Lab9 MPLS + RDs + UCMP

Load unix:lab9.init.cfg. You may need to replace with unix:blank.cfg first.

configure replace unix:lab9.init.cfg

R7 is the only RR, and it is reflecting VPNv4 and VPN6 routes. The iBGP sessions have already been established.

On the PEs, place the customer in a VRF called CUST_A and exchange IPv4 and IPv6 routes.
- The VRF has not been configured yet.
Configure dmz-linkbw so that R2 will forward traffic to R6 in a 2:1 ratio to R4/R5.

Answer

https://www.youtube.com/watch?v=Er2fq1yL0rc&list=PL3Y9eZjZCcsejbVWD3wJIePqe3NiImqxB&index=12

#R2
vrf def CUST_A
 rd 65000:2
 route-target both 65000:200
 add ipv4
 add ipv6
!
interface Ethernet0/1
 vrf forwarding CUST_A
 ip address 10.1.2.2 255.255.255.0
 ipv6 address FE80::2 link-local
 ipv6 address FC00:10:1:2::2/64
!
router bgp 65000
 add vpnv4
  bgp dmzlink-bw
 add vpnv6
  bgp dmzlink-bw
 add ipv4 vrf CUST_A
  neighbor 10.1.2.1 remote-as 65001
  maximum-paths ibgp 2
 add ipv6 vrf CUST_A
  neighbor FC00:10:1:2::1 remote-as 65001
  maximum-paths ibgp 2

#R4
vrf def CUST_A
 rd 65000:4
 route-target both 65000:200
 add ipv4
 add ipv6
!
interface Ethernet0/2
 vrf forwarding CUST_A
 ip address 10.4.6.4 255.255.255.0
 ipv6 address FE80::4 link-local
 ipv6 address FC00:10:4:6::4/64
!
router bgp 65000
 !
 add vpnv4
  bgp dmzlink-bw
 add vpnv6
  bgp dmzlink-bw
 add ipv4 vrf CUST_A
  neighbor 10.4.6.6 remote-as 65006
  neighbor 10.4.6.6 dmzlink-bw
 add ipv6 vrf CUST_A
  neighbor FC00:10:4:6::6 remote-as 65006
  neighbor FC00:10:4:6::6 dmzlink-bw

#R5
vrf def CUST_A
 rd 65000:5
 route-target both 65000:200
 add ipv4
 add ipv6
!
interface Ethernet0/1
 vrf forwarding CUST_A
 ip address 10.5.6.5 255.255.255.0
 ipv6 address FE80::5 link-local
 ipv6 address FC00:10:5:6::5/64
!
router bgp 65000
 !
 add vpnv4
  bgp dmzlink-bw
 add vpnv6
  bgp dmzlink-bw
 add ipv4 vrf CUST_A
  neighbor 10.5.6.6 remote-as 65006
  neighbor 10.5.6.6 dmzlink-bw
 add ipv6 vrf CUST_A
  neighbor FC00:10:5:6::6 remote-as 65006
  neighbor FC00:10:5:6::6 dmzlink-bw

Explanation/Verification

This lab uses VPNv4 and VPN6 for the first time in this topology. The VRF configuration is straightforward. The PEs must each use a unique RD, because we are not using add path. Without this, R7 will pick the best path for all routes with the same RD. R7 would end up reflecting only the path via R4 to R2.

The BGP configuration uses VPNv4 and VPNv6 for iBGP RR. All routers activate bgp dmzlink-bw for these address families.

On R4 and R5, we specify the R6 neighbor with dmzlink-bw to add the dmz link-bw extcommunity to routes learned from this peer.

#R4
router bgp 65000
 add ipv4 vrf CUST_A
  neighbor 10.4.6.6 dmzlink-bw
 add ipv6 vrf CUST_A
  neighbor FC00:10:4:6::6 dmzlink-bw

#R5
router bgp 65000
 add ipv4 vrf CUST_A
  neighbor 10.5.6.6 dmzlink-bw
 add ipv6 vrf CUST_A
  neighbor FC00:10:5:6::6 dmzlink-bw

On R7, we can see both routes are learned and both are choosen as a best path. This is because we are using unique RDs per-PE. This is an easy way to achieve additional path functionality in a VPN environment.

Thanks to the unique RDs, R2 receives both paths. R2 also configures mulitpath for iBGP routes under the customer VRF in BGP. This allows R2 to do UCMP for this VPN.

#R2
router bgp 65000
 add vpnv4
  bgp dmzlink-bw
 add vpnv6
  bgp dmzlink-bw
 add ipv4 vrf CUST_A
  maximum-paths ibgp 2
 add ipv6 vrf CUST_A
  maximum-paths ibgp 2

We can see the traffic share count is 2:1 for IPv4 traffic:

The hash buckets in the CEF internal output give us another way to verify the 2:1 share ratio.

R2#show ip cef vrf CUST_A 192.0.2.6 internal
192.0.2.6/32, epoch 0, flags [rlbls], RIB[B], refcnt 5, per-destination sharing
  sources: RIB
  feature space:
    IPRM: 0x00018000
    LFD: 192.0.2.6/32 0 local labels
        contains path extension list
  ifnums: (none)
  path list C77F1D34, 3 locks, per-destination, flags 0x249 [shble, rif, hwcn, bgp]
    path C77D7EAC, share 1/1, type recursive, for IPv4, flags [must-be-lbld]
      MPLS short path extensions: [rib] MOI flags = 0x0 label 5013
      recursive via 10.0.0.5[IPv4:Default] label 5013, fib C7902ED4, 1 terminal fib, v4:Default:10.0.0.5/32
      path list C77F1E24, 17 locks, per-destination, flags 0x4D [shble, hvsh, rif, hwcn]
          path C77D7E40, share 1/1, type attached nexthop, for IPv4
            MPLS short path extensions: [none] MOI flags = 0x0 label 3002
            nexthop 10.2.3.3 Ethernet0/1 label 3002-(local:2002), IP adj out of Ethernet0/1, addr 10.2.3.3 C5792B90
    path C77D7A74, share 2/2, type recursive, for IPv4, flags [must-be-lbld]
      MPLS short path extensions: [rib] MOI flags = 0x0 label 4012
      recursive via 10.0.0.4[IPv4:Default] label 4012, fib C7724AB4, 1 terminal fib, v4:Default:10.0.0.4/32
      path list C77F1E24, 17 locks, per-destination, flags 0x4D [shble, hvsh, rif, hwcn]
          path C77D7E40, share 1/1, type attached nexthop, for IPv4
            MPLS short path extensions: [none] MOI flags = 0x0 label 3001
            nexthop 10.2.3.3 Ethernet0/1 label 3001-(local:2001), IP adj out of Ethernet0/1, addr 10.2.3.3 C5792B90
  output chain:
    loadinfo C4AF1488, per-session, 2 choices, flags 0003, 4 locks
      flags [Per-session, for-rx-IPv4]
      15 hash buckets
        < 0 > label 5013
              label 3002-(local:2002)
              TAG adj out of Ethernet0/1, addr 10.2.3.3 C5792A60
        < 1 > label 4012
              label 3001-(local:2001)
              TAG adj out of Ethernet0/1, addr 10.2.3.3 C5792A60
        < 2 > label 5013
              label 3002-(local:2002)
              TAG adj out of Ethernet0/1, addr 10.2.3.3 C5792A60
        < 3 > label 4012
              label 3001-(local:2001)
              TAG adj out of Ethernet0/1, addr 10.2.3.3 C5792A60
        < 4 > label 5013
              label 3002-(local:2002)
              TAG adj out of Ethernet0/1, addr 10.2.3.3 C5792A60
        < 5 > label 4012
              label 3001-(local:2001)
              TAG adj out of Ethernet0/1, addr 10.2.3.3 C5792A60
        < 6 > label 5013
              label 3002-(local:2002)
              TAG adj out of Ethernet0/1, addr 10.2.3.3 C5792A60
        < 7 > label 4012
              label 3001-(local:2001)
              TAG adj out of Ethernet0/1, addr 10.2.3.3 C5792A60
        < 8 > label 5013
              label 3002-(local:2002)
              TAG adj out of Ethernet0/1, addr 10.2.3.3 C5792A60
        < 9 > label 4012
              label 3001-(local:2001)
              TAG adj out of Ethernet0/1, addr 10.2.3.3 C5792A60
        <10 > label 4012
              label 3001-(local:2001)
              TAG adj out of Ethernet0/1, addr 10.2.3.3 C5792A60
        <11 > label 4012
              label 3001-(local:2001)
              TAG adj out of Ethernet0/1, addr 10.2.3.3 C5792A60
        <12 > label 4012
              label 3001-(local:2001)
              TAG adj out of Ethernet0/1, addr 10.2.3.3 C5792A60
        <13 > label 4012
              label 3001-(local:2001)
              TAG adj out of Ethernet0/1, addr 10.2.3.3 C5792A60
        <14 > label 4012
              label 3001-(local:2001)
              TAG adj out of Ethernet0/1, addr 10.2.3.3 C5792A60

As in lab2, DMZ Link-BW does not work for IPv6, so we can skip the verification.

PreviousLab8 MPLS + Shadow RR NextBGP Multi-Homing (XR)

Last updated 5 months ago