cisco mplsvpn troubleshooting 2
TRANSCRIPT
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
1/41
1 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
INTER-AUTONOMOUS SYSTEMMPLS VPN: CONFIGURATION ANDTROUBLESHOOTINGDECEMBER 2003
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
2/41
2 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
Agenda
Troubleshooting Commands
Inter-AS Case Study
Inter-AS Summary
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
3/41
3 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
BASIC TROUBLESHOOTINGCOMMANDS
3 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
4/41
4 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
Troubleshooting Commands
Check VRF routing table
show ip route vrf
Check the imported route and associated NH address
Check BGP VPNv4 tableshow ip bgp vpnv4 all
Check routes associated with an RD
Check CEF table CEF
show ip CEF VRF
Entries for the imported prefixes from a neighbor
Check TFIB table
show tag forwarding
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
5/41
5 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
CASE STUDY
5 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
6/41
6 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
Introduction
Configuration Analysis
Backup path check
Load Balancing VPNv4 prefixes across the Inter-ASpaths
Inter-AS Design Considerations
Inter-AS Configurations
Inter-AS Case Study Agenda
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
7/417 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
Case study scenario
Setup
Inter-AS VPN Distribution Methods
Next-Hop-Self Method
Redistribute Connected Subnet Method
Label Switch Path Next-Hop-Self
Label Switch Path Redistribute Connected Subnets
Introduction
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
8/418 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
Case Study Scenario
Two separate MPLS VPN networks: (AS200 and AS300)that distribute VPN routes between each other.
Two Inter-AS (eBGP) connections: primary andbackup paths
VPN traffic will normally travel over the primary Inter-AS pathand switch over to the backup path in the event of a failure
Four VRFs used in this example:
AS300: VRF green and emerald sites
AS200: VRF red and pink
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
9/419 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
PE-300PE-200
ASBR-B200ASBR-B300
ASBR-A300 ASBR-A200
AS 300 AS 200
eBGP
20.1.1.0
20.2.1.0 *
vrf red
21.1.1.021.2.1.0
vrf pink
30.1.1.0
vrf green
31.1.1.0
vrfemerald
VPNv4 Route Distribution between ASs
Route with * disallowedfrom crossing AS (does not hold
RT 200:777)
eBGP
Backup
Primary
Only accept routes with RT = 200:777Set next-hop = selfSet MED = 50
Only accept routes with RT = 200:777Set next-hop = selfSet MED = 100
Accept all routesRedistribute connected subnetsSet MED = 100
Accept all routesRedistribute connected subnetsSet MED = 50
Topology
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
10/4110 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
PE-300
FA4/0 3.3.3.6/30
LO10 30.1.1.1/24
LO11 31.1.1.1/24
LO0 156.50. 10.3/32
ASBR-A300
POS8/0/ 0 1.1.1.2/30
LO0 156.50. 10.1/32
ATM8/1/0 3.3.3.1/30
ASBR-A200
POS1/0/0 1.1. 1. 1/30
LO0 166. 50.10. 1/32
ATM1/1/0 2.2.2.1/30
ASBR-B200
FA0/0 2.2.2.5/30
POS4/0 1.1.1.5/30
LO0 166. 50.10. 2/32
ATM1/0 2.2.2.2/30
PE-200
FA4/0 2.2.2.6/30
LO10 20.1.1.1/24
LO11 21.1.1.1/24
LO0 166. 50.10. 3/32
ASBR-B300
FA0/0 3.3.3.5/30
ATM1/0 3.3.3.2/30
LO0 156.50. 10.2/32
POS4/0 1.1.1.6/30
vrf red
vrf pink
vrf green
vrf emerald
IP Addressing for the Topology
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
11/4111 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
Next-hop-self Method
Changing next-hop to that of the local ASBR for all VPNv4 routes learnedfrom the other ASBR
BGP label and NH are changed by the receiving ASBR, which that hasnext-hop-self enabled
Redistribute-Connected-Subnets
Redistributing the next hop address of the remote ASBR into the local IGPusing redistribute connected subnets command
Example: BGP label and next hop is not changed when the VPNv4 routesare redistributed into the local AS
Both methods will be used in this case study. ASBR in AS200will change NH to themselves. ASBRs in AS300 will use hostroute to NH address of ASBR in AS200.
Inter-AS Distribution Methods
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
12/4112 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
AS 200 has three routers
Primary ASBR: ASBR-A200
Using Next-Hop-Self Method on ASBR-200
Backup ASBR / P router: ASBR-B200
PE: PE-200; two VRFs red and pink
AS 300 has three routers:
Primary ASBR: ASBR-A300
Using Redistribute Connected subnets on ASBR-300Backup ASBR / P router: ASBR-B300
PE: PE-300; two VRFs green and emerald
Inter-AS Case Study Specifications
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
13/4113 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
PE-300PE-200
ASBR-B200ASBR-B300
ASBR-A300 ASBR-A200
AS 300 AS 200
23BGP Label:
166.50.10.1
ABSR-A200Next-hop:
300:1:30.1.1.0Network:
23BGP Label:
166.50.10.1
ASBR-A200Next-hop:
300:1:30.1.1.0Network:
161BGP Label:
156.50.10.3
PE-300Next-hop:
300:1:30.1.1.0Network:
161BGP Label:
156.50.10.3
PE-300Next-hop:
300:1:30.1.1.0Network:
164BGP Label:
1.1.1.2
ABSR-A300Next-hop:
300:1:30.1.1.0Network:
1.1.1.11.1.1.2
1
2
3
4
5
Inter-AS Distribution:Next-Hop-Self Method on Primary path
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
14/4114 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
Changing next-hop to that of the local ASBR for all VPNv4
routes learnt from the other ASBR. Sample config for ASBR-A200:
address-family vpnv4
neighbor 1.1.1.2 activate
neighbor 1.1.1.2 send-community extended
neighbor 1.1.1.2 route-map SETMETRIC out
neighbor 166.50.10.3 activateneighbor 166.50.10.3 next-hop-self (! PE-200 peer)neighbor 166.50.10.3 send-community extended
neighbor 166.50.10.3 route-map INTER-AS in
exit-address-family
!
ip extcommunity-list 10 permit rt 200:777
!access-list 1 permit any
route-map SETMETRIC permit 10
match ip address 1
set metric 50
!
route-map INTER-AS permit 10
match extcommunity 10
Inter-AS Distribution:Next-Hop-Self Method
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
15/4115 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
ASBRs in AS300 uses the redistribute connected subnets methodto distribute VPNv4 routes
BGP next-hop is not changed for remote VPNv4 routes and willremain that of ASBR-A200 which is 1.1.1.1 (the interface address)
PE-300PE-200
ASBR-B200ASBR-B300
ASBR-A300 ASBR-A200
AS 300 AS 200
29BGP Label:
166.50.10.3
PE-200Next-hop:
200:1:20.1.1.0Network:
29BGP Label:
166.50.10.3
PE-200Next-hop:
200:1:20.1.1.0Network:
20BGP Label:
1.1.1.1
ABSR-A200Next-hop:
200:1:20.1.1.0Network:
20BGP Label:
1.1.1.1
ABSR-A200Next-hop:
200:1:20.1.1.0Network:
20BGP Label:
1.1.1.1
ASBR-A200Next-hop:
200:1:20.1.1.0Network:
1.1.1.11.1.1.2
1
2
3
4
5
Inter-AS Distribution:Redistribute Connected Subnet Method
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
16/4116 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
PE-300PE-200
ASBR-B200ASBR-B300
ASBR-A300 ASBR-A200
AS 300 AS 200 23BGP Label:16IGP Label:
166.50.10.1
ABSR-A200Next-hop:
300:1:30.1.1.0Network:
23BGP Label:
166.50.10.1
ASBR-A200Next-hop:
300:1:30.1.1.0Network:
161BGP Label:
156.50.10.3
PE-300Next-hop:
300:1:30.1.1.0Network:
164BGP Label:
1.1.1.2
ABSR-A300Next-hop:
300:1:30.1.1.0Network:
1.1.1.11.1.1.2
7
54
2
1
23BGP Label:
PopIGP Label:
166.50.10.1
ABSR-A200Next-hop:
300:1:30.1.1.0Network:
3
161BGP Label:162IGP Label:
156.50.10.3
PE-300Next-hop:
300:1:30.1.1.0Network:
161BGP Label:
PopIGP Label:
156.50.10.3
PE-300Next-hop:
300:1:30.1.1.0Network:
6
Inter-AS Distribution:Label Switch Path Next-Hop-Self
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
17/4117 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
PE-300PE-200
ASBR-B200ASBR-B300
ASBR-A300 ASBR-A200
AS 300 AS 20020BGP Label:166IGP Label:
1.1.1.1
ABSR-A200Next-hop:
200:1:20.1.1.0Network:
29BGP Label:
166.50.10.3
PE-200Next-hop:
200:1:20.1.1.0Network:
20BGP Label:
1.1.1.1
ABSR-A200Next-hop:
200:1:20.1.1.0Network:
1.1.1.11.1.1.2
1
34
6
7
29BGP Label:
PopIGP Label:
166.50.10.3
PE-200Next-hop:
200:1:20.1.1.0Network:
5
20BGP Label:
PopIGP Label:
1.1.1.1
ASBR-A200Next-hop:
200:1:20.1.1.0Network:
20BGP Label:
160IGP Label:
1.1.1.1
ASBR-A200Next-hop:
200:1:20.1.1.0Network:
2
29BGP Label:
17IGP Label:
166.50.10.3
PE-200Next-hop:
200:1:20.1.1.0Network:
Inter-AS Distribution: Label Switch PathRedistribute Connected Subnets
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
18/4118 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
Under normal circumstances, all traffic between theAutonomous Systems will travel along the primary eBGPpath, circuit addresses 1.1.1.1 1.1.1.2.
This section verifies that the backup path works correctly
if the primary path failsSimple test was executed with traffic originating from PE300traveling to PE200
Shutdown primary interface on AS200
Backup path is selected on PE-300
Backup path check
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
19/4119 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
PE-300#trace vrf green 20.1.1.1
Type escape sequence to abort.
Tracing the route to 20.1.1.1
1 3.3.3.5 4 msec 4 msec 0 msec
2 3.3.3.1 4 msec 4 msec 0 msec
3 1.1.1.1 4 msec 4 msec 0 msec ASBR-A200 primary4 2.2.2.2 4 msec 0 msec 4 msec
5 20.1.1.1 0 msec * 0 msec
Backup path check:Traceroute on the primary path
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
20/41
20 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
PE-300#trace vrf green 20.1.1.1
Type escape sequence to abort.
Tracing the route to 20.1.1.1
1 3.3.3.5 0 msec 4 msec 0 msec
2 1.1.1.5 0 msec 0 msec 4 msec ASBR-B200 backup3 20.1.1.1 0 msec * 0 msec
Backup path check: Tracerouteon the primary path (Cont.)
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
21/41
21 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
Overview
ASBR 200 configurations
PE-200 configuration
PE-300 VPNv4 BGP Table
Load Balancing VPNv4 PrefixesAcross the Inter-AS Paths
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
22/41
22 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
PE-300PE-200
ASBR-B200ASBR-B300
ASBR-A300 ASBR-A200
AS 300 AS 200
eBGP
20.1.1.0
20.2.1.0 *
vrf red
21.1.1.021.2.1.0
vrf pink
30.1.1.0
vrf green
31.1.1.0
vrf
emerald
VPNv4 Route Distribution between ASs
Route with * disallowedfrom crossing AS (does not hold
RT 777:1 or RT 777:2)
eBGP
Gateway 2
Gateway 1
Only accept routes with RT = 777:1 or 777:2Set next-hop = selfSet MED = 50 if RT 777:1 MED=100 if RT 777:2
Only accept routes with RT = 777:1 or 777:2Set next-hop = selfSet MED = 50 if RT 777:2 MED=100 if RT 777:1
Accept all routesRedistribute connected subnetsSet MED = 100
Accept all routesRedistribute connected subnetsSet MED = 50
Via gateway 1
Via gateway 2
Load Balancing VPNv4 PrefixesAcross the Inter-AS Paths: Topology
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
23/41
23 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
Goal: load balance VPNv4 prefixes across both Inter-ASlinks from AS300 to AS200.
Note that there are two paths:
Gateway 1 (path between ASBR-A200 and ASBR-A300): only VRF
green traffic
Gateway 2 (path between ASBR-B200 & ASBR-B300): only VRFemerald traffic
ASBR-A200: accept routes only from VRF green
ASBR-B200: accept routes only from VRF emerald
If load balancing is required in both directions, mirrorASBR-A200 configuration on ASBR-A300 and ASBR-B200 configuration on ASBR-B300
Load Balancing VPNv4 Prefixes Acrossthe Inter-AS Paths: Goals and Specs
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
24/41
24 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
MED is set at each gateway, depending upon theroute-target/extcommunity value on the VPNv4 route
Route-target = 777:1
Primary: Gateway 1; prefix: MED=50
Backup: Gateway 2; MED=100
Route-target = 777:2
Primary: Gateway 2; prefix: MED=50
Backup: Gateway 1; MED=100 Gateways have both been configured to accept only
VPNv4 routes that have the extcommunity attribute777:1 or 777:2
Load-balancing: VPNv4Related Specifications
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
25/41
25 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
VRF Prefix RT Primary Backup
Red
20.1.1.020.2.1.0
200:1 777:1200:1
ASBR-A200 (1.1.1.1)Denied
ASBR-B200(1.1.1.5)Denied
Pink
21.1.1.021.2.1.0
200:2 777:2200:2 777:2
ASBR-B200 (1.1.1.5)ASBR-B200 (1.1.1.5)
ASBR-A200(1.1.1.1)ASBR-A200(1.1.1.1)
*should see the red routes via 1.1.1.1 and the pink routes via 1.1.1.5
The primary path for VRF pink is via ASBR-B200 All routes in VRF pink have the route-target 777:2; ASBR-A200
will be the backup path (from perspective of the PE-300)
The primary path for VRF red is via ASBR-A200; backup path isvia ASBR-B200
Load Balancing Across the Inter-ASPaths: PE 200 Configuration
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
26/41
26 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
ip vrfpinkrd 200:2
route-target export 200:2
route-target export 777:2 use ASBR-B200 as the primary pathroute-target import 200:2
route-target import 300:2
!
ip vrf red
rd 200:1
export map OUT-INTER-AS
route-target export 200:1
route-target import 200:1
route-target import 300:1
access-list 10 permit 20.1.1.0 0.0.0.55
route-map OUT-INTER-AS permit 10
match ip address 10
set extcommunity rt 777:1 additive use ASBR-A200 as the primary path!
Load Balancing Across the Inter-ASPaths: PE 200 Configuration (Cont.)
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
27/41
27 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
router bgp 200
address-family vpnv4
neighbor 1.1.1.2 activate
neighbor 1.1.1.2 send-community extended
neighbor 1.1.1.2 route-map SETMETRIC out
neighbor 166.50.10.3 activate
neighbor 166.50.10.3 next-hop-self
neighbor 166.50.10.3 send-community extended
neighbor 166.50.10.3 route-map INTER-AS inexit-address-family
!
ip extcommunity-list 10 permit rt 777:1
ip extcommunity-list 11 permit rt 777:2
!
route-map SETMETRIC permit 10
match extcommunity 10
set metric 50 Metric is 100 on ASBR-B200!
route-map SETMETRIC permit 11
match extcommunity 11
set metric 100 Metric is 50 on ASBR-B200!
route-map INTER-AS permit 10
match extcommunity 10 11 AS200 ASBRs to accept VPNv4 routesthat hold the extcommunity attribute of 777:1 or 777:2
Load Balancing Across the Inter-ASPaths: ASBR-A200 Configuration
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
28/41
28 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
Note: BGP VPNv4 table on PE-300 after the VPNv4 routes from AS 200 have been redistributedusing the new route-targets and MED values. As can be seen, the best routes have been chosenand imported into the green and emeraldVRFs using the lowest metric (MED) the next hop
being either 1.1.1.1 or 1.1.1.5.
PE-300#show ip bgp vpnv4 allBGP table version is 99, local router ID is 156.50.10.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 200:1
*>i20.1.1.0/24 1.1.1.1 50 100 0 200 ?
* i 1.1.1.5 100 100 0 200 ?
Route Distinguisher: 200:2
* i21.1.1.0/24 1.1.1.1 100 100 0 200 ?
*>i 1.1.1.5 50 100 0 200 ?
* i21.2.1.0/24 1.1.1.1 100 100 0 200 ?
*>i 1.1.1.5 50 100 0 200 ?
Route Distinguisher: 300:1 (default for vrf green)
*>i20.1.1.0/24 1.1.1.1 50 100 0 200 ? Via ASBR-A200*> 30.1.1.0/24 0.0.0.0 0 32768 ?
Route Distinguisher: 300:2 (default for vrf emerald)*>i21.1.1.0/24 1.1.1.5 50 100 0 200 ? Via ASBR-B200*>i21.2.1.0/24 1.1.1.5 50 100 0 200 ? Via ASBR-B200*> 31.1.1.0/24 0.0.0.0 0 32768 ?
Load Balancing Across the Inter-ASPaths: PE-300 VPNv4 BGP Table
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
29/41
29 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
ASBR-A200
ASBR-A300
ASBR-B200
ASBR-B300
PE-200
PE-300
Configurations
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
30/41
30 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
hostname ABSR-A200!logging rate-limit console 10 except errors!ip subnet-zerono ip fingerno ip domain-lookup!ip cef distributedcall rsvp-synccns event-service server!interface Loopback0ip address 166.50.10.1 255.255.255.255!interface ATM1/0/0ip address 2.2.2.1 255.255.255.252ip route-cache distributedip ospf network point-to-pointno atm ilmi-keepalive
pvc 1/102broadcastencapsulation aal5snap
!tag-switching ip!interface POS1/1/0ip address 1.1.1.1 255.255.255.252ip route-cache distributed
clock source internalpos ais-shutpos report laispos report lrdi!router ospf 200log-adjacency-changesnetwork 2.2.2.0 0.0.0.255 area 0network 166.50.10.0 0.0.0.255 area 0
!router bgp 200no synchronizationno bgp default ipv4-unicastno bgp default route-target filter
bgp log-neighbor-changesneighbor 1.1.1.2 remote-as 300neighbor 166.50.10.3 remote-as 200neighbor 166.50.10.3 update-source Loopback0!address-family vpnv4neighbor 1.1.1.2 activate
!neighbor 1.1.1.2 send-community extendedneighbor 1.1.1.2 route-map SETMETRIC outneighbor 166.50.10.3 activateneighbor 166.50.10.3 next-hop-selfneighbor 166.50.10.3 send-community extendedneighbor 166.50.10.3 route-map INTER-AS inexit-address-family!ip kerberos source-interface anyip classlessno ip http serverip extcommunity-list 10 permit rt 200:777!access-list 1 permit anyroute-map SETMETRIC permit 10match ip address 1
set metric 50!route-map INTER-AS permit 10match extcommunity 10!end
Configurations: ASBR-A200
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
31/41
31 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
hostname ABSR-A300!logging rate-limit console 10 except errors!ip subnet-zerono ip fingerno ip domain-lookup!ip cef distributedtag-switching tag-range downstream 160 1000 0call rsvp-synccns event-service server!interface Loopback0ip address 156.50.10.1 255.255.255.255!interface ATM8/0/0ip address 3.3.3.1 255.255.255.252ip route-cache distributedip ospf network point-to-pointno atm ilmi-keepalive
pvc 1/102broadcastencapsulation aal5snap!tag-switching ip!interface POS8/1/0ip address 1.1.1.2 255.255.255.252
ip route-cache distributedpos ais-shutpos report laispos report lrdi!
!router ospf 300log-adjacency-changesredistribute connected subnetsnetwork 3.3.3.0 0.0.0.3 area 0network 156.50.10.0 0.0.0.255 area 0!router bgp 300no synchronizationno bgp default ipv4-unicastno bgp default route-target filter
bgp log-neighbor-changesneighbor 1.1.1.1 remote-as 200neighbor 156.50.10.3 remote-as 300neighbor 156.50.10.3 update-source Loopback0!address-family vpnv4neighbor 1.1.1.1 activateneighbor 1.1.1.1 send-community extendedneighbor 1.1.1.1 route-map SETMETRIC outneighbor 156.50.10.3 activateneighbor 156.50.10.3 send-community extended
bgp scan-time 10bgp scan-time import 10exit-address-family!ip kerberos source-interface anyip classlessno ip http server
!access-list 1 permit anyroute-map SETMETRIC permit 10match ip address 1set metric 50
Configurations: ASBR-A300
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
32/41
32 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
hostname ABSR-B200!boot system disk0:c7200-js-mz.121-5.T8.binlogging rate-limit console 10 except errorsenable password cisco!ip subnet-zero!no ip fingerno ip domain-lookup!ip cefcall rsvp-synccns event-service server!interface Loopback0ip address 166.50.10.2 255.255.255.255!interface FastEthernet0/0ip address 2.2.2.5 255.255.255.252duplex fulltag-switching ip!interface ATM3/0ip address 2.2.2.2 255.255.255.252ip ospf network point-to-pointno atm ilmi-keepalivepvc 1/102broadcast
encapsulation aal5snap!tag-switching ip!interface POS4/0ip address 1.1.1.5 255.255.255.252no ip route-cache cefclock source internal!
!interface FastEthernet6/0ip address 10.64.37.50 255.255.255.0duplex full!router ospf 200log-adjacency-changesnetwork 2.2.2.0 0.0.0.255 area 0network 166.50.10.0 0.0.0.255 area 0!router bgp 200no synchronizationno bgp default ipv4-unicastno bgp default route-target filterbgp log-neighbor-changesneighbor 1.1.1.6 remote-as 300neighbor 166.50.10.3 remote-as 200neighbor 166.50.10.3 update-source Loopback0!address-family vpnv4neighbor 1.1.1.6 activateneighbor 1.1.1.6 send-community extendedneighbor 1.1.1.6 route-map SETMETRIC outneighbor 166.50.10.3 activateneighbor 166.50.10.3 next-hop-selfneighbor 166.50.10.3 send-community extendedneighbor 166.50.10.3 route-map INTER-AS inexit-address-family!
ip kerberos source-interface anyip classlessno ip http serverip extcommunity-list 10 permit rt 200:777!access-list 1 permit anyroute-map SETMETRIC permit 10match ip address 1set metric 100!route-map INTER-AS permit 10match extcommunity 10!end
Configurations: ASBR-B200
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
33/41
33 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
hostname ABSR-B300!
boot system disk0:c7200-js-mz.121-5.T8.binlogging rate-limit console 10 except errorsenable password cisco!ip subnet-zero!!no ip fingerno ip domain-lookup!ip ceftag-switching tag-range downstream 160 1000 0call rsvp-synccns event-service server!interface Loopback0ip address 156.50.10.2 255.255.255.255
!interface FastEthernet0/0ip address 3.3.3.5 255.255.255.252duplex fulltag-switching ip
!interface ATM3/0ip address 3.3.3.2 255.255.255.252ip ospf network point-to-pointno atm ilmi-keepalive
pvc 1/102broadcastencapsulation aal5snap!tag-switching ip
!interface POS4/0ip address 1.1.1.6 255.255.255.252no ip route-cache cef
!router ospf 300log-adjacency-changesredistribute connected subnetsnetwork 3.3.3.0 0.0.0.3 area 0network 3.3.3.4 0.0.0.3 area 0network 156.50.10.0 0.0.0.255 area 0!router bgp 300no synchronizationno bgp default ipv4-unicastno bgp default route-target filter
bgp log-neighbor-changesneighbor 1.1.1.5 remote-as 200neighbor 156.50.10.3 remote-as 300neighbor 156.50.10.3 update-source Loopback0!address-family vpnv4neighbor 1.1.1.5 activateneighbor 1.1.1.5 send-community extendedneighbor 1.1.1.5 route-map SETMETRIC outneighbor 156.50.10.3 activateneighbor 156.50.10.3 send-community extended
bgp scan-time 10bgp scan-time import 10exit-address-family!ip kerberos source-interface anyip classless
no ip http server!access-list 1 permit anyroute-map SETMETRIC permit 10match ip address 1set metric 100!end
Configurations: ASBR-B300
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
34/41
34 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
hostname PE-200!boot system disk0:c7200-js-mz.121-5c.E8.bin!ip subnet-zero!ip vrf pinkrd 200:2route-target export 200:2route-target export 200:777route-target import 200:2route-target import 300:2!ip vrf redrd 200:1export map OUT-INTER-AS
route-target export 200:1route-target import 200:1route-target import 300:1ip ceftag-switching tdp router-id Loopback0cns event-service server!interface Loopback0ip address 166.50.10.3 255.255.255.255!interface Loopback10ip vrf forwarding redip address 20.1.1.1 255.255.255.0!interface Loopback11
ip vrf forwarding pinkip address 21.1.1.1 255.255.255.0!interface FastEthernet4/0ip address 2.2.2.6 255.255.255.252no ip route-cache cefduplex fulltag-switching ip!router ospf 200log-adjacency-changesnetwork 2.2.2.0 0.0.0.255 area 0network 166.50.10.0 0.0.0.255 area 0
router bgp 200no synchronizationno bgp default ipv4-unicast
bgp log-neighbor-changesneighbor 166.50.10.1 remote-as 200neighbor 166.50.10.1 update-source Loopback0neighbor 166.50.10.2 remote-as 200neighbor 166.50.10.2 update-source Loopback0default-information originate!address-family ipv4 vrf redredistribute connectedredistribute staticno auto-summaryno synchronizationexit-address-family
!address-family ipv4 vrf pinkredistribute connectedredistribute staticdefault-information originateno auto-summaryno synchronizationexit-address-family!address-family vpnv4neighbor 166.50.10.1 activateneighbor 166.50.10.1 send-community extendedneighbor 166.50.10.2 activateneighbor 166.50.10.2 send-community extendeddefault-information originate
exit-address-family!ip classlessip route vrf red 20.2.1.0 255.255.255.0 Loopback10 20.1.1.2ip route vrf pink 21.2.1.0 255.255.255.0 Loopback1121.1.1.2no ip http server!access-list 10 permit 20.1.1.0 0.0.0.55route-map OUT-INTER-AS permit 10match ip address 10set extcommunity rt 200:777 additive!end
Configurations: PE-200
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
35/41
35 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
hostname PE-300!ip subnet-zero!no ip fingerno ip domain-lookup!ip vrf emeraldrd 300:2route-target export 300:2route-target import 300:2route-target import 200:2!ip vrf greenrd 300:1
route-target export 300:1route-target import 300:1route-target import 200:1ip ceftag-switching tag-range downstream 160 1000 0cns event-service server!interface Loopback0ip address 156.50.10.3 255.255.255.255!interface Loopback10ip vrf forwarding greenip address 30.1.1.1 255.255.255.0!interface Loopback11
ip vrf forwarding emeraldip address 31.1.1.1 255.255.255.0!interface ATM1/0no ip addressno ip route-cache cefno atm ilmi-keepalive!interface FastEthernet4/0ip address 3.3.3.6 255.255.255.252duplex fulltag-switching ip!
router ospf 300log-adjacency-changesnetwork 3.3.3.4 0.0.0.3 area 0network 156.50.10.0 0.0.0.255 area 0!router bgp 300no synchronizationno bgp default ipv4-unicast
bgp log-neighbor-changesneighbor 156.50.10.1 remote-as 300neighbor 156.50.10.1 update-source Loopback0neighbor 156.50.10.2 remote-as 300neighbor 156.50.10.2 update-source Loopback0!address-family ipv4 vrf green
redistribute connectedno auto-summaryno synchronizationexit-address-family!address-family ipv4 vrf emeraldredistribute connectedno auto-summaryno synchronizationexit-address-family!address-family vpnv4neighbor 156.50.10.1 activateneighbor 156.50.10.1 send-community extendedneighbor 156.50.10.2 activate
neighbor 156.50.10.2 send-community extendedbgp scan-time 15bgp scan-time import 10exit-address-family!ip classlessno ip http server!tftp-server disk0:c7200-js-mz.121-5c.E8.bin!end
Configurations: PE-300
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
36/41
36 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
INTER-AS SUMMARY
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
37/41
37 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
Service Providers have deployed Inter-AS for:
Scalability purposes
Partitioning the network based on services or management boundaries
Some contract work is in progress amongst Service Providers to
establish partnership and offer end-end VPN services to thecommon customer base
Service Provider networks are completely separate
Do not need to exchange internal prefix or label information
Each Service Provider establishes a direct MP-eBGP sessionwith the others to exchange VPN-IPv4 addresses with labels
/32 route to reach the ASBR is created by default so ASBRs cancommunicate without a need for IGP
Must be redistributed in the receiving Service Providers IGP
Inter-AS Summary
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
38/41
38 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
IGP or LDP across ASBR links is not required
Labels are already assigned to the routes when exchanged via MP-eBGP
Interface used to establish MP-eBGP session does not need to be
associated with a VRF
Direct eBGP routes and labels can be exchanged.
Next-Hop self can be turned on on ASBRs, enabling theASBR to use its own address for next-hop
Using the next-hop self requires an additional entry inthe TFIB for each VPNv4 route (about 180) bytes
If the Service Provider wishes to hide the Inter-AS linkthen use the next-hop-self method otherwise use the
redistribute connected subnets method
Inter-AS Summary (Cont.)
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
39/41
39 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
Multi-hop MP-eBGP sessions can be passed betweenService Providers without conversions to VPNv4 routes
Configuration of VRFs is not required on the ASBRsbecause bgp default route-target filter (automatic route
filtering feature) has been disabled
To conserve memory on both sides of the boundary andimplement a simple form of security, always configureinbound route-maps to filter only routes that need to bepassed to the other AS
Inter-AS Summary (Cont.)
-
8/4/2019 Cisco Mplsvpn Troubleshooting 2
40/41
40 2003 Cisco Systems, Inc. All rights reserved.
MPLS VPN Inter-AS,12/03
References
Inter-AS for MPLS VPNs CCO Documentation:
www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/interas.htm
MPLS and VPN architecturesJim Guichard/Ivan
Pepelnjak ISBN 1-58705-002-1:www.ciscopress.com/book.cfm?book=168
Support for Inter-provider MPLS VPNENG-48803Dan Tappan, (internal only)
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/%0B121newft/121t/121t5/interas.htmhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios121/%0B121newft/121t/121t5/interas.htmhttp://www.ciscopress.com/book.cfm?book=168http://www.ciscopress.com/book.cfm?book=168http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/%0B121newft/121t/121t5/interas.htmhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios121/%0B121newft/121t/121t5/interas.htmhttp://www.cisco.com/univercd/cc/td/doc/product/software/ios121/%0B121newft/121t/121t5/interas.htm -
8/4/2019 Cisco Mplsvpn Troubleshooting 2
41/41