Showing posts with label OSPF. Show all posts
Showing posts with label OSPF. Show all posts

Saturday, 16 February 2013

MPLS VPN PE-CE Protocol(OSPF) Part 1


In this topic, provider will use OSPF as a PE-CE protocol. R5 Lo 0 is in area 0, Lo 1 is in area 1, Lo 2 is redistributed into OSPF.

In this section, provider will run OSPF without running OSPF super-backbone, but same domain-id for the OSPF process used for adjacent with customer.

Configuration

R1

ip vrf one
 rd 1:1
 route-target export 1:1
 route-target import 1:1
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.12.1 255.255.255.0
 ip router isis
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 ip vrf forwarding one
 ip address 192.168.14.1 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1 vrf one
 log-adjacency-changes
 redistribute bgp 1 subnets route-map BLK_SHAM
 network 192.168.14.1 0.0.0.0 area 0
!
router isis
 net 49.0000.0000.0001.00
 metric-style wide transition
 passive-interface Loopback0
!
router bgp 1
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 1
 neighbor 2.2.2.2 update-source Loopback0
 !
 address-family ipv4
  neighbor 2.2.2.2 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf one
  redistribute ospf 1 vrf one match internal external 1 external 2
  no synchronization
 exit-address-family
!
ip prefix-list SHAM seq 5 permit 1.1.1.1/32
ip prefix-list SHAM seq 10 permit 2.2.2.2/32
ip prefix-list SHAM seq 15 permit 3.3.3.3/32
!
route-map BLK_SHAM deny 10
 match ip address prefix-list SHAM
!
route-map BLK_SHAM permit 100
!
mpls ldp router-id Loopback0 force

R2

ip vrf one
 rd 1:2
 route-target export 1:1
 route-target import 1:1
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.12.2 255.255.255.0
 ip router isis
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet1/0
 ip vrf forwarding one
 ip address 192.168.25.2 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1 vrf one
 log-adjacency-changes
 redistribute bgp 1 subnets route-map BLK_SHAM
 network 192.168.25.2 0.0.0.0 area 0
!
router isis
 net 49.0000.0000.0002.00
 metric-style wide transition
 passive-interface Loopback0
!
router bgp 1
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor IBGP peer-group
 neighbor IBGP remote-as 1
 neighbor IBGP update-source Loopback0
 neighbor 1.1.1.1 peer-group IBGP
 !
 address-family vpnv4
  neighbor IBGP send-community extended
  neighbor IBGP route-reflector-client
  neighbor 1.1.1.1 activate
 exit-address-family
 !
 address-family ipv4 vrf one
  redistribute ospf 1 vrf one match internal external 1 external 2
  no synchronization
 exit-address-family
!
ip prefix-list SHAM seq 5 permit 1.1.1.1/32
ip prefix-list SHAM seq 10 permit 2.2.2.2/32
ip prefix-list SHAM seq 15 permit 3.3.3.3/32
!
route-map BLK_SHAM deny 10
 match ip address prefix-list SHAM
!
route-map BLK_SHAM permit 100
!
mpls ldp router-id Loopback0 force

R4

interface FastEthernet0/0
 ip address 192.168.14.4 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 4.4.4.4 0.0.0.0 area 0

R5

interface Loopback0
 ip address 5.5.5.5 255.255.255.255
!
interface Loopback1
 ip address 5.5.5.1 255.255.255.255
!
interface Loopback2
 ip address 5.5.5.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.25.5 255.255.255.0
 speed 100
 full-duplex
!
router ospf 1
 log-adjacency-changes
 redistribute connected subnets route-map CONN
 network 5.5.5.1 0.0.0.0 area 1
 network 5.5.5.5 0.0.0.0 area 0
 network 192.168.25.5 0.0.0.0 area 0
!
ip prefix-list LO2 seq 5 permit 5.5.5.2/32
!
route-map CONN permit 10
 match ip address prefix-list LO2

Verification

Due to without running super backbone and running same domain-id, R5 Lo0 and Lo1 will appeared as inter area routes on R4.

R4#show ip route ospf
O IA 192.168.25.0/24 [110/11] via 192.168.14.1, 00:08:06, FastEthernet0/0
     5.0.0.0/32 is subnetted, 3 subnets
O IA    5.5.5.5 [110/12] via 192.168.14.1, 00:08:06, FastEthernet0/0
O IA    5.5.5.1 [110/12] via 192.168.14.1, 00:08:06, FastEthernet0/0
O E2    5.5.5.2 [110/20] via 192.168.14.1, 00:08:06, FastEthernet0/0
GNS File : http://www.4shared.com/rar/9hHAdS2o/mpls_vpn_pe-ce_with_ospf__no_s.html

Posted by at No comments:
Labels: , ,

MPLS VPN PE-CE Protocol(OSPF) Part 2



In this topic, provider will use OSPF as a PE-CE protocol. R5 Lo 0 is in area 0, Lo 1 is in area 1, Lo 2 is redistributed into OSPF.

In this section, provider will run OSPF without running OSPF super-backbone, different domain-id for the OSPF process used for adjacent with customer.

Configuration

R1

ip vrf one
rd 1:1
route-target export 1:1
route-target import 1:1
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
ip router isis
duplex auto
speed auto
mpls ip
!
interface FastEthernet0/1
ip vrf forwarding one
ip address 192.168.14.1 255.255.255.0
duplex auto
speed auto
!
router ospf 1 vrf one
log-adjacency-changes
redistribute bgp 1 subnets route-map BLK_SHAM
network 192.168.14.1 0.0.0.0 area 0
!
router isis
net 49.0000.0000.0001.00
metric-style wide transition
passive-interface Loopback0
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 1
neighbor 2.2.2.2 update-source Loopback0
!
address-family ipv4
neighbor 2.2.2.2 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf one
redistribute ospf 1 vrf one match internal external 1 external 2
no synchronization
exit-address-family
!
ip prefix-list SHAM seq 5 permit 1.1.1.1/32
ip prefix-list SHAM seq 10 permit 2.2.2.2/32
ip prefix-list SHAM seq 15 permit 3.3.3.3/32
!
route-map BLK_SHAM deny 10
match ip address prefix-list SHAM
!
route-map BLK_SHAM permit 100
!
mpls ldp router-id Loopback0 force

R2

ip vrf one
rd 1:2
route-target export 1:1
route-target import 1:1
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
ip router isis
duplex auto
speed auto
mpls ip
!
interface FastEthernet1/0
ip vrf forwarding one
ip address 192.168.25.2 255.255.255.0
duplex auto
speed auto
!
router ospf 1 vrf one
domain-id type 0005 value 000000020200
log-adjacency-changes
redistribute bgp 1 subnets route-map BLK_SHAM
network 192.168.25.2 0.0.0.0 area 0
!
router isis
net 49.0000.0000.0002.00
metric-style wide transition
passive-interface Loopback0
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor IBGP peer-group
neighbor IBGP remote-as 1
neighbor IBGP update-source Loopback0
neighbor 1.1.1.1 peer-group IBGP
!
address-family vpnv4
neighbor IBGP send-community extended
neighbor IBGP route-reflector-client
neighbor 1.1.1.1 activate
exit-address-family
!
address-family ipv4 vrf one
redistribute ospf 1 vrf one match internal external 1 external 2
no synchronization
exit-address-family
!
ip prefix-list SHAM seq 5 permit 1.1.1.1/32
ip prefix-list SHAM seq 10 permit 2.2.2.2/32
ip prefix-list SHAM seq 15 permit 3.3.3.3/32
!
route-map BLK_SHAM deny 10
match ip address prefix-list SHAM
!
route-map BLK_SHAM permit 100
!
mpls ldp router-id Loopback0 force

R4

interface FastEthernet0/0
ip address 192.168.14.4 255.255.255.0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
network 4.4.4.4 0.0.0.0 area 0

R5

interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface Loopback1
ip address 5.5.5.1 255.255.255.255
!
interface Loopback2
ip address 5.5.5.2 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.25.5 255.255.255.0
speed 100
full-duplex
!
router ospf 1
log-adjacency-changes
redistribute connected subnets route-map CONN
network 5.5.5.1 0.0.0.0 area 1
network 5.5.5.5 0.0.0.0 area 0
network 192.168.25.5 0.0.0.0 area 0
!
ip prefix-list LO2 seq 5 permit 5.5.5.2/32
!
route-map CONN permit 10
match ip address prefix-list LO2

Verification

Due to without running super backbone and running different domain-id, all prefixes will appeared as external routes on R4.

R4#show ip route ospf
O E2 192.168.25.0/24 [110/1] via 192.168.14.1, 00:00:49, FastEthernet0/0
     5.0.0.0/32 is subnetted, 3 subnets
O E2    5.5.5.5 [110/2] via 192.168.14.1, 00:00:49, FastEthernet0/0
O E2    5.5.5.1 [110/2] via 192.168.14.1, 00:00:49, FastEthernet0/0
O E2    5.5.5.2 [110/20] via 192.168.14.1, 00:49:12, FastEthernet0/0

GNS File : http://www.4shared.com/rar/7AuMIJzg/mpls_vpn_pe-ce_with_ospf__no_s.html
Posted by at No comments:
Labels: , ,

MPLS VPN PE-CE Protocol(OSPF) Part 3


In this topic, provider will use OSPF as a PE-CE protocol. R5 Lo 0 is in area 0, Lo 1 is in area 1, Lo 2 is redistributed into OSPF.

In this section, provider will run OSPF super-backbone for the OSPF process used for adjacent with customer. On R5, I add another loopback network which is Lo 10 and put into area 1.

Configuration

R1

ip vrf one
 rd 1:1
 route-target export 1:1
 route-target import 1:1
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Loopback1
 ip vrf forwarding one
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.12.1 255.255.255.0
 ip router isis
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 ip vrf forwarding one
 ip address 192.168.14.1 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1 vrf one
 log-adjacency-changes
 area 0 sham-link 1.1.1.1 2.2.2.2
 redistribute bgp 1 subnets route-map BLK_SHAM
 network 192.168.14.1 0.0.0.0 area 0
!
router isis
 net 49.0000.0000.0001.00
 metric-style wide transition
 passive-interface Loopback0
!
router bgp 1
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 1
 neighbor 2.2.2.2 update-source Loopback0
 !
 address-family ipv4
  neighbor 2.2.2.2 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf one
  redistribute ospf 1 vrf one match internal external 1 external 2
  no synchronization
  network 1.1.1.1 mask 255.255.255.255
 exit-address-family
!
ip prefix-list SHAM seq 5 permit 1.1.1.1/32
ip prefix-list SHAM seq 10 permit 2.2.2.2/32
ip prefix-list SHAM seq 15 permit 3.3.3.3/32
!
route-map BLK_SHAM deny 10
 match ip address prefix-list SHAM
!
route-map BLK_SHAM permit 100
!
mpls ldp router-id Loopback0 force

R2

ip vrf one
 rd 1:2
 route-target export 1:1
 route-target import 1:1
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface Loopback1
 ip vrf forwarding one
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.12.2 255.255.255.0
 ip router isis
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet1/0
 ip vrf forwarding one
 ip address 192.168.25.2 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1 vrf one
 log-adjacency-changes
 area 0 sham-link 2.2.2.2 1.1.1.1
 redistribute bgp 1 subnets route-map BLK_SHAM
 network 192.168.25.2 0.0.0.0 area 0
!
router isis
 net 49.0000.0000.0002.00
 metric-style wide transition
 passive-interface Loopback0
!
router bgp 1
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor IBGP peer-group
 neighbor IBGP remote-as 1
 neighbor IBGP update-source Loopback0
 neighbor 1.1.1.1 peer-group IBGP
 !
 address-family vpnv4
  neighbor IBGP send-community extended
  neighbor IBGP route-reflector-client
  neighbor 1.1.1.1 activate
 exit-address-family
 !
 address-family ipv4 vrf one
  redistribute ospf 1 vrf one match internal external 1 external 2
  no synchronization
  network 2.2.2.2 mask 255.255.255.255
 exit-address-family
!
ip prefix-list SHAM seq 5 permit 1.1.1.1/32
ip prefix-list SHAM seq 10 permit 2.2.2.2/32
ip prefix-list SHAM seq 15 permit 3.3.3.3/32
!
route-map BLK_SHAM deny 10
 match ip address prefix-list SHAM
!
route-map BLK_SHAM permit 100
!
mpls ldp router-id Loopback0 force

R4

interface FastEthernet0/0
 ip address 192.168.14.4 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 192.168.14.4 0.0.0.0 area 0

R5

interface Loopback0
 ip address 5.5.5.5 255.255.255.255
!
interface Loopback1
 ip address 5.5.5.1 255.255.255.255
!
interface Loopback2
 ip address 5.5.5.2 255.255.255.255
!
interface Loopback10
 ip address 5.5.5.10 255.255.255.255
 ip ospf 1 area 1
!
interface FastEthernet0/0
 ip address 192.168.25.5 255.255.255.0
 speed 100
 full-duplex
!
router ospf 1
 log-adjacency-changes
 redistribute connected subnets route-map CONN
 network 5.5.5.1 0.0.0.0 area 1
 network 5.5.5.5 0.0.0.0 area 0
 network 192.168.25.5 0.0.0.0 area 0
!
ip prefix-list LO2 seq 5 permit 5.5.5.2/32
!
route-map CONN permit 10
 match ip address prefix-list LO2

Verification

Due to running super backbone area on Provider routers, provider networks is considered virtual area 0 from the customer routers point of view. So R5 Lo 0 is appeared as intra area routes, Lo1 and Lo10 appeared as inter area routes. In other words, other side of the customer router can see the correct OSPF route type.

R4#show ip route ospf
O    192.168.25.0/24 [110/12] via 192.168.14.1, 00:17:19, FastEthernet0/0
     5.0.0.0/32 is subnetted, 4 subnets
O       5.5.5.5 [110/13] via 192.168.14.1, 00:17:19, FastEthernet0/0
O IA    5.5.5.1 [110/13] via 192.168.14.1, 00:17:19, FastEthernet0/0
O E2    5.5.5.2 [110/20] via 192.168.14.1, 00:13:15, FastEthernet0/0
O IA    5.5.5.10 [110/13] via 192.168.14.1, 00:13:20, FastEthernet0/0

Note

Due to super backbone emulated, from R1 perspective, prefixes from R5 are learnt through OSPF, not via MP BGP anymore.

R1#show ip route vrf one

Gateway of last resort is not set
     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback1
     2.0.0.0/32 is subnetted, 1 subnets
B       2.2.2.2 [200/0] via 2.2.2.2, 00:27:32
C    192.168.14.0/24 is directly connected, FastEthernet0/1
O    192.168.25.0/24 [110/2] via 2.2.2.2, 00:27:17
     5.0.0.0/32 is subnetted, 4 subnets
O       5.5.5.5 [110/3] via 2.2.2.2, 00:27:17
O IA    5.5.5.1 [110/3] via 2.2.2.2, 00:27:17
O E2    5.5.5.2 [110/20] via 2.2.2.2, 00:23:02
O IA    5.5.5.10 [110/3] via 2.2.2.2, 00:23:08

R1#show bgp vpnv4 unicast vrf one

Route Distinguisher: 1:1 (default for vrf one)
*> 1.1.1.1/32       0.0.0.0                  0         32768 i
*>i2.2.2.2/32       2.2.2.2                  0    100      0 i
r>i5.5.5.1/32       2.2.2.2                  2    100      0 ?
r>i5.5.5.2/32       2.2.2.2                 20    100      0 ?
r>i5.5.5.5/32       2.2.2.2                  2    100      0 ?
r>i5.5.5.10/32      2.2.2.2                  2    100      0 ?
*> 192.168.14.0     0.0.0.0                  0         32768 ?
r>i192.168.25.0     2.2.2.2                  0    100      0 ?

So consequently, if R1 wants to filter out some prefixes when advertising to R4, it cannot be filtered at the BGP > OSPF level. For testing this, I will add 5.5.5.10/32 under "SHAM" prefix, which prefix is denied when redistributing from BGP to OSPF. But it doesn't work.

R1(config)#ip prefix-list SHAM seq 20 permit 5.5.5.10/32

R4#show ip route ospf
O    192.168.25.0/24 [110/12] via 192.168.14.1, 00:32:38, FastEthernet0/0
     5.0.0.0/32 is subnetted, 4 subnets
O       5.5.5.5 [110/13] via 192.168.14.1, 00:32:38, FastEthernet0/0
O IA    5.5.5.1 [110/13] via 192.168.14.1, 00:32:38, FastEthernet0/0
O E2    5.5.5.2 [110/20] via 192.168.14.1, 00:28:33, FastEthernet0/0
O IA    5.5.5.10 [110/13] via 192.168.14.1, 00:28:38, FastEthernet0/0

GNS File : http://www.4shared.com/rar/4ERKR8Oy/mpls_vpn_pe-ce_with_ospf__supr.html
Posted by at No comments:
Labels: , ,

MPLS VPN PE-CE Protocol(OSPF) Part 4



In this topic, provider will use OSPF as a PE-CE protocol. R5 Lo 0 is in area 0, Lo 1 is in area 1, Lo 2 is redistributed into OSPF.
In this lab, I bring up another PE router R3. R1, R2, and R3 are NOT emulating OSPF super backbone area 0. We will focus more on 5.5.5.2/32 prefix.

Configuration

R1

ip vrf one
 rd 1:1
 route-target export 1:1
 route-target import 1:1
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.12.1 255.255.255.0
 ip router isis
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 ip vrf forwarding one
 ip address 192.168.14.1 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1 vrf one
 log-adjacency-changes
 redistribute bgp 1 subnets route-map BLK_SHAM
 network 192.168.14.1 0.0.0.0 area 0
!
router isis
 net 49.0000.0000.0001.00
 metric-style wide transition
 passive-interface Loopback0
!
router bgp 1
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 1
 neighbor 2.2.2.2 update-source Loopback0
 !
 address-family ipv4
  neighbor 2.2.2.2 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf one
  redistribute ospf 1 vrf one match internal external 1 external 2
  no synchronization
 exit-address-family
!
ip prefix-list SHAM seq 5 permit 1.1.1.1/32
ip prefix-list SHAM seq 10 permit 2.2.2.2/32
ip prefix-list SHAM seq 15 permit 3.3.3.3/32
!
route-map BLK_SHAM deny 10
 match ip address prefix-list SHAM
!
route-map BLK_SHAM permit 100
!
mpls ldp router-id Loopback0 force

R2

ip vrf one
 rd 1:2
 route-target export 1:1
 route-target import 1:1
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.12.2 255.255.255.0
 ip router isis
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 ip address 192.168.23.2 255.255.255.0
 ip router isis
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet1/0
 ip vrf forwarding one
 ip address 192.168.25.2 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1 vrf one
 log-adjacency-changes
 redistribute bgp 1 subnets route-map BLK_SHAM
 network 192.168.25.2 0.0.0.0 area 0
!
router isis
 net 49.0000.0000.0002.00
 metric-style wide transition
 passive-interface Loopback0
!
router bgp 1
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor IBGP peer-group
 neighbor IBGP remote-as 1
 neighbor IBGP update-source Loopback0
 neighbor 1.1.1.1 peer-group IBGP
 neighbor 3.3.3.3 peer-group IBGP
 !
 address-family vpnv4
  neighbor IBGP send-community extended
  neighbor IBGP route-reflector-client
  neighbor 1.1.1.1 activate
  neighbor 3.3.3.3 activate
 exit-address-family
 !
 address-family ipv4 vrf one
  redistribute ospf 1 vrf one match internal external 1 external 2
  no synchronization
 exit-address-family
!
ip prefix-list SHAM seq 5 permit 1.1.1.1/32
ip prefix-list SHAM seq 10 permit 2.2.2.2/32
ip prefix-list SHAM seq 15 permit 3.3.3.3/32
!
route-map BLK_SHAM deny 10
 match ip address prefix-list SHAM
!
route-map BLK_SHAM permit 100
!
mpls ldp router-id Loopback0 force

R3

ip vrf one
 rd 1:3
 route-target export 1:1
 route-target import 1:1
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.23.3 255.255.255.0
 ip router isis
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 ip vrf forwarding one
 ip address 192.168.34.3 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1 vrf one
 log-adjacency-changes
 redistribute bgp 1 subnets route-map BLK_SHAM
 network 192.168.34.3 0.0.0.0 area 0
!
router isis
 net 49.0000.0000.0003.00
 metric-style wide transition
 passive-interface Loopback0
!
router bgp 1
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 1
 neighbor 2.2.2.2 update-source Loopback0
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf one
  redistribute ospf 1 vrf one match internal external 1 external 2
  no synchronization
 exit-address-family
!
ip prefix-list SHAM seq 5 permit 1.1.1.1/32
ip prefix-list SHAM seq 10 permit 2.2.2.2/32
ip prefix-list SHAM seq 15 permit 3.3.3.3/32
!
route-map BLK_SHAM deny 10
 match ip address prefix-list SHAM
!
route-map BLK_SHAM permit 100
!
mpls ldp router-id Loopback0 force

R4

interface FastEthernet0/0
 ip address 192.168.14.4 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 192.168.34.4 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 192.168.14.4 0.0.0.0 area 0
 network 192.168.34.4 0.0.0.0 area 0

R5

interface Loopback0
 ip address 5.5.5.5 255.255.255.255
!
interface Loopback1
 ip address 5.5.5.1 255.255.255.255
!
interface Loopback2
 ip address 5.5.5.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.25.5 255.255.255.0
 speed 100
 full-duplex
!
router ospf 1
 log-adjacency-changes
 redistribute connected subnets route-map CONN
 network 5.5.5.1 0.0.0.0 area 1
 network 5.5.5.5 0.0.0.0 area 0
 network 192.168.25.5 0.0.0.0 area 0
!
ip prefix-list LO2 seq 5 permit 5.5.5.2/32
!
route-map CONN permit 10
 match ip address prefix-list LO2

Verification

So far everything looks fine. As I mentioned previously, we will focus only on 5.5.5.5/32

R4#show ip route ospf
O IA 192.168.25.0/24 [110/11] via 192.168.34.3, 00:11:20, FastEthernet0/1
                     [110/11] via 192.168.14.1, 00:11:20, FastEthernet0/0
     5.0.0.0/32 is subnetted, 3 subnets
O IA    5.5.5.5 [110/12] via 192.168.34.3, 00:11:20, FastEthernet0/1
                [110/12] via 192.168.14.1, 00:11:20, FastEthernet0/0
O IA    5.5.5.1 [110/12] via 192.168.34.3, 00:11:20, FastEthernet0/1
                [110/12] via 192.168.14.1, 00:11:20, FastEthernet0/0
O E2    5.5.5.2 [110/20] via 192.168.34.3, 00:11:10, FastEthernet0/1
                [110/20] via 192.168.14.1, 00:11:10, FastEthernet0/0

R1#show bgp vpnv4 unicast vrf one
   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf one)
*>i5.5.5.1/32       2.2.2.2                  2    100      0 ?
*>i5.5.5.2/32       2.2.2.2                 20    100      0 ?
*>i5.5.5.5/32       2.2.2.2                  2    100      0 ?
* i192.168.14.0     3.3.3.3                 20    100      0 ?
*>                  0.0.0.0                  0         32768 ?
*>i192.168.25.0     2.2.2.2                  0    100      0 ?
*> 192.168.34.0     192.168.14.4            20         32768 ?
* i                 3.3.3.3                  0    100      0 ?

R3# show bgp vpnv4 unicast vrf one

Route Distinguisher: 1:3 (default for vrf one)
*>i5.5.5.1/32       2.2.2.2                  2    100      0 ?
*>i5.5.5.2/32       2.2.2.2                 20    100      0 ?
*>i5.5.5.5/32       2.2.2.2                  2    100      0 ?
*> 192.168.14.0     192.168.34.4            20         32768 ?
* i                 1.1.1.1                  0    100      0 ?
*>i192.168.25.0     2.2.2.2                  0    100      0 ?
* i192.168.34.0     1.1.1.1                 20    100      0 ?
*>                  0.0.0.0                  0         32768 ?

R4#show ip ospf database external 5.5.5.2
            OSPF Router with ID (4.4.4.4) (Process ID 1)
                Type-5 AS External Link States
  LS age: 12 (DoNotAge)
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 5.5.5.2 (External Network Number )
  Advertising Router: 5.5.5.1
  LS Seq Number: 80000007
  Checksum: 0x94E4
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 0.0.0.0
        External Route Tag: 0
  Routing Bit Set on this LSA
  LS age: 1144
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 5.5.5.2 (External Network Number )
  Advertising Router: 192.168.14.1
  LS Seq Number: 80000001
  Checksum: 0xF84C
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 0.0.0.0
        External Route Tag: 3489660929
  Routing Bit Set on this LSA
  LS age: 1145
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 5.5.5.2 (External Network Number )
  Advertising Router: 192.168.34.3
  LS Seq Number: 80000001
  Checksum: 0x60CE
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 0.0.0.0
        External Route Tag: 3489660929

http://internetworklabs.blogspot.sg/2011/08/cisco-mpls-vpn-ospf-down-bit-domain-tag.html
GNS File : http://www.4shared.com/rar/Zwd8_TUT/mpls_vpn_pe-ce_with_ospf__inje.html

Note

Now I will try to inject routing loop by configuring different domain-tag on either R1 or R3.

R3#show run | b router ospf
router ospf 1 vrf one
 domain-tag 3

Depending on the timing, different outputs can be generated. The output below is by the time I was testing,

R1#show bgp vpnv4 unicast vrf one

Route Distinguisher: 1:1 (default for vrf one)
*>i5.5.5.1/32       2.2.2.2                  2    100      0 ?
*> 5.5.5.2/32       192.168.14.4            20         32768 ?
* i                 2.2.2.2                 20    100      0 ?
*>i5.5.5.5/32       2.2.2.2                  2    100      0 ?
* i192.168.14.0     3.3.3.3                 20    100      0 ?
*>                  0.0.0.0                  0         32768 ?
*>i192.168.25.0     2.2.2.2                  0    100      0 ?
*> 192.168.34.0     192.168.14.4            20         32768 ?
* i                 3.3.3.3                  0    100      0 ?

R3#show bgp vpnv4 unicast vrf one

Route Distinguisher: 1:3 (default for vrf one)
*>i5.5.5.1/32       2.2.2.2                  2    100      0 ?
* i5.5.5.2/32       1.1.1.1                 20    100      0 ?
*>i                 2.2.2.2                 20    100      0 ?
*>i5.5.5.5/32       2.2.2.2                  2    100      0 ?
*> 192.168.14.0     192.168.34.4            20         32768 ?
* i                 1.1.1.1                  0    100      0 ?
*>i192.168.25.0     2.2.2.2                  0    100      0 ?
* i192.168.34.0     1.1.1.1                 20    100      0 ?
*>                  0.0.0.0                  0         32768 ?

R4#traceroute 5.5.5.2
Type escape sequence to abort.
Tracing the route to 5.5.5.2
  1 192.168.34.3 48 msec 72 msec 36 msec
  2 192.168.25.2 [MPLS: Label 25 Exp 0] 32 msec 60 msec 36 msec
  3 192.168.25.5 80 msec *  84 msec

It looks no problem. But actually, there is a loop. In order to test this, I will shutdown R5 Lo2 network, and check the outcome.

interface Loopback2
 ip address 5.5.5.2 255.255.255.255
 shutdown

R4#traceroute 5.5.5.2
Type escape sequence to abort.
Tracing the route to 5.5.5.2
  1 192.168.34.3 68 msec 80 msec 28 msec
  2 192.168.23.2 [MPLS: Labels 16/22 Exp 0] 44 msec 28 msec 20 msec
  3 192.168.14.1 [MPLS: Label 22 Exp 0] 52 msec 60 msec 40 msec
  4 192.168.14.4 24 msec 60 msec 20 msec
  5 192.168.34.3 48 msec 112 msec 92 msec
  6 192.168.23.2 [MPLS: Labels 16/22 Exp 0] 104 msec 104 msec 68 msec
  7 192.168.14.1 [MPLS: Label 22 Exp 0] 104 msec 108 msec 44 msec
  8 192.168.14.4 64 msec 88 msec 40 msec
  9 192.168.34.3 88 msec 108 msec 128 msec
 10 192.168.23.2 [MPLS: Labels 16/22 Exp 0] 108 msec 168 msec 120 msec
 11 192.168.14.1 [MPLS: Label 22 Exp 0] 120 msec 100 msec 84 msec
 12 192.168.14.4 116 msec 124 msec 124 msec
 13 192.168.34.3 144 msec 228 msec 132 msec
 14 192.168.23.2 [MPLS: Labels 16/22 Exp 0] 148 msec 188 msec 164 msec
 15 192.168.14.1 [MPLS: Label 22 Exp 0] 196 msec 216 msec 92 msec
 16 192.168.14.4 128 msec 184 msec 176 msec
R1#show bgp vpnv4 unicast vrf one

Route Distinguisher: 1:1 (default for vrf one)
*>i5.5.5.1/32       2.2.2.2                  2    100      0 ?
*> 5.5.5.2/32       192.168.14.4            20         32768 ?
*>i5.5.5.5/32       2.2.2.2                  2    100      0 ?
* i192.168.14.0     3.3.3.3                 20    100      0 ?
*>                  0.0.0.0                  0         32768 ?
*>i192.168.25.0     2.2.2.2                  0    100      0 ?
*> 192.168.34.0     192.168.14.4            20         32768 ?
* i                 3.3.3.3                  0    100      0 ?

R2#show bgp vpnv4 unicast vrf one

Route Distinguisher: 1:2 (default for vrf one)
*> 5.5.5.1/32       192.168.25.5             2         32768 ?
*>i5.5.5.2/32       1.1.1.1                 20    100      0 ?
*> 5.5.5.5/32       192.168.25.5             2         32768 ?
* i192.168.14.0     3.3.3.3                 20    100      0 ?
*>i                 1.1.1.1                  0    100      0 ?
*> 192.168.25.0     0.0.0.0                  0         32768 ?
* i192.168.34.0     1.1.1.1                 20    100      0 ?
*>i                 3.3.3.3                  0    100      0 ?

R3#show bgp vpnv4 unicast vrf one

Route Distinguisher: 1:3 (default for vrf one)
*>i5.5.5.1/32       2.2.2.2                  2    100      0 ?
*>i5.5.5.2/32       1.1.1.1                 20    100      0 ?
*>i5.5.5.5/32       2.2.2.2                  2    100      0 ?
*> 192.168.14.0     192.168.34.4            20         32768 ?
* i                 1.1.1.1                  0    100      0 ?
*>i192.168.25.0     2.2.2.2                  0    100      0 ?
* i192.168.34.0     1.1.1.1                 20    100      0 ?
*>                  0.0.0.0                  0         32768 ?
Posted by at No comments:
Labels: , ,

Wednesday, 13 February 2013

Difference between filtering routing updates and filtering networks between areas in OSPF



R7 is advertising 7.7.7.1/32 and 7.7.7.2/32
R6 is advertising 6.6.6.1/32 and 6.6.6.2/32

Tasks

1.Filter the 7.7.7.2/32 prefix not to exist in area146 ospf database
2.Filter the 6.6.6.2/32 prefix not to install only on R5

*Crucial configuration are put on R2 and R4.

Configuration

R1

 interface FastEthernet0/0
 ip address 192.168.12.1 255.255.255.0
!
interface FastEthernet1/0
 ip address 192.168.14.1 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 192.168.12.1 0.0.0.0 area 0
 network 192.168.14.1 0.0.0.0 area 146

R2

interface FastEthernet0/0
 ip address 192.168.12.2 255.255.255.0
!
interface FastEthernet1/0
 ip address 192.168.25.2 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 area 257 filter-list prefix DENY_NET6.2 in
 network 192.168.12.2 0.0.0.0 area 0
 network 192.168.25.2 0.0.0.0 area 257
!
ip prefix-list DENY_NET6.2 seq 5 deny 6.6.6.2/32
ip prefix-list DENY_NET6.2 seq 10 permit 0.0.0.0/0 le 32

R4

interface Loopback0
 ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.14.4 255.255.255.0
 speed 100
 full-duplex
!
interface FastEthernet0/1
 ip address 192.168.46.4 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 4.4.4.4 0.0.0.0 area 146
 network 192.168.14.4 0.0.0.0 area 146
 network 192.168.46.4 0.0.0.0 area 146
 distribute-list prefix DENY_NET7.2 in FastEthernet0/0
!
ip prefix-list DENY_NET7.2 seq 5 deny 7.7.7.2/32
ip prefix-list DENY_NET7.2 seq 10 permit 0.0.0.0/0 le 32

R5

interface FastEthernet0/0
 ip address 192.168.25.5 255.255.255.0
 speed 100
 full-duplex
!
interface FastEthernet0/1
 ip address 192.168.57.5 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 192.168.25.5 0.0.0.0 area 257
 network 192.168.57.5 0.0.0.0 area 257

R6

interface Loopback1
 ip address 6.6.6.1 255.255.255.255
!
interface Loopback2
 ip address 6.6.6.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.46.6 255.255.255.0
!
router ospf 1
 log-adjacency-changes
 network 6.6.6.1 0.0.0.0 area 146
 network 6.6.6.2 0.0.0.0 area 146
 network 192.168.46.6 0.0.0.0 area 146

R7

interface Loopback1
 ip address 7.7.7.1 255.255.255.255
!
interface Loopback2
 ip address 7.7.7.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.57.7 255.255.255.0
!
router ospf 1
 log-adjacency-changes
 network 7.7.7.1 0.0.0.0 area 257
 network 7.7.7.2 0.0.0.0 area 257
 network 192.168.57.7 0.0.0.0 area 257

Verification

Since 6.6.6.2/32 is filter-out from area 257 database, both R5 and R7 doesn't have 6.6.6.2/32 prefix.

R5#show ip route ospf
O IA 192.168.46.0/24 [110/22] via 192.168.25.2, 00:10:57, FastEthernet0/0
O IA 192.168.12.0/24 [110/11] via 192.168.25.2, 00:10:57, FastEthernet0/0
O IA 192.168.14.0/24 [110/12] via 192.168.25.2, 00:10:57, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
O IA    4.4.4.4 [110/13] via 192.168.25.2, 00:10:57, FastEthernet0/0
     6.0.0.0/32 is subnetted, 1 subnets
O IA    6.6.6.1 [110/23] via 192.168.25.2, 00:10:57, FastEthernet0/0
     7.0.0.0/32 is subnetted, 2 subnets
O       7.7.7.2 [110/11] via 192.168.57.7, 00:10:57, FastEthernet0/1
O       7.7.7.1 [110/11] via 192.168.57.7, 00:10:57, FastEthernet0/1

R7#show ip route ospf
O IA 192.168.46.0/24 [110/32] via 192.168.57.5, 00:11:27, FastEthernet0/0
O IA 192.168.12.0/24 [110/21] via 192.168.57.5, 00:11:27, FastEthernet0/0
O IA 192.168.14.0/24 [110/22] via 192.168.57.5, 00:11:27, FastEthernet0/0
O    192.168.25.0/24 [110/11] via 192.168.57.5, 00:11:27, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
O IA    4.4.4.4 [110/23] via 192.168.57.5, 00:11:27, FastEthernet0/0
     6.0.0.0/32 is subnetted, 1 subnets
O IA    6.6.6.1 [110/33] via 192.168.57.5, 00:11:27, FastEthernet0/0

Prefix 7.7.7.2/32 is filtered on R4 only not to go inside R4 routing table, so the 7.7.7.2/32 still appeared on R6 routing table. So the traffic can be blackhole at R4 if traffic destined to networks behind R4 and source from 7.7.7.2. 

R4#show ip route ospf
O IA 192.168.12.0/24 [110/11] via 192.168.14.1, 00:13:38, FastEthernet0/0
O IA 192.168.25.0/24 [110/12] via 192.168.14.1, 00:13:38, FastEthernet0/0
O IA 192.168.57.0/24 [110/22] via 192.168.14.1, 00:12:58, FastEthernet0/0
     6.0.0.0/32 is subnetted, 2 subnets
O       6.6.6.2 [110/11] via 192.168.46.6, 00:13:38, FastEthernet0/1
O       6.6.6.1 [110/11] via 192.168.46.6, 00:13:38, FastEthernet0/1
     7.0.0.0/32 is subnetted, 1 subnets
O IA    7.7.7.1 [110/23] via 192.168.14.1, 00:12:47, FastEthernet0/0
R6#show ip route ospf
O IA 192.168.12.0/24 [110/21] via 192.168.46.4, 00:36:34, FastEthernet0/0
O    192.168.14.0/24 [110/11] via 192.168.46.4, 00:36:34, FastEthernet0/0
O IA 192.168.25.0/24 [110/22] via 192.168.46.4, 00:14:36, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
O       4.4.4.4 [110/11] via 192.168.46.4, 00:36:34, FastEthernet0/0
O IA 192.168.57.0/24 [110/32] via 192.168.46.4, 00:10:57, FastEthernet0/0
     7.0.0.0/32 is subnetted, 2 subnets
O IA    7.7.7.2 [110/33] via 192.168.46.4, 00:10:47, FastEthernet0/0
O IA    7.7.7.1 [110/33] via 192.168.46.4, 00:10:47, FastEthernet0/0

GNS File : http://www.4shared.com/rar/4RSDZ4WA/Difference_between_OSPF_filter.html
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)