Saturday, August 20, 2011

BGP FREE CORE

 

image

In this article I would like to demonstrate the BGP free core power , the simplicity for the ISP as well as for the customer need to have site to site connectivity with out him creating vpns or doing any complex configuration.

R1_VRF_CCIE R2_VRF_CCIE R2_VRF_CCDE R1_VRF_CCDE
R1_VRF_CCIE#sh run
Building configuration...
Current configuration : 641 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1_VRF_CCIE
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 1.1.13.1 255.255.255.0
 duplex auto
 speed auto
!
router rip
 version 2
 network 1.0.0.0
 no auto-summary
!
ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 login
!
!
end
R1_VRF_CCIE#
R2_VRF_CCIE#sh run
Building configuration...
Current configuration : 717 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2_VRF_CCIE
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface Loopback1
 ip address 1.1.22.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 1.1.42.2 255.255.255.0
 duplex auto
 speed auto
!
router rip
 version 2
 network 1.0.0.0
 network 2.0.0.0
 no auto-summary
!
ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 login
!
!
end
R2_VRF_CCIE#
R2_VRF_CCDE#sh run
Building configuration...
Current configuration : 1011 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R2_VRF_CCDE
!
boot-start-marker
boot-end-marker
!
!
ip subnet-zero
ip cef
!
!
!
no mpls traffic-eng auto-bw timers frequency 0
call rsvp-sync
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 8.8.8.8 255.255.255.255
 no clns route-cache
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
 no clns route-cache
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
 no clns route-cache
!
interface ATM1/0
 no ip address
 no atm enable-ilmi-trap
 no clns route-cache
!
interface ATM1/0.1 point-to-point
 ip address 1.1.48.8 255.255.255.0
 no atm enable-ilmi-trap
 pvc 0/201
  encapsulation aal5snap
 !
!
router eigrp 100
 network 0.0.0.0
 no auto-summary
!
ip classless
!
no ip http server
!
!
!
!
!
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
line con 0
 exec-timeout 0 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 no login
!
!
end
R1_VRF_CCDE#sh run
Building configuration...
Current configuration : 1360 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1_VRF_CCDE
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 6.6.6.6 255.255.255.255
 ip ospf 1 area 0
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 1.1.67.6 255.255.255.0
 encapsulation frame-relay
 ip ospf priority 0
 ip ospf 1 area 0
 clock rate 2000000
 frame-relay map ip 1.1.67.3 201 broadcast
 no frame-relay inverse-arp
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/2
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial1/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
!
router ospf 1
 router-id 6.6.6.6
 log-adjacency-changes
!
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 login
!
!
end
R1_VRF_CCDE#

 

you can see in the configuration there is no VRF configured, I only called them VFR routers as this are the CE connected to the ISP PE routers.

below you can see CE for CCIE the path from R1 to R2 can be (R1 –> R3 –> R4 –> R2) or ( R1 –> R3 –>R5 –> R4 –> R2 )

 

R1_VRF_CCIE#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     1.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C       1.1.1.1/32 is directly connected, Loopback0
C       1.1.13.0/24 is directly connected, FastEthernet0/0
R       1.1.22.2/32 [120/1] via 1.1.13.3, 00:00:11, FastEthernet0/0
R       1.1.42.0/24 [120/1] via 1.1.13.3, 00:00:11, FastEthernet0/0
     2.0.0.0/32 is subnetted, 1 subnets
R       2.2.2.2 [120/1] via 1.1.13.3, 00:00:11, FastEthernet0/0
R1_VRF_CCIE#ping 2.2.2.2 sou
R1_VRF_CCIE#ping 2.2.2.2 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/77/120 ms
R1_VRF_CCIE#
R1_VRF_CCIE#traceroute 2.2.2.2 source lo0
Type escape sequence to abort.
Tracing the route to 2.2.2.2
  1 1.1.13.3 32 msec 16 msec 24 msec
  2 1.1.42.4 [MPLS: Labels 19 Exp 0] 28 msec 48 msec 40 msec
  3 1.1.42.2 72 msec *  72 msec
R1_VRF_CCIE#
R1_VRF_CCIE#traceroute 2.2.2.2 source lo0
Type escape sequence to abort.
Tracing the route to 2.2.2.2
  1 1.1.13.3 20 msec 28 msec 16 msec
  2 1.1.35.5 [MPLS: Labels 18/19 Exp 0] 96 msec 80 msec 68 msec
  3 1.1.42.4 [MPLS: Label 19 Exp 0] 68 msec 40 msec 40 msec
  4 1.1.42.2 64 msec *  76 msec
R1_VRF_CCIE#

 

 

I the above trace I have demonstrated the 2 path selection, the first it the natural selection and just by shutting the interface between R3 to R4 I have enforced the routers to select the other path (only to show that both paths are valid and working), please noting another interesting thing is to that we see the MPLS path In the next article I will show you how to keep that information out from the customer need to know Smile but as for this demonstration it help me show you how dose it work.

now we see that the CE is simply configured with ip address under the interface (along with the proper L2 configuration) and IGP again that is another decision I made for simplicity, the next step will be to demonstrate a multi home mode however lets not get ahead of our self.

So lets look how is the ISP configured:

R3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     1.0.0.0/24 is subnetted, 3 subnets
C       1.1.35.0 is directly connected, Serial1/1
C       1.1.43.0 is directly connected, Serial1/0
O       1.1.45.0 [110/128] via 1.1.43.4, 00:10:44, Serial1/0
                 [110/128] via 1.1.35.5, 00:10:44, Serial1/1
     3.0.0.0/32 is subnetted, 1 subnets
C       3.3.3.3 is directly connected, Loopback0
     4.0.0.0/32 is subnetted, 1 subnets
O       4.4.4.4 [110/65] via 1.1.43.4, 00:10:44, Serial1/0
     5.0.0.0/32 is subnetted, 1 subnets
O       5.5.5.5 [110/65] via 1.1.35.5, 00:10:44, Serial1/1
# Where is the router to 2.2.2.2 and to 1.1.1.1???!
# Remmeber the VRF?!
R3#sh ip route vrf CCIE
Routing Table: CCIE
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     1.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
R       1.1.1.1/32 [120/1] via 1.1.13.1, 00:00:15, FastEthernet0/0
C       1.1.13.0/24 is directly connected, FastEthernet0/0
B       1.1.22.2/32 [200/1] via 4.4.4.4, 4d22h
B       1.1.42.0/24 [200/0] via 4.4.4.4, 4d22h
     2.0.0.0/32 is subnetted, 1 subnets
B       2.2.2.2 [200/1] via 4.4.4.4, 4d22h
R3#
# OK now I can see the routes, but wait I do not have BGP
# Configured on my customers!!!

OK so how dose that work in our topology CE to PE we have IGP configured, On the PE I have the IGP to form route distribution with CE’s, I have IGP to between all the ISP routers only for internal and LDP / TDP (MPLS lable mapping) and I have BGP for distributing Customer routes to the IGP, now you ask your self , YOU SAID this should be BGP FREE ???! please noting to the headline is say BGP FREE CORE and by core I refer to all internal ISP network, in my diagram you can see only one core router R5 however ISP’s are build with far more complex and their core may contain a little more than that.

So lets see what we have on R5 as I have demonstrated an instance where the path is using him :

R5#sh ip route vrf *
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     1.0.0.0/24 is subnetted, 3 subnets
C       1.1.35.0 is directly connected, Serial0/1
O       1.1.43.0 [110/128] via 1.1.45.4, 00:24:19, Serial0/0
                 [110/128] via 1.1.35.3, 00:24:19, Serial0/1
C       1.1.45.0 is directly connected, Serial0/0
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/65] via 1.1.35.3, 00:24:19, Serial0/1
     4.0.0.0/32 is subnetted, 1 subnets
O       4.4.4.4 [110/65] via 1.1.45.4, 00:24:19, Serial0/0
     5.0.0.0/32 is subnetted, 1 subnets
C       5.5.5.5 is directly connected, Loopback0
R5#
# AS You can see there is only main routing table no VRF 
# 
R5#sh ip protocols
Routing Protocol is "ospf 1"
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Router ID 5.5.5.5
  Number of areas in this router is 1. 1 normal 0 stub 0 nssa
  Maximum path: 4
  Routing for Networks:
    1.1.35.5 0.0.0.0 area 0
    1.1.45.5 0.0.0.0 area 0
    5.5.5.5 0.0.0.0 area 0
 Reference bandwidth unit is 100 mbps
  Routing Information Sources:
    Gateway         Distance      Last Update
    2.2.2.2              110      5d21h
    1.1.1.1              110      6d00h
    3.3.3.3              110      00:25:24
    4.4.4.4              110      00:25:24
  Distance: (default is 110)
R5#
# Only OSPF of the main table! used as I have mentiond for
# Internal ISP communication and LDP / TDP (MPLS lable mapping)
R5#sh mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     Pop tag     1.1.43.0/24       0          Se0/0      point2point
       Pop tag     1.1.43.0/24       0          Se0/1      point2point
17     Pop tag     3.3.3.3/32        4764362    Se0/1      point2point
18     Pop tag     4.4.4.4/32        5707479    Se0/0      point2point
R5#
You can also see the MPLS table is very small the only thing R5 need to know is what to do when receiving label 16 , 17 , 18  
   
R3#sh run
Building configuration...
Current configuration : 2839 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
ip subnet-zero
ip cef
!
!
no ip domain-lookup
!
ip vrf CCDE
 rd 333:2
 route-target export 1001:11
 route-target import 1001:11
!
ip vrf CCIE
 rd 333:1
 route-target export 10000:1
 route-target import 10001:1
!
no mpls traffic-eng auto-bw timers frequency 0
call rsvp-sync
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
 no clns route-cache
!
interface Loopback1
 ip vrf forwarding CCDE
 ip address 33.3.3.3 255.255.255.255
 no clns route-cache
!
interface FastEthernet0/0
 ip vrf forwarding CCIE
 ip address 1.1.13.3 255.255.255.0
 duplex auto
 speed auto
 no clns route-cache
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
 no clns route-cache
!
interface Serial1/0
 ip address 1.1.43.3 255.255.255.0
 mpls ip
 serial restart-delay 0
 no clns route-cache
!
interface Serial1/1
 ip address 1.1.35.3 255.255.255.0
 mpls ip
 serial restart-delay 0
 no clns route-cache
!
interface Serial1/2
 no ip address
 encapsulation frame-relay
 serial restart-delay 0
 no frame-relay inverse-arp
 no clns route-cache
!
interface Serial1/2.2 multipoint
 ip vrf forwarding CCDE
 ip address 1.1.67.3 255.255.255.0
 frame-relay map ip 1.1.67.6 102 broadcast
 frame-relay map ip 1.1.67.7 103 broadcast
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
 no clns route-cache
!
router ospf 2 vrf CCDE
 router-id 33.3.3.3
 log-adjacency-changes
 redistribute bgp 10000 subnets
 network 1.1.67.3 0.0.0.0 area 0
 network 33.3.3.3 0.0.0.0 area 0
 neighbor 1.1.67.7
 neighbor 1.1.67.6
!
router ospf 1
 router-id 3.3.3.3
 log-adjacency-changes
 network 1.1.13.3 0.0.0.0 area 0
 network 1.1.35.3 0.0.0.0 area 0
 network 1.1.43.3 0.0.0.0 area 0
 network 3.3.3.3 0.0.0.0 area 0
!
router rip
 !
 address-family ipv4 vrf CCIE
 redistribute bgp 10000 metric 1
 network 1.0.0.0
 no auto-summary
 version 2
 exit-address-family
!
router bgp 10000
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 4.4.4.4 remote-as 10000
 neighbor 4.4.4.4 update-source Loopback0
 !
 address-family ipv4
 neighbor 4.4.4.4 activate
 no auto-summary
 no synchronization
 exit-address-family
 !
 address-family vpnv4
 neighbor 4.4.4.4 activate
 neighbor 4.4.4.4 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf CCIE
 redistribute rip
 no auto-summary
 no synchronization
 exit-address-family
 !
 address-family ipv4 vrf CCDE
 redistribute ospf 2 vrf CCDE
 no auto-summary
 no synchronization
 exit-address-family
!
ip classless
!
no ip http server
!
!
!
!
!
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
!
!
end
R3#
R4#sh run
Building configuration...
Current configuration : 2627 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
ip subnet-zero
ip cef
!
!
no ip domain-lookup
!
ip vrf CCDE
 rd 444:2
 route-target export 1001:11
 route-target import 1001:11
!
ip vrf CCIE
 rd 444:1
 route-target export 10001:1
 route-target import 10000:1
!
no mpls traffic-eng auto-bw timers frequency 0
call rsvp-sync
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 4.4.4.4 255.255.255.255
 no clns route-cache
!
interface FastEthernet0/0
 ip vrf forwarding CCIE
 ip address 1.1.42.4 255.255.255.0
 duplex auto
 speed auto
 no clns route-cache
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
 no clns route-cache
!
interface Serial1/0
 ip address 1.1.43.4 255.255.255.0
 mpls ip
 serial restart-delay 0
 no clns route-cache
!
interface Serial1/1
 ip address 1.1.45.4 255.255.255.0
 mpls ip
 serial restart-delay 0
 no clns route-cache
!
interface Serial1/2
 no ip address
 shutdown
 serial restart-delay 0
 no clns route-cache
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
 no clns route-cache
!
interface ATM2/0
 no ip address
 no atm enable-ilmi-trap
 no clns route-cache
!
interface ATM2/0.2 point-to-point
 ip vrf forwarding CCDE
 ip address 1.1.48.4 255.255.255.0
 no atm enable-ilmi-trap
 pvc 0/102
  encapsulation aal5snap
 !
!
router eigrp 100
 no auto-summary
 !
 address-family ipv4 vrf CCDE
 redistribute bgp 10000 metric 1 1 1 1 1
 network 0.0.0.0
 no auto-summary
 autonomous-system 100
 exit-address-family
!
router ospf 1
 router-id 4.4.4.4
 log-adjacency-changes
 network 1.1.42.4 0.0.0.0 area 0
 network 1.1.43.4 0.0.0.0 area 0
 network 1.1.45.4 0.0.0.0 area 0
 network 4.4.4.4 0.0.0.0 area 0
!
router rip
 !
 address-family ipv4 vrf CCIE
 redistribute bgp 10000 metric 1
 network 1.0.0.0
 no auto-summary
 version 2
 exit-address-family
!
router bgp 10000
 no synchronization
 bgp log-neighbor-changes
 neighbor 3.3.3.3 remote-as 10000
 neighbor 3.3.3.3 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
 neighbor 3.3.3.3 activate
 neighbor 3.3.3.3 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf CCIE
 redistribute rip
 no auto-summary
 no synchronization
 exit-address-family
 !
 address-family ipv4 vrf CCDE
 redistribute eigrp 100
 no auto-summary
 no synchronization
 exit-address-family
!
ip classless
!
no ip http server
!
!
!
!
!
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
!
!
end
R4#

Please look into the configuration of R3 and R4 (ISP- PE) now you can see I have configured vrf CCIE and CCDE, IGP for PE to CE, IGP for Internal ISP and BGP for distributing customers routes.

Noting to 2 new configuration rd (route distinguisher) and route target, the rd provide a uniq id to the NLRI so the router will know if route 192.168.0.0 of Customer A from 192.168.0.0 of Customer B as it is perfectly ok for me to use RFC1918 range in my organization and have the same range used in 10 other organization’s however if all 10 are connected to the same ISP and the ISP need to provide the customer vpn between his sites, he also need to know that when he get communication from the CEO of Microsoft not to deliver it by mistake to the CEO of Cisco when he only wanted to send the communication to the CTO of Microsoft (although it will simply not going to work in the application level, this is a raw example of what we want to avoid).

 

R4# sh ip bgp vpnv4 all
BGP table version is 58, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 333:1
*>i1.1.1.1/32       3.3.3.3                  1    100      0 ?
*>i1.1.13.0/24      3.3.3.3                  0    100      0 ?
Route Distinguisher: 333:2
*>i1.1.67.0/24      3.3.3.3                  0    100      0 ?
*>i6.6.6.6/32       3.3.3.3                 65    100      0 ?
*>i33.3.3.3/32      3.3.3.3                  0    100      0 ?
Route Distinguisher: 444:1 (default for vrf CCIE)
*>i1.1.1.1/32       3.3.3.3                  1    100      0 ?
*>i1.1.13.0/24      3.3.3.3                  0    100      0 ?
*> 1.1.22.2/32      1.1.42.2                 1         32768 ?
*> 1.1.42.0/24      0.0.0.0                  0         32768 ?
*> 2.2.2.2/32       1.1.42.2                 1         32768 ?
Route Distinguisher: 444:2 (default for vrf CCDE)
*> 1.1.48.0/24      0.0.0.0                  0         32768 ?
*>i1.1.67.0/24      3.3.3.3                  0    100      0 ?
*>i6.6.6.6/32       3.3.3.3                 65    100      0 ?
   Network          Next Hop            Metric LocPrf Weight Path
*> 8.8.8.8/32       1.1.48.8            146432         32768 ?
*>i33.3.3.3/32      3.3.3.3                  0    100      0 ?
R4# sh ip bgp vpnv4 all
BGP table version is 62, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 333:1
*>i1.1.1.1/32       3.3.3.3                  1    100      0 ?
*>i1.1.13.0/24      3.3.3.3                  0    100      0 ?
*>i192.168.0.0      3.3.3.3                  1    100      0 ?
Route Distinguisher: 333:2
*>i1.1.67.0/24      3.3.3.3                  0    100      0 ?
*>i6.6.6.6/32       3.3.3.3                 65    100      0 ?
*>i33.3.3.3/32      3.3.3.3                  0    100      0 ?
Route Distinguisher: 444:1 (default for vrf CCIE)
*>i1.1.1.1/32       3.3.3.3                  1    100      0 ?
*>i1.1.13.0/24      3.3.3.3                  0    100      0 ?
*> 1.1.22.2/32      1.1.42.2                 1         32768 ?
*> 1.1.42.0/24      0.0.0.0                  0         32768 ?
*> 2.2.2.2/32       1.1.42.2                 1         32768 ?
*>i192.168.0.0      3.3.3.3                  1    100      0 ?
Route Distinguisher: 444:2 (default for vrf CCDE)
*> 1.1.48.0/24      0.0.0.0                  0         32768 ?
   Network          Next Hop            Metric LocPrf Weight Path
*>i1.1.67.0/24      3.3.3.3                  0    100      0 ?
*>i6.6.6.6/32       3.3.3.3                 65    100      0 ?
*> 8.8.8.8/32       1.1.48.8            146432         32768 ?
*>i33.3.3.3/32      3.3.3.3                  0    100      0 ?
*> 192.168.0.0      1.1.48.8            146432         32768 ?

Please notice to route 192.168.0.0

R1_VRF_CCIE#sh run int lo10
Building configuration...
Current configuration : 66 bytes
!
interface Loopback10
 ip address 192.168.0.1 255.255.255.0
end
R2_VRF_CCDE#sh run int lo10
Building configuration...
Current configuration : 87 bytes
!
interface Loopback10
 ip address 192.168.0.1 255.255.255.0
 no clns route-cache
end
R2_VRF_CCDE#
R1_VRF_CCDE#ping 192.168.0.1 r 1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
!
Success rate is 100 percent (1/1), round-trip min/avg/max = 44/44/44 ms
R1_VRF_CCDE#
R2_VRF_CCDE#debug ip icmp
ICMP packet debugging is on
R2_VRF_CCDE#
01:37:17: ICMP: echo reply sent, src 192.168.0.1, dst 1.1.67.6
R2_VRF_CCIE#ping 192.168.0.1 r 1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
!
Success rate is 100 percent (1/1), round-trip min/avg/max = 68/68/68 ms
R2_VRF_CCIE#
R1_VRF_CCIE#debug ip icmp
ICMP packet debugging is on
R1_VRF_CCIE#
*Mar  1 01:38:17.739: ICMP: echo reply sent, src 192.168.0.1, dst 1.1.42.2

So that is the power of rd!

Now what is the route target , I will try to explain it in a simple way, between the PE’s we have BGP running, for the IGP routes to be propagated correctly between them I need to tell each vrf what NLRI to import and export from and to the BGP. it should be unique for per customers as the rd is unique.

! R3 Original config
ip vrf CCDE
 rd 333:2
 route-target export 1001:11
 route-target import 1001:11
!
ip vrf CCIE
 rd 333:1
 route-target export 10000:1
 route-target import 10001:1
!
R3(config)#ip vrf CCIE
R3(config-vrf)#route-target import 1001:11
# See what happen on R1 :
R1_VRF_CCIE#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     1.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C       1.1.1.1/32 is directly connected, Loopback0
C       1.1.13.0/24 is directly connected, FastEthernet0/0
R       1.1.22.2/32 [120/1] via 1.1.13.3, 00:00:24, FastEthernet0/0
R       1.1.42.0/24 [120/1] via 1.1.13.3, 00:00:24, FastEthernet0/0
     2.0.0.0/32 is subnetted, 1 subnets
R       2.2.2.2 [120/1] via 1.1.13.3, 00:00:24, FastEthernet0/0
C    192.168.0.0/24 is directly connected, Loopback10
R1_VRF_CCIE#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     1.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C       1.1.1.1/32 is directly connected, Loopback0
C       1.1.13.0/24 is directly connected, FastEthernet0/0
R       1.1.22.2/32 [120/1] via 1.1.13.3, 00:00:01, FastEthernet0/0
R       1.1.42.0/24 [120/1] via 1.1.13.3, 00:00:01, FastEthernet0/0
R       1.1.48.0/24 [120/1] via 1.1.13.3, 00:00:01, FastEthernet0/0
R       1.1.67.0/24 [120/1] via 1.1.13.3, 00:00:01, FastEthernet0/0
     2.0.0.0/32 is subnetted, 1 subnets
R       2.2.2.2 [120/1] via 1.1.13.3, 00:00:02, FastEthernet0/0
     33.0.0.0/32 is subnetted, 1 subnets
R       33.3.3.3 [120/1] via 1.1.13.3, 00:00:02, FastEthernet0/0
     6.0.0.0/32 is subnetted, 1 subnets
R       6.6.6.6 [120/1] via 1.1.13.3, 00:00:02, FastEthernet0/0
     8.0.0.0/32 is subnetted, 1 subnets
R       8.8.8.8 [120/1] via 1.1.13.3, 00:00:03, FastEthernet0/0
C    192.168.0.0/24 is directly connected, Loopback10
R1_VRF_CCIE#
by importing CCDE route target I cause a leak and R1 to be aware for routes he do not have any access to
R1_VRF_CCIE#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R1_VRF_CCIE#ping 192.168.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
# And even worse I have caused comunication to be replayed from the wrong 
# host just because he hold the same IP!!
R2_VRF_CCDE#
02:07:58: ICMP: echo reply sent, src 8.8.8.8, dst 1.1.13.1
02:08:00: ICMP: echo reply sent, src 8.8.8.8, dst 1.1.13.1
02:08:02: ICMP: echo reply sent, src 8.8.8.8, dst 1.1.13.1
02:08:04: ICMP: echo reply sent, src 8.8.8.8, dst 1.1.13.1
02:08:06: ICMP: echo reply sent, src 8.8.8.8, dst 1.1.13.1

 

I hope that was informative, for now providing you basic understanding to what is BGP FREE CORE advantages and what can cause misunderstanding the basics.

1 comment: