jueves, 22 de julio de 2010

IS-IS PE-CE

IS-IS como IGP CE/PE
EL IOS permite implementar IS-IS como protocolo entre Provider Edge y Customer Egde.

IGP/LDP en Core
------------------------------------------------------------------------------------------------------------------------------------------------------------
R2
interface FastEthernet0/0
ip ospf network point-to-point
ip ospf 1 area 0

interface FastEthernet1/0
ip ospf network point-to-point
ip ospf 1 area 0

interface Loopback0
ip ospf 1 area 0

ip cef
mpls ip
mpls label protocol ldp
mpls ldp router-id loopback 0 force
mpls label range 210 299 static 200 209
mpls static binding ipv4 10.0.0.3 255.255.255.255 203
mpls static binding ipv4 10.0.0.4 255.255.255.255 204
mpls static binding ipv4 10.0.0.5 255.255.255.255 205

router ospf 1
mpls ldp autoconfig area 0
router-id 10.0.0.2
log-adjacency-changes
passive-interface Loopback0

R3
interface FastEthernet0/0
ip ospf network point-to-point
ip ospf 1 area 0

interface FastEthernet1/0
ip ospf network point-to-point
ip ospf 1 area 0

interface Loopback0
ip ospf 1 area 0

ip cef
mpls ip
mpls label protocol ldp
mpls ldp router-id loopback 0 force
mpls label range 310 399 static 300 309
mpls static binding ipv4 10.0.0.2 255.255.255.255 302
mpls static binding ipv4 10.0.0.4 255.255.255.255 304
mpls static binding ipv4 10.0.0.5 255.255.255.255 305

router ospf 1
mpls ldp autoconfig area 0
router-id 10.0.0.3
log-adjacency-changes
passive-interface Loopback0
R4
interface FastEthernet0/0
ip ospf network point-to-point
ip ospf 1 area 0

interface FastEthernet0/1
ip ospf network point-to-point
ip ospf 1 area 0

interface FastEthernet1/0
ip ospf network point-to-point
ip ospf 1 area 0

interface Loopback0
ip ospf 1 area 0

ip cef
mpls ip
mpls label protocol ldp
mpls ldp router-id loopback 0 force
mpls label range 410 499 static 400 409
mpls static binding ipv4 10.0.0.2 255.255.255.255 402
mpls static binding ipv4 10.0.0.3 255.255.255.255 403
mpls static binding ipv4 10.0.0.5 255.255.255.255 405

router ospf 1
mpls ldp autoconfig area 0
router-id 10.0.0.4
log-adjacency-changes
passive-interface Loopback0


R5
interface FastEthernet0/0
ip ospf network point-to-point
ip ospf 1 area 0

interface Loopback0
ip ospf 1 area 0

ip cef
mpls ip
mpls label protocol ldp
mpls ldp router-id loopback 0 force
mpls label range 510 599 static 500 509
mpls static binding ipv4 10.0.0.2 255.255.255.255 502
mpls static binding ipv4 10.0.0.4 255.255.255.255 504
mpls static binding ipv4 10.0.0.3 255.255.255.255 503

router ospf 1
mpls ldp autoconfig area 0
router-id 10.0.0.5
log-adjacency-changes
passive-interface Loopback0


R4#show mpls ldp discovery
Local LDP Identifier:
10.0.0.4:0
Discovery Sources:
Interfaces:
FastEthernet0/0 (ldp): xmit/recv
LDP Id: 10.0.0.2:0
FastEthernet0/1 (ldp): xmit/recv
LDP Id: 10.0.0.3:0
FastEthernet1/0 (ldp): xmit/recv
LDP Id: 10.0.0.5:0

R2#show mpls ldp discovery
Local LDP Identifier:
10.0.0.2:0
Discovery Sources:
Interfaces:
FastEthernet0/0 (ldp): xmit/recv
LDP Id: 10.0.0.3:0
FastEthernet1/0 (ldp): xmit/recv
LDP Id: 10.0.0.4:0

R3#show mpls ldp discovery
Local LDP Identifier:
10.0.0.3:0
Discovery Sources:
Interfaces:
FastEthernet0/0 (ldp): xmit/recv
LDP Id: 10.0.0.2:0
FastEthernet1/0 (ldp): xmit/recv
LDP Id: 10.0.0.4:0

R5#show mpls ldp discovery
Local LDP Identifier:
10.0.0.5:0
Discovery Sources:
Interfaces:
FastEthernet0/0 (ldp): xmit/recv
LDP Id: 10.0.0.4:0

R4#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
402 Pop Label 10.0.0.2/32 0 Fa0/0 10.1.24.2
403 Pop Label 10.0.0.3/32 0 Fa0/1 10.1.34.3
405 Pop Label 10.0.0.5/32 0 Fa1/0 10.1.45.5
410 Pop Label 10.1.23.0/24 0 Fa0/0 10.1.24.2
Pop Label 10.1.23.0/24 0 Fa0/1 10.1.34.3

---------------------------------------------------------------------------------------------

MP-iBGP

Para el intercambio de etiquetas vpnv4 usamos MP-iBGP en AS1. R4 es el Route-Reflector y sus clientes son R2, R3, y R5. Para minimizar la configuración y los recursos usaremos peer-group en el RR.

---------------------------------------------------------------------------------------------

R2
router bgp 1
bgp router-id 10.0.0.2
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.0.0.4 remote-as 1
neighbor 10.0.0.4 update-source Loopback0

address-family vpnv4
neighbor 10.0.0.4 activate
neighbor 10.0.0.4 send-community extended
exit-address-family

R3
router bgp 1
bgp router-id 10.0.0.3
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.0.0.4 remote-as 1
neighbor 10.0.0.4 update-source Loopback0

address-family vpnv4
neighbor 10.0.0.4 activate
neighbor 10.0.0.4 send-community extended
exit-address-family


R5
router bgp 1
bgp router-id 10.0.0.5
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.0.0.4 remote-as 1
neighbor 10.0.0.4 update-source Loopback0
!
address-family vpnv4
neighbor 10.0.0.4 activate
neighbor 10.0.0.4 send-community extended
exit-address-family

R4
router bgp 1
bgp router-id 10.0.0.4
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor AS1 peer-group
neighbor AS1 remote-as 1
neighbor AS1 description INTERNOS
neighbor AS1 update-source Loopback0
neighbor 10.0.0.2 peer-group AS1
neighbor 10.0.0.3 peer-group AS1
neighbor 10.0.0.5 peer-group AS1

address-family vpnv4
neighbor AS1 send-community extended
neighbor AS1 route-reflector-client
neighbor 10.0.0.2 activate
neighbor 10.0.0.3 activate
neighbor 10.0.0.5 activate
exit-address-family

R4#show bgp vpnv4 unicast all peer-group
BGP peer-group is AS1, remote AS 1
Description: INTERNOS
BGP version 4
Neighbor sessions:
0 active, is multisession capable
Default minimum time between advertisement runs is 0 seconds

For address family: VPNv4 Unicast
BGP neighbor is AS1, peer-group internal, members:
10.0.0.2 10.0.0.3 10.0.0.5
Index 0
Route-Reflector Client
Update messages formatted 0, replicated 0
Number of NLRIs in the update sent: max 0, min 0


R4#show bgp vpnv4 unicast all summary
BGP router identifier 10.0.0.4, local AS number 1
BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.0.0.2 4 1 8 6 1 0 0 00:04:18 0
10.0.0.3 4 1 8 8 1 0 0 00:04:18 0
10.0.0.5 4 1 7 6 1 0 0 00:04:14 0
---------------------------------------------------------------------------------------------

VPN Sitio 1 IGP CE-PE
En ISIS la configuracion requiere que activemos la VRF dentro del proceso ISIS con el comando vrf nombre_vrf. Al igual que otros IGPs, activamos la vrf para el enlace PE-CE con el comando ip vrf forwarding nombre_vrf o vrf forwarding nombre_vrf dependiendo del formato de VRF que estemos usando.
Activamos luego ISIS en la interface con la etiquetas del proceso ISIS que hemos configurado, la configuración tipica.

---------------------------------------------------------------------------------------------

R2
vrf definition A
rd 1:1
!
address-family ipv4
route-target export 1:1
route-target import 1:1
exit-address-family

router isis A
vrf A
net 49.0001.0000.0000.0002.00
is-type level-2-only
log-adjacency-changes
redistribute bgp 1

interface FastEthernet0/1
vrf forwarding A
ip address 10.1.12.2 255.255.255.0
ip router isis A
isis circuit-type level-2-only

router bgp 1
address-family ipv4 vrf A
no synchronization
redistribute isis A level-2
exit-address-family

R3
vrf definition A
rd 1:1
!
address-family ipv4
route-target export 1:1
route-target import 1:1
exit-address-family

router isis A
vrf A
net 49.0001.0000.0000.0003.00
is-type level-2-only
log-adjacency-changes
redistribute bgp 1

interface FastEthernet0/1
vrf forwarding A
ip address 10.1.13.3 255.255.255.0
ip router isis A
isis circuit-type level-2-only

router bgp 1
address-family ipv4 vrf A
no synchronization
redistribute isis A level-2
exit-address-family

R1
interface FastEthernet0/0
ip address 10.1.12.1 255.255.255.0
ip router isis
isis circuit-type level-2-only

interface FastEthernet0/1
ip address 10.1.13.1 255.255.255.0
ip router isis
isis circuit-type level-2-only

router isis
net 49.0001.0000.0000.0001.00
passive-interface Loopback0

R2#show isis A neighbors
System Id Type Interface IP Address State Holdtime Circuit Id
R1 L2 Fa0/1 10.1.12.1 UP 28 R2.01

R2#show isis A database

IS-IS Level-2 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
R1.00-00 0x0000000D 0xAC1A 805 0/0/0
R2.00-00 * 0x00000078 0x4B18 866 0/0/0
R2.01-00 * 0x00000007 0x02D1 717 0/0/0
R3.00-00 0x00000078 0xD80A 983 0/0/0
R3.01-00 0x00000007 0x08C9 851 0/0/0

R1#show clns neighbors
System Id Interface SNPA State Holdtime Type Protocol
R2 Fa0/0 ca03.079c.0006 Up 9 L2 IS-IS
R3 Fa0/1 ca05.0080.0006 Up 9 L2 IS-IS

R1#show isis neighbors
System Id Type Interface IP Address State Holdtime Circuit Id
R2 L2 Fa0/0 10.1.12.2 UP 9 R2.01
R3 L2 Fa0/1 10.1.13.3 UP 9 R3.01

R2#sh ip route vrf A isis
Routing Table: A
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
i L2 10.1.13.0/24 [115/20] via 10.1.12.1, FastEthernet0/1
100.0.0.0/32 is subnetted, 1 subnets
i L2 100.0.0.1 [115/10] via 10.1.12.1, FastEthernet0/1
------------------------------------------------------------------------------------------------------------------------------------------------------------

VPN Sitio 2

------------------------------------------------------------------------------------------------------------------------------------------------------------
R5
vrf definition A
rd 1:1
!
address-family ipv4
route-target export 1:1
route-target import 1:1
exit-address-family

router isis A
vrf A
net 49.0001.0000.0000.0005.00
is-type level-2-only
log-adjacency-changes
redistribute bgp 1

interface FastEthernet0/1
vrf forwarding A
ip address 10.1.56.5 255.255.255.0
ip router isis A
isis circuit-type level-2-only

router bgp 1
address-family ipv4 vrf A
no synchronization
redistribute isis A level-2
exit-address-family


R6
interface FastEthernet0/0
ip address 10.1.56.6 255.255.255.0
ip router isis
isis circuit-type level-2-only

router isis
net 49.0001.0000.0000.0006.00
passive-interface Loopback0


R5#show isis A neighbors
System Id Type Interface IP Address State Holdtime Circuit Id
R6 L2 Fa0/1 10.1.56.6 UP 8 R6.01

R5#show isis A database
IS-IS Level-2 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
R5.00-00 * 0x0000000B 0xEEBC 1030 0/0/0
R6.00-00 0x00000009 0x0BC5 886 0/0/0
R6.01-00 0x00000007 0x7E49 1122 0/0/0

R6#show clns neighbors
System Id Interface SNPA State Holdtime Type Protocol
R5 Fa0/0 ca00.0474.0006 Up 28 L2 IS-IS

R6#show isis neighbors
System Id Type Interface IP Address State Holdtime Circuit Id
R5 L2 Fa0/0 10.1.56.5 UP 24 R6.01

R5#sh ip route vrf A isis
Routing Table: A
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
100.0.0.0/32 is subnetted, 2 subnets
i L2 100.0.0.6 [115/10] via 10.1.56.6, FastEthernet0/1


R1#sh ip route isis
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
100.0.0.0/32 is subnetted, 2 subnets
i L2 100.0.0.6 [115/10] via 10.1.13.3, FastEthernet0/1

R1#traceroute 100.0.0.6 probe 1
1 10.1.13.3 92 msec
2 10.1.34.4 [MPLS: Labels 405/513 Exp 0] 172 msec
3 10.1.56.5 [MPLS: Label 513 Exp 0] 152 msec
4 10.1.56.6 220 msec

R6#sh ip route isis
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
i L2 10.1.12.0/24 [115/10] via 10.1.56.5, FastEthernet0/0
i L2 10.1.13.0/24 [115/10] via 10.1.56.5, FastEthernet0/0
100.0.0.0/32 is subnetted, 2 subnets
i L2 100.0.0.1 [115/10] via 10.1.56.5, FastEthernet0/0

R6#traceroute 100.0.0.1 source loopback 0 probe 1
1 10.1.56.5 100 msec
2 10.1.45.4 [MPLS: Labels 402/213 Exp 0] 180 msec
3 10.1.12.2 [MPLS: Label 213 Exp 0] 152 msec
4 10.1.12.1 148 msec
---------------------------------------------------------------------------------------------

Nota: Sitio 1 es dual home (dos salidas), para este escenario el bit UP/Down debe estar establecido por los PEs o las rutas redistribuidas de BGP a IS-IS volverán a ser redistribuidas de IS-IS a BGP. El siguiente ejemplo nos muestra un paquete dirección origen 100.0.0.1 con direccion destino 100.0.0.6 en un loop infinito (poner atencion al muñequeo entre CE-R1 y PE-R3). El proceso ISIS se encarga de establecer el bit y evita este problema.

---------------------------------------------------------------------------------------------

R1#traceroute 100.0.0.6 source loopback 0
1 10.1.12.2 52 msec
10.1.13.3 208 msec
10.1.12.2 96 msec
2 10.1.13.1 60 msec
10.1.12.1 28 msec
10.1.13.1 24 msec
3 10.1.13.3 128 msec 124 msec 108 msec
4 10.1.13.1 48 msec 100 msec 88 msec
5 10.1.13.3 148 msec 156 msec 148 msec
6 10.1.13.1 112 msec 120 msec 132 msec
7 10.1.13.3 188 msec 136 msec 168 msec
8 10.1.13.1 168 msec * *
9 10.1.13.3 208 msec 204 msec 208 msec
10 10.1.13.1 188 msec 200 msec 140 msec
11 10.1.13.3 216 msec 304 msec 336 msec
12 10.1.13.1 220 msec 216 msec 208 msec
13 10.1.13.3 280 msec 332 msec 336 msec
14 10.1.13.1 244 msec * *
15 10.1.13.3 272 msec 304 msec 236 msec
16 10.1.13.1 280 msec 280 msec 264 msec
17 10.1.13.3 372 msec 372 msec 436 msec
18 10.1.13.1 372 msec 292 msec 328 msec
19 10.1.13.3 520 msec * *
20 10.1.13.1 316 msec 392 msec 368 msec
21 10.1.13.3 404 msec 540 msec 396 msec
22 10.1.13.1 416 msec 416 msec 388 msec
23 10.1.56.6 864 msec * *
---------------------------------------------------------------------------------------------

No hay comentarios:

Publicar un comentario