Understanding MPLS OAM capabilities to troubleshoot MPLS ...
Mpls Presentation Ine
46
Mpls basics Alp
description
ine mpls basic
Transcript of Mpls Presentation Ine
Mpls basics
Alp
14.1 VRF Lite
VPN_A rd 100:1VPN_B rd 100:2
VPN_A routing tableLo101 172.16.7.7/24Vlan 67 155.1.67.0/24
VPN_B routing tableLo101 192.168.7.7/24Vlan 67 155.1.76.0/24
vl67
vl76
14.1 VRF Lite• AtR6interface Ethernet1/0.67 encapsulation dot1Q 67
ip vrf forwarding VNP_A ip address 155.1.67.6 255.255.255.0
interface Ethernet1/0.76 encapsulation dot1Q 76
ip vrf forwarding VNP_B ip address 155.1.76.6 255.255.255.0
ip route vrf VNP_A 192.168.7.0 255.255.255.0 Ethernet1/0.76 155.1.76.7
ip route vrf VNP_B 172.16.7.0 255.255.255.0 Ethernet1/0.67 155.1.67.7
ip vrf VNP_A rd 100:1ip vrf VNP_B
rd 100:2
• At SW1ip vrf VPN_A
rd 100:1ip vrf VPN_B
rd 100:2interface Loopback101 ip vrf forwarding VPN_A
ip address 172.16.7.7 255.255.255.0interface Loopback102 ip vrf forwarding VPN_B
ip address 192.168.7.7 255.255.255.0interface Ethernet1/0.67 encapsulation dot1Q 67
ip vrf forwarding VPN_A ip address 155.1.67.7 255.255.255.0
interface Ethernet1/0.76 encapsulation dot1Q 76 ip vrf forwarding VPN_B ip address 155.1.76.7 255.255.255.0
ip route vrf VPN_A 0.0.0.0 0.0.0.0 155.1.67.6ip route vrf VPN_B 0.0.0.0 0.0.0.0 155.1.76.6
14.2 MPLS LDP• At R4
mpls ipmpls ldp router-id lo0 force
int e0/1mpls ldp discovery transport-address interface
router ospf 1mpls ldp autoconf
mpls ldp password requiredmpls ldp neighbor 150.1.5.5 password CISCOmpls ldp neighbor 150.1.6.6 password CISCO
• At R6mpls ipmpls ldp router-id lo0 forceint e0/0.146mpls ldp discovery transport-address interfacempls ip mpls ldp password required mpls ldp neighbor 150.1.4.4 password CISCO
• At R5mpls ipmpls ldp router-id lo0 forceint s2/1mpls ipint s2/0mpls ipmpls ldp password requiredmpls ldp neighbor 150.1.4.4 password CISCO
14.3 MPLS Label Filtering
• At R4, R5, R6
access-list 10 permit 150.1.0.0 0.0.255.255no mpls ldp advertise-labelsmpls ldp advertise-labels for 10
14.4 MP-BGP VPNv4
R5
R4
R6
RR
Vlan5Vl58
Vpn_aVpn_b
vl67vl76Vpn_b
Vpn_a
R5Vrf VPN_A bgp table155.1.58.0/24 155.1.67.0/24 Bgp vpnv4
R5Vrf VPN_B bgp table155.1.5.0/24 155.1.76.0/24
Redistribute connected Static into bgp
Redistribute connected Static into bgp
14.4 MP-BGP VPNv4• At R4
router bgp 100
no bgp default ipv4-unicastneighbor 150.1.5.5 remote-as 100neighbor 150.1.5.5 update-source lo0neighbor 150.1.6.6 remote-as 100neighbor 150.1.6.6 update-source lo0
address-family vpnv4 unicastneighbor 150.1.5.5 activateneighbor 150.1.6.6 activateneighbor 150.1.5.5 send-community extendedneighbor 150.1.6.6 send-community extendedneighbor 150.1.5.5 route-reflector-clientneighbor 150.1.6.6 route-reflector-client
• At R5ip vrf VPN_Ard 100:1 route-target both 100:1ip vrf VPN_B rd 100:2 route-target both 100:2
int e0/0ip vrf forwarding VPN_Aip add 155.1.58.5 255.255.255.0int e0/1ip vrf forwarding VPN_Bip address 155.1.5.5 255.255.255.0
• At R6ip vrf VNP_Ard 100:1route-target both 100:1ip vrf VNP_Brd 100:2route-target both 100:2
• At R5 & R6router bgp 100no bgp default ipv4neighbor 150.1.4.4 remote-as 100neighbor 150.1.4.4 update-source lo0
address-family vpnv4 unicastneighbor 150.1.4.4 activateneighbor 150.1.4.4 send-community extended // RT valuesunu bununla taşırız.
address-family ipv4 vrf VPN_Aredistribute connectedredistribute static
address-family ipv4 vrf VPN_Bredistribute connectedredistribute static
14.5 MP-BGP Prefix Filtering
R5
R4
R6
RR
Vlan5Vl58
Vpn_aVpn_b
vl67vl76
Vpn_b
Vpn_a
Bgp vpnv4
Lo1 172.16.5.5/24
Lo1 192.16.6.6/24
14.5 MP-BGP Prefix Filtering• At R5
int lo 101ip vrf forvarding VPN_Aip address 172.16.5.5 255.255.255.0
ip prefix-list LO101 permit 172.16.5.0/24
route-map VPN-A_EXPORT permit 10match ip address prefix-list LO101set extcommunity rt 100:55
route-map VPN-A_EXPORT permit 20set extcommunity rt 100:1
ip vrf VPN_Aexport map VPN-A_EXPORTroute-target import 100:66
• At R6int lo102ip vrf forwarding VNP_Bip address 192.168.6.6 255.255.255.0
ip prefix-list LO202 permit 192.168.6.0/24
route-map VNP-B-EXPORT permit 10match ip address prefix-list LO102set extcommunity rt 100:66route-map VNP-B-EXPORT permit 20set extcommunity rt 100:2
ip vrf VNP_Bexport map VNP-B-EXPORTroute-target import 100:55
14.6 PE – CE Routing with RIP
R5
R4
R6
RR
Vlan5Vl58
Vpn_aVpn_b
vl76
Vpn_b
Bgp vpnv4
Lo1 172.16.5.5/24
Lo1 192.16.6.6/24
RIP vrf vpn_b
vlan43
Vpn_b
RIP vrf vpn_b
Bgp to ripRip to bgp redistribution
Rip to bgpredistribution
204.12.1.0/24
14.6 PE – CE Routing with RIP• At R4ip vrf VPN_B
rd 100:2 route-target export 100:2 route-target import 100:2
router rip version 2 no auto-summary address-family ipv4 vrf VPN_B redistribute bgp 100 metric transparent ///// metriğin korunmasını sağlıyor network 204.12.1.0 no auto-summary exit-address-family
router bgp 100 no bgp default ipv4-unicast
address-family vpnv4 neighbor 150.1.5.5 activate neighbor 150.1.5.5 send-community extended neighbor 150.1.5.5 route-reflector-client
neighbor 150.1.6.6 activate neighbor 150.1.6.6 send-community extended
neighbor 150.1.6.6 route-reflector-client exit-address-family address-family ipv4 vrf VPN_B redistribute rip
• At R6router rip
ver 2no auto-sumaddress-family ipv4 vrf VNP_B
redistribute bgp 100 metric transparent //metriğin korunmasını sağlıyornetwork 155.1.0.0
no ip route vrf VNP_B 172.16.7.0 255.255.255.0 e1/0.67 155.1.67.7
• At SW1no ip route vrf VNP_A 0.0.0.0 0.0.0.0 155.1.76.6router rip
ver 2no auto-sumaddress-family ipv4 vrf VPN_Bnetwork 155.1.0.0 network 192.168.7.0
14.7 PE- CE Routing with OSPF
R5
R4
R6
RR
Vl58
Vpn_a
vl67Vpn_a
Bgp vpnv4
Lo1 172.16.5.5/24
Ospf area1
Ospf area 1
SW2
Lo 172.16.8.8/24
Redistribute bgp into vrf VPN_A ospf
Redistribute vrf VNP_A ospf into vrf VPN_A bgp
Redistribute bgp into vrf VPN_A ospf
Redistribute vrf VNP_A ospf into vrf VPN_A bgp SW1
Lo 172.16.7.7
Vrf VPN_A
14.7 PE- CE Routing with OSPF• MP-BGP’nin olduğu cloud’a super area 0 (super
backbone) denir.• OSPF iki yeni attribute’e sahip
1- domain-id : farklı vpn’lerdeki ospf process’leri ayırt etmeye yarar.
2- OSPF route-type: 3 bileşen içerir: source-area, route-type (lsa type) ve option (E1 – E2[external])metric değeri biz değiştirmediğimiz sürece aynı şekilde taşınır.
• At R5router ospf 100 vrf VPN_A
domain-id 0.0.0.5log-adjacency-changesredistribute bgp 100 subnetsnetwork 0.0.0.0 255.255.255.255 area 1
router bgp 100address-family ipv4 vrf VPN_Aredistribute ospf 100 vrf VPN_A
• At R6router ospf 100 vrf VNP_A
domain-id 0.0.0.6log-adjacency-changesredistribute bgp 100 subnetsnetwork 0.0.0.0 255.255.255.255 area 1summary-address 172.16.0.0 255.255.0.0
router bgp 100address-family ipv4 vrf VNP_Aredistribute ospf 100 vrf VNP_A
• SW1no ip route vrf VPN_A 0.0.0.0 0.0.0.0 155.14.76.6router ospf 1 vrf VPN_A
netw 0.0.0.0 255.255.255.255 area 1• SW2
ip routing router ospf 1
network 0.0.0.0 255.255.255.255 area 1int lo100
ip add 172.16.8.8 255.255.255.0
14.8 OSPF Sham-link
R5
R4
R6
RR
Vl58
Vpn_a
vl67Vpn_a
Bgp vpnv4
Lo1 172.16.5.5/24
Ospf area1
Ospf area 1
SW2
Lo 172.16.8.8/24
Redistribute bgp into vrf VPN_A ospf
Redistribute vrf VNP_A ospf into vrf VPN_A bgp
Redistribute bgp into vrf VPN_A ospf
Redistribute vrf VNP_A ospf into vrf VPN_A bgp SW1
Lo 172.16.7.7Backdoor link
Sham-link
lo100
lo100
Vrf A
14.8 OSPF Sham-link• At R5
router ospf 100 vrf VPN_Ano domain-id 0.0.0.5area 1 sham-link 150.1.55.55 150.1.66.66 cost 1no network 0.0.0.0 255.255.255.255 area 1network 155.1.58.5 0.0.0.0 area 1
int lo 200ip vrf forwarding VPN_Aip address 150.1.55.55 255.255.255.255
router bgp 100address-family ipv4 vrf VPN_A
network 150.1.55.55 mask 255.255.255.255
• At R6router ospf 100 vrf VNP_A
no domain-id 0.0.0.5area 1 sham-link 150.1.66.66 150.1.55.55 cost 1no network 0.0.0.0 255.255.255.255 area 1network 155.1.67.6 0.0.0.0 area 1
int lo 200ip vrf forwarding VNP_Aip address 150.1.66.66 255.255.255.255
router bgp 100address-family ipv4 vrf VNP_A
network 150.1.66.66 mask 255.255.255.255
• At SW1int e0/3
no swip address 155.1.78.7 255.255.255.0ip ospf cost 9999
int e1/0.67no ip vrf forwarding VPN_Aip address 155.1.67.7 255.255.255.0
int lo101ip add 172.16.7.7 255.255.255.0
no router ospf 1router ospf 1
network 0.0.0.0 255.255.255.255 area 1• At SW2
int e0/3no swip address 155.1.78.8 255.255.255.0ip ospf cost 9999
14.9 PE- CE Routing with EIGRP
R5
R4
R6
RR
Vl58
Vpn_a
vl67Vpn_a
Bgp vpnv4
Lo1 172.16.5.5/24
EIGRP
EIGRP
SW2
Lo 172.16.8.8/24
Redistribute bgp into vrf VPN_A eigrp
Redistribute vrf VNP_A eigrp into vrf VPN_A bgp
Redistribute bgp into vrf VPN_A eigrp
Redistribute vrf VNP_A eigrpinto vrf VPN_A bgp SW1
Lo 172.16.7.7
Backdoor link
Vlan 43204.12.1.0/24
EIGRPVPN_A
Redistribute vrf VPN_A EIGRPinto BGP
Redistribute bgp into vrf VPN_A eigrp
Delay 1000
Vrf VPN_A
14.9 PE- CE Routing with EIGRP• At R4
ip vrf VPN_Ard 100:1route-target both 100:1router eigrp 100no autoaddress-family ipv4 vrf VPN_Aautonomous-system 100network 204.12.1.0 0.0.0.255redistribute bgp 100 metric 1 1 1 1 1
router bgp 100 address-family ipv4 vrf VPN_Aredistribute eigrp 100
int e0/0ip vrf forwarding VPN_Aip address 204.12.1.4 255.255.255.0
• At R5no router ospf 100router eigrp 100
no autoaddress-family ipv4 vrf VPN_A
autonomous-system 100network 155.1.58.5 0.0.0.0redistribute bgp 100 metric 1 1 1 1 1
router bgp 100address-family ipv4 vrf VPN_A
redistribute eigrp 100
• At R6no router ospf 100router eigrp 100
no autoaddress-family ipv4 vrf VNP_A
autononous-system 100network 155.1.67.6 0.0.0.0
router bgp 100address-family ipv4 vrf VNP_A
redistribute eigrp 100
• At SW1 – SW2no router ospf 1router eigrp 100
no autosummnetwork 0.0.0.0 255.255.255.255
int e0/3delay 1000 /// to be sure it will be
backdoor.
14.10 EIGRP SITE OF ORIGIN
R5
R4
R6
RR
Vl58
Vpn_a
vl67Vpn_a
Bgp vpnv4
Lo1 172.16.5.5/24
BGP AS 78
BGP AS 78
SW2
Lo 172.16.8.8/24
SW1Lo 172.16.7.7
AS100
Vrf VPN_A
Backdoor link
SW1SW2
R5 R6
100:15
100:15
100:16
100:16
14.10 EIGRP Site-of-Origin
• At R5route-map EIGRP-SOOset extcommunity soo 100:15int e0/0ip vrf sitemap EIGRP-SOO
• At R6route-map EIGRP-SOOset extcommunity soo 100:16int e0/0.67ip vrf sitemap EIGRP-SOO
• At SW2route-map EIGRP-SOO
set extcommunity soo 100:15int e0/2
ip vrf sitemap EIGRP-SOO
• At SW1route-map EIGRP-SOO
set extcommunity soo 100:16int e0/2
ip vrf sitemap EIGRP-SOO
14.11 PE- CE Routing with BGP
R5
R4
R6
RR
Vl58
Vpn_a
vl67Vpn_a
Bgp vpnv4
Lo1 172.16.5.5/24
BGP AS 78
BGP AS 78
SW2
Lo 172.16.8.8/24
SW1Lo 172.16.7.7
AS100
Vrf VPN_A
AS78 overrided AS100
AS78 overrided AS100
• Farklı yerlerde aynı AS’in kullanılması; aynı AS ile gelen bilginin alınmayacağından prefix’in filtrelenmesine yol açar. Bunu çözmek için allowas-in ile as-override yapabliriz.
14.11 PE- CE Routing with BGP
• At R5no router eigrp 100router bgp 100
address-family ipv4 vrf VPN_Aneighbor 155.1.58.8 remote-as 78neighbor 155.1.58.8 as-override
• At R6no router eigrp 100router bgp 100
address-family ipv4 vrf VNP_Aneighbor 155.1.67.7 remote-as 78neighbor 155.1.67.7 as-override
• At SW1no router eigrp 100router bgp 78neighbor 155.1.67.6 remote-as 100network 150.1.7.0 mask 255.255.255.0
• At SW2no router eigrp 100router bgp 78neighbor 155.1.58.5 remote-as 100network 150.1.8.0 mask 255.255.255.0
14.12 BGP SoO Attribute
R5
R4
R6
RR
Vl58
Vpn_a
vl67Vpn_a
Bgp vpnv4
Lo1 172.16.5.5/24
BGP AS 78
BGP AS 78
SW2
Lo 172.16.8.8/24
SW1Lo 172.16.7.7
AS100
Backdoor link
Soo 100:1
Soo 100:1Vrf VPN_A
14.12 BGP SoO Attribute
• At R5router bgp 100
address-family ipv4 vrf VPN_Aneighbor 155.1.58.8 soo
100:1
• At R6router bgp 100
address-family ipv4 vrf VNP_Aneighbor 155.1.67.7 soo
100:1
SW1SW2
R5 R6
ibgp
ebgp ebgp
Bgp vpn
Soo 100:1 Soo 100:1
• At SW1router bgp 78
neighbor 155.1.78.8 remote-as 78
• At SW2router bgp 78
neighbor 155.1.78.7 remote-as 78
///CE’lerde backdoor komşuluğunu ekledik.
14.13 Internet Access• At R6
router ripvers 2no auto-sumnetwork 54.0.0.0ip route vrf VNP_A 0.0.0.0 0.0.0.0 54.1.1.254 global
router bgp 100address-family ipv4 vrf VNP_Adefault-information originateredistribute staticint s2/0ip nat outsideint e0/0.146ip nat insideint e0/0.67ip nat insideip access-list standard VPN-PREFIXESpermit 150.1.0.0 0.0.255.255ip nat inside source list VPN-PREFIXES interface s2/0 vrf VNP_A overload
14.14 AToM
R5
R4
R6
RR
Vl58
Vpn_a
vl67Vpn_a
Layer 2 vpn Bgp vpnv4
AS100
Vl 5 (e0/1)
E0/1
14.14 AToM
• At R5default interface e0/1int e0/1xconnect 150.1.6.6 100 encapsulation mpls
mpls ldp neighbor 150.1.6.6 password CISCO
• At R6int e0/1no shxconnect 150.1.5.5 100 encapsulation mpls
mpls ldp neighbor 150.1.5.5 password CISCO
• R5 ve R6 ya bağlı olan sw3 ve sw4 interfacelerine ip verip birbirlerini pingleyebiliriz.
14.15 L2TPV3
• At R5, similiar at R6pseudowire-class L2TPV3
encapsulation l2tpv3ip local interface lo0ip pmtuip dfbit setip tos reflect
default int e0/1int e0/1
xconnect 150.1.6.6 100 encapsulation l2tpv3 pw-class L2TPV3
14.16 MPLS VPN Performance Tuning
• At R4router bgp 100
address-family vpnv4 unicastneighbor 150.1.5.5 advertisement-interval 0neighbor 150.1.6.6 advertisement-interval 0
• At R5; R6router bgp 100
address-family vpnv4 unicastneighbor 150.1.4.4 advertisement-internal 0bgp scan import 5
