Daily Archives: April 10, 2013

4.1.a Implement and troubleshoot MPLS operations

this is very exciting… i have mpls wood…

odom_mplsvpn

i readdressed and everything is reachable…

R1#sh ip route ospf | b Gat
Gateway of last resort is not set

8.0.0.0/32 is subnetted, 1 subnets
O        8.8.8.8 [110/5] via 192.168.15.1, 00:03:28, FastEthernet0/0
10.0.0.0/32 is subnetted, 3 subnets
O        10.2.2.1 [110/3] via 192.168.15.1, 00:06:38, FastEthernet0/0
O        10.3.3.1 [110/5] via 192.168.15.1, 00:03:08, FastEthernet0/0
O     192.168.12.0/24 [110/2] via 192.168.15.1, 00:06:38, FastEthernet0/0
O     192.168.14.0/24 [110/2] via 192.168.15.1, 00:06:38, FastEthernet0/0
O     192.168.16.0/24 [110/2] via 192.168.15.1, 00:06:48, FastEthernet0/0
O     192.168.23.0/24 [110/3] via 192.168.15.1, 00:06:38, FastEthernet0/0
O     192.168.24.0/24 [110/3] via 192.168.15.1, 00:06:38, FastEthernet0/0
O     192.168.34.0/24 [110/3] via 192.168.15.1, 00:06:38, FastEthernet0/0
O     192.168.37.0/24 [110/4] via 192.168.15.1, 00:06:38, FastEthernet0/0
O     192.168.38.0/24 [110/4] via 192.168.15.1, 00:06:38, FastEthernet0/0

note r8’s lo0 is 8.8.8.8… in wendell’s diagram cust a and b on the right side have the same ip address on the loopbacks… i don’t know… i changed it to all 8’s to make it obvious… i’m guessing there is some kind of vrf situation coming up… or it’s simply a typo… i don’t particularly like his addressing, at all either…

whoops… this is a bad habit of mine that i have to work on… for the lab exam they say read the damn thing first… gotta fix some things…  i like to prove complete connectivity first; maybe that’s not such a bad habit…

All links between P and PE routers are configured with IP addresses, the IP address on the
     other end of each link is pingable, and these interfaces have been enabled for frame mode
    MPLS with the mpls ip interface subcommand.
■ All P and PE routers use a common IGP (EIGRP with ASN 200 in this case), with all
   loopbacks and subnets between the P and PE routers being advertised. As a result, all P and
  PE routers can ping IP addresses of all interfaces on those routers, including the loopback
 interfaces on those routers.
■ Between each PE and CE, IP addresses have been configured, and the links work, but these
     subnets are not currently advertised by any routing protocol.
■ The PE router interfaces that connect to the CE routers do not have the mpls ip interface
   subcommand, because these interface do not need to be MPLS-enabled. (The mpls ip
  command tells IOS that IP packets should be forwarded and received with an MPLS label.)
■ None of the features specific to MPLS VPNs have yet been configured.

all better… constraints satisfied…

R3#sh ip route eigrp | b Gate
Gateway of last resort is not set

D     192.168.23.0/24 [90/30720] via 192.168.12.2, 00:15:06, FastEthernet1/0
D     192.168.24.0/24 [90/30720] via 192.168.14.4, 00:15:06, FastEthernet1/1
[90/30720] via 192.168.12.2, 00:15:06, FastEthernet1/0
D     192.168.34.0/24 [90/30720] via 192.168.14.4, 00:13:34, FastEthernet1/1

 

, 4.1.a Implement and troubleshoot MPLS operations..

from ccie r&s…

To support multiple customers, MPLS VPN standards include the concept of a virtual router. This
feature, called a VRF table, can be used to store routes separately for different customer VPNs.
The use of separate tables solves part of the problems of preventing one customer’s packets from
leaking into another customer’s network due to overlapping prefixes, while allowing all sites in the
same customer VPN to communicate.

3.3.f Implement and troubleshoot VRF lite

edit: not really vrf lite but this is as good a spot as any…

this was a great experiment i did last year to prove the veracity of vrf… it’s one of my most popular documents over on cln… it bears repeating…

https://learningnetwork.cisco.com/people/brian-osgood?view=documents

Sunday, May 27, 2012

vrf… the road to mpls…

this is the beginning of what would later bury frame relay…
notice the diagram… the ip addresses are the same for the clients… virtual route forwarding… see below
r1#ping 10.1.1.1Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
r1#
r2#ping 10.1.1.1Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
r2#
r4#ping 10.1.1.1Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
r4#
each client router (ce, client edge) is connected to  r3 (pe, provider edge) with a virtual connection provided by vrf… like frame relay without the hassle of a frame switch… this would later give way to mpls, or frame tagging for the wan…
normally, if you try to assign the same addresses to interfaces the router complains you have overlapping ip’s… with a little variable magic, and very little at that, you can change the game…
r3#ping vrf r1 10.1.1.1Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
r3#ping vrf r2 10.1.1.1Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
r3#ping vrf r4 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms
r3#

first note the rd’s (route-distinguishers) in the diagram in global config…
then assign them to the interfaces…
interface FastEthernet0/0
ip vrf forwarding r1
ip address 10.1.1.1 255.255.255.0
speed 100
full-duplex
!
interface Serial0/0
ip vrf forwarding r2
ip address 10.1.1.1 255.255.255.0
encapsulation ppp
no fair-queue
clock rate 1000000
!
interface Serial0/1
ip vrf forwarding r4
ip address 10.1.1.1 255.255.255.0
encapsulation ppp
clock rate 1000000
of course, it’s just the beginning… you are running a separate route table for each vrf… see below
look ma, no global route table…
r3#sh ip route
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static routeGateway of last resort is not setr3#

then…

 

r3#sh ip route vrf r4Routing Table: r4
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static routeGateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       10.1.1.2/32 is directly connected, Serial0/1
C       10.1.1.0/24 is directly connected, Serial0/1
r3#

so what’s the big deal with mpls… it doesn’t have to dig into the packet, it labels the packet, it tags it, and uses cef to switch the hell out of it…