MPLS Handbook

MPLS Handbook
About
This handbook aims to give hands-on practice on several MPLS VPN
technologies and implementaions
8/17/2014
Table of Contents
MPLS L3VPN Static CE-PE ................................................................................ 2
MPLS L3VPN RIPv2 CE-PE ............................................................................. 13
MPLS L3VPN OSPF CE-PE .............................................................................. 25
MPLS L3VPN ISIS CE-PE ............................................................................... 35
MPLS L3VPN BGP CE-PE ................................................................................ 46
MPLS Tunneling ........................................................................................... 55
MPLS L3VPN OSPF Sham-link ........................................................................ 67
OSPF Domain-ID .......................................................................................... 78
VRF Lite ...................................................................................................... 92
VRF Export-maps ......................................................................................... 96
MPLS AToM Eth to Eth ................................................................................ 105
MPLS AToM PPP to PPP................................................................................ 112
MPLS Inter-AS Xconnect ............................................................................. 118
MPLS L3VPN Inter-AS Option A .................................................................... 126
MPLS L3VPN Inter-AS Option B .................................................................... 138
Carrier supporting Carrier (CSC) .................................................................. 150
MPLS TE with OSPF .................................................................................... 168
MPLS 6PE .................................................................................................. 182
MPLS 6VPE ................................................................................................ 189
MPLS Internet Access ................................................................................. 195
MPLS QoS ................................................................................................. 205
MPLS EIGRP Backdoor Link.......................................................................... 227
MPLS BGP Soo ........................................................................................... 234
MPLS L3VPN Static CE-PE

Network Diagram
Lo0
1.1.1.1/32
OSPF
Area 0
R1
S1/0
19
2.
1.
13
.0/
24
S1/0
192.1.35.0/24
IBGP
F2/0
Static
F1/0
Lo0
4.4.4.4/32
S1/1
LSP
S1/0
R2
192.1.24.0/24
Lo0
2.2.2.2/32
24
0/
2.
1
.
2.1
19
AS 100
R3
F2/0
Static
F1/0
R5
R4
Configurations
VRF Configuration
R2
vrf definition MSSK
rd 100:1
address-family ipv4
route-target export 100:1
route-target import 100:1
int f2/0
vrf forwarding MSSK
ip address 192.1.24.2 255.255.255.0
R3
vrf definition MSSK
rd 100:1
2
Lo0
3.3.3.3/32
Lo0
5.5.5.5/32
address-family ipv4
int f2/0
vrf forwarding MSSK
ip address 192.1.35.3 255.255.255.0
IGP Configuration
R1
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 192.1.12.1 0.0.0.0 area 0
network 192.1.13.1 0.0.0.0 area 0
R2
router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 192.1.12.2 0.0.0.0 area 0
R3
router ospf 1
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 192.1.13.3 0.0.0.0 area 0
MPLS LDP Configuration
R1
mpls label protocol ldp
mpls ldp router-id lo0 force
int s1/0
mpls ip
int s1/1
mpls ip
R2
mpls ldp router-id Loopback0 force
3
int s1/0
mpls ip
R3
int s1/0
mpls ip
MP-BGP Configuration
R2
router bgp 100
no bgp default ipv4-unicast
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source lo0
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community both
R3
router bgp 100
CE-PE routing Configuration
R2
ip route vrf MSSK 4.4.4.4 255.255.255.255 192.1.24.4
R4
ip route 0.0.0.0 0.0.0.0 192.1.24.2
R3
ip route vrf MSSK 5.5.5.5 255.255.255.255 192.1.35.5
R5
ip route 0.0.0.0 0.0.0.0 192.1.35.3
VPN Configuration
R2
router bgp 100
address-family ipv4 vrf MSSK
network 192.1.24.0 mask 255.255.255.0
redistribute static
R3
router bgp 100
network 192.1.35.0 mask 255.255.255.0
redistribute static
Verifications
R1#show mpls ldp neighbor
Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 1.1.1.1:0
TCP connection: 2.2.2.2.38298 - 1.1.1.1.646
State: Oper; Msgs sent/rcvd: 66/66; Downstream
Up time: 00:49:35
LDP discovery sources:
Serial1/0, Src IP addr: 192.1.12.2
Addresses bound to peer LDP Ident:
192.1.12.2
2.2.2.2
TCP connection: 3.3.3.3.34974 - 1.1.1.1.646
Up time: 00:49:34
192.1.13.3
3.3.3.3
R1#show mpls interfaces
Interface
IP
Tunnel
Serial1/0
Yes (ldp)
No
Serial1/1
Yes (ldp)
No
BGP Static Operational

No No
Yes
No No
Yes

TCP connection: 1.1.1.1.646 - 2.2.2.2.38298
Up time: 00:49:39
5

192.1.12.1
192.1.13.1
1.1.1.1
Interface
IP
Tunnel
Serial1/0
Yes (ldp)
No

No No
Yes

TCP connection: 1.1.1.1.646 - 3.3.3.3.34974
Up time: 00:49:40
192.1.12.1
192.1.13.1
1.1.1.1
Interface
IP
Tunnel
Serial1/0
Yes (ldp)
No

No No
Yes
R2#sh ip route vrf MSSK static

Routing Table: MSSK
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
S
4.0.0.0/32 is subnetted, 1 subnets

4.4.4.4 [1/0] via 192.1.24.4
R2#ping vrf MSSK 4.4.4.4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/12/40 ms
R3#sh ip route vrf MSSK static

Routing Table: MSSK
S

5.5.5.5 [1/0] via 192.1.35.5

!!!!!
R2#sh bgp vpnv4 unicast all summary
BGP router identifier 2.2.2.2, local AS number 100
BGP table version is 7, main routing table version 7
4 network entries using 624 bytes of memory
4 path entries using 320 bytes of memory
4/4 BGP path/bestpath attribute entries using 576 bytes of memory
1 BGP extended community entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1544 total bytes of memory
BGP activity 4/0 prefixes, 4/0 paths, scan interval 60 secs
Neighbor
V
State/PfxRcd
3.3.3.3
4
AS MsgRcvd MsgSent
100
56
58
TblVer InQ OutQ Up/Down

0
0 00:47:35
R2#sh bgp vpnv4 unicast all

BGP table version is 7, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
7
RPKI validation codes: V valid, I invalid, N Not found

Network
Next Hop
Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf MSSK)
*> 4.4.4.4/32
192.1.24.4
0
32768 ?
*>i 5.5.5.5/32
3.3.3.3
0 100
0?
*> 192.1.24.0
0.0.0.0
0
32768 i
*>i 192.1.35.0
3.3.3.3
0 100
0i
R2#sh bgp vpnv4 unicast all neighbors 3.3.3.3 advertised-routes
Network
Next Hop
*> 4.4.4.4/32
192.1.24.4
0
32768 ?
*> 192.1.24.0
0.0.0.0
0
32768 i
Total number of prefixes 2
Neighbor
V
State/PfxRcd
2.2.2.2
4
AS MsgRcvd MsgSent
100
58
56

0
0 00:47:48

8

Network
Next Hop
*>i 4.4.4.4/32
2.2.2.2
0 100
0?
*> 5.5.5.5/32
192.1.35.5
0
32768 ?
*>i 192.1.24.0
2.2.2.2
0 100
0i
*> 192.1.35.0
0.0.0.0
0
32768 i
Network
Next Hop
*> 5.5.5.5/32
192.1.35.5
0
32768 ?
*> 192.1.35.0
0.0.0.0
0
32768 i
R4#sh ip route
Gateway of last resort is 192.1.24.2 to network 0.0.0.0
S*
C
C
L
0.0.0.0/0 [1/0] via 192.1.24.2

4.4.4.4 is directly connected, Loopback0
192.1.24.0/24 is variably subnetted, 2 subnets, 2 masks
192.1.24.0/24 is directly connected, FastEthernet1/0
R4#ping 5.5.5.5 source lo0

9

Packet sent with a source address of 4.4.4.4
!!!!!
R5#sh ip route
S*
C
C
L
0.0.0.0/0 [1/0] via 192.1.35.3


!!!!!
R2#show mpls forwarding-table
Local
Outgoing Prefix
Bytes Label Outgoing Next Hop
Label
Label
or Tunnel Id
Switched
interface
16
Pop Label 1.1.1.1/32
0
Se1/0
point2point
17
17
3.3.3.3/32
0
Se1/0
point2point
18
Pop Label 192.1.12.1/32 0
Se1/0
point2point
19
Pop Label 192.1.13.0/24 0
Se1/0
point2point
20
No Label 192.1.24.0/24[V] 0
aggregate/MSSK
21
No Label 4.4.4.4/32[V] 1140
Fa2/0
192.1.24.4
Local
Outgoing Prefix
Bytes Label
Label
Label
or Tunnel Id
Switched
10
Outgoing Next Hop

interface
16
17
18
19
Pop
Pop
Pop
Pop
Label
Label
Label
Label
2.2.2.2/32
7810
3.3.3.3/32
7789
192.1.12.2/32 0
192.1.13.3/32 0
Se1/0
Se1/1
Se1/0
Se1/1
point2point
point2point
point2point
point2point

Local
Outgoing Prefix
Label
Label
or Tunnel Id
Switched
interface
16
0
Se1/0
point2point
17
16
2.2.2.2/32
0
Se1/0
point2point
18
Pop Label 192.1.12.0/24 0
Se1/0
point2point
19
Pop Label 192.1.13.1/32 0
Se1/0
point2point
20
No Label 192.1.35.0/24[V] 0
aggregate/MSSK
21
No Label 5.5.5.5/32[V] 1140
Fa2/0
192.1.35.5
R1#debug mpls packet
Packet debugging is on
!!!!!
R1#
*Sep 5 14:29:13.699: MPLS les: Se1/0: rx: Len 112
- ipv4 data s:4.4.4.4 d:5.5.5.5 ttl:254 tos:0 prot:1
*Sep 5 14:29:13.703: MPLS les: Se1/1: tx: Len 108
s:4.4.4.4 d:5.5.5.5 ttl:254 tos:0 prot:1
s:5.5.5.5 d:4.4.4.4 ttl:254 tos:0 prot:1
s:4.4.4.4 d:5.5.5.5 ttl:254 tos:0 prot:1
s:5.5.5.5 d:4.4.4.4 ttl:254 tos:0 prot:1
11
Stack {17 0 254} {21 0 254}

Stack {21 0 253} - ipv4 data
Stack {16 0 254} {21 0 254}
Stack {17 0 254} {21 0 254}
Stack {16 0 254} {21 0 254}
Stack {17 0 254} {21 0 254}

s:4.4.4.4 d:5.5.5.5 ttl:254 tos:0 prot:1
s:5.5.5.5 d:4.4.4.4 ttl:254 tos:0 prot:1
s:4.4.4.4 d:5.5.5.5 ttl:254 tos:0 prot:1
R1#
s:5.5.5.5 d:4.4.4.4 ttl:254 tos:0 prot:1
s:4.4.4.4 d:5.5.5.5 ttl:254 tos:0 prot:1
s:5.5.5.5 d:4.4.4.4 ttl:254 tos:0 prot:1
R1#
12

Stack {16 0 254} {21 0 254}
Stack {17 0 254} {21 0 254}
Stack {16 0 254} {21 0 254}
Stack {17 0 254} {21 0 254}
Stack {16 0 254} {21 0 254}
MPLS L3VPN RIPv2 CE-PE

Network Diagram
Lo0
1.1.1.1/32
Lo0
4.4.4.4/32
192.1.24.0/24
Lo0
2.2.2.2/32
R2
4
/2
.0
12
.
2.1
19
R1
S1/0
S1/0
S1/1
LSP
19
2.
1.
13
.0/
24
S1/0
IBGP
192.1.35.0/24
OSPF
Area 0
F2/0
RIPv2
F1/0
AS 100
R3
F2/0
RIPv2
F1/0
R5
R4
Configurations
VRF Configuration
R2
vrf definition MSSK
rd 100:1
address-family ipv4
int f2/0
vrf forwarding MSSK
ip address 192.1.24.2 255.255.255.0
R3
vrf definition MSSK
rd 100:1
address-family ipv4
13
Lo0
3.3.3.3/32
Lo0
5.5.5.5/32

int f2/0
vrf forwarding MSSK
ip address 192.1.35.3 255.255.255.0
IGP Configuration
R1
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 192.1.12.1 0.0.0.0 area 0
network 192.1.13.1 0.0.0.0 area 0
R2
router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 192.1.12.2 0.0.0.0 area 0
R3
router ospf 1
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 192.1.13.3 0.0.0.0 area 0
R1
int s1/0
mpls ip
int s1/1
mpls ip
R2
int s1/0
mpls ip
14
R3
int s1/0
mpls ip
R2
router bgp 100
R3
router bgp 100
R2
router rip
no auto-summary
version 2
network 192.1.24.2
R4
router rip
no auto-summary
version 2
network 4.4.4.4
network 192.1.24.4
15
R3
router rip
no auto-summary
version 2
network 192.1.35.3
R5
router rip
no auto-summary
version 2
network 5.5.5.5
network 192.1.35.5
VPN Configuration
R2
router bgp 100
redistribute rip
router rip
redistribute bgp 100 metric 1
R3
router bgp 100
redistribute rip
router rip
Verifications
TCP connection: 2.2.2.2.38298 - 1.1.1.1.646
Up time: 00:49:35
192.1.12.2
2.2.2.2
16

TCP connection: 3.3.3.3.34974 - 1.1.1.1.646
Up time: 00:49:34
192.1.13.3
3.3.3.3
Interface
IP
Tunnel
Serial1/0
Yes (ldp)
No
Serial1/1
Yes (ldp)
No

No No
Yes
No No
Yes

TCP connection: 1.1.1.1.646 - 2.2.2.2.38298
Up time: 00:49:39
192.1.12.1
192.1.13.1
1.1.1.1
Interface
IP
Tunnel
Serial1/0
Yes (ldp)
No

No No
Yes

TCP connection: 1.1.1.1.646 - 3.3.3.3.34974
Up time: 00:49:40
192.1.12.1
192.1.13.1
1.1.1.1
Interface
IP
Tunnel
Serial1/0
Yes (ldp)
No

No No
Yes
R2#sh ip route vrf MSSK rip

Routing Table: MSSK
17

R

4.4.4.4 [120/1] via 192.1.24.4, 00:00:15, FastEthernet2/0

!!!!!
Routing Table: MSSK
R


.
Success rate is 0 percent (0/1)
18
!!!!!
Neighbor
V
State/PfxRcd
3.3.3.3
4
AS MsgRcvd MsgSent
100
92
93
12

0
0 01:18:58

Network
Next Hop
*> 4.4.4.4/32
192.1.24.4
1
32768 ?
*>i 5.5.5.5/32
3.3.3.3
1 100
0?
*> 192.1.24.0
0.0.0.0
0
32768 i
*>i 192.1.35.0
3.3.3.3
0 100
0i
Network
Next Hop
*> 4.4.4.4/32
192.1.24.4
1
32768 ?
19
*> 192.1.24.0
0.0.0.0
32768 i

Neighbor
V
State/PfxRcd
2.2.2.2
4
AS MsgRcvd MsgSent
100
94
92
12

0
0 01:19:28

Network
Next Hop
*>i 4.4.4.4/32
2.2.2.2
1 100
0?
*> 5.5.5.5/32
192.1.35.5
1
32768 ?
*>i 192.1.24.0
2.2.2.2
0 100
0i
*> 192.1.35.0
0.0.0.0
0
32768 i
Network
Next Hop
20
*> 5.5.5.5/32
*> 192.1.35.0
192.1.35.5
0.0.0.0
32768 ?
32768 i

R4#sh ip route rip
R
R

192.1.35.0/24 [120/1] via 192.1.24.2, 00:00:21, FastEthernet1/0

!!!!!
R5#sh ip route rip
R
R


21

!!!!!
R2#sh ip route vrf MSSK 4.4.4.4
Routing Table: MSSK
Routing entry for 4.4.4.4/32
Known via "rip", distance 120, metric 1
Redistributing via bgp 100, rip
Advertised by bgp 100
Last update from 192.1.24.4 on FastEthernet2/0, 00:00:13 ago
Routing Descriptor Blocks:
* 192.1.24.4, from 192.1.24.4, 00:00:13 ago, via FastEthernet2/0
Route metric is 1, traffic share count is 1
R3#sh bgp vpnv4 unicast all 4.4.4.4/32
BGP routing table entry for 100:1:4.4.4.4/32, version 11
Paths: (1 available, best #1, table MSSK)
Not advertised to any peer
Refresh Epoch 1
Local
2.2.2.2 (metric 129) from 2.2.2.2 (2.2.2.2)
Origin incomplete, metric 1, localpref 100, valid, internal, best
Extended Community: RT:100:1
mpls labels in/out nolabel/22
rx pathid: 0, tx pathid: 0x0
R5#sh ip route 4.4.4.4
Redistributing via rip
R2
router rip
no redistribute bgp 100 metric 1
redistribute bgp 100 metric transparent
22
R3
router rip
no redistribute bgp 100 metric 1
redistribute bgp 100 metric transparent
Routing Table: MSSK
Redistributing via bgp 100, rip
Refresh Epoch 1
Local
2.2.2.2 (metric 129) from 2.2.2.2 (2.2.2.2)
Redistributing via rip
R5#sh ip route rip
23

R
R

24
MPLS L3VPN OSPF CE-PE

Network Diagram
Lo0
1.1.1.1/32
Lo0
4.4.4.4/32
192.1.24.0/24
Lo0
2.2.2.2/32
R2
4
/2
.0
12
.
2.1
19
R1
S1/0
S1/0
S1/1
LSP
19
2.
1.
13
.0/
24
S1/0
IBGP
192.1.35.0/24
OSPF
Area 0
F2/0
OSPF
A0
F1/0
AS 100
R3
F2/0
OSPF
A0
F1/0
R5
R4
Configurations
VRF Configuration
R2
vrf definition MSSK
rd 100:1
address-family ipv4
int f2/0
vrf forwarding MSSK
ip address 192.1.24.2 255.255.255.0
R3
vrf definition MSSK
rd 100:1
address-family ipv4
25
Lo0
3.3.3.3/32
Lo0
5.5.5.5/32

int f2/0
vrf forwarding MSSK
ip address 192.1.35.3 255.255.255.0
IGP Configuration
R1
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 192.1.12.1 0.0.0.0 area 0
network 192.1.13.1 0.0.0.0 area 0
R2
router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 192.1.12.2 0.0.0.0 area 0
R3
router ospf 1
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 192.1.13.3 0.0.0.0 area 0
R1
int s1/0
mpls ip
int s1/1
mpls ip
R2
int s1/0
26
mpls ip
R3
int s1/0
mpls ip
R2
router bgp 100
R3
router bgp 100
R2
router ospf 100 vrf MSSK
network 192.1.24.2 0.0.0.0 area 0
R4
router ospf 100
router-id 4.4.4.4
network 4.4.4.4 0.0.0.0 area 0
network 192.1.24.4 0.0.0.0 area 0
R3
network 192.1.35.3 0.0.0.0 area 0
R5
27
router ospf 100

router-id 5.5.5.5
network 5.5.5.5 0.0.0.0 area 0
network 192.1.35.5 0.0.0.0 area 0
VPN Configuration
R2
redistribute bgp 100 subnets
router bgp 100
redistribute ospf 100 vrf MSSK
R3
router bgp 100
Verifications
TCP connection: 2.2.2.2.38298 - 1.1.1.1.646
Up time: 00:49:35
192.1.12.2
2.2.2.2
TCP connection: 3.3.3.3.34974 - 1.1.1.1.646
Up time: 00:49:34
192.1.13.3
3.3.3.3
Interface
IP
Tunnel
Serial1/0
Yes (ldp)
No
Serial1/1
Yes (ldp)
No

No No
Yes
No No
Yes
28

TCP connection: 1.1.1.1.646 - 2.2.2.2.38298
Up time: 00:49:39
192.1.12.1
192.1.13.1
1.1.1.1
Interface
IP
Tunnel
Serial1/0
Yes (ldp)
No

No No
Yes

TCP connection: 1.1.1.1.646 - 3.3.3.3.34974
Up time: 00:49:40
192.1.12.1
192.1.13.1
1.1.1.1
Interface
IP
Tunnel
Serial1/0
Yes (ldp)
No

No No
Yes
R2#sh ip route vrf MSSK ospf

Routing Table: MSSK
O

29

!!!!!
Routing Table: MSSK
O


!!!!!
Neighbor
V
State/PfxRcd
3.3.3.3
4
AS MsgRcvd MsgSent
100
4831
4833

22
30
0 3d01h

Network
Next Hop
*> 4.4.4.4/32
192.1.24.4
2
32768 ?
*>i 5.5.5.5/32
3.3.3.3
2 100
0?
*> 192.1.24.0
0.0.0.0
0
32768 i
*>i 192.1.35.0
3.3.3.3
0 100
0i
Network
Next Hop
*> 4.4.4.4/32
192.1.24.4
2
32768 ?
*> 192.1.24.0
0.0.0.0
0
32768 i
Neighbor
V
State/PfxRcd
AS MsgRcvd MsgSent
31
2.2.2.2
100
4833
4832
22
0 3d01h

Network
Next Hop
*>i 4.4.4.4/32
2.2.2.2
2 100
0?
*> 5.5.5.5/32
192.1.35.5
2
32768 ?
*>i 192.1.24.0
2.2.2.2
0 100
0i
*> 192.1.35.0
0.0.0.0
0
32768 i
Network
Next Hop
*> 5.5.5.5/32
192.1.35.5
2
32768 ?
*> 192.1.35.0
0.0.0.0
0
32768 i
R4#sh ip ospf neighbor
Neighbor ID
192.1.24.2
Pri State
1 FULL/BDR
Dead Time Address

Interface
00:00:37 192.1.24.2
FastEthernet1/0
R4#sh ip route ospf

32

O IA
O E2 192.1.35.0/24 [110/1] via 192.1.24.2, 00:02:57, FastEthernet1/0
R4#ping 5.5.5.5
!!!!!
Neighbor ID
Pri State
Dead Time Address
Interface
192.1.35.3
1 FULL/BDR
00:00:39 192.1.35.3
FastEthernet1/0
R5#sh ip route ospf
O IA
O E2 192.1.24.0/24 [110/1] via 192.1.35.3, 00:03:01, FastEthernet1/0
R5#ping 4.4.4.4
!!!!!
Routing Table: MSSK
Known via "ospf 100", distance 110, metric 2, type intra area
33
Redistributing via bgp 100

Refresh Epoch 1
Local
2.2.2.2 (metric 129) from 2.2.2.2 (2.2.2.2)
Extended Community: RT:100:1 OSPF DOMAIN ID:0x0005:0x000000640200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:192.1.24.2:0
34
MPLS L3VPN ISIS CE-PE

Network Diagram
Lo0
1.1.1.1/32
Lo0
4.4.4.4/32
192.1.24.0/24
Lo0
2.2.2.2/32
R2
4
/2
.0
2
.1
2.1
19
R1
S1/0
S1/0
S1/1
LSP
19
2.
1.
13
.0/
24
S1/0
IBGP
192.1.35.0/24
OSPF
Area 0
F2/0
ISIS
L2
F1/0
AS 100
R3
F2/0
ISIS
L2
F1/0
R5
R4
Configurations
VRF Configuration
R2
vrf definition MSSK
rd 100:1
address-family ipv4
int f2/0
vrf forwarding MSSK
ip address 192.1.24.2 255.255.255.0
R3
vrf definition MSSK
rd 100:1
address-family ipv4
35
Lo0
3.3.3.3/32
Lo0
5.5.5.5/32

vrf forwarding MSSK
ip address 192.1.35.3 255.255.255.0
IGP Configuration
R1
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 192.1.12.1 0.0.0.0 area 0
network 192.1.13.1 0.0.0.0 area 0
R2
router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 192.1.12.2 0.0.0.0 area 0
R3
router ospf 1
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 192.1.13.3 0.0.0.0 area 0
R1
int s1/0
mpls ip
int s1/1
mpls ip
R2
int s1/0
mpls ip
36
R3
int s1/0
mpls ip
R2
router bgp 100
R3
router bgp 100
R2
router isis 1
vrf MSSK
net 49.0001.0000.0000.0002.00
is-type level-2-only
int f2/0
ip router isis 1
R4
router isis 1
net 49.0001.0000.0000.0004.00
passive-interface lo0
int f1/0
37
ip router isis 1
R3
router isis 1
vrf MSSK
net 49.0001.0000.0000.0003.00
int f2/0
ip router isis 1
R5
router isis 1
net 49.0001.0000.0000.0005.00
passive-interface lo0
int f1/0
ip router isis 1
VPN Configuration
R2
router isis 1
vrf MSSK
redistribute bgp 100 ip level-2
router bgp 100
redistribute isis 1 ip level-2
R3
router isis 1
vrf MSSK
redistribute bgp 100 ip level-2
router bgp 100
redistribute isis 1 ip level-2
Verifications
TCP connection: 2.2.2.2.38298 - 1.1.1.1.646
38

Up time: 00:49:35
192.1.12.2
2.2.2.2
TCP connection: 3.3.3.3.34974 - 1.1.1.1.646
Up time: 00:49:34
192.1.13.3
3.3.3.3
Interface
IP
Tunnel
Serial1/0
Yes (ldp)
No
Serial1/1
Yes (ldp)
No

No No
Yes
No No
Yes

TCP connection: 1.1.1.1.646 - 2.2.2.2.38298
Up time: 00:49:39
192.1.12.1
192.1.13.1
1.1.1.1
Interface
IP
Tunnel
Serial1/0
Yes (ldp)
No

No No
Yes

TCP connection: 1.1.1.1.646 - 3.3.3.3.34974
Up time: 00:49:40
192.1.12.1
192.1.13.1
1.1.1.1
39
Interface
Serial1/0
IP
Tunnel
Yes (ldp)
No

No No
Yes
R2#sh ip route vrf MSSK isis

Routing Table: MSSK
i L2
!!!!!
R3#sh ip route vrf MSSK isis
Routing Table: MSSK
i L2
!!!!!
40

Neighbor
V
State/PfxRcd
3.3.3.3
4
AS MsgRcvd MsgSent
100
4941
4943

27
0 3d02h

Network
Next Hop
*> 4.4.4.4/32
192.1.24.4
10
32768 ?
*>i 5.5.5.5/32
3.3.3.3
10 100
0?
*> 192.1.24.0
0.0.0.0
0
32768 i
*>i 192.1.35.0
3.3.3.3
0 100
0i
Network
Next Hop
*> 4.4.4.4/32
192.1.24.4
10
32768 ?
*> 192.1.24.0
0.0.0.0
0
32768 i
41

Neighbor
V
State/PfxRcd
2.2.2.2
4
AS MsgRcvd MsgSent
100
4943
4941

27
0 3d02h

Network
Next Hop
*>i 4.4.4.4/32
2.2.2.2
10 100
0?
*> 5.5.5.5/32
192.1.35.5
10
32768 ?
*>i 192.1.24.0
2.2.2.2
0 100
0i
*> 192.1.35.0
0.0.0.0
0
32768 i
Network
Next Hop
*> 5.5.5.5/32
192.1.35.5
10
32768 ?
42
*> 192.1.35.0
0.0.0.0
32768 i

R4#sh isis neighbors
Tag 1:
System Id
Type Interface IP Address
State Holdtime Circuit Id
R2
L2 Fa1/0
192.1.24.2
UP 28
R4.01
R4#show clns neighbors
Tag 1:
System Id
Interface SNPA
State Holdtime Type Protocol
R2
Fa1/0
ca01.7a82.0038
Up
25
L2 IS-IS
R4#show ip route isis
i L2
i L2 192.1.35.0/24 [115/10] via 192.1.24.2, 00:44:36, FastEthernet1/0
!!!!!
R5#sh isis neighbors
Tag 1:
System Id
R3
L2 Fa1/0
192.1.35.3
UP 26
R5.01
Tag 1:
43
System Id
Interface SNPA
R3
Fa1/0
ca02.7a92.0038

Up
24
L2 IS-IS

i L2
i L2 192.1.24.0/24 [115/10] via 192.1.35.3, 00:44:14, FastEthernet1/0
!!!!!
Routing Table: MSSK
Known via "isis", distance 115, metric 10, type level-2
Redistributing via bgp 100, isis 1
Advertised by bgp 100 level-2
Refresh Epoch 1
Local
2.2.2.2 (metric 129) from 2.2.2.2 (2.2.2.2)
44

45
MPLS L3VPN BGP CE-PE

Network Diagram
Lo0
1.1.1.1/32
Lo0
4.4.4.4/32
192.1.24.0/24
Lo0
2.2.2.2/32
R2
4
/2
.0
2
1.1
2.
19
R1
S1/0
S1/0
S1/1
LSP
19
2.
1.1
3
AS 100
.0
/2
4
S1/0
IBGP
192.1.35.0/24
OSPF
Area 0
F2/0
BGP
F1/0
R3
F2/0
F1/0
R4
R5
AS 1
AS 1
Configurations
VRF Configuration
R2
vrf definition MSSK
rd 100:1
address-family ipv4
int f2/0
vrf forwarding MSSK
ip address 192.1.24.2 255.255.255.0
R3
vrf definition MSSK
rd 100:1
address-family ipv4
46
Lo0
3.3.3.3/32
Lo0
5.5.5.5/32

int f2/0
vrf forwarding MSSK
ip address 192.1.35.3 255.255.255.0
IGP Configuration
R1
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 192.1.12.1 0.0.0.0 area 0
network 192.1.13.1 0.0.0.0 area 0
R2
router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 192.1.12.2 0.0.0.0 area 0
R3
router ospf 1
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 192.1.13.3 0.0.0.0 area 0
R1
int s1/0
mpls ip
int s1/1
mpls ip
R2
int s1/0
47
mpls ip
R3
int s1/0
mpls ip
R2
router bgp 100
R3
router bgp 100
R2
router bgp 100
network 192.1.24.0 mask 255.255.255.0
R4
router bgp 1
address-family ipv4
network 4.4.4.4 mask 255.255.255.255
48
R3
router bgp 100
network 192.1.35.0 mask 255.255.255.0
R5
router bgp 1
address-family ipv4
network 5.5.5.5 mask 255.255.255.255
Verifications
R2#sh ip route vrf MSSK bgp
Routing Table: MSSK
B
B
B

4.4.4.4 [20/0] via 192.1.24.4, 00:05:47
5.5.5.5 [200/0] via 3.3.3.3, 00:03:32
192.1.35.0/24 [200/0] via 3.3.3.3, 00:00:33

!!!!!
49

!!!!!
R3#sh ip route vrf MSSK bgp
Routing Table: MSSK
B
B
B

4.4.4.4 [200/0] via 2.2.2.2, 00:06:27
5.5.5.5 [20/0] via 192.1.35.5, 00:04:13
192.1.24.0/24 [200/0] via 2.2.2.2, 00:01:47

!!!!!
!!!!!
R4#sh ip bgp
50
Network
*> 4.4.4.4/32
r> 192.1.24.0
*> 192.1.35.0
Next Hop
0.0.0.0
192.1.24.2
192.1.24.2

0
32768 i
0
0 100 i
0 100 i
R5#sh ip bgp
Network
*> 5.5.5.5/32
*> 192.1.24.0
r> 192.1.35.0
Next Hop
0.0.0.0
192.1.35.3
192.1.35.3

0
32768 i
0 100 i
0
0 100 i
As we can see from last two outputs above, neither R4 or R5 learned each other
loopback networks, let us check if they are advertised from the PE side toward each
of them
R2#sh bgp vpnv4 unicast vrf MSSK neighbors 192.1.24.4 advertised-routes
Network
Next Hop
*>i 5.5.5.5/32
3.3.3.3
0 100
01i
*> 192.1.24.0
0.0.0.0
0
32768 i
*>i 192.1.35.0
3.3.3.3
0 100
0i
R3#sh bgp vpnv4 unicast vrf MSSK neighbors 192.1.35.5 advertised-routes
51
Network
Next Hop
*>i 4.4.4.4/32
2.2.2.2
0 100
01i
*>i 192.1.24.0
2.2.2.2
0 100
0i
*> 192.1.35.0
0.0.0.0
0
32768 i
As seen, the PE routers learn those routes for both CEs and advertise toward them
as well, so what is the issue?
Let us turn debug on R4 for coming BGP updates and see what the output can tells
us
R4
debug ip bgp updates
clear ip bgp * in
*Sep 13 03:10:27.647: BGP(0): 192.1.24.2 rcv UPDATE about 5.5.5.5/32 -DENIED due to: AS-PATH contains our own AS;
So the issue is clear now, BGP speaker will not accept an update that contains its
own AS number, so what could we do? We can use the as-override feature from the
PE side toward each CE
R2
router bgp 100
neighbor 192.1.24.4 as-override
clear ip bgp * out
R3
router bgp 100
clear ip bgp * out
R4#
*Sep 13 03:13:11.819: BGP(0): 192.1.24.2 rcvd UPDATE w/ attr: nexthop
192.1.24.2, origin i, merged path 100, AS_PATH
R4#sh ip bgp
52

Network
*> 4.4.4.4/32
*> 5.5.5.5/32
r> 192.1.24.0
*> 192.1.35.0
Next Hop
0.0.0.0
192.1.24.2
192.1.24.2
192.1.24.2

0
32768 i
0 100 100 i
0
0 100 i
0 100 i

!!!!!
R4#traceroute 5.5.5.5 source lo0 numer
Tracing the route to 5.5.5.5
VRF info: (vrf in name/id, vrf out name/id)
1 192.1.24.2 [AS 100] 16 msec 12 msec 4 msec
2 192.1.12.1 [MPLS: Labels 17/20 Exp 0] 32 msec 16 msec 20 msec
3 192.1.35.3 [AS 100] [MPLS: Label 20 Exp 0] 16 msec 16 msec 20 msec
4 192.1.35.5 [AS 100] 20 msec * 24 msec
R5#sh ip bgp
Network
*> 4.4.4.4/32
*> 5.5.5.5/32
*> 192.1.24.0
r> 192.1.35.0
Next Hop
192.1.35.3
0.0.0.0
192.1.35.3
192.1.35.3

0 100 100 i
0
32768 i
0 100 i
0
0 100 i

53

!!!!!
R5#traceroute 4.4.4.4 source lo0 numeric
1 192.1.35.3 [AS 100] 16 msec 8 msec 4 msec
3 192.1.24.2 [AS 100] [MPLS: Label 22 Exp 0] 16 msec 16 msec 16 msec
4 192.1.24.4 [AS 100] 32 msec * 16 msec
54
MPLS Tunneling
Network Diagram
R8
R1
F0/0
F0/0
F0/0
F0/1
R2
R7
F0/1
F0/0
F0/0
R3
R6
F0/1
F0/0
F0/0
F0/1
R4
F0/0
F0/1
R5
MPLS Backbone
ISIS Area 49.0001
Configurations
IGP Configuration
R2
router isis 1
net 49.0000.0000.0000.0002.00
passive-interface Loopback0
55
F0/1
interface FastEthernet0/1
ip router isis 1
R3
router isis 1
net 49.0000.0000.0000.0003.00
ip router isis 1
ip router isis 1
R4
router isis 1
net 49.0000.0000.0000.0004.00
ip router isis 1
ip router isis 1
R5
router isis 1
net 49.0000.0000.0000.0005.00
ip router isis 1
ip router isis 1
56
R6
router isis 1
net 49.0000.0000.0000.0006.00
ip router isis 1
ip router isis 1
R7
router isis 1
net 49.0000.0000.0000.0007.00
ip router isis 1
R2
mpls ip
R3
mpls ip
57
mpls ip
R4
mpls ip
mpls ip
R5
mpls ip
mpls ip
R6
mpls ip
mpls ip
R7
mpls ip
58
BGP Configuration
R1
router bgp 1
address-family ipv4
network 1.1.1.1 mask 255.255.255.255
R2
router bgp 100
address-family ipv4
neighbor 7.7.7.7 next-hop-self
R8
router bgp 20
R8address-family ipv4
network 8.8.8.8 mask 255.255.255.255
R7
router bgp 100
address-family ipv4
59

Verification
R1#sh ip bgp summary
1 BGP AS-PATH entries using 24 bytes of memory
Bitfield cache entries: current 1 (at peak 1) using 32 bytes of memory
Neighbor
V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.12.2 4 100
7
6
3 0 0 00:02:51
1
R1#sh ip bgp
r RIB-failure, S Stale
Network
*> 1.1.1.1/32
*> 8.8.8.8/32
Next Hop
0.0.0.0
192.168.12.2

0
32768 i
0 100 20 i

!!!!!
60

Neighbor
192.168.78.7 4 100
5
5
3 0 0 00:01:51
1
R8#sh ip bgp
Network
*> 1.1.1.1/32
*> 8.8.8.8/32
Next Hop
192.168.78.7
0.0.0.0

0 100 1 i
0
32768 i

!!!!!
61

Neighbor
7.7.7.7
4 100
6
6
3 0 0 00:02:42
1
192.168.12.1 4
1
8
9
3 0 0 00:04:02
1
R2#sh ip bgp
Network
*> 1.1.1.1/32
*>i8.8.8.8/32
Next Hop
192.168.12.1
7.7.7.7

0
01i
0 100
0 20 i

Neighbor
2.2.2.2
4 100
6
6
3 0 0 00:02:55
1
192.168.78.8 4 20
6
6
3 0 0 00:02:50
1
R7#sh ip bgp
62

Network
*>i1.1.1.1/32
*> 8.8.8.8/32
Next Hop
2.2.2.2
192.168.78.8

0 100
01i
0
0 20 i
Now, if we wanted to trace the packet as it traverses through the backbone and
check label assignments, we will enable debug mpls packets on the MPLS routers
(R3 through R6) and initiate an ICMP packet from R8 towards R1
R3 R6
debug mpls packets
Local Outgoing Prefix
Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id
switched interface
16
Pop tag
3.3.3.3/32
0
Fa0/1
192.168.23.3
17
Pop tag
192.168.34.0/24 0
Fa0/1
192.168.23.3
18
17
4.4.4.4/32
0
Fa0/1
192.168.23.3
19
18
192.168.45.0/24 0
Fa0/1
192.168.23.3
20
19
5.5.5.5/32
0
Fa0/1
192.168.23.3
21
20
192.168.56.0/24 0
Fa0/1
192.168.23.3
22
21
6.6.6.6/32
0
Fa0/1
192.168.23.3
23
23
7.7.7.7/32
0
Fa0/1
192.168.23.3
24
22
192.168.67.0/24 0
Fa0/1
192.168.23.3
switched interface
16
Pop tag
2.2.2.2/32
104567
Fa0/0
192.168.23.2
17
Pop tag
4.4.4.4/32
0
Fa0/1
192.168.34.4
18
Pop tag
192.168.45.0/24 0
Fa0/1
192.168.34.4
19
18
5.5.5.5/32
0
Fa0/1
192.168.34.4
20
20
192.168.56.0/24 0
Fa0/1
192.168.34.4
21
21
6.6.6.6/32
0
Fa0/1
192.168.34.4
22
22
192.168.67.0/24 0
Fa0/1
192.168.34.4
23
23
7.7.7.7/32
65271
Fa0/1
192.168.34.4
63

switched interface
16
Pop tag
3.3.3.3/32
0
Fa0/0
192.168.34.3
17
Pop tag
192.168.23.0/24 0
Fa0/0
192.168.34.3
18
Pop tag
5.5.5.5/32
0
Fa0/1
192.168.45.5
19
16
2.2.2.2/32
111037
Fa0/0
192.168.34.3
20
Pop tag
192.168.56.0/24 0
Fa0/1
192.168.45.5
21
18
6.6.6.6/32
0
Fa0/1
192.168.45.5
22
21
192.168.67.0/24 0
Fa0/1
192.168.45.5
23
23
7.7.7.7/32
65271
Fa0/1
192.168.45.5
switched interface
16
Pop tag
4.4.4.4/32
0
Fa0/0
192.168.45.4
17
Pop tag
192.168.34.0/24 0
Fa0/0
192.168.45.4
18
Pop tag
6.6.6.6/32
0
Fa0/1
192.168.56.6
19
16
3.3.3.3/32
0
Fa0/0
192.168.45.4
20
19
2.2.2.2/32
111037
Fa0/0
192.168.45.4
21
Pop tag
192.168.67.0/24 0
Fa0/1
192.168.56.6
22
17
192.168.23.0/24 0
Fa0/0
192.168.45.4
23
18
7.7.7.7/32
65271
Fa0/1
192.168.56.6
switched interface
16
Pop tag
5.5.5.5/32
0
Fa0/0
192.168.56.5
17
Pop tag
192.168.45.0/24 0
Fa0/0
192.168.56.5
18
Pop tag
7.7.7.7/32
61950
Fa0/1
192.168.67.7
19
16
4.4.4.4/32
0
Fa0/0
192.168.56.5
20
19
3.3.3.3/32
0
Fa0/0
192.168.56.5
21
20
2.2.2.2/32
111174
Fa0/0
192.168.56.5
22
17
192.168.34.0/24 0
Fa0/0
192.168.56.5
23
22
192.168.23.0/24 0
Fa0/0
192.168.56.5
Bytes tag Outgoing
64
Next Hop
tag
16
17
18
19
20
21
22
23
24
tag or VC or Tunnel Id
switched interface
Pop tag
6.6.6.6/32
0
Fa0/0
192.168.67.6
Pop tag
192.168.56.0/24 0
Fa0/0
192.168.67.6
16
5.5.5.5/32
0
Fa0/0
192.168.67.6
19
4.4.4.4/32
0
Fa0/0
192.168.67.6
20
3.3.3.3/32
0
Fa0/0
192.168.67.6
21
2.2.2.2/32
0
Fa0/0
192.168.67.6
17
192.168.45.0/24 0
Fa0/0
192.168.67.6
22
192.168.34.0/24 0
Fa0/0
192.168.67.6
23
192.168.23.0/24 0
Fa0/0
192.168.67.6
R6#
*Mar 1 13:38:13.812: MPLS: Fa0/1: recvd: CoS=0, TTL=254, Label(s)=21
*Mar 1 13:38:13.812: MPLS: Fa0/0: xmit: CoS=0, TTL=253, Label(s)=20
R5#
*Mar
*Mar
R4#
*Mar
*Mar
1 13:38:03.440: MPLS: Fa0/1: recvd: CoS=0, TTL=253, Label(s)=20

1 13:38:03.440: MPLS: Fa0/0: xmit: CoS=0, TTL=252, Label(s)=19
1 13:38:01.684: MPLS: Fa0/1: recvd: CoS=0, TTL=252, Label(s)=19
1 13:38:01.684: MPLS: Fa0/0: xmit: CoS=0, TTL=251, Label(s)=16
R3#
*Mar 1 13:38:14.572: MPLS: Fa0/1: recvd: CoS=0, TTL=251, Label(s)=16
*Mar 1 13:38:14.572: MPLS: Fa0/0: xmit: (no label)
Note: we can see the no label keyword which is due to PHP
As can be seen from the debug outputs above that the precedence value is 0 which
is copied from the packet header to the MPLS header (CoS)
R1
access-list
access-list
access-list
access-list
access-list
access-list
access-list
100
100
100
100
100
100
100
permit
permit
permit
permit
permit
permit
permit
ip
ip
ip
ip
ip
ip
ip
any
any
any
any
any
any
any
any
any
any
any
any
any
any
precedence
precedence
precedence
precedence
precedence
precedence
precedence
65
critical
flash
flash-override
immediate
internet
network
priority
access-list 100 permit ip any any precedence routine

int f0/0
ip access-group 100 in
R1# sh access-lists
Extended IP access
10 permit ip any
20 permit ip any
30 permit ip any
40 permit ip any
50 permit ip any
60 permit ip any
70 permit ip any
80 permit ip any
list 100
any precedence
any precedence
any precedence
any precedence
any precedence
any precedence
any precedence
any precedence
critical
flash
flash-override
immediate
internet
network
priority
routine (5 matches)
66
MPLS L3VPN OSPF Sham-link

Network Diagram
Lo0
1.1.1.1/32
Lo0
4.4.4.4/32
192.1.24.0/24
Lo0
2.2.2.2/32
R2
4
/2
.0
2
.1
2.1
19
R1
S1/0
S1/1
LSP
S1/0
19
2.
1.
13
.0/
24
S1/0
IBGP
192.1.35.0/24
OSPF
Area 0
F2/0
OSPF
A0
F1/0
R4
OSPF A0
192.1.45.0/24
Configurations
VRF Configuration
R2
vrf definition MSSK
rd 100:1
address-family ipv4
int f2/0
vrf forwarding MSSK
ip address 192.1.24.2 255.255.255.0
R3
vrf definition MSSK
rd 100:1
address-family ipv4
67
AS 100
R3
Lo0
3.3.3.3/32
F2/0
OSPF
A0
F1/0
R5
Lo0
5.5.5.5/32

int f2/0
vrf forwarding MSSK
ip address 192.1.35.3 255.255.255.0
IGP Configuration
R1
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 192.1.12.1 0.0.0.0 area 0
network 192.1.13.1 0.0.0.0 area 0
R2
router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 192.1.12.2 0.0.0.0 area 0
R3
router ospf 1
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 192.1.13.3 0.0.0.0 area 0
R1
int s1/0
mpls ip
int s1/1
mpls ip
R2
int s1/0
mpls ip
68
R3
int s1/0
mpls ip
R2
router bgp 100
R3
router bgp 100
R2
network 192.1.24.2 0.0.0.0 area 0
R4
router ospf 100
router-id 4.4.4.4
network 4.4.4.4 0.0.0.0 area 0
network 192.1.24.4 0.0.0.0 area 0
R3
network 192.1.35.3 0.0.0.0 area 0
69
R5
router ospf 100
router-id 5.5.5.5
network 5.5.5.5 0.0.0.0 area 0
network 192.1.35.5 0.0.0.0 area 0
CE-CE Link Configuration
R4
router ospf 100
network 192.1.45.4 0.0.0.0 area 0
R5
router ospf 100
network 192.1.45.5 0.0.0.0 area 0
VPN Configuration
R2
router bgp 100
R3
router bgp 100
Verifications
Routing Table: MSSK
70

O
O
O
O

As can be seen from the output below, R2 should learn R5 loopback via iBGP not via
OSPF as we are configuring MPLS L3VPN
R5 loopback was learned via OSPF and has an AD value of 110 and cost of 3 (which
roughly means it crossed three FastEthernet links)
Routing Table: MSSK
O
O
O
O

R2#show bgp vpnv4 unicast all

Network
Next Hop

71

* i 4.4.4.4/32
3.3.3.3
3 100
0?
*>
192.1.24.4
2
32768 ?
* i 5.5.5.5/32
3.3.3.3
2 100
0?
*>
192.1.24.4
3
32768 ?
* i 192.1.24.0
3.3.3.3
3 100
0?
*>
0.0.0.0
0
32768 ?
*> 192.1.35.0
192.1.24.4
3
32768 ?
*i
3.3.3.3
0 100
0?
* i 192.1.45.0
3.3.3.3
2 100
0?
*>
192.1.24.4
2
32768 ?
Network
Next Hop
*> 4.4.4.4/32
192.1.35.5
3
32768 ?
*i
2.2.2.2
2 100
0?
*> 5.5.5.5/32
192.1.35.5
2
32768 ?
*i
2.2.2.2
3 100
0?
*> 192.1.24.0
192.1.35.5
3
32768 ?
*i
2.2.2.2
0 100
0?
* i 192.1.35.0
2.2.2.2
3 100
0?
*>
0.0.0.0
0
32768 ?
*> 192.1.45.0
192.1.35.5
2
32768 ?
*i
2.2.2.2
2 100
0?
Let us check from the CEs side
Neighbor ID
5.5.5.5
192.1.24.2
Pri State
1 FULL/BDR
1 FULL/DR
Dead Time Address

00:00:39 192.1.45.5
00:00:35 192.1.24.2
Interface
FastEthernet1/1
FastEthernet1/0
R4#sh ip route ospf

72

O
O

R4#traceroute 5.5.5.5 numeric

1 192.1.45.5 12 msec * 0 msec
Neighbor ID
4.4.4.4
192.1.35.3
Pri State
1 FULL/DR
1 FULL/DR
Dead Time Address

00:00:37 192.1.45.4
00:00:34 192.1.35.3
Interface
FastEthernet1/1
FastEthernet1/0
R5#sh ip route ospf

O
O


1 192.1.45.4 16 msec * 0 msec
73
As we can see, the traffic between the CEs is crossing the backdoor link and not the
primary one, which is supposed to be the MPLS L3VPN connection
So, we should configure what so called OSPF sham link, which is a virtual link
configured between the PEs inside the OSPF that resides between the PE and CE
Sham link is established with source and destination which should be attached to
the specific VRF of concern; as well it should be advertised in iBGP under the VRF
address-family
Not to forget that the cost of the backdoor link reverts to default (which is 1), so we
will implement the OSPF cost on the interfaces involved in the backdoor on both
CEs
R2
interface Loopback1
vrf forwarding MSSK
ip address 22.22.22.22 255.255.255.255
area 0 sham-link 22.22.22.22 33.33.33.33
router bgp 100
network 22.22.22.22 mask 255.255.255.255
R4
ip ospf cost 100
R3
interface Loopback1
vrf forwarding MSSK
ip address 33.33.33.33 255.255.255.255
area 0 sham-link 33.33.33.33 22.22.22.22
router bgp 100
network 33.33.33.33 mask 255.255.255.255
R5
ip ospf cost 100
74

Network
Next Hop
*> 4.4.4.4/32
192.1.24.4
2
32768 ?
r>i 5.5.5.5/32
3.3.3.3
2 100
0?
*> 22.22.22.22/32 0.0.0.0
0
32768 i
*>i 33.33.33.33/32 3.3.3.3
0 100
0i
*> 192.1.24.0
0.0.0.0
0
32768 ?
r>i 192.1.35.0
3.3.3.3
0 100
0?
* i 192.1.45.0
3.3.3.3
101 100
0?
*>
192.1.24.4
101
32768 ?
Neighbor ID
1.1.1.1
192.1.35.3
4.4.4.4
Pri State
0 FULL/ 0 FULL/ 1 FULL/BDR
Dead Time Address

Interface
00:00:31 192.1.12.1
Serial1/0
33.33.33.33
OSPF_SL2
00:00:31 192.1.24.4
FastEthernet2/0
R2#sh ip ospf sham-links

Sham Link OSPF_SL2 to address 33.33.33.33 is up
Area 0 source address 22.22.22.22
Run as demand circuit
DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40,
Hello due in 00:00:02
Adjacency State FULL (Hello suppressed)
Index 2/2, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
75

Network
Next Hop
r>i 4.4.4.4/32
2.2.2.2
2 100
0?
*> 5.5.5.5/32
192.1.35.5
2
32768 ?
*>i 22.22.22.22/32 2.2.2.2
0 100
0i
*> 33.33.33.33/32 0.0.0.0
0
32768 i
r>i 192.1.24.0
2.2.2.2
0 100
0?
*> 192.1.35.0
0.0.0.0
0
32768 ?
*> 192.1.45.0
192.1.35.5
101
32768 ?
*i
2.2.2.2
101 100
0?
Neighbor ID
1.1.1.1
192.1.24.2
5.5.5.5
Pri State
0 FULL/ 0 FULL/ 1 FULL/BDR
Dead Time Address

Interface
00:00:39 192.1.13.1
Serial1/0
22.22.22.22
OSPF_SL2
00:00:35 192.1.35.5
FastEthernet2/0
R3#sh ip ospf sham-links

Sham Link OSPF_SL2 to address 22.22.22.22 is up
Area 0 source address 33.33.33.33
Run as demand circuit
DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40,
Hello due in 00:00:01
Adjacency State FULL (Hello suppressed)
Index 2/2, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
R4#sh ip route ospf
76

O E2
O E2
O
O

1 192.1.24.2 4 msec 4 msec 4 msec
3 192.1.35.3 [MPLS: Label 25 Exp 0] 16 msec 12 msec 12 msec
4 192.1.35.5 20 msec * 16 msec
R5#sh ip route ospf
O E2
O E2
O
O

1 192.1.35.3 8 msec 4 msec 4 msec
4 192.1.24.4 16 msec * 16
77
OSPF Domain-ID
Network Diagram
MPLS Backbone
OSPF Area 0
R5
F0/0
F0/1
F0/0
R2
S0/0
P2 203
FRSW
P3 302
IBGP
F0/0
Lo0 1.1.1.1/32
S0/0
Lo0 3.3.3.3/32
R3
R1
F0/1
F0/0
F1/0
F0/1
F0/0
F0/0
F0/0
F0/0
R4
R7
R6
R8
VRF
RED
VRF
BLUE
VRF
RED
VRF
BLUE
Configurations
VRF Configuration
R1
ip vrf BLUE
rd 150:10
ip vrf RED
78
rd 300:10
ip vrf forwarding RED
ip address 192.1.14.1 255.255.255.0
ip vrf forwarding BLUE
ip address 192.1.17.1 255.255.255.0
R3
ip vrf BLUE
rd 150:10
ip vrf RED
rd 300:10
ip address 192.1.36.3 255.255.255.0
ip vrf forwarding BLUE
ip address 192.1.38.3 255.255.255.0
IGP Configuration
R1
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 192.1.15.1 0.0.0.0 area 0
R2
router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 192.1.23.2 0.0.0.0 area 0
network 192.1.25.2 0.0.0.0 area 0
79
R3
router ospf 1
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 192.1.23.3 0.0.0.0 area 0
R5
router ospf 1
router-id 5.5.5.5
network 5.5.5.5 0.0.0.0 area 0
network 192.1.15.5 0.0.0.0 area 0
network 192.1.25.5 0.0.0.0 area 0
R1
int f0/0
mpls ip
R2
int s0/0
mpls ip
int f0/0
mpls ip
R3
int s0/0
mpls ip
R5
int f0/0
80
mpls ip
int f0/1
mpls ip
R1
router bgp 10
R3
router bgp 10
R1
router ospf 300 vrf RED
router-id 192.1.14.1
network 192.1.14.1 0.0.0.0 area 0
router ospf 150 vrf BLUE
network 192.1.17.1 0.0.0.0 area 0
R4
router ospf 100
router-id 4.4.4.4
network 4.4.4.4 0.0.0.0 area 0
network 192.1.24.4 0.0.0.0 area 0
R3
network 192.1.36.3 0.0.0.0 area 0
81

network 192.1.38.3 0.0.0.0 area 0
R4
router ospf 300
router-id 4.4.4.4
network 4.4.4.4 0.0.0.0 area 0
network 192.1.14.4 0.0.0.0 area 0
R6
router ospf 300
router-id 6.6.6.6
network 6.6.6.6 0.0.0.0 area 0
network 192.1.36.6 0.0.0.0 area 0
R7
router ospf 150
router-id 7.7.7.7
network 7.7.7.7 0.0.0.0 area 0
network 192.1.17.7 0.0.0.0 area 0
R8
router ospf 150
router-id 8.8.8.8
network 8.8.8.8 0.0.0.0 area 0
network 192.1.38.8 0.0.0.0 area 0
VPN Configuration
R1
router bgp 10
address-family ipv4 vrf RED
redistribute ospf 300 vrf RED
address-family ipv4 vrf BLUE
redistribute ospf 150 vrf BLUE
82
R3
router bgp 10
address-family ipv4 vrf BLUE
redistribute ospf 150 vrf BLUE
Verifications
R1#sh ip route vrf RED ospf
Routing Table: RED
O

Routing Table: BLUE

O
R3#sh ip route vrf RED ospf
Routing Table: RED
O
R3#sh ip route vrf BLUE ospf
Routing Table: BLUE
O


83

Network
Next Hop
Route Distinguisher: 150:10 (default for vrf BLUE)
*> 7.7.7.7/32
192.1.17.7
2
32768 ?
*> 192.1.17.0
0.0.0.0
0
32768 ?
Route Distinguisher: 300:10 (default for vrf RED)
*> 4.4.4.4/32
192.1.14.4
2
32768 ?
*> 192.1.14.0
0.0.0.0
0
32768 ?
R3#show bgp vpnv4 unicast all neighbors 1.1.1.1 advertised-routes
Network
Next Hop
Route Distinguisher: 150:10 (default for vrf BLUE)
*> 8.8.8.8/32
192.1.38.8
2
32768 ?
*> 192.1.38.0
0.0.0.0
0
32768 ?
Route Distinguisher: 300:10 (default for vrf RED)
*> 6.6.6.6/32
192.1.36.6
2
32768 ?
*> 192.1.36.0
0.0.0.0
0
32768 ?
Neighbor ID
192.1.14.1
Pri State
1 FULL/BDR
Dead Time Address

Interface
00:00:37 192.1.14.1
FastEthernet0/0
R4#sh ip route ospf

O IA 6.6.6.6 [110/3] via 192.1.14.1, 02:59:21, FastEthernet0/0
O IA 192.1.36.0/24 [110/2] via 192.1.14.1, 02:59:21, FastEthernet0/0
Known via "ospf 300", distance 110, metric 3, type inter area
84

!!!!!
1
2
3
4
5
192.1.14.1
192.1.15.5
192.1.25.2
192.1.36.3
192.1.36.6
4 msec 4 msec 4 msec

[MPLS: Labels 18/24 Exp 0] 16 msec 16 msec 16 msec
[MPLS: Label 24 Exp 0] 12 msec 12 msec 12 msec
16 msec * 12 msec

Neighbor ID
192.1.36.3
Pri State
1 FULL/BDR
Dead Time Address

Interface
00:00:35 192.1.36.3
FastEthernet0/0
R6#sh ip route ospf

!!!!!
85

1
2
3
4
5
192.1.36.3
192.1.23.2
192.1.25.5
192.1.14.1
192.1.14.4

16 msec * 16 msec

Neighbor ID
192.1.17.1
Pri State
1 FULL/BDR
Dead Time Address

Interface
00:00:37 192.1.17.1
FastEthernet0/0
R7#sh ip route ospf

!!!!!
1 192.1.17.1 4 msec 4 msec 4 msec
86

5 192.1.38.8 16 msec * 16 msec
Neighbor ID
192.1.38.3
Pri State
1 FULL/BDR
Dead Time Address

Interface
00:00:39 192.1.38.3
FastEthernet0/0
R8#sh ip route ospf

!!!!!
1
2
3
4
5
192.1.38.3
192.1.23.2
192.1.25.5
192.1.17.1
192.1.17.7

16 msec * 12 msec
Let us now check the domain ID value for VRF BLUE

R1#sh ip ospf | inc Domain|ospf
Routing Process "ospf 1" with ID 1.1.1.1
87
Domain ID type 0x0005, value 0.0.1.44

As can be seen from the outputs above , the domain ID values for VRF BLUE is
derived from the OSPF process ID which is 150 , As well R7 is learning R8 loopback
network as inter area route as well as for R4 which is learning R6 loopback network
as inter area route
Let us try to set the value of domain ID for both VRFs, for VRF RED will choose the
value of 0.0.0.60 and for VRF BLUE 0.0.0.50
R1
domain-id 0.0.0.60
domain-id 0.0.0.50
R1#clear ip ospf process
Reset ALL OSPF processes? [no]: yes
R3
domain-id 0.0.0.60
domain-id 0.0.0.50
88

Let us check R4s routing table
R4#sh ip route ospf | inc 6.6.6.6
Nothing has affected the route type, let us now try to change the domain ID on
R1for VRF RED to 0.0.0.120 and keep it as it is on R3
R1
domain-id 0.0.0.120
sh ip route ospf | inc 6.6.6.6
O E2 6.6.6.6 [110/2] via 192.1.14.1, 00:00:06, FastEthernet0/0
Known via "ospf 300", distance 110, metric 2
Tag Complete, Path Length == 1, AS 10, , type extern 2, forward metric 1
Route tag 3489660938
As we can see the route type has changed to external 2, let us revert back to the
same domain ID value 0.0.0.60 and change the OSPF process ID on R1 for VRF
RED from 300 to 301
R1
no router ospf 300 vrf RED
domain-id 0.0.0.60
network 192.1.14.1 0.0.0.0 area 0
router bgp 10
89

Checking R4s routing table again
So changing the process ID will not affect the routing table as long the domain ID
values are configured manually under the OSPF process , now if we removed the
domain ID configuration from both R1 and R3 for VRF RED , the route type should
change to external 2 again , why? Because the domain ID value is derived from the
process ID value, so we have different process ID values: 300 and 301
R1
no domain-id 0.0.0.60
Reset ALL OSPF processes? [no]: y
R3
no domain-id 0.0.0.60
90

O E2 6.6.6.6 [110/2] via 192.1.14.1, 00:00:01, FastEthernet0/0
Known via "ospf 300", distance 110, metric 2
Tag Complete, Path Length == 1, AS 10, , type extern 2, forward metric 1
Route tag 3489660938
91
VRF Lite
Network Diagram
lo0 192.168.1.1/24
PE1
172.16.12.0/24
CE1
4
.0/2
6.11
1
.
2
17
172.
16.
13.0
/24
CE3
lo0 192.168.3.1/24
CE2
lo1 192.168.2.1/24
Configurations
VRF Configuration
PE1
ip vrf CE1
ip vrf CEs
ip vrf forwarding CE1
ip address 172.16.11.1 255.255.255.0
ip vrf forwarding CEs
ip address 172.16.12.1 255.255.255.0
ip vrf forwarding CEs
ip address 172.16.13.1 255.255.255.0
IGP Configuration
PE1
router ospf 1 vrf CE1
network 172.16.11.1 0.0.0.0 area 0
92
router ospf 2 vrf CEs

network 172.16.12.1 0.0.0.0 area 0
network 172.16.13.1 0.0.0.0 area 0
CE1
router ospf 1
network 172.16.11.2 0.0.0.0 area 0
network 192.168.1.1 0.0.0.0 area 0
CE2
router ospf 2
network 172.16.12.2 0.0.0.0 area 0
network 192.168.2.1 0.0.0.0 area 0
CE3
router ospf 2
network 172.16.13.2 0.0.0.0 area 0
network 192.168.3.1 0.0.0.0 area 0
Verifications
PE1#sh ip ospf neighbor
Neighbor ID
192.168.3.1
192.168.2.1
192.168.1.1
Pri State
1 FULL/BDR
1 FULL/DR
1 FULL/DR
Dead Time Address

Interface
00:00:39 172.16.13.2
FastEthernet1/0
00:00:39 172.16.12.2
FastEthernet0/1
00:00:33 172.16.11.2
FastEthernet0/0
PE1#sh ip route vrf CE1 ospf

Routing Table: CE1
O

PE1#sh ip route vrf CEs ospf

Routing Table: CEs
O
O
CE1#sh ip ospf neighbor
93
Neighbor ID
172.16.11.1
Pri State
1 FULL/BDR
Dead Time Address

Interface
00:00:35 172.16.11.1
FastEthernet0/0
CE1#sh ip route ospf

CE1#
Neighbor ID
172.16.13.1
Pri State
1 FULL/BDR
Dead Time Address

Interface
00:00:35 172.16.12.1
FastEthernet0/0

O
O
Neighbor ID
172.16.13.1
Pri State
1 FULL/DR
Dead Time Address

Interface
00:00:38 172.16.13.1
FastEthernet0/0

O
O
CE2#ping 192.168.3.1 source lo0
!!!!!
CE2#traceroute 192.168.3.1 source lo0 numeric
1 172.16.12.1 4 msec 12 msec 12 msec
2 172.16.13.2 24 msec * 16 msec
94
CE3#ping 192.168.2.1 source lo0

!!!!!
CE3#traceroute 192.168.2.1 source lo0 numeric
1 172.16.13.1 4 msec 12 msec 12 msec
2 172.16.12.2 24 msec * 12 msec
As can be seen from the outputs above, CE1 has no knowledge about the loopbacks
of CE2 and CE3 as they are separated via VRF from PE1 side
95
VRF Export-maps
Network Diagram
Lo0
1.1.1.1/32
Lo0
4.4.4.4/32
192.1.24.0/24
Lo0
2.2.2.2/32
R2
4
/2
.0
2
.1
2.1
19
R1
S1/0
S1/0
S1/1
LSP
19
2.
1.
13
.0/
24
S1/0
IBGP
192.1.35.0/24
OSPF
Area 0
F2/0
RIPv2
F1/0
AS 100
R3
F2/0
RIPv2
F1/0
R5
R4
Configurations
VRF Configuration
R2
vrf definition MSSK
rd 100:2
address-family ipv4
export map EXPORT_MAP
ip prefix-list R4LOOP seq 5 permit 4.4.4.4/32
route-map EXPORT_MAP permit 10
match ip address prefix-list R4LOOP
set extcommunity rt 2.2.2.2:4
int f2/0
vrf forwarding MSSK
ip address 192.1.24.2 255.255.255.0
96
Lo0
3.3.3.3/32
Lo0
5.5.5.5/32
R3
vrf definition MSSK
rd 100:3
address-family ipv4
export map EXPORT_MAP
route-target import 2.2.2.2:4
ip prefix-list R5LOOP seq 5 permit 5.5.5.5/32
route-map EXPORT_MAP permit 10
match ip address prefix-list R5LOOP
set extcommunity rt 100:5
int f2/0
vrf forwarding MSSK
ip address 192.1.35.3 255.255.255.0
IGP Configuration
R1
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 192.1.12.1 0.0.0.0 area 0
network 192.1.13.1 0.0.0.0 area 0
R2
router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 192.1.12.2 0.0.0.0 area 0
R3
router ospf 1
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 192.1.13.3 0.0.0.0 area 0
R1
97
int s1/0
mpls ip
int s1/1
mpls ip
R2
int s1/0
mpls ip
R3
int s1/0
mpls ip
R2
router bgp 100
R3
router bgp 100
R2
router rip
98
no auto-summary
version 2
network 192.1.24.2
R4
router rip
no auto-summary
version 2
network 4.4.4.4
network 192.1.24.4
R3
router rip
no auto-summary
version 2
network 192.1.35.3
R5
router rip
no auto-summary
version 2
network 5.5.5.5
network 192.1.35.5
VPN Configuration
R2
router bgp 100
redistribute rip
router rip
R3
router bgp 100
redistribute rip
router rip
99
Verifications
TCP connection: 2.2.2.2.38298 - 1.1.1.1.646
Up time: 00:49:35
192.1.12.2
2.2.2.2
TCP connection: 3.3.3.3.34974 - 1.1.1.1.646
Up time: 00:49:34
192.1.13.3
3.3.3.3
Interface
IP
Tunnel
Serial1/0
Yes (ldp)
No
Serial1/1
Yes (ldp)
No

No No
Yes
No No
Yes

TCP connection: 1.1.1.1.646 - 2.2.2.2.38298
Up time: 00:49:39
192.1.12.1
192.1.13.1
1.1.1.1
Interface
IP
Tunnel
Serial1/0
Yes (ldp)
No

No No
Yes

TCP connection: 1.1.1.1.646 - 3.3.3.3.34974
Up time: 00:49:40
100

192.1.12.1
192.1.13.1
1.1.1.1
Interface
IP
Tunnel
Serial1/0
Yes (ldp)
No

No No
Yes

Routing Table: MSSK
R


!!!!!
Routing Table: MSSK
101


.
Success rate is 0 percent (0/1)
!!!!!
R3#show bgp vpnv4 unicast all summary
Neighbor
V
State/PfxRcd
2.2.2.2
4
AS MsgRcvd MsgSent
100
14
14

0
0 00:09:30

Network
Next Hop
Route Distinguisher: 100:2
*>i 4.4.4.4/32
2.2.2.2
1 100
0?
*>i 4.4.4.4/32
2.2.2.2
1 100
0?
*> 5.5.5.5/32
192.1.35.5
1
32768 ?
*> 192.1.35.0
0.0.0.0
0
32768 ?
102

Neighbor
V
State/PfxRcd
3.3.3.3
4
AS MsgRcvd MsgSent
100
15
15

0
0 00:10:15

Network
Next Hop
*> 4.4.4.4/32
192.1.24.4
1
32768 ?
*>i 5.5.5.5/32
3.3.3.3
1 100
0?
*> 192.1.24.0
0.0.0.0
0
32768 ?
*>i 5.5.5.5/32
3.3.3.3
1 100
0?
R4#sh ip route rip
103

R
!!!!!
R5#sh ip route rip
R


!!!!!
104
MPLS AToM Eth to Eth

Network Diagram
Lo0
3.3.3.3/32
24
.0/
3
2
1.
2.
19
Lo0
2.2.2.2/32
Lo0
1.1.1.1/32
R2
OSPF Domain
Area 0
R3
LSP
IBGP
19
2.1
.3
4.
0/
24
R4
Lo0
4.4.4.4/32
F1/1
F1/1
F1/0 192.1.15.1/24
F1/0 192.1.15.5/24
R5
R1
Configurations
IGP Configuration
R2
router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 192.1.23.2 0.0.0.0 area 0
R3
router ospf 1
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 192.1.23.3 0.0.0.0 area 0
network 192.1.34.3 0.0.0.0 area 0
R4
router ospf 1
router-id 4.4.4.4
network 4.4.4.4 0.0.0.0 area 0
network 192.1.34.4 0.0.0.0 area 0
105
Lo0
5.5.5.5/32

R2
int f1/0
mpls ip
R3
int f1/0
mpls ip
int f1/1
mpls ip
R4
int f1/0
mpls ip
CE-CE routing Configuration
R1
router ospf 100
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 192.1.15.1 0.0.0.0 area 0
R5
router ospf 100
router-id 5.5.5.5
network 5.5.5.5 0.0.0.0 area 0
network 192.1.15.5 0.0.0.0 area 0
Pseudowire Configuration
R2
pseudowire-class MSSK
106
encapsulation mpls
int f1/1
xconnect 4.4.4.4 15 pw-class MSSK
R4
encapsulation mpls
int f1/1
Verifications
TCP connection: 3.3.3.3.54771 - 2.2.2.2.646
Up time: 00:05:07
FastEthernet1/0, Src IP addr: 192.1.23.3
192.1.23.3
192.1.34.3
3.3.3.3
TCP connection: 4.4.4.4.28399 - 2.2.2.2.646
Up time: 00:00:54
Targeted Hello 2.2.2.2 -> 4.4.4.4, active, passive
192.1.34.4
4.4.4.4
Local
Outgoing Prefix
Label
Label
or Tunnel Id
Switched
interface
16
0
Fa1/0
192.1.23.3
17
Pop Label 192.1.34.0/24 0
Fa1/0
192.1.23.3
18
17
4.4.4.4/32
0
Fa1/0
192.1.23.3
19
No Label l2ckt(1)
2213
Fa1/1
point2point
TCP connection: 3.3.3.3.646 - 4.4.4.4.54817
Up time: 00:05:09
107

192.1.23.3
192.1.34.3
3.3.3.3
TCP connection: 2.2.2.2.646 - 4.4.4.4.28399
Up time: 00:01:08
192.1.23.2
2.2.2.2
Local
Outgoing Prefix
Label
Label
or Tunnel Id
Switched
interface
16
16
2.2.2.2/32
0
Fa1/0
192.1.34.3
17
0
Fa1/0
192.1.34.3
18
Pop Label 192.1.23.0/24 0
Fa1/0
192.1.34.3
19
No Label l2ckt(1)
2570
Fa1/1
point2point
R2#show mpls l2transport summary
Destination address: 4.4.4.4, total number of vc: 1
0 unknown, 1 up, 0 down, 0 admin down, 0 recovering, 0 standby, 0 hotstandby
1 active vc on MPLS interface Fa1/0
R2#show mpls l2transport vc 15
Local intf
Local circuit
Dest address VC ID
Status
------------- -------------------------- --------------- ---------- ---------Fa1/1
Ethernet
4.4.4.4
15
UP
Local intf
Local circuit
Dest address VC ID
Status
------------- -------------------------- --------------- ---------- ---------Fa1/1
Ethernet
2.2.2.2
15
UP
108
Neighbor ID
5.5.5.5
Pri State
1 FULL/DR
Dead Time Address

00:00:35 192.1.15.5
Interface
FastEthernet1/0
R1#sh ip route ospf

O


!!!!!
1 192.1.15.5 20 msec * 20 msec
Neighbor ID
1.1.1.1
Pri State
1 FULL/BDR
Dead Time
00:00:31
Address
192.1.15.1
Interface
FastEthernet1/0
R5#sh ip route ospf

109

O


!!!!!
1 192.1.15.1 28 msec * 12 msec
R3#debug mpls packet
Packet debugging is on
R3#
*Sep 12 16:56:20.079: MPLS turbo: Fa1/1: rx: Len 120 Stack {16 0 255} {19 0
255} CW {f:0 l:0 s:0}
*Sep 12 16:56:20.083: MPLS turbo: Fa1/0: tx: Len 116 Stack {19 0 254} CW {f:0
l:0 s:0}
255} CW {f:0 l:0 s:0}
l:0 s:0}
255} CW {f:0 l:0 s:0}
l:0 s:0}
255} CW {f:0 l:0 s:0}
Local
Outgoing Prefix
Label
Label
or Tunnel Id
Switched
interface
16
15639
Fa1/0
192.1.23.2
17
15752
Fa1/1
192.1.34.4
R2#show mpls l2transport vc detail
Local interface: Fa1/1 up, line protocol up, Ethernet up
Destination address: 4.4.4.4, VC ID: 15, VC status: up
110
Output interface: Fa1/0, imposed label stack {17 19}

Preferred path: not configured
Default path: active
Next hop: 192.1.23.3
Create time: 00:05:28, last status change time: 00:05:25
Last label FSM state change time: 00:05:25
Signaling protocol: LDP, peer 4.4.4.4:0 up
Targeted Hello: 2.2.2.2(LDP Id) -> 4.4.4.4, LDP is UP
Status TLV support (local/remote) : enabled/supported
LDP route watch
: enabled
Label/status state machine
: established, LruRru
Last local dataplane status rcvd: No fault
Last BFD dataplane
status rcvd: Not sent
Last BFD peer monitor status rcvd: No fault
Last local AC circuit status rcvd: No fault
Last local AC circuit status sent: No fault
Last local PW i/f circ status rcvd: No fault
Last local LDP TLV
status sent: No fault
Last remote LDP TLV status rcvd: No fault
Last remote LDP ADJ status rcvd: No fault
MPLS VC labels: local 19, remote 19
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
Control Word: On (configured: autosense)
Dataplane:
SSM segment/switch IDs: 4097/4096 (used), PWID: 1
VC statistics:
transit packet totals: receive 102, send 100
transit byte totals: receive 10310, send 12738
transit packet drops: receive 0, seq error 0, send 0
Local
Outgoing Prefix
Label
Label
or Tunnel Id
Switched
interface
16
0
Fa1/0
192.1.23.3
17
Pop Label 192.1.34.0/24 0
Fa1/0
192.1.23.3
18
17
4.4.4.4/32
0
Fa1/0
192.1.23.3
19
No Label l2ckt(1)
10618
Fa1/1
point2point
111
MPLS AToM PPP to PPP

Network Diagram
Lo0
3.3.3.3/32
24
.0/
3
2
1.
2.
19
Lo0
2.2.2.2/32
Lo0
1.1.1.1/32
OSPF Domain
Area 0
R3
R2
19
2.1
.3
4.
0/
24
R4
Lo0
4.4.4.4/32
S2/0
S2/0
S1/0 192.1.15.1/24
S1/0 192.1.15.5/24
R5
R1
Configurations
IGP Configuration
R2
router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 192.1.23.2 0.0.0.0 area 0
R3
router ospf 1
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 192.1.23.3 0.0.0.0 area 0
network 192.1.34.3 0.0.0.0 area 0
R4
router ospf 1
router-id 4.4.4.4
network 4.4.4.4 0.0.0.0 area 0
network 192.1.34.4 0.0.0.0 area 0
112
Lo0
5.5.5.5/32

R2
int f1/0
mpls ip
R3
int f1/0
mpls ip
int f1/1
mpls ip
R4
int f1/0
mpls ip
CE-CE routing Configuration
R1
router ospf 100
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 192.1.15.1 0.0.0.0 area 0
R5
router ospf 100
router-id 5.5.5.5
network 5.5.5.5 0.0.0.0 area 0
network 192.1.15.5 0.0.0.0 area 0
R2
113
encapsulation mpls
int s2/0
R4
encapsulation mpls
int s2/0
Verifications
R2#sh mpls ldp neighbor
TCP connection: 3.3.3.3.47549 - 2.2.2.2.646
Up time: 00:02:20
192.1.23.3
192.1.34.3
3.3.3.3
TCP connection: 4.4.4.4.38194 - 2.2.2.2.646
Up time: 00:00:24
192.1.34.4
4.4.4.4
R2#sh mpls forwarding-table
Local
Outgoing Prefix
Label
Label
or Tunnel Id
Switched
interface
16
0
Fa1/0
192.1.23.3
17
Pop Label 192.1.34.0/24 0
Fa1/0
192.1.23.3
18
17
4.4.4.4/32
0
Fa1/0
192.1.23.3
19
No Label l2ckt(1)
1766
Se2/0
point2point
TCP connection: 3.3.3.3.646 - 4.4.4.4.13730
Up time: 00:02:35
114

192.1.23.3
192.1.34.3
3.3.3.3
TCP connection: 2.2.2.2.646 - 4.4.4.4.38194
Up time: 00:00:53
192.1.23.2
2.2.2.2
R4#sh mpls forwarding-table
Local
Outgoing Prefix
Label
Label
or Tunnel Id
Switched
interface
16
0
Fa1/0
192.1.34.3
17
16
2.2.2.2/32
0
Fa1/0
192.1.34.3
18
Pop Label 192.1.23.0/24 0
Fa1/0
192.1.34.3
19
No Label l2ckt(1)
2436
Se2/0
point2point
R2#sh mpls l2transport summary
R2#sh mpls l2transport vc 15
Local intf
Local circuit
Dest address VC ID
Status
------------- -------------------------- --------------- ---------- ---------Se2/0
PPP
4.4.4.4
15
UP
R4#sh mpls l2transport vc 15
Local intf
Local circuit
Dest address VC ID
Status
------------- -------------------------- --------------- ---------- ---------Se2/0
PPP
2.2.2.2
15
UP
115
Neighbor ID
5.5.5.5
Pri State
0 FULL/ -
Dead Time Address

00:00:38 192.1.15.5
Interface
Serial1/0
R1#sh ip route ospf

O

5.5.5.5 [110/65] via 192.1.15.5, 00:02:14, Serial1/0

!!!!!
1 192.1.15.5 24 msec * 16 msec
Neighbor ID
1.1.1.1
Pri State
0 FULL/ -
Dead Time Address

00:00:31 192.1.15.1
Interface
Serial1/0
R5#sh ip route ospf

116

O

1.1.1.1 [110/65] via 192.1.15.1, 00:02:53, Serial1/0

!!!!!
1 192.1.15.1 28 msec * 28 msec Fa1/1
117
point2point
MPLS Inter-AS Xconnect

Network Diagram
R2
F1/0
S2/0
P1/0
P1/0
R3
R4
F2/0
F1/0
F2/0
S1/0
R5
S2/0
S1/0
R1
AS100
AS200
Configurations
IGP Configuration
R2
router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 192.1.23.2 0.0.0.0 area 0
R3
router ospf 1
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 192.1.23.3 0.0.0.0 area 0
R4
router isis 1
net 49.0001.0000.0000.0004.00
int lo0
ip router isis 1
int f2/0
118
R6
ip router isis 1
R5
router isis 1
net 49.0001.0000.0000.0005.00
int lo0
ip router isis 1
int f1/0
ip router isis 1
R2
int f1/0
mpls ip
R3
int f2/0
mpls ip
R4
int f2/0
mpls ip
R5
int f1/0
mpls ip
119
Inter-AS BGP Configuration

R3
router bgp 100
address-family ipv4
network 3.3.3.3 mask 255.255.255.255
R4
router bgp 200
address-family ipv4
network 4.4.4.4 mask 255.255.255.255
R2
encapsulation mpls
int s2/0
R5
encapsulation mpls
int s2/0
Verifications
R3#sh ip bgp
Network
Next Hop

120
*> 3.3.3.3/32
*> 4.4.4.4/32
0.0.0.0
192.1.34.4
32768 i
0 200 i
R4#sh ip bgp
Network
*> 3.3.3.3/32
*> 4.4.4.4/32
Next Hop
192.1.34.3
0.0.0.0

0
0 100 i
0
32768 i

TCP connection: 3.3.3.3.62349 - 2.2.2.2.646
Up time: 00:05:52
192.1.34.3
192.1.23.3
3.3.3.3
TCP connection: 4.4.4.4.646 - 5.5.5.5.45835
Up time: 00:07:47
192.1.34.4
192.1.45.4
4.4.4.4
Local
Outgoing Prefix
Label
Label
or Tunnel Id
Switched
interface
16
0
Fa1/0
192.1.23.3
17
No Label l2ckt()
0
drop
Local
Outgoing Prefix
Label
Label
or Tunnel Id
Switched
interface
16
0
Fa1/0
192.1.45.4
121
17
No Label
l2ckt()
drop

Now, R2 (the PE in AS 100) does not know about the loopback of R5 (the PE in AS
200) and vice versa which are used to configure the xconnect peering, and in order
for MPLS to operate, LDP has to assign labels which is IGP responsibility, in order
for that to take place we will redistribute the routes in IGP (OSPF and ISIS in AS
100, 200 respectively) , as well we have to advertise R2 and R5 loopbacks in BGP
R3
router bgp 100
address-family ipv4
network 2.2.2.2 mask 255.255.255.255
ip prefix-list MSSK seq 5 permit 4.4.4.4/32
route-map MSSK permit 10
match ip address prefix-list MSSK
router ospf 1
redistribute bgp 100 subnets route-map MSSK
R4
router bgp 200
address-family ipv4
network 5.5.5.5 mask 255.255.255.255
route-map MSSK permit 10
match ip address prefix-list MSSK
router isis 1
redistribute bgp 200 route-map MSSK
R3#sh ip bgp
122

Network
*> 2.2.2.2/32
*> 3.3.3.3/32
*> 4.4.4.4/32
*> 5.5.5.5/32
Next Hop
192.1.23.2
0.0.0.0
192.1.34.4
192.1.34.4

2
32768 i
0
32768 i
0
0 200 i
20
0 200 i
R4#sh ip bgp
Network
*> 2.2.2.2/32
*> 3.3.3.3/32
*> 4.4.4.4/32
*> 5.5.5.5/32
Next Hop
192.1.34.3
192.1.34.3
0.0.0.0
192.1.45.5

2
0 100 i
0
0 100 i
0
32768 i
20
32768 i
R2#
*Sep 13 02:04:37.279: %LDP-5-NBRCHG: LDP Neighbor 5.5.5.5:0 (2) is UP
R5#
*Sep 13 02:04:37.803: %LDP-5-NBRCHG: LDP Neighbor 2.2.2.2:0 (2) is UP
TCP connection: 3.3.3.3.62349 - 2.2.2.2.646
Up time: 00:18:49
192.1.34.3
192.1.23.3
3.3.3.3
TCP connection: 5.5.5.5.52375 - 2.2.2.2.646
123
Up time: 00:02:54
192.1.45.5
5.5.5.5
TCP connection: 4.4.4.4.646 - 5.5.5.5.45835
Up time: 00:20:41
192.1.34.4
192.1.45.4
4.4.4.4
TCP connection: 2.2.2.2.646 - 5.5.5.5.52375
Up time: 00:03:11
192.1.23.2
2.2.2.2
R2#show mpls forwarding-table | inc 5.5.5.5
19
19
5.5.5.5/32
0
Fa1/0
192.1.23.3
R5#sh mpls forwarding-table | inc 2.2.2.2

18
18
2.2.2.2/32
0
Fa1/0
192.1.45.4
Now in order for the labels to be passed through the ASes, we have to configure the
BGP neighbors to send the labels
R3
router bgp 100
124
address-family ipv4
neighbor 192.1.34.4 send-label
R4
router bgp 200
address-family ipv4
R3
*Sep 13 02:13:01.135: %BGP_LMM-6-AUTOGEN1: The mpls bgp forwarding
command has been configured on interface: POS1/0
R4
*Sep 13 02:13:00.983: %BGP_LMM-6-AUTOGEN1: The mpls bgp forwarding
command has been configured on interface: POS1/0
Local intf
Local circuit
Dest address VC ID
Status
------------- -------------------------- --------------- ---------- ---------Se2/0
PPP
5.5.5.5
16
UP
Local intf
Local circuit
Dest address VC ID
Status
------------- -------------------------- --------------- ---------- ---------Se2/0
PPP
2.2.2.2
16
UP
R1#ping 192.1.16.6
!!!!!
R6#ping 192.1.16.1
!!!!!
125
MPLS L3VPN Inter-AS Option A

Network Diagram
AS100
R1
S1/0
S1/0
F2/0
F2/0
F1/0
F1/0
OSPF
A0
OSPF
A0
R4
R3
F1/1
F1/1
F1/0
F1/0
R5
R6
F1/1
R7
AS200
R2
F1/1
F1/0
F1/0
Configurations
VRF Configuration
R1
vrf definition MSSK
rd 100:1
address-family ipv4
int s1/0
vrf forwarding MSSK
ip address 192.1.12.1 255.255.255.0
126
R8
R2
vrf definition MSSK
rd 100:1
address-family ipv4
int s1/0
vrf forwarding MSSK
ip address 192.1.12.2 255.255.255.0
R5
vrf definition MSSK
rd 100:1
address-family ipv4
int f1/1
vrf forwarding MSSK
ip address 192.1.57.5 255.255.255.0
R6
vrf definition MSSK
rd 100:1
address-family ipv4
int f1/1
vrf forwarding MSSK
ip address 192.1.68.6 255.255.255.0
IGP Configuration
R1
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 192.1.13.1 0.0.0.0 area 0
127
R2
router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 192.1.24.2 0.0.0.0 area 0
R3
router ospf 1
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 192.1.13.3 0.0.0.0 area 0
network 192.1.35.3 0.0.0.0 area 0
R4
router ospf 1
router-id 4.4.4.4
network 4.4.4.4 0.0.0.0 area 0
network 192.1.24.4 0.0.0.0 area 0
network 192.1.46.4 0.0.0.0 area 0
R5
router ospf 1
router-id 5.5.5.5
network 5.5.5.5 0.0.0.0 area 0
network 192.1.35.5 0.0.0.0 area 0
R6
router ospf 1
router-id 6.6.6.6
network 6.6.6.6 0.0.0.0 area 0
network 192.1.46.6 0.0.0.0 area 0
R1
int f2/0
mpls ip
R2
128
int f2/0
mpls ip
R3
int f1/0
mpls ip
int f1/1
mpls ip
R4
int f1/0
mpls ip
int f1/1
mpls ip
R5
int f1/0
mpls ip
R6
int f1/0
mpls ip
R1
router bgp 100
129

R5
router bgp 100
R2
router bgp 100
R6
router bgp 100
R1
router rip
network 192.1.12.0
no auto-summary
version 2
R5
router rip
network 192.1.57.0
no auto-summary
version 2
R7
router rip
130
version 2
network 7.0.0.0
network 192.1.57.0
no auto-summary
R2
network 192.1.12.0
no auto-summary
version 2
R6
router rip
network 192.1.68.0
no auto-summary
version 2
R8
router rip
version 2
network 8.0.0.0
network 192.1.68.0
no auto-summary
VPN Configuration
R1
router rip
router bgp 100
redistribute rip
R2
router rip
router bgp 200
redistribute rip
131
R5
router rip
router bgp 100
network 192.1.57.0
redistribute rip
R6
router rip
network 192.1.68.0
redistribute rip
Verifications
Neighbor
V
State/PfxRcd
5.5.5.5
4
AS MsgRcvd MsgSent
100
31
28

0
0 00:21:36

132
Network
Next Hop
*>i 7.7.7.7/32
5.5.5.5
1 100
0?
*> 8.8.8.8/32
192.1.12.2
1
32768 ?
*> 192.1.12.0
0.0.0.0
0
32768 ?
*> 192.1.12.2/32 0.0.0.0
0
32768 ?
*>i 192.1.57.0
5.5.5.5
0 100
0i
*> 192.1.68.0
192.1.12.2
1
32768 ?
Neighbor
V
State/PfxRcd
6.6.6.6
4
AS MsgRcvd MsgSent
200
30
29

0
0 00:20:56

Network
Next Hop
*> 7.7.7.7/32
192.1.12.1
1
32768 ?
*>i 8.8.8.8/32
6.6.6.6
1 100
0?
*> 192.1.12.0
0.0.0.0
0
32768 ?
*> 192.1.12.1/32 0.0.0.0
0
32768 ?
*> 192.1.57.0
192.1.12.1
1
32768 ?
*>i 192.1.68.0
6.6.6.6
0 100
0i
133

Neighbor
V
State/PfxRcd
1.1.1.1
4
AS MsgRcvd MsgSent
100
28
32
11

0
0 00:22:00

Network
Next Hop
*> 7.7.7.7/32
192.1.57.7
1
32768 ?
*>i 8.8.8.8/32
1.1.1.1
1 100
0?
*>i 192.1.12.0
1.1.1.1
0 100
0?
*>i 192.1.12.2/32 1.1.1.1
0 100
0?
*> 192.1.57.0
0.0.0.0
0
32768 i
*>i 192.1.68.0
1.1.1.1
1 100
0?
Neighbor
V
State/PfxRcd
2.2.2.2
4
AS MsgRcvd MsgSent
200
29
31
11
134

0
0 00:21:18

Network
Next Hop
*>i 7.7.7.7/32
2.2.2.2
1 100
0?
*> 8.8.8.8/32
192.1.68.8
1
32768 ?
*>i 192.1.12.0
2.2.2.2
0 100
0?
*>i 192.1.12.1/32 2.2.2.2
0 100
0?
*>i 192.1.57.0
2.2.2.2
1 100
0?
*> 192.1.68.0
0.0.0.0
0
32768 i
R7#sh ip route rip
R
R
R
R


!!!!!
135

1 192.1.57.5 16 msec 12 msec 16 msec
4 192.1.12.2 60 msec 52 msec 44 msec
7 192.1.68.8 88 msec * 88 msec
R8#sh ip route rip
R
R
R
R


!!!!!
1 192.1.68.6 4 msec 16 msec 12 msec
4 192.1.12.1 76 msec 52 msec 44 msec
136

7 192.1.57.7 104 msec * 120 msec
Local
Outgoing Prefix
Label
Label
or Tunnel Id
Switched
interface
17
0
Fa2/0
192.1.13.3
18
Pop Label 192.1.35.0/24 0
Fa2/0
192.1.13.3
19
17
5.5.5.5/32
0
Fa2/0
192.1.13.3
20
No Label 192.1.12.0/24[V] 0
aggregate/MSSK
21
No Label 192.1.12.2/32[V] 0
Se1/0
point2point
22
No Label 8.8.8.8/32[V] 4548
Se1/0
point2point
23
No Label 192.1.68.0/24[V] 0
Se1/0
point2point
Local
Outgoing Prefix
Label
Label
or Tunnel Id
Switched
interface
17
0
Fa2/0
192.1.24.4
18
Pop Label 192.1.46.0/24 0
Fa2/0
192.1.24.4
19
17
6.6.6.6/32
0
Fa2/0
192.1.24.4
20
No Label 7.7.7.7/32[V] 3116
Se1/0
point2point
21
No Label 192.1.12.0/24[V] 0
aggregate/MSSK
22
No Label 192.1.12.1/32[V] 0
Se1/0
point2point
23
No Label 192.1.57.0/24[V] 1684
Se1/0
point2point
137
MPLS L3VPN Inter-AS Option B

Network Diagram
AS100
R1
S1/0
S1/0
F2/0
F2/0
F1/0
F1/0
OSPF
A0
OSPF
A0
R4
R3
F1/1
F1/1
F1/0
F1/0
R5
R6
F1/1
R7
AS200
R2
F1/1
F1/0
F1/0
Configurations
VRF Configuration
R5
vrf definition MSSK
rd 100:1
address-family ipv4
int f1/1
vrf forwarding MSSK
ip address 192.1.57.5 255.255.255.0
138
R8
R6
vrf definition MSSK
rd 100:1
address-family ipv4
int f1/1
vrf forwarding MSSK
ip address 192.1.68.6 255.255.255.0
IGP Configuration
R1
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 192.1.13.1 0.0.0.0 area 0
R2
router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 192.1.24.2 0.0.0.0 area 0
R3
router ospf 1
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 192.1.13.3 0.0.0.0 area 0
network 192.1.35.3 0.0.0.0 area 0
R4
router ospf 1
router-id 4.4.4.4
network 4.4.4.4 0.0.0.0 area 0
network 192.1.24.4 0.0.0.0 area 0
network 192.1.46.4 0.0.0.0 area 0
R5
router ospf 1
router-id 5.5.5.5
139
network 5.5.5.5 0.0.0.0 area 0

network 192.1.35.5 0.0.0.0 area 0
R6
router ospf 1
router-id 6.6.6.6
network 6.6.6.6 0.0.0.0 area 0
network 192.1.46.6 0.0.0.0 area 0
R1
int f2/0
mpls ip
R2
int f2/0
mpls ip
R3
int f1/0
mpls ip
int f1/1
mpls ip
R4
int f1/0
mpls ip
int f1/1
mpls ip
140
R5
int f1/0
mpls ip
R6
int f1/0
mpls ip
R1
router bgp 100
R5
router bgp 100
R2
router bgp 200
141
neighbor
neighbor
neighbor
neighbor
neighbor
6.6.6.6 activate
6.6.6.6 send-community both
6.6.6.6 next-hop-self
192.1.12.1 activate
192.1.12.1 send-community both
R6
router bgp 200
R5
router rip
network 192.1.57.0
no auto-summary
version 2
R7
router rip
version 2
network 7.0.0.0
network 192.1.57.0
no auto-summary
R6
router rip
network 192.1.68.0
no auto-summary
version 2
R8
router rip
version 2
network 8.0.0.0
network 192.1.68.0
no auto-summary
142
VPN Configuration
R5
router rip
router bgp 100
network 192.1.57.0
redistribute rip
R6
router rip
router bgp 200
network 192.1.68.0
redistribute rip
Verifications
Neighbor
V
State/PfxRcd
5.5.5.5
4
192.1.12.2
4
AS MsgRcvd MsgSent
100
200

5
0 00:03:10
0 0 00:02:59

143

Network
Next Hop
*>i 7.7.7.7/32
5.5.5.5
*> 8.8.8.8/32
192.1.12.2
*>i 192.1.57.0
5.5.5.5
*> 192.1.68.0
192.1.12.2

1
100
100
0?
0 200 ?
0i
0 200 i

Neighbor
V
State/PfxRcd
6.6.6.6
4
192.1.12.1
4
AS MsgRcvd MsgSent
200
100

5
0 00:03:12
0 00:03:12

Network
Next Hop
*> 7.7.7.7/32
192.1.12.1
*>i 8.8.8.8/32
6.6.6.6
*> 192.1.57.0
192.1.12.1
*>i 192.1.68.0
6.6.6.6

1
100
100
144
0 100 ?
0?
0 100 i
0i

Neighbor
V
State/PfxRcd
1.1.1.1
4
AS MsgRcvd MsgSent
100
10

0
0 00:03:34

Network
Next Hop
*> 7.7.7.7/32
192.1.57.7
1
32768 ?
*>i 8.8.8.8/32
1.1.1.1
0 100
0 200 ?
*> 192.1.57.0
0.0.0.0
0
32768 i
*>i 192.1.68.0
1.1.1.1
0 100
0 200 i
145
Neighbor
V
State/PfxRcd
1.1.1.1
4
AS MsgRcvd MsgSent
100
10

0
0 00:03:34

Network
Next Hop
*> 7.7.7.7/32
192.1.57.7
1
32768 ?
*>i 8.8.8.8/32
1.1.1.1
0 100
0 200 ?
*> 192.1.57.0
0.0.0.0
0
32768 i
*>i 192.1.68.0
1.1.1.1
0 100
0 200 i
Network
Next Hop
*> 7.7.7.7/32
192.1.57.7
1
32768 ?
*> 192.1.57.0
0.0.0.0
0
32768 i
146

Neighbor
V
State/PfxRcd
2.2.2.2
4
AS MsgRcvd MsgSent
200
10

0
0 00:03:34

Network
Next Hop
*>i 7.7.7.7/32
2.2.2.2
0 100
0 100 ?
*> 8.8.8.8/32
192.1.68.8
1
32768 ?
*>i 192.1.57.0
2.2.2.2
0 100
0 100 i
*> 192.1.68.0
0.0.0.0
0
32768 i
Network
Next Hop
*> 8.8.8.8/32
192.1.68.8
1
32768 ?
*> 192.1.68.0
0.0.0.0
0
32768 i
R7#sh ip route rip
147

R
R


!!!!!
1 192.1.57.5 8 msec 8 msec 8 msec
7 192.1.68.8 84 msec * 136 msec
R8#sh ip route rip
R
R


148

!!!!!
1 192.1.68.6 12 msec 12 msec 8 msec
7 192.1.57.7 76 msec * 84 msec
149
Carrier supporting Carrier (CSC)

Network Diagram
R7
F1/0
RIPv2
F1/1
R5
F1/0
OSPF 1
F1/1
R3 F1/0
P1/0
P1/0
R1
R2
F1/0
R4
F2/0
F2/0
F2/0
OSPF 1
F1/0
F1/0
R6
F1/1
EIGRP 68
F1/0
F1/1
AS100
AS200
R9
F1/1
RIPv2
F1/0
R10
R8
Configurations
VRF Configuration
R3
vrf definition ABC
rd 100:1
address-family ipv4
150

vrf forwarding ABC
ip address 192.1.35.3 255.255.255.0
vrf forwarding ABC
ip address 192.1.36.3 255.255.255.0
R4
vrf definition ABC
rd 200:1
address-family ipv4
vrf forwarding ABC
ip address 192.1.49.4 255.255.255.0
IGP Configuration
R1
router isis 1
net 49.0001.0000.0000.0001.00
ip router isis 1
R2
router isis 1
net 49.0002.0000.0000.0002.00
ip router isis 1
151
R3
router isis 1
net 49.0001.0000.0000.0003.00
ip router isis 1
R4
router isis 1
net 49.0002.0000.0000.0004.00
ip router isis 1
R1
mpls ip
R2
mpls ip
R3
mpls ip
R4
152
mpls ip
R1
router bgp 100
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 route-reflector-client
R2
router bgp 200
R3
router bgp 100
153
R4
router bgp 200
R3
router ospf 1 vrf ABC
router-id 192.1.1.3
network 192.1.35.3 0.0.0.0 area 0
network 192.1.36.3 0.0.0.0 area 0
R4
router-id 192.1.1.4
network 192.1.49.4 0.0.0.0 area 0
R5
router ospf 1
router-id 192.1.1.5
network 192.1.35.5 0.0.0.0 area 0
network 192.1.1.5 0.0.0.0 area 0
R6
router ospf 1
router-id 192.1.1.6
network 192.1.1.6 0.0.0.0 area 0
network 192.1.36.6 0.0.0.0 area 0
R9
router ospf 1
router-id 192.1.1.9
network 192.1.1.9 0.0.0.0 area 0
network 192.1.49.9 0.0.0.0 area 0
VPN Configuration
R2
router eigrp 1
154
address-family ipv4 vrf MSSK autonomous-system 1

redistribute bgp 100 metric 10000 1 255 1 1500
router bgp 100
redistribute eigrp 1
R3
router bgp 100
address-family ipv4 vrf ABC
redistribute ospf 1 vrf ABC
network 192.1.35.0 mask 255.255.255.0
network 192.1.36.0 mask 255.255.255.0
R4
router bgp 200
redistribute ospf 1 vrf ABC
network 192.1.49.0 mask 255.255.255.0
Verifications
Neighbor ID
Pri State
Dead Time Address
Interface
192.1.1.3
1 FULL/BDR
00:00:39 192.1.35.3
FastEthernet1/0
R5#sh ip route ospf
O
O

155
R5#ping 192.1.1.6 sou

!!!!!
1 192.1.35.3 28 msec 12 msec 12 msec
2 192.1.36.6 48 msec * 28 msec
Neighbor ID
192.1.1.3
Pri State
1 FULL/BDR
Dead Time Address

00:00:31 192.1.36.3
Interface
FastEthernet1/0
R6#sh ip route ospf

O
O


!!!!!
156

1 192.1.36.3 20 msec 12 msec 20 msec
2 192.1.35.5 44 msec * 36 msec
Neighbor ID
192.1.1.4
Pri State
1 FULL/DR
Dead Time
00:00:39
Address
192.1.49.4
Interface
FastEthernet1/0
R9#sh ip route ospf

Why R9 is not learning any routes from AS 100 ?
First , our VRF in AS 100 has to be configured to import the value from AS 200 and
vice versa
R3
vrf definition ABC
address-family ipv4
R4
vrf definition ABC
address-family ipv4
Next, our EBGP speakers will filter route-target by default
R1
router bgp 200
no bgp default route-target filter
R2
router bgp 200
157
no bgp default route-target filter

R9#sh ip route ospf
O
O
O
O

IA
IA
IA 192.1.35.0/24 [110/2] via 192.1.49.4, 00:00:06, FastEthernet1/0
R9#sh ip route ospf

O
O
O
O

IA
IA

!!!!!
158

!!!!!
1 192.1.49.4 12 msec 24 msec 12 msec
5 192.1.35.5 80 msec * 76 msec
1 192.1.49.4 20 msec 16 msec 16 msec
5 192.1.36.6 64 msec * 60 msec
Now , we have achieved connectivity between our first customer sites , let us move
to our customers customer which will be referred to via VRF MSSK
VRF Configuration
R5
vrf definition MSSK
rd 300:1
address-family ipv4
vrf forwarding MSSK
ip address 192.1.57.5 255.255.255.0
R6
vrf definition MSSK
159
rd 300:1
address-family ipv4
vrf forwarding MSSK
ip address 192.1.68.6 255.255.255.0
R9
vrf definition MSSK
rd 300:1
address-family ipv4
vrf forwarding MSSK
ip address 192.1.109.9 255.255.255.0
R3
int FastEthernet1/1
mpls ip
int FastEthernet2/0
mpls ip
R4
int FastEthernet 1/1
mpls ip
R5
mpls ip
R6
mpls ip
160
R9
mpls ip
R5
router bgp 100
neighbor 192.1.1.9 ebgp-multihop 255
neighbor 192.1.1.9 next-hop-unchanged
R6
router bgp 100
R9
router bgp 200
neighbor 192.1.1.5 ebgp-multihop 255
161

neighbor 192.1.1.5 next-hop-unchanged
PE-CE routing Configuration
R5
router rip
no auto-summary
version 2
network 192.1.57.0
R7
router rip
no auto-summary
version 2
network 172.1.0.0
network 192.1.57.0
R6
router eigrp 68
no auto-summary
network 192.1.68.0
R8
router eigrp 68
no auto-summary
network 172.1.0.0
network 192.1.68.0
R9
router rip
no auto-summary
version 2
network 192.1.109.0
R10
router rip
no auto-summary
version 2
network 172.1.0.0
network 192.1.109.0
162
VPN Configuration
R5
router rip
router bgp 100
redistribute rip
R6
router eigrp 68
redistribute bgp 100
default-metric 10000 1000 255 1 1500
router bgp 100
R9
router rip
router bgp 200
redistribute rip
Verification
Routing Table: MSSK
163


!!!!!
R6#sh ip eigrp vrf MSSK neighbors
EIGRP-IPv4 Neighbors for AS(68) VRF(MSSK)
H Address
Interface
Hold Uptime SRTT RTO Q Seq
(sec)
(ms)
Cnt Num
0 192.1.68.8
Fa1/1
12 00:08:45 1038 5000 0 4
R6#sh ip route vrf MSSK eigrp
Routing Table: MSSK
D


!!!!!
Routing Table: MSSK
164

R


!!!!!
Neighbor
V
State/PfxRcd
192.1.1.6
4
192.1.1.9
4
AS MsgRcvd MsgSent
100
200
11
11
12
12
11
11
0
0
0 00:06:37
0 00:06:28
2
2

Network
Next Hop
165
*>
*>i
*>
*>
*>i
*>
172.1.1.7/32
192.1.57.7
172.1.1.8/32
192.1.1.6
172.1.1.10/32 192.1.1.9
192.1.57.0
0.0.0.0
192.1.68.0
192.1.1.6
192.1.109.0
192.1.1.9
1
32768 ?
156160 100
0?
1
0 200 ?
0
32768 ?
0 100
0?
0
0 200 ?

Neighbor
V
State/PfxRcd
192.1.1.5
4
AS MsgRcvd MsgSent
100
13
12
11
0 00:06:51

Network
Next Hop
*>i 172.1.1.7/32
192.1.1.5
1 100
0?
*> 172.1.1.8/32
192.1.68.8
156160
32768 ?
*>i 172.1.1.10/32 192.1.1.9
1 100
0 200 ?
*>i 192.1.57.0
192.1.1.5
0 100
0?
*> 192.1.68.0
0.0.0.0
0
32768 ?
*>i 192.1.109.0
192.1.1.9
0 100
0 200 ?
166

Neighbor
V
State/PfxRcd
192.1.1.5
4
AS MsgRcvd MsgSent
100
13
12
11
0 00:06:53

Network
Next Hop
*> 172.1.1.7/32
192.1.1.5
1
0 100 ?
*> 172.1.1.8/32
192.1.1.6
0 100 ?
*> 172.1.1.10/32 192.1.109.10
1
32768 ?
*> 192.1.57.0
192.1.1.5
0
0 100 ?
*> 192.1.68.0
192.1.1.6
0 100 ?
*> 192.1.109.0
0.0.0.0
0
32768 ?
167
MPLS TE with OSPF

Network Diagram
R6
RIPv2
R7
F1/0
F1/0
F1/1
F1/1
R4
F2/0
F1/0
R1
R2
F1/0
F1/0
RIPv2
R5
F2/0
F1/0
F1/1
F1/1
F1/0
R3
Configurations
VRF Configuration
R4
vrf definition MSSK
rd 100:1
address-family ipv4
int f1/1
vrf forwarding MSSK
ip address 192.1.46.4 255.255.255.0
R5
vrf definition MSSK
rd 100:1
address-family ipv4
168
F1/1
OSPF A0
AS 100

int f1/1
vrf forwarding MSSK
ip address 192.1.57.5 255.255.255.0
IGP Configuration
R1
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 192.1.12.1 0.0.0.0 area 0
network 192.1.13.1 0.0.0.0 area 0
network 192.1.14.1 0.0.0.0 area 0
R2
router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 192.1.12.2 0.0.0.0 area 0
network 192.1.23.2 0.0.0.0 area 0
network 192.1.25.2 0.0.0.0 area 0
R3
router ospf 1
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 192.1.13.3 0.0.0.0 area 0
network 192.1.23.3 0.0.0.0 area 0
R4
router ospf 1
router-id 4.4.4.4
network 4.4.4.4 0.0.0.0 area 0
network 192.1.14.4 0.0.0.0 area 0
R5
router ospf 1
router-id 5.5.5.5
network 5.5.5.5 0.0.0.0 area 0
network 192.1.25.5 0.0.0.0 area 0
169
R4
router bgp 100
R5
router bgp 100
R4
router rip
network 192.1.46.0
no auto-summary
version 2
R6
router rip
version 2
network 6.0.0.0
network 192.1.46.0
no auto-summary
R5
router rip
network 192.1.57.0
no auto-summary
version 2
R7
router rip
170
version 2
network 7.0.0.0
network 192.1.57.0
no auto-summary
VPN Configuration
R4
router rip
router bgp 100
redistribute rip
network 192.1.46.0
R5
router rip
router bgp 100
redistribute rip
network 192.1.57.0
MPLS TE Configuration
R1
mpls traffic-eng tunnels
ip rsvp bandwidth
ip address 192.1.13.1 255.255.255.0
ip rsvp bandwidth
ip rsvp bandwidth
router ospf 1
mpls traffic-eng router-id Loopback0
171
mpls traffic-eng area 0

R2
ip rsvp bandwidth
ip rsvp bandwidth
ip rsvp bandwidth
router ospf 1
R3
ip rsvp bandwidth
ip rsvp bandwidth
router ospf 1
R4
ip rsvp bandwidth
router ospf 1
interface Tunnel0
ip unnumbered Loopback0
tunnel mode mpls traffic-eng
tunnel destination 5.5.5.5
172
tunnel mpls traffic-eng autoroute announce

tunnel mpls traffic-eng path-option 1 dynamic
R5
ip rsvp bandwidth
router ospf 1
interface Tunnel0
Verifications
Neighbor
V
State/PfxRcd
5.5.5.5
4
AS MsgRcvd MsgSent
100
77
77

0
0 01:05:24

173
Network
Next Hop
*> 6.6.6.6/32
192.1.46.6
1
32768 ?
*>i 7.7.7.7/32
5.5.5.5
1 100
0?
*> 192.1.46.0
0.0.0.0
0
32768 i
*>i 192.1.57.0
5.5.5.5
0 100
0i
Neighbor
V
State/PfxRcd
4.4.4.4
4
AS MsgRcvd MsgSent
100
77
77

0
0 01:05:37

Network
Next Hop
*>i 6.6.6.6/32
4.4.4.4
1 100
0?
*> 7.7.7.7/32
192.1.57.7
1
32768 ?
*>i 192.1.46.0
4.4.4.4
0 100
0i
*> 192.1.57.0
0.0.0.0
0
32768 i
Local
Outgoing Prefix
Bytes Label
Label
Label
or Tunnel Id
Switched
R4#sh int tun 0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
174
Outgoing Next Hop

interface
Interface is unnumbered. Using address of Loopback0 (4.4.4.4)

MTU 17936 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 4.4.4.4, destination 5.5.5.5
Tunnel protocol/transport Label Switching
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input never, output 00:00:02, output hang never
Last clearing of "show interface" counters 00:45:54
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
119 packets output, 6902 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
R5#show interfaces tunnel 0
Hardware is Tunnel
Interface is unnumbered. Using address of Loopback0 (5.5.5.5)
MTU 17936 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 5.5.5.5, destination 4.4.4.4
Tunnel protocol/transport Label Switching
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input never, output 00:00:03, output hang never
Last clearing of "show interface" counters 00:45:39
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
175
Received 0 broadcasts (0 IP multicasts)

0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
118 packets output, 7915 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
R4#show mpls traffic-eng tunnels summary
Signalling Summary:
LSP Tunnels Process:
running
Passive LSP Listener:
running
RSVP Process:
running
Forwarding:
enabled
Periodic reoptimization:
every 3600 seconds, next in 2931 seconds
Periodic FRR Promotion:
Not Running
Periodic auto-bw collection: every 300 seconds, next in 231 seconds
P2P:
Head: 1 interfaces, 1 active signalling attempts, 1 established
1 activations, 0 deactivations
1 failed activations
0 SSO recovery attempts, 0 SSO recovered
Midpoints: 0, Tails: 1
P2MP:
0 sub-LSP activations, 0 sub-LSP deactivations
0 LSP successful activations, 0 LSP deactivations
0 SSO recovery attempts, LSP recovered: 0 full, 0 partial, 0 fail
R4#show mpls traffic-eng tunnels tunnel 0
Name: R4_t0
(Tunnel0) Destination: 5.5.5.5
Status:
Admin: up
Oper: up
Path: valid
Signalling: connected
path option 1, type dynamic (Basis for Setup, path weight 3)
Config Parameters:
Bandwidth: 0
kbps (Global) Priority: 7 7 Affinity: 0x0/0xFFFF
Metric Type: TE (default)
AutoRoute: enabled LockDown: disabled Loadshare: 0 [0] bw-based
auto-bw: disabled
Active Path Option Parameters:
State: dynamic path option 1 is active
176
BandwidthOverride: disabled LockDown: disabled Verbatim: disabled

InLabel : OutLabel : FastEthernet1/0, 16
Next Hop : 192.1.14.1
RSVP Signalling Info:
Src 4.4.4.4, Dst 5.5.5.5, Tun_Id 0, Tun_Instance 1
RSVP Path Info:
My Address: 192.1.14.4
Explicit Route: 192.1.14.1 192.1.12.1 192.1.12.2 192.1.25.2
192.1.25.5 5.5.5.5
Record Route: NONE
Tspec: ave rate=0 kbits, burst=1000 bytes, peak rate=0 kbits
RSVP Resv Info:
Record Route: NONE
Fspec: ave rate=0 kbits, burst=1000 bytes, peak rate=0 kbits
Shortest Unconstrained Path Info:
Path Weight: 3 (TE)
Explicit Route: 192.1.14.4 192.1.14.1 192.1.12.1 192.1.12.2
192.1.25.2 192.1.25.5 5.5.5.5
History:
Tunnel:
Time since created: 46 minutes, 31 seconds
Time since path change: 46 minutes, 19 seconds
Number of LSP IDs (Tun_Instances) used: 1
Current LSP: [ID: 1]
Uptime: 46 minutes, 19 seconds
Signalling Summary:
running
running
RSVP Process:
running
Forwarding:
enabled
Not Running
P2P:
1 failed activations
177
P2MP:
R5#show mpls traffic-eng tunnels tunnel 0
Name: R5_t0
Status:
Admin: up
Oper: up
Path: valid
path option 1, type dynamic (Basis for Setup, path weight 3)
Config Parameters:
Bandwidth: 0
auto-bw: disabled
State: dynamic path option 1 is active
Next Hop : 192.1.25.2
RSVP Path Info:
Explicit Route: 192.1.25.2 192.1.12.2 192.1.12.1 192.1.14.1
192.1.14.4 4.4.4.4
Record Route: NONE
RSVP Resv Info:
Record Route: NONE
Shortest Unconstrained Path Info:
Path Weight: 3 (TE)
Explicit Route: 192.1.25.5 192.1.25.2 192.1.12.2 192.1.12.1
192.1.14.1 192.1.14.4 4.4.4.4
History:
Tunnel:
178

R4#show mpls forwarding-table detail
Local
Outgoing Prefix
Label
Label
or Tunnel Id
Switched
interface
16
No Label 192.1.46.0/24[V] 3512
aggregate/MSSK
MAC/Encaps=0/0, MRU=0, Label Stack{}
VPN route: MSSK
No output feature configured
17
No Label 6.6.6.6/32[V] 4754
Fa1/1
192.1.46.6
CA0520C7001CCA0320B7001D0800
VPN route: MSSK
R5#show mpls forwarding-table detail
Local
Outgoing Prefix
Label
Label
or Tunnel Id
Switched
interface
16
No Label 192.1.57.0/24[V] 2942
aggregate/MSSK
VPN route: MSSK
17
No Label 7.7.7.7/32[V] 4764
Fa1/1
192.1.57.7
CA0620D7001CCA0420C7001D0800
VPN route: MSSK
R1#sh ip rsvp neighbor
Neighbor
Encapsulation Time since msg rcvd/sent
192.1.12.2
Raw IP
00:00:13 00:00:07
192.1.14.4
Raw IP
00:00:05 00:00:21
* Neighbors inactive for more than one hour are not shown.
Use the "inactive" keyword to display them.
R2#show ip rsvp neighbor
Neighbor
192.1.12.1
Raw IP
00:00:15 00:00:06
192.1.25.5
Raw IP
00:00:06 00:00:11
179

R3#sh ip rsvp neighbor
Neighbor
R6#sh ip route rip
R
R

R6#ping 7.7.7.7
!!!!!
1 192.1.46.4 16 msec 12 msec 12 msec
5 192.1.57.7 92 msec * 60 msec
R7#sh ip route rip
180

R
R

R7#ping 6.6.6.6
!!!!!
1 192.1.57.5 8 msec 12 msec 8 msec
5 192.1.46.6 48 msec * 76 msec
181
MPLS 6PE
Network Diagram
Lo0
1.1.1.1/32
S1/0
2001:db8:24::/64
192.1.12.0/24
Lo0
2.2.2.2/32
Lo0
4.4.4.4/32
2001:db8::4/128
R2
R1
S1/1
LSP
IBGP
F2/0
19
2.1
.13
.0/
24
S1/0
Lo0
3.3.3.3/32
R3
F2/0
Static
Static
F1/0
F1/0
R5
R4
Configurations
VRF Configuration
R2
ip vrf MSSK
rd 100:1
int f2/0
ip vrf forwarding MSSK
ip address 192.1.24.2 255.255.255.0
R3
ip vrf MSSK
rd 100:1
int f2/0
182
192.1.45.0/24
2001:db8:35::/64
2
19
24
.0/ S1/0
2
1
.1.
OSPF Domain
Area 0
Lo0
5.5.5.5/32
2001:db8::5/128
ip address 192.1.35.3 255.255.255.0

IPv6 Addressing Configuration
R2
ipv6 unicast-routing
ipv6 cef
ipv6 address 2001:DB8:24::2/64
R3
ipv6 cef
R4
ipv6 cef
interface Loopback0
ipv6 address 2001:DB8::4/128
R5
ipv6 cef
interface Loopback0
IGP Configuration
R1
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 192.1.12.1 0.0.0.0 area 0
183
network 192.1.13.1 0.0.0.0 area 0

R2
router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 192.1.12.2 0.0.0.0 area 0
R3
router ospf 1
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 192.1.13.3 0.0.0.0 area 0
R1
int s1/0
mpls ip
int s1/1
mpls ip
R2
int s1/0
mpls ip
R3
int s1/0
mpls ip
R2
router bgp 100
184

R3
router bgp 100
R2
ipv6 route 2001:DB8::4/128 2001:DB8:24::4
R4
ipv6 route ::/0 2001:DB8:24::2
R3
ipv6 route 2001:DB8::5/128 2001:DB8:35::5
R5
ipv6 route ::/0 2001:DB8:35::3
VPN Configuration
R2
router bgp 100
address-family ipv6
network 2001:DB8:24::/64
redistribute static
R3
router bgp 100
address-family ipv6
network 2001:DB8:35::/64
185
redistribute static
Verifications
R2#show bgp ipv6 unicast summary
Neighbor
V
State/PfxRcd
3.3.3.3
4
AS MsgRcvd MsgSent
100
62
55

0
0 00:36:51
R2#show bgp ipv6 unicast

Network
Next Hop
*> 2001:DB8::4/128 2001:DB8:24::4
0
32768 ?
*>i 2001:DB8::5/128 ::FFFF:3.3.3.3
0 100
0?
*> 2001:DB8:24::/64 ::
0
32768 i
*>i 2001:DB8:35::/64 ::FFFF:3.3.3.3
0 100
0i
R3#show bgp ipv6 unicast summary
186
Neighbor
V
State/PfxRcd
2.2.2.2
4
AS MsgRcvd MsgSent
100
55
62

0
0 00:37:11
R3#show bgp ipv6 unicast

Network
Next Hop
*>i 2001:DB8::4/128 ::FFFF:2.2.2.2
0 100
0?
*> 2001:DB8::5/128 2001:DB8:35::5
0
32768 ?
*>i 2001:DB8:24::/64 ::FFFF:2.2.2.2
0 100
0i
*> 2001:DB8:35::/64 ::
0
32768 i
R4#sh ipv6 route
IPv6 Routing Table - default - 5 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, R - RIP, H - NHRP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, ND - ND Default, NDp - ND Prefix, DCE - Destination
NDr - Redirect, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2, l - LISP
S ::/0 [1/0]
via 2001:DB8:24::2
LC 2001:DB8::4/128 [0/0]
via Loopback0, receive
C 2001:DB8:24::/64 [0/0]
via FastEthernet1/0, directly connected
L 2001:DB8:24::4/128 [0/0]
via FastEthernet1/0, receive
L FF00::/8 [0/0]
via Null0, receive
R4#ping 2001:DB8::5 source lo0
Sending 5, 100-byte ICMP Echos to 2001:DB8::5, timeout is 2 seconds:
Packet sent with a source address of 2001:DB8::4
!!!!!
187
R5#sh ipv6 route

S ::/0 [1/0]
via 2001:DB8:35::3
LC 2001:DB8::5/128 [0/0]
C 2001:DB8:35::/64 [0/0]
L 2001:DB8:35::5/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive
!!!!!
188
MPLS 6VPE
Network Diagram
Lo0
1.1.1.1/32
S1/0
2001:db8:24::/64
192.1.12.0/24
Lo0
2.2.2.2/32
Lo0
4.4.4.4/32
2001:db8::4/128
R2
R1
S1/1
LSP
IBGP
F2/0
19
2.1
.13
.0/
24
S1/0
R3
F2/0
Static
Static
F1/0
F1/0
R5
R4
Configurations
VRF Configuration
R2
vrf definition MSSK
rd 100:1
address-family ipv4
route-target export
route-target import
address-family ipv6
route-target export
route-target import
Lo0
3.3.3.3/32
100:1
100:1
100:1
100:1
int f2/0
vrf forwarding MSSK
ip address 192.1.24.2 255.255.255.0
R3
vrf definition MSSK
rd 100:1
address-family ipv4
189
192.1.45.0/24
2001:db8:35::/64
2
19
24
.0/ S1/0
2
1
.1.
OSPF Domain
Area 0
Lo0
5.5.5.5/32
2001:db8::5/128
route-target export
route-target import
address-family ipv6
route-target export
route-target import
100:1
100:1
100:1
100:1
int f2/0
vrf forwarding MSSK
ip address 192.1.35.3 255.255.255.0
IPv6 Addressing Configuration
R2
ipv6 cef
R3
ipv6 cef
R4
ipv6 cef
interface Loopback0
R5
ipv6 cef
interface Loopback0
190
IGP Configuration
R1
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 192.1.12.1 0.0.0.0 area 0
network 192.1.13.1 0.0.0.0 area 0
R2
router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 192.1.12.2 0.0.0.0 area 0
R3
router ospf 1
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 192.1.13.3 0.0.0.0 area 0
R1
int s1/0
mpls ip
int s1/1
mpls ip
R2
int s1/0
mpls ip
R3
191
int s1/0
mpls ip
R2
router bgp 100
R3
router bgp 100
R2
ipv6 route vrf MSSK 2001:DB8::4/128 2001:DB8:24::4
R4
ipv6 route ::/0 2001:DB8:24::2
R3
ipv6 route vrf MSSK 2001:DB8::5/128 2001:DB8:35::5
R5
ipv6 route ::/0 2001:DB8:35::3
VPN Configuration
R2
router bgp 100
redistribute static
redistribute connected
192
R3
router bgp 100
redistribute static
redistribute connected
Verifications
R4#sh ipv6 route
S ::/0 [1/0]
via 2001:DB8:24::2
LC 2001:DB8::4/128 [0/0]
C 2001:DB8:24::/64 [0/0]
L 2001:DB8:24::4/128 [0/0]
L FF00::/8 [0/0]
via Null0, receive
!!!!!
R5#sh ipv6 route
S ::/0 [1/0]
via 2001:DB8:35::3
LC 2001:DB8::5/128 [0/0]
193
C
L
L

2001:DB8:35::/64 [0/0]
2001:DB8:35::5/128 [0/0]
FF00::/8 [0/0]
via Null0, receive

!!!!!
194
MPLS Internet Access

Network Diagram
AS#200
AS#100
R6
R2
R3
R7
R4
AS#200
R1
AS#1
R5
Internet
R8
Configurations
VRF Configuration
R2
vrf definition MSSK
rd 100:1
address-family ipv4
vrf forwarding MSSK
ip address 172.1.12.2 255.255.255.0
195
AS#300
R4
vrf definition MSSK
rd 100:1
address-family ipv4
vrf forwarding MSSK
ip address 172.1.45.4 255.255.255.0
R6
vrf definition ABC
rd 200:1
address-family ipv4
vrf forwarding ABC
ip address 172.1.67.6 255.255.255.0
IGP Configuration
R2
router isis 1
net 49.0001.0000.0000.0002.00
mpls ldp autoconfig
ip router isis 1
R3
router isis 1
net 49.0001.0000.0000.0003.00
196
mpls ldp autoconfig
ip router isis 1
ip router isis 1
ip router isis 1
R4
router isis 1
net 49.0001.0000.0000.0004.00
mpls ldp autoconfig
ip router isis 1
R6
router isis 1
net 49.0001.0000.0000.0006.00
mpls ldp autoconfig
ip router isis 1
R2
router bgp 100
197

R4
router bgp 100
R3
router bgp 100
R6
router bgp 100
198

R1
router bgp 200
address-family ipv4
network 172.16.1.1 mask 255.255.255.255
R2
router bgp 100
R4
router bgp 100
R5
router bgp 200
address-family ipv4
network 172.16.5.5 mask 255.255.255.255
R6
router bgp 100
R7
router bgp 300
199

address-family ipv4
network 192.168.7.7 mask 255.255.255.255
NAT Configuration
R3
vrf definition MSSK
rd 100:1
address-family ipv4
vrf definition ABC
rd 200:1
address-family ipv4
ip nat inside
ip nat inside
ip nat inside
ip nat outside
router bgp 100
address-family ipv4
network 212.118.0.0
network 212.118.1.0
network 0.0.0.0
network 0.0.0.0
ip nat pool MSSK_POOL 212.118.0.0 212.118.0.255 prefix-length 24
ip nat pool ABC_POOL 212.118.1.0 212.118.1.255 prefix-length 24
200
ip nat inside source list RFC pool ABC_POOL vrf ABC

ip nat inside source list RFC pool MSSK_POOL vrf MSSK
ip access-list standard RFC
permit 10.0.0.0 0.255.255.255
permit 172.16.0.0 0.15.255.255
permit 192.168.0.0 0.0.255.255
ip
ip
ip
ip
route
route
route
route
212.118.0.0 255.255.255.0 Null0

212.118.1.0 255.255.255.0 Null0
vrf MSSK 0.0.0.0 0.0.0.0 192.1.38.8 global
vrf ABC 0.0.0.0 0.0.0.0 192.1.38.8 global
R8
router bgp 1
address-family ipv4
network 8.8.8.8 mask 255.255.255.255
Verifications
Let us first check VPN connectivity
!!!!!
!!!!!
And, according to the configuration above, each CE must have a default route in
their routing table
R1#sh ip route
201

B*
C
L
C
B
0.0.0.0/0 [20/0] via 172.1.12.2, 00:02:32

172.16.5.5 [20/0] via 172.1.12.2, 00:15:03
R1#sh ip bgp
Network
Next Hop
*> 0.0.0.0
172.1.12.2
*> 172.16.1.1/32 0.0.0.0
*> 172.16.5.5/32 172.1.12.2

0 100 i
0
32768 i
0 100 100 i
R5#sh ip route
B*
C
0.0.0.0/0 [20/0] via 172.1.45.4, 00:02:44

202
L
B
C

172.16.1.1 [20/0] via 172.1.45.4, 00:15:16
R5#sh ip bgp
Network
Next Hop
*> 0.0.0.0
172.1.45.4
*> 172.16.1.1/32 172.1.45.4
*> 172.16.5.5/32 0.0.0.0

0 100 i
0 100 100 i
0
32768 i
R7#sh ip route
B*
C
L
C
0.0.0.0/0 [20/0] via 172.1.67.6, 00:02:52

R7#sh ip bgp
203
Network
Next Hop
*> 0.0.0.0
172.1.67.6
*> 192.168.7.7/32 0.0.0.0

0 100 i
0
32768 i
Not, let us check if the NAT configuration is working fine

8.8.8.8 Destination represents the Internet in our case
!!!!!
!!!!!
!!!!!
R3#sh ip nat translations
Pro Inside global
Inside local
Outside local
Outside global
icmp 212.118.0.2:4
172.16.1.1:4
8.8.8.8:4
8.8.8.8:4
--- 212.118.0.2
172.16.1.1
----icmp 212.118.0.1:1
172.16.5.5:1
8.8.8.8:1
8.8.8.8:1
--- 212.118.0.1
172.16.5.5
----icmp 212.118.1.1:0
192.168.7.7:0
8.8.8.8:0
8.8.8.8:0
--- 212.118.1.1
192.168.7.7
-----
204
MPLS QoS
Network Diagram
R4
R5
R6
R7
OSPF A0
OSPF A0
R2
0
10
gp 0 0
-2
AS 100
Eb
R1
AS 100
ISIS L2
49.0001
Eb
gp
20 10
0 0
R3
Elements
We are going to examine QoS configuration through our MPLS backbone and across the
L3VPN connection implemented to maintain connectivity between site #1(R4, R6) and
site #2 (R5, R7)
ISIS level-2 will be the IGP used inside our MPLS backbone, and BGP will be the PE-CE
routing protocol, OSPF will be the CE-C routing protocol
Configurations
R1
vrf definition MSSK
rd 100:1
address-family ipv4
205

interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip router isis 1
ip address 192.1.13.1 255.255.255.0
ip router isis 1
speed 100
duplex full
mpls ip
vrf forwarding MSSK
ip address 192.1.14.1 255.255.255.0
speed 100
duplex full
router isis 1
net 49.0001.0000.0000.0001.00
router bgp 100
bgp log-neighbor-changes
network 192.1.14.0
R2
vrf definition MSSK
rd 100:1
address-family ipv4
206

exit-address-family
interface Loopback0
ip address 2.2.2.2 255.255.255.255
ip router isis 1
ip address 192.1.23.2 255.255.255.0
ip router isis 1
speed 100
duplex full
mpls ip
no shut
vrf forwarding MSSK
ip address 192.1.25.2 255.255.255.0
speed 100
duplex full
no shut
router isis 1
net 49.0001.0000.0000.0002.00
router bgp 100
network 192.1.25.0
207
R3
interface Loopback0
ip address 3.3.3.3 255.255.255.255
ip router isis 1
ip address 192.1.13.3 255.255.255.0
ip router isis 1
speed 100
duplex full
mpls ip
no shut
ip address 192.1.23.3 255.255.255.0
ip router isis 1
speed 100
duplex full
mpls ip
no shut
router isis 1
net 49.0001.0000.0000.0003.00
router bgp 100
R4
interface Loopback0
ip address 4.4.4.4 255.255.255.255
208
ip address 192.1.14.4 255.255.255.0
speed 100
duplex full
no shut
ip address 192.1.46.4 255.255.255.0
speed 100
duplex full
no shut
router ospf 1
router-id 4.4.4.4
network 192.1.46.4 0.0.0.0 area 0
router bgp 200
address-family ipv4
network 4.4.4.4 mask 255.255.255.255
redistribute ospf 1
exit-address-family
R5
interface Loopback0
ip address 5.5.5.5 255.255.255.255
ip address 192.1.25.5 255.255.255.0
speed 100
duplex full
no shut
ip address 192.1.57.5 255.255.255.0
speed 100
duplex full
no shut
router ospf 1
router-id 5.5.5.5
209

network 192.1.57.5 0.0.0.0 area 0
router bgp 200
address-family ipv4
network 5.5.5.5 mask 255.255.255.255
redistribute ospf 1
exit-address-family
R6
interface Loopback0
ip address 6.6.6.6 255.255.255.255
ip address 192.1.46.6 255.255.255.0
speed 100
duplex full
no shut
router ospf 1
router-id 6.6.6.6
network 6.6.6.6 0.0.0.0 area 0
network 192.1.46.6 0.0.0.0 area 0
R7
interface Loopback0
ip address 7.7.7.7 255.255.255.255
ip address 192.1.57.7 255.255.255.0
speed 100
duplex full
no shut
router ospf 1
router-id 7.7.7.7
network 7.7.7.7 0.0.0.0 area 0
network 192.1.57.7 0.0.0.0 area 0
Verifications
210

Network
Next Hop
*> 4.4.4.4/32
192.1.14.4
0
0 200 i
*>i 5.5.5.5/32
2.2.2.2
0 100
0 200 i
*> 6.6.6.6/32
192.1.14.4
2
0 200 ?
*>i 7.7.7.7/32
2.2.2.2
2 100
0 200 ?
*> 192.1.14.0
0.0.0.0
0
32768 i
*>i 192.1.25.0
2.2.2.2
0 100
0i
*> 192.1.46.0
192.1.14.4
0
0 200 ?
*>i 192.1.57.0
2.2.2.2
0 100
0 200 ?
Network
Next Hop
*>i 4.4.4.4/32
1.1.1.1
0 100
0 200 i
*> 5.5.5.5/32
192.1.25.5
0
0 200 i
*>i 6.6.6.6/32
1.1.1.1
2 100
0 200 ?
*> 7.7.7.7/32
192.1.25.5
2
0 200 ?
*>i 192.1.14.0
1.1.1.1
0 100
0i
*> 192.1.25.0
0.0.0.0
0
32768 i
*>i 192.1.46.0
1.1.1.1
0 100
0 200 ?
*> 192.1.57.0
192.1.25.5
0
0 200 ?
R4#show ip bgp
211
Network
*> 4.4.4.4/32
*> 5.5.5.5/32
*> 6.6.6.6/32
*> 7.7.7.7/32
r> 192.1.14.0
*> 192.1.25.0
*> 192.1.46.0
*> 192.1.57.0
Next Hop
0.0.0.0
192.1.14.1
192.1.46.6
192.1.14.1
192.1.14.1
192.1.14.1
0.0.0.0
192.1.14.1

0
32768 i
0 100 100 i
2
32768 ?
0 100 100 ?
0
0 100 i
0 100 i
0
32768 ?
0 100 100 ?

!!!!!
R5#sh ip bgp
Network
*> 4.4.4.4/32
*> 5.5.5.5/32
*> 6.6.6.6/32
*> 7.7.7.7/32
*> 192.1.14.0
r> 192.1.25.0
*> 192.1.46.0
*> 192.1.57.0
Next Hop
192.1.25.2
0.0.0.0
192.1.25.2
192.1.57.7
192.1.25.2
192.1.25.2
192.1.25.2
0.0.0.0

0 100 100 i
0
32768 i
0 100 100 ?
2
32768 ?
0 100 i
0
0 100 i
0 100 100 ?
0
32768 ?

!!!!!
R6#sh ip route ospf
212

O E2
4.4.4.4 [110/1] via 192.1.46.4, 1d02h, FastEthernet1/0
O E2
O E2
O E2 192.1.25.0/24 [110/1] via 192.1.46.4, 1d02h, FastEthernet1/0
R6#ping 7.7.7.7
!!!!!
R7#sh ip route ospf
O E2
O E2
O E2
R7#ping 6.6.6.6
213
!!!!!
Now, as reachability is in place let us start diving in configuring MPLS QoS
We will start from the C routers and configure it for IP Precedence classification
Let us choose precedence values 1, 2, 3 and 6
We will depend on MQC model to for our purposes
R6
class-map PRECEDENCE_6
match ip precedence 6
policy-map MATCH
class PRECEDENCE_1
class PRECEDENCE_2
class PRECEDENCE_3
class PRECEDENCE_6
service-policy input MATCH
R7
policy-map MATCH
class PRECEDENCE_1
class PRECEDENCE_2
class PRECEDENCE_3
class PRECEDENCE_6
R6#ping 7.7.7.7 repeat 10
214

!!!!!!!!!!
R6#show policy-map interface fastEthernet 1/0
FastEthernet1/0
Service-policy input: MATCH
Class-map: PRECEDENCE_1 (match-all)
0 packets, 0 bytes
5 minute offered rate 0000 bps
Match: ip precedence 1
0 packets, 0 bytes
0 packets, 0 bytes
2 packets, 188 bytes
Class-map: class-default (match-any)
5 minute offered rate 0000 bps, drop rate 0000 bps
Match: any
FastEthernet1/0
Service-policy input: MATCH
0 packets, 0 bytes
0 packets, 0 bytes
215

0 packets, 0 bytes
0 packets, 0 bytes
Match: any
As we can see the ICMP packets fall in the class-default, and the PRECEDENCE_6 class
counts as it relates to routing updates and keepalives and so on
Now, let us choose three applications: TELNET, TFTP and ICMP
We will configure CE routers to assign these applications precedence values as they are
leaving toward the MPLS backbone
R4
ip access-list extended TELNET
permit tcp any any eq telnet
permit tcp any eq telnet any
ip access-list extended TFTP
permit udp any any eq 69
ip access-list extended ICMP
permit icmp any any
class-map ICMP_CLASS
match access-group name ICMP
class-map TFTP_CLASS
match access-group name TFTP
class-map TELNET_CLASS
match access-group name TELNET
policy-map MARK
class TELNET_CLASS
set ip precedence 1
class TFTP_CLASS
216
set ip precedence 2
class ICMP_CLASS
set ip precedence 3
class class-default
set ip precedence 6
service-policy output MARK
R5
ip access-list extended TELNET
permit tcp any any eq telnet
permit tcp any eq telnet any
ip access-list extended TFTP
permit udp any any eq 69
ip access-list extended ICMP
permit icmp any any
class-map ICMP_CLASS
match access-group name ICMP
class-map TFTP_CLASS
match access-group name TFTP
class-map TELNET_CLASS
match access-group name TELNET
policy-map MARK
class TELNET_CLASS
set ip precedence 1
class TFTP_CLASS
set ip precedence 2
class ICMP_CLASS
set ip precedence 3
class class-default
set ip precedence 6
service-policy output MARK
To enable telnet access
R6, R7
line vty 0 4
password cisco
login
217
enable secret cisco

For TFTP R7 will be the server and R6 will be the client
R7
tftp-server nvram:underlying-config
FastEthernet1/0
Service-policy output: MARK
Class-map: TELNET_CLASS (match-all)
0 packets, 0 bytes
Match: access-group name TELNET
QoS Set
precedence 1
Packets marked 0
Class-map: TFTP_CLASS (match-all)
0 packets, 0 bytes
Match: access-group name TFTP
QoS Set
precedence 2
Packets marked 0
Class-map: ICMP_CLASS (match-all)
0 packets, 0 bytes
Match: access-group name ICMP
QoS Set
precedence 3
Packets marked 0
Match: any
QoS Set
precedence 6
Packets marked 0
R4#show policy-map interface fastEthernet 1/0 | inc Class|marked
218
Packets marked 0
Packets marked 0
Packets marked 0
Packets marked 0
R6#ping 7.7.7.7 repeat 20
!!!!!!!!!!!!!!!!!!!!
R6#telnet 7.7.7.7
Trying 7.7.7.7 ... Open
User Access Verification
Password:
R7>en
Password:
R7#exit
[Connection to 7.7.7.7 closed by foreign host]
R6#copy tftp://7.7.7.7/underlying-config null:
Accessing tftp://7.7.7.7/underlying-config...
Loading underlying-config from 7.7.7.7 (via FastEthernet1/0): !
[OK - 233 bytes]
233 bytes copied in 0.252 secs (925 bytes/sec)
Packets marked 34
Packets marked 4
Packets marked 20
Packets marked 8
Packets marked 27
219
Packets marked 0
Packets marked 20
Packets marked 8
As we can see the count appears, but for TFTP traffic its a one way as one of the
routers is acting as a server and the other one is acting as a client
Now, let us implement some queuing and policing
Let us focus on ICMP traffic, we will configure a 3 rate policer as below (as traffic is
leaving toward the MPLS backbone)
Conform action: transmit
Exceed action: set the MPLS EXP bit to 5
Violate action: drop
R1
class-map EXP_CLASS
match mpls experimental topmost 3
policy-map EXP_POLICY
class EXP_CLASS
police 64000 conform-action transmit exceed-action set-mpls-exp-topmost-transmit 5
violate-action drop
service-policy output EXP_POLICY
R1#sh policy-map interface fastEthernet 1/0
FastEthernet1/0
Service-policy output: EXP_POLICY
Class-map: EXP_CLASS (match-all)
Match: mpls experimental topmost 3
police:
cir 64000 bps, bc 2000 bytes, be 2000 bytes
conformed 20 packets, 2440 bytes; actions:
transmit
exceeded 0 packets, 0 bytes; actions:
set-mpls-exp-topmost-transmit 5
violated 0 packets, 0 bytes; actions:
drop
conformed 0000 bps, exceeded 0000 bps, violated 0000 bps
220

Match: any
Now, let us configure on the P router (R3) MQC in order to check for the policy we
configured
R3
class-map match-all PRECEDENCE_6
policy-map MATCH
class PRECEDENCE_1
class PRECEDENCE_2
class PRECEDENCE_3
class PRECEDENCE_6
class PRECEDENCE_5
ip address 192.1.13.3 255.255.255.0
ip router isis 1
speed 100
duplex full
mpls ip
Now , we will generate some traffic from R6 toward R7 (we will influence the size of
ICMP packets in order to see the dropped packets)
R6#ping 7.7.7.7 repeat 20 size 1600
!!!.!!!.!!!.!!.!!!.!
FastEthernet1/0
221

police:
transmit
drop
Match: any
R3#show policy-map interface fastEthernet 1/0 | inc Class|packets
0 packets, 0 bytes
0 packets, 0 bytes
0 packets, 0 bytes
As we can see the PRECEDENCE_5 class is counting
Now, let us move our policy toward the customer side (toward R5), R5 does not
understand EXP bit as the disposition happens at its PE router: R2, so how we will apply
the same policy and queuing mechanism? We will configure what so called QoS groups
R2
class-map match-all INPUT_CLASS
policy-map INPUT_POLICY
222
class INPUT_CLASS
set qos-group 3
service-policy input INPUT_POLICY
class-map match-all OUTPUT_CLASS
match qos-group 3
policy-map OUTPUT_POLICY
class OUTPUT_CLASS
police 64000 conform-action transmit exceed-action set-mpls-exp-topmost-transmit 5
violate-action drop
service-policy output OUTPUT_POLICY
!!!.!!.!!.!!.!!.!!!.
FastEthernet1/0
police:
transmit
drop
Match: any
223

FastEthernet1/0
Service-policy output: MARK
0 packets, 0 bytes
Match: access-group name TELNET
QoS Set
precedence 1
Packets marked 0
0 packets, 0 bytes
Match: access-group name TFTP
QoS Set
precedence 2
Packets marked 0
Match: access-group name ICMP
QoS Set
precedence 3
Packets marked 40
Match: any
QoS Set
precedence 6
Packets marked 2
FastEthernet1/0
police:
224

transmit
drop
Match: any
FastEthernet1/0
Service-policy input: INPUT_POLICY
Class-map: INPUT_CLASS (match-all)
QoS Set
qos-group 3
Packets marked 54
Match: any
FastEthernet1/1
Service-policy output: OUTPUT_POLICY
Class-map: OUTPUT_CLASS (match-all)
Match: qos-group 3
police:
transmit
225

drop
Match: any
Now, let us change the exceed action on R2
R2
policy-map OUTPUT_POLICY
class OUTPUT_CLASS
no police 64000 conform-action transmit exceed-action set-mpls-exp-topmost-transmit
5 violate-action drop
police 64000 conform-action transmit exceed-action set-prec-transmit 5 violate-action
drop
Configure R7 to catch PRECEDENCE_5
R7
policy-map MATCH
class PRECEDENCE_5
!!!.!!!.!!.!!.!!!.!!
FastEthernet1/1
Service-policy output: OUTPUT_POLICY
Class-map: OUTPUT_CLASS (match-all)
Match: qos-group 3
police:
transmit
226

set-prec-transmit 5
drop
Match: any
R7#show policy-map interface fastEthernet 1/0 | inc Class|packet
0 packets, 0 bytes
0 packets, 0 bytes
0 packets, 0 bytes
MPLS EIGRP Backdoor Link

Network Diagram
227
192.1.12.0/24
F1/0
AS 1
S1/0
F1/0
R2
F1/1
F1/1
F1/0
F1/0
Lo0
3.3.3.3/32
R3
S2/0
192.1.34.0/24
Configuratioons
VRF Configuration
R1
ip vrf MSSK
rd 100:1
ip address 192.1.13.1 255.255.255.0
R2
ip vrf MSSK
rd 100:1
ip address 192.1.24.2 255.255.255.0
IGP Configuration
R1
router ospf 1
router-id 1.1.1.1
228
S2/0
R4
192.1.24.0/24
R1
192.1.13.0/24
Lo0
1.1.1.1/32
Lo0
2.2.2.2/32
Lo0
5.5.5.5/32
network 1.1.1.1 0.0.0.0 area 0

network 192.1.12.1 0.0.0.0 area 0
R2
router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 192.1.12.2 0.0.0.0 area 0
R1
int f1/0
mpls ip
R2
int f1/0
mpls ip
R1
router bgp 1
R2
router bgp 1
229

R1
router eigrp 100
network 192.1.13.1 0.0.0.0
R3
router eigrp 100
network 3.3.3.3 0.0.0.0
network 192.1.13.3 0.0.0.0
network 192.1.34.3 0.0.0.0
R2
router eigrp 100
network 192.1.24.2 0.0.0.0
R4
router eigrp 100
network 4.4.4.4 0.0.0.0
network 192.1.24.4 0.0.0.0
network 192.1.34.4 0.0.0.0
VPN Configuration
R1
router eigrp 100
router bgp 1
R2
router eigrp 100
router bgp 1
230
Verifications
Network
Next Hop
*> 3.3.3.3/32
192.1.13.3
156160
32768 ?
*>i 4.4.4.4/32
2.2.2.2
156160 100
0?
r>i 192.1.13.0
2.2.2.2
2174976 100
0?
*>i 192.1.24.0
2.2.2.2
0 100
0?
*> 192.1.34.0
192.1.13.3
2172416
32768 ?
*i
2.2.2.2
2172416 100
0?
*>i 192.1.34.3/32 2.2.2.2
2172416 100
0?
*> 192.1.34.4/32 192.1.13.3
2172416
32768 ?
Network
Next Hop
*>i 3.3.3.3/32
1.1.1.1
156160 100
0?
*> 4.4.4.4/32
192.1.24.4
156160
32768 ?
*> 192.1.13.0
192.1.24.4
2174976
32768 ?
*> 192.1.24.0
0.0.0.0
0
32768 ?
* i 192.1.34.0
1.1.1.1
2172416 100
0?
*>
192.1.24.4
2172416
32768 ?
*> 192.1.34.3/32 192.1.24.4
2172416
32768 ?
*>i 192.1.34.4/32 1.1.1.1
2172416 100
0?
R3#sh ip route eigrp
231

D
D


D
D

192.1.13.0/24 [90/2172416] via 192.1.34.3, 00:31:26, Serial2/0

!!!!!
1 192.1.13.1 20 msec 8 msec 4 msec
3 192.1.24.4 12 msec * 12 msec
232

!!!!!
1 192.1.24.2 4 msec 44 msec 8 msec
3 192.1.13.3 24 msec * 16 msec
A potential loop may arise when using EIGRP as the PE-CE routing protocol and a
backdoor link in place, what solve these potential loops is site of origin feature
We configure it via a route-map and apply it on the PE-CE interface
R1
route-map SOO_MAP permit 10
set extcommunity soo 100:1
int f1/1
ip vrf sitemap SOO_MAP
R2
route-map SOO_MAP permit 10
int f1/1
ip vrf sitemap SOO_MAP
R1#sh bgp vpnv4 unicast all 3.3.3.3
Advertised to update-groups:
1
Refresh Epoch 1
Local
192.1.13.3 from 0.0.0.0 (1.1.1.1)
Origin incomplete, metric 156160, localpref 100, weight 32768, valid, sourced,
best
Extended Community: SoO:100:1 RT:100:1 Cost:pre-bestpath:128:156160
0x8800:32768:0 0x8801:100:130560 0x8802:65281:25600
0x8803:65281:1500
0x8806:0:50529027
233
mpls labels in/out 21/nolabel

R1#sh bgp vpnv4 unicast all 4.4.4.4
3
Refresh Epoch 1
Local
192.1.13.3 from 0.0.0.0 (1.1.1.1)
Origin incomplete, metric 2300416, localpref 100, weight 32768, valid,
sourced, best
Extended Community: SoO:100:1 RT:100:1
Cost:pre-bestpath:128:2300416 (default-2145183231) 0x8800:32768:0
0x8801:100:642560 0x8802:65282:1657856 0x8803:65281:1500
0x8806:0:67372036
mpls labels in/out 23/nolabe
MPLS BGP Soo

Network Diagram
234
MPLS Backbone
OSPF Area 0
R5
F0/0
F0/1
F0/0
R2
S0/0
P2 203
FRSW
P3 302
IBGP
F0/0
Lo0 1.1.1.1/32
S0/0
Lo0 3.3.3.3/32
R3
R1
F0/0
F1/0
F0/1
F0/0
F0/0
F0/0
R4
R7
R6
VRF
RED
VRF
RED
RIP
Domain
VRF
RED
Configurations
VRF Configuration
R1
ip vrf RED
rd 100:1
int f0/1
ip address 192.1.14.1 255.255.255.0
int f1/0
235

ip address 192.1.17.1 255.255.255.0
R3
ip vrf RED
rd 100:1
int f0/0
ip address 192.1.36.3 255.255.255.0
IGP Configuration
R1
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 192.1.15.1 0.0.0.0 area 0
R2
router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 192.1.23.2 0.0.0.0 area 0
network 192.1.25.2 0.0.0.0 area 0
R3
router ospf 1
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 192.1.23.3 0.0.0.0 area 0
R5
router ospf 1
router-id 5.5.5.5
network 5.5.5.5 0.0.0.0 area 0
network 192.1.15.5 0.0.0.0 area 0
network 192.1.25.5 0.0.0.0 area 0
R1
236

int f0/0
mpls ip
R2
int s0/0
mpls ip
R3
int s0/0
mpls ip
R5
int f0/0
mpls ip
int f0/1
mpls ip
R1
router bgp 100
R3
router bgp 100
237

R1
router bgp 100
R4
router bgp 200
network 4.4.4.4 mask 255.255.255.255
router rip
version 2
no auto-summary
network 192.1.47.4
network 7.7.7.7
R7
router bgp 200
network 7.7.7.7 mask 255.255.255.255
router rip
version 2
no auto-summary
network 192.1.47.7
network 7.7.7.7
R3
R6
router bgp 200
238
network 6.6.6.6 mask 255.255.255.255

Verifications
R1#show ip bgp vpnv4 all summary
Neighbor
3.3.3.3
192.1.14.4
192.1.17.7

4 100
31
32
5 0 0 00:27:13
1
4 200
19
20
5 0 0 00:14:04
1
4 200
18
20
5 0 0 00:13:39
1
R3#show ip bgp vpnv4 all summary

Neighbor
1.1.1.1
192.1.36.6

4 100
32
31
6 0 0 00:27:27
2
4 200
18
18
6 0 0 00:13:08
1

239

Neighbor
192.1.14.1
V
4
AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

100
20
19
2 0 0 00:14:34
0

Neighbor
192.1.36.3
V
4

100
18
18
2 0 0 00:13:35
0

Neighbor
192.1.17.1
V
4

100
21
19
2 0 0 00:14:30
0
As we can see that neither of the CEs can receive the loopback of any other CEs
(which is advertised in BGP) why?
The reason behind that is that the bgp speaker will not accept a route with its own
AS number (which is 200 in our case)
240
The ways to solve this issue is:
BGP AS-Override
BGP AllowAS-in
We will go with AS-Override; the configuration will be applied on the PE towards the
CE under the address-family ipv4 configuration mode
R1
router bgp 100
R3
router bgp 100
R4#sh ip bgp
Network
*> 4.4.4.4/32
*> 6.6.6.6/32
*> 7.7.7.7/32
Next Hop
0.0.0.0
192.1.14.1
192.1.14.1

0
32768 i
0 100 100 i
0 100 100 i
R6#sh ip bgp
Network
*> 4.4.4.4/32
*> 6.6.6.6/32
*> 7.7.7.7/32
Next Hop
192.1.36.3
0.0.0.0
192.1.36.3

0 100 100 i
0
32768 i
0 100 100 i
R7#sh ip bgp
241

Network
*> 4.4.4.4/32
*> 6.6.6.6/32
*> 7.7.7.7/32
Next Hop
192.1.17.1
192.1.17.1
0.0.0.0

0 100 100 i
0 100 100 i
0
32768 i
Now , the SOO community is used in MPLS networks to prevent looping between
the PEs , when a PE advertise a route to its neighbor PE that is attached with a soo
community that matches the same rd configured under the ip vrf configuration
mode , it will not advertise it to its CE
R1
route-map SOO permit 10
router bgp 100
neighbor 192.1.14.4 route-map SOO in
neighbor 192.1.17.7 route-map SOO in
R1#sh ip bgp vpnv4 vrf RED 6.6.6.6
Paths: (1 available, best #1, table RED)
2 3
200
3.3.3.3 (metric 67) from 3.3.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, internal, best
R1#sh ip bgp vpnv4 vrf RED 4.4.4.4
Paths: (1 available, best #1, table RED)
1 2
200
192.1.14.4 from 192.1.14.4 (4.4.4.4)
Origin IGP, metric 0, localpref 100, valid, external, best
mpls labels in/out 22/nolabel
Full scale Lab

242
Network Diagram
Initrial Configurations
R1
hostname R1
interface Loopback0
ip address 192.168.1.1 255.255.255.255
ip address 192.1.12.1 255.255.255.0
speed 100
duplex full
no shut
R2
hostname R2
interface Loopback0
ip address 2.2.2.2 255.255.255.255
243
ip address 192.1.12.2 255.255.255.0
speed 100
duplex full
no shut
ip address 192.1.23.2 255.255.255.0
speed 100
duplex full
no shut
ip address 192.1.25.2 255.255.255.0
speed 100
duplex full
no shut
R3
hostname R3
interface Loopback0
ip address 3.3.3.3 255.255.255.255
no ip address
speed 100
duplex full
no shut
ip address 192.1.23.3 255.255.255.0
speed 100
duplex full
no shut
ip address 192.1.34.3 255.255.255.0
speed 100
duplex full
no shut
244
ip address 192.1.35.3 255.255.255.0

speed 100
duplex full
no shut
R4
hostname R4
interface Loopback0
ip address 4.4.4.4 255.255.255.255
ip address 192.1.34.4 255.255.255.0
speed 100
duplex full
no shut
ip address 192.1.45.4 255.255.255.0
speed 100
duplex full
no shut
ip address 192.1.40.4 255.255.255.0
speed 100
duplex full
no shut
interface Serial3/0
no ip address
encapsulation ppp
serial restart-delay 0
clock rate 128000
no shut
R5
hostname R5
interface Loopback0
ip address 5.5.5.5 255.255.255.255
ip address 192.1.56.5 255.255.255.0
245
speed 100
duplex full
no shut
ip address 192.1.25.5 255.255.255.0
speed 100
duplex full
no shut
ip address 192.1.45.5 255.255.255.0
speed 100
duplex full
no shut
ip address 192.1.35.5 255.255.255.0
speed 100
duplex full
no shut
R6
hostname R6
interface Loopback0
ip address 172.16.6.6 255.255.255.255
ip address 192.1.56.6 255.255.255.0
speed 100
duplex full
no shut
ip address 192.1.67.6 255.255.255.0
speed 100
duplex full
no shut
R7
hostname R7
interface Loopback0
ip address 10.7.7.7 255.255.255.255
246
ip address 192.1.67.7 255.255.255.0
speed 100
duplex full
no shut
R8
hostname R8
interface Serial1/0
ip address 192.1.89.8 255.255.255.0
encapsulation ppp
serial restart-delay 0
clock rate 128000
no shut
R9
hostname R9
ip address 192.1.89.9 255.255.255.0
speed 100
duplex full
no shut
GW
hostname Gw
ip address 192.1.40.10 255.255.255.0
speed 100
duplex full
no shut
ip address 192.1.100.10 255.255.255.0
speed 100
duplex full
no shut
Configure ISIS as the IGP inside AS 100 and make sure all circuits are
level-2 circuits
R2
247
ip router isis 1
ip router isis 1
router isis 1
net 49.0001.0000.0000.0002.00
R3
ip router isis 1
ip router isis 1
ip router isis 1
router isis 1
net 49.0001.0000.0000.0003.00
R4
ip router isis 1
ip router isis 1
router isis 1
net 49.0001.0000.0000.0004.00
R5
ip router isis 1
ip router isis 1
248
ip router isis 1
router isis 1
net 49.0001.0000.0000.0005.00
R2#show isis neighbors
Tag 1:
System Id
R3
L2 Fa1/1
192.1.23.3
UP 8
R3.01
R5
L2 Fa2/0
192.1.25.5
UP 7
R5.01
Tag 1:
System Id
Interface SNPA
R3
Fa1/1
ca02.270a.001d
R5
Fa2/0
ca04.270a.001d

Up
9
L2 IS-IS
Up
8
L2 IS-IS
R2#sh ip route isis

i
i
i
i
i
i

L2
L2
[115/20] via 192.1.23.3, 00:01:29, FastEthernet1/1
L2
L2 192.1.34.0/24 [115/20] via 192.1.23.3, 00:01:39, FastEthernet1/1
249

Tag 1:
System Id
R2
L2 Fa1/1
192.1.23.2
UP 29
R3.01
R4
L2 Fa2/0
192.1.34.4
UP 8
R4.01
R5
L2 Fa2/1
192.1.35.5
UP 8
R5.03
Tag 1:
System Id
Interface SNPA
R2
Fa1/1
ca01.270a.001d
R4
Fa2/0
ca03.270a.001c
R5
Fa2/1
ca04.270a.0039
State
Up
Up
Up
Holdtime Type Protocol

24
L2 IS-IS
7
L2 IS-IS
7
L2 IS-IS

L2
L2
i L2
i
i
i
i

Tag 1:
System Id
R3
L2 Fa1/0
192.1.34.3
UP 22
R4.01
R5
L2 Fa1/1
192.1.45.5
UP 7
R5.02
250

Tag 1:
System Id
Interface SNPA
R3
Fa1/0
ca02.270a.0038
R5
Fa1/1
ca04.270a.0038

Up
28
L2 IS-IS
Up
7
L2 IS-IS

L2
L2
i L2
i
i
i
i
i

Tag 1:
System Id
R2
L2 Fa1/1
192.1.25.2
UP 21
R5.01
R3
L2 Fa2/1
192.1.35.3
UP 23
R5.03
R4
L2 Fa2/0
192.1.45.4
UP 24
R5.02
Tag 1:
System Id
Interface SNPA
R2
Fa1/1
ca01.270a.0038
R3
Fa2/1
ca02.270a.0039
R4
Fa2/0
ca03.270a.001d
State
Up
Up
Up
251
Holdtime Type Protocol

28
L2 IS-IS
28
L2 IS-IS
21
L2 IS-IS

L2
L2
i L2
i
i
i
i
Enable MPLS on all transit links in AS 100 (use minimum commands)

R2 R5
router isis 1
mpls ldp autoconfig
TCP connection: 3.3.3.3.63778 - 2.2.2.2.646
Up time: 00:01:55
192.1.23.3
192.1.34.3
192.1.35.3
3.3.3.3
TCP connection: 5.5.5.5.44091 - 2.2.2.2.646
Up time: 00:01:53
252
192.1.56.5
5.5.5.5
192.1.25.5
192.1.45.5
192.1.35.5

Interface
IP
Tunnel BGP Static Operational
FastEthernet1/1
Yes (ldp)
No
No No
Yes
FastEthernet2/0
Yes (ldp)
No
No No
Yes
TCP connection: 2.2.2.2.646 - 3.3.3.3.63778
Up time: 00:02:11
192.1.12.2
192.1.23.2
192.1.25.2
2.2.2.2
TCP connection: 4.4.4.4.40632 - 3.3.3.3.646
Up time: 00:02:10
192.1.34.4
192.1.45.4
4.4.4.4
TCP connection: 5.5.5.5.49471 - 3.3.3.3.646
Up time: 00:02:09
192.1.56.5
192.1.25.5
192.1.45.5
192.1.35.5
5.5.5.5
Interface
IP
FastEthernet1/1
Yes (ldp)
No
No No
Yes
FastEthernet2/0
Yes (ldp)
No
No No
Yes
FastEthernet2/1
Yes (ldp)
No
No No
Yes
TCP connection: 3.3.3.3.646 - 4.4.4.4.40632
253
Up time: 00:02:22
192.1.23.3
192.1.34.3
192.1.35.3
3.3.3.3
TCP connection: 5.5.5.5.28271 - 4.4.4.4.646
Up time: 00:02:21
192.1.56.5
192.1.25.5
192.1.45.5
192.1.35.5
5.5.5.5
Interface
IP
FastEthernet1/0
Yes (ldp)
No
No No
Yes
FastEthernet1/1
Yes (ldp)
No
No No
Yes
TCP connection: 2.2.2.2.646 - 5.5.5.5.44091
Up time: 00:02:33
192.1.12.2
192.1.23.2
192.1.25.2
2.2.2.2
TCP connection: 3.3.3.3.646 - 5.5.5.5.49471
Up time: 00:02:33
192.1.23.3
192.1.34.3
192.1.35.3
3.3.3.3
TCP connection: 4.4.4.4.646 - 5.5.5.5.28271
Up time: 00:02:33
192.1.34.4
192.1.45.4
4.4.4.4
254

Interface
IP
FastEthernet1/1
Yes (ldp)
No
No No
Yes
FastEthernet2/0
Yes (ldp)
No
No No
Yes
FastEthernet2/1
Yes (ldp)
No
No No
Yes
Configure VRF MSSK on R2, R5 with an RD value of 100:1 and
import/export values of the same, and assign the appropriate interfaces to
it
R2
vrf definition MSSK
rd 100:1
address-family ipv4
exit-address-family
int f1/0
vrf forwarding MSSK
ip address 192.1.12.2 255.255.255.0
R5
vrf definition MSSK
rd 100:1
address-family ipv4
exit-address-family
int f1/0
vrf forwarding MSSK
ip address 192.1.56.5 255.255.255.0
R2#sh ip vrf
Name
MSSK
Default RD
100:1
Interfaces
Fa1/0
R5#sh ip vrf
Name
MSSK
Default RD
100:1
Interfaces
Fa1/0
Configure BGP VPNv4 peering with R4 is acting as a route reflector

255
R2
router bgp 100
neighbor 4.4.4.4 send-community extended
R3
router bgp 100
R4
router bgp 100
R5
router bgp 100
256
Neighbor
V
State/PfxRcd
4.4.4.4
4
AS MsgRcvd MsgSent
100

0
0 00:00:55

Neighbor
V
State/PfxRcd
4.4.4.4
4
AS MsgRcvd MsgSent
100

0
0 00:01:05

Neighbor
V
State/PfxRcd
2.2.2.2
4
3.3.3.3
4
5.5.5.5
4
AS MsgRcvd MsgSent
100
100
100
3
4
2
4
4
4
1
1
1

0
0
0
0 00:01:11
0 00:01:07
0 00:00:51
0
0
0

Neighbor
V
State/PfxRcd
4.4.4.4
4
AS MsgRcvd MsgSent
100

0
0 00:00:52
Configure OSPF PID 100 as the PE-CE routing protocol between R6-R7 and
R5 (noting that R5-R6 resides in Area 0 , R6-R7 resides in Area 1 and R7
lo0 is part of Area 2), EIGRP AS 1 as the PE-CE routing protocol between
R1 and R2
R1
router eigrp 1
257
no auto-summary
network 192.1.12.1 0.0.0.0
network 192.168.1.1 0.0.0.0
R2
router eigrp 1
network 192.1.12.2 0.0.0.0
no auto-summary
R6
router ospf 100
router-id 6.6.6.6
area 1 virtual-link 7.7.7.7
network 172.16.6.6 0.0.0.0 area 0
network 192.1.56.6 0.0.0.0 area 0
network 192.1.67.6 0.0.0.0 area 1
R7
router ospf 100
router-id 7.7.7.7
area 1 virtual-link 6.6.6.6
network 10.7.7.7 0.0.0.0 area 2
network 192.1.67.7 0.0.0.0 area 1
R5
network 192.1.56.5 0.0.0.0 area 0
R1#sh ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(1)
H Address
Interface
0
192.1.12.2
Fa1/0
(sec)

(ms)
Cnt Num
10 00:00:28 8 100 0 3
R2#sh ip eigrp vrf MSSK neighbors

EIGRP-IPv4 Neighbors for AS(1) VRF(MSSK)
H Address
Interface
(sec)
(ms)
Cnt Num
0 192.1.12.1
Fa1/0
10 00:00:46 20 120 0 2
Neighbor ID
6.6.6.6
Pri State
1 FULL/BDR
Dead Time
00:00:38
258
Address
192.1.56.6
Interface
FastEthernet1/0

Neighbor ID
192.1.56.5
7.7.7.7
7.7.7.7
Pri State
1 FULL/DR
0 FULL/ 1 FULL/DR
Dead Time Address

Interface
00:00:38 192.1.56.5
FastEthernet1/0
00:00:35 192.1.67.7
OSPF_VL0
00:00:38 192.1.67.7
FastEthernet1/1

Neighbor ID
6.6.6.6
6.6.6.6
Pri State
0 FULL/ 1 FULL/BDR
Dead Time Address

00:00:26 192.1.67.6
00:00:31 192.1.67.6
Interface
OSPF_VL0
FastEthernet1/0
R2#sh ip route vrf MSSK eigrp

Routing Table: MSSK
D
!!!!!
Routing Table: MSSK
259

O IA
O
!!!!!
!!!!!
Configure the necessary in order to achieve connectivity from R1 to R6 and
R7
R2
router eigrp 1
router bgp 100
R5
router bgp 100
redistribute ospf 100
260

1 BGP rrinfo entries using 24 bytes of memory
Neighbor
V
State/PfxRcd
4.4.4.4
4
AS MsgRcvd MsgSent
100
18
15
10

0
0 00:10:39

Network
Next Hop
*>i 10.7.7.7/32
5.5.5.5
3 100
0?
*>i 172.16.6.6/32 5.5.5.5
2 100
0?
*>i 192.1.56.0
5.5.5.5
0 100
0?
*>i 192.1.67.0
5.5.5.5
2 100
0?
*> 192.168.1.1/32 192.1.12.1
156160
32768 ?
Network
Next Hop
*> 10.7.7.7/32
192.1.56.6
3
32768 ?
*> 172.16.6.6/32 192.1.56.6
2
32768 ?
*> 192.1.56.0
0.0.0.0
0
32768 ?
*> 192.1.67.0
192.1.56.6
2
32768 ?
261
*>i 192.168.1.1/32
2.2.2.2
156160
100
0?

D EX
D EX
D EX 192.1.56.0/24 [170/514560] via 192.1.12.2, 00:00:47, FastEthernet1/0
!!!!!
!!!!!
R6#sh ip route ospf
262

O IA
O E2
!!!!!
!!!!!
R7#sh ip route ospf
O
O
O E2
!!!!!
263

!!!!!
1 192.1.12.2 8 msec 4 msec 4 msec
3 192.1.56.6 12 msec * 8 msec
1 192.1.12.2 4 msec 4 msec 0 msec
3 192.1.56.6 12 msec 12 msec 12 msec
4 192.1.67.7 24 msec * 16 msec
1 192.1.56.5 4 msec 4 msec 8 msec
3 192.1.12.1 12 msec * 12 msec
1 192.1.67.6 4 msec 0 msec 4 msec
2 192.1.56.5 8 msec 8 msec 8 msec
4 192.1.12.1 20 msec * 16 msec
Enable AS 100 for traffic engineering
R2
264

ip rsvp bandwidth
ip rsvp bandwidth
router isis 1
metric-style wide
mpls traffic-eng level-2
R3
ip rsvp bandwidth
ip rsvp bandwidth
ip rsvp bandwidth
router isis 1
metric-style wide
R4
ip rsvp bandwidth
ip rsvp bandwidth
265
router isis 1
metric-style wide
R5
ip rsvp bandwidth
ip rsvp bandwidth
ip rsvp bandwidth
router isis 1
metric-style wide
R2#sh ip rsvp interface
interface rsvp
allocated i/f max flow max sub max VRF
Fa1/1
ena
0
75M
75M
0
Fa2/0
ena
0
75M
75M
0
interface rsvp
allocated i/f max flow
Fa1/1
ena
0
75M
75M
Fa2/0
ena
0
75M
75M
Fa2/1
ena
0
75M
75M
max sub max VRF

0
0
0

interface rsvp
Fa1/0
ena
0
75M
75M
0
Fa1/1
ena
0
75M
75M
0
interface rsvp
Fa1/1
ena
0
75M
75M
0
266
Fa2/0
Fa2/1
ena
ena
0
0
75M
75M
75M
75M
0
0
Configure MPLE-TE in such a way that traffic flow from R5 to R2 follow the
path R5 R4 R3 R2 and the traffic flow from R2 to R5 follow the poath
R2 R3 R4 R5
R2
ip explicit-path name TO_R5 enable
next-address 3.3.3.3
interface Tunnel0
tunnel mpls traffic-eng path-option 1 explicit name TO_R5
R5
ip explicit-path name TO_R2 enable
interface Tunnel0

tunnel mpls traffic-eng path-option 1 explicit name TO_R2
R2#show interfaces tun0 | inc line
R5#show interfaces tun0 | inc line
Signalling Summary:
running
running
267
RSVP Process:
running
Forwarding:
enabled
Not Running
P2P:
P2MP:
Signalling Summary:
running
running
RSVP Process:
running
Forwarding:
enabled
Not Running
P2P:
P2MP:
R2#show mpls traffic-eng tunnels
P2P TUNNELS/LSPs:
Name: R2_t0

268
Status:
Admin: up
Oper: up
Path: valid
path option 1, type explicit TO_R5 (Basis for Setup, path weight 30)
path option 2, type dynamic
Config Parameters:
Bandwidth: 0
auto-bw: disabled
State: explicit path option 1 is active
Next Hop : 192.1.23.3
RSVP Path Info:
Explicit Route: 192.1.23.3 192.1.34.3 192.1.34.4 192.1.45.4
192.1.45.5 5.5.5.5
Record Route: NONE
RSVP Resv Info:
Record Route: NONE
History:
Tunnel:
LSP Tunnel R5_t0 is signalled, connection is up
InLabel : FastEthernet1/1, implicit-null
Prev Hop : 192.1.23.3
OutLabel : RSVP Signalling Info:
RSVP Path Info:
My Address: 2.2.2.2
269
Explicit Route: NONE

Record Route: NONE
RSVP Resv Info:
Record Route: NONE
P2MP TUNNELS:
P2MP SUB-LSPS:
R5#show mpls traffic-eng tunnels
P2P TUNNELS/LSPs:
Name: R5_t0
Status:
Admin: up
Oper: up
Path: valid
path option 1, type explicit TO_R2 (Basis for Setup, path weight 30)
path option 2, type dynamic
Config Parameters:
Bandwidth: 0
auto-bw: disabled
State: explicit path option 1 is active
Next Hop : 192.1.45.4
RSVP Path Info:
Explicit Route: 192.1.45.4 192.1.34.4 192.1.34.3 192.1.23.3
192.1.23.2 2.2.2.2
Record Route: NONE
RSVP Resv Info:
Record Route: NONE
270
History:
Tunnel:
LSP Tunnel R2_t0 is signalled, connection is up
InLabel : FastEthernet2/0, implicit-null
Prev Hop : 192.1.45.4
OutLabel : RSVP Signalling Info:
RSVP Path Info:
My Address: 5.5.5.5
Explicit Route: NONE
Record Route: NONE
RSVP Resv Info:
Record Route: NONE
P2MP TUNNELS:
P2MP SUB-LSPS:
1 192.1.12.2 8 msec 4 msec 4 msec
5 192.1.56.6 20 msec 20 msec 20 msec
6 192.1.67.7 24 msec * 24 msec
1 192.1.67.6 4 msec 0 msec 4 msec
2 192.1.56.5 8 msec 8 msec 8 msec
271

6 192.1.12.1 28 msec * 24 msec
Configure eBGP session between R4 and GW; make sure to advertise the
192.1.100.0 in BGP
R4
router bgp 100
address-family ipv4
GW
router bgp 200
address-family ipv4
network 192.1.100.0
Neighbor
V
State/PfxRcd
192.1.40.10
4
AS MsgRcvd MsgSent
200

2
0 00:00:12
R4#sh ip bgp
272
Network
Next Hop
*> 192.1.100.0
192.1.40.10

0
0 200 i
Gw#sh ip bgp summary

Neighbor
V
State/PfxRcd
192.1.40.4
4
AS MsgRcvd MsgSent
100

2
0 00:00:31
Gw#sh ip bgp
Network
Next Hop
*> 192.1.100.0
0.0.0.0

0
32768 i
Gw#sh ip bgp neighbors 192.1.40.4 advertised-routes

Network
Next Hop
*> 192.1.100.0
0.0.0.0

0
32768 i

The subnet 30.40.50.0/24 has been reserved for customer traffic to reach
the subnet 192.1.100.0/24 via NAT, configure R4 to accomplish this
273
R4
vrf definition MSSK
rd 100:1
address-family ipv4
ip route 30.40.50.0 255.255.255.0 Null0
ip route vrf MSSK 0.0.0.0 0.0.0.0 192.1.40.10 global
ip access-list standard RFC
permit 10.0.0.0 0.255.255.255
permit 172.16.0.0 0.15.255.255
permit 192.168.0.0 0.0.0.255
ip nat pool POOL 30.40.50.0 30.40.50.255 prefix-length 24
ip nat inside source list RFC pool POOL vrf MSSK
router bgp 100
address-family ipv4
network 30.40.50.0 mask 255.255.255.0
network 0.0.0.0
ip nat inside
ip nat inside
ip nat outside
Network
Next Hop
*>i 0.0.0.0
4.4.4.4
0 100
0i
274
*>i
*>i
*>i
*>i
*>
10.7.7.7/32
5.5.5.5
172.16.6.6/32 5.5.5.5
192.1.56.0
5.5.5.5
192.1.67.0
5.5.5.5
192.168.1.1/32 192.1.12.1
3 100
2 100
0 100
2 100
156160
0?
0?
0?
0?
32768 ?

Network
Next Hop
*>i 0.0.0.0
4.4.4.4
0 100
0i
*> 10.7.7.7/32
192.1.56.6
3
32768 ?
*> 172.16.6.6/32 192.1.56.6
2
32768 ?
*> 192.1.56.0
0.0.0.0
0
32768 ?
*> 192.1.67.0
192.1.56.6
2
32768 ?
*>i 192.168.1.1/32 2.2.2.2
156160 100
0?
D*EX 0.0.0.0/0 [170/514560] via 192.1.12.2, 00:00:50, FastEthernet1/0
D EX
D EX
R4#sh ip bgp neighbors 192.1.40.10 advertised-routes
275

Network
Next Hop
*> 30.40.50.0/24 0.0.0.0

0
32768 i

Configure L2VPN on R3 and R4 in order to achieve connectivity between R8
and R9
R3
encapsulation mpls
interworking ip
xconnect 4.4.4.4 89 encapsulation mpls pw-class MSSK
R4
encapsulation mpls
interworking ip
interface Serial3/0
xconnect 3.3.3.3 89 encapsulation mpls pw-class MSSK
R8#ping 192.1.89.9
!!!!!
276
R9#ping 192.1.89.8
.!!!!
277

MPLS Handbook

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

MPLS Handbook

Încărcat de

Drepturi de autor:

Formate disponibile

MPLS Handbook

MPLS L3VPN Static CE-PE

BGP Static Operational

R2#show mpls ldp neighbor

Serial1/0, Src IP addr: 192.1.12.1

BGP Static Operational

R3#show mpls ldp neighbor

BGP Static Operational

R2#sh ip route vrf MSSK static

4.0.0.0/32 is subnetted, 1 subnets

R2#ping vrf MSSK 4.4.4.4

R3#sh ip route vrf MSSK static

5.0.0.0/32 is subnetted, 1 subnets

R3#ping vrf MSSK 5.5.5.5

TblVer InQ OutQ Up/Down

R2#sh bgp vpnv4 unicast all

RPKI validation codes: V valid, I invalid, N Not found

TblVer InQ OutQ Up/Down

R3#sh bgp vpnv4 unicast all

Origin codes: i - IGP, e - EGP, ? - incomplete

0.0.0.0/0 [1/0] via 192.1.24.2

R4#ping 5.5.5.5 source lo0

Type escape sequence to abort.

0.0.0.0/0 [1/0] via 192.1.35.3

R5#ping 4.4.4.4 source lo0

Outgoing Next Hop

R3#show mpls forwarding-table

Stack {17 0 254} {21 0 254}

*Sep 5 14:29:13.755: MPLS les: Se1/1: tx: Len 108

Stack {21 0 253} - ipv4 data

MPLS L3VPN RIPv2 CE-PE

route-target import 100:1

Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 1.1.1.1:0

BGP Static Operational

R2#show mpls ldp neighbor

BGP Static Operational

R3#show mpls ldp neighbor

BGP Static Operational

R2#sh ip route vrf MSSK rip

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

4.0.0.0/32 is subnetted, 1 subnets

R2#ping vrf MSSK 4.4.4.4

5.0.0.0/32 is subnetted, 1 subnets

R3#ping vrf MSSK 5.5.5.55

TblVer InQ OutQ Up/Down

R2#sh bgp vpnv4 unicast all

Total number of prefixes 2

TblVer InQ OutQ Up/Down

R3#sh bgp vpnv4 unicast all

Total number of prefixes 2

5.0.0.0/32 is subnetted, 1 subnets

R4#ping 5.5.5.5 source lo0

4.0.0.0/32 is subnetted, 1 subnets

R5#ping 4.4.4.4 source lo0

Type escape sequence to abort.

ia - IS-IS inter area, * - candidate default, U - per-user static route

4.0.0.0/32 is subnetted, 1 subnets

MPLS L3VPN OSPF CE-PE

route-target export 100:1

router ospf 100

BGP Static Operational

R2#show mpls ldp neighbor

BGP Static Operational

R3#show mpls ldp neighbor