Monday, February 29, 2016

Overlay VPN task #2. L2VPN tuning and security.

Topology:



Use configuration from L2VPN task #1 as initial configuration for this task.

Requirements: 

Update the configuration from the previous task to comply with the below requirement:

1. For Customer A connection, routers R1 and R3 should not use L2TP signalling.
2. For Customer B connection:
           2.1  Authenticate the L2TP control channel with password "STRONG". Use                                                 strongest available algorithm.
           2.2  Drop the tunneled packets if arrive out of sequence. 
           2.3  Set Hello interval to 10 seconds. 

Solution:

Highlight the text below to reveal the solution.

This task requires understanding of L2TPv3 Manual modes, configuration of L2TP-class, authentication options and sequencing

Requirement #1 - configure xconnect in manual mode, set session id and cookies to any value. 
Requirement #2 - configure l2tp-class for authentication (digest secret), change algorithm to SHA1                                  instead of default MD5. Set hello interval to 10 seconds. Enable sequencing in                                      order to drop out-of-order packets on egress. 

R1:


!
l2tp-class B-CLASS
 digest secret 0 STRONG hash SHA1
 hello 10
!
pseudowire-class CUST_A
 encapsulation l2tpv3
 protocol none
 ip local interface Loopback0
!
pseudowire-class CUST_B
 encapsulation l2tpv3
 protocol none
 ip local interface Loopback0
!
!
interface Ethernet1/0
 no ip address
 no cdp enable
 xconnect 18.0.3.3 46 encapsulation l2tpv3 manual pw-class CUST_A
  l2tp id 1 3
  l2tp cookie local 4 11
  l2tp cookie remote 4 33
!
interface Ethernet1/1
 no ip address
!
interface Ethernet1/1.57
 encapsulation dot1Q 57
 xconnect 18.0.3.3 57 encapsulation l2tpv3 manual pw-class CUST_B sequencing both
  l2tp id 11 33
  l2tp cookie local 4 1111
  l2tp cookie remote 4 3333
  l2tp hello B-CLASS
!
interface Ethernet1/1.58
 encapsulation dot1Q 58
 xconnect 18.0.3.3 58 encapsulation l2tpv3 manual pw-class CUST_B sequencing both
  l2tp id 111 333
  l2tp cookie local 4 111111
  l2tp cookie remote 4 333333
  l2tp hello B-CLASS
!


R3:


!
l2tp-class B-CLASS
 digest secret 0 STRONG hash SHA1
 hello 10
!
pseudowire-class CUST_A
 encapsulation l2tpv3
 protocol none
 ip local interface Loopback0
!
pseudowire-class CUST_B
 encapsulation l2tpv3
 protocol none
 ip local interface Loopback0
!
!
interface Ethernet1/0
 no ip address
 no cdp enable
 xconnect 18.0.1.1 46 encapsulation l2tpv3 manual pw-class CUST_A
  l2tp id 3 1
  l2tp cookie local 4 33
  l2tp cookie remote 4 11
!
interface Ethernet1/1
 no ip address
!
interface Ethernet1/1.75
 encapsulation dot1Q 75
 xconnect 18.0.1.1 57 encapsulation l2tpv3 manual pw-class CUST_B sequencing both
  l2tp id 33 11
  l2tp cookie local 4 3333
  l2tp cookie remote 4 1111
  l2tp hello B-CLASS
!
interface Ethernet1/2
 no ip address
!
interface Ethernet1/2.85
 encapsulation dot1Q 85
 xconnect 18.0.1.1 58 encapsulation l2tpv3 manual pw-class CUST_B sequencing both
  l2tp id 333 111
  l2tp cookie local 4 333333
  l2tp cookie remote 4 111111
  l2tp hello B-CLASS
!


Verification:


R1#          show l2tp tunnel

L2TP Tunnel Information Total tunnels 1 sessions 3

LocTunID   RemTunID   Remote Name   State  Remote Address  Sessn L2TP Class/
                                                           Count VPDN Group
1712678144 1609120835 R3            est    18.0.3.3        3     B-CLASS




R1#           show l2tp tunnel all

L2TP Tunnel Information Total tunnels 1 sessions 3

Tunnel id 1712678144 is up, remote id is 1609120835, 3 active sessions
  Remotely initiated tunnel
  Tunnel state is established, time since change 00:36:15
  Tunnel transport is IP  (115)
  Remote tunnel name is R3
    Internet Address 18.0.3.3, port 0
  Local tunnel name is R1
    Internet Address 18.0.1.1, port 0
  L2TP class for tunnel is B-CLASS
  Counters, taking last clear into account:
    0 packets sent, 0 received
    0 bytes sent, 0 received
    Last clearing of counters never
  Counters, ignoring last clear:
    0 packets sent, 0 received
    0 bytes sent, 0 received
  Control Ns 39, Nr 217
  Local RWS 1024 (default), Remote RWS 1024
  Control channel Congestion Control is disabled
  Tunnel PMTU checking disabled
  Retransmission time 1, max 1 seconds
  Unsent queuesize 0, max 0
  Resend queuesize 0, max 1
  Total resends 0, ZLB ACKs sent 216
  Total out-of-order dropped pkts 0
  Total out-of-order reorder pkts 0
  Total peer authentication failures 0
  Current no session pak queue check 0 of 5
  Retransmit time distribution: 0 0 0 0 0 0 0 0 0
  Control message authentication is enabled with 1 digest secrets
  Last control message authenticated with first digest secret


R1#          show l2tp session

L2TP Session Information Total tunnels 1 sessions 3

LocID      RemID      TunID      Username, Intf/      State  Last Chg Uniq ID
                                 Vcid, Circuit
1          3          1712678144 46, Et1/0            est    00:59:33 16
111        333        1712678144 58, Et1/1.58:58      est    00:33:50 20
11         33         1712678144 57, Et1/1.57:57      est    00:33:50 17


R1#          show l2tp session all

L2TP Session Information Total tunnels 1 sessions 3

Session id 1 is up, logical session id 33727, tunnel id 1712678144
  Remote session id is 3, remote tunnel id 1609120835
  Locally initiated session
  Unique ID is 16
Session Layer 2 circuit, type is Ethernet, name is Ethernet1/0
  Session vcid is 46
  Circuit state is UP
    Local circuit state is UP
    Remote circuit state is UP
Call serial number is 0
Remote tunnel name is
  Internet address is 18.0.3.3
Local tunnel name is
  Internet address is 18.0.1.1
IP protocol 115
  Session is manually signaled
  Session state is established, time since change 00:59:45
    9487 Packets sent, 9477 received
    1115060 Bytes sent, 1113848 received
  Last clearing of counters never
  Counters, ignoring last clear:
    9487 Packets sent, 9477 received
    1115060 Bytes sent, 1113848 received
    Receive packets dropped:
      out-of-order:             0
      other:                    0
      total:                    0
    Send packets dropped:
      exceeded session MTU:     0
      other:                    0
      total:                    0
  DF bit off, ToS reflect disabled, ToS value 0, TTL value 255
  Sending UDP checksums are disabled
  Received UDP checksums are verified
  Session cookie information:
    local cookie, size 4 bytes, value 00 00 00 0b
    remote cookie, size 4 bytes, value 00 00 00 21
  FS cached header information:
    encap size = 28 bytes
    45000014 00000000 ff739373 12000101
    12000303 00000003 00000021
  Sequencing is off
  Conditional debugging is disabled
  SSM switch id is 5053, SSM segment id is 9155

Session id 111 is up, logical session id 99295, tunnel id 1712678144
  Remote session id is 333, remote tunnel id 1609120835
  Locally initiated session
  Unique ID is 20
Session Layer 2 circuit, type is Ethernet Vlan, name is Ethernet1/1.58:58
  Session vcid is 58
  Circuit state is UP
    Local circuit state is UP
    Remote circuit state is UP
Call serial number is 0
Remote tunnel name is
  Internet address is 18.0.3.3
Local tunnel name is
  Internet address is 18.0.1.1
IP protocol 115
  Session is manually signaled
  Session state is established, time since change 00:34:03
    1004 Packets sent, 949 received
    118418 Bytes sent, 111820 received
  Last clearing of counters never
  Counters, ignoring last clear:
    1004 Packets sent, 949 received
    118418 Bytes sent, 111820 received
    Receive packets dropped:
      out-of-order:             0
      other:                    0
      total:                    0
    Send packets dropped:
      exceeded session MTU:     0
      other:                    0
      total:                    0
  DF bit off, ToS reflect disabled, ToS value 0, TTL value 255
  Sending UDP checksums are disabled
  Received UDP checksums are verified
  Session cookie information:
    local cookie, size 4 bytes, value 00 01 b2 07
    remote cookie, size 4 bytes, value 00 05 16 15
  FS cached header information:
    encap size = 32 bytes
    45000014 00000000 ff739373 12000101
    12000303 0000014d 00051615 00000000

  Sequencing is on
    Ns 995, Nr 940, 0 out of order packets received
    Packets switched/dropped by secondary path: Tx 0, Rx 0
  Conditional debugging is disabled
  SSM switch id is 13277, SSM segment id is 25607

Session id 11 is up, logical session id 66506, tunnel id 1712678144
  Remote session id is 33, remote tunnel id 1609120835
  Locally initiated session
  Unique ID is 17
Session Layer 2 circuit, type is Ethernet Vlan, name is Ethernet1/1.57:57
  Session vcid is 57
  Circuit state is UP
    Local circuit state is UP
    Remote circuit state is UP
Call serial number is 0
Remote tunnel name is
  Internet address is 18.0.3.3
Local tunnel name is
  Internet address is 18.0.1.1
IP protocol 115
  Session is manually signaled
  Session state is established, time since change 00:34:03
    200 Packets sent, 200 received
    23546 Bytes sent, 23546 received
  Last clearing of counters never
  Counters, ignoring last clear:
    200 Packets sent, 200 received
    23546 Bytes sent, 23546 received
    Receive packets dropped:
      out-of-order:             0
      other:                    0
      total:                    0
    Send packets dropped:
      exceeded session MTU:     0
      other:                    0
      total:                    0
  DF bit off, ToS reflect disabled, ToS value 0, TTL value 255
  Sending UDP checksums are disabled
  Received UDP checksums are verified
  Session cookie information:
    local cookie, size 4 bytes, value 00 00 04 57
    remote cookie, size 4 bytes, value 00 00 0d 05
  FS cached header information:
    encap size = 32 bytes
    45000014 00000000 ff739373 12000101
    12000303 00000021 00000d05 00000000

  Sequencing is on
    Ns 191, Nr 191, 0 out of order packets received
    Packets switched/dropped by secondary path: Tx 0, Rx 0
  Conditional debugging is disabled
  SSM switch id is 9160, SSM segment id is 21510

Thursday, February 25, 2016

Overlay VPN task #1. Simple L2VPN.

Topology:



Configure loopback0 interfaces and connections between routers for initial configuration.
All routers run IOS.
Each customer routers has one physical connection to one SP router.

Requirements: 

1. Configure the links between SP routers and loopback0 interfaces of SP routers is OSPF area 0. Do     not configure any additional protocols in SP network.
2. Customer A should have two logical links between routers R4  and R6:
               VLAN 46, IPv4 prefix 10.10.46/24 
               VLAN 64, IPv4 prefix 10.10.64/24
3. Customer A routers should see each other as CDP neighbors. 
4. Customer B should have two links as below:
                R5-R7, IPv4 prefix 172.16.57/24
                R5-R8, IPv4 prefix 172.16.58/24
5. VLANs allowed on Customer B routers are:
                VLAN 57 and VLAN 58 on R5.
                VLAN 87 on R7.
                VLAN 85 on R8.

Solution:

Highlight the text below to reveal the solution.

This task requires understanding of basic L2TPv3 configuration, and functionality provided by PORT and VLAN modes. 

Since SP is only running OSPF and no other protocols are allowed, use L2TPv3 and not AToM. 

Requirement #2 & 3 - for customer A, configure L2TPv3 tunnel in port mode - xconnect is configured directly on physical interface. Disable CDP on SP routers interfaces. 

Requirement #4 and 5 - for customer B, configure L2TPv3 in VLAN mode. Note this configuration also provides example of TAG rewrite, which happens automatically for VLAN mode, when VLAN tag does not match on pseudowire endpoints. 

R1:


!
pseudowire-class CUST_A
 encapsulation l2tpv3
 ip local interface Loopback0
!
pseudowire-class CUST_B
 encapsulation l2tpv3
 ip local interface Loopback0
!
!
interface Loopback0
 ip address 18.0.1.1 255.255.255.255
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/0
 ip address 18.0.12.1 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
!
interface Ethernet1/0
 no ip address
 no cdp enable
 xconnect 18.0.3.3 46 pw-class CUST_A
!
interface Ethernet1/1
 no ip address
!
interface Ethernet1/1.57
 encapsulation dot1Q 57
 xconnect 18.0.3.3 57 pw-class CUST_B
!
interface Ethernet1/1.58
 encapsulation dot1Q 58
 xconnect 18.0.3.3 58 pw-class CUST_B
!
!
router ospf 1
 router-id 18.0.1.1
!

R2:

!
interface Loopback0
 ip address 18.0.2.2 255.255.255.255
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/0
 ip address 18.0.12.2 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/1
 ip address 18.0.23.2 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
!
router ospf 1
 router-id 18.0.2.2
!

R3:


pseudowire-class CUST_A
 encapsulation l2tpv3
 ip local interface Loopback0
!
pseudowire-class CUST_B
 encapsulation l2tpv3
 ip local interface Loopback0
!
!
interface Loopback0
 ip address 18.0.3.3 255.255.255.255
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/0
 ip address 18.0.23.3 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
!
interface Ethernet1/0
 no ip address
 no cdp enable
 xconnect 18.0.1.1 46 pw-class CUST_A
!
interface Ethernet1/1
 no ip address
!
interface Ethernet1/1.75
 encapsulation dot1Q 75
 xconnect 18.0.1.1 57 pw-class CUST_B
!
interface Ethernet1/2
 no ip address
!
interface Ethernet1/2.85
 encapsulation dot1Q 85
 xconnect 18.0.1.1 58 pw-class CUST_B
!
!
router ospf 1
 router-id 18.0.3.3
!

R4:


!
interface Ethernet0/0
 no ip address
!
interface Ethernet0/0.46
 encapsulation dot1Q 46
 ip address 10.10.46.4 255.255.255.0
!
interface Ethernet0/0.64
 encapsulation dot1Q 64
 ip address 10.10.64.4 255.255.255.0
!

R5:


!
interface Ethernet0/0
 no ip address
!
interface Ethernet0/0.57
 encapsulation dot1Q 57
 ip address 172.16.57.5 255.255.255.0
!
interface Ethernet0/0.58
 encapsulation dot1Q 58
 ip address 172.16.58.5 255.255.255.0
!

R6:


!
interface Ethernet0/0
 no ip address
!
interface Ethernet0/0.46
 encapsulation dot1Q 46
 ip address 10.10.46.6 255.255.255.0
!
interface Ethernet0/0.64
 encapsulation dot1Q 64
 ip address 10.10.64.6 255.255.255.0
!

R7:


!
interface Ethernet0/0
 no ip address
!
interface Ethernet0/0.75
 encapsulation dot1Q 75
 ip address 172.16.57.7 255.255.255.0
!

R8:


!
interface Ethernet0/0
 no ip address
!
interface Ethernet0/0.85
 encapsulation dot1Q 85
 ip address 172.16.58.8 255.255.255.0
!


Verification:

R4#ping 10.10.46.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.46.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R4#ping 10.10.64.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.64.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms


R4#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
R6               Eth 0/0            167              R  

R6#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
R4               Eth 0/0            169              R    


R5#ping 172.16.57.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.57.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/5 ms
R5#ping 172.16.58.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.58.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/5 ms

R1#show xconnect all
Legend:    XC ST=Xconnect State  S1=Segment1 State  S2=Segment2 State
  UP=Up       DN=Down            AD=Admin Down      IA=Inactive
  SB=Standby  RV=Recovering      NH=No Hardware

XC ST  Segment 1                         S1 Segment 2                         S2
------+---------------------------------+--+---------------------------------+--
UP     ac   Et1/0(Ethernet)              UP l2tp 18.0.3.3:46                  UP
UP     ac   Et1/1.57:57(Eth VLAN)        UP l2tp 18.0.3.3:57                  UP
UP     ac   Et1/1.58:58(Eth VLAN)        UP l2tp 18.0.3.3:58                  UP

R1#show xconnect all detail
Legend:    XC ST=Xconnect State  S1=Segment1 State  S2=Segment2 State
  UP=Up       DN=Down            AD=Admin Down      IA=Inactive
  SB=Standby  RV=Recovering      NH=No Hardware

XC ST  Segment 1                         S1 Segment 2                         S2
------+---------------------------------+--+---------------------------------+--
UP     ac   Et1/0(Ethernet)              UP l2tp 18.0.3.3:46                  UP
            Interworking: none                   Session ID: 2025757049
                                                 Tunnel ID: 3426996124
                                                 Protocol State: UP
                                                 Remote Circuit State: UP
                                                 pw-class: CUST_A
UP     ac   Et1/1.57:57(Eth VLAN)        UP l2tp 18.0.3.3:57                  UP
            Interworking: none                   Session ID: 3872782041
                                                 Tunnel ID: 3426996124
                                                 Protocol State: UP
                                                 Remote Circuit State: UP
                                                 pw-class: CUST_B
UP     ac   Et1/1.58:58(Eth VLAN)        UP l2tp 18.0.3.3:58                  UP
            Interworking: none                   Session ID: 3108065373
                                                 Tunnel ID: 3426996124
                                                 Protocol State: UP
                                                 Remote Circuit State: UP
                                                 pw-class: CUST_B

R1#show l2tp tunnel all

L2TP Tunnel Information Total tunnels 1 sessions 3

Tunnel id 3426996124 is up, remote id is 3287559271, 3 active sessions
  Locally initiated tunnel
  Tunnel state is established, time since change 00:27:35
  Tunnel transport is IP  (115)
  Remote tunnel name is R3
    Internet Address 18.0.3.3, port 0
  Local tunnel name is R1
    Internet Address 18.0.1.1, port 0
  L2TP class for tunnel is l2tp_default_class
  Counters, taking last clear into account:
    393 packets sent, 382 received
    43555 bytes sent, 42838 received
    Last clearing of counters never
  Counters, ignoring last clear:
    393 packets sent, 382 received
    43555 bytes sent, 42838 received
  Control Ns 69, Nr 79
  Local RWS 1024 (default), Remote RWS 1024
  Control channel Congestion Control is disabled
  Tunnel PMTU checking disabled
  Retransmission time 1, max 1 seconds
  Unsent queuesize 0, max 0
  Resend queuesize 0, max 2
  Total resends 0, ZLB ACKs sent 74
  Total out-of-order dropped pkts 0
  Total out-of-order reorder pkts 0
  Total peer authentication failures 0
  Current no session pak queue check 0 of 5
  Retransmit time distribution: 0 0 0 0 0 0 0 0 0
  Control message authentication is disabled

R1#show l2tp session all

L2TP Session Information Total tunnels 1 sessions 3

Session id 2025757049 is up, logical session id 32820, tunnel id 3426996124
  Remote session id is 481336315, remote tunnel id 3287559271
  Locally initiated session
  Unique ID is 4
Session Layer 2 circuit, type is Ethernet, name is Ethernet1/0
  Session vcid is 46
  Circuit state is UP
    Local circuit state is UP
    Remote circuit state is UP
Call serial number is 72000001
Remote tunnel name is R3
  Internet address is 18.0.3.3
Local tunnel name is R1
  Internet address is 18.0.1.1
IP protocol 115
  Session is L2TP signaled
  Session state is established, time since change 00:28:18
    230 Packets sent, 229 received
    24985 Bytes sent, 24908 received
  Last clearing of counters never
  Counters, ignoring last clear:
    230 Packets sent, 229 received
    24985 Bytes sent, 24908 received
    Receive packets dropped:
      out-of-order:             0
      other:                    0
      total:                    0
    Send packets dropped:
      exceeded session MTU:     0
      other:                    0
      total:                    0
  DF bit off, ToS reflect disabled, ToS value 0, TTL value 255
  Sending UDP checksums are disabled
  Received UDP checksums are verified
  No session cookie information available
  FS cached header information:
    encap size = 24 bytes
    45000014 00000000 ff739373 12000101
    12000303 1cb09bfb
  Sequencing is off
  Conditional debugging is disabled
  SSM switch id is 4146, SSM segment id is 8248

Session id 3108065373 is up, logical session id 98420, tunnel id 3426996124
  Remote session id is 1498047836, remote tunnel id 3287559271
  Remotely initiated session
  Unique ID is 5
Session Layer 2 circuit, type is Ethernet Vlan, name is Ethernet1/1.58:58
  Session vcid is 58
  Circuit state is UP
    Local circuit state is UP
    Remote circuit state is UP
Call serial number is 833700003
Remote tunnel name is R3
  Internet address is 18.0.3.3
Local tunnel name is R1
  Internet address is 18.0.1.1
IP protocol 115
  Session is L2TP signaled
  Session state is established, time since change 00:08:40
    20 Packets sent, 20 received
    2306 Bytes sent, 2306 received
  Last clearing of counters never
  Counters, ignoring last clear:
    20 Packets sent, 20 received
    2306 Bytes sent, 2306 received
    Receive packets dropped:
      out-of-order:             0
      other:                    0
      total:                    0
    Send packets dropped:
      exceeded session MTU:     0
      other:                    0
      total:                    0
  DF bit off, ToS reflect disabled, ToS value 0, TTL value 255
  Sending UDP checksums are disabled
  Received UDP checksums are verified
  No session cookie information available
  FS cached header information:
    encap size = 24 bytes
    45000014 00000000 ff739373 12000101
    12000303 594a655c
  Sequencing is off
  Conditional debugging is disabled
  SSM switch id is 8251, SSM segment id is 20598

Session id 3872782041 is up, logical session id 131192, tunnel id 3426996124
  Remote session id is 1020482833, remote tunnel id 3287559271
  Remotely initiated session
  Unique ID is 8
Session Layer 2 circuit, type is Ethernet Vlan, name is Ethernet1/1.57:57
  Session vcid is 57
  Circuit state is UP
    Local circuit state is UP
    Remote circuit state is UP
Call serial number is 833700004
Remote tunnel name is R3
  Internet address is 18.0.3.3
Local tunnel name is R1
  Internet address is 18.0.1.1
IP protocol 115
  Session is L2TP signaled
  Session state is established, time since change 00:08:38
    138 Packets sent, 138 received
    16230 Bytes sent, 16230 received
  Last clearing of counters never
  Counters, ignoring last clear:
    138 Packets sent, 138 received
    16230 Bytes sent, 16230 received
    Receive packets dropped:
      out-of-order:             0
      other:                    0
      total:                    0
    Send packets dropped:
      exceeded session MTU:     0
      other:                    0
      total:                    0
  DF bit off, ToS reflect disabled, ToS value 0, TTL value 255
  Sending UDP checksums are disabled
  Received UDP checksums are verified
  No session cookie information available
  FS cached header information:
    encap size = 24 bytes
    45000014 00000000 ff739373 12000101
    12000303 3cd35511
  Sequencing is off
  Conditional debugging is disabled
  SSM switch id is 12357, SSM segment id is 24698

Friday, February 19, 2016

L3VPN task #12. Simple MVPN part 2

Topology:



Use configuration from L3VPN task #11 as initial configuration for this task.

Requirements: 

Change the configuration from the previous task to comply with the new requirements. 

1. AS 23 shall not rely on rendezvous point for forwarding Customer A multicast traffic. 
2. When possible, optimize the use of AS23 backbone, by only delivering Customer A multicast             traffic to PE routers, when attached Customer site is subscribed to the multicast stream. 

Solution:

Highlight the text below to reveal the solution.

This task requires understanding of PIM SSM and MVPN MDT default and MDT data groups, distributing the MDT information using IPv4 MDT address-family

Requirement #1 - configure PIM-SSM in AS23, and reconfigure the MDT default and data to use SSM groups. 

Requirement #2 - configure MDT data with minimal threshold. This will cause the switchover of high throughput multicast streams to data MDT, which is only delivered to PEs that subscribe to the specific data group (vs default MDT which is delivered to all PEs). 

R1: 


!
vrf definition CUST_A
 rd 100:100
 route-target export 100:100
 route-target import 100:100
 !
 address-family ipv4
  mdt default 232.0.0.1
  mdt data 232.0.1.0 0.0.0.255 threshold 1
  exit-address-family
!
!
router bgp 23
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 23.0.3.3 remote-as 23
 neighbor 23.0.3.3 update-source Loopback0
 neighbor 23.0.5.5 remote-as 23
 neighbor 23.0.5.5 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 23.0.3.3 activate
  neighbor 23.0.3.3 send-community both
  neighbor 23.0.5.5 activate
  neighbor 23.0.5.5 send-community both
 exit-address-family
 !
 address-family ipv4 mdt
  neighbor 23.0.3.3 activate
  neighbor 23.0.3.3 send-community both
  neighbor 23.0.5.5 activate
  neighbor 23.0.5.5 send-community both
 exit-address-family
 !
 address-family ipv4 vrf CUST_A
  redistribute connected
  redistribute static
 exit-address-family
!
ip pim ssm default
!

R2:


!
vrf definition CUST_A
 rd 100:100
 route-target export 100:100
 route-target import 100:100
 !
 address-family ipv4
  mdt default 232.0.0.1
  mdt data 232.0.1.0 0.0.0.255
 exit-address-family
!
!
router bgp 23
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 23.0.3.3 remote-as 23
 neighbor 23.0.3.3 update-source Loopback0
 neighbor 23.0.5.5 remote-as 23
 neighbor 23.0.5.5 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 23.0.3.3 activate
  neighbor 23.0.3.3 send-community both
  neighbor 23.0.5.5 activate
  neighbor 23.0.5.5 send-community both
 exit-address-family
 !
 address-family ipv4 mdt
  neighbor 23.0.3.3 activate
  neighbor 23.0.3.3 send-community both
  neighbor 23.0.5.5 activate
  neighbor 23.0.5.5 send-community both
 exit-address-family
 !
 address-family ipv4 vrf CUST_A
  redistribute connected
  redistribute static
 exit-address-family
!
ip pim ssm default
!

R3:


router bgp 23
 bgp cluster-id 23.0.3.3
 address-family vpnv4 unicast
 !
 address-family ipv4 mdt
 !
 neighbor-group CLIENTS
  remote-as 23
  update-source Loopback0
  address-family vpnv4 unicast
   route-reflector-client
  !
  address-family ipv4 mdt
   route-reflector-client
  !
 !
 neighbor 23.0.1.1
  use neighbor-group CLIENTS
 !
 neighbor 23.0.2.2
  use neighbor-group CLIENTS
 !
 neighbor 23.0.4.4
  use neighbor-group CLIENTS
 !
 neighbor 23.0.5.5
  remote-as 23
  update-source Loopback0
  address-family vpnv4 unicast
  !
 !
!


R4:


!
router bgp 23
 address-family vpnv4 unicast
 !
 address-family ipv4 mdt
 !
 neighbor 23.0.3.3
  remote-as 23
  update-source Loopback0
  address-family vpnv4 unicast
  !
  address-family ipv4 mdt
  !
 !
 neighbor 23.0.5.5
  remote-as 23
  update-source Loopback0
  address-family vpnv4 unicast
  !
  address-family ipv4 mdt
  !
 !
 vrf CUST_A
  rd 100:100
  address-family ipv4 unicast
   redistribute connected
   redistribute static
  !
 !
!
multicast-routing
 address-family ipv4
  mdt source Loopback0
  interface all enable
 !
 vrf CUST_A
  address-family ipv4
   interface all enable
   mdt default ipv4 232.0.0.1
   mdt data 232.0.1.0/24
  !
 !
!


R5:


router bgp 23
 bgp cluster-id 23.0.5.5
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor CLIENTS peer-group
 neighbor CLIENTS remote-as 23
 neighbor CLIENTS update-source Loopback0
 neighbor 23.0.1.1 peer-group CLIENTS
 neighbor 23.0.2.2 peer-group CLIENTS
 neighbor 23.0.3.3 remote-as 23
 neighbor 23.0.3.3 update-source Loopback0
 neighbor 23.0.4.4 peer-group CLIENTS
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor CLIENTS send-community both
  neighbor CLIENTS route-reflector-client
  neighbor 23.0.1.1 activate
  neighbor 23.0.2.2 activate
  neighbor 23.0.3.3 activate
  neighbor 23.0.3.3 send-community both
  neighbor 23.0.4.4 activate
 exit-address-family
 !
 address-family ipv4 mdt
  neighbor CLIENTS send-community both
  neighbor CLIENTS route-reflector-client
  neighbor 23.0.1.1 activate
  neighbor 23.0.2.2 activate
  neighbor 23.0.4.4 activate
 exit-address-family



Verification:


Note: in order to case the switchover from default to data mdt, you need to generate a high bandwidth stream. If using ICMP, time "timeout 0". 


Wednesday, February 17, 2016

L3VPN task 11. Simple MVPN.

Topology:



Configure loopback0 interfaces and links between routers for initial configuration.

AS23 is the service provider, offering L3VPN and MVPN service.
Routers R6, R7 and R8 are Customer-A routers, interconnected via AS23.

Requirements: 

1. Configure AS23 network: 
          1.1 Use single area OSPF ( area 0 ). 
          1.2 Minimize the amount of iBGP sessions, but ensure redundancy in case of router failure. 

2. Configure unicast L3VPN service for Customer-A
          2.1 each customer site is allocated a /24 prefix according to topology diagram. 
          2.2 use static routing to provide unicast connectivity between customer sites. 

3. Configure MVPN service for Customer-A
          3.1 AS23 shall use multicast group 239.0.1.1 to transport Customer-A multicast traffic. 
          3.2 AS23 configuration shall provide redundancy for case of router failure
          3.2 only use PIM-SM
          3.3 only use standards-based protocol to distribute RP information when required

To test the configuration, subscribe to multicast group 239.10.10.10 on R7 loopback0 and R8 loopback0 interfaces. Send multicast traffic from R6 loopback0 interfaces. Verify that both R7 and R8 receive the traffic. 

Solution:

Highlight the text below to reveal the solution.

This task requires understanding of MVPN configuration (Draft-Rosen).
For this task, only default MDT is required.

Requirement #1 - Configure two route-reflectors in order to minimize the amount of iBGP sessions                                  and provide redundancy. Note that two route-reflectors must have different cluster-                              id.

Requirement #3 - Configure MVPN with default MDT group only, as no switching to data MDT is                                  required. Use BSR to distribute RP information both in AS23 and in Customer A                                  networks. In AS23, configure two RP candidates and two BSR candidates to                                        provide redundancy.


R1: 


!
vrf definition CUST_A
 rd 100:100
 route-target export 100:100
 route-target import 100:100
 !
 address-family ipv4
  mdt default 239.0.1.1
 exit-address-family
!
ip multicast-routing
ip multicast-routing vrf CUST_A
!
!
interface Loopback0
 ip address 23.0.1.1 255.255.255.255
 ip pim sparse-mode
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/0
 ip address 23.0.15.1 255.255.255.0
 ip pim sparse-mode
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/1
 ip address 23.0.13.1 255.255.255.0
 ip pim sparse-mode
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/2
 ip address 23.0.12.1 255.255.255.0
 ip pim sparse-mode
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/3
 ip address 23.0.14.1 255.255.255.0
 ip pim sparse-mode
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet1/0
 vrf forwarding CUST_A
 ip address 23.0.16.1 255.255.255.0
 ip pim sparse-mode
!
!
router ospf 1
 mpls ldp autoconfig
 router-id 23.0.1.1
!
router bgp 23
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 23.0.3.3 remote-as 23
 neighbor 23.0.3.3 update-source Loopback0
 neighbor 23.0.5.5 remote-as 23
 neighbor 23.0.5.5 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 23.0.3.3 activate
  neighbor 23.0.3.3 send-community both
  neighbor 23.0.5.5 activate
  neighbor 23.0.5.5 send-community both
 exit-address-family
 !
 address-family ipv4 vrf CUST_A
  redistribute connected
  redistribute static
 exit-address-family
!
ip route vrf CUST_A 10.0.6.0 255.255.255.0 23.0.16.6
!


R2: 

!
vrf definition CUST_A
 rd 100:100
 route-target export 100:100
 route-target import 100:100
 !
 address-family ipv4
  mdt default 239.0.1.1
 exit-address-family
!
ip multicast-routing
ip multicast-routing vrf CUST_A
!
!
interface Loopback0
 ip address 23.0.2.2 255.255.255.255
 ip pim sparse-mode
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/0
 ip address 23.0.25.2 255.255.255.0
 ip pim sparse-mode
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/1
 ip address 23.0.23.2 255.255.255.0
 ip pim sparse-mode
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/2
 ip address 23.0.12.2 255.255.255.0
 ip pim sparse-mode
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/3
 ip address 23.0.24.2 255.255.255.0
 ip pim sparse-mode
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet1/0
 vrf forwarding CUST_A
 ip address 23.0.27.2 255.255.255.0
 ip pim sparse-mode
!
!
router ospf 1
 mpls ldp autoconfig
 router-id 23.0.2.2
!
router bgp 23
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 23.0.3.3 remote-as 23
 neighbor 23.0.3.3 update-source Loopback0
 neighbor 23.0.5.5 remote-as 23
 neighbor 23.0.5.5 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 23.0.3.3 activate
  neighbor 23.0.3.3 send-community both
  neighbor 23.0.5.5 activate
  neighbor 23.0.5.5 send-community both
 exit-address-family
 !
 address-family ipv4 mdt
  neighbor 23.0.3.3 activate
  neighbor 23.0.3.3 send-community extended
  neighbor 23.0.5.5 activate
  neighbor 23.0.5.5 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf CUST_A
  redistribute connected
  redistribute static
 exit-address-family
!
ip route vrf CUST_A 10.0.7.0 255.255.255.0 23.0.27.7
!

R3: 

!
interface Loopback0
 ipv4 address 23.0.3.3 255.255.255.255
!
!
interface GigabitEthernet0/0/0/0
 ipv4 address 23.0.35.3 255.255.255.0
!
interface GigabitEthernet0/0/0/1
 ipv4 address 23.0.13.3 255.255.255.0
!
interface GigabitEthernet0/0/0/2
 ipv4 address 23.0.23.3 255.255.255.0
!
interface GigabitEthernet0/0/0/3
 ipv4 address 23.0.34.3 255.255.255.0
!
!
router ospf 1
 router-id 23.0.3.3
 area 0
  interface Loopback0
  !
  interface GigabitEthernet0/0/0/0
   network point-to-point
  !
  interface GigabitEthernet0/0/0/1
   network point-to-point
  !
  interface GigabitEthernet0/0/0/2
   network point-to-point
  !
  interface GigabitEthernet0/0/0/3
   network point-to-point
  !
 !
!
router bgp 23
 bgp cluster-id 23.0.3.3
 address-family vpnv4 unicast
 !
 neighbor-group CLIENTS
  remote-as 23
  update-source Loopback0
  address-family vpnv4 unicast
   route-reflector-client
  !
 !
 neighbor 23.0.1.1
  use neighbor-group CLIENTS
 !
 neighbor 23.0.2.2
  use neighbor-group CLIENTS
 !
 neighbor 23.0.4.4
  use neighbor-group CLIENTS
 !
 neighbor 23.0.5.5
  remote-as 23
  update-source Loopback0
  address-family vpnv4 unicast
  !
 !
!
mpls ldp
 interface GigabitEthernet0/0/0/0
 !
 interface GigabitEthernet0/0/0/1
 !
 interface GigabitEthernet0/0/0/2
 !
 interface GigabitEthernet0/0/0/3
 !
!
multicast-routing
 address-family ipv4
  interface all enable
 !
!
router pim
 address-family ipv4
  bsr candidate-bsr 23.0.3.3 hash-mask-len 30 priority 1
  bsr candidate-rp 23.0.3.3 priority 192 interval 60
 !
!


R4: 


!
logging console debugging
vrf CUST_A
 address-family ipv4 unicast
  import route-target
   100:100
  !
  export route-target
   100:100
  !
 !
!
!
interface Loopback0
 ipv4 address 23.0.4.4 255.255.255.255
!
!
interface GigabitEthernet0/0/0/0
 ipv4 address 23.0.45.4 255.255.255.0
!
interface GigabitEthernet0/0/0/1
 ipv4 address 23.0.34.4 255.255.255.0
!
interface GigabitEthernet0/0/0/2
 ipv4 address 23.0.14.4 255.255.255.0
!
interface GigabitEthernet0/0/0/3
 ipv4 address 23.0.24.4 255.255.255.0
!
interface GigabitEthernet0/0/0/4
 vrf CUST_A
 ipv4 address 23.0.48.4 255.255.255.0
!
!
router static
 vrf CUST_A
  address-family ipv4 unicast
   10.0.8.0/24 23.0.48.8
  !
 !
!
router ospf 1
 router-id 23.0.4.4
 area 0
  interface Loopback0
  !
  interface GigabitEthernet0/0/0/0
   network point-to-point
  !
  interface GigabitEthernet0/0/0/1
   network point-to-point
  !
  interface GigabitEthernet0/0/0/2
   network point-to-point
  !
  interface GigabitEthernet0/0/0/3
   network point-to-point
  !
 !
!
router bgp 23
 address-family vpnv4 unicast
 !
 neighbor 23.0.3.3
  remote-as 23
  update-source Loopback0
  address-family vpnv4 unicast
  !
 !
 neighbor 23.0.5.5
  remote-as 23
  update-source Loopback0
  address-family vpnv4 unicast
  !
 !
 vrf CUST_A
  rd 100:100
  address-family ipv4 unicast
   redistribute connected
   redistribute static
  !
 !
!
mpls ldp
 interface GigabitEthernet0/0/0/0
 !
 interface GigabitEthernet0/0/0/1
 !
 interface GigabitEthernet0/0/0/2
 !
 interface GigabitEthernet0/0/0/3
 !
!
multicast-routing
 address-family ipv4
  mdt source Loopback0
  interface all enable
 !
 vrf CUST_A
  address-family ipv4
   interface all enable
   mdt default ipv4 239.0.1.1
  !
 !
!


R5: 


!
ip multicast-routing
!
!
interface Loopback0
 ip address 23.0.5.5 255.255.255.255
 ip pim sparse-mode
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/0
 ip address 23.0.35.5 255.255.255.0
 ip pim sparse-mode
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/1
 ip address 23.0.15.5 255.255.255.0
 ip pim sparse-mode
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/2
 ip address 23.0.25.5 255.255.255.0
 ip pim sparse-mode
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/3
 ip address 23.0.45.5 255.255.255.0
 ip pim sparse-mode
 ip ospf network point-to-point
 ip ospf 1 area 0
!
!
router ospf 1
 mpls ldp autoconfig
 router-id 23.0.5.5
!
router bgp 23
 bgp cluster-id 23.0.5.5
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor CLIENTS peer-group
 neighbor CLIENTS remote-as 23
 neighbor CLIENTS update-source Loopback0
 neighbor 23.0.1.1 peer-group CLIENTS
 neighbor 23.0.2.2 peer-group CLIENTS
 neighbor 23.0.3.3 remote-as 23
 neighbor 23.0.3.3 update-source Loopback0
 neighbor 23.0.4.4 peer-group CLIENTS
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor CLIENTS send-community both
  neighbor CLIENTS route-reflector-client
  neighbor 23.0.1.1 activate
  neighbor 23.0.2.2 activate
  neighbor 23.0.3.3 activate
  neighbor 23.0.3.3 send-community both
  neighbor 23.0.4.4 activate
 exit-address-family
!

R6:

!
ip multicast-routing
!
!
interface Loopback0
 ip address 10.0.6.6 255.255.255.255
 ip pim sparse-mode
!
interface Ethernet0/0
 ip address 23.0.16.6 255.255.255.0
 ip pim sparse-mode
!
ip pim bsr-candidate Loopback0 0
ip pim rp-candidate Loopback0
ip route 0.0.0.0 0.0.0.0 23.0.16.1
!

R7:


ip multicast-routing
!
interface Loopback0
 ip address 10.0.7.7 255.255.255.255
 ip pim sparse-mode
 ip igmp join-group 239.10.10.10
!
interface Ethernet0/0
 ip address 23.0.27.7 255.255.255.0
 ip pim sparse-mode
!
ip route 0.0.0.0 0.0.0.0 23.0.27.2


R8:


ip multicast-routing
!
!
interface Loopback0
 ip address 10.0.8.8 255.255.255.255
 ip pim sparse-mode
 ip igmp join-group 239.10.10.10
!
interface Ethernet0/0
 ip address 23.0.48.8 255.255.255.0
 ip pim sparse-mode
!
ip route 0.0.0.0 0.0.0.0 23.0.48.4
!



Verification:


R1#sh ip pim neighbor
PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
      P - Proxy Capable, S - State Refresh Capable, G - GenID Capable
Neighbor          Interface                Uptime/Expires    Ver   DR
Address                                                            Prio/Mode
23.0.15.5         Ethernet0/0              05:20:27/00:01:33 v2    1 / DR S P G
23.0.13.3         Ethernet0/1              05:16:59/00:01:26 v2    1 / DR G
23.0.12.2         Ethernet0/2              04:54:07/00:01:20 v2    1 / DR S P G
23.0.14.4         Ethernet0/3              05:16:27/00:01:21 v2    1 / DR G

R1#sh ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/4
  RP 23.0.5.5 (?), v2
    Info source: 23.0.3.3 (?), via bootstrap, priority 0, holdtime 150
         Uptime: 04:43:23, expires: 00:02:06
  RP 23.0.3.3 (?), v2
    Info source: 23.0.3.3 (?), via bootstrap, priority 192, holdtime 150
         Uptime: 04:46:38, expires: 00:02:07


R1#        show ip pim vrf CUST_A neighbor
PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
      P - Proxy Capable, S - State Refresh Capable, G - GenID Capable
Neighbor          Interface                Uptime/Expires    Ver   DR
Address                                                            Prio/Mode
23.0.4.4          Tunnel1                  04:37:13/00:01:23 v2    1 / DR G
23.0.2.2          Tunnel1                  04:51:34/00:01:37 v2    1 / S P G
23.0.16.6         Ethernet1/0              05:03:06/00:01:44 v2    1 / DR S P G

R1#sh ip pim vrf CUST_A rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/4
  RP 10.0.6.6 (?), v2
    Info source: 10.0.6.6 (?), via bootstrap, priority 0, holdtime 150
         Uptime: 04:42:23, expires: 00:01:51


R2#           sh ip pim neighbor
PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
      P - Proxy Capable, S - State Refresh Capable, G - GenID Capable
Neighbor          Interface                Uptime/Expires    Ver   DR
Address                                                            Prio/Mode
23.0.25.5         Ethernet0/0              04:55:29/00:01:21 v2    1 / DR S P G
23.0.23.3         Ethernet0/1              04:55:56/00:01:37 v2    1 / DR G
23.0.12.1         Ethernet0/2              04:55:29/00:01:34 v2    1 / S P G
23.0.24.4         Ethernet0/3              04:55:58/00:01:26 v2    1 / DR G


R2#sh ip pim vrf CUST_A neighbor
PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
      P - Proxy Capable, S - State Refresh Capable, G - GenID Capable
Neighbor          Interface                Uptime/Expires    Ver   DR
Address                                                            Prio/Mode
23.0.27.7         Ethernet1/0              04:55:34/00:01:36 v2    1 / DR S P G
23.0.4.4          Tunnel0                  04:39:43/00:01:24 v2    1 / DR G
23.0.1.1          Tunnel0                  04:49:38/00:01:44 v2    1 / S P G

RP/0/0/CPU0:ios#            show pim interface
Mon Jan 18 18:02:44.871 UTC

PIM interfaces in VRF default
Address               Interface                     PIM  Nbr   Hello  DR    DR
                                                         Count Intvl  Prior

23.0.4.4              Loopback0                     on   1     30     1     this system
23.0.45.4             GigabitEthernet0/0/0/0        on   2     30     1     23.0.45.5
23.0.34.4             GigabitEthernet0/0/0/1        on   2     30     1     this system
23.0.14.4             GigabitEthernet0/0/0/2        on   2     30     1     this system
23.0.24.4             GigabitEthernet0/0/0/3        on   2     30     1     this system

RP/0/0/CPU0:ios#show pim rp mapping
Mon Jan 18 18:02:49.151 UTC
PIM Group-to-RP Mappings
Group(s) 224.0.0.0/4
  RP 23.0.5.5 (?), v2
    Info source: 23.0.34.3 (?), elected via bsr, priority 0, holdtime 150
      Uptime: 04:53:16, expires: 00:01:49
Group(s) 224.0.0.0/4
  RP 23.0.3.3 (?), v2
    Info source: 23.0.34.3 (?), elected via bsr, priority 192, holdtime 150
      Uptime: 04:51:59, expires: 00:01:49


RP/0/0/CPU0:ios#show pim vrf CUST_A interface
Mon Jan 18 18:02:55.390 UTC

PIM interfaces in VRF CUST_A
Address               Interface                     PIM  Nbr   Hello  DR    DR
                                                         Count Intvl  Prior

23.0.4.4              mdtCUST/A                     on   3     30     1     this system
23.0.48.4             GigabitEthernet0/0/0/4        on   2     30     1     23.0.48.8


RP/0/0/CPU0:ios#show pim neighbor
Mon Jan 18 18:02:59.230 UTC

PIM neighbors in VRF default
Flag: B - Bidir capable, P - Proxy capable, DR - Designated Router,
      E - ECMP Redirect capable
      * indicates the neighbor created for this router

Neighbor Address             Interface              Uptime    Expires  DR pri   Flags

23.0.45.4*                   GigabitEthernet0/0/0/0 05:22:05  00:01:34 1      B E
23.0.45.5                    GigabitEthernet0/0/0/0 05:21:59  00:01:42 1 (DR) P
23.0.34.3                    GigabitEthernet0/0/0/1 05:22:00  00:01:19 1      B
23.0.34.4*                   GigabitEthernet0/0/0/1 05:22:05  00:01:23 1 (DR) B E
23.0.14.1                    GigabitEthernet0/0/0/2 05:22:02  00:01:21 1      P
23.0.14.4*                   GigabitEthernet0/0/0/2 05:22:05  00:01:18 1 (DR) B E
23.0.24.2                    GigabitEthernet0/0/0/3 05:22:00  00:01:17 1      P
23.0.24.4*                   GigabitEthernet0/0/0/3 05:22:05  00:01:44 1 (DR) B E
23.0.4.4*                    Loopback0              05:22:05  00:01:24 1 (DR) B E

PIM neighbors in VRF CUST_A
Flag: B - Bidir capable, P - Proxy capable, DR - Designated Router,
      E - ECMP Redirect capable
      * indicates the neighbor created for this router

Neighbor Address             Interface              Uptime    Expires  DR pri   Flags

23.0.48.4*                   GigabitEthernet0/0/0/4 04:44:57  00:01:32 1      B E
23.0.48.8                    GigabitEthernet0/0/0/4 04:44:54  00:01:18 1 (DR) P
23.0.1.1                     mdtCUST/A              04:43:39  00:01:18 1      P
23.0.2.2                     mdtCUST/A              04:43:35  00:01:40 1      P
23.0.4.4*                    mdtCUST/A              04:43:40  00:01:33 1 (DR)


RP/0/0/CPU0:ios#show pim vrf CUST_A rp mapping
Mon Jan 18 18:03:20.298 UTC
PIM Group-to-RP Mappings
Group(s) 224.0.0.0/4
  RP 10.0.6.6 (?), v2
    Info source: 23.0.1.1 (?), elected via bsr, priority 0, holdtime 150
      Uptime: 04:43:30, expires: 00:01:48


R6#sh ip pim neighbor
PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
      P - Proxy Capable, S - State Refresh Capable, G - GenID Capable
Neighbor          Interface                Uptime/Expires    Ver   DR
Address                                                            Prio/Mode
23.0.16.1         Ethernet0/0              05:14:46/00:01:25 v2    1 / S P G


R6#ping 239.10.10.10 source lo0 repeat 4
Type escape sequence to abort.
Sending 4, 100-byte ICMP Echos to 239.10.10.10, timeout is 2 seconds:
Packet sent with a source address of 10.0.6.6

Reply to request 0 from 10.0.7.7, 6 ms
Reply to request 0 from 10.0.8.8, 19 ms
Reply to request 0 from 10.0.8.8, 16 ms
Reply to request 0 from 10.0.7.7, 12 ms
Reply to request 1 from 10.0.7.7, 2 ms
Reply to request 1 from 10.0.8.8, 6 ms
Reply to request 1 from 10.0.8.8, 6 ms
Reply to request 1 from 10.0.7.7, 2 ms
Reply to request 2 from 10.0.7.7, 2 ms
Reply to request 2 from 10.0.8.8, 6 ms
Reply to request 2 from 10.0.8.8, 5 ms
Reply to request 2 from 10.0.7.7, 3 ms
Reply to request 3 from 10.0.7.7, 3 ms
Reply to request 3 from 10.0.8.8, 7 ms
Reply to request 3 from 10.0.8.8, 6 ms
Reply to request 3 from 10.0.7.7, 3 ms