Option A L3NNI

Load russo.pl.course.inter-as.init.cfg

#IOS-XE
config replace flash:russo.pl.course.inter-as.init.cfg
 
#IOS-XR
configure
load bootflash:russo.pl.course.inter-as.init.cfg
commit replace
y

Configure inter-AS option A using the following guidelines:

• Globomantics is AS65001 and Wired Brain is AS65002

• XR11 must set LP to 50 for the following prefixes received from CSR3:

  • 2001:DB8:3::102/128, 2001:DB8:3::103/128

  • 192.0.2.2, 192.0.2.3

• XR11 must prepend the customer’s AS path three times towards CSR3 for prefixes originated from CSR1’s AS65101

• VRF L3B and L3C on R8/R10 are currently importing/exporting different RTs. On R3, routes from both VRFs must be imported/exported as if they are in one single VRF.

• Use outer-VLAN 3888 inner-VLAN 311 for the XR11-R3 link

  • Use 10.3.11.0/24 and fc00:10:3:11::/64

• Use outer-VLAN 3777 inner-VLAN 23 for the R2-R3 link

  • Use 10.2.3.0/24 and fc00:10:2:3::/64

All IGP/BGP peerings are already setup (except for the ASBR-ASBR peerings for option A).

Answer

#R3
vrf definition L3BC
 rd 65000:123
 route-target export 65000:103
 route-target import 65000:102
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
int gi2.3113888
 encapsulation dot1q 3888 second-dot1q 311
 vrf forward L3BC
 ip add 10.3.11.3 255.255.255.0
 ipv6 add fc00:10:3:11::3/64
!
int gi2.233777
 encapsulation dot1q 3777 second-dot1q 23
 vrf forward L3BC
 ip add 10.2.3.3 255.255.255.0
 ipv6 add fc00:10:2:3::3/64
!
router bgp 65002
 add ipv4 vrf L3BC
  neighbor 10.3.11.11 remote-as 65001
  neighbor 10.2.3.2 remote-as 65001
 add ipv6 vrf L3BC
  neighbor fc00:10:3:11::11 remote-as 65001
  neighbor fc00:10:2:3::2 remote-as 65001

#R2
vrf definition L3A
 rd 65000:101
 route-target export 65000:101
 route-target import 65000:101
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
int gi2.233777
 encapsulation dot1q 3777 second-dot1q 23
 vrf forward L3A
 ip add 10.2.3.2 255.255.255.0
 ipv6 add fc00:10:2:3::2/64
!
router bgp 65001
 add ipv4 vrf L3A
  neighbor 10.2.3.3 remote-as 65002
 add ipv6 vrf L3A
  neighbor fc00:10:2:3::3 remote-as 65002

#XR11
vrf L3A
 add ipv4 unicast
  import route-target 65000:101
  export route-target 65000:101
 add ipv6 unicast
  import route-target 65000:101
  export route-target 65000:101 
!
int gi0/0/0/0.3113888
 encapsulation dot1q 3888 second-dot1q 311
 vrf L3A
 ip add 10.3.11.11 255.255.255.0
 ipv6 add fc00:10:3:11::11/64
!
prefix-set PS_L3A_V4
  192.0.2.2/32,
  192.0.2.3/32
end-set
!
prefix-set PS_L3A_V6
  2001:db8:3::102/128,
  2001:db8:3::103/128
end-set
!
route-policy RPL_L3A_V4_IN
  if destination in PS_L3A_V4 then
    set local-preference 50
  endif
  pass
end-policy
!
route-policy RPL_L3A_V6_IN
  if destination in PS_L3A_V6 then
    set local-preference 50
  endif
  pass
end-policy
!
route-policy RPL_L3A_OUT
  if as-path originates-from '65101'  then
    prepend as-path most-recent 3
  endif
  pass
end-policy
!
router bgp 65001
 vrf L3A
  rd 65000:101
  add ipv4 uni
  add ipv6 uni
  !
  nei 10.3.11.3
	 remote-as 65002
   add ipv4 uni
    route-policy RPL_L3A_V4_IN in
    route-policy RPL_L3A_OUT out
  !
  nei fc00:10:3:11::3
	 remote-as 65002
   add ipv6 uni
    route-policy RPL_L3A_V6_IN in
    route-policy RPL_L3A_OUT out

Explanation

Inter-AS option A is the simplest option, in which the ASBRs treat each other as CEs. The simplest design is a basic PE-CE setup with no policies. For example, the config for R2:

#R2
vrf definition L3A
 rd 65000:101
 route-target export 65000:101
 route-target import 65000:101
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
int gi2.233777
 encapsulation dot1q 3777 second-dot1q 23
 vrf forward L3A
 ip add 10.2.3.2 255.255.255.0
 ipv6 add fc00:10:2:3::2/64
!
router bgp 65001
 add ipv4 vrf L3A
  neighbor 10.2.3.3 remote-as 65002
 add ipv6 vrf L3A
  neighbor fc00:10:2:3::3 remote-as 65002

By looking at the config above, you cannot tell whether R2 is connecting to a true CE or an ASBR. There is no difference.

There is some slight complexity within the Wired Brain (AS65002) network. The L3B and L3C VRFs use different RTs for import and export. This means that R8 and R10 do not import routes learned from the other PE:

#R8
vrf definition L3B
 rd 65000:102
 route-target export 65000:102
 route-target import 65000:103

#R10
vrf definition L3C
 rd 65000:103
 route-target export 65000:102
 route-target import 65000:103

This task requires us to create a VRF on R3 that imports all routes from both VRFs. This is simply done by reversing the RT policy:

#R3
vrf definition L3BC
 rd 65000:123
 route-target export 65000:103
 route-target import 65000:102

Next, we have two ASBR-ASBR links (XR11-R3 and R2-R3). This task asks us to configure policies on XR11 so that this link is only used if the R2-R3 link fails.

First we setup an outbound policy which matches routes originated from 65101 and prepends the customer’s AS three time. Since this is address-familiy independent, this same RPL can be used for both IPv4 and IPv6 outbound routes.

#XR11
route-policy RPL_L3A_OUT
  if as-path originates-from '65101'  then
    prepend as-path most-recent 3
  endif
  pass
end-policy
!
router bgp 65001
 vrf L3A
  nei 10.3.11.3
	 remote-as 65002
   add ipv4 uni
    route-policy RPL_L3A_OUT out
  !
  nei fc00:10:3:11::3
	 remote-as 65002
   add ipv6 uni
    route-policy RPL_L3A_OUT out

On R3 we can confirm that the routes are prepended from XR11:

To influence AS65001 to prefer the R2-R3 link, XR11 sets local preference low for prefixes received from R3:

#XR11
prefix-set PS_L3A_V4
  192.0.2.2/32,
  192.0.2.3/32
end-set
!
prefix-set PS_L3A_V6
  2001:db8:3::102/128,
  2001:db8:3::103/128
end-set
!
route-policy RPL_L3A_V4_IN
  if destination in PS_L3A_V4 then
    set local-preference 50
  endif
  pass
end-policy
!
route-policy RPL_L3A_V6_IN
  if destination in PS_L3A_V6 then
    set local-preference 50
  endif
  pass
end-policy
!
router bgp 65001
 vrf L3A
  nei 10.3.11.3
	 remote-as 65002
   add ipv4 uni
    route-policy RPL_L3A_V4_IN in
  !
  nei fc00:10:3:11::3
	 remote-as 65002
   add ipv6 uni
    route-policy RPL_L3A_V6_IN in

We can confirm that LP is set to 50 for these prefixes.

Notice that XR11 hides this alternative path because only the best path is sent to its iBGP peers. For example, if we look at the RR, we only see one path for 192.0.2.2/32. This can prevent fast convergence and load sharing.

Even if XR11 uses a unique RD, this would not solve the issue. In addition, XR11 would have to use a technique such as advertise-best-external.

#XR11
router bgp 65001
 vrf L3A
  rd 65001:111
  address-family ipv4 unicast
   advertise best-external
  !
  address-family ipv6 unicast
   advertise best-external

Moving on, when we trace from R1’s L3A to L3B or L3C, we see that traffic takes the R2-R3 link. Notice that the traceroute has an unlabeled hop in the middle at the L3 NNI. This is a characteristic of inter-AS option A.