspulation dot1q RT-A(config-if)#switchport mode trunk RT-A(config-if)#switchport trunk allow vlan all RT-A(config-if)#no shut RT-A(config)#vlan 100 RT-A(config)#interface vlan 100 RT-A(config-if)#ip address 100.0.0.1
255.0.0.0
RT-A(config-if)#no shut RT-A(config)#router bgp 65001 RT-A(config-router)# address-family ipv4 RT-A(config-router-af)# network 100.0.0.0
mask
255.0.0.0
4
# Display the routing table of RT-B. RT-B# show ip route bgp B
100.0.0.0/8
[20/0]
via
192.168.255.12
Check: RT-B# ping 100.0.0.1 Reply from RT-A
# Display the routing table of RT-C. [RT-C] display bgp routing-table
i
Network
NextHop
MED
100.0.0.0
192.168.255.12
LocPrf
0
100
PrefVal Path/Ogn 0
65001i
Check: [RT-C] ping 100.0.0.1 No Reply from RT-A
# Display the routing table of RT-D. [RT-D] display bgp routing-table Network i
100.0.0.0
NextHop
MED
LocPrf
192.168.255.12
0
100
PrefVal Path/Ogn 0
65001i
Check: [RT-D] ping 100.0.0.1 No Reply from RT-A
# Display the routing table of RT-F. RT-F# show ip route bgp B
100.0.0.0/8
[20/0]
via
192.168.255.12
Check: RT-F# ping 100.0.0.1 Reply from RT-A
Note:- To Solve the above problem • •
In Step5 we will change the BGP route next hop and reach 100.x.x.x network without using OSPF AS specific routes should be available in the ip routing table. In step3 this is manually added in ASBR, but it should be redistributed in the entire AS. We will do this by using OSPF in Step6 5
Step 5 Configure ASBR to change the next hop as self # Configure RT-B for route updates from AS65001 to AS65000 RT-B(config-router)address-family ipv4 RT-B(config-router-af)neighbor 10.0.0.2 next-hop-self RT-B(config-router-af)neighbor 10.0.0.9 next-hop-self Check: On RT-C [RT-C] disp bgp route *>i
100.0.0.0
10.0.0.1
0
100
0
65001i
[RT-C] ping 100.0.0.1 Reply from RT-A
# Configure RT-D for route updates from AS65000 to AS65002 [RT-D-bgp]peer 172.16.255.33 next-hop-local
# Configure RT-F for route updates from AS65001 to AS65002 RT-F(config-router)address-family ipv4 RT-F(config-router-af)neighbor 172.16.0.1 next-hop-self Check: On RT-E [RT-E] disp bgp route *>i
100.0.0.0
172.16.0.2
0
100
0
65001i
Note: Remove next-hop-self and next-hop-local commands before starting step6
6
Step 6 Configure OSPF on each network of ASs # Configure AS65001 RT-A(config)# router ospf 200 RT-A(config-router)# network 192.168.255.12 0.0.0.0 area 0 RT-A(config-router)# network 192.168.0.0 0.0.255.255 area 0 RT-A(config-router)# network 100.0.0.0 0.0.0.255 area 0 RT-A(config-router)# redistributed connected RT-A(config-router)# redistributed static
# Configure AS65000 RT-B(config)# router ospf 100 RT-B(config-router)# network 10.0.255.11 0.0.0.0 area 0 RT-B(config-router)# network 10.0.0.0
0.255.255.255 area 0
RT-B(config-router)# redistributed connected RT-B(config-router)# redistributed static
[RT-D]ospf 100 [RT-D-ospf-100]area 0 [RT-D-ospf-100-area-0.0.0.0]network 10.0.255.31 0.0.0.0 [RT-D-ospf-100-area-0.0.0.0]network 10.0.0.0 0.255.255.255 [RT-D-ospf-100]import-route direct [RT-D-ospf-100]import-route static
[RT-C]ospf 100 [RT- C-ospf-100]area 0 [RT-C-ospf-100-area-0.0.0.0]network 10.0.255.21 0.0.0.0 [RT-C-ospf-100-area-0.0.0.0]network 10.0.0.0 0.255.255.255 [RT-C-ospf-100]import-route direct [RT-C-ospf-100]import-route static
7
# Configure AS65002 [RT-E]ospf 300 [RT-E-ospf-300]area 0 [RT-E-ospf-300-area-0.0.0.0]network 172.16.255.33 0.0.0.0 [RT-E-ospf-300-area-0.0.0.0]network 172.16.0.0 0.0.255.255 [RT-E-ospf-300]import-route direct [RT-E-ospf-300]import-route static
RT-F(config)# router ospf 300 RT-F(config-router)# network 172.16.255.23 0.0.0.0 area 0 RT-F(config-router)# network 172.16.0.0 0.0.255.255 area 0 RT-F(config-router)# redistributed connected RT-F(config-router)# redistributed static
Check:
Ping any IP from any where
8
Lab2- Working with BGP & IGP
2/4
1/0/4
1/0/2
2/0/2
RT-A RT-C
RT-D
2/3 0/1
Group1- RT-A Group2- RT-C CX600- RT-C, RT-D
Group3- RT-D
C7609-RT-A
AS 65001
AS 65000
Summary IP-192.168.0.0/16
Summary IP-10.0.0.0/8
RT-A
RT-C
Lo- 192.168.255.12/32
Lo- 10.0.255.11/32
2/4 -10.0.1.2/30
1/0/4 -10.0.1.1/30
2/3 - Switchport
1/0/2 -10.0.0.1/30 RT-D Lo- 10.0.255.21/32 2/0/2 -10.0.0.2/30
1
Configuration Roadmap The configuration roadmap is as follows: 1.
Configure the OSPF protocol on RT-C and RT-D to realize the interconnection.
2.
Configure the EBGP connection on RT-A and RT-C.
3.
Enable BGP and OSPF to import routes from each other on RT-C, and check the routing information.
4.
Configure BGP route aggregation on RT-C and simplify the BGP routing table.
Configuration Procedure Step 1 1.
Clear the Configuration
2.
Change the hostname or sysname
3.
Configure the IP address for each interface Interface loopback0 Ip address 192.168.255.12 255.255.255.255 Interface gigabitethernet 1/0/4 Ip address 10.0.1.1 255.255.255.252 No shut/undo shut Negotiation auto (on CX port, if it is connected to Cisco)
Step 2 Configure OSPF in AS 65000 [RT-C]ospf 100 [RT-C-ospf-100]area 0 [RT-C-ospf-100-area-0.0.0.0]network 10.0.255.11 [RT-C-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
[RT-D]ospf 100 [RT-D-ospf-100]area 0 [RT-D-ospf-100-area-0.0.0.0]network 10.0.255.21 [RT-D-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
Step 3 Configure EBGP. # Configure RT-A. RT-A(config)#router bgp 65001 RT-A(config-router)#neighbor 10.0.255.11 remote-as 65000 RT-A(config-router)#neighbor 10.0.255.11 update-source loopback0 RT-A(config-router)#neighbor 10.0.255.11 ebgp-multihop 3 RT-A(config)#ip route 10.0.255.11
255.255.255.255
2
10.0.1.1
# Configure RT-C. [RT-C]bgp 65000 [RT-C-bgp] peer 192.168.255.12 as-number 65001 [RT-C-bgp] peer 192.168.255.12 connect-interface loopback0 [RT-C-bgp]peer 192.168.255.12 ebgp-max-hop 3 [RT-C]ip route-static 192.168.255.12
255.255.255.255
10.0.1.2
# Display the connection status of the BGP peers. [CX] display bgp peer Cisco# show bgp neighbor It should be established
Step 4 Configure RT-A to advertise 100.0.0.0/8. Connect Switch to the gigaetherent interface Switch(config-if)# switchport mode trunk Switch(config-if)#switchport trunk allow vlan all Switch(config-if)#no shut Switch(config)# vlan 100 Switch(config)# interface vlan 100 Switch(config-if)#ip address 100.0.0.2
255.0.0.0
Switch(config-if)#no shut Switch(config)#ip default-gateway
100.0.0.1
[Quidway]ip route-static 0.0.0.0
0
vlanif 100
RT-A(config-if)#switchport RT-A(config-if)#switchport trunk encaspulation dot1q RT-A(config-if)#switchport mode trunk RT-A(config-if)#switchport trunk allow vlan all RT-A(config-if)#no shut RT-A(config)#vlan 100 RT-A(config)#interface vlan 100 RT-A(config-if)#ip address 100.0.0.1
255.0.0.0
RT-A(config-if)#no shut RT-A(config)#router bgp 65001 RT-A(config-router)# address-family ipv4 RT-A(config-router-af)# network 100.0.0.0
mask
255.0.0.0
3
# Display the routing table of RT-C. [RT-C] display bgp routing-table
Network *i>
100.0.0.0
NextHop
MED
192.168.255.12
LocPrf 0
100
PrefVal Path/Ogn 0
[RT-C] display ip routing-table protocol ospf You will see 4 routes 1 active route of 10.0.255.21/32 3 inactive route of directly connected networks
Step 5 Configure BGP on RT-C to import OSPF routes [RT-C-bgp] ipv4-family unicast [RT-C-bgp-af-ipv4] import-route ospf 100
# Display the routing table of RT-A RT-A# show ip route bgp You should see 2 OSPF routes of 10.x.x.x in BGP routing table
Step 6 Configure OSPF on RT-C to import BGP routes [RT-C-ospf-100] import-route bgp
# Display the routing table of RT-D [RT-D] display ip routing-table You should see BGP route of 100.x.x.x in OSPF routing table
To check: Ping 100.0.0.1 form RT-D
4
65001i
Step 7 Configure the automatic route aggregation. # Configure RT-C [RT-C] bgp 65000 [RT-C-bgp] ipv4-family unicast [RT-C-bgp-af-ipv4] summary automatic
# Display the routing table of RT-A. [RT-A] display bgp routing-table You should see single route for all 10.x.x.x networks of AS 65000
5
Lab3- Configuring AS-Path Filter EBGP connections are set up between RT-A, RT-C, and RT-D. Configure the AS-Path filter on RT-A. AS 65001 thus does not advertises routes of AS 65002 to AS 65000, or advertise routes of AS 65000 to AS 65002.
RT-C 1/0/4
2/4
1/0/2
RT-A
2/0/2
2/5 2/0/6 RT-D
Group1- RT-A Group2- RT-C
CX600- RT-C, RT-D
Group3- RT-D
C7609-RT-A
AS 65001
AS 65000
AS 65002
Summary IP-192.168.0.0/16
Summary IP-10.0.0.0/8
Summary IP-172.16.0.0/16
RT-A
RT-C
RT-D
Lo- 192.168.255.12/32
Lo- 10.0.255.11/32
Lo- 172.16.255.13/32
2/4 -10.0.1.2/24
1/0/4 -10.0.1.1/24
2/0/2-10.0.2.2/24
2/5 - 10.0.3.1/24
1/0/2-10.0.2.1/24
2/0/6 -10.0.3.2/24
1
Configuration Roadmap The configuration roadmap is as follows: 1.
Configure the EBGP connecting between RT-C and RT-A, RT-A and RT-D, RT-D and RT-C respectively, and import direct routes.
2.
Configure the AS-Path on RT-A, and apply the filtering rule.
Configuration Procedure Step 1 1.
Clear the Configuration
2.
Change the hostname or sysname
3.
Configure the IP address for each interface
Step 2 Configure EBGP.
# Configure RT-A RT-A(config)#router bgp 65001 RT-A(config-router)#neighbor 10.0.255.11 remote-as 65000 RT-A(config-router)#neighbor 10.0.255.11 update-source loopback0 RT-A(config-router)#neighbor 10.0.255.11 ebgp-multihop 3 RT-A(config)#ip route 10.0.255.11
255.255.255.255
10.0.1.1
RT-A(config-router)#neighbor 172.16.255.13 remote-as 65002 RT-A(config-router)#neighbor 172.16.255.13 update-source loopback0 RT-A(config-router)#neighbor 172.16.255.13 ebgp-multihop 3 RT-A(config)#ip route 172.16.255.13
255.255.255.255
10.0.3.2
RT-A(config-router)#redistributed connected
# Configure RT-C. [RT-C] bgp 65000 [RT-C-bgp] peer 192.168.255.12 as-number 65001 [RT-C-bgp] peer 192.168.255.12 connect-interface loopback0 [RT-C-bgp] peer 192.168.255.12 ebgp-max-hop 3 [RT-C]ip route-static 192.168.255.12
32
10.0.1.2
[RT-C-bgp] peer 172.16.255.13 as-number 65002 [RT-C-bgp] peer 172.16.255.13 connect-interface loopback0 [RT-C-bgp] peer 172.16.255.13 ebgp-max-hop 3 [RT-C]ip route-static 172.16.255.13 32
10.0.2.2
[RT-C-bgp] import-route direct
2
# Configure RT-D [RT-D] bgp 65002 [RT-D-bgp] peer 192.168.255.12 as-number 65001 [RT-D-bgp] peer 192.168.255.12 connect-interface loopback0 [RT-D-bgp] peer 192.168.255.12 ebgp-max-hop 3 [RT-D]ip route-static 192.168.255.12
32
10.0.3.1
[RT-D-bgp] peer 10.0.255.11 as-number 65000 [RT-D-bgp] peer 10.0.255.11 connect-interface loopback0 [RT-D-bgp] peer 10.0.255.11 ebgp-max-hop 3 [RT-D]ip route-static 10.0.255.11
32
10.0.1.1
[RT-D-bgp] import-route direct
# Display the connection status of the BGP peers. [CX] display bgp peer Cisco# show bgp neighbor It should be established
# Check the routing table advertised by RT-A to peer RT-C. You can find that RT-A advertises the routes for direct network between RT-C and RT-D. RT-A#show bgp ipv4 unicast neighbors 10.0.255.11 advertised-routes
BGP table version is 13, local router ID is 192.168.255.12 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network
Next Hop
Metric LocPrf Weight Path
*> 10.0.1.0/24
0.0.0.0
0
*> 10.0.2.0/24
172.16.255.13
0
*> 10.0.3.0/24
0.0.0.0
0
r> 10.0.255.11/32
10.0.255.11
0
0 65000 ?
0
0 65002 ?
r> 172.16.255.13/32 172.16.255.13
32768 ? 0 65002 ? 32768 ?
*> 192.168.255.12/32 0.0.0.0
0
32768 ?
Total number of prefixes 6
Huawei command display bgp routing-table peer 10.0.255.11 advertised-routes
3
Check the routing table of RT-C, and you can find that RT-C learns the two routes advertised by RT-A. display bgp routing-table Total Number of Routes: 13 BGP Local router ID is 10.0.255.11 Status codes: * - valid, > - best, d - damped, h - history,
i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
*>
Network
NextHop
MED
10.0.1.0/24
0.0.0.0
0
0
?
192.168.255.12
0
0
65001?
*
LocPrf
PrefVal Path/Ogn
*>
10.0.1.1/32
0.0.0.0
0
0
?
*>
10.0.2.0/24
0.0.0.0
0
0
?
*
172.16.255.13
0
0
65002?
*
192.168.255.12
0
65001 65002?
*>
10.0.2.1/32
0.0.0.0
0
0
?
*>
10.0.3.0/24
172.16.255.13
0
0
65002?
192.168.255.12
0
0
65001?
10.0.255.11/32
0.0.0.0
0
0
?
172.16.255.13/32
172.16.255.13
0
0
65002?
0
65001 65002?
0
65001?
* *> *
192.168.255.12 192.168.255.12/32
192.168.255.12
0
Step 3 Configure the AS-Path filter on RT-A and apply the filter in the outgoing direction of RT-A # Create AS-Path filter 1, refusing the passing of routes carrying AS 65002 (The regular expression _65002_ indicates any AS list that contains AS 65002 and * matches any character.) RT-A(config)# ip as-path access-list 1 deny _65002_ RT-A(config)# ip as-path access-list 1 permit .*
# Create AS-Path filter 2, refusing the passing of routes carrying AS 65000. RT-A(config)# ip as-path access-list 2 deny _65000_ RT-A(config)# ip as-path access-list 2 permit .*
# Apply the AS-Path filter in two outgoing directions of RT-A. RT-A#router bgp 65001 RT-A(config-router)# neighbor 10.0.255.11 filter-list 1 out RT-A(config-router)# neighbor 172.16.255.13 filter-list 2 out
Additional Info:- If RT-A is a CX600 router use following commands # Create AS-Path filter 1, refusing the passing of routes carrying AS 65002. [RT-A] ip as-path-filter 1 deny _65002_
4
[RT-A] ip as-path-filter 1 permit .* # Create AS-Path filter 2, refusing the passing of routes carrying AS 65000. [RT-A] ip as-path-filter 2 deny _65000_ [RT-A] ip as-path-filter 2 permit .* # Apply the AS-Path filter in two outgoing directions of RT-A [RT-A] bgp 20 [RT-A-bgp] peer 200.1.2.1 as-path-filter 1 export [RT-A-bgp] peer 200.1.3.2 as-path-filter 2 export
Step 4 Check the routing table advertised by RT-A, and it will not have advertised direct routes for networks between RT-C and RT-D.
RT-A#show bgp ipv4 unicast neighbor 10.0.255.11 advertised-routes
It will not have routes learned from AS65002.
BGP table version is 13, local router ID is 192.168.255.12 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network
Next Hop
Metric LocPrf Weight Path
*> 10.0.1.0/24
0.0.0.0
0
32768 ?
*> 10.0.3.0/24
0.0.0.0
0
32768 ?
0.0.0.0
0
32768 ?
*> 192.168.255.12/32
Total number of prefixes 3
Additional Info:- If RT-A is a CX600 router use following commands display bgp routing-table peer 172.16.255.13 advertised-routes
Similarly, the BGP routing table of RT-C does not have the two routes. display bgp routing-table
This will not have routes coming from AS65002 via AS65001 Total Number of Routes: 11 BGP Local router ID is 10.0.255.11 Status codes: * - valid, > - best, d - damped,
5
h - history,
i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
*>
Network
NextHop
MED
10.0.1.0/24
0.0.0.0
0
0
?
192.168.255.12
0
0
65001?
*
LocPrf
PrefVal Path/Ogn
*>
10.0.1.1/32
0.0.0.0
0
0
?
*>
10.0.2.0/24
0.0.0.0
0
0
?
172.16.255.13
0
0
65002?
* *>
10.0.2.1/32
0.0.0.0
0
0
?
*>
10.0.3.0/24
172.16.255.13
0
0
65002?
192.168.255.12
0
0
65001?
10.0.255.11/32
0.0.0.0
0
0
?
172.16.255.13/32
172.16.255.13
0
0
65002?
192.168.255.12/32
192.168.255.12
0
0
65001?
* *>
Step 5 # Similarly Check the routing table advertised by RT-A to RT-D
It will not have routes learned from AS65000 via AS65001
6
Additional Info: MetacharacterCisco
MetacharacterHuawei
Connotation
\
Indicates escape character.
.
.
Matches any single character including the space except for \n.
*
*
Indicates that characters on the left of it appear for 0 or many times continuously in the target object
+
+
Indicates that characters on the left of it appear for 1 or many times continuously in the target object.
|
|
The 'or' relationship exists between characters on the left and right sides of it.
^
^
Characters on the right of it must appear at the beginning of the target object.
$
$
Characters on the left of it must appear at the end of the target object.
[]
[xyz]
Matches the character listed in the square character.
[^ ]
[^xyz]
Matches any character that is not listed in the square bracket (^ is on the left of the character).
-
[a-z]
Matches any character within the specified range.
[^a-z]
Matches any character that is not within the specified range.
{n}
The matches appear for n times (n is a non-negative integer).
{n,}
The matches appear for at least n times (n is a non-negative integer).
{n,m}
The matches appear for n–m times (m and n are non-negative integer and n is smaller than or equal to m). Note that there is no space between n and m.
?
Zero or one instance of the character or pattern
7
Lab4- BGP Community Attribute Networking Requirements RT-A creates EBGP connections with RT-C and RT-D respectively. You can configure the No_Export community attribute on RT-C. Thus, the routes advertised from AS65000 to AS65001 are not advertised to other ASs.
RT-C Ge0/0/1
1/0/4
SW-C
1/0/6
2/4
RT-A 2/5 2/0/6 RT-D
Group1- RT-A Group2- RT-C , SW-C
CX600- RT-C, RT-D
Group3- RT-D
C7609-RT-A CX200D- SW-C
AS 65001
AS 65000
AS 65002
Summary IP-192.168.0.0/16
Summary IP-10.0.0.0/8
Summary IP-172.16.0.0/16
RT-A
RT-C
RT-D
Lo- 192.168.255.12/32
Lo- 10.0.255.11/32
Lo- 172.16.255.13/32
2/4 -10.0.1.2/24
1/0/4 -10.0.1.1/24
2/0/6 -10.0.3.2/24
2/5 - 10.0.3.1/24
1/0/6 - Switchport
1
Configuration Roadmap The configuration roadmap is as follows: 1. Configure the EBGP connection between RT-C and RT-A, as well as between RT-A and RT-D. 2. Configure the routing policy on RT-C, and advertise No_Export community attribute.
Configuration Procedure Step 1 1.
Clear the Configuration
2.
Change the hostname or sysname
3.
Configure the IP address for each interface
Step 2 Configure the EBGP.
# Configure RT-C. [RT-C] bgp 65000 [RT-C-bgp] peer 192.168.255.12 as-number 65001 [RT-C-bgp] peer 192.168.255.12 connect-interface loopback0 [RT-C-bgp] peer 192.168.255.12 ebgp-max-hop 3 [RT-C]ip route-static 192.168.255.12
32
10.0.1.2
[RT-C-bgp] ] ipv4-family unicast [RT-C-bgp-af-ipv4] network 100.0.0.0 255.0.0.0 [RT-C-GigabitEthernet1/0/6]portswitch [RT-C-GigabitEthernet1/0/6]port link-type trunk [RT-C-GigabitEthernet1/0/6]port trunk allow-pass vlan all [RT-C-GigabitEthernet1/0/6]undo shut [RT-C]vlan 100 [RT-C]interface Vlanif 100 [RT-C-Vlan127]ip address 100.0.0.1
255.0.0.0
2
Connect Switch to the gigaetherent interface [SW-C-gigabitethernet0/0/1]port link-type trunk [SW-C-gigabitethernet0/0/1]port trunk allow-pass vlan all [SW-C-gigabitethernet0/0/1]bpdu enable [SW-C-gigabitethernet0/0/1]undo shut [SW-C ]vlan 100 [SW-C ]interface vlan 100 [SW-C-vlanif100]ip address 100.0.0.2
255.0.0.0
[SW-C-vlanif100]undo shut [SW-C]ip route-static 0.0.0.0
0
vlanif 100
# Configure RT-A RT-A(config)#router bgp 65001 RT-A(config-router)#neighbor 10.0.255.11 remote-as 65000 RT-A(config-router)#neighbor 10.0.255.11 update-source loopback0 RT-A(config-router)#neighbor 10.0.255.11 ebgp-multihop 3 RT-A(config)#ip route 10.0.255.11
255.255.255.255
10.0.1.1
RT-A(config-router)#neighbor 172.16.255.13 remote-as 65002 RT-A(config-router)#neighbor 172.16.255.13 update-source loopback0 RT-A(config-router)#neighbor 172.16.255.13 ebgp-multihop 3 RT-A(config)#ip route 172.16.255.13
255.255.255.255
10.0.3.2
# Configure RT-D [RT-D] bgp 65002 [RT-D-bgp] peer 192.168.255.12 as-number 65001 [RT-D-bgp] peer 192.168.255.12 connect-interface loopback0 [RT-D-bgp] peer 192.168.255.12 ebgp-max-hop 3 [RT-D]ip route-static 192.168.255.12
32
10.0.3.1
3
# Display the routing table of RT-A. RT-A# show ip bgp 100.0.0.0 BGP routing table entry for 100.0.0.0/8, version 34 Paths: (1 available, best #1, table default) Advertised to update-groups:
1
65000 10.0.255.11 from 10.0.255.11 (10.0.255.11) Origin IGP, metric 0, localpref 100, valid, external, best
You can see that RT-A advertises the routes received from RT-C to RT-D in AS65002.
# Display the routing table of RT-D [RT-D] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 172.16.255.13 Status codes: * - valid, > - best, d - damped, h - history,
i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
*>
Network
NextHop
100.0.0.0
192.168.255.12
MED
LocPrf
PrefVal Path/Ogn 0
65001
65000i
From the routing table, you can confirm that RT-D has learned a route to the destination 100.0.0.0/8 from RT-A
Step 3 Configure BGP community attributes. # Configure the routing policy on RT-C to enable RT-C to advertise routes to RT-A. As the result RT-A does not advertise the routes advertised by RT-C to any other AS. [RT-C] route-policy RT-A permit node 10 Info: New Sequence of this List !! [RT-C-route-policy] apply community no-export
# Apply routing policies. [RT-C] bgp 65000 [RT-C-bgp] ipv4-family unicast [RT-C-bgp-af-ipv4] peer 192.168.255.12 route-policy RT-A export [RT-C-bgp-af-ipv4] peer 192.168.255.12 advertise-community
4
Additional Info: It RT-C is a Cisco router than use following commands access-list 1 permit 100.0.0.0 Route-map RT-C permit 10 Match ip address 1 Set community no-export Route-map RT-C permit 20
# Apply routing policies. RT-C(config-router)#neighbor 192.168.255.12 send-community RT-C(config-router)#neighbor 192.168.255.12 route-map RT-C out
# Display the routing table of RT-A. RT-A# show ip bgp 100.0.0.0 BGP routing table entry for 100.0.0.0/8, version 40 Paths: (1 available, best #1, table default, not advertised to EBGP peer) Flag: 0x880 Not advertised to any peer 65000 10.0.255.11 from 10.0.255.11 (10.0.255.11) Origin IGP, metric 0, localpref 100, valid, external, best Community: no-export
You can see the configured community attribute in the routing table of RT-A. At this time, there are no routes to the destination 100.0.0.0/8 in the routing table of RT-D
5
Lab5- BGP Load Balancing and the MED Attribute
RT-C 1/0/4
2/4
1/0/2
RT-A
2/0/2
2/5 2/0/6
RT-D Group1- RT-A
CX600- RT-C, RT-D
Group2- RT-C
C7609-RT-A
Group3- RT-D
AS 65001
AS 65000
Summary IP-192.168.0.0/16
Summary IP-10.0.0.0/8
RT-A
RT-C
Lo- 192.168.255.12/32
Lo- 10.0.255.11/32
2/4 -192.168.1.1/30
1/0/4 -192.168.1.2/30
2/5 - 192.168.2.1/30
1/0/2 -20.0.0.1/24 RT-D Lo- 10.0.255.21/32 2/0/2 -20.0.0.2/24 2/0/6 -192.168.2.2/30
1
Configuration Roadmap The configuration roadmap is as follows: 1.
Configure the EBGP connections between RT-A and RT-C, as well as between RT-A and RT-D.
2.
Configure the IBGP connections between RT-C and RT-D
3.
Configure the load balancing on RT-A and MED value RT-C, and check the routing information.
Configuration Procedure Step 1 1.
Clear the Configuration
2.
Change the hostname or sysname
3.
Configure the IP address for each interface
Step 2 Configure BGP. # Configure RT-A. RT-A(config)#router bgp 65001 RT-A(config-router)#neighbor 10.0.255.11 remote-as 65000 RT-A(config-router)#neighbor 10.0.255.11 update-source loopback0 RT-A(config-router)#neighbor 10.0.255.11 ebgp-multihop 3 RT-A(config)#ip route 10.0.255.11
255.255.255.255
192.168.1.2
RT-A(config-router)#neighbor 10.0.255.21 remote-as 65000 RT-A(config-router)#neighbor 10.0.255.21 update-source loopback0 RT-A(config-router)#neighbor 10.0.255.21 ebgp-multihop 3 RT-A(config)#ip route 10.0.255.21
255.255.255.255
192.168.2.2
# Configure RT-C. [RT-C] bgp 65000 [RT-C-bgp] peer 192.168.255.12 as-number 65001 [RT-C-bgp] peer 192.168.255.12 connect-interface loopback0 [RT-C-bgp] peer 192.168.255.12 ebgp-max-hop 3 [RT-C]ip route-static 192.168.255.12
32
192.168.1.1
[RT-C-bgp] peer 20.0.0.2 as-number 65000 [RT-C-bgp] ipv4-family unicast [RT-C-bgp-af-ipv4] network 20.0.0.0 255.255.255.0
# Configure RT-D. [RT-D] bgp 65000 [RT-D-bgp] peer 192.168.255.12 as-number 65001 [RT-D-bgp] peer 192.168.255.12 connect-interface loopback0
2
[RT-D-bgp] peer 192.168.255.12 ebgp-max-hop 3 [RT-D]ip route-static 192.168.255.12
32
192.168.2.1
[RT-D-bgp] peer 20.0.0.1 as-number 65000 [RT-D-bgp] ipv4-family unicast [RT-D-bgp-af-ipv4] network 20.0.0.0 255.255.255.0
# Display the connection status of the BGP peers. [CX] display bgp peer Cisco# show bgp neighbor It should be established
# Display the routing table of RT-A. RT-A# show ip route bgp
Gateway of last resort is not set 20.0.0.0/30 is subnetted, 1 subnets B
20.0.0.0 [20/0] via 10.0.255.11, 00:04:00
RT-A#sh ip bgp 20.0.0.0 255.255.255.0 subnets
BGP table version is 45, local router ID is 192.168.255.12 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete
* *>
Network
Next Hop
20.0.0.0/24
10.0.255.21
Metric LocPrf Weight Path 0
0 65000 i
10.0.255.11
0
0 65000 i
As displayed in the routing table, there are two valid routes to the destination 20.0.0.0/24. The route whose next hop is 10.0.255.11 is the optimum route. This is because the Router ID of RT-C is smaller.
3
Step 3 Configure load balancing. # Configure RT-A RT-A(config)#router bgp 65001 RT-A(config-router)#address-family ipv4 RT-A(config-router-af)#maximum-paths 2
Additional info: Huawei commands [CX-A] bgp 65001 [CX-A-bgp] ipv4-family unicast [CX-A-bgp-af-ipv4] maximum load-balancing 2
# Display the routing table of RT-A RT-A# show ip route bgp Gateway of last resort is not set 20.0.0.0/24 is subnetted, 1 subnets B
20.0.0.0 [20/0] via 10.0.255.21, 00:00:17 [20/0] via 10.0.255.11, 00:00:17
As displayed in the routing table, BGP route 20.0.0.0/24 has two next hops. They are 10.0.255.11 and 10.0.255.21. Both of them are optimum routes.
4
Step 4 Configure MED attributes. # Set the default value of MED sent by RT-C to RT-A by using the policy. [RT-C] route-policy 10 permit node 10 [RT-C -route-policy] apply cost 100 [RT-C] bgp 65000 [RT-C -bgp] peer 192.168.255.12 route-policy 10 export
# Display the routing table of RT-A RT-A# show ip route bgp RT-A#sh ip bgp 20.0.0.0 255.255.255.0 subnets BGP table version is 49, local router ID is 192.168.255.12 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network
Next Hop
Metric LocPrf Weight Path
*> 20.0.0.0/24
10.0.255.21
0
0 65000 i
*
10.0.255.11
100
0 65000 i
As displayed in the routing table, the MED of the next hop 10.0.255.11 (RT-C) is 100, and that of the next hop 10.0.255.21 is 0. Therefore, the route with the smaller MED is selected.
5
Lab6- Basic MPLS Configuration
SW-C Ge 0/0/1
RT-C
1/0/6 1/0/2 2/0/2
2/2 1/1
RT-A
1/3
2/0/4
RT-B RT-D
2/3 Ge 0/1
SW-A CX600- RT-C, RT-D C7609-RT-A, RT-B C3400 – SW-A
Group1- RT-A, SW-A Group2- RT-B, RT-D Group3- RT-C, SW-C
CX200D – SW-C
Summary IP-10.0.0.0/8
RT-C
RT-A
Lo- 10.0.255.31/32
Lo- 10.0.255.11/32
1/0/2 -10.0.3.2/30
2/2 -10.0.1.1/30
1/0/6 –switchport (100.0.2.0/24)
2/3 –switchport (100.0.1.0/24)
RT-D
RT-B
Lo- 10.0.255.41/32
Lo- 10.0.255.21/32
2/0/4 -10.0.2.2/30
1/1 -10.0.1.2/30
2/0/2 -10.0.3.1/30
1/3 -10.0.2.1/30
1
Configuration Procedure Step 1 1.
Clear the Configuration
2.
Change the hostname or sysname
3.
Configure the IP address for each interface Interface loopback0 Ip address 10.0.255.11
255.255.255.255
Interface gigabitethernet 1/0/4 Ip address 10.0.1.1 255.255.255.252 No shut/undo shut Negotiation auto (on CX port, if it is connected to Cisco)
Step 2 Configure OSPF RT-A(config)# router ospf 100 RT-A(config-router)# network 10.0.255.11 RT-A(config-router)# network 10.0.0.0 RT-A(config-router)# network 100.0.1.0
0.0.0.0
area 0
0.255.255.255 0.0.0.255
area 0
area 0
RT-B(config)# router ospf 100 RT-B(config-router)# network 10.0.255.21 RT-B(config-router)# network 10.0.0.0
0.0.0.0
area 0
0.255.255.255
area 0
[RT-C]ospf 100 [RT-C-ospf-100]area 0 [RT-C-ospf-100-area-0.0.0.0]network 10.0.255.31 [RT-C-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
[RT-C-ospf-100-area-0.0.0.0]network 100.0.2.0
0.0.0.255
[RT-D]ospf 100 [RT-D-ospf-100]area 0 [RT-D-ospf-100-area-0.0.0.0]network 10.0.255.41 [RT-D-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
2
Step 3 Configure SW-A & RT-A for 100.0.1.0/24. Switch(config-if)# switchport mode trunk Switch(config-if)#switchport trunk allow vlan all Switch(config-if)#no shut Switch(config)# vlan 100 Switch(config)# interface vlan 100 Switch(config-if)#ip address 100.0.1.2
255.255.255.0
Switch(config-if)#no shut Switch(config)#ip default-gateway
100.0.1.1
RT-A(config-if)#switchport RT-A(config-if)#switchport trunk encaspulation dot1q RT-A(config-if)#switchport mode trunk RT-A(config-if)#switchport trunk allow vlan all RT-A(config-if)#no shut RT-A(config)#vlan 100 RT-A(config)#interface vlan 100 RT-A(config-if)#ip address 100.0.1.1
255.255.255.0
RT-A(config-if)#no shut
Step 4 Configure SW-C & RT-C for 100.0.2.0/24. [SW-C-gigabitethernet0/0/1]port link-type trunk [SW-C-gigabitethernet0/0/1]port trunk allow-pass vlan all [SW-C-gigabitethernet0/0/1]bpdu enable [SW-C-gigabitethernet0/0/1]undo shut [SW-C ]vlan 100 [SW-C ]interface vlan 100 [SW-C-vlanif100]ip address 100.0.2.2
255.255.255.0
[SW-C-vlanif100]undo shut [SW-C]ip route-static 0.0.0.0
0
vlanif 100
[RT-C-GigabitEthernet1/0/6]portswitch [RT-C-GigabitEthernet1/0/6]port link-type trunk [RT-C-GigabitEthernet1/0/6]port trunk allow-pass vlan all [RT-C-GigabitEthernet1/0/6]undo shut [RT-C]vlan 100 [RT-C]interface Vlanif 100 [RT-C-Vlan127]ip address 100.0.2.1
255.255.255.0
3
Step 5 Configure MPLS z
Configure RTA: RT-A(config)#mpls ip RT-A(config)#mpls ldp router-id Loopback0 force RT-A(config-if)#mpls ip RT-A(config-if)#mpls lable protocol ldp
z
Configure RTB: RT-B(config)#mpls ip RT-B(config)#mpls ldp router-id Loopback0 force RT-B(config-if)#mpls ip RT-B(config-if)#mpls lable protocol ldp RT-B(config-if)#mpls ip RT-B(config-if)#mpls lable protocol ldp
z
Configure RTC: [RT-C]mpls lsr-id 10.0.255.31 [RT-C]mpls [RT-C-mpls]lsp-trigger all [RT-C]mpls ldp [RT-C-gigabitethernet1/0/2]mpls [RT-C-gigabitethernet1/0/2]mpls ldp
z
Configure RTD: [RT-D]mpls lsr-id 10.0.255.41 [RT-D]mpls [RT-D-mpls]lsp-trigger all [RT-D]mpls ldp [RT-D-gigabitethernet2/0/2]mpls [RT-D-gigabitethernet2/0/2]mpls ldp [RT-D-gigabitethernet2/0/4]mpls [RT-D-gigabitethernet2/0/4]mpls ldp
4
Check: 1)
View the interface on which the LDP runs: RT-B>show mpls interfaces Interface
IP
Tunnel
BGP
GigabitEthernet1/1
Yes (ldp)
No
No
No
GigabitEthernet1/3
Yes (ldp)
No
No
No
Static Operational Yes Yes
[RT-D]display mpls ldp interface LDP Interface Information in Public Network -----------------------------------------------------------------------------IF-Name
Status
LAM
Transport-Address
Hello-Sent/Rcv
-----------------------------------------------------------------------------GE2/0/2
Active
DU
10.0.255.41
316/314
GE2/0/4
Active
DU
10.0.255.41
312/354
-----------------------------------------------------------------------------LAM: Label Advertisement Mode
2)
IF-Name: Interface name
View the established LDP Session:
RT-B>show mpls ldp neighbor Peer LDP Ident: 10.0.255.11:0; Local LDP Ident 10.0.255.21:0 TCP connection: 10.0.255.11.646 - 10.0.255.21.11000 State: Oper; Msgs sent/rcvd: 84/82; Downstream Up time: 01:02:42 LDP discovery sources: GigabitEthernet1/1, Src IP addr: 10.0.1.1 Addresses bound to peer LDP Ident: 100.0.1.1
10.0.255.11
10.0.1.1
Peer LDP Ident: 10.0.255.41:0; Local LDP Ident 10.0.255.21:0 TCP connection: 10.0.255.41.52580 - 10.0.255.21.646 State: Oper; Msgs sent/rcvd: 153/129; Downstream Up time: 00:30:44 LDP discovery sources: GigabitEthernet1/3, Src IP addr: 10.0.2.2 Addresses bound to peer LDP Ident: 10.0.3.1
10.0.2.2
10.0.255.41
5
[RT-D]display mpls ldp peer LDP Peer Information in Public network -----------------------------------------------------------------------------Peer-ID
Transport-Address
Discovery-Source
-----------------------------------------------------------------------------10.0.255.31:0
10.0.255.31
GigabitEthernet2/0/2
10.0.255.21:0
10.0.255.21
GigabitEthernet2/0/4
-----------------------------------------------------------------------------TOTAL: 2 Peer(s) Found.
3)
Take FEC:100.0.2.0/24 for example to view the label switching in the whole forwarding process: View the MPLS LSP of RT-A: RT-A#show mpls forwarding-table
Local
Outgoing
Prefix
Bytes Label
Outgoing
Label
Label or VC
or Tunnel Id
Switched
interface
16
Pop Label
10.0.255.21/32
0
Gi2/2
10.0.1.2
17
Pop Label
10.0.2.0/30
0
Gi2/2
10.0.1.2
18
18
19
19
10.0.255.41/32
0
Gi2/2
10.0.1.2
20
20
10.0.255.31/32
0
Gi2/2
10.0.1.2
21
21
100.0.2.0/24
0
Gi2/2
10.0.1.2
10.0.3.0/30
0
Gi2/2
Next Hop
10.0.1.2
On RT-A, the outbound label to 100.0.2.0/24 is 21. View the MPLS LSP of RT-B:
6
RT-B#show mpls forwarding-table
Local
Outgoing
Prefix
Label
Label or VC
or Tunnel Id
16
Pop Label
10.0.255.11/32
17
Pop Label
100.0.1.0/24
18
Pop Label
19
Bytes Label Switched 0
Outgoing
Next Hop
interface Gi1/1
10.0.1.1
0
Gi1/1
10.0.1.1
10.0.3.0/30
0
Gi1/3
10.0.2.2
Pop Label
10.0.255.41/32
0
Gi1/3
10.0.2.2
20
1029
10.0.255.31/32
0
Gi1/3
10.0.2.2
21
1028
100.0.2.0/24
0
Gi1/3
10.0.2.2
On RT-B, inbound labels being 21 are switched to 1028. On RT-D, view the MPLS LSP:
[RT-D]display mpls lsp ------------------------------------------------------------------------------LSP Information: LDP LSP ------------------------------------------------------------------------------FEC
In/Out Label
In/Out IF
10.0.2.0/30
3/NULL
-/-
10.0.255.41/32
3/NULL
-/-
100.0.2.0/24
NULL/3
-/GE2/0/2
10.0.255.31/32
NULL/3
-/GE2/0/2
10.0.255.31/32
1029/3
-/GE2/0/2
100.0.2.0/24
1028/3
-/GE2/0/2
10.0.1.0/30
1024/3
-/GE2/0/4
10.0.1.0/30
NULL/3
-/GE2/0/4
10.0.255.11/32
1026/16
-/GE2/0/4
10.0.255.11/32
NULL/16
-/GE2/0/4
10.0.255.21/32
1027/3
-/GE2/0/4
10.0.255.21/32
NULL/3
-/GE2/0/4
100.0.1.0/24
1025/17
-/GE2/0/4
100.0.1.0/24
NULL/17
-/GE2/0/4
7
Vrf Name
10.0.3.0/30
3/NULL
-/-
Outbound label of the packet with inbound label 1028 is 3. It indicates that RT-D is the penultimate hop and thus needs to pop off the label and send the IP data packet to the last hop, RT-C, directly.
[RT-C]display mpls lsp ------------------------------------------------------------------------------LSP Information: LDP LSP ------------------------------------------------------------------------------FEC
In/Out Label
In/Out IF
10.0.2.0/30
NULL/3
-/GE1/0/2
10.0.255.41/32
NULL/3
-/GE1/0/2
10.0.1.0/30
NULL/1024
-/GE1/0/2
100.0.1.0/24
NULL/1025
-/GE1/0/2
10.0.255.11/32
NULL/1026
-/GE1/0/2
10.0.255.21/32
NULL/1027
-/GE1/0/2
100.0.2.0/24
3/NULL
-/-
10.0.255.31/32
3/NULL
-/-
Vrf Name
Labels allocated by RT-C to RT-D are specially 3, which indicates that RT-C is the last hop. The MPLS LSP forwarding process for other FECs is similar.
8
Lab7 - L3 VPN (Switchport is assigned to customer)
SW-C
Ge 0/0/9
Ge 0/0/1
PC-C
RT-C
1/0/6 1/0/2 2/0/2
2/2 1/1
RT-A
1/3 RT-B
RT-D
2/3
Ge 0/9
2/0/4
Ge 0/1 SW-A
CX600- RT-C, RT-D C7609-RT-A, RT-B PC-A
C3400 – SW-A
Group1- RT-B, RT-D Group2- RT-A, SW-A Group3- RT-C, SW-C
CX200D – SW-C
As65000
RT-C
Summary IP-10.0.0.0/8
Lo- 10.0.255.31/32
RT-A
1/0/2 -10.0.3.2/30
Lo- 10.0.255.11/32
1/0/6 –switchport (100.0.2.0/24)
2/2 -10.0.1.1/30
RT-D
2/3 –switchport (100.0.1.0/24)
Lo- 10.0.255.41/32
RT-B
2/0/4 -10.0.2.2/30
Lo- 10.0.255.21/32
2/0/2 -10.0.3.1/30
1/1 -10.0.1.2/30 1/3 -10.0.2.1/30
1
Configuration Roadmap The configuration roadmap is as follows: 1.
Configure OSPF between PEs to implement interworking.
2.
Configure the basic MPLS functions and MPLS LDP
3.
Configure the VPN instance on the PE connected with the CE in the backbone network, bind the PE interface connected with the CE to the corresponding VPN instance, and then reconfigure the IP address for the PE interface connected with the CE.
4.
Configure MP IBGP to exchange the VPN routing information between the PEs.
5.
Configure CEs and PEs to exchange VPN routes by using direct connection, static routes, OSPF, or EBGP.
RD= PE loopback IP: 1 RT=100:1 (every site can talk to any other site)
1. 2. 3. 4. 5. 6. 7. 8.
Configure IP address Enable OSPF Enable MPLS Enable LDP Create VRF + RD + RT Bind interface to VRF iBGP between PE Redistribute static into BGP
2
Configuration Procedure Step 1 1.
Clear the Configuration
2.
Change the hostname or sysname
3.
Configure the IP address for each interface Interface loopback0 Ip address 10.0.255.11
255.255.255.255
Interface gigabitethernet 1/0/4 Ip address 10.0.1.1 255.255.255.252 No shut/undo shut Negotiation auto (on CX port, if it is connected to Cisco) Step 2 Configure OSPF in MPLS Backbone RT-A(config)# router ospf 100 RT-A(config-router)# network 10.0.255.11 RT-A(config-router)# network 10.0.0.0
0.0.0.0
area 0
0.255.255.255
area 0
RT-B(config)# router ospf 100 RT-B(config-router)# network 10.0.255.21 RT-B(config-router)# network 10.0.0.0
0.0.0.0
area 0
0.255.255.255
area 0
[RT-D]ospf 100 [RT-D-ospf-100]area 0 [RT-D-ospf-100-area-0.0.0.0]network 10.0.255.41 [RT-D-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
[RT-C]ospf 100 [RT-C-ospf-100]area 0 [RT-C-ospf-100-area-0.0.0.0]network 10.0.255.31 [RT-C-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
3
After the configuration, the OSPF neighbor relationship should be established between RT-A, RT-B, RT-D and RT-C. After running the show ip ospf neighbor & display ospf peer command, you can find that the OSPF neighbor relationship is in Full state. Run the show ip routing-table & display ip routing-table command on the PE (RT-A, RT-C), and you can view the Loopback0 routes imported from the peer. RT-A# show ip ospf neighbor [RT-C] display ospf peer RT-A# show ip routing-table [RT-C] display ip routing-table
Step 3 Configure basic MPLS functions and MPLS LDP on the MPLS backbone network to setup LDP LSP.
z
Configure RTA: RT-A(config)#mpls ip RT-A(config)#mpls ldp router-id Loopback0 force RT-A(config-if)#mpls ip RT-A(config-if)#mpls label protocol ldp
z
Configure RTB: RT-B(config)#mpls ip RT-B(config)#mpls ldp router-id Loopback0 force RT-B(config-if)#mpls ip RT-B(config-if)#mpls label protocol ldp RT-B(config-if)#mpls ip RT-B(config-if)#mpls label protocol ldp
z
Configure RTD: [RT-D]mpls lsr-id 10.0.255.41 [RT-D]mpls [RT-D-mpls]lsp-trigger all [RT-D]mpls ldp [RT-D-gigabitethernet2/0/2]mpls [RT-D-gigabitethernet2/0/2]mpls ldp [RT-D-gigabitethernet2/0/4]mpls [RT-D-gigabitethernet2/0/4]mpls ldp
4
z
Configure RTC: [RT-C]mpls lsr-id 10.0.255.31 [RT-C]mpls [RT-C-mpls]lsp-trigger all [RT-C]mpls ldp [RT-C-gigabitethernet1/0/2]mpls [RT-C-gigabitethernet1/0/2]mpls ldp
After the configuration, LDP sessions are set up between RT-A, RT-B, RT-D and RT-C. After running following commands on the devices, you can find the status of the session is "Operational" in the display result. Run the display mpls ldp lsp command, and view the state of the LDP LSP. RT-A>show mpls ldp neighbor [RT-C] display mpls ldp session [RT-C]display mpls ldp peer
RT-A#show mpls forwarding-table [RT-C] display mpls ldp lsp [RT-C]display mpls lsp
Step 4 Configure SW-A & RT-A for 100.0.1.0/24. RT-A(config-if)#switchport RT-A(config-if)#switchport trunk encaspulation dot1q RT-A(config-if)#switchport mode trunk RT-A(config-if)#switchport trunk allowed vlan all RT-A(config-if)#no shut RT-A(config)#vlan 100 SW-A(config-if)# switchport mode trunk SW-A(config-if)#switchport trunk allow vlan all SW-A(config-if)#no shut SW-A(config)# vlan 100 SW-A(config)# interface fastEthernet 0/9 SW-A(config-if)#switchport access vlan 100 SW-A(config-if)#port-type nni SW-A(config-if)#no shut
5
PC-A:- On the second interface card give following IP IP- 100.0.1.2 Mask-255.255.255.0 Gateway-100.0.1.1 On Command prompt add folowing route Route add 100.0.2.0 mask 255.255.255.0 100.0.1.1 metric 1
Step 5 Configure SW-C & RT-C for 100.0.2.0/24. [RT-C-GigabitEthernet1/0/6]portswitch [RT-C-GigabitEthernet1/0/6]port link-type trunk [RT-C-GigabitEthernet1/0/6]port trunk allow-pass vlan all [RT-C-GigabitEthernet1/0/6]undo shut [RT-C]vlan 100 [SW-C-gigabitethernet0/0/1]port link-type trunk [SW-C-gigabitethernet0/0/1]port trunk allow-pass vlan all [SW-C-gigabitethernet0/0/1]bpdu enable [SW-C-gigabitethernet0/0/1]undo shut [SW-C ]vlan 100 [SW-C ]interface Ethernet 0/0/9 [SW-C-ethernet0/0/9]port link-type access [SW-C-ethernet0/0/9]port default vlan 100 [SW-C-ethernet0/0/9]undo shut PC-C:- On the second interface card give following IP IP- 100.0.2.2 Mask-255.255.255.0 Gateway-100.0.2.1 On Command prompt add folowing route Route add 100.0.1.0 mask 255.255.255.0 100.0.2.1 metric 1
Step 6 Configure VPN instances on PEs (RT-A & RT-C) and bind the instance to the interfaces of CEs.
# Configure RT-A (PE1). RT-A(config)# ip vrf vpna RT-A(config-vrf)# rd 100: 1 RT-A(config-vrf)# route-target export 111:1 RT-A(config-vrf)# route-target import 111:1 RT-A(config)# interface vlan 100 RT-A(config-if)# ip vrf forwarding vpna RT-A(config-if)# ip address 100.0.1.1 255.255.255.0 RT-A(config-if)#no shut
6
# Configure RT-C (PE2). [RT-C] ip vpn-instance vpna [RT-C-vpn-instance-vpna] route-distinguisher 200:1 [Rt-C-vpn-instance-vpna] vpn-target 111:1 both [RT-C] interface vlanif 100 [RT-C-vlanif100] ip binding vpn-instance vpna [RT-C-vlanif100]ip address 100.0.2.1 24 [RT-C-vlanif100]undo shut
After the configuration, view the configuration of VPN instances by running following commands on the PEs. The PE can ping through its own CE. RT-A# show ip vrf RT-A#show ip route vrf vpna [RT-C] display ip vpn-instance [RT-C] display ip vpn-instance verbose [RT-C] display ip routing-table vpn-instance vpna RT-A# ping vrf vpna 100.0.1.1 RT-A# ping vrf vpna 100.0.1.2 [RT-C] ping -vpn-instance vpna 100.0.2.1 [RT-C] ping -vpn-instance vpna 100.0.2.2
Step 7 Establish MP-IBGP peering between the PEs (RT-A & RT-C). # Configure RT-A. RT-A(config)#router bgp 65000 RT-A(config-router)# neighbor 10.0.255.31 remote-as 65000 RT-A(config-router)# neighbor 10.0.255.31 update-source loopback0 RT-A(config-router)# address-family vpnv4 RT-A(config-router-af)# neighbor 10.0.255.31 activate RT-A(config-router)# address-family ipv4 vrf vpna RT-A(config-router-af)# redistributed connected
# Configure RT-C. [RT-C] bgp 65000 [RT-C-bgp] peer 10.0.255.11 as-number 65000 [RT-C-bgp] peer 10.0.255.11 connect-interface loopback 0 [RT-C-bgp] ipv4-family vpnv4 [RT-C-bgp-af-vpnv4] peer 10.0.255.11 enable
7
[RT-C-bgp] ipv4-family vpn-instance vpna [RT-C-bgp-vpna] import-route direct
After the configuration, you can find that the BGP peer relationship has been set up between PE1 and PE2 by running the following commands
RT-A#sh bgp neig
BGP neighbor is 10.0.255.31, remote AS 65000, internal link BGP version 4, remote router ID 10.0.255.31 BGP state = Established, up for 00:27:17 Last read 00:00:47, last write 00:00:32, hold time is 180, keepalive interval is 60 seconds Neighbor sessions: 1 active, is not multisession capable Neighbor capabilities: Route refresh: advertised and received(new) Address family IPv4 Unicast: advertised and received Address family VPNv4 Unicast: advertised and received Message statistics: InQ depth is 0 OutQ depth is 0 Sent Opens:
Rcvd 1
Notifications:
1 0
0
Updates:
2
Keepalives:
28
Route Refresh: Total:
1 32
0 31
0 34
Default minimum time between advertisement runs is 0 seconds
8
RT-A#show bgp vpnv4 unicast vrf vpna
BGP table version is 5, local router ID is 10.0.255.11 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf vpna) *> 100.0.1.0/24
0.0.0.0
0
*>i100.0.2.0/24
10.0.255.31
32768 ? 0
100
0?
[RT-C]display bgp peer
BGP local router ID : 10.0.255.31 Local AS number : 65000 Total number of peers : 1
Peer
10.0.255.11
Peers in established state : 1
V AS MsgRcvd MsgSent OutQ Up/Down
4 65000
42
52
State PrefRcv
0 00:15:53 Established
0
[RT-C]display bgp vpnv4 all peer
BGP local router ID : 10.0.255.31 Local AS number : 65000 Total number of peers : 1
Peer
10.0.255.11
Peers in established state : 1
V AS MsgRcvd MsgSent OutQ Up/Down
4 65000
42
53
State PrefRcv
0 00:16:20 Established 9
1
Check:
Find the route to peer CEs(PC-A & PC-C).
RT-A# show ip route vrf vpna
Routing Table: vpna Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
100.0.0.0/8 is variably subnetted, 3 subnets, 2 masks C
100.0.1.0/24 is directly connected, Vlan100
L
100.0.1.1/32 is directly connected, Vlan100
B
100.0.2.0/24 [200/0] via 10.0.255.31, 00:32:38
[RT-C]display ip routing-table vpn-instance vpna
Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpna Destinations : 7
Destination/Mask
Routes : 7
Proto Pre Cost
Flags NextHop 10
Interface
100.0.1.0/24 BGP 255 0
RD 10.0.255.11
GigabitEthernet1/0/2
100.0.2.0/24 Direct 0 0
D 100.0.2.1
Vlanif100
100.0.2.1/32 Direct 0 0
D 127.0.0.1
InLoopBack0
100.0.2.2/32 Direct 0 0
D 100.0.2.2
Vlanif100
100.0.2.3/32 Direct 0 0
D 100.0.2.3
Vlanif100
100.0.2.255/32 Direct 0
0
255.255.255.255/32 Direct 0
D 127.0.0.1 0
D 127.0.0.1
InLoopBack0 InLoopBack0
The CEs (PC-A & PC-C) in the same VPN can ping through each other PC-A> ping 100.0.2.2 PC-C> ping 100.0.1.2
You can also ping from PEs VRF
RT-A#ping vrf vpna 100.0.2.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 100.0.2.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
RT-A#ping vrf vpna 100.0.2.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 100.0.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
[RT-C]ping -vpn-instance vpna 100.0.1.1 11
PING 100.0.1.1: 56 data bytes, press CTRL_C to break Reply from 100.0.1.1: bytes=56 Sequence=1 ttl=253 time=1 ms Reply from 100.0.1.1: bytes=56 Sequence=2 ttl=253 time=1 ms Reply from 100.0.1.1: bytes=56 Sequence=3 ttl=253 time=1 ms Reply from 100.0.1.1: bytes=56 Sequence=4 ttl=253 time=1 ms Reply from 100.0.1.1: bytes=56 Sequence=5 ttl=253 time=1 ms
--- 100.0.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms
[RT-C]ping -vpn-instance vpna 100.0.1.2
PING 100.0.1.2: 56 data bytes, press CTRL_C to break Reply from 100.0.1.2: bytes=56 Sequence=1 ttl=125 time=1 ms Reply from 100.0.1.2: bytes=56 Sequence=2 ttl=125 time=1 ms Reply from 100.0.1.2: bytes=56 Sequence=3 ttl=125 time=1 ms Reply from 100.0.1.2: bytes=56 Sequence=4 ttl=125 time=1 ms Reply from 100.0.1.2: bytes=56 Sequence=5 ttl=125 time=1 ms
--- 100.0.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms
12
1)
View the interface on which the LDP runs:
RT-A#show mpls interfaces
Interface
IP
GigabitEthernet2/2
Tunnel BGP Static Operational Yes (ldp)
No
No No
Yes
[RT-C]display mpls ldp interface
LDP Interface Information in Public Network -----------------------------------------------------------------------------IF-Name
Status
LAM Transport-Address Hello-Sent/Rcv
-----------------------------------------------------------------------------GE1/0/2
Active
DU 10.0.255.31
16551/16529
-----------------------------------------------------------------------------LAM: Label Advertisement Mode
2)
IF-Name: Interface name
View the established LDP Session:
RT-A#show mpls ldp neighbor
Peer LDP Ident: 10.0.255.21:0; Local LDP Ident 10.0.255.11:0 TCP connection: 10.0.255.21.11000 - 10.0.255.11.646 State: Oper; Msgs sent/rcvd: 1615/1610; Downstream Up time: 23:18:53 LDP discovery sources: GigabitEthernet2/2, Src IP addr: 10.0.1.2 Addresses bound to peer LDP Ident: 10.0.1.2
10.0.2.1
10.0.255.21
13
[RT-C]display mpls ldp peer
LDP Peer Information in Public network -----------------------------------------------------------------------------Peer-ID
Transport-Address Discovery-Source
-----------------------------------------------------------------------------10.0.255.41:0
10.0.255.41
GigabitEthernet1/0/2
-----------------------------------------------------------------------------TOTAL: 1 Peer(s) Found.
3)
To view the label switching in the whole forwarding process: View the MPLS LSP of RT-A:
RT-A#show mpls forwarding-table
Local Outgoing
Prefix
Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id 10.0.2.0/30
Switched
16
Pop Label
17
16
18
Pop Label
19
18
10.0.255.31/32 0
Gi2/2
10.0.1.2
20
19
10.0.255.41/32 0
Gi2/2
10.0.1.2
21
Pop Label
10.0.3.0/30
0
interface
Gi2/2
0
Gi2/2
10.0.255.21/32 0
IPv4 VRF[V]
10.0.1.2 10.0.1.2
Gi2/2
1420
10.0.1.2
aggregate/vpna
On RT-A, the outbound label to PE2 is 18. View the MPLS LSP of RT-B:
14
RT-B#sh mpls forwarding-table
Local Outgoing
Prefix
Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id 16
Pop Label
10.0.3.0/30
17
Pop Label
10.0.255.11/32
18
1027
19
Pop Label
Switched 490
10.0.255.31/32
Gi1/3
464681
10.0.2.2
Gi1/1
486060
10.0.255.41/32 0
interface
Gi1/3 Gi1/3
10.0.1.1 10.0.2.2 10.0.2.2
On RT-B, inbound label being 18 are switched to 1027. On RT-D, view the MPLS LSP:
[RT-D]display mpls lsp ------------------------------------------------------------------------------LSP Information: LDP LSP ------------------------------------------------------------------------------FEC
In/Out Label In/Out IF
10.0.255.41/32 10.0.2.0/30
3/NULL 3/NULL
10.0.255.31/32
NULL/3
10.0.255.31/32
1027/3
10.0.1.0/30
1024/3
10.0.1.0/30
NULL/3
10.0.255.11/32
1026/17
10.0.255.11/32
NULL/17
10.0.255.21/32
1025/3
10.0.255.21/32
NULL/3
10.0.3.0/30
3/NULL
Vrf Name
-/-/-/GE2/0/2 -/GE2/0/2 -/GE2/0/4 -/GE2/0/4 -/GE2/0/4 -/GE2/0/4 -/GE2/0/4 -/GE2/0/4 -/-
Outbound label of the packet with inbound label 1027 is 3. It indicates that RT-D is the penultimate hop and thus needs to pop off the label
15
[RT-C]display mpls lsp ------------------------------------------------------------------------------LSP Information: BGP LSP ------------------------------------------------------------------------------FEC
In/Out Label
100.0.2.0/24
In/Out IF
115712/NULL
Vrf Name
-/-
vpna
------------------------------------------------------------------------------LSP Information: LDP LSP ------------------------------------------------------------------------------FEC
In/Out Label In/Out IF
10.0.255.31/32
3/NULL
-/-
10.0.255.41/32
NULL/3
-/GE1/0/2
10.0.2.0/30
NULL/3
10.0.1.0/30
NULL/1024
Vrf Name
-/GE1/0/2 -/GE1/0/2
10.0.255.21/32
NULL/1025
-/GE1/0/2
10.0.255.11/32
NULL/1026
-/GE1/0/2
Labels allocated by RT-C to RT-D are specially 3, which indicates that RT-C is the last hop. The MPLS LSP forwarding process for other FECs is similar.
16
Lab 8- L3 VPN (Router port is given to customer) RT-E
1/0/4
1/0/8 RT-C 1/0/2 2/0/2
2/2 1/1
RT-A
1/3
2/0/4
RT-B RT-D
2/1
1/1 Group1- RT-A, RT-F Group2- RT-B, RT-D
RT-F CX600- RT-C, RT-D, RT-E
Group3- RT-C, RT-E
C7609-RT-A, RT-B, RT-F
RT-A
RT-C
RT-E
Lo- 10.0.255.11/32
Lo- 10.0.255.31/32
Lo- 100.0.255.1/32
2/2 -10.0.1.1/30
1/0/2 -10.0.3.2/30
1/0/4 –100.0.2.2/24
2/1 –100.0.1.1/24
1/0/8 –100.0.2.1/24
RT-F
RT-B
RT-D
Lo- 100.0.255.2/32
Lo- 10.0.255.21/32
Lo- 10.0.255.41/32
1/1 -100.0.1.2/24
1/1 -10.0.1.2/30
2/0/4 -10.0.2.2/30
1/3 -10.0.2.1/30
2/0/2 -10.0.3.1/30
1
Configuration Roadmap RD= PE loopback IP: 1 RT=100:1 (every site can talk to any other site)
1. 2. 3. 4. 5. 6. 7. 8.
Configure IP address Enable OSPF Enable MPLS Enable LDP Create VRF + RD + RT Bind interface to VRF iBGP between PE Redistribute connected into BGP
Configuration Procedure Step 1 1.
Clear the Configuration
2.
Change the hostname or sysname
3.
Configure the IP address for each interface Interface loopback0 Ip address 10.0.255.11
255.255.255.255
Interface gigabitethernet 1/0/4 Ip address 10.0.1.1 255.255.255.252 No shut/undo shut Negotiation auto (on CX port, if it is connected to Cisco) Step 2 Configure OSPF in MPLS Backbone RT-A(config)# router ospf 100 RT-A(config-router)# network 10.0.255.11 RT-A(config-router)# network 10.0.0.0
0.0.0.0
area 0
0.255.255.255
area 0
RT-B(config)# router ospf 100 RT-B(config-router)# network 10.0.255.21 RT-B(config-router)# network 10.0.0.0
0.0.0.0
area 0
0.255.255.255
2
area 0
[RT-D]ospf 100 [RT-D-ospf-100]area 0 [RT-D-ospf-100-area-0.0.0.0]network 10.0.255.41 [RT-D-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
[RT-C]ospf 100 [RT-C-ospf-100]area 0 [RT-C-ospf-100-area-0.0.0.0]network 10.0.255.31 [RT-C-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
After the configuration, the OSPF neighbor relationship should be established between RT-A, RT-B, RT-D and RT-C. After running the show ip ospf neighbor & display ospf peer command, you can find that the OSPF neighbor relationship is in Full state. Run the show ip routing-table & display ip routing-table command on the PE (RT-A, RT-C), and you can view the Loopback0 routes imported from the peer. RT-A# show ip ospf neighbor [RT-C] display ospf peer RT-A# show ip routing-table [RT-C] display ip routing-table
Step 3 Configure basic MPLS functions and MPLS LDP on the MPLS backbone network to setup LDP LSP. z
Configure RTA: RT-A(config)#mpls ip RT-A(config)#mpls ldp router-id Loopback0 force RT-A(config-if)#mpls ip RT-A(config-if)#mpls label protocol ldp
z
Configure RTB: RT-B(config)#mpls ip RT-B(config)#mpls ldp router-id Loopback0 force RT-B(config-if)#mpls ip RT-B(config-if)#mpls label protocol ldp RT-B(config-if)#mpls ip RT-B(config-if)#mpls label protocol ldp
z
Configure RTD: [RT-D]mpls lsr-id 10.0.255.41 [RT-D]mpls [RT-D-mpls]lsp-trigger all [RT-D]mpls ldp [RT-D-gigabitethernet2/0/2]mpls
3
[RT-D-gigabitethernet2/0/2]mpls ldp [RT-D-gigabitethernet2/0/4]mpls [RT-D-gigabitethernet2/0/4]mpls ldp
z
Configure RTC: [RT-C]mpls lsr-id 10.0.255.31 [RT-C]mpls [RT-C-mpls]lsp-trigger all [RT-C]mpls ldp [RT-C-gigabitethernet1/0/2]mpls [RT-C-gigabitethernet1/0/2]mpls ldp
After the configuration, LDP sessions are set up between RT-A, RT-B, RT-D and RT-C. After running following commands on the devices, you can find the status of the session is "Operational" in the display result. Run the display mpls ldp lsp command, and view the state of the LDP LSP. RT-A>show mpls ldp neighbor [RT-C] display mpls ldp session [RT-C]display mpls ldp peer
RT-A#show mpls forwarding-table [RT-C] display mpls ldp lsp [RT-C]display mpls lsp
Step 4 Configure VPN instances on PEs (RT-A & RT-C) and bind the instance to the interfaces of CEs. # Configure RT-A (PE1). RT-A(config)# ip vrf vpnb RT-A(config)# rd 100: 2 RT-A(config)# # route-target export 222:2 RT-A(config)# # route-target import 222:2 RT-A(config)# interface gigabitethernet 2/1 RT-A(config-if)# ip vrf forwarding vpnb RT-A(config-if)# ip address 100.0.1.1 255.255.255.0 RT-A(config-if)#no shut
# Configure RT-C (PE2). [RT-C] ip vpn-instance vpnb [RT-C-vpn-instance-vpna] route-distinguisher 200:2 [Rt-C-vpn-instance-vpna] vpn-target 222:2 both [RT-C] interface gigabitethernet 1/0/8 [RT-C-GigabitEthernet1/0/8] ip binding vpn-instance vpnb [RT-C- GigabitEthernet1/0/8]ip address 100.0.2.1 24 [RT-C- GigabitEthernet1/0/8]undo shut
4
Step 5 Configure a routing protocol between the PE and the CE, and import routes to the VPN routing table.
# Configure RT-E. [RT-E] bgp 65400 [RT-E-bgp] peer 100.0.2.1 as-number 65000 [RT-E-bgp] peer 100.0.2.1 ebgp-max-hop 2 [RT-E-bgp] import-route direct
# Configure RT-C. [RT-C] bgp 65000 [RT-C-bgp] ipv4-family vpn-instance vpnb [RT-C-bgp-vpnb] peer 100.0.2.2 as-number 65400 [RT-C-bgp-vpnb] peer 100.0.2.2 ebgp-max-hop 2
# Configure RT-F. RT-F(config)# ip route 0.0.0.0 0.0.0.0 100.0.1.1
After the configuration, view the configuration of VPN instances by running following commands on the PEs. The PE can ping through its own CE. RT-A# show ip vrf RT-A#show ip route vrf vpnb [RT-C] display ip vpn-instance [RT-C] display ip vpn-instance verbose [RT-C] display ip routing-table vpn-instance vpnb RT-A# ping vrf vpnb 100.0.1.1 RT-A# ping vrf vpnb 100.0.1.2 [RT-C] ping -vpn-instance vpnb 100.0.2.1 [RT-C] ping -vpn-instance vpnb 100.0.2.2
Step 6 Establish MP-IBGP peers between the PEs (RT-A & RT-C). # Configure RT-A. RT-A(config)#router bgp 65000 RT-A(config-router)# neighbor 10.0.255.31 remote-as 65000 RT-A(config-router)# neighbor 10.0.255.31 update-source loopback0 RT-A(config-router)# address-family vpnv4 RT-A(config-router-af)# neighbor 10.0.255.31 activate RT-A(config-router)# address-family ipv4 vrf vpnb
5
RT-A(config-router-af)# redistributed connected
# Configure RT-C. [RT-C] bgp 65000 [RT-C-bgp] peer 10.0.255.11 as-number 65000 [RT-C-bgp] peer 10.0.255.11 connect-interface loopback 0 [RT-C-bgp] ipv4-family vpnv4 [RT-C-bgp-af-vpnv4] peer 10.0.255.11 enable [RT-C-bgp] ipv4-family vpn-instance vpnb [RT-C-bgp-vpna] import-route direct
After the configuration, you can find that the BGP peer relationship has been set up between PE1 and PE2 by running the following commands
RT-A#sh bgp nei
BGP neighbor is 10.0.255.31, remote AS 65000, internal link BGP version 4, remote router ID 10.0.255.31 BGP state = Established, up for 05:11:47 Last read 00:00:51, last write 00:00:05, hold time is 180, keepalive interval is 60 seconds Neighbor sessions: 1 active, is not multisession capable Neighbor capabilities: Route refresh: advertised and received(new) Address family IPv4 Unicast: advertised and received Address family VPNv4 Unicast: advertised and received Message statistics: InQ depth is 0 OutQ depth is 0 Sent Opens: Notifications:
Rcvd 1
1 0
Updates:
5
Keepalives:
309
0 9 354 6
Route Refresh: Total:
2 317
1 365
Default minimum time between advertisement runs is 0 seconds
RT-A#show bgp vpnv4 unicast vrf vpnb
BGP table version is 11, local router ID is 10.0.255.11 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
Route Distinguisher: 100:2 (default for vrf vpnb) *> 100.0.1.0/24
0.0.0.0
0
*>i100.0.2.0/24
10.0.255.31
32768 ? 0
*>i100.0.255.1/32 10.0.255.31
0
100 100
0? 0 65400 ?
[RT-C]display bgp peer
BGP local router ID : 10.0.255.31 Local AS number : 65000 Total number of peers : 1
Peer
10.0.255.11
Peers in established state : 1
V AS MsgRcvd MsgSent OutQ Up/Down
4 65000
342
401
State PrefRcv
0 05:15:31 Established
[RT-C]display bgp vpnv4 all peer
BGP local router ID : 10.0.255.31 Local AS number : 65000 Total number of peers : 2
Peers in established state : 2
7
0
Peer
V AS MsgRcvd MsgSent OutQ Up/Down
10.0.255.11
4 65000
343
401
State PrefRcv
0 05:16:00 Established
2
Peer of vpn instance :
vpn instance vpnb : 100.0.2.2
4 65400
42
50
0 00:36:42 Established
2
Check:
Find the route to peer CEs (RT-F & RT-E).
RT-A#show ip route vrf vpnb
Routing Table: vpnb Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
100.0.0.0/8 is variably subnetted, 4 subnets, 2 masks C
100.0.1.0/24 is directly connected, GigabitEthernet2/1
L
100.0.1.1/32 is directly connected, GigabitEthernet2/1
B
100.0.2.0/24 [200/0] via 10.0.255.31, 00:30:56
B
100.0.255.1/32 [200/0] via 10.0.255.31, 00:30:56 8
[RT-C]display ip routing-table vpn-instance vpnb
Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpnb Destinations : 6
Destination/Mask
Routes : 6
Proto Pre Cost
100.0.1.0/24 BGP 255 0
Flags NextHop
RD 10.0.255.11
Interface
GigabitEthernet1/0/2
100.0.2.0/24 Direct 0 0
D 100.0.2.1
GigabitEthernet1/0/8
100.0.2.1/32 Direct 0 0
D 127.0.0.1
InLoopBack0
100.0.2.255/32 Direct 0
0
D 127.0.0.1
100.0.255.1/32 BGP 255 0 255.255.255.255/32 Direct 0
0
RD 100.0.2.2 D 127.0.0.1
InLoopBack0 GigabitEthernet1/0/8 InLoopBack0
The CEs (RT-F & RT-E) in the same VPN can ping through each other RT-F> ping 100.0.2.2 Rt-E> ping 100.0.1.2
You can also ping from PEs VRF
RT-A#ping vrf vpnb 100.0.2.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 100.0.2.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
9
RT-A#ping vrf vpnb 100.0.2.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 100.0.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
[RT-C]ping -vpn-instance vpnb 100.0.1.1
PING 100.0.1.1: 56 data bytes, press CTRL_C to break Reply from 100.0.1.1: bytes=56 Sequence=1 ttl=253 time=2 ms Reply from 100.0.1.1: bytes=56 Sequence=2 ttl=253 time=1 ms Reply from 100.0.1.1: bytes=56 Sequence=3 ttl=253 time=1 ms Reply from 100.0.1.1: bytes=56 Sequence=4 ttl=253 time=1 ms Reply from 100.0.1.1: bytes=56 Sequence=5 ttl=253 time=1 ms
--- 100.0.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/2 ms
[RT-C]ping -vpn-instance vpnb 100.0.1.2
PING 100.0.1.2: 56 data bytes, press CTRL_C to break Reply from 100.0.1.2: bytes=56 Sequence=1 ttl=252 time=1 ms Reply from 100.0.1.2: bytes=56 Sequence=2 ttl=252 time=1 ms Reply from 100.0.1.2: bytes=56 Sequence=3 ttl=252 time=1 ms Reply from 100.0.1.2: bytes=56 Sequence=4 ttl=252 time=1 ms Reply from 100.0.1.2: bytes=56 Sequence=5 ttl=252 time=1 ms
10
--- 100.0.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms
To view the label switching in the whole forwarding process: View the MPLS LSP of RT-A: RT-A#show mpls forwarding-table
Local Outgoing
Prefix
Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id
Switched
10.0.2.0/30
16
Pop Label
17
16
18
Pop Label
19
18
10.0.255.31/32 0
Gi2/2
10.0.1.2
20
19
10.0.255.41/32 0
Gi2/2
10.0.1.2
21
Pop Label
IPv4 VRF[V]
1420
aggregate/vpna
22
Pop Label
IPv4 VRF[V]
2672
aggregate/vpnb
10.0.3.0/30
0
interface
Gi2/2
0
Gi2/2
10.0.255.21/32 0
10.0.1.2 10.0.1.2
Gi2/2
10.0.1.2
On RT-A, the outbound label to PE2 is 18. View the MPLS LSP of RT-B:
RT-B#sh mpls forwarding-table
Local Outgoing
Prefix
Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id 16
Pop Label
10.0.3.0/30
17
Pop Label
10.0.255.11/32
18
1027
19
Pop Label
Switched 490
Gi1/3
1875863
10.0.2.2
Gi1/1
10.0.255.31/32 1968423 10.0.255.41/32 0
interface
Gi1/3 Gi1/3
11
10.0.1.1 10.0.2.2 10.0.2.2
On RT-B, inbound label being 18 are switched to 1027. On RT-D, view the MPLS LSP:
[RT-D]disp mpls ls
------------------------------------------------------------------------------LSP Information: LDP LSP ------------------------------------------------------------------------------FEC
In/Out Label In/Out IF
10.0.255.41/32 10.0.2.0/30
3/NULL 3/NULL
10.0.255.31/32
NULL/3
10.0.255.31/32
1027/3
10.0.1.0/30
1024/3
10.0.1.0/30
NULL/3
10.0.255.11/32
1026/17
10.0.255.11/32
NULL/17
10.0.255.21/32
1025/3
10.0.255.21/32
NULL/3
10.0.3.0/30
3/NULL
Vrf Name
-/-/-/GE2/0/2 -/GE2/0/2 -/GE2/0/4 -/GE2/0/4 -/GE2/0/4 -/GE2/0/4 -/GE2/0/4 -/GE2/0/4 -/-
Outbound label of the packet with inbound label 1027 is 3. It indicates that RT-D is the penultimate hop and thus needs to pop off the label
[RT-C]disp mpls ls
------------------------------------------------------------------------------LSP Information: BGP LSP ------------------------------------------------------------------------------FEC
In/Out Label In/Out IF
Vrf Name
100.0.2.0/24
115712/NULL -/-
vpna
100.0.2.0/24
115713/NULL -/-
vpnb
100.0.255.1/32
115714/NULL -/-
vpnb 12
------------------------------------------------------------------------------LSP Information: LDP LSP ------------------------------------------------------------------------------FEC
In/Out Label In/Out IF
10.0.255.31/32
3/NULL
-/-
10.0.255.41/32
NULL/3
-/GE1/0/2
10.0.2.0/30
NULL/3
10.0.1.0/30
NULL/1024
Vrf Name
-/GE1/0/2 -/GE1/0/2
10.0.255.21/32
NULL/1025
-/GE1/0/2
10.0.255.11/32
NULL/1026
-/GE1/0/2
Labels allocated by RT-C to RT-D are specially 3, which indicates that RT-C is the last hop. The MPLS LSP forwarding process for other FECs is similar.
13
Lab 9- L2 VPN (sub-interface on 7609 and SVI on CX600)
RT-C
PC-C SW-C
1/0/6
Ge 0/0/1
1/0/0
Fe 0/0/9
1/2
2/2 1/1
RT-A
RT-B 2/3 Ge 0/1 SW-A
Fe 0/9
PC-A Group1- RT-B CX600- RT-C
Group2- RT-A, SW-A
C7609-RT-A, RT-B
Group3- RT-C, SW-C
C3400 – SW-A CX200D – SW-C
AS 65000
RT-B
RT-C
RT-A
Lo- 10.0.255.21/32
Lo- 10.0.255.31/32
Lo- 10.0.255.11/32
1/1 -10.0.1.2/30
1/0/0 -10.0.2.2/30
2/2 -10.0.1.1/30
1/2 -10.0.2.1/30
1/0/6 –switchport
2/3 –switchport
1
VLAN – 100(A) & 200 (C) VC ID – 10 VSI - 11
Configuration Procedure Step 1 Configure CE. In our example CE is a PC, therefore configure PC-A- IP- 50.0.0.1/24 PC-C- IP- 50.0.0.2/24
If CE is a Router, configure a sub interface as below # Huawei system-view [Quidway] sysname CE1 [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] undo shutdown [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 1/0/0.1 [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 100 [CE1-GigabitEthernet1/0/0.1] ip address 50.0.0.1 24 [CE1-GigabitEthernet1/0/0.1] undo shutdown [CE1-GigabitEthernet1/0/0.1] quit
# Cisco interface GigabitEthernet2/4.100 encapsulation dot1Q 100 ip address 50.0.0.1 255.255.255.0
Step 2 Configure SW-A, SW-C # Configure SW-A. SW-A(config-if)# switchport mode trunk SW-A(config-if)#switchport trunk allow vlan all SW-A(config-if)#no shut SW-A(config)# vlan 100 SW-A(config)# interface fastEthernet 0/9 SW-A(config-if)#switchport access vlan 100
2
SW-A(config-if)#port-type nni SW-A(config-if)#no shut
# Configure SW-C. [SW-C-gigabitethernet0/0/1]port link-type trunk [SW-C-gigabitethernet0/0/1]port trunk allow-pass vlan all [SW-C-gigabitethernet0/0/1]bpdu enable [SW-C-gigabitethernet0/0/1]undo shut [SW-C ]vlan 200 [SW-C ]interface Ethernet 0/0/9 [SW-C-ethernet0/0/9]port link-type access [SW-C-ethernet0/0/9]port default vlan 200 [SW-C-ethernet0/0/9]undo shut
Step 3 Configure OSPF in MPLS Backbone RT-A(config)# router ospf 100 RT-A(config-router)# network 10.0.255.11 RT-A(config-router)# network 10.0.0.0
0.0.0.0
area 0
0.255.255.255
area 0
RT-B(config)# router ospf 100 RT-B(config-router)# network 10.0.255.21 RT-B(config-router)# network 10.0.0.0
0.0.0.0
area 0
0.255.255.255
area 0
[RT-C]ospf 100 [RT-C-ospf-100]area 0 [RT-C-ospf-100-area-0.0.0.0]network 10.0.255.31 [RT-C-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
After the configuration, the OSPF neighbor relationship should be established between RT-A, RT-B, RT-D and RT-C. After running the show ip ospf neighbor & display ospf peer command, you can find that the OSPF neighbor relationship is in Full state. Run the show ip routing-table & display ip routing-table command on the PE (RT-A, RT-C), and you can view the Loopback0 routes imported from the peer. RT-A# show ip ospf neighbor [RT-C] display ospf peer RT-A# show ip routing-table [RT-C] display ip routing-table
Step 4 Configure MPLS basic capability and LDP on MPLS backbone network. # Configure RT-A. RT-A(config)#mpls ip RT-A(config)#mpls ldp router-id Loopback0 force RT-A(config-if)#mpls ip
3
RT-A(config-if)#mpls label protocol ldp
# Configure RT-B. RT-B(config)#mpls ip RT-B(config)#mpls ldp router-id Loopback0 force RT-B(config-if)#mpls ip RT-B(config-if)#mpls label protocol ldp RT-B(config-if)#mpls ip RT-B(config-if)#mpls label protocol ldp
# Configure RT-C. [RT-C]mpls lsr-id 10.0.255.31 [RT-C]mpls [RT-C]mpls ldp [RT-C-gigabitethernet1/0/2]mpls [RT-C-gigabitethernet1/0/2]mpls ldp
Step 5 Establish the remote LDP session on PE. # Configure RT-C. [PE2] mpls ldp remote-peer 1 [PE2-mpls-ldp-remote-1] remote-ip 10.0.255.11 [PE2-mpls-ldp-remote-1] quit
After the configuration, run the display mpls ldp session command on PE2 to check the establishment of the LDP session. You can find that the remote LDP session between PE1 and PE2 is newly set up. [RT-C]display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID
Status
LAM
SsnRole
SsnAge
KA-Sent/Rcv
-----------------------------------------------------------------------------10.0.255.11:0
Operational DU
Active
000:01:37
389/444
10.0.255.21:0
Operational DU
Active
000:01:44
418/474
-----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode
SsnAge Unit : DDD:HH:MM
RT-A#sh mpls ldp neighbor Peer LDP Ident: 10.0.255.21:0; Local LDP Ident 10.0.255.11:0 TCP connection: 10.0.255.21.11037 - 10.0.255.11.646 State: Oper; Msgs sent/rcvd: 154/155; Downstream Up time: 02:08:12 LDP discovery sources: GigabitEthernet2/2, Src IP addr: 10.0.1.2
4
Addresses bound to peer LDP Ident: 10.0.1.2
10.0.255.21
10.0.2.1
Peer LDP Ident: 10.0.255.31:0; Local LDP Ident 10.0.255.11:0 TCP connection: 10.0.255.31.49803 - 10.0.255.11.646 State: Oper; Msgs sent/rcvd: 510/452; Downstream Up time: 01:47:50 LDP discovery sources: Targeted Hello 10.0.255.11 -> 10.0.255.31, active, passive Addresses bound to peer LDP Ident: 10.0.2.2
10.0.255.31
Step 6 Enable MPLS L2VPN on PE and create the VC connection. # On RT-A, create a VC on sub interface Gigabit Ethernet 2/3.100, which connects PC-A through SW-A. RT-A(config)#interface gigabitetherent 2/3 RT-A(config-if)#switchport RT-A(config-if)# switchport trunk encapsulation dot1q RT-A(config-if)# switchport mode trunk RT-A(config-if)#no shut RT-A(config)#interface gigabitetherent 2/3.100 RT-A(config-subif)#encapsulation dot1q 100 RT-A(config-subif)#xconnect 10.0.255.31 10 encap mpls
# On RT-C, create a VSI, which connects PC-C through SW-C. [RT-C] mpls l2vpn [RT-C-l2vpn] mpls l2vpn default martini [RT-C]Vlan 200 [RT-C]vsi 11 static [RT-C-vsi-11]pwsignal ldp [RT-C-vsi-11-ldp]vsi-id 10 [RT-C-vsi-11-ldp]peer 10.0.255.11 [RT-C] interface vlanif 200 [RT-C-vlanif200] l2 binding vsi 11 [RT-C] interface gigabitethernet1/0/6 [RT-C-GigabitEthernet1/0/6]portswitch [RT-C-GigabitEthernet1/0/6]port link-type trunk [RT-C-GigabitEthernet1/0/6]port trunk allow-pass vlan all [RT-C-GigabitEthernet1/0/6] undo shutdown
Extra info- Command for Cisco RT-A(config)#vlan 200 RT-A(config)#interface vlan 200 RT-A(config-if)#no ip address RT-A(config-if)#xconnect 10.0.255.11 10 encap mpls RT-A(config-if)#no shut
5
Check:PC-A and PC-C can successfully ping each other.
Check the L2VPN connection on the PEs. You can find that an L2VC is set up and the VC status is Up. RT-A#sh mpls l2transport vc Local intf
Local circuit
-------------
-------------------------- --------------- ---------- ----------
Dest address
Gi2/3.100
Eth VLAN 100
10.0.255.31
VC ID
Status
10
UP
[RT-C]display vsi name 11
Vsi
Mem
PW
Name
Disc
Type Learn
Mac
Encap
Mtu
Type
Value State
Vsi
-------------------------------------------------------------------------11
static ldp
6
unqualify vlan
1500
up
Lab 10- L2 VPN (sub-interface both sides) (Optional)
RT-C
PC-C SW-C
1/0/6
Ge 0/0/1
1/0/0
Fe 0/0/9
1/2
2/2 1/1
RT-A
RT-B 2/3 Ge 0/1 SW-A
Fe 0/9
PC-A Group1- RT-B CX600- RT-C
Group2- RT-A, SW-A
C7609-RT-A, RT-B
Group3- RT-C, SW-C
C3400 – SW-A CX200D – SW-C
AS 65000
RT-B
RT-C
RT-A
Lo- 10.0.255.21/32
Lo- 10.0.255.31/32
Lo- 10.0.255.11/32
1/1 -10.0.1.2/30
1/0/0 -10.0.2.2/30
2/2 -10.0.1.1/30
1/2 -10.0.2.1/30
1/0/6 –switchport
2/3 –switchport
1
VLAN – 100(A) & 200 (C) VC ID - 10
Configuration Procedure Step 1 Configure CE. In our example CE is a PC, therefore configure PC-A- IP- 50.0.0.1/24 PC-C- IP- 50.0.0.2/24
If CE is a Router, configure a sub interface as below # Huawei system-view [Quidway] sysname CE1 [CE1] interface gigabitethernet 1/0/0 [CE1-GigabitEthernet1/0/0] undo shutdown [CE1-GigabitEthernet1/0/0] quit [CE1] interface gigabitethernet 1/0/0.1 [CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 100 [CE1-GigabitEthernet1/0/0.1] ip address 50.0.0.1 24 [CE1-GigabitEthernet1/0/0.1] undo shutdown [CE1-GigabitEthernet1/0/0.1] quit
# Cisco interface GigabitEthernet2/4.100 encapsulation dot1Q 100 ip address 50.0.0.1 255.255.255.0
Step 2 Configure SW-A, SW-C # Configure SW-A. SW-A(config-if)# switchport mode trunk SW-A(config-if)#switchport trunk allow vlan all SW-A(config-if)#no shut SW-A(config)# vlan 100 SW-A(config)# interface fastEthernet 0/9 SW-A(config-if)#switchport access vlan 100
2
SW-A(config-if)#port-type nni SW-A(config-if)#no shut
# Configure SW-C. [SW-C-gigabitethernet0/0/1]port link-type trunk [SW-C-gigabitethernet0/0/1]port trunk allow-pass vlan all [SW-C-gigabitethernet0/0/1]bpdu enable [SW-C-gigabitethernet0/0/1]undo shut [SW-C ]vlan 200 [SW-C ]interface Ethernet 0/0/9 [SW-C-ethernet0/0/9]port link-type access [SW-C-ethernet0/0/9]port default vlan 200 [SW-C-ethernet0/0/9]undo shut
Step 3 Configure OSPF in MPLS Backbone RT-A(config)# router ospf 100 RT-A(config-router)# network 10.0.255.11 RT-A(config-router)# network 10.0.0.0
0.0.0.0
area 0
0.255.255.255
area 0
RT-B(config)# router ospf 100 RT-B(config-router)# network 10.0.255.21 RT-B(config-router)# network 10.0.0.0
0.0.0.0
area 0
0.255.255.255
area 0
[RT-C]ospf 100 [RT-C-ospf-100]area 0 [RT-C-ospf-100-area-0.0.0.0]network 10.0.255.31 [RT-C-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
After the configuration, the OSPF neighbor relationship should be established between RT-A, RT-B, RT-D and RT-C. After running the show ip ospf neighbor & display ospf peer command, you can find that the OSPF neighbor relationship is in Full state. Run the show ip routing-table & display ip routing-table command on the PE (RT-A, RT-C), and you can view the Loopback0 routes imported from the peer. RT-A# show ip ospf neighbor [RT-C] display ospf peer RT-A# show ip routing-table [RT-C] display ip routing-table
Step 4 Configure MPLS basic capability and LDP on MPLS backbone network. # Configure RT-A. RT-A(config)#mpls ip RT-A(config)#mpls ldp router-id Loopback0 force RT-A(config-if)#mpls ip
3
RT-A(config-if)#mpls label protocol ldp
# Configure RT-B. RT-B(config)#mpls ip RT-B(config)#mpls ldp router-id Loopback0 force RT-B(config-if)#mpls ip RT-B(config-if)#mpls label protocol ldp RT-B(config-if)#mpls ip RT-B(config-if)#mpls label protocol ldp
# Configure RT-C. [RT-C]mpls lsr-id 10.0.255.31 [RT-C]mpls [RT-C]mpls ldp [RT-C-gigabitethernet1/0/2]mpls [RT-C-gigabitethernet1/0/2]mpls ldp
Step 5 Establish the remote LDP session on PE. # Configure RT-C. [PE2] mpls ldp remote-peer 1 [PE2-mpls-ldp-remote-1] remote-ip 10.0.255.11 [PE2-mpls-ldp-remote-1] quit
After the configuration, run the display mpls ldp session command on PE2 to check the establishment of the LDP session. You can find that the remote LDP session between PE1 and PE2 is newly set up. [RT-C]display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID
Status
LAM
SsnRole
SsnAge
KA-Sent/Rcv
-----------------------------------------------------------------------------10.0.255.11:0
Operational DU
Active
000:01:37
389/444
10.0.255.21:0
Operational DU
Active
000:01:44
418/474
-----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode
SsnAge Unit : DDD:HH:MM
RT-A#sh mpls ldp neighbor Peer LDP Ident: 10.0.255.21:0; Local LDP Ident 10.0.255.11:0 TCP connection: 10.0.255.21.11037 - 10.0.255.11.646 State: Oper; Msgs sent/rcvd: 154/155; Downstream Up time: 02:08:12 LDP discovery sources: GigabitEthernet2/2, Src IP addr: 10.0.1.2
4
Addresses bound to peer LDP Ident: 10.0.1.2
10.0.255.21
10.0.2.1
Peer LDP Ident: 10.0.255.31:0; Local LDP Ident 10.0.255.11:0 TCP connection: 10.0.255.31.49803 - 10.0.255.11.646 State: Oper; Msgs sent/rcvd: 510/452; Downstream Up time: 01:47:50 LDP discovery sources: Targeted Hello 10.0.255.11 -> 10.0.255.31, active, passive Addresses bound to peer LDP Ident: 10.0.2.2
10.0.255.31
Step 6 Enable MPLS L2VPN on PE and create the VC connection. # On RT-A, create a VC on sub interface Gigabit Ethernet 2/3.100, which connects PC-A through SW-A. RT-A(config)#interface gigabitetherent 2/3 RT-A(config-if)#switchport RT-A(config-if)# switchport trunk encapsulation dot1q RT-A(config-if)# switchport mode trunk RT-A(config-if)#no shut RT-A(config)#interface gigabitetherent 2/3.100 RT-A(config-subif)#encapsulation dot1q 100 RT-A(config-subif)#xconnect 10.0.255.31 10 encap mpls
# On RT-C, create a VC on sub interface, which connects PC-C through SW-C. [RT-C] mpls l2vpn [RT-C-l2vpn] mpls l2vpn default martini [RT-C] interface gigabitethernet1/0/6 [RT-C-GigabitEthernet1/0/6]portswitch [RT-C-GigabitEthernet1/0/6]port link-type trunk [RT-C-GigabitEthernet1/0/6]port trunk allow-pass vlan 127 [RT-C-GigabitEthernet1/0/6] undo shutdown [RT-C] interface gigabitethernet1/0/6.200 [RT-C-GigabitEthernet1/0/6.200] mpls l2vc 10.0.255.11 10 [RT-C-GigabitEthernet1/0/6.200]vlan-type dot1q 200
5
Check:PC-A and PC-C can successfully ping each other.
Check the L2VPN connection on the PEs. You can find that an L2VC is set up and the VC status is Up. RT-A#sh mpls l2transport vc Local intf
Local circuit
-------------
-------------------------- --------------- ---------- ----------
Dest address
Gi2/3.100
Eth VLAN 100
10.0.255.31
VC ID 10
Status UP
[RT-C]display mpls l2vc interface GigabitEthernet 1/0/6.200 *client interface
: GigabitEthernet1/0/6.200 is up
session state
: up
AC state
: up
VC state
: up
VC ID
: 10
VC type
: VLAN
destination
: 10.0.255.11
local group ID
: 0
remote group ID
: 0
local VC label
: 146432
remote VC label
: 20
local AC OAM State
: up
local PSN State
: up
remote VC MTU
: 1500
local forwarding state : forwarding remote AC OAM state
: up
remote PSN state
: up
remote forwarding state: forwarding BFD for PW
: unavailable
manual fault
: not set
active state
: active
forwarding entry
: exist
link state
: up
local VC MTU
: 1500
local VCCV
: Disable
remote VCCV
: alert lsp-ping
local control word
: disable
tunnel policy name
: --
traffic behavior name
: --
PW template name
: --
primary or secondary
: primary
VC tunnel/token info
: 1 tunnels/tokens
NO.0
TNL type : lsp
remote control word
: disable
, TNL ID : 0x1008001
create time
: 0 days, 0 hours, 32 minutes, 48 seconds
up time
: 0 days, 0 hours, 21 minutes, 25 seconds
last change time
: 0 days, 0 hours, 21 minutes, 25 seconds
6
Lab 11- VPLS (using SVI on CX600)
RT-E SW-E
1/0/6 Ge 0/0/1
1/0/0 2/0/0 1/0/2
RT-C
2/0/2
2/0/8 RT-D
1/0/6
Ge 0/1
Ge 0/0/1 SW-C
SW-D
Group1- RT-C, SW-C CX600- RT-C, RT-D, RT-E
Group2- RT-D, SW-D
C3400 – SW-D
Group3- RT-E, SW-E
CX200D – SW-C, SW-E
AS 65000
RT-E
VLAN – 10, 20 & 30
RT-C
Lo- 10.0.255.51/32
vsi - 50
Lo- 10.0.255.31/32
1/0/0 -10.0.2.2/30
VC ID - 25
1/0/2 -10.0.1.1/30
1/0/6 –switchport
1/0/6 –switchport RT-D Lo- 10.0.255.41/32 2/0/0 -10.0.2.1/30 2/0/2 -10.0.1.2/30 2/0/8 –switchport
1
Configuration Procedure Step 1 Configure SW & RT for access # Configure RT-C & SW-C. [RT-C] interface gigabitethernet1/0/6 [RT-C-GigabitEthernet1/0/6]portswitch [RT-C-GigabitEthernet1/0/6]port link-type trunk [RT-C-GigabitEthernet1/0/6]port trunk allow-pass vlan all [RT-C-GigabitEthernet1/0/6] undo shutdown [SW-C-gigabitethernet0/0/1]port link-type trunk [SW-C-gigabitethernet0/0/1]port trunk allow-pass vlan all [SW-C-gigabitethernet0/0/1]undo shut [SW-C ]vlan 10 [SW-C ]interface vlanif 10 [SW-C-vlanif10]ip address 1.0.0.1 255.0.0.0 [SW-C- vlanif10]undo shut
# Configure RT-D & SW-D. [RT-D] interface gigabitethernet2/0/8 [RT-D-GigabitEthernet2/0/8]portswitch [RT-D-GigabitEthernet2/0/8]port link-type trunk [RT-D-GigabitEthernet2/0/8]port trunk allow-pass vlan all [RT-D-GigabitEthernet2/0/8] undo shutdown SW-D(config-if)# switchport mode trunk SW-D(config-if)#switchport trunk allowed vlan all SW-D(config-if)#port-type nni SW-D(config-if)#no shut SW-D(config)# vlan 20 SW-D(config)# interface vlan 20 SW-D(config-if)#ip address 1.0.0.2 255.0.0.0 SW-D(config-if)#no shut
# Configure RT-E & SW-E. [RT-E] interface gigabitethernet1/0/6 [RT-E-GigabitEthernet1/0/6]portswitch [RT-E-GigabitEthernet1/0/6]port link-type trunk [RT-E-GigabitEthernet1/0/6]port trunk allow-pass vlan all [RT-E-GigabitEthernet1/0/6] undo shutdown [SW-E-gigabitethernet0/0/1]port link-type trunk [SW-E-gigabitethernet0/0/1]port trunk allow-pass vlan all [SW-E-gigabitethernet0/0/1]undo shut
2
[SW-E ]vlan 30 [SW-E]interface vlanif 30 [SW-E-vlanif30]ip address 1.0.0.3 255.0.0.0 [SW-E- vlanif30]undo shut
Step 2 Configure OSPF. [RT-C]ospf 100 [RT-C-ospf-100]area 0 [RT-C-ospf-100-area-0.0.0.0]network 10.0.255.31 [RT-C-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
[RT-D]ospf 100 [RT-D-ospf-100]area 0 [RT-D-ospf-100-area-0.0.0.0]network 10.0.255.41 [RT-D-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
[RT-E]ospf 100 [RT-E-ospf-100]area 0 [RT-E-ospf-100-area-0.0.0.0]network 10.0.255.51 [RT-E-ospf-100-area-0.0.0.0]network 10.0.0.0
Step 3 Configure basic MPLS capability and LDP. # Configure RT-C. [RT-C]mpls lsr-id 10.0.255.31 [RT-C]mpls [RT-C]mpls ldp [RT-C-gigabitethernet1/0/2]mpls [RT-C-gigabitethernet1/0/2]mpls ldp
# Configure RT-D. [RT-D]mpls lsr-id 10.0.255.41 [RT-D]mpls [RT-D]mpls ldp [RT-D-gigabitethernet2/0/0]mpls [RT-D-gigabitethernet2/0/0]mpls ldp [RT-D-gigabitethernet2/0/2]mpls [RT-D-gigabitethernet2/0/2]mpls ldp
# Configure RT-E. [RT-E]mpls lsr-id 10.0.255.51 [RT-E]mpls [RT-E]mpls ldp [RT-E-gigabitethernet1/0/0]mpls
3
0.0.0.0
0.255.255.255
[RT-E-gigabitethernet1/0/0]mpls ldp
Step 4 Configure remote session of LDP. # Configure RT-C. [RT-C] mpls ldp remote-peer 1 [RT-C-mpls-ldp-remote-1] remote-ip 10.0.255.51
# Configure RT-E. [RT-E] mpls ldp remote-peer 1 [RT-E-mpls-ldp-remote-1] remote-ip 10.0.255.31
After the configuration, run the display mpls ldp session command on PEs to check the establishment of the LDP session. You can find that the remote LDP session between PEs are newly set up. [RT-C]disp mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID
Status
LAM
SsnRole
SsnAge
KA-Sent/Rcv
-----------------------------------------------------------------------------10.0.255.41:0
Operational DU
Active
000:00:56
227/255
10.0.255.51:0
Operational DU
Active
000:04:56
1186/1350
-----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode
Step 5 Enable MPLS L2VPN on PEs. # Configure RT-C. [RT-C] mpls l2vpn
# Configure RT-D. [RT-D] mpls l2vpn
# Configure RT-E. [RT-E] mpls l2vpn
4
SsnAge Unit : DDD:HH:MM
Step 6 Configure a VSI on each PE. # Configure RT-C. [RT-C]vsi 50 static [RT-C-vsi-50]pwsignal ldp [RT-C-vsi-50-ldp]vsi-id 25 [RT-C-vsi-50-ldp]peer 10.0.255.41 [RT-C-vsi-50-ldp]peer 10.0.255.51
# Configure RT-D. [RT-D]vsi 50 static [RT-D-vsi-50]pwsignal ldp [RT-D-vsi-50-ldp]vsi-id 25 [RT-D-vsi-50-ldp]peer 10.0.255.31 [RT-D-vsi-50-ldp]peer 10.0.255.51
# Configure RT-E. [RT-E]vsi 50 static [RT-E-vsi-50]pwsignal ldp [RT-E-vsi-50-ldp]vsi-id 25 [RT-E-vsi-50-ldp]peer 10.0.255.31 [RT-E-vsi-50-ldp]peer 10.0.255.41
Step 7 Bind the VSI with the interface on PE. # Configure RT-C. [RT-C] vlan 10 [RT-C] interface vlanif 10 [RT-C-vlanif10] l2 binding vsi 50 [RT-C-vlanif10]undo shut
# Configure RT-D. [RT-D] vlan 20 [RT-D] interface vlanif 20 [RT-D-vlanif20] l2 binding vsi 50 [RT-D-vlanif20]undo shut
# Configure RT-E. [RT-E] vlan 30 [RT-E] interface vlanif 30 [RT-E-vlanif30] l2 binding vsi 50 [RT-E-vlanif30]undo shut
5
Step 8 Verify the configuration. After the configuration, run the following command on PEs, and you can see that VSI named 50 establishes a PW to PE1 & PE2 and the VSI is Up. [RT-C]disp vsi name 50 Vsi
Mem
PW
Name
Disc
Type Learn
Mac
Encap
Mtu
Type
Value State
Vsi
-------------------------------------------------------------------------50
static ldp
Check:Ping from [SW-C]ping 1.0.0.2 Ping from [SW-C]ping 1.0.0.3
Similarly try from other switches
6
unqualify vlan
1500
up
Lab 12- VPLS (using SVI) (Optional) Note- VFI/VSI will be UP, but will not ping because 7609 don’t have OSM card.
RT-C SW-C
1/0/6 Ge 0/0/1
1/0/0
Fe 0/0/9
PC-C
1/2 2/2 1/1
RT-A
1/4 RT-B
2/3
Ge 0/0/1
Ge 0/1 Fe 0/9
SW-A
PC-B SW-B
PC-A
Group1- RT-A, SW-A CX600- RT-C
Group2- RT-B, SW-B
C7609-RT-A, RT-B
Group3- RT-C, SW-C
C3400 – SW-A CX200D – SW-B, SW-C AS 65000
RT-C
VLAN – 100,200 & 300
RT-A
Lo- 10.0.255.31/32
vfi/vsi - 2611
Lo- 10.0.255.11/32
1/0/0 -10.0.2.2/30
VC ID - 20
2/2 -10.0.1.1/30
1/0/6 –switchport
2/3 –switchport RT-B Lo- 10.0.255.21/32 1/1 -10.0.1.2/30 1/2 -10.0.2.1/30 1/4 –switchport
1
Configuration Procedure Step 1 Configure CE. In our example CE is a PC, therefore configure PC-A- IP- 100.0.0.1/24 PC-B- IP- 100.0.0.2/24 PC-C- IP- 100.0.0.3/24
Step 2 Configure SW & RT for access # Configure SW-A & RT-A. RT-A(config)#interface gigabitetherent 2/3 RT-A(config-if)#switchport RT-A(config-if)# switchport trunk encapsulation dot1q RT-A(config-if)# switchport mode trunk RT-A(config-if)#no shut SW-A(config-if)# switchport mode trunk SW-A(config-if)#switchport trunk allow vlan all SW-A(config-if)#port-type nni SW-A(config-if)#no shut SW-A(config)# vlan 100 SW-A(config)# interface fastEthernet 0/9 SW-A(config-if)#switchport access vlan 100 SW-A(config-if)#port-type nni SW-A(config-if)#no shut
# Configure SW-B & RT-B. RT-B(config)#interface gigabitetherent 1/4 RT-B(config-if)#switchport RT-B(config-if)# switchport trunk encapsulation dot1q RT-B(config-if)# switchport mode trunk RT-B(config-if)#no shut [SW-B-gigabitethernet0/0/1]port link-type trunk [SW-B-gigabitethernet0/0/1]port trunk allow-pass vlan all [SW-B-gigabitethernet0/0/1]bpdu enable [SW-B-gigabitethernet0/0/1]undo shut [SW-B ]vlan 200 [SW-B ]interface Ethernet 0/0/9 [SW-B-ethernet0/0/9]port link-type access [SW-B-ethernet0/0/9]port default vlan 200
2
[SW-B-ethernet0/0/9]undo shut
# Configure SW-C & RT-C. [RT-C] interface gigabitethernet1/0/6 [RT-C-GigabitEthernet1/0/6]portswitch [RT-C-GigabitEthernet1/0/6]port link-type trunk [RT-C-GigabitEthernet1/0/6]port trunk allow-pass vlan all [RT-C-GigabitEthernet1/0/6] undo shutdown [SW-C-gigabitethernet0/0/1]port link-type trunk [SW-C-gigabitethernet0/0/1]port trunk allow-pass vlan all [SW-C-gigabitethernet0/0/1]bpdu enable [SW-C-gigabitethernet0/0/1]undo shut [SW-C ]vlan 300 [SW-C ]interface Ethernet 0/0/9 [SW-C-ethernet0/0/9]port link-type access [SW-C-ethernet0/0/9]port default vlan 300 [SW-C-ethernet0/0/9]undo shut
Step 3 Configure OSPF. RT-A(config)# router ospf 100 RT-A(config-router)# network 10.0.255.11 RT-A(config-router)# network 10.0.0.0
0.0.0.0
area 0
0.255.255.255
area 0
RT-B(config)# router ospf 100 RT-B(config-router)# network 10.0.255.21 RT-B(config-router)# network 10.0.0.0
0.0.0.0
area 0
0.255.255.255
area 0
[RT-C]ospf 100 [RT-C-ospf-100]area 0 [RT-C-ospf-100-area-0.0.0.0]network 10.0.255.31 [RT-C-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
Step 4 Configure basic MPLS capability and LDP. # Configure RT-A. RT-A(config)#mpls ip RT-A(config)#mpls ldp router-id Loopback0 force RT-A(config-if)#mpls ip RT-A(config-if)#mpls label protocol ldp
# Configure RT-B. RT-B(config)#mpls ip RT-B(config)#mpls ldp router-id Loopback0 force RT-B(config-if)#mpls ip
3
RT-B(config-if)#mpls label protocol ldp RT-B(config-if)#mpls ip RT-B(config-if)#mpls label protocol ldp
# Configure RT-C. [RT-C]mpls lsr-id 10.0.255.31 [RT-C]mpls [RT-C]mpls ldp [RT-C-gigabitethernet1/0/0]mpls [RT-C-gigabitethernet1/0/0]mpls ldp
Step 5 Configure remote session of LDP. # Configure RT-C. [PE2] mpls ldp remote-peer 1 [PE2-mpls-ldp-remote-1] remote-ip 10.0.255.11
After the configuration, run the display mpls ldp session or show mpls ldp neighbor command on PEs to check the establishment of the LDP session. You can find that the remote LDP session between PEs are newly set up. [RT-C]disp mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID
Status
LAM
SsnRole
SsnAge
KA-Sent/Rcv
-----------------------------------------------------------------------------10.0.255.11:0
Operational DU
Active
000:00:56
227/255
10.0.255.21:0
Operational DU
Active
000:04:56
1186/1350
-----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode
SsnAge Unit : DDD:HH:MM
RT-B#sh mpls ldp neighbor Peer LDP Ident: 10.0.255.11:0; Local LDP Ident 10.0.255.21:0 TCP connection: 10.0.255.11.646 - 10.0.255.21.11037 State: Oper; Msgs sent/rcvd: 364/362; Downstream Up time: 05:11:27 LDP discovery sources: GigabitEthernet1/1, Src IP addr: 10.0.1.1 Targeted Hello 10.0.255.21 -> 10.0.255.11, active, passive Addresses bound to peer LDP Ident: 10.0.255.11
10.0.1.1
Peer LDP Ident: 10.0.255.31:0; Local LDP Ident 10.0.255.21:0 TCP connection: 10.0.255.31.51690 - 10.0.255.21.646 State: Oper; Msgs sent/rcvd: 1371/1200; Downstream Up time: 04:58:30
4
LDP discovery sources: GigabitEthernet1/2, Src IP addr: 10.0.2.2 Addresses bound to peer LDP Ident: 10.0.2.2
10.0.255.31
RT-A#sh mpls ldp neighbor Peer LDP Ident: 10.0.255.21:0; Local LDP Ident 10.0.255.11:0 TCP connection: 10.0.255.21.11037 - 10.0.255.11.646 State: Oper; Msgs sent/rcvd: 367/369; Downstream Up time: 05:15:35 LDP discovery sources: GigabitEthernet2/2, Src IP addr: 10.0.1.2 Targeted Hello 10.0.255.11 -> 10.0.255.21, active, passive Addresses bound to peer LDP Ident: 10.0.1.2
10.0.255.21
10.0.2.1
Peer LDP Ident: 10.0.255.31:0; Local LDP Ident 10.0.255.11:0 TCP connection: 10.0.255.31.51916 - 10.0.255.11.646 State: Oper; Msgs sent/rcvd: 298/261; Downstream Up time: 01:02:43 LDP discovery sources: Targeted Hello 10.0.255.11 -> 10.0.255.31, active, passive Addresses bound to peer LDP Ident: 10.0.2.2
10.0.255.31
Step 6 Enable MPLS L2VPN on PEs. # Configure RT-C. [RT-C] mpls l2vpn
Step 7 Configure a VFI/VSI on each PE. # Configure RT-A. RT-A(config)#l2 vfi 2611 manual RT-A(config-vfi)#vpn id 20 RT-A(config-vfi)#neighbor 10.0.255.21 encapsulation mpls RT-A(config-vfi)#neighbor 10.0.255.31 encapsulation mpls
# Configure RT-B. RT-B(config)#l2 vfi 2611 manual RT-A(config-vfi)#vpn id 20 RT-A(config-vfi)#neighbor 10.0.255.11
encapsulation mpls
RT-A(config-vfi)#neighbor 10.0.255.31
encapsulation mpls
# Configure RT-C. [RT-C]vsi 2611 static [RT-C-vsi-2611]pwsignal ldp
5
[RT-C-vsi-2611-ldp]vsi-id 20 [RT-C-vsi-2611-ldp]peer 10.0.255.11 [RT-C-vsi-2611-ldp]peer 10.0.255.21
Step 8 Bind the VSI/VFI with the interface on PE. # Configure RT-A. RT-A(config)#vlan 100 RT-A(config)#interface vlan 100 RT-A(config-if)#no ip address RT-A(config-if)#xconnect vfi 2611 RT-A(config-if)#no shut
# Configure RT-B. RT-B(config)#vlan 200 RT-B(config)#interface vlan 200 RT-B(config-if)#no ip address RT-B(config-if)#xconnect vfi 2611 RT-B(config-if)#no shut
# Configure RT-C. [RT-C] vlan 300 [RT-C] interface vlanif 300 [RT-C-vlanif300] l2 binding vsi 2611 [RT-C-vlanif300]undo shut
Step 9 Verify the configuration. After the configuration, run the following command on PEs, and you can see that VSI/VFI named 2611 establishes a PW to PE1 & PE2and the VSI is Up. [RT-C]disp vsi name 2611 Vsi
Mem
PW
Name
Disc
Type Learn
Mac
Encap
Mtu
Type
Value State
Vsi
-------------------------------------------------------------------------2611
static ldp
unqualify vlan
RT-B#sh vfi 2611 Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No VFI name: 2611, state: up, type: multipoint VPN ID: 20 Local attachment circuits: Vlan200 Neighbors connected via pseudowires:
6
1500
up
Peer Address
VC ID
S
10.0.255.31
20
Y
10.0.255.11
20
Y
RT-A#sh vfi 2611 Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No VFI name: 2611, state: up, type: multipoint VPN ID: 20 Local attachment circuits: Vlan100 Neighbors connected via pseudowires: Peer Address
VC ID
S
10.0.255.31
20
Y
10.0.255.21
20
Y
7
PC-C
SW-C Fe 0/0/9 Ge 0/0/1
1/0/4
RT-C
1/0/6
1/0/8
1/0/0
1/0/4
1/0/2 2/1
1/2
2/4
1/1 2/0/2 1/0/2
2/2
1/3 1/1
2/0/4
1/2
RT-D 2/0/0
RT-A
1/0/0 RT-E
RT-B
1/4
RT-F
2/0/8 1/0/6
2/3 Ge0/1 Ge0/1 2/5
2/0/6
SW-D
Ge 0/0/1
Ge 0/0/1
SW-A Fe0/9
SW-B SW-E Fe 0/0/9
PC-A
CX600- RT-C, RT-D, RT-E C7609-RT-A, RT-B, RT-F C3400 – SW-A CX200D – SW-B, SW-C
PC-B
Lab1- Configuring Basic BGP Functions RT-C 1/0/0
1/0/2
1/2
2/1
2/2
RT-A
2/0/2
1/1
1/3 RT-B
2/0/4
1/0/2
2/0/0
1/1 1/2
1/0/0
RT-D
RT-E
RT-F
2/3 0/1
Group1- RT-A & RT-B Group2- RT-C & RT-D CX600- RT-C, RT-D, RT-E
Group3- RT-E & RT-F
C7609-RT-A, RT-B, RT-F
AS 65001
AS 65000
AS 65002
Summary IP-192.168.0.0/16
Summary IP-10.0.0.0/8
Summary IP-172.16.0.0/16
RT-A
RT-B
RT-E
Lo- 192.168.255.12/32
Lo- 10.0.255.11/32
Lo- 172.16.255.33/32
2/2 -10.0.1.2/30
1/1 -10.0.1.1/30
1/0/0 -10.0.2.2/30
2/1-192.168.0.1/30
1/2 -10.0.0.1/30
1/0/2 -172.16.0.1/30
2/3 -Switchport
1/3 -10.0.0.10/30
RT-F
RT-C
Lo- 172.16.255.23/32
Lo- 10.0.255.21/32
1/2 -172.16.0.2/30
1/0/0 -10.0.0.2/30
1/1 -192.168.0.2/30
1/0/2 -10.0.0.5/30 RT-D Lo- 10.0.255.31/32 2/0/0 -10.0.2.1/30 2/0/4 -10.0.0.9/30 2/0/2 -10.0.0.6/30 1
Configuration Procedure Step 1 1.
Clear the Configuration
2.
Change the hostname or sysname
3.
Configure the IP address for each interface Interface loopback0 Ip address 192.168.255.12 255.255.255.255 Interface gigabitethernet 2/2 Ip address 10.0.1.2 255.255.255.252 No shut/undo shut Negotiation auto (on CX port, if it is connected to Cisco)
Step 2 Configure IBGP connections. # Configure RT-B. RT-B(config)#router bgp 65000 RT-B(config-router)#neighbor 10.0.0.2 remote-as 65000 RT-B(config-router)#neighbor 10.0.0.9 remote-as 65000
# Configure RT-D. [RT-D] bgp 65000 [RT-D-bgp] peer 10.0.0.10 as-number 65000 [RT-D-bgp] peer 10.0.0.5 as-number 65000
# Configure RT-C. [RT-C] bgp 65000 [RT-C-bgp] peer 10.0.0.1 as-number 65000 [RT-C-bgp] peer 10.0.0.6 as-number 65000
# Configure RT-E. [RT-E] bgp 65002 [RT-E-bgp] peer 172.16.0.2 as-number 65002
# Configure RT-F. RT-F(config)#router bgp 65002 RT-F(config-router)#neighbor 172.16.0.1 remote-as 65002
2
Check:Disp bgp peer Show bgp neighbor Disp bgp routing-table Show ip route bgp There is no bgp routes in the routing table
Step 3 Configure EBGP. # Configure RT-A. RT-A(config)#router bgp 65001 RT-A(config-router)#neighbor 10.0.255.11 remote-as 65000 RT-A(config-router)#neighbor 10.0.255.11 update-source loopback0 RT-A(config-router)#neighbor 10.0.255.11 ebgp-multihop 3 RT-A(config)#ip route 10.0.0.0
255.0.0.0
10.0.1.1
RT-A(config-router)#neighbor 172.16.255.23 remote-as 65002 RT-A (config-router)#neighbor 172.16.255.23 update-source loopback0 RT-A(config-router)#neighbor 172.16.255.23 ebgp-multihop 3 RT-A(config)#ip route 172.16.0.0
255.255.0.0
192.168.0.2
# Configure RT-B. RT-B(config)#router bgp 65000 RT-B(config-router)#neighbor 192.168.255.12 remote-as 65001 RT-B(config-router)#neighbor 192.168.255.12 update-source loopback0 RT-B(config-router)#neighbor 192.168.255.12 ebgp-multihop 3 RT-B(config)#ip route 192.168.0.0
255.255.0.0
10.0.1.2
# Configure RT-D. [RT-D] bgp 65000 [RT-D-bgp] peer 172.16.255.33 as-number 65002 [RT-D-bgp] peer 172.16.255.33 connect-interface loopback0 [RT-D-bgp] peer 172.16.255.33 ebgp-max-hop 3 [RT-D] ip route-static 172.16.0.0
16
10.0.2.2
# Configure RT-E. [RT-E] bgp 65002 [RT-E-bgp] peer 10.0.255.31 as-number 65000 [RT-E-bgp] peer 10.0.255.31 connect-interface loopback0 [RT-E-bgp] peer 10.0.255.31 ebgp-max-hop 3 [RT-E] ip route-static 10.0.0.0
8
10.0.2.1
3
# Configure RT-F. RT-F(config)#router bgp 65002 RT-F(config-router)#neighbor 192.168.255.12 remote-as 65001 RT-F(config-router)#neighbor 192.168.255.12 update-source loopback0 RT-F(config-router)#neighbor 192.168.255.12 ebgp-multihop 3 RT-F(config)#ip route 192.168.0.0
255.255.0.0
192.168.0.1
# Display the connection status of the BGP peers. [CX] display bgp peer Cisco# show bgp neighbor It should be established
Step 4 Configure RT-A to advertise 100.0.0.0/8. Connect Switch to the gigaetherent interface Switch(config-if)# switchport mode trunk Switch(config-if)#switchport trunk allow vlan all Switch(config-if)#no shut Switch(config)# vlan 100 Switch(config)# interface vlan 100 Switch(config-if)#ip address 100.0.0.2
255.0.0.0
Switch(config-if)#no shut Switch(config)#ip default-gateway
100.0.0.1
[Quidway]ip route-static 0.0.0.0
0
vlanif 100
RT-A(config-if)#switchport RT-A(config-if)#switchport trunk encaspulation dot1q RT-A(config-if)#switchport mode trunk RT-A(config-if)#switchport trunk allow vlan all RT-A(config-if)#no shut RT-A(config)#vlan 100 RT-A(config)#interface vlan 100 RT-A(config-if)#ip address 100.0.0.1
255.0.0.0
RT-A(config-if)#no shut RT-A(config)#router bgp 65001 RT-A(config-router)# address-family ipv4 RT-A(config-router-af)# network 100.0.0.0
mask
255.0.0.0
4
# Display the routing table of RT-B. RT-B# show ip route bgp B
100.0.0.0/8
[20/0]
via
192.168.255.12
Check: RT-B# ping 100.0.0.1 Reply from RT-A
# Display the routing table of RT-C. [RT-C] display bgp routing-table
i
Network
NextHop
MED
100.0.0.0
192.168.255.12
LocPrf
0
100
PrefVal Path/Ogn 0
65001i
Check: [RT-C] ping 100.0.0.1 No Reply from RT-A
# Display the routing table of RT-D. [RT-D] display bgp routing-table Network i
100.0.0.0
NextHop
MED
LocPrf
192.168.255.12
0
100
PrefVal Path/Ogn 0
65001i
Check: [RT-D] ping 100.0.0.1 No Reply from RT-A
# Display the routing table of RT-F. RT-F# show ip route bgp B
100.0.0.0/8
[20/0]
via
192.168.255.12
Check: RT-F# ping 100.0.0.1 Reply from RT-A
Note:- To Solve the above problem • •
In Step5 we will change the BGP route next hop and reach 100.x.x.x network without using OSPF AS specific routes should be available in the ip routing table. In step3 this is manually added in ASBR, but it should be redistributed in the entire AS. We will do this by using OSPF in Step6 5
Step 5 Configure ASBR to change the next hop as self # Configure RT-B for route updates from AS65001 to AS65000 RT-B(config-router)address-family ipv4 RT-B(config-router-af)neighbor 10.0.0.2 next-hop-self RT-B(config-router-af)neighbor 10.0.0.9 next-hop-self Check: On RT-C [RT-C] disp bgp route *>i
100.0.0.0
10.0.0.1
0
100
0
65001i
[RT-C] ping 100.0.0.1 Reply from RT-A
# Configure RT-D for route updates from AS65000 to AS65002 [RT-D-bgp]peer 172.16.255.33 next-hop-local
# Configure RT-F for route updates from AS65001 to AS65002 RT-F(config-router)address-family ipv4 RT-F(config-router-af)neighbor 172.16.0.1 next-hop-self Check: On RT-E [RT-E] disp bgp route *>i
100.0.0.0
172.16.0.2
0
100
0
65001i
Note: Remove next-hop-self and next-hop-local commands before starting step6
6
Step 6 Configure OSPF on each network of ASs # Configure AS65001 RT-A(config)# router ospf 200 RT-A(config-router)# network 192.168.255.12 0.0.0.0 area 0 RT-A(config-router)# network 192.168.0.0 0.0.255.255 area 0 RT-A(config-router)# network 100.0.0.0 0.0.0.255 area 0 RT-A(config-router)# redistributed connected RT-A(config-router)# redistributed static
# Configure AS65000 RT-B(config)# router ospf 100 RT-B(config-router)# network 10.0.255.11 0.0.0.0 area 0 RT-B(config-router)# network 10.0.0.0
0.255.255.255 area 0
RT-B(config-router)# redistributed connected RT-B(config-router)# redistributed static
[RT-D]ospf 100 [RT-D-ospf-100]area 0 [RT-D-ospf-100-area-0.0.0.0]network 10.0.255.31 0.0.0.0 [RT-D-ospf-100-area-0.0.0.0]network 10.0.0.0 0.255.255.255 [RT-D-ospf-100]import-route direct [RT-D-ospf-100]import-route static
[RT-C]ospf 100 [RT- C-ospf-100]area 0 [RT-C-ospf-100-area-0.0.0.0]network 10.0.255.21 0.0.0.0 [RT-C-ospf-100-area-0.0.0.0]network 10.0.0.0 0.255.255.255 [RT-C-ospf-100]import-route direct [RT-C-ospf-100]import-route static
7
# Configure AS65002 [RT-E]ospf 300 [RT-E-ospf-300]area 0 [RT-E-ospf-300-area-0.0.0.0]network 172.16.255.33 0.0.0.0 [RT-E-ospf-300-area-0.0.0.0]network 172.16.0.0 0.0.255.255 [RT-E-ospf-300]import-route direct [RT-E-ospf-300]import-route static
RT-F(config)# router ospf 300 RT-F(config-router)# network 172.16.255.23 0.0.0.0 area 0 RT-F(config-router)# network 172.16.0.0 0.0.255.255 area 0 RT-F(config-router)# redistributed connected RT-F(config-router)# redistributed static
Check:
Ping any IP from any where
8
Lab2- Working with BGP & IGP
2/4
1/0/4
1/0/2
2/0/2
RT-A RT-C
RT-D
2/3 0/1
Group1- RT-A Group2- RT-C CX600- RT-C, RT-D
Group3- RT-D
C7609-RT-A
AS 65001
AS 65000
Summary IP-192.168.0.0/16
Summary IP-10.0.0.0/8
RT-A
RT-C
Lo- 192.168.255.12/32
Lo- 10.0.255.11/32
2/4 -10.0.1.2/30
1/0/4 -10.0.1.1/30
2/3 - Switchport
1/0/2 -10.0.0.1/30 RT-D Lo- 10.0.255.21/32 2/0/2 -10.0.0.2/30
1
Configuration Roadmap The configuration roadmap is as follows: 1.
Configure the OSPF protocol on RT-C and RT-D to realize the interconnection.
2.
Configure the EBGP connection on RT-A and RT-C.
3.
Enable BGP and OSPF to import routes from each other on RT-C, and check the routing information.
4.
Configure BGP route aggregation on RT-C and simplify the BGP routing table.
Configuration Procedure Step 1 1.
Clear the Configuration
2.
Change the hostname or sysname
3.
Configure the IP address for each interface Interface loopback0 Ip address 192.168.255.12 255.255.255.255 Interface gigabitethernet 1/0/4 Ip address 10.0.1.1 255.255.255.252 No shut/undo shut Negotiation auto (on CX port, if it is connected to Cisco)
Step 2 Configure OSPF in AS 65000 [RT-C]ospf 100 [RT-C-ospf-100]area 0 [RT-C-ospf-100-area-0.0.0.0]network 10.0.255.11 [RT-C-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
[RT-D]ospf 100 [RT-D-ospf-100]area 0 [RT-D-ospf-100-area-0.0.0.0]network 10.0.255.21 [RT-D-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
Step 3 Configure EBGP. # Configure RT-A. RT-A(config)#router bgp 65001 RT-A(config-router)#neighbor 10.0.255.11 remote-as 65000 RT-A(config-router)#neighbor 10.0.255.11 update-source loopback0 RT-A(config-router)#neighbor 10.0.255.11 ebgp-multihop 3 RT-A(config)#ip route 10.0.255.11
255.255.255.255
2
10.0.1.1
# Configure RT-C. [RT-C]bgp 65000 [RT-C-bgp] peer 192.168.255.12 as-number 65001 [RT-C-bgp] peer 192.168.255.12 connect-interface loopback0 [RT-C-bgp]peer 192.168.255.12 ebgp-max-hop 3 [RT-C]ip route-static 192.168.255.12
255.255.255.255
10.0.1.2
# Display the connection status of the BGP peers. [CX] display bgp peer Cisco# show bgp neighbor It should be established
Step 4 Configure RT-A to advertise 100.0.0.0/8. Connect Switch to the gigaetherent interface Switch(config-if)# switchport mode trunk Switch(config-if)#switchport trunk allow vlan all Switch(config-if)#no shut Switch(config)# vlan 100 Switch(config)# interface vlan 100 Switch(config-if)#ip address 100.0.0.2
255.0.0.0
Switch(config-if)#no shut Switch(config)#ip default-gateway
100.0.0.1
[Quidway]ip route-static 0.0.0.0
0
vlanif 100
RT-A(config-if)#switchport RT-A(config-if)#switchport trunk encaspulation dot1q RT-A(config-if)#switchport mode trunk RT-A(config-if)#switchport trunk allow vlan all RT-A(config-if)#no shut RT-A(config)#vlan 100 RT-A(config)#interface vlan 100 RT-A(config-if)#ip address 100.0.0.1
255.0.0.0
RT-A(config-if)#no shut RT-A(config)#router bgp 65001 RT-A(config-router)# address-family ipv4 RT-A(config-router-af)# network 100.0.0.0
mask
255.0.0.0
3
# Display the routing table of RT-C. [RT-C] display bgp routing-table
Network *i>
100.0.0.0
NextHop
MED
192.168.255.12
LocPrf 0
100
PrefVal Path/Ogn 0
[RT-C] display ip routing-table protocol ospf You will see 4 routes 1 active route of 10.0.255.21/32 3 inactive route of directly connected networks
Step 5 Configure BGP on RT-C to import OSPF routes [RT-C-bgp] ipv4-family unicast [RT-C-bgp-af-ipv4] import-route ospf 100
# Display the routing table of RT-A RT-A# show ip route bgp You should see 2 OSPF routes of 10.x.x.x in BGP routing table
Step 6 Configure OSPF on RT-C to import BGP routes [RT-C-ospf-100] import-route bgp
# Display the routing table of RT-D [RT-D] display ip routing-table You should see BGP route of 100.x.x.x in OSPF routing table
To check: Ping 100.0.0.1 form RT-D
4
65001i
Step 7 Configure the automatic route aggregation. # Configure RT-C [RT-C] bgp 65000 [RT-C-bgp] ipv4-family unicast [RT-C-bgp-af-ipv4] summary automatic
# Display the routing table of RT-A. [RT-A] display bgp routing-table You should see single route for all 10.x.x.x networks of AS 65000
5
Lab3- Configuring AS-Path Filter EBGP connections are set up between RT-A, RT-C, and RT-D. Configure the AS-Path filter on RT-A. AS 65001 thus does not advertises routes of AS 65002 to AS 65000, or advertise routes of AS 65000 to AS 65002.
RT-C 1/0/4
2/4
1/0/2
RT-A
2/0/2
2/5 2/0/6 RT-D
Group1- RT-A Group2- RT-C
CX600- RT-C, RT-D
Group3- RT-D
C7609-RT-A
AS 65001
AS 65000
AS 65002
Summary IP-192.168.0.0/16
Summary IP-10.0.0.0/8
Summary IP-172.16.0.0/16
RT-A
RT-C
RT-D
Lo- 192.168.255.12/32
Lo- 10.0.255.11/32
Lo- 172.16.255.13/32
2/4 -10.0.1.2/24
1/0/4 -10.0.1.1/24
2/0/2-10.0.2.2/24
2/5 - 10.0.3.1/24
1/0/2-10.0.2.1/24
2/0/6 -10.0.3.2/24
1
Configuration Roadmap The configuration roadmap is as follows: 1.
Configure the EBGP connecting between RT-C and RT-A, RT-A and RT-D, RT-D and RT-C respectively, and import direct routes.
2.
Configure the AS-Path on RT-A, and apply the filtering rule.
Configuration Procedure Step 1 1.
Clear the Configuration
2.
Change the hostname or sysname
3.
Configure the IP address for each interface
Step 2 Configure EBGP.
# Configure RT-A RT-A(config)#router bgp 65001 RT-A(config-router)#neighbor 10.0.255.11 remote-as 65000 RT-A(config-router)#neighbor 10.0.255.11 update-source loopback0 RT-A(config-router)#neighbor 10.0.255.11 ebgp-multihop 3 RT-A(config)#ip route 10.0.255.11
255.255.255.255
10.0.1.1
RT-A(config-router)#neighbor 172.16.255.13 remote-as 65002 RT-A(config-router)#neighbor 172.16.255.13 update-source loopback0 RT-A(config-router)#neighbor 172.16.255.13 ebgp-multihop 3 RT-A(config)#ip route 172.16.255.13
255.255.255.255
10.0.3.2
RT-A(config-router)#redistributed connected
# Configure RT-C. [RT-C] bgp 65000 [RT-C-bgp] peer 192.168.255.12 as-number 65001 [RT-C-bgp] peer 192.168.255.12 connect-interface loopback0 [RT-C-bgp] peer 192.168.255.12 ebgp-max-hop 3 [RT-C]ip route-static 192.168.255.12
32
10.0.1.2
[RT-C-bgp] peer 172.16.255.13 as-number 65002 [RT-C-bgp] peer 172.16.255.13 connect-interface loopback0 [RT-C-bgp] peer 172.16.255.13 ebgp-max-hop 3 [RT-C]ip route-static 172.16.255.13 32
10.0.2.2
[RT-C-bgp] import-route direct
2
# Configure RT-D [RT-D] bgp 65002 [RT-D-bgp] peer 192.168.255.12 as-number 65001 [RT-D-bgp] peer 192.168.255.12 connect-interface loopback0 [RT-D-bgp] peer 192.168.255.12 ebgp-max-hop 3 [RT-D]ip route-static 192.168.255.12
32
10.0.3.1
[RT-D-bgp] peer 10.0.255.11 as-number 65000 [RT-D-bgp] peer 10.0.255.11 connect-interface loopback0 [RT-D-bgp] peer 10.0.255.11 ebgp-max-hop 3 [RT-D]ip route-static 10.0.255.11
32
10.0.1.1
[RT-D-bgp] import-route direct
# Display the connection status of the BGP peers. [CX] display bgp peer Cisco# show bgp neighbor It should be established
# Check the routing table advertised by RT-A to peer RT-C. You can find that RT-A advertises the routes for direct network between RT-C and RT-D. RT-A#show bgp ipv4 unicast neighbors 10.0.255.11 advertised-routes
BGP table version is 13, local router ID is 192.168.255.12 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network
Next Hop
Metric LocPrf Weight Path
*> 10.0.1.0/24
0.0.0.0
0
*> 10.0.2.0/24
172.16.255.13
0
*> 10.0.3.0/24
0.0.0.0
0
r> 10.0.255.11/32
10.0.255.11
0
0 65000 ?
0
0 65002 ?
r> 172.16.255.13/32 172.16.255.13
32768 ? 0 65002 ? 32768 ?
*> 192.168.255.12/32 0.0.0.0
0
32768 ?
Total number of prefixes 6
Huawei command
3
Check the routing table of RT-C, and you can find that RT-C learns the two routes advertised by RT-A.
i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
*>
Network
NextHop
MED
10.0.1.0/24
0.0.0.0
0
0
?
192.168.255.12
0
0
65001?
*
LocPrf
PrefVal Path/Ogn
*>
10.0.1.1/32
0.0.0.0
0
0
?
*>
10.0.2.0/24
0.0.0.0
0
0
?
*
172.16.255.13
0
0
65002?
*
192.168.255.12
0
65001 65002?
*>
10.0.2.1/32
0.0.0.0
0
0
?
*>
10.0.3.0/24
172.16.255.13
0
0
65002?
192.168.255.12
0
0
65001?
10.0.255.11/32
0.0.0.0
0
0
?
172.16.255.13/32
172.16.255.13
0
0
65002?
0
65001 65002?
0
65001?
* *> *
192.168.255.12 192.168.255.12/32
192.168.255.12
0
Step 3 Configure the AS-Path filter on RT-A and apply the filter in the outgoing direction of RT-A # Create AS-Path filter 1, refusing the passing of routes carrying AS 65002 (The regular expression _65002_ indicates any AS list that contains AS 65002 and * matches any character.) RT-A(config)# ip as-path access-list 1 deny _65002_ RT-A(config)# ip as-path access-list 1 permit .*
# Create AS-Path filter 2, refusing the passing of routes carrying AS 65000. RT-A(config)# ip as-path access-list 2 deny _65000_ RT-A(config)# ip as-path access-list 2 permit .*
# Apply the AS-Path filter in two outgoing directions of RT-A. RT-A#router bgp 65001 RT-A(config-router)# neighbor 10.0.255.11 filter-list 1 out RT-A(config-router)# neighbor 172.16.255.13 filter-list 2 out
Additional Info:- If RT-A is a CX600 router use following commands # Create AS-Path filter 1, refusing the passing of routes carrying AS 65002. [RT-A] ip as-path-filter 1 deny _65002_
4
[RT-A] ip as-path-filter 1 permit .* # Create AS-Path filter 2, refusing the passing of routes carrying AS 65000. [RT-A] ip as-path-filter 2 deny _65000_ [RT-A] ip as-path-filter 2 permit .* # Apply the AS-Path filter in two outgoing directions of RT-A [RT-A] bgp 20 [RT-A-bgp] peer 200.1.2.1 as-path-filter 1 export [RT-A-bgp] peer 200.1.3.2 as-path-filter 2 export
Step 4 Check the routing table advertised by RT-A, and it will not have advertised direct routes for networks between RT-C and RT-D.
RT-A#show bgp ipv4 unicast neighbor 10.0.255.11 advertised-routes
It will not have routes learned from AS65002.
BGP table version is 13, local router ID is 192.168.255.12 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network
Next Hop
Metric LocPrf Weight Path
*> 10.0.1.0/24
0.0.0.0
0
32768 ?
*> 10.0.3.0/24
0.0.0.0
0
32768 ?
0.0.0.0
0
32768 ?
*> 192.168.255.12/32
Total number of prefixes 3
Additional Info:- If RT-A is a CX600 router use following commands
Similarly, the BGP routing table of RT-C does not have the two routes.
This will not have routes coming from AS65002 via AS65001 Total Number of Routes: 11 BGP Local router ID is 10.0.255.11 Status codes: * - valid, > - best, d - damped,
5
h - history,
i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
*>
Network
NextHop
MED
10.0.1.0/24
0.0.0.0
0
0
?
192.168.255.12
0
0
65001?
*
LocPrf
PrefVal Path/Ogn
*>
10.0.1.1/32
0.0.0.0
0
0
?
*>
10.0.2.0/24
0.0.0.0
0
0
?
172.16.255.13
0
0
65002?
* *>
10.0.2.1/32
0.0.0.0
0
0
?
*>
10.0.3.0/24
172.16.255.13
0
0
65002?
192.168.255.12
0
0
65001?
10.0.255.11/32
0.0.0.0
0
0
?
172.16.255.13/32
172.16.255.13
0
0
65002?
192.168.255.12/32
192.168.255.12
0
0
65001?
* *>
Step 5 # Similarly Check the routing table advertised by RT-A to RT-D
It will not have routes learned from AS65000 via AS65001
6
Additional Info: MetacharacterCisco
MetacharacterHuawei
Connotation
\
Indicates escape character.
.
.
Matches any single character including the space except for \n.
*
*
Indicates that characters on the left of it appear for 0 or many times continuously in the target object
+
+
Indicates that characters on the left of it appear for 1 or many times continuously in the target object.
|
|
The 'or' relationship exists between characters on the left and right sides of it.
^
^
Characters on the right of it must appear at the beginning of the target object.
$
$
Characters on the left of it must appear at the end of the target object.
[]
[xyz]
Matches the character listed in the square character.
[^ ]
[^xyz]
Matches any character that is not listed in the square bracket (^ is on the left of the character).
-
[a-z]
Matches any character within the specified range.
[^a-z]
Matches any character that is not within the specified range.
{n}
The matches appear for n times (n is a non-negative integer).
{n,}
The matches appear for at least n times (n is a non-negative integer).
{n,m}
The matches appear for n–m times (m and n are non-negative integer and n is smaller than or equal to m). Note that there is no space between n and m.
?
Zero or one instance of the character or pattern
7
Lab4- BGP Community Attribute Networking Requirements RT-A creates EBGP connections with RT-C and RT-D respectively. You can configure the No_Export community attribute on RT-C. Thus, the routes advertised from AS65000 to AS65001 are not advertised to other ASs.
RT-C Ge0/0/1
1/0/4
SW-C
1/0/6
2/4
RT-A 2/5 2/0/6 RT-D
Group1- RT-A Group2- RT-C , SW-C
CX600- RT-C, RT-D
Group3- RT-D
C7609-RT-A CX200D- SW-C
AS 65001
AS 65000
AS 65002
Summary IP-192.168.0.0/16
Summary IP-10.0.0.0/8
Summary IP-172.16.0.0/16
RT-A
RT-C
RT-D
Lo- 192.168.255.12/32
Lo- 10.0.255.11/32
Lo- 172.16.255.13/32
2/4 -10.0.1.2/24
1/0/4 -10.0.1.1/24
2/0/6 -10.0.3.2/24
2/5 - 10.0.3.1/24
1/0/6 - Switchport
1
Configuration Roadmap The configuration roadmap is as follows: 1. Configure the EBGP connection between RT-C and RT-A, as well as between RT-A and RT-D. 2. Configure the routing policy on RT-C, and advertise No_Export community attribute.
Configuration Procedure Step 1 1.
Clear the Configuration
2.
Change the hostname or sysname
3.
Configure the IP address for each interface
Step 2 Configure the EBGP.
# Configure RT-C. [RT-C] bgp 65000 [RT-C-bgp] peer 192.168.255.12 as-number 65001 [RT-C-bgp] peer 192.168.255.12 connect-interface loopback0 [RT-C-bgp] peer 192.168.255.12 ebgp-max-hop 3 [RT-C]ip route-static 192.168.255.12
32
10.0.1.2
[RT-C-bgp] ] ipv4-family unicast [RT-C-bgp-af-ipv4] network 100.0.0.0 255.0.0.0 [RT-C-GigabitEthernet1/0/6]portswitch [RT-C-GigabitEthernet1/0/6]port link-type trunk [RT-C-GigabitEthernet1/0/6]port trunk allow-pass vlan all [RT-C-GigabitEthernet1/0/6]undo shut [RT-C]vlan 100 [RT-C]interface Vlanif 100 [RT-C-Vlan127]ip address 100.0.0.1
255.0.0.0
2
Connect Switch to the gigaetherent interface [SW-C-gigabitethernet0/0/1]port link-type trunk [SW-C-gigabitethernet0/0/1]port trunk allow-pass vlan all [SW-C-gigabitethernet0/0/1]bpdu enable [SW-C-gigabitethernet0/0/1]undo shut [SW-C ]vlan 100 [SW-C ]interface vlan 100 [SW-C-vlanif100]ip address 100.0.0.2
255.0.0.0
[SW-C-vlanif100]undo shut [SW-C]ip route-static 0.0.0.0
0
vlanif 100
# Configure RT-A RT-A(config)#router bgp 65001 RT-A(config-router)#neighbor 10.0.255.11 remote-as 65000 RT-A(config-router)#neighbor 10.0.255.11 update-source loopback0 RT-A(config-router)#neighbor 10.0.255.11 ebgp-multihop 3 RT-A(config)#ip route 10.0.255.11
255.255.255.255
10.0.1.1
RT-A(config-router)#neighbor 172.16.255.13 remote-as 65002 RT-A(config-router)#neighbor 172.16.255.13 update-source loopback0 RT-A(config-router)#neighbor 172.16.255.13 ebgp-multihop 3 RT-A(config)#ip route 172.16.255.13
255.255.255.255
10.0.3.2
# Configure RT-D [RT-D] bgp 65002 [RT-D-bgp] peer 192.168.255.12 as-number 65001 [RT-D-bgp] peer 192.168.255.12 connect-interface loopback0 [RT-D-bgp] peer 192.168.255.12 ebgp-max-hop 3 [RT-D]ip route-static 192.168.255.12
32
10.0.3.1
3
# Display the routing table of RT-A. RT-A# show ip bgp 100.0.0.0 BGP routing table entry for 100.0.0.0/8, version 34 Paths: (1 available, best #1, table default) Advertised to update-groups:
1
65000 10.0.255.11 from 10.0.255.11 (10.0.255.11) Origin IGP, metric 0, localpref 100, valid, external, best
You can see that RT-A advertises the routes received from RT-C to RT-D in AS65002.
# Display the routing table of RT-D [RT-D] display bgp routing-table Total Number of Routes: 1 BGP Local router ID is 172.16.255.13 Status codes: * - valid, > - best, d - damped, h - history,
i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
*>
Network
NextHop
100.0.0.0
192.168.255.12
MED
LocPrf
PrefVal Path/Ogn 0
65001
65000i
From the routing table, you can confirm that RT-D has learned a route to the destination 100.0.0.0/8 from RT-A
Step 3 Configure BGP community attributes. # Configure the routing policy on RT-C to enable RT-C to advertise routes to RT-A. As the result RT-A does not advertise the routes advertised by RT-C to any other AS. [RT-C] route-policy RT-A permit node 10 Info: New Sequence of this List !! [RT-C-route-policy] apply community no-export
# Apply routing policies. [RT-C] bgp 65000 [RT-C-bgp] ipv4-family unicast [RT-C-bgp-af-ipv4] peer 192.168.255.12 route-policy RT-A export [RT-C-bgp-af-ipv4] peer 192.168.255.12 advertise-community
4
Additional Info: It RT-C is a Cisco router than use following commands access-list 1 permit 100.0.0.0 Route-map RT-C permit 10 Match ip address 1 Set community no-export Route-map RT-C permit 20
# Apply routing policies. RT-C(config-router)#neighbor 192.168.255.12 send-community RT-C(config-router)#neighbor 192.168.255.12 route-map RT-C out
# Display the routing table of RT-A. RT-A# show ip bgp 100.0.0.0 BGP routing table entry for 100.0.0.0/8, version 40 Paths: (1 available, best #1, table default, not advertised to EBGP peer) Flag: 0x880 Not advertised to any peer 65000 10.0.255.11 from 10.0.255.11 (10.0.255.11) Origin IGP, metric 0, localpref 100, valid, external, best Community: no-export
You can see the configured community attribute in the routing table of RT-A. At this time, there are no routes to the destination 100.0.0.0/8 in the routing table of RT-D
5
Lab5- BGP Load Balancing and the MED Attribute
RT-C 1/0/4
2/4
1/0/2
RT-A
2/0/2
2/5 2/0/6
RT-D Group1- RT-A
CX600- RT-C, RT-D
Group2- RT-C
C7609-RT-A
Group3- RT-D
AS 65001
AS 65000
Summary IP-192.168.0.0/16
Summary IP-10.0.0.0/8
RT-A
RT-C
Lo- 192.168.255.12/32
Lo- 10.0.255.11/32
2/4 -192.168.1.1/30
1/0/4 -192.168.1.2/30
2/5 - 192.168.2.1/30
1/0/2 -20.0.0.1/24 RT-D Lo- 10.0.255.21/32 2/0/2 -20.0.0.2/24 2/0/6 -192.168.2.2/30
1
Configuration Roadmap The configuration roadmap is as follows: 1.
Configure the EBGP connections between RT-A and RT-C, as well as between RT-A and RT-D.
2.
Configure the IBGP connections between RT-C and RT-D
3.
Configure the load balancing on RT-A and MED value RT-C, and check the routing information.
Configuration Procedure Step 1 1.
Clear the Configuration
2.
Change the hostname or sysname
3.
Configure the IP address for each interface
Step 2 Configure BGP. # Configure RT-A. RT-A(config)#router bgp 65001 RT-A(config-router)#neighbor 10.0.255.11 remote-as 65000 RT-A(config-router)#neighbor 10.0.255.11 update-source loopback0 RT-A(config-router)#neighbor 10.0.255.11 ebgp-multihop 3 RT-A(config)#ip route 10.0.255.11
255.255.255.255
192.168.1.2
RT-A(config-router)#neighbor 10.0.255.21 remote-as 65000 RT-A(config-router)#neighbor 10.0.255.21 update-source loopback0 RT-A(config-router)#neighbor 10.0.255.21 ebgp-multihop 3 RT-A(config)#ip route 10.0.255.21
255.255.255.255
192.168.2.2
# Configure RT-C. [RT-C] bgp 65000 [RT-C-bgp] peer 192.168.255.12 as-number 65001 [RT-C-bgp] peer 192.168.255.12 connect-interface loopback0 [RT-C-bgp] peer 192.168.255.12 ebgp-max-hop 3 [RT-C]ip route-static 192.168.255.12
32
192.168.1.1
[RT-C-bgp] peer 20.0.0.2 as-number 65000 [RT-C-bgp] ipv4-family unicast [RT-C-bgp-af-ipv4] network 20.0.0.0 255.255.255.0
# Configure RT-D. [RT-D] bgp 65000 [RT-D-bgp] peer 192.168.255.12 as-number 65001 [RT-D-bgp] peer 192.168.255.12 connect-interface loopback0
2
[RT-D-bgp] peer 192.168.255.12 ebgp-max-hop 3 [RT-D]ip route-static 192.168.255.12
32
192.168.2.1
[RT-D-bgp] peer 20.0.0.1 as-number 65000 [RT-D-bgp] ipv4-family unicast [RT-D-bgp-af-ipv4] network 20.0.0.0 255.255.255.0
# Display the connection status of the BGP peers. [CX] display bgp peer Cisco# show bgp neighbor It should be established
# Display the routing table of RT-A. RT-A# show ip route bgp
Gateway of last resort is not set 20.0.0.0/30 is subnetted, 1 subnets B
20.0.0.0 [20/0] via 10.0.255.11, 00:04:00
RT-A#sh ip bgp 20.0.0.0 255.255.255.0 subnets
BGP table version is 45, local router ID is 192.168.255.12 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete
* *>
Network
Next Hop
20.0.0.0/24
10.0.255.21
Metric LocPrf Weight Path 0
0 65000 i
10.0.255.11
0
0 65000 i
As displayed in the routing table, there are two valid routes to the destination 20.0.0.0/24. The route whose next hop is 10.0.255.11 is the optimum route. This is because the Router ID of RT-C is smaller.
3
Step 3 Configure load balancing. # Configure RT-A RT-A(config)#router bgp 65001 RT-A(config-router)#address-family ipv4 RT-A(config-router-af)#maximum-paths 2
Additional info: Huawei commands [CX-A] bgp 65001 [CX-A-bgp] ipv4-family unicast [CX-A-bgp-af-ipv4] maximum load-balancing 2
# Display the routing table of RT-A RT-A# show ip route bgp Gateway of last resort is not set 20.0.0.0/24 is subnetted, 1 subnets B
20.0.0.0 [20/0] via 10.0.255.21, 00:00:17 [20/0] via 10.0.255.11, 00:00:17
As displayed in the routing table, BGP route 20.0.0.0/24 has two next hops. They are 10.0.255.11 and 10.0.255.21. Both of them are optimum routes.
4
Step 4 Configure MED attributes. # Set the default value of MED sent by RT-C to RT-A by using the policy. [RT-C] route-policy 10 permit node 10 [RT-C -route-policy] apply cost 100 [RT-C] bgp 65000 [RT-C -bgp] peer 192.168.255.12 route-policy 10 export
# Display the routing table of RT-A RT-A# show ip route bgp RT-A#sh ip bgp 20.0.0.0 255.255.255.0 subnets BGP table version is 49, local router ID is 192.168.255.12 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network
Next Hop
Metric LocPrf Weight Path
*> 20.0.0.0/24
10.0.255.21
0
0 65000 i
*
10.0.255.11
100
0 65000 i
As displayed in the routing table, the MED of the next hop 10.0.255.11 (RT-C) is 100, and that of the next hop 10.0.255.21 is 0. Therefore, the route with the smaller MED is selected.
5
Lab6- Basic MPLS Configuration
SW-C Ge 0/0/1
RT-C
1/0/6 1/0/2 2/0/2
2/2 1/1
RT-A
1/3
2/0/4
RT-B RT-D
2/3 Ge 0/1
SW-A CX600- RT-C, RT-D C7609-RT-A, RT-B C3400 – SW-A
Group1- RT-A, SW-A Group2- RT-B, RT-D Group3- RT-C, SW-C
CX200D – SW-C
Summary IP-10.0.0.0/8
RT-C
RT-A
Lo- 10.0.255.31/32
Lo- 10.0.255.11/32
1/0/2 -10.0.3.2/30
2/2 -10.0.1.1/30
1/0/6 –switchport (100.0.2.0/24)
2/3 –switchport (100.0.1.0/24)
RT-D
RT-B
Lo- 10.0.255.41/32
Lo- 10.0.255.21/32
2/0/4 -10.0.2.2/30
1/1 -10.0.1.2/30
2/0/2 -10.0.3.1/30
1/3 -10.0.2.1/30
1
Configuration Procedure Step 1 1.
Clear the Configuration
2.
Change the hostname or sysname
3.
Configure the IP address for each interface Interface loopback0 Ip address 10.0.255.11
255.255.255.255
Interface gigabitethernet 1/0/4 Ip address 10.0.1.1 255.255.255.252 No shut/undo shut Negotiation auto (on CX port, if it is connected to Cisco)
Step 2 Configure OSPF RT-A(config)# router ospf 100 RT-A(config-router)# network 10.0.255.11 RT-A(config-router)# network 10.0.0.0 RT-A(config-router)# network 100.0.1.0
0.0.0.0
area 0
0.255.255.255 0.0.0.255
area 0
area 0
RT-B(config)# router ospf 100 RT-B(config-router)# network 10.0.255.21 RT-B(config-router)# network 10.0.0.0
0.0.0.0
area 0
0.255.255.255
area 0
[RT-C]ospf 100 [RT-C-ospf-100]area 0 [RT-C-ospf-100-area-0.0.0.0]network 10.0.255.31 [RT-C-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
[RT-C-ospf-100-area-0.0.0.0]network 100.0.2.0
0.0.0.255
[RT-D]ospf 100 [RT-D-ospf-100]area 0 [RT-D-ospf-100-area-0.0.0.0]network 10.0.255.41 [RT-D-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
2
Step 3 Configure SW-A & RT-A for 100.0.1.0/24. Switch(config-if)# switchport mode trunk Switch(config-if)#switchport trunk allow vlan all Switch(config-if)#no shut Switch(config)# vlan 100 Switch(config)# interface vlan 100 Switch(config-if)#ip address 100.0.1.2
255.255.255.0
Switch(config-if)#no shut Switch(config)#ip default-gateway
100.0.1.1
RT-A(config-if)#switchport RT-A(config-if)#switchport trunk encaspulation dot1q RT-A(config-if)#switchport mode trunk RT-A(config-if)#switchport trunk allow vlan all RT-A(config-if)#no shut RT-A(config)#vlan 100 RT-A(config)#interface vlan 100 RT-A(config-if)#ip address 100.0.1.1
255.255.255.0
RT-A(config-if)#no shut
Step 4 Configure SW-C & RT-C for 100.0.2.0/24. [SW-C-gigabitethernet0/0/1]port link-type trunk [SW-C-gigabitethernet0/0/1]port trunk allow-pass vlan all [SW-C-gigabitethernet0/0/1]bpdu enable [SW-C-gigabitethernet0/0/1]undo shut [SW-C ]vlan 100 [SW-C ]interface vlan 100 [SW-C-vlanif100]ip address 100.0.2.2
255.255.255.0
[SW-C-vlanif100]undo shut [SW-C]ip route-static 0.0.0.0
0
vlanif 100
[RT-C-GigabitEthernet1/0/6]portswitch [RT-C-GigabitEthernet1/0/6]port link-type trunk [RT-C-GigabitEthernet1/0/6]port trunk allow-pass vlan all [RT-C-GigabitEthernet1/0/6]undo shut [RT-C]vlan 100 [RT-C]interface Vlanif 100 [RT-C-Vlan127]ip address 100.0.2.1
255.255.255.0
3
Step 5 Configure MPLS z
Configure RTA: RT-A(config)#mpls ip RT-A(config)#mpls ldp router-id Loopback0 force RT-A(config-if)#mpls ip RT-A(config-if)#mpls lable protocol ldp
z
Configure RTB: RT-B(config)#mpls ip RT-B(config)#mpls ldp router-id Loopback0 force RT-B(config-if)#mpls ip RT-B(config-if)#mpls lable protocol ldp RT-B(config-if)#mpls ip RT-B(config-if)#mpls lable protocol ldp
z
Configure RTC: [RT-C]mpls lsr-id 10.0.255.31 [RT-C]mpls [RT-C-mpls]lsp-trigger all [RT-C]mpls ldp [RT-C-gigabitethernet1/0/2]mpls [RT-C-gigabitethernet1/0/2]mpls ldp
z
Configure RTD: [RT-D]mpls lsr-id 10.0.255.41 [RT-D]mpls [RT-D-mpls]lsp-trigger all [RT-D]mpls ldp [RT-D-gigabitethernet2/0/2]mpls [RT-D-gigabitethernet2/0/2]mpls ldp [RT-D-gigabitethernet2/0/4]mpls [RT-D-gigabitethernet2/0/4]mpls ldp
4
Check: 1)
View the interface on which the LDP runs: RT-B>show mpls interfaces Interface
IP
Tunnel
BGP
GigabitEthernet1/1
Yes (ldp)
No
No
No
GigabitEthernet1/3
Yes (ldp)
No
No
No
Static Operational Yes Yes
[RT-D]display mpls ldp interface LDP Interface Information in Public Network -----------------------------------------------------------------------------IF-Name
Status
LAM
Transport-Address
Hello-Sent/Rcv
-----------------------------------------------------------------------------GE2/0/2
Active
DU
10.0.255.41
316/314
GE2/0/4
Active
DU
10.0.255.41
312/354
-----------------------------------------------------------------------------LAM: Label Advertisement Mode
2)
IF-Name: Interface name
View the established LDP Session:
RT-B>show mpls ldp neighbor Peer LDP Ident: 10.0.255.11:0; Local LDP Ident 10.0.255.21:0 TCP connection: 10.0.255.11.646 - 10.0.255.21.11000 State: Oper; Msgs sent/rcvd: 84/82; Downstream Up time: 01:02:42 LDP discovery sources: GigabitEthernet1/1, Src IP addr: 10.0.1.1 Addresses bound to peer LDP Ident: 100.0.1.1
10.0.255.11
10.0.1.1
Peer LDP Ident: 10.0.255.41:0; Local LDP Ident 10.0.255.21:0 TCP connection: 10.0.255.41.52580 - 10.0.255.21.646 State: Oper; Msgs sent/rcvd: 153/129; Downstream Up time: 00:30:44 LDP discovery sources: GigabitEthernet1/3, Src IP addr: 10.0.2.2 Addresses bound to peer LDP Ident: 10.0.3.1
10.0.2.2
10.0.255.41
5
[RT-D]display mpls ldp peer LDP Peer Information in Public network -----------------------------------------------------------------------------Peer-ID
Transport-Address
Discovery-Source
-----------------------------------------------------------------------------10.0.255.31:0
10.0.255.31
GigabitEthernet2/0/2
10.0.255.21:0
10.0.255.21
GigabitEthernet2/0/4
-----------------------------------------------------------------------------TOTAL: 2 Peer(s) Found.
3)
Take FEC:100.0.2.0/24 for example to view the label switching in the whole forwarding process: View the MPLS LSP of RT-A: RT-A#show mpls forwarding-table
Local
Outgoing
Prefix
Bytes Label
Outgoing
Label
Label or VC
or Tunnel Id
Switched
interface
16
Pop Label
10.0.255.21/32
0
Gi2/2
10.0.1.2
17
Pop Label
10.0.2.0/30
0
Gi2/2
10.0.1.2
18
18
19
19
10.0.255.41/32
0
Gi2/2
10.0.1.2
20
20
10.0.255.31/32
0
Gi2/2
10.0.1.2
21
21
100.0.2.0/24
0
Gi2/2
10.0.1.2
10.0.3.0/30
0
Gi2/2
Next Hop
10.0.1.2
On RT-A, the outbound label to 100.0.2.0/24 is 21. View the MPLS LSP of RT-B:
6
RT-B#show mpls forwarding-table
Local
Outgoing
Prefix
Label
Label or VC
or Tunnel Id
16
Pop Label
10.0.255.11/32
17
Pop Label
100.0.1.0/24
18
Pop Label
19
Bytes Label Switched 0
Outgoing
Next Hop
interface Gi1/1
10.0.1.1
0
Gi1/1
10.0.1.1
10.0.3.0/30
0
Gi1/3
10.0.2.2
Pop Label
10.0.255.41/32
0
Gi1/3
10.0.2.2
20
1029
10.0.255.31/32
0
Gi1/3
10.0.2.2
21
1028
100.0.2.0/24
0
Gi1/3
10.0.2.2
On RT-B, inbound labels being 21 are switched to 1028. On RT-D, view the MPLS LSP:
[RT-D]display mpls lsp ------------------------------------------------------------------------------LSP Information: LDP LSP ------------------------------------------------------------------------------FEC
In/Out Label
In/Out IF
10.0.2.0/30
3/NULL
-/-
10.0.255.41/32
3/NULL
-/-
100.0.2.0/24
NULL/3
-/GE2/0/2
10.0.255.31/32
NULL/3
-/GE2/0/2
10.0.255.31/32
1029/3
-/GE2/0/2
100.0.2.0/24
1028/3
-/GE2/0/2
10.0.1.0/30
1024/3
-/GE2/0/4
10.0.1.0/30
NULL/3
-/GE2/0/4
10.0.255.11/32
1026/16
-/GE2/0/4
10.0.255.11/32
NULL/16
-/GE2/0/4
10.0.255.21/32
1027/3
-/GE2/0/4
10.0.255.21/32
NULL/3
-/GE2/0/4
100.0.1.0/24
1025/17
-/GE2/0/4
100.0.1.0/24
NULL/17
-/GE2/0/4
7
Vrf Name
10.0.3.0/30
3/NULL
-/-
Outbound label of the packet with inbound label 1028 is 3. It indicates that RT-D is the penultimate hop and thus needs to pop off the label and send the IP data packet to the last hop, RT-C, directly.
[RT-C]display mpls lsp ------------------------------------------------------------------------------LSP Information: LDP LSP ------------------------------------------------------------------------------FEC
In/Out Label
In/Out IF
10.0.2.0/30
NULL/3
-/GE1/0/2
10.0.255.41/32
NULL/3
-/GE1/0/2
10.0.1.0/30
NULL/1024
-/GE1/0/2
100.0.1.0/24
NULL/1025
-/GE1/0/2
10.0.255.11/32
NULL/1026
-/GE1/0/2
10.0.255.21/32
NULL/1027
-/GE1/0/2
100.0.2.0/24
3/NULL
-/-
10.0.255.31/32
3/NULL
-/-
Vrf Name
Labels allocated by RT-C to RT-D are specially 3, which indicates that RT-C is the last hop. The MPLS LSP forwarding process for other FECs is similar.
8
Lab7 - L3 VPN (Switchport is assigned to customer)
SW-C
Ge 0/0/9
Ge 0/0/1
PC-C
RT-C
1/0/6 1/0/2 2/0/2
2/2 1/1
RT-A
1/3 RT-B
RT-D
2/3
Ge 0/9
2/0/4
Ge 0/1 SW-A
CX600- RT-C, RT-D C7609-RT-A, RT-B PC-A
C3400 – SW-A
Group1- RT-B, RT-D Group2- RT-A, SW-A Group3- RT-C, SW-C
CX200D – SW-C
As65000
RT-C
Summary IP-10.0.0.0/8
Lo- 10.0.255.31/32
RT-A
1/0/2 -10.0.3.2/30
Lo- 10.0.255.11/32
1/0/6 –switchport (100.0.2.0/24)
2/2 -10.0.1.1/30
RT-D
2/3 –switchport (100.0.1.0/24)
Lo- 10.0.255.41/32
RT-B
2/0/4 -10.0.2.2/30
Lo- 10.0.255.21/32
2/0/2 -10.0.3.1/30
1/1 -10.0.1.2/30 1/3 -10.0.2.1/30
1
Configuration Roadmap The configuration roadmap is as follows: 1.
Configure OSPF between PEs to implement interworking.
2.
Configure the basic MPLS functions and MPLS LDP
3.
Configure the VPN instance on the PE connected with the CE in the backbone network, bind the PE interface connected with the CE to the corresponding VPN instance, and then reconfigure the IP address for the PE interface connected with the CE.
4.
Configure MP IBGP to exchange the VPN routing information between the PEs.
5.
Configure CEs and PEs to exchange VPN routes by using direct connection, static routes, OSPF, or EBGP.
RD= PE loopback IP: 1 RT=100:1 (every site can talk to any other site)
1. 2. 3. 4. 5. 6. 7. 8.
Configure IP address Enable OSPF Enable MPLS Enable LDP Create VRF + RD + RT Bind interface to VRF iBGP between PE Redistribute static into BGP
2
Configuration Procedure Step 1 1.
Clear the Configuration
2.
Change the hostname or sysname
3.
Configure the IP address for each interface Interface loopback0 Ip address 10.0.255.11
255.255.255.255
Interface gigabitethernet 1/0/4 Ip address 10.0.1.1 255.255.255.252 No shut/undo shut Negotiation auto (on CX port, if it is connected to Cisco) Step 2 Configure OSPF in MPLS Backbone RT-A(config)# router ospf 100 RT-A(config-router)# network 10.0.255.11 RT-A(config-router)# network 10.0.0.0
0.0.0.0
area 0
0.255.255.255
area 0
RT-B(config)# router ospf 100 RT-B(config-router)# network 10.0.255.21 RT-B(config-router)# network 10.0.0.0
0.0.0.0
area 0
0.255.255.255
area 0
[RT-D]ospf 100 [RT-D-ospf-100]area 0 [RT-D-ospf-100-area-0.0.0.0]network 10.0.255.41 [RT-D-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
[RT-C]ospf 100 [RT-C-ospf-100]area 0 [RT-C-ospf-100-area-0.0.0.0]network 10.0.255.31 [RT-C-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
3
After the configuration, the OSPF neighbor relationship should be established between RT-A, RT-B, RT-D and RT-C. After running the show ip ospf neighbor & display ospf peer command, you can find that the OSPF neighbor relationship is in Full state. Run the show ip routing-table & display ip routing-table command on the PE (RT-A, RT-C), and you can view the Loopback0 routes imported from the peer. RT-A# show ip ospf neighbor [RT-C] display ospf peer RT-A# show ip routing-table [RT-C] display ip routing-table
Step 3 Configure basic MPLS functions and MPLS LDP on the MPLS backbone network to setup LDP LSP.
z
Configure RTA: RT-A(config)#mpls ip RT-A(config)#mpls ldp router-id Loopback0 force RT-A(config-if)#mpls ip RT-A(config-if)#mpls label protocol ldp
z
Configure RTB: RT-B(config)#mpls ip RT-B(config)#mpls ldp router-id Loopback0 force RT-B(config-if)#mpls ip RT-B(config-if)#mpls label protocol ldp RT-B(config-if)#mpls ip RT-B(config-if)#mpls label protocol ldp
z
Configure RTD: [RT-D]mpls lsr-id 10.0.255.41 [RT-D]mpls [RT-D-mpls]lsp-trigger all [RT-D]mpls ldp [RT-D-gigabitethernet2/0/2]mpls [RT-D-gigabitethernet2/0/2]mpls ldp [RT-D-gigabitethernet2/0/4]mpls [RT-D-gigabitethernet2/0/4]mpls ldp
4
z
Configure RTC: [RT-C]mpls lsr-id 10.0.255.31 [RT-C]mpls [RT-C-mpls]lsp-trigger all [RT-C]mpls ldp [RT-C-gigabitethernet1/0/2]mpls [RT-C-gigabitethernet1/0/2]mpls ldp
After the configuration, LDP sessions are set up between RT-A, RT-B, RT-D and RT-C. After running following commands on the devices, you can find the status of the session is "Operational" in the display result. Run the display mpls ldp lsp command, and view the state of the LDP LSP. RT-A>show mpls ldp neighbor [RT-C] display mpls ldp session [RT-C]display mpls ldp peer
RT-A#show mpls forwarding-table [RT-C] display mpls ldp lsp [RT-C]display mpls lsp
Step 4 Configure SW-A & RT-A for 100.0.1.0/24. RT-A(config-if)#switchport RT-A(config-if)#switchport trunk encaspulation dot1q RT-A(config-if)#switchport mode trunk RT-A(config-if)#switchport trunk allowed vlan all RT-A(config-if)#no shut RT-A(config)#vlan 100 SW-A(config-if)# switchport mode trunk SW-A(config-if)#switchport trunk allow vlan all SW-A(config-if)#no shut SW-A(config)# vlan 100 SW-A(config)# interface fastEthernet 0/9 SW-A(config-if)#switchport access vlan 100 SW-A(config-if)#port-type nni SW-A(config-if)#no shut
5
PC-A:- On the second interface card give following IP IP- 100.0.1.2 Mask-255.255.255.0 Gateway-100.0.1.1 On Command prompt add folowing route Route add 100.0.2.0 mask 255.255.255.0 100.0.1.1 metric 1
Step 5 Configure SW-C & RT-C for 100.0.2.0/24. [RT-C-GigabitEthernet1/0/6]portswitch [RT-C-GigabitEthernet1/0/6]port link-type trunk [RT-C-GigabitEthernet1/0/6]port trunk allow-pass vlan all [RT-C-GigabitEthernet1/0/6]undo shut [RT-C]vlan 100 [SW-C-gigabitethernet0/0/1]port link-type trunk [SW-C-gigabitethernet0/0/1]port trunk allow-pass vlan all [SW-C-gigabitethernet0/0/1]bpdu enable [SW-C-gigabitethernet0/0/1]undo shut [SW-C ]vlan 100 [SW-C ]interface Ethernet 0/0/9 [SW-C-ethernet0/0/9]port link-type access [SW-C-ethernet0/0/9]port default vlan 100 [SW-C-ethernet0/0/9]undo shut PC-C:- On the second interface card give following IP IP- 100.0.2.2 Mask-255.255.255.0 Gateway-100.0.2.1 On Command prompt add folowing route Route add 100.0.1.0 mask 255.255.255.0 100.0.2.1 metric 1
Step 6 Configure VPN instances on PEs (RT-A & RT-C) and bind the instance to the interfaces of CEs.
# Configure RT-A (PE1). RT-A(config)# ip vrf vpna RT-A(config-vrf)# rd 100: 1 RT-A(config-vrf)# route-target export 111:1 RT-A(config-vrf)# route-target import 111:1 RT-A(config)# interface vlan 100 RT-A(config-if)# ip vrf forwarding vpna RT-A(config-if)# ip address 100.0.1.1 255.255.255.0 RT-A(config-if)#no shut
6
# Configure RT-C (PE2). [RT-C] ip vpn-instance vpna [RT-C-vpn-instance-vpna] route-distinguisher 200:1 [Rt-C-vpn-instance-vpna] vpn-target 111:1 both [RT-C] interface vlanif 100 [RT-C-vlanif100] ip binding vpn-instance vpna [RT-C-vlanif100]ip address 100.0.2.1 24 [RT-C-vlanif100]undo shut
After the configuration, view the configuration of VPN instances by running following commands on the PEs. The PE can ping through its own CE. RT-A# show ip vrf RT-A#show ip route vrf vpna [RT-C] display ip vpn-instance [RT-C] display ip vpn-instance verbose [RT-C] display ip routing-table vpn-instance vpna RT-A# ping vrf vpna 100.0.1.1 RT-A# ping vrf vpna 100.0.1.2 [RT-C] ping -vpn-instance vpna 100.0.2.1 [RT-C] ping -vpn-instance vpna 100.0.2.2
Step 7 Establish MP-IBGP peering between the PEs (RT-A & RT-C). # Configure RT-A. RT-A(config)#router bgp 65000 RT-A(config-router)# neighbor 10.0.255.31 remote-as 65000 RT-A(config-router)# neighbor 10.0.255.31 update-source loopback0 RT-A(config-router)# address-family vpnv4 RT-A(config-router-af)# neighbor 10.0.255.31 activate RT-A(config-router)# address-family ipv4 vrf vpna RT-A(config-router-af)# redistributed connected
# Configure RT-C. [RT-C] bgp 65000 [RT-C-bgp] peer 10.0.255.11 as-number 65000 [RT-C-bgp] peer 10.0.255.11 connect-interface loopback 0 [RT-C-bgp] ipv4-family vpnv4 [RT-C-bgp-af-vpnv4] peer 10.0.255.11 enable
7
[RT-C-bgp] ipv4-family vpn-instance vpna [RT-C-bgp-vpna] import-route direct
After the configuration, you can find that the BGP peer relationship has been set up between PE1 and PE2 by running the following commands
RT-A#sh bgp neig
BGP neighbor is 10.0.255.31, remote AS 65000, internal link BGP version 4, remote router ID 10.0.255.31 BGP state = Established, up for 00:27:17 Last read 00:00:47, last write 00:00:32, hold time is 180, keepalive interval is 60 seconds Neighbor sessions: 1 active, is not multisession capable Neighbor capabilities: Route refresh: advertised and received(new) Address family IPv4 Unicast: advertised and received Address family VPNv4 Unicast: advertised and received Message statistics: InQ depth is 0 OutQ depth is 0 Sent Opens:
Rcvd 1
Notifications:
1 0
0
Updates:
2
Keepalives:
28
Route Refresh: Total:
1 32
0 31
0 34
Default minimum time between advertisement runs is 0 seconds
8
RT-A#show bgp vpnv4 unicast vrf vpna
BGP table version is 5, local router ID is 10.0.255.11 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf vpna) *> 100.0.1.0/24
0.0.0.0
0
*>i100.0.2.0/24
10.0.255.31
32768 ? 0
100
0?
[RT-C]display bgp peer
BGP local router ID : 10.0.255.31 Local AS number : 65000 Total number of peers : 1
Peer
10.0.255.11
Peers in established state : 1
V AS MsgRcvd MsgSent OutQ Up/Down
4 65000
42
52
State PrefRcv
0 00:15:53 Established
0
[RT-C]display bgp vpnv4 all peer
BGP local router ID : 10.0.255.31 Local AS number : 65000 Total number of peers : 1
Peer
10.0.255.11
Peers in established state : 1
V AS MsgRcvd MsgSent OutQ Up/Down
4 65000
42
53
State PrefRcv
0 00:16:20 Established 9
1
Check:
Find the route to peer CEs(PC-A & PC-C).
RT-A# show ip route vrf vpna
Routing Table: vpna Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
100.0.0.0/8 is variably subnetted, 3 subnets, 2 masks C
100.0.1.0/24 is directly connected, Vlan100
L
100.0.1.1/32 is directly connected, Vlan100
B
100.0.2.0/24 [200/0] via 10.0.255.31, 00:32:38
[RT-C]display ip routing-table vpn-instance vpna
Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpna Destinations : 7
Destination/Mask
Routes : 7
Proto Pre Cost
Flags NextHop 10
Interface
100.0.1.0/24 BGP 255 0
RD 10.0.255.11
GigabitEthernet1/0/2
100.0.2.0/24 Direct 0 0
D 100.0.2.1
Vlanif100
100.0.2.1/32 Direct 0 0
D 127.0.0.1
InLoopBack0
100.0.2.2/32 Direct 0 0
D 100.0.2.2
Vlanif100
100.0.2.3/32 Direct 0 0
D 100.0.2.3
Vlanif100
100.0.2.255/32 Direct 0
0
255.255.255.255/32 Direct 0
D 127.0.0.1 0
D 127.0.0.1
InLoopBack0 InLoopBack0
The CEs (PC-A & PC-C) in the same VPN can ping through each other PC-A> ping 100.0.2.2 PC-C> ping 100.0.1.2
You can also ping from PEs VRF
RT-A#ping vrf vpna 100.0.2.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 100.0.2.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
RT-A#ping vrf vpna 100.0.2.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 100.0.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
[RT-C]ping -vpn-instance vpna 100.0.1.1 11
PING 100.0.1.1: 56 data bytes, press CTRL_C to break Reply from 100.0.1.1: bytes=56 Sequence=1 ttl=253 time=1 ms Reply from 100.0.1.1: bytes=56 Sequence=2 ttl=253 time=1 ms Reply from 100.0.1.1: bytes=56 Sequence=3 ttl=253 time=1 ms Reply from 100.0.1.1: bytes=56 Sequence=4 ttl=253 time=1 ms Reply from 100.0.1.1: bytes=56 Sequence=5 ttl=253 time=1 ms
--- 100.0.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms
[RT-C]ping -vpn-instance vpna 100.0.1.2
PING 100.0.1.2: 56 data bytes, press CTRL_C to break Reply from 100.0.1.2: bytes=56 Sequence=1 ttl=125 time=1 ms Reply from 100.0.1.2: bytes=56 Sequence=2 ttl=125 time=1 ms Reply from 100.0.1.2: bytes=56 Sequence=3 ttl=125 time=1 ms Reply from 100.0.1.2: bytes=56 Sequence=4 ttl=125 time=1 ms Reply from 100.0.1.2: bytes=56 Sequence=5 ttl=125 time=1 ms
--- 100.0.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms
12
1)
View the interface on which the LDP runs:
RT-A#show mpls interfaces
Interface
IP
GigabitEthernet2/2
Tunnel BGP Static Operational Yes (ldp)
No
No No
Yes
[RT-C]display mpls ldp interface
LDP Interface Information in Public Network -----------------------------------------------------------------------------IF-Name
Status
LAM Transport-Address Hello-Sent/Rcv
-----------------------------------------------------------------------------GE1/0/2
Active
DU 10.0.255.31
16551/16529
-----------------------------------------------------------------------------LAM: Label Advertisement Mode
2)
IF-Name: Interface name
View the established LDP Session:
RT-A#show mpls ldp neighbor
Peer LDP Ident: 10.0.255.21:0; Local LDP Ident 10.0.255.11:0 TCP connection: 10.0.255.21.11000 - 10.0.255.11.646 State: Oper; Msgs sent/rcvd: 1615/1610; Downstream Up time: 23:18:53 LDP discovery sources: GigabitEthernet2/2, Src IP addr: 10.0.1.2 Addresses bound to peer LDP Ident: 10.0.1.2
10.0.2.1
10.0.255.21
13
[RT-C]display mpls ldp peer
LDP Peer Information in Public network -----------------------------------------------------------------------------Peer-ID
Transport-Address Discovery-Source
-----------------------------------------------------------------------------10.0.255.41:0
10.0.255.41
GigabitEthernet1/0/2
-----------------------------------------------------------------------------TOTAL: 1 Peer(s) Found.
3)
To view the label switching in the whole forwarding process: View the MPLS LSP of RT-A:
RT-A#show mpls forwarding-table
Local Outgoing
Prefix
Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id 10.0.2.0/30
Switched
16
Pop Label
17
16
18
Pop Label
19
18
10.0.255.31/32 0
Gi2/2
10.0.1.2
20
19
10.0.255.41/32 0
Gi2/2
10.0.1.2
21
Pop Label
10.0.3.0/30
0
interface
Gi2/2
0
Gi2/2
10.0.255.21/32 0
IPv4 VRF[V]
10.0.1.2 10.0.1.2
Gi2/2
1420
10.0.1.2
aggregate/vpna
On RT-A, the outbound label to PE2 is 18. View the MPLS LSP of RT-B:
14
RT-B#sh mpls forwarding-table
Local Outgoing
Prefix
Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id 16
Pop Label
10.0.3.0/30
17
Pop Label
10.0.255.11/32
18
1027
19
Pop Label
Switched 490
10.0.255.31/32
Gi1/3
464681
10.0.2.2
Gi1/1
486060
10.0.255.41/32 0
interface
Gi1/3 Gi1/3
10.0.1.1 10.0.2.2 10.0.2.2
On RT-B, inbound label being 18 are switched to 1027. On RT-D, view the MPLS LSP:
[RT-D]display mpls lsp ------------------------------------------------------------------------------LSP Information: LDP LSP ------------------------------------------------------------------------------FEC
In/Out Label In/Out IF
10.0.255.41/32 10.0.2.0/30
3/NULL 3/NULL
10.0.255.31/32
NULL/3
10.0.255.31/32
1027/3
10.0.1.0/30
1024/3
10.0.1.0/30
NULL/3
10.0.255.11/32
1026/17
10.0.255.11/32
NULL/17
10.0.255.21/32
1025/3
10.0.255.21/32
NULL/3
10.0.3.0/30
3/NULL
Vrf Name
-/-/-/GE2/0/2 -/GE2/0/2 -/GE2/0/4 -/GE2/0/4 -/GE2/0/4 -/GE2/0/4 -/GE2/0/4 -/GE2/0/4 -/-
Outbound label of the packet with inbound label 1027 is 3. It indicates that RT-D is the penultimate hop and thus needs to pop off the label
15
[RT-C]display mpls lsp ------------------------------------------------------------------------------LSP Information: BGP LSP ------------------------------------------------------------------------------FEC
In/Out Label
100.0.2.0/24
In/Out IF
115712/NULL
Vrf Name
-/-
vpna
------------------------------------------------------------------------------LSP Information: LDP LSP ------------------------------------------------------------------------------FEC
In/Out Label In/Out IF
10.0.255.31/32
3/NULL
-/-
10.0.255.41/32
NULL/3
-/GE1/0/2
10.0.2.0/30
NULL/3
10.0.1.0/30
NULL/1024
Vrf Name
-/GE1/0/2 -/GE1/0/2
10.0.255.21/32
NULL/1025
-/GE1/0/2
10.0.255.11/32
NULL/1026
-/GE1/0/2
Labels allocated by RT-C to RT-D are specially 3, which indicates that RT-C is the last hop. The MPLS LSP forwarding process for other FECs is similar.
16
Lab 8- L3 VPN (Router port is given to customer) RT-E
1/0/4
1/0/8 RT-C 1/0/2 2/0/2
2/2 1/1
RT-A
1/3
2/0/4
RT-B RT-D
2/1
1/1 Group1- RT-A, RT-F Group2- RT-B, RT-D
RT-F CX600- RT-C, RT-D, RT-E
Group3- RT-C, RT-E
C7609-RT-A, RT-B, RT-F
RT-A
RT-C
RT-E
Lo- 10.0.255.11/32
Lo- 10.0.255.31/32
Lo- 100.0.255.1/32
2/2 -10.0.1.1/30
1/0/2 -10.0.3.2/30
1/0/4 –100.0.2.2/24
2/1 –100.0.1.1/24
1/0/8 –100.0.2.1/24
RT-F
RT-B
RT-D
Lo- 100.0.255.2/32
Lo- 10.0.255.21/32
Lo- 10.0.255.41/32
1/1 -100.0.1.2/24
1/1 -10.0.1.2/30
2/0/4 -10.0.2.2/30
1/3 -10.0.2.1/30
2/0/2 -10.0.3.1/30
1
Configuration Roadmap RD= PE loopback IP: 1 RT=100:1 (every site can talk to any other site)
1. 2. 3. 4. 5. 6. 7. 8.
Configure IP address Enable OSPF Enable MPLS Enable LDP Create VRF + RD + RT Bind interface to VRF iBGP between PE Redistribute connected into BGP
Configuration Procedure Step 1 1.
Clear the Configuration
2.
Change the hostname or sysname
3.
Configure the IP address for each interface Interface loopback0 Ip address 10.0.255.11
255.255.255.255
Interface gigabitethernet 1/0/4 Ip address 10.0.1.1 255.255.255.252 No shut/undo shut Negotiation auto (on CX port, if it is connected to Cisco) Step 2 Configure OSPF in MPLS Backbone RT-A(config)# router ospf 100 RT-A(config-router)# network 10.0.255.11 RT-A(config-router)# network 10.0.0.0
0.0.0.0
area 0
0.255.255.255
area 0
RT-B(config)# router ospf 100 RT-B(config-router)# network 10.0.255.21 RT-B(config-router)# network 10.0.0.0
0.0.0.0
area 0
0.255.255.255
2
area 0
[RT-D]ospf 100 [RT-D-ospf-100]area 0 [RT-D-ospf-100-area-0.0.0.0]network 10.0.255.41 [RT-D-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
[RT-C]ospf 100 [RT-C-ospf-100]area 0 [RT-C-ospf-100-area-0.0.0.0]network 10.0.255.31 [RT-C-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
After the configuration, the OSPF neighbor relationship should be established between RT-A, RT-B, RT-D and RT-C. After running the show ip ospf neighbor & display ospf peer command, you can find that the OSPF neighbor relationship is in Full state. Run the show ip routing-table & display ip routing-table command on the PE (RT-A, RT-C), and you can view the Loopback0 routes imported from the peer. RT-A# show ip ospf neighbor [RT-C] display ospf peer RT-A# show ip routing-table [RT-C] display ip routing-table
Step 3 Configure basic MPLS functions and MPLS LDP on the MPLS backbone network to setup LDP LSP. z
Configure RTA: RT-A(config)#mpls ip RT-A(config)#mpls ldp router-id Loopback0 force RT-A(config-if)#mpls ip RT-A(config-if)#mpls label protocol ldp
z
Configure RTB: RT-B(config)#mpls ip RT-B(config)#mpls ldp router-id Loopback0 force RT-B(config-if)#mpls ip RT-B(config-if)#mpls label protocol ldp RT-B(config-if)#mpls ip RT-B(config-if)#mpls label protocol ldp
z
Configure RTD: [RT-D]mpls lsr-id 10.0.255.41 [RT-D]mpls [RT-D-mpls]lsp-trigger all [RT-D]mpls ldp [RT-D-gigabitethernet2/0/2]mpls
3
[RT-D-gigabitethernet2/0/2]mpls ldp [RT-D-gigabitethernet2/0/4]mpls [RT-D-gigabitethernet2/0/4]mpls ldp
z
Configure RTC: [RT-C]mpls lsr-id 10.0.255.31 [RT-C]mpls [RT-C-mpls]lsp-trigger all [RT-C]mpls ldp [RT-C-gigabitethernet1/0/2]mpls [RT-C-gigabitethernet1/0/2]mpls ldp
After the configuration, LDP sessions are set up between RT-A, RT-B, RT-D and RT-C. After running following commands on the devices, you can find the status of the session is "Operational" in the display result. Run the display mpls ldp lsp command, and view the state of the LDP LSP. RT-A>show mpls ldp neighbor [RT-C] display mpls ldp session [RT-C]display mpls ldp peer
RT-A#show mpls forwarding-table [RT-C] display mpls ldp lsp [RT-C]display mpls lsp
Step 4 Configure VPN instances on PEs (RT-A & RT-C) and bind the instance to the interfaces of CEs. # Configure RT-A (PE1). RT-A(config)# ip vrf vpnb RT-A(config)# rd 100: 2 RT-A(config)# # route-target export 222:2 RT-A(config)# # route-target import 222:2 RT-A(config)# interface gigabitethernet 2/1 RT-A(config-if)# ip vrf forwarding vpnb RT-A(config-if)# ip address 100.0.1.1 255.255.255.0 RT-A(config-if)#no shut
# Configure RT-C (PE2). [RT-C] ip vpn-instance vpnb [RT-C-vpn-instance-vpna] route-distinguisher 200:2 [Rt-C-vpn-instance-vpna] vpn-target 222:2 both [RT-C] interface gigabitethernet 1/0/8 [RT-C-GigabitEthernet1/0/8] ip binding vpn-instance vpnb [RT-C- GigabitEthernet1/0/8]ip address 100.0.2.1 24 [RT-C- GigabitEthernet1/0/8]undo shut
4
Step 5 Configure a routing protocol between the PE and the CE, and import routes to the VPN routing table.
# Configure RT-E. [RT-E] bgp 65400 [RT-E-bgp] peer 100.0.2.1 as-number 65000 [RT-E-bgp] peer 100.0.2.1 ebgp-max-hop 2 [RT-E-bgp] import-route direct
# Configure RT-C. [RT-C] bgp 65000 [RT-C-bgp] ipv4-family vpn-instance vpnb [RT-C-bgp-vpnb] peer 100.0.2.2 as-number 65400 [RT-C-bgp-vpnb] peer 100.0.2.2 ebgp-max-hop 2
# Configure RT-F. RT-F(config)# ip route 0.0.0.0 0.0.0.0 100.0.1.1
After the configuration, view the configuration of VPN instances by running following commands on the PEs. The PE can ping through its own CE. RT-A# show ip vrf RT-A#show ip route vrf vpnb [RT-C] display ip vpn-instance [RT-C] display ip vpn-instance verbose [RT-C] display ip routing-table vpn-instance vpnb RT-A# ping vrf vpnb 100.0.1.1 RT-A# ping vrf vpnb 100.0.1.2 [RT-C] ping -vpn-instance vpnb 100.0.2.1 [RT-C] ping -vpn-instance vpnb 100.0.2.2
Step 6 Establish MP-IBGP peers between the PEs (RT-A & RT-C). # Configure RT-A. RT-A(config)#router bgp 65000 RT-A(config-router)# neighbor 10.0.255.31 remote-as 65000 RT-A(config-router)# neighbor 10.0.255.31 update-source loopback0 RT-A(config-router)# address-family vpnv4 RT-A(config-router-af)# neighbor 10.0.255.31 activate RT-A(config-router)# address-family ipv4 vrf vpnb
5
RT-A(config-router-af)# redistributed connected
# Configure RT-C. [RT-C] bgp 65000 [RT-C-bgp] peer 10.0.255.11 as-number 65000 [RT-C-bgp] peer 10.0.255.11 connect-interface loopback 0 [RT-C-bgp] ipv4-family vpnv4 [RT-C-bgp-af-vpnv4] peer 10.0.255.11 enable [RT-C-bgp] ipv4-family vpn-instance vpnb [RT-C-bgp-vpna] import-route direct
After the configuration, you can find that the BGP peer relationship has been set up between PE1 and PE2 by running the following commands
RT-A#sh bgp nei
BGP neighbor is 10.0.255.31, remote AS 65000, internal link BGP version 4, remote router ID 10.0.255.31 BGP state = Established, up for 05:11:47 Last read 00:00:51, last write 00:00:05, hold time is 180, keepalive interval is 60 seconds Neighbor sessions: 1 active, is not multisession capable Neighbor capabilities: Route refresh: advertised and received(new) Address family IPv4 Unicast: advertised and received Address family VPNv4 Unicast: advertised and received Message statistics: InQ depth is 0 OutQ depth is 0 Sent Opens: Notifications:
Rcvd 1
1 0
Updates:
5
Keepalives:
309
0 9 354 6
Route Refresh: Total:
2 317
1 365
Default minimum time between advertisement runs is 0 seconds
RT-A#show bgp vpnv4 unicast vrf vpnb
BGP table version is 11, local router ID is 10.0.255.11 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
Route Distinguisher: 100:2 (default for vrf vpnb) *> 100.0.1.0/24
0.0.0.0
0
*>i100.0.2.0/24
10.0.255.31
32768 ? 0
*>i100.0.255.1/32 10.0.255.31
0
100 100
0? 0 65400 ?
[RT-C]display bgp peer
BGP local router ID : 10.0.255.31 Local AS number : 65000 Total number of peers : 1
Peer
10.0.255.11
Peers in established state : 1
V AS MsgRcvd MsgSent OutQ Up/Down
4 65000
342
401
State PrefRcv
0 05:15:31 Established
[RT-C]display bgp vpnv4 all peer
BGP local router ID : 10.0.255.31 Local AS number : 65000 Total number of peers : 2
Peers in established state : 2
7
0
Peer
V AS MsgRcvd MsgSent OutQ Up/Down
10.0.255.11
4 65000
343
401
State PrefRcv
0 05:16:00 Established
2
Peer of vpn instance :
vpn instance vpnb : 100.0.2.2
4 65400
42
50
0 00:36:42 Established
2
Check:
Find the route to peer CEs (RT-F & RT-E).
RT-A#show ip route vrf vpnb
Routing Table: vpnb Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
100.0.0.0/8 is variably subnetted, 4 subnets, 2 masks C
100.0.1.0/24 is directly connected, GigabitEthernet2/1
L
100.0.1.1/32 is directly connected, GigabitEthernet2/1
B
100.0.2.0/24 [200/0] via 10.0.255.31, 00:30:56
B
100.0.255.1/32 [200/0] via 10.0.255.31, 00:30:56 8
[RT-C]display ip routing-table vpn-instance vpnb
Route Flags: R - relay, D - download to fib -----------------------------------------------------------------------------Routing Tables: vpnb Destinations : 6
Destination/Mask
Routes : 6
Proto Pre Cost
100.0.1.0/24 BGP 255 0
Flags NextHop
RD 10.0.255.11
Interface
GigabitEthernet1/0/2
100.0.2.0/24 Direct 0 0
D 100.0.2.1
GigabitEthernet1/0/8
100.0.2.1/32 Direct 0 0
D 127.0.0.1
InLoopBack0
100.0.2.255/32 Direct 0
0
D 127.0.0.1
100.0.255.1/32 BGP 255 0 255.255.255.255/32 Direct 0
0
RD 100.0.2.2 D 127.0.0.1
InLoopBack0 GigabitEthernet1/0/8 InLoopBack0
The CEs (RT-F & RT-E) in the same VPN can ping through each other RT-F> ping 100.0.2.2 Rt-E> ping 100.0.1.2
You can also ping from PEs VRF
RT-A#ping vrf vpnb 100.0.2.1
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 100.0.2.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
9
RT-A#ping vrf vpnb 100.0.2.2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 100.0.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
[RT-C]ping -vpn-instance vpnb 100.0.1.1
PING 100.0.1.1: 56 data bytes, press CTRL_C to break Reply from 100.0.1.1: bytes=56 Sequence=1 ttl=253 time=2 ms Reply from 100.0.1.1: bytes=56 Sequence=2 ttl=253 time=1 ms Reply from 100.0.1.1: bytes=56 Sequence=3 ttl=253 time=1 ms Reply from 100.0.1.1: bytes=56 Sequence=4 ttl=253 time=1 ms Reply from 100.0.1.1: bytes=56 Sequence=5 ttl=253 time=1 ms
--- 100.0.1.1 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/2 ms
[RT-C]ping -vpn-instance vpnb 100.0.1.2
PING 100.0.1.2: 56 data bytes, press CTRL_C to break Reply from 100.0.1.2: bytes=56 Sequence=1 ttl=252 time=1 ms Reply from 100.0.1.2: bytes=56 Sequence=2 ttl=252 time=1 ms Reply from 100.0.1.2: bytes=56 Sequence=3 ttl=252 time=1 ms Reply from 100.0.1.2: bytes=56 Sequence=4 ttl=252 time=1 ms Reply from 100.0.1.2: bytes=56 Sequence=5 ttl=252 time=1 ms
10
--- 100.0.1.2 ping statistics --5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms
To view the label switching in the whole forwarding process: View the MPLS LSP of RT-A: RT-A#show mpls forwarding-table
Local Outgoing
Prefix
Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id
Switched
10.0.2.0/30
16
Pop Label
17
16
18
Pop Label
19
18
10.0.255.31/32 0
Gi2/2
10.0.1.2
20
19
10.0.255.41/32 0
Gi2/2
10.0.1.2
21
Pop Label
IPv4 VRF[V]
1420
aggregate/vpna
22
Pop Label
IPv4 VRF[V]
2672
aggregate/vpnb
10.0.3.0/30
0
interface
Gi2/2
0
Gi2/2
10.0.255.21/32 0
10.0.1.2 10.0.1.2
Gi2/2
10.0.1.2
On RT-A, the outbound label to PE2 is 18. View the MPLS LSP of RT-B:
RT-B#sh mpls forwarding-table
Local Outgoing
Prefix
Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id 16
Pop Label
10.0.3.0/30
17
Pop Label
10.0.255.11/32
18
1027
19
Pop Label
Switched 490
Gi1/3
1875863
10.0.2.2
Gi1/1
10.0.255.31/32 1968423 10.0.255.41/32 0
interface
Gi1/3 Gi1/3
11
10.0.1.1 10.0.2.2 10.0.2.2
On RT-B, inbound label being 18 are switched to 1027. On RT-D, view the MPLS LSP:
[RT-D]disp mpls ls
------------------------------------------------------------------------------LSP Information: LDP LSP ------------------------------------------------------------------------------FEC
In/Out Label In/Out IF
10.0.255.41/32 10.0.2.0/30
3/NULL 3/NULL
10.0.255.31/32
NULL/3
10.0.255.31/32
1027/3
10.0.1.0/30
1024/3
10.0.1.0/30
NULL/3
10.0.255.11/32
1026/17
10.0.255.11/32
NULL/17
10.0.255.21/32
1025/3
10.0.255.21/32
NULL/3
10.0.3.0/30
3/NULL
Vrf Name
-/-/-/GE2/0/2 -/GE2/0/2 -/GE2/0/4 -/GE2/0/4 -/GE2/0/4 -/GE2/0/4 -/GE2/0/4 -/GE2/0/4 -/-
Outbound label of the packet with inbound label 1027 is 3. It indicates that RT-D is the penultimate hop and thus needs to pop off the label
[RT-C]disp mpls ls
------------------------------------------------------------------------------LSP Information: BGP LSP ------------------------------------------------------------------------------FEC
In/Out Label In/Out IF
Vrf Name
100.0.2.0/24
115712/NULL -/-
vpna
100.0.2.0/24
115713/NULL -/-
vpnb
100.0.255.1/32
115714/NULL -/-
vpnb 12
------------------------------------------------------------------------------LSP Information: LDP LSP ------------------------------------------------------------------------------FEC
In/Out Label In/Out IF
10.0.255.31/32
3/NULL
-/-
10.0.255.41/32
NULL/3
-/GE1/0/2
10.0.2.0/30
NULL/3
10.0.1.0/30
NULL/1024
Vrf Name
-/GE1/0/2 -/GE1/0/2
10.0.255.21/32
NULL/1025
-/GE1/0/2
10.0.255.11/32
NULL/1026
-/GE1/0/2
Labels allocated by RT-C to RT-D are specially 3, which indicates that RT-C is the last hop. The MPLS LSP forwarding process for other FECs is similar.
13
Lab 9- L2 VPN (sub-interface on 7609 and SVI on CX600)
RT-C
PC-C SW-C
1/0/6
Ge 0/0/1
1/0/0
Fe 0/0/9
1/2
2/2 1/1
RT-A
RT-B 2/3 Ge 0/1 SW-A
Fe 0/9
PC-A Group1- RT-B CX600- RT-C
Group2- RT-A, SW-A
C7609-RT-A, RT-B
Group3- RT-C, SW-C
C3400 – SW-A CX200D – SW-C
AS 65000
RT-B
RT-C
RT-A
Lo- 10.0.255.21/32
Lo- 10.0.255.31/32
Lo- 10.0.255.11/32
1/1 -10.0.1.2/30
1/0/0 -10.0.2.2/30
2/2 -10.0.1.1/30
1/2 -10.0.2.1/30
1/0/6 –switchport
2/3 –switchport
1
VLAN – 100(A) & 200 (C) VC ID – 10 VSI - 11
Configuration Procedure Step 1 Configure CE. In our example CE is a PC, therefore configure PC-A- IP- 50.0.0.1/24 PC-C- IP- 50.0.0.2/24
If CE is a Router, configure a sub interface as below # Huawei
# Cisco interface GigabitEthernet2/4.100 encapsulation dot1Q 100 ip address 50.0.0.1 255.255.255.0
Step 2 Configure SW-A, SW-C # Configure SW-A. SW-A(config-if)# switchport mode trunk SW-A(config-if)#switchport trunk allow vlan all SW-A(config-if)#no shut SW-A(config)# vlan 100 SW-A(config)# interface fastEthernet 0/9 SW-A(config-if)#switchport access vlan 100
2
SW-A(config-if)#port-type nni SW-A(config-if)#no shut
# Configure SW-C. [SW-C-gigabitethernet0/0/1]port link-type trunk [SW-C-gigabitethernet0/0/1]port trunk allow-pass vlan all [SW-C-gigabitethernet0/0/1]bpdu enable [SW-C-gigabitethernet0/0/1]undo shut [SW-C ]vlan 200 [SW-C ]interface Ethernet 0/0/9 [SW-C-ethernet0/0/9]port link-type access [SW-C-ethernet0/0/9]port default vlan 200 [SW-C-ethernet0/0/9]undo shut
Step 3 Configure OSPF in MPLS Backbone RT-A(config)# router ospf 100 RT-A(config-router)# network 10.0.255.11 RT-A(config-router)# network 10.0.0.0
0.0.0.0
area 0
0.255.255.255
area 0
RT-B(config)# router ospf 100 RT-B(config-router)# network 10.0.255.21 RT-B(config-router)# network 10.0.0.0
0.0.0.0
area 0
0.255.255.255
area 0
[RT-C]ospf 100 [RT-C-ospf-100]area 0 [RT-C-ospf-100-area-0.0.0.0]network 10.0.255.31 [RT-C-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
After the configuration, the OSPF neighbor relationship should be established between RT-A, RT-B, RT-D and RT-C. After running the show ip ospf neighbor & display ospf peer command, you can find that the OSPF neighbor relationship is in Full state. Run the show ip routing-table & display ip routing-table command on the PE (RT-A, RT-C), and you can view the Loopback0 routes imported from the peer. RT-A# show ip ospf neighbor [RT-C] display ospf peer RT-A# show ip routing-table [RT-C] display ip routing-table
Step 4 Configure MPLS basic capability and LDP on MPLS backbone network. # Configure RT-A. RT-A(config)#mpls ip RT-A(config)#mpls ldp router-id Loopback0 force RT-A(config-if)#mpls ip
3
RT-A(config-if)#mpls label protocol ldp
# Configure RT-B. RT-B(config)#mpls ip RT-B(config)#mpls ldp router-id Loopback0 force RT-B(config-if)#mpls ip RT-B(config-if)#mpls label protocol ldp RT-B(config-if)#mpls ip RT-B(config-if)#mpls label protocol ldp
# Configure RT-C. [RT-C]mpls lsr-id 10.0.255.31 [RT-C]mpls [RT-C]mpls ldp [RT-C-gigabitethernet1/0/2]mpls [RT-C-gigabitethernet1/0/2]mpls ldp
Step 5 Establish the remote LDP session on PE. # Configure RT-C. [PE2] mpls ldp remote-peer 1 [PE2-mpls-ldp-remote-1] remote-ip 10.0.255.11 [PE2-mpls-ldp-remote-1] quit
After the configuration, run the display mpls ldp session command on PE2 to check the establishment of the LDP session. You can find that the remote LDP session between PE1 and PE2 is newly set up. [RT-C]display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID
Status
LAM
SsnRole
SsnAge
KA-Sent/Rcv
-----------------------------------------------------------------------------10.0.255.11:0
Operational DU
Active
000:01:37
389/444
10.0.255.21:0
Operational DU
Active
000:01:44
418/474
-----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode
SsnAge Unit : DDD:HH:MM
RT-A#sh mpls ldp neighbor Peer LDP Ident: 10.0.255.21:0; Local LDP Ident 10.0.255.11:0 TCP connection: 10.0.255.21.11037 - 10.0.255.11.646 State: Oper; Msgs sent/rcvd: 154/155; Downstream Up time: 02:08:12 LDP discovery sources: GigabitEthernet2/2, Src IP addr: 10.0.1.2
4
Addresses bound to peer LDP Ident: 10.0.1.2
10.0.255.21
10.0.2.1
Peer LDP Ident: 10.0.255.31:0; Local LDP Ident 10.0.255.11:0 TCP connection: 10.0.255.31.49803 - 10.0.255.11.646 State: Oper; Msgs sent/rcvd: 510/452; Downstream Up time: 01:47:50 LDP discovery sources: Targeted Hello 10.0.255.11 -> 10.0.255.31, active, passive Addresses bound to peer LDP Ident: 10.0.2.2
10.0.255.31
Step 6 Enable MPLS L2VPN on PE and create the VC connection. # On RT-A, create a VC on sub interface Gigabit Ethernet 2/3.100, which connects PC-A through SW-A. RT-A(config)#interface gigabitetherent 2/3 RT-A(config-if)#switchport RT-A(config-if)# switchport trunk encapsulation dot1q RT-A(config-if)# switchport mode trunk RT-A(config-if)#no shut RT-A(config)#interface gigabitetherent 2/3.100 RT-A(config-subif)#encapsulation dot1q 100 RT-A(config-subif)#xconnect 10.0.255.31 10 encap mpls
# On RT-C, create a VSI, which connects PC-C through SW-C. [RT-C] mpls l2vpn [RT-C-l2vpn] mpls l2vpn default martini [RT-C]Vlan 200 [RT-C]vsi 11 static [RT-C-vsi-11]pwsignal ldp [RT-C-vsi-11-ldp]vsi-id 10 [RT-C-vsi-11-ldp]peer 10.0.255.11 [RT-C] interface vlanif 200 [RT-C-vlanif200] l2 binding vsi 11 [RT-C] interface gigabitethernet1/0/6 [RT-C-GigabitEthernet1/0/6]portswitch [RT-C-GigabitEthernet1/0/6]port link-type trunk [RT-C-GigabitEthernet1/0/6]port trunk allow-pass vlan all [RT-C-GigabitEthernet1/0/6] undo shutdown
Extra info- Command for Cisco RT-A(config)#vlan 200 RT-A(config)#interface vlan 200 RT-A(config-if)#no ip address RT-A(config-if)#xconnect 10.0.255.11 10 encap mpls RT-A(config-if)#no shut
5
Check:PC-A and PC-C can successfully ping each other.
Check the L2VPN connection on the PEs. You can find that an L2VC is set up and the VC status is Up. RT-A#sh mpls l2transport vc Local intf
Local circuit
-------------
-------------------------- --------------- ---------- ----------
Dest address
Gi2/3.100
Eth VLAN 100
10.0.255.31
VC ID
Status
10
UP
[RT-C]display vsi name 11
Vsi
Mem
PW
Name
Disc
Type Learn
Mac
Encap
Mtu
Type
Value State
Vsi
-------------------------------------------------------------------------11
static ldp
6
unqualify vlan
1500
up
Lab 10- L2 VPN (sub-interface both sides) (Optional)
RT-C
PC-C SW-C
1/0/6
Ge 0/0/1
1/0/0
Fe 0/0/9
1/2
2/2 1/1
RT-A
RT-B 2/3 Ge 0/1 SW-A
Fe 0/9
PC-A Group1- RT-B CX600- RT-C
Group2- RT-A, SW-A
C7609-RT-A, RT-B
Group3- RT-C, SW-C
C3400 – SW-A CX200D – SW-C
AS 65000
RT-B
RT-C
RT-A
Lo- 10.0.255.21/32
Lo- 10.0.255.31/32
Lo- 10.0.255.11/32
1/1 -10.0.1.2/30
1/0/0 -10.0.2.2/30
2/2 -10.0.1.1/30
1/2 -10.0.2.1/30
1/0/6 –switchport
2/3 –switchport
1
VLAN – 100(A) & 200 (C) VC ID - 10
Configuration Procedure Step 1 Configure CE. In our example CE is a PC, therefore configure PC-A- IP- 50.0.0.1/24 PC-C- IP- 50.0.0.2/24
If CE is a Router, configure a sub interface as below # Huawei
# Cisco interface GigabitEthernet2/4.100 encapsulation dot1Q 100 ip address 50.0.0.1 255.255.255.0
Step 2 Configure SW-A, SW-C # Configure SW-A. SW-A(config-if)# switchport mode trunk SW-A(config-if)#switchport trunk allow vlan all SW-A(config-if)#no shut SW-A(config)# vlan 100 SW-A(config)# interface fastEthernet 0/9 SW-A(config-if)#switchport access vlan 100
2
SW-A(config-if)#port-type nni SW-A(config-if)#no shut
# Configure SW-C. [SW-C-gigabitethernet0/0/1]port link-type trunk [SW-C-gigabitethernet0/0/1]port trunk allow-pass vlan all [SW-C-gigabitethernet0/0/1]bpdu enable [SW-C-gigabitethernet0/0/1]undo shut [SW-C ]vlan 200 [SW-C ]interface Ethernet 0/0/9 [SW-C-ethernet0/0/9]port link-type access [SW-C-ethernet0/0/9]port default vlan 200 [SW-C-ethernet0/0/9]undo shut
Step 3 Configure OSPF in MPLS Backbone RT-A(config)# router ospf 100 RT-A(config-router)# network 10.0.255.11 RT-A(config-router)# network 10.0.0.0
0.0.0.0
area 0
0.255.255.255
area 0
RT-B(config)# router ospf 100 RT-B(config-router)# network 10.0.255.21 RT-B(config-router)# network 10.0.0.0
0.0.0.0
area 0
0.255.255.255
area 0
[RT-C]ospf 100 [RT-C-ospf-100]area 0 [RT-C-ospf-100-area-0.0.0.0]network 10.0.255.31 [RT-C-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
After the configuration, the OSPF neighbor relationship should be established between RT-A, RT-B, RT-D and RT-C. After running the show ip ospf neighbor & display ospf peer command, you can find that the OSPF neighbor relationship is in Full state. Run the show ip routing-table & display ip routing-table command on the PE (RT-A, RT-C), and you can view the Loopback0 routes imported from the peer. RT-A# show ip ospf neighbor [RT-C] display ospf peer RT-A# show ip routing-table [RT-C] display ip routing-table
Step 4 Configure MPLS basic capability and LDP on MPLS backbone network. # Configure RT-A. RT-A(config)#mpls ip RT-A(config)#mpls ldp router-id Loopback0 force RT-A(config-if)#mpls ip
3
RT-A(config-if)#mpls label protocol ldp
# Configure RT-B. RT-B(config)#mpls ip RT-B(config)#mpls ldp router-id Loopback0 force RT-B(config-if)#mpls ip RT-B(config-if)#mpls label protocol ldp RT-B(config-if)#mpls ip RT-B(config-if)#mpls label protocol ldp
# Configure RT-C. [RT-C]mpls lsr-id 10.0.255.31 [RT-C]mpls [RT-C]mpls ldp [RT-C-gigabitethernet1/0/2]mpls [RT-C-gigabitethernet1/0/2]mpls ldp
Step 5 Establish the remote LDP session on PE. # Configure RT-C. [PE2] mpls ldp remote-peer 1 [PE2-mpls-ldp-remote-1] remote-ip 10.0.255.11 [PE2-mpls-ldp-remote-1] quit
After the configuration, run the display mpls ldp session command on PE2 to check the establishment of the LDP session. You can find that the remote LDP session between PE1 and PE2 is newly set up. [RT-C]display mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID
Status
LAM
SsnRole
SsnAge
KA-Sent/Rcv
-----------------------------------------------------------------------------10.0.255.11:0
Operational DU
Active
000:01:37
389/444
10.0.255.21:0
Operational DU
Active
000:01:44
418/474
-----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode
SsnAge Unit : DDD:HH:MM
RT-A#sh mpls ldp neighbor Peer LDP Ident: 10.0.255.21:0; Local LDP Ident 10.0.255.11:0 TCP connection: 10.0.255.21.11037 - 10.0.255.11.646 State: Oper; Msgs sent/rcvd: 154/155; Downstream Up time: 02:08:12 LDP discovery sources: GigabitEthernet2/2, Src IP addr: 10.0.1.2
4
Addresses bound to peer LDP Ident: 10.0.1.2
10.0.255.21
10.0.2.1
Peer LDP Ident: 10.0.255.31:0; Local LDP Ident 10.0.255.11:0 TCP connection: 10.0.255.31.49803 - 10.0.255.11.646 State: Oper; Msgs sent/rcvd: 510/452; Downstream Up time: 01:47:50 LDP discovery sources: Targeted Hello 10.0.255.11 -> 10.0.255.31, active, passive Addresses bound to peer LDP Ident: 10.0.2.2
10.0.255.31
Step 6 Enable MPLS L2VPN on PE and create the VC connection. # On RT-A, create a VC on sub interface Gigabit Ethernet 2/3.100, which connects PC-A through SW-A. RT-A(config)#interface gigabitetherent 2/3 RT-A(config-if)#switchport RT-A(config-if)# switchport trunk encapsulation dot1q RT-A(config-if)# switchport mode trunk RT-A(config-if)#no shut RT-A(config)#interface gigabitetherent 2/3.100 RT-A(config-subif)#encapsulation dot1q 100 RT-A(config-subif)#xconnect 10.0.255.31 10 encap mpls
# On RT-C, create a VC on sub interface, which connects PC-C through SW-C. [RT-C] mpls l2vpn [RT-C-l2vpn] mpls l2vpn default martini [RT-C] interface gigabitethernet1/0/6 [RT-C-GigabitEthernet1/0/6]portswitch [RT-C-GigabitEthernet1/0/6]port link-type trunk [RT-C-GigabitEthernet1/0/6]port trunk allow-pass vlan 127 [RT-C-GigabitEthernet1/0/6] undo shutdown [RT-C] interface gigabitethernet1/0/6.200 [RT-C-GigabitEthernet1/0/6.200] mpls l2vc 10.0.255.11 10 [RT-C-GigabitEthernet1/0/6.200]vlan-type dot1q 200
5
Check:PC-A and PC-C can successfully ping each other.
Check the L2VPN connection on the PEs. You can find that an L2VC is set up and the VC status is Up. RT-A#sh mpls l2transport vc Local intf
Local circuit
-------------
-------------------------- --------------- ---------- ----------
Dest address
Gi2/3.100
Eth VLAN 100
10.0.255.31
VC ID 10
Status UP
[RT-C]display mpls l2vc interface GigabitEthernet 1/0/6.200 *client interface
: GigabitEthernet1/0/6.200 is up
session state
: up
AC state
: up
VC state
: up
VC ID
: 10
VC type
: VLAN
destination
: 10.0.255.11
local group ID
: 0
remote group ID
: 0
local VC label
: 146432
remote VC label
: 20
local AC OAM State
: up
local PSN State
: up
remote VC MTU
: 1500
local forwarding state : forwarding remote AC OAM state
: up
remote PSN state
: up
remote forwarding state: forwarding BFD for PW
: unavailable
manual fault
: not set
active state
: active
forwarding entry
: exist
link state
: up
local VC MTU
: 1500
local VCCV
: Disable
remote VCCV
: alert lsp-ping
local control word
: disable
tunnel policy name
: --
traffic behavior name
: --
PW template name
: --
primary or secondary
: primary
VC tunnel/token info
: 1 tunnels/tokens
NO.0
TNL type : lsp
remote control word
: disable
, TNL ID : 0x1008001
create time
: 0 days, 0 hours, 32 minutes, 48 seconds
up time
: 0 days, 0 hours, 21 minutes, 25 seconds
last change time
: 0 days, 0 hours, 21 minutes, 25 seconds
6
Lab 11- VPLS (using SVI on CX600)
RT-E SW-E
1/0/6 Ge 0/0/1
1/0/0 2/0/0 1/0/2
RT-C
2/0/2
2/0/8 RT-D
1/0/6
Ge 0/1
Ge 0/0/1 SW-C
SW-D
Group1- RT-C, SW-C CX600- RT-C, RT-D, RT-E
Group2- RT-D, SW-D
C3400 – SW-D
Group3- RT-E, SW-E
CX200D – SW-C, SW-E
AS 65000
RT-E
VLAN – 10, 20 & 30
RT-C
Lo- 10.0.255.51/32
vsi - 50
Lo- 10.0.255.31/32
1/0/0 -10.0.2.2/30
VC ID - 25
1/0/2 -10.0.1.1/30
1/0/6 –switchport
1/0/6 –switchport RT-D Lo- 10.0.255.41/32 2/0/0 -10.0.2.1/30 2/0/2 -10.0.1.2/30 2/0/8 –switchport
1
Configuration Procedure Step 1 Configure SW & RT for access # Configure RT-C & SW-C. [RT-C] interface gigabitethernet1/0/6 [RT-C-GigabitEthernet1/0/6]portswitch [RT-C-GigabitEthernet1/0/6]port link-type trunk [RT-C-GigabitEthernet1/0/6]port trunk allow-pass vlan all [RT-C-GigabitEthernet1/0/6] undo shutdown [SW-C-gigabitethernet0/0/1]port link-type trunk [SW-C-gigabitethernet0/0/1]port trunk allow-pass vlan all [SW-C-gigabitethernet0/0/1]undo shut [SW-C ]vlan 10 [SW-C ]interface vlanif 10 [SW-C-vlanif10]ip address 1.0.0.1 255.0.0.0 [SW-C- vlanif10]undo shut
# Configure RT-D & SW-D. [RT-D] interface gigabitethernet2/0/8 [RT-D-GigabitEthernet2/0/8]portswitch [RT-D-GigabitEthernet2/0/8]port link-type trunk [RT-D-GigabitEthernet2/0/8]port trunk allow-pass vlan all [RT-D-GigabitEthernet2/0/8] undo shutdown SW-D(config-if)# switchport mode trunk SW-D(config-if)#switchport trunk allowed vlan all SW-D(config-if)#port-type nni SW-D(config-if)#no shut SW-D(config)# vlan 20 SW-D(config)# interface vlan 20 SW-D(config-if)#ip address 1.0.0.2 255.0.0.0 SW-D(config-if)#no shut
# Configure RT-E & SW-E. [RT-E] interface gigabitethernet1/0/6 [RT-E-GigabitEthernet1/0/6]portswitch [RT-E-GigabitEthernet1/0/6]port link-type trunk [RT-E-GigabitEthernet1/0/6]port trunk allow-pass vlan all [RT-E-GigabitEthernet1/0/6] undo shutdown [SW-E-gigabitethernet0/0/1]port link-type trunk [SW-E-gigabitethernet0/0/1]port trunk allow-pass vlan all [SW-E-gigabitethernet0/0/1]undo shut
2
[SW-E ]vlan 30 [SW-E]interface vlanif 30 [SW-E-vlanif30]ip address 1.0.0.3 255.0.0.0 [SW-E- vlanif30]undo shut
Step 2 Configure OSPF. [RT-C]ospf 100 [RT-C-ospf-100]area 0 [RT-C-ospf-100-area-0.0.0.0]network 10.0.255.31 [RT-C-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
[RT-D]ospf 100 [RT-D-ospf-100]area 0 [RT-D-ospf-100-area-0.0.0.0]network 10.0.255.41 [RT-D-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
[RT-E]ospf 100 [RT-E-ospf-100]area 0 [RT-E-ospf-100-area-0.0.0.0]network 10.0.255.51 [RT-E-ospf-100-area-0.0.0.0]network 10.0.0.0
Step 3 Configure basic MPLS capability and LDP. # Configure RT-C. [RT-C]mpls lsr-id 10.0.255.31 [RT-C]mpls [RT-C]mpls ldp [RT-C-gigabitethernet1/0/2]mpls [RT-C-gigabitethernet1/0/2]mpls ldp
# Configure RT-D. [RT-D]mpls lsr-id 10.0.255.41 [RT-D]mpls [RT-D]mpls ldp [RT-D-gigabitethernet2/0/0]mpls [RT-D-gigabitethernet2/0/0]mpls ldp [RT-D-gigabitethernet2/0/2]mpls [RT-D-gigabitethernet2/0/2]mpls ldp
# Configure RT-E. [RT-E]mpls lsr-id 10.0.255.51 [RT-E]mpls [RT-E]mpls ldp [RT-E-gigabitethernet1/0/0]mpls
3
0.0.0.0
0.255.255.255
[RT-E-gigabitethernet1/0/0]mpls ldp
Step 4 Configure remote session of LDP. # Configure RT-C. [RT-C] mpls ldp remote-peer 1 [RT-C-mpls-ldp-remote-1] remote-ip 10.0.255.51
# Configure RT-E. [RT-E] mpls ldp remote-peer 1 [RT-E-mpls-ldp-remote-1] remote-ip 10.0.255.31
After the configuration, run the display mpls ldp session command on PEs to check the establishment of the LDP session. You can find that the remote LDP session between PEs are newly set up. [RT-C]disp mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID
Status
LAM
SsnRole
SsnAge
KA-Sent/Rcv
-----------------------------------------------------------------------------10.0.255.41:0
Operational DU
Active
000:00:56
227/255
10.0.255.51:0
Operational DU
Active
000:04:56
1186/1350
-----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode
Step 5 Enable MPLS L2VPN on PEs. # Configure RT-C. [RT-C] mpls l2vpn
# Configure RT-D. [RT-D] mpls l2vpn
# Configure RT-E. [RT-E] mpls l2vpn
4
SsnAge Unit : DDD:HH:MM
Step 6 Configure a VSI on each PE. # Configure RT-C. [RT-C]vsi 50 static [RT-C-vsi-50]pwsignal ldp [RT-C-vsi-50-ldp]vsi-id 25 [RT-C-vsi-50-ldp]peer 10.0.255.41 [RT-C-vsi-50-ldp]peer 10.0.255.51
# Configure RT-D. [RT-D]vsi 50 static [RT-D-vsi-50]pwsignal ldp [RT-D-vsi-50-ldp]vsi-id 25 [RT-D-vsi-50-ldp]peer 10.0.255.31 [RT-D-vsi-50-ldp]peer 10.0.255.51
# Configure RT-E. [RT-E]vsi 50 static [RT-E-vsi-50]pwsignal ldp [RT-E-vsi-50-ldp]vsi-id 25 [RT-E-vsi-50-ldp]peer 10.0.255.31 [RT-E-vsi-50-ldp]peer 10.0.255.41
Step 7 Bind the VSI with the interface on PE. # Configure RT-C. [RT-C] vlan 10 [RT-C] interface vlanif 10 [RT-C-vlanif10] l2 binding vsi 50 [RT-C-vlanif10]undo shut
# Configure RT-D. [RT-D] vlan 20 [RT-D] interface vlanif 20 [RT-D-vlanif20] l2 binding vsi 50 [RT-D-vlanif20]undo shut
# Configure RT-E. [RT-E] vlan 30 [RT-E] interface vlanif 30 [RT-E-vlanif30] l2 binding vsi 50 [RT-E-vlanif30]undo shut
5
Step 8 Verify the configuration. After the configuration, run the following command on PEs, and you can see that VSI named 50 establishes a PW to PE1 & PE2 and the VSI is Up. [RT-C]disp vsi name 50 Vsi
Mem
PW
Name
Disc
Type Learn
Mac
Encap
Mtu
Type
Value State
Vsi
-------------------------------------------------------------------------50
static ldp
Check:Ping from [SW-C]ping 1.0.0.2 Ping from [SW-C]ping 1.0.0.3
Similarly try from other switches
6
unqualify vlan
1500
up
Lab 12- VPLS (using SVI) (Optional) Note- VFI/VSI will be UP, but will not ping because 7609 don’t have OSM card.
RT-C SW-C
1/0/6 Ge 0/0/1
1/0/0
Fe 0/0/9
PC-C
1/2 2/2 1/1
RT-A
1/4 RT-B
2/3
Ge 0/0/1
Ge 0/1 Fe 0/9
SW-A
PC-B SW-B
PC-A
Group1- RT-A, SW-A CX600- RT-C
Group2- RT-B, SW-B
C7609-RT-A, RT-B
Group3- RT-C, SW-C
C3400 – SW-A CX200D – SW-B, SW-C AS 65000
RT-C
VLAN – 100,200 & 300
RT-A
Lo- 10.0.255.31/32
vfi/vsi - 2611
Lo- 10.0.255.11/32
1/0/0 -10.0.2.2/30
VC ID - 20
2/2 -10.0.1.1/30
1/0/6 –switchport
2/3 –switchport RT-B Lo- 10.0.255.21/32 1/1 -10.0.1.2/30 1/2 -10.0.2.1/30 1/4 –switchport
1
Configuration Procedure Step 1 Configure CE. In our example CE is a PC, therefore configure PC-A- IP- 100.0.0.1/24 PC-B- IP- 100.0.0.2/24 PC-C- IP- 100.0.0.3/24
Step 2 Configure SW & RT for access # Configure SW-A & RT-A. RT-A(config)#interface gigabitetherent 2/3 RT-A(config-if)#switchport RT-A(config-if)# switchport trunk encapsulation dot1q RT-A(config-if)# switchport mode trunk RT-A(config-if)#no shut SW-A(config-if)# switchport mode trunk SW-A(config-if)#switchport trunk allow vlan all SW-A(config-if)#port-type nni SW-A(config-if)#no shut SW-A(config)# vlan 100 SW-A(config)# interface fastEthernet 0/9 SW-A(config-if)#switchport access vlan 100 SW-A(config-if)#port-type nni SW-A(config-if)#no shut
# Configure SW-B & RT-B. RT-B(config)#interface gigabitetherent 1/4 RT-B(config-if)#switchport RT-B(config-if)# switchport trunk encapsulation dot1q RT-B(config-if)# switchport mode trunk RT-B(config-if)#no shut [SW-B-gigabitethernet0/0/1]port link-type trunk [SW-B-gigabitethernet0/0/1]port trunk allow-pass vlan all [SW-B-gigabitethernet0/0/1]bpdu enable [SW-B-gigabitethernet0/0/1]undo shut [SW-B ]vlan 200 [SW-B ]interface Ethernet 0/0/9 [SW-B-ethernet0/0/9]port link-type access [SW-B-ethernet0/0/9]port default vlan 200
2
[SW-B-ethernet0/0/9]undo shut
# Configure SW-C & RT-C. [RT-C] interface gigabitethernet1/0/6 [RT-C-GigabitEthernet1/0/6]portswitch [RT-C-GigabitEthernet1/0/6]port link-type trunk [RT-C-GigabitEthernet1/0/6]port trunk allow-pass vlan all [RT-C-GigabitEthernet1/0/6] undo shutdown [SW-C-gigabitethernet0/0/1]port link-type trunk [SW-C-gigabitethernet0/0/1]port trunk allow-pass vlan all [SW-C-gigabitethernet0/0/1]bpdu enable [SW-C-gigabitethernet0/0/1]undo shut [SW-C ]vlan 300 [SW-C ]interface Ethernet 0/0/9 [SW-C-ethernet0/0/9]port link-type access [SW-C-ethernet0/0/9]port default vlan 300 [SW-C-ethernet0/0/9]undo shut
Step 3 Configure OSPF. RT-A(config)# router ospf 100 RT-A(config-router)# network 10.0.255.11 RT-A(config-router)# network 10.0.0.0
0.0.0.0
area 0
0.255.255.255
area 0
RT-B(config)# router ospf 100 RT-B(config-router)# network 10.0.255.21 RT-B(config-router)# network 10.0.0.0
0.0.0.0
area 0
0.255.255.255
area 0
[RT-C]ospf 100 [RT-C-ospf-100]area 0 [RT-C-ospf-100-area-0.0.0.0]network 10.0.255.31 [RT-C-ospf-100-area-0.0.0.0]network 10.0.0.0
0.0.0.0
0.255.255.255
Step 4 Configure basic MPLS capability and LDP. # Configure RT-A. RT-A(config)#mpls ip RT-A(config)#mpls ldp router-id Loopback0 force RT-A(config-if)#mpls ip RT-A(config-if)#mpls label protocol ldp
# Configure RT-B. RT-B(config)#mpls ip RT-B(config)#mpls ldp router-id Loopback0 force RT-B(config-if)#mpls ip
3
RT-B(config-if)#mpls label protocol ldp RT-B(config-if)#mpls ip RT-B(config-if)#mpls label protocol ldp
# Configure RT-C. [RT-C]mpls lsr-id 10.0.255.31 [RT-C]mpls [RT-C]mpls ldp [RT-C-gigabitethernet1/0/0]mpls [RT-C-gigabitethernet1/0/0]mpls ldp
Step 5 Configure remote session of LDP. # Configure RT-C. [PE2] mpls ldp remote-peer 1 [PE2-mpls-ldp-remote-1] remote-ip 10.0.255.11
After the configuration, run the display mpls ldp session or show mpls ldp neighbor command on PEs to check the establishment of the LDP session. You can find that the remote LDP session between PEs are newly set up. [RT-C]disp mpls ldp session LDP Session(s) in Public Network -----------------------------------------------------------------------------Peer-ID
Status
LAM
SsnRole
SsnAge
KA-Sent/Rcv
-----------------------------------------------------------------------------10.0.255.11:0
Operational DU
Active
000:00:56
227/255
10.0.255.21:0
Operational DU
Active
000:04:56
1186/1350
-----------------------------------------------------------------------------TOTAL: 2 session(s) Found. LAM : Label Advertisement Mode
SsnAge Unit : DDD:HH:MM
RT-B#sh mpls ldp neighbor Peer LDP Ident: 10.0.255.11:0; Local LDP Ident 10.0.255.21:0 TCP connection: 10.0.255.11.646 - 10.0.255.21.11037 State: Oper; Msgs sent/rcvd: 364/362; Downstream Up time: 05:11:27 LDP discovery sources: GigabitEthernet1/1, Src IP addr: 10.0.1.1 Targeted Hello 10.0.255.21 -> 10.0.255.11, active, passive Addresses bound to peer LDP Ident: 10.0.255.11
10.0.1.1
Peer LDP Ident: 10.0.255.31:0; Local LDP Ident 10.0.255.21:0 TCP connection: 10.0.255.31.51690 - 10.0.255.21.646 State: Oper; Msgs sent/rcvd: 1371/1200; Downstream Up time: 04:58:30
4
LDP discovery sources: GigabitEthernet1/2, Src IP addr: 10.0.2.2 Addresses bound to peer LDP Ident: 10.0.2.2
10.0.255.31
RT-A#sh mpls ldp neighbor Peer LDP Ident: 10.0.255.21:0; Local LDP Ident 10.0.255.11:0 TCP connection: 10.0.255.21.11037 - 10.0.255.11.646 State: Oper; Msgs sent/rcvd: 367/369; Downstream Up time: 05:15:35 LDP discovery sources: GigabitEthernet2/2, Src IP addr: 10.0.1.2 Targeted Hello 10.0.255.11 -> 10.0.255.21, active, passive Addresses bound to peer LDP Ident: 10.0.1.2
10.0.255.21
10.0.2.1
Peer LDP Ident: 10.0.255.31:0; Local LDP Ident 10.0.255.11:0 TCP connection: 10.0.255.31.51916 - 10.0.255.11.646 State: Oper; Msgs sent/rcvd: 298/261; Downstream Up time: 01:02:43 LDP discovery sources: Targeted Hello 10.0.255.11 -> 10.0.255.31, active, passive Addresses bound to peer LDP Ident: 10.0.2.2
10.0.255.31
Step 6 Enable MPLS L2VPN on PEs. # Configure RT-C. [RT-C] mpls l2vpn
Step 7 Configure a VFI/VSI on each PE. # Configure RT-A. RT-A(config)#l2 vfi 2611 manual RT-A(config-vfi)#vpn id 20 RT-A(config-vfi)#neighbor 10.0.255.21 encapsulation mpls RT-A(config-vfi)#neighbor 10.0.255.31 encapsulation mpls
# Configure RT-B. RT-B(config)#l2 vfi 2611 manual RT-A(config-vfi)#vpn id 20 RT-A(config-vfi)#neighbor 10.0.255.11
encapsulation mpls
RT-A(config-vfi)#neighbor 10.0.255.31
encapsulation mpls
# Configure RT-C. [RT-C]vsi 2611 static [RT-C-vsi-2611]pwsignal ldp
5
[RT-C-vsi-2611-ldp]vsi-id 20 [RT-C-vsi-2611-ldp]peer 10.0.255.11 [RT-C-vsi-2611-ldp]peer 10.0.255.21
Step 8 Bind the VSI/VFI with the interface on PE. # Configure RT-A. RT-A(config)#vlan 100 RT-A(config)#interface vlan 100 RT-A(config-if)#no ip address RT-A(config-if)#xconnect vfi 2611 RT-A(config-if)#no shut
# Configure RT-B. RT-B(config)#vlan 200 RT-B(config)#interface vlan 200 RT-B(config-if)#no ip address RT-B(config-if)#xconnect vfi 2611 RT-B(config-if)#no shut
# Configure RT-C. [RT-C] vlan 300 [RT-C] interface vlanif 300 [RT-C-vlanif300] l2 binding vsi 2611 [RT-C-vlanif300]undo shut
Step 9 Verify the configuration. After the configuration, run the following command on PEs, and you can see that VSI/VFI named 2611 establishes a PW to PE1 & PE2and the VSI is Up. [RT-C]disp vsi name 2611 Vsi
Mem
PW
Name
Disc
Type Learn
Mac
Encap
Mtu
Type
Value State
Vsi
-------------------------------------------------------------------------2611
static ldp
unqualify vlan
RT-B#sh vfi 2611 Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No VFI name: 2611, state: up, type: multipoint VPN ID: 20 Local attachment circuits: Vlan200 Neighbors connected via pseudowires:
6
1500
up
Peer Address
VC ID
S
10.0.255.31
20
Y
10.0.255.11
20
Y
RT-A#sh vfi 2611 Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No VFI name: 2611, state: up, type: multipoint VPN ID: 20 Local attachment circuits: Vlan100 Neighbors connected via pseudowires: Peer Address
VC ID
S
10.0.255.31
20
Y
10.0.255.21
20
Y
7
