CCIE SP Workbook.pdf

LAB 2 WORKBOOK (Updated)

CCIE Service Provider

ALIASES Aliases for IOS Aliases for IOS-XR alias exec c configure terminal alias exec p4 show ip interface brief alias exec p6 show ipv6 interface brief alias exec r show run | section router rip alias exec b show run | section router bgp alias exec o show run | section router ospf alias exec i show run | section ^router isis alias exec e show run | section router eigrp alias exec o4 show ip ospf neighbor alias exec o6 show ipv6 ospf neighbor alias exec oi4 show ip ospf interface brief alias exec oi6 show ipv6 ospf interface brief alias exec b4 show bgp ipv4 unicast summary alias exec b6 show bgp ipv6 unicast summary alias exec v4 show bgp vpnv4 unicast all summary alias exec v6 show bgp vpnv6 unicast all summary alias exec pn show ip pim neighbor alias exec pi show ip pim interface alias exec ld show mpls ldp discovery alias exec ln show mpls ldp neighbor

alias c configure terminal alias p4 show ipv4 int brief alias pv4 show ipv4 vrf ABC int brief alias p6 show ipv6 int brief alias pv6 show ipv6 vrf ABC int brief alias r show run router rip alias o show run router ospf alias b show run router bgp alias i show run router isis abc alias e show run router eigrp alias b4 show bgp ipv4 unicast summary alias b6 show bgp ipv6 unicast summary alias v4 show bgp vpnv4 unicast summary alias v6 show bgp vpnv6 unicast summary alias o4 show ospf neighbor alias oi4 show ospf interface brief alias o6 show ospfv3 neighbor alias oi6 show ospfv3 interface brief alias pn show pim ipv4 neighbor alias pi show pim ipv4 interface alias ld show mpls ldp discovery alias ln show mpls ldp neighbor commit

NOTE: In LAB, the first thing you will do is WRITE ALIASES. Creating and using aliases will save a huge amount of time in your LAB.

LAB Equipment

Cisco XR12000 series Routers (IOS XR) Cisco 7200/7600 Series Routers (Regular IOS) Cisco ME3400E Series Switches (CAT OS)

Addressing Pattern

In Service Provider Cores (ASN 9 and ASN 1009) For IPv4 Loopback Interfaces 9.9.0.X/32 Interconnected Interfaces 9.9.XY.X/24 For IPv6 Loopback Interfaces 2002:9:9::X/128 Interconnected Interfaces 2002:9:9:XY::X/64 Interfaces on XR Series Routers are GigabitEthernet and Interfaces on all other Routers are Ethernet

LAB 2 Questions

and Diagrams

All Questions

Manage Devices

Guidelines End Session Help

Section 1: CORE TEHNOLOGY

1.1 OSPFv2 IPv4 troubleshooting

OSPF for IPV4 routing on routers in AS9 has been configured for the interfaces according to

the given table. There are some problems in the topology find out and fix them.

NOTE: A Table will be given in the lab under the question , all interfaces will be in area 0. Dont

advertise any extra interface in the OSPF.

Aliases O4 - Oi4 - show ip route ospf

Use TCL Script

Routers Area Interfaces

R2 0 Gi0/0.27 Gi0/0.23

Lo0

R3 0 Gi0/0.35 Gi0/0.34 Gi0/0.23

Lo0

R4 0 Gi0/0.47 Gi0/0.46 Gi0/0.34

Lo0

R5 0 Fa0/0.56 Fa0/0.35

Lo0

R6 0 Fa0/0.56 Fa0/0.46

Lo0

R7 0 Fa0/0.47 Fa0/0.27

Lo0

Possible Faults for Task 1.1

Example 1: OSPF neighbor ship is down b/w R3-R4 due to mismatch hello interval

R3:

!

router ospf 9

area 0

int GigabitEthernet0/0.34

no ip ospf hello-interval 20

!

Example 2: OSPF neighbor ship is down b/w R7-R4 due to mismatch MTU, neighbor-ship is

stuck in EXSTART state.

R7:

!

interface FastEthernet0/0.47

no ip mtu 1300

!

Faults Description of Faults 1 Hello or Dead interval Mismatch

2 MTU Mismatch

3 OSPF Network Type Mismatch

4 Duplicate Router IDs

5 Network Not advertised in OSPF

6 Wrong IP Address or Subnet mask

7 Mismatch Area IDs

8 Mismatch Regular Area Types (STUB, Totally STUB, NSSA, Totally NSSA).

9 Packet Filter can also cause problems.

10 Wrong Interface is advertised or right interface in wrong Area.

Example 3:

OSPF Neighbor ship is established between R5-R6, but one side is

configured as point-to-point , for other side of the link network type

is still broadcast . In this case both routers will not exchange the

DATABASE.

R6#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

9.9.0.5 0 FULL/ - 00:00:37 9.9.56.5 FastEthernet0/0.56 9.9.0.4 1 FULL/DR 00:00:37 9.9.46.4 FastEthernet0/0.46

R6#

ON R6:


no ip ospf network point-to-point

1.2: OSPFv3 troubleshooting:

OSPF for IPV6 routing on routers in AS9 have been configured according to the given table.

There are some problems in the topology find out and fix them.

Routers Area Interfaces

R2 0 0 0

Gi0/0.27 Gi0/0.23

Lo0

R3 1 0 0 0

Gi0/0.35 Gi0/0.34 Gi0/0.23

Lo0

R4 0 1 0 0

Gi0/0.47 Gi0/0.46 Gi0/0.34

Lo0

R5 1 1 1

Fa0/0.56 Fa0/0.35

Lo0

R6 1 1 1

Fa0/0.56 Fa0/0.46

Lo0

R7 0 0 0

Fa0/0.47 Fa0/0.27

Lo0

Aliases O6 - Oi6 - show ipv6 route ospf

Use TCL Script

Example 1: IPv6 OSPF neighbor-ship is down b/w R4-R6 due to area mismatch

On R4:

router ospfv3 9

no area 10

area 1

interface GigabitEthernet0/9/0/0.46

Example 2:

IPv6 OSPF neighbor-ship is down between R2 and R3 due to wrong interface

is advertised in area 0.

router ospfv3 9

Area 0

Interface loopback 0

No Interface Gig0/7/0/0.38 //Remove

Interface Gig0/7/0/0.23

Interface Gig0/7/0/0.27

R3

R4

R5

R6R7

VLAN

47

VLAN

23

VLAN

27

VLAN

34

VLAN

46

VLAN

35

VLAN

56

ASN 9

R2

OSPFV3

AREA 0

OSPFV3

AREA 1

1.3: ISIS for IPv4 ISIS for IPV4 has been configured in AS1009 according to the table. There are some

problems in the topology find out and fix them.

1.4: ISIS for IPv6 ISIS for IPV6 has been configured in AS1009 according to the table.There are some problems

in the topology find out and fix them.

NOTE: We will solve

the two questions

simultaneously.

R1

R8

R10

R9

R20

VLAN

18

VLAN

109

VLAN

101

VLAN

89

ASN

1009

PPPLEVEL-1 Only

CAN BE ISIS

LEVEL-1-2 OR

ISIS LEVEL-2 only

Example 1: R10 - R1 isis for ipv6 is not enable

R1#sh isis neighbor detail

System Id Type Interface IP Address State Holdtime Circuit Id

R10 L2 Gi0/0.101 9.9.101.10 UP 8 R10.02

Area Address(es): 47.0110

SNPA: ca09.0bc0.0008

State Changed: 00:45:13 IPv6 Address FE80 is not shown LAN Priority: 64

Format: Phase V

Remote TID: 0

Local TID: 0, 2

Interface name: GigabitEthernet0/0.101

R8 L2 Gi0/0.18 9.9.18.8 UP 9 R8.02

Area Address(es): 47.0108

SNPA: ca07.0bc0.0008

IPv6 Address(es): FE80::C807:BFF:FEC0:8

State Changed: 00:45:12

LAN Priority: 64

Format: Phase V

Remote TID: 0, 2

Local TID: 0, 2

Interface name: GigabitEthernet0/0.18

R10:

int FastEthernet0/0.101

ipv6 router isis

Example 2: configure AS 1009 as multi-topology:

R1:

IOS: R9,R10,R8

router isis abc

address-family ipv6 unicast

no single-topology

router isis


multi-topology

NOTE: if IOS-XR is running single-topology, then we dont need to change it to MULTI-

TOPOLOGY on both IOS /IOS-XR , Our goal is to just match the topology mode.

Example 3: ISIS NET ID is wrong on R8

!

router isis

no network 47.0109.0000.0000.8888.00

network 47.0108.0000.0000.8888.00

!

Example 4: IP Address is not configured on the interface but neighbor is UP.

on R9

configure the IPv4 Address on R9 interface connecting R10.

!


encapsulation dot1Q 109

ip address 9.9.109.9 255.255.255.0

end

NOTE: Need to check if the IP addresses and subnet masks are correct? It

is very important to check these in an Integrated IS-IS environment

because a misconfigured IP address will not prevent an IS-IS adjacency

from being partially established

SOLUTION for Task 1.3 and Task 1.4 (ISIS for IPv4/IPv6)

R8/R9/R10 R1 : IOS-XR

ON R8 router isis net 47.0108.0000.0000.8888.00 metric-style wide ! address-family ipv6 multi-topology exit-address-family ! Interface loopback 0 ip router isis Ipv6 router isis

router isis abc net 47.0101.0000.0000.1111.00 address-family ipv4 unicast metric-style wide ! address-family ipv6 unicast metric-style wide //Default and will not be displayed if configured. ! interface Loopback0 passive address-family ipv4 unicast !

! interface FastEthernet 0/0.18 Ip router isis Ipv6 router isis ! interface FastEthernet 0/0.89 Ip router isis Ipv6 router isis !

ON R9 router isis net 47.0109.0000.0000.9999.00 metric-style wide ! address-family ipv6 multi-topology exit-address-family ! Interface loopback 0 ip router isis Ipv6 router isis ! interface FastEthernet 0/0.109 Ip router isis Ipv6 router isis ! interface FastEthernet 0/0.89 Ip router isis Ipv6 router isis !

ON R10 router isis net 47.0110.0000.0000.1010.00 metric-style wide ! address-family ipv6 multi-topology exit-address-family ! Interface loopback 0 ip router isis Ipv6 router isis !

address-family ipv6 unicast ! ! interface GigabitEthernet0/1/0/0.18 point-to-point address-family ipv4 unicast ! address-family ipv6 unicast ! ! interface GigabitEthernet0/1/0/0.101 address-family ipv4 unicast ! address-family ipv6 unicast ! !

//Single-Topology ISIS cost calculation for IPv4 and IPv6 will remain same. Calculate once and use twice. This is not processor intensive. //Multi-Topology Individual Metric Calculation for IPv4 and IPv6 Calculation. We should use this when we want to change the path for IPv6 routes and we will be able to change the cost for IPv6 routes. NOTE: We will use Multi-Topology and we will use metric-style wide.

Aliases i show isis neighbor detail show ip route isis show ipv6 route isis

interface FastEthernet 0/0.109 Ip router isis Ipv6 router isis ! interface FastEthernet 0/0.101 Ip router isis Ipv6 router isis !

1.5: ISIS Link or Network Type Configure ISIS as point to point between R1 R8.

R1 R8 router isis abc

interface Gig0/2/1/0.18

point-to-point

interface fastethernet0/0.18

isis network point-to-point

1.6: OSPFv3 Path Control R7 is getting R5 Loopback IPv6 address via two paths R4-R6-R5 and from R2-R3-R5.

Configure R3 such that it should prefer the path one (R4-R6-R5) as primary.

router ospfv3 9


!

area 1

int GigabitEthernet0/7/0/0.35

cost 30

!

!

Verification on R7# traceroute 2002:9:9::5

1.7: IPV4 BGP unicast troubleshooting

R2 R3 R4 R5 R7 R6 have been preconfigured to belong to AS9.

R1 R8 R9 R10 have been preconfigured to belong to AS1009.

R2 and R7 act as the route reflector for IBGP IPV4 unicast within AS9. An I-BGP ipv4 session

should not be established between R3 R4 R5 R6.

R1 , R8 act as route reflector for IBGP ipv4 unicast within AS1009. An IBGP IPV4 session

should not establish between R9 R10.

There are some problems in BGP IPV4 unicast find out and fix them.

ROUTE REFLECTOR - R7&R8 ROUTE REFLECTOR Client R5, R6, R9, R10

ON R7: router bgp 9 no bgp default ipv4-unicast bgp log-neighbor-changes neighbor 9.9.0.2 remote-as 9 neighbor 9.9.0.2 update-source Loopback0 neighbor 9.9.0.3 remote-as 9 neighbor 9.9.0.3 update-source Loopback0 neighbor 9.9.0.4 remote-as 9 neighbor 9.9.0.4 update-source Loopback0 neighbor 9.9.0.5 remote-as 9 neighbor 9.9.0.5 update-source Loopback0 neighbor 9.9.0.6 remote-as 9 neighbor 9.9.0.6 update-source Loopback0 ! address-family ipv4 no synchronization network 9.9.0.7 mask 255.255.255.255 neighbor 9.9.0.2 activate neighbor 9.9.0.2 send-community neighbor 9.9.0.2 route-reflector-client neighbor 9.9.0.3 activate neighbor 9.9.0.3 send-community neighbor 9.9.0.3 route-reflector-client neighbor 9.9.0.4 activate neighbor 9.9.0.4 send-community neighbor 9.9.0.4 route-reflector-client neighbor 9.9.0.5 activate neighbor 9.9.0.5 send-community neighbor 9.9.0.5 route-reflector-client neighbor 9.9.0.6 activate neighbor 9.9.0.6 send-community neighbor 9.9.0.6 route-reflector-client no auto-summary exit-address-family

!

ON R8: router bgp 1009 no bgp default ipv4-unicast bgp log-neighbor-changes neighbor 9.9.0.1 remote-as 1009 neighbor 9.9.0.1 update-source Loopback0 neighbor 9.9.0.9 remote-as 1009 neighbor 9.9.0.9 update-source Loopback0 neighbor 9.9.0.10 remote-as 1009 neighbor 9.9.0.10 update-source Loopback0 ! address-family ipv4 no synchronization network 9.9.0.8 mask 255.255.255.255 neighbor 9.9.0.1 activate neighbor 9.9.0.1 send-community both neighbor 9.9.0.1 route-reflector-client neighbor 9.9.0.1 next-hop-self neighbor 9.9.0.9 activate neighbor 9.9.0.9 send-community neighbor 9.9.0.9 route-reflector-client neighbor 9.9.0.9 next-hop-self neighbor 9.9.0.10 activate neighbor 9.9.0.10 send-community neighbor 9.9.0.10 route-reflector-client neighbor 9.9.0.10 next-hop-self neighbor 9.9.78.7 activate neighbor 9.9.78.7 send-community both no auto-summary exit-address-family !

ON R5: router bgp 9 no bgp default ipv4-unicast bgp log-neighbor-changes neighbor 9.9.0.2 remote-as 9 neighbor 9.9.0.2 update-source Loopback0 neighbor 9.9.0.7 remote-as 9 neighbor 9.9.0.7 update-source Loopback0 ! address-family ipv4 no synchronization network 9.9.0.5 mask 255.255.255.255 neighbor 9.9.0.2 activate neighbor 9.9.0.2 send-community neighbor 9.9.0.7 activate neighbor 9.9.0.7 send-community no auto-summary exit-address-family !

ON R6: router bgp 9 no bgp default ipv4-unicast bgp log-neighbor-changes neighbor 9.9.0.2 remote-as 9 neighbor 9.9.0.2 update-source Loopback0 neighbor 9.9.0.7 remote-as 9 neighbor 9.9.0.7 update-source Loopback0 ! address-family ipv4 no synchronization network 9.9.0.6 mask 255.255.255.255 neighbor 9.9.0.2 activate neighbor 9.9.0.2 send-community neighbor 9.9.0.7 activate

neighbor 9.9.0.7 send-community no auto-summary exit-address-family !

ON R9: router bgp 1009 no bgp default ipv4-unicast bgp log-neighbor-changes neighbor 9.9.0.1 remote-as 1009 neighbor 9.9.0.1 update-source Loopback0 neighbor 9.9.0.8 remote-as 1009 neighbor 9.9.0.8 update-source Loopback0 ! address-family ipv4 no synchronization network 9.9.0.9 mask 255.255.255.255 neighbor 9.9.0.1 activate neighbor 9.9.0.1 send-community neighbor 9.9.0.8 activate neighbor 9.9.0.8 send-community no auto-summary exit-address-family !

ON R10: router bgp 1009 no bgp default ipv4-unicast bgp log-neighbor-changes neighbor 9.9.0.1 remote-as 1009 neighbor 9.9.0.1 update-source Loopback0 neighbor 9.9.0.8 remote-as 1009 neighbor 9.9.0.8 update-source Loopback0 ! address-family ipv4 no synchronization network 9.9.0.10 mask 255.255.255.255 neighbor 9.9.0.1 activate neighbor 9.9.0.1 send-community neighbor 9.9.0.8 activate

neighbor 9.9.0.8 send-community no auto-summary exit-address-family !

ON IOS-XR

ROUTE REFLECTOR R1 & R2 ROUTE REFLECTOR Client R3 and R4

ON R1: router bgp 1009 address-family ipv4 unicast network 9.9.0.1/32 ! ! neighbor 9.9.0.8 remote-as 1009 update-source Loopback0 address-family ipv4 unicast route-reflector-client ! ! ! neighbor 9.9.0.9 remote-as 1009 update-source Loopback0 address-family ipv4 unicast route-reflector-client ! ! neighbor 9.9.0.10 remote-as 1009 update-source Loopback0 address-family ipv4 unicast route-reflector-client !

ON R2: router bgp 1009 address-family ipv4 unicast network 9.9.0.2/32 ! ! neighbor 9.9.0.3 remote-as 9 update-source Loopback0 address-family ipv4 unicast route-reflector-client ! ! neighbor 9.9.0.4 remote-as 9 update-source Loopback0 address-family ipv4 unicast route-reflector-client ! ! neighbor 9.9.0.5 remote-as 9 update-source Loopback0 address-family ipv4 unicast route-reflector-client ! neighbor 9.9.0.6 remote-as 9 update-source Loopback0 address-family ipv4 unicast route-reflector-client ! neighbor 9.9.0.7 remote-as 9 update-source Loopback0 address-family ipv4 unicast route-reflector-client !

ON R3: router bgp 9 address-family ipv4 unicast network 9.9.0.3/32 ! ! neighbor 9.9.0.2 remote-as 9 update-source Loopback0 address-family ipv4 unicast ! ! neighbor 9.9.0.7 remote-as 9 update-source Loopback0 address-family ipv4 unicast ! !

ON R4: router bgp 9 address-family ipv4 unicast network 9.9.0.4/32 ! ! neighbor 9.9.0.2 remote-as 9 update-source Loopback0 address-family ipv4 unicast ! ! neighbor 9.9.0.7 remote-as 9 update-source Loopback0 address-family ipv4 unicast ! !

1.8 : IPV6 BGP unicast troubleshooting

R2 R3 R4 R5 R7 R6 have been preconfigured to belong to AS9.

R1 R8 R9 R10 have been preconfigured to belong to AS1009.

R2 act as the route reflector for IBGP IPV6 unicast within AS9. An iBGP IPv6 session should

not be established between R3 R4 R5 R6 R7.

R1 act as route reflector for iBGP IPv6 unicast within AS1009. An IBGP IPV6 session should

not establish between R6 R9 R10.

There are some problems in BGP IPV6 unicast find out and fix them.

Configuration for ASN 9

ROUTE REFLECTOR R2 ROUTE REFLECTOR Client R3, R4, R5, R6, R7

ON R2: router bgp 9 address-family ipv6 unicast network 2002:9:9::2/128 ! ! neighbor 2002:9:9::3 remote-as 9 update-source Loopback0 address-family ipv6 unicast route-reflector-client ! ! neighbor 2002:9:9::4 remote-as 9 update-source Loopback0 address-family ipv6 unicast route-reflector-client ! !

ON R3: router bgp 9 address-family ipv6 unicast network 2002:9:9::3/128 ! ! neighbor 2002:9:9::2 remote-as 9 update-source Loopback0 address-family ipv6 unicast !

ON R4: router bgp 9 address-family ipv6 unicast network 2002:9:9::4/128 ! ! neighbor 2002:9:9::2

R1 RR For

BGP AF

IPv6 R3

R4

R5

R6R7R8

R10

R9

VLAN

18

VLAN

109

VLAN

101

VLAN

89

VLAN

47

VLAN

23

VLAN

27

VLAN

34

VLAN

46

VLAN

35

VLAN

56

ASN

1009ASN 9

POS

R2 RR For

BGP AF

IPv6

neighbor 2002:9:9::5 remote-as 9 update-source Loopback0 address-family ipv6 unicast route-reflector-client ! neighbor 2002:9:9::6 remote-as 9 update-source Loopback0 address-family ipv6 unicast route-reflector-client ! neighbor 2002:9:9::7 remote-as 9 update-source Loopback0 address-family ipv6 unicast route-reflector-client !

remote-as 9 update-source Loopback0 address-family ipv6 unicast !

ON R5: router bgp 9 neighbor 2002:9:9::2 remote-as 9 neighbor 2002:9:9::2 update-source Loopback0 address-family ipv6 no synchronization network 2002:9:9::5/128 neighbor 2002:9:9::2 activate neighbor 2002:9:9::2 send-community exit-address-family



Configuration for ASN 1009

ROUTE REFLECTOR R1 ROUTE REFLECTOR Client R8, R9, R10

ON R1: router bgp 1009 address-family ipv6 unicast network 2002:9:9::1/128 ! ! neighbor 2002:9:9::8 remote-as 1009 update-source Loopback0 address-family ipv6 unicast route-reflector-client ! ! neighbor 2002:9:9::9 remote-as 1009 update-source Loopback0 address-family ipv6 unicast route-reflector-client ! ! neighbor 2002:9:9::10 remote-as 1009 update-source Loopback0 address-family ipv6 unicast route-reflector-client ! !

ON R8: router bgp 1009 neighbor 2002:9:9::1 remote-as 1009 neighbor 2002:9:9::1 update-source Loopback0 ! address-family ipv6 no synchronization network 2002:9:9::8/128 neighbor 2002:9:9::1 activate neighbor 2002:9:9::1 send-community both exit-address-family !

ON R9: router bgp 1009 neighbor 2002:9:9::1 remote-as 1009 neighbor 2002:9:9::1 update-source Loopback0 ! address-family ipv6 no synchronization network 2002:9:9::9/128 neighbor 2002:9:9::1 activate neighbor 2002:9:9::1 send-community both exit-address-family !

ON R10: router bgp 1009 neighbor 2002:9:9::1 remote-as 1009 neighbor 2002:9:9::1 update-source Loopback0 ! address-family ipv6

no synchronization network 2002:9:9::10/128 neighbor 2002:9:9::1 activate neighbor 2002:9:9::1 send-community both exit-address-family !

1.9 (a): E-BGP IPv4 Peerings

Configure a E-BGP IPv4 unicast session between R1 and R2


Loopback 0 for all the Routers should be visible in both AS 9 and AS1009, no other routes

are allowed to be redistributed between AS9 and AS1009.

Point to point connected subnets between R1 and R2 / R7 & R8 are NOT ALLOWED to be

advertised/redistribute in the respective IGPs

R2 IOS-XR R1 IOS-XR router static address-family ipv4 unicast 9.9.12.1/32 POS0/7/0/0 ! route-policy pass pass end-policy ! router bgp 9 neighbor 9.9.12.1 remote-as 1009 address-family ipv4 unicast route-policy pass in route-policy pass out commit ---------------------------------------------------- router bgp 1009 ! neighbor 9.9.0.3 address-family ipv4 unicast next-hop-self ! neighbor 9.9.0.4 address-family ipv4 unicast next-hop-self ! neighbor 9.9.0.5 address-family ipv4 unicast next-hop-self ! neighbor 9.9.0.6 address-family ipv4 unicast next-hop-self ! neighbor 9.9.0.7 address-family ipv4 unicast next-hop-self

router static address-family ipv4 unicast 9.9.12.2/32 POS0/7/0/0 ! route-policy pass pass end-policy ! router bgp 1009 neighbor 9.9.12.2 remote-as 9 address-family ipv4 unicast route-policy pass in route-policy pass out commit ---------------------------------------------------- router bgp 1009 ! neighbor 9.9.0.8 address-family ipv4 unicast next-hop-self ! neighbor 9.9.0.9 address-family ipv4 unicast next-hop-self ! neighbor 9.9.0.10 address-family ipv4 unicast next-hop-self

!

R7-IOS R8-IOS router bgp 9 neighbor 9.9.78.8 remote-as 1009 address-family ipv4 unicast neighbor 9.9.78.8 activate neighbor 9.9.78.8 send-community both ------------------------------------------------------------ router bgp 9 address-family ipv4 unicast neighbor 9.9.0.2 next-hop-self neighbor 9.9.0.3 next-hop-self neighbor 9.9.0.4 next-hop-self neighbor 9.9.0.5 next-hop-self neighbor 9.9.0.6 next-hop-self

router bgp 1009 neighbor 9.9.78.7 remote-as 9 address-family ipv4 unicast neighbor 9.9.78.7 activate neighbor 9.9.78.7 send-community both ------------------------------------------------------------ router bgp 9 address-family ipv4 unicast neighbor 9.9.0.1 next-hop-self neighbor 9.9.0.9 next-hop-self neighbor 9.9.0.10 next-hop-self

1.9 (b): BGP IPV4 Unicast Path selection

Configure R7 to ensure that ipv4 traffic from AS9 destined to AS1009 chooses R7 as primary

exit point and R2 as backup exit point.

Configure R8 to ensure that ipv4 traffic from AS1009 destined to AS9 chooses R8 as primary

exit point and R1 as backup exit point.

R7-IOS R8-IOS !

route-map LP permit 10

set local-preference 200

!

router bgp 9 address-family ipv4 unicast neighbor 9.9.78.8 route-map LP in

!

route-map LP permit 10

set local-preference 200

!

router bgp 1009 address-family ipv4 unicast neighbor 9.9.78.7 route-map LP in

1.9 (c): E-BGP IPv6 Peering


Lo0 for all the Routers should be visible in both AS 9 and AS1009, no other routes are

allowed to be redistributed between AS9 and AS1009. Point to point connected subnets

between R1 & R2 are NOT ALLOWED to be advertised/redistribute in the respective IGPs

R2 IOS-XR R1 IOS-XR route-policy pass pass end-policy ! router bgp 9 neighbor 2002:9:9:12::1 remote-as 1009 address-family ipv6 unicast route-policy pass in route-policy pass out commit ---------------------------------------------------- router bgp 9 ! neighbor 2002:9:9::3 address-family ipv6 unicast next-hop-self ! neighbor 2002:9:9::4 address-family ipv6 unicast next-hop-self ! neighbor 2002:9:9::5 address-family ipv6 unicast next-hop-self ! neighbor 2002:9:9::6 address-family ipv6 unicast next-hop-self ! neighbor 2002:9:9::7 address-family ipv6 unicast next-hop-self !

route-policy pass pass end-policy ! router bgp 1009 neighbor 2002:9:9:12::2 remote-as 9 address-family ipv6 unicast route-policy pass in route-policy pass out commit ---------------------------------------------------- router bgp 9 ! neighbor 2002:9:9::8 address-family ipv6 unicast next-hop-self ! neighbor 2002:9:9::9 address-family ipv6 unicast next-hop-self ! neighbor 2002:9:9::10 address-family ipv6 unicast next-hop-self !

Aliases b4 - b6

Show ip route bgp - Show ipv6 route bgp

Use TCL Script

1.10: MPLS LDP troubleshooting

MPLS is configured in AS9 & AS1009 on the interconnect interfaces there are some faults in

this find out and fix them. (Table will be given in the LAB)

Rx-IOS (R5-R10) Rx-IOS XR (R1-R4) mpls ldp router-id loopback 0 interface X/X mpls ip

mpls ip router-id yy.yy.0.x interface X/X interface X/X

EXAMPLE:

On R7:

int FastEthernet0/0.27

mpls ip

On R6:

mpls ldp router-id lo0 force

on R9:

R9-R10 link on side is configured with password , other is not

mpls ldp neighbor 9.9.0.10 password cisco. same fault is coming between R1

and R8 , where R1 is a IOS-XR router

R1-IOS-XR

!

mpls ldp

neighbor 9.9.0.8 password cisco

!

!

VERFICATION COMMANDS: show mpls ldp neighbor ln show mpls ldp discovery ld show mpls interfaces show run | sec mpls

1.11: MPLS traffic engineering:

Set up MPLS traffic engineering tunnel between R6 & R2.

Configure R2 R3 R4 R5 R6 R7 to support MPLS traffic engineering.

Set up MPLS TE tunnel 62 on R6 to reach R2 via R4 R3 R2.

Set up MPLS TE tunnel 26 on R2 to reach R6 via R3 R4 R6.

Ensure that traffic from R6 to the R2 loopback 2 interface chooses tunnel 62.

Ensure that traffic from R2 to the R8 loopback 2 interface chooses tunnel 26.

you are permitted to define static route on R6 and R2 to accomplish this task.

Configure R2 R3 R4 R5 R6 R7 to support a maximum 20 MB reservation on each sub

interface. Set up MPLS TE tunnel 62 with a bandwidth 6MB and MPLS Tunnel 26 with

bandwidth 2 MB.

STEP 1

STEP 2

On IOS R5, R6, R7 ON XR R2,R3,R4

R5: int FastEthernet0/0.35 mpls traffic-eng tunnels ip rsvp bandwidth 20000 int FastEthernet0/0.56 mpls traffic-eng tunnels ip rsvp bandwidth 20000



R2: mpls traffic-eng int GigabitEthernet0/4/0/0.23 int GigabitEthernet0/4/0/0.27 rsvp int GigabitEthernet0/4/0/0.23 bandwidth 20M int GigabitEthernet0/4/0/0.27 bandwidth 20M

R3: mpls traffic-eng int GigabitEthernet0/7/0/0.23 int GigabitEthernet0/7/0/0.34 int GigabitEthernet0/7/0/0.35 rsvp int GigabitEthernet0/7/0/0.23 bandwidth 20M int GigabitEthernet0/7/0/0.34 bandwidth 20M int GigabitEthernet0/7/0/0.35 bandwidth 20M

R4: mpls traffic-eng interface GigabitEthernet0/9/0/0.34 interface GigabitEthernet0/9/0/0.46 interface GigabitEthernet0/9/0/0.47 rsvp interface GigabitEthernet0/0.34 bandwidth 20M

On IOS R5, R6, R7 ON XR R2,R3,R4 mpls traffic-eng tunnels

router ospf 9

mpls traffic-eng router-id loopback 0

mpls traffic-eng area 0

mpls traffic-eng multicast-intact

router ospf 9

mpls traffic-eng router-id loopback 0

mpls traffic-eng multicast-intact

area 0

mpls traffic-eng

interface GigabitEthernet0/0.46 bandwidth 20M interface GigabitEthernet0/0.47 bandwidth 20M

STEP 3

TUNNEL 62 IOS R6-R4-R3-R2 TUNNEL-26 IOS-XR R2-R3-R5-R6

ip explicit-path name 62 enable

index 10 next-address 9.9.46.4



interface Tunnel62

ip unnumbered Loopback0

tunnel mode mpls traffic-eng

tunnel destination 9.9.0.2

tunnel mpls traffic-eng bandwidth 6000

tunnel mpls traffic-eng path-option 1 explicit

name 62

ip route 9.9.0.22 255.255.255.255 Tunnel62

explicit-path name 26

index 10 n s i u 9.9.23.3

index 20 n s i u 9.9.35.5

index 30 n s i u 9.9.56.6

int tunnel-te 26

ipv4 unnumbered loopback 0

destination 9.9.0.6

signalled-bandwidth 2000

path-option 1 explicit name 26

router static


9.9.0.66/32 tunnel-te 26

Verification Show run mpls

show run rsvp

show run mpls traffic-eng

show mpls traffic-eng tunnels

1.12: MPLS TE link protection:

Set up an MPLS traffic engineering tunnel between R6 and R7.

Set up MPLS TE tunnel 67 to reach R7. use dynamic path option.

The TE tunnel 67 will transverse the link of Vlan XX (to be confirmed) between R4-R7.

Setup a backup MPLS TE tunnel 47 on R4 to protect the link of Vlan XX the backup tunnel

originates from R4 through R3 and end at R7.

if R4 detect any failure of the link, TE tunnel 67 should switch to this backup tunnel

immediately.

ON R6 - Tunnel 67: interface Tunnel67

ip unnumbered Loopback0

tunnel mode mpls traffic-eng

tunnel destination 9.9.0.7

tunnel mpls traffic-eng path-option 1 dynamic

tunnel mpls traffic-eng autoroute announce

tunnel mpls traffic-eng fast-reroute

end

On R4 - Tunnel 47: explicit-path name 47

index 10 n s i u 9.9.34.3

index 20 n s i u 9.9.23.2

index 30 n s i u 9.9.27.7

interface tunnel-te 47

ipv4 unnumbered loopback 0

destination 9.9.0.7

path-option 1 name 47

mpls traffic-eng


backup-path tunnel-te 47

NOTE: After you shutdown R4-R7 interface on to test the backup tunnel , traffic will pass through backup tunnel only for few seconds. When you do a no-shut , tunnel 67 path will be through R5 , for tunnel to take

direct path through R4 , you need to give following command on R6 or bounce the interface connecting R5

R6#mpls traffic-eng reoptimize

Verification R4#show mpls traffic-eng tunnels backup

1.13 (a): IPV4 PIM-SM troubleshooting:

IPV4 multicast and PIM sparse mode have been configured in the services provider network

AS9 and AS1009 . All the Core Interfaces have ip pim sparse mode configured.

Table will be given in the lab. No Other Interface should have PIM enabled.

STEPs to solve this question

1) IP multicast-routing

2) Use Pi and Pn aliases

ON IOS-XR R1,R2,R3,R4 ON IOS R5,R6,R7,R8,R9,R10 multicast-routing address-family ipv4 interface loopback0 enable interface GigX/X.Z Enable --------------------------- router igmp interface loopback 0 join-group 239.255.0.X --------------------------- router pim address-family ipv4 interface loopback0 enable interface GigX/X.Z enable

ip multicast-routing interface X/X ip pim sparse-mode --------------------------- interface loopback 0 ip igmp join-group 239.255.0.X

EXAMPLE 1:

On R6:

conf t

no ip pim rp-address 9.9.0.6

OR

R6 is configured for PIM BSR RP-CANDIDATE

conf t

no ip pim rp-candidate lo0

R7:

interface fast0/0.27

ip pim sparse-mode

interface fast0/0.47

ip pim sparse-mode

R5,R6

ip pim sparse-mode is also configured on the serial interfaces going

towards R21 and R22 respectively .need to remove it as it

interface serial 0/x

no ip pim sparse-mode

ON R2 pim is enabled for loopback2 , need to remove it from router pim and

multicast routing.

!

multicast-routing

address-family ipv4

no interface Loopback2

!

router igmp


!

router pim

address-family ipv4


!

Verification on IOS

1) Show ip pim rp mapping

2) Pi - Pn

3) Show run | include igmp and show run int loopback 0

Verification on IOS-XR

1) Show pim rpf

2) Pi - Pn

3) Show run | include igmp and show run int loopback 0

4) Show run multicast-routing

5) Show run router pim

6) Show run router igmp

1.13 (b): PIM SM RP

Configure PIM-SM RP in the service provider network AS9 and AS1009 as follows:

R2 R3 R4 R5 R7 R6 are in the same multicast domain and use the R7 loopback0 ipv4 address

as the RP.

Use the BSR method to distribute the RP within AS9.

R1 R8 R9 R10 are in the same multicast domain and use the R8 loopback 0 ipv4 address as

the RP within AS1009.

RP information should not leak between the two domain AS9 and AS1009.

Multicast group address have been configured as shown in table.

Ensure that routers within AS 9 can ping the group address within AS9.

Ensure that router within AS1009 can ping the group address within AS 1009.

R7: R8: int Serial2/1

ip pim bsr-border

ip pim sparse-mode

access-list 55 permit 239.255.0.0 0.0.255.255

ip pim bsr-candidate loopback 0

ip pim rp-candidate loopback 0 group-list 55

int Serial2/1

ip pim bsr-border

ip pim sparse-mode

access-list 55 permit 239.255.0.0 0.0.255.255

ip pim bsr-candidate loopback 0

ip pim rp-candidate loopback 0 group-list 55

USE TCL SCRIPT on R2-R7 to ping 239.255.0.2-239.255.0.7

USE TCL SCRIPT on R1,R8-10 to ping 239.255.0.1, 239.255.0.8-10

1.13 (c): IPV4 MSDP

Configure MSDP between AS9 and AS1009 as follows:

Configure MSDP on R7 and R8. Use R7 and R8 Loopback 0 interface IPV4 address to

establish MSDP peer.

The RPs (R7 and R8) should inform each when multicast sources become active in their

autonomous systems. Ensure that the routes in AS 9 can ping multicast group in AS 1009

using the sources of loopback 0. Ensure that the routers in AS 1009 can ping multicast group

address in AS9 using the sources of loopback 0.

R7: R8:

ip msdp peer 9.9.0.8 connect-source lo 0

remote-as 1009

ip msdp peer 9.9.0.7 connect-source lo 0

remote-as 9

USE TCL SCRIPT on R1-R10 to ping 239.255.0.1-239.255.0.10

1.13 (c): IPV4 MSDP

Configure BFD between R5 and R6.

On R5: On R6: int Fa0/0.56 ip ospf bfd bfd interval 100 min_rx 100 multiplier 3

int Fa0/0.56 ip ospf bfd bfd interval 100 min_rx 100 multiplier 3

Verification: show bfd neighbor

** NOTE : DONT TEST ON DYNAMIPS, ROUTERS MIGHT CRASH , it will work on if you are

practicing on IOU/Gigavelociy Rack-Rental and offcource in actual lab ;)

Section 2: Implement Optimize and Troubleshooting

Access/Edge Connection technologies.

There is ONE serial link between R9 and R20 , you need to configure R20 for ISIS-Level 1 for

both IPv4 and IPv6 unicast-routing.

R1

R8

R10

R9

R20

VLAN

18

VLAN

109

VLAN

101

VLAN

89

ASN

1009

PPPLEVEL-1 Only

CAN BE ISIS

LEVEL-1-2 OR

ISIS LEVEL-2 only

NOTE: In Lab1 there was a similar question between R10 and R20 with TWO Serial Links,

we were asked to make a Multilink and run ISIS for IPv4 as Level 2.

R20 R9 router isis is-type level-1 net 47.0109.0000.0000.0120.00 metric-style wide address-family ipv6 multi-topology exit-address-family interface Loopback0 ip address 9.9.0.20 255.255.255.255 ip router isis ipv6 address 2002:9:9::20/128 ipv6 router isis ! interface Serial0/2 ip address 9.9.209.20 255.255.255.0 encapsulation ppp clock rate 2000000 ip router isis ipv6 address 2002:9:9::20/128 ipv6 router isis !

interface Serial2/0 description * CONNECTED TO R20 Ser0/2 * ip address 9.9.209.9 255.255.255.0 ip router isis encapsulation ppp ipv6 address 2002:9:9:209::9/64 ipv6 router isis serial restart-delay 0 isis circuit-type level-1 !

Section 3: Implement, Optimize and troubleshoot

L3VPN Technologies.

Virtual routing and forwarding instances (VRFs) on R1 R2, R3 , R4, R5, R6, R9 R10, R11, R12,

R13, R14 have been configured as follows:

VRF ABC site 1 users the VRF name ABC with route distinguisher 9:9 and import / export 9:9

for ipv4 and IPV6 address-family.

VRF ABC site 2 users the VRF name ABC with route distinguisher 9:9 and import / export 9:9

for ipv4 and IPV6 address-family.

VRF ABC site 3 users the VRF name ABC with route distinguisher 1009:9 and import / export

1009:9 for ipv4 and IPV6 address-family.

VRF XYZ site 1 and site 2 use the VRF name XYZ with RD 109:109 and import and export

route target 109:109 for IPV4 address family.

VRF XYZ site 3 use the vrf name XYZ with RD 1109:1109 and import and export route target

1109:1109 for ipv4 address-family.

NOTE: In the lab on some routers they are importing wrong RTs ,

since for Inter-AS IPv4 and IPv6 VPNs requirements we have to

import other AS RTs , so we will do it now and will also

quickly check if export Rts are correct .

Also, there is no VRF ABC on R7 and R8. You will not create VRF on R7 and R8. Plus, you dont

need to advertise loopback 1 under address-family ipv4 unicast vrf ABC.

The send-community both doesnt matter in case of ipv4 and ipv6 address-family but it

will matter in case of vpnv4 and vpnv6

Verification

show run | sec vrf

IOS R1 IOS-XR R2,R3,R4 vrf ABC address-family ipv4 unicast import route-target 1009:9 ! export route-target 1009:9 ! ! address-family ipv6 unicast import route-target 1009:9 ! export route-target 1009:9 ! ! ------------------------------------------------------- router bgp 1009 vrf ABC rd 1009:9 address-family ipv4 unicast network 172.9.0.1/32 ! address-family ipv6 unicast network 2002:172:9::1/128 !

vrf ABC address-family ipv4 unicast import route-target 9:9 ! export route-target 9:9 ! ! address-family ipv6 unicast import route-target 9:9 ! export route-target 9:9 ! ! ------------------------------------------------------- router bgp 9 vrf ABC rd 9:9 address-family ipv4 unicast network 172.9.0.X/32 ! address-family ipv6 unicast network 2002:172:9::X/128 !

IOS R9,R10 IOS R5,R6 On R9: vrf definition ABC rd 1009:9 ! address-family ipv4 route-target export 1009:9 route-target import 1009:9 exit-address-family !

On R10: vrf definition ABC rd 1009:9 ! address-family ipv4 route-target export 1009:9 route-target import 1009:9 exit-address-family ! address-family ipv6 route-target export 1009:9 route-target import 1009:9 exit-address-family !

On R5: vrf definition ABC rd 9:9 ! address-family ipv4 route-target export 9:9 route-target import 9:9 exit-address-family !

On R10: vrf definition ABC rd 9:9 ! address-family ipv4 route-target export 9:9 route-target import 9:9 exit-address-family ! address-family ipv6 route-target export 9:9 route-target import 9:9 exit-address-family !

3.1: IBGP VPNV4 Troubleshooting

R2 R3 R4 R5 R6 R7 have been configured IBGP vpnv4 within AS9.

R1 R8 R9 R10 have been configured IBGP vpnv4 within AS1009.

R7 acts as a route reflector for iBGP vpnv4 unicast within AS9. An IBGP VPNV4 session

should not be established between R3 R4 R5 R6 R2.

R8 acts as a route reflector for iBGP vpnv4 unicast within AS9. An IBGP VPNV4 session

should not be established between R1 R10 R9.

The interface Loopback 0 IP address is used to established BGP VPNV4 sessions.

The interface Loopback 1 network is put into VRF ABC IPV4 unicast address family.

There are some fault in the scenario find out and fix them.

R7 Route Reflector R8 Route Reflector router bgp 9 address-family vpnv4 neighbor 9.9.0.2 activate neighbor 9.9.0.2 send-community both neighbor 9.9.0.2 route-reflector-client neighbor 9.9.0.2 next-hop-self neighbor 9.9.0.3 activate neighbor 9.9.0.3 send-community both neighbor 9.9.0.3 route-reflector-client neighbor 9.9.0.3 next-hop-self neighbor 9.9.0.4 activate neighbor 9.9.0.4 send-community both neighbor 9.9.0.4 route-reflector-client neighbor 9.9.0.4 next-hop-self neighbor 9.9.0.5 activate

router bgp 1009 address-family vpnv4 neighbor 9.9.0.1 activate neighbor 9.9.0.1 send-community both neighbor 9.9.0.1 route-reflector-client neighbor 9.9.0.1 next-hop-self neighbor 9.9.0.9 activate neighbor 9.9.0.9 send-community both neighbor 9.9.0.9 route-reflector-client neighbor 9.9.0.9 next-hop-self neighbor 9.9.0.10 activate neighbor 9.9.0.10 send-community both neighbor 9.9.0.10 route-reflector-client neighbor 9.9.0.10 next-hop-self

R1 R3

R4

R5

R6R7R8

R10

R9

VLAN

18

VLAN

109

VLAN

101

VLAN

89

VLAN

47

VLAN

23

VLAN

27

VLAN

34

VLAN

46

VLAN

35

VLAN

56

ASN

1009

ASN 9

PPP

POS

R2

RR FOR IBGP

VPNV4

RR FOR IBGP

VPNV4

neighbor 9.9.0.5 send-community both neighbor 9.9.0.5 route-reflector-client neighbor 9.9.0.5 next-hop-self neighbor 9.9.0.6 activate neighbor 9.9.0.6 send-community both neighbor 9.9.0.6 route-reflector-client neighbor 9.9.0.6 next-hop-self ------------------------------------------------------ router bgp 9 neighbor 9.9.78.8 remote-as 1009 address-family vpnv4 unicast neighbor 9.9.78.8 activate neighbor 9.9.78.8 send-community both exit-address-family !

------------------------------------------------------ router bgp 1009 neighbor 9.9.78.7 remote-as 9 address-family vpnv4 unicast neighbor 9.9.78.7 activate neighbor 9.9.78.7 send-community both exit-address-family !

R2,R3,R4 IOS-XR (RR Client) R1 IOS-XR (RR Client) Router bgp 9 Neighbor 9.9.0.7 Remote-as 9 Update-source loopback 0 Address-family vpnv4 unicast

Router bgp 1009 Neighbor 9.9.0.8 Remote-as 1009 Update-source loopback 0 Address-family vpnv4 unicast

R5,R6 IOS (RR Client) R9,R10 IOS (RR Client) router bgp 9 address-family vpnv4 unicast neighbor 9.9.0.7 activate neighbor 9.9.0.7 send-community both exit-address-family

router bgp 1009 address-family vpnv4 unicast neighbor 9.9.0.8 activate neighbor 9.9.0.8 send-community both exit-address-family

3.2: IBGP VPNV6 Troubleshooting

R2 R3 R6 have been configured IBGP vpnv6 within AS9. R1 R10 have been configured IBGP

vpnv6 within AS1009.

R2 establishes a direct iBGP VPNv6 session with R3 and R6. R2 acts as a route reflector for

iBGP VPNV6 information in AS9. An IBGP VPNV6 session should not be established between

R3 & R6.

R1 establishes a direct iBGP VPNv6 session with R10 ONLY. R1 acts as a route reflector for

iBGP VPNV6 information in AS1009.

The interface Loopback 0 IP address is used to establish iBGP IPV6 session.

The interface Loopback 1 network is put into VRF ABC IPV6 unicast address family.

There are some fault in the scenario find out and fix them.

R1 IOS-XR (Route Reflector) R2 IOS-XR (Route Reflector) router bgp 1009 neighbor 9.9.0.10 remote-as 1009 update-source loopback 0 address-family vpnv6 unicast route-reflector-client next-hop-self ------------------------------------------------ route-policy pass pass end commit

router bgp 1009 neighbor 9.9.12.2 remote-as 9 address-family vpnv6 unicast route-policy pass in route-policy pass out commit

router bgp 9 neighbor 9.9.0.3 remote-as 9 update-source loopback 0 address-family vpnv6 unicast route-reflector-client next-hop-self neighbor 9.9.0.6 remote-as 9 update-source loopback 0 address-family vpnv6 unicast route-reflector-client next-hop-self ------------------------------------------------ route-policy pass pass end commit

router bgp 9 neighbor 9.9.12.1 remote-as 1009 address-family vpnv6 unicast route-policy pass in route-policy pass out commit

R1 R3

R4

R5

R6R7R8

R10

R9

VLAN

18

VLAN

109

VLAN

101

VLAN

89

VLAN

47

VLAN

23

VLAN

27

VLAN

34

VLAN

46

VLAN

35

VLAN

56

ASN

1009ASN 9

PPP

POS

R2

RR FOR

IBGP

VPNV6

RR

FOR

IBGP

VPNV6

R10 IOS (RR Client) R3,R6 IOS (RR Client) router bgp 1009 address-family vpnv6 unicast neighbor 9.9.0.1 activate neighbor 9.9.0.1 send-community both exit-address-family

router bgp 9 address-family vpnv6 unicast neighbor 9.9.0.2 activate neighbor 9.9.0.2 send-community both exit-address-family

3.3 Intra AS VPNV4

The ABC company at Site 1 used BGP IPV4 to connect to the service provider router R4 & R6.

R13 R14 locate in AS109.

Establish BGP IPV4 unicast session between R4 and R13.

Establish BGP IPV4 unicast session between R6 & R14.

Configure OSPF on R13 and R14 on the interface that are shown in the table.

Interface that are not listed in the table are not permitted to enable OSPF.

Router Interface Area

R13 Loopback 0 0

Ethe 1/1 0

R14 Loopback 0 0

Ethe 1/1 0

R4

R6

R13 R14

VLAN

46

VLAN

134

VLAN

146

VLAN

1314

ABC SITE 1

OSPF 109

A0

BGP AS 9

BGP AS 109

eBGPV4eBGPV4

R13 Customer Edge R14 Customer Edge router ospf 109 router-id 172.9.0.13 network 172.9.0.13 0.0.0.0 area 0 network 172.9.134.13 0.0.0.0 area 0 redistribute bgp 109 subnets router bgp 109 no bgp default ipv4-unicast neighbor 172.9.34.4 remote-as 9 address-family ipv4 neighbor 172.9.34.4 activate neighbor 172.9.34.4 send-community both neighbor 172.9.34.4 send-label redistribute ospf 109 exit-address-family !

router ospf 109 router-id 172.9.0.14 network 172.9.0.14 0.0.0.0 area 0 network 172.9.134.14 0.0.0.0 area 0 redistribute bgp 109 subnets router bgp 109 no bgp default ipv4-unicast neighbor 172.9.146.6 remote-as 9 address-family ipv4 neighbor 172.9.146.6 activate neighbor 172.9.146.6 send-community both neighbor 172.9.146.6 send-label redistribute ospf 109 exit-address-family !

R4 Provider Edge R6 Provider Edge route-policy pass pass end-policy ! router static vrf ABC address-family ipv4 unicast 172.9.34.13/32 GigabitEthernet0/4/0/1.143 ! ! router bgp 9 vrf ABC address-family ipv4 unicast redistribute connected allocate-label all ! neighbor 172.9.34.13 remote-as 109 address-family ipv4 labeled-unicast route-policy pass in route-policy pass out as-override site-of-origin 109:1 ! !

router bgp 9 address-family ipv4 unicast vrf ABC neighbor 172.9.146.14 remote-as 109 neighbor 172.9.146.14 activate neighbor 172.9.146.14 send-community both neighbor 172.9.146.14 send-label neighbor 172.9.146.14 as-override neighbor 172.9.146.14 soo 109:1 redistribute connected exit-address-family !

The ABC Company Site 2 used BGP IPV4 and OSPF to connect to service provider routers R3-

R11 IPV4 BGP and R12 - R5 OSPF IPV4. R11 and R12 locate in AS109.


Configure OSPF on R5 , R12 and R11 on the interfaces that are shown in this table.

Interfaces that are not listed in the table are not permitted to enable the OSPF. Ensure that

the routers of ABC at site 1 and site 2 can ping each other via IPV4.

R3

R5

R11 R12

VLAN

35

VLAN

125

VLAN

113

VLAN

112

ABC SITE 2

OSPF 109

A0

BGP 9

BGP 109

eBGPv4


R5 Loopback 1 0

Ethe 1/0 0

R12 Loopback 0 0

Ethe 1/1 0

Ethe 1/0 0

R11 Loopback 0 0

Ethe 1/1 0

R11 Customer Edge R12 Customer Edge ! router ospf 109 log-adjacency-changes network 172.9.0.11 0.0.0.0 area 0 network 172.9.112.11 0.0.0.0 area 0 redistribute bgp 109 subnets tag 109 ! router bgp 109 no bgp default ipv4 neighbor 172.9.113.3 remote-as 9 address-family ipv4 unicast neighbor 172.9.113.3 activate neighbor 172.9.113.3 send-community both neighbor 172.9.113.3 send-label redistribute ospf 109

router ospf 109 router-id 172.9.0.12 network 172.9.0.12 0.0.0.0 a 0 network 172.9.112.12 0.0.0.0 a 0 network 172.9.125.12 0.0.0.0 a 0

R3 Provider Edge R5 Provider Edge route-policy pass

Pass

end

!

commit

-----------------------------------------------------------

router static

vrf ABC


172.9.113.11/32 GigabitEthernet0/7/0/0.143

-----------------------------------------------------------

!

router bgp 9

vrf ABC


redistribute connected

allocate-label all

!

neighbor 172.9.113.11

remote-as 109

address-family ipv4 labeled-unicast

route-policy PASS in

route-policy PASS out

as-override

!

route-map DENY deny 10

match tag 109

route-map DENY permit 20

---------------------------------------------------------

router ospf 109 vrf ABC

router-id 172.9.0.5

network 172.9.0.5 0.0.0.0 a 0

network 172.9.125.5 0.0.0.0 a 0

distribute-list route-map DENY in

redistribute bgp 9 subnets metric-type 1

router bgp 9

address-family ipv4 unicast vrf ABC

redistribute ospf 109 vrf ABC match internal

external 1 external 2

3.4 Intra AS VPNv6 The ABC company at Site 1 used BGP IPV6 to connect to the service provider router R4 & R6. R13

R14 locate in AS109.

Establish BGP IPV6 unicast session between R6 & R14.

Configure OSPFV3 on R13 and R14 on the interface that are shown in the table.

Interface that are not listed in the table are not permitted to enable OSPF.

R13 Customer Edge R14 Customer Edge

!

interface Loopback0

ipv6 ospf 109 area 0

!



!

ipv6 router ospf 109

interface Loopback0


!



!

ipv6 router ospf 109

redistribute bgp 109


!


R13 Loopback 0 0

Ethe 1/1 0

R14 Loopback 0 0

Ethe 1/1 0

R4

R6

R13 R14

VLAN

46

VLAN

134

VLAN

146

VLAN

1314

ABC SITE 1

OSPFV3 109

A0

BGP AS 9

BGP AS 109

eBGPV6

router bgp 109

neighbor 2002:172:9:146::6 remote-as 9

!


neighbor 2002:172:9:146::6 ac

neighbor 2002:172:9:146::6 send-community both

redistribute ospf 109 include-connected

!

R6 Provider Edge

router bgp 9



neighbor 2002:172:9:146::14 activate


neighbor 2002:172:9:146::14 as-override


The ABC Company Site 2 used BGP IPV6 and EIGRP to connect to service provider routers R3-R11

IPV6 BGP and R11 - R12 EIGRPV6.


Configure EIGRPV6 on R11 , R12 on the interfaces that are shown in this table.

Interfaces that are not listed in the table are not permitted to enable the EIGRP. Ensure that

the routers of ABC at site 1 and site 2 can ping each other via IPV6.


R12 Loopback 0 0

Ethe 1/1 0

R11 Loopback 0 0

Ethe 1/1 0

R3

R5

R11 R12

VLAN

35

VLAN

125

VLAN

113

VLAN

112

ABC SITE 2

EIGRP V6

BGP 9

BGP 109

eBGPv6

R11 Customer Edge R12 Customer Edge

!

interface loopback 0

ipv6 eigrp 100

!


ipv6 eigrp 100

!

ipv6 router eigrp 100


redistribute bgp 109 metric 1000 100 255 1 1500

no shut

!

!

router bgp 109





redistribute eigrp 100 include-connected

!

interface loopback 0

ipv6 eigrp 100

!


ipv6 eigrp 100

!

ipv6 router eigrp 100

no shut

!

R3 Provider Edge !

router bgp 9

vrf ABC



!

neighbor 2002:172:9:113::11

remote-as 109


route-policy PASS in

route-policy PASS out

as-override

!

3.5 Inter AS VPNv4

Configure R7 and R8 to establish eBGP VPNv4 sessions.

Other router in AS9 and AS 1009 should not exchange the EBGP VPNV4 information

between these two AS.

The ABC company at Site 3 uses EIGRP to connect to the service provider routers R9 R10.

Configure EIGRP on R9 R10 and R16 R15 on the interfaces that are shown in

the table.

Interfaces that are not listed in the table are not permitted to enable EIGRP.

Only the import route-target method can be used to control VPNV4 route distribution.

configure accordingly so that router of ABC at Site1, Site 2 and Site 3 can ping each via IPV4.

you are permitted to define a static route on R1 and R2.


R9 / R10 Loopback 1 100

Ethe 1/0 100

R16 Loopback 0 100

Ethe 1/0 100

Ethe 1/1 100

R15 Loopback 0 100

Ethe 1/0 100

Ethe 1/1 100

R10

R9

R16

R15

VLAN

109

VLAN

106

VLAN

159

VLAN

156

ABC SITE3

BG

P 1

009

BG

P 1

109

EIG

RP

100

R15 R16 router eigrp 100

no auto

network 172.9.0.15 0.0.0.0

network 172.9.156.15 0.0.0.0

network 172.9.105.15 0.0.0.0

router eigrp 100

no auto

network 172.9.0.16 0.0.0.0

network 172.9.196.16 0.0.0.0

network 172.9.156.16 0.0.0.0

R9 R10 route-map SOO permit 10

set extcommunity soo 1109:1

exit


ip vrf sitemap SOO

exit

router eigrp 100


no auto-summary

autonomous-system 100

network 172.9.0.9 0.0.0.0

network 172.9.196.9 0.0.0.0


default-metric 1000 100 255 1 1500

router bgp 1009


redistribute eigrp 100

route-map SOO permit 10

set extcommunity soo 1109:1

exit


ip vrf sitemap SOO

exit

router eigrp 100


no auto-summary

autonomous-system 100

network 172.9.0.10 0.0.0.0

network 172.9.105.10 0.0.0.0


default-metric 1000 100 255 1 1500

router bgp 1009


redistribute eigrp 100

3.6: Inter AS VPNV6

Configure R1 and R2 to establish e-BGP VPNv6 sessions.

Other router in AS9 and AS 1009 should not exchange the EBGP VPNV6 information

between these two AS.

The ABC company at Site 3 uses BGP to connect to the service provider routers R9 R10.

Router R16, R15 locate in AS1109

Establish BGP IPV6 unicast session between R15 R16.


Only the import route target method can be used to control VPNv6 route distribution.

Configure accordingly so that routers of ABC at site 1, 2 , 3 can ping each other via ipv6.

R15 R16 router bgp 1109

no bgp default ipv4-unicast









router bgp 1109

no bgp default ipv4-unicast






R10 Provider Edge router bgp 1009






3.7a: Carrier Supporting Carrier -1 VPN ABC site 1 and site 2 is one service provider carrier (AS109) that is distributed in two locations. it requests

support from AS 9 service provider carriers to provide MPLS VPNV4 services.

Configure R3 R4 R5 R6 R11 R12 R14 R13 so that AS 109 is able to deliver MPLS VPNV4 services.

The XYZ company at site 1 uses RIP version 2 to connect to the service provider router R13 and R14.

The XYZ company at site 2 uses RIP version 2 to connect to the service provider router R11 and R12.

3.7b: Carrier Supporting Carrier -2 The XYZ company at site 3 uses OSPF to connect to the service provider R15 and R16. Configure RIP v-2 on the

interfaces that are shown in this table.

Router Interface

R11 Loopback 1

Ethe 0/0

R12 Loopback 1

Ethe 0/0

R17 Loopback 1

Ethe 0/0

Ethe 0/1

R13 Loopback 1

Ethe 0/0

R14 Loopback 1

Ethe 0/0

R18 Loopback 1

Ethe 0/0

Ethe 0/1

Establish BGP VPNv4 unicast session between R13 , R12 and R13 to R16. Configure accordingly so that routers of XYZ at Site 1 and Site 2 can Ping each other via IPV4. you are permitted to define static route on R3 & R4 VRF ABC. First Enable MPLS Supports on interfaces which are in IGP.

R13: interface FastEthernet0/0.1314 mpls ip



R12: interface FastEthernet0/0.112 mpls ip interface FastEthernet0/0.125 mpls ip


R10: int FastEthernet0/0.106 mpls ip



NOTE: we have already done send-lables using BGP on R3-R11 , R4-R13

and R6-R14 legs in AS9

VPNv4 Peerings as per CSC requriments:

R13: R12: R16:

router bgp 109

neighbor 172.9.0.12 remote-as 109

neighbor 172.9.0.12 update-source lo 0



neighbor 172.9.0.16 ebgp-multihop 255

address-family vpnv4 unicast

neighbor 172.9.0.12 activate

neighbor 172.9.0.12 send-community both


neighbor 172.9.0.16 send-community both

neighbor 172.9.0.16 next-hop-unchanged

router bgp 109



address-family vpnv4 unicast


neighbor 172.9.0.13 send-community

both

router bgp 1109


neighbor 172.9.0.13 ebgp-multihop 255

neighbor 172.9.0.13 update-source

Loopback0

address-family vpnv4


neighbor 172.9.0.13 send-community

both

neighbor 172.9.0.13 next-hop-

unchanged

exit-address-family

XYZ- SITE1

R13 R14 R18

router rip

version 2

no auto-summary

!

address-family ipv4 vrf XYZ

redistribute bgp 109 metric 2

network 192.9.0.0

network 192.9.138.0

no auto-summary

version 2

exit-address-family

!

!

router bgp 109


redistribute rip

exit-address-family

!

router rip

version 2

no auto-summary

!


network 192.9.0.0

network 192.9.148.0

no auto-summary

version 2

exit-address-family

!

!

router rip

version 2

network 192.9.0.0

network 192.9.138.0

network 192.9.148.0

no auto-summary

!

XYZ- SITE2

R11 R12 R17

router rip

version 2

no auto-summary

!


network 192.9.0.0

network 192.9.117.0

no auto-summary

version 2

exit-address-family

!

router rip

version 2

no auto-summary

!


redistribute bgp 109 metric 2

network 192.9.0.0

network 192.9.127.0

no auto-summary

version 2

exit-address-family

!

router bgp 109


redistribute rip

exit-address-family

!

router rip

version 2

network 192.9.0.0

network 192.9.117.0

network 192.9.127.0

no auto-summary

!

XYZ- SITE3:

R15 R16 R19

router ospf 1109 vrf XYZ

router-id 192.9.0.15

log-adjacency-changes

capability vrf-lite

network 192.9.0.15 0.0.0.0 a 0

network 192.9.159.15 0.0.0.0 a 0

!

router ospf 1109 vrf XYZ



redistribute bgp 1109 subnets

network 192.9.0.16 0.0.0.0 area 0

network 192.9.169.16 0.0.0.0 area 0

!

router bgp 1109


no synchronization

redistribute ospf 1109 vrf XYZ match in ex 1 ex 2

exit-address-family

!

!

router ospf 100



network 192.9.159.19 0.0.0.0 area 0

network 192.9.169.19 0.0.0.0 area 0

network 192.9.0.19 0.0.0.0 a 0

!

RTs IMPORT on PEs R13,R12 and R16

!

vrf definition XYZ

address-family ipv4

route-target import 1109:1109

route-target import 109:109

exit-address-family

!

3.8: Intra AS Multicast VPN

The router in VPN ABC site 1 and site 2 have been configured PIM SM on the interface show

in the table there are some fault find out and fix them. (Table of interconnect).

Statically define the IPV4 address of interface Loopback 0 on R11 as the RP.

Multicast group address have been configured on Loopback 0 of R11 R12 R13 R14.

Configure R3,R4,R5, R6 so that they support multicast VPN. USE 239.255.13.100 for VRF ABC

mdt default group address.

Establish that R11 R12 R13 R14 can ping each these group address

Question 3.8 Intra AS Multicast VPN

STEP 1: Enable Multicast routing and Configure Static RP

On R11-R14 [Client Routers] ip multicast-routing ip pim rp-address 172.9.0.13

On R5-R6 [Provider Edges]

ip multicast-routing vrf ABC

ip pim vrf ABC rp-address 172.9.0.13


router pim

vrf ABC

address-family ipv4

rp-address 172.9.0.13

STEP 2: Configure PIM on the appropriate interfaces.

On R11-R14 [Client Routers]

R11 R12

interface fas 0/0.112 ip pim sparse-mode interface fas 0/0.113 ip pim sparse-mode interface loopback 0 ip pim sparse-mode


R13 R14




R5 R6

interface fas 0/0.125 ip pim sparse-mode

interface fas 0/0.146 ip pim sparse-mode


R3 R4

multicast-routing vrf ABC address-family ipv4 interface loopback 1 enable interface GigabitEthernet0/1/0/1.113 enable router pim vrf ABC address-family ipv4 interface loopback 1 enable interface GigabitEthernet0/1/0/1.113 enable

multicast-routing vrf ABC address-family ipv4 interface loopback 1 enable interface GigabitEthernet0/4/0/1.134 enable router pim vrf ABC address-family ipv4 interface loopback 1 enable interface GigabitEthernet0/4/0/1.134 enable

STEP 3: Make sure that R11-R14s loopback 0 has properly joined the igmp-groups.

interface Loopback0 ip pim sparse-mode ip igmp join-group 239.255.172.X

STEP 4: Configure MDT Protocol to establish Tunnel on Provide Edges.


R5 R6

Vrf definition ABC address-family ipv4 bgp next-hop loopback 0 mdt default 239.255.13.100

Vrf definition ABC address-family ipv4 bgp next-hop loopback 0 mdt default 239.255.13.100


R3 R4

multicast-routing address-family ipv4 mdt source Loopback0 vrf ABC address-family ipv4 mdt default ipv4 239.255.13.100

multicast-routing address-family ipv4 mdt source Loopback0 vrf ABC address-family ipv4 mdt default ipv4 239.255.13.100

Section 4. Implement, Optimize and troubleshoot

L2VPN Technologies

4.1 HDLC over MPLS R22 and R23 would like to establish HDLC connection through AS 9.

Configure R7 and R6 to support HDLC over MPLS.

configure OSPF for IPV4 and IPV6 on the interfaces that are shown in this table.

Ensure that R22 and R23 have the OSPF IPV4 and IPV6 routes and can ping each other via

IPV4 and IPV6.

R22 R23

ipv6 unicast-routing

interface Loopback0

ip ospf 100 area 0


interface Serial0/2

ip ospf 100 area 0


ipv6 unicast-routing

interface Loopback0

ip ospf 100 area 0


interface Serial0/2

ip ospf 100 area 0



R22 Loopback 0 0

S 2/0 0

R23 Loopback 0 0

S 2/0 0

R7

!

interface Serial2/0

description *** CONNECTED TO R23

no ip address

serial restart-delay 0

xconnect 9.9.0.6 67 encapsulation mpls

end

R6

!

interface Serial2/0

description *** CONNECTED TO R23

no ip address


xconnect 9.9.0.7 67 encapsulation mpls

end

VERFICATION:

R6#show mpls l2transport vc 67

Local intf Local circuit Dest address VC ID Status

------------- -------------------------- --------------- ---------- ----------

Se2/0 HDLC 9.9.0.7 67 UP

R6#show xconnect all Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State

UP=Up DN=Down AD=Admin Down IA=Inactive

SB=Standby HS=Hot Standby RV=Recovering NH=No Hardware

XC ST Segment 1 S1 Segment 2 S2

------+---------------------------------+--+---------------------------------+--

UP ac Se2/0(HDLC) UP mpls 9.9.0.7:67 UP

R6#

R6#show mpls ldp neighbor .

Peer LDP Ident: 9.9.0.7:0; Local LDP Ident 9.9.0.6:0

TCP connection: 9.9.0.7.61322 - 9.9.0.6.646

State: Oper; Msgs sent/rcvd: 23/24; Downstream

Up time: 00:04:42

LDP discovery sources:

Targeted Hello 9.9.0.6 -> 9.9.0.7, active, passive

Addresses bound to peer LDP Ident:

9.9.27.7 9.9.47.7 9.9.0.7 9.9.78.7

R6#

R22#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

172.9.0.23 0 FULL/ - 00:00:38 172.9.223.23 Serial0/2

R22#show ipv6 ospf neighbor

Neighbor ID Pri State Dead Time Interface ID Interface

172.9.0.23 1 FULL/ - 00:00:31 8 Serial0/2

R22#

4.2 Frame Relay & PPP over L2TPV3 R21 and R24 connect to the service provider by FR and PPP respectively.

configure L2TPV3 on R5 and R10 to support FR and PPP using interworking IP. Configure

OSPF IPV4 on the interfaces that are show in this table.

Ensure that R21 and R24 have full IPV4 connectivity.

ON R5 R5#show frame-relay pvc //TO GET THE DLCI going towards R21

(512)

interface Serial2/0

description Connected to R21 Se0/2

no ip address

encapsulation frame-relay


!

!

pseudowire-class 2124

encapsulation l2tpv3

interworking ip

ip local interface Loopback0

!

connect 2124 Serial2/0 521 l2transport

xconnect 9.9.0.10 510 pw-class 2124

!

ON R21 R21#show frame-relay pvc //TO GET THE DLCI going towards R5

(215)

interface Serial0/2

description *** CONNECTED TO R5 VIA FR ***

ip address 172.9.214.21 255.255.255.0

encapsulation frame-relay

ip ospf network point-to-point

frame-relay map ip 172.9.214.24 215 broadcast

!

router ospf 1


network 172.9.0.21 0.0.0.0 area 0

network 172.9.214.21 0.0.0.0 area 0

ON R10 pseudowire-class 2124

encapsulation l2tpv3

interworking ip

ip local interface Loopback0

!

!

interface Serial2/0

description *** CONNECTED TO R24 ***

no ip address

encapsulation ppp


xconnect 9.9.0.5 510 pw-class 2124

end

ON R24 !

interface Serial0/2

description *** CONNECTED TO R10 Ser0/2 ****

ip address 172.9.214.24 255.255.255.0

encapsulation ppp

!

router ospf 1


network 172.9.0.24 0.0.0.0 area 0

network 172.9.214.24 0.0.0.0 area 0

!

Verification Commands R5# show connection

R10# show xconnect all

R24# show ip ospf neighbor


R21 Loopback 0 0

S 2/0 0

R24 Loopback 0 0

S 2/0 0

4.3: VPLS Define Vlan 123 on SW2 and SW3.

Configure R2 and R4 to support Vlan over VPLS. Ensure that Vlan 123 is bridged over VPLS.

Use Loopback 0 IPV4 address to establish neighbor.

Configure SW3 so that SW3 becomes the STP root for vlan 123.

VPLS is configured b/w R2 & R4.

R2

cdp

interface GigabitEthernet0/4/0/1

cdp

no shut

!

interface GigabitEthernet X/X.123

l2transport

commit

dot1q vlan 123

commit

!

l2vpn

bridge group BG_24

bridge-domain BD_24


!

vfi 24

neighbor 9.9.0.4 pw-id 24

!

!

!

!

!

commit

!

** CDP is not enabled by default on IOS-

XR , enable CDP to ensure which port on

the switch you are connected .

R4

cdp

interface GigabitEthernet0/4/0/1

cdp

no shut

!


l2transport

commit

dot1q vlan 123

commit

!

l2vpn

bridge group BG_24

bridge-domain BD_24


!

vfi 24

neighbor 9.9.0.2 pw-id 24

!

!

!

commit

!

** CDP is not enabled by default on IOS-XR

, enable CDP to ensure which port on the

switch you are connected .

SW-2 !

vlan 123

name VPLS

!

spanning-tree vlan 123

!

interface GigabitEthernet0/2

description connected to R2-IOSXR- Gi-0/4/0/1

port-type nni

switchport mode trunk

no shutdown

!

SW-3 !

vlan 123

name VPLS

!

spanning-tree vlan 123

spanning-tree vlan 123 root primary

interface GigabitEthernet0/4

description connected to R4-IOSXR- Gi-0/9/0/2

port-type nni

switchport mode trunk

no shutdown

!

Verification Commands:

SW-3# show spanning-tree vlan 123

Enable mpls oam on R2 and R4

!

mpls oam

commit

!

RP/0/3/CPU0:R2#show l2vpn bridge-domain

Fri Apr 13 14:03:48.853 UTC

Bridge group: BG_24, bridge-domain: BD_24, id: 0, state: up, ShgId: 0,

MSTi: 0

Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog

Filter MAC addresses: 0

ACs: 1 (0 up), VFIs: 1, PWs: 1 (1 up), PBBs: 0 (0 up)

List of ACs:

Gi0/4/0/1.123, state: unresolved, Static MAC addresses: 0

List of Access PWs:

List of VFIs:

VFI 24

Neighbor 9.9.0.4 pw-id 24, state: up, Static MAC addresses: 0

RP/0/3/CPU0:R2#

RP/0/3/CPU0:R2#ping mpls pseudowire 9.9.0.4 24

Fri Apr 13 14:04:41.181 UTC

Sending 5, 100-byte MPLS Echos to 9.9.0.4 VC: 24,

timeout is 2 seconds, send interval is 0 msec:

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,

'L' - labeled output interface, 'B' - unlabeled output interface,

'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,

'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label,

'P' - no rx intf label prot, 'p' - premature termination of LSP,

'R' - transit router, 'I' - unknown upstream index,

'X' - unknown return code, 'x' - return code 0

Type escape sequence to abort.

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 5/19/75 ms

RP/0/3/CPU0:R2#

Documents

CCIE SP Workbook.pdf