Thursday, January 28, 2016

L3VPN task #3. CE-PE routing using ISIS and BGP.

Topology:



Use configuration from L3VPN task #2 as initial configuration for this task.

Requirements: 

1. Customer A.
         1.1 Remove static routing configuration from the previous task.
         1.2 Use ISIS as routing protocol on routers R6 & R7, and between Customer A and SP routers.
         1.3 Configure ISIS protocol to only create Level-2 databases.

2. Customer B.
         2.1 Remove OSPF routing configuration from the previous task.
         2.2 Use BGP as routing protocol between Customer B and SP routers. Both customer routers                    should use AS #48. Each router should advertise it's /24 range into eBGP.
         2.3 Customer routers should see the BGP route towards the other site with "correct" AS-PATH                  of "17 48 i".
         

Solution:

Highlight the text below to reveal the solution.

This task requires understanding of using ISIS and eBGP for CE-PE routing

Requirement #1 - configure "is-type" of level-2 on routers R6, R7, R5 and R2 to only create Level-2                                databases. Redistribute between ISIS and BGP on PE routers, note to redistribute                                  the correct ISIS level routes. 

Requirement #2 - The challenge in this task is that routers R4 and R8 are useing the same AS                                           number. In order to keep the AS-PATH as required, configure "allowas-in" on                                     eBGP session towards the PE router. 
                              Note that IOS-XR has an additional loop prevention feature, which does not exist                                 in IOS. Router R3 will not advertise the prefix 10.10.4.0/24 to R8, unless                                               "as-path-loopcheck" is disable in the vrf configuration. 
                              Also note that IOS-XR requires explicit configuration of inbound and outbound                                   route-policy for eBGP peers, otherwise no prefixes will be advertised or accepted                                 from neighbor. 


R2:


!
interface Ethernet1/1
 vrf forwarding CUST_A
 ip address 17.0.27.2 255.255.255.0
 ip router isis CUST_A
!
router isis CUST_A
 vrf CUST_A
 net 49.0007.0000.0000.0002.00
 is-type level-2-only
 redistribute bgp 17
!
router bgp 17
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 17.0.1.1 remote-as 17
 neighbor 17.0.1.1 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 17.0.1.1 activate
  neighbor 17.0.1.1 send-community both
 exit-address-family
 !
 address-family ipv4 vrf CUST_A
  redistribute connected
  redistribute isis CUST_A level-1-2
 exit-address-family
 !
 address-family ipv4 vrf CUST_B
  redistribute connected
  neighbor 17.0.24.4 remote-as 48
  neighbor 17.0.24.4 activate
 exit-address-family
!


R3:


router bgp 17
 address-family vpnv4 unicast
 !
 neighbor 17.0.1.1
  remote-as 17
  update-source Loopback0
  address-family vpnv4 unicast
  !
 !
 vrf CUST_B
  rd 48:1
  address-family ipv4 unicast
   as-path-loopcheck out disable
   redistribute connected
  !
  neighbor 17.0.38.8
   remote-as 48
   address-family ipv4 unicast
    route-policy ANY in
    route-policy ANY out
   !
  !
 !
!

R4:


router bgp 48
 address-family ipv4 unicast
  network 10.10.4.0/24
 !
 neighbor 17.0.24.2
  remote-as 17
  address-family ipv4 unicast
   route-policy ANY in
   allowas-in 2
   route-policy ANY out
  !
 !
!


R5:


!
interface Ethernet1/0
 vrf forwarding CUST_A
 ip address 17.0.56.5 255.255.255.0
 ip router isis CUST_A
!
!
router isis CUST_A
 vrf CUST_A
 net 49.0006.0000.0000.0005.00
 is-type level-2-only
 redistribute bgp 17
!
router bgp 17
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 17.0.1.1 remote-as 17
 neighbor 17.0.1.1 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 17.0.1.1 activate
  neighbor 17.0.1.1 send-community both
 exit-address-family
 !
 address-family ipv4 vrf CUST_A
  redistribute connected
  redistribute isis CUST_A level-1-2
 exit-address-family
!

R6:


!
interface Loopback0
 ip address 192.168.6.6 255.255.255.255
 ip router isis CCIE
!
interface Ethernet0/0
 ip address 17.0.56.6 255.255.255.0
 ip router isis CCIE
!
router isis CCIE
 net 49.0006.0000.0000.0006.00
 is-type level-2-only
!

R7:


!
interface Loopback0
 ip address 192.168.7.7 255.255.255.255
 ip router isis CCIE
!
interface Ethernet0/0
 ip address 17.0.27.7 255.255.255.0
 ip router isis CCIE
!
router isis CCIE
 net 49.0007.0000.0000.0007.00
 is-type level-2-only


R8:

!
router bgp 48
 bgp log-neighbor-changes
 network 10.10.8.0 mask 255.255.255.0
 neighbor 17.0.38.3 remote-as 17
 neighbor 17.0.38.3 allowas-in 2
!


Verification:

Customer B: 

RP/0/0/CPU0:R4#sho bgp
Wed Jan  6 22:03:31.296 UTC
BGP router identifier 10.10.4.4, local AS number 48
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0000000   RD version: 26
BGP main routing table version 26
BGP scan interval 60 secs

Status codes: s suppressed, d damped, h history, * valid, > best
              i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network            Next Hop            Metric LocPrf Weight Path
*> 10.10.4.0/24       0.0.0.0                  0         32768 i
*> 10.10.8.0/24       17.0.24.2                              0 17 48 i
*> 17.0.24.0/24       17.0.24.2                0             0 17 ?
*> 17.0.38.0/24       17.0.24.2                              0 17 ?

Processed 4 prefixes, 4 paths

RP/0/0/CPU0:R4#sh route
Wed Jan  6 22:03:32.876 UTC

Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
       U - per-user static route, o - ODR, L - local, G  - DAGR
       A - access/subscriber, a - Application route, (!) - FRR Backup path

Gateway of last resort is not set

S    10.10.4.0/24 is directly connected, 16:56:46, Null0
L    10.10.4.4/32 is directly connected, 1d19h, Loopback0
B    10.10.8.0/24 [20/0] via 17.0.24.2, 16:46:35
C    17.0.24.0/24 is directly connected, 1d19h, GigabitEthernet0/0/0/0
L    17.0.24.4/32 is directly connected, 1d19h, GigabitEthernet0/0/0/0
B    17.0.38.0/24 [20/0] via 17.0.24.2, 16:46:35


RP/0/0/CPU0:R4#traceroute 10.10.8.8 source 10.10.4.4
Wed Jan  6 22:03:52.455 UTC

Type escape sequence to abort.
Tracing the route to 10.10.8.8

 1  17.0.24.2 0 msec  0 msec  0 msec
 2  17.0.13.3 [MPLS: Label 16007 Exp 0] 0 msec  0 msec  0 msec
 3  17.0.38.8 0 msec  0 msec  0 msec

R8#show bgp
BGP table version is 15, local router ID is 10.10.8.8
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  10.10.4.0/24     17.0.38.3                              0 17 48 i
 *>  10.10.8.0/24     0.0.0.0                  0         32768 i
 *>  17.0.24.0/24     17.0.38.3                              0 17 ?
 r>  17.0.38.0/24     17.0.38.3                0             0 17 ?

Customer A: 

R7#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      17.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C        17.0.27.0/24 is directly connected, Ethernet0/0
L        17.0.27.7/32 is directly connected, Ethernet0/0
i L2     17.0.56.0/24 [115/10] via 17.0.27.2, 19:40:41, Ethernet0/0
      192.168.6.0/32 is subnetted, 1 subnets
i L2     192.168.6.6 [115/10] via 17.0.27.2, 19:33:51, Ethernet0/0
      192.168.7.0/32 is subnetted, 1 subnets
C        192.168.7.7 is directly connected, Loopback0
R7#trace
R7#traceroute 192.168.6.6 sou
R7#traceroute 192.168.6.6 source lo0
Type escape sequence to abort.
Tracing the route to 192.168.6.6
VRF info: (vrf in name/id, vrf out name/id)
  1 17.0.27.2 5 msec 4 msec 5 msec
  2 17.0.56.5 [MPLS: Label 22 Exp 0] 4 msec 5 msec 5 msec
  3 17.0.56.6 5 msec 5 msec 5 msec

R7#show isis database

Tag CCIE:
IS-IS Level-2 Link State Database:
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
R2.00-00              0x00000060   0xBF2F        1167              0/0/0
R2.01-00              0x0000005B   0xEF89        1139              0/0/0
R7.00-00            * 0x00000065   0x1EC5        884               0/0/0


R6#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      17.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
i L2     17.0.27.0/24 [115/10] via 17.0.56.5, 19:40:58, Ethernet0/0
C        17.0.56.0/24 is directly connected, Ethernet0/0
L        17.0.56.6/32 is directly connected, Ethernet0/0
      192.168.6.0/32 is subnetted, 1 subnets
C        192.168.6.6 is directly connected, Loopback0
      192.168.7.0/32 is subnetted, 1 subnets
i L2     192.168.7.7 [115/10] via 17.0.56.5, 19:40:58, Ethernet0/0


No comments:

Post a Comment