Lab9 MPLS + RDs + UCMP

Load lab9.init.cfg

#R1, R6
configure replace unix:lab9.init.cfg

#R2-R5, R7
configure
load bootflash:lab9.init.cfg
commit replace
y

R7 is the only RR, and it is reflecting VPNv4 and VPN6 routes. The iBGP sessions have already been established.

  • On the PEs, place the customer in a VRF called CUST_A and exchange IPv4 and IPv6 routes.

    • The VRF has not been configured yet.

  • Configure dmz-linkbw so that R2 will forward traffic to R6 in a 2:1 ratio to R4/R5.

Answer

https://www.youtube.com/watch?v=Er2fq1yL0rc&list=PL3Y9eZjZCcsejbVWD3wJIePqe3NiImqxB&index=12

#R2
vrf CUST_A
 address-family ipv4 unicast
  import route-target
   100:100
  !
  export route-target
   100:100
 !
 address-family ipv6 unicast
  import route-target
   100:100
  !
  export route-target
   100:100
!
interface GigabitEthernet0/0/0/0
 vrf CUST_A
 no ipv4 address
 ipv4 address 10.1.2.2 255.255.255.0
 no ipv6 address
 ipv6 address fe80::2 link-local
 ipv6 address fc00:10:1:2::2/64
!
router bgp 65000
 no neighbor 10.1.2.1
 no neighbor fc00:10:1:2::1
 vrf CUST_A
  rd 100:2
  address-family ipv4 unicast
   maximum-paths ibgp 2
  !
  address-family ipv6 unicast
   maximum-paths ibgp 2
  !
  neighbor 10.1.2.1
   remote-as 65001
   address-family ipv4 unicast
    route-policy PASS in
    route-policy PASS out
   !
  !
  neighbor fc00:10:1:2::1
   remote-as 65001
   address-family ipv6 unicast
    route-policy PASS in
    route-policy PASS out

#R4
vrf CUST_A
 address-family ipv4 unicast
  import route-target
   100:100
  !
  export route-target
   100:100
 !
 address-family ipv6 unicast
  import route-target
   100:100
  !
  export route-target
   100:100
!
interface GigabitEthernet0/0/0/1
 vrf CUST_A
 no ipv4 address
 ipv4 address 10.4.6.4 255.255.255.0
 no ipv6 address
 ipv6 address fe80::4 link-local
 ipv6 address fc00:10:4:6::4/64
!
router bgp 65000
 no neighbor 10.4.6.6
 no neighbor fc00:10:4:6::6
 vrf CUST_A
  rd 100:4
  address-family ipv4 unicast
  !
  address-family ipv6 unicast
  !
  neighbor 10.4.6.6
   dmz-link-bandwidth
   remote-as 65006
   address-family ipv4 unicast
    route-policy PASS in
    route-policy PASS out
   !
  !
  neighbor fc00:10:4:6::6
   dmz-link-bandwidth
   remote-as 65006
   address-family ipv6 unicast
    route-policy PASS in
    route-policy PASS out

#R5
vrf CUST_A
 address-family ipv4 unicast
  import route-target
   100:100
  !
  export route-target
   100:100
 !
 address-family ipv6 unicast
  import route-target
   100:100
  !
  export route-target
   100:100
!
interface GigabitEthernet0/0/0/0
 vrf CUST_A
 no ipv4 address
 ipv4 address 10.5.6.5 255.255.255.0
 no ipv6 address
 ipv6 address fe80::5 link-local
 ipv6 address fc00:10:5:6::5/64
!
router bgp 65000
 no neighbor 10.5.6.6
 no neighbor fc00:10:5:6::6
 vrf CUST_A
  rd 100:5
  address-family ipv4 unicast
  !
  address-family ipv6 unicast
  !
  neighbor 10.5.6.6
   dmz-link-bandwidth
   remote-as 65006
   address-family ipv4 unicast
    route-policy PASS in
    route-policy PASS out
   !
  !
  neighbor fc00:10:5:6::6
   dmz-link-bandwidth
   remote-as 65006
   address-family ipv6 unicast
    route-policy PASS in
    route-policy PASS out

Explanation/Verification

This lab uses VPNv4 and VPN6 for the first time in this topology. The VRF configuration is straightforward. The PEs must each use a unique RD, because we are not using add path. Without this, R7 will pick the best path for all routes with the same RD. R7 would end up reflecting only the path via R4 to R2.

The BGP configuration uses VPNv4 and VPNv6 for iBGP RR. On IOS-XE, all routers would need to activate bgp dmzlink-bw for the VPNv4/VPNv6 address-family. But on IOS-XR, you only need this command under the neighbor.

On R4 and R5, we specify the R6 neighbor with dmz-link-bandwidth to add the dmz link-bw extcommunity to routes learned from this peer.

#R4
router bgp 65000
 vrf CUST_A
  neighbor 10.4.6.6
   dmz-link-bandwidth
  !
  neighbor fc00:10:4:6::6
   dmz-link-bandwidth

#R5
router bgp 65000
 vrf CUST_A
  neighbor 10.5.6.6
   dmz-link-bandwidth
  neighbor fc00:10:5:6::6
   dmz-link-bandwidth

On R7, we can see both routes are learned and both are choosen as a best path. This is because we are using unique RDs per-PE. This is an easy way to achieve additional path functionality in a VPN environment.

Thanks to the unique RDs, R2 receives both paths. R2 also configures mulitpath for iBGP routes under the customer VRF in BGP. This allows R2 to do UCMP for this VPN.

#R2
router bgp 65000
 vrf CUST_A
  rd 100:2
  address-family ipv4 unicast
   maximum-paths ibgp 2
  !
  address-family ipv6 unicast
   maximum-paths ibgp 2

We can see the traffic share count is 2:1 for IPv4 traffic:

Unlike on IOS-XE, dmz-linkbw works for VPNv6 on IOS-XR:

Using show cef … detail on IOS-XR, we can see the 2:1 load distribution. There are two hashes for path 0, which is via R4, and one for path 1, which is via R5.

PreviousLab8 MPLS + “Shadow RR”NextLab10 MPLS + Same RD + Add-Path + UCMP

Last updated