In the previous post we looked at the BGP and MPLS configuration.
Stage 1 - Build OSPF/ISIS Areas - COMPLETE
Stage 2 - Configure BGP, Create ASBRs/PEs, use RR via R7/R8 - COMPLETE
Stage 3 - Enable MPLS - COMPLETE
Stage 4 - Create InterAS OptC (multihop vpnv4 ebgp between RR lo)
Stage 5 - Connect CEs, CUST1=OSPF CUST2=BGP
Stage 6 - replace some routers with Juniper
Lets move on to configure the final stages ! So far what we have is a joined network at the same level via MPLS+BGP. The issue is, for us to create the Layer3 VPN tunnels, each AS needs to know about the VPNV4 destinations in the other AS, so that MPLS paths can be built for the MPLS traffic from the CE devices. The secret of this ? Connect the route-reflectors within each AS, and share routes. A few notes on this design:
. the next hop needs to remain unchanged when it is sent between the route-reflectors, to make sure the route reflectors do not become part of the data path
. add the VPNV4 family to the do the route-reflectors first, to make the config update easier
. ebgp multihop is required for the route-reflectors to be able to reach each other across the AS paths
. the ASBRs do NOT need VPNV4 configured on them, since they are not taking part in the VPNV4 process (they are simply forwarding traffic based on MPLS label), BUT the ASBRs do need a static route to address a fault in the XRv code that doesn't allocate the route correctly
The following shows us the peerings that we will now create:
Stage 4 - Create InterAS OptC
We need to peer the route-reflectors, and turn on the VPNV4 address family for all BGP peers.
R7
router bgp 21
neighbor 8.8.8.8 remote-as 111
neighbor 8.8.8.8 ebgp-multihop 255
neighbor 8.8.8.8 update-source Loopback0
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
neighbor 1.1.1.1 inherit peer-policy AS21
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 send-community extended
neighbor 6.6.6.6 inherit peer-policy AS21
neighbor 8.8.8.8 activate
neighbor 8.8.8.8 send-community both
neighbor 8.8.8.8 next-hop-unchanged
exit-address-family
!
R1
router bgp 21
address-family vpnv4 unicast
!
neighbor 7.7.7.7
address-family vpnv4 unicast
next-hop-self
!
R2
router static
address-family ipv4 unicast
10.0.29.2/32 GigabitEthernet0/0/0/0
!
!
R6
router bgp 21
!
address-family vpnv4
neighbor 7.7.7.7 activate
neighbor 7.7.7.7 send-community extended
neighbor 7.7.7.7 next-hop-self
exit-address-family
!
R8
router bgp 111
neighbor 7.7.7.7 remote-as 21
neighbor 7.7.7.7 ebgp-multihop 255
neighbor 7.7.7.7 update-source Loopback0
!
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
neighbor 4.4.4.4 inherit peer-policy AS111
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 send-community extended
neighbor 5.5.5.5 inherit peer-policy AS111
neighbor 7.7.7.7 activate
neighbor 7.7.7.7 send-community both
neighbor 7.7.7.7 next-hop-unchanged
exit-address-family
!
!
R3
router static
address-family ipv4 unicast
10.0.103.2/32 GigabitEthernet0/0/0/2
!
!
R4
router bgp 111
address-family vpnv4 unicast
!
neighbor 8.8.8.8
address-family vpnv4 unicast
next-hop-self
!
!
R5
router bgp 111
address-family vpnv4
neighbor 8.8.8.8 activate
neighbor 8.8.8.8 send-community extended
neighbor 8.8.8.8 next-hop-self
exit-address-family
!
That's done ! Lets go have a look at the BGP output now on the route reflector:
R8# sh ip bgp all sum
For address family: IPv4 Unicast
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
3.3.3.3 4 111 102 123 58 0 0 01:27:10 8
4.4.4.4 4 111 9 32 58 0 0 00:05:11 0
5.5.5.5 4 111 6 20 58 0 0 00:01:32 0
7.7.7.7 4 21 10 10 43 0 0 00:00:26 5
9.9.9.9 4 111 115 136 58 0 0 01:27:21 6
For address family: VPNv4 Unicast
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
4.4.4.4 4 111 9 32 1 0 0 00:05:11 0
5.5.5.5 4 111 6 20 1 0 0 00:01:32 0
7.7.7.7 4 21 10 10 1 0 0 00:00:26 0
Looks good ! Now we have peering to the local AS PEs, as well as the other AS route reflector, via VPNv4.
Stage 5 - Connect CEs, CUST1=OSPF CUST2=BGP
Time to setup the VRFs on the PEs, and peer between the PE and CE devices, so that we can get traffic across the Inter-AS MPLS core between CEs.
We will setup the VRF and create the BGP/OSPF peering at the same time.
. for the OSPF peering, we will use process 1.
. we need to redistribute from the OSPF/BGP peering into the VPNv4 BGP network, so we can transmit across the MPLS core.
. Route-Distinguisher and Route-Target need to be configured, which are specific to the CUST1/2 network peering (so that the PEs know which route-targets to import for that customer)
R1
vrf CUST1
address-family ipv4 unicast
import route-target
100:100
!
export route-target
100:100
!
!
!
router ospf 1
vrf CUST1
router-id 1.1.1.1
redistribute connected
redistribute bgp 21
address-family ipv4 unicast
area 0
interface GigabitEthernet0/0/0/3
!
!
!
!
router bgp 21
vrf CUST1
rd 1:11
address-family ipv4 unicast
network 10.11.11.0/30
redistribute ospf 1 match internal external nssa-external
!
R11
router ospf 1
router-id 11.11.11.11
network 0.0.0.0 255.255.255.255 area 0
!
R6
vrf definition CUST2
rd 2:2
route-target export 200:200
route-target import 200:200
!
address-family ipv4
exit-address-family
!
interface GigabitEthernet3
vrf forwarding CUST2
ip address 10.22.22.1 255.255.255.252
!
router bgp 21
!
address-family ipv4 vrf CUST2
redistribute connected
neighbor 10.22.22.2 remote-as 2
neighbor 10.22.22.2 activate
neighbor 10.22.22.2 send-community both
exit-address-family
R12
router bgp 2
bgp router-id 12.12.12.12
bgp log-neighbor-changes
neighbor 10.22.22.1 remote-as 21
!
address-family ipv4
redistribute connected
neighbor 10.22.22.1 activate
neighbor 10.22.22.1 send-community both
neighbor 10.22.22.1 allowas-in
exit-address-family
R4
vrf CUST1
address-family ipv4 unicast
import route-target
100:100
!
export route-target
100:100
!
!
!
router ospf 1
vrf CUST1
router-id 4.4.4.4
redistribute connected
redistribute bgp 111
address-family ipv4 unicast
area 0
interface GigabitEthernet0/0/0/0
!
!
!
!
router bgp 111
vrf CUST1
rd 1:1
address-family ipv4 unicast
network 10.11.111.0/30
redistribute ospf 1 match internal external nssa-external
!
!
!
R14
router ospf 1
router-id 14.14.14.14
network 0.0.0.0 255.255.255.255 area 0
!
R5
vrf definition CUST2
rd 2:22
route-target export 200:200
route-target import 200:200
!
address-family ipv4
exit-address-family
!
interface GigabitEthernet1
vrf forwarding CUST2
ip address 10.22.222.1 255.255.255.252
!
router bgp 111
address-family ipv4 vrf CUST2
redistribute connected
neighbor 10.22.222.2 remote-as 2
neighbor 10.22.222.2 activate
neighbor 10.22.222.2 send-community both
exit-address-family
!
R13
router bgp 2
bgp router-id 13.13.13.13
bgp log-neighbor-changes
neighbor 10.22.222.1 remote-as 111
!
address-family ipv4
redistribute connected
neighbor 10.22.222.1 activate
neighbor 10.22.222.1 send-community both
neighbor 10.22.222.1 allowas-in
exit-address-family
!
And we should now be configured ! Lets have a look at R13 and R14 routers, and see what the trace looks like across to their other CE's connected to the other AS:
R13# sh ip route
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
B 10.22.22.0/30 [20/0] via 10.22.222.1, 00:06:28
C 10.22.222.0/30 is directly connected, GigabitEthernet0/0
L 10.22.222.2/32 is directly connected, GigabitEthernet0/0
12.0.0.0/32 is subnetted, 1 subnets
B 12.12.12.12 [20/0] via 10.22.222.1, 00:06:28
13.0.0.0/32 is subnetted, 1 subnets
C 13.13.13.13 is directly connected, Loopback0
R13# traceroute 12.12.12.12 source lo0
Type escape sequence to abort.
Tracing the route to 13.13.13.13
VRF info: (vrf in name/id, vrf out name/id)
1 10.22.222.1 5 msec 4 msec 5 msec
2 10.0.35.1 [MPLS: Labels 24004/23/27 Exp 0] 18 msec 16 msec 17 msec
3 10.0.39.2 [MPLS: Labels 23/27 Exp 0] 19 msec 44 msec 71 msec
4 10.0.29.1 [MPLS: Labels 24002/27 Exp 0] 30 msec 16 msec 16 msec
5 10.22.22.1 [AS 21] [MPLS: Label 27 Exp 0] 16 msec 16 msec 17 msec
6 10.22.22.2 [AS 21] 18 msec 18 msec *
R14# sh ip route
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O E2 10.11.11.0/30 [110/1] via 10.11.111.1, 00:07:58, GigabitEthernet0/0
C 10.11.111.0/30 is directly connected, GigabitEthernet0/0
L 10.11.111.2/32 is directly connected, GigabitEthernet0/0
11.0.0.0/32 is subnetted, 1 subnets
O IA 11.11.11.11 [110/2] via 10.11.111.1, 00:07:58, GigabitEthernet0/0
14.0.0.0/32 is subnetted, 1 subnets
C 14.14.14.14 is directly connected, Loopback0
R14# traceroute 11.11.11.11 so lo0
Type escape sequence to abort.
Tracing the route to 11.11.11.11
VRF info: (vrf in name/id, vrf out name/id)
1 10.11.111.1 4 msec 3 msec 2 msec
2 10.0.49.2 [MPLS: Labels 16/24005/24016 Exp 0] 19 msec 17 msec 18 msec
3 10.0.39.1 [MPLS: Labels 24005/24016 Exp 0] 21 msec 22 msec 19 msec
4 10.0.103.2 [MPLS: Labels 16/24016 Exp 0] 20 msec 21 msec 81 msec
5 10.0.110.1 [MPLS: Label 24016 Exp 0] 20 msec 19 msec 21 msec
6 10.11.11.2 21 msec * 22 msec
Exactly what we were looking for ! At the start of each trace, there are 3 labels. One gets stripped as they cross the core eBGP peering, and then one final label is left to PHP (penultimate hop - second to last) to the destination.
So thats done. We now have a working Cisco based Inter-AS option C design. Feel free to play with this design and config - its great for testing and also learning on OSPF/ISIS databases and peering designs, as well as VPNv4 route traffic and VRFs.
You can download the complete Cisco config HERE
In the final post, we will have a quick look at changing some of the routers from Cisco to Juniper. You can jump to that post HERE.
No comments:
Post a Comment