In this topic, provider will use OSPF as a PE-CE protocol. R5 Lo 0 is in area 0, Lo 1 is in area 1, Lo 2 is redistributed into OSPF.
In this lab, I bring up another PE router R3. R1, R2, and R3 are NOT emulating OSPF super backbone area 0. We will focus more on 5.5.5.2/32 prefix.
Configuration
R1
ip vrf one
rd 1:1
route-target export 1:1
route-target import 1:1
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
ip router isis
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
ip vrf forwarding one
ip address 192.168.14.1 255.255.255.0
duplex auto
speed auto
!
router ospf 1 vrf one
log-adjacency-changes
redistribute bgp 1 subnets route-map BLK_SHAM
network 192.168.14.1 0.0.0.0 area 0
!
router isis
net 49.0000.0000.0001.00
metric-style wide transition
passive-interface Loopback0
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 1
neighbor 2.2.2.2 update-source Loopback0
!
address-family ipv4
neighbor 2.2.2.2 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf one
redistribute ospf 1 vrf one match internal external 1 external 2
no synchronization
exit-address-family
!
ip prefix-list SHAM seq 5 permit 1.1.1.1/32
ip prefix-list SHAM seq 10 permit 2.2.2.2/32
ip prefix-list SHAM seq 15 permit 3.3.3.3/32
!
route-map BLK_SHAM deny 10
match ip address prefix-list SHAM
!
route-map BLK_SHAM permit 100
!
mpls ldp router-id Loopback0 force
R2
ip vrf one
rd 1:2
route-target export 1:1
route-target import 1:1
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
ip router isis
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
ip address 192.168.23.2 255.255.255.0
ip router isis
duplex auto
speed auto
mpls ip
!
interface FastEthernet1/0
ip vrf forwarding one
ip address 192.168.25.2 255.255.255.0
duplex auto
speed auto
!
router ospf 1 vrf one
log-adjacency-changes
redistribute bgp 1 subnets route-map BLK_SHAM
network 192.168.25.2 0.0.0.0 area 0
!
router isis
net 49.0000.0000.0002.00
metric-style wide transition
passive-interface Loopback0
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor IBGP peer-group
neighbor IBGP remote-as 1
neighbor IBGP update-source Loopback0
neighbor 1.1.1.1 peer-group IBGP
neighbor 3.3.3.3 peer-group IBGP
!
address-family vpnv4
neighbor IBGP send-community extended
neighbor IBGP route-reflector-client
neighbor 1.1.1.1 activate
neighbor 3.3.3.3 activate
exit-address-family
!
address-family ipv4 vrf one
redistribute ospf 1 vrf one match internal external 1 external 2
no synchronization
exit-address-family
!
ip prefix-list SHAM seq 5 permit 1.1.1.1/32
ip prefix-list SHAM seq 10 permit 2.2.2.2/32
ip prefix-list SHAM seq 15 permit 3.3.3.3/32
!
route-map BLK_SHAM deny 10
match ip address prefix-list SHAM
!
route-map BLK_SHAM permit 100
!
mpls ldp router-id Loopback0 force
R3
ip vrf one
rd 1:3
route-target export 1:1
route-target import 1:1
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.23.3 255.255.255.0
ip router isis
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
ip vrf forwarding one
ip address 192.168.34.3 255.255.255.0
duplex auto
speed auto
!
router ospf 1 vrf one
log-adjacency-changes
redistribute bgp 1 subnets route-map BLK_SHAM
network 192.168.34.3 0.0.0.0 area 0
!
router isis
net 49.0000.0000.0003.00
metric-style wide transition
passive-interface Loopback0
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 1
neighbor 2.2.2.2 update-source Loopback0
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf one
redistribute ospf 1 vrf one match internal external 1 external 2
no synchronization
exit-address-family
!
ip prefix-list SHAM seq 5 permit 1.1.1.1/32
ip prefix-list SHAM seq 10 permit 2.2.2.2/32
ip prefix-list SHAM seq 15 permit 3.3.3.3/32
!
route-map BLK_SHAM deny 10
match ip address prefix-list SHAM
!
route-map BLK_SHAM permit 100
!
mpls ldp router-id Loopback0 force
R4
interface FastEthernet0/0
ip address 192.168.14.4 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.34.4 255.255.255.0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 192.168.14.4 0.0.0.0 area 0
network 192.168.34.4 0.0.0.0 area 0
R5
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface Loopback1
ip address 5.5.5.1 255.255.255.255
!
interface Loopback2
ip address 5.5.5.2 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.25.5 255.255.255.0
speed 100
full-duplex
!
router ospf 1
log-adjacency-changes
redistribute connected subnets route-map CONN
network 5.5.5.1 0.0.0.0 area 1
network 5.5.5.5 0.0.0.0 area 0
network 192.168.25.5 0.0.0.0 area 0
!
ip prefix-list LO2 seq 5 permit 5.5.5.2/32
!
route-map CONN permit 10
match ip address prefix-list LO2
Verification
So far everything looks fine. As I mentioned previously, we will focus only on 5.5.5.5/32
R4#show ip route ospf
O IA 192.168.25.0/24 [110/11] via 192.168.34.3, 00:11:20, FastEthernet0/1
[110/11] via 192.168.14.1, 00:11:20, FastEthernet0/0
5.0.0.0/32 is subnetted, 3 subnets
O IA 5.5.5.5 [110/12] via 192.168.34.3, 00:11:20, FastEthernet0/1
[110/12] via 192.168.14.1, 00:11:20, FastEthernet0/0
O IA 5.5.5.1 [110/12] via 192.168.34.3, 00:11:20, FastEthernet0/1
[110/12] via 192.168.14.1, 00:11:20, FastEthernet0/0
O E2 5.5.5.2 [110/20] via 192.168.34.3, 00:11:10, FastEthernet0/1
[110/20] via 192.168.14.1, 00:11:10, FastEthernet0/0
R1#show bgp vpnv4 unicast vrf one
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf one)
*>i5.5.5.1/32 2.2.2.2 2 100 0 ?
*>i5.5.5.2/32 2.2.2.2 20 100 0 ?
*>i5.5.5.5/32 2.2.2.2 2 100 0 ?
* i192.168.14.0 3.3.3.3 20 100 0 ?
*> 0.0.0.0 0 32768 ?
*>i192.168.25.0 2.2.2.2 0 100 0 ?
*> 192.168.34.0 192.168.14.4 20 32768 ?
* i 3.3.3.3 0 100 0 ?
R3# show bgp vpnv4 unicast vrf one
Route Distinguisher: 1:3 (default for vrf one)
*>i5.5.5.1/32 2.2.2.2 2 100 0 ?
*>i5.5.5.2/32 2.2.2.2 20 100 0 ?
*>i5.5.5.5/32 2.2.2.2 2 100 0 ?
*> 192.168.14.0 192.168.34.4 20 32768 ?
* i 1.1.1.1 0 100 0 ?
*>i192.168.25.0 2.2.2.2 0 100 0 ?
* i192.168.34.0 1.1.1.1 20 100 0 ?
*> 0.0.0.0 0 32768 ?
R4#show ip ospf database external 5.5.5.2
OSPF Router with ID (4.4.4.4) (Process ID 1)
Type-5 AS External Link States
LS age: 12 (DoNotAge)
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 5.5.5.2 (External Network Number )
Advertising Router: 5.5.5.1
LS Seq Number: 80000007
Checksum: 0x94E4
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
Routing Bit Set on this LSA
LS age: 1144
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 5.5.5.2 (External Network Number )
Advertising Router: 192.168.14.1
LS Seq Number: 80000001
Checksum: 0xF84C
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 3489660929
Routing Bit Set on this LSA
LS age: 1145
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 5.5.5.2 (External Network Number )
Advertising Router: 192.168.34.3
LS Seq Number: 80000001
Checksum: 0x60CE
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 3489660929
http://internetworklabs.blogspot.sg/2011/08/cisco-mpls-vpn-ospf-down-bit-domain-tag.html
GNS File : http://www.4shared.com/rar/Zwd8_TUT/mpls_vpn_pe-ce_with_ospf__inje.html
Note
Now I will try to inject routing loop by configuring different domain-tag on either R1 or R3.
R3#show run | b router ospf
router ospf 1 vrf one
domain-tag 3
Depending on the timing, different outputs can be generated. The output below is by the time I was testing,
R1#show bgp vpnv4 unicast vrf one
Route Distinguisher: 1:1 (default for vrf one)
*>i5.5.5.1/32 2.2.2.2 2 100 0 ?
*> 5.5.5.2/32 192.168.14.4 20 32768 ?
* i 2.2.2.2 20 100 0 ?
*>i5.5.5.5/32 2.2.2.2 2 100 0 ?
* i192.168.14.0 3.3.3.3 20 100 0 ?
*> 0.0.0.0 0 32768 ?
*>i192.168.25.0 2.2.2.2 0 100 0 ?
*> 192.168.34.0 192.168.14.4 20 32768 ?
* i 3.3.3.3 0 100 0 ?
R3#show bgp vpnv4 unicast vrf one
Route Distinguisher: 1:3 (default for vrf one)
*>i5.5.5.1/32 2.2.2.2 2 100 0 ?
* i5.5.5.2/32 1.1.1.1 20 100 0 ?
*>i 2.2.2.2 20 100 0 ?
*>i5.5.5.5/32 2.2.2.2 2 100 0 ?
*> 192.168.14.0 192.168.34.4 20 32768 ?
* i 1.1.1.1 0 100 0 ?
*>i192.168.25.0 2.2.2.2 0 100 0 ?
* i192.168.34.0 1.1.1.1 20 100 0 ?
*> 0.0.0.0 0 32768 ?
R4#traceroute 5.5.5.2
Type escape sequence to abort.
Tracing the route to 5.5.5.2
1 192.168.34.3 48 msec 72 msec 36 msec
2 192.168.25.2 [MPLS: Label 25 Exp 0] 32 msec 60 msec 36 msec
3 192.168.25.5 80 msec * 84 msec
It looks no problem. But actually, there is a loop. In order to test this, I will shutdown R5 Lo2 network, and check the outcome.
interface Loopback2
ip address 5.5.5.2 255.255.255.255
shutdown
R4#traceroute 5.5.5.2
Type escape sequence to abort.
Tracing the route to 5.5.5.2
1 192.168.34.3 68 msec 80 msec 28 msec
2 192.168.23.2 [MPLS: Labels 16/22 Exp 0] 44 msec 28 msec 20 msec
3 192.168.14.1 [MPLS: Label 22 Exp 0] 52 msec 60 msec 40 msec
4 192.168.14.4 24 msec 60 msec 20 msec
5 192.168.34.3 48 msec 112 msec 92 msec
6 192.168.23.2 [MPLS: Labels 16/22 Exp 0] 104 msec 104 msec 68 msec
7 192.168.14.1 [MPLS: Label 22 Exp 0] 104 msec 108 msec 44 msec
8 192.168.14.4 64 msec 88 msec 40 msec
9 192.168.34.3 88 msec 108 msec 128 msec
10 192.168.23.2 [MPLS: Labels 16/22 Exp 0] 108 msec 168 msec 120 msec
11 192.168.14.1 [MPLS: Label 22 Exp 0] 120 msec 100 msec 84 msec
12 192.168.14.4 116 msec 124 msec 124 msec
13 192.168.34.3 144 msec 228 msec 132 msec
14 192.168.23.2 [MPLS: Labels 16/22 Exp 0] 148 msec 188 msec 164 msec
15 192.168.14.1 [MPLS: Label 22 Exp 0] 196 msec 216 msec 92 msec
16 192.168.14.4 128 msec 184 msec 176 msec
R1#show bgp vpnv4 unicast vrf one
Route Distinguisher: 1:1 (default for vrf one)
*>i5.5.5.1/32 2.2.2.2 2 100 0 ?
*> 5.5.5.2/32 192.168.14.4 20 32768 ?
*>i5.5.5.5/32 2.2.2.2 2 100 0 ?
* i192.168.14.0 3.3.3.3 20 100 0 ?
*> 0.0.0.0 0 32768 ?
*>i192.168.25.0 2.2.2.2 0 100 0 ?
*> 192.168.34.0 192.168.14.4 20 32768 ?
* i 3.3.3.3 0 100 0 ?
R2#show bgp vpnv4 unicast vrf one
Route Distinguisher: 1:2 (default for vrf one)
*> 5.5.5.1/32 192.168.25.5 2 32768 ?
*>i5.5.5.2/32 1.1.1.1 20 100 0 ?
*> 5.5.5.5/32 192.168.25.5 2 32768 ?
* i192.168.14.0 3.3.3.3 20 100 0 ?
*>i 1.1.1.1 0 100 0 ?
*> 192.168.25.0 0.0.0.0 0 32768 ?
* i192.168.34.0 1.1.1.1 20 100 0 ?
*>i 3.3.3.3 0 100 0 ?
R3#show bgp vpnv4 unicast vrf one
Route Distinguisher: 1:3 (default for vrf one)
*>i5.5.5.1/32 2.2.2.2 2 100 0 ?
*>i5.5.5.2/32 1.1.1.1 20 100 0 ?
*>i5.5.5.5/32 2.2.2.2 2 100 0 ?
*> 192.168.14.0 192.168.34.4 20 32768 ?
* i 1.1.1.1 0 100 0 ?
*>i192.168.25.0 2.2.2.2 0 100 0 ?
* i192.168.34.0 1.1.1.1 20 100 0 ?
*> 0.0.0.0 0 32768 ?
No comments:
Post a Comment