MPLS VPN Carrier Supporting Carrier: The BGP way
Posted on April 12, 2010
As usual when you study CCIE you need to know at least 2 ways to do everything, same for Carrier supporting Carrier (CsC). I know that InterNetwork Expert they say that the chances are slim to have MPLS VPN Carrier supporting Carrier but you never know, it’s not the biggest bit of study anyway.
MPLS VPN Carrier supporting Carrier Lab Topology
So for our setup I’ll be using a 8 router setup
AS100 will be our super service provider providing the CsC service, AS200 will be our CsC customer. R1 and R8 are our customer devices running EIGRP with the PE devices.
I pre-configured all the MPLS VPN, there is nothing new there. We’re going to focus on the MPLS VPN Carrier supporting Carrier side.
So lets start, as a first step lets configure a VRF on the CsC routers and advertise it in BGP.
On R4
R4-CsC-PE#sh run | s ip vrf ip vrf CSC rd 100:1 route-target export 100:1 route-target import 100:1 ip vrf forwarding CSC R4-CsC-PE#sh run int g1/0 Building configuration... Current configuration : 134 bytes ! interface GigabitEthernet1/0 ip vrf forwarding CSC ip address 34.1.34.4 255.255.255.0 negotiation auto end R4-CsC-PE#sh run | s router bgp router bgp 100 no synchronization bgp log-neighbor-changes neighbor 45.99.5.5 remote-as 100 neighbor 45.99.5.5 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 45.99.5.5 activate neighbor 45.99.5.5 send-community extended exit-address-family
and on R5
R5-CsC-PE#sh run | s ip vrf ip vrf CSC rd 100:1 route-target export 100:1 route-target import 100:1 ip vrf forwarding CSC R5-CsC-PE#sh run int g2/0 Building configuration... Current configuration : 134 bytes ! interface GigabitEthernet2/0 ip vrf forwarding CSC ip address 56.1.56.5 255.255.255.0 negotiation auto end R5-CsC-PE#sh run | s router bgp router bgp 100 no synchronization bgp log-neighbor-changes neighbor 45.99.4.4 remote-as 100 neighbor 45.99.4.4 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 45.99.4.4 activate neighbor 45.99.4.4 send-community extended exit-address-family
Give it a quick check
R4-CsC-PE#sh ip bgp s BGP router identifier 45.99.4.4, local AS number 100 BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 45.99.5.5 4 100 89 89 1 0 0 01:19:21 0 R4-CsC-PE#sh ip bgp vpnv4 all s BGP router identifier 45.99.4.4, local AS number 100 BGP table version is 36, main routing table version 36 5 network entries using 705 bytes of memory 5 path entries using 340 bytes of memory 7/4 BGP path/bestpath attribute entries using 532 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory 1 BGP extended community entries using 24 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 1625 total bytes of memory BGP activity 12/7 prefixes, 17/12 paths, scan interval 15 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 45.99.5.5 4 100 94 98 36 0 0 01:18:51 0
R5-CsC-PE#sh ip bgp s BGP router identifier 45.99.5.5, local AS number 100 BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 45.99.4.4 4 100 90 90 1 0 0 01:20:15 0 R5-CsC-PE#sh ip bgp vpnv4 all s BGP router identifier 45.99.5.5, local AS number 100 BGP table version is 41, main routing table version 41 5 network entries using 705 bytes of memory 5 path entries using 340 bytes of memory 7/4 BGP path/bestpath attribute entries using 532 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory 1 BGP extended community entries using 24 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 1625 total bytes of memory BGP activity 7/2 prefixes, 17/12 paths, scan interval 15 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 45.99.4.4 4 100 99 95 41 0 0 01:19:44 0
All good. Our super ISP is ready to take the traffic.
Next step, lets configure our MPLS VPN Carrier supporting Carrier CE devices
First part lets configure the BGP peering with the MPLS VPN Carrier supporting Carrier PE router
R3-CsC-CE(config)#router bgp 200 no bgp default ipv4-unicast bgp log-neighbor-changes neighbor 34.1.34.4 remote-as 100 ! address-family ipv4 no synchronization neighbor 34.1.34.4 activate neighbor 34.1.34.4 send-label no auto-summary exit-address-family
You may notice I put a neighbor x.x.x.x send-label statement, this is there to tell BGP to exchange label mapping with his neighbors. You can use the command show ip bgp label to see this mapping, we’ll see that in action a bit later.
Before going further lets check our BGP sessions
R3-CsC-CE(config-router-af)#do sh ip bgp neighbor 34.1.34.4
BGP neighbor is 34.1.34.4, remote AS 100, external link
BGP version 4, remote router ID 45.99.4.4
BGP state = Established, up for 00:45:18
Last read 00:00:04, last write 00:00:46, hold time is 180, keepalive interval is 60 seconds
Neighbor sessions:
1 active, is multisession capable
Neighbor capabilities:
Route refresh: advertised and received(new)
Address family IPv4 Unicast: advertised and received
ipv4 MPLS Label capability: advertised and received
Multisession Capability: advertised and received
Message statistics, state Established:
InQ depth is 0
OutQ depth is 0
Sent Rcvd
Opens: 1 1
Notifications: 0 0
Updates: 2 5
Keepalives: 51 51
Route Refresh: 0 0
Total: 54 57
Default minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
Session: 34.1.34.4 session 1
BGP table version 10, neighbor version 10/0
Output queue size : 0
Index 1, Offset 0, Mask 0x2
1 update-group member
Outbound path policy configured
Route map for outgoing advertisements is SET-LABEL
Sending Prefix & Label
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 3 2 (Consumes 104 bytes)
Prefixes Total: 3 4
Implicit Withdraw: 0 0
Explicit Withdraw: 0 2
Used as bestpath: n/a 2
Used as multipath: n/a 0
Outbound Inbound
Local Policy Denied Prefixes: -------- -------
Bestpath from this peer: 4 n/a
Total: 4 0
Number of NLRIs in the update sent: max 2, min 1
Address tracking is enabled, the RIB does have a route to 34.1.34.4
Connections established 4; dropped 3
Last reset 00:45:23, due to User reset of session 1
Transport(tcp) path-mtu-discovery is enabled
Graceful-Restart is disabled
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Connection is ECN Disabled
Mininum incoming TTL 0, Outgoing TTL 1
Local host: 34.1.34.3, Local port: 29048
Foreign host: 34.1.34.4, Foreign port: 179
Connection tableid (VRF): 0
Enqueued packets for retransmit: 0, input: 0 mis-ordered: 0 (0 bytes)
Event Timers (current time is 0x7516F8):
Timer Starts Wakeups Next
Retrans 54 0 0x0
TimeWait 0 0 0x0
AckHold 53 51 0x0
SendWnd 0 0 0x0
KeepAlive 0 0 0x0
GiveUp 0 0 0x0
PmtuAger 6160 6159 0x7517E3
DeadWait 0 0 0x0
Linger 0 0 0x0
iss: 1053524898 snduna: 1053526055 sndnxt: 1053526055 sndwnd: 15228
irs: 1489319462 rcvnxt: 1489320759 rcvwnd: 15088 delrcvwnd: 1296
SRTT: 300 ms, RTTO: 303 ms, RTV: 3 ms, KRTT: 0 ms
minRTT: 20 ms, maxRTT: 300 ms, ACK hold: 200 ms
Status Flags: none
Option Flags: higher precendence, nagle, path mtu capable
Datagrams (max data segment is 1436 bytes):
Rcvd: 107 (out of order: 0), with data: 55, total data bytes: 1296
Sent: 106 (retransmit: 0 fastretransmit: 0),with data: 53, total data bytes: 1156
Good news, ipv4 MPLS Label capability: advertised and received this is telling us we are exchanging labels with our neighbor
We now have a peering but no routes, now we’ll configure redistribution between OSPF and BGP to advertise our loopbacks only.
route-map LOOPBACK->OSPF permit 10 match ip address prefix-list LOOPBACK-AS200-IN route-map LOOPBACK->BGP permit 10 match ip address prefix-list LOOPBACK-AS200-OUT
ip prefix-list LOOPBACK-AS200-IN seq 5 permit 67.99.6.6/32 ip prefix-list LOOPBACK-AS200-IN seq 10 permit 67.99.7.7/32 ip prefix-list LOOPBACK-AS200-OUT seq 5 permit 23.99.3.3/32 ip prefix-list LOOPBACK-AS200-OUT seq 10 permit 23.99.2.2/32
R3-CsC-CE(config)#router bgp 200 address-family ipv4 redistribute ospf 1 route-map LOOPBACK->BGP
R3-CsC-CE(config)#router ospf 1 router-id 23.99.3.3 log-adjacency-changes redistribute bgp 200 subnets route-map LOOPBACK->OSPF network 23.1.0.0 0.0.255.255 area 0 network 23.99.0.0 0.0.255.255 area 0
Lets have a look on the other side to see if our routes are learned in BGP
R6-CsC-CE(config-router-af)#do sh ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
23.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
B 23.99.2.2/32 [20/0] via 56.1.56.5, 00:39:51
B 23.99.3.3/32 [20/0] via 56.1.56.5, 00:39:51
Ok we’re ready to move to the label part.
[ad#Google Adsense]Lets check our label mapping
R3-CsC-CE(config-route-map)#do sh ip bgp lab Network Next Hop In label/Out label 23.99.2.2/32 23.1.23.2 16(from LDP)/nolabel 23.99.3.3/32 0.0.0.0 imp-null(from LDP)/nolabel 67.99.6.6/32 34.1.34.4 20/17 67.99.7.7/32 34.1.34.4 21/19
Looks good as well. Lets ping to see if we have connectivity
R2-PE#ping 67.99.7.7 so lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 67.99.7.7, timeout is 2 seconds: Packet sent with a source address of 23.99.2.2 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/52/108 ms
Perfect we’ll follow the LSP to see if everything is ok
R2-PE#sh ip cef 67.99.7.7 67.99.7.7/32 nexthop 23.1.23.3 GigabitEthernet2/0 label 19
R3-CsC-CE#sh mpls for lab 19 Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or VC or Tunnel Id Switched interface 19 20 67.99.7.7/32 590 Gi2/0 34.1.34.4
R4-CsC-PE#sh mpls for lab 20 Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or VC or Tunnel Id Switched interface 20 18 67.99.7.7/32[V] 590 Gi2/0 45.1.45.5
R5-CsC-PE#sh mpls for lab 18 Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or VC or Tunnel Id Switched interface 18 17 67.99.7.7/32[V] 590 Gi2/0 56.1.56.6
R6-CsC-CE#sh mpls for lab 17 Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or VC or Tunnel Id Switched interface 17 Pop Label 67.99.7.7/32 570 Gi2/0 67.1.67.7
All good, we can see that we’re using MPLS from end to end without any ldp between CsC-PE and CsC-CE.
All we need to do it to setup a BGP VPNv4 session between our 2 sides to exchange routes
R3-CsC-CE(config)#router bgp 200 neighbor 67.99.6.6 remote-as 200 neighbor 67.99.6.6 update-source Loopback0 ! address-family vpnv4 neighbor 67.99.6.6 activate neighbor 67.99.6.6 send-community extended neighbor 67.99.6.6 route-reflector-client exit-address-family
We now have the BGP VPNv4 routes
R7-PE#sh ip bgp vpnv4 all
BGP table version is 5, local router ID is 67.99.7.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 200:1 (default for vrf CustA)
*>i12.1.12.0/24 23.99.2.2 0 100 0 ?
*> 78.1.78.0/24 0.0.0.0 0 32768 ?
The redistribution to EIGRP is working fine
R8-CE#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
12.0.0.0/24 is subnetted, 1 subnets
D 12.1.12.0 [90/3072] via 78.1.78.7, 00:11:25, GigabitEthernet1/0
78.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 78.1.78.0/24 is directly connected, GigabitEthernet1/0
L 78.1.78.8/32 is directly connected, GigabitEthernet1/0
And we can ping through the MPLS VPN Carrier supporting Carrier network
R8-CE#ping 12.1.12.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.1.12.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/65/136 ms
Here we are MPLS VPN Carrier supporting Carrier without LDP. For further details, check out Cisco’s website (http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_carrier_bgp.html)
Les tweets qui mentionnent MPLS Carrier Supporting Carrier: The BGP way | Remi Philippe -- Topsy.com
April 24, 2010 (10:44)
[…] Ce billet était mentionné sur Twitter par Rémi Philippe. Rémi Philippe a dit: RT @remiphilippe MPLS Carrier Supporting Carrier: The BGP way http://bit.ly/9wsspg #in […]