Vous êtes sur la page 1sur 49
MPLS Tshoot Lab Mohammad Khalil CCIE#35484 (R&S,SP) Network Diagram OSPF A0 AS300 R7 RIPv2 BGP

MPLS Tshoot Lab Mohammad Khalil CCIE#35484 (R&S,SP)

Network Diagram

OSPF

A0

AS300

R7AS300

RIPv2

BGP

R4
R4
R9
R9
R1
R1

EIGRP

AS100

OSPF

A0

R2
R2
R3
R3

AS200

AS300

AS300 R8
R8
R8
AS300 R8
AS300 R8
AS300 R8
AS300 R8
R5
R5
R6
R6
R10
R10

AS300

EIGRP

BGP

OSPF A0 R2 R3 AS200 AS300 R8 R5 R6 R10 AS300 EIGRP BGP RIPv2

RIPv2

AS100 OSPF A0 R2 R3 AS200 AS300 R8 R5 R6 R10 AS300 EIGRP BGP RIPv2 1
AS100 OSPF A0 R2 R3 AS200 AS300 R8 R5 R6 R10 AS300 EIGRP BGP RIPv2 1

1

Lab Overview

Lab Overview The topology above contains two main ASes with one secondary AS, the main goal

The topology above contains two main ASes with one secondary AS, the main goal of the setup is to maintain connectivity among the below

R7 R10 should communicate with each other via IPv4 (their loopback 0 networks)

R7 and R8 should communicate with each other via IPv6 (their loopback 0 betworks)

R8 and R10 should communicate with each other via IPv4 (their loopback 1 networks)

R8 and R9 should communicate with each other over the subnet 172.16.89.0/24

In check commands format, you should match the below outputs

tclsh foreach x {

7.7.7.7

8.8.8.8

9.9.9.9

10.10.10.10

} { ping $x source lo0 }

R8#ping vrf ABC 100.10.10.10 source lo1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 100.10.10.10, timeout is 2 seconds:

Packet sent with a source address of 88.8.8.8 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/70/120 ms

R10#ping vrf ABC 88.8.8.8 source lo1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 88.8.8.8, timeout is 2 seconds:

Packet sent with a source address of 100.10.10.10 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/62/156 ms

R7#ping 2001::8 source lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001::8, timeout is 2 seconds:

Packet sent with a source address of 2001::7 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/78/104 ms

R8#ping 2001::7 source lo0 Type escape sequence to abort.

2

Sending 5, 100-byte ICMP Echos to 2001::7, timeout is 2 seconds: Packet sent with a

Sending 5, 100-byte ICMP Echos to 2001::7, timeout is 2 seconds:

Packet sent with a source address of 2001::8 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 64/103/192 ms

R8#ping 172.16.89.9 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.89.9, timeout is 2 seconds:

!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 60/83/112 ms

R8#ping vrf ABC 100.10.10.10 source lo1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 100.10.10.10, timeout is 2 seconds:

Packet sent with a source address of 88.8.8.8 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 40/57/80 ms

R10#ping vrf ABC 88.8.8.8 source lo1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 88.8.8.8, timeout is 2 seconds:

Packet sent with a source address of 100.10.10.10 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/72/148 ms R9#ping 172.16.89.8 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.89.8, timeout is 2 seconds:

!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/84/120 ms

Several faults have been injected into the topology, these faults focus on different technologies

You should find, troubleshoot and resolve

Do not make all your actions remove, modify!

3

Solutions One of the tricks in troubleshooting labs is to turn off logging to the

Solutions

One of the tricks in troubleshooting labs is to turn off logging to the console in order to hide any message that could assist in solving problems, so let us turn on the logging on all routers

R1 R10 logging console

Let us start now by dividing the areas we are going to work on

The IGP inside both ASes is OSPF, so let us check our OSPF adjacencies

R1#sh ip ospf neighbor

R1#

R1 should have neighborship with R4

R1#debug ip ospf adj OSPF adjacency debugging is on

R1#

*Aug 17 13:15:46.986: OSPF-1 ADJ

R1#

*Aug 17 13:15:49.362: OSPF-1 ADJ

Mismatched Authentication Key - No message digest key 1 on interface

Fa2/0: Send with youngest Key 2

Fa2/0: Rcv pkt from 192.168.14.4 :

So, the error is clear, there is a mismatch in the authentication key ID

R1#sh ip ospf interface fastEthernet 2/0 | include authentication|key Message digest authentication enabled Youngest key id is 2

R4#sh ip ospf interface fastEthernet 1/0 | include authentication|key Message digest authentication enabled Youngest key id is 1

R1#sh run int f2/0 | inc key ip ospf message-digest-key 2 md5 cisco

R1

interface fastEthernet 2/0 no ip ospf message-digest-key 2 md5 cisco ip ospf message-digest-key 1 md5 cisco

4

R1# *Aug 17 13:18:29.430: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on FastEthernet2/0 from LOADING to FULL,

R1#

*Aug 17 13:18:29.430: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on FastEthernet2/0 from LOADING to FULL, Loading Done

R1#

*Aug 17 13:18:36.718: %BGP-5-ADJCHANGE: neighbor 4.4.4.4 Up *Aug 17 13:18:36.726: %LDP-5-NBRCHG: LDP Neighbor 4.4.4.4:0 (1) is UP

R1#sh ip ospf neighbor

Neighbor ID

Pri

State

Dead Time

Address

Interface

4.4.4.4

1

FULL/DR

00:00:38

192.168.14.4

FastEthernet2/0

R1#sh

ip route ospf

 

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia

- IS-IS inter area, * - candidate default, U - per-user static route

o

- ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+

- replicated route, % - next hop override

Gateway of last resort is not set

4.0.0.0/32 is subnetted, 1 subnets

O 4.4.4.4 [110/2] via 192.168.14.4, 00:00:24, FastEthernet2/0

R1#ping 4.4.4.4 source lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:

Packet sent with a source address of 1.1.1.1

!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/104/208 ms

Let us move now to AS 200 and check the OSPF neighborships

R2#sh

ip ospf neighbor

R2#

As well R2 has no active relations

R2#debug ip ospf adj OSPF adjacency debugging is on

R2#

*Aug 17 13:25:53.090: OSPF-1 ADJ

Mismatched Authentication Key - Clear Text

Fa2/0: Rcv pkt from 192.168.25.5, :

5

There is mismatch in the authentication key between R2 and R5 R2#sh ip ospf interface

There is mismatch in the authentication key between R2 and R5

R2#sh ip ospf interface fastEthernet 2/0 | include authentication Simple password authentication enabled

R5#sh ip ospf interface fastEthernet 1/0 | include authentication Simple password authentication enabled

R2#sh run int f2/0 | include ospf ip ospf authentication ip ospf authentication-key cisc0

R5#sh run int f1/0 | inc ospf ip ospf authentication ip ospf authentication-key cisco

R2

interface fastEthernet 2/0 ip ospf authentication-key cisco

R2#

*Aug 17 13:28:26.046: %OSPF-5-ADJCHG: Process 1, Nbr 5.5.5.5 on FastEthernet2/0 from LOADING to FULL, Loading Done

R2#sh ip ospf neighbor

Neighbor ID

Pri

State

Dead Time

Address

Interface

5.5.5.5

1

FULL/DR

00:00:37

192.168.25.5

FastEthernet2/0

Still R2 needs a neighborship with R3 but not shown in the show ip ospf neighbiors output, let us check

R3#sh cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S

- Switch, H - Host, I - IGMP, r - Repeater, P - Phone,

D

- Remote, C - CVTA, M - Two-port Mac Relay

Device ID

Local Intrfce

Holdtme

Capability Platform Port ID

R1.lab.local

Fas 1/0

141

R

7206VXR

Fas 1/1

R2.lab.local

Fas 1/1

154

R

7206VXR

Fas 1/1

R5.lab.local

Fas 2/1

175

R

7206VXR

Fas 2/0

R6.lab.local

Fas 2/0

145

R

7206VXR

Fas 1/0

R3#sh run int f1/1 interface FastEthernet1/1 ip address 192.168.23.3 255.255.255.0

6

speed 100

duplex full

mpls ip

speed 100 duplex full mpls ip R3#ping 192.168.23.2 Type escape sequence to abort. Sending 5, 100-byte

R3#ping 192.168.23.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.23.2, timeout is 2 seconds:

.!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 20/44/96 ms

So, there is IP reachability

R3#sh ip ospf interface brief

Interface

PID

Area

IP Address/Mask

 

Cost

State Nbrs F/C

Lo0

1

0

3.3.3.3/32

1

LOOP 0/0

Fa2/1

1

0

192.168.35.3/24

1

DR

0/0

Fa2/0

1

0

192.168.36.3/24

1

BDR

1/1

We can see that FastEthernet1/1 is not included in the ospf enabled interfaces, let us check the global OSPF configuration

R3#sh run | sec router ospf router ospf 1 router-id 3.3.3.3 network 3.3.3.3 0.0.0.0 area 0 network 192.168.35.3 0.0.0.0 area 0 network 192.168.36.3 0.0.0.0 area 0

As can be seen from the output above, there is no network statement for the interface of concern, let us add it

R3

router ospf 1 network 192.168.23.3 0.0.0.0 area 0

R3#

*Aug 17 13:33:05.242: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on FastEthernet1/1 from LOADING to FULL, Loading Done

R2#sh ip ospf neighbor

Neighbor ID

Pri

State

Dead Time

Address

Interface

5.5.5.5

1

FULL/DR

00:00:31

192.168.25.5

FastEthernet2/0

3.3.3.3

1

FULL/BDR

00:00:35

192.168.23.3

FastEthernet1/1

*Aug 17 13:33:25.834: %LDP-5-NBRCHG: LDP Neighbor 3.3.3.3:0 (1) is UP

7

Now, if we checked R5

R5#sh ip ospf neighbor

Now, if we checked R5 R5#sh ip ospf neighbor Neighbor ID Pri State Dead Time Address

Neighbor ID

Pri

State

Dead Time

Address

Interface

3.3.3.3

1 INIT/DROTHER 00:00:35 192.168.35.3 FastEthernet2/0

6.6.6.6

0

FULL/ -

00:00:33

192.168.56.6

FastEthernet1/1

2.2.2.2

1 FULL/BDR 00:00:35 192.168.25.2 FastEthernet1/0

As we can see that the relation with R3 is stuck in INIT state which means there is something forbid OSPF hello messages from being exchanged

R3#sh ip interface fastEthernet 2/1 | include access Outgoing access list is not set Inbound access list is DENY_OSPF IP access violation accounting is disabled

R3#sh access-lists Extended IP access list DENY_OSPF

10

deny ospf any any (61548 matches)

20

permit ip any any (133501 matches)

R3

ip access-list extended DENY_OSPF

no deny

ospf any any

R3#

*Aug 19 09:56:52.327: %OSPF-5-ADJCHG: Process 1, Nbr 5.5.5.5 on FastEthernet2/1 from LOADING to FULL, Loading Done

R3#sh ip ospf neighbor

Neighbor ID

Pri

State

Dead Time Address Interface

2.2.2.2

1

FULL/DR

00:00:34 192.168.23.2 FastEthernet1/1

5.5.5.5

1

FULL/DR

00:00:32 192.168.35.5 FastEthernet2/1

6.6.6.6

1

FULL/DR

00:00:35

192.168.36.6

FastEthernet2/0

Now, back to R5 again

 

R5#sh ip ospf neighbor

Neighbor ID

Pri

State

Dead Time

Address

Interface

3.3.3.3

1 FULL/BDR 00:00:32 192.168.35.3 FastEthernet2/0

6.6.6.6

0

FULL/ -

00:00:38

192.168.56.6

FastEthernet1/1

2.2.2.2

1 FULL/BDR 00:00:33 192.168.25.2 FastEthernet1/0

8

R5#sh ip ospf neighbor | inc 6.6.6.6

6.6.6.6 0

FULL/ -

00:00:31

R6#sh ip ospf neighbor | inc 5.5.5.5

5.5.5.5 1

FULL/BDR

00:00:37

ip ospf neighbor | inc 5.5.5.5 5.5.5.5 1 FULL/BDR 00:00:37 192.168.56.6 192.168.56.5 FastEthernet1/1 FastEthernet1/1 We

192.168.56.6

192.168.56.5

FastEthernet1/1

FastEthernet1/1

We can see that the election takes place on router and not on the other

R5#sh ip ospf interface fastEthernet 1/1 | inc Network Internet Address 192.168.56.5/24, Area 0, Attached via Network Statement Process ID 1, Router ID 5.5.5.5, Network Type POINT_TO_POINT, Cost: 1

R6#sh ip ospf interface fastEthernet 1/1 | inc Network Internet Address 192.168.56.6/24, Area 0, Attached via Network Statement Process ID 1, Router ID 6.6.6.6, Network Type BROADCAST, Cost: 1

So, the network type does not match on both interfaces

R5#sh run int f1/1 | inc ospf ip ospf network point-to-point

R6

int f1/1 ip ospf network point-to-point

*Aug 19 10:00:45.682: %OSPF-5-ADJCHG: Process 1, Nbr 5.5.5.5 on FastEthernet1/1 from FULL to DOWN, Neighbor Down: Interface down or detached *Aug 19 10:00:45.778: %OSPF-5-ADJCHG: Process 1, Nbr 5.5.5.5 on FastEthernet1/1 from LOADING to FULL, Loading Done

R5#sh ip ospf neighbor | inc 6.6.6.6

6.6.6.6

0

FULL/ -

00:00:34

192.168.56.6

FastEthernet1/1

R6#sh ip ospf neighbor | inc 5.5.5.5

 

5.5.5.5

0

FULL/ -

00:00:36

192.168.56.5

FastEthernet1/1

The neighborship were up due to the match in the hello/dead time intervals values, but this will affect routes exchange between the routers on this link

Now, let us check our MPLS LDP neighborships

R6#show mpls ldp neighbor Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 6.6.6.6:0 TCP connection: 3.3.3.3.646 - 6.6.6.6.62211 State: Oper; Msgs sent/rcvd: 11176/11183; Downstream Up time: 6d18h LDP discovery sources:

9

FastEthernet1/0, Src IP addr: 192.168.36.3 Addresses bound to peer LDP Ident:

Src IP addr: 192.168.36.3 Addresses bound to peer LDP Ident: 192.168.13.3 192.168.23.3 192.168.35.3 3.3.3.3 192.168.36.3

192.168.13.3 192.168.23.3 192.168.35.3 3.3.3.3

192.168.36.3

R6#show mpls interfaces

Interface

IP

Tunnel

BGP Static Operational

FastEthernet1/0

Yes (ldp)

No

No

No

Yes

FastEthernet1/1

Yes (ldp)

No

No

No

Yes

So, we should have another LDP peering to R5

R5#show mpls interfaces

Interface

IP

Tunnel

BGP Static Operational

FastEthernet1/0

Yes (tdp)

No

No

No

Yes

FastEthernet1/1

Yes (tdp)

No

No

No

Yes

FastEthernet2/0

Yes (tdp)

No

No

No

Yes

As we can see, the label distribution protocol on R5 is TDP (by default it’s LDP), so a command has been entered to change this

R5#show run | sec label mpls label protocol tdp

R5

mpls label protocol ldp

R5#

*Aug 19 10:04:43.978: %LDP-5-NBRCHG: LDP Neighbor 2.2.2.2:0 (1) is UP *Aug 19 10:04:44.050: %LDP-5-NBRCHG: LDP Neighbor 3.3.3.3:0 (2) is UP *Aug 19 10:04:44.058: %LDP-5-NBRCHG: LDP Neighbor 6.6.6.6:0 (3) is UP *Aug 19 10:04:44.162: %SYS-5-CONFIG_I: Configured from console by console *Aug 19 10:04:44.278: %LDP-5-NBRCHG: LDP Neighbor (vrf MSSK) 8.8.8.8:0 (4) is UP

Let us check the other routers

R1#show mpls ldp neighbor Peer LDP Ident: 4.4.4.4:0; Local LDP Ident 1.1.1.1:0 TCP connection: 4.4.4.4.60958 - 1.1.1.1.646 State: Oper; Msgs sent/rcvd: 3083/3077; Downstream Up time: 1d20h LDP discovery sources:

FastEthernet2/0, Src IP addr: 192.168.14.4 Addresses bound to peer LDP Ident:

192.168.14.4 4.4.4.4

10

R2#show mpls ldp neighbor Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 2.2.2.2:0 TCP connection: 3.3.3.3.44383

R2#show mpls ldp neighbor Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 2.2.2.2:0 TCP connection: 3.3.3.3.44383 - 2.2.2.2.646 State: Oper; Msgs sent/rcvd: 3065/3072; Downstream Up time: 1d20h LDP discovery sources:

FastEthernet1/1, Src IP addr: 192.168.23.3 Addresses bound to peer LDP Ident:

192.168.13.3

192.168.23.3

192.168.35.3

3.3.3.3

192.168.36.3

Peer LDP Ident: 5.5.5.5:0; Local LDP Ident 2.2.2.2:0

TCP connection: 5.5.5.5.20372 - 2.2.2.2.646 State: Oper; Msgs sent/rcvd: 16/14; Downstream Up time: 00:01:02 LDP discovery sources:

FastEthernet2/0, Src IP addr: 192.168.25.5 Addresses bound to peer LDP Ident:

 

192.168.25.5

192.168.56.5

192.168.35.5

5.5.5.5

R3#show mpls ldp neighbor Peer LDP Ident: 6.6.6.6:0; Local LDP Ident 3.3.3.3:0 TCP connection: 6.6.6.6.62211 - 3.3.3.3.646

State: Oper; Msgs sent/rcvd: 11186/11180; Downstream Up time: 6d18h LDP discovery sources:

FastEthernet2/0, Src IP addr: 192.168.36.6 Addresses bound to peer LDP Ident:

192.168.36.6 192.168.56.6

6.6.6.6

Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 3.3.3.3:0 TCP connection: 2.2.2.2.646 - 3.3.3.3.44383 State: Oper; Msgs sent/rcvd: 3072/3065; Downstream

Up time: 1d20h LDP discovery sources:

FastEthernet1/1, Src IP addr: 192.168.23.2 Addresses bound to peer LDP Ident:

192.168.12.2

192.168.23.2

192.168.25.2

2.2.2.2

Peer LDP Ident: 5.5.5.5:0; Local LDP Ident 3.3.3.3:0

TCP connection: 5.5.5.5.64473 - 3.3.3.3.646 State: Oper; Msgs sent/rcvd: 16/14; Downstream Up time: 00:01:12 LDP discovery sources:

FastEthernet2/1, Src IP addr: 192.168.35.5 Addresses bound to peer LDP Ident:

 

192.168.25.5

192.168.56.5

192.168.35.5

5.5.5.5

R4#show mpls ldp neighbor Peer LDP Ident: 1.1.1.1:0; Local LDP Ident 4.4.4.4:0

11

TCP connection: 1.1.1.1.646 - 4.4.4.4.60958 State: Oper; Msgs sent/rcvd: 3078/3083; Downstream Up time: 1d20h LDP

TCP connection: 1.1.1.1.646 - 4.4.4.4.60958 State: Oper; Msgs sent/rcvd: 3078/3083; Downstream Up time: 1d20h LDP discovery sources:

FastEthernet1/0, Src IP addr: 192.168.14.1 Addresses bound to peer LDP Ident:

192.168.12.1

192.168.13.1

192.168.14.1

1.1.1.1

R5#show mpls ldp neighbor Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 5.5.5.5:0 TCP connection: 2.2.2.2.646 - 5.5.5.5.20372 State: Oper; Msgs sent/rcvd: 14/16; Downstream Up time: 00:01:27 LDP discovery sources:

FastEthernet1/0, Src IP addr: 192.168.25.2 Addresses bound to peer LDP Ident:

 

192.168.12.2

192.168.23.2

192.168.25.2

2.2.2.2

Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 5.5.5.5:0 TCP connection: 3.3.3.3.646 - 5.5.5.5.64473 State: Oper; Msgs sent/rcvd: 14/16; Downstream

Up time: 00:01:27 LDP discovery sources:

 

FastEthernet2/0, Src IP addr: 192.168.35.3 Addresses bound to peer LDP Ident:

 

192.168.13.3

192.168.23.3

192.168.35.3

3.3.3.3

192.168.36.3

Peer LDP Ident: 6.6.6.6:0; Local LDP Ident 5.5.5.5:0 TCP connection: 6.6.6.6.41661 - 5.5.5.5.646

State: Oper; Msgs sent/rcvd: 14/14; Downstream Up time: 00:01:27 LDP discovery sources:

FastEthernet1/1, Src IP addr: 192.168.56.6 Addresses bound to peer LDP Ident:

192.168.36.6 192.168.56.6

6.6.6.6

R6#show mpls ldp neighbor Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 6.6.6.6:0 TCP connection: 3.3.3.3.646 - 6.6.6.6.62211 State: Oper; Msgs sent/rcvd: 11180/11187; Downstream Up time: 6d18h LDP discovery sources:

FastEthernet1/0, Src IP addr: 192.168.36.3 Addresses bound to peer LDP Ident:

192.168.13.3

192.168.23.3

192.168.35.3

3.3.3.3

192.168.36.3

Peer LDP Ident: 5.5.5.5:0; Local LDP Ident 6.6.6.6:0

TCP connection: 5.5.5.5.646 - 6.6.6.6.41661

12

State: Oper; Msgs sent/rcvd: 14/14; Downstream Up time: 00:01:34 LDP discovery sources: FastEthernet1/1, Src IP

State: Oper; Msgs sent/rcvd: 14/14; Downstream Up time: 00:01:34 LDP discovery sources:

FastEthernet1/1, Src IP addr: 192.168.56.5 Addresses bound to peer LDP Ident:

192.168.25.5 192.168.56.5 192.168.35.5 5.5.5.5

Now, let us start by checking the PE-CE routing protocols and check if we are receiving our customers’ routes

Starting from R4

R4#sh ip vrf Name

Default RD

Interfaces

MSSK

100:1

Fa1/1

Fa2/0.49

R4#sh run int f1/1 interface FastEthernet1/1 vrf forwarding MSSK ip address 10.10.47.4 255.255.255.0 speed 100 duplex full ipv6 address 2001:10:47::4/64

R4#ping vrf MSSK 10.10.47.7 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.47.7, timeout is 2 seconds:

!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/51/96 ms

R4#sh ip route vrf MSSK rip

Routing Table: MSSK Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia

- IS-IS inter area, * - candidate default, U - per-user static route

o

- ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+

- replicated route, % - next hop override

Gateway of last resort is not set

R 7.0.0.0/8 [120/1] via 10.10.47.7, 00:00:04, FastEthernet1/1

Let us check the loopback interface on R7

13

R7#sh run int lo0 interface Loopback0 ip address 7.7.7.7 255.255.255.255 ipv6 address 2001::7/128

ip address 7.7.7.7 255.255.255.255 ipv6 address 2001::7/128 So, the subnet mask is not the same as

So, the subnet mask is not the same as advertised, so the first thing that stroke in mind is auto-summary

R7#sh ip protocols *** IP Routing is NSF aware ***

Routing Protocol is "rip" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Sending updates every 30 seconds, next due in 11 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Redistributing: rip Default version control: send version 2, receive version 2

Interface

FastEthernet1/0

Loopback0

Send Recv Triggered RIP Key-chain

2

2

2

2

Automatic network summarization is in effect Maximum path: 4 Routing for Networks:

7.0.0.0

10.0.0.0

Routing Information Sources:

Gateway

Distance

Last Update

10.10.47.4

120

00:00:12

Distance: (default is 120)

Routing Protocol is "bgp 300" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set IGP synchronization is disabled Automatic route summarization is disabled Maximum path: 1 Routing Information Sources:

Gateway

Distance

Last Update

Distance: external 20 internal 200 local 200

R7#sh run | sec router rip router rip version 2 network 7.0.0.0 network 10.0.0.0

14

R7

router

rip

no auto-summary

R7#sh run | sec router rip

version 2 network 7.0.0.0 network 10.0.0.0 no auto-summary

R4#sh ip route vrf MSSK rip

network 10.0.0.0 no auto-summary R4#sh ip route vrf MSSK rip Routing Table: MSSK Codes: L -

Routing Table: MSSK

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia

- IS-IS inter area, * - candidate default, U - per-user static route

o

- ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+

- replicated route, % - next hop override

Gateway of last resort is not set

7.0.0.0/32 is subnetted, 1 subnets

R 7.7.7.7 [120/1] via 10.10.47.7, 00:00:03, FastEthernet1/1

R4#ping vrf MSSK 7.7.7.7 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:

!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 20/32/80 ms

R4#sh run int f2/0.49

interface FastEthernet2/0.49 encapsulation dot1Q 49 vrf forwarding MSSK ip address 10.10.49.4 255.255.255.0 ipv6 address 2001:10:49::4/64

R4#ping vrf MSSK 10.10.49.9 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.49.9, timeout is 2 seconds:

!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/36/116 ms

15

R4#sh ip eigrp vrf MSSK neighbors EIGRP-IPv4 Neighbors for AS(48) VRF(MSSK)

R9#debug eigrp neighbors EIGRP Static Neighbor debugging is on

eigrp neighbors EIGRP Static Neighbor debugging is on R9# *Aug 19 12:35:42.294: EIGRP: Sending HELLO on

R9#

*Aug 19 12:35:42.294: EIGRP: Sending HELLO on Fa1/0.49 - paklen 20

*Aug 19 12:35:42.294:

un/rely 0/0

AS 49, Flags 0x0:(NULL), Seq 0/0 interfaceQ 0/0 iidbQ

So R9 is trying to establish adjacency on AS 49

R4#sh ip protocols vrf MSSK *** IP Routing is NSF aware ***

Routing Protocol is "rip" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Sending updates every 30 seconds, next due in 20 seconds

Invalid after 180 seconds, hold down 180, flushed after 240 Redistributing: rip, bgp 100 Default version control: send version 2, receive version 2

Interface

FastEthernet1/1

Send Recv Triggered RIP Key-chain

2

2

FastEthernet2/0.49

Maximum path: 4 Routing for Networks:

10.0.0.0

2

2

Routing Information Sources:

Gateway

Distance

Last Update

10.10.47.7

120

00:00:26

Distance: (default is 120)

Routing Protocol is "eigrp 48" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Default networks flagged in outgoing updates Default networks accepted from incoming updates Redistributing: rip, bgp 100 EIGRP-IPv4 Protocol for AS(48) VRF(MSSK) Metric weight K1=1, K2=0, K3=1, K4=0, K5=0 NSF-aware route hold timer is 240 Router-ID: 10.10.49.4 Topology : 0 (base) Active Timer: 3 min Distance: internal 90 external 170

16

Maximum path: 4 Maximum hopcount 100 Maximum metric variance 1 Total Prefix Count: 6 Total Redist Count: 5

Automatic Summarization: disabled Maximum path: 4 Routing for Networks:

10.10.49.4/32

Routing Information Sources:

Gateway

Distance

Last Update

Distance: internal 90 external 170

Distance Last Update Distance: internal 90 external 170 Routing Protocol is "bgp 100" Outgoing update filter

Routing Protocol is "bgp 100" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set IGP synchronization is disabled Automatic route summarization is disabled Redistributing: rip Maximum path: 1 Routing Information Sources:

Gateway

Distance

Last Update

Distance: external 20 internal 200 local 200

So R4 is configured for a wrong AS (does not match R9)

R4#sh run | sec router eigrp router eigrp 49

!

address-family ipv4 vrf MSSK autonomous-system 48

redistribute bgp 100 metric 1000 1000 255 1 1500 redistribute rip metric 1000 1000 255 1 1500 network 10.10.49.4 0.0.0.0 exit-address-family

debug eigrp address-family ipv4 vrf MSSK neighbor

R4

router eigrp 49 no address-family ipv4 vrf MSSK autonomous-system 48 address-family ipv4 vrf MSSK autonomous-system 49 redistribute bgp 100 metric 1000 1000 255 1 1500 redistribute rip metric 1000 1000 255 1 1500 network 10.10.49.4 0.0.0.0

17

*Aug 19 15:51:07.885: EIGRP: New peer 10.10.49.9 R4# *Aug 19 15:51:07.885: %DUAL-5-NBRCHANGE: EIGRP-IPv4 49: Neighbor

*Aug 19 15:51:07.885: EIGRP: New peer 10.10.49.9

R4#

*Aug 19 15:51:07.885: %DUAL-5-NBRCHANGE: EIGRP-IPv4 49: Neighbor 10.10.49.9 (FastEthernet2/0.49) is up: new adjacency

R4#sh ip route vrf MSSK eigrp

Routing Table: MSSK

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia

- IS-IS inter area, * - candidate default, U - per-user static route

o

- ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+

- replicated route, % - next hop override

Gateway of last resort is not set

9.0.0.0/32 is subnetted, 1 subnets

D 9.9.9.9 [90/156160] via 10.10.49.9, 00:00:47, FastEthernet2/0.49

R4#ping vrf MSSK 9.9.9.9 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:

!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/50/100 ms

Before moving to the other AS, R7 and R9 belong to the same VRF on the same PE, so

if there is mutual redistribution between the EIGRP process and the RIP process, R7 and R9 should be able to communicate

R7#sh

ip route | inc 9.9.9.9

R7#

Let us check the redistribution on R4

R4#sh

run | sec router rip

router

rip

address-family ipv4 vrf MSSK redistribute bgp 100 metric 15

network 10.0.0.0 no auto-summary version 2 exit-address-family

So , we are not redistributing EIGRP , as well we discovered another error by just looking at the output above which is the metric for BGP redistributed routes , 15

18

which means the packet will die when arriving at the next hop , so two

which means the packet will die when arriving at the next hop , so two actions should be taken now

R4

router

rip

address-family ipv4 vrf MSSK no redistribute bgp 100 metric 15 redistribute bgp 100 metric 1

redistribute eigrp 49 metric 1

R7#sh

ip route | inc 9.9.9.9

R

9.9.9.9 [120/1] via 10.10.47.4, 00:00:13, FastEthernet1/0

R7#ping 9.9.9.9 source lo0 Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:

Packet sent with a source address of 7.7.7.7

!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/50/88 ms

R7#traceroute 9.9.9.9 source lo0 numeric Type escape sequence to abort. Tracing the route to 9.9.9.9

VRF info: (vrf in name/id, vrf out name/id)

1 10.10.47.4 36 msec 16 msec 8 msec

2 10.10.49.9 24 msec * 24 msec

Let us move now to AS 200 and check their CEs

R5#sh

ip vrf

Name

Default RD

Interfaces

MSSK

200:1

Fa2/1.58

R5#sh

run int f2/1.58

interface FastEthernet2/1.58 encapsulation dot1Q 58 vrf forwarding MSSK ip address 10.10.58.5 255.255.255.0 ipv6 address 2001:10:58::5/64 mpls ip

R5#ping vrf MSSK 10.10.58.8 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.58.8, timeout is 2 seconds:

!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/75/144 ms

19

R5#sh ip eigrp vrf MSSK neighbors

EIGRP-IPv4 Neighbors for AS(58) VRF(MSSK)

vrf MSSK neighbors EIGRP-IPv4 Neighbors for AS(58) VRF(MSSK) H Address Interface Hold Uptime SRTT RTO Q

H Address

Interface

Hold Uptime

SRTT

RTO Q

Seq

 

(sec)

(ms)

Cnt Num

 

0

10.10.58.8

Fa2/1.58

11 1w1d

166

996

0

36

R5#sh ip route vrf MSSK eigrp

Routing Table: MSSK

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia

- IS-IS inter area, * - candidate default, U - per-user static route

o

- ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+

- replicated route, % - next hop override

Gateway of last resort is not set

8.0.0.0/32 is subnetted, 1 subnets

D 8.8.8.8 [90/156160] via 10.10.58.8, 1w1d, FastEthernet2/1.58

R5#ping vrf MSSK 8.8.8.8 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/20/32 ms

R6#sh run int f2/0

interface FastEthernet2/0 vrf forwarding MSSK ip address 10.10.106.6 255.255.255.0 speed 100 duplex full ipv6 address 2001:10:106::6/64

R6#ping vrf MSSK 10.10.106.10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.106.10, timeout is 2 seconds:

!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/23/32 ms

R6#sh ip route vrf MSSK rip

Routing Table: MSSK Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

20

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia

- IS-IS inter area, * - candidate default, U - per-user static route

o

- ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+

- replicated route, % - next hop override

Gateway of last resort is not set

R6#

So there are no routes received from R10

R6#sh ip protocols vrf MSSK ? summary Short form answer

|

Output modifiers

<cr>

R6#sh ip protocols vrf MSSK *** IP Routing is NSF aware ***

Routing Protocol is "rip" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set

Sending updates every 30 seconds, next due in 17 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Redistributing: rip, bgp 200 Default version control: send version 2, receive version 2

Interface

FastEthernet2/0

Send Recv Triggered RIP Key-chain

2

2

Maximum path: 4

Routing for Networks:

10.0.0.0

Routing Information Sources:

Gateway

Distance

Last Update

10.10.106.10

120

1w0d

Distance: (default is 120)

Routing Protocol is "bgp 200" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set IGP synchronization is disabled Automatic route summarization is disabled Redistributing: rip Maximum path: 1 Routing Information Sources:

21

Gateway

Distance

Last Update

Distance: external 20 internal 200 local 200

R10#sh ip protocols *** IP Routing is NSF aware ***

200 R10#sh ip protocols *** IP Routing is NSF aware *** Routing Protocol is "rip" Outgoing

Routing Protocol is "rip" Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set Sending updates every 30 seconds, next due in 9 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Redistributing: rip Default version control: send version 1, receive version 1

Interface

FastEthernet1/0

Loopback0

Send Recv Triggered RIP Key-chain

1

1

1

1

Automatic network summarization is not in effect

Maximum path: 4 Routing for Networks:

10.0.0.0

Routing Information Sources:

Gateway

Distance

Last Update

10.10.106.6

120

1w0d

Distance: (default is 120)

Routing Protocol is "bgp 300" Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set IGP synchronization is disabled Automatic route summarization is disabled Neighbor(s):

Address

FiltIn FiltOut DistIn DistOut Weight RouteMap

8.8.8.8

Maximum path: 1

Routing Information Sources:

Gateway

Distance

Last Update

8.8.8.8

200

1w0d

Distance: external 20 internal 200 local 200

As can be seen, the RIP version on R10 is version 1

R10

router rip

version 2

R6#ping vrf MSSK 10.10.10.10 Type escape sequence to abort.

22

Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds: !!!!! Success rate is

Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:

!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/44/72 ms

Now the relations with customers is operational, let us move to the route advertisements

R4#show bgp vpnv4 unicast all summary BGP router identifier 4.4.4.4, local AS number 100

BGP table version is 190, main routing table version 190

11

network entries using 1716 bytes of memory

11

path entries using 880 bytes of memory

6/6 BGP path/bestpath attribute entries using 864 bytes of memory

3

BGP AS-PATH entries using 72 bytes of memory

5

BGP extended community entries using 418 bytes of memory

0

BGP route-map cache entries using 0 bytes of memory

0

BGP filter-list cache entries using 0 bytes of memory

BGP using 3950 total bytes of memory BGP activity 67/53 prefixes, 143/129 paths, scan interval 60 secs

Neighbor

V

AS MsgRcvd MsgSent

TblVer InQ OutQ Up/Down

State/PfxRcd

1.1.1.1

4

100

5003

4996

190

0

0 3d03h

4

R4#show bgp vpnv4 unicast all BGP table version is 190, local router ID is 4.4.4.4

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r

RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x

best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found

Network

Next Hop

Metric LocPrf Weight Path

Route Distinguisher: 100:1 (default for vrf MSSK)

*> 7.7.7.7/32

10.10.47.7

1

32768 ?

*>i 8.8.8.8/32

1.1.1.1

0

100

0 200 ?

*>i 10.10.10.10/32

1.1.1.1

0

100

0 200 ?

*> 10.10.47.0/24

0.0.0.0

0

32768 ?

*> 10.10.49.0/24

0.0.0.0

0

32768 ?

*>i 10.10.58.0/24

1.1.1.1

0

100

0 200 ?

*>i 10.10.106.0/24

1.1.1.1

0

100

0 200 ?

Route Distinguisher: 200:1

 

*>i 8.8.8.8/32

1.1.1.1

0

100

0 200 ?

*>i 10.10.10.10/32

1.1.1.1

0

100

0 200 ?

*>i 10.10.58.0/24

1.1.1.1

0

100

0 200 ?

*>i 10.10.106.0/24

1.1.1.1

0

100

0 200 ?

23

R6#show bgp vpnv4 unicast all BGP table version is 175, local router ID is 6.6.6.6

R6#show bgp vpnv4 unicast all BGP table version is 175, local router ID is 6.6.6.6

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r

RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x

best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found

Network

Next Hop

Route Distinguisher: 100:1

Metric LocPrf Weight Path

* i 7.7.7.7/32

192.168.12.1

0

100

0 100 ?

* i 10.10.47.0/24

192.168.12.1

0

100

0 100 ?

* i 10.10.49.0/24

192.168.12.1

0

100

0 100 ?

Route Distinguisher: 200:1 (default for vrf MSSK)

*

i 7.7.7.7/32

192.168.12.1

0

100

0 100 ?

*>i 8.8.8.8/32

5.5.5.5

156160

100

0 ?

*> 10.10.10.10/32

10.10.106.10

1

32768 ?

* i 10.10.47.0/24

192.168.12.1

0

100

0 100 ?

* i 10.10.49.0/24

192.168.12.1

0

100

0 100 ?

*>i 10.10.58.0/24

5.5.5.5

0

100

0 ?

*> 10.10.106.0/24

0.0.0.0

0

32768 ?

If we looked at the table below, we can see that there are some routes are not installed in the routing table (not best) and the next-hop is 192.168.12.1, which leads us to conclude that we should have next-hop-self with our VPNv4 route reflector

R2#sh run | sec router bgp router bgp 200 bgp log-neighbor-changes no bgp default ipv4-unicast no bgp default route-target filter

neighbor 3.3.3.3 remote-as 200 neighbor 3.3.3.3 update-source Loopback0 neighbor 5.5.5.5 remote-as 200 neighbor 5.5.5.5 update-source Loopback0 neighbor 6.6.6.6 remote-as 200 neighbor 6.6.6.6 update-source Loopback0 neighbor 192.168.12.1 remote-as 100

!

address-family ipv4 network 2.2.2.2 mask 255.255.255.255 network 5.5.5.5 mask 255.255.255.255 neighbor 192.168.12.1 activate

neighbor 192.168.12.1 send-label exit-address-family

!

address-family vpnv4

24

neighbor 3.3.3.3 activate neighbor 3.3.3.3 send-community both neighbor 3.3.3.3 route-reflector-client neighbor 3.3.3.3 next-hop-self neighbor 5.5.5.5 activate neighbor 5.5.5.5 send-community both neighbor 5.5.5.5 next-hop-self neighbor 6.6.6.6 activate neighbor 6.6.6.6 send-community both neighbor 6.6.6.6 route-reflector-client neighbor 192.168.12.1 activate

neighbor 192.168.12.1 send-community both exit-address-family

!

address-family vpnv6 neighbor 3.3.3.3 activate neighbor 3.3.3.3 send-community both

exit-address-family

R2

router bgp 200 address-family vpnv4 neighbor 6.6.6.6 next-hop-self

bgp 200 address-family vpnv4 neighbor 6.6.6.6 next-hop-self R6#show bgp vpnv4 unicast all BGP table version is

R6#show bgp vpnv4 unicast all BGP table version is 181, local router ID is 6.6.6.6

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r

RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x

best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found

Network

Next Hop

Route Distinguisher: 100:1

Metric LocPrf Weight Path

*>i 7.7.7.7/32

2.2.2.2

0

100

0 100 ?

*>i 10.10.47.0/24

2.2.2.2

0

100

0 100 ?

*>i 10.10.49.0/24

2.2.2.2

0

100

0 100 ?

Route Distinguisher: 200:1 (default for vrf MSSK)

*>i 7.7.7.7/32

2.2.2.2

0

100

0 100 ?

*>i 8.8.8.8/32

5.5.5.5

156160

100

0 ?

*> 10.10.10.10/32

10.10.106.10

1

32768 ?

*>i 10.10.47.0/24

2.2.2.2

0

100

0 100 ?

*>i 10.10.49.0/24

2.2.2.2

0

100

0 100 ?

*>i 10.10.58.0/24

5.5.5.5

0

100

0 ?

*> 10.10.106.0/24

0.0.0.0

0

32768 ?

If we looked at R5 BGP VPNv4 table, we can see it’s missing something

25

R5#show bgp vpnv4 unicast all BGP table version is 209, local router ID is 5.5.5.5

R5#show bgp vpnv4 unicast all BGP table version is 209, local router ID is 5.5.5.5

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r

RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x

best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found

Network

Next Hop

Metric LocPrf Weight Path

Route Distinguisher: 200:1 (default for vrf MSSK)

*> 8.8.8.8/32

10.10.58.8

156160

32768 ?

*>i 10.10.10.10/32

6.6.6.6

1

100

0 ?

*> 10.10.58.0/24

0.0.0.0

0

32768 ?

*>i 10.10.106.0/24

6.6.6.6

0

100

0 ?

R2

router bgp 200 address-family vpnv4 neighbor 5.5.5.5 route-reflector-client

R2#

*Aug 20 17:04:09.435: %BGP-5-ADJCHANGE: neighbor 5.5.5.5 Down RR client config change *Aug 20 17:04:09.435: %BGP_SESSION-5-ADJCHANGE: neighbor 5.5.5.5 VPNv4 Unicast topology base removed from session RR client config change *Aug 20 17:04:10.011: %SYS-5-CONFIG_I: Configured from console by console *Aug 20 17:04:10.371: %BGP-5-ADJCHANGE: neighbor 5.5.5.5 Up

But the routes from the other as is not reachable

R5#show bgp vpnv4 unicast all BGP table version is 7, local router ID is 5.5.5.5 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r

RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x

best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found

Network

Next Hop

Metric LocPrf Weight Path

Route Distinguisher: 200:1 (default for vrf MSSK)

*> 8.8.8.8/32

10.10.58.8

156160

32768 ?

*>i 10.10.10.10/32

6.6.6.6

1

100

0 ?

*> 10.10.58.0/24

0.0.0.0

0

32768 ?

*>i 10.10.106.0/24

6.6.6.6

0

100

0 ?

R5#sh run | sec vrf def

26

vrf definition MSSK rd 200:1

!

address-family ipv4 route-target export 200:1

route-target import 200:1 exit-address-family

!

address-family ipv6 route-target export 200:1 route-target import 200:1 route-target import 100:1 exit-address-family

R5

vrf definition MSSK address-family ipv4 route-target import 100:1

MSSK address-family ipv4 route-target import 100:1 R5#sh run | sec vrf def *Aug 20 17:06:46.103:

R5#sh run | sec vrf def *Aug 20 17:06:46.103: %SYS-5-CONFIG_I: Configured from console by console R5#show bgp vpnv4 unicast all BGP table version is 13, local router ID is 5.5.5.5

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r

RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x

best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found

Network

Next Hop

Route Distinguisher: 100:1

Metric LocPrf Weight Path

*>i 7.7.7.7/32

2.2.2.2

0

100

0 100 ?

*>i 10.10.47.0/24

2.2.2.2

0

100

0 100 ?

*>i 10.10.49.0/24

2.2.2.2

0

100

0 100 ?

Route Distinguisher: 200:1 (default for vrf MSSK)

*>i 7.7.7.7/32

2.2.2.2

0

100

0 100 ?

*> 8.8.8.8/32

10.10.58.8

156160

32768 ?

*>i 10.10.10.10/32

6.6.6.6

1

100

0 ?

*>i 10.10.47.0/24

2.2.2.2

0

100

0 100 ?

*>i 10.10.49.0/24

2.2.2.2

0

100

0 100 ?

*> 10.10.58.0/24

0.0.0.0

0

32768 ?

*>i 10.10.106.0/24

6.6.6.6

0

100

0 ?

27

Let us check connectivity within an AS

Let us check connectivity within an AS R7#ping 9.9.9.9 source lo0 Type escape sequence to abort.

R7#ping 9.9.9.9 source lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:

Packet sent with a source address of 7.7.7.7 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 20/44/88 ms

R8#sh ip route eigrp

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia

- IS-IS inter area, * - candidate default, U - per-user static route

o

- ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+

- replicated route, % - next hop override

Gateway of last resort is not set

R8#sh ip eigrp neighbors

EIGRP-IPv4 Neighbors for AS(58)

H

Address

Interface

Hold Uptime

SRTT

RTO Q

Seq

 

(sec)

(ms)

Cnt Num

0

10.10.58.5

Fa1/0.58

12 1w2d

244

1464 0

37

R8

is not installing any route even though the relation is up, so it should be related to

redistribution process on R5 (as R5 is teaching R8 via redistribution from BGP)

R5#sh run | sec router eigrp router eigrp 58

address-family ipv4 vrf MSSK autonomous-system 58 redistribute bgp 200 network 10.10.58.5 0.0.0.0 exit-address-family

We

can see the metric value is not deteremined

R5

router eigrp 58 address-family ipv4 vrf MSSK autonomous-system 58 redistribute bgp 200 metric 1000 1000 255 1 1500

Or we can use the below command

28

R5

router eigrp 58 default-metric 1000 1000 255 1 1500

R5 router eigrp 58 default-metric 1000 1000 255 1 1500 R8#sh ip route eigrp Codes: L

R8#sh ip route eigrp

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia

- IS-IS inter area, * - candidate default, U - per-user static route

o

- ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+

- replicated route, % - next hop override

Gateway of last resort is not set

7.0.0.0/32 is subnetted, 1 subnets

D

EX

7.7.7.7 [170/2818560] via 10.10.58.5, 00:00:20, FastEthernet1/0.58 10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks

D

EX

10.10.10.10/32

 

[170/2818560] via 10.10.58.5, 00:00:20, FastEthernet1/0.58

D

EX

10.10.47.0/24

 

[170/2818560] via 10.10.58.5, 00:00:20, FastEthernet1/0.58

D

EX

10.10.49.0/24

 

[170/2818560] via 10.10.58.5, 00:00:20, FastEthernet1/0.58

D

EX

10.10.106.0/24

[170/2818560] via 10.10.58.5, 00:00:20, FastEthernet1/0.58

R10#ping 8.8.8.8 source lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

Packet sent with a source address of 10.10.10.10

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 48/84/120 ms

Let us now check all customers’ connectivity

R7#tclsh

R7(tcl)#foreach x {

+>(tcl)#7.7.7.7

+>(tcl)#8.8.8.8

+>(tcl)#9.9.9.9

+>(tcl)#10.10.10.10

+>(tcl)#} { ping $x source lo0 } Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:

Packet sent with a source address of 7.7.7.7

29

!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms Type escape sequence

!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

Packet sent with a source address of 7.7.7.7 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 76/117/168 ms Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:

Packet sent with a source address of 7.7.7.7 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/31/40 ms Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:

Packet sent with a source address of 7.7.7.7 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 68/96/128 ms

R9#tclsh

R9(tcl)#foreach x {

+>(tcl)#7.7.7.7

+>(tcl)#8.8.8.8

+>(tcl)#9.9.9.9

+>(tcl)#10.10.10.10

+>(tcl)#} { ping $x source lo0 } Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:

Packet sent with a source address of 9.9.9.9 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 36/61/152 ms Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

Packet sent with a source address of 9.9.9.9

Success rate is 0 percent (0/5) Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:

Packet sent with a source address of 9.9.9.9 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:

Packet sent with a source address of 9.9.9.9

Success rate is 0 percent (0/5)

So R9 is having issues with destinations outside its own AS, let us check its PE router

30

router bgp 100 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 1.1.1.1 remote-as 100

neighbor 1.1.1.1 update-source Loopback0

!

address-family ipv4

exit-address-family

!

address-family vpnv4

neighbor 1.1.1.1 activate neighbor 1.1.1.1 send-community both exit-address-family

!

address-family vpnv6 neighbor 1.1.1.1 activate

neighbor 1.1.1.1 send-community both exit-address-family

!

address-family ipv4 vrf MSSK redistribute rip exit-address-family

!

address-family ipv6 vrf MSSK neighbor 2001:10:47::7 remote-as 300 neighbor 2001:10:47::7 activate neighbor 2001:10:47::7 as-override exit-address-family

neighbor 2001:10:47::7 as-override exit-address-family R4 BGP is not redistributing EIGRP R1#show bgp vpnv4 unicast

R4 BGP is not redistributing EIGRP

R1#show bgp vpnv4 unicast all BGP table version is 141, local router ID is 1.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r

RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x

best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found

Network

Next Hop

Route Distinguisher: 100:1

Metric LocPrf Weight Path

*>i 7.7.7.7/32

4.4.4.4

1

100

0 ?

*>i 10.10.47.0/24

4.4.4.4

0

100

0 ?

*>i 10.10.49.0/24

4.4.4.4

0

100

0 ?

Route Distinguisher: 200:1

*> 8.8.8.8/32 *> 10.10.10.10/32

192.168.12.2

0 200 ?

192.168.12.2

0 200 ?

31

*> 10.10.58.0/24 192.168.12.2 0 200 ? *> 10.10.106.0/24 192.168.12.2 0 200 ? As we can

*> 10.10.58.0/24

192.168.12.2

0 200 ?

*> 10.10.106.0/24

192.168.12.2

0 200 ?

As we can see 9.9.9.9 is missing

R4

router bgp 100 address-family ipv4 vrf MSSK redistribute eigrp 49

R1#show bgp vpnv4 unicast all BGP table version is 144, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r

RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x

best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found

Network

Next Hop

Route Distinguisher: 100:1

Metric LocPrf Weight Path

*>i 7.7.7.7/32

4.4.4.4

1

100

0 ?

*>i 9.9.9.9/32

4.4.4.4

156160

100

0 ?

*>i 10.10.47.0/24

4.4.4.4

0

100

0 ?

*>i 10.10.49.0/24

4.4.4.4

0

100

0 ?

Route Distinguisher: 200:1

*> 8.8.8.8/32 *> 10.10.10.10/32 *> 10.10.58.0/24 *> 10.10.106.0/24

*> 8.8.8.8/32 *> 10.10.10.10/32 *> 10.10.58.0/24 *> 10.10.106.0/24
*> 8.8.8.8/32 *> 10.10.10.10/32 *> 10.10.58.0/24 *> 10.10.106.0/24
*> 8.8.8.8/32 *> 10.10.10.10/32 *> 10.10.58.0/24 *> 10.10.106.0/24

192.168.12.2

192.168.12.2

192.168.12.2

192.168.12.2

0 200 ? 0 200 ? 0 200 ? 0 200 ?

0 200 ? 0 200 ? 0 200 ? 0 200 ?
0 200 ? 0 200 ? 0 200 ? 0 200 ?
0 200 ? 0 200 ? 0 200 ? 0 200 ?

R7#tclsh

R7(tcl)#foreach x {

+>(tcl)#7.7.7.7

+>(tcl)#8.8.8.8

+>(tcl)#9.9.9.9

+>(tcl)#10.10.10.10

+>(tcl)#} { ping $x source lo0 } Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:

Packet sent with a source address of 7.7.7.7 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/8 ms Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

Packet sent with a source address of 7.7.7.7 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 64/78/88 ms

32

Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2

Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:

Packet sent with a source address of 7.7.7.7 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/36/56 ms Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:

Packet sent with a source address of 7.7.7.7 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 80/95/120 ms

R8(tcl)#foreach x {

+>(tcl)#7.7.7.7

+>(tcl)#8.8.8.8

+>(tcl)#9.9.9.9

+>(tcl)#10.10.10.10

+>(tcl)#} { ping $x source lo0 } Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:

Packet sent with a source address of 8.8.8.8 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 56/95/204 ms Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

Packet sent with a source address of 8.8.8.8 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:

Packet sent with a source address of 8.8.8.8 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/74/116 ms Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:

Packet sent with a source address of 8.8.8.8 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/40/60 ms

R9#tclsh

R9(tcl)#foreach x {

+>(tcl)#7.7.7.7

+>(tcl)#8.8.8.8

+>(tcl)#9.9.9.9

+>(tcl)#10.10.10.10

+>(tcl)#} { ping $x source lo0 } Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:

33

Packet sent with a source address of 9.9.9.9 !!!!! Success rate is 100 percent (5/5),

Packet sent with a source address of 9.9.9.9 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/36/48 ms Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

Packet sent with a source address of 9.9.9.9 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 72/86/96 ms Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:

Packet sent with a source address of 9.9.9.9 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:

Packet sent with a source address of 9.9.9.9 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 72/85/112 ms

R10#tclsh

R10(tcl)#foreach x {

+>7.7.7.7

+>8.8.8.8

+>9.9.9.9

+>10.10.10.10

+>} { ping $x source lo0 } Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:

Packet sent with a source address of 10.10.10.10 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 56/124/200 ms Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

Packet sent with a source address of 10.10.10.10 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 24/40/52 ms Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 9.9.9.9, timeout is 2 seconds:

Packet sent with a source address of 10.10.10.10 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 76/92/128 ms Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:

Packet sent with a source address of 10.10.10.10 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

34

Now, let us move to the IPv6 customer’s route exchange R4#show bgp vpnv6 unicast all

Now, let us move to the IPv6 customer’s route exchange

R4#show bgp vpnv6 unicast all summary BGP router identifier 4.4.4.4, local AS number 100 BGP table version is 18, main routing table version 18

3

network entries using 540 bytes of memory

3

path entries using 324 bytes of memory

3/2 BGP path/bestpath attribute entries using 432 bytes of memory

3

BGP AS-PATH entries using 72 bytes of memory

7

BGP extended community entries using 918 bytes of memory

0

BGP route-map cache entries using 0 bytes of memory

0

BGP filter-list cache entries using 0 bytes of memory

BGP using 2286 total bytes of memory BGP activity 76/61 prefixes, 152/137 paths, scan interval 60 secs

Neighbor

V

AS MsgRcvd MsgSent

TblVer InQ OutQ Up/Down

State/PfxRcd

1.1.1.1

4

100

6065

6056

18

0

0 3d19h

1

2001:10:47::7

4

300

15348

15348

18

0

0 1w2d

1

R4#show bgp vpnv6 unicast all BGP table version is 18, local router ID is 4.4.4.4

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r

RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x

best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found

Network

Next Hop

Metric LocPrf Weight Path

Route Distinguisher: 100:1 (default for vrf MSSK)

*> 2001::7/128

2001:10:47::7

0

0 300 i

*>i 2001::8/128

::FFFF:1.1.1.1

0

100

0 200 300 i

Route Distinguisher: 200:1

 

*>i 2001::8/128

::FFFF:1.1.1.1

0

100

0 200 300 i

R4#ping vrf MSSK 2001::7 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001::7, timeout is 2 seconds:

!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/48/148 ms

R5#sh bgp vpnv6 unicast all summary BGP router identifier 5.5.5.5, local AS number 200

BGP table version is 10, main routing table version 10

3

network entries using 540 bytes of memory

3

path entries using 324 bytes of memory

3/1 BGP path/bestpath attribute entries using 432 bytes of memory

35

1 BGP rrinfo entries using 24 bytes of memory 3 BGP AS-PATH entries using 72

1

BGP rrinfo entries using 24 bytes of memory

3

BGP AS-PATH entries using 72 bytes of memory

7

BGP extended community entries using 918 bytes of memory

0

BGP route-map cache entries using 0 bytes of memory

0

BGP filter-list cache entries using 0 bytes of memory

BGP using 2310 total bytes of memory BGP activity 63/48 prefixes, 117/102 paths, scan interval 60 secs

Neighbor

V

AS MsgRcvd MsgSent

TblVer InQ OutQ Up/Down

State/PfxRcd

3.3.3.3

4

200

6026

6036

10

0

0 3d19h

1

2001:10:58::8

4

300

15363

15357

10

0

0 1w2d

1

R5#sh bgp vpnv6 unicast all BGP table version is 10, local router ID is 5.5.5.5

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r

RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x

best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found

Network

Next Hop

Metric LocPrf Weight Path

Route Distinguisher: 100:1

* i 2001::7/128

::FFFF:192.168.13.1

0 100

0 100 300 i

Route Distinguisher: 200:1 (default for vrf MSSK)

* i 2001::7/128

*> 2001::8/128

::FFFF:192.168.13.1

0 100

2001:10:58::8

0 100 300 i

0

0 300 i

R5#ping vrf MSSK 2001::8 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001::8, timeout is 2 seconds:

!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/56/120 ms

From the output above we can tell there is a problem (because routes are not installed as best in BGP VPNv6 routing table)

The next-hop value is not recognized inside AS 200

R3#sh run | sec router bgp router bgp 200 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 2.2.2.2 remote-as 200 neighbor 2.2.2.2 update-source Loopback0

36

neighbor 5.5.5.5 remote-as 200 neighbor 5.5.5.5 update-source Loopback0 neighbor 6.6.6.6 remote-as 200 neighbor 6.6.6.6 update-source Loopback0 neighbor 192.168.13.1 remote-as 100

!

address-family ipv4 exit-address-family

!

address-family vpnv4 neighbor 2.2.2.2 activate

neighbor 2.2.2.2 send-community both exit-address-family

!

address-family vpnv6 neighbor 2.2.2.2 activate neighbor 2.2.2.2 send-community both neighbor 2.2.2.2 route-reflector-client neighbor 2.2.2.2 next-hop-self neighbor 5.5.5.5 activate neighbor 5.5.5.5 send-community both neighbor 5.5.5.5 route-reflector-client neighbor 6.6.6.6 activate neighbor 6.6.6.6 send-community both neighbor 6.6.6.6 route-reflector-client neighbor 6.6.6.6 next-hop-self neighbor 192.168.13.1 activate neighbor 192.168.13.1 send-community both exit-address-family

R3

router bgp 200 address-family vpnv6 neighbor 5.5.5.5 next-hop-self

bgp 200 address-family vpnv6 neighbor 5.5.5.5 next-hop-self R5#sh bgp vpnv6 unicast all BGP table version is

R5#sh bgp vpnv6 unicast all BGP table version is 12, local router ID is 5.5.5.5

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r

RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x

best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found

Network

Next Hop

Route Distinguisher: 100:1

*>i 2001::7/128

::FFFF:3.3.3.3

Metric LocPrf Weight Path

0

100

0 100 300 i

Route Distinguisher: 200:1 (default for vrf MSSK)

37

*>i 2001::7/128 ::FFFF:3.3.3.3 0 100 0 100 300 i *> 2001::8/128 2001:10:58::8 0 0 300

*>i 2001::7/128

::FFFF:3.3.3.3

0

100

0 100 300 i

*> 2001::8/128

2001:10:58::8

0

0 300 i

R7#show bgp ipv6 unicast BGP table version is 9, local router ID is 7.7.7.7

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r

RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x

best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found

Network *> 2001::7/128 *> 2001::8/128

Next Hop ::

Metric LocPrf Weight Path

0

32768 i

2001:10:47::4

0 100 200 100 i

R8#ping 2001::7 source lo0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001::7, timeout is 2 seconds:

Packet sent with a source address of 2001::8 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 64/111/180 ms

Moving now to the carrier support carrier setup between R8 and R10, this aims to maintain connectivity between R8 lo1 and R10 lo1 interfaces

R8#show bgp vpnv4 unicast all summary BGP router identifier 8.8.8.8, local AS number 300 BGP table version is 11, main routing table version 11

1 network entries using 156 bytes of memory

1 path entries using 80 bytes of memory

1/1 BGP path/bestpath attribute entries using 144 bytes of memory

1

BGP AS-PATH entries using 24 bytes of memory

1

BGP extended community entries using 24 bytes of memory

0

BGP route-map cache entries using 0 bytes of memory

0

BGP filter-list cache entries using 0 bytes of memory

BGP using 428 total bytes of memory BGP activity 5/2 prefixes, 6/3 paths, scan interval 60 secs

Neighbor

V

AS MsgRcvd MsgSent

TblVer InQ OutQ Up/Down

State/PfxRcd

10.10.10.10

4

300

42

42

11

0

0 00:33:45

0

R8#show bgp vpnv4 unicast all BGP table version is 11, local router ID is 8.8.8.8

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r

RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x

best-external, a additional-path, c RIB-compressed,

38

Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V

Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found

Network

Next Hop

Metric LocPrf Weight Path

Route Distinguisher: 300:1 (default for vrf ABC)

*> 88.8.8.8/32

0.0.0.0

0

32768 i

We can see , we do not receive any routes

R10#show bgp vpnv4 unicast all summary BGP router identifier 10.10.10.10, local AS number 300 BGP table version is 13, main routing table version 13

2

network entries using 312 bytes of memory

2

path entries using 160 bytes of memory

2/2 BGP path/bestpath attribute entries using 288 bytes of memory

1

BGP extended community entries using 24 bytes of memory

0

BGP route-map cache entries using 0 bytes of memory

0

BGP filter-list cache entries using 0 bytes of memory

BGP using 784 total bytes of memory BGP activity 3/1 prefixes, 3/1 paths, scan interval 60 secs

Neighbor

V

AS MsgRcvd MsgSent

TblVer InQ OutQ Up/Down

State/PfxRcd

8.8.8.8

4

300

42

42

13

0

0 00:34:13

1

R10#show bgp vpnv4 unicast all BGP table version is 13, local router ID is 10.10.10.10 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r

RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x

best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found

Network

Next Hop

Metric LocPrf Weight Path

Route Distinguisher: 300:1 (default for vrf ABC)

*>i 88.8.8.8/32 8.8.8.8 *> 100.10.10.10/32 0.0.0.0

0

0

100

0 i

32768 i

So R8 is not accepting any routes, let us check the import value on R8

R8#sh run | sec vrf def vrf definition ABC rd 300:1

!

address-family ipv4 route-target export 300:1

exit-address-family

39

R8

vrf definition ABC address-family ipv4 route-target import 300:1

definition ABC address-family ipv4 route-target import 300:1 R8#show bgp vpnv4 unicast all BGP table version is

R8#show bgp vpnv4 unicast all BGP table version is 13, local router ID is 8.8.8.8

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r

RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x

best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found

Network

Next Hop

Metric LocPrf Weight Path

Route Distinguisher: 300:1 (default for vrf ABC)

*> 88.8.8.8/32 0.0.0.0 *>i 100.10.10.10/32 10.10.10.10

0

0

32768 i

100

0 i

Let us check MPLS LDP neighborships

R8#show mpls ldp neighbor

Peer LDP Ident: 10.10.58.5:0; Local LDP Ident 8.8.8.8:0 TCP connection: 10.10.58.5.65465 - 8.8.8.8.646 State: Oper; Msgs sent/rcvd: 3229/3234; Downstream Up time: 1d22h LDP discovery sources:

FastEthernet1/0.58, Src IP addr: 10.10.58.5 Addresses bound to peer LDP Ident:

10.10.58.5

R10#show mpls interfaces

Interface

FastEthernet1/0

IP

Tunnel

No

Yes (ldp)

BGP Static Operational

No

No

Yes

So, from R6 side , MPLS IP is not enabled

R6#show mpls interfaces

Interface

IP

Tunnel

BGP Static Operational

FastEthernet1/0

Yes (ldp)

No

No

No

Yes

FastEthernet1/1

Yes (ldp)

No

No

No

Yes

R6#show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S

- Switch, H - Host, I - IGMP, r - Repeater, P - Phone,

D

- Remote, C - CVTA, M - Two-port Mac Relay

40

Device ID Local Intrfce Holdtme Capability Platform Port ID R10.lab.local Fas 2/0 131 R 7206VXR

Device ID

Local Intrfce

Holdtme

Capability Platform Port ID

R10.lab.local

Fas 2/0

131

R

7206VXR

Fas 1/0

R3.lab.local

Fas 1/0

140

R

7206VXR

Fas 2/0

R5.lab.local

Fas 1/1

174

R

7206VXR

Fas 1/1

R6

int f2/0

mpls ip

R6#

*Aug 21 09:05:19.683: %SYS-5-CONFIG_I: Configured from console by console *Aug 21 09:05:19.743: %LDP-5-NBRCHG: LDP Neighbor (vrf MSSK) 10.10.10.10:0 (3) is UP

R8#ping vrf ABC 100.10.10.10 source lo1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 100.10.10.10, timeout is 2 seconds:

Packet sent with a source address of 88.8.8.8 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 52/84/192 ms

R10#ping vrf ABC 88.8.8.8 source lo1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 88.8.8.8, timeout is 2 seconds:

Packet sent with a source address of 100.10.10.10 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 20/74/204 ms

Finally, there is a layer 2 connection that should be established in order to achieve reachability between R8 and R9

R8#sh run int FastEthernet1/0.158 interface FastEthernet1/0.158 encapsulation dot1Q 158 ip address 172.16.89.8 255.255.255.0

R9#sh run int FastEthernet1/0.149 interface FastEthernet1/0.149 encapsulation dot1Q 149 ip address 172.16.89.9 255.255.255.0

So, there should be xconnect configuration in place

R4#show mpls l2transport summary Destination address: 5.5.5.5, total number of vc: 1 0 unknown, 0 up, 1 down, 0 admin down, 0 recovering, 0 standby, 0 hotstandby

41

R5#show mpls l2transport summary Destination address: 4.4.4.4, total number of vc: 1 0 unknown, 0

R5#show mpls l2transport summary Destination address: 4.4.4.4, total number of vc: 1 0 unknown, 0 up, 1 down, 0 admin down, 0 recovering, 0 standby, 0 hotstandby

As we are dealing with Inter-AS xconnect, we should have tags for remote destinations inside each AS which means a redistribution process took place

R1#sh ip bgp BGP table version is 26, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r

RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x

best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found

Network

Next Hop

Metric LocPrf Weight Path

*> 1.1.1.1/32

0.0.0.0

0

32768 i

*> 2.2.2.2/32

192.168.12.2

0

0 200 i

*> 4.4.4.4/32

192.168.14.4

2

32768 i

*> 5.5.5.5/32

192.168.12.2

2

0 200 i

R2#sh ip bgp BGP table version is 25, local router ID is 2.2.2.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r

RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x

best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found

Network

Next Hop

Metric LocPrf Weight Path

*> 1.1.1.1/32

192.168.12.1

0

0 100 i

*> 2.2.2.2/32

0.0.0.0

0

32768 i

*> 4.4.4.4/32

192.168.12.1

2

0 100 i

*> 5.5.5.5/32

192.168.25.5

2

32768 i

R4#show mpls forwarding-table

Local

Outgoing

Prefix

Bytes Label

Outgoing

Next Hop

Label

Label

or Tunnel Id

Switched

interface

16

No Label

7.7.7.7/32[V]

5130

Fa1/1