Table Of Contents
MPLS VPN Carrier Supporting Carrier with BGP
Finding Feature Information
Contents
Prerequisites for MPLS VPN CSC with BGP
Restrictions for MPLS VPN CSC with BGP
Information About MPLS VPN CSC with BGP
MPLS VPN CSC Introduction
Benefits of Implementing MPLS VPN CSC
Benefits of Implementing MPLS VPN CSC with BGP
Configuration Options for MPLS VPN CSC with BGP
Customer Carrier Is an ISP with an IP Core
Customer Carrier Is an MPLS Service Provider With or Without VPN Services
How to Configure MPLS VPN CSC with BGP
Identifying the Carrier Supporting Carrier Topology
Configuring the Backbone Carrier Core
Prerequisites
Verifying IP Connectivity and LDP Configuration in the CSC Core
Configuring VRFs for CSC-PE Routers
Configuring Multiprotocol BGP for VPN Connectivity in the Backbone Carrier
Configuring the CSC-PE and CSC-CE Routers
Configuring CSC-PE Routers
Configuring CSC-CE Routers
Verifying Labels in the CSC-PE Routers
Verifying Labels in the CSC-CE Routers
Configuring the Customer Carrier Network
Prerequisites
Verifying IP Connectivity in the Customer Carrier
Configuring a Customer Carrier Core Router as a Route Reflector
Troubleshooting Tips
Configuring the Customer Site for Hierarchical VPNs
Defining VPNs on PE Routers for Hierarchical VPNs
Configuring BGP Routing Sessions on the PE Routers for Hierarchical VPNs
Verifying Labels in Each PE Router for Hierarchical VPNs
Configuring CE Routers for Hierarchical VPNs
Verifying IP Connectivity in the Customer Site
Configuration Examples for MPLS VPN CSC with BGP
Configuring the Backbone Carrier Core: Examples
Verifying IP Connectivity and LDP Configuration in the CSC Core: Example
Configuring VRFs for CSC-PE Routers: Example
Configuring Multiprotocol BGP for VPN Connectivity in the Backbone Carrier: Example
Configuring the Links Between CSC-PE and CSC-CE Routers: Examples
Configuring the CSC-PE Routers: Examples
Configuring the CSC-CE Routers: Examples
Verifying Labels in the CSC-PE Routers: Examples
Verifying Labels in the CSC-CE Routers: Examples
Configuring the Customer Carrier Network: Examples
Verifying IP Connectivity in the Customer Carrier: Example
Configuring a Customer Carrier Core Router as a Route Reflector: Example
Configuring the Customer Site for Hierarchical VPNs: Examples
Configuring PE Routers for Hierarchical VPNs: Examples
Verifying Labels in Each PE Router for Hierarchical VPNs: Examples
Configuring CE Routers for Hierarchical VPNs: Examples
Verifying IP Connectivity in the Customer Site: Examples
Additional References
Related Documents
Standards
MIBs
RFCs
Technical Assistance
Command Reference
Feature Information for MPLS VPN CSC with BGP
Glossary
MPLS VPN Carrier Supporting Carrier with BGP
First Published: May 2, 2005
Last Updated: February 5, 2009
Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) Carrier Supporting Carrier (CSC) enables one MPLS VPN-based service provider to allow other service providers to use a segment of its backbone network. This module explains how to configure an MPLS VPN CSC network that uses Border Gateway Protocol (BGP) to distribute routes and MPLS labels.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for MPLS VPN CSC with BGP" section.
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
•
Prerequisites for MPLS VPN CSC with BGP
•Restrictions for MPLS VPN CSC with BGP
•Information About MPLS VPN CSC with BGP
•How to Configure MPLS VPN CSC with BGP
•Configuration Examples for MPLS VPN CSC with BGP
•Additional References
•Command Reference
•Feature Information for MPLS VPN CSC with BGP
•Glossary
Prerequisites for MPLS VPN CSC with BGP
•You should be able to configure MPLS VPNs with end-to-end (CE-to-CE router) pings working. To accomplish this, you need to know how to configure Interior Gateway Protocols (IGPs), MPLS Label Distribution Protocol (LDP), and Multiprotocol Border Gateway Protocol (MP-BGP).
•Make sure that the CSC-PE routers and the CSC-CE routers run images that support BGP label distribution. Otherwise, you cannot run external BGP (EBGP) between them. Ensure that connectivity between the customer carrier and the backbone carrier. EBGP-based label distribution is configured on these links to enable MPLS between the customer and backbone carriers.
Restrictions for MPLS VPN CSC with BGP
On a provider edge (PE) router, you can configure an interface for either BGP with labels or LDP. You cannot enable both types of label distribution on the same interface. If you switch from one protocol to the other, then you must disable the existing protocol on all interfaces before enabling the other protocol.
This feature does not support the following:
•EBGP multihop between CSC-PE and CSC-CE routers
•EIBGP multipath load sharing
The physical interfaces that connect the BGP speakers must support Cisco Express Forwarding or distributed Cisco Express Forwarding and MPLS.
Information About MPLS VPN CSC with BGP
Before configuring MPLS VPN CSC, you should understand the following concepts:
•MPLS VPN CSC Introduction
•Benefits of Implementing MPLS VPN CSC
•Benefits of Implementing MPLS VPN CSC with BGP
•Configuration Options for MPLS VPN CSC with BGP
MPLS VPN CSC Introduction
Carrier supporting carrier is where one service provider allows another service provider to use a segment of its backbone network. The service provider that provides the segment of the backbone network to the other provider is called the backbone carrier. The service provider that uses the segment of the backbone network is called the customer carrier.
A backbone carrier offers Border Gateway Protocol and Multiprotocol Label Switching (BGP/MPLS) VPN services. The customer carrier can be either:
•An Internet service provider (ISP)
•A BGP/MPLS VPN service provider
Benefits of Implementing MPLS VPN CSC
The MPLS VPN CSC network provides the following benefits to service providers who are backbone carriers and to customer carriers.
Benefits to the Backbone Carrier
•The backbone carrier can accommodate many customer carriers and give them access to its backbone. The backbone carrier does not need to create and maintain separate backbones for its customer carriers. Using one backbone network to support multiple customer carriers simplifies the backbone carrier's VPN operations. The backbone carrier uses a consistent method for managing and maintaining the backbone network. This is also cheaper and more efficient than maintaining separate backbones.
•The MPLS VPN carrier supporting carrier feature is scalable. Carrier supporting carrier can change the VPN to meet changing bandwidth and connectivity needs. The feature can accommodate unplanned growth and changes. The carrier supporting carrier feature enables tens of thousands of VPNs to be set up over the same network, and it allows a service provider to offer both VPN and Internet services.
•The MPLS VPN carrier supporting carrier feature is a flexible solution. The backbone carrier can accommodate many types of customer carriers. The backbone carrier can accept customer carriers who are ISPs or VPN service providers or both. The backbone carrier can accommodate customer carriers that require security and various bandwidths.
Benefits to the Customer Carriers
•The MPLS VPN carrier supporting carrier feature removes from the customer carrier the burden of configuring, operating, and maintaining its own backbone. The customer carrier uses the backbone network of a backbone carrier, but the backbone carrier is responsible for network maintenance and operation.
•Customer carriers who use the VPN services provided by the backbone carrier receive the same level of security that Frame Relay or ATM-based VPNs provide. Customer carriers can also use IPSec in their VPNs for a higher level of security; it is completely transparent to the backbone carrier.
•Customer carriers can use any link layer technology (SONET, DSL, Frame Relay, and so on) to connect the CE routers to the PE routers and the PE routers to the P routers. The MPLS VPN carrier supporting carrier feature is link layer independent. The CE routers and PE routers use IP to communicate, and the backbone carrier uses MPLS.
•The customer carrier can use any addressing scheme and still be supported by a backbone carrier. The customer address space and routing information are independent of the address space and routing information of other customer carriers or the backbone provider.
Benefits of Implementing MPLS VPN CSC with BGP
You can configure your CSC network to enable BGP to transport routes and MPLS labels between the backbone carrier PE routers and the customer carrier CE routers using multiple paths. The benefits of using BGP to distribute IPv4 routes and MPLS label routes are:
•BGP takes the place of an IGP and LDP in a VPN forwarding/routing instance (VRF) table. You can use BGP to distribute routes and MPLS labels. Using a single protocol instead of two simplifies the configuration and troubleshooting.
•BGP is the preferred routing protocol for connecting two ISPs, mainly because of its routing policies and ability to scale. ISPs commonly use BGP between two providers. This feature enables those ISPs to use BGP.
Configuration Options for MPLS VPN CSC with BGP
The backbone carrier offers BGP and MPLS VPN services. The customer carrier can be either of the following:
•Customer Carrier Is an ISP with an IP Core
•Customer Carrier Is an MPLS Service Provider With or Without VPN Services
The following sections explain how the backbone and customer carriers distribute IPv4 routes and MPLS labels.
Customer Carrier Is an ISP with an IP Core
Figure 1 shows a network configuration where the customer carrier is an ISP. The customer carrier has two sites, each of which is a point of presence (POP). The customer carrier connects these sites using a VPN service provided by the backbone carrier. The backbone carrier uses MPLS. The ISP sites use IP.
Figure 1 Network Where the Customer Carrier Is an ISP
The links between the CE and PE routers use EBGP to distribute IPv4 routes and MPLS labels. Between the links, the PE routers use multiprotocol IBGP to distribute VPNv4 routes.
Note If a router other than a Cisco router is used as a CSC-PE or CSC-CE, that router must support IPv4 BGP label distribution (RFC 3107). Otherwise, you cannot run EBGP with labels between the routers.
Customer Carrier Is an MPLS Service Provider With or Without VPN Services
Figure 2 shows a network configuration where the backbone carrier and the customer carrier are BGP/MPLS VPN service providers. This is known as hierarchical VPNs. The customer carrier has two sites. Both the backbone carrier and the customer carrier use MPLS in their networks.
Figure 2 Network Where the Customer Carrier Is an MPLS VPN Service Provider
In this configuration, the customer carrier can configure its network in one of the following ways:
•The customer carrier can run IGP and LDP in its core network. In this case, the CSC-CE1 router in the customer carrier redistributes the EBGP routes it learns from the CSC-PE1 router of the backbone carrier to IGP.
•The CSC-CE1 router of the customer carrier system can run an IPv4 and labels IBGP session with the PE1 router.
How to Configure MPLS VPN CSC with BGP
This section contains the following tasks:
•Identifying the Carrier Supporting Carrier Topology (required)
•Configuring the Backbone Carrier Core (required)
•Configuring the CSC-PE and CSC-CE Routers (required)
•Configuring the Customer Carrier Network (required)
•Configuring the Customer Site for Hierarchical VPNs (required)
Identifying the Carrier Supporting Carrier Topology
Before you configure the MPLS VPN CSC with BGP, you need to identify both the backbone and customer carrier topology.
For hierarchical VPNs, the customer carrier of the MPLS VPN network provides MPLS VPN services to its own customers. In this instance, you need to identify the type of customer carrier as well as the topology of the customer carriers. Hierarchical VPNs require extra configuration steps, which are noted in the configuration sections.
Note You can connect multiple CSC-CE routers to the same PE, or you can connect a single CSC-CE router to CSC-PEs using more than one interface to provide redundancy and multiple path support in CSC topology.
Perform this task to identify the carrier supporting carrier topology.
SUMMARY STEPS
1. Identify the type of customer carrier, ISP or MPLS VPN service provider.
2. (For hierarchical VPNs only) Identify the CE routers.
3. (For hierarchical VPNs only) Identify the customer carrier core router configuration.
4. Identify the customer carrier edge (CSC-CE) routers.
5. Identify backbone carrier router configuration.
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
Identify the type of customer carrier, ISP or MPLS VPN service provider.
|
Sets up requirements for configuration of carrier supporting carrier network.
•For an ISP, customer site configuration is not required.
•For an MPLS VPN service provider, the customer site needs to be configured, as well as any task or step designated "for hierarchical VPNs only."
|
Step 2
|
(For hierarchical VPNs only) Identify the CE routers.
|
Sets up requirements for configuration of CE to PE connections.
|
Step 3
|
(For hierarchical VPNs only) Identify the customer carrier core router configuration.
|
Sets up requirements for connection configuration between core (P) routers and between P routers and edge routers (PE and CSC-CE routers).
|
Step 4
|
Identify the customer carrier edge (CSC-CE) routers.
|
Sets up requirements for configuration of CSC-CE to CSC-PE connections.
|
Step 5
|
Identify the backbone carrier router configuration.
|
Sets up requirements for connection configuration between CSC core routers and between CSC core routers and edge routers (CSC-CE and CSC-PE routers).
|
What to Do Next
Set up your carrier supporting carrier networks with the "Configuring the Backbone Carrier Core" section.
Configuring the Backbone Carrier Core
Configuring the backbone carrier core requires setting up connectivity and routing functions for the CSC core and the CSC-PE routers.
Configuring and verifying the CSC core (backbone carrier) involves the following tasks:
•Verifying IP Connectivity and LDP Configuration in the CSC Core (optional)
•Configuring VRFs for CSC-PE Routers (required)
•Configuring Multiprotocol BGP for VPN Connectivity in the Backbone Carrier (required)
Prerequisites
Before you configure a backbone carrier core, configure the following on the CSC core routers:
•An IGP routing protocol—BGP, OSPF, IS-IS, EIGRP, static, and so on.
•Label Distribution Protocol (LDP). For information, see How to Configure MPLS LDP.
Verifying IP Connectivity and LDP Configuration in the CSC Core
Perform this task to verify IP connectivity and LDP configuration in the CSC core.
SUMMARY STEPS
1. enable
2. ping [protocol] {host-name | system-address}
3. trace [protocol] [destination]
4. show mpls forwarding-table [vrf vrf-name] [{network {mask | length} | labels label [- label] | interface interface | next-hop address | lsp-tunnel [tunnel-id]}] [detail]
5. show mpls ldp discovery [vrf vrf-name | all]
6. show mpls ldp neighbor [[vrf vrf-name] [address | interface] [detail] | all]
7. show ip cef [vrf vrf-name] [network [mask]] [longer-prefixes] [detail]
8. show mpls interfaces [[vrf vrf-name] [interface] [detail] | all]
9. show ip route
10. disable
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
ping [protocol] {host-name | system-address}
Example:
Router# ping ip 10.1.0.0
|
(Optional) Diagnoses basic network connectivity on AppleTalk, CLNS, IP, Novell, Apollo, VINES, DECnet, or XNS networks.
•Use the ping ip command to verify the connectivity from one CSC core router to another.
|
Step 3
|
trace [protocol] [destination]
Example:
Router# trace ip 10.2.0.0
|
(Optional) Discovers the routes that packets will actually take when traveling to their destination.
•Use the trace command to verify the path that a packet goes through before reaching the final destination. The trace command can help isolate a trouble spot if two routers cannot communicate.
|
Step 4
|
show mpls forwarding-table [vrf vrf-name]
[{network {mask | length} | labels label
[- label] | interface interface | next-hop
address | lsp-tunnel [tunnel-id]}] [detail]
Example:
Router# show mpls forwarding-table
|
(Optional) Displays the contents of the MPLS label forwarding information base (LFIB).
•Use the show mpls forwarding-table command to verify that MPLS packets are being forwarded.
|
Step 5
|
show mpls ldp discovery [vrf vrf-name | all]
Example:
Router# show mpls ldp discovery
|
(Optional) Displays the status of the LDP discovery process.
•Use the show mpls ldp discovery command to verify that LDP is operational in the CSC core.
|
Step 6
|
show mpls ldp neighbor [[vrf vrf-name] [address
| interface] [detail] | all]
Example:
Router# show mpls ldp neighbor
|
(Optional) Displays the status of LDP sessions.
•Use the show mpls ldp neighbor command to verify LDP configuration in the CSC core.
|
Step 7
|
show ip cef [vrf vrf-name] [network [mask]]
[longer-prefixes] [detail]
Example:
Router# show ip cef
|
(Optional) Displays entries in the forwarding information base (FIB).
•Use the show ip cef command to check the forwarding table (prefixes, next hops, and interfaces).
|
Step 8
|
show mpls interfaces [[vrf vrf-name]
[interface] [detail] | all]
Example:
Router# show mpls interfaces
|
(Optional) Displays information about one or more or all interfaces that are configured for label switching.
•Use the show mpls interfaces command to verify that the interfaces are configured to use LDP.
|
Step 9
|
show ip route
Example:
Router# show ip route
|
(Optional) Displays IP routing table entries.
•Use the show ip route command to display the entire routing table, including host IP address, next hop, interface, and so forth.
|
Step 10
|
disable
Example:
Router# disable
|
(Optional) Returns to privileged EXEC mode.
|
Troubleshooting Tips
You can use the ping and trace commands to verify complete MPLS connectivity in the core. You also get useful troubleshooting information from the additional show commands.
Configuring VRFs for CSC-PE Routers
Perform this task to configure VPN forwarding/routing instances (VRFs) for the backbone carrier edge (CSC-PE) routers.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip vrf vrf-name
4. rd route-distinguisher
5. route-target {import | export | both} route-target-ext-community
6. import map route-map
7. exit
8. interface type number
9. ip vrf forwarding vrf-name
10. end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
ip vrf vrf-name
Example:
Router(config)# ip vrf vpn1
|
Defines the VPN routing instance by assigning a VRF name and enters VRF configuration mode.
•The vrf-name argument is the name assigned to a VRF.
|
Step 4
|
rd route-distinguisher
Example:
Router(config-vrf)# rd 100:1
|
Creates routing and forwarding tables.
•The route-distinguisher argument adds an 8-byte value to an IPv4 prefix to create a VPN IPv4 prefix. You can enter an RD in either of these formats:
–16-bit AS number: your 32-bit number, for example, 101:3
–32-bit IP address: your 16-bit number, for example, 192.168.122.15:1
|
Step 5
|
route-target {import | export | both}
route-target-ext-community
Example:
Router(config-vrf)# route-target import 100:1
|
Creates a route-target extended community for a VRF.
•The import keyword imports routing information from the target VPN extended community.
•The export keyword exports routing information to the target VPN extended community.
•The both keyword imports routing information from and exports routing information to the target VPN extended community.
•The route-target-ext-community argument adds the route-target extended community attributes to the VRF's list of import, export, or both (import and export) route-target extended communities.
|
Step 6
|
import map route-map
Example:
Router(config-vrf)# import map vpn1-route-map
|
(Optional) Configures an import route map for a VRF.
•The route-map argument specifies the route map to be used as an import route map for the VRF.
|
Step 7
|
exit
Example:
Router(config-vrf)# exit
|
(Optional) Exits to global configuration mode.
|
Step 8
|
interface type number
Example:
Router(config)# interface Ethernet5/0
|
Specifies the interface to configure.
•The type argument specifies the type of interface to be configured.
•The number argument specifies the port, connector, or interface card number.
|
Step 9
|
ip vrf forwarding vrf-name
Example:
Router(config-if)# ip vrf forwarding vpn1
|
Associates a VRF with the specified interface or subinterface.
•The vrf-name argument is the name assigned to a VRF.
|
Step 10
|
end
Router(config-if)# end
|
(Optional) Exits to privileged EXEC mode.
|
Troubleshooting Tips
Enter a show ip vrf detail command and make sure the MPLS VPN is up and associated with the right interfaces.
Configuring Multiprotocol BGP for VPN Connectivity in the Backbone Carrier
Perform this task to configure Multiprotocol BGP (MP-BGP) connectivity in the backbone carrier.
SUMMARY STEPS
1. enable
2. configure terminal
3. router bgp as-number
4. no bgp default ipv4-unicast
5. neighbor {ip-address | peer-group-name} remote-as as-number
6. neighbor {ip-address | peer-group-name} update-source interface-type
7. address-family vpnv4 [unicast]
8. neighbor {ip-address | peer-group-name} send-community extended
9. neighbor {ip-address | peer-group-name} activate
10. end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
router bgp as-number
Example:
Router(config)# router bgp 100
|
Configures a BGP routing process and enters router configuration mode.
•The as-number argument indicates the number of an autonomous system that identifies the router to other BGP routers and tags the routing information passed along. Valid numbers are from 0 to 65535. Private autonomous system numbers that can be used in internal networks range from 64512 to 65535.
|
Step 4
|
no bgp default ipv4-unicast
Example:
Router(config-router)# no bgp default
ipv4-unicast
|
(Optional) Disables the IPv4 unicast address family on all neighbors.
•Use the no form of the bgp default-unicast command if you are using this neighbor for MPLS routes only.
|
Step 5
|
neighbor {ip-address | peer-group-name}
remote-as as-number
Example:
Router(config-router)# neighbor 10.5.5.5
remote-as 100
|
Adds an entry to the BGP or multiprotocol BGP neighbor table.
•The ip-address argument specifies the IP address of the neighbor.
•The peer-group-name argument specifies the name of a BGP peer group.
•The as-number argument specifies the autonomous system to which the neighbor belongs.
|
Step 6
|
neighbor {ip-address | peer-group-name}
update-source interface-type
Example:
Router(config-router)# neighbor 10.2.0.0
update-source loopback0
|
Allows BGP sessions to use a specific operational interface for TCP connections.
•The ip-address argument specifies the IP address of the BGP-speaking neighbor.
•The peer-group-name argument specifies the name of a BGP peer group.
•The interface-type argument specifies the interface to be used as the source.
|
Step 7
|
address-family vpnv4 [unicast]
Example:
Router(config-router)# address-family vpnv4
|
Enters address family configuration mode for configuring routing sessions, such as BGP, that use standard VPNv4 address prefixes.
•The optional unicast keyword specifies VPNv4 unicast address prefixes.
|
Step 8
|
neighbor {ip-address | peer-group-name}
send-community extended
Example:
Router(config-router-af)# neighbor 10.0.0.1
send-community extended
|
Specifies that a communities attribute should be sent to a BGP neighbor.
•The ip-address argument specifies the IP address of the BGP-speaking neighbor.
•The peer-group-name argument specifies the name of a BGP peer group.
|
Step 9
|
neighbor {ip-address | peer-group-name}
activate
Example:
Router(config-router-af)# neighbor 10.4.0.0
activate
|
Enables the exchange of information with a neighboring BGP router.
•The ip-address argument specifies the IP address of the neighbor.
•The peer-group-name argument specifies the name of a BGP peer group.
|
Step 10
|
end
Example:
Router(config-router-af)# end
|
(Optional) Exits to privileged EXEC mode.
|
Troubleshooting Tips
You can enter a show ip bgp neighbor command to verify that the neighbors are up and running. If this command is not successful, enter a debug ip bgp x.x.x.x events command, where x.x.x.x is the IP address of the neighbor.
Configuring the CSC-PE and CSC-CE Routers
Perform the following tasks to configure and verify links between a CSC-PE router and the carrier CSC-CE router for an MPLS VPN CSC network that uses BGP to distribute routes and MPLS labels.
•Configuring CSC-PE Routers (required)
•Configuring CSC-CE Routers (required)
•Verifying Labels in the CSC-PE Routers (optional)
•Verifying Labels in the CSC-CE Routers (optional)
Figure 3 shows the configuration for the peering with directly connected interfaces between CSC-PE and CSC-CE routers. This configuration is used as the example in the tasks that follow.
Figure 3 Configuration for Peering with Directly Connected Interfaces Between CSC-PE and CSC-CE Routers
Configuring CSC-PE Routers
Perform this task to configure the CSC-PE routers.
SUMMARY STEPS
1. enable
2. configure terminal
3. router bgp as-number
4. address-family ipv4 [multicast | unicast | vrf vrf-name]
5. neighbor {ip-address | peer-group-name} remote-as as-number
6. neighbor {ip-address | peer-group-name} activate
7. neighbor ip-address as-override
8. neighbor ip-address send-label
9. exit-address-family
10. end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
router bgp as-number
Example:
Router(config)# router bgp 100
|
Configures a BGP routing process and enters router configuration mode.
•The as-number argument indicates the number of an autonomous system that identifies the router to other BGP routers and tags the routing information passed along. Valid numbers are from 0 to 65535. Private autonomous system numbers that can be used in internal networks range from 64512 to 65535.
|
Step 4
|
address-family ipv4 [multicast | unicast | vrf
vrf-name]
Example:
Router(config-router)# address-family ipv4 vrf
vpn1
|
Specifies the IPv4 address family type and enters address family configuration mode.
•The multicast keyword specifies IPv4 multicast address prefixes.
•The unicast keyword specifies IPv4 unicast address prefixes.
•The vrf vrf-name keyword and argument specify the name of the VRF to associate with subsequent IPv4 address family configuration mode commands.
|
Step 5
|
neighbor {ip-address | peer-group-name}
remote-as as-number
Example:
Router(config-router-af)# neighbor 10.0.0.1
remote-as 200
|
Adds an entry to the BGP or multiprotocol BGP neighbor table.
•The ip-address argument specifies the IP address of the neighbor.
•The peer-group-name argument specifies the name of a BGP peer group.
•The as-number argument specifies the autonomous system to which the neighbor belongs.
|
Step 6
|
neighbor {ip-address | peer-group-name}
activate
Example:
Router(config-router-af)# neighbor 10.0.0.2
activate
|
Enables the exchange of information with a neighboring BGP router.
•The ip-address argument specifies the IP address of the neighbor.
•The peer-group-name argument specifies the name of a BGP peer group.
|
Step 7
|
neighbor ip-address as-override
Example:
Router(config-router-af)# neighbor 10.0.0.2
as-override
|
Configures a PE router to override the autonomous system number (ASN) of a site with the ASN of a provider.
•The ip-address argument specifies the IP address of the router that is to be overridden with the ASN provided.
|
Step 8
|
neighbor ip-address send-label
Example:
Router(config-router-af)# neighbor 10.0.0.2
send-label
|
Enables a BGP router to send MPLS labels with BGP routes to a neighboring BGP router.
•The ip-address argument specifies the IP address of the neighboring router.
|
Step 9
|
exit-address-family
Example:
Router(config-router-af)# exit-address-family
|
Exits address family configuration mode.
|
Step 10
|
end
Example:
Router(config-router)# end
|
(Optional) Exits to privileged EXEC mode.
|
Troubleshooting Tips
Enter a show ip bgp neighbor command to verify that the neighbors are up and running. Make sure you see the following line in the command output under Neighbor capabilities:
IPv4 MPLS Label capability:advertised and received
Configuring CSC-CE Routers
Perform this task to configure the CSC-CE routers.
SUMMARY STEPS
1. enable
2. configure terminal
3. router bgp as-number
4. address-family ipv4 [multicast | unicast | vrf vrf-name]
5. redistribute protocol
6. neighbor {ip-address | peer-group-name} remote-as as-number
7. neighbor {ip-address | peer-group-name} activate
8. neighbor ip-address send-label
9. exit-address-family
10. end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
Example:
Router(config)# router bgp 200
|
Configures a BGP routing process and enters router configuration mode.
•The as-number argument indicates the number of an autonomous system that identifies the router to other BGP routers and tags the routing information passed along. Valid numbers are from 0 to 65535. Private autonomous system numbers that can be used in internal networks range from 64512 to 65535.
|
Step 4
|
address-family ipv4 [multicast | unicast | vrf
vrf-name]
Example:
Router(config-router)# address-family ipv4
|
Specifies the IPv4 address family type and enters address family configuration mode.
•The multicast keyword specifies IPv4 multicast address prefixes.
•The unicast keyword specifies IPv4 unicast address prefixes.
•The vrf vrf-name keyword and argument specify the name of the VRF to associate with subsequent IPv4 address family configuration mode commands.
|
Step 5
|
redistribute protocol
Example:
Router(config-router-af)# redistribute static
|
Redistributes routes from one routing domain into another routing domain.
•The protocol argument specifies the source protocol from which routes are being redistributed. It can be one of the following keywords: bgp, egp, igrp, isis, ospf, mobile, static [ip], connected, and rip.
–The static [ip] keyword redistributes IP static routes. The optional ip keyword is used when you redistribute static routes into IS-IS.
–The connected keyword refers to routes which are established automatically when IP is enabled on an interface. For routing protocols such as OSPF and IS-IS, these routes are redistributed as external to the autonomous system.
|
Step 6
|
neighbor {ip-address | peer-group-name}
remote-as as-number
Example:
Router(config-router-af)# neighbor 10.5.0.2
remote-as 100
|
Adds an entry to the BGP or multiprotocol BGP neighbor table.
•The ip-address argument specifies the IP address of the neighbor.
•The peer-group-name argument specifies the name of a BGP peer group.
•The as-number argument specifies the autonomous system to which the neighbor belongs.
|
Step 7
|
neighbor {ip-address | peer-group-name}
activate
Example:
Router(config-router-af)# neighbor 10.3.0.2
activate
|
Enables the exchange of information with a neighboring BGP router.
•The ip-address argument specifies the IP address of the neighbor.
•The peer-group-name argument specifies the name of a BGP peer group.
|
Step 8
|
neighbor ip-address send-label
Example:
Router(config-router-af)# neighbor 10.0.0.2
send-label
|
Enables a BGP router to send MPLS labels with BGP routes to a neighboring BGP router.
•The ip-address argument specifies the IP address of the neighboring router.
|
Step 9
|
Example:
Router(config-router-af)# exit-address-family
|
Exits from the address family configuration mode.
|
Step 10
|
Example:
Router(config-router)# end
|
(Optional) Exits to privileged EXEC mode.
|
Verifying Labels in the CSC-PE Routers
Perform this task to verify the labels in the CSC-PE routers.
SUMMARY STEPS
1. enable
2. show ip bgp vpnv4 {all | rd route-distinguisher | vrf vrf-name} [summary] [labels]
3. show mpls interfaces [all]
4. show ip route vrf vrf-name [prefix]
5. show ip bgp vpnv4 {all | rd route-distinguisher | vrf vrf-name} [summary] [labels]
6. show ip cef [vrf vrf-name] [network [mask]] [longer-prefixes] [detail]
7. show mpls forwarding-table [vrf vrf-name] [{network {mask | length} | labels label [- label] | interface interface | next-hop address | lsp-tunnel [tunnel-id]}] [detail]
8. traceroute vrf [vrf-name] ip-address
9. disable
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
show ip bgp vpnv4 {all | rd route-distinguisher
| vrf vrf-name} [summary] [labels]
Example:
Router# show ip bgp vpnv4 all summary
|
(Optional) Displays VPN address information from the BGP table.
•Use the show ip bgp vpnv4 all summary command to check that the BGP session is up and running between the CSC-PE routers and the CSC-CE routers. Check the data in the State/PfxRcd column to verify that prefixes are learned during each session.
|
Step 3
|
show mpls interfaces [all]
Example:
Router# show mpls interfaces all
|
(Optional) Displays information about one or more interfaces that have been configured for label switching.
•Use the show mpls interfaces all command to check that MPLS interfaces are up and running, and that LDP-enabled interfaces show that LDP is up and running. Check that LDP is turned off on the VRF because EBGP distributes the labels.
|
Step 4
|
show ip route vrf vrf-name [prefix]
Example:
Router# show ip route vrf vpn1 10.5.5.5
|
(Optional) Displays the IP routing table associated with a VRF.
•Use the show ip route vrf command to check that the prefixes for the PE routers are in the routing table of the CSC-PE routers.
Note If you have multiple paths configured between CSC-PE and CSC-CE, verify that the multiple routes for the same destination learned from the CSC-CE are installed in the corresponding VRF routing table.
|
Step 5
|
show ip bgp vpnv4 {all | rd route-distinguisher
| vrf vrf-name} [summary] [labels]
Example:
Router# show ip bgp vpnv4 vrf vpn1 labels
|
(Optional) Displays VPN address information from the BGP table.
•Use the show ip bgp vpnv4 vrf vrf-name labels command to check that the prefixes for the customer carrier MPLS service provider networks are in the BGP table and have the appropriate labels.
Note If you have multiple paths configured between CSC-PE and CSC-CE, verify that the labels for the same destination learned from the CSC-CE are installed in the corresponding VRF routing table.
|
Step 6
|
show ip cef [vrf vrf-name] [network [mask]]
[longer-prefixes] [detail]
Example:
Router# show ip cef vrf vpn1 10.1.0.0 detail
|
(Optional) Displays entries in the forwarding information base (FIB) or displays a summary of the FIB.
•Use the show ip cef vrf and the show ip cef vrf detail commands to check that the prefixes of the PE routers are in the CEF table.
|
Step 7
|
show mpls forwarding-table [vrf vrf-name]
[{network {mask | length} | labels label
[- label] | interface interface | next-hop
address | lsp-tunnel [tunnel-id]}] [detail]
Example:
Router# show mpls forwarding-table vrf vpn1
10.1.0.0 detail
|
(Optional) Displays the contents of the MPLS lable forwarding information base (LFIB).
•Use the show mpls forwarding-table command with the vrf keyword and both the vrf and detail keywords to check that the prefixes for the PE routers in the local customer MPLS VPN service provider are in the LFIB.
Note If you have multiple paths configured between CSC-PE and CSC-CE, verify that the labels for the same destination learned from the CSC-CE are installed in the corresponding VRF table.
|
Step 8
|
traceroute vrf [vrf-name] ip-address
Example:
Router# traceroute vrf vpn2 10.2.0.0
|
Shows the routes that packets follow traveling through a network to their destination.
•Use the traceroute vrf command to check the data path and transport labels from a PE to a destination CE router.
Note This command works with MPLS-aware traceroute only if the backbone routers are configured to propagate and generate IP Time to Live (TTL) information. For more information, see the documentation on the mpls ip propagate-ttl command.
Note If you have multiple paths configured between CSC-PE and CSC-CE, verify that the multiple routes for the same destination learned from the CSC-CE are installed in the corresponding VRF table.
|
Step 9
|
disable
Example:
Router# disable
|
(Optional) Exits to user EXEC mode.
|
Verifying Labels in the CSC-CE Routers
Perform this task to verify the labels in the CSC-CE routers.
SUMMARY STEPS
1. enable
2. show ip bgp summary
3. show ip route [address]
4. show mpls ldp bindings [network {mask | length}]
5. show ip cef [network [mask]] [longer-prefixes] [detail]
6. show mpls forwarding-table [vrf vrf-name] [{network {mask | length} | labels label [- label] | interface interface | next-hop address | lsp-tunnel [tunnel-id]}] [detail]
7. show ip bgp labels
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
show ip bgp summary
Example:
Router# show ip bgp summary
|
(Optional) Displays the status of all BGP connections.
•Use the show ip bgp summary command to check that the BGP session is up and running on the CSC-CE routers.
|
Step 3
|
show ip route [address]
Example:
Router# show ip route |
(Optional) Displays IP routing table entries.
•Use the show ip route command to check that the loopback address of the local and remote PE routers are in the routing table.
Note If you have multiple paths configured between CSC-PE and CSC-CE, verify that the multiple routes for the same destination learned from the CSC-CE are installed in the corresponding VRF table.
|
Step 4
|
show mpls ldp bindings [network {mask |
length}]
Example:
Router# show mpls ldp bindings 10.2.0.0
255.255.255.255
|
(Optional) Displays the contents of the label information base (LIB).
•Use the show mpls ldp bindings command to check that the prefix of the local PE router is in the MPLS LDP bindings.
|
Step 5
|
show ip cef [network [mask]] [longer-prefixes]
[detail]
Example:
Router# show ip cef 10.5.0.0 detail
|
(Optional) Displays entries in the forwarding information base (FIB) or a summary of the FIB.
•Use the show ip cef and the show ip cef detail commands to check that the prefixes of the local and remote PE routers are in the Cisco Express Forwarding table.
Note If you have multiple paths configured between CSC-PE and CSC-CE, verify that the multiple routes and the labels for the same destination learned from the CSC-CE are installed in the corresponding VRF table.
|
Step 6
|
show mpls forwarding-table [vrf vrf-name]
[{network {mask | length} | labels label
[- label] | interface interface | next-hop
address | lsp-tunnel [tunnel-id]}] [detail]
Example:
Router# show mpls forwarding-table 10.2.0.0
detail
|
(Optional) Displays the contents of the MPLS LFIB.
•Use the show mpls forwarding-table and show mpls forwarding-table detail commands to check that the prefixes of the local and remote PE routers are in the MPLS forwarding table.
Note If you have multiple paths configured between CSC-PE and CSC-CE, verify that the multiple routes and labels for the same destination learned from the CSC-CE are installed in the corresponding VRF routing table.
|
Step 7
|
show ip bgp labels
Example:
Router# show ip bgp labels
|
(Optional) Displays information about MPLS labels from the EBGP route table.
•Use the show ip bgp labels command to check that the BGP routing table contains labels for prefixes in the customer carrier MPLS VPN service provider networks.
|
Configuring the Customer Carrier Network
Perform the following tasks to configure and verify the customer carrier network. This requires setting up connectivity and routing functions for the customer carrier core (P) routers and the customer carrier edge (PE) routers.
•Verifying IP Connectivity in the Customer Carrier (optional)
•Configuring a Customer Carrier Core Router as a Route Reflector (optional)
Prerequisites
Before you configure an MPLS VPN CSC network that uses BGP to distribute routes and MPLS labels, you must configure the following on your customer carrier routers:
•An IGP routing protocol—BGP, OSPF, IS-IS, EIGRP, static, and so on. For information, see Configuring a Basic BGP Network, Configuring OSPF, Configuring a Basic IS-IS Network, and Configuring EIGRP.
•MPLS VPN functionality on the PE routers (for hierarchical VPNs only).
•Label Distribution Protocol (LDP) on P and PE routers (for hierarchical VPNs only). For information, see How to Configure MPLS LDP.
Note You must configure the items in the preceding list before performing the tasks in this section.
Verifying IP Connectivity in the Customer Carrier
Perform this task to verify IP connectivity in the customer carrier.
SUMMARY STEPS
1. enable
2. ping [protocol] {host-name | system-address}
3. trace [protocol] [destination]
4. show ip route
5. disable
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
ping [protocol] {host-name | system-address}
Example:
Router# ping ip 10.2.0.0
|
Diagnoses basic network connectivity on AppleTalk, CLNS, IP, Novell, Apollo, VINES, DECnet, or XNS networks.
•Use the ping command to verify the connectivity from one customer carrier core router to another.
|
Step 3
|
trace [protocol] [destination]
Example:
Router# trace ip 10.1.0.0
|
Discovers the routes that packets will actually take when traveling to their destination.
•Use the trace command to verify the path that a packet goes through before reaching the final destination. The trace command can help isolate a trouble spot if two routers cannot communicate.
|
Step 4
|
show ip route
Example:
Router# show ip route
|
Displays IP routing table entries.
•Use the show ip route command to display the entire routing table, including host IP address, next hop, interface, and so forth.
|
Step 5
|
disable
Example:
Router# disable
|
Returns to user mode.
|
Configuring a Customer Carrier Core Router as a Route Reflector
Perform this task to configure a customer carrier core (P) router as a route reflector of multiprotocol BGP prefixes.
SUMMARY STEPS
1. enable
2. configure terminal
3. router bgp as-number
4. neighbor {ip-address | peer-group-name} remote-as as-number
5. address-family vpnv4 [unicast]
6. neighbor {ip-address | peer-group-name} activate
7. neighbor ip-address route-reflector-client
8. exit-address-family
9. end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
router bgp as-number
Example:
Router(config)# router bgp 200
|
Configures a BGP routing process and enters router configuration mode.
•The as-number argument indicates the number of an autonomous system that identifies the router to other BGP routers and labels the routing information passed along. Valid numbers are from 0 to 65535. Private autonomous system numbers that can be used in internal networks range from 64512 to 65535.
|
Step 4
|
neighbor {ip-address | peer-group-name}
remote-as as-number
Example:
Router(config-router)# neighbor 10.1.1.1
remote-as 100
|
Adds an entry to the BGP or multiprotocol BGP neighbor table.
•The ip-address argument specifies the IP address of the neighbor.
•The peer-group-name argument specifies the name of a BGP peer group.
•The as-number argument specifies the autonomous system to which the neighbor belongs.
|
Step 5
|
address-family vpnv4 [unicast]
Example:
Router(config-router)# address-family vpnv4
|
Enters address family configuration mode for configuring routing sessions, such as BGP, that use standard VPNv4 address prefixes.
•The optional unicast keyword specifies VPNv4 unicast address prefixes.
|
Step 6
|
neighbor {ip-address | peer-group-name}
activate
Example:
Router(config-router-af)# neighbor 10.1.1.1
activate
|
Enables the exchange of information with a neighboring BGP router.
•The ip-address argument specifies the IP address of the neighbor.
•The peer-group-name argument specifies the name of a BGP peer group.
|
Step 7
|
neighbor ip-address route-reflector-client
Example:
Router(config-router-af)# neighbor 10.1.1.1
route-reflector-client
|
Configures the router as a BGP route reflector and configures the specified neighbor as its client.
•The ip-address argument specifies the IP address of the BGP neighbor being identified as a client.
|
Step 8
|
exit-address-family
Example:
Router(config-router-af)# exit-address-family
|
Exits address family configuration mode.
|
Step 9
|
end
Example:
Router(config-router)# end
|
(Optional) Exits to privileged EXEC mode.
|
Troubleshooting Tips
By default, neighbors that are defined using the neighbor remote-as command in router configuration mode exchange only unicast address prefixes. For neighbors to exchange other address prefix types, such as multicast and VPNv4, you must also activate neighbors using the neighbor activate command in address family configuration mode, as shown.
Route reflectors and clients (neighbors or internal BGP peer groups) that are defined in router configuration mode using the neighbor route-reflector-client command reflect unicast address prefixes to and from those clients by default. To cause them to reflect prefixes for other address families, such as multicast, define the reflectors and clients in address family configuration mode, using the neighbor route-reflector-client command, as shown.
Configuring the Customer Site for Hierarchical VPNs
Note This section applies only to customer carrier networks that use BGP to distribute routes and MPLS labels.
Perform the following tasks to configure and verify the customer site for hierarchical VPNs:
•Defining VPNs on PE Routers for Hierarchical VPNs (required)
•Configuring BGP Routing Sessions on the PE Routers for Hierarchical VPNs (required)
•Verifying Labels in Each PE Router for Hierarchical VPNs (optional)
•Configuring CE Routers for Hierarchical VPNs (required)
•Verifying IP Connectivity in the Customer Site (optional)
Note This section applies to hierarchical VPNs only.
Defining VPNs on PE Routers for Hierarchical VPNs
Perform this task to define VPNs on PE routers.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip vrf vrf-name
4. rd route-distinguisher
5. route-target {import | export | both} route-target-ext-community
6. import map route-map
7. ip vrf forwarding vrf-name
8. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
ip vrf vrf-name
Example:
Router(config)# ip vrf vpn2
|
Creates a VRF routing table and a Cisco Express Forwarding table and enters VRF configuration mode.
•The vrf-name argument is a name you assign to a VRF.
|
Step 4
|
rd route-distinguisher
Example:
Router(config-vrf)# rd 200:1
|
Creates routing and forwarding tables for a VRF.
•The route-distinguisher argument adds an 8-byte value to an IPv4 prefix to create a VPN IPv4 prefix.
|
Step 5
|
route-target {import | export | both}
route-target-ext-community
Example:
Router(config-vrf)# route-target export 200:1
|
Creates a route-target extended community for a VRF.
•The import keyword imports routing information from the target VPN extended community.
•The export keyword exports routing information to the target VPN extended community.
•The both keyword imports routing information from and export routing information to the target VPN extended community.
•The route-target-ext-community argument adds the route-target extended community attributes to the VRF's list of import, export, or both (import and export) route-target extended communities.
|
Step 6
|
import map route-map
Example:
Router(config-vrf)# import map map23
|
Configures an import route map for a VRF.
•The route-map argument specifies the route map to be used as an import route map for the VRF.
|
Step 7
|
ip vrf forwarding vrf-name
Example:
Router(config-vrf)# ip vrf forwarding vpn2
|
Associates a VPN VRF instance with an interface or subinterface.
•The vrf-name argument is the name assigned to a VRF.
|
Step 8
|
exit
Example:
Router(config-vrf)# exit
|
Exits to global configuration mode.
|
Configuring BGP Routing Sessions on the PE Routers for Hierarchical VPNs
Perform this task to configure BGP routing sessions on the PE routers for PE-to-CE router communication.
SUMMARY STEPS
1. enable
2. configure terminal
3. router bgp as-number
4. address-family ipv4 [multicast | unicast | vrf vrf-name]
5. neighbor {ip address | peer-group-name} remote-as as-number
6. neighbor {ip-address | peer-group-name} activate
7. end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
router bgp as-number
Example:
Router(config)# router bgp 200
|
Configures the router to run a BGP process and enters router configuration mode.
•The as-number argument indicates the number of an autonomous system that identifies the router to other BGP routers and tags the routing information passed along. Valid numbers are from 0 to 65535. Private autonomous system numbers that can be used in internal networks range from 64512 to 65535.
|
Step 4
|
address-family ipv4 [multicast | unicast | vrf
vrf-name]
Example:
Router(config-router)# address-family ipv4
multicast
|
Specifies the IPv4 address family type and enters address family configuration mode.
•The multicast keyword specifies IPv4 multicast address prefixes.
•The unicast keyword specifies IPv4 unicast address prefixes.
•The vrf vrf-name keyword and argument specify the name of the VRF to associate with subsequent IPv4 address family configuration mode commands.
|
Step 5
|
neighbor {ip-address | peer-group-name}
remote-as as-number
Example:
Router(config-router-af)# neighbor 10.5.5.5
remote-as 300
|
Adds an entry to the BGP or multiprotocol BGP neighbor table.
•The ip-address argument specifies the IP address of the neighbor.
•The peer-group-name argument specifies the name of a BGP peer group.
•The as-number argument specifies the autonomous system to which the neighbor belongs.
|
Step 6
|
neighbor {ip-address | peer-group-name}
activate
Example:
Router(config-router-af)# neighbor 10.1.0.0
activate
|
Enables the exchange of information with a neighboring router.
•The ip-address argument specifies the IP address of the neighbor.
•The peer-group-name argument specifies the name of a BGP peer group.
|
Step 7
|
end
Example:
Router(config-router-af)# end
|
(Optional) Exits to privileged EXEC mode.
|
Verifying Labels in Each PE Router for Hierarchical VPNs
Perform this task to verify labels in each PE router for hierarchical VPNs.
SUMMARY STEPS
1. enable
2. show ip route vrf vrf-name [prefix]
3. show mpls forwarding-table [vrf vrf-name] [prefix] [detail]
4. show ip cef [network [mask [longer-prefix]]] [detail]
5. show ip cef vrf vrf-name [ip-prefix]
6. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
show ip route vrf vrf-name [prefix]
Example:
Router# show ip route vrf vpn2 10.5.5.5
|
(Optional) Displays the IP routing table associated with a VRF.
•Use the show ip route vrf command to check that the loopback addresses of the local and remote CE routers are in the routing table of the PE routers.
|
Step 3
|
show mpls forwarding-table [vrf vrf-name]
[prefix] [detail]
Example:
Router# show mpls forwarding-table vrf vpn2
10.1.0.0
|
(Optional) Displays the contents of the LFIB.
•Use the show mpls forwarding-table command to check that the prefixes for the local and remote CE routers are in the MPLS forwarding table, and that the specified prefix is untagged.
|
Step 4
|
show ip cef [network [mask [longer-prefix]]]
[detail]
Example:
Router# show ip cef 10.2.0.0
|
(Optional) Displays specific entries in the FIB based on IP address information.
•Use the show ip cef command to check that the prefixes of the local and remote PE routers are in the Cisco Express Forwarding table.
|
Step 5
|
show ip cef vrf vrf-name [ip-prefix]
Example:
Router# show ip cef vrf vpn2 10.3.0.0
|
(Optional) Displays the Cisco Express Forwarding table associated with a VRF.
•Use the show ip cef vrf command to check that the prefix of the remote CE router is in the Cisco Express Forwarding table.
|
Step 6
|
exit
Example:
Router# exit
|
(Optional) Exits to user EXEC mode.
|
Configuring CE Routers for Hierarchical VPNs
Perform this task to configure CE routers for hierarchical VPNs. This configuration is the same as that for an MPLS VPN that is not in a hierarchical topology.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip cef [distributed]
4. interface type number
5. ip address ip-address mask [secondary]
6. exit
7. router bgp as-number
8. redistribute protocol
9. neighbor {ip-address | peer-group-name} remote-as as-number
10. end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
ip cef [distributed]
Example:
Router(config)# ip cef distributed
|
Enables Cisco Express Forwarding on the route processor card.
•The distributed keyword enables distributed Cisco Express Forwarding operation. Cisco Express Forwarding information is distributed to the line cards. Line cards perform express forwarding.
Note For the Cisco ASR 1000 Series Aggregation Services Router, the distributed keyword is required.
|
Step 4
|
interface type number
Example:
Router(config)# interface loopback 0
|
Configures an interface type and enters interface configuration mode.
•The type argument specifies the type of interface to be configured.
–A loopback interface indicates a software-only interface that emulates an interface that is always up. It is a virtual interface supported on all platforms.
•The number argument is the number of the loopback interface that you want to create or configure. There is no limit on the number of loopback interfaces you can create.
|
Step 5
|
ip address ip-address mask [secondary]
Example:
Router(config-if)# ip address 10.8.0.0
255.255.255.255
|
Sets a primary or secondary IP address for an interface.
•The ip-address argument is the IP address.
•The mask argument is the mask for the associated IP subnet.
•The secondary keyword specifies that the configured address is a secondary IP address. If this keyword is omitted, the configured address is the primary IP address.
|
Step 6
|
exit
Example:
Router(config-if)# exit
|
Exits interface configuration mode.
|
Step 7
|
router bgp as-number
Example:
Router(config)# router bgp 100
|
Configures a BGP routing process and enters router configuration mode.
•The as-number argument indicates the number of an autonomous system that identifies the router to other BGP routers and tags the routing information passed along. Valid numbers are from 0 to 65535. Private autonomous system numbers that can be used in internal networks range from 64512 to 65535.
|
Step 8
|
redistribute protocol
Example:
Router(config-router)# redistribute connected
|
Redistributes routes from one routing domain into another routing domain.
•The protocol argument specifies the source protocol from which routes are being redistributed. It can be one of the following keywords: bgp, connected, egp, igrp, isis, mobile, ospf, static [ip], or rip.
The connected keyword refers to routes that are established automatically when IP is enabled on an interface. For routing protocols such as Open Shortest Path First (OSPF) and IS-IS, these routes are redistributed as external to the autonomous system.
|
Step 9
|
neighbor {ip-address | peer-group-name}
remote-as as-number
Example:
Router(config-router)# neighbor 10.8.0.0
remote-as 100
|
Adds the IP address of the neighbor in the remote autonomous system to the multiprotocol BGP neighbor table of the local router.
•The ip-address argument specifies the IP address of the neighbor.
•The peer-group-name argument specifies the name of a BGP peer group.
•The as-number argument specifies the autonomous system to which the neighbor belongs.
|
Step 10
|
end
Example:
Router(config-router)# end
|
(Optional) Exits to privileged EXEC mode.
|
Verifying IP Connectivity in the Customer Site
Perform this task to verify IP connectivity in the customer site.
SUMMARY STEPS
1. enable
2. show ip route [ip-address [mask] [longer-prefixes] | protocol [process-id] | list [access-list-number | access-list-name] | static download]
3. ping [protocol] {host-name | system-address}
4. trace [protocol] [destination]
5. disable
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
show ip route [ip-address [mask]
[longer-prefixes] | protocol [process-id] |
list [access-list-number | access-list-name] |
static download]
Example:
Router# show ip route 10.5.5.5
|
(Optional) Displays the current state of the routing table.
•Use the show ip route ip-address command to check that the loopback addresses of the remote CE routers learned through the PE router are in the routing table of the local CE routers.
|
Step 3
|
ping [protocol] {host-name | system-address}
Example:
Router# ping 10.5.5.5
|
Diagnoses basic network connectivity on Apollo, AppleTalk, Connectionless Network Service (CLNS), DECnet, IP, Novell IPX, VINES, or XNS networks.
•Use the ping command to check connectivity between customer site routers.
|
Step 4
|
trace [protocol] [destination]
Example:
Router# trace ip 10.5.5.5
|
Discovers the routes that packets will actually take when traveling to their destination.
•Use the trace command to follow the path of the packets in the customer site.
•To use nondefault parameters and invoke an extended trace test, enter the trace command without a destination argument. You will be stepped through a dialog to select the desired parameters.
|
Step 5
|
disable
Example:
Router# disable
|
(Optional) Exits to user EXEC mode.
|
Configuration Examples for MPLS VPN CSC with BGP
Configuration examples for the MPLS VPN CSC with BGP include the following:
•Configuring the Backbone Carrier Core: Examples
•Configuring the Links Between CSC-PE and CSC-CE Routers: Examples
•Configuring the Customer Carrier Network: Examples
•Configuring the Customer Site for Hierarchical VPNs: Examples
Figure 4 shows a sample CSC topology for exchanging IPv4 routes and MPLS labels. Use this figure as a reference for configuring and verifying carrier supporting carrier routers to exchange IPv4 routes and MPLS labels.
Figure 4 Sample CSC Topology for Exchanging IPv4 Routes and MPLS Labels
Table 1 describes the sample configuration shown in Figure 4.
Table 1 Description of Sample Configuration Shown in Figure 4
Routers
|
Description
|
CE1 and CE2
|
Belong to an end customer. CE1 and CE2 routers exchange routes learned from PE routers.
The end customer is purchasing VPN services from a customer carrier.
|
PE1 and PE2
|
Part of a customer carrier network that is configured to provide MPLS VPN services. PE1 and PE2 are peering with a VPNv4 IBGP session to form an MPLS VPN network.
|
CSC-CE1 and CSC-CE2
|
Part of a customer carrier network. CSC-CE1 and CSC-CE2 routers exchange IPv4 BGP updates with MPLS labels and redistribute PE loopback addressees to and from the IGP (OSPF in this example).
The customer carrier is purchasing carrier supporting carrier VPN services from a backbone carrier.
|
CSC-PE1 and CSC-PE2
|
Part of the backbone carrier's network configured to provide carrier supporting carrier VPN services. CSC-PE1 and CSC-PE2 are peering with a VPNv4 IP BGP session to form the MPLS VPN network. In the VRF, CSC-PE1 and CSC-PE2 are peering with the CSC-CE routers, which are configured for carrying MPLS labels with the routes, with an IPv4 EBGP session.
|
Configuring the Backbone Carrier Core: Examples
Configuration and verification examples for the backbone carrier core included in this section are as follows:
•Verifying IP Connectivity and LDP Configuration in the CSC Core: Example
•Configuring VRFs for CSC-PE Routers: Example
•Configuring Multiprotocol BGP for VPN Connectivity in the Backbone Carrier: Example
Verifying IP Connectivity and LDP Configuration in the CSC Core: Example
Check that CSC-PE2 is reachable from CSC-PE1 by entering the following command on CSC-CE1:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.5.5.5, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
Verify the path from CSC-PE1 to CSC-PE2 by entering the following command on CSC-CE1:
Type escape sequence to abort.
Tracing the route to 10.5.5.5
1 10.5.5.5 0 msec 0 msec *
Check that CSC-PE router prefixes are in the MPLS forwarding table:
Router# show mpls forwarding-table
Local Outgoing Prefix or Bytes tag Outgoing Next Hop
tag tag or VC Tunnel Id switched interface
16 2/nn dd.dd.dd.dd/32 0 AT2/1/0.1 point2point
17 16 bb.bb.bb.bb/32[V] 30204 Et1/0 pp.0.0.1
21 Pop tag cc.cc.cc.cc/32[V] 0 Et1/0 pp.0.0.1
22 Pop tag nn.0.0.0/8[V] 570 Et1/0 pp.0.0.1
23 Aggregate pp.0.0.0/8[V] 0
2 2/nn gg.gg.gg.gg/32[V] 0 AT3/0.1 point2point
8 2/nn hh.hh.hh.hh/32[V] 15452 AT3/0.1 point2point
29 2/nn qq.0.0.0/8[V] 0 AT3/0.1 point2point
30 2/nn ss.0.0.0/8[V] 0 AT3/0.1 point2point
Check the status of LDP discovery processes in the core:
Router# show mpls ldp discovery
ATM2/1/0.1 (ldp): xmit/recv
Check the status of LDP sessions in the core:
Router# show mpls ldp neighbor
Peer LDP Ident: dd.dd.dd.dd:1; Local LDP Ident ee.ee.ee.ee:1
TCP connection: dd.dd.dd.dd.646 - ee.ee.ee.ee.11007
State: Oper; Msgs sent/rcvd: 20/21; Downstream on demand
ATM2/1/0.1, Src IP addr: dd.dd.dd.dd
Check the forwarding table (prefixes, next-hops, and interfaces):
Prefix Next Hop Interface
0.0.0.0/0 drop Null0 (default route handler entry)
dd.dd.dd.dd/32 dd.dd.dd.dd ATM2/1/0.1
255.255.255.255/32 receive
Note Also see the "Verifying Labels in the CSC-CE Routers: Examples" section.
Verify that interfaces are configured to use LDP:
Router# show mpls interfaces
Interface IP Tunnel Operational
Ethernet0/1 Yes (ldp) No Yes
Display the entire routing table, including host IP address, next hop, interface, and so forth:
Router# show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
Gateway of last resort is not set
dd.0.0.0/32 is subnetted, 1 subnets
O dd.dd.dd.dd [110/7] via dd.dd.dd.dd, 00:16:42, ATM2/1/0.1
ee.0.0.0/32 is subnetted, 1 subnets
C ee.ee.ee.ee is directly connected, Loopback0
Configuring VRFs for CSC-PE Routers: Example
The following example shows how to configure a VPN routing and forwarding (VRF) instance for a CSC-PE router:
Configuring Multiprotocol BGP for VPN Connectivity in the Backbone Carrier: Example
The following example shows how to configure Multiprotocol BGP (MP-BGP) for VPN connectivity in the backbone carrier:
no bgp default ipv4-unicast
neighbor ee.ee.ee.ee remote-as 100
neighbor ee.ee.ee.ee update-source Loopback0
neighbor ee.ee.ee.ee activate
neighbor ee.ee.ee.ee send-community extended
! (BGP IPv4 to CSC-CE router from CSC-PE router)
address-family ipv4 vrf vpn1
neighbor ss.0.0.2 remote-as 200
neighbor ss.0.0.2 activate
neighbor ss.0.0.2 as-override
neighbor ss.0.0.2 advertisement-interval 5
neighbor ss.0.0.2 send-label
Configuring the Links Between CSC-PE and CSC-CE Routers: Examples
This section contains the following examples:
•Configuring the CSC-PE Routers: Examples
•Configuring the CSC-CE Routers: Examples
•Verifying Labels in the CSC-PE Routers: Examples
•Verifying Labels in the CSC-CE Routers: Examples
Configuring the CSC-PE Routers: Examples
The following example shows how to configure a CSC-PE router:
route-target export 100:1
route-target import 100:1
ip address dd.dd.dd.dd 255.255.255.255
ip address pp.0.0.2 255.0.0.0
no ip route-cache distributed
interface ATM0/1/0.1 mpls
auto-cost reference-bandwidth 1000
redistribute connected subnets
passive-interface Ethernet3/1
network dd.dd.dd.dd 0.0.0.0 area 100
no bgp default ipv4-unicast
neighbor ee.ee.ee.ee remote-as 100
neighbor ee.ee.ee.ee update-source Loopback0
address-family vpnv4 !VPNv4 session with CSC-PE2
neighbor ee.ee.ee.ee activate
neighbor ee.ee.ee.ee send-community extended
address-family ipv4 vrf vpn1
neighbor pp.0.0.1 remote-as 200
neighbor pp.0.0.1 activate
neighbor pp.0.0.1 as-override
neighbor pp.0.0.1 advertisement-interval 5
neighbor pp.0.0.1 send-label
Configuring the CSC-CE Routers: Examples
The following example shows how to configure a CSC-CE router:
ip address cc.cc.cc.cc 255.255.255.255
ip address pp.0.0.1 255.0.0.0
ip address nn.0.0.2 255.0.0.0
auto-cost reference-bandwidth 1000
redistribute connected subnets !Exchange routes
redistribute bgp 200 metric 3 subnets !learned from PE1
passive-interface Ethernet3/0
network cc.cc.cc.cc 0.0.0.0 area 200
network nn.0.0.0 0.255.255.255 area 200
no bgp default ipv4-unicast
neighbor pp.0.0.2 remote-as 100
neighbor pp.0.0.2 update-source Ethernet3/0
redistribute ospf 200 metric 4 match internal
neighbor pp.0.0.2 activate
neighbor pp.0.0.2 send-label
Verifying Labels in the CSC-PE Routers: Examples
The following examples show how to verify the configurations of the CSC-PE routers.
Verify that the BGP session is up and running between the CSC-PE router and the CSC-CE router. Check the data in the State/PfxRcd column to verify that prefixes are learned during each session.
Router# show ip bgp vpnv4 all summary
BBGP router identifier 10.5.5.5, local AS number 100
BGP table version is 52, main routing table version 52
12 network entries and 13 paths using 2232 bytes of memory
6 BGP path attribute entries using 336 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
1 BGP extended community entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Dampening enabled. 0 history paths, 0 dampened paths
BGP activity 16/4 prefixes, 27/14 paths, scan interval 5 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.5.5.5 4 100 7685 7686 52 0 0 21:17:04 6
10.0.0.2 4 200 7676 7678 52 0 0 21:16:43 7
Verify that the MPLS interfaces are up and running, and that LDP-enabled interfaces show that LDP is up and running. LDP is turned off on the VRF because EBGP distributes the labels.
Router# show mpls interfaces all
Interface IP Tunnel Operational
GigabitEthernet6/0 Yes (ldp) No Yes
Verify that the prefix for the local PE router is in the routing table of the CSC-PE router:
Router# show ip route vrf vpn2 10.5.5.5
Routing entry for 10.5.5.5/32
Known via "bgp 100", distance 20, metric 4
Last update from pp.0.0.2 21:28:39 ago
Routing Descriptor Blocks:
* pp.0.0.2, from pp.0.0.2, 21:28:39 ago
Route metric is 4, traffic share count is 1
AS Hops 1, BGP network version 0
Verify that the prefix for the remote PE router is in the routing table of the CSC-PE router:
Router# show ip route vrf vpn2 10.5.5.5
Routing entry for 10.5.5.5/32
Known via "bgp 100", distance 200, metric 4
Last update from 10.1.0.0 21:27:39 ago
Routing Descriptor Blocks:
* 10.1.0.0 (Default-IP-Routing-Table), from 10.1.0.0, 21:27:39 ago
Route metric is 4, traffic share count is 1
AS Hops 1, BGP network version 0
Verify that the prefixes for the customer carrier MPLS VPN service provider networks are in the BGP table, and have appropriate labels:
Router# show ip bgp vpnv4 vrf vpn2 labels
Network Next Hop In label/Out label
Route Distinguisher: 100:1 (vpn1)
cc.cc.cc.cc/32 pp.0.0.2 22/imp-null
bb.bb.bb.bb/32 pp.0.0.2 27/20
hh.hh.hh.hh/32 ee.ee.ee.ee 34/35
gg.gg.gg.gg/32 ee.ee.ee.ee 30/30
nn.0.0.0 pp.0.0.2 23/imp-null
ss.0.0.0 ee.ee.ee.ee 33/34
pp.0.0.0 pp.0.0.2 25/aggregate(vpn1)
Verify that the prefix of the PE router in the local customer carrier MPLS VPN service provider is in the Cisco Express Forwarding table:
Router# show ip cef vrf vpn2 10.1.0.0
10.1.0.0/32, version 19, cached adjacency pp.0.0.2
fast tag rewrite with Et3/1, pp.0.0.2, tags imposed {20}
via pp.0.0.2, 0 dependencies, recursive
next hop pp.0.0.2, Ethernet3/1 via pp.0.0.2/32
tag rewrite with Et3/1, pp.0.0.2, tags imposed {20}
Router# show ip cef vrf vpn2 10.1.0.0 detail
10.1.0.0/32, version 19, cached adjacency pp.0.0.2
fast tag rewrite with Et3/1, pp.0.0.2, tags imposed {20}
via pp.0.0.2, 0 dependencies, recursive
next hop pp.0.0.2, Ethernet3/1 via pp.0.0.2/32
tag rewrite with Et3/1, pp.0.0.2, tags imposed {20}
Verify that the prefix of the PE router in the local customer carrier MPLS VPN service provider is in the MPLS forwarding table:
Router# show mpls forwarding-table vrf vpn2 10.1.0.0
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
27 20 10.1.0.0/32[V] 958048 Et3/1 pp.0.0.2
Router# show mpls forwarding-table vrf vpn2 10.1.0.0 detail
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
27 20 10.1.0.0/32[V] 958125 Et3/1 pp.0.0.2
MAC/Encaps=14/18, MTU=1500, Tag Stack{20}
00B04A74A05400B0C26E10558847 00014000
No output feature configured
Per-packet load-sharing, slots: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Verify that the prefix of the PE router in the remote customer carrier MPLS VPN service provider is in the Cisco Express Forwarding table:
Router# show ip cef vrf vpn2 10.3.0.0
10.3.0.0/32, version 25, cached adjacency rr.0.0.2
fast tag rewrite with Gi6/0, rr.0.0.2, tags imposed {35}
via ee.ee.ee.ee, 0 dependencies, recursive
next hop rr.0.0.2, GigabitEthernet6/0 via ee.ee.ee.ee/32
tag rewrite with Gi6/0, rr.0.0.2, tags imposed {35}
Router# show ip cef vrf vpn2 10.3.0.0 detail
hh.hh.hh.hh/32, version 25, cached adjacency rr.0.0.2
fast tag rewrite with Gi6/0, rr.0.0.2, tags imposed {35}
via ee.ee.ee.ee, 0 dependencies, recursive
next hop rr.0.0.2, GigabitEthernet6/0 via ee.ee.ee.ee/32
tag rewrite with Gi6/0, rr.0.0.2, tags imposed {35}
Verify that the prefix of the PE router in the remote customer carrier MPLS VPN service provider is in the MPLS forwarding table:
Router# show mpls forwarding-table vrf vpn2 10.3.0.0
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
34 35 hh.hh.hh.hh/32[V] 139034 Gi6/0 rr.0.0.2
Router# show mpls forwarding-table vrf vpn2 10.3.0.0 detail
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
34 35 hh.hh.hh.hh/32[V] 139034 Gi6/0 rr.0.0.2
MAC/Encaps=14/18, MTU=1500, Tag Stack{35}
00B0C26E447000B0C26E10A88847 00023000
No output feature configured
Per-packet load-sharing, slots: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Verifying Labels in the CSC-CE Routers: Examples
The following examples show how to verify the configurations of the CSC-CE routers.
Verify that the BGP session is up and running:
Router# show ip bgp summary
BGP router identifier cc.cc.cc.cc, local AS number 200
BGP table version is 35, main routing table version 35
14 network entries and 14 paths using 2030 bytes of memory
3 BGP path attribute entries using 168 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Dampening enabled. 1 history paths, 0 dampened paths
BGP activity 17/67 prefixes, 29/15 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
pp.0.0.1 4 100 7615 7613 35 0 0 21:06:19 5
Verify that the loopback address of the local PE router is in the routing table:
Router# show ip route 10.1.0.0
Routing entry for 10.1.0.0/32
Known via "ospf 200", distance 110, metric 101, type intra area
Redistributing via bgp 200
Advertised by bgp 200 metric 4 match internal
Last update from nn.0.0.1 on Ethernet4/0, 00:34:08 ago
Routing Descriptor Blocks:
* nn.0.0.1, from bb.bb.bb.bb, 00:34:08 ago, via Ethernet4/0
Route metric is 101, traffic share count is 1
Verify that the loopback address of the remote PE router is in the routing table:
Router# show ip route 10.5.5.5
Routing entry for 10.5.5.5/32
Known via "bgp 200", distance 20, metric 0
Redistributing via ospf 200
Advertised by ospf 200 metric 3 subnets
Last update from pp.0.0.1 00:45:16 ago
Routing Descriptor Blocks:
* pp.0.0.1, from pp.0.0.1, 00:45:16 ago
Route metric is 0, traffic share count is 1
AS Hops 2, BGP network version 0
Verify that the prefix of the local PE router is in the MPLS LDP bindings:
Router# show mpls ldp bindings 10.1.0.0 255.255.255.255
tib entry: 10.1.0.0/32, rev 20
remote binding: tsr: 10.1.0.0:0, tag: imp-null
Verify that the prefix of the local PE router is in the Cisco Express Forwarding table:
Router# show ip cef 10.1.0.0
10.1.0.0/32, version 46, cached adjacency nn.0.0.1
via nn.0.0.1, Ethernet4/0, 0 dependencies
next hop nn.0.0.1, Ethernet4/0
tag rewrite with Et4/0, nn.0.0.1, tags imposed {}
Verify that the prefix of the local PE router is in the MPLS forwarding table:
Router# show mpls forwarding-table 10.1.0.0
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
20 Pop tag bb.bb.bb.bb/32 893397 Et4/0 nn.0.0.1
Router# show mpls forwarding-table 10.1.0.0 detail
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
20 Pop tag bb.bb.bb.bb/32 893524 Et4/0 nn.0.0.1
MAC/Encaps=14/14, MTU=1504, Tag Stack{}
00074F83685400B04A74A0708847
No output feature configured
Per-packet load-sharing, slots: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Verify that the BGP routing table contains labels for prefixes in the customer carrier MPLS VPN service provider networks:
Router# show ip bgp labels
Network Next Hop In Label/Out Label
cc.cc.cc.cc/32 0.0.0.0 imp-null/exp-null
bb.bb.bb.bb/32 nn.0.0.1 20/exp-null
hh.hh.hh.hh/32 pp.0.0.1 26/34
gg.gg.gg.gg/32 pp.0.0.1 23/30
nn.0.0.0 0.0.0.0 imp-null/exp-null
pp.0.0.0 0.0.0.0 imp-null/exp-null
pp.0.0.1/32 0.0.0.0 16/exp-null
Verify that the prefix of the remote PE router is in the Cisco Express Forwarding table:
Router# show ip cef 10.5.5.5
10.5.5.5/32, version 54, cached adjacency pp.0.0.1
fast tag rewrite with Et3/0, pp.0.0.1, tags imposed {34}
via pp.0.0.1, 0 dependencies, recursive
next hop pp.0.0.1, Ethernet3/0 via pp.0.0.1/32
tag rewrite with Et3/0, pp.0.0.1, tags imposed {34}
Verify that the prefix of the remote PE router is in the MPLS forwarding table:
Router# show mpls forwarding-table 10.5.5.5
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
26 34 hh.hh.hh.hh/32 81786 Et3/0 pp.0.0.1
Router# show mpls forwarding-table 10.5.5.5 detail
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
26 34 hh.hh.hh.hh/32 81863 Et3/0 pp.0.0.1
MAC/Encaps=14/18, MTU=1500, Tag Stack{34}
00B0C26E105500B04A74A0548847 00022000
No output feature configured
Per-packet load-sharing, slots: 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Configuring the Customer Carrier Network: Examples
Customer carrier configuration and verification examples in this section include:
•Verifying IP Connectivity in the Customer Carrier: Example
•Configuring a Customer Carrier Core Router as a Route Reflector: Example
Verifying IP Connectivity in the Customer Carrier: Example
Verify the connectivity from one customer carrier core router to another (from CE1 to CE2) by entering the following command:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to jj.jj.jj.jj, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/9/12 ms
Verify the path that a packet goes through on its way to its final destination from CE1 to CE2:
Type escape sequence to abort.
Tracing the route to 10.2.0.0
1 mm.0.0.2 0 msec 0 msec 4 msec
2 nn.0.0.2 [MPLS: Labels 20/21 Exp 0] 8 msec 8 msec 12 msec
3 pp.0.0.2 [MPLS: Labels 28/21 Exp 0] 8 msec 8 msec 12 msec
4 ss.0.0.1 [MPLS: Labels 17/21 Exp 0] 8 msec 8 msec 12 msec
5 ss.0.0.2 [MPLS: Labels 16/21 Exp 0] 8 msec 8 msec 12 msec
6 tt.0.0.1 [AS 200] [MPLS: Label 21 Exp 0] 8 msec 8 msec 8 msec
7 tt.0.0.2 [AS 200] 8 msec 4 msec *
Verify the path that a packet goes through on its way to its final destination from CE2 to CE1:
Type escape sequence to abort.
Tracing the route to 10.1.0.0
1 tt.0.0.1 0 msec 0 msec 0 msec
2 qq.0.0.2 [MPLS: Labels 18/21 Exp 0] 8 msec 12 msec 12 msec
3 ss.0.0.1 [MPLS: Labels 28/21 Exp 0] 8 msec 8 msec 8 msec
4 pp.0.0.2 [MPLS: Labels 17/21 Exp 0] 12 msec 8 msec 8 msec
5 pp.0.0.1 [MPLS: Labels 16/21 Exp 0] 12 msec 12 msec 8 msec
6 mm.0.0.2 [AS 200] [MPLS: Label 21 Exp 0] 12 msec 8 msec 12 msec
7 mm.0.0.1 [AS 200] 4 msec 4 msec *
Configuring a Customer Carrier Core Router as a Route Reflector: Example
The following example shows how to use an address family to configure internal BGP peer 10.1.1.1 as a route-reflector client for both unicast and multicast prefixes:
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 route-reflector-client
neighbor xx.xx.xx.xx activate
neighbor xx.xx.xx.xx route-reflector-client
! xx.xx.xx,xx is a PE router
neighbor xx.xx.xx.xx send-community extended
! You need to configure your peer BGP neighbor.
Configuring the Customer Site for Hierarchical VPNs: Examples
This section contains the following configuration and verification examples for the customer site:
•Configuring PE Routers for Hierarchical VPNs: Examples
•Verifying Labels in Each PE Router for Hierarchical VPNs: Examples
•Configuring CE Routers for Hierarchical VPNs: Examples
•Verifying IP Connectivity in the Customer Site: Examples
Configuring PE Routers for Hierarchical VPNs: Examples
This example shows how to configure a PE router:
route-target export 200:1
route-target import 200:1
ip address bb.bb.bb.bb 255.255.255.255
ip address nn.0.0.1 255.0.0.0
ip address mm.0.0.2 255.0.0.0
auto-cost reference-bandwidth 1000
redistribute connected subnets
passive-interface Ethernet3/3
network bb.bb.bb.bb 0.0.0.0 area 200
network nn.0.0.0 0.255.255.255 area 200
no bgp default ipv4-unicast
neighbor hh.hh.hh.hh remote-as 200
neighbor hh.hh.hh.hh update-source Loopback0
address-family vpnv4 !VPNv4 session with PE2
neighbor hh.hh.hh.hh activate
neighbor hh.hh.hh.hh send-community extended
address-family ipv4 vrf vpn2
neighbor mm.0.0.1 remote-as 300
neighbor mm.0.0.1 activate
neighbor mm.0.0.1 as-override
neighbor mm.0.0.1 advertisement-interval 5
Verifying Labels in Each PE Router for Hierarchical VPNs: Examples
The following examples show how to verify the configuration of PE router in hierarchical VPNs.
Verify that the loopback address of the local CE router is in the routing table of the PE1 router:
Router# show ip route vrf vpn2 10.2.2.2
Routing entry for 10.2.2.2/32
Known via "bgp 200", distance 20, metric 0
Last update from mm.0.0.2 20:36:59 ago
Routing Descriptor Blocks:
* mm.0.0.2, from mm.0.0.2, 20:36:59 ago
Route metric is 0, traffic share count is 1
AS Hops 1, BGP network version 0
Verify that the prefix for the local CE router is in the MPLS forwarding table, and that the prefix is untagged:
Router# show mpls forwarding-table vrf vpn2 10.2.2.2
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
23 Untagged aa.aa.aa.aa/32[V] 0 Et3/3 mm.0.0.2
Verify that the prefix of the remote PE router is in the Cisco Express Forwarding table:
Router# show ip cef 10.5.5.5
10.5.5.5/32, version 31, cached adjacency nn.0.0.2
fast tag rewrite with Et3/0, nn.0.0.2, tags imposed {26}
via nn.0.0.2, Ethernet3/0, 2 dependencies
next hop nn.0.0.2, Ethernet3/0
tag rewrite with Et3/0, nn.0.0.2, tags imposed {26}
Verify that the loopback address of the remote CE router is in the routing table:
Router# show ip route vrf vpn2 10.2.0.0
Routing entry for 10.2.0.0/32
Known via "bgp 200", distance 200, metric 0
Last update from hh.hh.hh.hh 20:38:49 ago
Routing Descriptor Blocks:
* hh.hh.hh.hh (Default-IP-Routing-Table), from hh.hh.hh.hh, 20:38:49 ago
Route metric is 0, traffic share count is 1
AS Hops 1, BGP network version 0
Verify that the prefix of the remote CE router is in the MPLS forwarding table, and that an outgoing interface exists:
Router# show mpls forwarding-table vrf vpn2 10.2.0.0
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
None 26 jj.jj.jj.jj/32 0 Et3/0 nn.0.0.2
Verify that the prefix of the remote CE router is in the Cisco Express Forwarding table:
Router# show ip cef vrf vpn2 10.2.0.0
10.2.0.0/32, version 12, cached adjacency nn.0.0.2
local tag: VPN route head
fast tag rewrite with Et3/0, nn.0.0.2, tags imposed {26 32}
via hh.hh.hh.hh, 0 dependencies, recursive
next hop nn.0.0.2, Ethernet3/0 via hh.hh.hh.hh/32
tag rewrite with Et3/0, nn.0.0.2, tags imposed {26 32}
Verify that the prefix of the local PE router is in the Cisco Express Forwarding table:
Router# show ip cef 10.1.0.0
10.1.0.0/32, version 9, connected, receive
Configuring CE Routers for Hierarchical VPNs: Examples
The following example shows how to configure a CE router:
ip address 10.3.0.0 255.255.255.255
interface FastEthernet0/3/3
ip address mm.0.0.1 255.0.0.0
redistribute connected !Redistributing routes into BGP
neighbor mm.0.0.2 remote-as 200 !to send to PE1
neighbor mm.0.0.2 advertisement-interval 5
Verifying IP Connectivity in the Customer Site: Examples
The following examples show how to verify IP connectivity at the customer site.
Verify that the loopback address of the remote CE router, learned from the PE router, is in the routing table of the local router:
Router# show ip route 10.2.0.0
Routing entry for 10.2.0.0/32
Known via "bgp 300", distance 20, metric 0
Redistributing via ospf 300
Advertised by ospf 300 subnets
Last update from mm.0.0.1 20:29:35 ago
Routing Descriptor Blocks:
* mm.0.0.1, from mm.0.0.1, 20:29:35 ago
Route metric is 0, traffic share count is 1
Additional References
The following sections provide information related to MPLS VPNs.
Related Documents
Standards
Standard
|
Title
|
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
|
—
|
MIBs
MIB
|
MIBs Link
|
No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.
|
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
http://www.cisco.com/go/mibs
|
RFCs
RFC
|
Title
|
RFC 1164
|
Application of the Border Gateway Protocol in the Internet
|
RFC 1171
|
A Border Gateway Protocol 4
|
RFC 1700
|
Assigned Numbers
|
RFC 1966
|
BGP Route Reflection: An Alternative to Full Mesh IBGP
|
RFC 2283
|
Multiprotocol Extensions for BGP-4
|
RFC 2547
|
BGP/MPLS VPNs
|
RFC 2842
|
Capabilities Advertisement with BGP-4
|
RFC 2858
|
Multiprotocol Extensions for BGP-4
|
RFC 3107
|
Carrying Label Information in BGP-4
|
Technical Assistance
Description
|
Link
|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.
To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.
Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.
|
http://www.cisco.com/techsupport
|
Command Reference
This feature uses no new or modified commands.
Feature Information for MPLS VPN CSC with BGP
Table 2 lists the release history for this feature.
Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note Table 2 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.
Table 2 Feature Information for MPLS VPN CSC with BGP
Feature Name
|
Releases
|
Feature Information
|
MPLS VPN—Carrier Supporting Carrier—IPv4 BGP Label Distribution
|
12.0(21)ST
12.0(22)S
12.0(23)S
12.2(13)T
12.0(24)S
12.2(14)S
12.0(27)S
12.0(29)S
|
This feature enables you to create an MPLS VPN CSC network that uses BGP to transport routes and MPLS labels.
In 12.0(21)ST, this feature was introduced.
In 12.0(22)S, this feature was integrated.
In 12.0(23)S, this feature was integrated.
In 12.2(13)T, this feature was integrated.
12.0(24)S, this feature was integrated.
In 12.2(14)S, this feature was integrated.
In 12.0(27)S, this feature was integrated.
In 12.0(29)S, this feature was integrated.
|
Glossary
ASBR— Autonomous System Boundary router. A router that connects one autonomous system to another.
BGP—Border Gateway Protocol. An interdomain routing protocol designed to provide loop-free routing between separate routing domains that contain independent routing policies (autonomous systems).
CE router—customer edge router. A router that is part of a customer network and that interfaces to a provider edge (PE) router. In this document, the CE router sits on the edge of the customer carrier network.
edge router—A router that is at the edge of the network. It defines the boundary of the MPLS network. It receives and transmits packets. Also referred to as edge label switch router and label edge router.
LDP—Label Distribution Protocol. A standard protocol between MPLS-enabled routers to negotiate the labels (addresses) used to forward packets.
MPLS—Multiprotocol Label Switching. Switching method that forwards IP traffic using a label. This label instructs the routers and the switches in the network where to forward the packets based on preestablished IP routing information.
PE router—provider edge router. A router, at the edge of a service provider's network, that interfaces to CE routers.
VPN—Virtual Private Network. A network that enables IP traffic to use tunneling to travel securely over a public TCP/IP network.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2005—2009 Cisco Systems, Inc. All rights reserved.
Feedback
