Topology:
Use configuration from L3VPN task #2 as initial configuration for this task.
Requirements:
1. Customer A.
1.1 Remove static routing configuration from the previous task.
1.2 Use ISIS as routing protocol on routers R6 & R7, and between Customer A and SP routers.
1.3 Configure ISIS protocol to only create Level-2 databases.
2. Customer B.
2.1 Remove OSPF routing configuration from the previous task.
2.2 Use BGP as routing protocol between Customer B and SP routers. Both customer routers should use AS #48. Each router should advertise it's /24 range into eBGP.
2.3 Customer routers should see the BGP route towards the other site with "correct" AS-PATH of "17 48 i".
1.1 Remove static routing configuration from the previous task.
1.2 Use ISIS as routing protocol on routers R6 & R7, and between Customer A and SP routers.
1.3 Configure ISIS protocol to only create Level-2 databases.
2. Customer B.
2.1 Remove OSPF routing configuration from the previous task.
2.2 Use BGP as routing protocol between Customer B and SP routers. Both customer routers should use AS #48. Each router should advertise it's /24 range into eBGP.
2.3 Customer routers should see the BGP route towards the other site with "correct" AS-PATH of "17 48 i".
Solution:
Highlight the text below to reveal the solution.
This task requires understanding of using ISIS and eBGP for CE-PE routing.
Requirement #1 - configure "is-type" of level-2 on routers R6, R7, R5 and R2 to only create Level-2 databases. Redistribute between ISIS and BGP on PE routers, note to redistribute the correct ISIS level routes.
Requirement #2 - The challenge in this task is that routers R4 and R8 are useing the same AS number. In order to keep the AS-PATH as required, configure "allowas-in" on eBGP session towards the PE router.
Note that IOS-XR has an additional loop prevention feature, which does not exist in IOS. Router R3 will not advertise the prefix 10.10.4.0/24 to R8, unless "as-path-loopcheck" is disable in the vrf configuration.
Also note that IOS-XR requires explicit configuration of inbound and outbound route-policy for eBGP peers, otherwise no prefixes will be advertised or accepted from neighbor.
!
interface Ethernet1/1
vrf forwarding CUST_A
ip address 17.0.27.2 255.255.255.0
ip router isis CUST_A
vrf CUST_A
net 49.0007.0000.0000.0002.00
is-type level-2-only
redistribute bgp 17
!
router bgp 17
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 17.0.1.1 remote-as 17
neighbor 17.0.1.1 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 17.0.1.1 activate
neighbor 17.0.1.1 send-community both
exit-address-family
!
address-family ipv4 vrf CUST_A
redistribute connected
redistribute isis CUST_A level-1-2
exit-address-family
!
address-family ipv4 vrf CUST_B
redistribute connected
neighbor 17.0.24.4 remote-as 48
neighbor 17.0.24.4 activate
exit-address-family
!
This task requires understanding of using ISIS and eBGP for CE-PE routing.
Requirement #1 - configure "is-type" of level-2 on routers R6, R7, R5 and R2 to only create Level-2 databases. Redistribute between ISIS and BGP on PE routers, note to redistribute the correct ISIS level routes.
Requirement #2 - The challenge in this task is that routers R4 and R8 are useing the same AS number. In order to keep the AS-PATH as required, configure "allowas-in" on eBGP session towards the PE router.
Note that IOS-XR has an additional loop prevention feature, which does not exist in IOS. Router R3 will not advertise the prefix 10.10.4.0/24 to R8, unless "as-path-loopcheck" is disable in the vrf configuration.
Also note that IOS-XR requires explicit configuration of inbound and outbound route-policy for eBGP peers, otherwise no prefixes will be advertised or accepted from neighbor.
R2:
!
interface Ethernet1/1
vrf forwarding CUST_A
ip address 17.0.27.2 255.255.255.0
ip router isis CUST_A
!
router isis CUST_Avrf CUST_A
net 49.0007.0000.0000.0002.00
is-type level-2-only
redistribute bgp 17
!
router bgp 17
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 17.0.1.1 remote-as 17
neighbor 17.0.1.1 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 17.0.1.1 activate
neighbor 17.0.1.1 send-community both
exit-address-family
!
address-family ipv4 vrf CUST_A
redistribute connected
redistribute isis CUST_A level-1-2
exit-address-family
!
address-family ipv4 vrf CUST_B
redistribute connected
neighbor 17.0.24.4 remote-as 48
neighbor 17.0.24.4 activate
exit-address-family
!
R3:
router bgp 17
address-family vpnv4 unicast
!
neighbor 17.0.1.1
remote-as 17
update-source Loopback0
address-family vpnv4 unicast
!
!
vrf CUST_B
rd 48:1
address-family ipv4 unicast
as-path-loopcheck out disable
redistribute connected
!
neighbor 17.0.38.8
remote-as 48
address-family ipv4 unicast
route-policy ANY in
route-policy ANY out
!
!
!
!
R4:
router bgp 48
address-family ipv4 unicast
network 10.10.4.0/24
!
neighbor 17.0.24.2
remote-as 17
address-family ipv4 unicast
route-policy ANY in
allowas-in 2
route-policy ANY out
!
!
!
R5:
!
interface Ethernet1/0
vrf forwarding CUST_A
ip address 17.0.56.5 255.255.255.0
ip router isis CUST_A
!
!
router isis CUST_A
vrf CUST_A
net 49.0006.0000.0000.0005.00
is-type level-2-only
redistribute bgp 17
!
router bgp 17
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 17.0.1.1 remote-as 17
neighbor 17.0.1.1 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 17.0.1.1 activate
neighbor 17.0.1.1 send-community both
exit-address-family
!
address-family ipv4 vrf CUST_A
redistribute connected
redistribute isis CUST_A level-1-2
exit-address-family
!
R6:
!
interface Loopback0
ip address 192.168.6.6 255.255.255.255
ip router isis CCIE
!
interface Ethernet0/0
ip address 17.0.56.6 255.255.255.0
ip router isis CCIE
!
router isis CCIE
net 49.0006.0000.0000.0006.00
is-type level-2-only
!
R7:
!
interface Loopback0
ip address 192.168.7.7 255.255.255.255
ip router isis CCIE
!
interface Ethernet0/0
ip address 17.0.27.7 255.255.255.0
ip router isis CCIE
!
router isis CCIE
net 49.0007.0000.0000.0007.00
is-type level-2-only
R8:
!
router bgp 48
bgp log-neighbor-changes
network 10.10.8.0 mask 255.255.255.0
neighbor 17.0.38.3 remote-as 17
neighbor 17.0.38.3 allowas-in 2
!
Verification:
Customer B:
RP/0/0/CPU0:R4#sho bgp
Wed Jan 6 22:03:31.296 UTC
BGP router identifier 10.10.4.4, local AS number 48
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0000000 RD version: 26
BGP main routing table version 26
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.10.4.0/24 0.0.0.0 0 32768 i
*> 10.10.8.0/24 17.0.24.2 0 17 48 i
*> 17.0.24.0/24 17.0.24.2 0 0 17 ?
*> 17.0.38.0/24 17.0.24.2 0 17 ?
Processed 4 prefixes, 4 paths
RP/0/0/CPU0:R4#sh route
Wed Jan 6 22:03:32.876 UTC
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
U - per-user static route, o - ODR, L - local, G - DAGR
A - access/subscriber, a - Application route, (!) - FRR Backup path
Gateway of last resort is not set
S 10.10.4.0/24 is directly connected, 16:56:46, Null0
L 10.10.4.4/32 is directly connected, 1d19h, Loopback0
B 10.10.8.0/24 [20/0] via 17.0.24.2, 16:46:35
C 17.0.24.0/24 is directly connected, 1d19h, GigabitEthernet0/0/0/0
L 17.0.24.4/32 is directly connected, 1d19h, GigabitEthernet0/0/0/0
B 17.0.38.0/24 [20/0] via 17.0.24.2, 16:46:35
RP/0/0/CPU0:R4#traceroute 10.10.8.8 source 10.10.4.4
Wed Jan 6 22:03:52.455 UTC
Type escape sequence to abort.
Tracing the route to 10.10.8.8
1 17.0.24.2 0 msec 0 msec 0 msec
2 17.0.13.3 [MPLS: Label 16007 Exp 0] 0 msec 0 msec 0 msec
3 17.0.38.8 0 msec 0 msec 0 msec
R8#show bgp
BGP table version is 15, local router ID is 10.10.8.8
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.10.4.0/24 17.0.38.3 0 17 48 i
*> 10.10.8.0/24 0.0.0.0 0 32768 i
*> 17.0.24.0/24 17.0.38.3 0 17 ?
r> 17.0.38.0/24 17.0.38.3 0 0 17 ?
Customer A:
R7#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
17.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 17.0.27.0/24 is directly connected, Ethernet0/0
L 17.0.27.7/32 is directly connected, Ethernet0/0
i L2 17.0.56.0/24 [115/10] via 17.0.27.2, 19:40:41, Ethernet0/0
192.168.6.0/32 is subnetted, 1 subnets
i L2 192.168.6.6 [115/10] via 17.0.27.2, 19:33:51, Ethernet0/0
192.168.7.0/32 is subnetted, 1 subnets
C 192.168.7.7 is directly connected, Loopback0
R7#trace
R7#traceroute 192.168.6.6 sou
R7#traceroute 192.168.6.6 source lo0
Type escape sequence to abort.
Tracing the route to 192.168.6.6
VRF info: (vrf in name/id, vrf out name/id)
1 17.0.27.2 5 msec 4 msec 5 msec
2 17.0.56.5 [MPLS: Label 22 Exp 0] 4 msec 5 msec 5 msec
3 17.0.56.6 5 msec 5 msec 5 msec
R7#show isis database
Tag CCIE:
IS-IS Level-2 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
R2.00-00 0x00000060 0xBF2F 1167 0/0/0
R2.01-00 0x0000005B 0xEF89 1139 0/0/0
R7.00-00 * 0x00000065 0x1EC5 884 0/0/0
R6#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
17.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
i L2 17.0.27.0/24 [115/10] via 17.0.56.5, 19:40:58, Ethernet0/0
C 17.0.56.0/24 is directly connected, Ethernet0/0
L 17.0.56.6/32 is directly connected, Ethernet0/0
192.168.6.0/32 is subnetted, 1 subnets
C 192.168.6.6 is directly connected, Loopback0
192.168.7.0/32 is subnetted, 1 subnets
i L2 192.168.7.7 [115/10] via 17.0.56.5, 19:40:58, Ethernet0/0