Tải bản đầy đủ (.pdf) (28 trang)
  1. Trang chủ
    2. >>
  2. Cao đẳng - Đại học
    3. >>
  3. Công nghệ thông tin

CCNA Lab - Solution Rev1.0 Advanced MPLS II

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (267.86 KB, 28 trang )

ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab16 Solutions: Advanced MPLS II

Task 16.1:
Task 16.2:
These topics were covered in previous labs. Please refer back to ISIS labs’ solutions if you need a reminder.

Task 16.3: Configure IGP in SP2 PE-CE:
♦ In PE4, configure PE4-CE6 protocol as OSPF area 0.
PE4-RACK1(config)#ip vrf solaris
PE4-RACK1(config-vrf)# rd 200:200
PE4-RACK1(config-vrf)# route-target export 200:200
PE4-RACK1(config-vrf)# route-target import 200:200
PE4-RACK1(config-vrf)#interface FastEthernet0/1.600
PE4-RACK1(config-subif)#description TO svi 3550-CE6 VPN SOLARIS SITE 2
PE4-RACK1(config-subif)#encapsulation dot1Q 600
PE4-RACK1(config-subif)#ip vrf forwarding solaris
PE4-RACK1(config-subif)#ip address 172.16.60.4 255.255.255.0
PE4-RACK1(config-subif)#ip ospf message-digest-key 1 md5 iementor
PE4-RACK1(config-subif)#ip ospf network point-to-point
PE4-RACK1(config-subif)#no snmp trap link-status
PE4-RACK1(config-subif)#router ospf 6 vrf solaris
PE4-RACK1(config-router)# log-adjacency-changes detail
PE4-RACK1(config-router)# area 0 authentication message-digest
PE4-RACK1(config-router)# network 172.16.60.0 0.0.0.255 area 0
3550-CE6(config)#interface Vlan600
3550-CE6(config-if)# ip address 172.16.60.6 255.255.255.0
3550-CE6(config-if)# ip ospf message-digest-key 1 md5 iementor


3550-CE6(config-if)# ip ospf network point-to-point
3550-CE6(config-if)#router ospf 200
3550-CE6(config-router)# router-id 6.6.6.6
3550-CE6(config-router)# log-adjacency-changes detail
3550-CE6(config-router)# area 0 authentication message-digest
3550-CE6(config-router)# network 6.6.6.6 0.0.0.0 area 0
3550-CE6(config-router)# network 172.16.60.0 0.0.0.255 area 0

♦ In PE4, configure PE4-BB3 protocol as BGP AS57.
♦ Secure routing protocol sessions.
PE4-RACK1(config)#router bgp 65002
PE4-RACK1(config-router)# address-family ipv4 vrf green
PE4-RACK1(config-router-af)# redistribute connected
PE4-RACK1(config-router-af)# neighbor 172.16.30.3 remote-as 57
PE4-RACK1(config-router-af)# neighbor 172.16.30.3 password iem
PE4-RACK1(config-router-af)# neighbor 172.16.30.3 activate
PE4-RACK1(config-router-af)# no auto-summary

1

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab16 Solutions: Advanced MPLS II


PE4-RACK1(config-router-af)# no synchronization
PE4-RACK1(config-router-af)# exit-address-family
BB3-RACK1(config)#router bgp 57
BB3-RACK1(config-router)# no synchronization
BB3-RACK1(config-router)# bgp log-neighbor-changes
BB3-RACK1(config-router)# neighbor 172.16.30.4 remote-as 65002
BB3-RACK1(config-router)# neighbor 172.16.30.4 password iem
BB3-RACK1(config-router)# no auto-summary

Task 16.4:
Task 16.5: Advertise Loopbacks in BB3 in AS57.
BB3-RACK1(config-router)# redistribute connected metric 2

Task 16.6:
This example represents the same steps for PE1, PE2, and PE3.
Exclude RR from the MPLS/LDP configuration because RR is not in
data-path forwarding.
PE4-RACK1(config)#ip cef
PE4-RACK1(config)#mpls ip
PE4-RACK1(config)#mpls ldp router-id loopback 0
PE4-RACK1(config)#int fastEthernet 0/0
PE4-RACK1(config-if)#mpls ip

Enable only the interface facing the SP1 and SP2 core. MPLS/LDP
between ASBRs will be handled by mBGP.
ASBR2-RACK1(config)#int e 0/0
ASBR2-RACK1(config-if)#mpls ip

Task 16.7:
RR1-RACK1(config)#router bgp 65001

RR1-RACK1(config-router)#address-family vpnv4
RR1-RACK1(config-router-af)# neighbor ibgp route-reflector-client
RR1-RACK1(config-router-af)# neighbor ibgp send-community extended
RR1-RACK1(config-router-af)# neighbor 10.1.1.1 activate
RR1-RACK1(config-router-af)# neighbor 10.1.1.2 activate
RR1-RACK1(config-router-af)# neighbor 10.1.1.3 activate
RR1-RACK1(config-router-af)# neighbor 10.1.1.100 activate
RR1-RACK1(config-router-af)# neighbor 10.1.1.100 send-community extended
RR1-RACK1(config-router-af)# exit-address-family

To configure VPNv4 simply means removing all IPv4 peerings.

2

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab16 Solutions: Advanced MPLS II

RR1-RACK1(config-router)#router bgp 65001
RR1-RACK1(config-router)#no address-family ipv4

Let’s verify.
RR1-RACK1#sho ip bgp neighbors 10.1.1.100
BGP neighbor is 10.1.1.100, remote AS 100, external link

BGP version 4, remote router ID 10.1.1.100
BGP state = Established, up for 09:15:06
Last read 00:00:07, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: received

Å Needs to be disabled on all

peering routers
Address family VPNv4 Unicast: advertised and received
ASBR1-RACK1(config-router)#router bgp 100
ASBR1-RACK1(config-router)#no address-family ipv4
*Mar 7 09:10:29.117: %BGP-5-ADJCHANGE: neighbor 10.1.1.100 Down Peer
closed the
ASBR1-RACK1#sho ip bgp neighbors 10.1.1.254
BGP neighbor is 10.1.1.254, remote AS 65001, external link
BGP version 4, remote router ID 55.55.55.55
BGP state = Established, up for 00:00:18
Last read 00:00:18, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(old & new)
Address family VPNv4 Unicast: advertised and received

Å correct

output
Template for all PEs:
PE1-RACK1(config)#router bgp 65001
PE1-RACK1(config-router)# no synchronization

PE1-RACK1(config-router)# bgp log-neighbor-changes
PE1-RACK1(config-router)# neighbor 10.1.1.254 remote-as 65001
PE1-RACK1(config-router)# neighbor 10.1.1.254 update-source Loopback0
PE1-RACK1(config-router)# no auto-summary
PE1-RACK1(config-router)# address-family vpnv4
PE1-RACK1(config-router-af)# neighbor 10.1.1.254 activate
PE1-RACK1(config-router-af)# neighbor 10.1.1.254 send-community extended
PE1-RACK1(config-router-af)# exit-address-family

Task 16.8:
♦ Configure VPN Green site 1 PE-CE to PE2 in BGP AS57.

3

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab16 Solutions: Advanced MPLS II

BB1-RACK1(config)#router bgp 57
BB1-RACK1(config-router)# no synchronization
BB1-RACK1(config-router)# bgp log-neighbor-changes
BB1-RACK1(config-router)# network 10.12.1.0 mask 255.255.255.0
BB1-RACK1(config-router)# redistribute connected metric 2
BB1-RACK1(config-router)# redistribute static metric 2

BB1-RACK1(config-router)# neighbor 10.12.1.2 remote-as 65001
BB1-RACK1(config-router)# neighbor 10.12.1.2 description to AS65001-SP1PE2
BB1-RACK1(config-router)# no auto-summary
PE2-RACK1(config-router)#router bgp 65001
PE2-RACK1(config-router)# no synchronization
PE2-RACK1(config-router)# bgp log-neighbor-changes
PE2-RACK1(config-router)# network 22.22.22.0 mask 255.255.255.0
PE2-RACK1(config-router)# neighbor 10.1.1.254 remote-as 65001
PE2-RACK1(config-router)# neighbor 10.1.1.254 update-source Loopback0
PE2-RACK1(config-router)# no auto-summary
PE2-RACK1(config-router)# address-family ipv4 vrf green
PE2-RACK1(config-router-af)# redistribute connected
PE2-RACK1(config-router-af)# redistribute static metric 2
PE2-RACK1(config-router-af)# neighbor 10.12.1.1 remote-as 57
PE2-RACK1(config-router-af)# neighbor 10.12.1.1 activate
PE2-RACK1(config-router-af)# no auto-summary
PE2-RACK1(config-router-af)# no synchronization
PE2-RACK1(config-router-af)# exit-address-family

♦ Configure VPN Green site 2 PE-CE to PE2 in BGP AS8.
CE8-RACK1(config)#router bgp 8
CE8-RACK1(config-router)# no synchronization
CE8-RACK1(config-router)# bgp log-neighbor-changes
CE8-RACK1(config-router)# network 8.8.8.0 mask 255.255.255.0
CE8-RACK1(config-router)# network 10.82.1.0 mask 255.255.255.0
CE8-RACK1(config-router)# neighbor 10.82.1.2 remote-as 65001
CE8-RACK1(config-router)# no auto-summary
PE2-RACK1(config)#router bgp 65001
PE2-RACK1(config-router)# address-family vpnv4
PE2-RACK1(config-router-af)# neighbor 10.1.1.254 activate

PE2-RACK1(config-router-af)# neighbor 10.1.1.254 send-community extended
PE2-RACK1(config-router-af)# exit-address-family
PE2-RACK1(config-router)# address-family ipv4 vrf green
PE2-RACK1(config-router-af)# redistribute connected
PE2-RACK1(config-router-af)# redistribute static metric 2
PE2-RACK1(config-router-af)# neighbor 10.12.1.1 remote-as 57
PE2-RACK1(config-router-af)# neighbor 10.12.1.1 activate
PE2-RACK1(config-router-af)# neighbor 10.82.1.1 remote-as 8
PE2-RACK1(config-router-af)# neighbor 10.82.1.1 activate
PE2-RACK1(config-router-af)# no auto-summary
PE2-RACK1(config-router-af)# no synchronization
PE2-RACK1(config-router-af)# exit-address-family

4

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab16 Solutions: Advanced MPLS II

♦ CORRECTION!!! Configure VPN Solaris site 1 PE-CE to PE3 in
EIGRP.
CE2-RACK1(config)#router eigrp 100
CE2-RACK1(config-router)# network 2.0.0.0
CE2-RACK1(config-router)# network 10.0.0.0

CE2-RACK1(config-router)# no auto-summary
PE3-RACK1(config)#ip vrf solaris
PE3-RACK1(config-vrf)# rd 200:200
PE3-RACK1(config-vrf)# route-target export 200:200
PE3-RACK1(config-vrf)# route-target import 200:200
PE3-RACK1(config-vrf)#router eigrp 100
PE3-RACK1(config-router)# auto-summary
PE3-RACK1(config-router)# address-family ipv4 vrf solaris
PE3-RACK1(config-router-af)# redistribute bgp 65001 metric 1500 500 255
255 1500
PE3-RACK1(config-router-af)# network 10.0.0.0
PE3-RACK1(config-router-af)# no auto-summary
PE3-RACK1(config-router-af)# autonomous-system 100
PE3-RACK1(config-router-af)# exit-address-family
PE3-RACK1(config-router)#router bgp 65001
PE3-RACK1(config-router)# no synchronization
PE3-RACK1(config-router)# bgp log-neighbor-changes
PE3-RACK1(config-router)# network 33.33.33.0 mask 255.255.255.0
PE3-RACK1(config-router)# neighbor 10.1.1.254 remote-as 65001
PE3-RACK1(config-router)# neighbor 10.1.1.254 update-source Loopback0
PE3-RACK1(config-router)# no auto-summary
PE3-RACK1(config-router)# address-family vpnv4
PE3-RACK1(config-router-af)# neighbor 10.1.1.254 activate
PE3-RACK1(config-router-af)# neighbor 10.1.1.254 send-community extended
PE3-RACK1(config-router-af)# exit-address-family
PE3-RACK1(config-router)# address-family ipv4 vrf solaris
PE3-RACK1(config-router-af)# redistribute connected
PE3-RACK1(config-router-af)# redistribute eigrp 100 metric 2
PE3-RACK1(config-router-af)# no auto-summary
PE3-RACK1(config-router-af)# no synchronization

PE3-RACK1(config-router-af)# exit-address-family

Task 16.9:
♦ Configure all MPLS traffic flow over ASBR1 S0/0 to ASBR2 S0/0.
♦ Configure such that only MPLS traffic is allowed from ASBR1 to
ASBR2.
♦ Configure SP1 and SP2 such that VPN Solaris site 2 can
communicate with Solaris site 1.
♦ No IGP is allowed between ASBR1 and ASBR2.

5

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab16 Solutions: Advanced MPLS II

♦ MPLS must be dynamically enabled from ASBR1 to ASBR2.
♦ No static routes allowed.
♦ VPN Solaris site 1 (CE1) should ping site 2 (CE6).
♦ VPN Green site 3 (BB3) should ping VPN Green site 1 and VPN
Green site 2.
This task requires configuring ASBR1 and ASBR2 to support InterAS.
This solution will show you how to activate Inter-AS and you will
notice some challenges in PE1 router peering with ASBR1.

1st Step:
RR1-RACK1(config)#router bgp 65001
RR1-RACK1(config-router)# no bgp default ipv4-unicast
RR1-RACK1(config-router)# bgp log-neighbor-changes
RR1-RACK1(config-router)# neighbor ibgp peer-group
RR1-RACK1(config-router)# neighbor ibgp remote-as 65001
RR1-RACK1(config-router)# neighbor ibgp update-source Loopback0
RR1-RACK1(config-router)# neighbor 10.1.1.1 peer-group ibgp
RR1-RACK1(config-router)# neighbor 10.1.1.2 peer-group ibgp
RR1-RACK1(config-router)# neighbor 10.1.1.3 peer-group ibgp
RR1-RACK1(config-router)# address-family vpnv4
RR1-RACK1(config-router-af)# neighbor ibgp route-reflector-client
RR1-RACK1(config-router-af)# neighbor ibgp send-community extended
RR1-RACK1(config-router-af)# neighbor 10.1.1.1 activate
RR1-RACK1(config-router-af)# neighbor 10.1.1.2 activate
RR1-RACK1(config-router-af)# neighbor 10.1.1.3 activate
RR1-RACK1(config-router-af)# exit-address-family
PE1-RACK1(config)#router bgp 65001
PE1-RACK1(config-router)# bgp log-neighbor-changes
PE1-RACK1(config-router)# neighbor 10.1.1.100 remote-as 100
PE1-RACK1(config-router)# neighbor 10.1.1.100 ebgp-multihop 2
PE1-RACK1(config-router)# neighbor 10.1.1.100 update-source Loopback0
PE1-RACK1(config-router)# neighbor 10.1.1.254 remote-as 65001
PE1-RACK1(config-router)# neighbor 10.1.1.254 update-source Loopback0
PE1-RACK1(config-router)# neighbor 140.100.1.1 remote-as 1540
PE1-RACK1(config-router)# neighbor 140.100.1.1 description To BB2
PE1-RACK1(config-router)# neighbor 140.100.1.1 password iementor
PE1-RACK1(config-router)# address-family vpnv4
PE1-RACK1(config-router-af)# neighbor 10.1.1.100 activate
PE1-RACK1(config-router-af)# neighbor 10.1.1.100 send-community extended

PE1-RACK1(config-router-af)# neighbor 10.1.1.254 activate
PE1-RACK1(config-router-af)# neighbor 10.1.1.254 send-community extended
PE1-RACK1(config-router-af)# exit-address-family

6

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab16 Solutions: Advanced MPLS II

PE2-RACK1(config)#router bgp 65001
PE2-RACK1(config-router)# no bgp default ipv4-unicast
PE2-RACK1(config-router)# bgp log-neighbor-changes
PE2-RACK1(config-router)# neighbor 10.1.1.254 remote-as 65001
PE2-RACK1(config-router)# neighbor 10.1.1.254 update-source Loopback0
PE2-RACK1(config-router)# address-family vpnv4
PE2-RACK1(config-router-af)# neighbor 10.1.1.254 activate
PE2-RACK1(config-router-af)# neighbor 10.1.1.254 send-community extended
PE2-RACK1(config-router-af)# exit-address-family
PE2-RACK1(config-router)# address-family ipv4 vrf green
PE2-RACK1(config-router-af)# redistribute connected metric 2
PE2-RACK1(config-router-af)# redistribute static
PE2-RACK1(config-router-af)# neighbor 10.12.1.1 remote-as 57
PE2-RACK1(config-router-af)# neighbor 10.12.1.1 activate

PE2-RACK1(config-router-af)# neighbor 10.12.1.1 as-override
PE2-RACK1(config-router-af)# neighbor 10.82.1.1 remote-as 8
PE2-RACK1(config-router-af)# neighbor 10.82.1.1 activate
PE2-RACK1(config-router-af)# no auto-summary
PE2-RACK1(config-router-af)# no synchronization
PE2-RACK1(config-router-af)# exit-address-family
PE3-RACK1(config)#router bgp 65001
PE3-RACK1(config-router)# no synchronization
PE3-RACK1(config-router)# bgp log-neighbor-changes
PE3-RACK1(config-router)# neighbor 10.1.1.254 remote-as 65001
PE3-RACK1(config-router)# neighbor 10.1.1.254 update-source Loopback0
PE3-RACK1(config-router)# no auto-summary
PE3-RACK1(config-router)# address-family vpnv4
PE3-RACK1(config-router-af)# neighbor 10.1.1.254 activate
PE3-RACK1(config-router-af)# neighbor 10.1.1.254 send-community extended
PE3-RACK1(config-router-af)# exit-address-family
PE3-RACK1(config-router)# address-family ipv4 vrf solaris
PE3-RACK1(config-router-af)# redistribute connected metric 2
PE3-RACK1(config-router-af)# redistribute eigrp 100 metric 2
PE3-RACK1(config-router-af)# no auto-summary
PE3-RACK1(config-router-af)# no synchronization
PE3-RACK1(config-router-af)# exit-address-family
PE4-RACK1(config)#router bgp 65002
PE4-RACK1(config-router)# no synchronization
PE4-RACK1(config-router)# bgp log-neighbor-changes
PE4-RACK1(config-router)# neighbor 10.1.1.200 remote-as 200
PE4-RACK1(config-router)# neighbor 10.1.1.200 ebgp-multihop 2
PE4-RACK1(config-router)# neighbor 10.1.1.200 update-source Loopback0
PE4-RACK1(config-router)# no auto-summary
PE4-RACK1(config-router)# address-family vpnv4

PE4-RACK1(config-router-af)# neighbor 10.1.1.200 activate
PE4-RACK1(config-router-af)# neighbor 10.1.1.200 send-community extended
PE4-RACK1(config-router-af)# exit-address-family
PE4-RACK1(config-router)# address-family ipv4 vrf solaris
PE4-RACK1(config-router-af)# redistribute connected metric 2

7

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab16 Solutions: Advanced MPLS II

PE4-RACK1(config-router-af)# redistribute ospf 6 metric 2 match internal
external 1 external 2
PE4-RACK1(config-router-af)# no auto-summary
PE4-RACK1(config-router-af)# no synchronization
PE4-RACK1(config-router-af)# exit-address-family
PE4-RACK1(config-router)# address-family ipv4 vrf green
PE4-RACK1(config-router-af)# redistribute connected metric 2
PE4-RACK1(config-router-af)# neighbor 172.16.30.3 remote-as 57
PE4-RACK1(config-router-af)# neighbor 172.16.30.3 password iem
PE4-RACK1(config-router-af)# neighbor 172.16.30.3 activate
PE4-RACK1(config-router-af)# no auto-summary
PE4-RACK1(config-router-af)# no synchronization

PE4-RACK1(config-router-af)# exit-address-family
ASBR1-RACK1(config)#router bgp 100
ASBR1-RACK1(config-router)# bgp router-id 10.1.1.100
ASBR1-RACK1(config-router)# no bgp default ipv4-unicast
ASBR1-RACK1(config-router)# no bgp default route-target filter
ASBR1-RACK1(config-router)# bgp log-neighbor-changes
ASBR1-RACK1(config-router)# neighbor 10.1.1.1 remote-as 65001
ASBR1-RACK1(config-router)# neighbor 10.1.1.1 ebgp-multihop 2
ASBR1-RACK1(config-router)# neighbor 10.1.1.1 update-source Loopback0
ASBR1-RACK1(config-router)# neighbor 172.16.113.2 remote-as 200
ASBR1-RACK1(config-router)# address-family vpnv4
ASBR1-RACK1(config-router-af)# neighbor 10.1.1.1 activate
ASBR1-RACK1(config-router-af)# neighbor 10.1.1.1 next-hop-self
ASBR1-RACK1(config-router-af)# neighbor 10.1.1.1 send-community extended
ASBR1-RACK1(config-router-af)# neighbor 172.16.113.2 activate
ASBR1-RACK1(config-router-af)# neighbor 172.16.113.2 send-community
extended
ASBR1-RACK1(config-router-af)# exit-address-family
ASBR2-RACK1(config)#router bgp 200
ASBR2-RACK1(config-router)# no bgp default ipv4-unicast
ASBR2-RACK1(config-router)# no bgp default route-target filter
ASBR2-RACK1(config-router)# bgp log-neighbor-changes
ASBR2-RACK1(config-router)# neighbor 10.1.1.4 remote-as 65002
ASBR2-RACK1(config-router)# neighbor 10.1.1.4 ebgp-multihop 2
ASBR2-RACK1(config-router)# neighbor 10.1.1.4 update-source Loopback0
ASBR2-RACK1(config-router)# neighbor 172.16.113.1 remote-as 100
ASBR2-RACK1(config-router)# address-family vpnv4
ASBR2-RACK1(config-router-af)# neighbor 10.1.1.4 activate
ASBR2-RACK1(config-router-af)# neighbor 10.1.1.4 next-hop-self
ASBR2-RACK1(config-router-af)# neighbor 10.1.1.4 send-community extended

ASBR2-RACK1(config-router-af)# neighbor 172.16.113.1 activate
ASBR2-RACK1(config-router-af)# neighbor 172.16.113.1 send-community
extended
ASBR2-RACK1(config-router-af)# exit-address-family

After peering PE1 and ASBR1 you will experience the problem
receiving routes from SP2.

8

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab16 Solutions: Advanced MPLS II

PE1-RACK1#sho ip bgp vpnv4 all summary
BGP router identifier 11.11.11.11, local AS number 65001
BGP table version is 1, main routing table version 1
Neighbor
10.1.1.100
10.1.1.254

V
AS MsgRcvd MsgSent
4

100
109
86
4 65001
164
87

TblVer
0
0

InQ OutQ Up/Down State/PfxRcd
0
0 00:00:05
0
0
0 00:00:18
0

ASBR1-RACK1#sho
Neighbor
10.1.1.1
172.16.113.2

ip bgp vpnv4 all summary
V
AS MsgRcvd MsgSent
4 65001
138
170

4
200
196
244

TblVer
258
258

InQ OutQ Up/Down State/PfxRcd
0
0 00:00:31
0
0
0 00:32:32
19

This will cause the Route Reflector to not reflect any routes from
SP2 because PE1 is rejecting all routes that arrived from SP2. Let’s
debug and verify why this happens.
PE1-RACK1#debug bgp events
BGP events debugging is on
PE1-RACK1#debug ip bgp updates
BGP updates debugging is on
PE1-RACK1#debug ip bgp updates
BGP updates debugging is on
Mar 1 01:00:51.761: BGP(2): 10.1.1.100 rcvd 100:100:7.7.7.0/24 -- DENIED
due to: extended community not supported;
*Mar 1 01:00:51.761: BGP(2): 10.1.1.100 rcvd 100:100:13.1.1.0/24 -DENIED due to: extended community not supported;
*Mar 1 01:00:51.761: BGP(2): 10.1.1.100 rcvd 100:100:38.2.1.0/24 -DENIED due to: extended community not supported;

*Mar 1 01:00:51.761: BGP(2): 10.1.1.100 rcvd 100:100:38.3.1.0/24 -DENIED due to: extended community not supported;
*Mar 1 01:00:51.761: BGP(2): 10.1.1.100 rcvd 100:100:138.1.1.0/24 -DENIED due to: extended community not supported;
*Mar 1 01:00:51.761: BGP(2): 10.1.1.100 rcvd 100:100:153.46.1.0/24 -DENIED due to: extended community not supported;
*Mar 1 01:00:51.761: BGP(2): 10.1.1.100 rcvd 100:100:153.46.2.0/24 -DENIED due to: extended community not supported;
*Mar 1 01:00:51.761: BGP(2): 10.1.1.100 rcvd 100:100:153.46.3.0/24 -DENIED due to: extended community not supported;
*Mar 1 01:00:51.765: BGP(2): 10.1.1.100 rcvd 100:100:153.46.4.0/24 -DENIED due to: extended community not supported;
*Mar 1 01:00:51.765: BGP(2): 10.1.1.100 rcvd 100:100:153.46.100.0/22 -DENIED due to: extended community not supported;
*Mar 1 01:00:51.765: BGP(2): 10.1.1.100 rcvd 100:100:213.112.65.0/24 -DENIED due to: extended community not supported;
*Mar 1 01:00:51.765: BGP(2): 10.1.1.100 rcvd 100:100:213.112.66.0/24 -DENIED due to: extended community not supported;
*Mar 1 01:00:51.765: BGP(2): 10.1.1.100 rcvd 100:100:213.112.67.0/24 -DENIED due to: extended community not supported;
*Mar 1 01:00:51.765: BGP(2): 10.1.1.100 rcvd 100:100:213.112.68.0/24 -DENIED due to: extended community not supported;

9

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab16 Solutions: Advanced MPLS II

*Mar 1 01:00:51.765: BGP(2): 10.1.1.100 rcvd 100:100:213.112.69.0/24 -DENIED due to: extended community not supported;
*Mar 1 01:00:51.765: BGP(2): 10.1.1.100 rcvd 100:100:213.112.70.0/24 -DENIED due to: extended community not supported;

This means PE1 is rejecting all communities because PE1 is not
participating in VPN Green and VPN Solaris. To resolve this issue,
we must disable PE1 behavior from examining communities from

other VPNs.
PE1-RACK1(config-router)#no bgp default route-target filter
PE1-RACK1#sho ip bgp vpnv4 all summary
BGP router identifier 11.11.11.11, local AS number 65001
BGP table version is 1, main routing table version 1
Neighbor
10.1.1.100
10.1.1.254

V
AS MsgRcvd MsgSent
4
100
123
98
4 65001
181
99

TblVer
1
1

InQ OutQ Up/Down State/PfxRcd
0
0 00:05:13
0
0
0 00:05:21
0


PE1-RACK1#clear ip bgp *
*Mar 1 01:06:10.556: BGP: reset all neighbors due to User reset
*Mar 1 01:06:10.556: BGPNSF state: 10.1.1.100 went from nsf_not_active to
nsf_not_active
*Mar 1 01:06:10.556: BGP: 10.1.1.100 went from Established to Idle
*Mar 1 01:06:10.556: BGP: 10.1.1.100 reset due to User reset
*Mar 1 01:06:10.556: %BGP-5-ADJCHANGE: neighbor 10.1.1.100 Down User reset
*Mar 1 01:06:10.556: BGP: 10.1.1.100 closing
*Mar 1 01:06:10.556: BGPNSF state: 10.1.1.254 went from nsf_not_active to
nsf_not_active
*Mar 1 01:06:10.556: BGP: 10.1.1.254 went from Established to Idle
*Mar 1 01:06:10.556: BGP: 10.1.1.254 reset due to User reset
*Mar 1 01:06:10.556: %BGP-5-ADJCHANGE: neighbor 10.1.1.254 Down User reset
*Mar 1 01:06:10.556: BGP: 10.1.1.254 closing
*Mar 1 01:06:10.560: BGPNSF state: 140.100.1.1 went from nsf_not_active to
nsf_not_active
*Mar 1 01:06:10.636: BGP: Performing BGP general scanning
*Mar 1 01:06:10.636: BGP(0): scanning IPv4 Unicast routing tables
*Mar 1 01:06:10.636: BGP(1): scanning IPv6 Unicast routing tables
*Mar 1 01:06:10.636: BGP(2): scanning VPNv4 Unicast routing tables
*Mar 1 01:06:10.636: BGP(3): scanning IPv4 Multicast routing tables
*Mar 1 01:06:45.934: %BGP-5-ADJCHANGE: neighbor 10.1.1.100 Up
*Mar 1 01:06:46.046: BGP(2): 10.1.1.100 rcvd UPDATE w/ attr: nexthop 10.1.1.100,
origin ?, path 100 200 65002, extended community R
T:200:200 OSPF DOMAIN ID:0x0005:0x000000060200 OSPF RT:0.0.0.0:2:0 OSPF ROUTER
ID:172.16.60.4:0
*Mar 1 01:06:46.046: BGP(2): 10.1.1.100 rcvd 200:200:6.6.6.0/24
*Mar 1 01:06:46.046: BGP(2): 10.1.1.100 rcvd 200:200:172.16.60.0/24
*Mar 1 01:06:46.046: BGP(2): 10.1.1.100 rcvd UPDATE w/ attr: nexthop 10.1.1.100,

origin ?, path 100 200 65002, extended community R
T:100:100
*Mar 1 01:06:46.046: BGP(2): 10.1.1.100 rcvd 100:100:172.16.30.0/24
*Mar 1 01:06:46.050: BGP(2): 10.1.1.100 rcvd UPDATE w/ attr: nexthop 10.1.1.100,
origin ?, path 100 200 65002 57, extended communit
y RT:100:100

10

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

*Mar
*Mar
*Mar
*Mar
*Mar
*Mar
*Mar
*Mar
*Mar
*Mar
*Mar
*Mar
*Mar
*Mar
*Mar

*Mar
*Mar

1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1

01:06:46.050:
01:06:46.050:
01:06:46.050:
01:06:46.050:
01:06:46.050:
01:06:46.050:
01:06:46.050:
01:06:46.054:
01:06:46.054:

01:06:46.054:
01:06:46.054:
01:06:46.054:
01:06:46.054:
01:06:46.054:
01:06:46.054:
01:06:46.058:
01:06:55.666:

|

Lab16 Solutions: Advanced MPLS II

BGP(2): 10.1.1.100 rcvd 100:100:7.7.7.0/24
BGP(2): 10.1.1.100 rcvd 100:100:13.1.1.0/24
BGP(2): 10.1.1.100 rcvd 100:100:38.2.1.0/24
BGP(2): 10.1.1.100 rcvd 100:100:38.3.1.0/24
BGP(2): 10.1.1.100 rcvd 100:100:138.1.1.0/24
BGP(2): 10.1.1.100 rcvd 100:100:153.46.1.0/24
BGP(2): 10.1.1.100 rcvd 100:100:153.46.2.0/24
BGP(2): 10.1.1.100 rcvd 100:100:153.46.3.0/24
BGP(2): 10.1.1.100 rcvd 100:100:153.46.4.0/24
BGP(2): 10.1.1.100 rcvd 100:100:153.46.100.0/22
BGP(2): 10.1.1.100 rcvd 100:100:213.112.65.0/24
BGP(2): 10.1.1.100 rcvd 100:100:213.112.66.0/24
BGP(2): 10.1.1.100 rcvd 100:100:213.112.67.0/24
BGP(2): 10.1.1.100 rcvd 100:100:213.112.68.0/24
BGP(2): 10.1.1.100 rcvd 100:100:213.112.69.0/24
BGP(2): 10.1.1.100 rcvd 100:100:213.112.70.0/24
BGP: Import timer expired. Walking from 1 to 1


PE1-RACK1#sho ip bgp vpnv4 all summary
Neighbor
V
AS MsgRcvd MsgSent
10.1.1.100
4
100
130
101
10.1.1.254
4 65001
191
102

TblVer
0
0

InQ OutQ Up/Down State/PfxRcd
0
0 00:00:30
19
0
0 00:00:37
22

CE2-RACK1#ping 6.6.6.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:

!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms
BB3-RACK1#sho ip route bg
8.0.0.0/24 is subnetted, 1 subnets
B
8.8.8.0 [20/0] via 172.16.30.4, 00:01:35
10.0.0.0/24 is subnetted, 2 subnets
B
10.12.1.0 [20/0] via 172.16.30.4, 00:01:35
B
10.82.1.0 [20/0] via 172.16.30.4, 00:01:35

Routes from BB1 are missing. The issue is related to the same
AS57 on each side. The same rule applies even if you use Inter-AS
– Inter-AS will carry over the same AS from SP1 to SP2.
PE4-RACK1(config-router-af)#neighbor 172.16.30.3 as-override
*Mar 1 00:47:53.471: %BGP-5-ADJCHANGE: neighbor 172.16.30.3 vpn vrf
green Down AS-override change

Verify ASBR’s label mapping.
ASBR1-RACK1#sho ip bgp vpnv4 all labels
Network
Next Hop
In label/Out label
Route Distinguisher: 100:100
5.5.5.0/24
10.1.1.1
40/42
7.7.7.0/24
172.16.113.2

84/59

11

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

8.1.1.0/24
10.1.1.1
8.8.8.0/24
10.1.1.1
10.12.1.0/24
10.1.1.1
10.82.1.0/24
10.1.1.1
12.1.1.0/24
10.1.1.1
13.1.1.0/24
172.16.113.2
18.2.1.0/24
10.1.1.1
28.3.1.0/24
10.1.1.1
38.1.1.0/24
10.1.1.1
38.2.1.0/24
172.16.113.2

38.3.1.0/24
172.16.113.2
138.1.1.0/24
172.16.113.2
153.46.1.0/24
172.16.113.2
153.46.2.0/24
172.16.113.2
153.46.3.0/24
172.16.113.2
153.46.4.0/24
172.16.113.2
153.46.100.0/22 172.16.113.2
156.46.1.0/24
10.1.1.1
156.46.2.0/24
10.1.1.1
156.46.3.0/24
10.1.1.1
156.46.4.0/24
10.1.1.1
156.46.100.0/22 10.1.1.1
172.16.30.0/24
172.16.113.2
209.112.65.0
10.1.1.1
209.112.66.0
10.1.1.1
209.112.67.0
10.1.1.1

209.112.68.0
10.1.1.1
209.112.69.0
10.1.1.1
209.112.70.0
10.1.1.1
213.112.65.0
172.16.113.2
213.112.66.0
172.16.113.2
213.112.67.0
172.16.113.2
213.112.68.0
172.16.113.2
213.112.69.0
172.16.113.2
213.112.70.0
172.16.113.2
Route Distinguisher: 200:200
2.2.2.0/24
10.1.1.1
6.6.6.0/24
172.16.113.2
10.23.1.0/24
10.1.1.1
172.16.60.0/24
172.16.113.2

|


Lab16 Solutions: Advanced MPLS II

41/43
30/44
31/45
36/46
42/47
85/60
43/48
44/49
45/50
86/61
87/62
88/63
89/64
90/65
91/66
92/67
93/68
46/51
47/52
48/53
49/54
50/55
22/18
51/56
52/57
81/58
82/59
83/60

37/61
94/69
95/70
96/71
97/72
98/73
99/74
38/62
63/19
39/63
64/20

ASBR2-RACK1#sho ip bgp vpnv4 all labels
Network
Next Hop
In label/Out label
Route Distinguisher: 100:100
5.5.5.0/24
172.16.113.1
43/40
7.7.7.0/24
10.1.1.4
59/36
8.1.1.0/24
172.16.113.1
44/41
8.8.8.0/24
172.16.113.1
37/30
10.12.1.0/24

172.16.113.1
38/31
10.82.1.0/24
172.16.113.1
39/36
12.1.1.0/24
172.16.113.1
45/42
13.1.1.0/24
10.1.1.4
60/37
18.2.1.0/24
172.16.113.1
46/43
28.3.1.0/24
172.16.113.1
47/44

12

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

38.1.1.0/24
172.16.113.1
38.2.1.0/24
10.1.1.4

38.3.1.0/24
10.1.1.4
138.1.1.0/24
10.1.1.4
153.46.1.0/24
10.1.1.4
153.46.2.0/24
10.1.1.4
153.46.3.0/24
10.1.1.4
153.46.4.0/24
10.1.1.4
153.46.100.0/22 10.1.1.4
156.46.1.0/24
172.16.113.1
156.46.2.0/24
172.16.113.1
156.46.3.0/24
172.16.113.1
156.46.4.0/24
172.16.113.1
156.46.100.0/22 172.16.113.1
172.16.30.0/24
10.1.1.4
209.112.65.0
172.16.113.1
209.112.66.0
172.16.113.1
209.112.67.0
172.16.113.1

209.112.68.0
172.16.113.1
209.112.69.0
172.16.113.1
209.112.70.0
172.16.113.1
213.112.65.0
10.1.1.4
213.112.66.0
10.1.1.4
213.112.67.0
10.1.1.4
213.112.68.0
10.1.1.4
213.112.69.0
10.1.1.4
213.112.70.0
10.1.1.4
Route Distinguisher: 200:200
2.2.2.0/24
172.16.113.1
6.6.6.0/24
10.1.1.4
10.23.1.0/24
172.16.113.1
172.16.60.0/24
10.1.1.4

|


Lab16 Solutions: Advanced MPLS II

48/45
61/38
62/39
63/40
64/41
65/42
66/43
67/44
68/45
49/46
50/47
51/48
52/49
53/50
18/27
54/51
55/52
56/81
57/82
58/83
40/37
69/46
70/47
71/48
72/49
73/50
74/51
41/38

19/34
42/39
20/35

BB3-RACK1#sho ip route bg
18.0.0.0/24 is subnetted, 1 subnets
B
18.2.1.0 [20/0] via 172.16.30.4, 00:00:05
38.0.0.0/24 is subnetted, 3 subnets
B
38.1.1.0 [20/0] via 172.16.30.4, 00:00:05
5.0.0.0/24 is subnetted, 1 subnets
B
5.5.5.0 [20/0] via 172.16.30.4, 00:00:05
156.46.0.0/16 is variably subnetted, 5 subnets, 2 masks
B
156.46.2.0/24 [20/0] via 172.16.30.4, 00:00:05
B
156.46.3.0/24 [20/0] via 172.16.30.4, 00:00:05
B
156.46.1.0/24 [20/0] via 172.16.30.4, 00:00:05
B
156.46.4.0/24 [20/0] via 172.16.30.4, 00:00:05
B
156.46.100.0/22 [20/0] via 172.16.30.4, 00:00:05
8.0.0.0/24 is subnetted, 2 subnets
B
8.8.8.0 [20/0] via 172.16.30.4, 00:00:05
B
8.1.1.0 [20/0] via 172.16.30.4, 00:00:05

B
209.112.65.0/24 [20/0] via 172.16.30.4, 00:00:05
B
209.112.66.0/24 [20/0] via 172.16.30.4, 00:00:05
10.0.0.0/24 is subnetted, 2 subnets
B
10.12.1.0 [20/0] via 172.16.30.4, 00:00:05
B
10.82.1.0 [20/0] via 172.16.30.4, 00:00:05

13

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

B
B
B
B
B
B

|

Lab16 Solutions: Advanced MPLS II

209.112.67.0/24 [20/0] via 172.16.30.4, 00:00:05

209.112.68.0/24 [20/0] via 172.16.30.4, 00:00:05
12.0.0.0/24 is subnetted, 1 subnets
12.1.1.0 [20/0] via 172.16.30.4, 00:00:05
209.112.69.0/24 [20/0] via 172.16.30.4, 00:00:05
28.0.0.0/24 is subnetted, 1 subnets
28.3.1.0 [20/0] via 172.16.30.4, 00:00:05
209.112.70.0/24 [20/0] via 172.16.30.4, 00:00:05

BB3-RACK1#ping 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/7/8 ms
ASBR1-RACK1#sho mpls interfaces
Interface
IP
Serial0/0
Yes (ldp)
Serial0/1
Yes (ldp)
Serial0/2
Yes (ldp)

Tunnel
No
No
No

Operational
Yes

Yes
Yes

As you can see, Inter-AS will dynamically bring LDP per interface
using BGP.
ASBR1-RACK1#sho mpls forwarding-table
Local Outgoing
Prefix
Bytes tag
tag
tag or VC
or Tunnel Id
switched
16
40
140.100.2.2/32
0
17
Pop tag
140.100.2.0/24
0
18
34
172.16.30.0/24
0
19
38
172.16.20.0/24
0
20

Pop tag
172.16.12.0/24
0
21
Pop tag
172.16.13.0/24
0
22
18
100:100:172.16.30.0/24
\
1080
23
36
10.1.1.3/32
0
24
Pop tag
10.1.1.1/32
0
25
39
10.1.1.254/32
0
26
35
192.168.2.0/24
0
27
Pop tag

172.16.113.2/32
0
28
16
18.2.2.0/24
0
29
17
3.3.3.0/24
0
30
44
100:100:8.8.8.0/24
\
0
31
45
100:100:10.12.1.0/24
\
0
32
18
38.2.1.0/24
0
33
30
140.100.1.0/24
0
34
19

157.46.3.0/24
0
35
20
157.46.2.0/24
0
36
46
100:100:10.82.1.0/24
\
0

14

Outgoing
interface
Se0/2
Se0/2
Se0/2
Se0/2
Se0/2
Se0/2

Next Hop

Se0/0
Se0/2
Se0/2
Se0/2
Se0/2

Se0/0
Se0/2
Se0/2

point2point
172.16.222.1
172.16.222.1
172.16.222.1
172.16.222.1
point2point
172.16.222.1
172.16.222.1

Se0/2

172.16.222.1

Se0/2
Se0/2
Se0/2
Se0/2
Se0/2

172.16.222.1
172.16.222.1
172.16.222.1
172.16.222.1
172.16.222.1

Se0/2


172.16.222.1

This product is individually licensed.
Copyright® 2005 ieMentor .

172.16.222.1
172.16.222.1
172.16.222.1
172.16.222.1
172.16.222.1
172.16.222.1


ieMentor CCIE™ Service Provider Workbook v1.0

15

37

61

38

62

39

63


40

42

41

43

42

47

43

48

44

49

45

50

46

51

47


52

48

53

49

54

50

55

51

56

52

57

53
54
55
56
57
58
59
60

61
62
63

21
22
23
24
25
26
27
28
29
41
19

64

20

81

58

82

59

83


60

84

59

85

60

|

Lab16 Solutions: Advanced MPLS II

100:100:209.112.70.0/24
\
0
200:200:2.2.2.0/24
\
0
200:200:10.23.1.0/24
\
540
100:100:5.5.5.0/24
\
540
100:100:8.1.1.0/24
\
0
100:100:12.1.1.0/24

\
0
100:100:18.2.1.0/24
\
0
100:100:28.3.1.0/24
\
0
100:100:38.1.1.0/24
\
0
100:100:156.46.1.0/24
\
0
100:100:156.46.2.0/24
\
0
100:100:156.46.3.0/24
\
0
100:100:156.46.4.0/24
\
0
100:100:156.46.100.0/22
\
0
100:100:209.112.65.0/24
\
0
100:100:209.112.66.0/24

\
0
157.46.1.0/24
0
157.46.4.0/22
0
8.2.1.0/24
0
210.112.4.0/24
0
210.112.3.0/24
0
12.2.1.0/24
0
210.112.2.0/24
0
28.3.2.0/24
0
210.112.1.0/24
0
10.1.1.2/32
0
200:200:6.6.6.0/24
\
1620
200:200:172.16.60.0/24
\
1080
100:100:209.112.67.0/24
\

0
100:100:209.112.68.0/24
\
0
100:100:209.112.69.0/24
\
0
100:100:7.7.7.0/24
\
0
100:100:13.1.1.0/24
\

Se0/2

172.16.222.1

Se0/2

172.16.222.1

Se0/2

172.16.222.1

Se0/2

172.16.222.1

Se0/2


172.16.222.1

Se0/2

172.16.222.1

Se0/2

172.16.222.1

Se0/2

172.16.222.1

Se0/2

172.16.222.1

Se0/2

172.16.222.1

Se0/2

172.16.222.1

Se0/2

172.16.222.1


Se0/2

172.16.222.1

Se0/2

172.16.222.1

Se0/2

172.16.222.1

Se0/2
Se0/2
Se0/2
Se0/2
Se0/2
Se0/2
Se0/2
Se0/2
Se0/2
Se0/2
Se0/2

172.16.222.1
172.16.222.1
172.16.222.1
172.16.222.1
172.16.222.1

172.16.222.1
172.16.222.1
172.16.222.1
172.16.222.1
172.16.222.1
172.16.222.1

Se0/0

point2point

Se0/0

point2point

Se0/2

172.16.222.1

Se0/2

172.16.222.1

Se0/2

172.16.222.1

Se0/0

point2point


This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

86

61

87

62

88

63

89

64

90

65

91

66


92

67

93

68

94

69

95

70

96

71

97

72

98

73

99


74

|

Lab16 Solutions: Advanced MPLS II

0
100:100:38.2.1.0/24
\
0
100:100:38.3.1.0/24
\
0
100:100:138.1.1.0/24
\
0
100:100:153.46.1.0/24
\
0
100:100:153.46.2.0/24
\
0
100:100:153.46.3.0/24
\
0
100:100:153.46.4.0/24
\
0
100:100:153.46.100.0/22

0
100:100:213.112.65.0/24
0
100:100:213.112.66.0/24
0
100:100:213.112.67.0/24
0
100:100:213.112.68.0/24
0
100:100:213.112.69.0/24
0
100:100:213.112.70.0/24
0

Se0/0

point2point

Se0/0

point2point

Se0/0

point2point

Se0/0

point2point


Se0/0

point2point

Se0/0

point2point

Se0/0

point2point

Se0/0

point2point

Se0/0

point2point

Se0/0

point2point

Se0/0

point2point

Se0/0


point2point

Se0/0

point2point

Se0/0

point2point

Se0/0

point2point

\
\
\
\
\
\
\

Task 16.10:
♦ Configure CsC on CE8 for SP1 to run over OSPF in area 0.
♦ Configure Csc on CE1 for SP2 to run over OSPF in area 0.
♦ Configure appropriate Loopbacks to meet the CsC requirements.
♦ Configure PE2 in 65001.
♦ Configure PE3 in 65001.
♦ Inject OSPF from CsC CEs in to CsC BGP 65001 cloud.
♦ Verify that CE8 is able to ping the CE2 Loopback and vise-versa.

♦ Prepare CsC-PE2 to CsC-CE8 and CsC-PE3 to CsC-CE2 to
support MPLS/VPN over the CsC cloud.

16

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab16 Solutions: Advanced MPLS II

Make sure to utilize the /32 Loopbacks. Otherwise, the solution will
not work.
hostname CE8-RACK1
!
ip cef
no ip domain lookup
mpls label protocol ldp
!
interface Loopback0
ip address 8.8.8.8 255.255.255.255
!
interface Loopback1
ip address 88.88.88.1 255.255.255.252
!
interface FastEthernet0/0

description to PE2 - VLAN 82
ip address 10.82.1.1 255.255.255.0
speed 100
full-duplex
tag-switching ip
!
interface FastEthernet0/1
description to BB3 Back-To-Back Backup Link
ip address 192.168.100.8 255.255.255.0
speed 100
full-duplex
!
router ospf 200
log-adjacency-changes detail
redistribute connected subnets
network 10.82.1.0 0.0.0.255 area 0
CE8-RACK1#sho ip ospf neighbor
Neighbor ID
12.12.12.12

Pri
1

State
FULL/BDR

CE8-RACK1#sho mpls interfaces
Interface
IP
FastEthernet0/0

Yes (ldp)

Dead Time
00:00:30

Tunnel
No

CE8-RACK1# sho mpls forwarding-table
Local Outgoing
Prefix
tag
tag or VC
or Tunnel Id
16
36
12.12.12.12/32
17
32
10.23.1.0/24
18
33
11.11.11.11/32
19
31
2.2.2.2/32

Address
10.82.1.2


Operational
Yes

Bytes tag
switched
0
0
0
0

Outgoing
interface
Fa0/0
Fa0/0
Fa0/0
Fa0/0

CE8-RACK1#sho mpls ldp discovery detail
Local LDP Identifier:

17

Interface
FastEthernet0/0

This product is individually licensed.
Copyright® 2005 ieMentor .

Next Hop
10.82.1.2

10.82.1.2
10.82.1.2
10.82.1.2


ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab16 Solutions: Advanced MPLS II

88.88.88.1:0
Discovery Sources:
Interfaces:
FastEthernet0/0 (ldp): xmit/recv
Hello interval: 5000 ms; Transport IP addr: 88.88.88.1
LDP Id: 12.12.12.12:0
Src IP addr: 10.82.1.2; Transport IP addr: 12.12.12.12
Hold time: 15 sec; Proposed local/peer: 15/15 sec
Reachable via 12.12.12.12/32
hostname PE2-RACK1
ip cef
no ip domain lookup
ip vrf vpn1
rd 100:0
route-target export 100:0
route-target import 100:0
!
mpls label protocol ldp
mpls ldp loop-detection

tag-switching tdp router-id Loopback0
!
interface Loopback0
ip address 10.1.1.2 255.255.255.255
ip pim sparse-dense-mode
!
interface Loopback19
ip vrf forwarding vpn1
ip address 12.12.12.12 255.255.255.255
!
interface Loopback22
description BGP Loopback
ip address 22.22.22.22 255.255.255.0
!
interface Ethernet0/0
no ip address
half-duplex
!
interface Ethernet0/0.20
description to RR - VLAN 20
encapsulation dot1Q 20
ip address 172.16.20.2 255.255.255.0
ip router isis
shutdown
no snmp trap link-status
isis circuit-type level-1
!
interface Ethernet0/0.21
description to PE1 - VLAN 21
encapsulation dot1Q 21

ip address 172.16.12.2 255.255.255.0
ip router isis
ip pim sparse-dense-mode

18

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab16 Solutions: Advanced MPLS II

shutdown
no snmp trap link-status
isis circuit-type level-1
isis network point-to-point
isis csnp-interval 10
!
interface Ethernet0/0.82
description to CE8 -VLAN 82 VPN Green Site 2
encapsulation dot1Q 82
ip vrf forwarding vpn1
ip address 10.82.1.2 255.255.255.0
mpls label protocol ldp
tag-switching ip
no snmp trap link-status

!
interface Ethernet0/0.123
description to PE3 - VLAN 123
encapsulation dot1Q 123
ip address 172.16.123.2 255.255.255.0
ip router isis
mpls label protocol ldp
tag-switching ip
no snmp trap link-status
isis circuit-type level-2-only
!
interface Ethernet0/0.200
!
interface Ethernet0/1
description to BB1-RACK1
ip address 10.12.1.2 255.255.255.0
ip policy route-map unicast-routes
full-duplex
!
router ospf 200 vrf vpn1
log-adjacency-changes detail
redistribute bgp 100 metric-type 1 subnets
network 10.82.1.0 0.0.0.255 area 0
network 12.12.12.12 0.0.0.0 area 0
!
router isis
net 48.0000.0001.0001.00
area-password iementor
log-adjacency-changes all
redistribute isis ip level-2 into level-1 distribute-list 100

passive-interface Loopback0
!
router bgp 100
bgp log-neighbor-changes
neighbor 172.16.123.3 remote-as 100
!
address-family ipv4
neighbor 172.16.123.3 activate
neighbor 172.16.123.3 send-community extended
no auto-summary
no synchronization

19

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab16 Solutions: Advanced MPLS II

exit-address-family
!
address-family vpnv4
neighbor 172.16.123.3 activate
neighbor 172.16.123.3 send-community extended
exit-address-family

!
address-family ipv4 vrf vpn1
redistribute connected
redistribute ospf 200 match internal external 1 external 2
no auto-summary
no synchronization
exit-address-family
PE2-RACK1#sho ip ospf neighbor
Neighbor ID
88.88.88.1

Pri
1

State
FULL/DR

Dead Time
00:00:33

Address
10.82.1.1

Interface
Ethernet0/0.82

PE2-RACK1#sho mpls ldp discovery vrf vpn1 detail
Local LDP Identifier:
12.12.12.12:0
Discovery Sources:

Interfaces:
Ethernet0/0.82 (ldp): xmit/recv
Hello interval: 5000 ms; Transport IP addr: 12.12.12.12
LDP Id: 88.88.88.1:0; no host route to transport addr
Src IP addr: 10.82.1.1; Transport IP addr: 88.88.88.1
Hold time: 15 sec; Proposed local/peer: 15/15 sec
Reachable via 88.88.88.0/30
PE2-RACK1#sho mpls ldp discovery
Local LDP Identifier:
10.1.1.2:0
Discovery Sources:
Interfaces:
Ethernet0/0.123 (ldp): xmit/recv
LDP Id: 10.1.1.3:0
PE2-RACK1#sho mpls interfaces
Interface
IP
Ethernet0/0.123
Yes (ldp)

Tunnel
No

Operational
Yes

PE2-RACK1#sho mpls interfaces vrf vpn1 de
VRF vpn1:
Interface Ethernet0/0.82:
IP labeling enabled (ldp)

LSP Tunnel labeling not enabled
BGP tagging not enabled
Tagging operational
Fast Switching Vectors:

20

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab16 Solutions: Advanced MPLS II

IP to MPLS Fast Feature Switching Vector
MPLS Feature Vector
MTU = 1500
PE2-RACK1#sho mpls
Local Outgoing
tag
tag or VC
19
Pop tag
31
16
32
17

33
19
34
Pop tag
35
Aggregate
36
Aggregate
37
Pop tag
38
Pop tag

forwarding-table
Prefix
Bytes tag
or Tunnel Id
switched
10.1.1.3/32
0
2.2.2.2/32[V]
5816
10.23.1.0/24[V]
610
11.11.11.11/32[V] 0
8.8.8.8/32[V]
590
10.82.1.0/24[V]
7532
12.12.12.12/32[V] 4252

88.88.88.0/30[V] 0
192.168.100.0/24[V]
\
0

Outgoing
interface
Et0/0.123
Et0/0.123
Et0/0.123
Et0/0.123
Et0/0.82

Next Hop

Et0/0.82

10.82.1.1

Et0/0.82

10.82.1.1

172.16.123.3
172.16.123.3
172.16.123.3
172.16.123.3
10.82.1.1

PE2-RACK1#sho ip bgp vpnv4 all summary

BGP router identifier 22.22.22.22, local AS number 100
BGP table version is 17, main routing table version 17
8 network entries using 968 bytes of memory
8 path entries using 512 bytes of memory
4 BGP path attribute entries using 240 bytes of memory
4 BGP extended community entries using 160 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1880 total bytes of memory
BGP activity 21/13 prefixes, 22/14 paths, scan interval 15 secs
Neighbor
172.16.123.3

V
4

AS MsgRcvd MsgSent
100
108
111

TblVer
17

InQ OutQ Up/Down State/PfxRcd
0
0 00:33:49
3

PE2-RACK1#sho ip route vrf vpn1

Routing Table: vpn1
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
level-2
ia - IS-IS inter area, * - candidate default, U - per-user static
route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
2.2.2.2 [200/20] via 172.16.123.3, 00:33:44
8.0.0.0/32 is subnetted, 1 subnets
O E2
8.8.8.8 [110/20] via 10.82.1.1, 00:36:07, Ethernet0/0.82
10.0.0.0/24 is subnetted, 2 subnets
B
10.23.1.0 [200/0] via 172.16.123.3, 00:33:44
B

21

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

|


Lab16 Solutions: Advanced MPLS II

C

10.82.1.0 is directly connected, Ethernet0/0.82
11.0.0.0/32 is subnetted, 1 subnets
B
11.11.11.11 [200/0] via 172.16.123.3, 00:33:44
12.0.0.0/32 is subnetted, 1 subnets
C
12.12.12.12 is directly connected, Loopback19
88.0.0.0/30 is subnetted, 1 subnets
O E2
88.88.88.0 [110/20] via 10.82.1.1, 00:37:54, Ethernet0/0.82
O E2 192.168.100.0/24 [110/20] via 10.82.1.1, 00:37:54, Ethernet0/0.82
PE2-RACK1#sho ip bgp vpnv4 vrf vpn1
BGP table version is 17, local router ID is 22.22.22.22
Status codes: s suppressed, d damped, h history, * valid, > best, i internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight Path
Route Distinguisher: 100:0 (default for vrf vpn1)
*>i2.2.2.2/32
172.16.123.3
20
100
0 ?

*> 8.8.8.8/32
10.82.1.1
20
32768 ?
*>i10.23.1.0/24
172.16.123.3
0
100
0 ?
*> 10.82.1.0/24
0.0.0.0
0
32768 ?
*>i11.11.11.11/32
172.16.123.3
0
100
0 ?
*> 12.12.12.12/32
0.0.0.0
0
32768 ?
*> 88.88.88.0/30
10.82.1.1
20
32768 ?
*> 192.168.100.0
10.82.1.1
20
32768 ?

PE2-RACK1#sho ip bgp vpnv4 vrf vpn1 labels
Network
Next Hop
In label/Out label
Route Distinguisher: 100:0 (vpn1)
2.2.2.2/32
172.16.123.3
31/16
8.8.8.8/32
10.82.1.1
34/nolabel
10.23.1.0/24
172.16.123.3
32/17
10.82.1.0/24
0.0.0.0
35/aggregate(vpn1)
11.11.11.11/32
172.16.123.3
33/19
12.12.12.12/32
0.0.0.0
36/aggregate(vpn1)
88.88.88.0/30
10.82.1.1
37/nolabel
192.168.100.0
10.82.1.1
38/nolabel
hostname PE3-RACK1

!
ip cef
no ip domain lookup
ip vrf vpn1
rd 100:0
route-target export 100:0
route-target import 100:0
!
mpls label protocol ldp
mpls ldp loop-detection
tag-switching tdp router-id Loopback0
!
interface Loopback0

22

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab16 Solutions: Advanced MPLS II

ip address 10.1.1.3 255.255.255.255
ip ospf network point-to-point
!
interface Loopback11

ip vrf forwarding vpn1
ip address 11.11.11.11 255.255.255.255
!
interface Loopback33
description BGP Loopback
ip address 33.33.33.33 255.255.255.0
!
interface Ethernet0/0
no ip address
half-duplex
!
interface Ethernet0/0.13
description to CE1 - VLAN 13
encapsulation dot1Q 13
ip address 10.13.1.3 255.255.255.0
no snmp trap link-status
!
interface Ethernet0/0.23
description to CE2 - VLAN 23
encapsulation dot1Q 23
ip vrf forwarding vpn1
ip address 10.23.1.3 255.255.255.0
tag-switching ip
no snmp trap link-status
!
interface Ethernet0/0.30
description to RR - VLAN 30
encapsulation dot1Q 30
ip address 172.16.30.3 255.255.255.0
ip router isis

shutdown
no snmp trap link-status
isis circuit-type level-1
!
interface Ethernet0/0.31
description to PE1 - VLAN 31
encapsulation dot1Q 31
ip address 172.16.13.3 255.255.255.0
ip router isis
shutdown
tag-switching ip
no snmp trap link-status
isis circuit-type level-1
isis network point-to-point
isis csnp-interval 10
!
interface Ethernet0/0.123
description to PE2 - VLAN 123
encapsulation dot1Q 123
ip address 172.16.123.3 255.255.255.0
ip router isis

23

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0


|

Lab16 Solutions: Advanced MPLS II

tag-switching ip
no snmp trap link-status
isis circuit-type level-2-only
!
interface Ethernet0/1
no ip address
half-duplex
!
router ospf 200 vrf vpn1
log-adjacency-changes detail
redistribute bgp 100 metric-type 1 subnets
network 10.23.1.0 0.0.0.255 area 0
network 11.11.11.11 0.0.0.0 area 0
!
router isis
net 48.0000.0003.0003.00
area-password iementor
log-adjacency-changes all
redistribute isis ip level-2 into level-1 distribute-list 100
passive-interface Loopback0
!
router bgp 100
bgp log-neighbor-changes
neighbor 172.16.123.2 remote-as 100
!
address-family ipv4

neighbor 172.16.123.2 activate
neighbor 172.16.123.2 send-community extended
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 172.16.123.2 activate
neighbor 172.16.123.2 send-community extended
exit-address-family
!
address-family ipv4 vrf vpn1
redistribute ospf 200 match internal external 1 external 2
no auto-summary
no synchronization
exit-address-family
!
access-list 100 permit ip any any log
PE3-RACK1#sho ip ospf neighbor
Neighbor ID
Pri
State
Dead Time
Interface
2.2.2.2
1
FULL/BDR
00:00:33
Ethernet0/0.23
PE3-RACK1#sho mpls ldp discovery vrf vpn1 detail

Local LDP Identifier:
11.11.11.11:0

24

Address
10.23.1.1

This product is individually licensed.
Copyright® 2005 ieMentor .


ieMentor CCIE™ Service Provider Workbook v1.0

|

Lab16 Solutions: Advanced MPLS II

Discovery Sources:
Interfaces:
Ethernet0/0.23 (ldp): xmit/recv
Hello interval: 5000 ms; Transport IP addr: 11.11.11.11
LDP Id: 2.2.2.2:0
Src IP addr: 10.23.1.1; Transport IP addr: 2.2.2.2
Hold time: 15 sec; Proposed local/peer: 15/15 sec
Reachable via 2.2.2.2/32
PE3-RACK1#sho mpls ldp discovery
Local LDP Identifier:
10.1.1.3:0
Discovery Sources:

Interfaces:
Ethernet0/0.123 (ldp): xmit/recv
LDP Id: 10.1.1.2:0
PE3-RACK1#show mpls interfaces vrf vpn1 de
VRF vpn1:
Interface Ethernet0/0.23:
IP labeling enabled (ldp)
LSP Tunnel labeling not enabled
BGP tagging not enabled
Tagging operational
Fast Switching Vectors:
IP to MPLS Fast Feature Switching Vector
MPLS Feature Vector
MTU = 1500
PE3-RACK1#sho mpls
Local Outgoing
tag
tag or VC
16
Pop tag
17
Aggregate
19
Aggregate
20
Pop tag
31
34
32
35

33
36
34
37
35
38

forwarding-table
Prefix
Bytes tag
or Tunnel Id
switched
2.2.2.2/32[V]
7065
10.23.1.0/24[V]
520
11.11.11.11/32[V] 15969
10.1.1.2/32
0
8.8.8.8/32[V]
610
10.82.1.0/24[V]
9134
12.12.12.12/32[V] 0
88.88.88.0/30[V] 0
192.168.100.0/24[V]
\
0

PE3-RACK1#sho ip bgp vpnv4 all summary

Neighbor
V
AS MsgRcvd MsgSent
172.16.123.2
4
100
115
112

TblVer
50

Outgoing
interface
Et0/0.23

Next Hop

Et0/0.123
Et0/0.123
Et0/0.123
Et0/0.123
Et0/0.123

172.16.123.2
172.16.123.2
172.16.123.2
172.16.123.2
172.16.123.2


Et0/0.123

172.16.123.2

10.23.1.1

InQ OutQ Up/Down State/PfxRcd
0
0 00:37:45
5

PE3-RACK1#sho ip route vrf vpn1
Routing Table: vpn1
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

25

This product is individually licensed.
Copyright® 2005 ieMentor .


Tài liệu liên quan

Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay
×