cisco mplsvpn troubleshooting 2

8/4/2019 Cisco Mplsvpn Troubleshooting 2

1/41

1 2003 Cisco Systems, Inc. All rights reserved.

MPLS VPN Inter-AS,12/03

INTER-AUTONOMOUS SYSTEMMPLS VPN: CONFIGURATION ANDTROUBLESHOOTINGDECEMBER 2003


2/41



Agenda

Troubleshooting Commands

Inter-AS Case Study

Inter-AS Summary


3/41



BASIC TROUBLESHOOTINGCOMMANDS




4/41



Troubleshooting Commands

Check VRF routing table

show ip route vrf

Check the imported route and associated NH address

Check BGP VPNv4 tableshow ip bgp vpnv4 all

Check routes associated with an RD

Check CEF table CEF

show ip CEF VRF

Entries for the imported prefixes from a neighbor

Check TFIB table

show tag forwarding


5/41



CASE STUDY




6/41



Introduction

Configuration Analysis

Backup path check

Load Balancing VPNv4 prefixes across the Inter-ASpaths

Inter-AS Design Considerations

Inter-AS Configurations

Inter-AS Case Study Agenda


7/417 2003 Cisco Systems, Inc. All rights reserved.


Case study scenario

Setup

Inter-AS VPN Distribution Methods

Next-Hop-Self Method

Redistribute Connected Subnet Method

Label Switch Path Next-Hop-Self

Label Switch Path Redistribute Connected Subnets

Introduction




Case Study Scenario

Two separate MPLS VPN networks: (AS200 and AS300)that distribute VPN routes between each other.

Two Inter-AS (eBGP) connections: primary andbackup paths

VPN traffic will normally travel over the primary Inter-AS pathand switch over to the backup path in the event of a failure

Four VRFs used in this example:

AS300: VRF green and emerald sites

AS200: VRF red and pink




PE-300PE-200

ASBR-B200ASBR-B300

ASBR-A300 ASBR-A200

AS 300 AS 200

eBGP

20.1.1.0

20.2.1.0 *

vrf red

21.1.1.021.2.1.0

vrf pink

30.1.1.0

vrf green

31.1.1.0

vrfemerald

VPNv4 Route Distribution between ASs

Route with * disallowedfrom crossing AS (does not hold

RT 200:777)

eBGP

Backup

Primary

Only accept routes with RT = 200:777Set next-hop = selfSet MED = 50

Only accept routes with RT = 200:777Set next-hop = selfSet MED = 100

Accept all routesRedistribute connected subnetsSet MED = 100


Topology




PE-300

FA4/0 3.3.3.6/30

LO10 30.1.1.1/24

LO11 31.1.1.1/24

LO0 156.50. 10.3/32

ASBR-A300

POS8/0/ 0 1.1.1.2/30

LO0 156.50. 10.1/32

ATM8/1/0 3.3.3.1/30

ASBR-A200

POS1/0/0 1.1. 1. 1/30

LO0 166. 50.10. 1/32

ATM1/1/0 2.2.2.1/30

ASBR-B200

FA0/0 2.2.2.5/30

POS4/0 1.1.1.5/30

LO0 166. 50.10. 2/32

ATM1/0 2.2.2.2/30

PE-200

FA4/0 2.2.2.6/30

LO10 20.1.1.1/24

LO11 21.1.1.1/24

LO0 166. 50.10. 3/32

ASBR-B300

FA0/0 3.3.3.5/30

ATM1/0 3.3.3.2/30

LO0 156.50. 10.2/32

POS4/0 1.1.1.6/30

vrf red

vrf pink

vrf green

vrf emerald

IP Addressing for the Topology




Next-hop-self Method

Changing next-hop to that of the local ASBR for all VPNv4 routes learnedfrom the other ASBR

BGP label and NH are changed by the receiving ASBR, which that hasnext-hop-self enabled

Redistribute-Connected-Subnets

Redistributing the next hop address of the remote ASBR into the local IGPusing redistribute connected subnets command

Example: BGP label and next hop is not changed when the VPNv4 routesare redistributed into the local AS

Both methods will be used in this case study. ASBR in AS200will change NH to themselves. ASBRs in AS300 will use hostroute to NH address of ASBR in AS200.

Inter-AS Distribution Methods




AS 200 has three routers

Primary ASBR: ASBR-A200

Using Next-Hop-Self Method on ASBR-200

Backup ASBR / P router: ASBR-B200

PE: PE-200; two VRFs red and pink

AS 300 has three routers:

Primary ASBR: ASBR-A300

Using Redistribute Connected subnets on ASBR-300Backup ASBR / P router: ASBR-B300

PE: PE-300; two VRFs green and emerald

Inter-AS Case Study Specifications




PE-300PE-200

ASBR-B200ASBR-B300

ASBR-A300 ASBR-A200

AS 300 AS 200

23BGP Label:

166.50.10.1

ABSR-A200Next-hop:

300:1:30.1.1.0Network:

23BGP Label:

166.50.10.1

ASBR-A200Next-hop:

300:1:30.1.1.0Network:

161BGP Label:

156.50.10.3

PE-300Next-hop:

300:1:30.1.1.0Network:

161BGP Label:

156.50.10.3

PE-300Next-hop:

300:1:30.1.1.0Network:

164BGP Label:

1.1.1.2

ABSR-A300Next-hop:

300:1:30.1.1.0Network:

1.1.1.11.1.1.2

1

2

3

4

5

Inter-AS Distribution:Next-Hop-Self Method on Primary path




Changing next-hop to that of the local ASBR for all VPNv4

routes learnt from the other ASBR. Sample config for ASBR-A200:

address-family vpnv4

neighbor 1.1.1.2 activate

neighbor 1.1.1.2 send-community extended

neighbor 1.1.1.2 route-map SETMETRIC out

neighbor 166.50.10.3 activateneighbor 166.50.10.3 next-hop-self (! PE-200 peer)neighbor 166.50.10.3 send-community extended

neighbor 166.50.10.3 route-map INTER-AS in

exit-address-family

!

ip extcommunity-list 10 permit rt 200:777

!access-list 1 permit any

route-map SETMETRIC permit 10

match ip address 1

set metric 50

!

route-map INTER-AS permit 10

match extcommunity 10

Inter-AS Distribution:Next-Hop-Self Method




ASBRs in AS300 uses the redistribute connected subnets methodto distribute VPNv4 routes

BGP next-hop is not changed for remote VPNv4 routes and willremain that of ASBR-A200 which is 1.1.1.1 (the interface address)

PE-300PE-200

ASBR-B200ASBR-B300

ASBR-A300 ASBR-A200

AS 300 AS 200

29BGP Label:

166.50.10.3

PE-200Next-hop:

200:1:20.1.1.0Network:

29BGP Label:

166.50.10.3

PE-200Next-hop:

200:1:20.1.1.0Network:

20BGP Label:

1.1.1.1

ABSR-A200Next-hop:

200:1:20.1.1.0Network:

20BGP Label:

1.1.1.1

ABSR-A200Next-hop:

200:1:20.1.1.0Network:

20BGP Label:

1.1.1.1

ASBR-A200Next-hop:

200:1:20.1.1.0Network:

1.1.1.11.1.1.2

1

2

3

4

5

Inter-AS Distribution:Redistribute Connected Subnet Method




PE-300PE-200

ASBR-B200ASBR-B300

ASBR-A300 ASBR-A200

AS 300 AS 200 23BGP Label:16IGP Label:

166.50.10.1

ABSR-A200Next-hop:

300:1:30.1.1.0Network:

23BGP Label:

166.50.10.1

ASBR-A200Next-hop:

300:1:30.1.1.0Network:

161BGP Label:

156.50.10.3

PE-300Next-hop:

300:1:30.1.1.0Network:

164BGP Label:

1.1.1.2

ABSR-A300Next-hop:

300:1:30.1.1.0Network:

1.1.1.11.1.1.2

7

54

2

1

23BGP Label:

PopIGP Label:

166.50.10.1

ABSR-A200Next-hop:

300:1:30.1.1.0Network:

3

161BGP Label:162IGP Label:

156.50.10.3

PE-300Next-hop:

300:1:30.1.1.0Network:

161BGP Label:

PopIGP Label:

156.50.10.3

PE-300Next-hop:

300:1:30.1.1.0Network:

6

Inter-AS Distribution:Label Switch Path Next-Hop-Self




PE-300PE-200

ASBR-B200ASBR-B300

ASBR-A300 ASBR-A200

AS 300 AS 20020BGP Label:166IGP Label:

1.1.1.1

ABSR-A200Next-hop:

200:1:20.1.1.0Network:

29BGP Label:

166.50.10.3

PE-200Next-hop:

200:1:20.1.1.0Network:

20BGP Label:

1.1.1.1

ABSR-A200Next-hop:

200:1:20.1.1.0Network:

1.1.1.11.1.1.2

1

34

6

7

29BGP Label:

PopIGP Label:

166.50.10.3

PE-200Next-hop:

200:1:20.1.1.0Network:

5

20BGP Label:

PopIGP Label:

1.1.1.1

ASBR-A200Next-hop:

200:1:20.1.1.0Network:

20BGP Label:

160IGP Label:

1.1.1.1

ASBR-A200Next-hop:

200:1:20.1.1.0Network:

2

29BGP Label:

17IGP Label:

166.50.10.3

PE-200Next-hop:

200:1:20.1.1.0Network:

Inter-AS Distribution: Label Switch PathRedistribute Connected Subnets




Under normal circumstances, all traffic between theAutonomous Systems will travel along the primary eBGPpath, circuit addresses 1.1.1.1 1.1.1.2.

This section verifies that the backup path works correctly

if the primary path failsSimple test was executed with traffic originating from PE300traveling to PE200

Shutdown primary interface on AS200

Backup path is selected on PE-300

Backup path check




PE-300#trace vrf green 20.1.1.1

Type escape sequence to abort.

Tracing the route to 20.1.1.1

1 3.3.3.5 4 msec 4 msec 0 msec


3 1.1.1.1 4 msec 4 msec 0 msec ASBR-A200 primary4 2.2.2.2 4 msec 0 msec 4 msec

5 20.1.1.1 0 msec * 0 msec

Backup path check:Traceroute on the primary path


20/41



PE-300#trace vrf green 20.1.1.1

Type escape sequence to abort.

Tracing the route to 20.1.1.1


2 1.1.1.5 0 msec 0 msec 4 msec ASBR-B200 backup3 20.1.1.1 0 msec * 0 msec

Backup path check: Tracerouteon the primary path (Cont.)


21/41



Overview

ASBR 200 configurations

PE-200 configuration

PE-300 VPNv4 BGP Table

Load Balancing VPNv4 PrefixesAcross the Inter-AS Paths


22/41



PE-300PE-200

ASBR-B200ASBR-B300

ASBR-A300 ASBR-A200

AS 300 AS 200

eBGP

20.1.1.0

20.2.1.0 *

vrf red

21.1.1.021.2.1.0

vrf pink

30.1.1.0

vrf green

31.1.1.0

vrf

emerald

VPNv4 Route Distribution between ASs

Route with * disallowedfrom crossing AS (does not hold

RT 777:1 or RT 777:2)

eBGP

Gateway 2

Gateway 1

Only accept routes with RT = 777:1 or 777:2Set next-hop = selfSet MED = 50 if RT 777:1 MED=100 if RT 777:2

Only accept routes with RT = 777:1 or 777:2Set next-hop = selfSet MED = 50 if RT 777:2 MED=100 if RT 777:1



Via gateway 1

Via gateway 2

Load Balancing VPNv4 PrefixesAcross the Inter-AS Paths: Topology


23/41



Goal: load balance VPNv4 prefixes across both Inter-ASlinks from AS300 to AS200.

Note that there are two paths:

Gateway 1 (path between ASBR-A200 and ASBR-A300): only VRF

green traffic

Gateway 2 (path between ASBR-B200 & ASBR-B300): only VRFemerald traffic

ASBR-A200: accept routes only from VRF green

ASBR-B200: accept routes only from VRF emerald

If load balancing is required in both directions, mirrorASBR-A200 configuration on ASBR-A300 and ASBR-B200 configuration on ASBR-B300

Load Balancing VPNv4 Prefixes Acrossthe Inter-AS Paths: Goals and Specs


24/41



MED is set at each gateway, depending upon theroute-target/extcommunity value on the VPNv4 route

Route-target = 777:1

Primary: Gateway 1; prefix: MED=50

Backup: Gateway 2; MED=100

Route-target = 777:2

Primary: Gateway 2; prefix: MED=50

Backup: Gateway 1; MED=100 Gateways have both been configured to accept only

VPNv4 routes that have the extcommunity attribute777:1 or 777:2

Load-balancing: VPNv4Related Specifications


25/41



VRF Prefix RT Primary Backup

Red

20.1.1.020.2.1.0

200:1 777:1200:1

ASBR-A200 (1.1.1.1)Denied

ASBR-B200(1.1.1.5)Denied

Pink

21.1.1.021.2.1.0

200:2 777:2200:2 777:2

ASBR-B200 (1.1.1.5)ASBR-B200 (1.1.1.5)

ASBR-A200(1.1.1.1)ASBR-A200(1.1.1.1)

*should see the red routes via 1.1.1.1 and the pink routes via 1.1.1.5

The primary path for VRF pink is via ASBR-B200 All routes in VRF pink have the route-target 777:2; ASBR-A200

will be the backup path (from perspective of the PE-300)

The primary path for VRF red is via ASBR-A200; backup path isvia ASBR-B200

Load Balancing Across the Inter-ASPaths: PE 200 Configuration


26/41



ip vrfpinkrd 200:2

route-target export 200:2

route-target export 777:2 use ASBR-B200 as the primary pathroute-target import 200:2

route-target import 300:2

!

ip vrf red

rd 200:1

export map OUT-INTER-AS

route-target export 200:1



access-list 10 permit 20.1.1.0 0.0.0.55

route-map OUT-INTER-AS permit 10

match ip address 10

set extcommunity rt 777:1 additive use ASBR-A200 as the primary path!

Load Balancing Across the Inter-ASPaths: PE 200 Configuration (Cont.)


27/41



router bgp 200

address-family vpnv4



neighbor 1.1.1.2 route-map SETMETRIC out


neighbor 166.50.10.3 next-hop-self


neighbor 166.50.10.3 route-map INTER-AS inexit-address-family

!



!



set metric 50 Metric is 100 on ASBR-B200!



set metric 100 Metric is 50 on ASBR-B200!

route-map INTER-AS permit 10

match extcommunity 10 11 AS200 ASBRs to accept VPNv4 routesthat hold the extcommunity attribute of 777:1 or 777:2

Load Balancing Across the Inter-ASPaths: ASBR-A200 Configuration


28/41



Note: BGP VPNv4 table on PE-300 after the VPNv4 routes from AS 200 have been redistributedusing the new route-targets and MED values. As can be seen, the best routes have been chosenand imported into the green and emeraldVRFs using the lowest metric (MED) the next hop

being either 1.1.1.1 or 1.1.1.5.

PE-300#show ip bgp vpnv4 allBGP table version is 99, local router ID is 156.50.10.3

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 200:1

*>i20.1.1.0/24 1.1.1.1 50 100 0 200 ?

* i 1.1.1.5 100 100 0 200 ?

Route Distinguisher: 200:2

* i21.1.1.0/24 1.1.1.1 100 100 0 200 ?

*>i 1.1.1.5 50 100 0 200 ?

* i21.2.1.0/24 1.1.1.1 100 100 0 200 ?

*>i 1.1.1.5 50 100 0 200 ?

Route Distinguisher: 300:1 (default for vrf green)

*>i20.1.1.0/24 1.1.1.1 50 100 0 200 ? Via ASBR-A200*> 30.1.1.0/24 0.0.0.0 0 32768 ?

Route Distinguisher: 300:2 (default for vrf emerald)*>i21.1.1.0/24 1.1.1.5 50 100 0 200 ? Via ASBR-B200*>i21.2.1.0/24 1.1.1.5 50 100 0 200 ? Via ASBR-B200*> 31.1.1.0/24 0.0.0.0 0 32768 ?

Load Balancing Across the Inter-ASPaths: PE-300 VPNv4 BGP Table


29/41



ASBR-A200

ASBR-A300

ASBR-B200

ASBR-B300

PE-200

PE-300

Configurations


30/41



hostname ABSR-A200!logging rate-limit console 10 except errors!ip subnet-zerono ip fingerno ip domain-lookup!ip cef distributedcall rsvp-synccns event-service server!interface Loopback0ip address 166.50.10.1 255.255.255.255!interface ATM1/0/0ip address 2.2.2.1 255.255.255.252ip route-cache distributedip ospf network point-to-pointno atm ilmi-keepalive

pvc 1/102broadcastencapsulation aal5snap

!tag-switching ip!interface POS1/1/0ip address 1.1.1.1 255.255.255.252ip route-cache distributed

clock source internalpos ais-shutpos report laispos report lrdi!router ospf 200log-adjacency-changesnetwork 2.2.2.0 0.0.0.255 area 0network 166.50.10.0 0.0.0.255 area 0

!router bgp 200no synchronizationno bgp default ipv4-unicastno bgp default route-target filter

bgp log-neighbor-changesneighbor 1.1.1.2 remote-as 300neighbor 166.50.10.3 remote-as 200neighbor 166.50.10.3 update-source Loopback0!address-family vpnv4neighbor 1.1.1.2 activate

!neighbor 1.1.1.2 send-community extendedneighbor 1.1.1.2 route-map SETMETRIC outneighbor 166.50.10.3 activateneighbor 166.50.10.3 next-hop-selfneighbor 166.50.10.3 send-community extendedneighbor 166.50.10.3 route-map INTER-AS inexit-address-family!ip kerberos source-interface anyip classlessno ip http serverip extcommunity-list 10 permit rt 200:777!access-list 1 permit anyroute-map SETMETRIC permit 10match ip address 1

set metric 50!route-map INTER-AS permit 10match extcommunity 10!end

Configurations: ASBR-A200


31/41



hostname ABSR-A300!logging rate-limit console 10 except errors!ip subnet-zerono ip fingerno ip domain-lookup!ip cef distributedtag-switching tag-range downstream 160 1000 0call rsvp-synccns event-service server!interface Loopback0ip address 156.50.10.1 255.255.255.255!interface ATM8/0/0ip address 3.3.3.1 255.255.255.252ip route-cache distributedip ospf network point-to-pointno atm ilmi-keepalive

pvc 1/102broadcastencapsulation aal5snap!tag-switching ip!interface POS8/1/0ip address 1.1.1.2 255.255.255.252

ip route-cache distributedpos ais-shutpos report laispos report lrdi!

!router ospf 300log-adjacency-changesredistribute connected subnetsnetwork 3.3.3.0 0.0.0.3 area 0network 156.50.10.0 0.0.0.255 area 0!router bgp 300no synchronizationno bgp default ipv4-unicastno bgp default route-target filter

bgp log-neighbor-changesneighbor 1.1.1.1 remote-as 200neighbor 156.50.10.3 remote-as 300neighbor 156.50.10.3 update-source Loopback0!address-family vpnv4neighbor 1.1.1.1 activateneighbor 1.1.1.1 send-community extendedneighbor 1.1.1.1 route-map SETMETRIC outneighbor 156.50.10.3 activateneighbor 156.50.10.3 send-community extended

bgp scan-time 10bgp scan-time import 10exit-address-family!ip kerberos source-interface anyip classlessno ip http server

!access-list 1 permit anyroute-map SETMETRIC permit 10match ip address 1set metric 50

Configurations: ASBR-A300


32/41



hostname ABSR-B200!boot system disk0:c7200-js-mz.121-5.T8.binlogging rate-limit console 10 except errorsenable password cisco!ip subnet-zero!no ip fingerno ip domain-lookup!ip cefcall rsvp-synccns event-service server!interface Loopback0ip address 166.50.10.2 255.255.255.255!interface FastEthernet0/0ip address 2.2.2.5 255.255.255.252duplex fulltag-switching ip!interface ATM3/0ip address 2.2.2.2 255.255.255.252ip ospf network point-to-pointno atm ilmi-keepalivepvc 1/102broadcast

encapsulation aal5snap!tag-switching ip!interface POS4/0ip address 1.1.1.5 255.255.255.252no ip route-cache cefclock source internal!

!interface FastEthernet6/0ip address 10.64.37.50 255.255.255.0duplex full!router ospf 200log-adjacency-changesnetwork 2.2.2.0 0.0.0.255 area 0network 166.50.10.0 0.0.0.255 area 0!router bgp 200no synchronizationno bgp default ipv4-unicastno bgp default route-target filterbgp log-neighbor-changesneighbor 1.1.1.6 remote-as 300neighbor 166.50.10.3 remote-as 200neighbor 166.50.10.3 update-source Loopback0!address-family vpnv4neighbor 1.1.1.6 activateneighbor 1.1.1.6 send-community extendedneighbor 1.1.1.6 route-map SETMETRIC outneighbor 166.50.10.3 activateneighbor 166.50.10.3 next-hop-selfneighbor 166.50.10.3 send-community extendedneighbor 166.50.10.3 route-map INTER-AS inexit-address-family!

ip kerberos source-interface anyip classlessno ip http serverip extcommunity-list 10 permit rt 200:777!access-list 1 permit anyroute-map SETMETRIC permit 10match ip address 1set metric 100!route-map INTER-AS permit 10match extcommunity 10!end

Configurations: ASBR-B200


33/41



hostname ABSR-B300!

boot system disk0:c7200-js-mz.121-5.T8.binlogging rate-limit console 10 except errorsenable password cisco!ip subnet-zero!!no ip fingerno ip domain-lookup!ip ceftag-switching tag-range downstream 160 1000 0call rsvp-synccns event-service server!interface Loopback0ip address 156.50.10.2 255.255.255.255

!interface FastEthernet0/0ip address 3.3.3.5 255.255.255.252duplex fulltag-switching ip

!interface ATM3/0ip address 3.3.3.2 255.255.255.252ip ospf network point-to-pointno atm ilmi-keepalive

pvc 1/102broadcastencapsulation aal5snap!tag-switching ip

!interface POS4/0ip address 1.1.1.6 255.255.255.252no ip route-cache cef

!router ospf 300log-adjacency-changesredistribute connected subnetsnetwork 3.3.3.0 0.0.0.3 area 0network 3.3.3.4 0.0.0.3 area 0network 156.50.10.0 0.0.0.255 area 0!router bgp 300no synchronizationno bgp default ipv4-unicastno bgp default route-target filter

bgp log-neighbor-changesneighbor 1.1.1.5 remote-as 200neighbor 156.50.10.3 remote-as 300neighbor 156.50.10.3 update-source Loopback0!address-family vpnv4neighbor 1.1.1.5 activateneighbor 1.1.1.5 send-community extendedneighbor 1.1.1.5 route-map SETMETRIC outneighbor 156.50.10.3 activateneighbor 156.50.10.3 send-community extended

bgp scan-time 10bgp scan-time import 10exit-address-family!ip kerberos source-interface anyip classless

no ip http server!access-list 1 permit anyroute-map SETMETRIC permit 10match ip address 1set metric 100!end

Configurations: ASBR-B300


34/41



hostname PE-200!boot system disk0:c7200-js-mz.121-5c.E8.bin!ip subnet-zero!ip vrf pinkrd 200:2route-target export 200:2route-target export 200:777route-target import 200:2route-target import 300:2!ip vrf redrd 200:1export map OUT-INTER-AS

route-target export 200:1route-target import 200:1route-target import 300:1ip ceftag-switching tdp router-id Loopback0cns event-service server!interface Loopback0ip address 166.50.10.3 255.255.255.255!interface Loopback10ip vrf forwarding redip address 20.1.1.1 255.255.255.0!interface Loopback11

ip vrf forwarding pinkip address 21.1.1.1 255.255.255.0!interface FastEthernet4/0ip address 2.2.2.6 255.255.255.252no ip route-cache cefduplex fulltag-switching ip!router ospf 200log-adjacency-changesnetwork 2.2.2.0 0.0.0.255 area 0network 166.50.10.0 0.0.0.255 area 0

router bgp 200no synchronizationno bgp default ipv4-unicast

bgp log-neighbor-changesneighbor 166.50.10.1 remote-as 200neighbor 166.50.10.1 update-source Loopback0neighbor 166.50.10.2 remote-as 200neighbor 166.50.10.2 update-source Loopback0default-information originate!address-family ipv4 vrf redredistribute connectedredistribute staticno auto-summaryno synchronizationexit-address-family

!address-family ipv4 vrf pinkredistribute connectedredistribute staticdefault-information originateno auto-summaryno synchronizationexit-address-family!address-family vpnv4neighbor 166.50.10.1 activateneighbor 166.50.10.1 send-community extendedneighbor 166.50.10.2 activateneighbor 166.50.10.2 send-community extendeddefault-information originate

exit-address-family!ip classlessip route vrf red 20.2.1.0 255.255.255.0 Loopback10 20.1.1.2ip route vrf pink 21.2.1.0 255.255.255.0 Loopback1121.1.1.2no ip http server!access-list 10 permit 20.1.1.0 0.0.0.55route-map OUT-INTER-AS permit 10match ip address 10set extcommunity rt 200:777 additive!end

Configurations: PE-200


35/41



hostname PE-300!ip subnet-zero!no ip fingerno ip domain-lookup!ip vrf emeraldrd 300:2route-target export 300:2route-target import 300:2route-target import 200:2!ip vrf greenrd 300:1

route-target export 300:1route-target import 300:1route-target import 200:1ip ceftag-switching tag-range downstream 160 1000 0cns event-service server!interface Loopback0ip address 156.50.10.3 255.255.255.255!interface Loopback10ip vrf forwarding greenip address 30.1.1.1 255.255.255.0!interface Loopback11

ip vrf forwarding emeraldip address 31.1.1.1 255.255.255.0!interface ATM1/0no ip addressno ip route-cache cefno atm ilmi-keepalive!interface FastEthernet4/0ip address 3.3.3.6 255.255.255.252duplex fulltag-switching ip!

router ospf 300log-adjacency-changesnetwork 3.3.3.4 0.0.0.3 area 0network 156.50.10.0 0.0.0.255 area 0!router bgp 300no synchronizationno bgp default ipv4-unicast

bgp log-neighbor-changesneighbor 156.50.10.1 remote-as 300neighbor 156.50.10.1 update-source Loopback0neighbor 156.50.10.2 remote-as 300neighbor 156.50.10.2 update-source Loopback0!address-family ipv4 vrf green

redistribute connectedno auto-summaryno synchronizationexit-address-family!address-family ipv4 vrf emeraldredistribute connectedno auto-summaryno synchronizationexit-address-family!address-family vpnv4neighbor 156.50.10.1 activateneighbor 156.50.10.1 send-community extendedneighbor 156.50.10.2 activate

neighbor 156.50.10.2 send-community extendedbgp scan-time 15bgp scan-time import 10exit-address-family!ip classlessno ip http server!tftp-server disk0:c7200-js-mz.121-5c.E8.bin!end

Configurations: PE-300


36/41



INTER-AS SUMMARY


37/41



Service Providers have deployed Inter-AS for:

Scalability purposes

Partitioning the network based on services or management boundaries

Some contract work is in progress amongst Service Providers to

establish partnership and offer end-end VPN services to thecommon customer base

Service Provider networks are completely separate

Do not need to exchange internal prefix or label information

Each Service Provider establishes a direct MP-eBGP sessionwith the others to exchange VPN-IPv4 addresses with labels

/32 route to reach the ASBR is created by default so ASBRs cancommunicate without a need for IGP

Must be redistributed in the receiving Service Providers IGP

Inter-AS Summary


38/41



IGP or LDP across ASBR links is not required

Labels are already assigned to the routes when exchanged via MP-eBGP

Interface used to establish MP-eBGP session does not need to be

associated with a VRF

Direct eBGP routes and labels can be exchanged.

Next-Hop self can be turned on on ASBRs, enabling theASBR to use its own address for next-hop

Using the next-hop self requires an additional entry inthe TFIB for each VPNv4 route (about 180) bytes

If the Service Provider wishes to hide the Inter-AS linkthen use the next-hop-self method otherwise use the

redistribute connected subnets method

Inter-AS Summary (Cont.)


39/41



Multi-hop MP-eBGP sessions can be passed betweenService Providers without conversions to VPNv4 routes

Configuration of VRFs is not required on the ASBRsbecause bgp default route-target filter (automatic route

filtering feature) has been disabled

To conserve memory on both sides of the boundary andimplement a simple form of security, always configureinbound route-maps to filter only routes that need to bepassed to the other AS

Inter-AS Summary (Cont.)


40/41



References

Inter-AS for MPLS VPNs CCO Documentation:

www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/interas.htm

MPLS and VPN architecturesJim Guichard/Ivan

Pepelnjak ISBN 1-58705-002-1:www.ciscopress.com/book.cfm?book=168

Support for Inter-provider MPLS VPNENG-48803Dan Tappan, (internal only)
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/%0B121newft/121t/121t5/interas.htmhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios121/%0B121newft/121t/121t5/interas.htmhttp://www.ciscopress.com/book.cfm?book=168http://www.ciscopress.com/book.cfm?book=168http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/%0B121newft/121t/121t5/interas.htmhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios121/%0B121newft/121t/121t5/interas.htmhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios121/%0B121newft/121t/121t5/interas.htm


41/41

cisco mplsvpn troubleshooting 2

Documents