In this article I would like to demonstrate the BGP free core power , the simplicity for the ISP as well as for the customer need to have site to site connectivity with out him creating vpns or doing any complex configuration.
R1_VRF_CCIE | R2_VRF_CCIE | R2_VRF_CCDE | R1_VRF_CCDE |
R1_VRF_CCIE#sh run
Building configuration...
Current configuration : 641 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1_VRF_CCIE
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 1.1.13.1 255.255.255.0
duplex auto
speed auto
!
router rip
version 2
network 1.0.0.0
no auto-summary
!
ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
!
end
R1_VRF_CCIE#
|
R2_VRF_CCIE#sh run
Building configuration...
Current configuration : 717 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2_VRF_CCIE
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Loopback1
ip address 1.1.22.2 255.255.255.255
!
interface FastEthernet0/0
ip address 1.1.42.2 255.255.255.0
duplex auto
speed auto
!
router rip
version 2
network 1.0.0.0
network 2.0.0.0
no auto-summary
!
ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
!
end
R2_VRF_CCIE#
|
R2_VRF_CCDE#sh run
Building configuration...
Current configuration : 1011 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R2_VRF_CCDE
!
boot-start-marker
boot-end-marker
!
!
ip subnet-zero
ip cef
!
!
!
no mpls traffic-eng auto-bw timers frequency 0
call rsvp-sync
!
!
!
!
!
!
!
!
interface Loopback0
ip address 8.8.8.8 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
no clns route-cache
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
no clns route-cache
!
interface ATM1/0
no ip address
no atm enable-ilmi-trap
no clns route-cache
!
interface ATM1/0.1 point-to-point
ip address 1.1.48.8 255.255.255.0
no atm enable-ilmi-trap
pvc 0/201
encapsulation aal5snap
!
!
router eigrp 100
network 0.0.0.0
no auto-summary
!
ip classless
!
no ip http server
!
!
!
!
!
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
line con 0
exec-timeout 0 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
no login
!
!
end
|
R1_VRF_CCDE#sh run
Building configuration...
Current configuration : 1360 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1_VRF_CCDE
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 6.6.6.6 255.255.255.255
ip ospf 1 area 0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
ip address 1.1.67.6 255.255.255.0
encapsulation frame-relay
ip ospf priority 0
ip ospf 1 area 0
clock rate 2000000
frame-relay map ip 1.1.67.3 201 broadcast
no frame-relay inverse-arp
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface Serial0/2
no ip address
shutdown
clock rate 2000000
!
interface Serial1/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 1
router-id 6.6.6.6
log-adjacency-changes
!
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
!
end
R1_VRF_CCDE#
|
you can see in the configuration there is no VRF configured, I only called them VFR routers as this are the CE connected to the ISP PE routers.
below you can see CE for CCIE the path from R1 to R2 can be (R1 –> R3 –> R4 –> R2) or ( R1 –> R3 –>R5 –> R4 –> R2 )
R1_VRF_CCIE#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 1.1.1.1/32 is directly connected, Loopback0
C 1.1.13.0/24 is directly connected, FastEthernet0/0
R 1.1.22.2/32 [120/1] via 1.1.13.3, 00:00:11, FastEthernet0/0
R 1.1.42.0/24 [120/1] via 1.1.13.3, 00:00:11, FastEthernet0/0
2.0.0.0/32 is subnetted, 1 subnets
R 2.2.2.2 [120/1] via 1.1.13.3, 00:00:11, FastEthernet0/0
R1_VRF_CCIE#ping 2.2.2.2 sou
R1_VRF_CCIE#ping 2.2.2.2 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/77/120 ms
R1_VRF_CCIE#
R1_VRF_CCIE#traceroute 2.2.2.2 source lo0
Type escape sequence to abort.
Tracing the route to 2.2.2.2
1 1.1.13.3 32 msec 16 msec 24 msec
2 1.1.42.4 [MPLS: Labels 19 Exp 0] 28 msec 48 msec 40 msec
3 1.1.42.2 72 msec * 72 msec
R1_VRF_CCIE#
R1_VRF_CCIE#traceroute 2.2.2.2 source lo0
Type escape sequence to abort.
Tracing the route to 2.2.2.2
1 1.1.13.3 20 msec 28 msec 16 msec
2 1.1.35.5 [MPLS: Labels 18/19 Exp 0] 96 msec 80 msec 68 msec
3 1.1.42.4 [MPLS: Label 19 Exp 0] 68 msec 40 msec 40 msec
4 1.1.42.2 64 msec * 76 msec
R1_VRF_CCIE#
I the above trace I have demonstrated the 2 path selection, the first it the natural selection and just by shutting the interface between R3 to R4 I have enforced the routers to select the other path (only to show that both paths are valid and working), please noting another interesting thing is to that we see the MPLS path In the next article I will show you how to keep that information out from the customer need to know but as for this demonstration it help me show you how dose it work.
now we see that the CE is simply configured with ip address under the interface (along with the proper L2 configuration) and IGP again that is another decision I made for simplicity, the next step will be to demonstrate a multi home mode however lets not get ahead of our self.
So lets look how is the ISP configured:
R3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 3 subnets
C 1.1.35.0 is directly connected, Serial1/1
C 1.1.43.0 is directly connected, Serial1/0
O 1.1.45.0 [110/128] via 1.1.43.4, 00:10:44, Serial1/0
[110/128] via 1.1.35.5, 00:10:44, Serial1/1
3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/65] via 1.1.43.4, 00:10:44, Serial1/0
5.0.0.0/32 is subnetted, 1 subnets
O 5.5.5.5 [110/65] via 1.1.35.5, 00:10:44, Serial1/1
# Where is the router to 2.2.2.2 and to 1.1.1.1???!
# Remmeber the VRF?!
R3#sh ip route vrf CCIE
Routing Table: CCIE
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
R 1.1.1.1/32 [120/1] via 1.1.13.1, 00:00:15, FastEthernet0/0
C 1.1.13.0/24 is directly connected, FastEthernet0/0
B 1.1.22.2/32 [200/1] via 4.4.4.4, 4d22h
B 1.1.42.0/24 [200/0] via 4.4.4.4, 4d22h
2.0.0.0/32 is subnetted, 1 subnets
B 2.2.2.2 [200/1] via 4.4.4.4, 4d22h
R3#
# OK now I can see the routes, but wait I do not have BGP
# Configured on my customers!!!
OK so how dose that work in our topology CE to PE we have IGP configured, On the PE I have the IGP to form route distribution with CE’s, I have IGP to between all the ISP routers only for internal and LDP / TDP (MPLS lable mapping) and I have BGP for distributing Customer routes to the IGP, now you ask your self , YOU SAID this should be BGP FREE ???! please noting to the headline is say BGP FREE CORE and by core I refer to all internal ISP network, in my diagram you can see only one core router R5 however ISP’s are build with far more complex and their core may contain a little more than that.
So lets see what we have on R5 as I have demonstrated an instance where the path is using him :
R5#sh ip route vrf *
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 3 subnets
C 1.1.35.0 is directly connected, Serial0/1
O 1.1.43.0 [110/128] via 1.1.45.4, 00:24:19, Serial0/0
[110/128] via 1.1.35.3, 00:24:19, Serial0/1
C 1.1.45.0 is directly connected, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 1.1.35.3, 00:24:19, Serial0/1
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/65] via 1.1.45.4, 00:24:19, Serial0/0
5.0.0.0/32 is subnetted, 1 subnets
C 5.5.5.5 is directly connected, Loopback0
R5#
# AS You can see there is only main routing table no VRF
#
R5#sh ip protocols
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 5.5.5.5
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
1.1.35.5 0.0.0.0 area 0
1.1.45.5 0.0.0.0 area 0
5.5.5.5 0.0.0.0 area 0
Reference bandwidth unit is 100 mbps
Routing Information Sources:
Gateway Distance Last Update
2.2.2.2 110 5d21h
1.1.1.1 110 6d00h
3.3.3.3 110 00:25:24
4.4.4.4 110 00:25:24
Distance: (default is 110)
R5#
# Only OSPF of the main table! used as I have mentiond for
# Internal ISP communication and LDP / TDP (MPLS lable mapping)
R5#sh mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 1.1.43.0/24 0 Se0/0 point2point
Pop tag 1.1.43.0/24 0 Se0/1 point2point
17 Pop tag 3.3.3.3/32 4764362 Se0/1 point2point
18 Pop tag 4.4.4.4/32 5707479 Se0/0 point2point
R5#
You can also see the MPLS table is very small the only thing R5 need to know is what to do when receiving label 16 , 17 , 18
|
|
R3#sh run
Building configuration...
Current configuration : 2839 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
ip subnet-zero
ip cef
!
!
no ip domain-lookup
!
ip vrf CCDE
rd 333:2
route-target export 1001:11
route-target import 1001:11
!
ip vrf CCIE
rd 333:1
route-target export 10000:1
route-target import 10001:1
!
no mpls traffic-eng auto-bw timers frequency 0
call rsvp-sync
!
!
!
!
!
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
no clns route-cache
!
interface Loopback1
ip vrf forwarding CCDE
ip address 33.3.3.3 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
ip vrf forwarding CCIE
ip address 1.1.13.3 255.255.255.0
duplex auto
speed auto
no clns route-cache
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
no clns route-cache
!
interface Serial1/0
ip address 1.1.43.3 255.255.255.0
mpls ip
serial restart-delay 0
no clns route-cache
!
interface Serial1/1
ip address 1.1.35.3 255.255.255.0
mpls ip
serial restart-delay 0
no clns route-cache
!
interface Serial1/2
no ip address
encapsulation frame-relay
serial restart-delay 0
no frame-relay inverse-arp
no clns route-cache
!
interface Serial1/2.2 multipoint
ip vrf forwarding CCDE
ip address 1.1.67.3 255.255.255.0
frame-relay map ip 1.1.67.6 102 broadcast
frame-relay map ip 1.1.67.7 103 broadcast
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no clns route-cache
!
router ospf 2 vrf CCDE
router-id 33.3.3.3
log-adjacency-changes
redistribute bgp 10000 subnets
network 1.1.67.3 0.0.0.0 area 0
network 33.3.3.3 0.0.0.0 area 0
neighbor 1.1.67.7
neighbor 1.1.67.6
!
router ospf 1
router-id 3.3.3.3
log-adjacency-changes
network 1.1.13.3 0.0.0.0 area 0
network 1.1.35.3 0.0.0.0 area 0
network 1.1.43.3 0.0.0.0 area 0
network 3.3.3.3 0.0.0.0 area 0
!
router rip
!
address-family ipv4 vrf CCIE
redistribute bgp 10000 metric 1
network 1.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 10000
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 4.4.4.4 remote-as 10000
neighbor 4.4.4.4 update-source Loopback0
!
address-family ipv4
neighbor 4.4.4.4 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
exit-address-family
!
address-family ipv4 vrf CCIE
redistribute rip
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf CCDE
redistribute ospf 2 vrf CCDE
no auto-summary
no synchronization
exit-address-family
!
ip classless
!
no ip http server
!
!
!
!
!
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
!
!
end
R3#
|
R4#sh run
Building configuration...
Current configuration : 2627 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
ip subnet-zero
ip cef
!
!
no ip domain-lookup
!
ip vrf CCDE
rd 444:2
route-target export 1001:11
route-target import 1001:11
!
ip vrf CCIE
rd 444:1
route-target export 10001:1
route-target import 10000:1
!
no mpls traffic-eng auto-bw timers frequency 0
call rsvp-sync
!
!
!
!
!
!
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
ip vrf forwarding CCIE
ip address 1.1.42.4 255.255.255.0
duplex auto
speed auto
no clns route-cache
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
no clns route-cache
!
interface Serial1/0
ip address 1.1.43.4 255.255.255.0
mpls ip
serial restart-delay 0
no clns route-cache
!
interface Serial1/1
ip address 1.1.45.4 255.255.255.0
mpls ip
serial restart-delay 0
no clns route-cache
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no clns route-cache
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no clns route-cache
!
interface ATM2/0
no ip address
no atm enable-ilmi-trap
no clns route-cache
!
interface ATM2/0.2 point-to-point
ip vrf forwarding CCDE
ip address 1.1.48.4 255.255.255.0
no atm enable-ilmi-trap
pvc 0/102
encapsulation aal5snap
!
!
router eigrp 100
no auto-summary
!
address-family ipv4 vrf CCDE
redistribute bgp 10000 metric 1 1 1 1 1
network 0.0.0.0
no auto-summary
autonomous-system 100
exit-address-family
!
router ospf 1
router-id 4.4.4.4
log-adjacency-changes
network 1.1.42.4 0.0.0.0 area 0
network 1.1.43.4 0.0.0.0 area 0
network 1.1.45.4 0.0.0.0 area 0
network 4.4.4.4 0.0.0.0 area 0
!
router rip
!
address-family ipv4 vrf CCIE
redistribute bgp 10000 metric 1
network 1.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 10000
no synchronization
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 10000
neighbor 3.3.3.3 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
!
address-family ipv4 vrf CCIE
redistribute rip
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf CCDE
redistribute eigrp 100
no auto-summary
no synchronization
exit-address-family
!
ip classless
!
no ip http server
!
!
!
!
!
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
!
!
end
R4#
|
Please look into the configuration of R3 and R4 (ISP- PE) now you can see I have configured vrf CCIE and CCDE, IGP for PE to CE, IGP for Internal ISP and BGP for distributing customers routes.
Noting to 2 new configuration rd (route distinguisher) and route target, the rd provide a uniq id to the NLRI so the router will know if route 192.168.0.0 of Customer A from 192.168.0.0 of Customer B as it is perfectly ok for me to use RFC1918 range in my organization and have the same range used in 10 other organization’s however if all 10 are connected to the same ISP and the ISP need to provide the customer vpn between his sites, he also need to know that when he get communication from the CEO of Microsoft not to deliver it by mistake to the CEO of Cisco when he only wanted to send the communication to the CTO of Microsoft (although it will simply not going to work in the application level, this is a raw example of what we want to avoid).
R4# sh ip bgp vpnv4 all
BGP table version is 58, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 333:1
*>i1.1.1.1/32 3.3.3.3 1 100 0 ?
*>i1.1.13.0/24 3.3.3.3 0 100 0 ?
Route Distinguisher: 333:2
*>i1.1.67.0/24 3.3.3.3 0 100 0 ?
*>i6.6.6.6/32 3.3.3.3 65 100 0 ?
*>i33.3.3.3/32 3.3.3.3 0 100 0 ?
Route Distinguisher: 444:1 (default for vrf CCIE)
*>i1.1.1.1/32 3.3.3.3 1 100 0 ?
*>i1.1.13.0/24 3.3.3.3 0 100 0 ?
*> 1.1.22.2/32 1.1.42.2 1 32768 ?
*> 1.1.42.0/24 0.0.0.0 0 32768 ?
*> 2.2.2.2/32 1.1.42.2 1 32768 ?
Route Distinguisher: 444:2 (default for vrf CCDE)
*> 1.1.48.0/24 0.0.0.0 0 32768 ?
*>i1.1.67.0/24 3.3.3.3 0 100 0 ?
*>i6.6.6.6/32 3.3.3.3 65 100 0 ?
Network Next Hop Metric LocPrf Weight Path
*> 8.8.8.8/32 1.1.48.8 146432 32768 ?
*>i33.3.3.3/32 3.3.3.3 0 100 0 ?
R4# sh ip bgp vpnv4 all
BGP table version is 62, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 333:1
*>i1.1.1.1/32 3.3.3.3 1 100 0 ?
*>i1.1.13.0/24 3.3.3.3 0 100 0 ?
*>i192.168.0.0 3.3.3.3 1 100 0 ?
Route Distinguisher: 333:2
*>i1.1.67.0/24 3.3.3.3 0 100 0 ?
*>i6.6.6.6/32 3.3.3.3 65 100 0 ?
*>i33.3.3.3/32 3.3.3.3 0 100 0 ?
Route Distinguisher: 444:1 (default for vrf CCIE)
*>i1.1.1.1/32 3.3.3.3 1 100 0 ?
*>i1.1.13.0/24 3.3.3.3 0 100 0 ?
*> 1.1.22.2/32 1.1.42.2 1 32768 ?
*> 1.1.42.0/24 0.0.0.0 0 32768 ?
*> 2.2.2.2/32 1.1.42.2 1 32768 ?
*>i192.168.0.0 3.3.3.3 1 100 0 ?
Route Distinguisher: 444:2 (default for vrf CCDE)
*> 1.1.48.0/24 0.0.0.0 0 32768 ?
Network Next Hop Metric LocPrf Weight Path
*>i1.1.67.0/24 3.3.3.3 0 100 0 ?
*>i6.6.6.6/32 3.3.3.3 65 100 0 ?
*> 8.8.8.8/32 1.1.48.8 146432 32768 ?
*>i33.3.3.3/32 3.3.3.3 0 100 0 ?
*> 192.168.0.0 1.1.48.8 146432 32768 ?
Please notice to route 192.168.0.0
R1_VRF_CCIE#sh run int lo10
Building configuration...
Current configuration : 66 bytes
!
interface Loopback10
ip address 192.168.0.1 255.255.255.0
end
R2_VRF_CCDE#sh run int lo10
Building configuration...
Current configuration : 87 bytes
!
interface Loopback10
ip address 192.168.0.1 255.255.255.0
no clns route-cache
end
R2_VRF_CCDE#
R1_VRF_CCDE#ping 192.168.0.1 r 1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
!
Success rate is 100 percent (1/1), round-trip min/avg/max = 44/44/44 ms
R1_VRF_CCDE#
R2_VRF_CCDE#debug ip icmp
ICMP packet debugging is on
R2_VRF_CCDE#
01:37:17: ICMP: echo reply sent, src 192.168.0.1, dst 1.1.67.6
R2_VRF_CCIE#ping 192.168.0.1 r 1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
!
Success rate is 100 percent (1/1), round-trip min/avg/max = 68/68/68 ms
R2_VRF_CCIE#
R1_VRF_CCIE#debug ip icmp
ICMP packet debugging is on
R1_VRF_CCIE#
*Mar 1 01:38:17.739: ICMP: echo reply sent, src 192.168.0.1, dst 1.1.42.2
So that is the power of rd!
Now what is the route target , I will try to explain it in a simple way, between the PE’s we have BGP running, for the IGP routes to be propagated correctly between them I need to tell each vrf what NLRI to import and export from and to the BGP. it should be unique for per customers as the rd is unique.
! R3 Original config
ip vrf CCDE
rd 333:2
route-target export 1001:11
route-target import 1001:11
!
ip vrf CCIE
rd 333:1
route-target export 10000:1
route-target import 10001:1
!
R3(config)#ip vrf CCIE
R3(config-vrf)#route-target import 1001:11
# See what happen on R1 :
R1_VRF_CCIE#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 1.1.1.1/32 is directly connected, Loopback0
C 1.1.13.0/24 is directly connected, FastEthernet0/0
R 1.1.22.2/32 [120/1] via 1.1.13.3, 00:00:24, FastEthernet0/0
R 1.1.42.0/24 [120/1] via 1.1.13.3, 00:00:24, FastEthernet0/0
2.0.0.0/32 is subnetted, 1 subnets
R 2.2.2.2 [120/1] via 1.1.13.3, 00:00:24, FastEthernet0/0
C 192.168.0.0/24 is directly connected, Loopback10
R1_VRF_CCIE#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C 1.1.1.1/32 is directly connected, Loopback0
C 1.1.13.0/24 is directly connected, FastEthernet0/0
R 1.1.22.2/32 [120/1] via 1.1.13.3, 00:00:01, FastEthernet0/0
R 1.1.42.0/24 [120/1] via 1.1.13.3, 00:00:01, FastEthernet0/0
R 1.1.48.0/24 [120/1] via 1.1.13.3, 00:00:01, FastEthernet0/0
R 1.1.67.0/24 [120/1] via 1.1.13.3, 00:00:01, FastEthernet0/0
2.0.0.0/32 is subnetted, 1 subnets
R 2.2.2.2 [120/1] via 1.1.13.3, 00:00:02, FastEthernet0/0
33.0.0.0/32 is subnetted, 1 subnets
R 33.3.3.3 [120/1] via 1.1.13.3, 00:00:02, FastEthernet0/0
6.0.0.0/32 is subnetted, 1 subnets
R 6.6.6.6 [120/1] via 1.1.13.3, 00:00:02, FastEthernet0/0
8.0.0.0/32 is subnetted, 1 subnets
R 8.8.8.8 [120/1] via 1.1.13.3, 00:00:03, FastEthernet0/0
C 192.168.0.0/24 is directly connected, Loopback10
R1_VRF_CCIE#
by importing CCDE route target I cause a leak and R1 to be aware for routes he do not have any access to
R1_VRF_CCIE#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R1_VRF_CCIE#ping 192.168.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
# And even worse I have caused comunication to be replayed from the wrong
# host just because he hold the same IP!!
R2_VRF_CCDE#
02:07:58: ICMP: echo reply sent, src 8.8.8.8, dst 1.1.13.1
02:08:00: ICMP: echo reply sent, src 8.8.8.8, dst 1.1.13.1
02:08:02: ICMP: echo reply sent, src 8.8.8.8, dst 1.1.13.1
02:08:04: ICMP: echo reply sent, src 8.8.8.8, dst 1.1.13.1
02:08:06: ICMP: echo reply sent, src 8.8.8.8, dst 1.1.13.1
I hope that was informative, for now providing you basic understanding to what is BGP FREE CORE advantages and what can cause misunderstanding the basics.