the peering xchange : [a network engineer’s blog]: March 2017

As a network engineer I was always had a personal interest in service provider technologies. Working in an enterprise network for many years now, and being a customer of service provider offerings such as MPLS, I wanted to know how this all worked from their perspective. So building a MPLS lab was the way to go. Here’s my experience.

Since there were many great tutorials on explaining the technology behind MPLS and how to configure MPLS L3VPN’s, I didn’t want to re-invent the wheel. Therefore some previous knowledge and understanding of IGP/BGP routing, VRF’s, Route Distinguishers and Route Targets are required.

This post will primarily concentrate on the operational viewpoint of a MPLS based L3VPN, such as verifying the underlay routing, PE's MP-BGP routing and MPLS label exchange as implemented on Cisco IOS.

Lab Environment

VMWare ESXi 6.5 (standalone)
(11) CSR1000v: Version 03.16.05.S

Used default vCPU setting of 1
Used default RAM at 4Gb

Diagram & Topology

Infrastructure Information

Provider Core (P Routers) IP Address Space: 10.0.0.0/24
Provider Edge (PE Routers) IP Address Space: 10.1.1.0/24
Customer Edge (CE Routers) IP Address Space: 10.2.2.0/24
All link addressed in /30’s
All loopback addressed in /32’s
OSPF as Core IGP routing protocol, all in Area0
MP-BGP as Provider Edge routing protocol peering to Route Reflector
Route Reflector does not run MPLS/LDP
(2) Customers

CUSTOMER A

BGP as PE to CE Routing Protocol
Site A LAN IP Address: 172.16.1.0/24
Site B LAN IP Address: 172.16.2.0/24
VRF: CUSTOMER_A
Route Distinguisher: 2345:1

CUSTOMER B

EIGRP as PE to CE Routing Protocol
Site A LAN IP Address: 192.168.1.0/24
Site B LAN IP Address: 192.168.2.0/24
VRF: CUSTOMER_B
Route Distinguisher: 2345:2

Configurations

P_R01

version 15.5
service timestamps debug datetime localtime show-timezone year
service timestamps log datetime localtime show-timezone year
service password-encryption
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname P_R01
!
boot-start-marker
boot-end-marker
!
!
logging buffered 16000
no logging console
enable secret 5 <removed>
!
no aaa new-model
!
ip vrf MGMT
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
mpls label range 100 199
mpls label protocol ldp
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9QZHTYO474F
!
spanning-tree extend system-id
!
username admin secret 5 <removed>
!
redundancy
!
!
!
!
!
cdp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description RID
ip address 1.1.1.1 255.255.255.255
ip ospf 100 area 0
!
interface GigabitEthernet1
mtu 9216
no ip address
negotiation auto
!
interface GigabitEthernet1.10
description TO P_R02
encapsulation dot1Q 10
ip address 10.0.0.1 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
ip ospf cost 10
mpls ip
!
interface GigabitEthernet1.11
description TO P_R03
encapsulation dot1Q 11
ip address 10.0.0.5 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
mpls ip
!
interface GigabitEthernet1.12
description TO P_R04
encapsulation dot1Q 12
ip address 10.0.0.9 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
ip ospf cost 5
mpls ip
!
interface GigabitEthernet1.20
description TO PE_R05
encapsulation dot1Q 20
ip address 10.1.1.1 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
ip ospf cost 10
mpls ip
!
interface GigabitEthernet2
mtu 9216
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet3
mtu 9216
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4
description MANAGEMENT
ip vrf forwarding MGMT
ip address 10.1.1.221 255.255.255.0
negotiation auto
!
router ospf 100
router-id 1.1.1.1
passive-interface default
no passive-interface GigabitEthernet1.10
no passive-interface GigabitEthernet1.11
no passive-interface GigabitEthernet1.12
no passive-interface GigabitEthernet1.20
!
!
virtual-service csr_mgmt
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet4
ip route vrf MGMT 0.0.0.0 0.0.0.0 10.1.1.254 name MGMT_DEFAULT
!
!
mpls ldp router-id Loopback0
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
logging synchronous
stopbits 1
line vty 0
exec-timeout 60 0
logging synchronous
login local
line vty 1
exec-timeout 60 0
logging synchronous
login local
length 0
line vty 2 4
exec-timeout 60 0
logging synchronous
login local
!
ntp server pool.ntp.org
!
end

P_R02

version 15.5
service timestamps debug datetime localtime show-timezone year
service timestamps log datetime localtime show-timezone year
service password-encryption
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname P_R02
!
boot-start-marker
boot-end-marker
!
!
logging buffered 16000
no logging console
enable secret 5 <removed>
!
no aaa new-model
!
ip vrf MGMT
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
mpls label range 200 299
mpls label protocol ldp
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 924FCRJXFST
!
spanning-tree extend system-id
!
username admin secret 5 <removed>
!
redundancy
!
!
!
!
!
cdp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description RID
ip address 2.2.2.2 255.255.255.255
ip ospf 100 area 0
!
interface GigabitEthernet1
mtu 9216
no ip address
negotiation auto
!
interface GigabitEthernet1.10
description TO P_R01
encapsulation dot1Q 10
ip address 10.0.0.2 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
ip ospf cost 10
mpls ip
!
interface GigabitEthernet1.13
description TO P_R04
encapsulation dot1Q 13
ip address 10.0.0.13 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
mpls ip
!
interface GigabitEthernet1.14
description TO P_R03
encapsulation dot1Q 14
ip address 10.0.0.17 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
ip ospf cost 4
mpls ip
!
interface GigabitEthernet1.22
description TO PE_R06
encapsulation dot1Q 22
ip address 10.1.1.9 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
ip ospf cost 10
mpls ip
!
interface GigabitEthernet2
mtu 9216
no ip address
shutdown
negotiation auto
cdp enable
!
interface GigabitEthernet3
mtu 9216
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4
description MANAGEMENT
ip vrf forwarding MGMT
ip address 10.1.1.222 255.255.255.0
negotiation auto
!
router ospf 100
router-id 2.2.2.2
passive-interface default
no passive-interface GigabitEthernet1.10
no passive-interface GigabitEthernet1.13
no passive-interface GigabitEthernet1.14
no passive-interface GigabitEthernet1.22
!
!
virtual-service csr_mgmt
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet4
ip route vrf MGMT 0.0.0.0 0.0.0.0 10.1.1.254 name MGMT_DEFAULT
!
!
mpls ldp router-id Loopback0
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
logging synchronous
stopbits 1
line vty 0
exec-timeout 60 0
logging synchronous
login local
line vty 1
exec-timeout 60 0
logging synchronous
login local
length 0
line vty 2 4
exec-timeout 60 0
logging synchronous
login local
!
ntp server pool.ntp.org
!
end

P_R03

version 15.5
service timestamps debug datetime localtime show-timezone year
service timestamps log datetime localtime show-timezone year
service password-encryption
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname P_R03
!
boot-start-marker
boot-end-marker
!
!
logging buffered 16000
no logging console
enable secret 5 <removed>
!
no aaa new-model
!
ip vrf MGMT
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
mpls label range 300 399
mpls label protocol ldp
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 96FVXC7EF6B
!
spanning-tree extend system-id
!
username admin secret 5 <removed>
!
redundancy
!
!
!
!
!
cdp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description RID
ip address 3.3.3.3 255.255.255.255
ip ospf 100 area 0
!
interface GigabitEthernet1
mtu 9216
no ip address
negotiation auto
!
interface GigabitEthernet1.11
description TO P_R01
encapsulation dot1Q 11
ip address 10.0.0.6 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
mpls ip
!
interface GigabitEthernet1.14
description TO P_R02
encapsulation dot1Q 14
ip address 10.0.0.18 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
ip ospf cost 4
mpls ip
!
interface GigabitEthernet1.15
description TO P_R04
encapsulation dot1Q 15
ip address 10.0.0.21 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
mpls ip
!
interface GigabitEthernet1.16
description TO RR_R11
encapsulation dot1Q 16
ip address 10.0.0.101 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
!
interface GigabitEthernet1.21
description TO PE_R05
encapsulation dot1Q 21
ip address 10.1.1.5 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
mpls ip
!
interface GigabitEthernet2
mtu 9216
no ip address
shutdown
negotiation auto
cdp enable
!
interface GigabitEthernet3
mtu 9216
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4
description MANAGEMENT
ip vrf forwarding MGMT
ip address 10.1.1.223 255.255.255.0
negotiation auto
!
router ospf 100
router-id 3.3.3.3
passive-interface default
no passive-interface GigabitEthernet1.11
no passive-interface GigabitEthernet1.14
no passive-interface GigabitEthernet1.15
no passive-interface GigabitEthernet1.16
no passive-interface GigabitEthernet1.21
!
!
virtual-service csr_mgmt
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet4
ip route vrf MGMT 0.0.0.0 0.0.0.0 10.1.1.254 name MGMT_DEFAULT
!
!
mpls ldp router-id Loopback0
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
logging synchronous
stopbits 1
line vty 0
exec-timeout 60 0
logging synchronous
login local
line vty 1
exec-timeout 60 0
logging synchronous
login local
length 0
line vty 2 4
exec-timeout 60 0
logging synchronous
login local
!
ntp server pool.ntp.org
!
end

P_R04

version 15.5
service timestamps debug datetime localtime show-timezone year
service timestamps log datetime localtime show-timezone year
service password-encryption
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname P_R04
!
boot-start-marker
boot-end-marker
!
!
logging buffered 16000
no logging console
enable secret 5 <removed>
!
no aaa new-model
!
ip vrf MGMT
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
mpls label range 400 499
mpls label protocol ldp
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9SABOZQASS5
!
spanning-tree extend system-id
!
username admin secret 5 <removed>
!
redundancy
!
!
!
!
!
cdp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description RID
ip address 4.4.4.4 255.255.255.255
ip ospf 100 area 0
!
interface GigabitEthernet1
mtu 9216
no ip address
negotiation auto
!
interface GigabitEthernet1.12
description TO P_R01
encapsulation dot1Q 12
ip address 10.0.0.10 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
ip ospf cost 5
mpls ip
!
interface GigabitEthernet1.13
description TO P_R02
encapsulation dot1Q 13
ip address 10.0.0.14 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
mpls ip
!
interface GigabitEthernet1.15
description TO P_R03
encapsulation dot1Q 15
ip address 10.0.0.22 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
mpls ip
!
interface GigabitEthernet1.17
description TO RR_R11
encapsulation dot1Q 17
ip address 10.0.0.105 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
!
interface GigabitEthernet1.23
description TO PE_R06
encapsulation dot1Q 23
ip address 10.1.1.13 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
mpls ip
!
interface GigabitEthernet2
mtu 9216
no ip address
shutdown
negotiation auto
cdp enable
!
interface GigabitEthernet3
mtu 9216
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4
description MANAGEMENT
ip vrf forwarding MGMT
ip address 10.1.1.224 255.255.255.0
negotiation auto
!
router ospf 100
router-id 4.4.4.4
passive-interface default
no passive-interface GigabitEthernet1.12
no passive-interface GigabitEthernet1.13
no passive-interface GigabitEthernet1.15
no passive-interface GigabitEthernet1.17
no passive-interface GigabitEthernet1.23
!
!
virtual-service csr_mgmt
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet4
ip route vrf MGMT 0.0.0.0 0.0.0.0 10.1.1.254 name MGMT_DEFAULT
!
!
mpls ldp router-id Loopback0
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
logging synchronous
stopbits 1
line vty 0
exec-timeout 60 0
logging synchronous
login local
line vty 1
exec-timeout 60 0
logging synchronous
login local
length 0
line vty 2 4
exec-timeout 60 0
logging synchronous
login local
!
ntp server pool.ntp.org
!
end

RR_R11

version 15.5
service timestamps debug datetime localtime show-timezone year
service timestamps log datetime localtime show-timezone year
service password-encryption
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname RR_R11
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 <removed>
!
no aaa new-model
!
ip vrf MGMT
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9MAI8IJPDHE
!
spanning-tree extend system-id
!
username admin secret 5 <removed>
!
redundancy
!
!
!
!
!
cdp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description RID
ip address 11.11.11.11 255.255.255.255
ip ospf network point-to-point
ip ospf 100 area 0
!
interface GigabitEthernet1
mtu 9216
no ip address
negotiation auto
!
interface GigabitEthernet1.16
description TO P_R03
encapsulation dot1Q 16
ip address 10.0.0.102 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
!
interface GigabitEthernet1.17
description TO P_R04
encapsulation dot1Q 17
ip address 10.0.0.106 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
!
interface GigabitEthernet2
no ip address
shutdown
negotiation auto
cdp enable
!
interface GigabitEthernet3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4
description MANAGEMENT
ip vrf forwarding MGMT
ip address 10.1.1.231 255.255.255.0
negotiation auto
!
router ospf 100
router-id 11.11.11.11
passive-interface default
no passive-interface GigabitEthernet1.16
no passive-interface GigabitEthernet1.17
!
router bgp 2345
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor PE_R05 peer-group
neighbor PE_R05 remote-as 2345
neighbor PE_R05 description TO PE R05
neighbor PE_R05 update-source Loopback0
neighbor PE_R05 timers 7 21
neighbor PE_R06 peer-group
neighbor PE_R06 remote-as 2345
neighbor PE_R06 description TO PE R06
neighbor PE_R06 update-source Loopback0
neighbor PE_R06 timers 7 21
neighbor 5.5.5.5 peer-group PE_R05
neighbor 6.6.6.6 peer-group PE_R05
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor PE_R05 send-community both
neighbor PE_R05 route-reflector-client
neighbor PE_R06 send-community both
neighbor PE_R06 route-reflector-client
neighbor 5.5.5.5 activate
neighbor 6.6.6.6 activate
exit-address-family
!
!
virtual-service csr_mgmt
!
ip forward-protocol nd
!
ip bgp-community new-format
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet4
ip route vrf MGMT 0.0.0.0 0.0.0.0 10.1.1.254 name MGMT_DEFAULT
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
logging synchronous
stopbits 1
line vty 0
exec-timeout 60 0
logging synchronous
login local
line vty 1
exec-timeout 60 0
logging synchronous
login local
length 0
line vty 2 4
exec-timeout 60 0
logging synchronous
login local
!
ntp server pool.ntp.org
!
end

PE_R05

version 15.5
service timestamps debug datetime localtime show-timezone year
service timestamps log datetime localtime show-timezone year
service password-encryption
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname PE_R05
!
boot-start-marker
boot-end-marker
!
!
logging buffered 16000
no logging console
enable secret 5 <removed>
!
no aaa new-model
!
ip vrf CUSTOMER_A
rd 2345:1
route-target export 2345:1
route-target import 2345:1
!
ip vrf CUSTOMER_B
rd 2345:2
route-target export 2345:2
route-target import 2345:2
!
ip vrf MGMT
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
mpls label range 500 599
mpls label protocol ldp
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9FS47AJTJH5
!
spanning-tree extend system-id
!
username admin secret 5 <removed>
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description RID
ip address 5.5.5.5 255.255.255.255
ip ospf 100 area 0
!
!
interface GigabitEthernet1
mtu 9216
no ip address
negotiation auto
!
interface GigabitEthernet1.20
description TO P_R01
encapsulation dot1Q 20
ip address 10.1.1.2 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
ip ospf cost 10
mpls ip
!
interface GigabitEthernet1.21
description TO P_R03
encapsulation dot1Q 21
ip address 10.1.1.6 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
mpls ip
!
interface GigabitEthernet1.30
description TO CE_R20
encapsulation dot1Q 30
ip vrf forwarding CUSTOMER_A
ip address 10.2.2.1 255.255.255.252
!
interface GigabitEthernet1.31
description TO CE_R08
encapsulation dot1Q 31
ip vrf forwarding CUSTOMER_B
ip address 10.2.2.5 255.255.255.252
!
interface GigabitEthernet2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4
description MANAGEMENT
ip vrf forwarding MGMT
ip address 10.1.1.225 255.255.255.0
negotiation auto
!
!
router eigrp 65535
!
address-family ipv4 vrf CUSTOMER_B autonomous-system 65100
default-metric 100000 10 255 1 1500
redistribute bgp 2345
network 10.2.2.4 0.0.0.3
exit-address-family
!
router ospf 100
router-id 5.5.5.5
passive-interface default
no passive-interface GigabitEthernet1.20
no passive-interface GigabitEthernet1.21
!
router bgp 2345
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor RR peer-group
neighbor RR remote-as 2345
neighbor RR description ROUTE REFLECTOR - R11
neighbor RR update-source Loopback0
neighbor RR timers 7 21
neighbor 11.11.11.11 peer-group RR
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor RR send-community both
neighbor 11.11.11.11 activate
exit-address-family
!
address-family ipv4 vrf CUSTOMER_A
neighbor CUSTOMER_A peer-group
neighbor CUSTOMER_A remote-as 65000
neighbor CUSTOMER_A description CUSTOMER A
neighbor CUSTOMER_A timers 7 21
neighbor CUSTOMER_A send-community both
neighbor CUSTOMER_A soft-reconfiguration inbound
neighbor 10.2.2.2 peer-group CUSTOMER_A
neighbor 10.2.2.2 activate
exit-address-family
!
address-family ipv4 vrf CUSTOMER_B
redistribute eigrp 65100
exit-address-family
!
!
virtual-service csr_mgmt
!
ip forward-protocol nd
!
ip bgp-community new-format
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet4
ip route vrf MGMT 0.0.0.0 0.0.0.0 10.1.1.254 name MGMT_DEFAULT
!
!
!
mpls ldp router-id Loopback0
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
logging synchronous
stopbits 1
line vty 0
exec-timeout 60 0
logging synchronous
login local
line vty 1
exec-timeout 60 0
logging synchronous
login local
length 0
line vty 2 4
exec-timeout 60 0
logging synchronous
login local
!
ntp server pool.ntp.org
!
end

PE_R06

version 15.5
service timestamps debug datetime localtime show-timezone year
service timestamps log datetime localtime show-timezone year
service password-encryption
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname PE_R06
!
boot-start-marker
boot-end-marker
!
!
logging buffered 16000
no logging console
enable secret 5 <removed>
!
no aaa new-model
!
ip vrf CUSTOMER_A
rd 2345:1
route-target export 2345:1
route-target import 2345:1
!
ip vrf CUSTOMER_B
rd 2345:2
route-target export 2345:2
route-target import 2345:2
!
ip vrf MGMT
!
!
!
!
!
!
!
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
mpls label range 600 699
mpls label protocol ldp
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9MNAZJ2VHAE
!
spanning-tree extend system-id
!
username admin secret 5 <removed>
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description RID
ip address 6.6.6.6 255.255.255.255
ip ospf 100 area 0
!
interface GigabitEthernet1
mtu 9216
no ip address
negotiation auto
!
interface GigabitEthernet1.22
description TO P_R02
encapsulation dot1Q 22
ip address 10.1.1.10 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
ip ospf cost 10
mpls ip
!
interface GigabitEthernet1.23
description TO P_R04
encapsulation dot1Q 23
ip address 10.1.1.14 255.255.255.252
ip ospf network point-to-point
ip ospf 100 area 0
mpls ip
!
interface GigabitEthernet1.32
description TO CE_R21
encapsulation dot1Q 32
ip vrf forwarding CUSTOMER_A
ip address 10.2.2.9 255.255.255.252
!
interface GigabitEthernet1.33
description TO CE_R10
encapsulation dot1Q 33
ip vrf forwarding CUSTOMER_B
ip address 10.2.2.13 255.255.255.252
!
interface GigabitEthernet2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4
description MANAGEMENT
ip vrf forwarding MGMT
ip address 10.1.1.226 255.255.255.0
negotiation auto
!
!
router eigrp 65535
!
address-family ipv4 vrf CUSTOMER_B autonomous-system 65100
default-metric 100000 10 255 1 1500
redistribute bgp 2345
network 10.2.2.12 0.0.0.3
exit-address-family
!
router ospf 100
router-id 6.6.6.6
passive-interface default
no passive-interface GigabitEthernet1.22
no passive-interface GigabitEthernet1.23
!
router bgp 2345
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor RR peer-group
neighbor RR remote-as 2345
neighbor RR description ROUTE REFLECTOR - R11
neighbor RR update-source Loopback0
neighbor RR timers 7 21
neighbor 11.11.11.11 peer-group RR
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor RR send-community both
neighbor 11.11.11.11 activate
exit-address-family
!
address-family ipv4 vrf CUSTOMER_A
neighbor CUSTOMER_A peer-group
neighbor CUSTOMER_A remote-as 65001
neighbor CUSTOMER_A description CUSTOMER A
neighbor CUSTOMER_A timers 7 21
neighbor CUSTOMER_A send-community both
neighbor CUSTOMER_A soft-reconfiguration inbound
neighbor 10.2.2.10 peer-group CUSTOMER_A
neighbor 10.2.2.10 activate
exit-address-family
!
address-family ipv4 vrf CUSTOMER_B
redistribute eigrp 65100
exit-address-family
!
!
virtual-service csr_mgmt
!
ip forward-protocol nd
!
ip bgp-community new-format
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet4
ip route vrf MGMT 0.0.0.0 0.0.0.0 10.1.1.254 name MGMT_DEFAULT
!
!
mpls ldp router-id Loopback0
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
logging synchronous
stopbits 1
line vty 0
exec-timeout 60 0
logging synchronous
login local
line vty 1
exec-timeout 60 0
logging synchronous
login local
length 0
line vty 2 4
exec-timeout 60 0
logging synchronous
login local
!
ntp server pool.ntp.org
!
end

CE_R20

CE_R21

CE_R08

CE_R10

Testing Results

Test results are simple pings & traceroutes between sites within each customer network to verify full reachability.

Customer A: SiteA to SiteB

CE_R20#ping 172.16.2.254 source lo100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.2.254, timeout is 2 seconds:

Packet sent with a source address of 172.16.1.254

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 7/8/9 ms

CE_R20#traceroute 172.16.2.254 source lo100

Type escape sequence to abort.

Tracing the route to 172.16.2.254

VRF info: (vrf in name/id, vrf out name/id)

1 10.2.2.1 4 msec 5 msec 5 msec

2 10.1.1.5 [MPLS: Labels 320/630 Exp 0] 8 msec 8 msec 8 msec

3 10.0.0.22 [MPLS: Labels 420/630 Exp 0] 26 msec 36 msec 32 msec

4 10.2.2.9 [MPLS: Label 630 Exp 0] 20 msec 20 msec 20 msec

5 10.2.2.10 20 msec * 7 msec

CE_R20#sh ip route bgp

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

a - application route

+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

B 172.16.2.0/24 [20/0] via 10.2.2.1, 00:00:44

CE_R20#sh ip bgp 172.16.2.0

BGP routing table entry for 172.16.2.0/24, version 12

Paths: (1 available, best #1, table default)

Not advertised to any peer

Refresh Epoch 1

2345 65001

10.2.2.1 from 10.2.2.1 (5.5.5.5)

Origin IGP, localpref 100, valid, external, best

Community: 65001:21

Extended Community: RT:2345:1

rx pathid: 0, tx pathid: 0x0

Customer A: SiteB to SiteA

CE_R21#ping 172.16.1.254 source lo100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.1.254, timeout is 2 seconds:

Packet sent with a source address of 172.16.2.254

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/9 ms

CE_R21#traceroute 172.16.1.254 source lo100

Type escape sequence to abort.

Tracing the route to 172.16.1.254

VRF info: (vrf in name/id, vrf out name/id)

1 10.2.2.9 3 msec 3 msec 4 msec

2 10.1.1.13 [MPLS: Labels 419/530 Exp 0] 7 msec 7 msec 9 msec

3 10.0.0.21 [MPLS: Labels 319/530 Exp 0] 31 msec 31 msec 30 msec

4 10.2.2.1 [MPLS: Label 530 Exp 0] 22 msec 19 msec 19 msec

5 10.2.2.2 22 msec * 8 msec

CE_R21#sh ip route bgp

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

a - application route

+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

B 172.16.1.0/24 [20/0] via 10.2.2.9, 00:36:16

CE_R21#sh ip bgp 172.16.1.0

BGP routing table entry for 172.16.1.0/24, version 12

Paths: (1 available, best #1, table default)

Not advertised to any peer

Refresh Epoch 1

2345 65000

10.2.2.9 from 10.2.2.9 (6.6.6.6)

Origin IGP, localpref 100, valid, external, best

Community: 65000:20

Extended Community: RT:2345:1

rx pathid: 0, tx pathid: 0x0

Customer B: SiteA to SiteB

CE_R08#ping 192.168.2.254 source lo100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.2.254, timeout is 2 seconds:

Packet sent with a source address of 192.168.1.254

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 8/9/11 ms

CE_R08#traceroute 192.168.2.254 source lo100

Type escape sequence to abort.

Tracing the route to 192.168.2.254

VRF info: (vrf in name/id, vrf out name/id)

1 10.2.2.5 3 msec 4 msec 3 msec

2 10.1.1.5 [MPLS: Labels 320/628 Exp 0] 8 msec 6 msec 15 msec

3 10.0.0.22 [MPLS: Labels 420/628 Exp 0] 31 msec 30 msec 43 msec

4 10.2.2.13 [MPLS: Label 628 Exp 0] 20 msec 20 msec 20 msec

5 10.2.2.14 20 msec * 7 msec

CE_R08#sh ip route eigrp

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

a - application route

+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

D 10.2.2.12/30 [90/3072] via 10.2.2.5, 18:40:26, GigabitEthernet1.31

D 192.168.2.0/24 [90/131072] via 10.2.2.5, 02:20:39, GigabitEthernet1.31

CE_R08#sh ip eig topology 192.168.2.0/24

EIGRP-IPv4 Topology Entry for AS(65100)/ID(8.8.8.8) for 192.168.2.0/24

State is Passive, Query origin flag is 1, 1 Successor(s), FD is 131072

Descriptor Blocks:

10.2.2.5 (GigabitEthernet1.31), from 10.2.2.5, Send flag is 0x0

Composite metric is (131072/130816), route is Internal

Vector metric:

Minimum bandwidth is 1000000 Kbit

Total delay is 5020 microseconds

Reliability is 255/255

Load is 1/255

Minimum MTU is 1500

Hop count is 2

Originating router is 10.10.10.10

Customer B: SiteB to SiteA

CE_R10#ping 192.168.1.254 source lo100

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.254, timeout is 2 seconds:

Packet sent with a source address of 192.168.2.254

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 9/9/11 ms

CE_R10#traceroute 192.168.1.254 source lo100

Type escape sequence to abort.

Tracing the route to 192.168.1.254

VRF info: (vrf in name/id, vrf out name/id)

1 10.2.2.13 4 msec 3 msec 4 msec

2 10.1.1.13 [MPLS: Labels 419/528 Exp 0] 7 msec 7 msec 9 msec

3 10.0.0.21 [MPLS: Labels 319/528 Exp 0] 26 msec 30 msec 38 msec

4 10.2.2.5 [MPLS: Label 528 Exp 0] 21 msec 19 msec 21 msec

5 10.2.2.6 19 msec * 7 msec

CE_R10#sh ip route eigrp

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

a - application route

+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

D 10.2.2.4/30 [90/3072] via 10.2.2.13, 18:44:24, GigabitEthernet1.33

D 192.168.1.0/24 [90/131072] via 10.2.2.13, 02:25:36, GigabitEthernet1.33

CE_R10#sh ip eigrp topology 192.168.1.0/24

EIGRP-IPv4 Topology Entry for AS(65100)/ID(10.10.10.10) for 192.168.1.0/24

State is Passive, Query origin flag is 1, 1 Successor(s), FD is 131072

Descriptor Blocks:

10.2.2.13 (GigabitEthernet1.33), from 10.2.2.13, Send flag is 0x0

Composite metric is (131072/130816), route is Internal

Vector metric:

Minimum bandwidth is 1000000 Kbit

Total delay is 5020 microseconds

Reliability is 255/255

Load is 1/255

Minimum MTU is 1500

Hop count is 2

Originating router is 8.8.8.8

Verification Tasks

From a high level, this diagram highlights the different components in a MPLS L3VPN network. As we verify the lab, we will take a look at each one.

The list below outlines the verification tasks.

Backbone infrastructure verification

IGP/OSPF peering and routes learned

MPLS LDP verification

LDP enabled on interfaces
LDP discovery between interfaces
LDP neighbors
MPLS forwarding tables

L3VPN verification

VRF's, Route Distinguishers and Route Rargets
MP-BGP backbone peering (PE to RR)
PE to CE peering (BGP & EIGRP)
MP-BGP VPNv4 NLRI

Packet Walk

Backbone Infrastructure Verification

Using OSPF as the underlay IGP, we verify all Provider routers (P routers) and Provider Edge routers (PE routers) are peering correctly. Routing the loopback address is standard best practice and is an important infrastructure redundancy concept for the peering of OSPF, LDP and MP-BGP.

Core Routers IGP peering

P_R01#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

5.5.5.5 0 FULL/ - 00:00:37 10.1.1.2 GigabitEthernet1.20

4.4.4.4 0 FULL/ - 00:00:33 10.0.0.10 GigabitEthernet1.12

3.3.3.3 0 FULL/ - 00:00:33 10.0.0.6 GigabitEthernet1.11

2.2.2.2 0 FULL/ - 00:00:32 10.0.0.2 GigabitEthernet1.10

P_R02#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

6.6.6.6 0 FULL/ - 00:00:36 10.1.1.10 GigabitEthernet1.22

3.3.3.3 0 FULL/ - 00:00:34 10.0.0.18 GigabitEthernet1.14

4.4.4.4 0 FULL/ - 00:00:33 10.0.0.14 GigabitEthernet1.13

1.1.1.1 0 FULL/ - 00:00:37 10.0.0.1 GigabitEthernet1.10

P_R03#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

5.5.5.5 0 FULL/ - 00:00:31 10.1.1.6 GigabitEthernet1.21

11.11.11.11 0 FULL/ - 00:00:39 10.0.0.102 GigabitEthernet1.16

4.4.4.4 0 FULL/ - 00:00:39 10.0.0.22 GigabitEthernet1.15

2.2.2.2 0 FULL/ - 00:00:36 10.0.0.17 GigabitEthernet1.14

1.1.1.1 0 FULL/ - 00:00:38 10.0.0.5 GigabitEthernet1.11

P_R04#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

6.6.6.6 0 FULL/ - 00:00:34 10.1.1.14 GigabitEthernet1.23

11.11.11.11 0 FULL/ - 00:00:34 10.0.0.106 GigabitEthernet1.17

3.3.3.3 0 FULL/ - 00:00:35 10.0.0.21 GigabitEthernet1.15

2.2.2.2 0 FULL/ - 00:00:32 10.0.0.13 GigabitEthernet1.13

1.1.1.1 0 FULL/ - 00:00:34 10.0.0.9 GigabitEthernet1.12

PE Routers IGP peering

PE_R05#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

3.3.3.3 0 FULL/ - 00:00:39 10.1.1.5 GigabitEthernet1.21

1.1.1.1 0 FULL/ - 00:00:37 10.1.1.1 GigabitEthernet1.20

PE_R06#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

4.4.4.4 0 FULL/ - 00:00:30 10.1.1.13 GigabitEthernet1.23

2.2.2.2 0 FULL/ - 00:00:31 10.1.1.9 GigabitEthernet1.22

Route Reflector IGP peering

RR_R11#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

4.4.4.4 0 FULL/ - 00:00:35 10.0.0.105 GigabitEthernet1.17

3.3.3.3 0 FULL/ - 00:00:38 10.0.0.101 GigabitEthernet1.16

IGP Route Table

P1's IGP route table (OSPF). As mentioned before, the routes that really matter are the loopback addresses from Provider core (P), Provider Edge (PE) and Route Reflector (RR).

P_R01#sh ip route ospf

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

a - application route

+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

2.0.0.0/32 is subnetted, 1 subnets

O 2.2.2.2 [110/4] via 10.0.0.6, 1w6d, GigabitEthernet1.11

3.0.0.0/32 is subnetted, 1 subnets

O 3.3.3.3 [110/2] via 10.0.0.6, 1w6d, GigabitEthernet1.11

4.0.0.0/32 is subnetted, 1 subnets

O 4.4.4.4 [110/3] via 10.0.0.6, 1w6d, GigabitEthernet1.11

5.0.0.0/32 is subnetted, 1 subnets

O 5.5.5.5 [110/3] via 10.0.0.6, 5d19h, GigabitEthernet1.11

6.0.0.0/32 is subnetted, 1 subnets

O 6.6.6.6 [110/4] via 10.0.0.6, 5d19h, GigabitEthernet1.11

10.0.0.0/8 is variably subnetted, 16 subnets, 2 masks

O 10.0.0.12/30 [110/3] via 10.0.0.6, 1w6d, GigabitEthernet1.11

O 10.0.0.16/30 [110/5] via 10.0.0.6, 1w6d, GigabitEthernet1.11

O 10.0.0.20/30 [110/2] via 10.0.0.6, 1w6d, GigabitEthernet1.11

O 10.0.0.100/30 [110/2] via 10.0.0.6, 1w6d, GigabitEthernet1.11

O 10.0.0.104/30 [110/3] via 10.0.0.6, 1w6d, GigabitEthernet1.11

O 10.1.1.4/30 [110/2] via 10.0.0.6, 1w6d, GigabitEthernet1.11

O 10.1.1.8/30 [110/13] via 10.0.0.6, 1w6d, GigabitEthernet1.11

O 10.1.1.12/30 [110/3] via 10.0.0.6, 1w6d, GigabitEthernet1.11

11.0.0.0/32 is subnetted, 1 subnets

O 11.11.11.11 [110/3] via 10.0.0.6, 1w6d, GigabitEthernet1.11

MPLS LDP Verification

LDP is the necessary protocol for label exchange and is required for all routers participating in the MPLS network (i.e., P and PE routers). P routers are also known as the Label Switch Routers (LSR) whereas the PE routers are known as the Label Edge Router (LER). The path between LERs via the LSRs is refereed to as the Label Switch Path (LSP).

The outputs below verifies LDP peering and operational status on the LERs and LSRs. Please note that the Route Reflector does not have MPLS/LDP enabled on its interfaces. The RR is for MP-BGP peering and route exchange only, not MPLS tag switching.

MPLS Interfaces (Provider Routers)

P_R01#sh mpls interfaces

Interface IP Tunnel BGP Static Operational

GigabitEthernet1.10 Yes (ldp) Yes No No Yes

GigabitEthernet1.11 Yes (ldp) Yes No No Yes

GigabitEthernet1.12 Yes (ldp) Yes No No Yes

GigabitEthernet1.20 Yes (ldp) Yes No No Yes

P_R02#sh mpls interfaces

Interface IP Tunnel BGP Static Operational

GigabitEthernet1.10 Yes (ldp) Yes No No Yes

GigabitEthernet1.13 Yes (ldp) Yes No No Yes

GigabitEthernet1.14 Yes (ldp) Yes No No Yes

GigabitEthernet1.22 Yes (ldp) Yes No No Yes

P_R03#sh mpls interfaces

Interface IP Tunnel BGP Static Operational

GigabitEthernet1.11 Yes (ldp) Yes No No Yes

GigabitEthernet1.14 Yes (ldp) Yes No No Yes

GigabitEthernet1.15 Yes (ldp) Yes No No Yes

GigabitEthernet1.21 Yes (ldp) Yes No No Yes

P_R04#sh mpls interfaces

Interface IP Tunnel BGP Static Operational

GigabitEthernet1.12 Yes (ldp) Yes No No Yes

GigabitEthernet1.13 Yes (ldp) Yes No No Yes

GigabitEthernet1.15 Yes (ldp) Yes No No Yes

GigabitEthernet1.23 Yes (ldp) Yes No No Yes

MPLS Interfaces (Provider Routers)

P_R01#sh mpls interfaces

Interface IP Tunnel BGP Static Operational

GigabitEthernet1.10 Yes (ldp) Yes No No Yes

GigabitEthernet1.11 Yes (ldp) Yes No No Yes

GigabitEthernet1.12 Yes (ldp) Yes No No Yes

GigabitEthernet1.20 Yes (ldp) Yes No No Yes

P_R02#sh mpls interfaces

Interface IP Tunnel BGP Static Operational

GigabitEthernet1.10 Yes (ldp) Yes No No Yes

GigabitEthernet1.13 Yes (ldp) Yes No No Yes

GigabitEthernet1.14 Yes (ldp) Yes No No Yes

GigabitEthernet1.22 Yes (ldp) Yes No No Yes

P_R03#sh mpls interfaces

Interface IP Tunnel BGP Static Operational

GigabitEthernet1.11 Yes (ldp) Yes No No Yes

GigabitEthernet1.14 Yes (ldp) Yes No No Yes

GigabitEthernet1.15 Yes (ldp) Yes No No Yes

GigabitEthernet1.21 Yes (ldp) Yes No No Yes

P_R04#sh mpls interfaces

Interface IP Tunnel BGP Static Operational

GigabitEthernet1.12 Yes (ldp) Yes No No Yes

GigabitEthernet1.13 Yes (ldp) Yes No No Yes

GigabitEthernet1.15 Yes (ldp) Yes No No Yes

GigabitEthernet1.23 Yes (ldp) Yes No No Yes

MPLS Interfaces (Provider Edge Routers)

PE_R05#sh mpls interfaces

Interface IP Tunnel BGP Static Operational

GigabitEthernet1.20 Yes (ldp) Yes No No Yes

GigabitEthernet1.21 Yes (ldp) Yes No No Yes

PE_R06#sh mpls interfaces

Interface IP Tunnel BGP Static Operational

GigabitEthernet1.22 Yes (ldp) Yes No No Yes

GigabitEthernet1.23 Yes (ldp) Yes No No Yes

MPLS LDP Discovery

The MPLS discovery command verifies that the interface is up and is sending LDP Discovery Hello messages. LDP has been enabled on the physical interfaces but will use its loopback addresses as discovery source.

P_R01#sh mpls ldp discovery

Local LDP Identifier:

1.1.1.1:0

Discovery Sources:

Interfaces:

GigabitEthernet1.10 (ldp): xmit/recv

LDP Id: 2.2.2.2:0

GigabitEthernet1.11 (ldp): xmit/recv

LDP Id: 3.3.3.3:0

GigabitEthernet1.12 (ldp): xmit/recv

LDP Id: 4.4.4.4:0

GigabitEthernet1.20 (ldp): xmit/recv

LDP Id: 5.5.5.5:0

P_R02#sh mpls ldp discovery

Local LDP Identifier:

2.2.2.2:0

Discovery Sources:

Interfaces:

GigabitEthernet1.10 (ldp): xmit/recv

LDP Id: 1.1.1.1:0

GigabitEthernet1.13 (ldp): xmit/recv

LDP Id: 4.4.4.4:0

GigabitEthernet1.14 (ldp): xmit/recv

LDP Id: 3.3.3.3:0

GigabitEthernet1.22 (ldp): xmit/recv

LDP Id: 6.6.6.6:0

P_R03#sh mpls ldp discovery

Local LDP Identifier:

3.3.3.3:0

Discovery Sources:

Interfaces:

GigabitEthernet1.11 (ldp): xmit/recv

LDP Id: 1.1.1.1:0

GigabitEthernet1.14 (ldp): xmit/recv

LDP Id: 2.2.2.2:0

GigabitEthernet1.15 (ldp): xmit/recv

LDP Id: 4.4.4.4:0

GigabitEthernet1.21 (ldp): xmit/recv

LDP Id: 5.5.5.5:0

P_R04#sh mpls ldp discovery

Local LDP Identifier:

4.4.4.4:0

Discovery Sources:

Interfaces:

GigabitEthernet1.12 (ldp): xmit/recv

LDP Id: 1.1.1.1:0

GigabitEthernet1.13 (ldp): xmit/recv

LDP Id: 2.2.2.2:0

GigabitEthernet1.15 (ldp): xmit/recv

LDP Id: 3.3.3.3:0

GigabitEthernet1.23 (ldp): xmit/recv

LDP Id: 6.6.6.6:0

PE_R05#sh mpls ldp discovery

Local LDP Identifier:

5.5.5.5:0

Discovery Sources:

Interfaces:

GigabitEthernet1.20 (ldp): xmit/recv

LDP Id: 1.1.1.1:0

GigabitEthernet1.21 (ldp): xmit/recv

LDP Id: 3.3.3.3:0

PE_R06#sh mpls ldp discovery

Local LDP Identifier:

6.6.6.6:0

Discovery Sources:

Interfaces:

GigabitEthernet1.22 (ldp): xmit/recv

LDP Id: 2.2.2.2:0

GigabitEthernet1.23 (ldp): xmit/recv

LDP Id: 4.4.4.4:0

MPLS LDP Neighbors

The MPLS LDP Neighbor command verifies the LDP session has been established. As seen here, the LDP neighbor adjacency has been established using their loopback addresses (see TCP connection). For brevity, we will look at only one Provider router and one Provider Edge router.

P1's LDP neighbors to P2, P3, P4 and PE5

P_R01#sh mpls ldp neighbor

Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 1.1.1.1:0

TCP connection: 2.2.2.2.14950 - 1.1.1.1.646

State: Oper; Msgs sent/rcvd: 13738/13727; Downstream

Up time: 1w1d

LDP discovery sources:

GigabitEthernet1.10, Src IP addr: 10.0.0.2

Addresses bound to peer LDP Ident:

2.2.2.2 10.0.0.2 10.0.0.13 10.0.0.17

10.1.1.9

Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 1.1.1.1:0

TCP connection: 3.3.3.3.27304 - 1.1.1.1.646

State: Oper; Msgs sent/rcvd: 13741/13738; Downstream

Up time: 1w1d

LDP discovery sources:

GigabitEthernet1.11, Src IP addr: 10.0.0.6

Addresses bound to peer LDP Ident:

3.3.3.3 10.0.0.6 10.0.0.18 10.0.0.21

10.0.0.101 10.1.1.5

Peer LDP Ident: 4.4.4.4:0; Local LDP Ident 1.1.1.1:0

TCP connection: 4.4.4.4.32558 - 1.1.1.1.646

State: Oper; Msgs sent/rcvd: 13740/13737; Downstream

Up time: 1w1d

LDP discovery sources:

GigabitEthernet1.12, Src IP addr: 10.0.0.10

Addresses bound to peer LDP Ident:

4.4.4.4 10.0.0.10 10.0.0.14 10.0.0.22

10.0.0.105 10.1.1.13

Peer LDP Ident: 5.5.5.5:0; Local LDP Ident 1.1.1.1:0

TCP connection: 5.5.5.5.39868 - 1.1.1.1.646

State: Oper; Msgs sent/rcvd: 1757/1752; Downstream

Up time: 1d00h

LDP discovery sources:

GigabitEthernet1.20, Src IP addr: 10.1.1.2

Addresses bound to peer LDP Ident:

5.5.5.5 10.1.1.2 10.1.1.6

PE5’s LDP neighbors to P1 and P3

PE_R05#sh mpls ldp neighbor

Peer LDP Ident: 1.1.1.1:0; Local LDP Ident 5.5.5.5:0

TCP connection: 1.1.1.1.646 - 5.5.5.5.39868

State: Oper; Msgs sent/rcvd: 3341/3344; Downstream

Up time: 1d23h

LDP discovery sources:

GigabitEthernet1.20, Src IP addr: 10.1.1.1

Addresses bound to peer LDP Ident:

1.1.1.1 10.0.0.1 10.0.0.5 10.0.0.9

10.1.1.1

Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 5.5.5.5:0

TCP connection: 3.3.3.3.646 - 5.5.5.5.24464

State: Oper; Msgs sent/rcvd: 3344/3346; Downstream

Up time: 1d23h

LDP discovery sources:

GigabitEthernet1.21, Src IP addr: 10.1.1.5

Addresses bound to peer LDP Ident:

3.3.3.3 10.0.0.6 10.0.0.18 10.0.0.21

10.0.0.101 10.1.1.5

MPLS Forwarding Tables

The MPLS forwarding table, otherwise known as the label forwarding information base (LFIB), is the router's repository for the labels exchanged with its LDP peers. It contains the label operation to perform on the incoming or outgoing packet (Push, Swap or POP).

The following diagram shows an example of where each operation occurs as a packet travels between CEs (left to right) through the provider network.

The outputs below looks at the MPLS forwarding table for P1 and PE5. It shows its label operation, egress interface and next-hop IP. The packet walk section will look at the forwarding table in more detail.

P_R01#sh mpls forwarding-table

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface

100 301 2.2.2.2/32 0 Gi1.11 10.0.0.6

101 Pop Label 3.3.3.3/32 0 Gi1.11 10.0.0.6

102 302 4.4.4.4/32 0 Gi1.11 10.0.0.6

103 305 10.0.0.12/30 0 Gi1.11 10.0.0.6

104 Pop Label 10.0.0.16/30 0 Gi1.11 10.0.0.6

105 Pop Label 10.0.0.20/30 0 Gi1.11 10.0.0.6

106 Pop Label 10.0.0.100/30 0 Gi1.11 10.0.0.6

107 306 10.0.0.104/30 0 Gi1.11 10.0.0.6

108 Pop Label 10.1.1.4/30 0 Gi1.11 10.0.0.6

109 308 10.1.1.8/30 0 Gi1.11 10.0.0.6

110 309 10.1.1.12/30 0 Gi1.11 10.0.0.6

118 318 11.11.11.11/32 0 Gi1.11 10.0.0.6

119 319 5.5.5.5/32 0 Gi1.11 10.0.0.6

120 320 6.6.6.6/32 0 Gi1.11 10.0.0.6

PE_R05#sh mpls forwarding-table

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface

500 300 1.1.1.1/32 0 Gi1.21 10.1.1.5

501 301 2.2.2.2/32 0 Gi1.21 10.1.1.5

502 Pop Label 3.3.3.3/32 0 Gi1.21 10.1.1.5

503 302 4.4.4.4/32 0 Gi1.21 10.1.1.5

504 320 6.6.6.6/32 0 Gi1.21 10.1.1.5

505 303 10.0.0.0/30 0 Gi1.21 10.1.1.5

506 Pop Label 10.0.0.4/30 0 Gi1.21 10.1.1.5

507 304 10.0.0.8/30 0 Gi1.21 10.1.1.5

508 305 10.0.0.12/30 0 Gi1.21 10.1.1.5

509 Pop Label 10.0.0.16/30 0 Gi1.21 10.1.1.5

510 Pop Label 10.0.0.20/30 0 Gi1.21 10.1.1.5

511 Pop Label 10.0.0.100/30 0 Gi1.21 10.1.1.5

512 306 10.0.0.104/30 0 Gi1.21 10.1.1.5

513 308 10.1.1.8/30 0 Gi1.21 10.1.1.5

514 309 10.1.1.12/30 0 Gi1.21 10.1.1.5

521 318 11.11.11.11/32 0 Gi1.21 10.1.1.5

525 No Label 192.168.1.0/24[V] \

0 Gi1.31 10.2.2.6

526 No Label 10.2.2.4/30[V] 0 aggregate/CUSTOMER_B

530 No Label 172.16.1.0/24[V] 4894 Gi1.30 10.2.2.2

L3VPN Verification

Below are the various elements required in configuring a L3VPN network.

VRF’s, Route Distinguishers (RD) and Route Targets (RT)

Here are some good informational slides on VRF’s, RD and RT.

VRF's are the virtualized routing containers which houses a Customer's L3 information. This allows multiple customers to be isolated at the Provider Edge network.

A Route Distinguisher simply provides a mechanism to make all Customers route unique in the Provider network. This prevents any issues of having overlapping IPv4 addresses.

A Route Target is additional information attached to a customer route to identify what VPN (or VRF) its a part of. VRFs read the RTs to determine if it should import or export the route.

Showing the VRF details will display the RD’s per VRF (i.e., customers) and their import/export Route Target (RT) values. RT are used so each PE know which VPN routes can be transferred in or out of their respective VRF’s.

PE_R05#sh ip vrf detail

VRF CUSTOMER_A (VRF Id = 1); default RD 2345:1; default VPNID <not set>

Old CLI format, supports IPv4 only

Flags: 0xC

Interfaces:

Gi1.30

Address family ipv4 unicast (Table ID = 0x1):

Flags: 0x0

Export VPN route-target communities

RT:2345:1

Import VPN route-target communities

RT:2345:1

No import route-map

No global export route-map

No export route-map

VRF label distribution protocol: not configured

VRF label allocation mode: per-prefix

VRF CUSTOMER_B (VRF Id = 2); default RD 2345:2; default VPNID <not set>

Old CLI format, supports IPv4 only

Flags: 0xC

Interfaces:

Gi1.31

Address family ipv4 unicast (Table ID = 0x2):

Flags: 0x0

Export VPN route-target communities

RT:2345:2

Import VPN route-target communities

RT:2345:2

No import route-map

No global export route-map

No export route-map

VRF label distribution protocol: not configured

VRF label allocation mode: per-prefix

MP-BGP Backbone Peering between PE and RR

MP-BGP is the engine that propagates and exchanges all customer VPN routes in the Provider network. It is an essential element for L3VPNs to function. Provider Edge routers are responsible in sharing this information among other PE routers using MP-BGP. These BGP peerings must be fully meshed but best practice usually dictates the use of Route Reflectors.

MP-BGP peerings are configured under the VPNv4 address-family. This address family enables PEs to understand VPNv4 prefixes, which contain VPN specific information such as RDs and RTs.

PE to RR peering

PE_R05#sh ip bgp vpnv4 all summary

BGP router identifier 5.5.5.5, local AS number 2345

BGP table version is 39, main routing table version 39

6 network entries using 1536 bytes of memory

7 path entries using 840 bytes of memory

7/6 BGP path/bestpath attribute entries using 1848 bytes of memory

1 BGP rrinfo entries using 40 bytes of memory

2 BGP AS-PATH entries using 48 bytes of memory

2 BGP community entries using 48 bytes of memory

5 BGP extended community entries using 1024 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 5384 total bytes of memory

1 received paths for inbound soft reconfiguration

BGP activity 14/8 prefixes, 19/12 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

10.2.2.2 4 65000 25744 25753 39 0 0 2d00h 1

11.11.11.11 4 2345 25762 25781 39 0 0 2d00h 3

PE_R06#sh ip bgp vpnv4 all summary

BGP router identifier 6.6.6.6, local AS number 2345

BGP table version is 38, main routing table version 38

6 network entries using 1536 bytes of memory

7 path entries using 840 bytes of memory

7/6 BGP path/bestpath attribute entries using 1848 bytes of memory

1 BGP rrinfo entries using 40 bytes of memory

2 BGP AS-PATH entries using 48 bytes of memory

2 BGP community entries using 48 bytes of memory

5 BGP extended community entries using 1024 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 5384 total bytes of memory

1 received paths for inbound soft reconfiguration

BGP activity 14/8 prefixes, 19/12 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

10.2.2.10 4 65001 25792 25781 38 0 0 2d00h 1

11.11.11.11 4 2345 25815 25809 38 0 0 2d00h 3

RR peering to PE

RR_R11#sh ip bgp vpnv4 all summary

BGP router identifier 11.11.11.11, local AS number 2345

BGP table version is 35, main routing table version 35

6 network entries using 1536 bytes of memory

6 path entries using 720 bytes of memory

6/6 BGP path/bestpath attribute entries using 1584 bytes of memory

2 BGP AS-PATH entries using 48 bytes of memory

2 BGP community entries using 48 bytes of memory

5 BGP extended community entries using 1024 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 4960 total bytes of memory

BGP activity 17/11 prefixes, 19/13 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

5.5.5.5 4 2345 25839 25819 35 0 0 2d00h 3

6.6.6.6 4 2345 25826 25833 35 0 0 2d00h 3

A quick look at the VPN route table on the RR will show that it doesn’t know anything about the VRF’s configured on the PE routers. It will only understand VPNv4 prefixes and will rely on RD to maintain prefix uniqueness.

RR_R11#sh ip bgp vpnv4 all

BGP table version is 31, local router ID is 11.11.11.11

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 2345:1

*>i 172.16.1.0/24 5.5.5.5 0 100 0 65000 i

*>i 172.16.2.0/24 6.6.6.6 0 100 0 65001 i

Route Distinguisher: 2345:2

*>i 10.2.2.4/30 5.5.5.5 0 100 0 ?

*>i 10.2.2.12/30 6.6.6.6 0 100 0 ?

*>i 192.168.1.0 5.5.5.5 130816 100 0 ?

*>i 192.168.2.0 6.6.6.6 130816 100 0 ?

PE to CE Routing Protocol

When configuring a L3VPN, there is the option to use an additional routing protocol between the Customer Edge (CE) device and PE. This routing protocol is not related to the MP-BGP peering discussed earlier, however MP-BGP does play a role in how it embeds PE-CE routing protocol information into MP-BGP VPNv4 routes as they are exchanged between the PEs.

Here is a look at the PE-CE routing protocol peerings and the prefixes that were learned. For brevity, I will use PE5’s peering to both customer CEs. Customer A uses eBGP while Customer B uses EIGRP for their PE-CE protocols.

PE5’s eBGP peering to CE20 (10.2.2.2). We learned 1 prefix from the CE for Customer A.

PE_R05#sh ip bgp vpnv4 vrf CUSTOMER_A summary

BGP router identifier 5.5.5.5, local AS number 2345

BGP table version is 35, main routing table version 35

2 network entries using 512 bytes of memory

3 path entries using 360 bytes of memory

7/6 BGP path/bestpath attribute entries using 1848 bytes of memory

1 BGP rrinfo entries using 40 bytes of memory

2 BGP AS-PATH entries using 48 bytes of memory

2 BGP community entries using 48 bytes of memory

5 BGP extended community entries using 1024 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 3880 total bytes of memory

1 received paths for inbound soft reconfiguration

BGP activity 14/8 prefixes, 17/10 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

10.2.2.2 4 65000 21725 21728 35 0 0 1d16h 1

PE5’s eBGP route learned from CE20.

PE_R05#sh ip bgp vpnv4 vrf CUSTOMER_A neighbors 10.2.2.2 routes

BGP table version is 39, local router ID is 5.5.5.5

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 2345:1 (default for vrf CUSTOMER_A)

*> 172.16.1.0/24 10.2.2.2 0 0 65000 i

Total number of prefixes 1

PE5’s EIGRP peering to CE8 (10.2.2.6). We learned 1 prefix from the CE for Customer B.

PE_R05#sh ip eigrp vrf CUSTOMER_B neighbors detail

EIGRP-IPv4 Neighbors for AS(65100) VRF(CUSTOMER_B)

H Address Interface Hold Uptime SRTT RTO Q Seq

(sec) (ms) Cnt Num

0 10.2.2.6 Gi1.31 13 1d16h 1 100 0 9

Version 20.0/2.0, Retrans: 1, Retries: 0, Prefixes: 1

Topology-ids from peer - 0

Topologies advertised to peer: base

Max Nbrs: 0, Current Nbrs: 0

PE5’s EIGRP route learned from CE8.

PE_R05#sh ip route vrf CUSTOMER_B eigrp

Routing Table: CUSTOMER_B

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

a - application route

+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

D 192.168.1.0/24 [90/130816] via 10.2.2.6, 1d01h, GigabitEthernet1.31

MP-BGP VPNv4 NLRI

Below we look at the MP-BGP VPNv4 NLRI in more detail for a particular prefix (BGP PE-CE). We can see the entry has the RD prepended to the IPv4 prefix. It also contains the Route Target and MPLS labels.

RR_R11#sh ip bgp vpnv4 rd 2345:1 172.16.1.0/24

BGP routing table entry for 2345:1:172.16.1.0/24, version 30

Paths: (1 available, best #1, no table)

Advertised to update-groups:

Refresh Epoch 1

65000, (Received from a RR-client)

5.5.5.5 (metric 3) (via default) from 5.5.5.5 (5.5.5.5)

Origin IGP, metric 0, localpref 100, valid, internal, best

Community: 65000:20

Extended Community: RT:2345:1

mpls labels in/out nolabel/530

rx pathid: 0, tx pathid: 0x0

However, looking at an EIGRP CE-PE NLRI get a little more interesting. Besides the usual Route Target and MPLS labels embedded into the NLRI, we can see MP-BGP has also encoded the EIGRP protocol specific attributes into its extended communities. It includes variables such as ASN, route metric and MTU.

RR_R11#sh ip bgp vpnv4 rd 2345:2 192.168.1.0/24

BGP routing table entry for 2345:2:192.168.1.0/24, version 35

Paths: (1 available, best #1, no table)

Advertised to update-groups:

Refresh Epoch 1

Local, (Received from a RR-client)

5.5.5.5 (metric 3) (via default) from 5.5.5.5 (5.5.5.5)

Origin incomplete, metric 130816, localpref 100, valid, internal, best

Extended Community: RT:2345:2 Cost:pre-bestpath:128:130816

0x8800:32768:0 0x8801:65100:128256 0x8802:65281:2560 0x8803:65281:1514

0x8806:0:134744072

mpls labels in/out nolabel/525

rx pathid: 0, tx pathid: 0x0

PE_R05#sh ip route vrf CUSTOMER_B 192.168.1.0

Routing Table: CUSTOMER_B

Routing entry for 192.168.1.0/24

Known via "eigrp 65100", distance 90, metric 130816, type internal

Redistributing via eigrp 65100, bgp 2345

Advertised by bgp 2345

Last update from 10.2.2.6 on GigabitEthernet1.31, 3d04h ago

Routing Descriptor Blocks:

* 10.2.2.6, from 10.2.2.6, 3d04h ago, via GigabitEthernet1.31

Route metric is 130816, traffic share count is 1

Total delay is 5010 microseconds, minimum bandwidth is 1000000 Kbit

Reliability 255/255, minimum MTU 1514 bytes

Loading 1/255, Hops 1

The table below defines each value in more detail.

https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/seipecec.html

Packet Walk

Now that we understand the infrastructure components, and what it does, we can put this all together and do an example step by step packet walk from CE20 to CE21 for Customer A. This will demonstrate a full understanding of how the Service Provider is routing and switching the packet end to end.

Traceroute

Tracing from CE20 shows the path throughout the network to CE21.

CE_R20#traceroute 172.16.2.254 source lo100

Type escape sequence to abort.

Tracing the route to 172.16.2.254

VRF info: (vrf in name/id, vrf out name/id)

1 10.2.2.1 4 msec 3 msec 4 msec

2 10.1.1.5 [MPLS: Labels 320/630 Exp 0] 8 msec 7 msec 7 msec

3 10.0.0.22 [MPLS: Labels 420/630 Exp 0] 28 msec 30 msec 32 msec

4 10.2.2.9 [MPLS: Label 630 Exp 0] 20 msec 19 msec 21 msec

5 10.2.2.10 20 msec * 9 msec

Packet Walk Diagram

MPLS Operation

Packet Walk MPLS Operation Diagram

CE20 sends traffic to CE21. CE20 does an IP route table lookup for destination 172.16.2.0/24 and is directed to next-hop 10.2.2.1 (PE5). Normal routing is taking place here and no MPLS label is used. Packet is forward to 10.2.2.1.

CE_R20#sh ip route 172.16.2.0

Routing entry for 172.16.2.0/24

Known via "bgp 65000", distance 20, metric 0

Tag 2345, type external

Last update from 10.2.2.1 1d07h ago

Routing Descriptor Blocks:

* 10.2.2.1, from 10.2.2.1, 1d07h ago

Route metric is 0, traffic share count is 1

AS Hops 2

Route tag 2345

MPLS label: none

Packet arrives on PE5 and does an IP route lookup under VRF CUSTOMER_A for destination 172.16.2.0/24. It's directed to next-hop 6.6.6.6 and from an IP routing perspective it’s only 1 hop away even though it is multiple hops within the MPLS network. A VPN MPLS (inner) label of 630 is imposed/pushed. This label is used to identify which VPN (i.e., VRF) this prefix belongs to.

PE_R05#sh ip route vrf CUSTOMER_A 172.16.2.0

Routing Table: CUSTOMER_A

Routing entry for 172.16.2.0/24

Known via "bgp 2345", distance 200, metric 0

Tag 65001, type internal

Last update from 6.6.6.6 1d06h ago

Routing Descriptor Blocks:

* 6.6.6.6 (default), from 11.11.11.11, 1d06h ago

Route metric is 0, traffic share count is 1

AS Hops 1

Route tag 65001

MPLS label: 630

MPLS Flags: MPLS Required

As MPLS is required, PE5 consults its MPLS forwarding table. To reach 6.6.6.6, we must push the LSP (outer) label of 320 and send to next-hop 10.1.1.5 (P3). At this point, we have a full MPLS label stack of {630,320}.

PE_R05#sh mpls forwarding-table 6.6.6.6

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface

504 320 6.6.6.6/32 0 Gi1.21 10.1.1.5

Note: The MPLS LDP binding database will show how this decision was made. The LER uses the underlay IGP route table to determine which LSR to use and therefore what label to push. Since the IGP route for 6.6.6.6 points to P3 (lowest cost), the MPLS LDP binding will select LSR with id 3.3.3.3 with label 320.

PE_R05#sh ip route 6.6.6.6

Routing entry for 6.6.6.6/32

Known via "ospf 100", distance 110, metric 4, type intra area

Last update from 10.1.1.5 on GigabitEthernet1.21, 5d01h ago

Routing Descriptor Blocks:

* 10.1.1.5, from 6.6.6.6, 5d01h ago, via GigabitEthernet1.21

Route metric is 4, traffic share count is 1

PE_R05#sh mpls ldp bindings 6.6.6.6 255.255.255.255

lib entry: 6.6.6.6/32, rev 12

local binding: label: 504

remote binding: lsr: 3.3.3.3:0, label: 320

remote binding: lsr: 1.1.1.1:0, label: 120

Packet arrives on P3 and consults its MPLS forwarding table. For label 320, the next operation is to swap with label 420 and send to its next-hop of 10.0.0.22 (P4).

P_R03#sh mpls forwarding-table labels 320

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface

320 420 6.6.6.6/32 9636 Gi1.15 10.0.0.22

Packet arrives on P4 and consults its MPLS forwarding table. For label 420 we pop the label off and send to its next-hop 10.1.1.14 (PE6). This LSR pops the label off here due to Penultimate Hop Popping (PHP) behavior.

P_R04#sh mpls forwarding-table labels 420

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface

420 Pop Label 6.6.6.6/32 1132182 Gi1.23 10.1.1.14

Note: PHP is an efficiency mechanism in MPLS networks and is the default behavior in IOS. It allows the last LSR router in the LSP to pop the label. This saves resources on LER because it eliminates the need to perform a label lookup and only needs to do an IP lookup to the destination network.

When PHP is used, the “implicit-null” label is used in the binding database.

P_R04#sh mpls ldp bindings 6.6.6.6 32

lib entry: 6.6.6.6/32, rev 56

local binding: label: 420

remote binding: lsr: 1.1.1.1:0, label: 120

remote binding: lsr: 3.3.3.3:0, label: 320

remote binding: lsr: 6.6.6.6:0, label: imp-null

remote binding: lsr: 2.2.2.2:0, label: 220

Packet arrives on PE6 and does a MPLS forwarding lookup on the inner (VPN) label (630) to determine which VPN it belongs to (Customer A).

PE_R06#sh mpls forwarding-table labels 630 detail

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface

630 No Label 172.16.2.0/24[V] 323390 Gi1.32 10.2.2.10

MAC/Encaps=18/18, MRU=9220, Label Stack{}

000C29F12BDA000C298D7AB2810000200800

VPN route: CUSTOMER_A

No output feature configured

PE6 does an IP route lookup under Customer A's VRF and forwards traffic to CE21 via 10.2.2.10.

PE_R06#sh ip route vrf CUSTOMER_A 172.16.2.0

Routing Table: CUSTOMER_A

Routing entry for 172.16.2.0/24

Known via "bgp 2345", distance 20, metric 0

Tag 65001, type external

Last update from 10.2.2.10 1d07h ago

Routing Descriptor Blocks:

* 10.2.2.10, from 10.2.2.10, 1d07h ago

Route metric is 0, traffic share count is 1

AS Hops 1

Route tag 65001

MPLS label: none

Conclusion

MPLS has always been a favorite technology of mine and I'm glad I had an opportunity to build, configure and understand it. I plan on building on this lab to learn other technologies, such as MPLS Traffic Engineering, QoS, VPLS and VPWS.

References

Configuration Tutorials:

http://packetlife.net/blog/2011/may/16/creating-mpls-vpn/

http://resources.intenseschool.com/gns3-lab-introduction-to-mpls-layer-3-vpn-part-1/

MPLS Information:

https://www.slideshare.net/kdebrouw/MPLS-Services

https://www.nanog.org/meetings/nanog49/presentations/Sunday/mpls-nanog49.pdf

the peering xchange : [a network engineer’s blog]

Pages

Sunday, March 26, 2017

MPLS L3 VPN

Report Abuse