Saturday, January 14, 2017

CCIE SPv4 - MPLS L3 VPN - IS-IS PE-CE Routing

Software versions:
IOS XE 15.5
IOS XR 5.3

The topology for this demo:
In this post we will hit the last dynamic protocol, IS-IS, which has the least support as well. VRF Aware IS-IS isn't supported in IOS XR, so we'll be demoing this setup on just a few routers. Overall, very simple to get working. Like RIPv2, just the configs and a quick verification are all that is needed.

R1
router isis 115
 vrf IS-IS
 net 49.0000.0000.0000.0001.00
 is-type level-2-only
 metric-style wide
 redistribute bgp 50693
 !
 address-family ipv6
  multi-topology
  redistribute bgp 50693
 exit-address-family
!
interface GigabitEthernet1.1115
 encapsulation dot1Q 1115
 vrf forwarding IS-IS
 ip address 131.0.0.1 255.255.255.0
 ip router isis 115
 ipv6 address 2131:CC1E::1/64
 ipv6 router isis 115
!
router bgp 50693
address-family ipv4 vrf IS-IS
  redistribute isis 115 level-2
 exit-address-family
 !
 address-family ipv6 vrf IS-IS
  redistribute isis 115 level-2
 exit-address-family


R13
router isis 115
 vrf IS-IS
 net 49.0000.0000.0000.0013.00
 is-type level-2-only
 metric-style wide
 !
 address-family ipv6
  multi-topology
 exit-address-family
!
interface GigabitEthernet1.1115
 encapsulation dot1Q 1115
 vrf forwarding IS-IS
 ip address 131.0.0.13 255.255.255.0
 ip router isis 115
 ipv6 address 2131:CC1E::13/64
 ipv6 router isis 115

So now that we have the configuration in place, we can take a look at the verification. We'll start R13, then R1 and go from there.


R13#sh ip route vrf IS-IS isis | b Gateway
Gateway of last resort is not set

      172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
i L2     172.16.110.0/24
           [115/10] via 131.0.0.1, 00:21:34, GigabitEthernet1.1115
i L2     172.16.114.0/24
           [115/10] via 131.0.0.1, 00:21:34, GigabitEthernet1.1115
i L2     172.16.119.0/24
           [115/10] via 131.0.0.1, 00:21:34, GigabitEthernet1.1115


R13#sh ipv6 route vrf IS-IS isis | b App
       ld - LISP dyn-eid, a - Application
I2  FC00::8/128 [115/10]
     via FE80::20C:29FF:FE11:973F, GigabitEthernet1.1115
I2  FC00:110::8/128 [115/10]
     via FE80::20C:29FF:FE11:973F, GigabitEthernet1.1115
I2  FC00:114::8/128 [115/10]
     via FE80::20C:29FF:FE11:973F, GigabitEthernet1.1115
I2  FC00:119::8/128 [115/10]
     via FE80::20C:29FF:FE11:973F, GigabitEthernet1.1115

As you can see, I have routes from both AFIs in the applicable RIBs. Let's do some verification on the PE side.

R1
R1#sh bgp vpnv4 unicast vrf IS-IS 172.16.110.0/24
BGP routing table entry for 115:50693:172.16.110.0/24, version 698
Paths: (2 available, best #2, table IS-IS)
  Not advertised to any peer
  Refresh Epoch 1
  Local
    192.168.1.6 (metric 5) (via default) from 192.168.1.14 (192.168.1.14)
      Origin incomplete, metric 20, localpref 100, valid, internal
      Extended Community: RT:115:50693
      Originator: 192.168.1.6, Cluster list: 192.168.1.14
      mpls labels in/out nolabel/47
      rx pathid: 0, tx pathid: 0
  Refresh Epoch 2
  Local
    192.168.1.6 (metric 5) (via default) from 192.168.1.2 (192.168.1.2)
      Origin incomplete, metric 20, localpref 100, valid, internal, best
      Extended Community: RT:115:50693
      Originator: 192.168.1.6, Cluster list: 192.168.1.2
      mpls labels in/out nolabel/47
      rx pathid: 0, tx pathid: 0x0


R1#sh bgp vpnv6 unicast vrf IS-IS FC00::8/128
BGP routing table entry for [115:50693]FC00::8/128, version 1755
Paths: (2 available, best #1, table IS-IS)
  Not advertised to any peer
  Refresh Epoch 1
  Local
    ::FFFF:192.168.1.3 (metric 4) (via default) from 192.168.1.2 (192.168.1.2)
      Origin incomplete, metric 20, localpref 100, valid, internal, best
      Extended Community: RT:115:50693
      Originator: 192.168.1.3, Cluster list: 192.168.1.2
      mpls labels in/out nolabel/35
      rx pathid: 0, tx pathid: 0x0
  Refresh Epoch 1
  Local
    ::FFFF:192.168.1.3 (metric 4) (via default) from 192.168.1.14 (192.168.1.14)
      Origin incomplete, metric 20, localpref 100, valid, internal
      Extended Community: RT:115:50693
      Originator: 192.168.1.3, Cluster list: 192.168.1.14
      mpls labels in/out nolabel/35
      rx pathid: 0, tx pathid: 0

As you can see, the metric (20) is copied from IS-IS. 

Let's verify connectivity.

R8#traceroute vrf IS-IS 172.16.115.13 source 172.16.114.8
Type escape sequence to abort.
Tracing the route to 172.16.115.13
VRF info: (vrf in name/id, vrf out name/id)
  1 83.0.0.3 3 msec 1 msec 1 msec
  2 10.14.3.14 [MPLS: Labels 24007/32 Exp 0] 8 msec 6 msec 5 msec
  3 10.11.14.11 [MPLS: Labels 24000/32 Exp 0] 33 msec 32 msec 76 msec
  4 131.0.0.1 [MPLS: Label 32 Exp 0] 8 msec 8 msec 6 msec
  5 131.0.0.13 7 msec *  11 msec

R8#traceroute vrf IS-IS ipv6
Target IPv6 address: FC00:115::13
Source address: FC00:114::8
Insert source routing header? [no]:
Numeric display? [no]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Priority [0]:
Port Number [0]:
Type escape sequence to abort.
Tracing the route to FC00:115::13

  1 2038:CC1E::3 3 msec 1 msec 0 msec
  2 ::FFFF:10.3.4.4 [MPLS: Labels 25/42 Exp 0] 49 msec 5 msec 19 msec
  3 2016:15:4::15 [MPLS: Labels 24031/42 Exp 0] 36 msec 35 msec 34 msec
  4 2131:CC1E::1 [MPLS: Label 42 Exp 0] 17 msec 15 msec 25 msec
  5 2131:CC1E::13 23 msec 14 msec 15 msec

As you can see we have reachability. 

Thanks for stopping by!
Rob Riker, CCIE #50693
Posted by at
Labels: , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)