Thursday, 21 February 2013

6VPE_Inter-AS-6VPE


Task

To get the full connectivity between site 1,2 and 3.

Configuration

R1

vrf definition one
 rd 12:12
!
 address-family ipv6
 route-target import 3:3
 route-target import 12:12
 route-target export 12:12
 exit-address-family
!
ipv6 unicast-routing
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex half
!
interface FastEthernet1/0
 ip address 192.168.12.1 255.255.255.0
 speed auto
 duplex auto
 mpls ip
!
interface FastEthernet1/1
 vrf forwarding one
 no ip address
 speed auto
 duplex auto
 ipv6 address 2001:1:4::1/64
!
router ospf 1
 log-adjacency-changes
 network 1.1.1.1 0.0.0.0 area 0
 network 192.168.12.1 0.0.0.0 area 0
!
router bgp 12
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 12
 neighbor 2.2.2.2 update-source Loopback0
 !
 address-family ipv4
  no synchronization
  no auto-summary
 exit-address-family
 !
 address-family vpnv6
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community both
 exit-address-family
 !
 address-family ipv6 vrf one
  no synchronization
  neighbor 2001:1:4::4 remote-as 4
  neighbor 2001:1:4::4 activate
 exit-address-family
!
mpls ldp router-id Loopback0 force

R2

vrf definition one
 rd 12:12
 !
 address-family ipv6
 route-target export 12:12
 route-target import 12:12
 route-target import 3:3
 exit-address-family
!
ipv6 unicast-routing
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex half
!
interface FastEthernet1/0
 ip address 192.168.12.2 255.255.255.0
 speed auto
 duplex auto
 mpls ip
!
interface FastEthernet1/1
 ip address 192.168.23.2 255.255.255.0
 speed auto
 duplex auto
 mpls bgp forwarding
!
interface FastEthernet2/0
 vrf forwarding one
 no ip address
 duplex full
 ipv6 address 2001:2:5::2/64
!
router ospf 1
 log-adjacency-changes
 network 2.2.2.2 0.0.0.0 area 0
 network 192.168.12.2 0.0.0.0 area 0
!
router bgp 12
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 1.1.1.1 remote-as 12
 neighbor 1.1.1.1 update-source Loopback0
 neighbor 192.168.23.3 remote-as 3
 !
 address-family ipv4
  no synchronization
  no auto-summary
 exit-address-family
 !
 address-family vpnv6
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 send-community both
  neighbor 1.1.1.1 next-hop-self
  neighbor 192.168.23.3 activate
  neighbor 192.168.23.3 send-community both
 exit-address-family
 !
 address-family ipv6 vrf one
  redistribute static
  no synchronization
 exit-address-family
!
ipv6 route vrf one 2001::5/128 2001:2:5::5
!
mpls ldp router-id Loopback0 force

R3

vrf definition one
 rd 3:3
 !
 address-family ipv6
 route-target export 3:3
 route-target import 3:3
 route-target import 12:12
 exit-address-family
!
ipv6 unicast-routing
!
interface FastEthernet1/0
 ip address 192.168.23.3 255.255.255.0
 speed auto
 duplex auto
 mpls bgp forwarding
!
interface FastEthernet1/1
 vrf forwarding one
 no ip address
 speed auto
 duplex auto
 ipv6 address 2001:3:6::3/64
!
router bgp 3
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 192.168.23.2 remote-as 12
 !
 address-family ipv4
  no synchronization
  no auto-summary
 exit-address-family
 !
 address-family vpnv6
  neighbor 192.168.23.2 activate
  neighbor 192.168.23.2 send-community both
 exit-address-family
 !
 address-family ipv6 vrf one
  redistribute static
  no synchronization
 exit-address-family
!
ipv6 route vrf one 2001::6/128 2001:3:6::6

R4

ipv6 unicast-routing
!
interface Loopback0
 no ip address
 ipv6 address 2001::4/128
!
interface FastEthernet1/0
 no ip address
 speed auto
 duplex auto
 ipv6 address 2001:1:4::4/64
!
router bgp 4
 bgp router-id 4.4.4.4
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 2001:1:4::1 remote-as 12
 !
 address-family ipv4
  no synchronization
  no auto-summary
 exit-address-family
 !
 address-family ipv6
  no synchronization
  network 2001::4/128
  neighbor 2001:1:4::1 activate
 exit-address-family

R5

ipv6 unicast-routing
!
interface Loopback0
 no ip address
 ipv6 address 2001::5/128
!
interface FastEthernet1/0
 no ip address
 speed auto
 duplex auto
 ipv6 address 2001:2:5::5/64
!
ipv6 route ::/0 2001:2:5::2

R6

ipv6 unicast-routing
!
interface Loopback0
 no ip address
 ipv6 address 2001::6/128
!
interface FastEthernet1/0
 no ip address
 speed auto
 duplex auto
 ipv6 address 2001:3:6::6/64
!
ipv6 route ::/0 2001:3:6::3

Verification

R4#ping 2001::5 source loopback 0
Packet sent with a source address of 2001::4
!!!!!

R4#ping 2001::6 source loopback 0
Packet sent with a source address of 2001::4
!!!!!

GNS FILE : http://www.4shared.com/rar/Kg5avCct/6VPE_Inter-AS-6VPE.html
Posted by at 1 comment:
Labels: , ,

Saturday, 16 February 2013

MPLS VPN PE-CE Protocol(OSPF) Part 1


In this topic, provider will use OSPF as a PE-CE protocol. R5 Lo 0 is in area 0, Lo 1 is in area 1, Lo 2 is redistributed into OSPF.

In this section, provider will run OSPF without running OSPF super-backbone, but same domain-id for the OSPF process used for adjacent with customer.

Configuration

R1

ip vrf one
 rd 1:1
 route-target export 1:1
 route-target import 1:1
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.12.1 255.255.255.0
 ip router isis
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 ip vrf forwarding one
 ip address 192.168.14.1 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1 vrf one
 log-adjacency-changes
 redistribute bgp 1 subnets route-map BLK_SHAM
 network 192.168.14.1 0.0.0.0 area 0
!
router isis
 net 49.0000.0000.0001.00
 metric-style wide transition
 passive-interface Loopback0
!
router bgp 1
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 1
 neighbor 2.2.2.2 update-source Loopback0
 !
 address-family ipv4
  neighbor 2.2.2.2 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf one
  redistribute ospf 1 vrf one match internal external 1 external 2
  no synchronization
 exit-address-family
!
ip prefix-list SHAM seq 5 permit 1.1.1.1/32
ip prefix-list SHAM seq 10 permit 2.2.2.2/32
ip prefix-list SHAM seq 15 permit 3.3.3.3/32
!
route-map BLK_SHAM deny 10
 match ip address prefix-list SHAM
!
route-map BLK_SHAM permit 100
!
mpls ldp router-id Loopback0 force

R2

ip vrf one
 rd 1:2
 route-target export 1:1
 route-target import 1:1
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.12.2 255.255.255.0
 ip router isis
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet1/0
 ip vrf forwarding one
 ip address 192.168.25.2 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1 vrf one
 log-adjacency-changes
 redistribute bgp 1 subnets route-map BLK_SHAM
 network 192.168.25.2 0.0.0.0 area 0
!
router isis
 net 49.0000.0000.0002.00
 metric-style wide transition
 passive-interface Loopback0
!
router bgp 1
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor IBGP peer-group
 neighbor IBGP remote-as 1
 neighbor IBGP update-source Loopback0
 neighbor 1.1.1.1 peer-group IBGP
 !
 address-family vpnv4
  neighbor IBGP send-community extended
  neighbor IBGP route-reflector-client
  neighbor 1.1.1.1 activate
 exit-address-family
 !
 address-family ipv4 vrf one
  redistribute ospf 1 vrf one match internal external 1 external 2
  no synchronization
 exit-address-family
!
ip prefix-list SHAM seq 5 permit 1.1.1.1/32
ip prefix-list SHAM seq 10 permit 2.2.2.2/32
ip prefix-list SHAM seq 15 permit 3.3.3.3/32
!
route-map BLK_SHAM deny 10
 match ip address prefix-list SHAM
!
route-map BLK_SHAM permit 100
!
mpls ldp router-id Loopback0 force

R4

interface FastEthernet0/0
 ip address 192.168.14.4 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 4.4.4.4 0.0.0.0 area 0

R5

interface Loopback0
 ip address 5.5.5.5 255.255.255.255
!
interface Loopback1
 ip address 5.5.5.1 255.255.255.255
!
interface Loopback2
 ip address 5.5.5.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.25.5 255.255.255.0
 speed 100
 full-duplex
!
router ospf 1
 log-adjacency-changes
 redistribute connected subnets route-map CONN
 network 5.5.5.1 0.0.0.0 area 1
 network 5.5.5.5 0.0.0.0 area 0
 network 192.168.25.5 0.0.0.0 area 0
!
ip prefix-list LO2 seq 5 permit 5.5.5.2/32
!
route-map CONN permit 10
 match ip address prefix-list LO2

Verification

Due to without running super backbone and running same domain-id, R5 Lo0 and Lo1 will appeared as inter area routes on R4.

R4#show ip route ospf
O IA 192.168.25.0/24 [110/11] via 192.168.14.1, 00:08:06, FastEthernet0/0
     5.0.0.0/32 is subnetted, 3 subnets
O IA    5.5.5.5 [110/12] via 192.168.14.1, 00:08:06, FastEthernet0/0
O IA    5.5.5.1 [110/12] via 192.168.14.1, 00:08:06, FastEthernet0/0
O E2    5.5.5.2 [110/20] via 192.168.14.1, 00:08:06, FastEthernet0/0
GNS File : http://www.4shared.com/rar/9hHAdS2o/mpls_vpn_pe-ce_with_ospf__no_s.html

Posted by at No comments:
Labels: , ,

MPLS VPN PE-CE Protocol(OSPF) Part 2



In this topic, provider will use OSPF as a PE-CE protocol. R5 Lo 0 is in area 0, Lo 1 is in area 1, Lo 2 is redistributed into OSPF.

In this section, provider will run OSPF without running OSPF super-backbone, different domain-id for the OSPF process used for adjacent with customer.

Configuration

R1

ip vrf one
rd 1:1
route-target export 1:1
route-target import 1:1
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
ip router isis
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
ip vrf forwarding one
ip address 192.168.14.1 255.255.255.0
duplex auto
speed auto
!
router ospf 1 vrf one
log-adjacency-changes
redistribute bgp 1 subnets route-map BLK_SHAM
network 192.168.14.1 0.0.0.0 area 0
!
router isis
net 49.0000.0000.0001.00
metric-style wide transition
passive-interface Loopback0
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 1
neighbor 2.2.2.2 update-source Loopback0
!
address-family ipv4
neighbor 2.2.2.2 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf one
redistribute ospf 1 vrf one match internal external 1 external 2
no synchronization
exit-address-family
!
ip prefix-list SHAM seq 5 permit 1.1.1.1/32
ip prefix-list SHAM seq 10 permit 2.2.2.2/32
ip prefix-list SHAM seq 15 permit 3.3.3.3/32
!
route-map BLK_SHAM deny 10
match ip address prefix-list SHAM
!
route-map BLK_SHAM permit 100
!
mpls ldp router-id Loopback0 force

R2

ip vrf one
rd 1:2
route-target export 1:1
route-target import 1:1
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
ip router isis
duplex auto
speed auto
mpls ip
!
interface FastEthernet1/0
ip vrf forwarding one
ip address 192.168.25.2 255.255.255.0
duplex auto
speed auto
!
router ospf 1 vrf one
domain-id type 0005 value 000000020200
log-adjacency-changes
redistribute bgp 1 subnets route-map BLK_SHAM
network 192.168.25.2 0.0.0.0 area 0
!
router isis
net 49.0000.0000.0002.00
metric-style wide transition
passive-interface Loopback0
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor IBGP peer-group
neighbor IBGP remote-as 1
neighbor IBGP update-source Loopback0
neighbor 1.1.1.1 peer-group IBGP
!
address-family vpnv4
neighbor IBGP send-community extended
neighbor IBGP route-reflector-client
neighbor 1.1.1.1 activate
exit-address-family
!
address-family ipv4 vrf one
redistribute ospf 1 vrf one match internal external 1 external 2
no synchronization
exit-address-family
!
ip prefix-list SHAM seq 5 permit 1.1.1.1/32
ip prefix-list SHAM seq 10 permit 2.2.2.2/32
ip prefix-list SHAM seq 15 permit 3.3.3.3/32
!
route-map BLK_SHAM deny 10
match ip address prefix-list SHAM
!
route-map BLK_SHAM permit 100
!
mpls ldp router-id Loopback0 force

R4

interface FastEthernet0/0
ip address 192.168.14.4 255.255.255.0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 4.4.4.4 0.0.0.0 area 0

R5

interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface Loopback1
ip address 5.5.5.1 255.255.255.255
!
interface Loopback2
ip address 5.5.5.2 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.25.5 255.255.255.0
speed 100
full-duplex
!
router ospf 1
log-adjacency-changes
redistribute connected subnets route-map CONN
network 5.5.5.1 0.0.0.0 area 1
network 5.5.5.5 0.0.0.0 area 0
network 192.168.25.5 0.0.0.0 area 0
!
ip prefix-list LO2 seq 5 permit 5.5.5.2/32
!
route-map CONN permit 10
match ip address prefix-list LO2

Verification

Due to without running super backbone and running different domain-id, all prefixes will appeared as external routes on R4.

R4#show ip route ospf
O E2 192.168.25.0/24 [110/1] via 192.168.14.1, 00:00:49, FastEthernet0/0
     5.0.0.0/32 is subnetted, 3 subnets
O E2    5.5.5.5 [110/2] via 192.168.14.1, 00:00:49, FastEthernet0/0
O E2    5.5.5.1 [110/2] via 192.168.14.1, 00:00:49, FastEthernet0/0
O E2    5.5.5.2 [110/20] via 192.168.14.1, 00:49:12, FastEthernet0/0

GNS File : http://www.4shared.com/rar/7AuMIJzg/mpls_vpn_pe-ce_with_ospf__no_s.html
Posted by at No comments:
Labels: , ,

MPLS VPN PE-CE Protocol(OSPF) Part 3


In this topic, provider will use OSPF as a PE-CE protocol. R5 Lo 0 is in area 0, Lo 1 is in area 1, Lo 2 is redistributed into OSPF.

In this section, provider will run OSPF super-backbone for the OSPF process used for adjacent with customer. On R5, I add another loopback network which is Lo 10 and put into area 1.

Configuration

R1

ip vrf one
 rd 1:1
 route-target export 1:1
 route-target import 1:1
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
 ip vrf forwarding one
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.12.1 255.255.255.0
 ip router isis
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 ip vrf forwarding one
 ip address 192.168.14.1 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1 vrf one
 log-adjacency-changes
 area 0 sham-link 1.1.1.1 2.2.2.2
 redistribute bgp 1 subnets route-map BLK_SHAM
 network 192.168.14.1 0.0.0.0 area 0
!
router isis
 net 49.0000.0000.0001.00
 metric-style wide transition
 passive-interface Loopback0
!
router bgp 1
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 1
 neighbor 2.2.2.2 update-source Loopback0
 !
 address-family ipv4
  neighbor 2.2.2.2 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf one
  redistribute ospf 1 vrf one match internal external 1 external 2
  no synchronization
  network 1.1.1.1 mask 255.255.255.255
 exit-address-family
!
ip prefix-list SHAM seq 5 permit 1.1.1.1/32
ip prefix-list SHAM seq 10 permit 2.2.2.2/32
ip prefix-list SHAM seq 15 permit 3.3.3.3/32
!
route-map BLK_SHAM deny 10
 match ip address prefix-list SHAM
!
route-map BLK_SHAM permit 100
!
mpls ldp router-id Loopback0 force

R2

ip vrf one
 rd 1:2
 route-target export 1:1
 route-target import 1:1
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface Loopback1
 ip vrf forwarding one
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.12.2 255.255.255.0
 ip router isis
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet1/0
 ip vrf forwarding one
 ip address 192.168.25.2 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1 vrf one
 log-adjacency-changes
 area 0 sham-link 2.2.2.2 1.1.1.1
 redistribute bgp 1 subnets route-map BLK_SHAM
 network 192.168.25.2 0.0.0.0 area 0
!
router isis
 net 49.0000.0000.0002.00
 metric-style wide transition
 passive-interface Loopback0
!
router bgp 1
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor IBGP peer-group
 neighbor IBGP remote-as 1
 neighbor IBGP update-source Loopback0
 neighbor 1.1.1.1 peer-group IBGP
 !
 address-family vpnv4
  neighbor IBGP send-community extended
  neighbor IBGP route-reflector-client
  neighbor 1.1.1.1 activate
 exit-address-family
 !
 address-family ipv4 vrf one
  redistribute ospf 1 vrf one match internal external 1 external 2
  no synchronization
  network 2.2.2.2 mask 255.255.255.255
 exit-address-family
!
ip prefix-list SHAM seq 5 permit 1.1.1.1/32
ip prefix-list SHAM seq 10 permit 2.2.2.2/32
ip prefix-list SHAM seq 15 permit 3.3.3.3/32
!
route-map BLK_SHAM deny 10
 match ip address prefix-list SHAM
!
route-map BLK_SHAM permit 100
!
mpls ldp router-id Loopback0 force

R4

interface FastEthernet0/0
 ip address 192.168.14.4 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 192.168.14.4 0.0.0.0 area 0

R5

interface Loopback0
 ip address 5.5.5.5 255.255.255.255
!
interface Loopback1
 ip address 5.5.5.1 255.255.255.255
!
interface Loopback2
 ip address 5.5.5.2 255.255.255.255
!
interface Loopback10
 ip address 5.5.5.10 255.255.255.255
 ip ospf 1 area 1
!
interface FastEthernet0/0
 ip address 192.168.25.5 255.255.255.0
 speed 100
 full-duplex
!
router ospf 1
 log-adjacency-changes
 redistribute connected subnets route-map CONN
 network 5.5.5.1 0.0.0.0 area 1
 network 5.5.5.5 0.0.0.0 area 0
 network 192.168.25.5 0.0.0.0 area 0
!
ip prefix-list LO2 seq 5 permit 5.5.5.2/32
!
route-map CONN permit 10
 match ip address prefix-list LO2

Verification

Due to running super backbone area on Provider routers, provider networks is considered virtual area 0 from the customer routers point of view. So R5 Lo 0 is appeared as intra area routes, Lo1 and Lo10 appeared as inter area routes. In other words, other side of the customer router can see the correct OSPF route type.

R4#show ip route ospf
O    192.168.25.0/24 [110/12] via 192.168.14.1, 00:17:19, FastEthernet0/0
     5.0.0.0/32 is subnetted, 4 subnets
O       5.5.5.5 [110/13] via 192.168.14.1, 00:17:19, FastEthernet0/0
O IA    5.5.5.1 [110/13] via 192.168.14.1, 00:17:19, FastEthernet0/0
O E2    5.5.5.2 [110/20] via 192.168.14.1, 00:13:15, FastEthernet0/0
O IA    5.5.5.10 [110/13] via 192.168.14.1, 00:13:20, FastEthernet0/0

Note

Due to super backbone emulated, from R1 perspective, prefixes from R5 are learnt through OSPF, not via MP BGP anymore.

R1#show ip route vrf one

Gateway of last resort is not set
     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback1
     2.0.0.0/32 is subnetted, 1 subnets
B       2.2.2.2 [200/0] via 2.2.2.2, 00:27:32
C    192.168.14.0/24 is directly connected, FastEthernet0/1
O    192.168.25.0/24 [110/2] via 2.2.2.2, 00:27:17
     5.0.0.0/32 is subnetted, 4 subnets
O       5.5.5.5 [110/3] via 2.2.2.2, 00:27:17
O IA    5.5.5.1 [110/3] via 2.2.2.2, 00:27:17
O E2    5.5.5.2 [110/20] via 2.2.2.2, 00:23:02
O IA    5.5.5.10 [110/3] via 2.2.2.2, 00:23:08

R1#show bgp vpnv4 unicast vrf one

Route Distinguisher: 1:1 (default for vrf one)
*> 1.1.1.1/32       0.0.0.0                  0         32768 i
*>i2.2.2.2/32       2.2.2.2                  0    100      0 i
r>i5.5.5.1/32       2.2.2.2                  2    100      0 ?
r>i5.5.5.2/32       2.2.2.2                 20    100      0 ?
r>i5.5.5.5/32       2.2.2.2                  2    100      0 ?
r>i5.5.5.10/32      2.2.2.2                  2    100      0 ?
*> 192.168.14.0     0.0.0.0                  0         32768 ?
r>i192.168.25.0     2.2.2.2                  0    100      0 ?

So consequently, if R1 wants to filter out some prefixes when advertising to R4, it cannot be filtered at the BGP > OSPF level. For testing this, I will add 5.5.5.10/32 under "SHAM" prefix, which prefix is denied when redistributing from BGP to OSPF. But it doesn't work.

R1(config)#ip prefix-list SHAM seq 20 permit 5.5.5.10/32

R4#show ip route ospf
O    192.168.25.0/24 [110/12] via 192.168.14.1, 00:32:38, FastEthernet0/0
     5.0.0.0/32 is subnetted, 4 subnets
O       5.5.5.5 [110/13] via 192.168.14.1, 00:32:38, FastEthernet0/0
O IA    5.5.5.1 [110/13] via 192.168.14.1, 00:32:38, FastEthernet0/0
O E2    5.5.5.2 [110/20] via 192.168.14.1, 00:28:33, FastEthernet0/0
O IA    5.5.5.10 [110/13] via 192.168.14.1, 00:28:38, FastEthernet0/0

GNS File : http://www.4shared.com/rar/4ERKR8Oy/mpls_vpn_pe-ce_with_ospf__supr.html
Posted by at No comments:
Labels: , ,

MPLS VPN PE-CE Protocol(OSPF) Part 4



In this topic, provider will use OSPF as a PE-CE protocol. R5 Lo 0 is in area 0, Lo 1 is in area 1, Lo 2 is redistributed into OSPF.
In this lab, I bring up another PE router R3. R1, R2, and R3 are NOT emulating OSPF super backbone area 0. We will focus more on 5.5.5.2/32 prefix.

Configuration

R1

ip vrf one
 rd 1:1
 route-target export 1:1
 route-target import 1:1
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.12.1 255.255.255.0
 ip router isis
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 ip vrf forwarding one
 ip address 192.168.14.1 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1 vrf one
 log-adjacency-changes
 redistribute bgp 1 subnets route-map BLK_SHAM
 network 192.168.14.1 0.0.0.0 area 0
!
router isis
 net 49.0000.0000.0001.00
 metric-style wide transition
 passive-interface Loopback0
!
router bgp 1
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 1
 neighbor 2.2.2.2 update-source Loopback0
 !
 address-family ipv4
  neighbor 2.2.2.2 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf one
  redistribute ospf 1 vrf one match internal external 1 external 2
  no synchronization
 exit-address-family
!
ip prefix-list SHAM seq 5 permit 1.1.1.1/32
ip prefix-list SHAM seq 10 permit 2.2.2.2/32
ip prefix-list SHAM seq 15 permit 3.3.3.3/32
!
route-map BLK_SHAM deny 10
 match ip address prefix-list SHAM
!
route-map BLK_SHAM permit 100
!
mpls ldp router-id Loopback0 force

R2

ip vrf one
 rd 1:2
 route-target export 1:1
 route-target import 1:1
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.12.2 255.255.255.0
 ip router isis
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 ip address 192.168.23.2 255.255.255.0
 ip router isis
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet1/0
 ip vrf forwarding one
 ip address 192.168.25.2 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1 vrf one
 log-adjacency-changes
 redistribute bgp 1 subnets route-map BLK_SHAM
 network 192.168.25.2 0.0.0.0 area 0
!
router isis
 net 49.0000.0000.0002.00
 metric-style wide transition
 passive-interface Loopback0
!
router bgp 1
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor IBGP peer-group
 neighbor IBGP remote-as 1
 neighbor IBGP update-source Loopback0
 neighbor 1.1.1.1 peer-group IBGP
 neighbor 3.3.3.3 peer-group IBGP
 !
 address-family vpnv4
  neighbor IBGP send-community extended
  neighbor IBGP route-reflector-client
  neighbor 1.1.1.1 activate
  neighbor 3.3.3.3 activate
 exit-address-family
 !
 address-family ipv4 vrf one
  redistribute ospf 1 vrf one match internal external 1 external 2
  no synchronization
 exit-address-family
!
ip prefix-list SHAM seq 5 permit 1.1.1.1/32
ip prefix-list SHAM seq 10 permit 2.2.2.2/32
ip prefix-list SHAM seq 15 permit 3.3.3.3/32
!
route-map BLK_SHAM deny 10
 match ip address prefix-list SHAM
!
route-map BLK_SHAM permit 100
!
mpls ldp router-id Loopback0 force

R3

ip vrf one
 rd 1:3
 route-target export 1:1
 route-target import 1:1
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.23.3 255.255.255.0
 ip router isis
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 ip vrf forwarding one
 ip address 192.168.34.3 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1 vrf one
 log-adjacency-changes
 redistribute bgp 1 subnets route-map BLK_SHAM
 network 192.168.34.3 0.0.0.0 area 0
!
router isis
 net 49.0000.0000.0003.00
 metric-style wide transition
 passive-interface Loopback0
!
router bgp 1
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 1
 neighbor 2.2.2.2 update-source Loopback0
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf one
  redistribute ospf 1 vrf one match internal external 1 external 2
  no synchronization
 exit-address-family
!
ip prefix-list SHAM seq 5 permit 1.1.1.1/32
ip prefix-list SHAM seq 10 permit 2.2.2.2/32
ip prefix-list SHAM seq 15 permit 3.3.3.3/32
!
route-map BLK_SHAM deny 10
 match ip address prefix-list SHAM
!
route-map BLK_SHAM permit 100
!
mpls ldp router-id Loopback0 force

R4

interface FastEthernet0/0
 ip address 192.168.14.4 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 192.168.34.4 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 192.168.14.4 0.0.0.0 area 0
 network 192.168.34.4 0.0.0.0 area 0

R5

interface Loopback0
 ip address 5.5.5.5 255.255.255.255
!
interface Loopback1
 ip address 5.5.5.1 255.255.255.255
!
interface Loopback2
 ip address 5.5.5.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.25.5 255.255.255.0
 speed 100
 full-duplex
!
router ospf 1
 log-adjacency-changes
 redistribute connected subnets route-map CONN
 network 5.5.5.1 0.0.0.0 area 1
 network 5.5.5.5 0.0.0.0 area 0
 network 192.168.25.5 0.0.0.0 area 0
!
ip prefix-list LO2 seq 5 permit 5.5.5.2/32
!
route-map CONN permit 10
 match ip address prefix-list LO2

Verification

So far everything looks fine. As I mentioned previously, we will focus only on 5.5.5.5/32

R4#show ip route ospf
O IA 192.168.25.0/24 [110/11] via 192.168.34.3, 00:11:20, FastEthernet0/1
                     [110/11] via 192.168.14.1, 00:11:20, FastEthernet0/0
     5.0.0.0/32 is subnetted, 3 subnets
O IA    5.5.5.5 [110/12] via 192.168.34.3, 00:11:20, FastEthernet0/1
                [110/12] via 192.168.14.1, 00:11:20, FastEthernet0/0
O IA    5.5.5.1 [110/12] via 192.168.34.3, 00:11:20, FastEthernet0/1
                [110/12] via 192.168.14.1, 00:11:20, FastEthernet0/0
O E2    5.5.5.2 [110/20] via 192.168.34.3, 00:11:10, FastEthernet0/1
                [110/20] via 192.168.14.1, 00:11:10, FastEthernet0/0

R1#show bgp vpnv4 unicast vrf one
   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf one)
*>i5.5.5.1/32       2.2.2.2                  2    100      0 ?
*>i5.5.5.2/32       2.2.2.2                 20    100      0 ?
*>i5.5.5.5/32       2.2.2.2                  2    100      0 ?
* i192.168.14.0     3.3.3.3                 20    100      0 ?
*>                  0.0.0.0                  0         32768 ?
*>i192.168.25.0     2.2.2.2                  0    100      0 ?
*> 192.168.34.0     192.168.14.4            20         32768 ?
* i                 3.3.3.3                  0    100      0 ?

R3# show bgp vpnv4 unicast vrf one

Route Distinguisher: 1:3 (default for vrf one)
*>i5.5.5.1/32       2.2.2.2                  2    100      0 ?
*>i5.5.5.2/32       2.2.2.2                 20    100      0 ?
*>i5.5.5.5/32       2.2.2.2                  2    100      0 ?
*> 192.168.14.0     192.168.34.4            20         32768 ?
* i                 1.1.1.1                  0    100      0 ?
*>i192.168.25.0     2.2.2.2                  0    100      0 ?
* i192.168.34.0     1.1.1.1                 20    100      0 ?
*>                  0.0.0.0                  0         32768 ?

R4#show ip ospf database external 5.5.5.2
            OSPF Router with ID (4.4.4.4) (Process ID 1)
                Type-5 AS External Link States
  LS age: 12 (DoNotAge)
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 5.5.5.2 (External Network Number )
  Advertising Router: 5.5.5.1
  LS Seq Number: 80000007
  Checksum: 0x94E4
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 0.0.0.0
        External Route Tag: 0
  Routing Bit Set on this LSA
  LS age: 1144
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 5.5.5.2 (External Network Number )
  Advertising Router: 192.168.14.1
  LS Seq Number: 80000001
  Checksum: 0xF84C
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 0.0.0.0
        External Route Tag: 3489660929
  Routing Bit Set on this LSA
  LS age: 1145
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 5.5.5.2 (External Network Number )
  Advertising Router: 192.168.34.3
  LS Seq Number: 80000001
  Checksum: 0x60CE
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 0.0.0.0
        External Route Tag: 3489660929

http://internetworklabs.blogspot.sg/2011/08/cisco-mpls-vpn-ospf-down-bit-domain-tag.html
GNS File : http://www.4shared.com/rar/Zwd8_TUT/mpls_vpn_pe-ce_with_ospf__inje.html

Note

Now I will try to inject routing loop by configuring different domain-tag on either R1 or R3.

R3#show run | b router ospf
router ospf 1 vrf one
 domain-tag 3

Depending on the timing, different outputs can be generated. The output below is by the time I was testing,

R1#show bgp vpnv4 unicast vrf one

Route Distinguisher: 1:1 (default for vrf one)
*>i5.5.5.1/32       2.2.2.2                  2    100      0 ?
*> 5.5.5.2/32       192.168.14.4            20         32768 ?
* i                 2.2.2.2                 20    100      0 ?
*>i5.5.5.5/32       2.2.2.2                  2    100      0 ?
* i192.168.14.0     3.3.3.3                 20    100      0 ?
*>                  0.0.0.0                  0         32768 ?
*>i192.168.25.0     2.2.2.2                  0    100      0 ?
*> 192.168.34.0     192.168.14.4            20         32768 ?
* i                 3.3.3.3                  0    100      0 ?

R3#show bgp vpnv4 unicast vrf one

Route Distinguisher: 1:3 (default for vrf one)
*>i5.5.5.1/32       2.2.2.2                  2    100      0 ?
* i5.5.5.2/32       1.1.1.1                 20    100      0 ?
*>i                 2.2.2.2                 20    100      0 ?
*>i5.5.5.5/32       2.2.2.2                  2    100      0 ?
*> 192.168.14.0     192.168.34.4            20         32768 ?
* i                 1.1.1.1                  0    100      0 ?
*>i192.168.25.0     2.2.2.2                  0    100      0 ?
* i192.168.34.0     1.1.1.1                 20    100      0 ?
*>                  0.0.0.0                  0         32768 ?

R4#traceroute 5.5.5.2
Type escape sequence to abort.
Tracing the route to 5.5.5.2
  1 192.168.34.3 48 msec 72 msec 36 msec
  2 192.168.25.2 [MPLS: Label 25 Exp 0] 32 msec 60 msec 36 msec
  3 192.168.25.5 80 msec *  84 msec

It looks no problem. But actually, there is a loop. In order to test this, I will shutdown R5 Lo2 network, and check the outcome.

interface Loopback2
 ip address 5.5.5.2 255.255.255.255
 shutdown

R4#traceroute 5.5.5.2
Type escape sequence to abort.
Tracing the route to 5.5.5.2
  1 192.168.34.3 68 msec 80 msec 28 msec
  2 192.168.23.2 [MPLS: Labels 16/22 Exp 0] 44 msec 28 msec 20 msec
  3 192.168.14.1 [MPLS: Label 22 Exp 0] 52 msec 60 msec 40 msec
  4 192.168.14.4 24 msec 60 msec 20 msec
  5 192.168.34.3 48 msec 112 msec 92 msec
  6 192.168.23.2 [MPLS: Labels 16/22 Exp 0] 104 msec 104 msec 68 msec
  7 192.168.14.1 [MPLS: Label 22 Exp 0] 104 msec 108 msec 44 msec
  8 192.168.14.4 64 msec 88 msec 40 msec
  9 192.168.34.3 88 msec 108 msec 128 msec
 10 192.168.23.2 [MPLS: Labels 16/22 Exp 0] 108 msec 168 msec 120 msec
 11 192.168.14.1 [MPLS: Label 22 Exp 0] 120 msec 100 msec 84 msec
 12 192.168.14.4 116 msec 124 msec 124 msec
 13 192.168.34.3 144 msec 228 msec 132 msec
 14 192.168.23.2 [MPLS: Labels 16/22 Exp 0] 148 msec 188 msec 164 msec
 15 192.168.14.1 [MPLS: Label 22 Exp 0] 196 msec 216 msec 92 msec
 16 192.168.14.4 128 msec 184 msec 176 msec
R1#show bgp vpnv4 unicast vrf one

Route Distinguisher: 1:1 (default for vrf one)
*>i5.5.5.1/32       2.2.2.2                  2    100      0 ?
*> 5.5.5.2/32       192.168.14.4            20         32768 ?
*>i5.5.5.5/32       2.2.2.2                  2    100      0 ?
* i192.168.14.0     3.3.3.3                 20    100      0 ?
*>                  0.0.0.0                  0         32768 ?
*>i192.168.25.0     2.2.2.2                  0    100      0 ?
*> 192.168.34.0     192.168.14.4            20         32768 ?
* i                 3.3.3.3                  0    100      0 ?

R2#show bgp vpnv4 unicast vrf one

Route Distinguisher: 1:2 (default for vrf one)
*> 5.5.5.1/32       192.168.25.5             2         32768 ?
*>i5.5.5.2/32       1.1.1.1                 20    100      0 ?
*> 5.5.5.5/32       192.168.25.5             2         32768 ?
* i192.168.14.0     3.3.3.3                 20    100      0 ?
*>i                 1.1.1.1                  0    100      0 ?
*> 192.168.25.0     0.0.0.0                  0         32768 ?
* i192.168.34.0     1.1.1.1                 20    100      0 ?
*>i                 3.3.3.3                  0    100      0 ?

R3#show bgp vpnv4 unicast vrf one

Route Distinguisher: 1:3 (default for vrf one)
*>i5.5.5.1/32       2.2.2.2                  2    100      0 ?
*>i5.5.5.2/32       1.1.1.1                 20    100      0 ?
*>i5.5.5.5/32       2.2.2.2                  2    100      0 ?
*> 192.168.14.0     192.168.34.4            20         32768 ?
* i                 1.1.1.1                  0    100      0 ?
*>i192.168.25.0     2.2.2.2                  0    100      0 ?
* i192.168.34.0     1.1.1.1                 20    100      0 ?
*>                  0.0.0.0                  0         32768 ?
Posted by at No comments:
Labels: , ,

MPLS VPN PE-CE Protocol(OSPF) 5

Posted by at No comments:

Thursday, 14 February 2013

IPv6 6VPE


Configuration

R1

vrf definition one
 rd 1:1
 !
 address-family ipv4
 route-target export 1:1
 route-target import 1:1
 exit-address-family
 !
 address-family ipv6
 route-target export 1:1
 route-target import 1:1
 exit-address-family
ipv6 unicast-routing
ipv6 cef
!
mpls ldp neighbor 2.2.2.2 password cisco
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex half
!
interface FastEthernet1/0
 ip address 192.168.12.1 255.255.255.0
 speed auto
 duplex auto
 mpls ip
!
interface FastEthernet1/1
 vrf forwarding one
 ip address 192.168.14.1 255.255.255.0
 speed auto
 duplex auto
 ipv6 address 2001:0:1:4::1/64
!
router ospf 1
 log-adjacency-changes
 network 1.1.1.1 0.0.0.0 area 0
 network 192.168.12.1 0.0.0.0 area 0
!
router bgp 13
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 3.3.3.3 remote-as 13
 neighbor 3.3.3.3 update-source Loopback0
 !
 address-family ipv4
  no synchronization
  no auto-summary
 exit-address-family
 !
 address-family vpnv4
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 send-community extended
 exit-address-family
 !
 address-family vpnv6
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf one
  no synchronization
  neighbor 192.168.14.4 remote-as 45
  neighbor 192.168.14.4 activate
  neighbor 192.168.14.4 as-override
 exit-address-family
 !
 address-family ipv6 vrf one
  no synchronization
  neighbor 2001:0:1:4::4 remote-as 45
  neighbor 2001:0:1:4::4 activate
  neighbor 2001:0:1:4::4 as-override
 exit-address-family

R2

interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex half
!
interface FastEthernet1/0
 ip address 192.168.12.2 255.255.255.0
 speed auto
 duplex auto
 mpls ip
!
interface FastEthernet1/1
 ip address 192.168.23.2 255.255.255.0
 speed auto
 duplex auto
 mpls ip
!
router ospf 1
 log-adjacency-changes
 network 2.2.2.2 0.0.0.0 area 0
 network 192.168.12.2 0.0.0.0 area 0
 network 192.168.23.2 0.0.0.0 area 0

R3

vrf definition one
 rd 3:3
 !
 address-family ipv4
 route-target export 1:1
 route-target import 1:1
 exit-address-family
 !
 address-family ipv6
 route-target export 1:1
 route-target import 1:1
 exit-address-family
!
ipv6 unicast-routing
ipv6 cef
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex half
!
interface FastEthernet1/0
 ip address 192.168.23.3 255.255.255.0
 speed auto
 duplex auto
 mpls ip
!
interface FastEthernet1/1
 vrf forwarding one
 ip address 192.168.35.3 255.255.255.0
 speed auto
 duplex auto
 ipv6 address 2001:0:3:5::3/64
!
router ospf 1
 log-adjacency-changes
 network 3.3.3.3 0.0.0.0 area 0
 network 192.168.23.3 0.0.0.0 area 0
!
router bgp 13
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 1.1.1.1 remote-as 13
 neighbor 1.1.1.1 update-source Loopback0
 !
 address-family ipv4
  no synchronization
  no auto-summary
 exit-address-family
 !
 address-family vpnv4
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 send-community extended
 exit-address-family
 !
 address-family vpnv6
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf one
  no synchronization
  neighbor 192.168.35.5 remote-as 45
  neighbor 192.168.35.5 activate
  neighbor 192.168.35.5 as-override
 exit-address-family
 !
 address-family ipv6 vrf one
  no synchronization
  neighbor 2001:0:3:5::5 remote-as 45
  neighbor 2001:0:3:5::5 activate
  neighbor 2001:0:3:5::5 as-override
 exit-address-family

R4

interface Loopback0
 ip address 4.4.4.4 255.255.255.255
 ipv6 address 2001:0:0:4::4/128
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex half
!
interface FastEthernet1/0
 ip address 192.168.14.4 255.255.255.0
 speed auto
 duplex auto
 ipv6 address 2001:0:1:4::4/64
!
interface FastEthernet1/1
 no ip address
 shutdown
 speed auto
 duplex auto
!
router bgp 45
 bgp log-neighbor-changes
 neighbor 2001:0:1:4::1 remote-as 13
 neighbor 192.168.14.1 remote-as 13
 !
 address-family ipv4
  no synchronization
  network 4.4.4.4 mask 255.255.255.255
  no neighbor 2001:0:1:4::1 activate
  neighbor 192.168.14.1 activate
  no auto-summary
 exit-address-family
 !
 address-family ipv6
  no synchronization
  network 2001:0:0:4::4/128
  neighbor 2001:0:1:4::1 activate
 exit-address-family

R5

interface Loopback0
 ip address 5.5.5.5 255.255.255.255
 ipv6 address 2001:0:0:5::5/128
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex half
!
interface FastEthernet1/0
 ip address 192.168.35.5 255.255.255.0
 speed auto
 duplex auto
 ipv6 address 2001:0:3:5::5/64
!
interface FastEthernet1/1
 no ip address
 shutdown
 speed auto
 duplex auto
!
router bgp 45
 bgp log-neighbor-changes
 neighbor 2001:0:3:5::3 remote-as 13
 neighbor 192.168.35.3 remote-as 13
 !
 address-family ipv4
  no synchronization
  network 5.5.5.5 mask 255.255.255.255
  no neighbor 2001:0:3:5::3 activate
  neighbor 192.168.35.3 activate
  no auto-summary
 exit-address-family
 !
 address-family ipv6
  no synchronization
  network 2001:0:0:5::5/128
  neighbor 2001:0:3:5::3 activate
 exit-address-family

GNS File : http://www.4shared.com/rar/wjwJGD4L/ipv6_6vpe.html
Posted by at No comments:
Labels: ,

Wednesday, 13 February 2013

IPv6 6PE



Configuration

R1

interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet1/0
 ip address 192.168.12.1 255.255.255.0
 ip router isis
 speed auto
 duplex auto
 mpls ip
!
interface FastEthernet1/1
 ip address 192.168.14.1 255.255.255.0
 speed auto
 duplex auto
 ipv6 address 2001:0:1:4::1/64
!
router isis
 net 49.0000.0000.0001.00
 metric-style wide transition
 passive-interface Loopback0
!
router bgp 13
 bgp log-neighbor-changes
 neighbor 3.3.3.3 remote-as 13
 neighbor 3.3.3.3 update-source Loopback0
 neighbor 2001:0:1:4::4 remote-as 4
 neighbor 192.168.14.4 remote-as 4
 !
 address-family ipv4
  no synchronization
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 next-hop-self
  no neighbor 2001:0:1:4::4 activate
  neighbor 192.168.14.4 activate
  no auto-summary
 exit-address-family
 !
 address-family ipv6
  no synchronization
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 send-label
  neighbor 2001:0:1:4::4 activate
 exit-address-family

R2

interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet1/0
 ip address 192.168.12.2 255.255.255.0
 ip router isis
 speed auto
 duplex auto
 mpls ip
!
interface FastEthernet1/1
 ip address 192.168.23.2 255.255.255.0
 ip router isis
 speed auto
 duplex auto
 mpls ip
!
router isis
 net 49.0000.0000.0002.00
 metric-style wide transition
 passive-interface Loopback0
!
mpls ldp router-id Loopback0 force

R3

interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet1/0
 ip address 192.168.23.3 255.255.255.0
 ip router isis
 speed auto
 duplex auto
 mpls ip
!
interface FastEthernet1/1
 ip address 192.168.35.3 255.255.255.0
 speed auto
 duplex auto
 ipv6 address 2001:0:3:5::3/64
!
router isis
 net 49.0000.0000.0003.00
 metric-style wide transition
 passive-interface Loopback0
!
router bgp 13
 bgp log-neighbor-changes
 neighbor 1.1.1.1 remote-as 13
 neighbor 1.1.1.1 update-source Loopback0
 neighbor 2001:0:3:5::5 remote-as 5
 neighbor 192.168.35.5 remote-as 5
 !
 address-family ipv4
  no synchronization
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 next-hop-self
  no neighbor 2001:0:3:5::5 activate
  neighbor 192.168.35.5 activate
  no auto-summary
 exit-address-family
 !
 address-family ipv6
  no synchronization
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 send-label
  neighbor 2001:0:3:5::5 activate
 exit-address-family
!
mpls ldp router-id Loopback0 force

R4

interface Loopback0
 ip address 4.4.4.4 255.255.255.255
 ipv6 address 2001:0:0:1::1/128
!
interface FastEthernet1/0
 ip address 192.168.14.4 255.255.255.0
 speed auto
 duplex auto
 ipv6 address 2001:0:1:4::4/64
!
router bgp 4
 bgp log-neighbor-changes
 neighbor 2001:0:1:4::1 remote-as 13
 neighbor 192.168.14.1 remote-as 13
 !
 address-family ipv4
  no synchronization
  network 4.4.4.4 mask 255.255.255.255
  no neighbor 2001:0:1:4::1 activate
  neighbor 192.168.14.1 activate
  no auto-summary
 exit-address-family
 !
 address-family ipv6
  no synchronization
  network 2001:0:0:1::1/128
  neighbor 2001:0:1:4::1 activate
 exit-address-family

R5

interface Loopback0
 ip address 5.5.5.5 255.255.255.255
 ipv6 address 2001:0:0:5::5/128
!
interface FastEthernet1/0
 ip address 192.168.35.5 255.255.255.0
 speed auto
 duplex auto
 ipv6 address 2001:0:3:5::5/64
!
router bgp 5
 bgp log-neighbor-changes
 neighbor 2001:0:3:5::3 remote-as 13
 neighbor 192.168.35.3 remote-as 13
 !
 address-family ipv4
  no synchronization
  network 5.5.5.5 mask 255.255.255.255
  no neighbor 2001:0:3:5::3 activate
  neighbor 192.168.35.3 activate
  no auto-summary
 exit-address-family
 !
 address-family ipv6
  no synchronization
  network 2001:0:0:5::5/128
  neighbor 2001:0:3:5::3 activate
 exit-address-family

GNS File : http://www.4shared.com/rar/OOiHBwX0/IPv6_6PE.html
Posted by at No comments:
Labels:

Difference between filtering routing updates and filtering networks between areas in OSPF



R7 is advertising 7.7.7.1/32 and 7.7.7.2/32
R6 is advertising 6.6.6.1/32 and 6.6.6.2/32

Tasks

1.Filter the 7.7.7.2/32 prefix not to exist in area146 ospf database
2.Filter the 6.6.6.2/32 prefix not to install only on R5

*Crucial configuration are put on R2 and R4.

Configuration

R1

 interface FastEthernet0/0
 ip address 192.168.12.1 255.255.255.0
!
interface FastEthernet1/0
 ip address 192.168.14.1 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 192.168.12.1 0.0.0.0 area 0
 network 192.168.14.1 0.0.0.0 area 146

R2

interface FastEthernet0/0
 ip address 192.168.12.2 255.255.255.0
!
interface FastEthernet1/0
 ip address 192.168.25.2 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 area 257 filter-list prefix DENY_NET6.2 in
 network 192.168.12.2 0.0.0.0 area 0
 network 192.168.25.2 0.0.0.0 area 257
!
ip prefix-list DENY_NET6.2 seq 5 deny 6.6.6.2/32
ip prefix-list DENY_NET6.2 seq 10 permit 0.0.0.0/0 le 32

R4

interface Loopback0
 ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.14.4 255.255.255.0
 speed 100
 full-duplex
!
interface FastEthernet0/1
 ip address 192.168.46.4 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 4.4.4.4 0.0.0.0 area 146
 network 192.168.14.4 0.0.0.0 area 146
 network 192.168.46.4 0.0.0.0 area 146
 distribute-list prefix DENY_NET7.2 in FastEthernet0/0
!
ip prefix-list DENY_NET7.2 seq 5 deny 7.7.7.2/32
ip prefix-list DENY_NET7.2 seq 10 permit 0.0.0.0/0 le 32

R5

interface FastEthernet0/0
 ip address 192.168.25.5 255.255.255.0
 speed 100
 full-duplex
!
interface FastEthernet0/1
 ip address 192.168.57.5 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 192.168.25.5 0.0.0.0 area 257
 network 192.168.57.5 0.0.0.0 area 257

R6

interface Loopback1
 ip address 6.6.6.1 255.255.255.255
!
interface Loopback2
 ip address 6.6.6.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.46.6 255.255.255.0
!
router ospf 1
 log-adjacency-changes
 network 6.6.6.1 0.0.0.0 area 146
 network 6.6.6.2 0.0.0.0 area 146
 network 192.168.46.6 0.0.0.0 area 146

R7

interface Loopback1
 ip address 7.7.7.1 255.255.255.255
!
interface Loopback2
 ip address 7.7.7.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.57.7 255.255.255.0
!
router ospf 1
 log-adjacency-changes
 network 7.7.7.1 0.0.0.0 area 257
 network 7.7.7.2 0.0.0.0 area 257
 network 192.168.57.7 0.0.0.0 area 257

Verification

Since 6.6.6.2/32 is filter-out from area 257 database, both R5 and R7 doesn't have 6.6.6.2/32 prefix.

R5#show ip route ospf
O IA 192.168.46.0/24 [110/22] via 192.168.25.2, 00:10:57, FastEthernet0/0
O IA 192.168.12.0/24 [110/11] via 192.168.25.2, 00:10:57, FastEthernet0/0
O IA 192.168.14.0/24 [110/12] via 192.168.25.2, 00:10:57, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
O IA    4.4.4.4 [110/13] via 192.168.25.2, 00:10:57, FastEthernet0/0
     6.0.0.0/32 is subnetted, 1 subnets
O IA    6.6.6.1 [110/23] via 192.168.25.2, 00:10:57, FastEthernet0/0
     7.0.0.0/32 is subnetted, 2 subnets
O       7.7.7.2 [110/11] via 192.168.57.7, 00:10:57, FastEthernet0/1
O       7.7.7.1 [110/11] via 192.168.57.7, 00:10:57, FastEthernet0/1

R7#show ip route ospf
O IA 192.168.46.0/24 [110/32] via 192.168.57.5, 00:11:27, FastEthernet0/0
O IA 192.168.12.0/24 [110/21] via 192.168.57.5, 00:11:27, FastEthernet0/0
O IA 192.168.14.0/24 [110/22] via 192.168.57.5, 00:11:27, FastEthernet0/0
O    192.168.25.0/24 [110/11] via 192.168.57.5, 00:11:27, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
O IA    4.4.4.4 [110/23] via 192.168.57.5, 00:11:27, FastEthernet0/0
     6.0.0.0/32 is subnetted, 1 subnets
O IA    6.6.6.1 [110/33] via 192.168.57.5, 00:11:27, FastEthernet0/0

Prefix 7.7.7.2/32 is filtered on R4 only not to go inside R4 routing table, so the 7.7.7.2/32 still appeared on R6 routing table. So the traffic can be blackhole at R4 if traffic destined to networks behind R4 and source from 7.7.7.2. 

R4#show ip route ospf
O IA 192.168.12.0/24 [110/11] via 192.168.14.1, 00:13:38, FastEthernet0/0
O IA 192.168.25.0/24 [110/12] via 192.168.14.1, 00:13:38, FastEthernet0/0
O IA 192.168.57.0/24 [110/22] via 192.168.14.1, 00:12:58, FastEthernet0/0
     6.0.0.0/32 is subnetted, 2 subnets
O       6.6.6.2 [110/11] via 192.168.46.6, 00:13:38, FastEthernet0/1
O       6.6.6.1 [110/11] via 192.168.46.6, 00:13:38, FastEthernet0/1
     7.0.0.0/32 is subnetted, 1 subnets
O IA    7.7.7.1 [110/23] via 192.168.14.1, 00:12:47, FastEthernet0/0
R6#show ip route ospf
O IA 192.168.12.0/24 [110/21] via 192.168.46.4, 00:36:34, FastEthernet0/0
O    192.168.14.0/24 [110/11] via 192.168.46.4, 00:36:34, FastEthernet0/0
O IA 192.168.25.0/24 [110/22] via 192.168.46.4, 00:14:36, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
O       4.4.4.4 [110/11] via 192.168.46.4, 00:36:34, FastEthernet0/0
O IA 192.168.57.0/24 [110/32] via 192.168.46.4, 00:10:57, FastEthernet0/0
     7.0.0.0/32 is subnetted, 2 subnets
O IA    7.7.7.2 [110/33] via 192.168.46.4, 00:10:47, FastEthernet0/0
O IA    7.7.7.1 [110/33] via 192.168.46.4, 00:10:47, FastEthernet0/0

GNS File : http://www.4shared.com/rar/4RSDZ4WA/Difference_between_OSPF_filter.html
Posted by at No comments:
Labels:

Monday, 11 February 2013

IS-IS Default Route Injection to Level 1 Routers


Configuration

R1

interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.13.1 255.255.255.0
 ip router isis
 duplex auto
 speed auto
 isis circuit-type level-2-only
!
interface FastEthernet0/1
 ip address 192.168.14.1 255.255.255.0
 ip router isis
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 192.168.15.1 255.255.255.0
 ip router isis
 duplex auto
 speed auto
 isis circuit-type level-1
!
router isis
 net 49.0123.0000.0000.0001.00
 metric-style wide transition
 passive-interface Loopback0

R2

interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.23.2 255.255.255.0
 ip router isis
 duplex auto
 speed auto
 isis circuit-type level-2-only
!
interface FastEthernet0/1
 ip address 192.168.26.2 255.255.255.0
 ip router isis
 duplex auto
 speed auto
 isis circuit-type level-1
!
router isis
 net 49.0123.0000.0000.0002.00
 metric-style wide transition
 passive-interface Loopback0

R3

interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.13.3 255.255.255.0
 ip router isis
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 192.168.23.3 255.255.255.0
 ip router isis
 duplex auto
 speed auto
!
router isis
 net 49.0123.0000.0000.0003.00
 is-type level-2-only
 metric-style wide transition
 passive-interface Loopback0

R4

interface Loopback0
 ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.14.4 255.255.255.0
 ip router isis
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router isis
 net 49.0004.0000.0000.0004.00
 is-type level-2-only
 metric-style wide
 passive-interface Loopback0

R5

interface Loopback0
 ip address 5.5.5.5 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.15.5 255.255.255.0
 ip router isis
 speed 100
 full-duplex
!
interface FastEthernet0/1
 ip address 192.168.56.5 255.255.255.0
 ip router isis
 duplex auto
 speed auto
!
router isis
 net 49.0123.0000.0000.0005.00
 is-type level-1
 metric-style wide
 passive-interface Loopback0

R6

interface Loopback0
 ip address 6.6.6.6 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.26.6 255.255.255.0
 ip router isis
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 192.168.56.6 255.255.255.0
 ip router isis
 duplex auto
 speed auto
!
router isis
 net 49.0123.0000.0000.0006.00
 is-type level-1
 metric-style wide
 passive-interface Loopback0

Verification

R4#show ip route isis
     1.0.0.0/32 is subnetted, 1 subnets
i L2    1.1.1.1 [115/10] via 192.168.14.1, FastEthernet0/0
i L2 192.168.13.0/24 [115/20] via 192.168.14.1, FastEthernet0/0
     2.0.0.0/32 is subnetted, 1 subnets
i L2    2.2.2.2 [115/30] via 192.168.14.1, FastEthernet0/0
     3.0.0.0/32 is subnetted, 1 subnets
i L2    3.3.3.3 [115/20] via 192.168.14.1, FastEthernet0/0
i L2 192.168.15.0/24 [115/20] via 192.168.14.1, FastEthernet0/0
     5.0.0.0/32 is subnetted, 1 subnets
i L2    5.5.5.5 [115/20] via 192.168.14.1, FastEthernet0/0
     6.0.0.0/32 is subnetted, 1 subnets
i L2    6.6.6.6 [115/30] via 192.168.14.1, FastEthernet0/0
i L2 192.168.26.0/24 [115/40] via 192.168.14.1, FastEthernet0/0
i L2 192.168.56.0/24 [115/30] via 192.168.14.1, FastEthernet0/0
i L2 192.168.23.0/24 [115/30] via 192.168.14.1, FastEthernet0/0

R5#show ip route isis
     1.0.0.0/32 is subnetted, 1 subnets
i L1    1.1.1.1 [115/10] via 192.168.15.1, FastEthernet0/0
     2.0.0.0/32 is subnetted, 1 subnets
i L1    2.2.2.2 [115/20] via 192.168.56.6, FastEthernet0/1
i L1 192.168.14.0/24 [115/20] via 192.168.15.1, FastEthernet0/0
     6.0.0.0/32 is subnetted, 1 subnets
i L1    6.6.6.6 [115/10] via 192.168.56.6, FastEthernet0/1
i L1 192.168.26.0/24 [115/20] via 192.168.56.6, FastEthernet0/1
i*L1 0.0.0.0/0 [115/10] via 192.168.15.1, FastEthernet0/0

R6#show ip route isis
     1.0.0.0/32 is subnetted, 1 subnets
i L1    1.1.1.1 [115/20] via 192.168.56.5, FastEthernet0/1
     2.0.0.0/32 is subnetted, 1 subnets
i L1    2.2.2.2 [115/10] via 192.168.26.2, FastEthernet0/0
i L1 192.168.14.0/24 [115/30] via 192.168.56.5, FastEthernet0/1
i L1 192.168.15.0/24 [115/20] via 192.168.56.5, FastEthernet0/1
     5.0.0.0/32 is subnetted, 1 subnets
i L1    5.5.5.5 [115/10] via 192.168.56.5, FastEthernet0/1
i*L1 0.0.0.0/0 [115/10] via 192.168.26.2, FastEthernet0/0

R5#ping 4.4.4.4 source loopback 0
!!!!!

R6#ping 4.4.4.4 source loopback 0
!!!!!

GNS File : http://www.4shared.com/rar/kneAEXKL/isis_default-route_injection.html


Posted by at No comments:
Labels:

IS-IS Route Leaking


In order for R6 to reach R4 loopback network, it goes via R2 which is a longer path even though the nearest exit is R1 due to the lack of specific prefix.

R6#traceroute 4.4.4.4
Type escape sequence to abort.
Tracing the route to 4.4.4.4
  1 192.168.26.2 52 msec 40 msec 20 msec
  2 192.168.23.3 44 msec 28 msec 44 msec
  3 192.168.13.1 72 msec 56 msec 56 msec
  4 192.168.14.4 64 msec *  56 msec

R1 Configuration

access-list 100 permit ip host 4.4.4.4 host 255.255.255.255
!
router isis
 redistribute isis ip level-2 into level-1 distribute-list 100

Verification

R6#traceroute 4.4.4.4
Type escape sequence to abort.
Tracing the route to 4.4.4.4
  1 192.168.56.5 52 msec 32 msec 8 msec
  2 192.168.15.1 52 msec 40 msec 52 msec
  3 192.168.14.4 76 msec *  60 msec

GNS File : http://www.4shared.com/rar/-KuB3a1B/isis_route_leaking.html




Posted by at No comments:
Labels:

Friday, 8 February 2013

BGP Routes Aggregation, Suppression

Tasks

1. Prefix 10.0.0.0/24  generated by R1 should not leak out to beyond AS234
2. R2 generate aggregated prefix that covers the prefixes from AS1 and AS234
3. The aggregated prefix should provide all the AS paths information
4. 10.0.1.0/24 to 10.0.3.0/24 need to be suppressed globally on R2
5. But 10.0.3.0/24 prefix should be sent out to R4 and subsequently to R6
6. R2 will conditionally inject the host route 10.0.1.12/32 as long as R2 receive 10.0.1.0/24 from R1
7. Since AS1 request to black-hole the traffic coming to 10.0.1.12, R2 will drop into null0
8. In order for the host route 10.0.1.12 not to leak out to AS5 and AS6, R2 will tag with community value 234:234. So that R3 and R4 interpret any route tagged with 234:234 should not be advertiested to other ASs.

Configuration

R1

interface Loopback0
 ip address 10.0.0.1 255.255.255.0
!
interface Loopback1
 ip address 10.0.1.1 255.255.255.0
!
interface Loopback2
 ip address 10.0.2.1 255.255.255.0
!
interface Loopback3
 ip address 10.0.3.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 192.168.12.1 255.255.255.0
!
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 redistribute connected route-map LOOPBACKS
 neighbor 192.168.12.2 remote-as 234
 neighbor 192.168.12.2 send-community
 neighbor 192.168.12.2 route-map NO-EXPORT out
 no auto-summary
!
ip prefix-list LOOPBACKS seq 5 permit 10.0.0.0/22 le 24
!
ip prefix-list NET0 seq 5 permit 10.0.0.0/24
!
route-map NO-EXPORT permit 10
 match ip address prefix-list NET0
 set community no-export
!
route-map NO-EXPORT permit 100
!
route-map LOOPBACKS permit 10
 match ip address prefix-list LOOPBACKS

R2

interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface Loopback4
 ip address 10.0.4.2 255.255.255.0
!
interface Loopback5
 ip address 10.0.5.2 255.255.255.0
!
interface Loopback6
 ip address 10.0.6.2 255.255.255.0
!
interface Loopback7
 ip address 10.0.7.2 255.255.255.0
!
interface FastEthernet0/0
 ip address 192.168.12.2 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 192.168.23.2 255.255.255.0
 ip router isis
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 192.168.24.2 255.255.255.0
 ip router isis
 duplex auto
 speed auto
!
router isis
 net 49.0000.0000.0002.00
 is-type level-2-only
 metric-style wide transition
 passive-interface Loopback0
!
router bgp 234
 no synchronization
 bgp log-neighbor-changes
 bgp inject-map INJECT exist-map EXIST
 aggregate-address 10.0.0.0 255.255.248.0 as-set advertise-map ADV suppress-map SUP
 redistribute connected route-map LOOPBACKS
 neighbor 3.3.3.3 remote-as 234
 neighbor 3.3.3.3 update-source Loopback0
 neighbor 3.3.3.3 route-reflector-client
 neighbor 3.3.3.3 next-hop-self
 neighbor 3.3.3.3 send-community
 neighbor 4.4.4.4 remote-as 234
 neighbor 4.4.4.4 update-source Loopback0
 neighbor 4.4.4.4 route-reflector-client
 neighbor 4.4.4.4 next-hop-self
 neighbor 4.4.4.4 send-community
 neighbor 4.4.4.4 unsuppress-map UNSUP
 neighbor 192.168.12.1 remote-as 1
 no auto-summary
!
ip forward-protocol nd
ip route 10.0.1.12 255.255.255.255 Null0
!
ip bgp-community new-format
ip community-list standard 234:234 permit 234:234
!
ip prefix-list HOST seq 5 permit 0.0.0.0/0 ge 32
!
ip prefix-list INJECT seq 5 permit 10.0.1.12/32
!
ip prefix-list LOOPBACKS seq 5 permit 10.0.4.0/22 le 24
!
ip prefix-list NET0 seq 5 permit 10.0.0.0/24
!
ip prefix-list NET1 seq 5 permit 10.0.1.0/24
!
ip prefix-list NET3 seq 5 permit 10.0.3.0/24
!
ip prefix-list R1 seq 5 permit 192.168.12.1/32
!
ip prefix-list R1LOOPBACKS seq 5 permit 10.0.1.0/24
ip prefix-list R1LOOPBACKS seq 10 permit 10.0.2.0/23 le 24
!
route-map INJECT permit 10
 set ip address prefix-list INJECT
 set community 234:234
!
route-map LOOPBACKS permit 10
 match ip address prefix-list LOOPBACKS
!
route-map UNSUP permit 10
 match ip address prefix-list NET3
!
route-map ADV deny 10
 match ip address prefix-list NET0
!
route-map ADV deny 20
 match ip address prefix-list HOST
!
route-map ADV deny 30
 match community 234:234
!
route-map ADV permit 100
!
route-map EXIST permit 10
 match ip address prefix-list NET1
 match ip route-source prefix-list R1
!
route-map SUP permit 10
 match ip address prefix-list R1LOOPBACKS

R3

interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.23.3 255.255.255.0
 ip router isis
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 192.168.35.3 255.255.255.0
 duplex auto
 speed auto
!
router isis
 net 49.0000.0000.0003.00
 is-type level-2-only
 metric-style wide transition
 passive-interface Loopback0
!
router bgp 234
 no synchronization
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 234
 neighbor 2.2.2.2 update-source Loopback0
 neighbor 2.2.2.2 next-hop-self
 neighbor 192.168.35.5 remote-as 5
 neighbor 192.168.35.5 route-map OUTBOUND out
 no auto-summary
!
ip bgp-community new-format
ip community-list standard 234:234 permit 234:234
!
route-map OUTBOUND deny 10
 match community 234:234
!
route-map OUTBOUND permit 100

R4

interface Loopback0
 ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.24.4 255.255.255.0
 ip router isis
 speed 100
 full-duplex
!
interface FastEthernet0/1
 ip address 192.168.46.4 255.255.255.0
 duplex auto
 speed auto
!
router isis
 net 49.0000.0000.0004.00
 is-type level-2-only
 metric-style wide transition
 passive-interface Loopback0
!
router bgp 234
 no synchronization
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 234
 neighbor 2.2.2.2 update-source Loopback0
 neighbor 2.2.2.2 next-hop-self
 neighbor 192.168.46.6 remote-as 6
 neighbor 192.168.46.6 route-map OUTBOUND out
 no auto-summary
!
ip bgp-community new-format
ip community-list standard 234:234 permit 234:234
!
route-map OUTBOUND deny 10
 match community 234:234
!
route-map OUTBOUND permit 100

R5

interface FastEthernet0/0
 ip address 192.168.35.5 255.255.255.0
!
router bgp 5
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.35.3 remote-as 234
 no auto-summary

R6

interface FastEthernet0/0
 ip address 192.168.46.6 255.255.255.0
!
router bgp 6
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.46.4 remote-as 234
 no auto-summary
Verification

R2#show ip bgp
   Network          Next Hop            Metric LocPrf Weight Path
*> 10.0.0.0/24      192.168.12.1             0             0 1 ?
*> 10.0.0.0/21      0.0.0.0                       100  32768 1 ?
s> 10.0.1.0/24      192.168.12.1             0             0 1 ?
r> 10.0.1.12/32     192.168.12.1                           0 ?
s> 10.0.2.0/24      192.168.12.1             0             0 1 ?
s> 10.0.3.0/24      192.168.12.1             0             0 1 ?
*> 10.0.4.0/24      0.0.0.0                  0         32768 ?
*> 10.0.5.0/24      0.0.0.0                  0         32768 ?
*> 10.0.6.0/24      0.0.0.0                  0         32768 ?
*> 10.0.7.0/24      0.0.0.0                  0         32768 ?
R3#show ip bgp
   Network          Next Hop            Metric LocPrf Weight Path
*>i10.0.0.0/24      2.2.2.2                  0    100      0 1 ?
*>i10.0.0.0/21      2.2.2.2                  0    100      0 1 ?
*>i10.0.1.12/32     2.2.2.2                  0    100      0 ?
*>i10.0.4.0/24      2.2.2.2                  0    100      0 ?
*>i10.0.5.0/24      2.2.2.2                  0    100      0 ?
*>i10.0.6.0/24      2.2.2.2                  0    100      0 ?
*>i10.0.7.0/24      2.2.2.2                  0    100      0 ?
R4#show ip bgp
   Network          Next Hop            Metric LocPrf Weight Path
*>i10.0.0.0/24      2.2.2.2                  0    100      0 1 ?
*>i10.0.0.0/21      2.2.2.2                  0    100      0 1 ?
*>i10.0.1.12/32     2.2.2.2                  0    100      0 ?
*>i10.0.3.0/24      2.2.2.2                  0    100      0 1 ?
*>i10.0.4.0/24      2.2.2.2                  0    100      0 ?
*>i10.0.5.0/24      2.2.2.2                  0    100      0 ?
*>i10.0.6.0/24      2.2.2.2                  0    100      0 ?
*>i10.0.7.0/24      2.2.2.2                  0    100      0 ?
R5#show ip bgp
   Network          Next Hop            Metric LocPrf Weight Path
*> 10.0.0.0/21      192.168.35.3                           0 234 1 ?
*> 10.0.4.0/24      192.168.35.3                           0 234 ?
*> 10.0.5.0/24      192.168.35.3                           0 234 ?
*> 10.0.6.0/24      192.168.35.3                           0 234 ?
*> 10.0.7.0/24      192.168.35.3                           0 234 ?
R6#show ip bgp
   Network          Next Hop            Metric LocPrf Weight Path
*> 10.0.0.0/21      192.168.46.4                           0 234 1 ?
*> 10.0.3.0/24      192.168.46.4                           0 234 1 ?
*> 10.0.4.0/24      192.168.46.4                           0 234 ?
*> 10.0.5.0/24      192.168.46.4                           0 234 ?
*> 10.0.6.0/24      192.168.46.4                           0 234 ?
*> 10.0.7.0/24      192.168.46.4                           0 234 ?
GNS File : http://www.4shared.com/rar/0a9U6KXC/BGP_Routes_Aggregation_Suppres.html
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)