Unlike Option A, where we are able to terminate the PWs at the ASBR and leverage the connection between the ASBRs as an AC. Option A is the easiest transition to any Inter AS design, L2 and L3 in my opinion. Option B is not so easy and very unforgiving if something isn't correctly configured. One key thing that I noticed was that if the PE to PE PWs that form when things are working, won't form if end to end connectivity isn't working correctly, it becomes a node by node troubleshooting scenario that becomes time consuming.
Like L3 VPN, there are 3 separate LSPs connecting the PEs together. PE to ASBR, ASBR to ASBR and ASBR to PE. Unline L3 VPN, tracing from the PE to PE or CE to CE doesn't expose the label binding or LSPs, since we are creating transparent L2 connectivity between two ISPs, we have to trace and ping between PEs to accomplish this. We'll focus on the verification at the end.
The logic we use for Intra AS VPLS still applies, so if you have an existing VPLS deployment, you can leverage that to play with Inter AS Option B. Some key things that need to be added, the ASBR to ASBR connectivity needs to be MPLS enabled, I added "mpls ip", "mpls bgp forwarding" and "mpls ldp discovery transport-address interface" to the interface facing the ASBRs. An eBGP L2VPN VPLS peering had to be created to allow the ASBRs to exchange BGP info from between the ASNs. MPLS needs to be enabled on the connected link, "mpls ip" does this. The ASBR need to be able to send/accept labeled packets over the configured interface, "mpls bgp forwarding" does this. The last command, "mpls ldp discovery transport-address interface" changes the discovery address from the loopback to the connected interface enabling LDP to form the adjacency. The last MPLS command that needs to be added is "mpls ldp discovery targeted-hello accept" which will allow multi-hop LDP peerings to be created, which will be needed for the PE to PE tLDP peerings.
The L2VPN configuration, normally the VFI configuration is enough, for Intra AS, but for Inter AS, there are some additional things that need to be added. On the PEs, we need to enable PW routing, specifically, "terminating-pe tie breaker", both PEs will be in active mode when forming the multi-segment PWs, with Option B, one of the two PEs needs to be in passive mode, the system determines this based on the TAII from BGP and the SAII in LDP from the local router. I applied the command to all PEs and ASBRs. On the ASBRs I applied the additional command "switching-point vcid 1 200000" which is used to switch between the MS PW setup. This is similar to creating an "xconnect context" and calling two PWs to allow manual MSPW to allow 2 PEs to form an end to end LSP for a L2 connection for the CEs.
Additionally a template was used on the PEs and ASBRs and applied to the L2VPN construct to provide consistent PW attributes.
In the above topology, CSR1, CSR4, CSR10, CSR11 and CSR12 (PEs); CSR2 and CSR14 (ASBR) are configured. I will show you the configs from CSR1, CSR2 and CSR11 since there is so much repeated configuration. Then we'll dive into the verification. ISP 1 is BGP 100 and ISP 2 is BGP 200. The routers in ISP 100 use VPN ID 100 and VPLS ID 100:200. The routers in ISP 200 use VPN ID 200 and VPLS ID 100:200. To ensure I would import the correct info, I made sure to import the variations of the RT that might be seen. After configuration is complete, it may be required to hard clear BGP, I needed to do this to get the PWs to form between the PEs.
CSR1
!
mpls ldp discovery targeted-hello accept
!
l2vpn
pseudowire routing
terminating-pe tie-breaker
!
l2vpn vfi context VPLS
vpn id 100
autodiscovery bgp signaling ldp template TMP_VPLS
vpls-id 100:200
route-target import 100:100
route-target import 200:200
route-target import 100:200
!
template type pseudowire TMP_VPLS
encapsulation mpls
sequencing both
control-word include
!
bridge-domain 1
member GigabitEthernet3 service-instance 1
member vfi VPLS
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip router isis 1
!
interface GigabitEthernet1
ip address 10.1.13.1 255.255.255.0
ip router isis 1
negotiation auto
!
interface GigabitEthernet3
no ip address
negotiation auto
service instance 1 ethernet
encapsulation default
!
router isis 1
net 00.0000.0000.0001.00
mpls ldp autoconfig
!
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 1.1.1.5 remote-as 100
neighbor 1.1.1.5 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 1.1.1.5 activate
neighbor 1.1.1.5 send-community extended
exit-address-family
!
address-family l2vpn vpls
neighbor 1.1.1.5 activate
exit-address-family
CSR2 (ASBR)
!
mpls ldp discovery targeted-hello accept
!
l2vpn
logging pseudowire status
redundancy predictive enabled
pseudowire routing
switching-point vcid 1 200000
terminating-pe tie-breaker
!
interface Loopback0
ip address 1.1.1.2 255.255.255.255
ip router isis 1
!
interface GigabitEthernet1
ip address 10.2.11.2 255.255.255.0
ip router isis 1
negotiation auto
!
interface GigabitEthernet4
ip address 90.2.14.2 255.255.255.0
negotiation auto
mpls ip
mpls ldp discovery transport-address interface
mpls bgp forwarding
!
router isis 1
net 00.0000.0000.0002.00
mpls ldp autoconfig
!
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 1.1.1.5 remote-as 100
neighbor 1.1.1.5 update-source Loopback0
neighbor 90.2.14.14 remote-as 200
!
address-family ipv4
exit-address-family
!
address-family l2vpn vpls
no bgp default route-target filter
neighbor 1.1.1.5 activate
neighbor 1.1.1.5 next-hop-self
neighbor 90.2.14.14 activate
exit-address-family
CSR11
!
mpls ldp discovery targeted-hello accept
!
!
multilink bundle-name authenticated
l2vpn
logging pseudowire status
pseudowire routing
terminating-pe tie-breaker
!
l2vpn vfi context VPLS
vpn id 200
autodiscovery bgp signaling ldp template TMP_VPLS
vpls-id 100:200
route-target import 200:200
route-target import 100:100
route-target import 100:200
!
template type pseudowire TMP_VPLS
encapsulation mpls
sequencing both
control-word include
!
redundancy
bridge-domain 200
member GigabitEthernet3 service-instance 1
member vfi VPLS
!
interface Loopback0
ip address 2.2.2.11 255.255.255.255
!
interface GigabitEthernet1
ip address 10.11.10.11 255.255.255.0
negotiation auto
!
interface GigabitEthernet3
no ip address
negotiation auto
service instance 1 ethernet
encapsulation default
!
router ospf 1
network 2.2.2.0 0.0.0.255 area 0
network 10.0.0.0 0.255.255.255 area 0
mpls ldp autoconfig
!
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2.2.2.14 remote-as 200
neighbor 2.2.2.14 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family l2vpn vpls
neighbor 2.2.2.14 activate
exit-address-family
CSR1#show l2vpn atom vc
Service
Interface Peer ID VC ID Type Name Status
--------- --------------- ---------- ------ ------------------------ ----------
pw100003 1.1.1.4 100 vfi VPLS UP
pw100004 2.2.2.10 100 vfi VPLS UP
pw100006 2.2.2.11 100 vfi VPLS UP
pw100005 2.2.2.12 100 vfi VPLS UP
CSR1#show bridge-domain 1
Bridge-domain 1 (5 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
GigabitEthernet3 service instance 1
vfi VPLS neighbor 1.1.1.4 100
vfi VPLS neighbor 2.2.2.10 100
vfi VPLS neighbor 2.2.2.12 100
vfi VPLS neighbor 2.2.2.11 100
AED MAC address Policy Tag Age Pseudoport
0 5000.001F.0001 forward dynamic 297 VPLS.1004014
0 5000.0022.0000 forward dynamic 299 VPLS.1004015
0 5000.0019.0001 forward dynamic 297 VPLS.1004012
0 5000.0018.0001 forward dynamic 298 GigabitEthernet3.EFP1
0 5000.0021.0001 forward dynamic 296 VPLS.1004013
CSR2# show l2vpn atom vc
Service
Interface Peer ID VC ID Type Name Status
--------- --------------- ---------- ------ ------------------------ ----------
pw100009 1.1.1.1 1 p2p mpls 2.2.2.10:1 UP
pw100007 1.1.1.1 2 p2p mpls 2.2.2.11:2 UP
pw100011 1.1.1.1 4 p2p mpls 2.2.2.12:4 UP
pw100001 1.1.1.4 1 p2p mpls 2.2.2.11:1 UP
pw100003 1.1.1.4 2 p2p mpls 2.2.2.10:2 UP
pw100005 1.1.1.4 3 p2p mpls 2.2.2.12:3 UP
pw100010 2.2.2.10 1 p2p mpls 2.2.2.10:1 UP
pw100004 2.2.2.10 2 p2p mpls 2.2.2.10:2 UP
pw100002 2.2.2.11 1 p2p mpls 2.2.2.11:1 UP
pw100008 2.2.2.11 2 p2p mpls 2.2.2.11:2 UP
pw100006 2.2.2.12 3 p2p mpls 2.2.2.12:3 UP
pw100012 2.2.2.12 4 p2p mpls 2.2.2.12:4 UP
CSR11#show l2vpn atom vc
Service
Interface Peer ID VC ID Type Name Status
--------- --------------- ---------- ------ ------------------------ ----------
pw100018 1.1.1.1 200 vfi VPLS UP
pw100014 1.1.1.4 200 vfi VPLS UP
pw100006 2.2.2.10 200 vfi VPLS UP
pw100011 2.2.2.12 200 vfi VPLS UP
CSR11#show bridge-domain 200
Bridge-domain 200 (5 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
GigabitEthernet3 service instance 1
vfi VPLS neighbor 1.1.1.4 200
vfi VPLS neighbor 2.2.2.10 200
vfi VPLS neighbor 2.2.2.12 200
vfi VPLS neighbor 1.1.1.1 200
AED MAC address Policy Tag Age Pseudoport
0 5000.001F.0001 forward dynamic 297 VPLS.100401f
0 5000.0019.0001 forward dynamic 299 VPLS.100401d
0 5000.0018.0001 forward dynamic 297 VPLS.1004020
0 5000.0022.0000 forward dynamic 298 GigabitEthernet3.EFP1
0 5000.0021.0001 forward dynamic 300 VPLS.100401e
IOSv1 (CE)
router eigrp 1
network 10.1.1.0 0.0.0.255
IOSV1#show ip eigrp nei
EIGRP-IPv4 Neighbors for AS(1)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 10.1.1.7 Gi0/1 12 02:25:49 1371 5000 0 24
2 10.1.1.9 Gi0/1 14 02:25:49 134 804 0 22
1 10.1.1.10 Gi0/1 12 02:25:49 128 768 0 3146
0 10.1.1.2 Gi0/1 12 02:25:49 302 1812 0 3345
CSR1#ping mpls pseudowire 2.2.2.10 100
%Total number of MS-PW segments is less than segment number; Adjusting the segment number to 3
Sending 5, 72-byte MPLS Echos to 2.2.2.10,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'l' - Label switched with FEC change, 'd' - see DDMAP for return code,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 57/152/289 ms
Total Time Elapsed 800 ms
CSR1#traceroute mpls pseudowire 2.2.2.10 100 segment 3
Tracing MS-PW segments within range [1-3] peer address 2.2.2.10 and timeout 2 seconds
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'l' - Label switched with FEC change, 'd' - see DDMAP for return code,
'X' - unknown return code, 'x' - return code 0
Type escape sequence to abort.
L 1 10.2.11.2 55 ms [Labels: 40 Exp: 0]
local 1.1.1.1 remote 2.2.2.10 vc id 100
L 2 90.2.14.14 115 ms [Labels: 41 Exp: 0]
local 1.1.1.2 remote 2.2.2.14 vc id 1
! 3 10.10.10.10 105 ms [Labels: 25 Exp: 0]
local 2.2.2.14 remote 2.2.2.10 vc id 1
Thanks for stopping by!
Rob Riker, CCIE #50693
No comments:
Post a Comment