Guia MPLS L2-L3 PDF

Guía MPLS L2-L3 Version 3.
Prácticas de Laboratorio Service

Provider
1
@ 2011 NMT todos los derechos……
Guía MPLS L2-L3 Version 3.0
Introducción .............................................................................................................................. 3
Audiencia ................................................................................................................................. 3
Capítulo I: IGPs .......................................................................................................................... 4
Seccion OSPF .............................................................................................................................. 5
Capítulo II: MPLS ...................................................................................................................... 29
Sección LDP .............................................................................................................................. 30
Sección MPLS-Traffic Engineering ............................................................................................... 47
Sección MPLS MTU (consideraciones) ......................................................................................... 64
MPLS TE con PBR ..................................................................................................................... 72
Capítulo III: MPLS VPN L3/L2 ...................................................................................................... 86
Sección PE-CE RIPv2 ................................................................................................................. 87
Sección PE-CE OSPF.................................................................................................................. 97
Sección PE-CE OSPF Sham-Link ............................................................................................... 106
Sección VRF Lite - CE Management .......................................................................................... 114
Sección PE-CE EIGRP .............................................................................................................. 121
Sección PE-CE EIGRP Dual-Homed .......................................................................................... 130
Sección PE-CE IS-IS ................................................................................................................. 138
Sección PE-CE eBGP Multihome ............................................................................................... 145
Sección PE-CE eBGP AS Override............................................................................................. 152
Sección PE-CE eBGP Hub and Spoke ......................................................................................... 159
Sección PE-CE Control VPN ..................................................................................................... 166
Sección Internet Access Static routes .......................................................................................... 182
Sección Internet Access GRE Tunnel ......................................................................................... 193
Sección CSC only Carrier Customer .......................................................................................... 196
Sección Carrier Supporting Carriers (CSC)................................................................................. 208
Sección AToM Interworking ..................................................................................................... 220
Sección AToM Ethernet Port Mode ........................................................................................... 226
Sección AToM Ethernet VLAN Mode ........................................................................................ 230
Sección AToM Bridge Mode...................................................................................................... 233
Sección AToM Load Sharing...................................................................................................... 237
Sección AToM Frame Relay Port to Port .................................................................................... 243
Sección AToM sobre tunnel GRE .............................................................................................. 249
Sección L2TPv3 ....................................................................................................................... 257
Sección Multicast MPLS VPN .................................................................................................... 265
Sección Inter-AS MP-eBGP ....................................................................................................... 278
Seción Inter-AS: MP-eBGP Multi-hop RRs Option 3 con AS Intermedio. ..................................... 292
Capítulo IV: IPv6 ..................................................................................................................... 319
Seccion MP-BGP on IPv6 (6VPE) .............................................................................................. 320
Dual Stack IPv6 (6PE) y MPLS VPNv4 sobre MPLS Backbone...................................................... 329
IPv6 sobre MPLS AToM ........................................................................................................... 346
Capítulo V: High Availability ....................................................................................................... 352
Sección HSRP .......................................................................................................................... 353
Sección VRRP .......................................................................................................................... 362
Capítulo VI: Labs ..................................................................................................................... 370
Sección Challenge IPv4 Lab ....................................................................................................... 371
Seccion Challenge IPv6 Lab ....................................................................................................... 438
2
Introducción
MPLS es ya una tecnología consolidada dentro infraesctructuras de proveedores de servicios de Internet (ISPs). Adoptado en gran
medida por su versatilidad y capacidad de transportar todo tipo de tráfico L2-L3. Esto ha significado un gran avance en cuanto a la
escalabilidad de las redes. La ventaja de MPLS por sobre el ruteo convencional de paquetes se debe en gran medida al mayor
rendimiento (opera entre la capa 2 y capa 3), flexibilidad, servicios privados (MPLS VPN), adicionalmente MPLS permite
coexistir redes de distinto tipo, incluso con tecnologias heredadas (por ejemplo redes Frame-Relay, ATM). Desde sus comienzos
hasta hoy MPLS ha pasado por distintas etapas y el crecimiento tecnologico e implementacion ha tenido un crecimiento
exponencial. Es por eso que hoy MPLS ya no se limita unicamente a un ISP; empresas medianas y grandes apuestan firmemente
por MPLS por la eficiencia y relativamente fácil adminsitración.
Existe variada y abundante documentacion teórica en lo que respecta a MPLS, sin embargo el material teórico en castellano es
escaso, y encontrar documentación practica es una tarea dificil si no imposible.
La presente Guía de Laboratorios MPLS entrega una gran fuente de informacion. Plantea distintos escenarios y tareas con
explicaciones precisas y acotadas que permiten al lector adquir conocimiento y detrezas que le permitan diseñar, configurar y
comprobar una implementacion completa de extremo a extremo, es decir, red cliente, red proveedor, red final cliente o
Internet.
Los laboratorios presentados aquí incluyen topolgias genéricas y originales dando énfasis al aprendizaje por sobre el diseño
óptimo, aunque muchas veces se cumplen ambas premisas.
El equipamiento utilizado se compone de un odenador, IOS 12.4 y 15.0 (distintas plataformas), analizador de protocolos
WireShark, el emulador routers Dynamips.
Audiencia
El material presentado puede ser de gran ayuda a ingenieros que tengan conocimientos previos en redes y requieran conocer
aspectos fundamentales de MPLS a nivel práctico (CCNA SP, CCNP, CCIP). Tambien puede ser de gran utilidad para quienes
esté preparando el examen de laboratorio CCIE Service Provider.
Audiencia
El material presentado puede ser de gran ayuda a ingenieros que tengan conocimientos previos en redes y requieran conocer
aspectos fundamentales de MPLS a nivel práctico (CCNA SP, CCNP, CCIP). Tambien puede ser de gran utilidad para quienes
esté preparando el examen de laboratorio CCIE Service Provider v2.0.
3
Capítulo I: IGPs
4
Seccion OSPF
1.Configuración BB. Redes NON_BROADCAST

§ Configurar BB (red NBMA) con Frame-Relay malla completa (Ver figura). Usar sub-if multipont.
§ Configurar red OSPF NON_BROADCAST
§ R1 es DR
§ R2 es BDR
R1
interface Serial1/0
encapsulation frame-relay
no shutdown
interface Serial1/0.1 multipoint

ip address 10.1.1.1 255.255.255.0
frame-relay map ip 10.1.1.1 102
frame-relay map ip 10.1.1.2 102 broadcast
no frame-relay inverse-arp
R2
interface Serial1/0
no shutdown

ip address 10.1.1.2 255.255.255.0
5

R3
interface Serial1/0
no shutdown

ip address 10.1.1.3 255.255.255.0
R4
interface Serial1/0
no shutdown

ip address 10.1.1.4 255.255.255.0
Comprobamos conectividad completa en la red Frame-Relay, full mesh.

Podemos configurar de distintas maneras OSPF. Sin embargo algunas soluciones son mejores que otras. Por ejemplo Non-
broadcast tiene ventajas sobre point-to-multipont puesto que hay mayor control y ahorro de BW porque los paquetes son
UNICAST.
Por otro lado las redes point-to-multipoint crean cierta confusión porque no publican las redes con su máscara real.
1 USANDO NON_BROADCAST. R1 es DR y R2 BDR.
Nota, debido a los timers usados la adyacencia puede demorar en establecesrse. DR y BDR deben usar el comando neighbor.
R1
interface Serial1/0.1
ip ospf priority 255
router ospf 1
network 10.1.1.0 0.0.0.255 area 0
neighbor 10.1.1.4
neighbor 10.1.1.3
neighbor 10.1.1.2
interface Loopback0
ip ospf 1 area 0
R1#show ip ospf interface serial 1/0.1

Serial1/0.1 is up, line protocol is up
Internet Address 10.1.1.1/24, Area 0
Process ID 1, Router ID 100.1.1.1, Network Type NON_BROADCAST, Cost: 64
Transmit Delay is 1 sec, State WAITING, Priority 255
6
No designated router on this network

No backup designated router on this network
Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
oob-resync timeout 120
Hello due in 00:00:08
Wait time before Designated router selection 00:01:38
Supports Link-local Signaling (LLS)
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
R2
interface Loopback0
ip ospf 1 area 0
router ospf 1
network 10.1.1.0 0.0.0.255 area 0
neighbor 10.1.1.3
neighbor 10.1.1.4
neighbor 10.1.1.1
R3
ip ospf priority 0
interface Loopback0
ip ospf 1 area 0
router ospf 1
network 10.1.1.0 0.0.0.255 area 0
R4
ip ospf priority 0
interface Loopback0
ip ospf 1 area 0
router ospf 1
network 10.1.1.0 0.0.0.255 area 0
R1#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
100.2.2.2 254 FULL/DR 00:01:37 10.1.1.2 Serial1/0.1
100.3.3.3 0 FULL/DROTHER 00:01:37 10.1.1.3 Serial1/0.1

100.1.1.1 255 FULL/BDR 00:01:31 10.1.1.1 Serial1/0.2
7

100.1.1.1 255 FULL/BDR 00:01:56 10.1.1.1 Serial1/0.3
100.2.2.2 254 FULL/DR 00:01:47 10.1.1.2 Serial1/0.3

100.1.1.1 255 FULL/BDR 00:01:36 10.1.1.1 Serial1/0.4
100.2.2.2 254 FULL/DR 00:01:57 10.1.1.2 Serial1/0.4
Como podemos ver los mensajes Hello son unicast:
R1#debug ip ospf hello

OSPF hello events debugging is on
R1#
OSPF: Rcv hello from 100.3.3.3 area 0 from Serial1/0.1 10.1.1.3
OSPF: End of hello processing
R1#
OSPF: Send hello to 10.1.1.2 area 0 on Serial1/0.1 from 10.1.1.1
R1#show ip ospf database
OSPF Router with ID (100.1.1.1) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count

100.1.1.1 100.1.1.1 462 0x80000003 0x001C73 2
100.2.2.2 100.2.2.2 419 0x80000004 0x00196B 2
100.3.3.3 100.3.3.3 212 0x80000004 0x001862 2
100.4.4.4 100.4.4.4 212 0x80000003 0x001958 2
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum

10.1.1.2 100.2.2.2 212 0x80000002 0x006A9E
R1#sh ip route ospf

100.0.0.0/32 is subnetted, 4 subnets
O 100.4.4.4 [110/65] via 10.1.1.4, 00:25:55, Serial1/0.1
O 100.2.2.2 [110/65] via 10.1.1.2, 00:25:55, Serial1/0.1
O 100.3.3.3 [110/65] via 10.1.1.3, 00:25:55, Serial1/0.1
Segunda opcion (opcional omitiendo la primera)

2 USANDO POINT_TO_MULTIPOINT
R1
8
ip ospf 1 area 0
ip ospf network point-to-multipoint
interface Loopback0
ip ospf 1 area 0
router ospf 1
router-id 100.1.1.1
R2
ip ospf 1 area 0
interface Loopback0
ip ospf 1 area 0
router ospf 1
router-id 100.2.2.2
R3
ip ospf 1 area 0
interface Loopback0
ip ospf 1 area 0
router ospf 1
router-id 100.3.3.3
R4
ip ospf 1 area 0
interface Loopback0
ip ospf 1 area 0
router ospf 1
router-id 100.4.4.4

100.4.4.4 0 FULL/ - 00:01:37 10.1.1.4 Serial1/0.1
100.2.2.2 0 FULL/ - 00:01:46 10.1.1.2 Serial1/0.1
100.3.3.3 0 FULL/ - 00:01:56 10.1.1.3 Serial1/0.1
R1#sh ip route ospf

O 100.4.4.4 [110/65] via 10.1.1.4, 00:01:19, Serial1/0.1
O 100.2.2.2 [110/65] via 10.1.1.2, 00:01:19, Serial1/0.1
O 100.3.3.3 [110/65] via 10.1.1.3, 00:01:19, Serial1/0.1
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O 10.1.1.2/32 [110/64] via 10.1.1.2, 00:01:19, Serial1/0.1
O 10.1.1.3/32 [110/64] via 10.1.1.3, 00:01:19, Serial1/0.1
O 10.1.1.4/32 [110/64] via 10.1.1.4, 00:01:19, Serial1/0.1
9
Configuración Area 10
En la red Broadcast R9 debe ser DR y R10 BDR. R11 no puede ser DR.
R9
interface Loopback0
ip ospf 1 area 10
interface FastEthernet0/0
ip ospf 1 area 10
router ospf 1
router-id 100.9.9.9
R10
interface Loopback0
ip address 100.10.10.10 255.255.255.255
ip ospf 1 area 10
ip address 10.1.119.10 255.255.255.0
ip ospf 1 area 10
no shutdown
router ospf 1
router-id 100.10.10.10
R11
interface Loopback0
ip address 100.11.11.11 255.255.255.255
ip ospf 1 area 10
ip address 10.1.119.11 255.255.255.0
ip ospf priority 0
ip ospf 1 area 10
no shutdown
router ospf 1
router-id 100.11.11.11
R1
ip address 10.1.119.1 255.255.255.0
ip ospf 1 area 10
no shutdown

100.1.1.1 1 2WAY/DROTHER 00:00:31 10.1.119.1 FastEthernet0/0
100.9.9.9 255 FULL/DR 00:00:36 10.1.119.9 FastEthernet0/0
100.10.10.10 254 FULL/BDR 00:00:38 10.1.119.10 FastEthernet0/0
R1#show ip ospf neighbor fastEthernet 0/0

10
100.10.10.10 254 FULL/BDR 00:00:30 10.1.119.10 FastEthernet0/0

100.11.11.11 0 2WAY/DROTHER 00:00:34 10.1.119.11 FastEthernet0/0
Analizaremos los LSAs generadas en AREA10.
LSA1 Router : One per router, listing RID and all interface IP addresses. Represents stub networks as well. R9 posee en su DB
Router el RID del AREA10.
LSA2 Net: One per transit network. Created by the DR on the subnet, and represents the subnet and the router interfaces
connected to the subnet.
LSA3 Summary Net : Created by ABRs to represent one area’s type 1 and 2 LSAs when being advertised into another area.
Defines the links (subnets) in the origin area, and cost, but no topology data.

100.1.1.1 100.1.1.1 340 0x80000003 0x0089C8 1
100.9.9.9 100.9.9.9 696 0x80000003 0x008EFB 2
100.10.10.10 100.10.10.10 399 0x80000004 0x008BF3 2
100.11.11.11 100.11.11.11 375 0x80000004 0x008AEA 2
Net Link States (Area 10)

10.1.119.9 100.9.9.9 344 0x80000005 0x008EA5
Summary Net Link States (Area 10)

10.1.1.0 100.1.1.1 336 0x80000002 0x00D3B4
100.1.1.1 100.1.1.1 336 0x80000002 0x00BAB1
100.2.2.2 100.1.1.1 225 0x80000001 0x001E0C
100.3.3.3 100.1.1.1 225 0x80000001 0x00FC2A
100.4.4.4 100.1.1.1 225 0x80000001 0x00DB48
Nota: Recordar que todos los routers que pertenecen a la misma area deben tener las misma tabla topologica.
Fijemos lla atención en el prefijo 100.4.4.4
R10#sh ip route ospf

O IA 100.4.4.4 [110/66] via 10.1.119.1, 00:08:45, FastEthernet0/0
O 100.9.9.9 [110/2] via 10.1.119.9, 00:10:26, FastEthernet0/0
R10#show ip ospf database summary 100.4.4.4
11
Routing Bit Set on this LSA

LS age: 620
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(Network)
Link State ID: 100.4.4.4 (summary Network Number)
Advertising Router: 100.1.1.1
LS Seq Number: 80000001
Checksum: 0xDB48
Length: 28
Network Mask: /32
TOS: 0 Metric: 65
El costo es calculado en base a la metrica publicada por el ABR R1 mas la metrica para alcanzar al ABR.
R10#show ip ospf border-routers

OSPF Process 1 internal Routing Table
Codes: i - Intra-area route, I - Inter-area route
i 100.1.1.1 [1] via 10.1.119.1, FastEthernet0/0, ABR, Area 10, SPF 11
R4#show ip ospf interface loopback 0

Loopback0 is up, line protocol is up
Process ID 1, Router ID 100.4.4.4, Network Type LOOPBACK, Cost: 1
Enabled by interface config, including secondary ip addresses
Loopback interface is treated as a stub Host
Costo Loopback0 R4 + Costo serial + Costo FastEthernet

1 + 64 + 1 = 66
R10#sh ip route 100.4.4.4

Routing entry for 100.4.4.4/32
Known via "ospf 1", distance 110, metric 66, type inter area
Last update from 10.1.119.1 on FastEthernet0/0, 00:23:10 ago
Routing Descriptor Blocks:
* 10.1.119.1, from 100.1.1.1, 00:23:10 ago, via FastEthernet0/0
Route metric is 66, traffic share count is 1
R1#show ip ospf statistics
Area 0: SPF algorithm executed 3 times
Area 10: SPF algorithm executed 5 times
Summary OSPF SPF statistic
SPF calculation time

Delta T Intra D-Intra Summ D-Summ Ext D-Ext Total Reason
00:29:40 4 8 0 0 0 4 16 R,
00:29:30 4 8 4 0 0 0 16 R,
00:29:20 4 8 0 0 0 0 12 R,
00:29:10 4 8 0 0 0 0 16 R,
00:28:47 0 0 0 0 4 0 4 R, N, SN, SA, X
00:28:42 0 4 0 0 0 0 8 R,
00:28:32 4 4 0 0 0 0 8 R, N,
12
00:26:41 8 8 0 0 0 0 16 R, N,
00:01:18 4 8 0 0 0 0 12 R,
00:01:08 4 8 0 0 0 0 16 R,
RIB manipulation time during SPF (in msec):

Delta T RIB Update RIB Delete
00:29:47 0 0
00:29:37 0 0
00:29:27 0 0
00:29:17 0 0
00:28:54 0 0
00:28:49 0 0
00:28:39 0 0
00:26:48 0 0
00:01:25 0 0
00:01:15 0 0
R4(config)#interface loopback 0
R4(config-if)#shutdown
R10
access-list 10 permit 100.4.4.4
R10#debug ip ospf spf inter 10
OSPF: Detect change in LSA type 3, LSID 100.4.4.4, from 100.1.1.1 area 10
OSPF: Schedule partial SPF - type 3 id 100.4.4.4 adv rtr 100.1.1.1
OSPF: Service partial SPF 1/0/0
OSPF process partial spfQ entry
OSPF process partial spfQ LSA id 100.4.4.4: mask 255.255.255.255, type 3 adv_rtr 100.1.1.1, age 3600, seq 0x80000002
(Area 10)
OSPF process summary partial ABR 0x0 txit 0x0 LSA 100.4.4.4: mask 255.255.255.255, t3 adv 100.1.1.1, age 3600, seq
0x80000002 (Area 10)
OSPF: Start partial processing Summary LSA 100.4.4.4, mask 255.255.255.255, adv 100.1.1.1, age 3600, seq 0x80000002
(Area 10) type 3
OSPF: delete lsa id 100.4.4.4, type 3, adv rtr 100.1.1.1 from delete list
OSPF: inter route to 100.4.4.4/32 became unreachable, check externals

R1
OSPF: Adding Stub nets
OSPF: insert route list LS ID 100.1.1.1, type 0, adv rtr 100.1.1.1
OSPF: Add Network Route to 100.2.2.2 Mask /32. Metric: 65, Next Hop: 10.1.1.2
OSPF: Add Network Route to 100.3.3.3 Mask /32. Metric: 65, Next Hop: 10.1.1.3
OSPF: Entered old delete routine area 0
OSPF: Deleting STUB NET old route 100.4.4.4, mask /32, next hop 10.1.1.4
OSPF: Generate sum from intra-area route 100.4.4.4, mask 255.255.255.255, type 3, age 3600, metric 16777215, seq
0x80000002 to area 10
13
R4
interface loopback 0
no shutdown
Configurar OSPF entre R1 y R7.

No debe existir elección de DR.
La metrica utilizada debe ser consistente en todo el dominio OSPF.
R1
interface GigabitEthernet2/0
ip address 10.1.17.1 255.255.255.0
ip ospf network point-to-point
ip ospf 1 area 7
no shutdown
R7
interface GigabitEthernet1/0
ip address 10.1.17.7 255.255.255.0
ip ospf 1 area 7
no shutdown
router ospf 1
router-id 100.7.7.7
R1#show ip ospf interface brief

Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo0 1 0 100.1.1.1/32 1 LOOP 0/0
Se1/0.1 1 0 10.1.1.1/24 64 DR 3/3
Gi2/0 1 7 10.1.17.1/24 1 P2P 0/0
Fa0/0 1 10 10.1.119.1/24 1 DROTH 2/3
R1
router ospf 1
auto-cost reference-bandwidth 1000
R1#show ip ospf interface brief

Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo0 1 0 100.1.1.1/32 1 LOOP 0/0
Se1/0.1 1 0 10.1.1.1/24 647 DR 3/3
Gi2/0 1 7 10.1.17.1/24 1 P2P 0/0
Fa0/0 1 10 10.1.119.1/24 10 DROTH 2/3
En todos lor routers del Dominio OSPF debemos cambiar el BW de referencia usando el comando de router auto-cost reference-
bandwidth 1000
router ospf 1
LSA 4 y 5
14
R5
interface Serial1/0
ip address 172.1.35.5 255.255.255.0
encapsulation ppp
no shutdown
interface Serial2/0
ip address 172.1.45.5 255.255.255.0
encapsulation ppp
no shutdown
router bgp 2
bgp router-id 5.5.5.5
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 172.1.35.3 remote-as 1
address-family ipv4
neighbor 172.1.35.3 activate
network 100.5.5.5 mask 255.255.255.255
network 5.5.5.0 mask 255.255.255.0
R3
interface Serial2/0
ip address 172.1.35.3 255.255.255.0
encapsulation ppp
no shut
router bgp 1
!
address-family ipv4
neighbor 172.1.35.5 default-originate
no auto-summary
no synchronization
network 0.0.0.0
exit-address-family
R4
interface Serial2/0
ip address 172.1.45.4 255.255.255.0
encapsulation ppp
no shut
router bgp 1
!
address-family ipv4
15
neighbor 172.1.45.5 default-originate

no auto-summary
no synchronization
network 0.0.0.0
exit-address-family
R5#show ip bgp all summary

For address family: IPv4 Unicast
BGP router identifier 100.5.5.5, local AS number 2
BGP table version is 5, main routing table version 5
3 network entries using 351 bytes of memory
3 path entries using 156 bytes of memory
3/2 BGP path/bestpath attribute entries using 372 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 903 total bytes of memory
BGP activity 3/0 prefixes, 3/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

10.1.35.3 4 1 7 9 5 0 0 00:03:42 1
10.1.45.4 4 1 6 8 5 0 0 00:01:47 1
Redistribuimos las redes BGP (este tipo de prácticas solo tiene sentido en laboratorios, en redes en producción puede crear
problemas graves). Ambos ASBRs redistribuyen las redes publicadas por R5.
R3
ip prefix-list RED-R5 seq 5 permit 192.168.5.5/32
route-map EXTERNAS permit 10

match ip address prefix-list RED-R5
router ospf 1
redistribute bgp 1 subnets route-map EXTERNAS

i 100.3.3.3 [64] via 10.1.1.3, Serial1/0.1, ASBR, Area 0, SPF 24
R4
ip access-list standard RED-R5
permit 5.5.5.0 0.0.0.255

match ip address RED-R5
set metric-type type-1
!
router ospf 1
redistribute bgp 1 subnets route-map EXTERNAS
R1#sh ip route ospf

O 100.4.4.4 [110/648] via 10.1.1.4, 00:03:24, Serial1/0.1
16
O E2 100.5.5.5 [110/1] via 10.1.1.4, 00:01:22, Serial1/0.1

O 100.2.2.2 [110/648] via 10.1.1.2, 00:03:24, Serial1/0.1
O 100.3.3.3 [110/648] via 10.1.1.3, 00:03:24, Serial1/0.1
O E1 5.5.5.0 [110/648] via 10.1.1.4, 00:00:27, Serial1/0.1

R9#show ip ospf database external 5.5.5.0
Type-5 AS External Link States

LS age: 78
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 5.5.5.0 (External Network Number )
Checksum: 0x377A
Length: 36
Network Mask: /24
Metric Type: 1 (Comparable directly to link state metric)
TOS: 0
Metric: 1
Forward Address: 0.0.0.0
External Route Tag: 2

I 100.3.3.3 [657] via 10.1.119.1, FastEthernet0/0, ASBR, Area 10, SPF 8
i 100.1.1.1 [10] via 10.1.119.1, FastEthernet0/0, ABR, Area 10, SPF 8
I 100.4.4.4 [657] via 10.1.119.1, FastEthernet0/0, ASBR, Area 10, SPF 8
R9#sh ip route ospf

O E2 100.5.5.5 [110/1] via 10.1.119.1, 00:02:46, FastEthernet0/0
17

Stubby Areas
Los ABRs no inundan las areas con LSA typo 5. En lugar de ello publica un ruta por defecto dentro del stubby area. Como
resultado, las rutas internas usan ruteo por defecto.
EL clásico diseño es tener un solo ABR para una stubby area, sin embargo puede existir mas de uno.
En nuestro ejemplo Area 6 tiene dos ABRs, ambos pueden inyectar una ruta por defecto dentro del area, pero esto resulta en un
suboptimo ruteo.
La tarea primordial de las stubby areas es parar LSA externas 5. Sin embargo los ABRs tambien pueden dejar de inundar LSA 3.
Area Type Bloquea LSA5 Bloquea LSA3 Permite LSA7 Comando router
Stubb SI NO NO area 2 stub
Totally Stubby SI SI NO area 2 stub no-summary
Not-So-Stubby SI NO SI area 2 nssa
Totally NSSA SI SI Si area 2 nssa no-summary
§ Configurar AREA6 como del tipo Stubby
R1
ip address 10.1.16.1 255.255.255.0
ip ospf 1 area 6
no shutdown
duplex full
R6
ip address 10.1.16.6 255.255.255.0
ip ospf 1 area 6
no shutdown
duplex full
interface loopback0
ip ospf 1 area 6
router ospf 1
router-id 100.6.6.6
R2
ip address 10.1.26.2 255.255.255.0
ip ospf 1 area 6
no shutdown
duplex full
R6
ip address 10.1.26.6 255.255.255.0
ip ospf 1 area 6
no shutdown
18
duplex full
R6#sh ip route ospf

19

100.1.1.1 100.1.1.1 47 0x80000002 0x00256D 2
100.2.2.2 100.2.2.2 20 0x80000002 0x005225 2
100.6.6.6 100.6.6.6 24 0x80000004 0x0061A7 5

10.1.1.0 100.1.1.1 53 0x80000001 0x00B08F
10.1.1.0 100.2.2.2 40 0x80000001 0x009BA1
10.1.17.0 100.1.1.1 53 0x80000001 0x00AC0C
10.1.17.0 100.2.2.2 40 0x80000001 0x00F437
10.1.119.0 100.1.1.1 53 0x80000001 0x00A0A8
10.1.119.0 100.2.2.2 40 0x80000001 0x00E8D3
100.1.1.1 100.1.1.1 53 0x80000001 0x00BCB0
100.1.1.1 100.2.2.2 40 0x80000001 0x0005DB
100.2.2.2 100.1.1.1 53 0x80000001 0x00F8E7
100.2.2.2 100.2.2.2 40 0x80000001 0x0086E0
100.3.3.3 100.1.1.1 53 0x80000001 0x00D706
100.3.3.3 100.2.2.2 41 0x80000001 0x00C218
100.4.4.4 100.1.1.1 53 0x80000001 0x00B624
100.4.4.4 100.2.2.2 41 0x80000001 0x00A136
100.9.9.9 100.1.1.1 53 0x80000001 0x001833
100.9.9.9 100.2.2.2 41 0x80000001 0x00605E
100.10.10.10 100.1.1.1 53 0x80000001 0x00F651
100.10.10.10 100.2.2.2 41 0x80000001 0x003F7C
100.11.11.11 100.1.1.1 53 0x80000001 0x00D56F
100.11.11.11 100.2.2.2 41 0x80000001 0x001E9A
Summary ASB Link States (Area 6)

100.3.3.3 100.1.1.1 53 0x80000001 0x00BF1E
100.3.3.3 100.2.2.2 41 0x80000001 0x00AA30
100.4.4.4 100.1.1.1 53 0x80000001 0x009E3C
100.4.4.4 100.2.2.2 41 0x80000001 0x00894E
Link ID ADV Router Age Seq# Checksum Tag

5.5.5.0 100.4.4.4 558 0x80000002 0x00377A 2
100.5.5.5 100.4.4.4 613 0x80000001 0x00B21B 2
Configurar Area 6 tipo Stub
R1
router ospf 1
area 6 stub
R6
router ospf 1
area 6 stub
20
R6#sh ip route ospf

[110/658] via 10.1.16.1, 00:00:04, FastEthernet0/1
O*IA 0.0.0.0/0 [110/11] via 10.1.26.2, 00:00:05, FastEthernet0/0
R2
router ospf 1
area 6 stub

100.2.2.2 0 FULL/ - 00:00:32 10.1.26.2 FastEthernet0/0

Area 6 stub evita que area 6 tenga rutas externas (E1/E2).

Lleguemos un poco más alla, area6 no debe tener ni LSA3 ni LSA5.
R1
router ospf 1
area 6 stub no-summary
R2
router ospf 1
R6#sh ip route ospf

R6#traceroute 5.5.5.5 probe 1

1 10.1.26.2 124 msec
2 10.1.1.4 168 msec
3 172.1.45.5 336 msec

21
LS age: 207
Checksum: 0x13C2
Length: 28
Network Mask: /0
TOS: 0 Metric: 1
LS age: 198
Checksum: 0xFDD4
Length: 28
Network Mask: /0
TOS: 0 Metric: 1
Area 7 NSSA
R8
router rip
version 2
network 8.0.0.0
network 172.16.0.0
no auto-summary
ip address 172.16.78.8 255.255.255.0
duplex full
no shut
R7
router rip
version 2
redistribute ospf 1 metric 2
network 172.16.0.0
no auto-summary
router ospf 1
redistribute rip subnets
ip address 172.16.78.7 255.255.255.0
duplex full
22
no shut
R7#sh ip route
Gateway of last resort is not set
O IA 100.4.4.4 [110/649] via 10.1.17.1, 00:02:48, GigabitEthernet1/0
O E2 100.5.5.5 [110/1] via 10.1.17.1, 00:02:48, GigabitEthernet1/0
C 100.7.7.7 is directly connected, Loopback0
O E1 5.5.5.0 [110/649] via 10.1.17.1, 00:02:48, GigabitEthernet1/0
C 172.16.78.0 is directly connected, FastEthernet0/0
R 8.8.8.8 [120/1] via 172.16.78.8, 00:00:03, FastEthernet0/0
C 10.1.17.0 is directly connected, GigabitEthernet1/0
Area 7 NSSA
Configurar Area7 NSSA
R1
router ospf 1
area 7 nssa
R7
router ospf 1
area 7 nssa
R1#sh ip route ospf | i N2

O N2 172.16.78.0 [110/20] via 10.1.17.7, 00:00:09, GigabitEthernet2/0
O N2 8.8.8.8 [110/20] via 10.1.17.7, 00:00:09, GigabitEthernet2/0
23
R1#show ip ospf database nssa-external

Type-7 AS External Link States (Area 7)
LS age: 41
Options: (No TOS-capability, Type 7/5 translation, DC)
Checksum: 0x8158
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20

LS age: 41
Options: (No TOS-capability, Type 7/5 translation, DC)
Checksum: 0x10DE
Length: 36
Network Mask: /24
TOS: 0
Metric: 20
Comprobamos table topologica de R7

100.1.1.1 100.1.1.1 127 0x80000005 0x00563E 2
100.7.7.7 100.7.7.7 124 0x80000004 0x00C1BC 2

10.1.1.0 100.1.1.1 137 0x80000003 0x0052E5
10.1.16.0 100.1.1.1 137 0x80000002 0x00B5F3
10.1.26.0 100.1.1.1 137 0x80000006 0x00A3ED
10.1.119.0 100.1.1.1 137 0x80000003 0x0042FE
100.1.1.1 100.1.1.1 137 0x80000003 0x005E07
100.2.2.2 100.1.1.1 137 0x80000003 0x009A3E
100.3.3.3 100.1.1.1 137 0x80000003 0x00795C
100.4.4.4 100.1.1.1 137 0x80000003 0x00587A
100.6.6.6 100.1.1.1 137 0x80000002 0x001F2E
100.9.9.9 100.1.1.1 137 0x80000003 0x00B989
100.10.10.10 100.1.1.1 137 0x80000003 0x0098A7
24
100.11.11.11 100.1.1.1 137 0x80000003 0x0077C5

Link ID ADV Router Age Seq# Checksum Tag
0.0.0.0 100.1.1.1 9 0x80000001 0x0070D9 0
8.8.8.8 100.7.7.7 129 0x80000001 0x008158 0
172.16.78.0 100.7.7.7 129 0x80000001 0x0010DE 0
R7#sh ip route ospf

O*N2 0.0.0.0/0 [110/1] via 10.1.17.1, 00:00:36, GigabitEthernet1/0
Convertir Area 6 totally Stubby
Con esto los ABR bloquean LSAs 3 y 5

Beneficios: menor trafico de LSAs.
R1
router ospf 1
R2
router ospf 1
R6#sh ip route ospf

Solo permitir ID de OSPF para el dominio RIP.

Use distribute-list.
Consideraciones:
R7
access-list 10 permit 10.1.0.0 0.0.255.255
router ospf 1
distribute-list 10 in GigabitEthernet1/0
R8#sh ip route rip

25

R7#sh ip route rip

R7 también pertenece al dominio OSPF, y necesitamos bloquear solo para RIP, es decir, para R8. Esto nos sugiere que la primera
configuración de ENTRADA IN, no nos sirve. Debemos filtrar en RIP de salida.
Usamos la misma ACL.
R7
!
route-map FILTRO deny 10
match ip address 10
!
route-map FILTRO permit 20
router rip
redistribute ospf 1 metric 2 route-map FILTRO
R7#sh ip route ospf

O*N2 0.0.0.0/0 [110/1] via 10.1.17.1, 00:04:43, GigabitEthernet1/0
R8#sh ip route rip

R* 0.0.0.0/0 [120/2] via 172.16.78.7, 00:00:13, FastEthernet0/0
26
Totally Stubby
R1
router ospf 1
area 7 nssa no-summary
R7
router ospf 1
router-id 100.7.7.7
area 7 nssa no-summary
redistribute eigrp 1 subnets
R1#show ip ospf database nssa-external

LS age: 437
Options: (No TOS-capability, No Type 7/5 translation, DC)
Checksum: 0x2371
Length: 36
Network Mask: /32
TOS: 0
Metric: 20
Virtual-Link (Opcional)
Conecte Area11 BB.
R1
router ospf 1
router-id 100.1.1.1
area 10 virtual-link 100.11.11.11
27
R11
router ospf 1
router-id 100.11.11.11
area 10 virtual-link 100.1.1.1
R1#show ip ospf virtual-links

Virtual Link OSPF_VL1 to router 100.11.11.11 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 10, via interface FastEthernet0/0, Cost of using 1
Transmit Delay is 1 sec, State POINT_TO_POINT,
Adjacency State FULL (Hello suppressed)
Index 4/6, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
R11#show ip ospf virtual-links

Virtual Link OSPF_VL2 to router 100.1.1.1 is up
DoNotAge LSA allowed.
Transit area 10, via interface FastEthernet0/0, Cost of using 1
Transmit Delay is 1 sec, State POINT_TO_POINT,
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
28
Capítulo II: MPLS
29
Sección LDP
Pre LAB
Construir el laboratorio mostrado en el diagrama.
Las configuraciones base/iniciales deben cargarse antes de continuar con el laboratorio.
§ Configurar IS-IS Level-2 y publicar loopback 0 de todos los LSRs usando la NET con la siguiente disposición:
R1 Net 49.0001.0000.0000.0001.00
R2 Net 49.0001.0000.0000.0002.00
R3 Net 49.0001.0000.0000.0003.00
R4 Net 49.0001.0000.0000.0004.00
R5 Net 49.0001.0000.0000.0005.00
R6 Net 49.0001.0000.0000.0006.00
R7 Net 49.0001.0000.0000.0007.00
§ Crear conectividad completa en dominio IS-IS
§ Habilitar LDP en todos los LSRs de la figura
§ Utilizar la loopback 0 como ID LDP
§ Definir un rango característico de etiquetas (labels) en cada LSR.
Implementación IS-IS.
R1
router isis
net 49.0001.0000.0000.0001.00
is-type level-2-only
log-adjacency-changes
passive-interface Loopback0
ip router isis
30
R2
router isis
net 49.0001.0000.0000.0002.00
ip router isis
ip router isis
ip router isis
ip router isis
ip router isis
%CLNS-5-ADJCHANGE: ISIS: Adjacency to 0000.0000.0003 (FastEthernet2/0) Up, new adjacency

R3
router isis
net 49.0001.0000.0000.0003.00
ip router isis
ip router isis
ip router isis
R4
router isis
net 49.0001.0000.0000.0004.00
ip router isis
ip router isis
ip router isis
31
ip router isis
R5
router isis
net 49.0001.0000.0000.0005.00
ip router isis
R6
router isis
net 49.0001.0000.0000.0006.00
ip router isis
ip router isis
R7
router isis
net 49.0001.0000.0000.0007.00
ip router isis
ip router isis
Verificamos adyacencia y conectividad IS-IS
R2#show clns neighbors

System Id Interface SNPA State Holdtime Type Protocol
R1 Fa0/0 ca04.03c0.0008 Up 23 L2 IS-IS
R3 Fa1/0 ca07.02ec.001c Up 7 L2 IS-IS
R3 Fa2/0 ca07.02ec.0006 Up 7 L2 IS-IS
R6 Fa0/1 ca01.01c4.0006 Up 26 L2 IS-IS
R7 Fa3/0 ca02.01e8.0008 Up 22 L2 IS-IS
32
R2#sh ip route isis

i L2 10.0.0.1/32 [115/10] via 10.1.12.1, FastEthernet0/0
[115/10] via 10.1.23.3, FastEthernet1/0
R1#tclsh
R1(tcl)#foreach IGP {
+>(tcl)#10.0.0.2
+>(tcl)#10.0.0.3
+>(tcl)#10.0.0.4
+>(tcl)#10.0.0.5
+>(tcl)#10.0.0.6
+>(tcl)#10.0.0.7
+>(tcl)#} { ping $IGP source Loopback0 repeat 4 timeout 1 }
Type escape sequence to abort.
Sending 4, 100-byte ICMP Echos to 10.0.0.2, timeout is 1 seconds:
Packet sent with a source address of 10.0.0.1
!!!!
Success rate is 75 percent (3/4), round-trip min/avg/max = 24/62/92 ms
!!!!
!!!!
!!!!
!!!!
33

!!!!
El IGP subyacente (IS-IS) nos entrega conexión entre IDs LSRs (loopbacka0 de cada router en el dominio). Para establecer el
dominio MPLS necesitamos:
§ Habilitar CEF (modo global)
§ Habilitar LDP (modo global)
§ Definir protocolo intercambio de labels (modo global)
§ Definir interface para sesión MPLS (modo global)
§ Definir rango de etiquetas (modo global)
§ Usar la loopback0 del LSR para formar sesión LDP (modo global)
§ Habilitar LDP (modo interface)
El primer paso antes de configurar MPLS es habilitar CEF con el comando ip cef. Este es el único modo que reconoce MPLS.
Para habilitar LDP en modo global usamos el comando mpls ip (LDP es el protocolo por defecto).
Si queremos utilizar un protocolo distinto de LDP (la alternativa es TDP) usamos el comando:
R1(config)#mpls label protocol ?
ldp Use LDP (default)
tdp Use TDP
R1(config)#mpls label protocol ldp
Definir el rango de labels no es obligatorio, pero muy recomendable cuando debemos detectar y resolver problemas
(Troubleshooting).
Nota: Definir el rango de etiquetas antes que habilitar LDP en la interface, o deberemos rebootear el router. Lo mismo es cierto
para MP-BGP.
Para formar una sesion LDP usamos la loopback0 que sirve como ID. Por eso es importante tener un IGP que de conexión entre
LSRs. Usamos el comando mpls ldp router-id loopback 0 force. La palabra force obliga a que proceso LDP no debe
reiniciarse para usar la loopback como ID (en caso que el proceso escogiera otra interface para la sesión)
R1(config)#mpls ldp router-id loopback 0 force
Finalmente para habilitar LDP en la interface usamos el comando:
R1(config)#interface fastEthernet 0/0

R1(config-if)#mpls ip
R1
ip cef
mpls ip
mpls label protocol ldp
mpls ldp router-id loopback 0 force
mpls label range 100 199
mpls ip
34
R2
ip cef
mpls ip
mpls ip
mpls ip
mpls ip
mpls ip
mpls ip
R3
ip cef
mpls ip
mpls ip
mpls ip
mpls ip
R4
ip cef
mpls ip
mpls ip
mpls ip
mpls ip
35
R5
ip cef
mpls ip
mpls ip
R6
ip cef
mpls ip
mpls ip
mpls ip
R7
ip cef
mpls ip
mpls ip
mpls ip
El paso siguiente a configurar MPLS/LDP es comprobar que las interfaces estén activas con LDP. Es importante subrayar este
paso ya que es común olvidar configurar una interface con mpls ip. El estado Yes en la columna Operational nos indica que hemos
configurado mpls en la interface y que está funcionando, además podemos ver cual protocolo de intercambio de etiquetas se está
usando (LDP para este escenario). Adicionalmente podemos hacer un show runn int y comprobar que mpls ip aparece bajo la
interface.
R2#show mpls interfaces

Interface IP Tunnel BGP Static Operational
FastEthernet0/0 Yes (ldp) No No No Yes

36





La palabra detail es una extension de show mpls interfaces y es útil cuando queremos comprobar ciertos parámetros como la
MTU, el estado de la interface, el modo de configuracion (manual, LDP Autoconfig).
R1#show mpls interfaces detail

Interface FastEthernet0/0:
IP labeling enabled (ldp):
Interface config
LSP Tunnel labeling not enabled
BGP labeling not enabled
MPLS operational
MTU = 1500
LDP requiere que los vecinos formen adyacencia. Como recordamos, al momento de configurar MPLS/LDP determinamos que
el ID de cada peer LDP correspondería a su loopback 0. Esto nos debe dar una idea de porque configuramos antes un protocolo
de enrutamiento. Sencillamente LDP no formará adyacencia con un vecino si no sabe como alcanzar su ID (en caso de haberlo
especificado). Para comprobar si los vecinos logran comunicación bidireccional debemos usar show mpls ldp discovery.
En la mayoría de los casos un resultado distinto de xmit/recv es un problema de conectividad. Por lo general el problema aparece
cuando omitimos la publicación de un ID en IGP.
R1#show mpls ldp discovery

Local LDP Identifier:
10.0.0.1:0
Discovery Sources:
Interfaces:
FastEthernet0/0 (ldp): xmit/recv
LDP Id: 10.0.0.2:0
37

10.0.0.4:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.5:0
LDP Id: 10.0.0.6:0
LDP Id: 10.0.0.3:0

10.0.0.5:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.4:0

10.0.0.6:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.4:0
LDP Id: 10.0.0.2:0

10.0.0.7:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.2:0
FastEthernet0/1 (ldp): xmit
Podemos ver que R7 no tiene comunicación con R4 a traves de la interface FastEthernet0/1. Solo existe envío de hellos desde R7
a R4.
Para comprobarlo usamos debug mpls ldp transport events. El debug nos muestra que los paquetes hello son enviados por R7
pero no recibe ack.
R7(config)#access-list 10 permit 10.0.0.4

R7#debug mpls ldp transport events peer-acl 10
LDP transport events debugging is on for peer ACL 10
R7#show debugging
MPLS ldp:
LDP transport events debugging is on for peer ACL 10
38
ldp: Send ldp hello; FastEthernet0/0, src/dst 10.1.27.7/224.0.0.2, inst_id 0

R7#
R7#
R7#
R7#
R4
mpls ip

R7#
ldp: Rcvd ldp hello; FastEthernet0/1, from 10.1.47.4 (10.0.0.4:0), intf_id 0, opt 0xC
R7#
R7#
ldp: Rcvd ldp hello; FastEthernet0/1, from 10.1.47.4 (10.0.0.4:0), intf_id 0, opt 0xC
R7#

10.0.0.7:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.2:0
LDP Id: 10.0.0.4:0
Sabemos ya que la comunicación entre vecinos LDP está activa, el siguiente paso es comprobar el dominio completo esté
etiquetado, esto implica conocer el Control Plane y el Data Plane.
La tabla Data Plane (LFIB) contiene los siguiente campos:
Local Label : Etiqueta publicada a los peers LDP para un prefijo
Outgoing Label or VC: Etiqueta recibida desde un peer LDP para un prefijo
Prefix or Tunnel Id: Prefijo etiquetado
Next Hop: próximo salto para alcanzar el prefijo etiquetado
39
Usamos el comando show mpls forwarding-table para ver la LFIB. En caso que un prefijo tenga “NO LABEL” en el campo
Outgoing Label se debe a un error (en MPLS IP, como veremos en capitulos posteriores, en MPLS VPN no necesariamente es un
error).
R1#show mpls forwarding-table

Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
100 Pop Label 10.0.0.2/32 0 Fa0/0 10.1.12.2
101 201 10.0.0.3/32 0 Fa0/0 10.1.12.2
102 202 10.0.0.4/32 0 Fa0/0 10.1.12.2
103 203 10.0.0.5/32 0 Fa0/0 10.1.12.2
104 204 10.0.0.6/32 0 Fa0/0 10.1.12.2
105 205 10.0.0.7/32 0 Fa0/0 10.1.12.2
106 Pop Label 10.1.23.0/24 0 Fa0/0 10.1.12.2
107 Pop Label 10.1.26.0/24 0 Fa0/0 10.1.12.2
108 Pop Label 10.1.27.0/24 0 Fa0/0 10.1.12.2
109 Pop Label 10.1.32.0/24 0 Fa0/0 10.1.12.2
110 206 10.1.34.0/24 0 Fa0/0 10.1.12.2
111 207 10.1.45.0/24 0 Fa0/0 10.1.12.2
112 208 10.1.46.0/24 0 Fa0/0 10.1.12.2
113 209 10.1.47.0/24 0 Fa0/0 10.1.12.2

700 204 10.0.0.6/32 0 Fa0/0 10.1.27.2
404 10.0.0.6/32 0 Fa0/1 10.1.47.4
701 201 10.0.0.3/32 0 Fa0/0 10.1.27.2
402 10.0.0.3/32 0 Fa0/1 10.1.47.4
702 Pop Label 10.1.32.0/24 0 Fa0/0 10.1.27.2
703 Pop Label 10.1.26.0/24 0 Fa0/0 10.1.27.2
704 Pop Label 10.1.23.0/24 0 Fa0/0 10.1.27.2
705 Pop Label 10.1.12.0/24 0 Fa0/0 10.1.27.2
706 200 10.0.0.1/32 446 Fa0/0 10.1.27.2
707 Pop Label 10.0.0.2/32 0 Fa0/0 10.1.27.2
708 Pop Label 10.0.0.4/32 0 Fa0/1 10.1.47.4
709 403 10.0.0.5/32 120 Fa0/1 10.1.47.4
710 Pop Label 10.1.34.0/24 0 Fa0/1 10.1.47.4
711 Pop Label 10.1.45.0/24 0 Fa0/1 10.1.47.4
712 Pop Label 10.1.46.0/24 0 Fa0/1 10.1.47.4
La tabla FIB (Control Plane) almacena los prefijos con información adicional. El siguiente ejemplo muestra la tabla FIB en R3
(R3#show mpls ldp bindings 10.0.0.4 32) para el prefijo 10.0.0.4/32. R2 publica el prefijo 10.0.0.4 con la etiqueta
asociada 202. R2 publica el prefijo 10.0.0.4 con la etiqueta asociada imp-null. En caso de un quiebre de sesión entre vecinos
LDP conectados directamente, R3 tiene un LSP alternativo a traves de R2 para el prefijo 10.0.0.4/32. El comando show mpls ip
binding 10.0.0.4 32 tiene similares caracteristicas que show mpls ldp binding, pero es un hibrido entre LFIB y FIB. Instala el
prefijo y que peers lo publican, y cual está siendo usado. En resumen la tabla FIB almacena todos los posibles path para un prefijo,
y entrega el que tiene mejores caracteristicas a la tabla LFIB (Data Plane).
R3#show mpls ldp bindings 10.0.0.4 32

lib entry: 10.0.0.4/32, rev 8
local binding: label: 302
remote binding: lsr: 10.0.0.2:0, label: 202
remote binding: lsr: 10.0.0.4:0, label: imp-null
40
R3#show mpls ip binding 10.0.0.4 32

10.0.0.4/32
in label: 302
out label: 202 lsr: 10.0.0.2:0
out label: imp-null lsr: 10.0.0.4:0 inuse
R3(config)#interface fastEthernet 0/0


lib entry: 10.0.0.4/32, rev 8
Sesion LDP entre LSRs conectados con dos enlaces fisicos.

10.0.0.2:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.1:0
LDP Id: 10.0.0.6:0
LDP Id: 10.0.0.3:0
LDP Id: 10.0.0.3:0
LDP Id: 10.0.0.7:0

10.0.0.3:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.4:0
LDP Id: 10.0.0.2:0
LDP Id: 10.0.0.2:0
§ OSPF y LDP deben estar sincronizados. Si en un minuto los LSRs no logran establecer una sesión LDP completa, OSPF
podrá converger.
§ Si la adyacencia IS-IS R3/4 cae (estado DOWN), la sesión LDP entre estos routers no debe perderse hasta alcanzar los 69
segundos.
§ En caso de que la sesión LDP no se pueda formar por incompatibilidad de parámetros, los routers deben volver a
intentarlo a los 30 segundos. Si no es posible establecer una sesión los routers LDP finalizarán la negociación cuando se
cumpla el tiempo máximo de 240 segundos.
41
Normalmente un IS-IS (el mismo caso para OSPF) se activa antes que LDP. Si LDP e IS-IS no están sincronizados, IS-IS publica
enlaces antes que LDP pueda converger, por lo tanto si un LSR recibe un paquete sin etiquetar lo descarta. IS-IS está sincronizado
con LDP si establece un tiempo determinado para que LDP pueda descubrir vecinos, formar sesión LDP, e intercambiar
etiquetas.
R1
router isis
mpls ldp sync
R2
router isis
mpls ldp sync
R3
router isis
mpls ldp sync
R4
router isis
mpls ldp sync
R5
router isis
mpls ldp sync
R7
router isis
mpls ldp sync
R6#debug mpls ldp igp sync interface fastEthernet 0/0

LDP-IGP Synchronization debugging is on for interface FastEthernet0/0
R6(config)#router isis
R6(config-router)# mpls ldp sync
LDP-SYNC: Enqueue request req_type 0 IGP ISIS null interface none.

LDP-SYNC: ISIS null: SYNC enabled, added to global tree, informed IGP.
LDP-SYNC: Enqueue request req_type 3 IGP ISIS null interface Fa0/0.
LDP-SYNC: Enqueue request req_type 3 IGP ISIS null interface Fa0/0.
LDP-SYNC: Fa0/0, ISIS null: Added to per-interface IGP list.
LDP-SYNC: Fa0/0: Enabled for SYNC by IGP
LDP-SYNC: Fa0/0, ISIS null: notify status (required, achieved, no delay, holddown infinite) internal status (achieved, timer not
running)
LDP-SYNC: Fa0/0, ISIS null: Ignore IGP enable-interface request: already enabled.
R2#show mpls ldp igp sync

FastEthernet0/0:
LDP configured; LDP-IGP Synchronization enabled.
Sync status: sync achieved; peer reachable.
Sync delay time: 0 seconds (0 seconds left)
IGP holddown time: infinite.
Peer LDP Ident: 10.0.0.1:0
IGP enabled: ISIS null
FastEthernet0/1:
42

FastEthernet1/0:
FastEthernet2/0:
FastEthernet3/0:
§ Si la adyacencia IS-IS R3/4 cae (estado DOWN), la sesión LDP entre estos routers no debe perderse hasta alcanzar los 69
segundos.
Una red inestable produce flapings continuos, en estas circuntancias las sesiones entre peer LDP tambien fluctua UP/DOWN. El
mayor problema es que la sesion debe volver a establecerse lo que provoca trafico adicional idenseado. Si queremos mantener una
adyacencia entre vecinos estable tenemos que habilitar Mpls Ldp Session Protection. Si el IGP es inestable, MPLS/LDP lo es
tambien. Con LDP Protection la sesion se mantiene activa durante un tiempo que definimos manualmente, si la conexión IGP que
se ha perdido vuelve a estar UP, la sesion LDP no sufre cambios, sencillamente “siempre estuvo UP”, esto evita que tega que crear
una nueva sesion e intercambio de etiquetas (label bindings).
R4#show mpls ldp neighbor 10.0.0.3 detail

Peer LDP Ident: 10.0.0.3:0; Local LDP Ident 10.0.0.4:0
TCP connection: 10.0.0.3.646 - 10.0.0.4.20241
Password: not required, none, in use
State: Oper; Msgs sent/rcvd: 88/88; Downstream; Last TIB rev sent 35
Up time: 00:58:12; UID: 5; Peer Id 0;
LDP discovery sources:
FastEthernet1/0; Src IP addr: 10.1.34.3
holdtime: 15000 ms, hello interval: 5000 ms
Addresses bound to peer LDP Ident:
10.1.32.3 10.1.23.3 10.0.0.3 10.1.34.3
Peer holdtime: 180000 ms; KA interval: 60000 ms; Peer state: estab
Capabilities Sent:
[Dynamic Announcement (0x0506)]
[Typed Wildcard (0x0970)]
Capabilities Received:
R4#show access-lists
43
R3
mpls ldp session protection for 10 duration 69
R4
mpls ldp session protection for 10 duration 69
Hemos configurado LDP Protection en ambos LSRs, y comprobamos que el estado es ready. Ahora veremos LDP Protection en
acción. Deshabilitamos ISIS en la interface de R5 que conecta a R4. El proceso IS-IS envia un log indicando qe la sesion ha
finalizado. Durante los proximos 69 segundos la sesion LDP R4/R5 se mantendrá UP a pesar que el IGP no este activo. Al
momento de expirar el timers de proteccion LDP, el estado de la sesion cambia a DOWN.
R4#debug mpls ldp session protection peer-acl 10

LDP session protection events debugging is on for peer ACL 10
R4#show debugging
MPLS ldp:
LDP session protection events debugging is on
LDP-IGP Synchronization debugging is on
R4#no debug mpls ldp igp sync interface fastEthernet 0/0

LDP-IGP Synchronization debugging is off
R4#show debugging
MPLS ldp:
LDP session protection events debugging is on
R4#
LDP SP: 10.0.0.3:0: last primary adj lost; starting session protection holdup timer
LDP SP: 10.0.0.3:0: LDP session protection holdup timer started, 69 seconds
LDP SP: 10.0.0.3:0: state change (Ready -> Protecting)
%LDP-5-SP: 10.0.0.3:0: session hold up initiated

10.0.0.4:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.5:0
LDP Id: 10.0.0.6:0
FastEthernet1/0 (ldp): xmit
LDP Id: 10.0.0.7:0
Targeted Hellos:
10.0.0.4 -> 10.0.0.3 (ldp): active/passive, xmit/recv
LDP Id: 10.0.0.3:0

44
TCP connection: 10.0.0.3.646 - 10.0.0.4.20241

Targeted Hello 10.0.0.4 -> 10.0.0.3, active, passive;
holdtime: infinite, hello interval: 10000 ms
10.1.32.3 10.1.23.3 10.0.0.3
Clients: Dir Adj Client
LDP Session Protection enabled, state: Protecting
acl: 10, duration: 69 seconds
holdup time remaining: 29 seconds
Capabilities Sent:
§ En caso de que la sesión LDP no se pueda formar por incompatibilidad de parámetros, los routers deben volver a
intentarlo a los 30 segundos. Si no es posible establecer una sesión los routers LDP finalizarán la negociación cuando se
cumpla el tiempo máximo de 240 segundos.
En el proceso de negociación LDP los peer acuerdan ciertos parámetros que deben coincidir en cada extremo. En caso de que no
exista esa coincidencia el proceso LDP cierra la sesion y espera para volver a intentarlo. Este tiempo de espera se llama backoff. El
formato es:
mpls ldp backoff initial-backoff maximu-backoff.
R2#show mpls ldp parameters

Protocol version: 1
Session hold time: 180 sec; keep alive interval: 60 sec
Discovery hello: holdtime: 15 sec; interval: 5 sec
Discovery targeted hello: holdtime: 90 sec; interval: 10 sec
Downstream on Demand max hop count: 255
LDP for targeted sessions
LDP initial/maximum backoff: 15/120 sec
LDP loop detection: off
R1
mpls ldp backoff 30 240
R2
R3
R4
R5
45
R6
R7
R2#show mpls ldp parameters

Protocol version: 1
Session hold time: 180 sec; keep alive interval: 60 sec
Discovery hello: holdtime: 15 sec; interval: 5 sec
Discovery targeted hello: holdtime: 90 sec; interval: 10 sec
Downstream on Demand max hop count: 255
LDP for targeted sessions
LDP initial/maximum backoff: 30/240 sec
LDP loop detection: off
46
Sección MPLS-Traffic Engineering
Pre LAB
§ Configurar OSPF 1 Area 0 como muestra la figura. Habilitar redes usando nuevo metodo de configuración.
§ Habilitar LDP Autoconfig.
§ Habilitar MPLS Traffic Engineering globalmente.
§ Habilitar MPLS Traffic Engineering en el proceso IGP.
§ Reservar 25000 kbps para TE para el LSP (Usar RSVP).
§ Crear Tunnel 24 en Head-End R2. Especificar path Head-End/Tail-END R2->R7->R3->R6->R4
IGP
R2
interface Loopback0
ip address 10.0.0.2 255.255.255.255
ip ospf 1 area 0
ip address 10.1.26.2 255.255.255.0
ip ospf 1 area 0
ip address 10.1.23.2 255.255.255.0
ip ospf 1 area 0
47
ip address 10.1.27.2 255.255.255.0

ip ospf 1 area 0
router ospf 1
router-id 10.0.0.2
R3
interface Loopback0
ip address 10.0.0.3 255.255.255.255
ip ospf 1 area 0
ip address 10.1.23.3 255.255.255.0
ip ospf 1 area 0
ip address 10.1.34.3 255.255.255.0
ip ospf 1 area 0
ip address 10.1.36.3 255.255.255.0
ip ospf 1 area 0
ip address 10.1.37.3 255.255.255.0
ip ospf 1 area 0
router ospf 1
router-id 10.0.0.3
R4
interface Loopback0
ip address 10.0.0.4 255.255.255.255
ip ospf 1 area 0
ip address 10.1.47.4 255.255.255.0
ip ospf 1 area 0
ip address 10.1.34.4 255.255.255.0
ip ospf 1 area 0
ip address 10.1.46.4 255.255.255.0
ip ospf 1 area 0
router ospf 1
router-id 10.0.0.4
48
R6
interface Loopback0
ip address 10.0.0.6 255.255.255.255
ip ospf 1 area 0
ip address 10.1.46.6 255.255.255.0
ip ospf 1 area 0
ip address 10.1.26.6 255.255.255.0
ip ospf 1 area 0
ip address 10.1.36.6 255.255.255.0
ip ospf 1 area 0
router ospf 1
router-id 10.0.0.6
R7
interface Loopback0
ip address 10.0.0.7 255.255.255.255
ip ospf 1 area 0
ip address 10.1.27.7 255.255.255.0
ip ospf 1 area 0
ip address 10.1.47.7 255.255.255.0
ip ospf 1 area 0
ip address 10.1.37.7 255.255.255.0
ip ospf 1 area 0
router ospf 1
router-id 10.0.0.7


49




10.0.0.2 10.0.0.2 83 0x80000005 0x00E8B1 7
10.0.0.3 10.0.0.3 84 0x80000006 0x00F8E7 9
10.0.0.4 10.0.0.4 89 0x80000005 0x00CD5A 7
10.0.0.6 10.0.0.6 168 0x80000004 0x0079D0 7
10.0.0.7 10.0.0.7 82 0x80000004 0x0055E8 7
R2#tclsh
R2(tcl)#foreach OSPF {
+>(tcl)#10.0.0.3
+>(tcl)#10.0.0.4
+>(tcl)#10.0.0.6
+>(tcl)#10.0.0.7
+>(tcl)#} {ping $OSPF source loopback0 repeat 6 timeout 1}

!!.!!!
!!!!!!
!!!!!!
!!!!!!
50
LDP Autoconfig
R2
ip cef
mpls ip
mpls label range 210 299 static 200 209
mpls static binding ipv4 10.0.0.3 255.255.255.255 203

router ospf 1
mpls ldp autoconfig area 0
R3
ip cef
mpls ip

router ospf 1
R4
ip cef
mpls ip

router ospf 1
R6
ip cef
mpls ip

51

router ospf 1
R7
ip cef
mpls ip

router ospf 1
Comprobamos que LDP Autoconfig esté configurado en las interfaces (IGP config).
R3#show mpls interfaces detail

IGP config
MPLS operational
MTU = 1500
IGP config
MPLS operational
MTU = 1500
IGP config
MPLS operational
MTU = 1500
IGP config
MPLS operational
MTU = 1500

52
10.0.0.3:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.2:0
LDP Id: 10.0.0.4:0
LDP Id: 10.0.0.6:0
LDP Id: 10.0.0.7:0
R3#show mpls label range

Downstream Generic label region: Min/Max label: 310/399
Range for static labels: Min/Max label: 300/309

302 Pop Label 10.0.0.2/32 0 Fa0/0 10.1.23.2
304 Pop Label 10.0.0.4/32 84 Fa0/1 10.1.34.4
306 Pop Label 10.0.0.6/32 0 Fa1/0 10.1.36.6
307 Pop Label 10.0.0.7/32 0 Fa2/0 10.1.37.7
310 Pop Label 10.1.26.0/24 0 Fa0/0 10.1.23.2
Pop Label 10.1.26.0/24 0 Fa1/0 10.1.36.6
311 Pop Label 10.1.27.0/24 0 Fa0/0 10.1.23.2
Pop Label 10.1.27.0/24 0 Fa2/0 10.1.37.7
312 Pop Label 10.1.46.0/24 0 Fa0/1 10.1.34.4
Pop Label 10.1.46.0/24 0 Fa1/0 10.1.36.6
313 Pop Label 10.1.47.0/24 0 Fa0/1 10.1.34.4
Pop Label 10.1.47.0/24 0 Fa2/0 10.1.37.7

R2
ip cef
mpls traffic-eng tunnels
router ospf 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
ip rsvp bandwidth 25000
53
R3
ip cef
router ospf 1
R4
ip cef
router ospf 1
R6
ip cef
router ospf 1
54
R7
ip cef
router ospf 1
Comprobamos que RSVP asigne los 25 M
R2#show ip rsvp interface

interface rsvp allocated i/f max flow max sub max VRF
Fa0/1 ena 0 25M 25M 0
Fa1/0 ena 0 25M 25M 0
Fa2/0 ena 0 25M 25M 0

Fa0/0 ena 0 25M 25M 0
Fa0/1 ena 0 25M 25M 0
Fa1/0 ena 0 25M 25M 0
Fa2/0 ena 0 25M 25M 0

Fa0/1 ena 0 25M 25M 0
Fa1/0 ena 0 25M 25M 0
Fa2/0 ena 0 25M 25M 0

Fa0/0 ena 0 25M 25M 0
Fa0/1 ena 0 25M 25M 0
Fa1/0 ena 0 25M 25M 0
55

Fa0/0 ena 0 25M 25M 0
Fa0/1 ena 0 25M 25M 0
Fa1/0 ena 0 25M 25M 0
R2
ip explicit-path identifier 24 enable
next-address 10.1.27.7
interface Tunnel24
description *R2->R7->R3->R6->R4*
ip unnumbered Loopback0
tunnel mode mpls traffic-eng
tunnel destination 10.0.0.4
tunnel mpls traffic-eng priority 7 7
tunnel mpls traffic-eng bandwidth 10000
tunnel mpls traffic-eng path-option 10 explicit identifier 24
tunnel mpls traffic-eng record-route
ip route 10.0.0.4 255.255.255.255 tunnel 24
R2#show mpls traffic-eng tunnels tunnel 24 brief

Signalling Summary:
LSP Tunnels Process: running
Passive LSP Listener: running
RSVP Process: running
Forwarding: enabled
Periodic reoptimization: every 3600 seconds, next in 2460 seconds
Periodic FRR Promotion: Not Running
Periodic auto-bw collection: every 300 seconds, next in 60 seconds
TUNNEL NAME DESTINATION UP IF DOWN IF STATE/PROT
*R2->R7->R3->R6->R4* 10.0.0.4 - Fa2/0 up/up

1 10.1.27.7 [MPLS: Label 715 Exp 0] 476 msec
4 10.1.46.4 168 msec

Known via "static", distance 1, metric 0 (connected)
* directly connected, via Tunnel24
R2#show mpls traffic-eng tunnels tunnel 24

Name: *R2->R7->R3->R6->R4* (Tunnel24) Destination: 10.0.0.4
56
Status:
Admin: up Oper: up Path: valid Signalling: connected
path option 10, type explicit 24 (Basis for Setup, path weight 4)
Config Parameters:
Bandwidth: 10000 kbps (Global) Priority: 7 7 Affinity: 0x0/0xFFFF
Metric Type: TE (default)
AutoRoute: disabled LockDown: disabled Loadshare: 10000 bw-based
auto-bw: disabled
Active Path Option Parameters:
State: explicit path option 10 is active
BandwidthOverride: disabled LockDown: disabled Verbatim: disabled
InLabel : -
OutLabel : FastEthernet2/0, 715
RSVP Signalling Info:
Src 10.0.0.2, Dst 10.0.0.4, Tun_Id 24, Tun_Instance 1
RSVP Path Info:
My Address: 10.1.27.2
Explicit Route: 10.1.27.7 10.1.37.3 10.1.36.6 10.1.46.4
10.0.0.4
Record Route:
Tspec: ave rate=10000 kbits, burst=1000 bytes, peak rate=10000 kbits
RSVP Resv Info:
Record Route: 10.1.37.7 10.1.36.3 10.1.46.6 10.1.46.4
Fspec: ave rate=10000 kbits, burst=1000 bytes, peak rate=10000 kbits
Shortest Unconstrained Path Info:
Path Weight: 2 (TE)
Explicit Route: 10.1.27.7 10.1.47.4 10.0.0.4
History:
Tunnel:
Time since created: 7 minutes, 26 seconds
Time since path change: 6 minutes, 38 seconds
Number of LSP IDs (Tun_Instances) used: 1
Current LSP:
Uptime: 5 minutes, 30 seconds
R4
interface Tunnel24
description *R4->R7->R3->R6->R2*
tunnel mpls traffic-eng priority 7 7
tunnel mpls traffic-eng bandwidth 10000
tunnel mpls traffic-eng record-route
57
ip route 10.0.0.2 255.255.255.255 tunnel 24

4 10.1.26.2 196 msec
R4#show mpls traffic-eng tunnels tunnel 24

Name: *R4->R7->R3->R6->R2* (Tunnel24) Destination: 10.0.0.2
Status:
Admin: up Oper: up Path: valid Signalling: connected
path option 10, type explicit 24 (Basis for Setup, path weight 4)
Config Parameters:
Bandwidth: 10000 kbps (Global) Priority: 7 7 Affinity: 0x0/0xFFFF
Metric Type: TE (default)
AutoRoute: disabled LockDown: disabled Loadshare: 10000 bw-based
auto-bw: disabled
Active Path Option Parameters:
State: explicit path option 10 is active
BandwidthOverride: disabled LockDown: disabled Verbatim: disabled
InLabel : -
OutLabel : FastEthernet0/1, 717
RSVP Signalling Info:
Src 10.0.0.4, Dst 10.0.0.2, Tun_Id 24, Tun_Instance 1
RSVP Path Info:
My Address: 10.1.47.4
Explicit Route: 10.1.47.7 10.1.37.3 10.1.36.6 10.1.26.2
10.0.0.2
Record Route:
Tspec: ave rate=10000 kbits, burst=1000 bytes, peak rate=10000 kbits
RSVP Resv Info:
Record Route: 10.1.37.7 10.1.36.3 10.1.26.6 10.1.26.2
Fspec: ave rate=10000 kbits, burst=1000 bytes, peak rate=10000 kbits
Shortest Unconstrained Path Info:
Path Weight: 2 (TE)
Explicit Route: 10.1.47.7 10.1.27.2 10.0.0.2
History:
Tunnel:
Time since created: 1 minutes, 56 seconds
Time since path change: 1 minutes, 52 seconds
Number of LSP IDs (Tun_Instances) used: 1
Current LSP:
Uptime: 1 minutes, 52 seconds
Comprobaremos el tunnel con un ejercicio práctico.
MP-iBGP
R2
router bgp 1
neighbor 10.0.0.4 update-source Loopback0
58
address-family vpnv4
neighbor 10.0.0.4 send-community extended
R4
router bgp 1
R4#show bgp vpnv4 unicast all summary

10.0.0.2 4 1 7 5 1 0 0 00:01:26 0

10.0.0.4 4 1 6 10 5 0 0 00:02:16 0
VPNA Sitio1
R2
ip vrf A
rd 1:1
route-target export 1:1
route-target import 1:2
ip vrf forwarding A
ip address 172.16.12.2 255.255.255.0
ip ospf 10 area 0
duplex full
router ospf 10 vrf A

redistribute bgp 1 subnets
router bgp 1
address-family ipv4 vrf A
redistribute ospf 10 vrf A match internal external 1 external 2
R1
interface Loopback0
ip address 100.0.0.1 255.255.255.255
ip ospf 10 area 0
59
ip address 172.16.12.1 255.255.255.0

ip ospf 10 area 0


VPNA Sitio2
R4
ip vrf A
rd 1:2
ip vrf forwarding A
ip address 172.16.45.4 255.255.255.0
ip ospf 10 area 0

router bgp 1
R5
interface Loopback0
ip address 100.0.0.5 255.255.255.255
ip ospf 10 area 0
ip address 172.16.45.5 255.255.255.0
ip ospf 10 area 0
router ospf 10
router-id 100.0.0.5
R2#show bgp vpnv4 unicast all

BGP table version is 11, local router ID is 10.0.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf A)
*> 100.0.0.1/32 172.16.12.1 2 32768 ?
*>i100.0.0.5/32 10.0.0.4 2 100 0 ?
60
*> 172.16.12.0/24 0.0.0.0 0 32768 ?

*>i172.16.45.0/24 10.0.0.4 0 100 0 ?
Route Distinguisher: 1:2
*>i100.0.0.5/32 10.0.0.4 2 100 0 ?
*>i172.16.45.0/24 10.0.0.4 0 100 0 ?

*>i100.0.0.1/32 10.0.0.2 2 100 0 ?
*>i172.16.12.0/24 10.0.0.2 0 100 0 ?
*>i100.0.0.1/32 10.0.0.2 2 100 0 ?
*> 100.0.0.5/32 172.16.45.5 2 32768 ?
*>i172.16.12.0/24 10.0.0.2 0 100 0 ?
*> 172.16.45.0/24 0.0.0.0 0 32768 ?
61
Pruebas extremo a extremo
R1#sh ip route ospf

O IA 172.16.45.0/24 [110/2] via 172.16.12.2, 00:01:37, FastEthernet0/0
R5#sh ip route ospf


1 172.16.12.2 112 msec
2 10.1.27.7 [MPLS: Labels 715/416 Exp 0] 232 msec
6 172.16.45.5 288 msec
62

1 172.16.45.4 96 msec
6 172.16.12.1 268 msec
63
Sección MPLS MTU (consideraciones)
§ IGP
§ LDP
Este laboratorio nos permitirá comprender el uso de las etiquetas en tres distintos escenarios.
R2
router ospf 1
network 10.1.23.2 0.0.0.0 area 0
network 10.2.2.2 0.0.0.0 area 0
ip cef
mpls ip
mpls ip
R3
router ospf 1
network 10.1.23.3 0.0.0.0 area 0
network 10.3.3.3 0.0.0.0 area 0
network 10.1.34.3 0.0.0.0 area 0
network 10.1.37.3 0.0.0.0 area 0
ip cef
mpls ip
mpls ip
64
mpls ip
mpls ip
R4
router ospf 1
network 10.1.45.4 0.0.0.0 area 0
network 10.4.4.4 0.0.0.0 area 0
network 10.1.34.4 0.0.0.0 area 0
network 10.1.47.4 0.0.0.0 area 0
ip cef
mpls ip
mpls ip
mpls ip
mpls ip
R5
router ospf 1
network 10.1.45.5 0.0.0.0 area 0
network 10.5.5.5 0.0.0.0 area 0
ip cef
mpls ip
mpls ip
R7
router ospf 1
network 10.1.37.7 0.0.0.0 area 0
network 10.7.7.7 0.0.0.0 area 0
network 10.1.47.7 0.0.0.0 area 0
ip cef
mpls ip
65
mpls ip
mpls ip
El numero de etiquetas dependerá del tipo de implementación. Por ejemplo MPLS VPN usa dos labels, la superior corresponde al
next-hop del PE extremo y bajo esta la que representa el prefijo de la vpn. Si usamos MPLS TE a secas se agrega una etiqueta. Si
por ejemplo usamos un tunnel TE entre router Provider (P) a partir de una implementación con MPLS VPN entonces tenemos
tres etiquetas:
TE label
IGP label
VPN label
Paquete IP
Caso de una etiqueta MPLS LDP

3 10.1.45.5 124 msec
R2 R3 R4 R5
304 404 pop
10.5.5.5 10.5.5.5 10.5.5.5 10.5.5.5
R5 publica su ID 10.5.5.5 enviando una etiqueta imp-null a R4 . Este mensaje intstruye a R4 para que realice un POP para el
prefijo 10.5.5.5/32. R4 publica este prefijo a R3 con la etiqueta de Local 404, R3 publica el prefijo a R2 con la etiqueta Local
304.
Caso dos etiquetas MPLS VPN

Antes implementamos MP-BGP entre los PE R2 y R5, creamos las VRF A, habilitamos EIGRP 100 para la instancia VRF A, y
EIGRP 100 para los CE R1 y R6, redistribuimos mutuamente en el PE.
R1
router eigrp 100
network 1.1.1.1 0.0.0.0
network 172.16.12.1 0.0.0.0
no auto-summary
R6
router eigrp 100
network 6.6.6.6 0.0.0.0
network 172.16.56.6 0.0.0.0
no auto-summary
R2
vrf definition A
rd 1:100
!
66
address-family ipv4
exit-address-family
!
vrf forwarding A
ip address 172.16.12.2 255.255.255.0
!
router eigrp 2
auto-summary
!
redistribute bgp 1 metric 1 1 1 1 1
network 172.16.12.2 0.0.0.0
auto-summary
autonomous-system 100
exit-address-family
router bgp 1
!
exit-address-family
!
redistribute eigrp 100
no synchronization
exit-address-family
R5
vrf definition A
rd 1:200
!
address-family ipv4
exit-address-family
!
vrf forwarding A
ip address 172.16.56.5 255.255.255.0
!
router eigrp 5
auto-summary
!
network 172.16.56.5 0.0.0.0
auto-summary
autonomous-system 100
exit-address-family
67
router bgp 1
!
exit-address-family
!
no synchronization
exit-address-family
Verificar imposción dos etiquetas
R1#sh ip route eigrp

D 6.6.6.6 [90/158720] via 172.16.12.2, 00:10:04, FastEthernet0/0


1 172.16.12.2 72 msec
5 172.16.56.6 176 msec
R1 R2 R3 R4 R5 R6
MPLS/LDP Label 304 404 POP
IGP Label 508 508 508 508
Dest. 6.6.6.6 6.6.6.6 6.6.6.6 6.6.6.6 6.6.6.6 6.6.6.6
Para este segundo caso (MPLS VPN) usamos un ping exendido que envie paquetes con el bit DF establecido, y que haga un
barrido desde la MTU 1485 hasta la MTU 1500.
R1#ping
Protocol [ip]:
Target IP address: 6.6.6.6
Repeat count [5]: 1
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 1.1.1.1
Type of service [0]:
Set DF bit in IP header? [no]: y
Validate reply data? [no]:
Data pattern [0xABCD]:
68
Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]: y
Sweep min size [36]: 1485
Sweep max size [18024]: 1500
Sweep interval [1]:
Sending 16, [1485..1500]-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
Packet sent with the DF bit set
!!!!!!!!M.M.M.M.
Cuando el barrido alcanza los 1493 bytes los paquetes son descartados. Esto se debe a que el paquete es MPLS VPN y necesita
utilizar 8 bytes para dos etiquetas. La etiqueta superior corresponde LSP que usa R2 para alcanzar a R5. La etiqueta bajo esta
representa al prefijo destino 6.6.6.6.
Caso tres etiquetas (2 MPLS VPN + 1 MPLS TE)

Creamos un Tunnel MPLS TE R3-R7-R4 (LSP ida y vuelta).
La figura inicial muestra el Tunnel R3-R7-R4.
R3
router ospf 1
R4
router ospf 1
R7
router ospf 1
69
R3
interface Tunnel1
mpls ip
ip route 10.5.5.5 255.255.255.255 tunnel 1
R4
interface Tunnel1
mpls ip
ip route 10.2.2.2 255.255.255.255 tunnel 1
Verificación MPLS VPN con TE (tres labels)
El traceroute desde el cliente R1 a R6 muestra las tres operaciones MPLS (pop, push y swap) en tres niveles distintos.

Tracing the route to 6.6.6.6
1 172.16.12.2 96 msec
3 10.1.37.7 [MPLS: Labels 708/404/508 Exp 0] 196 msec
6 172.16.56.6 200 msec
R1 R2 (PE) R3 (P) R7 (P) R4 (P) R5 (PE) R6

MPLS TE Label 708 POP
MPLS/LDP Label 304 404 404 POP
IGP Label 508 508 508 508 508
Dest. 6.6.6.6 6.6.6.6 6.6.6.6 6.6.6.6 6.6.6.6 6.6.6.6 6.6.6.6
La MTU del LSP es siempre 1500 , lo podemos comprobar con el comando show mpls interfaces detail en cualquier router
en el LSP. En el ejemplo usamos un ping extendido desde R1 a R6 con el bit DF establecido y con un barrido de 1485 bytes a
1500 bytes (MTU). A partir del valor 1489 los paquetes comienzan a ser descartados (M.M Could not fragment).
Los 12 bytes restantes corresponden a labels MPLS (1 Tunnel + 1 MPLS/LDP + Prefijo IP destino).
70
R1#ping
Protocol [ip]:
Target IP address: 6.6.6.6
Repeat count [5]:
Datagram size [100]:
Extended commands [n]: y
Source address or interface:
Type of service [0]:
Set DF bit in IP header? [no]: yes
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]: yes
Sweep min size [36]: 1485
Sweep max size [18024]: 1500
Sweep interval [1]:
Sending 80, [1485..1500]-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
Packet sent with the DF bit set
!!!!M.M.M.M.
71
MPLS TE con PBR
El sigueinte laboratorio está deseñado para comprender el comportamiento de MPLS TE con distintos tipos de tráficos y la
diferencia con el modo de enrutamiento IP que posee carácteristicas estáticas en lo que respecta al uso optimizado del BW.
§ Todos los routers corren OSPF

§ MPLS LDP está habilitado entre R1 y R6
§ R7 y R8 deben publicado la loopback0 y loopback1 en OSPF
Nota: Para obtener valores de costo OSPF consistentes debemos modificar el costo por referencia OSPF.
R1
router ospf 1
router-id 10.1.1.1
interface Loopback0
ip ospf 1 area 0
ip ospf 1 area 0
ip ospf 1 area 0
72
R2
router ospf 1
router-id 10.1.1.2
interface Loopback0
ip ospf 1 area 0
ip ospf 1 area 0
ip ospf 1 area 1
interface POS1/0
ip ospf 1 area 0
R3
router ospf 1
router-id 10.1.1.3
interface Loopback0
ip ospf 1 area 0
ip ospf 1 area 0
ip ospf 1 area 0
ip ospf 1 area 0
R4
router ospf 1
router-id 10.1.1.4
interface Loopback0
ip ospf 1 area 0
ip ospf 1 area 0
ip ospf 1 area 0
interface POS1/0
ip ospf 1 area 0
73
R5
router ospf 1
router-id 10.1.1.5
interface Loopback0
ip ospf 1 area 0
ip ospf 1 area 0
ip ospf 1 area 0
ip ospf 1 area 0
R6
router ospf 1
router-id 10.1.1.6
interface Loopback0
ip ospf 1 area 0
ip ospf 1 area 0
ip ospf 1 area 2
R7
router ospf 1
router-id 100.1.1.7
interface Loopback0
ip ospf 1 area 0
ip ospf 1 area 1

74
R8
router ospf 1
router-id 100.1.1.8
interface Loopback0
ip ospf 1 area 2
ip ospf 1 area 2
R1#sh ip route ospf

O 10.1.1.2/32 [110/11] via 10.1.12.2, 00:06:28, FastEthernet0/0
§ Area 1 y Area 2 no deben recibir LSAs, solo una 0/0.
R1
router ospf 1
R7
router ospf 1
area 1 stub
R7#sh ip route ospf

R6
router ospf 1
R8
router ospf 1
area 2 stub
R8#sh ip route ospf

R8#ping 100.1.1.7 source 100.1.1.8

!!!!!
75
§ Configurar MPLS LDP R1-R6

§
R1
ip cef
mpls ip
mpls ip
R2
ip cef
mpls ip
mpls ip
mpls ip
interface POS1/0
mpls ip
R3
ip cef
mpls ip
mpls ip
mpls ip
mpls ip
R4
ip cef
mpls ip
76
mpls ip
mpls ip
interface POS1/0
mpls ip
R5
ip cef
mpls ip
mpls ip
mpls ip
mpls ip
R6
ip cef
mpls ip
mpls ip

10.1.1.2:0
Discovery Sources:
Interfaces:
LDP Id: 10.1.1.1:0
LDP Id: 10.1.1.3:0
POS1/0 (ldp): xmit/recv
LDP Id: 10.1.1.4:0

POS1/0 Yes (ldp) No No No Yes
77

10.1.1.3:0
Discovery Sources:
Interfaces:
LDP Id: 10.1.1.4:0
LDP Id: 10.1.1.2:0
LDP Id: 10.1.1.5:0

10.1.1.5:0
Discovery Sources:
Interfaces:
LDP Id: 10.1.1.6:0
LDP Id: 10.1.1.4:0
LDP Id: 10.1.1.3:0

R1
router ospf 1
ip cef
R2
router ospf 1
ip cef
78
interface POS1/0
R3
router ospf 1
ip cef
R4
router ospf 1
ip cef
interface POS1/0
R5
router ospf 1
ip cef
79
R6
router ospf 1
ip cef

interface rsvp allocated i/f max flow max sub max
Fa0/0 ena 0 30M 30M 0

Fa0/0 ena 0 30M 30M 0
Fa0/1 ena 0 30M 30M 0
PO1/0 ena 0 30M 30M 0

Fa0/0 ena 0 30M 30M 0
Fa0/1 ena 0 30M 30M 0
Fa1/0 ena 0 30M 30M 0

Fa0/0 ena 0 30M 30M 0
Fa0/1 ena 0 30M 30M 0
PO1/0 ena 0 30M 30M 0

Fa0/0 ena 0 30M 30M 0
Fa0/1 ena 0 30M 30M 0
Fa1/0 ena 0 30M 30M 0

Fa0/0 ena 0 30M 30M 0
80
Crear los siguientes tuneles con su respectivo LSP
§ R1:Tunnel 1 R1-R2-R3-R4-R5-R6
§ R6:Tunnel 1 R6-R5-R4-R3-R2-R1
§ R1:Tunnel 2 R1-R2-R3-R5-R6
§ R6:Tunnel 2 R1-R2-R3-R5-R6
§ R1 y R6 :Tunnel 3 Dinámico (el LSP se formará considerando el menor costo en este caso R1-R2-R4-R5-R6) .
R1
ip explicit-path name R7-R8-LOOPBACK0 enable

interface Tunnel1
tunnel mpls traffic-eng path-option 10 explicit name R7-R8-LOOPBACK0
interface Tunnel2
interface Tunnel3
tunnel mpls traffic-eng path-option 10 dynamic
R1#show ip int brief | begin Tunnel

Tunnel1 10.1.1.1 YES TFTP up up
R1#show mpls traffic-eng tunnels brief

Signalling Summary:
Forwarding: enabled
R1_t1 10.1.1.6 - Fa0/0 up/up
81
R1_t2 10.1.1.6 - Fa0/0 up/up

R1_t3 10.1.1.6 - Fa0/0 up/up
Displayed 3 (of 3) heads, 0 (of 0) midpoints, 0 (of 0) tails
R6

interface Tunnel1
interface Tunnel2
interface Tunnel3
tunnel mpls traffic-eng path-option 10 dynamic
R6#show mpls traffic-eng tunnels brief

Signalling Summary:
Forwarding: enabled
R6_t1 10.1.1.1 - Fa0/0 up/up
R6_t2 10.1.1.1 - Fa0/0 up/up
R6_t3 10.1.1.1 - Fa0/0 up/up
R1_t1 10.1.1.6 Fa0/0 - up/up
R1_t2 10.1.1.6 Fa0/0 - up/up
R1_t3 10.1.1.6 Fa0/0 - up/up
Displayed 3 (of 3) heads, 0 (of 0) midpoints, 3 (of 3) tails
Configuraremos R1 para que se cumpla lo siguiente:

82
El tráfico que tenga un origen 100.1.1.7/32 (loopback0 R7) y destino 100.1.1.8/32 (loopback0 R8) usa el LSP1 y se le asigna un
valor IPP de 5 (este valor luego se copia en el campo EXP de MPLS), el trafico que tenga origen 7.7.7.7/32 (loopback1 R7) y
destino 8.8.8.8/32 (loopback1 R8) usa el LSP2 y el resto el LSP3 (este puede cambiar según el rendimiento de la red).
Podemos usar PBR estableciendo la salida a traves de la interface tunnel (el LSP).
Debemos crear las loopback1 en R7 y R8
R1
access-list 100 permit ip host 100.1.1.7 host 100.1.1.8 //Trafico para el LSP1
access-list 101 permit ip host 7.7.7.7 host 8.8.8.8 //Trafico para el LSP2
route-map TRAFICO permit 10

match ip address 100 //Trafico que coincide con la acl 100
set ip precedence 5 //Asigna IPP5
set interface Tunnel1 // Usará el LSP1

match ip address 101 //Trafico que coincide con la acl 101
set interface Tunnel2 // Usará el LSP2

set interface Tunnel3 //Usará el LSP3
ip policy route-map TRAFICO //Aplicamos PBR en la interface de entrada
Comprobación
Origen Loopback0 R7 -> Destino Loopack0 R8 usa LSP1 (la traza muestra que el paquete requiere un tratamiento especial por
su valor EXP 5, por ej trafico de voz)
R7#traceroute 100.1.1.8 source 100.1.1.7 probe 1

1 10.1.17.1 80 msec
6 10.1.56.6 332 msec
7 10.1.68.8 304 msec
Origen loopback1 R7 -> Destino loopack1 R8 usa LSP2.
R7
interface Loopback1
ip address 7.7.7.7 255.255.255.255
ip ospf 1 area 1
83
R8
interface Loopback1
ip address 8.8.8.8 255.255.255.255
ip ospf 1 area 2

1 10.1.17.1 72 msec
5 10.1.56.6 320 msec
6 10.1.68.8 320 msec
Tercer LSP

1 10.1.17.1 52 msec
5 10.1.56.6 244 msec
6 10.1.68.8 480 msec
Si R4 cae, entonces todo el trafico de los tres tunneles seguirá el LSP R1-R2-R3-R5-R6
R4 queda KO entonces tenemos
R1#show mpls traffic-eng tunnels tunnel 1 brief

Signalling Summary:
Forwarding: enabled
R1_t1 10.1.1.6 - unknown up/down

1 10.1.17.1 36 msec
84

6 10.1.68.8 396 msec

1 10.1.17.1 44 msec
5 10.1.56.6 224 msec
6 10.1.68.8 264 msec

1 10.1.17.1 76 msec
5 10.1.56.6 320 msec
6 10.1.68.8 228 msec
85
Capítulo III: MPLS VPN L3/L2
86
Sección PE-CE RIPv2
Pre LAB
§ Construir el laboratorio mostrado en la figura..
§ Las configuraciones base/iniciales deben cargarse antes de continuar con el laboratorio.
§ Configurar OSPF en los enlaces R2-R3,R2-R4, R3-R4 y R4-R5 y publicar loopbacks 0.
§ Configurar MPLS LDP en los R2-R3,R2-R4, R3-R4 y R4-R5. El LDP ID debe ser la interface loopback0. Utilice LDP
Autoconfig.
Nota: Esta primera sección incluye la configuración IGP y LDP . En laboratorios posteriores éstas serán parte de las
configuraciones iniciales.
Antes de poder formar un LSP entre PEs necesitamos que exista un IGP que nos entregue conectividad dentro del AS1.
R2
ip ospf 1 area 0
ip ospf 1 area 0
interface Loopback0
ip ospf 1 area 0
R3
ip ospf 1 area 0
ip ospf 1 area 0
87
interface Loopback0
ip ospf 1 area 0
R4
ip ospf 1 area 0
ip ospf 1 area 0
ip ospf 1 area 0
interface Loopback0
ip ospf 1 area 0
R5
ip ospf 1 area 0
interface Loopback0
ip ospf 1 area 0
A continuación comprobamos que se ha formado adyacencia OSPF, y que los ID de cada LSR sean conocidos dentro del AS1.



R2#sh ip route ospf

88
R5#sh ip route ospf

§ Configurar MPLS LDP en los R2-R3,R2-R4, R3-R4 y R4-R5. El LDP ID debe ser la interface loopback0. Utilice LDP
Autoconfig.
R2
ip cef
mpls ip
router ospf 1
R3
ip cef
mpls ip
router ospf 1
R4
ip cef
mpls ip
router ospf 1
R5
ip cef
mpls ip
89

router ospf 1
Comprobamos la comunicación entre vecinos LDP (comunicación a través de mensajes hellos) y el intercambio de etiquetas.

10.0.0.4:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.2:0
LDP Id: 10.0.0.3:0
LDP Id: 10.0.0.5:0

10.0.0.2:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.3:0
LDP Id: 10.0.0.4:0

10.0.0.3:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.2:0
LDP Id: 10.0.0.4:0

10.0.0.5:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.4:0

203 Pop Label 10.0.0.3/32 0 Fa0/0 10.1.23.3
204 Pop Label 10.0.0.4/32 0 Fa1/0 10.1.24.4
205 405 10.0.0.5/32 0 Fa1/0 10.1.24.4
90
210 Pop Label 10.1.34.0/24 0 Fa0/0 10.1.23.3

Pop Label 10.1.34.0/24 0 Fa1/0 10.1.24.4
211 Pop Label 10.1.45.0/24 0 Fa1/0 10.1.24.4

502 402 10.0.0.2/32 0 Fa0/0 10.1.45.4
503 403 10.0.0.3/32 0 Fa0/0 10.1.45.4
504 Pop Label 10.0.0.4/32 0 Fa0/0 10.1.45.4
510 410 10.1.23.0/24 0 Fa0/0 10.1.45.4
511 Pop Label 10.1.24.0/24 0 Fa0/0 10.1.45.4
512 Pop Label 10.1.34.0/24 0 Fa0/0 10.1.45.4
Configurar MP-iBGP entre R2 y R5 (los PEs) utilizando la loopback 0 para formar peering VPNv4.
MP-iBGP intercambia la dupla prefijo vpnv4 + label asociada. Como aun no creamos la VPN en los sitios, el comando show
bgp vpnv4 unicast all summary nos muestra el campo State/PfxRcd igual a cero, esto quiere decir que el proceso no ha
recibido prefijos desde su vecino MP-iBGP.
R2
router bgp 1
R5
router bgp 1

10.0.0.2 4 1 5 5 1 0 0 00:01:07 0

10.0.0.5 4 1 6 6 1 0 0 00:02:28 0
Sitio 1
91
§ Configurar VPN A en R2 -> RD/RT 1:1.

§ Activar la VRF A en la interface que conecta a R1.
§ Configurar RIPv2 PE-CE en Sitio1.
§ Redistribuir BGP dentro de RIPv2
§ Redistribuir RIPv2 dentro de BGP
Nota: El IOS de Cisco no soporta RIPv1 como IGP PE-CE.
R2
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 10.1.12.2 255.255.255.0
R2#show vrf A
Name Default RD Protocols Interfaces
A 1:1 ipv4 Fa0/1
R1#ping 10.1.12.2
.!!!!
Configurar RIPv2 PE-CE Sitio1

§ Redistribuir BGP dentro de RIPv2
§ Redistribuir RIPv2 dentro de BGP
§ R1 debe publicar la loopback0 en RIPv2
Debemos incluir la métrica cuando redistribuimos BGP dentro de RIP, este paso es obligatorio o no obtendremos rutas desde el
sitio remoto.
R2
router rip
redistribute bgp 1 metric 2
network 10.0.0.0
no auto-summary
version 2
router bgp 1
no synchronization
redistribute rip
R1
router rip
version 2
92
network 10.0.0.0
network 100.0.0.0
no auto-summary
R2#sh ip route vrf A rip

Routing Table: A
R2#ping vrf A 100.0.0.1

!!!!!
Sitio 2
§ Activar la VRF A en la interface que conecta al CE R6.
§ Configurar RIPv2 PE-CE en Sitio2.
§ Redistribuir BGP dentro de RIPv2.
§ Redistribuir RIPv2 dentro de BGP.
Repetimos la configuración VPN en Sitio2.
R5
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 10.1.56.5 255.255.255.0
R5#show vrf A
A 1:1 ipv4 Fa0/1
R6#ping 10.1.56.5
.!!!!
Como el RD/RT es el mismo, la configuración IGP RIPv2 en Sitio2 es idéntica a la configuración IGP de Sitio1.
R5
router rip
network 10.0.0.0
no auto-summary
93
version 2
router bgp 1
no synchronization
redistribute rip
R6
router rip
version 2
network 10.0.0.0
network 100.0.0.0
no auto-summary

Routing Table: A
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
R5#ping vrf A 100.0.0.6

!!!!!
Recapitulemos. Para que Sitio1 y Sitio2 tengan comunicación el Service Provider debe implementar en líneas generales:
1. Un IGP en el Core que dé conectividad entre ID LSR.
2. Un protocolo para el intercambio de etiquetas (TDP,LDP o RSVP).
3. MP-iBGP para transportar los prefijos VPN y su etiqueta asociada.
4. Crear una VPN y activarla en la interface que conecta al CE
5. Establecer un IGP PE-CE.
6. Redistribuir mutuamente IGP/MP-iBGP
Estos pasos podemos pensarlos como bloques constructivos de la red subyacente que transportará información entre sitios.
Ya debemos tener conectividad extremo a extremo pero es importante comprobar que los PEs tienen los prefijos en sus tablas
BGP y VRF. El comando show bgp vpnv4 unicast rd 1:1
nos muestra todas los prefijos asociados al RD 1:1. Otro comando con idénticos resultados es
show bgp vpnv4 unicast vrf A, pero es válido cuando el RD es el mismo en ambos PEs.
R2#show bgp vpnv4 unicast rd 1:1

*> 10.1.12.0/24 0.0.0.0 0 32768 ?
*>i10.1.56.0/24 10.0.0.5 0 100 0 ?
94
*> 100.0.0.1/32 10.1.12.1 1 32768 ?

*>i100.0.0.6/32 10.0.0.5 1 100 0 ?
R2#sh ip route vrf A

Routing Table: A
C 10.1.12.0/24 is directly connected, FastEthernet0/1
L 10.1.12.2/32 is directly connected, FastEthernet0/1
B 10.1.56.0/24 [200/0] via 10.0.0.5, 00:32:51
B 100.0.0.6 [200/1] via 10.0.0.5, 00:32:42

Routing Table: A
B 10.1.12.0/24 [200/0] via 10.0.0.2, 00:36:10
B 100.0.0.1 [200/1] via 10.0.0.2, 00:36:10
El comando show ip bgp vpnv4 all labels nos permite ver el mapeo prefijo/etiqueta BGP, es decir, el prefijo que transporta
MP-iBGP más sus extensiones y su etiqueta (label) asociada. Por ejemplo, la etiqueta 514 está asociada al prefijo 100.0.0.6/32 de
R6. Después podremos observar en que lugar del paquete se ubica esta etiqueta.
R2#show ip bgp vpnv4 all labels

Network Next Hop In label/Out label
Route Distinguisher: 1:1 (A)
10.1.12.0/24 0.0.0.0 212/nolabel(A)
10.1.56.0/24 10.0.0.5 nolabel/513
100.0.0.1/32 10.1.12.1 213/nolabel
100.0.0.6/32 10.0.0.5 nolabel/514
Verificamos que la rutas hayan sido redistribuidas correctamente y que sean accesible desde los CEs. Probamos conectividad con
un traceroute entre CEs utilizando las loopbacks0 como interface de origen. El ejemplo muestra una traza de R1 a R6. Cuando el
paquete alcanza el AS1 R2 le agrega dos etiquetas, una para identificar el next-hop de BGP (top label 405) y abajo la etiqueta que
pertenece al prefijo vpnv4 100.0.0.6/32.
R1#sh ip route rip

R 10.1.56.0/24 [120/2] via 10.1.12.2, 00:00:26, FastEthernet0/0
R6#sh ip route rip

95
R1#traceroute 100.0.0.6 source loopback 0 probe 1

1 10.1.12.2 92 msec
4 10.1.56.6 160 msec

1 10.1.56.5 64 msec
4 10.1.12.1 192 msec
96
Sección PE-CE OSPF
Pre LAB
Construir el laboratorio mostrado en la figura..
Configuración MP-iBGP AS1

§ Formar Sesion MP-iBGP utilizando loopback 0.
§ R4 debe ser el Route-Reflector para MP-iBGP.
§ R2, R3 y R5 forman sesión con RR- R4 unicamente.
R2
router bgp 1
R3
router bgp 1
97
R5
router bgp 1
El RR R4 tiene las características ideales para utilizar peer-group BGP.
R4
neighbor AS1 peer-group
neighbor AS1 remote-as 1
neighbor AS1 description INTERNOS
neighbor AS1 update-source Loopback0
neighbor 10.0.0.2 peer-group AS1
neighbor AS1 send-community extended
neighbor AS1 route-reflector-client


10.0.0.2 4 1 4 2 1 0 0 00:00:39 0
10.0.0.3 4 1 4 2 1 0 0 00:00:35 0
10.0.0.5 4 1 4 4 1 0 0 00:00:41 0
R4#show ip bgp peer-group

BGP peer-group is AS1, remote AS 1
Description: INTERNOS
BGP version 4
Neighbor sessions:
0 active, is multisession capable
Default minimum time between advertisement runs is 0 seconds
For address family: VPNv4 Unicast

BGP neighbor is AS1, peer-group internal, members:
10.0.0.2 10.0.0.3 10.0.0.5
Index 0
Route-Reflector Client
Update messages formatted 0, replicated 0
98
Number of NLRIs in the update sent: max 0, min 0
Configuración VPN Sitio 1

§ Configurar VPN A en R2 y R3 -> RD/RT 1:1.
§ Configurar OSPF PE-CE en Sitio1.
§ Redistribuir BGP dentro de OSPF
§ Redistribuir OSPF dentro de BGP
R2
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 10.1.12.2 255.255.255.0
R2#show vrf A
A 1:1 ipv4 Fa0/1
R1#ping 10.1.12.2
.!!!!
R3
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 10.1.13.3 255.255.255.0
R3#show vrf A
A 1:1 ipv4 Fa0/1
R1#ping 10.1.13.3
.!!!!
Configuración OSPF PE-CE en Sitio1.
99
§ Redistribuir BGP dentro de OSPF.

§ R1 debe publicar la loopback0 en OSPF 1 area 0.
BGP tiene la capacidad de transportar en las actualizaciones la mayoría de los atributos OSPF, esto permite resconstruir el
paquete OSPF casi en su totalidad en el PE de salida.
R1
router ospf 10
router-id 100.0.0.1
network 10.1.12.1 0.0.0.0 area 0
network 10.1.13.1 0.0.0.0 area 0
network 100.0.0.1 0.0.0.0 area 0
ip address 10.1.12.1 255.255.255.0
ip address 10.1.13.1 255.255.255.0
R2

network 10.1.12.2 0.0.0.0 area 0
router bgp 1
no synchronization


El ejemplo muestra la forma de configurar OSPF como IGP PE-CE, y la redistribucion en ambos sentidos.
R1
router ospf 10
network 10.1.13.1 0.0.0.0 area 0
ip address 10.1.13.1 255.255.255.0
R3
100

network 10.1.13.3 0.0.0.0 area 0
router bgp 1
no synchronization



R5
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 10.1.56.5 255.255.255.0
R6#ping 10.1.56.5
.!!!!
R6
router ospf 10
router-id 100.0.0.6
network 10.1.56.6 0.0.0.0 area 0
network 100.0.0.6 0.0.0.0 area 0
101
R5
network 10.1.56.5 0.0.0.0 area 0
router bgp 1
no synchronization


Verificamos que los prefijos de ambos sitios estén instalados en la tabla BGP de los Provider Egdes R2, R3 y R5.

Origin codes: i - IGP, e - EGP, ? – incomplete

*> 10.1.12.0/24 0.0.0.0 0 32768 ?
* i10.1.13.0/24 10.0.0.3 0 100 0 ?
*> 10.1.12.1 2 32768 ?
*>i10.1.56.0/24 10.0.0.5 0 100 0 ?
*> 100.0.0.1/32 10.1.12.1 2 32768 ?
*>i100.0.0.6/32 10.0.0.5 2 100 0 ?
R3#show ip bgp all



*> 10.1.12.0/24 10.1.13.1 2 32768 ?
*i 10.0.0.2 0 100 0 ?
*> 10.1.13.0/24 0.0.0.0 0 32768 ?
*>i10.1.56.0/24 10.0.0.5 0 100 0 ?
*> 100.0.0.1/32 10.1.13.1 2 32768 ?
*i 10.0.0.2 2 100 0 ?
102
*>i100.0.0.6/32 10.0.0.5 2 100 0?
For address family: IPv4 Multicast


*>i10.1.12.0/24 10.0.0.2 0 100 0 ?
*>i10.1.13.0/24 10.0.0.3 0 100 0 ?
*> 10.1.56.0/24 0.0.0.0 0 32768 ?
*>i100.0.0.1/32 10.0.0.2 2 100 0 ?
*> 100.0.0.6/32 10.1.56.6 2 32768 ?
Finalemente debemos comprobar que ambos sitios tiene conectividad completa. Un Telnet prueba las 7 capas del modelo OSI.
R1#sh ip route ospf


R6#sh ip route ospf



1 10.1.12.2 96 msec
4 10.1.56.6 164 msec

1 10.1.56.5 80 msec
4 10.1.12.1 172 msec
R1#telnet 100.0.0.6
Trying 100.0.0.6 ... Open
User Access Verification
Password:
103
Sitio 1 tiene una particularidad: Es un sitio dual-home y debemos tener presente algunas consideraciones de diseño. Por ejemplo
una actualización desde Sitio 2 es redistribuida por R2 hacia R1, este vuelve a publicar la actualización a R3. R3 a su vez comparte
la actualización con todos los PEs dentro del Backbone que acepten el RT 1:1, R2 acepta esta actualización desde R3 y la
redistribuye nuevamente a R1 (un loop de enrutamiento). Sin un mecanismo para prevenir esto la red tendrá problemas de
convergencia y/o lentitud de respuesta. El campo opción de la LSA 3 de OSPF tiene un campo (DOWN BIT) que se creó
exclusivamente para evitar este problema. El down bit es establecido por un Provider Edge cada vez que redistribuye una ruta
MP-iBGP dentro de OSPF.
En nuestro ejemplo R1, el Customer Edge, recibe la actualización desde un R2, R1 publica otra actualizacion para R3 sobre la
misma red con el down bit establecido, R3 ve el bit y no vuelve a publicar la red dentro del backbone. Este proceso es automático
y no requiere configuración adicional.

Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 144
Options: (No TOS-capability, DC, Downward)
Checksum: 0xFB3A
Length: 28
Network Mask: /32
MTID: 0 Metric: 2
LS age: 22
Checksum: 0xEE45
Length: 28
Network Mask: /32
MTID: 0 Metric: 2
§ Crear la loopback1 (200.0.0.6/24) en R6 y redistribuirla dentro de OSPF
Para evitar loops para LSA tipo 5 usamos el comando domai-tag en el proceso OSPF.
R6
interface Loopback1
ip address 200.0.0.6 255.255.255.0
route-map LOOP permit 10

match interface Loopback1
router ospf 10
redistribute connected subnets route-map LOOP
R2
domain-tag 69
104
R3
domain-tag 69
R1#show ip ospf database external

LS age: 35
Checksum: 0xD1A7
Length: 36
Network Mask: /24
MTID: 0
Metric: 20
LS age: 36
Checksum: 0xC2B3
Length: 36
Network Mask: /24
MTID: 0
Metric: 20
105
Sección PE-CE OSPF Sham-Link
Pre LAB

§ Formar Sesion MP-iBGP entre R2 y R5 utilizando loopback 0.
§ R3 y R4 son routers Providers
R2
router bgp 1
R5
router bgp 1
106


10.0.0.5 4 1 4 4 1 0 0 00:01:01 0

R2
vrf definition A
rd 1:1
address-family ipv4
exit-address-family
vrf forwarding A
ip address 10.1.12.2 255.255.255.0
R2#show vrf A
A 1:1 ipv4 Fa0/1
R1#ping 10.1.12.2
.!!!!
Configuración OSPF PE-CE en Sitio1.

§ Redistribuir BGP en OSPF.
§ Redistribuir OSPF en BGP
§ R1 debe publicar la loopback0 en OSPF 1 area 0.
R1
router ospf 10
router-id 100.0.0.1
network 10.1.12.1 0.0.0.0 area 0
network 100.0.0.1 0.0.0.0 area 0
ip address 10.1.12.1 255.255.255.0
107
R2

network 10.1.12.2 0.0.0.0 area 0
router bgp 1
no synchronization

R2#sh ip route vrf A ospf

Routing Table: A
R2#ping vrf A 100.0.0.1

!!!!!

§ Redistribuir BGP en OSPF
§ Redistribuir OSPF en BGP
R5
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 10.1.56.5 255.255.255.0
R6#ping 10.1.56.5
!!!!!
108
R6
router ospf 10
router-id 100.0.0.6
network 10.1.56.6 0.0.0.0 area 0
network 100.0.0.6 0.0.0.0 area 0
R5

network 10.1.56.5 0.0.0.0 area 0
router bgp 1
no synchronization

*> 10.1.12.0/24 0.0.0.0 0 32768 ?
*>i10.1.56.0/24 10.0.0.5 0 100 0 ?
*> 100.0.0.1/32 10.1.12.1 2 32768 ?
*>i100.0.0.6/32 10.0.0.5 2 100 0 ?

*>i10.1.12.0/24 10.0.0.2 0 100 0 ?
*> 10.1.56.0/24 0.0.0.0 0 32768 ?
*>i100.0.0.1/32 10.0.0.2 2 100 0 ?
*> 100.0.0.6/32 10.1.56.6 2 32768 ?
Los CEs R1 y R6 instalan las rutas de los sitios remotos como del tipo LSA 3 (Inter-Area).
R1#sh ip route ospf

109
R1#traceroute 100.0.0.6 source loopback 0

1 10.1.12.2 96 msec 84 msec 28 msec
2 10.1.24.4 [MPLS: Labels 405/514 Exp 0] 124 msec 184 msec 140 msec
3 10.1.56.5 [MPLS: Label 514 Exp 0] 80 msec 176 msec 136 msec
4 10.1.56.6 192 msec * 168 msec
R6#sh ip route ospf


1 10.1.56.5 68 msec 76 msec 24 msec
4 10.1.12.1 152 msec * 168 msec
BackUp
§ Configurar enlace de respaldo mostrado en la figura (OSPF 10 area 0 en).
§ Los CEs deben tener comunicación a través del Backbone y el enlace de respaldo será alternativa en caso que la red del
Proveedor falle.
Puesto que el enlace de respaldo será interno será la primera opción para la comunicación entre sitios. El proceso OSPF prefiere
las rutas Intrarea por sobre las Inter-Area.
R1
router ospf 10
network 172.16.16.0 0.0.0.255 area 0
R6
router ospf 10
network 172.16.16.0 0.0.0.255 area 0


Como dijimos anterioremente, OSPF prefiere rutas Internas (LSA 1 y LSA 2 = O), en lugar de las Intra-Area (LSA 3 = IA).
R1 se comunica con R6 directamente, y los servicios del Backbone se consideran un mero respaldo.
Aquí la importancia de Sham-Link
110
R1#sh ip route ospf

R6#sh ip route ospf

R2
interface Loopback1
vrf forwarding A
ip address 10.2.2.2 255.255.255.255
router bgp 1
network 10.2.2.2 mask 255.255.255.255

area 0 sham-link 10.2.2.2 10.5.5.5
R5
interface Loopback1
ip vrf forwarding A
ip address 10.5.5.5 255.255.255.255
router bgp 1
network 10.5.5.5 mask 255.255.255.255

area 0 sham-link 10.5.5.5 10.2.2.2
R2#show ip ospf sham-links

Sham Link OSPF_SL0 to address 10.5.5.5 is up
Area 0 source address 10.2.2.2
DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40,
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
111
R5#show ip ospf sham-links

Sham Link OSPF_SL0 to address 10.2.2.2 is up
Area 0 source address 10.5.5.5
DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40,
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
R1#sh ip route ospf

O E2 10.2.2.2/32 [110/1] via 10.1.12.2, 00:10:57, FastEthernet0/0
R6#sh ip route ospf

La Pregunta es: Si hemos configurado Sham-Link entre PEs, ¿Por qué R1 y R6 aún aprenden las rutas directamente y no a través
del backbone? Sencillamente porque el costo entre CEs es menor que a tavés del Backbone. Una solución es subir el costo en la
interface del enlace de respaldo, esto permite que los CEs utilicen el Backbone, poner atención al next-hop. Notar tambien que
las rutas no son LSA 3.
R1
ip ospf cost 69
R6
ip ospf cost 69
R1#sh ip route ospf

112
R6#sh ip route ospf

Las rutas E2 no son necesarias.
R1
access-list 10 deny 10.2.2.2
access-list 10 permit any
router ospf 10
distribute-list 10 in
R6
access-list 10 permit any
router ospf 10
distribute-list 10 in
R1#sh ip route ospf

R6#sh ip route ospf

113
Sección VRF Lite - CE Management
Pre LAB
MP-iBGP
R2
router bgp 1
R5
router bgp 1
R5#show bgp all summary

10.0.0.2 4 1 2 2 1 0 0 00:00:07 0
114
VRF-Lite
CE-R1
R1
ip vrf A
rd 1:1
interface Loopback0
ip vrf forwarding A
ip address 100.0.0.1 255.255.255.255
ip vrf forwarding A
ip address 10.1.12.1 255.255.255.0
ip vrf forwarding A
ip address 10.1.13.1 255.255.255.0

router-id 100.0.0.1
network 10.1.12.0 0.0.0.255 area 0
network 10.1.13.0 0.0.0.255 area 0
network 100.0.0.1 0.0.0.0 area 0
R2
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 10.1.12.2 255.255.255.0

network 10.1.12.0 0.0.0.255 area 0
router bgp 1
no synchronization


Routing Table: A
115

R3
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 10.1.13.3 255.255.255.0

network 10.1.13.0 0.0.0.255 area 0
router bgp 1
no synchronization


*> 10.1.12.0/24 10.1.13.1 2 32768 ?
*> 100.0.0.1/32 10.1.13.1 2 32768 ?
Sitio2
R5
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 10.1.56.5 255.255.255.0

network 10.1.56.0 0.0.0.255 area 0
router bgp 1
116
no synchronization
R6
ip address 10.1.56.6 255.255.255.0
ip ospf 10 area 0
router ospf 10
router-id 100.0.0.1


*>i10.1.12.0/24 10.0.0.2 0 100 0 ?
*>i10.1.13.0/24 10.0.0.2 2 100 0 ?
*> 10.1.56.0/24 0.0.0.0 0 32768 ?
*>i100.0.0.1/32 10.0.0.2 2 100 0 ?
R6#sh ip route ospf

R6#ping 100.0.0.1
.....
Success rate is 0 percent (0/5)
La tabla OSPF de R6 muestra varias redes que en teoría son alcansablez, sin embargo un ping revela un problema. Sitio 1 consta
de un CE que utiliza VRF, esto no es el comportamiento “habitual” y es lo que se conoce como VRF-LITE. Puesto que Sitio1 es
mutlihome, los mismos mecanismos para evitar loops aparecen aquí (chequeo de Down Bit, o Tag), claro que estos son validos
para Provider Edge , y R1 es un Customer Edge. Si queremos que se sobrescriba el chequeo, en R1 debemos instruir a proceso
que se trata de un router VRF-LITE con el comando capability vrf-lite.
R1
capability vrf-lite
R6#ping 100.0.0.1
!!!!!

117

LS age: 432
Checksum: 0x1624
Length: 28
Network Mask: /24
MTID: 0 Metric: 2
R6
interface Loopback2
ip address 60.0.0.6 255.255.255.255
router ospf 10
router-id 100.0.0.1
redistribute connected subnets route-map CONN
route-map CONN permit 10

R1#show ip ospf database external 60.0.0.6

LS age: 58
Checksum: 0x284B
Length: 36
Network Mask: /32
MTID: 0
Metric: 20
CE Management
R6 publica los prefijos 100.1.0.0/24 – 100.7.0.0/24
R5 debe filtrar los prefijos pares usando el RT 1:69
Si queremos los prefijos pares en Sitio 1 debemos importarlos en la VRF.
R6
interface Loopback1
ip address 100.2.0.6 255.255.255.0 secondary
118

ip address 100.1.0.6 255.255.255.0
ip ospf 10 area 0
R5
route-map VRF-MAP permit 10

match ip address 10
set extcommunity rt 1:69
rd 1:1
export map VRF-MAP

*>i10.1.12.0/24 10.0.0.2 0 100 0 ?
*>i10.1.13.0/24 10.0.0.2 2 100 0 ?
*> 10.1.56.0/24 0.0.0.0 0 32768 ?
*>i100.0.0.1/32 10.0.0.2 2 100 0 ?
*> 100.1.0.6/32 10.1.56.6 2 32768 ?
*> 100.2.0.0/24 10.1.56.6 2 32768 ?
*> 100.3.0.0/24 10.1.56.6 2 32768 ?
*> 100.4.0.0/24 10.1.56.6 2 32768 ?
*> 100.5.0.0/24 10.1.56.6 2 32768 ?
*> 100.6.0.0/24 10.1.56.6 2 32768 ?
*> 100.7.0.0/24 10.1.56.6 2 32768 ?

*> 10.1.12.0/24 0.0.0.0 0 32768 ?
*> 10.1.13.0/24 10.1.12.1 2 32768 ?
*>i10.1.56.0/24 10.0.0.5 0 100 0 ?
*> 100.0.0.1/32 10.1.12.1 2 32768 ?
*>i100.1.0.6/32 10.0.0.5 2 100 0 ?
*>i100.3.0.0/24 10.0.0.5 2 100 0 ?
*>i100.5.0.0/24 10.0.0.5 2 100 0 ?
*>i100.7.0.0/24 10.0.0.5 2 100 0 ?

Routing Table: A
119

R1#traceroute vrf A 100.3.0.6 probe 1

1 10.1.12.2 76 msec
4 10.1.56.6 224 msec
R6#sh ip route ospf

120
Sección PE-CE EIGRP
Pre LAB

• Formar Sesion MP-iBGP R2, R3 y R5 malla completa (full mesh) utilizando loopback 0.
• R4 es un router Provider y no participa en MP-iBGP.
• Utilizar feature peer-group en los PEs para sesion MP-iBGP
R2
router bgp 1
R3
router bgp 1
121

R5
router bgp 1


10.0.0.3 4 1 2 2 1 0 0 00:00:41 0
10.0.0.5 4 1 2 2 1 0 0 00:00:12 0


10.0.0.2 4 1 4 4 1 0 0 00:01:18 0
10.0.0.5 4 1 4 4 1 0 0 00:00:43 0


10.0.0.2 4 1 4 4 1 0 0 00:01:33 0
10.0.0.3 4 1 4 4 1 0 0 00:01:27 0
R2#show bgp vpnv4 unicast all peer-group

BGP version 4
Neighbor sessions:
122

10.0.0.3 10.0.0.5
Index 0

§ Configurar EIGRP 1 PE-CE en Sitio1.
§ Redistribuir BGP dentro de EIGRP 1
§ Redistribuir EIGRP 1 dentro de BGP
R2
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 10.1.12.2 255.255.255.0
R2#show ip vrf A
Name Default RD Interfaces
A 1:1 Fa0/1
R1#ping 10.1.12.2
.!!!!
R3
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 10.1.13.3 255.255.255.0
R1#ping 10.1.13.3
.!!!!
123
Configuración EIGRP 1 PE-CE en Sitio1.

§ Redistribuir BGP en EIGRP 1.
§ Redistribuir EIGRP 1 en BGP
§ R1 debe publicar la loopback0 en EIGRP 1.
La configración es similar a RIPv2. Tener presente que el comando es necesario o no se formará adyacencia EIGRP. Para ver
adyacencia EIGRP en el PE debemos usar el comando show ip eigrp vrf A neighbors.
R1
router eigrp 1
network 10.0.0.0
network 100.0.0.0
no auto-summary
R2
router eigrp 2
default-metric 10000 100 255 1 1500
redistribute bgp 1
network 10.0.0.0
autonomous-system 1
no auto-summary
router bgp 1
no synchronization
exit-address-family
R2#show ip eigrp vrf A neighbors

EIGRP-IPv4 Neighbors for AS(1) VRF(A)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.1.12.1 Fa0/1 11 00:02:01 163 978 0 2
R2#sh ip route vrf A eigrp

Routing Table: A
D 10.1.13.0/24 [90/30720] via 10.1.12.1, 00:04:14, FastEthernet0/1
R2#ping vrf A 100.0.0.1

!!!!!
R3
router eigrp 3
default-metric 10000 100 255 1 1500
redistribute bgp 1
network 10.0.0.0
124
autonomous-system 1
no auto-summary
router bgp 1
no synchronization

(sec) (ms) Cnt Num
0 10.1.13.1 Fa0/1 12 00:00:11 319 1914 0 4
R3#ping vrf A 100.0.0.1

!!!!!

Routing Table: A

§ Configurar EIGRP 2 PE-CE en Sitio2.
§ Redistribuir BGP en EIGRP 2
§ Redistribuir EIGRP 2 en BGP
R5
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 10.1.56.5 255.255.255.0
R5#show ip vrf A
A 1:1 Fa0/1
R6#ping 10.1.56.5
.!!!!
125
Para que las rutas en los sitios sean internas, el AS debe ser el mismo, o los prefijos se publicaran como rutas externas. Este
escenario busca que las rutas sean externas. Como podemos ver en el ejemplo, la coicidencia de AS se especifíca en la familia
VRF.
R5
router eigrp 5
default-metric 10000 100 255 1 1500
redistribute bgp 1
network 10.0.0.0
autonomous-system 2
no auto-summary
router bgp 1
no synchronization
R6
router eigrp 2
network 10.0.0.0
network 100.0.0.0
no auto-summary

(sec) (ms) Cnt Num
0 10.1.56.6 Fa0/1 10 00:01:05 117 702 0 3

Routing Table: A
R5#ping vrf A 100.0.0.6

!!!!!
Como podemos ver en el ejemplo, la metrica EIGRP se copia en las extensiones BGP. El comando en R2 show bgp vpnv4
unicast rd 1:1 100.0.0.6 muestra las extensiones que utilza BGP para transportar un paquete EIGRP completo.

*> 10.1.12.0/24 0.0.0.0 0 32768 ?
*>i10.1.13.0/24 10.0.0.3 0 100 0 ?
*>i10.1.56.0/24 10.0.0.5 0 100 0 ?
* i100.0.0.1/32 10.0.0.3 156160 100 0 ?
*> 10.1.12.1 156160 32768 ?
126
*>i100.0.0.6/32 10.0.0.5 156160 100 0?

*>i10.1.12.0/24 10.0.0.2 0 100 0 ?
*> 10.1.13.0/24 0.0.0.0 0 32768 ?
*>i10.1.56.0/24 10.0.0.5 0 100 0 ?
*> 100.0.0.1/32 10.1.13.1 156160 32768 ?
*i 10.0.0.2 156160 100 0 ?
*>i100.0.0.6/32 10.0.0.5 156160 100 0 ?

*>i10.1.12.0/24 10.0.0.2 0 100 0 ?
*>i10.1.13.0/24 10.0.0.3 0 100 0 ?
*> 10.1.56.0/24 0.0.0.0 0 32768 ?
*>i100.0.0.1/32 10.0.0.2 156160 100 0 ?
*i 10.0.0.3 156160 100 0 ?
*> 100.0.0.6/32 10.1.56.6 156160 32768 ?
R2#show bgp vpnv4 unicast rd 1:1 100.0.0.6

BGP routing table entry for 1:1:100.0.0.6/32, version 12
Paths: (1 available, best #1, table A)
Not advertised to any peer
Local
10.0.0.5 (metric 3) from 10.0.0.5 (10.0.0.5)
Origin incomplete, metric 156160, localpref 100, valid, internal, best
Extended Community: RT:1:1 Cost:pre-bestpath:128:156160 0x8800:32768:0
0x8801:2:130560 0x8802:65281:25600 0x8803:65281:1500
0x8806:0:1677721606
mpls labels in/out nolabel/515
Balanceo de carga EIGRP.

A diferencia de OSPF, EIGRP no necesita mecanismos para evitar loops, porque trata cada ruta en base a la metrica compuesta.

D EX 10.1.56.0/24 [170/284160] via 10.1.13.3, 00:00:05, FastEthernet0/1
D EX 100.0.0.6 [170/284160] via 10.1.13.3, 00:00:05, FastEthernet0/1

1 10.1.12.2 148 msec
127
10.1.13.3 56 msec
10.1.34.4 [MPLS: Labels 405/515 Exp 0] 192 msec
3 10.1.56.5 [MPLS: Label 515 Exp 0] 292 msec 132 msec
4 10.1.56.6 228 msec *

D EX 100.0.0.1 [170/284160] via 10.1.56.5, 00:39:35, FastEthernet0/0
R6#traceroute 100.0.0.1
1 10.1.56.5 92 msec 92 msec 12 msec
4 10.1.12.1 200 msec * 184 msec
Modificación AS EIGRP
Si hacemos coincidir el AS EIGRP en ambos sitios, las rutas que instalan los CEs son EIGRP Internas.
R5
router eigrp 5
default-metric 10000 100 255 1 1500
redistribute bgp 1
network 10.0.0.0
autonomous-system 1
no auto-summary
router bgp 1
no synchronization
R6
router eigrp 1
network 10.0.0.0
network 100.0.0.0
no auto-summary


128

129
Sección PE-CE EIGRP Dual-Homed
Pre LAB

§ Formar Sesion MP-iBGP R2, R3 y R4 malla completa (full mesh) utilizando loopback 0.
§ R4 es un router Provider y no participa en MP-iBGP.
§ Utilizar feature peer-group en los PEs para sesion MP-iBGP
R2
router bgp 1
R3
router bgp 1
130
R4
router bgp 1


10.0.0.2 4 1 2 2 1 0 0 00:00:03 0
10.0.0.3 4 1 2 2 1 0 0 00:00:02 0


10.0.0.3 4 1 7 7 1 0 0 00:03:49 0
10.0.0.4 4 1 4 3 1 0 0 00:01:07 0


10.0.0.2 4 1 7 8 1 0 0 00:04:32 0
10.0.0.4 4 1 4 4 1 0 0 00:01:49 0
131

§ R1 debe establecer sesion EIGRP con R2 y R3 (Dual Home)
R2
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 10.1.12.2 255.255.255.0
R2#show ip vrf A
A 1:1 Fa0/1
R1#ping 10.1.12.2
.!!!!
R3
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 10.1.13.3 255.255.255.0
R3#show ip vrf
A 1:1 Fa0/1
R1#ping 10.1.13.3
.!!!!
132
§ R1 debe establecer sesion EIGRP con R2 y R3 (Dual Home)

§ Los PEs crean distribucion mutua (BGP<->IGP)
R1
router eigrp 1
network 10.0.0.0
network 100.0.0.0
no auto-summary
R2
router eigrp 2
network 10.0.0.0
autonomous-system 1
no auto-summary
router bgp 1
R3
router eigrp 3
default-metric 10000 100 255 1 1500
network 10.0.0.0
autonomous-system 1
no auto-summary
router bgp 1

*> 10.1.12.0/24 0.0.0.0 0 32768 ?
*>i10.1.13.0/24 10.0.0.3 0 100 0 ?
* i100.0.0.1/32 10.0.0.3 156160 100 0 ?
*> 10.1.12.1 156160 32768 ?

Routing Table: A
B 10.1.13.0/24 [200/0] via 10.0.0.3, 00:02:15
133

*>i10.1.12.0/24 10.0.0.2 0 100 0 ?
*> 10.1.13.0/24 0.0.0.0 0 32768 ?
*> 100.0.0.1/32 10.1.13.1 156160 32768 ?
*i 10.0.0.2 156160 100 0 ?

Routing Table: A
B 10.1.12.0/24 [200/0] via 10.0.0.2, 00:04:33

R4
ip vrf A
rd 1:2
ip vrf forwarding A
ip address 10.1.45.4 255.255.255.0
R4#show ip vrf
A 1:2 Fa1/0
R4#ping vrf A 10.1.45.5

.!!!!
§ R5 debe establecer sesion OSPF 69 con R4. Publicar los prefijos 100.1.0.0/32 – 100.4.0.0/32
§ PE-R4 crea distribucion mutua (BGP<->IGP)
134
Notar que las IP secundarias se publican por defecto en OSPF. Podemos publicar la IP primaria unicamente usando el comando
de la interface ip ospf 69 area 0 secondaries none.
R5
interface Loopback0
ip address 100.0.0.5 255.255.255.255
ip ospf 69 area 0
ip address 10.1.45.5 255.255.255.0
ip ospf 69 area 0
router ospf 69
router-id 100.0.0.5
R4
ip vrf forwarding A
ip address 10.1.45.4 255.255.255.0
ip ospf 69 area 0

router bgp 1

Routing Table: A
Site of Origin
En cuanto importemos las rutas desde Sitia2 a Sitio1 se generará un loop.
R2
ip vrf A
R2
ip vrf A
135

1 10.1.13.3 344 msec
3 10.1.12.1 252 msec
4 10.1.13.3 284 msec
6 10.1.12.1 332 msec
7 10.1.13.3 340 msec
9 10.1.12.1 516 msec
10 10.1.13.3 544 msec
12 10.1.12.1 548 msec
13 10.1.13.3 692 msec
15 10.1.12.1 212 msec
16 10.1.13.3 304 msec
18 10.1.12.1 328 msec
19 10.1.13.3 764 msec
21 10.1.12.1 648 msec
22 10.1.13.3 636 msec
24 10.1.12.1 404 msec
25 10.1.13.3 452 msec
27 10.1.12.1 992 msec
28 10.1.13.3 820 msec
30 10.1.12.1 1080 msec

Paths: (1 available, best #1, no table)
Local
10.0.0.4 (metric 2) from 10.0.0.4 (10.0.0.4)
Extended Community: RT:1:2 OSPF DOMAIN ID:0x0005:0x000000450200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.1.45.4:0

Local
10.0.0.4 (metric 2) from 10.0.0.4 (10.0.0.4)
R2
route-map SOO permit 10
136
set extcommunity soo 69:69
ip vrf sitemap SOO
R3
ip vrf sitemap SOO
137
Sección PE-CE IS-IS
Pre LAB
MP-iBGP
Para el intercambio de etiquetas vpnv4 usamos MP-iBGP en AS1. R4 es el Route-Reflector y sus clientes son R2, R3, y R5. Para
minimizar la configuración y los recursos usaremos peer-group en el RR.
R2
router bgp 1
exit-address-family
R3
router bgp 1
exit-address-family
138
R5
router bgp 1
!
exit-address-family
R4
router bgp 1
neighbor AS1 description INTERNOS
exit-address-family

Description: INTERNOS
BGP version 4
Neighbor sessions:

10.0.0.2 10.0.0.3 10.0.0.5
Index 0
139


10.0.0.2 4 1 8 6 1 0 0 00:04:18 0
10.0.0.3 4 1 8 8 1 0 0 00:04:18 0
10.0.0.5 4 1 7 6 1 0 0 00:04:14 0
Sitio 1 IGP CE-PE

En ISIS la configuracion requiere que activemos la VRF dentro del proceso ISIS con el comando vrf nombre_vrf. Al igual que otros
IGPs, activamos la vrf para el enlace PE-CE con el comando ip vrf forwarding nombre_vrf o vrf forwarding nombre_vrf
dependiendo del formato de VRF que estemos usando.
Activamos luego ISIS en la interface con la etiquetas del proceso ISIS que hemos configurado, la configuración habitual.
R2
vrf definition A
rd 1:1
address-family ipv4
exit-address-family
router isis A
vrf A
net 49.0001.0000.0000.0002.00
redistribute bgp 1
vrf forwarding A
ip address 10.1.12.2 255.255.255.0
ip router isis A
isis circuit-type level-2-only
router bgp 1
no synchronization
redistribute isis A level-2
exit-address-family
R3
vrf definition A
rd 1:1
address-family ipv4
router isis A
vrf A
net 49.0001.0000.0000.0003.00
redistribute bgp 1
140
vrf forwarding A
ip address 10.1.13.3 255.255.255.0
ip router isis A
router bgp 1
no synchronization
R1
ip address 10.1.12.1 255.255.255.0
ip router isis
ip address 10.1.13.1 255.255.255.0
ip router isis
router isis
net 49.0001.0000.0000.0001.00
R2#show isis A neighbors

System Id Type Interface IP Address State Holdtime Circuit Id
R1 L2 Fa0/1 10.1.12.1 UP 28 R2.01
R2#show isis A database

IS-IS Level-2 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
R1.00-00 0x0000000D 0xAC1A 805 0/0/0
R2.00-00 * 0x00000078 0x4B18 866 0/0/0
R2.01-00 * 0x00000007 0x02D1 717 0/0/0
R3.00-00 0x00000078 0xD80A 983 0/0/0
R3.01-00 0x00000007 0x08C9 851 0/0/0

R2 Fa0/0 ca03.079c.0006 Up 9 L2 IS-IS
R3 Fa0/1 ca05.0080.0006 Up 9 L2 IS-IS
R1#show isis neighbors

R2 L2 Fa0/0 10.1.12.2 UP 9 R2.01
R3 L2 Fa0/1 10.1.13.3 UP 9 R3.01
R2#sh ip route vrf A isis

Routing Table: A
i L2 100.0.0.1 [115/10] via 10.1.12.1, FastEthernet0/1
141
Sitio 2
R5
vrf definition A
rd 1:1
address-family ipv4
exit-address-family
router isis A
vrf A
net 49.0001.0000.0000.0005.00
redistribute bgp 1
vrf forwarding A
ip address 10.1.56.5 255.255.255.0
ip router isis A
router bgp 1
no synchronization
exit-address-family
R6
ip address 10.1.56.6 255.255.255.0
ip router isis
router isis
net 49.0001.0000.0000.0006.00
R5#show isis A neighbors

R6 L2 Fa0/1 10.1.56.6 UP 8 R6.01
R5#show isis A database

IS-IS Level-2 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
R5.00-00 * 0x0000000B 0xEEBC 1030 0/0/0
R6.00-00 0x00000009 0x0BC5 886 0/0/0
R6.01-00 0x00000007 0x7E49 1122 0/0/0

R5 Fa0/0 ca00.0474.0006 Up 28 L2 IS-IS

142
R5 L2 Fa0/0 10.1.56.5 UP 24 R6.01
R5#sh ip route vrf A isis

Routing Table: A
R1#sh ip route isis


1 10.1.13.3 92 msec
4 10.1.56.6 220 msec
R6#sh ip route isis


1 10.1.56.5 100 msec
4 10.1.12.1 148 msec
Nota: Sitio 1 es dual home (dos salidas), para este escenario el bit UP/Down debe estar establecido por los PEs o las rutas
redistribuidas de BGP a IS-IS volverán a ser redistribuidas de IS-IS a BGP. El siguiente ejemplo nos muestra un paquete dirección
origen 100.0.0.1 con direccion destino 100.0.0.6 en un loop infinito (poner atencion al muñequeo entre CE-R1 y PE-R3). El
proceso ISIS se encarga de establecer el bit y evita este problema.

1 10.1.12.2 52 msec
10.1.13.3 208 msec
10.1.12.2 96 msec
2 10.1.13.1 60 msec
10.1.12.1 28 msec
10.1.13.1 24 msec
3 10.1.13.3 128 msec 124 msec 108 msec
4 10.1.13.1 48 msec 100 msec 88 msec
5 10.1.13.3 148 msec 156 msec 148 msec
6 10.1.13.1 112 msec 120 msec 132 msec
7 10.1.13.3 188 msec 136 msec 168 msec
8 10.1.13.1 168 msec * *
9 10.1.13.3 208 msec 204 msec 208 msec
10 10.1.13.1 188 msec 200 msec 140 msec
11 10.1.13.3 216 msec 304 msec 336 msec
12 10.1.13.1 220 msec 216 msec 208 msec
143
13 10.1.13.3 280 msec 332 msec 336 msec

14 10.1.13.1 244 msec * *
15 10.1.13.3 272 msec 304 msec 236 msec
16 10.1.13.1 280 msec 280 msec 264 msec
17 10.1.13.3 372 msec 372 msec 436 msec
18 10.1.13.1 372 msec 292 msec 328 msec
19 10.1.13.3 520 msec * *
20 10.1.13.1 316 msec 392 msec 368 msec
21 10.1.13.3 404 msec 540 msec 396 msec
22 10.1.13.1 416 msec 416 msec 388 msec
23 10.1.56.6 864 msec * *
144
Sección PE-CE eBGP Multihome
Pre LAB

§ Formar Sesion MP-iBGP R2, R3 y R5 malla completa (full mesh) utilizando loopback 0.
§ R4 es un router Provider y no participa en MP-iBGP.
§ Utilizar feature peer-group en los PEs para sesion MP-iBGP
R2
router bgp 1
R3
router bgp 1
145

R5
router bgp 1


10.0.0.3 4 1 2 2 1 0 0 00:00:18 0
10.0.0.5 4 1 2 2 1 0 0 00:00:09 0


10.0.0.2 4 1 4 4 1 0 0 00:01:10 0
10.0.0.5 4 1 4 4 1 0 0 00:01:05 0


10.0.0.2 4 1 4 4 1 0 0 00:01:19 0
10.0.0.3 4 1 4 4 1 0 0 00:01:22 0

BGP version 4
Neighbor sessions:
146

10.0.0.2 10.0.0.3
Index 0

R2
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 10.1.12.2 255.255.255.0
R2#show ip vrf A
A 1:1 Fa0/1
R1#ping 10.1.12.2
.!!!!
R3
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 10.1.13.3 255.255.255.0
R1#ping 10.1.13.3
.!!!!
Configuración eBGP PE-CE en Sitio1.

§ Configurar BGP AS10 en R1 y formar sesion eBGP R1-R2 R1-R3.
§ R1 debe publicar el prefijo 100.0.0.1/32 y los enlaces CE-PEs.
eBGP no necesita redistribcion, la redistribución es automática, nuestra tarea se limita crear una sesion eBGP:
R1 - > R2
R1 - > R3
147
Es recomendable chequear en la tabla BGP los prefijos que publicamos, es un error común insertar una máscara incorrecta y el
sistema no advierte el error. Para activar BGP VRF debemos estar en el modo de configuración router bgp, y acceder al la familia
VRF, luego usamos el comamando neighbor ip_vecino remote-as as. Normalmente el proceso activa de inmediato la sesión BGP.
R1
router bgp 10
address-family ipv4
network 10.1.12.0 mask 255.255.255.0
network 100.0.0.1 mask 255.255.255.255
R1#show ip bgp
*> 10.1.12.0/24 0.0.0.0 0 32768 i
*> 100.0.0.1/32 0.0.0.0 0 32768 i
R2
router bgp 1
no synchronization
R3
router bgp 1
no synchronization
R1#show bgp ipv4 unicast summary


10.1.12.2 4 1 14 14 3 0 0 00:09:07 0
10.1.13.3 4 1 6 4 3 0 0 00:00:19 0

148

r i10.1.12.0/24 10.0.0.3 0 100 0 10 i
r> 10.1.12.1 0 0 10 i
* i100.0.0.1/32 10.0.0.3 0 100 0 10 i
*> 10.1.12.1 0 0 10 i

*> 10.1.12.0/24 10.1.13.1 0 0 10 i
*i 10.0.0.2 0 100 0 10 i
*> 100.0.0.1/32 10.1.13.1 0 0 10 i
*i 10.0.0.2 0 100 0 10 i

§ Configurar BGP AS20 en R6 y formar sesion eBGP R6-R5
§ R6 debe publicar el prefijo 100.0.0.6/32 y el enlace CE-PE.
R5
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 10.1.56.5 255.255.255.0
R5#show ip vrf A
A 1:1 Fa0/1
R6#ping 10.1.56.5
.!!!!
En ambos sitios es necesario publicar el/los enlaces PE-CE con el comando network X.X.X.X mask X.X.X.X si queremos tener
conectividad extremo a extremo. Otra alternatva es usar en el PE el comando distribute connected en la familia vrf de BGP.
R6
router bgp 20
149

address-family ipv4
network 10.1.56.0 mask 255.255.255.0
network 100.0.0.6 mask 255.255.255.255
R6#show ip bgp
*> 10.1.56.0/24 0.0.0.0 0 32768 i
*> 100.0.0.6/32 0.0.0.0 0 32768 i
R5
router bgp 1
no synchronization
exit-address-family
§ R2 debe instalar en su tabla de enrutamiento dos entradas para el prefijo 100.0.0.1/32
R2 puede alcanzar el prefijo 100.0.0.1/32 directamente por R1 y/o a través de R3. Pero surge un problema ya que las Distancias
Administrativas son distintas, y el proceso siempre escoje AD menor (eBGP AD = 20, iBGP AD = 200). EL IOS cuenta con el
comando maximum-paths eibgp que permite instalar rutas hacia un mismo destino pero conocidas con distintas ADs.
R2
router bgp 1
maximum-paths eibgp 2
R2#sh ip route vrf A bgp

Routing Table: A
B 10.1.56.0/24 [200/0] via 10.0.0.5, 01:20:13
B 100.0.0.1 [20/0] via 10.1.12.1, 00:01:12
[20/0] via 10.0.0.3, 00:01:12
B 100.0.0.6 [200/0] via 10.0.0.5, 01:26:56
Verificamos comunicación entre sitios

Como se trata de escenario Multihome, debemos especificar la interface de origen para un ping o traceroute.
R1#sh ip route bgp

150

B 10.1.56.0/24 [20/0] via 10.1.13.3, 00:00:03
B 100.0.0.6 [20/0] via 10.1.13.3, 00:00:03
R6#sh ip route bgp

B 10.1.12.0/24 [20/0] via 10.1.56.5, 01:37:29
B 100.0.0.1 [20/0] via 10.1.56.5, 01:44:07

1 10.1.13.3 76 msec
3 10.1.56.5 [AS 20] [MPLS: Label 513 Exp 0] 172 msec
4 10.1.56.6 [AS 20] 156 msec

1 10.1.56.5 92 msec
4 10.1.12.1 [AS 10] 196 msec
151
Sección PE-CE eBGP AS Override
Pre LAB

§ Formar Sesion MP-iBGP entre R2 y R5 utilizando loopback 0.
§ R3 y R4 son routers Providers y no participan en el intercambio de prefijos vpnv4.
R2
router bgp 1
R5
router bgp 1
152


10.0.0.2 4 1 2 2 1 0 0 00:00:05 0

R2
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 10.1.12.2 255.255.255.0
R2#show ip vrf A
A 1:1 Fa0/1
R1#ping 10.1.12.2
.!!!!

§ Configurar BGP AS10 en R1 y formar sesion eBGP R1-R2.
§ R1 debe publicar el prefijo 100.0.0.1/32
R1
router bgp 10
address-family ipv4
network 100.0.0.1 mask 255.255.255.255
R1#show ip bgp
*> 10.1.12.0/24 0.0.0.0 0 32768 i
*> 100.0.0.1/32 0.0.0.0 0 32768 i
153
R2
router bgp 1
no synchronization
redistribute connected
R2#show ip bgp vpnv4 all summary

1 BGP extended community entries using 24 bytes of memory

10.0.0.5 4 1 5 7 4 0 0 00:02:56 0
10.1.12.1 4 10 5 4 4 0 0 00:00:20 2


r> 10.1.12.0/24 10.1.12.1 0 0 10 i
*> 100.0.0.1/32 10.1.12.1 0 0 10 i

Routing Table: A
B 100.0.0.1 [20/0] via 10.1.12.1, 00:01:34

R5
ip vrf A
rd 1:1
154
ip vrf forwarding A
ip address 10.1.56.5 255.255.255.0
R5#show ip vrf A
A 1:1 Fa0/1
R6#ping 10.1.56.5
.!!!!

§ Configurar BGP AS10 en R6 y formar sesion eBGP R6-R5.
§ R6 publica el prefijo 100.0.0.6/32
En ambos sitios es necesario publicar el/los enlaces PE-CE con el comando network X.X.X.X mask X.X.X.X si queremos tener
conectividad extremo a extremo. Otra alternatva es usar en el PE el comando distribute connected en la familia vrf de BGP
(esta opción se utiliza en este escenario).
R6
router bgp 10
address-family ipv4
network 100.0.0.6 mask 255.255.255.255
R6#show ip bgp

*> 100.0.0.6/32 0.0.0.0 0 32768 i
R5
router bgp 1
no synchronization
El ejemplo muestra que el prefijo 100.0.0.6/32 no puede ser instalado en la tabla BGP R1 porque la actualización contiene el
AS10 (our own AS), metodo que usa BGP para evitar loops. Usamos debug ip bgp ipv4 unicast updates, y comprobamos el
comportamiento.
R1#show debugging
155
IP routing:
BGP updates debugging is on for address family: IPv4 Unicast
BGP: TX IPv4 Unicast Tab Generation suspending.

BGP: TX IPv4 Unicast Top global Deleting first marker with version 1.
BGP: TX IPv4 Unicast Top global Collection reached marker 1 after 0 net(s).
BGP: TX IPv4 Unicast Top global Collection done on marker 6 after 3 net(s).
BGP: TX IPv4 Unicast Top global Collection done on marker 6 after 0 net(s).
BGP: TX IPv4 Unicast Tab Executing.
BGP: TX IPv4 Unicast Tab Generation completed.
BGP(0): 10.1.12.2 rcv UPDATE w/ attr: nexthop 10.1.12.2, origin i, originator 0.0.0.0, merged path 1 10, AS_PATH ,
community , extended community , SSA attribute
BGPSSA ssacount is 0
BGP(0): 10.1.12.2 rcv UPDATE about 100.0.0.6/32 -- DENIED due to: AS-PATH contains our own AS;
Para corregir este problema tenemos varias opciones.

AS-OVERRIDE: Este comando reemplaza el AS original por el del Service Provider, esto quiere decir que si laq actualización del
prefijo 100.0.0.6/32 transporta el AS10, R2 lo reemplaza por el AS1.
Original [10 1]
as-override [1 1]
R1 recive la actualización que no contiene el AS10, si no el AS1 dos veces, entonces acepta la actualización y la instala en su tabla.
R2
router bgp 1
neighbor 10.1.12.1 as-override
R1# debug ip bgp ipv4 unicast updates,

BGP: TX Member message pool below threshold (0 < 0).
BGP(0): 10.1.12.2 rcv UPDATE about 100.0.0.1/32 -- withdrawn
BGP(0): 10.1.12.2 rcvd UPDATE w/ attr: nexthop 10.1.12.2, origin i, merged path 1 1, AS_PATH
BGP(0): 10.1.12.2 rcvd 100.0.0.6/32
BGP: TX IPv4 Unicast Net global 100.0.0.6/32 Changed.
BGP(0): 10.1.12.2 rcvd UPDATE w/ attr: nexthop 10.1.12.2, origin ?, metric 0, merged path 1, AS_PATH
BGP(0): 10.1.12.2 rcvd 10.1.12.0/24...duplicate ignored
BGP(0): 10.1.12.2 rcvd UPDATE w/ attr: nexthop 10.1.12.2, origin ?, merged path 1, AS_PATH
BGP(0): Revise route installing 1 of 1 routes for 100.0.0.6/32 -> 10.1.12.2(global) to main IP table
R1#show ip bgp

r> 10.1.12.0/24 10.1.12.2 0 01?
*> 10.1.56.0/24 10.1.12.2 01?
*> 100.0.0.1/32 0.0.0.0 0 32768 i
*> 100.0.0.6/32 10.1.12.2 011i
R1#sh ip route bgp

B 10.1.56.0/24 [20/0] via 10.1.12.2, 00:25:21
156

B 100.0.0.6 [20/0] via 10.1.12.2, 00:09:51

1 10.1.12.2 [AS 1] 88 msec
4 10.1.56.6 [AS 1] 272 msec
Tenemos comunicación desde Sitio 1 a Sitio2, pero no a la inversa. La solución es simetrica.
R6#show ip bgp

*> 10.1.12.0/24 10.1.56.5 01?
r> 10.1.56.0/24 10.1.56.5 0 01?
*> 100.0.0.6/32 0.0.0.0 0 32768 i
R5
router bgp 1
R6#debug bgp ipv4 unicast updates

BGP(0): 10.1.56.5 rcvd UPDATE w/ attr: nexthop 10.1.56.5, origin i, merged path 1 1, AS_PATH
BGP(0): 10.1.56.5 rcvd 100.0.0.1/32
BGP: TX IPv4 Unicast Net global 100.0.0.1/32 Changed.
BGP(0): 10.1.56.5 rcv UPDATE about 100.0.0.6/32 -- withdrawn
BGP(0): 10.1.56.5 rcvd UPDATE w/ attr: nexthop 10.1.56.5, origin ?, merged path 1, AS_PATH
BGP(0): 10.1.56.5 rcvd UPDATE w/ attr: nexthop 10.1.56.5, origin ?, metric 0, merged path 1, AS_PATH
BGP(0): Revise route installing 1 of 1 routes for 100.0.0.1/32 -> 10.1.56.5(global) to main IP table
R6#show ip bgp
*> 10.1.12.0/24 10.1.56.5 0 1?
r> 10.1.56.0/24 10.1.56.5 0 0 1?
*> 100.0.0.1/32 10.1.56.5 0 11i
*> 100.0.0.6/32 0.0.0.0 0 32768 i
R6#sh ip route bgp

B 10.1.12.0/24 [20/0] via 10.1.56.5, 00:44:56
157
B 100.0.0.1 [20/0] via 10.1.56.5, 00:01:49

1 10.1.56.5 [AS 1] 88 msec
4 10.1.12.1 [AS 1] 188 msec
158
Sección PE-CE eBGP Hub and Spoke
Pre LAB
Hub and Spoke MPLS VPN

Al implementar un diseño Hub and Spoke MPLS VPN se quiere mantener la red VPN cliente centralizada, y cualquier flujo entre
distintos sitios del cliente VPN debe necesariamente atravesar el hub, por lo tanto no existe comunicación directa entre CEs, esto
puede ser deseable por motivos de seguridad. El Hub tiene conocimiento total de enrutamiento para todos los sitios de la misma
VPN y es el punto central entre los spokes.
Antes de poder implementar esta topología se debe cumplir lo siguiente:
- Los Spokes solos se deben comunicar con el Hub.
- El tráfico Spoke/Spoke necesita atravesar el Hub.
Es necesario:
- 2 RT distintas
- Diferentes RD
R6 y R1 tienen dos enlaces, uno es usado para enviar información de ruteo para la vrf spoke (172.16.16.0/24) y el otro para la
vrf hub (172.16.61.0/24). En R6 la VRF spoke recibe actualizaciones para rutas desde los sitios 2, 3 y 4. La VRF hub se encarga
de recibir las actualizaciones desde R1 y enviarlas a cada spoke.
159
Nota: Se ha tenido cuidado de no publicar el enlace CE/PE, (evitando usar redistributed conected o publicando directamente
cada enlace en el proceso BGP) para mantener claridad cuando tengamos que comprobar las configuraciones (menos rutas en la
tabla de enrutamiento). En consecuencia para pruebas de conectividad entre sitios los pings o traceroutes se usará la loopback 0
como source.
Paso 1: Configuración Backbone. MP-iBGP
Los Spokes forman sesiones BGP VPN con el router HUB.
R6
router bgp 1
R7
router bgp 1
R8
router bgp 1
R9
router bgp 1

160

10.0.0.7 4 1 4 4 1 0 0 00:00:30 0
10.0.0.8 4 1 2 2 1 0 0 00:00:26 0
10.0.0.9 4 1 2 2 1 0 0 00:00:22 0
Sitio 1
Formamos peering CE/PE (R1/R6). Notar que los vecinos BGP crearan dos sesiones distintas para el mismo AS.
Publicar loopback 0 del CE.
R1
router bgp 10
address-family ipv4
network 100.0.0.1 mask 255.255.255.255
R6
ip vrf hub
rd 1:11
ip vrf spoke
rd 1:10
ip vrf forwarding spoke
ip address 172.16.16.6 255.255.255.0
ip vrf forwarding hub
ip address 172.16.61.6 255.255.255.0
router bgp 1
address-family ipv4 vrf spoke
address-family ipv4 vrf hub

neighbor 172.16.61.1 allowas-in

161


172.16.16.6 4 1 6 6 2 0 0 00:02:43 0
172.16.61.6 4 1 5 5 2 0 0 00:00:49 0
Sitio 2
R2
router bgp 20
address-family ipv4
network 100.0.0.2 mask 255.255.255.255
R7
ip vrf spoke
rd 1:20
ip address 172.16.27.7 255.255.255.0
router bgp 1


10.0.0.6 4 1 31 28 5 0 0 00:21:26 2
172.16.27.2 4 20 7 7 5 0 0 00:02:33 1
162
Sitio 3
R3
router bgp 30
address-family ipv4
network 100.0.0.3 mask 255.255.255.255
R8
ip vrf spoke
rd 1:30
ip address 172.16.38.8 255.255.255.0
router bgp 1
Sitio 4
R4
router bgp 40
address-family ipv4
network 100.0.0.4 mask 255.255.255.255
R9
ip vrf spoke
rd 1:40
ip address 172.16.49.9 255.255.255.0
router bgp 1
Como comentamos al comenzar, R6 es el Hub para la VPN, y R1 para IP. Analizaremos el proceso Hub & Spoke MPLS VPN para
un prefijo particular.
163
Actualización desde R3 a R1
Tomemos como ejemplo el prefijo 100.0.0.3/32 en R3 y como se propaga a R4.
1. La actualización para la ruta 100.0.0.3/32 es publicada por R3 a R8 como una ruta IPv4.
2. R8 convierte la ruta IPv4 a VPNv4 (RT:prefijo = 1:30:100.0.0.3/32) agregando el RT 1:30 y se publica como next-hop
(100.0.0.3) a R6.
3. La actualización es recibida por R6 por medio de la VRF spoke importada con RT 1:30.
4. R6 convierte la ruta VPNv4 en IPv4 y la propaga a R1 (enlace 172.16.16.0/24).

Paths: (2 available, best #2, table spoke)
Advertised to update-groups:
1
10 1 30, imported path from 1:11:100.0.0.3/32
10.0.0.6 (metric 3) from 10.0.0.6 (10.0.0.6)
Origin IGP, metric 0, localpref 100, valid, internal
Extended Community: RT:1:10
mpls labels in/out 813/619
30
172.16.38.3 from 172.16.38.3 (100.0.0.3)
Origin IGP, metric 0, localpref 100, valid, external, best
mpls labels in/out 813/nolabel
30
10.0.0.8 (metric 3) from 10.0.0.8 (10.0.0.8)
Origin IGP, metric 0, localpref 100, valid, internal, best
5. R1 envía la actualización de 100.0.0.3/32 a R6 sobre el enlace 172.16.61.0/24 que está asociado a la VRF hub. R6 convierte
la ruta IPv4 a VPNv4 agregando el RT 1:10 y en lugar de publicar a R8 como next-hop, se publica el mismo como next-hop a R9.
6. R9 está configurado para aceptar RT 1:10 (VRF hub en PE1) y por lo tanto importa la ruta VPNv4.
7. Finalmente R9 convierte la ruta VPNv4 a IPv4 y publica la actualización a R4.
Puesto que la actualización incluye el atributo AS_PATH, en este punto del trayecto tenemos AS_PATH 30 1. Posteriormente,
como la actualizacion vuelve a ingresar a a PE1, este ve su propio AS y rechaza la actualización (comportamiento por defecto para
evitar loops). Sin hacer cambios en el AS_PATH no podremos comunicar los distintos sitios. Para anular este comportamiento
usamos el comando neighbor neighbor allowas-in. En la mayoría de los casos debemos evitar utilizar este comando.
El siguientee debug nos muestra el comportamiento (rechazar si AS_PATH contiene el propio AS) de PE1 cuando recibe
actualizaciones desde los distintos sitios desde R1 a través del enlace 172.16.61.0/24 asociado a la VRF hub.

1 172.16.38.8 100 msec
4 172.16.61.1 156 msec
5 172.16.16.6 164 msec
164

8 172.16.49.4 276 msec
R6#debug bgp ipv4 unicast updates in

R6#show debugging
IP routing:
BGP(0): 172.16.61.1 rcv UPDATE w/ attr: nexthop 172.16.61.1, origin i, originator 0.0.0.0, merged path 10 1 40, AS_PATH
, community , extended community , SSA attribute
BGP: 172.16.61.1 Modifying prefix 100.0.0.4/32 from 0 -> 4 address
165
Sección PE-CE Control VPN
Pre LAB
MP-iBGP AS1
R4 y R5 son RR para el cluster 69 (AS1)
R2
router bgp 1
neighbor RR peer-group
neighbor RR remote-as 1
neighbor RR update-source Loopback0
neighbor 10.0.0.4 peer-group RR
neighbor RR send-community extended
R3
router bgp 1
neighbor RR send-community extended
166
R4
router bgp 1
bgp cluster-id 69
R5
router bgp 1
bgp cluster-id 69

10.0.0.2 4 1 5 3 1 0 0 00:01:23 0
10.0.0.3 4 1 4 5 1 0 0 00:01:24 0
10.0.0.5 4 1 2 2 1 0 0 00:00:08 0

10.0.0.2 4 1 2 2 1 0 0 00:00:50 0
10.0.0.3 4 1 2 2 1 0 0 00:00:46 0
10.0.0.4 4 1 2 2 1 0 0 00:00:53 0
167

BGP version 4
Neighbor sessions:

10.0.0.2 10.0.0.3 10.0.0.5
Index 0

BGP version 4
Neighbor sessions:

10.0.0.2 10.0.0.3 10.0.0.4
Index 0
MP-iBGP AS2
R6
router bgp 2
R7
router bgp 2
168



10.0.0.6 4 2 2 2 1 0 0 00:00:14 0
MP-eBGP AS1/AS2
R4
router bgp 1
R6
router bgp 2
R5
router bgp 1
R7
router bgp 2

10.0.0.2 4 1 21 19 1 0 0 00:15:37 0
10.0.0.3 4 1 19 21 1 0 0 00:15:39 0
10.0.0.5 4 1 18 17 1 0 0 00:14:23 0
10.1.46.6 4 2 6 6 1 0 0 00:02:30 0

10.0.0.2 4 1 18 19 1 0 0 00:14:59 0
10.0.0.3 4 1 18 19 1 0 0 00:14:55 0
169
10.0.0.4 4 1 18 19 1 0 0 00:15:02 0
10.1.57.7 4 2 4 4 1 0 0 00:00:04 0
VPN Sitio 1
La VRF A debe usar RD/RT 1:1
R3
ip vrf A
rd 1:1
ip vrf B
rd 1:2
no shutdown
interface FastEthernet0/0.150
encapsulation dot1Q 150
ip vrf forwarding A
ip address 150.1.13.3 255.255.255.0
ip vrf forwarding B
ip address 160.1.13.3 255.255.255.0
R1
no shutdown
ip address 150.1.13.1 255.255.255.0
!
ip address 160.1.13.1 255.255.255.0
R1#ping 150.1.13.3
.!!!!
R1#ping 160.1.13.3
.!!!!
IGP PE-CE OSPF 10
170
R1
ip ospf 10 area 0
interface Loopback0
ip address 10.1.1.1 255.255.255.255
ip ospf 10 area 0
R3
ip ospf 10 area 0

router bgp 1

Routing Table: A

O 10.1.1.1 [110/2] via 150.1.13.1, 00:03:00, FastEthernet0/0.150
R3#ping vrf A 10.1.1.1

!!!!!

1
Local
150.1.13.1 from 0.0.0.0 (10.0.0.3)
Origin incomplete, metric 2, localpref 100, weight 32768, valid, sourced, best
Extended Community: RT:1:1 OSPF DOMAIN ID:0x0005:0x0000000A0200
IGP PE-CE EIGRP 1
R1
router eigrp 1
network 160.1.13.1 0.0.0.0
network 100.0.0.0
171
passive-interface FastEthernet0/0.150
no auto-summary
R3
router eigrp 3
address-family ipv4 vrf B
default-metric 10000 1000 255 1 1500
redistribute bgp 1
network 160.1.13.3 0.0.0.0
autonomous-system 1
no auto-summary
router bgp 1

Paths: (1 available, best #1, table B)
1
Local
160.1.13.1 from 0.0.0.0 (10.0.0.3)
Extended Community: RT:1:2 Cost:pre-bestpath:128:156160 0x8800:32768:0
0x8801:1:130560 0x8802:65281:25600 0x8803:65281:1500
0x8806:0:1677787393
R3#sh ip route vrf B eigrp

Routing Table: B
D 100.1.1.1 [90/156160] via 160.1.13.1, 00:00:56, FastEthernet0/0.160
VPN Sitio 2
Esta configuracion define peering R8/R6, R8/R7 MP-eBGP
La VRF B debe usar RD/RT 2:1 OSPF 10, RD/RT 2:2 EIGRP 1
R6
router bgp 2
no bgp default route-target filter
R7
router bgp 2
172
R8
router bgp 3

10.1.68.6 4 2 2 4 1 0 0 00:00:38 0
10.1.78.7 4 2 2 4 1 0 0 00:00:39 0
Configuracion VRF Sitio 2
R8
ip vrf A
rd 2:1
ip vrf B
rd 2:2
no shutdown
ip vrf forwarding A
ip address 150.1.89.8 255.255.255.0
ip vrf forwarding B
ip address 160.1.89.8 255.255.255.0
R9
no shutdown
ip address 150.1.89.9 255.255.255.0
173
ip address 160.1.89.9 255.255.255.0
R9#ping 150.1.89.8
.!!!!
R9#ping 160.1.89.8
.!!!!
Sitio 2 IGP PE-CE OSPF 10
R9
ip ospf 10 area 0
interface Loopback0
ip address 10.1.1.9 255.255.255.255
ip ospf 10 area 0
router ospf 10
router-id 10.1.1.9
R8
ip ospf 10 area 0

router bgp 3

Routing Table: A

O 10.1.1.9 [110/2] via 150.1.89.9, 00:00:03, FastEthernet0/0.150
R8#ping vrf A 10.1.1.9

!!!!!

174

*> 10.1.1.9/32 150.1.89.9 2 32768 ?
*> 150.1.89.0/24 0.0.0.0 0 32768 ?
Sitio 2 IGP PE-CE EIGRP 1
R9
router eigrp 1
network 100.0.0.0
network 160.1.89.9 0.0.0.0
passive-interface FastEthernet0/0.150
no auto-summary
R8
default-metric 10000 100 255 1 1500
redistribute bgp 3
network 160.1.89.8 0.0.0.0
autonomous-system 1
exit-address-family
router bgp 3
R8#sh ip route vrf B eigrp

Routing Table: B
Comprobamos el LABEL SWITCHED PATH (LSP) esté completo desde los PEs de ambos sitios. Podemos ver lo que mas me
temia, el next hop MP-iBGP es desconocido para R2 y R3. Modificamos el next-hop en AS1 y AS2.


* i10.1.1.9/32 10.1.46.6 0 100 0 2 3 ?
*i 10.1.57.7 0 100 0 2 3 ?
* i150.1.89.0/24 10.1.46.6 0 100 0 2 3 ?
*i 10.1.57.7 0 100 0 2 3 ?
* i100.1.1.9/32 10.1.46.6 0 100 0 2 3 ?
175
*i 10.1.57.7 0 100 0 23?

* i160.1.89.0/24 10.1.46.6 0 100 0 23?
*i 10.1.57.7 0 100 0 23?
R4
router bgp 1
neighbor AS1 next-hop-self
R5
router bgp 1
R6
router bgp 2
neighbor 10.0.0.7 next-hop-self
R7
router bgp 2

*> 10.1.1.1/32 150.1.13.1 2 32768 ?
*>i10.1.1.9/32 10.0.0.4 0 100 0 2 3 ?
*> 150.1.13.0/24 0.0.0.0 0 32768 ?
*>i150.1.89.0/24 10.0.0.4 0 100 0 2 3 ?

Route Distinguisher: 1:2 (default for vrf B)
*> 100.1.1.1/32 160.1.13.1 156160 32768 ?
*>i100.1.1.9/32 10.0.0.4 0 100 0 23?
*> 160.1.13.0/24 0.0.0.0 0 32768 ?
*>i160.1.89.0/24 10.0.0.4 0 100 0 23?
* i10.1.1.9/32 10.0.0.5 0 100 0 2 3 ?
*>i 10.0.0.4 0 100 0 2 3 ?
* i150.1.89.0/24 10.0.0.5 0 100 0 2 3 ?
*>i 10.0.0.4 0 100 0 2 3 ?
176


* i100.1.1.9/32 10.0.0.5 0 100 0 2 3 ?
*>i 10.0.0.4 0 100 0 2 3 ?
* i160.1.89.0/24 10.0.0.5 0 100 0 2 3 ?
*>i 10.0.0.4 0 100 0 2 3 ?
Puebas entre Sitios
R1#sh ip route ospf

O IA 10.1.1.9 [110/2] via 150.1.13.3, 00:07:46, FastEthernet0/0.150
O IA 150.1.89.0/24 [110/2] via 150.1.13.3, 00:07:46, FastEthernet0/0.150

D 160.1.89.0/24
[90/30720] via 160.1.13.3, 00:08:07, FastEthernet0/0.160

1 150.1.13.3 156 msec
5 150.1.89.9 256 msec

1 160.1.13.3 212 msec
5 160.1.89.9 256 msec
Comunicacion Sitio 2 a Sitio 1
R9#sh ip route ospf

O IA 10.1.1.1 [110/2] via 150.1.89.8, 00:18:12, FastEthernet0/0.150
177
O IA 150.1.13.0/24 [110/2] via 150.1.89.8, 00:18:12, FastEthernet0/0.150

D 160.1.13.0/24
[90/30720] via 160.1.89.8, 00:18:41, FastEthernet0/0.160

1 150.1.89.8 68 msec
5 150.1.13.1 252 msec

1 160.1.89.8 104 msec
5 160.1.13.1 280 msec

* 10.1.1.1/32 10.1.68.6 0 21?
*> 10.1.78.7 0 21?
* 150.1.13.0/24 10.1.68.6 0 21?
*> 10.1.78.7 0 21?
* 100.1.1.1/32 10.1.68.6 0 21?
*> 10.1.78.7 0 21?
* 160.1.13.0/24 10.1.68.6 0 21?
*> 10.1.78.7 0 21?
*> 10.1.1.1/32 10.1.78.7 021?
*> 10.1.1.9/32 150.1.89.9 2 32768 ?
*> 150.1.13.0/24 10.1.78.7 021?
*> 150.1.89.0/24 0.0.0.0 0 32768 ?
*> 100.1.1.1/32 10.1.78.7 021?
*> 100.1.1.9/32 160.1.89.9 156160 32768 ?
*> 160.1.13.0/24 10.1.78.7 021?
*> 160.1.89.0/24 0.0.0.0 0 32768 ?
Nuestro estudio ha determinado que el trafico desde Sitio1 a Sitio2 utiliza el path MP-eBGP R4/R6, y el trafico desde Sitio2 a
Sitio1 utiliza el path MP-eBGP R5/R7.
178
La VPN A debe usar el path MP-eBGP R4/R6. La VPN B debe usar el path MP-eBGP R5/R7
La forma más efectiva de cumplir estas politicas es usar RR GROUP.
Permitimos en enlace R4/R6 los RTs 1:1 y 2:1. Permitimos en enlace R4/R6 los RTs 2:1 y 2:2
Configuracion RR Group AS1
R4
ip extcommunity-list 10 permit rt 1:1
router bgp 1
bgp rr-group 10
R5
router bgp 1
bgp rr-group 10

*>i10.1.1.1/32 10.0.0.3 2 100 0 ?
*>i150.1.13.0/24 10.0.0.3 0 100 0 ?
*> 10.1.1.9/32 10.1.46.6 0 23?
*> 150.1.89.0/24 10.1.46.6 0 23?

179

*>i100.1.1.1/32 10.0.0.3 156160 100 0 ?
*>i160.1.13.0/24 10.0.0.3 0 100 0 ?
*> 100.1.1.9/32 10.1.57.7 0 23?
*> 160.1.89.0/24 10.1.57.7 0 23?
Finalmente comprobamos que el path sea el correcto para cada VPN.

*> 10.1.1.1/32 150.1.13.1 2 32768 ?
*>i10.1.1.9/32 10.0.0.4 0 100 0 2 3 ?
*> 150.1.13.0/24 0.0.0.0 0 32768 ?
*>i150.1.89.0/24 10.0.0.4 0 100 0 2 3 ?
*> 100.1.1.1/32 160.1.13.1 156160 32768 ?
*>i100.1.1.9/32 10.0.0.5 0 100 0 2 3 ?
*> 160.1.13.0/24 0.0.0.0 0 32768 ?
*>i160.1.89.0/24 10.0.0.5 0 100 0 2 3 ?
*>i10.1.1.9/32 10.0.0.4 0 100 0 2 3 ?
*>i150.1.89.0/24 10.0.0.4 0 100 0 2 3 ?
*>i100.1.1.9/32 10.0.0.5 0 100 0 2 3 ?
*>i160.1.89.0/24 10.0.0.5 0 100 0 2 3 ?

1 150.1.13.3 144 msec
5 150.1.89.9 332 msec

1 160.1.13.3 92 msec
5 160.1.89.9 440 msec

* 10.1.1.1/32 10.1.78.7 0 21?
*> 10.1.68.6 0 21?
180
* 150.1.13.0/24 10.1.78.7 0 21?

*> 10.1.68.6 0 21?
* 100.1.1.1/32 10.1.68.6 0 21?
*> 10.1.78.7 0 21?
* 160.1.13.0/24 10.1.68.6 0 21?
*> 10.1.78.7 0 21?
*> 10.1.1.1/32 10.1.68.6 0 21?
*> 10.1.1.9/32 150.1.89.9 2 32768 ?
*> 150.1.13.0/24 10.1.68.6 0 21?
*> 150.1.89.0/24 0.0.0.0 0 32768 ?
*> 100.1.1.1/32 10.1.78.7 0 21?
*> 100.1.1.9/32 160.1.89.9 156160 32768 ?
*> 160.1.13.0/24 10.1.78.7 0 21?
*> 160.1.89.0/24 0.0.0.0 0 32768 ?
1 150.1.89.8 140 msec
5 150.1.13.1 368 msec

1 160.1.89.8 176 msec
5 160.1.13.1 324 msec
181
Sección Internet Access Static routes
Setup
Preload initial configurations
Building Blocks
§ IGP
§ MPLS/LDP
§ iBGP
§ MP-iBGP
§ eBGP
§ VPNs (VRFs)
§ Statics Routes
§ Test and Troubleshooting
§ IGP
Configure IS-IS Level 2 with de follow NETs:
- R3 Net 49.0001.0000.0000.0003.00
- R4 Net 49.0001.0000.0000.0004.00
- R5 Net 49.0001.0000.0000.0005.00
- R6 Net 49.0001.0000.0000.0006.00
R3
ip router isis
isis network point-to-point
ip router isis
182
router isis
net 49.0001.0000.0000.0003.00
metric-style wide level-2
log-adjacency-changes all
R4
ip router isis
ip router isis
router isis
net 49.0001.0000.0000.0004.00
R5
ip router isis
ip router isis
ip router isis
router isis
net 49.0001.0000.0000.0005.00
R6
ip router isis
ip router isis
ip router isis
router isis
net 49.0001.0000.0000.0006.00
183

R3 L2 Fa0/1 10.1.35.3 UP 28 00
R4 L2 Fa1/0 10.1.45.4 UP 25 01
R6 L2 Fa0/0 10.1.56.6 UP 25 00
R3#sh ip route isis

§ MPLS/LDP
R3
ip cef
mpls ip

mpls ip
mpls ip
R4
ip cef
mpls ip

mpls ip
184
mpls ip
R5
ip cef
mpls ip

mpls ip
mpls ip
mpls ip
R6
ip cef
mpls ip

mpls ip
mpls ip
mpls ip
MPLS LDP Verification

304 511 10.0.0.4/32 0 Fa0/1 10.1.35.5
614 10.0.0.4/32 0 Fa1/0 10.1.36.6
305 Pop Label 10.0.0.5/32 0 Fa0/1 10.1.35.5
306 Pop Label 10.0.0.6/32 0 Fa1/0 10.1.36.6
310 Pop Label 10.1.45.0/24 0 Fa0/1 10.1.35.5
311 Pop Label 10.1.46.0/24 0 Fa1/0 10.1.36.6
312 Pop Label 10.1.56.0/24 0 Fa0/1 10.1.35.5
185
Pop Label 10.1.56.0/24 0 Fa1/0 10.1.36.6

10.1.36.6 [MPLS: Label 614 Exp 0] 132 msec
2 10.1.45.4 124 msec
10.1.46.4 104 msec

2 10.1.46.4 156 msec
§ iBGP
§ MP-iBGP
R5/R6 ->RR
R3
router bgp 1
!
address-family ipv4
no synchronization
network 10.0.0.3 mask 255.255.255.255
no auto-summary
exit-address-family
!
exit-address-family
R4
router bgp 1
!
address-family ipv4
no synchronization
186
network 10.0.0.4 mask 255.255.255.255

no auto-summary
exit-address-family
!
exit-address-family
R5
router bgp 1
!
address-family ipv4
no synchronization
network 10.0.0.5 mask 255.255.255.255
no auto-summary
exit-address-family
!
exit-address-family
R6
router bgp 1
!
address-family ipv4
no synchronization
network 10.0.0.6 mask 255.255.255.255
187

no auto-summary
exit-address-family
!
exit-address-family


10.0.0.3 4 1 2 2 1 0 0 00:00:26 0
10.0.0.4 4 1 2 2 1 0 0 00:00:24 0
10.0.0.6 4 1 2 2 1 0 0 00:00:19 0


10.0.0.3 4 1 2 2 1 0 0 00:00:26 0
10.0.0.4 4 1 2 2 1 0 0 00:00:24 0
10.0.0.6 4 1 2 2 1 0 0 00:00:10 0
MP-eBGP
Reachability Default GW 100.0.0.7
R5/R6
R5
router bgp 1
address-family ipv4
R6
router bgp 1
address-family ipv4
188
R7
router bgp 2
!
address-family ipv4
no synchronization
network 100.0.0.7 mask 255.255.255.255
R7#show ip bgp regexp _1$

* 10.0.0.3/32 197.1.1.1 0 1i
*> 197.2.1.1 0 1i
* 10.0.0.4/32 197.1.1.1 0 1i
*> 197.2.1.1 0 1i
* 10.0.0.5/32 197.1.1.1 0 0 1i
*> 197.2.1.1 0 1i
* 10.0.0.6/32 197.1.1.1 0 1i
*> 197.2.1.1 0 0 1i
R3#show ip bgp
*> 10.0.0.3/32 0.0.0.0 0 32768 i
r i10.0.0.4/32 10.0.0.4 0 100 0 i
r>i 10.0.0.4 0 100 0 i
r i10.0.0.5/32 10.0.0.5 0 100 0 i
r>i 10.0.0.5 0 100 0 i
r i10.0.0.6/32 10.0.0.6 0 100 0 i
r>i 10.0.0.6 0 100 0 i
*>i100.0.0.7/32 10.0.0.5 0 100 0 2i
*i 10.0.0.6 0 100 0 2i


*>i100.0.0.7/32 10.0.0.5 0 100 0 2i
*i 10.0.0.6 0 100 0 2i
189
Load-Sharing iBGP in Global Table
R3#sh ip route bgp

B 100.0.0.7 [200/0] via 10.0.0.5, 00:02:54
R3
router bgp 1
address-family ipv4
maximum-paths ibgp 2
R3#sh ip route bgp

B 100.0.0.7 [200/0] via 10.0.0.6, 00:00:26
[200/0] via 10.0.0.5, 00:00:26
R4
router bgp 1
address-family ipv4
maximum-paths ibgp 2
R4#sh ip route bgp

B 100.0.0.7 [200/0] via 10.0.0.6, 00:00:04
[200/0] via 10.0.0.5, 00:00:04

1 10.1.35.5 100 msec
10.1.36.6 68 msec
2 197.1.1.2 148 msec
197.2.1.2 168 msec

1 10.1.45.5 96 msec
10.1.46.6 96 msec
2 197.1.1.2 172 msec
197.2.1.2 132 msec
VPN OAM Site 1
IP CEF : Change to Load-sharing per-packet. Default per destination.

This ensures that traffic flowing from the CE router R1 to the PE router R3 via the VRF interface and being forwarded according
to the static route is forwarded to the next hop in the global routing table (R5 and R6).
§ VPNs (VRFs)
§ Statics Routes
§ Test and Troubleshooting
R3
190
vrf definition OAM

rd 1:3
!
address-family ipv4
exit-address-family
!
vrf forwarding OAM
ip address 172.16.13.3 255.255.255.0
ip route 200.0.0.1 255.255.255.255 FastEthernet0/0 172.16.13.1

ip route vrf OAM 0.0.0.0 0.0.0.0 10.1.36.6 global
ip route vrf OAM 0.0.0.0 0.0.0.0 10.1.35.5 global
router bgp 1
address-family ipv4
redistribute static
R3#sh ip route vrf OAM static

Routing Table: OAM
Gateway of last resort is 10.1.36.6 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 10.1.36.6
[1/0] via 10.1.35.5
R1
ip route 0.0.0.0 0.0.0.0 fastEthernet 0/0 172.16.13.3
R3#ping vrf OAM 200.0.0.1

!!!!!
R3#show cef interface fastEthernet 0/1

FastEthernet0/1 is up (if_number 4)
Corresponding hwidb fast_if_number 4
Corresponding hwidb firstsw->if_number 4
Internet address is 10.1.35.3/24
ICMP redirects are always sent
Per packet load-sharing is disabled
IP unicast RPF check is disabled
IP policy routing is disabled
BGP based policy accounting on input is disabled
BGP based policy accounting on output is disabled
Hardware idb is FastEthernet0/1
Fast switching type 1, interface type 18
IP CEF switching enabled
IP CEF switching turbo vector
IP CEF turbo switching turbo vector
IP prefix lookup IPv4 mtrie 8-8-8-8 optimized
Input fast flags 0x0, Output fast flags 0x0
ifindex 4(4)
Slot Slot unit 1 VC -1
IP MTU 1500
191
The packet from R1 to Default GW use one path: R3->R5->R7

1 172.16.13.3 116 msec 132 msec 48 msec
2 10.1.35.5 120 msec 56 msec 76 msec
3 197.1.1.2 172 msec * 168 msec
For load sharing we can modify the default per destination to per packet
R3(config)#interface range fastEthernet 0/1 , f1/0

R3(config-if-range)#ip load-sharing ?
per-destination Deterministic distribution
per-packet Random distribution
R3(config-if-range)#ip load-sharing per-packet
R3#show cef interface fastEthernet 0/1

FastEthernet0/1 is up (if_number 4)
Corresponding hwidb fast_if_number 4
Corresponding hwidb firstsw->if_number 4
Internet address is 10.1.35.3/24
ICMP redirects are always sent
Per packet load-sharing is enabled
IP unicast RPF check is disabled
IP policy routing is disabled
BGP based policy accounting on input is disabled
BGP based policy accounting on output is disabled
Hardware idb is FastEthernet0/1
Fast switching type 1, interface type 18
IP CEF switching enabled
IP CEF switching turbo vector
IP CEF turbo switching turbo vector
IP prefix lookup IPv4 mtrie 8-8-8-8 optimized
Input fast flags 0x0, Output fast flags 0x0
ifindex 4(4)
Slot Slot unit 1 VC -1
IP MTU 1500

1 172.16.13.3 68 msec 96 msec
2 10.1.35.5 64 msec
10.1.36.6 120 msec
3 197.1.1.2 136 msec
197.2.1.2 152 msec
VPN A Site 2
We must repeat the same steps in Site 2.
R4
vrf definition A
rd 1:4
192
!
address-family ipv4
exit-address-family
!
vrf forwarding A
ip address 172.16.24.4 255.255.255.0
ip route 200.0.0.2 255.255.255.255 FastEthernet0/0 172.16.24.2

ip route vrf A 0.0.0.0 0.0.0.0 10.1.46.6 global
ip route vrf A 0.0.0.0 0.0.0.0 10.1.45.5 global
router bgp 1
address-family ipv4
redistribute static
R2
ip route 0.0.0.0 0.0.0.0 fastEthernet 0/0 172.16.24.4
R2#traceroute 100.0.0.7 source lo0

1 172.16.24.4 120 msec 116 msec 76 msec
2 10.1.45.5 84 msec 84 msec 32 msec
3 197.1.1.2 148 msec * 160 msec
R4
ip load-sharing per-packet
R7#show ip bgp | b 200

* 200.0.0.1/32 197.2.1.1 0 1?
*> 197.1.1.1 0 1?
* 200.0.0.2/32 197.2.1.1 0 1?
*> 197.1.1.1 0 1?
R2#traceroute 100.0.0.7 source lo0 probe 2

1 172.16.24.4 108 msec 100 msec
2 10.1.45.5 128 msec
10.1.46.6 56 msec
3 197.1.1.2 108 msec
197.2.1.2 88 msec
Sección Internet Access GRE Tunnel

Preload initial/base configurations (IGP, MPLS/LDP, iBGP. MP-iBGP, eBGP).
We can to use just the VRF interface on the PE router and creating a GRE tunnel in the global routing space across that VRF
interface.
The follow example show the creation of the tunnel PE/CE (in the global space).
193
R3
interface Tunnel13
description **Tunnel Site 1**
ip address 192.168.1.3 255.255.255.0
tunnel source 172.16.13.3
tunnel vrf OAM
ip route 200.0.0.1 255.255.255.255 tunnel 13
router bgp 1
address-family ipv4
redistribute static
R1
interface Tunnel13
description **Tunnel Site 1**
ip address 192.168.1.1 255.255.255.0
tunnel source 172.16.13.1
ip route 0.0.0.0 0.0.0.0 tunnel 13
R1#show ip int brief

Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 172.16.13.1 YES manual up up
FastEthernet0/1 unassigned YES unset administratively down down
Loopback0 200.0.0.1 YES manual up up
Tunnel13 192.168.1.1 YES manual up up
R1
R1#debug ip packet 10
IP packet debugging is on for access list 10

1
IP: s=200.0.0.1 (local), d=100.0.0.7 (FastEthernet0/0), len 28, sending
IP: s=200.0.0.1 (local), d=100.0.0.7 (FastEthernet0/0), len 28, sending full packet *
192.168.1.3 112 msec
IP: s=200.0.0.1 (local), d=100.0.0.7 (Tunnel13), len 28, sending
IP: s=200.0.0.1 (local), d=100.0.0.7 (Tunnel13), len 28, sending full packet
2 10.1.36.6 84 msec
10.1.35.5 100 msec
194
3
197.2.1.2 212 msec
R1#no debug ip packet 10
IP packet debugging is off for access list 10
R1#ping 100.0.0.7 source loopback 0

!!!!!
195
Sección CSC only Carrier Customer
Pre LAB
Las configuraciones base/iniciales deben cargarse antes de continuar con el laboratorio; incluyen IGP y LDP en AS1 y AS2.
§ Backbone Carrier AS2 entrega servicios al Customer Carrier AS1.

§ Customer Carrier AS1 necesita comunicar Sitio1 y Sitio2 para las VPNs A y B
§ R1 es el Customer 1 en Sitio1 y pertenece al AS3 que debe conectarse a R8 AS3 Sitio2.
§ Utilizar ISIS en AS2 como IGP Core.
§ Utilizar OSPF 1 en AS1 como IGP Core.
AS1 MP-iBGP
R2
router bgp 1
196
R4
router bgp 1
R3
router bgp 1

10.0.0.2 4 1 6 4 1 0 0 00:02:05 0
10.0.0.4 4 1 6 6 1 0 0 00:02:44 0
Sitio2 MP-iBGP
R5
router bgp 1
R7
router bgp 1
197
R6
router bgp 1


10.0.0.5 4 1 4 4 1 0 0 00:00:40 0
10.0.0.7 4 1 2 2 1 0 0 00:00:39 0
AS2 MP-iBGP Backbone ISP
R9
router bgp 2
R10
router bgp 2

198
10.0.0.10 4 2 4 4 1 0 0 00:00:04 0

10.0.0.9 4 2 4 4 1 0 0 00:00:36 0
VPN Backbone Carrier Sitio 1

§ Configurar VPN AA en R9 y R10 utlizando RT/RD 2:1
§ Habilitar VRF en la interface f0/1 R9/R10
R9
ip vrf AA
rd 2:1
ip vrf forwarding AA
ip address 10.1.49.9 255.255.255.0
R9#ping vrf AA 10.1.49.4

.!!!!
R10
ip vrf AA
rd 2:1
ip address 10.1.105.10 255.255.255.0
R10#ping vrf AA 10.1.105.5

.!!!!
LSP PE-PE
R4
199
ip ospf 1 area 0
mpls ip
R9
interface Loopback1
ip address 10.1.1.9 255.255.255.255
ip ospf 1 area 0
mpls ldp router-id vrf AA Loopback1 force
ip ospf 1 area 0
mpls ip
R5
ip ospf 1 area 0
mpls ip
R10
interface Loopback1
ip address 10.1.1.10 255.255.255.255
ip ospf 1 area 0
mpls ldp router-id vrf AA Loopback1 force
ip ospf 1 area 0
mpls ip
R9#show mpls ldp neighbor vrf AA

TCP connection: 10.0.0.4.646 - 10.1.1.9.33198
State: Oper; Msgs sent/rcvd: 72/70; Downstream
Up time: 00:47:50
FastEthernet0/1, Src IP addr: 10.1.49.4
10.1.34.4 10.1.49.4 10.0.0.4
R10#show mpls ldp neighbor vrf AA

TCP connection: 10.0.0.5.646 - 10.1.1.10.45437
Up time: 00:48:01
10.1.56.5 10.1.105.5 10.0.0.5
200

10.0.0.4:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.3:0
LDP Id: 10.1.1.9:0
R9#show mpls ldp discovery vrf AA

10.1.1.9:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.4:0
R10#show mpls ldp discovery vrf AA

10.1.105.10:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.5:0; IP addr: 10.1.105.5; no host route

10.0.0.5:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.6:0
LDP Id: 10.1.1.10:0
Reditribucion IGP/BGP Backbone Carrier
R9
router ospf 1 vrf AA
router bgp 2
address-family ipv4 vrf AA
redistribute ospf 1 vrf AA match internal external 1 external 2
R10
router ospf 1 vrf AA
router bgp 2
redistribute ospf 1 vrf AA match internal external 1 external 2
201

Route Distinguisher: 2:1 (default for vrf AA)
*> 10.0.0.2/32 10.1.49.4 4 32768 ?
*> 10.0.0.3/32 10.1.49.4 3 32768 ?
*> 10.0.0.4/32 10.1.49.4 2 32768 ?
*>i10.0.0.5/32 10.0.0.10 2 100 0 ?
*>i10.0.0.6/32 10.0.0.10 3 100 0 ?
*>i10.0.0.7/32 10.0.0.10 4 100 0 ?
*> 10.1.1.9/32 0.0.0.0 0 32768 ?
*>i10.1.1.10/32 10.0.0.10 0 100 0 ?
*> 10.1.23.0/24 10.1.49.4 3 32768 ?
*> 10.1.34.0/24 10.1.49.4 2 32768 ?
*> 10.1.49.0/24 0.0.0.0 0 32768 ?
*>i10.1.56.0/24 10.0.0.10 2 100 0 ?
*>i10.1.67.0/24 10.0.0.10 3 100 0 ?
*>i10.1.105.0/24 10.0.0.10 0 100 0 ?

*>i10.0.0.2/32 10.0.0.9 4 100 0 ?
*>i10.0.0.3/32 10.0.0.9 3 100 0 ?
*>i10.0.0.4/32 10.0.0.9 2 100 0 ?
*> 10.0.0.5/32 10.1.105.5 2 32768 ?
*> 10.0.0.6/32 10.1.105.5 3 32768 ?
*> 10.0.0.7/32 10.1.105.5 4 32768 ?
*>i10.1.1.9/32 10.0.0.9 0 100 0 ?
*> 10.1.1.10/32 0.0.0.0 0 32768 ?
*>i10.1.23.0/24 10.0.0.9 3 100 0 ?
*>i10.1.34.0/24 10.0.0.9 2 100 0 ?
*>i10.1.49.0/24 10.0.0.9 0 100 0 ?
*> 10.1.56.0/24 10.1.105.5 2 32768 ?
*> 10.1.67.0/24 10.1.105.5 3 32768 ?
*> 10.1.105.0/24 0.0.0.0 0 32768 ?
LSP Customer Carrier
R2#sh ip route ospf | i IA

202
R7#sh ip route ospf | i IA


7 10.1.67.7 372 msec

7 10.1.23.2 308 msec
VPN A BGP Customer Sitio 1
R2
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 172.16.12.2 255.255.255.0
R2#ping vrf A 172.16.12.1

.!!!!
R1
router bgp 3
address-family ipv4
network 100.0.0.1 mask 255.255.255.255
203
R2
router bgp 1

*> 100.0.0.1/32 172.16.12.1 0 0 3i

1
3
172.16.12.1 from 172.16.12.1 (100.0.0.1)
Extended Community: RT:1:1 RT:1:2

Routing Table: A
B 100.0.0.1 [20/0] via 172.16.12.1, 00:01:37
VPN A BGP Customer Sitio 2
R7
ip vrf A
rd 1:2
ip vrf forwarding A
ip address 172.16.78.7 255.255.255.0
R7#ping vrf A 172.16.78.8

.!!!!
204
R8
router bgp 3
address-family ipv4
network 100.0.0.8 mask 255.255.255.255
R7
router bgp 1

*> 100.0.0.8/32 172.16.78.8 0 0 3i

1
3
172.16.78.8 from 172.16.78.8 (100.0.0.8)
Extended Community: RT:1:1 RT:1:2

Routing Table: A
B 100.0.0.8 [20/0] via 172.16.78.8, 00:01:01
RR
R4
router bgp 1
neighbor 10.0.0.5 route-reflector-client
205
R5
router bgp 1
Compatibilidad BGP. Deshabilitacion AS_PATH
R2
router bgp 1
R7
router bgp 1
R1#show ip bgp
*> 100.0.0.1/32 0.0.0.0 0 32768 i
*> 100.0.0.8/32 172.16.12.2 011i
r> 172.16.12.0/24 172.16.12.2 0 01?
*> 172.16.78.0/24 172.16.12.2 01?
R8#show ip bgp
*> 100.0.0.1/32 172.16.78.7 011i
*> 100.0.0.8/32 0.0.0.0 0 32768 i
*> 172.16.12.0/24 172.16.78.7 01?
r> 172.16.78.0/24 172.16.78.7 0 01?
R1#sh ip route bgp

B 100.0.0.8 [20/0] via 172.16.12.2, 00:03:24
B 172.16.78.0/24 [20/0] via 172.16.12.2, 00:05:30
206
R8#sh ip route bgp

B 100.0.0.1 [20/0] via 172.16.78.7, 00:03:39
B 172.16.12.0/24 [20/0] via 172.16.78.7, 00:07:21

1 172.16.12.2 [AS 1] 100 msec
9 172.16.78.8 [AS 1] 412 msec

1 172.16.78.7 [AS 1] 92 msec
9 172.16.12.1 [AS 1] 492 msec
207
Sección Carrier Supporting Carriers (CSC)
Pre LAB
Las configuraciones iniciales incluyen IGP y LDP en AS1 y AS2.

Backbone Carrier AS2 da servicios al Customer Carrier AS1.
R1 es el Customer 1 en Sitio1 y pertenece a la Compañía AS3 que debe conectarse al Sitio2.
Utilizar ISIS en AS2 como IGP Core.
Utilizar OSPF 1 en AS1 como IGP Core.
Podemos usar LDP entre ASs, o enviar label con neighbor X.X.X.X send-label.
AS1 Sitio1 MP-iBGP
R2
router bgp 1
208
R3
router bgp 1
R4
router bgp 1

10.0.0.2 4 1 4 4 1 0 0 00:00:35 0
10.0.0.3 4 1 2 2 1 0 0 00:00:31 0
AS1 Sitio2 MP-iBGP
R6
router bgp 1
R7
router bgp 1
209
R5
router bgp 1


10.0.0.6 4 1 2 2 1 0 0 00:00:10 0
10.0.0.7 4 1 2 2 1 0 0 00:00:12 0
AS2 MP-iBGP Backbone ISP
R9
router bgp 2
R10
router bgp 2
210

R11
router bgp 2
bgp cluster-id 2
R12
router bgp 2
bgp cluster-id 2


10.0.0.9 4 2 2 2 1 0 0 00:00:23 0
10.0.0.10 4 2 2 2 1 0 0 00:00:25 0
10.0.0.12 4 2 2 2 1 0 0 00:00:19 0

211

10.0.0.9 4 2 4 4 1 0 0 00:01:13 0
10.0.0.10 4 2 4 4 1 0 0 00:01:19 0
10.0.0.11 4 2 4 4 1 0 0 00:01:14 0
R9
ip vrf A
rd 2:1
ip vrf forwarding A
ip address 10.1.49.9 255.255.255.0
ip ospf 1 area 0
router ospf 1 vrf A

router-id 10.0.0.9
router bgp 2
R4
ip address 10.1.49.4 255.255.255.0
ip ospf 1 area 0


*> 10.0.0.2/32 10.1.49.4 3 32768 ?
*> 10.0.0.3/32 10.1.49.4 3 32768 ?
*> 10.0.0.4/32 10.1.49.4 2 32768 ?
*> 10.1.23.0/24 10.1.49.4 3 32768 ?
*> 10.1.24.0/24 10.1.49.4 2 32768 ?
*> 10.1.34.0/24 10.1.49.4 2 32768 ?
R10
ip vrf A
rd 2:1
212
ip vrf forwarding A
ip address 10.1.105.10 255.255.255.0
ip ospf 1 area 0
router ospf 1 vrf A

router-id 10.0.0.10
router bgp 2
R5
ip address 10.1.105.5 255.255.255.0
ip ospf 1 area 0

*>i10.0.0.2/32 10.0.0.9 3 100 0 ?
*i 10.0.0.9 3 100 0 ?
*>i10.0.0.3/32 10.0.0.9 3 100 0 ?
*i 10.0.0.9 3 100 0 ?
*>i10.0.0.4/32 10.0.0.9 2 100 0 ?
*i 10.0.0.9 2 100 0 ?
*> 10.0.0.5/32 10.1.105.5 2 32768 ?
*> 10.0.0.6/32 10.1.105.5 3 32768 ?
*> 10.0.0.7/32 10.1.105.5 3 32768 ?
*>i10.1.23.0/24 10.0.0.9 3 100 0 ?
*i 10.0.0.9 3 100 0 ?
*>i10.1.24.0/24 10.0.0.9 2 100 0 ?
*i 10.0.0.9 2 100 0 ?
*>i10.1.34.0/24 10.0.0.9 2 100 0 ?
*i 10.0.0.9 2 100 0 ?
*>i10.1.49.0/24 10.0.0.9 0 100 0 ?
*i 10.0.0.9 0 100 0 ?
*> 10.1.56.0/24 10.1.105.5 2 32768 ?
*> 10.1.57.0/24 10.1.105.5 2 32768 ?
*> 10.1.67.0/24 10.1.105.5 3 32768 ?
*> 10.1.105.0/24 0.0.0.0 0 32768 ?
Ejemplo LSP

Known via "ospf 1", distance 110, metric 5, type inter area
Last update from 10.1.24.4 on FastEthernet1/0, 00:06:13 ago
213

* 10.1.24.4, from 10.0.0.9, 00:06:13 ago, via FastEthernet1/0

2 10.1.49.9 296 msec
5 10.1.105.5 260 msec
6 10.1.57.7 336 msec
R4
mpls ip
R9
mpls ldp router-id vrf A fastEthernet 0/1 force
mpls ip
R9#show mpls ldp discovery vrf A

10.1.49.9:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.4:0
R5
mpls ip
R10
mpls ldp router-id vrf A fastEthernet 0/1 force
mpls ip
R10#show mpls ldp discovery vrf A

10.1.105.10:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.5:0

6 10.1.57.7 432 msec
Formar Cluster RR
Tener cuidado con el comando bgp cluster ID. Si en ambos RRs configuramos el mismo ID rechazará las rutas
214
R4#ping 10.0.0.6 source l0

!!!!!
R4
router bgp 1
bgp cluster-id 1
R5
router bgp 2
bgp cluster-id 1


10.0.0.2 4 1 5 3 1 0 0 00:01:24 0
10.0.0.3 4 1 5 5 1 0 0 00:01:28 0
10.0.0.5 4 1 4 4 1 0 0 00:00:11 0
Usando mismo cluster-ID deniega los prefijos
R4#debug bgp vpnv4 unicast updates 10.0.0.5

BGP updates debugging is on for neighbor 10.0.0.5 for address family: VPNv4 Unicast
BGP(4): 10.0.0.5 rcv UPDATE w/ attr: nexthop 10.0.0.7, origin ?, localpref 100, metric 156160, originator 10.0.0.7,
clusterlist 0.0.0.1, merged path , AS_PATH , community , extended community RT:1:1 Cost:pre-bestpath:128:156160
0x8800:32768:0 0x8801:1:130560 0x8802:65281:25600 0x8803:65281:1500 0x8806:0:1677721608, SSA attribute
BGP(4): 10.0.0.5 rcv UPDATE about 1:1:100.0.0.8/32 -- DENIED due to: reflected from the same cluster;, label 722
BGP: 10.0.0.5 RR in same cluster. Reflected update dropped
BGP(4): 10.0.0.5 rcv UPDATE w/ attr: nexthop 10.0.0.7, origin ?, localpref 100, metric 0, originator 10.0.0.7, clusterlist
0.0.0.1, merged path , AS_PATH , community , extended commun
R4#cibsity RT:1:1 Cost:pre-bestpath:128:28160 0x8800:32768:0 0x8801:1:2560 0x8802:65280:25600 0x8803:65281:1500
0x8806:0:2886749703, SSA attribute
BGP(4): 10.0.0.5 rcv UPDATE about 1:1:172.16.78.0/24 -- DENIED due to: reflected from the same cluster;, label 724
215
VPN Customer Carrier
R2
ip vrf AA
rd 1:1
ip address 172.16.12.2 255.255.255.0
R1#ping 172.16.12.2
.!!!!
R2
router bgp 1
R1
router bgp 3
address-family ipv4
network 100.0.0.1 mask 255.255.255.255
R2#show bgp vpnv4 unicast vrf AA


*> 100.0.0.1/32 172.16.12.1 0 0 3i
R7
ip vrf AA
rd 1:1
216
ip address 172.16.78.7 255.255.255.0
R8#ping 172.16.78.7
.!!!!
R7
router bgp 1
R8
router bgp 3
!
address-family ipv4
no synchronization
network 100.0.0.8 mask 255.255.255.255
R7#show bgp vpnv4 unicast vrf AA summary


172.16.78.8 4 3 5 4 2 0 0 00:00:06 1
Pruebas extremo a extremo R2-R7

*> 100.0.0.1/32 172.16.12.1 0 0 3i
*>i100.0.0.8/32 10.0.0.7 0 100 0 3 i
*> 172.16.12.0/24 0.0.0.0 0 32768 ?
*>i172.16.78.0/24 10.0.0.7 0 100 0 ?

Route Distinguisher: 1:1 (AA)
100.0.0.1/32 172.16.12.1 223/nolabel
217
100.0.0.8/32 10.0.0.7 nolabel/725

172.16.12.0/24 0.0.0.0 222/nolabel(AA)
172.16.78.0/24 10.0.0.7 nolabel/723

Paths: (1 available, best #1, table AA)
9
3
10.0.0.7 (metric 5) from 10.0.0.4 (10.0.0.4)
Originator: 10.0.0.7, Cluster list: 0.0.0.1, 0.0.0.2

*>i100.0.0.1/32 10.0.0.2 0 100 0 3 i
*> 100.0.0.8/32 172.16.78.8 0 0 3i
*>i172.16.12.0/24 10.0.0.2 0 100 0 ?
*> 172.16.78.0/24 0.0.0.0 0 32768 ?

Route Distinguisher: 1:1 (AA)
100.0.0.1/32 10.0.0.2 nolabel/223
100.0.0.8/32 172.16.78.8 725/nolabel
172.16.12.0/24 10.0.0.2 nolabel/222
172.16.78.0/24 0.0.0.0 723/nolabel(AA)

Paths: (1 available, best #1, table AA)
10
3
10.0.0.2 (metric 5) from 10.0.0.5 (10.0.0.5)
Originator: 10.0.0.2, Cluster list: 0.0.0.2, 0.0.0.1
Pruebas extremo a extremo R1-R8
R1#show ip bgp
218
*> 100.0.0.1/32 0.0.0.0 0 32768 i

*> 100.0.0.8/32 172.16.12.2 0 11i
r> 172.16.12.0/24 172.16.12.2 0 0 1?
*> 172.16.78.0/24 172.16.12.2 0 1?
R1#sh ip route bgp

B 100.0.0.8 [20/0] via 172.16.12.2, 00:01:57
B 172.16.78.0/24 [20/0] via 172.16.12.2, 00:02:10

1 172.16.12.2 [AS 1] 152 msec
8 172.16.78.8 [AS 1] 400 msec
R8#show ip bgp

*> 100.0.0.1/32 172.16.78.7 0 11i
*> 100.0.0.8/32 0.0.0.0 0 32768 i
*> 172.16.12.0/24 172.16.78.7 0 1?
r> 172.16.78.0/24 172.16.78.7 0 0 1?
R8#sh ip route bgp

B 100.0.0.1 [20/0] via 172.16.78.7, 00:17:01
B 172.16.12.0/24 [20/0] via 172.16.78.7, 00:17:01

1 172.16.78.7 [AS 1] 64 msec
8 172.16.12.1 [AS 1] 528 msec
219
Sección AToM Interworking
Pre LAB
Configurar Frame-Relay en enlace R5/R2 modo DLCI-DLCI

Crear PW que conecte ambos sitios L2 (enlace FR con red Ethernet)
R5
interface Serial1/0
ip address 172.16.56.5 255.255.255.0
serial restart-delay 0
no shut
R2
interface Serial2/0
description **AC Frame-Relay**
no shut
frame-relay interface-dlci 205 switched
R5#show frame-relay pvc | i STATUS

DLCI = 502, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial1/0

DLCI = 205, DLCI USAGE = SWITCHED, PVC STATUS = INACTIVE, INTERFACE = Serial2/0
220
El estado del enlace FR en R2 aparece Inactivo, esto se debe a que aun no establecemos el pseudowire entre R2 y R3.
En caso que debamos comunicar a traves de un PW protocolos de capa 2 con distinta encapsulacion (PPP/HDLP, FR/Ethernet,
PPP/Ethenet,..) dentro del PW usamos el comando interworking ip.
status: Enable pseudowire status extensions in label advertisement and label notification messages. This is not advised unless
your peer router also supports this functionality as it may lead to premature enabling of the dataplane on that peer.
R2
pseudowire-class AToM
encapsulation mpls
interworking ip
status
connect R2-R3 Serial2/0 205 l2transport

xconnect 10.0.0.3 10 pw-class AToM

DLCI = 205, DLCI USAGE = SWITCHED, PVC STATUS = ACTIVE, INTERFACE = Serial2/0
R6
ip address 172.16.56.6 255.255.255.0
duplex full
no shut
R3
pseudowire-class AToM
encapsulation mpls
interworking ip
status
description **AC Ethernet**
no shutdown
xconnect 10.0.0.2 10 pw-class AToM
R2#show mpls l2transport vc

Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
Se2/0 FR DLCI 205 10.0.0.3 10 UP

------------- -------------------------- --------------- ---------- ----------
Fa0/0 Ethernet 10.0.0.2 10 UP

10.0.0.2:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.1:0
LDP Id: 10.0.0.4:0
Targeted Hellos:
221

LDP Id: 10.0.0.3:0
Pruebas extremo extremo.
R2#show mpls l2transport vc 10 detail

Local interface: Se2/0 up, line protocol up, FR DLCI 205 up
Interworking type is IP
Destination address: 10.0.0.3, VC ID: 10, VC status: up
Output interface: Fa1/0, imposed label stack {403 315}
Preferred path: not configured
Default path: active
Next hop: 10.1.24.4
Create time: 00:21:41, last status change time: 00:06:06
Signaling protocol: LDP, peer 10.0.0.3:0 up
Targeted Hello: 10.0.0.2(LDP Id) -> 10.0.0.3
Status TLV support (local/remote) : enabled/supported
Label/status state machine : established, LruRru
Last local dataplane status rcvd: no fault
Last local SSS circuit status rcvd: no fault
Last local SSS circuit status sent: no fault
Last local LDP TLV status sent: no fault
Last remote LDP TLV status rcvd: no fault
MPLS VC labels: local 215, remote 315
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description: **AC Ethernet**
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 29, send 39
byte totals: receive 2900, send 4914
packet drops: receive 0, seq error 0, send 0

Local interface: Fa0/0 up, line protocol up, Ethernet up
Interworking type is IP
Next hop: 10.1.34.4
Remote interface description: **AC Frame-Relay**
222
VC statistics:
R3#show mpls l2transport binding

Destination Address: 10.0.0.2, VC ID: 10
Local Label: 315
Cbit: 1, VC Type: IP, GroupID: 0
MTU: 1500, Interface Desc: **AC Ethernet**
VCCV: CC Type: CW [1], RA [2]
CV Type: LSPV [2]
Remote Label: 215
MTU: 1500, Interface Desc: **AC Frame-Relay**
CV Type: LSPV [2]

Local Label: 215
MTU: 1500, Interface Desc: **AC Frame-Relay**
CV Type: LSPV [2]
Remote Label: 315
MTU: 1500, Interface Desc: **AC Ethernet**
CV Type: LSPV [2]
R5#ping 172.16.56.6
!!!!!
R6#ping 172.16.56.5
!!!!!
223
Si queremos configurar OSPF entre ambos CEs, no olvidar el comando ip ospf network point-to-point entre AC. Esto es válido
para Ethernet y FR.
R5
interface Serial1/0
ip address 172.16.56.5 255.255.255.0
R5
router ospf 1
router-id 100.0.0.5
network 100.0.0.5 0.0.0.0 area 0
network 172.16.56.0 0.0.0.255 area 0
R6
ip address 172.16.56.6 255.255.255.0
router ospf 1
router-id 100.0.0.6
network 100.0.0.6 0.0.0.0 area 0
network 172.16.56.0 0.0.0.255 area 0

100.0.0.5 100.0.0.5 73 0x80000005 0x00F801 3
100.0.0.6 100.0.0.6 46 0x80000007 0x00294A 3

224

!!!!!
225
Sección AToM Ethernet Port Mode
Pre LAB
Habilitar AToM entre Sitio1 y Sitio2. Usar modo Ethernet (EoMPLS) simple entre PEs R2 y R3.
Usar VC ID 10 entre PEs.
La configuración para este escenario es bastante sencilla. La encapsulación PE-CE es Ethernet, necesitamos usar el comando
xconnet en el PE de cara al CE.
El protocolo de selalización entre PEs es LDP, usamos show mpls ldp discovery para comprobar sesion PE-PE.
R2
full-duplex
no shut
no cdp enable
xconnect 10.0.0.3 10 encapsulation mpls
R3
duplex full
no shut
no cdp enable
R2#show mpls l2transport vc 10

------------- -------------------------- --------------- ---------- ----------
226

------------- -------------------------- --------------- ---------- ----------

10.0.0.2:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.1:0
LDP Id: 10.0.0.4:0
Targeted Hellos:
LDP Id: 10.0.0.3:0

10.0.0.3:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.4:0
LDP Id: 10.0.0.1:0
Targeted Hellos:
LDP Id: 10.0.0.2:0
Ejemplo Verificacion AToM Ethernet

Next hop: 10.1.24.4
Remote interface description:
VC statistics:
227


Next hop: 10.1.34.4
VC statistics:

Local Label: 213
Cbit: 1, VC Type: Ethernet, GroupID: 0
MTU: 1500, Interface Desc: n/a
CV Type: LSPV [2]
Remote Label: 313
CV Type: LSPV [2]

Local Label: 313
CV Type: LSPV [2]
Remote Label: 213
CV Type: LSPV [2]
228
Ejemplo Verificacion CE-CE
R5#show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
R6 Fas 0/0 164 R 7206VXR Fas 0/0
R5#ping 172.16.56.6
.!!!!
R6#show cdp neighbors detail

-------------------------
Device ID: R5
Entry address(es):
IP address: 172.16.56.5
Platform: Cisco 7206VXR, Capabilities: Router
Interface: FastEthernet0/0, Port ID (outgoing port): FastEthernet0/0
Holdtime : 154 sec
Version :
Cisco IOS Software, 7200 Software (C7200-SPSERVICESK9-M), Version 15.0(1)M, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 30-Sep-09 07:49 by prod_rel_team
advertisement version: 2
Duplex: full
229
Sección AToM Ethernet VLAN Mode
Pre LAB
• Formar sesion PW R2/R3 de manera que exista comunicación entre la VLAN 56 y la VLAN 65 entre ambos sitios.
R5
no ip address
no shut
ip address 172.16.56.5 255.255.255.0
ip address 172.16.65.5 255.255.255.0
R6
no ip address
no shut
ip address 172.16.56.6 255.255.255.0
ip address 172.16.65.6 255.255.255.0
230
AToM Ethernet VLAN
R2
no shut
R3
no shut

------------- -------------------------- --------------- ---------- ----------

------------- -------------------------- --------------- ---------- ----------
Comprobacion PW

Next hop: 10.1.34.4
VC statistics:
231

Next hop: 10.1.24.4
VC statistics:

Local Label: 213
CV Type: LSPV [2]
Remote Label: 313
CV Type: LSPV [2]

Local Label: 313
CV Type: LSPV [2]
Remote Label: 213
CV Type: LSPV [2]
232
Sección AToM Bridge Mode
Pre LAB
§ Interconectar la VLAN 56 de Sitio 1 con el segmento PE-CE de Sitio 2 utilizando el PseudoWire PW1.
Como se trata de dos tipos distintos de encapsulación, la debemos crear un PseudoWire con algo de configuración.
R5
no ip address
no shut
ip address 172.16.56.5 255.255.255.0
ip address 172.16.65.5 255.255.255.0
R6
ip address 172.16.56.6 255.255.255.0
no shut
233
Configuracion PseudWire
R2
pseudowire-class PW1
encapsulation mpls
interworking ethernet
no shut
xconnect 10.0.0.3 10 pw-class PW1
R3
encapsulation mpls
interworking ethernet
no shut

------------- -------------------------- --------------- ---------- ----------
Fa0/0.56 Eth VLAN 56 10.0.0.3 10 UP

------------- -------------------------- --------------- ---------- ----------
Ejemplo configuracion PseudWire

Local interface: Fa0/0.56 up, line protocol up, Eth VLAN 56 up
Interworking type is Ethernet
Next hop: 10.1.24.4
234

VC statistics:

Next hop: 10.1.34.4
VC statistics:

Local Label: 213
CV Type: LSPV [2]
Remote Label: 313
CV Type: LSPV [2]

Local Label: 313
CV Type: LSPV [2]
Remote Label: 213
CV Type: LSPV [2]
235
236
Sección AToM Load Sharing
Pre LAB
§ Interconectar Sitio1 con Sitio2 AToM VLAN mode

§ La VLAN 1 y VLAN 3 deben Path 1.
§ La VLAN 2 y VLAN 4 deben usar Path 2.
Necesitamos crear y publicar dos loopback en cada PE, la loopback1 identifica al Path 1 y la loopback 2 identifica el path 2.
Asociar cada prefijo (loopback 1, loopback 2) con una interface de salida.
Crear un PseudoWire mpls que apunte al peer adecuado.
R2
interface Loopback1
ip address 20.1.1.2 255.255.255.255
interface Loopback2
ip address 20.2.2.2 255.255.255.255
ip route 30.1.1.3 255.255.255.255 10.1.12.1

ip route 30.2.2.3 255.255.255.255 10.1.24.4
router ospf 1
network 20.1.1.2 0.0.0.0 area 0
network 20.2.2.2 0.0.0.0 area 0
R3
interface Loopback1
ip address 30.1.1.3 255.255.255.255
237
interface Loopback2
ip address 30.2.2.3 255.255.255.255
ip route 20.2.2.2 255.255.255.255 10.1.13.1

ip route 20.1.1.2 255.255.255.255 10.1.34.4
router ospf 1
network 30.1.1.3 0.0.0.0 area 0
network 30.2.2.3 0.0.0.0 area 0
R2#sh ip route static

S 30.2.2.3 [1/0] via 10.1.24.4
S 30.1.1.3 [1/0] via 10.1.12.1

2 10.1.34.3 104 msec

2 10.1.13.3 140 msec

S 20.2.2.2 [1/0] via 10.1.13.1
S 20.1.1.2 [1/0] via 10.1.34.4

2 10.1.12.2 76 msec

2 10.1.24.2 88 msec
Configuracion PseudoWire
R2
encapsulation mpls
preferred-path peer 30.1.1.3
encapsulation mpls
interface fastEthernet 0/0

no shutdown
238
R3
encapsulation mpls
encapsulation mpls

no shutdown
Configuracion sub-if Ces
R5
no shutdown
ip address 172.16.10.5 255.255.255.0
ip address 172.16.20.5 255.255.255.0
239
ip address 172.16.30.5 255.255.255.0
ip address 172.16.40.5 255.255.255.0
R6
no shutdown
ip address 172.16.10.6 255.255.255.0
ip address 172.16.20.6 255.255.255.0
ip address 172.16.30.6 255.255.255.0
ip address 172.16.40.6 255.255.255.0
Verificacion PseudoWire

------------- -------------------------- --------------- ---------- ----------
Fa0/0.10 Eth VLAN 10 10.0.0.3 10 UP
Fa0/0.20 Eth VLAN 20 10.0.0.3 20 UP
Fa0/0.30 Eth VLAN 30 10.0.0.3 30 UP
Fa0/0.40 Eth VLAN 40 10.0.0.3 40 UP

------------- -------------------------- --------------- ---------- ----------
Fa0/0.10 Eth VLAN 10 10.0.0.2 10 UP
Fa0/0.20 Eth VLAN 20 10.0.0.2 20 UP
Fa0/0.30 Eth VLAN 30 10.0.0.2 30 UP
Fa0/0.40 Eth VLAN 40 10.0.0.2 40 UP
R2#show mpls l2transport vc detail | i Destination address|Output interface

R3#show mpls l2transport vc detail | i Destination address|Output interface

240

Pruebas Extremo/Extremo
R5#ping 172.16.10.6 repeat 2

!!
R5#ping 172.16.20.6 repeat 2

!!
R5#ping 172.16.30.6 repeat 2

!!
R5#ping 172.16.40.6 repeat 2

!!
R6#ping 172.16.10.5 repeat 2

!!
R6#ping 172.16.20.5 repeat 2

!!
R6#ping 172.16.30.5 repeat 2

!!
R6#ping 172.16.40.5 repeat 2

!!
241
242
Sección AToM Frame Relay Port to Port
Pre LAB
Configurar AToM Frame-Relay Port-to-Port
R5
frame-relay switching
interface Serial1/0
no ip address
frame-relay intf-type nni
no shutdown
interface Serial1/0.100 point-to-point

ip address 172.100.1.5 255.255.255.0
snmp trap link-status
frame-relay interface-dlci 100

ip address 172.200.1.5 255.255.255.0
R6
frame-relay switching
interface Serial1/0
no ip address
frame-relay intf-type nni
no shutdown
243

ip address 172.100.1.6 255.255.255.0

ip address 172.200.1.6 255.255.255.0
Ejemplo Configuracion AToM Frame-Relay Port-to-Port

La encapsulación por defecto es HDLC en las interfaces seriales, y solo se muestra por claridad.
R2
interface Serial2/0
encapsulation hdlc
no shutdown
R3
interface Serial2/0
encapsulation hdlc
no shutdown
Ejemplo Verificacion PW

------------- -------------------------- --------------- ---------- ----------
Se2/0 HDLC 10.0.0.3 100 UP

Local interface: Se2/0 up, line protocol up, HDLC up
Next hop: 10.1.24.4
244

VC statistics:

------------- -------------------------- --------------- ---------- ----------
Se2/0 HDLC 10.0.0.2 100 UP

Local interface: Se2/0 up, line protocol up, HDLC up
Next hop: 10.1.34.4
VC statistics:

Local Label: 213
Cbit: 1, VC Type: HDLC, GroupID: 0
CV Type: LSPV [2]
Remote Label: 313
CV Type: LSPV [2]

Local Label: 313
CV Type: LSPV [2]
245
Remote Label: 213

CV Type: LSPV [2]
Ejemplo Verificacion Frame-Relay
R5#show frame-relay map

Serial1/0.100 (up): point-to-point dlci, dlci 100(0x64,0x1840), broadcast
status defined, active
Serial1/0.200 (up): point-to-point dlci, dlci 200(0xC8,0x3080), broadcast
R5#show frame-relay pvc

PVC Statistics for interface Serial1/0 (Frame Relay NNI)
Active Inactive Deleted Static
Local 2 0 0 0
Switched 0 0 0 0
Unused 0 0 0 0
DLCI = 100, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial1/0.100
LOCAL PVC STATUS = ACTIVE, NNI PVC STATUS = ACTIVE
input pkts 11 output pkts 15 in bytes 2524
out bytes 3860 dropped pkts 0 in pkts dropped 0
out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 10 out bcast bytes 3340
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:10:18, last time pvc status changed 00:06:46
R6#show frame-relay map

Serial1/0.100 (up): point-to-point dlci, dlci 100(0x64,0x1840), broadcast
Serial1/0.200 (up): point-to-point dlci, dlci 200(0xC8,0x3080), broadcast
R6#show frame-relay pvc

PVC Statistics for interface Serial1/0 (Frame Relay NNI)
Active Inactive Deleted Static
Local 2 0 0 0
Switched 0 0 0 0
Unused 0 0 0 0
246

R5#debug frame-relay lmi

Frame Relay LMI debugging is on
Displaying all Frame Relay LMI data
Serial1/0(out): StEnq, myseq 72, yourseen 56, DTE up

datagramstart = 0xA2CDBD4, datagramsize = 13
FR encap = 0xFCF10309
00 75 01 01 01 03 02 48 38
Serial1/0(in): Status, myseq 72, pak size 13

RT IE 1, length 1, type 1
KA IE 3, length 2, yourseq 57, myseq 72
R5#
Serial1/0(in): StEnq, myseq 57
RT IE 1, length 1, type 1
KA IE 3, length 2, yourseq 62, myseq 57
Serial1/0(out): Status, myseq 58, yourseen 62, DCE up
R5#ping 172.100.1.6
!!!!!
R5#ping 172.200.1.6
!!!!!
R6#ping 172.100.1.5
!!!!!
R6#ping 172.200.1.5
!!!!!
247

R6 Ser 1/0.200 135 R 7206VXR Ser 1/0.200
R6 Ser 1/0.100 135 R 7206VXR Ser 1/0.100

R5 Ser 1/0.200 121 R 7206VXR Ser 1/0.200
R5 Ser 1/0.100 121 R 7206VXR Ser 1/0.100
248
Sección AToM sobre tunnel GRE
Pre LAB
IGP/LDP
Configurar IS-IS con el siguiente esquema de direccionamiento:
Net R2 : 49.0001.0000.0000.0002.00 L2
Net R3 : 49.0001.0000.0000.0003.00 L2
Net R4 : 49.0001.0000.0000.0004.00 L2
Net R5 : 49.0001.0000.0000.0005.00 L2
Normalmente una sesión LDP se creará si existe un LSP (label switched path) entre LSRs , esto quiere decir que debe haber un
camino MPLS completo de ida y vuelta entre vecinos LDP, pero en este escenario el LSP no es continuo ya que solo participan los
LSRs R2 y R5, aun asi es posible lograr comunicación LDP utilizando un tunnel GRE entre los extremos LDP. El trafico LDP
entonces irá encapsualdo en el tunnel GRE.
Para esto debemos tener comunicación entre LSR, a traves de enrutamiento dinamico o estático.
Configuracion ISIS Core
R2
ip router isis
router isis
net 49.0001.0000.0000.0002.00
R3
ip router isis
ip router isis
249
router isis
net 49.0001.0000.0000.0003.00
R4
ip router isis
ip router isis
router isis
net 49.0001.0000.0000.0004.00
R5
ip router isis
router isis
net 49.0001.0000.0000.0005.00

R4 Fa0/0 ca08.07a4.0008 Up 24 L2 IS-IS
R2 Fa0/1 ca0a.07a4.0006 Up 28 L2 IS-IS
R2#sh ip route isis

R5#sh ip route isis

R2#ping 10.0.0.5 source 10.0.0.2

!!!!!
250

!!!!!
Configuracion Tunnel GRE
R2
interface Tunnel25
tunnel source FastEthernet0/1
R5
interface Tunnel25
tunnel source FastEthernet0/1
R2#show interfaces tunnel 25 summary

*: interface is up
IHQ: pkts in input hold queue IQD: pkts dropped from input queue
OHQ: pkts in output hold queue OQD: pkts dropped from output queue
RXBS: rx rate (bits/sec) RXPS: rx rate (pkts/sec)
TXBS: tx rate (bits/sec) TXPS: tx rate (pkts/sec)
TRTL: throttle count
Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS TRTL
------------------------------------------------------------------------
* Tunnel25 0 0 0 0 0 0 0 0 0
R5#show interfaces tunnel 25 summary

*: interface is up
IHQ: pkts in input hold queue IQD: pkts dropped from input queue
OHQ: pkts in output hold queue OQD: pkts dropped from output queue
RXBS: rx rate (bits/sec) RXPS: rx rate (pkts/sec)
TXBS: tx rate (bits/sec) TXPS: tx rate (pkts/sec)
TRTL: throttle count
Interface IHQ IQD OHQ OQD RXBS RXPS TXBS TXPS TRTL
------------------------------------------------------------------------
* Tunnel25 0 0 0 0 0 0 0 0 0
El tunnel GRE está activo, nos queda habilitar LDP.
Sesion LDP
R2
ip cef
mpls ip
251

interface Tunnel25
mpls ip
R5
ip cef
mpls ip
interface Tunnel25
mpls ip

10.0.0.2:0
Discovery Sources:
Interfaces:
Tunnel25 (ldp): xmit/recv
LDP Id: 10.0.0.5:0

10.0.0.5:0
Discovery Sources:
Interfaces:
Tunnel25 (ldp): xmit/recv
LDP Id: 10.0.0.2:0
R2#show mpls ldp neighbor

TCP connection: 10.0.0.5.11291 - 10.0.0.2.646
Up time: 00:05:50
Targeted Hello 10.0.0.2 -> 10.0.0.5, active, passive
Tunnel25, Src IP addr: 10.0.0.5
10.1.45.5 10.0.0.5
R5#show mpls ldp neighbor

TCP connection: 10.0.0.2.646 - 10.0.0.5.11291
Up time: 00:06:18
Tunnel25, Src IP addr: 10.0.0.2
10.1.23.2 10.0.0.2
AToM PPP sobre GRE
252
La ruta estática es necesaria para que el trafico del PW sea redirigido dentro del tunel GRE.
R2
ip route 10.0.0.5 255.255.255.255 tunnel 25
R5
ip route 10.0.0.2 255.255.255.255 tunnel 25
R2
interface Serial1/0
encapsulation ppp
R5
interface Serial1/0
encapsulation ppp

------------- -------------------------- --------------- ---------- ----------
Se1/0 PPP 10.0.0.5 10 UP

------------- -------------------------- --------------- ---------- ----------
Se1/0 PPP 10.0.0.2 10 UP
El tunnel GRE trata al enlace como directamente conectado (back to back), R2 y R5 solo necesitan una etiqueta VC en la
conexión AToM (no hay tunnel label). El comando show mpls l2transport bindings nos muestra los campos de la CW.

Local interface: Se1/0 up, line protocol up, PPP up
Output interface: Tu25, imposed label stack {506}
Next hop: point2point
Remote interface description: **CE-R6**
253
VC statistics:

Local Label: 206
Cbit: 1, VC Type: PPP, GroupID: 0
MTU: 1500, Interface Desc: **CE-R1**
CV Type: LSPV [2]
Remote Label: 506
CV Type: LSPV [2]

Local Label: 506
CV Type: LSPV [2]
Remote Label: 206
CV Type: LSPV [2]

Local interface: Se1/0 up, line protocol up, PPP up
Output interface: Tu25, imposed label stack {206}
Next hop: point2point
Remote interface description: **CE-R1**
VC statistics:
254
Comprobamos la comunicacion entre sitios.

R6 Ser 1/0 123 R 7206VXR Ser 1/0
R1#ping 172.16.16.6 repeat 2

!!
R6#show cdp neighbors detail

-------------------------
Device ID: R1
Entry address(es):
IP address: 172.16.16.1
Platform: Cisco 7206VXR, Capabilities: Router
Interface: Serial1/0, Port ID (outgoing port): Serial1/0
Holdtime : 158 sec
Version :
Cisco IOS Software, 7200 Software (C7200-SPSERVICESK9-M), Version 15.0(1)M, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Wed 30-Sep-09 07:49 by prod_rel_team
advertisement version: 2
R6#ping 172.16.16.1
!!!!!
El comando show adjacency tunnel 25 detail muestra dos tipos de adyacencia: para MPLS (tráfico AToM PW), y para IP. El TAG
Tunnel1 tiene la cabecera IP y la cabecera GRE. La cabecera IP contiene en el campo protocol el tipo 47 (0x2F) correspondiente
a GRE.
Podemos apreciar las interfaces tunel origen y destino en formato hexadecimal (0A011702 y 0A012D05)
La cabecera GRE anuncia el protocolo MPLS con el tipo 0x8847 para el trafico unicast)
R2#show adjacency tunnel 25 detail

Protocol Interface Address
IP Tunnel25 point2point(8)
0 packets, 0 bytes
epoch 0
sourced in sev-epoch 0
Encap length 24
4500000000000000FF2F63C60A011702
0A012D0500000800
P2P-ADJ
Next chain element:
IP adj out of FastEthernet0/1, addr 10.1.23.3
255
TAG Tunnel25 point2point(3)

166 packets, 11435 bytes
epoch 0
sourced in sev-epoch 0
Encap length 24
4500000000000000FF2F63C60A011702
0A012D0500008847
P2P-ADJ
Next chain element:
IP adj out of FastEthernet0/1, addr 10.1.23.3
256
Sección L2TPv3
Pre LAB
Puesto que los tuneles L2TPv3 viajan sobre IPv4 no necesitamos intercambio de etiquetas, es decir MPLS/LDP.
R2
router bgp 1
address-family ipv4
network 10.0.0.2 mask 255.255.255.255
R3
router bgp 1
address-family ipv4
257
network 10.0.0.3 mask 255.255.255.255

R4
router bgp 1
address-family ipv4
network 10.0.0.4 mask 255.255.255.255
R5
router bgp 1
address-family ipv4
network 10.0.0.5 mask 255.255.255.255
R3#show ip bgp
r i10.0.0.2/32 10.0.0.2 0 100 0 i
r>i 10.0.0.2 0 100 0 i
*> 10.0.0.3/32 0.0.0.0 0 32768 i
r i10.0.0.4/32 10.0.0.4 0 100 0 i
r>i 10.0.0.4 0 100 0 i
r i10.0.0.5/32 10.0.0.5 0 100 0 i
r>i 10.0.0.5 0 100 0 i

2 BGP rrinfo entries using 48 bytes of memory
258


10.0.0.2 4 1 6 11 8 0 0 00:02:04 1
10.0.0.3 4 1 6 11 8 0 0 00:02:08 1
10.0.0.5 4 1 10 11 8 0 0 00:01:58 3
iBGP AS2
R6
router bgp 2
address-family ipv4
network 10.0.0.6 mask 255.255.255.255
R7
router bgp 2
address-family ipv4
network 10.0.0.7 mask 255.255.255.255


10.0.0.7 4 2 8 8 4 0 0 00:03:42 1
eBGP AS1/AS2/AS3
259
R4
router bgp 1
address-family ipv4
R5
router bgp 1
address-family ipv4
R6
router bgp 2
address-family ipv4
R7
router bgp 2
address-family ipv4
R8
router bgp 3
address-family ipv4
network 10.0.0.8 mask 255.255.255.255
R2#show ip bgp

*> 10.0.0.2/32 0.0.0.0 0 32768 i
r i10.0.0.3/32 10.0.0.3 0 100 0 i
r>i 10.0.0.3 0 100 0 i
r i10.0.0.4/32 10.0.0.4 0 100 0 i
260
r>i 10.0.0.4 0 100 0 i

r i10.0.0.5/32 10.0.0.5 0 100 0 i
r>i 10.0.0.5 0 100 0 i
* i10.0.0.6/32 10.0.0.5 0 100 0 2i
*>i 10.0.0.4 0 100 0 2i
* i10.0.0.7/32 10.0.0.5 0 100 0 2i
*>i 10.0.0.4 0 100 0 2i
*>i10.0.0.8/32 10.0.0.4 0 100 0 23i
*i 10.0.0.5 0 100 0 23i
R8#show ip bgp

* 10.0.0.2/32 10.1.68.6 0 21i
*> 10.1.78.7 0 21i
* 10.0.0.3/32 10.1.68.6 0 21i
*> 10.1.78.7 0 21i
* 10.0.0.4/32 10.1.68.6 0 21i
*> 10.1.78.7 0 21i
* 10.0.0.5/32 10.1.68.6 0 21i
*> 10.1.78.7 0 21i
* 10.0.0.6/32 10.1.68.6 0 0 2i
*> 10.1.78.7 0 2i
* 10.0.0.7/32 10.1.68.6 0 2i
*> 10.1.78.7 0 0 2i
*> 10.0.0.8/32 0.0.0.0 0 32768 i
R1
ip address 172.16.19.1 255.255.255.0
duplex full
no shut
R9
ip address 172.16.19.9 255.255.255.0
duplex full
no shut
R3
pseudowire-class INTER-L2TPV3
encapsulation l2tpv3
ip local interface Loopback0
no ip address
duplex full
no shutdown
xconnect 10.0.0.8 10 pw-class INTER-L2TPV3
261
R8
no ip address
duplex full
no shut
xconnect 10.0.0.3 10 pw-class INTER-L2TPV3

R3 Fas 0/0 150 R 7206VXR Fas 0/0
R9 Fas 0/0 170 R 7206VXR Fas 0/0

R1 Fas 0/0 146 R 7206VXR Fas 0/0
R8 Fas 0/0 146 R 7206VXR Fas 0/0
R3
no keepalive
no cdp enable
R8
no keepalive
no cdp enable
R3#clear cdp table

R9#clear cdp table

R9 Fas 0/0 158 R 7206VXR Fas 0/0
R1#ping 172.16.19.9
!!!!!
Establecer autentificacion para la sesion L2TPV3 R3/R8

EL protocolo L2TPv3 nos permite crear plantillas donde podemos definir algunos parametros relacionados con el tunnel L2TPv3.
Nota: Debemos configurar l2tp-class antes que el PW sea configurado.
262
R3(config-pw-class)#protocol l2tpv3 CLASS

L2TP class changes are not allowed on L2TP pw-class with Xconnects
R3
l2tp-class CLASS
authentication
password cisco
protocol l2tpv3 CLASS
R8
l2tp-class CLASS
authentication
password cisco
protocol l2tpv3 CLASS
R1#ping 172.16.19.9 repeat 122

!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!
!!!.!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!
R3#show l2tp tunnel all

L2TP Tunnel Information Total tunnels 1 sessions 1
Tunnel id 327864145 is up, remote id is 3719782486, 1 active sessions
Remotely initiated tunnel
Tunnel state is established, time since change 00:09:08
Tunnel transport is IP (115)
Remote tunnel name is R8
Internet Address 10.0.0.8, port 0
Local tunnel name is R3
Internet Address 10.0.0.3, port 0
L2TP class for tunnel is CLASS
Counters, taking last clear into account:
227 packets sent, 227 received
263
25085 bytes sent, 25068 received

Last clearing of counters never
Counters, ignoring last clear:
227 packets sent, 227 received
25085 bytes sent, 25068 received
Control Ns 4, Nr 15
Local RWS 1024 (default), Remote RWS 1024
Control channel Congestion Control is disabled
Tunnel PMTU checking disabled
Retransmission time 1, max 1 seconds
Unsent queuesize 0, max 0
Resend queuesize 0, max 1
Total resends 0, ZLB ACKs sent 12
Total out-of-order dropped pkts 0
Total out-of-order reorder pkts 0
Total peer authentication failures 0
Current no session pak queue check 0 of 5
Retransmit time distribution: 0 0 0 0 0 0 0 0 0
Control message authentication is disabled
R8#show l2tp
L2TP Tunnel and Session Information Total tunnels 1 sessions 1
LocTunID RemTunID Remote Name State Remote Address Sessn L2TP Class/
Count VPDN Group
3719782486 327864145 R3 est 10.0.0.3 1 CLASS
LocID RemID TunID Username, Intf/ State Last Chg Uniq ID
Vcid, Circuit
2124853625 541008331 3719782486 10, Fa0/0 est 00:10:45 9
R8#show xconnect peer 10.0.0.3 all

Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State
UP=Up DN=Down AD=Admin Down IA=Inactive
SB=Standby RV=Recovering NH=No Hardware
XC ST Segment 1 S1 Segment 2 S2
------+---------------------------------+--+---------------------------------+--
UP ac Fa0/0(Ethernet) UP l2tp 10.0.0.3:10 UP
264
Sección Multicast MPLS VPN
Pre LAB
MP-iBGP Malla Completa (full mesh)
R2
router bgp 1
265
R3
router bgp 1
R4
router bgp 1
R5
router bgp 1

10.0.0.2 4 1 4 2 1 0 0 00:00:50 0
10.0.0.3 4 1 4 3 1 0 0 00:00:50 0
266
10.0.0.5 4 1 2 2 1 0 0 00:00:29 0

10.0.0.2 4 1 5 4 1 0 0 00:01:36 0
10.0.0.3 4 1 5 4 1 0 0 00:01:34 0
10.0.0.4 4 1 5 4 1 0 0 00:01:41 0

10.0.0.3 4 1 6 6 1 0 0 00:03:23 0
10.0.0.4 4 1 6 6 1 0 0 00:02:55 0
10.0.0.5 4 1 5 6 1 0 0 00:02:29 0
VPN A Sitio 1. RT/RD 1:1. EIGRP 1 IGP PE-CE
R2
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 172.16.28.2 255.255.255.0
router eigrp 1
default-metric 10000 1000 255 1 1500
redistribute bgp 1
no auto-summary
network 172.16.0.0
autonomous-system 1
router bgp 1
R8
interface Loopback0
ip address 100.0.0.8 255.255.255.255
router eigrp 1
network 100.0.0.0
network 172.16.0.0
no auto-summary

(sec) (ms) Cnt Num
0 172.16.28.8 Fa0/0 10 00:01:03 94 564 0 3
267

Routing Table: A
R3
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 172.16.39.3 255.255.255.0
router eigrp 1
default-metric 10000 1000 255 1 1500
redistribute bgp 1
no auto-summary
network 172.16.0.0
autonomous-system 1
router bgp 1
R9
interface Loopback0
ip address 100.0.0.9 255.255.255.255
router eigrp 1
network 100.0.0.0
network 172.16.0.0
no auto-summary

Routing Table: A

Routing Table: A
R2
268
ip vrf forwarding A
ip vrf sitemap SOO
R3
ip vrf forwarding A
ip vrf sitemap SOO
R2#show ip bgp vpnv4 rd 1:1

*> 100.0.0.8/32 172.16.28.8 156160 32768 ?
*>i100.0.0.9/32 10.0.0.3 156160 100 0 ?
*> 172.16.28.0/24 0.0.0.0 0 32768 ?
*>i172.16.39.0/24 10.0.0.3 0 100 0 ?
* i172.16.89.0/24 10.0.0.3 30720 100 0 ?
*> 172.16.28.8 30720 32768 ?

*>i100.0.0.8/32 10.0.0.2 156160 100 0 ?
*> 100.0.0.9/32 172.16.39.9 156160 32768 ?
*>i172.16.28.0/24 10.0.0.2 0 100 0 ?
*> 172.16.39.0/24 0.0.0.0 0 32768 ?
*> 172.16.89.0/24 172.16.39.9 30720 32768 ?
*i 10.0.0.2 30720 100 0 ?
R2#show ip bgp vpnv4 all 100.0.0.8

1
Local
172.16.28.8 from 0.0.0.0 (10.0.0.2)
Extended Community: SoO:1:69 RT:1:1 Cost:pre-bestpath:128:156160
0x8800:32768:0 0x8801:1:130560 0x8802:65281:25600 0x8803:65281:1500
0x8806:0:2886752520
R3#show ip bgp vpnv4 all 100.0.0.8

Local
10.0.0.2 (metric 3) from 10.0.0.2 (10.0.0.2)
269

Extended Community: SoO:1:69 RT:1:1 Cost:pre-bestpath:128:156160
0x8800:32768:0 0x8801:1:130560 0x8802:65281:25600 0x8803:65281:1500
0x8806:0:2886752520
VPN A Sitio 2. RT/RD 1:2. EIGRP 1 IGP PE-CE
R4
ip vrf A
rd 1:2
ip vrf forwarding A
ip address 172.16.104.4 255.255.255.0
router eigrp 1
default-metric 10000 1000 255 1 1500
redistribute bgp 1
no auto-summary
network 172.16.0.0
autonomous-system 1
router bgp 1
R10
interface Loopback0
ip address 100.0.0.10 255.255.255.255
router eigrp 1
network 100.0.0.0
network 172.16.0.0
no auto-summary

R2
ip vrf A
R3
ip vrf A
270

1 172.16.104.4 88 msec
4 172.16.28.8 120 msec


*> 100.0.0.8/32 172.16.28.8 156160 32768 ?
*>i100.0.0.9/32 10.0.0.3 156160 100 0 ?
*>i100.0.0.10/32 10.0.0.4 156160 100 0 ?
*> 172.16.28.0/24 0.0.0.0 0 32768 ?
*>i172.16.39.0/24 10.0.0.3 0 100 0 ?
* i172.16.89.0/24 10.0.0.3 30720 100 0 ?
*> 172.16.28.8 30720 32768 ?
*>i172.16.104.0/24 10.0.0.4 0 100 0 ?
VPN B Sitio 3. RT/RD 1:3. OSPF 30 IGP PE-CE
R5
ip vrf B
rd 1:3
ip vrf forwarding B
ip address 192.168.100.5 255.255.255.0
ip ospf 20 area 0
router ospf 20 vrf B

router bgp 1
redistribute ospf 20 vrf B match internal external 1 external 2
R6
interface Loopback0
ip address 100.0.0.6 255.255.255.255
ip ospf 20 area 0
ip address 192.168.100.6 255.255.255.0
ip ospf 20 area 0
router ospf 20
271
router-id 100.0.0.6
R7
interface Loopback0
ip address 100.0.0.7 255.255.255.255
ip ospf 20 area 0
ip address 192.168.100.7 255.255.255.0
ip ospf 20 area 0
router ospf 20
router-id 100.0.0.7
R2
ip vrf A
R3
ip vrf A
R4
ip vrf A

*>i100.0.0.8/32 10.0.0.2 156160 100 0 ?
*>i100.0.0.9/32 10.0.0.3 156160 100 0 ?
*>i172.16.28.0/24 10.0.0.2 0 100 0 ?
*>i172.16.39.0/24 10.0.0.3 0 100 0 ?
*>i172.16.89.0/24 10.0.0.2 30720 100 0 ?
*i 10.0.0.3 30720 100 0 ?
*>i100.0.0.10/32 10.0.0.4 156160 100 0 ?
*>i172.16.104.0/24 10.0.0.4 0 100 0 ?
*> 100.0.0.6/32 192.168.100.6 2 32768 ?
*> 100.0.0.7/32 192.168.100.7 2 32768 ?
*>i100.0.0.8/32 10.0.0.2 156160 100 0 ?
*>i100.0.0.9/32 10.0.0.3 156160 100 0 ?
*>i100.0.0.10/32 10.0.0.4 156160 100 0 ?
*>i172.16.28.0/24 10.0.0.2 0 100 0 ?
*>i172.16.39.0/24 10.0.0.3 0 100 0 ?
*>i172.16.89.0/24 10.0.0.2 30720 100 0 ?
*>i172.16.104.0/24 10.0.0.4 0 100 0 ?
*> 192.168.100.0 0.0.0.0 0 32768 ?
Multicast Core. Source Specific Multicast SSM. SSM previene DoS, y simplifica la configuracion. Por defecto SSM verifica el
origen del flujo multicast para el rango 232.0.0.0 - 232.255.255.255. Podemos reducir este rango con el comando ip pim ssm
range ACL. Configurar BSR en R1.
272
R1
ip multicast-routing
ip pim ssm range 10
ip pim sparse-mode
ip pim sparse-mode
ip pim sparse-mode
ip pim sparse-mode
ip pim sparse-mode
ip pim bsr-candidate loopback 0

ip pim rp-candidate loopback 0
R2
ip pim ssm range 10
ip pim sparse-mode
ip pim sparse-mode
R3
ip pim ssm range 10
ip pim sparse-mode
ip pim sparse-mode
ip igmp join-group 231.0.0.3
R4
ip pim ssm range 10
ip pim sparse-mode
ip pim sparse-mode
273
R5
ip pim ssm range 10
ip pim sparse-mode
ip pim sparse-mode
R1#show ip pim neighbor

PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
P - Proxy Capable, S - State Refresh Capable, G - GenID Capable
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
10.1.12.2 FastEthernet0/0 00:01:41/00:01:32 v2 1 / DR S P G
R1#show ip pim interface

Address Interface Ver/ Nbr Query DR DR
Mode Count Intvl Prior
10.1.12.1 FastEthernet0/0 v2/S 1 30 1 10.1.12.2
10.1.13.1 FastEthernet0/1 v2/S 1 30 1 10.1.13.3
10.1.14.1 FastEthernet1/0 v2/S 1 30 1 10.1.14.4
10.1.15.1 FastEthernet2/0 v2/S 1 30 1 10.1.15.5
10.0.0.1 Loopback0 v2/S 0 30 1 10.0.0.1
R2#ping 231.0.0.3
Reply to request 0 from 10.1.13.3, 148 ms
Multicast VPN A Sitio1
R2
ip multicast-routing vrf A
ip pim sparse-mode
ip vrf A
rd 1:1
mdt default 239.1.2.2
R8
interface Loopback0
ip address 100.0.0.8 255.255.255.255
ip pim sparse-mode
274
ip address 172.16.28.8 255.255.255.0
ip pim sparse-mode
R2#show ip pim vrf A interface

172.16.28.2 FastEthernet0/0 v2/S 1 30 1 172.16.28.8
10.0.0.2 Tunnel0 v2/S 0 30 1 10.0.0.2
R3
ip pim sparse-mode
ip vrf A
rd 1:1
R2#show ip pim vrf A interface tunnel 0

10.0.0.2 Tunnel0 v2/S 0 30 1 10.0.0.2
R3#show ip pim vrf A interface tunnel 0

10.0.0.3 Tunnel0 v2/S 0 30 1 10.0.0.3
R9
interface Loopback0
ip address 100.0.0.9 255.255.255.255
ip pim sparse-mode
ip address 172.16.39.9 255.255.255.0
ip pim sparse-mode

100.0.0.9 Loopback0 v2/S 0 30 1 100.0.0.9
172.16.39.9 FastEthernet0/0 v2/S 1 30 1 172.16.39.9
Multicast VPN A Sitio2
R4
275
ip pim sparse-mode
ip vrf A
rd 1:2
R10
interface Loopback0
ip address 100.0.0.10 255.255.255.255
ip pim sparse-mode
ip address 172.16.104.10 255.255.255.0
ip pim sparse-mode

172.16.104.4 FastEthernet0/0 v2/S 1 30 1 172.16.104.10
10.0.0.4 Tunnel0 v2/S 0 30 1 10.0.0.4
R4#show ip pim vrf A neighbor

PIM Neighbor Table
Address Prio/Mode
172.16.104.10 FastEthernet0/0 00:01:48/00:01:24 v2 1 / DR S G
R2
ip pim vrf A rp-address 100.0.0.8
R3
R4
R8
ip pim rp-address 100.0.0.8
R9
interface Loopback0
ip address 100.0.0.9 255.255.255.255
ip pim sparse-mode
276
R10
R2#show ip pim vrf A tunnel verbose

Tunnel2
Type : PIM Encap
RP : 100.0.0.8
Source: 172.16.28.2
Refcnt: 0
R8#ping 239.1.1.9
R9#show ip pim rp
Group: 239.1.1.9, RP: 100.0.0.8, v2, uptime 00:44:11, expires never
277
Sección Inter-AS MP-eBGP
Pre LAB
MP-iBGP Sitio 1
R3 -> RR. Usar Peer-Group AS1
R3
router bgp 1
278
R2
router bgp 1
R4
router bgp 1


10.0.0.2 4 1 27 26 1 0 0 00:20:37 0
10.0.0.4 4 1 2 2 1 0 0 00:00:02 0
MP-iBGP Sitio 1
R6 -> RR. Usar Peer-Group AS2
R6
router bgp 2
R5
router bgp 2
279

R7
router bgp 2


10.0.0.5 4 2 2 2 1 0 0 00:00:21 0
10.0.0.7 4 2 2 2 1 0 0 00:00:02 0
LSP
MP-eBGP
la configuracion de MP-eBGP es directa pero debemos considerar que:
Los ASBRs rechazaran cualquier VPN que no tengan configurada, a menos que sean un RR.
Puesto que se trata de intercambio de prefijos vpnv4 entre sitios, el ASBR debe redistribuir el next-hop del AS vecino o
publicarse como next-hop.
Nota: El proceso BGP habilitará automaticamente la interface entre AS para MPLS
R4
router bgp 1
R5
router bgp 2
%BGP_LMM-6-AUTOGEN1: The mpls bgp forwarding command has been configured on interface: FastEthernet0/1
280


10.0.0.3 4 1 15 16 1 0 0 00:12:36 0
10.1.45.5 4 2 5 5 1 0 0 00:01:32 0
VPN A Sitio 1
R2
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 172.16.12.2 255.255.255.0
R2#pi vrf A 172.16.12.1

.!!!!
R2
router bgp 1
R1
router bgp 3
address-family ipv4
network 100.0.0.1 mask 255.255.255.255


*> 100.0.0.1/32 172.16.12.1 0 0 3i
*> 172.16.12.0/24 0.0.0.0 0 32768 ?
281
R2#ping vrf A 100.0.0.1

!!!!!
VPN A Sitio 2
R7
ip vrf A
rd 1:2
ip vrf forwarding A
ip address 172.16.78.7 255.255.255.0
R7#ping vrf A 172.16.78.8

!!!!!
R7
router bgp 2
R8
router bgp 4
address-family ipv4
network 100.0.0.8 mask 255.255.255.255

172.16.78.7 4 2 5 5 4 0 0 00:00:07 1
282
Las rutas de cada se instalarán en los PEs, los RR, pero no en los ASBRs


*> 100.0.0.1/32 172.16.12.1 0 0 3i
*> 172.16.12.0/24 0.0.0.0 0 32768 ?


*>i100.0.0.1/32 10.0.0.2 0 100 0 3i
*>i172.16.12.0/24 10.0.0.2 0 100 0 ?


*> 100.0.0.8/32 172.16.78.8 0 04i
*> 172.16.78.0/24 0.0.0.0 0 32768 ?


*>i100.0.0.8/32 10.0.0.7 0 100 0 4 i
*>i172.16.78.0/24 10.0.0.7 0 100 0 ?

No hay prefijos instalados

No hay prefijos instalados
283
Para que exista comunicacion entre sitios debemos deshabilitar en los ASBRs el filtro RT por defecto con el comando no bgp
default route-target filter.
R5#debug bgp vpnv4 unicast updates in

BGP updates debugging is on (inbound) for address family: VPNv4 Unicast
R5#clear ip bgp * soft
BGP(4): 10.0.0.6 rcvd UPDATE w/ attr: nexthop 10.0.0.7, origin i, localpref 100, metric 0, originator 10.0.0.7, clusterlist
10.0.0.6, merged path 4, AS_PATH , extended community RT:1:2
BGP(4): 10.0.0.6 rcvd 1:2:100.0.0.8/32, label 718 -- DENIED due to: extended community not supported;
BGP(4): 10.0.0.6 rcvd UPDATE w/ attr: nexthop 10.0.0.7, origin ?, localpref 100, metric 0, originator 10.0.0.7, clusterlist
10.0.0.6, extended community RT:1:2
BGP(4): 10.0.0.6 rcvd 1:2:172.16.78.0/24, label 717 -- DENIED due to: extended community not supported;
R4
router bgp 1
R5
router bgp 2
BGP(4): 10.0.0.6 NEXT_HOP is on same subnet as the bgp peer and set to 10.1.45.4 for net 1:1:100.0.0.1/32, flags 0, sb: 0,
mask: 0
BGP(4): 10.0.0.6 NEXT_HOP is on same subnet as the bgp peer and set to 10.1.45.4 for net 1:1:172.16.12.0/24, flags 0, sb: 0,
mask: 0
BGP(4): 10.0.0.6 rcvd UPDATE w/ attr: nexthop 10.0.0.7, origin i, localpref 100, metric 0, originator 10.0.0.7, clusterlist
10.0.0.6, merged path 4, AS_PATH , extended community RT:1:2
BGP(4): 10.0.0.6 rcvd 1:2:100.0.0.8/32, label 718...duplicate ignored
BGP(4): 10.0.0.6 rcvd UPDATE w/ attr: nexthop 10.0.0.7, origin ?, localpref 100, metric 0, originator 10.0.0.7, clusterlist
10.0.0.6, extended community RT:1:2
R5#
BGP(4): 10.1.45.4 rcvd UPDATE w/ attr: nexthop 10.1.45.4, origin i, merged path 1 3, AS_PATH , extended community
RT:1:1
BGP(4): 10.1.45.4 rcvd UPDATE w/ attr: nexthop 10.1.45.4, origin ?, merged path 1, AS_PATH , extended community
RT:1:1


*>i100.0.0.1/32 10.0.0.2 0 100 0 3 i
*>i172.16.12.0/24 10.0.0.2 0 100 0 ?
*> 100.0.0.8/32 10.1.45.5 024i
*> 172.16.78.0/24 10.1.45.5 02?
284


*> 100.0.0.1/32 10.1.45.4 013i
*> 172.16.12.0/24 10.1.45.4 01?
*>i100.0.0.8/32 10.0.0.7 0 100 0 4 i
*>i172.16.78.0/24 10.0.0.7 0 100 0 ?


*>i100.0.0.1/32 10.0.0.2 0 100 0 3 i
*>i172.16.12.0/24 10.0.0.2 0 100 0 ?
* i100.0.0.8/32 10.1.45.5 0 100 0 2 4 i
* i172.16.78.0/24 10.1.45.5 0 100 0 2 ?


*> 100.0.0.1/32 172.16.12.1 0 03i
*> 172.16.12.0/24 0.0.0.0 0 32768 ?
R3 (el Route-Reflector) instala las rutas recibidas desde R4 (ASBR), pero R4 no cambia el next-hop como indicamos
anteriormente. Esto impide que R3 refleje las rutas a R2.
En R4 y R5 usamos el comando next-hop-self para la familia VPNv4.
R4
router bgp 1
R5
router bgp 2

285

*>i100.0.0.8/32 10.0.0.4 0 100 0 24i
*>i172.16.78.0/24 10.0.0.4 0 100 0 2?

*>i100.0.0.1/32 10.0.0.5 0 100 0 1 3 i
*>i172.16.12.0/24 10.0.0.5 0 100 0 1 ?
Pruebas VPNA
R1#sh ip route bgp

B 100.0.0.8 [20/0] via 172.16.12.2, 00:01:50
B 172.16.78.0/24 [20/0] via 172.16.12.2, 00:01:50

1 172.16.12.2 [AS 1] 84 msec
7 172.16.78.8 [AS 2] 276 msec
R8#sh ip route bgp

B 100.0.0.1 [20/0] via 172.16.78.7, 00:06:56
B 172.16.12.0/24 [20/0] via 172.16.78.7, 00:06:56

1 172.16.78.7 [AS 2] 76 msec
7 172.16.12.1 [AS 1] 316 msec
286
Cualquier VPN que creemos establecerse sin problemas porque hemos configurado un LSP desde los Provider Edge R2 y R7.
VPN B Sitio 1
RT/RD 2:1
R2
ip vrf B
rd 2:1
ip vrf forwarding B
ip address 172.16.29.2 255.255.255.0
R2#ping vrf B 172.16.29.9

.!!!!
R2
router bgp 1
R9
router bgp 100
address-family ipv4
network 200.0.0.9 mask 255.255.255.255

10.0.0.3 4 1 110 104 9 0 0 01:25:55 2
172.16.12.1 4 3 55 57 9 0 0 00:44:54 1
172.16.29.9 4 100 5 5 9 0 0 00:00:44 1

287


*>i172.16.29.0/24 10.0.0.2 0 100 0 ?
*>i200.0.0.9/32 10.0.0.2 0 100 0 100 i


*> 172.16.29.0/24 10.1.45.4 01?
*> 200.0.0.9/32 10.1.45.4 0 1 100 i
VPN B Sitio 12
RT/RD 2:2
R7
ip vrf B
rd 2:2
ip vrf forwarding B
ip address 172.16.107.7 255.255.255.0
R7#ping vrf B 172.16.107.10

.!!!!
R7
router bgp 2
R8
router bgp 100
address-family ipv4
network 200.0.0.10 mask 255.255.255.255
288
R9#sh ip route bgp

B 172.16.107.0/24 [20/0] via 172.16.29.2, 00:02:42
B 200.0.0.10 [20/0] via 172.16.29.2, 00:00:44
R10#sh ip route bgp

B 172.16.29.0/24 [20/0] via 172.16.107.7, 00:00:56
B 200.0.0.9 [20/0] via 172.16.107.7, 00:00:56

1 172.16.29.2 [AS 1] 64 msec
7 172.16.107.10 [AS 2] 412 msec

1 172.16.107.7 [AS 2] 72 msec
7 172.16.29.9 [AS 1] 316 msec
Teoría: Publicacion de etiquetas MPLS BGP.

197

100.0.0.1/32 10.0.0.2 418/218
172.16.12.0/24 10.0.0.2 419/217
100.0.0.8/32 10.1.45.5 420/518
172.16.78.0/24 10.1.45.5 421/519
172.16.29.0/24 10.0.0.2 422/219
200.0.0.9/32 10.0.0.2 423/220
172.16.107.0/24 10.1.45.5 424/524
200.0.0.10/32 10.1.45.5 425/525

289

100.0.0.1/32 10.1.45.4 520/418
172.16.12.0/24 10.1.45.4 521/419
100.0.0.8/32 10.0.0.7 518/718
172.16.78.0/24 10.0.0.7 519/717
172.16.29.0/24 10.1.45.4 522/422
200.0.0.9/32 10.1.45.4 523/423
172.16.107.0/24 10.0.0.7 524/719
200.0.0.10/32 10.0.0.7 525/720

100.0.0.1/32 172.16.12.1 218/nolabel
100.0.0.8/32 10.0.0.4 nolabel/420
172.16.12.0/24 0.0.0.0 217/nolabel(A)
172.16.78.0/24 10.0.0.4 nolabel/421
100.0.0.8/32 10.0.0.4 nolabel/420
172.16.78.0/24 10.0.0.4 nolabel/421
Route Distinguisher: 2:1 (B)
172.16.29.0/24 0.0.0.0 219/nolabel(B)
172.16.107.0/24 10.0.0.4 nolabel/424
200.0.0.9/32 172.16.29.9 220/nolabel
200.0.0.10/32 10.0.0.4 nolabel/425
172.16.107.0/24 10.0.0.4 nolabel/424
200.0.0.10/32 10.0.0.4 nolabel/425

100.0.0.1/32 10.0.0.2 nolabel/218
172.16.12.0/24 10.0.0.2 nolabel/217
100.0.0.8/32 10.0.0.4 nolabel/420
172.16.78.0/24 10.0.0.4 nolabel/421
172.16.29.0/24 10.0.0.2 nolabel/219
200.0.0.9/32 10.0.0.2 nolabel/220
172.16.107.0/24 10.0.0.4 nolabel/424
200.0.0.10/32 10.0.0.4 nolabel/425

100.0.0.1/32 10.0.0.5 nolabel/520
172.16.12.0/24 10.0.0.5 nolabel/521
100.0.0.8/32 10.0.0.7 nolabel/718
172.16.78.0/24 10.0.0.7 nolabel/717
290
172.16.29.0/24 10.0.0.5 nolabel/522

200.0.0.9/32 10.0.0.5 nolabel/523
172.16.107.0/24 10.0.0.7 nolabel/719
200.0.0.10/32 10.0.0.7 nolabel/720

100.0.0.1/32 10.0.0.5 nolabel/520
172.16.12.0/24 10.0.0.5 nolabel/521
100.0.0.1/32 10.0.0.5 nolabel/520
100.0.0.8/32 172.16.78.8 718/nolabel
172.16.12.0/24 10.0.0.5 nolabel/521
172.16.78.0/24 0.0.0.0 717/nolabel(A)
172.16.29.0/24 10.0.0.5 nolabel/522
200.0.0.9/32 10.0.0.5 nolabel/523
Route Distinguisher: 2:2 (B)
172.16.29.0/24 10.0.0.5 nolabel/522
172.16.107.0/24 0.0.0.0 719/nolabel(B)
200.0.0.9/32 10.0.0.5 nolabel/523
200.0.0.10/32 172.16.107.10 720/nolabel
291
Seción Inter-AS: MP-eBGP Multi-hop RRs Option 3 con AS Intermedio.
AS1 y AS2 deben entregar servicios VPN L3 entre sitio 1 y sitio 2. Sin embargo no existe comunicación directa entre AS1 y AS2.
El desafío es poder comunicar AS1 y AS2 utilizando un AS intermedio (AS100) sin que este deba formar sesión MP-eBGP con
AS1 y AS2.
Para lograr el objetivo se deben cumplir dos cosas:
1.Debe existir un Label Switching Path (LSP) entre los Provider Edges R2 y R7.
2.Los ID de R2 y R7 deben ser publicados en todos los ASs con sus etiquetas asociadas (transportados por iBGP o por IGP).
1ª IGP/MPLS
IGP AS1
Configuracion IGP OSPF
R2
interface Loopback0
ip address 10.0.0.2 255.255.255.255
ip ospf 1 area 0
ip address 10.1.23.2 255.255.255.0
ip ospf 1 area 0
router ospf 1
router-id 10.0.0.2
R3
interface Loopback0
ip address 10.0.0.3 255.255.255.255
ip ospf 1 area 0
292
ip address 10.1.34.3 255.255.255.0
ip ospf 1 area 0
ip address 10.1.23.3 255.255.255.0
ip ospf 1 area 0
router ospf 1
router-id 10.0.0.3
R4
interface Loopback0
ip address 10.0.0.4 255.255.255.255
ip ospf 1 area 0
ip address 10.1.34.4 255.255.255.0
ip ospf 1 area 0
router ospf 1
router-id 10.0.0.4
Usamos un ping extendido para comprobar conectividad dentro del AS1.

Conectividad IGP OSPF
R2#sh ip route ospf


!!!!!

!!!!!
293
MPLS AS1
Asignaremos estáticamente las etiquetas MPLS. Para esto debemos mapear los router ID a labels. Por ejemplo en R2 usamos el
comando
mpls label range 215 299 static 200 214: El rango de de etiquetas (labels) 215 a 299 es asignado aleatoriamente por el proceso
LDP, el rango 200 a 214 es para el mapeo ID-> label que haremos nosotros. Establecer mapeo estático nos ayudará a entender
como trabaja MPLS a través del Label Switching Path (LSP).
Configuracion MPLS LDP
R2
ip cef
mpls ip
mpls ip
R3
ip cef
mpls ip
mpls ip
mpls ip
R4
ip cef
mpls ip
294

mpls ip

10.0.0.3:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.4:0
LDP Id: 10.0.0.2:0
Pruebas MPLS LDP

203 Pop Label 10.0.0.3/32 0 Fa0/1 10.1.23.3
204 304 10.0.0.4/32 0 Fa0/1 10.1.23.3
205 No Label 10.0.0.5/32 0 drop
206 No Label 10.0.0.6/32 0 drop
207 No Label 10.0.0.7/32 0 drop
209 No Label 10.0.0.9/32 0 drop
210 No Label 10.0.0.10/32 0 drop
211 No Label 10.0.0.11/32 0 drop
212 No Label 10.0.0.12/32 0 drop
215 Pop Label 10.1.34.0/24 0 Fa0/1 10.1.23.3
R2#show mpls forwarding-table | e No L

203 Pop Label 10.0.0.3/32 0 Fa0/1 10.1.23.3
204 304 10.0.0.4/32 0 Fa0/1 10.1.23.3
215 Pop Label 10.1.34.0/24 0 Fa0/1 10.1.23.3
R2#show mpls label range

Downstream Generic label region: Min/Max label: 215/299
Range for static labels: Min/Max label: 200/214
IGP + MPLS AS2
295
Configuracion IGP + MPLS/LDP AS2
R5
ip cef
mpls ip
router ospf 2
router-id 10.0.0.5
interface Loopback0
ip address 10.0.0.5 255.255.255.255
ip ospf 2 area 0
ip address 10.1.56.5 255.255.255.0
ip ospf 2 area 0
mpls ip
R6
ip cef
mpls ip
router ospf 2
router-id 10.0.0.6
interface Loopback0
ip address 10.0.0.6 255.255.255.255
ip ospf 2 area 0
296
ip address 10.1.56.6 255.255.255.0
ip ospf 2 area 0
mpls ip
ip address 10.1.67.6 255.255.255.0
ip ospf 2 area 0
mpls ip
R7
ip cef
mpls ip
router ospf 2
router-id 10.0.0.7
interface Loopback0
ip address 10.0.0.7 255.255.255.255
ip ospf 2 area 0
ip address 10.1.67.7 255.255.255.0
ip ospf 2 area 0
mpls ip

10.0.0.6:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.5:0
LDP Id: 10.0.0.7:0
IGP + MPLS AS100
297
Nota: Podemos utilizar cualquier IGP (EIGRP, RIPv2, OSPF, IS-IS), salvo que implementemos MPLS TE, en cuyo caso IS-IS y
OSPF son las únicas posibilidades (Extensiones TE). Hemos elegido IS-IS por estabilidad, escalabilidad, tiempos de respuesta, no
propietario, etc.…)
R9
ip cef
mpls ip
ip router isis
mpls ip
ip router isis
mpls ip
router isis
mpls ldp autoconfig level-2
net 47.0100.0000.0000.0009.00
metric-style wide
R10
ip cef
mpls ip
ip router isis
298
mpls ip
ip router isis
mpls ip
router isis
net 47.0100.0000.0000.0010.00
metric-style wide
R11
ip cef
mpls ip
ip router isis
mpls ip
ip router isis
mpls ip
ip router isis
mpls ip
router isis
net 47.0100.0000.0000.0011.00
metric-style wide
R12
ip cef
mpls ip
299

ip router isis
mpls ip
ip router isis
mpls ip
ip router isis
mpls ip
router isis
net 47.0100.0000.0000.0012.00
metric-style wide

R9 L2 Fa0/0 10.1.119.9 UP 25 00
R10 L2 Fa1/0 10.1.110.10 UP 26 01
R12 L2 Fa0/1 10.1.112.12 UP 22 01

R9 L2 Fa1/0 10.1.129.9 UP 29 01
R10 L2 Fa0/0 10.1.102.10 UP 23 00
R11 L2 Fa0/1 10.1.112.11 UP 22 01

10.0.0.11:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.9:0
LDP Id: 10.0.0.12:0
LDP Id: 10.0.0.10:0
300

10.0.0.12:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.10:0
LDP Id: 10.0.0.11:0
LDP Id: 10.0.0.9:0
R11#sh ip route isis


2ª iBGP
Esta sección comprende el establecimiento de sesiones BGP dentro de los ASs, y publicación de las loopbacks 0. La disposición de
los router bgp se muestra a continuación:
- AS1 RR -> R3, R2 y R4 client.

- AS2 RR -> R6, R5 y R7 client.
- AS100 RR -> R11 y R12, R9 y R10 client.
R2
router bgp 1
!
address-family ipv4
no synchronization
network 10.0.0.2 mask 255.255.255.255
301

no auto-summary
exit-address-family
R3
router bgp 1
neighbor AS1 description INTERNOS-AS1
!
address-family ipv4
no synchronization
network 10.0.0.3 mask 255.255.255.255
no auto-summary
exit-address-family
R4
router bgp 1
!
address-family ipv4
no synchronization
network 10.0.0.4 mask 255.255.255.255
no auto-summary
exit-address-family


10.0.0.2 4 1 7 8 6 0 0 00:02:22 1
10.0.0.4 4 1 5 8 6 0 0 00:00:32 1
302
Configuracion AS2 iBGP
R5
router bgp 2
!
address-family ipv4
no synchronization
network 10.0.0.5 mask 255.255.255.255
no auto-summary
exit-address-family
R6
router bgp 2
!
address-family ipv4
no synchronization
network 10.0.0.6 mask 255.255.255.255
no auto-summary
exit-address-family
R7
router bgp 2
!
address-family ipv4
no synchronization
network 10.0.0.7 mask 255.255.255.255
no auto-summary
exit-address-family

303


10.0.0.5 4 2 6 8 6 0 0 00:01:46 1
10.0.0.7 4 2 5 8 6 0 0 00:00:29 1
Configuracion AS100 iBGP
R9
router bgp 100
!
address-family ipv4
no synchronization
network 10.0.0.9 mask 255.255.255.255
no auto-summary
exit-address-family
R10
router bgp 100
!
address-family ipv4
no synchronization
network 10.0.0.10 mask 255.255.255.255
no auto-summary
exit-address-family
R11
router bgp 100
304

address-family ipv4
no synchronization
network 10.0.0.11 mask 255.255.255.255
no auto-summary
exit-address-family
R12
router bgp 100
address-family ipv4
no synchronization
network 10.0.0.12 mask 255.255.255.255
no auto-summary
exit-address-family


10.0.0.9 4 100 26 30 26 0 0 00:17:33 1
10.0.0.10 4 100 26 32 26 0 0 00:17:34 1
10.0.0.12 4 100 32 31 26 0 0 00:17:41 3

305


10.0.0.9 4 100 26 33 26 0 0 00:18:09 1
10.0.0.10 4 100 27 33 26 0 0 00:18:09 1
10.0.0.11 4 100 32 33 26 0 0 00:17:57 3
306
3ª eBGP y MP-BGP
Implementamos MP-iBGP en AS1 y AS2.
AS100 no necesita MP-iBGP porque actúa como AS intermedio (solo tráfico IPv4)
R2
router bgp 1
exit-address-family
R3
router bgp 1


10.0.0.2 4 1 16 16 1 0 0 00:11:16 0
10.0.0.4 4 1 12 11 1 0 0 00:09:00 0
R4
router bgp 1
exit-address-family
R5
router bgp 2
307
exit-address-family
R6
router bgp 2
exit-address-family
R7
router bgp 2
exit-address-family


10.0.0.5 4 2 6 6 1 0 0 00:02:16 0
10.0.0.7 4 2 4 3 1 0 0 00:01:23 0
- Debe existir Label Switching Path (LSP) entre los Provider Edges R2 y R7.
Ahora podemos formar el LSP extremo-extremo entre los Provider Edge R2 y R7. AS100 es intermedio y no participa en BGP
VPN, pero si en IPv4 BGP.
En R4 especificamos los prefijos que serán parte del LSP. Como AS100 es un AS de tránsito envía prefijos y etiquetas asociadas a
prefijos de ambos AS, en otras palabras, no usamos un route-map para limitar prefijos + label.
Es importante que el envío de labels a través en BGP se especifique en todo el trayecto, de otra forma el LSP quedará
particionado.
Nota: Cuando se forma una sesión eBGP entre vecinos directamente conectados que intercambias prefijos IPv4 + labels, el
proceso crea automáticamente el comando mpls bgp forwarding en la interface. Si usamos ebgp-multihop, por ejemplo al
hacer load sharing eBGP debemos configurar manualmente el comando en la interface.
R2
router bgp 1
address-family ipv4
neighbor 10.0.0.3 send-label
R3
router bgp 1
address-family ipv4
neighbor AS1 send-label
R4
ip prefix-list AS1 seq 5 permit 10.0.0.2/32
!
route-map LABELS permit 10
308
match ip address prefix-list AS1

set mpls-label
router bgp 1
!
address-family ipv4
neighbor 10.1.49.9 route-map LABELS out
R9
router bgp 100
!
address-family ipv4
R7
router bgp 2
address-family ipv4
R6
router bgp 2
address-family ipv4
R5
!
route-map LABELS permit 10
match ip address prefix-list AS2
set mpls-label
router bgp 2
!
address-family ipv4
neighbor 10.1.105.10 route-map LABELS out
R10
router bgp 100
!
address-family ipv4
309
Comprobamos que el LSP esté creado entre los PEs utilizando traceroute desde el PE R2 al PE R7.

5 10.1.110.10 396 msec
8 10.1.67.7 700 msec
Tenemos conectividad IP end-to-end pero el LSP se rompe en el AS100. Para resolver este problema los LSRs del AS100 deben
enviar labels BGP en AS100.
R9
router bgp 100
address-family ipv4
R10
router bgp 100
address-family ipv4
R11
router bgp 100
address-family ipv4
R12
router bgp 100
address-family ipv4
Comprobamos nuevamente el LSP entre los PEs R2 y R7. Como el LSP es unidireccional las pruebas debemos hacerlas desde cada
extremo.
Nota: En la tabla LFIB un campo label indicando No Label es un problema con los prefijos IPv4.

203 Pop Label 10.0.0.3/32 0 Fa0/1 10.1.23.3
204 304 10.0.0.4/32 0 Fa0/1 10.1.23.3
205 405 10.0.0.5/32 0 Fa0/1 10.1.23.3
206 406 10.0.0.6/32 0 Fa0/1 10.1.23.3
207 407 10.0.0.7/32 0 Fa0/1 10.1.23.3
209 409 10.0.0.9/32 0 Fa0/1 10.1.23.3
210 410 10.0.0.10/32 0 Fa0/1 10.1.23.3
211 411 10.0.0.11/32 0 Fa0/1 10.1.23.3
310
212 412 10.0.0.12/32 0 Fa0/1 10.1.23.3

215 Pop Label 10.1.34.0/24 0 Fa0/1 10.1.23.3

8 10.1.67.7 496 msec

702 502 10.0.0.2/32 0 Fa0/1 10.1.67.6
703 503 10.0.0.3/32 0 Fa0/1 10.1.67.6
704 504 10.0.0.4/32 0 Fa0/1 10.1.67.6
705 605 10.0.0.5/32 0 Fa0/1 10.1.67.6
706 Pop Label 10.0.0.6/32 0 Fa0/1 10.1.67.6
709 509 10.0.0.9/32 0 Fa0/1 10.1.67.6
710 510 10.0.0.10/32 0 Fa0/1 10.1.67.6
711 511 10.0.0.11/32 0 Fa0/1 10.1.67.6
712 512 10.0.0.12/32 0 Fa0/1 10.1.67.6
715 Pop Label 10.1.56.0/24 0 Fa0/1 10.1.67.6

8 10.1.23.2 748 msec
Está formado el LSP, sin embargo queda un paso más: Establecer las sesiones EBGP-MULTIHOP entre RRs.
Podemos o no cambiar el next-hop de los prefijos vpnv4 que publiquen los RRs porque tenemos conectividad completa entre
LSRs.
R3
router bgp 1
neighbor 10.0.0.6 ebgp-multihop 255
neighbor 10.0.0.6 next-hop-unchanged
R6
router bgp 2
neighbor 10.0.0.3 ebgp-multihop 255
311
neighbor 10.0.0.3 next-hop-unchanged


10.0.0.2 4 1 85 85 1 0 0 01:13:47 0
10.0.0.4 4 1 81 79 1 0 0 01:11:30 0
10.0.0.6 4 2 7 7 1 0 0 00:03:16 0
4ª Instancia VRF. IGP PE-CE. Redistribución IGP <->MP-iBGP.
AS1 solo acepta RT 1:1, pero AS2 exporta los prefios vpnv4 con el RT 1:2. Como el prefijo debe viajar desde el PE de AS2 (R7)
al PE de AS1 (R2), en algun lugar del trayecto debemos reemplazar el RT 2:1 a 1:1 o el prefijo vpnv4 no se instalará el la tabla del
Provider Edge R2.
De acuerdo, la sintaxis de la vrf es distinta, pero tiene sentido si queremos usar la misma VRF-RD para IPv4 e IPv6.
R2
vrf definition A
rd 1:1
!
address-family ipv4
312

exit-address-family
vrf forwarding A
ip address 172.16.12.2 255.255.255.0
ip ospf 100 area 0

router bgp 1
no synchronization
exit-address-family
R1
interface Loopback0
ip address 100.0.0.1 255.255.255.255
ip ospf 100 area 0
ip address 172.16.12.1 255.255.255.0
ip ospf 100 area 0
router ospf 100

router-id 100.0.0.1
passive-interface loopback 0


R7
vrf definition A
rd 2:1
!
address-family ipv4
exit-address-family
vrf forwarding A
ip address 172.16.78.7 255.255.255.0
ip ospf 100 area 0

313
router bgp 2
R8
ip address 172.16.78.8 255.255.255.0
ip ospf 100 area 0
interface Loopback0
ip address 100.0.0.8 255.255.255.255
ip ospf 100 area 0
router ospf 100

router-id 100.0.0.8

Como podemos apreciar, R3 es el RR del AS1 y está publicando los prefijos del Sitio 2 a R2. R2 no es capaz de instalarlos porque
no coincide el route-target import configurado en la vrf A.
R3#show bgp vpnv4 unicast all neighbors 10.0.0.2 advertised-routes

Originating default network 0.0.0.0

*>i100.0.0.1/32 10.0.0.2 2 100 0 ?
*>i172.16.12.0/24 10.0.0.2 0 100 0 ?
*> 100.0.0.8/32 10.0.0.7 0 2?
*> 172.16.78.0/24 10.0.0.7 0 2?
Total number of prefixes 4


*> 100.0.0.1/32 172.16.12.1 2 32768 ?
*> 172.16.12.0/24 0.0.0.0 0 32768 ?
314
R3 publica los prefijos desde AS2, pero R2 no lo instala porque no reconoce las actualizaciones que tengan un RT distinto de 1:1.
R3#show bgp vpnv4 unicast all 100.0.0.8

4
2
10.0.0.7 (metric 2) from 10.0.0.6 (10.0.0.6)
Origin incomplete, localpref 100, valid, external, best

NO HAY PREFIJO INSTALADO
La solución es reemplazar o reescribir (RT ReWrite)) el valor del RT publicado por R7 de 2:1 a 1:1. El lugar que escojamos
dependerá de las políticas que tengan los ISP. Por ejemplo se ha establecido que el RT 2:1 solo puedas ser visible entre el RR y el
PE de AS2.
R6
route-map FILTRADO-RT permit 10

match extcommunity 10
set extcomm-list 10 delete
set extcommunity rt 1:1 additive
router bgp 2
neighbor 10.0.0.3 route-map FILTRADO-RT out
R6 recibe el prefijo vpnv4 con el valor RT 2:1, y publica a R6 el mismo prefijo pero cambiando el RT de 2:1 a 1:1. R3 refleja el
prefijo y lo publica a R2, este ve en la actualización el RT 1:1 e instala el prefijo en su tabla.

4 6
Local, (Received from a RR-client)
10.0.0.7 (metric 2) from 10.0.0.7 (10.0.0.7)

315
4
2
10.0.0.7 (metric 2) from 10.0.0.6 (10.0.0.6)

*> 100.0.0.1/32 172.16.12.1 2 32768 ?
*>i100.0.0.8/32 10.0.0.7 0 100 0 2 ?
*> 172.16.12.0/24 0.0.0.0 0 32768 ?
*>i172.16.78.0/24 10.0.0.7 0 100 0 2 ?
5ª Pruebas entre sitios

Finalmente los prefijos son instalados en el PE R2 y este los publica al CE R1.
R1#sh ip route ospf


1 172.16.12.2 40 msec
10 172.16.78.8 504 msec
R8#sh ip route ospf


1 172.16.78.7 76 msec
316

10 172.16.12.1 520 msec
Dos cosas antes de finalzar este laboratorio. Normalmente los prefijos MPLS VPN llevan dos etiquetas; la superior identifica el
prefijo y IGP del LSR y la bottom label que corresponde al prefijo vpnv4. Al utilizar el comando traceroute notamos que
cualquiera de los PEs (R2 o R7) agregan una tercera etiqueta. No es un error, esta es una etiqueta IGP asociada al AS.
Tambien es notar que la etiquetas de la vpnv4 (716) no cambia en todo el LSP.
R1 R2 R3 R4 R9 R11 R10 R5 R6 R7 R8
IGP Local AS 304 1110

IGP Label 407 407 907 1007 1007 507 607
VPN Label 716 716 716 716 716 716 716 716
IP IP IP IP IP IP IP IP IP IP IP
Pack. Pack. Pack. Pack. Pack. Pack. Pack. Pack. Pack. Pack. Pack.
Por último como tema de diseño, es recomendable que la red del Serice Provider no sea conocida por el cliente. El comando no
mpls ip propagate-ttl permite esconder la red del SP. Pero tiene la gran desventaja de ocultarla al propio SP. (Es recomendable
además deshabilitar CDP entre la red del Customer y el Provider Edge.
R2(config)#no mpls ip propagate-ttl

R7(config)#no mpls ip propagate-ttl
R1#traceroute 100.0.0.8 0 probe 1

1 172.16.12.2 280 msec
3 172.16.78.8 1152 msec

1 172.16.78.7 144 msec
3 172.16.12.1 620 msec

1 10.1.67.7 476 msec

1 10.1.23.2 536 msec
El comando no mpls ip propagate-ttl forwarded solo esconde el LSP al cliente y las pruebas de troubleshooting del SP pueden
hacerse sin restricciones.
R2(config)#no mpls ip propagate-ttl forwarded
R7(config)#no mpls ip propagate-ttl forwarded

1 172.16.12.2 84 msec
317

3 172.16.78.8 588 msec

8 10.1.67.7 544 msec
318
Capítulo IV: IPv6
319
Seccion MP-BGP on IPv6 (6VPE)
§ IS-IS
§ LDP
§ Los PEs deben ser vrf-aware (interface CE-PE).
LDP para IPv6 no está disponible. MPLS no solo puede transportar paquetes IPv4. Un router P puede perfectamente manejar
paquetes IPv6 sin enterarse.
R2
ip router isis
router isis
net 47.0001.0000.0000.0002.00
ip cef
mpls ip
mpls ldp router-id Loopback0 force
mpls ip
R3
ip router isis
ip router isis
router isis
net 47.0001.0000.0000.0003.00
ip cef
320
mpls ip
mpls ip
mpls ip
R4
ip router isis
router isis
net 47.0001.0000.0000.0004.00
ip cef
mpls ip
mpls ip

R4 Fa0/1 ca03.0a80.0006 Up 25 L2 IS-IS
R2 Fa0/0 ca02.0a68.0008 Up 29 L2 IS-IS
R3#sh ip route isis

Probamos conectividad entre IDs de los PEs (R2-R3)

!!!!!

10.1.1.3:0
Discovery Sources:
Interfaces:
LDP Id: 10.1.1.2:0
LDP Id: 10.1.1.4:0
321

Label Label or VC or Tunnel Id Switched interface
300 Pop Label 10.1.1.2/32 0 Fa0/0 10.1.23.2
301 Pop Label 10.1.1.4/32 0 Fa0/1 10.1.34.4

lib entry: 10.1.1.2/32, rev 8

lib entry: 10.1.1.4/32, rev 10
§ Formar peering MP-BGP entre PEs R2 y R4

§ Usar loopback0 como update-source
§ Crear sesión VPNv6 R2-R4
§ AFI 2
R2
router bgp 1
neighbor 10.1.1.4 update-source loopback 0
exit-address-family
R4
router bgp 1
neighbor 10.1.1.2 update-source loopback 0
!
exit-address-family

10.1.1.4 4 1 3 2 1 0 0 00:00:53 0
322
§ Crear VRF A en PE interface hacia red del cliente. El comando vrf definition es usado para crear la VRF IPv6 (tambien
para la familia IPv4), este comando tiene la ventaja de poder configurar ambas familias (IPv4 /IPv6)
R2
vrf definition A
rd 1:1
address-family ipv6
exit-address-family
interface Serial1/0
vrf forwarding A
no ip address
ipv6 address 2001:1::2/124
R1#ping 2001:1::2
Sending 5, 100-byte ICMP Echos to 2001:1::2, timeout is 2 seconds:
!!!!!
R4
vrf definition A
rd 1:1
address-family ipv6
exit-address-family
interface Serial1/0
vrf forwarding A
no ip address
ipv6 address 2001:2::2/124
R5#ping ipv6 2001:2::2

Sending 5, 100-byte ICMP Echos to 2001:2::2, timeout is 2 seconds:
!!!!!
§ EGP CE-PE Y redistribución en Provider Edge (no requerida en sesion BGP).
R1
router bgp 65001
neighbor 2001:1::2 remote-as 1
address-family ipv6
neighbor 2001:1::2 activate
323
network ABCD::1/128
exit-address-family
R1#debug ip bgp ipv6 unicast

BGP debugging is on for address family: IPv6 Unicast
R2
router bgp 1
exit-address-family
R1#
*Feb 7 16:50:55.555: BGP: 2001:1::2 open active, local address 2001:1::1
*Feb 7 16:50:55.631: BGP: 2001:1::2 read request no-op
*Feb 7 16:50:55.643: BGP: 2001:1::2 went from Active to OpenSent
*Feb 7 16:50:55.643: BGP: 2001:1::2 sending OPEN, version 4, my as: 65001, holdtime 180 seconds
*Feb 7 16:50:55.651: BGP: 2001:1::2 send message type 1, length (incl. header) 45
*Feb 7 16:50:55.755: BGP: 2001:1::2 rcv message type 1, length (excl. header) 26
*Feb 7 16:50:55.759: BGP: 2001:1::2 rcv OPEN, version 4, holdtime 180 seconds
*Feb 7 16:50:55.763: BGP: 2001:1::2 rcv OPEN w/ OPTION parameter len: 16
*Feb 7 16:50:55.763: BGP: 2001:1::2 rcvd OPEN w/ optional parameter type 2 (Capability) len 6
*Feb 7 16:50:55.763: BGP: 2001:1::2 OPEN has CAPABILITY code: 1, length 4
*Feb 7 16:50:55.763: BGP: 2001:1::2 OPEN has MP_EXT CAP for afi/safi: 2/1
*Feb 7 16:50:55.763: BGP: 2001:1::2 OPEN has ROUTE-REFRESH capability(old) for all address-families
*Feb 7 16:50:55.763: BGP: 2001:1::2 OPEN has ROUTE-REFRESH capability(new) for all address-families BGP: 2001:1::2
rcvd OPEN w/ remote AS 1
*Feb 7 16:50:55.763: BGP: 2001:1::2 went from OpenSent to OpenConfirm
*Feb 7 16:50:55.787: BGP: 2001:1::2 went from OpenConfirm to Established
*Feb 7 16:50:55.791: %BGP-5-ADJCHANGE: neighbor 2001:1::2 Up
R1#show ip bgp ipv6 unicast


*> ABCD::1/128 :: 0 32768 i

Bitfield cache entries: current 1 (at peak 1) using 32 bytes of memory
324

10.1.1.4 4 1 48 51 2 0 0 00:46:11 0
2001:1::1 4 65001 8 7 2 0 0 00:04:22 1
R5
router bgp 65005
address-family ipv6
network ABCD::2/128
exit-address-family
R4
router bgp 1
exit-address-family

10.1.1.2 4 1 56 54 4 0 0 00:51:10 1
2001:2::1 4 65005 4 4 4 0 0 00:00:22 1
R1#show ip bgp ipv6 unicast


*> ABCD::1/128 :: 0 32768 i
*> ABCD::2/128 2001:1::2 0 1 65005 i
R2#show bgp vpnv6 unicast vrf A


325

*> ABCD::1/128 2001:1::1 0 0 65001 i
*>iABCD::2/128 ::FFFF:10.1.1.4 0 100 0 65005 i
R1#ping ABCD::2 source ABCD::1

Sending 5, 100-byte ICMP Echos to ABCD::2, timeout is 2 seconds:
Packet sent with a source address of ABCD::1
!!!!!
Para que un traceroute sea alcazable (reachable) debemos publicar la red CE/PE en BGP con ridstribute connected, o usando el
comando network.
router bgp 65001

address-family ipv6
network 2001:1::/124
R1(config-router-af)#do sh bgp ipv6


*> 2001:1::/124 :: 0 32768 i
*> ABCD::1/128 :: 0 32768 i
*> ABCD::2/128 2001:1::2 0 1 65005 i
% NOTE: This command is deprecated. Please use 'show bgp ipv6 unicast'
R1(config-router-af)#do sh bgp ipv6 uni


*> 2001:1::/124 :: 0 32768 i
*> ABCD::1/128 :: 0 32768 i
*> ABCD::2/128 2001:1::2 0 1 65005 i
R5
router bgp 65005
address-family ipv6
network 2001:2::/124
R1#traceroute ipv6 ABCD::2

Tracing the route to ABCD::2
1 2001:1::2 92 msec 48 msec 24 msec
2 ::FFFF:10.1.23.3 [MPLS: Labels 301/401 Exp 0] 164 msec 172 msec 156 msec
3 2001:2::2 [MPLS: Label 401 Exp 0] 76 msec 96 msec 100 msec
4 2001:2::1 104 msec 148 msec 164 msec
326
R1#show ipv6 route bgp

IPv6 Routing Table - Default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
B - BGP, M - MIPv6, R - RIP, I1 - ISIS L1
I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary, D - EIGRP
EX - EIGRP external, N - NEMO
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
B 2001:2::/124 [20/0]
via FE80::2, Serial1/0
B ABCD::2/128 [20/0]
Label Imposition
Cuando un PE recibe un paquete desde un CE mira el paquee IPv6 destino en la VRF correspondiente al CE en la tabla VPNv6
que asocia etiquetas MPLS (top) y next-hop BGP (bottom).
R2#show bgp vpnv6 unicast vrf A ABCD::2/128

BGP routing table entry for [1:1]ABCD::2/128, version 4
2
65005
::FFFF:10.1.1.4 (metric 20) from 10.1.1.4 (10.1.1.4)
R2#show ip cef 10.1.1.4

10.1.1.4/32
nexthop 10.1.23.3 FastEthernet0/0 label 301

200 Pop Label 10.1.1.3/32 0 Fa0/0 10.1.23.3
201 Pop Label 10.1.34.0/24 0 Fa0/0 10.1.23.3
202 301 10.1.1.4/32 0 Fa0/0 10.1.23.3
203 No Label ABCD::1/128[V] 520 Se1/0 point2point
204 No Label 2001:1::/124[V] 4392 aggregate/A
R4#show ip cef 10.1.1.2/32

10.1.1.2/32
R5#traceroute ABCD::1
Tracing the route to ABCD::1
1 2001:2::2 44 msec 88 msec 20 msec
2 ::FFFF:10.1.34.3 [MPLS: Labels 300/203 Exp 0] 188 msec 112 msec 88 msec
3 2001:1::2 [AS 65001] [MPLS: Label 203 Exp 0] 132 msec 132 msec 128 msec
4 2001:1::1 [AS 65001] 156 msec 148 msec 164 msec
R5#show ipv6 route bgp updated

IPv6 Routing Table - Default - 6 entries
327

EX - EIGRP external
B 2001:1::/124 [20/0]
Last updated 17:05:54 07 February 2011
B ABCD::1/128 [20/0]
328
Dual Stack IPv6 (6PE) y MPLS VPNv4 sobre MPLS Backbone
Este metodo permite correr IPv6 directamente sobre MPLS, sin necesidad de MPLS VPN, no existen interfaces VRF. Los router CE IPv6 se
ven entre ellos.
Los PE deben usar dual stack (IPv4/IPv6). Los CE se conectan al PE normalmente, la interface no es parte de alguna VRF para IPv6 aunque
podría tratarse de una interface VRF para IPv4. La redistribución entre PEs se realiza a través de MP-BGP, al mismo tiempo distribuye las
labels asociadas a los prefijos IPv6.
En este laboratorio implementaremos 6PE en conjunto con MPLS VPNv4 usando la misma interface CE-PE.
Los PEs estan en malla completa MP-iBGP. iBGP redistribuye los prefijos IPv6 y les asocia labels (IPv6 + label).
§ Configurar Backbone con utilizando OSPF 1 Area 0

§ Configurar LDP en Backbone
§ Crear sesion IPv6 BGP malla completa entre los PEs R2, R3 y R5
R2
router ospf 1
router-id 10.1.1.2
ip ospf 1 area 0
ip ospf 1 area 0
interface Loopback0
ip ospf 1 area 0
R3
router ospf 1
router-id 10.1.1.3
329
ip ospf 1 area 0
ip ospf 1 area 0
interface Loopback0
ip ospf 1 area 0
R4
router ospf 1
router-id 10.1.1.4
ip ospf 1 area 0
ip ospf 1 area 0
ip ospf 1 area 0
interface Loopback0
ip ospf 1 area 0
R5
router ospf 1
router-id 10.1.1.5
ip ospf 1 area 0
interface Loopback0
ip ospf 1 area 0


R2#sh ip route ospf | i 10.1.1.

330

R2#ping 10.1.1.3 source 10.1.1.2

!!!!!
R2#ping 10.1.1.4 source 10.1.1.2

!!!!!
R2#ping 10.1.1.5 source 10.1.1.2

!!!!!
R2
ip cef
mpls ip
mpls ip
mpls ip
R3
ip cef
mpls ip
mpls ip
mpls ip
331
R4
ip cef
mpls ip
mpls ip
mpls ip
mpls ip
R5
ip cef
mpls ip
mpls ip

10.1.1.2:0
Discovery Sources:
Interfaces:
LDP Id: 10.1.1.3:0
LDP Id: 10.1.1.4:0

10.1.1.3:0
Discovery Sources:
Interfaces:
LDP Id: 10.1.1.2:0
LDP Id: 10.1.1.4:0

10.1.1.4:0
Discovery Sources:
Interfaces:
LDP Id: 10.1.1.2:0
LDP Id: 10.1.1.3:0
LDP Id: 10.1.1.5:0
332

400 Pop Label 10.1.1.2/32 0 Fa0/0 10.1.24.2
401 Pop Label 10.1.1.3/32 0 Fa0/1 10.1.34.3
402 Pop Label 10.1.1.5/32 126 Fa1/0 10.1.45.5
403 Pop Label 10.1.23.0/24 0 Fa0/0 10.1.24.2
Pop Label 10.1.23.0/24 0 Fa0/1 10.1.34.3
§ Crear sesion IPv6 BGP malla completa entre los PEs R2, R3 y R5
R2
router bgp 1
address-family ipv6
R3
router bgp 1
address-family ipv6
R5
router bgp 1
address-family ipv6
333


10.1.1.2 4 1 3 3 1 0 0 00:00:36 0
10.1.1.3 4 1 3 3 1 0 0 00:00:27 0


10.1.1.3 4 1 5 4 1 0 0 00:02:58 0
10.1.1.5 4 1 4 4 1 0 0 00:01:36 0


10.1.1.2 4 1 5 6 1 0 0 00:03:55 0
10.1.1.5 4 1 5 5 1 0 0 00:02:25 0
§ Configurar IGP CE-PE OSPFv3 en los tres sitios (sin eleccion de DR).
§ R2 utiliza router-id 2.2.2.2, R3 router-id 3.3.3.3 y R5 router-id 5.5.5.5
§ Redistribuir OSPFv3 dentro del BB.
§ Redistribuir BGP dentro de OSPFv3 (usar proceso 10 en todos los caso OSPFv3)
Nota: Los procesos OSPF IPv4 e IPv6 son independientes. Podemos configurar usando el mismo numero de proceso. Las
configuraciones iniciales incluyen las entradas link-local. Si queremos un mayor control no debemos permitir que el proceso
escoja la LL.
R1
ipv6 router ospf 10
router-id 100.1.1.1
interface Loopback0
ipv6 ospf 10 area 0
ipv6 ospf network point-to-point
ipv6 ospf 10 area 0
R2
ipv6 router ospf 10
router-id 2.2.2.2
ipv6 ospf 10 area 0
R1#show ipv6 ospf neighbor

Neighbor ID Pri State Dead Time Interface ID Interface
2.2.2.2 1 FULL/ - 00:00:35 5 FastEthernet0/0
334
R6
ipv6 router ospf 10
router-id 100.1.1.6
interface Loopback0
ipv6 ospf 10 area 0
ipv6 ospf 10 area 0
R3
ipv6 router ospf 10
router-id 3.3.3.3
ipv6 ospf 10 area 0

R7
ipv6 router ospf 10
router-id 100.1.1.7
interface Loopback0
ipv6 ospf 10 area 0
ipv6 ospf 10 area 0
R5
ipv6 router ospf 10
router-id 5.5.5.5
ipv6 ospf 10 area 0

§ Redistribuir OSPFv3 dentro del BB.

§ Redistribuir BGP dentro de OSPFv3 (usar proceso 10 en todos los caso OSPFv3)
R2
router bgp 1
address-family ipv6
redistribute ospf 10
335
ipv6 router ospf 10

redistribute bgp 1
R3
router bgp 1
address-family ipv6
ipv6 router ospf 10

redistribute bgp 1
R5
router bgp 1
address-family ipv6
ipv6 router ospf 10

redistribute bgp 1
La siguiente salida muestra que R2 ha instalado los prefijos desde ambos sitios sin embarego no sabe como alcanzarlos. Podríamos
estar tentados de decir que el next-hop no es conocido por R2. La cuestión es otra, debemos enviar labels via MP-iBGP para la
address-familly ipv6.
R2#show bgp ipv6 unicast


*> BBC::1/128 :: 1 32768 ?
* iBBC::6/128 ::FFFF:10.1.1.3 1 100 0 ?
* iBBC::7/128 ::FFFF:10.1.1.5 1 100 0 ?
* i2000:1:36::/124 ::FFFF:10.1.1.3 0 100 0 ?
* i2000:1:57::/124 ::FFFF:10.1.1.5 0 100 0 ?
*> 2000:12::/124 :: 0 32768 ?
R2
router bgp 1
address-family ipv6
R3
router bgp 1
address-family ipv6
R5
router bgp 1
address-family ipv6
336
Comprobación


*> BBC::1/128 :: 1 32768 ?
*>iBBC::6/128 ::FFFF:10.1.1.3 1 100 0 ?
*>iBBC::7/128 ::FFFF:10.1.1.5 1 100 0 ?
*> 2000:1:12::/124 :: 0 32768 ?
*>i2000:1:36::/124 ::FFFF:10.1.1.3 0 100 0 ?
*>i2000:1:57::/124 ::FFFF:10.1.1.5 0 100 0 ?
R2#show bgp ipv6 unicast neighbors | i neighbor is |Label capabilit

BGP neighbor is 10.1.1.3, remote AS 1, internal link
ipv6 MPLS Label capability: advertised and received
BGP neighbor is 10.1.1.5, remote AS 1, internal link
ipv6 MPLS Label capability: advertised and received
R2#show ipv6 route BBC::7/128

Routing entry for BBC::7/128
Known via "bgp 1", distance 200, metric 1, type internal
Redistributing via ospf 10
Route count is 1/1, share count 0
Routing paths:
10.1.1.5%Default-IP-Routing-Table indirectly connected
MPLS Required
Last updated 00:13:17 ago

Known via "ospf 10", distance 110, metric 1, type intra area
Redistributing via bgp 1
Routing paths:
FE80::1, FastEthernet0/1

Known via "bgp 1", distance 200, metric 1, type internal
Redistributing via ospf 10
Routing paths:
10.1.1.3%Default-IP-Routing-Table indirectly connected
MPLS Required
R2#show bgp ipv6 unicast labels

BBC::1/128 :: 206/nolabel
BBC::6/128 ::FFFF:10.1.1.3 nolabel/306
BBC::7/128 ::FFFF:10.1.1.5 nolabel/507
2000:1:12::/124 :: 205/nolabel
337
2000:1:36::/124 ::FFFF:10.1.1.3 nolabel/305

2000:1:57::/124 ::FFFF:10.1.1.5 nolabel/506
El siguiente traceroute nos muestra que los paquetes IPv6 tienen dos labels. Esto se debe a que los router Provider (P) no están
configurados para IPv6, ellos toman decisiones en base a labels unicamente en este escenario. Si R4 tuviera el comportamiento
por defecto, haría un POP label, es decir, retira la etiqueta superior y envía el paquete IPv6 a R5 sin etiquetas, pero como
dijimos, R4 no entiende IPv6 y al despojar la ultima etiqueta se quedaría con un paquete IPv6, no sabría que hacer y lo
descartaría, por eso es importante que se tulicen dos etiquetas, la superior para el next-hop (507 para el ejemplo), y la inferior
que identifica el prefijo IPv6 (402).

lib entry: 10.1.1.5/32, rev 8
R1#traceroute
Protocol [ip]: ipv6
Target IPv6 address: bbc::7
Source address: bbc::1
Insert source routing header? [no]:
Numeric display? [no]:
Probe count [3]: 1
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Priority [0]:
Port Number [0]:
Tracing the route to BBC::7
1 2000:1:12::2 92 msec
2 ::FFFF:10.1.24.4 [MPLS: Labels 402/507 Exp 0] 240 msec
3 2000:1:57::5 [MPLS: Label 507 Exp 0] 204 msec
4 2000:1:57::7 156 msec
R2#show ipv6 cef bbc::7/128 detail

BBC::7/128, epoch 0
recursive via 10.1.1.5 label 507
R2#show mpls forwarding-table BBC::7/128 detail

None 507 BBC::7/128 0 Fa1/0 10.1.24.4
MAC/Encaps=14/22, MRU=1496, Label Stack{402 507}
CA0502880008CA040AE8001C8847 00192000001FB000
No output feature configured
338
IPv4 Stack
Los 3 sitios pueden comunicarse usando OSPFv3. Queremos ademas que exista comunicación BGP IPv4 entre sitios. Esto nos da
la idea que usaremos dual Stack (IPv4 + IPv4) entre CE y PE (los router P nunca saben que estan
§ Formar Sesion full mesh MP-iBGP utilizando loopback 0 entre R2, R3 y R5.
§ Crear VRF A usando RD 1:1 y RT 1:100
§ Habilitar la VRF en la interface de cara al CE
§ Configurar BGP PE-CE como muestra la figura
§ Los router CE deben publicar su loopback0 ipv4.
R2
router bgp 1
R3
router bgp 1
R5
router bgp 1
339


10.1.1.3 4 1 71 67 1 0 0 00:01:50 0
10.1.1.5 4 1 64 66 1 0 0 00:01:03 0


10.1.1.2 4 1 67 71 1 0 0 00:02:34 0
10.1.1.5 4 1 69 67 1 0 0 00:02:01 0


10.1.1.2 4 1 67 65 1 0 0 00:02:40 0
10.1.1.3 4 1 68 70 1 0 0 00:02:54 0
§ Crear VRF A usando RD 1:1 y RT 1:100 en los tres sitios.
La primera solución como hemos visto, no requiere VRF. Ahora queremos crear una VPN entre sitios.
R2
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 10.1.12.2 255.255.255.0
R2#show vrf detail

VRF A; default RD 1:1; default VPNID <not set>
Interfaces:
Fa0/1
Address family ipv4 (Table ID = 0x1):
Export VPN route-target communities
RT:1:100
Import VPN route-target communities
RT:1:100
No import route-map
No export route-map
VRF label distribution protocol: not configured
VRF label allocation mode: per-prefix
Address family ipv6 not active.
340
R1#ping 10.1.12.2
!!!!!
R3
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 10.1.36.3 255.255.255.0
R3#show vrf detail

VRF A; default RD 1:1; default VPNID <not set>
Interfaces:
Fa0/1
Address family ipv4 (Table ID = 0x1):
Export VPN route-target communities
RT:1:100
Import VPN route-target communities
RT:1:100
No import route-map
No export route-map
VRF label distribution protocol: not configured
VRF label allocation mode: per-prefix
Address family ipv6 not active.
R6#ping 10.1.36.3
!!!!!
R5
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 10.1.57.5 255.255.255.0
R7#ping 10.1.57.5
!!!!!
341
§ Configurar BGP PE-CE como muestra la figura

§ Los router CE deben publicar su loopback0 ipv4.
R1
router bgp 65001
no synchronization
network 100.1.1.1 mask 255.255.255.255
no auto-summary
R2
router bgp 1
no synchronization
exit-address-family


*> 10.1.12.0/24 0.0.0.0 0 32768 ?
*> 100.1.1.1/32 10.1.12.1 0 0 65001 i
R2#ping vrf A 100.1.1.1

!!!!!
R6
router bgp 2
no synchronization
network 100.1.1.6 mask 255.255.255.255
no auto-summary
R3
router bgp 1
342


10.1.1.2 4 1 87 92 8 0 0 00:20:25 2
10.1.1.5 4 1 88 88 8 0 0 00:19:52 0
10.1.36.6 4 2 4 7 8 0 0 00:00:33 1
R7
router bgp 65001
no synchronization
network 100.1.1.7 mask 255.255.255.255
no auto-summary
R5
router bgp 1


10.1.1.2 4 1 91 90 15 0 0 00:23:15 1
10.1.1.3 4 1 92 95 15 0 0 00:23:29 2
10.1.57.7 4 65001 11 18 15 0 0 00:00:06 1
343
Puesto que R1 y R7 pertenecen al mismo AS debemos modificar el PE o el CE para saltarnos el mecanismo de prevención de loop
de BGP (no aceptar una actualización que contenga nuestro propio AS). Podemos decirle al PE que se haga pasar por el AS 65001,
o permitir sin preambulos una instancia o mas del mismo AS al que pertenece el CE.
R1
router bgp 65001
neighbor 10.1.12.2 allowas-in
R7
router bgp 65001
neighbor 10.1.57.5 allowas-in 1
R1#sh ip route bgp

B 100.1.1.6 [20/0] via 10.1.12.2, 00:00:38
B 100.1.1.7 [20/0] via 10.1.12.2, 00:03:39
B 10.1.36.0 [20/0] via 10.1.12.2, 00:07:47
B 10.1.57.0 [20/0] via 10.1.12.2, 00:07:47
R6#sh ip route bgp

B 100.1.1.7 [20/0] via 10.1.36.3, 00:00:59
B 100.1.1.1 [20/0] via 10.1.36.3, 00:00:59
B 10.1.12.0 [20/0] via 10.1.36.3, 00:00:59
B 10.1.57.0 [20/0] via 10.1.36.3, 00:00:59
R7#sh ip route bgp

B 100.1.1.6 [20/0] via 10.1.57.5, 00:00:00
B 100.1.1.1 [20/0] via 10.1.57.5, 00:01:28
B 10.1.12.0 [20/0] via 10.1.57.5, 00:09:17
B 10.1.36.0 [20/0] via 10.1.57.5, 00:09:17

1 10.1.12.2 [AS 1] 124 msec
4 10.1.57.7 [AS 1] 216 msec

1 10.1.12.2 [AS 1] 188 msec
3 10.1.36.6 [AS 1] 308 msec

1 10.1.36.3 [AS 1] 168 msec
3 10.1.12.1 [AS 1] 192 msec
344

1 10.1.57.5 [AS 1] 28 msec
4 10.1.36.6 [AS 1] 184 msec

1 10.1.57.5 [AS 1] 92 msec
4 10.1.12.1 [AS 1] 228 msec
345
IPv6 sobre MPLS AToM
§ OSPFv2
§ LDP
Con este metodo la carga transportada es L2 y es una alternativa a 6PE o 6VPE. Alivia la necesidad de que el SP tenga que implentar IPv6 en el
Backbone auqneu este debe transportar tramas lo que representa una carga extra además de que los PW son p2p a diferencia de 6PE y 6VPE
que son todos a todos.
R2
router ospf 1
router-id 10.1.1.2
ip ospf 1 area 0
interface Loopback0
ip ospf 1 area 0
R3
router ospf 1
router-id 10.1.1.3
ip ospf 1 area 0
ip ospf 1 area 0
interface Loopback0
ip ospf 1 area 0
R4
router ospf 1
router-id 10.1.1.4
ip ospf 1 area 0
346
interface Loopback0
ip ospf 1 area 0
R2
ip cef
mpls ip
mpls ip
R3
ip cef
mpls ip
mpls ip
mpls ip
R4
ip cef
mpls ip
mpls ip
§ Configurar AToM R2 F0/1 y R4 F0/0

§ Comprobar conectividad entre R1 y R5
§ Los CEs no deben descubrir los PEs del Provider por medio de CDP
§ Habilitar IS-IS IPv6 entre CEs R1 y R5
R2
R4
347
R2#show mpls ldp neighbor 10.1.1.4

TCP connection: 10.1.1.4.55750 - 10.1.1.2.646
Up time: 00:02:44
10.1.34.4 10.1.1.4

TCP connection: 10.1.1.2.646 - 10.1.1.4.55750
Up time: 00:03:04
10.1.23.2 10.1.1.2
R1#ping 2000:1:15::5
Sending 5, 100-byte ICMP Echos to 2000:1:15::5, timeout is 2 seconds:
!!!!!
R5#ping 2000:1:15::1
Sending 5, 100-byte ICMP Echos to 2000:1:15::1, timeout is 2 seconds:
!!!!!

R2 Fas 0/1 124 R 7206VXR Fas 0/1
R5 Fas 0/1 165 R 7206VXR Fas 0/0

R1 Fas 0/0 123 R 7206VXR Fas 0/1
R4 Fas 0/0 125 R 7206VXR Fas 0/0
R2
no cdp enable
R4
no cdp enable
R1#clear cdp table
R5#clear cdp table
348

R5 Fas 0/1 150 R 7206VXR Fas 0/0

R1 Fas 0/0 163 R 7206VXR Fas 0/1
§ Habilitar EIGRP IPv6 entre CEs R1 y R5
Comprobar porque no da resultados (estoy usando (C7200-ADVENTERPRISEK9_SNA-M), Version 15.0(1)M, RELEASE

SOFTWARE (fc2)).
R1
ipv6 router eigrp 100
no shutdown
ipv6 eigrp 100
interface Loopback0
ipv6 eigrp 100
R5
ipv6 router eigrp 100
no shutdown
ipv6 eigrp 100
interface Loopback0
ipv6 eigrp 100
R1#show ipv6 eigrp neighbors detail

EIGRP-IPv6 Neighbors for AS(100)
(sec) (ms) Cnt Num
0 Link-local address: Fa0/1 11 00:04:43 227 1362 0 4
FE80::5
Version 5.0/3.0, Retrans: 1, Retries: 0, Prefixes: 2
Topology-ids from peer – 0
R1#show ipv6 route eigrp updated

IPv6 Routing Table - default - 5 entries
EX - EIGRP external, ND - Neighbor Discovery
D BBC::5/128 [90/156160]
via FE80::5, FastEthernet0/1
349
R1#ping bbc::5 source bbc::1

Sending 5, 100-byte ICMP Echos to BBC::5, timeout is 2 seconds:
Packet sent with a source address of BBC::1
!!!!!
§ Configurar IPv6 OSPF, IPv6 EIGRP será seleccionado en caso que OSPFv3 sea deshabilitado.
R1
interface Loopback0
ipv6 ospf 1 area 0
ipv6 ospf 1 area 0
ipv6 router ospf 1

router-id 100.1.1.1
distance 50
R5
interface Loopback0
ipv6 ospf 1 area 0
ipv6 ospf 1 area 0
ipv6 router ospf 1

router-id 100.1.1.5
distance 50

R1#show ipv6 route ospf updated

O BBC::5/128 [50/1]
R5#show ipv6 route ospf

350

O BBC::1/128 [50/1]
Deshabilitamos OSPFv3
R1(config)#no ipv6 router ospf 1

R5(config)#no ipv6 router ospf 1

D BBC::5/128 [90/156160]

D BBC::1/128 [90/156160]
351
Capítulo V: High Availability
352
Sección HSRP
Pre LAB
§ Formar conectividad entre sitios utilizando enrutamiento estático.

§ R1 debe crear la puerta de enlace (Gateway) 172.16.1.100.
Sitio1
R1
ip route 0.0.0.0 0.0.0.0 172.16.1.100
R2
ip route 200.0.0.1 255.255.255.255 172.16.1.1
ip route 172.16.2.0 255.255.255.0 10.1.24.4
R3
ip route 200.0.0.1 255.255.255.255 172.16.1.1
ip route 172.16.2.0 255.255.255.0 10.1.35.5
Sitio2
R6
353
ip route 0.0.0.0 0.0.0.0 172.16.2.100
R4
ip route 200.0.0.6 255.255.255.255 172.16.2.6
ip route 172.16.1.0 255.255.255.0 10.1.24.2
R5
ip route 200.0.0.6 255.255.255.255 172.16.2.6
ip route 172.16.1.0 255.255.255.0 10.1.35.3

S 200.0.0.1 [1/0] via 172.16.1.1
S 172.16.2.0 [1/0] via 10.1.24.4
R2#ping 172.16.2.6
!!!!!

S 200.0.0.6 [1/0] via 172.16.2.6
S 172.16.1.0 [1/0] via 10.1.35.3
R5#ping 172.16.1.1 source fastEthernet 0/0

!!!!!
§ Configurar R2 como router activo HSRP y R3 respaldo (STANDBY).

§ Configurar R4 como router activo HSRP y R5 respaldo (STANDBY).
Un router de respaldo debe tomar el rol activo si:

§ El enlace Frame-Relay en el router activo no presenta señal de linea (L2)
§ El router activo deja de funcionar.
Sitio1
En los routers HSRP definimos la dirección que será usada como puerta de enlace por R1. Modificamos la prioridad tanto en R2
como en R3, lo importante es que R2 siempre tenga un número de prioridad mayor, la prioridad define los roles en un dominio
HSRP.
Debemos tener en cuenta que HSRP soporta preempt , esto quiere decir que si un router HSRP con una prioridad mayor se
conecta al segmento de red éste adoptará el papel de activo, aunque ya exista otro cumpliendo ese papel.
R2
standby 10 ip 172.16.1.100
standby 10 priority 101
standby 10 preempt
R3
standby 10 ip 172.16.1.100
354
standby 10 preempt
Verificamos que R2 sea el router activo y R3 el respaldo:
R2#show standby
FastEthernet0/0 - Group 10
State is Active
2 state changes, last state change 00:55:27
Virtual IP address is 172.16.1.100
Active virtual MAC address is 0000.0c07.ac0a
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.744 secs
Preemption enabled
Active router is local
Standby router is 172.16.1.3, priority 95 (expires in 10.112 sec)
Priority 101 (configured 101)
Group name is "hsrp-Fa0/0-10" (default)
R3#show standby
State is Standby
1 state change, last state change 00:55:55
Preemption enabled
Active router is 172.16.1.2, priority 101 (expires in 8.272 sec)
Standby router is local
Sitio2
R4
standby 10 ip 172.16.2.100
standby 10 preempt
R5
standby 10 ip 172.16.2.100
standby 10 preempt
355
R4#show standby
State is Active
Preemption enabled
Active router is local
Standby router is 172.16.2.5, priority 95 (expires in 10.112 sec)
R5#show standby
State is Standby
1 state change, last state change 01:04:40
Preemption enabled
Tener presente que no debemos establecer cualquier número en la prioridad (esto aplica tanto a VRRP como HSRP). Debe ser
consistente con el valor de decremento, es decir, si por ejemplo R2 con prioridad 100 no tiene señal del enlace FR, este
disminuirá su prioridad en 10. Si R3 tiene configurada una prioridad HSRP de 90 se producirá un problema (ambos routers con la
misma prioridad), el proceso HSRP tomará como router activo el que tenga la dirección IP mayor, y puede darse la casualidad
que sea el mismo router que debería pasar al modo Standby. Para evitar esto debemos establecer números relativamente
cercanos, por ejemplo 101 para el router activo, y 95 para el router respaldo, si el activo cae disminuye a 91 su prioridad, el
respaldo con 95 toma de inmediato el rol activo.
Para sondear el enlace Frame-Relay podemos utilizar el comando track como se muestra a continuación:
Sitio1
R2
track 23 interface Serial1/0 line-protocol
standby 10 track 23 decrement 10
R3
R2#show standby | b Track

Track object 23 state Up decrement 10
356
R4#show standby | b Track

Sitio2
R4
R5
En este punto podemos ver si nuestra red se comporta según lo esperado.

R1 tiene conectividad con el GW virtual:
R1#ping 172.16.1.100
!!!!!
R1 sale a través de R2. R2 es el router Active.
1 172.16.1.2 68 msec 28 msec 40 msec
2 10.1.24.4 56 msec 60 msec 40 msec
3 172.16.2.6 164 msec * 92 msec
Para comprobar que funciona este esquema generamos tráfico con un simple ping desde R1 a R6.
En R2 cerramos la interface serial
R2(config)#interface serial 1/0

R1#ping 172.16.2.6 repeat 10000

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!.....................
A pesar de todos los esfuerzos no se produce el comportamiento esperado, R1 pierde conectividad con R6.
La razón es que ciertas tecnologías L2 como Frame-Relay son localmente significativas y solo requieren mantener conexión con el
SW FR local; en nuestro caso, la serial de R2 está caída.
357
R2#show ip int brief serial 1/0

Serial1/0 10.1.24.2 YES manual administratively down down
Sin embargo la interface que conecta R4 con el SW Frame-Relay está UP:
R4#show ip int brief serial 1/0

Serial1/0 10.1.24.4 YES manual up up
R2#show standby all brief

P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Fa0/0 10 91 P Standby 172.16.1.3 local 172.16.1.100

|
Fa0/0 10 95 P Active local 172.16.1.2 172.16.1.100
Puesto que R2 sondea el enlace y nota de inmediato que la interface serial 1/0 está caída, se convierte en Stanby HSRP en Sitio1,
sin embargo, no sucede lo mismo en Sitio2 y R4 sigue actuando como router activo a pesar de no tener conectividad con R2.
Podemos solucionar este problema con alguno protocolo de enrutamiento interior (IGP) que genere keepalive, o generar
artificialmente keepalive usando IP SLA, como veremos más adelante.
Si volvemos a levantar la interface serial de R2 veremos el comportamiento de preempt. El tracking comprueba ahora que la
interface serial está UP. R2 se publica a si mismo con una prioridad de 101 en HSRP que es mayor que 95 de R3, y se convierte
nuevamente en el router activo.

R2(config-if)#no shutdown

Fa0/0 10 101 P Active local 172.16.1.3 172.16.1.100
Para corregir el problema y mantener conectividad entre los sitios podemos utilizar una combinación de IP SLA y tracking. IP
SLA nos permiten en esta sección sondear las seriales de nuestros vecinos, vale decir, la actividad que se produce a través de todo
el enlace FR.
La forma de configurar SLA varía entre plataformas. La que presentamos aquí corresponde al IOS 12.4(20)T
R2
ip sla 10
icmp-echo 10.1.24.4
frequency 5
ip sla schedule 10 life forever start-time now
track 10 ip sla 10 reachability

358
standby 10 preempt delay minimum 1
R3
ip sla 10
icmp-echo 10.1.35.5
frequency 5
R4
ip sla 10
icmp-echo 10.1.24.2
frequency 5
R5
ip sla 10
icmp-echo 10.1.35.3
frequency 5
R2(config-if)#int s1/0
R2(config-if)#
%TRACKING-5-STATE: 23 interface Se1/0 line-protocol Up->Down
R2(config-if)#
%LINK-5-CHANGED: Interface Serial1/0, changed state to administratively down
R2(config-if)#
%ENTITY_ALARM-6-INFO: ASSERT INFO Se1/0 Physical Port Administrative State Down
R2(config-if)#
%HSRP-5-STATECHANGE: FastEthernet0/0 Grp 10 state Active -> Speak
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down
R2(config-if)#
%TRACKING-5-STATE: 10 ip sla 10 reachability Up->Down
R2(config-if)#
%HSRP-5-STATECHANGE: FastEthernet0/0 Grp 10 state Speak -> Standby
359
Como podemos ver R2 y R4 cambian de estado Active a Standby. R3 y R5 cambian de estado Standby a Active. Es el
comportamiento deseado.
R2#show standby
State is Standby
Preemption enabled, delay min 1 secs
Track object 10 state Down decrement 10

|
Fa0/0 10 95 P Active local 172.16.1.2 172.16.1.100

|
Fa0/0 10 91 P Standby 172.16.2.5 local 172.16.2.100

|
Fa0/0 10 95 P Active local 172.16.2.4 172.16.2.100
Generamos nuevamente tráfico con un ping desde R1 a R6. Esta vez solo existe un pequeño retardo y luego R3 actúa como GW y
R1 puede alcanzar a R6.
R1#ping 172.16.2.6 repeat 10000

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!.........!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.
R2#show ip sla statistics

IPSLAs Latest Operation Statistics
IPSLA operation id: 10

Latest RTT: NoConnection/Busy/Timeout
Latest operation start time: *22:38:46.546 UTC Wed Mar 17 2010
Latest operation return code: Timeout
Number of successes: 0
360
Number of failures: 177

Operation time to live: Forever


Latest RTT: 52 milliseconds
Latest operation return code: OK


Latest RTT: NoConnection/Busy/Timeout
Latest operation return code: Timeout


Latest RTT: 32 milliseconds
Latest operation return code: OK
Rehabilitamos el enlace R2/R4

R2(config-if)#
%TRACKING-5-STATE: 23 interface Se1/0 line-protocol Down->Up
R2(config-if)#
%LINK-3-UPDOWN: Interface Serial1/0, changed state to up
R2(config-if)#
%ENTITY_ALARM-6-INFO: CLEAR INFO Se1/0 Physical Port Administrative State Down
R2(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
R2(config-if)#
%TRACKING-5-STATE: 10 ip sla 10 reachability Down->Up
R2#
%HSRP-5-STATECHANGE: FastEthernet0/0 Grp 10 state Standby -> Active
1 172.16.1.2 84 msec 72 msec 28 msec
2 10.1.24.4 76 msec 40 msec 72 msec
3 172.16.2.6 120 msec * 100 msec
361
Sección VRRP
Pre LAB
Utilizaremos equilibrado de carga (Load-Sharing)
§ Formar conectividad entre sitios utilizando enrutamiento estático.

Sitio1
R1
ip route 0.0.0.0 0.0.0.0 172.16.1.100 1
R2
ip route 200.0.0.1 255.255.255.255 172.16.1.1
ip route 172.16.2.0 255.255.255.0 10.1.24.4
R3
ip route 200.0.0.1 255.255.255.255 172.16.1.1
ip route 172.16.2.0 255.255.255.0 10.1.35.5
362
Sitio2
R6
ip route 0.0.0.0 0.0.0.0 172.16.2.100
R4
ip route 200.0.0.6 255.255.255.255 172.16.2.6
ip route 172.16.1.0 255.255.255.0 10.1.24.2
R5
ip route 200.0.0.6 255.255.255.255 172.16.2.6
ip route 172.16.1.0 255.255.255.0 10.1.35.3

S 200.0.0.1 [1/0] via 172.16.1.1
S 172.16.2.0 [1/0] via 10.1.24.4
R2#ping 172.16.2.0
!!!!!

S 200.0.0.1 [1/0] via 172.16.1.1
S 172.16.2.0 [1/0] via 10.1.35.5
R3#ping 172.16.2.0
!!!!!
§ Configurar R2 como Master VRRP y R3 Backup para la ip address 172.16.1.100

§ Configurar R2 como Master VRRP y R3 Backup para la ip address 172.16.2.100
R2
vrrp 10 ip 172.16.1.100
vrrp 10 priority 150
vrrp 10 preempt
R3
vrrp 10 ip 172.16.1.100
vrrp 10 preempt
363
R2#show vrrp
State is Master
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 150
Master Router is 172.16.1.2 (local), priority is 150
Master Advertisement interval is 1.000 sec
Master Down interval is 3.414 sec
R3#show vrrp
State is Backup
Preemption enabled
Priority is 100
Master Router is 172.16.1.2, priority is 150
Master Down interval is 3.609 sec (expires in 3.253 sec)
R4
vrrp 10 ip 172.16.2.100
vrrp 10 preempt
R5
vrrp 10 ip 172.16.2.100
vrrp 10 preempt
R4#show vrrp
State is Master
Preemption enabled
Priority is 150
R5#show vrrp
State is Backup
Preemption enabled
Priority is 100
364
R1#ping 172.16.1.100
!!!!!
R2 es el Master VRRP por tanto es el GW de salida para alcanzar a R6.
1 172.16.1.2 128 msec 64 msec 28 msec

2 10.1.24.4 72 msec 60 msec 52 msec
3 172.16.2.6 108 msec * 116 msec
Un router de respaldo debe tomar el rol activo si:

§ El enlace HDLC en el router activo no presenta señal de línea (L2)
§ El router activo deja de funcionar.
Esta tarea requiere utilizar el comando track para determinar el estado de la interface serial. Considerar que el valor de
decremento de VRRP para el track es de 10, este valor no es suficiente para que el router Backup asuma el papel de Master. Lo
modificamos a 60 en R2 y R4.
R2
carrier-delay
vrrp 10 track 10 decrement 60
R3
carrier-delay
vrrp 10 track 10
R4
carrier-delay
vrrp 10 track 10 decrement 60
R5
carrier-delay
vrrp 10 track 10
365
Verificación

R2(config-if)#
%LINK-5-CHANGED: Interface Serial1/0, changed state to administratively down
%ENTITY_ALARM-6-INFO: ASSERT INFO Se1/0 Physical Port Administrative State Down
R2(config-if)#
%TRACKING-5-STATE: 10 interface Se1/0 line-protocol Up->Down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down
R2(config-if)#
%VRRP-6-STATECHANGE: Fa0/0 Grp 10 state Master -> Backup
R2#show vrrp
State is Backup
Preemption enabled
Priority is 90 (cfgd 150)
Track object 10 state Down decrement 60
R3#show vrrp
State is Master
Preemption enabled
Priority is 100
Los routers R2 y R4 bajan su prioridad al no detectar señal , por tanto el camino (path) que sigue R1 para alcanzar a R6 es ahora a
través del enlace R3/R5.
Tanto R2 como R4 ahora son Backup. Notar que el decremento de las prioridades en ambos es de 90. Como R3 y R5 tienen la
prioridad por defecto 100 son ahora routers VRRP Masters.
1 172.16.1.3 68 msec 60 msec 40 msec
2 10.1.35.5 84 msec 40 msec 60 msec
3 172.16.2.6 124 msec * 104 msec
366
Load Sharing
§ Borrar configuración VRRP anterior y subir interface serial de R2.
En R2/R3/R4/R5
(config-if)#no vrrp 10
R2(config-if)#int s1/0
§ Configurar R2 como Master VRRP y R3 Backup para la dirección IP 172.16.1.100.

§ Configurar R2 como Backup VRRP y R3 Master para la dirección IP 172.16.1.101.
§ Configurar R4 como Master VRRP y R5 Backup para la dirección IP 172.16.2.100.
§ Configurar R4 como Backup VRRP y R5 Master para la dirección IP 172.16.2.101.
R1 y R6 deben tener dos rutas estaticas con igual distancia administrativa (AD 69)para que exista balance de carga.
R1
ip route 0.0.0.0 0.0.0.0 172.16.1.101 69
ip route 0.0.0.0 0.0.0.0 172.16.1.100 69

S* 0.0.0.0/0 [69/0] via 172.16.1.101
[69/0] via 172.16.1.100
R6
ip route 0.0.0.0 0.0.0.0 172.16.2.101 69
ip route 0.0.0.0 0.0.0.0 172.16.2.100 69

S* 0.0.0.0/0 [69/0] via 172.16.2.101
[69/0] via 172.16.2.100
Para lograr que la carga se comparta entre los dos puntos de salida, debemos crear dos procesos en VRRP. Un router actúa para
un proceso como Master y para el otro como Backup.
R2
vrrp 10 ip 172.16.1.100
vrrp 20 ip 172.16.1.101
no vrrp 20 preempt
R3
vrrp 10 ip 172.16.1.100
no vrrp 10 preempt
vrrp 20 ip 172.16.1.101
367
R2#show vrrp brief

Interface Grp Pri Time Own Pre State Master addr Group addr
Fa0/0 10 200 3218 Y Master 172.16.1.2 172.16.1.100
Fa0/0 20 100 3609 Backup 172.16.1.3 172.16.1.101
R3#show vrrp brief

Fa0/0 10 100 3609 Backup 172.16.1.2 172.16.1.100
Fa0/0 20 200 3218 Y Master 172.16.1.3 172.16.1.101
R4
vrrp 10 ip 172.16.2.100
vrrp 20 ip 172.16.2.101
no vrrp 20 preempt
R5
vrrp 10 ip 172.16.2.100
no vrrp 10 preempt
vrrp 20 ip 172.16.2.101
R4#show vrrp brief

Fa0/0 10 200 3218 Y Master 172.16.2.4 172.16.2.100
Fa0/0 20 100 3609 Backup 172.16.2.5 172.16.2.101
R5#show vrrp brief

Fa0/0 10 100 3609 Backup 172.16.2.4 172.16.2.100
Fa0/0 20 200 3218 Y Master 172.16.2.5 172.16.2.101
Verificamos que el trafico fluya a través de ambos routers R2/R3 en Sitio1
1 172.16.1.3 120 msec

172.16.1.2 60 msec
172.16.1.3 44 msec
2 10.1.24.4 44 msec
10.1.35.5 48 msec
10.1.24.4 44 msec
3 172.16.2.6 168 msec * 176 msec
Verificamos que el trafico fluya a través de ambos routers R4/R5 en Sitio2
368
1 172.16.2.4 64 msec
172.16.2.5 108 msec
172.16.2.4 44 msec
2 10.1.35.3 56 msec
10.1.24.2 88 msec
10.1.35.3 68 msec
3 172.16.1.1 180 msec * 128 msec
369
Capítulo VI: Labs
370
Sección Challenge IPv4 Lab
Este laboratorio no usa configuraciones inicial/base.

IGP SP
AS1 - > OSPF 1
AS2 - > OSPF 1
AS3 - > OSPF 1
AS100 - > IS-IS Level 2
iBGP
eBGP
MPLS/LDP
MP-iBGP
MP-eBGP
MPLS VPN
Pruebas de conectividad

.!!!!
371

.!!!!

!!!!!
R4#ping 10.1.45.5
!!!!!
R5#ping 10.1.105.10
.!!!!
R6#ping 10.1.67.7
.!!!!
R7#ping 10.1.117.11
!!!!!
R8#ping 10.1.89.9
.!!!!
R9#ping 10.1.119.11
!!!!!
R9#ping 10.1.129.12
.!!!!
372
R10#ping 10.1.110.11
!!!!!
R10#ping 10.1.112.12
.!!!!
R11#ping 10.1.211.12
.!!!!
AS1 - > OSPF 1

§ Usar nuevo metodo de configuracion en interface.
§ Sin eleccion DR
§ Proteger sesion OSPF de ataques externos que provoquen sobreutilización de la CPU.
§ Autentificacion en base al area
§ Usar loopback 0 como ID
En el siguiente ejemplo podemos ver que el proceso OSPF se activa en la interface y no en el proceso OSPF como se configura
habitualmente (similar a IS-IS). La segunda tarea señala que no debe existir elección de DR. En redes multiacceso como Ethernet
el proceso OSPF por defecto siempre establece un DR y BDR. Para evitar esta elección usamos el comando en la interface ip
ospf network point-to-point.
R4
interface Loopback0
ip address 10.0.0.4 255.255.255.255
ip ospf 1 area 0
ip address 10.1.45.4 255.255.255.0
ip ospf 1 area 0
R5
interface Loopback0
ip address 10.0.0.5 255.255.255.255
ip ospf 1 area 0
ip address 10.1.45.5 255.255.255.0
ip ospf 1 area 0

373
§ Autentificacion en base al area usando “simple password authentication” password cisco.

§ Cualquiera que tenga acceso al/los routers debe ver el password encriptado en la configuración global.
§ Usar loopback 0 como ID (Comprobar ID vecino con show ip ospf database router X.X.X.X)
R4#show ip ospf 1
Routing Process "ospf 1" with ID 10.0.0.4
Start time: 00:30:17.804, Time elapsed: 00:13:57.108
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports area transit capability
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Number of areas transit capable is 0
External flood list length 0
IETF NSF helper support enabled
Cisco NSF helper support enabled
Reference bandwidth unit is 100 mbps
Area BACKBONE(0)
Number of interfaces in this area is 2 (1 loopback)
Area has no authentication
SPF algorithm last executed 00:00:50.672 ago
SPF algorithm executed 3 times
Area ranges are
Number of LSA 2. Checksum Sum 0x010BB6
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
R4
ip ospf authentication-key cisco
router ospf 1
area 0 authentication
router-id 10.0.0.4
374
R4#
%OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.5 on FastEthernet0/1 from FULL to DOWN, Neighbor Down: Dead timer expire
R4#debug ip ospf adj

OSPF adjacency events debugging is on
OSPF: Rcv pkt from 10.1.45.5, FastEthernet0/1 : Mismatch Authentication type. Input packet specified type 0, we use type 1
R5
router ospf 1
area 0 authentication
router-id 10.0.0.5
R5#
%OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.4 on FastEthernet0/1 from LOADING to FULL, Loading Done
R4#show ip ospf 1
Routing Process "ospf 1" with ID 10.0.0.4
Start time: 00:30:17.804, Time elapsed: 00:21:52.552
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports area transit capability
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Number of areas transit capable is 0
External flood list length 0
Reference bandwidth unit is 100 mbps
Area BACKBONE(0)
Number of interfaces in this area is 2 (1 loopback)
Area has simple password authentication
SPF algorithm last executed 00:00:37.164 ago
SPF algorithm executed 5 times
Area ranges are
Number of LSA 2. Checksum Sum 0x0103BA
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
375

R4#sh ip route ospf

R5#sh ip route ospf

R4#ping 10.0.0.5 source 10.0.0.4

!!!!!
R4#show running-config interface fastEthernet 0/1

Building configuration...
Current configuration : 178 bytes

!
ip address 10.1.45.4 255.255.255.0
ip ospf 1 area 0
duplex full
speed auto
end
R4
service password-encryption
R5
service password-encryption


!
ip address 10.1.45.4 255.255.255.0
ip ospf authentication-key 7 104D000A0618
ip ospf 1 area 0
duplex full
speed auto
end

376

!
ip address 10.1.45.5 255.255.255.0
ip ospf authentication-key 7 01100F175804
ip ospf 1 area 0
duplex full
speed auto
end
R5#show ip ospf database router 10.0.0.4
LS age: 1475
LS Type: Router Links
Link State ID: 10.0.0.4
Checksum: 0x7DE0
Length: 60
Number of Links: 3
Link connected to: a Stub Network

(Link ID) Network/subnet number: 10.0.0.4
(Link Data) Network Mask: 255.255.255.255
Number of MTID metrics: 0
TOS 0 Metrics: 1
Link connected to: another Router (point-to-point)

(Link ID) Neighboring Router ID: 10.0.0.5
(Link Data) Router Interface address: 10.1.45.4
TOS 0 Metrics: 1
Link connected to: a Stub Network

(Link ID) Network/subnet number: 10.1.45.0
(Link Data) Network Mask: 255.255.255.0
TOS 0 Metrics: 1
AS2 - > OSPF 1

Configurar OSPF 1 area 0
§ R6 nunca puede ser elegido DR
§ Para la autentificación de vecinos usar metodo encriptado
§ Comprobar conectividad entre IDs
Al asignar el valor 0 a la interface f0/1 de R6 evitamos que sea elegido DR (la adyacencia toma mayor tiempo).
R6 se convierte en Drother (ni DR ni BDR).
377
R6
ip address 10.1.67.6 255.255.255.0
ip ospf priority 0
router ospf 1
router-id 10.0.0.6
network 10.0.0.6 0.0.0.0 area 0
network 10.1.67.0 0.0.0.255 area 0
R7
router ospf 1
router-id 10.0.0.7
network 10.0.0.7 255.255.255.255 area 0
network 10.1.67.0 0.0.0.255 area 0


10.0.0.6 0 FULL/DROTHER 00:00:32 10.1.67.6 FastEthernet0/1
§ Para la autentificación de vecinos usar metodo encriptado. password “cisco”

Para usar MD5 (el único método de encriptación OSPF) debemos habilitar la autentificacion en el proceso OSPF indicando el
metodo (texto claro o MD5). Posteriormente en la interface que conecta al vecino
R6
router ospf 1
area 0 authentication message-digest
ip ospf message-digest-key 1 md5 cisco
R7#
%OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.6 on FastEthernet0/1 from FULL to DOWN, Neighbor Down: Dead timer expired
R7
router ospf 1
area 0 authentication message-digest

R7#show ip ospf interface fastEthernet 0/1

FastEthernet0/1 is up, line protocol is up
378
Process ID 1, Router ID 10.0.0.7, Network Type BROADCAST, Cost: 1

Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 10.0.0.7, Interface address 10.1.67.7
No backup designated router on this network
Next 0x0(0)/0x0(0)
Adjacent with neighbor 10.0.0.6
Message digest authentication enabled
Youngest key id is 1
Troubleshooting
El siguiente ejemplo muestra que existe comunicación entre vecinos, que las rutas se han instalado en la tabla de enrutamiento,
pero R7 no es capaz de alcanzar el ID de R6, y R6 unicamente tiene conectividad con la loopback 0nde R7 usando la interface de
origen FastEthernet0/1. La salida U.U.U nos indica destino inalanzable, podemos pensar que una ACL está bliqueando el acceso.
Revisamos la configuracion de la interface FastEthernet0/1 de R7 y comprobamos nuestras sospechas.
R6#sh ip route ospf

R7#sh ip route ospf


!!!!!

U.U.U
Success rate is 0 percent (0/5)
R7#ping 10.0.0.6 source 10.0.0.7

.....
379


!
ip address 10.1.67.7 255.255.255.0
ip access-group 10 in
duplex full
speed auto
end
R7#show running-config | b access-li

!
!
!
control-plane
R7
no ip access-group 10 in

!!!!!
AS3 - > OSPF 1

Configurar OSPF 1 area 0
§ Segmento sin eleccion de DR
§ Para optimizar los recursos del router si R8 y R9 reciben LSAs tipo 6 NO deben generar un mensaje sys-log.
R8
router ospf 1
router-id 10.0.0.8
ignore lsa mospf
interface Loopback0
ip ospf 1 area 0
ip ospf 1 area 0
R9
router ospf 1
router-id 10.0.0.9
ignore lsa mospf
380
interface Loopback0
ip ospf 1 area 0
ip ospf 1 area 0

No se ha formado adyacencia

No se ha formado adyacencia
Troubleshooting
No hay coincidencia entre parámetros. El comando debug ip ospf events muestra los intervalos recibidos desde R8:
dead 69
wait 40
hello 10
Los valores configurados de los intervalos podemos comprobarlos con el comando show ip ospf interface fastEthernet 0/1.
R9#debug ip ospf events

OSPF events debugging is on
R9#
OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet0/1 from 10.1.89.9
R9#
OSPF: Rcv hello from 10.0.0.8 area 0 from FastEthernet0/1 10.1.89.8
OSPF: Mismatched hello parameters from 10.1.89.8
OSPF: Dead R 69 C 40, Hello R 10 C 10
R9#show ip ospf interface fastEthernet 0/1

Process ID 1, Router ID 10.0.0.9, Network Type POINT_TO_POINT, Cost: 1
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Enabled by interface config, including secondary ip addresses
Transmit Delay is 1 sec, State POINT_TO_POINT
Next 0x0(0)/0x0(0)


381
!
ip address 10.1.89.8 255.255.255.0
ip ospf dead-interval 69
ip ospf 1 area 0
R8
no ip ospf dead-interval 69
R8#
OSPF: 2 Way Communication to 10.0.0.9 on FastEthernet0/1, state 2WAY
OSPF: FastEthernet0/1 Nbr 10.0.0.9: Prepare dbase exchange
OSPF: Send DBD to 10.0.0.9 on FastEthernet0/1 seq 0x251A opt 0x52 flag 0x7 len 32
OSPF: Rcv DBD from 10.0.0.9 on FastEthernet0/1 seq 0x5FE opt 0x52 flag 0x7 len 32 mtu 1500 state EXSTART
OSPF: NBR Negotiation Done. We are the SLAVE
OSPF: FastEthernet0/1 Nbr 10.0.0.9: Summary list built, size 1
OSPF: Send DBD to 10.0.0.9 on FastEthernet0/1 seq 0x5FE opt 0x52 flag 0x2 len 52
OSPF: Rcv DBD from 10.0.0.9 on FastEthernet0/1 seq 0x5FF opt 0x52 flag 0x1 len 52 mtu 1500 state EXCHANGE
OSPF: Exchange Done with 10.0.0.9 on FastEthernet0/1
OSPF: Send LS REQ to 10.0.0.9 length 12 LSA count 1
OSPF: Send DBD to 10.0.0.9 on FastEthernet0/1 seq 0x5FF opt 0x52 flag 0x0 len 32
OSPF: Rcv LS UPD from 10.0.0.9 on FastEthernet0/1 length 76 LSA count 1
OSPF: Synchronized with 10.0.0.9 on FastEthernet0/1, state FULL
%OSPF-5-ADJCHG: Process 1, Nbr 10.0.0.9 on FastEthernet0/1 from LOADING to FULL, Loading Done
OSPF: Rcv LS REQ from 10.0.0.9 on FastEthernet0/1 length 36 LSA count 1
OSPF: Build router LSA for area 0, router ID 10.0.0.8, seq 0x80000003, process 1


R8#sh ip route ospf

R9#sh ip route ospf

R9#ping 10.0.0.8 source 10.0.0.9

!!!!!

382
!!!!!
AS100 - > IS-IS Level 2

§ La NET para el dominio IS-IS es 49.0002.XXXX.XXXX.XXXX.00
§ R10 configura la MAC 1000.0000.0010 System ID para la interface FastEthernet1/0
§ En R11 y R12 Usar la MAC de la interfacew FastEthernet1/0 como system ID
§ En ningun segmento del dominio IS-IS debe haber elección de DIS.
§ IS-IS level 2 usa metodo de autentificación sin encriptar (no usar “old style”)
§ La loopback 0 debe tener alta prioridad en todos los routers del AS100.
R10#show interfaces fastEthernet 1/0 | i Hardware is

Hardware is DEC21140, address is ca09.0110.001c (bia ca09.0110.001c)
R10
mac-address 1000.0000.0010
R10#show interfaces fastEthernet 1/0 | i Hardware is

Hardware is DEC21140, address is 1000.0000.0010 (bia ca09.0110.001c)
R10
router isis
net 49.0002.1000.0000.0010.00
metric-style wide
ip router isis
isis csnp-interval 10
ip router isis
R11#show interfaces fastEthernet 1/0 | i FastEthernet1/0 is|Hardware is

Hardware is DEC21140, address is ca08.0110.001c (bia ca08.0110.001c)
R11
router isis
net 49.0002.ca08.0110.001c.00
metric-style wide
ip router isis
383
ip router isis
R12#show interfaces fastEthernet 1/0 | i FastEthernet1/0 is|Hardware is

Hardware is DEC21140, address is ca0a.0178.001c (bia ca0a.0178.001c)
R12
router isis
net 49.0002.ca0a.0178.001c.00
metric-style wide
ip router isis
ip router isis

R11 L2 Fa0/1 10.1.110.11 UP 25 01
R12 L2 Fa1/0 10.1.112.12 UP 26 00

R10 L2 Fa0/1 10.1.110.10 UP 25 00
R12 L2 Fa1/0 10.1.211.12 UP 28 01

R10 Fa1/0 1000.0000.0010 Up 23 L2 IS-IS
R11 Fa0/1 ca08.0110.001c Up 27 L2 IS-IS



384


!!!!!

!!!!!
R11#ping 10.0.0.10 source 10.0.0.11

!!!!!
R11#ping 10.0.0.12 source 10.0.0.11

!!!!!

!!!!!

!!!!!
§IS-IS level 2 usar metodo de autentificación entre vecinos IS-IS sin encriptar (no usar “old style”)
TCP/IP I 587
Existen varios niveles de encriptacion. Nivel vecinos, Area y Dominio….
R10
key chain CCIE
key 1
key-string cisco
385
isis authentication mode text
isis authentication key-chain CCIE
R11
key chain CCIE
key 1
key-string cisco
R12
key chain CCIE
key 1
key-string cisco
R11#debug isis authentication information

IS-IS authentication information debugging is on, null
ISIS-AuthInfo: No auth TLV found in received packet

ISIS-AuthInfo: Live cleartext key found
ISIS-AuthInfo: Live cleartext key found
§ La loopback 0 debe tener alta prioridad en la RIB IS-IS.
When you assign a high priority tag to some IS-IS IP prefixes, those prefixes with the higher priority are updated in the routing
tables before prefixes with lower priority. In some networks, the high priority prefixes will be the provider edge (PE) loopback
addresses. The convergence time is reduced for the important IS-IS IP prefixes and results in reduced convergence time for the
update processes that occur in the global RIB and Cisco Express Forwarding (CEF).
R10#show isis rib
IPv4 local RIB for IS-IS process
IPV4 unicast topology base (TID 0, TOPOID 0x0) =================

386
10.0.0.11/32
[115/L2/10] via 10.1.110.11(FastEthernet0/1), from 10.0.0.11, tag 0, LSP[1/10]
10.0.0.12/32
10.1.110.0/24
10.1.112.0/24
10.1.211.0/24
R10
isis tag 10
router isis
ip route priority high tag 10
R11
isis tag 11
router isis
R12
isis tag 12
router isis
R10#show isis rib 10.0.0.11 255.255.255.255

10.0.0.11/32
R10#show isis rib 10.0.0.12 255.255.255.255

10.0.0.12/32
R11#show isis rib

10.0.0.10/32
10.0.0.12/32
10.1.110.0/24
387

10.1.112.0/24
10.1.211.0/24
R12#show isis rib

10.0.0.10/32
10.0.0.11/32
10.1.110.0/24
10.1.112.0/24
10.1.211.0/24
IBGP
AS1
§ Formar sesion iBGP usando loopack0
§ Publicar loopback 0 de R4 y R5
§ Activar iBGP dentro de la familia ipv4 (Completar explicacion)
§ Usar loopback 0 como router-id
R4
router bgp 1
!
address-family ipv4
no synchronization
network 10.0.0.4 mask 255.255.255.255
no auto-summary
exit-address-family
R5
router bgp 1
!
address-family ipv4
no synchronization
388
network 10.0.0.5 mask 255.255.255.255

no auto-summary
exit-address-family


10.0.0.5 4 1 5 5 4 0 0 00:00:04 1
R4#show ip bgp all



*> 10.0.0.4/32 0.0.0.0 0 32768 i
r>i10.0.0.5/32 10.0.0.5 0 100 0 i
R5#show ip bgp all



r>i10.0.0.4/32 10.0.0.4 0 100 0 i
*> 10.0.0.5/32 0.0.0.0 0 32768 i
IBGP
AS2
§ Crear y publicar las redes mostradas en la figura
389
R6
router bgp 2
!
address-family ipv4
no synchronization
network 10.0.0.6 mask 255.255.255.255
no auto-summary
exit-address-family
R7
router bgp 2
!
address-family ipv4
no synchronization
network 10.0.0.7 mask 255.255.255.255
no auto-summary
exit-address-family


10.0.0.6 4 2 6 6 4 0 0 00:01:52 1
IBGP
AS3
§ Crear y publicar las redes mostradas en la figura
390
R8
router bgp 3
!
address-family ipv4
no synchronization
network 10.0.0.8 mask 255.255.255.255
no auto-summary
exit-address-family
R9
router bgp 3
!
address-family ipv4
no synchronization
network 10.0.0.9 mask 255.255.255.255
no auto-summary
exit-address-family


10.0.0.8 4 3 5 5 4 0 0 00:00:57 1
IBGP
AS100
§ Formar sesion iBGP full mesh usando loopack0
§ Publicar loopback 0 de R10, R11 y R12
§ Usar Peer-Group nombre AS100
391
R10
router bgp 100
!
address-family ipv4
no synchronization
network 10.0.0.10 mask 255.255.255.255
no auto-summary
exit-address-family
R11
router bgp 100
!
address-family ipv4
no synchronization
network 10.0.0.11 mask 255.255.255.255
no auto-summary
exit-address-family
R12
router bgp 100
!
address-family ipv4
no synchronization
network 10.0.0.12 mask 255.255.255.255
no auto-summary
exit-address-family
392


10.0.0.10 4 100 6 5 6 0 0 00:01:29 1
10.0.0.12 4 100 5 5 6 0 0 00:01:10 1
R10#show ip bgp

*> 10.0.0.10/32 0.0.0.0 0 32768 i
r>i10.0.0.11/32 10.0.0.11 0 100 0 i
r>i10.0.0.12/32 10.0.0.12 0 100 0 i
R11#show ip bgp

r>i10.0.0.10/32 10.0.0.10 0 100 0 i
*> 10.0.0.11/32 0.0.0.0 0 32768 i
r>i10.0.0.12/32 10.0.0.12 0 100 0 i
R12#show ip bgp

r>i10.0.0.10/32 10.0.0.10 0 100 0 i
r>i10.0.0.11/32 10.0.0.11 0 100 0 i
*> 10.0.0.12/32 0.0.0.0 0 32768 i
EBGP
§ Formar sesion eBGP R5/R10
§ Formar sesion eBGP R7/R11
§ Formar sesion eBGP R9/R11 y R9/R12
§ Todos los ASBRs se publicaran como next-hop-self
§ Pruebas de conectividad.
393
R5
router bgp 1
address-family ipv4
R10
router bgp 100
address-family ipv4
R7
router bgp 2
address-family ipv4
R11
router bgp 100
address-family ipv4
R9
router bgp 3
address-family ipv4
R11
router bgp 100
address-family ipv4
R12
router bgp 100
address-family ipv4
394
R4#show ip bgp

*> 10.0.0.4/32 0.0.0.0 0 32768 i
r>i10.0.0.5/32 10.0.0.5 0 100 0 i
*>i10.0.0.6/32 10.0.0.5 0 100 0 100 2 i
*>i10.0.0.7/32 10.0.0.5 0 100 0 100 2 i
*>i10.0.0.8/32 10.0.0.5 0 100 0 100 3 i
*>i10.0.0.9/32 10.0.0.5 0 100 0 100 3 i
*>i10.0.0.10/32 10.0.0.5 0 100 0 100 i
*>i10.0.0.11/32 10.0.0.5 0 100 0 100 i
*>i10.0.0.12/32 10.0.0.5 0 100 0 100 i
R4#tclsh
R4(tcl)#foreach ID {
+>(tcl)#10.0.0.5
+>(tcl)#10.0.0.6
+>(tcl)#10.0.0.7
+>(tcl)#10.0.0.8
+>(tcl)#10.0.0.9
+>(tcl)#10.0.0.10
+>(tcl)#10.0.0.11
+>(tcl)#10.0.0.12
+>(tcl)#} { ping $ID source loopback0 repeat 4 timeout 1}

!!!!
!!!!
!.!!
!!!!
!!!!
395

!!!.
!!!!
!!!!
R4(tcl)#
R6#show ip bgp

*>i10.0.0.4/32 10.0.0.7 0 100 0 100 1 i
*>i10.0.0.5/32 10.0.0.7 0 100 0 100 1 i
*> 10.0.0.6/32 0.0.0.0 0 32768 i
r>i10.0.0.7/32 10.0.0.7 0 100 0 i
*>i10.0.0.8/32 10.0.0.7 0 100 0 100 3 i
*>i10.0.0.9/32 10.0.0.7 0 100 0 100 3 i
*>i10.0.0.10/32 10.0.0.7 0 100 0 100 i
*>i10.0.0.11/32 10.0.0.7 0 100 0 100 i
*>i10.0.0.12/32 10.0.0.7 0 100 0 100 i
R6#tclsh
+>(tcl)#10.0.0.4
+>(tcl)#10.0.0.5
+>(tcl)#10.0.0.7
+>(tcl)#10.0.0.8
+>(tcl)#10.0.0.9
+>(tcl)#10.0.0.10
+>(tcl)#10.0.0.11
+>(tcl)#10.0.0.12

!!!!
!!!!
!!!!
396

!!!!
!!!!
!!!!
!!!!
!!!!
R6(tcl)#
R8#show ip bgp

*>i10.0.0.4/32 10.0.0.9 0 100 0 100 1 i
*>i10.0.0.5/32 10.0.0.9 0 100 0 100 1 i
*>i10.0.0.6/32 10.0.0.9 0 100 0 100 2 i
*>i10.0.0.7/32 10.0.0.9 0 100 0 100 2 i
*> 10.0.0.8/32 0.0.0.0 0 32768 i
r>i10.0.0.9/32 10.0.0.9 0 100 0 i
*>i10.0.0.10/32 10.0.0.9 0 100 0 100 i
*>i10.0.0.11/32 10.0.0.9 0 100 0 100 i
*>i10.0.0.12/32 10.0.0.9 0 100 0 100 i
R8#tclsh
+>(tcl)#10.0.0.4
+>(tcl)#10.0.0.5
+>(tcl)#10.0.0.6
+>(tcl)#10.0.0.7
+>(tcl)#10.0.0.9
+>(tcl)#10.0.0.10
+>(tcl)#10.0.0.11
+>(tcl)#10.0.0.12
397

!!!!
!!!!
!!!!
.!!!
!!!!
!!!!
!!!!
!!!!
R8(tcl)#
Aggregation
§ R4 crea las redes 40.1.1.0/24 – 40.1.4.0/24 usando la loopback1.

§ Publicar la redes de la loopback1 en BGP.
§ Resumir y solo publicar el resumen
Soft reset—A soft reset uses stored prefix information to reconfigure and activate BGP routing tables without tearing down
existing peering sessions. Soft reconfiguration uses stored update information, at the cost of additional memory for storing the
updates, to allow you to apply new BGP policy without disrupting the network. Soft reconfiguration can be configured for
inbound or outbound sessions.
Comprobar que atributos se pierden en el resumen.
398
R4
interface Loopback1
ip address 40.1.1.4 255.255.255.0
router bgp 1
address-family ipv4
network 10.0.0.4 mask 255.255.255.255
network 40.1.1.0 mask 255.255.255.0
network 40.1.2.0 mask 255.255.255.0
network 40.1.3.0 mask 255.255.255.0
network 40.1.4.0 mask 255.255.255.0
neighbor 10.0.0.5 soft-reconfiguration inbound
R5
router bgp 1
address-family ipv4
R5#show ip bgp neighbors 10.0.0.4 received-routes


r>i10.0.0.4/32 10.0.0.4 0 100 0 i
*>i40.1.1.0/24 10.0.0.4 0 100 0 i
*>i40.1.2.0/24 10.0.0.4 0 100 0 i
*>i40.1.3.0/24 10.0.0.4 0 100 0 i
*>i40.1.4.0/24 10.0.0.4 0 100 0 i
R4
router bgp 1
address-family ipv4
aggregate-address 40.1.0.0 255.255.240.0


r>i10.0.0.4/32 10.0.0.4 0 100 0 i
*>i40.1.0.0/20 10.0.0.4 0 100 0 i
*>i40.1.1.0/24 10.0.0.4 0 100 0 i
*>i40.1.2.0/24 10.0.0.4 0 100 0 i
*>i40.1.3.0/24 10.0.0.4 0 100 0 i
*>i40.1.4.0/24 10.0.0.4 0 100 0 i
R4
399
router bgp 1
address-family ipv4
aggregate-address 40.1.0.0 255.255.240.0 summary-only


r>i10.0.0.4/32 10.0.0.4 0 100 0 i
*>i40.1.0.0/20 10.0.0.4 0 100 0 i
R8#show ip bgp 40.1.0.0

BGP routing table entry for 40.1.0.0/20, version 28
Paths: (1 available, best #1, table default)
100 1, (aggregated by 1 10.0.0.4)
10.0.0.9 (metric 2) from 10.0.0.9 (10.0.0.9)
Origin IGP, metric 0, localpref 100, valid, internal, atomic-aggregate, best
§ En R6 crear las redes 60.1.1.0/24 – 60.1.4.0/24 usando la loopback1.

§ Redistribuye la redes de la loopback1 en BGP.
§ R7 publica las redes a AS100.
§ AS100 no debe publicar las redes de R6 a ningun otro AS, salvo R10 que puede publicarlas a AS1 con la comunidad 2:69.
(redactar claramente la tarea).
Habilitar en los routers SP ip bgp-community new-format
R6
ip bgp-community new-format
interface Loopback1
ip address 60.1.1.6 255.255.255.0
route-map LOOP1 permit 10

router bgp 2
address-family ipv4
redistribute connected route-map LOOP1
neighbor 10.0.0.7 send-community

400

r>i10.0.0.6/32 10.0.0.6 0 100 0 i
*>i60.1.1.0/24 10.0.0.6 0 100 0 ?
*>i60.1.2.0/24 10.0.0.6 0 100 0 ?
*>i60.1.3.0/24 10.0.0.6 0 100 0 ?
*>i60.1.4.0/24 10.0.0.6 0 100 0 ?
R7
ip prefix-list R6-PFX seq 5 permit 60.1.0.0/20 le 24
route-map COMM-NO-EXPORT permit 10

match ip address prefix-list R6-PFX
set community no-export
route-map COMM-NO-EXPORT permit 20
router bgp 2
address-family ipv4
neighbor 10.1.117.11 route-map COMM-NO-EXPORT out

Paths: (1 available, best #1, table default, not advertised to EBGP peer)
3
2
10.1.117.7 from 10.1.117.7 (10.0.0.7)
Community: no-export
R10
router bgp 100
address-family ipv4
neighbor AS100 send-community
R11
router bgp 100
address-family ipv4
R12
router bgp 100
address-family ipv4

401

2
10.0.0.11 (metric 10) from 10.0.0.11 (10.0.0.11)
§ AS100 no debe publicar las redes de R6 a ningun otro AS, salvo R10 que puede publicarlas a AS1 con la comunidad 2:69.
(redactar claramente la tarea).
AS1 no recibe las rutas que publica R6 por la comunidad no export. La tarea pide que R10 pueda no solo enviar las rutas de R6,
tambien que tengan la comunidad 2:69. Debemos anular la comunidad no export, y agregar la comunidad 2:69.
R5 recibe los ID de AS2 como vemos en el ejemplo.


*>i10.0.0.6/32 10.0.0.11 0 100 0 2i
*>i10.0.0.7/32 10.0.0.11 0 100 0 2i
*>i60.1.1.0/24 10.0.0.11 0 100 0 2?
*>i60.1.2.0/24 10.0.0.11 0 100 0 2?
*>i60.1.3.0/24 10.0.0.11 0 100 0 2?
*>i60.1.4.0/24 10.0.0.11 0 100 0 2?

2
10.0.0.11 (metric 10) from 10.0.0.11 (10.0.0.11)


*> 10.0.0.6/32 10.1.105.10 0 100 2 i
*> 10.0.0.7/32 10.1.105.10 0 100 2 i
R10
route-map NON-STOP permit 10

set community none
402
route-map NON-STOP permit 20
router bgp 100

address-family ipv4
neighbor AS100 route-map NON-STOP in

7
2
10.0.0.11 (metric 10) from 10.0.0.11 (10.0.0.11)
R10
route-map COMM-AS1 permit 10

set community 2:69
router bgp 100

address-family ipv4
neighbor 10.1.105.5 route-map COMM-AS1 out
R5#show ip bgp regexp _2_


*> 10.0.0.6/32 10.1.105.10 0 100 2 i
*> 10.0.0.7/32 10.1.105.10 0 100 2 i
*> 60.1.1.0/24 10.1.105.10 0 100 2 ?
*> 60.1.2.0/24 10.1.105.10 0 100 2 ?
*> 60.1.3.0/24 10.1.105.10 0 100 2 ?
*> 60.1.4.0/24 10.1.105.10 0 100 2 ?

3
100 2
10.1.105.10 from 10.1.105.10 (10.0.0.10)
Community: 131141
R5
router bgp 1
address-family ipv4
403
R4
R4#show ip bgp regexp _2_


*>i10.0.0.6/32 10.0.0.5 0 100 0 100 2 i
*>i10.0.0.7/32 10.0.0.5 0 100 0 100 2 i
*>i60.1.1.0/24 10.0.0.5 0 100 0 100 2 ?
*>i60.1.2.0/24 10.0.0.5 0 100 0 100 2 ?
*>i60.1.3.0/24 10.0.0.5 0 100 0 100 2 ?
*>i60.1.4.0/24 10.0.0.5 0 100 0 100 2 ?

100 2, (received & used)
10.0.0.5 (metric 2) from 10.0.0.5 (10.0.0.5)
Community: 2:69
§ En R8 crear las redes 80.1.1.0/24 – 80.1.4.0/24 usando la loopback1.

§ Redistribuye la redes de la loopback1 en BGP con la comunidad 3:69.
§ Solo R6 debe tener la siguiente salida:
R6#show ip bgp 80.1.x.0

*
*
Community: 2:2 3:69
R8
interface Loopback1
ip address 80.1.1.8 255.255.255.0

set community 3:69
router bgp 3
address-family ipv4
redistribute connected route-map LOOP1
404
R9
router bgp 3

*> 10.0.0.8/32 10.1.117.11 0 100 3 i
*> 10.0.0.9/32 10.1.117.11 0 100 3 i
*> 10.1.89.0/24 10.1.117.11 0 100 3 ?
*> 80.1.1.0/24 10.1.117.11 0 100 3 ?
*> 80.1.2.0/24 10.1.117.11 0 100 3 ?
*> 80.1.3.0/24 10.1.117.11 0 100 3 ?
*> 80.1.4.0/24 10.1.117.11 0 100 3 ?
*> 172.16.38.0/24 10.1.117.11 0 100 3 ?

7
100 3
10.1.117.11 from 10.1.117.11 (10.0.0.11)
Community: 3:69
R7
ip community-list 10 permit 3:69

match community 10
set community 2:2 additive
router bgp 2
address-family ipv4
neighbor 10.0.0.6 route-map COMM-AS3 out

100 3, (received & used)
10.0.0.7 (metric 2) from 10.0.0.7 (10.0.0.7)
Community: 2:2 3:69
AS 1 no debe instalar el prefijo 80.1.2.0 (ACLs/distribute-list)
R5
405
ip access-list standard AS3-80.1.2.0

deny 80.1.2.0
permit any
router bgp 1
address-family ipv4
neighbor 10.1.105.10 distribute-list AS3-80.1.2.0 in

% Network not in table


*> 10.0.0.8/32 10.1.105.10 0 100 3 i
*> 10.0.0.9/32 10.1.105.10 0 100 3 i
*> 10.1.89.0/24 10.1.105.10 0 100 3 ?
*> 80.1.1.0/24 10.1.105.10 0 100 3 ?
*> 80.1.3.0/24 10.1.105.10 0 100 3 ?
*> 80.1.4.0/24 10.1.105.10 0 100 3 ?
*> 172.16.38.0/24 10.1.105.10 0 100 3 ?

% Network not in table


*>i10.0.0.8/32 10.0.0.5 0 100 0 100 3 i
*>i10.0.0.9/32 10.0.0.5 0 100 0 100 3 i
*>i10.1.89.0/24 10.0.0.5 0 100 0 100 3 ?
*>i80.1.1.0/24 10.0.0.5 0 100 0 100 3 ?
*>i80.1.3.0/24 10.0.0.5 0 100 0 100 3 ?
*>i80.1.4.0/24 10.0.0.5 0 100 0 100 3 ?
*>i172.16.38.0/24 10.0.0.5 0 100 0 100 3 ?
MPLS/LDP
AS1
§ Configurar MPLS/LDP R4/R5
§ Usar loopback 0 como ID LDP
R4
ip cef
mpls ip
406
mpls ip
R5
ip cef
mpls ip
mpls ip

10.0.0.4:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.5:0

10.0.0.5:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.4:0

TCP connection: 10.0.0.5.23600 - 10.0.0.4.646
Up time: 00:00:54
10.1.105.5 10.1.45.5 10.0.0.5

400 Pop Label 10.0.0.5/32 0 Fa0/1 10.1.45.5
AS2
§ El envio de mensajes debe ser autentificados
R6
ip cef
mpls ip
407

mpls ip
R7
ip cef
mpls ip
mpls ip
R6
mpls ldp neighbor 10.0.0.7 password cisco
R6#clear mpls ldp neighbor *

%LDP-5-CLEAR_NBRS: Clear LDP neighbors (*) by console
%LDP-5-NBRCHG: LDP Neighbor 10.0.0.7:0 (1) is DOWN (User cleared session manually)
R6#
%TCP-6-BADAUTH: No MD5 digest from 10.0.0.7(43624) to 10.0.0.6(646)
R6#
%TCP-6-BADAUTH: No MD5 digest from 10.0.0.7(43624) to 10.0.0.6(646)
R7
mpls ldp neighbor 10.0.0.6 password cisco

10.0.0.6:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.7:0

10.0.0.7:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.6:0
AS3
R8
ip cef
mpls ip
408

mpls ip
R9
ip cef
mpls ip
mpls ip

10.0.0.8:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.9:0

10.0.0.9:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.8:0

800 Pop Label 10.0.0.9/32 0 Fa0/1 10.1.89.9

900 Pop Label 10.0.0.8/32 0 Fa0/1 10.1.89.8
AS3
§ Todas las sesiones deben estar protegidas
R10
ip cef
mpls ip
409
mpls ip
mpls ip
R11
ip cef
mpls ip
mpls ip
mpls ip
R12
ip cef
mpls ip
mpls ip
mpls ip

10.0.0.12:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.11:0
LDP Id: 10.0.0.10:0

10.0.0.11:0
Discovery Sources:
Interfaces:
LDP Id: 10.0.0.10:0
LDP Id: 10.0.0.12:0

10.0.0.10:0
Discovery Sources:
410
Interfaces:
LDP Id: 10.0.0.11:0
LDP Id: 10.0.0.12:0
§ Todas las sesiones deben estar protegidas (Session Protection LDP).
R10
mpls ldp session protection duration infinite
R11
R12

TCP connection: 10.0.0.11.38055 - 10.0.0.10.646
FastEthernet0/1; Src IP addr: 10.1.110.11
holdtime: 15000 ms, hello interval: 5000 ms
Targeted Hello 10.0.0.10 -> 10.0.0.11, active, passive;
holdtime: infinite, hello interval: 10000 ms
10.1.117.11 10.1.110.11 10.1.211.11 10.1.119.11
10.0.0.11
Clients: Dir Adj Client
LDP Session Protection enabled, state: Ready
duration: infinite
Capabilities Sent:

R10#debug mpls ldp session protection peer-acl 10

LDP session protection events debugging is on for peer ACL 10
R11
no mpls ip
R10
411
R10#
LDP SP: 10.0.0.11:0: state change (Ready -> Protecting)
R10#
R11
mpls ip

1100 Pop Label 10.0.0.10/32 0 Fa0/1 10.1.110.10
1101 Pop Label 10.0.0.12/32 0 Fa1/0 10.1.211.12
1102 Pop Label 10.1.112.0/24 0 Fa0/1 10.1.110.10
Pop Label 10.1.112.0/24 0 Fa1/0 10.1.211.12
MP-iBGP
AS1-AS2-AS3
R4
router bgp 1
R5
router bgp 1
R6
router bgp 2
R7
router bgp 2
R8
router bgp 3
R9
412
router bgp 3

10.0.0.4 4 1 2 2 1 0 0 00:00:04 0

10.0.0.5 4 1 2 2 1 0 0 00:00:51 0

10.0.0.7 4 2 4 4 1 0 0 00:01:12 0

10.0.0.6 4 2 5 4 1 0 0 00:01:43 0

10.0.0.9 4 3 5 4 1 0 0 00:01:46 0

10.0.0.8 4 3 5 5 1 0 0 00:02:18 0
MP-iBGP
AS100
R10
router bgp 100
R11
router bgp 100
413

R12
router bgp 100


10.0.0.11 4 100 4 5 1 0 0 00:01:19 0
10.0.0.12 4 100 4 3 1 0 0 00:01:07 0


10.0.0.10 4 100 7 5 1 0 0 00:02:47 0
10.0.0.12 4 100 5 5 1 0 0 00:02:33 0


10.0.0.10 4 100 5 6 1 0 0 00:03:08 0
10.0.0.11 4 100 6 6 1 0 0 00:03:07 0
MP-eBGP
Formamos LSP entre Sitios.
AS1/AS100
R5
router bgp 1
R10
router bgp 100

414

10.0.0.4 4 1 6 6 1 0 0 00:03:32 0
10.1.105.10 4 100 4 4 1 0 0 00:00:32 0
MP-eBGP
AS2/AS100
R7
router bgp 2
R11
router bgp 100


10.0.0.10 4 100 9 10 1 0 0 00:06:39 0
10.0.0.12 4 100 9 10 1 0 0 00:06:35 0
10.1.117.7 4 2 4 4 1 0 0 00:00:01 0
MP-eBGP
AS3/AS100
R9
router bgp 3
R11
router bgp 100
415
R12
router bgp 100


10.0.0.8 4 3 16 16 1 0 0 00:12:09 0
10.1.119.11 4 100 3 5 1 0 0 00:01:34 0
10.1.129.12 4 100 4 2 1 0 0 00:00:03 0
R4
router bgp 1
neighbor EXTERNOS peer-group
neighbor EXTERNOS ebgp-multihop 255
neighbor EXTERNOS update-source Loopback0
neighbor 10.0.0.6 peer-group EXTERNOS
neighbor EXTERNOS send-community extended
neighbor EXTERNOS next-hop-unchanged
R6
router bgp 2
R8
router bgp 3
416


10.0.0.5 4 1 83 82 1 0 0 01:12:48 0
10.0.0.6 4 2 5 5 1 0 0 00:00:56 0
10.0.0.8 4 3 2 2 1 0 0 00:00:04 0

10.0.0.4 4 1 7 7 1 0 0 00:03:02 0
10.0.0.7 4 2 82 82 1 0 0 01:12:34 0
10.0.0.8 4 3 6 4 1 0 0 00:02:25 0

10.0.0.4 4 1 5 5 1 0 0 00:03:17 0
10.0.0.6 4 2 5 7 1 0 0 00:03:30 0
10.0.0.9 4 3 83 84 1 0 0 01:12:48 0
VPNA
R4
ip vrf A
rd 1:1
ip vrf forwarding A
ip address 172.16.14.4 255.255.255.0
router rip

network 172.16.0.0
no auto-summary
version 2
417
router bgp 1
no synchronization
redistribute rip
R1
router rip
version 2
network 100.0.0.0
network 172.16.0.0
no auto-summary

Routing Table: A
VPNB
R6
ip vrf B
rd 2:1
ip vrf forwarding B
ip address 172.16.26.6 255.255.255.0
router ospf 26 vrf B

network 172.16.26.0 0.0.0.255 area 0
router bgp 2
no synchronization
redistribute ospf 26 vrf B match internal external 1 external 2
R2
interface Loopback0
ip address 100.0.0.2 255.255.255.255
ip ospf 26 area 0
ip address 172.16.26.2 255.255.255.0
ip ospf 26 area 0
router ospf 26
router-id 100.0.0.2
R6#sh ip route vrf B ospf

418
Routing Table: B
VPNC
R8
ip vrf C
rd 3:1
ip vrf forwarding C
ip address 172.16.38.8 255.255.255.0
router ospf 26 vrf C

network 172.16.38.0 0.0.0.255 area 0
router bgp 3
address-family ipv4 vrf C
no synchronization
redistribute ospf 26 vrf C match internal external 1 external 2
R3
ip ospf 26 area 0
router ospf 26
router-id 100.0.0.3
network 100.0.0.3 0.0.0.0 area 0
R8#sh ip route vrf C ospf

Routing Table: C
Next-Hop-Self VPNv4
El Sistema Autonomo 100 AS100 es el punto central para los tres sitios, es de suma importancia que no rechaze rutas vpnv4, ya
hemos evitado el filtrado de rutas con el comando ASBR no bgp default route-target filter. Comprobamos que las rutas estén
instaladas en AS100, AS1, AS2 y AS3.

419


*> 100.0.0.1/32 10.1.105.5 0 1?
*> 172.16.14.0/24 10.1.105.5 0 1?
* i100.0.0.2/32 10.1.117.7 0 100 0 2?
* i172.16.26.0/24 10.1.117.7 0 100 0 2?
* i100.0.0.3/32 10.1.119.9 0 100 0 3?
*i 10.1.129.9 0 100 0 3?
* i172.16.38.0/24 10.1.119.9 0 100 0 3?
*i 10.1.129.9 0 100 0 3?
R10
router bgp 100
R11
router bgp 100
R12
router bgp 100


*> 100.0.0.1/32 10.1.105.5 0 1?
*> 172.16.14.0/24 10.1.105.5 0 1?
*>i100.0.0.2/32 10.0.0.11 0 100 0 2?
*>i172.16.26.0/24 10.0.0.11 0 100 0 2?
*>i100.0.0.3/32 10.0.0.11 0 100 0 3?
*i 10.0.0.12 0 100 0 3?
*>i172.16.38.0/24 10.0.0.11 0 100 0 3?
*i 10.0.0.12 0 100 0 3?
R5
router bgp 1
420
R7
router bgp 2
R9
router bgp 3

100.0.0.1/32 172.16.14.1 402/nolabel
100.0.0.2/32 10.0.0.5 nolabel/504
100.0.0.3/32 10.0.0.5 nolabel/506
172.16.14.0/24 0.0.0.0 401/nolabel(A)
172.16.26.0/24 10.0.0.5 nolabel/505
172.16.38.0/24 10.0.0.5 nolabel/507
100.0.0.2/32 10.0.0.5 nolabel/504
172.16.26.0/24 10.0.0.5 nolabel/505
100.0.0.3/32 10.0.0.5 nolabel/506
172.16.38.0/24 10.0.0.5 nolabel/507
Pruebas Extremo-Extremo


*> 100.0.0.1/32 172.16.14.1 1 32768 ?
*>i100.0.0.2/32 10.0.0.5 0 100 0 100 2 ?
*>i100.0.0.3/32 10.0.0.5 0 100 0 100 3 ?
*> 172.16.14.0/24 0.0.0.0 0 32768 ?
*>i172.16.26.0/24 10.0.0.5 0 100 0 100 2 ?
*>i172.16.38.0/24 10.0.0.5 0 100 0 100 3 ?
*>i100.0.0.2/32 10.0.0.5 0 100 0 100 2 ?
*>i172.16.26.0/24 10.0.0.5 0 100 0 100 2 ?
*>i100.0.0.3/32 10.0.0.5 0 100 0 100 3 ?
*>i172.16.38.0/24 10.0.0.5 0 100 0 100 3 ?
R1#sh ip route rip

421


1 172.16.14.4 160 msec
7 172.16.38.3 288 msec

1 172.16.14.4 72 msec
7 172.16.26.2 524 msec


*>i100.0.0.1/32 10.0.0.7 0 100 0 100 1 ?
*>i172.16.14.0/24 10.0.0.7 0 100 0 100 1 ?


*>i100.0.0.3/32 10.0.0.7 0 100 0 100 3 ?
*>i172.16.38.0/24 10.0.0.7 0 100 0 100 3 ?
R2#sh ip route ospf


1 172.16.26.6 60 msec
422

7 172.16.14.1 296 msec

1 172.16.26.6 132 msec
6 172.16.38.3 576 msec


*>i100.0.0.1/32 10.0.0.9 0 100 0 100 1 ?
*>i172.16.14.0/24 10.0.0.9 0 100 0 100 1 ?


*>i100.0.0.2/32 10.0.0.9 0 100 0 100 2 ?
*>i172.16.26.0/24 10.0.0.9 0 100 0 100 2 ?
R3#sh ip route ospf


1 172.16.38.8 104 msec
7 172.16.14.1 776 msec

1 172.16.38.8 116 msec
423

6 172.16.26.2 404 msec
Control VPNs
Configurar R11 de manera que el trafico VPNA desde Sitio1 a Sitio3 utilice el path R4->R5->R10->R12->R9->R8.
El criterio de selección de la mejor ruta que utiliza BGP nos indica que los criterios son iguales y que el next-hop con menor IP
será el elegido por R9 para alcanzar Sitio1 (R11 será el valor seleccionado por BGP).
Para lograr el comportamiento pedido necesitamos analizar el trafico en base al sitio.


* 100.0.0.1/32 10.1.129.12 0 100 1 ?
*> 10.1.119.11 0 100 1 ?
* 172.16.14.0/24 10.1.129.12 0 100 1 ?
*> 10.1.119.11 0 100 1 ?


* 100.0.0.2/32 10.1.129.12 0 100 2 ?
*> 10.1.119.11 0 100 2 ?
* 172.16.26.0/24 10.1.129.12 0 100 2 ?
*> 10.1.119.11 0 100 2 ?
R11
ip access-list standard PREFIJO-Sitio1
permit 172.16.14.0
permit 100.0.0.1
route-map MED permit 10

match ip address PREFIJO-Sitio1
set as-path prepend 1 1
route-map MED permit 20
router bgp 100

neighbor 10.1.119.9 route-map MED out
424


* 100.0.0.1/32 10.1.119.11 0 100 1 1 1 ?
*> 10.1.129.12 0 100 1 ?
* 172.16.14.0/24 10.1.119.11 0 100 1 1 1 ?
*> 10.1.129.12 0 100 1 ?


*>i100.0.0.3/32 10.0.0.11 0 100 0 3 ?
*i 10.0.0.12 0 100 0 3 ?
*>i172.16.38.0/24 10.0.0.11 0 100 0 3 ?
*i 10.0.0.12 0 100 0 3 ?
R11
ip access-list standard PREFIJO-Sitio2
permit 172.16.38.0
permit 100.0.0.8
route-map LOCAL permit 10

match ip address PREFIJO-Sitio2
set local-preference 99
route-map LOCAL permit 20
router bgp 100

neighbor AS100 route-map LOCAL out


* i100.0.0.3/32 10.0.0.11 0 99 0 3?
*>i 10.0.0.12 0 100 0 3?
* i172.16.38.0/24 10.0.0.11 0 99 0 3?
*>i 10.0.0.12 0 100 0 3?
Veamos el antes y despues en los extremos.
425
R1#traceroute 100.0.0.3 probe 1 //Antes de

1 172.16.14.4 108 msec
7 172.16.38.3 952 msec
R1#traceroute 100.0.0.3 probe 1 //DESPUES

1 172.16.14.4 188 msec
7 172.16.38.3 308 msec
R3#traceroute 100.0.0.1 probe 1 //ANTES

1 172.16.38.8 104 msec
7 172.16.14.1 776 msec

1 172.16.38.8 272 msec
7 172.16.14.1 480 msec
Multicast dentro de los Sistemas Autónomos

Habilitar Mutlicast PIM SM en AS1 y AS2. AS100 no participa en el dominio Multicast multicast.
Usar BSR.
Multicast PIM Sparse-Mode AS1
R4
interface Loopback0
ip pim sparse-mode
ip pim sparse-mode
R5
426
interface Loopback0
ip pim sparse-mode
ip pim sparse-mode

PIM Neighbor Table
Address Prio/Mode

10.0.0.4 Loopback0 v2/S 0 30 1 10.0.0.4
10.1.45.4 FastEthernet0/1 v2/S 1 30 1 10.1.45.5

PIM Neighbor Table
Address Prio/Mode
10.1.45.4 FastEthernet0/1 00:01:07/00:01:34 v2 1 / S P G

10.0.0.5 Loopback0 v2/S 0 30 1 10.0.0.5
10.1.45.5 FastEthernet0/1 v2/S 1 30 1 10.1.45.5
Multicast PIM Sparse-Mode AS2
R6
interface Loopback0
ip pim sparse-mode
ip pim sparse-mode
R7
interface Loopback0
ip pim sparse-mode
ip pim sparse-mode

427
PIM Neighbor Table

Address Prio/Mode

10.0.0.6 Loopback0 v2/S 0 30 1 10.0.0.6
10.1.67.6 FastEthernet0/1 v2/S 1 30 1 10.1.67.7

PIM Neighbor Table
Address Prio/Mode

10.0.0.7 Loopback0 v2/S 0 30 1 10.0.0.7
10.1.67.7 FastEthernet0/1 v2/S 1 30 1 10.1.67.7
Conexion Dominio Mutlicast

Source y Destination deben ser conocidos, sabemos que las loopbacks 0 de todos los LSRs son conocidos a traves de BGP.
R5
interface Tunnel57
ip unnumbered loopback 0
ip pim sparse-dense-mode
tunnel source loopback 0
R7
interface Tunnel57
ip unnumbered loopback 0
tunnel source loopback 0
R5#show ip int brief

Loopback0 10.0.0.5 YES manual up up
R5
428
ip mroute 10.1.67.0 255.255.255.0 tunnel 57
R7
ip mroute 10.1.45.0 255.255.255.0 tunnel 57
R5#show ip pim neighbor tunnel 57

PIM Neighbor Table
Address Prio/Mode
10.0.0.7 Tunnel57 00:03:43/00:01:27 v2 1 / S P G
R7#show ip pim neighbor tunnel 57

PIM Neighbor Table
Address Prio/Mode
10.0.0.5 Tunnel57 00:02:36/00:01:37 v2 1 / S P G
R5#show ip pim interface tunnel 57 detail

Tunnel57 is up, line protocol is up
Interface is unnumbered. Using address of Loopback0 (10.0.0.5)
Multicast switching: fast
Multicast packets in/out: 0/0
Multicast TTL threshold: 0
PIM: enabled
PIM version: 2, mode: sparse-dense
PIM DR: 0.0.0.0
PIM neighbor count: 1
PIM Hello/Query interval: 30 seconds
PIM Hello packets in/out: 10/11
PIM State-Refresh processing: enabled
PIM State-Refresh origination: disabled
PIM NBMA mode: disabled
PIM ATM multipoint signalling: disabled
PIM domain border: disabled
PIM neighbors rpf proxy capable: TRUE
Multicast Tagswitching: disabled
R7#show ip pim interface tunnel 57 detail

PIM: enabled
PIM DR: 0.0.0.0
429

RP
R7 RP-Address
Configurar R6 con la direccion de grupo IGMP 239.1.1.1
Comprobar que todos los routes de AS1 y AS2 puedan alcanzar el grupo IGMP configurado en el router R6.
R7
ip pim rp-candidate Loopback0
R6
interface Loopback0
ip address 10.0.0.6 255.255.255.255
ip pim sparse-mode
R4
R5
R4#ping 239.1.1.1
R5#ping 239.1.1.1
R6#ping 239.1.1.1
R7#ping 239.1.1.1
R4#show ip pim rp
Group: 239.1.1.1, RP: 10.0.0.7, uptime 00:03:18, expires never
430
R5#show ip pim rp
R6#show ip pim rp
R7#show ip pim rp
Group: 239.1.1.1, RP: 10.0.0.7, v2, next RP-reachable in 00:00:21
Group: 224.0.1.40, RP: 10.0.0.7, v2, next RP-reachable in 00:01:09
Multicast VPN
Sitio 1
R4
ip vrf forwarding A
R1
interface Loopback0

PIM Neighbor Table
Address Prio/Mode

100.0.0.1 Loopback0 v2/SD 0 30 1 100.0.0.1
172.16.14.1 FastEthernet0/0 v2/SD 1 30 1 172.16.14.4
R4#show ip pim vrf A neighbor

PIM Neighbor Table
Address Prio/Mode
R4
ip vrf A
431

10.0.0.4 Tunnel1 v2/SD 0 30 1 10.0.0.4
R6
ip multicast-routing vrf B
R2
interface Loopback0

PIM Neighbor Table
Address Prio/Mode
R6
ip vrf B
R6#show ip pim vrf B interface

10.0.0.6 Tunnel1 v2/SD 1 30 1 10.0.0.6
R6#show ip pim vrf B interface tunnel 1 detail

PIM: enabled
PIM DR: 10.0.0.6 (this system)
432

R4#show ip pim vrf A interface tunnel 1 detail

PIM: enabled
PIM DR: 10.0.0.4 (this system)
PIM neighbors rpf proxy capable: FALSE
R1
ip pim rp-candidate Loopback0
R2
R2#ping 235.1.1.1
L2TPv3
Como se trata de la misma encapsualacion no necesitamos usar el comando interworking ip en el Pseudo-Wire.
L2TPv3 viaja sobre IP, no esperemos que se forme una sesion LDP.
R4
433
no ip address
duplex full
no keepalive
no shut
R1
ip address 172.16.13.1 255.255.255.0
duplex full
speed auto
R8
no ip address
duplex full
no keepalive
no shut
R4#show l2tun
Count VPDN Group
738140105 739992134 R8 est 10.0.0.8 1 l2tp_default_cl

Vcid, Circuit
3804617505 1930661741 738140105 100, Fa1/0 est 00:07:10 1
R8#show l2tun
Count VPDN Group
739992134 738140105 R4 est 10.0.0.4 1 l2tp_default_cl

Vcid, Circuit
1930661741 3804617505 739992134 100, Fa1/0 est 00:07:43 1
R4#show l2tun session all

L2TP Session Information Total tunnels 1 sessions 1
Session id 3804617505 is up, logical session id 65537, tunnel id 738140105
Remote session id is 1930661741, remote tunnel id 739992134
Remotely initiated session
Unique ID is 1
Session Layer 2 circuit, type is Ethernet, name is FastEthernet1/0
Session vcid is 100
434
Circuit state is UP
Local circuit state is UP
Remote circuit state is UP
Call serial number is 1139000001
Remote tunnel name is R8
Internet address is 10.0.0.8
Local tunnel name is R4
Internet address is 10.0.0.4
IP protocol 115
Session is L2TP signaled
Session state is established, time since change 00:08:31
84 Packets sent, 65 received
9567 Bytes sent, 6413 received
Last clearing of counters never
Counters, ignoring last clear:
84 Packets sent, 65 received
9567 Bytes sent, 6413 received
Receive packets dropped:
out-of-order: 0
other: 0
total: 0
Send packets dropped:
exceeded session MTU: 0
other: 0
total: 0
DF bit off, ToS reflect disabled, ToS value 0, TTL value 255
Sending UDP checksums are disabled
Received UDP checksums are verified
No session cookie information available
FS cached header information:
encap size = 24 bytes
45000014 00000000 ff73a76b 0a000004
0a000008 73138f6d
Sequencing is off
Conditional debugging is disabled
SSM switch id is 4096, SSM segment id is 8193
El comando show sss circuits nos entrega informacion adicional como la encapsulacion, ID origen/destino en formato
hexadecimal.
Por ejemplo R4#show sss circuits nos muestra los primeros 20 bytes pertenecen a la cabecera IP con la direccion origen
10.0.0.4 (0x0A000004) y la direccion de destino (0x0A000008).
R4#show sss circuits

Current Subscriber Circuit Information: Total number of circuits 1
A:Allocated, E:Encap upd, S:Pkt send vect upd
Unique ID 0 Serial Num 1

---------------------------------------------------------------------------
Status Encapsulation
UP flg len dump
Y AES 0
Y AES 24 45000000 00000000 FF73A77F 0A000004 0A000008
73138F6D
435
R8#show sss circuits

Current Subscriber Circuit Information: Total number of circuits 1
A:Allocated, E:Encap upd, S:Pkt send vect upd
Unique ID 0 Serial Num 1

---------------------------------------------------------------------------
Status Encapsulation
UP flg len dump
Y AES 0
Y AES 24 45000000 00000000 FF73A77F 0A000008 0A000004
E2C5DB21
Pruebas extremo/extremo
R1#ping 172.16.13.3 repeat 100

!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!.


R3 Fas 0/1 131 R 7206VXR Fas 0/1
R4 Fas 0/1 139 R 7206VXR Fas 1/0
R4 Fas 0/0 178 R 7206VXR Fas 0/0
R3#ping 172.16.13.1
436
!!!!!


R1 Fas 0/1 135 R 7206VXR Fas 0/1
R8 Fas 0/1 176 R 7206VXR Fas 1/0
R8 Fas 0/0 159 R 7206VXR Fas 0/0
437
Seccion Challenge IPv6 Lab
AS1
§ Configurar AS1 utilizando IS-IS con net 49.0001.0000.0000.0003.00 y 49.0001.0000.0000.0004.00 para R3 y R4
respectivamente. Usar ayacencia L2. No debe existir elección de DIS.
§ Configurar LDP en AS1 usando loopback0 como ID de sesión.
§ BGP IPv4 R3/R4. Publicar loopback0. Habilitar IPv4 dentro de address-family ipv4 unicast.
R3
ip router isis
router isis
net 49.0001.0000.0000.0003.00
R4
ip router isis
router isis
net 49.0001.0000.0000.0004.00
438
R3#sh ip route isis

R4#sh ip route isis

R3#ping 10.1.1.4 source 10.1.1.3

!!!!!

Tag null:
R4 L2 Fa0/0 10.1.34.4 UP 27 00
R3
ip cef
mpls ip
mpls ip
R4
ip cef
mpls ip
mpls ip

10.1.1.4:0
Discovery Sources:
Interfaces:
LDP Id: 10.1.1.3:0

10.1.1.3:0
Discovery Sources:
Interfaces:
LDP Id: 10.1.1.4:0
439
§ BGP IPv4 R3/R4. Publicar loopback0. Habilitar IPv4 dentro de address-family ipv4 unicast.
R3
router bgp 1
address-family ipv4
no synchronization
network 10.1.1.3 mask 255.255.255.255
no auto-summary
R4
router bgp 1
address-family ipv4
no synchronization
network 10.1.1.4 mask 255.255.255.255
R3#show ip bgp

*> 10.1.1.3/32 0.0.0.0 0 32768 i
r>i10.1.1.4/32 10.1.1.4 0 100 0 i
R4#show ip bgp

r>i10.1.1.3/32 10.1.1.3 0 100 0 i
*> 10.1.1.4/32 0.0.0.0 0 32768 i
AS2
§ Configurar AS2 utilizando IS-IS con net con la siguiente distribución :
1. R5 : 49.0002.0000.0000.0005.00
2. R6 : 49.0002.0000.0000.0006.00
3. R7 : 49.0002.0000.0000.0007.00
440
4. R8 : 49.0002.0000.0000.0008.00
5. R9 : 49.0002.0000.0000.0009.00
Usar L2 unicamente. No debe existir elección de DIS.
R5
ip router isis
ip router isis
ip router isis
router isis
net 49.0001.0000.0000.0005.00
R6
ip router isis
ip router isis
ip router isis
router isis
net 49.0001.0000.0000.0006.00
R7
ip router isis
ip router isis
router isis
net 49.0001.0000.0000.0007.00
R8
441
ip router isis
ip router isis
ip router isis
ip router isis
router isis
net 49.0001.0000.0000.0008.00
R9
ip router isis
ip router isis
router isis
net 49.0001.0000.0000.0009.00

R5 L2 Fa1/0 10.1.58.5 UP 27 02
R6 L2 Fa2/0 10.1.68.5 UP 20 02
R7 L2 Fa0/0 10.1.78.7 UP 27 00
R9 L2 Fa0/1 10.1.89.9 UP 26 00
R5#sh ip route isis


442
R5
ip cef
mpls ip
mpls ip
mpls ip
mpls ip
R6
ip cef
mpls ip
mpls ip
mpls ip
mpls ip
R7
ip cef
mpls ip
mpls ip
mpls ip
R8
ip cef
mpls ip
mpls ip
443
mpls ip
mpls ip
mpls ip
R9
ip cef
mpls ip
mpls ip
mpls ip

10.1.1.8:0
Discovery Sources:
Interfaces:
LDP Id: 10.1.1.7:0
LDP Id: 10.1.1.9:0
LDP Id: 10.1.1.5:0
LDP Id: 10.1.1.6:0

10.1.1.5:0
Discovery Sources:
Interfaces:
LDP Id: 10.1.1.6:0
LDP Id: 10.1.1.7:0
LDP Id: 10.1.1.8:0

10.1.1.6:0
Discovery Sources:
Interfaces:
LDP Id: 10.1.1.5:0
LDP Id: 10.1.1.9:0
LDP Id: 10.1.1.8:0
444

10.1.1.9:0
Discovery Sources:
Interfaces:
LDP Id: 10.1.1.8:0
LDP Id: 10.1.1.6:0

10.1.1.7:0
Discovery Sources:
Interfaces:
LDP Id: 10.1.1.8:0
LDP Id: 10.1.1.5:0
§ BGP IPv4 R5/R6/R7/R8/R9. Publicar loopback0. Habilitar IPv4 dentro de address-family ipv4 unicast.
§ R5 y R6 deben ser RR IPv4. Para disminuir la configuración y envío de actualizaciones estos routers deben utilizar peer-
group.
§ Usar loopback0 como ID BGP.
R5
router bgp 2
!
address-family ipv4
no synchronization
network 10.1.1.5 mask 255.255.255.255
no auto-summary
445
R6
router bgp 2
address-family ipv4
no synchronization
network 10.1.1.6 mask 255.255.255.255
no auto-summary
exit-address-family
R7
router bgp 2
address-family ipv4
no synchronization
network 10.1.1.7 mask 255.255.255.255
no auto-summary
R8
router bgp 2
address-family ipv4
no synchronization
network 10.1.1.8 mask 255.255.255.255
no auto-summary
446
R9
router bgp 2
address-family ipv4
no synchronization
network 10.1.1.9 mask 255.255.255.255
no auto-summary


10.1.1.6 4 2 7 8 10 0 0 00:03:26 1
10.1.1.7 4 2 7 7 10 0 0 00:02:24 1
10.1.1.8 4 2 6 6 10 0 0 00:01:35 1
10.1.1.9 4 2 5 5 10 0 0 00:01:14 1
Aun no hemos configurado RR. Y vemos que la convergencia no se ha producido (faltan los ID de cada todos los routers en AS2).
R7#show ip bgp

r>i10.1.1.5/32 10.1.1.5 0 100 0 i
r>i10.1.1.6/32 10.1.1.6 0 100 0 i
*> 10.1.1.7/32 0.0.0.0 0 32768 i
R5
router bgp 2
address-family ipv4
R6
router bgp 2
address-family ipv4
447
R7#show ip bgp

r i10.1.1.5/32 10.1.1.5 0 100 0 i
r>i 10.1.1.5 0 100 0 i
r i10.1.1.6/32 10.1.1.6 0 100 0 i
r>i 10.1.1.6 0 100 0 i
*> 10.1.1.7/32 0.0.0.0 0 32768 i
r i10.1.1.8/32 10.1.1.8 0 100 0 i
r>i 10.1.1.8 0 100 0 i
r i10.1.1.9/32 10.1.1.9 0 100 0 i
r>i 10.1.1.9 0 100 0 i
Por demos observar en la siguiente salida que el RR que publica la actualización nos advierte que se trata de una ruta reflejada por
un cluster en particular. Tenemos dos clusters, R5 y R6.
R7#show ip bgp 10.1.1.8 255.255.255.255

Paths: (2 available, best #2, table default, RIB-failure(17))
Local
10.1.1.8 (metric 10) from 10.1.1.6 (10.1.1.6)
Origin IGP, metric 0, localpref 100, valid, internal
Originator: 10.1.1.8, Cluster list: 10.1.1.6
Local
10.1.1.8 (metric 10) from 10.1.1.5 (10.1.1.5)
Originator: 10.1.1.8, Cluster list: 10.1.1.5


10.1.1.5 4 2 21 10 17 0 0 00:06:11 4
10.1.1.6 4 2 19 10 17 0 0 00:05:58 4
§ Formar sesión EBGP R3/R5 y R4/R6.

§ Permitir soft-reconfiguration (pendiente bgp soft-reconfig-backup)
448
R3
router bgp 1
address-family ipv4
R5
router bgp 2
address-family ipv4
R4
router bgp 1
address-family ipv4
R6
router bgp 2
address-family ipv4
R5#show ip bgp neighbors 10.1.35.3 advertised-routes

Originating default network 0.0.0.0
*> 10.1.1.5/32 0.0.0.0 0 32768 i
r>i10.1.1.6/32 10.1.1.6 0 100 0 i
r>i10.1.1.7/32 10.1.1.7 0 100 0 i
r>i10.1.1.8/32 10.1.1.8 0 100 0 i
r>i10.1.1.9/32 10.1.1.9 0 100 0 i
R3#traceroute 10.1.1.9 probe 1 source loopback 0

1 10.1.35.5 84 msec
2 10.1.58.8 136 msec
3 10.1.89.9 132 msec
R3#show ip bgp
*> 10.1.1.3/32 0.0.0.0 0 32768 i
r>i10.1.1.4/32 10.1.1.4 0 100 0 i
*> 10.1.1.5/32 10.1.35.5 0 02i
*i 10.1.1.4 0 100 0 2 i
*> 10.1.1.6/32 10.1.35.5 02i
*i 10.1.1.4 0 100 0 2 i
*> 10.1.1.7/32 10.1.35.5 02i
*i 10.1.1.4 0 100 0 2 i
*> 10.1.1.8/32 10.1.35.5 02i
449
*i 10.1.1.4 0 100 02i

*> 10.1.1.9/32 10.1.35.5 02i
*i 10.1.1.4 0 100 02i
§ Configurar 6PE en AS1

§ Configurar 6PE en AS2
§ Configurar OSPFv3 proceso 1 Area 0 en Sitio1 y 2.
§ R1 y R2 publican su loopback0
§ Configurar OSPFv3 proceso 1 Area 0 en Sitio2.
§ Redistribuir mutuamente BGP y OSPFv3 en ambos sitios
R3
router bgp 1
address-family ipv6
%BGP_LMM-6-AUTOGEN1: The mpls bgp forwarding command has been configured on interface: Serial2/0
R4
router bgp 1
address-family ipv6
exit-address-family
R5
router bgp 2
address-family ipv6
R6
router bgp 2
address-family ipv6
450
R7
router bgp 2
address-family ipv6
R8
router bgp 2
address-family ipv6
R9
router bgp 2
address-family ipv6


10.1.1.4 4 1 10 11 1 0 0 00:07:05 0
10.1.35.5 4 2 8 8 1 0 0 00:04:08 0

10.1.1.6 4 2 7 8 1 0 0 00:04:01 0
10.1.1.7 4 2 7 4 1 0 0 00:02:45 0
10.1.1.8 4 2 5 4 1 0 0 00:02:16 0
10.1.1.9 4 2 5 4 1 0 0 00:02:02 0
10.1.35.3 4 1 9 10 1 0 0 00:05:27 0

10.1.1.5 4 2 5 6 1 0 0 00:03:01 0
10.1.1.6 4 2 5 6 1 0 0 00:03:01 0
El procveso BGP genera autmaticamente el comando mpls bgp forwarding
R3#show running-config interface serial 1/0


!
451
interface Serial1/0
ip address 10.1.35.3 255.255.255.0
mpls bgp forwarding
serial restart-delay 0
!
end
§ Configurar OSPFv3 proceso 1 Area 0 en Sitio1 y 2.

§ R1 y R2 publican su loopback0
§ Configurar OSPFv3 proceso 1 Area 0 en Sitio2.
R1
ipv6 router ospf 1
router-id 100.1.1.1
ipv6 ospf 1 area 0
ipv6 ospf 1 area 0
interface Loopback0
ipv6 ospf 1 area 0
R2
ipv6 router ospf 1
router-id 100.1.1.2
ipv6 ospf 1 area 0
ipv6 ospf 1 area 0
interface Loopback0
ipv6 ospf 1 area 0
R3
ipv6 router ospf 1
router-id 3.3.3.3
ipv6 ospf 1 area 0

3.3.3.3 1 FULL/BDR 00:00:37 4 FastEthernet0/1
100.1.1.2 1 FULL/DR 00:00:37 3 FastEthernet0/0
452

O BBC::1/128 [110/1]
via FE80::C804:BFF:FE34:6, FastEthernet0/1
O BBC::2/128 [110/2]
O 2000:1:12::/124 [110/2]
O 2000:1:24::/124 [110/3]
R4
ipv6 router ospf 1
router-id 4.4.4.4
ipv6 ospf 1 area 0

R10
ipv6 router ospf 1
router-id 100.1.1.10
interface Serial1/0
ipv6 ospf 1 area 0
interface Loopback0
ipv6 ospf 1 area 0
R7
ipv6 router ospf 1
router-id 7.7.7.7
interface Serial1/0
ipv6 ospf 1 area 0

7.7.7.7 0 FULL/ - 00:00:36 5 Serial1/0

O BBC::10/128 [110/64]
via FE80::C809:BFF:FE7C:8, Serial1/0
453
§ R5 y R6 son RR para IPv6.
R5
router bgp 2
address-family ipv6
R6
router bgp 2
address-family ipv6
R7#show ip bgp all summary | begin IPv6


10.1.1.5 4 2 6 4 1 0 0 00:01:58 0
10.1.1.6 4 2 3 3 1 0 0 00:01:49 0
§ Redistribuir mutuamente BGP y OSPFv3 en ambos sitios
Nota:la palabra clave subnet en redistribución BGP-> OSPF ya no es necesaria por la naturaleza del tipo de dirección IPv6. Evitar
utulizar el comando redistribute connected puesto que publicará todas las interfaces conectadas, si usamos el comando included-
connected evitamos que se redistribuyan redes que no nos interesa.
R3
ipv6 router ospf 1
redistribute bgp 1
router bgp 1
address-family ipv6
redistribute ospf 1 include-connected
R4
ipv6 router ospf 1
redistribute bgp 1
router bgp 1
address-family ipv6
R7
ipv6 router ospf 1
redistribute bgp 2
router bgp 2
address-family ipv6
454



*>iBBC::2/128 ::FFFF:10.1.1.4 1 100 0 ?
*> BBC::10/128 ::FFFF:10.1.35.5
0 2?
*i ::FFFF:10.1.1.4 0 100 0 2?
*>i2000:1:12::/124 ::FFFF:10.1.1.4 2 100 0 ?
*> 2000:1:13::/124 :: 0 32768 ?
*>i2000:1:24::/124 ::FFFF:10.1.1.4 0 100 0 ?
* i2000:1:107::/124 ::FFFF:10.1.1.4 0 100 0 2?
*> ::FFFF:10.1.35.5
02?
*>i2000:1:124::/124 ::FFFF:10.1.1.4 0 100 0 ?
R3#show bgp ipv6 unicast labels

BBC::2/128 ::FFFF:10.1.1.4 302/402
BBC::10/128 ::FFFF:10.1.35.5
307/509
::FFFF:10.1.1.4 307/407
2000:1:12::/124 ::FFFF:10.1.1.4 303/403
2000:1:13::/124 :: 304/nolabel
2000:1:24::/124 ::FFFF:10.1.1.4 305/405
2000:1:107::/124 ::FFFF:10.1.1.4 308/408
::FFFF:10.1.35.5
308/510
2000:1:124::/124 ::FFFF:10.1.1.4 306/406


* iBBC::2/128 ::FFFF:10.1.35.3
0 100 0 1?
*i ::FFFF:10.1.46.4
1 100 0 1?
*> BBC::10/128 :: 64 32768 ?
* i2000:1:12::/124 ::FFFF:10.1.35.3
0 100 0 1?
*i ::FFFF:10.1.46.4
2 100 0 1?
* i2000:1:13::/124 ::FFFF:10.1.46.4
0 100 0 1?
*i ::FFFF:10.1.35.3
0 100 0 1?
* i2000:1:24::/124 ::FFFF:10.1.35.3
0 100 0 1?
455
*i ::FFFF:10.1.46.4
0 100 0 1?
*> 2000:1:107::/124 :: 0 32768 ?
* i2000:1:124::/124 ::FFFF:10.1.35.3
0 100 0 1?
*i ::FFFF:10.1.46.4
0 100 0 1?
Nota : R7 no sabe como llegar al next-hop ::FFFF:10.1.35.3 y ::FFFF:10.1.46.4. Redistribuimos o hacemos a los ASRBs next-
hop.
R5
router bgp 2
address-family ipv6
R6
router bgp 2
address-family ipv6

*>iBBC::2/128 ::FFFF:10.1.1.5 0 100 0 1?
*i ::FFFF:10.1.1.5 0 100 0 1?
*> BBC::10/128 :: 64 32768 ?
*>i2000:1:12::/124 ::FFFF:10.1.1.5 0 100 0 1?
*i ::FFFF:10.1.1.5 0 100 0 1?
* i2000:1:13::/124 ::FFFF:10.1.1.6 0 100 0 1?
*>i ::FFFF:10.1.1.5 0 100 0 1?
*>i2000:1:24::/124 ::FFFF:10.1.1.5 0 100 0 1?
*i ::FFFF:10.1.1.6 0 100 0 1?
*> 2000:1:107::/124 :: 0 32768 ?
*>i2000:1:124::/124 ::FFFF:10.1.1.5 0 100 0 1?
*i ::FFFF:10.1.1.6 0 100 0 1?

O BBC::1/128 [110/1]
OE2 BBC::10/128 [110/1]
via FE80::C806:BFF:FE7C:6, FastEthernet0/1
O 2000:1:13::/124 [110/2]
OE2 2000:1:107::/124 [110/1]
OE2 2000:1:124::/124 [110/1]
456
R2#traceroute
Protocol [ip]: ipv6
Target IPv6 address: BBC::10
Source address: BBC::2
Probe count [3]: 1
Priority [0]:
Port Number [0]:
1 2000:1:24::4 88 msec
2 ::FFFF:10.1.46.6 [MPLS: Label 609 Exp 0] 284 msec
3 ::FFFF:10.1.68.8 [MPLS: Labels 802/709 Exp 0] 480 msec
5 2000:1:107::1 1008 msec

O BBC::2/128 [110/1]
OE2 BBC::10/128 [110/1]
O 2000:1:24::/124 [110/2]
OE2 2000:1:107::/124 [110/1]
OE2 2000:1:124::/124 [110/1]
R1#traceroute
Protocol [ip]: ipv6
Target IPv6 address: bbc::10
Source address: bbc::1
Probe count [3]: 1
Priority [0]:
Port Number [0]:
1 2000:1:13::3 152 msec

4 2000:1:107::1 548 msec
457

OE2 BBC::1/128 [110/1]
via FE80::C802:AFF:FEE8:8, Serial1/0
OE2 BBC::2/128 [110/1]
OE2 2000:1:12::/124 [110/2]
OE2 2000:1:13::/124 [110/1]
OE2 2000:1:24::/124 [110/1]
OE2 2000:1:124::/124 [110/1]
R3#show mpls forwarding-table | e No L

300 Pop Label 10.1.1.4/32 0 Fa0/0 10.1.34.4
301 Pop Label 10.1.35.5/32 0 Se1/0 point2point
307 509 BBC::10/128 0 Se1/0 point2point
308 510 2000:1:107::/124 0 Se1/0 point2point
Configurar 6VPE para que Cliente A pueda comunicar sus dos sitios.
R3
router bgp 1
R4
router bgp 1
R5
router bgp 2
458
R6
router bgp 2
R7
router bgp 2
R8
router bgp 2
R9
router bgp 2

10.1.1.6 4 2 4 6 1 0 0 00:01:55 0
10.1.1.7 4 2 4 3 1 0 0 00:01:32 0
10.1.1.8 4 2 2 2 1 0 0 00:00:25 0
10.1.1.9 4 2 2 2 1 0 0 00:00:13 0
10.1.35.3 4 1 8 7 1 0 0 00:03:53 0
R4
vrf definition A
rd 1:1
address-family ipv6
459
exit-address-family
vrf forwarding A
ipv6 address 2000:1:124::4/124
router bgp 1
no synchronization
neighbor 2000:1:42::1 remote-as 65001
neighbor 2000:1:42::1 activate
exit-address-family
R12
router bgp 65001
address-family ipv6
network BBC::12/128

*> BBC::12/128 2000:1:42::1 0 0 65001 i
*> 2000:1:42::/126 :: 0 32768 ?

B BBC::10/128 [20/0]
via 10.1.46.6%default, indirectly connected
B 2000:1:107::/124 [20/0]
via 10.1.46.6%default, indirectly connected
R8
vrf definition A
rd 1:2
address-family ipv6
exit-address-family
vrf forwarding A
ipv6 address 2000:1:81::2/126
460
router bgp 2
no synchronization
R11
ipv6 address 2000:1:81::1/126
ipv6 address 2000:1:91::1/126
router bgp 65001

address-family ipv6
network BBC::11/128
R9
vrf definition A
rd 1:2
address-family ipv6
exit-address-family
vrf forwarding A
ipv6 address 2000:1:91::2/126
router bgp 2


*> BBC::11/128 ::FFFF:10.1.46.6
0 2 65001 i
*> BBC::12/128 2000:1:42::1 0 0 65001 i
*> 2000:1:42::/126 :: 0 32768 ?
*> 2000:1:81::/126 ::FFFF:10.1.46.6
02?
461
*> 2000:1:91::/126 ::FFFF:10.1.46.6

02?
R12
router bgp 65001
address-family ipv6
neighbor 2000:1:42::2 allowas-in
R11
router bgp 65001
address-family ipv6


*> BBC::11/128 2000:1:42::2 0 1 2 65001 i
*> BBC::12/128 :: 0 32768 i
*> 2000:1:42::/126 2000:1:42::2 0 01?
*> 2000:1:81::/126 2000:1:42::2 012?
*> 2000:1:91::/126 2000:1:42::2 012?


*> BBC::11/128 :: 0 32768 i
* 2000:1:81::/126 2000:1:91::2 02?
*> 2000:1:81::2 0 02?
* 2000:1:91::/126 2000:1:91::2 0 02?
*> 2000:1:81::2 02?


*> BBC::11/128 2000:1:81::1 0 0 65001 i
* iBBC::12/128 ::FFFF:10.1.46.4
0 100 0 1 65001 i
* i2000:1:42::/126 ::FFFF:10.1.46.4
0 100 0 1 ?
*> 2000:1:81::/126 :: 0 32768 ?
* i2000:1:91::/126 ::FFFF:10.1.1.9 0 100 0 ?
*>i ::FFFF:10.1.1.9 0 100 0 ?
R5
router bgp 2
462
R6
router bgp 2


*> BBC::11/128 2000:1:42::2 0 1 2 65001 i
*> BBC::12/128 :: 0 32768 i
*> 2000:1:42::/126 2000:1:42::2 0 01?
*> 2000:1:81::/126 2000:1:42::2 012?
*> 2000:1:91::/126 2000:1:42::2 012?
R4#show bgp vpnv6 unicast vrf A labels

BBC::11/128 ::FFFF:10.1.46.6
nolabel/617
BBC::12/128 2000:1:42::1 411/nolabel
2000:1:42::/126 :: 410/nolabel
2000:1:81::/126 ::FFFF:10.1.46.6
nolabel/615
2000:1:91::/126 ::FFFF:10.1.46.6
nolabel/618

BBC::11/128 2000:1:81::1 808/nolabel
BBC::12/128 ::FFFF:10.1.1.6 nolabel/619
2000:1:42::/126 ::FFFF:10.1.1.6 nolabel/620
2000:1:81::/126 :: 807/nolabel
2000:1:91::/126 ::FFFF:10.1.1.9 nolabel/909
::FFFF:10.1.1.9 nolabel/909

BBC::11/128 2000:1:91::1 910/nolabel
::FFFF:10.1.1.8 910/808
::FFFF:10.1.1.8 910/808
BBC::12/128 ::FFFF:10.1.1.6 nolabel/619
2000:1:42::/126 ::FFFF:10.1.1.6 nolabel/620
2000:1:81::/126 ::FFFF:10.1.1.8 nolabel/807
::FFFF:10.1.1.8 nolabel/807
2000:1:91::/126 :: 909/nolabel

900 600 10.1.1.5/32 0 Fa0/1 10.1.69.6
800 10.1.1.5/32 0 Fa0/0 10.1.89.8
463
901 Pop Label 10.1.1.6/32 0 Fa0/1 10.1.69.6

902 802 10.1.1.7/32 0 Fa0/0 10.1.89.8
903 Pop Label 10.1.1.8/32 0 Fa0/0 10.1.89.8
904 Pop Label 10.1.56.0/24 0 Fa0/1 10.1.69.6
905 604 10.1.57.0/24 0 Fa0/1 10.1.69.6
805 10.1.57.0/24 0 Fa0/0 10.1.89.8
906 Pop Label 10.1.58.0/24 0 Fa0/0 10.1.89.8
907 Pop Label 10.1.68.0/24 0 Fa0/1 10.1.69.6
Pop Label 10.1.68.0/24 0 Fa0/0 10.1.89.8
908 Pop Label 10.1.78.0/24 0 Fa0/0 10.1.89.8
909 No Label 2000:1:91::/126[V] \
0 aggregate/A
910 No Label BBC::11/128[V] 0 Fa1/0 FE80::C808:BFF:FE7C:6
Nota: R7 no tiene rutas VPNv6 porque debemos deshabilitar el filtro RT con el comando. No necesitamos que R7 manipule las
rutas VPNv6.

B BBC::12/128 [20/0]
via FE80::C803:AFF:FEE8:54, FastEthernet0/0
B 2000:1:42::/126 [20/0]

B BBC::11/128 [20/0]
via FE80::C806:BFF:FE7C:1C, FastEthernet0/0
B 2000:1:81::/126 [20/0]
B 2000:1:91::/126 [20/0]
R11#traceroute BBC::12
1 2000:1:81::2 [AS 2] 260 msec 204 msec 992 msec
2 ::FFFF:10.1.68.5 [MPLS: Label 619 Exp 0] 944 msec 744 msec 312 msec
3 2000:1:42::2 [AS 1] [MPLS: Label 411 Exp 0] 176 msec 280 msec 368 msec
4 2000:1:42::1 [AS 1] 404 msec 580 msec 628 msec
464
§ Usar Load-sharing eBGP
R11
router bgp 65001
address-family ipv6
maximum-paths 2

B BBC::12/128 [20/0]
via FE80::C80B:BFF:FEC8:1C, FastEthernet0/1
B 2000:1:42::/126 [20/0]
via FE80::C80B:BFF:FEC8:1C, FastEthernet0/1
R11#traceroute BBC::12
1 2000:1:81::2 [AS 2] 444 msec
2000:1:91::2 912 msec
2000:1:81::2 536 msec
::FFFF:10.1.68.5 708 msec
::FFFF:10.1.69.6 408 msec
3 2000:1:42::2 [AS 1] [MPLS: Label 411 Exp 0] 388 msec 728 msec 364 msec
4 2000:1:42::1 [AS 1] 504 msec 856 msec 1340 msec
465

Guia MPLS L2-L3 PDF

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Guia MPLS L2-L3 PDF

Hochgeladen von

Copyright:

Verfügbare Formate

Guía MPLS L2-L3 Version 3.

Prácticas de Laboratorio Service

1.Configuración BB. Redes NON_BROADCAST

interface Serial1/0.1 multipoint

interface Serial1/0.2 multipoint

frame-relay map ip 10.1.1.4 204 broadcast

interface Serial1/0.3 multipoint

interface Serial1/0.4 multipoint

Comprobamos conectividad completa en la red Frame-Relay, full mesh.

R1#show ip ospf interface serial 1/0.1

No designated router on this network

R1#show ip ospf neighbor

R2#show ip ospf neighbor

R3#show ip ospf neighbor

R4#show ip ospf neighbor

Como podemos ver los mensajes Hello son unicast:

R1#debug ip ospf hello

R1#show ip ospf database

OSPF Router with ID (100.1.1.1) (Process ID 1)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count

Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

R1#sh ip route ospf

Segunda opcion (opcional omitiendo la primera)

R1#show ip ospf neighbor

R1#sh ip route ospf

R11#show ip ospf neighbor

R1#show ip ospf neighbor fastEthernet 0/0

100.10.10.10 254 FULL/BDR 00:00:30 10.1.119.10 FastEthernet0/0

Analizaremos los LSAs generadas en AREA10.

R9#show ip ospf database

Net Link States (Area 10)

Summary Net Link States (Area 10)

R10#sh ip route ospf

R10#show ip ospf database summary 100.4.4.4

OSPF Router with ID (100.10.10.10) (Process ID 1)

Summary Net Link States (Area 10)

Routing Bit Set on this LSA

R10#show ip ospf border-routers

R4#show ip ospf interface loopback 0

Costo Loopback0 R4 + Costo serial + Costo FastEthernet

R10#sh ip route 100.4.4.4

R1#show ip ospf statistics

OSPF Router with ID (100.1.1.1) (Process ID 1)

Area 0: SPF algorithm executed 3 times

Area 10: SPF algorithm executed 5 times

Summary OSPF SPF statistic

SPF calculation time

RIB manipulation time during SPF (in msec):

OSPF: inter route to 100.4.4.4/32 became unreachable, check externals

Configurar OSPF entre R1 y R7.

R1#show ip ospf interface brief

R1#show ip ospf interface brief

neighbor 172.1.45.5 default-originate

R5#show ip bgp all summary

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

route-map EXTERNAS permit 10

R1#show ip ospf border-routers

route-map EXTERNAS permit 10

R1#sh ip route ospf

O E2 100.5.5.5 [110/1] via 10.1.1.4, 00:01:22, Serial1/0.1

R1#show ip ospf border-routers