CCNA Lab - Solution Rev1.0 Advanced MPLS II

PE4-RACK1config-router-af# no synchronization PE4-RACK1config-router-af# exit-address-family BB3-RACK1config#router bgp 57 BB3-RACK1config-router# no synchronization BB3-RACK1config-rout

Trang 1

Task 16.1:

Task 16.2:

These topics were covered in previous labs Please refer back to

IS-IS labs’ solutions if you need a reminder

Task 16.3: Configure IGP in SP2 PE-CE:

♦ In PE4, configure PE4-CE6 protocol as OSPF area 0

PE4-RACK1(config)#ip vrf solaris PE4-RACK1(config-vrf)# rd 200:200 PE4-RACK1(config-vrf)# route-target export 200:200 PE4-RACK1(config-vrf)# route-target import 200:200 PE4-RACK1(config-vrf)#interface FastEthernet0/1.600 PE4-RACK1(config-subif)#description TO svi 3550-CE6 VPN SOLARIS SITE 2 PE4-RACK1(config-subif)#encapsulation dot1Q 600

PE4-RACK1(config-subif)#ip vrf forwarding solaris PE4-RACK1(config-subif)#ip address 172.16.60.4 255.255.255.0 PE4-RACK1(config-subif)#ip ospf message-digest-key 1 md5 iementor PE4-RACK1(config-subif)#ip ospf network point-to-point

PE4-RACK1(config-subif)#no snmp trap link-status PE4-RACK1(config-subif)#router ospf 6 vrf solaris PE4-RACK1(config-router)# log-adjacency-changes detail PE4-RACK1(config-router)# area 0 authentication message-digest PE4-RACK1(config-router)# network 172.16.60.0 0.0.0.255 area 0

3550-CE6(config)#interface Vlan600 3550-CE6(config-if)# ip address 172.16.60.6 255.255.255.0 3550-CE6(config-if)# ip ospf message-digest-key 1 md5 iementor 3550-CE6(config-if)# ip ospf network point-to-point

3550-CE6(config-if)#router ospf 200 3550-CE6(config-router)# router-id 6.6.6.6 3550-CE6(config-router)# log-adjacency-changes detail 3550-CE6(config-router)# area 0 authentication message-digest 3550-CE6(config-router)# network 6.6.6.6 0.0.0.0 area 0 3550-CE6(config-router)# network 172.16.60.0 0.0.0.255 area 0

♦ In PE4, configure PE4-BB3 protocol as BGP AS57

♦ Secure routing protocol sessions

PE4-RACK1(config)#router bgp 65002 PE4-RACK1(config-router)# address-family ipv4 vrf green PE4-RACK1(config-router-af)# redistribute connected PE4-RACK1(config-router-af)# neighbor 172.16.30.3 remote-as 57 PE4-RACK1(config-router-af)# neighbor 172.16.30.3 password iem PE4-RACK1(config-router-af)# neighbor 172.16.30.3 activate PE4-RACK1(config-router-af)# no auto-summary

Trang 2

PE4-RACK1(config-router-af)# no synchronization PE4-RACK1(config-router-af)# exit-address-family

BB3-RACK1(config)#router bgp 57 BB3-RACK1(config-router)# no synchronization BB3-RACK1(config-router)# bgp log-neighbor-changes BB3-RACK1(config-router)# neighbor 172.16.30.4 remote-as 65002 BB3-RACK1(config-router)# neighbor 172.16.30.4 password iem BB3-RACK1(config-router)# no auto-summary

Task 16.4:

Task 16.5: Advertise Loopbacks in BB3 in AS57

BB3-RACK1(config-router)# redistribute connected metric 2

Task 16.6:

This example represents the same steps for PE1, PE2, and PE3 Exclude RR from the MPLS/LDP configuration because RR is not in data-path forwarding

PE4-RACK1(config)#ip cef PE4-RACK1(config)#mpls ip PE4-RACK1(config)#mpls ldp router-id loopback 0 PE4-RACK1(config)#int fastEthernet 0/0

PE4-RACK1(config-if)#mpls ip

Enable only the interface facing the SP1 and SP2 core MPLS/LDP between ASBRs will be handled by mBGP

ASBR2-RACK1(config)#int e 0/0 ASBR2-RACK1(config-if)#mpls ip

Task 16.7:

RR1-RACK1(config)#router bgp 65001 RR1-RACK1(config-router)#address-family vpnv4 RR1-RACK1(config-router-af)# neighbor ibgp route-reflector-client RR1-RACK1(config-router-af)# neighbor ibgp send-community extended RR1-RACK1(config-router-af)# neighbor 10.1.1.1 activate

RR1-RACK1(config-router-af)# neighbor 10.1.1.2 activate RR1-RACK1(config-router-af)# neighbor 10.1.1.3 activate RR1-RACK1(config-router-af)# neighbor 10.1.1.100 activate RR1-RACK1(config-router-af)# neighbor 10.1.1.100 send-community extended RR1-RACK1(config-router-af)# exit-address-family

To configure VPNv4 simply means removing all IPv4 peerings

Trang 3

RR1-RACK1(config-router)#router bgp 65001 RR1-RACK1(config-router)#no address-family ipv4

Let’s verify

RR1-RACK1#sho ip bgp neighbors 10.1.1.100 BGP neighbor is 10.1.1.100, remote AS 100, external link BGP version 4, remote router ID 10.1.1.100

BGP state = Established, up for 09:15:06 Last read 00:00:07, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities:

Route refresh: advertised and received(old & new) Address family IPv4 Unicast: received Å Needs to be disabled on all peering routers

Address family VPNv4 Unicast: advertised and received

ASBR1-RACK1(config-router)#router bgp 100 ASBR1-RACK1(config-router)#no address-family ipv4

*Mar 7 09:10:29.117: %BGP-5-ADJCHANGE: neighbor 10.1.1.100 Down Peer closed the

ASBR1-RACK1#sho ip bgp neighbors 10.1.1.254 BGP neighbor is 10.1.1.254, remote AS 65001, external link BGP version 4, remote router ID 55.55.55.55

BGP state = Established, up for 00:00:18 Last read 00:00:18, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities:

Route refresh: advertised and received(old & new) Address family VPNv4 Unicast: advertised and received Å correct output

Template for all PEs:

PE1-RACK1(config)#router bgp 65001 PE1-RACK1(config-router)# no synchronization PE1-RACK1(config-router)# bgp log-neighbor-changes PE1-RACK1(config-router)# neighbor 10.1.1.254 remote-as 65001 PE1-RACK1(config-router)# neighbor 10.1.1.254 update-source Loopback0 PE1-RACK1(config-router)# no auto-summary

PE1-RACK1(config-router)# address-family vpnv4 PE1-RACK1(config-router-af)# neighbor 10.1.1.254 activate PE1-RACK1(config-router-af)# neighbor 10.1.1.254 send-community extended PE1-RACK1(config-router-af)# exit-address-family

Task 16.8:

♦ Configure VPN Green site 1 PE-CE to PE2 in BGP AS57

Trang 4

BB1-RACK1(config)#router bgp 57 BB1-RACK1(config-router)# no synchronization BB1-RACK1(config-router)# bgp log-neighbor-changes BB1-RACK1(config-router)# network 10.12.1.0 mask 255.255.255.0 BB1-RACK1(config-router)# redistribute connected metric 2 BB1-RACK1(config-router)# redistribute static metric 2 BB1-RACK1(config-router)# neighbor 10.12.1.2 remote-as 65001 BB1-RACK1(config-router)# neighbor 10.12.1.2 description to AS65001-SP1-PE2

BB1-RACK1(config-router)# no auto-summary

PE2-RACK1(config-router)#router bgp 65001 PE2-RACK1(config-router)# no synchronization PE2-RACK1(config-router)# bgp log-neighbor-changes PE2-RACK1(config-router)# network 22.22.22.0 mask 255.255.255.0 PE2-RACK1(config-router)# neighbor 10.1.1.254 remote-as 65001 PE2-RACK1(config-router)# neighbor 10.1.1.254 update-source Loopback0 PE2-RACK1(config-router)# no auto-summary

PE2-RACK1(config-router)# address-family ipv4 vrf green PE2-RACK1(config-router-af)# redistribute connected PE2-RACK1(config-router-af)# redistribute static metric 2 PE2-RACK1(config-router-af)# neighbor 10.12.1.1 remote-as 57 PE2-RACK1(config-router-af)# neighbor 10.12.1.1 activate PE2-RACK1(config-router-af)# no auto-summary

♦ Configure VPN Green site 2 PE-CE to PE2 in BGP AS8

CE8-RACK1(config)#router bgp 8 CE8-RACK1(config-router)# no synchronization CE8-RACK1(config-router)# bgp log-neighbor-changes CE8-RACK1(config-router)# network 8.8.8.0 mask 255.255.255.0 CE8-RACK1(config-router)# network 10.82.1.0 mask 255.255.255.0 CE8-RACK1(config-router)# neighbor 10.82.1.2 remote-as 65001 CE8-RACK1(config-router)# no auto-summary

PE2-RACK1(config)#router bgp 65001 PE2-RACK1(config-router)# address-family vpnv4 PE2-RACK1(config-router-af)# neighbor 10.1.1.254 activate PE2-RACK1(config-router-af)# neighbor 10.1.1.254 send-community extended PE2-RACK1(config-router-af)# exit-address-family

PE2-RACK1(config-router)# address-family ipv4 vrf green PE2-RACK1(config-router-af)# redistribute connected PE2-RACK1(config-router-af)# redistribute static metric 2 PE2-RACK1(config-router-af)# neighbor 10.12.1.1 remote-as 57 PE2-RACK1(config-router-af)# neighbor 10.12.1.1 activate PE2-RACK1(config-router-af)# neighbor 10.82.1.1 remote-as 8 PE2-RACK1(config-router-af)# neighbor 10.82.1.1 activate PE2-RACK1(config-router-af)# no auto-summary

Trang 5

♦ CORRECTION!!! Configure VPN Solaris site 1 PE-CE to PE3 in

EIGRP

CE2-RACK1(config)#router eigrp 100 CE2-RACK1(config-router)# network 2.0.0.0 CE2-RACK1(config-router)# network 10.0.0.0 CE2-RACK1(config-router)# no auto-summary

PE3-RACK1(config)#ip vrf solaris PE3-RACK1(config-vrf)# rd 200:200 PE3-RACK1(config-vrf)# route-target export 200:200 PE3-RACK1(config-vrf)# route-target import 200:200 PE3-RACK1(config-vrf)#router eigrp 100

PE3-RACK1(config-router)# auto-summary PE3-RACK1(config-router)# address-family ipv4 vrf solaris PE3-RACK1(config-router-af)# redistribute bgp 65001 metric 1500 500 255

255 1500 PE3-RACK1(config-router-af)# network 10.0.0.0 PE3-RACK1(config-router-af)# no auto-summary PE3-RACK1(config-router-af)# autonomous-system 100 PE3-RACK1(config-router-af)# exit-address-family PE3-RACK1(config-router)#router bgp 65001

PE3-RACK1(config-router)# no synchronization PE3-RACK1(config-router)# bgp log-neighbor-changes PE3-RACK1(config-router)# network 33.33.33.0 mask 255.255.255.0 PE3-RACK1(config-router)# neighbor 10.1.1.254 remote-as 65001 PE3-RACK1(config-router)# neighbor 10.1.1.254 update-source Loopback0 PE3-RACK1(config-router)# no auto-summary

PE3-RACK1(config-router)# address-family ipv4 vrf solaris PE3-RACK1(config-router-af)# redistribute connected PE3-RACK1(config-router-af)# redistribute eigrp 100 metric 2 PE3-RACK1(config-router-af)# no auto-summary

Task 16.9:

♦ Configure all MPLS traffic flow over ASBR1 S0/0 to ASBR2 S0/0

♦ Configure such that only MPLS traffic is allowed from ASBR1 to ASBR2

♦ Configure SP1 and SP2 such that VPN Solaris site 2 can communicate with Solaris site 1

♦ No IGP is allowed between ASBR1 and ASBR2

Trang 6

♦ MPLS must be dynamically enabled from ASBR1 to ASBR2

♦ No static routes allowed

♦ VPN Solaris site 1 (CE1) should ping site 2 (CE6)

♦ VPN Green site 3 (BB3) should ping VPN Green site 1 and VPN

RR1-RACK1(config-router-af)# neighbor ibgp route-reflector-client RR1-RACK1(config-router-af)# neighbor ibgp send-community extended RR1-RACK1(config-router-af)# neighbor 10.1.1.1 activate

RR1-RACK1(config-router-af)# neighbor 10.1.1.2 activate RR1-RACK1(config-router-af)# neighbor 10.1.1.3 activate RR1-RACK1(config-router-af)# exit-address-family

PE1-RACK1(config)#router bgp 65001 PE1-RACK1(config-router)# bgp log-neighbor-changes PE1-RACK1(config-router)# neighbor 10.1.1.100 remote-as 100 PE1-RACK1(config-router)# neighbor 10.1.1.100 ebgp-multihop 2 PE1-RACK1(config-router)# neighbor 10.1.1.100 update-source Loopback0 PE1-RACK1(config-router)# neighbor 10.1.1.254 remote-as 65001

PE1-RACK1(config-router)# neighbor 10.1.1.254 update-source Loopback0 PE1-RACK1(config-router)# neighbor 140.100.1.1 remote-as 1540

PE1-RACK1(config-router)# neighbor 140.100.1.1 description To BB2 PE1-RACK1(config-router)# neighbor 140.100.1.1 password iementor PE1-RACK1(config-router)# address-family vpnv4

PE1-RACK1(config-router-af)# neighbor 10.1.1.100 activate PE1-RACK1(config-router-af)# neighbor 10.1.1.100 send-community extended PE1-RACK1(config-router-af)# neighbor 10.1.1.254 activate

PE1-RACK1(config-router-af)# neighbor 10.1.1.254 send-community extended PE1-RACK1(config-router-af)# exit-address-family

Trang 7

PE2-RACK1(config)#router bgp 65001 PE2-RACK1(config-router)# no bgp default ipv4-unicast PE2-RACK1(config-router)# bgp log-neighbor-changes PE2-RACK1(config-router)# neighbor 10.1.1.254 remote-as 65001 PE2-RACK1(config-router)# neighbor 10.1.1.254 update-source Loopback0 PE2-RACK1(config-router)# address-family vpnv4

PE2-RACK1(config-router-af)# neighbor 10.1.1.254 activate PE2-RACK1(config-router-af)# neighbor 10.1.1.254 send-community extended PE2-RACK1(config-router-af)# exit-address-family

PE2-RACK1(config-router)# address-family ipv4 vrf green PE2-RACK1(config-router-af)# redistribute connected metric 2 PE2-RACK1(config-router-af)# redistribute static

PE2-RACK1(config-router-af)# neighbor 10.12.1.1 remote-as 57 PE2-RACK1(config-router-af)# neighbor 10.12.1.1 activate PE2-RACK1(config-router-af)# neighbor 10.12.1.1 as-override PE2-RACK1(config-router-af)# neighbor 10.82.1.1 remote-as 8 PE2-RACK1(config-router-af)# neighbor 10.82.1.1 activate PE2-RACK1(config-router-af)# no auto-summary

PE3-RACK1(config)#router bgp 65001 PE3-RACK1(config-router)# no synchronization PE3-RACK1(config-router)# bgp log-neighbor-changes PE3-RACK1(config-router)# neighbor 10.1.1.254 remote-as 65001 PE3-RACK1(config-router)# neighbor 10.1.1.254 update-source Loopback0 PE3-RACK1(config-router)# no auto-summary

PE3-RACK1(config-router)# address-family ipv4 vrf solaris PE3-RACK1(config-router-af)# redistribute connected metric 2 PE3-RACK1(config-router-af)# redistribute eigrp 100 metric 2 PE3-RACK1(config-router-af)# no auto-summary

PE4-RACK1(config)#router bgp 65002 PE4-RACK1(config-router)# no synchronization PE4-RACK1(config-router)# bgp log-neighbor-changes PE4-RACK1(config-router)# neighbor 10.1.1.200 remote-as 200 PE4-RACK1(config-router)# neighbor 10.1.1.200 ebgp-multihop 2 PE4-RACK1(config-router)# neighbor 10.1.1.200 update-source Loopback0 PE4-RACK1(config-router)# no auto-summary

PE4-RACK1(config-router)# address-family ipv4 vrf solaris PE4-RACK1(config-router-af)# redistribute connected metric 2

Trang 8

PE4-RACK1(config-router-af)# redistribute ospf 6 metric 2 match internal external 1 external 2

PE4-RACK1(config-router-af)# no auto-summary PE4-RACK1(config-router-af)# no synchronization PE4-RACK1(config-router-af)# exit-address-family PE4-RACK1(config-router)# address-family ipv4 vrf green PE4-RACK1(config-router-af)# redistribute connected metric 2 PE4-RACK1(config-router-af)# neighbor 172.16.30.3 remote-as 57 PE4-RACK1(config-router-af)# neighbor 172.16.30.3 password iem PE4-RACK1(config-router-af)# neighbor 172.16.30.3 activate PE4-RACK1(config-router-af)# no auto-summary

ASBR1-RACK1(config)#router bgp 100 ASBR1-RACK1(config-router)# bgp router-id 10.1.1.100 ASBR1-RACK1(config-router)# no bgp default ipv4-unicast ASBR1-RACK1(config-router)# no bgp default route-target filter ASBR1-RACK1(config-router)# bgp log-neighbor-changes

ASBR1-RACK1(config-router)# neighbor 10.1.1.1 remote-as 65001 ASBR1-RACK1(config-router)# neighbor 10.1.1.1 ebgp-multihop 2 ASBR1-RACK1(config-router)# neighbor 10.1.1.1 update-source Loopback0 ASBR1-RACK1(config-router)# neighbor 172.16.113.2 remote-as 200 ASBR1-RACK1(config-router)# address-family vpnv4

ASBR1-RACK1(config-router-af)# neighbor 10.1.1.1 activate ASBR1-RACK1(config-router-af)# neighbor 10.1.1.1 next-hop-self ASBR1-RACK1(config-router-af)# neighbor 10.1.1.1 send-community extended ASBR1-RACK1(config-router-af)# neighbor 172.16.113.2 activate

ASBR1-RACK1(config-router-af)# neighbor 172.16.113.2 send-community extended

ASBR1-RACK1(config-router-af)# exit-address-family

ASBR2-RACK1(config)#router bgp 200 ASBR2-RACK1(config-router)# no bgp default ipv4-unicast ASBR2-RACK1(config-router)# no bgp default route-target filter ASBR2-RACK1(config-router)# bgp log-neighbor-changes

ASBR2-RACK1(config-router)# neighbor 10.1.1.4 remote-as 65002 ASBR2-RACK1(config-router)# neighbor 10.1.1.4 ebgp-multihop 2 ASBR2-RACK1(config-router)# neighbor 10.1.1.4 update-source Loopback0 ASBR2-RACK1(config-router)# neighbor 172.16.113.1 remote-as 100 ASBR2-RACK1(config-router)# address-family vpnv4

ASBR2-RACK1(config-router-af)# neighbor 10.1.1.4 activate ASBR2-RACK1(config-router-af)# neighbor 10.1.1.4 next-hop-self ASBR2-RACK1(config-router-af)# neighbor 10.1.1.4 send-community extended ASBR2-RACK1(config-router-af)# neighbor 172.16.113.1 activate

ASBR2-RACK1(config-router-af)# neighbor 172.16.113.1 send-community extended

ASBR2-RACK1(config-router-af)# exit-address-family

After peering PE1 and ASBR1 you will experience the problem receiving routes from SP2

Trang 9

PE1-RACK1#sho ip bgp vpnv4 all summary BGP router identifier 11.11.11.11, local AS number 65001 BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.1.1.100 4 100 109 86 0 0 0 00:00:05 0 10.1.1.254 4 65001 164 87 0 0 0 00:00:18 0

ASBR1-RACK1#sho ip bgp vpnv4 all summary Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.1.1.1 4 65001 138 170 258 0 0 00:00:31 0 172.16.113.2 4 200 196 244 258 0 0 00:32:32 19

This will cause the Route Reflector to not reflect any routes from SP2 because PE1 is rejecting all routes that arrived from SP2 Let’s debug and verify why this happens

PE1-RACK1#debug bgp events BGP events debugging is on PE1-RACK1#debug ip bgp updates BGP updates debugging is on PE1-RACK1#debug ip bgp updates BGP updates debugging is on

Mar 1 01:00:51.761: BGP(2): 10.1.1.100 rcvd 100:100:7.7.7.0/24 DENIED due to: extended community not supported;

*Mar 1 01:00:51.761: BGP(2): 10.1.1.100 rcvd 100:100:13.1.1.0/24 DENIED due to: extended community not supported;

Trang 10

This means PE1 is rejecting all communities because PE1 is not participating in VPN Green and VPN Solaris To resolve this issue,

we must disable PE1 behavior from examining communities from other VPNs

PE1-RACK1(config-router)#no bgp default route-target filter

PE1-RACK1#sho ip bgp vpnv4 all summary BGP router identifier 11.11.11.11, local AS number 65001 BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.1.1.100 4 100 123 98 1 0 0 00:05:13 0 10.1.1.254 4 65001 181 99 1 0 0 00:05:21 0

PE1-RACK1#clear ip bgp *

*Mar 1 01:06:10.556: BGP: reset all neighbors due to User reset

*Mar 1 01:06:10.556: BGPNSF state: 10.1.1.100 went from nsf_not_active to nsf_not_active

*Mar 1 01:06:10.556: BGP: 10.1.1.100 went from Established to Idle

*Mar 1 01:06:10.556: BGP: 10.1.1.100 reset due to User reset

*Mar 1 01:06:10.556: %BGP-5-ADJCHANGE: neighbor 10.1.1.100 Down User reset

*Mar 1 01:06:10.556: BGP: 10.1.1.100 closing

*Mar 1 01:06:10.556: BGP: 10.1.1.254 went from Established to Idle

*Mar 1 01:06:10.556: BGP: 10.1.1.254 reset due to User reset

*Mar 1 01:06:10.556: %BGP-5-ADJCHANGE: neighbor 10.1.1.254 Down User reset

*Mar 1 01:06:10.556: BGP: 10.1.1.254 closing

*Mar 1 01:06:10.636: BGP: Performing BGP general scanning

*Mar 1 01:06:10.636: BGP(0): scanning IPv4 Unicast routing tables

*Mar 1 01:06:10.636: BGP(1): scanning IPv6 Unicast routing tables

*Mar 1 01:06:10.636: BGP(2): scanning VPNv4 Unicast routing tables

*Mar 1 01:06:10.636: BGP(3): scanning IPv4 Multicast routing tables

*Mar 1 01:06:45.934: %BGP-5-ADJCHANGE: neighbor 10.1.1.100 Up

*Mar 1 01:06:46.046: BGP(2): 10.1.1.100 rcvd UPDATE w/ attr: nexthop 10.1.1.100, origin ?, path 100 200 65002, extended community R

T:200:200 OSPF DOMAIN ID:0x0005:0x000000060200 OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:172.16.60.4:0

Trang 11

*Mar 1 01:06:55.666: BGP: Import timer expired Walking from 1 to 1

PE1-RACK1#sho ip bgp vpnv4 all summary Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.1.1.100 4 100 130 101 0 0 0 00:00:30 19 10.1.1.254 4 65001 191 102 0 0 0 00:00:37 22

CE2-RACK1#ping 6.6.6.6 Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms

BB3-RACK1#sho ip route bg 8.0.0.0/24 is subnetted, 1 subnets

B 8.8.8.0 [20/0] via 172.16.30.4, 00:01:35 10.0.0.0/24 is subnetted, 2 subnets

B 10.12.1.0 [20/0] via 172.16.30.4, 00:01:35

B 10.82.1.0 [20/0] via 172.16.30.4, 00:01:35

Routes from BB1 are missing The issue is related to the same AS57 on each side The same rule applies even if you use Inter-AS – Inter-AS will carry over the same AS from SP1 to SP2

PE4-RACK1(config-router-af)#neighbor 172.16.30.3 as-override

*Mar 1 00:47:53.471: %BGP-5-ADJCHANGE: neighbor 172.16.30.3 vpn vrf green Down AS-override change

Verify ASBR’s label mapping

ASBR1-RACK1#sho ip bgp vpnv4 all labels Network Next Hop In label/Out label Route Distinguisher: 100:100

5.5.5.0/24 10.1.1.1 40/42 7.7.7.0/24 172.16.113.2 84/59

Trang 12

8.1.1.0/24 10.1.1.1 41/43 8.8.8.0/24 10.1.1.1 30/44 10.12.1.0/24 10.1.1.1 31/45 10.82.1.0/24 10.1.1.1 36/46 12.1.1.0/24 10.1.1.1 42/47 13.1.1.0/24 172.16.113.2 85/60 18.2.1.0/24 10.1.1.1 43/48 28.3.1.0/24 10.1.1.1 44/49 38.1.1.0/24 10.1.1.1 45/50 38.2.1.0/24 172.16.113.2 86/61 38.3.1.0/24 172.16.113.2 87/62 138.1.1.0/24 172.16.113.2 88/63 153.46.1.0/24 172.16.113.2 89/64 153.46.2.0/24 172.16.113.2 90/65 153.46.3.0/24 172.16.113.2 91/66 153.46.4.0/24 172.16.113.2 92/67 153.46.100.0/22 172.16.113.2 93/68 156.46.1.0/24 10.1.1.1 46/51 156.46.2.0/24 10.1.1.1 47/52 156.46.3.0/24 10.1.1.1 48/53 156.46.4.0/24 10.1.1.1 49/54 156.46.100.0/22 10.1.1.1 50/55 172.16.30.0/24 172.16.113.2 22/18 209.112.65.0 10.1.1.1 51/56 209.112.66.0 10.1.1.1 52/57 209.112.67.0 10.1.1.1 81/58 209.112.68.0 10.1.1.1 82/59 209.112.69.0 10.1.1.1 83/60 209.112.70.0 10.1.1.1 37/61 213.112.65.0 172.16.113.2 94/69 213.112.66.0 172.16.113.2 95/70 213.112.67.0 172.16.113.2 96/71 213.112.68.0 172.16.113.2 97/72 213.112.69.0 172.16.113.2 98/73 213.112.70.0 172.16.113.2 99/74 Route Distinguisher: 200:200

2.2.2.0/24 10.1.1.1 38/62 6.6.6.0/24 172.16.113.2 63/19 10.23.1.0/24 10.1.1.1 39/63 172.16.60.0/24 172.16.113.2 64/20

ASBR2-RACK1#sho ip bgp vpnv4 all labels Network Next Hop In label/Out label Route Distinguisher: 100:100

5.5.5.0/24 172.16.113.1 43/40 7.7.7.0/24 10.1.1.4 59/36 8.1.1.0/24 172.16.113.1 44/41 8.8.8.0/24 172.16.113.1 37/30 10.12.1.0/24 172.16.113.1 38/31 10.82.1.0/24 172.16.113.1 39/36 12.1.1.0/24 172.16.113.1 45/42 13.1.1.0/24 10.1.1.4 60/37 18.2.1.0/24 172.16.113.1 46/43 28.3.1.0/24 172.16.113.1 47/44

Trang 13

38.1.1.0/24 172.16.113.1 48/45 38.2.1.0/24 10.1.1.4 61/38 38.3.1.0/24 10.1.1.4 62/39 138.1.1.0/24 10.1.1.4 63/40 153.46.1.0/24 10.1.1.4 64/41 153.46.2.0/24 10.1.1.4 65/42 153.46.3.0/24 10.1.1.4 66/43 153.46.4.0/24 10.1.1.4 67/44 153.46.100.0/22 10.1.1.4 68/45 156.46.1.0/24 172.16.113.1 49/46 156.46.2.0/24 172.16.113.1 50/47 156.46.3.0/24 172.16.113.1 51/48 156.46.4.0/24 172.16.113.1 52/49 156.46.100.0/22 172.16.113.1 53/50 172.16.30.0/24 10.1.1.4 18/27 209.112.65.0 172.16.113.1 54/51 209.112.66.0 172.16.113.1 55/52 209.112.67.0 172.16.113.1 56/81 209.112.68.0 172.16.113.1 57/82 209.112.69.0 172.16.113.1 58/83 209.112.70.0 172.16.113.1 40/37 213.112.65.0 10.1.1.4 69/46 213.112.66.0 10.1.1.4 70/47 213.112.67.0 10.1.1.4 71/48 213.112.68.0 10.1.1.4 72/49 213.112.69.0 10.1.1.4 73/50 213.112.70.0 10.1.1.4 74/51 Route Distinguisher: 200:200

2.2.2.0/24 172.16.113.1 41/38 6.6.6.0/24 10.1.1.4 19/34 10.23.1.0/24 172.16.113.1 42/39 172.16.60.0/24 10.1.1.4 20/35

BB3-RACK1#sho ip route bg 18.0.0.0/24 is subnetted, 1 subnets

B 5.5.5.0 [20/0] via 172.16.30.4, 00:00:05 156.46.0.0/16 is variably subnetted, 5 subnets, 2 masks

B 8.8.8.0 [20/0] via 172.16.30.4, 00:00:05

B 8.1.1.0 [20/0] via 172.16.30.4, 00:00:05

B 209.112.65.0/24 [20/0] via 172.16.30.4, 00:00:05

B 209.112.66.0/24 [20/0] via 172.16.30.4, 00:00:05 10.0.0.0/24 is subnetted, 2 subnets

B 10.12.1.0 [20/0] via 172.16.30.4, 00:00:05

B 10.82.1.0 [20/0] via 172.16.30.4, 00:00:05

Trang 14

B 209.112.67.0/24 [20/0] via 172.16.30.4, 00:00:05

B 12.1.1.0 [20/0] via 172.16.30.4, 00:00:05

B 28.3.1.0 [20/0] via 172.16.30.4, 00:00:05

B 209.112.70.0/24 [20/0] via 172.16.30.4, 00:00:05

BB3-RACK1#ping 5.5.5.5 Type escape sequence to abort

Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/7/8 ms

ASBR1-RACK1#sho mpls interfaces Interface IP Tunnel Operational Serial0/0 Yes (ldp) No Yes

Serial0/1 Yes (ldp) No Yes Serial0/2 Yes (ldp) No Yes

As you can see, Inter-AS will dynamically bring LDP per interface using BGP

ASBR1-RACK1#sho mpls forwarding-table Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface

16 40 140.100.2.2/32 0 Se0/2 172.16.222.1

17 Pop tag 140.100.2.0/24 0 Se0/2 172.16.222.1

18 34 172.16.30.0/24 0 Se0/2 172.16.222.1

19 38 172.16.20.0/24 0 Se0/2 172.16.222.1

20 Pop tag 172.16.12.0/24 0 Se0/2 172.16.222.1

21 Pop tag 172.16.13.0/24 0 Se0/2 172.16.222.1

Định dạng
Số trang	28
Dung lượng	267,86 KB