Rob Riker/ Simplified Networking: November 2018

Friday, November 30, 2018

CCIE SPv4 MPLS L2VPN VPLS BGP-AD LDP Signaling Inter AS Option C

In this post we will be taking a look at the Inter AS Option C variation. Like our previous posts, having an intra AS VPLS deployment already, enables this setup to be easily scaled. This design is similar to that of L3 VPN, the main concept that the RRs in each AS need to form an eBGP peering to exchange routing information is still true. There isn't much on this topic documented online, so it took some trial and error to get working. The only reference material available is Nick Russo's CCIE SPv4 Comprehensive Guide. In his guide, he lays out a complex implementation that changes mid stride to fix an issue he intercepted and implemented a work around. The theory that a VPLS PE also running eBGP that the router would assume that it wasn't an Option C RR, this may be true.

Several of the configurations from Option B carry over, the ASBR AC MPLS configurations stay, "mpls ip, "mpls bgp forwarding", "mpls ldp discovery-address interface". We end up needing to enable the IPv4 unicast AFI between the RRs to the ASBRs and between the ASBRs. This allows us to propagate the RR loopbacks to each other to form the eBGP peering. The IPv4 AFI is just used to advertise the RRs loopbacks so that ASBRs advertise them to the remote ASN. The RRs will form an L2VPN VPLS eBGP peering. Most of the configuration is done on the RR and ASBR but I'll add in all of the configurations as there is nothing online I could that lays it out.

PEs
CSR1, CSR4, CSR10, CSR11 and CSR12

ASBRs
CSR2 and CSR14

RRs
CSR5 and XRv10

CSR1
mpls ldp discovery targeted-hello accept
!
!
l2vpn vfi context VPLS
vpn id 100
autodiscovery bgp signaling ldp template TMP_VPLS
vpls-id 100:200
route-target import 100:100
route-target import 200:200
route-target import 100:200
encapsulation mpls
!
bridge-domain 1
member GigabitEthernet3 service-instance 1
member vfi VPLS
!
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 1.1.1.5 remote-as 100
neighbor 1.1.1.5 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 1.1.1.5 activate
neighbor 1.1.1.5 send-community extended
exit-address-family
!
address-family l2vpn vpls
neighbor 1.1.1.5 activate
exit-address-family

CSR4
mpls ldp discovery targeted-hello accept
!
l2vpn vfi context VPLS
vpn id 100
autodiscovery bgp signaling ldp template TMP_VPLS
vpls-id 100:200
route-target import 100:100
route-target import 200:200
route-target import 100:200
encapsulation mpls
!
bridge-domain 1
member GigabitEthernet3 service-instance 1
member vfi VPLS
!
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 1.1.1.5 remote-as 100
neighbor 1.1.1.5 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 1.1.1.5 activate
neighbor 1.1.1.5 send-community extended
exit-address-family
!
address-family l2vpn vpls
neighbor 1.1.1.5 activate
exit-address-family

CSR2
mpls ldp discovery targeted-hello accept
!
interface GigabitEthernet4
ip address 90.2.14.2 255.255.255.0
negotiation auto
mpls ip
mpls ldp discovery transport-address interface
mpls bgp forwarding
!
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 1.1.1.5 remote-as 100
neighbor 1.1.1.5 update-source Loopback0
neighbor 90.2.14.14 remote-as 200
!
address-family ipv4
neighbor 1.1.1.5 activate
neighbor 1.1.1.5 next-hop-self
neighbor 90.2.14.14 activate
neighbor 90.2.14.14 send-label
exit-address-family
!
address-family l2vpn vpls
no bgp default route-target filter
neighbor 1.1.1.5 activate
neighbor 1.1.1.5 next-hop-self
neighbor 90.2.14.14 activate
exit-address-family

CSR5
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor IBGP peer-group
neighbor IBGP remote-as 100
neighbor IBGP update-source Loopback0
neighbor 1.1.1.1 peer-group IBGP
neighbor 1.1.1.2 peer-group IBGP
neighbor 1.1.1.4 peer-group IBGP
neighbor 1.1.1.6 peer-group IBGP
neighbor 1.1.1.14 peer-group IBGP
neighbor 2.2.2.100 remote-as 200
neighbor 2.2.2.100 ebgp-multihop 255
neighbor 2.2.2.100 update-source Loopback0
!
address-family ipv4
network 1.1.1.5 mask 255.255.255.255
neighbor IBGP route-reflector-client
neighbor 1.1.1.2 activate
exit-address-family
!
address-family vpnv4
neighbor IBGP send-community extended
neighbor IBGP route-reflector-client
neighbor 1.1.1.1 activate
neighbor 1.1.1.2 activate
neighbor 1.1.1.4 activate
neighbor 1.1.1.6 activate
neighbor 1.1.1.14 activate
exit-address-family
!
address-family l2vpn vpls
neighbor IBGP send-community extended
neighbor IBGP route-reflector-client
neighbor 1.1.1.1 activate
neighbor 1.1.1.2 activate
neighbor 1.1.1.4 activate
neighbor 1.1.1.6 activate
neighbor 1.1.1.14 activate
neighbor 1.1.1.14 prefix-length-size 2
neighbor 2.2.2.100 activate
neighbor 2.2.2.100 send-community extended
neighbor 2.2.2.100 prefix-length-size 2
neighbor 2.2.2.100 next-hop-unchanged
exit-address-family

CSR10
mpls ldp discovery targeted-hello accept
!
l2vpn
logging pseudowire status
!
l2vpn vfi context VPLS
vpn id 200
autodiscovery bgp signaling ldp template TMP_VPLS
vpls-id 100:200
route-target import 200:200
route-target import 100:100
route-target import 100:200
encapsulation mpls
!
bridge-domain 200
member GigabitEthernet3 service-instance 1
member vfi VPLS
!
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2.2.2.14 remote-as 200
neighbor 2.2.2.14 update-source Loopback0
neighbor 2.2.2.100 remote-as 200
neighbor 2.2.2.100 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family l2vpn vpls
neighbor 2.2.2.14 activate
neighbor 2.2.2.100 activate
neighbor 2.2.2.100 prefix-length-size 2
exit-address-family

CSR11
mpls ldp discovery targeted-hello accept
!
l2vpn
logging pseudowire status
!
l2vpn vfi context VPLS
vpn id 200
autodiscovery bgp signaling ldp template TMP_VPLS
vpls-id 100:200
route-target import 200:200
route-target import 100:100
route-target import 100:200
!
bridge-domain 200
member GigabitEthernet3 service-instance 1
member vfi VPLS
!
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2.2.2.14 remote-as 200
neighbor 2.2.2.14 update-source Loopback0
neighbor 2.2.2.100 remote-as 200
neighbor 2.2.2.100 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family l2vpn vpls
neighbor 2.2.2.14 activate
neighbor 2.2.2.100 activate
neighbor 2.2.2.100 prefix-length-size 2
exit-address-family

CSR12
mpls ldp discovery targeted-hello accept
!
l2vpn
logging pseudowire status
!
l2vpn vfi context VPLS
vpn id 200
autodiscovery bgp signaling ldp template TMP_VPLS
vpls-id 100:200
route-target import 200:200
route-target import 100:100
route-target import 100:200
!
bridge-domain 200
member GigabitEthernet3 service-instance 1
member vfi VPLS
!
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2.2.2.14 remote-as 200
neighbor 2.2.2.14 update-source Loopback0
neighbor 2.2.2.100 remote-as 200
neighbor 2.2.2.100 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family l2vpn vpls
neighbor 2.2.2.14 activate
neighbor 2.2.2.100 activate
neighbor 2.2.2.100 prefix-length-size 2
exit-address-family

CSR14
mpls ldp discovery targeted-hello accept
!
l2vpn
logging pseudowire status
redundancy predictive enabled
!
interface GigabitEthernet3
ip address 90.2.14.14 255.255.255.0
negotiation auto
mpls ip
mpls ldp discovery transport-address interface
mpls bgp forwarding
!
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2.2.2.10 remote-as 200
neighbor 2.2.2.10 update-source Loopback0
neighbor 2.2.2.11 remote-as 200
neighbor 2.2.2.11 update-source Loopback0
neighbor 2.2.2.12 remote-as 200
neighbor 2.2.2.12 update-source Loopback0
neighbor 2.2.2.100 remote-as 200
neighbor 2.2.2.100 update-source Loopback0
neighbor 90.2.14.2 remote-as 100
!
address-family ipv4
neighbor 2.2.2.100 activate
neighbor 2.2.2.100 next-hop-self
neighbor 90.2.14.2 activate
neighbor 90.2.14.2 send-label
exit-address-family
!
address-family l2vpn vpls
no bgp default route-target filter
neighbor 2.2.2.10 activate
neighbor 2.2.2.10 next-hop-self
neighbor 2.2.2.11 activate
neighbor 2.2.2.11 next-hop-self
neighbor 2.2.2.12 activate
neighbor 2.2.2.12 next-hop-self
neighbor 2.2.2.100 activate
neighbor 2.2.2.100 prefix-length-size 2
neighbor 90.2.14.2 activate
exit-address-family

XRv10
router bgp 200
address-family ipv4 unicast
network 2.2.2.100/32
!
address-family l2vpn vpls-vpws
retain route-target all
!
neighbor 1.1.1.5
remote-as 100
ebgp-multihop 255
update-source Loopback0
address-family l2vpn vpls-vpws
route-policy PASS in
route-policy PASS out
next-hop-unchanged
!
!
neighbor 2.2.2.10
remote-as 200
update-source Loopback0
address-family l2vpn vpls-vpws
route-reflector-client
!
!
neighbor 2.2.2.11
remote-as 200
update-source Loopback0
address-family l2vpn vpls-vpws
route-reflector-client
!
!
neighbor 2.2.2.12
remote-as 200
update-source Loopback0
address-family l2vpn vpls-vpws
route-reflector-client
!
!
neighbor 2.2.2.14
remote-as 200
update-source Loopback0
address-family ipv4 unicast
route-reflector-client
!
address-family l2vpn vpls-vpws
route-reflector-client
!
!
!
mpls ldp

CSR5#show bgp ipv4 unicast
BGP table version is 4, local router ID is 1.1.1.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.5/32 0.0.0.0 0 32768 i
*>i 2.2.2.100/32 1.1.1.2 0 100 0 200 i

CSR5 shows an eBGP peering to XRv10, so we know that the RRs loopbacks are being leaked between ASNs.

RP/0/0/CPU0:XRv10#show bgp ipv4 unicast
Fri Nov 30 22:07:47.749 UTC
BGP router identifier 2.2.2.100, local AS number 200
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000000 RD version: 4
BGP main routing table version 4
BGP NSR Initial initsync version 2 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs

Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.5/32 2.2.2.14 0 100 0 100 i
*> 2.2.2.100/32 0.0.0.0 0 32768 i

Processed 2 prefixes, 2 paths

XRv10 shows the same thing, an eBGP peering with CSR5

CSR14#show l2vpn atom vc

Service
Interface Peer ID VC ID Type Name Status
--------- --------------- ---------- ------ ------------------------ ----------
pw100115 1.1.1.1 1001 p2p mpls 1.1.1.1:1001 UP
pw100117 1.1.1.1 1002 p2p mpls 2.2.2.10:1002 UP
pw100119 1.1.1.1 1003 p2p mpls 2.2.2.12:1003 UP
pw100121 1.1.1.4 1002 p2p mpls 2.2.2.11:1002 UP
pw100125 1.1.1.4 1004 p2p mpls 2.2.2.12:1004 UP
pw100122 2.2.2.10 1002 p2p mpls 2.2.2.10:1002 UP
pw100124 2.2.2.11 1001 p2p mpls 1.1.1.1:1001 UP
pw100118 2.2.2.11 1002 p2p mpls 2.2.2.11:1002 UP
pw100120 2.2.2.12 1003 p2p mpls 2.2.2.12:1003 UP
pw100126 2.2.2.12 1004 p2p mpls 2.2.2.12:1004 UP

CSR2#show l2vpn atom vc

Service
Interface Peer ID VC ID Type Name Status
--------- --------------- ---------- ------ ------------------------ ----------
pw100101 1.1.1.1 1001 p2p mpls 1.1.1.1:1001 UP
pw100103 1.1.1.1 1002 p2p mpls 1.1.1.1:1002 UP
pw100105 1.1.1.1 1003 p2p mpls 1.1.1.1:1003 UP
pw100109 1.1.1.4 1001 p2p mpls 2.2.2.12:1001 UP
pw100107 1.1.1.4 1002 p2p mpls 2.2.2.11:1002 UP
pw100142 2.2.2.10 1001 p2p mpls 1.1.1.1:1001 UP
pw100104 2.2.2.11 1002 p2p mpls 2.2.2.11:1002 UP
pw100144 2.2.2.11 1003 p2p mpls 1.1.1.1:1003 UP
pw100141 2.2.2.12 1001 p2p mpls 2.2.2.12:1001 UP
pw100146 2.2.2.12 1002 p2p mpls 1.1.1.1:1002 UP

CSR2 and CSR14 both show end to end LSP PWs setup between all of the PEs.

CSR1#show l2vpn atom vc

Service
Interface Peer ID VC ID Type Name Status
--------- --------------- ---------- ------ ------------------------ ----------
pw100003 1.1.1.4 100 vfi VPLS UP
pw100004 2.2.2.10 100 vfi VPLS UP
pw100006 2.2.2.11 100 vfi VPLS UP
pw100005 2.2.2.12 100 vfi VPLS UP

CSR1 shows 1 local PW and 3 remote PWs, we know the remote ones based on the Peer ID being 2.2.2.x and all of them are in the UP status.

CSR1#show bridge-domain 1
Bridge-domain 1 (5 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
GigabitEthernet3 service instance 1
vfi VPLS neighbor 1.1.1.4 100
vfi VPLS neighbor 2.2.2.10 100
vfi VPLS neighbor 2.2.2.11 100
vfi VPLS neighbor 2.2.2.12 100
AED MAC address Policy Tag Age Pseudoport
0 5000.001F.0001 forward dynamic 300 VPLS.1004036
0 5000.0022.0000 forward dynamic 295 VPLS.1004035
0 5000.0019.0001 forward dynamic 299 VPLS.1004033
0 5000.0018.0001 forward dynamic 297 GigabitEthernet3.EFP1
0 5000.0021.0001 forward dynamic 300 VPLS.1004034

CSR1 is a PE hosting a bridge domain, we see 4 PW connections and 1 EFP.

CSR12#show l2vpn atom vc

Service
Interface Peer ID VC ID Type Name Status
--------- --------------- ---------- ------ ------------------------ ----------
pw100018 1.1.1.1 200 vfi VPLS UP
pw100014 1.1.1.4 200 vfi VPLS UP
pw100006 2.2.2.10 200 vfi VPLS UP
pw100007 2.2.2.11 200 vfi VPLS UP

CSR12#show bridge-domain 200
Bridge-domain 200 (5 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
GigabitEthernet3 service instance 1
vfi VPLS neighbor 1.1.1.1 200
vfi VPLS neighbor 2.2.2.10 200
vfi VPLS neighbor 2.2.2.11 200
vfi VPLS neighbor 1.1.1.4 200
AED MAC address Policy Tag Age Pseudoport
0 5000.001F.0001 forward dynamic 300 GigabitEthernet3.EFP1
0 5000.0019.0001 forward dynamic 296 VPLS.100402a
0 5000.0018.0001 forward dynamic 297 VPLS.1004029
0 5000.0022.0000 forward dynamic 296 VPLS.100401f
0 5000.0021.0001 forward dynamic 296 VPLS.100401e

CSR12 shows the same outputs.

CSR5#show bgp l2vpn vpls all summary | b Neighbor
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 100 519 532 92 0 0 07:50:04 1
1.1.1.2 4 100 110 114 92 0 0 01:34:38 3
1.1.1.4 4 100 522 548 92 0 0 07:56:49 1
1.1.1.6 4 100 0 0 1 0 0 never (NoNeg)
1.1.1.14 4 100 6979 7768 92 0 0 4d22h 1
2.2.2.100 4 200 76 88 92 0 0 01:10:01 3

CSR5#show bgp l2vpn vpls all
BGP table version is 92, local router ID is 1.1.1.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:100
*>i 100:100:1.1.1.1/96
1.1.1.1 0 100 0 ?
*>i 100:100:1.1.1.4/96
1.1.1.4 0 100 0 ?
*>i 100:100:1.1.1.14/96
1.1.1.14 100 0 i
Route Distinguisher: 200:200
* 200:200:2.2.2.10/96
2.2.2.10 0 200 ?
*>i 1.1.1.2 0 100 0 200 ?
* 200:200:2.2.2.11/96
2.2.2.11 0 200 ?
*>i 1.1.1.2 0 100 0 200 ?
Network Next Hop Metric LocPrf Weight Path
* 200:200:2.2.2.12/96
2.2.2.12 0 200 ?
*>i 1.1.1.2 0 100 0 200 ?

CSR5 shows that it is learning 3 routes from XRv10.

CSR1#show bgp l2vpn vpls all
BGP table version is 42, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:100
*> 100:100:1.1.1.1/96
0.0.0.0 32768 ?
*>i 100:100:1.1.1.4/96
1.1.1.4 0 100 0 ?
Route Distinguisher: 200:200
*>i 200:200:2.2.2.10/96
1.1.1.2 0 100 0 200 ?
*>i 200:200:2.2.2.11/96
1.1.1.2 0 100 0 200 ?
*>i 200:200:2.2.2.12/96
1.1.1.2 0 100 0 200 ?

CSR1 shows that it is learning the routes from both SPs.

RP/0/0/CPU0:XRv10#show bgp l2vpn vpls summary | b Neighbor
Fri Nov 30 22:11:27.934 UTC
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
1.1.1.5 0 100 113 94 4 0 0 01:09:52 3
2.2.2.10 0 200 135 126 4 0 0 01:39:46 1
2.2.2.11 0 200 137 126 4 0 0 01:39:38 1
2.2.2.12 0 200 137 126 4 0 0 01:39:33 1
2.2.2.14 0 200 142 119 4 0 0 01:11:04 3

RP/0/0/CPU0:XRv10#show bgp l2vpn vpls
Fri Nov 30 22:11:30.604 UTC
BGP router identifier 2.2.2.100, local AS number 200
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0 RD version: 0
BGP main routing table version 4
BGP NSR Initial initsync version 4 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs

Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 100:100
* 1.1.1.1/32 1.1.1.1 nolabel nolabel
* i 90.2.14.2 nolabel nolabel
* 1.1.1.4/32 1.1.1.4 nolabel nolabel
* i 90.2.14.2 nolabel nolabel
* 1.1.1.14/32 1.1.1.14 nolabel nolabel
* i 90.2.14.2 nolabel nolabel
Route Distinguisher: 200:200
*>i2.2.2.10/32 2.2.2.10 nolabel nolabel
*>i2.2.2.11/32 2.2.2.11 nolabel nolabel
*>i2.2.2.12/32 2.2.2.12 nolabel nolabel

Processed 6 prefixes, 9 paths

XRv10 shows the same information.

IOSV1#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(1)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 10.1.1.7 Gi0/1 11 01:29:31 287 1722 0 31
2 10.1.1.9 Gi0/1 11 01:29:31 296 1776 0 29
1 10.1.1.10 Gi0/1 13 01:29:32 266 1596 0 3149
0 10.1.1.2 Gi0/1 10 07:18:14 302 1812 0 3345

IOv1 (CE) shows 4 active EIGRP adjacencies, proving that the Inter AS link is working as expected.

Thanks for stopping by!
Rob Riker, CCIE #50693

CCIE SPv4 MPLS L2VPN VPLS BGP-AD LDP Signaling Inter AS Option B

In this post we will be taking a look at Inter AS Option B for VPLS. I have to say, this was probably one of the most complicated L2VPN configurations I have dealt with thus far. There are a lot of moving parts and at first, it didn't work, one side of the topology would appear to be working but the other side would not. It made for some very tedious troubleshooting, rebuilding the lab a couple times due to reloading several CSRs after all the logical troubleshooting had been exhausted. I will be laying out all of the configuration I "threw" at the lab to get it to work.

Unlike Option A, where we are able to terminate the PWs at the ASBR and leverage the connection between the ASBRs as an AC. Option A is the easiest transition to any Inter AS design, L2 and L3 in my opinion. Option B is not so easy and very unforgiving if something isn't correctly configured. One key thing that I noticed was that if the PE to PE PWs that form when things are working, won't form if end to end connectivity isn't working correctly, it becomes a node by node troubleshooting scenario that becomes time consuming.

Like L3 VPN, there are 3 separate LSPs connecting the PEs together. PE to ASBR, ASBR to ASBR and ASBR to PE. Unline L3 VPN, tracing from the PE to PE or CE to CE doesn't expose the label binding or LSPs, since we are creating transparent L2 connectivity between two ISPs, we have to trace and ping between PEs to accomplish this. We'll focus on the verification at the end.

The logic we use for Intra AS VPLS still applies, so if you have an existing VPLS deployment, you can leverage that to play with Inter AS Option B. Some key things that need to be added, the ASBR to ASBR connectivity needs to be MPLS enabled, I added "mpls ip", "mpls bgp forwarding" and "mpls ldp discovery transport-address interface" to the interface facing the ASBRs. An eBGP L2VPN VPLS peering had to be created to allow the ASBRs to exchange BGP info from between the ASNs. MPLS needs to be enabled on the connected link, "mpls ip" does this. The ASBR need to be able to send/accept labeled packets over the configured interface, "mpls bgp forwarding" does this. The last command, "mpls ldp discovery transport-address interface" changes the discovery address from the loopback to the connected interface enabling LDP to form the adjacency. The last MPLS command that needs to be added is "mpls ldp discovery targeted-hello accept" which will allow multi-hop LDP peerings to be created, which will be needed for the PE to PE tLDP peerings.

The L2VPN configuration, normally the VFI configuration is enough, for Intra AS, but for Inter AS, there are some additional things that need to be added. On the PEs, we need to enable PW routing, specifically, "terminating-pe tie breaker", both PEs will be in active mode when forming the multi-segment PWs, with Option B, one of the two PEs needs to be in passive mode, the system determines this based on the TAII from BGP and the SAII in LDP from the local router. I applied the command to all PEs and ASBRs. On the ASBRs I applied the additional command "switching-point vcid 1 200000" which is used to switch between the MS PW setup. This is similar to creating an "xconnect context" and calling two PWs to allow manual MSPW to allow 2 PEs to form an end to end LSP for a L2 connection for the CEs.

Additionally a template was used on the PEs and ASBRs and applied to the L2VPN construct to provide consistent PW attributes.

In the above topology, CSR1, CSR4, CSR10, CSR11 and CSR12 (PEs); CSR2 and CSR14 (ASBR) are configured. I will show you the configs from CSR1, CSR2 and CSR11 since there is so much repeated configuration. Then we'll dive into the verification. ISP 1 is BGP 100 and ISP 2 is BGP 200. The routers in ISP 100 use VPN ID 100 and VPLS ID 100:200. The routers in ISP 200 use VPN ID 200 and VPLS ID 100:200. To ensure I would import the correct info, I made sure to import the variations of the RT that might be seen. After configuration is complete, it may be required to hard clear BGP, I needed to do this to get the PWs to form between the PEs.

CSR1
!
mpls ldp discovery targeted-hello accept
!
l2vpn
pseudowire routing
terminating-pe tie-breaker
!
l2vpn vfi context VPLS
vpn id 100
autodiscovery bgp signaling ldp template TMP_VPLS
vpls-id 100:200
route-target import 100:100
route-target import 200:200
route-target import 100:200
!
template type pseudowire TMP_VPLS
encapsulation mpls
sequencing both
control-word include
!
bridge-domain 1
member GigabitEthernet3 service-instance 1
member vfi VPLS
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip router isis 1
!
interface GigabitEthernet1
ip address 10.1.13.1 255.255.255.0
ip router isis 1
negotiation auto
!
interface GigabitEthernet3
no ip address
negotiation auto
service instance 1 ethernet
encapsulation default
!
router isis 1
net 00.0000.0000.0001.00
mpls ldp autoconfig
!
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 1.1.1.5 remote-as 100
neighbor 1.1.1.5 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 1.1.1.5 activate
neighbor 1.1.1.5 send-community extended
exit-address-family
!
address-family l2vpn vpls
neighbor 1.1.1.5 activate
exit-address-family

CSR2 (ASBR)
!
mpls ldp discovery targeted-hello accept
!
l2vpn
logging pseudowire status
redundancy predictive enabled
pseudowire routing
switching-point vcid 1 200000
terminating-pe tie-breaker
!
interface Loopback0
ip address 1.1.1.2 255.255.255.255
ip router isis 1
!
interface GigabitEthernet1
ip address 10.2.11.2 255.255.255.0
ip router isis 1
negotiation auto
!
interface GigabitEthernet4
ip address 90.2.14.2 255.255.255.0
negotiation auto
mpls ip
mpls ldp discovery transport-address interface
mpls bgp forwarding
!
router isis 1
net 00.0000.0000.0002.00
mpls ldp autoconfig
!
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 1.1.1.5 remote-as 100
neighbor 1.1.1.5 update-source Loopback0
neighbor 90.2.14.14 remote-as 200
!
address-family ipv4
exit-address-family
!
address-family l2vpn vpls
no bgp default route-target filter
neighbor 1.1.1.5 activate
neighbor 1.1.1.5 next-hop-self
neighbor 90.2.14.14 activate
exit-address-family

CSR11
!
mpls ldp discovery targeted-hello accept
!
!
multilink bundle-name authenticated
l2vpn
logging pseudowire status
pseudowire routing
terminating-pe tie-breaker
!
l2vpn vfi context VPLS
vpn id 200
autodiscovery bgp signaling ldp template TMP_VPLS
vpls-id 100:200
route-target import 200:200
route-target import 100:100
route-target import 100:200
!
template type pseudowire TMP_VPLS
encapsulation mpls
sequencing both
control-word include
!
redundancy
bridge-domain 200
member GigabitEthernet3 service-instance 1
member vfi VPLS
!
interface Loopback0
ip address 2.2.2.11 255.255.255.255
!
interface GigabitEthernet1
ip address 10.11.10.11 255.255.255.0
negotiation auto
!
interface GigabitEthernet3
no ip address
negotiation auto
service instance 1 ethernet
encapsulation default
!
router ospf 1
network 2.2.2.0 0.0.0.255 area 0
network 10.0.0.0 0.255.255.255 area 0
mpls ldp autoconfig
!
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2.2.2.14 remote-as 200
neighbor 2.2.2.14 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family l2vpn vpls
neighbor 2.2.2.14 activate
exit-address-family

CSR1#show l2vpn atom vc

Service
Interface Peer ID VC ID Type Name Status
--------- --------------- ---------- ------ ------------------------ ----------
pw100003 1.1.1.4 100 vfi VPLS UP
pw100004 2.2.2.10 100 vfi VPLS UP
pw100006 2.2.2.11 100 vfi VPLS UP
pw100005 2.2.2.12 100 vfi VPLS UP

CSR1#show bridge-domain 1
Bridge-domain 1 (5 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
GigabitEthernet3 service instance 1
vfi VPLS neighbor 1.1.1.4 100
vfi VPLS neighbor 2.2.2.10 100
vfi VPLS neighbor 2.2.2.12 100
vfi VPLS neighbor 2.2.2.11 100
AED MAC address Policy Tag Age Pseudoport
0 5000.001F.0001 forward dynamic 297 VPLS.1004014
0 5000.0022.0000 forward dynamic 299 VPLS.1004015
0 5000.0019.0001 forward dynamic 297 VPLS.1004012
0 5000.0018.0001 forward dynamic 298 GigabitEthernet3.EFP1
0 5000.0021.0001 forward dynamic 296 VPLS.1004013

CSR2# show l2vpn atom vc

Service
Interface Peer ID VC ID Type Name Status
--------- --------------- ---------- ------ ------------------------ ----------
pw100009 1.1.1.1 1 p2p mpls 2.2.2.10:1 UP
pw100007 1.1.1.1 2 p2p mpls 2.2.2.11:2 UP
pw100011 1.1.1.1 4 p2p mpls 2.2.2.12:4 UP
pw100001 1.1.1.4 1 p2p mpls 2.2.2.11:1 UP
pw100003 1.1.1.4 2 p2p mpls 2.2.2.10:2 UP
pw100005 1.1.1.4 3 p2p mpls 2.2.2.12:3 UP
pw100010 2.2.2.10 1 p2p mpls 2.2.2.10:1 UP
pw100004 2.2.2.10 2 p2p mpls 2.2.2.10:2 UP
pw100002 2.2.2.11 1 p2p mpls 2.2.2.11:1 UP
pw100008 2.2.2.11 2 p2p mpls 2.2.2.11:2 UP
pw100006 2.2.2.12 3 p2p mpls 2.2.2.12:3 UP
pw100012 2.2.2.12 4 p2p mpls 2.2.2.12:4 UP

CSR11#show l2vpn atom vc

Service
Interface Peer ID VC ID Type Name Status
--------- --------------- ---------- ------ ------------------------ ----------
pw100018 1.1.1.1 200 vfi VPLS UP
pw100014 1.1.1.4 200 vfi VPLS UP
pw100006 2.2.2.10 200 vfi VPLS UP
pw100011 2.2.2.12 200 vfi VPLS UP

CSR11#show bridge-domain 200
Bridge-domain 200 (5 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
GigabitEthernet3 service instance 1
vfi VPLS neighbor 1.1.1.4 200
vfi VPLS neighbor 2.2.2.10 200
vfi VPLS neighbor 2.2.2.12 200
vfi VPLS neighbor 1.1.1.1 200
AED MAC address Policy Tag Age Pseudoport
0 5000.001F.0001 forward dynamic 297 VPLS.100401f
0 5000.0019.0001 forward dynamic 299 VPLS.100401d
0 5000.0018.0001 forward dynamic 297 VPLS.1004020
0 5000.0022.0000 forward dynamic 298 GigabitEthernet3.EFP1
0 5000.0021.0001 forward dynamic 300 VPLS.100401e

IOSv1 (CE)
router eigrp 1
network 10.1.1.0 0.0.0.255

IOSV1#show ip eigrp nei
EIGRP-IPv4 Neighbors for AS(1)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 10.1.1.7 Gi0/1 12 02:25:49 1371 5000 0 24
2 10.1.1.9 Gi0/1 14 02:25:49 134 804 0 22
1 10.1.1.10 Gi0/1 12 02:25:49 128 768 0 3146
0 10.1.1.2 Gi0/1 12 02:25:49 302 1812 0 3345

CSR1#ping mpls pseudowire 2.2.2.10 100
%Total number of MS-PW segments is less than segment number; Adjusting the segment number to 3
Sending 5, 72-byte MPLS Echos to 2.2.2.10,
timeout is 2 seconds, send interval is 0 msec:

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'l' - Label switched with FEC change, 'd' - see DDMAP for return code,
'X' - unknown return code, 'x' - return code 0

Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 57/152/289 ms
Total Time Elapsed 800 ms

CSR1#traceroute mpls pseudowire 2.2.2.10 100 segment 3
Tracing MS-PW segments within range [1-3] peer address 2.2.2.10 and timeout 2 seconds

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'l' - Label switched with FEC change, 'd' - see DDMAP for return code,
'X' - unknown return code, 'x' - return code 0

Type escape sequence to abort.
L 1 10.2.11.2 55 ms [Labels: 40 Exp: 0]
local 1.1.1.1 remote 2.2.2.10 vc id 100

L 2 90.2.14.14 115 ms [Labels: 41 Exp: 0]
local 1.1.1.2 remote 2.2.2.14 vc id 1

! 3 10.10.10.10 105 ms [Labels: 25 Exp: 0]
local 2.2.2.14 remote 2.2.2.10 vc id 1

Thanks for stopping by!
Rob Riker, CCIE #50693

Sunday, November 25, 2018

CCIE SPv4 MPLS L2VPN VPLS BGP-AD LDP Signaling Inter AS Option A

Howdy folks!

It's been a long time in the making but I am finally back on the SP trail, this time for good and to finally finish what I started what seems like ages ago. I want to finally get done with CCIE SPv4, earn my second CCIE and move to other tracks once and for all. I have always enjoy SP topics, MPLS VPN, L2 and L3 especially, this time around I am attacking the blueprint from more of a review aspect rather than learning it for the first time.

I have also moved to running EVE-NG, after spending an entire weekend getting it up and running. It's not quite as responsive as VMs running in ESXi, but the flexibility can't be beat.

I have already covered L2VPN VPLS BGP AD with both LDP and BGP signaling in previous posts so I won't be diving into that as much. I find recluse topics like Inter AS L2VPN to not be widely documented so I figured as continue plowing through the technologies, I'll pick up where I left off with SP content.

The last time we checked out VPLS with BGP AD LDP/BGP signaling, it was in a single AS, which makes it pretty easy to work with. I liken L2VPN Option A to L3VPN Option A, the ASBRs treat each other as CE devices and create ACs on the attached connections. All that is really needed is a service instance and encapsulation to get it to work. If you were to take the previous posts on VPLS, you could pretty easily get Inter AS L2VPN up and running.

In the above screen shot, we have our topology, which is quite large, but gives us lots of flexibility to test different technologies out with. In the large SP, CSR5 is a BGP Route Reflector, CSR1, CSR4, CSR2 and XRv4 are PEs configured to run VPLS BGP AD with LDP signaling. In the SP in the upper right, CSR14 is a BGP Route Reflector, CSR11, CSR10 and CSR12 are configured to run VPLS BGP AD with LDP signaling. CSR2 and CSR14 are physically wired to each other and their locally connected interfaces are configured to be ACs to the remote ASBR. XRv doesn't support L2VPN in the data plane, the configuration is shown only for reference.

I'll lay out the configuration from left to right then show the verification and show the EIGRP adjacencies the CE routers have between each other.

SP 100

CSR5 (BGP Route Reflector)
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor IBGP peer-group
neighbor IBGP remote-as 100
neighbor IBGP update-source Loopback0
neighbor 1.1.1.1 peer-group IBGP
neighbor 1.1.1.2 peer-group IBGP
neighbor 1.1.1.4 peer-group IBGP
neighbor 1.1.1.6 peer-group IBGP
neighbor 1.1.1.14 peer-group IBGP
!
address-family ipv4
exit-address-family
!
address-family vpnv4
exit-address-family
!
address-family l2vpn vpls
neighbor IBGP send-community extended
neighbor IBGP route-reflector-client
neighbor 1.1.1.1 activate
neighbor 1.1.1.2 activate
neighbor 1.1.1.4 activate
neighbor 1.1.1.6 activate
neighbor 1.1.1.14 activate
neighbor 1.1.1.14 prefix-length-size 2
exit-address-family

CSR1, CSR4
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 1.1.1.5 remote-as 100
neighbor 1.1.1.5 update-source Loopback0
neighbor 1.1.1.11 remote-as 100
neighbor 1.1.1.11 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
exit-address-family
!
address-family l2vpn vpls
neighbor 1.1.1.5 activate
neighbor 1.1.1.5 send-community extended
neighbor 1.1.1.11 activate
neighbor 1.1.1.11 send-community extended
exit-address-family
!
interface GigabitEthernet3
service instance 1 ethernet
encapsulation default
!
l2vpn vfi context VPLS_AD_LDP
vpn id 100
autodiscovery bgp signaling ldp
!
bridge-domain 100
member GigabitEthernet3 service-instance 1
member vfi VPLS_AD_LDP

CSR2 (SP ASBR)
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 1.1.1.5 remote-as 100
neighbor 1.1.1.5 update-source Loopback0
neighbor 1.1.1.11 remote-as 100
neighbor 1.1.1.11 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
exit-address-family
!
address-family l2vpn vpls
neighbor 1.1.1.5 activate
neighbor 1.1.1.5 send-community extended
neighbor 1.1.1.11 activate
neighbor 1.1.1.11 send-community extended
exit-address-family
!
l2vpn vfi context VPLS_AD_LDP
vpn id 100
autodiscovery bgp signaling ldp
!
bridge-domain 100
member GigabitEthernet3 service-instance 1
member GigabitEthernet4 service-instance 1
member vfi VPLS_AD_LDP
!
interface GigabitEthernet3
service instance 1 ethernet
encapsulation default
!
interface GigabitEthernet4
service instance 1 ethernet
encapsulation default

XRv4
router bgp 100
address-family vpnv4 unicast
!
address-family l2vpn vpls-vpws
!
neighbor 1.1.1.5
remote-as 100
update-source Loopback0
session-open-mode active-only
address-family vpnv4 unicast
!
address-family l2vpn vpls-vpws
Signalling bgp disable
!
interface GigabitEthernet0/0/0/3
l2transport
!
l2vpn
logging
pseudowire
!
bridge group VPLS_AD_LDP
bridge-domain VPLS_AD_LDP
interface GigabitEthernet0/0/0/3
!
vfi VPLS_AD_LDP
vpn-id 100
autodiscovery bgp
rd 100:100
route-target import 100:100
route-target export 100:100
signaling-protocol ldp

SP 200

CSR14 (BGP Route Reflector)
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2.2.2.10 remote-as 200
neighbor 2.2.2.10 update-source Loopback0
neighbor 2.2.2.11 remote-as 200
neighbor 2.2.2.11 update-source Loopback0
neighbor 2.2.2.12 remote-as 200
neighbor 2.2.2.12 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family l2vpn vpls
neighbor 2.2.2.10 activate
neighbor 2.2.2.10 route-reflector-client
neighbor 2.2.2.11 activate
neighbor 2.2.2.11 route-reflector-client
neighbor 2.2.2.12 activate
neighbor 2.2.2.12 route-reflector-client

exit-address-family
!
interface GigabitEthernet3
no ip address
negotiation auto
service instance 1 ethernet

encapsulation default
!
l2vpn vfi context VPLS_AD_LDP
vpn id 100
autodiscovery bgp signaling ldp
!
bridge-domain 100
member GigabitEthernet3 service-instance 1

member vfi VPLS_AD_LDP

CSR11
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2.2.2.14 remote-as 200
neighbor 2.2.2.14 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family l2vpn vpls
neighbor 2.2.2.14 activate
exit-address-family
!
interface GigabitEthernet3
service instance 1 ethernet
encapsulation default
!
l2vpn vfi context VPLS_AD_LDP
vpn id 100
autodiscovery bgp signaling ldp
!
bridge-domain 100
member GigabitEthernet3 service-instance 1
member vfi VPLS_AD_LDP

CSR10 and CSR12
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2.2.2.14 remote-as 200
neighbor 2.2.2.14 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family l2vpn vpls
neighbor 2.2.2.14 activate
exit-address-family
!
interface GigabitEthernet3
service instance 1 ethernet
encapsulation default
!
l2vpn vfi context VPLS_AD_LDP
vpn id 100
autodiscovery bgp signaling ldp
!
bridge-domain 100
member GigabitEthernet3 service-instance 1
member vfi VPLS_AD_LDP

With the configuration complete, we can now begin verification. We'll look at CSR2, XRv4 and CSR11 then check a couple CEs.

CSR2#show mpls l2transport vc

Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
VFI VPLS_AD_LDP \
vfi 1.1.1.1 100 UP
VFI VPLS_AD_LDP \
vfi 1.1.1.4 100 UP
VFI VPLS_AD_LDP \
vfi 1.1.1.14 100 UP

CSR2#show l2vpn vfi
Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No

VFI name: VPLS_AD_LDP, state: up, type: multipoint, signaling: LDP
VPN ID: 100, VPLS-ID: 100:100
RD: 100:100, RT: 100:100,
Bridge-Domain 100 attachment circuits:
Pseudo-port interface: pseudowire100001
Interface Peer Address VC ID Discovered Router ID S
pseudowire100004 1.1.1.14 100 1.1.1.14 Y
pseudowire100003 1.1.1.4 100 1.1.1.4 Y
pseudowire100002 1.1.1.1 100 1.1.1.1 Y

CSR2#show l2vpn atom vc

Service
Interface Peer ID VC ID Type Name Status
--------- --------------- ---------- ------ ------------------------ ----------
pw100002 1.1.1.1 100 vfi VPLS_AD_LDP UP
pw100003 1.1.1.4 100 vfi VPLS_AD_LDP UP
pw100004 1.1.1.14 100 vfi VPLS_AD_LDP UP

The outputs above are different methods of looking at the same thing. The PWs are up and working. The Transport label, PE to PE connectivity is allocated via LDP, the PW label, is also allocated by LDP when the PW forms. We are not creating PWs manually here, we are leveraging BGP to Auto Discover PEs enabled for VPLS and then creating PWs on demand. You'll notice that the PW numbers start at 100000.

CSR2#show bridge-domain 100
Bridge-domain 100 (5 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
GigabitEthernet3 service instance 1
GigabitEthernet4 service instance 1
vfi VPLS_AD_LDP neighbor 1.1.1.1 100
vfi VPLS_AD_LDP neighbor 1.1.1.4 100
vfi VPLS_AD_LDP neighbor 1.1.1.14 100
AED MAC address Policy Tag Age Pseudoport
0 5000.0019.0001 forward dynamic 299 VPLS_AD_LDP.1004012
0 5000.001C.0001 forward dynamic 295 GigabitEthernet3.EFP1
0 5000.001F.0001 forward dynamic 296 GigabitEthernet4.EFP1
0 5000.0018.0001 forward dynamic 295 VPLS_AD_LDP.1004011
0 5000.0022.0000 forward dynamic 297 GigabitEthernet4.EFP1
0 5000.0021.0001 forward dynamic 296 GigabitEthernet4.EFP1

The above output shows CSR2, which is a PE and ASBR, connection to another SP, shows several MAC addresses being learned. VPLS_AD_LDP indicates a MAC learned over a PW created on demand. The GigabitEthernet3.EFP1 indicates that the MAC was learned in on the AC from the either the CE or ASBR.

RP/0/0/CPU0:XRv4#show l2vpn atom-db
Mon Nov 26 00:00:53.156 UTC

Peer ID Source VC ID Encap SIG FEC AD
_______________________________________________________________________________

1.1.1.1 1.1.1.14 100:100 MPLS LDP 129 BGP
1.1.1.2 1.1.1.14 100:100 MPLS LDP 129 BGP
1.1.1.4 1.1.1.14 100:100 MPLS LDP 129 BGP

RP/0/0/CPU0:XRv4#show l2vpn bridge-domain
Mon Nov 26 00:01:35.403 UTC
Legend: pp = Partially Programmed.
Bridge group: VPLS_AD_LDP, bridge-domain: VPLS_AD_LDP, id: 0, state: up, ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
Gi0/0/0/3, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI VPLS_AD_LDP (up)
Neighbor 1.1.1.1 pw-id 100:100, state: up, Static MAC addresses: 0
Neighbor 1.1.1.2 pw-id 100:100, state: up, Static MAC addresses: 0
Neighbor 1.1.1.4 pw-id 100:100, state: up, Static MAC addresses: 0

IOS XR has similar outputs, the fitst of which shows the PWs are up and running. The control Plane is working. The Bridge Domain on the other hand shows no MACs being learned. I have read that the XRv9000 in later code, 6.4 and later will support L2VPN in the data plane, I haven't tested this out. You could be tested on this in the lab, so it's worth knowing how to configure it.

CSR11#show mpls l2transport vc

Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
VFI VPLS_AD_LDP \
vfi 2.2.2.10 100 UP
VFI VPLS_AD_LDP \
vfi 2.2.2.12 100 UP
VFI VPLS_AD_LDP \
vfi 2.2.2.14 100 UP

CSR11#show bridge-domain 100
Bridge-domain 100 (4 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
GigabitEthernet3 service instance 1
vfi VPLS_AD_LDP neighbor 2.2.2.10 100
vfi VPLS_AD_LDP neighbor 2.2.2.14 100
vfi VPLS_AD_LDP neighbor 2.2.2.12 100
AED MAC address Policy Tag Age Pseudoport
0 5000.0019.0001 forward dynamic 295 VPLS_AD_LDP.1004012
0 5000.001C.0001 forward dynamic 296 VPLS_AD_LDP.1004012
0 5000.001F.0001 forward dynamic 296 VPLS_AD_LDP.1004013
0 5000.0018.0001 forward dynamic 297 VPLS_AD_LDP.1004012
0 5000.0022.0000 forward dynamic 298 GigabitEthernet3.EFP1
0 5000.0021.0001 forward dynamic 296 VPLS_AD_LDP.1004011

CSR11 shows very similar output as CSR2 except this is strictly a PE.

IOSV1#sh ip eigrp nei
EIGRP-IPv4 Neighbors for AS(1)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
4 10.1.1.10 Gi0/1 12 01:34:11 62 372 0 7
3 10.1.1.9 Gi0/1 14 01:34:18 139 834 0 7
2 10.1.1.7 Gi0/1 13 01:34:22 81 486 0 6
1 10.1.1.5 Gi0/1 10 01:34:28 40 240 0 4
0 10.1.1.2 Gi0/1 12 01:34:33 1168 5000 0 1

IOSv1 has 5 EIGRP peerings setup, this is done to keep the MACs in the BDs on the PEs and ASBRs as well as to prove that the data plane is working.

Thanks for stopping by!
Rob Riker, CCIE #50693