ieMentor CCIE™ Service Provider Workbook v1.0 | Lab16 Solutions: Advanced MPLS II Task 16.1: Task 16.2: These topics were covered in previous labs. Please refer back to ISIS labs’ solutions if you need a reminder. Task 16.3: Configure IGP in SP2 PE-CE: ♦ In PE4, configure PE4-CE6 protocol as OSPF area 0. PE4-RACK1(config)#ip vrf solaris PE4-RACK1(config-vrf)# rd 200:200 PE4-RACK1(config-vrf)# route-target export 200:200 PE4-RACK1(config-vrf)# route-target import 200:200 PE4-RACK1(config-vrf)#interface FastEthernet0/1.600 PE4-RACK1(config-subif)#description TO svi 3550-CE6 VPN SOLARIS SITE 2 PE4-RACK1(config-subif)#encapsulation dot1Q 600 PE4-RACK1(config-subif)#ip vrf forwarding solaris PE4-RACK1(config-subif)#ip address 172.16.60.4 255.255.255.0 PE4-RACK1(config-subif)#ip ospf message-digest-key 1 md5 iementor PE4-RACK1(config-subif)#ip ospf network point-to-point PE4-RACK1(config-subif)#no snmp trap link-status PE4-RACK1(config-subif)#router ospf 6 vrf solaris PE4-RACK1(config-router)# log-adjacency-changes detail PE4-RACK1(config-router)# area 0 authentication message-digest PE4-RACK1(config-router)# network 172.16.60.0 0.0.0.255 area 0 3550-CE6(config)#interface Vlan600 3550-CE6(config-if)# ip address 172.16.60.6 255.255.255.0 3550-CE6(config-if)# ip ospf message-digest-key 1 md5 iementor 3550-CE6(config-if)# ip ospf network point-to-point 3550-CE6(config-if)#router ospf 200 3550-CE6(config-router)# router-id 6.6.6.6 3550-CE6(config-router)# log-adjacency-changes detail 3550-CE6(config-router)# area 0 authentication message-digest 3550-CE6(config-router)# network 6.6.6.6 0.0.0.0 area 0 3550-CE6(config-router)# network 172.16.60.0 0.0.0.255 area 0 ♦ In PE4, configure PE4-BB3 protocol as BGP AS57. ♦ Secure routing protocol sessions. PE4-RACK1(config)#router bgp 65002 PE4-RACK1(config-router)# address-family ipv4 vrf green PE4-RACK1(config-router-af)# redistribute connected PE4-RACK1(config-router-af)# neighbor 172.16.30.3 remote-as 57 PE4-RACK1(config-router-af)# neighbor 172.16.30.3 password iem PE4-RACK1(config-router-af)# neighbor 172.16.30.3 activate PE4-RACK1(config-router-af)# no auto-summary 1 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab16 Solutions: Advanced MPLS II PE4-RACK1(config-router-af)# no synchronization PE4-RACK1(config-router-af)# exit-address-family BB3-RACK1(config)#router bgp 57 BB3-RACK1(config-router)# no synchronization BB3-RACK1(config-router)# bgp log-neighbor-changes BB3-RACK1(config-router)# neighbor 172.16.30.4 remote-as 65002 BB3-RACK1(config-router)# neighbor 172.16.30.4 password iem BB3-RACK1(config-router)# no auto-summary Task 16.4: Task 16.5: Advertise Loopbacks in BB3 in AS57. BB3-RACK1(config-router)# redistribute connected metric 2 Task 16.6: This example represents the same steps for PE1, PE2, and PE3. Exclude RR from the MPLS/LDP configuration because RR is not in data-path forwarding. PE4-RACK1(config)#ip cef PE4-RACK1(config)#mpls ip PE4-RACK1(config)#mpls ldp router-id loopback 0 PE4-RACK1(config)#int fastEthernet 0/0 PE4-RACK1(config-if)#mpls ip Enable only the interface facing the SP1 and SP2 core. MPLS/LDP between ASBRs will be handled by mBGP. ASBR2-RACK1(config)#int e 0/0 ASBR2-RACK1(config-if)#mpls ip Task 16.7: RR1-RACK1(config)#router bgp 65001 RR1-RACK1(config-router)#address-family vpnv4 RR1-RACK1(config-router-af)# neighbor ibgp route-reflector-client RR1-RACK1(config-router-af)# neighbor ibgp send-community extended RR1-RACK1(config-router-af)# neighbor 10.1.1.1 activate RR1-RACK1(config-router-af)# neighbor 10.1.1.2 activate RR1-RACK1(config-router-af)# neighbor 10.1.1.3 activate RR1-RACK1(config-router-af)# neighbor 10.1.1.100 activate RR1-RACK1(config-router-af)# neighbor 10.1.1.100 send-community extended RR1-RACK1(config-router-af)# exit-address-family To configure VPNv4 simply means removing all IPv4 peerings. 2 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab16 Solutions: Advanced MPLS II RR1-RACK1(config-router)#router bgp 65001 RR1-RACK1(config-router)#no address-family ipv4 Let’s verify. RR1-RACK1#sho ip bgp neighbors 10.1.1.100 BGP neighbor is 10.1.1.100, remote AS 100, external link BGP version 4, remote router ID 10.1.1.100 BGP state = Established, up for 09:15:06 Last read 00:00:07, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received(old & new) Address family IPv4 Unicast: received Å Needs to be disabled on all peering routers Address family VPNv4 Unicast: advertised and received ASBR1-RACK1(config-router)#router bgp 100 ASBR1-RACK1(config-router)#no address-family ipv4 *Mar 7 09:10:29.117: %BGP-5-ADJCHANGE: neighbor 10.1.1.100 Down Peer closed the ASBR1-RACK1#sho ip bgp neighbors 10.1.1.254 BGP neighbor is 10.1.1.254, remote AS 65001, external link BGP version 4, remote router ID 55.55.55.55 BGP state = Established, up for 00:00:18 Last read 00:00:18, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received(old & new) Address family VPNv4 Unicast: advertised and received Å correct output Template for all PEs: PE1-RACK1(config)#router bgp 65001 PE1-RACK1(config-router)# no synchronization PE1-RACK1(config-router)# bgp log-neighbor-changes PE1-RACK1(config-router)# neighbor 10.1.1.254 remote-as 65001 PE1-RACK1(config-router)# neighbor 10.1.1.254 update-source Loopback0 PE1-RACK1(config-router)# no auto-summary PE1-RACK1(config-router)# address-family vpnv4 PE1-RACK1(config-router-af)# neighbor 10.1.1.254 activate PE1-RACK1(config-router-af)# neighbor 10.1.1.254 send-community extended PE1-RACK1(config-router-af)# exit-address-family Task 16.8: ♦ Configure VPN Green site 1 PE-CE to PE2 in BGP AS57. 3 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab16 Solutions: Advanced MPLS II BB1-RACK1(config)#router bgp 57 BB1-RACK1(config-router)# no synchronization BB1-RACK1(config-router)# bgp log-neighbor-changes BB1-RACK1(config-router)# network 10.12.1.0 mask 255.255.255.0 BB1-RACK1(config-router)# redistribute connected metric 2 BB1-RACK1(config-router)# redistribute static metric 2 BB1-RACK1(config-router)# neighbor 10.12.1.2 remote-as 65001 BB1-RACK1(config-router)# neighbor 10.12.1.2 description to AS65001-SP1PE2 BB1-RACK1(config-router)# no auto-summary PE2-RACK1(config-router)#router bgp 65001 PE2-RACK1(config-router)# no synchronization PE2-RACK1(config-router)# bgp log-neighbor-changes PE2-RACK1(config-router)# network 22.22.22.0 mask 255.255.255.0 PE2-RACK1(config-router)# neighbor 10.1.1.254 remote-as 65001 PE2-RACK1(config-router)# neighbor 10.1.1.254 update-source Loopback0 PE2-RACK1(config-router)# no auto-summary PE2-RACK1(config-router)# address-family ipv4 vrf green PE2-RACK1(config-router-af)# redistribute connected PE2-RACK1(config-router-af)# redistribute static metric 2 PE2-RACK1(config-router-af)# neighbor 10.12.1.1 remote-as 57 PE2-RACK1(config-router-af)# neighbor 10.12.1.1 activate PE2-RACK1(config-router-af)# no auto-summary PE2-RACK1(config-router-af)# no synchronization PE2-RACK1(config-router-af)# exit-address-family ♦ Configure VPN Green site 2 PE-CE to PE2 in BGP AS8. CE8-RACK1(config)#router bgp 8 CE8-RACK1(config-router)# no synchronization CE8-RACK1(config-router)# bgp log-neighbor-changes CE8-RACK1(config-router)# network 8.8.8.0 mask 255.255.255.0 CE8-RACK1(config-router)# network 10.82.1.0 mask 255.255.255.0 CE8-RACK1(config-router)# neighbor 10.82.1.2 remote-as 65001 CE8-RACK1(config-router)# no auto-summary PE2-RACK1(config)#router bgp 65001 PE2-RACK1(config-router)# address-family vpnv4 PE2-RACK1(config-router-af)# neighbor 10.1.1.254 activate PE2-RACK1(config-router-af)# neighbor 10.1.1.254 send-community extended PE2-RACK1(config-router-af)# exit-address-family PE2-RACK1(config-router)# address-family ipv4 vrf green PE2-RACK1(config-router-af)# redistribute connected PE2-RACK1(config-router-af)# redistribute static metric 2 PE2-RACK1(config-router-af)# neighbor 10.12.1.1 remote-as 57 PE2-RACK1(config-router-af)# neighbor 10.12.1.1 activate PE2-RACK1(config-router-af)# neighbor 10.82.1.1 remote-as 8 PE2-RACK1(config-router-af)# neighbor 10.82.1.1 activate PE2-RACK1(config-router-af)# no auto-summary PE2-RACK1(config-router-af)# no synchronization PE2-RACK1(config-router-af)# exit-address-family 4 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab16 Solutions: Advanced MPLS II ♦ CORRECTION!!! Configure VPN Solaris site 1 PE-CE to PE3 in EIGRP. CE2-RACK1(config)#router eigrp 100 CE2-RACK1(config-router)# network 2.0.0.0 CE2-RACK1(config-router)# network 10.0.0.0 CE2-RACK1(config-router)# no auto-summary PE3-RACK1(config)#ip vrf solaris PE3-RACK1(config-vrf)# rd 200:200 PE3-RACK1(config-vrf)# route-target export 200:200 PE3-RACK1(config-vrf)# route-target import 200:200 PE3-RACK1(config-vrf)#router eigrp 100 PE3-RACK1(config-router)# auto-summary PE3-RACK1(config-router)# address-family ipv4 vrf solaris PE3-RACK1(config-router-af)# redistribute bgp 65001 metric 1500 500 255 255 1500 PE3-RACK1(config-router-af)# network 10.0.0.0 PE3-RACK1(config-router-af)# no auto-summary PE3-RACK1(config-router-af)# autonomous-system 100 PE3-RACK1(config-router-af)# exit-address-family PE3-RACK1(config-router)#router bgp 65001 PE3-RACK1(config-router)# no synchronization PE3-RACK1(config-router)# bgp log-neighbor-changes PE3-RACK1(config-router)# network 33.33.33.0 mask 255.255.255.0 PE3-RACK1(config-router)# neighbor 10.1.1.254 remote-as 65001 PE3-RACK1(config-router)# neighbor 10.1.1.254 update-source Loopback0 PE3-RACK1(config-router)# no auto-summary PE3-RACK1(config-router)# address-family vpnv4 PE3-RACK1(config-router-af)# neighbor 10.1.1.254 activate PE3-RACK1(config-router-af)# neighbor 10.1.1.254 send-community extended PE3-RACK1(config-router-af)# exit-address-family PE3-RACK1(config-router)# address-family ipv4 vrf solaris PE3-RACK1(config-router-af)# redistribute connected PE3-RACK1(config-router-af)# redistribute eigrp 100 metric 2 PE3-RACK1(config-router-af)# no auto-summary PE3-RACK1(config-router-af)# no synchronization PE3-RACK1(config-router-af)# exit-address-family Task 16.9: ♦ Configure all MPLS traffic flow over ASBR1 S0/0 to ASBR2 S0/0. ♦ Configure such that only MPLS traffic is allowed from ASBR1 to ASBR2. ♦ Configure SP1 and SP2 such that VPN Solaris site 2 can communicate with Solaris site 1. ♦ No IGP is allowed between ASBR1 and ASBR2. 5 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab16 Solutions: Advanced MPLS II ♦ MPLS must be dynamically enabled from ASBR1 to ASBR2. ♦ No static routes allowed. ♦ VPN Solaris site 1 (CE1) should ping site 2 (CE6). ♦ VPN Green site 3 (BB3) should ping VPN Green site 1 and VPN Green site 2. This task requires configuring ASBR1 and ASBR2 to support InterAS. This solution will show you how to activate Inter-AS and you will notice some challenges in PE1 router peering with ASBR1. 1st Step: RR1-RACK1(config)#router bgp 65001 RR1-RACK1(config-router)# no bgp default ipv4-unicast RR1-RACK1(config-router)# bgp log-neighbor-changes RR1-RACK1(config-router)# neighbor ibgp peer-group RR1-RACK1(config-router)# neighbor ibgp remote-as 65001 RR1-RACK1(config-router)# neighbor ibgp update-source Loopback0 RR1-RACK1(config-router)# neighbor 10.1.1.1 peer-group ibgp RR1-RACK1(config-router)# neighbor 10.1.1.2 peer-group ibgp RR1-RACK1(config-router)# neighbor 10.1.1.3 peer-group ibgp RR1-RACK1(config-router)# address-family vpnv4 RR1-RACK1(config-router-af)# neighbor ibgp route-reflector-client RR1-RACK1(config-router-af)# neighbor ibgp send-community extended RR1-RACK1(config-router-af)# neighbor 10.1.1.1 activate RR1-RACK1(config-router-af)# neighbor 10.1.1.2 activate RR1-RACK1(config-router-af)# neighbor 10.1.1.3 activate RR1-RACK1(config-router-af)# exit-address-family PE1-RACK1(config)#router bgp 65001 PE1-RACK1(config-router)# bgp log-neighbor-changes PE1-RACK1(config-router)# neighbor 10.1.1.100 remote-as 100 PE1-RACK1(config-router)# neighbor 10.1.1.100 ebgp-multihop 2 PE1-RACK1(config-router)# neighbor 10.1.1.100 update-source Loopback0 PE1-RACK1(config-router)# neighbor 10.1.1.254 remote-as 65001 PE1-RACK1(config-router)# neighbor 10.1.1.254 update-source Loopback0 PE1-RACK1(config-router)# neighbor 140.100.1.1 remote-as 1540 PE1-RACK1(config-router)# neighbor 140.100.1.1 description To BB2 PE1-RACK1(config-router)# neighbor 140.100.1.1 password iementor PE1-RACK1(config-router)# address-family vpnv4 PE1-RACK1(config-router-af)# neighbor 10.1.1.100 activate PE1-RACK1(config-router-af)# neighbor 10.1.1.100 send-community extended PE1-RACK1(config-router-af)# neighbor 10.1.1.254 activate PE1-RACK1(config-router-af)# neighbor 10.1.1.254 send-community extended PE1-RACK1(config-router-af)# exit-address-family 6 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab16 Solutions: Advanced MPLS II PE2-RACK1(config)#router bgp 65001 PE2-RACK1(config-router)# no bgp default ipv4-unicast PE2-RACK1(config-router)# bgp log-neighbor-changes PE2-RACK1(config-router)# neighbor 10.1.1.254 remote-as 65001 PE2-RACK1(config-router)# neighbor 10.1.1.254 update-source Loopback0 PE2-RACK1(config-router)# address-family vpnv4 PE2-RACK1(config-router-af)# neighbor 10.1.1.254 activate PE2-RACK1(config-router-af)# neighbor 10.1.1.254 send-community extended PE2-RACK1(config-router-af)# exit-address-family PE2-RACK1(config-router)# address-family ipv4 vrf green PE2-RACK1(config-router-af)# redistribute connected metric 2 PE2-RACK1(config-router-af)# redistribute static PE2-RACK1(config-router-af)# neighbor 10.12.1.1 remote-as 57 PE2-RACK1(config-router-af)# neighbor 10.12.1.1 activate PE2-RACK1(config-router-af)# neighbor 10.12.1.1 as-override PE2-RACK1(config-router-af)# neighbor 10.82.1.1 remote-as 8 PE2-RACK1(config-router-af)# neighbor 10.82.1.1 activate PE2-RACK1(config-router-af)# no auto-summary PE2-RACK1(config-router-af)# no synchronization PE2-RACK1(config-router-af)# exit-address-family PE3-RACK1(config)#router bgp 65001 PE3-RACK1(config-router)# no synchronization PE3-RACK1(config-router)# bgp log-neighbor-changes PE3-RACK1(config-router)# neighbor 10.1.1.254 remote-as 65001 PE3-RACK1(config-router)# neighbor 10.1.1.254 update-source Loopback0 PE3-RACK1(config-router)# no auto-summary PE3-RACK1(config-router)# address-family vpnv4 PE3-RACK1(config-router-af)# neighbor 10.1.1.254 activate PE3-RACK1(config-router-af)# neighbor 10.1.1.254 send-community extended PE3-RACK1(config-router-af)# exit-address-family PE3-RACK1(config-router)# address-family ipv4 vrf solaris PE3-RACK1(config-router-af)# redistribute connected metric 2 PE3-RACK1(config-router-af)# redistribute eigrp 100 metric 2 PE3-RACK1(config-router-af)# no auto-summary PE3-RACK1(config-router-af)# no synchronization PE3-RACK1(config-router-af)# exit-address-family PE4-RACK1(config)#router bgp 65002 PE4-RACK1(config-router)# no synchronization PE4-RACK1(config-router)# bgp log-neighbor-changes PE4-RACK1(config-router)# neighbor 10.1.1.200 remote-as 200 PE4-RACK1(config-router)# neighbor 10.1.1.200 ebgp-multihop 2 PE4-RACK1(config-router)# neighbor 10.1.1.200 update-source Loopback0 PE4-RACK1(config-router)# no auto-summary PE4-RACK1(config-router)# address-family vpnv4 PE4-RACK1(config-router-af)# neighbor 10.1.1.200 activate PE4-RACK1(config-router-af)# neighbor 10.1.1.200 send-community extended PE4-RACK1(config-router-af)# exit-address-family PE4-RACK1(config-router)# address-family ipv4 vrf solaris PE4-RACK1(config-router-af)# redistribute connected metric 2 7 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab16 Solutions: Advanced MPLS II PE4-RACK1(config-router-af)# redistribute ospf 6 metric 2 match internal external 1 external 2 PE4-RACK1(config-router-af)# no auto-summary PE4-RACK1(config-router-af)# no synchronization PE4-RACK1(config-router-af)# exit-address-family PE4-RACK1(config-router)# address-family ipv4 vrf green PE4-RACK1(config-router-af)# redistribute connected metric 2 PE4-RACK1(config-router-af)# neighbor 172.16.30.3 remote-as 57 PE4-RACK1(config-router-af)# neighbor 172.16.30.3 password iem PE4-RACK1(config-router-af)# neighbor 172.16.30.3 activate PE4-RACK1(config-router-af)# no auto-summary PE4-RACK1(config-router-af)# no synchronization PE4-RACK1(config-router-af)# exit-address-family ASBR1-RACK1(config)#router bgp 100 ASBR1-RACK1(config-router)# bgp router-id 10.1.1.100 ASBR1-RACK1(config-router)# no bgp default ipv4-unicast ASBR1-RACK1(config-router)# no bgp default route-target filter ASBR1-RACK1(config-router)# bgp log-neighbor-changes ASBR1-RACK1(config-router)# neighbor 10.1.1.1 remote-as 65001 ASBR1-RACK1(config-router)# neighbor 10.1.1.1 ebgp-multihop 2 ASBR1-RACK1(config-router)# neighbor 10.1.1.1 update-source Loopback0 ASBR1-RACK1(config-router)# neighbor 172.16.113.2 remote-as 200 ASBR1-RACK1(config-router)# address-family vpnv4 ASBR1-RACK1(config-router-af)# neighbor 10.1.1.1 activate ASBR1-RACK1(config-router-af)# neighbor 10.1.1.1 next-hop-self ASBR1-RACK1(config-router-af)# neighbor 10.1.1.1 send-community extended ASBR1-RACK1(config-router-af)# neighbor 172.16.113.2 activate ASBR1-RACK1(config-router-af)# neighbor 172.16.113.2 send-community extended ASBR1-RACK1(config-router-af)# exit-address-family ASBR2-RACK1(config)#router bgp 200 ASBR2-RACK1(config-router)# no bgp default ipv4-unicast ASBR2-RACK1(config-router)# no bgp default route-target filter ASBR2-RACK1(config-router)# bgp log-neighbor-changes ASBR2-RACK1(config-router)# neighbor 10.1.1.4 remote-as 65002 ASBR2-RACK1(config-router)# neighbor 10.1.1.4 ebgp-multihop 2 ASBR2-RACK1(config-router)# neighbor 10.1.1.4 update-source Loopback0 ASBR2-RACK1(config-router)# neighbor 172.16.113.1 remote-as 100 ASBR2-RACK1(config-router)# address-family vpnv4 ASBR2-RACK1(config-router-af)# neighbor 10.1.1.4 activate ASBR2-RACK1(config-router-af)# neighbor 10.1.1.4 next-hop-self ASBR2-RACK1(config-router-af)# neighbor 10.1.1.4 send-community extended ASBR2-RACK1(config-router-af)# neighbor 172.16.113.1 activate ASBR2-RACK1(config-router-af)# neighbor 172.16.113.1 send-community extended ASBR2-RACK1(config-router-af)# exit-address-family After peering PE1 and ASBR1 you will experience the problem receiving routes from SP2. 8 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab16 Solutions: Advanced MPLS II PE1-RACK1#sho ip bgp vpnv4 all summary BGP router identifier 11.11.11.11, local AS number 65001 BGP table version is 1, main routing table version 1 Neighbor 10.1.1.100 10.1.1.254 V AS MsgRcvd MsgSent 4 100 109 86 4 65001 164 87 TblVer 0 0 InQ OutQ Up/Down State/PfxRcd 0 0 00:00:05 0 0 0 00:00:18 0 ASBR1-RACK1#sho Neighbor 10.1.1.1 172.16.113.2 ip bgp vpnv4 all summary V AS MsgRcvd MsgSent 4 65001 138 170 4 200 196 244 TblVer 258 258 InQ OutQ Up/Down State/PfxRcd 0 0 00:00:31 0 0 0 00:32:32 19 This will cause the Route Reflector to not reflect any routes from SP2 because PE1 is rejecting all routes that arrived from SP2. Let’s debug and verify why this happens. PE1-RACK1#debug bgp events BGP events debugging is on PE1-RACK1#debug ip bgp updates BGP updates debugging is on PE1-RACK1#debug ip bgp updates BGP updates debugging is on Mar 1 01:00:51.761: BGP(2): 10.1.1.100 rcvd 100:100:7.7.7.0/24 -- DENIED due to: extended community not supported; *Mar 1 01:00:51.761: BGP(2): 10.1.1.100 rcvd 100:100:13.1.1.0/24 -DENIED due to: extended community not supported; *Mar 1 01:00:51.761: BGP(2): 10.1.1.100 rcvd 100:100:38.2.1.0/24 -DENIED due to: extended community not supported; *Mar 1 01:00:51.761: BGP(2): 10.1.1.100 rcvd 100:100:38.3.1.0/24 -DENIED due to: extended community not supported; *Mar 1 01:00:51.761: BGP(2): 10.1.1.100 rcvd 100:100:138.1.1.0/24 -DENIED due to: extended community not supported; *Mar 1 01:00:51.761: BGP(2): 10.1.1.100 rcvd 100:100:153.46.1.0/24 -DENIED due to: extended community not supported; *Mar 1 01:00:51.761: BGP(2): 10.1.1.100 rcvd 100:100:153.46.2.0/24 -DENIED due to: extended community not supported; *Mar 1 01:00:51.761: BGP(2): 10.1.1.100 rcvd 100:100:153.46.3.0/24 -DENIED due to: extended community not supported; *Mar 1 01:00:51.765: BGP(2): 10.1.1.100 rcvd 100:100:153.46.4.0/24 -DENIED due to: extended community not supported; *Mar 1 01:00:51.765: BGP(2): 10.1.1.100 rcvd 100:100:153.46.100.0/22 -DENIED due to: extended community not supported; *Mar 1 01:00:51.765: BGP(2): 10.1.1.100 rcvd 100:100:213.112.65.0/24 -DENIED due to: extended community not supported; *Mar 1 01:00:51.765: BGP(2): 10.1.1.100 rcvd 100:100:213.112.66.0/24 -DENIED due to: extended community not supported; *Mar 1 01:00:51.765: BGP(2): 10.1.1.100 rcvd 100:100:213.112.67.0/24 -DENIED due to: extended community not supported; *Mar 1 01:00:51.765: BGP(2): 10.1.1.100 rcvd 100:100:213.112.68.0/24 -DENIED due to: extended community not supported; 9 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab16 Solutions: Advanced MPLS II *Mar 1 01:00:51.765: BGP(2): 10.1.1.100 rcvd 100:100:213.112.69.0/24 -DENIED due to: extended community not supported; *Mar 1 01:00:51.765: BGP(2): 10.1.1.100 rcvd 100:100:213.112.70.0/24 -DENIED due to: extended community not supported; This means PE1 is rejecting all communities because PE1 is not participating in VPN Green and VPN Solaris. To resolve this issue, we must disable PE1 behavior from examining communities from other VPNs. PE1-RACK1(config-router)#no bgp default route-target filter PE1-RACK1#sho ip bgp vpnv4 all summary BGP router identifier 11.11.11.11, local AS number 65001 BGP table version is 1, main routing table version 1 Neighbor 10.1.1.100 10.1.1.254 V AS MsgRcvd MsgSent 4 100 123 98 4 65001 181 99 TblVer 1 1 InQ OutQ Up/Down State/PfxRcd 0 0 00:05:13 0 0 0 00:05:21 0 PE1-RACK1#clear ip bgp * *Mar 1 01:06:10.556: BGP: reset all neighbors due to User reset *Mar 1 01:06:10.556: BGPNSF state: 10.1.1.100 went from nsf_not_active to nsf_not_active *Mar 1 01:06:10.556: BGP: 10.1.1.100 went from Established to Idle *Mar 1 01:06:10.556: BGP: 10.1.1.100 reset due to User reset *Mar 1 01:06:10.556: %BGP-5-ADJCHANGE: neighbor 10.1.1.100 Down User reset *Mar 1 01:06:10.556: BGP: 10.1.1.100 closing *Mar 1 01:06:10.556: BGPNSF state: 10.1.1.254 went from nsf_not_active to nsf_not_active *Mar 1 01:06:10.556: BGP: 10.1.1.254 went from Established to Idle *Mar 1 01:06:10.556: BGP: 10.1.1.254 reset due to User reset *Mar 1 01:06:10.556: %BGP-5-ADJCHANGE: neighbor 10.1.1.254 Down User reset *Mar 1 01:06:10.556: BGP: 10.1.1.254 closing *Mar 1 01:06:10.560: BGPNSF state: 140.100.1.1 went from nsf_not_active to nsf_not_active *Mar 1 01:06:10.636: BGP: Performing BGP general scanning *Mar 1 01:06:10.636: BGP(0): scanning IPv4 Unicast routing tables *Mar 1 01:06:10.636: BGP(1): scanning IPv6 Unicast routing tables *Mar 1 01:06:10.636: BGP(2): scanning VPNv4 Unicast routing tables *Mar 1 01:06:10.636: BGP(3): scanning IPv4 Multicast routing tables *Mar 1 01:06:45.934: %BGP-5-ADJCHANGE: neighbor 10.1.1.100 Up *Mar 1 01:06:46.046: BGP(2): 10.1.1.100 rcvd UPDATE w/ attr: nexthop 10.1.1.100, origin ?, path 100 200 65002, extended community R T:200:200 OSPF DOMAIN ID:0x0005:0x000000060200 OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:172.16.60.4:0 *Mar 1 01:06:46.046: BGP(2): 10.1.1.100 rcvd 200:200:6.6.6.0/24 *Mar 1 01:06:46.046: BGP(2): 10.1.1.100 rcvd 200:200:172.16.60.0/24 *Mar 1 01:06:46.046: BGP(2): 10.1.1.100 rcvd UPDATE w/ attr: nexthop 10.1.1.100, origin ?, path 100 200 65002, extended community R T:100:100 *Mar 1 01:06:46.046: BGP(2): 10.1.1.100 rcvd 100:100:172.16.30.0/24 *Mar 1 01:06:46.050: BGP(2): 10.1.1.100 rcvd UPDATE w/ attr: nexthop 10.1.1.100, origin ?, path 100 200 65002 57, extended communit y RT:100:100 10 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar *Mar 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 01:06:46.050: 01:06:46.050: 01:06:46.050: 01:06:46.050: 01:06:46.050: 01:06:46.050: 01:06:46.050: 01:06:46.054: 01:06:46.054: 01:06:46.054: 01:06:46.054: 01:06:46.054: 01:06:46.054: 01:06:46.054: 01:06:46.054: 01:06:46.058: 01:06:55.666: | Lab16 Solutions: Advanced MPLS II BGP(2): 10.1.1.100 rcvd 100:100:7.7.7.0/24 BGP(2): 10.1.1.100 rcvd 100:100:13.1.1.0/24 BGP(2): 10.1.1.100 rcvd 100:100:38.2.1.0/24 BGP(2): 10.1.1.100 rcvd 100:100:38.3.1.0/24 BGP(2): 10.1.1.100 rcvd 100:100:138.1.1.0/24 BGP(2): 10.1.1.100 rcvd 100:100:153.46.1.0/24 BGP(2): 10.1.1.100 rcvd 100:100:153.46.2.0/24 BGP(2): 10.1.1.100 rcvd 100:100:153.46.3.0/24 BGP(2): 10.1.1.100 rcvd 100:100:153.46.4.0/24 BGP(2): 10.1.1.100 rcvd 100:100:153.46.100.0/22 BGP(2): 10.1.1.100 rcvd 100:100:213.112.65.0/24 BGP(2): 10.1.1.100 rcvd 100:100:213.112.66.0/24 BGP(2): 10.1.1.100 rcvd 100:100:213.112.67.0/24 BGP(2): 10.1.1.100 rcvd 100:100:213.112.68.0/24 BGP(2): 10.1.1.100 rcvd 100:100:213.112.69.0/24 BGP(2): 10.1.1.100 rcvd 100:100:213.112.70.0/24 BGP: Import timer expired. Walking from 1 to 1 PE1-RACK1#sho ip bgp vpnv4 all summary Neighbor V AS MsgRcvd MsgSent 10.1.1.100 4 100 130 101 10.1.1.254 4 65001 191 102 TblVer 0 0 InQ OutQ Up/Down State/PfxRcd 0 0 00:00:30 19 0 0 00:00:37 22 CE2-RACK1#ping 6.6.6.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms BB3-RACK1#sho ip route bg 8.0.0.0/24 is subnetted, 1 subnets B 8.8.8.0 [20/0] via 172.16.30.4, 00:01:35 10.0.0.0/24 is subnetted, 2 subnets B 10.12.1.0 [20/0] via 172.16.30.4, 00:01:35 B 10.82.1.0 [20/0] via 172.16.30.4, 00:01:35 Routes from BB1 are missing. The issue is related to the same AS57 on each side. The same rule applies even if you use Inter-AS – Inter-AS will carry over the same AS from SP1 to SP2. PE4-RACK1(config-router-af)#neighbor 172.16.30.3 as-override *Mar 1 00:47:53.471: %BGP-5-ADJCHANGE: neighbor 172.16.30.3 vpn vrf green Down AS-override change Verify ASBR’s label mapping. ASBR1-RACK1#sho ip bgp vpnv4 all labels Network Next Hop In label/Out label Route Distinguisher: 100:100 5.5.5.0/24 10.1.1.1 40/42 7.7.7.0/24 172.16.113.2 84/59 11 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 8.1.1.0/24 10.1.1.1 8.8.8.0/24 10.1.1.1 10.12.1.0/24 10.1.1.1 10.82.1.0/24 10.1.1.1 12.1.1.0/24 10.1.1.1 13.1.1.0/24 172.16.113.2 18.2.1.0/24 10.1.1.1 28.3.1.0/24 10.1.1.1 38.1.1.0/24 10.1.1.1 38.2.1.0/24 172.16.113.2 38.3.1.0/24 172.16.113.2 138.1.1.0/24 172.16.113.2 153.46.1.0/24 172.16.113.2 153.46.2.0/24 172.16.113.2 153.46.3.0/24 172.16.113.2 153.46.4.0/24 172.16.113.2 153.46.100.0/22 172.16.113.2 156.46.1.0/24 10.1.1.1 156.46.2.0/24 10.1.1.1 156.46.3.0/24 10.1.1.1 156.46.4.0/24 10.1.1.1 156.46.100.0/22 10.1.1.1 172.16.30.0/24 172.16.113.2 209.112.65.0 10.1.1.1 209.112.66.0 10.1.1.1 209.112.67.0 10.1.1.1 209.112.68.0 10.1.1.1 209.112.69.0 10.1.1.1 209.112.70.0 10.1.1.1 213.112.65.0 172.16.113.2 213.112.66.0 172.16.113.2 213.112.67.0 172.16.113.2 213.112.68.0 172.16.113.2 213.112.69.0 172.16.113.2 213.112.70.0 172.16.113.2 Route Distinguisher: 200:200 2.2.2.0/24 10.1.1.1 6.6.6.0/24 172.16.113.2 10.23.1.0/24 10.1.1.1 172.16.60.0/24 172.16.113.2 | Lab16 Solutions: Advanced MPLS II 41/43 30/44 31/45 36/46 42/47 85/60 43/48 44/49 45/50 86/61 87/62 88/63 89/64 90/65 91/66 92/67 93/68 46/51 47/52 48/53 49/54 50/55 22/18 51/56 52/57 81/58 82/59 83/60 37/61 94/69 95/70 96/71 97/72 98/73 99/74 38/62 63/19 39/63 64/20 ASBR2-RACK1#sho ip bgp vpnv4 all labels Network Next Hop In label/Out label Route Distinguisher: 100:100 5.5.5.0/24 172.16.113.1 43/40 7.7.7.0/24 10.1.1.4 59/36 8.1.1.0/24 172.16.113.1 44/41 8.8.8.0/24 172.16.113.1 37/30 10.12.1.0/24 172.16.113.1 38/31 10.82.1.0/24 172.16.113.1 39/36 12.1.1.0/24 172.16.113.1 45/42 13.1.1.0/24 10.1.1.4 60/37 18.2.1.0/24 172.16.113.1 46/43 28.3.1.0/24 172.16.113.1 47/44 12 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 38.1.1.0/24 172.16.113.1 38.2.1.0/24 10.1.1.4 38.3.1.0/24 10.1.1.4 138.1.1.0/24 10.1.1.4 153.46.1.0/24 10.1.1.4 153.46.2.0/24 10.1.1.4 153.46.3.0/24 10.1.1.4 153.46.4.0/24 10.1.1.4 153.46.100.0/22 10.1.1.4 156.46.1.0/24 172.16.113.1 156.46.2.0/24 172.16.113.1 156.46.3.0/24 172.16.113.1 156.46.4.0/24 172.16.113.1 156.46.100.0/22 172.16.113.1 172.16.30.0/24 10.1.1.4 209.112.65.0 172.16.113.1 209.112.66.0 172.16.113.1 209.112.67.0 172.16.113.1 209.112.68.0 172.16.113.1 209.112.69.0 172.16.113.1 209.112.70.0 172.16.113.1 213.112.65.0 10.1.1.4 213.112.66.0 10.1.1.4 213.112.67.0 10.1.1.4 213.112.68.0 10.1.1.4 213.112.69.0 10.1.1.4 213.112.70.0 10.1.1.4 Route Distinguisher: 200:200 2.2.2.0/24 172.16.113.1 6.6.6.0/24 10.1.1.4 10.23.1.0/24 172.16.113.1 172.16.60.0/24 10.1.1.4 | Lab16 Solutions: Advanced MPLS II 48/45 61/38 62/39 63/40 64/41 65/42 66/43 67/44 68/45 49/46 50/47 51/48 52/49 53/50 18/27 54/51 55/52 56/81 57/82 58/83 40/37 69/46 70/47 71/48 72/49 73/50 74/51 41/38 19/34 42/39 20/35 BB3-RACK1#sho ip route bg 18.0.0.0/24 is subnetted, 1 subnets B 18.2.1.0 [20/0] via 172.16.30.4, 00:00:05 38.0.0.0/24 is subnetted, 3 subnets B 38.1.1.0 [20/0] via 172.16.30.4, 00:00:05 5.0.0.0/24 is subnetted, 1 subnets B 5.5.5.0 [20/0] via 172.16.30.4, 00:00:05 156.46.0.0/16 is variably subnetted, 5 subnets, 2 masks B 156.46.2.0/24 [20/0] via 172.16.30.4, 00:00:05 B 156.46.3.0/24 [20/0] via 172.16.30.4, 00:00:05 B 156.46.1.0/24 [20/0] via 172.16.30.4, 00:00:05 B 156.46.4.0/24 [20/0] via 172.16.30.4, 00:00:05 B 156.46.100.0/22 [20/0] via 172.16.30.4, 00:00:05 8.0.0.0/24 is subnetted, 2 subnets B 8.8.8.0 [20/0] via 172.16.30.4, 00:00:05 B 8.1.1.0 [20/0] via 172.16.30.4, 00:00:05 B 209.112.65.0/24 [20/0] via 172.16.30.4, 00:00:05 B 209.112.66.0/24 [20/0] via 172.16.30.4, 00:00:05 10.0.0.0/24 is subnetted, 2 subnets B 10.12.1.0 [20/0] via 172.16.30.4, 00:00:05 B 10.82.1.0 [20/0] via 172.16.30.4, 00:00:05 13 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 B B B B B B | Lab16 Solutions: Advanced MPLS II 209.112.67.0/24 [20/0] via 172.16.30.4, 00:00:05 209.112.68.0/24 [20/0] via 172.16.30.4, 00:00:05 12.0.0.0/24 is subnetted, 1 subnets 12.1.1.0 [20/0] via 172.16.30.4, 00:00:05 209.112.69.0/24 [20/0] via 172.16.30.4, 00:00:05 28.0.0.0/24 is subnetted, 1 subnets 28.3.1.0 [20/0] via 172.16.30.4, 00:00:05 209.112.70.0/24 [20/0] via 172.16.30.4, 00:00:05 BB3-RACK1#ping 5.5.5.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/7/8 ms ASBR1-RACK1#sho mpls interfaces Interface IP Serial0/0 Yes (ldp) Serial0/1 Yes (ldp) Serial0/2 Yes (ldp) Tunnel No No No Operational Yes Yes Yes As you can see, Inter-AS will dynamically bring LDP per interface using BGP. ASBR1-RACK1#sho mpls forwarding-table Local Outgoing Prefix Bytes tag tag tag or VC or Tunnel Id switched 16 40 140.100.2.2/32 0 17 Pop tag 140.100.2.0/24 0 18 34 172.16.30.0/24 0 19 38 172.16.20.0/24 0 20 Pop tag 172.16.12.0/24 0 21 Pop tag 172.16.13.0/24 0 22 18 100:100:172.16.30.0/24 \ 1080 23 36 10.1.1.3/32 0 24 Pop tag 10.1.1.1/32 0 25 39 10.1.1.254/32 0 26 35 192.168.2.0/24 0 27 Pop tag 172.16.113.2/32 0 28 16 18.2.2.0/24 0 29 17 3.3.3.0/24 0 30 44 100:100:8.8.8.0/24 \ 0 31 45 100:100:10.12.1.0/24 \ 0 32 18 38.2.1.0/24 0 33 30 140.100.1.0/24 0 34 19 157.46.3.0/24 0 35 20 157.46.2.0/24 0 36 46 100:100:10.82.1.0/24 \ 0 14 Outgoing interface Se0/2 Se0/2 Se0/2 Se0/2 Se0/2 Se0/2 Next Hop Se0/0 Se0/2 Se0/2 Se0/2 Se0/2 Se0/0 Se0/2 Se0/2 point2point 172.16.222.1 172.16.222.1 172.16.222.1 172.16.222.1 point2point 172.16.222.1 172.16.222.1 Se0/2 172.16.222.1 Se0/2 Se0/2 Se0/2 Se0/2 Se0/2 172.16.222.1 172.16.222.1 172.16.222.1 172.16.222.1 172.16.222.1 Se0/2 172.16.222.1 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. 172.16.222.1 172.16.222.1 172.16.222.1 172.16.222.1 172.16.222.1 172.16.222.1 ieMentor CCIE™ Service Provider Workbook v1.0 15 37 61 38 62 39 63 40 42 41 43 42 47 43 48 44 49 45 50 46 51 47 52 48 53 49 54 50 55 51 56 52 57 53 54 55 56 57 58 59 60 61 62 63 21 22 23 24 25 26 27 28 29 41 19 64 20 81 58 82 59 83 60 84 59 85 60 | Lab16 Solutions: Advanced MPLS II 100:100:209.112.70.0/24 \ 0 200:200:2.2.2.0/24 \ 0 200:200:10.23.1.0/24 \ 540 100:100:5.5.5.0/24 \ 540 100:100:8.1.1.0/24 \ 0 100:100:12.1.1.0/24 \ 0 100:100:18.2.1.0/24 \ 0 100:100:28.3.1.0/24 \ 0 100:100:38.1.1.0/24 \ 0 100:100:156.46.1.0/24 \ 0 100:100:156.46.2.0/24 \ 0 100:100:156.46.3.0/24 \ 0 100:100:156.46.4.0/24 \ 0 100:100:156.46.100.0/22 \ 0 100:100:209.112.65.0/24 \ 0 100:100:209.112.66.0/24 \ 0 157.46.1.0/24 0 157.46.4.0/22 0 8.2.1.0/24 0 210.112.4.0/24 0 210.112.3.0/24 0 12.2.1.0/24 0 210.112.2.0/24 0 28.3.2.0/24 0 210.112.1.0/24 0 10.1.1.2/32 0 200:200:6.6.6.0/24 \ 1620 200:200:172.16.60.0/24 \ 1080 100:100:209.112.67.0/24 \ 0 100:100:209.112.68.0/24 \ 0 100:100:209.112.69.0/24 \ 0 100:100:7.7.7.0/24 \ 0 100:100:13.1.1.0/24 \ Se0/2 172.16.222.1 Se0/2 172.16.222.1 Se0/2 172.16.222.1 Se0/2 172.16.222.1 Se0/2 172.16.222.1 Se0/2 172.16.222.1 Se0/2 172.16.222.1 Se0/2 172.16.222.1 Se0/2 172.16.222.1 Se0/2 172.16.222.1 Se0/2 172.16.222.1 Se0/2 172.16.222.1 Se0/2 172.16.222.1 Se0/2 172.16.222.1 Se0/2 172.16.222.1 Se0/2 Se0/2 Se0/2 Se0/2 Se0/2 Se0/2 Se0/2 Se0/2 Se0/2 Se0/2 Se0/2 172.16.222.1 172.16.222.1 172.16.222.1 172.16.222.1 172.16.222.1 172.16.222.1 172.16.222.1 172.16.222.1 172.16.222.1 172.16.222.1 172.16.222.1 Se0/0 point2point Se0/0 point2point Se0/2 172.16.222.1 Se0/2 172.16.222.1 Se0/2 172.16.222.1 Se0/0 point2point This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 86 61 87 62 88 63 89 64 90 65 91 66 92 67 93 68 94 69 95 70 96 71 97 72 98 73 99 74 | Lab16 Solutions: Advanced MPLS II 0 100:100:38.2.1.0/24 \ 0 100:100:38.3.1.0/24 \ 0 100:100:138.1.1.0/24 \ 0 100:100:153.46.1.0/24 \ 0 100:100:153.46.2.0/24 \ 0 100:100:153.46.3.0/24 \ 0 100:100:153.46.4.0/24 \ 0 100:100:153.46.100.0/22 0 100:100:213.112.65.0/24 0 100:100:213.112.66.0/24 0 100:100:213.112.67.0/24 0 100:100:213.112.68.0/24 0 100:100:213.112.69.0/24 0 100:100:213.112.70.0/24 0 Se0/0 point2point Se0/0 point2point Se0/0 point2point Se0/0 point2point Se0/0 point2point Se0/0 point2point Se0/0 point2point Se0/0 point2point Se0/0 point2point Se0/0 point2point Se0/0 point2point Se0/0 point2point Se0/0 point2point Se0/0 point2point Se0/0 point2point \ \ \ \ \ \ \ Task 16.10: ♦ Configure CsC on CE8 for SP1 to run over OSPF in area 0. ♦ Configure Csc on CE1 for SP2 to run over OSPF in area 0. ♦ Configure appropriate Loopbacks to meet the CsC requirements. ♦ Configure PE2 in 65001. ♦ Configure PE3 in 65001. ♦ Inject OSPF from CsC CEs in to CsC BGP 65001 cloud. ♦ Verify that CE8 is able to ping the CE2 Loopback and vise-versa. ♦ Prepare CsC-PE2 to CsC-CE8 and CsC-PE3 to CsC-CE2 to support MPLS/VPN over the CsC cloud. 16 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab16 Solutions: Advanced MPLS II Make sure to utilize the /32 Loopbacks. Otherwise, the solution will not work. hostname CE8-RACK1 ! ip cef no ip domain lookup mpls label protocol ldp ! interface Loopback0 ip address 8.8.8.8 255.255.255.255 ! interface Loopback1 ip address 88.88.88.1 255.255.255.252 ! interface FastEthernet0/0 description to PE2 - VLAN 82 ip address 10.82.1.1 255.255.255.0 speed 100 full-duplex tag-switching ip ! interface FastEthernet0/1 description to BB3 Back-To-Back Backup Link ip address 192.168.100.8 255.255.255.0 speed 100 full-duplex ! router ospf 200 log-adjacency-changes detail redistribute connected subnets network 10.82.1.0 0.0.0.255 area 0 CE8-RACK1#sho ip ospf neighbor Neighbor ID 12.12.12.12 Pri 1 State FULL/BDR CE8-RACK1#sho mpls interfaces Interface IP FastEthernet0/0 Yes (ldp) Dead Time 00:00:30 Tunnel No CE8-RACK1# sho mpls forwarding-table Local Outgoing Prefix tag tag or VC or Tunnel Id 16 36 12.12.12.12/32 17 32 10.23.1.0/24 18 33 11.11.11.11/32 19 31 2.2.2.2/32 Address 10.82.1.2 Operational Yes Bytes tag switched 0 0 0 0 Outgoing interface Fa0/0 Fa0/0 Fa0/0 Fa0/0 CE8-RACK1#sho mpls ldp discovery detail Local LDP Identifier: 17 Interface FastEthernet0/0 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. Next Hop 10.82.1.2 10.82.1.2 10.82.1.2 10.82.1.2 ieMentor CCIE™ Service Provider Workbook v1.0 | Lab16 Solutions: Advanced MPLS II 88.88.88.1:0 Discovery Sources: Interfaces: FastEthernet0/0 (ldp): xmit/recv Hello interval: 5000 ms; Transport IP addr: 88.88.88.1 LDP Id: 12.12.12.12:0 Src IP addr: 10.82.1.2; Transport IP addr: 12.12.12.12 Hold time: 15 sec; Proposed local/peer: 15/15 sec Reachable via 12.12.12.12/32 hostname PE2-RACK1 ip cef no ip domain lookup ip vrf vpn1 rd 100:0 route-target export 100:0 route-target import 100:0 ! mpls label protocol ldp mpls ldp loop-detection tag-switching tdp router-id Loopback0 ! interface Loopback0 ip address 10.1.1.2 255.255.255.255 ip pim sparse-dense-mode ! interface Loopback19 ip vrf forwarding vpn1 ip address 12.12.12.12 255.255.255.255 ! interface Loopback22 description BGP Loopback ip address 22.22.22.22 255.255.255.0 ! interface Ethernet0/0 no ip address half-duplex ! interface Ethernet0/0.20 description to RR - VLAN 20 encapsulation dot1Q 20 ip address 172.16.20.2 255.255.255.0 ip router isis shutdown no snmp trap link-status isis circuit-type level-1 ! interface Ethernet0/0.21 description to PE1 - VLAN 21 encapsulation dot1Q 21 ip address 172.16.12.2 255.255.255.0 ip router isis ip pim sparse-dense-mode 18 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab16 Solutions: Advanced MPLS II shutdown no snmp trap link-status isis circuit-type level-1 isis network point-to-point isis csnp-interval 10 ! interface Ethernet0/0.82 description to CE8 -VLAN 82 VPN Green Site 2 encapsulation dot1Q 82 ip vrf forwarding vpn1 ip address 10.82.1.2 255.255.255.0 mpls label protocol ldp tag-switching ip no snmp trap link-status ! interface Ethernet0/0.123 description to PE3 - VLAN 123 encapsulation dot1Q 123 ip address 172.16.123.2 255.255.255.0 ip router isis mpls label protocol ldp tag-switching ip no snmp trap link-status isis circuit-type level-2-only ! interface Ethernet0/0.200 ! interface Ethernet0/1 description to BB1-RACK1 ip address 10.12.1.2 255.255.255.0 ip policy route-map unicast-routes full-duplex ! router ospf 200 vrf vpn1 log-adjacency-changes detail redistribute bgp 100 metric-type 1 subnets network 10.82.1.0 0.0.0.255 area 0 network 12.12.12.12 0.0.0.0 area 0 ! router isis net 48.0000.0001.0001.00 area-password iementor log-adjacency-changes all redistribute isis ip level-2 into level-1 distribute-list 100 passive-interface Loopback0 ! router bgp 100 bgp log-neighbor-changes neighbor 172.16.123.3 remote-as 100 ! address-family ipv4 neighbor 172.16.123.3 activate neighbor 172.16.123.3 send-community extended no auto-summary no synchronization 19 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab16 Solutions: Advanced MPLS II exit-address-family ! address-family vpnv4 neighbor 172.16.123.3 activate neighbor 172.16.123.3 send-community extended exit-address-family ! address-family ipv4 vrf vpn1 redistribute connected redistribute ospf 200 match internal external 1 external 2 no auto-summary no synchronization exit-address-family PE2-RACK1#sho ip ospf neighbor Neighbor ID 88.88.88.1 Pri 1 State FULL/DR Dead Time 00:00:33 Address 10.82.1.1 Interface Ethernet0/0.82 PE2-RACK1#sho mpls ldp discovery vrf vpn1 detail Local LDP Identifier: 12.12.12.12:0 Discovery Sources: Interfaces: Ethernet0/0.82 (ldp): xmit/recv Hello interval: 5000 ms; Transport IP addr: 12.12.12.12 LDP Id: 88.88.88.1:0; no host route to transport addr Src IP addr: 10.82.1.1; Transport IP addr: 88.88.88.1 Hold time: 15 sec; Proposed local/peer: 15/15 sec Reachable via 88.88.88.0/30 PE2-RACK1#sho mpls ldp discovery Local LDP Identifier: 10.1.1.2:0 Discovery Sources: Interfaces: Ethernet0/0.123 (ldp): xmit/recv LDP Id: 10.1.1.3:0 PE2-RACK1#sho mpls interfaces Interface IP Ethernet0/0.123 Yes (ldp) Tunnel No Operational Yes PE2-RACK1#sho mpls interfaces vrf vpn1 de VRF vpn1: Interface Ethernet0/0.82: IP labeling enabled (ldp) LSP Tunnel labeling not enabled BGP tagging not enabled Tagging operational Fast Switching Vectors: 20 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab16 Solutions: Advanced MPLS II IP to MPLS Fast Feature Switching Vector MPLS Feature Vector MTU = 1500 PE2-RACK1#sho mpls Local Outgoing tag tag or VC 19 Pop tag 31 16 32 17 33 19 34 Pop tag 35 Aggregate 36 Aggregate 37 Pop tag 38 Pop tag forwarding-table Prefix Bytes tag or Tunnel Id switched 10.1.1.3/32 0 2.2.2.2/32[V] 5816 10.23.1.0/24[V] 610 11.11.11.11/32[V] 0 8.8.8.8/32[V] 590 10.82.1.0/24[V] 7532 12.12.12.12/32[V] 4252 88.88.88.0/30[V] 0 192.168.100.0/24[V] \ 0 Outgoing interface Et0/0.123 Et0/0.123 Et0/0.123 Et0/0.123 Et0/0.82 Next Hop Et0/0.82 10.82.1.1 Et0/0.82 10.82.1.1 172.16.123.3 172.16.123.3 172.16.123.3 172.16.123.3 10.82.1.1 PE2-RACK1#sho ip bgp vpnv4 all summary BGP router identifier 22.22.22.22, local AS number 100 BGP table version is 17, main routing table version 17 8 network entries using 968 bytes of memory 8 path entries using 512 bytes of memory 4 BGP path attribute entries using 240 bytes of memory 4 BGP extended community entries using 160 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 1880 total bytes of memory BGP activity 21/13 prefixes, 22/14 paths, scan interval 15 secs Neighbor 172.16.123.3 V 4 AS MsgRcvd MsgSent 100 108 111 TblVer 17 InQ OutQ Up/Down State/PfxRcd 0 0 00:33:49 3 PE2-RACK1#sho ip route vrf vpn1 Routing Table: vpn1 Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 2.0.0.0/32 is subnetted, 1 subnets 2.2.2.2 [200/20] via 172.16.123.3, 00:33:44 8.0.0.0/32 is subnetted, 1 subnets O E2 8.8.8.8 [110/20] via 10.82.1.1, 00:36:07, Ethernet0/0.82 10.0.0.0/24 is subnetted, 2 subnets B 10.23.1.0 [200/0] via 172.16.123.3, 00:33:44 B 21 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab16 Solutions: Advanced MPLS II C 10.82.1.0 is directly connected, Ethernet0/0.82 11.0.0.0/32 is subnetted, 1 subnets B 11.11.11.11 [200/0] via 172.16.123.3, 00:33:44 12.0.0.0/32 is subnetted, 1 subnets C 12.12.12.12 is directly connected, Loopback19 88.0.0.0/30 is subnetted, 1 subnets O E2 88.88.88.0 [110/20] via 10.82.1.1, 00:37:54, Ethernet0/0.82 O E2 192.168.100.0/24 [110/20] via 10.82.1.1, 00:37:54, Ethernet0/0.82 PE2-RACK1#sho ip bgp vpnv4 vrf vpn1 BGP table version is 17, local router ID is 22.22.22.22 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:0 (default for vrf vpn1) *>i2.2.2.2/32 172.16.123.3 20 100 0 ? *> 8.8.8.8/32 10.82.1.1 20 32768 ? *>i10.23.1.0/24 172.16.123.3 0 100 0 ? *> 10.82.1.0/24 0.0.0.0 0 32768 ? *>i11.11.11.11/32 172.16.123.3 0 100 0 ? *> 12.12.12.12/32 0.0.0.0 0 32768 ? *> 88.88.88.0/30 10.82.1.1 20 32768 ? *> 192.168.100.0 10.82.1.1 20 32768 ? PE2-RACK1#sho ip bgp vpnv4 vrf vpn1 labels Network Next Hop In label/Out label Route Distinguisher: 100:0 (vpn1) 2.2.2.2/32 172.16.123.3 31/16 8.8.8.8/32 10.82.1.1 34/nolabel 10.23.1.0/24 172.16.123.3 32/17 10.82.1.0/24 0.0.0.0 35/aggregate(vpn1) 11.11.11.11/32 172.16.123.3 33/19 12.12.12.12/32 0.0.0.0 36/aggregate(vpn1) 88.88.88.0/30 10.82.1.1 37/nolabel 192.168.100.0 10.82.1.1 38/nolabel hostname PE3-RACK1 ! ip cef no ip domain lookup ip vrf vpn1 rd 100:0 route-target export 100:0 route-target import 100:0 ! mpls label protocol ldp mpls ldp loop-detection tag-switching tdp router-id Loopback0 ! interface Loopback0 22 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab16 Solutions: Advanced MPLS II ip address 10.1.1.3 255.255.255.255 ip ospf network point-to-point ! interface Loopback11 ip vrf forwarding vpn1 ip address 11.11.11.11 255.255.255.255 ! interface Loopback33 description BGP Loopback ip address 33.33.33.33 255.255.255.0 ! interface Ethernet0/0 no ip address half-duplex ! interface Ethernet0/0.13 description to CE1 - VLAN 13 encapsulation dot1Q 13 ip address 10.13.1.3 255.255.255.0 no snmp trap link-status ! interface Ethernet0/0.23 description to CE2 - VLAN 23 encapsulation dot1Q 23 ip vrf forwarding vpn1 ip address 10.23.1.3 255.255.255.0 tag-switching ip no snmp trap link-status ! interface Ethernet0/0.30 description to RR - VLAN 30 encapsulation dot1Q 30 ip address 172.16.30.3 255.255.255.0 ip router isis shutdown no snmp trap link-status isis circuit-type level-1 ! interface Ethernet0/0.31 description to PE1 - VLAN 31 encapsulation dot1Q 31 ip address 172.16.13.3 255.255.255.0 ip router isis shutdown tag-switching ip no snmp trap link-status isis circuit-type level-1 isis network point-to-point isis csnp-interval 10 ! interface Ethernet0/0.123 description to PE2 - VLAN 123 encapsulation dot1Q 123 ip address 172.16.123.3 255.255.255.0 ip router isis 23 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab16 Solutions: Advanced MPLS II tag-switching ip no snmp trap link-status isis circuit-type level-2-only ! interface Ethernet0/1 no ip address half-duplex ! router ospf 200 vrf vpn1 log-adjacency-changes detail redistribute bgp 100 metric-type 1 subnets network 10.23.1.0 0.0.0.255 area 0 network 11.11.11.11 0.0.0.0 area 0 ! router isis net 48.0000.0003.0003.00 area-password iementor log-adjacency-changes all redistribute isis ip level-2 into level-1 distribute-list 100 passive-interface Loopback0 ! router bgp 100 bgp log-neighbor-changes neighbor 172.16.123.2 remote-as 100 ! address-family ipv4 neighbor 172.16.123.2 activate neighbor 172.16.123.2 send-community extended no auto-summary no synchronization exit-address-family ! address-family vpnv4 neighbor 172.16.123.2 activate neighbor 172.16.123.2 send-community extended exit-address-family ! address-family ipv4 vrf vpn1 redistribute ospf 200 match internal external 1 external 2 no auto-summary no synchronization exit-address-family ! access-list 100 permit ip any any log PE3-RACK1#sho ip ospf neighbor Neighbor ID Pri State Dead Time Interface 2.2.2.2 1 FULL/BDR 00:00:33 Ethernet0/0.23 PE3-RACK1#sho mpls ldp discovery vrf vpn1 detail Local LDP Identifier: 11.11.11.11:0 24 Address 10.23.1.1 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab16 Solutions: Advanced MPLS II Discovery Sources: Interfaces: Ethernet0/0.23 (ldp): xmit/recv Hello interval: 5000 ms; Transport IP addr: 11.11.11.11 LDP Id: 2.2.2.2:0 Src IP addr: 10.23.1.1; Transport IP addr: 2.2.2.2 Hold time: 15 sec; Proposed local/peer: 15/15 sec Reachable via 2.2.2.2/32 PE3-RACK1#sho mpls ldp discovery Local LDP Identifier: 10.1.1.3:0 Discovery Sources: Interfaces: Ethernet0/0.123 (ldp): xmit/recv LDP Id: 10.1.1.2:0 PE3-RACK1#show mpls interfaces vrf vpn1 de VRF vpn1: Interface Ethernet0/0.23: IP labeling enabled (ldp) LSP Tunnel labeling not enabled BGP tagging not enabled Tagging operational Fast Switching Vectors: IP to MPLS Fast Feature Switching Vector MPLS Feature Vector MTU = 1500 PE3-RACK1#sho mpls Local Outgoing tag tag or VC 16 Pop tag 17 Aggregate 19 Aggregate 20 Pop tag 31 34 32 35 33 36 34 37 35 38 forwarding-table Prefix Bytes tag or Tunnel Id switched 2.2.2.2/32[V] 7065 10.23.1.0/24[V] 520 11.11.11.11/32[V] 15969 10.1.1.2/32 0 8.8.8.8/32[V] 610 10.82.1.0/24[V] 9134 12.12.12.12/32[V] 0 88.88.88.0/30[V] 0 192.168.100.0/24[V] \ 0 PE3-RACK1#sho ip bgp vpnv4 all summary Neighbor V AS MsgRcvd MsgSent 172.16.123.2 4 100 115 112 TblVer 50 Outgoing interface Et0/0.23 Next Hop Et0/0.123 Et0/0.123 Et0/0.123 Et0/0.123 Et0/0.123 172.16.123.2 172.16.123.2 172.16.123.2 172.16.123.2 172.16.123.2 Et0/0.123 172.16.123.2 10.23.1.1 InQ OutQ Up/Down State/PfxRcd 0 0 00:37:45 5 PE3-RACK1#sho ip route vrf vpn1 Routing Table: vpn1 Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 25 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab16 Solutions: Advanced MPLS II E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set O E2 B C B C B B B 2.0.0.0/32 is subnetted, 1 subnets 2.2.2.2 [110/20] via 10.23.1.1, 00:39:22, Ethernet0/0.23 8.0.0.0/32 is subnetted, 1 subnets 8.8.8.8 [200/20] via 172.16.123.2, 00:37:04 10.0.0.0/24 is subnetted, 2 subnets 10.23.1.0 is directly connected, Ethernet0/0.23 10.82.1.0 [200/0] via 172.16.123.2, 00:37:04 11.0.0.0/32 is subnetted, 1 subnets 11.11.11.11 is directly connected, Loopback11 12.0.0.0/32 is subnetted, 1 subnets 12.12.12.12 [200/0] via 172.16.123.2, 00:37:04 88.0.0.0/30 is subnetted, 1 subnets 88.88.88.0 [200/20] via 172.16.123.2, 00:37:04 192.168.100.0/24 [200/20] via 172.16.123.2, 00:37:04 PE3-RACK1#sho ip bgp vpnv4 vrf vpn1 BGP table version is 50, local router ID is 33.33.33.33 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:0 (default for vrf vpn1) *> 2.2.2.2/32 10.23.1.1 20 32768 ? *>i8.8.8.8/32 172.16.123.2 20 100 0 ? *> 10.23.1.0/24 0.0.0.0 0 32768 ? *>i10.82.1.0/24 172.16.123.2 0 100 0 ? *> 11.11.11.11/32 0.0.0.0 0 32768 ? *>i12.12.12.12/32 172.16.123.2 0 100 0 ? *>i88.88.88.0/30 172.16.123.2 20 100 0 ? *>i192.168.100.0 172.16.123.2 20 100 0 ? PE3-RACK1#sho ip bgp vpnv4 vrf vpn1 labels Network Next Hop In label/Out label Route Distinguisher: 100:0 (vpn1) 2.2.2.2/32 10.23.1.1 16/nolabel 8.8.8.8/32 172.16.123.2 31/34 10.23.1.0/24 0.0.0.0 17/aggregate(vpn1) 10.82.1.0/24 172.16.123.2 32/35 11.11.11.11/32 0.0.0.0 19/aggregate(vpn1) 12.12.12.12/32 172.16.123.2 33/36 88.88.88.0/30 172.16.123.2 34/37 192.168.100.0 172.16.123.2 35/38 26 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab16 Solutions: Advanced MPLS II hostname CE2-RACK1 ! ip cef no ip domain lookup mpls label protocol ldp ! interface Loopback0 ip address 2.2.2.2 255.255.255.255 ! interface Ethernet0/0 description To PE3 E0/0.23 ip address 10.23.1.1 255.255.255.0 half-duplex tag-switching ip ! router ospf 200 log-adjacency-changes redistribute connected subnets network 10.23.1.0 0.0.0.255 area 0 ! no ip http server ip classless CE2-RACK1#sho ip ospf neighbor Neighbor ID Pri State Interface 11.11.11.11 1 FULL/DR Ethernet0/0 CE2-RACK1#sho mpls interfaces Interface IP Ethernet0/0 Yes (ldp) CE2-RACK1#sho mpls forwarding-table Local Outgoing Prefix tag tag or VC or Tunnel Id 17 32 10.82.1.0/24 18 19 11.11.11.11/32 19 33 12.12.12.12/32 20 34 88.88.88.0/30 21 35 192.168.100.0/24 22 31 8.8.8.8/32 Dead Time Address 00:00:37 10.23.1.3 Tunnel No Operational Yes Bytes tag switched 0 0 0 0 0 0 Outgoing interface Et0/0 Et0/0 Et0/0 Et0/0 Et0/0 Et0/0 Next Hop 10.23.1.3 10.23.1.3 10.23.1.3 10.23.1.3 10.23.1.3 10.23.1.3 CE2-RACK1#sho mpls ldp discovery detail Local LDP Identifier: 2.2.2.2:0 Discovery Sources: Interfaces: Ethernet0/0 (ldp): xmit/recv Hello interval: 5000 ms; Transport IP addr: 2.2.2.2 LDP Id: 11.11.11.11:0 Src IP addr: 10.23.1.3; Transport IP addr: 11.11.11.11 Hold time: 15 sec; Proposed local/peer: 15/15 sec 27 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab16 Solutions: Advanced MPLS II Reachable via 11.11.11.11/32 CE2-RACK1#ping 8.8.8.8 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms CE8-RACK1#ping 2.2.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms sho ip ospf neighbor sho mpls ldp discovery vrf vpn1 detail sho mpls ldp discovery sho mpls interfacessho show mpls interfaces vrf vpn1 de sho mpls forwarding-table sho ip bgp vpnv4 all summary sho ip route vrf vpn1 sho ip bgp vpnv4 vrf vpn1 sho ip bgp vpnv4 vrf vpn1 labels sho mpls interfaces sho mpls forwarding-table sho mpls ldp discovery detail 28 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. [...]... - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort... http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab1 6 Solutions: Advanced MPLS II E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set O E2 B C B C B B B 2.0.0.0/32... Provider Workbook v1.0 | Lab1 6 Solutions: Advanced MPLS II shutdown no snmp trap link-status isis circuit-type level-1 isis network point-to-point isis csnp-interval 10 ! interface Ethernet0/0.82 description to CE8 -VLAN 82 VPN Green Site 2 encapsulation dot1Q 82 ip vrf forwarding vpn1 ip address 10.82.1.2 255.255.255.0 mpls label protocol ldp tag-switching ip no snmp trap link-status ! interface Ethernet0/0.123... level-2 into level-1 distribute-list 100 passive-interface Loopback0 ! router bgp 100 bgp log-neighbor-changes neighbor 172.16.123.2 remote-as 100 ! address-family ipv4 neighbor 172.16.123.2 activate neighbor 172.16.123.2 send-community extended no auto-summary no synchronization exit-address-family ! address-family vpnv4 neighbor 172.16.123.2 activate neighbor 172.16.123.2 send-community extended exit-address-family... PE3-RACK1#sho ip route vrf vpn1 Routing Table: vpn1 Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 25 This product is individually licensed Copyright® 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab1 6 Solutions: Advanced. .. Solutions: Advanced MPLS II tag-switching ip no snmp trap link-status isis circuit-type level-2-only ! interface Ethernet0/1 no ip address half-duplex ! router ospf 200 vrf vpn1 log-adjacency-changes detail redistribute bgp 100 metric-type 1 subnets network 10.23.1.0 0.0.0.255 area 0 network 11.11.11.11 0.0.0.0 area 0 ! router isis net 48.0000.0003.0003.00 area-password iementor log-adjacency-changes... hostname PE3-RACK1 ! ip cef no ip domain lookup ip vrf vpn1 rd 100:0 route-target export 100:0 route-target import 100:0 ! mpls label protocol ldp mpls ldp loop-detection tag-switching tdp router-id Loopback0 ! interface Loopback0 22 This product is individually licensed Copyright® 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab1 6 Solutions: Advanced MPLS II ip... The same rule applies even if you use Inter-AS – Inter-AS will carry over the same AS from SP1 to SP2 PE4-RACK1(config-router-af)#neighbor 172.16.30.3 as-override *Mar 1 00:47:53.471: %BGP-5-ADJCHANGE: neighbor 172.16.30.3 vpn vrf green Down AS-override change Verify ASBR’s label mapping ASBR1-RACK1#sho ip bgp vpnv4 all labels Network Next Hop In label/Out label Route Distinguisher: 100:100 5.5.5.0/24... description to PE3 - VLAN 123 encapsulation dot1Q 123 ip address 172.16.123.2 255.255.255.0 ip router isis mpls label protocol ldp tag-switching ip no snmp trap link-status isis circuit-type level-2-only ! interface Ethernet0/0.200 ! interface Ethernet0/1 description to BB1-RACK1 ip address 10.12.1.2 255.255.255.0 ip policy route-map unicast-routes full-duplex ! router ospf 200 vrf vpn1 log-adjacency-changes... 172.16.123.3 send-community extended no auto-summary no synchronization 19 This product is individually licensed Copyright® 2005 ieMentor http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab1 6 Solutions: Advanced MPLS II exit-address-family ! address-family vpnv4 neighbor 172.16.123.3 activate neighbor 172.16.123.3 send-community extended exit-address-family ! address-family ipv4 ... Provider Workbook v1.0 | Lab16 Solutions: Advanced MPLS II IP to MPLS Fast Feature Switching Vector MPLS Feature Vector MTU = 1500 PE2-RACK1#sho mpls Local Outgoing tag tag or VC 19 Pop tag 31 16... = 4/5/8 ms sho ip ospf neighbor sho mpls ldp discovery vrf vpn1 detail sho mpls ldp discovery sho mpls interfacessho show mpls interfaces vrf vpn1 de sho mpls forwarding-table sho ip bgp vpnv4... http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab16 Solutions: Advanced MPLS II ♦ MPLS must be dynamically enabled from ASBR1 to ASBR2 ♦ No static routes allowed ♦ VPN Solaris