It's been a long time in the making but I am finally back on the SP trail, this time for good and to finally finish what I started what seems like ages ago. I want to finally get done with CCIE SPv4, earn my second CCIE and move to other tracks once and for all. I have always enjoy SP topics, MPLS VPN, L2 and L3 especially, this time around I am attacking the blueprint from more of a review aspect rather than learning it for the first time.
I have also moved to running EVE-NG, after spending an entire weekend getting it up and running. It's not quite as responsive as VMs running in ESXi, but the flexibility can't be beat.
I have already covered L2VPN VPLS BGP AD with both LDP and BGP signaling in previous posts so I won't be diving into that as much. I find recluse topics like Inter AS L2VPN to not be widely documented so I figured as continue plowing through the technologies, I'll pick up where I left off with SP content.
The last time we checked out VPLS with BGP AD LDP/BGP signaling, it was in a single AS, which makes it pretty easy to work with. I liken L2VPN Option A to L3VPN Option A, the ASBRs treat each other as CE devices and create ACs on the attached connections. All that is really needed is a service instance and encapsulation to get it to work. If you were to take the previous posts on VPLS, you could pretty easily get Inter AS L2VPN up and running.
In the above screen shot, we have our topology, which is quite large, but gives us lots of flexibility to test different technologies out with. In the large SP, CSR5 is a BGP Route Reflector, CSR1, CSR4, CSR2 and XRv4 are PEs configured to run VPLS BGP AD with LDP signaling. In the SP in the upper right, CSR14 is a BGP Route Reflector, CSR11, CSR10 and CSR12 are configured to run VPLS BGP AD with LDP signaling. CSR2 and CSR14 are physically wired to each other and their locally connected interfaces are configured to be ACs to the remote ASBR. XRv doesn't support L2VPN in the data plane, the configuration is shown only for reference.
I'll lay out the configuration from left to right then show the verification and show the EIGRP adjacencies the CE routers have between each other.
SP 100
CSR5 (BGP Route Reflector)
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor IBGP peer-group
neighbor IBGP remote-as 100
neighbor IBGP update-source Loopback0
neighbor 1.1.1.1 peer-group IBGP
neighbor 1.1.1.2 peer-group IBGP
neighbor 1.1.1.4 peer-group IBGP
neighbor 1.1.1.6 peer-group IBGP
neighbor 1.1.1.14 peer-group IBGP
!
address-family ipv4
exit-address-family
!
address-family vpnv4
exit-address-family
!
address-family l2vpn vpls
neighbor IBGP send-community extended
neighbor IBGP route-reflector-client
neighbor 1.1.1.1 activate
neighbor 1.1.1.2 activate
neighbor 1.1.1.4 activate
neighbor 1.1.1.6 activate
neighbor 1.1.1.14 activate
neighbor 1.1.1.14 prefix-length-size 2
exit-address-family
CSR1, CSR4
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 1.1.1.5 remote-as 100
neighbor 1.1.1.5 update-source Loopback0
neighbor 1.1.1.11 remote-as 100
neighbor 1.1.1.11 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
exit-address-family
!
address-family l2vpn vpls
neighbor 1.1.1.5 activate
neighbor 1.1.1.5 send-community extended
neighbor 1.1.1.11 activate
neighbor 1.1.1.11 send-community extended
exit-address-family
!
interface GigabitEthernet3
service instance 1 ethernet
encapsulation default
!
l2vpn vfi context VPLS_AD_LDP
vpn id 100
autodiscovery bgp signaling ldp
!
bridge-domain 100
member GigabitEthernet3 service-instance 1
member vfi VPLS_AD_LDP
CSR2 (SP ASBR)
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 1.1.1.5 remote-as 100
neighbor 1.1.1.5 update-source Loopback0
neighbor 1.1.1.11 remote-as 100
neighbor 1.1.1.11 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
exit-address-family
!
address-family l2vpn vpls
neighbor 1.1.1.5 activate
neighbor 1.1.1.5 send-community extended
neighbor 1.1.1.11 activate
neighbor 1.1.1.11 send-community extended
exit-address-family
!
l2vpn vfi context VPLS_AD_LDP
vpn id 100
autodiscovery bgp signaling ldp
!
bridge-domain 100
member GigabitEthernet3 service-instance 1
member GigabitEthernet4 service-instance 1
member vfi VPLS_AD_LDP
!
interface GigabitEthernet3
service instance 1 ethernet
encapsulation default
!
interface GigabitEthernet4
service instance 1 ethernet
encapsulation default
XRv4
router bgp 100
address-family vpnv4 unicast
!
address-family l2vpn vpls-vpws
!
neighbor 1.1.1.5
remote-as 100
update-source Loopback0
session-open-mode active-only
address-family vpnv4 unicast
!
address-family l2vpn vpls-vpws
Signalling bgp disable
!
interface GigabitEthernet0/0/0/3
l2transport
!
l2vpn
logging
pseudowire
!
bridge group VPLS_AD_LDP
bridge-domain VPLS_AD_LDP
interface GigabitEthernet0/0/0/3
!
vfi VPLS_AD_LDP
vpn-id 100
autodiscovery bgp
rd 100:100
route-target import 100:100
route-target export 100:100
signaling-protocol ldp
SP 200
CSR14 (BGP Route Reflector)
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2.2.2.10 remote-as 200
neighbor 2.2.2.10 update-source Loopback0
neighbor 2.2.2.11 remote-as 200
neighbor 2.2.2.11 update-source Loopback0
neighbor 2.2.2.12 remote-as 200
neighbor 2.2.2.12 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family l2vpn vpls
neighbor 2.2.2.10 activate
neighbor 2.2.2.10 route-reflector-client
neighbor 2.2.2.11 activate
neighbor 2.2.2.11 route-reflector-client
neighbor 2.2.2.12 activate
neighbor 2.2.2.12 route-reflector-client
exit-address-family
!
interface GigabitEthernet3
no ip address
negotiation auto
service instance 1 ethernet
encapsulation default
!
l2vpn vfi context VPLS_AD_LDP
vpn id 100
autodiscovery bgp signaling ldp
!
bridge-domain 100
member GigabitEthernet3 service-instance 1
member vfi VPLS_AD_LDP
CSR11
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2.2.2.14 remote-as 200
neighbor 2.2.2.14 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family l2vpn vpls
neighbor 2.2.2.14 activate
exit-address-family
!
interface GigabitEthernet3
service instance 1 ethernet
encapsulation default
!
l2vpn vfi context VPLS_AD_LDP
vpn id 100
autodiscovery bgp signaling ldp
!
bridge-domain 100
member GigabitEthernet3 service-instance 1
member vfi VPLS_AD_LDP
CSR10 and CSR12
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2.2.2.14 remote-as 200
neighbor 2.2.2.14 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family l2vpn vpls
neighbor 2.2.2.14 activate
exit-address-family
!
interface GigabitEthernet3
service instance 1 ethernet
encapsulation default
!
l2vpn vfi context VPLS_AD_LDP
vpn id 100
autodiscovery bgp signaling ldp
!
bridge-domain 100
member GigabitEthernet3 service-instance 1
member vfi VPLS_AD_LDP
With the configuration complete, we can now begin verification. We'll look at CSR2, XRv4 and CSR11 then check a couple CEs.
CSR2#show mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
VFI VPLS_AD_LDP \
vfi 1.1.1.1 100 UP
VFI VPLS_AD_LDP \
vfi 1.1.1.4 100 UP
VFI VPLS_AD_LDP \
vfi 1.1.1.14 100 UP
CSR2#show l2vpn vfi
Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No
VFI name: VPLS_AD_LDP, state: up, type: multipoint, signaling: LDP
VPN ID: 100, VPLS-ID: 100:100
RD: 100:100, RT: 100:100,
Bridge-Domain 100 attachment circuits:
Pseudo-port interface: pseudowire100001
Interface Peer Address VC ID Discovered Router ID S
pseudowire100004 1.1.1.14 100 1.1.1.14 Y
pseudowire100003 1.1.1.4 100 1.1.1.4 Y
pseudowire100002 1.1.1.1 100 1.1.1.1 Y
CSR2#show l2vpn atom vc
Service
Interface Peer ID VC ID Type Name Status
--------- --------------- ---------- ------ ------------------------ ----------
pw100002 1.1.1.1 100 vfi VPLS_AD_LDP UP
pw100003 1.1.1.4 100 vfi VPLS_AD_LDP UP
pw100004 1.1.1.14 100 vfi VPLS_AD_LDP UP
The outputs above are different methods of looking at the same thing. The PWs are up and working. The Transport label, PE to PE connectivity is allocated via LDP, the PW label, is also allocated by LDP when the PW forms. We are not creating PWs manually here, we are leveraging BGP to Auto Discover PEs enabled for VPLS and then creating PWs on demand. You'll notice that the PW numbers start at 100000.
CSR2#show bridge-domain 100
Bridge-domain 100 (5 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
GigabitEthernet3 service instance 1
GigabitEthernet4 service instance 1
vfi VPLS_AD_LDP neighbor 1.1.1.1 100
vfi VPLS_AD_LDP neighbor 1.1.1.4 100
vfi VPLS_AD_LDP neighbor 1.1.1.14 100
AED MAC address Policy Tag Age Pseudoport
0 5000.0019.0001 forward dynamic 299 VPLS_AD_LDP.1004012
0 5000.001C.0001 forward dynamic 295 GigabitEthernet3.EFP1
0 5000.001F.0001 forward dynamic 296 GigabitEthernet4.EFP1
0 5000.0018.0001 forward dynamic 295 VPLS_AD_LDP.1004011
0 5000.0022.0000 forward dynamic 297 GigabitEthernet4.EFP1
0 5000.0021.0001 forward dynamic 296 GigabitEthernet4.EFP1
The above output shows CSR2, which is a PE and ASBR, connection to another SP, shows several MAC addresses being learned. VPLS_AD_LDP indicates a MAC learned over a PW created on demand. The GigabitEthernet3.EFP1 indicates that the MAC was learned in on the AC from the either the CE or ASBR.
RP/0/0/CPU0:XRv4#show l2vpn atom-db
Mon Nov 26 00:00:53.156 UTC
Peer ID Source VC ID Encap SIG FEC AD
_______________________________________________________________________________
1.1.1.1 1.1.1.14 100:100 MPLS LDP 129 BGP
1.1.1.2 1.1.1.14 100:100 MPLS LDP 129 BGP
1.1.1.4 1.1.1.14 100:100 MPLS LDP 129 BGP
RP/0/0/CPU0:XRv4#show l2vpn bridge-domain
Mon Nov 26 00:01:35.403 UTC
Legend: pp = Partially Programmed.
Bridge group: VPLS_AD_LDP, bridge-domain: VPLS_AD_LDP, id: 0, state: up, ShgId: 0, MSTi: 0
Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog
Filter MAC addresses: 0
ACs: 1 (1 up), VFIs: 1, PWs: 3 (3 up), PBBs: 0 (0 up)
List of ACs:
Gi0/0/0/3, state: up, Static MAC addresses: 0
List of Access PWs:
List of VFIs:
VFI VPLS_AD_LDP (up)
Neighbor 1.1.1.1 pw-id 100:100, state: up, Static MAC addresses: 0
Neighbor 1.1.1.2 pw-id 100:100, state: up, Static MAC addresses: 0
Neighbor 1.1.1.4 pw-id 100:100, state: up, Static MAC addresses: 0
IOS XR has similar outputs, the fitst of which shows the PWs are up and running. The control Plane is working. The Bridge Domain on the other hand shows no MACs being learned. I have read that the XRv9000 in later code, 6.4 and later will support L2VPN in the data plane, I haven't tested this out. You could be tested on this in the lab, so it's worth knowing how to configure it.
CSR11#show mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
VFI VPLS_AD_LDP \
vfi 2.2.2.10 100 UP
VFI VPLS_AD_LDP \
vfi 2.2.2.12 100 UP
VFI VPLS_AD_LDP \
vfi 2.2.2.14 100 UP
CSR11#show bridge-domain 100
Bridge-domain 100 (4 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
GigabitEthernet3 service instance 1
vfi VPLS_AD_LDP neighbor 2.2.2.10 100
vfi VPLS_AD_LDP neighbor 2.2.2.14 100
vfi VPLS_AD_LDP neighbor 2.2.2.12 100
AED MAC address Policy Tag Age Pseudoport
0 5000.0019.0001 forward dynamic 295 VPLS_AD_LDP.1004012
0 5000.001C.0001 forward dynamic 296 VPLS_AD_LDP.1004012
0 5000.001F.0001 forward dynamic 296 VPLS_AD_LDP.1004013
0 5000.0018.0001 forward dynamic 297 VPLS_AD_LDP.1004012
0 5000.0022.0000 forward dynamic 298 GigabitEthernet3.EFP1
0 5000.0021.0001 forward dynamic 296 VPLS_AD_LDP.1004011
CSR11 shows very similar output as CSR2 except this is strictly a PE.
IOSV1#sh ip eigrp nei
EIGRP-IPv4 Neighbors for AS(1)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
4 10.1.1.10 Gi0/1 12 01:34:11 62 372 0 7
3 10.1.1.9 Gi0/1 14 01:34:18 139 834 0 7
2 10.1.1.7 Gi0/1 13 01:34:22 81 486 0 6
1 10.1.1.5 Gi0/1 10 01:34:28 40 240 0 4
0 10.1.1.2 Gi0/1 12 01:34:33 1168 5000 0 1
IOSv1 has 5 EIGRP peerings setup, this is done to keep the MACs in the BDs on the PEs and ASBRs as well as to prove that the data plane is working.
Thanks for stopping by!
Rob Riker, CCIE #50693
Tested VPLS on XRv9000 6.6.2, it's still not working, does not even commit the configuration.
ReplyDeletel2vpn
bridge group SP_VPLS
bridge-domain CCNP
interface GigabitEthernet0/0/0/2
!!% Invalid argument: VPLS Bridge domains not supported on this platform
!
RP/0/RP0/CPU0:XR9K#sh ver
Thu Jan 23 16:57:39.336 UTC
Cisco IOS XR Software, Version 6.6.2
Copyright (c) 2013-2019 by Cisco Systems, Inc.
Build Information:
Built By : ahoang
Built On : Fri Apr 26 15:47:48 PDT 2019
Built Host : iox-ucs-033
Workspace : /auto/srcarchive16/prod/6.6.2/xrv9k/ws
Version : 6.6.2
Location : /opt/cisco/XR/packages/
cisco IOS-XRv 9000 () processor
System uptime is 1 hour 41 minutes
l2vpn
bridge group SP_VPLS
bridge-domain CCNP
interface GigabitEthernet0/0/0/2
!!% Invalid argument: VPLS Bridge domains not supported on this platform
!