114 IPExpert MPLS Building L3VPN Network

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] we are going to put all this knowledge into action so what I'm going to be doing here is I'm going to be using my existing infrastructure here so this is what we have already done our five R 4 R 2 R 6 they are already running MPLS and we are good there so what I want to do is I want to add our 7 in vrf a on our 5 and our eight in vrf a on our 6 now I should just point out that the reason why I'm using vrf names that are the same on both sides is because I'm lazy and the reason why I'm using a as the name on both sides is because I am really really truly lazy so there is no requirement for these names to match or to be this short or anything of the sort but I really wanted it this way also on our 7 here I will be using route distinguisher 56 5 and on this side here I'll be using 56 6 route target and this will be route target export will be 56 7 and on this side it will be 56 8 so what I will be importing here will be 56 8 so whatever I'm exporting on the other side at what I'm going to be importing here will be 56 7 also just for fun I'm going to configure this side using the old method and this one I'm going to configure using the new method just so that we can see that one in action so I'm going to bring out my routers here I'm going to connect to our 7 and our 8 and what I'm going to do actually is I'm going to move our 7 all the way to the left here so that at least visually my tabs there on top resemble the layout of the network so whenever I'm configuring my MPLS VPNs these are the steps that I like to take first make sure that MPLS infrastructure is in place now this would actually be step number two step number one is create brf's and associate interfaces now why is that first step because this is really part of layer 2 set up right and I really wanted to be done with layers to set up at one point at the very very beginning of my lab scenario before I actually do anything else now MPLS infrastructure in place this involves IP routing and MPLS back bar step number 3 VPN before infrastructure basically MP BGP pairings 3 PE te routing 4 MP BGP and pece redistribution and here I will point out not needed if PE c e is ebgp five pink and happiness so these are the steps of configuring the MPLS VPN so start there where I promise I'll start so I'm going to create the VRS and associate appropriate interfaces so I'm going to start from our five so on our five here I'll let me bring up my text editor here I'm going to say IP vrf a route distinguisher 56 whatever whatever that was and route this thing we should there is fifty six five so fifty six five I will be exporting route target route target export is fifty six seven and I know that I will be importing whatever is on the other side so this is going to be the configuration on our five and then interface faster than zero zero I'm going to say IP vrf forwarding a so this is the configuration that I will have on power 5 so this is going now to our five and I seem to have a question right now so let me take a look hope it wasn't a question it was actually a comment that I have to export and that is entirely correct so let's just correct this to be import thank you very much so this goes to our five so going to paste this in and this is what I want to show you it says here that interface fastethernet 0/0 IP address ten five seven five was removed due to enabling a vrf a what was the net mask on this interface well you can take a look at this and answer that our net mask oh it's supposed to be 24 but that wasn't my question my question wasn't what is supposed to be the mass my question was what is the mask or what was the mask if you take a look at the startup configuration we will see that the actual mask that was configured was slash 25 now it should be slash 24 but I just wanted to illustrate the danger of running this command blindly because all IP related configuration from the interface will be removed when you actually enable the RF forwarding on the interface so what we really want to do is before we configure the vrf on the interface just quickly show run interface that you are running this on just make sure that you can see what is already configured so that when you actually put this command in that you at least have things to copy-paste from so this was the configuration on our v now let's do the configuration on our 8 so here we said that we are going to be using the new command set so I'm going to say v RF definition and I'm going to specify name so this is going to be a here I can specify the route distinguishers and route targets and I can specify the address family so I'm going to specify the route distinguisher what was supposed to be the route distinguisher here 56 6 and then I'm going to go into the address family and here I have two options ipv4 or ipv6 and I'm going to say route target export and it was 56 8 and I will be importing 56 sir so if I do show IP v RF i can see here that v RF a is now configured with 56 6 but i do not have any interfaces actually associated with this now I should point out and this was one of the questions that I had in the break when you configure the the v RF using this new configuration so show run v RF when you use the VRA definition here that when you do show IP vrf this vrf does not show well it won't show unless you actually enable it for address family so let me just show you that very briefly so I'm going to say no address family that actually I just did no vrf definition I okay that's not exactly what I wanted but vrf definition a router distinguisher 56 6 so now if I do show IP view f it won't show because this vrf is not actually enabled for IP right it's just defined but it's not active in the IP address family but in ipv4 address family so what you can you can see it with show v RF and here in the protocol section it will tell me for which protocols is it ipv4 or ipv6 that it is actually enabled on so let's enable it for ipv4 so I'm going to say v RF definition a and I'm going to say address family I'll kill me for and if I do show v RF now I will see that it says that it this prop this v RF is now enabled for ipv4 and now it is actually also visible with show IP v RF and here let's do the route targets export 56 I keep forgetting this 8 and route target import 56 7 so now this is the configuration of our v RF and this is using the new method so now I'm going to go and learning from my mistake I'm first going to take a look at the interface so interface fastethernet 0/0 here I'm going to say v RF forwarding now I can still do IP v RF forwarding and that would be fine but if I do IP v RF forwarding a that applies only for ipv4 traffic if I wanted to have ipv6 traffic in this vrf as well I should really use the new method and here I'm saying v RF forwarding and I'm specifying the name of vrf a and now I can actually copy paste and configure this so if I do now show vrf command I will see that vrf a using the the RD of 56 six is enabled for ipv4 and it's active on interfaces Fast Ethernet 0 0 I can also do show IP v RF and I'm going to be seeing it like this except now I don't have this protocols I'm here I can also use the command show run v RF to see the running configuration of the v RF but please don't get too used to this command because the version of iOS that you will have in your CCIE RN s version 4 lab does not support this command so it I am a little bit lazy so I am using it because it's a very useful command it will show me the actual configuration of the v RF and all the interfaces the routing protocols and the relevant MP BGP configuration for that v RF so it gives me very very quick overview over what's configured for that the RF so now let's take a look at oh hold on a second I was configuring a completely wrong device here oh I was configuring r7 I should have been configuring r6 for this oh my oh my so let's remove this fear of sono v RF definition a and this is where the value of copy-paste is now going to become apparent so what I'm going to do here paste this in let me up put this IP address here so let's go to our 6 so what I need here this is what I need to do this was really really silly oversight on my site but anyways very easily fixed so this goes on our 6 on our 7 I should have this in the main routing table show IP route so I should be able to ping ten five seven five that works on our five show IP route vrf a I should be able to ping our seven that works and on our six show IP route PRF a should be able to ping inside vrf my router eight that works and on router eight it show up your route I should be able to ping our sex so what I have now in place is that this VAR f is defined and I have the communication between five and seven and this VF here is defined and I have the communication between our six and our eight now the next step in my checklist here is to have so I've done this now MPLS infrastructure is in place so there is an in missing there so MPLS infrastructure is in place that is done we have already configured that a long time ago so now we have to build the VPN v4 infrastructure so that means that I have to go ahead and build my BGP configuration so that's what I'm going to be doing and let me just bring in the actually this picture here so I need to build bgp between r5 and r6 now the good news is that they're going to be in the same autonomous system so I'm going to start with my usual way of configuring BGP so I'm just going to say IP BGP community new format I'm going to say router bgp let's say 56 then I'm going to say BGP upgrade CLI because this is what I always like to do and then I'm going to do another thing that might be a little bit controversial I'm going to say no BGP default ipv4 unicast now what this command here does it does change the behavior of BGP because by default when I define a neighbor so for example if I went in here and I said neighbor one and two 168 0 six remote as50 six this neighbor will automatically be activated in ipv4 address family now because in this scenario here I do not need ipv4 peering between r5 and r6 I'm just going to say you know that automatic ipv4 peering don't do it if I need it I'll define it manually so this is what this command does it is going to prevent the is from automatically activating this neighbor in the ipv4 address family I don't need it now the next thing that I'm going to say is update source I'm going to be peering between the loop backs and then we go into the address family so address family I need VPN v4 and I'm going to say neighbor this activate and what is going to be entered so I do not need this command line because this will be entered for me and I cannot remove it this is the command that will send extended communities extended communities like route targets VPN v4 cannot operate without these external communities but I like the ability to use standard communities as well so I'm going to say neighbor send community those so this is got what's going to be in there as opposed to what is there by default actually there was there was up an error here that should have been sent community extended right so what I'm going to do is I'm going to replace that with some community both now this is the configuration for r5 now interestingly enough this is the exact same configuration that I will need on our six except with this now some of you might be looking with a puzzled look on your faces what is he doing here let me show you what I'm doing I'm going to go to our five and I'm going to paste this configuration in now take a look at this our five here is complaining that it cannot configure itself as the as the neighbor good I don't care because I'm going to paste the anything to our six now our six is complaining that it cannot configure itself as the neighbor do I actually care about that no the only thing that I care about is that it took me a couple of seconds to clone this configuration and then just do paste paste if I had five routers it will be based paste paste paste paste right so I am speeding up I don't care about that tiny little error that iOS is going to throw at me now there is one more thing that I want to show you so right now if I go to our five and if I do show IP DGP summary I'm not going to see anything and this is exactly the thing that I wanted to show you now show IP BGP summary here doesn't show me anything because this is an old BGP command the new BGP command that is equivalent of this is show BGP ipv4 unicast summary now of course I'm not going to see anything because I don't have an ipv4 peering between these neighbors so if you do show IP BGP summary and you see the neighbors and you're thinking oh my my multi-protocol BGP is okay you're not actually checking that you are checking whether your ipv4 peering exists an ipv4 peering doesn't carry VPN v4 routes question here was just to clarify why I had this thing here configured on our five in our six and the answer is just I I went through it it was just for the speed so no other reason right you don't have to do this it's you know if it's if it's confusing if you think that this might be wrong in some way then don't do it but the important thing here is that it's not actually going to end up in the running config so on r5 there will be only do router bgp what you are going to be seeing is going to be only the statements that are actually relevant all those self neighbor statements they were immediately rejected by iOS that's why it's safe to use them but going back to what I was just saying this command here will show you or show IP BGP summary will show you the status of currently non exists ipv4 peering session now it's very dangerous when you're troubleshooting MPLS VPNs to run show IP BGP see the session and assume that your MP BGP is okay it may it may be ok but maybe isn't ok the command that you need to remember is show bgp VPN v for unicast all summary now what all stands here is all the RFS now at this point here is where we are seeing the actual session going on so right now we can see that Labour 1 & 2 to 168 0 6 is our neighbor for version 4 so this is what we can see here in the s 56 and that you are receiving 0 prefixes here now I should also point out that in a case that you have ipv6 route this would be the session that you will be running in a case that you have VP and v6 route but this is most likely not going to be the case in the lab now there's one more thing that I want to share let's say that for example r6 here was actually configured to have the neighbor in ipv4 session oh sorry so let's move towards r5 so now the neighbors are going to go down and so on so if I go to our five now and if I do show BGP ipv4 unicast summary I'm not going to see anything because our five is now not configured to have ipv4 peering with our six but let me show you what's going to show up on our sector show BG or let's do the more familiar one show IP BGP summary take a look at this now this could also be the case if you have for example ipv4 peering between them that is active but only one side is configured for VP and v4 peering on that side if you ran the command to see VPN v4 parents if you see this our message here no-neck that basically says this address family with this neighbor is not negotiated it's activated on my side so this is our six so on our six side we have activated the neighbor but the other side is not actually responding to appearing requests in this session it's not negotiating this address family so if you have this error message and and and this is very relevant for the troubleshooting section if we have this message here when you when you see this summary of the neighbor that means that this address family is not negotiated by the other side it is configured on this side but not on the other side the side that doesn't have it configured will be showing absolutely nothing there so this is just one thing that I wanted to show you I will leave it in the configuration there even though it's it's slight miss configuration but just when you get the file so that you can actually take a look at this point we are done with our VPN v4 infrastructure we have configured MP bgp pairings there are no routes carried but that's okay because there are no routes being advertised now we need PE CI routed so let's configure some pece routing here between our five and our seven let's run for example ERP so this is going to be a GP 57 and here between our six and our eight let's run for example let's run BGP so this is going to be in a s let's say 800 so we are going to run a s 800 here let's start with ei GRP side actually let's start with BGP side so I'm going to go to our 8 now from our aids perspective this peering here is going to be just a regular ipv4 peering now from our six s perspective this is going to be peering in ipv4 vrf a so this is where I will need to configure peering on our six and this is where I'm configuring clearing on alright as far as our 8 is concerned this is just regular BGP so to my notepad I'm going to start with our 8 because it's probably going to be a little more straightforward so actually more of this most of this stuff actually applies I won't be needing this I can reuse a lot of this stuff I won't be needing update source and the address here will be 10 6 8 6 so this can be actually copied I can paste it here I can paste it here and let's just redistribute connected so our 8 is just going to read it with all the connected routes we have to get some routes in our BGP right so this is going to be the configuration on our 8 so let's do that on our 8 oops looks like I it works much better when you actually click in the window where you want to paste so this is no configuration on our 8 on my r6 the configuration is going to be this is 56 I won't be needing this this is already configured I won't be needing this so this now goes into the address family address family ipv4 vrf a and this is now 8 this is 800 and I don't need reduced a bit connected so this now goes to r6 at this moment my bgp peering should come up and from our eights perspective if i do show IP bgp this is what I'm seeing I'm seeing two local routes some from all rights perspective this is just a regular peering so all the regular BGP commands simply work and here I can see that I do have the neighbor 10 6 8 6 in version 4 autonomous system 56 and I am receiving zero prefixes on our six if I do show IP BGP summary again I'm not going to be seeing anything because this is not ipv4 session if I want to see this session I have to do show BGP ipv4 sorry show bgp VPN v for unicast v RF a summary a lot of typing so you know if you think that this is a lot of typing what you can do is something like this so we can say sip o or sip v RF a summary but personally I don't like using aliases but if you think that typing all this stuff is too complicated by all means configure the aliases and feel free to use them just as a as a good measure at the end of the lab if you have time remove them or simply make sure that they cannot interfere with the grading which is the best way to ensure that they cannot interfere with the grading is not to use them in the first place so right now if I do my show bgp evpn we for unicast o or unicast v RF a summary I see that from r8 I am receiving two routes and if I do show IP route v RF a I'm actually going to see one of these routes in the routing table why one well because the other one is this connected route here but it is still going to be in my table but it's going to be with the rib failure just like the regular BGP now one difference is that here I'm going to actually see the route distinguisher so these routes here actually when advertise to other routers will have this route distinguisher prepended at this point here somewhere before them but you're not going to see that in show output only in debug output the only place where out distinguisher shows in bgp output is when you see this now if i go to our v if do show bgp VPN v for unicast all summary I see that these two routes have actually made it all the way to our five now they made it all the way to our five because if you are using ebgp as the PCE routing protocol and we did mention that here if you are using PGP as pece routing protocol we it's not needed to do any redistribution right but if you are using any other protocol we actually do have to redistribute so we can see that these routes have made it across and if I do show IP route vrf a on r5 I will see two BGP routes a significant thing to note in this output is the next hop the next hop for BGP learned routes for the router on from MP BGP inside the vrf will actually be the peering address of the MP BGP session even though it is known in the main routing table this is perfectly legitimate output to see so if you are troubleshooting reach ability between your CI routers and you see this and your might be thinking hey hold on but I don't actually have the route for this in the v RF this is normal and this is perfectly acceptable thing to have because this is how MP BGP works so this is okay to see as the next hop here now if I go to our seven where we are not yet running air GRP of course I'm not going to be seeing any route so let's configure EA GRP between our five and our seven the configuration on our seven side in this case is going to be very for straight forward this is just a regular erp so router EA GRP 57 no out of summary and I'm going to say network zero zero zero zero simply on all interfaces and I'm going to run this here and enable ya GRP on ourselves now the configuration on our 5 is going to be slightly more involved what I need here is I need to be fine address family IP for vrf air and then inside this vrf I need to specify which is the autonomous system number to use now this may look redundant because I have already specified 57 here but the idea is here that you can have a container process the process that you know may have multiple address families that can that needs to have configuration wise and a s number specified but that inside autonomous system you can run different autonomous systems in different vrf so this is the reason so that's exactly what I'm going to configure it like this to show you this difference but even though these would be the same even if I had 57 here I still need to specify it because if I don't specify it the eigrp is not actually going to be active inside the sphere so this is a mandatory line when you are configuring ERP inside the V ref so this is now the configuration that goes on our v so this goes in oops it helps when you spell it correctly and now we can see that EA GRP actually came up so if I do show IP route EA GRP on our v I'm not going to see any route why am I not seeing any rot well because the routes that were actually received from our six here over the NP BGP between five and six are now sitting in the v RF routing table as BGP routes now BGP routes are not automatically going to be advertised into eigrp if you want to advertise them into a therapy you have to redistribute hence this step here that we actually need to perform pece redistribution so also it is true that on ours sorry not digress on our seven I'm not going to see any routes on our five so I threw out three RFA here I will actually see an e IG RP route but what I was talking about before I just made a slight mistake on which router it is happening on our seven I'm not going to see any year per out because they are not being redistributed from MP BGP for the same reason on our six show IP route we are F a I'm not going to see any routes learned from our five because those aig appears our debt one year period actually needs to be redistributed into BGP so let's do that I'm going to start with our five what I'm going to do here is already have this so what I'm going to say is redistribute BGP 56 and I need to specify the metric again I'm just going to make it very very easy for me oops wrong rudder let's go to our five so here I'm going to resist with BGP so now if I do show IP route EIGRP I'm going to be getting those two routes from our eight now let's redistribute in the other direction so I'm going to have router bgp 56 again address family ipv4 and here I'm just going to say released with ERP but this time I need to specify the actual process number that is or autonomous system number that is running inside vrf so this goes now on our five so when I do this if I do show bgp evpn v4 unicast unicast vrf a I should be seeing these two routes so this one here which is directly connected one and this one here that was learned from EA GRP injected into BGP which means that if they are injected on r5 I should be seeing them so bgp evpn before unicast DRF a unicast yeah that's correct so I should be seeing them here and again they will have the next hop of our five in the main routing table and if I do show IP route V RFA I should be seeing these two routes now learned on our six now because these routes are already BGP routes there is no need for any redistribution if I go to our eight if I do show IP route I will actually get these two routes in the routing table the last step that I need to do here is to actually pink and make sure that it actually works question that I was asked here is is it a good idea to use the vrf upgrade command now what does the vrf upgrade commando so let's take a look at that command so if I go to the config mode and if I say vrf upgrade CLI now here what I'm going to be offered is to upgrade from the old configuration mode to the new multi address family node now this is very similar in operation to what bgp upgrade CLI does but here I'm going to have a couple more options one is to use the common policies and the other to use non common policies now what does that actually mean so let's take a look at the V ref here that we have on our farm so if I do show run section IP v RF so this is where we used the old configuration mode so when tries to translating this from the old configuration to the new configuration we have two options what we can do now one possible translation of this command configuration would be UPS this doesn't work for some reason anyways one possible translation is to use v RF definition a and then say route distinguisher 56 five and then he simply transport this here and use it as global policies and then activate address family ipv4 now this would be the option when we would be using policies and we can see this in the online help it says ipv4 vrf policies are moved to common vrf policies which means that these policies here will actually apply to address family ipv4 and address family ipv6 now another way of translating this and which would result in the equivalent configuration to what we had before would be to actually translate this as this so that these policies here that were used inside this VF are not automatically copied for ipv6 that means that they are not common policies but that they are moved only into the sub address family for ipv4 depending what you want to do one or the other might be a good option to do now the real question there was should we do this well why unless you are planning on actually having ipv6 vrf in your network I don't believe that there is a reason to actually use this so it's an interesting command to know and this behavior with common or non common policies is an interesting to explore but I don't think that in the exam you should worry about using the using this command so if they ask you to use the new format of defining via refs and you should do it they might ask you to upgrade but then you might need to know this command but you know III don't think that it is likely that you will ever have the need to actually use this command in the CCI lab
Info
Channel: CCIEORDIE.COM
Views: 6,223
Rating: undefined out of 5
Keywords:
Id: sM1MwjAUbiY
Channel Id: undefined
Length: 38min 11sec (2291 seconds)
Published: Fri Feb 02 2018
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.