miércoles, 21 de julio de 2010

Lab MPLS 1.6d MPLS VPN

Sitio 3

· Crear la VPN C en Sitio 3 (ver figura). Utilizar RD/RT 1:3.

· Configurar OSPF 10 area 0 sin eleccion de DR

· Redistribuir mutuamente OSPF/BGP en R4 (PE).

· Debe existir comunicación entre Sitio 1 y Sitio 3

· R10 debe crear y redistribuir la loopback 150. Las redes de la loopback 150 que tengan el tercer octeto impar deben ser tipo E1, las pares E2.

· Las rutas Externas deben verse con el tipo configurado en Sitio 1.


En R4 creamos la vrf C con RD/RT 1:3. Aplicamos la vrf a la interface fastEthernet 0/0. Configuramos OSPF 10 para la verf C.

R10 publica en OSPF 10 la red 150.0.0.0/16. Esta incluye tanto la red primaria como secundaria de la loopback 150. R2 y R3 importan las redes que se distribuyen en R4.

Ejemplo 5-23 Configuración PE R4
─────────────────────────────────────────────────────────────────

R4
ip vrf C
rd 1:3
route-target export 1:3

interface FastEthernet0/0
ip vrf forwarding C
ip address 172.16.104.4 255.255.255.0
ip ospf network point-to-point

router ospf 10 vrf C
router-id 4.4.4.4
log-adjacency-changes
redistribute bgp 1 subnets
network 172.16.104.4 0.0.0.0 area 0

router bgp 1
address-family ipv4 vrf C
redistribute ospf 10 vrf C match internal external 1 external 2

R4#show ip vrf C
Name Default RD Interfaces
C 1:3 Fa0/0

─────────────────────────────────────────────────────────────────

· Configurar OSPF 10 area 0 sin eleccion de DR

· R10 debe crear y publicar loopback 0 (100.0.0.10/32)

· R10 debe crear (primaria y secundaria) y redistribuir la loopback 150. Las redes de la loopback 150 que tengan el tercer octeto pares deben ser tipo E1, las pares E2.




Ejemplo 5-24 Configuración CE R10
─────────────────────────────────────────────────────────────────

R10
interface FastEthernet0/0
ip ospf network point-to-point

interface Loopback150
ip address 150.0.0.10 255.255.255.0
ip address 150.0.1.10 255.255.255.0 secondary
ip address 150.0.2.10 255.255.255.0 secondary
ip address 150.0.3.10 255.255.255.0 secondary
ip address 150.0.4.10 255.255.255.0 secondary
ip address 150.0.5.10 255.255.255.0 secondary
ip address 150.0.6.10 255.255.255.0 secondary
ip address 150.0.7.10 255.255.255.0 secondary



router ospf 10
router-id 100.0.0.10
log-adjacency-changes
network 100.0.0.10 0.0.0.0 area 0
network 172.16.104.10 0.0.0.0 area 0

R10#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
4.4.4.4 0 FULL/ - 00:00:36 172.16.104.4 FastEthernet0/0

R4#show ip ospf 10 neighbor
Neighbor ID Pri State Dead Time Address Interface
100.0.0.10 0 FULL/ - 00:00:39 172.16.104.10 FastEthernet0/0

─────────────────────────────────────────────────────────────────

· R10 debe crear y redistribuir la loopback 150. Las redes de la loopback 150 que tengan el tercer octeto impar deben ser tipo E1, las pares E2.


Si no indicamos la metrica en la redistribución OSPF establece una de 20 por defecto.

Ejemplo 5-25 Configuración Redistribución Redes 150 en R10
─────────────────────────────────────────────────────────────────

R10
ip access-list standard IMPARES
permit 150.0.1.0 0.0.254.255

ip access-list standard PARES
permit 150.0.0.0 0.0.254.255
!
route-map LOOPBACK-150 permit 10
match ip address PARES
set metric-type type-2
!
route-map LOOPBACK-150 permit 20
match ip address IMPARES
set metric-type type-1


router ospf 10
redistribute connected subnets route-map LOOPBACK-150

R4#sh ip route vrf C ospf
Routing Table: C
100.0.0.0/32 is subnetted, 3 subnets
O 100.0.0.10 [110/2] via 172.16.104.10, 00:10:04, FastEthernet0/0
150.0.0.0/24 is subnetted, 8 subnets
O E2 150.0.6.0 [110/20] via 172.16.104.10, 00:05:02, FastEthernet0/0
O E1 150.0.7.0 [110/21] via 172.16.104.10, 00:04:24, FastEthernet0/0
O E2 150.0.4.0 [110/20] via 172.16.104.10, 00:05:02, FastEthernet0/0
O E1 150.0.5.0 [110/21] via 172.16.104.10, 00:04:24, FastEthernet0/0
O E2 150.0.2.0 [110/20] via 172.16.104.10, 00:05:02, FastEthernet0/0
O E1 150.0.3.0 [110/21] via 172.16.104.10, 00:04:24, FastEthernet0/0
O E2 150.0.0.0 [110/20] via 172.16.104.10, 00:05:59, FastEthernet0/0
O E1 150.0.1.0 [110/21] via 172.16.104.10, 00:04:51, FastEthernet0/0
─────────────────────────────────────────────────────────────────

Los sitios 1 y 3 no tienen conocimiento el uno del otro.

Ejemplo 5-26
─────────────────────────────────────────────────────────────────

R2#show bgp vpnv4 unicast rd 1:3
SIN PREFIJOS

R3#show bgp vpnv4 unicast rd 1:3
SIN PREFIJOS

R4#show bgp vpnv4 unicast rd 1:1
SIN PREFIJOS

─────────────────────────────────────────────────────────────────


Importamos los prefijos utilizando route-target import en la vrf correspondiente a cada Sitio (Sitio1 y Sitio3), luego comprobamos que las rutas se estén instaladas en la tabla VPN de los Providers Edge R2, R3 y R4.


Ejemplo 5-27
─────────────────────────────────────────────────────────────────

R2
ip vrf A
route-target import 1:3

R3
ip vrf A
route-target import 1:3

R4
ip vrf C
route-target import 1:1

─────────────────────────────────────────────────────────────────


Ejemplo 5-28
─────────────────────────────────────────────────────────────────

R2#show bgp vpnv4 unicast rd 1:3
BGP table version is 46, local router ID is 10.0.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:3
*>i100.0.0.10/32 10.0.0.4 2 100 0 ?
*>i150.0.0.0/24 10.0.0.4 20 100 0 ?
*>i150.0.1.0/24 10.0.0.4 21 100 0 ?
*>i150.0.2.0/24 10.0.0.4 20 100 0 ?
*>i150.0.3.0/24 10.0.0.4 21 100 0 ?
*>i150.0.4.0/24 10.0.0.4 20 100 0 ?
*>i150.0.5.0/24 10.0.0.4 21 100 0 ?
*>i150.0.6.0/24 10.0.0.4 20 100 0 ?
*>i150.0.7.0/24 10.0.0.4 21 100 0 ?
*>i172.16.104.0/24 10.0.0.4 0 100 0 ?

R3#show bgp vpnv4 unicast rd 1:3
BGP table version is 49, local router ID is 10.0.0.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:3
*>i100.0.0.10/32 10.0.0.4 2 100 0 ?
*>i150.0.0.0/24 10.0.0.4 20 100 0 ?
*>i150.0.1.0/24 10.0.0.4 21 100 0 ?
*>i150.0.2.0/24 10.0.0.4 20 100 0 ?
*>i150.0.3.0/24 10.0.0.4 21 100 0 ?
*>i150.0.4.0/24 10.0.0.4 20 100 0 ?
*>i150.0.5.0/24 10.0.0.4 21 100 0 ?
*>i150.0.6.0/24 10.0.0.4 20 100 0 ?
*>i150.0.7.0/24 10.0.0.4 21 100 0 ?
*>i172.16.104.0/24 10.0.0.4 0 100 0 ?

R4#show bgp vpnv4 unicast rd 1:1
BGP table version is 76, local router ID is 10.0.0.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1
*>i20.0.0.2/32 10.0.0.2 0 100 0 i
*>i30.0.0.3/32 10.0.0.3 0 100 0 i
*>i100.0.0.8/32 10.0.0.2 2 100 0 ?
*>i100.0.0.9/32 10.0.0.3 2 100 0 ?
*>i172.16.28.0/24 10.0.0.2 0 100 0 ?
*>i172.16.39.0/24 10.0.0.3 0 100 0 ?
*>i172.16.89.0/24 10.0.0.2 7 100 0 ?
* i 10.0.0.3 7 100 0 ?
─────────────────────────────────────────────────────────────────

Verificamos que las rutas de Sitio 1 se han propagado a Sitio 3. Como vemos las etiqutas para el Forwarding Equivalence Class (FEC) son las mismas (traceroute 150)

Ejemplo 5-29
─────────────────────────────────────────────────────────────────

R10#sh ip route ospf
100.0.0.0/32 is subnetted, 3 subnets
O E2 100.0.0.8 [110/2] via 172.16.104.4, 02:41:24, FastEthernet0/0
O E2 100.0.0.9 [110/2] via 172.16.104.4, 00:07:33, FastEthernet0/0
20.0.0.0/32 is subnetted, 1 subnets
O E2 20.0.0.2 [110/1] via 172.16.104.4, 02:41:24, FastEthernet0/0
172.16.0.0/24 is subnetted, 4 subnets
O E2 172.16.39.0 [110/1] via 172.16.104.4, 00:07:33, FastEthernet0/0
O E2 172.16.28.0 [110/1] via 172.16.104.4, 02:41:24, FastEthernet0/0
O E2 172.16.89.0 [110/7] via 172.16.104.4, 02:41:39, FastEthernet0/0
30.0.0.0/32 is subnetted, 1 subnets
O E2 30.0.0.3 [110/1] via 172.16.104.4, 00:07:33, FastEthernet0/0


R2
router bgp 1
address-family vpnv4
neighbor 10.0.0.4 route-map SHAM-PRE out
neighbor 10.0.0.5 route-map SHAM-PRE out

R3
router bgp 1
address-family vpnv4
neighbor 10.0.0.4 route-map SHAM-PRE out
neighbor 10.0.0.5 route-map SHAM-PRE out

R10#sh ip route ospf
100.0.0.0/32 is subnetted, 3 subnets
O E2 100.0.0.8 [110/2] via 172.16.104.4, 02:48:01, FastEthernet0/0
O E2 100.0.0.9 [110/2] via 172.16.104.4, 00:14:10, FastEthernet0/0
172.16.0.0/24 is subnetted, 4 subnets
O E2 172.16.39.0 [110/1] via 172.16.104.4, 00:14:10, FastEthernet0/0
O E2 172.16.28.0 [110/1] via 172.16.104.4, 02:48:01, FastEthernet0/0
O E2 172.16.89.0 [110/7] via 172.16.104.4, 02:48:15, FastEthernet0/0

R9#traceroute 150.0.4.10
1 172.16.39.3 56 msec 120 msec 32 msec
2 10.1.13.1 [MPLS: Labels 1002/4013 Exp 0] 124 msec 132 msec 120 msec
3 172.16.104.4 [MPLS: Label 4013 Exp 0] 128 msec 164 msec 64 msec
4 172.16.104.10 184 msec * 152 msec

R8#traceroute 150.0.3.10
1 172.16.28.2 120 msec 32 msec 32 msec
2 10.1.12.1 [MPLS: Labels 1002/4016 Exp 0] 120 msec 120 msec 164 msec
3 172.16.104.4 [MPLS: Label 4016 Exp 0] 108 msec 116 msec 112 msec
4 172.16.104.10 120 msec * 192 msec

R10#traceroute 100.0.0.8
1 172.16.104.4 32 msec 60 msec 60 msec
2 10.1.14.1 [MPLS: Labels 1000/2009 Exp 0] 152 msec 140 msec 104 msec
3 172.16.28.2 [MPLS: Label 2009 Exp 0] 148 msec 52 msec 120 msec
4 172.16.28.8 140 msec * 136 msec

R10#traceroute 100.0.0.9
1 172.16.104.4 52 msec 12 msec 64 msec
2 10.1.14.1 [MPLS: Labels 1001/3013 Exp 0] 100 msec 164 msec 148 msec
3 172.16.39.3 [MPLS: Label 3013 Exp 0] 120 msec 60 msec 136 msec
4 172.16.39.9 136 msec * 184 msec

─────────────────────────────────────────────────────────────────

Tenemos conexión entre sitios, pero se presenta un problema. Los prefijos desde Sitio 3 no tienen el tipo esperado en sitio 1. Incluso el enlace PE/CE de Sitio 3 se ve como externo en sitio 1. El problema está en el numero del proceso entre los PEs. R4 tiene el process-ID 10 y los PEs de Sitio 1 (R2/R3) utilizan el process-id 100. Para que se los prefijos se propaguen con el tipo OSPF original debemos cambiar el process-id en todos los PEs que participan en la redistribución Sitio1/Sitio3 o utilizar el comando domain-id en el proceso OSPF de R4.


Ejemplo 5-30
─────────────────────────────────────────────────────────────────

R8#sh ip route ospf
100.0.0.0/32 is subnetted, 5 subnets
O IA 100.0.0.6 [110/3] via 172.16.28.2, 05:07:04, FastEthernet0/0
O IA 100.0.0.7 [110/3] via 172.16.28.2, 05:07:04, FastEthernet0/0
O 100.0.0.9 [110/5] via 172.16.28.2, 05:05:47, FastEthernet0/0
O E2 100.0.0.10 [110/2] via 172.16.28.2, 05:07:04, FastEthernet0/0
172.16.0.0/24 is subnetted, 4 subnets
O 172.16.39.0 [110/4] via 172.16.28.2, 05:05:47, FastEthernet0/0
O E2 172.16.104.0 [110/1] via 172.16.28.2, 05:07:04, FastEthernet0/0
O IA 192.168.67.0/24 [110/3] via 172.16.28.2, 08:57:22, FastEthernet0/0
O IA 192.168.100.0/24 [110/2] via 172.16.28.2, 08:57:22, FastEthernet0/0
150.0.0.0/24 is subnetted, 8 subnets
O E2 150.0.6.0 [110/20] via 172.16.28.2, 05:07:04, FastEthernet0/0
O E2 150.0.7.0 [110/21] via 172.16.28.2, 05:07:04, FastEthernet0/0
O E2 150.0.4.0 [110/20] via 172.16.28.2, 05:07:04, FastEthernet0/0
O E2 150.0.5.0 [110/21] via 172.16.28.2, 05:07:04, FastEthernet0/0
O E2 150.0.2.0 [110/20] via 172.16.28.2, 05:07:04, FastEthernet0/0
O E2 150.0.3.0 [110/21] via 172.16.28.2, 05:07:04, FastEthernet0/0
O E2 150.0.0.0 [110/20] via 172.16.28.2, 05:07:04, FastEthernet0/0
O E2 150.0.1.0 [110/21] via 172.16.28.2, 05:07:04, FastEthernet0/0

R9#sh ip route ospf
100.0.0.0/32 is subnetted, 5 subnets
O IA 100.0.0.6 [110/3] via 172.16.39.3, 05:01:11, FastEthernet0/0
O IA 100.0.0.7 [110/3] via 172.16.39.3, 05:01:11, FastEthernet0/0
O 100.0.0.8 [110/5] via 172.16.39.3, 05:08:04, FastEthernet0/0
O E2 100.0.0.10 [110/2] via 172.16.39.3, 05:01:11, FastEthernet0/0
172.16.0.0/24 is subnetted, 4 subnets
O 172.16.28.0 [110/4] via 172.16.39.3, 05:08:04, FastEthernet0/0
O E2 172.16.104.0 [110/1] via 172.16.39.3, 05:01:11, FastEthernet0/0
O IA 192.168.67.0/24 [110/3] via 172.16.39.3, 05:01:11, FastEthernet0/0
O IA 192.168.100.0/24 [110/2] via 172.16.39.3, 05:01:11, FastEthernet0/0
150.0.0.0/24 is subnetted, 8 subnets
O E2 150.0.6.0 [110/20] via 172.16.39.3, 05:01:11, FastEthernet0/0
O E2 150.0.7.0 [110/21] via 172.16.39.3, 05:01:11, FastEthernet0/0
O E2 150.0.4.0 [110/20] via 172.16.39.3, 05:01:11, FastEthernet0/0
O E2 150.0.5.0 [110/21] via 172.16.39.3, 05:01:11, FastEthernet0/0
O E2 150.0.2.0 [110/20] via 172.16.39.3, 05:01:11, FastEthernet0/0
O E2 150.0.3.0 [110/21] via 172.16.39.3, 05:01:11, FastEthernet0/0
O E2 150.0.0.0 [110/20] via 172.16.39.3, 05:01:11, FastEthernet0/0
O E2 150.0.1.0 [110/21] via 172.16.39.3, 05:01:11, FastEthernet0/0


R4(config)#router ospf 10 vrf C
A.B.C.D OSPF domain ID in IP address format
Null Null Domain-ID
type OSPF domain ID type in Hex format

R4(config-router)#domain-id 0.0.0.100

R4#show ip ospf 10
Routing Process "ospf 10" with ID 4.4.4.4
Domain ID type 0x0005, value 0.0.0.100
Start time: 00:54:43.788, Time elapsed: 08:21:53.256
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Connected to MPLS VPN Superbackbone, VRF C
It is an area border and autonomous system boundary router
Redistributing External Routes from,
bgp 1, includes subnets in redistribution
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 8. Checksum Sum 0x03CA82
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Number of areas transit capable is 0
External flood list length 0
IETF NSF helper support enabled
Cisco NSF helper support enabled
Area BACKBONE(0)
Number of interfaces in this area is 1
Area has no authentication
SPF algorithm last executed 08:06:04.256 ago
SPF algorithm executed 5 times
Area ranges are
Number of LSA 7. Checksum Sum 0x0360C5
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0

R8#sh ip route ospf
100.0.0.0/32 is subnetted, 5 subnets
O IA 100.0.0.6 [110/3] via 172.16.28.2, 05:15:22, FastEthernet0/0
O IA 100.0.0.7 [110/3] via 172.16.28.2, 05:15:22, FastEthernet0/0
O 100.0.0.9 [110/5] via 172.16.28.2, 05:14:05, FastEthernet0/0
O IA 100.0.0.10 [110/3] via 172.16.28.2, 00:02:21, FastEthernet0/0
172.16.0.0/24 is subnetted, 4 subnets
O 172.16.39.0 [110/4] via 172.16.28.2, 05:14:05, FastEthernet0/0
O IA 172.16.104.0 [110/2] via 172.16.28.2, 00:02:21, FastEthernet0/0
O IA 192.168.67.0/24 [110/3] via 172.16.28.2, 09:05:40, FastEthernet0/0
O IA 192.168.100.0/24 [110/2] via 172.16.28.2, 09:05:40, FastEthernet0/0
150.0.0.0/24 is subnetted, 8 subnets
O E2 150.0.6.0 [110/20] via 172.16.28.2, 05:15:22, FastEthernet0/0
O E1 150.0.7.0 [110/22] via 172.16.28.2, 00:02:21, FastEthernet0/0
O E2 150.0.4.0 [110/20] via 172.16.28.2, 05:15:22, FastEthernet0/0
O E1 150.0.5.0 [110/22] via 172.16.28.2, 00:02:21, FastEthernet0/0
O E2 150.0.2.0 [110/20] via 172.16.28.2, 05:15:22, FastEthernet0/0
O E1 150.0.3.0 [110/22] via 172.16.28.2, 00:02:21, FastEthernet0/0
O E2 150.0.0.0 [110/20] via 172.16.28.2, 05:15:22, FastEthernet0/0
O E1 150.0.1.0 [110/22] via 172.16.28.2, 00:02:21, FastEthernet0/0


R9#sh ip route ospf
100.0.0.0/32 is subnetted, 5 subnets
O IA 100.0.0.6 [110/3] via 172.16.39.3, 05:07:35, FastEthernet0/0
O IA 100.0.0.7 [110/3] via 172.16.39.3, 05:07:35, FastEthernet0/0
O 100.0.0.8 [110/5] via 172.16.39.3, 05:14:28, FastEthernet0/0
O IA 100.0.0.10 [110/3] via 172.16.39.3, 00:02:35, FastEthernet0/0
172.16.0.0/24 is subnetted, 4 subnets
O 172.16.28.0 [110/4] via 172.16.39.3, 05:14:28, FastEthernet0/0
O IA 172.16.104.0 [110/2] via 172.16.39.3, 00:02:35, FastEthernet0/0
O IA 192.168.67.0/24 [110/3] via 172.16.39.3, 05:07:35, FastEthernet0/0
O IA 192.168.100.0/24 [110/2] via 172.16.39.3, 05:07:35, FastEthernet0/0
150.0.0.0/24 is subnetted, 8 subnets
O E2 150.0.6.0 [110/20] via 172.16.39.3, 05:07:35, FastEthernet0/0
O E1 150.0.7.0 [110/22] via 172.16.39.3, 00:02:35, FastEthernet0/0
O E2 150.0.4.0 [110/20] via 172.16.39.3, 05:07:35, FastEthernet0/0
O E1 150.0.5.0 [110/22] via 172.16.39.3, 00:02:35, FastEthernet0/0
O E2 150.0.2.0 [110/20] via 172.16.39.3, 05:07:35, FastEthernet0/0
O E1 150.0.3.0 [110/22] via 172.16.39.3, 00:02:35, FastEthernet0/0
O E2 150.0.0.0 [110/20] via 172.16.39.3, 05:07:35, FastEthernet0/0
O E1 150.0.1.0 [110/22] via 172.16.39.3, 00:02:35, FastEthernet0/0

─────────────────────────────────────────────────────────────────

No hay comentarios:

Publicar un comentario