mpls: layer3-vpns, pe-ce routing protocol – eigrp

Hello everyone!
Right now I am going to show how to use EIGRP as a PE-CE routing protocol when using MPLS VPNs.

Here is our topology (same topology like with the other protocols used):

Given:
– a small MPLS backbone with SPCORE as P-Router (MPLS only, no BGP), SPEDGE routers as PE-Routers with MP-BGP enabled
– fa0/1 of the SPEDGE routers are in vrf “CUSTOMER”
– on the SP routers there is an OSPF process “1” which is used for backbone connectivity for the MP-BGP routers and for LDP
– some loopback interfaces which simulate networks connected to the SITE routers

Challenge:
– configure EIGRP as the PE-CE routing protocol and make sure that the networks of SITE1 and SITE2 can reach each other via the MPLS VPN backbone.

Here is the config part of the SP routers (the routing protocol part):

SPCORE (MPLS and OSPF “1” only for backbone connectivity)

SPCORE#sh run | sec router
router ospf 1
 router-id 10.10.10.1
 log-adjacency-changes

SPEDGE1 (MPLS, OSPF backbone and MP-BGP)

SPEDGE1(config)#do sh run | sec router 
router ospf 1
 router-id 10.10.10.2
 log-adjacency-changes
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.10.10.3 remote-as 1
 neighbor 10.10.10.3 update-source Loopback0
 neighbor 10.10.10.3 next-hop-self
 neighbor 10.10.10.3 send-community both
 no auto-summary
 !
 address-family vpnv4
  neighbor 10.10.10.3 activate
  neighbor 10.10.10.3 send-community both
  neighbor 10.10.10.3 next-hop-self
 exit-address-family
 !
 address-family ipv4 vrf CUSTOMER
  no synchronization
 exit-address-family

SPEDGE2 (MPLS, OSPF backbone and MP-BGP)

SPEDGE2#sh run | sec router
router ospf 1
 router-id 10.10.10.3
 log-adjacency-changes
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.10.10.2 remote-as 1
 neighbor 10.10.10.2 update-source Loopback0
 neighbor 10.10.10.2 next-hop-self
 neighbor 10.10.10.2 send-community extended
 no auto-summary
 !
 address-family vpnv4
  neighbor 10.10.10.2 activate
  neighbor 10.10.10.2 send-community both
  neighbor 10.10.10.2 next-hop-self
 exit-address-family
 !
 address-family ipv4 vrf CUSTOMER
  no synchronization
 exit-address-family

So lets start with configuring EIGRP (we use AS100 for our AS number) on the SITE-routers.

SITE1(config)#router eigrp 100
SITE1(config-router)#no auto
SITE1(config-router)#network 10.10.11.0 0.0.0.255 
SITE1(config-router)#redistribute connected metric 10000 10 255 1 1500
!
SITE2(config)#router eigrp 100
SITE2(config-router)#no auto 
SITE2(config-router)#network 10.10.22.0 0.0.0.255
SITE2(config-router)#redistribute connected metric 10000 10 255 1 1500

Ok good. Now we need to do the same on the SPEDGE routers to build an adjacency between the SITE and the SPEDGE routers. Here you can see again that the configuration is like BGP, you can use address families.

SPEDGE1(config)#router eigrp 100
SPEDGE1(config-router)#address-family ipv4 unicast vrf CUSTOMER
SPEDGE1(config-router-af)#network 10.10.11.0 0.0.0.255
SPEDGE1(config-router-af)#no auto
!
SPEDGE2(config)#router eigrp 100
SPEDGE2(config-router)#address-family ipv4 unicast vrf CUSTOMER 
SPEDGE2(config-router-af)#no auto
SPEDGE2(config-router-af)#network 10.10.22.0 0.0.0.255

Ok configuration seems to be complete, lets check the adjacencies.

SPEDGE1#sh ip eigrp neigh
IP-EIGRP neighbors for process 100
SPEDGE1#

Hmm nothing…lets check SITE1 for EIGRP hellos.

SITE1#debug ip eigrp 100 
IP-EIGRP Route Events debugging is on
SITE1#debug ip eigrp summ
IP-EIGRP Summary route processing debugging is on
SITE1#debug ip pack
IP packet debugging is on
SITE1#
*Mar  1 03:35:42.459: IP: s=10.10.11.2 (local), d=224.0.0.10 (FastEthernet0/0), len 60, sending broad/multicast
SITE1#
*Mar  1 03:35:46.791: IP: s=10.10.11.2 (local), d=224.0.0.10 (FastEthernet0/0), len 60, sending broad/multicast
SITE1#
*Mar  1 03:35:51.575: IP: s=10.10.11.2 (local), d=224.0.0.10 (FastEthernet0/0), len 60, sending broad/multicast

Hmm strange…the SITE router is sending EIGRP hellos to 224.0.0.10 but we are not receiving hellos from the SPEDGE1 router (same behaviour we can see between SITE2 and SPEDGE2). Lets do a debug on SPEDGE1.

SPEDGE1#
*Mar  1 03:37:07.327: IP: s=172.16.10.1 (FastEthernet0/0), d=224.0.0.2, len 62, rcvd 0
SPEDGE1#
*Mar  1 03:37:08.779: IP: s=172.16.10.2 (local), d=224.0.0.2 (FastEthernet0/0), len 62, sending broad/multicast
*Mar  1 03:37:09.435: IP: s=172.16.10.2 (local), d=224.0.0.5 (FastEthernet0/0), len 80, sending broad/multicast
SPEDGE1#
*Mar  1 03:37:11.335: IP: s=172.16.10.1 (FastEthernet0/0), d=224.0.0.2, len 62, rcvd 0
*Mar  1 03:37:12.071: IP: s=172.16.10.1 (FastEthernet0/0), d=224.0.0.5, len 80, rcvd 0
SPEDGE1#
*Mar  1 03:37:13.175: IP: s=172.16.10.2 (local), d=224.0.0.2 (FastEthernet0/0), len 62, sending broad/multicast
SPEDGE1#
*Mar  1 03:37:15.999: IP: tableid=0, s=10.10.10.2 (local), d=10.10.10.1 (FastEthernet0/0), routed via FIB
*Mar  1 03:37:15.999: IP: s=10.10.10.2 (local), d=10.10.10.1 (FastEthernet0/0), len 58, sending
*Mar  1 03:37:16.099: IP: tableid=0, s=10.10.10.1 (FastEthernet0/0), d=10.10.10.2 (Loopback0), routed via RIB
*Mar  1 03:37:16.099: IP: s=10.10.10.1 (FastEthernet0/0), d=10.10.10.2, len 40, rcvd 4
*Mar  1 03:37:16.103: IP: s=172.16.10.1 (FastEthernet0/0), d=224.0.0.2, len 62, rcvd 0
SPEDGE1#
*Mar  1 03:37:17.167: IP: s=172.16.10.2 (local), d=224.0.0.2 (FastEthernet0/0), len 62, sending broad/multicast
SPEDGE1#
*Mar  1 03:37:18.811: IP: s=172.16.10.2 (local), d=224.0.0.5 (FastEthernet0/0), len 80, sending broad/multicast
SPEDGE1#
*Mar  1 03:37:20.211: IP: s=172.16.10.1 (FastEthernet0/0), d=224.0.0.2, len 62, rcvd 0
SPEDGE1#
*Mar  1 03:37:21.215: IP: s=172.16.10.2 (local), d=224.0.0.2 (FastEthernet0/0), len 62, sending broad/multicast
*Mar  1 03:37:21.515: IP: s=172.16.10.1 (FastEthernet0/0), d=224.0.0.5, len 80, rcvd 0
SPEDGE1#
*Mar  1 03:37:24.227: IP: s=172.16.10.1 (FastEthernet0/0), d=224.0.0.2, len 62, rcvd 0
SPEDGE1#
*Mar  1 03:37:26.135: IP: s=172.16.10.2 (local), d=224.0.0.2 (FastEthernet0/0), len 62, sending broad/multicast
SPEDGE1#
*Mar  1 03:37:28.299: IP: s=172.16.10.1 (FastEthernet0/0), d=224.0.0.2, len 62, rcvd 0
*Mar  1 03:37:28.519: IP: s=172.16.10.2 (local), d=224.0.0.5 (FastEthernet0/0), len 80, sending broad/multicast

Nothing about EIGRP. Well this has a specific reason. Although we used AS100 in the “router eigrp” command we need to specify the AS number for each address family and so for each VRF! without an AS number configured under the address-family the router will do nothing!

SPEDGE1(config-router)#router eigrp 100                        
SPEDGE1(config-router)#address-family ipv4 unicast vrf CUSTOMER
SPEDGE1(config-router-af)#autonomous-system 100
!
SPEDGE2(config)#router eigrp 100                        
SPEDGE2(config-router)#address-family ipv4 unicast vrf CUSTOMER
SPEDGE2(config-router-af)#autonomous-system 100

Now lets have a look at the adjacency-tables:

SPEDGE1#sh ip eigrp vrf CUSTOMER neigh
IP-EIGRP neighbors for process 100
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   10.10.11.2              Fa0/1             14 00:01:45  129   774  0  3
!
SPEDGE2#sh ip eigrp vrf CUSTOMER neigh
IP-EIGRP neighbors for process 100
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   10.10.22.2              Fa0/1             14 00:01:05  140   840  0  3

There we go! Now we need to configure mutual redistribution. EIGRP into BGP and backwards.

SPEDGE1(config)#router bgp 1
SPEDGE1(config-router)#address-family ipv4 unicast vrf CUSTOMER
SPEDGE1(config-router-af)#redistribute eigrp 100 metric 200
SPEDGE1(config-router-af)#router eigrp 100
SPEDGE1(config-router)#address-family ipv4 unicast vrf CUSTOMER
SPEDGE1(config-router-af)#redistribute bgp 1 metric 10000 10 255 1 1500
!
SPEDGE2(config)#router bgp 1
SPEDGE2(config-router)#address-family ipv4 unicast vrf CUSTOMER
SPEDGE2(config-router-af)#redistribute eigrp 100 metric 200
SPEDGE2(config-router-af)#router eigrp 100
SPEDGE2(config-router)#address-family ipv4 unicast vrf CUSTOMER
SPEDGE2(config-router-af)#redistribute bgp 1 metric 10000 10 255 1 1500

Now all prefixes should be present in the BGP VPNv4 table.

SPEDGE1#sh ip bgp vpnv4 all
BGP table version is 249, local router ID is 10.10.10.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf CUSTOMER)
*> 1.1.1.1/32       10.10.11.2             200         32768 ?
*>i2.2.2.2/32       10.10.10.3             200    100      0 ?
*> 10.10.11.0/30    0.0.0.0                  0         32768 ?
*>i10.10.22.0/30    10.10.10.3               0    100      0 ?
*> 11.11.11.11/32   10.10.11.2             200         32768 ?
*> 11.11.11.12/32   10.10.11.2             200         32768 ?
*> 11.11.11.13/32   10.10.11.2             200         32768 ?
*>i22.22.22.21/32   10.10.10.3             200    100      0 ?
*>i22.22.22.22/32   10.10.10.3             200    100      0 ?
*>i22.22.22.23/32   10.10.10.3             200    100      0 ?
*>i192.168.11.0/30  10.10.10.3             200    100      0 ?
!
SPEDGE2#sh ip bgp vpnv4 all
BGP table version is 249, local router ID is 10.10.10.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf CUSTOMER)
*>i1.1.1.1/32       10.10.10.2             200    100      0 ?
*> 2.2.2.2/32       10.10.22.2             200         32768 ?
*>i10.10.11.0/30    10.10.10.2               0    100      0 ?
*> 10.10.22.0/30    0.0.0.0                  0         32768 ?
*>i11.11.11.11/32   10.10.10.2             200    100      0 ?
*>i11.11.11.12/32   10.10.10.2             200    100      0 ?
*>i11.11.11.13/32   10.10.10.2             200    100      0 ?
*> 22.22.22.21/32   10.10.22.2             200         32768 ?
*> 22.22.22.22/32   10.10.22.2             200         32768 ?
*> 22.22.22.23/32   10.10.22.2             200         32768 ?
*> 192.168.11.0/30  10.10.22.2             200         32768 ?

Looks nice! Lets check the SITE routers for EIGRP networks.

SITE1#sh ip route eigrp
     2.0.0.0/32 is subnetted, 1 subnets
D EX    2.2.2.2 [170/309760] via 10.10.11.1, 00:01:20, FastEthernet0/0
     22.0.0.0/32 is subnetted, 3 subnets
D EX    22.22.22.22 [170/309760] via 10.10.11.1, 00:01:20, FastEthernet0/0
D EX    22.22.22.23 [170/309760] via 10.10.11.1, 00:01:20, FastEthernet0/0
D EX    22.22.22.21 [170/309760] via 10.10.11.1, 00:01:20, FastEthernet0/0
     10.0.0.0/30 is subnetted, 2 subnets
D       10.10.22.0 [90/307200] via 10.10.11.1, 00:01:20, FastEthernet0/0
!
SITE2#sh ip route eigrp  
     1.0.0.0/32 is subnetted, 1 subnets
D EX    1.1.1.1 [170/309760] via 10.10.22.1, 00:01:38, FastEthernet0/0
     10.0.0.0/30 is subnetted, 2 subnets
D       10.10.11.0 [90/307200] via 10.10.22.1, 00:01:38, FastEthernet0/0
     11.0.0.0/32 is subnetted, 3 subnets
D EX    11.11.11.11 [170/309760] via 10.10.22.1, 00:01:38, FastEthernet0/0
D EX    11.11.11.13 [170/309760] via 10.10.22.1, 00:01:38, FastEthernet0/0
D EX    11.11.11.12 [170/309760] via 10.10.22.1, 00:01:38, FastEthernet0/0

Looks good. The routes of the opposite SITE router are marked with “EX” for EXTERNAL. This is because we are injecting the loopback addresses with the “redistribute connected” command, so for EIGRP this means that the routes come from an EXTERNAL routing protocol (in our case “static /connected routing”).

Lets do the final connectivity check to see if the VPN labels are working fine!

SITE1#ping 22.22.22.22 so lo1
!
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds:
Packet sent with a source address of 11.11.11.11 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 104/139/156 ms

Looks good!
I hope you enjoyed this post! Feel free comment!
Regards!
Markus

Advertisements

About markus.wirth

Living near Limburg in Germany, working as a Network Engineer around Frankfurt am Main.
This entry was posted in MPLS, Routing and tagged , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

One Response to mpls: layer3-vpns, pe-ce routing protocol – eigrp

  1. nice to help tshoot my issue,but let me know why default redistribution was working

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s