mpls lab solutions

8/19/2019 MPLS Lab Solutions

1/49

1

MPLS Tshoot Lab

Mohammad KhalilCCIE#35484 (R&S,SP)

Network Diagram

R3

R1

R5

R9

AS200AS100

OSPF

A0

R2

R6

R4

OSPF

A0

RIPv2

EIGRP

RIPv2

EIGRPBGP

BGP

R10

R8

AS300

AS300

R7

AS300


2/49

2

Lab Overview

The topology above contains two main ASes with one secondary AS, the main goal ofthe setup is to maintain connectivity among the below

R7 – R10 should communicate with each other via IPv4 (their loopback 0networks)

R7 and R8 should communicate with each other via IPv6 (their loopback 0

betworks) R8 and R10 should communicate with each other via IPv4 (their loopback 1

networks) R8 and R9 should communicate with each other over the subnet 172.16.89.0/24

In check commands format, you should match the below outputs

tclshforeach x {7.7.7.78.8.8.89.9.9.9

10.10.10.10} { ping $x source lo0 }

R8#ping vrf ABC 100.10.10.10 source lo1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 100.10.10.10, timeout is 2 seconds:

Packet sent with a source address of 88.8.8.8!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 44/70/120 ms

R10#ping vrf ABC 88.8.8.8 source lo1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 88.8.8.8, timeout is 2 seconds:Packet sent with a source address of 100.10.10.10

!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 32/62/156 ms

R7#ping 2001::8 source lo0Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 2001::8, timeout is 2 seconds:

Packet sent with a source address of 2001::7!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 68/78/104 ms

R8#ping 2001::7 source lo0Type escape sequence to abort.


3/49

3

Sending 5, 100-byte ICMP Echos to 2001::7, timeout is 2 seconds:Packet sent with a source address of 2001::8!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 64/103/192 ms

R8#ping 172.16.89.9Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.89.9, timeout is 2 seconds:


R8#ping vrf ABC 100.10.10.10 source lo1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 100.10.10.10, timeout is 2 seconds:


R10#ping vrf ABC 88.8.8.8 source lo1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 88.8.8.8, timeout is 2 seconds:Packet sent with a source address of 100.10.10.10

!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 32/72/148 msR9#ping 172.16.89.8

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.89.8, timeout is 2 seconds:!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 68/84/120 ms

Several faults have been injected into the topology, these faults focus on different

technologies

You should find, troubleshoot and resolve

Do not make all your actions remove, modify!


4/49

4

Solutions

One of the tricks in troubleshooting labs is to turn off logging to the console in order tohide any message that could assist in solving problems, so let us turn on the logging on

all routers

R1 – R10logging console

Let us start now by dividing the areas we are going to work on

The IGP inside both ASes is OSPF, so let us check our OSPF adjacencies

R1#sh ip ospf neighbor

R1#

R1 should have neighborship with R4

R1#debug ip ospf adjOSPF adjacency debugging is onR1#*Aug 17 13:15:46.986: OSPF-1 ADJ Fa2/0: Send with youngest Key 2R1#*Aug 17 13:15:49.362: OSPF-1 ADJ Fa2/0: Rcv pkt from 192.168.14.4 :

Mismatched Authentication Key - No message digest key 1 on interface

So, the error is clear, there is a mismatch in the authentication key ID

R1#sh ip ospf interface fastEthernet 2/0 | include authentication|key

Message digest authentication enabledYoungest key id is 2

R4#sh ip ospf interface fastEthernet 1/0 | include authentication|keyMessage digest authentication enabled

Youngest key id is 1

R1#sh run int f2/0 | inc keyip ospf message-digest-key 2 md5 cisco

R1interface fastEthernet 2/0no ip ospf message-digest-key 2 md5 ciscoip ospf message-digest-key 1 md5 cisco


5/49

5

R1#*Aug 17 13:18:29.430: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on FastEthernet2/0from LOADING to FULL, Loading Done

R1#

*Aug 17 13:18:36.718: %BGP-5-ADJCHANGE: neighbor 4.4.4.4 Up*Aug 17 13:18:36.726: %LDP-5-NBRCHG: LDP Neighbor 4.4.4.4:0 (1) is UP


Neighbor ID Pri State Dead Time Address Interface

4.4.4.4 1 FULL/DR 00:00:38 192.168.14.4 FastEthernet2/0

R1#sh ip route ospf

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISP+ - replicated route, % - next hop override

Gateway of last resort is not set

4.0.0.0/32 is subnetted, 1 subnets

O 4.4.4.4 [110/2] via 192.168.14.4, 00:00:24, FastEthernet2/0

R1#ping 4.4.4.4 source lo0Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:


Let us move now to AS 200 and check the OSPF neighborships


R2#

As well R2 has no active relations

R2#debug ip ospf adj

OSPF adjacency debugging is onR2#*Aug 17 13:25:53.090: OSPF-1 ADJ Fa2/0: Rcv pkt from 192.168.25.5, :

Mismatched Authentication Key - Clear Text


6/49

6

There is mismatch in the authentication key between R2 and R5

R2#sh ip ospf interface fastEthernet 2/0 | include authenticationSimple password authentication enabled

R5#sh ip ospf interface fastEthernet 1/0 | include authenticationSimple password authentication enabled

R2#sh run int f2/0 | include ospfip ospf authentication

ip ospf authentication-key cisc0

R5#sh run int f1/0 | inc ospf

ip ospf authenticationip ospf authentication-key cisco

R2interface fastEthernet 2/0ip ospf authentication-key cisco

R2#

*Aug 17 13:28:26.046: %OSPF-5-ADJCHG: Process 1, Nbr 5.5.5.5 on FastEthernet2/0from LOADING to FULL, Loading Done



5.5.5.5 1 FULL/DR 00:00:37 192.168.25.5 FastEthernet2/0

Still R2 needs a neighborship with R3 but not shown in the show ip ospf neighbiors

output, let us check

R3#sh cdp neighborsCapability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port IDR1.lab.local Fas 1/0 141 R 7206VXR Fas 1/1

R2.lab.local Fas 1/1 154 R 7206VXR Fas 1/1R5.lab.local Fas 2/1 175 R 7206VXR Fas 2/0R6.lab.local Fas 2/0 145 R 7206VXR Fas 1/0

R3#sh run int f1/1interface FastEthernet1/1

ip address 192.168.23.3 255.255.255.0


7/49

7

speed 100duplex fullmpls ip

R3#ping 192.168.23.2

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 192.168.23.2, timeout is 2 seconds:.!!!!


So, there is IP reachability

R3#sh ip ospf interface briefInterface PID Area IP Address/Mask Cost State Nbrs F/C

Lo0 1 0 3.3.3.3/32 1 LOOP 0/0Fa2/1 1 0 192.168.35.3/24 1 DR 0/0Fa2/0 1 0 192.168.36.3/24 1 BDR 1/1

We can see that FastEthernet1/1 is not included in the ospf enabled interfaces, let uscheck the global OSPF configuration

R3#sh run | sec router ospf

router ospf 1router-id 3.3.3.3network 3.3.3.3 0.0.0.0 area 0

network 192.168.35.3 0.0.0.0 area 0

network 192.168.36.3 0.0.0.0 area 0

As can be seen from the output above, there is no network statement for the interfaceof concern, let us add it

R3router ospf 1network 192.168.23.3 0.0.0.0 area 0

R3#*Aug 17 13:33:05.242: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on FastEthernet1/1from LOADING to FULL, Loading Done


Neighbor ID Pri State Dead Time Address Interface5.5.5.5 1 FULL/DR 00:00:31 192.168.25.5 FastEthernet2/0

3.3.3.3 1 FULL/BDR 00:00:35 192.168.23.3 FastEthernet1/1

*Aug 17 13:33:25.834: %LDP-5-NBRCHG: LDP Neighbor 3.3.3.3:0 (1) is UP


8/49

8

Now, if we checked R5



3.3.3.3 1 INIT/DROTHER 00:00:35 192.168.35.3 FastEthernet2/06.6.6.6 0 FULL/ - 00:00:33 192.168.56.6 FastEthernet1/12.2.2.2 1 FULL/BDR 00:00:35 192.168.25.2 FastEthernet1/0

As we can see that the relation with R3 is stuck in INIT state which means there issomething forbid OSPF hello messages from being exchanged

R3#sh ip interface fastEthernet 2/1 | include accessOutgoing access list is not set

Inbound access list is DENY_OSPFIP access violation accounting is disabled

R3#sh access-listsExtended IP access list DENY_OSPF

10 deny ospf any any (61548 matches)20 permit ip any any (133501 matches)

R3ip access-list extended DENY_OSPFno deny ospf any any

R3#*Aug 19 09:56:52.327: %OSPF-5-ADJCHG: Process 1, Nbr 5.5.5.5 on FastEthernet2/1

from LOADING to FULL, Loading Done


Neighbor ID Pri State Dead Time Address Interface2.2.2.2 1 FULL/DR 00:00:34 192.168.23.2 FastEthernet1/15.5.5.5 1 FULL/DR 00:00:32 192.168.35.5 FastEthernet2/16.6.6.6 1 FULL/DR 00:00:35 192.168.36.6 FastEthernet2/0

Now, back to R5 again


Neighbor ID Pri State Dead Time Address Interface3.3.3.3 1 FULL/BDR 00:00:32 192.168.35.3 FastEthernet2/0

6.6.6.6 0 FULL/ - 00:00:38 192.168.56.6 FastEthernet1/12.2.2.2 1 FULL/BDR 00:00:33 192.168.25.2 FastEthernet1/0


9/49

9

R5#sh ip ospf neighbor | inc 6.6.6.66.6.6.6 0 FULL/ - 00:00:31 192.168.56.6 FastEthernet1/1

R6#sh ip ospf neighbor | inc 5.5.5.55.5.5.5 1 FULL/BDR 00:00:37 192.168.56.5 FastEthernet1/1

We can see that the election takes place on router and not on the other

R5#sh ip ospf interface fastEthernet 1/1 | inc NetworkInternet Address 192.168.56.5/24, Area 0, Attached via Network StatementProcess ID 1, Router ID 5.5.5.5, Network Type POINT_TO_POINT, Cost: 1

R6#sh ip ospf interface fastEthernet 1/1 | inc NetworkInternet Address 192.168.56.6/24, Area 0, Attached via Network Statement

Process ID 1, Router ID 6.6.6.6, Network Type BROADCAST, Cost: 1

So, the network type does not match on both interfaces

R5#sh run int f1/1 | inc ospfip ospf network point-to-point

R6int f1/1ip ospf network point-to-point

*Aug 19 10:00:45.682: %OSPF-5-ADJCHG: Process 1, Nbr 5.5.5.5 on FastEthernet1/1

from FULL to DOWN, Neighbor Down: Interface down or detached*Aug 19 10:00:45.778: %OSPF-5-ADJCHG: Process 1, Nbr 5.5.5.5 on FastEthernet1/1

from LOADING to FULL, Loading Done

R5#sh ip ospf neighbor | inc 6.6.6.6

6.6.6.6 0 FULL/ - 00:00:34 192.168.56.6 FastEthernet1/1

R6#sh ip ospf neighbor | inc 5.5.5.55.5.5.5 0 FULL/ - 00:00:36 192.168.56.5 FastEthernet1/1

The neighborship were up due to the match in the hello/dead time intervals values, butthis will affect routes exchange between the routers on this link

Now, let us check our MPLS LDP neighborships

R6#show mpls ldp neighborPeer LDP Ident: 3.3.3.3:0; Local LDP Ident 6.6.6.6:0

TCP connection: 3.3.3.3.646 - 6.6.6.6.62211State: Oper; Msgs sent/rcvd: 11176/11183; DownstreamUp time: 6d18h

LDP discovery sources:


10/49

10

FastEthernet1/0, Src IP addr: 192.168.36.3Addresses bound to peer LDP Ident:192.168.13.3 192.168.23.3 192.168.35.3 3.3.3.3192.168.36.3

R6#show mpls interfacesInterface IP Tunnel BGP Static OperationalFastEthernet1/0 Yes (ldp) No No No Yes

FastEthernet1/1 Yes (ldp) No No No Yes

So, we should have another LDP peering to R5

R5#show mpls interfacesInterface IP Tunnel BGP Static Operational

FastEthernet1/0 Yes (tdp) No No No YesFastEthernet1/1 Yes (tdp) No No No YesFastEthernet2/0 Yes (tdp) No No No Yes

As we can see, the label distribution protocol on R5 is TDP (by default it’s LDP), so acommand has been entered to change this

R5#show run | sec label

mpls label protocol tdp

R5mpls label protocol ldp

R5#

*Aug 19 10:04:43.978: %LDP-5-NBRCHG: LDP Neighbor 2.2.2.2:0 (1) is UP*Aug 19 10:04:44.050: %LDP-5-NBRCHG: LDP Neighbor 3.3.3.3:0 (2) is UP*Aug 19 10:04:44.058: %LDP-5-NBRCHG: LDP Neighbor 6.6.6.6:0 (3) is UP

*Aug 19 10:04:44.162: %SYS-5-CONFIG_I: Configured from console by console*Aug 19 10:04:44.278: %LDP-5-NBRCHG: LDP Neighbor (vrf MSSK) 8.8.8.8:0 (4) is UP

Let us check the other routers


TCP connection: 4.4.4.4.60958 - 1.1.1.1.646State: Oper; Msgs sent/rcvd: 3083/3077; Downstream

Up time: 1d20hLDP discovery sources:FastEthernet2/0, Src IP addr: 192.168.14.4

Addresses bound to peer LDP Ident:192.168.14.4 4.4.4.4


11/49

11


TCP connection: 3.3.3.3.44383 - 2.2.2.2.646State: Oper; Msgs sent/rcvd: 3065/3072; DownstreamUp time: 1d20h

LDP discovery sources:FastEthernet1/1, Src IP addr: 192.168.23.3

Addresses bound to peer LDP Ident:

192.168.13.3 192.168.23.3 192.168.35.3 3.3.3.3192.168.36.3

Peer LDP Ident: 5.5.5.5:0; Local LDP Ident 2.2.2.2:0

TCP connection: 5.5.5.5.20372 - 2.2.2.2.646State: Oper; Msgs sent/rcvd: 16/14; DownstreamUp time: 00:01:02

LDP discovery sources:FastEthernet2/0, Src IP addr: 192.168.25.5Addresses bound to peer LDP Ident:192.168.25.5 192.168.56.5 192.168.35.5 5.5.5.5


TCP connection: 6.6.6.6.62211 - 3.3.3.3.646

State: Oper; Msgs sent/rcvd: 11186/11180; DownstreamUp time: 6d18hLDP discovery sources:

FastEthernet2/0, Src IP addr: 192.168.36.6

Addresses bound to peer LDP Ident:192.168.36.6 192.168.56.6 6.6.6.6

Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 3.3.3.3:0TCP connection: 2.2.2.2.646 - 3.3.3.3.44383State: Oper; Msgs sent/rcvd: 3072/3065; Downstream

Up time: 1d20hLDP discovery sources:FastEthernet1/1, Src IP addr: 192.168.23.2

Addresses bound to peer LDP Ident:192.168.12.2 192.168.23.2 192.168.25.2 2.2.2.2

Peer LDP Ident: 5.5.5.5:0; Local LDP Ident 3.3.3.3:0TCP connection: 5.5.5.5.64473 - 3.3.3.3.646

State: Oper; Msgs sent/rcvd: 16/14; DownstreamUp time: 00:01:12



192.168.25.5 192.168.56.5 192.168.35.5 5.5.5.5

R4#show mpls ldp neighbor



12/49

12

TCP connection: 1.1.1.1.646 - 4.4.4.4.60958State: Oper; Msgs sent/rcvd: 3078/3083; DownstreamUp time: 1d20hLDP discovery sources:FastEthernet1/0, Src IP addr: 192.168.14.1

Addresses bound to peer LDP Ident:192.168.12.1 192.168.13.1 192.168.14.1 1.1.1.1


TCP connection: 2.2.2.2.646 - 5.5.5.5.20372

State: Oper; Msgs sent/rcvd: 14/16; DownstreamUp time: 00:01:27LDP discovery sources:

FastEthernet1/0, Src IP addr: 192.168.25.2Addresses bound to peer LDP Ident:192.168.12.2 192.168.23.2 192.168.25.2 2.2.2.2

Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 5.5.5.5:0TCP connection: 3.3.3.3.646 - 5.5.5.5.64473State: Oper; Msgs sent/rcvd: 14/16; DownstreamUp time: 00:01:27LDP discovery sources:

FastEthernet2/0, Src IP addr: 192.168.35.3Addresses bound to peer LDP Ident:192.168.13.3 192.168.23.3 192.168.35.3 3.3.3.3

192.168.36.3

Peer LDP Ident: 6.6.6.6:0; Local LDP Ident 5.5.5.5:0TCP connection: 6.6.6.6.41661 - 5.5.5.5.646

State: Oper; Msgs sent/rcvd: 14/14; DownstreamUp time: 00:01:27LDP discovery sources:

FastEthernet1/1, Src IP addr: 192.168.56.6Addresses bound to peer LDP Ident:192.168.36.6 192.168.56.6 6.6.6.6


TCP connection: 3.3.3.3.646 - 6.6.6.6.62211

State: Oper; Msgs sent/rcvd: 11180/11187; DownstreamUp time: 6d18h



192.168.13.3 192.168.23.3 192.168.35.3 3.3.3.3192.168.36.3


TCP connection: 5.5.5.5.646 - 6.6.6.6.41661


13/49

13

State: Oper; Msgs sent/rcvd: 14/14; DownstreamUp time: 00:01:34LDP discovery sources:FastEthernet1/1, Src IP addr: 192.168.56.5


192.168.25.5 192.168.56.5 192.168.35.5 5.5.5.5

Now, let us start by checking the PE-CE routing protocols and check if we are receiving

our customers’ routes

Starting from R4

R4#sh ip vrfName Default RD Interfaces

MSSK 100:1 Fa1/1Fa2/0.49R4#sh run int f1/1interface FastEthernet1/1vrf forwarding MSSKip address 10.10.47.4 255.255.255.0speed 100duplex full

ipv6 address 2001:10:47::4/64

R4#ping vrf MSSK 10.10.47.7


Sending 5, 100-byte ICMP Echos to 10.10.47.7, timeout is 2 seconds:!!!!!


R4#sh ip route vrf MSSK rip

Routing Table: MSSKCodes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override


R 7.0.0.0/8 [120/1] via 10.10.47.7, 00:00:04, FastEthernet1/1

Let us check the loopback interface on R7


14/49

14

R7#sh run int lo0interface Loopback0ip address 7.7.7.7 255.255.255.255ipv6 address 2001::7/128

So, the subnet mask is not the same as advertised, so the first thing that stroke inmind is auto-summary

R7#sh ip protocols*** IP Routing is NSF aware ***

Routing Protocol is "rip"Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not setSending updates every 30 seconds, next due in 11 secondsInvalid after 180 seconds, hold down 180, flushed after 240Redistributing: ripDefault version control: send version 2, receive version 2

Interface Send Recv Triggered RIP Key-chainFastEthernet1/0 2 2Loopback0 2 2

Automatic network summarization is in effectMaximum path: 4Routing for Networks:

7.0.0.0

10.0.0.0Routing Information Sources:

Gateway Distance Last Update10.10.47.4 120 00:00:12

Distance: (default is 120)

Routing Protocol is "bgp 300"Outgoing update filter list for all interfaces is not setIncoming update filter list for all interfaces is not setIGP synchronization is disabledAutomatic route summarization is disabledMaximum path: 1

Routing Information Sources:Gateway Distance Last Update

Distance: external 20 internal 200 local 200

R7#sh run | sec router rip

router ripversion 2network 7.0.0.0

network 10.0.0.0


15/49

15

R7router ripno auto-summary

R7#sh run | sec router ripversion 2network 7.0.0.0

network 10.0.0.0no auto-summary


Routing Table: MSSK

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISP+ - replicated route, % - next hop override



R 7.7.7.7 [120/1] via 10.10.47.7, 00:00:03, FastEthernet1/1

R4#ping vrf MSSK 7.7.7.7Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:


R4#sh run int f2/0.49interface FastEthernet2/0.49encapsulation dot1Q 49vrf forwarding MSSK

ip address 10.10.49.4 255.255.255.0ipv6 address 2001:10:49::4/64

R4#ping vrf MSSK 10.10.49.9Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.10.49.9, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 8/36/116 ms


16/49

16

R4#sh ip eigrp vrf MSSK neighborsEIGRP-IPv4 Neighbors for AS(48) VRF(MSSK)

R9#debug eigrp neighborsEIGRP Static Neighbor debugging is on

R9#*Aug 19 12:35:42.294: EIGRP: Sending HELLO on Fa1/0.49 - paklen 20

*Aug 19 12:35:42.294: AS 49, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQun/rely 0/0

So R9 is trying to establish adjacency on AS 49

R4#sh ip protocols vrf MSSK

*** IP Routing is NSF aware ***

Routing Protocol is "rip"Outgoing update filter list for all interfaces is not setIncoming update filter list for all interfaces is not setSending updates every 30 seconds, next due in 20 secondsInvalid after 180 seconds, hold down 180, flushed after 240Redistributing: rip, bgp 100

Default version control: send version 2, receive version 2Interface Send Recv Triggered RIP Key-chainFastEthernet1/1 2 2

FastEthernet2/0.49 2 2

Maximum path: 4Routing for Networks:


Gateway Distance Last Update

10.10.47.7 120 00:00:26Distance: (default is 120)

Routing Protocol is "eigrp 48"Outgoing update filter list for all interfaces is not setIncoming update filter list for all interfaces is not setDefault networks flagged in outgoing updates

Default networks accepted from incoming updatesRedistributing: rip, bgp 100

EIGRP-IPv4 Protocol for AS(48) VRF(MSSK)Metric weight K1=1, K2=0, K3=1, K4=0, K5=0NSF-aware route hold timer is 240

Router-ID: 10.10.49.4Topology : 0 (base)Active Timer: 3 min

Distance: internal 90 external 170


17/49

17

Maximum path: 4Maximum hopcount 100Maximum metric variance 1Total Prefix Count: 6Total Redist Count: 5

Automatic Summarization: disabledMaximum path: 4

Routing for Networks:10.10.49.4/32

Routing Information Sources:

Gateway Distance Last UpdateDistance: internal 90 external 170

Routing Protocol is "bgp 100"Outgoing update filter list for all interfaces is not setIncoming update filter list for all interfaces is not setIGP synchronization is disabledAutomatic route summarization is disabledRedistributing: ripMaximum path: 1Routing Information Sources:

Gateway Distance Last UpdateDistance: external 20 internal 200 local 200

So R4 is configured for a wrong AS (does not match R9)

R4#sh run | sec router eigrp

router eigrp 49!address-family ipv4 vrf MSSK autonomous-system 48

redistribute bgp 100 metric 1000 1000 255 1 1500redistribute rip metric 1000 1000 255 1 1500network 10.10.49.4 0.0.0.0exit-address-family

debug eigrp address-family ipv4 vrf MSSK neighbor

R4router eigrp 49

no address-family ipv4 vrf MSSK autonomous-system 48address-family ipv4 vrf MSSK autonomous-system 49redistribute bgp 100 metric 1000 1000 255 1 1500

redistribute rip metric 1000 1000 255 1 1500network 10.10.49.4 0.0.0.0


18/49

18

*Aug 19 15:51:07.885: EIGRP: New peer 10.10.49.9R4#*Aug 19 15:51:07.885: %DUAL-5-NBRCHANGE: EIGRP-IPv4 49: Neighbor 10.10.49.9(FastEthernet2/0.49) is up: new adjacency

R4#sh ip route vrf MSSK eigrp

Routing Table: MSSK

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP+ - replicated route, % - next hop override


9.0.0.0/32 is subnetted, 1 subnetsD 9.9.9.9 [90/156160] via 10.10.49.9, 00:00:47, FastEthernet2/0.49R4#ping vrf MSSK 9.9.9.9

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:!!!!!


Before moving to the other AS, R7 and R9 belong to the same VRF on the same PE, so

if there is mutual redistribution between the EIGRP process and the RIP process, R7and R9 should be able to communicate

R7#sh ip route | inc 9.9.9.9R7#

Let us check the redistribution on R4

R4#sh run | sec router riprouter rip

address-family ipv4 vrf MSSKredistribute bgp 100 metric 15

network 10.0.0.0no auto-summaryversion 2

exit-address-family

So , we are not redistributing EIGRP , as well we discovered another error by justlooking at the output above which is the metric for BGP redistributed routes , 15


19/49

19

which means the packet will die when arriving at the next hop , so two actions shouldbe taken now

R4router rip

address-family ipv4 vrf MSSKno redistribute bgp 100 metric 15redistribute bgp 100 metric 1

redistribute eigrp 49 metric 1

R7#sh ip route | inc 9.9.9.9

R 9.9.9.9 [120/1] via 10.10.47.4, 00:00:13, FastEthernet1/0

R7#ping 9.9.9.9 source lo0

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:Packet sent with a source address of 7.7.7.7!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 24/50/88 ms

R7#traceroute 9.9.9.9 source lo0 numericType escape sequence to abort.

Tracing the route to 9.9.9.9VRF info: (vrf in name/id, vrf out name/id)

1 10.10.47.4 36 msec 16 msec 8 msec

2 10.10.49.9 24 msec * 24 msec

Let us move now to AS 200 and check their CEs

R5#sh ip vrfName Default RD Interfaces

MSSK 200:1 Fa2/1.58

R5#sh run int f2/1.58interface FastEthernet2/1.58encapsulation dot1Q 58vrf forwarding MSSKip address 10.10.58.5 255.255.255.0

ipv6 address 2001:10:58::5/64mpls ip




20/49

20

R5#sh ip eigrp vrf MSSK neighborsEIGRP-IPv4 Neighbors for AS(58) VRF(MSSK)H Address Interface Hold Uptime SRTT RTO Q Seq

(sec) (ms) Cnt Num0 10.10.58.8 Fa2/1.58 11 1w1d 166 996 0 36

R5#sh ip route vrf MSSK eigrp

Routing Table: MSSKCodes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISP+ - replicated route, % - next hop override


8.0.0.0/32 is subnetted, 1 subnetsD 8.8.8.8 [90/156160] via 10.10.58.8, 1w1d, FastEthernet2/1.58


Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:


R6#sh run int f2/0interface FastEthernet2/0

vrf forwarding MSSKip address 10.10.106.6 255.255.255.0speed 100duplex fullipv6 address 2001:10:106::6/64


Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.10.106.10, timeout is 2 seconds:



Routing Table: MSSK

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP


21/49

21

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static route



R6#

So there are no routes received from R10

R6#sh ip protocols vrf MSSK ?summary Short form answer| Output modifiers

R6#sh ip protocols vrf MSSK*** IP Routing is NSF aware ***

Routing Protocol is "rip"Outgoing update filter list for all interfaces is not setIncoming update filter list for all interfaces is not set

Sending updates every 30 seconds, next due in 17 seconds

Invalid after 180 seconds, hold down 180, flushed after 240Redistributing: rip, bgp 200

Default version control: send version 2, receive version 2Interface Send Recv Triggered RIP Key-chainFastEthernet2/0 2 2

Maximum path: 4Routing for Networks:


Gateway Distance Last Update10.10.106.10 120 1w0d

Distance: (default is 120)

Routing Protocol is "bgp 200"

Outgoing update filter list for all interfaces is not setIncoming update filter list for all interfaces is not setIGP synchronization is disabled

Automatic route summarization is disabledRedistributing: ripMaximum path: 1

Routing Information Sources:


22/49

22

Gateway Distance Last UpdateDistance: external 20 internal 200 local 200

R10#sh ip protocols*** IP Routing is NSF aware ***

Routing Protocol is "rip"Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not setSending updates every 30 seconds, next due in 9 secondsInvalid after 180 seconds, hold down 180, flushed after 240

Redistributing: ripDefault version control: send version 1, receive version 1

Interface Send Recv Triggered RIP Key-chain

FastEthernet1/0 1 1Loopback0 1 1Automatic network summarization is not in effectMaximum path: 4Routing for Networks:


Gateway Distance Last Update

10.10.106.6 120 1w0dDistance: (default is 120)

Routing Protocol is "bgp 300"

Outgoing update filter list for all interfaces is not setIncoming update filter list for all interfaces is not set

IGP synchronization is disabledAutomatic route summarization is disabledNeighbor(s):

Address FiltIn FiltOut DistIn DistOut Weight RouteMap8.8.8.8

Maximum path: 1Routing Information Sources:

Gateway Distance Last Update8.8.8.8 200 1w0d

Distance: external 20 internal 200 local 200

As can be seen, the RIP version on R10 is version 1

R10router rip

version 2




23/49

23


Now the relations with customers is operational, let us move to the route

advertisements

R4#show bgp vpnv4 unicast all summary

BGP router identifier 4.4.4.4, local AS number 100BGP table version is 190, main routing table version 19011 network entries using 1716 bytes of memory

11 path entries using 880 bytes of memory6/6 BGP path/bestpath attribute entries using 864 bytes of memory3 BGP AS-PATH entries using 72 bytes of memory

5 BGP extended community entries using 418 bytes of memory0 BGP route-map cache entries using 0 bytes of memory0 BGP filter-list cache entries using 0 bytes of memoryBGP using 3950 total bytes of memoryBGP activity 67/53 prefixes, 143/129 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/DownState/PfxRcd

1.1.1.1 4 100 5003 4996 190 0 0 3d03h 4

R4#show bgp vpnv4 unicast all

BGP table version is 190, local router ID is 4.4.4.4

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,Origin codes: i - IGP, e - EGP, ? - incompleteRPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:1 (default for vrf MSSK)*> 7.7.7.7/32 10.10.47.7 1 32768 ?*>i 8.8.8.8/32 1.1.1.1 0 100 0 200 ?*>i 10.10.10.10/32 1.1.1.1 0 100 0 200 ?*> 10.10.47.0/24 0.0.0.0 0 32768 ?

*> 10.10.49.0/24 0.0.0.0 0 32768 ?*>i 10.10.58.0/24 1.1.1.1 0 100 0 200 ?

*>i 10.10.106.0/24 1.1.1.1 0 100 0 200 ?Route Distinguisher: 200:1*>i 8.8.8.8/32 1.1.1.1 0 100 0 200 ?

*>i 10.10.10.10/32 1.1.1.1 0 100 0 200 ?*>i 10.10.58.0/24 1.1.1.1 0 100 0 200 ?*>i 10.10.106.0/24 1.1.1.1 0 100 0 200 ?


24/49

24

R6#show bgp vpnv4 unicast allBGP table version is 175, local router ID is 6.6.6.6Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incompleteRPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:1* i 7.7.7.7/32 192.168.12.1 0 100 0 100 ?

* i 10.10.47.0/24 192.168.12.1 0 100 0 100 ?* i 10.10.49.0/24 192.168.12.1 0 100 0 100 ?

Route Distinguisher: 200:1 (default for vrf MSSK)

* i 7.7.7.7/32 192.168.12.1 0 100 0 100 ?*>i 8.8.8.8/32 5.5.5.5 156160 100 0 ?*> 10.10.10.10/32 10.10.106.10 1 32768 ?* i 10.10.47.0/24 192.168.12.1 0 100 0 100 ?* i 10.10.49.0/24 192.168.12.1 0 100 0 100 ?*>i 10.10.58.0/24 5.5.5.5 0 100 0 ?*> 10.10.106.0/24 0.0.0.0 0 32768 ?

If we looked at the table below, we can see that there are some routes are not installedin the routing table (not best) and the next-hop is 192.168.12.1, which leads us toconclude that we should have next-hop-self with our VPNv4 route reflector

R2#sh run | sec router bgprouter bgp 200

bgp log-neighbor-changesno bgp default ipv4-unicastno bgp default route-target filter

neighbor 3.3.3.3 remote-as 200neighbor 3.3.3.3 update-source Loopback0neighbor 5.5.5.5 remote-as 200neighbor 5.5.5.5 update-source Loopback0neighbor 6.6.6.6 remote-as 200neighbor 6.6.6.6 update-source Loopback0neighbor 192.168.12.1 remote-as 100

!address-family ipv4

network 2.2.2.2 mask 255.255.255.255network 5.5.5.5 mask 255.255.255.255neighbor 192.168.12.1 activate

neighbor 192.168.12.1 send-labelexit-address-family!

address-family vpnv4


25/49

25

neighbor 3.3.3.3 activateneighbor 3.3.3.3 send-community bothneighbor 3.3.3.3 route-reflector-clientneighbor 3.3.3.3 next-hop-selfneighbor 5.5.5.5 activate

neighbor 5.5.5.5 send-community bothneighbor 5.5.5.5 next-hop-selfneighbor 6.6.6.6 activate

neighbor 6.6.6.6 send-community bothneighbor 6.6.6.6 route-reflector-clientneighbor 192.168.12.1 activate

neighbor 192.168.12.1 send-community bothexit-address-family!

address-family vpnv6neighbor 3.3.3.3 activateneighbor 3.3.3.3 send-community bothexit-address-family

R2router bgp 200address-family vpnv4

neighbor 6.6.6.6 next-hop-self


BGP table version is 181, local router ID is 6.6.6.6

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,


Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:1*>i 7.7.7.7/32 2.2.2.2 0 100 0 100 ?*>i 10.10.47.0/24 2.2.2.2 0 100 0 100 ?*>i 10.10.49.0/24 2.2.2.2 0 100 0 100 ?


*>i 7.7.7.7/32 2.2.2.2 0 100 0 100 ?*>i 8.8.8.8/32 5.5.5.5 156160 100 0 ?

*> 10.10.10.10/32 10.10.106.10 1 32768 ?*>i 10.10.47.0/24 2.2.2.2 0 100 0 100 ?*>i 10.10.49.0/24 2.2.2.2 0 100 0 100 ?

*>i 10.10.58.0/24 5.5.5.5 0 100 0 ?*> 10.10.106.0/24 0.0.0.0 0 32768 ?

If we looked at R5 BGP VPNv4 table, we can see it’s missing something


26/49

26


r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,


Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 200:1 (default for vrf MSSK)

*> 8.8.8.8/32 10.10.58.8 156160 32768 ?*>i 10.10.10.10/32 6.6.6.6 1 100 0 ?*> 10.10.58.0/24 0.0.0.0 0 32768 ?

*>i 10.10.106.0/24 6.6.6.6 0 100 0 ?

R2router bgp 200address-family vpnv4neighbor 5.5.5.5 route-reflector-client

R2#

*Aug 20 17:04:09.435: %BGP-5-ADJCHANGE: neighbor 5.5.5.5 Down RR client configchange*Aug 20 17:04:09.435: %BGP_SESSION-5-ADJCHANGE: neighbor 5.5.5.5 VPNv4

Unicast topology base removed from session RR client config change

*Aug 20 17:04:10.011: %SYS-5-CONFIG_I: Configured from console by console*Aug 20 17:04:10.371: %BGP-5-ADJCHANGE: neighbor 5.5.5.5 Up

But the routes from the other as is not reachable




Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 200:1 (default for vrf MSSK)*> 8.8.8.8/32 10.10.58.8 156160 32768 ?*>i 10.10.10.10/32 6.6.6.6 1 100 0 ?

*> 10.10.58.0/24 0.0.0.0 0 32768 ?*>i 10.10.106.0/24 6.6.6.6 0 100 0 ?

R5#sh run | sec vrf def


27/49

27

vrf definition MSSKrd 200:1!address-family ipv4route-target export 200:1

route-target import 200:1exit-address-family!

address-family ipv6route-target export 200:1route-target import 200:1

route-target import 100:1exit-address-family

R5vrf definition MSSKaddress-family ipv4route-target import 100:1

R5#sh run | sec vrf def*Aug 20 17:06:46.103: %SYS-5-CONFIG_I: Configured from console by consoleR5#show bgp vpnv4 unicast all

BGP table version is 13, local router ID is 5.5.5.5Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,


x best-external, a additional-path, c RIB-compressed,


Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:1

*>i 7.7.7.7/32 2.2.2.2 0 100 0 100 ?*>i 10.10.47.0/24 2.2.2.2 0 100 0 100 ?*>i 10.10.49.0/24 2.2.2.2 0 100 0 100 ?

Route Distinguisher: 200:1 (default for vrf MSSK)*>i 7.7.7.7/32 2.2.2.2 0 100 0 100 ?*> 8.8.8.8/32 10.10.58.8 156160 32768 ?*>i 10.10.10.10/32 6.6.6.6 1 100 0 ?

*>i 10.10.47.0/24 2.2.2.2 0 100 0 100 ?*>i 10.10.49.0/24 2.2.2.2 0 100 0 100 ?

*> 10.10.58.0/24 0.0.0.0 0 32768 ?*>i 10.10.106.0/24 6.6.6.6 0 100 0 ?


28/49

28

Let us check connectivity within an AS

R7#ping 9.9.9.9 source lo0Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:Packet sent with a source address of 7.7.7.7!!!!!


R8#sh ip route eigrp


E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISP+ - replicated route, % - next hop override


R8#sh ip eigrp neighborsEIGRP-IPv4 Neighbors for AS(58)H Address Interface Hold Uptime SRTT RTO Q Seq

(sec) (ms) Cnt Num

0 10.10.58.5 Fa1/0.58 12 1w2d 244 1464 0 37

R8 is not installing any route even though the relation is up, so it should be related toredistribution process on R5 (as R5 is teaching R8 via redistribution from BGP)

R5#sh run | sec router eigrprouter eigrp 58

address-family ipv4 vrf MSSK autonomous-system 58redistribute bgp 200network 10.10.58.5 0.0.0.0exit-address-family

We can see the metric value is not deteremined

R5router eigrp 58

address-family ipv4 vrf MSSK autonomous-system 58redistribute bgp 200 metric 1000 1000 255 1 1500

Or we can use the below command


29/49

29

R5router eigrp 58default-metric 1000 1000 255 1 1500

R8#sh ip route eigrp


E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static route



7.0.0.0/32 is subnetted, 1 subnetsD EX 7.7.7.7 [170/2818560] via 10.10.58.5, 00:00:20, FastEthernet1/0.58

10.0.0.0/8 is variably subnetted, 6 subnets, 2 masksD EX 10.10.10.10/32

[170/2818560] via 10.10.58.5, 00:00:20, FastEthernet1/0.58D EX 10.10.47.0/24

[170/2818560] via 10.10.58.5, 00:00:20, FastEthernet1/0.58D EX 10.10.49.0/24

[170/2818560] via 10.10.58.5, 00:00:20, FastEthernet1/0.58

D EX 10.10.106.0/24

[170/2818560] via 10.10.58.5, 00:00:20, FastEthernet1/0.58

R10#ping 8.8.8.8 source lo0Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:


Let us now check all customers’ connectivity

R7#tclsh

R7(tcl)#foreach x {+>(tcl)#7.7.7.7

+>(tcl)#8.8.8.8+>(tcl)#9.9.9.9+>(tcl)#10.10.10.10

+>(tcl)#} { ping $x source lo0 }Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:

Packet sent with a source address of 7.7.7.7


30/49

30

!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 msType escape sequence to abort.Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:Packet sent with a source address of 7.7.7.7

!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 76/117/168 msType escape sequence to abort.


Success rate is 100 percent (5/5), round-trip min/avg/max = 12/31/40 msType escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:


R9#tclshR9(tcl)#foreach x {+>(tcl)#7.7.7.7+>(tcl)#8.8.8.8

+>(tcl)#9.9.9.9+>(tcl)#10.10.10.10+>(tcl)#} { ping $x source lo0 }


Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:Packet sent with a source address of 9.9.9.9


Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:Packet sent with a source address of 9.9.9.9.....Success rate is 0 percent (0/5)Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:Packet sent with a source address of 9.9.9.9


Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:Packet sent with a source address of 9.9.9.9

.....Success rate is 0 percent (0/5)

So R9 is having issues with destinations outside its own AS, let us check its PE router


31/49

31

router bgp 100bgp log-neighbor-changesno bgp default ipv4-unicastneighbor 1.1.1.1 remote-as 100

neighbor 1.1.1.1 update-source Loopback0!address-family ipv4

exit-address-family!address-family vpnv4

neighbor 1.1.1.1 activateneighbor 1.1.1.1 send-community bothexit-address-family

!address-family vpnv6neighbor 1.1.1.1 activateneighbor 1.1.1.1 send-community bothexit-address-family!address-family ipv4 vrf MSSKredistribute rip

exit-address-family!address-family ipv6 vrf MSSK

neighbor 2001:10:47::7 remote-as 300

neighbor 2001:10:47::7 activateneighbor 2001:10:47::7 as-override

exit-address-family

R4 BGP is not redistributing EIGRP





Route Distinguisher: 100:1*>i 7.7.7.7/32 4.4.4.4 1 100 0 ?*>i 10.10.47.0/24 4.4.4.4 0 100 0 ?

*>i 10.10.49.0/24 4.4.4.4 0 100 0 ?Route Distinguisher: 200:1*> 8.8.8.8/32 192.168.12.2 0 200 ?

*> 10.10.10.10/32 192.168.12.2 0 200 ?


32/49

32

*> 10.10.58.0/24 192.168.12.2 0 200 ?*> 10.10.106.0/24 192.168.12.2 0 200 ?

As we can see 9.9.9.9 is missing

R4router bgp 100address-family ipv4 vrf MSSK

redistribute eigrp 49





Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:1*>i 7.7.7.7/32 4.4.4.4 1 100 0 ?*>i 9.9.9.9/32 4.4.4.4 156160 100 0 ?

*>i 10.10.47.0/24 4.4.4.4 0 100 0 ?*>i 10.10.49.0/24 4.4.4.4 0 100 0 ?

Route Distinguisher: 200:1

*> 8.8.8.8/32 192.168.12.2 0 200 ?

*> 10.10.10.10/32 192.168.12.2 0 200 ?*> 10.10.58.0/24 192.168.12.2 0 200 ?

*> 10.10.106.0/24 192.168.12.2 0 200 ?

R7#tclsh

R7(tcl)#foreach x {+>(tcl)#7.7.7.7+>(tcl)#8.8.8.8+>(tcl)#9.9.9.9+>(tcl)#10.10.10.10+>(tcl)#} { ping $x source lo0 }Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:Packet sent with a source address of 7.7.7.7





33/49

33

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:Packet sent with a source address of 7.7.7.7!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 16/36/56 ms



R8(tcl)#foreach x {+>(tcl)#7.7.7.7+>(tcl)#8.8.8.8

+>(tcl)#9.9.9.9+>(tcl)#10.10.10.10+>(tcl)#} { ping $x source lo0 }Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:Packet sent with a source address of 8.8.8.8!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 56/95/204 ms


!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 msType escape sequence to abort.


Success rate is 100 percent (5/5), round-trip min/avg/max = 44/74/116 msType escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:Packet sent with a source address of 8.8.8.8!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 4/40/60 ms

R9#tclshR9(tcl)#foreach x {

+>(tcl)#7.7.7.7+>(tcl)#8.8.8.8+>(tcl)#9.9.9.9

+>(tcl)#10.10.10.10+>(tcl)#} { ping $x source lo0 }Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:


34/49

34

Packet sent with a source address of 9.9.9.9!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 24/36/48 msType escape sequence to abort.Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:




Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:Packet sent with a source address of 9.9.9.9!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 72/85/112 ms

R10#tclshR10(tcl)#foreach x {+>7.7.7.7

+>8.8.8.8+>9.9.9.9+>10.10.10.10

+>} { ping $x source lo0 }

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:


Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:Packet sent with a source address of 10.10.10.10!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 24/40/52 msType escape sequence to abort.Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:

Packet sent with a source address of 10.10.10.10!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 76/92/128 msType escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:



35/49

35

Now, let us move to the IPv6 customer’s route exchange

R4#show bgp vpnv6 unicast all summaryBGP router identifier 4.4.4.4, local AS number 100BGP table version is 18, main routing table version 18

3 network entries using 540 bytes of memory3 path entries using 324 bytes of memory3/2 BGP path/bestpath attribute entries using 432 bytes of memory

3 BGP AS-PATH entries using 72 bytes of memory7 BGP extended community entries using 918 bytes of memory0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memoryBGP using 2286 total bytes of memoryBGP activity 76/61 prefixes, 152/137 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/DownState/PfxRcd1.1.1.1 4 100 6065 6056 18 0 0 3d19h 12001:10:47::7 4 300 15348 15348 18 0 0 1w2d 1

R4#show bgp vpnv6 unicast allBGP table version is 18, local router ID is 4.4.4.4

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:1 (default for vrf MSSK)*> 2001::7/128 2001:10:47::7 0 0 300 i

*>i 2001::8/128 ::FFFF:1.1.1.1 0 100 0 200 300 iRoute Distinguisher: 200:1*>i 2001::8/128 ::FFFF:1.1.1.1 0 100 0 200 300 i

R4#ping vrf MSSK 2001::7Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 2001::7, timeout is 2 seconds:


R5#sh bgp vpnv6 unicast all summaryBGP router identifier 5.5.5.5, local AS number 200

BGP table version is 10, main routing table version 103 network entries using 540 bytes of memory3 path entries using 324 bytes of memory

3/1 BGP path/bestpath attribute entries using 432 bytes of memory


36/49

36

1 BGP rrinfo entries using 24 bytes of memory3 BGP AS-PATH entries using 72 bytes of memory7 BGP extended community entries using 918 bytes of memory0 BGP route-map cache entries using 0 bytes of memory0 BGP filter-list cache entries using 0 bytes of memory

BGP using 2310 total bytes of memoryBGP activity 63/48 prefixes, 117/102 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/DownState/PfxRcd3.3.3.3 4 200 6026 6036 10 0 0 3d19h 1

2001:10:58::8 4 300 15363 15357 10 0 0 1w2d 1

R5#sh bgp vpnv6 unicast all

BGP table version is 10, local router ID is 5.5.5.5Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,x best-external, a additional-path, c RIB-compressed,



Route Distinguisher: 100:1* i 2001::7/128 ::FFFF:192.168.13.1

0 100 0 100 300 i


* i 2001::7/128 ::FFFF:192.168.13.10 100 0 100 300 i

*> 2001::8/128 2001:10:58::8 0 0 300 i

R5#ping vrf MSSK 2001::8

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 2001::8, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 8/56/120 ms

From the output above we can tell there is a problem (because routes are not installedas best in BGP VPNv6 routing table)

The next-hop value is not recognized inside AS 200

R3#sh run | sec router bgprouter bgp 200

bgp log-neighbor-changesno bgp default ipv4-unicastneighbor 2.2.2.2 remote-as 200

neighbor 2.2.2.2 update-source Loopback0


37/49

37

neighbor 5.5.5.5 remote-as 200neighbor 5.5.5.5 update-source Loopback0neighbor 6.6.6.6 remote-as 200neighbor 6.6.6.6 update-source Loopback0neighbor 192.168.13.1 remote-as 100

!address-family ipv4exit-address-family

!address-family vpnv4neighbor 2.2.2.2 activate


address-family vpnv6neighbor 2.2.2.2 activateneighbor 2.2.2.2 send-community bothneighbor 2.2.2.2 route-reflector-clientneighbor 2.2.2.2 next-hop-selfneighbor 5.5.5.5 activateneighbor 5.5.5.5 send-community bothneighbor 5.5.5.5 route-reflector-client

neighbor 6.6.6.6 activateneighbor 6.6.6.6 send-community bothneighbor 6.6.6.6 route-reflector-client


neighbor 192.168.13.1 activateneighbor 192.168.13.1 send-community both

exit-address-family

R3router bgp 200address-family vpnv6neighbor 5.5.5.5 next-hop-self

R5#sh bgp vpnv6 unicast allBGP table version is 12, local router ID is 5.5.5.5Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,



Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:1*>i 2001::7/128 ::FFFF:3.3.3.3 0 100 0 100 300 i



38/49

38

*>i 2001::7/128 ::FFFF:3.3.3.3 0 100 0 100 300 i*> 2001::8/128 2001:10:58::8 0 0 300 i

R7#show bgp ipv6 unicastBGP table version is 9, local router ID is 7.7.7.7



Network Next Hop Metric LocPrf Weight Path*> 2001::7/128 :: 0 32768 i*> 2001::8/128 2001:10:47::4 0 100 200 100 i

R8#ping 2001::7 source lo0Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 2001::7, timeout is 2 seconds:Packet sent with a source address of 2001::8!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 64/111/180 ms

Moving now to the carrier support carrier setup between R8 and R10, this aims tomaintain connectivity between R8 lo1 and R10 lo1 interfaces

R8#show bgp vpnv4 unicast all summary

BGP router identifier 8.8.8.8, local AS number 300BGP table version is 11, main routing table version 11

1 network entries using 156 bytes of memory1 path entries using 80 bytes of memory1/1 BGP path/bestpath attribute entries using 144 bytes of memory

1 BGP AS-PATH entries using 24 bytes of memory1 BGP extended community entries using 24 bytes of memory0 BGP route-map cache entries using 0 bytes of memory0 BGP filter-list cache entries using 0 bytes of memoryBGP using 428 total bytes of memoryBGP activity 5/2 prefixes, 6/3 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/DownState/PfxRcd

10.10.10.10 4 300 42 42 11 0 0 00:33:45 0






39/49

39


Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 300:1 (default for vrf ABC)

*> 88.8.8.8/32 0.0.0.0 0 32768 i

We can see , we do not receive any routes

R10#show bgp vpnv4 unicast all summaryBGP router identifier 10.10.10.10, local AS number 300

BGP table version is 13, main routing table version 132 network entries using 312 bytes of memory2 path entries using 160 bytes of memory

2/2 BGP path/bestpath attribute entries using 288 bytes of memory1 BGP extended community entries using 24 bytes of memory0 BGP route-map cache entries using 0 bytes of memory0 BGP filter-list cache entries using 0 bytes of memoryBGP using 784 total bytes of memoryBGP activity 3/1 prefixes, 3/1 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down

State/PfxRcd8.8.8.8 4 300 42 42 13 0 0 00:34:13 1




Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 300:1 (default for vrf ABC)*>i 88.8.8.8/32 8.8.8.8 0 100 0 i*> 100.10.10.10/32 0.0.0.0 0 32768 i

So R8 is not accepting any routes, let us check the import value on R8

R8#sh run | sec vrf defvrf definition ABCrd 300:1

!address-family ipv4route-target export 300:1

exit-address-family


40/49

40

R8vrf definition ABCaddress-family ipv4route-target import 300:1

R8#show bgp vpnv4 unicast allBGP table version is 13, local router ID is 8.8.8.8



Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 300:1 (default for vrf ABC)*> 88.8.8.8/32 0.0.0.0 0 32768 i*>i 100.10.10.10/32 10.10.10.10 0 100 0 i

Let us check MPLS LDP neighborships

R8#show mpls ldp neighbor

Peer LDP Ident: 10.10.58.5:0; Local LDP Ident 8.8.8.8:0TCP connection: 10.10.58.5.65465 - 8.8.8.8.646State: Oper; Msgs sent/rcvd: 3229/3234; Downstream

Up time: 1d22h

LDP discovery sources:FastEthernet1/0.58, Src IP addr: 10.10.58.5

Addresses bound to peer LDP Ident:10.10.58.5

R10#show mpls interfacesInterface IP Tunnel BGP Static OperationalFastEthernet1/0 Yes (ldp) No No No Yes

So, from R6 side , MPLS IP is not enabled

R6#show mpls interfaces

Interface IP Tunnel BGP Static OperationalFastEthernet1/0 Yes (ldp) No No No Yes

FastEthernet1/1 Yes (ldp) No No No Yes

R6#show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route BridgeS - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,D - Remote, C - CVTA, M - Two-port Mac Relay


41/49

41

Device ID Local Intrfce Holdtme Capability Platform Port IDR10.lab.local Fas 2/0 131 R 7206VXR Fas 1/0R3.lab.local Fas 1/0 140 R 7206VXR Fas 2/0R5.lab.local Fas 1/1 174 R 7206VXR Fas 1/1

R6int f2/0mpls ip

R6#*Aug 21 09:05:19.683: %SYS-5-CONFIG_I: Configured from console by console

*Aug 21 09:05:19.743: %LDP-5-NBRCHG: LDP Neighbor (vrf MSSK) 10.10.10.10:0 (3)is UP

R8#ping vrf ABC 100.10.10.10 source lo1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 100.10.10.10, timeout is 2 seconds:Packet sent with a source address of 88.8.8.8!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 52/84/192 ms

R10#ping vrf ABC 88.8.8.8 source lo1


!!!!!


Finally, there is a layer 2 connection that should be established in order to achievereachability between R8 and R9

R8#sh run int FastEthernet1/0.158interface FastEthernet1/0.158encapsulation dot1Q 158ip address 172.16.89.8 255.255.255.0

R9#sh run int FastEthernet1/0.149interface FastEthernet1/0.149

encapsulation dot1Q 149ip address 172.16.89.9 255.255.255.0

So, there should be xconnect configuration in place

R4#show mpls l2transport summaryDestination address: 5.5.5.5, total number of vc: 1

0 unknown, 0 up, 1 down, 0 admin down, 0 recovering, 0 standby, 0 hotstandby


42/49

42


0 unknown, 0 up,1 down

, 0 admin down, 0 recovering, 0 standby, 0 hotstandby

As we are dealing with Inter-AS xconnect, we should have tags for remote destinations

inside each AS which means a redistribution process took place

R1#sh ip bgp




Network Next Hop Metric LocPrf Weight Path*> 1.1.1.1/32 0.0.0.0 0 32768 i*> 2.2.2.2/32 192.168.12.2 0 0 200 i*> 4.4.4.4/32 192.168.14.4 2 32768 i*> 5.5.5.5/32 192.168.12.2 2 0 200 i

R2#sh ip bgp





Network Next Hop Metric LocPrf Weight Path*> 1.1.1.1/32 192.168.12.1 0 0 100 i

*> 2.2.2.2/32 0.0.0.0 0 32768 i*> 4.4.4.4/32 192.168.12.1 2 0 100 i*> 5.5.5.5/32 192.168.25.5 2 32768 i

R4#show mpls forwarding-tableLocal Outgoing Prefix Bytes Label Outgoing Next HopLabel Label or Tunnel Id Switched interface

16 No Label 7.7.7.7/32[V] 5130 Fa1/1 10.10.47.717 18 2.2.2.2/32 0 Fa1/0 192.168.14.1

19 No Label 10.10.49.0/24[V] 0 aggregate/MSSK20 No Label 9.9.9.9/32[V] 2360 Fa2/0.49 10.10.49.921 No Label 10.10.47.0/24[V] 0 aggregate/MSSK

22 No Label l2ckt() 0 drop23 Pop Label 192.168.13.0/24 0 Fa1/0 192.168.14.124 Pop Label 1.1.1.1/32 0 Fa1/0 192.168.14.1

25 No Label 2001::7/128[V] 8436 Fa1/1 FE80::C806:7FF:FE31:1C


43/49

43

5.5.5.5 is not in the table

R5#show mpls forwarding-tableLocal Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface16 Pop Label 192.168.23.0/24 0 Fa1/0 192.168.25.2

Pop Label 192.168.23.0/24 0 Fa2/0 192.168.35.3

17 19 10.10.49.0/24[V] 0 Fa1/0 192.168.25.218 Pop Label 6.6.6.6/32 405241 Fa1/1 192.168.56.620 28 9.9.9.9/32[V] 1180 Fa1/0 192.168.25.2

21 Pop Label 8.8.8.8/32[V] 972592 Fa2/1.58 10.10.58.823 No Label l2ckt() 0 drop24 25 4.4.4.4/32 0 Fa1/0 192.168.25.2

25 Pop Label 3.3.3.3/32 0 Fa2/0 192.168.35.326 No Label 2001::8/128[V] 5192 Fa2/1.58 FE80::C807:7FF:FE31:1C27 23 10.10.106.0/24[V] \

0 Fa1/1 192.168.56.628 Pop Label 192.168.36.0/24 0 Fa2/0 192.168.35.3

Pop Label 192.168.36.0/24 0 Fa1/1 192.168.56.629 35 7.7.7.7/32[V] 2950 Fa1/0 192.168.25.230 29 10.10.10.10/32[V] \

11895 Fa1/1 192.168.56.631 Pop Label 10.10.58.0/24[V] 0 aggregate/MSSK32 18 10.10.47.0/24[V] 0 Fa1/0 192.168.25.2

33 Pop Label 2.2.2.2/32 1180 Fa1/0 192.168.25.2

R4#sh ip route ospf


E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISP+ - replicated route, % - next hop override



O 1.1.1.1 [110/2] via 192.168.14.1, 3d19h, FastEthernet1/02.0.0.0/32 is subnetted, 1 subnets

O E2 2.2.2.2 [110/1] via 192.168.14.1, 3d19h, FastEthernet1/0

O 192.168.13.0/24 [110/2] via 192.168.14.1, 3d19h, FastEthernet1/0

R5#sh ip route ospf

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP


44/49

44






O 3.3.3.3 [110/2] via 192.168.35.3, 1d23h, FastEthernet2/0

4.0.0.0/32 is subnetted, 1 subnetsO E2 4.4.4.4 [110/1] via 192.168.25.2, 3d19h, FastEthernet1/06.0.0.0/32 is subnetted, 1 subnets

O 6.6.6.6 [110/2] via 192.168.56.6, 1d23h, FastEthernet1/1O 192.168.23.0/24 [110/2] via 192.168.35.3, 1d23h, FastEthernet2/0

[110/2] via 192.168.25.2, 3d19h, FastEthernet1/0O 192.168.36.0/24 [110/2] via 192.168.56.6, 1d23h, FastEthernet1/1

[110/2] via 192.168.35.3, 1d23h, FastEthernet2/0

Let us check the redistribution process freom BGP into OSPF

R1#sh run | sec router ospf

router ospf 1router-id 1.1.1.1

redistribute bgp 100 subnets route-map MAPnetwork 1.1.1.1 0.0.0.0 area 0network 192.168.13.1 0.0.0.0 area 0

network 192.168.14.1 0.0.0.0 area 0

R1#sh run | sec route-maproute-map MAP permit 10match ip address prefix-list LIST

R1#sh run | sec ip prefix

ip prefix-list LIST seq 5 permit 2.2.2.2/32ip prefix-list LIST seq 10 permit 5.5.5.0/24

So, we can see sequence 10 is configured for a wrong subnet mask

R1no ip prefix-list LIST seq 10 permit 5.5.5.0/24ip prefix-list LIST seq 10 permit 5.5.5.5/32


45/49

45

R2#sh run | sec router ospfrouter ospf 1router-id 2.2.2.2redistribute bgp 200 subnets route-map MAPnetwork 2.2.2.2 0.0.0.0 area 0

network 192.168.23.2 0.0.0.0 area 0network 192.168.25.2 0.0.0.0 area 0

R2#sh run | sec route-maproute-map MAP permit 10match ip address prefix-list LIST

R2#sh run | sec ip prefixip prefix-list LIST seq 5 deny 1.1.1.1/32

ip prefix-list LIST seq 10 permit 4.4.4.4/32

There is a deny action here

R2no ip prefix-list LIST seq 5 deny 1.1.1.1/32ip prefix-list LIST seq 5 permit 1.1.1.1/32

R4#*Aug 21 09:16:29.447: %LDP-5-NBRCHG: LDP Neighbor 5.5.5.5:0 (2) is UP

R4#sh ip route ospf

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISP+ - replicated route, % - next hop override




O E2 2.2.2.2 [110/1] via 192.168.14.1, 3d19h, FastEthernet1/05.0.0.0/32 is subnetted, 1 subnets

O E2 5.5.5.5 [110/1] via 192.168.14.1, 00:00:49, FastEthernet1/0

O 192.168.13.0/24 [110/2] via 192.168.14.1, 3d19h, FastEthernet1/0

R4#sh mpls forwarding-table

Local Outgoing Prefix Bytes Label Outgoing Next Hop


46/49

46

Label Label or Tunnel Id Switched interface16 No Label 7.7.7.7/32[V] 5130 Fa1/1 10.10.47.717 18 2.2.2.2/32 0 Fa1/0 192.168.14.118 26 5.5.5.5/32 0 Fa1/0 192.168.14.119 No Label 10.10.49.0/24[V] 0 aggregate/MSSK

20 No Label 9.9.9.9/32[V] 2360 Fa2/0.49 10.10.49.921 No Label 10.10.47.0/24[V] 0 aggregate/MSSK22 No Label l2ckt() 0 drop

23 Pop Label 192.168.13.0/24 0 Fa1/0 192.168.14.124 Pop Label 1.1.1.1/32 0 Fa1/0 192.168.14.125 No Label 2001::7/128[V] 8436 Fa1/1 FE80::C806:7FF:FE31:1C

R5#*Aug 21 09:16:30.287: %LDP-5-NBRCHG: LDP Neighbor 4.4.4.4:0 (5) is UP

R5#show ip route ospfCodes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP





O E2 1.1.1.1 [110/1] via 192.168.25.2, 00:00:43, FastEthernet1/02.0.0.0/32 is subnetted, 1 subnets

O 2.2.2.2 [110/2] via 192.168.25.2, 3d19h, FastEthernet1/0

3.0.0.0/32 is subnetted, 1 subnetsO 3.3.3.3 [110/2] via 192.168.35.3, 1d23h, FastEthernet2/0

4.0.0.0/32 is subnetted, 1 subnetsO E2 4.4.4.4 [110/1] via 192.168.25.2, 3d19h, FastEthernet1/0

6.0.0.0/32 is subnetted, 1 subnetsO 6.6.6.6 [110/2] via 192.168.56.6, 1d23h, FastEthernet1/1O 192.168.23.0/24 [110/2] via 192.168.35.3, 1d23h, FastEthernet2/0

[110/2] via 192.168.25.2, 3d19h, FastEthernet1/0O 192.168.36.0/24 [110/2] via 192.168.56.6, 1d23h, FastEthernet1/1

[110/2] via 192.168.35.3, 1d23h, FastEthernet2/0

R5#sh mpls forwarding-table

Local Outgoing Prefix Bytes Label Outgoing Next HopLabel Label or Tunnel Id Switched interface16 Pop Label 192.168.23.0/24 0 Fa1/0 192.168.25.2

Pop Label 192.168.23.0/24 0 Fa2/0 192.168.35.3


47/49

47

17 19 10.10.49.0/24[V] 0 Fa1/0 192.168.25.218 Pop Label 6.6.6.6/32 405911 Fa1/1 192.168.56.619 31 1.1.1.1/32 0 Fa1/0 192.168.25.220 28 9.9.9.9/32[V] 1180 Fa1/0 192.168.25.221 Pop Label 8.8.8.8/32[V] 973132 Fa2/1.58 10.10.58.8

23 No Label l2ckt(1) 0 Fa2/1.158 point2point24 25 4.4.4.4/32 0 Fa1/0 192.168.25.225 Pop Label 3.3.3.3/32 0 Fa2/0 192.168.35.3

26 No Label 2001::8/128[V] 5192 Fa2/1.58 FE80::C807:7FF:FE31:1C27 23 10.10.106.0/24[V] \

0 Fa1/1 192.168.56.6

28 Pop Label 192.168.36.0/24 0 Fa2/0 192.168.35.3Pop Label 192.168.36.0/24 0 Fa1/1 192.168.56.6

29 35 7.7.7.7/32[V] 2950 Fa1/0 192.168.25.2

30 29 10.10.10.10/32[V] \12443 Fa1/1 192.168.56.631 Pop Label 10.10.58.0/24[V] 0 aggregate/MSSK32 18 10.10.47.0/24[V] 0 Fa1/0 192.168.25.233 Pop Label 2.2.2.2/32 1180 Fa1/0 192.168.25.2

Before, we check the xconnect status, R1 should send label to R2 and vice versa

R1#sh run | sec router bgprouter bgp 100bgp log-neighbor-changes

no bgp default ipv4-unicast

no bgp default route-target filterneighbor 4.4.4.4 remote-as 100

neighbor 4.4.4.4 update-source Loopback0neighbor 192.168.12.2 remote-as 200neighbor 192.168.13.3 remote-as 200

!address-family ipv4network 1.1.1.1 mask 255.255.255.255network 4.4.4.4 mask 255.255.255.255neighbor 192.168.12.2 activateexit-address-family!

address-family vpnv4neighbor 4.4.4.4 activate

neighbor 4.4.4.4 send-community bothneighbor 4.4.4.4 next-hop-selfneighbor 192.168.12.2 activate


address-family vpnv6


48/49

48

neighbor 4.4.4.4 activateneighbor 4.4.4.4 send-community bothneighbor 4.4.4.4 next-hop-selfneighbor 192.168.13.3 activateneighbor 192.168.13.3 send-community both

exit-address-family

R1

router bgp 100address-family ipv4neighbor 192.168.12.2 send-label

R1#*Aug 21 09:18:59.383: %BGP-5-ADJCHANGE: neighbor 192.168.12.2 Down Capability

changed*Aug 21 09:18:59.383: %BGP_SESSION-5-ADJCHANGE: neighbor 192.168.12.2 VPNv4Unicast topology base removed from session Capability changed*Aug 21 09:18:59.383: %BGP_SESSION-5-ADJCHANGE: neighbor 192.168.12.2 IPv4Unicast topology base removed from session Capability changed*Aug 21 09:18:59.759: %SYS-5-CONFIG_I: Configured from console by console*Aug 21 09:18:59.947: %BGP-5-ADJCHANGE: neighbor 192.168.12.2 Up

R2#sh run | sec router bgprouter bgp 200bgp log-neighbor-changes

no bgp default ipv4-unicast

no bgp default route-target filterneighbor 3.3.3.3 remote-as 200

neighbor 3.3.3.3 update-source Loopback0neighbor 5.5.5.5 remote-as 200neighbor 5.5.5.5 update-source Loopback0

neighbor 6.6.6.6 remote-as 200neighbor 6.6.6.6 update-source Loopback0neighbor 192.168.12.1 remote-as 100!address-family ipv4network 2.2.2.2 mask 255.255.255.255network 5.5.5.5 mask 255.255.255.255

neighbor 192.168.12.1 activateneighbor 192.168.12.1 send-label

exit-address-family!address-family vpnv4

neighbor 3.3.3.3 activateneighbor 3.3.3.3 send-community bothneighbor 3.3.3.3 route-reflector-client



49/49

neighbor 5.5.5.5 activateneighbor 5.5.5.5 send-community bothneighbor 5.5.5.5 route-reflector-clientneighbor 5.5.5.5 next-hop-selfneighbor 6.6.6.6 activate

neighbor 6.6.6.6 send-community bothneighbor 6.6.6.6 route-reflector-clientneighbor 6.6.6.6 next-hop-self

neighbor 192.168.12.1 activateneighbor 192.168.12.1 send-community bothexit-address-family

!address-family vpnv6neighbor 3.3.3.3 activate

neighbor 3.3.3.3 send-community bothexit-address-family


0 unknown, 1 up, 0 down, 0 admin down, 0 recovering, 0 standby, 0 hotstandby1 active vc on MPLS interface Fa1/0


0 unknown, 1 up, 0 down, 0 admin down, 0 recovering, 0 standby, 0 hotstandby

1 active vc on MPLS interface Fa1/0

R8#ping 172.16.89.9

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.89.9, timeout is 2 seconds:.!!!!


R9#ping 172.16.89.8Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.89.8, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 56/71/80 ms

R8#traceroute 172.16.89.9

Type escape sequence to abort.Tracing the route to 172.16.89.9VRF info: (vrf in name/id, vrf out name/id)

1 172.16.89.9 40 msec * 68 msec

mpls lab solutions

Documents