Table of Contents
Configuring Tag Switching
About Tag Switching
Tag Switching Operation on the Catalyst 8540 MSR/CSR
Configuring Tag Switching VPNs
Tag Switching VPN Configuration Examples
Verifying Tag Switching VPN Operation
Configuring Tag Switching
This chapter describes Tag Switching, and highlights Tag Switching on the
Catalyst 8540 MSR/CSR. It includes the following topics:
About Tag Switching
Tag Switching is a high-performance method for forwarding packets (frames) through a network. It enables routers at the edge of a network to apply labels to packets (frames). Switches or routers in the network core switch packets according to the labels with minimal lookup overhead.
In contrast to Tag Switching, conventional Layer 3 IP routing is based on the exchange of network reachability information. As a packet traverses the network, each router extracts all the information relevant to forwarding from the Layer 3 header. This information is then used as an index for a routing table lookup to determine the packet's next hop. This is repeated at each router across a network. At each hop in the network, the optimal forwarding of a packet must again be determined. The information in IP packets, such as information on IP Precedence and Virtual Private Network membership, is usually not considered when forwarding packets. Thus, to get maximum forwarding performance, typically only the destination address is considered. However, because other fields could be relevant, a complex header analysis must be done at each router that the packet meets.
By including a label on each packet, Tag Switching integrates the performance and traffic management capabilities of Data Link Layer 2 with the scalability and flexibility of Network Layer 3 routing. Packets or cells are assigned short, fixed length labels. Switching entities perform table lookups based on these simple labels to determine where data should be forwarded.
The label summarizes the following essential information about routing the packet:
- Destination
- Precedence
- Virtual Private Network membership
With Tag Switching, a complete analysis of the Layer 3 header is performed only once at the edge label switch router (LSR), which is located at each network edge. At this location, the Layer 3 header is mapped into a fixed length label.
At each switch or router across the network, only the label need be examined in the incoming cell or packet in order to send the cell or packet on its way across the network. At the other end of the network, an edge LSR swaps out the label for the appropriate header data linked to that label.
A key result of this arrangement is that forwarding decisions based on some or all of these different sources of information are achieved by means of a single table lookup from a fixed-length label. For this reason, label switching makes it feasible for switches and routers to make forwarding decisions based upon multiple destination addresses.
Tag Switching Terminology
The following table lists the Tag Switching terminology used in this chapter:
Table 13-1 Tag Switching Terminology
| Acronym |
Definition |
|
MPLS
|
Multiprotocol label switching
|
|
LSR
|
Label switch router
|
|
LER
|
Label edge router
|
|
LDP
|
Label distribution protocol
|
|
FIB
|
Forwarding information base
|
|
TFIB or LFIB
|
Tag or Label forwarding information base
|
|
TIB
|
Tag information base
|
|
VPN
|
Virtual private network
|
|
CE
|
Customer edge
|
|
PE
|
Provider edge
|
|
RD
|
Route distinguisher
|
|
VRF
|
VPN routing and forwarding instance
|
|
C Network
|
Customer network
|
|
P Network
|
Provider network
|
Tag Switching Network Structure
A typical structure for Tag Switching networks is shown in Figure 13-1. The following elements are basic in a label switching network:
LERs are located at the boundaries of a network, performing value-added network layer services and applying labels to packets.
- Tag switch routers (TSRs)
LSRs switch labeled packets or cells based on the labels. Label switches also support full
Layer 3 routing or Layer 2 switching in addition to label switching.
- Label Distribution Protocol (LDP)
LDP is used in conjunction with standard network layer routing protocols to distribute label information between devices in a label switched network.
A Tag Switching network consists of LERs around a core of LSRs. Customer sites are connected to the provider Tag Switching network. Typically there are several hundred customer sites per LER. The Customer Premises Equipment (CPE) runs ordinary IP forwarding but usually does not run Tag Switching. If the CPE does run Tag Switching, it uses it independently of the provider. It is important to note that the LERs are part of the provider network and are controlled by the provider. The LERs are critical to network operation and are not intended to be CPE under any circumstances.
Figure 13-1 shows a typical network structure.
Figure 13-1 Tag Switching Network Structure
Tag Switching Operation on the Catalyst 8540 MSR/CSR
This section covers the Tag Switching implementation on the enhanced Gigabit Ethernet interfaces and the Packet over SONET interfaces on the Catalyst 8540 MSR/CSR Tag Switching forwarding operation.
The Catalyst 8540 MSR/CSR enabled with Tag Switching, uses the Forwarding information base (FIB) and Tag forwarding information base (TFIB) or Label forwarding information base (LFIB) to perform packet forwarding.
Figure 13-2 shows how the FIB is derived from the routing table and the TFIB is derived from the Tag information base (TIB). The label distribution protocol (LDP) and the TIB provide part of the control function for label switching by implementing label distribution and management. They implement protocols and procedures used to gather the information required to create the FIB and TFIB supporting the switching function.
Figure 13-2 FIB and TFIB Tables
The forwarding component in Tag Switching is based on Tag swapping. When a LSR receives a packet with a label, the label is used as an index in the TFIB. Each entry in the TFIB consists of an incoming label and one or more subentries such as outgoing label, outgoing interface, and outgoing link level information.
For each sub-entry, the label switch replaces the incoming label with the outgoing label and sends the packet on its way over the outgoing interface with the corresponding link-level information.
The Catalyst 8540 MSR/CSR enabled with Tag Switching, performs the following packet forwarding:
- An incoming unlabeled packet is sent out as an unlabeled packet, which is conventional Layer 3 forwarding. The LSR extracts the destination field from the IP header and looks it up in the FIB to determine the outgoing interface and the next hop for the packet. It forwards the packet by sending it out the interface to the next hop.
- An incoming unlabeled packet is sent out as a labeled packet. Figure 13-3 shows an example of label switching on the unlabeled packet. The unlabeled IP packet with destination 128.89.25.4 arrives at LSR-A. LSR-A looks up the packet destination in the TFIB by matching the destination with prefix 128.89.0.0/16 and determines the outgoing interface, the next hop, and the label to impose on the packet. It adds the label 4 to the packet and forwards it by sending it out the interface to the next hop LSR-B.
- An incoming labeled packet is sent out as a labeled packet. Figure 13-3 shows an example of label switching on the tagged packet. The LSR uses the top label in the stack to index into the TFIB to determine the outgoing interface, next hop, and the replacement label for the packet. It replaces the top label 4 in the stack with the replacement label 9 from the TFIB and forwards the packet by sending it out interface 0 to the next hop. (Note that LSR-B did not have to do any prefix IP lookup based on the destination as was done by LSR-A. Instead, LSR-B used the label information to do the label forwarding.)
- A labeled packet is sent out as an unlabeled packet. Figure 13-3 shows LSR-C receiving the labeled packet. It uses the top label in the label stack to index into the TFIB to determine the outgoing interface and the next hop for the packet. It determines from the TFIB that the packet is to be sent out unlabeled and forwards the packet as an unlabeled IP packet.
Figure 13-3 Tag Switching Packet Forwarding
Tag Switching Operation in Virtual Private Networks
A Virtual Private Network (VPN) service is the infrastructure of a managed Intranet or Extranet service offered by a provider to many corporate customers. These are often massive IP networks. Tag Switching, in combination with the Border Gateway Protocol (BGP) or Open Shortest Path First (OSPF), allows one provider network to support several customer VPNs.
In a Tag Switching VPN, each site in a particular customer network is modeled as an autonomous system. The customer edge (CE) device(s) at a site use External BGP (or some other mechanism) to exchange routing information with the provider edge (PE) device(s) to which they are connected. The customer network interior routing algorithm runs independently at each site, and does not run in the provider network. Each VPN is an Internet with the backbone, and the provider network(s) connect the sites together.
Tag Switching-VPN enforces traffic separation among customers by assigning a unique VPN routing and forwarding (VRF) instance to each customer's VPN. PE switches or routers map IPv4 addresses from a particular customer network into corresponding addresses in a new VPN-IPv4 address family. A VPN-IPv4 address is a twelve-byte quantity. The first eight bytes are known as the route distinguisher (RD); the next four bytes are an IPv4 address. If two customer networks attach to the same provider network, and a given IP address is used in both customer networks, the PE switches or routers attached to the customer networks will translate the IPv4 address into two different VPN-IPv4 addresses (by using a different RD). Even when two customer networks use the same IPv4 address, the corresponding VPN-IPv4 addresses will be different. Within the provider network, routes to addresses that are within customer networks are maintained as routes to VPN-IPv4 addresses. Overlap between the address spaces of the two customer networks does not cause any ambiguity in the provider network. VPN-IPv4 routing information for a particular customer network is exchanged, using BGP, only by the PE routers that attach to that customer network. Provider routers that do not attach to a particular customer network do not receive the routing information for that network. The amount of routing information stored in a provider router is not proportional to the total number of VPNs supported by the provider network, It is only proportional to the number of VPNs to which that provider router is directly attached.
If a particular customer network is attached to a large number of PE switch routers, the need to have each one distribute routing information to all the others can cause a scalability problem. However, this problem can be addressed by means of well known techniques, such as the use of BGP route reflectors. That is, rather than having a PE distribute the routes directly to another PE, the two PEs can be clients of a common route reflector. A given route reflector need not handle routes from all VPNs; the set of VPNs using a particular backbone can be partitioned, and each set of VPNs can be assigned to a different route reflector. In no case is there ever any one system that needs to know all the routes. This fact makes it possible to scale the system virtually without limit.
Before a PE switch router distributes routing information (about other sites in the customer network) to a CE switch router, it translates the VPN-IPv4 addresses into IPv4 addresses by stripping off the first eight bytes. Thus the CE switch routers see only ordinary IPv4 addresses; the longer addressing form is used only in the provider network. The customer routers do not need to support the VPN-IPv4 address family.
Figure 13-4 shows a Tag Switching VPN Model
Figure 13-4 Tag Switching VPN Model
Tag Switching VPN Forwarding
An ingress PE switch router must maintain a separate forwarding table for each attached customer network. This forwarding table is populated with routing information that pertains only to the customer network. This information is gathered, by way of BGP, from other PE nodes that attach to the same customer network.
When a packet arrives from a directly attached customer network, its destination address is looked up in the corresponding forwarding table to determine its egress PE switch router.
The route a packet must traverse between its ingress and egress PE switch routers usually includes one or more intermediate provider switch routers. The intermediate provider switch routers do not maintain routing information for the VPNs, so they cannot forward the packet by looking up its IP destination address. Tag Switching achieves proper forwarding through the provider network.
Tag Switching is used to route the packet to the chosen egress PE switch router. The ingress PE switch router wraps the packet in a Tag Switching header, where the label corresponds to a route (through the provider network) to the egress PE switch router. Intermediate provider switch routers forward the packet based on the label, not based on the IP destination address. Therefore the intermediate provider switch routers do not need to know anything about customer network routing. Nor do they need to know anything about VPN-IPv4 addresses.
The ingress PE switch router applies two labels to the packet. When PE1 sends, by way of BGP, a VPN-IPv4 route to PE2, it also specifies a label for the route. If this route belongs to a particular customer network, PE2 enters this route into the forwarding table it uses for packets from that customer network. When PE2 receives a packet from a CE device in that network, it looks up the packet destination address in this forwarding table. As a result, it determines the packet BGP next hop (i.e., PE1), and the label assigned by that next hop. This label is pushed onto the packet label stack. Then PE2 looks up the address of PE1 in its "regular" forwarding table (i.e., in the forwarding table containing routes through the provider network). The provider switch router which is PE2's next hop to PE1 (call this P1) will have used LDP to bind a label to the PE1 route. This label is then pushed on the packet label stack, and the packet is sent to P1.
The topmost label, used for routing the packet through the provider network, corresponds to a route to the egress PE switch router. The bottom label is used by the egress PE switch router to determine the particular output port on which it should transmit the packet. Thus the egress PE switch router does not need to look up the packet destination address.
The Tag Switching VPN model allows a provider network to support any number of VPNs while maintaining a limit on the amount of routing information that needs to be stored in any one provider switch router. It prevents data from flowing between VPNs, since it maintains separate forwarding information for each VPN. It does not assume that VPNs use addresses that are unique.
Tag Switching SDM Control Operation
The control component of Tag Switching consists of IP routing protocols (typically OSPF or IS-IS) running in conjunction with Tag Switching label allocation and maintenance procedures. The control component sets up label forwarding paths along IP routes and distributes these label bindings to the label switches. The control component also maintains the accuracy for the topology changes in the path that might occur.
The label distribution protocol (LDP) is a major part of the control component. LDP establishes peer sessions between label switches and exchanges the labels needed by the forwarding function.
The OSPF or IS-IS routing protocol runs in the normal way, automatically creating forwarding tables in each Tag Switching label switch router. The Tag Switching label distribution protocol (LDP) is linked to the routing protocols and works in parallel with them. Based on the routing information provided by OSPF or IS-IS, LDP exchanges the labels needed by the forwarding function.
On the Catalyst 8540, The Tag Switching switching database manager (SDM) control layer resides on the route processor. It communicates between Cisco IOS Tag Switching (IP,VRF, and TFIB) subsystems and interface modules so that the IP FIB, VRF, TFIB, and tag-rewrite entries built in the route processor are also maintained in the interface module memory.
The Tag Switching SDM control layer maintains a shadow copy of the forwarding table (TFIB table) on the content addressable memory (CiscoCAM) and random access memory (SRAM) on the Gigabit Ethernet interfaces and POS interfaces. The Switching Database Manager (SDM) manages the IP, IPX, and IP Multicast switching applications in the CiscoCAM and SRAM. The SDM control infrastructure manages the VRF tables and tag rewrite entries in the Tag Switching switching database.
Configuring Tag Switching VPNs
This section provides configuration information for the Tag Switching operation on the Catalyst 8540 MSR/CSR.
To configure Tag Switching VPN, perform the following configuration tasks and use Figure 13-5 for reference:
Figure 13-5 Tag Switching VPN Configuration
Configuring BGP CE to PE Routing Sessions
To configure a BGP CE to PE routing session, perform the following steps on a CE device beginning in global configuration mode:
|
Command |
Purpose |
Step 1
|
Router(config)# interface loopback number
|
Enters interface configuration mode and assigns a number to the loopback interface.
|
Step 2
|
Router(config-if)# ip address ip-address subnet-mask
|
Assigns an IP address and subnet mask to the loopback interface.
|
Step 3
|
Router(config-if)# no ip directed-broadcast
|
Disables transmission of directed broadcasts to physical broadcasts.
|
Step 4
|
Router(config-if)# exit
|
Exits interface configuration. Configure additional loopback interfaces if required.
|
Step 5
|
Router(config)# interface interface-type slot/subslot/interface
|
Enters interface configuration mode on the specified interface.
|
Step 6
|
Router(config-if)# ip address ip-address subnet-mask
|
Assigns an IP address and subnet mask to the specified interface.
|
Step 7
|
Router(config-if)# no ip directed-broadcast
|
Disables transmission of directed broadcasts to physical broadcasts.
|
Step 8
|
Router(config-if)# exit
|
Exits interface configuration.
|
Step 9
|
Router(config)# router bgp 101
|
Configures the BGP routing process.
|
Step 10
|
Router(config-rout)# no synchronization
|
Activates immediate advertisements of network addresses even if an IGRP route for the network address does not exist.
|
Step 11
|
Router(config-rout)# network address
|
Defines network address.
|
Step 12
|
Router(config-rout)# network address mask
|
Defines network prefix and subnet mask.
|
Step 13
|
Router(config-rout)# neighbor {ip-address | peer-group-name} remote-as number
|
Specifies neighbor's IP address.
|
Step 14
|
Router(config-rout)# no auto-summary
|
Configures BGP so that network addresses are not summarized.
|
Step 15
|
Router(config-rout)# exit
|
Exits BGP configuration.
|
Example
The following example shows how to configure a BGP routing session between PE1 and CE1 in Figure 13-5:
Cat8540-CE(config)#
interface Loopback0 Cat8540-CE(config-if)#
ip address 222.2.2.1 255.255.255.255 Cat8540-CE(config-if)#
no ip directed-broadcast Cat8540-CE(config-if)#
exit Cat8540-CE(config)#
interface Loopback1 Cat8540-CE(config-if)#
ip address 20.1.1.1 255.0.0.0 Cat8540-CE(config-if)#
no ip directed-broadcast Cat8540-CE(config-if)#
exit Cat8540-CE(config)#
interface gigabit ethernet 2/0/0 Cat8540-CE(config-if)#
ip address 111.0.1.102 255.255.255.252 Cat8540-CE(config-if)#
no ip directed-broadcast Cat8540-CE(config-if)#
exit Cat8540-CE(config)#
router bgp 101 Cat8540-CE(config-rout)#
no synchronization Cat8540-CE(config-rout)#
network 20.0.0.0 Cat8540-CE(config-rout)#
network 222.2.2.1 mask 255.255.255.255 Cat8540-CE(config-rout)#
neighbor 111.0.1.101 remote-as 222 Cat8540-CE(config-rout)#
no auto-summary Cat8540-CE(config-rout)#
exit Configuring VPNs in PE Devices
To configure VPN routing instances, perform the following steps on the PE switch router beginning in global configuration mode:
|
Command |
Purpose |
Step 1
|
Router(config)# ip vrf vrf-name
|
Defines the VPN routing instance by assigning a VRF name and enters VRF configuration mode.
|
Step 2
|
Router(config-vrf)# rd route-distinguisher
|
Creates routing and forwarding tables by defining the 64-bit route distinguisher for the specified VFR.
|
Step 3
|
Router(config-vrf)# route-target {import | export | both} route-target-ext-community
|
Creates a list of import, export, or both route target communities for the specified VRF.
|
Step 4
|
Router(config-vrf)# exit
|
Exits VRF configuration mode.
|
Step 5
|
Router(config)# interface interface-type slot/subslot/interface
|
Enters interface configuration mode and sets up an interface as a VRF link to a CE switch router.
|
Step 6
|
Router(config-if)# ip vrf forwarding vrf-name
|
Associates a VRF with an interface or subinterface.
|
Step 7
|
Router(config-if)# ip address ip-address subnet-mask
|
Assigns an IP address and subnet mask to the interface.
|
Step 8
|
Router(config-if)# no ip directed broadcast
|
Disables transmission of directed broadcasts to physical broadcasts.
|
Step 9
|
Router(config-if)# exit
|
Exits interface configuration mode.
|
Example
The following example shows how to define a VPN by configuring interface Gigabit Ethernet 2/0/0 on PE1 to CE1 in Figure 13-5:
Cat8540-PE#
config terminal Cat8540-PE(config)#
ip vrf Red Cat8540-PE(config-vrf)#
rd 100:1 Cat8540-PE(config-vrf)#
route-target export 100:1 Cat8540-PE(config-vrf)#
route-target import 100:1 Cat8540-PE(config-vrf)#
exit Cat8540-PE(config)#
interface gigabitethernet 2/0/0 Cat8540-PE(config-if)#
ip vrf forwarding Red Cat8540-PE(config-if)#
ip address 111.0.1.101 255.255.255.252 Cat8540-PE(config-if)#
no ip directed-broadcast Cat8540-PE(config-vrf)#
exit Configuring BGP PE Routing Sessions
To configure BGP PE routing sessions in a provider network, perform the following steps beginning in global configuration mode:
|
Command |
Purpose |
Step 1
|
Router(config)# router bgp autonomous system
|
Configures IBGP routing process with the autonomous system number passed along to other IBGP switch routers.
|
Step 2
|
Router(config)# no synchronization
|
Activates immediate advertisements of network addresses even if an IGRP route for the network address does not exist.
|
Step 3
|
Router(config)# no bgp default ipv4-unicast
|
Deactivates default IPv4 advertisements.
|
Step 4
|
Router(config-router)# neighbor {ip address | peer-group-name} remote as-number
|
Specifies a neighbor's IP address or a IBGP peer group, and identifies it to the local autonomous system.
|
Step 5
|
Router(config-router)# neighbor {ip address | peer-group-name} update-source Loopback number
|
Allows internal BGP sessions to use any operational interface for TCP connections.
|
Step 6
|
Router(config-router)# address-family vpnv4
|
Configures sessions that carry customer VPN-IPv4 prefixes, each of which has been made globally unique by adding an 8-byte route distinguisher.
|
Step 7
|
Router(config-router-af)# neighbor ip-address activate
|
Activates the advertisement of the IPv4 address family.
|
Step 8
|
Router(config-router-af)# neighbor ip-address send-community extended
|
Specifies that the COMMUNITIES attribute be sent to the neighbor at this IP address.
|
Step 9
|
Router(config-router-af)# exit
|
Exits the address family configuration.
|
Step 10
|
Router(config)# router bgp autonomous-system
|
Configures a EBGP routing process with the autonomous system number passed along to other EBGP routers.
|
Step 11
|
Router(config-router)# neighbor {ip-address | peer-group-name} remote-as number
|
Specifies a neighbor's IP address or an EBGP peer group, and identifies it to the local autonomous system.
|
Step 12
|
Router(config-router)# neighbor ip-address activate
|
Activates the advertisement of the IPv4 address family.
|
Step 13
|
Router(config-router)# exit
|
Exits the BGP configuration.
|
Example
The following example shows how to configure a BGP routing session in PE1 in Figure 13-5:
Cat8540-PE(config)#
router bgp 222 Cat8540-PE(config-rout)#
no synchronization Cat8540-PE(config-rout)#
no bgp default ipv4-unicast Cat8540-PE(config-rout)#
neighbor 222.2.1.2 remote-as 222 Cat8540-PE(config-rout)#
neighbor 222.2.1.2 update-source Loopback0 Cat8540-PE(config-rout)#
address-family vpnv4 Cat8540-PE(config-rout-af)#
neighbor 222.2.1.2 activate Cat8540-PE(config-rout-af)#
neighbor 222.2.1.2 send-community extended Cat8540-PE(config-rout-af)#
exit address-family Cat8540-PE(config-rout)#
address-family ipv4 vrf Red Cat8540-PE(config-rout-af)#
neighbor 111.0.1.102 remote-as 101 Cat8540-PE(config-rout-af)#
neighbor 111.0.1.102 activate Cat8540-PE(config-rout)#
exit-address-family Configuring Tag Switching on PE and P Devices
To configure label switching between PE and P devices in the provider network, perform the following steps beginning in global configuration mode:
|
Command |
Purpose |
Step 1
|
Router(config)# interface type slot/subslot/port
|
Enters interface configuration mode on the specified interface
|
Step 2
|
Router(config-if)# ip unnumbered type number
or
Router(config-if)# ip address ip-address mask
|
Enables IP unnumbered on the specified interface and assigns the unnumbered interface to an interface that has an IP address. We recommend enabling IP unnumbered because it allows you to conserve IP addresses.
or
Assigns an IP address and subnet mask to the specified interface.
|
Step 3
|
Router(config-if)# tag-switching ip
|
Enables label switching of IPv4 packets.
|
Step 4
|
Router(config-if)# no ip directed-broadcast
|
Disables transmission of directed broadcasts to physical broadcasts.
|
Step 5
|
Router(config-if)# end
|
Returns to privileged EXEC mode.
|
Example
The following example shows how to configure label switching on the PE1 device in the provider network in Figure 13-5:
Cat8540-PE(config)#
interface gigabitethernet 1/0/0 Cat8540-PE(config-if)#
ip address 111.0.1.1 255.255.255.252 Cat8540-PE(config-if)#
tag-switching ip Cat8540-PE(config-if)#
no ip directed-broadcast Cat8540-PE(config-if)#
end Example
The following example shows how to configure label switching on the P1 device in the provider network in Figure 14-5.
Cat8540-P(config)#
interface Loopback0 Cat8540-P(config-if)#
ip address 222.2.1.3 255.255.255.255 Cat8540-P(config-if)#
no ip directed-broadcast Cat8540-P(config-if)#
exit Cat8540-P(config)#
interface gigabitethernet1/0/0 Cat8540-P(config-if)#
ip address 111.0.1.2 255.255.255.252 Cat8540-P(config-if)#
tag-switching ip Cat8540-P(config-if)#
no ip directed-broadcast Cat8540-P(config-if)#
exit Cat8540-P(config)#
interface gigabit 1/0/1 Cat8540-P(config-if)#
ip address 111.0.1.17 255.255.255.252 Cat8540-P(config-if)#
tag-switching ip Cat8540-P(config-if)#
no ip directed-broadcast Cat8540-P(config-if)#
exit Configuring IGP on PE Devices
To configure OSPF PE to P routing sessions in a provider network, perform the following steps beginning in global configuration mode:
|
Command |
Purpose |
Step 1
|
Router(config)# router ospf process-number
|
Enables OSPF and assigns it a process number. The process number can be any positive integer.
|
Step 2
|
Router(config-router)# redistribute connected
|
Redistributes routes learned from the OSPF routing domain to another BGP routing domain.
|
Step 3
|
Router(config-router)# network address wildcard-mask area area-id
|
Defines the network prefix, a wildcard subnet mask, and the associated area number on which to run OSPF. An area number is an identification number for an OSPF address range.
Repeat this command for each area you want to add the OSPF process.
|
Step 4
|
Router(config-router)# default metric number
|
Causes the current routing protocol to use the same metric value for all redistributed routes.
|
Step 5
|
Router(config-router)# exit
|
Exits OSPF configuration.
|
Example
The following example shows how to configure OSPF routing session on PE1 in the provider network in Figure 13-5:
Cat8540-PE(config)#
router ospf 222 Cat8540-PE(config-rout)#
redistribute connected Cat8540-PE(config-rout)#
network 111.0.1.0 0.0.0.255 area 0 Cat8540-PE(config-rout)#
network 222.2.1.1 0.0.0.0 area 0 Cat8540-PE(config-rout)#
default-metric 25 Cat8540-PE(config-rout)#
exit Configuring IGP on P Devices
To configure routing sessions between P devices in a provider network, perform the following steps beginning in global configuration mode:
|
Command |
Purpose |
Step 1
|
Router(config)# router ospf process-number
|
Enables OSPF and assigns it a process number. The process number can be any positive integer.
|
Step 2
|
Router(config-router)# redistribute connected
|
Redistributes routes based on the OSPF process-number.
|
Step 3
|
Router(config-router)# network address wildcard-mask area area-id
|
Defines the network prefix, a wildcard subnet mask, and the associated area number on which to run OSPF. An area number is an identification number for an OSPF address range.
Repeat this command for each area you want to add the OSPF process.
|
Step 4
|
Router(config-router)# exit
|
Exits OSPF configuration.
|
Example
The following example shows how to configure an OSPF routing session on P1 in the provider network in Figure 13-5:
Cat8540-P(config)#
router ospf 222 Cat8540-P(config-rout)#
network 111.0.1.0 0.0.0.255 area 0 Cat8540-P(config-rout)#
network 222.2.1.3 0.0.0.0 area 0 Cat8540-P(config-rout)#
exit Configuring RIP Between PE and CE Devices
To configure RIP PE to CE routing sessions perform the following steps on the PE switch router from global configuration mode:
|
Command |
Purpose |
Step 1
|
Router(config)# router rip
|
Enables RIP.
|
Step 2
|
Router(config-router)# address-family ipv4 [unicast] vrf vrf name
|
Defines RIP parameters for PE and CE routing sessions.
 |
Note The default is Off for all auto-summary and synchronization in the VRF address-family submode. |
|
Step 3
|
Router(config-router)# network prefix
|
Enables RIP on the PE to CE link.
|
Example
The following example shows how to configure a RIP routing session on PE1 in Figure 13-5:
Router(config)#
router rip Router(config-router)#
address-family ipv4 vrf Red Router(config-router-af)#
network 222.2.2.2 Router(config-router-af)#
exit Configuring Static Route PE to CE Routing Sessions
To configure static route PE to CE routing sessions perform the following steps on the PE switch router from global configuration mode:
| Command |
Purpose |
|
Router(config)# ip route vrf vrf-name prefix mask [next-hop-address] [interface {interface-number}] [global] [distance] [permanent] [tag tag]
|
Defines static route parameters for every PE to CE routing session.
|
Example
The following example shows how to configure a static route on PE1 in Figure 13-5:
Cat8540-PE1(config)#
ip route vrf Red 20.0.0.0 255.0.0.0 111.0.1.102 Tag Switching VPN Configuration Examples
The configuration examples in this section show the Tag Switching VPN configurations described in Figure 13-6 and in the "Configuring Tag Switching VPNs" section.
Figure 13-6 Tag Switching VPN Configuration on CE, PE, and P Devices
Example
The following example shows the Tag Switching VPN configuration on the CE1 device referenced in Figure 13-6.
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service udp-small-servers
service tcp-small-servers
logging buffered 4096 debugging
ip host poland 171.68.170.81
ip address 222.2.2.1 255.255.255.255
ip address 111.0.2.1 255.255.255.255
ip address 111.0.2.2 255.255.255.255
ip address 20.1.1.1 255.0.0.0
interface GigabitEthernet1/0/0
ip address 111.0.1.102 255.255.255.252
ip address 172.16.69.37 255.255.255.224
network 111.0.2.1 mask 255.255.255.255
network 111.0.2.2 mask 255.255.255.255
network 222.2.2.1 mask 255.255.255.255
neighbor 111.0.1.101 remote-as 222
ip route 171.0.0.0 255.0.0.0 172.16.69.33
Example
The following example shows the Tag Switching VPN configuration on the PE1 device referenced in
Figure 13-6.
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service udp-small-servers
service tcp-small-servers
ip host poland 171.68.170.81
route-target export 64000:1
route-target import 64000:1
route-target export 100:1
route-target import 100:1
ip address 222.2.1.1 255.255.255.255
interface GigabitEthernet1/0/0
ip address 111.0.1.1 255.255.255.252
interface GigabitEthernet1/0/1
ip address 111.0.1.5 255.255.255.252
interface GigabitEthernet2/0/0
ip address 111.0.1.101 255.255.255.252
interface GigabitEthernet2/0/1
ip address 111.0.1.105 255.255.255.252
ip address 172.16.69.44 255.255.255.224
network 111.0.1.0 0.0.0.255 area 0
network 222.2.1.1 0.0.0.0 area 0
no bgp default ipv4-unicast
neighbor 222.2.1.2 remote-as 222
neighbor 222.2.1.2 update-source Loopback0
address-family ipv4 vrf Red
neighbor 111.0.1.102 remote-as 101
neighbor 111.0.1.102 activate
address-family ipv4 vrf Green
neighbor 111.0.1.106 remote-as 64600
neighbor 111.0.1.106 activate
neighbor 222.2.1.2 activate
neighbor 222.2.1.2 send-community extended
ip route 171.0.0.0 255.0.0.0 172.16.69.33
Example
The following example shows the Tag Switching VPN configuration on the P1 device referenced in
Figure 13-6.
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service udp-small-servers
service tcp-small-servers
ip host poland 171.68.170.81
ip address 222.2.1.3 255.255.255.255
interface GigabitEthernet1/0/0
ip address 111.0.1.2 255.255.255.252
interface GigabitEthernet1/0/1
ip address 111.0.1.17 255.255.255.252
ip address 172.16.69.45 255.255.255.224
network 111.0.1.0 0.0.0.255 area 0
network 222.2.1.3 0.0.0.0 area 0
ip route 171.0.0.0 255.0.0.0 172.16.69.33
Verifying Tag Switching VPN Operation
To verify Tag Switching VPN operation, perform the following steps from the privilege EXEC mode:
| Step |
Command |
Purpose |
Step 1
|
Router # show ip vrf
|
Displays the set of defined VRFs and interfaces.
|
Step 2
|
Router # show ip vrf [{brief | detail | interfaces}] vrf-name
|
Displays information about defined VRFs and associated interfaces.
|
Step 3
|
Router # show ip route vrf vrf-name
|
Displays the IP routing table for a VRF.
|
Step 4
|
Router # show ip protocols vrf vrf-name
|
Displays the routing protocol information for a VRF.
|
Step 5
|
Router # show ip cef vrf vrf-name
|
Displays the CEF forwarding table associated with an interface.
|
Step 6
|
Router # show ip interface
|
Displays the VRF table associated with an interface.
|
Step 7
|
Router # show ip bgp vpn4 all [tags]
|
Displays information about all BGPs.
|
Step 8
|
Router # show tag-switching forwarding vrf vrf-name [prefix mask | length] [detail]
|
Displays label forwarding entries that correspond to VRF routes advertised by this switch router.
|
Examples
The following examples show the output for the Tag Switching VPN operation:
Router# show ip vrf
Name Default RD Interfaces
v1 100:1 GigabitEthernet0/0/1
Router# show ip vrf detail
Connected addresses are not in global routing table
Export VPN route-target communities
Import VPN route-target communities
Router# show ip vrf interfaces
Interface IP-Address VRF Protocol
GigabitEthernet0/0/1 10.0.0.2 v1 up
Router# show ip route vrf v1
Codes:C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
B 102.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 119.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 118.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 103.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 117.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 116.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 101.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 115.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 200.0.0.0/24 [200/0] via 101.0.0.2, 01:58:02
B 114.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 201.0.0.0/24 [200/0] via 101.0.0.2, 01:58:02
B 113.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 172.20.0.0/16 [200/0] via 101.0.0.2, 01:58:03
B 112.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 128.0.0.0/16 [20/0] via 10.0.0.1, 1w0d
B 145.0.0.0/16 [20/0] via 10.0.0.1, 1w0d
B 110.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 129.0.0.0/16 [20/0] via 10.0.0.1, 1w0d
B 126.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 111.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 130.0.0.0/16 [20/0] via 10.0.0.1, 1w0d
C 10.0.0.0/8 is directly connected, GigabitEthernet0/0/1
B 108.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 125.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 131.0.0.0/16 [20/0] via 10.0.0.1, 1w0d
B 124.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 109.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 132.0.0.0/16 [20/0] via 10.0.0.1, 1w0d
B 106.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 123.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 63.0.0.0/8 [200/0] via 101.0.0.2, 01:58:16
B 133.0.0.0/16 [20/0] via 10.0.0.1, 1w0d
B 122.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 107.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 104.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 121.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 150.0.0.0/16 [20/0] via 10.0.0.1, 1w0d
B 120.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 105.0.0.0/8 [20/0] via 10.0.0.1, 1w0d
B 200.0.0.0/8 [200/0] via 101.0.0.2, 01:58:27
Router# show ip protocols vrf v1
Routing Protocol is "bgp 100"
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
IGP synchronization is disabled
Automatic route summarization is disabled
Redistributing:connected, static
Address FiltIn FiltOut DistIn DistOut Weight RouteMap
Routing Information Sources:
Gateway Distance Last Update
Distance:external 20 internal 200 local 200
Router# show ip cef vrf v1
Prefix Next Hop Interface
10.0.0.0/8 attached GigabitEthernet0/0/1
10.0.0.1/32 10.0.0.1 GigabitEthernet0/0/1
10.255.255.255/32 receive
63.0.0.0/8 100.0.0.2 GigabitEthernet0/0/0
101.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
102.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
103.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
104.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
105.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
106.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
107.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
108.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
109.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
110.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
111.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
112.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
113.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
114.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
115.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
116.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
117.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
118.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
119.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
120.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
121.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
122.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
123.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
124.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
125.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
126.0.0.0/8 10.0.0.1 GigabitEthernet0/0/1
128.0.0.0/16 10.0.0.1 GigabitEthernet0/0/1
129.0.0.0/16 10.0.0.1 GigabitEthernet0/0/1
130.0.0.0/16 10.0.0.1 GigabitEthernet0/0/1
131.0.0.0/16 10.0.0.1 GigabitEthernet0/0/1
132.0.0.0/16 10.0.0.1 GigabitEthernet0/0/1
133.0.0.0/16 10.0.0.1 GigabitEthernet0/0/1
145.0.0.0/16 10.0.0.1 GigabitEthernet0/0/1
150.0.0.0/16 10.0.0.1 GigabitEthernet0/0/1
172.20.0.0/16 100.0.0.2 GigabitEthernet0/0/0
200.0.0.0/8 100.0.0.2 GigabitEthernet0/0/0
200.0.0.0/24 100.0.0.2 GigabitEthernet0/0/0
201.0.0.0/24 100.0.0.2 GigabitEthernet0/0/0
255.255.255.255/32 receive
Router# show ip interface
GigabitEthernet0/0/0 is up, line protocol is up
Internet address is 100.0.0.1/8
Broadcast address is 255.255.255.255
Address determined by configuration file
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined:224.0.0.5 224.0.0.6
Outgoing access list is not set
VPN Routing/Forwarding "v1"<<<---------------
Router# show ip bgp vpnv4 all
BGP table version is 187, local router ID is 100.0.0.1
Status codes:s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes:i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher:100:1 (default for vrf v1)
* 10.0.0.0 10.0.0.1 0 0 50 ?
*>i63.0.0.0 101.0.0.2 0 100 0 200 ?
*> 101.0.0.0 10.0.0.1 0 0 50 ?
*> 102.0.0.0 10.0.0.1 0 0 50 ?
*> 103.0.0.0 10.0.0.1 0 0 50 ?
*> 104.0.0.0 10.0.0.1 0 0 50 ?
*> 105.0.0.0 10.0.0.1 0 0 50 ?
*> 106.0.0.0 10.0.0.1 0 0 50 ?
*> 107.0.0.0 10.0.0.1 0 0 50 ?
*> 108.0.0.0 10.0.0.1 0 0 50 ?
*> 109.0.0.0 10.0.0.1 0 0 50 ?
*> 110.0.0.0 10.0.0.1 0 0 50 ?
*> 111.0.0.0 10.0.0.1 0 0 50 ?
*> 112.0.0.0 10.0.0.1 0 0 50 ?
*> 113.0.0.0 10.0.0.1 0 0 50 ?
*> 114.0.0.0 10.0.0.1 0 0 50 ?
*> 115.0.0.0 10.0.0.1 0 0 50 ?
*> 116.0.0.0 10.0.0.1 0 0 50 ?
*> 117.0.0.0 10.0.0.1 0 0 50 ?
*> 118.0.0.0 10.0.0.1 0 0 50 ?
*> 119.0.0.0 10.0.0.1 0 0 50 ?
*> 120.0.0.0 10.0.0.1 0 0 50 ?
*> 121.0.0.0 10.0.0.1 0 0 50 ?
*> 122.0.0.0 10.0.0.1 0 0 50 ?
*> 123.0.0.0 10.0.0.1 0 0 50 ?
*> 124.0.0.0 10.0.0.1 0 0 50 ?
*> 125.0.0.0 10.0.0.1 0 0 50 ?
*> 126.0.0.0 10.0.0.1 0 0 50 ?
*> 128.0.0.0 10.0.0.1 0 0 50 ?
*> 129.0.0.0 10.0.0.1 0 0 50 ?
*> 130.0.0.0 10.0.0.1 0 0 50 ?
*> 131.0.0.0 10.0.0.1 0 0 50 ?
*> 132.0.0.0 10.0.0.1 0 0 50 ?
*> 133.0.0.0 10.0.0.1 0 0 50 ?
*> 145.0.0.0 10.0.0.1 0 0 50 ?
*> 150.0.0.0 10.0.0.1 0 0 50 ?
*>i172.20.0.0 101.0.0.2 0 100 0 200 ?
*>i200.0.0.0 101.0.0.2 0 100 0 200 ?
>i200.0.0.0/8 101.0.0.2 0 100 0 ?
*>i201.0.0.0 101.0.0.2 0 100 0 200 ?
Router# show tag-switching forwarding-table vrf v1
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
61 Aggregate 10.0.0.0/8[V] 0
62 Untagged 101.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
63 Untagged 102.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
64 Untagged 103.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
65 Untagged 104.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
66 Untagged 105.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
67 Untagged 106.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
68 Untagged 107.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
69 Untagged 108.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
70 Untagged 109.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
71 Untagged 110.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
72 Untagged 111.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
73 Untagged 112.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
74 Untagged 113.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
75 Untagged 114.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
76 Untagged 115.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
77 Untagged 116.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
78 Untagged 117.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
79 Untagged 118.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
80 Untagged 119.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
81 Untagged 120.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
82 Untagged 121.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
83 Untagged 122.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
84 Untagged 123.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
85 Untagged 124.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
86 Untagged 125.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
87 Untagged 126.0.0.0/8[V] 0 Gi0/0/1 10.0.0.1
88 Untagged 128.0.0.0/16[V] 0 Gi0/0/1 10.0.0.1
89 Untagged 129.0.0.0/16[V] 0 Gi0/0/1 10.0.0.1
90 Untagged 130.0.0.0/16[V] 0 Gi0/0/1 10.0.0.1
91 Untagged 131.0.0.0/16[V] 0 Gi0/0/1 10.0.0.1
92 Untagged 132.0.0.0/16[V] 0 Gi0/0/1 10.0.0.1
93 Untagged 133.0.0.0/16[V] 0 Gi0/0/1 10.0.0.1
94 Untagged 145.0.0.0/16[V] 0 Gi0/0/1 10.0.0.1
95 Untagged 150.0.0.0/16[V] 0 Gi0/0/1 10.0.0.1
To verify Tag Switching in the switching database manager (SDM), use the following commands from the privilege EXEC mode:
| Command |
Purpose |
|
Router # show sdm label
|
Displays entire label stack.
|
|
Router # show sdm vrf
|
Displays detailed or summary information for each vrf ip-prefix entry in all or particular buckets for a specific interface.
|
|
Router # show sdm lfib
|
Displays the LFIB or TFIB entry address and label values for all labels in a stack.
|
|
Router # show sdm address
|
Displays the LFIB or TFIB entry address.
|
|
Router # show sdm entry
|
Displays a specific TCAM entry.
|
Examples
The following examples show the output for the Tag Switching SDM commands:
Router# show sdm label
TCAM-ADDR ADJ-ADDR LABEL-STACK
Router# show sdm lfib
TCAM-ADDR LOCAL LABEL-STACK
Router# show sdm address 1001D int gigabit ethernet 10/0/0
Value @ 0x0001001D - 0x83DF0000:0x00000028
Router# show sdm entry 2105 interface gigabit ethernet 10/0/0
SDM Entry at address 0x2105 -
Key :0x0C010102 Class :0x1
Mask :0xFFFFFFFF:0xFFFFFFFF Class :0x7
U-info :0x00603E20:0x90400081
