Sikandar Gouse Moinudin CCIE Routing and Switching, Service Provider CCIE No.35012 Seiwa eotmaraee ~— QENSEK wensINDEX PAGE NO CONFIUGURING LDP MPLS LDP Troubleshooting LAB MPLS LDP PEERING .. 7 ‘MPLS VPNs 36 LAB: MPLS L3 VPN Support for Static Routing 39 LAB: MPLS L3 VPN Support for RIP? .. 50 LAB: MPLS L3 VPN Support for EIGRP LAB: MPLS L3 VPN Support for OSPF sis oss sn ss se eon os eo nee 63: OPSF Super Backbone/ OSPF Domain-id 71 OSPF Sham-link 7 LAB: OSPF Sham-link ee see ue 00 00 60808 ue 00 4 008 sen ue 76 LAB: MPLS L3 VPN Support for EBGP 7” LAB: Overlap VPN: 90 LAB: EXPORT MAPS: sous 19 wo scan sy stand dase umn cose (us 80 Searels eenns ets aera oe GeWORK rae 2LAB: CONFIUGURING LDP TASI © Configure the basic IP addressing according to the diagram. # Configure ospf area 0 as IGP protocol running inside the MPLS SP network. # Advertise the loopback 0 interface also inside the IGP, Ri (config)#router ospf 1 Ri(config-router)# network 10.0.0.0 0,255.255.255 area 0 RI (config-router)#network 1.0.0.0 0.255.255.255 area 0 RI (config-router)#network 11.0.0.0 0.0.0255 area 0 Ri (config-router)Hexit R2(configh#router ospf 1 R2(config-router)# network 20.0.0.0 0.255.255.255 area 0 R2(config-router)# network 2.0.0.0 0.255.255.255 area 0 R2(config-router)#network 1.0.0.0 0.255.255.255 area 0 R2(config-rowter)#network 12.0.0.0 0.0.0255 area 0 R2(config-router)ttend R3(config)#router ospf 1 R3(config-router)#network 30.0.0.0 0,255.255.255 area 0 R3(config-router)# network 3.0.0.0 0.255.255.255 area 0 MPLS 13 VPN Workbook by Sikandar Gouse Moinuddin CCIE (R&S, SP) #35012 & K ALL contents axe copyright €2013 - 2014 All rights reserved. ET Wok Page 3R3(config-router)# network 2.0.0.0 0.255.255.255 area 0 R3(config-router)#network 13.0.0.0 0.0.0.255 area 0 R3(config-router)#exit Ra(config)#router ospf 1 Raconfig-router)#network 40.0.0.0 0,255.255.255 area 0 RA (config-router)# network 3.0.0.0 0.255.255.255 area 0 Ra (config-router)#network 14.0.0.0 0.0.0.255 area 0 Ré(config-router}#end R3#sh ip ospf neighbor Neighbor ID Pri State Dend Time Address Interface 1203.1 0 FULLY - 00:00:36 2.2.2.1 Seriall/0 1403.1 0 FULI/- 00:00:38 3.332 —Seriall/1 R24#sh ip ospf neighbor Neighbor ID Pri State end Time Address Interface 11.0.3.1 0 FULL/ - 00:00:35 1.1.1.1 Seriall/0 13.0.3.1 0 FULL/ - 00:00:32 2 Seriall/1 RItsh ip route ospf 2.0.0.0/8 [110/128] via 1.1.1.2, 00:00:20, Serial1/0 3.0.0.0/8 [110/192] via 1.1.1.2, 00:00:20, Serial1/0 20.0.0.9/8 [110/65] via 1.1.12, 00:00:20, Serial/0 40.0.0.0/8 [110/193] via 1.1.1.2, 00:00:20, Serial 1/0 12.0.0.0/82 is subnetted, 1 subnets O — 12.00.1 [110/65] via 1.1.1.2, 00:00:20, Serialt/0 13.0.0.0/32 is subnetted, 1 subnets O — 13.0.0.1 [110/129] via 1.1.1.2, 00:00:20, Serial1/0 14.0.0.0/32 is subnetted, 1 subnets e000 O = 14.0.0.1 [110/193] via 1.1.1.2, 00:00:20, Serial1/0 O 30.0.0.0/8 [110/129] via 1.1.1.2, 00:00:20, Serial1/0 Ritsh ip cof Prefix Next Hop Interface drop NiullO (defeult route handler entry) receive attached Serial 100082 receive 11.1182 receive 1.255.255.255/32 receive 2.0.0.0/8 1.1.1.2 Seriall/0 30098 = 11.1.2 Serial (0 40008 — attacked ——Serialt/1 400082 receive MPLS 13 VEN Rosibook by Sikandax Gouge Hoinuddin CCIE (RES, SP) 425012 ALL contents axe copyright €2013 - 2014 All rights reserved. Page 4 Getwerk282 receive 4.255.255.255/32 receive 10.0.0.0/8 attached FastE thernet0/0 100.0032 receive 10.1.1.82 receive 10.255.255.255/32. receive 110.0024 — attached Loopback 110.0.082 receive 110.0.182 receive 11.0.0.255/32 receive 110.1024 attached Loopback 110.1082 receive Prefix NextHop Interface 11.0.1.82 receive 11.0.1.255/82 receive 110.2024 attached Looplack2 11.0.2.082 receive 11.0.2.1/82 receive 11.0.2.2552 receive 11.0.3.024 attached Looplack3 110.3082 receive 103.182 receive 11.03.2552 receive 120.0182 1.1.12 Serial) 130.0182 1.1.12 Seriall/0 14.0.0.182 Serial 200.0.9/8 Serial/0 300.0.0/8 Serial/0 40.0.8 Serial/0 224.0.0.0/4 24.00.0724 — receive 55/82 receive Rittsh ip route 40.0.0.0 Routing entry for 40.0.0.0/8 Knowon via "OSBE0S, HStAENIO) metric 193, type intra area Last update from 1.1.1.2 on Seriall/0, 0:00:50 ago Routing Descriptor Blocks: "1.1.12, from 14.0.3.1, 0:00:50 ago, via Serialt/0 Route metric is 193, traffic share count is 1 Cisco Express Forwarding (CEP) is advanced, Layer 3 IP switching technology. CEF optimizes network performance and scalability for networks with large and dynamic trafic patterns, such as the Internet, on networks characterized by intensive Web-based applications, or interactive sessions. sous 19 wo scan sy stand dase umn cose (us 80 Searels eenns ets aera oe GEDWORK nase 5‘+ Cisco Express Forwarding is enabled by default on most Cisco platforms running Cisco IOS softaoare Release12.0 or later. When Cisco Express Forwarding is enabled on a router, the Route Processor (RP) performs the express forwarding. © To find out if Cisco Express Forwarding is enabled on your platform, enter the show ip cef command. If Cisco Express Forwarding is enabled, you receive output that looks like this: Rittsh ip cef 40.0.0.0 40.0.0.0/8, version 30, epoch 0, cached adjacency to Serial/0 O packets, 0 bytes ASAIN dependencies next hop 11.12, Seria valid cached adjacency To disable CEF: Ri (config)#no ip cef Ri(config)ttend If Cisco Express Forwarding is not enabled on your platform, the output for the show ip cef command looks like th R1ish ip cof %CEF not running Prefix Next Hop Interface To enable CEF RI (config)tip cef Ri(confightend RI#sh ip cef 40.0.0.0 40.0.0.0/8, version 30, epoch 0, cached adjacency to Serial /O O packets, 0 bytes via 1.1.1.2, Serial1/0, 0 dependencies next hop 1.1.1.2, Serial1/0 valid cached adjacency NOTE: ‘Make sure that you are able to ping to loopback 0 of every router as we are going to establish the LDP neighborship based on MPLS router -ID ( and it has to be advertised in the IGP for LDP peering) MPLS Label Protocol - LDP ‘MPLS Idp router-id - Best to set it as the IP must be reachable as itis used in the transport addresss in the LDP discovery hello messages. How the LDP Router- is derived If the MPLS Router-ID command has not been applied. 1. The router checks the IP addresses ofall operational interfaces so £3 rv wut hy stant Gon Wosnutin come one, 1808 Se ae ee GEDWORK rage c2. Ifany of these interfaces are loopbacks the router selects the highest loopback address for the LDP router-id 3. If no loopback interfaces are configured the highest operational IP address is selected as the LDP router-id © This default method of assigning the LDP router-id can cause problems ifthe assigned id is not able to be advertised by the routing protocol The mpls router-id command allows you to specify an interface as the LDP router-id. You need to make sure the specified interface is up so it's IP address can be used. © Ifyou issue the command without the force option the router will select the ip address of the specified interface when it next selects an LDP router 1D. © When you issue the mpls ldp router-id with the force option if the interface is up and it is not currently using the IP address as the router-id the router-id changes. This will tear down any existing LDP sessions and will interupt the MPLS forwarding TASK ‘© Configure MPLS on all routers. Use LDP as protocol. + Configure LDP router ID has to be the loop 01D © Configure the routers to select the labels as below R1 100-199 R2 200-299 R3— 300-399 R4 400-499 NOTE: Make sure the CEF is enabled. before you configure. R1Ash ip cef Prefix Next Hop Interface # If you see the above output which means CEF is disabled or not runing. Make sure that CEF is enabled as MPLS rely on CEF to build its label database. R1(config)#mpls label range 100 199 Ri(configh#mpls label protocol ldp Ri(configh#mpls Idp router-id loopback 0 Ri(config)int 1/0 Ri (config-ip#tmpls ip Ri(config-itend R2(configh#mpls label range 200 299 R2(config)#mpls label protocol ldp R2(configh#mpls Idp router-id loopback 0 R2(config)tint s1/0 R2(config-ip#tmpls ip R2(config-ifint sI/L R2(config-)#mpls ip R2(config-itend R3(config)#mpls label range 300 399 sous 13 or nano sy stuns dave umn cose (usm) 808 Searels eenns ets aera oe GEWERK race 7R3(config)#mpls label protocol ldp R3(configh#mpls Idp router-id loopback 0 R3(config)#int S10 R3(config-ip#mpls ip R3(config-iptint sI/L R3(config-iptmpls ip R3(config-ipttend Ra(config)#mpls label range 400 499 Ra(config)#mpls label protocol ldp Ra(config)#mpls Idp router-id loopback 0 Ra(config)#int S10 RA(config-ip#mpls ip Ra(config-ipttend R3#sh mpls ldp neighbor Peer LDP Ident: 12.00.10; Local LDP Ident 13.0.0.10 TCP connection: 12.0.0.1.646 - 13.0.0.1.20380 State: Oper; Msgs sent/rcod: 17/18; Downstream Up time: 00:00:47 LDP discovery sources: Seriall/0, Src IP addr: 2.2.2.1 Addresses bound to peer LDP Ident: 20.1.1.1 11.12 2221 12.0.0.1 BOLI 12021 1203.1 Peer LDP Ident: 140.0.1:0; Local LDP Ident 13.0.0.1:0 TCP connection: 14.0.0.1.30158 - 13.0.0.1.646 State: Oper; Msgs sent/rcod: 17/18; Downstream Up time: 00:00:06 LDP discovery sources: Serial1/1, Src IP addr: 3.3.3.2 Addresses bound to peer LDP Ident: 40111 3332 4441 1400.1 14.0.1.1 14.0.2. 14.03.1 R3#tsh mpls interfaces Interface IP Tunnel Operational Seriall/0 Yes (Idp) No Yes Serial1/1 Yes (Idp) No Yes R2#sh mpls Idp neighbor Pee LDP Went FHOWAMEL ocal LDP Ident 12.0..1:0 TCP connection: 11.0.0.1.646 - 12.0.0.1.11373 MPLS 13 VEN Rosibook by Sikandax Gouge Hoinuddin CCIE (RES, SP) 425012 a ae ea GEWORK raeState: Oper; Msgs sentfrevd: 19/19; Downstream Up time: 00:01:45 LDP discovery sources Serial1/0, Sre IP addr: 1.1.1.1 Addresses bound to peer LDP Ident: WAL Ld 4442 11.001 M011 11021 1103.1 ‘(WPPLDPTAETSOOTF ocai LDP Ident 12.0.0.1:0 TCP connection: 13.0.0.1.20380 - 12.0.0.1.646 State: Oper; Msgs sent/rcod: 18/18; Downstream Up time: 00:01:10 LDP discovery sources: Serial1/1, Src IP addr: 2.2.2.2 Addresses bound to peer LDP Ident: 301.11 333.1 13.001 130.11 13021 1303.1 R2#sh mpls interfaces Interface IP Tunnel Operational Seriali/0 Yes (Idp) No Yes Seriali/1 Yes (ldp) No Yes R1#tsh ip cef 40.0.0.0 40.0.0.0/8, version 30, epoch 0, cached adjacency to Seriall/0 O packets, 0 bytes tag information set local tag: 19 {fast tag rewrite with Se1/0, point2point, tags imposed: {201} via 1.1.1.2, Seriall/0, 0 dependencies next hop 1.1.1.2, Seriall/0 valid cached adjacency tag rewrite with Se1/0, point2point, tags imposed: {201} Rattsh mpls Idp bindings 40.0.0.0 255.0.0.0 fib entry: 40.0.0.0/8, reo 12 local binding: tag: imp-rull remote binding: tsr: 13.0.0.1:0, tag: 302 R3itsh mpls ldp bindings 40.0.0.0 255.0.0.0 tib entry: 40.0.0.08, reo 10 local binding: tag: 302 remote binding: tsr: 12.0.0.1:0, tag: 201 remote binding: tsr: 14.0.0.1., tag: imp-null © TIB is also equivalent to LIB. Tag Information Base was its old name when Label Switching was then called Tag Switching. pee ee Sear cauSrutoe spel anal apts as tags erocoee GEDWORK nase 9Local binding means what tag the router will put for the packet to destination. Imp-mull meaning it will not put because this isa locally originated. Remote Binding means, the label the LDP neighbor router assigned to this subnet. TSR (Tag Switching Router) old name for Label Switching Router (LDP) R3#sh mpls forwarding-table 40.0.0.0 8 Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 302 Poptag 40.0.00/8 0 Self point2point Where does the Untagged keyword appear? Itonly appears as the output label in the LFIB (Label Forwarding Information Base) that you can inspect with the show mpls forwarding-table. means that the router has no output label associated If this LSR receives a packet with top label 102, it removes all labels and forzwards the packet as an IP packet, because the outgoing label (tag) is Untagged. If this LSR were to receive a labeled packet with the top label 22, it would stoap the label with label 17 and then forward it on the Ethernet0/0/0 interface * Pop—The top label is removed. The packet is forwarded with the remaining label stack or as an unlabeled packet. Networks originating on the outside of the MPLS domain are not assigned any label on the edge LSR; instend, the POP label is advertised. Swap The top label is removed and replaced with a nec label. Push ~The top label is replaced with a new label (swapped), and one or more labels are added (pushed) on top of the swapped label. © Untagged/No Label— The stack is removed, and the packet is forwarded unlabeled. R2#sh mpls ldp bindings 40.0.0.0 255.0.0.0 tib entry: 40.0.0.08, rev 10 local binding: tag: 201 remote binding: tsr: 13.0.0.1:0, tag: 302 remote binding: tsr: 11.0.0.1:0, tag: 103 R2#sh mpls forwarding-table 40.0.0.0 8 Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 201 302 40.000/8 0 — Sel/1__point2point Ritsh mpls ldp bindings 40.0.0.0 8 tib entry: 40.0.0.08, reo 12 local binding: tag: 103 remote binding: tsr: 12.0.0.1.0, tag: 201 Ri#sh mpls forwarding-table 40.0.0.0 8 Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface sos £3 rv wut hy stant Gon osm come cn, 1808 a ae ea GEDWORK tage 20103 201 40.00.08 0 — Sel/0 _point2point Ri ping 40.1.1.1 source 10.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 40.1.1.1, timeout is 2 seconds: Packet sent with a source address of 10.1.1.1 nu ‘Success rate is 100 percent (5/5), round-trip min/avg/max = 32/57/76 ms Ri#traceroute 40.1.1.1 source 10.1.1.1 Type escape sequence to abor! Tracing the route to 40.1.1.1 1 1.1.1.2 [MPLS: Label 201 Exp 0] 68 msec 60 msec 64 msec 22.2.2.2 [MPLS: Label 302 Exp 0] 64 msee 56 msec 52 mise 33.3.3.2 60 msec * 60 msec MPLS 13 VEN Rosibook by Sikandax Gouge Hoinuddin CCIE (RES, SP) 425012 ALL contents axe copyright €2013 - 2014 All rights reserved. Getwerk Page 11LAB: MPLS LDP Troubleshooting Possible issues: © mpls ip not enabled (MPLS IP missing on interfaces connected) # protocol mismatch (TDP /LDP) global or at interface level © higher loopback ID taken as router 1D which is not advertised in IGP © mismatch authentication if configured Show commands sh mpls interfaces sh mls ldp neigh sh run int sh runt | in mpls TASK: © Continue with the previous lab. ‘+ Remove the Mpls Ip Command to Verify Troubleshooting RU(config)tint s1/1 R1(config-ip) Ri(config-it Ri(config-ipitend RAsh mpls Idp neighbor Risk mpls interfaces Interface IP Tunnel Operational Ri (config)#int s1/L Ri(config-i)#iplsap Ri(config-ipitend R#sh mpls Idp neighbor Peer LDP Ident: 12.0.0.1:0; Local LDP Ident 11.0.0.1:0 TCP connection: 12.0.0.1.51918 - 11.0.0.1.646 State: Oper; Msgs sent/rcod: 52/52; Downstream Up time: 00:22:07 LDP discovery sources: Seriali/O, Src IP addr: 1.1.1.2 Addresses bound to peer LDP Ident: 2111 1112 2221 12001 2011 12021 12031 ‘hange the MPLS protocol to TDP instead of LDP and verify the outputs R2(config)#mpls label protocol tdp R2(configh#end Risk mpls ldp neighbor RiAsh mpls interfaces sous 19 wo scan sy stand dase umn cose (us 80 Searels eenns ets aera oe GEWORK race 22Interface IP Tunnel Operational Seriall/0 Yes (ldp) No Yes Serialt/1 Yes (Idp) No Yes Ri sh run | in mpls ‘pls label range 100 199 ‘pls label protocol idp pls ip ‘pls Idp rowter-id Loopback R2#sh mpls ldp neighbor R2#sh mpls interfaces Interface IP Tunnet Operational Serial /0 No Yes Seriall/1 No Yes R2#sh run | in mpls ms labet ra 200 299 pls ip mpls ip ‘pls Idp router-id Loopback R2configh#no mpls label protocol tdp R2(config}#mpls label protocol ldp R2#sk mpls ldp neighbor Peer LDP ident: 11.00.10; Local LDP Ident 12.0.0.1:0 TCP connection: 11.0.0.1.646 - 12.0.0.1.42191 State: Oper; Msgs sent/rced: 2727; Downstream Up time: 00:00:21 LDP discovery sources: Seriali/0, Src IP addr: 1.1.1.1 Addresses bound to peer LDP Ident W111 1111 4442 11.001 110.11 11021 1103.1 ); Local LDP Ident 12.0.0.1:0 TCP connection: 13.0.0.1.14107 - 12.0.0.1.646 State: Oper; Msgs seni/rced: 2727; Downstream Up time: 00:00:20 LDP discovery sources Seriali/l, Src IP addr: Addresses bound to peer LDP Ident: 30111 2222 333.1 13.001 13011 130.21 13.031 Ri#sh mpls Idp neighbor Local LDP Ident 11.0.0.1:0 TCP connection: 12.0.0.1.42191 - 11.0.0.1.646 State: Oper; Msgs seni/rcod: 27/27; Downstream Up time: 00:00:33 vous 1 wow sas by sthntne cou main out nas S02 Sear cauSrutoe spel anal apts as tags erocoee Wetwerk Page 19LDP discovery sources: Serial¥/0, Src IP addr: 1.1.1.2 Addresses bound to peer LDP Ident: 2111 1112 2221 12.001 ROL 12021 1203.1 TAS. R2(config)tint loop 10 R2(config-i)ttip add 172.16.1.1 255.255.255.0 R2Aconfig-iptend R2(config)#mpls Idp router-id loopback 10 force R2#sh mpls Idp neighbor R2#sh mpls ldp neighbor Ro#sh mpls interfaces Interface IP Tunnel Operational Seriall/0 Yes (Idp) No Yes Serial 1/1 Yes (Idp) No Yes Ri#sh mpls interfaces Interface IP Tunnel Operational Serial (0 Yes (Idp) No Yes R2#sh run | in mpls ‘pls label range 200 299 ‘pls label protocol ldp mpl ip am a R2#sh ip int brief Interface IP-Address OK? Method Status FastEthemet0/0 2.1.1.1. YESNVRAM up ‘reate loopback 10 and make it as MPLS lp router-id on R2 Protocol up FastEthemet0/I unassigned YES NVRAM administratively down down Serial 1/0 L112” YESNVRAM up up Serial /L 1 YESNVRAM up up Serial 1/2 unassigned YES NVRAM administratively down down Serial 3 unassigned YES NVRAM administratively down down tomo TORT -YESNVRAM ap 7 Loopback! 120.11 YESNVRAM up up Loopback? 1202.1 YESNVRAM up up Loopbacl L ES NVRAM up up [eopbckt0 TZN YES marl ” Risk mpls Ip neighbor Peer LDP Ident: 14.0.0.1:0; Local LDP Ident 11.0.0.1.0 TCP connection: 14.0.0.1.15677 - 11.0.0.1.646 State: Oper; Msgs seni/rcod: 35/35; Downstream MPLS 13 VEN Rosibook by Sikandax Gouge Hoinuddin CCIE (RES, SP) 425012 ALL contents axe copyright €2013 - 2014 All rights reserved. GEDWORK raceUp time: 00:07:38 LDP discovery sources: Seriali/l, Src IP addr: 44.4.1 Addresses bound to peer LDP Ident: 40111 3332 4441 14001 M011 14021 1403.1 Ri sping 172.16.1.1 Translating "172.16.1.1" Type escape sequence to abort. eantns 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds: ‘Success rate is 0 percent (05) Solution + Advertise loopback 10 in IGP or change router-id to some address which is already advertised Ri sping 12.0.0.1 Translating "12.0.0.1" Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.0.1, timeout is 2 seconds: 1! ‘Success rate is 100 percent (56), round-trip min/avg/max = 32/84/132 ms R2(config)#mpls ldp router-id loopback 0 force R2#sh mpls ldp neighbor LDP Ident 12.0.0.1:0 TCP connection: 13.0.0.1.44501 - 12.0.0.1.646 State: Oper; Msgs sent/rced: 28/27; Downstream Up time: 00:00:08 LDP discovery sources: Seriali/l, Sre IP addr: 2.2.2. Addresses bound to peer LDP Ident: 30.111 2222 333.1 13.00.1 13.0.1.1 1303.1 Local LDP Ident 12.0.0.1:0 TCP connection: 11.0.0.1.646 - 12.0.0.1.60014 State: Oper; Msgs sent/rcvd: 2827; Downstream Up time: 00:00:03 LDP discovery sources: Serial¥/O, Src IP addr: 1.1.1.1 Addresses bound to peer LDP Ident: 111 1111 4442 11.001 T1011 1102.1 1103.1 R2(config)#mpls ldp neighbor 11.0.0. password cisco123 R2(confightend Rash mpls ldp neighbor Ri#sh mpls interfaces Interface IP. Tunnel Operational vous 1 ww sas by stata cou osnain out nas) S02 Searels eenns ets aera oe GEWORK race asSerial/0 Yes (Idp) No Yes Seriali/1 Yes (ldp) No Yes R2#sh mpls interfaces Interface IP Tunnel Operational Serial/0 Yes (Idp) No Yes Serial 1/1 Yes (Idp) No Yes Rsk run | in mpls ‘pls label range 100 199 ‘pls label protocol ldp pls ip impls Ip rowter-id Loopback0 R2#sh run | in mpls ‘mpls label range 200 2: a label at ‘al ie pls ip mpls ip ‘pls Idp rowter-id Loopback0 force RAping 12.0.0 source 11.0.0.1 ‘Type escape sequence to abort Sending 5, 100-byte ICMP Echos to 12.0.0.1, timeout is 2 seconds: Packet sent with a source address of 11.0.0.1 nn Success rate is 100 percent (5/5), round-trip min/aog/max = 8/76/88 ms RU (config)#mpls ldp neighbor 12.0.0.1 password cisco123 Risk mpls Idp neighbor Peer LDP Ident: 12.0.0.1.0; Local LDP Ident 11.0.0.1:0 TCP connection: 12.0.0.1.14810 - 11.0.0.1.646 State: Oper; Msgs sent/rcod: 27/28; Downstream Up time: 00:00:03 LDP discovery sources: Seriali/O, Src IP addr: 1.1.1.2 Addresses bound to peer LDP Ident 211 1112 22.21 1200.1 O11 120.21 1203.1 172.16.1.1 vous £9 ww sas by sthantne coe main out nes S02 Sear cauSrutoe spel anal apts as tags erocoee Wetwerk Page 16LAB_MPLS LDP PEERING LOOPBACKS 24 1200.1/24 2g worse S iz021/26 42.0.3.1/28 Re LOOPBACKS ty 13.0.0.1/24 ei 13.0.1.1/24 ‘a5, 18.0.2.1/24 13.0.3.1/24 10.1.1 14.0.3.1/24 TASK: Configure the basic IP addressing according to the diagram. Configure ospf area 0 as IGP protocol running inside the MPLS SP network. Advertise the loopbacks interfaces also inside the IGP RI Ri(config)#router ospf 1 Ri(config-router)# network 1.1.1.1 0.0.0.0 area 0 Ri(config-router)# network 444.2 0.0.0.0 area 0 Ri (config-router)#uetwork 10.0.0.0 0.255.255.255 are 0 Ri (config-router)# network 11.0.0.0 0.255.255.255 area 0 RU (config-router)# R2 R2(configh# router ospf1 R2(config-router)# network 1.1.1.2 0.0.0.0 area 0 R2config-router)# network 2.2.2.1 0.0.0.0 area 0 R2(config-router)#metwork 20.0.0.0 0.255.255.255 are 0 R2(config-router)# network 12.0.0.0 0.255.255.255 area 0 R2(config-router)#exit R3 R3 (config) router ospf'1 R3(config-router)# network 2.2.2.2 0.0.0.0 area 0 R3(config-router)# network 3.3.3.1 0.0.0.0 area 0 R3(config-router #uetwork 30.0.0.0 0.255.255.255 are 0 R3(config-router)# network 13.0.0.0 0,255.255.255 area 0 WLS 13 YPN Worthook by Sikandar Gouge Moinuddin CCIE (R&S, SP) #35012 @ K ALL contents are copyright 62013 ~ 2014 ALl xights resexved. Page 17R3(config-router)Hend Ra RA(config)#router ospf1 RA(config-router)# network 3.3.3.2 0.0.0.0 area 0 RA(config-router)# network 4.44.1 0.0.0.0 area 0 Ra(config-router)#uetwork 40,0.0.0 0.255.255.255 area 0 Ra(config-router}# network 14.0.0.0 0.255.255.255 area 0 Raconfig-router) end R1Ash ip ighbor R3itsh ip ospf neighbor Neighbor ID Pri State Dead Time Address 1403.1 0 FULL - 00:00:35 3.3 1203.1 0 FULIY- —00:00:3 R1fsh ip route ospf O 2.0.0.0/8 [110/128] via 1.1.1.2, 00:02:01, Seriall/0 O 3.0.0.0/8 [110/128] via 4.4.4.1, 00:02:01, Serial 1/1 12.0.0.0/32 is subnetted, 4 subnets O 120.1.1 [110/65] via 1.1.1.2, 00:02:01, Serial 1/0 O 12.00.1 (110/65) via 1.1.1.2, 00:02:01, Serial 0 O 1203.1 [110/65] via 1.1.1.2, 00:02:01, Serial /0 OO 12.0.2.1 [110/65] via 1.1.1.2, 00:02:01, Serial1/0 13.0.0.0/32 is subnetted, 4 subnets O — 13,0.0.1 [110/129] via 4.4.4.1, 00:02:01, Serial 1/1 [110/129] via 1.1.1.2, 00:02:01, Serial1/0 O — 13.0.1.1 [110/129] via 4.4.4.1, 00:02:01, Serial 1/1 [110/129] via 1.1.1.2, 00:02:01, Seriali/0 O — 13.0.2.1 [110/129] via 4.4.4.1, 00:02:01, Serial1/1 [110/129] via 1.1.1.2, 00:02:01, Seriall/0 O — 13.03.1 [110/129] via 4.4.4.1, 00:02:01, Serial1/1 [110/129] via 1.1.1.2, 00:02:01, Serial1/0 14.0.0.0/32 is subnetted, 4 subnets O = 14.03.1 [110/65] via 4.4.4.1, 00:02:01, Serial1/1 O = 14.0.2.1 [110/65] via 4.4.4.1, 00:02:01, Serial1/1 O = 14.0.1.1 [110/65] via 4.4.4.1, 0:02.01, Serial1/1 O = 14.0.0.1 [110/65] via 4.4.4.1, 00:02:01, Serial1/1 R2#sh ip route ospf 3.0.00 [110/128] via 22.2.2, 00:02:34, Serial1/1 O 4.0.0.088 [110/128] via 1.1.1.1, 00:02:34, Serial/0 11.0.0.0832 is subnetted, 4 subnets OQ —11.0.2.1 [110/65] via 1.1.1.1, 00:02:34, Serialt/0 O — 11.03.1 [110/65] via 1.1.1.1, 00:02:34, Serial1/0 O —11.00.1 [110/65] via 1.1.1.1, 00:02:34, Serialt/0 O 1.0.1.1 [110/65] via 1.1.1.1, 00:02:34, Seriall/O0 13.0.0.0/32 is subnetted, 4 subnets O 13.0.1 [110/65] via 2.2.2.2, 00:02:34, Serial1/1 MPLS 13 VEN Rosibook by Sikandax Gouge Hoinuddin CCIE (RES, SP) 425012 ALL contents axe copyright €2013 - 2014 All rights reserved. Pf NeighborID Pri State end Time Address Interface 1 112 Seriali/0 Interface Getwerk Page 19O 13.1.1 [110/65] via 22.2.2, 00:02:34, Serial/1 O — 13.0.2.1 [110/65] via 2.2.2.2, 00:02:34, Serial/1 O 13.3.1 [110/65] via 2.2.2.2, 00:02:34, Serial!/1 14.0.0.0/32 is subnetted, 4 subnets O 1403.1 [110/129] via 2.2.2.2, 00:02:34, Seriall/1 [110/129] via 1.1.1.1, 00:02:34, Seriall/0 © — 140.2.1 {110/129} via 2.2.2.2, 00:02:34, Serial 1/1 [110/129] via 1.1.1.1, 00:02:34, Seriall/0 O 14.1.1 [110/129] via 2.2.2.2, 00:02:34, Serial1/1 [110/129] via 1.1.1.1, 00:02:34, Serial!/0 O — 14.0.0.1 [110/129] via 2.2.2.2, 00:02:34, Serial1/1 [110/129] via 1.1.1.1, 00:02:34, Seriall/0 R3itsh ip route ospf 0 1.0.0.0/8 [110/128] via 2.2.2.1, 00:02:44, Serial l/0 O 4.0.0.9/8 [110/128] via 3.3.3.2, 00:02:44, Seriall/1 11.0.0.0/32 is subnetted, 4 subnets O — 11.0.2.1 [110/129] via 3.3.3.2, 00:02:44, Seriall/1 [110/129] via 2.2.2.1, 00:02:44, Serial1/0 O 1103.1 110/129] via 33.3.2, 00:02:44, Seriall/1 [110/129] via 2.2.2.1, 00:02:44, Seriall/0 O 1.00.1 [110/129] via 33.3.2, 00:02:44, Serial1/1 [110/129] via 2.2.2.1, 00:02:44, Serial!/0 O 110.1.1 110/129] via 33.3.2, 00:02:44, Seriall/1 [110/129] via 2.2.2.1, 00:02:44, Seriall/0 12.0.0.032 is subnetted, 4 subnets O 120.1.1 [110/65] via 2.22.1, 00:02:44, Serial1/0 O 12.0.1 [110/65] via 2.22.1, 00:02:44, Serial1/0 O — 12.03.1 [110/65] via 2.2.2.1, 00:02:44, Serial1/0 O 1202.1 [110/65] via 2.2.2.1, 00:02:44, Serial1/0 14.0.0.0/32 is subnetted, 4 subnets O 1403.1 [110/65] via 3.3.3.2, 00:02:44, Seriali/1 O 1402.1 [110/65] via 3.3.3.2, 00:02:44, Serialt/1 0 — 140.1.1 [110/65] via 3.3.3.2, 00:02:44, Seriali/1 O 1400.1 [110/65] via 3.3.3.2, 00:02:44, Seriali/1 Radish ip route ospf O 1.0.0.0f8 [110/128] via 4.4.4.2, 00:02: 0 2.0.00/8 [110/128] via 3.3.3.1, 000 11.0.0.02 is subnetted, 4 subnets O 11.0.1 [110/65] via 4.4.4.2, 00:02:44, Seriali/1 O —11.03.1 [110/65] via 4.4.4.2, 00:02:44, Serialt/1 O — 11.0.0.1 [110/65] via 4.4.4.2, 00:02:44, Serial1/1 O 110.1.1 [110/65] via 4.4.4.2, 00:02:44, Seriall/1 12.0.0.0/32 is submetted, 4 subnets O 120.1.1 [110/129] via 4.44.2, 00:02:44, Seriall/1 [110/129] via 3.3.3.1, 00:02:44, Serial!/0 O 1200.1 [110/129] via 4.4.4.2, 00:02:44, Serialt/1 [110/129] via 3.33.1, 00:02:44, Serial1/0 O 1203.1 [110/129] vin 4.44.2, 00:02:44, Seriall/1 [110/129] via 3.3.3.1, 00:02:44, Serial!/0 O 1202.1 [110/129] via 4.4.4.2, 00:02:44, Serial 1/1 sous 19 we san sy stand dase Hunn cose (ue 808 Searels eenns ets aera oe GEWORK nase t, Serial1/L 1, Serial1/0[110/129] via 3.3.3.1, 00:02:44, Serial!/0 13.0.0.0/32 is subnetted, 4 subnets O — 13..0.1 [110/65] via 3.3.3.1, 00:02:44, Serialt/0 O 1300.1.1 [110/65] via 3.33.1, 00:02:44, Serial /0 O 1302.1 [110/65] via 3.3.3.1, 00:02:44, Serial /0 O 1303.1 [110/65] via 3.3.3.1, 00:02:44, Seriall/0 NOTE: © Make sure that you are able to ping to loopback O of every router as we are going to establish the LDP neighborship based on MPLS router ID ( and it has to be advertised in the IGP for LDP peering) ‘MPLS Label Protocol - LDP MPLS Idp router-id - Best to set it as the IP must be reachable as it is used in the transport addresss in the LDP discovery hello messages. How the LDP Router-ID is derived Ifthe MPLS Router-ID command has not been applied. 4. The router checks the IP addresses of all operational interfaces. 5. Ifany of these interfaces are loopbacks the router selects the highest loopback address for the LDP router-id 6. Ifno loopback interfaces are configured the highest operational IP address is selected as the LDP router-id © This default method of assigning the LDP router-id can cause problems ifthe assigned id is notable to be advertised by the routing protoco. # The mpls router-id command allows you to specify an interface as the LDP router-id. You need to make sure the specified interface is up so it's IP address can be used. © If you issue the command without the force option the router will select the ip address of the specified interface ‘when it next selects an LDP router 1D. © When you issue the mpls ldp router-id with the force option ifthe interface is up and itis not currently using the IP address as the router-id the router-id changes. This will tear down any existing LDP sessions and will interupt the MPLS forwarding. TASK * Configure MPLS on all routers. Use LDP as protocol. © Configure LDP router ID has to be the loop 01D © Configure the routers to select the labels as below RI 100-199 R2 200-299 R3 300-399 R4 400-499 NOTE: Make sure the CEF is enabled. before you configure. Rash cof Prefix Next Hop Interface * Ifyou see the above output which means CEF is disabled or not ruuning © Make sure that CEF is enabled as MPLS rely on CEF to build its label database. RI (config) tip cef Ri (config)#mpls label protocol ldp Ri(config)# mpls label range 100 199 sos £3 mv wosthok hy sitanta Gon Hosni cone cn, 1808 a ae ea GEDWORK tage 20Ri(config)# mpls lp router-id loopback 0 Ri(confight int s1/0 Ri(config-ip# mpls ip Ri(config-if# exit Ri (configh# int s1/i Ri (config-if# mpls ip R2 R2(config)#mpls label protocol ldp R2(configh# mpls label range 200 299 R2(config)# mpls ldp router-id loopback 0 R2¢config)# int s1/0 R2(config-if mpls ip R2config-if# exit R2(configh# int sI/L R2(config-i)# mpls ip R2¢config-iptend R3 R3(config)#mpls label protocol ldp R3(config)# mpls label range 300 399 R3(config)# mpls ldp router-id loopback 0 R3(config) int s/0 R3(config-ip# mpls ip R3(config-if# int s1/1 R3(config-i)# mpls ip R3(config-ipitend Re R4(config)#mpls label protocol ldp R4(config)# mpls label range 400 499 Ra(config)# mpls ldp router-id loopback 0 Ra(confight int s1/0 Ré(config-ip# mpls ip RA(config-if# exit Ra(configh# int sI/L Ra(config-i# mpls ip Ra(config-iptend Ri1#sh mpls ldp neighbor Peee LDP dite 4200AD; Local LDP ldent 110.0.10 TCP connection: 12.0.0.1.49535 - 11.0.0.1.646 State: Oper; Msgs sent/rced: 29/29; Downstream Up time: 00:05:03 LDP discovery sources: sous 19 scan sy stant dase Human cose (us) 80 Searels eenns ets aera oe (Ca aeSerial1/0, Sre IP addr: 1.1.1.2 Addresses bound to peer LDP Ident. 2111 1112 22.21 12.001 22011 1202.1 1203.1 Local LDP Ident 11.0.0.1:0 TCP connection: 14.0.0.1.48141 - 11.0.0.1.646 State: Oper; Msgs sent/rcod: 24/24; Downstream Up time: 00:00:15 LDP discovery sources: Seriall/l, Src IP addr: 4.4.4.1 Addresses bound to peer LDP Ident W111 3. 4441 1400.1 4011 1402.1 1403.1 R3#sh mpls ldp neighbor TCP connection: 12.0.0.1.646 - 13.0.0.1.25930 State: Oper; Msgs sent/rcod: 30/30; Downstream Up time: 00:05:13 LDP discovery sources: Seriall/0, Src IP addr: 2.2.2.1 Addresses bound to peer LDP Ident 2111 1112 2221 12.002 O11 1202.1 12. TCP connection: 14.0.0.1.45733 - 13.0.0.1.646 State: Oper; Msgs sent/rcod: 2928; Downstream Up time: 00:04:30 LDP discovery sources: Seriali/l, Src IP addr: 33.3.2 Addresses bound to peer LDP Ident: 40111 3332 4441 1400.1 14011 14021 1403.1 R1 sh mpls interfaces Interface IP Tunnel Operational No Yes Seriall/1 Yes (Idp) No Yes R2#sh mpls interfaces Interface IP Tunnel Operational Serial l/0 Yes (Idp) No Yes Serial /1 Yes (Idp) No Yes R3#sh mpls interfaces Interface IP Tunnel Operational Serial Yes (Idp) No Yes Serial 1/1 Yes (Idp) No Yes Rétsh mpls interfaces Interface IP Tunnel Operational Serial/0 Yes (ldp) No Yes MPLS 13 VEN Rosibook by Sikandax Gouge Hoinuddin CCIE (RES, SP) 425012 ALL contents axe copyright €2013 - 2014 All rights reserved. Getwerk Page 22Serial 1/1 Yes (Idp) No Yes Ri#sh mpls ldp bindings ib entry: 1.0.0.0/8, rev 2 local remote binding: tsr:12.0.0.1:, tag: imp-null remote binding: tsr: 14.0.0.1.0, tag: 400 tib entry: 2.00.08, rev 4 local binding: tag: 100 remote binding: tsr:12.0.0.1.0, tag: imp-null remote binding: tsr: 14.0.0.1:0, tag: 401 tib entry: 3.0.0.08, rev 6 local binding: tag: 101 remote binding: tsr:12.0.0.1°, tag: 200 remote binding: tsr: 14.0.0.1°0, tag: imp-null tib entry: 4.0.0.08, rev 8 local binding: tag: imp-rull remote binding: tsr: 12.0.0.1:0, tag: 201 remote binding: tsr: 14.0.0.120, tag: imap-null tib entry: 10.0.0.08, rev 10 local binding: tag: imp-null fib entry: 11.0.0.024, rev 18 tib entry: 11.0.1.0/24, rev 16 local binding: tag: imsp-rull tib entry: 11.0.1.1/82, rev 47 remote binding: tsr: 12.0.0.1.0, tag: 205 remote binding: tsr: 14.0.0.1.0, tag: 405 tib entry: 11.0.2.0/24, rev 14 local binding: tag: imp-rull tib entry: 11.02.12, reo 44 remote binding: tsr: 12.0.0.1°, tag: 2 remote binding: tsr: 14.0.0.1.0, tag: tib entry: 11.03.0224, reo 12 Local binding: tag: imp-mull tib entry: 11.0.3.1/82, rev 45 Remote binding: tsr: 12.0.0.1.0, tag: 203 Remote binding: tsr:14.0.0.1., tag: 408 tib entry: 12.0.0.0/24, rev 48 remote binding: tsr: 12.0.0.1:0, tag: imp-mul fib entry: 12.0.0.1/82, reo local binding: tag: 103 remote binding: tsr: 14.0.0.1.0, tag: 407 tib entry: 12.0.1.0/24, rev 49 remote binding: tsr: 12.0.0.1:0, tag: imp-nul tib entry: 12.0.1.1/2, rev 20 local binding: tag: 102 remote binding: tsr:14.0.0.1°, tag: 406 sous 19 scan sy stant dase unin cose (us) 80 Searels eenns ets aera oe GEWORK race 23lib entry: 12.0.2.024, rev 50 remote binding: Isr: 12.0.0.1:0, tag: imp-nul tib entry: 12.0.2.1/82, rev 26 local binding: tag: 105 remote binding: Isr: 14.0.0.1:, tag: 409 fib entry: 12.03.0224, reo 51 remote binding: tsr:12.0.0.1:0, tag: imp-null tib entry: 12.03.12, rev 24 local binding: tag: 104 remote binding: tsr: 14.0.0.1.0, tag: 408 lib entry: 13.0.0.1/82, rev 28 local binding: tag: 106 remote binding: tsr: 12.0.0.1.0, tag: 206 remote binding: tsr: 14.0.0.1.0, tag: 410 tib entry: 13.0.1.1/82, rev 30 local binding: tag: 107 remote binding: tsr: 12.0.0.1.0, tag: 207 remote binding: tsr: 14.0.0.1°, tag: 411 tib entry: 13.0.2.1/82, reo 32 local binding: tag: 108 remote binding: tsr: 12.0.0.1.0, tag: 208 remote binding: tsr: 14.0.0.1.0, tag: 412 tib entry: 13.0.3.1/82, rev 34 local binding: tag: 109 remote binding: tsr: 12.0.0.1.0, tag: 209 remote binding: tsr: 14.0.0.1., tag: 413 tib entry: 14.0.0.0P2, reo 55 remote binding: tsr: 14.0.0.1:0, tag: imp-mul tib entry: 14.0.0.1/82, reo 42 local binding: tag: 113 remote binding: tsr: 12.0.0.1.0, tag: 213 tib entry: 14.0.1.0/24, rev 56 remote binding: tsr: 14.0.0.1:0, tag: imp-mull tib entry: 14.0.1.1/32, reo 40 local binding: tag: 112 remote binding: tsr: 12.0.0.1:, tag: 2: tib entry: 14.0.2.024, reo 53 remote binding: tsr: 14.0.0.1:0, tag: imp-nul tib entry: 14.0.2.1/82, rev 38 local binding: tag: 111 remote binding: tsr: 12.0.0.1:0, tag: 211 Lib entry: 14.03.04, rev 54 remote binding: tsr:14.0.0.1:0, tag: imp-null tib entry: 14.0.3.1/32, reo 36 local binding: tag: 110 remote binding: tsr: 12.0.0.1.0, tag: 210 tib entry: 20.0.0.08, rev 43 remote binding: tsr: 12.0.0.1:0, tag: imp-mnul tib entry: 40.0.0.08, rev 52 remote binding: tsr: 14.0.0.1:0, tag: imp-nul R2#sh mpls ldp bindings sous 13 scan sy stand dase Hunn cose (us) 80 Searels eenns ets aera oe REWORK race 24lib entry: 1.0.0.0, rev 2 local binding: tag: imp-null remote binding: tsr: 11.0.0.1.0, tag: imp-rull remote binding: tsr: 13.0.0.1:0, tag: 300 tib entry: 2.0.0.0, rev 4 local binding: tag: imp-rull remote binding: tsr: 11.0.0.1:, tag: 100 remote binding: tsr: 13.0.0.1.0, tag: imp-mull tib entry: 3.0.0.085, rev 6 local binding: tag: 200 remote binding: tsr: 11.0.0.1°, tag: 101 remote binding: tsr: 13.0.0.1:0, tag: imp-nul tib entry: 4.0.0.08, rev 8 local binding: tag: 201 remote binding: tsr: 1.0.0.1:, tag: imp-null remote binding: tsr: 13.0.0.1:0, tag: 301 tib entry: 10.0.0.08, rev 43 remote binding: tsr: 11.0.0.1:0, tag: imp-mull tib entry: 11.0.0.0/24, rev 47 remote binding: tsr: 11.0.0.1.0, tag: imap-null tib entry: 11.0.1.024, reo 46 remote binding: srs 11.0.0: tage ipl tib entry: 11.0.1.1/2, rev 18 local binding: tag: 205 remote binding: tsr: 13.0.0.1:0, tag: 305 tib entry: 11.0.2.0/24, rev 45 remote binding: tsr: 11.0.0.1:0, tag: imp-nul tib entry: 11.0.2.1/82, reo 12 local binding: tag: 202 remote binding: tsr: 13.0.0.1.0, tag: 302 tib entry: 11.0.3.0/24, reo 44 remote binding: tsr: 11.0.0.1:0, tag: imp-mul tib entry: 11.03.1/82, rev 14 local binding: tag: 203 remote binding: tsr: 13.0.0.1.0, tag: 303 tib entry: 12.0.0.0/24, rev 20 local binding: tag: imp-null tib entry: 12.0.0.1/82, rev 49 remote binding: tsr: 11.0.0.1.0, tag: 108 remote binding: tsr: 13.0.0.1:0, tag: 307 tib entry: 12.0.1.024, reo 22 local binding: tag: imp-rull lib entry: 12.0.1.1/2, rev 48 remote binding: tsr: 11.0.0.1.0, tag: 102 remote binding: tsr: 13.0.0.1.0, tag: 306 tib entry: 12.0.2.0/24, rev 24 local binding: tag: imp-null tib entry: 12.0.2.1/82, reo 51 remote binding: tsr:11.0.0.1°, tag: 105 ge oes eis eee Searels eenns ets aera oe Getwerk Page 25remote binding: tsr: 13.0.0.1.0, tag: 309 tib entry: 12.0.3.0/24, rev 26 local binding: tag: imp-null fib entry: 12.03.1/32, rev 50 remote binding: tsr:11.0.0.1:, tag: 104 remote binding: tsr: 13.0.0.1., tag: 308 tib entry: 13.0.0.024, reo 53 remote binding: tsr: 13.0.0.1.0, tag: imp-mull tib entry: 13.0.0.1/82, rev 28 local binding: tag: 206 remote binding: tsr: 11.0.0.1.0, tag: 106 tib entry: 13.0.1.024, reo 52 remote binding: tsr: 13.0.0.1:0, tag: imp-nul tib entry: 13.0.1.1/82, rev 30 local binding: tag: 207 remote binding: Isr: 11.0.0.1.0, tag: 107 tib entry: 13.0.2.024, reo 55 remote binding: tsr: 13.0.0.1:0, tag: imp-mul tib entry: 13.0.2.1/82, reo 32 local binding: tag: 208 remote binding: tsr: 11.0.0.1.0, tag: 108 tib entry: 13.03.04, rev 54 remote binding: ts: 13.0.0.1:, tag: imp-null tib entry: 13.0.3.1/82, rev 34 local binding: tag: 209 remote binding: tsr: 11.0.0.1.0, tag: 109 tib entry: 14.0.0.1/82, reo 42 local binding: tag: 213 remote binding: tsr: 11.0.0.1.0, tag: 113 remote binding: tsr: 13.0.0.1.0, tag: 313 tib entry: 14.0.1.1/82, rev 40 local binding: tag: 212 remote binding: tsr: 11.0.0.1.0, tag: 112 remote binding: tsr: 13.0.0.1.0, tag: 312 tib entry: 14.0.2.132, reo 38 local binding: tag: 211 remote binding: tsr: 11.0.0.1:0, tag: 111 remote binding: tsr: 13.0.0.1°0, tag: 311 tib entry: 14.03.12, rev 36 local binding: tag: 210 remote binding: tsr: 11.0.0.1.0, tag: 110 remote binding: tsr: 13.0.0.1.0, tag: 310 tib entry: 20.0.0.08, rev 10 local binding: tag: imp-null tib entry: 30.0.0.08, rev 56 remote binding: tsr: 13.0.0.1:0, tag: imp-nul R3#sh mpls Idp bindings ib entry: 1.0.0.0, rev 2 local binding: tag: 300 remote binding: ts: 12.0.0.1:, tag: imp-null sous 19 wo scan sy stand dase smn coer (ue) 80 Searels eenns ets aera oe REWORK race 20remote binding: tsr: 14.0.0.1.0, tag: 400 tib entry: 2.0.0.088, rev 4 local binding: tag: imp-null remote binding: Isr: 12.0.0.1:0, tag: imp-null remote binding: tsr: 4.0.0.1. tag: 401 tib entry: 3.0.0.085, rev 6 local binding: tag: imp-null remote binding: tsr: 12.0.0.1.0, tag: 200 remote binding: tsr: 14.0.0.1:0, tag: imp-mul tib entry: 4.0.0.08, rev 8 local binding: tag: 301 remote binding: tsr: 12.0.0.1:0, tag: remote binding: tsr: 14.0.0.1:0, tag: tib entry: 11.0.1.1/32, rev 16 local binding: tag: 305 remote binding: tsr: 12.0.0.1.0, tag: 205 remote binding: tsr: 14.0.0.1.0, tag: 405 tib entry: 11.0.2.1/82, rev 10 local binding: tag: 302 remote binding: Isr: 12.0.0.1:0, tag: remote binding: tsr: 14.0.0.1.0, tag: 402 tib entry: 11.03.1/32, reo 12 local binding: tag: 303 remote binding: tsr: 12.0.0.1.0, tag: 208 remote binding: tsr: 14.0.0.1.0, tag: 403 tib entry: 12.0.0.0/24, rev 44 remote binding: tsr: 12.0.0.1:0, tag: imp-nul tib entry: 12.0.0.1/82, rev 20 local binding: tag: 307 remote binding: tsr: 14.0.0.1.0, tag: 407 tib entry: 12.0.1.0/24, reo 45 remote binding: tsr: 12.0.0.1:0, tag: imp-mul tib entry: 12.0.1.1/32, rev 18 local binding: tag: 306 remote binding: tsr: 14.0.0.1.0, tag: 406 tib entry: 12.0.2.0/24, rev 46 remote binding: tsr: 12.0.0.1:0, tag: imp-nul tib entry: 12.0.2.1/32, rev 24 local binding: tag: 309 remote binding: tsr: 14.0.0.1.0, tag: 409 tib entry: 12.03.0/24, reo 47 remote binding: tsr: 12.0.0.1:0, tag: imp-nul tib entry: 12.03.12, reo local binding: tag: 308 remote binding: tsr: 14.0.0.1.0, tag: 408 Lib entry: 13.0.0.0/24, rev 28 local binding: tag: imp-null tib entry: 13.0.0.1/82, reo 48 eg ee es eee Searels eenns ets aera oe Getwerk Page 27remote binding: tsr: 12.0.0.1°0, tag: remote binding: tsr: 14.0.0.1.0, tag: 410 tib entry: 13.0.1.0/24, rev 26 local binding: tag: imp-null lib entry: 13.0.1.1/82, rev 49 remote binding: tsr: 12.0.0.1.0, tag: 207 remote binding: tsr: 14.0.0.1°, tag: 411 tib entry: 13.0.2.0P24, rev 32 local binding: tag: imp-null tib entry: 13.0.2.1/2, rev 50 remote binding: tsr: 12.0.0.1.0, tag: 208 remote binding: tsr: 14.0.0.1°, tag: 412 tib entry: 13.03.04, rev 30 local binding: tag: imp-null tib entry: 13.03.1/82, reo 51 remote binding: tsr: 12.0.0.1.0, tag: 209 remote binding: tsr: 14.0.0.1., tag: 413 tib entry: 14.0.0.0P24, reo 55 remote binding: tsr: 14.0.0.1.0, tag: imp-mul fib entry: 14.0.0.1/82, rev 40 local binding: tag: 313 remote binding: tsr: 12.0.0.1.0, tag: 213 fib entry: 14.0.1.024, reo 56 remote binding: tsr:14.0.0.1:, tag: imp-null fib entry: 14.0.1.1/32, reo 38 local binding: tag: 312 remote binding: tsr: 12.0.0.1°, tag: 2 tib entry: 14.0.2.0P24, reo 53 remote binding: tsr: 14.0.0.1:0, tag: imp-nul tib entry: 14.0.2.1/82, rev 36 local binding: tag: 311 remote binding: tsr: 12.0.0.1:0, tag: 211 fib entry: 14.03.0/24, reo 54 remote binding: tsr: 14.0.0.1.0, tag: imp-mul tib entry: 14.03.12, rev 34 local binding: tag: 310 remote binding: tsr: 12.0.0.1.0, tag: 210 tib entry: 20.0.0.08, rev 43 remote binding: tsr: 12.0.0.1:0, tag: imp-mul tib entry: 30.0.0.08, rev 42 local binding: tag: imp-null tib entry: 40.0.0.08, rev 52 remote binding: tsr:14.0.0.1:, tag: imp-null Raftsh mpls ldp bindings ib entry: 1.0.0.0, rev 2 local binding: tag: 400 remote binding: tsr: 13.0.0.1.0, tag: 300 remote binding: tsr: 11.0.0.1:0, tag: imp-nul tib entry: 2.0.0.088, rev 4 local binding: tag: 401 remote binding: tsr: 13.0.0.1:0, tag: imep-mull MPLS 13 VEN Rosibook by Sikandax Gouge Hoinuddin CCIE (RES, SP) 425012 ALL contents axe copyright €2013 - 2014 All rights reserved. Getwerk Page 29remote binding: tsr: 11.0.0.1.0, tag: 100 tib entry: 3.0.0.085, rev 6 local binding: tag: imp-null remote binding: tsr: 13.0.0.1:0, tag: imp-nul remote binding: tsr: 1.0.0.1. tag: 101 tib entry: 4.0.0.08, rev 8 local binding: tag: imp-null remote binding: tsr: 13.0.0.1°, tag: 301 remote binding: tsr: 11.0.0.1:0, tag: imp-mul tib entry: 10.0.0.08, rev 52 remote binding: tsr: 11.0.0.1.0, tag: imp-null tib entry: 11.0.0.0724, rev 56 remote binding: tsr: 11.0.0.1:0, tag: imp-nul fib entry: 11.0.1.0224, reo 55 remote binding: ts tib entry: 11.0.1.1/2, rev 18 local binding: tag: 405 remote binding: tsr: 13.0.0.1.0, tag: 305 tib entry: 11.0.2.0/24, rev 54 remote binding: tsr: 11.0.0.1:0, tag: imp-null lib entry: 11.0.2.1/32, rev 12 local binding: tag: 402 remote binding: tsr: 13.0.0.1.0, tag: 302 tib entry: 11.03.02, reo 53 remote binding: tsr: 11.0.0.1:0, tag: imp-mul tib entry: 11.03.12, rev 14 local binding: tag: 403 remote binding: tsr: 13.0.0.1.0, tag: 303 tib entry: 12.0.0.1/82, reo 22 local binding: tag: 407 remote binding: tsr: 13.0.0.1.0, tag: 307 remote binding: tsr: 11.0.0.1.0, tag: 103 fib entry: 12.0.1.1/32, rev 20 local binding: tag: 406 remote binding: tsr: 13.0.0.1.0, tag: 306 remote binding: tsr: 11.0.0.1.0, tag: 102 tib entry: 12.0.2.1/82, rev 26 local binding: tag: 409 remote binding: tsr: 13.0.0.1.0, tag: 309 remote binding: tsr: 11.0.0.1.0, tag: 105 tib entry: 12.03.12, reo 24 local binding: tag: 408 remote binding: tsr: 13.0.0.1.0, tag: 308 remote binding: tsr: 11.0.0.1.0, tag: 104 tib entry: 13.0.0.0/24, rev 44 remote binding: tsr: 13.0.0.1:0, tag: imp-nul tib entry: 13.0.0.1/82, rev 28 local binding: tag: 410 remote binding: tsr: 11.0.0.1°0, tag: 106 sous 19 wo scan sy stant dase Human cose (us) 80 Searels eenns ets aera oe GEWORK racelib entry: 13.0.1.024, reo 43 remote binding: tsr: 13.0.0.1:0, tag: imp-nul tib entry: 13.0.1.1/2, rev 30 local binding: tag: 411 remote binding: tsr: 11.0.0.1°, tag: 107 tib entry: 13.0.2.0/24, reo 46 remote binding: tsr: 13.0.0.1:0, tag: imep-mull tib entry: 13.0.2.1/82, reo 32 local binding: tag: 412 remote binding: tsr: 11.0.0.1., tag: 108 lib entry: 13.03.0224, reo 45 remote binding: tsr: 13.0.0.1:0, tag: imp-nul tib entry: 13.0.3.1/82, rev 34 local binding: tag: 413 remote binding: tsr: 11.0.0.1:0, tag: 109 tib entry: 14.0.0.0/24, rev 40 local binding: tag: imp-rull tib entry: 14.0.0.1/82, reo 50 remote binding: tsr: 13.0.0.1.0, tag: 313 remote binding: tsr: 11.0.0.1.0, tag: 113 tib entry: 14.0.1.024, reo 42 local binding: tag: imp-null fib entry: 14.0.1.1/82, reo 49 remote binding: tsr: 13.0.0.1:0, tag: remote binding: tsr: 11.0.0.1., tag: 112 tib entry: 14.0.2.0/24, reo 36 local binding: tag: imp-rull tib entry: 14.0.2.132, reo 48 remote binding: tsr: 13.0.0.1°0, tag: 311 remote binding: tsr: 11.0.0.1:0, tag: 111 tib entry: 14.0.3.0/24, rev 38 local binding: tag: imp-rull tib entry: 14.03.132, reo 47 remote binding: tsr: 13.0.0.1.0, tag: 310 remote binding: tsr: 11.0.0.1.0, tag: 110 tib entry: 30.0.0.08, reo 51 remote binding: tsr: 13.0.0.1:0, tag: imp-nul tib entry: 40.0.0.08, rev 10 local binding: tag: imp-null Ri#sh mpls forwarding-table Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 100 Pop tag 2.0.00/8 0 — Sel/0 _point2point i/l__poin 101 Poptag 3.0.0.0/8 0 103 Untagged 1200.132 0 Sel _point2point 104 Untagged 12.03.182 0 — Sel _point2point 105 Untagged 12.02.182 0 — Sel _point2point 106 410° 13.00.12 0 — Sel/l _point2point Se1/0 point2point 107 411 13.0.1.182 0 — Sel/1_—point2point 206 13.0.0.1/32 MPLS 13 VEN Rosibook by Sikandax Gouge Hoinuddin CCIE (RES, SP) 425012 ALL contents axe copyright €2013 - 2014 All rights reserved. GEWERK race 20207 13.0.1.1/82 Se1/0point2point 108 412 1302.18 Sel/1 ~ point2point 208 13.0.2.82 0 — Se __point2point 109 413 1303.82 0 — Sel/1__point2point 209 13.03.1820 Sel/0_point2point 110 Untagged 1403.1/52 111 Untagged 1402.1 112 Untagged 140.1.1/82 113 Untagged “14.00.1820 R2#sh mpls forwarding-table Local Outgoing Prefix tag. tag or VC. or Tunnel Id 200 Pop tag 3.0.0.0/8 201 Pop tag 4.0.0.0/8 2 Untagged 11.0.2.1/82 13 Untagged 1.03.1 Untagged 11.0.1.1/82 Untagged 13.0.0.182 Untagged 13.0.1.182 Untagged 13.0.2.1/32 Untagged 13.03.1/32 310 14.03.1/32 10 14.0.3.1/32 211 311 14.0.2.1/82 11 14.0.2.1/32 212 312 140.1.182 112 140.1.182 213 313 14.0.0.182 113 14.0.0.182 R3# sh mpls forwarding-table Local Outgoing Prefix tag tag or VC or Tunnel Id 300 Pop tag 1.0.0.0/8 301 Pop tag 4.0.0.0/8 302 402 11.0.2.1/82 2 110.2182 0 303 403 10.1482 0 205 Untagged Untagged Untagged Untagged Untagged Untagged 306 307 308 309 310 3I1 12.0.1.1/82 12.0.0.182 12.03.12 12.02.12 14.03.12 14.02.12 0 SeI/1_—_point2point 0 SeI/__point2point 0 SeI/1__point2point Sel/1 point2peint Bytes tag Outgoing Next Hop switched interface 0 Sei/1 —point2point 0 — Se1/0 _ point2point 10 point2point oint point2point point2point point2point point2point point2point point2point Se1/0 _point2point Sel/1 — point2point Se1/0_point2point Sel/1 — point2point Se1/0 point2point Sel/l point2point Se1/0 —point2point Bytes tag Outgoing Next Hop switched interface 0 Se1/0 _point2point 0 — SeI/1 _point2point 0 Sel/__point2point SeI/0 point2point Sei/1 point2point Se1/0_ point2point 0 SeIf0 —_point2point 0 SeI/0 _point2point 0 SeIf0 _point2point 0 SeIf0 _point2point 0 SeI/l__point2point 0 Self _point2point MPLS 13 VEN Rosibook by Sikandax Gouge Hoinuddin CCIE (RES, SP) 425012 ALL contents aze copyright €2013 - 2014 Ail rights reserved. Getwerk Page 31312 Untagged 14.01.1832 0 — Sel/l__point2point 313 Untagged 1400182 0 — Sell _point2point Rétsh mpls forwarding-table Local Outgoing Profix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel ld switched interfuce 400 Poptag 1000/8 0 — Sel/l__point2point 401 Poptug 2.0.00/8 0 — Self __point2point Untagged 11.0. 0 Seif __ poi 405 Untagged 11.01.1382 0 — Sel/1__ point2point 406 102 12.01.1482 0 Self __point2point 306 120.1182 0 Sel/0_point2point 407 103 12.000.1/32 Sel/l ~ point2point 307 12.0.0.1/32 Se1/0_point2point 408 104 — 12.0.3.1/32 Sel/1 — point2point 308 12.03.1832 Se1/0point2point 409 105 120.2.1/82 Sel/1 point2point 309 12.0.2.182 0 SeI__ point2point 410 Untagged 13.0.0.182 411 Untagged 13.0.1.182 412 Untagged 13.0.2.182 413° Untagged 13.03.12 -onfigure Authentication between R1 and R2 (password cisco123) Ri(config)#mpls Idp neighbor 12.0.0.1 password cisco123 R2(config)#mpls Idp neighbor 11.0.0.1 password cisco123 Rsk mpls Idp neighbor Peer LDP Ident: 14.0.0.1:0; Local LDP Ident 11.0.0.1.0 TCP connection: 14.0.0.1.34678 - 11.0.0.1.646 State: Oper; Msgs sent/rced: 36/36; Downstream Up time: 00:08:35 LDP discovery sources: Seriali/l, Src IP addr: 44.4.1 Addresses bound to peer LDP Ident: 40.111 3332 4441 1400.1 140.11 14021 1403.1 Peer LDP Ident: 12.0.0.1:0; Local LDP Ident 11.0.0.1.0 TCP connection: 12.0.0.1.14931 - 11.0.0.1.646 State: Oper; Msgs sent/rced: 2727; Downstream Up time: 00:00:18 LDP discovery sources: Serial), Src IP addr: 1.1.1.2 Addresses bound to peer LDP Ident: 20111 11 20.11 120.21 12.00.1 TASK: Configure the R1 to change the router-id to loopback 1 Ri(config)#mpls ldp router-id loopback 1 foree MPLS 13 VEN Rosibook by Sikandax Gouge Hoinuddin CCIE (RES, SP) 425012 ALL contents axe copyright €2013 - 2014 All rights reserved. 402 Untagged 11.02.1820 — Self point2point 1 int SeI0 — point2point SeIM — point2point SeI — point2point SeI — point2point GEDWORK race 22Risk mpls ldp neighbor Peer LDP Ident: 12.0.0.10; TCP connection: 12.0.0.1.21307 - 11.0.1.1.646 State: Oper; Msgs sent/rced: 2727; Downstream Up time: 00:00:26 LDP discovery sources: Serialif0, Src IP addr: 1.1.1.2 Addresses bound to peer LDP Ident 20111 1112 2221 12.001 O11 120.21 1203.1 Peer LDP Ident: 14.0.0.1:0; Local LDP Ident 11.0.1.1.0 TCP connection: 14.0.0.1.16756 - 11.0.1.1.646 State: Oper; Msgs sent/rced: 2727; Downstream Up time: 00:00:04 LDP discovery sources: Seriali/L, Src IP addr: 4.44.1 Addresses bound to peer LDP Ident: 40111 3332 4441 14001 40.11 14021 1403.1 ‘MPLS LDP DISCOVERY To configure the interoal betaeen transmission of consecutive Label Distribution Protocol (LDP) Discovery Hello messages, or the hold time for a discovered LDP neighbor, or the neighbors from which requests for targeted Hello messages may be honored, use the mpls ldp discovery conrmand in global configuration mode. To disable transmission times, or hold times, or neighbor requests, use the no form of this command. pls Idp discovery {hello {holdtime | interoal} seconds | targeted-hello holdtime | interoal} seconds | accept {front actl} no mpls lap discovery {hello fholdtime | interoal} | targeted-hello holdtime | interval) | accept} # The default value for the interoat keyword is 5 seconds # The defiult value for the holdtime keyword is 15 seconds TASK © Configure The Interval Of Discovery Hello To Be 20 Sec And With Hold Down Time Of 60 Sec On AILLSR Risk mpls Idp discovery detail Local LDP Identifier 11.00.10 Discovery Sources: Interface Serial (0 (ldp): xmitfreco Enabled: Interface config Hello interoal: 5000 ms; Transport IP addr: 11.0.0.1 LDP Id: 12.0.0.1:0 Src IP addr: 1.1.1.2; Transport IP addr: 12.0.0.1 Proposed local/peer: 15/15 sec Reachable via 12.0.0.1/32 Serial/1 (ldp): xmitfreco Enabled: Interface config mere reainecm cre CE WORK rapesHello interval: 5000 ms; Transport IP addr: 11.0.0.1 LDP Id: 14.0.0.1:0 Sre IP addr: 4.4.4.1; Transport IP addr: 14.0.0.1 Hold time: 15 see; Proposed local/pe Reachable via 14.0.0.1/32 Ri#tsh mpls ldp parameters Protocol version: 1 Downstream label gener Discovery targeted hello: holdtime: 90 sec; interoel: 10 see Downstream on Demand max hop cou Downstream on Demand Path Vector Limit: 255 LDP for targeted sessions LDP initial/maximum backoff: 15/120 see LDP loop detection: off ‘fa router missed 3 hello packets, he will declare its neighbour down then KA will be sent every 60s; after missing 3 KA megs the router will remove neighbour from his database R1(config)#mpls ldp discovery ? hello LDP discovery Hello targeted-hello LDP discovery Targeted Hello ON ALL ROUTERS Ru(config)#mpls Ip discovery Ru(config)#mpls Ip discovery Rash mpls ldp discovery detail Local LDP Identifier: 1100.10 Discovery Sources: Interfaces: Serial/0 (Idp): xmit/reco Enabled: Interface config Hello irteroal: 20000 mis; Transport IP addr: 11.0.0.1 LDP Id: 12.0.0.10 Src IP addr: 1.1. 2; Transport IP add: 12.0.0.1 Reachable via 12.0.0.1/32 Serial1/1 (ldp): xmit/reco Enabled: Interface config Hello interoal: 20000 ms; Transport IP addr: 11.0.0.1 LDP Id: 14.0.0.1.0 Src IP addr: 4.4.4.1; Transport IP addr: 14.0.0.1 Reachable via 14.0.0.1/32 Rl#sh mpls ldp parameters Protocol version: 1 Downstream label generic region: min label: 100; max label: 199 vs £3 rv wut hy sitant Gon osnutin come n,n 1808 a ae ea REWORK race 2sSession hold time: 180 sec; keep alive interval: 60 sec Discovery targeted hello: holdtime: 90 sec; interval: 10 see Downstream on Demand max hop count: 255 Downstream on Demand Path Vector Limit: LDP for targeted sessions LDP initial/maxintum backoff: 15/120 sec LDP loop detection: off WLS 13 YPN Worthook by Sikandar Gouge Moinuddin CCIE (R&S, SP) #35012 @ K ALL contents axe copyright €2013 - 2014 All rights reserved. Page 35MPLS VPNs One of the most popular of the MPLS applications is called MPLS virtual prioate networks (VPNS).. ‘© MPLS VPNs allow a service provider, or even a large enterprise, to offer Layer 3 VPN service © In particular, SPs oftentimes replace older Layer 2 WAN seroices such as Frame Relay and ATM with an MPLS VPN service. ‘© MPLS VPN services enable the possibilty for the SP to provide a wide oariety of additional services to its customers because MPLS VPNs are awoare ofthe Layer 3 addresses at the customer locations. Additionally, MPLS VPNS can. still provide the privacy inherent in Layer 2 WAN services. «The MPLS VPN architecture enables PE routers to participate in client routing, ohile maintaining separation between clients and optimizing the routing between client sites. # Italso enables separate clients to use overlapping addresses ‘© With MPLS VPNs the following tables are duplicated per VPN, the RIB, the FIB, and the LFIB. ‘© With EIGRP, EBGP, RIP the routing separation is done by several instances in the same process. OSPF implements separate process VRF (Virtual Routing and Forwarding) © VRE provides a way for you to configure multiple routing instances on your router. © keep customer traffic and routing separate utilize the same hardware. + Without VRF we need to use ACL filtering to keep traffic segregated. Each VRF has three main components, as follows: © An IP routing table (RIB) © ACEF FIB, populated based on that VRE's RIB © A separate instance or process of the routing protocol used to exchange routes with the CEs that need to be supported by the VRF RD (Route-Distinguisher) ‘+ Isa 64-bit (8-byte) prepended prefix, used to convert a clients non-unique 32-bit [Po4 address into a unique 96-bit VPNo4 address, to enable transport between PE routers. © RD uniquely identifies a route (IP prefix) it does NOT identify a VPN. © ARD is locally significant to a router sous 19 wo scan sy stand dase umn cose (us 80 Searels eenns ets aera oe GEWERK race 3664 Bits 32 Bits VPN IPv4 Address ~ 96 Bits © AVRF is not operational unless you configure an RD. © You car use the ASN:nn or A.B.C.Denn format for RD. © Each VRF in a PE router must have a unique RD. RT (Route-Target) © [a 64-bit extended BGP community that is attached to a VPNo4 BGP route to indicate its VPN membership © Any number of RTs can be attached to a single route. Export RTs ‘© Identifies the VPN membership, to which the associated VRF belongs to. + Are attached to a client’s route, when itis converted into a VPNo4 route. Import RTs ‘© Are used to select which VPNod routes are to be inserted into which VRF tables. © On the receiving PE router, a route is imported into a VRF only if at least one RT attached to the route matches at leastone import RT configured in that VRF. ‘On 3600/3700 (CCIE RS exam) Router config) ip orf orf-name Router(config-orf)# rd route-distinguisher Router(config-orp)# route-target export RT Router(config-or# route-target import RT On 7000 series cisco routers (CCIE SP exam) Router(configh# vrf definition ABC Router(config-orp)# rd Router(conyig-orp)# address-family ipot Router(config-rf-ap# route-target export 9:9 Router(config-orfaf# route-target import 9:9 Router(config-orfap# exit Router(config-orp address-family ipv6 Router(config-orfap# route-target export 9:9 Router(config-vrfaf# route-target import 9:9 Router(config-orfaf)# exit With MPLS VPNs, two labels are used: The outer/top label is used for switching the packet in the MPLS network. (Often called the LDP label) sous 19 pr nan sy stant dave smsin cose (ue) 808 Searels eenns ets aera oe GEWERK race 57The top label points to the egress router and is propagated by LDP. (Adjacent LSR's label for the next-hop's IPo prefix) The inner/bottom label is used to separate packets at egress points. (Often called the VPN label) The second label identifies the outgoing interface on the egress router and is propagated via MP-BGP. A VEN label is assigned to every VPN route by the Egress PE router, and then advertised to ALL other PE routers in a MP-BGP update. (Don't forget BGP still requires a full-mesh for iBGP) The BGP next-hop address naust be an IGP route. The ingress PE router converts the clients IPo4 routes, exports the VPNo routes from VRF tables into MP-BGP and propagates them as VPNo4 routes to other PE routers P routers typically have no knowledge of the VPN routes, as they only swap the LDP labels along a LSP. The egress PE router imports the incoming VPNod routes from MP-iBGP into the appropriate VRF based on the RTs (Route-Targets) attached to the routes, before passing on the clients IPV4 routes. sos £3 mv wosthok hy sitanta Gon Hosni cone cn, 1808 a ae ea GEWORK race a8ort for Static Routin; Weotrae, ‘yooraces ietfay/ Rate, eine Hea ey Se watts moaadts ¥y ies TASK 1. Configure IGP inside SP Core ( RI/R2/R3/R4) under OSPF area 0 2. Configure MPLS LDP inside the SP core ( R1/R2/R3/R4) (The Above two tasks are configured in the previous Lab Here we Assume the above two tasks are preconfigured) 3. Connect R5 & R6 and Assign IP addressing as per the Diagram and Verify Connectivity. R5(config)#int loopback 0 R5(config-iP tip address 5.5.5.5 255.255.255.255 R5(config-ipttend R5(config)#int O70 R5(config-if tip address 172.16.15.5 255.255.255.0 R5(config-ip#no shutdown R5(config-iptend R1(config)int 70 Ri(config-ip tip address 172.16.15.1 255,255.255.0 Ri(config-ip#no shutdown Ri(config-iptend Rittping 172.16.15.5 Type escape sequence to abort. ALL contents axe copyright €2013 - 2014 All rights reserved. WLS 13 YPN Worthook by Sikandar Gouge Moinuddin CCIE (R&S, SP) #35012 @ K aSending 5, 100-byte ICMP Echos to 172.16.15.5, timeout is 2 seconds: ‘Success rate is 80 percent (4/5), round-trip minfavg/max = 8/31/48 ms RG (config) int 0 R6(config-iPip address 172.16.36.6 255.255.255.0 R6(config-ipftno shutdown R6(config-ipiexit R6(config)#int loop 0 R6(config-i tip address 6.6.6.6 255.255.255.255 R6(config-itend R3 (config) int 70 R3(config-ip tip address 172.16.36.3 255.255.255.0 R3(config-ipt#tno shutdown R3(config-ipend R3Aping 172.16.36.6 Type escapes sequence to abort Sending 5, 100-byte ICMP Echos to 172.16.36.6, timeout is 2 seconds: Success rate is 80 percent (4/5), round-trip min/aog/max = 1680/52 ms R3#ping 172.16.36.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.36.6, timeout is 2 seconds: Suct rate is 100 percent (5/5), round-trip minfaog/max = 8/30/64 ms TAS! ‘© Create VRF A-1 on Site 1 (on R1) and VRF A-2 on site-2(R3) © RD& Route Target value should be 500:1 for both sites Ri confightip orf A-1 Ri(config-orf)trd 5001 Ri (config-vrf)#route-target import 500:1 R1(config-orf)#route-target export 500:1 Ri(config-orp exit R3(config)tip orf A-2 R3(config-orf)#rd 500:1 R3(config-vrf)#route-target both 5001 R3(config-orf)texit R3(config)texit vous £9 ww sas by sthantne coe main out nes S02 Searels eenns ets aera oe GEWERK race 00R3#tsh ip orf Name Default RD Interfaces AQ 500:1 R3#tsh ip vrf detail VRF A-2; default RDISOOM; default VPNID No interfaces Connected addresses are not in global routing table (ERPOPEVPN route-target communities T5001 Import VPN route-target communities RT500:1 No import rowte-map No export route-map VRE label distribution protocol: not configured R3ttsh run | s orf iporfA2 rd 500:1 route-target expor route-target import 5 TAS! © OnR1 Assign interfaces facing CE (R5) under VRF A-1 © On R3 Assign interfaces facing CE (R6) under VRF A-2 R3#tsh ip route connected C_ 2.0.0.0/8 is directly connected, Serial1/0 C_ 3.0.0.0/8 is directly connected, Serialt/1 172.16.0.0/24 is subnetted, 1 submets C _ 172.16.36.0 is directly connected, FastEthemet0/0 13.0.0.0/24 is subnetted, 4 subnets 13.0.1.0 is directly connected, Loopback 13.0.0.0is directly connected, Loopback 13.0.3.0 is directly connected, Loopback3 13.0.2.0is directly connected, Loopback2 aa00 R3(configytdo sh run int f0/0 Building configuration. Current configuration: 130 bytes interface Fast theet0/0 ip address 172.16.36.3 255.251 duplex auto ALL contents axe copyright €2013 - 2014 All rights reserved. WLS 13 YPN Worthook by Sikandar Gouge Moinuddin CCIE (R&S, SP) #35012 @ K —_-speed auto p06 address FC00:33:33:33:5/64 end R3(confightint fO/0 R3(config-ap tip orf forwariting A-2 % Interface FastEthemet0/0 IP address 172.16.363 removed due to enabling VRF A-2 R3(config-iP# ip address 172.16.36.3 255.255.255.0 R3(config-iperit R3#sh ip route connected C_ 2.0.0.0/8 is directly connected, Serial1/0 C_ 3.0.0.0/8 is directly connected, Serialt/1 13.0.0.0/24 is subnetted, 4 subnets 13.0.1.0 is directly connected, Loopback 13.0.0.0is directly connected, Loopback 13.0.3.0is directly connected, Loopback3 13.0.2.0is directly connected, Loopback? anaa © Once we assign the interface under VRF A-2 it moves to separate VRE A-2 routing table. + All the routes receiving from this interface (facing CE) will be placed in a separate VRF routing table (A-2) R3#tsh ip route orf A-2 Routing TAOS Codes: C- connected, S - static, R - RIP, M-- mobile, B - BGP D -EIGRP, EX - EIGRP external, O- OSPF, 1A - OSPF inter area NI-OSPF NSSA external type 1, N2- OSPF NSA external type 2 E1-OSPF external type 1, E2 - OSPF external type 2 i= ISAS, su - ISIS summary, L1 -15-IS level-1, L2 - IS-1S level-2 ia ISIS inter area, *- candidate default, U - per-user static route o- ODR, P- periodic downloaded static route Gateway of last resort is not set 172.16.0.0/24 is subnetted, 1 subnets R3#sh ip orf Name Default RD Interfaces R3#tping 172.16.36.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.36.6, timeout is 2 seconds: ‘Success rate is O percent (065) vous £9 ww sas by sthantne coe main out nes S02 Sear cauSrutoe spel anal apts as tags erocoee Wetwerk Page 42R3#ping orf A-2 172.16.36.6 Type escape sequence to abort ‘ending 5, 100-byte ICMP Echos to 172.16.36.6, timeout is seconds ‘Success rate is 80 percent (4/5), round-trip min/avg/max = 16/32/48 ms RI#sh ip route connected C 1.0.0.0/8 is directly connected, Serial1/0 C. 4.0.0.0/8 is directly connected, Serialt/1 72.16.0.0/24 is subnetted, 1 subnets C _172.16.15.0 is directly connected, FastEthernet0/0 11.0.0.0/24 is subnetted, 4 subnets C 1103.0 is directly connected, Loopback3 C — 11.0.2.0 is directly connected, Loopback2 C 11.0.1.0 is directly connected, Loopbackt c 11.0.0.0 is directly connected, Loopback0 Ri(configh#do sh run int f0/0 Building configuration... Current configuration: 144 bytes interface FastEthernet0/0 ip address 172.16.15.1 255.255.255.0 duplex auto speed auto jpw6 address FCO0: end R1(config)int 70 Ri(config-ip tip vrf forwarding A-1 Ri (config-iptip address 172.16.15.1 255.255. Ri(config-itend 0 RI#sh ip route connected C_ 1.0.0.0/8is directly connected, Seriall/0 C. 4.0.0.0/8 is directly connected, Serial1/1 11.0.0.0/24 is subnetted, 4 subnets 1.0.3.0 is directly connected, Loopback3 1.0.2.0 is directly connected, Loopback2 11.0.1.0is directly connected, Loopback 11.0.000js directly connected, Loopback anaa Riftsh ip route vrf AT Routing Table: A-1 MPLS 13 VEN Rosibook by Sikandax Gouge Hoinuddin CCIE (RES, SP) 425012 ALL contents axe copyright €2013 - 2014 All rights reserved. Getwerk Page 49Codes: C- connected, S - static, R- RIP, M- mobile, B-BGP D -EIGRP, EX - EIGRP external, O - OSPE, IA - OSPF inter area N1- OSPF NSSA external type 1, N2- OSPF NSSA external type 2 E1-OSPF external type 1, E2 - OSPF external type 2 i- ISAS, su - ISIS suummary, L1- IS-IS level-1, L2 - IS-IS level-2 S inter area, * - candidate default, U - per 0- ODR, P- periodic downloaded static route iser static route Gateway of last resort is not set 172.160.0724 is subnetted, 1 subnets Ritsh ip orf Name Default RD Interfaces Al 500:1 Fag Ri#ping 172.16.15. Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.15.5, timeout is 2 seconds: ‘Success rate is 0 percent (0/5) Ri#ping vrf A-1172.16.15.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.15.5, timeout is 2 seconds: 36 rate is 100 percent (5/5), round-trip min/avg/max = 12/38/76 ms © Configure Routing between PE and CE using Static Routing on both Ends. + Ensure that PE routers (R1 & R3) should be able to ping CE routers (R5/R6) LAN interfaces respectively. R5(config)ttip route 0.0.0.0 0.0.0.0 172.16.15.1 R5(confightend 1255 172.1615.5 R1(confightend Ritsh ip route vif AT Routing Table: A-1 Gateway of last resort is not set 5.0.0.0/32 is submetted, 1 subnets S 555.5 (1/0) via 172.16.15.5 172.16.0.0/24 is subnetted, 1 subnets C 172.16.15.0 is directly connected, Fast thernetO0 sous 19 wo scan sy stand dase umn cose (us 80 Searels eenns ets aera oe GEWORK race asRittping orf A-1 5.55.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5. ‘Success rate is 100 percent (5/5), round-trip min/ang/macx = 8/29/72 ms 5, timeout is 2 seconds: RG(config)tip route 0.0.0.0 0.0.0.0 172.16.36.3 R6(config)#tend R3(config)#ip route vrf A-2 6.6.6.6 255.255.255.255 172.16.36.6 R3(config)tend R3#tsh ip route vrf A-2 Routing Table: A-2 Gateway of last resort is not set 6.0.0.0/32 is subnetted, 1 subnets S 6.6.6.6 [1/0] via 172.16.36.6 172.16.0.0/24 is subnetted, 1 subnets C 172.16.36.0is directly connected, FastE thernet0/0 R3tping orf A-2.6.6.6.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: nu ‘Success rate is 100 percent (5/5), round-trip min/avg/max = 8/25/60 ms TAS! + Configure VPNV4 peering between both the PE Routers (R1/R3). Ri #ping 13.0.0.1 source 11.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 13.0.1, timeout is 2 seconds: Packet sent with a source address of 11.0.0.1 nu Success rate is 100 percent (5/5), round-trip min/aog/na 40/56/76 ms OnRI Ri(config)#trouter bgp 500 Ri (config-router}#no bgp default ipod-unicast RI (config-router)#neighbor 13.0.0.1 remote-as 500 Ri (config-router)#neighbor 13.0.0.1 update-source loopback 0 vous £9 ww sas by sthantne coe main out nes S02 Sear cauSrutoe spel anal apts as tags erocoee Wetwerk Page 45Ri(config-routertaddress-family vpnot unicast Ri (config-router-af)#neighbor 13.0.0.1 activate Ri (config-router-af)#neighbor 13.0.0.1 send-community extended Ri(config-router-ap}#tneighbor 13.0.0.1 next-hop-self Ri(config-router-aptend On R3 R3(config)#router bgp 500 R3(config-router)# no bgp default ipot-unicast R3(config-router)# neighbor 11.0.0.1 remote-as 500 R3(config-router)# neighbor 11.0.0.1 update-source loopback 0 R3(config-router)# address-family vpno4 unicast R3(config-router-a# neighbor 11.0.0.1 activate R3(config-router-af# neighbor 1.0.0.1 send-community extended R3(config-router-apt neighbor 11.0.0.1 next-hop-self R3(config-router-ap# end R3Ash ip bgp opus all summary BGP router identifier 13.0.3.1, local AS number 500 BGP table version is 1, main routing table version 1 Neighbor VAS MsgRcod MsgSent TblVer InQ OutQ Up/Down State/PfRed Note: «By default OSPF will advertise loopback as /32.no matter what mask is actually configured on the interface. ‘© This will lead to issues because when LDP is creating labels for the nexthops it will look at the mask of the local interface which is /24 or something else There will be mismatch between labels and routing table © That's the reason ensure that we use any of the options below to overcome with this issue 1. Make sure that the loopback used for IBGP peering should be configured with exact mask to exchange the routes which are getting redistributed in to BGP. Or 2. use loop O address should be /32 mask in case of OSPF (recommended ) RI Ash ip route ospf 2.0.0.0/8 [110/128] via 1.1.1.2, 00:01.01, Serial1/0 3.0.0.0/8 [110/128] via 44.4.1, 00:01:01, Seriali/1 20.0.0.0/8 [110/65] via 1.1.1.2, 00:01.01, Serial1/0 40.0.0.0/8 [110/65] via 4.4.4.1, 00:01:01, Serial1/1 12.0.0.0/32 is submetted, 1 subnets 2.0.0.1 [110/65] via 1.1.1.2, 00:01:01, Seriall/0 13.0.0.0/32 is subnetted, 1 subnets so £8 rv youth hy stant Gon osu come (n,n 1808 a ae ea GEDWORK rage ce 0000O 13.9.0.1 [110/129] via 4.4.4.1, 00:01:01, Serial/1 {110/129} via 1.1.1.2, 00:01:01, Seriall/0 14.0.0.0/32 is subnetted, 2 subnets O 14.2.1 [110/65] via 4.4.4.1, 00:01:01, Serialt/1 O — 14.9.0.1 [110/65] via 4.4.4.1, 00:01:01, Serialt/1 Ri(config)#int loop 0 Ri (config-ip# ip address 11.0.0.1 255. Ri(config-ipttend 255.255, R3(config)ttint loop 0 R3(config-iPtip address 13.0.0.1 255.255.255.255, R3(config-itend oR RI Ri(config)#int loop 0 Ri(config-if) ip ospf network point-to-point R3 R3(config)#int loop 0 R3(config-if ip ospf network point-to-point TASK: ‘© Configure Redistribution static Routing in to BGP under VRF + Ensure that CE routers on both sites (R5/R6) should have reachability between them. Ri (config)#router bgp 500 Ri (config-router)#address-family ipod vrf AT Ri (config-router-apptredistribute static R1(config-router-ap redistribute connected Ri (config-router-afyhend R3(configh# router bgp 500 R3(config-router)# address-family ipod orf A-2 R3(config-router-ap¥ redistribute static R3(config-router-apt redistribute connected R3(config-router-apy exit R3(config-router)# RI#sh ip route vif A-T Routing Table: A-1 Gateway of last resort is not set 5.0.0.0/32 is submetted, 1 subnets S$ 555.5 [1/0] via 172.16.15.5 sous 19 wo scan sy stand dase umn cose (us 80 Searels eenns ets aera oe GEWORK ae6.0.0.0/32 is submetted, 1 subnets 172.16.0.0/24 is subnetted, 2 subnets B_ 172.16.36.0 [200/0] via 13.0.0.1, 00:09:44 C 172.16.15.0 is directly connected, FastEthernet00 Ri ping orf A-1 6.6.6.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: ‘Success rate is 100 percent (5/5), round-trip min/avg/max = 48/72/12 ms R3itsh ip route vf A-2 Routing Table: A-2 5.0.0.0/32 is subnetted, 1 subnets B 5.5.5.5 [200/0] via 11.0.0, 0:02:08 6.0.0.0/32 is subnetted, 1 subnets S 6.6.6.6 [1/0] via 172.16.36.6 172.16.0.0/24 is subnetted, 2 subnets C — 172.16.36.0 is directly connected, FastEthernet0/0 B 172,16.150 [200/0] ia 11.0.0.1, 00:02:08 R3ttping orf A-2 5.5.5.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5 att Siuccess rate is 100 percent (5/5), round-trip minfacg/ma 5, timeout is 2 seconds: 60/71/88 ms R5tping 6.6.6.6 source 55.55 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: Packet sent with a source address of 5 nut Success rate is 100 percent (5/5), round-trip min/aog/me R5tping 6.6.66 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: tt Success rate is 100 percent (5/5), round-trip minfaog/max = 80/99/120 ms 64/84/104 ms R1fsh ip bgp vpne4 all summary BGP router identifier 11.0.3.1, local AS number 500 BGP table version is 9, main routing table version 9 4 network entries using 548 bytes of memory 4 path entries using 272 bytes of memory vous £9 ww sas by sthantne coe main out nes S02 Sear cauSrutoe spel anal apts as tags erocoee Wetwerk Page 493/2. BGP pathybestpath attribute entries using 372 bytes of memory 1 BGP extended community entries using 24 bytes of memory OBGP route-map cache entries using 0 bytes of memory OBGP filter-list cache entries using 0 bytes of memory BGP using 1216 total bytes of memory BGP activity 4/0 prefixes, 4/0 paths, scan interval 15 secs Neighbor VAS MsgRcod MsgSent TblVer InQ OutQ Up/Down State/PfxRed 1300.1 4500 22 22 9 0 000:1637q0N2 R1 Ash ip bgp vpned all BGP table version is 9, local router ID is 11.03.1 Status codes: s suppressed, d dantped, h history, * valid, > best, i internal, + RIB-failure, S Stale Origin codes: i- IGP, e - EGP, ? - incomplete Network NextHop Metric LocPrf Weight Path Route DislinguisheR SOON default for vrf A-1) "5555/32 — 172.16.155 0 32768? '16.6.6.6/82 1300.1 0 100 0? > 172.16.15.024 0.0.00 0 32768? ">i172,16.36.024 13.0.0.1 0 100 0? RItsh ip bgp vpne4 vrf A-1 BGP table version is 9, local router 1D is 11.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, + RIB-failure, § Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network NextHop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for orf A-1) “> 172.16.15.024 0.0.0.0 0 (32768? *>i172.16.36.024 13.0.0.1 0 100 0? vous £9 ww sas by sthantne coe main out nes S02 Searels eenns ets aera oe Getwerk Page 49jort for RIPv2 Loorsacks: 1200.1/24 120.11/24 120211/24 1/28 teoot/ae 190.11/24 1402:1/24 1603.1/24 TASK: If you start from Basic then follow below steps: 1. Configure IGP inside SP Core ( RI/R2/R3/R4) under OSPF area 0 Configure MPLS LDP inside the SP core ( RI/R2/R3/R4) Connect R5 & R6 and Assign IP addressing as per the Diagram and Verify Connectivity. Create VRF A-1 on Site 1 (on R1) and VRF A-2 on site-2 (R3) RD & Route Target value should be 500:1 for both sites (On R1 Assign interfaces facing CE (R5) under VRF A-1 (On R3 Assign interfaces facing CE (R6) under VRF A-2 (The Above tasks are preconfigured in the first MPLS LDP Lab Here we Assume the above tasks are preconfigured and ‘we are continuing from previous t lab configs) Check the previous labs for detailed step by step configurations. OR «Incase if you are about to continue from previous lab then ‘© Remove the static and default configurations on PE and CE © Remove the BGP configs from both PE routers Ri(config)#no router bgp 500 vous 1 wow sas by sthntne cou oman out nas) S02 Seat mane se aera GEWERK race 20R3(configytno router bgp 500 Ri (configh#no ip route vrf At 5.5.5.5 255.255.255.255 172.16.15.5 R3(config)ttno ip route orf A-2 6.6.6.6 255.255.255.255 172.16.36.6 R5(config)t#no ip route 0.0.0.0 0.0.0.0 172.16.15.1 R6(config)#no ip route 0.0.0.0 0.0.0.0172.16.36.3 RIfsh ip route vrf AT Routing Table: A-1 172.16.0.0/24 is subnetted, 1 subnets R3itsh ip route orf A-2 Routing Table: A-2 172.16.0.0/24 is subnetted, 1 subnets TASK: © Configure Routing between PE and CE using Ripv2 on both Ends. ‘© Ensure that PE routers (R1 & R3) should be able to ping CE routers (R5/R6) LAN in R5(confightrouter rip R5(config-router)#ver 2 R5(config-router)#no auto-summary R5(config-router)#network 5.0.0.0 R5(config-router)#network 172.16.0.0 R5(config-router exit Ri (configh#router rip Ri (config-router)#address-family ipod vrf A-T Ri (config-router-aprver 2 Ri (config-router-af#no auto-summary Ri (config-router-a#network 172.16.0.0 Ri (config-router-ap)texit RItsh ip route vif A-T Routing Table: A-1 5.0.0: Jimetted, 1 subnets 172.16.0.0/24 is subnetted, 1 subnets C 172.16.15.0 is directly connected, Fast thernet00 ge es ees eee SESE e i san eee aot sear ec Getwerk faces respectively. Page 51Rittping orf A-1 5.55.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5. ‘Success rate is 100 percent (5/5), round-trip min/ang/macx = 8/26/60 ms 5, timeout is 2 seconds: R6(confightrouter rip R6(config-router)#ver 2 R6(config-router)#no auto-summary R6(config-router)#network 6.0.0.0 R6(config-router)#network 172.16.0.0 R6(config-router)#exit R3(config)#router rip R3(config-router)#address-family ipod vrf A-2 R3(config-router-ap)#oer 2 R3(config-router-a) no auto-summary R3(config-router-aj)#network 172.16.0.0 R3(config-router-aptexit R3ttsh ip route vif A-2 6.0.0.0/32 is submetted, 1 subnets 172.16.0.0/24 is subnetted, 1 subnets CC 172.16.36.0 és directly connected, FastE thernet0/0 R3tping orf A-26.6.6.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: Success rate is 100 percent (5/6), round-trip minfavg/max = 8/24/44 ms TAS! © Configure VPNV4 peering between both the PE Routers (RI/R3). 1 (config)#router bgp 500 Ri (config-router)#no bgp default ipo4-unicast Ri (config-router)#neighbor 13.0.0.1 remote-as 500 Ri (config-router)#neighbor 13.0.0.1 update-source loopback 0 R1 (config-router)#address-family vpno4 unicast Ri (config-router-a#neighbor 13.0.0.1 activate Ri (config-router-af)#neighbor 13.0.0.1 send-community extended R1(config-router-af)#neighbor 13.0.0.1 next-hop-self sous 19 wo scan sy stand dase umn cose (us 80 Searels eenns ets aera oe GEWERK race 22Ri(config-router-aptend R3(config)#router bgp 500 R3(config-router)# no bgp default ipot-unicast R3(config-router)# neighbor 11.0.0.1 remote-as 500 R3(config-router)# neighbor 11.0.0.1 update-source loopback 0 R3(config-router)# address-family vpmo4 unicast R3(config-router-af}# neighbor 11.0.0.1 activate R3(config-router-af}# neighbor 1.0.0.1 send-community extended R3(config-router-a# neighbor 11.0.0.1 next-hop-self R3(config-router-ap# end R1#sh ip bgp opne4 all summary BGP router identifier 11.0.3.1, local AS number 500 BGP table version is 1, main routing table version 1 Neighbor V_AS MsgRevd MsgSent TblVer InQ OutQ Up/Down State/PfiRed TAS! Configure Redistribution on PE routers RIPC2 in to BGP and BGP into RIPo2 under VRE. ‘+ Ensure that CE routers on both sites (R5/R6) should have reachability between them. Ri(config)#router bgp 500 Ri(config-router)#address-family ipod vrf AT R1(config-router-aftredistribute rip Ri (config-router-af)texit Ri(config-router)#exit Ri (configh#router rip Ri (config-router)#address-family ipod vrf AT R1(config-router-ap)#redistribute bgp 500 metric 2 Ri (config-router-ap exit Ri(config-router)#end R3ttsh ip route vif A-2 Codes: C - connected, S - static, R - RIP, M - mobile, B- BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1- OSPF NSSA external type 1, N2- OSPF NSSA external type 2 E1- OSPF external type 1, E2 - OSPF external type 2 S, su -IS-IS summary, L1 -1S-1S level-1, L2 -IS-IS le ia - IS-1S inter area, *- candidate default, U - per-user static route ge es ees eee SESE e i san eee aot sear ec Getwerk Page 590- ODR, P- periodic downloaded static route Gateway of last resort is not set 5.0.0.0/32 is submetted, 1 subnets B_555.5 20YI] via 11.0.0.1, 00:00:46 6.0.0.0/32 is subnetted, 1 subnets R 6.6.6.6 [120/1] via 172.16.36.6, 00:00:04, FastEthernet0/0 172.16.0.0/24 is subnetted, 2 subnets CC 172.16.36.0 is directly connected, FastE thernet0/0 B 172.16.15.0 [200] via 11.0.0.1, 00:00:46 R3(config)#router bgp 500 R3(config-router)#address-family ipod vrf A-2 R3(config-router-ap#redistribute rip R3(config-router-ap exit R3(config-router)#exit R3(config)#router rip R3(config-router)#address-family ipod vif A-2 R3(config-router-ap redistribute bgp 500 metric 2 R3(config-router-aptend RIttsh ip route vif A-1 Gateway of last resort is not set 5.0.0.0/32 is submetted, 1 subnets R 5.55.5 [120/1] via 172.16.15.5, 00:00:00, FastE thernet0/0 6.0.0.0/32 is subnetted, 1 subnets B 666.6 [200/1] via 13.0.0.1, 00.0032 172.16.0.0/24 is subnetted, 2 subnets B_ 172.16.36.0 [200 via 13.0.0.1, 00:00:32 CC 172.16.15.0 is directly connected, Fast thernet0/0 Rittping vif A-1 6.6.6.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.66, timeout is 2 seconds: ss rate is 100 percent (5/5), round-trip min/aog/max R5ttsh ip route rip 6.0.0.0/32 is subnetted, 1 subnets 72.16.0.0/24 is subetted, 2 subnets R 172.1636.0 [120] via 172.16.15.1, 00:00:04, FastEthernet0/0 sos £3 mv wosthok hy sitanta Gon Hosni cone cn, 1808 a ae ea GEWORK race 5s 28/55/76 msR5ttping 6.6.6.6 source loopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: Packet sent with a source address of 55.55 ‘Success rate is 100 percent (5/5), round-trip min/avg/max = 80/94/12 ms R6#tsh ip route rip 5.0.0.0/32 is subnetted, 1 subnets R_5.5.5.5112072] via 172.16.36.3, 00:00:13, FastEthernet0/0 172.16.0.0/24 is subnetted, 2 subnets R_ 172.16.15.0 [120] via 172.16.36.3, 00:00:13, FastEthernet0/0 cape sequence to abort. Sending 5, 100-byte ICMP Echos to 5 5.5, timeout is 2 seconds: ‘Success rate is 100 percent (5), round-trip min/acg/max = 64/102/156 ms WLS 13 YPN Worthook by Sikandar Gouge Moinuddin CCIE (R&S, SP) #35012 Wetwerk eee ALL contents axe copyright €2013 - 2014 All rights reserved. ET WokLAB: MPLS L3 VPN Support for EIGRP xo ieooasae ieorasae io2a/ae seosa/as TAS! If you start from Basic then follow below steps: © Configure IGP inside SP Core ( R1/R2/R3/R4) under OSPF area 0 ‘© Configure MPLS LDP inside the SP core ( RI/R2/RYR4) + Connect R5 & R6 and Assign IP addressing as per the Diagram and Verify Connectivity. ‘© Create VRF A-1 on Site 1 (on R1) and VRE A-2 on site-2(R3) © RD& Route Target value should be 5001 for both sites © OnR1 Assign interfaces facing CE (R5) under VRF A-1 © OnR3 Assign interfaces facing CE (R6) under VRF A-2 The Above tasks are preconfigured in the first MPLS LDP Lab Here we assume the above tasks are preconfigured and we are continuing from previous t lab configs Check the previous labs for detailed step by step configurations. OR ‘© Incase if you are about to continue from previous lab then © Remove RIPc2configurations on PE and CE © Remove BGP configs from both PE routers sos £3 mv wosthok hy sitanta Gon Hosni cone cn, 1808 Se ae ee GEDWORK race 50Ri(config)#no router bgp 500 Ri (config)#no router rip R3(config)#no router bgp 500 R3(config)#tno router rip R5(config)#no router rip R6(config)tno router rip TAS! + Configure Routing between PE and CE using EIGRP 100 on both Ends. + Ensure that PE routers (RI & R3) should be able to ping CE routers (R5/R6) LAN R5(configh#router eigrp 100 R5(config-router)#no auto-summary R5(config-router)#network 5.0.0.0 R5(config-router)#network 172,16.0.0 R5(config-router exit Ri (config)#router eigrp 500 Ri config-router)#address-family ipod vrf A-1 Ri (config-router-afHautonomous-system ? 1 (conf ORO GTETOO Ri(config-router-af)#tno auto-summary Ri(config-router-af)#network 172.16.0.0 Ri(config-router-afpitexit erfaces respectively. Here TRAE ISMAOD specifies the autonomous system number of the EIGRP network for the customer site RI#sh ip eignp orf A-1 neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (ec) (ms) Cnt Num RItsh ip route vif A-1 eigrp 5.0.0.0/32 is submetted, 1 subnets (DENNSSSISI9OZISSTED RATA 16.155, 00:00:53, FastEthernet0 0 Ri#ping vif AA 5.5.5.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds vous £9 ww sas by sthantne coe main out nes S02 Sear cauSrutoe spel anal apts as tags erocoee Wetwerk Page 57‘Success rate is 100 percent (5/6), round-trip min/avg/mac = 8/24/56 ms R6(config)#router eigrp 100 R6(config-router}#network 6.0.0.0 R6(config-router)#network 172.16.0.0 R6(config-router)#exit R3(config)#router eigrp 500 R3(config-router)taddress-family ipod vrf A-2 3 (config-router-a) #EOROMOUS?SYSTEHETOO R3(config-router-af#no auto-summary 3 (config-router-af network 172.16.0.0 R3(config-router-aptexit R3(config-router}#end R3#tsh ip eignp vrf A-2 neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (ec) — (ons) Ct Num OATGSERMNNNEROH — 11000031 69 41403 ts ip route vf A-2 Gateroay of last resort is not set 6.0.0.0/32 is subnetted, 1 subnets (DINIGIB SG I9O/I56160)HAN72IG 36.6, 00:00:39, FastE thereto 172.160.0724 is subnetted, 1 subnets CC 172.16.36.0 is directly connected, FastEthernet0/ R3ttping vif A-26.6.6.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds a ‘Success rate is 100 percent (5/5), round-trip min/avg/max = 27/48 ms TAS ‘+ Configure VPNV4 peering between both the PE Routers (R1/R3). R1 (config) #router bgp 500 Ri (config-router}#no bgp default ipod-unicast R1(config-router)#neighbor 13.0.0.1 remote-as 500 Ri(config-router)#neighbor 13.0.0.1 update-source loopback 0 Ri (config-router)#address-family vpno4 unicast RI (config-router-af)#neighbor 13.0.0.1 activate MPLS 13 VEN Rosibook by Sikandax Gouge Hoinuddin CCIE (RES, SP) 425012 ALL contents axe copyright €2013 - 2014 All rights reserved. GEDWORK race 50Ri(config-router-atneighbor 13.0.0.1 send-community extended Ri (config-router-ap)#neighbor 13.0.0.1 next-hop-self Ri (config-router-af)tend R3(config)#router bgp 500 R3(config-router)# no bgp default ipo4-unicast R3(config-router)# neighbor 11.0.0.1 remote-as 500 R3(config-router)# neighbor 11.0.0-1 update-source loopback 0 R3(config-router)# address-family vpnos unicast R3(config-router-af# neighbor 11.0.0.1 activate R3(config-router-a# neighbor 1.0.0.1 send-community extended R3(config-router-af# neighbor 11.0.0.1 next-hop-self R3(config-router-ap# end Rittsh ip bgp vpne4 all summary BGP router identifier 11.0.3.1, local AS number 500 BGP table version is 1, main routing table version 1 Neighbor Vv sgRcod MsgSent TélVer InQ OutQ Up/Down State/PfRed TAS! © Configure Mutual Redistribution on PE routers between EIGRP & BGP under VRF. + Ensure that CE routers on both sites (R5/R6) should have reachability between them. R3(config)#router bgp 500 R3(config-router)#address-family ipod vrf A-2 R3(config-router-aptredistribute eigrp 100 R3(config-router-apMexit R3(config-router)Hexit R3(config)#router eigrp 500 3(config-router)address-family ipod orf A-2 R3(config-routerap redistribute bgp 500 metric TOOOZO0025517500 R3(config-router-ap)#tend RI#sh ip bgp vpne4 all summary BGP router identifier 11.0.3.1, local AS number 500 BGP table version is 5, main routing table version 5 2 network entries using 274 bytes of memory 2 path entries using 136 bytes of memory 3/2. BGP pathy/bestpath attribute entries using 372 bytes of memory 2 BGP extended community entries using 120 bytes of memory vous £9 ww sas by sthantne coe main out nes S02 Sear cauSrutoe spel anal apts as tags erocoee Wetwerk Page 59OBGP route-map cache entries using 0 bytes of memory OBGP filter-list cache entries using 0 bytes of memory BGP using 902 total bytes of memory BGP activity 2/0 prefixes, 2/0 paths, scan interval 15 secs Neighbor VAS MsgRcod MsgSent TélVer InQ OutQ Up/Down State/PfxRed 13001 4500 10 6 5 0 000017 R1fsh ip bgp vpne4 all BGP table version is 5, local router 1D is 11.03.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, + RIB failure, S Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for orf A-1) (Bim. 13.001 156160 100 0? ">i172.16.36.0P4 13.0.0.1 0 100 07 R1#sh ip route orf A-1 Codes: C - connected, S - static, R - RIP, M- mobile, B- BGP D -EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area NI- OSPF NSSA extemal type 1, N2 - OSPF NSSA extemal type 2 E1- OSPF external type 1, E2 - OSPF external type 2 i IS-IS, st -IS-IS summary, L1 - IS-IS level-1, L2 -IS-IS level-2 ia IS-S inter area, *- candidate default, U - per-user static route 0- ODR, P- periodic downloaded static route Gateway of last resort is not set 5.0.0.0/32 is submetted, 1 subnets D_ 5.55.5 [90/156160] via 172.16.15.5, 00:12:28, FastE thernct0/0 6.0.0.0/32 is submetted, 1 subnets B 6.6.6.6 [200/156160) via 13.0.0.1, 0:02:04 172.16.0.0/24 is subnetted, 2 subnets B 172.16.36.0 [200/0] via 13.0.0.1, 00:02:04 CC 172.16.15.0 és directly connected, Fast thernet0/0 R1(config)#router bgp 500 Ri (config-router)#address-family ipod vrf A-1 Ri (config-rowter-af redistribute eigrp 100 Ri (config-router-ap)texit Ri (config-router)#exit vous £9 ww sas by sthantne coe main out nes S02 Sear cauSrutoe spel anal apts as tags erocoee Wetwerk Page 60MPLS 13 VEN Rosibook by Sikandax Gouge Hoinuddin CCIE (RES, SP) 425012 ALL contents axe copyright €2013 - 2014 All rights reserved. Ri (config)#router eigrp 500 Ri (config-router)#address-family ipod vrf A-1 Ri(config-router-af#redistribute bgp 500 metric HA Ri(config-router-aptend R1#sh ip bgp vpnos all BGP table version is 9, local router ID is 11.03.1 Status codes: s suppressed, d dantped, h history, * valid, > best, i internal, 1 RIB-failure, $ Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Rowte Distinguisher: S00s1 (default for orf A-1) "5555/32 172.16.155 156160 32768? "> 172.16.15.024 0.0.0.0 0 32768? ">i172.16.36.024 13.0.0.1 0 100 0? Rittsh ip bgp vpned orf A-1 BGP table version is 9, local router ID is 11.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, + RIB failure, S Stale Origin codes: i- IGP, e - EGP, ? - incomplete Network Next Hop —_Meetric LocPrf Weight Path Route Distinguisher: ">555532 172.16.155 156160 32768? ">i6.6.6.6/82 1300.1 156160 100 0? "> 172.16.15.024 0.0.0.0 0 32768? ">i172,16.36.024 13.0.0.1 0 100 0? Rl Aping orf A-1 6.6.6.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.66, timeout is 2 seconds: tt ‘Success rate is 100 percent (5/5), round-trip min/avg/max = 52/69/92 ms R3#tsh ip route vif A-2 Routing Table: A-2 Codes: C - connected, § - static, R - RIP, M- mobile, B - BGP D -EIGRP, EX -EIGRP external, O - OSPF, IA - OSPF inter area N1- OSPF NSSA external type 1, N2-OSPE NSSA external type 2 E1-OSPF external type 1, E2 - OSPF external type 2 ¢ (NETWBRK rage oti-1S-IS, su ~ 1S-1S summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-1S inter area, *- candidate default, U - per-user static route 0- ODR, P- periodic downloaded static route Gateway of last resort is not set 5.0.0.0/32 is subnetted, 1 subnets B 5.5.55 [200/156160] via 11.0.0.1, 00:02:50 6.0.0.0/32 is subnetted, 1 subnets D 6.6.6.6 [90/156160] via 172.16.36.6, 00:09:54, FastEthernet0/0 172.16.0.0/24 is subnetted, 2 subnets CC 172.16.36.0 is directly connected, FastEthernet0/ B 172.16.15.0 [2000] via 11.0.0.1, 0:02:50 R3tsh ip bgp vpne4 all BGP table version is 9, local router ID is 13.03.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, + RIB-failure, S Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path 1 (default for orf A-2) ‘SiSS5A2 TOONS 100 07 Seeegs2 17216366 156160 327587 Simieisops 119010. 1000? "> 172.16.36.024 0.0.0.0 0 32768? R5ttsh ip route eigrp 6.0.0.0/32 is subnetted, 1 subnets D 6.6.6.6 [90/158720] via 172.16.15.1, 00:03:08, FastEthernet0/0 172.16.0.0/24 is subnetted, 2 submets D_ 172.16 36.0 [90/30720} via 172.16.15.1, 00:03:08, FastEthemct0/0 R5ttping 6.6.6.6 source loopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: Packet sent with a source address of 55.5.5 nt Success rate is 100 percent (55), round-trip min/acg/nax = 104/140/172 ms R6#sh ip route eigrp 5.0.0.0/32 is subnetted, 1 subnets DENSSSISI9VASB720) via 172.16.36.3, 00:03:41, FastEthernet0/0 172.16.0.0/24 is subnetted, 2 subnets D_172.16.15.0 [90/30720] via 172.16.36.3, 00.08:41, FastEthernetO/ vous £9 ww sas by sthantne coe main out nes S02 Sear cauSrutoe spel anal apts as tags erocoee Wetwerk Page 62LAB: MPLS L3 VPN Support for OSPF TASK: wore 2021/36 3.1/4 If you start from Basic then follow below steps: 1 Configure IGP inside SP Core ( R1/R2/R3/R4) under OSPF area 0 Configure MPLS LDP inside the SP core ( RI/R2/R3/R4) Connect R5 & R6 and Assign IP addressing as per the Diagram and Verify Connectivity. Create VRF A-1 on Site 1 (on R1) and VRF A-2 on site-2 (R3) RD & Route Target value should be 500:1 for both sites (On R1 Assign interfaces facing CE (R5) under VRF A-1 (On R3 Assign interfaces facing CE (R6) under VRF A-2 ‘+ The Above tasks are preconfigured in the first MPLS LDP Lab © Here we assume the above tasks are preconfigured and we are continuing from previous lab configs) © Check the previous labs for detailed step by step configurations. OR © Incase if you are about to continue from previous lab then © Remove EIGRP configurations on PE and CE © Remove BGP configs from both PE routers Ro(config)#no router eigrp 100 R5(config)#no router eigrp 100 sos £3 mv wosthok hy sitanta Gon Hosni cone cn, 1808 Se ae ee GEWORK aesRi(config)#no router bgp 500 Ri (config)#no router eigrp 500 R3(config)#no router eigrp 500 R3(config)#no router bgp 500 R3(configtend TAS! + Configure Routing between PE and CE using OSPF on both Ends. + Ensure that PE routers (R1 & R3) should be able to ping CE routers (R5/R6) LAN interfaces respectively. R5(config)#router ospf 1 R5(config-router}#network 5.5.5.5 0.0.0.0 area 0 R5(config-router)#network 172.16.15.5 0.0.0.0 area 0 R5(config-router}#end Ri(configh#router ospf 1 vrf A Risk run | s ospf log-adjacency-changes network 1.1.1.1 0.0.0.0 area 0 network 44.4.2.0.0.0.0 area 0 network 10.0.0.0 0.2: 55 area 0 network 11.0.0.1 0.0.0.0 area 0 ‘+ Aseparate Process ID is required for each VRF that receive VPN routes via OSPF from CE + If PE Routers are running OSPF for multiple Vrf (customers)and also running inside the SP core it needs to distinguish which routes belong to which VREs, and to understand which interfaces belong to which OSPF processes Ri(config)#router ospf 10 vrf A-1 Ri (config-router)#network 172.1615. 0.0.0.0 area 0 R1(config-router)#end R1tsh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 1403.1 0 FULL/- 00:00:32 444.1 Seriall/1 120.31 0 FULI/- 00:00:32 1.1.12 Serial 5555 1 FULL/DR 00:00:39 172.16.155 Fast thernet0/0 RI#sh ip ospf 10 neighbor Neighbor ID Pri State Dend Time Address Interface 5555 1 FULL/DR 00:00:34 172.16.15.5 FastEthernct0/0 vous £9 ww sas by sthantne coe main out nes S02 Searels eenns ets aera oe GEWERK race otR1#sh ip route orf A-1 ospf 5.0.0.0/32 is submetted, 1 subnets O 555.5 [110/2] via 172.16.15.5, 00:01:18, FastEthernet/0 R6(config)#router ospf 1 R6(config-router)#network 172.16.36.6 0.0.0.0 area 0 R6(config-router)#network 6.6.6.6 0.0.0.0 area 0 R6(config-router}#end R3(config)#router ospf 30 orf A-2 R3(config-router)#network 172.16.36.3 0.0.0.0 area 0 R3(config-router)#end R3#sh ip ospf30 neighbor Neighbor ID Pri State Dead Time Address Interface 66.6.6 1 FULL/DR 00:00:36 172.16.36.6 FastEthernet0/0 R3Ash ip route orf A-2 ospf Routing Table: A-2 6.0.0.0/32 is submetted, 1 subnets (NETS IMOPZT ANZA 36.6, 00:00:18, FastEthemnet yO TAS! + Configure VPNV4 peering between both the PE Routers (R1/R3). Ri(config)#router bgp 500 Ri(config-router)#no bgp default ipos-unicast R1 (config-router)#neighbor 13.0.0.1 remote-as 500 Ri (config-router)#neighbor 13.0.0.1 update-source loopback 0 Ri (config-router)#address-family vpn unicast Ri (config-router-af)#neighbor 13.0.0.1 activate Ri (config-router-af neighbor 13.0.0.1 send-community extended Ri (config-router-ap#neighbor 13.0.0.1 next-hop-self Ri (config-router-aptend R3(config)#router bgp 500 R3(config-router)# no bgp default ipot-unicast R3(config-router)# neighbor 11.0.0.1 remote-as 500 R3(config-router)# neighbor 11.0.0.1 update-source loopback 0 R3(config-router)# address-family vpmo4 unicast R3(config-router-af# neighbor 11.0.0.1 activate sous 19 wo scan sy stand dase umn cose (us 80 Searels eenns ets aera oe GEWORK race 08R3(config-router-apt neighbor 11.0.0.1 send-community extended R3(config-router-af# neighbor 11.0.0.1 next-hop-self R3(config-router-ap# end RI#sh ip bgp vpne4 all summary BGP router identifier 11.0.3.1, local AS number 500 BGP table version is 1, main routing table version 1 Neighbor V_AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfcRed TASK: * Configure Mutual Redistribution on PE routers between OSPF & BGP under VRF. * Ensure that CE routers on both sites (R5/R6) should have reachability between them. R1(config)#router bgp 500 Ri (config-router)#address-family ipod vrf A-1 Ri (config-router-af redistribute ospf 10 vef A-1 iteNiiEePial exteral TEXteHIaL2 Ri (config-router-ap exit Ri (config-router)texit Ifyou configure the redistribution of OSPF into BGP without keywords, only OSPF intra-area and inter-area routes are redistributed into BGP, by default, © You can use the internal keyword along with the redistribute command under router bgp to redistribute OSPF intra- and inter-area routes © Use the external keyword along with the redistribute command under router bgp to redistribute OSPF extermal routes into BGP. ‘© With theexternal keyzoord, you have three choices: 1. redistribute both external type-1 and type-2 (Default) redistribute type redistribute type Ri (configh#router ospf 10 orf A-1 Ri (config-router)#redistribute bgp 500 subnets R1(config-router)#end R3#sh ip bgp vpne4 all summary BGP router identifier 13.0.3.1, local AS number 500 BGP table version is 5, main routing table version 5 2 network entries using 274 bytes of memory 2 path entries using 136 bytes of memory 3/2. BGP pathybestpath attribute entries using 372 bytes of memory 1 BGP extended community entries using 40 bytes of memory OBGP route-map cache entries using 0 bytes of memory OBGP filter-list cache entries using 0 bytes of memory BGP using 822 total bytes of memory ee a ae ea GEDWORK race ceBGP activity 2/0 prefixes, 2/0 paths, scan interval 15 secs Neighbor VAS MsgRcod MsgSent TélVer InQ OutQ Up/Down State/PfRed 11001 4500 11 7 5 0 0000447 2 R3#tsh ip bgp vpne4 all BGP table version is 5, local router ID is 13.03.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, + RIB failure, S Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for orf A-2) 2 100 0? i172.16.15.024 1.0.0.1 0 100 0? R3Ash ip route orf A-2 Routing Table: A-2 Codes: C - connected, S - static, R - RIP, M - mobile, B- BGP D -EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1- OSPF NSSA external type 1, N2- OSPF NSSA external type 2 F1- OSPF external type 1, E2 - OSPF external type 2 i-IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - 15-15 inter area, *- candidate default, U- per-user static route 0-ODR, P- periodic downloaded static route Gateway of last resort is mot set 5.0.0.0/32 is submetted, 1 subnets B_ 5.555 [2002] via 11.0.0.1, 00:01:46 6.0.0.0/32 is subnetted, 1 subnets O 6.6.6.6 [110/2] via 172.16.36.6, 00:07:11, FastEthermet0/0 172.16.0.0/24 is subnetted, 2 subnets CC 172.16.36.0és directly connected, Fast thernet0/0 B 172.16.15.0 [200/0] via 11.0.0.1, 00:01:46 R3(config)#router bgp 500 R3(config-router)#address-family ipod orf A-2 R3(config-rowter-af redistribute ospf 30 vrf A-2 match internal external 1 external 2 R3(config-router-aptend R3(config)#trouter ospf 30 orf A-2 R3(config-router)#redistribute bgp 500 subnets R3(config-router}#end vous £9 ww sas by sthantne coe main out nes S02 Sear cauSrutoe spel anal apts as tags erocoee Wetwerk Page 67R1fsh ip bgp vpno4 all BGP table version is 9, local router 1D is 11.03.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, + RIB-failure, S Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network NextHop ‘Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for orf A-1) P5SS5G2 17216155 2 32768? (1666582130012 000? "> 172.16.15.024 0.0.0.0 0 32768? ">i172.16.36.024 13.001 0 100 0? RItsh ip route vif AT Routing Table: A-1 Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D -EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1-OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1-OSPF external type 1, E2 - OSPF external type 2 i- ISIS, su -IS-IS stummary, L1 - IS-IS level-1, L2 -1S-IS level-2 ia ISIS inter area, *- candidate default, U - per-user static route 0- ODR, P- periodic downloaded static route Gatewoay of last resort is not set 5.0.0.0/32 is submetted, 1 subnets O 555.5 [110/2] via 172.16.15.5, 00:02:35, FastEthernetO/0 6.0.0.0/32 is subnetted, 1 subnets '6.0.0/24 is subnetted, 2 subnets 2.16.36.0 [200/0] via 13.0.0.1, 00:00:43 C 172,16.15.0 is directly connected, FastEthernet0/0 RiAsh ip route orf A-1 bgp 6.0.0.0/32 is submetted, 1 subnets B 6.6.66 [2002] via 13.0.0.1, 0:00:47 172.16.0.0/24 is subnetted, 2 subnets B 172.16.36.0 [2000 via 13.0.0.1, 0:00:47 Ri ping orf A-1 6.6.6.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds nu Suct rate is 100 percent (5/6), round-trip min/aog/max = 60/85/116 ms vous £9 ww sas by sthantne coe main out nes S02 Sear cauSrutoe spel anal apts as tags erocoee Wetwerk Page 69R5itsh ip route ospf 6.0.0.0/32 is subnetted, 1 subnets OFZ 6666 [t2F ia 72.16.15: 000121, Fast themct00 172.16.0.0/24 is subnetted, 2 subnets OE2 172.16.36.0 [110/1] via 172.16.15.1, 00:01:21, FastEthernet0/0 R5tping 6.6.6.6 source loopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: Packet sent with a source address of 5. nu ‘Success rate is 100 percent (5/5), round-trip min/ag/max = 96/124/176 ms R64sh ip route ospf 5.0.0.0/32 is subnetted, 1 subnets OAPI [1102] via 172.16.36.3, 00:01:27, FastE thernet0/0 172.16.0.0/24 is subnetted, 2 subnets OF2 172.16.15.0 [10/1] via 172.16.36.3, 00:01:27, FastEthemet0/0 sous 19 wo scan sy stand dase umn cose (us 80 Searels eenns ets aera oe GEWORK raeOPSF hierarchical model > OSPF divide big networks in the Areas > OSPF designed with Central backbone ( Area 0) Autonomous System OSPF in MPLS VPN > In MPLS, BGP becomes the backbone for Customer network > Every site nuns separate OSPF > Exchange routes through Redistribution OPSF Super Backbone > MPLS VPN extends concept of OSPF > Another backbone over Area 0 > OSPF Super backbone is exact like Area 0 of OSPF Goals: > OSPF Sites uses normal redistribution > OSPF continuity must be provided + Internal nnust be internal + External routes must be External © OSPF metric — preserved MPLS 13 VEN Rosibook by Sikandax Gouge Hoinuddin CCIE (RES, SP) 425012 é Seer eieene etiam oe (NETWORK rage 70Rules: > OSPF Super backbone is exact like Area 0 of OSPF. > PE routers are advertised as ABR > Routes from Area 0 of sitel /site 2 seen as OLA - rece Type 1 isk Type 2184 Type3isa OSPF Domai > PE routers mark OSPF routes with the domain attribute > Its derived from the OSPF process number > Indicates whether the route originated within the same OSPF domain or from outside it. > Ifdomain ID value on both PE + matches OIA + Nomatch E1/E2 IF Domain-ID same + pace sous 19 wo scan sy stand dase umn cose (us 80 Searels eenns ets aera oe GEWORK raceIF Domain-ID not same = MPBGP omsin 11 Domsin102 Type 1 LSA Type 215A TypeS1SA + By default the routes exchanged between two CE routers will see the routes of the other site as LASS (E1/E2) routes. ‘As they get from CE to CE (15 to R6) via OSPF redistributed through BGP © And hence those routes are considered as OE1/OE2 routes when they reach the other end of CE. To change these routes OE1/OE2 routes exchange between CE routers (R5/R6) to OIA routes there are two possible solutions 1. Use same process ID on both PE routers (R1/R3) for VRF 2. Change the domain-ID same on both PE routers (R1/R3) TAS! + Configure R1 & R3 to ensure that OSPF routes learned from other end should be seen as LSA 3 (OIA) routes instead of 0E1/oE2 using DOMAIN-ID R1tsh ip bgp vpnod orf A 5.5.55 BGP routing table entry for 500:1:5.5. Paths: (1 available, best #1, table A-1) Advertised to update-groups: 1 Local 172.16.15.5 from 0.0.0.0 (11.0.1) Origin incomplete, metric 2, localpref 100, weight 32768, valid, sourced, best Extended Conmunity: RT:500:1 OSPEIDOMAINTDH0S0005302000000040200 OSPF RT-0.0.0.0:2:0 OSPF ROUTER ID:172.16.15.1:0 ‘mpls labels in/out 107/nolabel 2, version 4 R3#tsh ip bgp vpne4 vrf A-2 6.6.66 BGP routing table entry for 500:1:6.6.6.6/32, version 8 Paths: (1 available, best #1, table A-2, sous 19 wo scan sy stand dase umn cose (us 80 Searels eenns ets aera oe GEWORK race 72Advertised to update-groups: 1 Local 172.16.36.6 from 0.0.0.0 (13.0.3.1) Origin incomplete, metric 2, localpref 100, weight 32768, valid, sourced, best Extended Community: RT:500:1 OSPEIDOMAIN 1D5050005:0x00000070200 (OSPF RT0.0.0.0:2:0 OSPF ROUTER ID:172.16.363:0 mpls labels infout 304/nolabel Ri (config)#router ospf 10 vrf A-1 Ri(config-router) Ri(config-router)#exit R3(configh#trouter ospf 30 vrf A-2 R3(config-router) R3(config-router exit R3#clear ip bgp vpne4 unicast 500 R3#tsh ip bgp vpno4 all summary BGP router identifier 13.0.3.1, local AS number 500 BGP table version is 19, main routing table version 19 4 network entries using 548 bytes of memory 4 path entries using 272 bytes of memory SALBGP pathybestpath attribute entries using 620 bytes of memory 2 BGP extended community entries using 80 bytes of memory OBGP route-map cache entries using 0 bytes of memory OBGP filter-list cache entries using O bytes of memory BGP using 1520 total bytes of memory BGP activity 4/0 prefixes, 6/2 paths, scan interval 15 secs Neighbor VAS MsgRcod MsgSent TblVer InQ OulQ Up/Down State/PfRed 1100.1 4 500 33 33 19 0 000014 2 R3#tsh ip bgp vpne4 vrf A-2.6.6.6.6 BGP routing table entry for 500:1:6.6.6.6/32, version 12 Paths: (1 available, best #1, table A-2) Flag: 0xA00 Advertised to update-groups: 1 Local 172.16.36.6 from 0.0.0.0 (13.0.3.1) Origin incomplete, metric 2, localpref 100, teight 32768, valid, sourced, best Extend Community R1500:1 OSPEDOMAIN IDE050005:0200A0800200 OSPF RT:0.0.0.0:2:0 OSPF ROUTER 1D:172.16.36.3:0 sous 19 wo scan sy stand dase umn cose (us 80 Searels eenns ets aera oe GEWORK race 3pls labels in/out 304/nolabel R1#sh ip bgp vpned orf Al 5.5.55 BGP routing table entry for 500:1:5.5.5.5/32, version 10 Paths: (1 available, best #1, table A-1) Flag: OxA00 Advertised to update-groups: 1 Local 72.16.15.5 from 0.0.0.0 (11.0.3.1) Origin incomplete, metric 2, ocnlpref 100, weight 32768, valid, sourced, best Extended Community: RT:500:1 OSPEIDOMAIN 1D:0X0005:0x0A0A0ADA0200 OSPF RT-0.0.0.02:0 OSPF ROUTER ID:172.16.15.1:0 mpls labels in/out 107/nolabel R6#sh ip route ospf 5.0.0.0/32 is submetted, 1 subnets OIA 55.55 [1105] via 172.16.36.3, 00:01:02, FastEthernetY0 172.16.0.0/24 is subnetted, 2 subnets OIA 172.16.15.0 [1102] via 172.16.36.3, 00:01:02, FastE themet0/0 R5tsh ip route ospf 6.0.0.0/32 is subnetted, 1 subnets OIA 6.6.66 [11073] via 172.16.15.1, 00:01:33, FastEthernet/0 172.16.0.0/24 is subnetted, 2 subnets OIA 172.16,36.0 [1102] via 172.16.15.1, 00:01:33, FastEthernet0/0 sous 19 wo scan sy stand dase umn cose (us 80 Searels eenns ets aera oe GEWORK race 74site A A logical intra-area tink. © Carried by the super backbone. © A shan tink is required only between two VPN sites that belong to the same area and have a backdoor link for backup purposes. © OSPF adjacency is established across the shana link. © LSA flooding occurs across the sham link. © >OIA>E1>£2 Configuring OSPF Sham-link Create a loopback interfuce with /32 mask on both PE routers Configure the loopback interface under the VRF Adoertise the loopback interface in BGP orf address-family Configure OSPF Sham-link in OSPF orf between PE routers Ree Ri (config)#router ospf 10 orf A-1 RU(config-router)#area 0 sham-link 100.5.5.5 100.666 sous 19 wo scan sy stand dase umn cose (us 80 Searels eenns ets aera oe GEWORK race 7sLAB: OSPF Sham-link 100.4734 iorayae io2asae TASK: * Continue with the configurations done in the previous lab. © Commect one serial tink (backup link) between R5/R6. Configure R1 & R3 in Area 0 to ensure that OSPF routes learned from other end should Prefer MPLS backbone. R5(config)#int s1/0 R5(config-iptip address 10.0.56.5 255,255.255.0 R5(config-if)#no shutdown R5(config-iptexit RO(configytint s/0 RO(config-if tip address 10.0.56.6 255.255.255.0 R6(config-ipftno sh R6(config-iptend R6Hping 10.0.56.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.56.5, timeout is 2 seconds: nny sess £3 tw nosis hy stants Gon onan out ness) 808 SS cee eecaaree een etic REWORK nase 6Success rate is 100 percent (5/5), round-trip min/avg/max = 20/56/140 ms RI/R6 R5(config)#router ospf 1 R5(config-router)#network 10.0.56.0 0.0.0.255 area 0 R5(config-router)#exit R5ttsh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 66.6.6 0 FULL/- 00:00:32 100.566 —Seriall/0 172.16.15.1. 1 FULL/BDR 00:00:36 172.16.15.1FastEthernet0/ R5ttsh ip route ospf 6.0.0.0/32 is subnetted, 1 subnets O 6.6.6.6 1110/65] via 10.0.56.6, 00:10: 172.16.0.0/24 is subnetted, 2 subnets O 172.16.36.0 [110/65] via 10.0.56.6, 00:10:42, Serial /0 Serial/0 + OSPF Default preferred path selction is based on route-type 0> OIA > E1>E2 ‘In oder to prefer MPLS first thing is we need to change the route-type over MPLS to be seen as “O” routes instead of oE1/oE2 or OIA ( making both the route-type has tobe same) + TO make the above thing possible we need to Configure OPSF SHAM-LINK between R1 and R3 Steps to Configure OPSF SHAM-LINK 1. Create a loopback interface with /32 mask on both PE routers 2. Configure the loopback interface under the VRF 3. Advertise the loopback interface in BGP orf address-family 4. Configure OSPF Sham-link in OSPF orf between PE routers NOTE: + Iftwe want we can remove the domain-id command configured in the previous task © Matching domain-id is not pre-requirement anyaway to configure Shan-link ‘© using sham-link we can convert either LSA3 ( OIA) or LSA 5 (OE1/0E2) routes in to LSA 1 routes when it reaches the other end of CE Ri(config)tint loopback 10 Ri(config-iip vrf forwarding A-1 Ri (config-ipfip address 100.5.5.5 255.255.255.255 Ri(config-iptexit Ri (config)#router bgp 500 Ri (config-router)#address-family ipod vrf AT Ri (config-router-ap)#network 100.5.5.5 mask 255.255.255.255 Ri (config-router-apitexit sous 19 wo scan sy stand dase umn cose (us 80 Searels eenns ets aera oe GEWORK race 7Ri(config)#router ospf 10 orf A-1 Ri (config-router}#area 0 sham-link ? AB.CD IP addr associated with sham-link source Ri(config-router)#area 0 sham-link 100.5.5.5 100.6.66 Ri(config-router exit R3(config)int loopback 10 R3(config-iD ip orf forwarding A-2 R3(config-iD tip address 100.6.6.6 255.255.255.255 R3(config)trouter bgp 500 R3(config-router)#address-family ipod vrf A-2 R3(config-router-ap#network 100.6.6.6 mask 255.255. R3(config-router-ap text R3(config-router)#exit R3(config)trouter ospf 30 vrf A-2 R3(config-router)#area 0 sham-link 100.6.6.6 100.5.5.5 R3(config-router}#end R3#sh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 1403.1 0 FULL/- 00:00:38 3.3.3.2 Seriall/1 1203.1 0 FULL/- 00:00:38 1 Serial 172.16.15.1 0 FULI/- - _—‘100.5.5.5 OSPF_SLO 6.6.6.6 1 FULL/DR 00:00:32 172.16.36.6 FastEthernet0/0 R5ttsh ip route ospf 100.0.0.0/32 is subnetted, 2 subnets OE2 100.5.5.5 [110/1] via 172.16.15.1, 00:01:41, FastEthernet0/0 £2 100.6.6.6 [110/1] via 172.16.15.1, 00:01:41, FastEthernetO/0 6.0.0.0/32 is subnetted, 1 subnets 0 66.66 [11/4] via 172.16.15.1, 00:01:41, FastEthernet 172.16.0.0/24 is subnetted, 2 subnets O 172.16.36.0 [110/3] via 172.16.15.1, 00:01:41, FastEthernet0/0 R6#sh ip route ospf 100.0.0.0/32 is subnetted, 1 subnets £2 100555 [110/1] via 172.16.36.3, 00:01:42, FastEthernet0/0 5.0.0.0/32 is submetted, 1 subnets 0 5.5.55 [110/65] via 10.0.56.5, 00:10:54, Serial) 172.16.0.0/24 is subnetted, 2 subnets O 172.16.15.0 [110/65] via 10.0.56.5, 00:10:54, Serial1/0 ge es ees eee SESE e i san eee aot sear ec Getwerk Page 78LAB: MPLS L3 VPN Support for EBGP. oorsacKs y200./26 120.1128 1202:1/2¢ 14.00.1/2 140.1.1/28 340211/26 140.3.1/28 TASK: If you start from Basic then follow below steps: S.1/26 1. Configure IGP inside SP Core ( R1/R2/RY/R4) under OSPF area 0 Configure MPLS LDP inside the SP core ( R1/R2/R3/R4) Connect R5 & R6 and Assign IP addressing as per the Diagram and Verify Connectivity. 2 3. 4 Create VRF A-1 on Site 1 (on R1) and VRF A-2 on site-2 (R3) 5 RD & Route Target value should be 5001 for both sites 6. OnR1 Assign interfaces facing CE (R5) under VRF A-1 7. On R3 Assign interfaces facing CE (R6) under VRF A-2 (The Above tasks are preconfigured in the first MPLS LDP Lab Here we assume the above tasks are preconfigured and we are continuing from previous t lab configs) Check the previous labs for detailed step by step configurations. OR Incase if you are about to continue from previous lab then © Remove OSPF configurations on PE and CE © Remove BGP configs from both PE routers © Romove the loopback 10 interface used for Shamlink RI Ri(config)# no router bgp 500 Ri(config)# no router ospf'10 MPLS 13 VEN Rosibook by Sikandax Gouge Hoinuddin CCIE (RES, SP) 425012 ALL contents axe copyright €2013 ~ 2014 All rights reserved. GEWORK race 19Ri(config)# no int loop 10 R3 R3(configh# no router bgp 500 R3(config)# no router ospf 30 R3(configh# no int loop 10 R5 and R6 Rx(config)¥no router ospf 1 TASI + Configure Routing between PE and CE using EBGP on both Ends. ‘+ Use AS-500 For SP Core, AS 5600 for both the customer sites + Ensure that PE routers (R1 & R3) should be able to ping CE routers (R5/R6) LAN interfaces respectively. R5(config)#router bgp 5600 R5(config-router)#neighbor 172.16.15.1 remote-as 500 R5(config-router)#no auto-summary R5(config-router)#no synchronization R5(config-router)#network 5.5.5.5 mask 255.255.255.255 R5(config-router)#network 172.16.15.0 mask 255.255,255.0 R5(config-router exit Ri (configh# router bgp 500 Ri(config-router)#no bgp default ipo4-unicast Ri(config-router)# address-family ipod vrf A-1 Ri (config-router-af)#neighbor 172.16.15.5 remote-as 5600 Ri(config-router-apt neighbor 172.16.155 activate Ri(config-router-af# no auto-summary Ri(config-router-af}# no synchronization R1 (config-router-afHnetwork 172.16.15.0 mask 255.255.255.0 Ri (config-router-apphexit RI#sh ip bgp vpne4 all summary BGP router identifier 11.0.3.1, local AS number 500 BGP table version is 6, main routing table version 6 2 network entries using 274 bytes of memory 3 path entries using 204 bytes of memory 4/.BGP path/bestpath attribute entries using 496 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory 1 BGP extended community entries using 24 bytes of memory OBGP route-map cache entries using O bytes of memory OBGP filter-list cache entries using 0 bytes of memory BGP using 1022 total bytes of memory BGP activity 2/0 prefixes, 3/0 paths, scan interoal 15 secs sous 19 wo scan sy stand dase umn cose (us 80 Searels eenns ets aera oe GEWERK race 00Neighbor VAS MsgRcod MsgSent TblVer InQ OutQ Up/Down State/PfxRed 172, R1fsh ip bgp vpno4 all BGP table version is 6, local router 1D is 11.03.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, 1 RIB-failure, S Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network NextHop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for orf A-1) (3555562 17216155 0056004 "> 1721615024 0.00.0 0 32768i i" 172.16.155 0 056001 Ritsh ip route orf A-1 Routing Table: A-1 Codes: C- connected, S - static, R - RIP, M- mobile, B -BGP D -EIGRP, EX -EIGRP external, O - OSPF, IA - OSPF inter area N1-OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 F1- OSPF external type 1, E2 - OSPF external type 2 i IS-IS, su -IS-IS sunvmary, L1 -1S-IS level-1, L2- ISIS level-2 ia - ISIS inter area, *- candidate default, U - per-user static route 0-ODR, P- periodic downloaded static route Gateway of last resort is not set 5.0.0.0/32 is subnetted, 1 subnets B 5555 20/0] via 172.16.15.5, 00:06:43 172.16.0.0P24 is subnelted, 1 subrets CC 172,16.15.0 is directly connected, FastEthernetO/0 R6(config)#router bgp 5600 R6(config-router)#neighbor 172.16.36.3 remote-as 500 R6(config-router)#no auto-summary R6(config-router)#no synchronization R6(config-router)#network 6.6.6.6 mask 255.255.255.255 R6(config-router)#network 172.16.36.0 mask 255.255,255.0 R6(config-router}exit R3(config)#router bgp 500 R3(config-router)#no bgp default ipod-unicast R3(config-router)#address-family ipod vrf A-2 R3(config-router-a)#neighbor 172.16.36.6 remote-as 5600 R3(config-router-af)#neighbor 172.16.36.6 activate R3(config-router-af)#redistribute connected vous £9 ww sas by sthantne coe main out nes S02 Sear cauSrutoe spel anal apts as tags erocoee Wetwerk Page 81R3(config-router-aptexit R3#sh ip bgp vpne4 all summary BGP router identifier 13.0.3.1, local AS number 500 BGP table version is 6, main routing table version 6 2 network entries using 274 bytes of memory 3 path entries using 204 bytes of memory 4. BGP path/bestpath attribute entries using 496 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory 1 BGP extended community entries using 24 bytes of memory OBGP route-map cache entries using O bytes of memory OBGP filter-list cache entries using 0 bytes of memory BGP using 1022 total bytes of memory BGP activity 2/0 prefixes, 3/0 paths, scan interval 15 secs Neighbor V_AS MsgRevd MsgSent TblVer InQ OutQ Up/Down State/PfiRed R3#sh ip bgp vpne4 all BGP table version is 6, local router ID is 13.03.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, + RIB-failure, § Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network NextHop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for orf A-2) . 172.16.36.6 0 05600 i R3itsh ip route vrf A-2 Routing Table: A-2 Codes: C- connected, S - static, R - RIP, M- mobile, B - BGP D -EIGRP, EX - EIGRP external, O - OSPF, 1A - OSPF inter area N1- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1-OSPF external type 1, E2 - OSPF external type 2 ISIS, su -15.1S suramary,L1 -15-IS level, L2 ISIS lool-2 S inter area, *- candidate default, U - per-user static route 0- ODR, P- periodic downloaded static route Gateway of last resort is not set 6.0.0.0/32 is subnetted, 1 subnets B 6.6.6.6 [20/0] vin 172.16.36.6, 00:02:45 172.16.0.0/24 is subnetted, 1 subnets C 172.1636. is directly connected, FastEthernetO/ sous 19 wo scan sy stand dase umn cose (us 80 Searels eenns ets aera oe GEWERK race 02Configuring VPNV4 Peet Ri #ping 13.0.0.1 source 11.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 13.0.0.1, timeout is 2 seconds: Packet sent with a source address of 11.0.0.1 ‘Success rate is 100 percent (5/5), round-trip min/avg/max = 40/56/76 ms Ri (config)#router bgp 500 Ri(config-router)#no bgp default ipo4-unicast Ri (config-router)#neighbor 13.0.0.1 remote-as 500 Ri (config-router)#neighbor 13.0.0.1 update-source loopback 0 Ri(config-router)#address-family vpnc4 unicast Ri(config-router-a#neighbor 13.0.0.1 activate Ri(config-router-a#neighbor 13.0.0.1 send-community extended Ri(config-router-ap#neighbor 13.0.0.1 next-hop-self Ri(config-router-aptend R3(config)#router bgp 500 R3(config-router)# no bgp default ipot-unicast R3(config-router)# neighbor 11.0.0.1 remote-as 500 R3(config-router)# neighbor 11.0.0.1 update-source loopback 0 R3(config-router)# address-family vpmo4 unicast R3(config-router-af# neighbor 11.0.0.1 activate R3(config-router-a# neighbor 1.0.0.1 send-community extended R3(config-router-af# neighbor 11.0.0.1 next-hop-self R3(config-router-ap# end R3#tsh ip bgp vpno4 all summary BGP router identifier 13.0.3.1, local AS number 500 BGP table version is 10, main routing table version 10 4 network entries using 548 bytes of memory 5 path entries using 340 bytes of memory 6/4 BGP path/bestpath attribute entries using 744 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory 1 BGP extended community entries using 24 bytes of memory OBGP route-map cache entries using 0 bytes of memory OBGP filter-list cache entries using 0 bytes of memory BGP using 1680 total bytes of memory BGP activity 40 prefixes, 5/0 paths, scan interoal 15 secs Neighbor VAS MsgRcod MsgSent TblVer InQ OutQ Up/Down State/PfxRed vous 1 wow sas by sthantne cou oman out nas) S02 Sear cauSrutoe spel anal apts as tags erocoee Wetwerk Page 89ALL contents axe copyright €2013 - 2014 All rights reserved. 172.1636.6 45600 13 16 10 0 0000814 2 R3#tsh ip bgp vpne4 all BGP table version is 10, local router ID is 13.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, 1 RIB-failure, $ Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: > 6.6.6.632 — 172.16.36.6 0 05600 i “i172.16.15.024 11001 == 0 100 Oi "> 172.16.36.024 0.0.0.0 0 32768? * 172.1636.6 0 05600 R3Ash ip route orf A-2 Routing Table: A-2 Codes: C - connected, S - static, R - RIP, M - mobile, B- BGP D -EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1- OSPF NSSA external type 1, N2- OSPF NSSA external type 2 F1- OSPF external type 1, E2 - OSPF external type 2 i-IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - 15-15 inter area, *- candidate default, U- per-user static route 0- ODR, P- periodic downloaded static route Gateway of last resort is not set 5.0.0.0/32 is subnetted, 1 subnets B 5.5.55 [20/0] via 11.0.0.1, 00:01:17 6.0.0.0/32 is submetted, 1 subnets B 6.6.6.6 [20/0] wia 172.16.36.6, 00:08:25 172.16.0.0/24 is subnetted, 2 subnets CC 172.16.36.0 is directly connected, FastEthernet0/0 B 172.16.15.0 [200/0] via 11.0.0.1, 00:01:17 RI#sh ip bgp vpne4 all summary BGP router identifier 11.0.3.1, local AS number 500 BGP table version is 10, main routing table version 10 4 network entries using 548 bytes of memory 5 path entries using 340 bytes of memory 6/4 BGP path/bestpath attribute entries using 744 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory 1 BGP extended community entries using 24 bytes of memory OBGP route-map cache entries using 0 bytes of memory OBGP filter-list cache entries using 0 bytes of memory MPLS 13 VEN Rosibook by Sikandax Gouge Hoinuddin CCIE (RES, SP) 425012 é (NETWBRK rage 0BGP using 1680 total bytes of memory BGP activity 4/0 prefixes, 5/0 paths, scan interoal 15 secs Neighbor VAS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfcRed 130.01 4500 7 7 10 0 0000148 2 17216155 45600 18 21 10 0 000-1300 2 RI Ash ip bgp vpno4 all BGP table version is 10, local router ID is 11.0.3.1 Status codes: s suppressed, d dantped, h history, * valid, > best i internal, + RIB-failure, S Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 5001 (default for orf A-1) "5555/32 — 172.16.155 0 056001 716.6.6.682 13.001 0 100 0.5600i "> 172.16.15.024 0.0.0.0 0 327681 * 172.16.15.5 0 05600 RItsh ip route vif A-1 Routing Table: A-1 Codes: C- connected, S - static, R - RIP, M-- mobile, B - BGP D -EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area NI- OSPF NSSA external type 1, N2-OSPF NSSA external type 2 E1-OSPF external type 1, E2 - OSPF external type 2 i IS-1S, su - ISIS summary, L1 - 1-1 level-1, L2 - ISIS level-2 ia ISIS inter area, *- candidate default, U - per-use 0- ODR, P- periodic downloaded static route Gateway of last resort is not set 5.0.0.0/32 is submetted, 1 subnets B 5.5.55 [20/0] via 172.16.15.5, 00:13:10 6.0.0.0/32 is subnetted, 1 subnets B 6.6.6.6 (200/0] via 13.0.0.1, 00:01:43 172.16.0.0/24 is subnetted, 2 submets B172.16.36.0 [200/} via 13.0.0.1, 00:01:43 C _ 172,16.15.0 is directly connected, FastEthernet0/0 Rifping orf A-1 6.6.6.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: sous £3 ww ntsc hy stkntas Gon tenn cout ness) 008 Seer eieene etiam oe GEDWERK race os‘Success rate is 0 percent (0) R5ttsh ip route Codes: C- connected, S~ static, R- RIP, M- mobile, B-BGP D -EIGRP, EX -EIGRP external, O - OSPE, IA - OSPF inter area N1- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1-OSPF external type 1, E2 - OSPF external type 2 i- ISIS, su - ISIS suommary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia -IS-1S inter area, *- candidate defeult, U - per-user static route 0- ODR, P- periodic downloaded static route Gateway of last resort is not set 5.0.0.0/32 is submetted, 1 subnets 5.555 is directly connected, LoopbackO 172.16.0.0/24 is subnetted, 2 subnets B_ 172.16.36.0 [20/0] via 172.16.15.1, 00:03.07 CC 172.16.15.0 is directly connected, FastE thernet0/0 R6#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B- BGP D -EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1- OSPF NSSA external type 1, N2- OSPF NSSA external type 2 F1- OSPF external type 1, E2 - OSPF external type 2 i-IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - 15-15 inter area, *- candidate default, U- per-user static route 0-ODR, P- periodic downloaded static route Gateway of last resort is mot set 6.0.0.0/32 is subnetted, 1 subnets C 6.6.6.6 is directly connected, Loopback 172.16.0.0/24 is subnetted, 2 subnets C 172.16.36.0és directly connected, FastE thernet0/0 B_ 172.16.15.0 (20/0) via 172.16.36.3, 00:03:19 NOTE: © No routes get installed because the CE routers recive the routes with its oun AS coming from other sites © So.as per BGp it will not install the routes in the BGP table If the custonter has the sane ASN at different sites, the CE routers drop the BGP routes © The CE router drops the BGP update as it sees that its oum ASN 5600 is in the update ‘This behavior is the defiult behavior of BGP and is a prevention mechanism against loops in BGP. © This means that ifthe customer had his own private network (with only 1 autonomous system mumiber) before using the MPLS VPN seroice from the service provider, he would now have to use different autonomous system mambers for each site © This is tedious, and new autonomous system numbers are almost impossible to get. The customer can use ASNs {from the priate ASN range [64512-65535]. sous 19 wo scan sy stand dase umn cose (us 80 Searels eenns ets aera oe GEDWORK race 06© However, an easier solution is available, and it involues having the PE router replace the customer ASN in the as- path with the ASN of the service provider. ‘* The command that you need to configure on the PE router to override the ASN is neighborip-address as-override. R1fsh ip bgp vpme4 all BGP table version is 10, local router ID is 11.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, + RIB-failure, S Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for orf A-1) "> 5555/32 172.16.15.5 0 0.56004 "> 172.16.15.024 0.0.0.0 768 i : 172.16.15.5 0 0.5600 ">i172.1636.024 13.001 0 100 07 R3#tsh ip bgp vpno4 all BGP table version is 10, local router ID is 13.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, + RIB failure, S Stale Origin codes: i- IGP, ¢- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for orf B55582 11001 0 100 056004 "> 6.6.6.682 17216366 0 056001 i172.16.15.024 1.0.0.1 0 100 01 > 172.16.36.024 0.0.0.0 0 32768? i 172.16.36.6 0 05600 Ri(config)#router bgp 500 Ri(config-router)#address-family ipod vrf A-T Ri (config-router-ap#neighbor 172.16.15.5 as-override Ri (config-router-aptexit R5ttsh ip route Codes: C- connected, S - static, R - RIP, M-- mobile, B -BGP D -EIGRP, EX -EIGRP external, O - OSPE, IA - OSPF inter area N1- OSPF NSSA external type 1, N2-OSPF NSSA external type 2 E1- OSPF external type 1, E2 - OSPF external type 2 i= ISIS, su - ISIS summary, L1 -15-IS level-1, L2 - IS-IS level-2 ia -IS-1S inter area, *- candidate defeult, U - per-user static route 0- ODR, P- periodic downloaded static route sous 19 wo scan sy stand dase unin cose (us) 80 Searels eenns ets aera oe GEWERK race 07MPLS 13 VEN Rosibook by Sikandax Gouge Hoinuddin CCIE (RES, SP) 425012 ALL contents axe copyright €2013 - 2014 All rights reserved. Gateway of last resort is not set 5.0.0.0/32 is submetted, 1 subnets C 5.5.5.5 is directly connected, Loopback 6.0.0.0/32 is submetted, 1 subnets B 6.6.6.6 [20] via 172.16.15.1, 00:02:20 172.16.0.0/24 is subnetted, 2 subnets B 172.16.36.0 [20/0] via 172.16.15.1, 00:02:20 CC 172.16.15.0 is directly connected, FastE thernet0/0 R5ttsh ip bgp BGP table version is 7, local router ID is 5.5.5.5 Status codes: s suppressed, d dantped, h history, * valid, > best, i - internal, + RIB-failure, S Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path 0 327681 0 05001 0 327681 "> 172.16.36.024 172.16.15.1 0.500? R3(config)#router bgp 500 R3(config-routerMaddress-family ipod vif A-2 R3(config-router-aptneighbor 172.16.36.6 as-override R3(config-router-af)itend R6#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B- BGP D -EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1-OSPF external type 1, E2 - OSPF external type 2 i-. S, su - 1S-IS summary, L1 - 1S-IS level-1, L2 - 1S-IS level [SIS inter area, *- candidate default, U -per-user static route 0-ODR, P- periodic downloaded static route Gateway of last resort is mot set 5.0.0.0/32 is subnetted, 1 subnets B 5.5.55 [20/0] via 172.16.36.3, 00:00:10 6.0.0.0/32 is subnetted, 1 subnets C 6.6.6.6 is directly connected, Loopback 72.16.0.0/24 is subnetted, 2 subnets C 172.16.36.0 és directly connected, Fast thernet00 ¢ (NETW@RK — rage 08B_ 172.16.15.0 [20/0] via 172.16.36.3, 00:00:10 R6#sh ip bgp BGP table version is 9, local router ID is 6.6.6.6 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, 1 RIB-failure, $ Stale Origin codes: i- IGP, e- EGP, ? - incomplete letwork Next Hop Metric LocPrf Weight Path "> 6.6.6.632 0.0.0.0 0 "> 172.16.15.0f24 172.16.36.3 05001 * 172.1636.024 172.16.363 0 0.500? > 0.0.0.0 0 327681 R6#ping 5.5.55 source loopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 55.5.5, timeout is 2 seconds Packet sent with a source address of 6.6.6.6 Success rate is 100 percent (5/5 R3#ping vrf A-2 5.5.5.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5 Success rate is 100 percent (5/5), round-trip min/avg/mas 5, timeout is 2 seconds: MPLS 13 VEN Rosibook by Sikandax Gouge Hoinuddin CCIE (RES, SP) 425012 ALL contents axe copyright €2013 - 2014 All rights reserved. roundtrip min/eg/max = 108/162/220 ms 64/85/120 ms Geren Page 69Overlap VPN. © Overlapping VPNs are used to provide connectivity between segments of two VPN, © CE routers participate in simple VPNs. ‘© Some CE routers participate in more than one simple VPN: © There are twvo uses for overlapping VPNs: 1. Companies that use MPLS VPNs to implement both intranet and extranet services Companies that might decide to limit visibility between departments ‘© Sites that participate in more than one (overlapping) VPN import and export routes with RTs from any VPN in which they participate. ‘Sites cannot talk to each other ifthey belong to different VPNs. ‘© Overlapping VPN sites are configured with the required RTS ‘© based on the VPN membership. LAB: Overlap VPN: siss.5/92 TASK: © Continue with same Lab done for A-1 and A-2 sites on RI/R3/R5/R6 where PE to CE Routing is configured using EBGP ‘+ Add R7R8 to existing as per the diagram and configure basic ip addressing Ri config)#int s1/2 Ri (config-ip ip address 172.16.17.1 255.255.255.0 Ri(config-ip#no shutdown Ri(config-iptexit ss £3 rv wosthok hy sitanta Gon Hosni come cn, 1808 a ae ea GEDWERK race 20R7(config)int 51/2 R7(config-ip#no shutdown R7(config-iPttip address 172.16.17.7 255.255.255.0 R7(config-ipitexit R7(configh#int loop 0 R7(config-ipfip address 7. R7(config-itend R7#ping 172.1617. Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.17.1, timeout is 2 seconds: an ‘Success rate is 100 percent (5/5), round-trip min/avg/max = 4/21/48 ms R3(confighint s1/2 R3(config-i ip address 172.16.38.3 255.255.255.0 R3(config-ipttno shutdown R3(config-ipttexit R8(config)int loop 0 R8(config-itip address 8.8.8.8 255.255.255.255 R8(config-iptexit RB(config)#int s1/2 R8(config-iPttip address 172.16.38.8 255.255.255.0 R8(config-ipftno shutdown R8(config-itend R8#ping 172.16.383 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.38.3, timeout is 2 seconds: nu ‘Success rate is 100 percent (5/5), round-trip min/aog/max 20/8062 ms TASK: Configure VRF B-1 on R1 and B-2 on R3 using RD/RT value of 500:2 for both sides © Configure interface facing interface under VRE as per the diagram ( R1 as Site B-1 , R3 as Site B-2) R1fsh ip orf interfaces Interface IP-Address. VRF Protocol Fa0/0 172.16.15.1 AT up Ri (config) ip orf B-1 Ri config-orf)trd 50022 sous 19 wo scan sy stand dase Human cose (us) 808 Searels eenns ets aera oe GEWORK raceRi(config-orp #route-target both 5002 Ri (config-orp)#exit Ri(config)#int s1/2 Ri(config-iP tip orf forwarding B-1 R1(config-i)# ip address 172:16.17.1 255.255.255.0 Ri(config-iptend RI#sh ip vrf interfaces Interface IP-Address. | VRF Protocol Fao 172.16.15.1 A up R3#tsh ip vrf interfaces Interface IP-Address VRF Protocol Fao 172,16363 A-2 up R3(config)itip vrf B-2 R3(config-orpi#rd 5002 R3(config-orf)#troute-target both 500:2 R3(config-orf)texit R3(config)#int s1/2 R3(config-ipip orf forwarding B-2 R3(config-ipttip address 172.16.38.3 255.255.255.0 R3(config-ipitend R3ttsh ip vrf interfaces Interface IP-Address VRF Protocol Fao 172.16363 A. up 72 ET TASK: Configure PE CE routing for customer SIte B-1 and B-2 using any routing protocol and configure Redistribution if required.( here I aim using OSPF on sitel and EIGRP on site2) R7(config)#router ospf 1 R7(config-router)#network 172.16.17.0 0.0.0.255 area 0 R7(config-router)#network 7.7.7.7 0.0.0.0 a 0 R7(config-router)texit R1(configh#router ospf 10 orf B-1 Ri (config-router)# network 172.16.17.0 0.0.0.255 area 0 Ri (config-router)#redistribute bgp 500 subnets R1(config-router exit sous 19 wo scan sy stand dase umn cose (us 80 Searels eenns ets aera oe GEWORK race 52Ri (config-router)#address-family ipo4 orf BL Ri (config-rowter-aftredistribute ospf10 vrf B-1 match internal external Ri(config-router-ap)texit R1#sh ip ospf 10 neighbor Neighbor ID Pri State Dead Time Address Interface 7777 0 FULL/- 00:00:36 172.16.17.7 Seriall/2 Rittsh ip route vrf B-1 ospy Routing Table: B-1 7.0.0.0/32 is subnetted, 1 subnets Ri ping orf Bel 7.7.7.7 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds: ‘Success rate is 100 percent (5/5), round-trip min/avg/max = 4/35/76 ms R8(config)#router eigrp 100 R8(config-router)#no auto-summary R8(config-router)# network 172.16.0.0 R8(config-router)#network 8.0.0.0 RB(config-router)Hexit R3(config)#router eigrp 500 R3(config-router)#address-family ipod vrf B-2 R3(config-router-aph R3(config-router-af network 172.16.0.0 R3(config-router-af redistribute bgp 500 metric 11111 R3(config-router-afMexit R3(config-router)texit R3(config)#router bgp 500 R3(config-router)#address-family ipod vrf B-2 R3(config-router-ap)#redistribute eigrp 100 R3(config-router-apHexit R3#tsh ip eignp orf B-2 neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num O 172.16.388 Sel/2 13 000134 74 44403 vous £9 ww sas by sthantne coe main out nes S02 Searels eenns ets aera oe Getwerk Page 99ALL contents axe copyright €2013 - 2014 All rights reserved. R3ttsh ip route orf B-2 eigrp 8.0.0.0/32 is subnetted, 1 subnets D 888.8 [90/2297856] via 172.16.38.8, 00:01:14, Seriall/2 R3tping vrf B-2 88.8.8 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: Siuccess rate is 100 percent (5/5), round-trip minfaog/ma 32/108/232 ms R3#sh ip route vrf B-2 Routing Table: B-2 172.16.0.0/24 is subnetted, 2 subnets C 172.1638. is directly connected, Seriall/2 B _172.16.17.0 [200] via 11.0.0.1, 00:03:43 7.0.0.0/32 is subnetted, 1 subnets B7.27.7 [2065] via 11.0.0, 00:03:43 8.0.0.0/32 is subnetted, 1 subnets D 88.8.8 [90/2297856] via 172.16.38.8, 00:01:55, Seriall/2 RI#sh ip route vrf B-L Routing Table: B-1 172.16.0.0/24 is subnetted, 2 subnets B 172.16.38.0 [200/0] via 13.0.0.1, 00:01:17 C _ 172.16.17.0 is directly connected, Serial1/2 7.0.0.0/32 is subnetted, 1 subnets O 7.7.7.7 [110/65] via 172.16.17.7, 00:04:57, Seriall/2 8.0.0.0/32 is submetted, 1 subnets R7Ash ip route ospf 172.16.0.0/24 is subnetted, 2 subnets OE2 172.16.38.0 [110/1] via 172.16.17.1, 00:01:35, Seriall/2 8.0.0.0/32 is submetted, 1 subnets R7#ping 8.888 source loopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: Packet sent with a source address of 7.7.7.7 Success rate is 100 percent (5/5), round-trip minfaog/ma 28/98/128 ms R7#trace 8.8.8.8 source loopback 0 Type escape sequence to abort. WLS 13 YPN Worthook by Sikandar Gouge Moinuddin CCIE (R&S, SP) #35012 Wetwerk Page 94Tracing the route to 8.8.8.8 172.16.17.1 120 msec 112 msec 28 msec 21.1.1.2 [MPLS: Labels 23/35 Exp 0] 236 msec 148 msec 76 msec 3 -172.16.38.3 [MPLS: Label 35 Exp 0] 120 msec 88 msec 44 msee 4:172.16.38.8 96 msec 84 msec 72 msec TASK: Configure RI/R3 to ensure that cusmtomer site A-I/A-2 can exchange routers between Customer sites B-1/B-2 R3#sh run | section orf ip orf A-2 rd 500:1 route-target export 500:1 route-target import 500:1 ip orfB-2 rd 50:2 route-target export 500:2 route-target import 500:2 Rifsh run | section vif iporf At rd 5001 route-target export 500:1 route-target import 500:1 ip orf B-1 rd 500:2 route-target export 500:2 route-target import 500:2 Ri (confighip orf A-1 Ri (config-orf)#troute-target import 5002 Ri (config-orf)texit R1(config)tip orf BA Ri (config-orf)#troute-target import 500:1 Ri(config-orf)#exit R3 (config) ip orf A-2 R3(config-orf)# route-target import 500:2 R3(config-orf)# exit R3(confight ip orf B-2 R3(config-orf)# route-target import 50:1 R3(config-orf)# end MPLS 13 VEN Rosibook by Sikandax Gouge Hoinuddin CCIE (RES, SP) 425012 ALL contents axe copyright €2013 - 2014 All rights reserved. Getwerk Page 95R1ttsh ip bgp opnod orf AT BGP table version is 24, local router ID is 11.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, + RIB failure, S Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 5001 (default for orf A-1) 5/32 172.16.155 0 05600% ">16.6.6.6/82 — 13.0.0.1 0 100 056001 (DTITT2 W216A77 6532768? “18.8.8.952 13.0.0.1 2297856 100 0? "172.16.15.0724 172.16.155 0 056004 > 0.00.0 0 32768 "> 172.16.17.024 0.0.00 0 32768? >i172.16.36.024 13.001 0 10 01 ">i172.16.38.024 13.0.0.1 0 100 07 R1#sh ip bgp vpme4 orf Bl BGP table version is 24, local router ID is 11.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, internal, + RIB-failure, S Stale Origin codes: i- IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:2 (default for orf B-1) 555582 17216155 0 0.5600 16.6.6.6982 1300.1 0100 056001 ">7.7.7.7/32 172.16.17.7 65 32768? °318.8.8.8/32 — 13.0.0.1 2297856 100 0? "> 172.16.15.024 0.0.0.0 oO (327681 "> 172.16.17024 0.0.0.0 o (32768? 1172.16.36.0P4 13.001 0 100 04 i172.16.38024 13.001 0 100 0? Ri ttsh ip route orf A-1 Routing Table: A-1 Gateway of last resort is not set 5.0.0.0/32 is subnetted, 1 subnets B 5.5.5.5 [20/0] via 172.16.15.5, 00:25:40 6.0.0.0/32 is submetted, 1 subnets B 6.6.6.6 [200/0] via 13.0.0.1, 00:23:27 172.16.0.0/24 is subnetted, 4 subnets B 172.16.36.0 [200 vin 13.0.0.1, 00:23:42 vous £9 ww sas by sthantne coe main out nes S02 Sear cauSrutoe spel anal apts as tags erocoee Wetwerk Page 96B 172.16.38.0 [200/0] via 13.0.0.1, 00:03:57 B 172.16.17.0is directly connected, 00:03:57, Serial1/2 C _ 172,16.15.0 is directly connected, FastE thernet00 7.0.0.0/32 is subnetted, 1 subnets B 7.7.7.7 [20/65] via 172.16.17.7 (B-1), 00:03:58, Serialt/2 8.0.0.0/32 is submetted, 1 subnets R1fsh ip route vrf Bel Routing Table: B-1 5.0.0.0/32 is subnetted, 1 subnets 6.0.0.0/32 is submetted, 1 subnets 172.16.0.0/24 is subnetted, 4 subnets B_ 172.16.36.0 [200/0} via 13.0.0.1, 00:04:05 B_ 172.16.38.0 [200/0] via 13.0.0.1, 00: C _ 172,16.17.0is directly connected, Serial B_ 172.16.15.0 is directly connected, 00:04:05, FastE thernet0/0 7.0.0.0/32 is subnetted, 1 subnets O 7.7.7.7 {110/65] via 172.16.17.7, 00:19:32, Seriall/2 8.0.0.0/32 is submetted, 1 subnets B_ 8.8.8.8 [200/2297856] via 13.0.0.1, 00:15:54 R5ttsh ip route bgp 6.0.0.0/32 is submetted, 1 subnets B 6.6.6.6 [20/0] via 172.16.15.1, 00:23:58 172.16.0.0/24 is subnetted, 4 subnets B_ 172.16.36.0 [20/0] via 172.16.15.1, 00:23:58 B_ 172.16.38.0 [20/0] via 172.16.15.1, 00:04:36 B — 172.16.17.0 (20/0) via 172.16.15.1, 00:04:36 7.0.0.0/32 is submetted, 1 subnets B 7.7.7.7 (200) via 172.16.15.1, 00:04:36 8.0.0.0/32 is submetted, 1 subnets R5ttping 7.7.7.7 source loopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds: Packet sent with a source address of 55.55 tt Siuccess rate is 100 percent (5/5), round-trip minfavg/max = 28/48/92 ms R5#ping 8.888 source loopback 0 Type escape sequence to abort. sos £3 mv wosthok hy sitanta Gon Hosni cone cn, 1808 a ae ea GEDWORK tage o7Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: Packet sent with a source address of 5. nut Success rate is 100 percent (5/5), round-trip min/avg/max 38/120/172 ms R3#tsh ip route vif A-2 Routing Table: A-2 5.0.0.0/32 is submetted, 1 subnets B 5.5.5.5 [200/0] via 11.0.0.1, 00:04:13, 6.0.0.0/32 is subnetted, 1 subnets B 6.6.6.6 (200) vie 172.16.36.6, 00:04:13 172.16.0.0/24 is subnetted, 4 subnets CC 172.16.36.0 is directly connected, FastE thernet0/0 B_ 172.16.38.0 is directly connected, 00:04:13, Serial 1/2 B_ 172.16.17.0 1200/0} via 11.0.0.1, 00: B__ 172.16.15.0 [200] via 11.0.0.1, 00:04:13 7.0.0.0/32 is submetted, 1 subnets 8.0.0.0/32 is submetted, 1 subnets R3#tsh ip route vif B-2 Routing Table: B-2 5.0.0.0/32 is submetted, 1 subnets 6.0.0.0/32 is submetted, 1 subnets 172.16.0.0/24 is subnetted, 4 subnets B 172.16.36.0 is directly connected, 00:04:26, FastE thernet0/0 C 172.1638. is directly connected, Seriall/2 B 172.16.17.0 [200/0] via 1.0.0.1, 00:04:26 B — 172.16.15.0 [200/0} via 11.0.0.1, 00: 7.0.0.0/32 is submetted, 1 subnets B 7.7.7.7 [200/65] via 11.0.0.1, 00:04:27 8.0.0.0/32 is subnetted, 1 subnets D 88.8.8 [90/2297856] via 172.16.38.8, 18:27, Seriall2 R3itsh ip bgp vpned all BGP table version is 24, local router 1D is 13.03.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, + RIB failure, § Stale Origin codes: i- IGP, e- EGP, ? ~ incomplete Network Next Hop _Meetric LocPrf Weight Path Route Disting ste OCOD) sos £3 rv wut hy sitanta Gon osm come one, 1808 a ae ea GEDWORK rage 38555/32 11.0.0.1 0 100 056001 > 6.6.6.6/32 172.16.36.6 0 05600% (i7.7.7.7/82 M1001 65 100 0? "> 888882 172.1638.8 2297856 32768? ">i172.16.15.024 11.0.0.1 0 100 01 >i172.16.17.024 11.00.1 0 100 0? * 1721636024 172.16.36.6 0 056004 > 0.00.0 0 327681 > 172.16.38.024 0.0.00 0 32768? Route Distinguisher: 500:2 (default for of B-2) (PB555R2 11001 0 100 05600: "6666/32 17216366 = 0 05600i 'i7.7.7.782 1.0.0.1 65 100 0? "> 8.88882 17216388 2297856 32768? ">i172.16.15.024 11.001 0 10 0 “>i172.16.17.024 11.001 0 100 0? 0 32768 0 32768? R8#sh ip route eigrp 5.0.0.0/32 is submetted, 1 subnets 6.0.0.0/32 is submetted, 1 subnets 172.16.0.024 is subnetted, 4 subnets DEX 172.16.36.0 [170/2560512256] via 172.16.38.3, 00:05:38, Seriall/2 DEX 172.16.17.0 [170/2560512256] via 172.16.38.3, 00:19:29, Seriall/2 DEX 172.16.15.0 [170/2560512256] via 172.16.38.3, 00:05:38, Seriatl/2 7.0.0.0/32 is submetted, 1 subnets DEX 7.7.7.7 [170256051 1 Seriall/2 R8#ping 5.555 source loopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: Packet sent with a source address of 88.8.8 Success rate is 100 percent (5/5), round-trip minfavg/max = 72/100/128 ms R8#ping 6.6.66 source loopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds Packet sent with a source address of 88.8.8 nu ‘Success rate is 100 percent (5/5), round-trip min/avg/max = 32/58/88 ms ALL contents axe copyright €2013 - 2014 All rights reserved. WLS 13 YPN Worthook by Sikandar Gouge Moinuddin CCIE (R&S, SP) #35012 Wetwerk aTASK: Remove the import options configured in the previous task: R3Ash run | s orf iporfA2 rd 500:1 route-target export 500:1 route-target import 500:1 ip orf B-2 rd 5002 route-target export 500:2 route-target import 500:2 R3(configh#ip orf A-2 R3(config-vrf)#no route-target import 500:2 R3(config-orp#exit R3(config)#ip orf B-2 R3(config-vrf)#no route-target import 500:1 R3(config-orp#exit Rittsh run | s o1f iporfAd rd 500:1 route-target export 500:1 route-target import 500:1 iporfB-1 rd 5002 route-target export 500:2 route-target import 500:2 R1(config)ip vof AT Ri(config-vrf)#no route-target import 500:2 Ri(config-orptexit RI (config)ip vrf Bl Ri(config-vrf)#no route-target import 500:1 Ri(config-orp)#end MPLS 13 VEN Rosibook by Sikandax Gouge Hoinuddin CCIE (RES, SP) 425012 ALL contents axe copyright €2013 - 2014 All rights reserved. Getwerk Page 100TASK: Riftsh ip route vrf AT Routing Table: A-1 5.0.0.0/32 is submetted, 1 subnets B 55.55 [2000] via 172.16.155, 000711 6.0.0.0/32 is subnetted, 1 subnets B 6.6.6.6 (200/0] via 13.0.0.1, 00:07:04 172.16.0.0/24 is subnetted, 2 subnets B172.16.36.0 [200/0] via 13.0.0.1, 00:07:04 CC 172.16.15.0 is directly connected, FastE thernet0/0 RI#sh ip route vrf B-L Routing Table: B-1 172.16.0.0/24 is subnetted, 2 subnets B 172.16.38.0 [2000] via 13.0.0.1, 00:07:15 C 172.16.17.0 is directly connected, Seriall/2 7.0.0.0/32 is subnetted, 1 subnets 8.0.0.0/32 is submetted, 1 subnets Configure RI/R3 to ensure that Site A-1 can exchange routes from A-2 & B-2 but not from B-1 R1(config)#ip vef AT Ri(config-vrf)#route-target export 500:12 Ri(config-vrf)#route-target import 500:12 Ri(config-orf) tend R3(config)ttip vrf B-2 R3(config-orf)#route-target import 500:12 R3(config-vrf)#route-target export 500:12 R3(config-orptend Ritsh ip route vrf AT Routing Table: A-1 5.0.0.0/32 is submetted, 1 subnets B 5.5.55 [2000] via 172.16.15.5, 00:01:25 6.0.0.0/32 is subnetted, 1 subnets B 6.6.6.6 [200/0] via 13.0.0.1, 00:17:18 172.16.0.0/24 is subnetted, 3 subnets B 172.16.36.0 [200/0] via 13.0.0.1, 00:17:18 B 172,16.38.0 [200/0} via 13.0.0.1, 00:00:32 C _ 172.16.15.0 is directly connected, FastEthernet0/0 8.0.0.0/32 is submetted, 1 subnets ss 13 rv youth hy sitanta Gon osu cone cne,en 1808 a ae ea REWORK rage 02R3#tsh ip route vrf B-2 Routing Table: 172.16.0.0/24 is subnetted, 3 subnets C 172.1638. is directly connected, Seriall/2 B 172.16.17.0 [200/0] via 11.0.0.1, 00: B 172.16.15.0 [200/0] via 1.0.0.1, 00:01: 7.0.0.0/32 is subnetted, 1 subnets B 7.7.7.7 [200/65] via 1.0.0.1, 00:17:25 8.0.0.0/32 is subnetted, 1 subnets D 888.8 [90/2297856] via 172.16.38.8, 00:56:11, Serial!/2 R1tsh ip bgp opme4 orf A-1 BGP table version is 44, local router ID is 11.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, + RIB-failure, S Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network NextHop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for orf A-1) "5555/82 172.16.155 0 05600 16.6.6.6/82—13.0.0.1 0 100 056001 "188.8802 1300.1 2297856 100 0? *172.16.15.024 172.16.155 0 056004 > 0.0.0.0 0 32768: ">i172,16.36.024 13.0.0.1 0 100 0% ">i172,16.38024 13.0.0.1 0 100 0? R5ttsh ip route bgp 6.0.0.0/32 is subnetted, 1 subnets B 6.6.6.6 [20/0] via 172.16.15.1, 00:02:21 172.160.0724 is subnetted, 3 subnets B 172.16.36.0 [20/0] via 172.16.15.1, 00:02:21 B 172,16.38.0 [20/0] via 172.16.15.1, 00:01:19 8.0.0.0/32 is submetted, 1 subnets R5tping 8.8.88 source loopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds Packet sent with a source address of 55.55 mm ‘Success rate is 100 percent (5/5), round-trip min/ang/max = 80/101/132 ms vous £9 ww sas by sthantne coe main out nes S02 Sear cauSrutoe spel anal apts as tags erocoee Wetwerk Page 102Rr 777.7792 sss/22 TASK: © Continue with same Diagram and configurations done in the previous lab © Remove the Import/export 500:12 configured on A-1 & B-2 Customer sites. Ensure that respective Customer Sites (A-1 with A-2 & B-1 with B-2) communicate with each other. No traffic should between Cusomter A and B. Rifsh run | s orf iporfAl route-target export 500:1 route-target export 500:12 route-target import 500:1 route-target import 500:12 ip of B-1 rd 500:2 route-target export 500:2 route-target import 500:2 Ri(confightip orf A-1 Ri(config-orf)#no route-target export 500:12 Ri (config-orf)#no route-target import 500:12 WLS 13 YPN Worthook by Sikandar Gouge Moinuddin CCIE (R&S, SP) #35012 @e K ALL contents axe copyright €2013 - 2014 All rights reserved. Page 103Ri(config-vrp#end R3ttsh run | s orf ip wrfA2 rd 500:1 route-target export 500:1 route-target import 500:1 ip wrfB-2 rd 500:2 route-target export 500:2 route-target export 500:12 route-target import 500:2 route-target import 500:12 R3(config)itip vrf B-2 R3(config-orf)#no route-target import 500:12 R3(config-orf)#no route-target export 500:12 R3(config-orptend Ri Ash ip bgp vpme4 vrf A-1 BGP table version is 49, local router ID is 11.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, + RIB-failure, $ Stale Origin codes: i- IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for orf A-1) *172.16.15.024 172.16.15.5 0 0.5600 > 0.0.0.0 0 32768: ">i172.16.36.024 13.0.0.1 0 100 0: RI#sh ip bgp vpne4 orf B-1 BGP table version is 49, local router 1D is 11.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, internal, + RIB failure, S Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:2 (default for orf B-1) "i8.8.8.952 —13.00.1 2297856 1000? > 172.16.17.024 0.0.00 0 32768? vous £9 ww sas by sthantne coe main out nes S02 Sear cauSrutoe spel anal apts as tags erocoee GEDWERK rave 10>i172.16.38.024 13.0.0.1 0 100 07 Rie R3#tsh ip bgp vpne4 vrf B-2 BGP table version is 61, local router ID is 13.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, + RIB-failure, § Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:2 (default for orf B-2) 77772 11001 65 100 0? (888.962 172.16.388 2297856 32768? "Si172.16.17.024 1.0.0.1 0 100 0? > 172.16.38.024 0.0.00 0 32768? R3#tsh ip bgp vpued orf A-2 BGP table version is 61, local rowter 1D is 13.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, + RIB-failure, S Stale Origin codes: i- IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for orf A-2) ">i172.16.15.024 1.0.0.1 0 100 0: * 172.1636.024 172.16.36.6 0 0.56005 > 0.0.0.0 0 32768: TASK: + Configure RI/R3 to exchange all routes between both Customer A & B sites. Ri (config)tip vrf A-1 Ri (config-orf)#route-target import 500:2 Ri (config-orf)texit Ri(config)tip vrf B-1 Ri (config-orf)#route-target import 500:1 Ri(config-orp#exit R3(config)ip vof A-2 R3(config-orf)#route-target import 500:2 R3(config-orptexit R3(configh#ip orf B-2 vous £9 ww sas by sthantne coe main out nes S02 Sear cauSrutoe spel anal apts as tags erocoee GEDWERK rave 105R3(config-orp #route-target import 500:1 R3(config-orp)Hexit R3#tsh ip bgp vpne4 vrf B-2 BGP table version is 71, local router ID is 13.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, 1 RIB-failure, S Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 5002 (default for vrf B-2) 1555582 1100.1 = 0 100 0.5600i "> 666.682 172.16366 = 0 0.56001 "177.7782 1.00.1 65 100 0? "> 8.88982 172.1638.8 2297856 32768? ">1172.16.15.024 11.0.1 0 100 0% ">i172.16.17.024 11.0.1 0 100 0? "> 172.16.36.024 0.0.00 0 32768: > 172.16.38.024 0.0.00 0 32768? R3#sh ip bgp vpuod vrf A-2 BGP table version is 71, local router ID is 13.0.3.1 Status codes: s suppressed, d damped, h history, * valid > best, i- internal, 1 RIB-failure, § Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network NextHop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for orf A-2) "5.55582 1100.1 0 100 05600i > 6.6.6.632 — 172.16.36.6 0 056001 (777782 11001 65 100 0? "> 88.8502 172.1638.8 2297856 32768? >i172.16.15.024 11.001 0 100 01 “>i172.16.17.024 11.001 0 100 0? * 1721636024 172.16.36.6 o 05600 > 0.0.00 0 32768: > 172.16.38.024 0.0.00 0 32768? R1 Ash ip bgp vpne4 orf A-1 BGP table version is 59, local router ID is 11.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, 1 RIB-failure, § Stale Origin codes: i- IGP, e- EGP, ? - incomplete vous £9 ww sas by sthantne coe main out nes S02 Sear cauSrutoe spel anal apts as tags erocoee Wetwerk Page 106Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for orf A-1) "555532 172.16.155 0 05600i ">16.6.6.682 13.0.0.1 0 100 05600: ‘7277/2 17216177 65 32768? 1888982 1300.1 2297856 100 0? * 172.16.15.024 172.16.155 0 056004 > 0.00.0 0 327681 > 172.16.17.024 0.0.00 0 32768? ">i172.16.36.024 13.001 0 100 01 ">i172.16.38.024 13.00.1 0 100 0? Rittsh ip bgp vpno4 orf Bel BGP table version is 59, local router 1D is 11.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, + RIB-failure, S Stale Origin codes: i- IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:2 (default for vrf B-1) *555582 17216155 0 056004 16.66.6352 13001 0 100 0.56004 "777782 1721617.7 65 32768? ">i8.8.8.882 1300.1 2297856 100 0? > 172.16.15.024 0.0.00 0 327681 "> 1172.16.17. 0 32768? >i172.16.36.024 13.001 0 100 01 ">i172.16.38.024 13.001 0 100 0? R5ttsh ip route bgp 6.0.0.0/32 is subnetted, 1 subnets B 6.6.66 (20 vie 172.16.15.1, 00:09:13 172.16.0.0/24 is subnetted, 4 subnets B 172.16.36.0 (20/0) via 172.16.15.1, 00:09:13 B 172.16.38.0 (20/0) via 172.16.15.1, 00:01:53 B 172.16.17.0 [20/0] via 172.16. 7.0.0.0/32 is subnetted, 1 subnets 8.0.0.0/32 is submetted, 1 subnets R7Ash ip route ospf 5.0.0.0/32 is submetted, 1 subnets 6.0.0.0/32 is submetted, 1 subnets sos £3 mv wosthok hy sitanta Gon Hosni cone cn, 1808 a ae ea REWORK rage 207OE2 6.6.6. [110/1] via 172.16.17-1, 00:02:10, Serialt/2 172.16.0.0/24 is subnetted, 4 subnets OE2 172,16.36.0 [110/1] via 172.16.17.1, 00:02:10, Seriall/2 QE2 172.16.38.0 [110/1] via 172.16.17.1, 03:01:30, Seriall/2 OE2 172.16.15.0 [10/1] via 172.16.17.1, 004 8.0.0.0/32 is submetted, 1 subnets QE2 8.8.8.8 [110/2297856] via 172.16.17.1, 03:01:30, Serial/2 10, Serial /2 TASK: + Add two new loopback interfaces on R5 using IP loopback 10 - 5. ‘© Advertise them in to BGP 5.10.5/32, loopback 11 - 5.5.11.5/32 Ensure that R1 should exchange these two above loopback interfaces with only sites of Customer A(A- V/A-2) and not be seen on any site of Customer B R5(config)# int loop 10 R5(config-iP# ip address 5.5.10.5 255.255.255.255 R5(config-ipexit R5(config)#int loop 11 R5(config-f# ip address 5.5.11.5 255.255.255.255 R5(config-ipRexit R5(config)#router bgp 5600 R5(config-router)#network 5.5.10.5 mask 255.255.255.255 R5(config-router)#network 5.5.1.5 mask 255.255.255.255 R5(config-router)itend Ri Ash ip bgp vpme4 vrf Al BGP table version is 61, local router ID is 11.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, + RIB-failure, S Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:1 (defilt for orf A-1) 5555/82 172.16.155 = 0 0.56004 (> 55.10582 17216155 = 0 0.56001 ">16.6.6.6/32 13.0.0.1 0 100 056001 7777/32 172.16.17.7 65 32768? *>18.8.8.8/32 13.0.0.1 (2297856 100 0? * 172.16.15.0/24 172.16.15.5 0 0.5600 i > 0.0.0.0 0 32768: "> 172.16.17.024 0.0.0.0 0 32768? reget a reg pre ep a AN>i172.16.38.024 13.0.0.1 0 10 07 RI#sh ip bgp vpne4 orf B-1 BGP table version is 63, local router ID is 11.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, 1 RIB-failure, $ Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:2 (default for orf B-1) (91555582 1172.1655) i) 10H) 560% 5510582 17216155 0 056001 "> 5S.MSB2 — 172.16.155 0 05600i ">16.6.6.682 13.0.0.1 0 100 056001 "> 7777/2 7216177 65 «32768? ">i8.8.8.8/82 1300.1 2297856 100 0? 615.024 0.0.0.0 0 32768 "> 172.16.17024 0.00.0 0 32768? "3i172.16.36.024 13.001 0 10 03 ">i172.16.38.024 13.0.0.1 0 100 07 R3#sh ip bgp oped orf A-2 BGP table version is 77, local router ID is 13.03.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, 1 RIB-failure, § Stale Origin codes: i- IGP, e - EGP, ? - incomplete Network NextHop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for orf A-2) (B55502 1100.1 0 100 0.5600: (5.10582 11001 0 100 05600: 55.1152 11.0.1 0 100 05600i "> 6.6.6.632 — 172.16.36.6 0 05600 ‘777.782 1.0.0.1 65 100 0? "> 888.882 172.16388 2297856 32768? >i172.16.15.024 11.001 0 100 0% i172.16.17.024 11.0.0. 0 100 0? * 172,1636.024 172.16.36.6 0 056008 > 0000 0 32768: > 172.16.38.024 0.000 0 32768? R3#tsh ip bgp vpme4 orf B-2 BGP table version is 77, local router 1D is 13.03.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, + RIB failure, § Stale vous £9 ww sas by sthantne coe main out nes S02 Sear cauSrutoe spel anal apts as tags erocoee Wetwerk Page 109Origin codes: i- IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:2 (default for vrf B-2) ‘BSMSA2 11.001 0 100 056001 "> 6.6.6.6/32 172.16.36.6 0 0.5600 i >i7.7.77/32 1.0.0.1 65 100 0? "> 8888/32 17216388 2297856 32768? ">i172.16.15.024 11.0.0.1 0 100 oi ">i172.16.17.024 1.0.0.1 0 10 07 > 172.16.36.024 0.0.0.0 0 32768% "> 172.16.38.024 0.0.0.0 0 32768? By default all the routers from RS (including new Loopback interfaces) get advertised to R1 orf A-1 and then advertised to all sites of Customer A & B based on default import /export values. Rifsh run | s orf iporfAt route-target import 500:1 route-target import 500:2 ip orf B-1 rd 500:2 route-target export 500:2 route-target import 500:2 R3#tsh run | s orf ip of A2 rd 50:1 route-target import 500:1 route-target import 500:2 ip orf B2 rd 5002 route-target export 500:2 route-target import 500:2 ‘© As per the task these tavo new loopbacks should get advertised only between Customer A (A-1, B-1) only. sos £3 mv wosthok hy sitanta Gon Hosni cone cn, 1808 a ae ea REWORK rage 120To make that possible we need to adveritse these two new loopback interfaces with new RT value (using Exportmaps). Ri (config)itip prefix-list CCIE seq 5 permit 5.5.10.5/32 Ri (config)ttip prefix-list CCIE seq 10 permit 5.5.11.5/32 Ri (configh#route-map CCIE permit 10 Ri (config-route-map)#match ip address prefix-list CCIE Ri (config-route-map set extcommunity rt 5:5 Ri (config-route-map)exit Ri (config)#route-map CCIE permit 20 Ri (config-route-map)exit R1(config)#ip orf A-1 Ri (config-orf)#export map CCIE Ri (config-orf)tend Riftclear ip bgp * vpuo4 unicast R1fsh ip bgp vpned vrf A-1 BGP table version is 29, local router ID is 11.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, + RIB-failure, $ Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for orf A-1) "55.582 172.16.155 0 0.5600 i ">i6.6.6.682 13.0.0. 0 100 05600: "> 72.77/82 172.16.17.7 65 32768? "18.88.9832 13.001 2297856 100 0? "> 172.16.15.024 0.0.0.0 0 32768% * 172.16.15.5 0 05600 i > 172.16.17.024 0.0.0.0 0 32768? ">i172.1636.024 13.0.0.1 0 100 oF ">i172.16.38.024 13.0.0.1 0 10 oF Rittsh ip bgp vpno4 orf Bel BGP table version is 29, local router ID is 11.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, + RIB-failure, § Stale Origin codes: i- IGP, e- EGP, ? - incomplete sos £3 mv wosthok hy sitanta Gon Hosni cone cn, 1808 a ae ea REWORK rage ustNetwork Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:2 (default for vrf B-1) "55.5732 17216155 0 056004 16.6.6.6/32 — 13.0.0.1 0 100 05600: "> 7.7.7.7/82 1721617.7 65 32768? "18.8.8.8382 — 13.0.0.1 2297856 100 0? 0/24 0.0.0.0 oO 32768 i > 172.16.17.024 0.0.0.0 oO 32768? i172.16.36.024 13.001 0 100 i *3i172.16.38.0/24 13.0.0.1 0 100 0? R3Ash ip bgp vpne4 vrf B-2 BGP table version is 165, local router ID is 13.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, + RIB-failure, S Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network NextHop Metric LocPrf Weight Path Route Distinguisher: 500:2 (default for orf B- (P8552 11.001 0 100 0.5600i "> 6.6.6.632 — 172.16.36.6 0 056001 "17.72.7782 1100.1 65 100 0? "> 8.8.8.932 172.1638.8 2297856 32768? ">1172.16.15.024 11.0.1 0 100 0% ">i172.16.17.024 11.00.1 0 100 0? > 172.16.36.024 0.0.00 0 32768: "> 172.16.38.024 0.0.0.0 0 32768? R3#tsh ip bgp vpo4 orf A-2 BGP table version is 165, local router ID is 13.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, 1 RIB-failure, § Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network — NextHop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for orf A- “15.55.32 11.001 0 100 0.5600 "> 6.6.6.6/32 172,16.36.6 0 5600 i Srzzyet 1100165 100 0? "> 8.8.8.8/32 172.16.38.8 2297856 32768? *">i172.16.15.024 11.0.0.1 0 100 Oi Siimtetons 110010 100? * 172.16.36.0/24 172.16.36.6 0 0.5600 i mane pees eammerce oct CVG. tigancas> 172.16.38.024 0.0.0.0 0 32768? R3(configh#ip orf A-2 R3(config-vrf)#route-target TPOFESS R3(config-orf)#exit R3(confightend R3#sh ip bgp vpnod vrf A-2 BGP table version is 169, local router ID is 13.0.3.1 Status codes: s suppressed, d dantped, h history, * valid, > best, i internal, + RIB-failure, S Stale Origin codes: i- IGP, e- EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for orf A-2) "1555582 1.00.1 0 100 05600: “155.1032 11.001 0100 05600 Si55ILSS2 1100.1 0 100 05600 "> 6.66.62 172.16.36.6 0 0.56001 ‘1777782 1100.1 65 100 0? "> 888882 172.1638.8 2297856 32768? >i172.16.15.024 1.0.0.1 0 100 01 ">i172.16.17.024 11.0.1 0 100 0? * 1721636024 172.16.36.6 0 0.5600 > 0.9.0.0 0 32768 "> 172.16.38.024 0.0.0.0 0 32768? R3#tsh ip bgp vpned vrf B-2 BGP table version is 169, local router ID is 13.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, + RIB failure, S Stale Origin codes: i IGP, ¢ - EGP, ?- incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500.2 (default for orf B-2) "555.582 11.0.0.1 0 100 05600: "> 6.6.6.6/32 — 172.16.36.6 oO 0.5600 i “i7.7.7.7/82— 1.0.0.1 65 100 0? > 888932 17216388 2297856 32768? >i172.16.15.024 11.00.1 0 100 01 i172.16.17.024 11.001 0 100 0? > 172.16.36.024 0.0.0.0 0 32768 i "> 172.16.38.0224 0.0.0.0 oO 32768? Sai cabana asl ge pa GSOLEI= BOUTALT cigs Genccras Getwerk Page 113