Unified or Seamless MPLS is a really interesting topic and one of the last major topics I wanted to hit as I prepare for the SPv4 lab. It isn't a brand new technology nor does it introduce a new technology. Rather it uses existing features to enable scalability beyond a typical MPLS environment. There are 3 separate IGP domains, 2 IS-IS that are used to connect to the customer routers and an IGP domain of OSPF in the core. OSPF in the core is used to connect the the IS-IS "Islands". I like to refer to OSPF in the core as the backbone and IS-IS at the edge as the PoPs or Points of Presence that customers connect to.
The key thing is that the routers bordering the IGP domains, R7 and R8 on the left and R9 and XR6 on the right, for IS-IS adjacencies with each other and the PE routers in their respective domains. LDP is enabled in the domain. The ABRs and the core router, R5 and R6 form OSPF and LDP adjacencies. The core routers won't form an LDP adjacency with the ABRs until the ABRs redistribute the ABR loopbacks into OSPF via connected redistribution. At this point, IGP and LDP should be fully adjacent. The ABRs will see IGP routes to the core routers and other ABRs. The PE routers won't see the other IGP domain routes, only their local ABR routes.
BGP is then used to inter connect the environment, all routers exist in the same BGP ASN and eventually R1 and R3 will for a BGP VPNv4 unicast iBGP peerings with each other. The ABRs will be configured as BGP Route Reflectors for their local IGP domains to pass routes from the remote IGP domains. R7 and R8 will form an iBGP IPv4 peering to R1 and vice versa. During the iBGP configuration, the command "send-label" which will allocate a label used as a transport label to get traffic from R1 through R7 over to R9 and down to R3. The IOS ABRs will use the "next-hop-self all" which will update both iBGP and eBGP learned routes by the RR.
The ABRs will form iBGP IPv4 peerings with each other as well adding the "send-label" command to allocate a label for transport later on. Once the ABRs have formed iBGP peerings, the next step is to enable the VPNv4 iBGP peering between the PE routers, in this lab, only 2 PEs are used, but many may be configured. It would make sense to configure a PE router or multiple PE routers as a route reflectors to help with VPNv4 scaling, but for our testing purpose, a single iBGP VPNv4 peering is sufficient. Once this is complete, R1 and R3 will have formed an iBGP VPNv4 peering and be ready to begin forwarding labeled traffic.
Configuration in the above picture shows the addressing for both AFIs so I won't be adding in the interface level addressing but will show the IGP relevant configuration.
------------------------- Left Access configuration--------------------------------------
R1
router isis 50693
net 49.0001.0000.0000.0001.00
is-type level-1
metric-style wide
log-adjacency-changes all
!
address-family ipv6
multi-topology
advertise passive-only
exit-address-family
mpls ldp autoconfig level-1
!
interface GigabitEthernet1.17
ip router isis 50693
!
interface GigabitEthernet1.18
ip router isis 50693
!
interface Loopback0
ip router isis 50693
!
router bgp 50693
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 192.0.2.3 remote-as 50693
neighbor 192.0.2.3 update-source Loopback0
neighbor 192.0.2.7 remote-as 50693
neighbor 192.0.2.7 update-source Loopback0
neighbor 192.0.2.8 remote-as 50693
neighbor 192.0.2.8 update-source Loopback0
!
address-family ipv4
redistribute connected route-map RM_LOOPBACK
neighbor 192.0.2.7 activate
neighbor 192.0.2.7 send-label
neighbor 192.0.2.8 activate
neighbor 192.0.2.8 send-label
exit-address-family
!
address-family vpnv4
neighbor 192.0.2.3 activate
neighbor 192.0.2.3 send-community extended
exit-address-family
!
address-family ipv4 vrf UMPLS
network 100.64.21.0 mask 255.255.255.0
neighbor 100.64.21.2 remote-as 65002
neighbor 100.64.21.2 activate
exit-address-family
!
route-map RM_LOOPBACK permit 10
match interface Loopback0
!
vrf definition UMPLS
rd 1:1
route-target export 1:1
route-target import 1:1
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
R7
router isis 50693
net 49.0001.0000.0000.0007.00
metric-style wide
log-adjacency-changes all
!
address-family ipv6
multi-topology
advertise passive-only
exit-address-family
mpls ldp autoconfig
!
interface GigabitEthernet1.78
ip router isis 50693
!
interface GigabitEthernet1.17
ip router isis 50693
!
interface Loopback0
ip router isis 50693
!
router ospf 1
redistribute connected subnets route-map RM_LOOPBACK
network 100.64.71.0 0.0.0.255 area 0
network 100.64.75.0 0.0.0.255 area 0
mpls ldp autoconfig
!
ip prefix-list ISIS_LOOPBACK seq 5 permit 192.0.2.7/32
!
route-map RM_LOOPBACK permit 10
match ip address prefix-list ISIS_LOOPBACK
!
router bgp 50693
bgp cluster-id 192.0.2.7
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 192.0.2.1 remote-as 50693
neighbor 192.0.2.1 update-source Loopback0
neighbor 192.0.2.9 remote-as 50693
neighbor 192.0.2.9 update-source Loopback0
neighbor 192.0.2.16 remote-as 50693
neighbor 192.0.2.16 update-source Loopback0
!
address-family ipv4
network 192.0.2.7 mask 255.255.255.255
neighbor 192.0.2.1 activate
neighbor 192.0.2.1 route-reflector-client
neighbor 192.0.2.1 next-hop-self all
neighbor 192.0.2.1 send-label
neighbor 192.0.2.9 activate
neighbor 192.0.2.9 next-hop-self all
neighbor 192.0.2.9 send-label
neighbor 192.0.2.16 activate
neighbor 192.0.2.16 next-hop-self all
neighbor 192.0.2.16 send-label
exit-address-family
R8
router isis 50693
net 49.0001.0000.0000.0008.00
advertise passive-only
metric-style wide
log-adjacency-changes all
passive-interface Loopback0
!
address-family ipv6
multi-topology
advertise passive-only
exit-address-family
mpls ldp autoconfig
!
interface GigabitEthernet1.18
ip router isis 50693
interface GigabitEthernet1.78
ip router isis 50693
!
router ospf 1
redistribute connected subnets route-map RM_LOOPBACK
network 100.64.85.0 0.0.0.255 area 0
mpls ldp autoconfig
!
ip prefix-list PL_LOOPBACK seq 5 permit 192.0.2.8/32
!
route-map RM_LOOPBACK permit 10
match ip address prefix-list PL_LOOPBACK
!
router bgp 50693
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 192.0.2.1 remote-as 50693
neighbor 192.0.2.1 update-source Loopback0
neighbor 192.0.2.9 remote-as 50693
neighbor 192.0.2.9 update-source Loopback0
neighbor 192.0.2.16 remote-as 50693
neighbor 192.0.2.16 update-source Loopback0
!
address-family ipv4
redistribute connected route-map RM_LOOPBACK
neighbor 192.0.2.1 activate
neighbor 192.0.2.1 route-reflector-client
neighbor 192.0.2.1 next-hop-self all
neighbor 192.0.2.1 send-label
neighbor 192.0.2.9 activate
neighbor 192.0.2.9 next-hop-self all
neighbor 192.0.2.9 send-label
neighbor 192.0.2.16 activate
neighbor 192.0.2.16 next-hop-self all
neighbor 192.0.2.16 send-label
exit-address-family
----------------------Core Configuration---------------------
R5
router ospf 1
network 100.64.0.0 0.0.255.255 area 0
mpls ldp autoconfig
!
interface Loopback0
ip ospf 1 area 0
R6
router ospf 1
network 100.64.0.0 0.0.255.255 area 0
mpls ldp autoconfig
!
interface Loopback0
ip ospf 1 area 0
------------------------Right Access Configuration--------------
R9
router ospf 1
redistribute connected subnets route-map RM_LOOPBACK
network 100.64.69.0 0.0.0.255 area 0
mpls ldp autoconfig
!
route-map RM_LOOPBACK permit 10
match ip address prefix-list PL_LOOPBACK
!
ip prefix-list PL_LOOPBACK seq 5 permit 192.0.2.9/32
match ip address prefix-list PL_LOOPBACK
!
router isis 50693
net 49.0002.0000.0000.0009.00
is-type level-2-only
metric-style wide
mpls ldp autoconfig
!
interface Loopback0
ip router isis 50693
!
interface GigabitEthernet1.39
ip router isis 50693
!
router bgp 50693
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 192.0.2.3 remote-as 50693
neighbor 192.0.2.3 update-source Loopback0
neighbor 192.0.2.7 remote-as 50693
neighbor 192.0.2.7 update-source Loopback0
!
address-family ipv4
neighbor 192.0.2.3 activate
neighbor 192.0.2.3 route-reflector-client
neighbor 192.0.2.3 next-hop-self all
neighbor 192.0.2.3 send-label
neighbor 192.0.2.7 activate
neighbor 192.0.2.7 next-hop-self all
neighbor 192.0.2.7 send-label
exit-address-family
XR6
router isis 50693
net 49.0002.0000.0000.0016.00
log adjacency changes
address-family ipv4 unicast
metric-style wide
advertise passive-only
attached-bit send never-set
mpls ldp auto-config
!
address-family ipv6 unicast
metric-style wide
advertise passive-only
!
interface Loopback0
passive
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0.36
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0.56
circuit-type level-2-only
point-to-point
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0.63
address-family ipv4 unicast
!
router ospf 1
mpls ldp auto-config
redistribute connected route-policy RPL_LOOPBACK
area 0
interface GigabitEthernet0/0/0/0.66
!
prefix-set PS_LOOPBACK
192.0.2.16/32
end-set
!
route-policy RPL_LOOPBACK
if destination in PS_LOOPBACK then
pass
endif
end-policy
!
router bgp 50693
ibgp policy out enforce-modifications
address-family ipv4 unicast
allocate-label all
!
address-family vpnv4 unicast
!
neighbor-group VPNV4
remote-as 50693
update-source Loopback0
!
neighbor 192.0.2.3
remote-as 50693
update-source Loopback0
address-family ipv4 labeled-unicast
route-reflector-client
next-hop-self
!
!
neighbor 192.0.2.7
remote-as 50693
update-source Loopback0
address-family ipv4 labeled-unicast
next-hop-self
!
neighbor 192.0.2.8
remote-as 50693
update-source Loopback0
address-family ipv4 labeled-unicast
next-hop-self
R3
router isis 50693
net 49.0002.0000.0000.0003.00
metric-style wide
log-adjacency-changes all
!
address-family ipv6
multi-topology
advertise passive-only
exit-address-family
mpls ldp autoconfig level-1
!
interface GigabitEthernet1.39
ip router isis 50693
!
interface Loopback0
ip router isis 50693
!
vrf definition UMPLS
rd 1:1
route-target export 1:1
route-target import 1:1
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
router bgp 50693
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 192.0.2.1 remote-as 50693
neighbor 192.0.2.1 update-source Loopback0
neighbor 192.0.2.9 remote-as 50693
neighbor 192.0.2.9 update-source Loopback0
neighbor 192.0.2.13 remote-as 50693
neighbor 192.0.2.13 update-source Loopback0
neighbor 192.0.2.16 remote-as 50693
neighbor 192.0.2.16 update-source Loopback0
!
address-family ipv4
redistribute connected route-map RM_LOOPBACK
neighbor 192.0.2.9 activate
neighbor 192.0.2.9 send-label
neighbor 192.0.2.13 activate
neighbor 192.0.2.13 send-label
neighbor 192.0.2.16 activate
neighbor 192.0.2.16 send-label
exit-address-family
!
address-family vpnv4
neighbor 192.0.2.1 activate
neighbor 192.0.2.1 send-community extended
exit-address-family
!
address-family ipv4 vrf UMPLS
neighbor 100.64.34.4 remote-as 65004
neighbor 100.64.34.4 activate
exit-address-family
Now that we have completed the configuration, I omitted R8 as it's configuration is identical as R7 and didn't enable the IGP peering between XR6 and R3. All the other configuration is working.
R1#sh isis neighbors
Tag 50693:
System Id Type Interface IP Address State Holdtime Circuit Id
R7 L1 Gi1.17 100.64.17.7 UP 27 R1.01
R8 L1 Gi1.18 100.64.18.8 UP 29 R1.02
We're peered from R1 to R7 and R8 via IS-IS.
R1#sh mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 192.0.2.7/32 0 Gi1.17 100.64.17.7
17 Pop Label 192.0.2.8/32 0 Gi1.18 100.64.18.8
18 No Label 100.64.21.0/24[V] \
10098 aggregate/UMPLS
19 No Label 192.0.2.2/32[V] 80042 Gi1.21 100.64.21.2
20 Pop Label 100.64.78.0/24 0 Gi1.17 100.64.17.7
21 No Label 10.2.4.0/24[V] 0 Gi1.21 100.64.21.2
22 No Label l2ckt(1) 1215 Gi2 point2point
We have labels allocated for R7 and R8 which are locally allocated.
R1#sh bgp vpnv4 unicast all summary | b Neighbor
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
100.64.21.2 4 65002 1690 1687 127 0 0 1d00h 3
192.0.2.3 4 50693 177 180 127 0 0 02:36:11 6
We see that R3 is advertising us 6 routes and R2 is advertising 3 routes.
R1#sh bgp vpnv4 unicast all | b Network
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf UMPLS)
*>i 10.1.1.0/24 192.0.2.3 0 100 0 65004 ?
*>i 10.1.100.0/24 192.0.2.3 0 100 0 65004 ?
* i 10.2.4.0/24 192.0.2.3 0 100 0 65004 ?
*> 100.64.21.2 0 0 65002 ?
*> 100.64.21.0/24 0.0.0.0 0 32768 i
* 100.64.21.2 0 0 65002 ?
*>i 100.64.34.0/24 192.0.2.3 0 100 0 65004 i
*>i 100.64.102.0/24 192.0.2.3 0 100 0 65004 ?
*> 192.0.2.2/32 100.64.21.2 0 0 65002 i
*>i 192.0.2.4/32 192.0.2.3 0 100 0 65004 i
We see that the next hop of 192.0.2.3 is showing us having learned R4's loopback, the connected subnet and a few other routes that R4 has advertised.
What this shows us is that the above configuration was successful in propagating routes so that R3 and R1 could see each others loopbacks which is the whole goal of this intense configuration. I am not doing is showing an extreme breakdown on a hop basis. I will do that in the next post as I want to breakdown each step.
What I want to show now is proof that the BGP labels are being used and a three label stack is seen in when R2 and R4 communicate.
R1 to R3 traceroute:
R1#traceroute 192.0.2.3 source loopback 0 num
Type escape sequence to abort.
Tracing the route to 192.0.2.3
VRF info: (vrf in name/id, vrf out name/id)
1 100.64.17.7 [MPLS: Label 30 Exp 0] 8 msec 7 msec 14 msec
2 100.64.75.5 [MPLS: Labels 22/17 Exp 0] 31 msec 39 msec 31 msec
3 100.64.56.6 [MPLS: Labels 17/17 Exp 0] 26 msec 32 msec 31 msec
4 100.64.69.9 [MPLS: Label 17 Exp 0] 21 msec 20 msec 68 msec
5 100.64.39.3 17 msec * 7 msec
A 2 label stack from R7 through R9.
R2#traceroute 192.0.2.4 so lo0 num
Type escape sequence to abort.
Tracing the route to 192.0.2.4
VRF info: (vrf in name/id, vrf out name/id)
1 100.64.21.1 4 msec 4 msec 3 msec
2 100.64.17.7 [MPLS: Labels 30/22 Exp 0] 9 msec 9 msec 8 msec
3 100.64.75.5 [MPLS: Labels 22/17/22 Exp 0] 27 msec 32 msec 37 msec
4 100.64.56.6 [MPLS: Labels 17/17/22 Exp 0] 31 msec 32 msec 76 msec
5 100.64.69.9 [MPLS: Labels 17/22 Exp 0] 24 msec 18 msec 20 msec
6 100.64.34.3 [AS 65004] [MPLS: Label 22 Exp 0] 17 msec 20 msec 20 msec
7 100.64.34.4 [AS 65004] 20 msec * 9 msec
Thanks for stopping by!
Rob Riker, CCIE #50693
Great Article!
ReplyDelete