Stage 1 - Build OSPF/ISIS Areas - COMPLETE
Stage 2 - Configure BGP, Create ASBRs/PEs, use RR via R7/R8
Stage 3 - Enable MPLS
Stage 4 - Create InterAS OptC (multihop vpnv4 ebgp between RR lo)
Stage 5 - Connect CEs, CUST1=OSPF CUST2=BGP
Stage 6 - replace some routers with Juniper
Just as a reminder, here is our lab design:
Now for Stage2 - we need to create BGP peering within each AS (to the AS route reflector - R7 or R8) and also create a eBGP peering between AS's. We will also add in the MPLS label function to BGP, as we will need that for the next stage. A few points about the BGP peers:
1. We are using BGP IPv4 labeled-unicast for the peering, since MPLS labels need to be passed between BGP peers.
2. We will pass the loopback addresses between the eBGP peers via the network statement (rather than a redistribute statement)
3. IOS-XR blocks eBGP route passing by default, so we need the PASS route-policy in place to support the route flow
4. We use the next-hop-self on the ASBR so that routers inside the AS know how to get across to the other AS for their loopbacks and routes
AS21 (R1,R2,R6,R7,R10)
R1
router bgp 21
bgp router-id 1.1.1.1
address-family ipv4 unicast
allocate-label all
!
neighbor 7.7.7.7
remote-as 21
update-source Loopback0
address-family ipv4 labeled-unicast
next-hop-self
!
R2
route-policy PASS
pass
end-policy
!
router bgp 21
bgp router-id 2.2.2.2
address-family ipv4 unicast
network 1.1.1.1/32
network 2.2.2.2/32
network 6.6.6.6/32
network 7.7.7.7/32
network 10.10.10.10/32
allocate-label all
!
neighbor 7.7.7.7
remote-as 21
update-source Loopback0
address-family ipv4 labeled-unicast
next-hop-self
!
!
neighbor 10.0.29.2
remote-as 111
address-family ipv4 labeled-unicast
route-policy PASS in
route-policy PASS out
!
!
!
R6
router bgp 21
bgp router-id 6.6.6.6
bgp log-neighbor-changes
neighbor 7.7.7.7 remote-as 21
neighbor 7.7.7.7 update-source Loopback0
neighbor 10.22.22.2 remote-as 2
!
address-family ipv4
neighbor 7.7.7.7 activate
neighbor 7.7.7.7 next-hop-self
neighbor 7.7.7.7 send-label
neighbor 10.22.22.2 activate
exit-address-family
!
R7
router bgp 21
template peer-policy AS21
route-reflector-client
send-community both
send-label
exit-peer-policy
!
template peer-session AS21_SESS
remote-as 21
update-source Loopback0
exit-peer-session
!
bgp router-id 7.7.7.7
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 1.1.1.1 inherit peer-session AS21_SESS
neighbor 2.2.2.2 inherit peer-session AS21_SESS
neighbor 6.6.6.6 inherit peer-session AS21_SESS
neighbor 10.10.10.10 inherit peer-session AS21_SESS
!
address-family ipv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 inherit peer-policy AS21
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 inherit peer-policy AS21
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 inherit peer-policy AS21
neighbor 10.10.10.10 activate
neighbor 10.10.10.10 inherit peer-policy AS21
exit-address-family
!
R10
router bgp 21
bgp router-id 10.10.10.10
bgp log-neighbor-changes
neighbor 7.7.7.7 remote-as 21
neighbor 7.7.7.7 update-source Loopback0
neighbor 10.0.103.1 remote-as 111
!
address-family ipv4
network 1.1.1.1 mask 255.255.255.255
network 2.2.2.2 mask 255.255.255.255
network 6.6.6.6 mask 255.255.255.255
network 7.7.7.7 mask 255.255.255.255
network 10.10.10.10 mask 255.255.255.255
neighbor 7.7.7.7 activate
neighbor 7.7.7.7 next-hop-self
neighbor 7.7.7.7 send-label
neighbor 10.0.103.1 activate
neighbor 10.0.103.1 send-label
exit-address-family
BGP peers should now be up, with the 5 local routes coming in from the 2 ASBRs. The RIB failure here is due to the OSPF route already being present in the RIB, so BGP can't add those routes in (as its less preferred).
OK on to the next AS:
AS111 (R3,R4,R5,R8,R9)
R3
route-policy PASS
pass
end-policy
!
router bgp 111
bgp router-id 3.3.3.3
address-family ipv4 unicast
network 3.3.3.3/32
network 4.4.4.4/32
network 5.5.5.5/32
network 8.8.8.8/32
network 9.9.9.9/32
allocate-label all
!
neighbor 8.8.8.8
remote-as 111
update-source Loopback0
address-family ipv4 labeled-unicast
next-hop-self
!
!
neighbor 10.0.103.2
remote-as 21
address-family ipv4 labeled-unicast
route-policy PASS in
route-policy PASS out
!
!
!
R4
router bgp 111
bgp router-id 4.4.4.4
address-family ipv4 unicast
allocate-label all
!
address-family vpnv4 unicast
!
neighbor 8.8.8.8
remote-as 111
update-source Loopback0
address-family ipv4 labeled-unicast
next-hop-self
!
R5
router bgp 111
bgp router-id 5.5.5.5
bgp log-neighbor-changes
neighbor 8.8.8.8 remote-as 111
neighbor 8.8.8.8 update-source Loopback0
neighbor 10.22.222.2 remote-as 2
!
address-family ipv4
neighbor 8.8.8.8 activate
neighbor 8.8.8.8 next-hop-self
neighbor 8.8.8.8 send-label
neighbor 10.22.222.2 activate
exit-address-family
!
R8
router bgp 111
template peer-policy AS111
route-reflector-client
send-community both
send-label
exit-peer-policy
!
template peer-session AS111_SESS
remote-as 111
update-source Loopback0
exit-peer-session
!
bgp router-id 8.8.8.8
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 3.3.3.3 inherit peer-session AS111_SESS
neighbor 4.4.4.4 inherit peer-session AS111_SESS
neighbor 5.5.5.5 inherit peer-session AS111_SESS
neighbor 9.9.9.9 inherit peer-session AS111_SESS
!
address-family ipv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 inherit peer-policy AS111
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 inherit peer-policy AS111
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 inherit peer-policy AS111
neighbor 9.9.9.9 activate
neighbor 9.9.9.9 inherit peer-policy AS111
exit-address-family
!
R9
router bgp 111
bgp router-id 9.9.9.9
bgp log-neighbor-changes
neighbor 8.8.8.8 remote-as 111
neighbor 8.8.8.8 update-source Loopback0
neighbor 10.0.29.1 remote-as 21
!
address-family ipv4
network 3.3.3.3 mask 255.255.255.255
network 4.4.4.4 mask 255.255.255.255
network 5.5.5.5 mask 255.255.255.255
network 9.9.9.9 mask 255.255.255.255
neighbor 8.8.8.8 activate
neighbor 8.8.8.8 next-hop-self
neighbor 8.8.8.8 send-label
neighbor 10.0.29.1 activate
neighbor 10.0.29.1 send-label
exit-address-family
We should now have AS111 active, and all peers up, with routes from both AS111 AND loopbacks from AS21, due to the eBGP peering between AS.
Looking at the routing table, we now have BGP routes present (B) from the AS21. Now we need to move on to the next stage, and enable MPLS across the different networks, so that we can get end to end connectivity.
Stage3 - Enable MPLS
We need to turn on MPLS and LDP on each of the routers, and create a static route on the XR ASBR units (since they require a /32 host route between peers to create a correct label path). The easiest way to enable ldp on all the links is to use the auto-config under the IGP, which makes sure that for all IGP enabled interfaces, LDP is also enabled and labels will be created.
R1
router ospf 21
mpls ldp auto-config
mpls ldp
router-id 1.1.1.1
address-family ipv4
!
!
R2
router static
address-family ipv4 unicast
10.0.29.2/32 GigabitEthernet0/0/0/0
!
!
router ospf 21
mpls ldp auto-config
!
mpls ldp
router-id 2.2.2.2
address-family ipv4
!
interface GigabitEthernet0/0/0/0
!
!
R3
router static
address-family ipv4 unicast
10.0.103.2/32 GigabitEthernet0/0/0/2
!
!
router isis 1
address-family ipv4 unicast
mpls ldp auto-config
!
mpls ldp
router-id 3.3.3.3
address-family ipv4
!
interface GigabitEthernet0/0/0/2
address-family ipv4
!
!
!
R4
router isis 1
address-family ipv4 unicast
mpls ldp auto-config
!
mpls ldp
router-id 4.4.4.4
address-family ipv4
!
!
R5
router isis 1
mpls ldp autoconfig
!
mpls ldp router-id Loopback0
!
R6
router ospf 21
mpls ldp autoconfig
!
R7
router ospf 21
mpls ldp autoconfig
!
mpls ldp router-id Loopback0
!
R8
router isis
mpls ldp autoconfig
!
R9
router isis
mpls ldp autoconfig
!
interface GigabitEthernet4
mpls bgp forwarding
!
mpls ldp router-id Loopback0
R10
interface GigabitEthernet1
mpls bgp forwarding
router ospf 21
mpls ldp autoconfig
!
mpls ldp router-id Loopback0
So we should now have a full label switched path end to end between the loopbacks of the 2 AS - lets have a look !
Trace from router 5 lo0 to router 6 lo0:
We start with 2 labels in the stack, 24008 is maintained across AS111, then it is pop'ed at the ASBR, and label 27 then label 24005 takes the traffic across AS21 to the final destination.
If we have a look across the other diagonal from AS21 to AS111:
We get the same result, with 2 labels within AS21, then a single label in AS111.
Looking at the MPLS forwarding table on R1, we can also see that routes have either a label or a pop label on them, which is what we want to see. If we see No Label listed here, that normally points to an issue in the config (e.g. MPLS not enabled on one of the interfaces).
We now have end to end MPLS label path, so we are ready to move on to Stage4 and build the L3 VPN tunnels across the core. The next post is HERE
No comments:
Post a Comment