Advanced CCIE Routing & Switching 2.0 www.MicronicsTraining.com Narbik Kocharians CCIE #12410 R&S, Security, SP MPLS & L3 VPNsLab1 ing Label Distribution Protocol POS aor. $0038 po anaes fises0 The frame-relay connections should be configured in a Point-to-Point manner The FO’0 interface of RI and R2 should be configured in VLAN 100 The FO/1 interface of R2 and R3 should be configured in VLAN 200 The FO/| interface of RS and R6 should be configured in VLAN 300 The FO'0 interface of R6 and BB| should be configured in VLAN 400 Use the IP addressing identified in the following chartAddressing chart Router | Interface IP Addressing necting Ta: RI 12d (24 10.1.12.2 24 Ri’s FOO 10.1.23.224 3's FOL 2 14 2.2.2.2 24 10,1.23.3 24 RB's FO 50/034 = 10.1.34.3 24 Ra's S043 50/0.35 = 10.1.35.3 24 RS’s $00.53 Ra's S034 RS’s SOS R¥s S07035 Ras $00.45 R6’s FOI RSs FUT BBI's FOO Ros FO Task 1 Configure OSPF ares 0 on sil routers and run this routing protocol on the links connecting the routersto each other and their LoO interface ONLY. Ensure that loopback (O interfaces of these routers are advertised with their correct mask. OnRI Ri(config}*router ospf | R(config-router)#netw 10.1.12.10,0.0.0 are 0 R(config-router) #netw: 1. 1.1.10,0.00 are 0R i(configh#int lod R I(configeif)#p ospf netw pointeiospoint OnR2 R2(confighrouter ospf | 2(config-router)#netw 10. 1.12.20.0.0.0 are 0 onfigerouter) #netw’ 10. 1.23.20.0.0.0 are 0 R2(config-router}#netw 2.2.2,2.0.0.0.0 are 0 R2(config-router) Hint LoD R2(config-if}#p ospf netw point-to-point On R3 R3(config}*router ospf | R3(config-router)#netw 10.1.23.3 0.0.0.0 are 0 R3(config-router)#netw 10. 1.34.3 0.0.0.0 are 0 R3(configerouter)#etw 10. 1.35.3 0.0.0.0 ae 0 R3(config-router)#netw 3.3.3.3.0.0.0.0 are 0 R3(configerouter) #int 100 R3(configeif}#ip ospf netw pointeio-point OnR4 Ra(config)#router ospf | Ra(config-router)#netw 10.1.34.40.0.0.0 are 0 Ra{config-router)#netw 10.1.48.40.0,0.0 are 0 Ra{config-router)#etw 4. 4.4.4.0.0.0.0 are 0 Ra config-router) int [oO Ra{config-if}ip ospf netw point-to-point On RS RS(config#router ospf | R5(config-router)#netw 10.1.45.50.0.0.0 are 0 R(config-router)#netw 10.1.56.50.0.0.0 are 0 RS(config-router)#netw 10.1.38.50.0,0.0 are0 R5(config-router)#netw 5.5.5.50,0.0.0 are R(config-router)#int lo R5(config-if}#ip ospfnetw point-to-pointOnR6 R6(confightrouter ospf | R6(config-router)#netw 10.1.56.60.0.0.0 are 0 R6(config-router)#netw 10.1,67,60.0.0.0 are 0 R6(config-router)#netw 6.6.6.60.0.0.0 are 0 R6(config-ronter) Hint lo R6(config-if}#ip ospf netw point-io-point On BBI RO(config}frouter ospf | RO(config-router) #netw 10. 1.67.7 0.0.0.0 are 0 RO(config-router) #netw 7, 7.7,7.0.0.0.0 are 0 RO(config-router) #int [oO RO(config-if}#ip ospf netw point-to-point Lo verify the configuration: OnRi R#Show ip route ospf | Ine 0 2.2.2.0 [1102] via 10.1.12.2, 00:00:09, FastEthemet0/0 3.3.30 [ 110/3] vis 10.1. 12.2, 00:00:09, FastEthemet0/0 4.4.40 [110/67] via 10. 1.12.2, 00:00:09, FastEthermet(0 5.5.50 [ 110/67] via 10. 1.12.2, 00:00:09, FastEthemet0/0 6.6.6.0 [ 110/68] via 10.1.12.2, 00:00:09, FastEtheret(/0) 0 [10/69] vis 10. 1.12.2, 00:00:09, FastEthemet00 10,1.23.0 [110/2] vis 10.1 12,2, 00:00:09, FastEthemet(0 OQ — 10.1,45.0 [110/130] via 10. 1.12.2, 00:00:09, FastEthemet0/0 © — 10.1.38.0 [11066] via 10. 1.12.2, 00:00:09, FastEthernet00 O 10.1340 [110/66] via 10. 1.12.2, 00:00:09, FastEthernet010 O 10.1560 [110/67] via 10.1.12.2, 00:00:09, FastEthernet00 © — 10.1.67.0 [110/68] via 10.1.12.2, (0:00:09, FastEthernet0'0 OnR2 R2#Show ip route ospf | Inc O. O 1.1.10 [1102] vie 10.1,12.1, 00:0 O 3.3.3.0 [1102] via 10.1.23.34.4.40 [1016 5.5.50 [106 6.6.60 [ 1106 7.7.7.0 [1106 101.450 [ 10,1.35.0 [110/65] via 10.1 101.340 [110/68] via 10.1 10,1.36.0 [110/66] via 10.1 10.1.67.0 [110/67] via 10.1 OnR3 how ip route spf | Inc O 1.1.1.0 [110/3] vie 10.1.2 229 4.4.40 [1106 1 5.5.5.0 [110/65] via 10.1 6.6.6.0 [ 110/66] via 10.1 7.7.7.0 [10/67] via 10,1 10,1.12.0 [110/3] via 10.1 via 10, 10.1.45.0 [110/128] via 10.1 10.1.56.0 [110/68] via 10,1 10,1,67,0 [110/66] via 10.1 OnR4 Ré#Show ip route ospf | Inc 0 1.1.1.0 [110/67] via 10.1 2.2.2.0 [10°66] via 10.1 6.6.6.0 [ O06 7.7.7.0 [M06 10.1,12.0 [110/66] via 10.1 [110/63] via 10.1.34.3, 00:04:10, Serial0/0.. 10.1.23.0 10,1.35.0 [110/128] via 10, 10.1.5 10 OnRSs RS#Show ip route ospf| Inc 0 110/129) via 10. 1. 34.3, 00:04:10, 34.3, (0:04:10, 34.3, 00:04:10, 1.45.5, 00:04:10 FastEthernet0/| FastEthernet(| FastEtherneit'| FastEthernett| 34, FastEthernet(1 23.3, (0:02:34, FastEthernet01 0:02:34, FastEthernet(/1 (0:02:34, FastEthernet(/1 00-02:34, FastEthernet(1 8, FastEthemetOV'1 0 [110/2] via 10.1,23,2, 00:03:18, FastEthemet()'! 34.4, 00:03: 35.5, 00:03 35,3, 0:03: 35.5, 00:03:18, Serialf"0,35 18, Serialf'0.34 18, Serialf"0.35 18, Serialf0,35 2, 00:03: 18, FastEthernet(1 34.4, 00:03:18, Serial00.24 5.5, (0:03:18, Serial0'0.35 5,5, (0:03:18, Serial00 Serialt'0.43 Serialt'0 43 Serialt'0.43 Serialt'0.45 SerialO'0.45 00:04: 10, Serialo’0.45 4.3, 00:04: 10, Seréal("0.43 0:04: 10. 1.34.3, 00:04:10, SerialQ/0.43 6,0 [110/65] via 10.1.45.5, 00:04:10, Serial0/0.45 Of 67.0 [110/66] via 10.1 45.5, 00:04:10, Serial0/0.45,10 [110/67] via 10. 1.35.3, 00:04:47, Serial0/0.53 2.2.0 [110161 1.35.3, 00:04:47, Serial00 3.0 [ 1106: - 00:04:47, Serial0’0.53 4.4.40 [1106 Serial0/0.54 6.6.6.0 [ 1102] via 1 0.1 56.6, 00:04:47, FastEthemet() 0 [110/3] via 10.1 56.6, 00:04:47, FastEthemet0'| 10.1.12.0 [110/66] via 10.1.38.3, 00:04:47, Sertal0/0.53 10,1.23.0 [110/68] via 10,1.35.3, 00:04:47, Sertal0’0. 10.1.34.0 [110/128] via 10. 1.45.4, 00:04:47, Seriai00.54 10,1.67.0 [11 0/2] vis 10.1 56.6, 00:04:47, FastEthernet(V| OnR6 ow ip route ospf| Inc O 1.1.1.0 [110/68] via 10,1,56.5, 00:05:24, FastEthernet(/1 FastEthernet(/| 3.0 [N06 24, FastEthernet0/1 4.4.40 [110/66] via 10. 1.56.5, 00:05:24, FastEthemet()/1 5.5.50 [1102] via 10,1 56,5, 00:08:24, FastEthemet(!! 7.7.7.0 [110/2] via 10.1.67.7, 00:05:24, FastEthemet(0/0 10.1,12.0 [110/67] via 10.1,86.5, (0:08:24, FastEthernet0 10,1.23.0 [110/66] via 10, 1.56.5, (0:08:24, FastEthernet01 10,1.45,0 [110/68) via 10,1,$6.5, (0:08:24, FastEthernetO 1 10.1,35.0 [110/68] via 10,1.56.5, (0:08:24, FastEthernet01 34.0 [110/129] via 10, 1.36.5, 00:08:24, FastEthemet0/1 £0 [11069] via 10.1.67.6, 00:05:51, FastEthemet0/0 0 [110/68] via 10.1.67.6, 00:05:51, FastEtheret0/0) £0 [110/67] via 10.1,67.6, 00:05:51, FastEthernet0/0 10 [ 110/67} via 10.1,67.6, 00:05:51, FastEthemet0/0) 5.5.5.0 [ 110/3] vis 10.1 .67.6, 00:05:5 |, FastEthemet0/0 6.6.6.0 [ 1102] via 10.1 .67.6, 00:05:51, FastEthemet0/0 10,1.12.0 [110/68] via 10.1.67.6, 00:05:51, FastEthernet0/0 10,1.23.0 [110/67] via 10.1.67,6, 00:05:51, FastEthernet(/0 10.1.45.0 [11 0/66] via 10,1.67,6, 00:05:51, FastEthernet0/0 10,1.35.0 [110/66] via 10,1.67.6, 00:05:51, FastEthernet(/0 10.1.34,0 [11 0/130] via 10, 1.67.6, 00:08:51, FastEthemet0 0 10,1.56.0 [11 0/2] via 10.1,67.6, 00:05:51, FastEthemet(0 Ll 223) 3.33 44.4,Task 2 Configure Label Distribution Protocol on the Ethemet interfaces and Frame-relay subinterfaces interconnect ing the routers in this topology. Ensure that the LDP-ID is based on the IP address assigned to the Loopback 0 interface of these routers. You may override a command from the previous step to accomplish this task. When configuring the label distribution protocol, the actual protocal that ereates and distributes labels must be specified, this pratocal can be either LDP or TDP; TDI proprietary tag distribution protocol which is no longer in use: This lab strickly focuses on LDP and NOT TDP. ‘The “mpls label protocol" command can be configured to specify the label distribution protocol: this command can be placed under each interface to override the cisco default label protocol, in IOS releases prior to 12.4 TDP is the default protocol used. When the “mpls label protocol LDP” command is configured in global configuration mode, all interfaces will inherit LDP as the label distribution protocol. This command can also be configured in the interface configuration made, in which case the label distribution protocol through that interface is affected ONLY. Each LSR that is running LDP will be assigned a rauter-id, the “mpls Idp router-i command can be used to set the router id of a given LSR, the LDP-ID defaults to similar rules as OSPF, Eigrp or BGP, which means that if itis not statically configured, then, numerically highest IP address of any loopback interface is selected as the LDP-ID, if one does not exist, then, the bighest active IP address configured on the router is chosen as the LDP-ID. However, it's good practice to configure it manually to ensure that the transport address of the mpls peer is stable, Remember that LDp advertises it's LDP Router-id as the transport address in the LDP discovery hello messages sent from the interface. Therefore, You must provide reachability for that router-id, there must be an exact match for the LDP-ID in the routing table, The “mpls ip" command enables MPLS forwarding of IPv4 packets along normally routed paths; insome documents this is called Dynamic Label Switching, This can be enabled globally or on a given interface/s. On All routers he fol command configures LDP as the label Rx(configi#mpls label protocol dpThe following command configures the LDP-1D of the LSRs based on the IP address of the L face: Rx(configi#mpls Idp routersid loopback 0 Finally, enabling the MPLS forwarding of [Pvd packets along the normal routed OnRI RI(configh# int FOO Ri(config-if}#mpls ip On R2 R2(config)# int FOO 2(config-if}*mpls ip You should get the following console message stating that the local router has discovered neighbor, in this case RU (1.1.1.1): 2%L DP-5.NBRCHG: LDP Neighbor 1..1.1:0 is UP: Note, LDP uses @ 6 Byte quantity, the {first 4 Bytes are the LDP-ID or the LDP router-id specified by the “MPLS ldp router=id” command and the last nvo bytes “:0” identifies the label space, for platform wide label space the last ovo bytes are always set to “0”. Interface Tunnel Operational FastEthernet'0 Yes (dp) No Yes FastEthernet('1 Yes (dp) No Yes Note the output of the above command reveals that LDP is running on FO and FO interface of R2. OnR3 R3(configh#int FO R3(config-subif}#mpls ip R3(config-subif}Fint SO, R3(configesubif}#mphR3(configesubif}Fint $00.35 R3(configesubit}#mpls ip aww _mnls interface Interface IP FastEthernet01 Yes (kip) Serial00.34 Yes (lip) SerialO0.35 Yes (kip) On R4 Ra(confi Ra(config-subif}#mpls ip Ra{config-subif}#int $00.45 Interface IP Serial00.43 Yes (lip) Serial00.43 Yes (lip) On RS RS(configyint FOL RS(configesubit}#mpls ip RS(configesubifyFint $00.54 RS(configesubit}#mpls ip subif int $00.53 subif}#mpls ip RS#Show mpls interfaces Interface IP FastEthernet0'1 Yes (kip) Serial00. 54 Yes (lip) Serial00.33 Yes (lip) OnR6 Tunnel Na No No Tunnet No No Tunnel No No No Operational Yes Yes Yes Operational Yes Yes Operational Yes Yes YesR6(confighint FO RO(configesubit}#mpls ip RO(configh#int FOO RO(configesubif}#mpls ip R6#Show mpls interface Interface IP Tunnel Operational FastEthernetO —Yes(Idp) No Yes FastEthernet'1 Yes (Iép) No Yes OnBBI BB I(config)#int FOO BB I(config-if)#mpls BB 1#Show mpls interfaces Imerface IP Tunnel Operational FastEthernet'0 Yes (dp) No Yes To verify the configuration: ed, they will attempt to discover neighbor/s, this discover tuses hello messages, these messages are UDP packets using 224.0.0.2 port 646; every hello message has a hold timer, by default, the hello messages are sent every 5 seconds, and the hold timer is set to 1S seconds. ‘To see the discover message R I(configh#accesslist 100 permit wip host 10.1.12.1 ey 646 any Risdebug ip packet det 100 IP: s=10.1.42.1 (local), d=224.0.0.2 (FastEthernett/0), len 62, sending broad/mulicast EDP src=646, dst=646 utput of the above debug command reveals that the hello messages are sent to address of 224.0.0.2 using UDP port 646 as souree and destination.To turn off the debug OnRL Ritual RlsShow mpls Idp peighbor Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 1.1 TCP connection: 2.2.2.2. 14927 ~ 1.1.1.1.646 State: Oper; Megs sentirevd: 45/45; Downstream Up time: 00:24:18 LDP discovery sources: FastEthemetiV0, Sre IP addr: 10.1,12.2 Addresses bound to peer LDP Ident: 101,122 101,232 2.222 22.222 Note the peer LDP Ident: identifies the LDP-ID of the peer, in this case the peer's LDP-ID 2.2.2.2:0, the two bytes walue of “20" identifies the Label space; this can be platform wide or per-interface label space. if the value is zero, its platform-wide, and anything other than zero is per-interface. In per-interface label space, the packets are forwarded based on both incom rerface and the label, whereas, in platform-wide label space, the LLSR generates a label for a given destination and advertises that same label to all ofits peers, and the packets are forwarded purley based on the actual abel; in Frame mode MPLS, this will always be platform-wide with a value of 0, Local LDP Ident- identifies the local LSR's LD P-ID (1.1:1.1:0). In the second line, the TCP connection information is revealed, Note the remote router uses a high port value of 14927 and connects to RI (1.4.4-1) port 646, Note the high port can be a different value on your router, ‘The third and the forth line displays the number of messages sent and received and the amount of time that the twa LSRs have been up, The fifth and the si i Sources :) display the interface through which the neighbor/s were discovered and italso includes the IP address of the neighbor, ‘The last line (Addresses bound to peer LDP Ident :) displays the IP addresses that are directly connected to the neighboring LSR, To verify neighbor Jon R2 OnR2Show mpls Idp neighbor 1.1.1.1 Peer LDP Ident: 1.1.1.1:0; Local LDP Ident 2.2.2.2:0 TCP connection: 1.1.1.1.646- 2.2.2.2, 14927 State: Oper; Msgs sent/revc: 72/73; Downstream Up time: 00:48:23 LDP discovery sources: FastEthemet()'0, Sre IP addr: 10.1.12.1 Addresses bound to peer LDP Ident: WIRD Wd Wadd On R3 ‘Show mpls lp peighbor Peer LDP Ident: 2.2.2,2:0; Local LDP Ident 3.3.3.330 TCP connection: 2.2.2.2.646 « 3.3.3.3. 48337 Msgs sent/revd: 71/72; Downstream 00 LDP discovery sources: FastEthernet01, Src IP addr: 10.1.23.2 Addresses bound to peer LDP Ident: 10.1122 101.232 2222 122.22 Peer LDP Ide 20; Local LDP Ident 3. Serial@0.34, Sre IP addr: 10.1.34.4 Addresses bound to peer LDP Ident: W344 1014 444d bd Peer LDP Ident: 5. Local LDP Ident 3.3. - 12636 = 3.3.3.3.646 sys sentirevd: 66/67; Downstream 2:23 LDP discovery sources: Serial00.35, Src IP addr: 10. Addresses bound to peer LDP 10. 10.1455 10. OnR4 Ra#Show mpls Idp neighborPeer LDP Ident: 3.3.3.3:0; Local LDP Ident 4.4.44:0 TCP connection: 3.3.3.3.646+ 4.4.4.4. 19697 State: Oper: Msgs sentrev + Downstream Up time: 00:47:14 DP discovery sources: SerialW0.43, Sre IP addr: 10.1.34.3 Addresses bound to peer LDP Ident: W.1343 101.38. 101.283 3.3.33 33.3,33 Peer LDP Ident: 5. 0; Local LDP Ident 4.4.4.4:0 TCP conneetion 5. 4484 = 4.4.4.5.656 1 LDP discovery sources: Serial0.48, Sre IP addr: 10.1. Addresses bound to peer LDP Ident: 101488 10.1.56.5 Isgs sent/revd: 71/70; Downstream 313 LDP discovery sources: SerialW0.54, Sre IP addr: 10,1454 Addresses bound to peer LDP Ideni Wt4 101d dbs Peer LDP Iden 53, Sre IP addr: 10.1.35.3 Addresses bound to peer LDP Ident: 3 1WL233 3.333 Peer LDP Ident: 6. Local LDP Ident 5.5.5, TCP connectio: 61593 ~5,5.5.5,646 State: Oper; Msgs sent/revd: 68/68; DownstreamUp time: 00:44:08 LDP discovery sources FastEthernet0/1, Sre IP addr: 10. Addresses bound to peer LDP Ider 101.67.6 —10,1.86,6 6.6.6.6 OnR6 RGShow mpls Idp neighbor Peer LDP Ident Local LDP Ident 6.6.6.6:0 5.646 - 6.6.6.6, 61893 70; Bownstream LDP discovery sources: FastEthernet('1, Sre 1P addr: 10,1 Addresses bound to peer LDP Ident W388 Wd — 10,0.86.8 (0; Local LDP Ident 6.6, 1. 13271 -6.6.6.6.646 State: Opers Msgs sent/revd: 70/68; Downstream Up time: 00:44:24 LDP discovery sources: FastEthernet0/0, Src IP addr: 10.1.67.7 Addresses bound 101.67, On BBI BB 1#Show mpls Ip neighbor Peer LDP Ident: 6.6.6.6:0; Local LDP Ident 7.7.7. TCP connection: 6.6.6.6.646 + 7.7.7.7, 13271 LDP discovery sources: FastEthernet00, Src IP ade Addresses bound to peer LDP Ident: 10.1.67.6 101.566 6. To see the discovery hellos and hold time: BB 1#Show mpls idp discovery detLocal LDP Identifier 7:0 Discovery Sources: Interfaces: FastEthernet(\0 (Idp}: xmitirecv Hello interval: 5000 ms; Transport IP addr: 7. LDP Id: 6.6.6.6-0; no host route to transport addr Sre IP addr: 10. 1.67.6; Transport IP addr: 6.6.6.6 Hold time: 15 see: Proposed local/peer: 15/15 sec Reachable via 6.6.6.024 Note, there are two types of discavery 1. Basie - This type is used to discover directly connected LDP LSRs, these messages are sent to all routers on this subnet out ofeach interface that has LDP enabled. Extended — This type is used between non-directly connected LDP LSRs. For this, an LSR sends targeted hello messages to a speci described in details in the Traffic engineering section. Once the LSRs disenver one another, they will attempt to establish an LDP session between them, this session i mpls enabled peer s Since the router-ids are based on the loopback 0) interface of the routers, this means that R2 will maintain the session. In order for this session to establish, the local LSR must have an exact match to the IP address of the neighbaring router Note in the seventh line of the above output the “no host route to transport addr”. reveals that the local LSR does NOT have the exact match for the router-id of the peer in it’s routing table. The following Show command reveats the same fact: how mpi. LDP Identifier: 7:0 Discovery Sources: Interfaces: FastEthernet(‘0 (Idp): xmitireey a7 LDP Id: 6.6.6.6:05 no host routeNote the following command reveals that the network 6.6.6.0/24 is reachable by the local LSR, but NOT the host route 6.6.6.6/32 which is the exact match to the rauter-id of the neighboring L! Routing entry for 6.6.6.0/24 Known via "ospf |", distance 110, metric2, type intra area Last update from 10, 1.67.6 on FastEthernet0/0, 00:28:11 ago Routing Deseriptor Blocks: * 10.1.67.6, from 6.6.6.6, 00:28:1 | ago, via FastEthernet W/O Route metric is 2, traffic share count is | BB IsPing 6.6.66 Type escape sequence to abort Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: Suceess rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms RI#Show ip route 6.6.6.6 285.258.25 % Subnet nat in table In order to fix this problem, we should remove the “IP O SPF netw point-to-point” interface command from the previous task which advertised the loopback interfaces of the routers with their correct mask. This will advertise prefix 6.6.6.632 On All routers (configyint lo0 (config-i#NO ip ospf netw point-to-point To verify the configuration: OnBBI Routing entry for 6.6.6.6/32 Known via "ospf 1", distanee 110, metric 2, type intra area Last update from 10, 1.67.6 on FastEthernetRouting Descriptor Blocks: * 10.1.67.6, from 6.6.6.6, 00:01:37 ago, via FastEthernet/0 Route metric is 2, traffic share count is | BB 1#Show ip route 6.6.60 255.255.255.0 % Subnet not in table To verify the configuration: OnBBL BB1#Show mpls idp discovery all Local LDP Identifier: D Discovery Sources: Interfaces: FastEthernet(0 (Idp): xmitreev LDP Id: 6.6.6.6-0 Note the message stating “no hast route” is no longer there. BB 1#Show mpls Idp discovery detail Local LDP Identifier: TAIT Discovery Sources: Interfaces: FastEthernet(0 (Idp): xmitireew Hello interval: $000 ms; Transport IP addr: 7.7.7.7 LDP Id: 6.6.6.6:0 Sre IP addr: 10. 1.67.6; Transport IP addr: 6.6.6.6 Hold time: 15 sec; Proposed localfpeer: 15/15 sec Reachable via 6.6.6.6/32 Note the “no host route to transport addr” is no Longer there. OnRI Rl#Show mpls kip discovery all Local LDP Identifier:Ltd10 Discovery Sources: Interfaces: FastEthernet(/0 (Idp): xmitirecv LDP Td: 2.2.2. OnR2 Show mpls Idp discovery all Local LDP Identifier scovery Sources Interfaces: FastEthernet(/0 (Ip): xmitireev LDP Td: 1.1.1.1:0 FastE thernet(/I (Idp): xmitreev LDP Id: 3.3 OnR3 ‘Show mpls lip discovery sll Local LDP Identifier: 333.20 Discovery Sources: Interfaces: FastEtheret(!| (Idp): xmitireev LDP Id: 2:2.2.2:0. Serial (0.34 (lip): xmitireev LDP Id: 4.4.4.4-0 Serisl(/0.35 (lip): xmitireev LDP Id: 8.5.5.5:0 On Rt R4#Show mpls lip discovery all Local LDP Identifier: 444.40 Discovery Sources Interfaces: Serial (0.43 (Idp): xmivrecv LDP Id 0Serial 0/0.45 (ldp): xmitirecv LDP Id: 5.5.5.5:0 OnRs RSeShow mpls Idp discovery al Local LDP Identifier: 5.5.0 Discovery Sour Interfaces: FastEthernet(\/! (Idp): xmitireev LDP Id: 6.6.6.6-0 Serial 0/0.54 (idp}: xmit/reev LDP Id: 4.4.4.4-0 Serial 010.53 (lép): xmit/reev LDP 1d: 3.3.3.3:0 On R6 Local LDP Identifier: 6.6.6.6:0 Discovery Sources: Interfaces: FastEtheret(0 (Idp): xmitreev LDP Id: 7.7.7.7:0. FastEthernet(/| (Idp): xmitreey LDP Id: how mpls idp discovery all Local LDP Identifier: 7.7.7.0 Discovery Sources: Interfaces: FastEthernet(\0 (Idp): xmitirecv LDP Id: 6.6.6.6-0Task 3, Configure the interval of discovery hellos to be 15 seconds with a hold timer of 45 seconds onall LSRs. Remember that LSRs will send discovery hellos every 5 seconds with a holdtimer of 15 seconds; these are sent to all routers on local subnets using UDP part 646. ‘The following shows the default parameters: discovery det Local LDP Identifier: per Discovery Sources Interfaces: FastEtheret00 (dp): xmit/recv Hello intervals S000 ms; Transport IP addr: 7.7 LDP Id: 6.6.6.60 Src IP addr: 10.1.67.6; Transport IP addr: 6.6.6.6, Hold time: 15 see; Proposed localipeer: 15/15 sec Reachable via 6.6.6.6 BB1#Show mpls lip parameters Protocol version: 1 Downstream label generic region: min label: 16; max label: 100000 Session hold time: 180 sec: keep alive interval: 60sec Discovery hello: holdtime: Discovery targeted hello: holdtime: 90 sec: interval: 10 sec Downstream on Demand max hop count Downstream on Demand Path Vector Limit: 255 LDP for targeted sessions LDP initial/maximum backoff: 15/120 sec LDP loop detection: off owing debug will (03:46: 12.697: IP: 5=10.1.67.7 (local), d=224.0.0.2 (FastEthemet0/(0), len 62, sending broad/multicast 46:12.7: UDP sre=646, dat =646 341: IP: $=10.1.67.7 (local), d=224.(0.2 (FastEthemet(0), len 62, sending broad/multicast Mi: UDP sre=646, dst =646To change the timers based on the requirements of this tas! On BBI BBL (config)*mpls Ip discovery hello holdtime 48 BBI (config)#mpls ldp diseovery hello interval 15 To verify the configuration: On BBI Note since the timers of R86 have not changed yet, they are set to their default value, but the local hold time is set to 45 seconds, BB1#Show mpls lip discovery det Local LDP Identifier: 77,740 Discovery Sources: Interfaces: FastEthernet 0 (dp): xmit/reev Hello interval: 5000 ms; Transport IP addr: 7.7.7.7 LDP Id: 6.6.6.60 Sre IP addr: 10.1,67.6; Transport IP addr: 6.6.6.5 Hold time: 15 sec; Proposed loval/peers 45/18 see Reachable via 6.6.6.632 ‘The ouput of the following show command reveals that the local timers are set to 15/45, BB1#Show mpls lip parameters Protocal version: | Downstream label generic region: min label: 16; max label: 100000 Session hold time: 180 sec; keep alive interval: 60 sec Discovery hello: holdtime: 48 sec: interval: 1S sec Discovery targeted hello: holdtime: 90 sec; interval: 10 sec Downstream on Demand max hop count: 285 Downstream on Demand Path Vector Limit LDP for targeted sessions LDP initia¥'maximum backoff: 15/120 sec LDP loop detection: off OnR6R6(config)#mp|s Idp discovery hello interval R6(config)#mpls Idp discovery hello holdtime 45 To verify the configuration: On RG R6#Sh mpls lip discovery det Local LDP Identifier 6.6.6.6:0 Discovery Sources Interfaces: FastEthemet(0 (Idp): xmit!reev Hello interval: 15000 ms; Transport IP addr: 6.6.6.6 LDP Id: 7.7.7.70 Sre IP addr: 10.1.67.7; Transport IP addr: Hold time: 45 see: Proposed localipeer: 45/45 sec Reachable via 7, 7.7.7/32 (The rest of the output is omitted) R6# Show mpls Idp parameters Protocol version: 1 Downstream label generic region: min label: 16; max label: 100000 Session hold time: 180 sec; keep alive interval: 60 sec Discovery hello: holdtime: 45 see: interval: 18 see Discovery targeted hello: holdtime: 90 see: interval: 10 sec Downstream on Demand max hop count: 255 Downstream on Demand Path Vector Limi LDP for targeted sessions LDP initial’maximum backoff: 15/120 see LDP loop detection: off On BBL BB1#Show mpls ldp discovery det Local LDP Identifier rt Discovery Sources: Interfaces: FastEthemet(/0 (ldp): xmit/recyHello interval: 15000 ms; Transport IP addr: 7. LDP Id: 6.6.6.60 Src IP addr: 10.1.67.6; Transport IP addr: 6.6.6.6 Hold time: 45 see: Proposed loeal/peer: 48445 see Reachable via 6.6.6.632 On All routers; Rx(config}#mpls [dp dise»very hello interval 15 Rx(config}#mpls Idp dis»very hello holdtime 45 Task 4 Configure the session keepalives and hold timers ofall routers to 30 and 90 seconds respectively On BBL The following show command displays the default values af session keepalives and hold timers, When an LDP session is established between two LSRs, the hold time used for the session is the lower af the values configured on the two LSRs, BB 1#Show mpls lép parameters Protocol version: | Downstream label generic region: min label: 16; max label: 100000 Session hold time: 180 sec: keep alive interval: 60 sec Discovery hello: holdtime: 48 sec; interval: 15 sec Discovery targeted hello: holdtime: 90 sec: interval: 10 sec Downstream on Demand max hop count: 255 Downstream on Demand Path Vector Limit LDP for targeted sessions LDP initial’maximum backoff: 15/120 see LDP loop detection: off ‘To change the keepalives to 30 seconds and the hold timer to 90 seconds: BB I(config)#mpls Idp holdtime 90 To verify the configuration:parameters Protocol version: | Downstream label generic region: min label: 16; max label: 100000 Session hold time; 90 sec; keep alive interval: 30 see Discovery hello: holdtime: 45 sec; interval: 15 sec Discovery targeted hello: holdtime: 90 sec: interval: 10 sec Downstream on Demand max hop count: 255 Downstream on Demand Path Vector Limit: 2 LDP for targeted sessions. LDP initial/maximum backoff: 15/120 sec LDP loop detection: off Note once the hold time is changed, the keepalives are set to roughly 1/3 af the hold timer. Qn All Routers Rx(config)#mpls Ip holdtime 90 Task 5 Configure the router-id of BBI to be the Loopback | interface. You should NOT reload the router to accomplish this taskNote the LDP-ID can be found using the following show commands: The LDP-ID of BBI Interfaces: FastEthernet(\0 (Idp): xmitireg' LDP Id: 6.6.6.6-0 OnR6 RG#Show mpls. Local LDP Identifier: 6.6.6.60 Discovery Sources: _/ Interfaces: ¥ FastEthernet (0 (dp): xmit/reev LDP td: 0 FastEthernet(/! (Idp): xmitreev LDP Id: 8.5.5.5:01 / ‘The first step is to atlvertise the LDP-ID in the IGP because it OnBBI BB I(config}#Router ospf | BB |(coniig-router}#netwy 77.7.7.7 0.0.0.0 area To verify the configuration: On R6 RG#Show ip route 77, Routing entry for 77.7.7.732 Known via “ospf 1", distance 110, metric 2, type intra area Last update from 10. 1.67.7 on FastEthernet0/0, 00:00:54 agoRouting Descriptor Blocks: * 10.1.67.7, from 7.7.7.7, 00:00:54 ago, via FastEthernet/0 Route metric is 2, traffic share count is | Note, once the LDP-ID is advertised in the IGP, the LDP-ID ean be changed, the LDP-ID is changed using the “MPLS LDF router-id” global configuration command, if LDP-ID is changed, a reload must occur before the LSR assumes the newly configured router-id, unless the keyword is used with the command, On BB RA(config}#mpls Idp router-id loopback 1 force The keyword “force” resets the tep session and uses the new router-id. You should see the following console messages: 08:02:53. 21 4: %4LDP-8-NBRCHG: LDP Neighbor 6.6.6.6:0 is DOWN (LDP Router ID changed) 08:03:14.249: %GLDP-8.NBRCHG: LDP Neighbor 6.6.6.6:0is UP To verify the configuration: On BBL BB 1#Show mpls Ip discovery Local LDP Identifier: 71.7.7.7:0 Discovery Sources: Interfaces: FastEthernet(/0(Idp): xmitireev LDP Id: 6.6.6.6:0 Task 6 Configure authentication between RI and R2 using “Cisco” as the password: Authentication can be invoked between two LDP peers to verify each segment sent on the TCP connection between the peers. The authentication must be configured on both peers using the same password QnRtRi(config)#mpls Idp neighbor 2.2.2.2 password Cisco Note once RI is configured, the session between RI and R2 will be torn down and the following console message will be displayed: °6LDP-S-NBRCHG: LDP Neighbor 2.2.2.2:0 is DOWN (Session's MDS password changed) %TCP-6-BADAUTH: No MDS digest from 2.2.2.2(20362) to 1.1.1.1(646) OnR2 R2(config}#mpls Idp neighbor 1.1.1.1 password Cisco You should get the following message: °%LDP-S-NBRCHG: LDP Neighbor }.1.1.1:0 is UP Task 7, The label space of routers is platform dependent. By default, the routers begin numbering the labels with 16 up to 100,000. Change the label space such that the routers use the following labels Router | Label range: RI 100 - 199) RD 200-208 RS 300-399 RE 400 = 499) RS 500-599 RG 600-699 BBI 700-799 Use the following shaw command to see the default values, note the minimum value in the range is. 16 and the maximum value within the range is 100,000. Therefore, the LSR will start assigning labels starting from 16 and it will go up to 100,000, which means that the LSR can assign up to 99984 labels. OnRI Ru#Sb mp!s kip parameterProtocol version: | Downstream label generic region: min label: 16; max label: 100000 Session hold time: 90 sec: keep alive interval: 30 sec Discovery hello: holdtime: 45 sec; interval: 15 sec Discovery targeted hello: holdtime: 90 sec; interval: 10 sec Downstream on Demand max hop count: 255 Downstream on Demand Path Vector Limit: 255 LDP for targeted sesstons LDP initial/maximum backoff: 18/120 see LDP loop detection: off You would not normally change a label range after MPLS is fully deployed. The planning of labels should be performed during the initial phase of implementation. But if they must be changed, a reload is required for the new range to take effect. ‘The following command changes the label runge: OnRI R(config}#mpls label range 100 199 You should receive the following message: % Label range changes will ake effect at tke newt reload. To verify the configuration: OnRI RJ#Sh mpls kip parameters Protocal version: | Dow nstream label generic region: min label: 16; max label: 100000 {Configured: min label: 100; mas label: 199) Session bold time: 90 sec; keep alive interval: 30 sec Discovery hello: holdtime: 45 sec; interval: 15 sec Discovery targeted hello: holdtime: 90 sec; interval: 10 sec Downstream on Demand max hop count: 25: Downstream on Demand Path Vector Lir LDP for targeted sessions LDP initial’maximum backoff: 15/120 sec LDP loop detection: offNote the above Show command states that the label range should be from 100 to 199 aftera reload; this is why the configured range is between brackets, To verify the configuration: OoRL Riéwe RisReload When the router comes up: R1#Sh mpls Ip parameters Protocol version: | Downstream label gene ric rqgion: min label: 100; max label: 199 Session hold time: 90 sec; keep alive interval: 30 sec Discovery hello: holdtime: 45 sec; interval: 15 sec Discovery targeted hello: holdtime: 90 sec; interval: 10 sec Downstream on Demand max hop count: 255 Downstream on Demand Path Vector Li LDP for targeted sessions LDP initial maximum backoff 15/120 sec LDP loop detection: off OnR2 R2(config}#mpls label range 200 299 OnR3 3(config}#mpls label range 300 399 OnRt Re(configy#mpls label range 400 499 OnRS R&(config)#mpls label range OnR6Ro(configh#mpls label range 600 699 OnBBL BB I(config}#mpls label range 700 799 On All Routers #Wr #Reload To see how labels are generated and exchanged and what's used by th local router hop by hop: OnRIL Ru#Show ip route ospf | Inc O 2.2.22 [102] via 10.1 7, FastEthemet0/0 3 [1103] via 10.1 7, FastEthemet0\0 44.44 [06 FastEthernet0!0 5.5.55 [06 FastEthemet0i0) 6.6.6.6 [ 110/68] via 10.1 FastEthemet/0) [110/69] via 10.1 FastEthemet/0) 7.7.7 [110/69] via 10.1 12.2, 01:07:57, FastEthemet00 10.1.23.0 [11 0/2] via 10.1.12. FastEthemet(\0 10,1.45.0 [110/130] via 10.1 7, FastEthernet(/0 10,1.35.0 [110/66] via 10.1.12.2, 01:07:57, FastEthernet0'0 10,1.34.0 [110/66] via 10,1.12.2, 01:07:57, FastEthernet(/0 101.560 [110/67] via 10,1.12,2, 01:07:57, FastEthernet0/0 10,1,67.0 [11 0/68] via 10.1,12.2, 01:07:57, FastEthernet(/0 Rl#Show ip route | Inc C Codes: C + connected, S static, R « RIP, M= mobile, B+ BGP C 1.1.1.0 is directly connected, Loopback C — 10.1.12.0 is directly connected, FastEthernet0\( CC 11.1.1.0 is directly connected, Loopback! Note the output of the above show command reveals that RI has 16 OSPF prefixes in it’s routing table and three directly eonnected routes for a total of 16 routes RieShow mpls iip binding localtib entry: 1.1.1.024, rev 4 local binding: tag: impenull tib entry 32, rev 4 local binding: tag: 103 tib entry: 3.3.3.932, rev 16 local binding: tag: 104 tib entry: 4.4.4.4/32, rev 18 local binding: tag: 105 tib entry: 5.5.5.532, rev 20 loeal binding: tag: 106 tib entry: 6.6.6.632, rev 22 local binding: tib entry: local binding: tib entry: 10.1.2. local binding: tag: imp-nul tib entry: 10.1.23.0°24,rew8 local binding: 100 tib entry: 10.1.34.0°24, rev 26 local binding: tag: 109 tib entry: 10.1.38.0°24, rev 28 local binding: tag: 110 tib entry: 10.1 48.0°24, rev local binding: tag: 111 tib entry: 10.1.56.0°24, rev 10 local binding: tag: 101 tib entry: 10.1.67.0°24, rev 12 local binding: tag: 102 ib entry: 11.1.1.024, rev 6 local binding: tag: imp-null tib entry: 77.7.7. ev 32 local binding: tag: 112 Note the local router imposed 16 labels, one per prefix; therefore, the routers generate/impose a label for every entry in their routing table. The following show command displays the label that RI generated for prefix 6.6.6.6 2: Rl#Show mpls Idp binding 6.6.6.6 32 local tb entry: 6.6.6.632, rev 22 tag: 107 The following show command diplavs the LIB for prefix 6.6.6.6 32 on RU:Rl#Show mpls lip binding 6.6.6.6 32 tib entry: 6.6.6.632, rev local binding: tag: 107 remote binding: tsr: 2.2.2.2:0, tag: 206 Note the output of the above command reveals that RI imposed Inbel 107 to prefix 6.6.6.6 32 and it reeeived label 206 from R2 (2.2.2.2) The following displays the LFIB of RI for prefix 6.6.6.6 (32: Ri#Show mpls forwarding-table 6.6.6 Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tagor VC orTunnelld switched interface 107 206 66.6632 0 Fa/010.1.12. Note The LFIB is what RI uses to forward traffic toward prefix 6.6.6.6 32, in this case, RI generated/imposed label 107 and it will use label 206 and it will send the traffic out of F0/0 interface to next hop IP address of 10.1.12.2. RIES ip cof 6.6.6.6 6.6.6.632, version 38, epoch 0, esched adjacency 10.1.12.2 0 packets, 0 bytes tag information set local tag: 107 fast tag rewrite with FaO/0, 10. 1.12.2, tags imposed: {206} via 10.1.12.2, FastEthernet0, 0 dependencies next hop 10. 1.12.2, FastEthemet(/0 valid cached adjacency tag rewrite with Fa0/0, 10.1.12.2, tags imposed: (206) y formation and npose label “206” on the way out of the Fall/0 interface. [fit should ever receive an unlabeled packet from a peer thatis further from the destination network. The LFIB and FIB information MUST compliment each other and coni info or a packet will not be forwarded correctly or not forwarded at all. On R2 ow ip eef 6,6,6.6 6.6.6.632, version 27, epoch 0, cached adjacency 10. 1.23.30 packets, 0 bytes tag information set local tag: 206 fast tag rewrite with Fa0/1, 10, 1.23.3, tags imposed: (308) via 10.1.23.3, FastEthemet(V/1, 0 dependencies next hop 10. 1.23.3, FastEthemet('1 valid cached adjacency tag rewrite with Fa/1, 10,1.23.3, tags imposed: {308} R2 will not switeh packets that come from RI through the FIB structures as the packet should be labeled when being forwarded to the 6.6.6.6 prefix. The LFIB is referenced in this ease. R2#Show mpls Idp binding 6.6,6.6 32 «the 32 is the prefix length tib entry: 6.6.6.632, rev 22 local binding: tag: 206 remote binding: tsr: 1.1.1 107 remote binding: tsr: 3 308 Note R2 received two remote bindings for prefix 6.6.6.6 82; the question is which one will it use? To see which LSR R2 will useto reach prefix 6.6.6.6 32, the LFIB is consulted, as follows: R2#Show mpls forwarding-table 6.6.6.6 Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tager VC orTunnelld switched interface 206 308 666.632 $40 FaQ1 101.233 Note the output of the above show command reveals that it will use label 308 out of its FW1 interface to reach that prefix. On Rt Rd#Show ip cef 10. 10, 1.358.024, version 26, epoch 0, per-cestination sharing 0 packets, 0 bytes tag information set local tag: 403via 10,1.45.5, Seriali0.48, (dependencies traffic share 1 nest hop 10.1.45.8, Serialv0.45 valid adjacency tag rewrite with Se0/0.45, point2point, tags imposed: {} via 10.1.34,3, Serial0/0.43, 0 dependencies traffie share 1 next hop 10.1.34.3, SerialW/0.43 valid adjaceney tag rewrite with Se0/0.43, point2point, tags imposed: {} O packets, 0 bytes switched through the prefix imstats: external 0 packets, 0 bytes intemal 0 packets, 0 bytes Next, Rd’s LFIB is examined for prefix 100.1.38.0 24: OnR4 Rd#Show mpls forwarding-iable Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tagor VC or Tunnelld switched interface 400 Untagged 33.3222 0 0 Se(V/0.43 point2point 401 Untagged 55.5532 0 Se0H/0.45 point2point 402 Poptag —10.1.23.024 0 Se0i0.43 point2point 403 Poptag —10,1.35.024 0 Sel.43 _point2point Poptag — 10.1.38.024 0 Se0i0.43 _point2point 404° Poptag —10.1,36.024 0 Seti. 43 405 507 10.1,67.024 0 Seth.43 _point2p: 406 304 10.1.12.024 0 Seti0.43 poini2p: 407 305 0 Sei.43 point2point 408 306 0 Se(i0.43 poini2point —Line 10 409 308 4 Se(0.43 point2point —Line 11 410 309 7 4 Se(0.43 point2point —Line 12 41 310 R27932 0 SeM0.43 point2point Line 13 Line 1 - If the local LSR receives a labeled packet with atop LABEL of 400, move all labels and forward the packet as an IP packet, because the outgoing Tag is “Untagged”, and it will forward it on S0/0.43 interface. This is label to IP forwading. Line 2- If the local LSR receives a labeled packet with a top LABEL of 401, it wi remove the top label (Pop one label) “Pop tag” and forwards the packet as labeled oras an IP packet on S0/0.45 interface.Line 3 - Ifthe local LSR receives a labeled packet with atop LABEL of 402, it will remove the top label (Pop one label) “Pop tag” and forwards the packet as labeled as nn IP packet on S0/0.43 interface. Line 4 & 5 Ifthe loval LSR receives a labeled packet with atop LABEL of 40: would remove the top label (Pop one label) “Pop tag” and forwards the packet as labeled or as.an IP packet on S0/0.45, but in this ease notice haw the enrty below it has no label, but the entry is for the same prefix, this means that load balancing i being performed. and ifthe routing/CEF table is checked for thi you should see two entries for this prefix, as follows: Ra#Show ip cef 10.1.35.0 o 10. 1.38.024, version 29, epoch 0, per-destination sharing 0 packets, 0 bytes tag information set local tag: 403 vin 10,1.45.5, Serinl0/0.45, 0 dependencies traffic share 1 next hop 10.1.48.8, Serialiv0.45 valid adjacency tag rewrite with Se0/0.48, point2point, tags imposed: {} via 10.1.34.3, Serial0/0.43, 0 dependencies traffie share 1 next hop 10.1.34.3, SerialW/0.43 valid adjacency tag rewrite with Se(/0.43, point2point, tags imposed: {} O packets, 0 bytes switched through the prefix tmstats: extemal 0 packets, 0 bytes intemal 0 packets, 0 bytes RaeShow ip route 10, Routing entry for 10.1.35.0/24 Known via "ospf |", distance 110, metric 128, type intra area Last update from 10, 1.34.3 on Serial00.43, 20:02:19 ago Routing Descriptor Blocks: * 10.1.45.5, from 5 219 ago, via Serial0,48 10.1.34.3, from X Route metric Line 6 - If the local LSR receives a labeled packet with a top LABEL of 404, it will remove the top label (Pop one label) “Pop tag” and forwards the packet as labeled oras an IP packet on $0/0.45 interface.Line 7 to 13- If the local LSR receives a labeled packet with the top LABEL of 405, 406, 407, 408, 409, 409, 410 or 411, it will swap the label with 907, 304, 305, 306, 508, 509 and 510 respectively, and then it will forward it on the interface specified in the outgoing interface column Task 8 Configure FOI interface of BBI with an IP address of 177,7,7,7 24 and advertise this interface in OSPF area 0. On BBL BB [(config)¥int 10/1 BB I(configeif)#ip addr 177. BB I(configeif)#no shu BB I(configeif)router ospf | BB I(config-router}#netw: 177. 7.7.7 0.0.0.0.atea 0 Task9 Staring fiom BB1 examine the Control Plane for network 177,7,7.0 24 UPistream toward RI On BBI BB 1#Show mpls interfaces Interface P Tunnel Operational FastEthernet}0 Yes (dp) No Yes The F0/0 interface on BBI has been configured for mpis Idp and is operational. The ‘Tunnel section should state “no” due to the fact that Traffic Engineering has not been configured for this tunnel. BB 1#Show mpls idp binding 0tib entry: 177.7,7.0°24, rev36 local binding: tag: impen ull remote binding: tsr: 6.6.6.6:0, tag: 612 the default behavior for all directly connected routes in the routing table. R6 is considered the Up/stream peer for the tunnel. This means that the route resides here locally ‘The remote bind ing will not be used. OSPF will not choose to route to a local route through R6. OnR6 RG#Sh mpls ip binding 177.7,7.0 24 tib entry Note R6 received two remote bindings 511 from neighbor 5.5.5.5 and “Implicit- Null” from BB1. OnRS Sh mpls ldp binding tib entry: 177.7.7.0°24, rev 4 inding: tag: 3 remote binding: tsr: remote binding: sr: Note in this case RS rec i. for this prefix, but which one will it use? x Well....in this case the L Bo of RS should be condylted: OnRS Local Oxffgoing __Préfix Bytes tag Ouigoing Next Hop tag x“taggr¥C orTunnelld switched interface 51612 177.7,7.024 0 Fal/I _10.1.56.6tib entry: 177.7,7.024, rev 39 tib entry: 177.7.7,0°24, rev local binding: remote bindit tib entry: 177. local bind remote binding: ts remote binding: ts “Byles tag Outgoing Next Hop switched interface 0 Se00.48 point2point Bytes Tig Outgoing Next Hop switched interface 00.35 point2point iefix_— Bytes tag Outgoing Next Hop 7 VC_—orTunnel Id 7.024 switched interface 0 Fab/1 _point2pointOnRI Rl#Show mols lip binding 177.7.7.0 24 tib entry: 177,7,7.024, rev local bindings tag: 113 remote binding: tsr: tags 212 RJ#Show mpls forwardings\ Local Qutgoing—Prefix——~ Bytes tag Outgoing Next Hop tag f VC-erTunnel Id switched interface Se 17 24 0 Fal —_point2point Note Ri represents the first hop router or the furthest Up/stream router from 177.7.7.0 (24, the local label assigned is 113, this ends the control plane, in the next task the data plane is examined, Task 10 Examine the Data Plane for network 17 4 starting from R| toward BB1 OnRIL RJ#Show ip route 177,7,7,0255,255.255.0 ¢ Displaving the RIB Routing entry for 177.7.7.0°24 Known via “ospf 1", distance 110, metric 69, type intra area Last update from 101,12.2 on FastEthernet 0/0, 15:22:24 ago Routing Descriptor Blocks: * 10,1.12.2, from 7.7.7.7, 15:22:24 ago, via FastEthernett/0 Route metric is 69, traffic share count is | Note the routing table reveals the following: The route was learned via OSPF process 1 ‘The next hop IP address to reach the destination is 10. The route was advertised by the router with a router id of 77.7.7.7 Ri#Show ip cef 177.7.7.0 255.255.2550 +——— Displaying the FIB 177,7.7.024, version 29, epoch 0, cached adjacency 10.1.12.2 0 packets, 0 bytestag information set local tag: 113 fast tag rewrite with Fa0/, 10, 1.12.2, tags imposed: (2 via 10.1.12.2, FastEthemet(V0, 0 dependencies next hop 10.1.12.2, FastEthernet®/0 valid cached adjacency tag rewrite with Fa0/0, 10.1.12.2, tags imposed: {212} Note the FIB gets built based on the RIB, in this ease if an unlabeled packet is received by the local router destined for network 177.7.7.0 24 the FIB will be used and the router will forward the route, a label of 212 will be imposed before the packet leaves the router, this router is the “Ingress Edge LSR”. Rl#Show mpls lip binding 177,7.7.0 24 «——————._Displaving the LIB tib entry: 177.7,7.024, rev3 loeal bindin; remote bindin| R1#Show mpls forwarding-table 177,7.7,.0 24 «—————— Displaying the LFIB, Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tagor VC or Ti switched interface 13212 17 Fa00 10.1.12.2 If the local LSR receives labeled packet with the top LABEL of 113 it will swap the label with 311, and then it will forward it out of the interface specified in the outgoing interface column (F0/0 im this case). remote bindin Oy tag: 113 remote bind R2#Show mpls forwarding-table 177.7.7.0 24 Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tagor VC orTunnelld switched interface 212 aut 17 24 0 Fal 10If the local LSR receives a labeled packet with the top LABEL of 212 it will swap the label with 311, and then it wil forward it out of the interface specified in the ‘outgoing interface column (In this ease F0/t). remote remote Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tagor VC or Tunnel Id switched interface a1 sil 177.7,7,024 0 Sefi/0.35 point2point If the local LSR receives a labeled packet with the top LABEL of 311 it will swap the Ibel with 511, and then it will forward it out of the interface specified in the outgoing interface column (In this case $0/0.38). ‘Show mpls ip binding 177.7.7.024 at 412 Isr: 44 out label; 212 Isr; 2.2. outlabel; S11 Isr 5.3, inuse Note the above show command is another useful command, because it clearly states that if'the local LSR receives a labeled packet with a top label of 311 (in label: 311) will be swapped with label 511 on the way out, note there are three labels that the local LSR received, but 511 is whats being used (out label: 511 Isr:5.5.5.5:0 inuse). A very useful command for troubleshooting. tib entry: 177.7.7.024, rev 39Ré#Show mpls forwardingetable 177.7.7,0 24 Local Outgoing Prefix ytes tag Outgoing Next Hop tag tagor VC orTunnelld switched interface 412 SH ! 024 0 $e0/0.43. point2point R4#Show mpls ip binding 7.024 024 label: 412 out label: S11 out label: 311 If the local LSR receives a labeled packet with the top LABEL of 412 it will swap the label with S11, and then it will forward it out of the interface specified in the ‘outgoing interface column (In this ease $0/0.48). OnRS RS#Show mpls lip binding tib entry 7.024, reval local binding: tag: 511 remote binding: tsr: 4.4.4. remote binding: tsr: 6.6.6.6:0, tag: 612 remote binding: tsr: 3.3.3.3:0,tag: 311 RS#Show mpls forwardingetable 177,7,7,0 24 Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tagor VC orTunnelld switched interface S11 612 177.7.7.024 0 Fall 101.566 R5#Show mpls ip binding 177,7,7,024 024 out label:If the local LSR receives a labeled packet with the top LABEL of S11 it will swap the label with 612, and then it will forward it out of the interface specified in the ‘outgoing interface column (In this ease F0/t). OnR6 RG:Show mpls Idp binding 177,7.7.0 24 tb entry: 177.7.7.0°24, rev 39 RG#Show mpls forwarding-table 177.7.7,0 24 Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tagor VC orTuntel Id switched interface 612 Poptag —177.7,7.024 0 FalO — 10,1.67.7 RG#Show mpls ip binding 177,7.7.0 24 177.7.7,.0/24 in labe! 612 out label: imp-null Isr: out label: S11 Isr: If the local LSR receives a labeled packet witha tap LABEL of 612, it will remove the top label (Pop one label) “Pop tag” and forwards the packet as labeled or as an IP packet out of FO interface, The implicit-null can be thought of asa set af ructions that tells the seond last router to pop/remove the label; label 3 is used for this purpose. Remember that the local LSR is one hop prior to the last (Destination) and its called the “Penultimate Hop Popper". By performing PHP (Penultimate Hop Popping), the local LSR will NOT send 2 labeled packet to BB1 and asa result of that BBI won"t have to perform 2 table lookups (LFIB to remove the label and RIB to know where to send the packet), and instead, BBI will receive an unlabeled packet, in which case it will fornard the packet based on the routing table. But what if the packet contains two labels and the second labelis a QOS label? Well in this case the second last router (PHP) should NOT remove all the labels, ‘This is when the “Explicit-Null label” or label number 0 is used. On BBLBB 1#Show mpls idp bindin, tib entry: 177.7.7.0°24, rev 36 local binding: tag: imp-null remote binding: tsr: 6.6.6.6:0, tag: 612 BB 1#Show mpls forwarding-table 177,7.7.0 24 Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tagor VC or Tunnelld switched interface BB 1#Show ip route 177.7.7.0 255.0 Routing entry for 177.7 Known via “connected”, distance 0, metric (connected, via interface) Routing Deseriptor Blocks: * directly connected, via Fast Ethernett/1 Route metric is 0, traffic share count is | Note when the local LSR receives a packet destined for 177.7.7.0 24 which is directly connected, it will forward it out of F0/1 interface. Note the packet is unlabeled. therefore, the local LSR won't have to perform two lookups, and it willsimply check the routing tableand forward it out of FO/1 interface. BBI can be configured to advertise an Explicit-Null to R6 1s follows: OnBBL BB I(config)#int £0 BB I(config-if)#NO mpls ip BB I(coniig-i} BB |(config}Mpls LDP exp BB I(config ‘To verifv the configuration: On R6 RG#Show mpls forwarding-table O24 Local Outgoing Prefix Bytes tag Outgoing Next Hoptag Id switched interface 612, 0 024 0 FaliO —10.1.67.7 x label: 612 out label: S11 ¥ 1 out label: expenull Is inuse mally, LDP advertises an Implicit null label for all directly connected routes, h instructs the next hop router (Or the second last hop router, PHP, from data plane’s perspective), to perform PHP. But if you require the next hop router to replace the ineaming label with the Explicit null label, then the “Mpls Idp explicit- null” global configuration command ean be used. This command has two keywords a “for” and a “to”. The “for” keyword: Specifies prefixes FOR which the explicit-null should be advertised. The “fo” keyword: Specifies LDP peers to which Explicit Null should be advertised TO. Task 11 Configure LDP Conditional Label Advertising to exclude the links that interconnect the routers inthis topology Configure RI to stop advertising labels all togethe OnRI Ri(configh*NO mpls Idp advertise-labets To verify the configuration:On R2 R2#Sh mpls lip binding | inc remote binding remote bindin, remote binding: tsr: 3 remote binding: ts remote binding: tsr remote binding: tsr remote binding: tsr remote binding: tsr remote binding: ts remote binding: tsr: remote binding: ts remote binding: tsr remote binding: tsr remote binding: tsr remote binding: tsr remote binding: ts remote binding: ts remote binding: ts 30, tag 3:0, tag 3:0, tag 3:0, tag 30, tag 30, tag 3:0, tag 3:0, tag BS &&@ 0, tage : 306 imp-null 303 300 308 309 304 imp-null imp-null 301 30 imp-nuil 310 3i1 Note the output of the above show command reveals that R2 is no longer receiving any labels from RI thing else, this accesselist will be referenced by the “FOR” keyword of the *mpls ldp advertise-labels” command: Rifconfigy#access-list | deny Ri(configy Ri(contigy Ri (conti Ri(configy Ri(contig) Ri(conti R (contig) tep 3: faccesselist | deny ceess-list | deny ceess-list | deny ceesselist 1 deny ceess-list | deny yFaceess-list | deny 10,1.12.0 0,0.0,255 10.1.23.0 0,0.0.25: 10.1.34.0 0.0.0.285 10,1.35.0 0,0.0,255 0.0,0.0.258 st | permit any In this step an aecess- advertised, this access-list will be referenced by the “TO” keyword of the * t is configured to identify the peer’s that the label's will be advertise-labels" command: pls tdpRi(configh#Access-list 2 perm tep 4 The “mpls Idp advertise-labels” command is configured referencing the twa access- Ri(config}#mpls Idp advertise-labels for | to 2 To verify the configuration: On R2 R2#Sh mpls kip binding neighbor 1.1.1.1 tb entry: 1.1.1.024, rev 40 remote binding: tst: 1.1 2, rev 35 11:0, tag: imp-nul ub entry: 2.2.2. remote binding: tib entry remote binding: ub entry: 444.43 remote binding: tub entry: 5.5.5. remote binding bob entry: 6.6.6.6" remote binding tib entry: 7 remote binding tib entry. cts 11 rev 16 tse Ld rev 18 ter: Ll rev 20 ter: [1 rev 22 ts 1.1 LO, 10, 1.10, 10, Lo, remote binding: ter: 1.1.1.1:0, tub entry: 177.7.7.024, rev 39 remote binding: tsr: 1.1,1.1:0, Note Ri (1.1.1.1) is no long On ALL Routers Rx(contfi advert tag: | tag: 104 tag: 105 tag> 106 tag: 107 108 mp-nul neighbo: ceesselist | deny 10.1.12.0 0,0,0,255Rx(config)#access-list | deny 10.1.23.0 0.0.0.255 ceess-list | deny 10,1.34.0 0.0.0, ceesselist | deny 10.1.35.0 0.0.0.255 ceess-list | deny 10.1.4: ceess-list | deny L015 ceesselist 1 deny 10.1.67.0 0.0.0.255 ccess-list | permit any Ra(config)#Access-list 2 perm Ri(configh#mpls Idp advertiseslabels for | to 2 To verify the configuration: binding neighbor 6.6.6.6 tub entry: 1.4.1. U32, rev 57 remote binding: tsr: 6.6.6.6:0, tag: 64 tib entry rev 58 remote binding: tsr: 6.6.6.6:0, tag: 603 tb entry rev 59 remote binding: tsr: 6.6.6.6:0, tag: 604 rev 60 remote binding: tsr: 6.6.6.6:0, tag: 60S bib entry: $.5.5.932, rev 61 remote binding: tsr: 6.6.6.6:0, tag: 6016 tub entry: 6.6.6.024, rev 66 remote binding: tsr: 6.6.6.6¢0, tag: imp-nul ib entry rev 67 remote binding: tsr: 6.6.6.6:0, tag: 607 tub entry: 6.6.6.0 mp-nul ib entry remote binding: tsr: 6.6.6.60, tib entry: 177.7.7.0°24, rev 65 remote binding: tsr: 6.6.6.6, OnR6 RG#Show mpls lip binding neighbortib entry: 1.1. 1.132, rev 66 remote binding: tsr: 5.5.5.5:0, tag: 5t tib entry: 2.2.2.2/32, rev 67 remote binding: tsr: $.5.5.5:0, tag: 506 bib entry: 3.3.3.332, rev 68 tsr: 5.5.5.50, tag: 500 tub entry: 4.4.4.432, rev 69 remote binding: tsr: $.5.5.5:0, tag: $01 tib entry: 5.5.$.024, rev 76 remote binding: tsr: 5 tag: imp-nu! bib entry: 6.6.6.6°32, rev 7 remote binding: ter: tag: $08 tib entry: 7. remote binding: ter: $.5.5.5:0, tag: $09 ub entry 5.024, rev 78 remote binding: tsr: $.$.5.5:0, tag: imp-nul tib entry: 77.7.7.1/32, rev 74 remote binding: tsr: $.5.5.5:0, tag: $10 tib entry: 17 remote binding: tsr: §.5.5.$:0, tag: $11 R6#Show m1 tub entry: 1.1.1 remote binding tib entry: 2.2.2.2 remote binding tib entry: 3.3.3.3/32, rev 68 remote binding: ter: tib entry: 4.44.43 tub entry: § remote binding: tst: tb eniry: 6.6.6.63 remote binding: tsr: tib entry: 7.7.7.02 remote binding: tsr: 7 exp-nul tb entry: remote binding ig: exp-null tib entry: 177.7.7.0°24, remote binding: tsr g: exp-null OnRSRS#Show mpls lip binding neighbor 6.6.6.6 tub entry: 1.1. 1.32, rev 66 remote binding: tsr: 6.6.6.60, tag tib entry: 2.2.2.2/32, rev 67 remote binding: tsr: 6.6.6.60, tub entry: 3.3.3.332, rev 68 remote binding: tst: 6.6.6.60, tib entry: 4.4.4.4/32, rev 69 remote binding: tsr: 6.6.6.6c0, tag: 60'S tib entry: 5.5.5.932, rev 76 remote binding: tsr: 6.6.6.60, tag: 6016 tib entry: 6.6.6.024, rev remote binding: tsr: 6.6.6.6¢0, tag: imp tub entry: 7.7.7.7'32, tev remote binding: tsr: 6.6.6.600, tag: 607 tib entry: 66.6.6.0/24, rev 78 remote binding: tsr: 6.6.6.6c0, tag: imp tib entry: 77. rev 74 remote binding: tsr: 6.6.6.6:0, tag: 61 1 tib entry: 177.7.7.0°24, rev remote binding: tsr: 6.6.6.60, tag: 612 Show mpls Idp binding neighbor 4.4.4.4 ti entry: 1.1. 1.32, rev 66 remote binding: tsr: 4.4.4.4:0, tag: 407 tib entry: 2.2.2.2/32, rev 67 remote binding: tsr: 4.4.4.4:0, tag: 408 tib entry: 3.3.3.332, rev 68 remote binding: tsr: 4.4.4.4:0, tag: 400 tub entry: 4.4.4.0°24, rev 81 remote binding: tsr 4.4.4.4:0, tag: imp-nu tb entry: 5.5.5, ev 76 remote binding: tsr: 4.4.4.4:0, tag: 401 ib entry: 6.6.6.6'32, rev 71 remote binding: tsr: 4.4.4.4:0, tag: 409 tib entry: 7.7.7.7132, rev 72 remote binding: tsr: 4.4.4.4:0, tag: 410 tub entry: 44.4.4.024, rev 8° remote binding: tsr: 4.4.4.4:0, tag: imp-nul ti entry: 77.7.7.7/32, rev 74 remote binding: tsr: 4.4.4.4:0, tag: 411 tb entry: 177.7.7.024, rev 78 remote binding: tsr: 4.4.4.4:0, tag: 412RS#Show mpls lip binding neighbor tub entry: 2.2.2. ub entry: 3.3.3.024, rev remote bindin tb entry: $.5.5.53 remote binding: ter: tib entry: 6.6.6.63 remote binding: tsr bub entry remote binding: tsr: 3 tib entry: 33.3.3.0/24, rev 8 remote binding tib entry: 77. remote binding tib entry: 177.7.7.0°24, rev remote binding: ter: OnR4 Rd#Show mpls ldp bi ti entry: 11,1132 remote binding: tsr: 3.3 ti entry: 2.2.2,2/82, rev 63 remote binding: tsr: ti entry: 3.3,3.034, rev 78 remote binding: tst: 3.3,3.20, tag tb entry: 4.4.4. remote binding: tsr: th entry rev 66 remote binding: tsr: 3.3.3.3 ti entry: 6.6.6.622, rev 67 remote binding: tsr: 3.3 ti entry: 7.7.7.732, rev 68 remote binding: tsr: 3 tib entry: 33,3,3.0/24, rev remote binding: tsr: 3 tib entry:remote binding: tsr: 3.3.3.30, tag: 310 tib entry: 177.7.7, remote binding: tsr: 3.3 tub entry: 1.4.1. U32, rev 62 remote binding: tsr: $.5.5.5:0, tag: $05 tib entry: 2.2.2.2/32, rev 63 remote binding: tsr: $.5.5.5:0, tag: 5 tub entry: 3.3.3.3/32, rev 64 remote binding: tsr: $.5.5.50, tag tib entry: 4.4.4.432, rev 7 remote binding: tsr: $.5.5.5:0, tag tub entry: 5.5.$.024, rev remote binding: tsr: tag tib entry: 6.6.6.632 remote binding tag: tib entry: 7.7.7. tag: remote binding: tsr: $.5.5.5:0, tag: tib entry: 2, rev 70 remote binding: ts ti entry: 177.7. remote bind OnR3 Show mpls lp binding neighbor 4.4.4.4 ti entry: 1.1.1.2, rev 65 remote binding: ts: 4.44.40, tag: 407 ti entry: 2.2 ev 67 remote binding: ts: 4.4.44s0, tag: 408 ti entry: 3.3.3.934, rev 76 remote binding: tsr: 4.44.40, tag: 400 ti entry: 4.4.4.034, rev 79 remote binding: tsr: 4.4.4.4:0, tag: imp-null ti entry: 5.$.3.932, rev 70 remote binding: tsr: 4.4.4.4:0, tag: 401 rev 71 tsr: 4.4.4.4:0, tag: 409 ub entry: 7. rev 72remote binding: tsr: 4.4.4.4:0, tag: 410 tib entry: 44.4.4.024, rev 80 remote binding: tsr: 4.4.4.0, tag: imp-nul tib entry: 2, rev 74 remote binding: ter: 4.4.4.4:0, tag: 41 1 tub entry: 177.7.7.024, rev 75 remote binding: tsr: 4.44.40, tags 412 R3#Show mpls lip binding neighbor 5.5.5.5 tib entry: 1.1.1.U/32, rev 66 remote binding: tsr: $.5.5.50, tag tib entry rev 67 remote binding: tsr: 5.5.5.0, tub entry: 3.3 rev 76 remote binding: tsr: $.5.5.50, tag: S00 tib entry: 4.4.4.432, 301 imp nul tib entry: 6.6.6.63 remote binding: tsr: $.5,5.5:0, tag: S08 tib entry: 7. rev 72 remote binding 0, tag: S09 tib entry: imp -nul tib entry remote binding: tsr: $.5.5.5:0, tag: $10 tib entry: 177.7.7.0°24, rev remote binding: tsr: $.5.5.5:0, tag: $11 tb entry: 11.1 remote binding: tst: 2.2.2.20, tag tib entry: 2.2.2.0°94, rev 81 remote binding mp-null tb entry: 3.3.3.3 remete bindin; 2 203 204 Ub entry: 6.6.6.63 remote binding: tsr: 2.2.2.20,tib entry: 7.7.7, remote binding remote binin ib entry remote binding tub entry: 17 remote binding: tsr: mp-null R2#Show mpls lip binding tub entry: 1.1.1.3 remote binding tib entry: 2.2.2.2 remote binding tub entry: 3.33024, rev 7 tib entry: 4.4.4.432, rev 69 remote binding: tst: 3.3.3.3 tib entry: §.5.5.5'32, rev remote binding: tsr: tib entry: 6.6.6.63 remote binding: ts tub entry: 7.7.7.732, rev remote binding: tsr: tib entry: 33.3.3.024, rev remote binding: tsr: 3 tib entry: 77.7.7.7/32, rev 75 remote binding: tsr: 3.3.3, 177,7.7.024, rev remote binding: ts 20, tib entry: 2.2 reniote binding: tsr: 2.2.2.20, remote binding: tsr: 2.2.2.20, tb entry: 4.4.4.432, rev 6 remote binding: tsr: 2.2,2.20,tib entry: 5 rev 64 remote binding: tsr: 2.2.2.20, rev 65 remote binding: tsr: 2.2.2.20, tub entry: 7. remote binding tub entry: remote binding: tsr: tib entry 32, rev 69 remote binding: tsr: 2.2.2.2 ib entry 024, rev 70 remote binding: tsr: 2.2.2.0, Task 12 In this task the effects of TTL propagation will be tested. Remove the “mpls command from the FO'0 interface of BB! and R6, and the FOO interface of R| and R2. R1 and BBI will pose as a customer router that does not have mpis enabled. From BB1 test the connection to 1.1.1.1 using Traceroute: On RI and R2 Ra(configytint f/0 Ra(config-if}#NO mpls ip On BBI and R6 BB I(config}#int 10/0 BB I(config-if)#NO mpls ip BB l#traceroute 1.11.1 Type escape sequence to abort Tracing the route to 1.1.1.1 1 10.1.67,64 msec 0 msec 4 msec 2 10,1.86.5 148 msec 100 msec 100 msec 3 10,1.35.364 msec 61 msec 64 msec 160 msec 64 msec 60) msec 1.12.136 msec * 32 msecNote the Traceroute exposes all the links within the provider's network Task 13 Reconfigure the appropriate router/s such that a traceroute from BB] to 1.1.1.1 or RI to 7.7 or 7.7.7.7 will not display the links from the provider's network The following shows the existing behavia RleTraceroute 77 Type escape sequence to abort Tracing the route to 77.7.7,7 12.20 msec 0 msec 0 msec 3.128 msec 100 msec 100 msee 361 msec 60 msec 64 msec 6.60 msec 64 msec 60 msec 736 msec * 32 msec Ri#Traceroute 7.7.7.7 Type escape sequence to abort g the route 10 7.7 2.4 msec 0 msec 0 msec 3.188 msec 101 msec 100 msec 5.60 msec 60 msec 64 msec ).1.$6.6.60 msec 64 msec 60 msec ).1.67.736 msec * 32 msec Type escape sequence to abort Tracing the route to 1.1.1.1 1 10.1.67.6.0 msee 0 msec 0 msec 2 10.1.86.5 184 msec 100 msec 100 msec 3 10, 1.38.360 msec 64 msec 61 msecmsec 60 msec 64 msec msec * 32 msec On R2 to R6 The following command has two optional keywords that can be used and they are as follows: 1, Forwarded: Propagates IP TTL for forwarded traffic, thi the MPLS structure from the customers. T! 2. Local: Propagates IP TTL far locally originated traffic, this option will hide the MPLS structure from the LSRs. Ra(config)#NO mpls ip propagatett! forwarded To verify the configuration OnRi Rl#Traceroute 7.7.7. Type escape seque Tracing the route 0 10,1.12.20 msec 4 msec 0 msec 10,1.56.664 msec 60 msec 64 msec 10.1.67.733 msec * 32 msec Rl#Traceroute 77,7, Type escape sequence to abort Tracing the route to 77.7.7.7 1 10,1.12.24 msec 0 msec 0 msec 2 10,1.56.665 msec 60 msec 60 msec 3 10.1.67.736 msec * 32 msec OnBBI BB I#Traceroute 1.1.1 Type escape sequence to abort.Tracing the route to 1.1.1.1 1 10.1.67.60 msec 0 msec 0 msec 2 10.1.23.2.64 msec 60 msec 60 msec 3 10. 1.12.132 msec * 32 msec Note the MPLS structure is hidden from customer's perspective, but the following Traceroute reveals that the LSR within the cloud will see the structure of the cloud: OnR6 RG#Traceroute 11.1.1 Type escape sequence to abort, Tracing the route to 1.1.1.1 110.1 MPLS: Label $05 Exp 0] 16 msec 96 msec 101 msec 210.1 MPLS: Label 305 Exp 0] 60 msec 60 msec 60 msec MPLS: Label 202 Exp 0] 60 msec 60 msec 60 msec 6 msec * 32 msec OnR2 ‘Traceroute Type escape sequence to abort Tracing the route to 7.7.7. 3[MPLS: Label 309 Exp 0] 188 msec 100 msec 100 msec 5[MPLS: Label 509 Exp 0] 60) msec 61 msec 64 msec 6[MPLS: Label 607 Exp 0] 60 msec 60 msec 60 msec 732 msec * 32 msec To test the second option (Local) : On R2 to R6 Ra(configy#NO mpls ip propagate-ttl local To verify the configuration: On BBLNote the following reveals that the “NO mpls ip propagate-ttl local” command does NOT effect the customers: BB 1eTraceroute 11.1.1 Type escape sequence to abort Tracing the route to 1.1.1.1 7,60 msec 0 msec 0 msec 1.56.5 116 msec 100 msec 100 msee 64 msec 60 msec 64 msee 60 msec 63 msec 60 msee msec Ri#Traceroute Type escape sequence to abort Tracing the route to 7.7.7.7 1 10.1,12.24 msee 0 msee 0 msec 1.23.3 181 msec 100 msec 100 msee 10, 1,35,564 msec 64 msec 60 msec 4-10.1,56.664 msec 60 msec 64 msec $ 10.1.67.733 msec * 32 msec OnR2 Note the “NO mpls ip propagate-ttl local” command ONLY affected the LSRs: RG#Traceroute 1.1.1.1 Type escape sequence to abort. Tracing the route t0 1.1.1.1 MPLS: Label 202 Exp 0] 60 msec 60 msec 61 msec msec * 32 msecTask 14 Erase the startup configuration of the routers and reload them before proceeding to the next labLab 2 192.168,6,0/24 Lab Setup: + The connections between Rand R3, Rd and RS should be configured with HDLC encapsulation. The clock rate should be set to 64000, Configure FOO of RI in VLAN 100 and RS in VLAN 500. Configure the FO0 interface of R2 and R3 in VLAN 200, Configure the FO’! interface of R2 and R4 in VLAN 300. Configure the rest ofthe routers according to the above diagram. Task 1 Configure OSPF on Core MPLS routers (R2, R3 and R4), you should run OSPF area 0 on, the FO interface of R2 and R3, FO/| interface of R2 and R4 and the loopback interfaces of these routers,OnR2 R2(confightrouter ospf | R2config-router)#netw 10,1.23.20.0.0.0 area 0 onfig-router) #netw’ 10.1.24.20.0.0.0 area 0 R2(config-router)#netw 2 0.0.0 area 0 OnR3 R3(config)trouter ospf | onfig-router) #netw 3.3.3.3 0,0.0.0 area 0 R3(config-router)#netw 10. 1.23.3 0.0.0.0 are 0 OnR4 Ra(configh#router ospf | Ra(config-router) #netw 4.4.4.4.0.0.0.0 area 0 Ra(config-router)#netw 10.1.24.4 0.0.0.0 area 0 To verify the configuration: OnR3 Show ip route ospf| Ine O © — 2.2.22 [110/2] wis 10.1.23.2, 00:00:24, FastEthemet0/0 O 4.4.4.4 [110] via 10.1.23.2, 00:00:24, FastEthemet0/0 QO — 10.1.240 [110/2} via 10.1.23.2, 00:00:24, FastEtheret(/0 On R2 .0W ip route ospf | Inc 0 3.3 [110/2] via 10.1.23.3, 00:01:03, FastEthemet0/0 4.4.44 [1102] via 10.1.24.4, 00:01:03, FastE theme | OnR4 Ra#Show ip route ospf | Inc 2 [02 1, FastEthemet0V1 3.3 [11013] via 10.1.24.2, 00:01:41, FastEthemet('1 o o OQ _10,1.23.0 [110/2] via 10.1.24.2, O0:01:4 1, FastEthemnet0|Task2 Configure LDP between the core routers. These routers should use their loopback 0 interface as their LDP router ID; the core MPLS routers (R2, R3 and R4) should use the following label range: R2- 20-209 R3- 300 — 309 Rd — 400 — 499 dn R3 R3(config}*MPLS label protocol LDP R3(config)*MPLS Idp router-id 1o0 R3(config}*MPLS label range 300 399 onfigy#int £0 R3(config-if}#MPLS IP OnR2 R2(config}#MPLS label protocol LDP. R2config}#MPLS LDP routerid 1o0 R2{(configh#MPLS label range 200 299 R2(confighint #0 R2(config-if}#MPLS IP 2(config-if}#int FOI R2(config-if}#MPLS IP PLS label protocol LDP PLS LDP router-id lod Rd(config¥MPLS label range 400 499Ra(confighint 0/1 Ra{configeif}#MPLS IP To verify the configuration: OnR4 Ra#Show mpls interface Interface IP Tunnel Operational FastEthernet#1 Yes (Idp) No Yes RaeShow mpls lip neighbor Peer LDP Ident: 2.2.2.2:0; Loeal LLDP Ident 4.4.4.4:0 TCP connection: 2.2.2.2.646- 4.4.4.4.53845 State: Oper: Msgs sent/revd: 25/24; Downstream Up time: 00:13:56 LDP discovery sources: FastEthemet()'1, Ste IP addr: 10.1.24.2 Addresses bound to peer LDP Ident 10.1.23.2 101.242 2.2.2.2 Ra#Show mpls lip discovery al Local LDP Identifies 44.4.4:0 Discovery Sources: Interfaces: FastEthernet ("1 (ldp): xmi LDP td: 2.2.2.2:0 R4#Show mpls label range Downstream Generic label region: Min/Max Inbel: 400/499 ‘The default range for the Labels is 16 to 100,000 on this platform. These numbe ranges are software and platform specific, Over 353,000 labels are supported on 6500's as of the writing of this work: book. On R2 R2#Show mpls interfacesInterface IP Tunnel Operational FastEthernet0 Yes(Idp) No Yes FastEthernet#1 Yes (Idp) No Yes Show mpls Idp neighbor Peer LDP Ident: 3, Loeal LDP Ident 2.2.2.2:0 TCP connection 3.56373 - 2.2.2.2.646 State: Oper: Msgs sentirevd: 33/34; Downstream Up time: 00:22:22 LDP discovery sources: FastEthemet()/0, Ste IP addr: 10,1.23.3 Addresses bound to peer LDP Ident 101,233 10.1133 3.333 Peer LDP Ident: 4.4.4.4:0; Local LDP Ident 2.2.2.2:0 TCP connection: 4.4.4.4, 3845 -2.2.2.2.616 State: Oper: Msgs sent/revd: 30/31; Downstream Up time: 00:19:28 LDP discovery sources: FastEthemet()'1, Ste IP addr: 10.1.24.4 Addresses hound to peer LDP Ident: 101.244 10.1484 4.444 ow mpls kip discovery all Local LDP Identifier: 22.2.2:0 Discovery Sources: Interfaces: LDP Id: 4.4.4.4:0 R2#Show mpls label range Downstream Generic label region: Min/Max label: 200/299 On R3. ‘Show mpls interfaces Interface IP. Tunnel OperationalFastEthernet0 Yes(Idp) No Yes Show mpls Ip neighbor Peer LDP Ident: 2.2,2.2:0: Local LDP Ident 3. TCP connection: 2.2.2.2.646 - 3.3.3.3.563 State: Oper; Msgs sent/revc: 36/35; Downstream Up time: 00:24:03 LDP discovery sources: FastEthemeti'0, Sre IP addr: 10.1,23 Addresses bound to peer LDP Ident 10.1 10.1.24.2 2.2.2.2 ‘Show mpls lip discovery sll Local LDP Iden 3.3.3.3:0 Discovery Sources: Interfaces: Fast thernet(/0 (Idp): xmitireev LDP Id: 2.2.2.2:0 Show mpls label range Downstream Generic label region: Min/Max label: 300/399 ‘To verify the LFIB of these routers: played in the output of principle remains the same. ow pls fonwarding-table Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tagor VC or Tunnel ld switched interface 300 Poptag 2.2. 0 FeO 10.1.23.2 301 201 444432 0 FeO 10.1232 302 Poptag 10.1.24.0/24 0 Fa 10.1232On R2 R2#Show mpls forwarding-table Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tagor VC or Tunnel ld switched interface 200 Poptag 3.3, 0 Fo 10.1 201 Pop tag 0 Fol! OnR4 Local Outgoing Bytes tag Outgoing Next Hop tag tag or VC switched interface 400 Poptag 2 0 Fap/1—10.1.24.2 401 200 3 0 Fab/1 10.1242 402. Pop tag 0 Fal 10. Task 3 Configure MP-BGP between R2 and R4 as they represent the Provider Edge routers in this topology in AS 68001. Do not allow the BGP peers to share IPV4 routing information by default. The only bgp peering relationship should be VPNv4. The BGP process should be the last number in the private range. R3(config-router)#NO BGP default ipv4-unicast R3(config-router)#Neighbor 4.4.4.4 remote-as 65001 R3(config-router)#Neighbor 4.4.4.4 Update-source Lod R3(config-router)#Address-family VPNv4 unicast onfig-router-af)4N eighbor 4.4.4.4 Activate onfig-router-af)#N dighbor 4.4.4.4 send-commu nity both onfig-router-af)#N dighbor 4.4.4.4 next-hop-self Note the exchange of IPy4 routes between BGP neighbors are enabled by default, which means the configured neighbors e the advertisedThe best option to disable IPv4 route exchange for ONLY a given neighbor is to disable the IPy4 route exchange on a per neighbor basis, tl ed by using the “NO Neighbor x.x.x.x Act command To disable 1P+4 route exchange for some neighbors, the *NO bgp default ipv4-unicast command can be used, this command will disable the route exchange with all neighbors but the “Neighbor «.x.x.x Activate” command” can enable the exchange af IPv4 routes with the specified neighbor. OnR4 RA(config}*Router bgp 68001 Ra(config-router)#NO BGP default ipv4-unicast Ra(config-router)#Neighbor 3.3.3.3 remote-as 65001 R4(config-router)#Neighbor 3.3.3.3 Update-source Lo0 Raf config-router)#Address-family VPNv4 unicast Ra(config-router-ai)#N dghbor 3.3.3.3 Aetivate Raj config-router-ai)#Neighbor 3.3.3.3 send-community bath RA(config-router-ai)#N dighbo 3 next-hop-self To verify the configuration: On R3 Show ip bgp 3#Show ip bgp summary Note there is na IPv4 neighbor adjacency established between the two routers, to verify the configuration and peer session between the VPNv4 neighbors: R3#Show ip bgp VPNv4 all summary BGP router identifier 3.3.3.3, local AS number 63001 BGP table version is 1, main routing table version | Neighbor VAS MsgRevd MsgSent ThiVer InQ OutQ Up/Down State/PikRed 4444 4 65001 9 9 1 0 0 00:08:08 0 OnR4Ra#Show ip bgp VPNvd all summary BGP router identifier 4.4.4.4, local AS number 65001 BGP table version is 1, main routing table version | ighbor V AS MsgRevd MsgSent TbiVer InQ OutQ Up/Down State/PikRed 4 6500! i uN 1 0 0 00:07:45 0 Note R2 is NOT running BGP at all, and ONLY the edge routers are running BGP. Running BGP on the core routers (P) is NOT necessary; these routers ONLY perform label switching. Task 4 Configure a Virtual Routing Forwarding (VRF) Instance with a name of CA (For Customer A), a route-distinguisher (RD) of “1:10” and a route-target (RT) of “1; 100" on R3. On R4, the same route targets will be used for the wef, but the RD should be configured to be “1:20" and the name should be CB. Configuring VRFs on PE routers: OnR3 ‘VRE configuration tasks: Create a VRF table Assign an RD to the VRE Define the import and export route-targets onfigh#ip wf CA Rijconfig-vrd}#rd 1:10 R3(config-vrd}#route-target import 1:100 R3(config-vrfWroute-target export 1:100The “IP vr" command creates a new VRF and enters the global configuration mode for that specific VRF. The name of the VRF is locally significant and its case sensitive. VRF is NOT operational unless the RD is defined. ‘The “rd” VRF configuration mode command is used to define and assign an RD toa, WRF, remember that the WRF is NOT operational without an RD. RD isa 64 bit value used to transform 32 bit customer [Pv address which is NON-Uniqueinto a Unique 96 bit addresses called VPNvd. These addresses are ONLY exchanged between the PE routers and NEVER between the CE routers. When the CE route sends an update to a PE router, the PE router prepends a 64 bit RD to the IPv4 address (32 bit address) resulting in a globally unique 96 bit address called VPNv4. The PE router will then send the VPNv4 address/es via MP-BGP session to the other PE router’s. The receiving PE router strips the RD from the VPNv prefix, resulting in an IPv4 address and forwards it to its CE neighbo Remember that the RD does NOT indieate which VRF a given prefix belongs to, used to make the VRF prefixes unique. RD is NOT a VPN identifier. The “Route-target import|export” command defines the “RT”: An RT is a BGP extended community that indieates whieh routes should be exported or imported from MP-BGP into the VRF. Basieally RTs were introduced to support ident site that participates in more than one VPN. The “route-target export” command specifies an RT to be attached to evert route exported from the local VRF to MP-BGP. Whereas, the “route-target import” command specifies an RT to be used as an import ONLY routes matching the RT are imported into the VRF. This implementation allows a route to have many imported or exported RTS, all to be attached to every imported or exported route. OnR4 Ra(confightip wf CB Ra(configevr}#RD 1:20 Ra(configewr}#routestarget Bath 1:100 ‘The “both” keyword is used to replace bath “import” and “export” keywords. Verifying VRF Configuration RdShow ip wf detail None of the interfaces on the local router have the vrf applied, VRF CB; defauté RD 1:20; default VPNID No interfaces Connected addresses are not in global routing tableExport VPN route-target communities RT=1:100 Import VPN route-target communi RT=1:100 No import routesmap No export route-map VRE label distribution protocol: not configured To associate terface/s to a given VR! OnR3 R3(configh#int SO/ R3(config-if}#IP vrf forwarding CA The above command associates an interface with the specified VRF remember when this command is applied to a given interface, the IP address of that interface is removed and it should be reconfigured, CEF switching must be enabled on the interface. You should get the following message: % Interface Serial0/l IP address 10.1.13.3 removed due to enabling VRE CA To verify the configuration: OnR3 #Show run int SO/1 Building configuration Current configuration : 64 bytes interface Seriall/1 Nate the IP address is removed ip wf forwarding CA__— no ip address a end sn R3(configh#int S0/1 R3(config-if}#ip addr 10.1.13.3 255,255.255.0 When an interface is configured with a given VRF forwarding, the interface's IP address is remaved, this is done because the [Pvt address of the interface is nolonger valid across multiple routing table; the IP address should be reconfigured so the new address (96 bit address.......VPNv4) is formatted. OnR4 Rafconfighint S0/1 Ra(config-if}#ip wf forwarding CB % Interface Serial0/l IP address 10.1:45.4 removed due to enabling VRE CB RA(configeif}#ip address 10.1.45.4 255,255,255. To verify the configuration: OnR4 Rd#Show ip wf detail VRF CB; default RD 1:20; default VPNID Interfaces: Set Connected addresses are not in global routing table Export VPN routearget communities RT:1:100 Import VPN routetarget communities RT:1:100 No import route-map No export route-map VRE label distribution protocol: not configured value and the VPNID whi extension used to further the VPN by using the customer “ index” that can be keyed in as a Hexadecimal or Decimal formatted number, The interfaces that have the “VRF CB" applied will be listed under the Interfaces: list along with the warning that Connected addresses are no longer in the global routing table, Itis.a good practice to have at least 1 route target that the router will be both EXPORTING and IMPORTING. The 1:100 Route Target follows this hasi design rule, Currently there is no Export or Import route-maps applied. VRF-SELECT will be discussed later.Ra#Show ip wfCB Name Default RD Interfaces cB 1:20 Soot Rd#Show ip wf interfaces Interface IP-Address | WRF Protocol Se! W154 cB up OnR3 ‘Show ip vf detail WRF CA; default RD 1:10; default VPNID Interfaces: Sed Connected addresses are not in global routing table Export VPN route-target communities RT:1:100 Import VPN route-target communities RT:1:100 No import route-map No export route-map VRF label distribution protocol: not configured ow ip wf CA Name Default RD Interfaces CA 1:10 Set R3eShow ip wfinterfaces Interface IP-Address | VRF Pratocal Se/t 104.133 cA up The interfaces have been verified as added, Neri r Router: On R: RaePing 101.455Type escape sequence to abort Sending 5, 100-byte ICMP Echos to 10.1.45.5, timeout is 2 seconds: Success rate is 0 percent (0/8) A regular ping will no longer work. A ping with no other key words will default to using the global routing table. The 10.1.45.0 /24 prefix is not accessible in the global routing tableanymore. The ping must be added with the proper VRF keyword. Remember the IP address is in the VRF and NOT the global routing table. Type eseape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.45.5, timeout is 2 seconds: Success rate is 100 percent (8/5), round-trip min/avg/max = 28/28/32 ms OnR: RG#Ping VRF CA 10. Type escape sequence to abort Sending 5, 100-byte ICMP Echos to 10.1. 13.1, timeout is 2 seconds: Success rate is 100 percent (5/5), roundetrip min/avg/max = 28/28/29 ms Task § Configure a static default routeon each Customer router located in CA and CB; these static routes should be configuted to point to their respective PE router (R3 for RI and R4 for RS), The PE Routers (R3 and R4}, should both be configured with a static route that reaches the loopback interface of the Customer router, R3 and R4 should be able to see both static routes in their BGP table, onfigure default routes on Customer's routers OnRi Ri(confighip route 0.0.0.0 0.0.0.0 10.1.13.3 OnRSRS(configh#ip route 0.0.0.0 0.0.0.0 10.1.45.4 Just 2 regular default route from the customer's perspective. This method is one of the recommended methods that most Service Providers prefer when offering MPLS VPN asa service. Configuring a static route on the PE routers Note the output of the following show command reveals that when VRF forwarding was enabled on S0/I interface, the “Address-family [Pvd VRF CA" was added to the BGP configuration, Sh run | B router bgp router bgp 600! no bgp default ipvd-unicast bgp logeneighbor-changes neighbor 4.4.4.4 remote-as 6800! neighbor 4.4.4.4 update-source Loopback addressfamily vpnvd neighbor 4.4.4.4 activate neighbor 44.4.4 next-hop-self neighbor 4.4.4.4 send-community both no auto-summary no synchronization exit-aldress-fariily (The rest of the outputs omitted) OnR4 RaSh run | B router bap router bgp 65001 no bgp default spvdeunicast bgp logeneighborschanges neighbor 3.3.3.3 remotesas 65001 neighbor 3.3.3.3 updatessource Loopback0 addressefamily vpnneighbor activate neighbor 3.3.3.3 nextshop-self neighbor 3.3.3.3 send-community both earidressefamily ad dress-family ipv vrf CB no auta-summary no synchronization exit-address-family (The rest of the ourput is omitted) OnR4 Rd(config}ip route vrf CB 5.0.0.0 285.0.0.0 10.1 OnR3 R3(confightip route vrf CA 1.0.0.0 255.0,0.0 10.1, 1341 To verify and test the configuration: OnR3 nw ip route wf CA | B Gateway Gateway of last resort is not set S 1.0,0.0/8 [V0] vis 10.1.13.1 10.0.0.0/24 is subnetted, | subnets C — 10.1.13.0 is directly connected, Serisl01 R3ePing wECA L111 Type escape sequence to abort Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/28 ms OnR4 Rd#Show ip route wf CB |B Gateway Gateway of last resort is not setS 5.0.0.0/8 [1 10,0.0,0/24 is subnetied, | subnets C — 10.1.45,0 is directly connected, Serial0'1 RésPing wf CB 5.5.5.5 Type escape sequence to abort Sending 3, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: Suceess rute is 100 percent (8/3), round-trip min/avg/max = 28/29/32 ms In the last step of this task, the static route that was configured on the PE routers should be redistributed into BGP so the neighboring PE router can see the route in its BGP table: OnR3 R3(confighrouter bgp 68001 R3(config-router)#Address-family IPv4 VRF CA R3(config-router-ai)#Redistribute static Note the redistributed routes should be verified on R4, if so far the confi; performed successfully, R4 should be able to see network 1.0.0.0 (8 inits wef CB routing table. R4#Show ip route wfCB |B Gateway Gateway of last resort is not set B 1.0.0,08 [200/0] via 3, 00:08:23 S 5.0.0.0/8 [V0] via 10.1.45.3 10,0.0.0/24 is subnetied, | subnets C 10,1.45.0 is directly connected, Serial/1 OnR4 outer bgp 66001 Ra(configerouter) #4 ddressefa Ra(configerouter-ai)aR,R3#Show ip route wfCA |b Gateway Gateway of last resort is not set S 1.0.0.0/8 [VO] vis 10.1.13.1 B_ 5.00.08 [20/0] via 44.4.4, 00:01:01 10.0.0.0/24 is subnetted, | subnets C 10.1.13.0 is directly connected, SerialOV/1 OnR3 Show ip bgp vpnvd all | B Network Network Next Hop Metric LocPrf Weight Path Route Distin guisher: 1:10 (default for vrf CA) S100 101,131 0 2768 ? S500 4d o 100 a2 Route guisher: 1:20 SSIS000 dad o 100 0? OnR+ Ré#Show ip bgp vpnve all | B Network Network Next Hop Metric LocPri Weight Path Route guisher: 1:10 ‘il 33. 0 100 or Route Distin guisher: 1:20 default for vrf CB) *>i1.0.0.0 3.3.3.3 o 100 or > 5.00.0 11.485 o R768? One of the reasons to use different Route Distinguishers for ALL VRF’sin the network is for clarity, especially when trying to figure out which VPN a route nated, As you can see, the “1:20” RDis local but the 1.0.0.0 prefix is present in both RDs which means prefix 1.0.0.0 is pai the same VPN, Even though the VPNis defined by the Route Target, apparent that the prefix is being imported and exported into both VREs. To test the configuration:Type escape sequence to abort Sending 5, 100-byte ICMP Echos to 3.5.55, timeout is? seconds: Packet sent with a source address of 1.1.1.1 Success rate is 100 pervent (5/3), round-trip min/avg/max = 5656/60 ms Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 1.1.1.1 Packet sent with a source address of $.5.5.5 imeout is 2 seconds: Success rate is 100 percent (5/5). round-trip min!avg/max = 56/56/57 ms Note the source of the ping command is specified to be the loopback 0's IP address, if the source is NOT specified to be the Loopback 0 interface, the Ping will NOT work: OnRS ng L111 Type escape sequence to abort Sending 5, 100-byte ICMP Echosto |. |.1.1, timeout is 2 seconds: Success rate is percent ((V'S) Type escape sequence to abort Sending 5, 100-byte ICMP Echos to $.5.5.5, timeout is2 seconds: Success rate is percent (iS) The ping failed because the source was NOT set based on the loopback interface, if the source is not specified, the source IP address will be the interface,in Ri RS*s case it will be the IP address of their S0/1 interface, to provide the eapal nging without specifying the source IP ad dress, the PE routers should also redistribute the IP address of their 50/1 interfacerouter)#Address-family IPvs wf CA R3(config-router-af)#Redistribute connected To verify the configuration: On R4 R4#Show ip route wfCB |B Gateway Gateway of last resort is not set 1.0.0.0°8 [200/0] via 3 3 5.0,0.0/8 [0] vin 10.1.45.5 10,0.0.0/24 is subnetted, 2 subnets B 10.1.13.0 [200/0) via 3.3.3.3, 00:01:00 C — 101.45.0 is directiy connected, Serial(/1 OnR4 Ra(confightrouter bgp 65001 Ra{ config-router)#Address-family IPv4 wef CB Ra(config-router-af)*R edistribute connected To verify the configuration: OnR3 Show ip route wf CA | B Gateway Gateway of last resort is not set 1.0.0.0/8 [VO] via 10.1.13.1 5.0.0.08 [200/0] via 4.4.4.4, 002 10.0.0.0/24 is subnetted, 2 subnets C 10.1.13.0 is directiy connected, SeriatO/1 Be 10.1.45.0 20/0] via 44.4.4, 00:00:38 ‘To test the connectivity:Type escape sequence to abort Sending 5, 100-byte ICMP Echos to $.5.3.5, timeout is2 seconds: ‘Success rate is 100 percent (5/5), round-trip min/ayg/max = 5 OnRSs Ping 1.1.1.1 Type escape sequence to abort Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: Success rate is 100 percent ($5), round-trip min/avg/max = 56/86/57 ms OnR3 32#Show ip bgp vpnvd srf CA |B Network Network Next Hop Metric LocPrf Weight Path Route Distin guishet 0 (default for vrf CA) => 1.00.0 10.1.13.1 0 ? *>15.00.0 44.44 o 100 0? *>10.1.13.024 0.0.00 o 32768 7 *>i10.1.45.024 44.44 a 100 07 OnR4 Ra#Show ip bgp VPNV4 VRF CB | B Network Network Next Hop Metric LocPrf Weight Path Route Distin guisher: 1:20 (default for vrf CB) 511.0000 100 0? => 5.000 32768 2 >110.1.13.024 100 0? "> 10145024 0 0 32768 ?Ra#Show ip bgp VPNvd all 5.0.0.0 BGP routing table entry for 1:20:5.0.0.(W8, version 3 Paths: (| available, best #1, table CB) Advertised to non peeregroup peers: By 3.333 Note the RD is concatenated to the 32 Local bit [Pv address forming a VPNvd 10.1.45.5 from 0.0.0.0 4.4.4.4) Address that is globally unique Origin incomplete; metric, localpref 100, weight 32768, valid, sourced, best mpls labels in/out Note the extended community of 1:100 is added to the prefix We have successfully verified that the route-target has been added to the routes as they are exported from the local VRF. This is important as NO vrf will be able to impo is not added to the . The VPNW4 label has also been added to the prefix. The “403(in) and the nolabel(out)” shows that this router expects to see this route with label 403 on it when it recieves the data traffic and will remove the Inbel before forwarding it to the Customer (RS) router, RaShow ip bgp all Iabels Network Next Hop _ In Inbel/Qut label Route Distin guisher: 1: 1.0.0.0 nrolabel303 10.1.13.024 olabel304 nolabel/303. 403/nolabel 10.1 nolabel304 10.1.45.024 0.0.0.0 404/aggregate(CB) This command displays the VPNv4 labels that are added to the routes. A common question that is often asked is “What does the aggregate keyword mean?” The aggregate keyword means that the route requires an IP lookup to determine the next hop of this packet. The “nonaggregate” type would mean that the route has the next-hop with the update, When we redistributed the connected routes, the far end does not know about this next hop due tothe fact that this route is not in the VPN. By redistributing the connected route, a normal ping from the interface closest to the destination can be performed by Rt due to the fact that RS now knows about the source of the packet. R4#Sh mpls forwarding-table ve CBLocal Outgoing Prefix Bytes tag Outgoing Next Hop tag tagor VC orTunnel ld switched interface 403 Untagged 5.0,0.0°8[V] 2080 Se0/1._—_point2point 404 Aggregate 10.1.45.024[V] 520 On R3 ow mpls forwarding-table vf CA Local Outgoing Prefix Bytes tag Outgoing Next Hop Tag tagorVC orTunnel ld switched interface 303 Untagged 1.0.0.0°5[V] 2080 Se0/1_—_point2point 304 Aggregate 10.1.13.024[V] 520 Task 6 Remove the Static Configuration and replace the current method of routing between the PE and Customers with RIPv2 Routing. Removing the Static Configuration ON CE routers OnRI Ri(configh#NO ip route 0.0.0.0 0.0.0.0 10.1.13.3 OnRS RS(configh#NO ip route 0.0.0.0 0.0.0.0 10.1.45.4 Removing the Static Configuration ON PE router OnR3 R3(configh#NO ip route wrf CA 1.0.0.0 255.0.0.0 10.1. 13.1 R3(configh# router bgp 65000 R3(configerouter)# address ipvd vrf CA. R3(configerouter-af)#N O redistribute static 3(configerouter-af)#N Q redistribute connectedOnR4 Refcontigy#NO ip route wef CB $.0.0.0 288.0.0.0 10 Re(config)trouter bgp 66000 router) #address ipv4 vrf CB router-af)#N O redistribute static Configuring R1Pv? routing on CE router: OnRI Ri(config}#router rip Ri(config-rovter)#no au R i(config-router)ver 2 R l(config-router)#netw 10.0.0.0 R l(config-router)#netw 1.0.0.0 OnRS RE(config)#router rip RS(config-router)#no au RS(config-router)#ver 2 Ré(config-router)#network 10.0.0.0 Ré(config-router)#metw 5.0.00 Configuring R1Pv? routing on PE router OnR3 R3(config}trouter rip R3(config-router) #ver 2 R3(config-router)#Address-family ipvd vrf CA R3(config-router-af)#N etwork 10.0.0.0 3(config-router-af)#version 2 onfig-router-af}#no au On R4 Refconfigytrouter rip Re(config-router)#ver 2) ipvd vrf CB Ra( configerouter-ai}#N etwork 10.0.0.0 Ra(configerouter-af)}#no au Ra(configeroutersat)#ver 2 OnR3 nw ip route wf CA | B Gateway Gateway of last resort is not set Re 1.0.0,008 (120/1] véa 10.1. 13.1, 00:00:18, Serial0T 10.0.0.0/24 is subnetted, 1 subnets C 101.13.0 is directly connected, Serial(/1 OnR4 R4#Show ip route wfCB | B Gateway Gateway of last resott is not set R50 01008 [1200/1] via 1001.48.58, 00:00:10, SerfalOl1 10.0.0.0/24 is subnetied, | subnets C 101.45.0 is directly connected, Serial’ Note the routes are in the appropriate VRFs, the next step is to redistribute the routes. The redistribution of RIP into MP-BGP is necessary for the routes to show up on the other PE Router. The redistribution of MP-BGP into RIP is necessary for the local router to translate the routes that have been received by the remote PE router so the CE router’s can see the routes, rep One RIP routes are redistributed into the BGP for specified VRF: OnRs Ra(config)#router bgp 66001 Ra(config-router)#A ddress-fa mi Ra{config-router-af)#R distribute RIPTo verify the configuration: Because of the redistribution, the PE router (R3) on the other side can now see the routes in it’s BGP table: OnR3 Show ip bgp vpnv4 wfCA| B Network Next Hop Metric LocPrf Weight Path inguisher: 1:10 (default for wfCA) *Si5.0.0,0 4444 1 100 02 *>i10.148,024 4444 0 100 oe Step Two In this step the routes are redistributed into RIP, so the CE router will have them in it's routing table: On R3 When the routes are re purpose so they can easily be identified in the routing table of the Customer router (Rt). THIS IS NOT A REQUIREME! R3(config}*router rip R3(configerouter)#Addressefamily ipvd vrf CA R3(config-router-ai)#redistribute BGP 65001 metric 5 To verify the configuration: OnRL Note Ri (The CE router) has the routes in its routing table: R1#Show ip route ri R 50.0,08 [120/5] via 101,133, 00:00:26, Serial01 10,0.0,0/24 is subnetted, 2 subnets Ro 101.45.0 [1205] via 10,1.13,3, 00:00:26, Serial ‘The same needs to be done in reverse order from R3 to R4 and verified on RS:2n R3 R3(confighrouter bgp 65001 R3(config-router)#Address-family ipvd vrf CA R3(config-router-af)#Redistribute RIP On R+ Ra{config#Router rip Ra{config-router)#A.ddress-fa RA{config-router-af)*Redistribute BGP 65001 metric 5 ‘To verify the configuration: OnRS RS#Show ip route rip Re 1.0.0,08 [120/5] via 10.1.48.4, 00:00:00, SerialOT 10.0.0.024 is subnetted, 2 subnets Ro 10.1.13.0 [20/5] via 10,1.45.4, 00:00:00, Serial To see the full picture, network 1.0.0.0 /8 is verified from RI all the way to the upstream router RS: this is called the control plane OnRI Ri#Show ip route 1.0.0.0 Routing entry for 1.0,0.0/8 Known via "connected" distance 0, metric 0 (connected, via interface) Rodistributing via rip Advertised by rip Routing Descriptor Blocks: * directly connected, via Loopbacki Route metric is 0 traffic share count is | Ri#Show ip rip database 1.0.0.0 255.0.0.0 1.0.0.8 directly connected, Loopbacki OnR3R3#Show ip route wfCA | B Gateway Gateway of last resort is not set 1.0.0.0 [1201 via 10,1.13.1, 00:00 5.0.0.0/8 [200/1] via 4.4.4.4, 00:37:51 10.0.0.0/24 is subnetted, 7 subnets 10.1.13.0 is directly connected, Serial/1 10,1.45.0[200/0) via 4.4.4.4, 00:37:51 ow ip route wFCA 1.0.0.0 Routing entry for 1.0.0.0/8 Known via “rip”, distance 120, metric 1 Redistributing via bgp 65001, rip Advertised by bgp (6001 Last update from 10, 1.13.1 on Serial0'1, 00:00:15 ago Routing Deseriptor Blocks: * 10.1.13.1, from 10.1.13.1, 00:00:18 ago, via Serisl/1 Route metric is |, traffic share count is | ow ip bgp wpnvd wf CA | B Network Network Nest Hop Metric LoePrf Weight Path Route Distinguisher: 1:10 (default for vrfCA) > 1.0.0.0 10.113. 1 32768 ? *>i8.00.0 4444 1 100 07 *>10.1.13.024 0.0.00 0 37 *>110.1.45.024 44.44 a) Show ip bep VPNV4 wfCA 1.0.0,0/8 BGP routing table entry for | .0/8, version Paths: (| available, best 41, table CA) Advertised to non peer-group peers: Note the RD of 1:10 is added to 4444 1.0.0.0/8 forming a VPXw4 addr Local 10.1. 13.1 from 0.0.0.0 (3 Origin incomplete, metric 1, localpref 100, weight 22768, valid, sourced, best Extended Community: RT: 1:100, mpls labels infout 303/nolabel Note the Origin cade is (zero) because the route was redistributed and therefore, the origin ofthe route is unknown. The Weight attribute is 32768, because NOW....the localis advertising the route in BGP. The extended communi configured routestarget, and the last line states that if the local router re with a label of 303 remove the label and forwa OnR4 Ra#Show ip bgp vv wf CB 1.0.0.0 BGP routing table entry for 1 0.08, version 22 Paths: (1 available, best #1, table CB) Not advertised to any peer Local, imported path from 1 3.3.3.3 (metric 3) from 3.3.3.3 (3 Origin incomplete, metric 1, localpref 100, valid, internal, best Extended Community: RT:1: 100, mpls labels in/out nolabel303 Rd#Show ip bgp vpnvd wf CB | B Network Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 1:20 (default for vr? CB) i100 3.3.33 1 100 a? > 5.00.0 10,1.48.5 1 32768 9 *S110.1.13.024 3.3.33 0 *>10.1.45.0/24 0.0.0.0 0 R4#Show ip route wfCB |B Gateway Gateway of last resort is not set B 1.0.0.08 [200/1] via 3, 00:30:31 $.0.0.0/8 [120/1] via 10 8, Serial! 10,0.0.0/24 is subnetied, 2 10.1.1 3.0 [200/0) via 3.3.3.3, 00:30:31 C 10,1.45.0 is directly connected, Serial(’1 RdéSh ip route wf CB 1.0.0.0 Routing entry for 1,0.0.0/8 Known via "bgp 8001", distance 200, metric |, type intemal Redistributing via rip Advertised by rip metric’ Last update from 3.3.3.3 00:28:53 ago Routing Descriptor Blocks:3.3.3.3 (Default-IP-Routing-Table), from 3.3. Route metric is |, traffic share count is 1 AS Hops 0 OnR: RS#Show ip route rip R1.0.0.008 [120/5] via 10.1.45.4, 00:00:23, Serial0!1 10.0.0.0/24 is subnetted, 2 subnets Ro 1.1.10 [1205] via 10.1.45.4, 00:00:23, Serial To test the configuration: OnRS Ping 1.1.1.1 Type escape sequence to abort. Sending 5, 100-byie ICMP Echos to |. l.1.1, timeout is ? seconds: Success rate is 100 percent (8/5), round-trip min/avg/max OnRi Type escape sequence to abort Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout Success rate is 100 percent (8'5), roundetrip min/avg/max Tas Erase the startup configuration of these routers and reload them before proceeding to the next lab,Lab3 OSPF Routing ina customer A 192.168.1.0724 Lab Setup. © The connections between RI and R3, Rd and RS should be configured with HDLC encapsulation. The clock rate should be set to 64000, Configure FOO. of RI in VLAN 100, RS in VLAN $00 and FO! interface of R6 in VLAN 600. Configure the FO/0 interface of R2 and R3 in VLAN 200. Configure the FO’! interface of R2 and Rd in VLAN 300, Configure the FO‘0 interface of R4 and RG in VLAN 900. Configure the rest ofthe routers according to the above diagram.Task 1 Configure OSPF on Core MPLS routers (R2, R3 and R4), you should run OSPF area 0 on the FOO interface of R2 and R3, FO) | interface of R2 and R4 and the loopback interfaces of these routers, On R2 R2(config}router ospf | R2(config-router) #netw 10. 1.23.2.0.0.0.0 area 0 onfig-router) #etw’ 10, 1.24.2 0.0.0.0 area 0 R2(config-router)#netw 2.2.2,2.0.0.0.0 area 0 OnR3 R3(config}#router ospf | R3(config-nouter)netw 3 0.0.0 area. 0 R3(config-router)#netw 10,1.23.30.0.0.0 are 0 OnR4 RA(config}#router ospf | RA(config-router) #netw 4.4.4,4.0.0.0.0 area 0 RA(config-router) #netw 10,1.24.40,0,0.0 area 0 To verify the configuration: OnR3 R3#Show ip route ospf| Inc O ° a 24, FastEthemet(/0 ° a 1:00:24, FastEthemett'0 ° 23.3, 00:01:03, FastEthemet0/0 24.4, 00:01:03, FastEthernet()'|Ra#Show ip route ospf | Inc O. [11012] via 10.1.24.2, 00:01-4 1, FastEthemet0V'1 [11013] via 10.1.24.2, 00:01:41, FastEthemet0'1 O [1102] via 10.1.24.2, 00:01:41, FastEthemet0) | Configure LDP between the core routers. These routers should use their loopback 0 interface as their LDP router ID; the core MPLS routers (R2, R3 and R4) should use the following label range: R2 R3 PLS label protocol LDP R3(configh#MPLS label range 300 399 R3(confighint 1/0 R3(configeit} OnR2 R2(config}#MPLS label protocol LDP R2(config#MPLS LDP router-id fo0 R2(config}#MPLS label range 200 299 R2(configh#int #0 R2(config-if)}#MPLS IP R2(config-if}#int FOL RQ }*MPLS IPRa(config}#MPLS label protocol LDP Ra(config)#MPLS LDP routersid 1o0 Rad{configh*MPLS label range 400 499 Ra{configyint #01 Ra(config-if}#MPLS IP To verify the configuration: OnR4 R4eShow mpls interface Interface IP Tunnel Operational FastEthernet@1 Yes (dp) No Yes R4#Show mpls lip neighbor Peer LDP Ident: 2.2.2.2:0; Loeal LDP Ident 4.4.4.4:0 TCP connection: 2.2.2.2,646- 44.4.4.53845 State: Oper; Msgs sent/revc: 25/24; Downstream Up time: 00:13:56 LDP discovery sources: FastEthemet()'1, Ste IP addr: 10,1.24.2 Addresses bound to peer LDP Ident: Hl 10.1.24.2 2.2.2.2 Local LDP Identifier: 44.4.4:0 Discovery Sources: Interfaces: FastEthemet "I (Idp}: LDP dd: 2.2.2.2:0 RabShow mpls label range Downstream Generic label region: Min/Max label: 400/499 On R2R2#Show mpls interfaces Interface IP Tunnel Operational FastEthernet#0 Yes(Idp) No Yes FastEthernet®1 Yes(Idp) No — Yes R2#Show mpls lip neighbor Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 2.2. TCP connection: 3.3.3.3.96373 - 2.2.2.2.646 State: Oper: Msgs sent/revc: 33/34; Downstream, Up tim LDP discovery sources: FastEthemet()/0, Sre IP addr: 10.1.23.3 Addresses bound to peer LDP Ident 101.233 101.133 3.3.33 Peer LDP Ident: 4.44.40; Local LDP Ident 2.2.2 TCP connection: 4.4.4.4. 53845 - 2.2.2.2.616 State: Oper; Msgs sent/revc: 30/31; Downstream Up time: 00:19:28 LDP discovery sources: FastEthemet()'1, Ste IP addr: 10.1.24.4 Addresses bound to peer LDP Ident: 10.1464 101.244 10.1484 4.4.44 Local LDP Identifier: 22.2.2:0 Discovery Sources: Interface: Show mpls label range Downstream Generic label region: Min/Max label: 200299 On R3 Show mpls interfacesInterface IP Tunnel Operational FastEthernet¥O Yes(Idp) No Yes Show mpls Ip neighbor Peer LDP Ident: 2.2,2,2:0; Loeal LDP Ident 3. TCP connection: 2.2.2.2.646 - 3.3.3.3.96373 State: Oper; Msgs sent/revd: 36/35; Downstream Up time: 00:24:05 LDP discovery sources: FastEthemet(0, Ste IP addr: 10. 1.23.2 ‘Addresses bound to peer LDP Ident 10,1.23.2 101.242 2.22.2 ‘Show mpls Idp discavery all Local LDP Identifie 3.3.30 Discovery Sources: Interfaces: FastEthernet(/0 (Idp): xmitreev LDP Id: 2.2.2.2:0 Show mpls labelrrange Downstream Generic label region: Min/Max Inbel: 300/399 ‘To verify the LFIB of these routers: NOTE: The labels displayed in the output of this lab may diff Jab but the principle remains the same. Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tagor VC or Tunnel ld switched interface Poptag 2.22232 0 FeO 10.1.232 201 444432 0 FeO 10.1.23.2 Pop tag 10.1.24.0/24 0 Fad0 — 10.1.23.2OnR2 Show mpls forwarding-iable Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tagor VC or Tunnel ld switched interface 200 Poptag = 33.3332 0 Fab/0 201 Poptag 444432 0 Fal 10.1 10.1 On R4 Ra#Show mpls forwarding-table Local Outgoing Bytes tag Outgoing Next Hop tag tag or VC switched interface 400 Pop tag 0 Fo! 10. 401 200 0 Fa/] 10.1 402 Pop tag 0 Fav/l 10.1 Task3 Configure MP-BGP between R2 and R4 as they represent the Provider Edge routers in this topology in AS 68001, Do not allow the BGP peers io share IPV4 routing information by default, The only bgp peering relationship should be VPNv4. The BGP process should be the last number in the private range n R3 R3(configh*Router bgp 68001 R3(config-router)#NO BGP default ipv4-unicast R3(config-router)#Neighbor 4.4.4.4 remote-as 65001 R3(config-router)#Neighbor 4.4.4.4 Update-source Lod onfig-router)#A ddress-family VPNvd unicast R3(config-router-ai)#N eighbor 4.4.4.4 Aetivate R3(config-router-ai)#N eighbor 4.4.4.4 send-community both R3(config-router-ai)#N dighbor 4.4.4.4 next-hop-self OnR4 Ré(config)#Router bgp 65001router)#NO BGP default ipv4-unicast Ra(configerouter)#Neighbor 3.3.3.3 remotesas 65001 Ra{configerouter) 3 Updatessource Lo0 Ra{configerouter)#A.ddressefamily VPNv4 unicast Ra(config-router-ai}#N eighbor 3.3.3.3 Aetivate Re{config-router-ai)#N eighbor 3.3.3.3 send-community both Ra{ config-router-af)}#N eighbor 3.3.3.3 next-hop-self To verify the configuration: OnR3 R3eShow ip bgp VPNvd all summary BGP router identifier 3.3.3.3, local AS number 65001 BGP table version is 1, main routing table version | Neighbor V AS MsgReve MsgSent ThiVer InQ OutQ Up/Down State/PieRed 4444 4 65001 9 9 10 0 00:03:08 0 On Rt R4#Show ip bgp VPNv4 all summary BGP router identifier 4.4.4.4, local AS number 6500! BGP table version is L, main routing table version | AS MsgRevd MsgSemt ThiVer InQ OutQ Up/Down State/PikRed 4 6s001 ul MM 1 0 0 00,07:45 0 Task 4 Configure VRFs on R3 and R4 and enable VRF forwarding on the interfaces of these two routers based on the following chart. Router |VRF RD [RT _| Interface RS VPNA, 120 _[1:105_| Sov Ra VPNA ra0_[as105—_ [S071 VPNB 150 | 1:600_| Foodn R3 R3(confightip wf VPNA R3(configevrs}Frd 1:20 R3(configevri}#routestarget both 1:105 R3(configewr R3(configeif)#ip wf forwarding VPNA % Interface Serial0/I IP adiéress 10.1.13.3 removed due to enabling VRF VPNA OnR4 RA(confightip vif VPNA RA(config-vrijtrd 1:40 RA(config-vri}#route-target hoth 1:105 Re(config-ved}#int S0/1 Ra(config-if}*ip wr forwarding VPNA % Interface Seriald/l IP address 10.1.43.4 removed due to enabliag VRF VPNA Refconfig-if}#int $0/1 Re(config-if}#ip addr 10, 1.48.4 258,285,285,0 Ra(config)ip vrf VPNB Ra(config-vrd)erd 1:50 Re(config-vri}#route-target both 1:600 Refconfigy#int FOO Refconfig-if}#ip wf forwarding VPNB % Interface FasiEtherneti/0 IP address 10.1.46.4 removed due to enabling VRE VPNB Ré(config-if}Fint 10/0 Ra{config-if}#ip addr 10, 1.46.4 255,285. 255.0 To verifv the configuration On R3R38Show ip wfbrief Name Defailt RD Interfaces VPNA. 1:20 Set! R3#Show ip wfinterfaces Interface IP-Address VRF Protocol Se0/1 101.133 0 VENA. up OnR4 R4#Show ip vil Name Default RD Interfaces VPNA 140 Se0/1 VPNB 1:50 Far Rd#Show ip wfinterfaces Interface IP-Address VRF Protocol Se0/1 10.1454 VPNA. up Fa0/0 101.464 VPNB up Task 5 Configure Customers RI and RS with a VRF service that incorporates OSPF as the routing protocol; R3 should use OSPF processsid of 3, whereas, Rd should use processeid of 4 for this purpose, R| and R5’s loopback interfaces should be advertised with their correct mask. Configure the WRF applied to R6 to use RIPV2 and ensure that this customer participates in the same Closed User Group (CUG) as RI and RS. To configure the CE routers OnRI Ri(config}*router ospf | R (configerouter)#netw 1.1.1, 110.0.0.0 area 0 R (configerouter)#netw 10. 1.13.10.0.0.0 area 0 Ri(configerouter)#int 1o0R i(configeif}#ip ospf net point-to-point OnRs RS(config}trouter ospf | RS(config-router}#netw 5.5.5.5 (0.0.0.0 area 0 R&(config-router)#netw 10. 1.45.50,0.0.0 area 0 RS(config-rovter} Hint [oD RS(config-if}#ip ospf net point-to-poi On R6 R6(config)#router rip Ro(config-router) #ver 2 RO6(config-router)#no au RO(config-router) #netw 6.0.0.0 RO(config-router)#netw: 10.0.0.0 To configure the PE routers; On R3. R3(configh#Router ospf'3 vf VPNA onfig-router)#network 10.1,13.3 0.0.0.0 area 0 pospf nei NeighborID Pri State Dead Time Address Interface Lid 0 FULL! - i 10.1431 Serial’ 2.2.2.2 1 FULL/DR — 00:00:38 101.232 FastEthernetiv0 R3#Show ip route wf VPNA |B Gateway Gateway of last resort is not set © 1,0,0,0/8 [110/63] via 10.1.13.1, 00:02:39, SerialO/1 10.0.0.0/24 is subnetied, | subnets C — 10,1.13.0 is directly connected, Serial The OSPF routes are redistrihted into MP-BGP: Ri(confightrouter bgp 63001 Ri(config-router) #address-family ipv4 vf VPNA.R3(config-router-ai)#redistribute OSPF 3 match internal external | external 2 To verify the configuration: OnRs R4#Show ip bgp vpnv4 wf VPNA | B Network Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 1:40 (default for vrf VPNA) Network Next H Metric LocPrf Weight Path i100 3 65 100 0? Redistribute BGP into OSPF so the CE router (RS) can see the routes in it’s routin table: Ra{config)#router ospf4 vrf VPNA. R4( config-router)#redistribute BGP 65001 subnets To verify the configuration: On RS RS#Show ip route ospf © E2 1.0.0.0'8 [110/65] via 10.1.45.4, 00201 10.0.0.0/24 is subnetted, 2 subnets O EZ 10.1.13,0 [10/1] via 10.1.45.4, 00:01:28, Serial To get RS’s routes into RI: outer ospf 4 vrf VPNA Re(config-router)#netw 10.1.45.40,0.0.0 area 0 Rd#Show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 56. O FULL! = 00:00:37 10.145.5 — Serial0/t az 1_FULL/DR 3301016242 FastEthemett1Ra#Show ip route wf VPN A | B Gateway Gateway of last resort is not set © 5.0.0.0/8 [110/65] via 10.1.48.5, 00:00:54, Serial0/1 10.,0.0,0/24 is subnetted, 1 subnets C 10,1.45.0 is directly connected, Seriall/1 Redistribute the OSPF routes into BGP: OnR4 Ra(config}router bgp 65001 Ra(config-router)#address-family ipy4 yrf VPNA Rd{config-router-af)#redistribute OSPF 4 match internal external 1 external 2 To verify the configuration: OnR4 R4#Show ip bgp vpnv4 wf VPNA | B Network Network, Neat Hop Metric LocPrf Weight Path Route Distin guishe (default for vrf VPNA) 65100 0? 6 327682 10 0? 2768 ? Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 1:20 (default for wf VPNA) > 1.000 10.1.13.1 68 32768 7 #>i8.0.0.0 4444 6s 100 0? *>10.1.13.024 0.0.00 0 32768 2 110.148.0294 4.4.44 0 100 0? Redistribute BGP routes into OSPF sa the CE router (RI) ean see the routes in it’s routing table: OnR3R3(configh*router ospf 3 vrf VPNA R3(configerouter ibute BGP 65001 subnets To verify the configuration: OnRI R#Show ip route ospt © E2 $.0.0.0'8 (110/63) via 10.1.13.3, 00:00:34, Serial0/1 10.0.0,0/24 is subnetted, 2 subnets QE2 10.1.45.0 (110/1] sia 10.1.13.3, 00:00:34, Serial0/1 ‘To test the configuration: OnRI RlePing 5.5.5.5 Type eseape sequence to abort Sending 5, 100-byte ICMP Echos to §.5.5.5, timeout is2 seconds: Success rate is 100 percent (5/3), round-trip min/avg/mav = 56/63/84 ms OnRS LLL Type escape sequence to abort Sending 5, 100-byte ICMP Echos to 1, 1.1.1, timeout is2 seconds: Success rate is 100 percent (8/5), round-trip min/avg/max = 86/86/57 ms The routes that are in another ospf area are showing up as External type 2 This was due to the redistribution of the BGP routes into ospf, Although redistribution results in this behavior under normal cireumstances, this does not follow classic OSPF default behavior of a route that is learned from another area in the same domain, To see the reason behind the behavior: OnR3 Show ip bgp wpnvd wi VPNA 10.0,BGP routing table entry for 1:20: 1.0.0.0/8, version 4 Paths: (| available, best #1, table VPNA) Advertised to non peeregroup peers: 4444 Local 10.1.13.1 from 0.0.0.0 (3.3.3.3) Origin incomplete, metric 65, localpref 100, weight 32768, valid, sourced, best Extended Community: R’ JS OSPF DOMAIN IDzibx 105:0x000000030200 OSPF RT-0.0.0.02:0 OSPF ROUTER 1D:10.1.13.3:0, mpls labels in‘out 303/nolabel Domain-ID Every dom on a Cisco Router will begin with “0005”, “0105” or “0205” which identifies the type of format used. With the “0005” value used the next 4 Octect are viewed as the Global Administrator field and is used as part of the domain-id. The last 2 Oetets would be used as a Local Admi and is ignored. As you ean see by the output, the Global Admi which represents the OSPF process-id in HEX. The “0200” output at the end is ignored. ‘The OSPF RT:0.0.0.0:2:0 value represents the Area of OSPF "0.0.0.0", the internal ospf route “2”, and the last value of the last digit “0” means that the route is neither an External 1 nor an External 2 route. OnR4 Ré#Show ip bgp vpnv4 wf VPNA $.0.0.0 BGP routing table entry Zor 1:40:3.0.0.0°8, version § Paths: (| available, best #1, table VPNA) Advertised to non peer-group peers: 3.333 Local 101.48. from 0.0.0.0 4.4.4.4) Origin incomplete, metric 65, localpref 100, weight 22768, valid, sourced, best Extended Community: RT:I:105 OSPF DOMAIN [D:0x0005:0x000 000041200 OSPF RT-0.0.0.0:2:0 OSPF ROUTER 1D-10.1.43.4:0, { mpls labels in/out 403/nolabel Domain-ID The domain-id for the prefixes does not match, Under normal OSPF design rules, the process-id ofan OSPF router does not need to match any other peer’s process: . However, with MPLS, the router uses the OSPF process as a portion of the domain-id, Therefore, we must manually change the pracess-id to match on both sides of the cloud or statically configure a domain-id that matches on both routers. Routers that do not share the same domain-id are considered type 5 or externalid's match, the routes are considered type “3” LSAs. ing the domain-id is preferred as this does not change the classic ing of the process-id in OSPF. A clearing of BGP with the “clear ip bgp * in” and “clear ip bgp * out” will speed up the convergence. OnR3 onfig#router ospf 3 vrf VPNA. 3(config-router}#Do main-id 0.0.0.1 R34Cle ip bgp * in R34Cle ip bgp * out OnR4 Ra(config}#router ospf 4 vrf VPNA Ra(config-router)#Domain-id 0.0.0.1 Rasicle ip bgp * in Rasele ip bgp * out On R3 R3#Show ip bgp vpnvd wf VPNA 1.0.0.0 | Inc DOMAIN Extended Community: RT:1:105 OSPF DOMAIN [D:0x0005:03000000010200 OSPF RT.0.0,0.0:2:0 OSPF ROUTER 1D:10.1.13, OnR4 Note the Domain-IDs match Ra#Show ip bgp vpnv4 wf VPNA 5.0.0.0 | Inc DOMAIN Extended Community: RT:1:105 OSPF DOMAIN [D:0x00 OSPF RT-0.0.0.02:0 OSPF ROUTER ID:10.1.45.4:0, To test and Verify the configuration: OnRI R1#Show ip route ospfO 1A $.0.0.0/8 (110/129) via 10.1.13.3, 00:06:08, SerialO/1 10.0.0; subnetted, 2 subnecs © YA 1948.0 FTFORE vn 0.1.19, co:OeDR SettanNy Nate the routes are LA and NOT E2 vt 104), OLA 10.1.13.0 [1106: A. 2 06:47, Serial Configuring the PE router (R4) for CE router (R6) OnR4 Ra(config)#Router rip Ra{config-router)#no au Ra(config-router)#ver 2 Ra(config-router)#A.ddress-family ipvd vrf VPNB Ra{config-router-af}#ver 2 Ra{config-router-af)#no au Re{config-router-af)#netw 10.0.0.0 RaeShow ip route wf VPNB | B Gateway Gateway of last resort is not set R 6.0.0.008 |120/1] via 10.1.46.6, 00:00:15, FastEthernet 0/0 10.0.0.0/24 is subnetted, | subnets C 101.46.0 is directly connected, FastEthemet/0 Redistributing the RIPv2 routes into the Global routing table: On Rt Ra(configh*Router bgp 65001 Ra{ configerouter)#A ddressefa mily ipvd vrf VPNB Ra(config-router-af)#R edistribute RIP Redistributing the BGP routes into the RIPv2 routing table: Ra(configh#Router ripRa(configerouter)#A ddressefamily ipvd vrf VPNB Ra( configerouter-ai)#R edistribute BGP 65001 Metri y interface that has VRF VPNB applied to ipate in the same VPN as RI and RS, which are importing and exporting route-target 1:105 as well. This will only add the route-target to the list. The initial route-target of 1:600 will still be present. Ra(config}“ip vf VPNB Ra(config-vri}#route-target both 1:105 To verify the configuration; OnR6 RG#Sh ip route rip Re 1.0.0.0 [120/5] vin 10.1.46.4, 00:00:21, FastEthemet 00 Re 5.0.0.038 [120/5] via 10.1.46.4, 00:00:21, FastEthernet ‘0. 10.0.0.0/24 is subnetted, 3 subnets Ro 10.1.13.0 |120/5] via 10.1.46.4, 00:00:21, FastEthernet@/0 RR 10.1.45.0 [120/5| via 10.1.46.4, 00:00:21, FastEtherneti0 Since metric of S was set when the routes were redistributed into RIP on R4 (The PE router), all routes end up in R6’s routing table with a hop: count of §. However, if R4 was configured with a metric of transparent using “Redistribute BG P 65001 Metric transparent”, R6 would have ONLY seen the directly connected routes of RI and RS, the following tests the metric transparent when redistributing routes into RIPY2. On R4 Re(configy#router rip RA(config-router)#Address-family ipv4 yr! VPNB Re(config-router-ai)#N O Redistrib ute BGP 68001 Metric 5 Re(config-router-af)R edistribute BGP 68001 Metric transparent OnR6 RG#Show ip route rip 10,0.0.0:24 is subnetted, 3 subnets R — 101.13.0[120/1] via 10.1.46.4, 0000: 16, FastEthem et0 R___10.1.45,0[120/1] via 10, 1.46.4, 00:00: 16, FastEthemet(/0Note ONLY RI and RS’s directly connected links are in R6"s routing table, the question is WHY? OnR3 Show ip route wf VPNA 1.0.0.0 Routing entry for 1.0.0.08 Known via "ospf3", distance 110, metric 65, type intra area Redistributing via bgp 6800! Advertised by bgp $0011 match intemal external | & 2 Last update from 10, 1.13.1 on Serial, 02:13:04 ago Rout ing Descriptor Blocks: *10.1,13.1, from 1,1, 1.1, 02:13:04 ago, via Serial! Route metric is 65, traffic share count is | On R4 Ra#Show ip route wf VPNA 5.0.0.0 Routing entry for 5.0.0.0/8 Known via "ospf4”, distance 110, metric 65, type intra area Redistributing via bgp 65001 Advertised by bgp €5001 match intemal external | & 2 Last update from 10. 1.45.5 on Serial, 02:27:18 ago Routing Descriptor Blocks: * 10.1.45.5, from 5.5.5.5, 02:27:18 ago, via SerialO1 Route metric is 65, traffic share count is | Note since the metric of 65 in OSPF is copied into BGP as MED and the MED is copied into RIP, from RIP's perspective the routes are 65 hops away, which means that they are inaccessible, the following Debug reveals that R6 receives the routes but it poisons them: OnR6 RG=Debug ip rip RIP: received v2 update from 10. 1.46.4 on FastEthemet(/0 1.0.0.0/8 via 0.0.0.0 in 16 hops (inaccessible) inaccessible}Note the output of the following show command reveals that the directly connected links of RI and RS are advertised with # hop count of 1, whereas, the other routes i ible, which means that their hop count is greater than 15 hops. RG#Show ip route rip 10,0.0,0/24 is subnetied, 3 subnets R 101.130 [120/1] via 10.1 46.4, 0200: 16, FastEthemet00 R — 10,1.45,0[120/1] via 10. 1.46.4, 00:00:16, FastEthemet0'0 Task 6 Erase the startup configuration of the routers and reload them before proceding to the next lab,Lab4 Backdoor links & OSPF Lab Setup: © The connections between RI and R3, Rd and RS should be configured with HDLC encapsulation. The clock rate should be set to 64000, Configure FO\0 of R1 and RS should be configured in VLAN 100. Configure the F0"0 interface of R2 and R3 in VLAN 200, Configure the FO'1 interface of R2 and R4 in VLAN 300. Configure the IP aldressing according to the above diagram. Task 1 Configure OSPF on Core MPLS routers (R2, R3 and R4), you should run OSPF area 0.on, the FO interface of R2 and R3, Fil/| interface of R2 and R4 and the loopback interfaces ofthese routers,OnR2 R2(confightrouter ospf | R2config-router)#netw 10,1.23.20.0.0.0 area 0 onfig-router) #netw’ 10.1.24.20.0.0.0 area 0 R2(config-router)#netw 2 0.0.0 area 0 OnR3 R3(config)trouter ospf | onfig-router) #netw 3.3.3.3 0,0.0.0 area 0 R3(config-router)#netw 10. 1.23.3 0.0.0.0 are 0 OnR4 Ra(configh#router ospf | Ra(config-router) #netw 4.4.4.4.0.0.0.0 area 0 Ra(config-router)#netw 10.1.24.4 0.0.0.0 area 0 To verify the configuration: OnR3 Show ip route ospf| Ine O © — 2.2.22 [110/2] wis 10.1.23.2, 00:00:24, FastEthemet0/0 O 4.4.4.4 [110] via 10.1.23.2, 00:00:24, FastEthemet0/0 QO — 10.1.240 [110/2} via 10.1.23.2, 00:00:24, FastEtheret(/0 On R2 .0W ip route ospf | Inc 0 3.3 [110/2] via 10.1.23.3, 00:01:03, FastEthemet0/0 4.4.44 [1102] via 10.1.24.4, 00:01:03, FastE theme | OnR4 Ra#Show ip route ospf | Inc 2 [02 1, FastEthemet0V1 3.3 [11013] via 10.1.24.2, 00:01:41, FastEthemet('1 o o OQ _10,1.23.0 [110/2] via 10.1.24.2, O0:01:4 1, FastEthemnet0|Task2 Configure LDP between the core routers. These routers should use their loopback 0 interface as their LDP router ID; the core MPLS routers (R2, R3 and R4) should use the following label range: R2- 20-209 R3- 300 — 309 Rd — 400 — 499 nm R3 R3(config}*MPLS label protocol LDP R3(config)*MPLS Idp router-id 1o0 R3(configh*MPLS label range 300 399 Ri(confighint 0/0 R3(configeif}#MPLS IP PLS label protocol LDP #MPLS LDP router-id lo R2(configh#MPLS label range 200 299 onfigh#int 1/0 R2{(config-if}*#MPLS IP if)#int FOL onfig-if}*MPLS IP On R4 R4(configh*MPLS label protocol LDP PLS LDP router-id lod IPLS label range 400 499 Refconfigytint £01 Refconfig-if}*MPLS IPTo verify the configuration: OnR4 Ré#Show mpls interface Interface IP Tunnel Operational FastEthernet¥1 Yes(Idp) No Yes Ra#Show mpls lip neighbor Peer LDP Ident: 2.2.2,2:0; Loeal LDP Ident 4.4.4.4:0 TCP connection: 2.2.2.2,646- 4.4.4.4.53845 State: Oper: Msgs sent/revct 25/24; Downstream Up time: 00:13:56 LDP discovery sources: FastEthemet()'1, Ste IP addr: 10. 1.24.2 Addresses bound to peer LDP Ident 10.1.23.2 10.1242 2.2.22 Ra#Show mpls Idp discovery all Local LDP Identifier: 444.420 Discovery Sources: Interfaces: FastEthernet “1 (ldp): LDP Id: 2.2.2, Ra#Show mpls label range Downstream Generic label region: Min/Max label: 400/499 OnR2 R2#Show mpls interfaces Interface IP Tunnel Operational FastEthernet¥@ Yes(Idp) No Yes FastEthernet1 Yes (Idp) No Yes Show mpls Ip neighbor