Sunday, January 24, 2016

L3VPN task #1. CE-PE routing using static routing and OSPF.

Topology:



Routers R3 and R4 are IOS-XR routers, the rest are IOS routers.
Service Provider routers are R2, R2, R3 & R5.
Customer A routers are R4 and R8.
Customer B routers are R6 and R7.
Links between PE and CE routers are numbered from the SP address space.
Example link R2-R4 is allocated prefix 17.0.24/24
Configure loopback0 interfaces and links between all routers for initial configuration.

Requirements: 


1. Configure ISIS as SP IGP. 
2. Minimize the number of iBGP sessions in SP network. 
3. In iBGP, only exchange address-families required for this task. 
4. Provide connectivity between routers of Customer A - R6 and R7. Do not use any dynamic routing     protocols. Customer A routers do not have any other links, except those depicted in this topology.  
5. Provide connectivity between routers of Customer B - R4 and R8. Customer B use OSPF as IGP,       with all interfaces configured in area 0. Customer B routers should see each other prefixes as               IA OSPF routes. 

Solution:

Highlight the text below to reveal the solution.

This task requires understanding of the following technologies:
ISIS
OSPF
MP-BGP
MPLS L3VPN

Requirement #2 - configure R1 as route-reflector to minimize the amount of iBGP sessions in SP network. 
Requirement #3 - disable ipv4 address family in SP BGP. only vpnv4 address family is required for                                this task. 
Requirement #4 - configure static default routes on Customer A routers. on PE routers, redistribute static and connected. 

Requirement #5 - configure OSPF on PE-CE links. in order for routes to appear as OSPF IA, OSPF                                  domain should match between the PE routers R2 and R3. In this solution, domain-                                id from IOS-XR R3 was manually configured on IOS R2 router. 

R1:


!
interface Loopback0
 ip address 17.0.1.1 255.255.255.255
 ip router isis CCIE
!
interface Ethernet0/0
 ip address 17.0.12.1 255.255.255.0
 ip router isis CCIE
!
interface Ethernet0/1
 ip address 17.0.13.1 255.255.255.0
 ip router isis CCIE
!
interface Ethernet0/2
 ip address 17.0.15.1 255.255.255.0
 ip router isis CCIE
!
!
router isis CCIE
 mpls ldp autoconfig
 net 49.0017.0000.0000.0001.00
 is-type level-2-only
!
router bgp 17
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor CLIENTS peer-group
 neighbor CLIENTS remote-as 17
 neighbor CLIENTS update-source Loopback0
 neighbor 17.0.2.2 peer-group CLIENTS
 neighbor 17.0.3.3 peer-group CLIENTS
 neighbor 17.0.5.5 peer-group CLIENTS
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor CLIENTS send-community both
  neighbor CLIENTS route-reflector-client
  neighbor 17.0.2.2 activate
  neighbor 17.0.3.3 activate
  neighbor 17.0.5.5 activate
 exit-address-family
!

R2:


!
vrf definition CUST_A
 rd 67:1
 route-target export 67:1
 route-target import 67:1
 !
 address-family ipv4
 exit-address-family
!
vrf definition CUST_B
 rd 48:1
 route-target export 48:1
 route-target import 48:1
 !
 address-family ipv4
 exit-address-family
!
!
interface Loopback0
 ip address 17.0.2.2 255.255.255.255
 ip router isis CCIE
!
interface Ethernet0/0
 ip address 17.0.12.2 255.255.255.0
 ip router isis CCIE
!
!
interface Ethernet1/0
 vrf forwarding CUST_B
 ip address 17.0.24.2 255.255.255.0
 ip ospf 1 area 0
!
interface Ethernet1/1
 vrf forwarding CUST_A
 ip address 17.0.27.2 255.255.255.0
!
!
router ospf 1 vrf CUST_B
 router-id 2.2.2.2
 domain-id type 0005 value 000000000001
 redistribute bgp 17 subnets
!
router isis CCIE
 mpls ldp autoconfig
 net 49.0017.0000.0000.0002.00
 is-type level-2-only
!
router bgp 17
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 17.0.1.1 remote-as 17
 neighbor 17.0.1.1 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 17.0.1.1 activate
  neighbor 17.0.1.1 send-community both
 exit-address-family
 !
 address-family ipv4 vrf CUST_A
  redistribute connected
  redistribute static
 exit-address-family
 !
 address-family ipv4 vrf CUST_B
  redistribute connected
  redistribute ospf 1
 exit-address-family
!
ip route vrf CUST_A 192.168.7.0 255.255.255.0 17.0.27.7
!

R3:


vrf CUST_B
 address-family ipv4 unicast
  import route-target
   48:1
  !
  export route-target
   48:1
  !
 !
!
!
interface Loopback0
 ipv4 address 17.0.3.3 255.255.255.255
!
interface GigabitEthernet0/0/0/0
 ipv4 address 17.0.13.3 255.255.255.0
!
interface GigabitEthernet0/0/0/1
 vrf CUST_B
 ipv4 address 17.0.38.3 255.255.255.0
!
router isis CCIE
 is-type level-2-only
 net 49.0017.0000.0000.0003.00
 interface Loopback0
  address-family ipv4 unicast
  !
 !
 interface GigabitEthernet0/0/0/0
  address-family ipv4 unicast
  !
 !
!
router ospf CUST_B
 vrf CUST_B
  router-id 3.3.3.3
  domain-id type 0005 value 000000000001
  redistribute bgp 17
  area 0
   interface GigabitEthernet0/0/0/1
   !
  !
 !
!
router bgp 17
 address-family vpnv4 unicast
 !
 neighbor 17.0.1.1
  remote-as 17
  update-source Loopback0
  address-family vpnv4 unicast
  !
 !
 vrf CUST_B
  rd 48:1
  address-family ipv4 unicast
   redistribute ospf CUST_B
  !
 !
!
!
mpls ldp
 interface GigabitEthernet0/0/0/0
 !
!

R4:

!
interface Loopback0
 ipv4 address 10.10.4.4 255.255.255.255
!
interface GigabitEthernet0/0/0/0
 ipv4 address 17.0.24.4 255.255.255.0
!
router ospf 1
 router-id 10.10.4.4
 area 0
  interface Loopback0
  !
  interface GigabitEthernet0/0/0/0
  !
 !
!

R5:


!
vrf definition CUST_A
 rd 67:1
 route-target export 67:1
 route-target import 67:1
 !
 address-family ipv4
 exit-address-family
!
!
interface Loopback0
 ip address 17.0.5.5 255.255.255.255
 ip router isis CCIE
!
interface Ethernet0/0
 ip address 17.0.15.5 255.255.255.0
 ip router isis CCIE
!
!
interface Ethernet1/0
 vrf forwarding CUST_A
 ip address 17.0.56.5 255.255.255.0
!
!
router isis CCIE
 mpls ldp autoconfig
 net 49.0017.0000.0000.0005.00
 is-type level-2-only
!
router bgp 17
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 17.0.1.1 remote-as 17
 neighbor 17.0.1.1 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 17.0.1.1 activate
  neighbor 17.0.1.1 send-community both
 exit-address-family
 !
 address-family ipv4 vrf CUST_A
  redistribute connected
  redistribute static
 exit-address-family
!
ip route vrf CUST_A 192.168.6.0 255.255.255.0 17.0.56.6
!

R6:

!
interface Loopback0
 ip address 192.168.6.6 255.255.255.255
!
interface Ethernet0/0
 ip address 17.0.56.6 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 17.0.56.5
!

R7:

!
interface Loopback0
 ip address 192.168.7.7 255.255.255.255
!
interface Ethernet0/0
 ip address 17.0.27.7 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 17.0.27.2
!


R8:


!
interface Loopback0
 ip address 10.10.8.8 255.255.255.255
 ip ospf 1 area 0
!
interface Ethernet0/0
 ip address 17.0.38.8 255.255.255.0
 ip ospf 1 area 0
!
router ospf 1
 router-id 10.10.8.8
!



Verification:



R1#show bgp all
For address family: IPv4 Unicast


For address family: VPNv4 Unicast

BGP table version is 19, local router ID is 17.0.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 48:1
 *>i 10.10.4.4/32     17.0.2.2                11    100      0 ?
 *>i 10.10.8.8/32     17.0.3.3                 2    100      0 ?
 *>i 17.0.24.0/24     17.0.2.2                 0    100      0 ?
 *>i 17.0.38.0/24     17.0.3.3                 0    100      0 ?
Route Distinguisher: 67:1
 *>i 17.0.27.0/24     17.0.2.2                 0    100      0 ?
 *>i 17.0.56.0/24     17.0.5.5                 0    100      0 ?
 *>i 192.168.6.0      17.0.5.5                 0    100      0 ?
 *>i 192.168.7.0      17.0.2.2                 0    100      0 ?
     Network          Next Hop            Metric LocPrf Weight Path

For address family: IPv4 Multicast

R1#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      17.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
C        17.0.1.1/32 is directly connected, Loopback0
i L2     17.0.2.2/32 [115/20] via 17.0.12.2, 10:12:16, Ethernet0/0
i L2     17.0.3.3/32 [115/20] via 17.0.13.3, 10:09:16, Ethernet0/1
i L2     17.0.5.5/32 [115/20] via 17.0.15.5, 10:12:06, Ethernet0/2
C        17.0.12.0/24 is directly connected, Ethernet0/0
L        17.0.12.1/32 is directly connected, Ethernet0/0
C        17.0.13.0/24 is directly connected, Ethernet0/1
L        17.0.13.1/32 is directly connected, Ethernet0/1
C        17.0.15.0/24 is directly connected, Ethernet0/2
L        17.0.15.1/32 is directly connected, Ethernet0/2


R2# show bgp all
For address family: IPv4 Unicast


For address family: VPNv4 Unicast

BGP table version is 25, local router ID is 17.0.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 48:1 (default for vrf CUST_B)
 *>  10.10.4.4/32     17.0.24.4               11         32768 ?
 *>i 10.10.8.8/32     17.0.3.3                 2    100      0 ?
 *>  17.0.24.0/24     0.0.0.0                  0         32768 ?
 *>i 17.0.38.0/24     17.0.3.3                 0    100      0 ?
Route Distinguisher: 67:1 (default for vrf CUST_A)
 *>  17.0.27.0/24     0.0.0.0                  0         32768 ?
 *>i 17.0.56.0/24     17.0.5.5                 0    100      0 ?
 *>i 192.168.6.0      17.0.5.5                 0    100      0 ?
 *>  192.168.7.0      17.0.27.7                0         32768 ?
     Network          Next Hop            Metric LocPrf Weight Path

For address family: IPv4 Multicast

RP/0/0/CPU0:R3#show bgp all all
Tue Jan  5 08:01:07.307 UTC

Address Family: VPNv4 Unicast
-----------------------------

BGP router identifier 17.0.3.3, local AS number 17
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0   RD version: 0
BGP main routing table version 20
BGP scan interval 60 secs

Status codes: s suppressed, d damped, h history, * valid, > best
              i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network            Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 48:1 (default for vrf CUST_B)
*>i10.10.4.4/32       17.0.2.2                11    100      0 ?
*> 10.10.8.8/32       17.0.38.8                2         32768 ?
*>i17.0.24.0/24       17.0.2.2                 0    100      0 ?
*> 17.0.38.0/24       0.0.0.0                  0         32768 ?

Processed 4 prefixes, 4 paths


RP/0/0/CPU0:R4#show route ipv4
Tue Jan  5 08:01:36.885 UTC

Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
       U - per-user static route, o - ODR, L - local, G  - DAGR
       A - access/subscriber, a - Application route, (!) - FRR Backup path

Gateway of last resort is not set

L    10.10.4.4/32 is directly connected, 05:35:58, Loopback0
O IA 10.10.8.8/32 [110/3] via 17.0.24.2, 05:14:04, GigabitEthernet0/0/0/0
C    17.0.24.0/24 is directly connected, 05:35:58, GigabitEthernet0/0/0/0
L    17.0.24.4/32 is directly connected, 05:35:58, GigabitEthernet0/0/0/0
O IA 17.0.38.0/24 [110/2] via 17.0.24.2, 05:14:04, GigabitEthernet0/0/0/0

R8# sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      10.0.0.0/32 is subnetted, 2 subnets
O IA     10.10.4.4 [110/21] via 17.0.38.3, 05:15:04, Ethernet0/0
C        10.10.8.8 is directly connected, Loopback0
      17.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O IA     17.0.24.0/24 [110/11] via 17.0.38.3, 05:15:06, Ethernet0/0
C        17.0.38.0/24 is directly connected, Ethernet0/0
L        17.0.38.8/32 is directly connected, Ethernet0/0


R8#traceroute 10.10.4.4 source 10.10.8.8 numeric
Type escape sequence to abort.
Tracing the route to 10.10.4.4
VRF info: (vrf in name/id, vrf out name/id)
  1 17.0.38.3 1 msec 0 msec 0 msec
  2 17.0.13.1 [MPLS: Labels 16/25 Exp 0] 2 msec 2 msec 2 msec
  3 17.0.24.2 [MPLS: Label 25 Exp 0] 2 msec 1 msec 1 msec
  4 17.0.24.4 3 msec *  3 msec


R6#             traceroute 192.168.7.7 source 192.168.6.6 numeric
Type escape sequence to abort.
Tracing the route to 192.168.7.7
VRF info: (vrf in name/id, vrf out name/id)
  1 17.0.56.5 5 msec 6 msec 4 msec
  2 17.0.15.1 [MPLS: Labels 16/22 Exp 0] 6 msec 5 msec 7 msec
  3 17.0.27.2 [MPLS: Label 22 Exp 0] 5 msec 5 msec 5 msec
  4 17.0.27.7 5 msec 6 msec 6 msec



No comments:

Post a Comment