INWK 6117

Lab 5 MPLS VPNs with EBGP

February 25, 2013

Section 1 Group 9
Mahmood Soliman Gautambir

1-Show MPLS interfaces on 9R4

We can see that two interfaces have MPLS enabled with ldp running on them and both are fully operational. 2-show MPLS ldp neighbor on 9R4

We can see the peer identifier 10R4 having an identity of 172.16.3.3 and the local identifier having an identity of 172.16.2.2. the next line shows the TCP connection from 172.16.3.3 to the local router, The router that takes the active role establishes the LDP TCP connection session and initiates the negotiation of the LDP session parameters , in this case router 10R4. We can see the message counter incrementing for every message sent or received, the uptime is 8 minutes and 18 seconds. Three addresses are shown to indicate the bounded peers learned from 10R4. On the other side we have another neighbour connected to 9R4 which is 9R1, connection was initiated from 9R1 because it is with bigger IP address , we can see the counter for the number of messages sent and received and the two bounded addresses learned from 9R1 are shown.

3-show MPLS ldp bindings on 9R4 This command is used to verify that the LSR has remote bindings only from a specified peer for prefixes permitted by the access list, when label binding filtering is enabled.

The figure above shows the output of the command The fields in the above show command are explained in the table below

The first entry shows the local binding is 19 for the prefix 172.16.1.1 and the remote binding is also 19

4-show MPLS forwarding table on 9R4

The figure above shows the MPLS forwarding table on 9R4, this forwarding table is similar to the routing table in IP routers. The first entry shows that if packets with a label of 16 come the router will pop the label and send on the outgoing interface of fa0/0 to the next hop address of 192.168.44.14. on the other hand if a packet comes with in ingress label of 18 the router exchanges this label with label 18 and forward to the outgoing interface of fa0/0, this packet is sent to 10R1, router 10R4 will pop this label and forward the packet towards its final destination. The complete description of the fields shown in the above command is shown in the table below.

5-show IP vrf detail on 9R1 This command is used to display the set of defined VRFs (VPN routing/forwarding instances) and associated interfaces.

The above figure shows that we have two VPNs enabled VPN_A and VPN_B, VPN_A with a route distinguisher of 200:110 and a route target of 200:110. For VPN_B we can see the route distinguisher of 200:120 and a route target of 200:120. The table below explains the export and import fields

6.show IP route vrf VPN_A on 9R1 This command is used to show the routing table on 9R4 for VPN_A , this routing table include routes to and from routers in the VPN_A, these include router 10R2 and 9R2, we can see their loopback interface in the routing table.

7.show ip route vrf VPN_B on 9R1 The output of this command displays the output of the routing table in 9R4 for VPN_B we can see the routes to the loopback interfaces of 10R3 and 9R3, both are sitting in the same VPN and are managed by the same authority.

8. show ip vrf* on 9R1 This command is used to show all the routing tables residing within the router, includes routes learned from IGP and routes learned for each VRF.

The above output displays the routing table for router R1, and shows the routes learned by OSPF in area 0.

The above figures shows the displayed output for the routes inside VPN_A

The above figures shows the displayed output for the routes inside VPN_B

9.show ip BGP VPNv4 This command is used to display entries in the Border Gateway Protocol (BGP) routing table

The meaning of each of the displayed fields is shown in the table below.

Table 28 show ip BGP Field Descriptions Field BGP table version local router ID Status Description Internal version number of the table. This number is incremented whenever the table changes. IP address of the router. Status of the table entry. The status is displayed at the beginning of

codes

each line in the table. It can be one of the following values: sThe table entry is suppressed. dThe table entry is dampened. hThe table entry history. *The table entry is valid. >The table entry is the best entry to use for that network. iThe table entry was learned via an internal BGP (iBGP) session. rThe table entry is a RIB-failure. SThe table entry is stale. mThe table entry has multipath to use for that network. bThe table entry has backup path to use for that network. xThe table entry has best external route to use for the network.

Origin codes

Origin of the entry. The origin code is placed at the end of each line in the table. It can be one of the following values: iEntry originated from an Interior Gateway Protocol (IGP) and was advertised with a network router configuration command. eEntry originated from an Exterior Gateway Protocol (EGP). ?Origin of the path is not clear. Usually, this is a router that is redistributed into BGP from an IGP.

Network Next Hop

IP address of a network entity. IP address of the next system that is used when forwarding a packet to the destination network. An entry of 0.0.0.0 indicates that the router has some non-BGP routes to this network. If shown, the value of the interautonomous system metric. Local preference value as set with the set local-preference route-map configuration command. The default value is 100. Weight of the route as set via autonomous system filters. Autonomous system paths to the destination network. There can be one entry in this field for each autonomous system in the path. Indicates that the following path for the specified autonomous system is marked as "stale" during a graceful restart process.

Metric LocPrf Weight Path (stale)

b) If VPN_A and VPN_B use the same ip addressing a 64 bit route distinguisher is used to make each VPN prefixes unique, with the router distinguisher bits added the provider edge router can identify each VPN and forward to the correct prefix. c) BGP is used only between the provider edge routers to transfer or exchange the global routing table for all the customers connected to the provider edge router and have VRF services enabled. BGP solves two problems, the first is the scalability problem, and the only routing protocol that can support assimilation of large routing tables is BGP, supporting several thousands of customers in one routing table. And the second problem is complexity of implementation, BGP simplifies the complexity problem when the core MPLS routers are transparent to BGP and are not required to have BGP enabled, this greatly simplifies the problem for network administrators. d) MPLS in this lab plays the most important part in the VPN, which is the virtual forwarding provided by the double stack MPLS labels, without this feature virtual routing and forwarding(VRF) would not be possible. Loopback interfaces are used to in demonstration of how BGP routes are learned and stored for each customer inside the VPN. e) Ping from 10R3 to 9R3, placement of wireshark on 9R4 link to 10R4

We can see that the packet is sourced from 10.1.31.3 10R3 interface connected to the PE router, and the destination is 10.1.4.4 which is the loopback interface on 9R3. We can see that two labels are used to encapsulate the IP packet, the first label is used for packet forwarding inside the core MPLS network, with a bottom of stack bit set to 0 to indicate next pdu will be another label. The second MPLS label is used to indicate the VPN the destination network is located in, in this example it is shown that the MPLS label is 26 for 9R3 VPN.

ICMP reply

The above figure shows the icmp reply message coming from 9R3 10.1.4.4 and going to 10R3 10.1.31.3. The packet is also encapsulated in two labels, the first label is 18 and is used for pdu forwarding in the core MPLS network and the second label is 23 used to identify customer router 10R3 on VPN_B Following the icmp packet on the link 9R4-9R1 on 9R4 we can see the wireshark decode indicating that the firs label was popped due to PHP by router 9R4 and we have a single label, label 26 to indicate the destination network is in VRF .

The ping reply comes to 9R4 with two labels the first label is used to forward the packet to 10R4 and the second is used to indicate the VRF for the destination 10.1.31.3.

The figure below shows that even BGP keepalive messages are encapsulated in an MPLS pdu inside the core MPLS network.

The figure below shows that BGP updates are also encapsulated in an MPLS pdu inside the core MPLS network.

This BGP update packet is used to advertise a withdrawn network of 10.1.5.5 from router 10R3. The BGP packet is encapsulated in an MPLS pdu with label 19.