MPLS and BGP journey
tomaifauchai
Member Posts: 301 ■■■□□□□□□□
Hi, after some hard read and research on cisco website, i've finally made my first MPLS VPN lab to work, nothing huge, but i think i'm on the good way!
When i started i was a complete noob on this technology and the more and more i advance into it, i'm really loving it! It's a bit hard to motivate myself because i know that this stuff wouldn't be in my day-to-day task in my internship/first job, but i wanted to know about MPLS.
So here's the lab i've built in GNS3
I redistributed eigrp into bgp and bgp into eigrp on both sides.
I think my VPN work correctly now!
If i want to have an eBGP session to announce a public ip range now, besides the VPN process, can i do it under the default bgp instance without entering the address-family sub-menu ?
When i started i was a complete noob on this technology and the more and more i advance into it, i'm really loving it! It's a bit hard to motivate myself because i know that this stuff wouldn't be in my day-to-day task in my internship/first job, but i wanted to know about MPLS.
So here's the lab i've built in GNS3
C 172.16.1.0 is directly connected, Serial0/0 D 172.16.3.0 [90/2681856] via 172.16.1.1, 00:14:44, Serial0/0 C 192.168.1.0/24 is directly connected, Loopback0 D 192.168.3.0/24 [90/2809856] via 172.16.1.1, 00:14:44, Serial0/0 [B]R1#[/B]
Tracing the route to 192.168.3.1 1 172.16.1.1 84 msec 8 msec 104 msec 2 10.1.1.2 [MPLS: Labels 16/20 Exp 0] 44 msec 28 msec 12 msec 3 172.16.3.1 [MPLS: Label 20 Exp 0] 12 msec 24 msec 12 msec 4 172.16.3.2 20 msec * 76 msec [B]R1#[/B]
[B]R5#[/B]sh ip route vrf CUST1 B 172.16.1.0 [200/0] via 3.3.3.3, 00:31:59 C 172.16.3.0 is directly connected, Serial0/0 B 192.168.1.0/24 [200/2297856] via 3.3.3.3, 00:31:59 D 192.168.3.0/24 [90/2297856] via 172.16.3.2, 00:33:44, Serial0/0
I redistributed eigrp into bgp and bgp into eigrp on both sides.
I think my VPN work correctly now!
If i want to have an eBGP session to announce a public ip range now, besides the VPN process, can i do it under the default bgp instance without entering the address-family sub-menu ?
Comments
router bgp 1
no synchronization
bgp log-neighbor-changes
network 10.10.10.0 mask 255.255.255.0 <
Global Statement
neighbor 4.4.4.4 remote-as 1
neighbor 10.10.10.2 remote-as 2 <
Global Statement
no auto-summary
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
exit-address-family
!
address-family ipv4 vrf CUSTA
redistribute connected
no synchronization
exit-address-family
MPLS VPNs are pretty fun, if you haven't already done so, you should start playing around with MPLS route leaking!
CCIE: Network Security Principals and Practices
CCIE: Routing and Switching Exam Certification Guide
Thanks, i will lab this tomorrow!
Just finished the VPN chapter tonight and i definitely need some practice again about it. Especially the ospf part!
I've created 2 EIGRP process for my topology because on the first try, it wasn't working with "router eigrp 1" with dual address-family. After reading the chapter, i noticed they were creating only 1 process. The eigrp redistribution into BGP didn't worked so i created 2 eigrp process.
Tomorrow i will clear all eigrp and bgp from the PE routers and will restart it completely! Need some labbing again before moving to the MPLS-TE chapter. I feel that an OSPF design deserve some hours to spend on!
[ ] - Lab exam (60h)
Personal blog: http://www.tommyf.net/
I will retest dual eigrp implementation on CustB also because i don't know what i've missed!
I also added the eBGP links between customers and ISP with tunnel interfaces!
If anyone interested i could share the configs and .NET file
[ ] - Lab exam (60h)
Personal blog: http://www.tommyf.net/
One thing, I don't quite follow you when you are saying dual eigrp? Are you specifying the autonomous-system <#> command under the address family for the VRF on the PE router? Also I don't know what your config is, but dont forget to add the metric when your doing the redistribution.
CCIE: Network Security Principals and Practices
CCIE: Routing and Switching Exam Certification Guide
For the new topology i've created, my sham link seem to work well!
Here's a show ip route ospf on R1, with the s0/0 link UP (tweaked the interface bandwidth up)
O E2 3.3.3.1 [110/1] via 172.16.1.1, 00:02:53, Serial0/0 5.0.0.0/32 is subnetted, 1 subnets O E2 5.5.5.1 [110/1] via 172.16.1.1, 00:02:53, Serial0/0 172.16.0.0/30 is subnetted, 2 subnets O 172.16.3.0 [110/151] via 172.16.1.1, 00:00:03, Serial0/0 O 192.168.2.0/24 [110/152] via 172.16.1.1, 00:00:03, Serial0/0And show ip route ospf, with s0/0 downO E2 3.3.3.1 [110/1] via 192.168.100.2, 00:00:04, FastEthernet0/0 5.0.0.0/32 is subnetted, 1 subnets O E2 5.5.5.1 [110/1] via 192.168.100.2, 00:00:04, FastEthernet0/0 172.16.0.0/30 is subnetted, 2 subnets O [COLOR=Red][B]172.16.1.0[/B][/COLOR] [110/1205] via [COLOR=Red][B]192.168.100.2[/B][/COLOR], 00:00:04, FastEthernet0/0 O 172.16.3.0 [110/1100] via 192.168.100.2, 00:00:04, FastEthernet0/0 O 192.168.2.0/24 [110/1001] via 192.168.100.2, 00:00:04, FastEthernet0/03.3.3.1 and 5.5.5.1 are my sham-link loopbacks from BGPThe 172.16.1.0 isn't anymore Connected, but made the fly through BGP!!!
I'm loving that stuff! But everyone need to sleep unfortunately
Tomorrow i will start the mpls TE chapter and i hope OSPF won't throw me anymore surprises like sham-links or virtual-links or anyother-links
[ ] - Lab exam (60h)
Personal blog: http://www.tommyf.net/
The MPLS TE isn't something who look complicated at the first look, but i will deep dive into it this week end!
Still not received my CCNP certificate :S
The same happened with my ccna one, probably lost in mail somewhere!
[ ] - Lab exam (60h)
Personal blog: http://www.tommyf.net/
How do you like the BGP Design and Implementations book?
For the BGP design & implementation, i feel that i have to read it very slowly because there's some weird advanced concepts in there and after 30 min of reading, i become totally confuse
The best order is probably
[ ] - Lab exam (60h)
Personal blog: http://www.tommyf.net/
Basic MPLS VPN | MPLS
I will try the advanced one, but might take much longer !
Edit:
Passed 3 hours on the Advanced labs, almost finished and BAM, GNS3 went froze up...damn!
[ ] - Lab exam (60h)
Personal blog: http://www.tommyf.net/
That sucks! But sounds like you were plugging away quite nicely. Do it over, reenforcement is never a bad thing
Save early. Save often.
And working from notepad, if you don't want to commit to your changes until after you've tested them, gives you a quick recovery method (as long as you have a UPS or are working on a laptop with a good battery).
This is how i see it
Yeah, everytime i do a command or a change, i do "do wr" but if you don't save the GNS3 project, your doomed. I tried to copy the temp directory while frozen, but seem i've didn't found the right files. Anyway!
I will use the archive feature with a TFTP for this lab and will turn on the Autosave feature!
[ ] - Lab exam (60h)
Personal blog: http://www.tommyf.net/
I guess since there's a BGP adjencency over a single VRF the PE2 router wouldn't accept each other routes if i don't specify "allowas-in" ?
Really not sure about it !
[ ] - Lab exam (60h)
Personal blog: http://www.tommyf.net/
MPLS Lab 3-1: Establishing the Core MPLS Environment
This week I did just that 2 labs. I have not had much time to devote to all this because I'm at the end of the semester at school and I had some exams to prepare.
The two labs was relatively easy because I already did several exercises in gns3 but I consider it a good review of what I have learned so far
At first glance I thought the technology "MPLS TE" was easy but I think now that it was probably the hardest thing to understand and I probably need to reread the chapter with the one about ATM. I have no clue about ATM, exept it has 50ish bytes header, there's no jitter and use VCI and VPI....
I skipped some pages about troubleshooting and also QoS, but afterwards I think the coolest technology I learned from this book is VPLS!
A private LAN in the cloud!
[ ] - Lab exam (60h)
Personal blog: http://www.tommyf.net/
A common sentiment about transit and peering is "Once a customer, never a peer."
You should keep in mind this philosophy when determining where to purchase transit.
After you become a customer of a particular ISP, it is very difficult to transition to a peering relationship with that ISP.
Can somebody explain me why please?
[ ] - Lab exam (60h)
Personal blog: http://www.tommyf.net/
Peering situations have to be financially advantageous for it to be considered. Otherwise there's no point.
Let's say, for example, I'm a customer of level3, and I'm getting a ton of traffic coming in. If I'm paying them, what incentive do they have to give me traffic for free? Unless I was sending them traffic that they'd have to pay for to get from someone else instead, it makes no sense for them to do so. In level3's case, it makes even less sense - they're a tier1, so they don't pay anyone for transit. They're perfectly happy to let you go buy from someone else, theyll get your traffic at the same price regardless, unless you can command some serious eyeballs.
Now, for a situation where it does make sense.... lets say I'm a content provider. And I get contacted by a local university who wants to peer with me. Lets say on average, I'm sending 1 gig of traffic to them. Well, both of us are paying transit costs for that (we're both on 95th percentile billing of course, and if we happen to have the same provider, then that provider is getting paid twice to move the same traffic.. not a bad gig!)
Now lets say me and the university have routers in a common peering point. The only thing we need to do is run a cross connect between our routers, and then we can exchange traffic with each other directly, and thereby save on transit costs, the only cost would be whatever the facility actually charges for the cross connect, and maybe some cost in the actual interface (if one or the otherside needed to procure an SFP, or XenPak, or something along those lines to actually hook the connection up into... router ports aint cheap, so not everyone fills out all possible port density, and just acquire it at need) which is usually fairly trivial and easily shared.
If people understood that the way global routing works is that you've basically got a cartel of companies who play nice with each other to ensure traffic changes hands, and then gouges the hell out of everyone else, I think they'd be amazed that the internet works at all.
This is also why you occasionally seeing peeing contests between big names. Cogent made alot of noise when they quietly arranged a number of peering agreements, and then started selling bandwidth to it's customers for really cheap. How pissed off would you be if you could charge 20bucks a meg, but one of your peers goes and sells transit for 5 bucks a meg and then starts dumping all that traffic on you. You don't see a cut of that money, and your providing service for someone else's customers, and thereby losing money. So when the internet gets partitioned because a couple of big names are fighting, all you have to do to figure out why is follow the money (or read the Renesys blog, they'll tell you all about it)
I read that renesys blog
That Level 3 and Global Crossing fusion taking 55% of Tier1 market in the recent fusion. It's huge!
[ ] - Lab exam (60h)
Personal blog: http://www.tommyf.net/
I've decided to go on the Security track a bit and explore SDM deeper. I'm currently practicing Windows radius with Cisco and reviewing some dot1x at the same time. I will try to focus more on the CBAC zone based firewall since i never had to work with it.
I just graduated from college today and starting my job probably at the end of May! I'll be a telecom consultant in a small firm here in Montreal so i have a full-time month to prepare the 691 exam and if i have time, maybe IINS before starting the job! Huge workload in perspective!
[ ] - Lab exam (60h)
Personal blog: http://www.tommyf.net/
Tre's bien!:)
__________________________________________
Simplicity is the ultimate sophistication.
(Leonardo da Vinci)
This is only a trivial query, but what software did you use for that diagram? I like it
:study: CVoice [X] CIPT 1 [ ] CIPT 2 [ ] CAPPS [ ] TVOICE [ ]
[ ] - Lab exam (60h)
Personal blog: http://www.tommyf.net/
Forgive me but i started to work finally and i just have no time to self study now ! :S
I understand better now that once your day is finished, you don't always want to pass another 1-2 hours in your books
[ ] - Lab exam (60h)
Personal blog: http://www.tommyf.net/
I too might be jumping on the bandwagon, once I get settled in at my position I may pursue another professional level Cisco Cert.. (I still have a year a before my CCNP expires)
Latest blog post: Let's review EIGRP Named Mode
Currently Studying: CCNP: Wireless - IUWMS
I started to revise since 2 weeks what i had learned about BGP combined with some new stuff like Multicast, Pim etc... I also organized my notes better with the help of OneNote.
The coolest news is that i got my first 3550 ipservices for 150$ from another guy going for the *IE next summer and converting his *old* 3550's for 3560s. I'll get a 3560 myself probably after christmas.
Doing all of the gns3vault BGP and MPLS labs is my next goal for now and i think that a re-read of some MPLS technologies will be required.
I would be happy if i can pass the 642-692 exam before Christmas and i plan to put about another 80 hours to succeed.
[ ] - Lab exam (60h)
Personal blog: http://www.tommyf.net/
I reviewed most of the stuff in the last weeks, did a lot of practice and reading on cisco website too.
I'm confident for the BGP aspect and most of the MPLS stuff but it's another story for ATMs and traffic engineering.
[ ] - Lab exam (60h)
Personal blog: http://www.tommyf.net/
Latest blog post: Let's review EIGRP Named Mode
Currently Studying: CCNP: Wireless - IUWMS
[ ] - Lab exam (60h)
Personal blog: http://www.tommyf.net/