Search

WELCOME ABOUT ME RESUME CCIE R&S CCIE SP CCIE SEC CCIE DC REACH ME

MOHAMMAD ZAHID STANIKZAI

TRIPLE CCIE RS, SP, SEC # 40010

MPLS BGP PE-CE Routing Protocol SUBSCRIBE WITH CCIE # 40010

Hey Folks, here we will discuss the interesting LAB of MPLS for implementation of BGP on the Your email:
Customer Site, or simple running BGP Protocol on customer site.
Enter email address...
Here we will see how BGP works on top of MP-BGP, and the Service Provider providing the
Connectivity for the Di erent Customers which are all running BGP.
Subscribe   Unsubscribe
We know that BGP version 4 (BGP4) is the current de facto Internet standard for inter-domain (AS)
exterior routing. In MPLS VPN networks, MP-BGP is used and plays a pivotal role in the transportation
of VPNv4 pre xes across the service provider network. In traditional environments, customer TAGS
networks prefer to use BGP in their networks and, therefore, use BGP as a PE-CE routing protocol
when migrating from a non-MPLS based to an MPLS VPN based network.
IPV6IP CELL-MODE MPLS #ASA SP SOUCE-
This helps the customer establish a consistent end-to-end routing policy. In an MPLS VPN network,
ACTIVE CCIE SECURITY #STANDBY NETWORK
BGP attributes for a VPN site are transparently transported across the service provider backbone to
another site in the same VPN. Because there is a single routing protocol used across the VPN between INTERLEAVING LDP VIRTUAL VPN VIRL
service provider core and customer sites, the concept of redistribution does not apply.
MSDP SECURITY IPV6 MULTILINK
BGP PE-CE peering in an MPLS VPN environment can be performed in two di erent ways: DATA CENTER TYPES OF DELAY NEXUS BGP #ISAKMP

BGP PE-CE VPN Sites implementing unique AS numbers #CCIE

MNEMONICS #GDOI DATA PLANE

BGP PE-CE VPN Sites implementing same AS numbers #SECURITY #CCIESEC #CISCO
#NETWORK #SECURITY #VPN
Let’s assume the following topology:
 #IPSEC #ENCRYPTION EXTENDED
COMMUNITY SP STUDY APPROACH #EZVPN CCIEDC
SWITCH TUNNEL QUEUING HEADERS #IKV2 BGP

COMMUNITY CISCO RP MPLS LABEL STACK

TRAFFIC ENGINEERING INTER-AS

TRACEROUTE ETHERCHANNEL MP-BGP PLAN

ARCHIVES

July 2017 (1)

March 2017 (1)

December 2016 (1)

November 2016 (1)

May 2016 (2)

January 2016 (1)

December 2015 (1)

September 2015 (1)

June 2014 (1)

May 2014 (1)

March 2014 (1)

January 2014 (4)

In the MPLS VPN network shown above, an MPLS VPN service provider plans to provision BGP PE-CE November 2013 (1)
routing protocol for two customers, Customers A and B. CE1-A and CE2-A are CE devices belonging to
Customer A located at Site 1 and Site 2, respectively. They are part of the same VPN, VPN-A. These CE October 2013 (1)
devices are connected to provider edge devices PE1-AS1 and PE2-AS1 in the service provider network.
September 2013 (4)
CE1-A belongs to AS 65001 and CE2-A belongs to AS 65002. For Customer B network, CE1-A and CE2-A
are the CE devices located at Site 1 and Site 2, respectively, and are part of the VPN, VPN-B. CE1-A and August 2013 (11)
CE2-A belong to AS 65001 and are connected to PE1-AS1 and PE2-AS1, respectively.

Implementing BGP PE-CE routing for the Customer A network is not an issue because the VPN sites
use unique AS numbers. However, Customer B plans on using the same AS number on its sites. This
causes an issue when migrating from a traditional non-MPLS based network topology, where the
customer might use the same AS numbers at all his sites, to an MPLS VPN-based infrastructure due to
the BGP loop prevention mechanism. The BGP loop prevention mechanism disallows customer sites
having identical AS numbers to be linked by another AS number. In other words, if such a case occurs,
routing updates from one site would be dropped when the other site receives them; therefore,
connectivity cannot be established between the sites without additional con guration on the SP PE
routers.

To resolve the loop from the same AS between sites we use AS Override command, the AS Override
functionality when identical AS numbers are used at customer sites. The AS Override function causes
all leading occurrences of the AS number of the receiving BGP router to be replaced with the AS
number of the sending BGP router. When AS Override is used, AS 65001 in the AS-PATH is replaced
with the AS number of the sending BGP router PE2-AS1, which is 1. Any other occurrences (further
down the AS-PATH) of the receiving router’s AS number are not replaced because they indicate a real
routing information loop. In addition, an extra copy of the sending router’s AS number is prepended to
the AS-PATH (standard AS number prepending procedure that occurs on every eBGP update) to
maintain proper AS hop count for proper BGP route selection. PE2-AS1 prepends AS 1 to BGP update.

Let’s jump to the Con guration part of this Lab:

The initial con guration is consist of the IP Address assignments as below:

The Con guration on the Customer Routers are only assignments of the IP Addresses, so let’s
con gure and enable the Routing Protocol over our Service Provider Network with the following
commands:

PE1-AS1(con g)#router eigrp 10

PE1-AS1(con g-router)#no au
PE1-AS1(con g-router)#network 10.10.10.0 0.0.0.3
PE1-AS1(con g-router)#network 10.10.10.101 0.0.0.0
PE1-AS1(con g-router)#exit

==

P1-AS1(con g)#router eigrp 10

P1-AS1(con g-router)#no au
P1-AS1(con g-router)#network 0.0.0.0 0.0.0.0
P1-AS1(con g-router)#exit
P1-AS1(con g)#
*Jan 22 10:28:27.265: %DUAL-5-NBRCHANGE: EIGRP-IPv4 10: Neighbor 10.10.10.1 (Serial1/1) is up: new
adjacency
P1-AS1(con g)#

( You can see above as soon as we enable the EIGRP Routing process the Neighborship is established )

==

PE2-AS1(con g)#router eigrp 10

PE2-AS1(con g-router)#no auto
PE2-AS1(con g-router)#network 10.10.10.0 0.0.0.255
PE2-AS1(con g-router)#network 10.
*Jan 22 10:32:05.480: %DUAL-5-NBRCHANGE: EIGRP-IPv4 10: Neighbor 10.10.10.6 (Serial1/0) is up: new
adjacency1
PE2-AS1(con g-router)#network 10.10.10.102 0.0.0.0
PE2-AS1(con g-router)#exit

—–

Now let’s enable MPLS over our Service Provider Network:

PE1-AS1(con g)#mpls ldp router-id loopback0

PE1-AS1(con g)#interface serial 1/0
PE1-AS1(con g-if)#mpls ip
PE1-AS1(con g-if)#exit

==

P1-AS1(con g)#mpls ldp router-id loopback0

P1-AS1(con g)#interface serial 1/1
P1-AS1(con g-if)#mpls ip
P1-AS1(con g-if)#exit
P1-AS1(con g)#int
*Jan 22 10:39:20.354: %LDP-5-NBRCHG: LDP Neighbor 10.10.10.101:0 (1) is UP
P1-AS1(con g)#interface serial 1/0
P1-AS1(con g-if)#mpls ip
P1-AS1(con g-if)#exit

( Above you can see that the MPLS neighbor between the PE1-AS1 and P1-AS1 is established )

==

PE2-AS1(con g)#mpls ldp router-id loopback0

PE2-AS1(con g)#interface serial 1/0
PE2-AS1(con g-if)#mpls ip
PE2-AS1(con g-if)#exit
PE2-AS1(con g)#
*Jan 22 10:40:27.754: %LDP-5-NBRCHG: LDP Neighbor 10.10.10.100:0 (1) is UP
PE2-AS1(con g)#

Now we will start the Con guration of VRFs on PE1-AS1:

The same VRFs also needs to be con gured on PE2-AS1 router as you can see below:
Now let’s move to the BGP Con guration on the PE routers of the Server Provider with the following of
these steps:

Con gure per VRF BGP routing context on PE routers

Con gure per VRF BGP routing contexts for Cust_A and Cust_B under the BGP routing process on PE1-
AS1 and PE2-AS1. below demonstrates the per VRF BGP con guration on PE1-AS1. Repeat the steps on
PE2-AS1. Note that the address-family IPv4 VRF contexts are seen by default in a router’s con guration
when relevant con gurations for forming MP-iBGP sessions are con gured on PE routers. In that case,
address-family ipv4 vrf vrf-name command under the BGP routing process is keyed in to enter a
particular VRF’s IPv4 address-family context so that further con gurations can be performed.

De ne and activate BGP CE neighbors

In this step, under the BGP VRF routing context created in Step 1, the remote BGP CE neighbors are
de ned on the PE routers and activated. below shows the con guration to de ne BGP CE neighbors
on the PE routers.
Now let’s see the CE part of the con gurations as below:
Now you can verify with the following commands:

Show ip bgp vpnv4 all summary

Show ip route vrf Cust-A bgp
Show ip route vrf Cust-B bgp
Show ip bgp vpnv4 all

Finally you can Ping end to end from CA-1 towards CA-2 and CB-1 towards CB-2:
 Note: Don’t forget to rst established the BGP Process in between the PE1-AS1 and PE2-AS1, which
also requires the enabling of the VPNv4 Routing Context.

Cheers,

Tweet Share Share 9

Follow

POSTS FOLLOW ME

New Journey CCIE DC!! #Afghanistan Cricket Team

Cisco ASA Dual Scenario Setup
CCIE SECURITY Journey
VPNs for CCIE Candidates
Basic Site-to-Site IPSec VPN
(Aggressive Mode)
should work to improve
pressure management and
also captain should manage team
work rathe… t.co/QmGYFhU0uu
Time ago 4 Hours via Twitterri c for Mac
Follow @mzstanikzai on twitter.

Copyright ©CCIE #40010