tag:blogger.com,1999:blog-39340121545983134212024-03-19T03:52:03.564+00:00Networking ExperimentsJigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.comBlogger45125tag:blogger.com,1999:blog-3934012154598313421.post-9997726878071521112022-05-18T12:46:00.001+01:002022-05-18T12:46:35.026+01:00Secure Access Service Edge (SASE) - Part 1<p>There have been major changes in technology trends in the last decade. Digital transformation has accelerated the migration of enterprise applications and workloads from traditional data centers to public cloud. </p><p>The applications are available everywhere and can be accessed from anywhere. The 4G/5G technology and cost-effective Internet circuits have enabled users to work from anywhere. The rigid networks of the past do not work in the new digital economy. Traditional WAN architectures weren't built to support cloud applications. </p><p>These changes have also brought in new challenges. Internet connections are not inherently secure and here is an increase in the usage of BYOD (Bring your own device) which has resulted in the increased attack surface of corporate networks. </p><p>Standard hardware based product life cycle is getting replaced by usage based subscriptions. Businesses are moving from permanently fixed infrastructure to on-demand cloud services. </p><p>Enterprises are looking to extend their security perimeter all the way to the user and provide enhanced user experience and visibility into application performance and usage.</p><p>This is where the SASE architecture comes into play. It contains five major components as below.</p><p>1) <u>Software-Defined Wide Area Network (SDWAN)</u> : Simplifies IT infrastructure control and management by building a virtual WAN over public and private network that securely connects users to their applications.</p><p>2) <u>Secure Web Gateway (SWG)</u> : Provides granular control and visibility to web traffic and enforce appropriate corporate security policies. </p><p>3) <u>Cloud Access Security Broker (CASB)</u> : Helps to manage and protect corporate data that is stored in the cloud. </p><p>4) <u>Zero Trust Network Access (ZTNA)</u> : Connects distributed users with distributed applications without compromising on security or user experience.</p><p>5) <u>Firewall-as-a-Service (FWaas)</u> : Cloud service that provides advanced security to the infrastructure, applications, and platforms managed and hosted by an organization in its cloud infrastructure.</p><p>We will now look into each of these components in detail.</p><p><b><u>SDWAN:</u></b></p><p>In the traditional networks, service providers would give customer a link at each of their locations which would enable any to any full mesh connectivity. The service providers would use VPN technology to create tunnels between various end points, appear to be directly connected to the remote customer devices.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-FgsRAtPHbhVmDarf2m1AD5tH7OnBuXgaxEa7b9u2B8MZCmeOUq9OMghqHMxBn8QE5MPnMdStCxjmrR9CGrVan34lD-o-hrNLgZrtpem5cdJxfurUoNUhPZJMb0w4FrWOsgNxjk8Mbv2GvFVNyVupHMfIXp4JpZSCtiDYNrjRqQDnHrxzaPKIoKxk/s4258/Full%20Mesh%20WAN.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="4154" data-original-width="4258" height="312" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-FgsRAtPHbhVmDarf2m1AD5tH7OnBuXgaxEa7b9u2B8MZCmeOUq9OMghqHMxBn8QE5MPnMdStCxjmrR9CGrVan34lD-o-hrNLgZrtpem5cdJxfurUoNUhPZJMb0w4FrWOsgNxjk8Mbv2GvFVNyVupHMfIXp4JpZSCtiDYNrjRqQDnHrxzaPKIoKxk/s320/Full%20Mesh%20WAN.jpg" width="320" /></a></div><br /><p>The internet breakout in such a network would be from a central location or from a specific branch office.</p><p>Key challenges with this architecture are</p><p>- Expensive Bandwidth : The MPLS circuits normally cost more than Internet access. If a branch office has two circuits implemented as active/passive, the backup circuit would seat idle until the primary link fails. It is difficult to achieve load sharing between redundant links.</p><p>- Failover : In an active/passive setup, failover is completely dependent upon the state of the link (up/down). </p><p>- Control : Configuration is done locally on each individual router. Any policy change would require manual change on each device.</p><p>- Visibility : There is a very little application level visibility with such architecture. One has to rely on external tools to get necessary application data.</p><p>The SDWAN solution has the following key components</p><p><u>Management </u>: Centralized management, configuration and monitoring</p><p>- Single Pane of glass</p><p>- Configuration creating and management</p><p>- Centralized deployment system</p><p>- Simplified on-boarding process</p><p><u>Control Plane</u>: Distribution of reachability of information</p><p>- Tunnel creation</p><p>- Route advertisement</p><p>- Auto-discovery</p><p>- Topology management</p><p><u>Data Plane</u>: Data Transport</p><p>- Tunneling and encapsulation</p><p>- Encryption</p><p>- Data forwarding and path selection</p><p>- Implementation of the security process</p><p>SDWAN can utilize any underlay transport such as MPLS, DIA or LTE to build overlay tunnels for enterprise traffic. Customer can choose which physical path to use based on path properties, security policies, application type, user groups, path stability etc.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDBqGWbYjAanr7FKyjs3usBEPZfhHJQ5jxck08P_yB-7_pquOYfT3KKCE9hTdzSWjZmiAp7FyRTsJexyWB1JWtX1cM4IgkoecxHfG9NrJZc0bqTpD_5svGQSUVeS5kCtbC9HriR2AJHPz5ddpSd2-4f8Azht9zSzIAR2E37KzGzWE_u4GrT1_1j352/s4154/SDWAN.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="4154" data-original-width="2833" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDBqGWbYjAanr7FKyjs3usBEPZfhHJQ5jxck08P_yB-7_pquOYfT3KKCE9hTdzSWjZmiAp7FyRTsJexyWB1JWtX1cM4IgkoecxHfG9NrJZc0bqTpD_5svGQSUVeS5kCtbC9HriR2AJHPz5ddpSd2-4f8Azht9zSzIAR2E37KzGzWE_u4GrT1_1j352/s320/SDWAN.jpg" width="218" /></a></div><br /><p>We will look at the remaining components of SASE architecture in second part of the blog.</p><div><div class="separator" style="clear: both; text-align: center;"><br /></div></div>Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com0tag:blogger.com,1999:blog-3934012154598313421.post-50690119880909111692016-05-31T22:51:00.000+01:002016-05-31T22:53:43.120+01:00Containers (Docker) - OS Virtualization<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: justify;">
<span style="font-family: "verdana" , sans-serif;">Lately I have been looking at some application virtualization stuff. Majority of us are aware of how server virtualization works however the concept of application virtualization is relatively new.</span></div>
<div style="text-align: justify;">
<span style="font-family: "verdana" , sans-serif;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: "verdana" , sans-serif;">To understand what it is, let's first see what server virtualization is. In the old days, organizations used to keep physical servers to run their applications. Normally one physical server would be used to run one or two specific applications. Depending on the number of applications, companies had to maintain server farms which meant management of multiple Hardwares and Softwares, paying for CoLo space and electricity bill for all the physical devices.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<div style="text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjj5R2A7i6yY0elILQnETO5dO2YDe9jEjofjPPXCVnLlxerKy75UuhjiTPUFWSRlYnXPydAojAl2C3AMUlmKtP00jFdRmugi6pNfttP8eTUpTYRf9u804ubj-fHMWZgmilmiD7MQGZsE34/s1600/1.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="332" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjj5R2A7i6yY0elILQnETO5dO2YDe9jEjofjPPXCVnLlxerKy75UuhjiTPUFWSRlYnXPydAojAl2C3AMUlmKtP00jFdRmugi6pNfttP8eTUpTYRf9u804ubj-fHMWZgmilmiD7MQGZsE34/s640/1.jpg" width="640" /></a><span style="font-family: "verdana" , sans-serif;"><br /></span></div>
</div>
<div style="text-align: justify;">
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;"></span><br />
<a name='more'></a><span style="font-family: "verdana" , sans-serif;"><br /></span><br />
<span style="font-family: "verdana" , sans-serif;"></span></div>
<div style="text-align: justify;">
<span style="font-family: "verdana" , sans-serif;"></span></div>
<div style="text-align: justify;">
<span style="font-family: "verdana" , sans-serif;">Over the years, physical resources became more powerful and the software applications were not able to fully utilize them. Then came "VMware"! VMware introduced the concept of "Hypervisor" which allowed multiple operating systems to share a single hardware host. Each operating system can access physical hosts' processor, memory, NICs and other resources. Effectively customer can buy few hardwares and run multiple operating systems on it. Each OS can use the resources of the physical box and run specific applications. By using this technology, organization can reduce their OPEX and CAPEX significantly.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<div style="text-align: center;">
<span style="font-family: "verdana" , sans-serif;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgu3Lt9y3Nk38G6nxR7tVEIZr5tz5JspW4E-zpLR9eh1wR4Qg3lnikUlT_ZhPLeLrGLGch85oGZTRehwOGHE4GmKBpWgF6Uqafft6VaTm7mJ3zzVCYvt9gxM34WkshRfA36rBzx1Jy65Z0/s1600/2.jpg" imageanchor="1"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgu3Lt9y3Nk38G6nxR7tVEIZr5tz5JspW4E-zpLR9eh1wR4Qg3lnikUlT_ZhPLeLrGLGch85oGZTRehwOGHE4GmKBpWgF6Uqafft6VaTm7mJ3zzVCYvt9gxM34WkshRfA36rBzx1Jy65Z0/s1600/2.jpg" /></a></span></div>
</div>
<div style="text-align: justify;">
<span style="font-family: "verdana" , sans-serif;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: "verdana" , sans-serif;">Now a days, we frequently come across the word like "Containers". Containers are another type of virtualization. They don't use hardware emulation. Each "Container" includes the application and all of its dependencies, but share the kernel with other containers. It runs as an isolated process on the host operating system. This technology eliminates the need of a separate Guest OS to run various applications.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<div style="text-align: center;">
<span style="font-family: "verdana" , sans-serif;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEieGEYcxCfPTzs0h1EsAGoXr77f1LG5zT_I6vZoTVN9OeoHrdhxMQRe78OBQ7JTqOqa4BgGplu4lqIC7tWNKrTVEWo6gSSO2ykA-9XbbCAz2I5eYq609LOKWgfkxdQK2B1Dg7cyN2SBouQ/s1600/3.jpg" imageanchor="1"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEieGEYcxCfPTzs0h1EsAGoXr77f1LG5zT_I6vZoTVN9OeoHrdhxMQRe78OBQ7JTqOqa4BgGplu4lqIC7tWNKrTVEWo6gSSO2ykA-9XbbCAz2I5eYq609LOKWgfkxdQK2B1Dg7cyN2SBouQ/s1600/3.jpg" /></a></span></div>
</div>
<div style="text-align: justify;">
<span style="font-family: "verdana" , sans-serif;"><br /></span></div>
<div style="text-align: justify;">
<br />
<span style="font-family: "verdana" , sans-serif;">"Docker" is one such open source project which automates deployment of applications in containers. Docker allows applications to use the same Linux kernel as the system that they're running on. Docker packages an application and all its dependencies in such a way that it doesn't require a full-fledged virtual machine to run, you can shove as many applications as you want onto a single host Linux operating system. For example, if you're running Ubuntu on your home PC, </span><span style="font-family: "verdana" , sans-serif;">and you package up your applications e.g. web servers and databases into a Docker container, they'll run fine on any Linux distro even if it's running on a private cloud, a physical server or AWS/Azure.</span></div>
<div style="text-align: justify;">
<span style="font-family: "verdana" , sans-serif;"><br /></span></div>
<div style="text-align: justify;">
<span style="font-family: "verdana" , sans-serif;">More information about the Docker can be found from <a href="https://www.docker.com/">https://www.docker.com/</a></span></div>
<div style="text-align: justify;">
<span style="font-family: "verdana" , sans-serif;"><br /></span></div>
<div style="text-align: justify;">
<br /></div>
</div>
Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com1tag:blogger.com,1999:blog-3934012154598313421.post-34370438767242073012016-03-30T23:53:00.000+01:002016-04-07T09:45:00.523+01:00Migration Methods<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: "verdana" , sans-serif;">In this post, we will discuss various options to migrate customer's network from one service provider to other service provider. </span><br />
<br />
<span style="font-family: "verdana" , sans-serif;">Let's assume that you work for an enterprise customer with three sites. All the sites are currently connected through a Layer 3 IPVPN solution provided by service provider A.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6DIZrB87w5cbfbnGLqDMSCiXuJE4gR7wOrR9ao6uCrs7RLYYP5V5edB-dzIHITj9Z8qE4J4xxnFfc08XURXXiqwAD-GWhTGh-oQd1a_nkAkpUtOwQEy2WuKa1ZxoC-rZ7ZRM7sZkDkDQ/s1600/1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6DIZrB87w5cbfbnGLqDMSCiXuJE4gR7wOrR9ao6uCrs7RLYYP5V5edB-dzIHITj9Z8qE4J4xxnFfc08XURXXiqwAD-GWhTGh-oQd1a_nkAkpUtOwQEy2WuKa1ZxoC-rZ7ZRM7sZkDkDQ/s400/1.jpg" width="305" /></a></div>
<a name='more'></a><br />
<span style="font-family: "verdana" , sans-serif; text-align: justify;">Now lets say there is a new service provider "B" which can offer a similar Layer 3 VPN solution with better SLA and reduced cost and your task is to migrate
all three sites from existing provider to new provider as seamless as possible. </span><br />
<div class="MsoNormal">
<span style="font-family: "verdana" , sans-serif;"><br /></span></div>
<div class="MsoNormal">
<span style="font-family: "verdana" , sans-serif;">What are the ways to do this?</span></div>
<div class="MsoNormal">
<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "verdana" , sans-serif;"><b>1.</b> <b>Big Bang:- </b>The first method of doing this is what I called a "Big Bang" approach.
In this method, you will have to make sure that the circuits from SP2 are installed
on all the sites. After that you can schedule a migration time windows
during which you will have to disconnect SP1 circuits from all the sites and start
using new circuits. This migration technique may be used in smaller networks but
not ideal for medium to large networks. </span><o:p></o:p></div>
<div class="MsoNormal">
<span style="font-family: "verdana" , sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkR6UHyqZSrEThxWkxKrh6uQYhWuqAM7-Va2eavnddG64cuMCzN7ms-02Tpn8U31byoW7teEJ72STM0gukyhxQm_u917y1O13c2GLHeFoNgmmLqh3TJkvx6vPUvUgF0HCaMaUJ27MtNzA/s1600/2.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkR6UHyqZSrEThxWkxKrh6uQYhWuqAM7-Va2eavnddG64cuMCzN7ms-02Tpn8U31byoW7teEJ72STM0gukyhxQm_u917y1O13c2GLHeFoNgmmLqh3TJkvx6vPUvUgF0HCaMaUJ27MtNzA/s640/2.jpg" width="640" /></a></div>
<div class="MsoNormal">
<span style="font-family: "verdana" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "verdana" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "verdana" , sans-serif;"><b>2. Transit Site:- </b>The second method of doing this is by using either your HQ or DC as a transit site. As shows in the
diagram we will have to exchange routes between old and the new network by
using either static routes or dynamic routing protocols. </span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "verdana" , sans-serif;">Once a site migrates
from SP1 to SP2, the traffic between migrated and non migrated sites will
traverse through this transit site. The benefits of using this method is that
you can plan the migration according to their requirements. You, the customer will
be in charge of routing so minimum input is required from the both the service providers. </span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "verdana" , sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCGLuHjCWutkVZZBMtalmq3IMh2tbWAfUOwDle4VLJ2eN7ia_uOBiDPe8WV7BD91VkT2-A8cmBITvD4hOD7Eszh2Q1t_7jVqx1Jyi8Mu8ZvZdGn2102b6fHn3koJIvEYV5bKXHQdlQQTM/s1600/3.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="391" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCGLuHjCWutkVZZBMtalmq3IMh2tbWAfUOwDle4VLJ2eN7ia_uOBiDPe8WV7BD91VkT2-A8cmBITvD4hOD7Eszh2Q1t_7jVqx1Jyi8Mu8ZvZdGn2102b6fHn3koJIvEYV5bKXHQdlQQTM/s400/3.jpg" width="400" /></a></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "verdana" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<br /></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "verdana" , sans-serif;">However during the migration phase, all the traffic between migrated
and non migrated sites will trombone through the transit site so you will have
to spec up the bandwidth of the transit site accordingly. Also lets say in this
example, if the HQ is in Germany which is a transit location and both the remote
offices are in London. In normal condition, one remote office will talk to the
other remote office directly. If one site gets migrated then the traffic
between both the sites in London will traverse through Germany which means
increase in RTD. So the scheduling of migration is also very important factor.</span></div>
<div class="MsoNormal">
<br />
<o:p></o:p></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNUAu6Igc9DauE4hVeQw31kAXTWt-JKnhrKIbDN3XaKgQzYJs_RPFaqA8gdy-QUc8J9XuP-QQlpeC1hyrFc08ahzrVX68jPPYkQpSwyipuhEXdcO9VPIb1HD2VXv8bgIpd8M_cVVpK2O0/s1600/7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="385" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiNUAu6Igc9DauE4hVeQw31kAXTWt-JKnhrKIbDN3XaKgQzYJs_RPFaqA8gdy-QUc8J9XuP-QQlpeC1hyrFc08ahzrVX68jPPYkQpSwyipuhEXdcO9VPIb1HD2VXv8bgIpd8M_cVVpK2O0/s400/7.png" width="400" /></a></div>
<div class="MsoNormal">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "verdana" , sans-serif;"><b>3. SP NNI:-</b> The third method of migration is by using an NNI between
service providers. In this method, both the service providers will setup a
connection or connections, at a common location to exchange the routes. As the
site migrates, the NNI will be used as a transit point for the customer sites.
It is very similar to the previous option we saw. </span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "verdana" , sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh32-vO3UJQ4EAdiYy_oK4oTQplW9i9jSpbz15w1zRZ_89zwld2Le7p7CSUYJOzRH_Q8srkfaoLk_xpFRQXt6TmGZg8zRRgh2DmOSzqFs3eoLSCtnOcRV8vdetQIz8GiR8Z0b-qsuwaFHQ/s1600/5.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="252" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh32-vO3UJQ4EAdiYy_oK4oTQplW9i9jSpbz15w1zRZ_89zwld2Le7p7CSUYJOzRH_Q8srkfaoLk_xpFRQXt6TmGZg8zRRgh2DmOSzqFs3eoLSCtnOcRV8vdetQIz8GiR8Z0b-qsuwaFHQ/s400/5.jpg" width="400" /></a></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "verdana" , sans-serif;"><br /></span></div>
<div class="MsoNormal" style="text-align: justify;">
<span style="font-family: "verdana" , sans-serif;">T</span><span style="font-family: "verdana" , sans-serif;">he key difference here is
that we are not using customer site for the connectivity which means customer
will have to provider less input however it also means that customer will
have</span><span style="font-family: "verdana" , sans-serif;"> </span><span style="font-family: "verdana" , sans-serif;">less control and visibility of the
traffic during migration. Obviously customer will also have to consider the additional
costs of this circuit.</span></div>
<div class="MsoNormal">
<span style="font-family: "verdana" , sans-serif;"><o:p></o:p></span></div>
<div class="MsoNormal">
<span style="font-family: "verdana" , sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhI5UbVwURyH2cdhqNUEBtBPaCX6DE1yy1kckDJ7zVdyDTBnEr4PwuO1vGqPbJLg2Yawsp3pqAOggJL4DmhOpoMBfZuyXC_lCd8D_KO0MBVf-TNhmHLSt4x3Qr1NwU4Wg18Q__EPAMDVVY/s1600/8.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="250" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhI5UbVwURyH2cdhqNUEBtBPaCX6DE1yy1kckDJ7zVdyDTBnEr4PwuO1vGqPbJLg2Yawsp3pqAOggJL4DmhOpoMBfZuyXC_lCd8D_KO0MBVf-TNhmHLSt4x3Qr1NwU4Wg18Q__EPAMDVVY/s400/8.jpg" width="400" /></a></div>
<div class="MsoNormal">
<span style="font-family: "verdana" , sans-serif;"><br /></span></div>
<div class="MsoNormal">
<span style="font-family: "verdana" , sans-serif;">In future posts, we will see how we can write migration plan.</span></div>
</div>
Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com4tag:blogger.com,1999:blog-3934012154598313421.post-20596361056985524352016-02-14T11:50:00.002+00:002016-02-14T11:52:17.830+00:00MPLS Traffic Engineering<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: "verdana" , sans-serif;">In this post, we will discuss about MPLS Traffic Engineering. To understand where it can be used and what problems it can resolve, let's look at the below topology.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTIlvwFudfLLCF8YpaOZ3KGziQ4kVoE2Ms_X7D899Ta7yE0AN5i-TZ0xU4DJjyn7cnSdDfxvgYsp4EbVapAUF0r0SnM9iH0HG3snBRYLfMM7ZLna6OQB-OB1XfDgqBo9Kye2Ouiwb6-Vs/s1600/Drawing1.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="380" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTIlvwFudfLLCF8YpaOZ3KGziQ4kVoE2Ms_X7D899Ta7yE0AN5i-TZ0xU4DJjyn7cnSdDfxvgYsp4EbVapAUF0r0SnM9iH0HG3snBRYLfMM7ZLna6OQB-OB1XfDgqBo9Kye2Ouiwb6-Vs/s640/Drawing1.jpg" width="640" /></a></div>
<span style="font-family: "verdana" , sans-serif;"></span>
<span style="font-family: "verdana" , sans-serif;"></span>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">The CE1 and CE2 are customer edge devices with LAN subnet of 1.1.1.1/32 and 7.7.7.7/32 respectively. They are connected with corresponding PE1 and PE2. We are running OSPF and LDP in the service provider core. Both the PE devices exchange VPN labels via MP-BGP and transport label via LDP. </span><br />
<a name='more'></a><br />
<span style="font-family: "verdana" , sans-serif;">In normal condition, if a packet originates from 1.1.1.1 towards 7.7.7.7, it will reach PE1. PE1 would forward it to P1 based on the OSPF cost to reach PE2. The reason packet will not be forwarded to P2 is because OSPF calculates the least cost path through P1. </span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">The problem here is that the backup path through P2 and P3 will sit idle which will result in waste of bandwidth. We cannot solve this problem by manipulating the IGP metric. What can be done to resolve this issue?</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span><span style="font-family: "verdana" , sans-serif;">We can use RSVP-TE and CSPF (Constrained SPF) to overcome this issue through MPLS Traffic Engineering.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">RSVP was used in the Inteserve model of QoS. It is modified to support MPLS which is known as RSVP-TE.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">CSPF is used to overcome the limitations of normal OSPF explained in the above topology. Normally OSPF uses bandwidth to calculate the metric however CSPF uses additional factors such as affinity, administrative weight and explicitly defined path as well. </span>
<span style="font-family: "verdana" , sans-serif;"><br />Now let's see how we can use MPLS-TE in our topology.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span><span style="font-family: "verdana" , sans-serif;">At the moment, if we traceroute to 7.7.7.7 from CE1 with the source as 1.1.1.1, we can see the traffic goes through P1.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgII65oXaYqm1iUoTLx-z2K2eC0pisaF5fNk9pc1u1xFwDeellrknlVRkiflwlbqISNO6Xa4PenseUGghAAJbs-QLmu9A8Da65MIKUnQGMTW8U2aqKKgwNFBq_jSLK5qxtAu0LlXrD_Xfs/s1600/1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgII65oXaYqm1iUoTLx-z2K2eC0pisaF5fNk9pc1u1xFwDeellrknlVRkiflwlbqISNO6Xa4PenseUGghAAJbs-QLmu9A8Da65MIKUnQGMTW8U2aqKKgwNFBq_jSLK5qxtAu0LlXrD_Xfs/s1600/1.PNG" /></a></div>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">Similarly traceroute from CE2 to CE1 takes the same path based on the best IGP metric.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgK8guAkSCpjEMzbLd6H2E0JW4_CwNq04EP-lx_szXYxaFGAp1A7ZwcSkuuUyg4tuV2-N4A9gtyj9x5db1JtJPNALFx9sI7sHswq300L7j_Li1oKhx1gW0WqKTu1ZPH2zYGZjOUMoQvY7M/s1600/2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgK8guAkSCpjEMzbLd6H2E0JW4_CwNq04EP-lx_szXYxaFGAp1A7ZwcSkuuUyg4tuV2-N4A9gtyj9x5db1JtJPNALFx9sI7sHswq300L7j_Li1oKhx1gW0WqKTu1ZPH2zYGZjOUMoQvY7M/s1600/2.PNG" /></a></div>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">In normal situation, it's not possible to use the path through PE1-P2-P3-PE2 due to the high OSPF cost. </span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">By using MPLS-TE, we can force the traffic to use this alternate path through P2 and P3.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">The first step is to enable MPLS-TE support globally on all the routers within service provider environment. I have just shared the output from PE1 for brevity. </span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxnkSB0Zu0Y8OwCHedy4oauZV4Si7LnNDjTibxCIcei-SAhDxqAMd3qWxpRqVQqzhHurHKe4fJDNAbu5yOXlDCQHIWQKPf_T3y5ivZAKENwG_U2gcogtIxaMJ-RoBx7WQ_bx7MUJwxpTQ/s1600/3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="25" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxnkSB0Zu0Y8OwCHedy4oauZV4Si7LnNDjTibxCIcei-SAhDxqAMd3qWxpRqVQqzhHurHKe4fJDNAbu5yOXlDCQHIWQKPf_T3y5ivZAKENwG_U2gcogtIxaMJ-RoBx7WQ_bx7MUJwxpTQ/s400/3.PNG" width="400" /></a></div>
<span style="font-family: "verdana" , sans-serif;"><br /></span><span style="font-family: "verdana" , sans-serif;">Next step is to enable the MPLS TE support and RSVP on the individual interfaces on all the devices. </span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiNMfOR8-neWieNEltltns5TDqno-oahJ303COX8MwKc6wY8we-OBrsxoUwLdwsTbl4ZI_yA1cL-eBbJCUXXyrZ7dAVzp4NCSCGQAG5fNffzHZmVyNKTCdA0EyPmjbEOOg8rn1vvmSiq8/s1600/4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="142" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiNMfOR8-neWieNEltltns5TDqno-oahJ303COX8MwKc6wY8we-OBrsxoUwLdwsTbl4ZI_yA1cL-eBbJCUXXyrZ7dAVzp4NCSCGQAG5fNffzHZmVyNKTCdA0EyPmjbEOOg8rn1vvmSiq8/s400/4.PNG" width="400" /></a></div>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">You can also specify the amount of interface bandwidth (in kbps) allocated for RSVP flows. In our case we have just simply enabled the RSVP. </span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">RSVP assigns labels to the LSPs. The headend of the tunnel (PE1 in our scenario) sends PATH messages towards tailend (PE2). The tailend sends RESV messages with a lable towards headend.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">The third step is to enable TE support in IGP. </span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgy76LGEx_A0dBOtIFBPnBwJkvxdGgDCkMCn4DittNz5ZVguJwszaZvMzcWrxUTTCzPlE7KQjJxn1BnRM8VcZW30SWJml0Cw-WjiQ6XIzFLNKyxmoWXNVOp6GwgpE8xIRIdNy9OmdzbpWs/s1600/5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="70" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgy76LGEx_A0dBOtIFBPnBwJkvxdGgDCkMCn4DittNz5ZVguJwszaZvMzcWrxUTTCzPlE7KQjJxn1BnRM8VcZW30SWJml0Cw-WjiQ6XIzFLNKyxmoWXNVOp6GwgpE8xIRIdNy9OmdzbpWs/s640/5.PNG" width="640" /></a></div>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">We have first configured the router-id as local loopback (must be /32) and enabled TE in area 0. Again this needs to be done on all the devices.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">Now we will configure the TE tunnel interface. We will build the tunnel between PE1 and PE2.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: "verdana" , sans-serif;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBe29YEfXDGXoYVSS-b6jYoITBlHiy8iBTloHrV9lv6odta14UWtitXWL4WfrKqOV9WreZksogX-ydAdk_j5sOix1v-6M93VlIqQ0gCXZQYo07IA56DPLhyphenhyphengbbS0c6MUTYC36y7Kftn9E/s1600/7.PNG" imageanchor="1"><img border="0" height="122" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBe29YEfXDGXoYVSS-b6jYoITBlHiy8iBTloHrV9lv6odta14UWtitXWL4WfrKqOV9WreZksogX-ydAdk_j5sOix1v-6M93VlIqQ0gCXZQYo07IA56DPLhyphenhyphengbbS0c6MUTYC36y7Kftn9E/s640/7.PNG" width="640" /></a></span><br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3GVaWc8bupm0RcEOCXK64B5mm_ccxC3f17Se5tB823ghXwqzwyQGfpuNUqkXxRt56uITNS6BFmxLdRng2mz48XNfwIDhdKP0hyvuFWY1HprsGQXHtu6F9ZCDStb0selRFruEBxNZq_Lg/s1600/8.PNG" imageanchor="1"><img border="0" height="124" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3GVaWc8bupm0RcEOCXK64B5mm_ccxC3f17Se5tB823ghXwqzwyQGfpuNUqkXxRt56uITNS6BFmxLdRng2mz48XNfwIDhdKP0hyvuFWY1HprsGQXHtu6F9ZCDStb0selRFruEBxNZq_Lg/s640/8.PNG" width="640" /></a><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">The command "autoroute announce" is used to advertise the TE tunnel into the IGP. We can also configure a static route for the tunnel destination through the tunnel interface. </span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">The command "path-option xx dynamic" makes the tunnel use a path which is dynamically calculated. The number xx (10 in our case) is the preference for this path option. It can be used in the scenario where we have multiple paths configured.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">The TE tunnel should be up and running now. We can verify it as below.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitQXvSK4v2VXJqRNmbKsevHw5uVZzK5KSTIjZAfnc0uqn5tdM2uYVnUNHhnLXRBSWvKTLC6_jltvKmMg8LsXhaxXdZujquqnoSN7sQstd4P1daH6qioAqymln-WvBFhNnp5_fXBe9Oo-s/s1600/9.PNG" imageanchor="1"><img border="0" height="118" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitQXvSK4v2VXJqRNmbKsevHw5uVZzK5KSTIjZAfnc0uqn5tdM2uYVnUNHhnLXRBSWvKTLC6_jltvKmMg8LsXhaxXdZujquqnoSN7sQstd4P1daH6qioAqymln-WvBFhNnp5_fXBe9Oo-s/s640/9.PNG" width="640" /></a></span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">I have just shown a part of the output here which confirms that TE tunnel is up and running.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">If we do a traceroute from CE1 to CE2 again</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhha3scB4NxLhoji5ibKD4GHIqELUw6vNcWd8OxIv2yDvjNKysP1c3FyAsLoPBIKbuqkzPGjIQysdzFVNSVeqG13ucXgBRhjClofEzhcSqhmoPspTpCSkjrLxcC-8p2vx_DHg8bccUgs_U/s1600/10.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhha3scB4NxLhoji5ibKD4GHIqELUw6vNcWd8OxIv2yDvjNKysP1c3FyAsLoPBIKbuqkzPGjIQysdzFVNSVeqG13ucXgBRhjClofEzhcSqhmoPspTpCSkjrLxcC-8p2vx_DHg8bccUgs_U/s1600/10.PNG" /></a></div>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">The packets are still going through P1 however the label numbers are now different than the previous traceroute.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">In the above output, 23 is the VPN label and 25 is the label assigned for tunnel. This can be verified by the below.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiO9cRRSiK1JEsbbUMVjbH-9_eZnDH4DmUn9YXgIZ83HPuqo2n19HbzRLmwQtCbkqKLsuX6jYUytMXCWsZb0c8RHDtQxO-UF2_hglmHA6fwO-C7YydkYCwCwiOOGw8Ik_tGPGYAozkCW0Y/s1600/12.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiO9cRRSiK1JEsbbUMVjbH-9_eZnDH4DmUn9YXgIZ83HPuqo2n19HbzRLmwQtCbkqKLsuX6jYUytMXCWsZb0c8RHDtQxO-UF2_hglmHA6fwO-C7YydkYCwCwiOOGw8Ik_tGPGYAozkCW0Y/s1600/12.PNG" /></a></div>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtRb5hA67VzG-RFMmzaUWL0pEmccpy-P7J6lhwZpIYWA4J7-DkpcJU9cucVM2R_TYWvR8fnW2xGxYEy4s1hLGQPP1PD531vitcrLc0UztR3FRIl9cVsEXLKmLGve-sV0SMOI7J-qbzGh4/s1600/11.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtRb5hA67VzG-RFMmzaUWL0pEmccpy-P7J6lhwZpIYWA4J7-DkpcJU9cucVM2R_TYWvR8fnW2xGxYEy4s1hLGQPP1PD531vitcrLc0UztR3FRIl9cVsEXLKmLGve-sV0SMOI7J-qbzGh4/s1600/11.PNG" /></a></div>
<span style="font-family: "verdana" , sans-serif;">This confirms that the traffic is going through the tunnel however it's still going through P1. We will have to configure explicit-path option to force the traffic to follow the path through P2 and P3.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvWE2GEzpqb_R0o53tMvvy7YGbIzo917nTpDRIHGSy08a65y9bHPPypa1nNZDcxben6VqPmR_8R4oHmKbCjbdxTXvBxx6z_tJngfd8XYuLnldPcf2nkoajCtG1MpnNdTwol2G74d0VQ8M/s1600/13.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvWE2GEzpqb_R0o53tMvvy7YGbIzo917nTpDRIHGSy08a65y9bHPPypa1nNZDcxben6VqPmR_8R4oHmKbCjbdxTXvBxx6z_tJngfd8XYuLnldPcf2nkoajCtG1MpnNdTwol2G74d0VQ8M/s1600/13.PNG" /></a></div>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqJpRSEAGuRHroB4xSwFYsGdHsRF7Sxfgzmzli0XDCDFr7zQSjT2u9NV1WfsVYn5TRcYwO3SK3Etps-gz0ddZmfoKV1vZZUOUjP7YfiAlv2lA6zJZU8NGCOJOVht9s7aJx2Jv3wq8ycg8/s1600/14.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqJpRSEAGuRHroB4xSwFYsGdHsRF7Sxfgzmzli0XDCDFr7zQSjT2u9NV1WfsVYn5TRcYwO3SK3Etps-gz0ddZmfoKV1vZZUOUjP7YfiAlv2lA6zJZU8NGCOJOVht9s7aJx2Jv3wq8ycg8/s1600/14.PNG" /></a></div>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">Similar config on PE2</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1ODrvkOwn5ay8ckNENqKqY4C02absC_S9tevfDgzBzR1ZQyUXEjc7YqeCl5usL6lDp5eAF4YFsrd7b-Qp7bCWaJAXv1DKc50M9FNMtAm4VLQ9xnElRneDjBQD6o4sIKHWvw0wcoUlqu0/s1600/15.PNG" imageanchor="1"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1ODrvkOwn5ay8ckNENqKqY4C02absC_S9tevfDgzBzR1ZQyUXEjc7YqeCl5usL6lDp5eAF4YFsrd7b-Qp7bCWaJAXv1DKc50M9FNMtAm4VLQ9xnElRneDjBQD6o4sIKHWvw0wcoUlqu0/s1600/15.PNG" /></a></span><br />
<br />
<span style="font-family: "verdana" , sans-serif;">Below output confirms that the traffic is using the spare link now.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhICvRhZv3xy4AH8XfX-58dSx56J89xoilpbHNLIdH2tkdX6Irznz6-U81S6zwWMUTPP2HJrySucYTVIyv304uU8Qz7n03KKMb_RNKGFFxLhqdkdQsjW0z5PpNx1hDc26iY-7ho7-Y23Ns/s1600/16.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhICvRhZv3xy4AH8XfX-58dSx56J89xoilpbHNLIdH2tkdX6Irznz6-U81S6zwWMUTPP2HJrySucYTVIyv304uU8Qz7n03KKMb_RNKGFFxLhqdkdQsjW0z5PpNx1hDc26iY-7ho7-Y23Ns/s1600/16.PNG" /></a></div>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKvKTSfz7JdhmeCHNSTk26XQtzwkSkGRELiU16FFJKkAvtmF3h1dsBqu9MnPZhlVEYgCu4P8mrNNl6_DykkDVfR_FxhgHEKeLKi3-kHsx0daZeBKmntRLXWXmT6yqQ48InxQ0zf2NOBWY/s1600/17.PNG" imageanchor="1"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKvKTSfz7JdhmeCHNSTk26XQtzwkSkGRELiU16FFJKkAvtmF3h1dsBqu9MnPZhlVEYgCu4P8mrNNl6_DykkDVfR_FxhgHEKeLKi3-kHsx0daZeBKmntRLXWXmT6yqQ48InxQ0zf2NOBWY/s1600/17.PNG" /></a></span>
<span style="font-family: "verdana" , sans-serif;"><br /></span><span style="font-family: "verdana" , sans-serif;">You may have to bounce the tunnel interface for the new path to take effect. </span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">More information on MPLS TE can be found on <a href="http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/mpls/configuration/guide/mpls_cg/mp_te_basic.html">http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/mpls/configuration/guide/mpls_cg/mp_te_basic.html</a></span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
</div>
Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com1tag:blogger.com,1999:blog-3934012154598313421.post-10107526609533010012016-01-17T10:55:00.000+00:002016-01-17T10:55:23.319+00:00BGP PIC EDGE<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: Verdana, sans-serif;">Continuing from our previous post, we will now see how BGP PIC EDGE works. We will use the same topology. The only difference is that I have removed R4 as route-reflector. All the PEs have full mesh IBGP neighbourship. </span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3KwJV5w9JITjBaix7rSHT1107KbmhDo2c4R85b50aHpP3bjoI7EiBlnPLMW9H2KHYXVur_OYgwhqmksCfEUEPM-VexmCVuP-D5Pfclf-n8qe7zh3yhY1CzWjPKwdinN-l5SE0L9Pyybk/s1600/1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3KwJV5w9JITjBaix7rSHT1107KbmhDo2c4R85b50aHpP3bjoI7EiBlnPLMW9H2KHYXVur_OYgwhqmksCfEUEPM-VexmCVuP-D5Pfclf-n8qe7zh3yhY1CzWjPKwdinN-l5SE0L9Pyybk/s640/1.jpg" width="332" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="font-family: Verdana, sans-serif;">At the moment R2 learns 8.8.8.8/32 from R6 and R7. It prefers the path with the next-hop of 6.6.6.6 over 7.7.7.7.</span></div>
<a name='more'></a><br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsAXVek1yelLVpSAhDrnBb5oNK9f4SmeOwYqY-C4OCbOhJrncHza4MwhhL3Uuy_t1YndOU1lL1fo9ozs_5rrT1932pHrX2m_donh_O3dtwlUhsMe1SVO390wwmeCuW71K987iGc9eiyr8/s1600/2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="246" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsAXVek1yelLVpSAhDrnBb5oNK9f4SmeOwYqY-C4OCbOhJrncHza4MwhhL3Uuy_t1YndOU1lL1fo9ozs_5rrT1932pHrX2m_donh_O3dtwlUhsMe1SVO390wwmeCuW71K987iGc9eiyr8/s640/2.PNG" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="font-family: Verdana, sans-serif;">I have removed the OSPF cost 1000 on R2's interface towards R4 so at the moment R2 has two equal cost path to reach 6.6.6.6.</span></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZBLjjIMJtHPuy9IcMMgGFnx4NeZWNnkH1KvuPm5uZAC4tcWoPWJ2UzoSpzk_Jwl9nVUWZ6RHqJXh6YBVdrlHLiiH4NAspkSVASqNZyxUxcceHXgGoDGP4-LltDIjBh18LL1hakETawoY/s1600/3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="179" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZBLjjIMJtHPuy9IcMMgGFnx4NeZWNnkH1KvuPm5uZAC4tcWoPWJ2UzoSpzk_Jwl9nVUWZ6RHqJXh6YBVdrlHLiiH4NAspkSVASqNZyxUxcceHXgGoDGP4-LltDIjBh18LL1hakETawoY/s640/3.PNG" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitrJgwhZDn3WAPDbR04Y1y0gsLYICoqsJTqL_EsulKBv7-xWBTIcwKpEVy5F1_ppRQLTDa_FM7KZvlAwFzLWe6WB19gdXPTo8CE53ZyC55kMmFdxI099vrN2Jj8obFraPAtS9l22cBdw8/s1600/4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="80" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitrJgwhZDn3WAPDbR04Y1y0gsLYICoqsJTqL_EsulKBv7-xWBTIcwKpEVy5F1_ppRQLTDa_FM7KZvlAwFzLWe6WB19gdXPTo8CE53ZyC55kMmFdxI099vrN2Jj8obFraPAtS9l22cBdw8/s400/4.PNG" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8ZoRl-7gGYTyen3QF2zlQ-7hpwBDQxT3GGfFM3Qs7kRbwqDcMBoQiB1w1OxCTAp3v1ifWoU6XJacgeLw59_EqU6o9G6KUfFojvAVAXwecBzETvSEzFrYQFbFW7fdQteccBFv4q_gbwx4/s1600/5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="80" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8ZoRl-7gGYTyen3QF2zlQ-7hpwBDQxT3GGfFM3Qs7kRbwqDcMBoQiB1w1OxCTAp3v1ifWoU6XJacgeLw59_EqU6o9G6KUfFojvAVAXwecBzETvSEzFrYQFbFW7fdQteccBFv4q_gbwx4/s400/5.PNG" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="font-family: Verdana, sans-serif;">Now, What will happen if R6 goes down?</span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="font-family: Verdana, sans-serif;"></span></div>
<div style="text-align: center;">
<span style="font-family: Verdana, sans-serif;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiR3iEydde52jj-pg0qQuVJLdrs_g2iq2C-Ihx-gl0gQnEWoOF-Vvv5ZOjGl6l77VrZIvZzSlBmxnDrKlYQQ56hgCQ9_h9ozWyiN1RVXKVzfmwYR_pusb-h736xrJKkHG48yBUBwoBOkJY/s1600/6.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="54" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiR3iEydde52jj-pg0qQuVJLdrs_g2iq2C-Ihx-gl0gQnEWoOF-Vvv5ZOjGl6l77VrZIvZzSlBmxnDrKlYQQ56hgCQ9_h9ozWyiN1RVXKVzfmwYR_pusb-h736xrJKkHG48yBUBwoBOkJY/s320/6.PNG" width="320" /></a></span></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgczYwmr18i3MH8vwA_ApnDLz0qVcw2pXI-Z5rHFgYSDbbztzeTYEEOpSi0MzFtwLZ-_MLieblYrgozSOnjRw0P3Ms5rHIvhvarlS0ah4_4DsIGMm_O0h81rg4GH1JfHrvltxSqcrRB9Ak/s1600/7.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="47" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgczYwmr18i3MH8vwA_ApnDLz0qVcw2pXI-Z5rHFgYSDbbztzeTYEEOpSi0MzFtwLZ-_MLieblYrgozSOnjRw0P3Ms5rHIvhvarlS0ah4_4DsIGMm_O0h81rg4GH1JfHrvltxSqcrRB9Ak/s320/7.PNG" width="320" /></a></div>
<span style="font-family: Verdana, sans-serif;">On R2</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzSGNihwKISNeyea4YV7Hh_QL6S_qgt0vYlaTVmEix7lwmciDGEwOa-4erSbZKs4DbQLaiAVQe8USE3S4qNDv1_BWQoq9AjLSfWr5fecxKVmlmt4NrP42hDNGvgq3mUXiwt-G0rWn1K3s/s1600/8.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="65" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzSGNihwKISNeyea4YV7Hh_QL6S_qgt0vYlaTVmEix7lwmciDGEwOa-4erSbZKs4DbQLaiAVQe8USE3S4qNDv1_BWQoq9AjLSfWr5fecxKVmlmt4NrP42hDNGvgq3mUXiwt-G0rWn1K3s/s640/8.PNG" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">R2 now knows that R6 is unavailable so it will pick 7.7.7.7 as the next-hop. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUVIoSufrIgBpDhbmoxIEroQ0eenS-p24db_6if0cOg4ZJYCIh-xZ8K948egf9EGF8_imsFdTqtKqf-qLGKNgY0eH8Lp90wyJgiaf8_VHD1hao-1irIgaZ0mQoqbjNz9OtppWGP1NreQo/s1600/10.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="208" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUVIoSufrIgBpDhbmoxIEroQ0eenS-p24db_6if0cOg4ZJYCIh-xZ8K948egf9EGF8_imsFdTqtKqf-qLGKNgY0eH8Lp90wyJgiaf8_VHD1hao-1irIgaZ0mQoqbjNz9OtppWGP1NreQo/s640/10.PNG" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We have a similar problem which we face for PIC Core. However in this case the BGP neighbourship goes down so the issue is more significant. As the IBGP next-hop IP changes, we cannot resolve this problem with only PIC Core.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">In normal condition if the BGP table has 500K routes, it would take few minutes for BGP to reconverge completely. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">In this scenario, we can speed up the convergence if we can install two paths in BGP table and FIB.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">PIC EDGE can help in this situation. There are various ways to enable it.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">1. One of the ways is by using the command "<b>maximum-paths</b>".</span><span style="font-family: Verdana, sans-serif;">Let's configure it on R2.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCySQ7eFZ4TBOWKgixogrrIWLpUDsSjQun5kn6FC6DymJ4OrnVLt-_niYrIFkmeEc35djZtx0r9kn4hdFLfgYHx0Kk9-VRKslbJqusqKe8ce0WjpIYWtwCeGNbE41vvP5PVYEdLLD1jac/s1600/11.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="53" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCySQ7eFZ4TBOWKgixogrrIWLpUDsSjQun5kn6FC6DymJ4OrnVLt-_niYrIFkmeEc35djZtx0r9kn4hdFLfgYHx0Kk9-VRKslbJqusqKe8ce0WjpIYWtwCeGNbE41vvP5PVYEdLLD1jac/s400/11.PNG" width="400" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">If we enable R6 and check R2's BGP table, we can see that now have multipath entry.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5gAiFxqGKgpxdZ_3WBLY02gQXY5TKb0YaVigjdBz5kvTe8vHP5Nu49gwa4BSqfZjxbnHANYvadNBQfl8ff__EPjWS63512QRTNjYL-fc3ylcdL39AQvSUzKjJwRIt2DHXrL9qE2ACPjs/s1600/12.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="232" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5gAiFxqGKgpxdZ_3WBLY02gQXY5TKb0YaVigjdBz5kvTe8vHP5Nu49gwa4BSqfZjxbnHANYvadNBQfl8ff__EPjWS63512QRTNjYL-fc3ylcdL39AQvSUzKjJwRIt2DHXrL9qE2ACPjs/s640/12.PNG" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Even in the FIB, we can see two entries.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1a0l1e7G_FxN4WkoInQZNNyHaAKcCYnF97mfdk0P_qWnURKlsyDhvdnvov1k8gNpWYSMuvqjSrs6V2Wk8NEZH5KlJDvBLKibpzCM0a8OvFTbmY7reBNjii3q7lqWoDWE5O7b8QZ91348/s1600/13.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="140" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1a0l1e7G_FxN4WkoInQZNNyHaAKcCYnF97mfdk0P_qWnURKlsyDhvdnvov1k8gNpWYSMuvqjSrs6V2Wk8NEZH5KlJDvBLKibpzCM0a8OvFTbmY7reBNjii3q7lqWoDWE5O7b8QZ91348/s640/13.PNG" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Now if R2 loses the path through R6, it will pick up the path through R7. As the entry is already written in FIB, there will be no need to rewrite all the BGP routes one by one.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">2. The second way of enabling PIC EDGE is by using "<b>advertise-best-external & Add-Path</b>". Let's see how it works.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">I have changed the configuration and applied local preference of 200 on the path via R6.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiU4zMSuorsRXojUtul_84uZQ6qZT8c8sr5s1lxKJ4tHfi0JCb7NEX9br2p9TqR2qOlb-wub8VLIIFC3zOvtW_RX_2bu6zgJyd2SjccgQJKWVBD6ETbE6JgcNnAWKhPoWHlJFI-M3EQQgY/s1600/14.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="35" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiU4zMSuorsRXojUtul_84uZQ6qZT8c8sr5s1lxKJ4tHfi0JCb7NEX9br2p9TqR2qOlb-wub8VLIIFC3zOvtW_RX_2bu6zgJyd2SjccgQJKWVBD6ETbE6JgcNnAWKhPoWHlJFI-M3EQQgY/s400/14.PNG" width="400" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqLlLy13x9rZ6i13PuK_hRetLE8jG9GbVpp5STbbgAroNZb-P42Xv5kZRcUaZnrnNtsxCAnQkFR1HxpiHq2FLlwu8zR0zrSNWlzOH4OZL4N-dwgdO2pHhCQTdFmrHb077EoBjhrNYYowM/s1600/15.PNG" imageanchor="1"><img border="0" height="64" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqLlLy13x9rZ6i13PuK_hRetLE8jG9GbVpp5STbbgAroNZb-P42Xv5kZRcUaZnrnNtsxCAnQkFR1HxpiHq2FLlwu8zR0zrSNWlzOH4OZL4N-dwgdO2pHhCQTdFmrHb077EoBjhrNYYowM/s640/15.PNG" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We can now see that even though we have applied the "maximum-path" command on R2, it selects the best path through R6 </span><span style="font-family: Verdana, sans-serif;">only</span><span style="font-family: Verdana, sans-serif;">.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgcTh72o6Xlmg-C0eDjokBL4P-5aMBOu6J5D5JKiamWPQgeZ7icp1-Z5yG1SM2ms3afdxr4T185Kq78DiJZdJpgUXGvAtIzEDPgQEJb1R1N5W1hxNeDgLLCdVG1KpZ0a18vVaKvjfWBL74/s1600/16.PNG" imageanchor="1"><img border="0" height="210" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgcTh72o6Xlmg-C0eDjokBL4P-5aMBOu6J5D5JKiamWPQgeZ7icp1-Z5yG1SM2ms3afdxr4T185Kq78DiJZdJpgUXGvAtIzEDPgQEJb1R1N5W1hxNeDgLLCdVG1KpZ0a18vVaKvjfWBL74/s640/16.PNG" width="640" /></a></span><br />
<br />
<span style="font-family: Verdana, sans-serif;">What is the problem here? Looking at R7, we can see it prefers 8.8.8.8/32 via R6 due to local preference hence it stops advertising the route via it's EBGP neighbour (10.1.78.8).</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEin9QyDTQr3FDiHdCdlGkK7KWX_nVBzDdHNJwKjUXx0ns9zD5AY8xHVKUwygUxCPPaYBH3Gz9OCtmKcFwYAySEthJWciVmzw9W5enqap2-53aXLstjCM4_u_v3HZcOBEhCBb8dr3IFtarg/s1600/17.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="228" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEin9QyDTQr3FDiHdCdlGkK7KWX_nVBzDdHNJwKjUXx0ns9zD5AY8xHVKUwygUxCPPaYBH3Gz9OCtmKcFwYAySEthJWciVmzw9W5enqap2-53aXLstjCM4_u_v3HZcOBEhCBb8dr3IFtarg/s640/17.PNG" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">It would help if R7 keeps advertising the backup route it learned via EBGP to R2. The way we can make it happen is by configuring "advertise-best-external" in R7.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKhf7HjQ5P6d34Lt-McaFLuAK5kkcnPmXYTd_SHFK0uxyHJUD1V30Ii7WCes7vl3iW7MVKOvfid4jDtMVBT4Ty12kp_XNg6SF5xtFvKYbHrIEjTzoypzk9e4JRN8_wYsA-PkctUI2NGgw/s1600/18.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="51" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKhf7HjQ5P6d34Lt-McaFLuAK5kkcnPmXYTd_SHFK0uxyHJUD1V30Ii7WCes7vl3iW7MVKOvfid4jDtMVBT4Ty12kp_XNg6SF5xtFvKYbHrIEjTzoypzk9e4JRN8_wYsA-PkctUI2NGgw/s400/18.PNG" width="400" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We can now see that R7 treats the backup path as "best-external".</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3Bk5jtaDqta7KYQsMpSuWK_jLQUTyrL0LDZ3M6Ma8X8Zf9zQP6XVF0vbcWYWOAb2ZlBOMh6XmqULc1d8xKavDacjVynaQ8mWxthR_PzmR_CaUn_fc2jrWW4vduX_246LviTNoy4w0HRs/s1600/19.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3Bk5jtaDqta7KYQsMpSuWK_jLQUTyrL0LDZ3M6Ma8X8Zf9zQP6XVF0vbcWYWOAb2ZlBOMh6XmqULc1d8xKavDacjVynaQ8mWxthR_PzmR_CaUn_fc2jrWW4vduX_246LviTNoy4w0HRs/s640/19.PNG" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">If we look at R2, we can see that it has started receiving the backup path from R7 now.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpdaohpw8-4bovSZDdOoSYGdu4MOylGhZmGOhllTQ0t2S5FN_ObeLMxEA5JxIlx7IneQeLpuAEac93uhQpjwmCbM16Tnh17Tc2t5vwJl5I7wau1nZjl4pIMpPY9_F5eCZQ6ynYiwNRA_I/s1600/20.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpdaohpw8-4bovSZDdOoSYGdu4MOylGhZmGOhllTQ0t2S5FN_ObeLMxEA5JxIlx7IneQeLpuAEac93uhQpjwmCbM16Tnh17Tc2t5vwJl5I7wau1nZjl4pIMpPY9_F5eCZQ6ynYiwNRA_I/s640/20.PNG" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">However the FIB still shows one possible path via R6.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtpmL6R7-o8ZDlnA3SKzPFfUuTh7kjn_NqfWDPBRQ6R1j_OXYenQWzXJLJbcMtpldF1E-G3p8nPl3wld3nTDZ9jdZmK06UOC8LHCkJHRs_OQ8yKOV855YqwoOZyTilhKNuqDJNlnpo3xg/s1600/21.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="80" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtpmL6R7-o8ZDlnA3SKzPFfUuTh7kjn_NqfWDPBRQ6R1j_OXYenQWzXJLJbcMtpldF1E-G3p8nPl3wld3nTDZ9jdZmK06UOC8LHCkJHRs_OQ8yKOV855YqwoOZyTilhKNuqDJNlnpo3xg/s400/21.PNG" width="400" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">Here we will have to enable the feature called "Add-Path".</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiT3bSB30JewMwdxuUM2d2bEQmHMvbzJqsGKgTZ-Wq2g1J7aonjkLCIhjkfQ00_yV-HF9LsQVb5CIOJsFaihhxmWQM_jxa4QkGoLxYC_dNKbnqKMqtoGnXeeitQajBa_UpwTxdkPU_QqdU/s1600/22.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="92" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiT3bSB30JewMwdxuUM2d2bEQmHMvbzJqsGKgTZ-Wq2g1J7aonjkLCIhjkfQ00_yV-HF9LsQVb5CIOJsFaihhxmWQM_jxa4QkGoLxYC_dNKbnqKMqtoGnXeeitQajBa_UpwTxdkPU_QqdU/s640/22.PNG" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">"bgp additional-paths select backup" calculates a second bestpath as the backup path. </span><br />
<span style="font-family: Verdana, sans-serif;">"bgp additional-paths install" will install the type of path that is specified in the "bgp additional-paths select" command.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">If we check the FIB on R2, </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO_w981woGcPK7D50ArZTfuMAXZv4TGKur8oIzTGpKNeXWNHe03xd-yXdYjsyPYSFxpMSpeJlFEt0o3y-_ywH_4p_MOeBHsUgYD9HUnsc783kgHuEgu4PiwA7lkpyBu4UmHuM3AeTocXs/s1600/23.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="75" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO_w981woGcPK7D50ArZTfuMAXZv4TGKur8oIzTGpKNeXWNHe03xd-yXdYjsyPYSFxpMSpeJlFEt0o3y-_ywH_4p_MOeBHsUgYD9HUnsc783kgHuEgu4PiwA7lkpyBu4UmHuM3AeTocXs/s400/23.PNG" width="400" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We still don't see the second path!!! </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Be Careful!! This is where Cisco IOS can trick you!</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We need to use the "detail" keyword to see the backup path in FIB.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2XNb0jnMnxVC47DLZLh7IAPoYhPbXhtxOycfImrOrJCZYKKbnjW0rGquzHfQXMZ2q1vWZRnmLIJUW7_pdQT9uZugnHYnFVzfhjSTLOYiCScaj56BV_WO7FFClXchNZE3LVJ-dfePV514/s1600/24.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="210" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2XNb0jnMnxVC47DLZLh7IAPoYhPbXhtxOycfImrOrJCZYKKbnjW0rGquzHfQXMZ2q1vWZRnmLIJUW7_pdQT9uZugnHYnFVzfhjSTLOYiCScaj56BV_WO7FFClXchNZE3LVJ-dfePV514/s640/24.PNG" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">R2 has installed a backup "repair" path in FIB via R7.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">So far we have seen how PIC EDGE would work in full mesh IBGP environment but what if we have route-reflectors in the network.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">I have changed the configuration of the routers and removed the full mesh IBGP between PEs. The router R4 is now configured as VPNv4 route-reflector. I have also removed the local preference on R6 and "Add-Path" commands on relevant PEs.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Ok, so we can see that R4 receives two paths to reach 8.8.8.8/32. It selects the path via R6 as the best path.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAcZneaECswFOC1pAJ7YCeajXEUilQsOLfl0byq7lyPASoemsFUeZjx4in5twEplSya15nqVGpIkA_0xqfVrlOW1GPd0QghuMjUGmOze-Fg1emjtvxF-bRmKo2SO08EDwCEEJewRc9-FE/s1600/25.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAcZneaECswFOC1pAJ7YCeajXEUilQsOLfl0byq7lyPASoemsFUeZjx4in5twEplSya15nqVGpIkA_0xqfVrlOW1GPd0QghuMjUGmOze-Fg1emjtvxF-bRmKo2SO08EDwCEEJewRc9-FE/s640/25.PNG" width="640" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">R2 receives the best path information from R4.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLxsP9Ct6W-XWsaNAzyetKJQKVv93Om_11Sx2dkZcXvdZiaJjUCHgQaZzu_mshV9uyv4AY6KSKu7xAR-RY4p2s87VcuosC-7Vtp7u8oFt1vUOce0PP-pAa1YtZMjJIDLV5Qzg3in1xPUw/s1600/26.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="192" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLxsP9Ct6W-XWsaNAzyetKJQKVv93Om_11Sx2dkZcXvdZiaJjUCHgQaZzu_mshV9uyv4AY6KSKu7xAR-RY4p2s87VcuosC-7Vtp7u8oFt1vUOce0PP-pAa1YtZMjJIDLV5Qzg3in1xPUw/s640/26.PNG" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">The problem here is that route reflector will always chose the best path and only advertise that to it's clients which will make multipathing impossible.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">What if we add another route-reflector in the network? Normally in real world most of the networks do have more than one route-reflectors.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's configure R5 as route-reflector.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgndapMlImHPV0Rqk7hhVOWKM6RrM9pBdIAkkYPZsrC-S-pMReQ1KBNjGeEJ8xMLfOr7-v-I4Gp7iuxQecRkupWoRAqiCbPQtUyFWc_tTwxzl7ayqsB7P5F2Hp-Wu6N3WFUw9Ou3ZLC3Xg/s1600/27.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="367" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgndapMlImHPV0Rqk7hhVOWKM6RrM9pBdIAkkYPZsrC-S-pMReQ1KBNjGeEJ8xMLfOr7-v-I4Gp7iuxQecRkupWoRAqiCbPQtUyFWc_tTwxzl7ayqsB7P5F2Hp-Wu6N3WFUw9Ou3ZLC3Xg/s400/27.PNG" width="400" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Configure all the PEs with required config. I have just shown the config of R2 for brevity.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7BPFpZhsWZsalsta22dQ8ON_11iP_FVvp99LlrcaGFbhQ6Ey33Lv7RPy7T_XzQ0JJmrvTa1Se90tKfQCAEAtOkao_BWR5w6oWAaMAkdynyBMpbgNQ0BGXQBSDYqPG0zpIlIEwYnEh3ic/s1600/28.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="80" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7BPFpZhsWZsalsta22dQ8ON_11iP_FVvp99LlrcaGFbhQ6Ey33Lv7RPy7T_XzQ0JJmrvTa1Se90tKfQCAEAtOkao_BWR5w6oWAaMAkdynyBMpbgNQ0BGXQBSDYqPG0zpIlIEwYnEh3ic/s400/28.PNG" width="400" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">If we check R2, We can see that it has started receiving 2 paths from R4 and R5.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeZAdbAZUxDpieJifawji702yS4PNNsendT8POTcTevht3-E0CUg939hy4P5-v8WEU7Xq5M2p9j3g9oP3ywgBz2YSmxaAWJl4QNUcDR1_J9ZGBFxj9k7nsgl40RuGNQU8FzDEc-GmI7zw/s1600/29.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="408" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgeZAdbAZUxDpieJifawji702yS4PNNsendT8POTcTevht3-E0CUg939hy4P5-v8WEU7Xq5M2p9j3g9oP3ywgBz2YSmxaAWJl4QNUcDR1_J9ZGBFxj9k7nsgl40RuGNQU8FzDEc-GmI7zw/s640/29.PNG" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Can we use Add-path to do multipathing? </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Remember, Add-path will not work if the next-hop of backup path is the same as primary path. The next hop must be different. In our case, the next-hop advertised by both the RRs is 6.6.6.6!</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">So, the problem can be resolved if R5 can advertise the path via R7 (7.7.7.7) instead of R6. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">3. The solution is to use "<b>Diverse-path</b>" along with <b>"advertise-best-external" </b>and<b> "Add-Path".</b></span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">On R5, we have configured ""Add-path" and "diverse-path". This will make R5 to install the backup path in the BGP table and advertise it to the specific neighbour R2.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9FForNdI7DvlZ8oU5EDVOQz3dwZBXRS5TIFlEkcT-VURI-fAyRrRuNUgn9swiOp8Fj6DWam_lBuTSA4rQTx9Lmek_PG1izQXfGBqQPxEuaFjDtYhztiWR1LK4qanWQYnbQe6H46N4Xx0/s1600/30.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="99" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9FForNdI7DvlZ8oU5EDVOQz3dwZBXRS5TIFlEkcT-VURI-fAyRrRuNUgn9swiOp8Fj6DWam_lBuTSA4rQTx9Lmek_PG1izQXfGBqQPxEuaFjDtYhztiWR1LK4qanWQYnbQe6H46N4Xx0/s640/30.PNG" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinQsCYXHJCT2nFyTV74b69_FV7BfgNx4OX3h6iLkRnhqF5aV3dNQOMiepwgIQX-QWfsyHVSMFImED5JzEitS-Yk5YaxKeSiHvshvBAdsGCKSPsXCpo4Tgz-Y0WuGp_W8KtJZ5dGQya3vc/s1600/32.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="227" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinQsCYXHJCT2nFyTV74b69_FV7BfgNx4OX3h6iLkRnhqF5aV3dNQOMiepwgIQX-QWfsyHVSMFImED5JzEitS-Yk5YaxKeSiHvshvBAdsGCKSPsXCpo4Tgz-Y0WuGp_W8KtJZ5dGQya3vc/s640/32.PNG" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">R2 has now started receiving a path with the next-hop 7.7.7.7 from R5.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7H_EFl0elue7d8IEu2ypXVryqzimbZcjmxi8jcsgpn91onUxL2rhPID1BCoDz37O3URbZLGf2yzCUvOYkFb21qSP1ogaQaqQq1MIQ5tB2NusZn7DsWl5Zd1H-U_SM3rze5CS3U2Msqwg/s1600/31.PNG" imageanchor="1"><img border="0" height="408" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7H_EFl0elue7d8IEu2ypXVryqzimbZcjmxi8jcsgpn91onUxL2rhPID1BCoDz37O3URbZLGf2yzCUvOYkFb21qSP1ogaQaqQq1MIQ5tB2NusZn7DsWl5Zd1H-U_SM3rze5CS3U2Msqwg/s640/31.PNG" width="640" /></a></span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We can now configure "Add-Path" on R2.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJD3tN-NNtyIz3cBSRvp4aOt2-VWr3qb1rby8GCwb0MxWzGsUxQJiH5LpzZjylSFOqh4yjmC4gH4ck2838JlmNRBdon4Q6920xqE5VIj3Oq80N42hjVa5qsM-UfwHfuIb17742D2TWVgk/s1600/33.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="96" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhJD3tN-NNtyIz3cBSRvp4aOt2-VWr3qb1rby8GCwb0MxWzGsUxQJiH5LpzZjylSFOqh4yjmC4gH4ck2838JlmNRBdon4Q6920xqE5VIj3Oq80N42hjVa5qsM-UfwHfuIb17742D2TWVgk/s640/33.PNG" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8bOISHAIbEcMSiZEQmyntoAIQgOXPpTMYAJkh5XXLemojXMpWE6yHmjy_XXBioWMKZaW1ebzkr78kYbYjY9FvhHiXwhzFeK6ePHitHc2LhxkkDk1Htbcx-8EwTI_8-XjIjyJkQv6MaI8/s1600/34.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="126" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8bOISHAIbEcMSiZEQmyntoAIQgOXPpTMYAJkh5XXLemojXMpWE6yHmjy_XXBioWMKZaW1ebzkr78kYbYjY9FvhHiXwhzFeK6ePHitHc2LhxkkDk1Htbcx-8EwTI_8-XjIjyJkQv6MaI8/s400/34.PNG" width="400" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">The backup path is installed in the FIB.</span><br />
<br />
<span style="font-family: Verdana, sans-serif;">At the moment, the route advertised by R6 and R7 has the same local preference of 100. What if I change the config and prefer the route via R6 by increasing the local preference.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-BNiTrQzY2LzU8SEG-ynJUVYeRhlO6cCLniyUsyDuGZjrIFN0cNcaAfj_h2tyknjBzR0dKHuLp5D37YSs89-7avt6Fazk5R0wW74lrL_pT7sE0o1oXzXIlAiit__-JXaU9seQ51bEJVU/s1600/35.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="67" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-BNiTrQzY2LzU8SEG-ynJUVYeRhlO6cCLniyUsyDuGZjrIFN0cNcaAfj_h2tyknjBzR0dKHuLp5D37YSs89-7avt6Fazk5R0wW74lrL_pT7sE0o1oXzXIlAiit__-JXaU9seQ51bEJVU/s640/35.PNG" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Suddenly, R7 has started advertising the path via R6 (6.6.6.6) to R2 which will break the "Add-Path" functionality.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjci28aMw6LR8jDMN4lYgbYTJlO4ECnkfu7YrjHo_JeLb7ztL1qlc84iNYbdR0s8LHdN_MHttRJmXEn2jkh95fQx-vmfM-g_RS-ddYXw83OjBeveSCSpzlLva30Ou0yf9YD9CemDcOOoog/s1600/36.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjci28aMw6LR8jDMN4lYgbYTJlO4ECnkfu7YrjHo_JeLb7ztL1qlc84iNYbdR0s8LHdN_MHttRJmXEn2jkh95fQx-vmfM-g_RS-ddYXw83OjBeveSCSpzlLva30Ou0yf9YD9CemDcOOoog/s640/36.PNG" width="640" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">What happened here?? Let's see step by step</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">1. R6 received the route 8.8.8.8/32 and advertised to RRs(R4 and R5).</span><br />
<span style="font-family: Verdana, sans-serif;">2. R7 received the route 8.8.8.8/32 and advertised to RR2(R4 and R5).</span><br />
<span style="font-family: Verdana, sans-serif;">3. R5 started calculating it's second best path.</span><br />
<span style="font-family: Verdana, sans-serif;">4. Meanwhile R7 started learning about the path with higher local preference via R6 from R4.</span><br />
<span style="font-family: Verdana, sans-serif;">5. R7 withdraws it's advertisement of 8.8.8.8 from R4 and R5 as it has a better path via R6 through higher local preference.</span><br />
<span style="font-family: Verdana, sans-serif;">6. Now R5 calculates the only path it receives from R6 and pass it on to R2.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: Verdana, sans-serif;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGhXTKwUA1Ko61OUglV14liAWplLynXUbb_oEdX2Z2y3s2usGit2e-6971tIY6gvaHVMtiZ1Aj8cGj5bN10cAivNSKYEx2C7M98l99RqifsGkr2dO8VjK6skyQtAGA9ZEf1Sv6VVzC73A/s1600/38.PNG" imageanchor="1"><img border="0" height="532" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGhXTKwUA1Ko61OUglV14liAWplLynXUbb_oEdX2Z2y3s2usGit2e-6971tIY6gvaHVMtiZ1Aj8cGj5bN10cAivNSKYEx2C7M98l99RqifsGkr2dO8VjK6skyQtAGA9ZEf1Sv6VVzC73A/s640/38.PNG" width="640" /></a></span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">As per above output, we can see that R7 prefer the path through R6. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">How can we force R7 to advertise it's backup EBGP path to RRs? </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">As previously seen in our post, we can use "<b>advertise-best-external</b>".</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhx08XfbrH8HZgNxaWyrIK3drS8Pj-JGiyL9UyhTIj2BOYXA5_Btpq6P7Z502MET6bYcyuPosJQylxUJacMmMQVSNUrLsHVV5Z1xkhzvhbEA4mhAjgsubZJfIgmKZ7DQj28oI00hL5h6rE/s1600/40.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="50" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhx08XfbrH8HZgNxaWyrIK3drS8Pj-JGiyL9UyhTIj2BOYXA5_Btpq6P7Z502MET6bYcyuPosJQylxUJacMmMQVSNUrLsHVV5Z1xkhzvhbEA4mhAjgsubZJfIgmKZ7DQj28oI00hL5h6rE/s400/40.PNG" width="400" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">On R2, the backup path is now installed in the FIB.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKIL9hLRniCUWIE0DYL8o5wV8kChEZfQCQiSNs6R8DH-IGS4nz_c4jYkyULZ7QsiOEQxBhWZkgchPLBPDrhJC-NHXcaUuloWPH-ZXpBjz4VCCnqYARgfqGNjAmTO71s841rXC84Y08DNU/s1600/41.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="208" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKIL9hLRniCUWIE0DYL8o5wV8kChEZfQCQiSNs6R8DH-IGS4nz_c4jYkyULZ7QsiOEQxBhWZkgchPLBPDrhJC-NHXcaUuloWPH-ZXpBjz4VCCnqYARgfqGNjAmTO71s841rXC84Y08DNU/s640/41.PNG" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">More information can be found on <a href="http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-3s/irg-xe-3s-book/irg-bgp-mp-pic.html">http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-3s/irg-xe-3s-book/irg-bgp-mp-pic.html</a></span><br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br /></div>
Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com2tag:blogger.com,1999:blog-3934012154598313421.post-18624448185352177822016-01-01T00:34:00.000+00:002016-01-01T09:52:46.629+00:00BGP PIC CORE<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: Verdana, sans-serif;">Happy New Year Folks!</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">In one of the previous posts, we looked at EIGRP FRR and OSPF LFA feature which helps achieving fast convergence.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif; text-align: justify;">There is a similar feature in BGP which is called PIC (Prefix Independent Convergence). It speeds up the convergence of the FIB in failover conditions. BGP works differently than any IGP. It is designed to carry hundreds of thousands routes in the routing table hence fast failover works differently in BGP. There are couple of ways to implement PIC in BGP. They are "PIC Core" and "PIC Edge". We will look into both of these options.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's look at the below topology.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZ-MemgDz3xdq0rPgAdhlSUuteMbUvWy-lD_8KSwHs5Ut6j1vcOFjf6bB_oPI3aCwPr_pFh9STxPNxhwE6fnr7foMsPrmNZYRCusXEKt3_RGOfzXtoEvqwuZqM3-cHPyz3dmCNt16oxrk/s1600/1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZ-MemgDz3xdq0rPgAdhlSUuteMbUvWy-lD_8KSwHs5Ut6j1vcOFjf6bB_oPI3aCwPr_pFh9STxPNxhwE6fnr7foMsPrmNZYRCusXEKt3_RGOfzXtoEvqwuZqM3-cHPyz3dmCNt16oxrk/s640/1.jpg" width="332" /></a></div>
<a name='more'></a><span style="font-family: Verdana, sans-serif;">We have CE1 and CE2 with loopback IPs 1.1.1.1/24 and 8.8.8.8/24 respectively as customer's LAN range. We are running standard Layer 3 IPVPN in the service provider core. Each router in the core has a loopback IP which is advertised in the IGP. The VPNv4 neighbourship is built using that loopback. The router R4(P1) is the route reflector for VPNv4 prefixes with all the PEs being it's client.</span><br />
<div class="separator" style="clear: both; text-align: left;">
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="font-family: Verdana, sans-serif;">This is how the physical topology looks like in case you want to build the lab yourself!</span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="font-family: Verdana, sans-serif;"><br /></span><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgg_GSE0F9IoStOfp7Y9OG3-u6LVreJf2nWImiN4h8Ttidh2UI3GZqxtPe3pkeZw_CV5YdGAw6ncoLOgduZ2GO2SsDDL192esHxeb6GPM-bxGnFr2D-keSa3TkYh_CSnA42_a5CtXQbNRY/s1600/2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgg_GSE0F9IoStOfp7Y9OG3-u6LVreJf2nWImiN4h8Ttidh2UI3GZqxtPe3pkeZw_CV5YdGAw6ncoLOgduZ2GO2SsDDL192esHxeb6GPM-bxGnFr2D-keSa3TkYh_CSnA42_a5CtXQbNRY/s640/2.PNG" width="560" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">As mentioned before, We are running BGP free core i.e. only PE routers are maintaining BGP table. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">R4 learns the prefix 8.8.8.8/32 from both R6 and R7. It choses the path towards R6 as the preferred path and advertise it to R2.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvQIUhZ7jvJjomtAcwH8I81GFX04cnf0yobICASKd9gFMrUqxQJoUAfnUQ9fmnNaz7JhewFbVT3V8Q0w0y__VUjjrOJl6FxOt05yEe1soZRacRcieNF08bLofIbpfqnKdJ1FGgKioaerc/s1600/3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="226" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjvQIUhZ7jvJjomtAcwH8I81GFX04cnf0yobICASKd9gFMrUqxQJoUAfnUQ9fmnNaz7JhewFbVT3V8Q0w0y__VUjjrOJl6FxOt05yEe1soZRacRcieNF08bLofIbpfqnKdJ1FGgKioaerc/s640/3.PNG" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhng-0gaZgOW8KrrTNgH60-bkCND7aR5l9FW7XYbalUrryKLzOYKSrAlO_bFRj42sK-ztsvPFVoFqh8eCsI4Vng0f9zZAoJGRMH_iIbgL-dpHIFeA9AduzeHNWnA_YhIM6KfKKZGd4JDUo/s1600/4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="196" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhng-0gaZgOW8KrrTNgH60-bkCND7aR5l9FW7XYbalUrryKLzOYKSrAlO_bFRj42sK-ztsvPFVoFqh8eCsI4Vng0f9zZAoJGRMH_iIbgL-dpHIFeA9AduzeHNWnA_YhIM6KfKKZGd4JDUo/s640/4.PNG" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">So for R2, the IBGP next-hop to reach 8.8.8.8/32 will be 6.6.6.6. R2 will now check it's routing table to check the IGP path to reach 6.6.6.6.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0U7O-lzAsu4xZQ1kLFBUX_CHmMz7wjSxYcqix7DUnbqBVQ0l46NKTijW_zs0ZILREQKsqqNldFqirlaYOm0pWl5BfTuINtOceQF-0iHr-Tjv9Xb4R9LPX7kUFt4TPfwXYmUJOy66lcCo/s1600/5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="176" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0U7O-lzAsu4xZQ1kLFBUX_CHmMz7wjSxYcqix7DUnbqBVQ0l46NKTijW_zs0ZILREQKsqqNldFqirlaYOm0pWl5BfTuINtOceQF-0iHr-Tjv9Xb4R9LPX7kUFt4TPfwXYmUJOy66lcCo/s640/5.PNG" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">As the link bandwidths are same, R2 can reach R6 either via R4 or R5.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">If we increase the "OSPF Cost" of the link between R2 and R4, R2 will prefer the path via R5 to reach R6.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcRVqxxn9_DnKYGV10pEywDbNGjEEsBSlHG7vc3RXFDngvbdTUZ-IqPbYDIM5eKEOYWMXF7fFSL8wORVx_WDh8qtQQLsg1yvX69c3khKIPko6I98ihv58hql5vGiTz777weQqLcrzEq7Q/s1600/6.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="60" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcRVqxxn9_DnKYGV10pEywDbNGjEEsBSlHG7vc3RXFDngvbdTUZ-IqPbYDIM5eKEOYWMXF7fFSL8wORVx_WDh8qtQQLsg1yvX69c3khKIPko6I98ihv58hql5vGiTz777weQqLcrzEq7Q/s320/6.PNG" width="320" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRonkLw3VV069rZ76caPXQC3Ak82uHGrqohz9fR1vg6g83DsmezZuLOxD88IaKKmupo1TzKc_Py55m15t3uSjzC4zHKkz4_Q0eWlFMh3zxFRMXC2okHFUitWkUT1Jsc2w4_7TwCwWOZus/s1600/7.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="137" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRonkLw3VV069rZ76caPXQC3Ak82uHGrqohz9fR1vg6g83DsmezZuLOxD88IaKKmupo1TzKc_Py55m15t3uSjzC4zHKkz4_Q0eWlFMh3zxFRMXC2okHFUitWkUT1Jsc2w4_7TwCwWOZus/s640/7.PNG" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The CEF table on R2 shows the next hop, out going interface and the MPLS label number.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVvTJpEhJ8yLrDFBRuAxN3qBfQt2iB8WWPhNmHSYb-vwszpKWFWMVCrRa7DMKI-Zdx0OWFj6jhTuxqMdktwl-a_v1M067P2qn27cU_pASl-6PF28umI1-MiaZeP508snnXqKfacX9o_UQ/s1600/8.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="58" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVvTJpEhJ8yLrDFBRuAxN3qBfQt2iB8WWPhNmHSYb-vwszpKWFWMVCrRa7DMKI-Zdx0OWFj6jhTuxqMdktwl-a_v1M067P2qn27cU_pASl-6PF28umI1-MiaZeP508snnXqKfacX9o_UQ/s400/8.PNG" width="400" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8jyw7ds9R8yXm54D1VNnKMGYl-H1b6Bf7o3I_WAnFTkblBpnStq0m35xmwNqGXuueh5aYOBXFBxRSWoLURvBSJHGhspKHy_zSyzhKvwfoRTSbF3H8g3YnniO3p91l_5CypG98KiByYbY/s1600/13.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="58" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8jyw7ds9R8yXm54D1VNnKMGYl-H1b6Bf7o3I_WAnFTkblBpnStq0m35xmwNqGXuueh5aYOBXFBxRSWoLURvBSJHGhspKHy_zSyzhKvwfoRTSbF3H8g3YnniO3p91l_5CypG98KiByYbY/s400/13.PNG" width="400" /></a></div>
<span style="font-family: Verdana, sans-serif;">So to recap</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">- The prefix 8.8.8.8/32 is reachable via two PEs, R6 and R7.</span><br />
<span style="font-family: Verdana, sans-serif;">- Both R6 and R7 advertises it to R4 which is the route-reflector.</span><br />
<span style="font-family: Verdana, sans-serif;">- R4 choses R6 as the best path to reach 8.8.8.8/32</span><br />
<span style="font-family: Verdana, sans-serif;">- R4 then advertise this VPNv4 prefix to R2.</span><br />
<span style="font-family: Verdana, sans-serif;">- R2 looks at the next-hop IP 6.6.6.6 which is the loopback of R6</span><br />
<span style="font-family: Verdana, sans-serif;">- To reach 6.6.6.6, R2 looks at the local routing table and finds that it can be reachable via R5</span><br />
<span style="font-family: Verdana, sans-serif;">- Now from R2, any traffic for the destination 8.8.8.8 will be sent out to next-hop 10.1.25.5 out of interface Ethernet1/0</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">i.e. 8.8.8.8 --> Next-Hop 10.1.25.5, Outgoing Interface Ethernet1/0</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The traffic flow would be R1-->R2-->R5-->R6-->R8. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">What would happen if R5 becomes unavailable?</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhi7gKUkJFg-PP7RGhclG2oeIDCTPx8P7wbJDF_WJtuLXAhdrBX_hwWq5RbJI5Y3m5MG6cDd8ElzstgeljMZWykQJzpWoRRsYnsV4zBVzqFbdPNvMDb46XYwOhwkmFZHcDFXchjaLAhx-I/s1600/12.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="56" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhi7gKUkJFg-PP7RGhclG2oeIDCTPx8P7wbJDF_WJtuLXAhdrBX_hwWq5RbJI5Y3m5MG6cDd8ElzstgeljMZWykQJzpWoRRsYnsV4zBVzqFbdPNvMDb46XYwOhwkmFZHcDFXchjaLAhx-I/s320/12.PNG" width="320" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">There is a second path via R4 to reach R6 which means this outage will not affect the BGP session between R2 and R4 or even R4 and R6.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The traffic flow would be R1-->R2-->R4-->R6-->R8.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhW03SsPD4pZYlnf-aSTC7aPbcM-gwCS_XG1N_U7_9WiSvdn17wGfc825lvNrK_qONCNmayHDaFNHaPXa1xNqBM-CMlm4XGxYcAMAUTVU69UpdnfNJQjp13x5QPJk5DOHeBXG5iZM9hZjY/s1600/10.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="66" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhW03SsPD4pZYlnf-aSTC7aPbcM-gwCS_XG1N_U7_9WiSvdn17wGfc825lvNrK_qONCNmayHDaFNHaPXa1xNqBM-CMlm4XGxYcAMAUTVU69UpdnfNJQjp13x5QPJk5DOHeBXG5iZM9hZjY/s400/10.PNG" width="400" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The only thing that will change from R2's prospective is the next-hop IP and the outgoing interface. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">i.e. 8.8.8.8 --> Next-Hop 10.1.24.4, Outgoing Interface Ethernet0/1</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisehLLaoese5v2ZD9-kugRPXIby8Sq7jZBr_CerhOJ2zEONrasEnVhkqFz8smQOfqQD897zyBYCRfK7qduOgFxfbSdM1HbU3iZKBiPzFaBfuntqoJJDAYTgaVvAe3oKs_CWs2X9GdSp04/s1600/11.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="57" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisehLLaoese5v2ZD9-kugRPXIby8Sq7jZBr_CerhOJ2zEONrasEnVhkqFz8smQOfqQD897zyBYCRfK7qduOgFxfbSdM1HbU3iZKBiPzFaBfuntqoJJDAYTgaVvAe3oKs_CWs2X9GdSp04/s400/11.PNG" width="400" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">It may look a very small change as the IGP can converge really fast however this will result in change of BGP table and CEF. The next-hop and outgoing interface will be updated for each prefix in BGP table. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">In this example we only have one prefix but what if we have 500K routes in the BGP table? How long will take to change the next-hop IP and outgoing interface for each of those prefixes in the CEF table?</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">PIC Core resolves this problem by creating something called "Pointer". A pointer is combination of Next-Hop/outgoing Interface.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">So in our example, let's say </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Pointer A = 10.1.25.5 Ethernet1/0</span><br />
<br />
<span style="font-family: Verdana, sans-serif;">Now instead of using next-hop and interface, each prefix will refer to a pointer.</span><br />
<span style="font-family: Verdana, sans-serif;">e.g.</span><br />
<span style="font-family: Verdana, sans-serif;">The normal FIB: 8.8.8.8 --> </span><span style="font-family: Verdana, sans-serif;">10.1.25.5, Ethernet1/0</span><br />
<span style="font-family: Verdana, sans-serif;">FIB with PIC Core enabled: 8.8.8.8--> Pointer A = 10.1.25.5, Ethernet1/0</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">In the failure condition, we will update the nexthop and interface of Pointer A i.e. 8.8.8.8--> Pointer A = 10.1.24.4, Ethernet0/1 (Only one change)</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">If there are 500K prefixes, we still have to make one change and update pointer information instead of changing next-hop/Interface for 500K prefixes!</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">To enable PIC Core on the PE, you can apply this command.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOkRMlzfAeEM6xoi8fxLiiRvJeljDnFf9T1RK12ytlESMAzMz-rXCS621Z_otMRmyMVnkBQMsBJo6vHGzBZvlRQbnsXSgn1lFXJWWIbkIo3BKqaf1eNWxtWSTwhgFZgkn0G0qh8O34q3s/s1600/9.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="99" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOkRMlzfAeEM6xoi8fxLiiRvJeljDnFf9T1RK12ytlESMAzMz-rXCS621Z_otMRmyMVnkBQMsBJo6vHGzBZvlRQbnsXSgn1lFXJWWIbkIo3BKqaf1eNWxtWSTwhgFZgkn0G0qh8O34q3s/s640/9.PNG" width="640" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">To disable PIC Core, you can replace "convergence-speed" with "memory-utilization". </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">Please remember, in the above example; BGP is <b>NOT</b> reconverging. </span><span style="font-family: Verdana, sans-serif;">PIC Core is about dealing with IGP failures, it cannot handle BGP failures. We will need PIC Edge for that which we will discuss in next post.</span><br />
<br /></div>
Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com6tag:blogger.com,1999:blog-3934012154598313421.post-75624136929451452952015-12-16T19:49:00.003+00:002015-12-16T19:49:15.057+00:00VRF Aware IPSEC VPN<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: "verdana" , sans-serif;">In this post we will see how we can support multiple VRFs in site to site IPSEC VPN implementation.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">We will use the below topology. The routers CE1 and CE2 are connected to the Internet. For simplicity, I have used the private IP addressing for the WAN connectivity.</span><br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEis5iAXndkqyLYO72u6aUu9IaxB_TxDXs1yCWfSwDVR7puK5d5WVVKoOlRNNYh7lv8KZURrxgO4UXniHnjHGwgM2SB3l4rVHuhNru40Ff7MOleOw00iN8sZliG-Du59tirvTaZmICnpPAY/s1600/VRF+Aware+IPSEC.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="311" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEis5iAXndkqyLYO72u6aUu9IaxB_TxDXs1yCWfSwDVR7puK5d5WVVKoOlRNNYh7lv8KZURrxgO4UXniHnjHGwgM2SB3l4rVHuhNru40Ff7MOleOw00iN8sZliG-Du59tirvTaZmICnpPAY/s640/VRF+Aware+IPSEC.jpg" width="640" /></a><span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">Ok so the first step is to configure required VRFs on both the CPEs.</span><br />
<a name='more'></a><span style="font-family: verdana, sans-serif;">We are going to configure two VRFs. One called "INTERNET" and the other one called "CUST".</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">The WAN interfaces (connected to the Internet) will be part of "INTERNET" VRF while the LAN interfaces connecting to the customer network (Loopback 0 interface in our case) and tunnel interfaces will be part of the "CUST" VRF.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">There is a terminology to describe these VRFs. The "INTERNET" vrf is referred to as FVRF (Front VRF) and "CUST" vrf is called IVRF (Internal VRF).</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">Let's start with the configuration. I have only shown the configuration output from the CE1 as the CE2 configuration should be identical.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<div style="text-align: center;">
<span style="font-family: "verdana" , sans-serif;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrb9sxd2JdTQ7wjJ82-4SouoWnx2KKJtz8Y96GMn7f1UzHEbuOoIDRkEMZx3mB_I9FEDrUfYlO2ZibfuNW9qBCYxdxrZQW5r9DtxUJN6sA-ixgqtwXqz9VGUcXrmxK2ZoTF7qZ3l1MB14/s1600/1.PNG" imageanchor="1"><img border="0" height="161" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrb9sxd2JdTQ7wjJ82-4SouoWnx2KKJtz8Y96GMn7f1UzHEbuOoIDRkEMZx3mB_I9FEDrUfYlO2ZibfuNW9qBCYxdxrZQW5r9DtxUJN6sA-ixgqtwXqz9VGUcXrmxK2ZoTF7qZ3l1MB14/s400/1.PNG" width="400" /></a></span><br />
<br /></div>
<span style="font-family: "verdana" , sans-serif;">Now we will configure relevant interfaces in each VRF.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<div style="text-align: center;">
<span style="font-family: "verdana" , sans-serif;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6bCq1WkNbHW9IvNk-lci7uD_ZsSDQJk0xHYjY1D-rUc8u8vNbG8OQrJna9JS8qL4n5XSFyMWOKPs7WF43SEjxWYV2UQSDxDBiWsSkyuNSDyjpFt2xscpWa6SKPbhwpApr8AFm36OwRzc/s1600/2.PNG" imageanchor="1"><img border="0" height="107" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6bCq1WkNbHW9IvNk-lci7uD_ZsSDQJk0xHYjY1D-rUc8u8vNbG8OQrJna9JS8qL4n5XSFyMWOKPs7WF43SEjxWYV2UQSDxDBiWsSkyuNSDyjpFt2xscpWa6SKPbhwpApr8AFm36OwRzc/s400/2.PNG" width="400" /></a></span></div>
<div style="text-align: center;">
<span style="font-family: "verdana" , sans-serif;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkL7PESfDjpOct9hyphenhypheni5nP24d7PvEh6MX8Ga5VkF63mxQMuQDVCvYvl1yIKitkBPbEhhfSEFB4JNrZI9CXt_JAQDdCYdlXDc84XAgmu4dacIQat4Sw1crSZrMJhOrbvo7vqsbwov5R9TSM/s1600/3.PNG" imageanchor="1"><img border="0" height="88" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkL7PESfDjpOct9hyphenhypheni5nP24d7PvEh6MX8Ga5VkF63mxQMuQDVCvYvl1yIKitkBPbEhhfSEFB4JNrZI9CXt_JAQDdCYdlXDc84XAgmu4dacIQat4Sw1crSZrMJhOrbvo7vqsbwov5R9TSM/s400/3.PNG" width="400" /></a></span></div>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">The tunnel source and destination are WAN IP addresses of the CEs which are part of the "INTERNET" vrf.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">We can now configure the ISAKMP/IPSEC parameters.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">For Phase 1 (ISAKMP), we will use AES for encryption, Pre-shared key and DH group 2.</span><br />
<div style="text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFCkXfni55xXbE-1hGClqMyd0ofjAZdOaMvXT9ANdyo0AsCHnbGN-59YM-J2SQf4V7IHiSKgEItFt3NCyHCe3o0fcmgKIlJO-ZgBT6hUxu504ibdjoJGuNdSDcBCcH5Opr4kPWHZRWfUA/s1600/4.PNG" imageanchor="1"><img border="0" height="70" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFCkXfni55xXbE-1hGClqMyd0ofjAZdOaMvXT9ANdyo0AsCHnbGN-59YM-J2SQf4V7IHiSKgEItFt3NCyHCe3o0fcmgKIlJO-ZgBT6hUxu504ibdjoJGuNdSDcBCcH5Opr4kPWHZRWfUA/s400/4.PNG" width="400" /></a></div>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">We have also configured keyring named "TEST" for the VRF "INTERNET" with pre-shared key "cisco".</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVSRCZXYskCZCXVzVwqVFGGa9NtIQM0PhEXa13IecFE_V0mlG1qhTiFUe3aVEDs0WrOYy-3l9L3tqDSSTqEentCdRXEuN6h2oMTZu-rdgLbi3eEEmAVHQaXqr1FeMKSXo-m2Ba1RN52gA/s1600/5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="41" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVSRCZXYskCZCXVzVwqVFGGa9NtIQM0PhEXa13IecFE_V0mlG1qhTiFUe3aVEDs0WrOYy-3l9L3tqDSSTqEentCdRXEuN6h2oMTZu-rdgLbi3eEEmAVHQaXqr1FeMKSXo-m2Ba1RN52gA/s640/5.PNG" width="640" /></a></div>
<br />
<span style="font-family: "verdana" , sans-serif;">The ISAKMP profile will contain both the FVRF and keyring names.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdexgG_Y5bBHYkOBeFOrh0cdKjOZNVRQcBMnsfryyl-D-dSmAHXQrjzl6ImRVvq3jRMUs4q23QEoeTps0Hrct47Bwlx5ahH25qpQ9FLBZt5cTwpJycDCakjMcNBSZ3X8eF2UgTrF4Ecf4/s1600/6.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="89" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdexgG_Y5bBHYkOBeFOrh0cdKjOZNVRQcBMnsfryyl-D-dSmAHXQrjzl6ImRVvq3jRMUs4q23QEoeTps0Hrct47Bwlx5ahH25qpQ9FLBZt5cTwpJycDCakjMcNBSZ3X8eF2UgTrF4Ecf4/s640/6.PNG" width="640" /></a></div>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">Now for Phase 2 (IPSEC), we will configure transform-set and IPSEC profile.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP4OhZaB5IgCbzodm6-MJOX0LFPV9MvMCQc3QUQdpFZZEWpBmyR0VZt7RgZlzy_brUkYv4qpHo8CJc1z17DF5eaQ7zFtcHT7SjmPLxJcQeItPke9_tUFSDItWSqBbpRrjt8UewO7CIug8/s1600/7.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="19" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP4OhZaB5IgCbzodm6-MJOX0LFPV9MvMCQc3QUQdpFZZEWpBmyR0VZt7RgZlzy_brUkYv4qpHo8CJc1z17DF5eaQ7zFtcHT7SjmPLxJcQeItPke9_tUFSDItWSqBbpRrjt8UewO7CIug8/s640/7.PNG" width="640" /></a></div>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<div style="text-align: center;">
<span style="font-family: "verdana" , sans-serif;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoG9XRkpKNsLDvDmZLbau9GKcNsP0Ep2aHfQ5MN0HSHsT4x_nj6mP5wpP9LvzNjUTWJoaT_HlWPcN1rkfM5XrbEIEB48Guj5dP8ijbS84PaC0ElgtiCt_HXXi5ZjsFhJ-udzJGvzULJP8/s1600/8.PNG" imageanchor="1"><img border="0" height="45" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoG9XRkpKNsLDvDmZLbau9GKcNsP0Ep2aHfQ5MN0HSHsT4x_nj6mP5wpP9LvzNjUTWJoaT_HlWPcN1rkfM5XrbEIEB48Guj5dP8ijbS84PaC0ElgtiCt_HXXi5ZjsFhJ-udzJGvzULJP8/s400/8.PNG" width="400" /></a></span></div>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">This IPSEC profile will not be configured on the tunnel interface. </span><br />
<div style="text-align: center;">
<br />
<span style="font-family: "verdana" , sans-serif;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuXjPZsrtUicvTZxgyLfjqrA65bo3f4P_zyL9n4J-0wkQW-lfs03I1WcsVCGKgWsuw4FdXONOSm3AukIAdHzwmgn9-gSaNlzpPoG_pTqpP8XLrZBvmatm3csyjLVNmxgvMmy7AKR7-I2U/s1600/9.PNG" imageanchor="1"><img border="0" height="72" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuXjPZsrtUicvTZxgyLfjqrA65bo3f4P_zyL9n4J-0wkQW-lfs03I1WcsVCGKgWsuw4FdXONOSm3AukIAdHzwmgn9-gSaNlzpPoG_pTqpP8XLrZBvmatm3csyjLVNmxgvMmy7AKR7-I2U/s640/9.PNG" width="640" /></a></span></div>
<div style="text-align: center;">
<span style="font-family: "verdana" , sans-serif;"><br /></span></div>
<span style="font-family: "verdana" , sans-serif;">This completes our GRE/IPSEC configuration however we still need to configure the routing!</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">The default route is on the internet and points the next hop IP 10.1.12.2</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdkpc2e0fdu7JZmHvGuplcyvJTSEOBJYp1VSjNaW5Htp7KzvYLeCdePJXO6ArspqfHxC-aB6t2Ab543FZIU0gG3n3a-AhRi0-d9pW_3hvJOvgATisdkrdtMPcU5GuU5kAUiYZV84wz3hM/s1600/10.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="25" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdkpc2e0fdu7JZmHvGuplcyvJTSEOBJYp1VSjNaW5Htp7KzvYLeCdePJXO6ArspqfHxC-aB6t2Ab543FZIU0gG3n3a-AhRi0-d9pW_3hvJOvgATisdkrdtMPcU5GuU5kAUiYZV84wz3hM/s640/10.PNG" width="640" /></a></div>
<br />
<span style="font-family: "verdana" , sans-serif;">The customer subnets are 1.1.1.0/24 and 4.4.4.0/24 on CE1 and CE2 respectively. They will be reachable through the tunnel next hop IP.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<div style="text-align: center;">
<span style="font-family: "verdana" , sans-serif;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT1tPHgj_uKxZKdH3az0UtwT36UgnKPpdHoOkcNOHtliIHtuahnCrFn8ZDIjHAUpXiSoVRkouTsAbkg71J7k8p0A0_YsR_4F9b2wr3bagmcTOT36xu-LKE4L7IB_nB4DWh6TiAZqwUEpo/s1600/11.PNG" imageanchor="1"><img border="0" height="24" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT1tPHgj_uKxZKdH3az0UtwT36UgnKPpdHoOkcNOHtliIHtuahnCrFn8ZDIjHAUpXiSoVRkouTsAbkg71J7k8p0A0_YsR_4F9b2wr3bagmcTOT36xu-LKE4L7IB_nB4DWh6TiAZqwUEpo/s640/11.PNG" width="640" /></a></span></div>
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<span style="font-family: "verdana" , sans-serif;">The routing table for both the VRFs look like as below</span><br />
<span style="font-family: "verdana" , sans-serif;"><br /></span>
<br />
<div style="text-align: center;">
<span style="font-family: "verdana" , sans-serif;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiU6rSQSuNB5ZLcm834x9-sIlABRgyBS0Cktsgk-P0B7M_66Gk89WuEnuf3mn5kP_gwqGsPrRcZvqliqnLB0CLrDjxshuH8f5TcY4cAheO-mzCT9tFgHLEfRSlK9M9qkAu8gk9jWXDtSM4/s1600/12.PNG" imageanchor="1"><img border="0" height="364" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiU6rSQSuNB5ZLcm834x9-sIlABRgyBS0Cktsgk-P0B7M_66Gk89WuEnuf3mn5kP_gwqGsPrRcZvqliqnLB0CLrDjxshuH8f5TcY4cAheO-mzCT9tFgHLEfRSlK9M9qkAu8gk9jWXDtSM4/s640/12.PNG" width="640" /></a></span></div>
<br />
<br />
<div style="text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIgNvd_zQkfd9vkGWSNEs_MttJ6-UOD4ltwFdiJVBlalj2tBdOj3hE-eUIkdz258-rjLh7XfEwpIKOBHGhLvuwz7AUdTp2D_4swKbNRdF2ur1slxzVNP3cKigHX30M9IXoAjoUL_pcGU4/s1600/13.PNG" imageanchor="1"><img border="0" height="294" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIgNvd_zQkfd9vkGWSNEs_MttJ6-UOD4ltwFdiJVBlalj2tBdOj3hE-eUIkdz258-rjLh7XfEwpIKOBHGhLvuwz7AUdTp2D_4swKbNRdF2ur1slxzVNP3cKigHX30M9IXoAjoUL_pcGU4/s640/13.PNG" width="640" /></a></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<span style="font-family: "verdana" , sans-serif;">We can now see that ping from 1.1.1.1 to 4.4.4.4 works successfully.</span></div>
<div style="text-align: left;">
<span style="font-family: "verdana" , sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjH8IZmfP8SIrJTrUTZQZNshOj2j9eY4K8yBzidMDv1e9NJ5CR0HncEse7yIHuFi99a_ey-RE8eNhJRNwSqls5W8IUmgSpkGlGkPqtP-HDwRB5cXIWaj_DRrN2ckpsvo5ULpv7lAEIdkgI/s1600/14.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="104" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjH8IZmfP8SIrJTrUTZQZNshOj2j9eY4K8yBzidMDv1e9NJ5CR0HncEse7yIHuFi99a_ey-RE8eNhJRNwSqls5W8IUmgSpkGlGkPqtP-HDwRB5cXIWaj_DRrN2ckpsvo5ULpv7lAEIdkgI/s640/14.PNG" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div style="text-align: left;">
<span style="font-family: "verdana" , sans-serif;">Whenever IPSEC along with some sort of tunneling mechanism is used, one needs to be careful about the supported MTU size on the link. Due to the various overhead, full 1500 MTU may not be supported.</span></div>
<div style="text-align: left;">
<span style="font-family: "verdana" , sans-serif;"><br /></span></div>
<div style="text-align: left;">
<span style="font-family: "verdana" , sans-serif;">If you are unsure, please check this link which will help to calculate the overhead you need to take into account while designing the solution.</span></div>
<div style="text-align: left;">
<a href="https://cway.cisco.com/tools/ipsec-overhead-calc/ipsec-overhead-calc.html"><span style="font-family: "verdana" , sans-serif;"><br /></span></a></div>
<div style="text-align: left;">
<a href="https://cway.cisco.com/tools/ipsec-overhead-calc/ipsec-overhead-calc.html"><span style="font-family: "verdana" , sans-serif;">https://cway.cisco.com/tools/ipsec-overhead-calc/ipsec-overhead-calc.html </span></a></div>
<div style="text-align: center;">
<br /></div>
</div>
Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com1tag:blogger.com,1999:blog-3934012154598313421.post-11155395658426652015-10-31T15:47:00.001+00:002015-12-30T10:44:49.367+00:00EIGRP IP FRR & OSPF LFA<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: Verdana, sans-serif;">In today's modern networks, fast convergence has become a mandatory requirement.</span><br />
<span style="font-family: Verdana, sans-serif;">If we want to achieve fast convergence, each of the steps below need to be optimized</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">1. Failure Detection</span><br />
<span style="font-family: Verdana, sans-serif;">2. Failure Propagation</span><br />
<span style="font-family: Verdana, sans-serif;">3. Processing of new information</span><br />
<span style="font-family: Verdana, sans-serif;">4. Updating RIB/FIB</span><br />
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<span style="font-family: Verdana, sans-serif;"><b>1. Failure Detection:-</b> <i>"How long does it take me to detect a failure?"</i></span><br />
<span style="font-family: Verdana, sans-serif;">This normally depends on the Hello/Hold down/Dead timers of the routing protocol. We can either tune these timers or use a mechanism such as "BFD" which we have seen in our earlier post.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><b>2. Failure Propagation:-</b> </span><span style="font-family: Verdana, sans-serif;"><i>"How long does it take me to tell everyone else?"</i></span><br />
<span style="font-family: Verdana, sans-serif;">In EIGRP, this is done through Query/Reply packets. We can reduce the Query domain by configuring the routers as "stub".</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">In OSPF, this depends on the area size and the LSA flooding procedure. We can tune the LSA timers to change this.</span><br />
<span style="font-family: Verdana, sans-serif;"></span><br />
<a name='more'></a><span style="font-family: Verdana, sans-serif;"><b>3. Processing of new information:</b>- <i>"How long does it take to decide on the new topology?"</i></span><br />
<span style="font-family: Verdana, sans-serif;">This depends on the algorithm used by the individual routing protocol. i.e. EIGRP uses "DUAL", OSPF uses "SPF".</span><br />
<br />
<span style="font-family: Verdana, sans-serif;">This process is heavily dependent on the physical CPU capacity of the router so it's not very tunable. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<b style="font-family: Verdana, sans-serif;">4. Updating RIB/FIB:-</b><span style="font-family: Verdana, sans-serif;"> </span><i style="font-family: Verdana, sans-serif;">"How long does it take me to install the changes?"</i><br />
<span style="font-family: Verdana, sans-serif;">This step involves installing the routing topology information to RIB. RIB to install the information in the FIB and then transferring it from software FIB to hardware TCAM.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">There are different methods through which we can optimize the convergence time. Some of the methods are "Reactive" while some of them are "Proactive".</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><u>Reactive Optimizations:-</u></span><br />
<ul style="text-align: left;">
<li><span style="font-family: Verdana, sans-serif;">Fast hellos & BFD</span></li>
<li><span style="font-family: Verdana, sans-serif;">OSPF LSA & SPF Pacing</span></li>
<li><span style="font-family: Verdana, sans-serif;">FIB prefix prioritization</span></li>
</ul>
<div>
<span style="font-family: Verdana, sans-serif;"><u>Proactive optimizations:-</u></span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Verdana, sans-serif;">EIGRP Feasible Successor & FRR</span></li>
<li><span style="font-family: Verdana, sans-serif;">OSPF LFA (Loop Free Alternate)</span></li>
<li><span style="font-family: Verdana, sans-serif;">BGP PIC (Prefix Independent Convergence)</span></li>
<li><span style="font-family: Verdana, sans-serif;">MPLS Traffic Engineering Fast Reroute (TE FRR)</span></li>
</ul>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
</div>
<br />
<span style="font-family: Verdana, sans-serif;">In this post we will look at EIGRP FRR and OSPF LFA. To understand them, let's look at the topology below.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpJFXlY8EGMvezgO2Yqb3aGP_c-IP8DjAfUTviXdMUo3i2KU2-YFm3oxpU4_5-x8DacQdmcZvP9-d1x8q-hjca2u4dRhU3TZ71OTL1HGP2iARM-iY0Z8xoXTOf4Qy-Ch5LyYivUxRbEoM/s1600/Drawing1.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="328" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpJFXlY8EGMvezgO2Yqb3aGP_c-IP8DjAfUTviXdMUo3i2KU2-YFm3oxpU4_5-x8DacQdmcZvP9-d1x8q-hjca2u4dRhU3TZ71OTL1HGP2iARM-iY0Z8xoXTOf4Qy-Ch5LyYivUxRbEoM/s640/Drawing1.jpg" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<span style="font-family: Verdana, sans-serif;">At the moment, we are running EIGRP named mode on all the four routers.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBZ0L95QQM2Sv_PS4CCl3s64XKH_7T01hyphenhyphenKVcYbsEzXabWKlD_1Xh2qzydl1Zs1nRgIpDPBu6D3nZyOhaSc4HeIOCf3QDS9L_3pyGQ6GeyDC7vXWO0fh_4X1BdSomlVmpUFxgsEIGGRtA/s1600/1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBZ0L95QQM2Sv_PS4CCl3s64XKH_7T01hyphenhyphenKVcYbsEzXabWKlD_1Xh2qzydl1Zs1nRgIpDPBu6D3nZyOhaSc4HeIOCf3QDS9L_3pyGQ6GeyDC7vXWO0fh_4X1BdSomlVmpUFxgsEIGGRtA/s1600/1.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We can see that R7 learns about the prefix 1.1.1.1/32 from R6 and R3 and use ECMP (Equal cost multipath).</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcyPJ7SgGT3LCam8ZNvTlQQSDx0_ahKTr2lJGmjv7nLyYt0Sn02AJvBX4Dst1ASPCdohvpY4HckdC_OtA1JCpnoIO8Eh9JfcHSGA__iOH5UPI8QhcDTXELVo0PIqA3XlV2Zky_lO-hqp0/s1600/2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcyPJ7SgGT3LCam8ZNvTlQQSDx0_ahKTr2lJGmjv7nLyYt0Sn02AJvBX4Dst1ASPCdohvpY4HckdC_OtA1JCpnoIO8Eh9JfcHSGA__iOH5UPI8QhcDTXELVo0PIqA3XlV2Zky_lO-hqp0/s1600/2.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Now let's change the delay on the R7's interface towards R3.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNkcvoCTumiNJJDqfyvtL2iRPFlFVnZ-RKRrNVT_E1LIKDk6elH9zB0IE4f9lVsTze9SX8gKKSfW2IbIVolzIkCJ2iKbSZ6VXr3Mu72kDiwsgfNz970sC097EeoEOaK3rRvl-j-Nl5mI0/s1600/3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNkcvoCTumiNJJDqfyvtL2iRPFlFVnZ-RKRrNVT_E1LIKDk6elH9zB0IE4f9lVsTze9SX8gKKSfW2IbIVolzIkCJ2iKbSZ6VXr3Mu72kDiwsgfNz970sC097EeoEOaK3rRvl-j-Nl5mI0/s1600/3.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We can now see that R7 now uses R6 to reach R1 however it also keeps the path through R3 as feasible successor. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhR_67nl4fWnCS9dADNMbAghnIr-kiQliwYXCNe7avqxZ8fck4RN2pB1VrRnLNT_PXqxQ9W8gqchNHaKX63H6pjcQ4yAWx37IxpT7MPBkDtBNQu8kaRc6qZ3fCFyP0cffligY562VJ0hSc/s1600/4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhR_67nl4fWnCS9dADNMbAghnIr-kiQliwYXCNe7avqxZ8fck4RN2pB1VrRnLNT_PXqxQ9W8gqchNHaKX63H6pjcQ4yAWx37IxpT7MPBkDtBNQu8kaRc6qZ3fCFyP0cffligY562VJ0hSc/s1600/4.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhp_H_GtXW92O8uBE1ZyGdKB1gk-wrOlCuArra9XNxMau1S1cGODVPPzAGV24H92VRqmu-CXxuRzWTrvjHi405D-fAeEyY9QHXIF7WzCEnLbMiYEq7VJ4upAGbysv4xJeTKnVjaxjXeLrY/s1600/5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhp_H_GtXW92O8uBE1ZyGdKB1gk-wrOlCuArra9XNxMau1S1cGODVPPzAGV24H92VRqmu-CXxuRzWTrvjHi405D-fAeEyY9QHXIF7WzCEnLbMiYEq7VJ4upAGbysv4xJeTKnVjaxjXeLrY/s1600/5.PNG" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEie6rPmBM_9J0GiHvWyXC_bqoW4yuC7RjZ3E9WDWRWOrh3HJehFnAZKzSEiEY4zYDJs12lMOFL_DCJlR-c5rTdjTtaHrq1vWVZz3TGwvT4svLK9Wf_f2d6N3OvC_40PI-ajefMjmLC_IGQ/s1600/6.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEie6rPmBM_9J0GiHvWyXC_bqoW4yuC7RjZ3E9WDWRWOrh3HJehFnAZKzSEiEY4zYDJs12lMOFL_DCJlR-c5rTdjTtaHrq1vWVZz3TGwvT4svLK9Wf_f2d6N3OvC_40PI-ajefMjmLC_IGQ/s1600/6.PNG" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLo47lJlA4qJxdKJORQu6LkuY-bNBB4JMdjyMd_jhXlF39v0l2GRD5jwTQTChYnfL88kQ_tuMpRDjv2-03HMt4HM_UQ1rFeHfc1HT3L4LQy3bA41GPEFI3dGfPRpibq4R5FzEQNopH6h4/s1600/12.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLo47lJlA4qJxdKJORQu6LkuY-bNBB4JMdjyMd_jhXlF39v0l2GRD5jwTQTChYnfL88kQ_tuMpRDjv2-03HMt4HM_UQ1rFeHfc1HT3L4LQy3bA41GPEFI3dGfPRpibq4R5FzEQNopH6h4/s1600/12.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br />
What would happen if the link between R7 and R6 goes down?</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">As R7 already has a feasible successor route through R3, it will be installed in the routing table from the EIGRP topology table. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Then this route will be installed in the CEF table and will then end up in the TCAM of the router.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Even through this process seems fairly quick, this can add additional delay in the convergence process. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">There is a way to preempt this process through a feature called "Fast Reroute".</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's see how it works.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">To enable this, I will configure the command "Fast Reroute" in EIGRP process on R7. At the moment this feature is only available in EIGRP named mode.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP-jByLyiZ_PYaTKM7dSIvNfBw2R4UsZGVVBIzjjiXLTq1e5a537e1vEPQDHYxp8tKDzhu9UVJXMJx5vNmMyLr_btWuBINbfZZqEWwftb5abO4B75jSz25Eg_l0xPgdHuHDxH35XbFD04/s1600/7.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiP-jByLyiZ_PYaTKM7dSIvNfBw2R4UsZGVVBIzjjiXLTq1e5a537e1vEPQDHYxp8tKDzhu9UVJXMJx5vNmMyLr_btWuBINbfZZqEWwftb5abO4B75jSz25Eg_l0xPgdHuHDxH35XbFD04/s1600/7.PNG" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">We can see that R7 still prefers R6 to reach 1.1.1.1/32 and it also has the feasible successor through R3.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLrtLiyXdKV8z8wPcXnDuspAcRzyx0FKBKfwlHK6G0By9hFm4rIdQIxI4lhAh4207XDm1tGZoFSxxBXxVNWq59jeOxoLafik9XZJPi9jC8xyAlfUetsx_-eQ-GABGG7KHKUM08rlVt1ws/s1600/8.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLrtLiyXdKV8z8wPcXnDuspAcRzyx0FKBKfwlHK6G0By9hFm4rIdQIxI4lhAh4207XDm1tGZoFSxxBXxVNWq59jeOxoLafik9XZJPi9jC8xyAlfUetsx_-eQ-GABGG7KHKUM08rlVt1ws/s1600/8.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6ghDuaZFLxTZP8OYDVH6fzzS_E4J4eDy3OkU4D-sRz85DPkbq5j7x8gNHsDFwC5V13GIPyWSl0ZNsJ4yvItAj5OBCGyFKLk6aNHE1TBqBSGz4aukBDyERI02VJkFp3wYs5LEHmXO7FJI/s1600/9.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6ghDuaZFLxTZP8OYDVH6fzzS_E4J4eDy3OkU4D-sRz85DPkbq5j7x8gNHsDFwC5V13GIPyWSl0ZNsJ4yvItAj5OBCGyFKLk6aNHE1TBqBSGz4aukBDyERI02VJkFp3wYs5LEHmXO7FJI/s1600/9.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">If we look at the output closely we can notice that now R7 maintains a "Repair Path" in it's routing table!</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_pMYwEUa2_lEEWsRY2ilmL55Uf56ZEDfXnh7HILJ4WAbuDCBgkk9uspGeovPGqlHmNWrSJNwz_6YW1_2tST9Z04QKjtfRKujrEAZrxmDbAP32EsSlHnp83P6zzaYNtj7M3kmp9p46eTU/s1600/10.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_pMYwEUa2_lEEWsRY2ilmL55Uf56ZEDfXnh7HILJ4WAbuDCBgkk9uspGeovPGqlHmNWrSJNwz_6YW1_2tST9Z04QKjtfRKujrEAZrxmDbAP32EsSlHnp83P6zzaYNtj7M3kmp9p46eTU/s1600/10.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">We can also see a similar entry in the CEF table!</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3i86lVxdKtq8eeQ92Gzzfbtlxqe5j5QsGScu46zKVfm6PzLefZ-JJ2onfxssVFvimqaqbsOQOiBBhhKk0x5qWTUfPeNWN1YzU_OJpDLpb6EYvBVC_5CztJaTPbDbRJqHzhkOLce09jQ8/s1600/11.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3i86lVxdKtq8eeQ92Gzzfbtlxqe5j5QsGScu46zKVfm6PzLefZ-JJ2onfxssVFvimqaqbsOQOiBBhhKk0x5qWTUfPeNWN1YzU_OJpDLpb6EYvBVC_5CztJaTPbDbRJqHzhkOLce09jQ8/s1600/11.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">So now if the primary link fails, R7 won't have to install the feasible successor from topology table to routing table and then to the CEF table as it's already pre-installed which will speed up the convergence.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">EIGRP maintains a backup path as a feasible successor if it meets the feasibility condition however OSPF do not have any such mechanism.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">OSPF maintains the same database on each router in a particular area hence OSPF can run SPF algorithm with considering neighboring router as a root. This way it can find a loop free alternate path which can be used in the event if the primary path fails.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">In our topology, let's run OSPF on all the routers and see how it works.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiU8S64l-M8ckwCQxf-kc9nJRegB7CyJlpA517HSvi2IksMxWwb_txFfL-gckFh2EfEej7m8lDqsTMBMdLVztOky0elB1d925X6tHdsUxIml24PaRagQi62cxEjLUJQxePFVRfrZyKmu7Q/s1600/13.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiU8S64l-M8ckwCQxf-kc9nJRegB7CyJlpA517HSvi2IksMxWwb_txFfL-gckFh2EfEej7m8lDqsTMBMdLVztOky0elB1d925X6tHdsUxIml24PaRagQi62cxEjLUJQxePFVRfrZyKmu7Q/s1600/13.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">Similar OSPF process is running on other routers.</span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Now R7 learns 1.1.1.1/32 through OSPF from both R6 and R3. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMnANM4-rKWX7iW1nKYEF7JJ5HtJ3WOliAlxcwwpc4qtZaVd9iIGM7yw46iTQ2mPh1Gmcp3M4lhCR_QdNKio40Nw19sGZ8qJWO0-_mehaMLN6IziiaPNZ7xa8Tc-zBhkARjRymqxG-WQY/s1600/14.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhMnANM4-rKWX7iW1nKYEF7JJ5HtJ3WOliAlxcwwpc4qtZaVd9iIGM7yw46iTQ2mPh1Gmcp3M4lhCR_QdNKio40Nw19sGZ8qJWO0-_mehaMLN6IziiaPNZ7xa8Tc-zBhkARjRymqxG-WQY/s1600/14.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">Let's change the cost of the link towards R3 which will make R7 prefers R6.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgChxjfmQgniyPilakvxHmdc9z6f85hh-_iB5Y5P7raNz3WBp5Xf4f2rm0_457QPp65NgLI6t29hNgj7z_CYBv1N8vdNB4WyFYRWWf8v9wYalAlH8RJ_wUkktl-kZFEZkMFlf8drUSh2LY/s1600/15.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgChxjfmQgniyPilakvxHmdc9z6f85hh-_iB5Y5P7raNz3WBp5Xf4f2rm0_457QPp65NgLI6t29hNgj7z_CYBv1N8vdNB4WyFYRWWf8v9wYalAlH8RJ_wUkktl-kZFEZkMFlf8drUSh2LY/s1600/15.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmvT_VDnL0sBGfwqTnzHY83r878iacbuqOF-MJYmtJA2jR8jA2zmZWy290aUvM5M2FYll0mluLA2LSymklHIguluB92NJs-Yy2jKY2KDYd6VIBdroRRzs4cXMzO4cUWg5fzAclxkwVPXg/s1600/16.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmvT_VDnL0sBGfwqTnzHY83r878iacbuqOF-MJYmtJA2jR8jA2zmZWy290aUvM5M2FYll0mluLA2LSymklHIguluB92NJs-Yy2jKY2KDYd6VIBdroRRzs4cXMzO4cUWg5fzAclxkwVPXg/s1600/16.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhC3NG1N9_9rWA9VFkepHkn8kfy1hOLjN7ZZs4Mw7_bI9B0X_t-J4SKYnt1sejD4ZyUI_YgVPs0c62-B7yrNzJxDfLyoz5JDIufFcLUr32xHesRXwMHPtjcCOO74M9OfYqbvh7ksHWaz9c/s1600/17.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhC3NG1N9_9rWA9VFkepHkn8kfy1hOLjN7ZZs4Mw7_bI9B0X_t-J4SKYnt1sejD4ZyUI_YgVPs0c62-B7yrNzJxDfLyoz5JDIufFcLUr32xHesRXwMHPtjcCOO74M9OfYqbvh7ksHWaz9c/s1600/17.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">Now we can configure "fast-reroute" on R7 under the ospf process.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxCI1M6Xx35C5YX6NxcujHx711eYoTFTWWAXWAUzOdzaAZS0ux7XYMc0L6O6CCpYF8YeBR-rCOjXy5HV2A6A90iE3COzCzgDEX7Q8Nrse9NVwxH8DXxYuGzrtItG4_8VXM6GYKJSQ7aV4/s1600/18.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxCI1M6Xx35C5YX6NxcujHx711eYoTFTWWAXWAUzOdzaAZS0ux7XYMc0L6O6CCpYF8YeBR-rCOjXy5HV2A6A90iE3COzCzgDEX7Q8Nrse9NVwxH8DXxYuGzrtItG4_8VXM6GYKJSQ7aV4/s1600/18.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">As we saw for EIGRP, OSPF also started showing the repair path. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9eqou20Q5yvX0nfmh4PTJIkfI078uJuIHM2Uwo9mD9FrYCTAJ2A9dAMAX5923_1fY4yJnMbeHOHVOjE9r_ig1Xmhy7dzsVkztNd522102QzK96OZPbSqGhdgl0xaN4Q8B8F6b2o9-OVI/s1600/19.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9eqou20Q5yvX0nfmh4PTJIkfI078uJuIHM2Uwo9mD9FrYCTAJ2A9dAMAX5923_1fY4yJnMbeHOHVOjE9r_ig1Xmhy7dzsVkztNd522102QzK96OZPbSqGhdgl0xaN4Q8B8F6b2o9-OVI/s1600/19.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We can also see the second entry in the CEF table.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdSTsP34hJ7M4fGTds_cl3KgsY3h-um5847Vil2fsTvesg3xUHy7aBkgwePlQX3NU5dzKvpSqmbOZWzk0krObV6Zhf_wM25qtr606pQz5ClmAtMcgkxEke54OR5Mkmedjm73D-8oIMBYk/s1600/20.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdSTsP34hJ7M4fGTds_cl3KgsY3h-um5847Vil2fsTvesg3xUHy7aBkgwePlQX3NU5dzKvpSqmbOZWzk0krObV6Zhf_wM25qtr606pQz5ClmAtMcgkxEke54OR5Mkmedjm73D-8oIMBYk/s1600/20.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">In our topology we only have a single alternate path. If there are multiple possible repair paths, OSPF LFA FRR prioritizes attributes in the following order</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">1. srlg</span><br />
<span style="font-family: Verdana, sans-serif;">2. primary-path</span><br />
<span style="font-family: Verdana, sans-serif;">3. interface-disjoint</span><br />
<span style="font-family: Verdana, sans-serif;">4. lowest-metric</span><br />
<span style="font-family: Verdana, sans-serif;">5. linecard-disjoint</span><br />
<span style="font-family: Verdana, sans-serif;">6. node-protecting</span><br />
<span style="font-family: Verdana, sans-serif;">7. broadcast-interface-disjoint</span><br />
<div>
<br /></div>
<span style="font-family: Verdana, sans-serif;">More information on this can be found </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/xe-3s/iro-lfa-frr-xe.html </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_eigrp/configuration/15-2s/ire-ipfrr.html</span><br />
<div>
<br /></div>
</div>
Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com1tag:blogger.com,1999:blog-3934012154598313421.post-19620669633582568072015-09-18T17:22:00.004+01:002015-09-18T17:23:00.705+01:00Carrier Supporting Carrier (CSC)<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: Verdana, sans-serif;">In this post we will look at the Carrier Supporting Carrier design where smaller service providers use large service providers as backbone in order to connect parts of their network which eliminates the need to build and maintain their own MPLS network.</span><br />
<br />
<span style="font-family: Verdana, sans-serif;">From customer's point of view, there is no difference in terms of connectivity and it will still appear as they have a normal Layer 3 MPLS connection from the provider.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's look at the below topology to understand how it works.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHDgDHodsfyRyGJZbMJRlByVxOHhEq3W1kVCtksIGAuSoBacJ_9tPpP2BJYiXhoPGmETlU8cQGm4pE-HnI6eUwPnx0zR4rU_I0OXX5_XDxuJbO4-v53ATWerEJO1HT37SwzXMksCtgmd4/s1600/Drawing1.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="456" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHDgDHodsfyRyGJZbMJRlByVxOHhEq3W1kVCtksIGAuSoBacJ_9tPpP2BJYiXhoPGmETlU8cQGm4pE-HnI6eUwPnx0zR4rU_I0OXX5_XDxuJbO4-v53ATWerEJO1HT37SwzXMksCtgmd4/s640/Drawing1.jpg" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We have a Tier 2 SP who is providing services to customer sites in two different geographical locations. The service provider have their own network within specific regions but not connected with each other directly hence they are using Tier 1 SP's backbone to connect both of their networks and provide end-to-end connectivity to the customer.</span><br />
<a name='more'></a><br />
<span style="font-family: Verdana, sans-serif;">As shown in the diagram the Tier 2 SP have a route-reflector in each region. Our end goal is to establish VPNv4 neighbourship between these route-reflectors to exchange the routing information.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">From the configuration prospective, these are the loopback IPs configured on various devices.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">CE1 = 1.1.1.1/32 (Customer LAN prefix)</span><br />
<span style="font-family: Verdana, sans-serif;">CE2 = 15.15.15.15/32 (Customer LAN prefix)</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">SP-PE1 = 2.2.2.2/32</span><br />
<span style="font-family: Verdana, sans-serif;">SP-PE2 = 14.14.14.14/32</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">SP-RR1 = 4.4.4.4/32</span><br />
<span style="font-family: Verdana, sans-serif;">SP-RR2 = 12.12.12.12/32</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Tier 2 SP uses BGP AS 100 on the PEs at both the locations and run OSPF as the IGP. Tier 1 SP uses ISIS as IGP and BGP AS 200 on the PEs.</span><br />
<span style="font-family: Verdana, sans-serif;"><br />At the moment, CE1 is advertising the loopback IP to SP-PE1. SP-PE1 advertise the VPNv4 route to route-reflector SP-RR1 which then gets learned by CSC-CE1.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNWzGR4sMpcP2EtrSDjnyrMRNzv1l-iORqBXaxBO7sz1gjTkHw2-hP9edCFuCd66Qe5qPT4GpDfw0BJ012MZLZxXjltwXcTiTRMKOVDit3wnWirxkUqPKXhFl-IiQyUWCYBBp5Zax143Y/s1600/1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNWzGR4sMpcP2EtrSDjnyrMRNzv1l-iORqBXaxBO7sz1gjTkHw2-hP9edCFuCd66Qe5qPT4GpDfw0BJ012MZLZxXjltwXcTiTRMKOVDit3wnWirxkUqPKXhFl-IiQyUWCYBBp5Zax143Y/s1600/1.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijPUaIAX31aqfHshFf3lrjdOI3oMnFvbe__LbTX5OuOJL4v8vdsbNgCjWQ_8gkbuEpLBzjQTi_54gBsig5rBc9FOnj9uiXB-CVJzQAhx93K0LaGp0z0gcY7dryX0EnnfBwGTZWlAvGWNw/s1600/2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijPUaIAX31aqfHshFf3lrjdOI3oMnFvbe__LbTX5OuOJL4v8vdsbNgCjWQ_8gkbuEpLBzjQTi_54gBsig5rBc9FOnj9uiXB-CVJzQAhx93K0LaGp0z0gcY7dryX0EnnfBwGTZWlAvGWNw/s1600/2.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8N-JwzuNYsuaKNYwAapdN9KqnIIa5DYc1b0HU9wuWYxZdnBl0oAC5aHNFpUrlUDZz-KDAFHDHxBzJ5NkiqQmicYu2A15M899K59vYLxK8Hv8d6sMKcU8ombkb1oPEPvF-s6Ck3rdRwyw/s1600/3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8N-JwzuNYsuaKNYwAapdN9KqnIIa5DYc1b0HU9wuWYxZdnBl0oAC5aHNFpUrlUDZz-KDAFHDHxBzJ5NkiqQmicYu2A15M899K59vYLxK8Hv8d6sMKcU8ombkb1oPEPvF-s6Ck3rdRwyw/s1600/3.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Similarly CE2 is advertising the prefix 15.15.15.15/32 and it's learned by CSC-CE2 through SP-RR2.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgr8wWuZj3so0PrmYZhkShISPyL-RMKB354KTIEtmI7N-nUN7gcf66rhok0zfa_jNLOv9e5B2MFEPSRMhqDQH5uWJXUkP2jkngy3GFF6ybvdm-hJ1aPaxtUvTFJqvrNsL91jkOTrDWZcf8/s1600/4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgr8wWuZj3so0PrmYZhkShISPyL-RMKB354KTIEtmI7N-nUN7gcf66rhok0zfa_jNLOv9e5B2MFEPSRMhqDQH5uWJXUkP2jkngy3GFF6ybvdm-hJ1aPaxtUvTFJqvrNsL91jkOTrDWZcf8/s1600/4.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br />We need to establish VPNv4 IBGP neighbourship between both the route reflectors. For that we need to exchange the loopback IPs of RRs using the Tier1 SP network. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">As we can see from the diagram, Tier 1 SP network has CSC-PE1 and CSC-PE2 devices and there is a separate VPNv4 BGP neighbourship between both of them.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTdV7Z0JKQdpQGM9wBSVIhXl-J5PrYO9u2A_ZnbHudCIW4PebQoJTu9hVwgryDWsw2K015Opa5gxSRco3XyjmryG0L8gl9qqbqWWR3BN3mF5cAjyGQXnLIVS-xnqFGJGL-2pYhLZl1exc/s1600/5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTdV7Z0JKQdpQGM9wBSVIhXl-J5PrYO9u2A_ZnbHudCIW4PebQoJTu9hVwgryDWsw2K015Opa5gxSRco3XyjmryG0L8gl9qqbqWWR3BN3mF5cAjyGQXnLIVS-xnqFGJGL-2pYhLZl1exc/s1600/5.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgISFkmXjCF8RIdXTIEMHSyEoHDL2XIEVhg3i7iADY1jofiQ6u3__RiRB8xya4UXk5v7HSN4Q1xxK1YGxhN6NXp_1N-MiMr6YIKxECgA51wGMSG6Wijt9hloHM2QqwO51twLxE_qhrAsak/s1600/6.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgISFkmXjCF8RIdXTIEMHSyEoHDL2XIEVhg3i7iADY1jofiQ6u3__RiRB8xya4UXk5v7HSN4Q1xxK1YGxhN6NXp_1N-MiMr6YIKxECgA51wGMSG6Wijt9hloHM2QqwO51twLxE_qhrAsak/s1600/6.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">These devices are directly connected to Tier2 CSC-CE devices. Tier1 SP will treat them as end customer CE router. We have configured a separate VRF "CSC" on both CSC-PE1 and CSC-PE2 and have added the interfaces towards CSC-CE devices under that VRF.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjME6uv2gNn0NSvSztfDUPqeFRC2NrVr8wUsjTsNOw_upaQE8TTR9jPphOrWkOtlJwtnqpyOeNr-6fpWFgfe8Gy5xKtaw2EwwW5cLFmKoPySJXzVpDkUzTnBqAbrogOzEiLkKPTdgpx_8M/s1600/7.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjME6uv2gNn0NSvSztfDUPqeFRC2NrVr8wUsjTsNOw_upaQE8TTR9jPphOrWkOtlJwtnqpyOeNr-6fpWFgfe8Gy5xKtaw2EwwW5cLFmKoPySJXzVpDkUzTnBqAbrogOzEiLkKPTdgpx_8M/s1600/7.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-J-SjgMpk3gveMy_TXHJsyPIkU-zCQquj-6hic6VlpkUpQbqDjOa80MnEXqSh2TeDimo79h4BYH-Qzdi6DZwEaOrCzOBYTvW5ZePsuIMyY346s81E0h25CHc12Unpy_1ktwVdC7hiXZE/s1600/8.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-J-SjgMpk3gveMy_TXHJsyPIkU-zCQquj-6hic6VlpkUpQbqDjOa80MnEXqSh2TeDimo79h4BYH-Qzdi6DZwEaOrCzOBYTvW5ZePsuIMyY346s81E0h25CHc12Unpy_1ktwVdC7hiXZE/s1600/8.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">While on CSC-CE1 and CSC-CE2 there isn't any special configuration under the interface facing Tier1 PE routers.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0mnPoveUKnXZjdoKcREB-LlULovQ-FIT9Hc5JtF_J9Ofd414GOqeVvVFSGGPXS3TsnzOcEPMFwCa4gf9ZRG06vTBHP0vUfdvsDzoex71K_PxJv3hcnKz7-RhMG97Xg6Is9yvu_Xd-R2o/s1600/9.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0mnPoveUKnXZjdoKcREB-LlULovQ-FIT9Hc5JtF_J9Ofd414GOqeVvVFSGGPXS3TsnzOcEPMFwCa4gf9ZRG06vTBHP0vUfdvsDzoex71K_PxJv3hcnKz7-RhMG97Xg6Is9yvu_Xd-R2o/s1600/9.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjedsohi_f3L1wSbk2ZttNHfFBE4y6uxFCs6hTlEqwW8w1wtpFCQq2zHDiAYWvft53x-mhhXRhIkd6Hwr2Qqd7lin8arng1pzO1frbWyRQhJ2NsSR06lO_0RxsyGw6ZcwEeAquxbDWPliU/s1600/10.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjedsohi_f3L1wSbk2ZttNHfFBE4y6uxFCs6hTlEqwW8w1wtpFCQq2zHDiAYWvft53x-mhhXRhIkd6Hwr2Qqd7lin8arng1pzO1frbWyRQhJ2NsSR06lO_0RxsyGw6ZcwEeAquxbDWPliU/s1600/10.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br />
We can advertise the loopback IPs of route reflectors from CSC-CE routers to CSC-PE router by using BGP+Label or LDP+IGP. We will use BGP+Label in this case.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">so the configuration on the CEs </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdFvFioXvFKewXukwiHAC3BVVt3Fx1T2zwZmECwGSmUHrK5BiSZ7axJMnp7iByzPwjaNlrIRVHKq5iaE5CcJgWYrEaMfvudf_Gu3tliG4gXeEpBIeTMlbqAnm9MakMrM7RWGE5xV2VIBE/s1600/11.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdFvFioXvFKewXukwiHAC3BVVt3Fx1T2zwZmECwGSmUHrK5BiSZ7axJMnp7iByzPwjaNlrIRVHKq5iaE5CcJgWYrEaMfvudf_Gu3tliG4gXeEpBIeTMlbqAnm9MakMrM7RWGE5xV2VIBE/s1600/11.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8k4z486zo0SoGapyudFlSiktLc4LsZmgTgvJEzAjEfEd8KKZjv4E9s2GFpsEuJBDZHIRqDZUxLLYqjVWPUWA8VZfOqpXLGk1WimS6r1M-oMTK5ItkBbHOBLUPkNZ_789AyheSCKfr1K0/s1600/12.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8k4z486zo0SoGapyudFlSiktLc4LsZmgTgvJEzAjEfEd8KKZjv4E9s2GFpsEuJBDZHIRqDZUxLLYqjVWPUWA8VZfOqpXLGk1WimS6r1M-oMTK5ItkBbHOBLUPkNZ_789AyheSCKfr1K0/s1600/12.PNG" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9QKnzUxsENquPwwFUD5y_W6lSevpQx1CuuFIxxql4nK5qpKcslE_XXe9K000GV44XvG_YnR4xHAZ0doCV-sWuryR2_1Wtybwg_QsDbojfnE4bojSwMmjoZtQMLA7URQ0Pnqt3Oo-8O9I/s1600/13.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9QKnzUxsENquPwwFUD5y_W6lSevpQx1CuuFIxxql4nK5qpKcslE_XXe9K000GV44XvG_YnR4xHAZ0doCV-sWuryR2_1Wtybwg_QsDbojfnE4bojSwMmjoZtQMLA7URQ0Pnqt3Oo-8O9I/s1600/13.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOfIDh_6quq-cyW_bBJVoH6wc5s24cYDl92XFaRGRkkjMAAhyphenhyphenk8WnvpEjCbxbbaJ_CdjDvga1Xl12woibMHcXp_k8YeIzb9is1TOg6jPJr4Vjz3fEUS33NEUT07fZViBoLXqlsbYkVsXU/s1600/14.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOfIDh_6quq-cyW_bBJVoH6wc5s24cYDl92XFaRGRkkjMAAhyphenhyphenk8WnvpEjCbxbbaJ_CdjDvga1Xl12woibMHcXp_k8YeIzb9is1TOg6jPJr4Vjz3fEUS33NEUT07fZViBoLXqlsbYkVsXU/s1600/14.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's advertise the prefixes in BGP using the "network" statement. In real world we should use prefix-list to control the subnets which are getting redistributed.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjuXVQcEC18Jj-nu1B-fiqYJQ6yLI7Fa_fuwa4T8L74KkiYcPsAm_EhRbqhZWnWCDj9-smq7CR1zPDsyWM3y2Ge92u5B_pyRF6QjEuJzLT10bB2c6ZFFHqml39BheGYT5HJFwFIA_UsKI/s1600/17.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhjuXVQcEC18Jj-nu1B-fiqYJQ6yLI7Fa_fuwa4T8L74KkiYcPsAm_EhRbqhZWnWCDj9-smq7CR1zPDsyWM3y2Ge92u5B_pyRF6QjEuJzLT10bB2c6ZFFHqml39BheGYT5HJFwFIA_UsKI/s1600/17.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCkmPfn2Clv3yISwHX02f7hS_LyQZ2I0MvnlodqSQ1sRgmx_GHqhe0FyxMKUKmtKiWoS5QKi4JfMjFrgdsRWw64Yn5qlyjY19UcgJ9y3Y5dRqhwkgOHZhGWY49aCOqYT8aliIIS58U0V4/s1600/18.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCkmPfn2Clv3yISwHX02f7hS_LyQZ2I0MvnlodqSQ1sRgmx_GHqhe0FyxMKUKmtKiWoS5QKi4JfMjFrgdsRWw64Yn5qlyjY19UcgJ9y3Y5dRqhwkgOHZhGWY49aCOqYT8aliIIS58U0V4/s1600/18.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br />As we will be receiving the prefix from the same BGP AS 100 on the CEs, we configured "allowas-in" to get around BGP's default loop prevention mechanism. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The configuration on the CSC-PEs </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoQab3IyUxXaUJyGn-UA83u63hD6w4ait-En05w4_Ly2-w1a4Vhcxh4ghPG2C8i6zwYXiD5qf9mAc_bs-ZxyKEwy-FaQnODUOoNODtYryxPIfRWdaEhrJzNxfpvoY0tRS2jeCZ-kX-rEQ/s1600/15.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoQab3IyUxXaUJyGn-UA83u63hD6w4ait-En05w4_Ly2-w1a4Vhcxh4ghPG2C8i6zwYXiD5qf9mAc_bs-ZxyKEwy-FaQnODUOoNODtYryxPIfRWdaEhrJzNxfpvoY0tRS2jeCZ-kX-rEQ/s1600/15.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjv5YI42-ENmJWvJVE0lwVL9KQW5IJG4zjPie_U1fMaB-CHdo66FLAuuEhu69UT5KkBznUax83l92MnivWu5rr3_onWWEGPUTRTmcsZzc-IpsC_6LzMBTlLMyN-F6j5tMpZLBcEzRhl_eA/s1600/16.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjv5YI42-ENmJWvJVE0lwVL9KQW5IJG4zjPie_U1fMaB-CHdo66FLAuuEhu69UT5KkBznUax83l92MnivWu5rr3_onWWEGPUTRTmcsZzc-IpsC_6LzMBTlLMyN-F6j5tMpZLBcEzRhl_eA/s1600/16.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br />The output on the CSC-PEs shows that we have started receiving the prefixes </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhK2hYN19oCs24c777tKiZByupAo5J7gxqt2hVp0QHJUlyflrbSt9wZgu12enCa9LGCksHZj75fr-vPnJQKIgEYFtogEVgmLjvhR1jm4qTBOUiJmWqXqWcT-UTcRrbdU_8OnkEny0YmvSA/s1600/19.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhK2hYN19oCs24c777tKiZByupAo5J7gxqt2hVp0QHJUlyflrbSt9wZgu12enCa9LGCksHZj75fr-vPnJQKIgEYFtogEVgmLjvhR1jm4qTBOUiJmWqXqWcT-UTcRrbdU_8OnkEny0YmvSA/s1600/19.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgs9sFMNABiLTjJQNJxbPden1KqcLVV0X8fBy8j6GSjtcHUGW0iWlQ09mThF2tv9s-z0OvO_0l6Z97YRBVm92UQqCZhMNHMOnchuK7cxqjwgWYXBA2h9I5MeXKe6xFCNyLfNxFw3mE5iNE/s1600/20.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgs9sFMNABiLTjJQNJxbPden1KqcLVV0X8fBy8j6GSjtcHUGW0iWlQ09mThF2tv9s-z0OvO_0l6Z97YRBVm92UQqCZhMNHMOnchuK7cxqjwgWYXBA2h9I5MeXKe6xFCNyLfNxFw3mE5iNE/s1600/20.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The CSC-CEs also started receiving the updates from relevant CSC-PEs</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLRLtUA_fc1RSmtQ5wsjzf05xO5i83LzMRbQ_HmtYGi4RLqB1xDCDDWBe1-wSfGqos8ONTQ_5tn_FjG1omySBZamQyK_JHMU4z9sOunFNZX5Sk1VNvWr2W0dmib62lYoCBlIPz7oWbqjM/s1600/21.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhLRLtUA_fc1RSmtQ5wsjzf05xO5i83LzMRbQ_HmtYGi4RLqB1xDCDDWBe1-wSfGqos8ONTQ_5tn_FjG1omySBZamQyK_JHMU4z9sOunFNZX5Sk1VNvWr2W0dmib62lYoCBlIPz7oWbqjM/s1600/21.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9A1uu2zYs-jp3IEtF11kGxeWtrK7c5obKdIzGXiwkJTYygx-OG5hygLRY-rpWJGPHjMGq3vcjTM7fAykDeFo-SRZyRf8ewTGfd_bN3O4BMBhhQOEGUD4qZ6zRl49TBQhZCnrK1fx_rmo/s1600/22.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9A1uu2zYs-jp3IEtF11kGxeWtrK7c5obKdIzGXiwkJTYygx-OG5hygLRY-rpWJGPHjMGq3vcjTM7fAykDeFo-SRZyRf8ewTGfd_bN3O4BMBhhQOEGUD4qZ6zRl49TBQhZCnrK1fx_rmo/s1600/22.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br />
Now we have redistribute these BGP routes into local IGP for them to propagate through the network.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwsgudeGZqt7yUQQJwYWJqHUmEttx0prz3rE8uo3b7pmAvPA68dG4ymwnFHfoIBqQAevGdZLf-Ntxo2A8gf3you-tbWxf4a3pUltkqmixPH-1qkqG3xCisYJEmGM9NB-O12y_27sSJHmU/s1600/23.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwsgudeGZqt7yUQQJwYWJqHUmEttx0prz3rE8uo3b7pmAvPA68dG4ymwnFHfoIBqQAevGdZLf-Ntxo2A8gf3you-tbWxf4a3pUltkqmixPH-1qkqG3xCisYJEmGM9NB-O12y_27sSJHmU/s1600/23.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgG7iQPp-vsbPSWuHRkwdBjQhWhGvvh3vwZC7VvsVwbxXuNnUNhg7olznbN5PcMYHFW9bVEyaXNgQwX15-jhsoAQRvDAu7IY9l3KJZRv7fiV2hVm1wxeAcJ59JiG-mugzfvwjXRgacmQ-4/s1600/24.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgG7iQPp-vsbPSWuHRkwdBjQhWhGvvh3vwZC7VvsVwbxXuNnUNhg7olznbN5PcMYHFW9bVEyaXNgQwX15-jhsoAQRvDAu7IY9l3KJZRv7fiV2hVm1wxeAcJ59JiG-mugzfvwjXRgacmQ-4/s1600/24.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The route-reflectors have now learned the prefix </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtj35KZrwIW0TsIRGwI50u5DUNUgZvdDdHfDxfDoHNi8sTmfhpi8K14Qo4xcucsw9xpEPVmFMsZirQ-nzXTD-UlNLh02xQjcctXUIEBtdheUGc6M2sXS8lPWWGPh60Xwn-HEhzjRrMQ5s/s1600/25.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtj35KZrwIW0TsIRGwI50u5DUNUgZvdDdHfDxfDoHNi8sTmfhpi8K14Qo4xcucsw9xpEPVmFMsZirQ-nzXTD-UlNLh02xQjcctXUIEBtdheUGc6M2sXS8lPWWGPh60Xwn-HEhzjRrMQ5s/s1600/25.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5mGRpiq9ogSNBeX1Bhfu8w6Kti5krV3u67sNHXRR8Dm7dbKHwl3xJaFsoLv0epYwsixz-W5gXVcO9B_AtjuWK5dkleryVwfYYO83CY35v8vlZBq_oASwMS3XyIVWliNoFTyIa7-RSjAU/s1600/26.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5mGRpiq9ogSNBeX1Bhfu8w6Kti5krV3u67sNHXRR8Dm7dbKHwl3xJaFsoLv0epYwsixz-W5gXVcO9B_AtjuWK5dkleryVwfYYO83CY35v8vlZBq_oASwMS3XyIVWliNoFTyIa7-RSjAU/s1600/26.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br />
We will configure VPNv4 IBGP neighbourship between both route-reflectors</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFqkoZvZxAaXpxK78XkcxY1pIkm0QV379g3dSz_d-ooCrXtF5eLSEOvwRqqh7CtaiEBwSrUaZShxTms74PjldBmwZSVQV7xASQsRzutsDM27_Y0AYuPzVevoxgFuhrYIgr-K5wyAbUN-w/s1600/27.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFqkoZvZxAaXpxK78XkcxY1pIkm0QV379g3dSz_d-ooCrXtF5eLSEOvwRqqh7CtaiEBwSrUaZShxTms74PjldBmwZSVQV7xASQsRzutsDM27_Y0AYuPzVevoxgFuhrYIgr-K5wyAbUN-w/s1600/27.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitLKukCv3tBlvXOtiaEhdNIQoA2qtAurI4lZ2OqL7Dt3yoC7tn2sDsSZUzZ6kCXKJBLXtU-3lZ3__UA487QZa9diAbm91pHbqiCf-j4chY4RMkzFf07oVx1XFCdTqs3P7vILCQ0Jv4cjM/s1600/28.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitLKukCv3tBlvXOtiaEhdNIQoA2qtAurI4lZ2OqL7Dt3yoC7tn2sDsSZUzZ6kCXKJBLXtU-3lZ3__UA487QZa9diAbm91pHbqiCf-j4chY4RMkzFf07oVx1XFCdTqs3P7vILCQ0Jv4cjM/s1600/28.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br />
</span><span style="font-family: Verdana, sans-serif;">we can see that the RRs have started passing the routing updates however the prefix learned is not the best route.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghdz77xav-DxEohbKzqsSDw4eoosKEvAsTiCh9KvfezugeQv7vUZHDBFUb8VLB-L92pf6GWd2fz2avrM3CkgNbe5f6xr5XWl6TkQkTJ1yKhGWpZS8DJyabWpONClp9Hhhtxg-HfEGBODw/s1600/29.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghdz77xav-DxEohbKzqsSDw4eoosKEvAsTiCh9KvfezugeQv7vUZHDBFUb8VLB-L92pf6GWd2fz2avrM3CkgNbe5f6xr5XWl6TkQkTJ1yKhGWpZS8DJyabWpONClp9Hhhtxg-HfEGBODw/s1600/29.PNG" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">The route is learned with the next-hop being the remote end PE router. The loopback of PE router has not been learned via IGP hence the route is not installed in the routing table.</span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpmvtf_yoPEF9Ivcp4KymUSE6MMsnax7CAeg70eAWJf_rzUQFxqrqtD5XGN1Uh2pVMbMgDOnnc1y-YAc0J55hfzbw6YwWU4HlzGKe9L7Riqj9xA3-Rel9SFVUNnT_inWO_Q9oYQzlJLsk/s1600/30.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpmvtf_yoPEF9Ivcp4KymUSE6MMsnax7CAeg70eAWJf_rzUQFxqrqtD5XGN1Uh2pVMbMgDOnnc1y-YAc0J55hfzbw6YwWU4HlzGKe9L7Riqj9xA3-Rel9SFVUNnT_inWO_Q9oYQzlJLsk/s1600/30.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">We will have to advertise the loopback of PE routers as well through BGP.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggGBaM7hYiKiynnb_YrkGORiKvkrq336eOI829_v9W7uEi2PZUTKZK1Q_MsB50GiruUdjYZp9o_tgfj4L9IowlSboiBeHnaXYwQ5t55NdRmpSe6A_TwJJ-tqgfIsG7oMt1uuvC884Th_g/s1600/31.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggGBaM7hYiKiynnb_YrkGORiKvkrq336eOI829_v9W7uEi2PZUTKZK1Q_MsB50GiruUdjYZp9o_tgfj4L9IowlSboiBeHnaXYwQ5t55NdRmpSe6A_TwJJ-tqgfIsG7oMt1uuvC884Th_g/s1600/31.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKC7_Tu0tFJSHgLU2TlAwh04Yj3DLw4I6GWQfZb0jsmVP2x_MZP_CpyCpmTtgbs4O5cxp9bUXXai2_y77SpOaWeNg1mA4K_WRJQdbTVmAOKQjqE2NggyeSuOxkH4bJhG_zclOI5nf4vkQ/s1600/32.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKC7_Tu0tFJSHgLU2TlAwh04Yj3DLw4I6GWQfZb0jsmVP2x_MZP_CpyCpmTtgbs4O5cxp9bUXXai2_y77SpOaWeNg1mA4K_WRJQdbTVmAOKQjqE2NggyeSuOxkH4bJhG_zclOI5nf4vkQ/s1600/32.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Now we can see that the route is considered as the best route.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9GZwMLf5ymUYe4gi9ackPKkJre7pZkYH3j59w8JAloITWJmjKOrusF4ynKciwmHDUsEjBxeO_7H8vGVb0qQA6ZeKFwMO06lbUztmvVfCYFqMwv0VczHLV7JHiAw6lS2LulRTYTCvjh0E/s1600/33.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9GZwMLf5ymUYe4gi9ackPKkJre7pZkYH3j59w8JAloITWJmjKOrusF4ynKciwmHDUsEjBxeO_7H8vGVb0qQA6ZeKFwMO06lbUztmvVfCYFqMwv0VczHLV7JHiAw6lS2LulRTYTCvjh0E/s1600/33.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBv35zN52n6IHf5rxzr3vTdSFrYelPpeIH44iLxk4I0XtN0k_GXb8ikzL2TPtvoheHD6y239r8P4d5_GO0qDsd0AyzoVxMHApKdBOpE3Eyl6VogmRp3MTN92DxuCRg8vcKYzWiXkqq10E/s1600/34.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBv35zN52n6IHf5rxzr3vTdSFrYelPpeIH44iLxk4I0XtN0k_GXb8ikzL2TPtvoheHD6y239r8P4d5_GO0qDsd0AyzoVxMHApKdBOpE3Eyl6VogmRp3MTN92DxuCRg8vcKYzWiXkqq10E/s1600/34.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The RRs will pass this update to both the PEs which will eventually be passed onto the CE routers.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFS7_OVILZ35iSYV8OEhn-_6pCEIlH43pczwG4L1VVb-baoWKQ1-lOTDDbPZasSFYIw-50YuNTa7W6kEkq1MwYcKs2Yu4ePQ3GaAGtc8KYphzqUGZmWFO6l8faUCeFY9E-awU1TLYD02k/s1600/35.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFS7_OVILZ35iSYV8OEhn-_6pCEIlH43pczwG4L1VVb-baoWKQ1-lOTDDbPZasSFYIw-50YuNTa7W6kEkq1MwYcKs2Yu4ePQ3GaAGtc8KYphzqUGZmWFO6l8faUCeFY9E-awU1TLYD02k/s1600/35.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjltiuprLph1eboXvJTN9o6SztrfFZR9_2KuF2somJ0SQFuCBRlP5oBBIuqi1v7sBODLiUH7x2ebBhx2lzH_l-Tt6bCYbOBo6sdXGMjgxS7JpWpbr5PYoqAN57-V3A1rWLSo7PZxbDXfyw/s1600/36.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjltiuprLph1eboXvJTN9o6SztrfFZR9_2KuF2somJ0SQFuCBRlP5oBBIuqi1v7sBODLiUH7x2ebBhx2lzH_l-Tt6bCYbOBo6sdXGMjgxS7JpWpbr5PYoqAN57-V3A1rWLSo7PZxbDXfyw/s1600/36.PNG" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The ping and traceroute confirm that there is a full reachability.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLCfdaFNdo04FLnVA5oIpAFScJqr0jdB8iZN6tU-S_g5x795bJWsfeU3TxyigZcfiktVAR5VvDAKO0yduJDW3rP73mbei-4CTzGouOO4O2X-QSp_kMpgqjGIJmuQqLy-Tat_MlviibtwE/s1600/37.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLCfdaFNdo04FLnVA5oIpAFScJqr0jdB8iZN6tU-S_g5x795bJWsfeU3TxyigZcfiktVAR5VvDAKO0yduJDW3rP73mbei-4CTzGouOO4O2X-QSp_kMpgqjGIJmuQqLy-Tat_MlviibtwE/s1600/37.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigsF0lZA7r3vrSpRcUx296kEQYUkiM9KBwsMivgHt7DT5He4xM6Vpi_PLNZ-Pc4rMQuHCaNW2A7OYfIvfD-BpJrTRwXEEg95sGCAW93uJwDVu4cLRro_QwJLVopddAIu9hGzknYW_kGzs/s1600/38.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigsF0lZA7r3vrSpRcUx296kEQYUkiM9KBwsMivgHt7DT5He4xM6Vpi_PLNZ-Pc4rMQuHCaNW2A7OYfIvfD-BpJrTRwXEEg95sGCAW93uJwDVu4cLRro_QwJLVopddAIu9hGzknYW_kGzs/s1600/38.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's now analyse the above output and figure out how MPLS label exchange worked.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="background: #FEFDFA; color: #333333; font-family: "Verdana","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB;">Following happens
for a packet originating from CE1 and terminating at CE2.</span></div>
<div class="MsoNormal" style="margin-bottom: 0.0001pt;">
<span style="color: #333333; font-family: "Verdana","sans-serif"; font-size: 12.0pt; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-GB;"><br /></span></div>
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMbCGV53aaUvmiwUWrLWK9p3VuTZXHjtGsxbCRE9vezBZysogduq438UwR9QPpWyqT3KFE6BSvo6ccrlpzlmWunQnwSd4G6HnBTM8NGm36eSVm3RdZt1LL0UvYNbKVSd_rhmX360ik_6E/s1600/LSP.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="456" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMbCGV53aaUvmiwUWrLWK9p3VuTZXHjtGsxbCRE9vezBZysogduq438UwR9QPpWyqT3KFE6BSvo6ccrlpzlmWunQnwSd4G6HnBTM8NGm36eSVm3RdZt1LL0UvYNbKVSd_rhmX360ik_6E/s640/LSP.jpg" width="640" /></a></div>
<div class="MsoListParagraphCxSpFirst" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; margin: 0cm 0cm 3pt 53.4pt; text-align: justify; text-indent: -18pt;">
<span style="background-color: orange;"><span style="font-family: Verdana, sans-serif; font-size: 12pt;"><br /></span></span></div>
<div class="MsoListParagraphCxSpFirst" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; margin: 0cm 0cm 3pt 53.4pt; text-align: justify; text-indent: -18pt;">
<!--[if !supportLists]--><span style="background-color: orange;"><span style="font-family: Verdana, sans-serif; font-size: 12pt;">1.<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;">SP-PE1 (PE router
attached to CE1)</span></span></div>
<div class="MsoListParagraphCxSpFirst" style="background: rgb(254, 253, 250); margin: 0cm 0cm 3pt 53.4pt; text-align: justify; text-indent: -18pt;">
<span style="color: #333333; font-family: Verdana, sans-serif; font-size: 12pt; text-indent: 36pt;"> Outgoing </span><span style="font-family: Verdana, sans-serif; font-size: 12pt; text-indent: 36pt;"><span style="color: blue;">Transport label is 21</span></span></div>
<div class="MsoListParagraphCxSpFirst" style="background: rgb(254, 253, 250); margin: 0cm 0cm 3pt 53.4pt; text-align: justify; text-indent: -18pt;">
<span style="color: #333333; font-family: Verdana, sans-serif; font-size: 12pt; text-indent: 36pt;"> </span><span style="font-family: Verdana, sans-serif; font-size: 12pt; text-indent: 36pt;"><span style="color: red;"> VPN label is 19</span></span></div>
<div class="MsoListParagraphCxSpFirst" style="background: rgb(254, 253, 250); margin: 0cm 0cm 3pt 53.4pt; text-align: justify; text-indent: -18pt;">
<span style="color: #333333; font-family: Verdana, sans-serif; font-size: 16px; text-indent: 0px;"> next-hop is SP-PE2 (14.14.14.14)</span></div>
<div style="text-align: justify;">
<div class="MsoListParagraphCxSpMiddle" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; margin: 0cm 0cm 3pt 53.4pt; text-indent: -18pt;">
<!--[if !supportLists]--><span style="background-color: orange;"><span style="font-family: Verdana, sans-serif; font-size: 12pt;">2.<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--></span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="background-color: orange;">SP-P1 (P
router)</span><span style="background-color: #fefdfa; color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> Outgoing </span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="color: blue;">Transport label is 17</span><span style="color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> </span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="color: red;"> VPN label is 19</span><span style="color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> next-hop is SP-PE2 (14.14.14.14)<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; margin: 0cm 0cm 3pt 53.4pt; text-indent: -18pt;">
<!--[if !supportLists]--><span style="background-color: orange;"><span style="color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;">3.<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--></span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="background-color: orange;">CSC-CE1 (CE
router connected to Tier 1 SP PE device)</span><span style="background-color: #fefdfa;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> Outgoing </span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="color: blue;">Transport label is 21</span><span style="color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> </span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="color: red;"> VPN label is 19</span><span style="color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> next-hop is SP-PE2 (14.14.14.14)<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; margin: 0cm 0cm 3pt 53.4pt; text-indent: -18pt;">
<!--[if !supportLists]--><span style="background-color: #6aa84f;"><span style="color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;">4.<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--></span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="background-color: #6aa84f;">CSC-PE1 </span></span><span style="background-color: #6aa84f;"><span style="font-family: Verdana, sans-serif;">Tier 1 Carrier PE router</span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> Outgoing </span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="color: #38761d;">CSC transport label is 17</span><span style="color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> </span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="color: blue;">CSC VPN label is 20</span></span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> (The transport label becomes
the CSC VPN label)<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> </span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="color: red;"> VPN label is 19 </span><span style="color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> next-hop is CSC-PE2 (10.10.10.10)<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; margin: 0cm 0cm 3pt 53.4pt; text-indent: -18pt;">
<!--[if !supportLists]--><span style="background-color: #6aa84f;"><span style="color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;">5.<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--></span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="background-color: #6aa84f;">CSC- P1 Tier 1
Carrier P router</span><span style="background-color: #fefdfa;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> Outgoing </span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="color: #38761d;">CSC transport label is 17</span><span style="color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> </span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="color: blue;">CSC VPN label is 20</span><span style="color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> </span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="color: red;">VPN label is 19</span><span style="color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> next-hop is CSC-PE2 (10.10.10.10)<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; margin: 0cm 0cm 3pt 53.4pt; text-indent: -18pt;">
<!--[if !supportLists]--><span style="background-color: #6aa84f;"><span style="color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;">6.<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--></span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="background-color: #6aa84f;">CSC- P2 Tier 1
Carrier P router</span><span style="background-color: #fefdfa;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> Outgoing </span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="color: #38761d;">CSC transport label is 16</span><span style="color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> </span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="color: blue;">CSC VPN label is 20</span><span style="color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> </span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="color: red;"> VPN label is 19</span><span style="color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> next-hop is CSC-PE2 (10.10.10.10)<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; margin: 0cm 0cm 3pt 53.4pt; text-indent: -18pt;">
<!--[if !supportLists]--><span style="background-color: #6aa84f;"><span style="font-family: Verdana, sans-serif; font-size: 12pt;">7.<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--></span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="background-color: #6aa84f;">CSC- P3 Tier 1
Carrier P router</span><span style="background-color: #fefdfa; color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> Outgoing </span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="color: #38761d;">CSC transport label removed</span><span style="color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> </span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="color: blue;">CSC VPN label is 20</span><span style="color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> </span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="color: red;">VPN label is 19</span><span style="color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> next-hop is CSC-PE2 (10.10.10.10)<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; margin: 0cm 0cm 3pt 53.4pt; text-indent: -18pt;">
<!--[if !supportLists]--><span style="background-color: #6aa84f;"><span style="font-family: Verdana, sans-serif; font-size: 12pt;">8.<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--></span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="background-color: #6aa84f;">CSC- PE2 Tier 1 Carrier PE router</span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> Outgoing </span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="color: blue;">transport label is 19</span><span style="color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> </span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="color: red;"> VPN label is 19</span><span style="color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> next-hop is SP-PE2 (14.14.14.14)<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; margin: 0cm 0cm 3pt 53.4pt; text-indent: -18pt;">
<!--[if !supportLists]--><span style="background-color: orange;"><span style="color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;">9.<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;">
</span></span><!--[endif]--></span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="background-color: orange;">CSC-CE2(CE router
connected to Tier 1 SP PE device)</span><span style="background-color: #fefdfa;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> Out going </span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="color: blue;">transport label is 16</span><span style="color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> </span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="color: red;">VPN label is 19</span><span style="color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> next-hop is SP-PE2 (14.14.14.14)<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; margin: 0cm 0cm 3pt 53.4pt; text-indent: -18pt;">
<!--[if !supportLists]--><span style="background-color: orange; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;">10.<span style="font-family: 'Times New Roman'; font-size: 7pt; font-stretch: normal;"> </span></span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="background-color: orange;">SP-P2 (P
router)</span><span style="background-color: #fefdfa;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> Outgoing </span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="color: blue;">transport label is removed</span><span style="color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> </span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="color: red;"> VPN label is 19</span><span style="color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> next-hop is SP-PE2 (14.14.14.14)<o:p></o:p></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; margin: 0cm 0cm 3pt 53.4pt; text-indent: -18pt;">
<!--[if !supportLists]--><span style="background-color: orange; font-family: Verdana, sans-serif; font-size: 12pt;">11.</span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="background-color: orange;">SP-PE2 (PE
router attached to CE2)</span><span style="background-color: #fefdfa; color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpMiddle" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> </span><span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; font-family: Verdana, sans-serif; font-size: 12pt;"><span style="color: red;"> VPN label is removed</span><span style="color: #333333;"><o:p></o:p></span></span></div>
<div class="MsoListParagraphCxSpLast" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"> destination reached in next-hop <o:p></o:p></span></div>
<div class="MsoListParagraphCxSpLast" style="background: rgb(254, 253, 250); margin-bottom: 3pt;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"><br /></span></div>
<div class="MsoListParagraphCxSpLast" style="background: rgb(254, 253, 250); margin-bottom: 3pt; text-align: left;">
<div style="text-align: left;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;">More information can be found on <a href="http://www.cisco.com/c/en/us/td/docs/ios/12_2s/feature/guide/fs2scsc.html">http://www.cisco.com/c/en/us/td/docs/ios/12_2s/feature/guide/fs2scsc.html</a></span></div>
</div>
<div class="MsoListParagraphCxSpLast" style="background: rgb(254, 253, 250); margin-bottom: 3pt; text-align: left;">
<div style="text-align: left;">
<span style="background-attachment: initial; background-clip: initial; background-image: initial; background-origin: initial; background-position: initial; background-repeat: initial; background-size: initial; color: #333333; font-family: Verdana, sans-serif; font-size: 12pt;"><br /></span></div>
</div>
</div>
</div>
Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com0tag:blogger.com,1999:blog-3934012154598313421.post-4494344292324771132015-08-29T10:26:00.002+01:002015-12-23T16:39:20.831+00:00Inter-AS MPLS VPN - Option C (BGP+Label)<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: Verdana, sans-serif;">In this post, we will look into the Inter-AS MPLS VPN - Option C which is also known as "BGP + Label". </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Option C uses eBGP IPv4 session between ASBRs to exchange reachability to PE loopbacks. There will be a VPNv4 neighbourship between service providers VPNv4 route-reflectors (RRs).</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Option C takes away the heavy reliance on ASBRs. In this case, ASBRs are only used to exchange the loopback prefixes using eBGP IPv4 sessions.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">To understand how it works, let's look at our topology below.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIYIsRhaeOKZXDVK88z9gjkaepdI4zZ36ab7NhjuErwNVY9C7OGI9Jv2ABUe2cj37UMl57lE9bS64g-YFrP7FL1hTYwPOJ8iznfjEEc4DL2mJIGB9EFKrVEfP6XBrmRjbfLOHvewAEjHw/s1600/Drawing1.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="378" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIYIsRhaeOKZXDVK88z9gjkaepdI4zZ36ab7NhjuErwNVY9C7OGI9Jv2ABUe2cj37UMl57lE9bS64g-YFrP7FL1hTYwPOJ8iznfjEEc4DL2mJIGB9EFKrVEfP6XBrmRjbfLOHvewAEjHw/s640/Drawing1.jpg" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"></span><br />
<span style="font-family: Verdana, sans-serif;">We have two service providers. Both are connected through ASBR routers. In this specific instance, we have local VPNv4 route-reflector for each SP. The customer site CE1 is connected to SP1 and CE2 is connected to SP2.</span><br />
<a name='more'></a><br />
<span style="font-family: Verdana, sans-serif;">SP1-PE1 and SP1-ASBR are RR client of SP1-RR. </span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgb-AXv9vy9Zjwe3L5i5-jR_Z5c9GRpnBYk3RVkh1rrrkXLf42Agn52xfr3L7mWsexBVLCZfPZ4rWjq7TJnxQZHVxU5bEkF4NseFtCtYog41co5h-Pwg1gq_2K55-HyxktKrC-mbRCEFNM/s1600/1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgb-AXv9vy9Zjwe3L5i5-jR_Z5c9GRpnBYk3RVkh1rrrkXLf42Agn52xfr3L7mWsexBVLCZfPZ4rWjq7TJnxQZHVxU5bEkF4NseFtCtYog41co5h-Pwg1gq_2K55-HyxktKrC-mbRCEFNM/s1600/1.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhb5ryOfjmnhO0qK3Lmpajd_riFIQwbfPpJfhC_C-ME9RN26CbP2FQULj8JgG0_LvCvcYDcKF6yVujOrrGhe2R80B-OgL1CAPIu68U3lrxW4XM3LOHWYexLQ3nKwucEFFoM6EWHUfxTMao/s1600/2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhb5ryOfjmnhO0qK3Lmpajd_riFIQwbfPpJfhC_C-ME9RN26CbP2FQULj8JgG0_LvCvcYDcKF6yVujOrrGhe2R80B-OgL1CAPIu68U3lrxW4XM3LOHWYexLQ3nKwucEFFoM6EWHUfxTMao/s1600/2.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi46gFBdxouCZXsjLaLwT2w_n-iYWfIM-PWPodCpUcflGf6_pScZQpFoNFDcTV_SMBVNgcn1RhYdBAmAHg8p5XsORXePtpJ-iSedmbtltFXdAM9ZLznYQvYA0XZGLuNVPVrwigS5aNC8OM/s1600/3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi46gFBdxouCZXsjLaLwT2w_n-iYWfIM-PWPodCpUcflGf6_pScZQpFoNFDcTV_SMBVNgcn1RhYdBAmAHg8p5XsORXePtpJ-iSedmbtltFXdAM9ZLznYQvYA0XZGLuNVPVrwigS5aNC8OM/s1600/3.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Similarly SP2-PE1 and SP2-ASBR are RR client of SP2-RR.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4YEuuTX4GStF_4jDhOuC-MikHvjDsDUuoWkylHjHfjhcRhpkqlK2bpLZ-PI8x0rHPycX_4Kk7EVUrYH7vSp9ePkWRy-pq2CCOXW2vO6NOjQNKzWh2OoUtep7t7_G70jbJ5tKwSUpWrso/s1600/4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4YEuuTX4GStF_4jDhOuC-MikHvjDsDUuoWkylHjHfjhcRhpkqlK2bpLZ-PI8x0rHPycX_4Kk7EVUrYH7vSp9ePkWRy-pq2CCOXW2vO6NOjQNKzWh2OoUtep7t7_G70jbJ5tKwSUpWrso/s1600/4.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvtlDD0aZ3mkcXDP4dLn96t_OHw-NIaSf235bVt4qEDddoPlEBqmwTChMjS0fowCanY6FQc90o07igNnbsoiUt1B3fCbhBO0wGTQ1lspJrN2Jd_0kqNtcKu1V0FUKCKrEeiBqnAGfziWA/s1600/5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvtlDD0aZ3mkcXDP4dLn96t_OHw-NIaSf235bVt4qEDddoPlEBqmwTChMjS0fowCanY6FQc90o07igNnbsoiUt1B3fCbhBO0wGTQ1lspJrN2Jd_0kqNtcKu1V0FUKCKrEeiBqnAGfziWA/s1600/5.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBauZpYguD30HBba20_jeU8I2IIxoJCXXAFXGvh9MFF4dDS2v7s1gJEJ0pEfl5EKf5hyphenhyphen5CFuKHQH-byxDmj2FM2vDQakr-PEyFuHS6WZuHN-9tCq4Tj6fb-bnidpktppdC5g7Jqc-fXVo/s1600/6.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBauZpYguD30HBba20_jeU8I2IIxoJCXXAFXGvh9MFF4dDS2v7s1gJEJ0pEfl5EKf5hyphenhyphen5CFuKHQH-byxDmj2FM2vDQakr-PEyFuHS6WZuHN-9tCq4Tj6fb-bnidpktppdC5g7Jqc-fXVo/s1600/6.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The SP1-ASBR learns the CE1 loopback prefix 1.1.1.1/32 from SP1-RR.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQYzs6vzpz0sIQiIUFLvhRppWbGdFMZACXppI6huPz6-YGmaQ4ooNvjgqGyePucch8g_wlFDzSm7GASpBLHNWkTyau4ZUNpmS9qtwW8AzFjx8XKdxJbGu9iu7po6W_ww_dOG2des5J4To/s1600/7.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQYzs6vzpz0sIQiIUFLvhRppWbGdFMZACXppI6huPz6-YGmaQ4ooNvjgqGyePucch8g_wlFDzSm7GASpBLHNWkTyau4ZUNpmS9qtwW8AzFjx8XKdxJbGu9iu7po6W_ww_dOG2des5J4To/s1600/7.PNG" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">Similarly SP2-ASBR learns the CE2 loopback prefix 10.10.10.10/32 from SP2-RR.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaDzk60dkOl2rcVw5qloniMCM0J1NWP4aY2l7znfTL4-AqUG1PD6lH43ITvlnrF3tLDu13s6OKXQU52akmmyMcLZqn2su6qf2DxVr9cgaCkikULE8aGzkY3AeASH0z5v0E_p4uN1ZVksg/s1600/8.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaDzk60dkOl2rcVw5qloniMCM0J1NWP4aY2l7znfTL4-AqUG1PD6lH43ITvlnrF3tLDu13s6OKXQU52akmmyMcLZqn2su6qf2DxVr9cgaCkikULE8aGzkY3AeASH0z5v0E_p4uN1ZVksg/s1600/8.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">Our aim to establish VPNv4 neighbourship between router reflectors of the both service provider RRs so they can exchange routing information.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">To do this, first of all we have to exchange the loopback IPs of SP1-RR and SP2-RR through ASBRs.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">For this we will configure standard IPv4 BGP neighbourship between ASBRs.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSaPrxeOY97tkdJf7pOxxu8UUBgNdmCfng-XJOgNjsNZ-lambXuMB1jraGLQvvWcZ0eF2xfGH1LsIBESL8ptbJ6MfI2ii4882uInypCTD6DeitNW-jr9Vi-Pw4nkwhzMwedK2km6hccy8/s1600/9.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSaPrxeOY97tkdJf7pOxxu8UUBgNdmCfng-XJOgNjsNZ-lambXuMB1jraGLQvvWcZ0eF2xfGH1LsIBESL8ptbJ6MfI2ii4882uInypCTD6DeitNW-jr9Vi-Pw4nkwhzMwedK2km6hccy8/s1600/9.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYrIe5gg423F2wwTPoo95T1lunNd998p0ED54XJcYrqb_WmB8wiF7rfPqe4D9vmzOueJqS8Bu3NyhcKPqJMJkYYL9WA1mO3XMbfbbGpunVFYJmpskZZSNFn0LjyYiq2XrO7Ty74vaIzEY/s1600/10.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgYrIe5gg423F2wwTPoo95T1lunNd998p0ED54XJcYrqb_WmB8wiF7rfPqe4D9vmzOueJqS8Bu3NyhcKPqJMJkYYL9WA1mO3XMbfbbGpunVFYJmpskZZSNFn0LjyYiq2XrO7Ty74vaIzEY/s1600/10.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<span style="font-family: Verdana, sans-serif;">We also have to make sure that we send labels for the prefixes through the BGP neighbourship.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjT_spMSRXUqC6zTFQ7zd0XEc-ScQc6q4LibCFr2zFx-C_F4bgrDsXSmUn6ZHpezIDev2SOxrKqo3OHwYQN0RdsgRqhYKMiBu-cgxIYDqeBeZHO2k8KQRzzTDlQne4wt9-tsR4eRD1uqT8/s1600/24.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjT_spMSRXUqC6zTFQ7zd0XEc-ScQc6q4LibCFr2zFx-C_F4bgrDsXSmUn6ZHpezIDev2SOxrKqo3OHwYQN0RdsgRqhYKMiBu-cgxIYDqeBeZHO2k8KQRzzTDlQne4wt9-tsR4eRD1uqT8/s1600/24.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLiTZT38rboiaQGo6ODxLtTrT83fPzPMn6n9pO806I0GoI5rD51nOdnrMSwLKjEYw9k12EQxHmSWvPEvgG5dvJgjLj4UyW3kIaPpSKd47a6mpUFddZ0-aP69sJysUhtMZgkDki27reEPo/s1600/25.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLiTZT38rboiaQGo6ODxLtTrT83fPzPMn6n9pO806I0GoI5rD51nOdnrMSwLKjEYw9k12EQxHmSWvPEvgG5dvJgjLj4UyW3kIaPpSKd47a6mpUFddZ0-aP69sJysUhtMZgkDki27reEPo/s1600/25.PNG" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">Remember we are using BGP to exchange the MPLS labels here and not LDP!</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Now we will redistribute the loopback IP of route reflector from IGP to BGP. We will use route-maps and prefix-lists to do it in a controlled manner.</span><br />
<br />
<span style="font-family: Verdana, sans-serif;">On SP1-ASBR, </span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2PCr5T7B2adBEOj0aSSbXhswXn3ukLHxFgdmPK3sTXLPQ_1GqTz0zmty7-LmH4BB2-gFaVt4KWy870i0qEisz_tS1Nb_IYeIw3QH33wr0W2oWoFhrDCUpYdSLNyxQrnbVpfFDr6COZxI/s1600/11.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2PCr5T7B2adBEOj0aSSbXhswXn3ukLHxFgdmPK3sTXLPQ_1GqTz0zmty7-LmH4BB2-gFaVt4KWy870i0qEisz_tS1Nb_IYeIw3QH33wr0W2oWoFhrDCUpYdSLNyxQrnbVpfFDr6COZxI/s1600/11.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqe4stXndsyaxI9djwMl39H23oK7HolecdYXUgst67i2fUSt4RW7ro9qTohoZ5Z829P0nl1jaGY6JsIYhzuzcU1C-k7eW4ObbO9-GUeMu_IMqUMc5GxUcT-OUT-VbM9J8wWOiNmt4jMCE/s1600/12.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqe4stXndsyaxI9djwMl39H23oK7HolecdYXUgst67i2fUSt4RW7ro9qTohoZ5Z829P0nl1jaGY6JsIYhzuzcU1C-k7eW4ObbO9-GUeMu_IMqUMc5GxUcT-OUT-VbM9J8wWOiNmt4jMCE/s1600/12.PNG" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7uC08Rr_9nqo4-5_U1KgIeInicBj9onuBpcCZbzGABCxn5delJdlKsfj79HsPGUXK0HfVKD20Q0vX54znAtss0sgFUQ65PhtEQmAhhMPxzBvespdGt7IKUD0l-8-u9qDFz0Lz2dGaG4Q/s1600/13.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7uC08Rr_9nqo4-5_U1KgIeInicBj9onuBpcCZbzGABCxn5delJdlKsfj79HsPGUXK0HfVKD20Q0vX54znAtss0sgFUQ65PhtEQmAhhMPxzBvespdGt7IKUD0l-8-u9qDFz0Lz2dGaG4Q/s1600/13.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhr7ub3ZSz7R0mPS8tjAdc9CGW4VUobuhoaD3ZVKcYUxTeNxpUQX4O_jFjjRWd6tRwgRyiWjzymbEVkAlX2R_kMkvbA4mWELhxsNhs7YNt0laF3ohNDIKCOkSPJEy-ZWJptTM7mL7XLT8U/s1600/21.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhr7ub3ZSz7R0mPS8tjAdc9CGW4VUobuhoaD3ZVKcYUxTeNxpUQX4O_jFjjRWd6tRwgRyiWjzymbEVkAlX2R_kMkvbA4mWELhxsNhs7YNt0laF3ohNDIKCOkSPJEy-ZWJptTM7mL7XLT8U/s1600/21.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">On SP2-ASBR,</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgA1M0z0UaaYjCVBzImvAeSKHhqW5B2fTENsQdGac68gtOh7mt5an9ThUbcUIsrXpl9NxWt1KV_UdAwK3w_LuT_FGTFIkrGURis157StzS2W3CXHoWIdaPPOtdF_x1UycwkNQQXlZFAVlI/s1600/15.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgA1M0z0UaaYjCVBzImvAeSKHhqW5B2fTENsQdGac68gtOh7mt5an9ThUbcUIsrXpl9NxWt1KV_UdAwK3w_LuT_FGTFIkrGURis157StzS2W3CXHoWIdaPPOtdF_x1UycwkNQQXlZFAVlI/s1600/15.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMmUD8B9av21SyQX9bJMmyP_1ypKhYhlFfddo968aZiLO-weblZqUMpGqhMXn0rtkUL2GOcdLWwfjV-We9ikO84ALFIDiDJ2XyjfdLH4eEL8G6zRxeIDdXXThfDvSPSc3liTEIW7j2qJ4/s1600/16.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMmUD8B9av21SyQX9bJMmyP_1ypKhYhlFfddo968aZiLO-weblZqUMpGqhMXn0rtkUL2GOcdLWwfjV-We9ikO84ALFIDiDJ2XyjfdLH4eEL8G6zRxeIDdXXThfDvSPSc3liTEIW7j2qJ4/s1600/16.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-s17Lj1CptSfYHklMicx8KDf45mUS-CUH7fuDcHUfkAo6w1NFb1TOs42QTxLH_zQ3Ce9gP7fpmqMEu7vLkGaVrl2zW3PkNl1aVfQwgA5iZX_d5ve1jHzt3PS-QFlFMY71ixMUr2KUkU0/s1600/18.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-s17Lj1CptSfYHklMicx8KDf45mUS-CUH7fuDcHUfkAo6w1NFb1TOs42QTxLH_zQ3Ce9gP7fpmqMEu7vLkGaVrl2zW3PkNl1aVfQwgA5iZX_d5ve1jHzt3PS-QFlFMY71ixMUr2KUkU0/s1600/18.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">After this, both the ASBRs have started learning relevant prefixes through BGP.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3KM7czkeqa5TAF83QF3GwIES20qsxwIGFTXN4ytlhsvlyztWZyP996-KaPayk9Q2v0sTAzZ-TztctUaZZEK-wiJysCCdC7v6VrYedoa0YhBOHyneIuFQf_o6fvSCyMKf9u6W6CxFtE3o/s1600/19.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3KM7czkeqa5TAF83QF3GwIES20qsxwIGFTXN4ytlhsvlyztWZyP996-KaPayk9Q2v0sTAzZ-TztctUaZZEK-wiJysCCdC7v6VrYedoa0YhBOHyneIuFQf_o6fvSCyMKf9u6W6CxFtE3o/s1600/19.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyhG_iK-tTdtQlPT6Ys4_S9Zt5dbRVpO9IHjiv7Vlohkc11fbYwsqoQBwod3-8soYfr_XbyP8WE3A7RRp1riatGNwzrADs3B69ft_ElbFVIZOiVo3xWBwxozlxMKBXBlajb3N9qquwxm4/s1600/20.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyhG_iK-tTdtQlPT6Ys4_S9Zt5dbRVpO9IHjiv7Vlohkc11fbYwsqoQBwod3-8soYfr_XbyP8WE3A7RRp1riatGNwzrADs3B69ft_ElbFVIZOiVo3xWBwxozlxMKBXBlajb3N9qquwxm4/s1600/20.PNG" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<span style="font-family: Verdana, sans-serif;">As we are redistributing these prefixes into local IGP, the RRs should start learning them via IGP.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiU_zg88XOAzVooL7sp0R3ISigM0abVN-dm2Qa9yDzt9q7pbIvYnygMYhoddFisyLpn9HWxZTlo5BXkIa1sns7JJHA9IsikrfD8IeBHBqYf1vLhIivGepYglHJ5ldaL-p0JVhE-kyXVOAs/s1600/22.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiU_zg88XOAzVooL7sp0R3ISigM0abVN-dm2Qa9yDzt9q7pbIvYnygMYhoddFisyLpn9HWxZTlo5BXkIa1sns7JJHA9IsikrfD8IeBHBqYf1vLhIivGepYglHJ5ldaL-p0JVhE-kyXVOAs/s1600/22.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmxwFFR4KjHwPArrVVrz1f_prIwOawo082lOb5G61T0uLLRiWhjU1rnXxtG_-VZHT_VzFxZGVt58RanXn079trXxQrKSwjpwrGnkbPHYAwxoqTV7ghVgsKj_dsn0BbcJOB5xUTYBA9EtU/s1600/23.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmxwFFR4KjHwPArrVVrz1f_prIwOawo082lOb5G61T0uLLRiWhjU1rnXxtG_-VZHT_VzFxZGVt58RanXn079trXxQrKSwjpwrGnkbPHYAwxoqTV7ghVgsKj_dsn0BbcJOB5xUTYBA9EtU/s1600/23.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Now, let's configure the VPNv4 neighbourship between the RRs.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhffMI6vL9K7pT0-ac6BGh6ifjuvp6cf_a469wDiVUA__KwTXOdBAqTIilmyCH0jv9Z39Ab0nCEIoFmasM0-3nQ3ZFhSmNXSHuQsgT7tfskAG_5HP1SqNYS86OsJpp79xuGNWGm1qzPWeE/s1600/28.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhffMI6vL9K7pT0-ac6BGh6ifjuvp6cf_a469wDiVUA__KwTXOdBAqTIilmyCH0jv9Z39Ab0nCEIoFmasM0-3nQ3ZFhSmNXSHuQsgT7tfskAG_5HP1SqNYS86OsJpp79xuGNWGm1qzPWeE/s1600/28.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjl9-8djxd0f-aSv8NIMoDBlpObUl8C2P-k93y_2F9JjitXeg0DxqGpqO2hyphenhyphencmKsoOMQZgVSRChgqGD0oODQnwYsJgqNoGoFvIW-R8G_FjaAFRI5ihV-RKJZqo970TVN6goIRLDKLlgOww/s1600/29.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjl9-8djxd0f-aSv8NIMoDBlpObUl8C2P-k93y_2F9JjitXeg0DxqGpqO2hyphenhyphencmKsoOMQZgVSRChgqGD0oODQnwYsJgqNoGoFvIW-R8G_FjaAFRI5ihV-RKJZqo970TVN6goIRLDKLlgOww/s1600/29.PNG" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: Verdana, sans-serif;">Once the neighbourship is up, we can see that the RR's have started learning the customer prefixes.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh04dHChvAvt-zD9a4HIOXtjFvbNtkUei_AF9hlD1FlkibmaqNPuTkmhekURLO51QlUJS47-SStxEyTiO9hHQXOrNAVfJHI474Gylarn09UgJ8IWTag6RrmT-x6MHXij3u73aXyGLfc3RI/s1600/30.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh04dHChvAvt-zD9a4HIOXtjFvbNtkUei_AF9hlD1FlkibmaqNPuTkmhekURLO51QlUJS47-SStxEyTiO9hHQXOrNAVfJHI474Gylarn09UgJ8IWTag6RrmT-x6MHXij3u73aXyGLfc3RI/s1600/30.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZ0nckLhL-nSwfk-LqvgaQTBVf6HX_iAOoyQGK-VVMhrAGSBHEnKLZuo3ybu6oRmg0wXehO9CNVegLcXulSKsDFhSYrEojd3VZXSkCKuw3B7wPXAZ30gOE3FTHXtqVakxEcJhTrNXjTeQ/s1600/31.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZ0nckLhL-nSwfk-LqvgaQTBVf6HX_iAOoyQGK-VVMhrAGSBHEnKLZuo3ybu6oRmg0wXehO9CNVegLcXulSKsDFhSYrEojd3VZXSkCKuw3B7wPXAZ30gOE3FTHXtqVakxEcJhTrNXjTeQ/s1600/31.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The RR's are passing this update to SP1-PE1 and SP2-PE1.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiL-_6DSnc8aEKKxS7o74Osv7nBnA6inDnvJJrzx4SBetvFVNMvzqeoSzcUfNIWSk99NZuwmE22TBN_QVt053aXjUVxX0jZX9Gx60yDigTdPElCbwpai30Zsdbo5ZMcNMRXSHVMmwPfM2o/s1600/32.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiL-_6DSnc8aEKKxS7o74Osv7nBnA6inDnvJJrzx4SBetvFVNMvzqeoSzcUfNIWSk99NZuwmE22TBN_QVt053aXjUVxX0jZX9Gx60yDigTdPElCbwpai30Zsdbo5ZMcNMRXSHVMmwPfM2o/s1600/32.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg19sTsodSO7880avuLN-YUuO_aFzsVRiKczcW9ORBFOMkB11i3bhFIn0pufi326U-ogkPTVJckulSw4djR26igrMqGvrvm6ry2P501JcQgXHGoW098r1LD70ORWhH-bQ4IyJitoPH9XiA/s1600/33.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg19sTsodSO7880avuLN-YUuO_aFzsVRiKczcW9ORBFOMkB11i3bhFIn0pufi326U-ogkPTVJckulSw4djR26igrMqGvrvm6ry2P501JcQgXHGoW098r1LD70ORWhH-bQ4IyJitoPH9XiA/s1600/33.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">CE1 and CE2 are learning the prefixes from their EBGP session between the relevant PE routers.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhq8vkNWFnKAOGGlyvLHgi55UISdiktbLAs0HtWHbO0oiLjLfozXR76oy2dwV2kX7-Z9Qjtsw6hd1pTpDsBwSUSmgHLP19IsyARl1cfTH6bpumBDG7LqVWGQDsdsl0RGtdxuZjEI9f2lh8/s1600/34.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhq8vkNWFnKAOGGlyvLHgi55UISdiktbLAs0HtWHbO0oiLjLfozXR76oy2dwV2kX7-Z9Qjtsw6hd1pTpDsBwSUSmgHLP19IsyARl1cfTH6bpumBDG7LqVWGQDsdsl0RGtdxuZjEI9f2lh8/s1600/34.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGwj6_uFSn-EiOCdL0FXhuJFRM-Mn7XBWioHXxUdFRUD36l15t6LXTiwDFvFSD1T6gwpMG5re3ap6ep52_1TVZ1-L7n1AQTMXBIJKT1PBm67bIMd0CXc1funR3cwiCu_HV-kHSi2bEqgk/s1600/35.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGwj6_uFSn-EiOCdL0FXhuJFRM-Mn7XBWioHXxUdFRUD36l15t6LXTiwDFvFSD1T6gwpMG5re3ap6ep52_1TVZ1-L7n1AQTMXBIJKT1PBm67bIMd0CXc1funR3cwiCu_HV-kHSi2bEqgk/s1600/35.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">The ping test suggests that we have full connectivity.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIXimdMMZ5lU3Fv6qx1YmGiAcmj7rpGhUIQH316TPQIl10HF8rRnDxnTuxLgP9OGfRpvTWI2XfKroXtdgpfTfJQXr_ObmsNooqMvmaSx7yAM5-5K3l-xM3C5V4W-qcKLAbUxn3jR66b8s/s1600/36.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIXimdMMZ5lU3Fv6qx1YmGiAcmj7rpGhUIQH316TPQIl10HF8rRnDxnTuxLgP9OGfRpvTWI2XfKroXtdgpfTfJQXr_ObmsNooqMvmaSx7yAM5-5K3l-xM3C5V4W-qcKLAbUxn3jR66b8s/s1600/36.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The traceroute confirms that there is an end to end LSP.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuLIlwmDztU3eGSEbA_gGOhQfn66l8oOIJLmuis6lMzzJFIFGiK6Mc-bjL0Ut9TCe4x1HkiSpBJffSJI7zE-6QLYo_pdrY8EpjTtz7UxsPHflN_eNNb9X6ReEhki-xzGLQLFSR4DHxqJY/s1600/37.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhuLIlwmDztU3eGSEbA_gGOhQfn66l8oOIJLmuis6lMzzJFIFGiK6Mc-bjL0Ut9TCe4x1HkiSpBJffSJI7zE-6QLYo_pdrY8EpjTtz7UxsPHflN_eNNb9X6ReEhki-xzGLQLFSR4DHxqJY/s1600/37.PNG" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">All good? not really. If we check the traceroute carefully we can see that the traffic actually traverse through SP1-RR (10.1.78.8) and then go the SP2-PE1. This is not an optimum path. The RR should not be in the data plane so how do we fix this?</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The reason traffic goes through the RR is because when RRs exchange VPNv4 prefixes, they update the next-hop IP and set it to their local loopback.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhycV4KcM3NeYQeo1AbovbtNHPc2Qv_UUItxL2fKZWFIAv4twXdoash7u7AofiTrXQQApizHpFNRPTz70NIyYFn1IkjV8hwl_J62a2Ov3cs3_7SFUi8WwNwCnkNUEDa227p3xdbTgXxAG0/s1600/38.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhycV4KcM3NeYQeo1AbovbtNHPc2Qv_UUItxL2fKZWFIAv4twXdoash7u7AofiTrXQQApizHpFNRPTz70NIyYFn1IkjV8hwl_J62a2Ov3cs3_7SFUi8WwNwCnkNUEDa227p3xdbTgXxAG0/s1600/38.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">As per the output above, the next-hop for the prefix 10.10.10.10 is set to 8.8.8.8 hence the traffic is forwarded to SP2-RR. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">There is a way we can change this behaviour. This can be done by applying the "next-hop-unchanged" command under vpnv4 address-family. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3KuUNrh8IfD8tqrKa2gv7AVJVO2GrE-OMgn-zT0qfPtUINjRMuNd1qGwtOLhNZUTVDehGPIHrdpw30wdiwl38hVptkGuA7hjYxcns2ZY6D2M0B-btrCCkpOZcNw23tW1WSltWMbdGNmg/s1600/39.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3KuUNrh8IfD8tqrKa2gv7AVJVO2GrE-OMgn-zT0qfPtUINjRMuNd1qGwtOLhNZUTVDehGPIHrdpw30wdiwl38hVptkGuA7hjYxcns2ZY6D2M0B-btrCCkpOZcNw23tW1WSltWMbdGNmg/s1600/39.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDA9lR6q7t3VnkvwNPpga4LQ1bIr6cIZ0-bMfy8OlZcP5awJe83Iw_s9UCr8ugMvl-OWW_nxmBQrZjl0PxGiG1W_vS-mJgpy1kHHIJ3MI5bHJKMhALZgv-5SLZhi1pr1yUIRCE5Xp0dCI/s1600/40.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDA9lR6q7t3VnkvwNPpga4LQ1bIr6cIZ0-bMfy8OlZcP5awJe83Iw_s9UCr8ugMvl-OWW_nxmBQrZjl0PxGiG1W_vS-mJgpy1kHHIJ3MI5bHJKMhALZgv-5SLZhi1pr1yUIRCE5Xp0dCI/s1600/40.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The next-hop for the prefix 10.10.10.10/32 is now changed to 9.9.9.9 (SP2-PE1).</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiolwpvH21HXfP0J9HdZawC28ghVlG5nEH_l9djsHNfCUHae_qT9TTvuNHFihu_hEZVbVaBXSyEWRB_xnNpXHOo9mVWzzSGGvxTG5P8avjAXPgVw3W0_vD_hcMUaAoMcCuYKQWM2wA4lAY/s1600/41.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiolwpvH21HXfP0J9HdZawC28ghVlG5nEH_l9djsHNfCUHae_qT9TTvuNHFihu_hEZVbVaBXSyEWRB_xnNpXHOo9mVWzzSGGvxTG5P8avjAXPgVw3W0_vD_hcMUaAoMcCuYKQWM2wA4lAY/s1600/41.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">However this route cannot be used as the next-hop is unreachable!! This router doesn't learn 9.9.9.9 through IGP. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">In this case we will have to advertise this prefix through ASBRs. Similarly we will also have to advertise 2.2.2.2 (SP1-PE1) prefix.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We will update the prefix lists on ASBRs to perform this change.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWCEy1cBR_rPvbrJQ2TDR3rbVZDM3bMAh0niTW91CsBh_npCFH6N-k0AmxgAvKkDg87-MWmr2IB3wMKw9Azn-9pry4qMWr4YZEMKe162FtIrFe65RLJkeA0DuHxt4CizgmiIDdiQwDtH4/s1600/42.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWCEy1cBR_rPvbrJQ2TDR3rbVZDM3bMAh0niTW91CsBh_npCFH6N-k0AmxgAvKkDg87-MWmr2IB3wMKw9Azn-9pry4qMWr4YZEMKe162FtIrFe65RLJkeA0DuHxt4CizgmiIDdiQwDtH4/s1600/42.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3Mb_j-6V1C0vWDtJtebnHL7RcZ6gJShDp12LNk-RvtlzC7uWp6QnDX8fiLSacz7WeoLZfiDfP60NlobgpIDAl2Zfo8GsOfI6hIzqL1_vrJGGXVFY7EVrfmgCrJgrDV_8vLAiADea4kw0/s1600/43.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3Mb_j-6V1C0vWDtJtebnHL7RcZ6gJShDp12LNk-RvtlzC7uWp6QnDX8fiLSacz7WeoLZfiDfP60NlobgpIDAl2Zfo8GsOfI6hIzqL1_vrJGGXVFY7EVrfmgCrJgrDV_8vLAiADea4kw0/s1600/43.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">After this change, we can see that SP1-RR has considered it as the best path.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOjX5mqSDHjlpYGfUe5x0f7X0F8MX2bqUE99GZmcyidQldy_9jKMnuqH_loCDnYitAI07Z5pQNj2cCO0GRrkC_KlC9MMJPwtVaXZP45B2tEV8wxmYK5VmTDpUW9HK1M7O2dZ46PWteauY/s1600/44.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhOjX5mqSDHjlpYGfUe5x0f7X0F8MX2bqUE99GZmcyidQldy_9jKMnuqH_loCDnYitAI07Z5pQNj2cCO0GRrkC_KlC9MMJPwtVaXZP45B2tEV8wxmYK5VmTDpUW9HK1M7O2dZ46PWteauY/s1600/44.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Now If we do the traceroute from CE1</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmRY__omuImpiRQn9eVqgehburGjoIfjAkDMCYK5wYaNmPOfjPpwAF0wmM7Pdo8Xt4FfEDjBJXDX5gXzg8RkLU4pk0-NltTjB-355_p6rcrDBmk-3Rux3d-ZG-ZX5nWXSw_3asQaHFqso/s1600/45.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmRY__omuImpiRQn9eVqgehburGjoIfjAkDMCYK5wYaNmPOfjPpwAF0wmM7Pdo8Xt4FfEDjBJXDX5gXzg8RkLU4pk0-NltTjB-355_p6rcrDBmk-3Rux3d-ZG-ZX5nWXSw_3asQaHFqso/s1600/45.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We can see that route reflector is not in the traffic path.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">If we analyse the traceroute, we can see that SP1-PE is using the VPN label assigned by SP2-PE. The transport label also points to the loopback (9.9.9.9) of SP2-PE.</span><br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAh0tPXpKvFldSr7gXghkxcZYChBX49CZu3yzLpc0LS5UtYGw65pgH7pItRWbwEZy_bdlUPfDIVL_4mk2Nn5YAQ4xNcS5CZfWmpip6ts-kZQwpd_o1WxZVrSY0J6XuMs1i4xmSCC-Xkkw/s1600/46.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAh0tPXpKvFldSr7gXghkxcZYChBX49CZu3yzLpc0LS5UtYGw65pgH7pItRWbwEZy_bdlUPfDIVL_4mk2Nn5YAQ4xNcS5CZfWmpip6ts-kZQwpd_o1WxZVrSY0J6XuMs1i4xmSCC-Xkkw/s1600/46.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5PVTmN___ZoxDt6xJ-6wZC1KY8aGS7KUJg_TV4HQtkISFojVuprJT0mECGj-nOmtDcJLCwMO1NMV_kiJOKoRoeFwTool6sOYW0k9VpYEovEY2UMeu4EaBfea_rfpQv9879ECUesdSQi4/s1600/47.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5PVTmN___ZoxDt6xJ-6wZC1KY8aGS7KUJg_TV4HQtkISFojVuprJT0mECGj-nOmtDcJLCwMO1NMV_kiJOKoRoeFwTool6sOYW0k9VpYEovEY2UMeu4EaBfea_rfpQv9879ECUesdSQi4/s1600/47.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9uioo18rqVvP4B_hJAalg1qPzvvNPZaKOFAbFMEXsLr1Dl4Xvr8vuUqnoq55-NEl0uvxoNUids8qa8erVjdw1Y-K4kqUtSetJdFk_ZGhOtQ4YIyBd3Rx43QWfbg2mOrIa0FhZXoApaA0/s1600/48.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9uioo18rqVvP4B_hJAalg1qPzvvNPZaKOFAbFMEXsLr1Dl4Xvr8vuUqnoq55-NEl0uvxoNUids8qa8erVjdw1Y-K4kqUtSetJdFk_ZGhOtQ4YIyBd3Rx43QWfbg2mOrIa0FhZXoApaA0/s1600/48.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">As we can see this implementation is not very straight forward. Service providers have to share the information of their </span><span style="font-family: Verdana, sans-serif;">internal </span><span style="font-family: Verdana, sans-serif;">networks to set this up hence it's not very popular in real world.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">More information on this can be found on </span><br />
<span style="font-family: Verdana, sans-serif;"><a href="http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_ias_and_csc/configuration/xe-3s/asr1000/mp-ias-and-csc-xe-3s-asr1000-book/mp-vpn-connect-ipv4.html">http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_ias_and_csc/configuration/xe-3s/asr1000/mp-ias-and-csc-xe-3s-asr1000-book/mp-vpn-connect-ipv4.html</a></span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com0tag:blogger.com,1999:blog-3934012154598313421.post-40667275724840705062015-08-13T17:25:00.004+01:002015-08-13T17:25:56.579+01:00Inter-AS MPLS VPN - Option B (VPNv4 EBGP between ASBRs)<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: Verdana, sans-serif;">So far we have seen the Inter-AS MPLS VPN using "back to back VRF" method. Even though it's a relatively easy method to implement, it has few drawbacks.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">This procedure doesn't require MPLS enabled on the link between ASBRs however it does not scale very well. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">There is another method in which ASBR's establish VPNv4 neighbourship, exchange MPLS labels and can maintain end-to-end LSP. It is know as "Option B".</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's see how it works. We are going to use the same topology as we used in last post.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBAv-1IIt4lbB_nkAy0YexwUakEM1uCuCCsLmrsol1jcb7B96ga1UbqvKJ4axJYVQjYieHoEt6v3MfTnzpI3fHCs10NPpgbB3A0QVdl_vpy3aNWzzVIC7x68a38_ujKqeAy8QGJWpQU4Y/s1600/Drawing1.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="353" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBAv-1IIt4lbB_nkAy0YexwUakEM1uCuCCsLmrsol1jcb7B96ga1UbqvKJ4axJYVQjYieHoEt6v3MfTnzpI3fHCs10NPpgbB3A0QVdl_vpy3aNWzzVIC7x68a38_ujKqeAy8QGJWpQU4Y/s640/Drawing1.jpg" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The IP addressing and the core routing remains the same. The only difference is the configuration on ASBR where I have removed the EBGP neighbourship statement and removed the local VRF configuration.</span><br />
<a name='more'></a><br />
<span style="font-family: Verdana, sans-serif;">Now the first step is to configure VPNv4 neighbourship between ASBRs.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGToXv1qM5jcoeZso_NwzeSy0Ht-Dem1CMfOdbjLz_Z4bVjM7k67e_iA0agWdMr9RliZNvGa2a65RvWxpRYDoCIdx3Dd8YgZwLmuRt0ovTWfc_TystkVjCASBocBDFq0vwl4d_w9BmZaM/s1600/1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGToXv1qM5jcoeZso_NwzeSy0Ht-Dem1CMfOdbjLz_Z4bVjM7k67e_iA0agWdMr9RliZNvGa2a65RvWxpRYDoCIdx3Dd8YgZwLmuRt0ovTWfc_TystkVjCASBocBDFq0vwl4d_w9BmZaM/s1600/1.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGOhvmxJtOR1b4-V3HX_QbZ4Q4D9C2nXlA-jZSfDk3mgaO43H2E_uAzVVWmddmt_QbE1-YIN2ZFLkou5jOh_JYmwhNw118euxhsrWZNv7_XJIm_sDcqcclGrhFuIxt18_7dVSUDLAkTo4/s1600/2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGOhvmxJtOR1b4-V3HX_QbZ4Q4D9C2nXlA-jZSfDk3mgaO43H2E_uAzVVWmddmt_QbE1-YIN2ZFLkou5jOh_JYmwhNw118euxhsrWZNv7_XJIm_sDcqcclGrhFuIxt18_7dVSUDLAkTo4/s1600/2.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We will now use BGP to forward MPLS label between ASBR. The way to achieve this is by configuring "mpls bgp forwarding" command under the interfaces.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnOmD29Pk5ZhEWO-aDpatI7irVyTkx576grib-PksK3n1IAXLjJxUH2G_FC8-6_H_J0j513AYB3PBOzZr2mPuF-O4Sy7b1jtd4qs2OQIzWv0RWx59YIG-M-SWv7JNuIRxTFwQ8OK-DGlo/s1600/3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnOmD29Pk5ZhEWO-aDpatI7irVyTkx576grib-PksK3n1IAXLjJxUH2G_FC8-6_H_J0j513AYB3PBOzZr2mPuF-O4Sy7b1jtd4qs2OQIzWv0RWx59YIG-M-SWv7JNuIRxTFwQ8OK-DGlo/s1600/3.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimzC4_YpNBVk_sxzHOnMClC4dqpRw4kSP6k2sNSAF774OCTGUwR-nW5SJGWUQcwF6fMWBmcnO0ToQhef1sPJ-_jpYqB3i8gbknLNVgE_jj59SLbg_JTngXgk3uZ2OafjWjU4IZN3pB-V0/s1600/4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimzC4_YpNBVk_sxzHOnMClC4dqpRw4kSP6k2sNSAF774OCTGUwR-nW5SJGWUQcwF6fMWBmcnO0ToQhef1sPJ-_jpYqB3i8gbknLNVgE_jj59SLbg_JTngXgk3uZ2OafjWjU4IZN3pB-V0/s1600/4.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">If we check the prefix received on ASBR, we can see that we are not receiving anything either from CE1 or ASBR2 !!!</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Why did we stop receiving the prefix 1.1.1.1/32 from CE1? </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The reason is that we removed the local VRF configuration. This is the default behaviour where if you don't have the VRF configured with appropriate RT values locally on the router then the relevant VPNv4 routes will be dropped.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">To overcome this issue, we will configure the command "no bgp default route-target filter" under the BGP process.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgM-kEjmGYX7ql2Kj0-xeRheX2FJ1ftWw2MuzlXDtOasMkjTKJw8j5c646SQlRC1eciwNMNz_fTCB2ksAr8uLDqKqVssZ1yyXfPyq29vS-sJRrR-LVB8g0RA2S-hQj3Nngp_xPhnoJRS0I/s1600/6.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgM-kEjmGYX7ql2Kj0-xeRheX2FJ1ftWw2MuzlXDtOasMkjTKJw8j5c646SQlRC1eciwNMNz_fTCB2ksAr8uLDqKqVssZ1yyXfPyq29vS-sJRrR-LVB8g0RA2S-hQj3Nngp_xPhnoJRS0I/s1600/6.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGUAjFP3K1IfUj1OmSTigOdSJYBW7PxLYMHZ91iG2hDXGU1-ulntAtUqvNP1THjv9dvGEjqi8lHVBoJBFWi5InwgGt6smZIrxz6u399_nah7LE2833BkYm1M1pYgVU-qaGKBUKBYVW8ko/s1600/7.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGUAjFP3K1IfUj1OmSTigOdSJYBW7PxLYMHZ91iG2hDXGU1-ulntAtUqvNP1THjv9dvGEjqi8lHVBoJBFWi5InwgGt6smZIrxz6u399_nah7LE2833BkYm1M1pYgVU-qaGKBUKBYVW8ko/s1600/7.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We can now see that we have received the prefixes from our own AS and also from ASBR.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixOehPoBYG_VwDUZrqaUOZ5cE5G5jNFkr0n0VcTIE2ffV0D8_3YjKjUtM0U5JnsGixiceMC5fL8x6HBCbFunfC80w6qFxu2d1sHPJfpC6s_ENKKjMkxVvnziGy5VNRoAzlIaS6EKqv3So/s1600/8.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixOehPoBYG_VwDUZrqaUOZ5cE5G5jNFkr0n0VcTIE2ffV0D8_3YjKjUtM0U5JnsGixiceMC5fL8x6HBCbFunfC80w6qFxu2d1sHPJfpC6s_ENKKjMkxVvnziGy5VNRoAzlIaS6EKqv3So/s1600/8.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgNraMpxbv9U0q7ypo9S9jxrOc8Sp-oqMNqrzgucrqA57925nRQ8eCo0sV-WVJkwKMLkfYm3iGNfHnB3sgG2lb3MLRJbBmJAwmWlf3dGQ6xGYZY3DIFWaWbLPEv4in96b6hnrhKJO97BY/s1600/9.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgNraMpxbv9U0q7ypo9S9jxrOc8Sp-oqMNqrzgucrqA57925nRQ8eCo0sV-WVJkwKMLkfYm3iGNfHnB3sgG2lb3MLRJbBmJAwmWlf3dGQ6xGYZY3DIFWaWbLPEv4in96b6hnrhKJO97BY/s1600/9.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Now let's check if these VPNv4 prefixes are advertised to the SP1-PE1 and SP2-PE2 or not.</span><br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWR-kKm_8myQmImvUM3naks8kpoXZ0rmESL2J45Ua-3VoN00xzdf9pEp3lFsb-4HYbC4EoCIiSa0Mwj9vyOuGjt9CgIgYvlZXMvDl2NYFUlKCtzTaj_5VfvUvnCLtFVmR9wga_OOnJIwo/s1600/11.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWR-kKm_8myQmImvUM3naks8kpoXZ0rmESL2J45Ua-3VoN00xzdf9pEp3lFsb-4HYbC4EoCIiSa0Mwj9vyOuGjt9CgIgYvlZXMvDl2NYFUlKCtzTaj_5VfvUvnCLtFVmR9wga_OOnJIwo/s1600/11.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8dFnw4oN1-A-ZSZMukYw5mzn8o3GNZUISCcqKV2Kr5IDjA4MG4tFDJZPIPHsu6VXHgbFibmHq42dqCzZRJHrjnJwHCH4yTVpdZXH73IeUNzv3-HvYtFyrPC13WkWy6RF-SEW29guMBEs/s1600/12.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8dFnw4oN1-A-ZSZMukYw5mzn8o3GNZUISCcqKV2Kr5IDjA4MG4tFDJZPIPHsu6VXHgbFibmHq42dqCzZRJHrjnJwHCH4yTVpdZXH73IeUNzv3-HvYtFyrPC13WkWy6RF-SEW29guMBEs/s1600/12.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">So the PEs only shows the routes learned from connected CE routers! So what could be the problem?</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Remember that the route-target value configured for both the VRFs are different. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We have to import/export the value on at least one PE routers. I will import/export RT 100:100 on SP2-PE1.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWhqW9Y5cpNJNRfZmdLJGjoc3z0eTFV-K7s8fJk1qyHg0iEN7sJdOhp3emb24rinZvpxUPznUfJ-jpTODpcHkjKwf-JFEfJskvYyig5nHZmnlse_P6BMFkWGTJuIZ1D9kwIAcO5-ZKRRc/s1600/13.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhWhqW9Y5cpNJNRfZmdLJGjoc3z0eTFV-K7s8fJk1qyHg0iEN7sJdOhp3emb24rinZvpxUPznUfJ-jpTODpcHkjKwf-JFEfJskvYyig5nHZmnlse_P6BMFkWGTJuIZ1D9kwIAcO5-ZKRRc/s1600/13.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">As a result of this, we can now see that both the PEs have started learning both the prefixes.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQIDcAP7ojuvS4Jqj6hHmGrzjE4hcLD6Jp5xzzQ018NIsEjMmKACA3dBGqBEyfipEgKb5ssFB8y8C-GuKDPtc-b1_HTq_c2Km9DzSM43HPJvmRyIsIZt3xiUMpvhkch1gNRaOlMjYrEFQ/s1600/14.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQIDcAP7ojuvS4Jqj6hHmGrzjE4hcLD6Jp5xzzQ018NIsEjMmKACA3dBGqBEyfipEgKb5ssFB8y8C-GuKDPtc-b1_HTq_c2Km9DzSM43HPJvmRyIsIZt3xiUMpvhkch1gNRaOlMjYrEFQ/s1600/14.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjSOjbVIqfqhfJvC3vltEBTradENlkBW_q23ao6JpdUZS-7QF8oSw_qsrjvMszgJDRazJgySN-bbq8yryoluMUP5QQEPM0Fyzrf0hAiSlcBAJcktYvFNKxbleXDhOWkjsLqE6WWzBX4jc/s1600/15.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjSOjbVIqfqhfJvC3vltEBTradENlkBW_q23ao6JpdUZS-7QF8oSw_qsrjvMszgJDRazJgySN-bbq8yryoluMUP5QQEPM0Fyzrf0hAiSlcBAJcktYvFNKxbleXDhOWkjsLqE6WWzBX4jc/s1600/15.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">We can see that even though the prefixes have been learned by PEs, they don't appear as "best" routes.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj89gE9-NURLsfN5YIXvGkC-eOrZYHWAJXwxX0rWkNgd0WxFOarSSlD2idnqo0HDj1_cmf8yFLPv0ZTrbFYBzb7tOV_vf8ASE66-euuO7XHeYoKAw4xJ6AxS2c9BZ25hjom9HsQeSL_kuU/s1600/16.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj89gE9-NURLsfN5YIXvGkC-eOrZYHWAJXwxX0rWkNgd0WxFOarSSlD2idnqo0HDj1_cmf8yFLPv0ZTrbFYBzb7tOV_vf8ASE66-euuO7XHeYoKAw4xJ6AxS2c9BZ25hjom9HsQeSL_kuU/s1600/16.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;">The above output shows the reason behind it.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The ASBRs advertise the routes to PE routers, they do not change the next-hop-value hence the route learned by SP1-PE1 shows next-hop as 10.1.45.5 and the route learned by SP2-PE shows next-hop as 10.1.45.4. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The link between ASBRs (10.1.45.0/24) is not advertised into any IGP so PE router's mark the next=hop as inaccessible.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">One way to resolve this issue is by advertising the subnet of this link (10.1.45.0/24) into IGP of both service provider networks. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The other way to do this is by setting next-hop-self on ASBR toward the PE router. We will use this method here.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfZtF8shgyZMzLtFDcOawk_9R7cB8VwuAls-8Byu8gpdr2EFNnkTA62UKxwJcatmo58XGu2EWr0rfEO6ybi4UPAXuziKcwLkTSmWB3CrgfKfgEWG57eaB79FCHA3vKpY_-r06-avZETFQ/s1600/17.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfZtF8shgyZMzLtFDcOawk_9R7cB8VwuAls-8Byu8gpdr2EFNnkTA62UKxwJcatmo58XGu2EWr0rfEO6ybi4UPAXuziKcwLkTSmWB3CrgfKfgEWG57eaB79FCHA3vKpY_-r06-avZETFQ/s1600/17.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWOTxp9aLZFjK8nH6Th6lLcdC08Re6u0V_tme9nQJUvl9Y6YM9EYv9sgiFhELTRP04Qsjhi9AacOs3yXIPGm995zNUoy7qMdhJ5REzqlyCO6T-cFRI1xvcdUhJmvHkcyjggwz9UTTnUCU/s1600/18.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWOTxp9aLZFjK8nH6Th6lLcdC08Re6u0V_tme9nQJUvl9Y6YM9EYv9sgiFhELTRP04Qsjhi9AacOs3yXIPGm995zNUoy7qMdhJ5REzqlyCO6T-cFRI1xvcdUhJmvHkcyjggwz9UTTnUCU/s1600/18.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Now we can see that the routes are marked as "best".</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCHqrgo1CPtsxI2by17yHDAm_4G5hnb6Xi99wXIeazI9WUFQ48BulMxaNBI3tT8l__P7CpxfS7Jm7u4yyhANg3rC3pxL66TWVtbnVSF_g9ppi0xfhflPALMlNHOkw49s1iqFUeelKTWA0/s1600/20.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCHqrgo1CPtsxI2by17yHDAm_4G5hnb6Xi99wXIeazI9WUFQ48BulMxaNBI3tT8l__P7CpxfS7Jm7u4yyhANg3rC3pxL66TWVtbnVSF_g9ppi0xfhflPALMlNHOkw49s1iqFUeelKTWA0/s1600/20.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWbfJ8w0-nKwtAElGzy9HzYTjzEFIvBAcAIvF7J4D1R4ghpvP8OSnxEnqyipzJdVS6DH9ul9lvcuQQA6nJqNCDmlrvEhu_Hhvg85jfM2lKOurjlycoFLTeLIJHBkeCwsX_b-tlHtf2uSw/s1600/19.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWbfJ8w0-nKwtAElGzy9HzYTjzEFIvBAcAIvF7J4D1R4ghpvP8OSnxEnqyipzJdVS6DH9ul9lvcuQQA6nJqNCDmlrvEhu_Hhvg85jfM2lKOurjlycoFLTeLIJHBkeCwsX_b-tlHtf2uSw/s1600/19.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">So let's check the routing table of CE1 and CE2.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWmgTSGnYOGG5KLMNWZur2wdEw2c7cNTP49ABxZrjGEfG6sP6XD7wA7mehpWKBY4Cm-l37oZeAtK5fjiLXtLv0gxf555u34KVAF3Dq85jnPPEYnu4XqyMLlQ7W1G_ADJx1EzIWYncGtSY/s1600/21.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWmgTSGnYOGG5KLMNWZur2wdEw2c7cNTP49ABxZrjGEfG6sP6XD7wA7mehpWKBY4Cm-l37oZeAtK5fjiLXtLv0gxf555u34KVAF3Dq85jnPPEYnu4XqyMLlQ7W1G_ADJx1EzIWYncGtSY/s1600/21.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOId5BsejxlFZyKV8MScBhiGdFx_sZO-Qmh7-uo7_pQUyHlNAcYqqsJdXjFpTjrHjQVDUdPQqy3EoQCiuaqVaZtb5BgKAhfeO1lVEJT1iHGjshuoTOoO-2sAcLacsZOUB1uKv2Ei5mgFU/s1600/22.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOId5BsejxlFZyKV8MScBhiGdFx_sZO-Qmh7-uo7_pQUyHlNAcYqqsJdXjFpTjrHjQVDUdPQqy3EoQCiuaqVaZtb5BgKAhfeO1lVEJT1iHGjshuoTOoO-2sAcLacsZOUB1uKv2Ei5mgFU/s1600/22.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">A quick ping test confirms that the connectivity between loopbacks is working.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHX5-sEZ5CToszzvMHW24NE7I7Z4HwPaMLzzcnFkb1mxdON1OXEvtbSZ2NfaVLOuCKQQR_2F1emOUeH96Wjwhn5K3nXrGjB9xQfnObA876Yo4UdFv8s34blJpOl9zJlUWM3m0B2UmNlwk/s1600/23.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHX5-sEZ5CToszzvMHW24NE7I7Z4HwPaMLzzcnFkb1mxdON1OXEvtbSZ2NfaVLOuCKQQR_2F1emOUeH96Wjwhn5K3nXrGjB9xQfnObA876Yo4UdFv8s34blJpOl9zJlUWM3m0B2UmNlwk/s1600/23.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">The traceroute shows that there is an end-to-end LSP between SP1-PE1 and SP2-PE2.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBBy_cEPR9d07iI1xMTOSnATLUdNazqt9OpwEKyXtTnxclxJu-Erby2PPPYbWcDJVHFMy1LRsq0IbOEY1RAuR36sLrXbrbwog95zO_JgAEmeQl8BqIUroO_Y_PQ3OeA0R_KfzmrOIIkXM/s1600/24.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBBy_cEPR9d07iI1xMTOSnATLUdNazqt9OpwEKyXtTnxclxJu-Erby2PPPYbWcDJVHFMy1LRsq0IbOEY1RAuR36sLrXbrbwog95zO_JgAEmeQl8BqIUroO_Y_PQ3OeA0R_KfzmrOIIkXM/s1600/24.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">The thing to remember here is that the uses three different LSPs to reach at the destination.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4WIhv0IYm_AYHSkCWv_iptpPPmNbuJhN6SuMCO58f7Mdy0hzZPsgNoHCRbFLYYxXHDwxLonZPD-1Mk-nqHO_qFQFGQqCoquLfgpZwMGLou7yXshf2tz_DLZAkBeaJ5gSqFOCakmCA5Dg/s1600/Drawing2.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="353" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4WIhv0IYm_AYHSkCWv_iptpPPmNbuJhN6SuMCO58f7Mdy0hzZPsgNoHCRbFLYYxXHDwxLonZPD-1Mk-nqHO_qFQFGQqCoquLfgpZwMGLou7yXshf2tz_DLZAkBeaJ5gSqFOCakmCA5Dg/s640/Drawing2.jpg" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The "LSP1" is between SP1-PE1 and SP1-ASBR. If we look at the output from SP1-PE1, it shows the VPN label assigned for VRF is "20".</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgK0pQAI4Avdxcbb2wS53n_VqNwATJH-ZGFXpXo8cf2DHgn2vvD-z43C0QhVrAHGL6URlNXjr2JhZi7i01si_arFHTJoTuNC0yyBiqy8GHAkP_v2IbUJoeEGNVOiinq-gLEm01p_RYSpS8/s1600/25.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgK0pQAI4Avdxcbb2wS53n_VqNwATJH-ZGFXpXo8cf2DHgn2vvD-z43C0QhVrAHGL6URlNXjr2JhZi7i01si_arFHTJoTuNC0yyBiqy8GHAkP_v2IbUJoeEGNVOiinq-gLEm01p_RYSpS8/s1600/25.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;">The transport label to reach SP1-ASBR is "17"</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglp931WNeLKyzjpWluXFWeV34UeyIWiixXTG00Pr1PeyGJloLfuQtiIBDrU9gkHM7Qp2JpnijQFaU7eUtm2lSRgK9YAtfrKunmzLUeF7LopVzmh7t2TSSyRC07ypqW6KEefBOFbrYw-4Q/s1600/26.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglp931WNeLKyzjpWluXFWeV34UeyIWiixXTG00Pr1PeyGJloLfuQtiIBDrU9gkHM7Qp2JpnijQFaU7eUtm2lSRgK9YAtfrKunmzLUeF7LopVzmh7t2TSSyRC07ypqW6KEefBOFbrYw-4Q/s1600/26.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">This clarifies the first couple of hops of our traceroute output</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQxsI_TsZZy7fEM-FDcKsQ57DAe2d71bk7S_YWI0vevuhj9pj0pKXe8U52SJADBrCnBhjPCzObrRwa30756aMVJZR9JKFw2Spg-VGuUx7kOOPH5MvzK6xycubkuLrKGqIwRqmYbr59dVg/s1600/27.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQxsI_TsZZy7fEM-FDcKsQ57DAe2d71bk7S_YWI0vevuhj9pj0pKXe8U52SJADBrCnBhjPCzObrRwa30756aMVJZR9JKFw2Spg-VGuUx7kOOPH5MvzK6xycubkuLrKGqIwRqmYbr59dVg/s1600/27.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;">The packet now hits SP1-P and it remove the transport lable "17" under the PHP process and ends up with a single label "20".</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXWwu7GxSZXmFGAaqPkIXSkCf5Z9VTzacavqXrCVP3JRSDBKyV_V_5dKZdi_O_zhhGKu02zHkKrkYE75ha_RK-Bge_fViZFq5g_A6Qw-9tIRjkobz0PnnnUC4HxZGf-yqnEf36hYx2CfQ/s1600/28.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXWwu7GxSZXmFGAaqPkIXSkCf5Z9VTzacavqXrCVP3JRSDBKyV_V_5dKZdi_O_zhhGKu02zHkKrkYE75ha_RK-Bge_fViZFq5g_A6Qw-9tIRjkobz0PnnnUC4HxZGf-yqnEf36hYx2CfQ/s1600/28.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Packet is then forwarded to SP1-ASBR where the LSP 1 ends.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The "LSP2" is between SP1-ASBR and SP2-ASBR.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvz64m3jTLyX9bd2P2c_3M859OLkAErQX5SOzvEkBy1-aYpk52_p5C1OywpF-fVWcJ6_sHrm657kCpS-pLGS47QTBujhrqOAHRvrrHZ5-HezPRKgvf9AwUv0ex_hdH_b0oYcJQ9HWEvmM/s1600/29.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvz64m3jTLyX9bd2P2c_3M859OLkAErQX5SOzvEkBy1-aYpk52_p5C1OywpF-fVWcJ6_sHrm657kCpS-pLGS47QTBujhrqOAHRvrrHZ5-HezPRKgvf9AwUv0ex_hdH_b0oYcJQ9HWEvmM/s1600/29.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">On SP1-ASBR the label "20" is swapped with "23" and the packet is passed onto SP2-ASBR.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Step 4 of the traceroute confirm this.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizHRUudZqf9Chp2tBwdEduh7DYsHHlZdghyEdRPnWgRPaecSKe5i21bMYg7DHvm0vlFnHKLl8TTkY9H9Xc9LT6BbT5pQyfFBxsKeBFO_ymO_gEwnCOmQteFKqVah3jN4WhqZDCcmZ6Mk4/s1600/30.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEizHRUudZqf9Chp2tBwdEduh7DYsHHlZdghyEdRPnWgRPaecSKe5i21bMYg7DHvm0vlFnHKLl8TTkY9H9Xc9LT6BbT5pQyfFBxsKeBFO_ymO_gEwnCOmQteFKqVah3jN4WhqZDCcmZ6Mk4/s1600/30.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br />This is where "LSP2" ends and "LSP3" begins.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The "LSP3" is between SP2-ASBR and SP2-PE1.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKwxNgzA5Zs5Wwz4rcloKcsqFO7ZtFr04_Ri43Z6cCmBuBfsAsVWOjOYIYzFcny0AXPx2IPzyF9YphO-eQSvTyGml7ti6hd5SPcFCl6mh1adIGqAfBadTUNUb-RbMEFfj7jwTiVKZJxoY/s1600/32.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKwxNgzA5Zs5Wwz4rcloKcsqFO7ZtFr04_Ri43Z6cCmBuBfsAsVWOjOYIYzFcny0AXPx2IPzyF9YphO-eQSvTyGml7ti6hd5SPcFCl6mh1adIGqAfBadTUNUb-RbMEFfj7jwTiVKZJxoY/s1600/32.PNG" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4AnNT9rGd7FarBjP4Qap2QVAP2uWacbU0WMZZSwGMOFesaLmhI5lw3z5KbK-JzCIIVS0FzfDQhZcds8Y3EkyMiehk70zgT2kiNG2Uhn5IZqOWug4C_H1cWabVEzVkJsQc1RfQfoe_PY4/s1600/31.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4AnNT9rGd7FarBjP4Qap2QVAP2uWacbU0WMZZSwGMOFesaLmhI5lw3z5KbK-JzCIIVS0FzfDQhZcds8Y3EkyMiehk70zgT2kiNG2Uhn5IZqOWug4C_H1cWabVEzVkJsQc1RfQfoe_PY4/s1600/31.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">As per the output from SP2-PE1, the VPN label assigned for VRF "RED" is "20" hence SP2-ASBR swaps the label "23" with "20" and uses transport label "16" to reach SP2-PE1. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFs1eXMf6PQ2QenvpouYbGmOxGE5scJU2Ty0Pz3Chh-arSNZnDcbl6JVF6E6Z_AjhmeXTMs3G4MDvwXsFmQGqe-7nh0Q4AGN2bMKJSv0AJS7k2IhmNclqTmqkSsDoaWEpAWs2c6Q1W7do/s1600/33.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFs1eXMf6PQ2QenvpouYbGmOxGE5scJU2Ty0Pz3Chh-arSNZnDcbl6JVF6E6Z_AjhmeXTMs3G4MDvwXsFmQGqe-7nh0Q4AGN2bMKJSv0AJS7k2IhmNclqTmqkSsDoaWEpAWs2c6Q1W7do/s1600/33.PNG" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<span style="font-family: Verdana, sans-serif;">When the packet hits SP2-P, it removes the transport label "16" under the PHP process and forward the packet to SP2-PE1. The PE router then removes the VPN label and pass IPv4 packet to CE2.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">If we would have redistributed the link between ASBRs (10.1.45.0/24) in the IGPs then we would have ended up with 2 LSPs.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">More information on this can be found here </span><br />
<span style="font-family: Verdana, sans-serif;"><a href="http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_ias_and_csc/configuration/xe-3s/asr1000/mp-ias-and-csc-xe-3s-asr1000-book/mp-vpn-connect-asbr.html">http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_ias_and_csc/configuration/xe-3s/asr1000/mp-ias-and-csc-xe-3s-asr1000-book/mp-vpn-connect-asbr.html</a></span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com9tag:blogger.com,1999:blog-3934012154598313421.post-69343650025643990392015-08-07T16:05:00.002+01:002015-08-07T16:08:44.515+01:00Inter-AS MPLS VPN - Option A (Back to Back VRF)<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: Verdana, sans-serif;">We have seen how standard L3 MPLS works in the previous post <a href="http://ciskonetwork.blogspot.co.uk/2015/03/layer-3-mpls-vpn.html.">http://ciskonetwork.blogspot.co.uk/2015/03/layer-3-mpls-vpn.html.</a> </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">In normal implementation, customer sites are served by a single service provider. The PE routers maintain an IBGP session and the routing information gets exchanged through VPNv4 neighbourship.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">What if two customer sites are connected through different service providers? The PE routers of each service provider will not be able to establish IBGP neighbourship with each other hence won't be able to exchange VPNv4 routes.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">There are mainly three ways to handle this type of a situation. One of three methods is called "Option A - Back to Back VRF".</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhji-C1-A1nkTX5-zOcuQ5gRpASXRbx2yUIwNoo_9rGoqG4_DEMaR6N9drNleSRUF_V7vTdU-Q4Q_ENwxtViuLTI2NWXYVJt8FH4Lk-InK7-Z6YOqOJezqoJWuoLQCUyu1TDeRNNBAul1s/s1600/Drawing1.jpg" imageanchor="1" style="clear: left; display: inline !important; margin-bottom: 1em; margin-right: 1em; text-align: center;"><img border="0" height="354" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhji-C1-A1nkTX5-zOcuQ5gRpASXRbx2yUIwNoo_9rGoqG4_DEMaR6N9drNleSRUF_V7vTdU-Q4Q_ENwxtViuLTI2NWXYVJt8FH4Lk-InK7-Z6YOqOJezqoJWuoLQCUyu1TDeRNNBAul1s/s640/Drawing1.jpg" width="640" /></a><br />
<a name='more'></a><br />
<span style="font-family: Verdana, sans-serif;">As depicted in the diagram, we have two service providers SP1 and SP2 with BGP AS number 100 and 200 respectively. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">CE1 is connected to SP1 PE device and CE2 is connected to SP2 PE device. The SP1-P and SP2-P are normal P routers in the core. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">SP1 is running OSPF as IGP and SP2 is using ISIS.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">SP1 and SP2 peer with each other through a boundary router shown as SP1-ASBR and SP2-ASBR.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's first check the config of CE1 and CE2.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhB4sOawXML_6g4RB4Qsz7y2Xh1yls2a36aXfdKvvIxTUF0SM82I1WZcHx0t6oZ8swnBc9IWJxpL-OpUq_Y1hvl9EyqHTeOBmoHry1WDBM95DP71MFH1j5RegzeMTv6Uw9tLLySybWNmqs/s1600/1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhB4sOawXML_6g4RB4Qsz7y2Xh1yls2a36aXfdKvvIxTUF0SM82I1WZcHx0t6oZ8swnBc9IWJxpL-OpUq_Y1hvl9EyqHTeOBmoHry1WDBM95DP71MFH1j5RegzeMTv6Uw9tLLySybWNmqs/s1600/1.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilPchNdd4dPDQCCv7D2MFzKG8en7G3-Eg8cEmoStOcYUzDhyphenhyphencJgeWuOsVKLdbw0aivxhdCh2JSMs0Z-5crRy2lpmIS4jh_ybU8BQh_3UW0SQWjOCoc4pBkcmuOZW38ijw4_MQqfqUTnf8/s1600/2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEilPchNdd4dPDQCCv7D2MFzKG8en7G3-Eg8cEmoStOcYUzDhyphenhyphencJgeWuOsVKLdbw0aivxhdCh2JSMs0Z-5crRy2lpmIS4jh_ybU8BQh_3UW0SQWjOCoc4pBkcmuOZW38ijw4_MQqfqUTnf8/s1600/2.PNG" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhx4HM295kMFa3hhl6kW6mEgGi9irjoD4r8UpZIR794GFvLm-EuOUDEMVXt4eMmLrlX2zj1dMCSSRL1tUbGQ64c4sw1vaL14EDIVtPPRaSd_AGldgFwkJH8KPS2qtA74mxXVFNFY1S1GAE/s1600/3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhx4HM295kMFa3hhl6kW6mEgGi9irjoD4r8UpZIR794GFvLm-EuOUDEMVXt4eMmLrlX2zj1dMCSSRL1tUbGQ64c4sw1vaL14EDIVtPPRaSd_AGldgFwkJH8KPS2qtA74mxXVFNFY1S1GAE/s1600/3.PNG" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhF5ukaPTLgoIn3QMIOc3usiMo2p_CdmuhjTR9HwyFPT8KqTpatl4wkqFCyTPa3dRFzbijLyJOybJSzYRJSPG-TtQxrAmcHJMbxGjlhBIArIxkBhJt5XTEMs8o4jyGBz7dXu7vd3b2xQvo/s1600/4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhF5ukaPTLgoIn3QMIOc3usiMo2p_CdmuhjTR9HwyFPT8KqTpatl4wkqFCyTPa3dRFzbijLyJOybJSzYRJSPG-TtQxrAmcHJMbxGjlhBIArIxkBhJt5XTEMs8o4jyGBz7dXu7vd3b2xQvo/s1600/4.PNG" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">CE1 and CE2 has standard EBGP neighbourship with corresponding PE routers. There is a loopback on each CE which is advertised through the BGP process. Our aim is to establish reachability between loopback IPs. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">On the SP1-PE1, we have configured a VRF named "BLUE". The interface connecting to CE1 is part of this VRF and we have configured BGP neighbourship with CE1.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaA8E6bDX3owzAwgFt03seoCoD3eSK3_0luG0tQJlPTIcFO8p-6IyVxElZv3vybmCKwRiZ-_h_hN_g0R_Yy8k5wImaGOGPcG42kxG9S4qCmI6BlSdO-UqPsiJC1t7rZfjAh9n4WNWf_qc/s1600/19.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaA8E6bDX3owzAwgFt03seoCoD3eSK3_0luG0tQJlPTIcFO8p-6IyVxElZv3vybmCKwRiZ-_h_hN_g0R_Yy8k5wImaGOGPcG42kxG9S4qCmI6BlSdO-UqPsiJC1t7rZfjAh9n4WNWf_qc/s1600/19.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpYwc4_BoejWQkjtnleOLwUXr__8e6A6epi4OLfQIuzhPyivfZ6y_xsXJkRkUxpITT67bjs9xHXGDWo4jDkza5x5orONS0pC0HS7FAy-c82Gh23YaNYmXujiljOlv7WTxpBiy7zdmmTng/s1600/6.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpYwc4_BoejWQkjtnleOLwUXr__8e6A6epi4OLfQIuzhPyivfZ6y_xsXJkRkUxpITT67bjs9xHXGDWo4jDkza5x5orONS0pC0HS7FAy-c82Gh23YaNYmXujiljOlv7WTxpBiy7zdmmTng/s1600/6.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3oDQ8t-3pmBRTfLth-2xGc5-Pc-PWLkFB4D5oKXDTcpRXnmQRCPuHCE6zMZmJ3fJ2Orz6WHPpon3rakEPKzHVCzDZubSSwP5mADMm_6EO7oO_4RV_csKr2sHVogk9mufOOk1dAxHojow/s1600/5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3oDQ8t-3pmBRTfLth-2xGc5-Pc-PWLkFB4D5oKXDTcpRXnmQRCPuHCE6zMZmJ3fJ2Orz6WHPpon3rakEPKzHVCzDZubSSwP5mADMm_6EO7oO_4RV_csKr2sHVogk9mufOOk1dAxHojow/s1600/5.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We can also see that SP1-PE1 receives the loopback prefix 1.1.1.1/32 from CE1.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEw0gEQ0L8UmMqTYdiJ5lOdoVIfQcYXYLJ707MCsOrN-DU_QVv0wEuF2ygwQj6-bpp8AYC2LWJ8OZBVONdAA58Po2hNqAeKmsY09YBRCdMujWLLxrBJuLGcrCe1L9kRXzImJGp_zyHEQA/s1600/7.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEw0gEQ0L8UmMqTYdiJ5lOdoVIfQcYXYLJ707MCsOrN-DU_QVv0wEuF2ygwQj6-bpp8AYC2LWJ8OZBVONdAA58Po2hNqAeKmsY09YBRCdMujWLLxrBJuLGcrCe1L9kRXzImJGp_zyHEQA/s1600/7.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Similarly on SP2-PE1, we have configured a VRF named "RED" and established BGP neighbourship with CE2. PE router is learning the loopback 8.8.8.8/32 from CE2.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_6Ivk4CGWZPcGqYqr7krULMaqzQHhprqhvdFbx9rCJ8otABTYrVv21gGQiNij51WwSJgn_UPpfbAHxVrJUrIoyaJbY4nzOtK3Jyjt-h5SvId1p4gZC32wJR8zidneXhfWuf652OFHXC0/s1600/8.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_6Ivk4CGWZPcGqYqr7krULMaqzQHhprqhvdFbx9rCJ8otABTYrVv21gGQiNij51WwSJgn_UPpfbAHxVrJUrIoyaJbY4nzOtK3Jyjt-h5SvId1p4gZC32wJR8zidneXhfWuf652OFHXC0/s1600/8.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjq9mvveGbMJyJazWnltBi_0m7Y7CXnRFqExYf0wops0dOGEHC8yhxPu4HQau7V4zlsC3EtkS7LYVfxpBgojRQSKiB7RE3wafsLU6QxJuHzBOyZKbu4OR32sXePHMRu2_09iUsvmbHEPwI/s1600/9.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjq9mvveGbMJyJazWnltBi_0m7Y7CXnRFqExYf0wops0dOGEHC8yhxPu4HQau7V4zlsC3EtkS7LYVfxpBgojRQSKiB7RE3wafsLU6QxJuHzBOyZKbu4OR32sXePHMRu2_09iUsvmbHEPwI/s1600/9.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPt3qTy7wtyHWW0LEtx_tvDQKM4ZCA7mYU16lFDoW6H5raFvepXqE04QZ9p1FMpER3Ljohpj3l2uMVHllchqLjfxthS9ooFMjlk2Cxl0lyBT3RCrYId1hH7t1-kvyrUTlIOWWqKqTEIlM/s1600/10.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPt3qTy7wtyHWW0LEtx_tvDQKM4ZCA7mYU16lFDoW6H5raFvepXqE04QZ9p1FMpER3Ljohpj3l2uMVHllchqLjfxthS9ooFMjlk2Cxl0lyBT3RCrYId1hH7t1-kvyrUTlIOWWqKqTEIlM/s1600/10.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">In normal MPLS L3 VPN, we would have to configure VPNv4 neighbourship between both the PEs and advertise the routes. However in this case, the PEs are in different Autonomous system so that's not possible.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">As shown in the diagram, SP1-ASBR and SP2-ASBR are on the edge of service provider network so we have to consider them as the PE devices where the end customer connects.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's establish VPNv4 neighbourship between SP1-PE and SP1-ASBR.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We need to configure loopback on SP1-PE1 and SP1-ASBR and advertise into OSPF as well.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWASsnm42NFsdc4BJJEoupO8uMQDpAw1pUY9z19DbGJW47EUXUE6nci52GMC-7uYLF7JTr6e66uKuwu6vGJYhkjcecY13m3Wr7RMOSImEtbfsvAPy6m6_cWwPq9TKuFsVljp3qbEdkwhg/s1600/16.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWASsnm42NFsdc4BJJEoupO8uMQDpAw1pUY9z19DbGJW47EUXUE6nci52GMC-7uYLF7JTr6e66uKuwu6vGJYhkjcecY13m3Wr7RMOSImEtbfsvAPy6m6_cWwPq9TKuFsVljp3qbEdkwhg/s1600/16.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiROE03M5sHzWFU7X2HR-LsHJsPauIsBD3xm_saQaYO-3BlE-DPCCTckRILh6hLQ-6iXN6sL_WiS9GBuTtx3nIK5Y8SBC6ekATvJJrCCwy4-gPiGAM8rEDApqvlVyGZran4W_5MoUEhraI/s1600/11.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiROE03M5sHzWFU7X2HR-LsHJsPauIsBD3xm_saQaYO-3BlE-DPCCTckRILh6hLQ-6iXN6sL_WiS9GBuTtx3nIK5Y8SBC6ekATvJJrCCwy4-gPiGAM8rEDApqvlVyGZran4W_5MoUEhraI/s1600/11.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihQLSSztR5F3h5rK9e2gkJeyxtFORqEhFEGPC7T59Rrxp9CxhvRw3tX_L1p-vhDm1Fg6WGParq2HDjFnvG4uSjIJoRTZ8mcFCKvVE7PtPrfwp_zCSs32_M8Y6K9Dg1tO2ebGjgazMNWQM/s1600/12.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihQLSSztR5F3h5rK9e2gkJeyxtFORqEhFEGPC7T59Rrxp9CxhvRw3tX_L1p-vhDm1Fg6WGParq2HDjFnvG4uSjIJoRTZ8mcFCKvVE7PtPrfwp_zCSs32_M8Y6K9Dg1tO2ebGjgazMNWQM/s1600/12.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We also have to configure VRF "Blue" with appropriate RT values on SP1-ASBR.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkSt1xV14PGmi48QelRBgGTTGJ4OqVwRoRH4oSlp-C64fudheIkK3NvoYfvuJibV2AtgOrBCuAGrbd9YIfgsjBlfUCR2Lqyt-m7zcvL_5qlUTEzn413CnbTHBeNwcFS0RGWMuWFpiBH6U/s1600/18.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjkSt1xV14PGmi48QelRBgGTTGJ4OqVwRoRH4oSlp-C64fudheIkK3NvoYfvuJibV2AtgOrBCuAGrbd9YIfgsjBlfUCR2Lqyt-m7zcvL_5qlUTEzn413CnbTHBeNwcFS0RGWMuWFpiBH6U/s1600/18.PNG" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">Now we will configure VPNv4 neighbourship and advertise the customer routes.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiq_yhTFdaN3qp46H39Ts4f29EvDEc3j9TdUlNFKNcPrKZSugSg7kn42Lf3lS6W-DckJIOJn6nIai-HQa_Q2leyTLO2Dw-m1_H-4YQQJ7gKFxzFbPaq5sCKpyVyYVajxWOfPNWbvt3xYUw/s1600/14.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiq_yhTFdaN3qp46H39Ts4f29EvDEc3j9TdUlNFKNcPrKZSugSg7kn42Lf3lS6W-DckJIOJn6nIai-HQa_Q2leyTLO2Dw-m1_H-4YQQJ7gKFxzFbPaq5sCKpyVyYVajxWOfPNWbvt3xYUw/s1600/14.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgH-J8SZGbrTtZWDwxbfiTYs-DumMAeetXsMO7iDwjcuSiK_VXSjrvfvWAG-f6fmTJy4WmwU1tq8kBmRdK3HBEATdpdp6c3OZJtTAEWxkVOVrfcmi2LXYj9gAyAlSeuX33zI_bLO92brBA/s1600/15.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgH-J8SZGbrTtZWDwxbfiTYs-DumMAeetXsMO7iDwjcuSiK_VXSjrvfvWAG-f6fmTJy4WmwU1tq8kBmRdK3HBEATdpdp6c3OZJtTAEWxkVOVrfcmi2LXYj9gAyAlSeuX33zI_bLO92brBA/s1600/15.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">SP1-ASBR has now started learning the customer prefix 1.1.1.1/32.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimaqoHwslTSGEgZHwmpz4E1D2-XQle7Ig64cfs3osrSdN7ffZAGVDvsAZmc8WxYCUoewv3MWh0kAnIutMSzxg18rFgJ7RxufOhwmi87y3TxXSFNuO60D47-QkNKcgSt17uAKrQfPGzaoc/s1600/17.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimaqoHwslTSGEgZHwmpz4E1D2-XQle7Ig64cfs3osrSdN7ffZAGVDvsAZmc8WxYCUoewv3MWh0kAnIutMSzxg18rFgJ7RxufOhwmi87y3TxXSFNuO60D47-QkNKcgSt17uAKrQfPGzaoc/s1600/17.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Similarly we need to configured devices in SP2 network.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's create VRF "RED" on SP2-PE1, assign the interface facing CE2 in the VRF, establish BGP neighbourship and make sure the prefix 8.8.8.8/32 is learned via BGP.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgysQksoU27judd0ztywUCfirH-si7wmZTnhtvxRYWq3Un7E6lv6h8NNI5lo9XixVK1PXyilNn-mhk9QTjX1ppUb11TnEngLOCe6MDifpZrMffgx_Q7nmFIDiP7L1eC4zSPhwdjJkI_prs/s1600/20.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgysQksoU27judd0ztywUCfirH-si7wmZTnhtvxRYWq3Un7E6lv6h8NNI5lo9XixVK1PXyilNn-mhk9QTjX1ppUb11TnEngLOCe6MDifpZrMffgx_Q7nmFIDiP7L1eC4zSPhwdjJkI_prs/s1600/20.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDq0Er8Ze4EquRynreGdpMkV46Dje86pNY-2Aht-uMiPU1k2hN4MkdrA1jUxc-nmW_AljI4f0dpDFiBiJm6DRr2LJAx3nYh1n-WRb7Mb-aAlotaCbSKVPoPDlX9K2NDM2vgumD8RFmgqs/s1600/21.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDq0Er8Ze4EquRynreGdpMkV46Dje86pNY-2Aht-uMiPU1k2hN4MkdrA1jUxc-nmW_AljI4f0dpDFiBiJm6DRr2LJAx3nYh1n-WRb7Mb-aAlotaCbSKVPoPDlX9K2NDM2vgumD8RFmgqs/s1600/21.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfMALFl8zLpAeENq6iUq5IG-ZDFJEXCrVWcb1EACG9PU8OEMoN2yMzUpckGiDt34y4VtnsyVtKXDDTSUEXU1KokU22k89jW8cLVFVW3GZcUV85FdBsIUXz1-IXqLh_E28iy0svGMmMEqU/s1600/22.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfMALFl8zLpAeENq6iUq5IG-ZDFJEXCrVWcb1EACG9PU8OEMoN2yMzUpckGiDt34y4VtnsyVtKXDDTSUEXU1KokU22k89jW8cLVFVW3GZcUV85FdBsIUXz1-IXqLh_E28iy0svGMmMEqU/s1600/22.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZIZPnhz-v2ZLzOZnHhFLHe_PSyn14qOfbd3A_kv8aN7EbS_A2u3rgX6ONAt7-a8tFpL-7o-v-RZLQWnY6LLxWC0nHDGviqseoczuNuYymnztLRdqgBbX2mZcEX8CDfUyxOoMqKpyYMH8/s1600/23.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZIZPnhz-v2ZLzOZnHhFLHe_PSyn14qOfbd3A_kv8aN7EbS_A2u3rgX6ONAt7-a8tFpL-7o-v-RZLQWnY6LLxWC0nHDGviqseoczuNuYymnztLRdqgBbX2mZcEX8CDfUyxOoMqKpyYMH8/s1600/23.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: Verdana, sans-serif;">We need to establish the VPNv4 neighbourship between SP2-PE1 and ASBR-P2 as we did for SP1.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">First create the loopback on both the routers and enable ISIS.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbGFo3v2HiWJuC-Uyki2DRzzibmZC3DGxn_8TCSu_1olcsUicBhYh8u1KOylGSfDG-u4XBPM2mFTukJWRMFTO4uEymk_x097U2KnDboDmh1pIeIC9YpOqB5ew_TvRaWfPLNUzdTTQ0mC0/s1600/25.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbGFo3v2HiWJuC-Uyki2DRzzibmZC3DGxn_8TCSu_1olcsUicBhYh8u1KOylGSfDG-u4XBPM2mFTukJWRMFTO4uEymk_x097U2KnDboDmh1pIeIC9YpOqB5ew_TvRaWfPLNUzdTTQ0mC0/s1600/25.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKDnx-w45zkVJAaXjbngk5oGEZNijVsGNuXBJaE52AK_NrSyt3Wk4I9-NAtAQNk-FOXx7jR81g6gTQS6LqO1XF6G4HEWLORsqAF913v-Og3159nEBHdVgLN8ErbbY7wYxFswr-pP3KJDc/s1600/26.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKDnx-w45zkVJAaXjbngk5oGEZNijVsGNuXBJaE52AK_NrSyt3Wk4I9-NAtAQNk-FOXx7jR81g6gTQS6LqO1XF6G4HEWLORsqAF913v-Og3159nEBHdVgLN8ErbbY7wYxFswr-pP3KJDc/s1600/26.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">Now configure VRF "RED" on SP2-ASBR.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwMwMUc6D5i-W7I7NZNghmPdYfV0EndgyC5KOnC76DkjncWqCxwzujUlq2GVowyVGCtNzzQZkg7lZLsq8Im0zbsPT255uTcAm3PPJep5dd2yGK3qA5gC-JeB3k9tGpZcD2plaeIuZ6TP8/s1600/29.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwMwMUc6D5i-W7I7NZNghmPdYfV0EndgyC5KOnC76DkjncWqCxwzujUlq2GVowyVGCtNzzQZkg7lZLsq8Im0zbsPT255uTcAm3PPJep5dd2yGK3qA5gC-JeB3k9tGpZcD2plaeIuZ6TP8/s1600/29.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Next step is to configure VPNv4 neighbourship.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgelN_F1859Rfl0oJJj7ZR1VZMPduWS2mRBW35QJw2oZe1_j5j8BrxtWW0-MVkSVA4_zxs4QJ5Tj2X8fehVc9XLRptTX-rHlgOwGf8MJqOXGNi_yCWVvqei09Kz4cLLvpKMlGSvO6lHrLE/s1600/27.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgelN_F1859Rfl0oJJj7ZR1VZMPduWS2mRBW35QJw2oZe1_j5j8BrxtWW0-MVkSVA4_zxs4QJ5Tj2X8fehVc9XLRptTX-rHlgOwGf8MJqOXGNi_yCWVvqei09Kz4cLLvpKMlGSvO6lHrLE/s1600/27.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaZ3Z8IBgmvX_4hWupUww9CIiLd8XHKFthIAjWGIxzFemfINz7KKLFP9LA-shRlT9UbVPSatnrx-MYR8ICqW33Wq9rmzEhwAPF5kvFAjA7JY-QQV6R68nkQp2KXBR70WR70akgshXo1qM/s1600/28.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiaZ3Z8IBgmvX_4hWupUww9CIiLd8XHKFthIAjWGIxzFemfINz7KKLFP9LA-shRlT9UbVPSatnrx-MYR8ICqW33Wq9rmzEhwAPF5kvFAjA7JY-QQV6R68nkQp2KXBR70WR70akgshXo1qM/s1600/28.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">SP2-ASBR has started learning the customer prefix 8.8.8.8/32.</span><br />
<br />
<span style="font-family: Verdana, sans-serif;"></span><br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: Verdana, sans-serif;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCQ-imL1vvsw7QSpV2E4DpeRjwdV6EeoMaGzJycyx1Nqwx3sIS0M-85B8xLpv2buYcgdnLM-ThdDEo4k5WGls2Oi2xccZs0VeLNW_XQ94caYout7JSK7CP5b7NAaRN75ch7p9LzQeQrEc/s1600/30.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCQ-imL1vvsw7QSpV2E4DpeRjwdV6EeoMaGzJycyx1Nqwx3sIS0M-85B8xLpv2buYcgdnLM-ThdDEo4k5WGls2Oi2xccZs0VeLNW_XQ94caYout7JSK7CP5b7NAaRN75ch7p9LzQeQrEc/s1600/30.PNG" /></a></span></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">In "Option A", the ASBR router treats the connected service provider router as customer device so from SP1 prospective SP1-ASBR will act as the PE and SP2-ASBR will act as the CE and vice versa.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">If there are multiple customers (multiple VRFs), we can configure subinterfaces to exchange the routing information for each customer.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">In this scenario, let's use VLAN 100. We will configure sub interface on both the ASBR routers and put them under the appropriate VRF.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgy_eHMA94Yy9iqj3SwLBLawulrtPEuCgQ5dOo-q1oN751YdfDOe8FnLEMyhhaNH8_NqY_3LfuhqpjsRznBRmPE7clE2jMDtKPzdG8pDK8oxth9CmtR1rY6erYE-_8ig7RjhAgBmzxvDS0/s1600/31.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgy_eHMA94Yy9iqj3SwLBLawulrtPEuCgQ5dOo-q1oN751YdfDOe8FnLEMyhhaNH8_NqY_3LfuhqpjsRznBRmPE7clE2jMDtKPzdG8pDK8oxth9CmtR1rY6erYE-_8ig7RjhAgBmzxvDS0/s1600/31.PNG" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVGryusNo6t7CpkfOlJtM1nsaQIsSnIuV47vnWNALdxzmXsaCKhEoLO9raAzYQ2zH2RLrJsnYNg1c5VrJSA9pUytQAhafYYJk1fjhjgZC2DV61ggoECU_5YjN3RUJcG7n5wdaMoAqAQ0A/s1600/32.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVGryusNo6t7CpkfOlJtM1nsaQIsSnIuV47vnWNALdxzmXsaCKhEoLO9raAzYQ2zH2RLrJsnYNg1c5VrJSA9pUytQAhafYYJk1fjhjgZC2DV61ggoECU_5YjN3RUJcG7n5wdaMoAqAQ0A/s1600/32.PNG" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmONdq-el_ipeliLt4No5Hshp1pcNpRLuaA45-Bs9LlvuAXjvlGGQWeBLXv-xF2KMwnuAkYkU-7dmqBb00ruYg5DHgi-DjN8Z4erdHr8G6id6652tIGCN7MmT19tJLmoM8kRO6s8I2JTQ/s1600/33.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmONdq-el_ipeliLt4No5Hshp1pcNpRLuaA45-Bs9LlvuAXjvlGGQWeBLXv-xF2KMwnuAkYkU-7dmqBb00ruYg5DHgi-DjN8Z4erdHr8G6id6652tIGCN7MmT19tJLmoM8kRO6s8I2JTQ/s1600/33.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">Just like any PE-CE routing, we can now run any IGP or BGP to exchange the routing information.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's use standard BGP here.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiM9Y-RF9z5O986d0CcEOhGrVhUJQqcKecgLVZ91IojdQRkIq2lWGxVgrNr9VhdFMHdIthgFlchkCeThdvCK-eR-2n8LIayrP8TMHn2fIi5AQo96RZgmWdfJq-JzgJZn2rhVuWn68i49L8/s1600/34.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiM9Y-RF9z5O986d0CcEOhGrVhUJQqcKecgLVZ91IojdQRkIq2lWGxVgrNr9VhdFMHdIthgFlchkCeThdvCK-eR-2n8LIayrP8TMHn2fIi5AQo96RZgmWdfJq-JzgJZn2rhVuWn68i49L8/s1600/34.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaaf-AMewN5OnFfDrUJ7_A1skjmfp278-spAnhBbFFMAmUdbD2ByZnxrlt0tK2JxATznlQJq7bNAtR7jjAwJ_hUw8cKgnc2HNM7G_OsLvXAlinuqdp-ERX3JYkISxsofkXsltI_NYMWWg/s1600/35.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaaf-AMewN5OnFfDrUJ7_A1skjmfp278-spAnhBbFFMAmUdbD2ByZnxrlt0tK2JxATznlQJq7bNAtR7jjAwJ_hUw8cKgnc2HNM7G_OsLvXAlinuqdp-ERX3JYkISxsofkXsltI_NYMWWg/s1600/35.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">ASBRs have started exchanging routing information.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgFqIf6Tu8JdzJzxKU9iDO-3uTKSOmy0l8hg4IddX2ngQA4shB5SWgu34DeTa4FmNSMUlGKOKjjxiD9lkkRcUIaMEdaYwo3haOMUidP4UZ6CPjPKAX-YNZV-IacKMovqDlHjFFvFdz7bk/s1600/36.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhgFqIf6Tu8JdzJzxKU9iDO-3uTKSOmy0l8hg4IddX2ngQA4shB5SWgu34DeTa4FmNSMUlGKOKjjxiD9lkkRcUIaMEdaYwo3haOMUidP4UZ6CPjPKAX-YNZV-IacKMovqDlHjFFvFdz7bk/s1600/36.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9T-HtzkcIDmUML1ebNxSotfnAA28UdW4AMh-aZ34c0vss_EuO73siXe-IcpYHDXXf_y73nus3cZACed2ssHsqjei9uiWzxG9wdsoYRB53RqhWu5SRQwiOolPBtYIuhE-J0K11X1XRO80/s1600/37.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9T-HtzkcIDmUML1ebNxSotfnAA28UdW4AMh-aZ34c0vss_EuO73siXe-IcpYHDXXf_y73nus3cZACed2ssHsqjei9uiWzxG9wdsoYRB53RqhWu5SRQwiOolPBtYIuhE-J0K11X1XRO80/s1600/37.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">These routing updated should have been passed onto the CE1 and CE2.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-dbfL86Ob7G3CRlRJIwSQLdeZ82CF3am6tms5oiLTzoxCfbzWm3BU2TVdBuFilexcD-qFutBstRa-O-QJ0Bezpb05bwF0Vb8TLy1vCOHeQDYLnchIZDdQ6JObKuHDhRp_s98TzsIamKY/s1600/38.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-dbfL86Ob7G3CRlRJIwSQLdeZ82CF3am6tms5oiLTzoxCfbzWm3BU2TVdBuFilexcD-qFutBstRa-O-QJ0Bezpb05bwF0Vb8TLy1vCOHeQDYLnchIZDdQ6JObKuHDhRp_s98TzsIamKY/s1600/38.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhksaG7Nre7rzZNG7R_8BD50_lwGZ0ZgLN-NSfb9EfqIB3aNY6bO3Hw5TEmeUD8307HWJSqnnHSRIzlV-JXxgIf9wKFLl6IrnclCQW6s7ibg4bT5nVSJBsq0iP8G8HuluBs1xtewmqZVM4/s1600/39.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhksaG7Nre7rzZNG7R_8BD50_lwGZ0ZgLN-NSfb9EfqIB3aNY6bO3Hw5TEmeUD8307HWJSqnnHSRIzlV-JXxgIf9wKFLl6IrnclCQW6s7ibg4bT5nVSJBsq0iP8G8HuluBs1xtewmqZVM4/s1600/39.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We can now verify the connectivity end to end.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwXM0yneTrqIHWFM6Ps6BIFwVdjmahzvvQm_zL5EVo7rv_RE_hzX34lbTJy1NaXwy-yIAtTvsFUXmuvDI7vcsy8YHpPjckaf6e8pDxtyFvGN2gAicqRR-SiK3nWNgpBARCKLsVLs1CDNA/s1600/40.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwXM0yneTrqIHWFM6Ps6BIFwVdjmahzvvQm_zL5EVo7rv_RE_hzX34lbTJy1NaXwy-yIAtTvsFUXmuvDI7vcsy8YHpPjckaf6e8pDxtyFvGN2gAicqRR-SiK3nWNgpBARCKLsVLs1CDNA/s1600/40.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">"Back to back VRF" is the most simplest method to implement hence it's widely used in real world. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The drawback of this method is that there will be no end-to-end LSP as the ASBRs have standard IP connectivity i.e. MPLS is not enabled on the link between ASBRs.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Also for each and every customer, service provider will have to maintain a separate subinterface and the full routing table on the ASBR so scalability can be an issue. </span></div>
Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com1tag:blogger.com,1999:blog-3934012154598313421.post-61316413147667271312015-07-28T17:29:00.001+01:002015-07-28T17:29:01.845+01:00IPv6 NAT-PT<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: Verdana, sans-serif;">In the recent posts, we discussed how we can transport IPv6 traffic over IPv4 backbone using the tunneling techniques. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">These techniques will not work if we have one part of network which can only run IPv4 and the other part can only run IPv6. Since IPv4 and IPv6 are not compatible with each other, we have to use some sort of translation mechanism. The way we can achieve this is through NAT-PT (NAT protocol translation).</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's look at the below topology and see how NAT-PT can be implemented.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2TODtkpzzMO6s92GCGBF-KxUMDQnc1RznR5XptS5WOJJTyXw7gDIkvSY-avuPP4Tn8ZL30HX2ybVXKG0DEgHa8-LXlYtsOasc6lADv7R9WT4nd9qiiqjb9qWhhwkIacILPyHdm2Ym0-s/s1600/NAT-PT.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="143" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2TODtkpzzMO6s92GCGBF-KxUMDQnc1RznR5XptS5WOJJTyXw7gDIkvSY-avuPP4Tn8ZL30HX2ybVXKG0DEgHa8-LXlYtsOasc6lADv7R9WT4nd9qiiqjb9qWhhwkIacILPyHdm2Ym0-s/s640/NAT-PT.jpg" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">We have three routers R1, R2 and R3. We are running RIPng and RIPv2 between R1-R2 and R2-R3 respectively. R1 is only aware about IPv6 addresses, similarly R3 is only aware about IPv4 addresses.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Our goal is to establish reachability between the IPv6 loopback (2001:1111::1/128) of R1 to IPv4 loopback (3.3.3.3/32) of R3.</span><br />
<a name='more'></a><br />
<span style="font-family: Verdana, sans-serif;">R2 is our daul stack router which learns about both the loopbacks through RIP.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAC1xAWLoYPKRcVwvKQtcBWMehkksZjAwBPqQlSPF3siwOxm5XOVZWlh0weWpw80cyHWuC6ZHsq7hNtTlbWuwdkKHduJVqFIIMpmL2zcbL61RqrP1bDTdn5ll8So3kempgUFPy-M9Ps8o/s1600/1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAC1xAWLoYPKRcVwvKQtcBWMehkksZjAwBPqQlSPF3siwOxm5XOVZWlh0weWpw80cyHWuC6ZHsq7hNtTlbWuwdkKHduJVqFIIMpmL2zcbL61RqrP1bDTdn5ll8So3kempgUFPy-M9Ps8o/s1600/1.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxzsczg2HKtptjFj6DoUKxa-hRllKMAd4quhiUlhDE4AObxMboxHifR0esgIpy1wWBhAJuzRwcOaeIFhpZOKI2suhjm6CioZUApoAO3t-vTUMEEjtaRk2bBEdat5YUt7kjeRWhzL4RD6o/s1600/2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxzsczg2HKtptjFj6DoUKxa-hRllKMAd4quhiUlhDE4AObxMboxHifR0esgIpy1wWBhAJuzRwcOaeIFhpZOKI2suhjm6CioZUApoAO3t-vTUMEEjtaRk2bBEdat5YUt7kjeRWhzL4RD6o/s1600/2.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">so our first step is to enable NAT on both the interfaces of R2.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhd4KuFM51Tp56KZ08VUrxUMwbAAYo-TgQ-f2hNEYhzZqGCWPdinPyeo_NGUPu1iFYQqpjKqxTE3CNh_G1lKabCI1sxqwus7ikemScYeVKV9p01r_m3Znu_kLJ8kRzoXbgvUE1KD5gz3qc/s1600/3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhd4KuFM51Tp56KZ08VUrxUMwbAAYo-TgQ-f2hNEYhzZqGCWPdinPyeo_NGUPu1iFYQqpjKqxTE3CNh_G1lKabCI1sxqwus7ikemScYeVKV9p01r_m3Znu_kLJ8kRzoXbgvUE1KD5gz3qc/s1600/3.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;">The next step is to define the IPv6 prefix for NAT-PT. This range will be used to translate IPv4 address into IPv6 address. We will use 2000::/96.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxkqACo2RNHnUZu4PI8Amuldgsmxu1VsKQ-rxp0mHyp8wwqMQJDjF6fmrOKXekBcuKZMdS5cVCL-Oo1RDV8VQvNCLhXlDerYA249Qt2oO1jV9WhpB_Xp0CsMIqJpk-B3PtKBsiBpQCbzc/s1600/4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxkqACo2RNHnUZu4PI8Amuldgsmxu1VsKQ-rxp0mHyp8wwqMQJDjF6fmrOKXekBcuKZMdS5cVCL-Oo1RDV8VQvNCLhXlDerYA249Qt2oO1jV9WhpB_Xp0CsMIqJpk-B3PtKBsiBpQCbzc/s1600/4.PNG" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">Now Let's configure static NAT for R1's loopback. We want to use 1.1.1.1/32 as the IPv4 address for 2001:1111::1/128.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjv0xv4aOXiM7T5OcDkq3U8p9Qr_7egG2tk89iDRu9GmhU8P4azU1d8ITTi1nvOJl6bi3eaHu07zbNq_FxqG7vd3LvG1ZD7amEsWJBiJouEZZVFwBmBO4BUxNQSe1lEN8UfgSVFLk34W4o/s1600/5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjv0xv4aOXiM7T5OcDkq3U8p9Qr_7egG2tk89iDRu9GmhU8P4azU1d8ITTi1nvOJl6bi3eaHu07zbNq_FxqG7vd3LvG1ZD7amEsWJBiJouEZZVFwBmBO4BUxNQSe1lEN8UfgSVFLk34W4o/s1600/5.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br />The last step is to configure static NAT IPv6 address for R3's loopback (3.3.3.3/32). We are aware that we will use 2000::/96 range. To populate the full IPv6 address, we need to convert binary 3.3.3.3 to hexadecimal which is 0303:0303 so our IPv6 address is 2000::303:303/96.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRwrgLgSFDjBduy8PNSna2VakIHofAb80L4rQyyPk_FKxHaflDgG3xg8InJPs0AEaMWX_sukYsyTtUhcqOcY2BwGFBZIpIinc7RaBqGDXK-xiEY_tnX1LCM6Rvkv5ZgwHsTzvU8oqh1x8/s1600/6.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRwrgLgSFDjBduy8PNSna2VakIHofAb80L4rQyyPk_FKxHaflDgG3xg8InJPs0AEaMWX_sukYsyTtUhcqOcY2BwGFBZIpIinc7RaBqGDXK-xiEY_tnX1LCM6Rvkv5ZgwHsTzvU8oqh1x8/s1600/6.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">If we check the NAT translations in R2, we can see both the static NAT entries are present.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8dDS1fgQbeUTaXEdTKHK_qMYOJcpxjGQQcG1U0wzv_Dwm7DwuvzEsXXZr006OisCPlhs4882QD3J-qSpwwp1J3tIFHZLsHgR2swJ_-kv1-UgqRjNuDsZmh4hcKFWfVuDcfv5Bg9-PckY/s1600/7.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8dDS1fgQbeUTaXEdTKHK_qMYOJcpxjGQQcG1U0wzv_Dwm7DwuvzEsXXZr006OisCPlhs4882QD3J-qSpwwp1J3tIFHZLsHgR2swJ_-kv1-UgqRjNuDsZmh4hcKFWfVuDcfv5Bg9-PckY/s1600/7.PNG" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">Let's test the connectivity from R1 to R3.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4Wx-0jb1PjlBqYxPgB1brev7mCbgtU8IzhkMLA6WlZghw2-AGciQU_xQIpmKNXe-dO15teXuybkPBEJBEVixOsgicRcK17BPM6faz4tEj8UXk3ETr64QvKtHMhcs4QanTiM-rd_9lfDI/s1600/8.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi4Wx-0jb1PjlBqYxPgB1brev7mCbgtU8IzhkMLA6WlZghw2-AGciQU_xQIpmKNXe-dO15teXuybkPBEJBEVixOsgicRcK17BPM6faz4tEj8UXk3ETr64QvKtHMhcs4QanTiM-rd_9lfDI/s1600/8.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Vice versa from R3 to R1....</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkWwb1nq6a67LNe_8QXPkQ9j206TG-sJaroN2JYAXh0xcOTJ4Jl2vdaDREO02E_GfiwdEM8a3QbzGuR-G94yGdW535H_z9q90X2JySt7QRN-Z167H7n-ok8kuDTkE_RPJXLanAuiyMszI/s1600/9.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkWwb1nq6a67LNe_8QXPkQ9j206TG-sJaroN2JYAXh0xcOTJ4Jl2vdaDREO02E_GfiwdEM8a3QbzGuR-G94yGdW535H_z9q90X2JySt7QRN-Z167H7n-ok8kuDTkE_RPJXLanAuiyMszI/s1600/9.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;">The debug output from R2 shows NAT-PT in action.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidTD15NzUHjwwOHgZwLVeWuQpjMrPZGdf2kYveQZK6oj22jP62E4AnKq0iq2h9tTKt0cduhuXUZ6yQ1iT04my5OhyphenhyphenjOF-4YK_mfOFXs0rITBqy1UGfryKuhZpz1Av16ZG91B7CLsnO_JE/s1600/10.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidTD15NzUHjwwOHgZwLVeWuQpjMrPZGdf2kYveQZK6oj22jP62E4AnKq0iq2h9tTKt0cduhuXUZ6yQ1iT04my5OhyphenhyphenjOF-4YK_mfOFXs0rITBqy1UGfryKuhZpz1Av16ZG91B7CLsnO_JE/s1600/10.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">This example shows how static NAT-PT works. We can also configure dynamic NAT-PT for pool of addresses. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">More information can be found from<a href="http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/15-mt/nat-15-mt-book/ip6-natpt.html"> http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/15-mt/nat-15-mt-book/ip6-natpt.html</a></span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br /></div>
Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com0tag:blogger.com,1999:blog-3934012154598313421.post-49254108237688886392015-07-10T16:32:00.000+01:002015-07-10T16:32:10.226+01:00IPv6 tunneling over IPv4 - 6to4 Autotunnel<div dir="ltr" style="text-align: left;" trbidi="on">
I<span style="font-family: Verdana, sans-serif;">n the previous post, we looked at the IPv6 tunneling technique using IPv4 manual tunnels. We will now see how dynamic multipoint IPv6 tunnel works.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">6to4 tunnels allow for the dynamic creation of IPv6 within IPv4 tunnels. Manual tunnel is normally used as point-to-point however 6to4 tunnels can be point-to-multipoint.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The 2002::/16 range has been reserved to use for tunneling. We will have to add the IPv4 address into this range to generate /48 prefix. i.e. if the IPv4 address of the border router is 192.168.1.1 then the 6to4 site address prefix becomes 2002:C0A8:101::/48 (Convert 192.168.1.1 to Hex which results in C0A8:0101)</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We will work on the same topology we used in the previous post.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLj05xPcKZp4rUgNNJTohdc6Lt57CGqp9lxx2yVRxhDlHHgoR6yql7zNBO3Pl3v1on4zLi_WyjXnADig9vNeZVWtypsjzz4umu3ee2OUlcEN5PobnY0ug8stp4GvHGSfx2J6dcDEXllSw/s1600/ipv64+auto.gif" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="176" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLj05xPcKZp4rUgNNJTohdc6Lt57CGqp9lxx2yVRxhDlHHgoR6yql7zNBO3Pl3v1on4zLi_WyjXnADig9vNeZVWtypsjzz4umu3ee2OUlcEN5PobnY0ug8stp4GvHGSfx2J6dcDEXllSw/s640/ipv64+auto.gif" width="640" /></a></div>
<a name='more'></a><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<span style="font-family: Verdana, sans-serif;">so R1, R2 and R3 have IPv4 reachability through EIGRP. Our aim is to establish connectivity between loopback interfaces configured with IPv6 addresses on R1 and R3.</span><br />
<span style="font-family: Verdana, sans-serif;"><br />In order to build 6to 4 tunnel between R1 and R3, we have to create tunnel interfaces on each of them and make sure we configure appropriate IPv6 address that coordinates with underlying IPv4 address.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">On R1, the IPv4 address on the fastethernet0/0 interface is 10.1.12.1. We need to convert the decimal into hex which is A01:C01 so the IPv6 address is going to be 2002:A01:C01::/48. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">There is an easy way of generating the IPv6 prefix on IOS by using a specific command "ipv6 general-prefix".</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-8h4dZejf2lZw_LhtCD1BL2NbpR24sSm9dDhn_LBxYPiKHufb0zYbqWn5rzXuUN6Q32lywfTn7KgsoSk3uMlqJQclEkWC5t84hUFl8Q1NGOGcTSMqgx2NErskYwxY4D8uCvr6lQC0haI/s1600/1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-8h4dZejf2lZw_LhtCD1BL2NbpR24sSm9dDhn_LBxYPiKHufb0zYbqWn5rzXuUN6Q32lywfTn7KgsoSk3uMlqJQclEkWC5t84hUFl8Q1NGOGcTSMqgx2NErskYwxY4D8uCvr6lQC0haI/s1600/1.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglZ2cJBV8drlyNFro4R4R7uZ5fkcd10Uu0pvig7KxdOZ2s8xMIbN5QpThqFnUDLhAWdMcGjoS8-0jO64T578udWBI9J8QjHl-Ut0ZcGl6C13wBq0VFjF9x4GNMnXlWbbN1vN7GndSV16o/s1600/2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglZ2cJBV8drlyNFro4R4R7uZ5fkcd10Uu0pvig7KxdOZ2s8xMIbN5QpThqFnUDLhAWdMcGjoS8-0jO64T578udWBI9J8QjHl-Ut0ZcGl6C13wBq0VFjF9x4GNMnXlWbbN1vN7GndSV16o/s1600/2.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's configure tunnel interface on R1</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifIItYHA4-FeUN3_-lz1wUZF-SVTtxzxgQJ2PZi63xx8ZiMyUPJs4CdFnJpL6ISfmDo6D7opAevn2hJkR7YV1cpEQ5o_aWJ8FYm3c3fxmx0wukihKlwXSXvBoiWpcx_LpbFnghzvEdwU4/s1600/3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifIItYHA4-FeUN3_-lz1wUZF-SVTtxzxgQJ2PZi63xx8ZiMyUPJs4CdFnJpL6ISfmDo6D7opAevn2hJkR7YV1cpEQ5o_aWJ8FYm3c3fxmx0wukihKlwXSXvBoiWpcx_LpbFnghzvEdwU4/s1600/3.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">There is no tunnel destination as it will be dynamically determined by the embedded IPv4 address. We will also have to configure static route indicating that the tunnel will route all the 2002::/16 prefix.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicrgK-vEd9cORtGl_h7yJDXVPvulkXXoz74YxBy_OmXq5UCJ7CVYthAnb3S32EUIaALRL-GU5lloc8Ej_3Sd8rUIkHWVaFHqwxMz33wojucKQlDUgqN920t_TVc8A4xMPO915uAYilY5A/s1600/9.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEicrgK-vEd9cORtGl_h7yJDXVPvulkXXoz74YxBy_OmXq5UCJ7CVYthAnb3S32EUIaALRL-GU5lloc8Ej_3Sd8rUIkHWVaFHqwxMz33wojucKQlDUgqN920t_TVc8A4xMPO915uAYilY5A/s1600/9.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: Verdana, sans-serif;">Now let's do similar configuration on R3. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvXczl28zuLl6CFETFySJ_7rd0m2oLJ3F0R5aBuziDMo6JPsDJl9CSFsPFWvE7EnhthkFWECtm6pwUf1n-vID6nCygw2PM_BPWWWVtGPQniQ3UItihqQjecObmzgtFAHgBPSFzOX_0cHA/s1600/5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvXczl28zuLl6CFETFySJ_7rd0m2oLJ3F0R5aBuziDMo6JPsDJl9CSFsPFWvE7EnhthkFWECtm6pwUf1n-vID6nCygw2PM_BPWWWVtGPQniQ3UItihqQjecObmzgtFAHgBPSFzOX_0cHA/s1600/5.PNG" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGRuMKdwRUPKX3ztE5pr6As5UIcQhNoztROpHGwo3DIpBmdogbYBH7XxJfPNHQTQcLaA41bRVH6L7TOr-cgG8d7GYHjUzjhKRXpJtMLhg5QYJHSsppoZS_4ckpMFP3A31uMlgOd3Iom-U/s1600/6.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGRuMKdwRUPKX3ztE5pr6As5UIcQhNoztROpHGwo3DIpBmdogbYBH7XxJfPNHQTQcLaA41bRVH6L7TOr-cgG8d7GYHjUzjhKRXpJtMLhg5QYJHSsppoZS_4ckpMFP3A31uMlgOd3Iom-U/s1600/6.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHLeGrb89GwqG_k1QNZR41IViUOAiV-K9zMvmz0NCLPd4UEbpv-UqEUpqoUa3fta-ykyihPHl3gfqqVb7fNIjH5oDOWILj1c21rex4BiAi6wshQwk6-RdXoJSnFVtCYdZsoYewrmH230w/s1600/7.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHLeGrb89GwqG_k1QNZR41IViUOAiV-K9zMvmz0NCLPd4UEbpv-UqEUpqoUa3fta-ykyihPHl3gfqqVb7fNIjH5oDOWILj1c21rex4BiAi6wshQwk6-RdXoJSnFVtCYdZsoYewrmH230w/s1600/7.PNG" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8XhWgd4OP09Ypl8nKVeK3pAgH8Eil7B7Ie2J0kEkrXsEHP-vXd118FQvfzS5C6lPv1drTI-XAPqfNYNw0U3GW3AX8OwFTdQM6T30fADeCP6MOjMebA6yzI3UbB5HldcLD_YSiLiqL_wg/s1600/10.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8XhWgd4OP09Ypl8nKVeK3pAgH8Eil7B7Ie2J0kEkrXsEHP-vXd118FQvfzS5C6lPv1drTI-XAPqfNYNw0U3GW3AX8OwFTdQM6T30fADeCP6MOjMebA6yzI3UbB5HldcLD_YSiLiqL_wg/s1600/10.PNG" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">From R1, we can now ping R3's tunnel interface.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIcC8UFJ_YJ_W2Gs5ppl9FKvDmlNwT9fi0IUFPURY5x3rfUPu4HY9AF2I5facZSKNXs4Uyw6AU0tx3L85x-JouM9rt0lbT7ztOlTYXW_CEdsLv870cfAJ6JBCJqNp77xAUQUF9jo03Bok/s1600/11.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIcC8UFJ_YJ_W2Gs5ppl9FKvDmlNwT9fi0IUFPURY5x3rfUPu4HY9AF2I5facZSKNXs4Uyw6AU0tx3L85x-JouM9rt0lbT7ztOlTYXW_CEdsLv870cfAJ6JBCJqNp77xAUQUF9jo03Bok/s1600/11.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">This means that we can now configure static routes to reach loopback IPs by using tunnel IP addresses as the next hop.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The wireshark packet capture shows how destination IPv4 address gets derived from IPv6 address.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsRi0lzx6ClHqT2jQyCuXUVnFyg8lFsrvk-tnQXORbKgHhiipSJvWnfg3NPKn9_JlPOdPmIyhGPj3UmIXKZmocRnvQpjtfDMuUcQYWi1BnrtgnshJFNQvN_ZTBbll411jU7CxIbdrrSvs/s1600/15.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="271" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsRi0lzx6ClHqT2jQyCuXUVnFyg8lFsrvk-tnQXORbKgHhiipSJvWnfg3NPKn9_JlPOdPmIyhGPj3UmIXKZmocRnvQpjtfDMuUcQYWi1BnrtgnshJFNQvN_ZTBbll411jU7CxIbdrrSvs/s640/15.PNG" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Now on R1, we will configure a static route with destination as R3's loopback (2001:3333::3/128</span><span style="font-family: Verdana, sans-serif;">) with the next hop as R3's tunnel IP (2002:A01:1703::3).</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0_XaM_Lz62zUJt2XUQ08sIP7JpCYbPNMce4NjBZ7okHoHxQ2TcLE_ruwYcLYqre654BIBAoakOjR53-KaRmZVG5D8RnoTRKb7tUqNklr_0AgVFDV-6GVZHM6DUzZJpCbOHiCfpOZ1pEw/s1600/12.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0_XaM_Lz62zUJt2XUQ08sIP7JpCYbPNMce4NjBZ7okHoHxQ2TcLE_ruwYcLYqre654BIBAoakOjR53-KaRmZVG5D8RnoTRKb7tUqNklr_0AgVFDV-6GVZHM6DUzZJpCbOHiCfpOZ1pEw/s1600/12.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Similarly on R3, we will configure a static route with destination as R1's loopback (2001:1111::1/128) with the next hop as R1's tunnel IP (2002:A01:C01::1).</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXctX1bvO1OBUz1LV938Omidsd3cEMjUnH3E6geCdTionHij_nwOYcurZR-60Zy0ePDbKDPkzurF3u_TKbQa4Eneql-SGD5n5tNRYnQzNE8WKTObVqrFXwdO7euyFPoCokNOvVwfCHOVM/s1600/13.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXctX1bvO1OBUz1LV938Omidsd3cEMjUnH3E6geCdTionHij_nwOYcurZR-60Zy0ePDbKDPkzurF3u_TKbQa4Eneql-SGD5n5tNRYnQzNE8WKTObVqrFXwdO7euyFPoCokNOvVwfCHOVM/s1600/13.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We can now do end to end reachability test between Loopback interface of R1 and R3.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcb-ZXrKbyfdMboavkBcvwUWKkfpNqQf3RKzc8ElKd5sG7DWp0xOdN2KiAN3DxcFqAIxZGOzjwHb67_ROyBNlaTEjw24qtzGmpQOy2zFZ0VkcuLgfXPBUnSVT6gP7JQL8cGvv4ljbc7Z4/s1600/14.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcb-ZXrKbyfdMboavkBcvwUWKkfpNqQf3RKzc8ElKd5sG7DWp0xOdN2KiAN3DxcFqAIxZGOzjwHb67_ROyBNlaTEjw24qtzGmpQOy2zFZ0VkcuLgfXPBUnSVT6gP7JQL8cGvv4ljbc7Z4/s1600/14.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">What if there are multiple network connected to R1 and R3 and configuring static routes is not a feasible option?</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We cannot run an IGP between R1 and R3 as the tunnel interfaces are on different subnet! but we </span><span style="font-family: Verdana, sans-serif;">can still run BGP between between the routers and exchange routing information.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhH8p6F82MTjeqKqdePXXeZctRtEQiFomMBc4V4vxpbRm8Rdelo_OAggdLcQCdIHkS9pc2Q9p4ABYHiRKvFVyGYK0QXiL6-1vs11w9VG63dZuWRxsvUeEm10q050vE3OFpp1O6M4nBPoo8/s1600/18.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhH8p6F82MTjeqKqdePXXeZctRtEQiFomMBc4V4vxpbRm8Rdelo_OAggdLcQCdIHkS9pc2Q9p4ABYHiRKvFVyGYK0QXiL6-1vs11w9VG63dZuWRxsvUeEm10q050vE3OFpp1O6M4nBPoo8/s1600/18.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAPRbFPi-ez3Cn5wb6MMQxwTTKsmKp1X7oWyVHrDavgLSR5jY8q7eetIP_WJ92xqM8cDuLbGo4Oick-9A9-EVdt7-mPZbdy_ePNHo_ed6ZZ_8XRhbwdtoLh0NGQHbgZJjgRKqp5FSpwX0/s1600/19.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAPRbFPi-ez3Cn5wb6MMQxwTTKsmKp1X7oWyVHrDavgLSR5jY8q7eetIP_WJ92xqM8cDuLbGo4Oick-9A9-EVdt7-mPZbdy_ePNHo_ed6ZZ_8XRhbwdtoLh0NGQHbgZJjgRKqp5FSpwX0/s1600/19.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7B4Q3MFKI-6FVdnbx956NXb7UZ8kGIH5P6QKHVXIAwMS5S-cexqQaLBWPsaX31DpOhfyFCSi0zgdw-OfEIE6l_sdl4LufAAkMpqcrPHbJiCgF7yTXNzD1rIU48uDtioMzaiNd0Y3W9G4/s1600/20.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7B4Q3MFKI-6FVdnbx956NXb7UZ8kGIH5P6QKHVXIAwMS5S-cexqQaLBWPsaX31DpOhfyFCSi0zgdw-OfEIE6l_sdl4LufAAkMpqcrPHbJiCgF7yTXNzD1rIU48uDtioMzaiNd0Y3W9G4/s1600/20.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2tg1xwdIegExQ1lOMueJAfUBqYLBVkhNfWruxEPs036A42r_cxN76mOtTOvuLwtWDaXb7M3_6uncfZbwI40pE7Zst2XHF5OhUMlwtajPjAT9uBwg2W5hA3qpkDbAspNhCBssnm9kE00s/s1600/21.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2tg1xwdIegExQ1lOMueJAfUBqYLBVkhNfWruxEPs036A42r_cxN76mOtTOvuLwtWDaXb7M3_6uncfZbwI40pE7Zst2XHF5OhUMlwtajPjAT9uBwg2W5hA3qpkDbAspNhCBssnm9kE00s/s1600/21.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">R1's routing table now shows the prefix 2001:3333::3/128 learned via BGP.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6vv-kQxx774Md8chnBbtSviy8_lFQiCgSFmEfxcEIw61Kb42io-G2Rie9tIIffGhL-NxfFp3WT9ELT46Vf_U8fdB1JYSsp0TkNpjKZFe0XY0bHIEbVzgT4vOJv4magcLm265eNKq7_88/s1600/22.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6vv-kQxx774Md8chnBbtSviy8_lFQiCgSFmEfxcEIw61Kb42io-G2Rie9tIIffGhL-NxfFp3WT9ELT46Vf_U8fdB1JYSsp0TkNpjKZFe0XY0bHIEbVzgT4vOJv4magcLm265eNKq7_88/s1600/22.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We can also verify the end to end connectivity between loopbacks.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUk_mrXQnytX5Wk8bfhV6NYb11gANRgSWNyj4DdSBVFtJ059hcI3ULmUvIgNylQnifIfKrQ-F82Q86JN40_vbM160TCgAuIgQyRI8LTcDj1DxDjBt4guNsCfSTpoNIwta7M37psEES_ZA/s1600/23.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUk_mrXQnytX5Wk8bfhV6NYb11gANRgSWNyj4DdSBVFtJ059hcI3ULmUvIgNylQnifIfKrQ-F82Q86JN40_vbM160TCgAuIgQyRI8LTcDj1DxDjBt4guNsCfSTpoNIwta7M37psEES_ZA/s1600/23.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">More information on the various tunneling techniques can be found here </span><br />
<a href="http://www.cisco.com/c/en/us/td/docs/ios/ipv6/configuration/guide/12_4t/ipv6_12_4t_book/ip6-tunnel.html" style="font-family: Verdana, sans-serif;">http://www.cisco.com/c/en/us/td/docs/ios/ipv6/configuration/guide/12_4t/ipv6_12_4t_book/ip6-tunnel.html</a></div>
Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com0tag:blogger.com,1999:blog-3934012154598313421.post-90344057092350149522015-06-30T17:16:00.004+01:002015-06-30T17:19:01.239+01:00IPv6 tunneling over IPv4 - Manual Tunnel<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: Verdana, sans-serif;">We know that IPv4 and IPv6 addresses are not compatible with each other. Let's say the existing infrastructure is running on IPv4. If we need to implement IPv6 on few of the hosts, we need to use some sort of a technique for IPv6 hosts to communicate with each other using existing IPv4 network. </span><span style="font-family: Verdana, sans-serif;">One of the ways we can achieve this is by using a tunneling method.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">In this post we will see how we can implement "Manual Tunnel". </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">As shown in the diagram below, we have R1, R2 and R3 connected with each other. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQTrklWmHBHa5nFhOMjDtZypkBik-N8XFJlHiLKVYiH73rsCSsW1GckHtIm7teeW9jBSOrPglDypzqVNAJviX16GI2dZu18i33Y_J2c4bcFdyKguHtoyKRaF9x-BpuXHOETF3dFbvkG5g/s1600/Ipv6v4.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="176" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQTrklWmHBHa5nFhOMjDtZypkBik-N8XFJlHiLKVYiH73rsCSsW1GckHtIm7teeW9jBSOrPglDypzqVNAJviX16GI2dZu18i33Y_J2c4bcFdyKguHtoyKRaF9x-BpuXHOETF3dFbvkG5g/s640/Ipv6v4.jpg" width="640" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">All three routers are running EIGRP and there is an IPv4 reachability from R1 to R3.</span><br />
<a name='more'></a><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeQ_1-znFimE9NK0Zn8B6No1A101zdkkyZPjaPz9qvpxB41_qJdUkhtzRyh6-hWlVQq_9-zMygAF5i34BNnRznxN35idr8Yk1lvmhiP2xtXoGn9uW3cdGv7VNsa5oIZVy74oI4ZpeNrOE/s1600/1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeQ_1-znFimE9NK0Zn8B6No1A101zdkkyZPjaPz9qvpxB41_qJdUkhtzRyh6-hWlVQq_9-zMygAF5i34BNnRznxN35idr8Yk1lvmhiP2xtXoGn9uW3cdGv7VNsa5oIZVy74oI4ZpeNrOE/s1600/1.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">I will configure a new loopback interface on R1 and R3 and assign IPv6 address.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4OuDM0C9_uQCOgAfUHXtCoLiQle3TJybTJ2SK-Fu8m7eUWhHbcN2bKXL5nWKfnYMepA_rBDmxHUuL_Z-KhaxGQCJBuGCOkhAq_3-OFgUD6LSZ0TbjN4DsTtUKd9itv8pWStiOhfdEspI/s1600/2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="42" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4OuDM0C9_uQCOgAfUHXtCoLiQle3TJybTJ2SK-Fu8m7eUWhHbcN2bKXL5nWKfnYMepA_rBDmxHUuL_Z-KhaxGQCJBuGCOkhAq_3-OFgUD6LSZ0TbjN4DsTtUKd9itv8pWStiOhfdEspI/s400/2.PNG" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgArIfDoLOuj1D-_SwiW8R3L3MZgwUUOJFEPkvLnq7gnZgWzOdqmq6BvaEGJErLoppU63aMOI3DHuKKMuONxQRRO3-9Yr77IGwmLSA1QnVtebG9PcHJV-hJpJHZj9U9Q_0EkAGB8nkU_xk/s1600/3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="41" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgArIfDoLOuj1D-_SwiW8R3L3MZgwUUOJFEPkvLnq7gnZgWzOdqmq6BvaEGJErLoppU63aMOI3DHuKKMuONxQRRO3-9Yr77IGwmLSA1QnVtebG9PcHJV-hJpJHZj9U9Q_0EkAGB8nkU_xk/s400/3.PNG" width="400" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Our aim is to establish connectivity between these two loopbacks using the existing IPv4 network.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We will now configure tunnel interface on R1. We will configure an IPv6 address on the interface and set the source and destination of the tunnel.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgI_y_Tnh_FQAcs4xF6p7E-xkY7loAHpllhtHQYAPZjvFMOUCSQTAy_sY7Nnj28K63dtLmxO_jk6eZj4OmDcvyW8_1qNaJRnZkZ_46tJzj3KUnPYsLyqBl2BBxuGhkAQ74l3yNGdPTiU4s/s1600/4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="92" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgI_y_Tnh_FQAcs4xF6p7E-xkY7loAHpllhtHQYAPZjvFMOUCSQTAy_sY7Nnj28K63dtLmxO_jk6eZj4OmDcvyW8_1qNaJRnZkZ_46tJzj3KUnPYsLyqBl2BBxuGhkAQ74l3yNGdPTiU4s/s400/4.PNG" width="400" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The tunnel source is the local interface. The destination is IPv4 address of R3. By default the tunnel mode is GRE so we have change it to "ipv6ip" (RFC 4213).</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's apply similar config on R3.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhf04f4uBJU_M9AFSIxZ5-_S4HjNA_1pgcfYB2f4_wwinJaq9ui0YrDjugQNunrMP5JOL3MqV5_6lWnmgNJYDpOVV_nBEYN4-_LwWGi-8n6T8vq8oSltjpDXzYiBcKCVNuQ2ni1RhbdXQw/s1600/5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="94" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhf04f4uBJU_M9AFSIxZ5-_S4HjNA_1pgcfYB2f4_wwinJaq9ui0YrDjugQNunrMP5JOL3MqV5_6lWnmgNJYDpOVV_nBEYN4-_LwWGi-8n6T8vq8oSltjpDXzYiBcKCVNuQ2ni1RhbdXQw/s400/5.PNG" width="400" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We can test the connectivity between tunnel end points</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQA7NbZHWGeeRHG8FimkDPanLZUwLSiW_jyWyWDceWn8zp-lobqTEex60-V_wJ7RFA0I0m5t43VzAwz5YsWJDuirHWqPyY1c7xeyF35Z24NLViG6yytpV1ZFYMG7isWIiZ4SP1kfgDqBw/s1600/6.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQA7NbZHWGeeRHG8FimkDPanLZUwLSiW_jyWyWDceWn8zp-lobqTEex60-V_wJ7RFA0I0m5t43VzAwz5YsWJDuirHWqPyY1c7xeyF35Z24NLViG6yytpV1ZFYMG7isWIiZ4SP1kfgDqBw/s1600/6.PNG" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<span style="font-family: Verdana, sans-serif;">Here is the packet capture of one of ICMP packets</span></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAauBJN11MMLN0iqTCblVYHBQKDdYlSK-aqSs6WuPFBiuOKC52WIubVNvA1gykH65hVlqvNl-bx5M5Cz-BqouuU39XwHrXafDjdafYcyh1xzOZVZ2mwNe9efgxaaPYfr-7A40fB_AUr0I/s1600/8.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAauBJN11MMLN0iqTCblVYHBQKDdYlSK-aqSs6WuPFBiuOKC52WIubVNvA1gykH65hVlqvNl-bx5M5Cz-BqouuU39XwHrXafDjdafYcyh1xzOZVZ2mwNe9efgxaaPYfr-7A40fB_AUr0I/s1600/8.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;">We can see that the outer IP header consists of IPv4 source and destination addresses. IPv6 header is encpasulated within IPv4 header.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Now on R1 and R3, we will enable RIPng on tunnel interface and loopback interface. </span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7JIXOs_7W8jkvjhEFkjrO2sczQKWEoGLrGDmDmfSxhu9y47NMeDB-Ra_-ERObZLhRCgMiY9vK2xMT71ziQzwn5CwNYIcS8wS-6eqODSGiKQlTltlC_nr5-s_w7iQwGbZxh2_SDNTR-YY/s1600/9.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7JIXOs_7W8jkvjhEFkjrO2sczQKWEoGLrGDmDmfSxhu9y47NMeDB-Ra_-ERObZLhRCgMiY9vK2xMT71ziQzwn5CwNYIcS8wS-6eqODSGiKQlTltlC_nr5-s_w7iQwGbZxh2_SDNTR-YY/s1600/9.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGA9C3cogl6RzsKD89ONHO1Tw7Ruh97yq1Xag5Ci1Rhy81re0OSonaYIL3aTa7H26e1lDK3Z07PFhmL_j5nyfRQnUO5G2eqK8n3xi6mcwCOwxTRBs28qRbeDS_G4cBKViBT9JYLQ6sBI8/s1600/10.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGA9C3cogl6RzsKD89ONHO1Tw7Ruh97yq1Xag5Ci1Rhy81re0OSonaYIL3aTa7H26e1lDK3Z07PFhmL_j5nyfRQnUO5G2eqK8n3xi6mcwCOwxTRBs28qRbeDS_G4cBKViBT9JYLQ6sBI8/s1600/10.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;">
<br />R1 has now started receiving R3's loopback through RIPng.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_MM3E8i6tRFoF64lczWfj1n2EozSjUMkKQ1jns7znXqe7PnXVFa8t7blNfNJJ_1kZICx0FSUB4ASORtolxx_F9qtSpZ2c0TPZ2DPz8atb9UKDH1jtfuu_LLjZH1oyJVrTeSTw0I2EUj0/s1600/11.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi_MM3E8i6tRFoF64lczWfj1n2EozSjUMkKQ1jns7znXqe7PnXVFa8t7blNfNJJ_1kZICx0FSUB4ASORtolxx_F9qtSpZ2c0TPZ2DPz8atb9UKDH1jtfuu_LLjZH1oyJVrTeSTw0I2EUj0/s1600/11.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We can also see that the connectivity has been established.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiiT1-KC_eVYvp7WEcy6-iZDRQQalQULfkrVUnELhcwR6yW4fuo_MPZx-xoF4ym5bdSFYqh91GGbSEjzEnGEykXKMl14yeyW6BYYP6zjqL7wVNddQqlJp7s_vI2Qu4tfg91sKWkCDfi_Y/s1600/13.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiiT1-KC_eVYvp7WEcy6-iZDRQQalQULfkrVUnELhcwR6yW4fuo_MPZx-xoF4ym5bdSFYqh91GGbSEjzEnGEykXKMl14yeyW6BYYP6zjqL7wVNddQqlJp7s_vI2Qu4tfg91sKWkCDfi_Y/s1600/13.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br />We have used tunnel mode "IPv6IP" (manual tunnel) in this example. The same can be achieved using tunnel mode "GRE".</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The main difference is that GRE header is bigger in size and it can carry protocols other than IP e.g. if you want to carry IS-IS traffic and IPv6 over the tunnel then you will need protocol field of the GRE header to identify the traffic.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">In our next post we will see how we can configure dynamic IPv6 6to4 tunnel.</span><br />
<br /></div>
Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com0tag:blogger.com,1999:blog-3934012154598313421.post-80582549310321009482015-06-18T12:13:00.003+01:002015-06-18T12:13:56.351+01:00BFD (Bidirectional Forwarding Detection)<div dir="ltr" style="text-align: left;" trbidi="on">
<a href="https://www.blogger.com/blogger.g?blogID=3934012154598313421" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><span style="font-family: Verdana, sans-serif;">In this post, we will look into a feature called BFD (bidirectional forwarding detection). In normal routing protocol operation, the link failure is detected by using the hello/holddown/dead timers. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Depending on the routing protocol, you can lower the timers to achieve fast failure detection. e.g. in the case of OSPF the lowest dead time can be one second and one can set the hello interval as low as 50ms.</span><br />
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">However lowering these timers can result in higher CPU utilization. Also it will unnecessarily waste the link bandwidth. </span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">There is a better way of achieving fast failure detection through BFD. BFD is a UDP-based protocol that provides fast (in milliseconds) routing protocol independent detection of layer-3 next hop failures.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's see how it works. As shown in the diagram below, routers R1 and R2 are connected via Switch 1 and Switch 2. Both the routers are running OSPF and we can see the OSPF neighbourship is up.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgY9CFbl3y5_oRPalRmv89LvmkRKjj_Zccfnlny8_avSd4-8pesGYn1OvA_CAUir9nddQJC-02bHSISQC8jEO-L00xnaR9aiaruo0_qdXC9ubXe4hyA_wo992Tux255cJx-VGjBUS_7QUU/s1600/BFD.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="83" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgY9CFbl3y5_oRPalRmv89LvmkRKjj_Zccfnlny8_avSd4-8pesGYn1OvA_CAUir9nddQJC-02bHSISQC8jEO-L00xnaR9aiaruo0_qdXC9ubXe4hyA_wo992Tux255cJx-VGjBUS_7QUU/s400/BFD.jpg" width="400" /></a></div>
<a name='more'></a><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiToHXKMPC2yfwDJn36fWR7suL1VVYAujYkACgKU1DIuPl1vJPHihwwm5WJ_liMn-QzdVqNIiVhKvUPVVJ1ttWVCuk8LocBbeWYwYB9_-VlCDpbpu-yHPMB9UjOEPgGYp7ySpzpR3JNqqw/s1600/1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiToHXKMPC2yfwDJn36fWR7suL1VVYAujYkACgKU1DIuPl1vJPHihwwm5WJ_liMn-QzdVqNIiVhKvUPVVJ1ttWVCuk8LocBbeWYwYB9_-VlCDpbpu-yHPMB9UjOEPgGYp7ySpzpR3JNqqw/s1600/1.PNG" /></a></div>
<br /><span style="font-family: Verdana, sans-serif;"></span>
<span style="font-family: Verdana, sans-serif;">Now what if the link between SW1 and SW2 goes down? The connected interface of the routers are still up so the failure detection will rely upton the Hello & Dead timer of OSPF hence by default it will take around 40 seconds to detect the failure.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">If we want OSPF to detect the link failure faster, then one of the options is to decrease the hello/dead interval. In OSPF we can minimize the dead timer to be as low as one second. The corresponding Hello interval can be minimum of 50ms. </span><br />
<br />
<span style="font-family: Verdana, sans-serif;">Let's try that on on both the routers</span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhY648sigEKFfiUxoiO3hFjxgXdEfw3_4ZWpn1mPWt_N9Ce4g4Z4WS68oaR7Ph1SB_Qh_FcrKyLT_y69OwjkFK7igCZiwduHBd45Pr_YJPFlBf7bUzTpblswvKUghUy_NDsTb2UJq_qvs/s1600/2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhY648sigEKFfiUxoiO3hFjxgXdEfw3_4ZWpn1mPWt_N9Ce4g4Z4WS68oaR7Ph1SB_Qh_FcrKyLT_y69OwjkFK7igCZiwduHBd45Pr_YJPFlBf7bUzTpblswvKUghUy_NDsTb2UJq_qvs/s1600/2.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6N35cLNO4CEDvRYkGfSo5NHgfUUb_-IgGLXQ4Qt0QYHdLrMBWaAMq6hdqzSTPlfJW3JggXLojA4a7aaVAucknTaz7yAJpHRAQpoBtdpR6rGMVBtn_GjUvhAXMrvchItms89Ixee54WuM/s1600/3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6N35cLNO4CEDvRYkGfSo5NHgfUUb_-IgGLXQ4Qt0QYHdLrMBWaAMq6hdqzSTPlfJW3JggXLojA4a7aaVAucknTaz7yAJpHRAQpoBtdpR6rGMVBtn_GjUvhAXMrvchItms89Ixee54WuM/s1600/3.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgI4TOVWtpxw7l1_-8Vw0tphTbDkxxKyHK8az6bPbehGe-O3gzo_GwxlCVy5LJBQs9ougsXU4BcDS_SZ-NyB5SfNAAWMJt6wnfHqyT_ZzvZVuj7c9oo2qWtlwONlQrXefYkoP87gmjitx8/s1600/4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgI4TOVWtpxw7l1_-8Vw0tphTbDkxxKyHK8az6bPbehGe-O3gzo_GwxlCVy5LJBQs9ougsXU4BcDS_SZ-NyB5SfNAAWMJt6wnfHqyT_ZzvZVuj7c9oo2qWtlwONlQrXefYkoP87gmjitx8/s1600/4.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: Verdana, sans-serif;">However lowering the timers in OSPF can increase the CPU utilization of router. </span><br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_Yzf3VS7QQznNjvqC-uc-0R0Zp8mcjV_xNTqxXaUaD1rjio_fe8ieokHuZGbXWhAPFf27RR6d2RTB-_CH-bjCAw-sgH2OJPKCjZcf0pmkOrcMYx0ladNsaN9Zc_IQrBg34phM7bpqxg0/s1600/5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_Yzf3VS7QQznNjvqC-uc-0R0Zp8mcjV_xNTqxXaUaD1rjio_fe8ieokHuZGbXWhAPFf27RR6d2RTB-_CH-bjCAw-sgH2OJPKCjZcf0pmkOrcMYx0ladNsaN9Zc_IQrBg34phM7bpqxg0/s1600/5.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We can see that the OSPF hello process is one of the top processes in the list so it's not a very practical solution.</span><br />
<a href="https://www.blogger.com/blogger.g?blogID=3934012154598313421" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The other way to achieve this by using BFD. </span><br />
<div>
<br /></div>
<div>
<span style="font-family: Verdana, sans-serif;">A little bit of a background on BFD. </span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Verdana, sans-serif;">BFD (Bidirectional Forwarding Detection) is defined in RFC 5880. </span></li>
<li><span style="font-family: Verdana, sans-serif;">BFD is a UDP based protocol that provides very fast (in milliseconds) detection of layer 3 next-hop failure independent of routing protocol.</span></li>
<li><span style="font-family: Verdana, sans-serif;">BFD packets are smaller thank "hello" packets originated by routing protocols.</span></li>
<li><span style="font-family: Verdana, sans-serif;">If you router is running more than one IGP, you will still need only one BFD session per interface.</span></li>
<li><span style="font-family: Verdana, sans-serif;">There are two BFD modes i) Asynchronous ii) Demand (Demand mode is not supported by Cisco)</span></li>
</ul>
<div>
<span style="font-family: Verdana, sans-serif;">Ok, let's see how we can configure it. To configure BFD, we need to go under the interface and type</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">bfd interval <i>milliseconds </i>min_rx<i> milliseconds </i>multiplier<i> interval-multiplier</i> </span></div>
</div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">so for example,</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;"><b>bfd</b> <b>interval 60 min_rx 50 multiplier 3</b> where</span>
<span style="font-family: Verdana, sans-serif;"><br /><b>
60 </b>is the send-timer which specifies the frequency of BFD packets originated by router</span><br />
<span style="font-family: Verdana, sans-serif;"><b>50</b> is the receive-timer which represent the minimum interval between packets accepted from BFD peers</span><br />
<span style="font-family: Verdana, sans-serif;"><b>3 </b>is the multiplier which is the number of BFD packets can be lost before BFD peer id declared down<br />
<br />
To see BFD in action, let's change the OSPF hello/dead interval to a higher value like 60 seconds Hello and 180 seconds dead interval.
</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhr4F8E4b4yd8Ry0hDnCAobwFJNvkZBxpuDsAxR-ILqWg6yX4FeiI8wO3pn2MZZh7BNvtrFtAzE4Pnz5RGFvg-6iCYAzTHXY0Bj5knsXIhtKvQCjgsFZBMlfH-RlT3aEuJI22WvGcvqDeE/s1600/6.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhr4F8E4b4yd8Ry0hDnCAobwFJNvkZBxpuDsAxR-ILqWg6yX4FeiI8wO3pn2MZZh7BNvtrFtAzE4Pnz5RGFvg-6iCYAzTHXY0Bj5knsXIhtKvQCjgsFZBMlfH-RlT3aEuJI22WvGcvqDeE/s1600/6.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPVS2qgPwrBe7CenZbnVcH5COmD2Yl1V-66xJcSxC7Dz9cDPCu7MmAZw9OBoUdadfPZM0HkcfpAfNkPyKQN5OdzYPoXQFZBwH3l5stJ4gZ224SlPgLeqzKCM_YbQaokpXEK9EFWpSf_FE/s1600/7.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPVS2qgPwrBe7CenZbnVcH5COmD2Yl1V-66xJcSxC7Dz9cDPCu7MmAZw9OBoUdadfPZM0HkcfpAfNkPyKQN5OdzYPoXQFZBwH3l5stJ4gZ224SlPgLeqzKCM_YbQaokpXEK9EFWpSf_FE/s1600/7.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: Verdana, sans-serif;">Now let's see what happens if the link between ESW1 and ESW2 goes down.</span></div>
<div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwddXI7MIpczE-VHKMXaClYwTGIfzrKFXqOyEIKpvneT6KW9h6z38y316XX57aBpqvHVxsN70wxxIbTTQ8TC8RBFq-9-c1IpEXQ_bUVJX60a6bKQrOLrKqzmAXDo1dd1unQwlRCYZa2ko/s1600/8.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwddXI7MIpczE-VHKMXaClYwTGIfzrKFXqOyEIKpvneT6KW9h6z38y316XX57aBpqvHVxsN70wxxIbTTQ8TC8RBFq-9-c1IpEXQ_bUVJX60a6bKQrOLrKqzmAXDo1dd1unQwlRCYZa2ko/s1600/8.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZaO4vsDQ54w4NA3g8BBAQdWRa-D_RR7tp4KX89PdgVGfGrpNhnTvg_ME6oD3oU6sPeVKqOS36d0dpN8X0Jo-KnDfG_eDb6GLW8BaFzAnd_csqPBfZHHfiaqiA7pGGpOSFOY2xm6jv1Hw/s1600/9.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZaO4vsDQ54w4NA3g8BBAQdWRa-D_RR7tp4KX89PdgVGfGrpNhnTvg_ME6oD3oU6sPeVKqOS36d0dpN8X0Jo-KnDfG_eDb6GLW8BaFzAnd_csqPBfZHHfiaqiA7pGGpOSFOY2xm6jv1Hw/s1600/9.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: Verdana, sans-serif;">It took few minutes for OSPF adjacency to go down after the link was shut. I will unshut the link now.</span><br />
<div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We will keep the OSPF timers as it is and implement BFD to improve the failure detection time.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's configure BFD on R1 and R2, I will use minimum timers which is 50ms send-timer, 50ms receive-timer and 3 as the multiplier.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgf_npUlug_1Z71OMlyCrcS-YHNRgXLmykhgswglNP65gpM89hhFopK_EvuUXGKE1DjV0gGacwhJUEKMk19-Xz_T5OextMupLDfeyvfVkvJcraU91kmqG-Nw5cVwypCaFnP7tLrug44H9g/s1600/10.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgf_npUlug_1Z71OMlyCrcS-YHNRgXLmykhgswglNP65gpM89hhFopK_EvuUXGKE1DjV0gGacwhJUEKMk19-Xz_T5OextMupLDfeyvfVkvJcraU91kmqG-Nw5cVwypCaFnP7tLrug44H9g/s1600/10.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgcWCNVLZkd8wfbpbpiyO2PsQQy6WJcBDlCYLwxfQ6ge0w2qoD7em_8BD1Rh27h-YiWlP702o-pwG2j7FYae8hyphenhyphenn9s2WiBoo2zCjew9W7tdp_4LmlbzhhBA9UFAlhP28Q71vv2rfZCdQuE/s1600/11.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgcWCNVLZkd8wfbpbpiyO2PsQQy6WJcBDlCYLwxfQ6ge0w2qoD7em_8BD1Rh27h-YiWlP702o-pwG2j7FYae8hyphenhyphenn9s2WiBoo2zCjew9W7tdp_4LmlbzhhBA9UFAlhP28Q71vv2rfZCdQuE/s1600/11.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: Verdana, sans-serif;">Now we have to associate this BFD process with the routing protocol. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiF8rg9Ofjc98mKnd-Jv8DcbNqbtBV7EexJZfryeyYKmHw5qBWuZMwLZwrRL3Sb0ATPY5qsRhXQrS5aJ7GRPlh8_Gt7hcDW3Us4Dn0FIR1kAKOy0ccKS2VaF9AzF2AY-Veq3XAicmF_X3M/s1600/12.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiF8rg9Ofjc98mKnd-Jv8DcbNqbtBV7EexJZfryeyYKmHw5qBWuZMwLZwrRL3Sb0ATPY5qsRhXQrS5aJ7GRPlh8_Gt7hcDW3Us4Dn0FIR1kAKOy0ccKS2VaF9AzF2AY-Veq3XAicmF_X3M/s1600/12.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoWAZteUVCqB1D8XnY1SWTSqtcMgujBXCAI7DGBaHo-z56ui17qQW42ycHzFkCXi3dYry9-RI7V-ROHKOOuOA5kxHdPRhfe7-mRsD_v2Hc6nDNAFjIHpKYKYXTymAqi9voRjvR3dtptsc/s1600/13.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhoWAZteUVCqB1D8XnY1SWTSqtcMgujBXCAI7DGBaHo-z56ui17qQW42ycHzFkCXi3dYry9-RI7V-ROHKOOuOA5kxHdPRhfe7-mRsD_v2Hc6nDNAFjIHpKYKYXTymAqi9voRjvR3dtptsc/s1600/13.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">If we check the OSPF interface status, </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHH1sxHf_EbMHQ0FWqGrnt0MnjNyF0sfC4JH1DVJYJCHVlGi1AYcfBnBHfi7iw0RRdVkBaUt-B55cWhAuSJKk8BMcwCCxev-x1JJa94pwZ7MKjqRpE8if9LQPL4Zrb5KEPxcI2x37PCNA/s1600/14.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHH1sxHf_EbMHQ0FWqGrnt0MnjNyF0sfC4JH1DVJYJCHVlGi1AYcfBnBHfi7iw0RRdVkBaUt-B55cWhAuSJKk8BMcwCCxev-x1JJa94pwZ7MKjqRpE8if9LQPL4Zrb5KEPxcI2x37PCNA/s1600/14.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">We can see that BFD is enabled for OSPF.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">One can also use "show bfd neighbours" command to verify the status of BFD.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi55Pb5voT-yWkpwGP6h5odMKK-yMzWAARD85raQpUmBrr_RICb4FJlULOFjkGUC4gSBOIIqttz-aNQG2d0nPpaihSQCnaYLEeSq0JpgBAzVoHzq3h_O2vRekR2Lm65-c3akCQL8ZHUAEo/s1600/15.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi55Pb5voT-yWkpwGP6h5odMKK-yMzWAARD85raQpUmBrr_RICb4FJlULOFjkGUC4gSBOIIqttz-aNQG2d0nPpaihSQCnaYLEeSq0JpgBAzVoHzq3h_O2vRekR2Lm65-c3akCQL8ZHUAEo/s1600/15.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's try and fail the link between the switches</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwsSiFk3OEXvJETFZUNv-T3fuGaFQcY__H2eqtsuyXJ6esiUQnjdCXyxZaxy8rivLxScZZ9ssNM6zGO627uhkCUs7q08_kw6y7XI71z6CuyWrTvXwr2hzHWUBy8YCqqwAxKSbXVSLkM2Q/s1600/16.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwsSiFk3OEXvJETFZUNv-T3fuGaFQcY__H2eqtsuyXJ6esiUQnjdCXyxZaxy8rivLxScZZ9ssNM6zGO627uhkCUs7q08_kw6y7XI71z6CuyWrTvXwr2hzHWUBy8YCqqwAxKSbXVSLkM2Q/s1600/16.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEikN9XiIWqP1UFLLCNehHR-mmVp69b809cQ2clKGD9l8lQC4-9oPCJsWZP7QuPYXb4-OLTUkDZ0HkAsiPLw-Qjrj8n1HsCvyrh9GVKTeYgrc7cIQGtOuepZR7_QB8EHmJmH6ZnanjDJJHU/s1600/17.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEikN9XiIWqP1UFLLCNehHR-mmVp69b809cQ2clKGD9l8lQC4-9oPCJsWZP7QuPYXb4-OLTUkDZ0HkAsiPLw-Qjrj8n1HsCvyrh9GVKTeYgrc7cIQGtOuepZR7_QB8EHmJmH6ZnanjDJJHU/s1600/17.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The OSPF adjacency failed straight after the link between the switches went down. It even beat the log message that was generated on the switch!!</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The same BFD session can be associated with multiple protocols on a single router. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">BFD can be used with static route, EIGRP, BGP, IS-IS and also HSRP! </span><span style="font-family: Verdana, sans-serif;">To implement BFD, CEF and IP routing must be enabled on router. More information on this can be found at http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/fs_bfd.html</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
</div>
</div>
</div>
Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com0tag:blogger.com,1999:blog-3934012154598313421.post-88846734179825325132015-05-07T14:44:00.001+01:002015-05-07T14:56:21.063+01:00Multicast Notes<div dir="ltr" style="text-align: left;" trbidi="on">
<b style="font-family: Verdana, sans-serif;"><u>Well Known Multicast Addresses</u></b><br />
<b style="font-family: Verdana, sans-serif;"><br /></b>
<span style="font-family: Verdana, sans-serif;">224.0.0.1 - All Hosts</span><br />
<span style="font-family: Verdana, sans-serif;">224.0.0.2 - All Multicast Routers</span><br />
<span style="font-family: Verdana, sans-serif;">224.0.0.9 - RIPv2 Routers</span><br />
<span style="font-family: Verdana, sans-serif;">224.0.0.10 - EIGRP Routers</span><br />
<span style="font-family: Verdana, sans-serif;">224.0.0.12 - HSRPv2</span><br />
<span style="font-family: Verdana, sans-serif;">224.0.0.13 - PIM Routers</span><br />
<span style="font-family: Verdana, sans-serif;">224.0.0.22 - IGMPv3</span><br />
<span style="font-family: Verdana, sans-serif;">224.0.1.1 - NTP</span><br />
<span style="font-family: Verdana, sans-serif;">224.0.1.39 - Cisco-RendezvousPoint-Announce</span><br />
<span style="font-family: Verdana, sans-serif;">224.0.1.40 - Cisco-RendezvousPoint-Discovery</span><br />
<span style="font-family: Verdana, sans-serif;">232.0.0.0/8 - Reserved for SSM</span><br />
<span style="font-family: Verdana, sans-serif;">233.0.0.0/8 - GLOP address range</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<b style="font-family: Verdana, sans-serif;"><u>PIM (Protocol Independent Multicast)</u></b><br />
<ul style="text-align: left;">
<li><span style="font-family: Verdana, sans-serif;">Protocol independent means that it can work with any unicast routing protocol </span></li>
<li><span style="font-family: Verdana, sans-serif;">Pim can be implemented in three modes: sparse mode, dense mode and sparse-dense mode.<a name='more'></a></span></li>
</ul>
<span style="font-family: Verdana, sans-serif;"><u>Dense mode:</u></span><br />
<ul style="text-align: left;">
<li><span style="font-family: Verdana, sans-serif;">It uses flood and prune method. Initially the multicast packets will be flooded throughout the network until the packet reach the leaf routers.</span></li>
<li><span style="font-family: Verdana, sans-serif;">The initial flooding ensures that every router has a chance to continue to receive multicast traffic for a specific group. If a leaf router has no </span><span style="font-family: Verdana, sans-serif;">hosts that need this multicast group's traffic. the leaf router will send a Prune message to the upstream router. </span></li>
<li><span style="font-family: Verdana, sans-serif;">If the upstream router receiving the prune also has no hosts that need this </span><span style="font-family: Verdana, sans-serif;">multicast group's traffic, that router will then send a Prune to its upstream </span><span style="font-family: Verdana, sans-serif;">neighbour as well.</span></li>
<li><span style="font-family: Verdana, sans-serif;">In this mode, the tree gets build from the root down to the branches. One can see a (S,G) entry as source information gets flooded across the network. </span></li>
</ul>
<u style="font-family: Verdana, sans-serif;">Sparse mode</u><span style="font-family: Verdana, sans-serif;">:</span><br />
<ul style="text-align: left;">
<li><span style="font-family: Verdana, sans-serif;">It uses two type of trees. A shared tree (*,G) and a source tree (S,G). When a server starts sending the multicast feed, the receiving device will </span><span style="font-family: Verdana, sans-serif;">register the source to the RP (Rendezvous point) by using PIM register message. </span></li>
<li><span style="font-family: Verdana, sans-serif;">At this point, RP will create a (S,G) entry in it's mroute table.</span></li>
<li><span style="font-family: Verdana, sans-serif;">when a host sends a request to join a specific multicast group. The device which receives the IGMP report message will create a (*,G) entry towards RP.</span></li>
<li><span style="font-family: Verdana, sans-serif;">When RP becomes aware that there is a host requesting the specific multicast feed for which it has (S,G) entry. It will start sending the packets towards the host.</span></li>
<li><span style="font-family: Verdana, sans-serif;">On receipt of the first multicast packet, the last hop device will switch over from shared tree (*,G) to SPT (S,G).</span></li>
<li><span style="font-family: Verdana, sans-serif;">The traffic will now flow from the sender to the receiver without traversing through RP.</span></li>
<li><span style="font-family: Verdana, sans-serif;">This behaviour can be changed by using "ip pim spt-threshold" command. </span></li>
</ul>
<span style="font-family: Verdana, sans-serif;"><u>Sparse-Dense mode:</u></span><br />
<div>
<ul style="text-align: left;">
<li><span style="font-family: Verdana, sans-serif;">When the network needs to support both dense and sparse mode, once can configure the interfaces on the devices with sparse-dense mode. This means that each multicast group will either use Dense mode or Sparse mode.</span></li>
<li><span style="font-family: Verdana, sans-serif;">If there is no RP for a group, it will default to dense mode</span></li>
</ul>
<br />
<u><span style="font-family: Verdana, sans-serif;"></span>
<span style="font-family: Verdana, sans-serif;">
<b>RPF (Reverse Path Forwarding) Check</b></span></u><br />
<ul style="text-align: left;">
<li><span style="font-family: Verdana, sans-serif;">The different between unicast and multicast is that the unicast packets is routed towards destination while multicast packets is routes "away" from the source.</span></li>
<li><span style="font-family: Verdana, sans-serif;">The multicast packets can arrive on a device from multiple direction, the device has to decide which path to use to reach the source. The RPF check ensure that and prevents a potential loop in the multicast network.</span></li>
<li><span style="font-family: Verdana, sans-serif;">The RPF Check is run against incoming multicast packets. The device examines the interface that the packet arrived on. If the </span><span style="font-family: Verdana, sans-serif;">packet comes in on an upstream interface - that is, an interface found on the reverse path that leads back to the source (based on Unicast routing table), the packet passes the </span><span style="font-family: Verdana, sans-serif;">check and will be forwarded. If the packet comes in on any other interface, the packet is dropped.</span></li>
<li><span style="font-family: Verdana, sans-serif;">One way to get around RPF issue would be to ensure that all interfaces on device have multicast enabled on them however this may not always be possible.</span></li>
<li><span style="font-family: Verdana, sans-serif;">The other way to resolve the issue is to use static multicast route by using "ip mroute [source subnet] [mask] [incoming interface] ". One can also use mBGP to achieve the same.</span></li>
</ul>
<b><span style="font-family: Verdana, sans-serif;"><u>IGMP (Intenet Group Management Protocol)</u></span></b><br />
<ul style="text-align: left;">
<li><span style="font-family: Verdana, sans-serif;">IGMP is used to allow end host to communicate to the router to inform that it wants to subscribe to a specific multicast feed.</span></li>
<li><span style="font-family: Verdana, sans-serif;">There are three versions of IGMP in today's networks.</span></li>
</ul>
<span style="font-family: Verdana, sans-serif;"> IGMP v1: RFC 1112</span><br />
<span style="font-family: Verdana, sans-serif;"> IGMP v2: RFC 2236</span><br />
<span style="font-family: Verdana, sans-serif;"> IGMP v3: RFC 3376</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div>
<span style="font-family: Verdana, sans-serif;"><u>IGMPv1:</u></span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Verdana, sans-serif;">A host running IGMP v1 will send a Membership Report message to its local router, indicating what multicast group the host wishes to join. </span></li>
<li><span style="font-family: Verdana, sans-serif;">If there are multiple routers on the segment, there will be a router selected as IGMPv1 querier. This router will send a query onto segment every 60 seconds.</span></li>
<li><span style="font-family: Verdana, sans-serif;">The query will be sent on the 224.0.0.1 (all hosts). A host must respond to this query with membership request if it wants to join a multicast group or wants to continue it's membership in a group.</span></li>
<li><span style="font-family: Verdana, sans-serif;">One of the limitation of this version is that there is no way for a host to leave a group. It will take upto 3 minutes after the client has stopped listening before the traffic flow will stop.</span></li>
</ul>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><u>IGMPv2:</u></span></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Verdana, sans-serif;">The major difference between v1 and v2 is that v2 hosts that wish to leave a group do not just stop sending membership reports. There is no three minute wait for the membership to age out.</span></li>
<li><span style="font-family: Verdana, sans-serif;">IGMPv2 hosts send a leave message to the multicast group 224.0.0.2 (all routers) on the segment.</span></li>
</ul>
<span style="font-family: Verdana, sans-serif;"><br /><u>IGMPv3:</u></span></div>
<div>
<span style="font-family: Verdana, sans-serif;"></span><br />
<ul style="text-align: left;"><span style="font-family: Verdana, sans-serif;">
<li>The major improvement on v3 is that this version added support for SSM (Source Specific Multicast). This allows hosts to not only specify the group they wish to subscribe but also the source of the multicast traffic.</li>
</span></ul>
<span style="font-family: Verdana, sans-serif;">
</span>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><b><u>RP Discovery</u></b></span></div>
<div>
<ul>
<li><span style="font-family: Verdana, sans-serif;">RP (Rendezvous Point) address can be statically assigned on each device in the multicast network however it't not an ideal method if the network has many devices.</span></li>
<li><span style="font-family: Verdana, sans-serif;"> There are couple of dynamic methods to propagate RP information in the network.</span></li>
</ul>
<span style="font-family: Verdana, sans-serif;"> i. AutoRP (Cisco Proprietary)</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"> ii. BSR (Bootstrap Router)</span></div>
<div>
<u style="font-family: Verdana, sans-serif;"><br /></u><u style="font-family: Verdana, sans-serif;">AutoRP:</u></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Verdana, sans-serif;">This method consists two parts, configuration of the mapping agent and candidate RP.</span></li>
<li><span style="font-family: Verdana, sans-serif;">The candidate RP is the router which wants to become the (Rendezvous Point). This can be configured using "ip pim send-rp announce". The candidate RP will communicate with the mapping agent on 224.0.1.39. </span></li>
<li><span style="font-family: Verdana, sans-serif;">The mapping agent can be configured by using "ip pim send-rp discovery". "The mapping agent will propagate this information on the network using multicast address 224.0.1.40.</span></li>
<li><span style="font-family: Verdana, sans-serif;">The issue with AutoRP is that you need the multicast to setup multicast. The solution which Cisco came up with was the command "ip pim autorp listener". This command allows all groups to run in sparse mode apart from the ones needed for AutoRP (224.0.1.39 & 224.0.1.40).</span></li>
</ul>
<u style="font-family: Verdana, sans-serif;">BSR:</u></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Verdana, sans-serif;">PIMv2 offers an open-standard method of RP selection which is called Bootstrap router (BSR).</span></li>
<li><span style="font-family: Verdana, sans-serif;">It is very similar to AutoRP where instead of Candidate RP and Mapping agent, we have Candidate RP and BSR candidate. </span></li>
<li><span style="font-family: Verdana, sans-serif;">The commands to configure Candidate RP and BSR candidate are "ip pim rp-candidate" and "ip pim bsr-candidate" respectively.</span></li>
<li><span style="font-family: Verdana, sans-serif;">BSR message gets flooded hop-by-hop throughout the entire network using PIM.</span></li>
</ul>
</div>
<div>
<b style="font-family: Verdana, sans-serif;"><u>BIDIR-PIM</u></b></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Verdana, sans-serif;">Bidirectional PIM is an extension of PIM-SM. In this mode multicast traffic can flow in both directions. The sources of the multicast feeds can also be the potential receivers as well and vice versa.</span></li>
<li><span style="font-family: Verdana, sans-serif;">There will not be (S,G) entry on the routers running BIDIR PIM. The router will only create (*,G) entry.</span></li>
<li><span style="font-family: Verdana, sans-serif;">PIM-Bidir can send and receive multicast traffic for the same group along the same shared-tree.</span></li>
</ul>
</div>
<div>
<b style="font-family: Verdana, sans-serif;"><u>SSM (Source Specific Multicast)</u></b></div>
<div>
<ul style="text-align: left;">
<li><span style="font-family: Verdana, sans-serif;">In SSM, the host can select the source of the multicast in addition to the multicast stream. The host must support IGMPv3.</span></li>
<li><span style="font-family: Verdana, sans-serif;">As the host decide the source while sending the IGMP membership report, there will not be any (*,G) entry created on the router. All the routers along the path will only have (S,G).</span></li>
<li><span style="font-family: Verdana, sans-serif;">Normally 232.0.0.0/8 range is used for SSM.</span></li>
</ul>
<b style="font-family: Verdana, sans-serif;"><u>Anycast RP & MSDP</u></b><br />
<div>
<ul style="text-align: left;">
<li><span style="font-family: Verdana, sans-serif;">Anycast RP provides failover for RP and allows for load-balancing. In this method two or more RPs are configured with the same IP address on loopback interfaces. The sender and receiver of the multicast feed will select the "nearest" RP.</span></li>
<li><span style="font-family: Verdana, sans-serif;">Both the RPs can share information about active source using MSDP (Multicast Source Discovery Protocol)</span></li>
<li><span style="font-family: Verdana, sans-serif;">The MSDP peer can be configured by using "</span><span style="font-family: Verdana, sans-serif;">ip msdp peer <<peer IP>> connect-source <<Local loopback IP>></span><span style="font-family: Verdana, sans-serif;">". The loopback interfaces for MSDP peering must be different than the ones used as RP address.</span></li>
</ul>
</div>
</div>
<div>
<b style="font-family: Verdana, sans-serif;"><u>Mapping of Multicast IP to MAC address</u></b></div>
<div>
<div style="text-align: left;">
</div>
<ul style="text-align: left;">
<li><span style="font-family: Verdana, sans-serif;">OUI of multicast MAC is always 01-00-5e.</span></li>
<li><span style="font-family: Verdana, sans-serif;">The range of multicast MAC address is 01-00-5e-00-00-00 through 01-00-5e-7f-ff-ff.</span></li>
<li><span style="font-family: Verdana, sans-serif;">To convert Multicast IP address to MAC address i. </span><span style="font-family: Verdana, sans-serif;">Convert ip address to binary e.g. for 224.0.0.12 it will be 11100000 00000000 00000001 00001100 ii. </span><span style="font-family: Verdana, sans-serif;">Convert the last 23 bits into HEX. The 25th bit is always set to 0 (the bit after OUI) e.g. 0000000 00000001 00001100 Hex: 00 01 0c iii. </span><span style="font-family: Verdana, sans-serif;">The corresponding MAC address is 00-01-5e-00-01-0c</span></li>
<li><span style="font-family: Verdana, sans-serif;">There can be few cases where a single MAC address can represent multiple multicast IP addresses. (e.g. 224.0.0.12 and 224.128.1.12, corresponding MAC address is the same for both).</span><span style="font-family: Verdana, sans-serif;"> </span></li>
</ul>
</div>
<br /></div>
</div>
Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com0tag:blogger.com,1999:blog-3934012154598313421.post-25672375899108157962015-04-14T17:10:00.000+01:002015-06-30T12:36:15.688+01:00Layer 2 MPLS VPN (AToM)<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: Verdana, sans-serif;">In the previous post, we have seen the configuration of Layer 3 VPN. </span><span style="font-family: Verdana, sans-serif;">here we will see how we can configure Layer 2 VPN. </span><br />
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">Layer 3 VPN requires the PE participating in the CE routing. </span><span style="font-family: Verdana, sans-serif;">Sometimes PE cannot support specific routing protocol as required by the customer or </span><span style="font-family: Verdana, sans-serif;">the CE devices may not be IP aware.</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">Also customer will have to involve the service provider if they want to do any routing changes.</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">Layer 2 VPN resolves this issue by providing a layer 2 connectivity between CEs, effectively providing a broadcast domain. Customer can run any routing protocol between the CEs and will be in full control of the routing.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Generally it's done by using AToM (Any transport over MPLS) or L2TPV3 (Layer 2 tunnelling protocol). </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The key difference between both the methods is that AToM uses the MPLS as the transport while L2TPV3 uses IP. </span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">Let's look at the below scenario and see how we can implement this. We will use AToM in our example.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: Verdana, sans-serif;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPhZ7AxGvt48er-D32RaBuuCg5cnn-pzVPLsMDWAhfOY6NCKxNsG2ksIvvpzneqiuibPx-GwQigWYMlXSrUZdeKVgvW_C4fABPx0qnI_io4GvC-Tv1v8lDxTlBSV4fxCU0SRWiZHPoD3w/s1600/AToM.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="308" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPhZ7AxGvt48er-D32RaBuuCg5cnn-pzVPLsMDWAhfOY6NCKxNsG2ksIvvpzneqiuibPx-GwQigWYMlXSrUZdeKVgvW_C4fABPx0qnI_io4GvC-Tv1v8lDxTlBSV4fxCU0SRWiZHPoD3w/s640/AToM.jpg" width="640" /></a></span></div>
</div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<a name='more'></a><span style="font-family: Verdana, sans-serif;">As shown in the diagram, the CEs (R1 and R6) are connected to the PEs (R2 and R5). Both CE1 and CE2 are in the same subnet and configured with the ip address 10.1.1.1/24 and 10.1.1.6/24.</span><br />
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">We are already running MP-BGP in the core. and provide a single broadcast domain between the CEs.</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">Let's do the configuration step by step</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">First let's check if there is an LSP between the loopback IPs of the PEs</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIPlU0HkH9GdDzRuaIHIqHU7kTQvzUmf6wFnf_i0fZBiHJsHgOfsEI9GD0RUbjq0S2yh2IahAOzXFDZo8CcRIbHm1ZS6D_PSTYdLCidg19zUwcJvg_ApRN4dgr6uHBrVMR-2E_lBn-cJM/s1600/4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIPlU0HkH9GdDzRuaIHIqHU7kTQvzUmf6wFnf_i0fZBiHJsHgOfsEI9GD0RUbjq0S2yh2IahAOzXFDZo8CcRIbHm1ZS6D_PSTYdLCidg19zUwcJvg_ApRN4dgr6uHBrVMR-2E_lBn-cJM/s1600/4.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">Now we will configure CE1 and CE2 with basic IP addresses</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWGze1i8PfoXfz9tB7xE4F1PsVbJQ4qtJUpt1yCM1ao0RSsm6AE6a5xB71CiIXozxHheqNO6V23CW_IwW9p-xNmVGMq3B981mQinaWMESoVaM4bMF8-4MZJInqg5nqkU_Yng08mHgC1TQ/s1600/1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWGze1i8PfoXfz9tB7xE4F1PsVbJQ4qtJUpt1yCM1ao0RSsm6AE6a5xB71CiIXozxHheqNO6V23CW_IwW9p-xNmVGMq3B981mQinaWMESoVaM4bMF8-4MZJInqg5nqkU_Yng08mHgC1TQ/s1600/1.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjOVJZHABwEP8LtbZvohNBNbUGliYJPhMFURC-T7aPaSSsQNsxeMMQp1B9ALnlalpWa3DOuTbjg-BxsWESRnkXPznG4GJr52hJjJZxiwGNAbBGjL5q7kJekIP0hhdle9DP2FGXnVTJj9o/s1600/2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjOVJZHABwEP8LtbZvohNBNbUGliYJPhMFURC-T7aPaSSsQNsxeMMQp1B9ALnlalpWa3DOuTbjg-BxsWESRnkXPznG4GJr52hJjJZxiwGNAbBGjL5q7kJekIP0hhdle9DP2FGXnVTJj9o/s1600/2.PNG" /></a></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">On R2, we will configure "xconnect" command on the interface connecting to the CE R1.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1vBWLpcusLcz-Kecjw4fwCok2Xw_t1A6yXWk_IAZekx7xOCHB4L2NF6ioR_YXE4T2UA4R5QvTkw7DczOVWPUDDvRoqsWbOeZuRk6mU6njUY5osc7x6o6nowvwA3jtDOrbswbGPbdxuEE/s1600/3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1vBWLpcusLcz-Kecjw4fwCok2Xw_t1A6yXWk_IAZekx7xOCHB4L2NF6ioR_YXE4T2UA4R5QvTkw7DczOVWPUDDvRoqsWbOeZuRk6mU6njUY5osc7x6o6nowvwA3jtDOrbswbGPbdxuEE/s1600/3.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">The peer IP will be 5.5.5.5 which is the loopback IP on the R5.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUGPJK-zF2onwPLS8uV3-hHtxbdGN3_o0RgHd3ZIq2tFi-2W-ypuR7T9Ug6mqaExTMkrw15HdUaxfsOCtbDr4zrOqJwfUZEp9n-h2LpuZv9ZjbGCbRjedRPz5OMXii69BL1Uqzca6PkiA/s1600/5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUGPJK-zF2onwPLS8uV3-hHtxbdGN3_o0RgHd3ZIq2tFi-2W-ypuR7T9Ug6mqaExTMkrw15HdUaxfsOCtbDr4zrOqJwfUZEp9n-h2LpuZv9ZjbGCbRjedRPz5OMXii69BL1Uqzca6PkiA/s1600/5.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The VC (Virtual circuit) id can be any number but it has to be the same on both the PEs. We will use 100 as the VC ID.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRm8mNAfSNrv85Opbln3rFB-g4YWxryzSnS6R9X-jTfgaj7FUm_OuLOMl7JquFJGTnHp7KxQXDj2bMoOPSFAxfDeoGKO04HvX4BHpHVohHNmLzlnnlNbTMIJpMjvg8_OaSMS4Bn4EffjA/s1600/6.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRm8mNAfSNrv85Opbln3rFB-g4YWxryzSnS6R9X-jTfgaj7FUm_OuLOMl7JquFJGTnHp7KxQXDj2bMoOPSFAxfDeoGKO04HvX4BHpHVohHNmLzlnnlNbTMIJpMjvg8_OaSMS4Bn4EffjA/s1600/6.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Our implementation uses MPLS for transport so we will use mpls as encapsulation. The l2tpv3 can be used when we want to use IP network as the transport.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-ELiZ_8rhGAazW9myctf81SViz6pZ-A48UfzqSPxZh3VBPn3f9vs88EhjWGZMIZfaamsRvIECmahwYN6HZXy9Oww0IEz4dZo1PPq_3AGr8gVQay0hajCAfz-dBydpyWSY6Lj1NI4QxD4/s1600/7.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-ELiZ_8rhGAazW9myctf81SViz6pZ-A48UfzqSPxZh3VBPn3f9vs88EhjWGZMIZfaamsRvIECmahwYN6HZXy9Oww0IEz4dZo1PPq_3AGr8gVQay0hajCAfz-dBydpyWSY6Lj1NI4QxD4/s1600/7.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We will apply similar config on R5</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsfZNiPl3slYurwH6dqekklNLRVIRR1BPeDlKQTakONJGAih4hxi4p983XcUhISwBlwYp9O6Mb8b_Eeuzd9RAdaCbmb2ZoLaKDB1YcpiCR5If3MGLLCDE0J-bLRlYiBWOV487KcAWHWSY/s1600/8.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjsfZNiPl3slYurwH6dqekklNLRVIRR1BPeDlKQTakONJGAih4hxi4p983XcUhISwBlwYp9O6Mb8b_Eeuzd9RAdaCbmb2ZoLaKDB1YcpiCR5If3MGLLCDE0J-bLRlYiBWOV487KcAWHWSY/s1600/8.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">If we check the mpls forwarding-table</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1e3giBPCTnD-GKbyApbwMs8xRdBfjsvTTS9Hkl_l3qvFBdo4W7-aDvrnBfcVxjMm1lTi7xEMpnAQdmqQo19szVdXqtkQOYuCUh2e_X_pJtSUg0Wo11ZKuqIXIriKqELsyX5sqnW9eCj8/s1600/9.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1e3giBPCTnD-GKbyApbwMs8xRdBfjsvTTS9Hkl_l3qvFBdo4W7-aDvrnBfcVxjMm1lTi7xEMpnAQdmqQo19szVdXqtkQOYuCUh2e_X_pJtSUg0Wo11ZKuqIXIriKqELsyX5sqnW9eCj8/s1600/9.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">it shows the label 205 associated with l2ckt (layer 2 circuit) with VC ID 100. There is no nexthop as it's layer 2 connection.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2pmkMYPUYemnp5rQ3LLs_TNxisdYdzV8rAiA1i0AM3UHT-Ikrqpi194tV_MHv1EOd94F-OoCEHXof4CT-g8f5wYjbxUhmibXOk1LMzvDaDK5BACMsFz7Omcjmo_6EuBMKulicl0lIZBo/s1600/10.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2pmkMYPUYemnp5rQ3LLs_TNxisdYdzV8rAiA1i0AM3UHT-Ikrqpi194tV_MHv1EOd94F-OoCEHXof4CT-g8f5wYjbxUhmibXOk1LMzvDaDK5BACMsFz7Omcjmo_6EuBMKulicl0lIZBo/s1600/10.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We can also verify that there is an active virtual circuit from R2 to R5.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's check the connectivity between CEs (R1 to R6)</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_ZgODP9o1zg6x-7rnUmRyGDs4OEzfbBaVuRRsZV_5YRh6DqoVzDUQDqy8FE-ZEH-u0l7IGrUJPcMpiwLTDOLpRNEFktSJaxHoYwqhyphenhyphenfb50QO-yjKV7kxVGz_KMsWY296aHlGh65dvnYw/s1600/11.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_ZgODP9o1zg6x-7rnUmRyGDs4OEzfbBaVuRRsZV_5YRh6DqoVzDUQDqy8FE-ZEH-u0l7IGrUJPcMpiwLTDOLpRNEFktSJaxHoYwqhyphenhyphenfb50QO-yjKV7kxVGz_KMsWY296aHlGh65dvnYw/s1600/11.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The arp table on R1 shows the mac-address of R6's Ethernet interface.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuDs9PciwIGOoDAG-8oIXyGeZytqrIIcldyp-1GPlJaTYa5NkTWk9lggUFAv_SMWL7_dMosmBnLrCLSI17h9g9YxQjA32F7fVLMnVCG2kvpmQs0M8IwdAP4qu4-9UwsZO0JeM3nEzzKh0/s1600/12.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiuDs9PciwIGOoDAG-8oIXyGeZytqrIIcldyp-1GPlJaTYa5NkTWk9lggUFAv_SMWL7_dMosmBnLrCLSI17h9g9YxQjA32F7fVLMnVCG2kvpmQs0M8IwdAP4qu4-9UwsZO0JeM3nEzzKh0/s1600/12.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMyCkiYNmHeKEzQWJcQpWr6OdfV6VtN_Nl3bCiCJLA1hGBSUuVMzh9LQxSAHC67J7_NN-4wgw63ju-LXTFz9yRqxWFcgzuUNIYKjTZhzRUknsAKVW1ndTeXnn8Hk20ZgR9_bYQXrTh7Fc/s1600/13.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMyCkiYNmHeKEzQWJcQpWr6OdfV6VtN_Nl3bCiCJLA1hGBSUuVMzh9LQxSAHC67J7_NN-4wgw63ju-LXTFz9yRqxWFcgzuUNIYKjTZhzRUknsAKVW1ndTeXnn8Hk20ZgR9_bYQXrTh7Fc/s1600/13.PNG" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">Customer can also run any routing protocol between the CEs. Let's configure OSPF.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDkIlmX6zM0sjGsptnSPZOKr7bQSyUVmb4O532VA86YGXXAlO7UI2CoqJMKGcZZg_8ZRERQHWNdO48LzIVX9h3ASx6qa1ZeNKun_SPPZXZgFBxxRuZmM0eja7fAV2mnxS4TVKw2qaMTto/s1600/14.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDkIlmX6zM0sjGsptnSPZOKr7bQSyUVmb4O532VA86YGXXAlO7UI2CoqJMKGcZZg_8ZRERQHWNdO48LzIVX9h3ASx6qa1ZeNKun_SPPZXZgFBxxRuZmM0eja7fAV2mnxS4TVKw2qaMTto/s1600/14.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjX8fyCMSBo5svS2OroF7_axk78fLOW2kG3qyAiWbF5BLZ26Vf5ruxX12cDGAGZ2-7qQmOOIfmspVEw_w1Ch8NjS8gd2aGtlimMXtkip9Ah6vXgs3D8kfbx6hMv6utcOs_BItArAy-AcUY/s1600/15.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjX8fyCMSBo5svS2OroF7_axk78fLOW2kG3qyAiWbF5BLZ26Vf5ruxX12cDGAGZ2-7qQmOOIfmspVEw_w1Ch8NjS8gd2aGtlimMXtkip9Ah6vXgs3D8kfbx6hMv6utcOs_BItArAy-AcUY/s1600/15.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgifDnIOz4_Uz86Y1ntZedgBOM5rIciBWC_XPTArf6suHj_Vts-V00wsfmInf10ocJQqHYyjqdMfrY9TAdY6C4XxYKCE-lPs9__dagEqq-Rboxz2XC5bsDTln4SG1F8Ql4PtnNzlKRHGPA/s1600/16.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgifDnIOz4_Uz86Y1ntZedgBOM5rIciBWC_XPTArf6suHj_Vts-V00wsfmInf10ocJQqHYyjqdMfrY9TAdY6C4XxYKCE-lPs9__dagEqq-Rboxz2XC5bsDTln4SG1F8Ql4PtnNzlKRHGPA/s1600/16.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The OSPF adjacency has come up. Now customer can advertise prefixes and control the routing without involving service provider.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">One limitation of using this method is that we can only create point to point tunnels using this method. If there are multiple locations and customer wants a single broadcast domain between them then we have to use "VPLS (Virtual Private LAN Service)" which we will discuss in future post.</span></div>
</div>
Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com9tag:blogger.com,1999:blog-3934012154598313421.post-37199223491141776882015-04-01T15:13:00.000+01:002015-04-01T15:21:28.486+01:006VPE<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: Verdana, sans-serif;">6VPE (IPv6 VPN Provider Edge Router) is a feature which connects the customer sites configured with IPv6 addressing over the existing IPv4 MPLS backbone.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">In our last post, we have seen how we can configure standard Layer 3 MPLS connection on Cisco routers and advertise customer's IPv4 prefixes over that. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We will use the same topology for 6VPE however we will configure IPv6 addresses between PE to CE (R1-R2 and R5-R6) and on the Loopbacks of the CEs (R1 and R6).</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">This is how our topology looks like</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVUkTpAAALhqWiIAUF4qMnMyL7izQkUMn87ZKC6PG9G9VmSn83JLg_6UESl4n_K3DzPsdzWm_tHjzS4UPbhYH2C10yEu0LNnKZQtKhz2JRxRi_9mnFyoIocJuj1BL5OnEtjjM-9atGyfU/s1600/6vpe.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVUkTpAAALhqWiIAUF4qMnMyL7izQkUMn87ZKC6PG9G9VmSn83JLg_6UESl4n_K3DzPsdzWm_tHjzS4UPbhYH2C10yEu0LNnKZQtKhz2JRxRi_9mnFyoIocJuj1BL5OnEtjjM-9atGyfU/s1600/6vpe.jpg" height="280" width="640" /></a></div>
<a name='more'></a><span style="font-family: Verdana, sans-serif;"></span><br />
<br />
<span style="font-family: Verdana, sans-serif;">We have used IPv6 ranges 2001:AA12::/64 between R1-R2 and 2001:BB56::/64 between R5-R6.</span><br />
<br />
<span style="font-family: Verdana, sans-serif;">The loopbacks have been configured with 2001:1111::1/64 and 2001:6666::6/64 on R1 and R6 respectively.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Our aim to establish connectivity between these loopbacks over the backbone which is configured with IPv4 and runs OSPF+MPLS.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Ok so let's start the configuration</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">1. First, we will enable the IPv6 routing on CEs and configure the required interfaces with IPv6 addresses.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSPwseEO8btJ5mNARyZlbJ2iDJmOEvDc_PRQQqOkopyLjojWNH78u3RDFIM0e3Y4iS9W_O_edJWc3O21WPOVJ8qQkaFuNrS3UoMBFm8kntSXSGUxrgst2WWpXWlgeMX5RcI-A-26kMzoI/s1600/1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSPwseEO8btJ5mNARyZlbJ2iDJmOEvDc_PRQQqOkopyLjojWNH78u3RDFIM0e3Y4iS9W_O_edJWc3O21WPOVJ8qQkaFuNrS3UoMBFm8kntSXSGUxrgst2WWpXWlgeMX5RcI-A-26kMzoI/s1600/1.PNG" height="110" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCMHRp2AO5MLuxwVLeMXN_xanEY27rYUNYU2b-qW0hvri3myvkOJE0uHTTyXXjcds2JhJReNb76xI66939qxxQBHPpGycN9_yOaypiD9jIIFcaFd0H1Dv6cJDZgjwN3daHlDz2jlm3m54/s1600/2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCMHRp2AO5MLuxwVLeMXN_xanEY27rYUNYU2b-qW0hvri3myvkOJE0uHTTyXXjcds2JhJReNb76xI66939qxxQBHPpGycN9_yOaypiD9jIIFcaFd0H1Dv6cJDZgjwN3daHlDz2jlm3m54/s1600/2.PNG" height="110" width="400" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">2. Now we will enable IPv6 on PEs and configured address-family IPv6 for VRF CUST1. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">To support IPv6 VRF, we will remove the existing "ip vrf CUST1" configuration and reconfigure VRF with "VRF definition" command.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTBF6EzV4BQRhN31uqWb-SETxQDiEZ8v5iVvCmA6Gcx29ZGfdN3fZGo26B1z-0LG_bpyZfZsWkQ9tPs4g9VY-eR0FcT6eqCZjFPNUMkRFt1sMYGZ59TuYdhnigB0PdhnjlzJsgNTgocSU/s1600/3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTBF6EzV4BQRhN31uqWb-SETxQDiEZ8v5iVvCmA6Gcx29ZGfdN3fZGo26B1z-0LG_bpyZfZsWkQ9tPs4g9VY-eR0FcT6eqCZjFPNUMkRFt1sMYGZ59TuYdhnigB0PdhnjlzJsgNTgocSU/s1600/3.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We have used RD as 100:1 and RT value for both import and export as 100:100. If we need to configure the IPv4 parameters for VRF CUST1, it can be done under "address-family ipv4".</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's apply the similar config on R5.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj13LJNebohR_NBSOeA2P7mrFk49-XNgPk-ljhBNfVkd5u5H5GrbNKtEpFFcK5pF2BiZdOaaa4c1CU7tJK6x_Af8WpzHMZLa14F_muNupkdft6uCIYnUVXXrOM-VCMJeAlzlfOahCuV584/s1600/4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj13LJNebohR_NBSOeA2P7mrFk49-XNgPk-ljhBNfVkd5u5H5GrbNKtEpFFcK5pF2BiZdOaaa4c1CU7tJK6x_Af8WpzHMZLa14F_muNupkdft6uCIYnUVXXrOM-VCMJeAlzlfOahCuV584/s1600/4.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;">Now we will configure the CPE facing interfaces with IPv6 addresses and make sure the basic reachability is there.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVz7rExwOq-FtJJdrdmncaiylls88tV86Yn7FfMgRp0XCEPli3OePRO-Zca096GTAAWL496R2lvhckijSUN0k9XXAVo5blaGAb4XQdwNMQN-U8ladidBsOZSc4SHSxbCrKjFKNdpp0SHA/s1600/5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhVz7rExwOq-FtJJdrdmncaiylls88tV86Yn7FfMgRp0XCEPli3OePRO-Zca096GTAAWL496R2lvhckijSUN0k9XXAVo5blaGAb4XQdwNMQN-U8ladidBsOZSc4SHSxbCrKjFKNdpp0SHA/s1600/5.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSvMj6cw6U6jZP3n6hMNp9awBf28UXQCKb2QSWIf4C7k6RWycJi_o-rtXzSo74yxmdm6B2cAeSMaegFlrct7JQUUuRz1AdGsVzPAXRr5OPKiv9AD9wpro76ctBkS5ILxeTlQ4MnRzja9w/s1600/6.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhSvMj6cw6U6jZP3n6hMNp9awBf28UXQCKb2QSWIf4C7k6RWycJi_o-rtXzSo74yxmdm6B2cAeSMaegFlrct7JQUUuRz1AdGsVzPAXRr5OPKiv9AD9wpro76ctBkS5ILxeTlQ4MnRzja9w/s1600/6.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">3. The next step is to establish BGP neighbourship between PE and CE and advertise loopback IP from the CEs.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">On the CEs </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7eI8DF6cGjSxg_ZBacKJ9ztwZj6o6aAQMd7l0spU0L-0Jks8phmaWsjV5m0ofAfGhcS5VbFroAJodC5hFP-IXCWRwobLEDbIM29VPDDUCwSTk9s9VuZdk6MLw8HJv8nAfbpWAXhv30w4/s1600/7.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7eI8DF6cGjSxg_ZBacKJ9ztwZj6o6aAQMd7l0spU0L-0Jks8phmaWsjV5m0ofAfGhcS5VbFroAJodC5hFP-IXCWRwobLEDbIM29VPDDUCwSTk9s9VuZdk6MLw8HJv8nAfbpWAXhv30w4/s1600/7.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRpcrD5UyJsaPpcSSHCGbRpiIYSBw10WWPQHzd5TCNTekCEe4Oux_Mxcf0_r0EsYWkazKJ9CRBQ1wYXGgAisEEVs8X1KEbfkjKba86vtuK0uOQTSk0DDGt_NqwuEks_h1NnAEiHyc45Mo/s1600/8.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRpcrD5UyJsaPpcSSHCGbRpiIYSBw10WWPQHzd5TCNTekCEe4Oux_Mxcf0_r0EsYWkazKJ9CRBQ1wYXGgAisEEVs8X1KEbfkjKba86vtuK0uOQTSk0DDGt_NqwuEks_h1NnAEiHyc45Mo/s1600/8.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">On the PEs</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisLMFxUeozbp0upKzWJ1D_iHdJkFecPEnt_xABe-HXblhUCmYLlCLQ6wWUnQrhQMNhaL0hyphenhyphenM9xzA4ZedqZry_1twqA1xKll0DphlzYTeZiVLkGMQnsQVJnnqGd3Q8Y5OYma64hQWRJapo/s1600/9.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisLMFxUeozbp0upKzWJ1D_iHdJkFecPEnt_xABe-HXblhUCmYLlCLQ6wWUnQrhQMNhaL0hyphenhyphenM9xzA4ZedqZry_1twqA1xKll0DphlzYTeZiVLkGMQnsQVJnnqGd3Q8Y5OYma64hQWRJapo/s1600/9.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjr2lzDPsitySCl20Z8bdYps5fpYRNgdDVA6_UJvDNg05T0cfZAW13sBbcCrrkNSIAAAcHYaRHWfg8Es2-fCmQzf0Kdp1QaPo2OPk_Osa4mDVSMBaqF049WZG1yQMtct6dGryjjMhqOtWQ/s1600/10.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjr2lzDPsitySCl20Z8bdYps5fpYRNgdDVA6_UJvDNg05T0cfZAW13sBbcCrrkNSIAAAcHYaRHWfg8Es2-fCmQzf0Kdp1QaPo2OPk_Osa4mDVSMBaqF049WZG1yQMtct6dGryjjMhqOtWQ/s1600/10.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The PEs have now started receiving the loopback prefix in their BGP table.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfo99VgsNgpov6JO9aUi2fZTVWzKe86q3l17OwQspfcKyXFu50Ibx3-aC0WmYnC1faLbI1BxtznaBSwuQRZT4dEJGTL3QvDlW2dhpjni3cqaUDP0rakSNHj8AHr5dBgu14zL18xWRcGQQ/s1600/11.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgfo99VgsNgpov6JO9aUi2fZTVWzKe86q3l17OwQspfcKyXFu50Ibx3-aC0WmYnC1faLbI1BxtznaBSwuQRZT4dEJGTL3QvDlW2dhpjni3cqaUDP0rakSNHj8AHr5dBgu14zL18xWRcGQQ/s1600/11.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAXqVJ9QCKDjVUhiLDJW5yFfAi6kGaApHa8n7gW8RnjJEuqzhXq8xAQVOQ6T40PWwZUYuCYIJUmYr2hxRLeJ_5g732JTzH2lWZgEX1mgzxczOpHkhwxDPH3iW2g9cYgQaviWYP0IRq5zw/s1600/12.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAXqVJ9QCKDjVUhiLDJW5yFfAi6kGaApHa8n7gW8RnjJEuqzhXq8xAQVOQ6T40PWwZUYuCYIJUmYr2hxRLeJ_5g732JTzH2lWZgEX1mgzxczOpHkhwxDPH3iW2g9cYgQaviWYP0IRq5zw/s1600/12.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">However the PEs do not pass these prefix update to each other. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">4. We will have to activate a VPNv6 neighbourship between PEs using the existing local IPv4 loopback addresses.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">So the configuration will be</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqvFSM-b-GfPBK_TpVa2O_VScF1RumtTTQf5gWzfDD6ExcyuHS7_k9tlgg64Vyb3jlQ1iCnVcQuL7Fc7x7a-mjSChriuNS7po2cDVQ8OiER9fPh4BbK_etOqtKhdW6yKQU9HeqUhEGI4M/s1600/13.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqvFSM-b-GfPBK_TpVa2O_VScF1RumtTTQf5gWzfDD6ExcyuHS7_k9tlgg64Vyb3jlQ1iCnVcQuL7Fc7x7a-mjSChriuNS7po2cDVQ8OiER9fPh4BbK_etOqtKhdW6yKQU9HeqUhEGI4M/s1600/13.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiv0Y8cyv6F5Uy5vGoz_BXahenx9vxVYNptgqaMdEjnJCCMwI70zLGrbl6q9GVFp6Oi_Gia5BE9JaEmNC7A21HEO8kyvUY6JgdauKNoUXfVKkmrLNJXDIGzRorJRvKwT0b7fnWKgtSaNlE/s1600/14.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiv0Y8cyv6F5Uy5vGoz_BXahenx9vxVYNptgqaMdEjnJCCMwI70zLGrbl6q9GVFp6Oi_Gia5BE9JaEmNC7A21HEO8kyvUY6JgdauKNoUXfVKkmrLNJXDIGzRorJRvKwT0b7fnWKgtSaNlE/s1600/14.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We can see that both the PEs now receive the loopback prefixes from each other.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfmgX1d9sZKGO9TvB3qkRWfi7ksWQXK9I9V9Hdlmk8epR419f7YICnlwXkeHEqtIQCHz5oQCSo5h5te0EsJ93TxsXqZsHiO7BI3Qph6WANHea7gt5jENwWqFiK1SuG7xNSWCNdUIGc6YM/s1600/15.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjfmgX1d9sZKGO9TvB3qkRWfi7ksWQXK9I9V9Hdlmk8epR419f7YICnlwXkeHEqtIQCHz5oQCSo5h5te0EsJ93TxsXqZsHiO7BI3Qph6WANHea7gt5jENwWqFiK1SuG7xNSWCNdUIGc6YM/s1600/15.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Notice the next hop ::FFFF:5.5.5.5! The loopback IP 5.5.5.5 got converted into the IPv6 format.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZiEaS4nnLi_rFDa7Sby69naZhfpSs-Q7Cvly7czzHoeA7arQVJBIf7BuIdUGU0SFx4UIRjGH9Eetwcb4CFNCYbYRIbiIpLjbqekSfiFDxWI7rVi5uO6DquTs00Iqcp4W5tsNvrHrfdGQ/s1600/16.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZiEaS4nnLi_rFDa7Sby69naZhfpSs-Q7Cvly7czzHoeA7arQVJBIf7BuIdUGU0SFx4UIRjGH9Eetwcb4CFNCYbYRIbiIpLjbqekSfiFDxWI7rVi5uO6DquTs00Iqcp4W5tsNvrHrfdGQ/s1600/16.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Looking at R1's IPv6 routing table, we can see that it receives the loopback prefix of R6.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHnjJNbFIazlBOWBmR5aYNL6zl8pDVKHx2B2M_uejGbKMqJqLz6zYKzDcoBYfYY6boxE6drq-cPR0c55yWybxrNlbgofJ1PTBaeZ1fZIaY_XnPn-VZ-UhdRkwPLaYB_uwi5VMaVfsCYvk/s1600/18.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHnjJNbFIazlBOWBmR5aYNL6zl8pDVKHx2B2M_uejGbKMqJqLz6zYKzDcoBYfYY6boxE6drq-cPR0c55yWybxrNlbgofJ1PTBaeZ1fZIaY_XnPn-VZ-UhdRkwPLaYB_uwi5VMaVfsCYvk/s1600/18.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"> The ping test confirms that the connectivity has been established between R1 and R6's loopback IPs.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjg55cbDwCwMBHlBipDk642sshHWFeboNDKdMsQa3BpAqGc5optDixQ3mAoqj-fuupB7L2SWJEKMCPSBynAuaIqGpFJNXb_qBZhFichWDYAKEj3KCsT0nKaquWsrpxX0QNh0632AvZYyn8/s1600/19.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjg55cbDwCwMBHlBipDk642sshHWFeboNDKdMsQa3BpAqGc5optDixQ3mAoqj-fuupB7L2SWJEKMCPSBynAuaIqGpFJNXb_qBZhFichWDYAKEj3KCsT0nKaquWsrpxX0QNh0632AvZYyn8/s1600/19.PNG" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">6VPE is defined in RFC 4659. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">There is another technology called "6PE". The difference between "6PE" and "6VPE" is that</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">In the 6VPE, Customer's IPv6 routes are in specific VRF and exchanged through VPNv6 BGP address family. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">In the 6PE, Customer's IPv6 routes are in global routing table and they are carried over using IPv6+label BGP address family. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">More information on this can be found from </span><span style="font-family: Verdana, sans-serif;"><a href="http://www.cisco.com/c/en/us/td/docs/net_mgmt/ip_solution_center/6-0/mpls_vpn/user/guide/mpls60book/ipv6.html">http://www.cisco.com/c/en/us/td/docs/net_mgmt/ip_solution_center/6-0/mpls_vpn/user/guide/mpls60book/ipv6.html</a></span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span>
</div>
Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com0tag:blogger.com,1999:blog-3934012154598313421.post-32973283186496257582015-03-18T12:50:00.002+00:002015-03-18T12:50:32.660+00:00Layer 3 MPLS VPN<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: Verdana, sans-serif;">In this post we will look at the steps of configuring Layer 3 MPLS VPN on Cisco routers.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">As shown in the diagram, R1 and R6 are CE routers. R2 and R5 are PEs while R3 and R4 are P routers.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTPtDxBegTjhmuHL_Z332Ko8B0p1xeecQ0RZyNOG6nP9uMC3NsR-ZdEPFTI7f9cHKOTgeFPmI4pTZDfyJDZaePgvr5I8zcJNuHt8CByh8GP2XuzFFVRW3uZU9n0EhQefHKNoazZQM6TjM/s1600/mpls+vpn.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTPtDxBegTjhmuHL_Z332Ko8B0p1xeecQ0RZyNOG6nP9uMC3NsR-ZdEPFTI7f9cHKOTgeFPmI4pTZDfyJDZaePgvr5I8zcJNuHt8CByh8GP2XuzFFVRW3uZU9n0EhQefHKNoazZQM6TjM/s1600/mpls+vpn.jpg" height="211" width="400" /></a></div>
<a name='more'></a><br />
<span style="font-family: Verdana, sans-serif;">Let's go through the steps to configure this topology</span><br />
<span style="font-family: Verdana, sans-serif;"> </span><span style="font-family: Verdana, sans-serif;">1) Run IGP between the ISP routers (R2,R3,R4 and R5), advertise loopbacks of the PEs in IGP and enable MPLS.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEignXhTq4LZqGrMk7_E9Lm-5AgqFV-_emRiFUWZDxp5iJ9XmPbyJLcmzJvvuk8ywTlOXz0dLYHpY7Z3GqqwcdjteLub-g4D9160plDnw70hsNX5Y4VZ-nYy-9dHchOiwzyAeXiCflZCCFE/s1600/1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEignXhTq4LZqGrMk7_E9Lm-5AgqFV-_emRiFUWZDxp5iJ9XmPbyJLcmzJvvuk8ywTlOXz0dLYHpY7Z3GqqwcdjteLub-g4D9160plDnw70hsNX5Y4VZ-nYy-9dHchOiwzyAeXiCflZCCFE/s1600/1.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiI-d4jlZSjjrAkk_kAMqH8MNPgko69AhditPQdOLPlQ2tRll2726Z7GcnDpjsM7_mGpjYbijCOVXU71SDQ0drqZ9wkhA132iJAqH7wpEVOn5zaZX46ehQA34DiAroA3MenUaJsAspCRLc/s1600/2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiI-d4jlZSjjrAkk_kAMqH8MNPgko69AhditPQdOLPlQ2tRll2726Z7GcnDpjsM7_mGpjYbijCOVXU71SDQ0drqZ9wkhA132iJAqH7wpEVOn5zaZX46ehQA34DiAroA3MenUaJsAspCRLc/s1600/2.PNG" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUrL-LOE12G1Kc87qyjlhe9qsyPrJR2-cSicYQD9nkXcqeHa8D37oyGMJ8Nzw8Wx6IjytxvrC62uyyvjDeWSfdMrFAOceFNhnJQwlOtH8iNXtjJRHxG8hAprLCwuZZvUjnKUhsLsEeQGs/s1600/3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUrL-LOE12G1Kc87qyjlhe9qsyPrJR2-cSicYQD9nkXcqeHa8D37oyGMJ8Nzw8Wx6IjytxvrC62uyyvjDeWSfdMrFAOceFNhnJQwlOtH8iNXtjJRHxG8hAprLCwuZZvUjnKUhsLsEeQGs/s1600/3.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZfuOZ6V0tS4SnwoGoneYJnf_aJaRXpdqtREENMNhsuH1XMm65n3zirqETbWEzXXsWM68xvX9E3uwRJaI_KDLjiNH1_J-5LscrHTcIV2nPMZZjFX5BKe5aAXHJ4ryH2WiLVUDCl3DdCKQ/s1600/4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZfuOZ6V0tS4SnwoGoneYJnf_aJaRXpdqtREENMNhsuH1XMm65n3zirqETbWEzXXsWM68xvX9E3uwRJaI_KDLjiNH1_J-5LscrHTcIV2nPMZZjFX5BKe5aAXHJ4ryH2WiLVUDCl3DdCKQ/s1600/4.PNG" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8ikDRkP6xfKG7lWo-2pXsQCZndtM09BVXjOL7fwxZeKzgxAtIrNFaiSc-3VmNbUrBuySFEepKvQ4E8UuLY0BT4eSeeuFhpFw_oSqdIM_5D1jvGPX-UZq9kaV_Bzkq8o20lpCny46SATs/s1600/5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8ikDRkP6xfKG7lWo-2pXsQCZndtM09BVXjOL7fwxZeKzgxAtIrNFaiSc-3VmNbUrBuySFEepKvQ4E8UuLY0BT4eSeeuFhpFw_oSqdIM_5D1jvGPX-UZq9kaV_Bzkq8o20lpCny46SATs/s1600/5.PNG" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">We have configured OSPF on all the ISP routers and enabled MPLS by using the "mpls ldp autoconfig". We can ping to 5.5.5.5 (R5) from 2.2.2.2(R2). </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEim1IULHjeZ3bWiC4pGVoIf-k0jLk8WWBdfsqn6NjFB-et8S7iJEds6pUaxT65jMqfXSxpkHKypcGkz_G7tbygow7EG3AsEUT2wsi2Rz5J7FXPdTNbktDwzXA2EfH_HUPyrRKBdnyIb3bw/s1600/5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEim1IULHjeZ3bWiC4pGVoIf-k0jLk8WWBdfsqn6NjFB-et8S7iJEds6pUaxT65jMqfXSxpkHKypcGkz_G7tbygow7EG3AsEUT2wsi2Rz5J7FXPdTNbktDwzXA2EfH_HUPyrRKBdnyIb3bw/s1600/5.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The traceroute confirm that MPLS is enabled on all the ISP routers. I have configured "mpls label range x01 - x99" command on all the CPEs where x is the router number. e.g. R3 will use label number from 301 to 399.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">2) Establish IBGP neighbourship between PE loopbacks</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We will now establish an IBGP neighbourship between R2's Loopback and R5's Loopback</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXVsANnokX9zHQ2c0js8Br5UGvqPkTywjwTxmBrbz3dBftWBKprlD-FO9bnbJiqCRUEtPulKG_kA5HrMJLnLq6JG29U71MfT-lO1GGV_bFr9TfBdc5l2xoP0yoUYOYkDdI0ua3yxe5wcM/s1600/7.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjXVsANnokX9zHQ2c0js8Br5UGvqPkTywjwTxmBrbz3dBftWBKprlD-FO9bnbJiqCRUEtPulKG_kA5HrMJLnLq6JG29U71MfT-lO1GGV_bFr9TfBdc5l2xoP0yoUYOYkDdI0ua3yxe5wcM/s1600/7.PNG" height="78" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjd6QEzAFP8G04jDwFNqonAt6v2U0BPD8PHtj128QoPUI6ICL-LYJ_VgxsIjcXFMusAL0vzNdIovVUo6auncjG4tU4wqrUx74j9SdgUxoKl7Sa0tU5MiDqEqCXZLucXk89ioB6zYBIh-fA/s1600/8.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjd6QEzAFP8G04jDwFNqonAt6v2U0BPD8PHtj128QoPUI6ICL-LYJ_VgxsIjcXFMusAL0vzNdIovVUo6auncjG4tU4wqrUx74j9SdgUxoKl7Sa0tU5MiDqEqCXZLucXk89ioB6zYBIh-fA/s1600/8.PNG" height="75" width="320" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjW-96qNyMUH6FUEH7I3FQVlgMfJXKLyu5NPv5Spk7syuGSjO0NAeN1WnpCn3GYKogINCT2FCcAI2PpvbPuqLYRdDt-n2lCq7BjTDDqLr7vl7sfQV7LGJCyxVkAtfwgSFxrXFyXkgZuzv4/s1600/9.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjW-96qNyMUH6FUEH7I3FQVlgMfJXKLyu5NPv5Spk7syuGSjO0NAeN1WnpCn3GYKogINCT2FCcAI2PpvbPuqLYRdDt-n2lCq7BjTDDqLr7vl7sfQV7LGJCyxVkAtfwgSFxrXFyXkgZuzv4/s1600/9.PNG" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">3) </span><span style="font-family: Verdana, sans-serif;">Configure VRF "CUST1" on the PEs and assign the interface towards CPE in this VRF</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's configure the VRF on the PEs and assign the interfaces towards R1 and R6 in the VRF.</span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivi7b_FhROBFWZ3rfxLM15zLas79r8P6gJCzLFyYlCXaDz6pDNzSd-FIr6h9uJPvfTiiqqVIVKSE8rF7mkjd5Q5kiy-Zy0dEpqzDJ2uNPRn1SHPhyphenhyphenvZQOlOWukgu-BptjvbfyTNosoVDg/s1600/11.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivi7b_FhROBFWZ3rfxLM15zLas79r8P6gJCzLFyYlCXaDz6pDNzSd-FIr6h9uJPvfTiiqqVIVKSE8rF7mkjd5Q5kiy-Zy0dEpqzDJ2uNPRn1SHPhyphenhyphenvZQOlOWukgu-BptjvbfyTNosoVDg/s1600/11.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpaXsxURpfLvpC8KnUzlIIcAUfvYr7hDOZS9aHa_VxPMAIWt7ICS4aVQw2sFkONEcT6wo35DMY3BUr_hiC9Wv1nhUIKARj6Fs2ZaYvjImc8PTLYtgAA2bi45Eig5SMONPet2FqqN4nR_I/s1600/12.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpaXsxURpfLvpC8KnUzlIIcAUfvYr7hDOZS9aHa_VxPMAIWt7ICS4aVQw2sFkONEcT6wo35DMY3BUr_hiC9Wv1nhUIKARj6Fs2ZaYvjImc8PTLYtgAA2bi45Eig5SMONPet2FqqN4nR_I/s1600/12.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFbQ755WxBY-1ELQisOfBWugb81IMYMrjT5bD6Psh3Hk4FSidikVKKgdsyY74msi71NBNgOMwI6M9FzSjosk4tpPG7k9Vw0kExG8Xfo9aPFvTGqMkfYiZYSs3w6Otxxns03-Qmgn9R2eE/s1600/13.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFbQ755WxBY-1ELQisOfBWugb81IMYMrjT5bD6Psh3Hk4FSidikVKKgdsyY74msi71NBNgOMwI6M9FzSjosk4tpPG7k9Vw0kExG8Xfo9aPFvTGqMkfYiZYSs3w6Otxxns03-Qmgn9R2eE/s1600/13.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgf1_x1nufWMwJ8CWGj3pxj7psBY1ebgVnbfMQ6MTRLnKdkS0ta54oOI45-te2Z05_1_TIJHuOP8B-yx13oucyilXJ5mHkazzIW6LSUwstRoTQnVhoDIf-hB8B1oJ8BZqF9Y9icRqIWbr8/s1600/14.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgf1_x1nufWMwJ8CWGj3pxj7psBY1ebgVnbfMQ6MTRLnKdkS0ta54oOI45-te2Z05_1_TIJHuOP8B-yx13oucyilXJ5mHkazzIW6LSUwstRoTQnVhoDIf-hB8B1oJ8BZqF9Y9icRqIWbr8/s1600/14.PNG" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">4) </span><span style="font-family: Verdana, sans-serif;">Activate VPNv4 neighbourship between PEs</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheYSMl1g6aQXNqYdHoTFgncls3jZNyU2GqIy32Aq-o1qM9cd7xYPTcIDxe8z_WyDHeQB5UN2QSB_TytzlXcF_OQCdMdXe-th-1aHJD6n9birvhqA9AkdmtaaF_KaaPEuy8DGVftjj6Uns/s1600/15.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheYSMl1g6aQXNqYdHoTFgncls3jZNyU2GqIy32Aq-o1qM9cd7xYPTcIDxe8z_WyDHeQB5UN2QSB_TytzlXcF_OQCdMdXe-th-1aHJD6n9birvhqA9AkdmtaaF_KaaPEuy8DGVftjj6Uns/s1600/15.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihjgMZmSkLnJ69Cl1qhwWc-n5RQ93in2xdtLoCM8ojEwsy5Viv4AOcGT8vzozOG-lihoNNgWfBVWRcD1Uc71R6_g4HFlBHQc8mDZg8v1vSQ9nn2cHvG9k4QVaUzd2Cm1y6Tf0cY4VKWFo/s1600/16.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihjgMZmSkLnJ69Cl1qhwWc-n5RQ93in2xdtLoCM8ojEwsy5Viv4AOcGT8vzozOG-lihoNNgWfBVWRcD1Uc71R6_g4HFlBHQc8mDZg8v1vSQ9nn2cHvG9k4QVaUzd2Cm1y6Tf0cY4VKWFo/s1600/16.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">5) Establish EBGP neigborship between PEs and CEs</span><br />
<span style="font-family: Verdana, sans-serif;">On R2 and R5 we have to configure BGP under the address-family.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggijYEyAV61isKKijNNklY5zPL8MBPovhhTQTJ7UPSGnx41ctNf2dxxTsSkT9eULE2IEoU9-LE4OK6vwjcHcr0lOhzd48xO_dY7nxdyjnWvTGhpf1hX80ISZxOLRTaYOk7v4enjSpYci4/s1600/17.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggijYEyAV61isKKijNNklY5zPL8MBPovhhTQTJ7UPSGnx41ctNf2dxxTsSkT9eULE2IEoU9-LE4OK6vwjcHcr0lOhzd48xO_dY7nxdyjnWvTGhpf1hX80ISZxOLRTaYOk7v4enjSpYci4/s1600/17.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrrqa5gfn_DpGgGHiMtYXb9GAOpy90iyZkJN-af4OYtFP9V3jpEsxJ2i2MAyObUxrhrpUnz2bW7zTirTJl5IC4d-C1o4kk3uAWW1m4VcyXlproJWOVdLlttbCmlwCNRy-Qt5NbpQtvKM4/s1600/18.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrrqa5gfn_DpGgGHiMtYXb9GAOpy90iyZkJN-af4OYtFP9V3jpEsxJ2i2MAyObUxrhrpUnz2bW7zTirTJl5IC4d-C1o4kk3uAWW1m4VcyXlproJWOVdLlttbCmlwCNRy-Qt5NbpQtvKM4/s1600/18.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">However on R1 and R6 the commands will go under the normal BGP process as there is no VRF configured on them. We will use AS 10 on R1 and AS 20 on R2.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7ECq68eqRVzeYICGnQaJ8kpGrjjXgRhi9bC4h1M8nwU2he-P9I8c29sSHjjZ_6tvnK823yCrOsfGEfeZj6Gqg5_PdiMIJuu-vC-nhgwzKKC4-sgrAoyvEQiW6Hjd74rnYRA3BLobTfE4/s1600/19.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7ECq68eqRVzeYICGnQaJ8kpGrjjXgRhi9bC4h1M8nwU2he-P9I8c29sSHjjZ_6tvnK823yCrOsfGEfeZj6Gqg5_PdiMIJuu-vC-nhgwzKKC4-sgrAoyvEQiW6Hjd74rnYRA3BLobTfE4/s1600/19.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO8QdH1QVJqr7hQoWIc-ZS7pEid6sWDcPYozieCf67tXHzBUSbdQwC6m5zYRU-scNoJpaqbrR7QRziFNIilIUhFJ0rDzapH7FOPchMUc-b0qXrkYpE3-PTTIsGodHXP70xwZUZbWVFWZM/s1600/20.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO8QdH1QVJqr7hQoWIc-ZS7pEid6sWDcPYozieCf67tXHzBUSbdQwC6m5zYRU-scNoJpaqbrR7QRziFNIilIUhFJ0rDzapH7FOPchMUc-b0qXrkYpE3-PTTIsGodHXP70xwZUZbWVFWZM/s1600/20.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We can see the BGP neighbours are up on both the routers.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVnaNRALKRygpCvdescuiS0FicODFo3bqGLxVHHrqKzZa-1qzRLc2cO0sLPQZvEVije3Dg7aWJsJ4LWRkQ4eRXOeeDOMONDRiaZs7ja9XwLKyvyBcMkCxjWjtf5bRkML7W8uEanPVrptA/s1600/21.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVnaNRALKRygpCvdescuiS0FicODFo3bqGLxVHHrqKzZa-1qzRLc2cO0sLPQZvEVije3Dg7aWJsJ4LWRkQ4eRXOeeDOMONDRiaZs7ja9XwLKyvyBcMkCxjWjtf5bRkML7W8uEanPVrptA/s1600/21.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGuqrMewMzVnNz_xLLyxdOrilV-D-YRenXUtU0oACrk_dr8KWnOu5DJe4F55YJB0dpFegpTUhhxZXI8876J6VokR3mxgZoH8HBCzp4oRDWkO5YCOnxBtZIQ-lrVVk9Y8JA67Fv6r4ItzM/s1600/22.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGuqrMewMzVnNz_xLLyxdOrilV-D-YRenXUtU0oACrk_dr8KWnOu5DJe4F55YJB0dpFegpTUhhxZXI8876J6VokR3mxgZoH8HBCzp4oRDWkO5YCOnxBtZIQ-lrVVk9Y8JA67Fv6r4ItzM/s1600/22.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">6) Advertise LAN subnets into the BGP from the CEs</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Now let's advertise the loopbacks 1.1.1.1/24 and 6.6.6.6/24 in BGP from R1 and R6 respectively.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQi_XjcTP6v6sPllnDCpN4bgqAZ8ucF2nwsOy6Zp2cKXmaSi6hd5ppl95ppXS1MeSNQ9pKxnpjn7uZhN0kEsMeiDYwHhT0rj_8P3USCJji04O31YJX3KQC7O2J2o5d0S8TJEanCN8Kyu0/s1600/23.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQi_XjcTP6v6sPllnDCpN4bgqAZ8ucF2nwsOy6Zp2cKXmaSi6hd5ppl95ppXS1MeSNQ9pKxnpjn7uZhN0kEsMeiDYwHhT0rj_8P3USCJji04O31YJX3KQC7O2J2o5d0S8TJEanCN8Kyu0/s1600/23.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZi0UEGfEJLYyaV60gRGns6kZ97McleSOajNYxtTdNyUobFoDc5QRzdvHmut6zosooZrdcqVna1vMywvbjlh9U1qWg1UXrlO-qoA2HmIv_HqmfDWuxCEpowvWnGpBRCW_UIp6VmYKwtAw/s1600/24.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZi0UEGfEJLYyaV60gRGns6kZ97McleSOajNYxtTdNyUobFoDc5QRzdvHmut6zosooZrdcqVna1vMywvbjlh9U1qWg1UXrlO-qoA2HmIv_HqmfDWuxCEpowvWnGpBRCW_UIp6VmYKwtAw/s1600/24.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Ok, now let's check the routing table on R1</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGWUrP-Bq29mtRwMRoicyfLQoaijnZVfiIfY2wMnZm-A3REanzxxV1zCkCLTX3UP_zwNmmYWlzc-vA3k5xMAkmZ70tA3NpG0SEszLZqyJvcYpBX4VFeqmeRCtBwfLZCh9xivYdxzmAUms/s1600/25.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGWUrP-Bq29mtRwMRoicyfLQoaijnZVfiIfY2wMnZm-A3REanzxxV1zCkCLTX3UP_zwNmmYWlzc-vA3k5xMAkmZ70tA3NpG0SEszLZqyJvcYpBX4VFeqmeRCtBwfLZCh9xivYdxzmAUms/s1600/25.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We can see that R1 has started receiving the prefix 6.6.6.0/24 through BGP which means the control plane is ok.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's check the connectivity</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1BJ_cBegoUHzAMlErxJwHDjzWRsUeAuT3JvQThVF5I-zufYokllQeN0qYXjrUZhKFolDDHgzolRe7zVyzzH7FPK2g2IR0K5bN0sNA1cDWnXlXwAHRP0InbKTqBDiqUVyF__k6IshcH-s/s1600/26.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1BJ_cBegoUHzAMlErxJwHDjzWRsUeAuT3JvQThVF5I-zufYokllQeN0qYXjrUZhKFolDDHgzolRe7zVyzzH7FPK2g2IR0K5bN0sNA1cDWnXlXwAHRP0InbKTqBDiqUVyF__k6IshcH-s/s1600/26.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">This proves that the data plane is also working fine.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The traceroute from R1 shows the MPLS labels used by ISP routers to forward the traffic.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5JGmwUNHC8-iaY2n5Vy_vIo18-4hEZOHVgYRMqa_mPqSh7aKdN6JM-D9VtbbFEoyc2SYy1wUGOWEfoXOhPqCHWBYpfoVa7FUoBtY2XUzMSLin5V56sLWJkJoUmjLj_66h2mQPlk4zL4U/s1600/27.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5JGmwUNHC8-iaY2n5Vy_vIo18-4hEZOHVgYRMqa_mPqSh7aKdN6JM-D9VtbbFEoyc2SYy1wUGOWEfoXOhPqCHWBYpfoVa7FUoBtY2XUzMSLin5V56sLWJkJoUmjLj_66h2mQPlk4zL4U/s1600/27.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">This shows that R5 has informed R2 to use the VPN label 504 for the traffic destined to 10:1:6.6.6.0/24. (10:1 is the RD configured in VRF CUST1).</span><span style="font-family: Verdana, sans-serif;"> We can verify that from the below output</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvukUEymw5ZkcJyYVxfFlgiTBp6qbpYz5drPxUT31FgGYEDIp9eQcHLwzIa9ehEY0ifXbccEORGahjD6p70j6FWaDJgb3N0esO8sacDK1n5jq0WswVAnbrcbQxC6iB2w0MMG_pGWn5IhA/s1600/28.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvukUEymw5ZkcJyYVxfFlgiTBp6qbpYz5drPxUT31FgGYEDIp9eQcHLwzIa9ehEY0ifXbccEORGahjD6p70j6FWaDJgb3N0esO8sacDK1n5jq0WswVAnbrcbQxC6iB2w0MMG_pGWn5IhA/s1600/28.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3BhP9zLuJfRkMnO0Nxn94EvqVYfbi5eg97fCQbuXK-b6t2iF3JCWgvvJpYvtEMlyS3S9Ww9WWnI6t_BQzDexglkxjYqSiyiisxNwLrWAs_SAwR4UeyvAJo4t8bz2XckoEpKyrgUYOKwA/s1600/29.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3BhP9zLuJfRkMnO0Nxn94EvqVYfbi5eg97fCQbuXK-b6t2iF3JCWgvvJpYvtEMlyS3S9Ww9WWnI6t_BQzDexglkxjYqSiyiisxNwLrWAs_SAwR4UeyvAJo4t8bz2XckoEpKyrgUYOKwA/s1600/29.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">On R2 we can notice that the next-hop of the route 6.6.6.0/24 is seen as 5.5.5.5 which is the loopback ip on R5.</span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCjH3ICtZ86KyihfkmOkExzkDzdnaiBzZAoXsXLjk9NMRBpYX33CqAU6xTECTvG3EgC1oDIsIjkjJuhuRt02Wl9aPpGSiPx_m9vBfkhCuYqG1E_39yNYXUysMbWlux__UqmLeSOzGAIAg/s1600/30.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCjH3ICtZ86KyihfkmOkExzkDzdnaiBzZAoXsXLjk9NMRBpYX33CqAU6xTECTvG3EgC1oDIsIjkjJuhuRt02Wl9aPpGSiPx_m9vBfkhCuYqG1E_39yNYXUysMbWlux__UqmLeSOzGAIAg/s1600/30.PNG" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">The labels 303 and 402 are used as transport label by R2 and R3 respectively to reach 5.5.5.5. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTzPs0q_IJD_zHP1BhQ-0Do80zU5APjWA3_Gbk4bvNN5uMGMzMZJUMTBvs-7KHuSTWJmyXIgj7Rn2dK_49a1hRToFnIHx-w5XyiYSJtFAQCJ2dHWdtW-JXbzsJkbTA6WR8oidVf4_TTyk/s1600/31.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhTzPs0q_IJD_zHP1BhQ-0Do80zU5APjWA3_Gbk4bvNN5uMGMzMZJUMTBvs-7KHuSTWJmyXIgj7Rn2dK_49a1hRToFnIHx-w5XyiYSJtFAQCJ2dHWdtW-JXbzsJkbTA6WR8oidVf4_TTyk/s1600/31.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhG_cr7JnbqcNxv5335Q6nxTzw-7VRzDTW-XK_lt6zBW_fTVlnxJxC7ntFa-FrAb5mojt7nni-A4JZmoWdH_Lxrdrm-x57sde-h530As_Ehaz2Viw03BxpENpHtDRpjq_ORIjmAEJf9W1k/s1600/32.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhG_cr7JnbqcNxv5335Q6nxTzw-7VRzDTW-XK_lt6zBW_fTVlnxJxC7ntFa-FrAb5mojt7nni-A4JZmoWdH_Lxrdrm-x57sde-h530As_Ehaz2Viw03BxpENpHtDRpjq_ORIjmAEJf9W1k/s1600/32.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">There is no transport label used by R4 as it pops the transport label (PHP).</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3SXXrZgbQAX9Sw4mih3iRs21KJLva-_iArfKZOZTOBNG_N9BryklPfPqZGhrbbJv9yVhdn2EHj4jdM_XW6tNKNpFB-neix8FZuRyFMPMx7J2nz0p-kZSAtSdhHVltxlgMtR1tL8nMsMQ/s1600/33.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3SXXrZgbQAX9Sw4mih3iRs21KJLva-_iArfKZOZTOBNG_N9BryklPfPqZGhrbbJv9yVhdn2EHj4jdM_XW6tNKNpFB-neix8FZuRyFMPMx7J2nz0p-kZSAtSdhHVltxlgMtR1tL8nMsMQ/s1600/33.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Similarly one can find the relevant VPN and transport labels for the prefix 1.1.1.1/32.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
</div>
Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com0tag:blogger.com,1999:blog-3934012154598313421.post-80168430436062100252015-02-25T16:50:00.003+00:002015-02-25T16:50:55.026+00:00DMVPN Phase 3<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: Verdana, sans-serif;">DMVPN Phase 2 and Phase 3 are identical however in Phase 3, there is no need for the command "no ip next-hop-sef eigrp 10". </span><br />
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">To implement Phase 3, we will have to configure one additional command "ip nhrp redirect" on the hub and one additional command on the spokes ""ip nhrp shortcut". </span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">The idea here is that when a spoke try to send packets to another spoke, the initial packet will be forwarded to the hub. Upon receiving the packet on mGRE interface, hub will reply back with an "NHRP Redirect" packet which will indicate that the spoke is not using an optimal path and it should look for alternate way by using NHRP reosolution.</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">The spoke will then sends an NHRP request directly to the destination spoke address (not the hub). The destination spoke will reply abck with the IP routing prefix. When the source spoke receives this reply, it will then know the NBMA IP address of the destination.</span><br />
<a name='more'></a></div>
<div>
<span style="font-family: Verdana, sans-serif;">In Phase 3, the hub will not be the only source of NHRP information. The spokes will also participate in this.</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<div>
<span style="font-family: Verdana, sans-serif;">Let's see this in action.</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">We will first remove the "</span><span style="font-family: Verdana, sans-serif;">no ip next-hop-sef eigrp 10" from R1(hub) and configure "ip nhrp redirect".</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_T79mGmAqFo_TEoFf2_mhqBJ8pRmOIBNoSROPH6hW0ATK4ecEsnTHrno2OO38nht1nyMYx_VeB_Dw1D6OPRZ99Ighh1g0hin7lfFqJGdcUnI6RcLff2oMsW41xi6zlBSdeTwb4yjIDhQ/s1600/40.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_T79mGmAqFo_TEoFf2_mhqBJ8pRmOIBNoSROPH6hW0ATK4ecEsnTHrno2OO38nht1nyMYx_VeB_Dw1D6OPRZ99Ighh1g0hin7lfFqJGdcUnI6RcLff2oMsW41xi6zlBSdeTwb4yjIDhQ/s1600/40.PNG" height="51" width="320" /></a></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div>
<span style="font-family: Verdana, sans-serif;">Now we will configure "ip nhrp shortcut" on R2 and R3.</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjz5tPWu7NONtrCTRSiox-0MEVphUpBUuBJSIg0hw6fh9qQlNmcOhqyMpvRrlULbdK3ncd5vw8aq0IhTmnb6rBvgv87k02uhwnNCzsUJkRptIxSPYiPyZDNGrOZpZtEjkS0o3w4uBxFM9E/s1600/41.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjz5tPWu7NONtrCTRSiox-0MEVphUpBUuBJSIg0hw6fh9qQlNmcOhqyMpvRrlULbdK3ncd5vw8aq0IhTmnb6rBvgv87k02uhwnNCzsUJkRptIxSPYiPyZDNGrOZpZtEjkS0o3w4uBxFM9E/s1600/41.PNG" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpZOzKe2X-tZhLEfFX-da1c_BgbYnfmcsRWHp8IbBfOA35xYiLtAer66NZXjASqay13yvFvxgwN3lTdBZcTurjyVHrH7Zmm8scKfQe2e92YpPS6Za0jBm77Yc3z19LLCBwK0Rq0bX3v7M/s1600/42.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjpZOzKe2X-tZhLEfFX-da1c_BgbYnfmcsRWHp8IbBfOA35xYiLtAer66NZXjASqay13yvFvxgwN3lTdBZcTurjyVHrH7Zmm8scKfQe2e92YpPS6Za0jBm77Yc3z19LLCBwK0Rq0bX3v7M/s1600/42.PNG" /></a></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">If we check the routing table of R2, we can see that it has learned R3's loopback with the next hop being R1's tunnel IP.</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWfpU6xk-STSjJKI7roeWDNknopKVOSNdb2IuyfdRx8tWmIGPK1B7alpScHYhGusuHA29WuSU-RMU4Bz2Ce2A4BzktoyVhlhvgGmWkjz3h_Kq5U4QYktILx8-OPmXyrYFw12fNKJhhj74/s1600/42.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWfpU6xk-STSjJKI7roeWDNknopKVOSNdb2IuyfdRx8tWmIGPK1B7alpScHYhGusuHA29WuSU-RMU4Bz2Ce2A4BzktoyVhlhvgGmWkjz3h_Kq5U4QYktILx8-OPmXyrYFw12fNKJhhj74/s1600/42.PNG" /></a></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">Let's try and ping R3's loopback with the source of R2's loopback.</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjaip_9SIkA5QfGttXcMOH-urb8K7xh0fojrj_8Z2y3jWaiPu2ulPran_-YnIVzhcvl_2pAJuLq0Z3MoDdEMqxJnazu3z7pwGS-8v-iRJZWnRP2hzwAzW1XF55evtRi5qK5EaTGMbW6LNQ/s1600/44.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjaip_9SIkA5QfGttXcMOH-urb8K7xh0fojrj_8Z2y3jWaiPu2ulPran_-YnIVzhcvl_2pAJuLq0Z3MoDdEMqxJnazu3z7pwGS-8v-iRJZWnRP2hzwAzW1XF55evtRi5qK5EaTGMbW6LNQ/s1600/44.PNG" /></a></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">The ping works. Let's check the traceroute </span><span style="font-family: Verdana, sans-serif;">now</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8x5JzBJecxsPueaavEFI28jzvfIZgSE0H7W58HIAM1CDXtvWY_E1HJBVSgwasUbucB9Fmxc-AMHhopvojrUwdpK2ppIoFZfktkXRbf1f6xZUiwTdERcqmdXQ1RiFRfVAeiDDgT2f8vt8/s1600/45.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh8x5JzBJecxsPueaavEFI28jzvfIZgSE0H7W58HIAM1CDXtvWY_E1HJBVSgwasUbucB9Fmxc-AMHhopvojrUwdpK2ppIoFZfktkXRbf1f6xZUiwTdERcqmdXQ1RiFRfVAeiDDgT2f8vt8/s1600/45.PNG" /></a></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">We can see that eventhough the next-hop is set to 10.1.1.1 in the routing table, the traffic for the destination 192.168.3.1 goes to R3's tunnel IP directly. This is because the "ip nhrp shortcut" command overrides the routing table if the spoke received "NHRP redirect" message from the hub.</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">If we check the routing table again on R2</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAaDiB5ylDeUoDkEH-Hrk2zbx6yRsOoAeM-K8c4nNkYveDbaCbQu_KVn5PQ9i92NFvOr4mEPqhl5Uu2schZcx3ibKRyRI6fjOZNiUFHAjj1mXYDO_56X67X_QBYqmA3d48WVyhCB-uTu0/s1600/46.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAaDiB5ylDeUoDkEH-Hrk2zbx6yRsOoAeM-K8c4nNkYveDbaCbQu_KVn5PQ9i92NFvOr4mEPqhl5Uu2schZcx3ibKRyRI6fjOZNiUFHAjj1mXYDO_56X67X_QBYqmA3d48WVyhCB-uTu0/s1600/46.PNG" /></a></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">We can see "%" sign on the eigrp route for the prefix 192.168.3.0/24. The % means that this router is not using the next-hop specified in the routing table. </span></div>
<div>
<br />
<span style="font-family: Verdana, sans-serif;">Here mentioned are few good links about DMVPN</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><a href="http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/29240-dcmvpn.html">http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/29240-dcmvpn.html</a></span><br />
<br />
<span style="font-family: Verdana, sans-serif;"><a href="http://blog.ine.com/2008/08/02/dmvpn-explained/">http://blog.ine.com/2008/08/02/dmvpn-explained/</a></span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<br /></div>
</div>
</div>
Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com2tag:blogger.com,1999:blog-3934012154598313421.post-74943892555152755222015-01-27T17:15:00.001+00:002015-01-27T19:03:10.307+00:00DMVPN Phase 2<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: Verdana, sans-serif;">Continuing from the previous post, let's now see how phase 2 works. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The major difference between phase 1 and phase 2 is that in phase 2, the spokes can communicate to other spokes directly by using the NHRP mapping information from the hub.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">To enable the spoke to create dynamic tunnels, we will remove the tunnel destination command and change the tunnel mode to "gre multipoint".</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguHCdbF1bzk0peoomtDhSy-MfgVuvKtx5XoxWBj_QHWYwllnJbQz6yGQ6ne3B-cUdxwvnu625VKRySxO9lbKc3UeFSrg9UWOeQXh0lP_sftYe-nJOwgNk4g8Q6zO_bDY51ycFSn6OiUww/s1600/29.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEguHCdbF1bzk0peoomtDhSy-MfgVuvKtx5XoxWBj_QHWYwllnJbQz6yGQ6ne3B-cUdxwvnu625VKRySxO9lbKc3UeFSrg9UWOeQXh0lP_sftYe-nJOwgNk4g8Q6zO_bDY51ycFSn6OiUww/s1600/29.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFLWeJzNoNEkS0YMnpvCoTM8w_yYaga19DnWNl1TTb4E2z4nCYSWJg-uyMCvsZzSIdh1LBM8gE8miXD-IT9mZJ_hFNvjkpiHeV9Tj_ksAcgGqIKv-45-rtUsuVcTfn4MAvWP7l6PvS8BQ/s1600/30.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFLWeJzNoNEkS0YMnpvCoTM8w_yYaga19DnWNl1TTb4E2z4nCYSWJg-uyMCvsZzSIdh1LBM8gE8miXD-IT9mZJ_hFNvjkpiHeV9Tj_ksAcgGqIKv-45-rtUsuVcTfn4MAvWP7l6PvS8BQ/s1600/30.PNG" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">At the moment, we can see that R2 is learning the loopback of R3 with the next hop 10.1.1.1 (hub's tunnel IP). </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjK7M1m8T633sMYcXFuqqukmOp2Pf9o49URswKohY8XZYMyb8papDDjzf4wdh9Ob5uulXbqLcicV4ql-vVmRlIypvOWQIU5EGUagpMBzlMMRwm43insgA-AhQCdiHD3GI7I7rxz2kz4Zm8/s1600/31.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjK7M1m8T633sMYcXFuqqukmOp2Pf9o49URswKohY8XZYMyb8papDDjzf4wdh9Ob5uulXbqLcicV4ql-vVmRlIypvOWQIU5EGUagpMBzlMMRwm43insgA-AhQCdiHD3GI7I7rxz2kz4Zm8/s1600/31.PNG" /></a></div>
<br />
<a name='more'></a><span style="font-family: Verdana, sans-serif;">We will have to get this changed so R1 preserves the next-hop value when it sends the update to the spoke routers.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDLL1xlyaFe5xiLWiT-qqHh2VEXDuk4hifXWt7L2rVh39c5yemrRa4IJ6iHILYHL70af6hSraqdWcb6MNypzuDU_coU0LSADIzbp1WUq3lyWy5kx8bUKnYkn6hio-l74jLbnsOeQJp4nc/s1600/32.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhDLL1xlyaFe5xiLWiT-qqHh2VEXDuk4hifXWt7L2rVh39c5yemrRa4IJ6iHILYHL70af6hSraqdWcb6MNypzuDU_coU0LSADIzbp1WUq3lyWy5kx8bUKnYkn6hio-l74jLbnsOeQJp4nc/s1600/32.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">If we check R2's routing table now, We can see that the next-hop points to R3's tunnel interface.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGxP-RvSEOCNQmOWV1s3vcti3DbymlBuvq8bZJ7INUWO7JaU4xXUISUwV1QcBc47s8ZXo7giJLIqYNkg_210nmo5_Cv420TEvUh4bKKhWHcIPNfIZwgPtZZoWf-ERSdZJNrUCvzoEzxro/s1600/33.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgGxP-RvSEOCNQmOWV1s3vcti3DbymlBuvq8bZJ7INUWO7JaU4xXUISUwV1QcBc47s8ZXo7giJLIqYNkg_210nmo5_Cv420TEvUh4bKKhWHcIPNfIZwgPtZZoWf-ERSdZJNrUCvzoEzxro/s1600/33.PNG" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">Let's test reachability of 192.168.3.1 from R2 with the source being local loopback0. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiwi31tDppM-C67gj7mystuQrv8aQyMu4SJwJYDrVwFtf9F5gNVMhbTTXG_8k4HsFpeSMo-hUOQa-VwWFQy40vXRh8DBdl2ItSLCAEGXqZpUaU-L0dSjIXB76BFkBtBPGf-rp7ACRT8tA/s1600/34.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjiwi31tDppM-C67gj7mystuQrv8aQyMu4SJwJYDrVwFtf9F5gNVMhbTTXG_8k4HsFpeSMo-hUOQa-VwWFQy40vXRh8DBdl2ItSLCAEGXqZpUaU-L0dSjIXB76BFkBtBPGf-rp7ACRT8tA/s1600/34.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhSPouNM_rwKpFsM8L9i-owou1oTpU15Fk_OMMFzdhaCToDg0KQPajuavAGNqNtq9c4yo1LRL2_yVLK05rsGWpVVim3goUK1L1_9oLHQ3byACvvObF4MUP6dc91a-DX_MoKdMQRZtjSGM/s1600/36.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhSPouNM_rwKpFsM8L9i-owou1oTpU15Fk_OMMFzdhaCToDg0KQPajuavAGNqNtq9c4yo1LRL2_yVLK05rsGWpVVim3goUK1L1_9oLHQ3byACvvObF4MUP6dc91a-DX_MoKdMQRZtjSGM/s1600/36.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: Verdana, sans-serif;">We can see that the traffic from R2 to R3 doesn't traverse through R1. There is an NHRP entry for R3 on R2.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNlMnG4IKMTEAlTx6YH2o_s-unZlaM1JzbMs59gU2bOcGflC0NsFFNnbuvVvc_Cp40pAW_k7Yz4rCHzCV5ind10sE7Le-YUv_VVFJfP5Y0h0-QSgIczta_uBW9LUzp3PX1sXidW-Tpez4/s1600/37.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNlMnG4IKMTEAlTx6YH2o_s-unZlaM1JzbMs59gU2bOcGflC0NsFFNnbuvVvc_Cp40pAW_k7Yz4rCHzCV5ind10sE7Le-YUv_VVFJfP5Y0h0-QSgIczta_uBW9LUzp3PX1sXidW-Tpez4/s1600/37.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">From where did R2 receive the information about R3's NBMA address ? </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">When R2 tried to ping R3's loopback, it queried R1 to provide information about R3's public IP address.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIsiyYZpk4sgDFNDGGdDy0izzfujDsHWGu8HLsmlZxIrIN2bHt80qoAhyrtaLstEdrEMok2q8jO2_kNoWLh_WUxNW9vH50tSvZ3T6cqXnGXa_byH-ZyftikmwCe7QZhSZMl6wFLSm7yYY/s1600/38.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIsiyYZpk4sgDFNDGGdDy0izzfujDsHWGu8HLsmlZxIrIN2bHt80qoAhyrtaLstEdrEMok2q8jO2_kNoWLh_WUxNW9vH50tSvZ3T6cqXnGXa_byH-ZyftikmwCe7QZhSZMl6wFLSm7yYY/s1600/38.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Upon receiving the request, R1 checked it's own NHRP table and replied back with R3's NBMA IP address. It also informed R3 about the NBMA adresss of R2.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_-t-bvj2fqogAc_zZ-4ASziHebVzq3c9cR5qIzlEwjsf6VVx9yf95jL-c5-aqpoJW7-rqxqzDDdMp2PzNCUDq6JAnJMEMS8FPDcmrqaEqcaYU59SC02dDbJ7_3ea_NlxmQaISYQzZvVE/s1600/39.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_-t-bvj2fqogAc_zZ-4ASziHebVzq3c9cR5qIzlEwjsf6VVx9yf95jL-c5-aqpoJW7-rqxqzDDdMp2PzNCUDq6JAnJMEMS8FPDcmrqaEqcaYU59SC02dDbJ7_3ea_NlxmQaISYQzZvVE/s1600/39.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Once the spokes received the information, they started communicating directly.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We will look at Phase 3 in the next post.</span><br />
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<br /></div>
</div>
Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com0tag:blogger.com,1999:blog-3934012154598313421.post-393746681147204302015-01-14T13:29:00.000+00:002015-05-01T17:20:40.908+01:00DMVPN Phase 1<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: Verdana, sans-serif;">As shown in the diagram below, let's assume that a customer has three sites. R1 represents the hub, R2 and R3 are the remote spokes. Each site has a local internet connection. Our aim to provide connectivity between the LAN subnets of all three sites.</span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDFChXqiJt1h1A-ajk__OSp2_upLQj5l_T-6Nh4HjqS36ite7aufLW1mpkAsAmoopxlAzqS_pBHdS5-nW0bbtCCsEzolZswbggt8Z8qCzx5lWsLSu8RPyT_AZYXH2n8XxZYC2A-mF5wM0/s1600/Drawing1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDFChXqiJt1h1A-ajk__OSp2_upLQj5l_T-6Nh4HjqS36ite7aufLW1mpkAsAmoopxlAzqS_pBHdS5-nW0bbtCCsEzolZswbggt8Z8qCzx5lWsLSu8RPyT_AZYXH2n8XxZYC2A-mF5wM0/s1600/Drawing1.png" height="400" width="325" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The IP addresses 1.1.1.1/30, 2.2.2.1/30 and 3.3.3.1/30 are the public IPs provided by the local ISPs at respective locations. The 192.168.X.0/24 is the LAN IP subnet at each site.</span><br />
<a name='more'></a><br />
<span style="font-family: Verdana, sans-serif;">We can configure standard site to site IPSEC tunnels between hub and each spoke and implement GRE to run routing protocol between them. In our scenario, there will be two static tunnels however what if there are 100s of spokes? We will then have to manually configure 100s of GRE tunnels!!</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">One of the solution is to use mGRE instead of GRE. Both GRE and mGRE provide support for unicast, multicast and broadcast. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">To utilise mGRE we will use DMVPN technology which allows you to create single mGRE tunnel along with a single IPSEC profile.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Here are the components of DMVPN:-</span><br />
<span style="font-family: Verdana, sans-serif;">- mGRE (multipoint GRE)</span><br />
<span style="font-family: Verdana, sans-serif;">- NHRP (Next hop resolution protocol)</span><br />
<span style="font-family: Verdana, sans-serif;">- Routing Protocol (dynamic/static)</span><br />
<span style="font-family: Verdana, sans-serif;">- IPSEC (optional - provides protection over the internet)</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">DMVPN can be configured in three different ways. They are generally called Phase 1, Phase 2 and Phase 3.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">In this post we will see how Phase 1 works. Phase 1 is a hub & spoke deployment model in which spoke to spoke traffic always traverse through the hub. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's start doing the config. We will configure the Hub (R1) first.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">We are going to create a tunnel interface and assign an IP address. By default the tunnel mode is GRE. We will change it to mGRE and set the tunnel source as the interface fast0/0 (WAN interface).</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9J2YWdSW2RqAk2SAEFVau0BVio0PB3ewcJM7ZYndSun0Q5kC7CvNl8FrvIEr58lnYH0310rQqHTamJXLOiaZAIrCbVMuZVexHgJAD26FumnQFZagkoTYiM7KrxhyphenhyphenkcaFOnyjRu4BeCPA/s1600/1.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj9J2YWdSW2RqAk2SAEFVau0BVio0PB3ewcJM7ZYndSun0Q5kC7CvNl8FrvIEr58lnYH0310rQqHTamJXLOiaZAIrCbVMuZVexHgJAD26FumnQFZagkoTYiM7KrxhyphenhyphenkcaFOnyjRu4BeCPA/s1600/1.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">One thing to notice that we are not going to configure the tunnel destination as it's a multipoint GRE tunnel.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Now we will configure the NHRP parameters. NHRP maps tunnel IP address to NMBA ip address (WAN public IP) statically or dynamically. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The NHRP network ID do not have to match on the hub and relevant spokes however there is no reason why shouldn't do that. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNkVbkbcZptJecy45BEgGdratbDSQWSyqv-TNIzfnlU6k1gULRYnRc9RtKeoXqezMKTXXElvmr5EpCoRWcyYEECNu1ituJBYA3k80perhc7izq1PpIiDyHxXuBjvnwzxec_SQaMVx7kyc/s1600/2.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNkVbkbcZptJecy45BEgGdratbDSQWSyqv-TNIzfnlU6k1gULRYnRc9RtKeoXqezMKTXXElvmr5EpCoRWcyYEECNu1ituJBYA3k80perhc7izq1PpIiDyHxXuBjvnwzxec_SQaMVx7kyc/s1600/2.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">To run dynamic routing protocol over DMVPN, we have to enable multicast capability.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2Ff5LOWe7OWuvauhAuaSIgZgPhcEuF1Fa5TlYOJUvOX8z9YcNS0N00von7bPm6FOX_FBFD-T4GipiQihGBFXFYVRvaC8xxXW7A3PyrpbTpwnNkt4cS2cZ6xrkv9ozZl4uYbjbjWJZUi8/s1600/3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi2Ff5LOWe7OWuvauhAuaSIgZgPhcEuF1Fa5TlYOJUvOX8z9YcNS0N00von7bPm6FOX_FBFD-T4GipiQihGBFXFYVRvaC8xxXW7A3PyrpbTpwnNkt4cS2cZ6xrkv9ozZl4uYbjbjWJZUi8/s1600/3.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We can also configure optional nhrp authenticaion and tunnel key for security. These parameters must match on the relevant spokes. However it's an optional configuration.</span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjX8409HoTv5xAy4YmAY57JeFOy8f7fs7T_YjaDDoj7AiIOgeWQSS41Fz_BI__B9EDl40y6lA7zun1zpjkJL48UinkDc_Ae5cocEeyqZRqZjGwVg0ysF1MvRD-hx-IULOl9OqBMG7o-WGg/s1600/4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjX8409HoTv5xAy4YmAY57JeFOy8f7fs7T_YjaDDoj7AiIOgeWQSS41Fz_BI__B9EDl40y6lA7zun1zpjkJL48UinkDc_Ae5cocEeyqZRqZjGwVg0ysF1MvRD-hx-IULOl9OqBMG7o-WGg/s1600/4.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's configure the spoke R2. In phase-1, the tunnel on the spoke will be point-to-point GRE so we will configure the tunnel interface, IP address, tunnel source and destination. The tunnel destination will be the public IP of R1.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiujIeEBg-VYnGyT55aftqKo90fD_lKVmPclc8_LiSAQkSz6_PCqVpsN7ugEDxMcQwCbwRy01FyDvfFWrKLr0JU4RfNCGFce7EutRY4P0AfylIsjnYNUphLYqBM3viOMNL2ZCRd8rEsI4g/s1600/5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiujIeEBg-VYnGyT55aftqKo90fD_lKVmPclc8_LiSAQkSz6_PCqVpsN7ugEDxMcQwCbwRy01FyDvfFWrKLr0JU4RfNCGFce7EutRY4P0AfylIsjnYNUphLYqBM3viOMNL2ZCRd8rEsI4g/s1600/5.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Now we will configure the NHRP parameters. We will configure the nhrp network id (same value as on the hub)</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifhXvqeL6aAh2MbXHPVFuHIfndFkFT3YVydZI14RkT1nrsBrSouDV7ifI_VCXvfllkdEpB9JPJy-mDa4VKOnUT-6T_-ry36vrywrSOv8KGB_fS1XVW3kx_6l0Fm4PYmgHpJ_B9o8S5j9I/s1600/6.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifhXvqeL6aAh2MbXHPVFuHIfndFkFT3YVydZI14RkT1nrsBrSouDV7ifI_VCXvfllkdEpB9JPJy-mDa4VKOnUT-6T_-ry36vrywrSOv8KGB_fS1XVW3kx_6l0Fm4PYmgHpJ_B9o8S5j9I/s1600/6.PNG" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">We will now map R1's NBMA (public IP) to the tunnel IP (private IP) address.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhE50JYzQUpEv3A60DdnskbFo37KTSTfip2qfv5vD8CsyMlDdrr5ME_Vf_TF_QKdAZRZI8rHpFvNyMVluxCpOGiYBrQBVjsInnToEvPAUzgrURyRkOcaLD8vTMYZpyLhFemP0ErQT2Eh_k/s1600/26.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhE50JYzQUpEv3A60DdnskbFo37KTSTfip2qfv5vD8CsyMlDdrr5ME_Vf_TF_QKdAZRZI8rHpFvNyMVluxCpOGiYBrQBVjsInnToEvPAUzgrURyRkOcaLD8vTMYZpyLhFemP0ErQT2Eh_k/s1600/26.PNG" height="17" width="320" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">If we want to run a dynamic routing protocol over DMVPN, we will have to specify the NBMA (public) IP address which should received the multicast/broadcast packets. In our case, this would be R1's public IP (1.1.1.1).</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRcVOwArl07og0FhC0F6XbGjSED6OOh8cCrzsk4T0icEXMm6MNORqz8M8knYbFZcsI7kc-Kj4jLblzrkcKyQQxvBmdUcr0HprcRUla8lLEPvz0ktQuUXpKV8jkb5-Z5WoOXxSD1TQ3o_o/s1600/8.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRcVOwArl07og0FhC0F6XbGjSED6OOh8cCrzsk4T0icEXMm6MNORqz8M8knYbFZcsI7kc-Kj4jLblzrkcKyQQxvBmdUcr0HprcRUla8lLEPvz0ktQuUXpKV8jkb5-Z5WoOXxSD1TQ3o_o/s1600/8.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We will also have to specify the IP address of the NHRP server. This will be the tunnel IP address of R1.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfJMfD-EGrtpt2BzfiGTsNJTNcIiFU27BUOBeQzEAsyqkE8f13WDtL1wTKhwrd0f26QeP7xc2NYiEpF85bpea4eXmMod1fpacfdJPaYZVp7F7kwf8jtFztYh0vbvrZWx7gxzTUQOD7UUw/s1600/9.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfJMfD-EGrtpt2BzfiGTsNJTNcIiFU27BUOBeQzEAsyqkE8f13WDtL1wTKhwrd0f26QeP7xc2NYiEpF85bpea4eXmMod1fpacfdJPaYZVp7F7kwf8jtFztYh0vbvrZWx7gxzTUQOD7UUw/s1600/9.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We can now complete the configuration by specifying NHRP authentication and tunnel key.</span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhk3cx_RA27PpdhdRRPDfiVE8pCgYaavDT79BUMhCOyy_njp1PSuODx6zdWXsgPQF3A3egCG3O0H3TLtXpfbEpfQNgFW5Oz2ja_aZjILZ1SSa1rf6tcrQdkH6N4mlDXWs6oAMxxp3eZLNs/s1600/10.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhk3cx_RA27PpdhdRRPDfiVE8pCgYaavDT79BUMhCOyy_njp1PSuODx6zdWXsgPQF3A3egCG3O0H3TLtXpfbEpfQNgFW5Oz2ja_aZjILZ1SSa1rf6tcrQdkH6N4mlDXWs6oAMxxp3eZLNs/s1600/10.PNG" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">We will apply a similar config on the spoke R3</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglWuv7yDxXIZPx3DwIeX8qIkWMTqCLJJgOWfa0E0UvvuayxUwfdJAbOIxGRTAAkZA2JzoiDza78oCECRfROo4Xr6sfq9PgyoxROFHQyj8n6h1_px46HizoPWp2bJ2qq3-3IX_DcfnzTHg/s1600/27.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglWuv7yDxXIZPx3DwIeX8qIkWMTqCLJJgOWfa0E0UvvuayxUwfdJAbOIxGRTAAkZA2JzoiDza78oCECRfROo4Xr6sfq9PgyoxROFHQyj8n6h1_px46HizoPWp2bJ2qq3-3IX_DcfnzTHg/s1600/27.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: Verdana, sans-serif;">If we look at R1, we can notice that there are two NHRP entries</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPByK8yLaN1Yu_vk5XCIxpXg7S46ZrXIkFtBoiCaqeUTl5__zJeKJ2zs1qkPWXFuWFZa7dPS6_MiY6h0S0gFZniNdxvFJykrHt2_M0JQyJD_PmaICqY4B2SeR3HPRf1odMGCQTzxwlb6g/s1600/12.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiPByK8yLaN1Yu_vk5XCIxpXg7S46ZrXIkFtBoiCaqeUTl5__zJeKJ2zs1qkPWXFuWFZa7dPS6_MiY6h0S0gFZniNdxvFJykrHt2_M0JQyJD_PmaICqY4B2SeR3HPRf1odMGCQTzxwlb6g/s1600/12.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The idea behind NHRP is that each spoke registers it's NBMA (public IP) and tunnel IP (private IP) with DMVPN hub when it boots up and queries the NHRP database for the addresses of other spokes. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We can see that R1 knows about the public IP (NBMA) and related tunnel IP information about R2 and R3.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFpggqyUDgwHsER7VPP7AzQRq4d4Nu9myLDzh8053o1-a0Q8SBfEYQJETOx9v3smGgdi-6ktYMWKu97PeO4mBkecdS67MjS498MyUkI6dpKM4f1XaX47ZLzuG569RfpyvjAc2Jz9EYnWk/s1600/28.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFpggqyUDgwHsER7VPP7AzQRq4d4Nu9myLDzh8053o1-a0Q8SBfEYQJETOx9v3smGgdi-6ktYMWKu97PeO4mBkecdS67MjS498MyUkI6dpKM4f1XaX47ZLzuG569RfpyvjAc2Jz9EYnWk/s1600/28.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">On the spoke, we can see that it shows it's own NHRP mapping for the hub. It also shows that the NHRP server is responding.</span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2CiHD1W4w7vpjiURNy1PCpBYs-2VBAm3yW05hN_el91hGTvo7HiTzENyU5UuFOd3ijtgrxDWZXK4rQBCBMEMmBac0z8EnJ0A6KZwOyYWh7xF7AZSLVaSyW9gOV3HjNQ6580wZRO4ulXU/s1600/15.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj2CiHD1W4w7vpjiURNy1PCpBYs-2VBAm3yW05hN_el91hGTvo7HiTzENyU5UuFOd3ijtgrxDWZXK4rQBCBMEMmBac0z8EnJ0A6KZwOyYWh7xF7AZSLVaSyW9gOV3HjNQ6580wZRO4ulXU/s1600/15.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Now we will run EIGRP on hub and both the spokes. We will advertise the tunnel IPs and the relevant loopbacks through EIGRP.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Configs on R1, R2 and R3</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjndxLO0BWnjs6sjWcvxGTeVGS_JWsQhEsal62eM31lwXnVvZkCzqO4XKuhMMYgypdnlcBHDbn0MRgHTfPBqCOC8V6UG3JQsZIobnhbhWJRZ5oIuOeU2nsVsPGrqxp2e3G95wuWPq-AXvw/s1600/16.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjndxLO0BWnjs6sjWcvxGTeVGS_JWsQhEsal62eM31lwXnVvZkCzqO4XKuhMMYgypdnlcBHDbn0MRgHTfPBqCOC8V6UG3JQsZIobnhbhWJRZ5oIuOeU2nsVsPGrqxp2e3G95wuWPq-AXvw/s1600/16.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLIFNSVsNgwVm3HhTjGe-Y0C8U59MnYVoo7FVhDVahc5oUPL_8RvRkLyS0te6gAR2peTX6L7fGvDfmQL7VDWRwnoQDjgcUWSM-LHfFYQlI5eoxdtEb3DxalPz9VtxvnxLvk5iE4TWznqk/s1600/17.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLIFNSVsNgwVm3HhTjGe-Y0C8U59MnYVoo7FVhDVahc5oUPL_8RvRkLyS0te6gAR2peTX6L7fGvDfmQL7VDWRwnoQDjgcUWSM-LHfFYQlI5eoxdtEb3DxalPz9VtxvnxLvk5iE4TWznqk/s1600/17.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJ4W_ylJS1icxnubtuGfhfKkDcqqnItZ6iRjGTp4Il0-fi6gbn6X_nf8lh8tCj-QxCDd9DGK26Ez2j60UMTKPoZV04ZwizvYzZmJNs-ivty9P-wT5OKHgJCu6Njet8aOQ9MKTJ1zKPO-Q/s1600/18.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJ4W_ylJS1icxnubtuGfhfKkDcqqnItZ6iRjGTp4Il0-fi6gbn6X_nf8lh8tCj-QxCDd9DGK26Ez2j60UMTKPoZV04ZwizvYzZmJNs-ivty9P-wT5OKHgJCu6Njet8aOQ9MKTJ1zKPO-Q/s1600/18.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">After applying these configs, we can see that R1 has started receiving the loopback prefixes from R2 and R3.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_HLvzDp5TgQf8Ti2dFaJd4GE_Ho-ny7AbSL5vfGZUQ7L8ut1Le8yW1SCUV07mS0VfG3IMsOQRyW1EWCXV-EOAhgzcimUeEh6VdqxGtqrZe0G1v8o92wrJkANK3zDgkGC3Jkv0wMkLuXY/s1600/19.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_HLvzDp5TgQf8Ti2dFaJd4GE_Ho-ny7AbSL5vfGZUQ7L8ut1Le8yW1SCUV07mS0VfG3IMsOQRyW1EWCXV-EOAhgzcimUeEh6VdqxGtqrZe0G1v8o92wrJkANK3zDgkGC3Jkv0wMkLuXY/s1600/19.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">However, R2 will not receive R3's loopback and vice versa due to the EIGRP's split horizon rule. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkjs0jSqjOwzaIH-Rs_4sqzp9xlTQtCBHEwmbCwOosFliTiFZiImyjk7eDIZ7F6wl5Hd1OaXGYocnIfHOkezC-lL2LKk4nJnEPdJ-Cmk3OCZSTJZJxEKjq_THKWbj32nq6BEdAhDyXvR8/s1600/20.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkjs0jSqjOwzaIH-Rs_4sqzp9xlTQtCBHEwmbCwOosFliTiFZiImyjk7eDIZ7F6wl5Hd1OaXGYocnIfHOkezC-lL2LKk4nJnEPdJ-Cmk3OCZSTJZJxEKjq_THKWbj32nq6BEdAhDyXvR8/s1600/20.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We will have to disable split horizon on R1 which will enable R2 and R3 to receive the loopback prefixes.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEik7fsM_J3hHvztruley0VMgTjEfwgFW9uSWS9pXdHxE8VfMuoQxiobWhW5pdvfQC1rpFDZXPVqHTMsLqM-Letw6d_uC7BJh39pimhAbo2A5wKJ_PfMavj244vFjhbNAM4RkZlZ2PLU2A8/s1600/21.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEik7fsM_J3hHvztruley0VMgTjEfwgFW9uSWS9pXdHxE8VfMuoQxiobWhW5pdvfQC1rpFDZXPVqHTMsLqM-Letw6d_uC7BJh39pimhAbo2A5wKJ_PfMavj244vFjhbNAM4RkZlZ2PLU2A8/s1600/21.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwdeTk6hydzJ4DqrSI1JEJok0HgBmirPqRdqLYzeSUsn2TjPO4FCjbupXr6-w6ktJKDJv2MlkQbr3vBVG3JokEG5tt0sj9VhnDcBYycCfOnfRpOEc2PzwpUB6sQzr4rxvkNcP3GNCGEi4/s1600/22.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwdeTk6hydzJ4DqrSI1JEJok0HgBmirPqRdqLYzeSUsn2TjPO4FCjbupXr6-w6ktJKDJv2MlkQbr3vBVG3JokEG5tt0sj9VhnDcBYycCfOnfRpOEc2PzwpUB6sQzr4rxvkNcP3GNCGEi4/s1600/22.PNG" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtosXFn2co1grbhEwlDnobrp3GYHs3f4magB7lSY9H8Hno3wMeCZl8k_C2D74bWnbRGHyN67H-H1SOW-FhsefXdu3c1v8g06Pov07Xc_326N3P_neLcBx0JfAooH4HApknFHK6EhD3Dog/s1600/23.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhtosXFn2co1grbhEwlDnobrp3GYHs3f4magB7lSY9H8Hno3wMeCZl8k_C2D74bWnbRGHyN67H-H1SOW-FhsefXdu3c1v8g06Pov07Xc_326N3P_neLcBx0JfAooH4HApknFHK6EhD3Dog/s1600/23.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's verify the connectivity from R2's loopback to R3's loopback</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTZr6dTGC1KN6pQSK-LpbTWi1_T_JrTlsnh7xsWLpzIUpnvLZJ5TolIALL6Byb7HtuQKDROmb-qMuDJEnFxAc4xJPZZFfm8J0WxFBOaD6EzunDVlpI1u5FS759M7_JCXUsnorlkShvUeY/s1600/24.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTZr6dTGC1KN6pQSK-LpbTWi1_T_JrTlsnh7xsWLpzIUpnvLZJ5TolIALL6Byb7HtuQKDROmb-qMuDJEnFxAc4xJPZZFfm8J0WxFBOaD6EzunDVlpI1u5FS759M7_JCXUsnorlkShvUeY/s1600/24.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The traceroute confirm that the packets are traversing through the hub R1.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgj3hVUYo_7KWXkXdg5CvVeFONjtv_TUMv1k55E_oe9oGiNChHOAYxCYUd6dAKmSqVxD3eS_u51bvSMeiOZuhoHwTOdE6MTzEhfaZ7xYgwtFrsizcMIEiMK4ofZtUi9DKGSuZ0teSkyoW0/s1600/25.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgj3hVUYo_7KWXkXdg5CvVeFONjtv_TUMv1k55E_oe9oGiNChHOAYxCYUd6dAKmSqVxD3eS_u51bvSMeiOZuhoHwTOdE6MTzEhfaZ7xYgwtFrsizcMIEiMK4ofZtUi9DKGSuZ0teSkyoW0/s1600/25.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Even if we apply "no ip next-hop-self eigrp 10" under tunnel interface on R1, the spokes will still talk to each other via the hub R1 as we have configured point-to-point tunnels on the spokes.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Due to this limitation, phase 1 is not widely used in real world designs. The DMVPN phase 2 resolves this problem and let us have spoke to spoke dynamic tunnels. We will cover phase 2 in our next post.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Generally DMVPN is implemented over the public Internet hence we have to apply the IPSEC profile to secure the communication. We haven't covered the IPSEC configuration in this post as it's very straight forward.</span><br />
<br /></div>
Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com2tag:blogger.com,1999:blog-3934012154598313421.post-49608095603272548332014-12-24T13:30:00.001+00:002015-12-23T16:41:11.083+00:00OSPF Prefix Suppression<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: Verdana, sans-serif;">Recently I came across this command "ip ospf prefix-suppression". It's a nice feature which allows the suppression of the transit link advertisement which will result in smaller RIB. </span><br />
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">Let's look at the below topology and see how it works.</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEju6MEF7_w1vn0_-Z6SwCf1_Myfb045j6GWivaZjABbIhqTVNNRH41o8bsEVhyphenhyphenKTMV0g6SYc8qqm1I1FVvh-Ep5neky1QUx08R6SCFZCiUqTt8xxdMJtUHNxlBA8e4GkMtKI1EHe9zVbJg/s1600/1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="50" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEju6MEF7_w1vn0_-Z6SwCf1_Myfb045j6GWivaZjABbIhqTVNNRH41o8bsEVhyphenhyphenKTMV0g6SYc8qqm1I1FVvh-Ep5neky1QUx08R6SCFZCiUqTt8xxdMJtUHNxlBA8e4GkMtKI1EHe9zVbJg/s1600/1.png" width="400" /></a></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">We have R1, R2 and R3 connected with ethernet interfaces. All three routers are running OSPF process 10. I have applied the command "network 0.0.0.0 255.255.255.255 area 0" on all of them. </span><br />
<a name='more'></a></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEeOoBYZubUU3iuqclklztIaJxXDVVf656ekd2r3OimZRYgRzqbcrX430p926HC-CZVT4kwPkwRihRdShKsaR90xQrRDma8c7BmJF2miMjbZnwNgYEolPm1-Ob_n8P1MJN4sjoKlZxObk/s1600/2.PNG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiEeOoBYZubUU3iuqclklztIaJxXDVVf656ekd2r3OimZRYgRzqbcrX430p926HC-CZVT4kwPkwRihRdShKsaR90xQrRDma8c7BmJF2miMjbZnwNgYEolPm1-Ob_n8P1MJN4sjoKlZxObk/s1600/2.PNG" /></a></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div>
<span style="font-family: Verdana, sans-serif;">We can see that R3 learns the loopback IP of R1 (1.1.1.1/32) and the link between R1 and R2 (12.12.12.0/24) via OSPF.</span></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">Let's check network LSA in R3's OSPF database</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: Verdana, sans-serif;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRdTE2BGcSHED5RKj-sRTLMn2nD5nrK9QRhW7jB2SXJY1osJkMfbfI5fjDIb6viyrqdq27DkiFdvVS9fohVB5MZLAvDE1ou9vFlDqHTjoiqCDMBqHoRvgsES-dw1evZxbJx9UpyznpVog/s1600/3.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRdTE2BGcSHED5RKj-sRTLMn2nD5nrK9QRhW7jB2SXJY1osJkMfbfI5fjDIb6viyrqdq27DkiFdvVS9fohVB5MZLAvDE1ou9vFlDqHTjoiqCDMBqHoRvgsES-dw1evZxbJx9UpyznpVog/s1600/3.PNG" /></a></span></div>
<span style="font-family: Verdana, sans-serif;">
</span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: Verdana, sans-serif;">
</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div>
<span style="font-family: Verdana, sans-serif;">From the above output, we can see that R1 is the DR for the segment between R1 and R2. It advertises the transit network (10.1.12.0/24). </span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">Now Let's apply the command "ip ospf prefix-suppression" on R1's Ethernet0/0 interface.</span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5arRd5vK0fAPvRusRLPpzhp0Er-amFSLqrVGJy_BYwMSO_VZpHi4cq3bg6tr2P9h789NIJ_1j2yk2DQN3tOX0coTCeSO0MGqH7EAXJQnadEmALHlI78RQfmjsXXhFqVKJ_ZiWVGbPo8I/s1600/4.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5arRd5vK0fAPvRusRLPpzhp0Er-amFSLqrVGJy_BYwMSO_VZpHi4cq3bg6tr2P9h789NIJ_1j2yk2DQN3tOX0coTCeSO0MGqH7EAXJQnadEmALHlI78RQfmjsXXhFqVKJ_ZiWVGbPo8I/s1600/4.PNG" /></a></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">The routing table of R3 still shows the entry for the loopback IP (1.1.1.1/32) however it has removed the prefix of the transit link (12.12.12.0/24) from the routing table.</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2-6n26kMdfuycz5qcSMYRBP5W6Wj0TKVcz8nsMcvLrYt4Z7_m-N7wLOLQNOfcHDzfs2Eb1iK4_vIyyvbWTSXLWOBNIsAsdOHY_5q0lSWmrgu-8fFjwW_b6kvDrc5rm0M9o9gga8DSv90/s1600/5.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh2-6n26kMdfuycz5qcSMYRBP5W6Wj0TKVcz8nsMcvLrYt4Z7_m-N7wLOLQNOfcHDzfs2Eb1iK4_vIyyvbWTSXLWOBNIsAsdOHY_5q0lSWmrgu-8fFjwW_b6kvDrc5rm0M9o9gga8DSv90/s1600/5.PNG" /></a></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">Looking at the network LSA in the OSPF database on R3 again</span></div>
</div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<span style="font-family: Verdana, sans-serif;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEix8xdrRt0XyWjZTe1hzoQlFI2-XCEWRlgfmeaI3Y_KWXhzVGs3xkOJo3tA1-5mMt2SMl7eXwTeq8FOSJgeA7TgP3kbJSnFU_HejzHnJcNczReh4g8kSocoXnz__KkLwJLn_wQ1AGkq9CA/s1600/7.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEix8xdrRt0XyWjZTe1hzoQlFI2-XCEWRlgfmeaI3Y_KWXhzVGs3xkOJo3tA1-5mMt2SMl7eXwTeq8FOSJgeA7TgP3kbJSnFU_HejzHnJcNczReh4g8kSocoXnz__KkLwJLn_wQ1AGkq9CA/s1600/7.PNG" /></a></span></div>
<span style="font-family: Verdana, sans-serif;">
</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">After applying the command for prefix suppression, R1 is adversing it's network LSAs with /32 network mask.</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">If we test the connectivity from R3 to R1's Loopback, we can see that it's still working.</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghKoD7Gei-PJwJs_v40DePhWIK8HW1fgw5WBKrsbJmmw9InfgDYsg1jcst_Hw1bXl_7dI01n_wHvmW-qrfS_0lVxFd-P7K18D4rFvC6TnntfP5o_kt6D_94JzfhggGMi3jwIL-blkCuFE/s1600/8.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghKoD7Gei-PJwJs_v40DePhWIK8HW1fgw5WBKrsbJmmw9InfgDYsg1jcst_Hw1bXl_7dI01n_wHvmW-qrfS_0lVxFd-P7K18D4rFvC6TnntfP5o_kt6D_94JzfhggGMi3jwIL-blkCuFE/s1600/8.PNG" /></a></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">We have tested this for the broadcast network where DR/BDR gets selected. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">How will this work on a point-to-point link? Remember there will not be any DR/BDR for the point-to-point network type. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">To test it, let's create a new loopback on R3 with IP 3.3.3.3/32 and re-configure the link between R2 and R3 as ospf point-to-point network.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3GCcpQcjOpOav8CYy7ZSAF60zZofG6PI72OQRpKILMeJ3xDz3dknERDdsgTNrwqknav3AhkujhNMeyA_tqlgYIEXarmRjQhLsG3oqi2ZnH0AuOJgdsr6jl7NGrKUwObPPxJkGrhW_Ais/s1600/9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="76" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh3GCcpQcjOpOav8CYy7ZSAF60zZofG6PI72OQRpKILMeJ3xDz3dknERDdsgTNrwqknav3AhkujhNMeyA_tqlgYIEXarmRjQhLsG3oqi2ZnH0AuOJgdsr6jl7NGrKUwObPPxJkGrhW_Ais/s1600/9.png" width="400" /></a></div>
<br />
<span style="font-family: Verdana, sans-serif;">The Loopback on R3 is advertised in the OSPF process so it's visible in R1's routing table.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVX4bp6Q925dzRqqZCBbNW3I6l5801ZY6VeLCwCZjOHFSWsgsqHXe9ekBUU7EyYhlAfQWV6ClDd5Rj-IN3elf1ggB3zEkl2PSivryePCOH476yOn4kuwRzmLpx2eDGBWy9caDk2UkjIC0/s1600/10.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVX4bp6Q925dzRqqZCBbNW3I6l5801ZY6VeLCwCZjOHFSWsgsqHXe9ekBUU7EyYhlAfQWV6ClDd5Rj-IN3elf1ggB3zEkl2PSivryePCOH476yOn4kuwRzmLpx2eDGBWy9caDk2UkjIC0/s1600/10.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We can also see that the transit subnet between R2 and R3 (10.1.23.0/24) is also in the routing table.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">If we check the Router LSA on R1, we can see that R3 advertise this subnet through Link Type-3.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdwEpviIHw6tH74tiBkQ9iVA7R72rdrWwf8YhqSJbjeManUQwa84gB-uYPvYeCxyVs6oKXXywsXaHqtH-az3g0cp4IWeIE3T3FWefHq5oj7dN_p9FCek4eiIrqyQEpyEJf3e2QxZ-Xn74/s1600/11.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdwEpviIHw6tH74tiBkQ9iVA7R72rdrWwf8YhqSJbjeManUQwa84gB-uYPvYeCxyVs6oKXXywsXaHqtH-az3g0cp4IWeIE3T3FWefHq5oj7dN_p9FCek4eiIrqyQEpyEJf3e2QxZ-Xn74/s1600/11.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Now let's apply the command "ip ospf prefix-suppression" on R3's interface.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRY5K_WMLETr2dCx75iCOjG5fAqMo0QbRrNlI_CPXYOyT7iAcRTV4u_aO07hA7liScz0ZwnCD5UBOvCxVl7MdS3dZ1eZeHU4rJnyxnEUA28YQF2Sz9KKa5aoZI-SiOdYboW0lEdycagaU/s1600/12.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRY5K_WMLETr2dCx75iCOjG5fAqMo0QbRrNlI_CPXYOyT7iAcRTV4u_aO07hA7liScz0ZwnCD5UBOvCxVl7MdS3dZ1eZeHU4rJnyxnEUA28YQF2Sz9KKa5aoZI-SiOdYboW0lEdycagaU/s1600/12.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Looking at R1's OSPF database again</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhe0xfndZcQCTtKWa3-2MfK5wwJK2AVdWZYo7Ecb9s6vlZZwHQpLblHKl9EQKx2vEO6QhYEIbT7RLpifWTz-cq_9z7VFQqRbPJsIsevcJuarVXaDMqAE2exA_i2zeogEtu9oqvqV8fct3g/s1600/13.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhe0xfndZcQCTtKWa3-2MfK5wwJK2AVdWZYo7Ecb9s6vlZZwHQpLblHKl9EQKx2vEO6QhYEIbT7RLpifWTz-cq_9z7VFQqRbPJsIsevcJuarVXaDMqAE2exA_i2zeogEtu9oqvqV8fct3g/s1600/13.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">We can see that R3 has now stopped advertising the "Type 3" entry.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Let's check R1's routing table and see if it has removed the entry for the transit subnet (10.1.23.0/24)</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjt2zMN86mLP_rDuDvus-1-7tIU7Ox_tYdQas1v6Q0m0fsoBE0Wqzg5q2MJ-W8tw1IoYrd0G4g2O_vgHxIBGg3CD0ippkX_be7vX3dPdwZH5de3YR7sBZkRInFLtpQa3v93lc1dPYH0pyg/s1600/14.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjt2zMN86mLP_rDuDvus-1-7tIU7Ox_tYdQas1v6Q0m0fsoBE0Wqzg5q2MJ-W8tw1IoYrd0G4g2O_vgHxIBGg3CD0ippkX_be7vX3dPdwZH5de3YR7sBZkRInFLtpQa3v93lc1dPYH0pyg/s1600/14.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The prefix is still in the routing table!! Why?</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">It's because the same prefix is advertised by R2 in it's router LSA. Let's check R1's OSPF database </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQ5CybCpvatN9eGVULjXZU8wotLVundvwR2x9JQAk31C2v-r1H43NetY5eu2DfkftXOg3NkIJAbIyZEzbQSlZ3EyHz-0Ndy6-oAOE13GGIJket_YHTIhtGklspYodPhZzuMvCv84OAF2A/s1600/15.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQ5CybCpvatN9eGVULjXZU8wotLVundvwR2x9JQAk31C2v-r1H43NetY5eu2DfkftXOg3NkIJAbIyZEzbQSlZ3EyHz-0Ndy6-oAOE13GGIJket_YHTIhtGklspYodPhZzuMvCv84OAF2A/s1600/15.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">This means that we also have to apply the command on R2's point-to-point interface.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAQQSAOASxkWIRsx4NFKzWkvxfWeQPbJJv3PKn3yv4phzhhF8n1xHa04BPUDcBFTK25evHfUvbsnI8-XOC4BWd_x_f9ltglc_z5h3Dm3X1pkEfo1EGPySTCSlFxwFY1z0U6648rR9XZtI/s1600/16.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAQQSAOASxkWIRsx4NFKzWkvxfWeQPbJJv3PKn3yv4phzhhF8n1xHa04BPUDcBFTK25evHfUvbsnI8-XOC4BWd_x_f9ltglc_z5h3Dm3X1pkEfo1EGPySTCSlFxwFY1z0U6648rR9XZtI/s1600/16.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">Now on R1, we can see that R2's has also stopped advertising the link Type -3. </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5ArGh0vU4dSwHnSKXL9-Y2c0p-HffVlVW4zNfXW1o06B-kN_IWmbni3eYgx8npFDlvggeMfEDFbn5ilAqRco-6_yoOst0W4eQ9RlXWqF_ulMIvvlumbGlaNbtDcowZ_f6cPnLymvAHgg/s1600/18.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5ArGh0vU4dSwHnSKXL9-Y2c0p-HffVlVW4zNfXW1o06B-kN_IWmbni3eYgx8npFDlvggeMfEDFbn5ilAqRco-6_yoOst0W4eQ9RlXWqF_ulMIvvlumbGlaNbtDcowZ_f6cPnLymvAHgg/s1600/18.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<span style="font-family: Verdana, sans-serif;">As a result of that R1 doesn't have the transit subnet (10.1.23.0/24) in the routing table now.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyj0e8Owm07nRNVowGkTyKS-2-1N-uHUuiaM_nRIPe9nz5AnxGSoCEwJWOjHrzS_-zB2ZqcCtoqdFDiM3gR75pyV7mak6WuOCMTnbogxiVT-NnbjiMfK3tD80Sd-SJ0fWMKtTPh3YfBHA/s1600/19.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiyj0e8Owm07nRNVowGkTyKS-2-1N-uHUuiaM_nRIPe9nz5AnxGSoCEwJWOjHrzS_-zB2ZqcCtoqdFDiM3gR75pyV7mak6WuOCMTnbogxiVT-NnbjiMfK3tD80Sd-SJ0fWMKtTPh3YfBHA/s1600/19.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">Even though the transit links are now not advertised in OSPF, we still have end to end reachability between loopback IPs.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihkP7GnMnYWYTRdSPaRbRGWt2codqGTnmePbC89SqB_3O9F7tlbhWrlcrwY3XOznXxjUAAf3QdbLZe-KJpumssVAGGERc2hrQbuI5hhBgfUFlF3tCAtbTasL9DtCIFEUaqPkKUmCooDeQ/s1600/20.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihkP7GnMnYWYTRdSPaRbRGWt2codqGTnmePbC89SqB_3O9F7tlbhWrlcrwY3XOznXxjUAAf3QdbLZe-KJpumssVAGGERc2hrQbuI5hhBgfUFlF3tCAtbTasL9DtCIFEUaqPkKUmCooDeQ/s1600/20.PNG" /></a></div>
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">If we have multiple transit links in the network then this command will help us reducing the size of the routing table.</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">Here is the link to the official documentation from Cisco</span></div>
<div>
<a href="http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t15/ht_osmch.html" style="font-family: Verdana, sans-serif;">http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t15/ht_osmch.html</a><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">it says</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><i>"The OSPF mechanism to exclude connected IP prefixes from LSAs allows network administrators to control what IP prefixes are installed into LSAs. This functionality is implemented for router and network LSAs in the following manner:</i></span><br />
<span style="font-family: Verdana, sans-serif;"><i>•For the router LSA, to exclude prefixes, the feature excludes link type 3 (stub link).</i></span><br />
<span style="font-family: Verdana, sans-serif;"><i>•For the network LSA, the OSPF Designated Router (DR) generates LSAs with a special /32 network mask (0xFFFFFFFF)."</i></span><br />
<br />
<span style="font-family: Verdana, sans-serif;">The things to remember here are</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">i. For the network types which select DR/BDR, the command has to be applied on the DR.</span><br />
<span style="font-family: Verdana, sans-serif;">ii. for the network types which do not select DR/BDR, the command has to be applied on all the routers connected with the link.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<br /></div>
</div>
Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com5tag:blogger.com,1999:blog-3934012154598313421.post-3058389356876572812014-12-23T14:40:00.001+00:002014-12-23T14:48:23.844+00:00DNS Records<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: Verdana, sans-serif;">In this post we are going to look at various DNS records which are frequently used.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;"><b>1. A Record</b></span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The A (</span><span style="font-family: Verdana, sans-serif;">Address Record) </span><span style="font-family: Verdana, sans-serif;">record maps the domain name to the 32 bit IP address so for example </span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">www.mydomainname.com. A 192.168.1.1</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The A record is also known as host record.</span><br />
<br />
<span style="font-family: Verdana, sans-serif;">For the IPv6 you have AAAA record which directs the domain name to the 128 bit IP address. The structure is very much the same; it's just bit longer.</span><br />
<a name='more'></a><b style="font-family: Verdana, sans-serif;"><br /></b>
<b style="font-family: Verdana, sans-serif;">2. CNAME Record</b><br />
<span style="font-family: Verdana, sans-serif;"><br /></span><span style="font-family: Verdana, sans-serif;">The CNAME (</span><span style="font-family: Verdana, sans-serif;">canonical name</span><span style="font-family: Verdana, sans-serif;">)</span><span style="font-family: Verdana, sans-serif;"> record makes one domain name an alias of another. </span><span style="font-family: Verdana, sans-serif;">This allows your machine to have multiple hostnames however each of those hostnames doesn't need an individual "A" record.</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">e.g. Let's say you want to create sub-domain </span><span style="font-family: Verdana, sans-serif;">ftp.</span><span style="font-family: Verdana, sans-serif;">mydomainname</span><span style="font-family: Verdana, sans-serif;">.com for your main domain </span><span style="font-family: Verdana, sans-serif;">www.</span><span style="font-family: Verdana, sans-serif;">mydomainname</span><span style="font-family: Verdana, sans-serif;">.com</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">The CNAME record will look like this</span><br />
<span style="font-family: Verdana, sans-serif;"><br /></span>
<span style="font-family: Verdana, sans-serif;">ftp.</span><span style="font-family: Verdana, sans-serif;">mydomainname</span><span style="font-family: Verdana, sans-serif;">.com. CNAME </span><span style="font-family: Verdana, sans-serif;">mydomainname</span><span style="font-family: Verdana, sans-serif;">.com</span><br />
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">You don't need to create a separate A record for this sub-domain. It will use the IP address from A record of the main domain.</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><b>3. NS Record</b></span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><b><br /></b></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">NS (Name Server) maps a domain name to DNS servers that are authoritative for that particular domain. It determines which servers will communicate DNS information for the domain. You normally configure two NS record (</span><span style="font-family: Verdana, sans-serif;">as primary and backup)</span><span style="font-family: Verdana, sans-serif;"> for you domain .</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">e.g.</span></div>
<div>
<div>
<span style="font-family: Verdana, sans-serif;">mydomainname.com NS ns1.example.com.</span></div>
<div>
<span style="font-family: Verdana, sans-serif;">mydomainname.com NS ns2.example.com.</span></div>
</div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><b>4. MX Record</b></span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">MX (Mail Exchange) record maps a domain name to list of mail servers for that domain. </span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">e.g.</span></div>
<div>
<span style="font-family: Verdana, sans-serif;">mydomainname.com. 1800 IN MX 0 mail1.mydomainname.com. </span></div>
<div>
<span style="font-family: Verdana, sans-serif;">mail1.mydomainname.com. A 10.10.10.10</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">The MX record shows that all the emails @mydomainname.com will be routed to the mail server mail1.mydomainname.com. The A record shows that this mail server is located at 10.10.10.10.</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">Multiple MX records can also be defined for a domain with a different priority. If mail can't be delivered using the highest priority record, the </span><span style="font-family: Verdana, sans-serif;">second priority record is used.</span></div>
<div>
<br /></div>
<div>
<span style="font-family: Verdana, sans-serif;"><b>5. PTR Record</b></span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">PTR (Pointer) record maps an IPv4 address to a host name. It is generally used for reverse lookups. </span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">The way it works is that let's say www.mydomainname.com has the IP address 192.168.1.1 then the PTR record would look like</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">1.1.168.192.in-addr.arpa IN PTR mydomainname.com.</span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">As we can see the IP Address is reversed and added with in-addr.arpa. This is generally used as an anti-spam measures where the mail server will do the reverse DNS lookup to check if the server is actually associated with the IP address from where the connection was initiated. </span></div>
<div>
<span style="font-family: Verdana, sans-serif;"><br /></span></div>
<div>
<span style="font-family: Verdana, sans-serif;">Some incoming mail servers will not accept a message from an IP address which does not identify itself with a PTR record so it's advisable to setup the PTR record for your servers especially mail/smtp servers.</span></div>
</div>
Jigar Shuklahttp://www.blogger.com/profile/09262129512764932405noreply@blogger.com0