LTRARC-2002 Introduction to IOS-XR Lab Guide - Cisco Live

1 | P a g e

LTRARC-2002 Introduction to IOS XR Lab Guide

LTRARC-2002

Introduction to IOS-XR Lab Guide

Speakers:

Rajesh Patki

Mohamed Ali

2 | P a g e


Disclaimer This training document is to familiarize with IOS-XR. Although the lab design and configuration examples could be used as a

reference, it’s not a real design, thus not all recommended features are used, or enabled optimally. For the design related

questions please contact your representative at Cisco, or a Cisco partner.

3 | P a g e


Disclaimer ............................................................................................................................................. 2

Topology: .............................................................................................................................................. 4

Accessing the Lab................................................................................................................................... 5

Basic Configuration commands: ............................................................................................................. 7

Static Routes ........................................................................................................................................16

Open Shortest Path First (OSPF) ............................................................................................................19

BGP Configuration ................................................................................................................................25 IBGP Peering ..................................................................................................................................................25 Neighbor Groups ...........................................................................................................................................29 EBGP Peering .................................................................................................................................................32

Basic Route Policy Language .................................................................................................................42 Blocking based off Prefixes .............................................................................................................................42 Blocking based off AS-PATH ...........................................................................................................................53

MPLS Configuration ..............................................................................................................................62

MPLS L3VPN (Optional) .........................................................................................................................68 Local VRF Configuration .................................................................................................................................68

BGP VPNv4 Configuration (Optional) .....................................................................................................74 BGP PE-CE Configuration ................................................................................................................................79

MPLS Traffic Engineering (Optional) ......................................................................................................86

Dynamic Path (Optional) .......................................................................................................................88

Explicit Path (Optional) .........................................................................................................................91

Advanced RPLs (Optional) .....................................................................................................................97 Multiple Action Policies .................................................................................................................................97

Nested Policies (Optional) ................................................................................................................... 102

4 | P a g e


Topology:

IP Addresses are preconfigured. All routers except XR1 and XR2 have been pre-configured. Configuration will be done on IOS-XR routers only (XR1-XR2)

Host Loopback IP

XR1 192.168.1.1

XR2 192.168.2.2

RR-1 192.168.100.100

AS 10010.13.1.0/24

A

g0/0/0/0

g0/0/0/3

10.23.1.0/24

q

AS 2000

g0/0/0/3

AS 1100 AS 1200

g0/0/0/0

100.64.1.0/24

100.

64.1

1.0/

24

100.

64.2

.0/2

4

100.64.22.0/24

XR1 XR2

g0/1

g0/0/0/1

g0/0/0/2 g0/0/0/2

192.168.1.0/24

g0/0/0/1

g0/2

g0/1 g0/2

RR-1

g0/1.10

g0/1.20

172.16.1.0/24

BGP

OSPF

g0/1.10

g0/1.20

BGP

OSPF

g0/1

g0/2

g0/0/0/4.10 g0/0/0/4.10

g0/0/0/4.20 g0/0/0/4.20

192.168.2.0/24

172.16.2.0/24MP

LS

L

3V

PN

MP

LS

L

3VP

N

10.12.1.0/24

5 | P a g e


Accessing the Lab The lab is hosted by Cisco’s dCloud environment that provides training, labs, and demonstrations for almost any Cisco technology for Cisco customers. More information can be found at http://dcloud.cisco.com or on Twitter @ciscodcloud This lab is only available to attendees of this CiscoLive class.

1. Access to the lab is obtained by launching Anyconnect and connecting to: dcloud-lon-anyconnect.cisco.com Your instructor will provide you with your username and credentials that are unique to your pod. After authenticating, please click on ‘Ok’ to finalize the VPN connection to Dcloud.

2. Initiate a remote desktop session to the Dcloud workstation 198.18.133.36. Click on the

start button and type in mstsc /v:198.18.133.36

You will be prompted for user credentials. Use the username: WKST1\demo and the password: C1sco12345

6 | P a g e


If a different username is shown than above, click on use another account and type in the appropriate username.

Launch PuttyCM icon on your desktop

7 | P a g e


Basic Configuration commands: Task Objective:

Using XR1 perform the following tasks

Demonstrate changes around the interface and route statements Demonstrate various parsing elements Demonstrate ‘commit’, ‘commit replace’ and ‘rollback’ feature of IOS-XR. Check the commit points and verify config rollbacks. Demonstrate the usage of using files for pre-loading changes. Understand the use of ‘pwd’ and ‘root’ command At the end of this exercise, you would be able to configure and back out configuration.

Step 1. Show the existing IPv4 addresses

show ip interface brief show ipv4 interface brief

Username: cisco Password: cisco RP/0/0/CPU0:XR1# show ip interface brief Interface IP-Address Status Protocol Loopback0 192.168.1.1 Up Up GigabitEthernet0/0/0/0 10.12.1.1 Up Up GigabitEthernet0/0/0/1 10.13.1.1 Up Up GigabitEthernet0/0/0/2 100.64.1.254 Up Up GigabitEthernet0/0/0/3 100.64.11.254 Up Up GigabitEthernet0/0/0/4 unassigned Shutdown Down RP/0/0/CPU0:XR1# show ipv4 int brief Interface IP-Address Status Protocol Loopback0 192.168.1.1 Up Up GigabitEthernet0/0/0/0 10.12.1.1 Up Up GigabitEthernet0/0/0/1 10.13.1.1 Up Up GigabitEthernet0/0/0/2 100.64.1.254 Up Up GigabitEthernet0/0/0/3 100.64.11.254 Up Up GigabitEthernet0/0/0/4 unassigned Shutdown Down

Note: Some commands in IOS-XR require you to specify IPv4/IPv6

8 | P a g e


Step 2. Show the IPv4 routing table

show route RP/0/0/CPU0:XR1# show route Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, su - IS-IS summary null, * - candidate default U - per-user static route, o - ODR, L - local, G - DAGR, l - LISP A - access/subscriber, a - Application route M - mobile route, r - RPL, (!) - FRR Backup path Gateway of last resort is not set C 10.12.1.0/24 is directly connected, 13:20:53, GigabitEthernet0/0/0/0 L 10.12.1.1/32 is directly connected, 13:20:53, GigabitEthernet0/0/0/0 C 10.13.1.0/24 is directly connected, 13:20:53, GigabitEthernet0/0/0/1 L 10.13.1.1/32 is directly connected, 13:20:53, GigabitEthernet0/0/0/1 C 100.64.1.0/24 is directly connected, 13:20:53, GigabitEthernet0/0/0/2 L 100.64.1.254/32 is directly connected, 13:20:53, GigabitEthernet0/0/0/2 C 100.64.11.0/24 is directly connected, 13:20:53, GigabitEthernet0/0/0/3 L 100.64.11.254/32 is directly connected, 13:20:53, GigabitEthernet0/0/0/3 L 192.168.1.1/32 is directly connected, 13:20:53, Loopback0

Step 3. Demonstrate parsing elements Show the running configuration but including only ‘ipv4’ addresses and the interface names. By executing the command

show run | include "interface|ipv4" RP/0/0/CPU0:XR1# show run | include interface|ipv4 ^ % Invalid input detected at '^' marker. RP/0/0/CPU0:XR1# show run | include "interface|ipv4" Building configuration... telnet vrf default ipv4 server max-servers 10 address-family ipv4 unicast interface Loopback0 ipv4 address 192.168.1.1 255.255.255.255 interface MgmtEth0/0/CPU0/0 ipv4 address 198.18.1.10 255.255.255.0 interface GigabitEthernet0/0/0/0 ipv4 address 10.12.1.1 255.255.255.0 interface GigabitEthernet0/0/0/1 ipv4 address 10.13.1.1 255.255.255.0 interface GigabitEthernet0/0/0/2 ipv4 address 100.64.1.254 255.255.255.0 interface GigabitEthernet0/0/0/3 ipv4 address 100.64.11.254 255.255.255.0 interface GigabitEthernet0/0/0/4 address-family ipv4 unicast

9 | P a g e


RP/0/0/CPU0:XR1#

Unlike IOS, IOS-XR support true Boolean filtering, and as can be seen in the output above, multiple arguments require them to be surrounded by quotation marks. Step 4. Additional parsing utilities IOS-XR also provides other parsing utilities as illustrated in the output below RP/0/0/CPU0:XR1# show run | ? begin Begin with the line that matches exclude Exclude lines that match file Save the configuration include Include lines that match utility A set of common unix utilities <cr> Shows current operating configuration RP/0/0/CPU0:XR1# show run | utility ? cut Cut out selected fields of each line of a file egrep Extended regular expression grep fgrep Fixed string expression grep head Show set of lines/characters from the top of a file less Fixed string pattern matching more Paging Utility More script Launch a script for post processing sort Sort, merge, or sequence-check text files tail Copy the last part of files uniq Report or filter out repeated lines in a file wc Counting lines/words/characters of a file xargs Construct argument list(s) and invoke a program

10 | P a g e


Step 5. Change Hostname Configuration

config t hostname CiscoLive_2020 commit end

RP/0/0/CPU0:XR1# config t RP/0/0/CPU0:XR1(config)# hostname CiscoLive_2020 RP/0/0/CPU0:XR1(config)# commit RP/0/0/CPU0:Jan 23 13:22:59.959 : config[65740]: %MGBL-CONFIG-6-DB_COMMIT : Configuration committed by user 'cisco'. Use 'show configuration commit changes 1000000001' to view the changes. RP/0/0/CPU0:CiscoLive_2020(config)# end RP/0/0/CPU0:CiscoLive_2020#

We’ve highlighted the hostname before (XR1) and after the change (CiscoLive_2020) along with the change-id (1000000001). Step 6. Find Configuration Commit ID

show configuration commit list RP/0/0/CPU0:CiscoLive_2020# show configuration commit list Wed Jan 23 13:25:56.367 UTC SNo. Label/ID User Line Client Time Stamp ~~~~ ~~~~~~~~ ~~~~ ~~~~ ~~~~~~ ~~~~~~~~~~ 1 1000000001 cisco con0_0_CPU0 CLI Wed Jan 23 13:22:59 2020 RP/0/0/CPU0:CiscoLive_2020#

Note: Latest commit changes show up on top

Step 7. Look at the last configuration change

show configuration commit changes last 1 RP/0/0/CPU0:CiscoLive_2020# show configuration commit changes last 1 Building configuration... !! IOS XR Configuration 5.3.2 hostname CiscoLive_2020 end RP/0/0/CPU0:CiscoLive_2020#

11 | P a g e


Step 8. Revert back to original configuration

rollback configuration last 1

show configuration commit list

RP/0/0/CPU0:CiscoLive_2020# rollback configuration last 1 Loading Rollback Changes. Loaded Rollback Changes in 1 sec Committing. 1 items committed in 1 sec (0)items/sec Updating.RP/0/0/CPU0:Jan 23 13:32:02.332 : config_rollback[65740]: %MGBL-CONFIG-6-DB_COMMIT : Configuration committed by user 'cisco'. Use 'show configuration commit changes 1000000002' to view the changes. Updated Commit database in 1 sec Configuration successfully rolled back 1 commits. RP/0/0/CPU0:XR1# RP/0/0/CPU0:XR1# show configuration commit list Wed Jan 23 13:33:39.565 UTC SNo. Label/ID User Line Client Time Stamp ~~~~ ~~~~~~~~ ~~~~ ~~~~ ~~~~~~ ~~~~~~~~~~ 1 1000000002 cisco con0_0_CPU0 Rollback Wed Jan 23 13:32:01 2020 2 1000000001 cisco con0_0_CPU0 CLI Wed Jan 23 13:22:59 2020 RP/0/0/CPU0:XR1#

Step 9. Erase the running-configuration

conf commit replace y do show run

The commit replace function will replace the running configuration with the target configuration specified. In this example, nothing is configured in the target configuration, so this erases the running-configuration. In other words, this is the equivalent to the command write erase in IOS RP/0/0/CPU0:XR1# conf Wed Jan 23 13:37:59.367 UTC RP/0/0/CPU0:XR1(config)# commit replace This commit will replace or remove the entire running configuration. This operation can be service affecting. Do you wish to proceed? [no]: y RP/0/0/CPU0:ios(config)# do show run Wed Jan 23 13:38:08.307 UTC Building configuration... !! IOS XR Configuration 5.3.2 !! Last configuration change at Wed Jan 23 13:38:07 2020 by cisco !

12 | P a g e


end RP/0/0/CPU0:XR1#

Step 10. Rollback the change This will bring us back to the state before the last change.

rollback configuration last 1 RP/0/0/CPU0:ios# rollback configuration last 1 Wed Jan 23 14:21:37.738 UTC Loading Rollback Changes. Loaded Rollback Changes in 1 sec Committing..... 38 items committed in 5 sec (7)items/sec Updating.RP/0/0/CPU0:Jan 23 14:21:43.968 : config_rollback[65740]: %MGBL-CONFIG-6-DB_COMMIT : Configuration committed by user 'cisco'. Use 'show configuration commit changes 1000000004' to view the changes. Updated Commit database in 1 sec Configuration successfully rolled back 1 commits. RP/0/0/CPU0:XR1#

Step 11. Understanding IOS-XR command hierarchy. IOS-XR is a hierarchical OS. At times, you may be in one configuration submode (i.e. OSPF), and need to change to another configuration submode (i.e. configuring an IP address). This will result in an error because you do not leave the original sub-configuration, and commands will be entered under the wrong sub-configuration. For example, enter the following commands to see the error:

conf router ospf 100 area 0 int lo0 int gi0/0/0/4 ipv4 address 1.1.1.1 255.255.255.255

RP/0/0/CPU0:XR1# conf Wed Jan 23 14:30:48.640 UTC RP/0/0/CPU0:XR1(config)# router ospf 100 RP/0/0/CPU0:XR1(config-ospf)# area 0 RP/0/0/CPU0:XR1(config-ospf-ar)# int lo0 RP/0/0/CPU0:XR1(config-ospf-ar-if)# int gi0/0/0/4 RP/0/0/CPU0:XR1(config-ospf-ar-if)# ipv4 address 1.1.1.1 255.255.255.255 ^ % Invalid input detected at '^' marker. RP/0/0/CPU0:XR1(config-ospf-ar-if)#

Step 12. Understanding the use of ‘pwd’

13 | P a g e


Because IOS-XR is hierarchical, the IP address assignment was done under the Router OSPF configuration. The use of the pwd command will show you where you are in the configuration mode. RP/0/0/CPU0:XR1(config-ospf-ar-if)# pwd 14:34:01.147 UTC router ospf 100 area 0 interface GigabitEthernet0/0/0/4 RP/0/0/CPU0:XR1(config-ospf-ar-if)#

Step 13. Understanding the use of ‘root’ Now let’s use the root command to take us to the root configuration prompt, and then change the IP address.

root int gi0/0/0/4 ipv4 address 1.1.1.1 255.255.255.255

RP/0/0/CPU0:XR1(config-ospf-ar-if)# root RP/0/0/CPU0:XR1(config)#int gi0/0/0/4 RP/0/0/CPU0:XR1(config-if)#ipv4 address 1.1.1.1 255.255.255.255 RP/0/0/CPU0:XR1(config-if)#

Step 14. Using the exit command instead of the root command

The alternative to the root command is to keep typing the command exit over, and over again, etc.

Enter the following commands to see the error again

router ospf 100 area 0 int lo0 int gi0/0/0/4 ipv4 address 1.1.1.1 255.255.255.255

Enter the following commands to get back to root prompt

exit exit exit int gi0/0/0/4 ipv4 address 1.1.1.1 255.255.255.255

RP/0/0/CPU0:XR1(config-if)# router ospf 100 RP/0/0/CPU0:XR1(config-ospf)# area 0

14 | P a g e


RP/0/0/CPU0:XR1(config-ospf-ar)# int lo0 RP/0/0/CPU0:XR1(config-ospf-ar-if)# int gi0/0/0/4 RP/0/0/CPU0:XR1(config-ospf-ar-if)# ipv4 address 1.1.1.1 255.255.255.255 ^ % Invalid input detected at '^' marker. RP/0/0/CPU0:XR1(config-ospf-ar-if)# exit RP/0/0/CPU0:XR1(config-ospf-ar)# exit RP/0/0/CPU0:XR1(config-ospf)# exit RP/0/0/CPU0:XR1(config)# int gi0/0/0/4 RP/0/0/CPU0:XR1(config-if)# ipv4 address 1.1.1.1 255.255.255.255 RP/0/0/CPU0:XR1(config-if)#

As you can see from the previous steps, using the root command is a lot quicker to get back to the main configuration prompt than entering the exit commands multiple times.

Step 15. Abort the changes just made

The changes we made to test the pwd and root commands were not committed. To get back to the exec prompt there are two options, entering the exit command which requires a confirmation or entering the abort command which doesn’t

To test exit:

exit exit no

To test abort:

conf int g0/0/0/4 abort

Exit command RP/0/0/CPU0:XR1(config-if)# exit RP/0/0/CPU0:XR1(config)# exit Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]: no RP/0/0/CPU0:Jan 23 15:08:30.885 : config[65740]: %MGBL-SYS-5-CONFIG_I : Configured from console by cisco RP/0/0/CPU0:XR1#

Abort command RP/0/0/CPU0:XR1# RP/0/0/CPU0:XR1# conf RP/0/0/CPU0:XR1(config)# int gi0/0/0/4 RP/0/0/CPU0:XR1(config-if)# abort

15 | P a g e


RP/0/0/CPU0:Jan 23 15:13:00.937 : config[65740]: %MGBL-SYS-5-CONFIG_I : Configured from console by cisco RP/0/0/CPU0:XR1#

Step 16. Just as in IOS, IOS XR supports usage of the do command, which allows you to execute commands under configuration mode. RP/0/0/CPU0:XR1# conf Wed Jan 23 15:16:23.093 UTC RP/0/0/CPU0:XR1(config)# do show ipv4 int br | i Lo Loopback0 192.168.1.1 Up Up RP/0/0/CPU0:XR1(config)#

16 | P a g e


Static Routes Task Objective

On XR1 o Configure a static route for 100.64.22.0/24 that points to XR2’s IP Address 10.12.1.2 o Configure a static route for 100.96.2.0/24 with an AD of 200 that points to XR2’s IP

Address 10.12.1.2 as well On XR2

o Configure a static route for 100.64.1.0/24 that points to XR1’s IP Address 10.12.1.1 o Configure a static route for 100.96.1.0/24 with an AD of 200 that points to XR1’s IP

Address 10.12.1.1 as well Verify that XR1 can ping 100.64.22.254 (AS 1200 Router) Verify that XR2 can ping 100.64.1.254 (AS 1100 Router) Static routes are preconfigured on the AS1100 and AS1200 routers.

Cisco Website for Static Route Configuration

Step 1. Initialize the Static Router Process and choose the correct address-family On XR1 and XR2 enter the following commands:

router static address-family ipv4 unicast

Step 2. Identify the network prefix destination, and next-hop IP address On XR1 only, enter the following commands:

router static address-family ipv4 unicast 100.64.22.0/24 10.12.1.2 100.96.2.0/24 10.12.1.2 200 commit end

On XR2 enter the following commands:

router static address-family ipv4 unicast 100.64.1.0/24 10.12.1.1 100.96.1.0/24 10.12.1.1 200 commit end

17 | P a g e


Step 3. Static route show commands Verify the static route configuration and functionality on XR1 and XR2 by executing the following commands: XR1

show run router static show static topology show route static ping 100.64.22.254

XR2

ping 100.64.1.254 Note: IOS-XR does not use “ip” or “ipv6” protocol differentiators before the protocols, unlike IOS.

XR1 RP/0/0/CPU0:XR1# show run router static Wed Jan 23 15:59:42.475 UTC router static address-family ipv4 unicast 100.64.22.0/24 10.12.1.2 100.96.2.0/24 10.12.1.2 200 ! vrf Management address-family ipv4 unicast 0.0.0.0/0 198.18.1.1 ! ! ! RP/0/0/CPU0:XR1# show static topology Wed Jan 23 15:59:42.615 UTC VRF: default Table Id: 0xe0000000 AFI: IPv4 SAFI: Unicast Prefix/Len Interface Nexthop Object Metrics 100.64.22.0/24 None 10.12.1.2 None [0/0/1/0] 100.96.2.0/24 None 10.12.1.2 None [0/0/200/0] RP/0/0/CPU0:XR1# show route static Wed Jan 23 15:59:42.705 UTC S 100.64.22.0/24 [1/0] via 10.12.1.2, 00:00:46 S 100.96.2.0/24 [200/0] via 10.12.1.2, 00:00:46 RP/0/0/CPU0:XR1# ping 100.64.22.254 Wed Jan 23 15:59:42.805 UTC Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 100.64.22.254, timeout is 2 seconds: !!!!!

18 | P a g e


Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms RP/0/0/CPU0:XR1#

XR2 RP/0/0/CPU0:XR2# ping 100.64.1.254 Wed Jan 23 16:01:23.458 UTC Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 100.64.1.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms RP/0/0/CPU0:XR2#

19 | P a g e


Open Shortest Path First (OSPF) Task Objective:

Configure OSPF on XR1 and XR2. Advertise only the Loopback 0, Gi0/0/0/0 and Gi0/0/0/1 interfaces into Area 0 OSPF Process-ID is 1, Area-ID is 0 and Router-ID will be the Loopback0 IPv4 address Set all interface costs to 10 and set for ‘Area 0’ the network-type point-to-point Change the cost to 100 for the link between XR1-to-RR-1 & link XR2-to-RR-1 Ensure end-to-end IP reachability exists via ICMP OSPF is already configured on RR-1.

Cisco Website for OSPF Configuration

Step 1. Enable OSPF and configure Router-ID XR1

router ospf 1 router-id 192.168.1.1

XR2

router ospf 1 router-id 192.168.2.2

Step 2. Configure OSPF Area, Network-Type, interfaces and Advertise networks XR1 and XR2

router ospf 1 cost 10 area 0 network point-to-point interface Loopback0 interface GigabitEthernet0/0/0/0 interface GigabitEthernet0/0/0/1 cost 100 commit end

Note: IOS-XR is hierarchical, setting the cost & network at the area level will cascade to the members below it. Those settings can be overridden by setting an explicit value on a lower level member as illustrated in the figure below.

20 | P a g e


Step 3. Validate OSPF configuration by executing the following commands XR1 and XR2

show run router ospf show ospf interface brief show ospf summary show ospf show ospf neighbor show ospf database database-summary show ospf statistics spf

RP/0/0/CPU0:XR1# show run router ospf Wed Jan 23 16:19:07.785 UTC router ospf 1 router-id 192.168.1.1 cost 10 area 0 network point-to-point interface Loopback0 ! interface GigabitEthernet0/0/0/0 ! interface GigabitEthernet0/0/0/1 cost 100 ! ! ! RP/0/0/CPU0:XR1# show ospf interface brief Wed Jan 23 16:19:16.214 UTC * Indicates MADJ interface, (P) Indicates fast detect hold down state Interfaces for OSPF 1

21 | P a g e


Interface PID Area IP Address/Mask Cost State Nbrs F/C Lo0 1 0 192.168.1.1/32 10 LOOP 0/0 Gi0/0/0/0 1 0 10.12.1.1/24 10 P2P 1/1 Gi0/0/0/1 1 0 10.13.1.1/24 100 P2P 1/1 RP/0/0/CPU0:XR1# show ospf summary Wed Jan 23 16:19:21.484 UTC Routing process "ospf 1" Number of OSPF interfaces 3 Number of OSPF interfaces up 3 Number of OSPF virtual interfaces up 0 Number of OSPF sham-link interfaces up 0 Number of neighbors 2 Number of neighbors adjacent 2 Number of areas 1 LSA Type Count Router : 3 Network : 0 Summary Net : 0 Summary ASBR : 0 Type-7 Ext : 0 Opaque Link : 0 Opaque Area : 3 Type-5 Ext : 0 Opaque AS : 0 RP/0/0/CPU0:XR1# show ospf Wed Jan 23 16:23:27.557 UTC Routing Process "ospf 1" with ID 192.168.1.1 Role: Primary Active NSR (Non-stop routing) is Disabled Supports only single TOS(TOS0) routes Supports opaque LSA Router is not originating router-LSAs with maximum metric Initial SPF schedule delay 50 msecs Minimum hold time between two consecutive SPFs 200 msecs Maximum wait time between two consecutive SPFs 5000 msecs Initial LSA throttle delay 50 msecs Minimum hold time for LSA throttle 200 msecs Maximum wait time for LSA throttle 5000 msecs Minimum LSA interval 200 msecs. Minimum LSA arrival 100 msecs LSA refresh interval 1800 seconds Flood pacing interval 33 msecs. Retransmission pacing interval 66 msecs Adjacency stagger enabled; initial (per area): 2, maximum: 64 Number of neighbors forming: 0, 2 full Maximum number of configured interfaces 1024 Number of external LSA 0. Checksum Sum 00000000 Number of opaque AS LSA 0. Checksum Sum 00000000 Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. 1 normal 0 stub 0 nssa External flood list length 0 SNMP trap is enabled LSD connected, registered, bound, revision 1 Segment Routing Global Block default (16000-23999), not allocated Area BACKBONE(0) Number of interfaces in this area is 3 SPF algorithm executed 9 times Number of LSA 6. Checksum Sum 0x0448c4 Number of opaque link LSA 0. Checksum Sum 00000000

22 | P a g e


Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 Number of LFA enabled interfaces 0, LFA revision 0 Number of Per Prefix LFA enabled interfaces 0 Number of neighbors forming in staggered mode 0, 2 full RP/0/0/CPU0:XR1# show ospf neighbor Wed Jan 23 16:19:26.824 UTC * Indicates MADJ interface # Indicates Neighbor awaiting BFD session up Neighbors for OSPF 1 Neighbor ID Pri State Dead Time Address Interface 192.168.2.2 1 FULL/ - 00:00:35 10.12.1.2 GigabitEthernet0/0/0/0 Neighbor is up for 00:04:22 192.168.100.100 1 FULL/ - 00:00:32 10.13.1.3 GigabitEthernet0/0/0/1 Neighbor is up for 00:04:55 Total neighbor count: 2 RP/0/0/CPU0:XR1# show ospf database database-summary Wed Jan 23 16:20:24.640 UTC OSPF Router with ID (192.168.1.1) (Process ID 1) Area 0 database summary LSA Type Count Delete Maxage Router 3 0 0 Network 0 0 0 Summary Net 0 0 0 Summary ASBR 0 0 0 Type-7 Ext 0 0 0 Opaque Link 0 0 0 Opaque Area 3 0 0 Subtotal 6 0 0 Process 1 database summary Router 3 0 0 Network 0 0 0 Summary Net 0 0 0 Summary ASBR 0 0 0 Type-7 Ext 0 0 0 Opaque Link 0 0 0 Opaque Area 3 0 0 Type-5 Ext 0 0 0 Opaque AS 0 0 0 Total 6 0 0 RP/0/0/CPU0:XR1# show ospf statistics spf Wed Jan 23 16:20:58.627 UTC SPF statistics for OSPF 1 Reason Codes: R - Router-LSA, N - Network-LSA, SN - Summary-LSA (IP network), SA - Summary-LSA (ASBR), X - AS-external-LSA Last 9 Dijkstra Calculations

23 | P a g e


Delta T Area Runtime Reason 00:06:31 0 0 R, N, 00:06:27 0 0 R, N, 00:06:27 0 0 00:06:26 0 0 R, 00:06:25 0 0 R, 00:05:58 0 0 R, 00:05:57 0 0 R, 00:05:57 0 0 R, 00:05:54 0 0 R, RP/0/0/CPU0:XR1#

Step 4. OSPF Trace Traces are like running debug without taking up CPU resources. Traces are automatically configured and running unlike debug features. XR1 and XR2

show ospf trace show ospf trace hello show ospf trace adj 5

Note: The command show ospf trace adj 5 demonstrates how you can select the last <x> number of traces you want to view RP/0/0/CPU0:XR1# show ospf trace OSPF Trace Summary (1, RP/0/0/CPU0:XR1, 3095M) Trace Name Size Count Description ------------ ------- ---------- -------------------------- 1. adj 8192 69 adjacency 2. adj_cycle 8192 35 dbd/flood events/pkts 3. config 4096 43 config events 4. errors 8192 3 errors 5. warnings 4096 1 low errors/warnings 6. events 4096 112 mda/rtrid/bfd/vrf 7. ha 8192 401 startup/HA/NSF 8. hello 2048 489 hello events/pkts 9. idb 8192 113 interface 10. pkt 2048 186 I/O packets 11. rib 8192 45 rib batching 12. spf 8192 273 spf/topology 13. spf_cycle 8192 0 spf/topology detail 14. te 4096 11 mpls-te 15. test 1024 47 testing info 16. mq 256 2 message queue info RP/0/0/CPU0:XR1# show ospf trace hello Wed Jan 23 16:27:35.470 UTC Traces for OSPF 1 (Wed Jan 23 16:27:35) Traces returned/requested/available: 496/2048/496 Trace buffer: hello

24 | P a g e


1 Jan 23 16:14:27.224* ospf_send_hello: area 0.0.0.0 intf Gi0/0/0/0 from 10.12.1.1 2 Jan 23 16:14:27.234 ospf_send_hello: area 0.0.0.0 intf Gi0/0/0/1 from 10.13.1.1 3 Jan 23 16:14:31.544* ospf_rcv_hello: intf Gi0/0/0/1 area 0.0.0.0 from 192.168.100.100 10.13.1.3 4 Jan 23 16:14:31.544* ospf_router_nbr_new: intf Gi0/0/0/1 area 0.0.0.0 from 192.168.100.100 10.13.1.3 5 Jan 23 16:14:31.544* ospf_check_hello_events: intf Gi0/0/0/1 area 0.0.0.0 from 10.13.1.1 6 Jan 23 16:14:31.544* ospf_router_nbr_new: end of router thread hello processing 7 Jan 23 16:14:36.324* ospf_send_hello: area 0.0.0.0 intf Gi0/0/0/0 from 10.12.1.1 8 Jan 23 16:14:37.064* ospf_send_hello: area 0.0.0.0 intf Gi0/0/0/1 from 10.13.1.1 9 Jan 23 16:14:40.633 ospf_rcv_hello: intf Gi0/0/0/1 area 0.0.0.0 from 192.168.100.100 10.13.1.3 <output omitted> RP/0/0/CPU0:XR1# show ospf trace adj 5 Wed Jan 23 16:30:11.410 UTC Traces for OSPF 1 (Wed Jan 23 16:30:11) Traces returned/requested/available: 5/5/69 Trace buffer: adj 1 Jan 23 16:15:04.242* ospf_dec_nbr_form_cnt: nbr 192.168.2.2 forming Gi0/0/0/0, area 0.0.0.0 2 Jan 23 16:15:04.242* ospf_dec_nbr_form_cnt: #Nbrs: (ar: 0, inst: 0) forming, 2 full, area 0.0.0.0 3 Jan 23 16:15:04.342* ospf_build_rtr_lsa: area 0.0.0.0 rtrid 192.168.1.1 seq 0x80000003 vrfid 0x60000000 4 Jan 23 16:15:11.581* ospf_nbr_hold_dbd: Timer expired (nbr_hold_dbd): nbr_id 192.168.100.100 5 Jan 23 16:15:44.259* ospf_nbr_hold_dbd: Timer expired (nbr_hold_dbd): nbr_id 192.168.2.2 RP/0/0/CPU0:XR1#

25 | P a g e


BGP Configuration

IBGP Peering

Task Objective:

Create the BGP Process 100, and set the BGP Router-ID to match Loopback 0’s IP Activate address-family ipv4 and advertise the Loopack 0 into BGP Configure iBGP session on XR1 & XR2 to the AS 100 Route-Reflector RR-1 Source the connection from Loopback 0 Set the BGP session password to CISCO Use only the IPv4 Address-Family, and set the next-hop-self parameter The Route-Reflector is already configured

Cisco Website for BGP Configuration

Route Reflector Loopback address

RR1 192.168.100.100

AS 10010.13.1.0/24

A

g0/0/0/0

g0/0/0/3

10.23.1.0/24

q

AS 2000

g0/0/0/3

AS 1100 AS 1200

g0/0/0/0

100.64.1.0/24

100.

64.1

1.0/

24

100.

64.2

.0/2

4

100.64.22.0/24

XR1 XR2

g0/1

g0/0/0/1

g0/0/0/2 g0/0/0/2

g0/0/0/1

g0/2

g0/1 g0/2

RR-1

g0/1

g0/2

10.12.1.0/24

26 | P a g e


Step 1. Enable BGP and Configure Router-id on XR1 and XR2 XR1

router bgp 100 bgp router-id 192.168.1.1

XR2

router bgp 100 bgp router-id 192.168.2.2

Step 2. Activate IPv4 Unicast address-family on XR1 and XR2 XR1

router bgp 100 address-family ipv4 unicast network 192.168.1.1/32

XR2

router bgp 100 address-family ipv4 unicast network 192.168.2.2/32

Step 3. Configure XR1 & XR2 with the BGP Peering to the Route-Reflector RR-1 for IPv4 XR1 and XR2

router bgp 100 neighbor 192.168.100.100 remote-as 100 password CISCO update-source Loopback0 address-family ipv4 unicast next-hop-self commit end

Step 4. Example showing different methods in which to apply configuration to IOS-XR. There is no need to type the commands in this step. If you decide to do so, please do not commit the configuration. Use the abort command once you are done. IOS-XR syntax does allow for some flexibility, which can speed up the process of entering a configuration, but will not change the context of the configuration submode. The example below shows two methods of entering the configuration; that result in the same configuration being applied.

27 | P a g e


RP/0/0/CPU0:XR1(config)# router bgp 65500 RP/0/0/CPU0:XR1(config-bgp)# neighbor 200.200.200.200 RP/0/0/CPU0:XR1(config-bgp-nbr)# remote-as 65500 RP/0/0/CPU0:XR1(config-bgp-nbr)# update-source lo0 RP/0/0/CPU0:XR1(config-bgp-nbr)# address-family ipv4 unicast RP/0/0/CPU0:XR1(config-bgp-nbr-af)# RP/0/0/CPU0:XR1(config-bgp-nbr-af)# show conf Building configuration... !! IOS XR Configuration 0.0.0 router bgp 65500 neighbor 200.200.200.200 remote-as 65500 update-source Loopback0 address-family ipv4 unicast

OR RP/0/0/CPU0:XR1(config)# router bgp 65500 RP/0/0/CPU0:XR1(config-bgp)# neighbor 200.200.200.200 remote-as 65500 RP/0/0/CPU0:XR1(config-bgp)# neighbor 200.200.200.200 update-source lo0 RP/0/0/CPU0:XR1(config-bgp)# neighbor 200.200.200.200 address-family ipv4 unicast RP/0/0/CPU0:XR1(config-bgp-nbr-af)# show conf Building configuration... !! IOS XR Configuration 0.0.0 router bgp 65500 neighbor 200.200.200.200 remote-as 65500 update-source Loopback0 address-family ipv4 unicast

While the configuration is identical, the CLI prompt changed, which may affect future commands that are entered. Please be aware of this behavior as you proceed through the lab. Step 5. Verify BGP Configuration and Functionality XR1 and XR2

show run router bgp show bgp summary show bgp ipv4 unicast

Note: It may take ~30-60 seconds for the BGP session to establish in this lab.

28 | P a g e


RP/0/0/CPU0:XR1# show run router bgp Wed Jan 23 17:12:43.315 UTC router bgp 100 bgp router-id 192.168.1.1 address-family ipv4 unicast network 192.168.1.1/32 ! neighbor 192.168.100.100 remote-as 100 password encrypted 00273A352774 update-source Loopback0 address-family ipv4 unicast next-hop-self ! ! ! RP/0/0/CPU0:XR1# show bgp summary Wed Jan 23 17:12:50.334 UTC BGP router identifier 192.168.1.1, local AS number 100 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0xe0000000 RD version: 5 BGP main routing table version 5 BGP NSR Initial initsync version 2 (Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs BGP is operating in STANDALONE mode. Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer Speaker 5 5 5 5 5 0 Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 192.168.100.100 0 100 8 6 5 0 0 00:02:46 2 RP/0/0/CPU0:XR1# show bgp ipv4 unicast Wed Jan 23 17:12:57.064 UTC BGP router identifier 192.168.1.1, local AS number 100 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0xe0000000 RD version: 5 BGP main routing table version 5 BGP NSR Initial initsync version 2 (Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs Status codes: s suppressed, d damped, h history, * valid, > best i - internal, r RIB-failure, S stale, N Nexthop-discard Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>i10.100.100.0/24 192.168.100.100 0 100 0 i *>i172.31.100.0/30 192.168.100.100 0 100 0 i *> 192.168.1.1/32 0.0.0.0 0 32768 i Processed 3 prefixes, 3 paths RP/0/0/CPU0:XR1#

29 | P a g e


Neighbor Groups Task Objective:

Configure BGP Neighbor Group Delete the previous BGP neighbor peering with RR-1 192.168.100.100. Establish a full mesh between XR1, XR2, and RR-1. Reduce configuration by using a neighbor-group (AS100); and establish peerings with the

following settings: o Source the connection from Loopback0 o Use password CISCO o Use only the IPv4 Address-Family, and set the next-hop-self parameter o RR-1 is pre-configured

Node Loopback address

RR 192.168.100.100

XR1 192.168.1.1

XR2 192.168.2.2

Step 1: Configure the BGP Neighbor Group Step 6. Configure the BGP Neighbor Group XR1 and XR2

router bgp 100 neighbor-group AS100 remote-as 100 password CISCO update-source Loopback0 address-family ipv4 unicast next-hop-self

30 | P a g e


Step 7. Create the new BGP peerings on XR1 and XR2 with each other, and to RR-1. Use the neighbor-group XR1

router bgp 100 no neighbor 192.168.100.100 neighbor 192.168.100.100 use neighbor-group AS100 neighbor 192.168.2.2 use neighbor-group AS100 commit end

XR2

router bgp 100 no neighbor 192.168.100.100 neighbor 192.168.100.100 use neighbor-group AS100 neighbor 192.168.1.1 use neighbor-group AS100 commit end

Step 8. Verify the neighbor-group configuration XR1 and XR2

show run router bgp show bgp summary

31 | P a g e


RP/0/0/CPU0:XR1# show run router bgp Wed Jan 23 17:29:16.917 UTC router bgp 100 bgp router-id 192.168.1.1 address-family ipv4 unicast network 192.168.1.1/32 ! neighbor-group AS100 remote-as 100 password encrypted 14343B382F2B update-source Loopback0 address-family ipv4 unicast next-hop-self ! ! neighbor 192.168.2.2 use neighbor-group AS100 ! neighbor 192.168.100.100 use neighbor-group AS100 ! ! RP/0/0/CPU0:XR1# show bgp summary Wed Jan 23 17:29:23.926 UTC BGP router identifier 192.168.1.1, local AS number 100 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0xe0000000 RD version: 10 BGP main routing table version 10 BGP NSR Initial initsync version 2 (Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs BGP is operating in STANDALONE mode. Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer Speaker 10 10 10 10 10 0 Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 192.168.2.2 0 100 4 4 10 0 0 00:00:37 1 192.168.100.100 0 100 5 4 10 0 0 00:00:51 2 RP/0/0/CPU0:XR1#

IOS allows for configuration of peers with similar outbound policies through the use of ‘peer-groups’. IOS-XR allows for the same capability with more flexibility through the use af-group, session-group, and neighbor-groups.

32 | P a g e


EBGP Peering

Task Objective:

Configure a BGP session using the BGP Peer & AS settings listed below. Verify that routes are being exchanged.

Node BGP Peer IP Address Remote-AS # XR1 100.64.1.1 1100

XR2 100.64.2.1 1200

Step 9. Configure eBGP Peering to the ISP router and validate the EBGP configuration and connectivity XR1

router bgp 100 neighbor 100.64.1.1 remote-as 1100 address-family ipv4 unicast commit end

AS 10010.13.1.0/24

A

g0/0/0/0

g0/0/0/3

10.23.1.0/24

q

AS 2000

g0/0/0/3

AS 1100 AS 1200

g0/0/0/0

100.64.1.0/24

100.

64.1

1.0/

24

100.

64.2

.0/2

4

100.64.22.0/24

XR1 XR2

g0/1

g0/0/0/1

g0/0/0/2 g0/0/0/2

g0/0/0/1

g0/2

g0/1 g0/2

RR-1

g0/1

g0/2

10.12.1.0/24

33 | P a g e


XR2

router bgp 100 neighbor 100.64.2.1 remote-as 1200 address-family ipv4 unicast commit end

RP/0/0/CPU0:XR1# conf t Wed Jan 23 17:50:17.160 UTC RP/0/0/CPU0:XR1(config)# router bgp 100 RP/0/0/CPU0:XR1(config-bgp)# neighbor 100.64.1.1 RP/0/0/CPU0:XR1(config-bgp-nbr)# remote-as 1100 RP/0/0/CPU0:XR1(config-bgp-nbr)# address-family ipv4 unicast RP/0/0/CPU0:XR1(config-bgp-nbr-af)# commit Wed Jan 23 17:50:19.720 UTC RP/0/0/CPU0:Jan 23 17:50:19.800 : config[65740]: %MGBL-CONFIG-6-DB_COMMIT : Configuration committed by user 'cisco'. Use 'show configuration commit changes 1000000010' to view the changes. RP/0/0/CPU0:Jan 23 17:50:37.829 : bgp[1053]: %ROUTING-BGP-5-ADJCHANGE : neighbor 100.64.1.1 Up (VRF: default) (AS: 1100) RP/0/0/CPU0:Jan 23 17:50:37.829 : bgp[1053]: %ROUTING-BGP-6-NBR_NOPOLICY : No inbound IPv4 Unicast policy is configured for eBGP neighbor 100.64.1.1. No IPv4 Unicast prefixes will be accepted from the neighbor until inbound policy is configured. RP/0/0/CPU0:Jan 23 17:50:37.829 : bgp[1053]: %ROUTING-BGP-6-NBR_NOPOLICY : No outbound IPv4 Unicast policy is configured for eBGP neighbor 100.64.1.1. No IPv4 Unicast prefixes will be sent to the neighbor until outbound policy is configured. RP/0/0/CPU0:XR1(config-bgp-nbr-af)# RP/0/0/CPU0:XR1(config-bgp-nbr-af)# end RP/0/0/CPU0:Jan 23 17:51:56.004 : config[65740]: %MGBL-SYS-5-CONFIG_I : Configured from console by cisco RP/0/0/CPU0:XR1#

Notice the EBGP neighbor is up but there are a couple of syslogs indicating no IPv4 addresses will be accepted or sent Step 10. Verify EBGP functionality details on XR1 only XR1

show bgp ipv4 unicast summary show bgp ipv4 unicast neighbor 100.64.1.1

34 | P a g e


RP/0/0/CPU0:XR1# show bgp ipv4 unicast summary Wed Jan 23 18:20:44.795 UTC BGP router identifier 192.168.1.1, local AS number 100 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0xe0000000 RD version: 10 BGP main routing table version 10 BGP NSR Initial initsync version 2 (Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs BGP is operating in STANDALONE mode. Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer Speaker 10 10 10 10 10 0 Some configured eBGP neighbors (under default or non-default vrfs) do not have both inbound and outbound policies configured for IPv4 Unicast address family. These neighbors will default to sending and/or receiving no routes and are marked with '!' in the output below. Use the 'show bgp neighbor <nbr_address>' command for details. Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 100.64.1.1 0 1100 40 34 10 0 0 00:30:07 0! 192.168.2.2 0 100 55 55 10 0 0 00:51:58 1 192.168.100.100 0 100 62 56 10 0 0 00:52:11 2 RP/0/0/CPU0:XR1# show bgp ipv4 unicast neighbor 100.64.1.1 Wed Jan 23 18:21:59.340 UTC BGP neighbor is 100.64.1.1 Remote AS 1100, local AS 100, external link Remote router ID 164.144.11.1 BGP state = Established, up for 00:31:21 NSR State: None Last read 00:00:22, Last read before reset 00:00:00 Hold time is 180, keepalive interval is 60 seconds Configured hold time: 180, keepalive: 60, min acceptable hold time: 3 Last write 00:00:16, attempted 19, written 19 Second last write 00:01:16, attempted 19, written 19 Last write before reset 00:00:00, attempted 0, written 0 Second last write before reset 00:00:00, attempted 0, written 0 Last write pulse rcvd Jan 23 18:21:43.541 last full not set pulse count 73 Last write pulse rcvd before reset 00:00:00 Socket not armed for io, armed for read, armed for write Last write thread event before reset 00:00:00, second last 00:00:00 Last KA expiry before reset 00:00:00, second last 00:00:00 Last KA error before reset 00:00:00, KA not sent 00:00:00 Last KA start before reset 00:00:00, second last 00:00:00 Precedence: internet Non-stop routing is enabled Enforcing first AS is enabled Multi-protocol capability received Neighbor capabilities: Route refresh: advertised (old + new) and received (old + new) Graceful Restart (GR Awareness): advertised 4-byte AS: advertised and received Address family IPv4 Unicast: advertised and received Received 41 messages, 0 notifications, 0 in queue Sent 35 messages, 1 notifications, 0 in queue Minimum time between advertisement runs is 30 secs Inbound message logging enabled, 3 messages buffered

35 | P a g e


Outbound message logging enabled, 3 messages buffered For Address Family: IPv4 Unicast BGP neighbor version 10 Update group: 0.3 Filter-group: 0.1 No Refresh request being processed eBGP neighbor with no inbound or outbound policy; defaults to 'drop' Route refresh request: received 0, sent 0 0 accepted prefixes, 0 are bestpaths Cumulative no. of prefixes denied: 2. No policy: 2, Failed RT match: 0 By ORF policy: 0, By policy: 0 Prefix advertised 0, suppressed 0, withdrawn 0 Maximum prefixes allowed 1048576 Threshold for warning message 75%, restart interval 0 min An EoR was not received during read-only mode Last ack version 10, Last synced ack version 0 Outstanding version objects: current 0, max 0 Additional-paths operation: None Connections established 1; dropped 0 Local host: 100.64.1.254, Local port: 179, IF Handle: 0x00000400 Foreign host: 100.64.1.1, Foreign port: 18767 Last reset 00:31:30, due to BGP Notification sent: peer in wrong AS Time since last notification sent to neighbor: 00:31:30 Error Code: peer in wrong AS Notification data sent: DC050000 RP/0/0/CPU0:XR1#

Because a route-policy does not exist for an EBGP peer, all routes are dropped To/From that peer. Step 11. Correct the error by applying an inbound and an outbound policy to XR1 and XR2 XR1

route-policy PASS-ALL pass end-policy router bgp 100 neighbor 100.64.1.1 address-family ipv4 unicast route-policy PASS-ALL in route-policy PASS-ALL out commit end

36 | P a g e


XR2

route-policy PASS-ALL pass end-policy router bgp 100 neighbor 100.64.2.1 address-family ipv4 unicast route-policy PASS-ALL in route-policy PASS-ALL out commit end

Step 12. Verify BGP Configuration and Functionality XR1 show run router bgp show bgp summary show bgp neighbor 100.64.1.1 XR2 show run router bgp show bgp summary show bgp neighbor 100.64.2.1 RP/0/0/CPU0:XR1# show run router bgp Wed Jan 23 18:39:21.129 UTC router bgp 100 bgp router-id 192.168.1.1 address-family ipv4 unicast network 192.168.1.1/32 ! neighbor-group AS100 remote-as 100 password encrypted 14343B382F2B update-source Loopback0 address-family ipv4 unicast next-hop-self ! ! neighbor 100.64.1.1 remote-as 1100 address-family ipv4 unicast route-policy PASS-ALL in route-policy PASS-ALL out ! ! neighbor 192.168.2.2 use neighbor-group AS100

37 | P a g e


! neighbor 192.168.100.100 use neighbor-group AS100 ! ! RP/0/0/CPU0:XR1# show bgp summary Wed Jan 23 18:39:37.108 UTC BGP router identifier 192.168.1.1, local AS number 100 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0xe0000000 RD version: 13 BGP main routing table version 13 BGP NSR Initial initsync version 2 (Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs BGP is operating in STANDALONE mode. Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer Speaker 13 13 13 13 13 0 Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 100.64.1.1 0 1100 62 58 13 0 0 00:48:59 2 192.168.2.2 0 100 76 77 13 0 0 01:10:51 2 192.168.100.100 0 100 83 77 13 0 0 01:11:04 2 RP/0/0/CPU0:XR1# show bgp neighbor 100.64.1.1 Wed Jan 23 18:39:46.767 UTC BGP neighbor is 100.64.1.1 Remote AS 1100, local AS 100, external link Remote router ID 164.144.11.1 BGP state = Established, up for 00:49:08 NSR State: None Last read 00:00:49, Last read before reset 00:00:00 Hold time is 180, keepalive interval is 60 seconds Configured hold time: 180, keepalive: 60, min acceptable hold time: 3 Last write 00:00:17, attempted 19, written 19 Second last write 00:01:17, attempted 19, written 19 Last write before reset 00:00:00, attempted 0, written 0 Second last write before reset 00:00:00, attempted 0, written 0 Last write pulse rcvd Jan 23 18:39:29.498 last full not set pulse count 113 Last write pulse rcvd before reset 00:00:00 Socket not armed for io, armed for read, armed for write Last write thread event before reset 00:00:00, second last 00:00:00 Last KA expiry before reset 00:00:00, second last 00:00:00 Last KA error before reset 00:00:00, KA not sent 00:00:00 Last KA start before reset 00:00:00, second last 00:00:00 Precedence: internet Non-stop routing is enabled Enforcing first AS is enabled Multi-protocol capability received Neighbor capabilities: Route refresh: advertised (old + new) and received (old + new) Graceful Restart (GR Awareness): advertised 4-byte AS: advertised and received Address family IPv4 Unicast: advertised and received Received 62 messages, 0 notifications, 0 in queue Sent 58 messages, 1 notifications, 0 in queue Minimum time between advertisement runs is 30 secs

38 | P a g e


Inbound message logging enabled, 3 messages buffered Outbound message logging enabled, 3 messages buffered For Address Family: IPv4 Unicast BGP neighbor version 13 Update group: 0.1 Filter-group: 0.2 No Refresh request being processed Route refresh request: received 0, sent 1 Policy for incoming advertisements is PASS-ALL Policy for outgoing advertisements is PASS-ALL 2 accepted prefixes, 2 are bestpaths Cumulative no. of prefixes denied: 2. No policy: 2, Failed RT match: 0 By ORF policy: 0, By policy: 0 Prefix advertised 5, suppressed 0, withdrawn 0 Maximum prefixes allowed 1048576 Threshold for warning message 75%, restart interval 0 min An EoR was not received during read-only mode Last ack version 13, Last synced ack version 0 Outstanding version objects: current 0, max 1 Additional-paths operation: None Connections established 1; dropped 0 Local host: 100.64.1.254, Local port: 179, IF Handle: 0x00000400 Foreign host: 100.64.1.1, Foreign port: 18767 Last reset 00:49:18, due to BGP Notification sent: peer in wrong AS Time since last notification sent to neighbor: 00:49:18 Error Code: peer in wrong AS Notification data sent: DC050000 RP/0/0/CPU0:XR1#

XR2 RP/0/0/CPU0:XR2# show run router bgp Wed Jan 23 18:43:07.913 UTC router bgp 100 bgp router-id 192.168.2.2 address-family ipv4 unicast network 192.168.2.2/32 ! neighbor-group AS100 remote-as 100 password encrypted 05282F3C0263 update-source Loopback0 address-family ipv4 unicast next-hop-self ! ! neighbor 100.64.2.1 remote-as 1200 address-family ipv4 unicast route-policy PASS-ALL in route-policy PASS-ALL out ! ! neighbor 192.168.1.1 use neighbor-group AS100 ! neighbor 192.168.100.100 use neighbor-group AS100 ! !

39 | P a g e


RP/0/0/CPU0:XR2# RP/0/0/CPU0:XR2# show bgp summary Wed Jan 23 18:44:06.359 UTC BGP router identifier 192.168.2.2, local AS number 100 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0xe0000000 RD version: 13 BGP main routing table version 13 BGP NSR Initial initsync version 5 (Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs BGP is operating in STANDALONE mode. Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer Speaker 13 13 13 13 13 0 Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 100.64.2.1 0 1200 20 23 13 0 0 00:12:56 1 192.168.1.1 0 100 81 80 13 0 0 01:15:20 3 192.168.100.100 0 100 87 80 13 0 0 01:15:17 2 RP/0/0/CPU0:XR2#

Step 13. Verify BGP Functionality with BGP Trace XR1 show bgp trace ? show bgp trace bgp show bgp trace bgp reverse

40 | P a g e


RP/0/0/CPU0:XR1# show bgp trace ? addpath Async category(cisco-support) aipc AIPC category(cisco-support) bfd BFD category(cisco-support) bgp General category(cisco-support) brib bRIB API category(cisco-support) commlib Communication Library category(cisco-support) debug Debug category(cisco-support) epe EPE category(cisco-support) error Error category(cisco-support) event Event category(cisco-support) file Specific file(cisco-support) flowspec Flowspec category(cisco-support) ha High Availability category(cisco-support) hexdump Display traces in hexadecimal(cisco-support) instance Choose a particular BGP instance(cisco-support) io IO category(cisco-support) issu ISSU category(cisco-support) l2vpn L2VPN category(cisco-support) label Label category(cisco-support) last Display last <n> entries(cisco-support) link-state BGP-LS category(cisco-support) location Card location(cisco-support) mdt MDT category(cisco-support) mvpn MVPN category(cisco-support) nexthop Nexthop category(cisco-support) policy Policy Execution categories(cisco-support) postit Postit category(cisco-support) progress Progress category(cisco-support) rdwalk RDwalk category(cisco-support) reverse Display latest traces first(cisco-support) rib RIB category(cisco-support) rt-ct RT constraint category(cisco-support) stats Display statistics(cisco-support) sync Synchronization category(cisco-support) tailf Display new traces as they are added(cisco-support) unique Unique entries with counts(cisco-support) update Update category(cisco-support) usec Display timestamp w/usec detail(cisco-support) verbose Display internal debugging information(cisco-support) wide Dont display buffer name, node name, tid(cisco-support) wrapping Wrapping entries(cisco-support) | Output Modifiers <cr> RP/0/0/CPU0:XR1# show bgp trace bgp Wed Jan 23 18:52:23.255 UTC 111 wrapping entries (1826304 possible, 3584 allocated, 579 filtered, 690 total) Jan 23 17:09:53.586 bgp/bpm-tr2-gen 0/0/CPU0 t1 [GEN]:17804: BPM cfg register verification - No error Jan 23 17:09:56.846 bgp/bpm-tr2-gen 0/0/CPU0 t1 [GEN]:3285: BPM verify running (sense=1, asn=100, inst=default) started Jan 23 17:09:56.846 bgp/bpm-tr2-gen 0/0/CPU0 t1 [GEN]:3353: BPM verify running (sense=1, asn=100, inst=default) ended Jan 23 17:09:56.846 bgp/bpm-tr2-gen 0/0/CPU0 t1 [GEN]:3518: BPM apply running (sense=1, asn=100, inst=default) started Jan 23 17:09:56.846 bgp/bpm-tr2-gen 0/0/CPU0 t1 [GEN]:3530: BPM doing apply-running for configuration Jan 23 17:09:56.846 bgp/bpm-tr2-gen 0/0/CPU0 t1 [GEN]:3556: BPM inst_id (inst=default, inst-id 0) Jan 23 17:09:56.846 bgp/bpm-tr2-gen 0/0/CPU0 t1 [GEN]:3559: BPM num_insts (inst=default, num_insts 1)

41 | P a g e


Jan 23 17:09:56.846 bgp/bpm-tr2-gen 0/0/CPU0 t1 [GEN]:3634: BPM apply running (sense=1, asn=100, inst=default) ended <output omitted> RP/0/0/CPU0:XR1# show bgp trace bgp reverse Wed Jan 23 18:52:51.303 UTC 111 wrapping entries (1826304 possible, 3584 allocated, 579 filtered, 690 total) Jan 23 18:29:12.580 bgp/bpm-tr2-gen 0/0/CPU0 t1 [GEN]:3634: BPM apply running (sense=1, asn=100, inst=default) ended Jan 23 18:29:12.580 bgp/bpm-tr2-gen 0/0/CPU0 t1 [GEN]:3530: BPM doing apply-running for configuration Jan 23 18:29:12.580 bgp/bpm-tr2-gen 0/0/CPU0 t1 [GEN]:3518: BPM apply running (sense=1, asn=100, inst=default) started Jan 23 18:29:12.580 bgp/bpm-tr2-gen 0/0/CPU0 t1 [GEN]:3353: BPM verify running (sense=1, asn=100, inst=default) ended Jan 23 18:29:12.580 bgp/bpm-tr2-gen 0/0/CPU0 t1 [GEN]:3285: BPM verify running (sense=1, asn=100, inst=default) started Jan 23 17:50:37.829 default-bgp/spkr-tr2-gen 0/0/CPU0 t14 [GEN]:551: Nbr '100.64.1.1' established Jan 23 17:50:37.829 default-bgp/spkr-tr2-gen 0/0/CPU0 t14 [GEN]:548: nbr 100.64.1.1, old state 5, new state 6, fd type 1, fd 134 <output omitted>

42 | P a g e


Basic Route Policy Language

Blocking based off Prefixes Task Objective:

Verify routes that are advertised to BGP Peer On XR1, create an RPL named RFC1918 that drops routes to EBGP peers that match RFC

1918 space using an inline set matching 10.0.0.0/8; 172.16.0.0/12, or 192.168.0.0/16 ranges

On XR2, create an RPL named RFC1918 that drops routes to EBGP peers that match RFC 1918 space using a prefix set named PREFIX-SET-RFC1918 that matches 10.0.0.0/8; 172.16.0.0/12, or 192.168.0.0/16 ranges)

Verify RPLs Apply RPL outbound to EBGP peers on XR1 and XR2, and verify outbound routes.

Step 1. Verify routes advertised by XR1 and XR2 to their BGP peers XR1

show bgp neighbors 100.64.1.1 advertised-routes XR2

show bgp neighbors 100.64.2.1 advertised-routes RP/0/0/CPU0:XR1# show bgp neighbors 100.64.1.1 advertised-routes Wed Jan 23 19:07:29.993 UTC Network Next Hop From AS Path 10.100.100.0/24 100.64.1.254 192.168.100.100 100i 164.144.11.0/24 100.64.1.254 192.168.2.2 100 1200 123 109? 172.31.100.0/30 100.64.1.254 192.168.100.100 100i 192.168.1.1/32 100.64.1.254 Local 100i 192.168.2.2/32 100.64.1.254 192.168.2.2 100i Processed 5 prefixes, 5 paths RP/0/0/CPU0:XR1# RP/0/0/CPU0:XR2# show bgp neighbors 100.64.2.1 advertised-routes Wed Jan 23 19:09:20.735 UTC Network Next Hop From AS Path 5.5.1.0/24 100.64.2.254 192.168.1.1 100 1100? 8.8.8.0/24 100.64.2.254 192.168.1.1 100 1100 7018i 10.100.100.0/24 100.64.2.254 192.168.100.100 100i 172.31.100.0/30 100.64.2.254 192.168.100.100 100i 192.168.1.1/32 100.64.2.254 192.168.1.1 100i 192.168.2.2/32 100.64.2.254 Local 100i Processed 6 prefixes, 6 paths

43 | P a g e


RP/0/0/CPU0:XR2#

Step 2. Create an inline set for RPL RFC1918 on XR1 and a prefix set for RPL RFC1918 on XR2. Pay close attention to the difference between the two. XR1 (using inline set)

route-policy RFC1918 if destination in (10.0.0.0/8 ge 8, 172.16.0.0/12 ge 12, 192.168.0.0/16 ge 16) then drop endif pass end-policy

XR2 (using prefix set)

prefix-set PREFIX-SET-RFC1918 10.0.0.0/8 ge 8, 172.16.0.0/12 ge 12, 192.168.0.0/16 ge 16 end-set ! route-policy RFC1918 if destination in PREFIX-SET-RFC1918 then drop endif pass end-policy

Remember inline set and prefix set are just two different ways of achieving the same end result where PREFIX-SET is the recommended approach due to its modularity. Step 3. Verify RPL on XR1 with the following show commands show run rpl Displays RPL configuration show rpl route-policy states This command is useful to see RPLs that are

ACTIVE, INACTIVE or UNUSED show rpl route-policy RFC1918 attachpoints This command is helpful for finding out where

the RPL is used show bgp ipv4 unicast route-policy RFC1918

This command is helpful in verifying RPL before applying it to a policy. Filtering inbound

show bgp Displays BGP entries to compare to the previous command

44 | P a g e


RP/0/0/CPU0:XR1# show run rpl Wed Jan 23 19:58:30.423 UTC route-policy RFC1918 if destination in (10.0.0.0/8 ge 8, 172.16.0.0/12 ge 12, 192.168.0.0/16 ge 16) then drop endif pass end-policy ! route-policy PASS-ALL pass end-policy ! RP/0/0/CPU0:XR1# show rpl route-policy states Wed Jan 23 19:58:54.772 UTC ACTIVE -- Referenced by at least one policy which is attached INACTIVE -- Only referenced by policies which are not attached UNUSED -- Not attached (directly or indirectly) and not referenced The following policies are (ACTIVE) ------------------------------------------ route-policy PASS-ALL pass end-policy ! The following policies are (INACTIVE) ------------------------------------------ None found with this status. The following policies are (UNUSED) ------------------------------------------ route-policy RFC1918 if destination in (10.0.0.0/8 ge 8, 172.16.0.0/12 ge 12, 192.168.0.0/16 ge 16) then drop endif pass end-policy ! RP/0/0/CPU0:XR1# show rpl route-policy RFC1918 attachpoints Wed Jan 23 19:59:04.041 UTC route-policy RFC1918 is not attached at any attach point RP/0/0/CPU0:XR1# show bgp ipv4 unicast route-policy RFC1918 Wed Jan 23 19:58:39.203 UTC BGP router identifier 192.168.1.1, local AS number 100 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0xe0000000 RD version: 13 BGP main routing table version 13 BGP NSR Initial initsync version 2 (Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs Status codes: s suppressed, d damped, h history, * valid, > best i - internal, r RIB-failure, S stale, N Nexthop-discard Origin codes: i - IGP, e - EGP, ? - incomplete

45 | P a g e


Network Next Hop Metric LocPrf Weight Path *> 5.5.1.0/24 100.64.1.1 0 0 1100 ? *> 8.8.8.0/24 100.64.1.1 0 0 1100 7018 i *>i164.144.11.0/24 192.168.2.2 0 100 0 1200 123 109 ? Processed 3 prefixes, 3 paths RP/0/0/CPU0:XR1# show bgp Wed Jan 23 19:59:15.830 UTC BGP router identifier 192.168.1.1, local AS number 100 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0xe0000000 RD version: 13 BGP main routing table version 13 BGP NSR Initial initsync version 2 (Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs Status codes: s suppressed, d damped, h history, * valid, > best i - internal, r RIB-failure, S stale, N Nexthop-discard Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 5.5.1.0/24 100.64.1.1 0 0 1100 ? *> 8.8.8.0/24 100.64.1.1 0 0 1100 7018 i *>i10.100.100.0/24 192.168.100.100 0 100 0 i *>i164.144.11.0/24 192.168.2.2 0 100 0 1200 123 109 ? *>i172.31.100.0/30 192.168.100.100 0 100 0 i *> 192.168.1.1/32 0.0.0.0 0 32768 i *>i192.168.2.2/32 192.168.2.2 0 100 0 i Processed 7 prefixes, 7 paths RP/0/0/CPU0:XR1#

Compare the show bgp output to the output of the show bgp ipv4 unicast route-policy RFC1918 command. The highlighted prefixes in the show bgp output are the ones that could be filtered by the RPL policy. Step 4. Verify RPL on XR2 with the following show commands show run rpl Displays RPL configuration show rpl route-policy states This command is useful to see RPLs that are

ACTIVE, INACTIVE or UNUSED show rpl route-policy RFC1918 attachpoints This command is helpful for finding out where

the RPL is used show bgp ipv4 unicast route-policy RFC1918

This command is helpful in verifying RPL before applying it to a policy. Filtering inbound

show bgp Displays BGP entries to compare to the previous command

46 | P a g e


RP/0/0/CPU0:XR2# show run rpl Wed Jan 23 20:08:26.652 UTC prefix-set PREFIX-SET-RFC1918 10.0.0.0/8 ge 8, 172.16.0.0/12 ge 12, 192.168.0.0/16 ge 16 end-set ! route-policy RFC1918 if destination in PREFIX-SET-RFC1918 then drop endif pass end-policy ! route-policy PASS-ALL pass end-policy ! RP/0/0/CPU0:XR2# show rpl route-policy states Wed Jan 23 20:08:33.882 UTC ACTIVE -- Referenced by at least one policy which is attached INACTIVE -- Only referenced by policies which are not attached UNUSED -- Not attached (directly or indirectly) and not referenced The following policies are (ACTIVE) ------------------------------------------ route-policy PASS-ALL pass end-policy ! The following policies are (INACTIVE) ------------------------------------------ None found with this status. The following policies are (UNUSED) ------------------------------------------ route-policy RFC1918 if destination in PREFIX-SET-RFC1918 then drop endif pass end-policy ! RP/0/0/CPU0:XR2# show rpl route-policy RFC1918 attachpoints Wed Jan 23 20:08:43.131 UTC route-policy RFC1918 is not attached at any attach point RP/0/0/CPU0:XR2# show bgp ipv4 unicast route-policy RFC1918 Wed Jan 23 20:08:51.930 UTC BGP router identifier 192.168.2.2, local AS number 100 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0xe0000000 RD version: 13 BGP main routing table version 13 BGP NSR Initial initsync version 5 (Reached)

47 | P a g e


BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs Status codes: s suppressed, d damped, h history, * valid, > best i - internal, r RIB-failure, S stale, N Nexthop-discard Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>i5.5.1.0/24 192.168.1.1 0 100 0 1100 ? *>i8.8.8.0/24 192.168.1.1 0 100 0 1100 7018 i *> 164.144.11.0/24 100.64.2.1 0 0 1200 123 109 ? Processed 3 prefixes, 3 paths RP/0/0/CPU0:XR2# show bgp Wed Jan 23 20:08:59.890 UTC BGP router identifier 192.168.2.2, local AS number 100 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0xe0000000 RD version: 13 BGP main routing table version 13 BGP NSR Initial initsync version 5 (Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs Status codes: s suppressed, d damped, h history, * valid, > best i - internal, r RIB-failure, S stale, N Nexthop-discard Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>i5.5.1.0/24 192.168.1.1 0 100 0 1100 ? *>i8.8.8.0/24 192.168.1.1 0 100 0 1100 7018 i *>i10.100.100.0/24 192.168.100.100 0 100 0 i *> 164.144.11.0/24 100.64.2.1 0 0 1200 123 109 ? *>i172.31.100.0/30 192.168.100.100 0 100 0 i *>i192.168.1.1/32 192.168.1.1 0 100 0 i *> 192.168.2.2/32 0.0.0.0 0 32768 i Processed 7 prefixes, 7 paths RP/0/0/CPU0:XR2#

Compare the show bgp output to the output of the show bgp ipv4 unicast route-policy RFC1918 command. The highlighted prefixes in the show bgp output are the ones that could be filtered by the RPL policy. Step 5. Simplify viewing RPLs that use RPL sets. The inline keyword combines the RPL sets into the RPL when viewing it. The output below shows both methods to find the prefixes that are being dropped by the prefix set configured on XR2. Which one do you find simpler? Method 1 RP/0/0/CPU0:XR2# show rpl route-policy RFC1918 Wed Jan 23 20:18:46.540 UTC route-policy RFC1918 if destination in PREFIX-SET-RFC1918 then

48 | P a g e


drop endif pass end-policy ! RP/0/0/CPU0:XR2# show rpl prefix-set PREFIX-SET-RFC1918 Wed Jan 23 20:18:56.159 UTC prefix-set PREFIX-SET-RFC1918 10.0.0.0/8 ge 8, 172.16.0.0/12 ge 12, 192.168.0.0/16 ge 16 end-set !

Method 2 using inline keyword RP/0/0/CPU0:XR2# show rpl route-policy RFC1918 inline Wed Jan 23 20:19:06.948 UTC route-policy RFC1918 if destination in (10.0.0.0/8 ge 8, 172.16.0.0/12 ge 12, 192.168.0.0/16 ge 16) then drop endif pass end-policy ! RP/0/0/CPU0:XR2#

Step 6. Apply the RPL Outbound to EBGP Peers on XR1 and XR2 By doing this, the locally prefix on XR1 and XR2 will not be sent to the EBGP neighors XR1

router bgp 100 neighbor 100.64.1.1 address-family ipv4 unicast route-policy RFC1918 out commit end

XR2

router bgp 100 neighbor 100.64.2.1 address-family ipv4 unicast route-policy RFC1918 out commit end

49 | P a g e


Step 7. Verify RPL configuration XR1

show run router bgp 100 neighbor 100.64.1.1 show rpl route-policy states show rpl route-policy RFC1918 attachpoints

XR2

show run router bgp 100 neighbor 100.64.2.1 show rpl route-policy states show rpl route-policy RFC1918 attachpoints

XR1 RP/0/0/CPU0:XR1# show run router bgp 100 neighbor 100.64.1.1 router bgp 100 neighbor 100.64.1.1 remote-as 1100 address-family ipv4 unicast route-policy PASS-ALL in route-policy RFC1918 out ! ! ! RP/0/0/CPU0:XR1# show rpl route-policy states ACTIVE -- Referenced by at least one policy which is attached INACTIVE -- Only referenced by policies which are not attached UNUSED -- Not attached (directly or indirectly) and not referenced The following policies are (ACTIVE) ------------------------------------------ route-policy PASS-ALL pass end-policy ! route-policy RFC1918 if destination in (10.0.0.0/8 ge 8, 172.16.0.0/12 ge 12, 192.168.0.0/16 ge 16) then drop endif pass end-policy ! The following policies are (INACTIVE) ------------------------------------------ None found with this status. The following policies are (UNUSED) ------------------------------------------ None found with this status.

50 | P a g e


RP/0/0/CPU0:XR1# show rpl route-policy RFC1918 attachpoints Wed Jan 23 20:38:34.709 UTC BGP Attachpoint: Neighbor Neighbor/Group type afi/safi in/out vrf name bound by -------------------------------------------------------------------------------- 100.64.1.1 -- IPv4/uni out default RFC1918 RP/0/0/CPU0:XR1#

XR2 RP/0/0/CPU0:XR2# show run router bgp 100 neighbor 100.64.2.1 Wed Jan 23 20:41:12.247 UTC router bgp 100 neighbor 100.64.2.1 remote-as 1200 address-family ipv4 unicast route-policy PASS-ALL in route-policy RFC1918 out ! ! ! RP/0/0/CPU0:XR2# show rpl route-policy states Wed Jan 23 20:41:18.287 UTC ACTIVE -- Referenced by at least one policy which is attached INACTIVE -- Only referenced by policies which are not attached UNUSED -- Not attached (directly or indirectly) and not referenced The following policies are (ACTIVE) ------------------------------------------ route-policy PASS-ALL pass end-policy ! route-policy RFC1918 if destination in PREFIX-SET-RFC1918 then drop endif pass end-policy ! The following policies are (INACTIVE) ------------------------------------------ None found with this status. The following policies are (UNUSED) ------------------------------------------ None found with this status. RP/0/0/CPU0:XR2# show rpl route-policy RFC1918 attachpoints BGP Attachpoint: Neighbor Neighbor/Group type afi/safi in/out vrf name bound by -------------------------------------------------------------------------------- 100.64.2.1 -- IPv4/uni out default RFC1918

51 | P a g e


RP/0/0/CPU0:XR2#

Notice how the policy is now applied and active Step 8. Verify the intended results The locally generated prefix should not be advertised to EBGP neighbor XR1

show bgp ipv4 unicast show bgp nei 100.64.1.1 advertised-routes

XR2

show bgp ipv4 unicast show bgp nei 100.64.2.1 advertised-routes

XR1 RP/0/0/CPU0:XR1# show bgp ipv4 unicast <output omitted> Status codes: s suppressed, d damped, h history, * valid, > best i - internal, r RIB-failure, S stale, N Nexthop-discard Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 5.5.1.0/24 100.64.1.1 0 0 1100 ? *> 8.8.8.0/24 100.64.1.1 0 0 1100 7018 i *>i10.100.100.0/24 192.168.100.100 0 100 0 i *>i164.144.11.0/24 192.168.2.2 0 100 0 1200 123 109 ? *>i172.31.100.0/30 192.168.100.100 0 100 0 i *> 192.168.1.1/32 0.0.0.0 0 32768 i *>i192.168.2.2/32 192.168.2.2 0 100 0 i Processed 7 prefixes, 7 paths RP/0/0/CPU0:XR1# show bgp nei 100.64.1.1 advertised-routes Wed Jan 23 20:51:37.015 UTC Network Next Hop From AS Path 164.144.11.0/24 100.64.1.254 192.168.2.2 100 1200 123 109? Processed 1 prefixes, 1 paths RP/0/0/CPU0:XR1#

XR2 RP/0/0/CPU0:XR2# show bgp ipv4 unicast <output omitted> Status codes: s suppressed, d damped, h history, * valid, > best

52 | P a g e


i - internal, r RIB-failure, S stale, N Nexthop-discard Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>i5.5.1.0/24 192.168.1.1 0 100 0 1100 ? *>i8.8.8.0/24 192.168.1.1 0 100 0 1100 7018 i *>i10.100.100.0/24 192.168.100.100 0 100 0 i *> 164.144.11.0/24 100.64.2.1 0 0 1200 123 109 ? *>i172.31.100.0/30 192.168.100.100 0 100 0 i *>i192.168.1.1/32 192.168.1.1 0 100 0 i *> 192.168.2.2/32 0.0.0.0 0 32768 i Processed 7 prefixes, 7 paths RP/0/0/CPU0:XR2# RP/0/0/CPU0:XR2# show bgp neighbor 100.64.2.1 advertised-routes Wed Jan 23 20:52:47.990 UTC Network Next Hop From AS Path 5.5.1.0/24 100.64.2.254 192.168.1.1 100 1100? 8.8.8.0/24 100.64.2.254 192.168.1.1 100 1100 7018i Processed 2 prefixes, 2 paths RP/0/0/CPU0:XR2#

XR1 is not advertising the following prefixes that are not part of RFC1918 for the following reasons: 5.5.1.0/24 and 8.8.8.0/24 – they were directly learnt from the EBGP neighbor 100.64.1.1 XR2 is not advertising the following prefixes that are not part of RFC1918 for the following reasons: 164.144.11.0/24 – it was learnt directly from the EBGP neighbor 100.64.2.1

53 | P a g e


Blocking based off AS-PATH Task Objective:

Establish an EBGP session with the following devices: (Use the PASS-ALL RPL for inbound/outbound)

Node BGP Peer IP Address Remote-AS # XR1 100.64.11.1 2000

XR2 100.64.22.1 2000

Verify routes that are received from the BGP Peer Create an RPL (BAD-ASN) on XR1 that drops routes that match traversal through AS 123

using inline set notation. Create an RPL (BAD-ASN) on XR2 that drops routes that match traversal through AS 123

using a Prefix set instead of inline set notation. Verify the RPLs Apply RPL BAD-ASN inbound to all EBGP peers, and verify outbound routes.

Step 9. Establish BGP Sessions to AS 2000 on XR1 and XR2 XR1 router bgp 100 neighbor 100.64.11.1 remote-as 2000 address-family ipv4 unicast route-policy PASS-ALL in route-policy PASS-ALL out commit end XR2 router bgp 100 neighbor 100.64.22.1 remote-as 2000 address-family ipv4 unicast route-policy PASS-ALL in route-policy PASS-ALL out commit end

54 | P a g e


Step 10. Analyze BGP table on XR1 and XR2 XR1 and XR2

show bgp ipv4 unicast XR1 RP/0/0/CPU0:XR1# show bgp ipv4 unicast BGP router identifier 192.168.1.1, local AS number 100 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0xe0000000 RD version: 15 BGP main routing table version 15 BGP NSR Initial initsync version 2 (Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs Status codes: s suppressed, d damped, h history, * valid, > best i - internal, r RIB-failure, S stale, N Nexthop-discard Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 5.5.1.0/24 100.64.1.1 0 0 1100 ? * 100.64.11.1 0 0 2000 ? *>i8.8.4.0/24 192.168.2.2 0 100 0 2000 2828 ? *> 8.8.8.0/24 100.64.1.1 0 0 1100 7018 i *>i10.100.100.0/24 192.168.100.100 0 100 0 i *>i164.144.11.0/24 192.168.2.2 0 100 0 1200 123 109 ? *> 164.144.22.0/24 100.64.11.1 0 0 2000 123 27343 i *>i172.31.100.0/30 192.168.100.100 0 100 0 i *> 192.168.1.1/32 0.0.0.0 0 32768 i *>i192.168.2.2/32 192.168.2.2 0 100 0 i Processed 9 prefixes, 10 paths RP/0/0/CPU0:XR1#

XR2 RP/0/0/CPU0:XR2# show bgp ipv4 unicast Wed Jan 23 21:19:00.972 UTC BGP router identifier 192.168.2.2, local AS number 100 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0xe0000000 RD version: 15 BGP main routing table version 15 BGP NSR Initial initsync version 5 (Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs Status codes: s suppressed, d damped, h history, * valid, > best i - internal, r RIB-failure, S stale, N Nexthop-discard Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>i5.5.1.0/24 192.168.1.1 0 100 0 1100 ? *> 8.8.4.0/24 100.64.22.1 0 0 2000 2828 ? *>i8.8.8.0/24 192.168.1.1 0 100 0 1100 7018 i

55 | P a g e


*>i10.100.100.0/24 192.168.100.100 0 100 0 i *> 164.144.11.0/24 100.64.2.1 0 0 1200 123 109 ? *>i164.144.22.0/24 192.168.1.1 0 100 0 2000 123 27343 i *>i172.31.100.0/30 192.168.100.100 0 100 0 i *>i192.168.1.1/32 192.168.1.1 0 100 0 i *> 192.168.2.2/32 0.0.0.0 0 32768 i Processed 9 prefixes, 9 paths RP/0/0/CPU0:XR2#

Step 11. Create the RPL BAD-ASN on XR1 and XR2. There are two methods to match AS 123, using regular expressions or XR’s ‘passess-through’ matching operation. You can pick either method or mix and match them, they work the same way and you will see the same result. The only difference is XR’s passess-through is more readable.

Regular Expression Passes-through Operation XR1 (inline set) route-policy BAD-ASN if as-path in (ios-regex '_123_') then drop endif pass end-policy commit end

XR1 (inline set) route-policy BAD-ASN if as-path passes-through '123' then drop endif pass end-policy commit end

XR2 (AS set) as-path-set AS-PATH-SET-BAD-AS ios-regex '_123_' end-set route-policy BAD-ASN if as-path in AS-PATH-SET-BAD-AS then drop endif pass end-policy commit end

XR2 (AS set) as-path-set AS-PATH-SET-BAD-AS passes-through '123' end-set route-policy BAD-ASN if as-path in AS-PATH-SET-BAD-AS then drop endif pass end-policy commit end

56 | P a g e


Step 12. Verify the intended results Execute the following commands to test the RPL and verify if it is filtering AS 123 before applying it to the EBGP neighbor XR1 and XR2

show bgp ipv4 unicast route-policy BAD-ASN show bgp

XR1 RP/0/0/CPU0:XR1# show bgp ipv4 unicast route-policy BAD-ASN <output omitted> Status codes: s suppressed, d damped, h history, * valid, > best i - internal, r RIB-failure, S stale, N Nexthop-discard Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 5.5.1.0/24 100.64.1.1 0 0 1100 ? * 100.64.11.1 0 0 2000 ? *>i8.8.4.0/24 192.168.2.2 0 100 0 2000 2828 ? *> 8.8.8.0/24 100.64.1.1 0 0 1100 7018 i *>i10.100.100.0/24 192.168.100.100 0 100 0 i *>i172.31.100.0/30 192.168.100.100 0 100 0 i *> 192.168.1.1/32 0.0.0.0 0 32768 i *>i192.168.2.2/32 192.168.2.2 0 100 0 i Processed 7 prefixes, 8 paths RP/0/0/CPU0:XR1# show bgp <output omitted> Status codes: s suppressed, d damped, h history, * valid, > best i - internal, r RIB-failure, S stale, N Nexthop-discard Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 5.5.1.0/24 100.64.1.1 0 0 1100 ? * 100.64.11.1 0 0 2000 ? *>i8.8.4.0/24 192.168.2.2 0 100 0 2000 2828 ? *> 8.8.8.0/24 100.64.1.1 0 0 1100 7018 i *>i10.100.100.0/24 192.168.100.100 0 100 0 i *>i164.144.11.0/24 192.168.2.2 0 100 0 1200 123 109 ? *> 164.144.22.0/24 100.64.11.1 0 0 2000 123 27343 i *>i172.31.100.0/30 192.168.100.100 0 100 0 i *> 192.168.1.1/32 0.0.0.0 0 32768 i *>i192.168.2.2/32 192.168.2.2 0 100 0 i Processed 9 prefixes, 10 paths RP/0/0/CPU0:XR1#

XR2 RP/0/0/CPU0:XR2# show bgp ipv4 unicast route-policy BAD-ASN <output omitted>

57 | P a g e


Status codes: s suppressed, d damped, h history, * valid, > best i - internal, r RIB-failure, S stale, N Nexthop-discard Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>i5.5.1.0/24 192.168.1.1 0 100 0 1100 ? *> 8.8.4.0/24 100.64.22.1 0 0 2000 2828 ? *>i8.8.8.0/24 192.168.1.1 0 100 0 1100 7018 i *>i10.100.100.0/24 192.168.100.100 0 100 0 i *>i172.31.100.0/30 192.168.100.100 0 100 0 i *>i192.168.1.1/32 192.168.1.1 0 100 0 i *> 192.168.2.2/32 0.0.0.0 0 32768 i Processed 7 prefixes, 7 paths RP/0/0/CPU0:XR2# RP/0/0/CPU0:XR2# show bgp <output omitted> Status codes: s suppressed, d damped, h history, * valid, > best i - internal, r RIB-failure, S stale, N Nexthop-discard Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>i5.5.1.0/24 192.168.1.1 0 100 0 1100 ? *> 8.8.4.0/24 100.64.22.1 0 0 2000 2828 ? *>i8.8.8.0/24 192.168.1.1 0 100 0 1100 7018 i *>i10.100.100.0/24 192.168.100.100 0 100 0 i *> 164.144.11.0/24 100.64.2.1 0 0 1200 123 109 ? *>i164.144.22.0/24 192.168.1.1 0 100 0 2000 123 27343 i *>i172.31.100.0/30 192.168.100.100 0 100 0 i *>i192.168.1.1/32 192.168.1.1 0 100 0 i *> 192.168.2.2/32 0.0.0.0 0 32768 i Processed 9 prefixes, 9 paths RP/0/0/CPU0:XR2#

Notice how in the RPL test command the AS 123 prefixes (highlited in yellow) are missing from XR1 and XR2 as expected Step 13. Apply the RPL BAD-ASN Inbound to EBGP Peers XR1

router bgp 100 neighbor 100.64.1.1 address-family ipv4 unicast route-policy BAD-ASN in neighbor 100.64.11.1 address-family ipv4 unicast route-policy BAD-ASN in commit end

XR2

router bgp 100

58 | P a g e


neighbor 100.64.2.1 address-family ipv4 unicast route-policy BAD-ASN in neighbor 100.64.22.1 address-family ipv4 unicast route-policy BAD-ASN in commit end

59 | P a g e


Step 14. Verify RPL configuration XR1

show run router bgp 100 neighbor 100.64.1.1 show run router bgp 100 neighbor 100.64.11.1 show rpl route-policy states show rpl route-policy BAD-ASN attachpoints

XR2

show run router bgp 100 neighbor 100.64.2.1 show run router bgp 100 neighbor 100.64.22.1 show rpl route-policy states show rpl route-policy BAD-ASN attachpoints

XR1 RP/0/0/CPU0:XR1# show run router bgp 100 neighbor 100.64.1.1 Wed Jan 23 22:11:54.625 UTC router bgp 100 neighbor 100.64.1.1 remote-as 1100 address-family ipv4 unicast route-policy BAD-ASN in route-policy RFC1918 out ! ! ! RP/0/0/CPU0:XR1# show run router bgp 100 neighbor 100.64.11.1 Wed Jan 23 22:12:01.735 UTC router bgp 100 neighbor 100.64.11.1 remote-as 2000 address-family ipv4 unicast route-policy BAD-ASN in route-policy PASS-ALL out ! ! ! RP/0/0/CPU0:XR1# show rpl route-policy states Wed Jan 23 22:12:07.944 UTC ACTIVE -- Referenced by at least one policy which is attached INACTIVE -- Only referenced by policies which are not attached UNUSED -- Not attached (directly or indirectly) and not referenced The following policies are (ACTIVE) ------------------------------------------ route-policy BAD-ASN if as-path in (ios-regex '_123_') then drop endif pass end-policy

60 | P a g e


! route-policy PASS-ALL pass end-policy ! route-policy RFC1918 if destination in (10.0.0.0/8 ge 8, 172.16.0.0/12 ge 12, 192.168.0.0/16 ge 16) then drop endif pass end-policy ! The following policies are (INACTIVE) ------------------------------------------ None found with this status. The following policies are (UNUSED) ------------------------------------------ None found with this status. RP/0/0/CPU0:XR1# show rpl route-policy BAD-ASN attachpoints Wed Jan 23 22:12:14.114 UTC BGP Attachpoint: Neighbor Neighbor/Group type afi/safi in/out vrf name bound by -------------------------------------------------------------------------------- 100.64.1.1 -- IPv4/uni in default BAD-ASN 100.64.11.1 -- IPv4/uni in default BAD-ASN RP/0/0/CPU0:XR1#

Notice how the policy is now applied and active Step 15. Verify the intended results The locally generated prefix should not be advertised to EBGP neighbors XR1

show bgp neighbor 100.64.1.1 show bgp neighbor 100.64.1.1 routes show bgp neighbor 100.64.11.1 show bgp neighbor 100.64.11.1 routes

XR2

show bgp neighbor 100.64.2.1 show bgp neighbor 100.64.2.1 routes show bgp neighbor 100.64.22.1 show bgp neighbor 100.64.22.1 routes

61 | P a g e


XR1 RP/0/0/CPU0:XR1# show bgp nei 100.64.1.1 Wed Jan 23 22:28:14.398 UTC BGP neighbor is 100.64.1.1 <output omitted> For Address Family: IPv4 Unicast BGP neighbor version 17 Update group: 0.3 Filter-group: 0.1 No Refresh request being processed Route refresh request: received 0, sent 2 Policy for incoming advertisements is BAD-ASN Policy for outgoing advertisements is RFC1918 2 accepted prefixes, 2 are bestpaths Cumulative no. of prefixes denied: 2. No policy: 2, Failed RT match: 0 By ORF policy: 0, By policy: 0 Prefix advertised 8, suppressed 0, withdrawn 6 Maximum prefixes allowed 1048576 Threshold for warning message 75%, restart interval 0 min An EoR was not received during read-only mode Last ack version 17, Last synced ack version 0 Outstanding version objects: current 0, max 2 Additional-paths operation: None Connections established 1; dropped 0 Local host: 100.64.1.254, Local port: 179, IF Handle: 0x00000400 Foreign host: 100.64.1.1, Foreign port: 18767 Last reset 04:37:45, due to BGP Notification sent: peer in wrong AS Time since last notification sent to neighbor: 04:37:45 Error Code: peer in wrong AS Notification data sent: DC050000 RP/0/0/CPU0:XR1# show bgp nei 100.64.1.1 routes Wed Jan 23 22:28:25.557 UTC BGP router identifier 192.168.1.1, local AS number 100 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0xe0000000 RD version: 17 BGP main routing table version 17 BGP NSR Initial initsync version 2 (Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs Status codes: s suppressed, d damped, h history, * valid, > best i - internal, r RIB-failure, S stale, N Nexthop-discard Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 5.5.1.0/24 100.64.1.1 0 0 1100 ? *> 8.8.8.0/24 100.64.1.1 0 0 1100 7018 i Processed 2 prefixes, 2 paths RP/0/0/CPU0:XR1#

XR1 is not advertising AS 123. XR2 should show also not be advertising AS 123

62 | P a g e


MPLS Configuration Task Objective:

Configure LDP between the following devices: XR1-XR2 and RR-1 Verify LDP neighbor relationship is established Understand difference between label advertisement and label allocation filtering

Cisco Website for MPLS Switching Configuration

Step 1. Configure LDP XR1

mpls ldp router-id 192.168.1.1 log neighbor interface GigabitEthernet 0/0/0/0 interface GigabitEthernet 0/0/0/1 commit end

XR2

mpls ldp router-id 192.168.2.2 log neighbor interface GigabitEthernet 0/0/0/0 interface GigabitEthernet 0/0/0/1 commit end

Step 2. Verify LDP is enabled on the interfaces XR1 and XR2

show mpls interfaces RP/0/0/CPU0:XR1# show mpls interfaces Wed Jan 23 22:39:32.741 UTC Interface LDP Tunnel Static Enabled -------------------------- -------- -------- -------- -------- GigabitEthernet0/0/0/0 Yes No No Yes GigabitEthernet0/0/0/1 Yes No No Yes RP/0/0/CPU0:XR1#

63 | P a g e


The output above shows LDP is enabled on both interfaces Step 3. Configure MPLS OAM on XR1 and XR2 MPLS OAM allows for Management and troubleshooting tools for MPLS switching which will be used in this section to perform MPLS pings and traceroutes. XR1 and XR2

mpls oam commit end

Step 4. Verify LDP Configuration and Functionality XR1 and XR2

show mpls interface show mpls ldp neighbor brief show mpls ldp parameters show mpls ldp summary show mpls ldp binding brief

RP/0/0/CPU0:XR1# show mpls interface Wed Jan 23 22:44:27.461 UTC Interface LDP Tunnel Static Enabled -------------------------- -------- -------- -------- -------- GigabitEthernet0/0/0/0 Yes No No Yes GigabitEthernet0/0/0/1 Yes No No Yes RP/0/0/CPU0:XR1#show mpls ldp neighbor brief Wed Jan 23 22:44:51.090 UTC Peer GR NSR Up Time Discovery Addresses Labels ipv4 ipv6 ipv4 ipv6 ipv4 ipv6 ----------------- -- --- ---------- ---------- ---------- ------------ 192.168.100.100:0 N N 00:06:17 1 0 5 0 8 0 192.168.2.2:0 N N 00:05:46 1 0 5 0 10 0 RP/0/0/CPU0:XR1# show mpls ldp parameters Wed Jan 23 22:44:56.949 UTC LDP Parameters: Role: Active Protocol Version: 1 Router ID: 192.168.1.1 Null Label: IPv4: Implicit Session: Hold time: 180 sec Keepalive interval: 60 sec Backoff: Initial:15 sec, Maximum:120 sec Global MD5 password: Disabled Discovery:

64 | P a g e


Link Hellos: Holdtime:15 sec, Interval:5 sec Targeted Hellos: Holdtime:90 sec, Interval:10 sec Quick-start: Enabled (by default) Transport address: IPv4: 192.168.1.1 Graceful Restart: Disabled NSR: Disabled, Not Sync-ed Timeouts: Housekeeping periodic timer: 10 sec Local binding: 300 sec Forwarding state in LSD: 15 sec Delay in AF Binding Withdrawl from peer: 180 sec Max: 1500 interfaces (1200 attached, 300 TE tunnel), 2000 peers OOR state Memory: Normal RP/0/0/CPU0:XR1# show mpls ldp summary Wed Jan 23 22:45:02.279 UTC AFIs : IPv4 Routes : 10 prefixes Bindings : 14 prefixes Local : 10 Remote : 18 Neighbors : 2 Hello Adj : 2 Addresses : 5 Interfaces: 2 LDP configured RP/0/0/CPU0:XR1# show mpls ldp binding brief Wed Jan 23 22:45:08.018 UTC Prefix Local Advertised Remote Bindings Label (peers) (peers) ------------------ --------- ---------- --------------- 10.12.1.0/24 ImpNull 2 2 10.13.1.0/24 ImpNull 2 2 10.23.1.0/24 24001 2 2 10.100.100.0/24 - 0 1 100.64.1.0/24 ImpNull 2 1 100.64.2.0/24 - 0 1 100.64.11.0/24 ImpNull 2 0 100.64.22.0/24 24003 2 1 100.96.1.0/24 - 0 1 100.96.2.0/24 24004 2 0 172.31.100.0/30 - 0 1 192.168.1.1/32 ImpNull 2 2 192.168.2.2/32 24002 2 2 192.168.100.100/32 24000 2 2 RP/0/0/CPU0:XR1#

Step 5. Verify MPLS ping and MPLS traceroute commands This requires MPLS OAM on all routers in the path. We already enabled it on XR1 and XR2 and it is preconfigured on all the P routers in the lab.

65 | P a g e


XR1 ping mpls ipv4 192.168.2.2/32 traceroute mpls ipv4 192.168.2.2/32 show mpls forwarding RP/0/0/CPU0:XR1# ping mpls ipv4 192.168.2.2/32 Sending 5, 100-byte MPLS Echos to 192.168.2.2/32, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/20 ms RP/0/0/CPU0:XR1# traceroute mpls ipv4 192.168.2.2/32 Wed Jan 23 23:14:29.278 UTC Tracing MPLS Label Switched Path to 192.168.2.2/32, timeout is 2 seconds Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. 0 10.12.1.1 MRU 1500 [Labels: implicit-null Exp: 0] ! 1 10.12.1.2 20 ms RP/0/0/CPU0:XR1# RP/0/0/CPU0:XR1# show mpls forwarding Wed Jan 23 23:16:03.081 UTC Local Outgoing Prefix Outgoing Next Hop Bytes Label Label or ID Interface Switched ------ ----------- ------------------ ------------ --------------- ------------ 24000 Pop 192.168.100.100/32 Gi0/0/0/1 10.13.1.3 9857 24001 Pop 10.23.1.0/24 Gi0/0/0/1 10.13.1.3 0 24002 Pop 192.168.2.2/32 Gi0/0/0/0 10.12.1.2 9321 24003 Unlabelled 100.64.22.0/24 Gi0/0/0/0 10.12.1.2 0 24004 Unlabelled 100.96.2.0/24 Gi0/0/0/0 10.12.1.2 0 RP/0/0/CPU0:XR1#

66 | P a g e


The implicit-null was used because XR1 and XR2 are directly connected. If you shut down the link between the two of them, and then re-run the ping test, you will see the MPLS label between XR1 and RR

67 | P a g e


Step 6. LDP Trace command Just as with other protocols, LDP also has a tracing functionality for troubleshooting purposes. To see all options available execute the command: show mpls ldp trace ? RP/0/0/CPU0:XR1# show mpls ldp trace ? binding LDP binding event traces(cisco-support) capabilities LDP Capabilities event traces(cisco-support) config LDP configuration event traces(cisco-support) dev LDP development private traces(cisco-support) discovery LDP Hello/discovery and adj event traces(cisco-support) error LDP error traces(cisco-support) file Specific file(cisco-support) forwarding LDP forwarding event traces(cisco-support) gr LDP graceful-restart event traces(cisco-support) hexdump Display traces in hexadecimal(cisco-support) iccp LDP ICCP signaling event traces(cisco-support) igp-sync LDP IGP sync event traces(cisco-support) interface LDP interface event traces(cisco-support) last Display last <n> entries(cisco-support) location Card location(cisco-support) misc LDP miscellaneous event traces(cisco-support) mldp LDP mLDP event traces(cisco-support) nsr LDP non-stop routing event traces(cisco-support) peer LDP peer session event traces(cisco-support) process LDP process-level event traces(cisco-support) pw LDP L2VPN pseudo-wire event traces(cisco-support) reverse Display latest traces first(cisco-support) route LDP route event traces(cisco-support) since show traces from(cisco-support) stats Display statistics(cisco-support) tailf Display new traces as they are added(cisco-support) unique Unique entries with counts(cisco-support) usec Display timestamp w/usec detail(cisco-support) verbose Display internal debugging information(cisco-support) vrf LDP VRF event traces(cisco-support) wide Dont display buffer name, node name, tid(cisco-support) wrapping Wrapping entries(cisco-support) | Output Modifiers <cr> RP/0/0/CPU0:XR1#

68 | P a g e


MPLS L3VPN (Optional)

Local VRF Configuration Task Objective:

Define VRF VPN_01 & VPN_02 on XR1 & XR2 Set Route Targets Import/Export of VPN_01 to 100:1 Set Route Targets Import/Export of VPN_02 to 100:2 Create Loopbacks 100 & 101, assign VRFs to the interfaces listed below and assign the

proper IP addresses as shown in the table below. Verify local connectivity for each VRF

Node VRF Interface 1 IP Address Interface 2 IP Address

XR1 VPN_01 Lo 100 192.168.10.1/24 Gi0/0/0/4.10 192.168.1.254/24

XR1 VPN_02 Lo 101 172.16.10.1/24 Gi0/0/0/4.20 172.16.1.254/24

XR2 VPN_01 Lo 100 192.168.20.1/24 Gi0/0/0/4.10 192.168.2.254/24

XR2 VPN_02 Lo 101 172.16.20.1/24 Gi0/0/0/4.20 172.16.2.254/24

Cisco Website for IOS-XR MPLS L3 VPN

Step 1. Configure VRF VPN_01 & VPN_02 In IOS, if an IP address is already programmed when you associate a VRF to an interface, it removes the IP address automatically. In IOS-XR, you have to do this manually. XR1

vrf VPN_01 address-family ipv4 unicast import route-target 100:1 export route-target 100:1 vrf VPN_02 address-family ipv4 unicast import route-target 100:2 export route-target 100:2 interface Loopback100

69 | P a g e


vrf VPN_01 ipv4 address 192.168.10.1 255.255.255.0 interface GigabitEthernet0/0/0/4.10 vrf VPN_01 ipv4 address 192.168.1.254 255.255.255.0 encapsulation dot1q 10 interface Loopback101 vrf VPN_02 ipv4 address 172.16.10.1 255.255.255.0 interface GigabitEthernet0/0/0/4.20 vrf VPN_02 ipv4 address 172.16.1.254 255.255.255.0 encapsulation dot1q 20 interface GigabitEthernet0/0/0/4 no shutdown commit end

XR2

vrf VPN_01 address-family ipv4 unicast import route-target 100:1 export route-target 100:1 vrf VPN_02 address-family ipv4 unicast import route-target 100:2 export route-target 100:2 interface Loopback100 vrf VPN_01 ipv4 address 192.168.20.1 255.255.255.0 interface GigabitEthernet0/0/0/4.10 vrf VPN_01 ipv4 address 192.168.2.254 255.255.255.0 encapsulation dot1q 10 interface Loopback101 vrf VPN_02 ipv4 address 172.16.20.1 255.255.255.0

70 | P a g e


interface GigabitEthernet0/0/0/4.20 vrf VPN_02 ipv4 address 172.16.2.254 255.255.255.0 encapsulation dot1q 20 interface GigabitEthernet0/0/0/4 no shutdown commit end

Step 2. Verify VRF Configuration To see all the VRFs (including the default (global)), the word ‘all’ can be used in the following show commands show vrf <vrf name> show ipv4 vrf <vrf name> int br show route vrf <vrf name> RP/0/0/CPU0:XR1# show vrf all VRF RD RT AFI SAFI Management not set VPN_01 not set import 100:1 IPV4 Unicast export 100:1 IPV4 Unicast VPN_02 not set import 100:2 IPV4 Unicast export 100:2 IPV4 Unicast RP/0/0/CPU0:XR1# show ipv4 vrf all int brief Interface IP-Address Status Protocol Vrf-Name Loopback0 192.168.1.1 Up Up default Loopback100 192.168.10.1 Up Up VPN_01 Loopback101 172.16.10.1 Up Up VPN_02 MgmtEth0/0/CPU0/0 198.18.1.10 Up Up Management GigabitEthernet0/0/0/0 10.12.1.1 Up Up default GigabitEthernet0/0/0/1 10.13.1.1 Up Up default GigabitEthernet0/0/0/2 100.64.1.254 Up Up default GigabitEthernet0/0/0/3 100.64.11.254 Up Up default GigabitEthernet0/0/0/4 unassigned Up Up default GigabitEthernet0/0/0/4.10 192.168.1.254 Up Up VPN_01 GigabitEthernet0/0/0/4.20 172.16.1.254 Up Up VPN_02 RP/0/0/CPU0:XR1# show route vrf all VRF: **nVSatellite Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path

71 | P a g e


D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, su - IS-IS summary null, * - candidate default U - per-user static route, o - ODR, L - local, G - DAGR, l - LISP A - access/subscriber, a - Application route M - mobile route, r - RPL, (!) - FRR Backup path Gateway of last resort is not set L 10.0.0.1/32 is directly connected, 23:53:58, nV-Loopback0 L 10.0.0.2/32 is directly connected, 23:53:58, nV-Loopback1 VRF: Management Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, su - IS-IS summary null, * - candidate default U - per-user static route, o - ODR, L - local, G - DAGR, l - LISP A - access/subscriber, a - Application route M - mobile route, r - RPL, (!) - FRR Backup path Gateway of last resort is 198.18.1.1 to network 0.0.0.0 S* 0.0.0.0/0 [1/0] via 198.18.1.1, 09:23:12 C 198.18.1.0/24 is directly connected, 09:23:12, MgmtEth0/0/CPU0/0 L 198.18.1.10/32 is directly connected, 09:23:12, MgmtEth0/0/CPU0/0 VRF: VPN_01 Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, su - IS-IS summary null, * - candidate default U - per-user static route, o - ODR, L - local, G - DAGR, l - LISP A - access/subscriber, a - Application route M - mobile route, r - RPL, (!) - FRR Backup path Gateway of last resort is not set C 192.168.1.0/24 is directly connected, 00:07:48, GigabitEthernet0/0/0/4.10 L 192.168.1.254/32 is directly connected, 00:07:48, GigabitEthernet0/0/0/4.10 C 192.168.10.0/24 is directly connected, 00:07:48, Loopback100 L 192.168.10.1/32 is directly connected, 00:07:48, Loopback100 VRF: VPN_02 Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, su - IS-IS summary null, * - candidate default U - per-user static route, o - ODR, L - local, G - DAGR, l - LISP A - access/subscriber, a - Application route M - mobile route, r - RPL, (!) - FRR Backup path

72 | P a g e


Gateway of last resort is not set C 172.16.1.0/24 is directly connected, 00:07:48, GigabitEthernet0/0/0/4.20 L 172.16.1.254/32 is directly connected, 00:07:48, GigabitEthernet0/0/0/4.20 C 172.16.10.0/24 is directly connected, 00:07:48, Loopback101 L 172.16.10.1/32 is directly connected, 00:07:48, Loopback101 RP/0/0/CPU0:XR1#

In IOS XR, VRFs RD are configured under the BGP configuration. This is demonstrated later in this lab Step 3. Verify VRF Connectivity. Ping VRF Local CEs XR1

ping vrf VPN_01 192.168.1.1 ping vrf VPN_02 172.16.1.1

XR2

ping vrf VPN_01 192.168.2.1 ping vrf VPN_02 172.16.2.1

73 | P a g e


XR1 RP/0/0/CPU0:XR1# ping vrf VPN_01 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms RP/0/0/CPU0:XR1# ping vrf VPN_02 172.16.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms RP/0/0/CPU0:XR1#

XR2 RP/0/0/CPU0:XR2# ping vrf VPN_01 192.168.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms RP/0/0/CPU0:XR2# ping vrf VPN_02 172.16.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms RP/0/0/CPU0:XR2#

74 | P a g e


BGP VPNv4 Configuration (Optional) Task Objective:

Initialize the VPNv4 Address Family Establish a VPNv4 BGP session with the route-reflector 192.168.100.100 (RR-1) Initialize the IPv4 Address family for both VRFs, and redistribute connected networks into it Verify routes are exchanged between the nodes, and that connectivity from VRF Loopback

to VRF Loopback exists

Step 4. Create BGP 100 process, and configure BGP sessions to the RR-1 XR1 and XR2

router bgp 100 address-family vpnv4 unicast neighbor 192.168.100.100 address-family vpnv4 unicast ! vrf VPN_01 rd 100:1 address-family ipv4 unicast redistribute connected ! vrf VPN_02 rd 100:2 address-family ipv4 unicast redistribute connected commit end

In IOS XR the VRF RDs are set under the BGP vrf configuration The addres-family command initializes the VPNv4 Address family on the router Step 5. Verify VPNv4 routes have been exchanged To see all the VRFs (including the default (global)), the word ‘all’ can be used in the following show commands. show bgp vpnv4 unicast summary show bgp vpnv4 unicast vrf <vrf name> show bgp vrf <vrf name> summary show ipv4 vrf <vrf name> interface brief show route vrf <vrf name>

75 | P a g e


RP/0/0/CPU0:XR1# show bgp vpnv4 unicast summary Thu Jan 24 00:09:25.832 UTC BGP router identifier 192.168.1.1, local AS number 100 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0x0 RD version: 0 BGP main routing table version 19 BGP NSR Initial initsync version 11 (Not Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs BGP is operating in STANDALONE mode. Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer Speaker 19 19 19 19 19 0 Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 192.168.100.100 0 100 452 416 19 0 0 00:00:52 4 RP/0/0/CPU0:XR1#show bgp vpnv4 unicast vrf VPN_01 Thu Jan 24 00:13:19.426 UTC BGP router identifier 192.168.1.1, local AS number 100 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0x0 RD version: 0 BGP main routing table version 19 BGP NSR Initial initsync version 11 (Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs Status codes: s suppressed, d damped, h history, * valid, > best i - internal, r RIB-failure, S stale, N Nexthop-discard Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:1 (default for vrf VPN_01) *> 192.168.1.0/24 0.0.0.0 0 32768 ? *>i192.168.2.0/24 192.168.2.2 0 100 0 ? *> 192.168.10.0/24 0.0.0.0 0 32768 ? *>i192.168.20.0/24 192.168.2.2 0 100 0 ? Processed 4 prefixes, 4 paths RP/0/0/CPU0:XR1#show bgp vpnv4 unicast vrf VPN_02 Thu Jan 24 00:13:29.215 UTC BGP router identifier 192.168.1.1, local AS number 100 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0x0 RD version: 0 BGP main routing table version 19 BGP NSR Initial initsync version 11 (Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs Status codes: s suppressed, d damped, h history, * valid, > best i - internal, r RIB-failure, S stale, N Nexthop-discard Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:2 (default for vrf VPN_02)

76 | P a g e


*> 172.16.1.0/24 0.0.0.0 0 32768 ? *>i172.16.2.0/24 192.168.2.2 0 100 0 ? *> 172.16.10.0/24 0.0.0.0 0 32768 ? *>i172.16.20.0/24 192.168.2.2 0 100 0 ? Processed 4 prefixes, 4 paths RP/0/0/CPU0:XR1# RP/0/0/CPU0:XR1# show bgp vrf all summary Thu Jan 24 00:09:40.131 UTC VRF: VPN_01 ----------- BGP VRF VPN_01, state: Active BGP Route Distinguisher: 100:1 VRF ID: 0x60000004 BGP router identifier 192.168.1.1, local AS number 100 Non-stop routing is enabled BGP table state: Active Table ID: 0xe0000013 RD version: 17 BGP main routing table version 19 BGP NSR Initial initsync version 11 (Not Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP is operating in STANDALONE mode. Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer Speaker 19 19 19 19 19 0 VRF: VPN_02 ----------- BGP VRF VPN_02, state: Active BGP Route Distinguisher: 100:2 VRF ID: 0x60000005 BGP router identifier 192.168.1.1, local AS number 100 Non-stop routing is enabled BGP table state: Active Table ID: 0xe0000014 RD version: 19 BGP main routing table version 19 BGP NSR Initial initsync version 11 (Not Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP is operating in STANDALONE mode. Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer Speaker 19 19 19 19 19 0 RP/0/0/CPU0:XR1# show ipv4 vrf all interface brief Thu Jan 24 00:10:01.960 UTC Interface IP-Address Status Protocol Vrf-Name Loopback0 192.168.1.1 Up Up default Loopback100 192.168.10.1 Up Up VPN_01 Loopback101 172.16.10.1 Up Up VPN_02 MgmtEth0/0/CPU0/0 198.18.1.10 Up Up Management GigabitEthernet0/0/0/0 10.12.1.1 Up Up default GigabitEthernet0/0/0/1 10.13.1.1 Up Up default GigabitEthernet0/0/0/2 100.64.1.254 Up Up default GigabitEthernet0/0/0/3 100.64.11.254 Up Up default

77 | P a g e


GigabitEthernet0/0/0/4 unassigned Up Up default GigabitEthernet0/0/0/4.10 192.168.1.254 Up Up VPN_01 GigabitEthernet0/0/0/4.20 172.16.1.254 Up Up VPN_02 RP/0/0/CPU0:XR1# show route vrf all <output omitted> VRF: VPN_01 Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, su - IS-IS summary null, * - candidate default U - per-user static route, o - ODR, L - local, G - DAGR, l - LISP A - access/subscriber, a - Application route M - mobile route, r - RPL, (!) - FRR Backup path Gateway of last resort is not set C 192.168.1.0/24 is directly connected, 00:33:14, GigabitEthernet0/0/0/4.10 L 192.168.1.254/32 is directly connected, 00:33:14, GigabitEthernet0/0/0/4.10 B 192.168.2.0/24 [200/0] via 192.168.2.2 (nexthop in vrf default), 00:01:33 C 192.168.10.0/24 is directly connected, 00:33:14, Loopback100 L 192.168.10.1/32 is directly connected, 00:33:14, Loopback100 B 192.168.20.0/24 [200/0] via 192.168.2.2 (nexthop in vrf default), 00:01:33 VRF: VPN_02 Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, su - IS-IS summary null, * - candidate default U - per-user static route, o - ODR, L - local, G - DAGR, l - LISP A - access/subscriber, a - Application route M - mobile route, r - RPL, (!) - FRR Backup path Gateway of last resort is not set C 172.16.1.0/24 is directly connected, 00:33:14, GigabitEthernet0/0/0/4.20 L 172.16.1.254/32 is directly connected, 00:33:14, GigabitEthernet0/0/0/4.20 B 172.16.2.0/24 [200/0] via 192.168.2.2 (nexthop in vrf default), 00:01:33 C 172.16.10.0/24 is directly connected, 00:33:14, Loopback101 L 172.16.10.1/32 is directly connected, 00:33:14, Loopback101 B 172.16.20.0/24 [200/0] via 192.168.2.2 (nexthop in vrf default), 00:01:33 RP/0/0/CPU0:XR1#

78 | P a g e


Step 6. Verify connectivity across the core for both VRFs XR1 pings 192.168.2.254 (remote CE device connected to XR2) in VPN_01

ping vrf VPN_01 192.168.2.254 XR2 pings 172.16.1.254 (remote CE device connected to XR1) in VPN_02

ping vrf VPN_02 172.16.1.254 XR1 RP/0/0/CPU0:XR1# ping vrf VPN_01 192.168.2.254 Thu Jan 24 00:20:23.487 UTC Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms RP/0/0/CPU0:XR1#

XR2 RP/0/0/CPU0:XR2# ping vrf VPN_02 172.16.1.254 Thu Jan 24 00:20:32.956 UTC Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.254, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/7/19 ms RP/0/0/CPU0:XR2#

79 | P a g e


BGP PE-CE Configuration Task Objective:

On XR1 and XR2 configure a BGP session on VRF VPN_01 as indicated in the table below Verify that routes have been exchanged, and connectivity is successful across the core. CE devices are preconfigured.

PE VRF / CE CE IP Address CE Remote-AS

XR1 VPN_01 192.168.1.1 200

XR2 VPN_01 192.168.2.1 200

Step 7. Configure BGP as PE-CE Routing Protocol XR1

router bgp 100 vrf VPN_01 neighbor 192.168.1.1 remote-as 200 address-family ipv4 unicast route-policy PASS-ALL in route-policy PASS-ALL out as-override commit end

XR2

router bgp 100 vrf VPN_01 neighbor 192.168.2.1 remote-as 200 address-family ipv4 unicast route-policy PASS-ALL in route-policy PASS-ALL out as-override commit end

80 | P a g e


Step 8. Verify BGP adjacency to CE as well as reachability

show run router bgp <AS> vrf <vrf name> show bgp vrf <vrf name> summary show bgp vrf <vrf name> show route vrf <vrf name>

RP/0/0/CPU0:XR1# show run router bgp 100 vrf VPN_01 Thu Jan 24 03:42:45.315 UTC router bgp 100 vrf VPN_01 rd 100:1 address-family ipv4 unicast redistribute connected ! neighbor 192.168.1.1 remote-as 200 address-family ipv4 unicast route-policy PASS-ALL in route-policy PASS-ALL out as-override ! ! ! ! RP/0/0/CPU0:XR1# show bgp vrf VPN_01 summary Thu Jan 24 03:42:55.304 UTC BGP VRF VPN_01, state: Active BGP Route Distinguisher: 100:1 VRF ID: 0x60000004 BGP router identifier 192.168.1.1, local AS number 100 Non-stop routing is enabled BGP table state: Active Table ID: 0xe0000013 RD version: 22 BGP main routing table version 22 BGP NSR Initial initsync version 11 (Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP is operating in STANDALONE mode. Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer Speaker 22 22 22 22 22 0 Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 192.168.1.1 0 200 6 7 22 0 0 00:01:03 2 RP/0/0/CPU0:XR1# show bgp vrf VPN_01 Thu Jan 24 03:43:15.373 UTC BGP VRF VPN_01, state: Active BGP Route Distinguisher: 100:1 VRF ID: 0x60000004 BGP router identifier 192.168.1.1, local AS number 100 Non-stop routing is enabled BGP table state: Active Table ID: 0xe0000013 RD version: 22 BGP main routing table version 22 BGP NSR Initial initsync version 11 (Reached) BGP NSR/ISSU Sync-Group versions 0/0

81 | P a g e


Status codes: s suppressed, d damped, h history, * valid, > best i - internal, r RIB-failure, S stale, N Nexthop-discard Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:1 (default for vrf VPN_01) *> 192.168.1.0/24 0.0.0.0 0 32768 ? * 192.168.1.1 0 0 200 ? *>i192.168.2.0/24 192.168.2.2 0 100 0 ? *> 192.168.10.0/24 0.0.0.0 0 32768 ? *>i192.168.20.0/24 192.168.2.2 0 100 0 ? *> 192.168.100.0/24 192.168.1.1 0 0 200 ? *>i192.168.200.0/24 192.168.2.2 0 100 0 200 ? Processed 6 prefixes, 7 paths RP/0/0/CPU0:XR1# show route vrf VPN_01 Thu Jan 24 03:43:52.171 UTC Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path D - EIGRP, EX - EIGRP exter`nal, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, su - IS-IS summary null, * - candidate default U - per-user static route, o - ODR, L - local, G - DAGR, l - LISP A - access/subscriber, a - Application route M - mobile route, r - RPL, (!) - FRR Backup path Gateway of last resort is not set C 192.168.1.0/24 is directly connected, 04:06:44, GigabitEthernet0/0/0/4.10 L 192.168.1.254/32 is directly connected, 04:06:44, GigabitEthernet0/0/0/4.10 B 192.168.2.0/24 [200/0] via 192.168.2.2 (nexthop in vrf default), 03:35:03 C 192.168.10.0/24 is directly connected, 04:06:44, Loopback100 L 192.168.10.1/32 is directly connected, 04:06:44, Loopback100 B 192.168.20.0/24 [200/0] via 192.168.2.2 (nexthop in vrf default), 03:35:03 B 192.168.100.0/24 [20/0] via 192.168.1.1, 00:02:00 B 192.168.200.0/24 [200/0] via 192.168.2.2 (nexthop in vrf default), 00:01:18 RP/0/0/CPU0:XR1#

Notice the 192.168.100.0/24 and 192.168.200.0/24 routes have been added. Each route was learned from a CE_Device. The Next-Hop IP address should help you identify which XR router the route was learned from Step 9. Verify connectivity across the Core XR1

ping vrf VPN_01 192.168.200.1 XR2

ping vrf VPN_01 192.168.100.1

82 | P a g e




83 | P a g e


OSPF PE-CE Configuration

Task Objective:

On XR1 and XR2 configure OSPF Process 100 for VRF VPN_02 Mutually redistribute routes between OSPF and BGP Verify that routes have been exchanged, and connectivity is successful across the

core. CE devices are already preconfigured.

PE VRF / CE Interfaces OSPF Area

XR1 VPN_02 Gi0/0/0/4 , Lo101 1

XR2 VPN_02 Gi0/0/0/4 , Lo101 2

Step 10. Configure OSPF as PE-CE Routing Protocol We changed the OSPF process from what the global routing table is using (router ospf 1). It is possible to use the same process number as the global table. We are just making it easier for you to read XR1 and XR2

router ospf 100 vrf VPN_02 redistribute bgp 100 area 0 interface Loopback101 interface GigabitEthernet0/0/0/4.20 router bgp 100 vrf VPN_02 address-family ipv4 unicast redistribute ospf 100 commit end

84 | P a g e


Step 11. Verify OSPF Adjacency to CE and Reachability show run router ospf <process> vrf <vrf name> show ospf vrf <vrf name> interface brief show ospf vrf <vrf name> neighbor show route vrf <vrf name> show run router ospf 100 vrf VPN_02 show ospf vrf VPN_02 interface brief show ospf vrf VPN_02 neighbor show route vrf VPN_02 RP/0/0/CPU0:XR1# show run router ospf 100 vrf VPN_02 Thu Jan 24 04:19:43.843 UTC router ospf 100 vrf VPN_02 redistribute bgp 100 area 0 interface Loopback101 ! interface GigabitEthernet0/0/0/4.20 ! ! ! ! RP/0/0/CPU0:XR1# show ospf vrf VPN_02 interface brief Thu Jan 24 04:19:54.572 UTC * Indicates MADJ interface, (P) Indicates fast detect hold down state Interfaces for OSPF 100, VRF VPN_02 Interface PID Area IP Address/Mask Cost State Nbrs F/C Lo101 100 0 172.16.10.1/24 1 LOOP 0/0 Gi0/0/0/4.20 100 0 172.16.1.254/24 1 BDR 1/1 RP/0/0/CPU0:XR1# show ospf vrf VPN_02 neighbor Thu Jan 24 04:20:02.902 UTC * Indicates MADJ interface # Indicates Neighbor awaiting BFD session up Neighbors for OSPF 100, VRF VPN_02 Neighbor ID Pri State Dead Time Address Interface 172.16.100.1 1 FULL/DR 00:00:32 172.16.1.1 GigabitEthernet0/0/0/4.20 Neighbor is up for 00:07:06 Total neighbor count: 1 RP/0/0/CPU0:XR1# show route vrf VPN_02 Thu Jan 24 04:20:09.271 UTC Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

85 | P a g e


N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, su - IS-IS summary null, * - candidate default U - per-user static route, o - ODR, L - local, G - DAGR, l - LISP A - access/subscriber, a - Application route M - mobile route, r - RPL, (!) - FRR Backup path Gateway of last resort is not set C 172.16.1.0/24 is directly connected, 04:43:02, GigabitEthernet0/0/0/4.20 L 172.16.1.254/32 is directly connected, 04:43:02, GigabitEthernet0/0/0/4.20 B 172.16.2.0/24 [200/0] via 192.168.2.2 (nexthop in vrf default), 00:07:04 C 172.16.10.0/24 is directly connected, 04:43:02, Loopback101 L 172.16.10.1/32 is directly connected, 04:43:02, Loopback101 B 172.16.20.0/24 [200/0] via 192.168.2.2 (nexthop in vrf default), 00:07:04 O 172.16.100.1/32 [110/2] via 172.16.1.1, 00:07:12, GigabitEthernet0/0/0/4.20 B 172.16.200.1/32 [200/2] via 192.168.2.2 (nexthop in vrf default), 00:07:02 RP/0/0/CPU0:XR1#

Step 12. Verify connectivity across the Core XR1

ping vrf VPN_02 172.16.200.1 XR2

ping vrf VPN_02 172.16.100.1



86 | P a g e


MPLS Traffic Engineering (Optional) Task Objective:

Enable RSVP on all core interfaces; set the RSVP reservation to 10 Mbps Enable MPLS TE on all core interfaces. Configure MPLS TE to re-optimize after 60 seconds. Configure OSPF (Area 0) for MPLS TE on XR1 and XR2. RR-1 has been pre-configured

Cisco Web Site for MPLS Traffic Engineering

Step 1. Configure RSVP to 10Mbps XR1 and XR2

rsvp interface GigabitEthernet0/0/0/0 bandwidth 10 Mbps interface GigabitEthernet0/0/0/1 bandwidth 10 Mbps commit end

Step 2. Validate RSVP is operational

show rsvp interface RP/0/0/CPU0:XR1# show rsvp interface *: RDM: Default I/F B/W % : 75% [default] (max resv/bc0), 0% [default] (bc1) Interface MaxBW (bps) MaxFlow (bps) Allocated (bps) MaxSub (bps) ----------- ------------ ------------- -------------------- ------------- Gi0/0/0/0 10M 10M 0 ( 0%) 0 Gi0/0/0/1 10M 10M 0 ( 0%) 0 RP/0/0/CPU0:XR1#

87 | P a g e


Step 3. Enable MPLS TE on relevant interfaces XR1 and XR2

mpls traffic-eng interface GigabitEthernet0/0/0/0 interface GigabitEthernet0/0/0/1 reoptimize 60 commit end

Step 4. Validate MPLS-TE was enabled on the interfaces

show mpls traffic-eng link-management interfaces | i Link ID RP/0/0/CPU0:XR1# show mpls traffic-eng link-management interfaces | i Link ID Thu Jan 24 04:42:00.312 UTC Link ID:: GigabitEthernet0/0/0/0 (10.12.1.1) Link ID:: GigabitEthernet0/0/0/1 (10.13.1.1) RP/0/0/CPU0:XR1#

Step 5. Enable the IGP protocol (OSPF) for MPLS-TE XR1 and XR2 router ospf 1 area 0 mpls traffic-eng mpls traffic-eng router-id Loopback0 commit end

88 | P a g e


Dynamic Path (Optional) Task Objective:

On XR1, create interface Tunnel-TE 12 interface with a destination of 192.168.2.2 On XR2, create interface Tunnel-TE 21 interface with a destination of 192.168.1.1 On all TE tunnels, set the bandwidth to 2 Mbps, IPv4 Unumbered to Loopback 0, Path-

Option 10 with Dynamic Verify the tunnels and that traffic is forwarded on the tunnels


Step 1. Create MPLS-TE Tunnels Note: This section requires the section MPLS Traffic Engineering to be completed XR1

interface tunnel-te12 bandwidth 2000 ipv4 unnumbered Loopback0 destination 192.168.2.2 path-option 10 dynamic no shut commit end

XR2

interface tunnel-te21 bandwidth 2000 ipv4 unnumbered Loopback0 destination 192.168.1.1 path-option 10 dynamic no shut commit end

Step 2. Verify MPLS-TE Tunnels are up It may take a few seconds for the tunnels to come up show mpls traffic-eng tunnels brief show mpls traffic-eng tunnels tabular

89 | P a g e


RP/0/0/CPU0:XR1# show mpls traffic-eng tunnels brief TUNNEL NAME DESTINATION STATUS STATE tunnel-te12 192.168.2.2 up up XR2_t21 192.168.1.1 up up Displayed 1 (of 1) heads, 0 (of 0) midpoints, 1 (of 1) tails Displayed 1 up, 0 down, 0 recovering, 0 recovered heads RP/0/0/CPU0:XR1# show mpls traffic-eng tunnels tabular Tunnel LSP Destination Source Tun FRR LSP Path Name ID Address Address State State Role Prot ----------------- ----- --------------- --------------- ------ ------ ---- ----- tunnel-te12 2 192.168.2.2 192.168.1.1 up Inact Head Inact XR2_t21 2 192.168.1.1 192.168.2.2 up Inact Tail RP/0/0/CPU0:XR1#

Step 3. Verify connectivity across the Core From XR1, ping and trace the MLPS-TE tail end

ping mpls traffic-eng tunnel-te 12 trace mpls traffic-eng tunnel-te 12

From XR2, ping and trace the MLPS-TE tail end


XR1 RP/0/0/CPU0:XR1# ping mpls traffic-eng tunnel-te 12 Thu Jan 24 05:04:03.571 UTC Sending 5, 100-byte MPLS Echos to tunnel-te12, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/8/10 ms RP/0/0/CPU0:XR1# trace mpls traffic-eng tunnel-te 12 Thu Jan 24 05:04:12.290 UTC

90 | P a g e


Tracing MPLS TE Label Switched Path on tunnel-te12, timeout is 2 seconds Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. 0 10.12.1.1 MRU 1500 [Labels: implicit-null Exp: 0] ! 1 10.12.1.2 10 ms RP/0/0/CPU0:XR1# XR2 RP/0/0/CPU0:XR2# ping mpls traffic-eng tunnel-te 21 Thu Jan 24 05:05:06.986 UTC Sending 5, 100-byte MPLS Echos to tunnel-te21, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/10 ms RP/0/0/CPU0:XR2# trace mpls traffic-eng tunnel-te 21 Thu Jan 24 05:05:16.056 UTC Tracing MPLS TE Label Switched Path on tunnel-te21, timeout is 2 seconds Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. 0 10.12.1.2 MRU 1500 [Labels: implicit-null Exp: 0] ! 1 10.12.1.1 10 ms RP/0/0/CPU0:XR2#

91 | P a g e


Explicit Path (Optional) Task Objective:

On XR1, create interface Tunnel-TE 132 with a destination of 192.168.2.2 On XR2, create interface Tunnel-TE 231 with a destination of 192.168.1.1 On all TE tunnels, set the bandwidth to 2 Mbps, IPv4 Unnumbered to Loopback 0, and explicit

path per the chart provided below Verify the tunnels and that traffic is forwarded on the tunnels

Tunnel Explicit Path Exact Hops

132 XR1-RR-XR2 10.13.1.3 — 10.23.1.2

231 XR2-RR-XR1 10.23.1.3 – 10.13.1.1


Step 1. Build MPLS-TE Explicit Paths Note: This section requires the section MPLS Traffic Engineering to be completed XR1

explicit-path name XR1-XR2 index 1 next-address strict ipv4 unicast 10.13.1.3 index 2 next-address strict ipv4 unicast 10.23.1.2

XR2

explicit-path name XR2-XR1 index 1 next-address strict ipv4 unicast 10.23.1.3 index 2 next-address strict ipv4 unicast 10.13.1.1

92 | P a g e


Step 2. Create MPLS-TE Tunnel Interface for Explicit Paths XR1

interface tunnel-te132 bandwidth 2000 ipv4 unnumbered Loopback0 destination 192.168.2.2 path-option 10 explicit name XR1-XR2 no shut commit end

XR2

interface tunnel-te231 bandwidth 2000 ipv4 unnumbered Loopback0 destination 192.168.1.1 path-option 10 explicit name XR2-XR1 no shut commit end

Step 3. Verify MPLS-TE Explicit Path Tunnels come up XR1

show mpls traffic-eng tunnels tabular show mpls traffic-eng tunnels 132

XR2

show mpls traffic-eng tunnels tabular show mpls traffic-eng tunnels 231

93 | P a g e


XR1 RP/0/0/CPU0:XR1# show mpls traffic-eng tunnels tabular Thu Jan 24 05:17:14.987 UTC Tunnel LSP Destination Source Tun FRR LSP Path Name ID Address Address State State Role Prot ----------------- ----- --------------- --------------- ------ ------ ---- ----- tunnel-te12 2 192.168.2.2 192.168.1.1 up Inact Head Inact tunnel-te132 2 192.168.2.2 192.168.1.1 up Inact Head Inact XR2_t21 2 192.168.1.1 192.168.2.2 up Inact Tail XR2_t231 2 192.168.1.1 192.168.2.2 up Inact Tail RP/0/0/CPU0:XR1# show mpls traffic-eng tunnels 132 Thu Jan 24 05:17:26.136 UTC Name: tunnel-te132 Destination: 192.168.2.2 Ifhandle:0x980 Signalled-Name: XR1_t132 Status: Admin: up Oper: up Path: valid Signalling: connected path option 10, type explicit XR1-XR2 (Basis for Setup, path weight 101) G-PID: 0x0800 (derived from egress interface properties) Bandwidth Requested: 0 kbps CT0 Creation Time: Thu Jan 24 05:14:12 2020 (00:03:14 ago) Config Parameters: Bandwidth: 0 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff Metric Type: TE (default) Path Selection: Tiebreaker: Min-fill (default) Hop-limit: disabled Cost-limit: disabled Path-invalidation timeout: 45000 msec (default), Action: Tear (default) AutoRoute: disabled LockDown: disabled Policy class: not set Forward class: 0 (default) Forwarding-Adjacency: disabled Loadshare: 0 equal loadshares Auto-bw: disabled Fast Reroute: Disabled, Protection Desired: None Path Protection: Not Enabled BFD Fast Detection: Disabled Reoptimization after affinity failure: Enabled Soft Preemption: Disabled History: Tunnel has been up for: 00:03:13 (since Thu Jan 24 05:14:13 UTC 2020) Current LSP: Uptime: 00:03:13 (since Thu Jan 24 05:14:13 UTC 2020) Reopt. LSP: Last Failure: LSP not signalled, identical to the [CURRENT] LSP Date/Time: Thu Jan 24 05:14:25 UTC 2020 [00:03:01 ago] Path info (OSPF 1 area 0): Node hop count: 2 Hop0: 10.13.1.3 Hop1: 10.23.1.2 Hop2: 192.168.2.2 Displayed 1 (of 2) heads, 0 (of 0) midpoints, 0 (of 2) tails Displayed 1 up, 0 down, 0 recovering, 0 recovered heads RP/0/0/CPU0:XR1#

94 | P a g e


XR2 RP/0/0/CPU0:XR2# show mpls traffic-eng tunnels tabular Tunnel LSP Destination Source Tun FRR LSP Path Name ID Address Address State State Role Prot ----------------- ----- --------------- --------------- ------ ------ ---- ----- tunnel-te21 2 192.168.1.1 192.168.2.2 up Inact Head Inact tunnel-te231 2 192.168.1.1 192.168.2.2 up Inact Head Inact XR1_t12 2 192.168.2.2 192.168.1.1 up Inact Tail XR1_t132 2 192.168.2.2 192.168.1.1 up Inact Tail RP/0/0/CPU0:XR2# show mpls traffic-eng tunnels 231 Thu Jan 24 05:18:29.761 UTC Name: tunnel-te231 Destination: 192.168.1.1 Ifhandle:0x880 Signalled-Name: XR2_t231 Status: Admin: up Oper: up Path: valid Signalling: connected path option 10, type explicit XR2-XR1 (Basis for Setup, path weight 101) G-PID: 0x0800 (derived from egress interface properties) Bandwidth Requested: 0 kbps CT0 Creation Time: Thu Jan 24 05:14:27 2020 (00:04:02 ago) Config Parameters: Bandwidth: 0 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff Metric Type: TE (default) Path Selection: Tiebreaker: Min-fill (default) Hop-limit: disabled Cost-limit: disabled Path-invalidation timeout: 45000 msec (default), Action: Tear (default) AutoRoute: disabled LockDown: disabled Policy class: not set Forward class: 0 (default) Forwarding-Adjacency: disabled Loadshare: 0 equal loadshares Auto-bw: disabled Fast Reroute: Disabled, Protection Desired: None Path Protection: Not Enabled BFD Fast Detection: Disabled Reoptimization after affinity failure: Enabled Soft Preemption: Disabled History: Tunnel has been up for: 00:04:02 (since Thu Jan 24 05:14:27 UTC 2020) Current LSP: Uptime: 00:04:02 (since Thu Jan 24 05:14:27 UTC 2020) Reopt. LSP: Last Failure: LSP not signalled, identical to the [CURRENT] LSP Date/Time: Thu Jan 24 05:14:31 UTC 2020 [00:03:58 ago] Path info (OSPF 1 area 0): Node hop count: 2 Hop0: 10.23.1.3 Hop1: 10.13.1.1 Hop2: 192.168.1.1 Displayed 1 (of 2) heads, 0 (of 0) midpoints, 0 (of 2) tails Displayed 1 up, 0 down, 0 recovering, 0 recovered heads RP/0/0/CPU0:XR2#

95 | P a g e


Step 4. Verify connectivity across the Core From XR1, ping and trace the MLPS-TE tail end


From XR2, ping and trace the MLPS-TE tail end


XR1 RP/0/0/CPU0:XR1# ping mpls traffic-eng tunnel-te 132 Thu Jan 24 05:26:12.120 UTC Sending 5, 100-byte MPLS Echos to tunnel-te132, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/10 ms RP/0/0/CPU0:XR1# trace mpls traffic-eng tunnel-te 132 Thu Jan 24 05:26:22.199 UTC Tracing MPLS TE Label Switched Path on tunnel-te132, timeout is 2 seconds Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. 0 10.13.1.1 MRU 1500 [Labels: 19 Exp: 0] L 1 10.13.1.3 MRU 1504 [Labels: implicit-null Exp: 0] 20 ms ! 2 10.23.1.2 1 ms RP/0/0/CPU0:XR1#

96 | P a g e


XR2 RP/0/0/CPU0:XR2# ping mpls traffic-eng tunnel-te 231 Thu Jan 24 05:26:59.796 UTC Sending 5, 100-byte MPLS Echos to tunnel-te231, timeout is 2 seconds, send interval is 0 msec: Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms RP/0/0/CPU0:XR2# trace mpls traffic-eng tunnel-te 231 Thu Jan 24 05:27:10.596 UTC Tracing MPLS TE Label Switched Path on tunnel-te231, timeout is 2 seconds Codes: '!' - success, 'Q' - request not sent, '.' - timeout, 'L' - labeled output interface, 'B' - unlabeled output interface, 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch, 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label, 'P' - no rx intf label prot, 'p' - premature termination of LSP, 'R' - transit router, 'I' - unknown upstream index, 'X' - unknown return code, 'x' - return code 0 Type escape sequence to abort. 0 10.23.1.2 MRU 1500 [Labels: 20 Exp: 0] L 1 10.23.1.3 MRU 1504 [Labels: implicit-null Exp: 0] 10 ms ! 2 10.13.1.1 1 ms RP/0/0/CPU0:XR2#

97 | P a g e


Advanced RPLs (Optional)

Multiple Action Policies

Task Objective:

Create a new RPL called INBOUND that does the following: o Discard all routes that match the PREFIX-SET-RFC1918 o All routes originating from AS 1100 received from AS 7018 set the Local Preference

to 7018 o All routes originating from AS 2000 received from AS 2828 set the Local Preference

to 2828 o All other routes should receive a local-preference of 1000

Apply the RPL inbound to EBGP Peers & Verify the BGP Table Correct the problem and verify.

Step 1. Create the RPL INBOUND on XR1 and XR2 XR1

prefix-set PREFIX-SET-RFC1918 10.0.0.0/8 ge 8, 172.16.0.0/12 ge 12, 192.168.0.0/16 ge 16 end-set route-policy INBOUND if destination in PREFIX-SET-RFC1918 then drop endif if as-path originates-from '2828' exact and as-path neighbor-is '2000' exact then set local-preference 2828 elseif as-path originates-from '7018' exact and as-path neighbor-is '1100' exact then set local-preference 7018 endif set local-preference 1000 end-policy commit

98 | P a g e


XR2 Note: Prefix set PREFIX-SET-RFC1918 should already be configured on XR2 from the Basic Route Policy Language Section, so there is no need to configure it again

route-policy INBOUND if destination in PREFIX-SET-RFC1918 then drop endif if as-path originates-from '2828' exact and as-path neighbor-is '2000' exact then set local-preference 2828 elseif as-path originates-from '7018' exact and as-path neighbor-is '1100' exact then set local-preference 7018 endif set local-preference 1000 end-policy commit

Step 2. Apply the RPL inbound to EBGP Peers XR1

router bgp 100 address-family ipv4 unicast neighbor 100.64.1.1 address-family ipv4 unicast route-policy INBOUND in neighbor 100.64.11.1 address-family ipv4 unicast route-policy INBOUND in commit end

XR2

router bgp 100 address-family ipv4 unicast neighbor 100.64.2.1 address-family ipv4 unicast route-policy INBOUND in neighbor 100.64.22.1 address-family ipv4 unicast route-policy INBOUND in

99 | P a g e


commit end

Step 3. Perform a Soft Reset and verify the intended results clear bgp ipv4 unicast * soft show bgp ipv4 unicast RP/0/0/CPU0:XR1# clear bgp ipv4 unicast * soft Thu Jan 24 05:53:37.887 UTC RP/0/0/CPU0:XR1# show bgp ipv4 unicast Thu Jan 24 05:53:47.767 UTC BGP router identifier 192.168.1.1, local AS number 100 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0xe0000000 RD version: 26 BGP main routing table version 26 BGP NSR Initial initsync version 2 (Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs Status codes: s suppressed, d damped, h history, * valid, > best i - internal, r RIB-failure, S stale, N Nexthop-discard Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 5.5.1.0/24 100.64.1.1 0 1000 0 1100 ? * 100.64.11.1 0 1000 0 2000 ? *>i8.8.4.0/24 192.168.2.2 0 1000 0 2000 2828 ? *> 8.8.8.0/24 100.64.1.1 0 1000 0 1100 7018 i *>i10.100.100.0/24 192.168.100.100 0 100 0 i *>i164.144.11.0/24 192.168.2.2 0 1000 0 1200 123 109 ? *> 164.144.22.0/24 100.64.11.1 0 1000 0 2000 123 27343 i *>i172.31.100.0/30 192.168.100.100 0 100 0 i *> 192.168.1.1/32 0.0.0.0 0 32768 i *>i192.168.2.2/32 192.168.2.2 0 100 0 i Processed 9 prefixes, 10 paths RP/0/0/CPU0:XR1#

Notice that the highlighted values have a local preference of 1000 when they should have either 7018 or 2828 for the local preference. The reason that the local preference is set to 1000 is that once the local preference was set to 7018 or 2828 on the RPL; it was overwritten in the next step. Adding the keyword ‘DONE’ to the RPL will stop processing further events as shown in the following step.

100 | P a g e


Step 4. Correct the RPL XR1 and XR2

route-policy INBOUND if destination in PREFIX-SET-RFC1918 then drop endif if as-path originates-from '2828' exact and as-path neighbor-is '2000' exact then set local-preference 2828 done elseif as-path originates-from '7018' exact and as-path neighbor-is '1100' exact then set local-preference 7018 done endif set local-preference 1000 end-policy commit end

Another option is to use an additional ‘else’ command so that other processing can continue if desired. In our example, we wanted to emphasize that ‘done’ can be used to break out of the RPL and keep it from executing any further actions.

route-policy INBOUND if destination in PREFIX-SET-RFC1918 then drop endif if as-path originates-from '2828' exact and as-path neighbor-is '2000' exact then set local-preference 2828 elseif as-path originates-from '7018' exact and as-path neighbor-is '1100' exact then set local-preference 7018 else set local-preference 1000 endif end-policy commit end

Step 5. Perform a Soft Reset and verify the intended results clear bgp ipv4 unicast * soft show bgp ipv4 unicast

101 | P a g e


RP/0/0/CPU0:XR1# clear bgp ipv4 unicast * soft Thu Jan 24 06:01:23.745 UTC RP/0/0/CPU0:XR2# show bgp ipv4 unicast Thu Jan 24 06:01:33.954 UTC BGP router identifier 192.168.2.2, local AS number 100 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0xe0000000 RD version: 28 BGP main routing table version 28 BGP NSR Initial initsync version 5 (Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs Status codes: s suppressed, d damped, h history, * valid, > best i - internal, r RIB-failure, S stale, N Nexthop-discard Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>i5.5.1.0/24 192.168.1.1 0 1000 0 1100 ? *> 8.8.4.0/24 100.64.22.1 0 2828 0 2000 2828 ? *>i8.8.8.0/24 192.168.1.1 0 7018 0 1100 7018 i *>i10.100.100.0/24 192.168.100.100 0 100 0 i *> 164.144.11.0/24 100.64.2.1 0 1000 0 1200 123 109 ? *>i164.144.22.0/24 192.168.1.1 0 1000 0 2000 123 27343 i *>i172.31.100.0/30 192.168.100.100 0 100 0 i *>i192.168.1.1/32 192.168.1.1 0 100 0 i *> 192.168.2.2/32 0.0.0.0 0 32768 i Processed 9 prefixes, 9 paths RP/0/0/CPU0:XR2#

After correcting the mistake, the Local Preference was set correctly

102 | P a g e


Nested Policies (Optional) Task Objective:

Modify the RPL INBOUND to achieve the following: Apply the RFC1918 RPL to:

o Set the Local Preference to 109 on all routes originating from AS 109 received from AS 1200

o Set the Local Preference to 27343 on all routes originating from AS 27343 received from AS 2000

Apply the PASS-ALL RPL as the last action

Step 1. Modify the RPL INBOUND In this step, we will apply the RFC1918 RPL we configured at the beginning of this lab in the Basic RPL Configuration section inside the INBOUND RPL and then we will use a show command to see what this looks like behind the scenes This is the original INBOUND RPL that is currently configured and we’ll replace the highlighted section with the RFC1918 RPL which will achieve the same result

route-policy INBOUND if destination in PREFIX-SET-RFC1918 then drop endif if as-path originates-from '2828' exact and as-path neighbor-is '2000' exact then set local-preference 2828 elseif as-path originates-from '7018' exact and as-path neighbor-is '1100' exact then set local-preference 7018 else set local-preference 1000 endif end-policy

Execute the following commands to replace the section highlighted in yellow above with the RFC1918 RPL XR1 and XR2

route-policy INBOUND apply RFC1918 if as-path originates-from '109' exact and as-path neighbor-is '1200' exact then set local-preference 109 done

103 | P a g e


elseif as-path originates-from '27343' exact and as-path neighbor-is '2000' exact then set local-preference 27343 done endif apply PASS-ALL end-policy commit end

Step 2. Verify what the INBOUND RPL looks like behind the scene show rpl route-policy INBOUND inline RP/0/0/CPU0:XR1# show rpl route-policy INBOUND inline Thu Jan 24 06:27:25.861 UTC route-policy INBOUND # apply RFC1918 if destination in (10.0.0.0/8 ge 8, 172.16.0.0/12 ge 12, 192.168.0.0/16 ge 16) then drop endif pass # end-apply RFC1918 if as-path exact-originates-from 109 and as-path exact-neighbor-is 1200 then assign local-preference 109 done elseif as-path exact-originates-from 27343 and as-path exact-neighbor-is 2000 then assign local-preference 27343 done endif # apply PASS-ALL pass # end-apply PASS-ALL end-policy ! RP/0/0/CPU0:XR1#

Step 3. Verify the routes and PASS-ALL RPLs show bgp ipv4 unicast show rpl route-policy states show rpl route-policy PASS-ALL attachpoints show rpl route-policy PASS-ALL references RP/0/0/CPU0:XR1# show bgp ipv4 unicast Thu Jan 24 06:30:00.300 UTC BGP router identifier 192.168.1.1, local AS number 100 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0xe0000000 RD version: 27 BGP main routing table version 27 BGP NSR Initial initsync version 9 (Reached)

104 | P a g e


BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs Status codes: s suppressed, d damped, h history, * valid, > best i - internal, r RIB-failure, S stale, N Nexthop-discard Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 5.5.1.0/24 100.64.1.1 0 0 1100 ? * 100.64.11.1 0 0 2000 ? *>i8.8.4.0/24 192.168.2.2 0 100 0 2000 2828 ? *> 8.8.8.0/24 100.64.1.1 0 0 1100 7018 i *>i10.100.100.0/24 192.168.100.100 0 100 0 i *>i164.144.11.0/24 192.168.2.2 0 109 0 1200 123 109 ? *> 164.144.22.0/24 100.64.11.1 0 27343 0 2000 123 27343 i *>i172.31.100.0/30 192.168.100.100 0 100 0 i *> 192.168.1.1/32 0.0.0.0 0 32768 i *>i192.168.2.2/32 192.168.2.2 0 100 0 i Processed 9 prefixes, 10 paths RP/0/0/CPU0:XR1# show rpl route-policy states Thu Jan 24 06:30:15.289 UTC ACTIVE -- Referenced by at least one policy which is attached INACTIVE -- Only referenced by policies which are not attached UNUSED -- Not attached (directly or indirectly) and not referenced The following policies are (ACTIVE) ------------------------------------------ route-policy INBOUND apply RFC1918 if as-path originates-from '109' exact and as-path neighbor-is '1200' exact then set local-preference 109 done elseif as-path originates-from '27343' exact and as-path neighbor-is '2000' exact then set local-preference 27343 done endif apply PASS-ALL end-policy ! route-policy PASS-ALL pass end-policy ! route-policy RFC1918 if destination in (10.0.0.0/8 ge 8, 172.16.0.0/12 ge 12, 192.168.0.0/16 ge 16) then drop endif pass end-policy ! The following policies are (INACTIVE) ------------------------------------------ None found with this status. The following policies are (UNUSED) ------------------------------------------ route-policy BAD-ASN if as-path in (ios-regex '_123_') then

105 | P a g e


drop endif pass end-policy ! RP/0/0/CPU0:XR1# show rpl route-policy PASS-ALL attachpoints Thu Jan 24 06:30:26.479 UTC BGP Attachpoint: Neighbor Neighbor/Group type afi/safi in/out vrf name bound by -------------------------------------------------------------------------------- 100.64.11.1 -- IPv4/uni out default PASS-ALL 192.168.1.1 -- IPv4/uni in VPN_01 PASS-ALL 192.168.1.1 -- IPv4/uni out VPN_01 PASS-ALL 100.64.1.1 -- IPv4/uni in default INBOUND 100.64.11.1 -- IPv4/uni in default INBOUND RP/0/0/CPU0:XR1# show rpl route-policy PASS-ALL references Thu Jan 24 06:30:35.158 UTC Usage Direct -- Reference occurs in this policy Usage Indirect -- Reference occurs via an apply statement Status UNUSED -- Policy is not in use at an attachpoint (unattached) Status ACTIVE -- Policy is actively used at an attachpoint Status INACTIVE -- Policy is applied by an unattached policy Usage/Status count -------------------------------------------------------------- Direct 1 Indirect 0 ACTIVE 1 INACTIVE 0 UNUSED 0 Usage Status Route-policy -------------------------------------------------------------- Direct ACTIVE INBOUND RP/0/0/CPU0:XR1#

Congratulations on finishing the lab, hope you enjoyed it!! Please, don’t forget to provide feedback

106 | P a g e


LTRARC-2002 Introduction to IOS-XR Lab Guide - Cisco Live

Documents

Transcript of LTRARC-2002 Introduction to IOS-XR Lab Guide - Cisco Live