Lab_5_OSPF_MPLS_sham_link_on_MPLS_VPN_1698700003.pdf

MPLS VPN
Practice Labs
Redouane MEDDANE
Lab 5: OSPF MPLS sham link on MPLS VPN
Create VRF CUST-A, RD 1:111, RT 1:100
PE1
ip vrf CUST-A
rd 1:111
route-target export 1:100
route-target import 1:100
!
interface fa0/0
ip vrf forwarding CUST-A
ip address 10.1.1.1 255.255.255.252
PE2
ip vrf CUST-A
rd 1:111
route-target export 1:100
route-target import 1:100
!
interface fa0/0
ip vrf forwarding CUST-A
ip address 10.2.2.1 255.255.255.252
Configuring the IGP Between PE and CE routers using OSPF process-ID 10 and area 0

and the Backdoor Link between CE-A1 and CE-A2 routers using the same parameters:
CE-A1:
router ospf 10
network 10.1.1.2 0.0.0.0 area 0
network 12.0.0.1 0.0.0.0 area 0
network 172.16.1.1 0.0.0.0 area 0
CE-A2:
router ospf 10
network 10.2.2.2 0.0.0.0 area 0
network 12.0.0.2 0.0.0.0 area 0
network 172.16.2.1 0.0.0.0 area 0
PE1:
router ospf 10 vrf CUST-A

network 10.1.1.1 0.0.0.0 area 0
PE2:
network 10.2.2.1 0.0.0.0 area 0
Redistribution Between PE-CE routers (between OSPF and MP-BGP):
PE1:
router bgp 65000
address-family ipv4 vrf CUST-A
redistribute ospf 10
!
router ospf 10
redistribute bgp 65000 subnet
PE1:
router bgp 65000
redistribute ospf 10
!
router ospf 10
redistribute bgp 65000 subnets
Configuration MP-BGP Between PEs routers:
PE1:
router bgp 65000
neighbor 2.2.2.2 remote-as 65000
neighbor 2.2.2.2 update-source loop0
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community
PE2:
router bgp 65000
neighbor 1.1.1.1 remote-as 65000
neighbor 1.1.1.1 update-source loop0
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community
MP-BGP uses two extended communities when redistributing from OSPF. These
communities help other PEs to identify how they should advertise into OSPF those
received BGP prefixes. Those communities are “OSPF Route Type” and “OSPF Domain-
ID”.
When all PEs use the same Domain-ID, these prefixes will be redistributed from MP-
BGP into OSPF as a Summary LSA Type 3.
Verify the per-RD BGP table:
PE1#show ip bgp vpnv4 all
BGP table version is 15, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:111 (default for vrf CUST-A)
* i 10.1.1.0/24 2.2.2.2 3 100 0 ?
*> 0.0.0.0 0 32768 ?
*> 10.2.2.0/24 10.1.1.2 3 32768 ?
* i 2.2.2.2 0 100 0 ?
*> 12.0.0.0/24 10.1.1.2 2 32768 ?
* i 2.2.2.2 2 100 0 ?
* i 172.16.1.0/24 2.2.2.2 3 100 0 ?
*> 10.1.1.2 2 32768 ?
*> 172.16.2.0/24 10.1.1.2 3 32768 ?
* i 2.2.2.2 2 100 0 ?
PE1#
Verify the neighbor relationship between CE-A1 and CE-A2 routers:
CE-A1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.2.1 1 FULL/DR 00:00:38 12.0.0.2 FastEthernet0/1
10.1.1.1 1 FULL/DR 00:00:39 10.1.1.1 FastEthernet0/0
CE-A1#
CE-A2#show ip ospf neighbor
10.2.2.1 1 FULL/BDR 00:00:33 10.2.2.1 FastEthernet0/0
CE-A2#
The show ip ospf command shown that the MPLS VPN backbone acts as a Super
Backbone, therefore the PE routers act as an ABR:
PE1# show ip ospf
Routing Process "ospf 10" with ID 10.1.1.1
Domain ID type 0x0005, value 0.0.0.10
Start time: 00:16:16.268, Time elapsed: 00:25:26.824
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Supports NSSA (compatible with RFC 3101)
Connected to MPLS VPN Superbackbone, VRF CUST-A
Event-log disabled
It is an area border and autonomous system boundary router
Redistributing External Routes from,
bgp 65000, includes subnets in redistribution
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs

Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Number of areas transit capable is 0
External flood list length 0
IETF NSF helper support enabled
Cisco NSF helper support enabled
Reference bandwidth unit is 100 mbps
Area BACKBONE(0)
Number of interfaces in this area is 1
Area has no authentication
SPF algorithm last executed 00:06:51.516 ago
SPF algorithm executed 8 times
Area ranges are
Number of LSA 10. Checksum Sum 0x05202F
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
PE1#
CE-A1 router has two path to reach 172.16.2.0/24 prefix, one path through the
backbone MPLS and another path through the Backdoor Link.
In term of routing, CE-A1 is receiving an LSA Type 1 through the Backdoor Link and
learned from CE-A2 representing an intra-area route and an LSA Type 3 through the
Backbone MPLS representing an inter-area route and learned from PE1 routerwe’ll
find out that traffic doesn’t cross the MPLS backbone, but the backdoor link
instead. In this case, an LSA Type 1 is preferred over LSA Type 3 in OSPF, as we
can see in the routing table of CE-A1 and also the CE-A2 router:
CE-A1 prefers to use the backdoor-link, and the prefix is seen as Intra-Area OSPF
with a metric of 2:
CE-A1#show ip route OSPF | beg Gate
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
O 10.2.2.0/24 [110/2] via 12.0.0.2, 00:04:49, FastEthernet0/1
CE-A1#
CE-A1#show ip route 172.16.2.0
Routing entry for 172.16.2.0/24
Known via "ospf 10", distance 110, metric 2, type intra area
Last update from 12.0.0.2 on FastEthernet0/1, 00:05:23 ago
Routing Descriptor Blocks:
* 12.0.0.2, from 172.16.2.1, 00:05:23 ago, via FastEthernet0/1
Route metric is 2, traffic share count is 1
CE-A1#
CE-A2#show ip route OSPF | beg Gate

CE-A2#
CE-A2#
CE-A1 uses the link directly connected to CE-A2 to reach the prefix 172.16.2./24:
CE-A1#traceroute 172.16.2.1 sou 172.16.1.1
Type escape sequence to abort.
Tracing the route to 172.16.2.1
VRF info: (vrf in name/id, vrf out name/id)
1 12.0.0.2 100 msec 80 msec 88 msec
CE-A1#
The show ip ospf database router adv-router 172.16.2.1 command shown the LSA Type
1 advertised by CE-A2 with the router-ID 172.16.2.1 and notice the prefix
172.16.2.0/24 carried in this LSA Type 1 as a Stub Network:
CE-A1#show ip ospf database router adv-router 172.16.2.1
OSPF Router with ID (172.16.1.1) (Process ID 10)
Router Link States (Area 0)
LS age: 577
Options: (No TOS-capability, DC)
LS Type: Router Links
Link State ID: 172.16.2.1
Advertising Router: 172.16.2.1
LS Seq Number: 80000005
Checksum: 0x6132
Length: 60
Number of Links: 3
Link connected to: a Stub Network
(Link ID) Network/subnet number: 172.16.2.0
(Link Data) Network Mask: 255.255.255.0
Number of MTID metrics: 0
TOS 0 Metrics: 1
Link connected to: a Transit Network
(Link ID) Designated Router address: 10.2.2.2
(Link Data) Router Interface address: 10.2.2.2
TOS 0 Metrics: 1

TOS 0 Metrics: 1
CE-A1#
Now let's disable the fa0/1 interface of CE-A1 which is connected to CE-A2:
CE-A1(config)#int fa0/1
CE-A1(config-if)#shutdown
Let's verify the routing table, now CE-A1 router installs an inter-area route to
reach the prefix 172.16.2.0/24 through the Backbone MPLS:
CE-A1#show ip route ospf | beg Gate
O IA 10.2.2.0/24 [110/2] via 10.1.1.1, 00:00:44, FastEthernet0/0
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.0.0.0 [110/3] via 10.1.1.1, 00:00:44, FastEthernet0/0
O IA 172.16.2.0/24 [110/3] via 10.1.1.1, 00:00:44, FastEthernet0/0
CE-A1#
Known via "ospf 10", distance 110, metric 3, type inter area
CE-A1#
CE-A1#traceroute 172.16.2.1 sou 172.16.1.1
1 10.1.1.1 88 msec 104 msec 88 msec
2 192.168.1.2 [MPLS: Labels 17/21 Exp 0] 148 msec 116 msec 108 msec
3 10.2.2.1 [MPLS: Label 21 Exp 0] 120 msec 108 msec 84 msec
4 10.2.2.2 152 msec 140 msec 144 msec
CE-A1#
Now The show ip ospf database summary 172.16.2.0 command shown the LSA Type 3
advertised by PE1 with the router-ID 10.1.1.1 and notice the prefix 172.16.2.0/24
carried in this LSA Type 3 as a Summary LSA:
CE-A1#show ip ospf database summary 172.16.2.0
Summary Net Link States (Area 0)
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 192
Options: (No TOS-capability, DC, Downward)
LS Type: Summary Links(Network)
Link State ID: 172.16.2.0 (summary Network Number)

LS Seq Number: 80000001
Checksum: 0xBE3
Length: 28
Network Mask: /24
MTID: 0 Metric: 2
CE-A1#
Now if we want to use the Backdoor Link as a backup route, we need to tell to the
PEs routers to redistribute MP-BGP routes into OSPF as LSA Type 1 instead of LSA
Type 3 by using ospf sham-link between PEs:
To configure sham-link follow the following steps:
1. Create a new Loopback on each PE
2. Insert the new Loopback in the VRF
3. Announce those loopbacks in MP-BGP (not in OSPF)
4. Build an ospf sham-link between each pair of PEs, using the new loopbacks
as origin and destination of the link.
PE1:
int lo10
ip vrf forw CUST-A
ip add 11.11.11.11 255.255.255.255
!
router bgp 65000
net 11.11.11.11 mask 255.255.255.255
!
area 0 sham-link 11.11.11.11 22.22.22.22 cost 1
PE2:
int lo10
ip vrf forw CUST-A
ip add 22.22.22.22 255.255.255.255
!
router bgp 65000
net 22.22.22.22 mask 255.255.255.255
!
area 0 sham-link 22.22.22.22 11.11.11.11 cost 1
An adjacency is built through the sham-link between PE1 and PE2 routers:
PE1#show ip ospf neighbor
10.2.2.1 0 FULL/ - 00:00:22 22.22.22.22 OSPF_SL0
PE1#
Once the sham-link is built, the prefixes between customers using the MPLS
backbone will be received as Router LSA Type 1.
We can verify that the sham-link is established using the sh ip ospf 10 sham-link
command:
PE1#sh ip ospf 10 sham-link

Sham Link OSPF_SL0 to address 22.22.22.22 is up
Area 0 source address 11.11.11.11
Run as demand circuit
DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40,
Hello due in 00:00:08
Adjacency State FULL (Hello suppressed)
Index 2/2, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
PE1#
We can see the new loopback prefixes on the BGP tables: PE1's and PE2's Loopbacks.
PE1#sh ip bgp vpnv4 all
*> 10.1.1.0/24 0.0.0.0 0 32768 ?
r>i 10.2.2.0/24 2.2.2.2 0 100 0 ?
*> 11.11.11.11/32 0.0.0.0 0 32768 i
* i 12.0.0.0/24 2.2.2.2 2 100 0 ?
*> 10.1.1.2 2 32768 ?
*>i 22.22.22.22/32
*> 172.16.1.0/24
2.2.2.2
10.1.1.2
0 100
2
0 i
32768 ?
r>i 172.16.2.0/24 2.2.2.2 2 100 0 ?
PE1#
PE2#sh ip bgp vpnv4 all
r>i 10.1.1.0/24 1.1.1.1 0 100 0 ?
*> 10.2.2.0/24 0.0.0.0 0 32768 ?
*>i 11.11.11.11/32 1.1.1.1 0 100 0 i
*> 12.0.0.0/24 10.2.2.2 2 32768 ?
* i 1.1.1.1 2 100 0 ?
*> 22.22.22.22/32 0.0.0.0 0 32768 i
r>i 172.16.1.0/24 1.1.1.1 2 100 0 ?
*> 172.16.2.0/24
PE2#
10.2.2.2 2 32768 ?
We can also see the details of how the prefix is seen on the BGP table:
PE1#sh bgp vpnv4 uni all 172.16.2.0/24
BGP routing table entry for 1:111:172.16.2.0/24, version 28

Paths: (1 available, best #1, table CUST-A, RIB-failure(17) - next-hop mismatch)
Not advertised to any peer
Refresh Epoch 1
Local
2.2.2.2 (metric 2809856) from 2.2.2.2 (2.2.2.2)
Origin incomplete, metric 2, localpref 100, valid, internal, best
Extended Community: RT:1:100 OSPF DOMAIN ID:0x0005:0x0000000A0200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.2.2.1:0
mpls labels in/out nolabel/21
rx pathid: 0, tx pathid: 0x0
PE1#
PE2#sh bgp vpnv4 uni all 172.16.1.0/24
BGP routing table entry for 1:111:172.16.1.0/24, version 27
Paths: (1 available, best #1, table CUST-A, RIB-failure(17) - next-hop mismatch)
Not advertised to any peer
Refresh Epoch 1
Local
1.1.1.1 (metric 2809856) from 1.1.1.1 (1.1.1.1)
Origin incomplete, metric 2, localpref 100, valid, internal, best
Extended Community: RT:1:100 OSPF DOMAIN ID:0x0005:0x0000000A0200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.1.1.1:0
mpls labels in/out nolabel/19
rx pathid: 0, tx pathid: 0x0
PE2#
Let's verify the routing table of CE-A1 router.
It is still using the Backdoor Link because the metric est better.
CE-A1#
CE-A1#tracer 172.16.2.1 sou 172.16.1.1
1 12.0.0.2 84 msec 80 msec 108 msec
CE-A1#
Let's summarize:
-The metric of the intra-area route through the Backdoor Link is 2.
-The metric of the intra-area route through the Backbone MPLS is 4.
We can verify the metric of the path through the Backbone MPLS by disabling the
fa0/1 interface:
CE-A1(config)#int fa0/1
CE-A1(config-if)#shu
CE-A1(config-if)#shutdown

CE-A1#
CE-A1#show ip ospf database router adv-router 172.16.2.1
Router Link States (Area 0)
LS age: 160
Options: (No TOS-capability, DC)
LS Type: Router Links
Link State ID: 172.16.2.1
LS Seq Number: 8000000B
Checksum: 0x5538
Length: 60
Number of Links: 3
Link connected to: a Stub Network
(Link ID) Network/subnet number: 172.16.2.0
(Link Data) Network Mask: 255.255.255.0
TOS 0 Metrics: 1
TOS 0 Metrics: 1
TOS 0 Metrics: 1
CE-A1#
To ensure so that the Backbone MPLS will be the primary path to reach the prefix
172.16.2.0/24, we need to increment the OSPF cost in the backdoor link.
CE-A1(config-if)#int fa0/1
CE-A1(config-if)#ip ospf cost 4
Now after changing the OSPF cost of the backdoor link, CE-A1 prefers to use the
intra-area route through MPLS backbone:
Notice that the The prefix 172.16.2.0/24 is seen as Intra-Area, and PE1's and
PE2's loopbacks as External routes:
CE-A1#show ip route ospf | beg Gate

O E2 11.11.11.11 [110/1] via 10.1.1.1, 00:00:57, FastEthernet0/0
O E2 22.22.22.22 [110/1] via 10.1.1.1, 00:00:57, FastEthernet0/0
O 172.16.2.0/24 [110/4] via 10.1.1.1, 00:00:57,
FastEthernet0/0CE-A1#
CE-A1#show ip route
172.16.2.0 Routing
entry for 172.16.2.0/24
Known via "ospf 10", distance 110, metric 4, type
intra areaLast update from 10.1.1.1 on
FastEthernet0/0, 00:01:06 ago Routing Descriptor
Blocks:
* 10.1.1.1, from 172.16.2.1, 00:01:06 ago, via
FastEthernet0/0Route metric is 4, traffic share
count is 1
CE-A1#

Lab_5_OSPF_MPLS_sham_link_on_MPLS_VPN_1698700003.pdf

Recommended

Recommended

More Related Content

Similar to Lab_5_OSPF_MPLS_sham_link_on_MPLS_VPN_1698700003.pdf

Similar to Lab_5_OSPF_MPLS_sham_link_on_MPLS_VPN_1698700003.pdf (20)

Recently uploaded

Recently uploaded (20)

Lab_5_OSPF_MPLS_sham_link_on_MPLS_VPN_1698700003.pdf