Professional Documents
Culture Documents
LTRARC-2002 Introduction To IOS-XR Lab Guide: Speakers: Brad Edgeworth Ramiro Garza Rios Rajesh Patki
LTRARC-2002 Introduction To IOS-XR Lab Guide: Speakers: Brad Edgeworth Ramiro Garza Rios Rajesh Patki
Speakers:
Brad Edgeworth
Ramiro Garza Rios
Rajesh Patki
1|Page
2|Page
A q
g0
/1
/2
g0
g0
/2
g0
/1
10
4
24
10
2
0
.0/
/
.6
0.6
.0
4.
4.2
.11
4
2
.1.
2.
64
0. 6
0/
0
0.
/2 4
24
10
10
g0/0/0/2 g0/0/0/3 g0/0/0/3 g0/0/0/2
L3VPN
24 0/ 17
L3VPN
MPLS
0/ 0
MPLS
.0/ g0 0/ 10 0/
0/ 2.1
6.1 1 .1 2 4 6 .2.
2.1 3. AS 100 0/ g
0/2
17 1. . 1. 4
0/ 23
24
1 0.
2 0
/1.
g0 g0
/1.
g0 20
/1 /2
OSPF g0 OSPF
RR-1
Host Loopback IP
XR1 192.168.1.1
XR2 192.168.2.2
RR-1 192.168.100.100
The lab is hosted by Cisco’s dCloud environment that provides training, labs, and demonstrations
for almost any Cisco technology for Cisco customers. More information can be found at
http://dcloud.cisco.com or on Twitter @ciscodcloud
This lab is only available to attendees of this CiscoLive class.
Your instructor will provide you with your username and credentials that are unique to your
pod. After authenticating, please click on ‘Ok’ to finalize the VPN connection to Dcloud.
2. Initiate a remote desktop session to the Dcloud workstation 198.18.133.36. Click on the
start button and type in mstsc /v:198.18.133.36
You will be prompted for user credentials. Use the username: WKST1\demo and the
password: C1sco12345
Task Objective:
Username: cisco
Password: cisco
show route
Show the running configuration but including only ‘ipv4’ addresses and the interface names. By
executing the command
Unlike IOS, IOS-XR support true Boolean filtering, and as can be seen in the output above,
multiple arguments require them to be surrounded by quotation marks.
IOS-XR also provides other parsing utilities as illustrated in the output below
config t
hostname CiscoLive_2019
commit
end
RP/0/0/CPU0:XR1# config t
RP/0/0/CPU0:XR1(config)# hostname CiscoLive_2019
RP/0/0/CPU0:XR1(config)# commit
RP/0/0/CPU0:Jan 23 13:22:59.959 : config[65740]: %MGBL-CONFIG-6-DB_COMMIT : Configuration
committed by user 'cisco'. Use 'show configuration commit changes 1000000001' to view the
changes.
RP/0/0/CPU0:CiscoLive_2019(config)# end
RP/0/0/CPU0:CiscoLive_2019#
We’ve highlighted the hostname before (XR1) and after the change (CiscoLive_2019) along with
the change-id (1000000001).
RP/0/0/CPU0:XR1#
conf
commit replace
y
do show run
The commit replace function will replace the running configuration with the target configuration
specified. In this example, nothing is configured in the target configuration, so this erases the
running-configuration. In other words, this is the equivalent to the command write erase in IOS
RP/0/0/CPU0:XR1# conf
Wed Jan 23 13:37:59.367 UTC
RP/0/0/CPU0:XR1(config)# commit replace
This commit will replace or remove the entire running configuration. This
operation can be service affecting.
Do you wish to proceed? [no]: y
This will bring us back to the state before the last change.
IOS-XR is a hierarchical OS. At times, you may be in one configuration submode (i.e. OSPF),
and need to change to another configuration submode (i.e. configuring an IP address). This will
result in an error because you do not leave the original sub-configuration, and commands will be
entered under the wrong sub-configuration.
conf
router ospf 100
area 0
int lo0
int gi0/0/0/4
ipv4 address 1.1.1.1 255.255.255.255
RP/0/0/CPU0:XR1# conf
Wed Jan 23 14:30:48.640 UTC
RP/0/0/CPU0:XR1(config)# router ospf 100
RP/0/0/CPU0:XR1(config-ospf)# area 0
RP/0/0/CPU0:XR1(config-ospf-ar)# int lo0
RP/0/0/CPU0:XR1(config-ospf-ar-if)# int gi0/0/0/4
RP/0/0/CPU0:XR1(config-ospf-ar-if)# ipv4 address 1.1.1.1 255.255.255.255
^
% Invalid input detected at '^' marker.
RP/0/0/CPU0:XR1(config-ospf-ar-if)#
RP/0/0/CPU0:XR1(config-ospf-ar-if)# pwd
14:34:01.147 UTC
router ospf 100
area 0
interface GigabitEthernet0/0/0/4
RP/0/0/CPU0:XR1(config-ospf-ar-if)#
Now let’s use the root command to take us to the root configuration prompt, and then change the
IP address.
root
int gi0/0/0/4
ipv4 address 1.1.1.1 255.255.255.255
RP/0/0/CPU0:XR1(config-ospf-ar-if)# root
RP/0/0/CPU0:XR1(config)#int gi0/0/0/4
RP/0/0/CPU0:XR1(config-if)#ipv4 address 1.1.1.1 255.255.255.255
RP/0/0/CPU0:XR1(config-if)#
Step 14. Using the exit command instead of the root command
The alternative to the root command is to keep typing the command exit over, and over again,
etc.
Enter the following commands to see the error again
router ospf 100
area 0
int lo0
int gi0/0/0/4
ipv4 address 1.1.1.1 255.255.255.255
exit
exit
exit
int gi0/0/0/4
ipv4 address 1.1.1.1 255.255.255.255
RP/0/0/CPU0:XR1(config-ospf-ar-if)# exit
RP/0/0/CPU0:XR1(config-ospf-ar)# exit
RP/0/0/CPU0:XR1(config-ospf)# exit
RP/0/0/CPU0:XR1(config)# int gi0/0/0/4
RP/0/0/CPU0:XR1(config-if)# ipv4 address 1.1.1.1 255.255.255.255
RP/0/0/CPU0:XR1(config-if)#
As you can see from the previous steps, using the root command is a lot quicker to get back to
the main configuration prompt than entering the exit commands multiple times.
The changes we made to test the pwd and root commands were not committed. To get back to
the exec prompt there are two options, entering the exit command which requires a confirmation
or entering the abort command which doesn’t
To test exit:
exit
exit
no
To test abort:
conf
int g0/0/0/4
abort
Exit command
RP/0/0/CPU0:XR1(config-if)# exit
RP/0/0/CPU0:XR1(config)# exit
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: no
RP/0/0/CPU0:Jan 23 15:08:30.885 : config[65740]: %MGBL-SYS-5-CONFIG_I : Configured from
console by cisco
RP/0/0/CPU0:XR1#
Abort command
RP/0/0/CPU0:XR1#
RP/0/0/CPU0:XR1# conf
RP/0/0/CPU0:XR1(config)# int gi0/0/0/4
RP/0/0/CPU0:XR1(config-if)# abort
Step 16. Just as in IOS, IOS XR supports usage of the do command, which allows you to
execute commands under configuration mode.
RP/0/0/CPU0:XR1# conf
Wed Jan 23 15:16:23.093 UTC
RP/0/0/CPU0:XR1(config)# do show ipv4 int br | i Lo
Loopback0 192.168.1.1 Up Up
RP/0/0/CPU0:XR1(config)#
Task Objective
On XR1
o Configure a static route for 100.64.22.0/24 that points to XR2’s IP Address 10.12.1.2
o Configure a static route for 100.96.2.0/24 with an AD of 200 that points to XR2’s IP
Address 10.12.1.2 as well
On XR2
o Configure a static route for 100.64.1.0/24 that points to XR1’s IP Address 10.12.1.1
o Configure a static route for 100.96.1.0/24 with an AD of 200 that points to XR1’s IP
Address 10.12.1.1 as well
Verify that XR1 can ping 100.64.22.254 (AS 1200 Router)
Verify that XR2 can ping 100.64.1.254 (AS 1100 Router)
Static routes are preconfigured on the AS1100 and AS1200 routers.
Step 1. Initialize the Static Router Process and choose the correct address-family
router static
address-family ipv4 unicast
router static
address-family ipv4 unicast
100.64.22.0/24 10.12.1.2
100.96.2.0/24 10.12.1.2 200
commit
end
router static
address-family ipv4 unicast
100.64.1.0/24 10.12.1.1
100.96.1.0/24 10.12.1.1 200
commit
end
Verify the static route configuration and functionality on XR1 and XR2 by executing the following
commands:
XR1
XR2
ping 100.64.1.254
Note: IOS-XR does not use “ip” or “ipv6” protocol differentiators before the protocols, unlike IOS.
XR1
RP/0/0/CPU0:XR1# show run router static
Wed Jan 23 15:59:42.475 UTC
router static
address-family ipv4 unicast
100.64.22.0/24 10.12.1.2
100.96.2.0/24 10.12.1.2 200
!
vrf Management
address-family ipv4 unicast
0.0.0.0/0 198.18.1.1
!
!
!
XR2
RP/0/0/CPU0:XR2# ping 100.64.1.254
Wed Jan 23 16:01:23.458 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.64.1.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms
RP/0/0/CPU0:XR2#
Task Objective:
Configure OSPF on XR1 and XR2.
Advertise only the Loopback 0, Gi0/0/0/0 and Gi0/0/0/1 interfaces into Area 0
OSPF Process-ID is 1, Area-ID is 0 and Router-ID will be the Loopback0 IPv4 address
Set all interface costs to 10 and set for ‘Area 0’ the network-type point-to-point
Change the cost to 100 for the link between XR1-to-RR-1 & link XR2-to-RR-1
Ensure end-to-end IP reachability exists via ICMP
OSPF is already configured on RR-1.
XR1
router ospf 1
router-id 192.168.1.1
XR2
router ospf 1
router-id 192.168.2.2
router ospf 1
cost 10
area 0
network point-to-point
interface Loopback0
interface GigabitEthernet0/0/0/0
interface GigabitEthernet0/0/0/1
cost 100
commit
end
Note: IOS-XR is hierarchical, setting the cost & network at the area level will cascade to the
members below it. Those settings can be overridden by setting an explicit value on a lower level
member as illustrated in the figure below.
Area 0 Area 0
Time = 10 sec (Inherited) Time = 10 sec (Inherited)
Interface Interface
Time = 10 sec (Inherited) Time = 10 sec (Inherited)
Interface Interface
Time = 10 sec (Inherited) Time = 10 sec (Inherited)
Area 1 Area 1
Time = 10 sec (Inherited) Time = 60 sec
Interface Interface
Time = 10 sec (Inherited) Time = 60 sec (Inherited)
Interface Interface
Time = 10 sec (Inherited) Time = 60 sec (Inherited)
* Indicates MADJ interface, (P) Indicates fast detect hold down state
RP/0/0/CPU0:XR1#
Traces are like running debug without taking up CPU resources. Traces are automatically
configured and running unlike debug features.
Note: The command show ospf trace adj 5 demonstrates how you can select the last <x>
number of traces you want to view
A q
g0
/1
/2
g0
g0
/2
g0
/1
10
4
24
10
0/2
0.
/
0.6
.0
64
.2.
11
.2
4
.64
.1.
4.
2 .0
.6
0/2
0
/2
0
10
10
4
4
XR1 XR2
g0
/0 /1
/ 0/ /0
10 /0
1 .1 24 g0
3. AS 100 0/
1. 1.
0/ 3.
24 .2
10
g0
/1 /2
g0
RR-1
Task Objective:
Create the BGP Process 100, and set the BGP Router-ID to match Loopback 0’s IP
Activate address-family ipv4 and advertise the Loopack 0 into BGP
Configure iBGP session on XR1 & XR2 to the AS 100 Route-Reflector RR-1
Source the connection from Loopback 0
Set the BGP session password to CISCO
Use only the IPv4 Address-Family, and set the next-hop-self parameter
The Route-Reflector is already configured
RR1 192.168.100.100
XR1
XR2
XR1
XR2
Step 3. Configure XR1 & XR2 with the BGP Peering to the Route-Reflector RR-1 for IPv4
Step 4. Example showing different methods in which to apply configuration to IOS-XR. There is
no need to type the commands in this step. If you decide to do so, please do not commit the
configuration. Use the abort command once you are done.
IOS-XR syntax does allow for some flexibility, which can speed up the process of entering a
configuration, but will not change the context of the configuration submode. The example below
shows two methods of entering the configuration; that result in the same configuration being
applied.
Building configuration...
!! IOS XR Configuration 0.0.0
router bgp 65500
neighbor 200.200.200.200
remote-as 65500
update-source Loopback0
address-family ipv4 unicast
OR
RP/0/0/CPU0:XR1(config)# router bgp 65500
RP/0/0/CPU0:XR1(config-bgp)# neighbor 200.200.200.200 remote-as 65500
RP/0/0/CPU0:XR1(config-bgp)# neighbor 200.200.200.200 update-source lo0
RP/0/0/CPU0:XR1(config-bgp)# neighbor 200.200.200.200 address-family ipv4 unicast
RP/0/0/CPU0:XR1(config-bgp-nbr-af)# show conf
Building configuration...
!! IOS XR Configuration 0.0.0
router bgp 65500
neighbor 200.200.200.200
remote-as 65500
update-source Loopback0
address-family ipv4 unicast
While the configuration is identical, the CLI prompt changed, which may affect future commands
that are entered. Please be aware of this behavior as you proceed through the lab.
Note: It may take ~30-60 seconds for the BGP session to establish in this lab.
Task Objective:
Configure BGP Neighbor Group
Delete the previous BGP neighbor peering with RR-1 192.168.100.100.
Establish a full mesh between XR1, XR2, and RR-1.
Reduce configuration by using a neighbor-group (AS100); and establish peerings with the
following settings:
o Source the connection from Loopback0
o Use password CISCO
o Use only the IPv4 Address-Family, and set the next-hop-self parameter
o RR-1 is pre-configured
RR 192.168.100.100
XR1 192.168.1.1
XR2 192.168.2.2
XR2
RP/0/0/CPU0:XR1#
IOS allows for configuration of peers with similar outbound policies through the use of ‘peer-
groups’. IOS-XR allows for the same capability with more flexibility through the use af-group,
session-group, and neighbor-groups.
A q
g0
/1
/2
g0
g0
/2
g0
/1
10
4
24
10
0/2
0.
/
0.6
.0
64
.2.
11
.2
4
.64
.1.
4.
2 .0
.6
0/2
0
/2
0
10
10
4
4
XR1 XR2
g0
/0 /1
/ 0/ /0
10 /0
1 .1 24 g0
3. AS 100 0/
1. 1.
0/ 3.
24 .2
10
g0
/1 /2
g0
RR-1
Task Objective:
Configure a BGP session using the BGP Peer & AS settings listed below.
Verify that routes are being exchanged.
Step 9. Configure eBGP Peering to the ISP router and validate the EBGP configuration and
connectivity
XR1
RP/0/0/CPU0:XR1# conf t
Wed Jan 23 17:50:17.160 UTC
RP/0/0/CPU0:XR1(config)# router bgp 100
RP/0/0/CPU0:XR1(config-bgp)# neighbor 100.64.1.1
RP/0/0/CPU0:XR1(config-bgp-nbr)# remote-as 1100
RP/0/0/CPU0:XR1(config-bgp-nbr)# address-family ipv4 unicast
RP/0/0/CPU0:XR1(config-bgp-nbr-af)# commit
Wed Jan 23 17:50:19.720 UTC
RP/0/0/CPU0:Jan 23 17:50:19.800 : config[65740]: %MGBL-CONFIG-6-DB_COMMIT : Configuration
committed by user 'cisco'. Use 'show configuration commit changes 1000000010' to view the
changes.
RP/0/0/CPU0:XR1(config-bgp-nbr-af)#
RP/0/0/CPU0:XR1(config-bgp-nbr-af)# end
RP/0/0/CPU0:Jan 23 17:51:56.004 : config[65740]: %MGBL-SYS-5-CONFIG_I : Configured from
console by cisco
RP/0/0/CPU0:XR1#
Notice the EBGP neighbor is up but there are a couple of syslogs indicating no IPv4 addresses
will be accepted or sent
XR1
Because a route-policy does not exist for an EBGP peer, all routes are dropped To/From that
peer.
Step 11. Correct the error by applying an inbound and an outbound policy to XR1 and XR2
XR1
route-policy PASS-ALL
pass
end-policy
route-policy PASS-ALL
pass
end-policy
XR1
XR2
XR2
RP/0/0/CPU0:XR2# show run router bgp
Wed Jan 23 18:43:07.913 UTC
router bgp 100
bgp router-id 192.168.2.2
address-family ipv4 unicast
network 192.168.2.2/32
!
neighbor-group AS100
remote-as 100
password encrypted 05282F3C0263
update-source Loopback0
address-family ipv4 unicast
next-hop-self
!
!
neighbor 100.64.2.1
remote-as 1200
address-family ipv4 unicast
route-policy PASS-ALL in
route-policy PASS-ALL out
!
!
neighbor 192.168.1.1
use neighbor-group AS100
!
neighbor 192.168.100.100
use neighbor-group AS100
!
!
RP/0/0/CPU0:XR2#
XR1
Task Objective:
Verify routes that are advertised to BGP Peer
On XR1, create an RPL named RFC1918 that drops routes to EBGP peers that match RFC
1918 space using an inline set matching 10.0.0.0/8; 172.16.0.0/12, or 192.168.0.0/16
ranges
On XR2, create an RPL named RFC1918 that drops routes to EBGP peers that match RFC
1918 space using a prefix set named PREFIX-SET-RFC1918 that matches 10.0.0.0/8;
172.16.0.0/12, or 192.168.0.0/16 ranges)
Verify RPLs
Apply RPL outbound to EBGP peers on XR1 and XR2, and verify outbound routes.
Step 1. Verify routes advertised by XR1 and XR2 to their BGP peers
XR1
XR2
Step 2. Create an inline set for RPL RFC1918 on XR1 and a prefix set for RPL RFC1918 on XR2.
Pay close attention to the difference between the two.
route-policy RFC1918
if destination in (10.0.0.0/8 ge 8, 172.16.0.0/12 ge 12, 192.168.0.0/16 ge 16) then
drop
endif
pass
end-policy
prefix-set PREFIX-SET-RFC1918
10.0.0.0/8 ge 8,
172.16.0.0/12 ge 12,
192.168.0.0/16 ge 16
end-set
!
route-policy RFC1918
if destination in PREFIX-SET-RFC1918 then
drop
endif
pass
end-policy
Remember inline set and prefix set are just two different ways of achieving the same end result
where PREFIX-SET is the recommended approach due to its modularity.
Compare the show bgp output to the output of the show bgp ipv4 unicast route-policy
RFC1918 command. The highlighted prefixes in the show bgp output are the ones that could be
filtered by the RPL policy.
Compare the show bgp output to the output of the show bgp ipv4 unicast route-policy
RFC1918 command. The highlighted prefixes in the show bgp output are the ones that could be
filtered by the RPL policy.
The inline keyword combines the RPL sets into the RPL when viewing it. The output below shows
both methods to find the prefixes that are being dropped by the prefix set configured on XR2.
Which one do you find simpler?
Method 1
RP/0/0/CPU0:XR2# show rpl route-policy RFC1918
Wed Jan 23 20:18:46.540 UTC
route-policy RFC1918
if destination in PREFIX-SET-RFC1918 then
route-policy RFC1918
if destination in (10.0.0.0/8 ge 8, 172.16.0.0/12 ge 12, 192.168.0.0/16 ge 16) then
drop
endif
pass
end-policy
!
RP/0/0/CPU0:XR2#
Step 6. Apply the RPL Outbound to EBGP Peers on XR1 and XR2
By doing this, the locally prefix on XR1 and XR2 will not be sent to the EBGP neighors
XR1
XR2
XR1
XR2
XR1
RP/0/0/CPU0:XR1# show run router bgp 100 neighbor 100.64.1.1
RP/0/0/CPU0:XR1#
XR2
RP/0/0/CPU0:XR2# show run router bgp 100 neighbor 100.64.2.1
Wed Jan 23 20:41:12.247 UTC
router bgp 100
neighbor 100.64.2.1
remote-as 1200
address-family ipv4 unicast
route-policy PASS-ALL in
route-policy RFC1918 out
!
!
!
XR1
XR2
XR1
RP/0/0/CPU0:XR1# show bgp ipv4 unicast
<output omitted>
XR2
RP/0/0/CPU0:XR2# show bgp ipv4 unicast
<output omitted>
XR1 is not advertising the following prefixes that are not part of RFC1918 for the following
reasons:
5.5.1.0/24 and 8.8.8.0/24 – they were directly learnt from the EBGP neighbor 100.64.1.1
XR2 is not advertising the following prefixes that are not part of RFC1918 for the following
reasons:
Task Objective:
Establish an EBGP session with the following devices: (Use the PASS-ALL RPL for
inbound/outbound)
XR1
XR2
XR1
RP/0/0/CPU0:XR1# show bgp ipv4 unicast
XR2
RP/0/0/CPU0:XR2# show bgp ipv4 unicast
Wed Jan 23 21:19:00.972 UTC
BGP router identifier 192.168.2.2, local AS number 100
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000000 RD version: 15
BGP main routing table version 15
BGP NSR Initial initsync version 5 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
Step 11. Create the RPL BAD-ASN on XR1 and XR2. There are two methods to match AS 123,
using regular expressions or XR’s ‘passess-through’ matching operation. You can pick either
method or mix and match them, they work the same way and you will see the same result. The
only difference is XR’s passess-through is more readable.
Execute the following commands to test the RPL and verify if it is filtering AS 123 before applying
it to the EBGP neighbor
XR1
RP/0/0/CPU0:XR1# show bgp ipv4 unicast route-policy BAD-ASN
<output omitted>
<output omitted>
XR2
RP/0/0/CPU0:XR2# show bgp ipv4 unicast route-policy BAD-ASN
<output omitted>
<output omitted>
Notice how in the RPL test command the AS 123 prefixes (highlited in yellow) are missing from
XR1 and XR2 as expected
XR1
XR2
XR1
XR2
XR1
RP/0/0/CPU0:XR1# show run router bgp 100 neighbor 100.64.1.1
Wed Jan 23 22:11:54.625 UTC
router bgp 100
neighbor 100.64.1.1
remote-as 1100
address-family ipv4 unicast
route-policy BAD-ASN in
route-policy RFC1918 out
!
!
!
RP/0/0/CPU0:XR1#
XR1
XR2
<output omitted>
XR1 is not advertising AS 123. XR2 should show also not be advertising AS 123
Task Objective:
XR1
mpls ldp
router-id 192.168.1.1
log neighbor
interface GigabitEthernet 0/0/0/0
interface GigabitEthernet 0/0/0/1
commit
end
XR2
mpls ldp
router-id 192.168.2.2
log neighbor
interface GigabitEthernet 0/0/0/0
interface GigabitEthernet 0/0/0/1
commit
end
MPLS OAM allows for Management and troubleshooting tools for MPLS switching which will be
used in this section to perform MPLS pings and traceroutes.
mpls oam
commit
end
LDP Parameters:
Role: Active
Protocol Version: 1
Router ID: 192.168.1.1
Null Label:
IPv4: Implicit
Session:
Hold time: 180 sec
Keepalive interval: 60 sec
Backoff: Initial:15 sec, Maximum:120 sec
Global MD5 password: Disabled
Discovery:
AFIs : IPv4
Routes : 10 prefixes
Bindings : 14 prefixes
Local : 10
Remote : 18
Neighbors : 2
Hello Adj : 2
Addresses : 5
Interfaces: 2 LDP configured
RP/0/0/CPU0:XR1#
This requires MPLS OAM on all routers in the path. We already enabled it on XR1 and XR2 and it
is preconfigured on all the P routers in the lab.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/20 ms
Just as with other protocols, LDP also has a tracing functionality for troubleshooting purposes.
To see all options available execute the command:
Task Objective:
XR1
vrf VPN_01
address-family ipv4 unicast
import route-target 100:1
export route-target 100:1
vrf VPN_02
address-family ipv4 unicast
import route-target 100:2
export route-target 100:2
interface Loopback100
interface GigabitEthernet0/0/0/4.10
vrf VPN_01
ipv4 address 192.168.1.254 255.255.255.0
encapsulation dot1q 10
interface Loopback101
vrf VPN_02
ipv4 address 172.16.10.1 255.255.255.0
interface GigabitEthernet0/0/0/4.20
vrf VPN_02
ipv4 address 172.16.1.254 255.255.255.0
encapsulation dot1q 20
interface GigabitEthernet0/0/0/4
no shutdown
commit
end
XR2
vrf VPN_01
address-family ipv4 unicast
import route-target 100:1
export route-target 100:1
vrf VPN_02
address-family ipv4 unicast
import route-target 100:2
export route-target 100:2
interface Loopback100
vrf VPN_01
ipv4 address 192.168.20.1 255.255.255.0
interface GigabitEthernet0/0/0/4.10
vrf VPN_01
ipv4 address 192.168.2.254 255.255.255.0
encapsulation dot1q 10
interface Loopback101
vrf VPN_02
ipv4 address 172.16.20.1 255.255.255.0
interface GigabitEthernet0/0/0/4
no shutdown
commit
end
To see all the VRFs (including the default (global)), the word ‘all’ can be used in the following
show commands
VRF: **nVSatellite
VRF: Management
VRF: VPN_01
VRF: VPN_02
In IOS XR, VRFs RD are configured under the BGP configuration. This is demonstrated later in
this lab
XR1
XR2
XR2
RP/0/0/CPU0:XR2# ping vrf VPN_01 192.168.2.1
Task Objective:
Initialize the VPNv4 Address Family
Establish a VPNv4 BGP session with the route-reflector 192.168.100.100 (RR-1)
Initialize the IPv4 Address family for both VRFs, and redistribute connected networks into it
Verify routes are exchanged between the nodes, and that connectivity from VRF Loopback
to VRF Loopback exists
Step 4. Create BGP 100 process, and configure BGP sessions to the RR-1
In IOS XR the VRF RDs are set under the BGP vrf configuration
The addres-family command initializes the VPNv4 Address family on the router
To see all the VRFs (including the default (global)), the word ‘all’ can be used in the following
show commands.
VRF: VPN_01
-----------
BGP VRF VPN_01, state: Active
BGP Route Distinguisher: 100:1
VRF ID: 0x60000004
BGP router identifier 192.168.1.1, local AS number 100
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000013 RD version: 17
BGP main routing table version 19
BGP NSR Initial initsync version 11 (Not Reached)
BGP NSR/ISSU Sync-Group versions 0/0
VRF: VPN_02
-----------
BGP VRF VPN_02, state: Active
BGP Route Distinguisher: 100:2
VRF ID: 0x60000005
BGP router identifier 192.168.1.1, local AS number 100
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000014 RD version: 19
BGP main routing table version 19
BGP NSR Initial initsync version 11 (Not Reached)
BGP NSR/ISSU Sync-Group versions 0/0
<output omitted>
VRF: VPN_01
VRF: VPN_02
XR1
RP/0/0/CPU0:XR1# ping vrf VPN_01 192.168.2.254
Thu Jan 24 00:20:23.487 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms
RP/0/0/CPU0:XR1#
XR2
RP/0/0/CPU0:XR2# ping vrf VPN_02 172.16.1.254
Thu Jan 24 00:20:32.956 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/7/19 ms
RP/0/0/CPU0:XR2#
Task Objective:
On XR1 and XR2 configure a BGP session on VRF VPN_01 as indicated in the table below
Verify that routes have been exchanged, and connectivity is successful across the core.
CE devices are preconfigured.
XR1
XR2
Notice the 192.168.100.0/24 and 192.168.200.0/24 routes have been added. Each route was
learned from a CE_Device. The Next-Hop IP address should help you identify which XR router the
route was learned from
XR1
XR2
XR2
RP/0/0/CPU0:XR2# ping vrf VPN_01 192.168.100.1
Thu Jan 24 03:54:23.207 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/9/19 ms
RP/0/0/CPU0:XR2#
Task Objective:
On XR1 and XR2 configure OSPF Process 100 for VRF VPN_02
Mutually redistribute routes between OSPF and BGP
Verify that routes have been exchanged, and connectivity is successful across the
core.
CE devices are already preconfigured.
We changed the OSPF process from what the global routing table is using (router ospf 1). It is
possible to use the same process number as the global table. We are just making it easier for you
to read
* Indicates MADJ interface, (P) Indicates fast detect hold down state
XR1
XR2
XR1
RP/0/0/CPU0:XR1# ping vrf VPN_02 172.16.200.1
Thu Jan 24 04:24:32.503 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.200.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/7/9 ms
RP/0/0/CPU0:XR1#
XR2
RP/0/0/CPU0:XR2# ping vrf VPN_02 172.16.100.1
Thu Jan 24 04:24:54.322 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.100.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 9/9/9 ms
RP/0/0/CPU0:XR2#
Task Objective:
Enable RSVP on all core interfaces; set the RSVP reservation to 10 Mbps
Enable MPLS TE on all core interfaces.
Configure MPLS TE to re-optimize after 60 seconds.
Configure OSPF (Area 0) for MPLS TE on XR1 and XR2.
RR-1 has been pre-configured
rsvp
interface GigabitEthernet0/0/0/0
bandwidth 10 Mbps
interface GigabitEthernet0/0/0/1
bandwidth 10 Mbps
commit
end
*: RDM: Default I/F B/W % : 75% [default] (max resv/bc0), 0% [default] (bc1)
mpls traffic-eng
interface GigabitEthernet0/0/0/0
interface GigabitEthernet0/0/0/1
reoptimize 60
commit
end
router ospf 1
area 0
mpls traffic-eng
mpls traffic-eng router-id Loopback0
commit
end
Task Objective:
On XR1, create interface Tunnel-TE 12 interface with a destination of 192.168.2.2
On XR2, create interface Tunnel-TE 21 interface with a destination of 192.168.1.1
On all TE tunnels, set the bandwidth to 2 Mbps, IPv4 Unumbered to Loopback 0, Path-
Option 10 with Dynamic
Verify the tunnels and that traffic is forwarded on the tunnels
Note: This section requires the section MPLS Traffic Engineering to be completed
XR1
interface tunnel-te12
bandwidth 2000
ipv4 unnumbered Loopback0
destination 192.168.2.2
path-option 10 dynamic
no shut
commit
end
XR2
interface tunnel-te21
bandwidth 2000
ipv4 unnumbered Loopback0
destination 192.168.1.1
path-option 10 dynamic
no shut
commit
end
XR1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/8/10 ms
XR2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/10 ms
Task Objective:
On XR1, create interface Tunnel-TE 132 with a destination of 192.168.2.2
On XR2, create interface Tunnel-TE 231 with a destination of 192.168.1.1
On all TE tunnels, set the bandwidth to 2 Mbps, IPv4 Unnumbered to Loopback 0, and explicit
path per the chart provided below
Verify the tunnels and that traffic is forwarded on the tunnels
Note: This section requires the section MPLS Traffic Engineering to be completed
XR1
XR2
XR1
interface tunnel-te132
bandwidth 2000
ipv4 unnumbered Loopback0
destination 192.168.2.2
path-option 10 explicit name XR1-XR2
no shut
commit
end
XR2
interface tunnel-te231
bandwidth 2000
ipv4 unnumbered Loopback0
destination 192.168.1.1
path-option 10 explicit name XR2-XR1
no shut
commit
end
XR1
XR2
path option 10, type explicit XR1-XR2 (Basis for Setup, path weight 101)
G-PID: 0x0800 (derived from egress interface properties)
Bandwidth Requested: 0 kbps CT0
Creation Time: Thu Jan 24 05:14:12 2019 (00:03:14 ago)
Config Parameters:
Bandwidth: 0 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff
Metric Type: TE (default)
Path Selection:
Tiebreaker: Min-fill (default)
Hop-limit: disabled
Cost-limit: disabled
Path-invalidation timeout: 45000 msec (default), Action: Tear (default)
AutoRoute: disabled LockDown: disabled Policy class: not set
Forward class: 0 (default)
Forwarding-Adjacency: disabled
Loadshare: 0 equal loadshares
Auto-bw: disabled
Fast Reroute: Disabled, Protection Desired: None
Path Protection: Not Enabled
BFD Fast Detection: Disabled
Reoptimization after affinity failure: Enabled
Soft Preemption: Disabled
History:
Tunnel has been up for: 00:03:13 (since Thu Jan 24 05:14:13 UTC 2019)
Current LSP:
Uptime: 00:03:13 (since Thu Jan 24 05:14:13 UTC 2019)
Reopt. LSP:
Last Failure:
LSP not signalled, identical to the [CURRENT] LSP
Date/Time: Thu Jan 24 05:14:25 UTC 2019 [00:03:01 ago]
path option 10, type explicit XR2-XR1 (Basis for Setup, path weight 101)
G-PID: 0x0800 (derived from egress interface properties)
Bandwidth Requested: 0 kbps CT0
Creation Time: Thu Jan 24 05:14:27 2019 (00:04:02 ago)
Config Parameters:
Bandwidth: 0 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff
Metric Type: TE (default)
Path Selection:
Tiebreaker: Min-fill (default)
Hop-limit: disabled
Cost-limit: disabled
Path-invalidation timeout: 45000 msec (default), Action: Tear (default)
AutoRoute: disabled LockDown: disabled Policy class: not set
Forward class: 0 (default)
Forwarding-Adjacency: disabled
Loadshare: 0 equal loadshares
Auto-bw: disabled
Fast Reroute: Disabled, Protection Desired: None
Path Protection: Not Enabled
BFD Fast Detection: Disabled
Reoptimization after affinity failure: Enabled
Soft Preemption: Disabled
History:
Tunnel has been up for: 00:04:02 (since Thu Jan 24 05:14:27 UTC 2019)
Current LSP:
Uptime: 00:04:02 (since Thu Jan 24 05:14:27 UTC 2019)
Reopt. LSP:
Last Failure:
LSP not signalled, identical to the [CURRENT] LSP
Date/Time: Thu Jan 24 05:14:31 UTC 2019 [00:03:58 ago]
XR1
RP/0/0/CPU0:XR1# ping mpls traffic-eng tunnel-te 132
Thu Jan 24 05:26:12.120 UTC
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/10 ms
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Task Objective:
XR1
prefix-set PREFIX-SET-RFC1918
10.0.0.0/8 ge 8,
172.16.0.0/12 ge 12,
192.168.0.0/16 ge 16
end-set
route-policy INBOUND
if destination in PREFIX-SET-RFC1918 then
drop
endif
if as-path originates-from '2828' exact and as-path neighbor-is '2000' exact then
set local-preference 2828
elseif as-path originates-from '7018' exact and as-path neighbor-is '1100' exact then
set local-preference 7018
endif
set local-preference 1000
end-policy
commit
Note: Prefix set PREFIX-SET-RFC1918 should already be configured on XR2 from the Basic
Route Policy Language Section, so there is no need to configure it again
route-policy INBOUND
if destination in PREFIX-SET-RFC1918 then
drop
endif
if as-path originates-from '2828' exact and as-path neighbor-is '2000' exact then
set local-preference 2828
elseif as-path originates-from '7018' exact and as-path neighbor-is '1100' exact then
set local-preference 7018
endif
set local-preference 1000
end-policy
commit
XR1
neighbor 100.64.1.1
address-family ipv4 unicast
route-policy INBOUND in
neighbor 100.64.11.1
address-family ipv4 unicast
route-policy INBOUND in
commit
end
XR2
neighbor 100.64.2.1
address-family ipv4 unicast
route-policy INBOUND in
neighbor 100.64.22.1
address-family ipv4 unicast
route-policy INBOUND in
Notice that the highlighted values have a local preference of 1000 when they should have either
7018 or 2828 for the local preference.
The reason that the local preference is set to 1000 is that once the local preference was set to
7018 or 2828 on the RPL; it was overwritten in the next step. Adding the keyword ‘DONE’ to the
RPL will stop processing further events as shown in the following step.
route-policy INBOUND
if destination in PREFIX-SET-RFC1918 then
drop
endif
if as-path originates-from '2828' exact and as-path neighbor-is '2000' exact then
set local-preference 2828
done
elseif as-path originates-from '7018' exact and as-path neighbor-is '1100' exact then
set local-preference 7018
done
endif
set local-preference 1000
end-policy
commit
end
Another option is to use an additional ‘else’ command so that other processing can continue if
desired. In our example, we wanted to emphasize that ‘done’ can be used to break out of the RPL
and keep it from executing any further actions.
route-policy INBOUND
if destination in PREFIX-SET-RFC1918 then
drop
endif
if as-path originates-from '2828' exact and as-path neighbor-is '2000' exact then
set local-preference 2828
elseif as-path originates-from '7018' exact and as-path neighbor-is '1100' exact then
set local-preference 7018
else
set local-preference 1000
endif
end-policy
commit
end
After correcting the mistake, the Local Preference was set correctly
Task Objective:
Modify the RPL INBOUND to achieve the following:
Apply the RFC1918 RPL to:
o Set the Local Preference to 109 on all routes originating from AS 109 received from AS
1200
o Set the Local Preference to 27343 on all routes originating from AS 27343 received
from AS 2000
Apply the PASS-ALL RPL as the last action
In this step, we will apply the RFC1918 RPL we configured at the beginning of this lab in the Basic
RPL Configuration section inside the INBOUND RPL and then we will use a show command to
see what this looks like behind the scenes
This is the original INBOUND RPL that is currently configured and we’ll replace the highlighted
section with the RFC1918 RPL which will achieve the same result
route-policy INBOUND
if destination in PREFIX-SET-RFC1918 then
drop
endif
if as-path originates-from '2828' exact and as-path neighbor-is '2000' exact then
set local-preference 2828
elseif as-path originates-from '7018' exact and as-path neighbor-is '1100' exact then
set local-preference 7018
else
set local-preference 1000
endif
end-policy
Execute the following commands to replace the section highlighted in yellow above with the
RFC1918 RPL
route-policy INBOUND
apply RFC1918
if as-path originates-from '109' exact and as-path neighbor-is '1200' exact then
set local-preference 109
done
Step 2. Verify what the INBOUND RPL looks like behind the scene
route-policy INBOUND
# apply RFC1918
if destination in (10.0.0.0/8 ge 8, 172.16.0.0/12 ge 12, 192.168.0.0/16 ge 16) then
drop
endif
pass
# end-apply RFC1918
if as-path exact-originates-from 109 and as-path exact-neighbor-is 1200 then
assign local-preference 109
done
elseif as-path exact-originates-from 27343 and as-path exact-neighbor-is 2000 then
assign local-preference 27343
done
endif
# apply PASS-ALL
pass
# end-apply PASS-ALL
end-policy
!
RP/0/0/CPU0:XR1#
Usage/Status count
--------------------------------------------------------------
Direct 1
Indirect 0
ACTIVE 1
INACTIVE 0
UNUSED 0
RP/0/0/CPU0:XR1#