In this series of posts, we will look at various technologies used for Inter-AS design. To build these labs, we will use:
- OSPF
- IS-IS
- MPLS
- Layer3 VPN (VRFs)
- Multi-protocol BGP
A few years ago I passed the CCIE Service Provider certification. The lab side of this course is heavily focused on ISIS, BGP, OSPF and L2/L3 VPNs. These build together to form Inter-AS designs, with Option A, B and C being practiced for the lab.
InterAS Option C (which is knows as "MPLS VPN Inter-AS with ASBRs Exchanging IPv4 Routes and MPLS Labels" - Option C is much easier..) is a method to enable to AS's to join together, and allow IPv4/v6 routes to be distributed between the AS (via their route reflectors), and VPNv4/v6 routes to pass across the network to support end customer CE devices connected to the different AS's.
Assumed Knowledge
This series assumes some core understanding of the above listed technologies. I do provide config for each of the steps, but if you ever need to troubleshoot what has been loaded, you will need some basic understanding of how the tech works. If you have CCNP-SP/JNCIP-SP level knowledge, that should suit these posts.
To create this environment, I have used the following lab and images:
. Intel Core i7 with 32GB ram [10GB is needed for the lab to be built, so a 16GB system would be fine]
. 256GB SSD [20GB max is needed for the lab]
. VMware ESXi 6.7 [this can be built on any platform that EVE-NG can be installed on]
. EVE-NG community edition virtual environment (latest version - im using 2.0.3-95) with the following images:
. vIOS - vios-adventerprisek9-m-15.5
. iosXR - xrv-k9-6.0.0
. csr1000v - csr1000v-3.16.00.S.155-3.S
. vSRX - vsrx-12.1X47-D20.7-domestic
The Cisco router layout for the lab looks like this:
What are we trying to achieve ?
We need to get traffic between each separate customer (Cust1=YELLOW, Cust2=ORANGE) across the 2 networks, in a segmented VRF without customer routes appearing in either core network. The IPv4 core will have NONE of the customer routes within the RIBs of any of the core routers (this is handled via MP-BGPv4).
The aim is to create a scalable network in the core which can support lots more customers transiting traffic in the same way, via simple MPLS paths and Layer3 VPN tunnels.
When I build and design, normally Ill look to do it in layers. For the CCIE lab this is critical (as you are time limited and you need to build it Layer2 - Layer3 - IGP - BGP - special config, with verification of each step, otherwise troubleshooting faults is a nightmare), and it's great way to learn making sure each step is validated correctly.
The steps we will go through to build this design over the following posts are as follows:
Stage 1 - Build OSPF/ISIS Areas
Stage 2 - Configure BGP, Create ASBRs/PEs, use RR via R7/R8
Stage 3 - Enable MPLS
Stage 4 - Create InterAS OptC (multihop vpnv4 ebgp between RR lo)
Stage 5 - Connect CEs, CUST1=OSPF CUST2=BGP
Stage 6 - replace some routers with Juniper
Download the LAB from HERE
Download the base config from HERE
OK lets start the lab up. You can select all the devices to start them, and then let the routers fire up. This will take 5-10 minutes depending on your system performance, so give them all a chance to get up to the login prompts. The IOS XR units use cisco/cisco as the login, and the other devices should not need a login. Go through the routers and apply the base config to them all (making sure that interfaces are UP as well during the setup, and that you can ping the other end of each of the links you create). This sets up the IP addressing and port config, ready for Stage1.
Once you have Layer3 connectivity, lets begin and work on Stage1 - OSPF/ISIS. We need IGP connectivity, so that we can then move on to create the BGP peering and InterAS design.
AS21 - OSPF (R1,R2,R6,R7,R10)
R1
router ospf 21
address-family ipv4
area 0
interface Loopback0
!
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/1
!
interface GigabitEthernet0/0/0/2
!
!
!
R2
router ospf 21
address-family ipv4
area 0
interface Loopback0
passive enable
!
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/1
!
interface GigabitEthernet0/0/0/2
!
!
!
R6
router ospf 21
network 6.6.6.6 0.0.0.0 area 0
network 10.0.0.0 0.0.255.255 area 0
R7
router ospf 21
router-id 7.7.7.7
network 7.7.7.7 0.0.0.0 area 0
network 10.0.0.0 0.0.255.255 area 0
R10
router ospf 21
network 10.0.0.0 0.0.255.255 area 0
network 10.10.10.10 0.0.0.0 area 0
Once completed, we should find we have OSPF adjacency to each connected peer, and a OSPF Database (and RIB) list with the interfaces and loopback addresses all listed for the AS:
Looks good - OSPF intra area routes are in the RIB (TYPE = O), and all router LSAs are present in the OSPF DB.
Lets create the ISIS peering for the other AS. Here we use metric-style wide to support the MPLS TLVs used in ISIS:
AS111 - ISIS (R3,R4,R5,R8,R9)
R3
router isis 1
is-type level-2-only
net 49.1111.0000.0000.0003.00
address-family ipv4 unicast
metric-style wide
!
interface Loopback0
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/1
address-family ipv4 unicast
!
!
!
R4
router isis 1
is-type level-2-only
net 49.1111.0000.0000.0004.00
address-family ipv4 unicast
metric-style wide
!
interface Loopback0
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/1
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/2
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/3
address-family ipv4 unicast
!
!
!
R5
router isis 1
net 49.1111.0000.0000.0005.00
is-type level-2-only
metric-style wide
!
interface Loopback0
ip router isis 1
!
interface GigabitEthernet2
ip router isis 1
!
interface GigabitEthernet3
ip router isis 1
R8
router isis
net 49.1111.0000.0000.0008.00
is-type level-2-only
metric-style wide
!
interface Loopback0
ip router isis
!
interface GigabitEthernet1
ip router isis
!
interface GigabitEthernet2
ip router isis
R9
router isis
net 49.1111.0000.0000.0009.00
is-type level-2-only
metric-style wide
!
interface Loopback0
ip router isis
!
interface GigabitEthernet1
ip router isis
!
interface GigabitEthernet2
ip router isis
!
interface GigabitEthernet3
ip router isis
This should now show a complete ISIS network, with all routes and neighbours verified:
Great! Routes present (Type L2) and all loopbacks in the RIB. In the next post we will move on to Stage2 and get the BGP peering working. Check out the next post HERE