Rob Riker/ Simplified Networking: CCIE SPv4 MPLS L2VPN VPLS BGP-AD LDP Signaling Inter AS Option C

In this post we will be taking a look at the Inter AS Option C variation. Like our previous posts, having an intra AS VPLS deployment already, enables this setup to be easily scaled. This design is similar to that of L3 VPN, the main concept that the RRs in each AS need to form an eBGP peering to exchange routing information is still true. There isn't much on this topic documented online, so it took some trial and error to get working. The only reference material available is Nick Russo's CCIE SPv4 Comprehensive Guide. In his guide, he lays out a complex implementation that changes mid stride to fix an issue he intercepted and implemented a work around. The theory that a VPLS PE also running eBGP that the router would assume that it wasn't an Option C RR, this may be true.

Several of the configurations from Option B carry over, the ASBR AC MPLS configurations stay, "mpls ip, "mpls bgp forwarding", "mpls ldp discovery-address interface". We end up needing to enable the IPv4 unicast AFI between the RRs to the ASBRs and between the ASBRs. This allows us to propagate the RR loopbacks to each other to form the eBGP peering. The IPv4 AFI is just used to advertise the RRs loopbacks so that ASBRs advertise them to the remote ASN. The RRs will form an L2VPN VPLS eBGP peering. Most of the configuration is done on the RR and ASBR but I'll add in all of the configurations as there is nothing online I could that lays it out.

PEs
CSR1, CSR4, CSR10, CSR11 and CSR12

ASBRs
CSR2 and CSR14

RRs
CSR5 and XRv10

CSR1
mpls ldp discovery targeted-hello accept
!
!
l2vpn vfi context VPLS
vpn id 100
autodiscovery bgp signaling ldp template TMP_VPLS
vpls-id 100:200
route-target import 100:100
route-target import 200:200
route-target import 100:200
encapsulation mpls
!
bridge-domain 1
member GigabitEthernet3 service-instance 1
member vfi VPLS
!
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 1.1.1.5 remote-as 100
neighbor 1.1.1.5 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 1.1.1.5 activate
neighbor 1.1.1.5 send-community extended
exit-address-family
!
address-family l2vpn vpls
neighbor 1.1.1.5 activate
exit-address-family

CSR4
mpls ldp discovery targeted-hello accept
!
l2vpn vfi context VPLS
vpn id 100
autodiscovery bgp signaling ldp template TMP_VPLS
vpls-id 100:200
route-target import 100:100
route-target import 200:200
route-target import 100:200
encapsulation mpls
!
bridge-domain 1
member GigabitEthernet3 service-instance 1
member vfi VPLS
!
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 1.1.1.5 remote-as 100
neighbor 1.1.1.5 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 1.1.1.5 activate
neighbor 1.1.1.5 send-community extended
exit-address-family
!
address-family l2vpn vpls
neighbor 1.1.1.5 activate
exit-address-family

CSR2
mpls ldp discovery targeted-hello accept
!
interface GigabitEthernet4
ip address 90.2.14.2 255.255.255.0
negotiation auto
mpls ip
mpls ldp discovery transport-address interface
mpls bgp forwarding
!
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 1.1.1.5 remote-as 100
neighbor 1.1.1.5 update-source Loopback0
neighbor 90.2.14.14 remote-as 200
!
address-family ipv4
neighbor 1.1.1.5 activate
neighbor 1.1.1.5 next-hop-self
neighbor 90.2.14.14 activate
neighbor 90.2.14.14 send-label
exit-address-family
!
address-family l2vpn vpls
no bgp default route-target filter
neighbor 1.1.1.5 activate
neighbor 1.1.1.5 next-hop-self
neighbor 90.2.14.14 activate
exit-address-family

CSR5
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor IBGP peer-group
neighbor IBGP remote-as 100
neighbor IBGP update-source Loopback0
neighbor 1.1.1.1 peer-group IBGP
neighbor 1.1.1.2 peer-group IBGP
neighbor 1.1.1.4 peer-group IBGP
neighbor 1.1.1.6 peer-group IBGP
neighbor 1.1.1.14 peer-group IBGP
neighbor 2.2.2.100 remote-as 200
neighbor 2.2.2.100 ebgp-multihop 255
neighbor 2.2.2.100 update-source Loopback0
!
address-family ipv4
network 1.1.1.5 mask 255.255.255.255
neighbor IBGP route-reflector-client
neighbor 1.1.1.2 activate
exit-address-family
!
address-family vpnv4
neighbor IBGP send-community extended
neighbor IBGP route-reflector-client
neighbor 1.1.1.1 activate
neighbor 1.1.1.2 activate
neighbor 1.1.1.4 activate
neighbor 1.1.1.6 activate
neighbor 1.1.1.14 activate
exit-address-family
!
address-family l2vpn vpls
neighbor IBGP send-community extended
neighbor IBGP route-reflector-client
neighbor 1.1.1.1 activate
neighbor 1.1.1.2 activate
neighbor 1.1.1.4 activate
neighbor 1.1.1.6 activate
neighbor 1.1.1.14 activate
neighbor 1.1.1.14 prefix-length-size 2
neighbor 2.2.2.100 activate
neighbor 2.2.2.100 send-community extended
neighbor 2.2.2.100 prefix-length-size 2
neighbor 2.2.2.100 next-hop-unchanged
exit-address-family

CSR10
mpls ldp discovery targeted-hello accept
!
l2vpn
logging pseudowire status
!
l2vpn vfi context VPLS
vpn id 200
autodiscovery bgp signaling ldp template TMP_VPLS
vpls-id 100:200
route-target import 200:200
route-target import 100:100
route-target import 100:200
encapsulation mpls
!
bridge-domain 200
member GigabitEthernet3 service-instance 1
member vfi VPLS
!
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2.2.2.14 remote-as 200
neighbor 2.2.2.14 update-source Loopback0
neighbor 2.2.2.100 remote-as 200
neighbor 2.2.2.100 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family l2vpn vpls
neighbor 2.2.2.14 activate
neighbor 2.2.2.100 activate
neighbor 2.2.2.100 prefix-length-size 2
exit-address-family

CSR11
mpls ldp discovery targeted-hello accept
!
l2vpn
logging pseudowire status
!
l2vpn vfi context VPLS
vpn id 200
autodiscovery bgp signaling ldp template TMP_VPLS
vpls-id 100:200
route-target import 200:200
route-target import 100:100
route-target import 100:200
!
bridge-domain 200
member GigabitEthernet3 service-instance 1
member vfi VPLS
!
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2.2.2.14 remote-as 200
neighbor 2.2.2.14 update-source Loopback0
neighbor 2.2.2.100 remote-as 200
neighbor 2.2.2.100 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family l2vpn vpls
neighbor 2.2.2.14 activate
neighbor 2.2.2.100 activate
neighbor 2.2.2.100 prefix-length-size 2
exit-address-family

CSR12
mpls ldp discovery targeted-hello accept
!
l2vpn
logging pseudowire status
!
l2vpn vfi context VPLS
vpn id 200
autodiscovery bgp signaling ldp template TMP_VPLS
vpls-id 100:200
route-target import 200:200
route-target import 100:100
route-target import 100:200
!
bridge-domain 200
member GigabitEthernet3 service-instance 1
member vfi VPLS
!
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2.2.2.14 remote-as 200
neighbor 2.2.2.14 update-source Loopback0
neighbor 2.2.2.100 remote-as 200
neighbor 2.2.2.100 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family l2vpn vpls
neighbor 2.2.2.14 activate
neighbor 2.2.2.100 activate
neighbor 2.2.2.100 prefix-length-size 2
exit-address-family

CSR14
mpls ldp discovery targeted-hello accept
!
l2vpn
logging pseudowire status
redundancy predictive enabled
!
interface GigabitEthernet3
ip address 90.2.14.14 255.255.255.0
negotiation auto
mpls ip
mpls ldp discovery transport-address interface
mpls bgp forwarding
!
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2.2.2.10 remote-as 200
neighbor 2.2.2.10 update-source Loopback0
neighbor 2.2.2.11 remote-as 200
neighbor 2.2.2.11 update-source Loopback0
neighbor 2.2.2.12 remote-as 200
neighbor 2.2.2.12 update-source Loopback0
neighbor 2.2.2.100 remote-as 200
neighbor 2.2.2.100 update-source Loopback0
neighbor 90.2.14.2 remote-as 100
!
address-family ipv4
neighbor 2.2.2.100 activate
neighbor 2.2.2.100 next-hop-self
neighbor 90.2.14.2 activate
neighbor 90.2.14.2 send-label
exit-address-family
!
address-family l2vpn vpls
no bgp default route-target filter
neighbor 2.2.2.10 activate
neighbor 2.2.2.10 next-hop-self
neighbor 2.2.2.11 activate
neighbor 2.2.2.11 next-hop-self
neighbor 2.2.2.12 activate
neighbor 2.2.2.12 next-hop-self
neighbor 2.2.2.100 activate
neighbor 2.2.2.100 prefix-length-size 2
neighbor 90.2.14.2 activate
exit-address-family

XRv10
router bgp 200
address-family ipv4 unicast
network 2.2.2.100/32
!
address-family l2vpn vpls-vpws
retain route-target all
!
neighbor 1.1.1.5
remote-as 100
ebgp-multihop 255
update-source Loopback0
address-family l2vpn vpls-vpws
route-policy PASS in
route-policy PASS out
next-hop-unchanged
!
!
neighbor 2.2.2.10
remote-as 200
update-source Loopback0
address-family l2vpn vpls-vpws
route-reflector-client
!
!
neighbor 2.2.2.11
remote-as 200
update-source Loopback0
address-family l2vpn vpls-vpws
route-reflector-client
!
!
neighbor 2.2.2.12
remote-as 200
update-source Loopback0
address-family l2vpn vpls-vpws
route-reflector-client
!
!
neighbor 2.2.2.14
remote-as 200
update-source Loopback0
address-family ipv4 unicast
route-reflector-client
!
address-family l2vpn vpls-vpws
route-reflector-client
!
!
!
mpls ldp

CSR5#show bgp ipv4 unicast
BGP table version is 4, local router ID is 1.1.1.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.5/32 0.0.0.0 0 32768 i
*>i 2.2.2.100/32 1.1.1.2 0 100 0 200 i

CSR5 shows an eBGP peering to XRv10, so we know that the RRs loopbacks are being leaked between ASNs.

RP/0/0/CPU0:XRv10#show bgp ipv4 unicast
Fri Nov 30 22:07:47.749 UTC
BGP router identifier 2.2.2.100, local AS number 200
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000000 RD version: 4
BGP main routing table version 4
BGP NSR Initial initsync version 2 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs

Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.5/32 2.2.2.14 0 100 0 100 i
*> 2.2.2.100/32 0.0.0.0 0 32768 i

Processed 2 prefixes, 2 paths

XRv10 shows the same thing, an eBGP peering with CSR5

CSR14#show l2vpn atom vc

Service
Interface Peer ID VC ID Type Name Status
--------- --------------- ---------- ------ ------------------------ ----------
pw100115 1.1.1.1 1001 p2p mpls 1.1.1.1:1001 UP
pw100117 1.1.1.1 1002 p2p mpls 2.2.2.10:1002 UP
pw100119 1.1.1.1 1003 p2p mpls 2.2.2.12:1003 UP
pw100121 1.1.1.4 1002 p2p mpls 2.2.2.11:1002 UP
pw100125 1.1.1.4 1004 p2p mpls 2.2.2.12:1004 UP
pw100122 2.2.2.10 1002 p2p mpls 2.2.2.10:1002 UP
pw100124 2.2.2.11 1001 p2p mpls 1.1.1.1:1001 UP
pw100118 2.2.2.11 1002 p2p mpls 2.2.2.11:1002 UP
pw100120 2.2.2.12 1003 p2p mpls 2.2.2.12:1003 UP
pw100126 2.2.2.12 1004 p2p mpls 2.2.2.12:1004 UP

CSR2#show l2vpn atom vc

Service
Interface Peer ID VC ID Type Name Status
--------- --------------- ---------- ------ ------------------------ ----------
pw100101 1.1.1.1 1001 p2p mpls 1.1.1.1:1001 UP
pw100103 1.1.1.1 1002 p2p mpls 1.1.1.1:1002 UP
pw100105 1.1.1.1 1003 p2p mpls 1.1.1.1:1003 UP
pw100109 1.1.1.4 1001 p2p mpls 2.2.2.12:1001 UP
pw100107 1.1.1.4 1002 p2p mpls 2.2.2.11:1002 UP
pw100142 2.2.2.10 1001 p2p mpls 1.1.1.1:1001 UP
pw100104 2.2.2.11 1002 p2p mpls 2.2.2.11:1002 UP
pw100144 2.2.2.11 1003 p2p mpls 1.1.1.1:1003 UP
pw100141 2.2.2.12 1001 p2p mpls 2.2.2.12:1001 UP
pw100146 2.2.2.12 1002 p2p mpls 1.1.1.1:1002 UP

CSR2 and CSR14 both show end to end LSP PWs setup between all of the PEs.

CSR1#show l2vpn atom vc

Service
Interface Peer ID VC ID Type Name Status
--------- --------------- ---------- ------ ------------------------ ----------
pw100003 1.1.1.4 100 vfi VPLS UP
pw100004 2.2.2.10 100 vfi VPLS UP
pw100006 2.2.2.11 100 vfi VPLS UP
pw100005 2.2.2.12 100 vfi VPLS UP

CSR1 shows 1 local PW and 3 remote PWs, we know the remote ones based on the Peer ID being 2.2.2.x and all of them are in the UP status.

CSR1#show bridge-domain 1
Bridge-domain 1 (5 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
GigabitEthernet3 service instance 1
vfi VPLS neighbor 1.1.1.4 100
vfi VPLS neighbor 2.2.2.10 100
vfi VPLS neighbor 2.2.2.11 100
vfi VPLS neighbor 2.2.2.12 100
AED MAC address Policy Tag Age Pseudoport
0 5000.001F.0001 forward dynamic 300 VPLS.1004036
0 5000.0022.0000 forward dynamic 295 VPLS.1004035
0 5000.0019.0001 forward dynamic 299 VPLS.1004033
0 5000.0018.0001 forward dynamic 297 GigabitEthernet3.EFP1
0 5000.0021.0001 forward dynamic 300 VPLS.1004034

CSR1 is a PE hosting a bridge domain, we see 4 PW connections and 1 EFP.

CSR12#show l2vpn atom vc

Service
Interface Peer ID VC ID Type Name Status
--------- --------------- ---------- ------ ------------------------ ----------
pw100018 1.1.1.1 200 vfi VPLS UP
pw100014 1.1.1.4 200 vfi VPLS UP
pw100006 2.2.2.10 200 vfi VPLS UP
pw100007 2.2.2.11 200 vfi VPLS UP

CSR12#show bridge-domain 200
Bridge-domain 200 (5 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
GigabitEthernet3 service instance 1
vfi VPLS neighbor 1.1.1.1 200
vfi VPLS neighbor 2.2.2.10 200
vfi VPLS neighbor 2.2.2.11 200
vfi VPLS neighbor 1.1.1.4 200
AED MAC address Policy Tag Age Pseudoport
0 5000.001F.0001 forward dynamic 300 GigabitEthernet3.EFP1
0 5000.0019.0001 forward dynamic 296 VPLS.100402a
0 5000.0018.0001 forward dynamic 297 VPLS.1004029
0 5000.0022.0000 forward dynamic 296 VPLS.100401f
0 5000.0021.0001 forward dynamic 296 VPLS.100401e

CSR12 shows the same outputs.

CSR5#show bgp l2vpn vpls all summary | b Neighbor
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 100 519 532 92 0 0 07:50:04 1
1.1.1.2 4 100 110 114 92 0 0 01:34:38 3
1.1.1.4 4 100 522 548 92 0 0 07:56:49 1
1.1.1.6 4 100 0 0 1 0 0 never (NoNeg)
1.1.1.14 4 100 6979 7768 92 0 0 4d22h 1
2.2.2.100 4 200 76 88 92 0 0 01:10:01 3

CSR5#show bgp l2vpn vpls all
BGP table version is 92, local router ID is 1.1.1.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:100
*>i 100:100:1.1.1.1/96
1.1.1.1 0 100 0 ?
*>i 100:100:1.1.1.4/96
1.1.1.4 0 100 0 ?
*>i 100:100:1.1.1.14/96
1.1.1.14 100 0 i
Route Distinguisher: 200:200
* 200:200:2.2.2.10/96
2.2.2.10 0 200 ?
*>i 1.1.1.2 0 100 0 200 ?
* 200:200:2.2.2.11/96
2.2.2.11 0 200 ?
*>i 1.1.1.2 0 100 0 200 ?
Network Next Hop Metric LocPrf Weight Path
* 200:200:2.2.2.12/96
2.2.2.12 0 200 ?
*>i 1.1.1.2 0 100 0 200 ?

CSR5 shows that it is learning 3 routes from XRv10.

CSR1#show bgp l2vpn vpls all
BGP table version is 42, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:100
*> 100:100:1.1.1.1/96
0.0.0.0 32768 ?
*>i 100:100:1.1.1.4/96
1.1.1.4 0 100 0 ?
Route Distinguisher: 200:200
*>i 200:200:2.2.2.10/96
1.1.1.2 0 100 0 200 ?
*>i 200:200:2.2.2.11/96
1.1.1.2 0 100 0 200 ?
*>i 200:200:2.2.2.12/96
1.1.1.2 0 100 0 200 ?

CSR1 shows that it is learning the routes from both SPs.

RP/0/0/CPU0:XRv10#show bgp l2vpn vpls summary | b Neighbor
Fri Nov 30 22:11:27.934 UTC
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
1.1.1.5 0 100 113 94 4 0 0 01:09:52 3
2.2.2.10 0 200 135 126 4 0 0 01:39:46 1
2.2.2.11 0 200 137 126 4 0 0 01:39:38 1
2.2.2.12 0 200 137 126 4 0 0 01:39:33 1
2.2.2.14 0 200 142 119 4 0 0 01:11:04 3

RP/0/0/CPU0:XRv10#show bgp l2vpn vpls
Fri Nov 30 22:11:30.604 UTC
BGP router identifier 2.2.2.100, local AS number 200
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0 RD version: 0
BGP main routing table version 4
BGP NSR Initial initsync version 4 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs

Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 100:100
* 1.1.1.1/32 1.1.1.1 nolabel nolabel
* i 90.2.14.2 nolabel nolabel
* 1.1.1.4/32 1.1.1.4 nolabel nolabel
* i 90.2.14.2 nolabel nolabel
* 1.1.1.14/32 1.1.1.14 nolabel nolabel
* i 90.2.14.2 nolabel nolabel
Route Distinguisher: 200:200
*>i2.2.2.10/32 2.2.2.10 nolabel nolabel
*>i2.2.2.11/32 2.2.2.11 nolabel nolabel
*>i2.2.2.12/32 2.2.2.12 nolabel nolabel

Processed 6 prefixes, 9 paths

XRv10 shows the same information.

IOSV1#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(1)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
3 10.1.1.7 Gi0/1 11 01:29:31 287 1722 0 31
2 10.1.1.9 Gi0/1 11 01:29:31 296 1776 0 29
1 10.1.1.10 Gi0/1 13 01:29:32 266 1596 0 3149
0 10.1.1.2 Gi0/1 10 07:18:14 302 1812 0 3345

IOv1 (CE) shows 4 active EIGRP adjacencies, proving that the Inter AS link is working as expected.

Thanks for stopping by!
Rob Riker, CCIE #50693

Rob Riker/ Simplified Networking

Friday, November 30, 2018

CCIE SPv4 MPLS L2VPN VPLS BGP-AD LDP Signaling Inter AS Option C

No comments:

Post a Comment

Blog Archive