Thursday, March 17, 2016

Overlay VPN task #5. GRE based VPN part 1.

Topology:



Configure loopback0 interfaces and links between routers for initial configuration.
AS30 and AS31 provides connectivity between customer sites R6, R7 and R8.
Customer network uses private IP address space 10/8, which should not be advertised to AS30 and AS31.

Requirements: 

1. Configure AS30 internal network using OSPF area 0.
2. Configure AS31 internal network using ISIS area 49.0045. Only create Level-2 databases. 
3. Configure link between AS30 and AS31 using network 30.0.24/24. Each AS shall advertise it's /16 prefix to neighbor AS. 
4. Configure links between R6, R7 and R8 to AS30 and AS31. Use networks 30.0.16/24, 31.0.57/24 and 30.0.38/24. 
5. On R6, R7 and R8, use static default route to provide connectivity to external networks (31.0/16 and 30.0/16). 
6. Configure routers R6, R7 and R8 to provide connectivity between customer private networks (10.X). 
            6.1 Each site shall have connectivity to every other site. 
            6.2 Traffic between branches shall always traverse the HQ router R6. 
            6.3 Traffic shall be GRE encapsulated. Only single GRE tunnel per router is allowed. 
            6.4 Use OSPF area 0 to exchange routing information between customer sites. 

Solution:

Highlight the text below to reveal the solution.

This task requires understanding of DMVPN Phase I with OSPF as routing protocol. 

Requirement #6 - GRE encapsulation, and limitation of one tunnel per router requires mGRE tunnel at the HQ site, which leads to DMVPN solution. Requirement to always send traffic via the hub site implies DMVPN phase I. 
Note that using OSPF requires to manually set OSPF network type to Broadcast on tunnel interfaces, and adjust the priority to force the hub site to be elected DR, and spoke sites to be DROTHER. 

R1:

!
interface Loopback0
 ip address 30.0.1.1 255.255.255.0
 ip ospf 1 area 0
!
interface Ethernet0/0
 ip address 30.0.12.1 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/1
 ip address 30.0.13.1 255.255.255.0
 ip ospf 1 area 0
!
!
interface Ethernet1/0
 ip address 30.0.16.1 255.255.255.0
 ip ospf 1 area 0
!
!
router ospf 1
 router-id 30.0.1.1
 passive-interface Ethernet1/0
!
router bgp 30
 bgp router-id 30.0.1.1
 bgp log-neighbor-changes
 neighbor 30.0.2.2 remote-as 30
 neighbor 30.0.2.2 update-source Loopback0
 neighbor 30.0.3.3 remote-as 30
 neighbor 30.0.3.3 update-source Loopback0
!

R2:

!
interface Loopback0
 ip address 30.0.2.2 255.255.255.255
 ip ospf 1 area 0
!
interface Ethernet0/0
 ip address 30.0.12.2 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/1
 ip address 30.0.23.2 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
!
interface Ethernet1/0
 ip address 30.0.24.2 255.255.255.0
 ip ospf 1 area 0
!
!
router ospf 1
 router-id 30.0.2.2
 passive-interface Ethernet1/0
!
router bgp 30
 bgp router-id 30.0.2.2
 bgp log-neighbor-changes
 network 30.0.0.0 mask 255.255.0.0
 neighbor 30.0.1.1 remote-as 30
 neighbor 30.0.1.1 update-source Loopback0
 neighbor 30.0.3.3 remote-as 30
 neighbor 30.0.3.3 update-source Loopback0
 neighbor 30.0.24.4 remote-as 31
!
ip route 30.0.0.0 255.255.0.0 Null0

R3:

!
interface Loopback0
 ip address 30.0.3.3 255.255.255.255
 ip ospf 1 area 0
!
interface Ethernet0/0
 ip address 30.0.13.3 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface Ethernet0/1
 ip address 30.0.23.3 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
!
interface Ethernet1/0
 ip address 30.0.38.3 255.255.255.0
 ip ospf 1 area 0
!
!
router ospf 1
 router-id 30.0.3.3
 passive-interface Ethernet1/0
!
router bgp 30
 bgp log-neighbor-changes
 neighbor 30.0.1.1 remote-as 30
 neighbor 30.0.1.1 update-source Loopback0
 neighbor 30.0.2.2 remote-as 30
 neighbor 30.0.2.2 update-source Loopback0
!

R4:

!
interface Loopback0
 ip address 31.0.4.4 255.255.255.255
 ip router isis 1
!
interface Ethernet0/0
 ip address 31.0.45.4 255.255.255.0
 ip router isis 1
!
!
interface Ethernet1/0
 ip address 30.0.24.4 255.255.255.0
!
!
router isis 1
 net 49.0045.0000.0000.0004.00
 is-type level-2-only
 metric-style wide
 passive-interface Ethernet1/0
!
router bgp 31
 bgp log-neighbor-changes
 network 31.0.0.0 mask 255.255.0.0
 neighbor 30.0.24.2 remote-as 30
 neighbor 31.0.5.5 remote-as 31
 neighbor 31.0.5.5 update-source Loopback0
!
ip route 31.0.0.0 255.255.0.0 Null0

R5:

!
interface Loopback0
 ip address 31.0.5.5 255.255.255.255
 ip router isis 1
!
interface Ethernet0/0
 ip address 31.0.45.5 255.255.255.0
 ip router isis 1
!
!
interface Ethernet1/0
 ip address 31.0.57.5 255.255.255.0
!
!
router isis 1
 net 49.0045.0000.0000.0005.00
 is-type level-2-only
 metric-style wide
 passive-interface Ethernet1/0
!
router bgp 31
 bgp log-neighbor-changes
 neighbor 31.0.4.4 remote-as 31
 neighbor 31.0.4.4 update-source Loopback0
!

R6:

!
interface Loopback0
 ip address 10.6.6.6 255.255.255.255
 ip ospf 1 area 0
!
interface Tunnel1
 ip address 10.0.0.6 255.255.255.0
 no ip redirects
 ip nhrp map multicast dynamic
 ip nhrp network-id 100
 ip ospf network broadcast
 ip ospf priority 255
 ip ospf 1 area 0
 tunnel source Ethernet0/0
 tunnel mode gre multipoint
!
interface Ethernet0/0
 ip address 30.0.16.6 255.255.255.0
!
interface Ethernet0/1
 ip address 10.6.1.1 255.255.255.0
 ip ospf 1 area 0
 no keepalive
!
!
router ospf 1
 router-id 10.6.6.6
!
ip route 0.0.0.0 0.0.0.0 30.0.16.1

R7:

!
interface Loopback0
 ip address 10.7.7.7 255.255.255.255
 ip ospf 1 area 0
!
interface Tunnel1
 ip address 10.0.0.7 255.255.255.0
 ip nhrp map 10.0.0.6 30.0.16.6
 ip nhrp map multicast 30.0.16.6
 ip nhrp network-id 100
 ip nhrp nhs 10.0.0.6
 ip ospf network broadcast
 ip ospf priority 0
 ip ospf 1 area 0
 tunnel source Ethernet0/0
 tunnel destination 30.0.16.6
!
interface Ethernet0/0
 ip address 31.0.57.7 255.255.255.0
!
interface Ethernet0/1
 ip address 10.7.1.1 255.255.255.0
 ip ospf 1 area 0
 no keepalive
!
!
router ospf 1
 router-id 10.7.7.7
!
ip route 0.0.0.0 0.0.0.0 31.0.57.5

R8:

!
interface Loopback0
 ip address 10.8.8.8 255.255.255.255
 ip ospf 1 area 0
!
interface Tunnel1
 ip address 10.0.0.8 255.255.255.0
 ip nhrp map 10.0.0.6 30.0.16.6
 ip nhrp map multicast 30.0.16.6
 ip nhrp network-id 100
 ip nhrp nhs 10.0.0.6
 ip ospf network broadcast
 ip ospf priority 0
 ip ospf 1 area 0
 tunnel source Ethernet0/0
 tunnel destination 30.0.16.6
!
interface Ethernet0/0
 ip address 30.0.38.8 255.255.255.0
!
interface Ethernet0/1
 ip address 10.8.1.1 255.255.255.0
 ip ospf 1 area 0
!
!
router ospf 1
 router-id 10.8.8.8
!
ip route 0.0.0.0 0.0.0.0 30.0.38.3

Verification:

Note that AS30 and AS31 are not aware of private customer routing.

R1#       sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      30.0.0.0/8 is variably subnetted, 14 subnets, 3 masks
B        30.0.0.0/16 [200/0] via 30.0.2.2, 06:05:21
C        30.0.1.0/24 is directly connected, Loopback0
L        30.0.1.1/32 is directly connected, Loopback0
O        30.0.2.2/32 [110/11] via 30.0.12.2, 06:06:22, Ethernet0/0
O        30.0.3.3/32 [110/21] via 30.0.12.2, 06:03:15, Ethernet0/0
C        30.0.12.0/24 is directly connected, Ethernet0/0
L        30.0.12.1/32 is directly connected, Ethernet0/0
C        30.0.13.0/24 is directly connected, Ethernet0/1
L        30.0.13.1/32 is directly connected, Ethernet0/1
C        30.0.16.0/24 is directly connected, Ethernet1/0
L        30.0.16.1/32 is directly connected, Ethernet1/0
O        30.0.23.0/24 [110/20] via 30.0.12.2, 06:06:12, Ethernet0/0
O        30.0.24.0/24 [110/20] via 30.0.12.2, 06:06:12, Ethernet0/0
O        30.0.38.0/24 [110/30] via 30.0.12.2, 06:03:15, Ethernet0/0
      31.0.0.0/16 is subnetted, 1 subnets
B        31.0.0.0 [200/0] via 30.0.24.4, 06:00:09


R3#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      30.0.0.0/8 is variably subnetted, 13 subnets, 3 masks
B        30.0.0.0/16 [200/0] via 30.0.2.2, 06:01:57
O        30.0.1.1/32 [110/21] via 30.0.23.2, 06:03:26, Ethernet0/1
O        30.0.2.2/32 [110/11] via 30.0.23.2, 06:03:26, Ethernet0/1
C        30.0.3.3/32 is directly connected, Loopback0
O        30.0.12.0/24 [110/20] via 30.0.23.2, 06:03:26, Ethernet0/1
C        30.0.13.0/24 is directly connected, Ethernet0/0
L        30.0.13.3/32 is directly connected, Ethernet0/0
O        30.0.16.0/24 [110/30] via 30.0.23.2, 06:03:26, Ethernet0/1
C        30.0.23.0/24 is directly connected, Ethernet0/1
L        30.0.23.3/32 is directly connected, Ethernet0/1
O        30.0.24.0/24 [110/20] via 30.0.23.2, 06:03:26, Ethernet0/1
C        30.0.38.0/24 is directly connected, Ethernet1/0
L        30.0.38.3/32 is directly connected, Ethernet1/0
      31.0.0.0/16 is subnetted, 1 subnets
B        31.0.0.0 [200/0] via 30.0.24.4, 06:00:22

R5#        sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      30.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B        30.0.0.0/16 [200/0] via 30.0.24.2, 05:58:16
i L2     30.0.24.0/24 [115/10] via 31.0.45.4, 05:58:27, Ethernet0/0
      31.0.0.0/8 is variably subnetted, 7 subnets, 3 masks
B        31.0.0.0/16 [200/0] via 31.0.4.4, 05:58:16
i L2     31.0.4.4/32 [115/20] via 31.0.45.4, 05:58:27, Ethernet0/0
C        31.0.5.5/32 is directly connected, Loopback0
C        31.0.45.0/24 is directly connected, Ethernet0/0
L        31.0.45.5/32 is directly connected, Ethernet0/0
C        31.0.57.0/24 is directly connected, Ethernet1/0
L        31.0.57.5/32 is directly connected, Ethernet1/0


R6#          sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 30.0.16.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 30.0.16.1
      10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
C        10.0.0.0/24 is directly connected, Tunnel1
L        10.0.0.6/32 is directly connected, Tunnel1
C        10.6.1.0/24 is directly connected, Ethernet0/1
L        10.6.1.1/32 is directly connected, Ethernet0/1
C        10.6.6.6/32 is directly connected, Loopback0
O        10.7.1.0/24 [110/1010] via 10.0.0.7, 05:11:27, Tunnel1
O        10.7.7.7/32 [110/1001] via 10.0.0.7, 05:11:27, Tunnel1
O        10.8.1.0/24 [110/1010] via 10.0.0.8, 05:11:27, Tunnel1
O        10.8.8.8/32 [110/1001] via 10.0.0.8, 05:11:27, Tunnel1
      30.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        30.0.16.0/24 is directly connected, Ethernet0/0
L        30.0.16.6/32 is directly connected, Ethernet0/0


R6#    sho ip nhrp dynamic
10.0.0.7/32 via 10.0.0.7
   Tunnel1 created 05:12:42, expire 01:27:18
   Type: dynamic, Flags: unique registered
   NBMA address: 31.0.57.7
10.0.0.8/32 via 10.0.0.8
   Tunnel1 created 05:12:40, expire 01:27:20
   Type: dynamic, Flags: unique registered
   NBMA address: 30.0.38.8



R6#sh ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
10.7.7.7          0   FULL/DROTHER    00:00:39    10.0.0.7        Tunnel1
10.8.8.8          0   FULL/DROTHER    00:00:30    10.0.0.8        Tunnel1


R7#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 31.0.57.5 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 31.0.57.5
      10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
C        10.0.0.0/24 is directly connected, Tunnel1
L        10.0.0.7/32 is directly connected, Tunnel1
O        10.6.1.0/24 [110/1010] via 10.0.0.6, 05:12:34, Tunnel1
O        10.6.6.6/32 [110/1001] via 10.0.0.6, 05:12:34, Tunnel1
C        10.7.1.0/24 is directly connected, Ethernet0/1
L        10.7.1.1/32 is directly connected, Ethernet0/1
C        10.7.7.7/32 is directly connected, Loopback0
O        10.8.1.0/24 [110/1010] via 10.0.0.8, 05:12:24, Tunnel1
O        10.8.8.8/32 [110/1001] via 10.0.0.8, 05:12:24, Tunnel1
      31.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        31.0.57.0/24 is directly connected, Ethernet0/0
L        31.0.57.7/32 is directly connected, Ethernet0/0

R7# traceroute 10.8.1.1 source 10.7.1.1
Type escape sequence to abort.
Tracing the route to 10.8.1.1
VRF info: (vrf in name/id, vrf out name/id)
  1 10.0.0.6 5 msec 5 msec 6 msec
  2 10.0.0.8 5 msec 5 msec 6 msec

R7# traceroute 10.6.1.1 source 10.7.1.1
Type escape sequence to abort.
Tracing the route to 10.6.1.1
VRF info: (vrf in name/id, vrf out name/id)
  1 10.0.0.6 1 msec 1 msec 0 msec

R8#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 30.0.38.3 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 30.0.38.3
      10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
C        10.0.0.0/24 is directly connected, Tunnel1
L        10.0.0.8/32 is directly connected, Tunnel1
O        10.6.1.0/24 [110/1010] via 10.0.0.6, 05:13:05, Tunnel1
O        10.6.6.6/32 [110/1001] via 10.0.0.6, 05:13:05, Tunnel1
O        10.7.1.0/24 [110/1010] via 10.0.0.7, 05:13:05, Tunnel1
O        10.7.7.7/32 [110/1001] via 10.0.0.7, 05:13:05, Tunnel1
C        10.8.1.0/24 is directly connected, Ethernet0/1
L        10.8.1.1/32 is directly connected, Ethernet0/1
C        10.8.8.8/32 is directly connected, Loopback0
      30.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        30.0.38.0/24 is directly connected, Ethernet0/0
L        30.0.38.8/32 is directly connected, Ethernet0/0


Monday, March 14, 2016

Overlay VPN task #4. configuration optimization part 2

Topology:



Use configuration from L2VPN task #3 as initial configuration for this task.

Requirements: 

1. Reduce the number of LDP sessions in SP network to two (2). 
2. Further reduce the overhead for tunneled traffic to 8 byte only. 

Solution:

Highlight the text below to reveal the solution.

This task requires understanding for AToM Static Pseudowires
Using static pseudowires removes the need for targeted LDP session between the tunnel endpoints, and also allows to disable the control word, which is required for Ethernet traffic tunneling. 

Note that you need to configure the mpls label range for dynamic and static labels, before configuring the static pseudowires.

R1:


!
mpls label range 1000 100000 static 16 999
!
!
pseudowire-class ATOM_MAN
 encapsulation mpls
 protocol none
!
!
!
interface Ethernet1/0
 no ip address
 no cdp enable
 xconnect 18.0.3.3 46 encapsulation mpls manual pw-class ATOM_MAN
  mpls label 46 64
  no mpls control-word
!
interface Ethernet1/1
 no ip address
!
interface Ethernet1/1.57
 encapsulation dot1Q 57
 xconnect 18.0.3.3 57 encapsulation mpls manual pw-class ATOM_MAN
  mpls label 57 75
  no mpls control-word
!
interface Ethernet1/1.58
 encapsulation dot1Q 58
 xconnect 18.0.3.3 58 encapsulation mpls manual pw-class ATOM_MAN
  mpls label 58 85
  no mpls control-word
!

R3:

!
mpls label range 1000 100000 static 16 999
!
pseudowire-class ATOM_MAN
 encapsulation mpls
 protocol none
!
!
interface Ethernet1/0
 no ip address
 no cdp enable
 xconnect 18.0.1.1 46 encapsulation mpls manual pw-class ATOM_MAN
  mpls label 64 46
  no mpls control-word
!
interface Ethernet1/1
 no ip address
!
interface Ethernet1/1.75
 encapsulation dot1Q 75
 xconnect 18.0.1.1 57 encapsulation mpls manual pw-class ATOM_MAN
  mpls label 75 57
  no mpls control-word
!
interface Ethernet1/2
 no ip address
!
interface Ethernet1/2.85
 encapsulation dot1Q 85
 xconnect 18.0.1.1 58 encapsulation mpls manual pw-class ATOM_MAN
  mpls label 85 58
  no mpls control-word
!

Verification:


R1#show mpls ldp neighbor
    Peer LDP Ident: 18.0.2.2:0; Local LDP Ident 18.0.1.1:0
        TCP connection: 18.0.2.2.59677 - 18.0.1.1.646
        State: Oper; Msgs sent/rcvd: 50/51; Downstream
        Up time: 00:37:57
        LDP discovery sources:
          Ethernet0/0, Src IP addr: 18.0.12.2
        Addresses bound to peer LDP Ident:
          18.0.12.2       18.0.23.2       18.0.2.2


R1#show mpls l2transport vc detail
Local interface: Et1/0 up, line protocol up, Ethernet up
  Destination address: 18.0.3.3, VC ID: 46, VC status: up
    Output interface: Et0/0, imposed label stack {17 64}
    Preferred path: not configured
    Default path: active
    Next hop: 18.0.12.2
  Create time: 00:06:25, last status change time: 00:06:25
  Signaling protocol: Manual
    Status TLV support (local/remote)   : enabled/N/A
      Label/status state machine        : established, LruRru
      Last local dataplane   status rcvd: no fault
      Last local SSS circuit status rcvd: no fault
      Last local SSS circuit status sent: no fault
      Last local  LDP TLV    status sent: not sent
      Last remote LDP TLV    status rcvd: not sent
    MPLS VC labels: local 46, remote 64
    Group ID: local 0, remote 0
    MTU: local 1500, remote 1500
  Sequencing: receive disabled, send disabled
  VC statistics:
    packet totals: receive 626, send 645
    byte totals:   receive 622601, send 638832
    packet drops:  receive 0, seq error 0, send 3

Local interface: Et1/1.57 up, line protocol up, Eth VLAN 57 up
  Destination address: 18.0.3.3, VC ID: 57, VC status: up
    Output interface: Et0/0, imposed label stack {17 75}
    Preferred path: not configured
    Default path: active
    Next hop: 18.0.12.2
  Create time: 00:05:53, last status change time: 00:05:53
  Signaling protocol: Manual
    Status TLV support (local/remote)   : enabled/N/A
      Label/status state machine        : established, LruRru
      Last local dataplane   status rcvd: no fault
      Last local SSS circuit status rcvd: no fault
      Last local SSS circuit status sent: no fault
      Last local  LDP TLV    status sent: not sent
      Last remote LDP TLV    status rcvd: not sent
    MPLS VC labels: local 57, remote 75
    Group ID: local 0, remote 0
    MTU: local 1500, remote 1500
  Sequencing: receive disabled, send disabled
  VC statistics:
    packet totals: receive 0, send 0
    byte totals:   receive 0, send 0
    packet drops:  receive 0, seq error 0, send 0

Local interface: Et1/1.58 up, line protocol up, Eth VLAN 58 up
  Destination address: 18.0.3.3, VC ID: 58, VC status: up
    Output interface: Et0/0, imposed label stack {17 85}
    Preferred path: not configured
    Default path: active
    Next hop: 18.0.12.2
  Create time: 00:05:33, last status change time: 00:05:33
  Signaling protocol: Manual
    Status TLV support (local/remote)   : enabled/N/A
      Label/status state machine        : established, LruRru
      Last local dataplane   status rcvd: no fault
      Last local SSS circuit status rcvd: no fault
      Last local SSS circuit status sent: no fault
      Last local  LDP TLV    status sent: not sent
      Last remote LDP TLV    status rcvd: not sent
    MPLS VC labels: local 58, remote 85
    Group ID: local 0, remote 0
    MTU: local 1500, remote 1500
  Sequencing: receive disabled, send disabled
  VC statistics:
    packet totals: receive 0, send 0
    byte totals:   receive 0, send 0
    packet drops:  receive 0, seq error 0, send 0

Tuesday, March 1, 2016

Overlay VPN task #3. L2VPN optimization

Topology:



Use configuration from L2VPN task #2 as initial configuration for this task.

Requirements: 

1. Change the solution, so both encapsulation overhead and provisioning efforts are kept to               minimum.
    You are allowed to change the service provider network configuration for this task. 


Solution:

Highlight the text below to reveal the solution.

This task requires understanding of L2VPN AToM configuration, and differences between L2TPv3 and AToM options.

AToM overhead is 8 bytes (2 labels) or 12 bytes (2 labels + control word) , vs L2TPv3 overhead is at least 24 bytes (new IP header of 20 bytes + l2tpv3 header of 4 bytes ), plus cookies and transport header overhead which may vary. 

Change to AToM to reduce overhead to 12 bytes, and use targeted LDP session between the tunnel endpoints to negotiate the VC labels. 

Requirement #1 - enable MPLS and LDP on routers R1, R2 and R3. change xconnect encapsulation from l2tpv3 to mpls. leave the pseudowire protocol to default - ldp. 

R1:


!
pseudowire-class ATOM
 encapsulation mpls
!
!
router ospf 1
 mpls ldp autoconfig
 router-id 18.0.1.1
!
!
interface Ethernet1/0
 no ip address
 no cdp enable
 xconnect 18.0.3.3 46 encapsulation mpls pw-class ATOM
!
interface Ethernet1/1
 no ip address
!
interface Ethernet1/1.57
 encapsulation dot1Q 57
 xconnect 18.0.3.3 57 encapsulation mpls pw-class ATOM
!
interface Ethernet1/1.58
 encapsulation dot1Q 58
 xconnect 18.0.3.3 58 encapsulation mpls pw-class ATOM
!


R3:


!
pseudowire-class ATOM
 encapsulation mpls
!
!
router ospf 1
 mpls ldp autoconfig
 router-id 18.0.3.3
!
interface Ethernet1/0
 no ip address
 no cdp enable
 xconnect 18.0.1.1 46 encapsulation mpls pw-class ATOM
!
interface Ethernet1/1
 no ip address
!
interface Ethernet1/1.75
 encapsulation dot1Q 75
 xconnect 18.0.1.1 57 encapsulation mpls pw-class ATOM
!
interface Ethernet1/2
 no ip address
!
interface Ethernet1/2.85
 encapsulation dot1Q 85
 xconnect 18.0.1.1 58 encapsulation mpls pw-class ATOM
!


Verification:


R1#        show mpls ldp neighbor
    Peer LDP Ident: 18.0.2.2:0; Local LDP Ident 18.0.1.1:0
        TCP connection: 18.0.2.2.59677 - 18.0.1.1.646
        State: Oper; Msgs sent/rcvd: 26/27; Downstream
        Up time: 00:16:20
        LDP discovery sources:
          Ethernet0/0, Src IP addr: 18.0.12.2
        Addresses bound to peer LDP Ident:
          18.0.12.2       18.0.23.2       18.0.2.2
    Peer LDP Ident: 18.0.3.3:0; Local LDP Ident 18.0.1.1:0
        TCP connection: 18.0.3.3.16095 - 18.0.1.1.646
        State: Oper; Msgs sent/rcvd: 26/26; Downstream
        Up time: 00:13:20
        LDP discovery sources:
          Targeted Hello 18.0.1.1 -> 18.0.3.3, active, passive
        Addresses bound to peer LDP Ident:
          18.0.23.3       18.0.3.3

R1#show mpls forwarding-table
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
16         Pop Label  18.0.2.2/32      0             Et0/0      18.0.12.2
17         17         18.0.3.3/32      0             Et0/0      18.0.12.2
18         Pop Label  18.0.23.0/24     0             Et0/0      18.0.12.2
19         No Label   l2ckt(46)        22790         Et1/0      point2point
20         No Label   l2ckt(57)        630           Et1/1.57   point2point
21         No Label   l2ckt(58)        570           Et1/1.58   point2point

R1#show mpls l2transport vc detail
Local interface: Et1/0 up, line protocol up, Ethernet up
  Destination address: 18.0.3.3, VC ID: 46, VC status: up
    Output interface: Et0/0, imposed label stack {17 19}
    Preferred path: not configured
    Default path: active
    Next hop: 18.0.12.2
  Create time: 00:16:21, last status change time: 00:14:03
  Signaling protocol: LDP, peer 18.0.3.3:0 up
    Targeted Hello: 18.0.1.1(LDP Id) -> 18.0.3.3
    Status TLV support (local/remote)   : enabled/supported
      Label/status state machine        : established, LruRru
      Last local dataplane   status rcvd: no fault
      Last local SSS circuit status rcvd: no fault
      Last local SSS circuit status sent: no fault
      Last local  LDP TLV    status sent: no fault
      Last remote LDP TLV    status rcvd: no fault
    MPLS VC labels: local 19, remote 19
    Group ID: local 0, remote 0
    MTU: local 1500, remote 1500
    Remote interface description:
  Sequencing: receive disabled, send disabled
  VC statistics:
    packet totals: receive 203, send 201
    byte totals:   receive 22910, send 27693
    packet drops:  receive 0, seq error 0, send 0

Local interface: Et1/1.57 up, line protocol up, Eth VLAN 57 up
  Interworking type is Ethernet
  Destination address: 18.0.3.3, VC ID: 57, VC status: up
    Output interface: Et0/0, imposed label stack {17 20}
    Preferred path: not configured
    Default path: active
    Next hop: 18.0.12.2
  Create time: 00:15:08, last status change time: 00:13:47
  Signaling protocol: LDP, peer 18.0.3.3:0 up
    Targeted Hello: 18.0.1.1(LDP Id) -> 18.0.3.3
    Status TLV support (local/remote)   : enabled/supported
      Label/status state machine        : established, LruRru
      Last local dataplane   status rcvd: no fault
      Last local SSS circuit status rcvd: no fault
      Last local SSS circuit status sent: no fault
      Last local  LDP TLV    status sent: no fault
      Last remote LDP TLV    status rcvd: no fault
    MPLS VC labels: local 20, remote 20
    Group ID: local 0, remote 0
    MTU: local 1500, remote 1500
    Remote interface description:
  Sequencing: receive disabled, send disabled
  VC statistics:
    packet totals: receive 6, send 6
    byte totals:   receive 630, send 786
    packet drops:  receive 0, seq error 0, send 0

Local interface: Et1/1.58 up, line protocol up, Eth VLAN 58 up
  Interworking type is Ethernet
  Destination address: 18.0.3.3, VC ID: 58, VC status: up
    Output interface: Et0/0, imposed label stack {17 21}
    Preferred path: not configured
    Default path: active
    Next hop: 18.0.12.2
  Create time: 00:14:55, last status change time: 00:13:27
  Signaling protocol: LDP, peer 18.0.3.3:0 up
    Targeted Hello: 18.0.1.1(LDP Id) -> 18.0.3.3
    Status TLV support (local/remote)   : enabled/supported
      Label/status state machine        : established, LruRru
      Last local dataplane   status rcvd: no fault
      Last local SSS circuit status rcvd: no fault
      Last local SSS circuit status sent: no fault
      Last local  LDP TLV    status sent: no fault
      Last remote LDP TLV    status rcvd: no fault
    MPLS VC labels: local 21, remote 21
    Group ID: local 0, remote 0
    MTU: local 1500, remote 1500
    Remote interface description:
  Sequencing: receive disabled, send disabled
  VC statistics:
    packet totals: receive 5, send 5
    byte totals:   receive 570, send 700
    packet drops:  receive 0, seq error 0, send 0

R4#ping 10.10.64.6 repeat 100
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 10.10.64.6, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 1/1/5 ms

R5#ping 172.16.57.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.57.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R5#ping 172.16.58.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.58.8, timeout is 2 seconds:
!!!!!