Thursday, October 2, 2008

MPLS VPN Lab

After a little break, used to complete my last CCNP exam, I'm back with another lab...
Now playing on MPLS VPN!

First, read Reggie Nolasco's document "Understanding How Routes are propagated in an MPLS VPN"

Then I made a sample topology like this:




here we have a service provider (SP) with 3 points of presence (CON6, CON7, CON8) and two different customers.

Service Provider:
-runs OSPF and MBGP AS 65535
-uses VpnV4 to connect customers

Customer1:

-uses EIGRP AS 12

Customer2:
-uses OSPF Area0

Obviously customers have overlapping RFC1918 networks...


Here are my configurations for SP:
CON6[+/-]


!
hostname CON6
!
ip cef
!
ip vrf CUSTOMER1
rd 120:12
route-target export 12:120
route-target import 12:120
!
ip vrf CUSTOMER2
rd 500:20
route-target export 20:500
route-target import 20:500
!
interface Loopback0
description iBGP Peering interface internal to SP domain
ip address 192.168.0.6 255.255.255.255
!
interface FastEthernet0/0
description Link to SP-CON7
ip address 172.17.0.2 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 TEST-SP
ip ospf network point-to-point
ip ospf hello-interval 3
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
description Link to CUSTOMER1 (CON14)
ip vrf forwarding CUSTOMER1
ip address 172.31.0.9 255.255.255.252
duplex auto
speed auto
!
!
interface FastEthernet0/0/0
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
description Link to CUSTOMER2 (CON13) - VLAN5
switchport access vlan 5
!
interface FastEthernet0/0/3
!
interface Vlan1
no ip address
!
interface Vlan5
description Link to CUSTOMER2 vlan5 - fa 0/0/2
ip vrf forwarding CUSTOMER2
ip address 172.31.0.13 255.255.255.252
!
router eigrp 120
auto-summary
!
address-family ipv4 vrf CUSTOMER1
redistribute bgp 65535 metric 10000 100 255 1 1500
network 172.31.0.0
no auto-summary
autonomous-system 12
exit-address-family
!
router ospf 2 vrf CUSTOMER2
log-adjacency-changes
redistribute bgp 65535 subnets
network 172.31.0.13 0.0.0.0 area 0
!
router ospf 1
router-id 192.168.0.6
log-adjacency-changes
area 0 authentication message-digest
network 172.17.0.2 0.0.0.0 area 0
network 192.168.0.6 0.0.0.0 area 0
!
router bgp 65535
no synchronization
bgp log-neighbor-changes
neighbor 192.168.0.7 remote-as 65535
neighbor 192.168.0.7 update-source Loopback0
neighbor 192.168.0.8 remote-as 65535
neighbor 192.168.0.8 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 192.168.0.7 activate
neighbor 192.168.0.7 send-community both
neighbor 192.168.0.8 activate
neighbor 192.168.0.8 send-community both
exit-address-family
!
address-family ipv4 vrf CUSTOMER2
redistribute ospf 2 vrf CUSTOMER2
no synchronization
exit-address-family
!
address-family ipv4 vrf CUSTOMER1
redistribute eigrp 12
no synchronization
exit-address-family
!
mpls ldp router-id Loopback0 force
!



CON7[+/-]


!
hostname CON7
!
ip cef
!
ip vrf CUSTOMER1
rd 120:12
route-target export 12:120
route-target import 12:120
!
interface Loopback0
description iBGP Peering interface internal to SP domain
ip address 192.168.0.7 255.255.255.255
!
interface FastEthernet0/0
no ip address
duplex full
speed 100
!
interface FastEthernet0/1
ip address 172.17.0.1 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 TEST-SP
ip ospf network point-to-point
ip ospf hello-interval 3
duplex full
speed 100
mpls ip
!
interface Serial0/0/0
no ip address
no fair-queue
!
interface Serial0/0/1
no ip address
clock rate 2000000
!
interface Serial0/1/0
no ip address
fair-queue
!
interface Serial0/1/1
no ip address
!
interface Serial0/2/0
ip address 172.17.0.5 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 TEST-SP
ip ospf hello-interval 3
mpls ip
!
interface Serial0/2/1
ip vrf forwarding CUSTOMER1
ip address 172.31.0.1 255.255.255.252
!
interface Serial0/3/0
no ip address
fair-queue
!
interface Serial0/3/1
no ip address
!
router eigrp 120
auto-summary
!
address-family ipv4 vrf CUSTOMER1
redistribute bgp 65535 metric 10000 100 255 1 1500
network 172.31.0.0
no auto-summary
autonomous-system 12
exit-address-family
!
router ospf 1
router-id 192.168.0.7
log-adjacency-changes
area 0 authentication message-digest
passive-interface default
no passive-interface FastEthernet0/1
no passive-interface Serial0/2/0
network 172.17.0.1 0.0.0.0 area 0
network 172.17.0.5 0.0.0.0 area 0
network 192.168.0.7 0.0.0.0 area 0
!
router bgp 65535
no synchronization
bgp log-neighbor-changes
neighbor 192.168.0.6 remote-as 65535
neighbor 192.168.0.6 update-source Loopback0
neighbor 192.168.0.8 remote-as 65535
neighbor 192.168.0.8 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 192.168.0.6 activate
neighbor 192.168.0.6 send-community both
neighbor 192.168.0.8 activate
neighbor 192.168.0.8 send-community both
exit-address-family
!
address-family ipv4 vrf CUSTOMER1
redistribute eigrp 12
no synchronization
exit-address-family
!
mpls ldp router-id Loopback0 force
!




CON8[+/-]


!
hostname CON8
!
ip cef
!
ip vrf CUSTOMER1
rd 120:12
route-target export 12:120
route-target import 12:120
!
ip vrf CUSTOMER2
rd 500:20
route-target export 20:500
route-target import 20:500
!
interface Loopback0
description iBGP Peering interface internal to SP domain
ip address 192.168.0.8 255.255.255.255
!
interface FastEthernet0/0
ip vrf forwarding CUSTOMER1
ip address 172.31.0.17 255.255.255.252
duplex full
speed 100
!
interface FastEthernet0/1
ip vrf forwarding CUSTOMER2
ip address 172.31.0.5 255.255.255.252
duplex auto
speed auto
!
interface Serial0/0/0
ip address 172.17.0.6 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 TEST-SP
ip ospf hello-interval 3
mpls ip
no fair-queue
clock rate 2000000
!
router eigrp 120
auto-summary
!
address-family ipv4 vrf CUSTOMER1
redistribute bgp 65535 metric 10000 100 255 1 1500
network 172.31.0.0
no auto-summary
autonomous-system 12
exit-address-family
!
router ospf 2 vrf CUSTOMER2
log-adjacency-changes
redistribute bgp 65535 subnets
network 172.31.0.5 0.0.0.0 area 0
!
router ospf 1
router-id 192.168.0.8
log-adjacency-changes
area 0 authentication message-digest
passive-interface default
no passive-interface Serial0/0/0
network 172.17.0.6 0.0.0.0 area 0
network 192.168.0.8 0.0.0.0 area 0
!
router bgp 65535
no synchronization
bgp log-neighbor-changes
neighbor 192.168.0.6 remote-as 65535
neighbor 192.168.0.6 update-source Loopback0
neighbor 192.168.0.7 remote-as 65535
neighbor 192.168.0.7 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 192.168.0.6 activate
neighbor 192.168.0.6 send-community both
neighbor 192.168.0.7 activate
neighbor 192.168.0.7 send-community both
exit-address-family
!
address-family ipv4 vrf CUSTOMER2
redistribute ospf 2 vrf CUSTOMER2
no synchronization
exit-address-family
!
address-family ipv4 vrf CUSTOMER1
redistribute eigrp 12
no synchronization
exit-address-family
!
mpls ldp router-id Loopback0 force
!



Customers configuration are really simple, they didn't have a special configuration but something like this:
-for Customer 1 (eigrp 12)

router eigrp 12
network 172.31.0.0
network 192.168.2.0
no auto-summary
-for Customer 2 (ospf area 0)
router ospf 1
log-adjacency-changes
network 172.31.0.14 0.0.0.0 area 0
network 192.168.2.1 0.0.0.0 area 0

note that on SP CON6 we see the following routing protocols:
CON6#sh ip protocols
Routing Protocol is "eigrp 120"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: eigrp 120
EIGRP NSF-aware route hold timer is 240s
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
Routing Information Sources:
Gateway Distance Last Update
Distance: internal 90 external 170

Routing Protocol is "bgp 65535"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
IGP synchronization is disabled
Automatic route summarization is disabled
Neighbor(s):
Address FiltIn FiltOut DistIn DistOut Weight RouteMap
192.168.0.7
192.168.0.8
Maximum path: 1
Routing Information Sources:
Gateway Distance Last Update
Distance: external 20 internal 200 local 200

Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 192.168.0.6
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
172.17.0.2 0.0.0.0 area 0
192.168.0.6 0.0.0.0 area 0
Reference bandwidth unit is 100 mbps
Routing Information Sources:
Gateway Distance Last Update
192.168.0.8 110 01:14:20
192.168.0.7 110 01:14:20
Distance: (default is 110)

CON6#

Ospf process 2 is applied to vrf CUSTOMER2, so is not visible here... but we can see with:
CON6#sh ip protocols vrf CUSTOMER2
Routing Protocol is "bgp 65535"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
IGP synchronization is disabled
Automatic route summarization is disabled
Redistributing: ospf 2
Maximum path: 1
Routing Information Sources:
Gateway Distance Last Update
192.168.0.8 200 01:15:52
Distance: external 20 internal 200 local 200

Routing Protocol is "ospf 2"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 172.31.0.13
It is an area border and autonomous system boundary router
Redistributing External Routes from,
bgp 65535, includes subnets in redistribution
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
172.31.0.13 0.0.0.0 area 0
Reference bandwidth unit is 100 mbps
Routing Information Sources:
Gateway Distance Last Update
13.13.13.13 110 01:15:47
Distance: (default is 110)

CON6#

From customer2 perspective, the MP-BGP learned routes are viewed as inter-area "O IA", despite all Customer2 networks are declared in area0:


CON10#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.31.0.0/30 is subnetted, 2 subnets
C 172.31.0.4 is directly connected, FastEthernet0/0
O IA 172.31.0.12 [110/2] via 172.31.0.5, 01:17:08, FastEthernet0/0
C 192.168.1.0/24 is directly connected, Loopback1
192.168.2.0/32 is subnetted, 1 subnets
O IA 192.168.2.1 [110/3] via 172.31.0.5, 01:16:51, FastEthernet0/0
CON10#
CON10#sh ip ospf data
CON10#sh ip ospf database

OSPF Router with ID (10.10.10.10) (Process ID 1)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
10.10.10.10 10.10.10.10 662 0x80000004 0x00C2FD 2
172.31.0.5 172.31.0.5 745 0x80000005 0x006286 1

Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum
172.31.0.5 172.31.0.5 745 0x80000003 0x00CDD2

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum
172.31.0.12 172.31.0.5 745 0x80000003 0x001AF9
192.168.2.1 172.31.0.5 745 0x80000003 0x001764
CON10#

6 comments:

Shivlu Jain said...

good work. keep it up.

Marco Rizzi said...

Thank you so much Shivlu Jain, I've just done the BGP exam and started today my MPLS preparation... I'll follow your blog to learn from your experience.

keep in touch

Marco

dabance said...

i just simulated this lab, i am getting all A routes on Customer A routers and all B routes on customer B routers. But remote ips doesn't ping!


CON13#sh ip route

Gateway of last resort is not set

172.31.0.0/30 is subnetted, 2 subnets
O IA 172.31.0.4 [110/2] via 172.31.0.13, 00:44:03, FastEthernet0/0
C 172.31.0.12 is directly connected, FastEthernet0/0
192.168.1.0/32 is subnetted, 1 subnets
O IA 192.168.1.1 [110/3] via 172.31.0.13, 00:44:03, FastEthernet0/0
C 192.168.2.0/24 is directly connected, Loopback1
CON13#ping 192.168.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CON13#

Marco Rizzi said...

Hi Dabance,

nice to see someone trying my insanity :-)

anyway, if you see the routes, doesn't means that it's all fine.

Please Check:
-if the remote site has a route back to you, otherwise the ping response will never reach you
-if the ldp adjacency is correctly established and labels are advertised

have fun with your studies
Marco

dabance said...

Thanks for ur kind words, the problem was with ldp adjacency. All is well today.

From one of the Customer router -

CON13#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.31.0.0/30 is subnetted, 2 subnets
O IA 172.31.0.4 [110/2] via 172.31.0.13, 00:08:25, FastEthernet0/0
C 172.31.0.12 is directly connected, FastEthernet0/0
192.168.1.0/32 is subnetted, 1 subnets
O IA 192.168.1.1 [110/3] via 172.31.0.13, 00:08:25, FastEthernet0/0
C 192.168.2.0/24 is directly connected, Loopback1
CON13#
CON13#
CON13#ping 192.168.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 476/534/732 ms
CON13#
CON13#traceroute 192.168.1.1

Type escape sequence to abort.
Tracing the route to 192.168.1.1

1 172.31.0.13 200 msec 216 msec 60 msec
2 172.17.0.1 [MPLS: Labels 17/20 Exp 0] 388 msec 428 msec 332 msec
3 172.31.0.5 [MPLS: Label 20 Exp 0] 420 msec 372 msec 304 msec
4 172.31.0.6 496 msec * 412 msec

Josinfo Networks said...

Hi Marco Josinfo again ahha

After 7 hours i finish this Lab hauhuahuahua i am so slow huahuahuahua

=============
Gateway of last resort is 172.31.0.9 to network 0.0.0.0

172.31.0.0/16 is variably subnetted, 4 subnets, 2 masks
D 172.31.0.16/30 [90/30720] via 172.31.0.9, 00:46:53, FastEthernet2/0
D 172.31.0.0/30 [90/2172416] via 172.31.0.9, 00:46:53, FastEthernet2/0
D 172.31.0.0/16 is a summary, 01:44:32, Null0
C 172.31.0.8/30 is directly connected, FastEthernet2/0
D 192.168.1.0/24 [90/2300416] via 172.31.0.9, 00:28:37, FastEthernet2/0
D 192.168.2.0/24 [90/158720] via 172.31.0.9, 00:46:53, FastEthernet2/0
C 192.168.3.0/24 is directly connected, Loopback0
S* 0.0.0.0/0 [1/0] via 172.31.0.9
CON14#
================

And Each VRF could ping themselves

Now i will go next Toward MPLS/BGP certified rsrsrs