Next Generation Enterprise MPLS VPN-Based MAN Design and Implementation Guide
Configurations and Logs for Each VPN
-
Next Generation Enterprise MPLS VPN-Based MAN Design and Implementation Guide
-
Problems/Solution Description
-
Technology Overview
-
MPLS-Based VPN MAN Reference Topology
-
Implementing Advanced Features on MPLS-Based VPNs
-
Management
-
Advanced Applications Over MPLS-Based VPNs
-
MPLS-Based VPN MAN Testing and Validation
-
Configurations and Logs for Each VPN
-
Platform-Specific Capabilities and Constraints
-
Terminology
-
Download this chapter
Download the complete book
Table Of Contents
Configurations and Logs for Each VPN
OSPF Backdoor Link Verifications
Configurations and Logs for Each VPN
This section includes the entire configurations from the Cisco 7600 and Cisco 12000 as PEs.
Cisco 7600 as PE
hostname 7600-DC2-PE3!boot system flash disk0:s72033-adventerprisek9_wan-mz.122-18.SXE2.bin!ip vrf blue-datard 10:1053route-target export 10:105route-target import 10:105mdt default 239.232.10.1!ip vrf blue-voicerd 10:1063route-target export 10:106route-target import 10:106mdt default 239.232.10.2!ip vrf red-datard 10:1033route-target export 10:103route-target import 10:103mdt default 239.232.10.3mdt data 239.232.20.32 0.0.0.15 threshold 1!ip vrf red-voicerd 10:1043route-target export 10:104route-target import 10:104mdt default 239.232.10.4mdt data 239.232.20.48 0.0.0.15 threshold 1!ip vrf sitemap!ip multicast-routingip multicast-routing vrf blue-dataip multicast-routing vrf blue-voiceip multicast-routing vrf red-dataip multicast-routing vrf red-voiceno ip domain-lookupvtp mode transparentmpls label protocol ldptag-switching tdp router-id Loopback0 forcemls ip multicast replication-mode ingressmls qos!interface Loopback0ip address 125.1.125.7 255.255.255.255ip pim sparse-mode!interface Loopback1ip vrf forwarding red-dataip address 125.1.125.103 255.255.255.255!interface GigabitEthernet1/1description To P1 - intf G4/0/0ip address 125.1.102.2 255.255.255.252ip pim sparse-modewrr-queue bandwidth 5 25 70wrr-queue queue-limit 5 25 40wrr-queue random-detect min-threshold 1 80 100 100 100 100 100 100 100wrr-queue random-detect min-threshold 2 80 100 100 100 100 100 100 100wrr-queue random-detect min-threshold 3 50 60 70 80 90 100 100 100wrr-queue random-detect max-threshold 1 100 100 100 100 100 100 100 100wrr-queue random-detect max-threshold 2 100 100 100 100 100 100 100 100wrr-queue random-detect max-threshold 3 60 70 80 90 100 100 100 100wrr-queue cos-map 1 1 1wrr-queue cos-map 2 1 0wrr-queue cos-map 3 1 4wrr-queue cos-map 3 2 2wrr-queue cos-map 3 3 3wrr-queue cos-map 3 4 6wrr-queue cos-map 3 5 7tag-switching ipmls qos trust dscp!interface GigabitEthernet1/2description To P2 - intf G1/9ip address 125.1.102.14 255.255.255.252ip pim sparse-modewrr-queue bandwidth 5 25 70wrr-queue queue-limit 5 25 40wrr-queue random-detect min-threshold 1 80 100 100 100 100 100 100 100wrr-queue random-detect min-threshold 2 80 100 100 100 100 100 100 100wrr-queue random-detect min-threshold 3 50 60 70 80 90 100 100 100wrr-queue random-detect max-threshold 1 100 100 100 100 100 100 100 100wrr-queue random-detect max-threshold 2 100 100 100 100 100 100 100 100wrr-queue random-detect max-threshold 3 60 70 80 90 100 100 100 100wrr-queue cos-map 1 1 1wrr-queue cos-map 2 1 0wrr-queue cos-map 3 1 4wrr-queue cos-map 3 2 2wrr-queue cos-map 3 3 3wrr-queue cos-map 3 4 6wrr-queue cos-map 3 5 7tag-switching ipmls qos trust dscp!interface GigabitEthernet1/3description To PE4 - intf TBDip address 125.1.102.21 255.255.255.252ip pim sparse-modewrr-queue bandwidth 5 25 70wrr-queue queue-limit 5 25 40wrr-queue random-detect min-threshold 1 80 100 100 100 100 100 100 100wrr-queue random-detect min-threshold 2 80 100 100 100 100 100 100 100wrr-queue random-detect min-threshold 3 50 60 70 80 90 100 100 100wrr-queue random-detect max-threshold 1 100 100 100 100 100 100 100 100wrr-queue random-detect max-threshold 2 100 100 100 100 100 100 100 100wrr-queue random-detect max-threshold 3 60 70 80 90 100 100 100 100wrr-queue cos-map 1 1 1wrr-queue cos-map 2 1 0wrr-queue cos-map 3 1 4wrr-queue cos-map 3 2 2wrr-queue cos-map 3 3 3wrr-queue cos-map 3 4 6wrr-queue cos-map 3 5 7tag-switching ipmls qos trust dscp!interface GigabitEthernet1/4description To DL2 - intf G5/1no ip addressload-interval 30wrr-queue bandwidth 5 25 70wrr-queue queue-limit 5 25 40wrr-queue random-detect min-threshold 1 80 100 100 100 100 100 100 100wrr-queue random-detect min-threshold 2 80 100 100 100 100 100 100 100wrr-queue random-detect min-threshold 3 50 60 70 80 90 100 100 100wrr-queue random-detect max-threshold 1 100 100 100 100 100 100 100 100wrr-queue random-detect max-threshold 2 100 100 100 100 100 100 100 100wrr-queue random-detect max-threshold 3 60 70 80 90 100 100 100 100wrr-queue cos-map 1 1 1wrr-queue cos-map 2 1 0wrr-queue cos-map 3 1 4wrr-queue cos-map 3 2 2wrr-queue cos-map 3 3 3wrr-queue cos-map 3 4 6wrr-queue cos-map 3 5 7mls qos trust dscp!interface GigabitEthernet1/4.1description RED-DATAencapsulation dot1Q 161ip vrf forwarding red-dataip address 125.1.102.33 255.255.255.252ip pim sparse-modewrr-queue bandwidth 5 25 70wrr-queue queue-limit 5 25 40wrr-queue random-detect min-threshold 1 80 100 100 100 100 100 100 100wrr-queue random-detect min-threshold 2 80 100 100 100 100 100 100 100wrr-queue random-detect min-threshold 3 50 60 70 80 90 100 100 100wrr-queue random-detect max-threshold 1 100 100 100 100 100 100 100 100wrr-queue random-detect max-threshold 2 100 100 100 100 100 100 100 100wrr-queue random-detect max-threshold 3 60 70 80 90 100 100 100 100wrr-queue cos-map 1 1 1wrr-queue cos-map 2 1 0wrr-queue cos-map 3 1 4wrr-queue cos-map 3 2 2wrr-queue cos-map 3 3 3wrr-queue cos-map 3 4 6wrr-queue cos-map 3 5 7!interface GigabitEthernet1/4.2description RED-VOICEencapsulation dot1Q 162ip vrf forwarding red-voiceip address 125.1.102.37 255.255.255.252ip pim sparse-modewrr-queue bandwidth 5 25 70wrr-queue queue-limit 5 25 40wrr-queue random-detect min-threshold 1 80 100 100 100 100 100 100 100wrr-queue random-detect min-threshold 2 80 100 100 100 100 100 100 100wrr-queue random-detect min-threshold 3 50 60 70 80 90 100 100 100wrr-queue random-detect max-threshold 1 100 100 100 100 100 100 100 100wrr-queue random-detect max-threshold 2 100 100 100 100 100 100 100 100wrr-queue random-detect max-threshold 3 60 70 80 90 100 100 100 100wrr-queue cos-map 1 1 1wrr-queue cos-map 2 1 0wrr-queue cos-map 3 1 4wrr-queue cos-map 3 2 2wrr-queue cos-map 3 3 3wrr-queue cos-map 3 4 6wrr-queue cos-map 3 5 7!interface GigabitEthernet1/5description To DL3 - intf G5/1no ip addressip pim sparse-modewrr-queue bandwidth 5 25 70wrr-queue queue-limit 5 25 40wrr-queue random-detect min-threshold 1 80 100 100 100 100 100 100 100wrr-queue random-detect min-threshold 2 80 100 100 100 100 100 100 100wrr-queue random-detect min-threshold 3 50 60 70 80 90 100 100 100wrr-queue random-detect max-threshold 1 100 100 100 100 100 100 100 100wrr-queue random-detect max-threshold 2 100 100 100 100 100 100 100 100wrr-queue random-detect max-threshold 3 60 70 80 90 100 100 100 100wrr-queue cos-map 1 1 1wrr-queue cos-map 2 1 0wrr-queue cos-map 3 1 4wrr-queue cos-map 3 2 2wrr-queue cos-map 3 3 3wrr-queue cos-map 3 4 6wrr-queue cos-map 3 5 7mls qos trust dscp!interface GigabitEthernet1/5.1description BLUE-DATAencapsulation dot1Q 163ip vrf forwarding blue-dataip vrf sitemap SoODL3ip address 125.1.102.41 255.255.255.252ip pim sparse-modewrr-queue bandwidth 5 25 70wrr-queue queue-limit 5 25 40wrr-queue random-detect min-threshold 1 80 100 100 100 100 100 100 100wrr-queue random-detect min-threshold 2 80 100 100 100 100 100 100 100wrr-queue random-detect min-threshold 3 50 60 70 80 90 100 100 100wrr-queue random-detect max-threshold 1 100 100 100 100 100 100 100 100wrr-queue random-detect max-threshold 2 100 100 100 100 100 100 100 100wrr-queue random-detect max-threshold 3 60 70 80 90 100 100 100 100wrr-queue cos-map 1 1 1wrr-queue cos-map 2 1 0wrr-queue cos-map 3 1 4wrr-queue cos-map 3 2 2wrr-queue cos-map 3 3 3wrr-queue cos-map 3 4 6wrr-queue cos-map 3 5 7!interface GigabitEthernet1/5.2description BLUE-VOICEencapsulation dot1Q 164ip vrf forwarding blue-voiceip address 125.1.102.45 255.255.255.252ip pim sparse-modewrr-queue bandwidth 5 25 70wrr-queue queue-limit 5 25 40wrr-queue random-detect min-threshold 1 80 100 100 100 100 100 100 100wrr-queue random-detect min-threshold 2 80 100 100 100 100 100 100 100wrr-queue random-detect min-threshold 3 50 60 70 80 90 100 100 100wrr-queue random-detect max-threshold 1 100 100 100 100 100 100 100 100wrr-queue random-detect max-threshold 2 100 100 100 100 100 100 100 100wrr-queue random-detect max-threshold 3 60 70 80 90 100 100 100 100wrr-queue cos-map 1 1 1wrr-queue cos-map 2 1 0wrr-queue cos-map 3 1 4wrr-queue cos-map 3 2 2wrr-queue cos-map 3 3 3wrr-queue cos-map 3 4 6wrr-queue cos-map 3 5 7!interface GigabitEthernet1/6description To SS2 - intf G3/1ip address 125.1.102.65 255.255.255.252wrr-queue cos-map 1 1 1wrr-queue cos-map 2 1 0wrr-queue cos-map 3 1 4wrr-queue cos-map 3 2 2wrr-queue cos-map 3 3 3wrr-queue cos-map 3 4 6wrr-queue cos-map 3 5 7tag-switching ipmls qos trust dscp!interface GigabitEthernet5/2ip address 172.26.185.109 255.255.255.0media-type rj45duplex full!router eigrp 1variance 2network 125.1.125.7 0.0.0.0network 125.0.0.0maximum-paths 8no auto-summary!router eigrp 10no auto-summary!address-family ipv4 vrf blue-voicevariance 2redistribute bgp 1 metric 1000000 100 255 1 1500network 125.1.2.128 0.0.0.127network 125.1.102.44 0.0.0.3maximum-paths 8no auto-summaryautonomous-system 11exit-address-family!address-family ipv4 vrf blue-datavariance 2redistribute bgp 1 metric 1000000 100 255 1 1500network 125.1.2.0 0.0.0.127network 125.1.102.40 0.0.0.3maximum-paths 8distance eigrp 210 210no auto-summaryautonomous-system 10exit-address-family!router ospf 1 vrf red-datalog-adjacency-changesarea 0 sham-link 125.1.125.103 125.1.125.108area 0 sham-link 125.1.125.103 125.1.125.107redistribute bgp 1 subnetsnetwork 125.1.102.32 0.0.0.3 area 0!router ospf 2 vrf red-voicelog-adjacency-changesredistribute bgp 1 subnetsnetwork 125.1.102.36 0.0.0.3 area 0!router bgp 1no synchronizationbgp log-neighbor-changesnetwork 125.1.125.103 mask 0.0.0.0neighbor 125.1.125.15 remote-as 1neighbor 125.1.125.15 update-source Loopback0neighbor 125.1.125.16 remote-as 1neighbor 125.1.125.16 update-source Loopback0no auto-summary!address-family vpnv4neighbor 125.1.125.15 activateneighbor 125.1.125.15 send-community extendedneighbor 125.1.125.16 activateneighbor 125.1.125.16 send-community extendedexit-address-family!address-family ipv4 vrf sitemapno auto-summaryno synchronizationexit-address-family!address-family ipv4 vrf red-voiceredistribute ospf 2 vrf red-voice match internal external 1 external 2no auto-summaryno synchronizationexit-address-family!address-family ipv4 vrf red-dataredistribute connected metric 1redistribute ospf 1 vrf red-data match internal external 1 external 2maximum-paths ibgp 6no auto-summaryno synchronizationexit-address-family!address-family ipv4 vrf blue-voiceredistribute eigrp 11maximum-paths ibgp unequal-cost 8no auto-summaryno synchronizationexit-address-family!address-family ipv4 vrf blue-dataredistribute eigrp 10maximum-paths ibgp unequal-cost 8no auto-summaryno synchronizationexit-address-family!ip classlessip route 0.0.0.0 0.0.0.0 172.26.185.1!no ip http serverip pim ssm range 1ip pim vrf blue-data rp-address 1.1.1.11 overrideip pim vrf blue-voice rp-address 2.2.2.11 overrideip pim vrf red-data rp-address 3.3.3.11 overrideip pim vrf red-voice rp-address 4.4.4.11 override!ip access-list standard mdtaclpermit 239.232.10.0 0.0.0.255permit 239.232.20.0 0.0.0.255ip access-list standard orgapermit 224.2.131.239permit 224.2.149.231permit 224.2.159.191permit 224.2.201.231permit 239.193.10.252!access-list 1 permit 239.232.0.0 0.0.255.255!route-map SoODL3 permit 10set extcommunity soo 3:1!Cisco 12000 as PE
hostname 12k-DC2-PE4!boot-start-markerboot system flash disk0:c12kprp-k4p-mz.120-31.S.binboot-end-marker!hw-module slot 2 qos interface queues 8!ip vrf blue-datard 10:1054route-target export 10:105route-target import 10:105mdt default 239.232.10.1mdt data 239.232.20.0 0.0.0.15 threshold 1!ip vrf blue-voicerd 10:1064route-target export 10:106route-target import 10:106mdt default 239.232.10.2mdt data 239.232.20.16 0.0.0.15 threshold 1!ip vrf red-datard 10:1034route-target export 10:103route-target import 10:103mdt default 239.232.10.3mdt data 239.232.20.32 0.0.0.15 threshold 1!ip vrf red-voicerd 10:1044route-target export 10:104route-target import 10:104mdt default 239.232.10.4mdt data 239.232.20.48 0.0.0.15 threshold 1!ip multicast-routing distributedip multicast-routing vrf blue-data distributedip multicast-routing vrf blue-voice distributedip multicast-routing vrf red-data distributedip multicast-routing vrf red-voice distributed!class-map match-any realtimematch mpls experimental 5class-map match-any realtime-2cematch qos-group 5class-map match-all red-voicematch vlan 166class-map match-any bulk-datamatch mpls experimental 1class-map match-any network-control-2cematch qos-group 7class-map match-any interwork-controlmatch mpls experimental 6class-map match-any network-controlmatch mpls experimental 7class-map match-any bulk-data-2cematch qos-group 1class-map match-any interwork-control-2cematch qos-group 6match precedence 6class-map match-any bus-criticalmatch mpls experimental 3class-map match-any trans-datamatch mpls experimental 2class-map match-all red-datamatch vlan 165class-map match-any bus-critical-2cematch qos-group 3class-map match-any trans-data-2cematch qos-group 2class-map match-any video-2cematch qos-group 4class-map match-any videomatch mpls experimental 4!policy-map q-core-outclass realtimeprioritypolice cir percent 30 bc 500 ms conform-action transmit exceed-action dropclass network-controlbandwidth remaining percent 7random-detectrandom-detect precedence 7 625 packets 4721 packets 1class interwork-controlbandwidth remaining percent 7random-detectrandom-detect precedence 6 625 packets 4721 packets 1class bus-criticalbandwidth remaining percent 14random-detectrandom-detect precedence 3 625 packets 4721 packets 1class trans-databandwidth remaining percent 14random-detectrandom-detect precedence 2 625 packets 4721 packets 1class videobandwidth remaining percent 14random-detectrandom-detect precedence 4 625 packets 4721 packets 1class bulk-databandwidth remaining percent 7random-detectrandom-detect precedence 1 625 packets 4721 packets 1class class-defaultbandwidth remaining percent 36random-detectrandom-detect precedence 0 625 packets 4721 packets 1policy-map q-2ce-out-1class network-control-2cebandwidth percent 7random-detect discard-class-basedrandom-detect discard-class 7 625 packets 4721 packets 1class interwork-control-2cebandwidth percent 7random-detect discard-class-basedrandom-detect discard-class 6 625 packets 4721 packets 1class bus-critical-2cebandwidth percent 14random-detect discard-class-basedrandom-detect discard-class 3 625 packets 4721 packets 1class trans-data-2cebandwidth percent 14random-detect discard-class-basedrandom-detect discard-class 2 625 packets 4721 packets 1class video-2cebandwidth percent 14random-detect discard-class-basedrandom-detect discard-class 4 625 packets 4721 packets 1class bulk-data-2cebandwidth percent 7random-detect discard-class-basedrandom-detect discard-class 1 625 packets 4721 packets 1class class-defaultbandwidth percent 36random-detect discard-class-basedrandom-detect discard-class 0 625 packets 4721 packets 1policy-map q-2ce-out-2class realtime-2ceprioritypolice cir percent 95 bc 500 ms conform-action transmit exceed-action dropclass interwork-control-2cebandwidth percent 3random-detectrandom-detect precedence 6 4720 packets 4721 packets 1class class-defaultbandwidth percent 2random-detectpolicy-map q-2ce-out-parentclass red-datashape average percent 60service-policy q-2ce-out-1class red-voiceshape average percent 40service-policy q-2ce-out-2policy-map egr-pe-inclass realtimeset qos-group 5set discard-class 5class network-controlset qos-group 7set discard-class 7class interwork-controlset qos-group 6set discard-class 6class bus-criticalset qos-group 3set discard-class 3class trans-dataset qos-group 2set discard-class 2class videoset qos-group 4set discard-class 4class bulk-dataset qos-group 1set discard-class 1!mpls label protocol ldptag-switching tdp router-id Loopback0 force!interface Loopback0ip address 125.1.125.8 255.255.255.255no ip directed-broadcastip pim sparse-mode!interface Loopback1ip vrf forwarding red-dataip address 125.1.125.104 255.255.255.255no ip directed-broadcast!interface GigabitEthernet2/0description To DL2 - intf G5/2no ip addressno ip directed-broadcastload-interval 30negotiation autoservice-policy output q-2ce-out-parent!interface GigabitEthernet2/0.1description RED-DATAencapsulation dot1Q 165ip vrf forwarding red-dataip address 125.1.102.49 255.255.255.252no ip directed-broadcastip pim sparse-mode!interface GigabitEthernet2/0.2description RED-VOICEencapsulation dot1Q 166ip vrf forwarding red-voiceip address 125.1.102.53 255.255.255.252no ip directed-broadcastip pim sparse-mode!interface GigabitEthernet2/1description To DL3 - intf G5/2no ip addressno ip directed-broadcastnegotiation auto!interface GigabitEthernet2/1.1description BLUE-DATAencapsulation dot1Q 167ip vrf forwarding blue-dataip vrf sitemap SoODL3ip address 125.1.102.57 255.255.255.252no ip directed-broadcastip pim sparse-modeservice-policy output q-2ce-out-data!interface GigabitEthernet2/1.2description BLUE-VOICEencapsulation dot1Q 168ip vrf forwarding blue-voiceip address 125.1.102.61 255.255.255.252no ip directed-broadcastip pim sparse-mode!interface GigabitEthernet3/0/0description To SS2 - intf G3/2ip address 125.1.102.69 255.255.255.252no ip directed-broadcastnegotiation autotag-switching ipservice-policy input egr-pe-inservice-policy output q-core-out!interface GigabitEthernet3/0/1description To P2 - intf G1/10ip address 125.1.102.18 255.255.255.252no ip directed-broadcastip pim sparse-modeload-interval 30negotiation autotag-switching ipservice-policy input egr-pe-inservice-policy output q-core-out!interface GigabitEthernet3/0/2description To PE3 - intf G1/3ip address 125.1.102.22 255.255.255.252no ip directed-broadcastip pim sparse-modenegotiation autotag-switching ipservice-policy input egr-pe-inservice-policy output q-core-out!interface GigabitEthernet3/3/0description To P1 - intf G4/0/2ip address 125.1.102.6 255.255.255.252no ip directed-broadcastip pim sparse-modeload-interval 30negotiation autotag-switching ipservice-policy input egr-pe-inservice-policy output q-core-out!interface Ethernet2description Mgmtip address 172.26.185.108 255.255.255.0no ip directed-broadcastno ip route-cacheno ip mroute-cache!router eigrp 1!address-family ipv4variance 2network 125.1.125.8 0.0.0.0network 125.0.0.0maximum-paths 8exit-address-family!router eigrp 10!address-family ipv4exit-address-family!address-family ipv4 vrf blue-voicevariance 2redistribute bgp 1 metric 1000000 100 255 1 1500network 125.1.2.128 0.0.0.127network 125.1.102.60 0.0.0.3maximum-paths 8autonomous-system 11exit-address-family!address-family ipv4 vrf blue-datavariance 2redistribute bgp 1 metric 1000000 100 255 1 1500network 125.1.2.0 0.0.0.127network 125.1.102.56 0.0.0.3maximum-paths 8distance eigrp 210 210autonomous-system 10exit-address-family!router ospf 1 vrf red-datalog-adjacency-changesarea 0 sham-link 125.1.125.104 125.1.125.107area 0 sham-link 125.1.125.104 125.1.125.108redistribute bgp 1 subnetsnetwork 125.1.102.48 0.0.0.3 area 0!router ospf 2 vrf red-voicelog-adjacency-changesredistribute bgp 1 subnetsnetwork 125.1.102.52 0.0.0.3 area 0!router bgp 1no synchronizationbgp log-neighbor-changesneighbor 125.1.125.15 remote-as 1neighbor 125.1.125.15 update-source Loopback0neighbor 125.1.125.16 remote-as 1neighbor 125.1.125.16 update-source Loopback0no auto-summary!address-family ipv4 mdtneighbor 125.1.125.15 activateneighbor 125.1.125.15 send-community extendedneighbor 125.1.125.16 activateneighbor 125.1.125.16 send-community extendedexit-address-family!address-family vpnv4neighbor 125.1.125.15 activateneighbor 125.1.125.15 send-community extendedneighbor 125.1.125.16 activateneighbor 125.1.125.16 send-community extendedexit-address-family!address-family ipv4 vrf red-voiceredistribute ospf 2 vrf red-voice match internal external 1 external 2maximum-paths ibgp unequal-cost 6no auto-summaryno synchronizationexit-address-family!address-family ipv4 vrf red-dataredistribute connected metric 1redistribute ospf 1 vrf red-data match internal external 1 external 2maximum-paths ibgp 2no auto-summaryno synchronizationexit-address-family!address-family ipv4 vrf blue-voiceredistribute eigrp 11maximum-paths ibgp unequal-cost 8no auto-summaryno synchronizationexit-address-family!address-family ipv4 vrf blue-dataredistribute eigrp 10maximum-paths ibgp unequal-cost 8no auto-summaryno synchronizationexit-address-family!ip classlessip route 0.0.0.0 0.0.0.0 172.26.185.1!ip pim ssm range 1ip pim vrf blue-data rp-address 1.1.1.11 overrideip pim vrf blue-voice rp-address 2.2.2.11 overrideip pim vrf red-data rp-address 3.3.3.11 overrideip pim vrf red-voice rp-address 4.4.4.11 override!ip access-list standard mdtaclpermit 239.232.10.0 0.0.0.255permit 239.232.20.0 0.0.0.255ip access-list standard orgapermit 224.2.131.239permit 224.2.149.231permit 224.2.159.191permit 224.2.201.231permit 239.193.10.252rx-cos-slot all SLOT_TABLE!slot-table-cos SLOT_TABLEdestination-slot all GE_policymulticast GE-multicast!cos-queue-group GE-multicastprecedence 4 queue 4!cos-queue-group GE_policyprecedence 0 random-detect-label 1precedence 1 queue 1precedence 1 random-detect-label 1precedence 2 queue 2precedence 2 random-detect-label 1precedence 3 queue 3precedence 3 random-detect-label 1precedence 4 queue 4precedence 4 random-detect-label 1precedence 5 queue low-latencyprecedence 6 queue 5precedence 6 random-detect-label 1precedence 7 queue 6precedence 7 random-detect-label 1random-detect-label 1 625 4721 1queue 1 2queue 2 4queue 3 4queue 4 4queue 5 2queue 6 2queue low-latency strict-priorityaccess-list 1 permit 239.232.0.0 0.0.255.255route-map SoODL3 permit 10set extcommunity soo 3:1Service Validation
Core Verification
1.
Ping tests to show each core device is accessible.
Threre are four core routers, P1....P4. 10 PEs, and two Route Reflectors.
All of these devices should be able to communicate. A good test would be to run ping tests from one of the Route Reflectors. (Notice 125.1.125.1 to .4 are Ps, .5 to .14 are PEs and .15 is RR1 and .16 is RR2).
7200-DC2-RR1#ping 125.1.125.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 125.1.125.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms7200-DC2-RR1#ping 125.1.125.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 125.1.125.2, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms7200-DC2-RR1#ping 125.1.125.3Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 125.1.125.3, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms7200-DC2-RR1#ping 125.1.125.4Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 125.1.125.4, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms7200-DC2-RR1#ping 125.1.125.5Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 125.1.125.5, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms7200-DC2-RR1#ping 125.1.125.6Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 125.1.125.6, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms7200-DC2-RR1#ping 125.1.125.7Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 125.1.125.7, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms7200-DC2-RR1#ping 125.1.125.8Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 125.1.125.8, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms7200-DC2-RR1#ping 125.1.125.9Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 125.1.125.9, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms7200-DC2-RR1#ping 125.1.125.10Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 125.1.125.10, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms7200-DC2-RR1#ping 125.1.125.11Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 125.1.125.11, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms7200-DC2-RR1#ping 125.1.125.12Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 125.1.125.12, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms7200-DC2-RR1#ping 125.1.125.13Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 125.1.125.13, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms7200-DC2-RR1#ping 125.1.125.14Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 125.1.125.14, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms7200-DC2-RR1#ping 125.1.125.15Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 125.1.125.15, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms7200-DC2-RR1#ping 125.1.125.16Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 125.1.125.16, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms7200-DC2-RR1#2.
Notice 125.1.101.x is used for VPN links in DC1. 125.1.102.x is used for VPN links in DC2, 125.1.103.x is used for VPN links in LC, 125.1.104.x for VPN links in MC, and 125.1.105.x for VPN links in SC1 which should not exist in the global table.
7600-LC-P4#sh ip ro 125.1.101.0% Subnet not in table7600-LC-P4#7600-LC-P4#sh ip ro 125.1.104.0% Subnet not in table7600-LC-P4#7600-LC-P4#sh ip ro 125.1.105.0% Subnet not in table7600-LC-P4#Notice that no VRF information is stored on the core routers:
7600-LC-P4#sh ip vrf7600-LC-P4#3.
For example, PE1 to P3 Interface:
7600-LC-P4# sh mpls forwarding-table 125.1.100.32Local Outgoing Prefix Bytes tag Outgoing Next Hoptag tag or VC or Tunnel Id switched interface36 33 125.1.100.32/30 0 Gi1/6 125.1.100.8933 125.1.100.32/30 0 Gi1/7 125.1.100.9350 125.1.100.32/30 0 Gi1/2 125.1.100.2950 125.1.100.32/30 0 Gi1/1 125.1.100.25PE7 to P1 Interface:
7600-LC-P4# sh mpls forwarding-table 125.1.100.0Local Outgoing Prefix Bytes tag Outgoing Next Hoptag tag or VC or Tunnel Id switched interface43 Pop tag 125.1.100.0/30 0 Gi1/6 125.1.100.89Pop tag 125.1.100.0/30 0 Gi1/7 125.1.100.93Full LFIB table can be viewed using the sh mpls forwarding-table command:
7600-LC-P4#sh mpls forwarding-tableLocal Outgoing Prefix Bytes tag Outgoing Next Hoptag tag or VC or Tunnel Id switched interface16 Pop tag 125.1.125.10/32 26684 Gi1/8 125.1.103.2217 Pop tag 125.1.103.4/30 0 Gi1/7 125.1.100.93Pop tag 125.1.103.4/30 0 Gi1/6 125.1.100.89Pop tag 125.1.103.4/30 0 Gi1/8 125.1.103.2218 Pop tag 125.1.125.3/32 2437 Gi1/6 125.1.100.89Pop tag 125.1.125.3/32 0 Gi1/7 125.1.100.93...................etc.
4.
Edge Verification
1.
2.
3.
4.
Baseline MPLS VPN
The VRF red-data on PE3 is used as the reference for highlighting the service validation steps, which are useful in troubleshooting as well. The following example examines the reachability to 3.3.3.13/32, which resides in DC1.
1.
7600-DC2-PE3#sh ip route vrf red-data 3.3.3.13Routing entry for 3.3.3.13/32Known via "bgp 1", distance 200, metric 2, type internalRedistributing via ospf 1Advertised by ospf 1 subnetsLast update from 125.1.125.6 00:13:13 agoRouting Descriptor Blocks:* 125.1.125.5 (Default-IP-Routing-Table), from 125.1.125.15, 00:13:13 agoRoute metric is 2, traffic share count is 1AS Hops 0125.1.125.6 (Default-IP-Routing-Table), from 125.1.125.15, 00:13:13 agoRoute metric is 2, traffic share count is 1AS Hops 02.
7600-DC2-PE3#sh ip route 125.1.125.6Routing entry for 125.1.125.6/32Known via "eigrp 1", distance 90, metric 131072, type internalRedistributing via eigrp 1Last update from 125.1.102.13 on GigabitEthernet1/2, 23:59:59 agoRouting Descriptor Blocks:* 125.1.102.13, from 125.1.102.13, 23:59:59 ago, via GigabitEthernet1/2Route metric is 131072, traffic share count is 1Total delay is 5020 microseconds, minimum bandwidth is 1000000 KbitReliability 255/255, minimum MTU 1500 bytesLoading 1/255, Hops 27600-DC2-PE3#sh ip route 125.1.125.5Routing entry for 125.1.125.5/32Known via "eigrp 1", distance 90, metric 131072, type internalRedistributing via eigrp 1Last update from 125.1.102.1 on GigabitEthernet1/1, 1d00h agoRouting Descriptor Blocks:* 125.1.102.1, from 125.1.102.1, 1d00h ago, via GigabitEthernet1/1Route metric is 131072, traffic share count is 1Total delay is 5020 microseconds, minimum bandwidth is 1000000 KbitReliability 255/255, minimum MTU 1500 bytesLoading 1/255, Hops 23.
7600-DC2-PE3#sh ip bgp vpnv4 vrf red-data 3.3.3.13BGP routing table entry for 10:1033:3.3.3.13/32, version 266Paths: (2 available, best #1, table red-data)Multipath: iBGPNot advertised to any peerLocal, imported path from 10:1031:3.3.3.13/32125.1.125.5 (metric 131072) from 125.1.125.15 (125.1.125.15)Origin incomplete, metric 2, localpref 100, valid, internal, multipath, bestExtended Community: RT:10:103 OSPF DOMAIN ID:0x0005:0x000000010200OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:125.1.101.1:512Originator: 125.1.125.5, Cluster list: 125.1.125.15Local, imported path from 10:1032:3.3.3.13/32125.1.125.6 (metric 131072) from 125.1.125.15 (125.1.125.15)Origin incomplete, metric 2, localpref 100, valid, internal, multipathExtended Community: RT:10:103 OSPF DOMAIN ID:0x0005:0x000000010200OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:125.1.101.9:512Originator: 125.1.125.6, Cluster list: 125.1.125.154.
7600-DC2-PE3#sh ip cef vrf red-data 3.3.3.133.3.3.13/32, version 34, epoch 00 packets, 0 bytestag information set, all rewrites ownedlocal tag: VPN-route-headvia 125.1.125.5, 0 dependencies, recursivetraffic share 1next hop 125.1.102.1, GigabitEthernet1/1 via 125.1.125.5/32 (Default)valid adjacencytag rewrite with Gi1/1, 125.1.102.1, tags imposed: {62 74}via 125.1.125.6, 0 dependencies, recursivetraffic share 1next hop 125.1.102.13, GigabitEthernet1/2 via 125.1.125.6/32 (Default)valid adjacencytag rewrite with Gi1/2, 125.1.102.13, tags imposed: {16 73}0 packets, 0 bytes switched through the prefixtmstats: external 0 packets, 0 bytesinternal 0 packets, 0 bytes5.
7600-DC2-PE3#sh mpls for 125.1.125.5Local Outgoing Prefix Bytes tag Outgoing Next Hoptag tag or VC or Tunnel Id switched interface89 62 125.1.125.5/32 0 Gi1/1 125.1.102.17600-DC2-PE3#sh mpls for 125.1.125.6Local Outgoing Prefix Bytes tag Outgoing Next Hoptag tag or VC or Tunnel Id switched interface47 16 125.1.125.6/32 0 Gi1/2 125.1.102.136.
7600-DC2-PE3#ping mpls ip 125.1.125.5/32 verSending 5, 100-byte MPLS Echos to 125.1.125.5/32,timeout is 2 seconds, send interval is 0 msec:Codes: '!' - success, 'Q' - request not transmitted,'.' - timeout, 'U' - unreachable,'R' - downstream router but not target,'M' - malformed requestType escape sequence to abort.! 125.1.100.62, return code 3! 125.1.100.62, return code 3! 125.1.100.62, return code 3! 125.1.100.62, return code 3! 125.1.100.62, return code 3Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms7.
7600-DC2-PE3# ping vrf red-data ip 3.3.3.13Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 3.3.3.13, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms8.
7600-DC2-PE3#sh cef dropCEF Drop StatisticsSlot Encap_fail Unresolved Unsupported No_route No_adj ChkSum_ErrRP 5 0 0 0 0 05 0 0 0 0 0 01 0 0 0 0 0 06 0 0 0 0 0 025 0 0 0 0 0 0IPv6 CEF Drop StatisticsSlot Encap_fail Unresolved Unsupported No_route No_adjRP 0 0 0 0 07600-DC2-PE3#sh cef not-cef-switchedCEF Packets passed on to next switching layerSlot No_adj No_encap Unsupp'ted Redirect Receive Options Access FragRP 0 0 1 0 54016 0 0 05 0 0 0 0 0 0 0 01 0 0 0 0 0 0 0 06 0 0 0 0 0 0 0 025 0 0 0 0 0 0 0 0IPv6 CEF Packets passed on to next switching layerSlot No_adj No_encap Unsupp'ted Redirect Receive Options Access MTURP 0 0 0 0 0 0 0 0For checking whether the locally originated route is advertised to remote PEs correctly, the following steps may be performed:
1.
7600-DC2-PE3#sh ip ospf nei g1/4.1Neighbor ID Pri State Dead Time Address Interface3.3.3.12 1 FULL/DR 00:00:32 125.1.102.34 GigabitEthernet1/4.12.
7600-DC2-PE3#sh ip route vrf red-data 3.3.3.12Routing entry for 3.3.3.12/32Known via "ospf 1", distance 110, metric 2, type intra areaRedistributing via bgp 1Advertised by bgp 1 match internal external 1 & 2Last update from 125.1.102.34 on GigabitEthernet1/4.1, 00:27:03 agoRouting Descriptor Blocks:* 125.1.102.34, from 3.3.3.12, 00:27:03 ago, via GigabitEthernet1/4.1Route metric is 2, traffic share count is 13.
7600-DC2-PE3#sh ip bgp vpnv4 vrf red-data 3.3.3.12BGP routing table entry for 10:1033:3.3.3.12/32, version 16756Paths: (2 available, best #2, table red-data)Multipath: iBGPAdvertised to update-groups:1Local, imported path from 10:1034:3.3.3.12/32125.1.125.8 (metric 130816) from 125.1.125.15 (125.1.125.15)Origin incomplete, metric 2, localpref 100, valid, internalExtended Community: RT:10:103 OSPF DOMAIN ID:0x0005:0x000000010200OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:125.1.125.104:0Originator: 125.1.125.8, Cluster list: 125.1.125.15Local125.1.102.34 from 0.0.0.0 (125.1.125.7)Origin incomplete, metric 2, localpref 100, weight 32768, valid, sourced, bestExtended Community: RT:10:103 OSPF DOMAIN ID:0x0005:0x000000010200OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:125.1.125.103:512OSPF Backdoor Link Verifications
Traceroute results from DL2 to DL6 demonstrate that without the backdoor link, traffic flows over an MPLS network:
DL2-DC2-RED#traceroute vrf red-data 1.1.1.16Type escape sequence to abort.Tracing the route to 1.1.1.161 125.1.102.49 0 msec125.1.102.33 0 msec125.1.102.49 0 msec2 125.1.102.1 [MPLS: Labels 52/76 Exp 0] 4 msec125.1.102.17 [MPLS: Labels 63/76 Exp 0] 0 msec125.1.102.1 [MPLS: Labels 52/76 Exp 0] 0 msec3 125.1.104.9 [MPLS: Label 76 Exp 0] 0 msec125.1.104.1 [MPLS: Label 76 Exp 0] 0 msec125.1.104.9 [MPLS: Label 76 Exp 0] 0 msec4 125.1.104.2 4 msec125.1.104.10 0 msec *DL2-DC2-RED#Traceroute from DL2 to DL1 demonstrates that without the backdoor link, traffic flows over an MPLS network:
DL2-DC2-RED# traceroute vrf red-data 1.1.1.1Type escape sequence to abort.Tracing the route to 1.1.1.11 125.1.102.49 0 msec125.1.102.33 0 msec125.1.102.49 4 msec2 125.1.102.13 [MPLS: Labels 54/20 Exp 0] 0 msec125.1.102.17 [MPLS: Labels 54/20 Exp 0] 0 msec125.1.102.13 [MPLS: Labels 54/20 Exp 0] 0 msec3 125.1.101.9 [MPLS: Label 20 Exp 0] 0 msec 0 msec 0 msec4 125.1.101.10 4 msec * 0 msecDL2-DC2-RED#sh ip ro vrf red-dataRouting Table: red-dataGateway of last resort is not set1.0.0.0/32 is subnetted, 3 subnetsO IA 1.1.1.1 [110/3] via 125.1.102.49, 01:29:09, GigabitEthernet5/2.1[110/3] via 125.1.102.33, 01:29:09, GigabitEthernet5/1.1O IA 1.1.1.16 [110/3] via 125.1.102.49, 01:29:09, GigabitEthernet5/2.1[110/3] via 125.1.102.33, 01:29:09, GigabitEthernet5/1.1Traceroute from DL1 to DL6 demonstrates that without the backdoor link, traffic flows over an MPLS network:
DL1-DC1-RED#traceroute vrf red-data 1.1.1.16Type escape sequence to abort.Tracing the route to 1.1.1.161 125.1.101.1 0 msec125.1.101.9 4 msec125.1.101.1 0 msec2 125.1.100.73 [MPLS: Labels 32/76 Exp 0] 0 msec125.1.100.57 [MPLS: Labels 52/76 Exp 0] 0 msec125.1.100.73 [MPLS: Labels 32/76 Exp 0] 0 msec3 125.1.104.1 [MPLS: Label 76 Exp 0] 0 msec125.1.100.38 [MPLS: Labels 24/76 Exp 0] 4 msec125.1.104.1 [MPLS: Label 76 Exp 0] 0 msec4 125.1.104.1 [MPLS: Label 76 Exp 0] 0 msec125.1.104.2 0 msec125.1.104.1 [MPLS: Label 76 Exp 0] 0 msecDL6-MC-RED# sh ip ro (all the routes except for C and all the remote VPN sites are IA, 125.1.141.0/24- .148 are E):Gateway of last resort is 172.26.185.1 to network 0.0.0.01.0.0.0/32 is subnetted, 3 subnetsO IA 1.1.1.1 [110/3] via 125.1.104.9, 1d04h, GigabitEthernet2/2[110/3] via 125.1.104.1, 1d04h, GigabitEthernet2/1C 1.1.1.16 is directly connected, Loopback0O IA 1.1.1.23 [110/3] via 125.1.104.1, 2d01h, GigabitEthernet2/1[110/3] via 125.1.104.9, 2d01h, GigabitEthernet2/2100.0.0.0/30 is subnetted, 2560 subnetsO IA 100.1.37.64 [110/5] via 125.1.104.9, 02:59:39, GigabitEthernet2/2[110/5] via 125.1.104.1, 02:59:39, GigabitEthernet2/1[110/20] via 125.1.104.1, 01:49:03, GigabitEthernet2/1O E2 125.1.147.0/24 [110/20] via 125.1.104.9, 01:49:03, GigabitEthernet2/2[110/20] via 125.1.104.1, 01:49:03, GigabitEthernet2/1O E2 125.1.141.0/24 [110/20] via 125.1.104.9, 01:49:03, GigabitEthernet2/2[110/20] via 125.1.104.1, 01:49:03, GigabitEthernet2/1O E2 125.1.142.0/24 [110/20] via 125.1.104.9, 01:49:03, GigabitEthernet2/2[110/20] via 125.1.104.1, 01:49:03, GigabitEthernet2/112.0.0.0/27 is subnetted, 2 subnetsO IA 12.0.13.0 [110/4] via 125.1.104.9, 03:01:50, GigabitEthernet2/2[110/4] via 125.1.104.1, 03:01:50, GigabitEthernet2/1O IA 12.0.9.0 [110/4] via 125.1.104.1, 03:01:56, GigabitEthernet2/1[110/4] via 125.1.104.9, 03:01:56, GigabitEthernet2/2With the backdoor link, but without enabling OSPF sham-link:
Traceroute from DL2 to DL6 shows traffic flowing over the backdoor link:
DL2-DC2-RED#traceroute vrf red-data 1.1.1.16Type escape sequence to abort.Tracing the route to 1.1.1.161 125.1.99.2 0 msec 0 msec 4 msec2 125.1.99.5 0 msec * 0 msecDL2-DC2-RED#Traceroute from DL6 to DL2 shows traffic flowing over the backdoor link:
DL6-MC-RED#traceroute 1.1.1.23Type escape sequence to abort.Tracing the route to 1.1.1.231 125.1.99.6 0 msec 0 msec 0 msec2 125.1.99.1 0 msec * 0 msecDL6-MC-RED#Traceroute from DL2 to DL1m shows traffic flowing over the MPLS VPN network:
DL2-DC2-RED#traceroute vrf red-data 1.1.1.1Type escape sequence to abort.Tracing the route to 1.1.1.11 125.1.102.49 0 msec125.1.102.33 0 msec125.1.102.49 0 msec2 125.1.102.13 [MPLS: Labels 26/68 Exp 0] 0 msec125.1.102.17 [MPLS: Labels 26/68 Exp 0] 0 msec125.1.102.13 [MPLS: Labels 26/68 Exp 0] 0 msec3 125.1.101.9 [MPLS: Label 68 Exp 0] 4 msec 0 msec 0 msec4 125.1.101.10 0 msec * 0 msecTraceroute from DL1 to DL6 shows traffic flowing over the MPLS VPN network:
DL1-DC1-RED# traceroute vrf red-data 1.1.1.16Type escape sequence to abort.Tracing the route to 1.1.1.161 125.1.101.1 0 msec125.1.101.9 0 msec125.1.101.1 4 msec2 125.1.100.69 [MPLS: Labels 59/73 Exp 0] 0 msec125.1.100.61 [MPLS: Labels 63/76 Exp 0] 0 msec125.1.100.69 [MPLS: Labels 59/73 Exp 0] 0 msec3 125.1.104.1 [MPLS: Label 76 Exp 0] 0 msec125.1.104.9 [MPLS: Label 73 Exp 0] 0 msec125.1.104.1 [MPLS: Label 76 Exp 0] 4 msec4 125.1.104.10 0 msec125.1.104.2 0 msec *Traceroute from the backdoor link router to DL1, DL2 and DL6:
3600-bd-red#traceroute 1.1.1.1Type escape sequence to abort.Tracing the route to 1.1.1.11 125.1.99.5 0 msec125.1.99.1 0 msec125.1.99.5 0 msec2 125.1.102.49 4 msec125.1.104.9 0 msec125.1.102.49 0 msec3 125.1.100.37 [MPLS: Labels 47/73 Exp 0] 4 msec125.1.102.17 [MPLS: Labels 26/68 Exp 0] 0 msec125.1.100.37 [MPLS: Labels 47/73 Exp 0] 4 msec4 125.1.101.9 [MPLS: Label 68 Exp 0] 0 msec125.1.100.74 [MPLS: Labels 23/73 Exp 0] 0 msec125.1.101.9 [MPLS: Label 68 Exp 0] 0 msec5 125.1.101.1 [MPLS: Label 73 Exp 0] 0 msec125.1.101.10 4 msec125.1.101.1 [MPLS: Label 73 Exp 0] 0 msec3600-bd-red#traceroute 1.1.1.23Type escape sequence to abort.Tracing the route to 1.1.1.231 125.1.99.1 0 msec * 0 msec3600-bd-red#traceroute 1.1.1.16Type escape sequence to abort.Tracing the route to 1.1.1.161 125.1.99.5 0 msec * 0 msec3600-bd-red#With the backdoor link between Data Center 2 (DL2) and Medium Campus (DL6), but OSPF sham-link configured on the relevant PEs; in this case, between PE3, PE4 and PE7, PE8 pairs:
Traceroute from DL2 to DL6 shows traffic flowing over the MPLS network:DL2-DC2-RED#traceroute vrf red-data 1.1.1.16Type escape sequence to abort.Tracing the route to 1.1.1.161 125.1.102.33 0 msec125.1.102.49 0 msec125.1.102.33 0 msec2 125.1.102.5 [MPLS: Labels 63/76 Exp 0] 0 msec125.1.102.1 [MPLS: Labels 63/76 Exp 0] 0 msec125.1.102.5 [MPLS: Labels 63/76 Exp 0] 0 msec3 125.1.104.1 [MPLS: Label 76 Exp 0] 4 msec 0 msec 0 msec4 125.1.104.2 0 msec * 0 msecTraceroute from DL6 to DL2 shows traffic flowing over the MPLS VPN network:
DL6-MC-RED#traceroute 1.1.1.23Type escape sequence to abort.Tracing the route to 1.1.1.231 125.1.104.1 0 msec125.1.104.9 0 msec125.1.104.1 0 msec2 125.1.100.37 [MPLS: Labels 50/88 Exp 0] 4 msec125.1.100.33 [MPLS: Labels 37/88 Exp 0] 0 msec125.1.100.37 [MPLS: Labels 50/88 Exp 0] 0 msec3 125.1.102.33 [MPLS: Label 88 Exp 0] 0 msec 0 msec 0 msec4 125.1.102.34 0 msec * 0 msecQoS
Because only queueing was implemented on the Cisco 7600 PEs, the verification involves checking to see whether DSCP is being trusted as configured and whether priority for real-time traffic is maintained in case of congestion.
Oversubscribing the PE to CE egress link:
7600-DC2-PE3#sh queueing int g1/4Interface GigabitEthernet1/4 queueing strategy: Weighted Round-RobinPort QoS is enabledTrust state: trust DSCPExtend trust state: not trusted [COS = 0]Default COS is 0Queueing Mode In Tx direction: mode-cosTransmit queues [type = 1p3q8t]:Queue Id Scheduling Num of thresholds-----------------------------------------01 WRR 0802 WRR 0803 WRR 0804 Priority 01WRR bandwidth ratios: 5[queue 1] 25[queue 2] 70[queue 3]queue-limit ratios: 5[queue 1] 25[queue 2] 40[queue 3]queue tail-drop-thresholds--------------------------1 70[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8]2 70[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8]3 100[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8]queue random-detect-min-thresholds----------------------------------1 80[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8]2 80[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8]3 50[1] 60[2] 70[3] 80[4] 90[5] 100[6] 100[7] 100[8]queue random-detect-max-thresholds----------------------------------1 100[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8]2 100[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8]3 60[1] 70[2] 80[3] 90[4] 100[5] 100[6] 100[7] 100[8]WRED disabled queues:queue thresh cos-map---------------------------------------1 1 11 21 31 41 51 61 71 82 1 02 22 32 42 52 62 72 83 1 43 2 23 3 33 4 63 5 73 63 73 84 1 5Queueing Mode In Rx direction: mode-cosReceive queues [type = 2q8t]:Queue Id Scheduling Num of thresholds-----------------------------------------01 WRR 0802 WRR 08WRR bandwidth ratios: 100[queue 1] 0[queue 2]queue-limit ratios: 100[queue 1] 0[queue 2]queue tail-drop-thresholds--------------------------1 100[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8]2 100[1] 100[2] 100[3] 100[4] 100[5] 100[6] 100[7] 100[8]queue thresh cos-map---------------------------------------1 1 0 1 2 3 4 5 6 71 21 31 41 51 61 71 82 12 22 32 42 52 62 72 8Packets dropped on Transmit:queue dropped [cos-map]---------------------------------------------1 11686 [1 ]2 0 [0 ]3 0 [4 2 3 6 7 ]4 0 [5 ]Packets dropped on Receive:queue dropped [cos-map]---------------------------------------------1 0 [0 1 2 3 4 5 6 7 ]2 0 []Multicast
The multicast service can be verified by performing the following steps. PE3 is the PE closest to the source, and PE8 is the PE closest to the test receiver.
1.
sh ip pim mdt bgp7600-DC2-PE3#sh ip pim mdt bgpPeer (Route Distinguisher + IPv4) Next HopMDT group 239.232.10.42:10:1041:125.1.125.5 125.1.125.52:10:1042:125.1.125.6 125.1.125.62:10:1044:125.1.125.8 125.1.125.8MDT group 239.232.10.12:10:1054:125.1.125.8 125.1.125.82:10:1055:125.1.125.9 125.1.125.92:10:1056:125.1.125.10 125.1.125.102:10:105:125.1.125.13 125.1.125.13MDT group 239.232.10.32:10:1031:125.1.125.5 125.1.125.52:10:1032:125.1.125.6 125.1.125.62:10:1034:125.1.125.8 125.1.125.82:10:1037:125.1.125.11 125.1.125.112:10:1038:125.1.125.12 125.1.125.12MDT group 239.232.10.22:10:1064:125.1.125.8 125.1.125.82:10:1065:125.1.125.9 125.1.125.92:10:1066:125.1.125.10 125.1.125.102:10:106:125.1.125.13 125.1.125.13sh ip bgp vpnv4 all7600-DC2-PE3#sh ip bgp vpnv4 allBGP table version is 32649, local router ID is 125.1.125.7Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,S StaleOrigin codes: i - IGP, e - EGP, ? - incompleteNetwork Next Hop Metric LocPrf Weight Path<snip>Route Distinguisher: 2:10:105* i125.1.125.13/32 125.1.125.13 0 100 0 ?*>i 125.1.125.13 0 100 0 ?Route Distinguisher: 2:10:106* i125.1.125.13/32 125.1.125.13 0 100 0 ?*>i 125.1.125.13 0 100 0 ?Route Distinguisher: 2:10:1031* i125.1.125.5/32 125.1.125.5 0 100 0 ?*>i 125.1.125.5 0 100 0 ?Route Distinguisher: 2:10:1032* i125.1.125.6/32 125.1.125.6 0 100 0 ?*>i 125.1.125.6 0 100 0 ?Route Distinguisher: 2:10:1033*> 125.1.125.7/32 0.0.0.0 0 ?Route Distinguisher: 2:10:1034* i125.1.125.8/32 125.1.125.8 0 100 0 ?*>i 125.1.125.8 0 100 0 ?Route Distinguisher: 2:10:1037* i125.1.125.11/32 125.1.125.11 0 100 0 ?*>i 125.1.125.11 0 100 0 ?Route Distinguisher: 2:10:1038* i125.1.125.12/32 125.1.125.12 0 100 0 ?*>i 125.1.125.12 0 100 0 ?Route Distinguisher: 2:10:1041* i125.1.125.5/32 125.1.125.5 0 100 0 ?*>i 125.1.125.5 0 100 0 ?Route Distinguisher: 2:10:1042* i125.1.125.6/32 125.1.125.6 0 100 0 ?*>i 125.1.125.6 0 100 0 ?Route Distinguisher: 2:10:1043*> 125.1.125.7/32 0.0.0.0 0 ?Route Distinguisher: 2:10:1044* i125.1.125.8/32 125.1.125.8 0 100 0 ?*>i 125.1.125.8 0 100 0 ?Route Distinguisher: 2:10:1053*> 125.1.125.7/32 0.0.0.0 0 ?Route Distinguisher: 2:10:1054Network Next Hop Metric LocPrf Weight Path* i125.1.125.8/32 125.1.125.8 0 100 0 ?*>i 125.1.125.8 0 100 0 ?Route Distinguisher: 2:10:1055* i125.1.125.9/32 125.1.125.9 0 100 0 ?*>i 125.1.125.9 0 100 0 ?Route Distinguisher: 2:10:1056* i125.1.125.10/32 125.1.125.10 0 100 0 ?*>i 125.1.125.10 0 100 0 ?Route Distinguisher: 2:10:1063*> 125.1.125.7/32 0.0.0.0 0 ?Route Distinguisher: 2:10:1064* i125.1.125.8/32 125.1.125.8 0 100 0 ?*>i 125.1.125.8 0 100 0 ?Route Distinguisher: 2:10:1065* i125.1.125.9/32 125.1.125.9 0 100 0 ?*>i 125.1.125.9 0 100 0 ?Route Distinguisher: 2:10:1066* i125.1.125.10/32 125.1.125.10 0 100 0 ?*>i 125.1.125.10 0 100 0 ?2.
sh ip mroute <>7600-DC2-PE3# sh ip mrouteIP Multicast Routing TableFlags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,L - Local, P - Pruned, R - RP-bit set, F - Register flag,T - SPT-bit set, J - Join SPT, M - MSDP created entry,X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,U - URD, I - Received Source Specific Host Report, Z - Multicast TunnelY - Joined MDT-data group, y - Sending to MDT-data groupOutgoing interface flags: H - Hardware switched, A - Assert winnerTimers: Uptime/ExpiresInterface state: Interface, Next-Hop or VCD, State/Mode(125.1.125.7, 239.232.10.1), 3d14h/00:03:21, flags: sTZIncoming interface: Loopback0, RPF nbr 0.0.0.0, RPF-MFDOutgoing interface list:GigabitEthernet1/2, Forward/Sparse, 3d14h/00:02:37, HGigabitEthernet1/3, Forward/Sparse, 3d14h/00:02:49, H(125.1.125.8, 239.232.10.1), 3d14h/00:02:51, flags: sTIZIncoming interface: GigabitEthernet1/3, RPF nbr 125.1.102.22, RPF-MFDOutgoing interface list:MVRF blue-data, Forward/Sparse, 3d14h/00:02:40, H(125.1.125.9, 239.232.10.1), 3d14h/00:02:51, flags: sTIZIncoming interface: GigabitEthernet1/2, RPF nbr 125.1.102.13, RPF-MFDOutgoing interface list:MVRF blue-data, Forward/Sparse, 3d14h/00:00:50, H(125.1.125.10, 239.232.10.1), 1d04h/00:02:51, flags: sTIZIncoming interface: GigabitEthernet1/2, RPF nbr 125.1.102.13, RPF-MFDOutgoing interface list:MVRF blue-data, Forward/Sparse, 05:00:10/00:02:55, H(125.1.125.13, 239.232.10.1), 3d14h/00:02:51, flags: sTIZIncoming interface: GigabitEthernet1/1, RPF nbr 125.1.102.1, RPF-MFDOutgoing interface list:MVRF blue-data, Forward/Sparse, 3d14h/00:02:40, H(125.1.125.7, 239.232.10.2), 3d14h/00:03:21, flags: sTZIncoming interface: Loopback0, RPF nbr 0.0.0.0, RPF-MFDOutgoing interface list:GigabitEthernet1/2, Forward/Sparse, 3d14h/00:02:49, HGigabitEthernet1/3, Forward/Sparse, 3d14h/00:02:50, H(125.1.125.8, 239.232.10.2), 3d14h/00:02:51, flags: sTIZIncoming interface: GigabitEthernet1/3, RPF nbr 125.1.102.22, RPF-MFDOutgoing interface list:MVRF blue-voice, Forward/Sparse, 3d14h/00:02:40, H(125.1.125.9, 239.232.10.2), 3d14h/00:02:51, flags: sTIZIncoming interface: GigabitEthernet1/2, RPF nbr 125.1.102.13, RPF-MFDOutgoing interface list:MVRF blue-voice, Forward/Sparse, 3d14h/00:00:50, H(125.1.125.10, 239.232.10.2), 1d04h/00:02:51, flags: sTIZIncoming interface: GigabitEthernet1/2, RPF nbr 125.1.102.13, RPF-MFDOutgoing interface list:MVRF blue-voice, Forward/Sparse, 05:00:07/00:02:58, H(125.1.125.13, 239.232.10.2), 3d14h/00:02:50, flags: sTIZIncoming interface: GigabitEthernet1/1, RPF nbr 125.1.102.1, RPF-MFDOutgoing interface list:MVRF blue-voice, Forward/Sparse, 3d14h/00:02:39, H(125.1.125.5, 239.232.10.3), 3d14h/00:02:50, flags: sTIZIncoming interface: GigabitEthernet1/1, RPF nbr 125.1.102.1, RPF-MFDOutgoing interface list:MVRF red-data, Forward/Sparse, 3d14h/00:00:49, H(125.1.125.6, 239.232.10.3), 3d14h/00:02:50, flags: sTIZIncoming interface: GigabitEthernet1/2, RPF nbr 125.1.102.13, RPF-MFDOutgoing interface list:MVRF red-data, Forward/Sparse, 3d14h/00:00:49, H(125.1.125.7, 239.232.10.3), 3d14h/00:03:20, flags: sTZIncoming interface: Loopback0, RPF nbr 0.0.0.0, RPF-MFDOutgoing interface list:GigabitEthernet1/2, Forward/Sparse, 3d14h/00:02:44, HGigabitEthernet1/1, Forward/Sparse, 3d14h/00:02:45, HGigabitEthernet1/3, Forward/Sparse, 3d14h/00:03:04, H(125.1.125.8, 239.232.10.3), 3d14h/00:02:50, flags: sTIZIncoming interface: GigabitEthernet1/3, RPF nbr 125.1.102.22, RPF-MFDOutgoing interface list:MVRF red-data, Forward/Sparse, 3d14h/00:02:39, H(125.1.125.11, 239.232.10.3), 3d14h/00:02:50, flags: sTIZIncoming interface: GigabitEthernet1/1, RPF nbr 125.1.102.1, RPF-MFDOutgoing interface list:MVRF red-data, Forward/Sparse, 3d14h/00:01:20, H(125.1.125.12, 239.232.10.3), 3d14h/00:02:50, flags: sTIZIncoming interface: GigabitEthernet1/2, RPF nbr 125.1.102.13, RPF-MFDOutgoing interface list:MVRF red-data, Forward/Sparse, 3d14h/00:00:49, H(125.1.125.5, 239.232.10.4), 3d14h/00:02:50, flags: sTIZIncoming interface: GigabitEthernet1/1, RPF nbr 125.1.102.1, RPF-MFDOutgoing interface list:MVRF red-voice, Forward/Sparse, 3d14h/00:00:49, H(125.1.125.6, 239.232.10.4), 3d14h/00:02:50, flags: sTIZIncoming interface: GigabitEthernet1/2, RPF nbr 125.1.102.13, RPF-MFDOutgoing interface list:MVRF red-voice, Forward/Sparse, 3d14h/00:00:49, H(125.1.125.7, 239.232.10.4), 3d14h/00:03:27, flags: sTZIncoming interface: Loopback0, RPF nbr 0.0.0.0, RPF-MFDOutgoing interface list:GigabitEthernet1/2, Forward/Sparse, 3d14h/00:03:27, HGigabitEthernet1/1, Forward/Sparse, 3d14h/00:03:02, HGigabitEthernet1/3, Forward/Sparse, 3d14h/00:03:10, H(125.1.125.8, 239.232.10.4), 3d14h/00:02:50, flags: sTIZIncoming interface: GigabitEthernet1/3, RPF nbr 125.1.102.22, RPF-MFDOutgoing interface list:MVRF red-voice, Forward/Sparse, 3d14h/00:02:38, H(125.1.125.7, 239.232.20.32), 00:02:29/00:03:20, flags: sTIncoming interface: Loopback0, RPF nbr 0.0.0.0, RPF-MFDOutgoing interface list:GigabitEthernet1/2, Forward/Sparse, 00:02:29/00:02:56, H(125.1.125.8, 239.232.20.32), 00:03:47/00:02:12, flags: sPTIncoming interface: GigabitEthernet1/3, RPF nbr 125.1.102.22, RPF-MFDOutgoing interface list: Null(*, 224.0.1.40), 3d14h/00:02:09, RP 0.0.0.0, flags: DCLIncoming interface: Null, RPF nbr 0.0.0.0Outgoing interface list:Loopback0, Forward/Sparse, 3d14h/00:02:093.
7600-MC-PE8#sh ip mroute vrf red-dataIP Multicast Routing TableFlags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,L - Local, P - Pruned, R - RP-bit set, F - Register flag,T - SPT-bit set, J - Join SPT, M - MSDP created entry,X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,U - URD, I - Received Source Specific Host Report, Z - Multicast TunnelY - Joined MDT-data group, y - Sending to MDT-data groupOutgoing interface flags: H - Hardware switched, A - Assert winnerTimers: Uptime/ExpiresInterface state: Interface, Next-Hop or VCD, State/Mode(*, 224.232.10.1), 02:57:22/00:03:13, RP 3.3.3.11, flags: SIncoming interface: Tunnel0, RPF nbr 125.1.125.7, RPF-MFDOutgoing interface list:GigabitEthernet1/3, Forward/Sparse, 02:57:22/00:03:13, H(125.1.2.66, 224.232.10.1), 02:57:22/00:03:23, flags: TYIncoming interface: Tunnel0, RPF nbr 125.1.125.7, RPF-MFD, MDT:[125.1.125.7,239.232.20.32]/00:02:44Outgoing interface list:GigabitEthernet1/3, Forward/Sparse, 02:57:22/00:03:13, H(*, 224.0.1.40), 3d17h/00:03:10, RP 3.3.3.11, flags: SJCLIncoming interface: Tunnel0, RPF nbr 125.1.125.7Outgoing interface list:GigabitEthernet1/3, Forward/Sparse, 3d17h/00:03:10(*, 239.255.255.250), 02:57:22/00:03:02, RP 3.3.3.11, flags: SIncoming interface: Tunnel0, RPF nbr 125.1.125.7, RPF-MFDOutgoing interface list:GigabitEthernet1/3, Forward/Sparse, 02:57:22/00:03:02, H4.
sh ip pim nei7600-DC2-PE3#sh ip pim neiPIM Neighbor TableNeighbor Interface Uptime/Expires Ver DRAddress Prio/Mode125.1.102.1 GigabitEthernet1/1 3d14h/00:01:17 v2 1 /125.1.102.13 GigabitEthernet1/2 3d14h/00:01:23 v2 1 / S125.1.102.22 GigabitEthernet1/3 3d14h/00:01:26 v2 1 / DR5. Verify the PIM neighbors with the VPNsh ip pim vrf <> nei7600-DC2-PE3#sh ip pim vrf red-data neiPIM Neighbor TableNeighbor Interface Uptime/Expires Ver DRAddress Prio/Mode125.1.102.34 GigabitEthernet1/4.1 3d14h/00:01:30 v2 1 / DR S125.1.125.11 Tunnel1 3d14h/00:01:17 v2 1 / S125.1.125.5 Tunnel1 3d14h/00:01:16 v2 1 / S125.1.125.6 Tunnel1 3d14h/00:01:37 v2 1 / S125.1.125.12 Tunnel1 3d14h/00:01:34 v2 1 / DR S125.1.125.8 Tunnel1 3d14h/00:01:17 v2 1 /