mpls: layer3-vpns, pe-ce routing protocol – rip

Hello everyone!
Today I am going to show how to use a variety of routing protocols to be used as PE-CE routing protocol when you are connected to a MPLS VPN service provider or when you act as a provider.

First protocol will be RIPv2.

Here is our topology:

Given:
– a small MPLS backbone with SPCORE as P-Router (MPLS only, no BGP), SPEDGE routers as PE-Routers with MP-BGP enabled
– fa0/1 of the SPEDGE routers are in vrf “CUSTOMER”
– on the SP routers there is an OSPF process “1” which is used for backbone connectivity for the MP-BGP routers and for LDP
– some loopback interfaces which simulate networks connected to the SITE routers

Challenge:
– configure RIPv2 as the PE-CE routing protocol and make sure that the networks of SITE1 and SITE2 can reach each other via the MPLS VPN backbone.

Here is the config part of the SP routers (the routing protocol part):

SPCORE (MPLS and OSPF “1” only for backbone connectivity)

SPCORE#sh run | sec router
router ospf 1
 router-id 10.10.10.1
 log-adjacency-changes

SPEDGE1 (MPLS, OSPF backbone and MP-BGP)

SPEDGE1(config)#do sh run | sec router 
router ospf 1
 router-id 10.10.10.2
 log-adjacency-changes
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.10.10.3 remote-as 1
 neighbor 10.10.10.3 update-source Loopback0
 neighbor 10.10.10.3 next-hop-self
 neighbor 10.10.10.3 send-community both
 no auto-summary
 !
 address-family vpnv4
  neighbor 10.10.10.3 activate
  neighbor 10.10.10.3 send-community both
  neighbor 10.10.10.3 next-hop-self
 exit-address-family
 !
 address-family ipv4 vrf CUSTOMER
  no synchronization
 exit-address-family

SPEDGE2 (MPLS, OSPF backbone and MP-BGP)

SPEDGE2#sh run | sec router
router ospf 1
 router-id 10.10.10.3
 log-adjacency-changes
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.10.10.2 remote-as 1
 neighbor 10.10.10.2 update-source Loopback0
 neighbor 10.10.10.2 next-hop-self
 neighbor 10.10.10.2 send-community extended
 no auto-summary
 !
 address-family vpnv4
  neighbor 10.10.10.2 activate
  neighbor 10.10.10.2 send-community both
  neighbor 10.10.10.2 next-hop-self
 exit-address-family
 !
 address-family ipv4 vrf CUSTOMER
  no synchronization
 exit-address-family

So lets start with configuring RIPv2 on the SITE-routers. Thatll be an easy one.

SITE1(config)#router rip 
SITE1(config-router)#no auto
SITE1(config-router)#version 2
SITE1(config-router)#network 10.10.11.0  
SITE1(config-router)#redistribute connected metric 1
!
SITE2(config)#router rip 
SITE2(config-router)#no auto
SITE2(config-router)#version 2
SITE2(config-router)#network 10.10.22.0 
SITE2(config-router)#redistribute connected metric 1

Ok so far so good. Now we need to do the same on the SPEDGE routers. You will see that the configuration is almost like in BGP! You also have the possbility to use address-families. Take a look here:

SPEDGE1(config)#router rip
SPEDGE1(config-router)#address-family ipv4 unicast vrf CUSTOMER
SPEDGE1(config-router-af)#no auto
SPEDGE1(config-router-af)#version 2
SPEDGE1(config-router-af)#network 10.10.11.0
!
SPEDGE2(config)#router rip 
SPEDGE2(config-router)#address-family ipv4 unicast vrf CUSTOMER
SPEDGE2(config-router-af)#no auto 
SPEDGE2(config-router-af)#version 2
SPEDGE2(config-router-af)#network 10.10.22.0 

Lets have a look at the routing tables in the VRFs and if we are able to see the SITE-networks on the SPEDGE routers.

SPEDGE1#sh ip route vrf CUSTOMER rip 
     1.0.0.0/32 is subnetted, 1 subnets
R       1.1.1.1 [120/1] via 10.10.11.2, 00:00:03, FastEthernet0/1
     192.168.11.0/30 is subnetted, 1 subnets
R       192.168.11.0 [120/1] via 10.10.11.2, 00:00:03, FastEthernet0/1
     11.0.0.0/32 is subnetted, 3 subnets
R       11.11.11.11 [120/1] via 10.10.11.2, 00:00:03, FastEthernet0/1
R       11.11.11.13 [120/1] via 10.10.11.2, 00:00:03, FastEthernet0/1
R       11.11.11.12 [120/1] via 10.10.11.2, 00:00:03, FastEthernet0/1
!
SPEDGE2#sh ip route vrf CUSTOMER rip
     2.0.0.0/32 is subnetted, 1 subnets
R       2.2.2.2 [120/1] via 10.10.22.2, 00:00:25, FastEthernet0/1
     192.168.11.0/30 is subnetted, 1 subnets
R       192.168.11.0 [120/1] via 10.10.22.2, 00:00:25, FastEthernet0/1
     22.0.0.0/32 is subnetted, 3 subnets
R       22.22.22.22 [120/1] via 10.10.22.2, 00:00:25, FastEthernet0/1
R       22.22.22.23 [120/1] via 10.10.22.2, 00:00:25, FastEthernet0/1
R       22.22.22.21 [120/1] via 10.10.22.2, 00:00:25, FastEthernet0/1

There we go! The only problem we now have is that SPEDGE1 doesnt see the routes SPEDGE2 has in its tables, although its the same VRF. Well, the reason for this is that we dont redistribute RIP into MP-BGP. We need to do this to perfom an exchange over the MPLS backbone, so that all routers that have the vrf “CUSTOMER” attached get those routes. And of course dont forget to do the redistribution mutually!!! You also need to redistribute MP-BGP into the RIP process. If not, then SPEDGE1 gets the routes of SITE2 but doesnt hand them over to SITE1.

SPEDGE1(config)#router bgp 1
SPEDGE1(config-router)#address-family ipv4 unicast vrf CUSTOMER
SPEDGE1(config-router-af)#redistribute rip metric 10
SPEDGE1(config-router-af)#router rip 
SPEDGE1(config-router)#address-family ipv4 unicast vrf CUSTOMER
SPEDGE1(config-router-af)#redistribute bgp 1 metric transparent  
!
SPEDGE2(config)#router bgp 1
SPEDGE2(config-router)#address-family ipv4 unicast vrf CUSTOMER
SPEDGE2(config-router-af)#redistribute rip metric 10
SPEDGE2(config-router-af)#router rip
SPEDGE2(config-router)#address-family ipv4 unicast vrf CUSTOMER
SPEDGE2(config-router-af)#redistribute bgp 1 metric transparent

So far so good. Lets take a look at the VPNv4 BGP tables of the SPEDGE routers. There we should see all networks from the SITE routers.

SPEDGE1#sh ip bgp 
*Mar  1 02:27:22.167: %SYS-5-CONFIG_I: Configured from console by console
SPEDGE1#sh ip bgp vpnv4 all 
BGP table version is 214, local router ID is 10.10.10.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf CUSTOMER)
*> 1.1.1.1/32       10.10.11.2              10         32768 ?
*>i2.2.2.2/32       10.10.10.3              10    100      0 ?
*> 10.10.11.0/30    0.0.0.0                  0         32768 ?
*>i10.10.22.0/30    10.10.10.3               0    100      0 ?
*> 11.11.11.11/32   10.10.11.2              10         32768 ?
*> 11.11.11.12/32   10.10.11.2              10         32768 ?
*> 11.11.11.13/32   10.10.11.2              10         32768 ?
*>i22.22.22.21/32   10.10.10.3              10    100      0 ?
*>i22.22.22.22/32   10.10.10.3              10    100      0 ?
*>i22.22.22.23/32   10.10.10.3              10    100      0 ?
* i192.168.11.0/30  10.10.10.3              10    100      0 ?
*>                  10.10.11.2              10         32768 ?
!
SPEDGE2#sh ip bgp vpnv4 all
BGP table version is 216, local router ID is 10.10.10.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf CUSTOMER)
*>i1.1.1.1/32       10.10.10.2              10    100      0 ?
*> 2.2.2.2/32       10.10.22.2              10         32768 ?
*>i10.10.11.0/30    10.10.10.2               0    100      0 ?
*> 10.10.22.0/30    0.0.0.0                  0         32768 ?
*>i11.11.11.11/32   10.10.10.2              10    100      0 ?
*>i11.11.11.12/32   10.10.10.2              10    100      0 ?
*>i11.11.11.13/32   10.10.10.2              10    100      0 ?
*> 22.22.22.21/32   10.10.22.2              10         32768 ?
*> 22.22.22.22/32   10.10.22.2              10         32768 ?
*> 22.22.22.23/32   10.10.22.2              10         32768 ?
*> 192.168.11.0/30  10.10.22.2              10         32768 ?
* i                 10.10.10.2              10    100      0 ?

That looks quite confident. All networks are in the MP-BGP table which is good because this means that the RIP networks are transported via the MPLS backbone. Lets check this on the site routers.

SITE1#sh ip route rip
     2.0.0.0/32 is subnetted, 1 subnets
R       2.2.2.2 [120/11] via 10.10.11.1, 00:00:24, FastEthernet0/0
     22.0.0.0/32 is subnetted, 3 subnets
R       22.22.22.22 [120/11] via 10.10.11.1, 00:00:24, FastEthernet0/0
R       22.22.22.23 [120/11] via 10.10.11.1, 00:00:24, FastEthernet0/0
R       22.22.22.21 [120/11] via 10.10.11.1, 00:00:24, FastEthernet0/0
     10.0.0.0/30 is subnetted, 2 subnets
R       10.10.22.0 [120/1] via 10.10.11.1, 00:00:24, FastEthernet0/0
!
SITE2#sh ip route rip
     1.0.0.0/32 is subnetted, 1 subnets
R       1.1.1.1 [120/11] via 10.10.22.1, 00:00:21, FastEthernet0/0
     10.0.0.0/30 is subnetted, 2 subnets
R       10.10.11.0 [120/1] via 10.10.22.1, 00:00:21, FastEthernet0/0
     11.0.0.0/32 is subnetted, 3 subnets
R       11.11.11.11 [120/11] via 10.10.22.1, 00:00:21, FastEthernet0/0
R       11.11.11.13 [120/11] via 10.10.22.1, 00:00:21, FastEthernet0/0
R       11.11.11.12 [120/11] via 10.10.22.1, 00:00:21, FastEthernet0/0

Works! Ok lets now test the reachbility between the two systems, to see if the MPLS forwarding and the MPLS VPN label assignment works properly.

SITE1#ping 22.22.22.22 so lo1
!
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds:
Packet sent with a source address of 11.11.11.11 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 120/144/176 ms

Perfect!
So we are done with this part here!

I hope you enjoyed reading!
Feel free to comment!

Regards!
Markus

Advertisements

About markus.wirth

Living near Limburg in Germany, working as a Network Engineer around Frankfurt am Main.
This entry was posted in MPLS, Routing, Uncategorized and tagged , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s