In the previous post we looked at the IGP configuration. That’s now verified and working, so lets move on the BGP and MPLS.

Stage 1 – Build OSPF/ISIS Areas – COMPLETE
Stage 2 – Configure BGP, Create ASBRs/PEs, use RR via R7/R8
Stage 3 – Enable MPLS
Stage 4 – Create InterAS OptC (multihop vpnv4 ebgp between RR lo)
Stage 5 – Connect CEs, CUST1=OSPF CUST2=BGP
Stage 6 – replace some routers with Juniper

Just as a reminder, here is our lab design:

Now for Stage2 – we need to create BGP peering within each AS (to the AS route reflector – R7 or R8) and also create a eBGP peering between AS’s. We will also add in the MPLS label function to BGP, as we will need that for the next stage. A few points about the BGP peers:

1. We are using BGP IPv4 labeled-unicast for the peering, since MPLS labels need to be passed between BGP peers.

2. We will pass the loopback addresses between the eBGP peers via the network statement (rather than a redistribute statement)

3. IOS-XR blocks eBGP route passing by default, so we need the PASS route-policy in place to support the route flow

4. We use the next-hop-self on the ASBR so that routers inside the AS know how to get across to the other AS for their loopbacks and routes

AS21 (R1,R2,R6,R7,R10)

R1

router bgp 21

 bgp router-id 1.1.1.1

 address-family ipv4 unicast

  allocate-label all

 !

 neighbor 7.7.7.7

  remote-as 21

  update-source Loopback0

  address-family ipv4 labeled-unicast

   next-hop-self

  !

R2

route-policy PASS

  pass

end-policy

!

router bgp 21

 bgp router-id 2.2.2.2

 address-family ipv4 unicast

  network 1.1.1.1/32

  network 2.2.2.2/32

  network 6.6.6.6/32

  network 7.7.7.7/32

  network 10.10.10.10/32

  allocate-label all

 !

 neighbor 7.7.7.7

  remote-as 21

  update-source Loopback0

  address-family ipv4 labeled-unicast

   next-hop-self

  !

 !

 neighbor 10.0.29.2

  remote-as 111

  address-family ipv4 labeled-unicast

   route-policy PASS in

   route-policy PASS out

  !

 !

!

R6

router bgp 21

 bgp router-id 6.6.6.6

 bgp log-neighbor-changes

 neighbor 7.7.7.7 remote-as 21

 neighbor 7.7.7.7 update-source Loopback0

 neighbor 10.22.22.2 remote-as 2

 !

 address-family ipv4

  neighbor 7.7.7.7 activate

  neighbor 7.7.7.7 next-hop-self

  neighbor 7.7.7.7 send-label

  neighbor 10.22.22.2 activate

 exit-address-family

 !

R7

router bgp 21

 template peer-policy AS21

  route-reflector-client

  send-community both

  send-label

 exit-peer-policy

 !

 template peer-session AS21_SESS

  remote-as 21

  update-source Loopback0

 exit-peer-session

 !

 bgp router-id 7.7.7.7

 bgp log-neighbor-changes

 no bgp default ipv4-unicast

 neighbor 1.1.1.1 inherit peer-session AS21_SESS

 neighbor 2.2.2.2 inherit peer-session AS21_SESS

 neighbor 6.6.6.6 inherit peer-session AS21_SESS

 neighbor 10.10.10.10 inherit peer-session AS21_SESS

 !

 address-family ipv4

  neighbor 1.1.1.1 activate

  neighbor 1.1.1.1 inherit peer-policy AS21

  neighbor 2.2.2.2 activate

  neighbor 2.2.2.2 inherit peer-policy AS21

  neighbor 6.6.6.6 activate

  neighbor 6.6.6.6 inherit peer-policy AS21

  neighbor 10.10.10.10 activate

  neighbor 10.10.10.10 inherit peer-policy AS21

 exit-address-family

 !

R10

router bgp 21

 bgp router-id 10.10.10.10

 bgp log-neighbor-changes

 neighbor 7.7.7.7 remote-as 21

 neighbor 7.7.7.7 update-source Loopback0

 neighbor 10.0.103.1 remote-as 111

 !

 address-family ipv4

  network 1.1.1.1 mask 255.255.255.255

  network 2.2.2.2 mask 255.255.255.255

  network 6.6.6.6 mask 255.255.255.255

  network 7.7.7.7 mask 255.255.255.255

  network 10.10.10.10 mask 255.255.255.255

  neighbor 7.7.7.7 activate

  neighbor 7.7.7.7 next-hop-self

  neighbor 7.7.7.7 send-label

  neighbor 10.0.103.1 activate

  neighbor 10.0.103.1 send-label

 exit-address-family

BGP peers should now be up, with the 5 local routes coming in from the 2 ASBRs. The RIB failure here is due to the OSPF route already being present in the RIB, so BGP can’t add those routes in (as its less preferred).

OK on to the next AS:

AS111 (R3,R4,R5,R8,R9)

R3

route-policy PASS
  pass
end-policy
!

router bgp 111
 bgp router-id 3.3.3.3
 address-family ipv4 unicast
  network 3.3.3.3/32
  network 4.4.4.4/32
  network 5.5.5.5/32
  network 8.8.8.8/32
  network 9.9.9.9/32
  allocate-label all
 !
 neighbor 8.8.8.8
  remote-as 111
  update-source Loopback0
  address-family ipv4 labeled-unicast
   next-hop-self
  !
 !
 neighbor 10.0.103.2
  remote-as 21
  address-family ipv4 labeled-unicast
   route-policy PASS in
   route-policy PASS out
  !
 !
!

R4

router bgp 111
 bgp router-id 4.4.4.4
 address-family ipv4 unicast
  allocate-label all
 !
 address-family vpnv4 unicast
 !
 neighbor 8.8.8.8
  remote-as 111
  update-source Loopback0
  address-family ipv4 labeled-unicast
   next-hop-self
  !

R5

router bgp 111
 bgp router-id 5.5.5.5
 bgp log-neighbor-changes
 neighbor 8.8.8.8 remote-as 111
 neighbor 8.8.8.8 update-source Loopback0
 neighbor 10.22.222.2 remote-as 2
 !
 address-family ipv4
  neighbor 8.8.8.8 activate
  neighbor 8.8.8.8 next-hop-self
  neighbor 8.8.8.8 send-label
  neighbor 10.22.222.2 activate
 exit-address-family
 !


R8

router bgp 111
 template peer-policy AS111
  route-reflector-client
  send-community both
  send-label
 exit-peer-policy
 !
 template peer-session AS111_SESS
  remote-as 111
  update-source Loopback0
 exit-peer-session
 !
 bgp router-id 8.8.8.8
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 3.3.3.3 inherit peer-session AS111_SESS
 neighbor 4.4.4.4 inherit peer-session AS111_SESS
 neighbor 5.5.5.5 inherit peer-session AS111_SESS
 neighbor 9.9.9.9 inherit peer-session AS111_SESS
 !
 address-family ipv4
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 inherit peer-policy AS111
  neighbor 4.4.4.4 activate
  neighbor 4.4.4.4 inherit peer-policy AS111
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 inherit peer-policy AS111
  neighbor 9.9.9.9 activate
  neighbor 9.9.9.9 inherit peer-policy AS111
 exit-address-family
 !


R9

router bgp 111
 bgp router-id 9.9.9.9
 bgp log-neighbor-changes
 neighbor 8.8.8.8 remote-as 111
 neighbor 8.8.8.8 update-source Loopback0
 neighbor 10.0.29.1 remote-as 21
 !
 address-family ipv4
  network 3.3.3.3 mask 255.255.255.255
  network 4.4.4.4 mask 255.255.255.255
  network 5.5.5.5 mask 255.255.255.255
  network 9.9.9.9 mask 255.255.255.255
  neighbor 8.8.8.8 activate
  neighbor 8.8.8.8 next-hop-self
  neighbor 8.8.8.8 send-label
  neighbor 10.0.29.1 activate
  neighbor 10.0.29.1 send-label
 exit-address-family


We should now have AS111 active, and all peers up, with routes from both AS111 AND loopbacks from AS21, due to the eBGP peering between AS.


Looking at the routing table, we now have BGP routes present (B) from the AS21. Now we need to move on to the next stage, and enable MPLS across the different networks, so that we can get end to end connectivity.

Stage3 – Enable MPLS

We need to turn on MPLS and LDP on each of the routers, and create a static route on the XR ASBR units (since they require a /32 host route between peers to create a correct label path). The easiest way to enable ldp on all the links is to use the auto-config under the IGP, which makes sure that for all IGP enabled interfaces, LDP is also enabled and labels will be created.

R1

router ospf 21
 mpls ldp auto-config

mpls ldp
 router-id 1.1.1.1
 address-family ipv4
 !
!


R2

router static
 address-family ipv4 unicast
  10.0.29.2/32 GigabitEthernet0/0/0/0
 !
!

router ospf 21
 mpls ldp auto-config

!

mpls ldp
 router-id 2.2.2.2
 address-family ipv4
 !
 interface GigabitEthernet0/0/0/0
 !
!

R3

router static
 address-family ipv4 unicast
  10.0.103.2/32 GigabitEthernet0/0/0/2
 !
!

router isis 1
 address-family ipv4 unicast
  mpls ldp auto-config

!

mpls ldp
 router-id 3.3.3.3
 address-family ipv4
 !
 interface GigabitEthernet0/0/0/2
  address-family ipv4
  !
 !
!


R4

router isis 1
 address-family ipv4 unicast
  mpls ldp auto-config

!

mpls ldp
 router-id 4.4.4.4
 address-family ipv4
 !
!


R5

router isis 1
 mpls ldp autoconfig
!

mpls ldp router-id Loopback0

!


R6

router ospf 21
 mpls ldp autoconfig

!


R7

router ospf 21
 mpls ldp autoconfig

!

mpls ldp router-id Loopback0

!


R8

router isis
 mpls ldp autoconfig

!


R9

router isis
 mpls ldp autoconfig

!

interface GigabitEthernet4
 mpls bgp forwarding

!

mpls ldp router-id Loopback0


R10

interface GigabitEthernet1
 mpls bgp forwarding

router ospf 21
 mpls ldp autoconfig

!

mpls ldp router-id Loopback0

So we should now have a full label switched path end to end between the loopbacks of the 2 AS – lets have a look !

Trace from router 5 lo0 to router 6 lo0:

We start with 2 labels in the stack, 24008 is maintained across AS111, then it is pop’ed at the ASBR, and label 27 then label 24005 takes the traffic across AS21 to the final destination.

If we have a look across the other diagonal from AS21 to AS111:

We get the same result, with 2 labels within AS21, then a single label in AS111.

Looking at the MPLS forwarding table on R1, we can also see that routes have either a label or a pop label on them, which is what we want to see. If we see No Label listed here, that normally points to an issue in the config (e.g. MPLS not enabled on one of the interfaces).

We now have end to end MPLS label path, so we are ready to move on to Stage4 and build the L3 VPN tunnels across the core. The next post is HERE

Part 2 – Cisco MPLS L3VPN Lab
Tagged on:                                 

2 thoughts on “Part 2 – Cisco MPLS L3VPN Lab

Leave a Reply

Your email address will not be published. Required fields are marked *