IOS Configurations - IPFlow Netflow Collector
IPv6 configurations:
VPN configurations:
Misc:
see also:
Retrieved from "http://www.ipflow.utc.fr/index.php/IOS_Configurations"
MPLS/VPN with NAT-PE - IPFlow Netflow Collector
MPLS/VPN with NAT-PE Example
This is a simple example of MPLS/VPN configuration with NAT-PE for Internet access on Cisco routers (using Dynamips and GNS3).
Author: Christophe Fillot - 07-Nov-2007
Table of contents [showhide]
3 Dynamips/Dynagen/GNS3 configuration
[edit]
[edit]
[edit]
You can use this configuration file (http://www.ipflow.utc.fr/configs/NAT_PE/nat_pe.net) directly with Dynagen or GNS3. Change the working directory and Cisco IOS image path to match your needs.
[edit]
PE-NAT provides Internet access (represented by a single router) with NAT for 3 VPNs. P, PE1, PE2 have a classical MPLS/VPN configuration.
[edit]
"ip nat inside" is configured on the mpls core interface:
PE-NAT#sh run int fa 0/0
interface FastEthernet0/0
description To P
ip address 10.0.0.2 255.255.255.252
ip nat inside
ip virtual-reassembly
duplex half
mpls ip
end
"ip nat outside" is configured on the "Internet" interface:
PE-NAT#sh run int fa 1/0
interface FastEthernet1/0
description To Internet
ip address 123.0.0.1 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex half
end
Configuration for VRF "VPN1":
ip route vrf VPN1 0.0.0.0 0.0.0.0 FastEthernet1/0 123.0.0.2 global
ip nat pool VPN1_POOL 123.1.0.0 123.1.0.255 prefix-length 24
ip nat inside source list 1 pool VPN1_POOL vrf VPN1 overload
access-list 1 permit 100.10.0.0 0.0.255.255
The default route is required to send packets through the Internet interface, even if it is not in VRF.
The default route is propagated to the other PE with "default-information originate" in BGP:
router bgp 65000
[...]
address-family ipv4 vrf VPN1
redistribute connected
redistribute static
default-information originate
no synchronization
exit-address-family
[...]
!
[edit]
200.0.0.1 is a Loopback address configured on "Internet" router to simulate a server on Internet.
PE2#ping vrf VPN1 200.0.0.1 repeat 10
Type escape sequence to abort.
Sending 10, 100-byte ICMP Echos to 200.0.0.1, timeout is 2 seconds:
!!!!!!!!!!
Success rate is 100 percent (10/10), round-trip min/avg/max = 8/24/64 ms
PE2#ping vrf VPN2 200.0.0.1 repeat 10
Type escape sequence to abort.
Sending 10, 100-byte ICMP Echos to 200.0.0.1, timeout is 2 seconds:
!!!!!!!!!!
Success rate is 100 percent (10/10), round-trip min/avg/max = 12/28/56 ms
PE2#ping vrf VPN3 200.0.0.1 repeat 10
Type escape sequence to abort.
Sending 10, 100-byte ICMP Echos to 200.0.0.1, timeout is 2 seconds:
!!!!!!!!!!
Success rate is 100 percent (10/10), round-trip min/avg/max = 8/34/64 ms
You can examine the translations entries:
PE-NAT#sh ip nat trans
Pro Inside global Inside local Outside local Outside global
icmp 123.1.0.1:84 100.10.0.2:84 200.0.0.1:84 200.0.0.1:84
icmp 123.2.0.1:85 100.20.0.2:85 200.0.0.1:85 200.0.0.1:85
icmp 123.3.0.1:86 100.30.0.2:86 200.0.0.1:86 200.0.0.1:86
You can also display only the entries specific to a given VRF:
PE-NAT#sh ip nat trans vrf VPN1
Pro Inside global Inside local Outside local Outside global
icmp 123.1.0.1:84 100.10.0.2:84 200.0.0.1:84 200.0.0.1:84
MPLS VPN Inter-AS - IPFlow Netflow Collector
Inter-AS MPLS VPN Configuration Example
This is a simple example of Inter-AS MPLS VPN configuration on Cisco routers (using Dynamips and GNS3).
Author: Christophe Fillot - 06-Nov-2007
Table of contents [showhide]
3 Dynamips/Dynagen/GNS3 configuration
[edit]
[edit]
[edit]
You can use this configuration file (http://www.ipflow.utc.fr/configs/MPLS_VPN_IAS/mpls_vpn_ias.net) directly with Dynagen or GNS3. Change the working directory and Cisco IOS image path to match your needs.
[edit]
We want to exchange MPLS/VPN routes between two different Autonomous Systems (AS): P1, PE1 and ASBR1 are in AS #100, while P2, PE2 and ASBR2 are in AS #200.
There is nothing specific in the configurations of P1, P2, PE1 and PE2 (classical MPLS/VPN), and VPNv4 eBGP will be used between ASBR1 and ASBR2.
[edit]
The configuration of ASBR1 and ASBR2 interfaces is as follows (note that LDP is not enabled):
ASBR1#sh run int fa 0/0
interface FastEthernet0/0
description To ASBR2
ip address 123.0.0.1 255.255.255.252
!
ASBR2#sh run int fa 0/0
interface FastEthernet0/0
description To ASBR1
ip address 123.0.0.2 255.255.255.252
!
A MP-eBGP session is established between ASBR1 and ASBR2:
ASBR1#sh run | begin ^router bgp
router bgp 100
no bgp default ipv4-unicast
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 10.10.0.1 remote-as 100
neighbor 10.10.0.1 update-source Loopback0
neighbor 123.0.0.2 remote-as 200
!
address-family vpnv4
neighbor 10.10.0.1 activate
neighbor 10.10.0.1 send-community extended
neighbor 123.0.0.2 activate
neighbor 123.0.0.2 send-community both
exit-address-family
!
The "no bgp default route-target filter" command prevents the BGP process to filter routes which are not imported locally with the route-targets.
Note: make sure that the PE routers (here, PE1 and PE2) can reach the ASBR routers (here, 123.0.0.0/30 subnet).
[edit]
MPLS prefixes learnt through BGP:
ASBR1#sh ip bgp vpnv4 all
BGP table version is 7, local router ID is 10.10.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1
*>i100.1.0.1/32 10.10.0.1 0 100 0 ?
*> 200.1.0.1/32 123.0.0.2 0 200 ?
Route Distinguisher: 100:2
*>i100.2.0.1/32 10.10.0.1 0 100 0 ?
*> 200.2.0.1/32 123.0.0.2 0 200 ?
Route Distinguisher: 100:3
*>i100.3.0.1/32 10.10.0.1 0 100 0 ?
*> 200.3.0.1/32 123.0.0.2 0 200 ?
MPLS labels learnt with BGP:
ASBR1#sh ip bgp vpnv4 all labels
Network Next Hop In label/Out label
Route Distinguisher: 100:1
100.1.0.1/32 10.10.0.1 26/18
200.1.0.1/32 123.0.0.2 nolabel/26
Route Distinguisher: 100:2
100.2.0.1/32 10.10.0.1 27/19
200.2.0.1/32 123.0.0.2 nolabel/27
Route Distinguisher: 100:3
100.3.0.1/32 10.10.0.1 28/20
200.3.0.1/32 123.0.0.2 nolabel/28
MPLS LFIB:
ASBR1#sh mpls for
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 16 10.10.0.1/32 0 Fa1/0 10.1.1.1
17 Pop tag 10.10.0.0/32 0 Fa1/0 10.1.1.1
18 Pop tag 10.1.0.0/30 0 Fa1/0 10.1.1.1
22 Pop tag 123.0.0.2/32 2738 Fa0/0 123.0.0.2
26 18 100:1:100.1.0.1/32 \
5554 Fa1/0 10.1.1.1
27 19 100:2:100.2.0.1/32 \
0 Fa1/0 10.1.1.1
28 20 100:3:100.3.0.1/32 \
0 Fa1/0 10.1.1.1
ASBR2#sh mpls for
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 16 10.20.0.1/32 0 Fa1/0 10.2.1.1
17 Pop tag 10.20.0.0/32 0 Fa1/0 10.2.1.1
18 Pop tag 10.2.0.0/30 0 Fa1/0 10.2.1.1
22 Pop tag 123.0.0.1/32 7838 Fa0/0 123.0.0.1
26 18 100:1:200.1.0.1/32 \
3658 Fa1/0 10.2.1.1
27 19 100:2:200.2.0.1/32 \
1524 Fa1/0 10.2.1.1
28 20 100:3:200.3.0.1/32 \
0 Fa1/0 10.2.1.1
[edit]
We run a traceroute in VRF VPN1 from PE1 (100.1.0.1) to PE2 (200.1.0.1):
PE1#trace vrf VPN1 200.1.0.1
Type escape sequence to abort.
Tracing the route to 200.1.0.1
1 10.1.0.1 [MPLS: Labels 18/26 Exp 0] 72 msec 60 msec 28 msec
2 10.1.1.2 [MPLS: Labels 22/26 Exp 0] 28 msec 60 msec 68 msec
3 123.0.0.2 [MPLS: Label 26 Exp 0] 28 msec 32 msec 28 msec
4 10.2.1.1 [MPLS: Labels 16/18 Exp 0] 28 msec 20 msec 32 msec
5 200.1.0.1 28 msec * 16 msec
As we can see with CEF commands, two labels are used by PE1 to reach PE2/200.1.0.1: {18 26}
PE1#sh ip cef vrf VPN1 200.1.0.1
200.1.0.1/32, version 8, epoch 0, cached adjacency 10.1.0.1
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Fa0/0, 10.1.0.1, tags imposed: {18 26}
via 123.0.0.2, 0 dependencies, recursive
next hop 10.1.0.1, FastEthernet0/0 via 123.0.0.2/32
valid cached adjacency
tag rewrite with Fa0/0, 10.1.0.1, tags imposed: {18 26}
Label {18} corresponds to 123.0.0.2 (ASBR2), and {26} is the VPN label chosen by ASBR2 for this route.
If we examine ASBR2 label table for label {26}, we have:
ASBR2#sh mpls for label 26 detail
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
26 18 100:1:200.1.0.1/32 \
3658 Fa1/0 10.2.1.1
MAC/Encaps=14/22, MRU=1496, Tag Stack{16 18}
CA030C27001CCA010C22001C8847 0001000000012000
No output feature configured
We can see that label {26} is removed and replaced by labels {16 18}: {16} corresponds to PE2, while {18} is the VPN label chosen by PE2.
Retrieved from "http://www.ipflow.utc.fr/index.php/MPLS_VPN_Inter-AS"
MPLS ATOM - IPFlow Netflow Collector
MPLS ATOM (Any Transport Over MPLS) Example
This is a simple example of MPLS ATOM configuration on Cisco routers (using Dynamips and GNS3).
Author: Christophe Fillot - 02-Nov-2007
Table of contents [showhide]
7 Dynamips/Dynagen/GNS3 configuration
[edit]
[edit]
A customer wants to establish an HDLC link between two of its routers (CE1 and CE2), through a MPLS backbone (P,PE1 and PE2).
[edit]
This is very simple (the VC ID 100 is used in this example):
On PE1:
interface Serial1/0
description To CE1
no ip address
serial restart-delay 0
xconnect 10.10.0.2 100 encapsulation mpls ! 10.10.0.2 = Lo0 of PE2
!
On PE2:
interface Serial1/0
description To CE2
no ip address
serial restart-delay 0
xconnect 10.10.0.1 100 encapsulation mpls ! 10.10.0.1 = Lo0 of PE1
!
[edit]
IOS configurations for Provider routers:
IOS configurations for Customer routers:
[edit]
PE1#sh mpls l2 vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
Se1/0 HDLC 10.10.0.2 100 UP
PE1#sh mpls l2 vc de
Local interface: Se1/0 up, line protocol up, HDLC up
Destination address: 10.10.0.2, VC ID: 100, VC status: up
Next hop: 10.0.1.1
Output interface: Fa0/0, imposed label stack {16 19}
Create time: 00:24:08, last status change time: 00:24:04
Signaling protocol: LDP, peer 10.10.0.2:0 up
MPLS VC labels: local 19, remote 19
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description: To CE2
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 198, send 197
byte totals: receive 16121, send 15456
packet drops: receive 0, seq error 0, send 0
[edit]
The PCAP captures show how the packets are sent on the HDLC link and how they are transmitted on the MPLS core:
Here are the screenshots from Wireshark:
As you can see, Wireshark is not able to recognize that the packets contain encapsulated HDLC frames after the MPLS label stack. The MPLS labels are {16 19} (as shown with "show mpls l2 vc detail"). The first label (16) corresponds to PE2 loopback (10.10.0.2), and the second label to the L2VPN itself (from PE2 point-of-view).
[edit]
You can use this configuration file (http://www.ipflow.utc.fr/configs/MPLS_ATOM/mpls_atom.net) directly with Dynagen or GNS3. Change the working directory and Cisco IOS image path to match your needs.
Retrieved from "http://www.ipflow.utc.fr/index.php/MPLS_ATOM"
MPLS MVPN - IPFlow Netflow Collector
MPLS Multicast VPN Example
This is a simple example of MPLS Multicast VPN configuration on Cisco routers (using Dynamips and GNS3).
Author: Christophe Fillot - 03-Nov-2007
Table of contents
7 Dynamips/Dynagen/GNS3 configuration
[edit]
[edit]
This scenario explains how to deploy Multicast in MPLS/VPNs.
[edit]
Typical configuration:
ip vrf VPN1
rd 100:1
route-target export 100:1
route-target import 100:1
mdt default 239.232.0.1
mdt data 239.232.1.0 0.0.0.255 threshold 1
!
ip multicast-routing vrf VPN1
!
ip pim ssm range 1
access-list 1 permit 239.232.0.0 0.0.255.255
!
[edit]
IOS configurations for P and PE routers:
IOS configurations for CE routers:
[edit]
PE3#sh ip pim mdt
* implies group is the MDT default group
MDT Group Interface Source VRF
* 239.232.0.1 Tunnel0 Loopback0 VPN1
* 239.232.0.2 Tunnel1 Loopback0 VPN2
* 239.232.0.3 Tunnel2 Loopback0 VPN3
PE3#sh ip pim mdt bgp
Peer (Route Distinguisher + IPv4) Next Hop
MDT group 239.232.0.3
2:300:1:10.10.0.1 10.10.0.1
2:300:1:10.10.0.2 10.10.0.2
2:300:1:10.10.0.4 10.10.0.4
MDT group 239.232.0.2
2:200:1:10.10.0.1 10.10.0.1
2:200:1:10.10.0.2 10.10.0.2
2:200:1:10.10.0.4 10.10.0.4
MDT group 239.232.0.1
2:100:1:10.10.0.1 10.10.0.1
2:100:1:10.10.0.2 10.10.0.2
2:100:1:10.10.0.4 10.10.0.4
Global multicast routing table:
PE3#sh ip mro
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(10.10.0.3, 239.232.1.0), 00:04:36/00:02:48, flags: sPT
Incoming interface: Loopback0, RPF nbr 0.0.0.0
Outgoing interface list: Null
(10.10.0.3, 239.232.0.2), 00:54:40/00:03:16, flags: sT
Incoming interface: Loopback0, RPF nbr 0.0.0.0
Outgoing interface list:
FastEthernet0/0, Forward/Sparse-Dense, 00:54:34/00:03:11
(10.10.0.4, 239.232.0.2), 00:55:02/00:02:46, flags: sTIZ
Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
Outgoing interface list:
MVRF VPN2, Forward/Sparse-Dense, 00:55:02/00:02:05
(10.10.0.2, 239.232.0.2), 00:55:02/00:02:46, flags: sTIZ
Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
Outgoing interface list:
MVRF VPN2, Forward/Sparse-Dense, 00:55:02/00:02:05
(10.10.0.1, 239.232.0.2), 00:55:02/00:02:45, flags: sTIZ
Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
Outgoing interface list:
MVRF VPN2, Forward/Sparse-Dense, 00:55:02/00:02:05
(10.10.0.3, 239.232.0.3), 00:54:42/00:03:15, flags: sT
Incoming interface: Loopback0, RPF nbr 0.0.0.0
Outgoing interface list:
FastEthernet0/0, Forward/Sparse-Dense, 00:54:34/00:03:08
(10.10.0.4, 239.232.0.3), 00:55:02/00:02:45, flags: sTIZ
Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
Outgoing interface list:
MVRF VPN3, Forward/Sparse-Dense, 00:55:02/00:02:05
(10.10.0.2, 239.232.0.3), 00:55:02/00:02:45, flags: sTIZ
Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
Outgoing interface list:
MVRF VPN3, Forward/Sparse-Dense, 00:55:02/00:02:05
(10.10.0.1, 239.232.0.3), 00:55:02/00:02:45, flags: sTIZ
Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
Outgoing interface list:
MVRF VPN3, Forward/Sparse-Dense, 00:55:02/00:02:05
(10.10.0.3, 239.232.0.1), 00:54:38/00:03:15, flags: sT
Incoming interface: Loopback0, RPF nbr 0.0.0.0
Outgoing interface list:
FastEthernet0/0, Forward/Sparse-Dense, 00:54:34/00:03:11
(10.10.0.4, 239.232.0.1), 00:55:02/00:02:45, flags: sTIZ
Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
Outgoing interface list:
MVRF VPN1, Forward/Sparse-Dense, 00:55:02/00:02:05
(10.10.0.2, 239.232.0.1), 00:55:02/00:02:45, flags: sTIZ
Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
Outgoing interface list:
MVRF VPN1, Forward/Sparse-Dense, 00:55:02/00:02:05
(10.10.0.1, 239.232.0.1), 00:55:02/00:02:55, flags: sTIZ
Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
Outgoing interface list:
MVRF VPN1, Forward/Sparse-Dense, 00:55:02/00:02:05
(*, 224.0.1.40), 01:13:21/00:02:40, RP 10.10.0.0, flags: SJPCL
Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
Outgoing interface list: Null
During a Ping of CE3 to 239.1.2.3, using the Default MDT:
PE3#sh ip mro vrf VPN1 239.1.2.3
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 239.1.2.3), 00:14:29/stopped, RP 100.1.0.1, flags: SPF
Incoming interface: Tunnel0, RPF nbr 10.10.0.1
Outgoing interface list: Null
(100.1.3.2, 239.1.2.3), 00:00:13/00:03:21, flags: FT
Incoming interface: Serial1/0, RPF nbr 0.0.0.0
Outgoing interface list:
Tunnel0, Forward/Sparse-Dense, 00:00:13/00:03:16
When sending to Data MDT:
PE3#sh ip mrou vrf VPN1 239.1.2.3
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 239.1.2.3), 00:16:44/stopped, RP 100.1.0.1, flags: SPF
Incoming interface: Tunnel0, RPF nbr 10.10.0.1
Outgoing interface list: Null
(100.1.3.2, 239.1.2.3), 00:00:43/00:03:06, flags: FTy
Incoming interface: Serial1/0, RPF nbr 0.0.0.0
Outgoing interface list:
Tunnel0, Forward/Sparse-Dense, 00:02:28/00:02:59
Data MDT status on PE3 and PE1 (would be similar for PE2 and PE4):
PE3#sh ip pim vrf VPN1 mdt send
MDT-data send list for VRF: VPN1
(source, group) MDT-data group ref_count
(100.1.3.2, 239.1.2.3) 239.232.1.0 1
PE1#sh ip pim vrf VPN1 mdt receive
Joined MDT-data [group : source] uptime/expires for VRF: VPN1
[239.232.1.0 : 10.10.0.3] 00:00:33/00:02:26
[edit]
The following Wireshark captures show how multicast packets are transmitted through the network. The frames were captured on interface FastEthernet2/0 of "P" router. A ping to 239.1.2.3 is started from CE3. Routers CE1, CE2, and CE4 have joined this group with the command "ip igmp join-group 239.1.2.3".
Here are the screenshots from Wireshark:
As you can see with the captures, the packets are sent through a GRE tunnel, with a destination address set to the default MDT group address, or a data MDT group address.
[edit]
You can use this configuration file (http://www.ipflow.utc.fr/configs/MPLS_MVPN/mpls_mvpn.net) directly with Dynagen or GNS3. Change the working directory and Cisco IOS image path to match your needs.
Retrieved from "http://www.ipflow.utc.fr/index.php/MPLS_MVPN"
MPLS CSC - IPFlow Netflow Collector
MPLS Carrier Supporting Carrier Example
This is a simple example of MPLS CSC configuration on Cisco routers (using Dynamips and GNS3).
Author: Christophe Fillot - 01-Nov-2007
Table of contents
7 Dynamips/Dynagen/GNS3 configuration
[edit]
[edit]
A client ISP wants to connect two entities (represented by CLI_PE1 and CLI_PE2/CLI_PE3 respectively) of its MPLS/VPN network through another MPLS/VPN backbone (CSC routers).
[edit]
This is very easy: on VRF interfaces going to CLI routers, just add "mpls ip":
CSC_PE1#sh run int fa1/0
Building configuration...
Current configuration : 141 bytes
!
interface FastEthernet1/0
description To CLI_PE1
ip vrf forwarding VPN1
ip address 100.0.1.1 255.255.255.252
duplex half
mpls ip
end
Then, check that the LDP adjacency is established:
CSC_PE1#sh mpls ldp nei vrf VPN1
Peer LDP Ident: 100.100.0.1:0; Local LDP Ident 100.0.1.1:0
TCP connection: 100.100.0.1.40052 - 100.0.1.1.646
State: Oper; Msgs sent/rcvd: 152/151; Downstream
Up time: 02:05:35
LDP discovery sources:
FastEthernet1/0, Src IP addr: 100.0.1.2
Addresses bound to peer LDP Ident:
100.0.1.2 100.100.0.1
To exchange routes between CSC_PE1 and CLI_PE1, and between CSC_PE2 and CLI_PE2, OSPF is used:
CSC_PE1#sh run begin ^router ospf 200
router ospf 200 vrf VPN1
log-adjacency-changes
redistribute bgp 65000 metric-type 1 subnets
network 100.0.0.0 0.255.255.255 area 0
!
[edit]
IOS configurations for CSC backbone:
IOS configurations for Client backbone:
[edit]
On CLI_PE1 (initiating the pings to CLI_PE3):
CLI_PE1#sh ip ro vrf VPNA
200.0.0.0/32 is subnetted, 3 subnets
C 200.0.0.1 is directly connected, Loopback100
B 200.0.0.2 [200/0] via 100.100.0.2, 01:19:24
B 200.0.0.3 [200/0] via 100.100.0.3, 01:06:39
CLI_PE1#sh ip cef vrf VPNA 200.0.0.3
200.0.0.3/32, version 8, epoch 0, cached adjacency 100.0.1.1
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Fa0/0, 100.0.1.1, tags imposed: {24 20}
via 100.100.0.3, 0 dependencies, recursive
next hop 100.0.1.1, FastEthernet0/0 via 100.100.0.3/32
valid cached adjacency
tag rewrite with Fa0/0, 100.0.1.1, tags imposed: {24 20}
CLI_PE1#sh ipv6 route
LC FEC0:1000::1/128 [0/0]
via ::, Loopback0
B FEC0:1000::2/128 [200/0]
via ::FFFF:100.100.0.2, IPv6-mpls
B FEC0:1000::3/128 [200/0]
via ::FFFF:100.100.0.3, IPv6-mpls
L FF00::/8 [0/0]
via ::, Null0
CLI_PE1#sh ipv6 cef FEC0:1000::3
FEC0:1000::3/128
nexthop ::FFFF:100.100.0.3
fast tag rewrite with Fa0/0, 100.0.1.1, tags imposed: {24 21}
The first label (24) is used to reach 100.100.0.3 (Loopback0 of CLI_PE3):
CLI_PE1#sh ip cef 100.100.0.3
100.100.0.3/32, version 14, epoch 0, cached adjacency 100.0.1.1
0 packets, 0 bytes
tag information set, shared
local tag: 19
fast tag rewrite with Fa0/0, 100.0.1.1, tags imposed: {24}
via 100.0.1.1, FastEthernet0/0, 1 dependency
next hop 100.0.1.1, FastEthernet0/0
valid cached adjacency
tag rewrite with Fa0/0, 100.0.1.1, tags imposed: {24}
We can see below how labels 20 and 21 are handled by CLI_PE3:
CLI_PE3#sh mpls for
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 100.100.0.2/32 0 Fa0/0 100.0.23.1
17 Pop tag 100.0.2.0/30 0 Fa0/0 100.0.23.1
18 18 100.0.1.0/30 0 Fa0/0 100.0.23.1
19 19 100.100.0.1/32 0 Fa0/0 100.0.23.1
20 Aggregate 200.0.0.3/32[V] 5288
21 Aggregate FEC0:1000::3/128 1040
On CSC_PE1, we have the following MPLS forwarding table:
CSC_PE1#sh mpls for
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 10.10.0.0/32 0 Fa0/0 10.0.1.1
17 Pop tag 10.0.2.0/30 0 Fa0/0 10.0.1.1
18 17 10.10.0.2/32 0 Fa0/0 10.0.1.1
19 Aggregate 100.0.1.0/30[V] 3756
20 Pop tag 100.100.0.1/32[V] 17404 Fa1/0 100.0.1.2
21 19 100.0.2.0/30[V] 0 Fa0/0 10.0.1.1
22 20 100.0.23.0/30[V] 0 Fa0/0 10.0.1.1
23 21 100.100.0.2/32[V] 7703 Fa0/0 10.0.1.1
24 22 100.100.0.3/32[V] 4666 Fa0/0 10.0.1.1
Let's take a look on how label 24 is handled:
CSC_PE1#sh mpls for lab 24 det
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
24 22 100.100.0.3/32[V] 4666 Fa0/0 10.0.1.1
MAC/Encaps=14/22, MRU=1496, Tag Stack{17 22}
CA1368530000CA12685300008847 0001100000016000
VPN route: VPN1
No output feature configured
Per-packet load-sharing
We can see that label 24 is popped and replaced by 2 labels (17 and 22), corresponding to 100.100.0.3 in VRF "VPN1". On CLI_PE1, we saw that the labels used to reach 200.0.0.3 in vrf VPNA are "{24 20}", and that the labels used to reach FEC0:1000::3 are "{24 21}".
It means that when the packets leave CSC_PE1, there are 3 labels in the stack:
You can observe this in the PCAP file (to be used with Wireshark).
Traceroute Example:
CLI_PE1#trace vrf VPNA 200.0.0.3
Type escape sequence to abort.
Tracing the route to 200.0.0.3
1 10.0.1.2 [MPLS: Labels 24/20 Exp 0] 12 msec 32 msec 28 msec
2 10.0.1.1 [MPLS: Labels 17/22/20 Exp 0] 20 msec 68 msec 4 msec
3 100.0.2.1 [MPLS: Labels 22/20 Exp 0] 72 msec 12 msec 24 msec
4 100.0.2.2 [MPLS: Labels 16/20 Exp 0] 24 msec 28 msec 24 msec
5 200.0.0.3 28 msec * 40 msec
[edit]
This PCAP capture (http://www.ipflow.utc.fr/configs/MPLS_CSC/mpls_csc.cap) shows the label stack in packets received by CSC_P, when pinging from CLI_PE1 to CLI_PE3.
Here are the screenshots from Wireshark:
[edit]
You can use this configuration file (http://www.ipflow.utc.fr/configs/MPLS_CSC/mpls_csc.net) directly with Dynagen or GNS3. Change the working directory and Cisco IOS image path to match your needs.
Retrieved from "http://www.ipflow.utc.fr/index.php/MPLS_CSC"
MPLS Basic Topology - IPFlow Netflow Collector
MPLS Basic Topology
Basic MPLS Example
This is a simple example of MPLS basic configuration on Cisco routers (using Dynamips and GNS3).
Author: Christophe Fillot - 05-Nov-2007
Table of contents [showhide]
3 Dynamips/Dynagen/GNS3 configuration
6 Displaying the LIB (Label Information Base)
7 Displaying the LFIB (Label Forwarding Information Base)
8 Useful commands for troubleshooting
[edit]
[edit]
[edit]
You can use this configuration file (http://www.ipflow.utc.fr/configs/MPLS_Basic/mpls_basic.net) directly with Dynagen or GNS3. Change the working directory and Cisco IOS image path to match your needs.
[edit]
[edit]
The LDP protocol is used to exchange labels between routers. You can verify the MPLS adjacencies with "sh mpls ldp neighbor":
A1#sh mpls ldp nei
Peer LDP Ident: 10.10.0.0:0; Local LDP Ident 10.10.0.1:0
TCP connection: 10.10.0.0.646 - 10.10.0.1.34421
State: Oper; Msgs sent/rcvd: 50/49; Downstream
Up time: 00:30:52
LDP discovery sources:
FastEthernet0/0, Src IP addr: 10.1.1.1
Addresses bound to peer LDP Ident:
10.1.1.1 10.10.0.0
Peer LDP Ident: 10.20.0.0:0; Local LDP Ident 10.10.0.1:0
TCP connection: 10.20.0.0.56148 - 10.10.0.1.646
State: Oper; Msgs sent/rcvd: 46/49; Downstream
Up time: 00:28:34
LDP discovery sources:
FastEthernet1/0, Src IP addr: 10.2.1.2
Addresses bound to peer LDP Ident:
10.2.1.2 10.20.0.0 10.2.2.1
Peer LDP Ident: 10.30.0.0:0; Local LDP Ident 10.10.0.1:0
TCP connection: 10.30.0.0.17227 - 10.10.0.1.646
State: Oper; Msgs sent/rcvd: 39/43; Downstream
Up time: 00:22:57
LDP discovery sources:
FastEthernet2/0, Src IP addr: 10.3.1.2
Addresses bound to peer LDP Ident:
10.3.1.2 10.30.0.0 10.3.2.1
Here we can see that A1 has three LDP adjacencies: A0, B0 and C0.
[edit]
When the LDP adjacencies are established, the routers build a Label Information Base, which can be displayed with "sh mpls ldp bindings".
We can see that for a given prefix, a router receives labels from all of its LDP neighbors.
A1#sh mpls ldp binding
tib entry: 10.1.1.0/30, rev 4
local binding: tag: imp-null
remote binding: tsr: 10.10.0.0:0, tag: imp-null
remote binding: tsr: 10.20.0.0:0, tag: 18
remote binding: tsr: 10.30.0.0:0, tag: 21
tib entry: 10.2.1.0/30, rev 8
local binding: tag: imp-null
remote binding: tsr: 10.10.0.0:0, tag: 17
remote binding: tsr: 10.20.0.0:0, tag: imp-null
remote binding: tsr: 10.30.0.0:0, tag: 20
tib entry: 10.2.2.0/30, rev 14
local binding: tag: 18
remote binding: tsr: 10.20.0.0:0, tag: imp-null
remote binding: tsr: 10.10.0.0:0, tag: 20
remote binding: tsr: 10.30.0.0:0, tag: 22
tib entry: 10.3.1.0/30, rev 10
local binding: tag: imp-null
remote binding: tsr: 10.10.0.0:0, tag: 18
remote binding: tsr: 10.20.0.0:0, tag: 19
remote binding: tsr: 10.30.0.0:0, tag: imp-null
tib entry: 10.3.2.0/30, rev 20
local binding: tag: 21
remote binding: tsr: 10.30.0.0:0, tag: imp-null
remote binding: tsr: 10.10.0.0:0, tag: 23
remote binding: tsr: 10.20.0.0:0, tag: 22
tib entry: 10.10.0.0/32, rev 6
local binding: tag: 16
remote binding: tsr: 10.10.0.0:0, tag: imp-null
remote binding: tsr: 10.20.0.0:0, tag: 17
remote binding: tsr: 10.30.0.0:0, tag: 19
tib entry: 10.10.0.1/32, rev 2
local binding: tag: imp-null
remote binding: tsr: 10.10.0.0:0, tag: 16
remote binding: tsr: 10.20.0.0:0, tag: 16
remote binding: tsr: 10.30.0.0:0, tag: 18
tib entry: 10.20.0.0/32, rev 12
local binding: tag: 17
remote binding: tsr: 10.20.0.0:0, tag: imp-null
remote binding: tsr: 10.10.0.0:0, tag: 19
remote binding: tsr: 10.30.0.0:0, tag: 17
tib entry: 10.20.0.1/32, rev 16
local binding: tag: 19
remote binding: tsr: 10.20.0.0:0, tag: 20
remote binding: tsr: 10.10.0.0:0, tag: 21
remote binding: tsr: 10.30.0.0:0, tag: 16
tib entry: 10.30.0.0/32, rev 18
local binding: tag: 20
remote binding: tsr: 10.30.0.0:0, tag: imp-null
remote binding: tsr: 10.10.0.0:0, tag: 22
remote binding: tsr: 10.20.0.0:0, tag: 21
tib entry: 10.30.0.1/32, rev 22
local binding: tag: 22
remote binding: tsr: 10.30.0.0:0, tag: 23
remote binding: tsr: 10.20.0.0:0, tag: 23
remote binding: tsr: 10.10.0.0:0, tag: 24
[edit]
We have seen previously that a router receives labels from its LDP neighbors for each given prefix. Then, it chooses the label to use with the help of the IGP (in this example, OSPF), so the shortest path can be selected.
The LFIB can be displayed with "sh mpls forwarding-table":
A1#sh mpls for
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 10.10.0.0/32 1914 Fa0/0 10.1.1.1
17 Pop tag 10.20.0.0/32 0 Fa1/0 10.2.1.2
18 Pop tag 10.2.2.0/30 1802 Fa1/0 10.2.1.2
19 20 10.20.0.1/32 360 Fa1/0 10.2.1.2
20 Pop tag 10.30.0.0/32 0 Fa2/0 10.3.1.2
21 Pop tag 10.3.2.0/30 1232 Fa2/0 10.3.1.2
22 23 10.30.0.1/32 360 Fa2/0 10.3.1.2
Let's take an example:
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
22 23 10.30.0.1/32 360 Fa2/0 10.3.1.2
[edit]
IP route information:
A1#sh ip ro 10.30.0.1
Routing entry for 10.30.0.1/32
Known via "ospf 100", distance 110, metric 66, type intra area
Last update from 10.3.1.2 on FastEthernet2/0, 00:47:48 ago
Routing Descriptor Blocks:
* 10.3.1.2, from 10.30.0.1, 00:47:48 ago, via FastEthernet2/0
Route metric is 66, traffic share count is 1
CEF information:
A1#sh ip cef 10.30.0.1
10.30.0.1/32, version 29, epoch 0, cached adjacency 10.3.1.2
0 packets, 0 bytes
tag information set
local tag: 22
fast tag rewrite with Fa2/0, 10.3.1.2, tags imposed: {23}
via 10.3.1.2, FastEthernet2/0, 0 dependencies
next hop 10.3.1.2, FastEthernet2/0
valid cached adjacency
tag rewrite with Fa2/0, 10.3.1.2, tags imposed: {23}
Detailed information for the label entry:
A1#sh mpls forwarding-table label 22
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
22 23 10.30.0.1/32 360 Fa2/0 10.3.1.2
A1#sh mpls forwarding-table label 22 detail
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
22 23 10.30.0.1/32 360 Fa2/0 10.3.1.2
MAC/Encaps=14/18, MRU=1500, Tag Stack{23}
CA040A5B0000CA020A5A00388847 00017000
No output feature configured
Per-packet load-sharing
[edit]
The traceroute commands can display the labels used between routers:
A0#traceroute 10.30.0.1
Type escape sequence to abort.
Tracing the route to 10.30.0.1
1 10.1.1.2 [MPLS: Label 22 Exp 0] 76 msec 80 msec 48 msec
2 10.3.1.2 [MPLS: Label 23 Exp 0] 44 msec 52 msec 44 msec
3 10.3.2.2 48 msec * 72 msec
Retrieved from "http://www.ipflow.utc.fr/index.php/MPLS_Basic_Topology"
