Search This Blog

Friday, February 22, 2013

MP-BGP



First I would like to show MP-BGP RD and RT parameters on BGP update message:

R1 is sending BGP update message to R4:


 Address family <AFI 1, SAFI 128> indicates that each NLRI in an MP-REACH-NLRI or MP-UNREACH-NLRI attribute consists of three parts:
a) An MPLS label stack
b) A route distinguisher
c) An IPv4 prefix

The message includes (among other things) an extended community with route-target value:



And the VPNv4 prefix along with RD and MPLS label (R4 will use this label as outgoing label):


Using this information R4 can knows the originator of the VPNv4 prefix and to which routing table to add this route, in this case to VRF ABC.

This is the network topology:


And the network information:

Name
Administrative
Role
R1
Service provider
P router, route-reflector
R2
Service provider
PE router
R3
Service provider
PE router
R4
Service provider
PE router
R5
Service provider
PE router
R6
ABC
CE
R7
ABC
CE
R8
CNN
CE

      -          The SP network is running with OSPF as IGP, LDP, BGP and MP-BGP.
      -          R6 and R7 are using EIGRP as CE-to-PE protocol
      -          R8 is using OSPF as CE-to-PE protocol
      -          Each CE is advertising his directly connected interfaces into the routing domain,

*Full configuration will can be found below.

First task: Customer ABC wants to allow his site (R6) to communicate with customer CNN (R8) but only through the backup link and only from specific subnet (192.168.63.0/24).

So let’s start with R5 which is the PE router for R8:
ip vrf CNN
 rd 5:200
 route-target export 200:200
 route-target export 400:400
 route-target import 200:200
 route-target import 300:300

I’m using RT 300:300 to import R6 prefixes and RT 400:400 to advertise R8 prefixes.
Now on R3, which is the PE for R6 on the backup link:
ip vrf ABC
 rd 3:100
 export map RM_VRF_EXPORT_MAP
 route-target export 100:100
 route-target import 100:100
 route-target import 400:400
!
ip prefix-list PL_NET63 seq 5 permit 192.168.63.0/24
!
route-map RM_VRF_EXPORT_MAP permit 10
 match ip address prefix-list PL_NET63
 set extcommunity rt  300:300 additive
!        
route-map RM_VRF_EXPORT_MAP permit 20

Note I’m using export map on the VRF to attach an extended community only to subnet 192.168.63.0/24.

Few more things that should be done,Block R2 from learning R8 prefixes:
router eigrp 1
 no auto-summary
 !
 address-family ipv4 vrf ABC
  redistribute bgp 65000 metric 100000 10 255 1 1500
  network 10.1.26.2 0.0.0.0
  distribute-list 6 in
  no auto-summary
  autonomous-system 236
 exit-address-family
!
access-list 6 permit 192.168.61.0 0.0.0.255
access-list 6 permit 192.168.62.0 0.0.0.255
access-list 6 permit 192.168.63.0 0.0.0.255

And configure BGP to ignore cost-community on all SP routers:
router bgp 65000
 no synchronization
 bgp log-neighbor-changes
 bgp bestpath cost-community ignore
 neighbor 1.1.1.1 remote-as 65000
 neighbor 1.1.1.1 update-source Loopback0
 neighbor 1.1.1.1 send-community both
 neighbor 1.1.1.1 soft-reconfiguration inbound
 no auto-summary
 !

Else PE router may prefer BGP as best path to R6 prefixes as shown below:
R3#sh ip eigrp vrf ABC topology
IP-EIGRP Topology Table for AS(236)/ID(3.3.3.3) Routing Table: ABC

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status

P 10.1.26.0/24, 1 successors, FD is 28160
        via VPNv4 Sourced (28160/0)
P 192.168.72.0/24, 1 successors, FD is 28160
        via Redistributed (28160/0)
P 10.1.47.0/24, 1 successors, FD is 28160
        via Redistributed (28160/0)
P 192.168.71.0/24, 1 successors, FD is 28160
        via Redistributed (28160/0)
P 10.1.36.0/24, 1 successors, FD is 2816000
        via Connected, FastEthernet1/1
P 10.1.58.0/24, 1 successors, FD is 28160
        via Redistributed (28160/0)
P 192.168.81.0/24, 1 successors, FD is 28160
        via Redistributed (28160/0)
P 192.168.82.0/24, 1 successors, FD is 28160
        via Redistributed (28160/0)
P 192.168.61.0/24, 1 successors, FD is 156160
        via VPNv4 Sourced (156160/0)
        via 10.1.36.6 (2944000/128256), FastEthernet1/1
P 192.168.62.0/24, 1 successors, FD is 156160
        via VPNv4 Sourced (156160/0)
        via 10.1.36.6 (2944000/128256), FastEthernet1/1
P 192.168.63.0/24, 1 successors, FD is 156160
        via VPNv4 Sourced (156160/0)
        via 10.1.36.6 (2944000/128256), FastEthernet1/1
R3#show ip bgp vpnv4 vrf ABC 192.168.61.0/24
BGP routing table entry for 3:100:192.168.61.0/24, version 139
Paths: (1 available, best #1, table ABC)
  Not advertised to any peer
  Local, imported path from 2:100:192.168.61.0/24
    2.2.2.2 (metric 3) from 1.1.1.1 (1.1.1.1)
      Origin incomplete, metric 156160, localpref 100, valid, internal, best
      Extended Community: RT:100:100 Cost:pre-bestpath:128:156160
        0x8800:32768:0 0x8801:236:130560 0x8802:65281:25600 0x8803:65281:1500
      Originator: 2.2.2.2, Cluster list: 1.1.1.1
      mpls labels in/out nolabel/30

Now let’s look on R8 routing table:
R8#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

O E2 192.168.63.0/24 [110/20] via 10.1.58.5, 00:06:39, FastEthernet0/0
C    192.168.81.0/24 is directly connected, Loopback1
     10.0.0.0/24 is subnetted, 1 subnets
C       10.1.58.0 is directly connected, FastEthernet0/0
C    192.168.82.0/24 is directly connected, Loopback2

And check with ping and trace:
R8#ping 192.168.63.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.63.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/56/96 ms
R8#traceroute 192.168.63.1

Type escape sequence to abort.
Tracing the route to 192.168.63.1

  1 10.1.58.5 52 msec 36 msec 16 msec
  2 10.1.15.1 [MPLS: Labels 17/16 Exp 0] 60 msec 72 msec 88 msec
  3 10.1.36.3 [MPLS: Label 16 Exp 0] 76 msec 56 msec 48 msec
  4 10.1.36.6 64 msec *  96 msec

And R6 routing table:
R6#     sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

D EX 192.168.72.0/24 [170/30720] via 10.1.26.2, 00:08:19, FastEthernet0/0
C    192.168.63.0/24 is directly connected, Loopback3
C    192.168.62.0/24 is directly connected, Loopback2
C    192.168.61.0/24 is directly connected, Loopback1
D EX 192.168.81.0/24 [170/2818560] via 10.1.36.3, 00:08:14, FastEthernet0/1
     10.0.0.0/24 is subnetted, 4 subnets
C       10.1.26.0 is directly connected, FastEthernet0/0
D EX    10.1.47.0 [170/30720] via 10.1.26.2, 00:08:19, FastEthernet0/0
C       10.1.36.0 is directly connected, FastEthernet0/1
D EX    10.1.58.0 [170/2818560] via 10.1.36.3, 00:08:15, FastEthernet0/1
D EX 192.168.82.0/24 [170/2818560] via 10.1.36.3, 00:08:15, FastEthernet0/1
D EX 192.168.71.0/24 [170/30720] via 10.1.26.2, 00:08:21, FastEthernet0/0

And ping and trace:
R6#ping 192.168.81.1 source lo3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.81.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.63.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/67/108 ms

R6#traceroute 192.168.82.1 source lo3

Type escape sequence to abort.
Tracing the route to 192.168.82.1

  1 10.1.36.3 12 msec 56 msec 8 msec
  2 10.1.13.1 [MPLS: Labels 19/23 Exp 0] 56 msec 60 msec 52 msec
  3 10.1.58.5 [MPLS: Label 23 Exp 0] 40 msec 68 msec 20 msec
  4 10.1.58.8 56 msec *  80 msec

Using RT which are basically extended communities on MP-BGP, we can alter and manipulate routes through our SP backbone.


No comments:

Post a Comment