Saturday, December 1, 2018

CCIE SPv4 MPLS Inter AS Option A BGP VRF Aware Traffic Engineering - Local Preference

In the past few posts I focused on the Inter AS L2VPN options, with that covered, I focus now on BGP Path Selection manipulation. This will focus on Option A, and likely Options B and C in later posts, but since they are focusing on the Global RIB, leveraging normal IPv4/IPv6 BGP Path Selection logic could be used.


Leveraging the same topology we have for the past few posts, we'll focus on IOS and XR for the demo's. IOSv1 on the left has reachability between both ASNs to reach IOSv7, IOSv9 and IOSv10. The goal in this post is to manipulate the currently selected BGP Best path selection to something we determined.

 CSR1#sh bgp vpnv4 unicast all
BGP table version is 13, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

      Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 20:20 (default for vrf BGP)
 *>  1.1.1.1/32       20.1.1.10                0             0 65001 i
 *>i 3.3.3.3/32       1.1.1.14                 0    100      0 65003 i
 *>i 7.7.7.7/32       1.1.1.2                  0    100      0 200 65007 i
 *>i 9.9.9.9/32       1.1.1.2                  0    100      0 200 65009 i
 *>i 10.10.10.10/32   1.1.1.2                  0    100      0 200 65010 i

As you can see, XRv4 and CSR2 are our egress points in the network. We'll first modify LP on XRv4 to affect all VPN traffic towards ASN 200. We'll create an RPL that sets the local preference to 400 and passes all traffic. It's important to pass all traffic along with setting the BGP attribute or traffic won't pass through.

 route-policy RPL_LP
  set local-preference 400
  pass

end-policy
!
router bgp 100
 vrf BGP
  neighbor 20.11.14.11
   address-family ipv4 unicast
    route-policy RPL_LP in
    route-policy PASS out
 
With the above configuration in place, we should be able to affect all traffic towards ASN200 going out of XRv4.

CSR1#show bgp vpnv4 unicast all 
BGP table version is 34, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

      Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 20:20 (default for vrf BGP)
 *>  1.1.1.1/32       20.1.1.10                0             0 65001 i
 *>i 3.3.3.3/32       1.1.1.14                 0    100      0 65003 i
 *>i 7.7.7.7/32       1.1.1.14                      400      0 200 65007 i
 *>i 9.9.9.9/32       1.1.1.14                      400      0 200 65009 i
 *>i 10.10.10.10/32   1.1.1.14                      400      0 200 65010 i

 As you can see, XRv4 is the egress point for all traffic. Let's test reachability, I had already conducted a traceroute to IOSv7 so you'll see a before and after trace.

 IOSV1#traceroute vrf BGP 7.7.7.7 source lo0 numeric 
Type escape sequence to abort.
Tracing the route to 7.7.7.7
VRF info: (vrf in name/id, vrf out name/id)
  1 20.1.1.1 13 msec 6 msec 3 msec
  2 10.1.13.13 [MPLS: Labels 24006/81 Exp 0] 36 msec 42 msec 21 msec
  3 10.13.3.3 [MPLS: Labels 28/81 Exp 0] 26 msec 23 msec 32 msec
  4 10.3.11.11 [MPLS: Labels 24009/81 Exp 0] 36 msec 43 msec 33 msec
  5 20.2.14.2 [MPLS: Label 81 Exp 0] 24 msec 27 msec 26 msec
  6 20.2.14.14 27 msec 28 msec 29 msec
  7 10.11.14.11 [MPLS: Labels 27/38 Exp 0] 46 msec 34 msec 36 msec
  8 10.11.10.10 [MPLS: Labels 24007/38 Exp 0] 62 msec 35 msec 42 msec
  9 20.7.12.12 [MPLS: Label 38 Exp 0] 58 msec 79 msec 113 msec
 10 20.7.12.7 84 msec *  38 msec

As you can see, there is a 10 hop trace traversing CSR2 and CSR14, the 20.2.14.0/24 subnet.

IOSV1#traceroute vrf BGP 7.7.7.7 source lo0 numeric 
Type escape sequence to abort.
Tracing the route to 7.7.7.7
VRF info: (vrf in name/id, vrf out name/id)
  1 20.1.1.1 23 msec 5 msec 4 msec
  2 10.1.13.13 [MPLS: Labels 24004/24022 Exp 0] 28 msec 43 msec 214 msec
  3 10.13.3.3 [MPLS: Labels 24/24022 Exp 0] 37 msec 29 msec 27 msec
  4 10.3.14.14 [MPLS: Label 24022 Exp 0] 33 msec 16 msec 20 msec
  5 20.11.14.11 41 msec 85 msec 55 msec
  6 10.11.10.10 [MPLS: Labels 24007/38 Exp 0] 38 msec 37 msec 32 msec
  7 20.7.12.12 [MPLS: Label 38 Exp 0] 40 msec 55 msec 25 msec
  8 20.7.12.7 43 msec *  84 msec

 Here you can see an 8 hop trace now traversing XRv4 on the 20.11.14.0/24 subnet.

 Now we will take a look at doing a per prefix modification, IOSv7's loopback trace should flow via CSR6.

 ip prefix-list PL_IOSv7_LB seq 5 permit 7.7.7.7/32
route-map RM_LP permit 10
 match ip address prefix-list PL_IOSv7_LB

 set local-preference 400
!
router bgp 100
 address-family ipv4 vrf BGP
  neighbor 20.6.9.9 route-map RM_LP in

 CSR1#show bgp vpnv4 unicast all 
BGP table version is 44, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

      Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 20:20 (default for vrf BGP)
 *>  1.1.1.1/32       20.1.1.10                0             0 65001 i
 *>i 3.3.3.3/32       1.1.1.14                 0    100      0 65003 i
 *>i 7.7.7.7/32       1.1.1.6                  0    400      0 200 65007 i
 *>i 9.9.9.9/32       1.1.1.14                      400      0 200 65009 i

 *>i 10.10.10.10/32   1.1.1.14                      400      0 200 65010 i

 Here we see the traffic being forwarded out CSR6. Just to make sure it's not a fluke, we can check the prefix-list on CSR6 for hits.

 CSR6#show ip prefix-list detail 
Prefix-list with the last deletion/insertion: PL_IOSv7_LB
ip prefix-list PL_IOSv7_LB:
   count: 1, range entries: 0, sequences: 5 - 5, refcount: 3

   seq 5 permit 7.7.7.7/32 (hit count: 2, refcount: 1)

Let's retest the traceroute again to see if looks different.

IOSV1#traceroute vrf BGP 7.7.7.7 source lo0 numeric 
Type escape sequence to abort.
Tracing the route to 7.7.7.7
VRF info: (vrf in name/id, vrf out name/id)
  1 20.1.1.1 16 msec 6 msec 5 msec
  2 10.1.13.13 [MPLS: Labels 24008/39 Exp 0] 65 msec 26 msec 27 msec
  3 10.13.3.3 [MPLS: Labels 20/39 Exp 0] 37 msec 35 msec 34 msec
  4 10.3.11.11 [MPLS: Labels 24006/39 Exp 0] 39 msec 28 msec 45 msec
  5 10.11.15.15 [MPLS: Labels 24002/39 Exp 0] 37 msec 36 msec 28 msec
  6 20.6.9.6 [MPLS: Label 39 Exp 0] 52 msec 31 msec 29 msec
  7 20.6.9.9 64 msec 30 msec 37 msec
  8 10.9.14.14 [MPLS: Labels 22/38 Exp 0] 57 msec 41 msec 54 msec
  9 10.11.14.11 [MPLS: Labels 27/38 Exp 0] 55 msec 43 msec 47 msec
 10 10.11.10.10 [MPLS: Labels 24007/38 Exp 0] 67 msec 53 msec 117 msec
 11 20.7.12.12 [MPLS: Label 38 Exp 0] 38 msec 50 msec 43 msec
 12 20.7.12.7 72 msec *  486 msec

 As you can see the path changed.

 Thanks for stopping by!
Rob Riker, CCIE #50693
Posted by at
Labels: , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)