MPLS and BGP journey

tomaifauchaitomaifauchai Member Posts: 301 ■■■□□□□□□□
Hi, after some hard read and research on cisco website, i've finally made my first MPLS VPN lab to work, nothing huge, but i think i'm on the good way!

When i started i was a complete noob on this technology and the more and more i advance into it, i'm really loving it! It's a bit hard to motivate myself because i know that this stuff wouldn't be in my day-to-day task in my internship/first job, but i wanted to know about MPLS.

So here's the lab i've built in GNS3

labmpls1.jpg
C       172.16.1.0 is directly connected, Serial0/0
D       172.16.3.0 [90/2681856] via 172.16.1.1, 00:14:44, Serial0/0
C    192.168.1.0/24 is directly connected, Loopback0
D    192.168.3.0/24 [90/2809856] via 172.16.1.1, 00:14:44, Serial0/0
[B]R1#[/B]
Tracing the route to 192.168.3.1

  1 172.16.1.1 84 msec 8 msec 104 msec
  2 10.1.1.2 [MPLS: Labels 16/20 Exp 0] 44 msec 28 msec 12 msec
  3 172.16.3.1 [MPLS: Label 20 Exp 0] 12 msec 24 msec 12 msec
  4 172.16.3.2 20 msec *  76 msec
[B]R1#[/B]
[B]R5#[/B]sh ip route vrf CUST1

B       172.16.1.0 [200/0] via 3.3.3.3, 00:31:59
C       172.16.3.0 is directly connected, Serial0/0
B    192.168.1.0/24 [200/2297856] via 3.3.3.3, 00:31:59
D    192.168.3.0/24 [90/2297856] via 172.16.3.2, 00:33:44, Serial0/0



I redistributed eigrp into bgp and bgp into eigrp on both sides.

I think my VPN work correctly now!
If i want to have an eBGP session to announce a public ip range now, besides the VPN process, can i do it under the default bgp instance without entering the address-family sub-menu ?
[X] - 350-001 (300h)
[ ] - Lab exam (60h)
Personal blog: http://www.tommyf.net/
«1

Comments

  • millworxmillworx Member Posts: 290
    Yes anything not pertaining to the VRFs you can do under the default global process. My motto is, when in doubt, try it out! Like so:

    router bgp 1
    no synchronization
    bgp log-neighbor-changes
    network 10.10.10.0 mask 255.255.255.0 <
    Global Statement
    neighbor 4.4.4.4 remote-as 1
    neighbor 10.10.10.2 remote-as 2 <
    Global Statement
    no auto-summary
    !
    address-family vpnv4
    neighbor 4.4.4.4 activate
    neighbor 4.4.4.4 send-community extended
    exit-address-family
    !
    address-family ipv4 vrf CUSTA
    redistribute connected
    no synchronization
    exit-address-family


    MPLS VPNs are pretty fun, if you haven't already done so, you should start playing around with MPLS route leaking!
    Currently Reading:
    CCIE: Network Security Principals and Practices
    CCIE: Routing and Switching Exam Certification Guide
  • tomaifauchaitomaifauchai Member Posts: 301 ■■■□□□□□□□
    millworx wrote: »
    Yes anything not pertaining to the VRFs you can do under the default global process. My motto is, when in doubt, try it out! Like so:

    Thanks, i will lab this tomorrow!
    Just finished the VPN chapter tonight and i definitely need some practice again about it. Especially the ospf part!

    I've created 2 EIGRP process for my topology because on the first try, it wasn't working with "router eigrp 1" with dual address-family. After reading the chapter, i noticed they were creating only 1 process. The eigrp redistribution into BGP didn't worked so i created 2 eigrp process.

    Tomorrow i will clear all eigrp and bgp from the PE routers and will restart it completely! Need some labbing again before moving to the MPLS-TE chapter. I feel that an OSPF design deserve some hours to spend on!
    [X] - 350-001 (300h)
    [ ] - Lab exam (60h)
    Personal blog: http://www.tommyf.net/
  • tomaifauchaitomaifauchai Member Posts: 301 ■■■□□□□□□□
    I wasn't very busy at school today, so i designed the new topology i'll work on which cover most of the topics of mpls vpn.
    I will retest dual eigrp implementation on CustB also because i don't know what i've missed!
    I also added the eBGP links between customers and ISP with tunnel interfaces!

    mpls_topo.jpg


    If anyone interested i could share the configs and .NET file
    [X] - 350-001 (300h)
    [ ] - Lab exam (60h)
    Personal blog: http://www.tommyf.net/
  • millworxmillworx Member Posts: 290
    Looks like a fun config! Happy labbing!

    One thing, I don't quite follow you when you are saying dual eigrp? Are you specifying the autonomous-system <#> command under the address family for the VRF on the PE router? Also I don't know what your config is, but dont forget to add the metric when your doing the redistribution.
    Currently Reading:
    CCIE: Network Security Principals and Practices
    CCIE: Routing and Switching Exam Certification Guide
  • tomaifauchaitomaifauchai Member Posts: 301 ■■■□□□□□□□
    millworx, i had 1 eigrp process running on R5, with 2 address-family with different autonomous system numbers. Adjencency were forming correctly with neighbors but redistribution into BGP wasn't working from one of them. I don't know what was wrong yet, but i moved onto OSPF already. I will test that behavior again later!

    For the new topology i've created, my sham link seem to work well!
    Here's a show ip route ospf on R1, with the s0/0 link UP (tweaked the interface bandwidth up)
    O E2    3.3.3.1 [110/1] via 172.16.1.1, 00:02:53, Serial0/0
         5.0.0.0/32 is subnetted, 1 subnets
    O E2    5.5.5.1 [110/1] via 172.16.1.1, 00:02:53, Serial0/0
         172.16.0.0/30 is subnetted, 2 subnets
    O       172.16.3.0 [110/151] via 172.16.1.1, 00:00:03, Serial0/0
    O    192.168.2.0/24 [110/152] via 172.16.1.1, 00:00:03, Serial0/0
    
    And show ip route ospf, with s0/0 down
    O E2    3.3.3.1 [110/1] via 192.168.100.2, 00:00:04, FastEthernet0/0
         5.0.0.0/32 is subnetted, 1 subnets
    O E2    5.5.5.1 [110/1] via 192.168.100.2, 00:00:04, FastEthernet0/0
         172.16.0.0/30 is subnetted, 2 subnets
    O       [COLOR=Red][B]172.16.1.0[/B][/COLOR] [110/1205] via [COLOR=Red][B]192.168.100.2[/B][/COLOR], 00:00:04, FastEthernet0/0
    O       172.16.3.0 [110/1100] via 192.168.100.2, 00:00:04, FastEthernet0/0
    O    192.168.2.0/24 [110/1001] via 192.168.100.2, 00:00:04, FastEthernet0/0
    
    
    3.3.3.1 and 5.5.5.1 are my sham-link loopbacks from BGP
    The 172.16.1.0 isn't anymore Connected, but made the fly through BGP!!!
    I'm loving that stuff! But everyone need to sleep unfortunately icon_twisted.gif

    Tomorrow i will start the mpls TE chapter and i hope OSPF won't throw me anymore surprises like sham-links or virtual-links or anyother-links icon_cheers.gif
    [X] - 350-001 (300h)
    [ ] - Lab exam (60h)
    Personal blog: http://www.tommyf.net/
  • tomaifauchaitomaifauchai Member Posts: 301 ■■■□□□□□□□
    Not studied much this week, was doing some test with XenServer at home and a break was needed !
    The MPLS TE isn't something who look complicated at the first look, but i will deep dive into it this week end!

    Still not received my CCNP certificate :S
    The same happened with my ccna one, probably lost in mail somewhere!
    [X] - 350-001 (300h)
    [ ] - Lab exam (60h)
    Personal blog: http://www.tommyf.net/
  • burbankmarcburbankmarc Member Posts: 460
    Keep chugging away. There's only a couple of us working on the CCIP. I'm almost done with my BGP studies and gonna reenforce MPLS and hopefully take the composite in the next couple weeks.

    How do you like the BGP Design and Implementations book?
  • tomaifauchaitomaifauchai Member Posts: 301 ■■■□□□□□□□
    Yeah, CCIP isn't very popular until you really need it but if you aim to be CCIE it is a valuable path to consider!

    For the BGP design & implementation, i feel that i have to read it very slowly because there's some weird advanced concepts in there and after 30 min of reading, i become totally confuse :)

    The best order is probably
    1. IRA
    2. MPLS fund
    3. BGP design
    [X] - 350-001 (300h)
    [ ] - Lab exam (60h)
    Personal blog: http://www.tommyf.net/
  • tomaifauchaitomaifauchai Member Posts: 301 ■■■□□□□□□□
    I did this lab without looking at my notes (commands) tonight! Basic stuff, sure, but it's certainly encouraging !

    Basic MPLS VPN | MPLS

    I will try the advanced one, but might take much longer !


    Edit:
    Passed 3 hours on the Advanced labs, almost finished and BAM, GNS3 went froze up...damn!
    [X] - 350-001 (300h)
    [ ] - Lab exam (60h)
    Personal blog: http://www.tommyf.net/
  • burbankmarcburbankmarc Member Posts: 460
    Edit:
    Passed 3 hours on the Advanced labs, almost finished and BAM, GNS3 went froze up...damn!

    That sucks! But sounds like you were plugging away quite nicely. Do it over, reenforcement is never a bad thing icon_thumright.gif
  • mikej412mikej412 Member Posts: 10,090
    Passed 3 hours on the Advanced labs, almost finished and BAM, GNS3 went froze up...damn!

    Save early. Save often.

    And working from notepad, if you don't want to commit to your changes until after you've tested them, gives you a quick recovery method (as long as you have a UPS or are working on a laptop with a good battery).
    :mike: Cisco Certifications -- Collect the Entire Set!
  • tomaifauchaitomaifauchai Member Posts: 301 ■■■□□□□□□□
    That sucks! But sounds like you were plugging away quite nicely. Do it over, reenforcement is never a bad thing icon_thumright.gif

    This is how i see it icon_thumright.gif
    mikej412 wrote: »
    Save early. Save often.

    Yeah, everytime i do a command or a change, i do "do wr" but if you don't save the GNS3 project, your doomed. I tried to copy the temp directory while frozen, but seem i've didn't found the right files. Anyway!

    I will use the archive feature with a TFTP for this lab and will turn on the Autosave feature! icon_redface.gif
    [X] - 350-001 (300h)
    [ ] - Lab exam (60h)
    Personal blog: http://www.tommyf.net/
  • tomaifauchaitomaifauchai Member Posts: 301 ■■■□□□□□□□
    Finally did it, there's one thing i'm not sure about and it's the "BGP multihoming over the same VRF" scenario.

    I guess since there's a BGP adjencency over a single VRF the PE2 router wouldn't accept each other routes if i don't specify "allowas-in" ?

    Really not sure about it !


    24fzk81.jpg
    [B]PE2#sh run | s router bgp[/B]
    router bgp 1
     no synchronization
     bgp log-neighbor-changes
     neighbor 3.3.3.3 remote-as 1
     neighbor 3.3.3.3 update-source Loopback0
     no auto-summary
     !
     address-family vpnv4
      neighbor 3.3.3.3 activate
      neighbor 3.3.3.3 send-community both
     exit-address-family
    
     address-family ipv4 vrf coco
      redistribute eigrp 3
      neighbor 7.7.7.7 remote-as 3
      neighbor 7.7.7.7 activate
      neighbor 7.7.7.7 allowas-in 2
      neighbor 8.8.8.8 remote-as 3
      neighbor 8.8.8.8 activate
      neighbor 8.8.8.8 allowas-in 2
      no synchronization
     exit-address-family
    
    
    [X] - 350-001 (300h)
    [ ] - Lab exam (60h)
    Personal blog: http://www.tommyf.net/
  • tomaifauchaitomaifauchai Member Posts: 301 ■■■□□□□□□□
    MPLS Lab 2-1: Establishing the Service Provider IGP Routing Environment
    MPLS Lab 3-1: Establishing the Core MPLS Environment

    This week I did just that 2 labs. I have not had much time to devote to all this because I'm at the end of the semester at school and I had some exams to prepare.

    The two labs was relatively easy because I already did several exercises in gns3 but I consider it a good review of what I have learned so far

    At first glance I thought the technology "MPLS TE" was easy but I think now that it was probably the hardest thing to understand and I probably need to reread the chapter with the one about ATM. I have no clue about ATM, exept it has 50ish bytes header, there's no jitter and use VCI and VPI....

    I skipped some pages about troubleshooting and also QoS, but afterwards I think the coolest technology I learned from this book is VPLS!

    A private LAN in the cloud! :)
    [X] - 350-001 (300h)
    [ ] - Lab exam (60h)
    Personal blog: http://www.tommyf.net/
  • tomaifauchaitomaifauchai Member Posts: 301 ■■■□□□□□□□
    BGP D&I page 401

    A common sentiment about transit and peering is "Once a customer, never a peer."
    You should keep in mind this philosophy when determining where to purchase transit.
    After you become a customer of a particular ISP, it is very difficult to transition to a peering relationship with that ISP.


    Can somebody explain me why please?
    [X] - 350-001 (300h)
    [ ] - Lab exam (60h)
    Personal blog: http://www.tommyf.net/
  • DPGDPG Member Posts: 780 ■■■■■□□□□□
    If you have to purchase transit, you are probably not going to be able to maintain a fair traffic ratio as a true peer.

  • Forsaken_GAForsaken_GA Member Posts: 4,024
    BGP D&I page 401

    A common sentiment about transit and peering is "Once a customer, never a peer."
    You should keep in mind this philosophy when determining where to purchase transit.
    After you become a customer of a particular ISP, it is very difficult to transition to a peering relationship with that ISP.


    Can somebody explain me why please?

    Peering situations have to be financially advantageous for it to be considered. Otherwise there's no point.

    Let's say, for example, I'm a customer of level3, and I'm getting a ton of traffic coming in. If I'm paying them, what incentive do they have to give me traffic for free? Unless I was sending them traffic that they'd have to pay for to get from someone else instead, it makes no sense for them to do so. In level3's case, it makes even less sense - they're a tier1, so they don't pay anyone for transit. They're perfectly happy to let you go buy from someone else, theyll get your traffic at the same price regardless, unless you can command some serious eyeballs.

    Now, for a situation where it does make sense.... lets say I'm a content provider. And I get contacted by a local university who wants to peer with me. Lets say on average, I'm sending 1 gig of traffic to them. Well, both of us are paying transit costs for that (we're both on 95th percentile billing of course, and if we happen to have the same provider, then that provider is getting paid twice to move the same traffic.. not a bad gig!)

    Now lets say me and the university have routers in a common peering point. The only thing we need to do is run a cross connect between our routers, and then we can exchange traffic with each other directly, and thereby save on transit costs, the only cost would be whatever the facility actually charges for the cross connect, and maybe some cost in the actual interface (if one or the otherside needed to procure an SFP, or XenPak, or something along those lines to actually hook the connection up into... router ports aint cheap, so not everyone fills out all possible port density, and just acquire it at need) which is usually fairly trivial and easily shared.

    If people understood that the way global routing works is that you've basically got a cartel of companies who play nice with each other to ensure traffic changes hands, and then gouges the hell out of everyone else, I think they'd be amazed that the internet works at all.

    This is also why you occasionally seeing peeing contests between big names. Cogent made alot of noise when they quietly arranged a number of peering agreements, and then started selling bandwidth to it's customers for really cheap. How pissed off would you be if you could charge 20bucks a meg, but one of your peers goes and sells transit for 5 bucks a meg and then starts dumping all that traffic on you. You don't see a cut of that money, and your providing service for someone else's customers, and thereby losing money. So when the internet gets partitioned because a couple of big names are fighting, all you have to do to figure out why is follow the money (or read the Renesys blog, they'll tell you all about it)
  • tomaifauchaitomaifauchai Member Posts: 301 ■■■□□□□□□□
    You're a true gentleman and your explanations are always nicely expressed

    I read that renesys blog
    That Level 3 and Global Crossing fusion taking 55% of Tier1 market in the recent fusion. It's huge!
    [X] - 350-001 (300h)
    [ ] - Lab exam (60h)
    Personal blog: http://www.tommyf.net/
  • tomaifauchaitomaifauchai Member Posts: 301 ■■■□□□□□□□
    My 691 study going smoothly, finished all the books and i'm currently testing myself with a boson test and reviewing what i could have missed.

    I've decided to go on the Security track a bit and explore SDM deeper. I'm currently practicing Windows radius with Cisco and reviewing some dot1x at the same time. I will try to focus more on the CBAC zone based firewall since i never had to work with it.

    I just graduated from college today and starting my job probably at the end of May! I'll be a telecom consultant in a small firm here in Montreal so i have a full-time month to prepare the 691 exam and if i have time, maybe IINS before starting the job! Huge workload in perspective!
    [X] - 350-001 (300h)
    [ ] - Lab exam (60h)
    Personal blog: http://www.tommyf.net/
  • ITdudeITdude Member Posts: 1,183
    Congrats on the graduation and the 691 progress.....

    Tre's bien!:) icon_wink.gif
    I usually hang out on 224.0.0.10 (FF02::A) and 224.0.0.5 (FF02::5) when I'm in a non-proprietary mood.

    __________________________________________
    Simplicity is the ultimate sophistication.
    (Leonardo da Vinci)
  • Chris_Chris_ Member Posts: 326
    @tomaifauchai
    This is only a trivial query, but what software did you use for that diagram? I like it :)
    Going all out for Voice. Don't worry Data; I'll never forget you
    :study: CVoice [X] CIPT 1 [ ] CIPT 2 [ ] CAPPS [ ] TVOICE [ ]
  • tomaifauchaitomaifauchai Member Posts: 301 ■■■□□□□□□□
  • tomaifauchaitomaifauchai Member Posts: 301 ■■■□□□□□□□
    It's been a long time since i posted.
    Forgive me but i started to work finally and i just have no time to self study now ! :S
    I understand better now that once your day is finished, you don't always want to pass another 1-2 hours in your books icon_wink.gif
    [X] - 350-001 (300h)
    [ ] - Lab exam (60h)
    Personal blog: http://www.tommyf.net/
  • down77down77 Member Posts: 1,009
    I understand how life and work can take away from your study time! It may seem difficult, but try to sneak in just 30 minutes of review a day. This may not seem much in comparison to previous sessions, but I promise it's great for making progress towards your studies. Keep us informed on your progress! I'll be joining you in the hunt for BGP/MPLS composite soon enough.
    CCIE Sec: Starting Nov 11
  • SteveO86SteveO86 Member Posts: 1,423
    down77 wrote: »
    I understand how life and work can take away from your study time! It may seem difficult, but try to sneak in just 30 minutes of review a day. This may not seem much in comparison to previous sessions, but I promise it's great for making progress towards your studies. Keep us informed on your progress! I'll be joining you in the hunt for BGP/MPLS composite soon enough.

    I too might be jumping on the bandwagon, once I get settled in at my position I may pursue another professional level Cisco Cert.. (I still have a year a before my CCNP expires)
    My Networking blog
    Latest blog post: Let's review EIGRP Named Mode
    Currently Studying: CCNP: Wireless - IUWMS
  • tomaifauchaitomaifauchai Member Posts: 301 ■■■□□□□□□□
    After a few months break, i decided to continue studying toward CCIP ! Winter is coming slowly but surely here in Montreal and it's perfect for reading and labbing. In this period I finished reading Routing TCP Vol 1 and most of the Vol 2 as well, but i didn't labbed at all. Multicast is really a big piece in this book!

    I started to revise since 2 weeks what i had learned about BGP combined with some new stuff like Multicast, Pim etc... I also organized my notes better with the help of OneNote.


    The coolest news is that i got my first 3550 ipservices for 150$ from another guy going for the *IE next summer and converting his *old* 3550's for 3560s. I'll get a 3560 myself probably after christmas.

    Doing all of the gns3vault BGP and MPLS labs is my next goal for now and i think that a re-read of some MPLS technologies will be required.
    I would be happy if i can pass the 642-692 exam before Christmas and i plan to put about another 80 hours to succeed.
    [X] - 350-001 (300h)
    [ ] - Lab exam (60h)
    Personal blog: http://www.tommyf.net/
  • tomaifauchaitomaifauchai Member Posts: 301 ■■■□□□□□□□
    Exam scheduled next tuesday icon_cheers.gif

    I reviewed most of the stuff in the last weeks, did a lot of practice and reading on cisco website too.
    I'm confident for the BGP aspect and most of the MPLS stuff but it's another story for ATMs and traffic engineering.
    [X] - 350-001 (300h)
    [ ] - Lab exam (60h)
    Personal blog: http://www.tommyf.net/
  • SteveO86SteveO86 Member Posts: 1,423
    Good luck!
    My Networking blog
    Latest blog post: Let's review EIGRP Named Mode
    Currently Studying: CCNP: Wireless - IUWMS
  • down77down77 Member Posts: 1,009
    Good luck! My attempt is friday so it sounds like we are both going to have some fun with this one!
    CCIE Sec: Starting Nov 11
  • tomaifauchaitomaifauchai Member Posts: 301 ■■■□□□□□□□
    Thank you guys, i will certainly enjoy the exam! I'll study most of the weekend though. Good luck with yours
    [X] - 350-001 (300h)
    [ ] - Lab exam (60h)
    Personal blog: http://www.tommyf.net/
Sign In or Register to comment.