Tuesday, January 31, 2012

MPLS VPN CONFIG

Config of MPLS VPNS
--------------------
In order to get routing information from one PE to another PE we encode the routing
information using a VPNv4ROUTE using MPBGP to transport

Multiprotocol BGP
------------------
RFC 4364 "BGP/MPLS IP Virtual Private Networks"
     - BGP define Address family id & sub address family id 128 as VPN-IPV4 (VPNV4)
     - 8 byte Route Distingusher (RD)
         - unique per vpn or peer vpn site
         - ASN:NN or IP address:NN
         - 4 byte IPV4 address
            - unique per vpn
            -Implies Globally unique routes

Controlling VPNV4 Routes
-------------------------
Route distingusher used solely to make route unique
New BGP extended community "Route Target" used to control what enters/exits the vrf table
Export route-target
     - what route will go from the vrf into BGP
Import route-target
     - what route will go from BGP into vrf
Allows granular control over what sites have what routes
Import map and export map allow control on per prefix basis
Configuring VPNV4
------------------
Uses address-family like vrf aware BGP
    - address-family vpnv4 unicast
Neighbors must be defined under the global BGP process then activated under VPNV4
Attributes are applied under address-family
    -next hop processing
    -send community
       - extended is required
    - Route Reflection
    -Route Map etc

When we configure vpv4 we first configure the neighbors under the router bgp process
for ipv4 then activate them under the address family vpnv4
if we do not want to route normal ipv4 just vpnv4 we can disable the ipv4 neighbor process
by
router bgp 200
no bgp default ipv4 unicast
or for singular neighbor
router bgp 200
address-family ipv4 unicast
no neighbor 10.0.0.4 activate

VPNV4 Route Target
--------------------
8 byte field per rfc 4360 BGP Extended Community Attribute
Format similar to router distingusher
   - ASN:NN or IP-Address:nn
VPNV4 speakers only accept vpnv4 routes with a route-target matching a local VRF import value
So if the PE does not have the vrf configured locally it will not accept any vpnv4 routes
for it 
- route reflection maybe you want to configure as an exception
to disable this
no bgp default route-target filter
This is on by default and desirable in most cases
VPNV4 routes can have more than one route target
Allows for complex VPN topologies
    - full mesh import + export same everywhere
    - HUB & Spoke - spokes import only spokes routes
    - Central Services- Multiple VPNs import routes from central server
    -Management VPNS- management loopback on ce routers can be exported into special mgt
      VPN
Ip vrf A
route-target export 1:1
route-target import 1:1
or we could if exporting and inporting the same
ip vrf A
route-target both 1:1



IPV6 VPNV6
-----------------

IPv4 aVpnv4 Commands
Ipv6 and VPNv6 Commands
Global Commands
Ip routing
Ipv6 unicat-routing
Ip cef
Ipv6 cef
Interface Specific Commands
Ip address

Ipv6 address

Ip vrf forwarding MPLSVPN
Vrf forwarding MPLSVPN
VRF Specific Commands
Ip vrf MPLSVPN
Rd 1:1
Route-target both 1:1
vrf definition ABC
 rd 1:1
 route-target export 1:1
 route-target import 1:1
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
router bgp 1
 address-family vpnv4
 exit-address-family
!
 address-family ipv4
 exit-address-family
!
address-family ipv4 vrf MPLSVPN
 exit-address-family
router bgp 1
 address-family vpnv6
 exit-address-family
!
 address-family ipv6
 exit-address-family
!
address-family ipv6 vrf MPLSVPN
 exit-address-family

Static Vrf Route
Ip route vrf MPLSVPN
ipv6 route vrf MPLSVPN /
Show vrf commands
Show ip vrf interface
Show vrf ipv6 interface
Show ip interface brief
Show ipv6 interface brief
Troubleshooting Command
Show ip bgp vpnv4 all summary
Show bgp vpnv4 all summary
Show ip bgp vpnv6 unicast all summary
Show bgp vpnv6 unicast all summary
Show bgp vpnv4 all
Show bgp vpnv6 unicast all
Show ip bgp vpnv4 vrf MPLSVPN
Show bgp vpnv6 unicast vrf MPLSVPN  
Show mpls forwarding-table vrf MPLSVPN detail
Show mpls forwarding-table vrf MPLSVPN detail
Show ip cef vrf MPLSVPN
Show ipv6 cef vrf MPLSVPN
Ping vrf MPLSVPN
Ping vrf MPLSVPN ipv6
Traceroute vrf MPLSVPN
Traceroute vrf MPLSVPN ipv6 



LAB
------




OK so we have got the core configured with mpls/ldp. We will complete the configuration
with bringing the vrf for eigrp rip and bgp into it.

There is a few steps to this so the first steps is we will create vrf and bringing up
the routing via each external site ce and the mpls network PE
so we will start on R4
First things first the route distingisher for
vrf a will be 110:10
vrf b will be 111:11
vrf d will be 112:12
R4
---
So on R4 we will create the relevant vrfs A,B,D
r4(config)#ip vrf A
r4(config-vrf)#rd 110:10
r4(config-vrf)#ip vrf B
r4(config-vrf)#rd 111:11
r4(config-vrf)#ip vrf D
r4(config-vrf)#rd 112:12
r4(config-vrf)#

We are assigning the link to sw4 to vrf A

r4(config)#int fa0/0.104
r4(config-subif)#ip vrf forwarding A
% Interface FastEthernet0/0.104 IP address 10.164.48.44 removed due to enabling VRF A
r4(config-subif)#ip address 10.164.48.44 255.255.255.0
r4(config-subif)#no shut
r4(config-subif)#exit
r4(config)#

Next we need to configure vrf aware so we use the address family ipv4 vrf A
then our normal rip commands SO this PE side

r4(config)#router rip
r4(config-router)#address-family ipv4 vrf A
r4(config-router-af)#network 10.0.0.0
r4(config-router-af)#no auto
r4(config-router-af)#version 2
r4(config-router-af)#
SO CE SIDE SW4
---------------
We just configure rip as normal

s4(config)#router rip
s4(config-router)#version 2
s4(config-router)#network 10.0.0.0
s4(config-router)#no auto

r4
---
we are recieving the rip route 2.4.4.4 so the rip relationship is working as normal
r4#sh ip route vrf A
Routing Table: A
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     2.0.0.0/32 is subnetted, 1 subnets
R       2.4.4.4 [120/1] via 10.164.48.4, 00:00:25, FastEthernet0/0.104
     10.0.0.0/24 is subnetted, 1 subnets
C       10.164.48.0 is directly connected, FastEthernet0/0.104
r4#

ok back on r4 we will bring up the VRF B connecting to the eigrp domain

so i will assign the vrf B
r4(config)#int fa0/0.49
r4(config-subif)#ip vrf forwarding B
% Interface FastEthernet0/0.49 IP address 10.229.254.4 removed due to enabling VRF B
r4(config-subif)#ip address 10.229.254.4 255.255.255.0
r4(config-subif)#no shut
r4(config-subif)#exit

r4(config)#router eigrp 20
r4(config-router)#address-family ipv4 vrf B
r4(config-router-af)#autonomous-system 10
r4(config-router-af)#network 10.229.254.0
r4(config-router-af)#no auto
r4(config-router-af)#

Sw3 CE SIDE
------------
s3(config)#router eigrp 10
s3(config-router)#network 10.229.254.0
s3(config-router)#no auto
s3(config-router)#network 2.3.3.3 0.0.0.0
s3(config-router)#

R4
--
r4#sh ip route vrf B
Routing Table: B
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     2.0.0.0/24 is subnetted, 1 subnets
D       2.3.3.0 [90/156160] via 10.229.254.3, 00:00:47, FastEthernet0/0.49
     10.0.0.0/24 is subnetted, 1 subnets
C       10.229.254.0 is directly connected, FastEthernet0/0.49
r4#

OK now we will configure vrf D
r4(config)#int fa0/0.192
r4(config-subif)#ip vrf forwarding D
% Interface FastEthernet0/0.192 IP address 172.25.13.4 removed due to enabling VRF D
r4(config-subif)#ip address 172.25.13.4 255.255.255.0
r4(config-subif)#exit
r4(config)#exit

r4(config)#no router bgp 200
r4(config)#router bgp 200
r4(config-router)#address-family ipv4 vrf D
r4(config-router-af)#neighbor 172.25.13.2 remote-as 254
r4(config-router-af)#neighbor 172.25.13.2 activate
r4(config-router-af)#neighbor 172.25.13.2 password cisco

CE side BB2
-----------
bb2#sh run | begin router bgp
router bgp 254
 bgp log-neighbor-changes
 network 11.2.2.2 mask 255.255.255.255
 neighbor 172.25.13.4 remote-as 200
 neighbor 172.25.13.4 password cisco

r4
---

r4#sh ip route vrf D
Routing Table: D
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     172.25.0.0/24 is subnetted, 1 subnets
C       172.25.13.0 is directly connected, FastEthernet0/0.192
     11.0.0.0/32 is subnetted, 1 subnets
B       11.2.2.2 [20/0] via 172.25.13.2, 00:01:04
r4#

Ok we will now move on to configuring the other PE's

r5
---
r5 only connects ip vrf A

r5(config)#ip vrf A
r5(config-vrf)#rd 110:10
r5(config-vrf)#exit
r5(config)#
r5(config)#int fa0/0.204
r5(config-subif)#ip vrf forwarding A
% Interface FastEthernet0/0.204 IP address 10.164.50.5 removed due to enabling VRF A
r5(config-subif)#ip address 10.164.50.5 255.255.255.0
r5(config-subif)#

r5(config)#router rip
r5(config-router)#address-family ipv4 vrf A
r5(config-router-af)#network 10.0.0.0
r5(config-router-af)#no auto
r5(config-router-af)#version 2
r5(config-router-af)#


BB3
----
bb3(config)#router rip
bb3(config-router)#network 10.0.0.0
bb3(config-router)#no auto
bb3(config-router)#version 2
bb3(config-router)#network 11.0.0.0

r5
---
r5#sh ip route vrf A
Routing Table: A
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     10.0.0.0/24 is subnetted, 1 subnets
C       10.164.50.0 is directly connected, FastEthernet0/0.204
     11.0.0.0/32 is subnetted, 1 subnets
R       11.3.3.3 [120/1] via 10.164.50.3, 00:00:12, FastEthernet0/0.204
r5#

Ok now onto R6
---------------
r6(config)#ip vrf B
r6(config-vrf)#rd 111:11
r6(config)#router eigrp 200
r6(config-router)#address-family ipv4 vrf B
r6(config-router-af)#autonomous-system 10
r6(config-router-af)#network 10.164.49.0
r6(config-router-af)#no auto
r6(config-router-af)#

r6(config)#int s0/0/0
r6(config-if)#ip vrf forwarding B
% Interface Serial0/0/0 IP address 10.164.49.6 removed due to enabling VRF B
r6(config-if)#ip address 10.164.49.6 255.255.255.0
r6(config-if)#

on BB1
------
bb1(config-if)#router eigrp 10
bb1(config-router)#network 11.1.1.1 0.0.0.0
bb1(config-router)#no auto
bb1(config-router)#network 10.164.49.0 0.0.0.255

r6
---
r6#sh ip route vrf B
Routing Table: B
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     10.0.0.0/24 is subnetted, 1 subnets
C       10.164.49.0 is directly connected, Serial0/0/0
     11.0.0.0/32 is subnetted, 1 subnets
D       11.1.1.1 [90/2297856] via 10.164.49.1, 00:00:47, Serial0/0/0

OK so each relevant PE is recieving the connected CE customers routes but we are not
exchange routes via the PE
So the next step is to configure vpn membership
we will label vrf A as 110:10
and vrf B as 111:11
vrf D as 112:12     we have done it the same as the route targe this not technically
required but is typically done
R6
---
r6(config)#ip vrf B
r6(config-vrf)#route-target ?
  ASN:nn or IP-address:nn  Target VPN Extended Community
  both                     Both import and export Target-VPN community
  export                   Export Target-VPN community
  import                   Import Target-VPN community
r6(config-vrf)#route-target both 111:11
r6(config-vrf)#

this basically on r6 we will export our routes with extended community of 110:10 also if we
recieve routes with community of 110:10 we will import them

r4
--
r4(config-vrf)#ip vrf A
r4(config-vrf)#route-targe both 110:10
r4(config)#ip vrf B
r4(config-vrf)#route-target both 111:11
r4(config-vrf)#ip vrf D
r4(config-vrf)#route-targe both 112:11
r4(config-vrf)#

r5
---

r5(config)#ip vrf A
r5(config-vrf)#route-target both 110:10
r5(config-vrf)#

So next step is to configure the core of the network with IBGP sessions between the PE
to transport the vpnv4 routes

R6
---


r6(config)#router bgp 200
r6(config-router)#neighbor 5.5.5.5 remote-as 200
r6(config-router)#neighbor 5.5.5.5 update-source lo0
r6(config-router)#neighbor 4.4.4.4 remote-as 200
r6(config-router)#neighbor 4.4.4.4 update-source lo0
r6(config-router)#
We are doing the config for the ibgp relationship we need the router to carry vpnv4 routes
not ipv4 so we will need activate the vpnv4 address family
still under router bgp 200
r6(config-router)#address-family vpnv4
r6(config-router-af)#neighbor 5.5.5.5 activate
r6(config-router-af)#neighbor 5.5.5.5 send-community both
r6(config-router-af)#neighbor 4.4.4.4 activate
r6(config-router-af)#neighbor 4.4.4.4 send-community both

the send community is for the route-targets both means we will send and recieve community
values
r5
---
r5(config)#router bgp 200
r5(config-router)#neighbor 4.4.4.4 remote-as 200
r5(config-router)#neighbor 4.4.4.4 update-source lo0
r5(config-router)#neighbor 6.6.6.6 remote-as 200
r5(config-router)#neighbor 6.6.6.6 update-source lo0
r5(config-router)#
*Feb  1 00:22:01.642: %BGP-5-ADJCHANGE: neighbor 6.6.6.6 Up
r5(config-router)#address-family vpnv4
r5(config-router-af)#neighbor 4.4.4.4 activate
r5(config-router-af)#neighbor 6.6.6.6 activate
r5(config-router-af)#neighbor
*Feb  1 00:22:37.782: %BGP-5-ADJCHANGE: neighbor 6.6.6.6 Down Address family activated4.4
*Feb  1 00:22:39.794: %BGP-5-ADJCHANGE: neighbor
r5(config-router-af)#neighbor 4.4.4.4 send-comm both
r5(config-router-af)#neighbor 6.6.6.6 send-comm both
r5(config-router-af)#

r4
---
r4(config)#router bgp 200
r4(config-router)#neighbor 5.5.5.5 remote-as 200
r4(config-router)#neighbor 5.5.5.5 update-source lo0
r4(config-router)#neighbor 6.6.6.6 remote-as 200
r4(config-router)#
*Feb  1 00:10:23.498: %BGP-5-ADJCHANGE: neighbor 5.5.5.5 Up
r4(config-router)#neighbor 6.6.6.6 update-s
*Feb  1 00:10:35.050: %BGP-5-ADJCHANGE: neighbor 6.6.6.6 Up ouce lo0
                                             ^
% Invalid input detected at '^' marker.
r4(config-router)#neighbor 6.6.6.6 update-source lo0
r4(config-router)#address-family vpnv4
r4(config-router-af)#neighbor 5.5.5.5 activate
r4(config-router-af)#neighbor 5
*Feb  1 00:11:05.154: %BGP-5-ADJCHANGE: neighbor 5.5.5.5 Down Address family activated
*Feb  1 00:11:06.902: %BGP-5-ADJCHANGE: neighbor 5
r4(config-router-af)#neighbor 6.6.6.6 activate
r4(config-router-af)#
*Feb  1 00:11:17.006: %BGP-5-ADJCHANGE: neighbor 6.6.6.6 Down Address family activated

OK so we have BGP configured between all PE's

The last step that we need to do is to redistribute  the routes from the vrf into bgp and
vice versa

r4
---
r4(config)#router bgp 200
r4(config-router)#address-family ipv4 vrf A
r4(config-router-af)#redistribute rip
r4(config-router-af)#

r4(config)#router bgp 200
r4(config-router)#address-family ipv4 vrf B
r4(config-router-af)#redistribute eigrp 1
%VRF specified does not match AS
r4(config-router-af)#redistribute eigrp 10
r4(config-router-af)#

r4#sh bgp vpnv4 unicast all
BGP table version is 14, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 110:10 (default for vrf A)
*> 2.4.4.4/32       10.164.48.4              1         32768 ?
*> 10.164.48.0/24   0.0.0.0                  0         32768 ?
Route Distinguisher: 111:11 (default for vrf B)
*> 2.3.3.0/24       10.229.254.3        156160         32768 ?
*> 10.229.254.0/24  0.0.0.0                  0         32768 ?
Route Distinguisher: 112:12 (default for vrf D)
*> 11.2.2.2/32      172.25.13.2              0             0 254 i
r4#

ok we are seeing the vpnv4 routes with there relevant rd
so 2.4.4.4 r4 loopback from eigrp now in bgp it has route distingusher of 110:10

OK i have checked r6 and i am not seeing the routes i forgot the following config on r4

r4(config)#router bgp 200
r4(config-router)#address-family vpnv4
r4(config-router-af)#neighbor 6.6.6.6 send-community both
r4(config-router-af)#neighbor 5.5.5.5 send-community both
r4(config-router-af)#


r6
---
r6#sh bgp vpnv4 unicast all
BGP table version is 5, local router ID is 6.6.6.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 111:11 (default for vrf B)
*>i2.3.3.0/24       4.4.4.4             156160    100      0 ?
*>i10.229.254.0/24  4.4.4.4                  0    100      0 ?
r6#

i am recieving the vpnv4 routes for vrf b

r6#sh ip route vrf B
Routing Table: B
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     2.0.0.0/24 is subnetted, 1 subnets
B       2.3.3.0 [200/156160] via 4.4.4.4, 00:01:59
     10.0.0.0/24 is subnetted, 2 subnets
B       10.229.254.0 [200/0] via 4.4.4.4, 00:01:59
C       10.164.49.0 is directly connected, Serial0/0/0
     11.0.0.0/32 is subnetted, 1 subnets
D       11.1.1.1 [90/2297856] via 10.164.49.1, 01:39:32, Serial0/0/0
r6#

they are in vrf b routing table but as BGP meaning as they are not eigrp they will not
advertise to the customer
i still need to redistribute them from bgp back into vrf b eigrp

r6(config)#router bgp 200
r6(config-router)#exit
r6(config)#router eigrp 200
r6(config-router)#address-family ipv4 vrf B
r6(config-router-af)#redistribute bgp 200 metric 100 100 100 100 100
r6(config-router-af)#

r6#sh ip route vrf B
Routing Table: B
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     2.0.0.0/24 is subnetted, 1 subnets
B       2.3.3.0 [200/156160] via 4.4.4.4, 00:01:59
     10.0.0.0/24 is subnetted, 2 subnets
B       10.229.254.0 [200/0] via 4.4.4.4, 00:01:59
C       10.164.49.0 is directly connected, Serial0/0/0
     11.0.0.0/32 is subnetted, 1 subnets
D       11.1.1.1 [90/2297856] via 10.164.49.1, 01:39:32, Serial0/0/0
r6#

still the same
r6#sh ip eigrp vrf B top
IP-EIGRP Topology Table for AS(10)/ID(6.6.6.6) Routing Table: B
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status
P 2.3.3.0/24, 1 successors, FD is 156160
        via VPNv4 Sourced (156160/0)
P 11.1.1.1/32, 1 successors, FD is 2297856
        via 10.164.49.1 (2297856/128256), Serial0/0/0
P 10.229.254.0/24, 1 successors, FD is 28160
        via VPNv4 Sourced (28160/0)
P 10.164.49.0/24, 1 successors, FD is 2169856
        via Connected, Serial0/0/0

ok this actually normal behaviour
The local EIGRP routes appear as native EIGRP routes in the VRF IP routing table; remote
EIGRP routes appear as BGP routes on the PE-router

when we go to BB1

BB1
----
bb1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     2.0.0.0/24 is subnetted, 1 subnets
D       2.3.3.0 [90/2300416] via 10.164.49.6, 00:10:05, Serial0
     10.0.0.0/24 is subnetted, 2 subnets
D       10.229.254.0 [90/2172416] via 10.164.49.6, 00:10:05, Serial0
C       10.164.49.0 is directly connected, Serial0
     11.0.0.0/32 is subnetted, 1 subnets
C       11.1.1.1 is directly connected, Loopback0
bb1#

the remote routes appear as EIGRP

Lets do it the other way now

r6
---
r6(config)#router bgp 200
r6(config-router)#address-family ipv4 vrf B
r6(config-router-af)#redistribute eigrp 1

r4
---
r4(config)#router eigrp 20
r4(config-router)#address-family ipv4 vrf B
r4(config-router-af)#redistribute bgp 200 metric 1 1 1 1 1
r4(config-router-af)#

r4#sh ip route vrf B
Routing Table: B
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     2.0.0.0/24 is subnetted, 1 subnets
D       2.3.3.0 [90/156160] via 10.229.254.3, 02:52:01, FastEthernet0/0.49
     10.0.0.0/24 is subnetted, 2 subnets
C       10.229.254.0 is directly connected, FastEthernet0/0.49
B       10.164.49.0 [200/0] via 6.6.6.6, 00:08:49
     11.0.0.0/32 is subnetted, 1 subnets
B       11.1.1.1 [200/2297856] via 6.6.6.6, 00:08:49
r4#

s3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     2.0.0.0/24 is subnetted, 1 subnets
C       2.3.3.0 is directly connected, Loopback0
     10.0.0.0/24 is subnetted, 2 subnets
C       10.229.254.0 is directly connected, Vlan49
D       10.164.49.0 [90/2170112] via 10.229.254.4, 00:01:12, Vlan49
     11.0.0.0/32 is subnetted, 1 subnets
D       11.1.1.1 [90/2298112] via 10.229.254.4, 00:01:12, Vlan49
s3#

s3#ping 11.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 67/68/76 ms
s3#

r4
---

it is interesting to note we do not need to redistribute bgp into bgp

r4#sh bgp vpnv4 unicast vrf D
BGP table version is 18, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 112:12 (default for vrf D)
*> 11.2.2.2/32      172.25.13.2              0             0 254 i

for vrf a

Enter configuration commands, one per line.  End with CNTL/Z.
r4(config)#router rip
r4(config-router)#address-family ipv4 vrf A
r4(config-router-af)#redistribute bgp 200 metric transparent
r4(config-router-af)#exit
r4(config-router)#router bgp 200
r4(config-router)#address-family ipv4 vrf A
r4(config-router-af)#redistribute rip subn?
% Unrecognized command
r4(config-router-af)#redistribute rip
r4(config-router-af)#

r5
---

r5(config)#router bgp 200
r5(config-router)#address-family ipv4 vrf A
r5(config-router-af)#redistribute rip
r5(config-router-af)#exit
r5(config-router)#exit
r5(config)#router rip
r5(config-router)#address-family ipv4 vrf A
r5(config-router-af)#redistribute bgp 200 metric 2
r5(config-router-af)#exit
r5(config-router)#exit
r5(config)#exit

r5#sh ip route vrf A
Routing Table: A
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     2.0.0.0/32 is subnetted, 1 subnets
B       2.4.4.4 [200/1] via 4.4.4.4, 00:54:51
     10.0.0.0/24 is subnetted, 2 subnets
C       10.164.50.0 is directly connected, FastEthernet0/0.204
B       10.164.48.0 [200/0] via 4.4.4.4, 00:54:51
     11.0.0.0/32 is subnetted, 1 subnets
R       11.3.3.3 [120/1] via 10.164.50.3, 00:00:15, FastEthernet0/0.204
lets go to sw 4
s4
---
s4#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     2.0.0.0/32 is subnetted, 1 subnets
C       2.4.4.4 is directly connected, Loopback0
     155.0.0.0/24 is subnetted, 2 subnets
C       155.0.10.0 is directly connected, Vlan10
C       155.0.108.0 is directly connected, Port-channel2
     10.0.0.0/24 is subnetted, 2 subnets
R       10.164.50.0 [120/1] via 10.164.48.44, 00:00:12, Vlan104
C       10.164.48.0 is directly connected, Vlan104
     11.0.0.0/32 is subnetted, 1 subnets
R       11.3.3.3 [120/2] via 10.164.48.44, 00:00:12, Vlan104
s4#
we are getting the routes

s4#ping 11.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/5/9 ms
s4#






MPLS LAYER 3 VPNS

MPLS LAYER 3 VPNS
---------------------
Combines teh logic of mpls tunnels with seperation of layer 3 routing information
PE's learn customer routes from CE's
PE's advertise CE routes to other PE via BGP
BGP next hop point to mpls tunnels
 e.g loopback of PE routers
How MPLS L3VPN WORK
--------------------
MPLS L3VPN have 2 basic components
 - Seperation of customer routing information
    - Virtual Routing + Forwarding (VRF) instance
    - Customer have different "virtual" routing table
 - Exchange of customer routing information
   - MP-BGP over the mpls network
   - Traffic is label switched towards BGP next hop

Virtual ROuting & Forwarding
-----------------------------
Each VRF has it own routing table
   - show ip route vrf [name|*]
   - show ip route
VRF + global routes are seperate
   - implies address can overlap in different vrf's
   - implies vrf can't talk to each other because they have no routes to each other
VRF with out mpls is consider VRF lite

A route distingusher is an attribute that is assigned which keeps overlapping routes globally
unique in the mpls table

ip vrf a
rd 1:1
ip vrf b
rd 1:1
int fa0/0.49
ip vrf forwarding A
ip address 10.1.49.4 255.255.255.0
int fa0/0.103
ip vrf forwarding B
ip address 10.164.48.2 255.255.255.0

When we are troubleshooting we need to use vrf aware commands

Verification is now routing table specfic ping 1.2.3.4 this means 1.2.3.4 in the global
routing table
FOr a vrf table we need
ping vrf "id" 1.2.3.4
tracert vrf "id" 1.2.3.4
telnet vrf "id" 1.2.3.4

VRF Aware Routing
-----------------
Routing inside a vrf can be through
  - VRF aware static routes
  - VRF aware IGP's (ospf,rip,eigrp,ISIS
  - MP-BGP
  - Policy Routing

VRF LITE VS MPLS VPNS
----------------------
In vrf lite all devices in the transit must carry all routes
  - same as normal IP routing logic
In MPLS vpns only PE routers need customer routes
Accomplised through vpnv4 route
   - RD+Prefix makes VPN globally unique
MPLS VPN Label
   - PE routers exchange label for each customer route via VPNV4. (Which VRF the routes are for)
Transport Label
   - Label toward PE BGP next Hop (Which PE the route is coming from so when dataplane traffic is
                                   going over which PE should it go to)

Route Distingusher makes prefixes unique. So if we are recieving routes from both CUstomer
A and customer B They may be using overlapping routes like say 10.0.0.0/24 what is to
distingush customer a 10.0.0.0/24 from customer b. That is what the route distingusher sole
purpose is. We assign a unique route distingusher for each customer and this is prepended to
the prefix recieved making them globally unique
Router Target is another seperate attribute. It is a extended BGP community. This attribute
is use to define VPN membership.
For example customer A site 1 send in routes via EIGRP to the PE router. The PE router
assigns the relevant route distingusher and route-targer and redistributes into MUltiprotocl
BGP this then sent to other PE routers. The route target tells the other PE which vrf table
these recieved routes are for. SO they check this and then redistribute into relevant VRF.
LAB
---

OK we look at creating a few vrf on r1

ok so i have created vrf A
r1(config)#ip vrf A
r1(config-vrf)#rd 110:10
i will assign to int connected to fa0/0.16 link connecting to r6
r1(config-vrf)#int fa0/0.16
r1(config-subif)#ip vrf forwarding A
% Interface FastEthernet0/0.16 IP address 155.0.2.1 removed due to enabling VRF A
r1(config-subif)#ip a
*Mar  1 00:27:34.711: %OSPF-5-ADJCHG: Process 200, Nbr 6.6.6.6 on FastEthernet0/0.16 from FULL to DOWN, Neighbor Down: Interface down or deta
r1(config-subif)#ip address 155.0.2.1 255.255.255.0
r1(config-subif)#


r1#sh ip ro
*Mar  1 00:29:47.731: %SYS-5-CONFIG_I: Configured from console by consoleute
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
     155.0.0.0/24 is subnetted, 2 subnets
C       155.0.3.0 is directly connected, FastEthernet0/0.12
C       155.0.5.0 is directly connected, FastEthernet0/0.13

we notice the route 155.0.2.0 is no longer in the global routing table

it is in the vrf table

r1#sh ip route vrf A
Routing Table: A
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     155.0.0.0/24 is subnetted, 1 subnets
C       155.0.2.0 is directly connected, FastEthernet0/0.16


r1(config)#ip vrf B
r1(config-vrf)#rd 111:11
r1(config-vrf)#int fa0/0.13
r1(config-subif)#ip vrf forwarding B
% Interface FastEthernet0/0.13 IP address 155.0.5.1 removed due to enabling VRF B
r1(config-subif)#ip address 155.0.5.1 255.255.255.0
r1(config-subif)#exit
notice below 155.0.5.0 has been removed from the global routing table

r1#sh ip rou
*Mar  1 00:35:40.475: %SYS-5-CONFIG_I: Configured from console by consolete
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
     155.0.0.0/24 is subnetted, 1 subnets
C       155.0.3.0 is directly connected, FastEthernet0/0.12

if i try ping 155.0.5.1 which is directly connected interface
r1#ping 155.0.5.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 155.0.5.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
r1#

I need to view the vrf aware commands
r1#sh ip route vrf B
Routing Table: B
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     155.0.0.0/24 is subnetted, 1 subnets
C       155.0.5.0 is directly connected, FastEthernet0/0.13
r1#


r1#ping vrf B 155.0.5.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 155.0.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
r1#
r1#

The point is we are segregating the interfaces from each other


Monday, January 30, 2012

MPLS TUNNELS AND PHP

MPLS PENULTIMATE HOP POPPING (PHP)
----------------------------------
Penultimate means next to last
Normally last hop must
  - lookup mpls label
  - pop mpls label
  - lookup ipv4 destination
PHP avoids extra lookup on last hop
Accomplished via the implicit null label advertisement for connected prefixes
So the next to last takes the removes teh label and sends it to last hop minus label
You recieve implicit null labels for neighbors that are directly connected
MPLS Tunnels
------------
1 Large Advantage for MPLS is that it can enable "BGP Free Core"
P routers only need IGP information for internal SP routers
Routes outside the SP network can be label switched based on the BGP next-hop

If wee look at the process of bgp enviorment say in the below lab diagram
if s1 wanted to send packets to switch 2 loopback of 22.22.22.22
the process would be s1 would lookup 22.22.22.22 in routing and see it is next hop of r6
r6 would recieve packets lookup the next hop of 22.22.22.0 which would be r5 as it was
advertised in BGP via IBGP
r5 has next hop self on. SO r6 would recusive lookup the r5  address and it would say go to
r1 if r1 did not have a route to 22.22.22.0 the traffic would be black holed

With mpls the process would be as follows
s1 would do as above with route-lookup send to r6 would do a route-lookup and find next hop
of r5. Now  r5 would have mpls label associated so r6 would put the outgoing mpls label on
and send it out the outgoing interface towards
r1 would recieve the packet look at the mpls label and would have an outgoing mpls label it
would then forwad to r3
r3 would do the same and forward to r5 if php was enabled r3 would remove the label and
forward to r5. R5 would normal route lookup for 22.22.22.0 and send it to s2
the point being the only routers in the mpls network that needed the routes from external
peers where the edge routers once inside the internal mpls we are switching based on local
next so the internal peers just need reachability information for internal networks and next
hop where it can create labels in regard to them
MPLS Tunnel Problems
-----------------------
BGP next-hop values must be for loopback interface of remote PE
BGP next hop determines what label value should be used
Incorect next-hop value can result in traffic black hole in mpls network
   - Label is php one hop too soon as it is connected segemetn
LAB
-----

OK we will have a look penultimate hop popping. Currently the core network 1-6 is configured
with ospf and ldp enabled

r5
---
r5#sh mpls ldp neighbor
    Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 5.5.5.5:0
        TCP connection: 3.3.3.3.646 - 5.5.5.5.18064
        State: Oper; Msgs sent/rcvd: 46/46; Downstream
        Up time: 00:27:11
        LDP discovery sources:
          FastEthernet0/0.35, Src IP addr: 155.0.6.3
        Addresses bound to peer LDP Ident:
          155.0.5.3       155.0.4.3       155.0.6.3       3.3.3.3
r5#

we see that it see that it neighbor 3.3.3.3 r3 is directly connected to 155.0.4.3,155.0.6.3
and 3.3.3.3

r5#sh mpls for
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     16          1.1.1.1/32        0          Fa0/0.35   155.0.6.3
17     17          2.2.2.2/32        0          Fa0/0.35   155.0.6.3
18     18          155.0.3.0/24      0          Fa0/0.35   155.0.6.3
19     19          155.0.2.0/24      0          Fa0/0.35   155.0.6.3
20     20          155.0.7.0/24      0          Fa0/0.35   155.0.6.3
21     Pop tag     155.0.5.0/24      0          Fa0/0.35   155.0.6.3
22     Pop tag     155.0.4.0/24      0          Fa0/0.35   155.0.6.3
23     Pop tag     3.3.3.3/32        0          Fa0/0.35   155.0.6.3
24     21          4.4.4.4/32        0          Fa0/0.35   155.0.6.3
25     23          6.6.6.6/32        0          Fa0/0.35   155.0.6.3
r5#
we can see fr this  that if we recieve a packet with final destination of any of these
network we will remove the tag as we know it is directly connected to our neighbor so
 we remove the tag send it to our neighbor then our neighbor does not have to remove the tag
and do route lookup which it would typically have to do it will just recieve the packet
untagged and do route lookup saving on recursion

Ok we will take a quick look at the BGP free core as of MPLS on r4 i will connect to SW4
which will advertise a route of 2.4.4.4  i will do an IBGP relationship between r4 and r6
connects to s1 which should be able to ping 2.4.4.4.4

r4
---
first configuring EBGP relationship with sw4
r4(config)#router bgp 200
r4(config-router)#neighbor 10.164.48.4 remote-as 400

Configuring IBGP relation ship with r6
r4(config-router)#neighbor 6.6.6.6 remote-as 200
r4(config-router)#neighbor 6.6.6.6 next-hop-self
r4(config-router)#neighbor 6.6.6.6 update-source lo0


sw4
---
s4(config)#router bgp 400
s4(config-router)#neighbor 10.164.48.44 remote-as 200
s4(config-router)#network 2.4.4.4 mask 255.255.255.255

r6
--
r6(config)#router bgp 200
r6(config-router)#neighbor 4.4.4.4 remote-as 200
r6(config-router)#neighbor 4.4.4.4 update-source lo0
r6(config-router)#neighbor 4.4.4.4 next-hop-self
r6(config-router)#neighbor 172.25.15.1 remote-as 300

s1
--
s1(config)#router bgp 300
s1(config-router)#neighbor 172.25.15.6 remote-as 200
s1(config-router)#network 2.1.1.1 mask 255.255.255.255
s1(config-router)#exit
s1(config)#exit

s4#ping 2.1.1.1 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 2.4.4.4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms
s4#

Ok none of the routes in the transit path are running BGP r2 is not running BGP r1 is not
running BGP
Lets take a look at how it is pinging

r4
---
has an IBGP route for 2.1.1.1 with next hop of 6.6.6.6
r4#sh ip bgp
BGP table version is 3, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*>i2.1.1.1/32       6.6.6.6                  0    100      0 300 i
*> 2.4.4.4/32       10.164.48.4              0             0 400 i
r4#

it sends the traffic to 6.6.6.6 with a mpls tag of 20 sends it out fa0/0.24 which is the
interface to r2

r2
---
r2 recieves
r2#sh ip bgp
% BGP not active
it is not running BGP

r2#
r2#sh mpls forward
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     Pop tag     1.1.1.1/32        0          Fa0/0.12   155.0.3.1
17     Pop tag     155.0.2.0/24      0          Fa0/0.12   155.0.3.1
18     Pop tag     155.0.5.0/24      0          Fa0/0.12   155.0.3.1
       Pop tag     155.0.5.0/24      0          Fa0/0.23   155.0.4.3
19     Pop tag     4.4.4.4/32        7287       Fa0/0.24   155.0.7.4
20     20          6.6.6.6/32        4145       Fa0/0.12   155.0.3.1
21     Pop tag     155.0.6.0/24      0          Fa0/0.23   155.0.4.3
22     Pop tag     3.3.3.3/32        0          Fa0/0.23   155.0.4.3
23     22          5.5.5.5/32        0          Fa0/0.23   155.0.4.3
r2#

it is looking at the mpls label it recieved the label of 20 and it is sending it out with
label of 20 out fa0/0.12 which is  the link to r1
we are not routing on destination we are switching the traffic based on mpls label


r1
--
r1#sh ip bgp
% BGP not active
r1#sh mpls forwardi
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     Pop tag     2.2.2.2/32        0          Fa0/0.12   155.0.3.2
17     Pop tag     155.0.7.0/24      464        Fa0/0.12   155.0.3.2
18     Pop tag     155.0.4.0/24      0          Fa0/0.12   155.0.3.2
       Pop tag     155.0.4.0/24      0          Fa0/0.13   155.0.5.3
19     19          4.4.4.4/32        8820       Fa0/0.12   155.0.3.2
20     Pop tag     6.6.6.6/32        4300       Fa0/0.16   155.0.2.6
21     Pop tag     155.0.6.0/24      0          Fa0/0.13   155.0.5.3
22     Pop tag     3.3.3.3/32        0          Fa0/0.13   155.0.5.3
23     22          5.5.5.5/32        0          Fa0/0.13   155.0.5.3
r1#

r1 has no BGP active either it recieves a packet with label of 20 and it takes of the label
and sends it out the int fa0/0.16 connected to r6 it is php the label
as r6 is directly connected and it knows about 6.6.6.6 is directly connected to r6
r1#sh mpls ldp neig 6.6.6.6
    Peer LDP Ident: 6.6.6.6:0; Local LDP Ident 1.1.1.1:0
        TCP connection: 6.6.6.6.21310 - 1.1.1.1.646
        State: Oper; Msgs sent/rcvd: 125/128; Downstream
        Up time: 01:37:13
        LDP discovery sources:
          FastEthernet0/0.16, Src IP addr: 155.0.2.6
        Addresses bound to peer LDP Ident:
          155.0.2.6       6.6.6.6         172.25.15.6
r1#

r6
---
r6#sh ip bgp
BGP table version is 3, local router ID is 6.6.6.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*> 2.1.1.1/32       172.25.15.1              0             0 300 i
*>i2.4.4.4/32       4.4.4.4                  0    100      0 400 i
r6#

r6 recieves the non label packet with a destination of 2.1.1.1 it does a route lookup and
see it has bgp route to 2.1.1.1 and forwards to s1

The same process is done on return
So mpls is saving running bgp in the core of our network.

MPLS OVERVIEW


MPLS OVERVIEW
--------------
Multiprotocol Label Switching
Open Standard per RFC 3031
Previously Cisco Propetiary Tag Switching

MPLS OVERVIEW- Multiprotocol
------------------------------
Can transport different payloads
layer 2
 - ethernet,hdlc,ppp,frame-relay & ATM
layer 3
  - IPV4 & IPV6
Traffic is switched between interfaces based on locally significant label values
Similar to how frame-relay or ATM switch uses input/output DLCIS and VPI/VCIS

MPLS LABEL FORMAT
-----------------
4 byte header used to switch packets
20 bit label= local significant to rotuers
3 bit EXP = class off service
s bit = defines last label in label stack
8 bit ttl= time to live



MPLS PACKET WITH IP AS PAYLOAD
------------------------------------------------



HOW LABEL WORKS
----------------
MPLS Labels are bound to FECS
 - forwarding equivlancy class
 -ipv4 prefix for our purpose
Router uses MPLS LFIB to switch traffic
Essentially the LFIB is cef table + label
Switching Logic
  - if traffic comes in if1 with label x send out if2 with label y

MPLS DEVICE ROLES
-----------------
PE/LER = provider edge router/label edge router, this connects to customer edge devices retrieves unlabelled packets          and add label (pe) aka label pursh or label imposition. In l3VPN performs both IP routing & MPLS Lookup
P/LSR = provider router/label switch routers connect pe to P routers switches traffic based only on label

Label PUsh/POP/SWAP
-------------------
PE and P routers perform 3 major operations
  - label push
     - add a label to an incoming packet aka label imposition
  - Label swap
     - replace a label on incoming packet
  - label pop- remove a label from outgoing packet aka label disposition
LABEL DISTRIBUTION
-------------------
Adjacent P/PE'S must agree on label per FEC
Label binding can be dynamic through
  - Tag Distribution Protocol (TDP) - CIsco Propetiary legacy protocol
  -Label Distribtuion Protocol (LDP)
  -RRSVP (RESOURCE RESERVATIOB PROTOCOL)- use for mpls te (traffic engineering)
  - Multiprotocol BGP (MPBGP)
LABEL DISTRIBUTION PROTOCOL (LDP)
----------------------------------
Standard Per RFC 3036
Neighbor discovery is done via udp port 646 to 224.0.0.2
Neighbor adjacency is TCP port 646
Label Advertisement
   - Advertise FEC for connected IGP interfaces
   - Advertise FEC for IGP learned routers (including static)
LDP router id is selected same process as OSPF router id
The labels are local link significant so labels get originated on per hop basis.They are significant to two neighboring routers

MPLS COMMANDS
--------------
ip cef
mpls label protocol ldp|tdp
mpls ip
show mpls ldp interface

show mpls ldp neighbor
show mpls forwarding-table
show ip cef [internal]
debug mpls packet
(config) ip cef
config ) mpls label protocol ldp
cofnig) mpls ip

debug mpls transport events

LAB
----
OK i am looking at the core of the network here r1-r6




I am going to enable mpls and i will use the ldp protocol

I have already configured the underlying topology with ospf so there is connectivity to loopbacks etc

r6
---
R6 is one of our pe I will start by configuring mpls and the ldp protocol

r6(config)#mpls ip
r6(config)#mpls label protocol ldp

r6(config)#int fa0/0.16
r6(config-subif)#mpls ip
r6#sh mpls int
Interface              IP            Tunnel   Operational
FastEthernet0/0.16     Yes (ldp)     No       Yes
r6#

r1
---
r1(config)#mpls ip
r1(config)#mpls label protocol ldp
r1(config)#int fa0/0.16
r1(config-subif)#mpls ip
r1(config-subif)#
*Mar  1 01:33:49.067: mpls: Add mpls app; FastEthernet0/0.16
*Mar  1 01:33:49.067: mpls: Add mpls app; FastEthernet0/0.16
*Mar  1 01:33:49.067: mpls: Add mpls app; i/f status change; FastEthernet0/0.16
*Mar  1 01:33:49.067: ldp: enabling ldp on FastEthernet0/0.16
*Mar  1 01:33:49.123: ldp: i/f status change: FastEthernet0/0.16; cur/des flags 0x2/0x2mcast 1
*Mar  1 01:33:49.123: mpls: Enable MPLS forwarding on FastEthernet0/0.16
*Mar  1 01:33:49.123: ldp: enabling ldp on FastEthernet0/0.16
*Mar  1 01:33:49.123: ldp: i/f status change: FastEthernet0/0.16; cur/des flags 0x2/0x2mcast 1
*Mar  1 01:33:49.127: mpls: Allocate router id, select 1.1.1.1
*Mar  1 01:33:54.011: tagcon: (Default-IP-Routing-Table) Assign peer id; 6.6.6.6:0: id 0
*Mar  1 01:33:54.015: %LDP-5-NBRCHG: LDP Neighbor 6.6.6.6:0 is UP
*Mar  1 01:33:54.015: tagcon: peer 6.6.6.6:0 (pp 0x83C87FD0): advertise 155.0.3.1
*Mar  1 01:33:54.015: tagcon: peer 6.6.6.6:0 (pp 0x83C87FD0): advertise 155.0.5.1
*Mar  1 01:33:54.015: tagcon: peer 6.6.6.6:0 (pp 0x83C87FD0): advertise 155.0.2.1
*Mar  1 01:33:54.015: tagcon: peer 6.6.6.6:0 (pp 0x83C87FD0): advertise 1.1.1.1
*Mar  1 01:33:54.019: tagcon: peer 6.6.6.6:0 (pp 0x83C87FD0): advertise 1.1.1.1/32, label 3 (imp-null) (#2)
*Mar  1 01:33:54.019: tagcon: peer 6.6.6.6:0 (pp 0x83C87FD0): advertise 2.2.2.2/32, label 16 (#4)
*Mar  1 01:33:54.019: tagcon: peer 6.6.6.6:0 (pp 0x83C87FD0): advertise 155.0.3.0/24, label 3 (imp-null) (#6)
*Mar  1 01:33:54.019: tagcon: peer 6.6.6.6:0 (pp 0x83C87FD0): advertise 155.0.2.0/24, label 3 (imp-null) (#8)
*Mar  1 01:33:54.019: tagcon: peer 6.6.6.6:0 (pp 0x83C87FD0): advertise 155.0.7.0/24, label 17 (#10)
*Mar  1 01:33:54.023: tagcon: peer 6.6.6.6:0 (pp 0x83C87FD0): advertise 155.0.5.0/24, label 3 (imp-null) (#12)
*Mar  1 01:33:54.023: tagcon: peer 6.6.6.6:0 (pp 0x83C87FD0): advertise 155.0.4.0/24, label 18 (#14)
*Mar  1 01:33:54.023: tagcon: peer 6.6.6.6:0 (pp 0x83C87FD0): advertise 4.4.4.4/32, label 19 (#16)
*Mar  1 01:33:54.023: tagcon: peer 6.6.6.6:0 (pp 0x83C87FD0): advertise 6.6.6.6/32, label 20 (#18)
r1(config-subif)#exit

we can see when we configure r1 the mpls ldp neighbor relationship comes up with router 6.6.6.6 r6

r1#sh mpls ldp neigh
    Peer LDP Ident: 6.6.6.6:0; Local LDP Ident 1.1.1.1:0
        TCP connection: 6.6.6.6.21310 - 1.1.1.1.646
        State: Oper; Msgs sent/rcvd: 14/15; Downstream
        Up time: 00:02:29
        LDP discovery sources:
          FastEthernet0/0.16, Src IP addr: 155.0.2.6
        Addresses bound to peer LDP Ident:
          155.0.2.6       6.6.6.6
We see that we have a tcp connection to 6.6.6.6 using 646 tell us what int and what the source address of our neighbor is and the uptme

r1#sh mpls ldp par
Protocol version: 1
Downstream label generic region: min label: 16; max label: 100000
Session hold time: 180 sec; keep alive interval: 60 sec
Discovery hello: holdtime: 15 sec; interval: 5 sec
Discovery targeted hello: holdtime: 90 sec; interval: 10 sec
Downstream on Demand max hop count: 255
Downstream on Demand Path Vector Limit: 255
LDP for targeted sessions
LDP initial/maximum backoff: 15/120 sec
LDP loop detection: off
r1#

we can see our session parameters

I will configure the rest of the mpls ldp neighbors on r1
r1(config)#int fa0/0.12
r1(config-subif)#mpls ip
r1(config-subif)#int fa0/0.13
r1(config-subif)#mpls ip
r1(config-subif)#int fa0/0.16
r1(config-subif)#mpls ip

r2
---

r2#config t
Enter configuration commands, one per line.  End with CNTL/Z.
r2(config)#ip cef
r2(config)#mpls ip
r2(config)#mpls label protocol ldp
r2(config)#int fa0/0.12
r2(config-subif)#mpls ip
r2(config-subif)#int fa0/
*Mar  1 01:44:18.231: %LDP-5-NBRCHG: LDP Neighbor 1.1.1.1
r2(config-subif)#int fa0/0.23
r2(config-subif)#mpls ip
r2(config-subif)#int fa0/0.24
r2(config-subif)#mpls ip
r2(config-subif)#

r4
--

r4(config)#mpls ip
r4(config)#mpls label protocol ldp
r4(config)#int fa0/0.24
r4(config-subif)#mpls ip
r4(config-subif)#

r4#sh mpls ldp ne
    Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 4.4.4.4:0
        TCP connection: 2.2.2.2.646 - 4.4.4.4.55869
        State: Oper; Msgs sent/rcvd: 26/26; Downstream
        Up time: 00:09:58
        LDP discovery sources:
          FastEthernet0/0.24, Src IP addr: 155.0.7.2
        Addresses bound to peer LDP Ident:
          155.0.3.2       155.0.4.2       155.0.7.2       2.2.2.2
r4#

notice on r4 it has the address the directly connected neighbor has 155.0.3.2 which link between r2 - r1  155.0.4.2 which is the link between r3 - r2
155.0.7.2 - which is the link between r4 and r2 it will use these when building it mpls forwarding table, i will finish off the config and we will look at the forwarding table
r3
---
r3(config)#mpls ip
r3(config)#mpls label protocol ldp
r3(config)#int fa0/0.13
r3(config-subif)#mpls ip
r3(config-subif)#int fa9
*Mar  1 01:57:41.676: %LDP-5-NBRCHG: LDP Neighbor 1.1.1.1:
r3(config-subif)#int fa0/0.23
r3(config-subif)#mpls ip
r3(config-subif)#int fa0/0.23
*Mar  1 01:57:59.341: %LDP-5-NBRCHG: LDP Neighbor 2.2
r3(config-subif)#int fa0/0.35
r3(config-subif)#mpls ip
r3(config-subif)#

r5
---
r5(config)#mpls ip
r5(config)#mpls label protocol ldp
r5(config)#ip cef
r5(config)#do sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES TFTP   up                    up 
FastEthernet0/0.35         155.0.6.5       YES manual up                    up 
FastEthernet0/1            unassigned      YES NVRAM  administratively down down
Serial0/0/0                unassigned      YES TFTP   up                    down
Serial0/1/0                unassigned      YES TFTP   up                    up 
Loopback0                  5.5.5.5         YES NVRAM  up                    up 
r5(config)#int fa0/0.35
r5(config-subif)#mpls ip
r5(config-subif)#
*Jan 30 20:49:12.583: %LDP-5-NBRCHG: LDP Neighbor 3.3.3.3:0 (1) is UP


r5#sh mpls ldp neigh
    Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 5.5.5.5:0
        TCP connection: 3.3.3.3.646 - 5.5.5.5.18064
        State: Oper; Msgs sent/rcvd: 15/15; Downstream
        Up time: 00:00:29
        LDP discovery sources:
          FastEthernet0/0.35, Src IP addr: 155.0.6.3
        Addresses bound to peer LDP Ident:
          155.0.5.3       155.0.4.3       155.0.6.3       3.3.3.3
r5#

r5#sh mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     16          1.1.1.1/32        0          Fa0/0.35   155.0.6.3
17     17          2.2.2.2/32        0          Fa0/0.35   155.0.6.3
18     18          155.0.3.0/24      0          Fa0/0.35   155.0.6.3
19     19          155.0.2.0/24      0          Fa0/0.35   155.0.6.3
20     20          155.0.7.0/24      0          Fa0/0.35   155.0.6.3
21     Pop tag     155.0.5.0/24      0          Fa0/0.35   155.0.6.3
22     Pop tag     155.0.4.0/24      0          Fa0/0.35   155.0.6.3
23     Pop tag     3.3.3.3/32        0          Fa0/0.35   155.0.6.3
24     21          4.4.4.4/32        0          Fa0/0.35   155.0.6.3
25     23          6.6.6.6/32        0          Fa0/0.35   155.0.6.3
r5#
r5#sh mpls ldp bindingS 6.6.6.6 255.255.255.255
  tib entry: 6.6.6.6/32, rev 24
        local binding:  tag: 25
        remote binding: tsr: 3.3.3.3:0, tag: 23
r5#

Lets take r6 loopback and trace the path to it
we router 5 has assigned a local label of 25 to the network 6.6.6.6 if we recieve traffic for 6.6.6.6 we will send it out fa0/0.35 with a label of 23


r3
--
r3#sh mpls forward
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     Pop tag     1.1.1.1/32        0          Fa0/0.13   155.0.5.1
17     Pop tag     2.2.2.2/32        0          Fa0/0.23   155.0.4.2
18     Pop tag     155.0.3.0/24      0          Fa0/0.13   155.0.5.1
       Pop tag     155.0.3.0/24      0          Fa0/0.23   155.0.4.2
19     Pop tag     155.0.2.0/24      0          Fa0/0.13   155.0.5.1
20     Pop tag     155.0.7.0/24      0          Fa0/0.23   155.0.4.2
21     19          4.4.4.4/32        0          Fa0/0.23   155.0.4.2
22     Pop tag     5.5.5.5/32        0          Fa0/0.35   155.0.6.5
23     20          6.6.6.6/32        0          Fa0/0.13   155.0.5.1
r3#

ok on r3 if we recieve an incoming label of 23 we will swap the label putting on label 20 and send it out int fa0/0.13 which is the link to r1


r1
---
r1#sh mpls forwarding
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     Pop tag     2.2.2.2/32        0          Fa0/0.12   155.0.3.2
17     Pop tag     155.0.7.0/24      0          Fa0/0.12   155.0.3.2
18     Pop tag     155.0.4.0/24      0          Fa0/0.12   155.0.3.2
       Pop tag     155.0.4.0/24      0          Fa0/0.13   155.0.5.3
19     19          4.4.4.4/32        0          Fa0/0.12   155.0.3.2
20     Pop tag     6.6.6.6/32        0          Fa0/0.16   155.0.2.6
21     Pop tag     155.0.6.0/24      0          Fa0/0.13   155.0.5.3
22     Pop tag     3.3.3.3/32        0          Fa0/0.13   155.0.5.3
23     22          5.5.5.5/32        0          Fa0/0.13   155.0.5.3
if we recieve a label of 20 we will remove the label and send it out fa0/0.16 which is the link to r6

we will reach r6 6.6.6.6 so the mpls switching is done

r1#sh mpls ldp bind
  tib entry: 1.1.1.1/32, rev 2
        local binding:  tag: imp-null
        remote binding: tsr: 6.6.6.6:0, tag: 16
        remote binding: tsr: 2.2.2.2:0, tag: 16
        remote binding: tsr: 3.3.3.3:0, tag: 16
  tib entry: 2.2.2.2/32, rev 4
        local binding:  tag: 16
        remote binding: tsr: 6.6.6.6:0, tag: 17
        remote binding: tsr: 2.2.2.2:0, tag: imp-null
        remote binding: tsr: 3.3.3.3:0, tag: 17
  tib entry: 3.3.3.3/32, rev 22
        local binding:  tag: 22
        remote binding: tsr: 6.6.6.6:0, tag: 24
        remote binding: tsr: 2.2.2.2:0, tag: 22
        remote binding: tsr: 3.3.3.3:0, tag: imp-null
  tib entry: 4.4.4.4/32, rev 16
        local binding:  tag: 19
        remote binding: tsr: 6.6.6.6:0, tag: 22
        remote binding: tsr: 2.2.2.2:0, tag: 19
        remote binding: tsr: 3.3.3.3:0, tag: 21
  tib entry: 5.5.5.5/32, rev 24
        local binding:  tag: 23
        remote binding: tsr: 6.6.6.6:0, tag: 25
        remote binding: tsr: 2.2.2.2:0, tag: 23
        remote binding: tsr: 3.3.3.3:0, tag: 22
  tib entry: 6.6.6.6/32, rev 18
        local binding:  tag: 20
        remote binding: tsr: 6.6.6.6:0, tag: imp-null
        remote binding: tsr: 2.2.2.2:0, tag: 20
        remote binding: tsr: 3.3.3.3:0, tag: 23
  tib entry: 155.0.2.0/24, rev 8
        local binding:  tag: imp-null
        remote binding: tsr: 6.6.6.6:0, tag: imp-null
        remote binding: tsr: 2.2.2.2:0, tag: 17
        remote binding: tsr: 3.3.3.3:0, tag: 19
  tib entry: 155.0.3.0/24, rev 6
        local binding:  tag: imp-null
        remote binding: tsr: 6.6.6.6:0, tag: 18
        remote binding: tsr: 2.2.2.2:0, tag: imp-null
        remote binding: tsr: 3.3.3.3:0, tag: 18
  tib entry: 155.0.4.0/24, rev 14
        local binding:  tag: 18
        remote binding: tsr: 6.6.6.6:0, tag: 21
        remote binding: tsr: 2.2.2.2:0, tag: imp-null
        remote binding: tsr: 3.3.3.3:0, tag: imp-null
  tib entry: 155.0.5.0/24, rev 12
        local binding:  tag: imp-null
        remote binding: tsr: 6.6.6.6:0, tag: 20
        remote binding: tsr: 2.2.2.2:0, tag: 18
        remote binding: tsr: 3.3.3.3:0, tag: imp-null
  tib entry: 155.0.6.0/24, rev 20
        local binding:  tag: 21
        remote binding: tsr: 6.6.6.6:0, tag: 23
        remote binding: tsr: 2.2.2.2:0, tag: 21
        remote binding: tsr: 3.3.3.3:0, tag: imp-null
  tib entry: 155.0.7.0/24, rev 10
        local binding:  tag: 17
        remote binding: tsr: 6.6.6.6:0, tag: 19
        remote binding: tsr: 2.2.2.2:0, tag: imp-null
        remote binding: tsr: 3.3.3.3:0, tag: 20
r1#
we will locally generate label for each network in the cef table see above.