Saturday, August 20, 2011

BGP FREE CORE

 

image

In this article I would like to demonstrate the BGP free core power , the simplicity for the ISP as well as for the customer need to have site to site connectivity with out him creating vpns or doing any complex configuration.

R1_VRF_CCIE R2_VRF_CCIE R2_VRF_CCDE R1_VRF_CCDE
R1_VRF_CCIE#sh run

Building configuration...

Current configuration : 641 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1_VRF_CCIE

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

!

!

ip cef

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Loopback0

 ip address 1.1.1.1 255.255.255.255

!

interface FastEthernet0/0

 ip address 1.1.13.1 255.255.255.0

 duplex auto

 speed auto

!

router rip

 version 2

 network 1.0.0.0

 no auto-summary

!

ip http server

no ip http secure-server

!

!

!

!

!

!

control-plane

!

!

!

!

!

!

!

!

!

!

line con 0

 exec-timeout 0 0

line aux 0

line vty 0 4

 login

!

!

end

R1_VRF_CCIE#



R2_VRF_CCIE#sh run

Building configuration...

Current configuration : 717 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R2_VRF_CCIE

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

!

!

ip cef

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Loopback0

 ip address 2.2.2.2 255.255.255.255

!

interface Loopback1

 ip address 1.1.22.2 255.255.255.255

!

interface FastEthernet0/0

 ip address 1.1.42.2 255.255.255.0

 duplex auto

 speed auto

!

router rip

 version 2

 network 1.0.0.0

 network 2.0.0.0

 no auto-summary

!

ip http server

no ip http secure-server

!

!

!

!

!

!

control-plane

!

!

!

!

!

!

!

!

!

!

line con 0

 exec-timeout 0 0

line aux 0

line vty 0 4

 login

!

!

end

R2_VRF_CCIE#



R2_VRF_CCDE#sh run

Building configuration...

Current configuration : 1011 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname R2_VRF_CCDE

!

boot-start-marker

boot-end-marker

!

!

ip subnet-zero

ip cef

!

!

!

no mpls traffic-eng auto-bw timers frequency 0

call rsvp-sync

!

!

!

!

!

!

!

!

interface Loopback0

 ip address 8.8.8.8 255.255.255.255

 no clns route-cache

!

interface FastEthernet0/0

 no ip address

 shutdown

 duplex auto

 speed auto

 no clns route-cache

!

interface FastEthernet0/1

 no ip address

 shutdown

 duplex auto

 speed auto

 no clns route-cache

!

interface ATM1/0

 no ip address

 no atm enable-ilmi-trap

 no clns route-cache

!

interface ATM1/0.1 point-to-point

 ip address 1.1.48.8 255.255.255.0

 no atm enable-ilmi-trap

 pvc 0/201

  encapsulation aal5snap

 !

!

router eigrp 100

 network 0.0.0.0

 no auto-summary

!

ip classless

!

no ip http server

!

!

!

!

!

!

control-plane

!

!

dial-peer cor custom

!

!

!

!

line con 0

 exec-timeout 0 0

 stopbits 1

line aux 0

 stopbits 1

line vty 0 4

 no login

!

!

end



R1_VRF_CCDE#sh run

Building configuration...

Current configuration : 1360 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1_VRF_CCDE

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

memory-size iomem 5

ip cef

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Loopback0

 ip address 6.6.6.6 255.255.255.255

 ip ospf 1 area 0

!

interface FastEthernet0/0

 no ip address

 shutdown

 duplex auto

 speed auto

!

interface Serial0/0

 ip address 1.1.67.6 255.255.255.0

 encapsulation frame-relay

 ip ospf priority 0

 ip ospf 1 area 0

 clock rate 2000000

 frame-relay map ip 1.1.67.3 201 broadcast

 no frame-relay inverse-arp

!

interface FastEthernet0/1

 no ip address

 shutdown

 duplex auto

 speed auto

!

interface Serial0/1

 no ip address

 shutdown

 clock rate 2000000

!

interface Serial0/2

 no ip address

 shutdown

 clock rate 2000000

!

interface Serial1/0

 no ip address

 shutdown

 serial restart-delay 0

!

interface Serial1/1

 no ip address

 shutdown

 serial restart-delay 0

!

interface Serial1/2

 no ip address

 shutdown

 serial restart-delay 0

!

interface Serial1/3

 no ip address

 shutdown

 serial restart-delay 0

!

router ospf 1

 router-id 6.6.6.6

 log-adjacency-changes

!

!

!

ip http server

no ip http secure-server

!

!

!

!

!

control-plane

!

!

!

!

!

!

!

!

!

!

line con 0

 exec-timeout 0 0

line aux 0

line vty 0 4

 login

!

!

end

R1_VRF_CCDE#



 


you can see in the configuration there is no VRF configured, I only called them VFR routers as this are the CE connected to the ISP PE routers.


below you can see CE for CCIE the path from R1 to R2 can be (R1 –> R3 –> R4 –> R2) or ( R1 –> R3 –>R5 –> R4 –> R2 )


 
R1_VRF_CCIE#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

C       1.1.1.1/32 is directly connected, Loopback0

C       1.1.13.0/24 is directly connected, FastEthernet0/0

R       1.1.22.2/32 [120/1] via 1.1.13.3, 00:00:11, FastEthernet0/0

R       1.1.42.0/24 [120/1] via 1.1.13.3, 00:00:11, FastEthernet0/0

     2.0.0.0/32 is subnetted, 1 subnets

R       2.2.2.2 [120/1] via 1.1.13.3, 00:00:11, FastEthernet0/0

R1_VRF_CCIE#ping 2.2.2.2 sou

R1_VRF_CCIE#ping 2.2.2.2 source lo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:

Packet sent with a source address of 1.1.1.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 60/77/120 ms

R1_VRF_CCIE#

R1_VRF_CCIE#traceroute 2.2.2.2 source lo0

Type escape sequence to abort.

Tracing the route to 2.2.2.2

  1 1.1.13.3 32 msec 16 msec 24 msec

  2 1.1.42.4 [MPLS: Labels 19 Exp 0] 28 msec 48 msec 40 msec

  3 1.1.42.2 72 msec *  72 msec

R1_VRF_CCIE#

R1_VRF_CCIE#traceroute 2.2.2.2 source lo0

Type escape sequence to abort.

Tracing the route to 2.2.2.2

  1 1.1.13.3 20 msec 28 msec 16 msec

  2 1.1.35.5 [MPLS: Labels 18/19 Exp 0] 96 msec 80 msec 68 msec

  3 1.1.42.4 [MPLS: Label 19 Exp 0] 68 msec 40 msec 40 msec

  4 1.1.42.2 64 msec *  76 msec

R1_VRF_CCIE#
 


 


I the above trace I have demonstrated the 2 path selection, the first it the natural selection and just by shutting the interface between R3 to R4 I have enforced the routers to select the other path (only to show that both paths are valid and working), please noting another interesting thing is to that we see the MPLS path In the next article I will show you how to keep that information out from the customer need to know Smile but as for this demonstration it help me show you how dose it work.


now we see that the CE is simply configured with ip address under the interface (along with the proper L2 configuration) and IGP again that is another decision I made for simplicity, the next step will be to demonstrate a multi home mode however lets not get ahead of our self.


So lets look how is the ISP configured:
R3#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 3 subnets

C       1.1.35.0 is directly connected, Serial1/1

C       1.1.43.0 is directly connected, Serial1/0

O       1.1.45.0 [110/128] via 1.1.43.4, 00:10:44, Serial1/0

                 [110/128] via 1.1.35.5, 00:10:44, Serial1/1

     3.0.0.0/32 is subnetted, 1 subnets

C       3.3.3.3 is directly connected, Loopback0

     4.0.0.0/32 is subnetted, 1 subnets

O       4.4.4.4 [110/65] via 1.1.43.4, 00:10:44, Serial1/0

     5.0.0.0/32 is subnetted, 1 subnets

O       5.5.5.5 [110/65] via 1.1.35.5, 00:10:44, Serial1/1

# Where is the router to 2.2.2.2 and to 1.1.1.1???!

# Remmeber the VRF?!

R3#sh ip route vrf CCIE

Routing Table: CCIE

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

R       1.1.1.1/32 [120/1] via 1.1.13.1, 00:00:15, FastEthernet0/0

C       1.1.13.0/24 is directly connected, FastEthernet0/0

B       1.1.22.2/32 [200/1] via 4.4.4.4, 4d22h

B       1.1.42.0/24 [200/0] via 4.4.4.4, 4d22h

     2.0.0.0/32 is subnetted, 1 subnets

B       2.2.2.2 [200/1] via 4.4.4.4, 4d22h

R3#

# OK now I can see the routes, but wait I do not have BGP

# Configured on my customers!!!


OK so how dose that work in our topology CE to PE we have IGP configured, On the PE I have the IGP to form route distribution with CE’s, I have IGP to between all the ISP routers only for internal and LDP / TDP (MPLS lable mapping) and I have BGP for distributing Customer routes to the IGP, now you ask your self , YOU SAID this should be BGP FREE ???! please noting to the headline is say BGP FREE CORE and by core I refer to all internal ISP network, in my diagram you can see only one core router R5 however ISP’s are build with far more complex and their core may contain a little more than that.


So lets see what we have on R5 as I have demonstrated an instance where the path is using him :
R5#sh ip route vrf *

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/24 is subnetted, 3 subnets

C       1.1.35.0 is directly connected, Serial0/1

O       1.1.43.0 [110/128] via 1.1.45.4, 00:24:19, Serial0/0

                 [110/128] via 1.1.35.3, 00:24:19, Serial0/1

C       1.1.45.0 is directly connected, Serial0/0

     3.0.0.0/32 is subnetted, 1 subnets

O       3.3.3.3 [110/65] via 1.1.35.3, 00:24:19, Serial0/1

     4.0.0.0/32 is subnetted, 1 subnets

O       4.4.4.4 [110/65] via 1.1.45.4, 00:24:19, Serial0/0

     5.0.0.0/32 is subnetted, 1 subnets

C       5.5.5.5 is directly connected, Loopback0

R5#

# AS You can see there is only main routing table no VRF 

# 

R5#sh ip protocols

Routing Protocol is "ospf 1"

  Outgoing update filter list for all interfaces is not set

  Incoming update filter list for all interfaces is not set

  Router ID 5.5.5.5

  Number of areas in this router is 1. 1 normal 0 stub 0 nssa

  Maximum path: 4

  Routing for Networks:

    1.1.35.5 0.0.0.0 area 0

    1.1.45.5 0.0.0.0 area 0

    5.5.5.5 0.0.0.0 area 0

 Reference bandwidth unit is 100 mbps

  Routing Information Sources:

    Gateway         Distance      Last Update

    2.2.2.2              110      5d21h

    1.1.1.1              110      6d00h

    3.3.3.3              110      00:25:24

    4.4.4.4              110      00:25:24

  Distance: (default is 110)

R5#

# Only OSPF of the main table! used as I have mentiond for

# Internal ISP communication and LDP / TDP (MPLS lable mapping)
R5#sh mpls forwarding-table

Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop

tag    tag or VC   or Tunnel Id      switched   interface

16     Pop tag     1.1.43.0/24       0          Se0/0      point2point

       Pop tag     1.1.43.0/24       0          Se0/1      point2point

17     Pop tag     3.3.3.3/32        4764362    Se0/1      point2point

18     Pop tag     4.4.4.4/32        5707479    Se0/0      point2point

R5#

You can also see the MPLS table is very small the only thing R5 need to know is what to do when receiving label 16 , 17 , 18   




 
 




R3#sh run

Building configuration...

Current configuration : 2839 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname R3

!

boot-start-marker

boot-end-marker

!

!

ip subnet-zero

ip cef

!

!

no ip domain-lookup

!

ip vrf CCDE

 rd 333:2

 route-target export 1001:11

 route-target import 1001:11

!

ip vrf CCIE

 rd 333:1

 route-target export 10000:1

 route-target import 10001:1

!

no mpls traffic-eng auto-bw timers frequency 0

call rsvp-sync

!

!

!

!

!

!

!

!

interface Loopback0

 ip address 3.3.3.3 255.255.255.255

 no clns route-cache

!

interface Loopback1

 ip vrf forwarding CCDE

 ip address 33.3.3.3 255.255.255.255

 no clns route-cache

!

interface FastEthernet0/0

 ip vrf forwarding CCIE

 ip address 1.1.13.3 255.255.255.0

 duplex auto

 speed auto

 no clns route-cache

!

interface FastEthernet0/1

 no ip address

 shutdown

 duplex auto

 speed auto

 no clns route-cache

!

interface Serial1/0

 ip address 1.1.43.3 255.255.255.0

 mpls ip

 serial restart-delay 0

 no clns route-cache

!

interface Serial1/1

 ip address 1.1.35.3 255.255.255.0

 mpls ip

 serial restart-delay 0

 no clns route-cache

!

interface Serial1/2

 no ip address

 encapsulation frame-relay

 serial restart-delay 0

 no frame-relay inverse-arp

 no clns route-cache

!

interface Serial1/2.2 multipoint

 ip vrf forwarding CCDE

 ip address 1.1.67.3 255.255.255.0

 frame-relay map ip 1.1.67.6 102 broadcast

 frame-relay map ip 1.1.67.7 103 broadcast

!

interface Serial1/3

 no ip address

 shutdown

 serial restart-delay 0

 no clns route-cache

!

router ospf 2 vrf CCDE

 router-id 33.3.3.3

 log-adjacency-changes

 redistribute bgp 10000 subnets

 network 1.1.67.3 0.0.0.0 area 0

 network 33.3.3.3 0.0.0.0 area 0

 neighbor 1.1.67.7

 neighbor 1.1.67.6

!

router ospf 1

 router-id 3.3.3.3

 log-adjacency-changes

 network 1.1.13.3 0.0.0.0 area 0

 network 1.1.35.3 0.0.0.0 area 0

 network 1.1.43.3 0.0.0.0 area 0

 network 3.3.3.3 0.0.0.0 area 0

!

router rip

 !

 address-family ipv4 vrf CCIE

 redistribute bgp 10000 metric 1

 network 1.0.0.0

 no auto-summary

 version 2

 exit-address-family

!

router bgp 10000

 no bgp default ipv4-unicast

 bgp log-neighbor-changes

 neighbor 4.4.4.4 remote-as 10000

 neighbor 4.4.4.4 update-source Loopback0

 !

 address-family ipv4

 neighbor 4.4.4.4 activate

 no auto-summary

 no synchronization

 exit-address-family

 !

 address-family vpnv4

 neighbor 4.4.4.4 activate

 neighbor 4.4.4.4 send-community extended

 exit-address-family

 !

 address-family ipv4 vrf CCIE

 redistribute rip

 no auto-summary

 no synchronization

 exit-address-family

 !

 address-family ipv4 vrf CCDE

 redistribute ospf 2 vrf CCDE

 no auto-summary

 no synchronization

 exit-address-family

!

ip classless

!

no ip http server

!

!

!

!

!

!

control-plane

!

!

dial-peer cor custom

!

!

!

!

line con 0

 exec-timeout 0 0

 logging synchronous

 stopbits 1

line aux 0

 stopbits 1

line vty 0 4

!

!

end

R3#



R4#sh run

Building configuration...

Current configuration : 2627 bytes

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname R4

!

boot-start-marker

boot-end-marker

!

!

ip subnet-zero

ip cef

!

!

no ip domain-lookup

!

ip vrf CCDE

 rd 444:2

 route-target export 1001:11

 route-target import 1001:11

!

ip vrf CCIE

 rd 444:1

 route-target export 10001:1

 route-target import 10000:1

!

no mpls traffic-eng auto-bw timers frequency 0

call rsvp-sync

!

!

!

!

!

!

!

!

interface Loopback0

 ip address 4.4.4.4 255.255.255.255

 no clns route-cache

!

interface FastEthernet0/0

 ip vrf forwarding CCIE

 ip address 1.1.42.4 255.255.255.0

 duplex auto

 speed auto

 no clns route-cache

!

interface FastEthernet0/1

 no ip address

 shutdown

 duplex auto

 speed auto

 no clns route-cache

!

interface Serial1/0

 ip address 1.1.43.4 255.255.255.0

 mpls ip

 serial restart-delay 0

 no clns route-cache

!

interface Serial1/1

 ip address 1.1.45.4 255.255.255.0

 mpls ip

 serial restart-delay 0

 no clns route-cache

!

interface Serial1/2

 no ip address

 shutdown

 serial restart-delay 0

 no clns route-cache

!

interface Serial1/3

 no ip address

 shutdown

 serial restart-delay 0

 no clns route-cache

!

interface ATM2/0

 no ip address

 no atm enable-ilmi-trap

 no clns route-cache

!

interface ATM2/0.2 point-to-point

 ip vrf forwarding CCDE

 ip address 1.1.48.4 255.255.255.0

 no atm enable-ilmi-trap

 pvc 0/102

  encapsulation aal5snap

 !

!

router eigrp 100

 no auto-summary

 !

 address-family ipv4 vrf CCDE

 redistribute bgp 10000 metric 1 1 1 1 1

 network 0.0.0.0

 no auto-summary

 autonomous-system 100

 exit-address-family

!

router ospf 1

 router-id 4.4.4.4

 log-adjacency-changes

 network 1.1.42.4 0.0.0.0 area 0

 network 1.1.43.4 0.0.0.0 area 0

 network 1.1.45.4 0.0.0.0 area 0

 network 4.4.4.4 0.0.0.0 area 0

!

router rip

 !

 address-family ipv4 vrf CCIE

 redistribute bgp 10000 metric 1

 network 1.0.0.0

 no auto-summary

 version 2

 exit-address-family

!

router bgp 10000

 no synchronization

 bgp log-neighbor-changes

 neighbor 3.3.3.3 remote-as 10000

 neighbor 3.3.3.3 update-source Loopback0

 no auto-summary

 !

 address-family vpnv4

 neighbor 3.3.3.3 activate

 neighbor 3.3.3.3 send-community extended

 exit-address-family

 !

 address-family ipv4 vrf CCIE

 redistribute rip

 no auto-summary

 no synchronization

 exit-address-family

 !

 address-family ipv4 vrf CCDE

 redistribute eigrp 100

 no auto-summary

 no synchronization

 exit-address-family

!

ip classless

!

no ip http server

!

!

!

!

!

!

control-plane

!

!

dial-peer cor custom

!

!

!

!

line con 0

 exec-timeout 0 0

 logging synchronous

 stopbits 1

line aux 0

 stopbits 1

line vty 0 4

!

!

end

R4#



Please look into the configuration of R3 and R4 (ISP- PE) now you can see I have configured vrf CCIE and CCDE, IGP for PE to CE, IGP for Internal ISP and BGP for distributing customers routes.


Noting to 2 new configuration rd (route distinguisher) and route target, the rd provide a uniq id to the NLRI so the router will know if route 192.168.0.0 of Customer A from 192.168.0.0 of Customer B as it is perfectly ok for me to use RFC1918 range in my organization and have the same range used in 10 other organization’s however if all 10 are connected to the same ISP and the ISP need to provide the customer vpn between his sites, he also need to know that when he get communication from the CEO of Microsoft not to deliver it by mistake to the CEO of Cisco when he only wanted to send the communication to the CTO of Microsoft (although it will simply not going to work in the application level, this is a raw example of what we want to avoid).


 
R4# sh ip bgp vpnv4 all

BGP table version is 58, local router ID is 4.4.4.4

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

Route Distinguisher: 333:1

*>i1.1.1.1/32       3.3.3.3                  1    100      0 ?

*>i1.1.13.0/24      3.3.3.3                  0    100      0 ?

Route Distinguisher: 333:2

*>i1.1.67.0/24      3.3.3.3                  0    100      0 ?

*>i6.6.6.6/32       3.3.3.3                 65    100      0 ?

*>i33.3.3.3/32      3.3.3.3                  0    100      0 ?

Route Distinguisher: 444:1 (default for vrf CCIE)

*>i1.1.1.1/32       3.3.3.3                  1    100      0 ?

*>i1.1.13.0/24      3.3.3.3                  0    100      0 ?

*> 1.1.22.2/32      1.1.42.2                 1         32768 ?

*> 1.1.42.0/24      0.0.0.0                  0         32768 ?

*> 2.2.2.2/32       1.1.42.2                 1         32768 ?

Route Distinguisher: 444:2 (default for vrf CCDE)

*> 1.1.48.0/24      0.0.0.0                  0         32768 ?

*>i1.1.67.0/24      3.3.3.3                  0    100      0 ?

*>i6.6.6.6/32       3.3.3.3                 65    100      0 ?

   Network          Next Hop            Metric LocPrf Weight Path

*> 8.8.8.8/32       1.1.48.8            146432         32768 ?

*>i33.3.3.3/32      3.3.3.3                  0    100      0 ?

R4# sh ip bgp vpnv4 all

BGP table version is 62, local router ID is 4.4.4.4

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

Route Distinguisher: 333:1

*>i1.1.1.1/32       3.3.3.3                  1    100      0 ?

*>i1.1.13.0/24      3.3.3.3                  0    100      0 ?

*>i192.168.0.0      3.3.3.3                  1    100      0 ?

Route Distinguisher: 333:2

*>i1.1.67.0/24      3.3.3.3                  0    100      0 ?

*>i6.6.6.6/32       3.3.3.3                 65    100      0 ?

*>i33.3.3.3/32      3.3.3.3                  0    100      0 ?

Route Distinguisher: 444:1 (default for vrf CCIE)

*>i1.1.1.1/32       3.3.3.3                  1    100      0 ?

*>i1.1.13.0/24      3.3.3.3                  0    100      0 ?

*> 1.1.22.2/32      1.1.42.2                 1         32768 ?

*> 1.1.42.0/24      0.0.0.0                  0         32768 ?

*> 2.2.2.2/32       1.1.42.2                 1         32768 ?

*>i192.168.0.0      3.3.3.3                  1    100      0 ?

Route Distinguisher: 444:2 (default for vrf CCDE)

*> 1.1.48.0/24      0.0.0.0                  0         32768 ?

   Network          Next Hop            Metric LocPrf Weight Path

*>i1.1.67.0/24      3.3.3.3                  0    100      0 ?

*>i6.6.6.6/32       3.3.3.3                 65    100      0 ?

*> 8.8.8.8/32       1.1.48.8            146432         32768 ?

*>i33.3.3.3/32      3.3.3.3                  0    100      0 ?

*> 192.168.0.0      1.1.48.8            146432         32768 ?



Please notice to route 192.168.0.0 
R1_VRF_CCIE#sh run int lo10

Building configuration...

Current configuration : 66 bytes

!

interface Loopback10

 ip address 192.168.0.1 255.255.255.0

end

R2_VRF_CCDE#sh run int lo10

Building configuration...

Current configuration : 87 bytes

!

interface Loopback10

 ip address 192.168.0.1 255.255.255.0

 no clns route-cache

end

R2_VRF_CCDE#

R1_VRF_CCDE#ping 192.168.0.1 r 1

Type escape sequence to abort.

Sending 1, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:

!

Success rate is 100 percent (1/1), round-trip min/avg/max = 44/44/44 ms

R1_VRF_CCDE#

R2_VRF_CCDE#debug ip icmp

ICMP packet debugging is on

R2_VRF_CCDE#

01:37:17: ICMP: echo reply sent, src 192.168.0.1, dst 1.1.67.6

R2_VRF_CCIE#ping 192.168.0.1 r 1

Type escape sequence to abort.

Sending 1, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:

!

Success rate is 100 percent (1/1), round-trip min/avg/max = 68/68/68 ms

R2_VRF_CCIE#

R1_VRF_CCIE#debug ip icmp

ICMP packet debugging is on

R1_VRF_CCIE#

*Mar  1 01:38:17.739: ICMP: echo reply sent, src 192.168.0.1, dst 1.1.42.2



So that is the power of rd!


Now what is the route target , I will try to explain it in a simple way, between the PE’s we have BGP running, for the IGP routes to be propagated correctly between them I need to tell each vrf what NLRI to import and export from and to the BGP. it should be unique for per customers as the rd is unique. 
! R3 Original config

ip vrf CCDE

 rd 333:2

 route-target export 1001:11

 route-target import 1001:11

!

ip vrf CCIE

 rd 333:1

 route-target export 10000:1

 route-target import 10001:1

!

R3(config)#ip vrf CCIE

R3(config-vrf)#route-target import 1001:11

# See what happen on R1 :

R1_VRF_CCIE#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

C       1.1.1.1/32 is directly connected, Loopback0

C       1.1.13.0/24 is directly connected, FastEthernet0/0

R       1.1.22.2/32 [120/1] via 1.1.13.3, 00:00:24, FastEthernet0/0

R       1.1.42.0/24 [120/1] via 1.1.13.3, 00:00:24, FastEthernet0/0

     2.0.0.0/32 is subnetted, 1 subnets

R       2.2.2.2 [120/1] via 1.1.13.3, 00:00:24, FastEthernet0/0

C    192.168.0.0/24 is directly connected, Loopback10

R1_VRF_CCIE#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/8 is variably subnetted, 6 subnets, 2 masks

C       1.1.1.1/32 is directly connected, Loopback0

C       1.1.13.0/24 is directly connected, FastEthernet0/0

R       1.1.22.2/32 [120/1] via 1.1.13.3, 00:00:01, FastEthernet0/0

R       1.1.42.0/24 [120/1] via 1.1.13.3, 00:00:01, FastEthernet0/0

R       1.1.48.0/24 [120/1] via 1.1.13.3, 00:00:01, FastEthernet0/0

R       1.1.67.0/24 [120/1] via 1.1.13.3, 00:00:01, FastEthernet0/0

     2.0.0.0/32 is subnetted, 1 subnets

R       2.2.2.2 [120/1] via 1.1.13.3, 00:00:02, FastEthernet0/0

     33.0.0.0/32 is subnetted, 1 subnets

R       33.3.3.3 [120/1] via 1.1.13.3, 00:00:02, FastEthernet0/0

     6.0.0.0/32 is subnetted, 1 subnets

R       6.6.6.6 [120/1] via 1.1.13.3, 00:00:02, FastEthernet0/0

     8.0.0.0/32 is subnetted, 1 subnets

R       8.8.8.8 [120/1] via 1.1.13.3, 00:00:03, FastEthernet0/0

C    192.168.0.0/24 is directly connected, Loopback10

R1_VRF_CCIE#

by importing CCDE route target I cause a leak and R1 to be aware for routes he do not have any access to
R1_VRF_CCIE#ping 8.8.8.8

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

R1_VRF_CCIE#ping 192.168.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.0.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms

# And even worse I have caused comunication to be replayed from the wrong 

# host just because he hold the same IP!!

R2_VRF_CCDE#

02:07:58: ICMP: echo reply sent, src 8.8.8.8, dst 1.1.13.1

02:08:00: ICMP: echo reply sent, src 8.8.8.8, dst 1.1.13.1

02:08:02: ICMP: echo reply sent, src 8.8.8.8, dst 1.1.13.1

02:08:04: ICMP: echo reply sent, src 8.8.8.8, dst 1.1.13.1

02:08:06: ICMP: echo reply sent, src 8.8.8.8, dst 1.1.13.1

 


I hope that was informative, for now providing you basic understanding to what is BGP FREE CORE advantages and what can cause misunderstanding the basics. 
  











at






















Labels:
,
,
,
,
,
,
,
,
,
,
,


















1 comment:




Post a Comment







        

      









Subscribe to:
Post Comments (Atom)