IP-VPN and IP-LER Interoperability for Ethernet Routing

IP-VPN and IP-LER Interoperability for Ethernet Routing Switch Technical Configuration Guide

Avaya Data Solutions Document Date: July 2010 Document Number: NN48500-571 Document Version: 1.1

Ethernet Routing Switch

8600

Engineering

IP-VPN and IP-LER Interoperability for Ethernet Routing Switch Technical Configuration Guide 2 July 2010

avaya.com

© 2010 Avaya Inc. All Rights Reserved.

Notices While reasonable efforts have been made to ensure that the information in this document is complete and accurate at the time of printing, Avaya assumes no liability for any errors. Avaya reserves the right to make changes and corrections to the information in this document without the obligation to notify any person or organization of such changes.

Documentation disclaimer Avaya shall not be responsible for any modifications, additions, or deletions to the original published version of this documentation unless such modifications, additions, or deletions were performed by Avaya. End User agree to indemnify and hold harmless Avaya, Avaya’s agents, servants and employees against all claims, lawsuits, demands and judgments arising out of, or in connection with, subsequent modifications, additions or deletions to this documentation, to the extent made by End User.

Link disclaimer Avaya is not responsible for the contents or reliability of any linked Web sites referenced within this site or documentation(s) provided by Avaya. Avaya is not responsible for the accuracy of any information, statement or content provided on these sites and does not necessarily endorse the products, services, or information described or offered within them. Avaya does not guarantee that these links will work all the time and has no control over the availability of the linked pages.

Warranty Avaya provides a limited warranty on this product. Refer to your sales agreement to establish the terms of the limited warranty. In addition, Avaya’s standard warranty language, as well as information regarding support for this product, while under warranty, is available to Avaya customers and other parties through the Avaya Support Web site: http://www.avaya.com/support Please note that if you acquired the product from an authorized reseller, the warranty is provided to you by said reseller and not by Avaya.

Licenses THE SOFTWARE LICENSE TERMS AVAILABLE ON THE AVAYA WEBSITE, HTTP://SUPPORT.AVAYA.COM/LICENSEINFO/ ARE APPLICABLE TO ANYONE WHO DOWNLOADS, USES AND/OR INSTALLS AVAYA SOFTWARE, PURCHASED FROM AVAYA INC., ANY AVAYA AFFILIATE, OR AN AUTHORIZED AVAYA RESELLER (AS APPLICABLE) UNDER A COMMERCIAL AGREEMENT WITH AVAYA OR AN AUTHORIZED AVAYA RESELLER. UNLESS OTHERWISE AGREED TO BY AVAYA IN WRITING, AVAYA DOES NOT EXTEND THIS LICENSE IF THE SOFTWARE WAS OBTAINED FROM ANYONE OTHER THAN AVAYA, AN AVAYA AFFILIATE OR AN AVAYA AUTHORIZED RESELLER, AND AVAYA RESERVES THE RIGHT TO TAKE LEGAL ACTION AGAINST YOU AND ANYONE ELSE USING OR SELLING THE SOFTWARE WITHOUT A LICENSE. BY INSTALLING, DOWNLOADING OR USING THE SOFTWARE, OR AUTHORIZING OTHERS TO DO SO, YOU, ON BEHALF OF YOURSELF AND THE ENTITY FOR WHOM YOU ARE INSTALLING, DOWNLOADING OR USING THE SOFTWARE (HEREINAFTER REFERRED TO INTERCHANGEABLY AS "YOU" AND "END USER"), AGREE TO THESE TERMS AND CONDITIONS AND CREATE A BINDING CONTRACT BETWEEN YOU AND AVAYA INC. OR THE APPLICABLE AVAYA AFFILIATE ("AVAYA").

Copyright Except where expressly stated otherwise, no use should be made of the Documentation(s) and Product(s) provided by Avaya. All content in this documentation(s) and the product(s) provided by Avaya including the selection, arrangement and design of the content is owned either by Avaya or its licensors and is protected by copyright and other intellectual property laws including the sui generis rights relating to the protection of databases. You may not modify, copy, reproduce, republish, upload, post, transmit or distribute in any way any content, in whole or in part, including any code and software. Unauthorized reproduction, transmission, dissemination, storage, and or use without the express written consent of Avaya can be a criminal, as well as a civil offense under the applicable law.

Third Party Components Certain software programs or portions thereof included in the Product may contain software distributed under third party agreements ("Third Party Components"), which may contain terms that expand or limit rights to use certain portions of the Product ("Third Party Terms"). Information regarding distributed Linux OS source code (for those Products that have distributed the Linux OS source code), and identifying the copyright holders of the Third Party Components and the Third Party Terms that apply to them is available on the Avaya Support Web site: http://support.avaya.com/Copyright.

Trademarks The trademarks, logos and service marks ("Marks") displayed in this site, the documentation(s) and product(s) provided by Avaya are the registered or unregistered Marks of Avaya, its affiliates, or other third parties. Users are not permitted to use such Marks without prior written consent from Avaya or such third party which may own the Mark. Nothing contained in this site, the documentation(s) and product(s) should be construed as granting, by implication, estoppel, or otherwise, any license or right in and to the Marks without the express written permission of Avaya or the applicable third party. Avaya is a registered trademark of Avaya Inc. All non-Avaya trademarks are the property of their respective owners.

Downloading documents For the most current versions of documentation, see the Avaya Support. Web site: http://www.avaya.com/support.

Contact Avaya Support Avaya provides a telephone number for you to use to report problems or to ask questions about your product. The support telephone number is 1-800-242-2121 in the United States. For additional support telephone numbers, see the Avaya Web site: http://www.avaya.com/support.


avaya.com

Abstract

This document provides examples for configuration of IP-VPN and IP-LER on the ERS 8600 and also on Juniper and Cisco routers. This document covers some of the more popular IP-VPN and IP-LER commands to configure and troubleshoot the ERS 8600, but as well interoperability with Juniper and Cisco routers.

This TCG applies to the ERS 8600 software release 5.0.


avaya.com

Table of Contents

Document Updates ..................................................................................................................................... 7

Conventions ................................................................................................................................................ 7

MPLS Terminology ...................................................................................................................................... 8

1. Overview: IP-VPN and IP-LER ............................................................................................................ 9

2. IP-VPN ................................................................................................................................................ 10

2.1 IP-VPN Configuration Example Reference ................................................................................. 12

3. IP-VPN Devices Configuration ......................................................................................................... 16

3.1 Juniper M20 – P2 ........................................................................................................................ 16

3.2 Juniper M20 – P3 ........................................................................................................................ 18

3.3 Juniper M20 – P4 ........................................................................................................................ 20

3.4 Juniper M5 – PE13 ...................................................................................................................... 21

3.5 Juniper M5 – CE13 ..................................................................................................................... 25

3.6 Cisco 7500 – PE10 ..................................................................................................................... 27

3.7 Avaya ERS 8600 – PE17 ............................................................................................................ 30

4. IP-VPN traffic flow ............................................................................................................................. 49

4.1 Traffic flow from PE17 to PE10 ................................................................................................... 49

4.2 Traffic flow from PE17 to CE13 ................................................................................................... 57

5. IP-LER ................................................................................................................................................. 65

5.1 IP-LER Configuration Example Reference ................................................................................. 65

6. IP-LER Devices Configuration ......................................................................................................... 68

6.1 Juniper M20 – P routers .............................................................................................................. 68

6.2 Juniper M5 – PE13 router ........................................................................................................... 69

6.3 Juniper M5 – CE13 router ........................................................................................................... 70

6.4 Cisco 7500 – PE10 router ........................................................................................................... 71

6.5 Avaya ERS 8600 – PE17 ............................................................................................................ 72

7. IP-LER traffic flow ............................................................................................................................. 82

7.1 Traffic flow from PE17 to PE10 ................................................................................................... 82

7.2 Traffic flow from PE17 to CE13 ................................................................................................... 97

8. Software Baseline ........................................................................................................................... 113

9. Reference Documentation .............................................................................................................. 114

10. APPENDIX I – LDP trace ............................................................................................................. 115

11. APPENDIX II – MPLSPING trace ................................................................................................ 117

12. APPENDIX III – BGP trace .......................................................................................................... 120


avaya.com

13. APPENDIX IV – RSVP-TE trace .................................................................................................. 122

14. Customer service ........................................................................................................................ 126

14.1 Getting technical documentation ............................................................................................... 126

14.2 Getting product training ............................................................................................................. 126

14.3 Getting help from a distributor or reseller .................................................................................. 126

14.4 Getting technical support from the Avaya Web site .................................................................. 126


avaya.com

Figures

Figure 1: IP-VPN Framework ...................................................................................................................... 10

Figure 2: Label Switched Path & Forwarding Equivalent Class .................................................................. 11

Figure 3 : IP-VPN Packet Forwarding ......................................................................................................... 11

Figure 4 : IP-VPN RD & RT Format ............................................................................................................ 12

Figure 5 : IP-VPN Provider.......................................................................................................................... 13

Figure 6 : IP-VPN Provider Edge ................................................................................................................ 14

Figure 7 : IP-VPN Customer Edge .............................................................................................................. 15

Figure 8 : IP-LER Provider Edge ................................................................................................................ 66

Figure 9 : IP-LER Customer Edge .............................................................................................................. 67


avaya.com

Document Updates

July 2010

Conventions

This section describes the text, image, and command conventions used in this document.

Symbols:

Tip – Highlights a configuration or technical tip.

Note – Highlights important information to the reader.

Warning – Highlights important information about an action that may result in equipment damage, configuration or data loss.

Text:

Bold text indicates emphasis.

Italic text in a Courier New font indicates text the user must enter or select in a menu item, button or command:

ERS5520-48T# show running-config

Output examples from Avaya devices are displayed in a Lucinda Console font:

ERS5520-48T# show running-config

! Embedded ASCII Configuration Generator Script

! Model = Ethernet Routing Switch 5520-24T-PWR

! Software version = v5.0.0.011

enable

configure terminal


avaya.com

MPLS Terminology

MPLS: Multi Protocol Label Switch

MPLS Switch Types o P : Provider Node o PE: Provider Edge Node o CE: Customer Edge Node

VPN: Virtual Private Network

VRF: VPN Routing and Forwarding

LDP: Label Distribution Protocol

LSR: Label Switch Router

LER: Label Edge Router

RSVP: Resource Reservation Protocol

RSVP-TE - Resource Reservation Protocol – Traffic Engineering

BGP: Border Gateway Protocol

BGP-MP: BGP with Multiprotocol Extensions

VPN-IPv4 Addressing o RD: Route Distinguisher o RT: Route Target

FEC: Forwarding Equivalence Class

ILM: Incoming Label Map

NHLFE: Next Hop Label Forwarding Entry

FTN: FEC to NHLFE


avaya.com

1. Overview: IP-VPN and IP-LER

ERS 8600 software release 5.0 introduces several features related to virtualization and MPLS protocol.

• VRF-Lite : Ability to have several routing instances.

• IP-LER : Ability to transport IP traffic using MPLS.

• IP-VPN : BGP/MPLS IP Virtual Private Networks, RFC 4364 (obsoletes RFC 2547)

• IP-VPN-Lite : IP-VPN feature with IP as transport rather than MPLS.

This document focuses on IP-VPN and IP-LER using MPLS as transport mechanism. It will not cover VRF-Lite or IP-VPN-Lite.

An IP Virtual Private Network (IP-VPN) is a collection of sites that communicate securely with each other over a public network. A provider-provisioned VPN shifts Wide Area Network (WAN) operations from the customer to the service provider at the network edge.

An IP Label Edge Router (IP-LER), also referred as Interior Gateway Protocol (IGP) shortcuts, allows secure site to site communication over a public network for the Global Routing Table (GRT) only, not for VRF. There is no virtualization for IP-LER feature.

Note – ERS 8600 requires the use of a Super Mezzanine daughter card for the 8692SF and Premium license for MPLS protocol to enable the IP-VPN and IP-LER features. These features can operate in mixed mode, but only R and RS modules can be used.


avaya.com

2. IP-VPN

RFC 4364 describes a method by which a Service Provider may use an IP backbone to provide IP Virtual Private Networks (VPNs) for its customer. This method uses a ―peer model‖, in which the customer’s edge routers (CE routers) send their routes to the service provider’s edge routers (PE routers).

Data packets are tunneled through the backbone, so that the core routers (P routers) do not need to know the VPN routes. VPN routes are exchanged between PE routers using Border Gateway Protocol (BGP) with Multiprotocol extensions (BGP-MP).

Figure 1: IP-VPN Framework

RFC 4364 defines a framework for layer 3 VPNs over an IP backbone with BGP. It is commonly deployed over MPLS but can use IPSec or GRE tunnels. Avaya’s IP-VPN uses MPLS for transport. Multi-Protocol Label Switching (MPLS) [RFC3031] is primarily a service provider technology where IP traffic can be encapsulated with a label stack and then label switched across a network via Label Switched Routers (LSR’s) using Label Switched Paths (LSPs).

A label switched path (LSP) is an end-to-end unidirectional tunnel set up between MPLS enabled routers. Data travels through the MPLS network over LSPs from the network ingress to the network egress. The LSP is determined by a sequence of labels, initiated at the ingress node. Packets that require the same treatment for transport through the network are grouped into a forwarding equivalence class (FEC).


avaya.com

LSR LERLERIP1

IP2

IP1

IP2IPn L1 IPn L2

FEC = 20.20.20.70/32 LSP

FEC label

mapping: L2FEC label

mapping : L1

LSRLSR LERLERIP1

IP2

IP1

IP2IPn L1IPn L1 IPn L2IPn L2

FEC = 20.20.20.70/32 LSP

FEC label

mapping: L2

FEC label

mapping: L2FEC label

mapping : L1

FEC label

mapping : L1

Figure 2: Label Switched Path & Forwarding Equivalent Class

The FECs are identified by the destination subnet of the packets to be forwarded. All packets within the same FEC use the same LSP to travel across the network. Packets are classified once, as they enter the network; all subsequent forwarding decisions are based on the FEC to which each packet belongs (that is, each label corresponds to a FEC).

IP-VPN MPLS enabled routers use two labels as shown in figure 3 below. LDP generates and distributes an outer label referred as tunnel label, that’s in fact the LSP. BGP-MP generates and distributes the inner label referred to as the VPN label.

• Tunnel Label is MPLS outer label (changes at every hop)

• VPN Label is MPLS inner label (assigns packet to correct VRF at egress PE)

• P nodes are MPLS Label switch Routers (LSR)

• PE nodes are Label Edge Routers (LER)

Backbone

PE PECECE

PP

10.1.1.0/24

10.1.1.0/24

10.1.2.0/24

10.2.1.0/24

IP Packet

VPN Label

Tunnel LabelIP Packet

IP Packet

VPN Label

Tunnel Label

IP Packet

VPN Label

Tunnel Label IP Packet

L3 VPN

L3 VPN

Packet direction

Outer Tunnel is

MPLS LSP

IP Packet

VPN Label


IP Packet

VPN Label

Tunnel Label

IP Packet

VPN Label


Backbone

PE PECECE

PP

10.1.1.0/24

10.1.1.0/24

10.1.2.0/24

10.2.1.0/24

IP Packet

VPN Label


IP Packet

VPN Label

Tunnel Label

IP Packet

VPN Label


L3 VPN

L3 VPN

Packet direction

Outer Tunnel is

MPLS LSP

IP Packet

VPN Label


IP Packet

VPN Label

Tunnel Label

IP Packet

VPN Label


Figure 3 : IP-VPN Packet Forwarding

PE routers use BGP to distribute VPN routes to each other (more accurately, to cause VPN routes to be distributed to each other). Each VPN has its own address space the same IP networks to exist in different VPNs. The BGP Multiprotocol Extensions (BGP-MP] allows BGP to carry routes from multiple "address families", in this case VPN-IPv4 addresses.

A VPN-IPv4 address is a 12-byte quantity, beginning with an 8-byte Route Distinguisher (RD) and ending with a 4-byte IPv4 address. If several VPNs use the same IPv4 address prefix, the PEs translate these into unique VPN-IPv4 address prefixes. Since VPN-IPv4 addresses and IPv4 addresses are different address families, BGP never treats them as comparable addresses.


avaya.com

When a VPN-IPv4 route advertised from a PE router is learned by a given PE router, it is associated with one or more Route Target (RT) attributes. The RT, which is configured on the PE router as either import, export, or both, is the glue which determines whether a customer VPN-IPv4 route being advertised by one PE router will be accepted by another remote PE router resulting in forming a logical IP VPN end to end. These routes will be accepted by the remote PE providing they have a matching import RT configured on one of their VRFs.

A Route Target attribute can be thought of as identifying a set of sites, though it would be more precise to think of it as identifying a set of VRFs. Associating a particular Route Target attribute with a route allows that route to be placed in the VRFs that are used for routing traffic among the sites in that VPN. Note that a route can only have one RD, but it can have multiple Route Targets

> Route Distinguisher (RD) formats

> Both configured as ASN:nn> Autonomous System Number (ASN) of Backbone; should be IANA

assigned so that it is unique per service provider.

> ERS 8600 supports type 2 RD for routes learned only.

> Configured as IP-address:nn> Defined for use if Backbone uses a private AS number

> Mandatory format on ERS8600 when doing IPVPN-Lite

> Route Target (RT) formats

> Identical to RD formats

ASN nn00 00

IP address nn00 01

4 byte ASN nn00 02 New in RFC4364

Figure 4 : IP-VPN RD & RT Format

2.1 IP-VPN Configuration Example Reference

2.1.1 Provider Routers

Three Juniper M20’s are configured as provider (P) routers using figure 5 as a reference as shown below, i.e. P2, P3 and P4. MPLS is configured on all ―core‖ interfaces. Interfaces are configured to use 802.1q trunking. LDP is configured on ―core‖ interfaces to exchange labels. The Interior Gateway Protocol (IGP) configured is OSPF and all routers are in OSPF area 0.

Note – An ERS 8600 running software release 5.0 can be configured as a Provider router (P). Network view (figure 5) is based on assumption that core MPLS network already exists and is based on non-Avaya equipment.

The PE routers will exchange VPN routes using interior BGP (iBGP). Peering between PEs must be fully meshed, that is for N nodes, you need N(N-1)/2 peers. This is not a scalable solution even for few PEs, in fact BGP route reflector (RR) offers an alternative to the logical full-mesh requirement of iBGP. A RR acts as a focal point for iBGP sessions. The purpose of the RR is concentration. Multiple BGP routers can peer with a central point, the RR - acting as a route reflector server - rather than peer with


avaya.com

every other router in a full mesh. All the other iBGP routers become route reflector clients. It is recommended from a design guideline to configure route reflectors rather than regular BGP mesh. To avoid single point of failure on RR, it is also recommended to configure two route reflectors.

V4.5 .6

FE0/0/0.9

.10

.13

V12V8FE0/0/0

FE0/0/0

GE0/0/0

FE0/0/0

P4

TS 135#8GE0/0/0

P3

TS .135#10

P2

TS .135#12

P4-M20

P2-M20 P3-M20

OOB=47.162.99.2

fpx0.0

OOB=47.162.99.4

fpx0.0

OOB=47.162.99.3

fpx0.0

TS = Terminal Server

135 : 47.162.99.135

#8 : Port 8

CORE LINKS

172.16.0.X/30

Loopback

172.16.254.2

Loopback

172.16.254.4

Loopback

172.16.254.3

BGP

AS 2028

Route Reflector

BGP

AS 2028

Route Reflector

.14

IGP = OSPF, Area 0.0.0.0

MPLS, LDP on all interfaces

Figure 5 : IP-VPN Provider

P2 & P3 are configured as RRs to fit within the IP-VPN framework, even though in our case the number of BGP peers configured on each PE is the same (Three nodes has the same numbers of local peers with or without route reflector configured, that is 2). The BGP Autonomous System (AS) is 2028.

Note – An ERS 8600 running software release 5.0 can be configured as a BGP route reflector. Network view (figure 5) is based on assumption that BGP route reflector already exists and is based on non-Avaya equipment.

In most cases, BGP peers are configured with the same update policies (that is, the same outbound route maps, distribute lists, filter lists, update source, and so on). Neighbors with the same update policies can be grouped into peer groups to simplify configuration and, more importantly, to make updating more efficient. When you have many peers, this approach is highly recommended.

2.1.2 Provider Edge

Three Provider Edge (PE) routers are dual-homed to each P router.

PE10 is a Cisco 7500 (IOS software release 12.0(28))

PE13 is a Juniper M5 (JunOS release 7.2R1.7)

PE17 is an Avaya ERS 8600 (release 5.0)

Similar to P routers, MPLS is configured on ―core‖ interfaces. Interfaces are configured to use 802.1q Trunking. LDP is configured on ―core‖ interfaces to exchange labels. The configured Interior Gateway Protocol (IGP) is OSPF and all routers are in area 0.0.0.0.


avaya.com

V4

.5 .6

FE0/0/0.9

.10

.13

.14

V12V8

FE0/0/0

FE0/0/0

GE0/0/0

FE0/0/0

PE17

TS 194#4

GE0/0/0

PE13

TS .135#15

PE10

TS .135#5

OOB=47.162.222.133

SSF5

OOB=47.162.99.10

Ethernet4/0/3

OOB=47.162.99.13

fxp0.0

P4-M20

P2-M20 P3-M20

PE13-M5

V32

V36V16

V20

V24 V28

FE

0/0

/0

FE0/0/0

6/0

/0

6/0/0

FE0/0/0 FE0/0/0

FE0/0/0 GE0/0/0.29

.34

.33

.38

.37.17

.18.22

.21

.25

.26 .30

3/48

3/4

8

CORE LINKS

172.16.0.X/30

Loopback

172.16.254.10

Loopback

172.16.254.17

Loopback

172.16.254.13


MPLS, LDP on all interfaces


135 : 47.162.99.135

#8 : Port 8

PE10

C7500

PE10

C7500PE17

8600

PE17

8600

Figure 6 : IP-VPN Provider Edge

Three VPNs are configured, VRF blue, red and green. Each PE (PE10, PE13 and PE17) will maintain a BGP session to P2 and P3 configured as route reflectors to exchange VPN routes. Route Distinguishers (RD) and Route Targets (RT) are configured using type 0 format (ASN:nn).

VRF Name RT RD

blue 2028 : 1000 2028 : 1000

red 2028 : 1001 2028 : 1001

green 2028 : 1002 2028 : 1002

2.1.3 Customer Edge

There is one Customer Edge (CE) router as shown in figure 7 below. In fact all PEs can have local IP networks connected to layer 2 devices, thus CEs are not required. For that specific configuration, a parameter must be set on Juniper routers to allow double lookup (i.e. MPLS, then IP). Note that this is not required on Cisco or Avaya routers.

Vrf-table-label;

Early Juniper M-series also requires an enhanced FPC to support the vrf-table-label statement over Ethernet which is not needed on latest (after year 2001) M-series multi-service edge routing portfolio. As Juniper hardware used in the setup does not have enhanced FPC (double lookup is therefore not possible) a CE (Juniper M5) with the appropriate IP networks and loopback is configured.


avaya.com

V4

V12V8FE0/0/0

GE0/0/0

P4-M20P4-M20

P2-M20P2-M20 P3-M20P3-M20

V32

V36V16

V20

V24 V28PE13-M5PE13-M5

3/1Ethernet4/0/2

Only one CE, VPN are on PE Local interfaces.

Vlan id used. One or two networks created and loopback

FE0/0/0

CE13

M5

CE13

M5

FE0/0/1

OOB=47.162.99.14

fxp0.0

CE-PE Link VRF

10.13.250.0/30 vrf Blue V130

10.13.250.4/30 vrf Red V230

10.13.250.8/30 vrf Green V330

.1, .5, .9

.2, .6, .10

CE13

TS .135#4

PE10

C7500

PE10

C7500

PE17

8600

PE17PE17

86008600

Loopback 10.17.0.1/32

N1 10.17.1.0/24 V1000

N2 10.17.123.0/24 V1010

Loopback 10.17.0.2/32

N1 10.17.2.0/24 V2000

N2 10.17.123.0/24 V2010

Loopback 10.17.0.3/32

N1 10.17.3.0/24 V3000

N2 10.17.123.0/24 V3010

Loopback 10.10.0.1/32

N1 10.10.1.0/24 V1000

Loopback 10.10.0.2/32

N1 10.10.2.0/24 V2000

Loopback 10.10.0.3/32

N1 10.10.3.0/24 V3000

Loopback 10.13.0.1/32

N1 10.13.1.0/24 V130

Loopback 10.13.0.2/32

N1 10.13.2.0/24 V230

Loopback 10.13.0.3/32

N1 10.13.3.0/24 V330

Figure 7 : IP-VPN Customer Edge

Note – As Juniper hardware used in setup (PE13) does not have enhanced FPC, networks 10.13.250.0/30, 10.13.250.4/30 and 10.13.250.8/30 cannot be pinged from PE10 or PE17 even though networks are advertised in VPN routing tables.

Three VPNs have been configured, VPN blue, red and green. All three VPNs configured on ERS8600 all use the same IP subnet to demonstrate proper VPN routing table separation.


avaya.com

3. IP-VPN Devices Configuration

This chapter details configuration on each device for IP-VPN feature.

Note – Configuration shown for Juniper and Cisco devices are extract of configuration file for the most relevant parameters. Main purpose is to show examples and not to explain all CLI details for a specific hardware platform.

3.1 Juniper M20 – P2

P2 is a P router, so it does not contains any VPN configuration. This only contains core configuration, therefore the configuration file is quite simple. The show configuration command starts with the definition of host name (P2-M20).

Interfaces are defined on fe-0/0/0 with the vlan-tagging statement (unit 4, 8, 16 and 24), for IP and MPLS. Circuitless (lo.0) IP address set to 172.16.254.2

Routing options, OSPF router-id is set to circuitless IP, BGP AS set to 2028.

Then protocols are defined, MPLS with the list of MPLS interfaces, LDP, OSPF and BGP.

P2 is a route reflector, a peer group (vpnv4_rr) is created where all neighbors are defined (circuitless IP addresses of P3, PE10, PE13 and PE17) cluster address is 172.16.0.0. MBGP is enabled with family inet-vpn statement to accept VPN routes from PEs.

version 7.2R1.7;

system {

host-name P2-M20;

}

interfaces {

fe-0/0/0 {

vlan-tagging;

unit 4 {

enable;

vlan-id 4;

family inet {

address 172.16.0.5/30;

}

family mpls;

}

unit 8 {

vlan-id 8;

family inet {

address 172.16.0.9/30;

}

interface fe-0/0/0.4;




}

bgp {

log-updown;

graceful-restart {

restart-time 180;

stale-routes-time 180;

}

group vpnv4_rr {

type internal;

local-address 172.16.254.2;

family inet {

unicast;

}

family inet-vpn {

unicast;

}


avaya.com

family mpls;

}

unit 16 {

vlan-id 16;

family inet {

address 172.16.0.17/30;

}

family mpls;

}

unit 24 {

vlan-id 24;

family inet {

address 172.16.0.25/30;

}

family mpls;

}

}

lo0 {

unit 0 {

family inet {

address

172.16.254.2/32;

}

}

}

}

routing-options {

graceful-restart;

router-id 172.16.254.2;

autonomous-system 2028;

}

protocols {

mpls {

cluster 172.16.0.0;

peer-as 2028;

neighbor 172.16.254.3;

neighbor 172.16.254.17;

neighbor 172.16.254.10;

neighbor 172.16.254.13;

}

}

ospf {

area 0.0.0.0 {





interface lo0.0 {

passive;

}

}

}

ldp {

graceful-restart {

recovery-time 300;

maximum-recovery-time 600;

}





}

}


avaya.com


P3 is also a P router as P2, and does not contain any VPN configuration. It only contains core configuration, therefore the configuration file is quite simple. Show configuration command starts with the definition of host name (P3-M20).

Interfaces are defined on ge-0/0/0 with the vlan-tagging statement (unit 4, 12, 28 and 36), for IP and MPLS. Circuitless (lo.0) IP address set to 172.16.254.3

Routing options, OSPF router-id is set to circuitless IP address. BGP AS set to 2028.

Then protocols are defined, MPLS with the list of MPLS interfaces, LDP, OSPF and BGP.

P3 is also a route reflector, a peer group (vpnv4_rr) is created where all neighbors are defined (circuitless IP addresses of P2, PE10, PE13 and PE17) cluster address is the same as P2 (172.16.0.0). MBGP is enabled with family inet-vpn statement to accept VPN routes from PEs.

version 7.2R1.7;

system {

host-name P3-M20;

}

}

interfaces {

ge-0/0/0 {

vlan-tagging;

unit 4 {

vlan-id 4;

family inet {

address 172.16.0.6/30;

}

family mpls;

}

unit 12 {

vlan-id 12;

family inet {

address 172.16.0.13/30;

}

family mpls;

}

unit 28 {

vlan-id 28;

family inet {

address 172.16.0.29/30;

mpls {

interface ge-0/0/0.4;




}

bgp {

graceful-restart {

restart-time 180;

stale-routes-time 180;

}

group vpnv4_rr {

type internal;


family inet {

unicast;

}

family inet-vpn {

unicast;

}

cluster 172.16.0.0;

peer-as 2028;

neighbor 172.16.254.2;

neighbor 172.16.254.17;

neighbor 172.16.254.10;

neighbor 172.16.254.13;


avaya.com

}

family mpls;

}

unit 36 {

vlan-id 36;

family inet {

address 172.16.0.37/30;

}

family mpls;

}

}

lo0 {

unit 0 {

family inet {

address 172.16.254.3/32;

}

}

}

}

routing-options {

graceful-restart;

router-id 172.16.254.3;


}

protocols {

}

}

ospf {

area 0.0.0.0 {





interface lo0.0 {

passive;

}

}

}

ldp {

graceful-restart {

recovery-time 300;


}





}

}


avaya.com


P4 is also a P router as P2, so it does not contain any VPN configuration, only core configuration, therefore configuration file is quite simple. Show configuration command starts with the definition of host name (P4-M20).

Interfaces are defined on fe-0/0/0 with the vlan-tagging statement (unit 8, 12, 20 and 32), for IP and MPLS. Circuitless (lo.0) IP address set to 172.16.254.4

Routing options, OSPF router-id is set to circuitless IP address.

Then protocols are defined, MPLS with the list of MPLS interfaces, LDP and OSPF.

P4 is not configured for BGP as we have P2 and P3 configured as route reflector, one backup is enough.

version 7.2R1.7;

system {

host-name P4-M20;

}

}

interfaces {

fe-0/0/0 {

vlan-tagging;

unit 8 {

vlan-id 8;

family inet {

address 172.16.0.10/30;

}

family mpls;

}

unit 12 {

vlan-id 12;

family inet {

address 172.16.0.14/30;

}

family mpls;

}

unit 20 {

vlan-id 20;

family inet {

address 172.16.0.22/30;

}

family inet {

address 172.16.254.4/32;

}

}

}

}

routing-options {

graceful-restart;

router-id 172.16.254.4;

}

protocols {

mpls {





}

ospf {

area 0.0.0.0 {





interface lo0.0 {

passive;

}

}


avaya.com

family mpls;

}

unit 32 {

vlan-id 32;

family inet {

address 172.16.0.34/30;

}

family mpls;

}

}

lo0 {

unit 0 {

}

ldp {

graceful-restart {

recovery-time 300;


}





}

}

3.4 Juniper M5 – PE13

PE13 is a PE router, so it does contain VPN configuration, therefore configuration file is more complex compared to P routers. Show configuration command starts with the definition of host name (PE13-M5).

Provider interfaces are defined on fe-0/0/0 with the vlan-tagging statement (unit 24, 28), for IP and MPLS. Provider Edge interfaces are defined on fe-0/0/1 with the vlan-tagging statement (unit 130, 230 and 330), for IP only. Circuitless (lo.0) IP address set to 172.16.254.13

Routing options are defined; OSPF router-id is set to circuitless IP address. BGP AS set to 2028.

Protocols are defined, MPLS with the list of MPLS interfaces, LDP, OSPF and BGP.

PE13 has to connect to route reflectors to exchange VPN routes via MBGP. A peer group (VPN) is created where route reflectors are defined (circuitless IP addresses of P2 and P3). MBGP is enabled with family inet-vpn statement.

Policy-options define what to import or export for each VPN. You have a separate import and export policy for VPN blue, red and green. RT is set for VPN blue (2028:1000), red (2028:1001) and green (2028:1002)

Then Routing-instances define each VRF (instance-type vrf for blue, red and green). RD is defined (blue:2028:1000, red:2028:1001 and green:2028:1002) and you used import and export policies previously configured for VPN blue, red and green. PE13 has CE13 connected to it, OSPF is configured to exchange routing table, therefore we have to redistribute OSPF to BGP to advertise CE13 local interface to PE10 and PE17, statement export bgp-to-ospf does that in OSPF protocol, policy is configured in policy-option section.

version 7.2R1.7;

system {

host-name PE13-M5;

}

}

interfaces {

community add rt--blue;

accept;

}

}

term b {

then reject;


avaya.com

fe-0/0/0 {

vlan-tagging;

unit 24 {

vlan-id 24;

family inet {

address 172.16.0.26/30;

}

family mpls;

}

unit 28 {

vlan-id 28;

family inet {

address 172.16.0.30/30;

}

family mpls;

}

}

fe-0/0/1 {

vlan-tagging;

unit 130 {

vlan-id 130;

family inet {

address 10.13.250.1/30;

}

}

unit 230 {

vlan-id 230;

family inet {

address 10.13.250.5/30;

}

}

unit 330 {

vlan-id 330;

family inet {

address 10.13.250.9/30;

}

}

}

}

policy-statement red-import {

term a {

from {

protocol bgp;

community rt--red;

}

then accept;

}

term b {

then reject;

}

}

policy-statement red-export {

term a {

from protocol [ static direct

local rip ospf ];

then {

community add rt--red;

accept;

}

}

term b {

then reject;

}

}

policy-statement green-import {

term a {

from {

protocol bgp;

community rt--green;

}

then accept;

}

term b {

then reject;

}


avaya.com

}

lo0 {

unit 0 {

family inet {

address 172.16.254.13/32;

}

}

}

}

routing-options {

graceful-restart;

router-id 172.16.254.13;


}

protocols {

mpls {



}

bgp {

peer-as 2028;

group VPN {

type internal;


family inet-vpn {

unicast;

}

neighbor 172.16.254.2;

neighbor 172.16.254.3;

}

}

ospf {

area 0.0.0.0 {



interface lo0.0 {

}

policy-statement green-export {

term a {


local rip ospf ];

then {

community add rt--green;

accept;

}

}

term b {

then reject;

}

}

policy-statement bgp-to-ospf {

from protocol bgp;

then accept;

}

community rt--blue members

target:2028:1000;

community rt--red members

target:2028:1001;

community rt--green members

target:2028:1002;

}

routing-instances {

blue {

instance-type vrf;


route-distinguisher 2028:1000;

vrf-import blue-import;

vrf-export blue-export;

protocols {

ospf {

export bgp-to-ospf;

area 0.0.0.0 {

interface fe-

0/0/1.130;

}


avaya.com

passive;

}

}

}

ldp {

graceful-restart {

enable;

recovery-time 300;


}



}

}

policy-options {

policy-statement blue-import {

term a {

from {

protocol bgp;

community rt--blue;

}

then accept;

}

term b {

then reject;

}

}

policy-statement blue-export {

term a {


local rip ospf ];

then {

}

}

}

red {

instance-type vrf;



vrf-import red-import;

vrf-export red-export;

protocols {

ospf {

export bgp-to-ospf;

area 0.0.0.0 {

interface fe-

0/0/1.230;

}

}

}

}

green {

instance-type vrf;



vrf-import green-import;

vrf-export green-export;

protocols {

ospf {

export bgp-to-ospf;

area 0.0.0.0 {

interface fe-

0/0/1.330;

}

}

}

}

}


avaya.com

3.5 Juniper M5 – CE13

CE13 is a CE router, so it does not contain MPLS or BGP configuration, only routing instance configuration, therefore configuration file is less complex compared to PE routers. Show configuration command starts with the definition of host name (CE13-M5).

Customer Edge interfaces are defined on fe-0/0/0 with the vlan-tagging statement (unit 130, 230, 330), for IP. Provider Edge interfaces are defined on fe-0/0/1 with the vlan-tagging statement (unit 130, 230 and 330), for IP. Circuitless (lo.0) IP address set to 172.16.254.14. We also define three other circuitless (lo0.1, lo0.2, lo0.3) used by VRFs.

Routing options are defined; OSPF router-id is set to circuitless IP address.

Then Routing-instances define each virtual router (instance-type virtual-router for blue, red and green). Interfaces and circuitless are assigned to virtual routers and for each OSPF is configured as we exchange CE13 routes to PE13.

version 7.2R1.7;

system {

host-name CE13-M5;

}

interfaces {

fe-0/0/0 {

vlan-tagging;

unit 120 {

vlan-id 120;

family inet {

address 172.16.13.1/28;

}

}

unit 130 {

vlan-id 130;

family inet {

address 10.13.1.1/24;

}

}

unit 230 {

vlan-id 230;

family inet {

address 10.13.2.1/24;

}

}

unit 330 {

}

}

unit 3 {

family inet {

address 10.13.0.3/32;

}

}

}

}

routing-options {

router-id 172.16.254.14;

}

routing-instances {

blue {

instance-type virtual-router;

interface lo0.1;



protocols {

ospf {

area 0.0.0.0 {

interface fe-

0/0/1.130;

interface lo0.1 {

passive;


avaya.com

vlan-id 330;

family inet {

address 10.13.3.1/24;

}

}

}

fe-0/0/1 {

vlan-tagging;

unit 110 {

vlan-id 110;

family inet {

address 172.16.13.242/30;

}

}

unit 130 {

vlan-id 130;

family inet {

address 10.13.250.2/30;

}

}

unit 230 {

vlan-id 230;

family inet {

address 10.13.250.6/30;

}

}

unit 330 {

vlan-id 330;

family inet {

address 10.13.250.10/30;

}

}

}

lo0 {

unit 0 {

family inet {

address 172.16.254.14/32;

}

interface fe-0/0/0.130

{

passive;

}

}

}

}

}

red {


interface lo0.2;



protocols {

ospf {

area 0.0.0.0 {

interface fe-

0/0/1.230;

interface lo0.2 {

passive;

}


{

passive;

}

}

}

}

}

green {


interface lo0.3;



protocols {

ospf {


avaya.com

}

}

unit 1 {

family inet {

address 10.13.0.1/32;

}

}

unit 2 {

family inet {

address 10.13.0.2/32;

area 0.0.0.0 {

interface fe-

0/0/1.330;

interface lo0.3 {

passive;

}


{

passive;

}

}

}

}

}

}

3.6 Cisco 7500 – PE10

PE10 is a PE router, so it does contain VPN configuration, therefore configuration file is more complex compared to P routers. Show running-config command starts with the definition of host name (PE10).

Ip cef statement enable Cisco Express Forwarding requested for label switching.

Ip vrf statement defines routing instances (blue, red and green). RD is defined (blue:2028:1000, red:2028:1001 and green:2028:1002) as well route target you import and export (blue:2028:1000, red:2028:1001 and green:2028:1002).

MPLS is configured to use LDP as distribution protocol (do not specify TDP which is specific to Cisco).

Circuitless (loopback) are defined for global routing table (loopback0) and VRF (loopback1, loopback2 and loopback3). Provider Edge interfaces are defined on Ethernet4/0/2.X with the encapsulation dot1Q statement (1000, 2000 and 3000) and are assigned to VRFs (ip interface). Provider interfaces are defined on FastEthernet6/0/0.X with the encapsulation dot1Q statement (16 and 20), ip address is set and MPLS (statement tag-switching ip). Note that CDP (Cisco discovery protocol) is disabled on all interfaces.

OSPF protocol is configured, by default router-id is set to circuitless IP address (no need to assign loopback0 to ospf, it is done automatically but need to be advertised with network statement), and enabled on specific interfaces.

BGP protocol is configured with AS set to 2028. Timers are changed, hold time is set to 90 seconds and keepalive is set to 30 seconds (Cisco default for hold time is 180 seconds and keepalive is 60 seconds). A peer group is created (for AS 2028, that is internal BGP) with neighbors set to route reflectors (P2 and P3). Address family ipv4 and vpnv4 are defined, where you activate peers, note that for vpnv4 you have to specify send-community-extended. Then for each VRF you redistribute local interfaces (redistribute connected).

!

version 12.0

speed auto

full-duplex


avaya.com

!

hostname PE10

!

ip cef

ip vrf blue

rd 2028:1000

route-target export 2028:1000

route-target import 2028:1000

!

ip vrf red

rd 2028:1001



!

ip vrf green

rd 2028:1002



!

mpls label protocol ldp

no tag-switching ip propagate-ttl

tag-switching tdp router-id Loopback0

force

!

interface Loopback0

ip address 172.16.254.10 255.255.255.255

no ip directed-broadcast

!

interface Loopback1

ip vrf forwarding blue

ip address 10.10.0.1 255.255.255.255


!

interface Loopback2

ip vrf forwarding red

ip address 10.10.0.2 255.255.255.255


!


tag-switching mtu 1512

tag-switching ip

no cdp enable

!

interface FastEthernet6/0/0.16

encapsulation dot1Q 16

ip address 172.16.0.18 255.255.255.252


no ip proxy-arp



tag-switching ip

no cdp enable

!



ip address 172.16.0.21 255.255.255.252


no ip proxy-arp



tag-switching ip

no cdp enable

!

router ospf 1

log-adjacency-changes

network 172.16.0.16 0.0.0.3 area 0

network 172.16.0.20 0.0.0.3 area 0

network 172.16.254.10 0.0.0.0 area 0

!

router bgp 2028

no bgp log-neighbor-changes

timers bgp 30 90

neighbor VPN peer-group

neighbor VPN remote-as 2028

neighbor VPN update-source Loopback0


avaya.com

interface Loopback3

ip vrf forwarding green

ip address 10.10.0.3 255.255.255.255


!

interface Ethernet4/0/2

no ip address


no cdp enable

!

interface Ethernet4/0/2.1000


ip vrf forwarding blue

ip address 10.10.1.1 255.255.255.0


no cdp enable

!



ip vrf forwarding red

ip address 10.10.2.1 255.255.255.0


no cdp enable

!



ip vrf forwarding green

ip address 10.10.3.1 255.255.255.0


no cdp enable

!

interface FastEthernet6/0/0

description FE to P2-M20 & P4-M20

no ip address


no ip proxy-arp

no ip mroute-cache

neighbor 172.16.254.2 peer-group VPN


!

address-family ipv4

neighbor VPN activate



no auto-summary

no synchronization

exit-address-family

!

address-family vpnv4

neighbor VPN activate

neighbor VPN send-community extended



exit-address-family

! !

address-family ipv4 vrf blue

redistribute connected

no auto-summary

no synchronization

exit-address-family

!

address-family ipv4 vrf red


no auto-summary

no synchronization

exit-address-family

!

address-family ipv4 vrf green


no auto-summary

no synchronization

exit-address-family

!

end


avaya.com

3.7 Avaya ERS 8600 – PE17

PE17 is a PE router, so it does contain VPN configuration, therefore configuration file is more complex compared to P routers.

Configuration steps to configure IP-VPN on ERS 8600 are the following.

3 IP connectivity to P routers 4 MPLS configuration 5 VRF configuration 6 VPN configuration

3.7.1 IP connectivity to P routers

Configure switch from default configuration to have ip connectivity to P3 and P4.

1. Set the CLI Prompt

2. Enable tagging for port 3/48

3. Remove all ports from vlan 1,

4. Configure VLAN – assign port, IP interface address, and enable OSPF

5. Configure CLIP – assign IP interface address and enable OSPF

6. Set OSPF Router Id and enable OSPF Globally

7. Disable spanning-tree on Core ports, need to disable then enable port to activate.

ERS-8610:5# config cli prompt PE17

PE17:5# config ethernet 3/48 perform-tagging enable

PE17:5# config vlan 1 port remove 3/1-3/48

PE17:5# config vlan 32 create byport 1

PE17:5# config vlan 32 ports add 3/48

PE17:5# config vlan 32 ip create 172.16.0.33/30

PE17:5# config vlan 32 ip ospf enable




PE17:5# config vlan 36 ip ospf enable

PE17:5# config ip circuitless-ip-int 1 create 172.16.254.17/32

PE17:5# config ip circuitless-ip-int 1 ospf enable

PE17:5# config ip ospf admin-state enable


avaya.com

PE17:5# config ip ospf router-id 172.16.254.17

PE17:5# config ip ospf enable

PE17:5# config ethernet 3/48 stg 1 stp disable

PE17:5# config ethernet 3/48 state disable

PE17:5# config ethernet 3/48 state enable

Once ospf has exchanged routing information with its neighbors, the routing table is populated.

PE17:5# show ip route info

================================================================================

IP Route - GlobalRouter

================================================================================

NH INTER

DST MASK NEXT VRF COST FACE PROT AGE TYPE PRF

--------------------------------------------------------------------------------

172.16.0.4 255.255.255.252 172.16.0.37 Glob~ 11 36 OSPF 0 IB 20

172.16.0.8 255.255.255.252 172.16.0.34 Glob~ 11 32 OSPF 0 IB 20

172.16.0.12 255.255.255.252 172.16.0.37 Glob~ 11 36 OSPF 0 IB 20

172.16.0.16 255.255.255.252 172.16.0.37 Glob~ 12 36 OSPF 0 IB 20

172.16.0.20 255.255.255.252 172.16.0.34 Glob~ 11 32 OSPF 0 IB 20

172.16.0.24 255.255.255.252 172.16.0.37 Glob~ 12 36 OSPF 0 IB 20

172.16.0.28 255.255.255.252 172.16.0.37 Glob~ 11 36 OSPF 0 IB 20

172.16.0.32 255.255.255.252 172.16.0.33 - 1 32 LOC 0 DB 0

172.16.0.36 255.255.255.252 172.16.0.38 - 1 36 LOC 0 DB 0

172.16.254.2 255.255.255.255 172.16.0.37 Glob~ 11 36 OSPF 0 IBF 20

172.16.254.3 255.255.255.255 172.16.0.37 Glob~ 10 36 OSPF 0 IB 20

172.16.254.4 255.255.255.255 172.16.0.34 Glob~ 10 32 OSPF 0 IB 20

172.16.254.10 255.255.255.255 172.16.0.34 Glob~ 12 32 OSPF 0 IBF 20

172.16.254.13 255.255.255.255 172.16.0.37 Glob~ 11 36 OSPF 0 IBF 20

172.16.254.17 255.255.255.255 172.16.254.17 - 1 0 LOC 0 DB 0

15 out of 15 Total Num of Route Entries, 15 Total Num of Dest Networks displayed.


avaya.com

3.7.2 MPLS configuration

Next step is to configure MPLS. LDP is used to distribute labels (outer labels).

1. Enable ldp on vlan

2. Enable ldp globally and set router-id

PE17:5# config vlan 32 ip mpls ldp state enable

PE17:5# config vlan 36 ip mpls ldp state enable

PE17:5# config mpls router-id 172.16.254.17

PE17:5# config mpls ldp state enable

After labels are exchanged between nodes, you have different commands to display LDP information (info and summary).

PE17:5# show mpls ldp info

State : enabled

Penultimate Hop Pop : disabled

Hello Hold Time : 15

Session Keep Alive : 40

Loop Detect Hop Count Limit : disabled

Loop Detect Path Vector Limit: disabled

Redist-connected : disabled

Session Status Traps : disabled

Session Threshold Traps : disabled

Path Vector Limit Traps : disabled

PE17:5# show mpls ldp summary

Local LDP ID : 172.16.254.17:0

Routes : 14

Interface Adjacencies : 2

Extended Adjacencies : 0

Sessions : 2

Label Switched Paths : 14

Programmed In-segments : 7

Programmed Out-segments: 3

Redist-connected : disabled


avaya.com

LDP summary command is showing two interfaces; LDP interface information can be obtained with the following command.

PE17:5# show mpls ldp interface

Local LDP Id : 172.16.254.17:0

Interface : Vlan 32 ; State : Up

Nbr Count : 1

Hello Interval : 5 ; Next Hello : 1

Interface : Vlan 36 ; State : Up

Nbr Count : 1

Hello Interval : 5 ; Next Hello : 1

LDP summary command is showing two LDP sessions. The following command display operational state of session but also from which vlan session are established:

PE17:5# show mpls ldp session

Local LDP ID : 172.16.254.17:0

Peer LDP ID : 172.16.254.3:0 ; State : Operational

Hold Time : 30 ; Hold Time Remaining : 26

Peer LDP ID : 172.16.254.4:0 ; State : Operational

Hold Time : 30 ; Hold Time Remaining : 26

Total LDP sessions : 2

PE17:5# show mpls ldp discovery

Peer Ldp Id : 172.16.254.4:0 ; Transport Address : 172.16.254.4

Interface : Vlan 32

Hello Holdtime : 15

Config Seq Num : 7

Peer Ldp Id : 172.16.254.3:0 ; Transport Address : 172.16.254.3

Interface : Vlan 36

Hello Holdtime : 15

Config Seq Num : 10

The following command gives all interfaces on your peers. In fact LDP exchange interfaces information, see LDP trace in appendix I (address message).

PE17:5# show mpls ldp peer-address

Peer LDP ID : 172.16.254.3:0

Address : 172.16.0.6


avaya.com

172.16.0.13

172.16.0.29

172.16.0.37

Peer LDP ID : 172.16.254.4:0

Address : 172.16.0.10

172.16.0.14

172.16.0.22

172.16.0.34

Ldp summary command is showing 14 paths, you can display all paths with command ―show mpls ldp path‖. The LDP Path information shows all of the labels associated with each node. PE17 (172.16.254.17) generates a label for each of its FECs, this is the ―Local Binding‖. It then advertises this binding to its LDP neighbors where it becomes a ―Remote Binding‖. When you have redundant path (PE17 is with dual homed to P3 and P4), you have an active label, were traffic flows and inactive as a standby path, this is triggered by IGP. See LDP trace in appendix I (label mapping message).

PE17:5# show mpls ldp path

Fec : 172.16.0.16/30

Remote Binding : 172.16.254.4:0 ; Label : 102384(inactive)

Fec : 172.16.254.2/32

Local Binding : Label:25

Remote Binding : 172.16.254.3:0 ; Label : 102592(active)

172.16.254.4:0 ; Label : 102256(inactive)

Fec : 172.16.254.3/32



172.16.254.4:0 ; Label : 102288(inactive)

Fec : 172.16.254.4/32



172.16.254.4:0 ; Label : 3(active)

Fec : 172.16.254.10/32



172.16.254.4:0 ; Label : 102384(active)


avaya.com

Fec : 172.16.254.13/32



172.16.254.4:0 ; Label : 102272(inactive)

Fec : 172.16.254.17/32



172.16.254.4:0 ; Label : 102480(inactive)

Fec : 172.16.254.18/32



172.16.254.4:0 ; Label : 102496(inactive)

Total LDP paths : 8

The following command displays 14 LDP routes from LDP summary command. The LDP Routing is essentially the same as the IP routing table since it follows the best paths learned via the IGP. This table is used to determine the egress interface and next-hop IP address for each destination.

PE17:5# show mpls ldp route

Destination : 172.16.0.4/30

Next Hop Address : 172.16.0.37 ; Egress Interface : Vlan 36

Destination : 172.16.0.8/30


Destination : 172.16.0.12/30


Destination : 172.16.0.16/30


Destination : 172.16.0.20/30


Destination : 172.16.0.24/30



avaya.com

Destination : 172.16.0.28/30


Destination : 172.16.254.2/32


Destination : 172.16.254.3/32


Destination : 172.16.254.4/32


Destination : 172.16.254.10/32


Destination : 172.16.254.13/32


Destination : 172.16.254.17/32

Next Hop Address : Local ; Egress Interface : cpp ;

Destination : 172.16.254.18/32

Next Hop Address : Local ; Egress Interface : cpp ;

Total LDP routes : 14

Two label tables are populated based on LDP path & IP route table. First table is referred as Programmed in-segments (LDP summary command), table name is ILM (ILM : Incoming Label Map)

The incoming label mapping (ILM) table is then applied on egress PE and maps incoming labels to outgoing label (label swapping) to the appropriate egress port and VLAN-ID. In some case there is no outgoing label, this I known as label popping (remove label).

PE17:5# show mpls ilm info

In Label : 16 ; Out Label : N/A

Next-Hop : Interface : N/A ; Address : N/A





avaya.com






In Label : 21 ; Out Label : 3

Next-Hop : Interface : Vlan 32 ; Address : 172.16.0.34











11 out of 11 Total number of ILM entries.

Second label table is referred as Programmed out-segments (ldp summary command), table name is FTN (FEC (Forwarding Equivalent Class) To NHLFE (Next Hop Label Forwarding Entry)).

The Forwarding Equivalent Class table is consulted to determine which label values to use when encapsulating the packet on ingress PE for a specific FEC.

PE17:5# show mpls ftn info

Dest/Mask : 172.16.254.2/255.255.255.255

Out Label : 102592 ; Out Port : Vlan 36 ; Next-Hop : 172.16.0.37

Type : ldp-dynamic

Dest/Mask : 172.16.254.10/255.255.255.255


Type : ldp-dynamic

Dest/Mask : 172.16.254.13/255.255.255.255


Type : ldp-dynamic

3 out of 3 Total number of FTN entries.


avaya.com

MPLS connectivity to P or PE routers can be checked with mplsping command. A sniffer trace is shown in appendix II

PE17:5# mplsping ipv4 172.16.254.10/32 count 3

Success for FEC 172.16.254.10/32: mpls_seq=1.



Label Switched Path to FEC 172.16.254.10/32 is operational.

------ MPLS PING Statistics------

3 packets transmitted, 3 packets received, 0% packet loss

Mplsping command has an equivalent command on Juniper (PE13)

admin@PE13-M5> ping mpls ldp 172.16.254.17

!!!!!

--- lsping statistics ---


Mplsping command has an equivalent command on Cisco (PE10)

PE10# ping mpls ipv4 172.16.254.17/32

Sending 5, 100-byte MPLS Echos to 172.16.254.17/32,

timeout is 2 seconds, send interval is 0 msec:

Codes: '!' - success, 'Q' - request not transmitted,

'.' - timeout, 'U' - unreachable,

'R' - downstream router but not target

Type escape sequence to abort.

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 3/5/7 ms


avaya.com

3.7.3 VRF Configuration

Next step is to configure VRF that is, defining multiple routing instances, in fact networks attached to CE for each customer networks. Normally you define static routes to CE or use IGP or even eBGP, this is independent from VRF. In our case we have customer networks directly attached to our PE

1. Define VRFs (enable routing protocol per VRF, when PE is connected to CE, not in our case)

2. Create Customer VLANs, assign VRF

3. Define Circuitless-IP address for each VRF

4. Disable spanning-tree on Edge ports and then enable ports

PE17:5# config eth 3/1 perform-tagging enable

PE17:5# config vlan 1 port remove 3/1

PE17:5# config ip vrf blue create id 1


PE17:5# config vlan 1000 vrf blue




PE17:5# config vlan 1010 vrf blue



PE17:5# config ip vrf red create id 2


PE17:5# config vlan 2000 vrf red




PE17:5# config vlan 2010 vrf red



PE17:5# config ip vrf green create id 3


PE17:5# config vlan 3000 vrf green





avaya.com

PE17:5# config vlan 3010 vrf green



PE17:5# config ip vrf blue circuitless-ip-int 2 create 10.17.0.1/24

PE17:5# config ip vrf red circuitless-ip-int 3 create 10.17.0.2/24

PE17:5# config ip vrf green circuitless-ip-int 4 create 10.17.0.3/24

PE17:5# config ethernet 3/1 stg 1 stp disable

PE17:5# config ethernet 3/1 state disable

PE17:5# config ethernet 3/1 state enable

The following two commands display configured numbers of VRF, IGP configured for each VRF and vlan ID attached to each VRF.

PE17:5# show ip vrf info

================================================================================

VRF INFORMATION

================================================================================

VRF COUNT OSPF COUNT RIP COUNT BGP COUNT ARP COUNT

--------------------------------------------------------------------------------

4 1 1 4 25

VRF NAME VRF ID OSPF RIP BGP VLAN COUNT ARP COUNT

--------------------------------------------------------------------------------

GlobalRouter 0 TRUE TRUE TRUE 4 10

blue 1 FALSE FALSE TRUE 2 5

red 2 FALSE FALSE TRUE 2 5

green 3 FALSE FALSE TRUE 2 5

PE17:5# show vlan info vrf

================================================================================

VLAN VRF Association

================================================================================

VLAN VRF

ID NAME

--------------------------------------------------------------------------------

1 GlobalRouter


avaya.com

32 GlobalRouter

36 GlobalRouter

110 GlobalRouter

1000 blue

1010 blue

2000 red

2010 red

3000 green

3010 green

All 10 out of 10 Total Num of Vlan VRF Association entries displayed

3.7.4 VPN Configuration

Last step is to configure BPG and MP-BGP in order to inject routes from VRF but also to extract VPN routes from BGP. This is done by configuring route target (RT) and route distinguisher (RD) and configures route policies. MP-BGP is used to carry out VPN routes (see appendix III)

1. Configure BGP

Set AS, disable auto-summary and synchronization,. A peer group is configured (VPN) with neighbors being route reflectors (P3 & P4). That’s internal BGP (remote as 2028). Enable route-refresh to transmit VPN routes when BGP policies changes. Enable MP-BGP (address family vpnv4) and BGP itself (admin-state enable)

2. Configure IP VPN for each VRF and set RT.

Use import and export commands to inject/retrieve VPN routes from MP-BGP with proper.

3. Optional step, route redistribution when a CE is used to import/export route from/to PE.

PE17:5# config ip bgp auto-summary disable

PE17:5# config ip bgp synchronization disable

PE17:5# config ip bgp local-as 2028

PE17:5# config ip bgp aggregation disable

PE17:5# config ip bgp enable

PE17:5# config ip bgp neighbor "172.16.254.2" create

PE17:5# config ip bgp neighbor "172.16.254.3" create

PE17:5# config ip bgp neighbor "VPN" create

PE17:5# config ip bgp neighbor 172.16.254.2 peer-group "VPN" add

PE17:5# config ip bgp neighbor 172.16.254.3 peer-group "VPN" add

PE17:5# config ip bgp neighbor "VPN" ebgp-multihop disable

PE17:5# config ip bgp neighbor "VPN" remote-as 2028

PE17:5# config ip bgp neighbor "VPN" remove-private-as disable

PE17:5# config ip bgp neighbor "VPN" route-advertisement-interval 30 add


avaya.com

PE17:5# config ip bgp neighbor "VPN" route-refresh enable

PE17:5# config ip bgp neighbor "VPN" address-family vpnv4 enable

PE17:5# config ip bgp neighbor "VPN" admin-state enable

PE17:5# config ip vrf blue ipvpn create

PE17:5# config ip vrf blue ipvpn rd 2028:1000

PE17:5# config ip vrf blue ipvpn rt add import 2028:1000

PE17:5# config ip vrf blue ipvpn rt add export 2028:1000

PE17:5# config ip vrf blue ipvpn enable

PE17:5# config ip vrf red ipvpn create

PE17:5# config ip vrf red ipvpn rd 2028:1001

PE17:5# config ip vrf red ipvpn rt add import 2028:1001

PE17:5# config ip vrf red ipvpn rt add export 2028:1001

PE17:5# config ip vrf red ipvpn enable

PE17:5# config ip vrf green ipvpn create

PE17:5# config ip vrf green ipvpn rd 2028:1002

PE17:5# config ip vrf green ipvpn rt add import 2028:1002

PE17:5# config ip vrf green ipvpn rt add export 2028:1002

PE17:5# config ip vrf green ipvpn enable

Once BGP peering with route reflector(s) has been established you can get VPN routes. To display BGP peering state, use the following command:

PE17:5# show ip bgp summary

================================================================================

BGP Summary - GlobalRouter

================================================================================

BGP version - 4

local-as - 2028

Identifier - 172.16.254.17

Decision state - Idle

The total number of routes is 0

BGP NEIGHBOR INFO :


avaya.com

NEIGHBOR RMTAS STATE HLDTM KPALV HLDCFG KPCFG WGHT CONRTY ADVINT

--------------------------------------------------------------------------------

172.16.254.2 2028 Established 90 30 180 60 100 120 30

172.16.254.3 2028 Established 90 30 180 60 100 120 30

Total bgp neighbors: 2

BGP State can be Idle, Connect, Active, OpenSent, OpenConfirm or Established.

More details on BGP peering can be displayed with ―show ip bgp peer-group‖ command

PE17:5# show ip bgp peer-group

================================================================================

BGP Peer Group - GlobalRouter

================================================================================

***************peer group info*****************

BGP peer group name: VPN

BGP peer group VRF : GlobalRouter

BGP peer group index: 1

remote AS 2028

admin-state - BGP ON

ebgp-multihop - disable

hold-time - 180

keepalive-time - 60

max-prefix - 12000

nexthop-self - disable

originate-def-route - disable

MD5-authentication - disable

remove-private-as - disable

route-advertisement-interval - 30

route-reflector-client - disable

route-refresh - enable

send-community - disable

soft-reconfiguration-in - enable

updt-source-interface - 0.0.0.0

weight - 100

Route Policy In -


avaya.com

Route Policy Out -

address-family vpnv4 - enable

ipvpn-lite-capability - disable

-------------neighbor info---------------

BGP neighbor is 172.16.254.2 remote AS 2028, Internal Peer, MP-BGP-capable,

BGP state [Established]

remote router ID 172.16.254.2

vrf instance - 0


connect-retry-interval - 120


hold-time - 90

keepalive-time - 30

hold-time-configured - 180

keepalive-time-configured - 60

max-prefix - 12000




neighbor-debug - none







weight - 100

Route Policy In -

Route Policy Out -




negotiated-session-capabilites - vpnv4 route-refresh


avaya.com

BGP neighbor is 172.16.254.3 remote AS 2028, Internal Peer, MP-BGP-capable,

BGP state [Established]

remote router ID 172.16.254.3

vrf instance - 0


connect-retry-interval - 120


hold-time - 90

keepalive-time - 30

hold-time-configured - 180

keepalive-time-configured - 60

max-prefix - 12000




neighbor-debug - none







weight - 100

Route Policy In -

Route Policy Out -




negotiated-session-capabilites - vpnv4 route-refresh

Total bgp neighbors: 2

Total bgp Groups : 1

Each route reflector will advertise VPN routes, as we have two routes reflectors, PE will get routes twice but from with different peer remote, in our case we have 10 routes for routing instance blue but 5 are identical, they come from two different BGP peer.


avaya.com

PE17:5# show ip bgp route vrf blue

===============================================================================

BGP Routes - VRF blue

===============================================================================

The total number of routes is 10

NETWORK/MASK PEER REM ADDR NEXTHOP ADDRESS ORG LOC PREF

-------------------------------------------------------------------------------

10.10.0.1/32 172.16.254.2 172.16.254.10 INC 100

AS_PATH: path-is-empty

MED:0

ORIGINATE-ID: 172.16.254.10 CLUSTER-ID: 172.16.0.0

10.10.0.1/32 172.16.254.3 172.16.254.10 INC 100


MED:0


10.10.1.0/24 172.16.254.2 172.16.254.10 INC 100


MED:0


10.10.1.0/24 172.16.254.3 172.16.254.10 INC 100


MED:0


10.13.0.1/32 172.16.254.2 172.16.254.13 IGP 100


MED:1


10.13.0.1/32 172.16.254.3 172.16.254.13 IGP 100


MED:1


10.13.1.0/24 172.16.254.2 172.16.254.13 IGP 100


MED:2


10.13.1.0/24 172.16.254.3 172.16.254.13 IGP 100


avaya.com


MED:2


10.13.250.0/30 172.16.254.2 172.16.254.13 IGP 100



10.13.250.0/30 172.16.254.3 172.16.254.13 IGP 100



To display VPN label (inner MPLS label) for routing instance blue, use the following command.

PE17:5# show ip bgp route-vpn vrf blue

================================================================================

IPVPN BGP Routes - VRF blue

================================================================================

The total number of vpn routes are 10

NETWORK/MASK PEER REM ADDR NEXTHOP ADDRESS ORG LOC PREF SVC LABEL

--------------------------------------------------------------------------------

10.10.0.1/32 172.16.254.2 172.16.254.10 INC 100 31

10.10.0.1/32 172.16.254.3 172.16.254.10 INC 100 31

10.10.1.0/24 172.16.254.2 172.16.254.10 INC 100 32

10.10.1.0/24 172.16.254.3 172.16.254.10 INC 100 32

10.13.0.1/32 172.16.254.2 172.16.254.13 IGP 100 100992

10.13.0.1/32 172.16.254.3 172.16.254.13 IGP 100 100992

10.13.1.0/24 172.16.254.2 172.16.254.13 IGP 100 100992

10.13.1.0/24 172.16.254.3 172.16.254.13 IGP 100 100992

10.13.250.0/30 172.16.254.2 172.16.254.13 IGP 100 100992

10.13.250.0/30 172.16.254.3 172.16.254.13 IGP 100 100992

Finally to display routing table for routing instance (VRF) blue use the ―show ip route info vrf blue‖ command. You can see route is coming from BGP (PROT), but as well an IPVPN type (TYPE = V).

PE17:5# show ip route info vrf blue

================================================================================

IP Route - VRF blue

================================================================================

NH INTER


avaya.com


--------------------------------------------------------------------------------

10.10.0.1 255.255.255.255 172.16.254.10 Glob~ 0 32 BGP 0 IBV 175

10.10.1.0 255.255.255.0 172.16.254.10 Glob~ 0 32 BGP 0 IBV 175

10.13.0.1 255.255.255.255 172.16.254.13 Glob~ 0 36 BGP 0 IBV 175

10.13.1.0 255.255.255.0 172.16.254.13 Glob~ 0 36 BGP 0 IBV 175

10.13.250.0 255.255.255.252 172.16.254.13 Glob~ 0 36 BGP 0 IBV 175

10.17.0.1 255.255.255.255 10.17.0.1 - 1 0 LOC 0 DB 0

10.17.1.0 255.255.255.0 10.17.1.1 - 1 1000 LOC 0 DB 0

10.17.123.0 255.255.255.0 10.17.123.1 - 1 1010 LOC 0 DB 0


--------------------------------------------------------------------------------

TYPE Legend:

I=Indirect Route, D=Direct Route, A=Alternative Route, B=Best Route, E=Ecmp Rout

e,

U=Unresolved Route, N=Not in HW, F=Replaced by FTN, V=IPVPN Route

PROTOCOL Legend:

v=Inter-VRF route redistributed

For each routing instance you have separate ARP entries, you can display ARP for VRF blue with ―show ip arp vrf blue‖ command.

PE17:5# show ip arp info vrf blue

================================================================================

IP Arp - VRF blue

================================================================================

IP_ADDRESS MAC_ADDRESS VLAN PORT TYPE TTL(10 Sec)

--------------------------------------------------------------------------------

10.17.0.1 00:00:00:00:00:02 - - LOCAL 2160

10.17.1.1 00:80:2d:35:92:00 1000 - LOCAL 2160

10.17.1.255 ff:ff:ff:ff:ff:ff 1000 - LOCAL 2160

10.17.123.1 00:80:2d:35:92:03 1010 - LOCAL 2160

10.17.123.255 ff:ff:ff:ff:ff:ff 1010 - LOCAL 2160

5 out of 25 ARP entries displayed


avaya.com

4. IP-VPN traffic flow

This chapter explains what the mechanism is to classify and encapsulate traffic on each node of the network and how forwarding is achieved when traffic is sent from one customer network to another that is crossing MPLS network.

4.1 Traffic flow from PE17 to PE10

Traffic goes from Avaya ERS 8600 router to Cisco 7500 router.

Note – PHP (penultimate hop popping has been set to disabled in order to have dual label stack. Default PHP is implicit null, pen-ultimate router pops outer label and only inner label (VPN label) remains.

4.1.1 PE17 node, ICMP request

Command ―ping vrf‖ is used to generate traffic across PEs. It is also possible to connect PCs to CEs or PEs or use a traffic generator but that requires additional hardware.

To ping remote loopback in VPN blue (10.10.0.1), the following command is used

PE17:5# ping 10.10.0.1 vrf blue source 10.17.0.1 count 3

PING 10.10.0.1: 56 data bytes

64 bytes from 10.10.0.1: icmp_seq=0. time=1.759 ms



----10.10.0.1 PING Statistics----


round-trip (ms) min/avg/max = 1.759/1.771/1.784

Note – Source IP address filed is mandatory. ERS 8600 does not take automatically circuitless IP address configured for specified VRF.

To understand what happen on network, traffic is captured on ERS 8600 port 3/48. A sniffer is connected to port 3/30 configured for port mirroring.

PE17:5# config diag mirror-by-port 1 create in-port 3/48 out-port 3/30

PE17:5# config diag mirror-by-port 1 mode both

Frames are captured on sniffer, the ping request has the following format.

Frame 18 (170 bytes on wire, 170 bytes captured)

Ethernet II, Src: 172.16.0.33 (00:80:2d:35:92:01), Dst: 172.16.0.34

(00:90:69:87:24:00)

802.1Q Virtual LAN

111. .... .... .... = Priority: 7


avaya.com

...0 .... .... .... = CFI: 0

.... 0000 0010 0000 = ID: 32

Type: MPLS label switched packet (0x8847)

MultiProtocol Label Switching Header, Label: 102384, Exp: 0, S: 0, TTL: 255

MPLS Label: 102384

MPLS Experimental Bits: 0

MPLS Bottom Of Label Stack: 0

MPLS TTL: 255


MPLS Label: 31



MPLS TTL: 2

Internet Protocol, Src: 10.17.0.1 (10.17.0.1), Dst: 10.10.0.1 (10.10.0.1)

Version: 4

Header length: 20 bytes

Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)

Total Length: 84

Identification: 0x2e65 (11877)

Flags: 0x00

Fragment offset: 0

Time to live: 64

Protocol: ICMP (0x01)

Header checksum: 0x3828 [correct]

Source: 10.17.0.1 (10.17.0.1)

Destination: 10.10.0.1 (10.10.0.1)

Internet Control Message Protocol

Type: 8 (Echo (ping) request)

Code: 0

Checksum: 0x7f63 [correct]

Identifier: 0x1d20

Sequence number: 0x0000

Data (56 bytes)

Trace shows MPLS encapsulation (0x8847) with two MPLS labels (102384 & 31), S informs about bottom of stack, when value is 1, last label is reached. So 102384 is outer label (S=0) and 31 is inner label (S=1). Frame has a VLAN tag, value is 32, we also see ERS 8600 & Juniper P4 MAC addresses


avaya.com

To find what is the path taken to reach final destination (10.10.0.1) in VPN blue, routing table on PE17 is queried with the following parameters:

PE17:5# show ip route info vrf blue ip 10.10.0.1

================================================================================

IP Route - VRF blue

================================================================================

NH INTER


--------------------------------------------------------------------------------

10.10.0.1 255.255.255.255 172.16.254.10 Glob~ 0 32 BGP 0 IBV 175


--------------------------------------------------------------------------------

TYPE Legend:


e,


PROTOCOL Legend:


Next hop is 172.16.254.10. The following command displays what is the MPLS path for next-hop (need to specify mask: 172.16.254.10/32).

PE17:5# show mpls ftn info 172.16.254.10/32

Dest/Mask : 172.16.254.10/255.255.255.255


Type : ldp-dynamic

Traffic will be sent to next-hop 172.16.0.34, that is P4, with label 102384 (outer label) on vlan 32. Inner label can be displayed with the following command

PE17:5# show ip bgp route-vpnv4 vrf blue ip 10.10.0.1

================================================================================


================================================================================




avaya.com

--------------------------------------------------------------------------------

10.10.0.1/32 172.16.254.2 172.16.254.10 INC 100 31

10.10.0.1/32 172.16.254.3 172.16.254.10 INC 100 31

Inner label for 10.10.0.1 is 31, which is what we get from sniffer trace.

4.1.2 P4 node, MPLS label 102384

P4 receives an MPLS frame with label 102384, let’s check what is the next hop for this label.

admin@P4-M20> show route label 102384

mpls.0: 17 destinations, 17 routes (17 active, 0 holddown, 0 hidden)

Restart Complete

+ = Active Route, - = Last Active, * = Both

102384 *[LDP/9] 06:52:44, metric 1

> to 172.16.0.21 via fe-0/0/0.20, Pop

102384(S=0) *[LDP/9] 06:52:44, metric 1

> to 172.16.0.21 via fe-0/0/0.20, Pop

Label is popped (removed) and frame is sent to next hop 172.16.0.21 (via fe-0/0/0.20), that is to PE10 on vlan 20.

Note – MPLS frame has only one label, P removed outer label due to PHP configuration on PE10 (implicit null). If route was to another P router, MPLS would have kept two labels but outer would have been changed (swap). In all cases inner label (VPN label) remains.

4.1.3 PE10 node, MPLS label 31

PE10 receives an MPLS frame with label 31 (outer label popped on P4). The following command displays the next hop for this label.

PE10# show mpls forwarding-table labels 31 detail

Local Outgoing Prefix Bytes tag Outgoing Next Hop

tag tag or VC or Tunnel Id switched interface

31 Aggregate 10.10.0.1/32[V] 956

MAC/Encaps=0/0, MRU=0, Tag Stack{}

VPN route: blue

No output feature configured


avaya.com

As expected, traffic is classified to VPN blue and routed to 10.10.0.1

PE10# show ip route vrf blue 10.10.0.1

Routing entry for 10.10.0.1/32

Known via "connected", distance 0, metric 0 (connected, via interface)

Redistributing via bgp 2028

Advertised by bgp 2028

Routing Descriptor Blocks:

* directly connected, via Loopback1

Route metric is 0, traffic share count is 1

At this point ICMP request frame is processed and an ICMP reply is generated back to source (10.17.0.1). The following command displays routing table on PE10 for 10.17.0.1

PE10# show ip route vrf blue

Routing Table: blue

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 8 subnets, 3 masks

C 10.10.1.0/24 is directly connected, Ethernet4/0/2.1000

C 10.10.0.1/32 is directly connected, Loopback1

B 10.13.1.0/24 [200/2] via 172.16.254.13, 06:35:33

B 10.13.0.1/32 [200/1] via 172.16.254.13, 06:35:33

B 10.17.1.0/24 [200/0] via 172.16.254.17, 03:39:14

B 10.17.0.1/32 [200/0] via 172.16.254.17, 03:39:14

B 10.17.123.0/24 [200/0] via 172.16.254.17, 03:39:14

B 10.13.250.0/30 [200/0] via 172.16.254.13, 06:35:33


avaya.com

The following command displays is the label used (outer label)

PE10# show mpls forwarding-table 172.16.254.17



29 102560 172.16.254.17/32 0 Fa6/0/0.20 172.16.0.22

Traffic will be sent to next-hop 172.16.0.22 with label 102560 (outer label) on vlan 20. That is through P4. Inner label can be displayed with the following command

PE10# show ip bgp vpnv4 vrf blue labels

Network Next Hop In label/Out label

Route Distinguisher: 2028:1000 (blue)

10.10.0.1/32 0.0.0.0 31/aggregate(blue)

10.10.1.0/24 0.0.0.0 32/aggregate(blue)

10.13.0.1/32 172.16.254.13 nolabel/100992

172.16.254.13 nolabel/100992

10.13.1.0/24 172.16.254.13 nolabel/100992

172.16.254.13 nolabel/100992

10.13.250.0/30 172.16.254.13 nolabel/100992

172.16.254.13 nolabel/100992

10.17.0.1/32 172.16.254.17 nolabel/524289

172.16.254.17 nolabel/524289

10.17.1.0/24 172.16.254.17 nolabel/524289

172.16.254.17 nolabel/524289

10.17.123.0/24 172.16.254.17 nolabel/524289

172.16.254.17 nolabel/524289

Inner label (VPN label) used is 524289.


P4 receives an MPLS frame with label 102560, the following command displays the next hop for this label.



Restart Complete


102560 *[LDP/9] 04:03:36, metric 1


avaya.com

> to 172.16.0.33 via fe-0/0/0.32, Swap 19

Label is swapped (replaced) and frame is sent to next hop 172.16.0.33 (via fe-0/0/0.32), that is to PE17 on vlan 32.

Note – MPLS frame has two labels (outer and inner label), P router replaced outer label due to PHP configuration on PE17 (disabled).


PE17 receives an MPLS frame with label 19 (outer label). The following command displays the next hop for this label.

PE17:5# show mpls ilm info min-in-label 19




Basically it means that frame has to be processed. Next label is inner label (VPN label), 524289.

Note – There is currently no show command to display inner label next hop treatment.

Sniffer trace confirms ICMP reply with outer label 19 and inner label 524289.


Ethernet II, Src: 172.16.0.34 (00:90:69:87:24:00), Dst: 172.16.0.33

(00:80:2d:35:92:01)

802.1Q Virtual LAN

000. .... .... .... = Priority: 0

...0 .... .... .... = CFI: 0

.... 0000 0010 0000 = ID: 32



MPLS Label: 19



MPLS TTL: 254


MPLS Label: 524289



avaya.com


MPLS TTL: 255


Version: 4



Total Length: 84

Identification: 0x2e65 (11877)

Flags: 0x00

Fragment offset: 0

Time to live: 255



Source: 10.10.0.1 (10.10.0.1)

Destination: 10.17.0.1 (10.17.0.1)


Type: 0 (Echo (ping) reply)

Code: 0

Checksum: 0x8763 [correct]

Identifier: 0x1d20


Data (56 bytes)

4.1.6 Cisco Ping VRF command syntax

Cisco routers can ping in VRF, here is the syntax:

PE10# ping vrf blue 10.17.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.17.0.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms


avaya.com

4.2 Traffic flow from PE17 to CE13

Traffic goes from Avaya ERS 8600 router to Juniper M5 router.


4.2.1 PE17 node, ICMP request

Command ―ping vrf‖ is used to generate traffic across PEs. It is also possible to connect PCs to CEs or PEs or use a traffic generator but that requires additional hardware.

To ping remote loopback in VPN blue (10.13.0.1), the following command is used

PE17:5# ping 10.13.0.1 vrf blue source 10.17.0.1 count 3

PING 10.13.0.1: 56 data bytes




----10.13.0.1 PING Statistics----


round-trip (ms) min/avg/max = 1.041/1.051/1.064

Note – Source IP address filed is mandatory. ERS 8600 does not take automatically circuitless IP address configured for specified VRF.

To understand what happen on network, traffic is captured on ERS 8600 port 3/48. A sniffer is connected to port 3/30 configured for port mirroring.



Frames are captured on sniffer, the ping request has the following format.



(00:90:69:8c:a4:00)

802.1Q Virtual LAN

100. .... .... .... = Priority: 4

...0 .... .... .... = CFI: 0

.... 0000 0010 0100 = ID: 36



MPLS Label: 101104


avaya.com



MPLS TTL: 255


MPLS Label: 100992



MPLS TTL: 2


Version: 4



Total Length: 84

Identification: 0x475e (18270)

Flags: 0x00

Fragment offset: 0

Time to live: 64


Header checksum: 0x1f2c [correct]

Source: 10.17.0.1 (10.17.0.1)

Destination: 10.13.0.1 (10.13.0.1)


Type: 8 (Echo (ping) request)

Code: 0

Checksum: 0x0526 [correct]

Identifier: 0x1d20


Data (56 bytes)

Trace shows MPLS encapsulation (0x8847) with two MPLS labels (101104 & 100992), S informs about bottom of stack, when value is 1, last label is reached. So 101104 is outer label (S=0) and 100992 is inner label (S=1). Frame has a VLAN tag, value is 36, we also see ERS 8600 & Juniper P4 MAC addresses.

To find what is the path taken to reach final destination (10.13.0.1) in VPN blue, routing table on PE17 is queried with the following parameters:

PE17:5# show ip route info vrf blue ip 10.13.0.1

================================================================================

IP Route - VRF blue

================================================================================


avaya.com

NH INTER


--------------------------------------------------------------------------------

10.13.0.1 255.255.255.255 172.16.254.13 Glob~ 0 36 BGP 0 IBV 175


--------------------------------------------------------------------------------

TYPE Legend:


e,


PROTOCOL Legend:


Next hop is 172.16.254.13. The following command displays what is the MPLS path for next-hop (need to specify mask: 172.16.254.13/32).


Dest/Mask : 172.16.254.13/255.255.255.255


Type : ldp-dynamic

Traffic will be sent to next-hop 172.16.0.37, that is P3 with label 101104 (outer label) on vlan 36. Inner label can be displayed with the following command

PE17:5# show ip bgp route-vpnv4 vrf blue ip 10.13.0.1

================================================================================


================================================================================



--------------------------------------------------------------------------------

10.13.0.1/32 172.16.254.2 172.16.254.13 IGP 100 100992

10.13.0.1/32 172.16.254.3 172.16.254.13 IGP 100 100992

Inner label for 10.13.0.1 is 100992, which is what we get from sniffer trace.


avaya.com


P3 receives an MPLS frame with label 101104, The following command displays the next hop for this label.



Restart Complete


101104 *[LDP/9] 22:03:34, metric 1

> to 172.16.0.30 via ge-0/0/0.28, Pop

101104(S=0) *[LDP/9] 22:03:34, metric 1

> to 172.16.0.30 via ge-0/0/0.28, Pop

Label is popped (removed) and frame is sent to next hop 172.16.0.30 (via ge-0/0/0.28), that is to PE13 on vlan 28.

Note – MPLS frame has only one label, P removed outer label due to PHP configuration on PE10 (implicit null). If route was to another P router, MPLS would have kept two labels but outer would have been changed (swap). In all cases inner label (VPN label) remains.


PE13 receives an MPLS frame with label 100992 (outer label popped on P4). The following command displays the next hop for this label

admin@PE13-M5> show route table mpls label 100992


Restart Complete


100992 *[VPN/170] 2d 05:57:48

> to 10.13.250.2 via fe-0/0/1.130, Pop

As expected, MPLS frame is popped, only IP frame remains, that is to destination 10.13.250.2, that to CE13 through interface fe-0/0/1 using VLAN 130.


avaya.com

4.2.4 CE13 node, destination IP address 10.13.0.1

CE13 receives an IP frame with destination address 10.13.0.1. The following command displays the next hop for this address.

admin@CE13-M5> show route table blue 10.13.0.1

blue.inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)


10.13.0.1/32 *[Direct/0] 2w1d 03:15:43

> via lo0.1

At this point ICMP request frame is processed and an ICMP reply is generated back to source (10.17.0.1). The following command displays routing table on CE13 for 10.17.0.1.

admin@CE13-M5> show route table blue 10.17.0.1



10.17.0.1/32 *[OSPF/150] 04:38:22, metric 0, tag 3489662956

> to 10.13.250.1 via fe-0/0/1.130

CE13 sends an IP frame to next hop 10.13.250.1 (learned by OSPF), that is PE13, through interface fe-0/0/1 using VLAN 130.

4.2.5 PE13 node, destination IP address 10.17.0.1

PE13 receives an IP frame with destination address 10.17.0.1. The following command displays the next hop for this address.

admin@PE13-M5> show route table blue 10.17.0.1



10.17.0.1/32 *[BGP/170] 04:44:33, localpref 100, from 172.16.254.2

AS path: ?

> to 172.16.0.29 via fe-0/0/0.28, Push 524289, Push 102800()

[BGP/170] 04:44:23, localpref 100, from 172.16.254.3

AS path: ?

> to 172.16.0.29 via fe-0/0/0.28, Push 524289, Push 102800()


avaya.com

[BGP/170] 2d 06:09:27, localpref 100, from 172.16.254.3

AS path: ?

Indirect

Routing table gives all information with one command (different on Avaya and Cisco implementation).

Traffic will be sent to next-hop 172.16.0.29 with label inner label 524289 and with outer label 102800 on vlan 28. That is through P3.


P3 receives an MPLS frame with label 102800, The following command displays the next hop for this label.



Restart Complete


102800 *[LDP/9] 05:02:05, metric 1

> to 172.16.0.38 via ge-0/0/0.36, Swap 19

Label is swapped (replaced) and frame is sent to next hop 172.16.0.38 (via ge-0/0/0.36), that is to PE17 on vlan 36.

Note – MPLS frame has two labels (outer and inner label), P replaced outer label due to PHP configuration on PE17 (disabled).


PE17 receives an MPLS frame with label 19 (outer label). The following command displays the next hop for this label





Basically it means that frame has to be processed. Next label is inner label (VPN label), 524289.

Note – There is currently no show command to display inner label next hop treatment.


avaya.com

Sniffer trace confirms ICMP reply with outer label 19 and inner label 524289


Ethernet II, Src: 172.16.0.37 (00:90:69:8c:a4:00), Dst: 172.16.0.38

(00:80:2d:35:92:02)

802.1Q Virtual LAN

000. .... .... .... = Priority: 0

...0 .... .... .... = CFI: 0

.... 0000 0010 0100 = ID: 36



MPLS Label: 19



MPLS TTL: 254


MPLS Label: 524289



MPLS TTL: 254


Version: 4



Total Length: 84

Identification: 0xb57e (46462)

Flags: 0x00

Fragment offset: 0

Time to live: 255


Header checksum: 0xf20a [correct]

Source: 10.13.0.1 (10.13.0.1)

Destination: 10.17.0.1 (10.17.0.1)


Type: 0 (Echo (ping) reply)

Code: 0

Checksum: 0x0d26 [correct]

Identifier: 0x1d20


avaya.com


Data (56 bytes)

4.2.8 Juniper Ping VRF command syntax

Juniper routers can ping in VRF, here is the syntax:

admin@CE13-M5> ping 10.17.0.1 routing-instance blue count 5

PING 10.17.0.1 (10.17.0.1): 56 data bytes

64 bytes from 10.17.0.1: icmp_seq=0 ttl=1 time=0.945 ms





--- 10.17.0.1 ping statistics ---


round-trip min/avg/max/stddev = 0.849/0.881/0.945/0.036 ms


avaya.com

5. IP-LER

This feature allows IP networks on PEs to be transported over P routers by MPLS rather than IP for Global Routing Table (GRT) only, not for VRF. There is no virtualization for IP-LER feature. Multi-Protocol Label Switching (MPLS) [RFC3031] is primarily a service provider (SP) technology where IP traffic can be encapsulated with a label stack and then label switched across a network via Label Switched Paths (LSPs) and Routers (LSRs).

A label switched path (LSP) is an end-to-end unidirectional tunnel set up between MPLS-enabled routers. Data travels through the MPLS network over LSPs from the network ingress to the network egress. The LSP is determined by a sequence of labels, initiated at the ingress node. Packets that require the same treatment for transport through the network are grouped into a forwarding equivalence class (FEC). By default, the LSP will take the same path as this discovered by the IGP route table.

The FECs are identified by the destination subnet of the packets to be forwarded. All packets within the same FEC use the same LSP to travel across the network. Packets are classified once, as they enter the network; all subsequent forwarding decisions are based on the FEC to which each packet belongs (that is, each label corresponds to a FEC). IP-LER MPLS enabled routers use RSVP-TE to generate and distribute label-to-FEC bindings.

Traffic engineering could be used if you do not wish to use the default switch path. The main advantage of traffic engineering is that path can be manually provisioned which is referred as strict mode. If the path follows the best route learned from Interior Gateway Protocol (IGP), this is referred as loose mode. In our case, Primary LSP has been configured in strict mode, Secondary LSP in loose mode.

5.1 IP-LER Configuration Example Reference

Using figure 8 as a reference as shown below, three Juniper M20’s are configured as provider (P) routers, that is P2, P3 and P4. MPLS is configured on all ―core‖ interfaces. Interfaces are configured to use Q tags to reduce number of physical interfaces. RSVP-TE is configured on ―core‖ interfaces to exchange labels. The Interior Gateway Protocol (IGP) configured is OSPF; all routers are in OSPF area 0.

In order to have bidirectional traffic you have to configure two LSPs, that is one on each PE. For instance on PE17, four primary LSPs will be needed to have a path between PE17-PE10 and PE-PE13, primary path (strict mode) will be configured as follows:

PE17-PE10 : next hop 172.16.0.37, 172.16.0.5, 172.16.0.18

PE10-PE17 : next hop 172.16.0.17, 172.16.0.6, 172.16.0.38

PE17-PE13 : next hop 172.16.0.34, 172.16.0.9, 172.16.0.26

PE13-PE17 : next hop 172.16.0.25, 172.16.0.10, 172.16.0.33

LSPs have protection, in case the primary path breaks, then a secondary LSP (standby) which is already established, will take over. Secondary LSP are configured in loose mode, in fact based on OSPF, most likely using one hop.


avaya.com

V4

.5 .6

FE0/0/0.9

.10

.13

.14

V12V8

FE0/0/0

GE0/0/0

FE0/0/0

PE17

TS 194#4

GE0/0/0

PE13

TS .135#15

PE10

TS .135#5

OOB=47.162.222.133

SSF5

OOB=47.162.99.10

Ethernet4/0/3

OOB=47.162.99.13

fxp0.0

P4-M20

P2-M20 P3-M20

PE13-M5

V16

V20

V24 V28

FE0/0/0

6/0/0

FE0/0/0 FE0/0/0

FE0/0/0 GE0/0/0

.17

.18.22

.21

.26 .30

3/4

8

Loopback

172.16.254.10

Loopback

172.16.254.18


MPLS, RSVP-TE on all interfaces


135 : 47.162.99.135

#8 : Port 8

PE10

C7500

PE10

C7500PE17

ERS8600

PE17

ERS8600

Primary LSP

Secondary LSP

FE

0/0

/06/0

/0

V32

.34

.33

CORE LINKS

172.16.0.X/30

.37

.29

.38

Loopback

172.16.254.13

3/48

.25

FE0/0/0

V36

Figure 8 : IP-LER Provider Edge

Note – LSPs have only been created between PE10/PE17 and PE13/PE17 in order to keep the configuration simple. This configuration is referred as Hub and Spoke topology, PE17 is the Hub and PE10/PE13 being the spokes. Hub and Spoke topology does not allow end station connectivity between Spokes, that is between PE10/PE13.

To get fully mesh topology, that is end station connectivity between all PEs, simply configure LSPs between PE10/PE17.

Juniper software maintains multiple routing tables, inet.0 for unicast ipv4 routes, inet.3 for MPLS routing table for path information (as well routing tables for multicast, iso and mpls routing protocols). This implementation allows routes learnt by LDP & RSVP to be installed in RTM (routing table management).

Secondary LSPs (loose mode) are configured using peer PE circuitless IP address as destination IP address. Circuitless IP address are advertised by OSPF and are installed in inet.0 (unicast routing protocol) but also advertised by RSVP and installed in inet.3 (mpls routing protocol). On PE13 two entries for PE17 circuitless IP address (172.16.254.17) are installed, one from RSVP (route preference 7) and one from LDP (route preference 9). Route preference is used as tie breaker and RSVP will always been selected.

Basically IP-VPN traffic (signaled by LDP but using circuitless IP address as next hop) will use LSP signaled by RSVP-TE. For that particular reason a second loopback on PE17 (172.16.254.18). has been created.

Note – PE17 has two loopbacks, one used by LDP for IP-VPN traffic and a second one

used by RSVP-TE for IP-LER traffic.


avaya.com

Avaya and Cisco routers have another RTM (routing table management) implementation based on tunnels and defined on separate table, if not mixed with Juniper router a unique circuitless IP address is needed.

One network has been configured at customer edge/provider edge (172.16.<PE Id>.0/28) as follows.

V4

V12V8FE0/0/0

GE0/0/0

P4-M20P4-M20

P2-M20P2-M20 P3-M20P3-M20

V32

V36V16

V20

V24 V28PE13-M5PE13-M5

3/1Ethernet4/0/2

Only one CE, Networks are on PE Local interfaces (GRT)

Vlan id used. One network created using CE-PE addressing

FE0/0/0

CE13

M5

CE13

M5

FE0/0/1

OOB=47.162.99.14

fxp0.0

CE13

TS .135#4

PE10

C7500

PE10

C7500

PE17

8600

PE17PE17

86008600

N1 172.16.13.0/28 V120

N1 172.16.10.0/28 V110 N1 172.16.17.0/28 V110

CE-PE Link GRT

172.16.13.240/30 V110.241

.242

V110

Figure 9 : IP-LER Customer Edge


avaya.com

6. IP-LER Devices Configuration

This chapter details configuration on each device for IP-LER feature. Refer to chapter one for network view and IP address details.

Note – Configuration shown for Juniper and Cisco devices are extract of the configuration file for most relevant parameters. Main purpose is to show an example and not to explain all cli details for a specific hardware platform.

IP-LER feature does not request BGP, MBGP or VRF configuration. IP-LER has customer networks connected to Global Routing Table (GRT).

6.1 Juniper M20 – P routers

P routers don’t have a complex configuration as LSP will be configured on PEs. Protocol RSVP has to be configured and set on specific interfaces (Between P routers and between P-PE routers). Juniper implementation set hello interval to 9 seconds; it has to be modified to 10 to fit with Cisco and Avaya routers.

MPLS protocol must have no-cspf statement to disable Constrained Shortest Path First. CSPF algorithm is an advanced form of the shortest-path-first (SPF) algorithm used in OSPF and IS-IS route computations. CSPF is used in computing paths for LSPs that are subject to multiple constraints and used traffic engineering extension to IGP-TE (OSPF-TE, IS-IS-TE). Avaya ERS 8600 router does not support IGP-TE.

Note – The following example focus on RSVP-TE and LSP configuration, please refer to chapter two for global configuration. Following configuration extract has to be added to global configuration.

protocols {

rsvp {

interface fe-0/0/0.4 {

hello-interval 10;

}


hello-interval 10;

}


hello-interval 10;

}


hello-interval 10;

}

}

mpls {


avaya.com

no-cspf;

6.2 Juniper M5 – PE13 router

PE routers have a more complex configuration compared as P router. In fact primary and secondary LSPs are configured on PEs.

An interface is created as PE13 has a CE (CE13) connected to and network between is 172.16.13.241/30 using VLAN 110.

A static route is configured to send traffic to CE13. That’s a design choice, RIP or OSPF could have been used but due to the fact that a limited number of networks will have to be advertised, a static route is simpler.

RSVP protocol has to be configured and set on specific interfaces (between P-PE routers). Juniper implementation set hello interval to 9 seconds; it has to be modified to 10 to fit with Cisco and Avaya routers.

MPLS protocol must have no-cspf statement to disable Constrained Shortest Path First. CSPF algorithm is an advanced form of the shortest-path-first (SPF) algorithm used in OSPF and IS-IS route computations. CSPF is used in computing paths for LSPs that are subject to multiple constraints and used traffic engineering extension to IGP-TE (OSPF-TE, IS-IS-TE). Avaya ERS 8600 router does not support IGP-TE.

MPLS protocol defines LSP (label-switch-path statement). A source and a destination IP address are configured (circuitless IP addresses). The IP route is set in routing table (install … active statement). Bandwidth (10.000 bps) and description is set.

Adaptive statement creates reservation with Share Explicit (SE) style (this reservation style consists of shared reservations among explicit senders. By default reservation is using Fixed Filter (FF) style (this reservation style consists of distinct reservations among explicit senders.)

Primary and secondary LSP are configured with record route feature (route will be recorded when crossing a P/PE router using ERO, RRO objects). Finally LSP paths are set, primary path with strict mode and secondary with loose mode.

Standby statement will establish secondary LSP as well primary LSP (otherwise only one LSP will be established, backup will be bring up when primary breaks).


interfaces {

fe-0/0/1 {

vlan-tagging;

unit 110 {

vlan-id 110;

family inet {

address 172.16.13.241/30;

}

}

no-cspf;

label-switched-path PE13-PE17 {

from 172.16.254.13;

to 172.16.254.18;

install 172.16.17.0/28 active;

bandwidth 10k;

description "M5 to 8600";

adaptive;

primary P2-P4-PE17 {


avaya.com

}

routing-options {

graceful-restart;

static {

route 172.16.13.0/28 next-hop

172.16.13.242;

}

protocols {

rsvp {


hello-interval 10;

}


hello-interval 10;

}

}

mpls {

record;

}

secondary Loose-PE17 {

record;

standby;

}

}

path P2-P4-PE17 {

172.16.0.25 strict;

172.16.0.10 strict;

172.16.0.33 strict;

}

path Loose-PE17 {

172.16.254.18 loose;

}

}

6.3 Juniper M5 – CE13 router

CE13 is a CE router, so it does not contains MPLS or LSP configuration, only routing instance configuration, therefore configuration file is simpler compared to PE routers. Show configuration command starts with the definition of host name (CE13-M5).

Two interfaces are created, one as customer network (172.16.13.1/28 on VLAN 120) and a network to connect to PE13 (172.16.13.242/30) using VLAN 110.

A static route is configured to send traffic to PE13. That’s a design choice, RIP or OSPF could have been used but due to the fact that a limited number of networks will have to be advertised, a static route is simpler.

Note – The following example focus on IP configuration, please refer to chapter two for global configuration. Following configuration extract has to be added to global configuration.

interfaces {

fe-0/0/0 {

vlan-tagging;

unit 120 {

vlan-id 120;

family inet {

address 172.16.13.1/28;

}

}

unit 110 {

vlan-id 110;

family inet {

address 172.16.13.242/30;

}

}

}

}

routing-options {


avaya.com

}

fe-0/0/1 {

vlan-tagging;

static {

route 172.16.0.0/16 next-hop

172.16.13.241;

}

6.4 Cisco 7500 – PE10 router


Statement ―mpls traffic-eng tunnels‖ enables MPLS traffic engineering tunnel feature.

To configure a primary and a secondary LSP, both established, you have to configure two tunnels. You can configure a tunnel with one primary and several secondary LSP but only one will be established, all secondary’s will be established only when primary breaks.

Tunnel is an unnumbered interface using source IP address as circuitless (loopback0), destination is PE17 circuitless IP. Tunnel is encapsulated with MPLS protocol (tunnel mode mpls traffic-eng). Bandwidth configured is 10.000 bps. Then path to use is configured (P2-P3-PE17), with statement ―verbatim‖.

Verbatim Path Support feature allows network nodes to support Resource Reservation Protocol (RSVP) extensions without supporting Interior Gateway Protocol (IGP) extensions for traffic engineering (TE), thereby bypassing the topology database verification process.

A second tunnel is created for secondary LSP, configuration is similar to first tunnel except path to use (PE17-Loose).

Finally, Primary and secondary LSP are configured with record route feature (route will be recorded when crossing a P/PE router using ERO, RRO objects).

An interface is created as for customer network (172.16.10.1/30) on Ethernet4/0/2 using VLAN 110.

Protocol RSVP is enabled on interfaces, as well MPLS traffic engineering tunnel feature.

A IP route is configured to send IP traffic to tunnel, as we have two tunnels, we define two route statements with different priorities, to have traffic using primary LSP first. When primary LSP fails, traffic will be immediately redirected to secondary LSP as path already established.

Finally LSP paths are defined. One path in strict mode (for primary LSP), second one in loose mode (secondary LSP).


!

mpls traffic-eng tunnels

!

interface Tunnel1

description PE10-PE17

ip unnumbered Loopback0


ip address 172.16.10.1 255.255.255.240


no cdp enable

!

interface FastEthernet6/0/0


ip rsvp bandwidth


avaya.com

tunnel destination 172.16.254.18

tunnel mode mpls traffic-eng

tunnel mpls traffic-eng priority 7 7

tunnel mpls traffic-eng bandwidth 10

tunnel mpls traffic-eng path-option 1

explicit name P2-P3-PE17 verbatim

tunnel mpls traffic-eng record-route

!

interface Tunnel2

description PE10-PE17Bkup

ip unnumbered Loopback0


tunnel destination 172.16.254.18

tunnel mode mpls traffic-eng

tunnel mpls traffic-eng priority 7 7

tunnel mpls traffic-eng bandwidth 10

tunnel mpls traffic-eng path-option 1

explicit name PE17-Loose verbatim

tunnel mpls traffic-eng record-route

!



!



ip rsvp bandwidth

!



ip rsvp bandwidth

!

ip route 172.16.17.0 255.255.255.240

Tunnel1 10

ip route 172.16.17.0 255.255.255.240

Tunnel2 20

!

ip explicit-path name PE17-Loose enable

next-address loose 172.16.254.18

!

ip explicit-path name P2-P3-PE17 enable

next-address 172.16.0.17



6.5 Avaya ERS 8600 – PE17


Configuration steps to configure IP-LER on ERS 8600 are the following.

1. Customer Network definition 2. Circuitless for LSP 3. RSVP-TE configuration



avaya.com

6.5.1 Customer Network definition

The following command configure Customer Network (172.16.17.1/30) on interface 3/1 using VLAN 110.




6.5.2 Circuitless for LSP

Section 1.4 explains the reason for a second circuitless IP address. The following commands configure a new circuitless IP and advertised it by OSPF to be seen by remote PEs.

PE17:5# config ip circuitless-ip-int 5 create 172.16.254.18/32

PE17:5# config ip circuitless-ip-int 5 ospf enable

6.5.3 RSVP-TE configuration

Most part of IP-LER configuration is on RSVP-TE protocol. RSVP-TE protocol is enabled globally and on ―core‖ interfaces (PE to P interfaces). PHP is disabled (outer label remains at pen ultimate router). A resource is created; it is in fact bandwidth used which set to 10.000 bps.

Explicit path are created. Setup consists of two remote PEs (one to reach PE10 and a second to reach PE13), and these paths have protection (primary and secondary LSP), you have 4 paths in total (P3-P2-PE10, Loose-PE10, P4-P2-PE13 and Loose-PE13).

Then LSP are configured with paths and resource created. Record route feature is enabled (route will be recorded when crossing a P/PE router using ERO, RRO objects). LSP are enabled.

Finally you assign a static FEC (remote IP customer network) to the LSP. In our case we assign LSP ―PE17-PE10‖ to customer network on PE10 (172.16.10.0/30) and LSP ―PE17-PE13‖ to customer network on PE13 (172.16.13.0/30) .

PE17:5# config mpls rsvp state enable

PE17:5# config mpls rsvp php disabled

PE17:5# config vlan 32 ip mpls rsvp state enable

PE17:5# config vlan 36 ip mpls rsvp state enable

PE17:5# config mpls rsvp resource 1 create 10

PE17:5# config mpls rsvp explicit-path "P3-P2-PE10" hop 1 address 172.16.0.37 type

strict


strict


strict

PE17:5# config mpls rsvp explicit-path "Loose-PE10" hop 1 address 172.16.254.10



avaya.com

strict


strict


strict

PE17:5# config mpls rsvp explicit-path "Loose-PE13" hop 1 address 172.16.254.13

PE17:5# config mpls rsvp lsp "PE17-PE10" create destination 172.16.254.10 source

172.16.254.18

PE17:5# config mpls rsvp lsp "PE17-PE10" description "8600 to 7500"

PE17:5# config mpls rsvp lsp "PE17-PE10" primary create

PE17:5# config mpls rsvp lsp "PE17-PE10" primary explicit-path "P3-P2-PE10"

PE17:5# config mpls rsvp lsp "PE17-PE10" primary record-route enable

PE17:5# config mpls rsvp lsp "PE17-PE10" primary bandwidth 1

PE17:5# config mpls rsvp lsp "PE17-PE10" primary state enable

PE17:5# config mpls rsvp lsp "PE17-PE10" secondary create

PE17:5# config mpls rsvp lsp "PE17-PE10" secondary explicit-path "Loose-PE10"

PE17:5# config mpls rsvp lsp "PE17-PE10" secondary record-route enable

PE17:5# config mpls rsvp lsp "PE17-PE10" secondary bandwidth 1

PE17:5# config mpls rsvp lsp "PE17-PE10" secondary state enable

PE17:5# config mpls rsvp lsp "PE17-PE13" create destination 172.16.254.13 source

172.16.254.18

PE17:5# config mpls rsvp lsp "PE17-PE13" description "8600 to M5"

PE17:5# config mpls rsvp lsp "PE17-PE13" primary create

PE17:5# config mpls rsvp lsp "PE17-PE13" primary explicit-path "P4-P2-PE13"

PE17:5# config mpls rsvp lsp "PE17-PE13" primary record-route enable

PE17:5# config mpls rsvp lsp "PE17-PE13" primary bandwidth 1

PE17:5# config mpls rsvp lsp "PE17-PE13" primary state enable

PE17:5# config mpls rsvp lsp "PE17-PE13" secondary create

PE17:5# config mpls rsvp lsp "PE17-PE13" secondary explicit-path "Loose-PE13"

PE17:5# config mpls rsvp lsp "PE17-PE13" secondary record-route enable

PE17:5# config mpls rsvp lsp "PE17-PE13" secondary bandwidth 1

PE17:5# config mpls rsvp lsp "PE17-PE13" secondary state enable

PE17:5# config mpls rsvp static-ip create 172.16.10.0/32 lsp "PE17-PE10"

PE17:5# config mpls rsvp static-ip create 172.16.13.0/32 lsp "PE17-PE13"


avaya.com

Once reservation messages are exchanged between nodes, you have different commands to display RSVP information (info and summary). See RSVP-TE trace in appendix VI (PATH & RESV messages)

PE17:5# show mpls rsvp info

State : enabled

Penultimate Hop Pop: disabled

Hello Interval : 10

Message Bundling : enabled

Refresh Interval : 30

Refresh Multiplier : 3

Refresh Reduction : enabled

Tunnel Status Traps: disabled

PE17:5# show mpls rsvp summary

RSVP Version : 1

RSVP State : enabled

LSP Retry Timer : 3000

LSP Retry Limit : Infinite

LSP Decay Rate : 50

Penultimate Hop Pop: disabled

Protocol RSVP has been enabled globally but on ―core‖ interface, the following command displays RSVP interface information.

PE17:5# show mpls rsvp interface

Address : 172.16.0.33 ; Interface : Vlan 32

State : Up

Refresh Interval : 30 ; Refresh Multiplier : 3

Refresh Reduction : Enabled

Hello Interval : 10 Mtu : 1500

Message Bundling : Enabled


State : Up

Refresh Interval : 30 ; Refresh Multiplier : 3

Refresh Reduction : Enabled

Hello Interval : 10 Mtu : 1500

Message Bundling : Enabled

The following command displays the number of RSVP peers. In fact, this number will depend on the way LSPs are setup. To exchange hello messages an LSP has to be explicitly configured on a specific


avaya.com

interface. If an interface has RSVP enabled but no LSP is going through, then no hello messages will be exchanged. In our case we do use all interfaces; therefore hello messages are sent and received on two RSVP enabled interfaces.

PE17:5# show mpls rsvp neighbor


Rx Idle : 0:0:3

Hello State : up ; Hello rcvd/sent : 9524/9524


Rx Idle : 0:0:3

Hello State : up ; Hello rcvd/sent : 9523/9524

Total RSVP neighbors : 2

The following command displays RSVP resources.

PE17:5# show mpls rsvp resource

Index : 1 ; Bandwidth (Kbps) : 10

The following command displays explicit paths.

PE17:5# show mpls rsvp explicit-path

Path Name : P3-P2-PE10

Hops (S)Strict

(L)Loose : 172.16.0.37 (S)

172.16.0.5 (S)

172.16.0.18 (S)

Path Name : Loose-PE10

Hops (S)Strict

(L)Loose : 172.16.254.10 (L)

Path Name : P4-P2-PE13

Hops (S)Strict

(L)Loose : 172.16.0.34 (S)

172.16.0.9 (S)

172.16.0.26 (S)


avaya.com

Path Name : Loose-PE13

Hops (S)Strict

(L)Loose : 172.16.254.13 (L)

The following command displays LSP.

PE17:5# show mpls rsvp lsp

Destination : 172.16.254.10 ; Source : 172.16.254.18

LSP Name : PE17-PE10 ; LSP Id : 1 ;

Description : 8600 to 7500 ; Fast-reroute : disabled

Bandwidth : 0 (Kbps)

Primary : Explicit-path : P3-P2-PE10 ; Record-route : enabled

Bandwidth : 10 (Kbps) ; Admin State: up

Secondary : Explicit-path : Loose-PE10 ; Record-route : enabled



LSP Name : PE17-PE13 ; LSP Id : 2 ;

Description : 8600 to M5 ; Fast-reroute : disabled

Bandwidth : 10 (Kbps)

Primary : Explicit-path : P4-P2-PE13 ; Record-route : enabled


Secondary : Explicit-path : Loose-PE13 ; Record-route : enabled


Total RSVP LSPs : 2

The following command displays RSVP static FEC, that is remote PE’s Customer IP network .

PE17:5# show mpls rsvp static-ip

Dest/Mask : 172.16.10.0/255.255.255.240 ; Egress Addr/Mask : 172.16.254.10/255.

255.255.255

LSP Name : PE17-PE10 ; State : up

Dest/Mask : 172.16.13.0/255.255.255.240 ; Egress Addr/Mask : 172.16.254.13/255.


avaya.com

255.255.255

LSP Name : PE17-PE13 ; State : up

Note – RSVP static FEC do not appear in routing table. To have them displayed by ―show ip route info‖ command, networks have to be advertised by IGP.

Customer Network are normally not advertised by P routers (using OSPF), therefore local routing table will not display PE10 Customer network (172.16.10.0/30) or PE13 Customer network (172.16.13.0/30). That does not impact forwarding; traffic is correctly transported by LSP to PE10 or PE13.

PE17:5# show ip route info ip 172.16.10.0

================================================================================


================================================================================

NH INTER


--------------------------------------------------------------------------------


--------------------------------------------------------------------------------

TYPE Legend:

I=Indirect Route, D=Direct Route, A=Alternative Route, B=Best Route, E=Ecmp Route,


PROTOCOL Legend:v=Inter-VRF route redistributed

Forwarding does work because RSVP static FEC do appear in MPLS FTN table with Type ―rsvp-static‖. The following command displays MPLS FTN table.

PE17:5# show mpls ftn info

Dest/Mask : 172.16.10.0/255.255.255.240


Type : rsvp-static

Dest/Mask : 172.16.13.0/255.255.255.240


Type : rsvp-static

Previous show command were displaying what was configured, in order to display all active paths, use command ―show mpls rsvp paths‖. LSP can have three types, Ingress (LSP starts from this node), Transit (LSP transit on this node) or Egress (LSP ends to this node).


avaya.com

PE17:5# show mpls rsvp paths

Ingress LSP:


LSP Name : PE17-PE10 ; LSP Id : 1 State : up

Active Path : Primary




Total 2 Ingress sessions, Up 2, Down 0

Egress LSP :




LSP Name : PE10-PE17Bkup ; LSP Id : 2 State : up



Total 3 Egress sessions, Up 3, Down 0

Command shows 2 Ingress and 3 Egress. Only active LSP are displayed. PE17 (Avaya) and PE13 (Juniper) have the same configuration (one LSP with primary and secondary path established). However PE10 (Cisco) has two LSP configured (one for primary and one for secondary) to simulate Avaya/Juniper behavior. By default Cisco does not establish path for secondary LSP.

To display primary and secondary LSP paths use ―show mpls rsvp lsp‖ with detail option

PE17:5# show mpls rsvp paths detail

Ingress LSP:


LSP Name : PE17-PE10 ; LSP Id : 1 ; State : up ; Style : SE(2)

Total Up Time : 1 day(s), 04:39:02

Descr : 8600 to 7500 ; Fast-reroute : disabled


Primary LSP ID : 1 ; Admin State : up ; Oper State : up

Up Time : 1 day(s), 04:39:02


avaya.com

Out Port : Vlan 36 ; Out Label : 102752 ; Out Neighbor: 172.16.0.37

ERO : <172.16.0.38> ; RRO : <172.16.0.37> <172.16.0.5> <172.16.0.18>

Explicit Path : P3-P2-PE10 ; Bandwidth : 10 kbps ; Path MTU : 1500

Secondary LSP ID : 2 ; Admin State : up ; Oper State : up

Up Time : 1 day(s), 04:38:45


ERO : <172.16.0.33> ; RRO : <172.16.0.34> <172.16.0.21>

Explicit Path : Loose-PE10 ; Bandwidth : 10 kbps ; Path MTU : 1500




Descr : 8600 to M5 ; Fast-reroute : disabled



Up Time : 1 day(s), 04:38:32


ERO : <172.16.0.33> ; RRO : <172.16.0.34> <172.16.0.9> <172.16.0.26>



Up Time : 1 day(s), 04:38:45


ERO : <172.16.0.38> ; RRO : <172.16.0.37> <172.16.0.30>



Egress LSP :






avaya.com

Up Time : 1 day(s), 04:38:37

In Port : Vlan 36 ; In Label : 26 ; In Neighbor: 172.16.0.37

ERO : <172.16.0.18> <172.16.0.5> <172.16.0.37> ; RRO :

Tspec : rate 10 kbps, size 1000 b, peak 10 kbps, min 0, max 1500


LSP Name : PE10-PE17Bkup ; LSP Id : 2 ; State : up ; Style : SE(1)



Up Time : 1 day(s), 04:38:45


ERO : <172.16.0.21> <172.16.0.34> ; RRO :






Up Time : 0 day(s), 00:27:10


ERO : <172.16.0.26> <172.16.0.9> <172.16.0.34> ; RRO :



Up Time : 0 day(s), 00:26:41


ERO : <172.16.0.30> <172.16.0.37> ; RRO :



Command shows eight operational LSP (primary plus secondary), that’s what has been configured.


avaya.com

7. IP-LER traffic flow

This chapter explains what is the mechanism to classify and encapsulate traffic on each node of the network and how forwarding is achieved when traffic is sent from one customer network to another one, that is crossing MPLS network.

7.1 Traffic flow from PE17 to PE10

Traffic goes from Avaya ERS 8600 router to Cisco 7500 router.


7.1.1 PE17 node, UDP traffic from traffic generator.

To generate traffic across PEs, we use a traffic generator to simulate IP traffic. Traffic generator has two ports connected to PEs, each one sending traffic to have a bidirectional flow.

Note – ping command will not generate an MPLS frame as we used for IP-VPN feature. Reason being traffic is coming from GRT and not from VRF (IP-VPN traffic) and will be sent directly as IP traffic.

First flow is sent from IP address 172.16.17.2 to destination IP 172.16.10.2 using UDP source and destination port 4000. Second flow is sent from IP address 172.16.10.2 to destination IP 172.16.17.2 using UDP source and destination port 4100.

Based on configuration, traffic should use configured path ―PE17-PE10‖, to display path use the following command:

PE17:5# show mpls rsvp paths name PE17-PE10

Ingress LSP:




Descr : 8600 to 7500 ; Fast-reroute : disabled



Up Time : 0 day(s), 01:27:21


ERO : <172.16.0.38> ; RRO : <172.16.0.37> <172.16.0.5> <172.16.0.18>



avaya.com


Up Time : 0 day(s), 01:27:21


ERO : <172.16.0.33> ; RRO : <172.16.0.34> <172.16.0.21>



Primary path is active for Ingress LSP (LSP starts on PE17), traffic is sent to neighbor 172.16.0.37 on VLAN 36 with label 102880. Then it will be sent to neighbor 172.16.0.5, and finally to neighbor 172.16.0.18.

Traffic is captured on ERS 8600 port 3/48. A sniffer is connected to port 3/30 configured for port mirroring.



The UDP traffic captured on sniffer has the following format.



(00:90:69:8c:a4:00)

802.1Q Virtual LAN

000. .... .... .... = Priority: 0

...0 .... .... .... = CFI: 0

.... 0000 0010 0100 = ID: 36



MPLS Label: 102880



MPLS TTL: 255


Version: 4



Total Length: 110

Identification: 0x02cd (717)

Flags: 0x00

Fragment offset: 0

Time to live: 63


avaya.com

Protocol: UDP (0x11)

Header checksum: 0x058e [correct]

Source: 172.16.17.2 (172.16.17.2)

Destination: 172.16.10.2 (172.16.10.2)

User Datagram Protocol, Src Port: 4000 (4000), Dst Port: 4000 (4000)

Source port: 4000 (4000)

Destination port: 4000 (4000)

Length: 90

Checksum: 0x0000 (none)

Data (82 bytes)

Trace shows MPLS encapsulation (0x8847) with one MPLS labels (102880), S informs about bottom of stack (S=1 as only one label). Frame has a VLAN tag, value is 36, we also see source (172.16.17.2) and destination (172.16.10.2) IP addresses, UDP ports (4000) and ERS 8600 & Juniper P3 MAC addresses.

To find what is the path taken to reach final destination (172.16.10.0 in GRT), routing table on PE17 is queried with the following parameters:


================================================================================


================================================================================

NH INTER


--------------------------------------------------------------------------------


--------------------------------------------------------------------------------

TYPE Legend:


e,


PROTOCOL Legend:


As mentioned in section 4.5.3, RSVP static FEC does not appear in routing table when not advertised by IGP.



avaya.com

To display the MPLS FTN table, use the following command.


Dest/Mask : 172.16.10.0/255.255.255.240


Type : rsvp-static


Traffic will be sent to next-hop 172.16.0.37, that is P3, with label 102880 on vlan 36.





Restart Complete


102880 *[RSVP/7] 01:22:24, metric 1

> to 172.16.0.5 via ge-0/0/0.4, label-switched-path PE17-PE10

Frame is sent to next hop 172.16.0.5 (via ge-0/0/0.4), that is to P2 on VLAN 4. It uses a pre defined path ―PE17-PE10‖ setup by RSVP. The following command displays path and find label used to reach P2.

admin@P3-M20> show mpls lsp name PE17-PE10

Ingress LSP: 0 sessions

Total 0 displayed, Up 0, Down 0

Egress LSP: 0 sessions


Transit LSP: 4 sessions

To From State Rt Style Labelin Labelout LSPname

172.16.254.10 172.16.254.18 Up 1 1 SE 102880 102736 PE17-PE10



avaya.com

Frame is sent to next hop 172.16.0.5 (P2) with label 102736.

The command ―show mpls lsp name <LSP name>‖ has an option to display extensive information, use detail parameter

admin@P3-M20> show mpls lsp name PE17-PE10 detail






172.16.254.10

From: 172.16.254.18, LSPstate: Up, ActiveRoute: 1

LSPname: PE17-PE10

Suggested label received: -, Suggested label sent: -

Recovery label received: 102880, Recovery label sent: 102736

Resv style: 1 SE, Label in: 102880, Label out: 102736

Time left: 154, Since: Tue Jul 15 13:06:16 2008

Tspec: rate 10kbps size 8kbps peak 10kbps m 20 M 1500

Port number: sender 1 receiver 1 protocol 0

PATH rcvfrom: 172.16.0.38 (ge-0/0/0.36) 475 pkts

Adspec: received MTU 1500 sent MTU 1500

PATH sentto: 172.16.0.5 (ge-0/0/0.4) 354 pkts

RESV rcvfrom: 172.16.0.5 (ge-0/0/0.4) 353 pkts

Explct route: 172.16.0.5 172.16.0.18

Record route: 172.16.0.38 <self> 172.16.0.5 172.16.0.18



P2 receives an MPLS frame with label 102736. The following command displays the next hop for this label



Restart Complete



avaya.com

102736 *[RSVP/7] 02:05:58, metric 1

> to 172.16.0.18 via fe-0/0/0.16, label-switched-path PE17-PE10

102736(S=0) *[RSVP/7] 02:05:58, metric 1


Frame is sent to next hop 172.16.0.18 (via fe-0/0/0.16), that is to PE10 on VLAN 16. It uses a pre defined path ―PE17-PE10‖ setup by RSVP. To display path and find label used to reach PE10, we have to use the following command.








172.16.254.10 172.16.254.18 Up 1 1 SE 102736 0 PE17-PE10


Command ―show mpls lsp name <LSP name>‖ has an option to display extensive information, use detail parameter.

Frame is sent to next hop 172.16.0.18 (PE10) with null (0) label.

Note – Even though PHP is configured by default for implicit-null, Cisco router will use null label to preserve Quality of Service (QOS) information in MPLS EXP bits. This happens when an MPLS packet arriving at the penultimate hop has only one label. In this case, the penultimate LSR and the edge LSR do not have access to the EXP value that the packet carried before the MPLS header was removed. To preserve the EXP value in this case, the edge LSR needs to advertise an explicit NULL label (a label value of zero). The penultimate hop forwards MPLS packets with a NULL label instead of forwarding IP packets.

7.1.4 PE10 node, MPLS null (0) label

PE10 receives an MPLS frame with null (0) label. This is a reserved label, router will remove it and process IP frame. PE10 is an Egress LSP router, use ―show mpls traffic-eng tunnels role tail‖ to display LSP information.

PE10# show mpls traffic-eng tunnels role tail

LSP Tunnel PE17-PE10 is signalled, connection is up

InLabel : FastEthernet6/0/0.16, implicit-null


avaya.com

OutLabel : -

RSVP Signalling Info:

Src 172.16.254.18, Dst 172.16.254.10, Tun_Id 1, Tun_Instance 1

RSVP Path Info:

My Address: 172.16.0.18

Explicit Route: NONE

Record Route: 172.16.0.17 172.16.0.6 172.16.0.38

Tspec: ave rate=10 kbits, burst=1000 bytes, peak rate=10 kbits

RSVP Resv Info:

Record Route: NONE

Fspec: ave rate=10 kbits, burst=1000 bytes, peak rate=10 kbits

LSP Tunnel PE17-PE10 is signalled, connection is up

InLabel : FastEthernet6/0/0.20, implicit-null

OutLabel : -



RSVP Path Info:

My Address: 172.16.254.10

Explicit Route: NONE

Record Route: 172.16.0.22 172.16.0.33


RSVP Resv Info:

Record Route: NONE


Command shows all details for primary and secondary LSP, source and destination IP addresses, ERO (none as Egress LSP), RRO, Tspec and Fspec.

MPLS encapsulation is removed, IP frame is then processed based on routing table (destination IP address is 172.16.10.2) send to an Ethernet interface.

PE10# show ip route 172.16.10.0


Known via "connected", distance 0, metric 0 (connected, via interface)


* directly connected, via Ethernet4/0/2.110


Frame is sent to local (directly connected) interface Ethernet4/0/2 with VLAN 110. That is to the traffic generator. To display traffic generator MAC address use ―shop ip arp‖ command


avaya.com

PE10# show ip arp 172.16.10.2

Protocol Address Age (min) Hardware Addr Type Interface

Internet 172.16.10.2 200 0000.0000.0100 ARPA Ethernet4/0/2.110

Traffic generator MAC address is 00:00:00:00:01:00 on interface Ethernet4/0/2 for VLAN 110.

Traffic generator is also injecting traffic on this interface (referred as second flow). Traffic is sent from IP address 172.16.10.2 to destination IP 172.16.17.2 using UDP source and destination port 4100. Based on routing table

PE10# show ip route 172.16.17.0


Known via "static", distance 10, metric 0 (connected)


* directly connected, via Tunnel1


Flow is sent to Tunnel1, that’s what has been configured. Two active LSP has been provisioned, one for primary (Tunnel1) and a second one for secondary (Tunnel2. Two active LSP as opposed to one active LSP with protection). To display Ingress LSP use the following command.

PE10# show mpls traffic-eng tunnels role head

Name: PE10-PE17 (Tunnel1) Destination: 172.16.254.18

Status:

Admin: up Oper: up Path: valid Signalling: connected

path option 1, type explicit (verbatim) P2-P3-PE17 (Basis for Setup, path weight

0)

Config Parameters:

Bandwidth: 10 kbps (Global) Priority: 7 7 Affinity: 0x0/0xFFFF

Metric Type: TE (default)

AutoRoute: disabled LockDown: disabled Loadshare: 10 bw-based

auto-bw: disabled

Active Path Option Parameters:

State: explicit path option 1 is active

BandwidthOverride: disabled LockDown: disabled Verbatim: enabled

InLabel : -

OutLabel : FastEthernet6/0/0.16, 102784


avaya.com



RSVP Path Info:

My Address: 172.16.254.10

Explicit Route: 172.16.0.17 172.16.0.6 172.16.0.38

Record Route:


RSVP Resv Info:

Record Route: 172.16.0.17 172.16.0.6 172.16.0.38


History:

Tunnel:

Time since created: 5 days, 23 hours, 2 minutes

Time since path change: 4 hours, 17 minutes

Number of LSP IDs (Tun_Instances) used: 5

Current LSP:

Uptime: 4 hours, 17 minutes

Selection: reoptimization

Prior LSP:

ID: path option 1 [4]

Removal Trigger: path error

Name: PE10-PE17Bkup (Tunnel2) Destination: 172.16.254.18

Status:

Admin: up Oper: up Path: valid Signalling: connected

path option 1, type explicit (verbatim) PE17-Loose (Basis for Setup, path we

ight 0)

Config Parameters:

Bandwidth: 10 kbps (Global) Priority: 7 7 Affinity: 0x0/0xFFFF

Metric Type: TE (default)

AutoRoute: disabled LockDown: disabled Loadshare: 10 bw-based

auto-bw: disabled

Active Path Option Parameters:

State: explicit path option 1 is active

BandwidthOverride: disabled LockDown: disabled Verbatim: enabled


avaya.com

InLabel : -

OutLabel : FastEthernet6/0/0.20, 102704



RSVP Path Info:

My Address: 172.16.254.10

Explicit Route: 172.16.0.22 172.16.254.18*

Record Route:


RSVP Resv Info:

Record Route: 172.16.0.22 172.16.0.33


History:

Tunnel:

Time since created: 5 days, 23 hours, 2 minutes

Time since path change: 4 hours, 16 minutes

Number of LSP IDs (Tun_Instances) used: 194

Current LSP:

Uptime: 4 hours, 16 minutes

Selection: reoptimization

Prior LSP:

ID: path option 1 [72]

Removal Trigger: path error

The following command displays the label from the label information base.

PE10# show mpls forwarding-table 172.16.17.0 detail



17 Untagged 172.16.17.0/28 0 Tu1 point2point

MAC/Encaps=18/22, MRU=1508, Tag Stack{102784}, via Fa6/0/0.16

009069872C00001014C7D0C0810000108847 19180000

No output feature configured

Traffic will be sent to next-hop 172.16.0.17 (interface FastEthernet6/0/0 on VLAN 16), that is P2, with label 102784.


avaya.com





Restart Complete


102784 *[RSVP/7] 20:52:18, metric 1


Frame is sent to next hop 172.16.0.6 (via fe-0/0/0.4), that is to P3 on VLAN 4. It uses a pre defined path ―PE17-PE10‖ setup by RSVP. The following command displays the path and find label used to reach P3.








172.16.254.18 172.16.254.10 Up 1 1 SE 102784 102912 PE10-PE17



Command ―show mpls lsp name <LSP name>‖ has an option to display extensive information, use detail parameter








avaya.com

172.16.254.18


LSPname: PE10-PE17


Recovery label received: -, Recovery label sent: 102912





PATH rcvfrom: 172.16.0.18 (fe-0/0/0.16) 2496 pkts


PATH sentto: 172.16.0.6 (fe-0/0/0.4) 1871 pkts

RESV rcvfrom: 172.16.0.6 (fe-0/0/0.4) 1866 pkts

Explct route: 172.16.0.6 172.16.0.38




P3 receives an MPLS frame with label 102912. The following command displays the next hop for this label



Restart Complete


102912 *[RSVP/7] 20:58:53, metric 1

> to 172.16.0.38 via ge-0/0/0.36, label-switched-path PE10-PE17

Frame is sent to next hop 172.16.0.38 (via ge-0/0/0.36), that is to PE17 on VLAN 36. It uses a pre defined path ―PE10-PE17‖ setup by RSVP. The following command displays the path and find label used to reach PE17.







avaya.com



172.16.254.18 172.16.254.10 Up 1 1 SE 102912 18 PE10-PE17



Frame is sent to next hop 172.16.0.38 (PE17) with label 18.

Note – MPLS frame has one label, P router replaced label due to PHP configuration on PE17 (disabled).


PE17 receives an MPLS frame with label 18. The following command displays the next hop for this label.





Basically it means that frame has to be processed, router will remove it and process IP frame. PE17 is an Egress LSP router, use ―show mpls rsvp paths type egress‖ to display LSP information.

PE17:5# show mpls rsvp paths type egress

Egress LSP :









avaya.com

We have three LSPs, the following command displays detailed information for path PE10-PE17.


Egress LSP :





Up Time : 0 day(s), 21:17:02


ERO : <172.16.0.18> <172.16.0.5> <172.16.0.37> ; RRO :



Command shows all details for LSP, source and destination IP addresses, ERO, RRO and Tspec

MPLS encapsulation is removed; IP frame is then processed based on routing table (destination IP address 172.16.17.2) and sent to an Ethernet interface.


================================================================================


================================================================================

NH INTER


--------------------------------------------------------------------------------

172.16.17.0 255.255.255.240 172.16.17.1 - 1 110 LOC 0 DB 0


--------------------------------------------------------------------------------

TYPE Legend:


e,


PROTOCOL Legend:



avaya.com

Frame is sent to a local interface on VLAN 110. That is to the traffic generator. To display traffic generator MAC address use the ―show ip arp‖ command.

PE17:5# show ip arp info 172.16.17.2

================================================================================

IP Arp - GlobalRouter

================================================================================


--------------------------------------------------------------------------------

172.16.17.2 00:00:00:00:01:04 110 3/19 DYNAMIC 2132


Traffic generator MAC address is 00:00:00:00:01:04 on port 3/19 for VLAN 110.

Sniffer trace confirms UDP traffic with MPLS label 18.



(00:80:2d:35:92:02)

802.1Q Virtual LAN

000. .... .... .... = Priority: 0

...0 .... .... .... = CFI: 0

.... 0000 0010 0100 = ID: 36



MPLS Label: 18



MPLS TTL: 253


Version: 4



Total Length: 110

Identification: 0x02d7 (727)

Flags: 0x00

Fragment offset: 0

Time to live: 63


avaya.com



Source: 172.16.10.2 (172.16.10.2)

Destination: 172.16.17.2 (172.16.17.2)




Length: 90


Data (82 bytes)

7.2 Traffic flow from PE17 to CE13

Traffic goes from Avaya ERS 8600 router to Juniper M5 router.


7.2.1 PE17 node, UDP traffic from traffic generator.

To generate traffic across PEs, we use a traffic generator to simulate IP traffic. Traffic generator has two ports connected to PEs, each one sending traffic to have a bidirectional flow.

Note – ping command will not generate an MPLS frame as we used for IP-VPN feature. Reason being traffic is coming from GRT and not from VRF (IP-VPN traffic) and will be sent directly as IP traffic.

First flow is sent from IP address 172.16.17.3 to destination IP 172.16.13.3 using UDP source and destination port 5000. Second flow is sent from IP address 172.16.13.3 to destination IP 172.16.17.3 using UDP source and destination port 5100.

Based on configuration, traffic should use configured path ―PE17-PE13‖, to display path use the following command


Ingress LSP:




Descr : 8600 to M5 ; Fast-reroute : disabled



avaya.com


Up Time : 0 day(s), 21:52:52


ERO : <172.16.0.33> ; RRO : <172.16.0.34> <172.16.0.9> <172.16.0.26>



Up Time : 0 day(s), 21:52:52


ERO : <172.16.0.38> ; RRO : <172.16.0.37> <172.16.0.30>



Primary path is active for Ingress LSP (LSP starts on PE17), traffic is sent to neighbor 172.16.0.34 on VLAN 32 with label 102640. Then it will be sent to neighbor 172.16.0.9, and finally to neighbor 172.16.0.26.

Traffic is captured on ERS 8600 port 3/48. A sniffer is connected to port 3/30 configured for port mirroring.



The UDP traffic captured on sniffer has the following format.



(00:90:69:87:24:00)

802.1Q Virtual LAN

000. .... .... .... = Priority: 0

...0 .... .... .... = CFI: 0

.... 0000 0010 0000 = ID: 32



MPLS Label: 102640



MPLS TTL: 255


Version: 4



avaya.com


Total Length: 110

Identification: 0x0398 (920)

Flags: 0x00

Fragment offset: 0

Time to live: 63


Header checksum: 0x01c1 [correct]

Source: 172.16.17.3 (172.16.17.3)

Destination: 172.16.13.3 (172.16.13.3)




Length: 90


Data (82 bytes)

Trace shows MPLS encapsulation (0x8847) with one MPLS labels (102640), S informs about bottom of stack (S=1 as only one label). Frame has a VLAN tag, value is 32, we also see source (172.16.17.3) and destination (172.16.10.3) IP addresses, UDP ports (5000) and ERS 8600 & Juniper P4 MAC addresses

To find what is the path taken to reach final destination (172.16.13.0 in GRT), routing table on PE17 is queried with the following parameters:


================================================================================


================================================================================

NH INTER


--------------------------------------------------------------------------------


--------------------------------------------------------------------------------

TYPE Legend:


e,


PROTOCOL Legend:



avaya.com

As mentioned in section 4.5.3, RSVP static FEC does not appear in routing table when not advertised by IGP.


To display the FTN table, use the following command.


Dest/Mask : 172.16.13.0/255.255.255.240


Type : rsvp-static


Traffic will be sent to next-hop 172.16.0.34, that is P4, with label 102640 on vlan 32.





Restart Complete


102640 *[RSVP/7] 21:58:09, metric 1


Frame is sent to next hop 172.16.0.9 (via fe-0/0/0.8), that is to P2 on VLAN 8. It uses a pre defined path ―PE17-PE13‖ setup by RSVP. The following command displays the label used to reach P2.









avaya.com

172.16.254.13 172.16.254.18 Up 1 1 SE 102640 102752 PE17-PE13










172.16.254.13


LSPname: PE17-PE13











Explct route: 172.16.0.9 172.16.0.26




avaya.com


P2 receives an MPLS frame with label 102752. The following command displays the next hop for this label.



Restart Complete


102752 *[RSVP/7] 22:02:16, metric 1


102752(S=0) *[RSVP/7] 22:02:16, metric 1


Frame is sent to next hop 172.16.0.26 (via fe-0/0/0.24), that is to PE13 on VLAN 24. It uses a pre defined path ―PE17-PE13‖ setup by RSVP. The following command displays the label used to reach PE13.








172.16.254.13 172.16.254.18 Up 1 1 SE 102752 3 PE17-PE13



Frame is sent to next hop 172.16.0.26 (PE13) with label 3. Label 3 is a reserved label advertised by PE13 based on PE PHP configuration (implicit-null).

Note – When label 3 is advertised, the penultimate-hop router removes the label and sends the packet to the egress router. Juniper recommends using ultimate-hop popping, label 0 (IP version 4 [IPv4] Explicit Null label). Ultimate-hop popping ensures that any packets traversing an MPLS network include a label.

Juniper Networks routers queue packets based on the incoming label. Routers from other vendors might queue packets differently. Keep this in mind when working with networks containing routers from multiple vendors.


avaya.com

Frame forwarded to PE13 will not be an MPLS frame but an IP frame with destination address 172.16.13.3


PE13 is an Egress LSP router, use ―show mpls lsp egress detail‖ to display LSP information.

admin@PE13-M5> show mpls lsp egress detail


172.16.254.13


LSPname: PE17-PE13


Recovery label received: 3, Recovery label sent: -

Resv style: 1 SE, Label in: 3, Label out: -





Adspec: received MTU 1500

PATH sentto: localclient

RESV rcvfrom: localclient

Record route: 172.16.0.33 172.16.0.10 172.16.0.25 <self>

172.16.254.13


LSPname: PE17-PE13


Recovery label received: 3, Recovery label sent: -

Resv style: 1 SE, Label in: 3, Label out: -





Adspec: received MTU 1500

PATH sentto: localclient


avaya.com

RESV rcvfrom: localclient

Record route: 172.16.0.38 172.16.0.29 <self>


Command shows all details for primary and secondary LSP, source and destination IP addresses, ERO (none as Egress LSP), RRO, Tspec and Fspec.

As PHP is configured for implicit-null (no MPLS label between P-PE), IP frame is then processed based on routing table (destination IP address is 172.16.13.3) and sent to an Ethernet interface.

admin@PE13-M5> show route 172.16.13.0

inet.0: 26 destinations, 26 routes (26 active, 0 holddown, 0 hidden)

Restart Complete


172.16.13.0/28 *[Static/5] 2w0d 00:25:55

> to 172.16.13.242 via fe-0/0/1.110

Frame is sent to next hop 172.16.13.242 (static route is configured to forward to CE13), that is CE13 on interface fe-0/0/1 with VLAN 110.

7.2.5 CE13 node, destination IP address 172.16.13.3

CE13 receives an IP frame with destination address 172.16.13.3. The following command displays the next hop for this address

admin@CE13-M5> show route 172.16.13.0



172.16.13.0/28 *[Direct/0] 1w5d 23:53:47

> via fe-0/0/0.120

Frame is sent to local (direct) interface fe-0/0/0 with VLAN 120. That is to the traffic generator. To display traffic generator MAC address use ―shop ip arp‖ command

admin@CE13-M5> show arp | match 172.16.13.3

00:00:00:00:01:02 172.16.13.3 172.16.13.3 fe-0/0/0.120

Traffic generator MAC address is 00:00:00:00:01:02 on interface fe-0/0/0 for VLAN 120.

Traffic generator is also injecting traffic on this interface (referred as second flow). Traffic is sent from IP address 172.16.13.3 to destination IP 172.16.17.3 using UDP source and destination port 5100. The following command displays the routing table .


avaya.com

admin@CE13-M5> show route 172.16.17.0



172.16.0.0/16 *[Static/5] 2w0d 00:48:57

> to 172.16.13.241 via fe-0/0/1.110

Frame is sent to next hop 172.16.13.241 (static route is configured to forward to PE13), that is PE13 on interface fe-0/0/1 with VLAN 110.


PE13 receives an IP frame with destination address 172.16.17.3. The following command displays the next hop for this address.

admin@PE13-M5> show route 172.16.17.0


Restart Complete


172.16.17.0/28 *[RSVP/7] 23:40:00, metric 12

> to 172.16.0.25 via fe-0/0/0.24, label-switched-path

PE13-PE17

to 172.16.0.29 via fe-0/0/0.28, label-switched-path

PE13-PE17

Frame is sent to next hop 172.16.0.25 (via fe-0/0/0.24), that is to P2 on VLAN 24. It uses a pre defined path ―PE13-PE17‖ setup by RSVP (that’s what we have configured). We have provisioned LSP with a primary (P2-P4-PE17) and a secondary (Loose-PE17) path. To display Ingress LSP use the following command.

admin@PE13-M5> show mpls lsp ingress detail


172.16.254.18

From: 172.16.254.13, State: Up, ActiveRoute: 1, LSPname: PE13-PE17

Description: M5 to 8600

ActivePath: P2-P4-PE17 (primary)

LoadBalance: Random

Encoding type: Packet, Switching type: Packet, GPID: IPv4


avaya.com

*Primary P2-P4-PE17 State: Up

Bandwidth: 10kbps

SmartOptimizeTimer: 180

Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt):

172.16.0.25 172.16.0.10 172.16.0.33

Standby Loose-PE17 State: Up

Bandwidth: 10kbps

SmartOptimizeTimer: 180

Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt):

172.16.0.29 172.16.0.38


The following command displays the allocated MPLS labels by RSVP.

admin@PE13-M5> show rsvp session ingress detail

Ingress RSVP: 2 sessions

172.16.254.18


LSPname: PE13-PE17, LSPpath: Primary



Resv style: 1 SE, Label in: -, Label out: 102768

Time left: -, Since: Fri Jul 11 16:56:03 2008

Tspec: rate 10kbps size 10kbps peak Infbps m 20 M 1500


PATH rcvfrom: localclient

Adspec: sent MTU 1500

Path MTU: received 1500



Explct route: 172.16.0.25 172.16.0.10 172.16.0.33

Record route: <self> 172.16.0.25 172.16.0.10 172.16.0.33

172.16.254.18


LSPname: PE13-PE17, LSPpath: Secondary


avaya.com



Resv style: 1 SE, Label in: -, Label out: 102896

Time left: -, Since: Fri Jul 11 16:56:32 2008



PATH rcvfrom: localclient

Adspec: sent MTU 1500

Path MTU: received 1500



Explct route: 172.16.0.29 172.16.254.18

Record route: <self> 172.16.0.29 172.16.0.38


Traffic will be sent to next-hop 172.16.0.25 (interface fe-0/0//0 on VLAN 24), that is P2, with label 102768.





Restart Complete


102768 *[RSVP/7] 1d 00:08:26, metric 1


Frame is sent to next hop 172.16.0.10 (via fe-0/0/0.8), that is to P4 on VLAN 8. It uses a pre defined path ―PE13-PE17‖ setup by RSVP. The following command displays the path and find label used to reach P4.








avaya.com


172.16.254.18 172.16.254.13 Up 1 1 SE 102768 102656 PE13-PE17










172.16.254.18


LSPname: PE13-PE17, LSPpath: Primary




Time left: 143, Since: Fri Jul 11 16:11:12 2008







Explct route: 172.16.0.10 172.16.0.33




avaya.com


P4 receives an MPLS frame with label 102656. The following command displays the next hop for this label.



Restart Complete


102656 *[RSVP/7] 1d 00:13:26, metric 1


Frame is sent to next hop 172.16.0.33 (via fe-0/0/0.32), that is to PE17 on VLAN 32. It uses a pre defined path ―PE13-PE17‖ setup by RSVP. T the following command displays the path and finds the label used to reach PE17.








172.16.254.18 172.16.254.13 Up 1 1 SE 102656 16 PE13-PE17



Frame is sent to next hop 172.16.0.33 (PE17) with label 16.

Note – MPLS frame has one label, P router replaced label due to PHP configuration on PE17 (disabled).


avaya.com


PE17 receives an MPLS frame with label 16. The following command displays the next hop for this label.





Basically it means that the frame has to be processed, the router will remove it and process IP frame. PE17 is an Egress LSP router, use ―show mpls rsvp paths type egress‖ to display LSP information.

PE17:5# show mpls rsvp paths type egress

Egress LSP :








We have three LSPs, the following command displays the detailed information for path PE13-PE17.


Egress LSP :





Up Time : 1 day(s), 00:21:34


ERO : <172.16.0.26> <172.16.0.9> <172.16.0.34> ; RRO :



avaya.com


Up Time : 1 day(s), 00:21:34


ERO : <172.16.0.30> <172.16.0.37> ; RRO :



Command shows all details for LSP, source and destination IP addresses, ERO, RRO and Tspec

MPLS encapsulation is removed, IP frame is then processed based on routing table (destination IP address 172.16.17.2) and sent to an Ethernet interface.


================================================================================


================================================================================

NH INTER


--------------------------------------------------------------------------------

172.16.17.0 255.255.255.240 172.16.17.1 - 1 110 LOC 0 DB 0


--------------------------------------------------------------------------------

TYPE Legend:


e,


PROTOCOL Legend:


Frame is sent to a local interface on VLAN 110. That is to the traffic generator. To display traffic generator MAC address use the ― show ip arp‖ command.

PE17:5# show ip arp info 172.16.17.3

================================================================================

IP Arp - GlobalRouter

================================================================================


--------------------------------------------------------------------------------


avaya.com

172.16.17.3 00:00:00:00:01:05 110 3/19 DYNAMIC 2153


Traffic generator MAC address is 00:00:00:00:01:05 on port 3/19 for VLAN 110.

Back on sniffer trace, we do see UDP traffic with MPLS label 16.



(00:80:2d:35:92:01)

802.1Q Virtual LAN

000. .... .... .... = Priority: 0

...0 .... .... .... = CFI: 0

.... 0000 0010 0000 = ID: 32



MPLS Label: 16



MPLS TTL: 60


Version: 4



Total Length: 110

Identification: 0x0364 (868)

Flags: 0x00

Fragment offset: 0

Time to live: 63


Header checksum: 0x01f5 [correct]

Source: 172.16.13.3 (172.16.13.3)

Destination: 172.16.17.3 (172.16.17.3)




Length: 90


Data (82 bytes)


avaya.com

8. Software Baseline

Software revision 5.0 or higher is required.


avaya.com

9. Reference Documentation

(Identify reference documentation such as Technical Pubs and Engineering Guidelines)

Document Title Publication Number

Description

Configuration – IP-VPN NN46205-520

(323790-A)

Configuration – MPLS Services NN46205-519

(323614-1)

Configuration — BGP Services NN46205-510

Border Gateway Protocol (BGP-4) Technical Configuration Guide

NN48500-538

(314721-F)

IP-VPN for ERS 8600 Technical Configuration Guide

NN48500-559

IP-VPN-Lite for ERS 8600 Technical Configuration Guide

NN48500-562

Technical Configuration Guide for VRF-lite for Ethernet Routing Switch 8600

NN48500-570


avaya.com

10. APPENDIX I – LDP trace

The following sniffer trace is between P17 (Avaya ERS 8600) and P3 (Juniper M20). It is an LDP label mapping message (defined in RFC 5058. TCP/IP frame port 646). LSR Id 172.16.254.17:0 advertise label 22 for Forwarding Equivalent Class (FEC) 172.16.254.10/32



(00:90:69:8c:a4:00)

802.1Q Virtual LAN

Internet Protocol, Src: 172.16.254.17 (172.16.254.17), Dst: 172.16.254.3

(172.16.254.3)

Transmission Control Protocol, Src Port: 49162 (49162), Dst Port: 646 (646), Seq: 137,

Ack: 71, Len: 38

Label Distribution Protocol

Version: 1

PDU Length: 34

LSR ID: 172.16.254.17 (172.16.254.17)

Label Space ID: 0

Label Mapping Message

0... .... = U bit: Unknown bit not set

Message Type: Label Mapping Message (0x400)

Message Length: 24

Message ID: 0x80000002

Forwarding Equivalence Classes TLV

00.. .... = TLV Unknown bits: Known TLV, do not Forward (0x00)

TLV Type: Forwarding Equivalence Classes TLV (0x100)

TLV Length: 8

FEC Elements

FEC Element 1

FEC Element Type: Prefix FEC (2)

FEC Element Address Type: IPv4 (1)

FEC Element Length: 32

Prefix: 172.16.254.10

Generic Label TLV


TLV Type: Generic Label TLV (0x200)

TLV Length: 4

Generic Label: 22


avaya.com

The following sniffer trace is between P17 (Avaya ERS 8600) and P3 (Juniper M20). It is an LDP address mapping message (defined in RFC 5058. TCP/IP frame port 646). LSR Id 172.16.254.17:0 advertise all its local interface from Global Routing Table (GRT).



(00:90:69:8c:a4:00)

802.1Q Virtual LAN


(172.16.254.3)

Transmission Control Protocol, Src Port: 49162 (49162), Dst Port: 646 (646), Seq: 55,

Ack: 71, Len: 44

Label Distribution Protocol

Version: 1

PDU Length: 40

LSR ID: 172.16.254.17 (172.16.254.17)

Label Space ID: 0

Address Message

0... .... = U bit: Unknown bit not set

Message Type: Address Message (0x300)

Message Length: 30

Message ID: 0x80000000

Address List TLV


TLV Type: Address List TLV (0x101)

TLV Length: 22

Address Family: IPv4 (1)

Addresses

Address 1: 172.16.0.33

Address 2: 172.16.0.38

Address 3: 172.16.17.1

Address 4: 172.16.254.17

Address 5: 172.16.254.18


avaya.com

11. APPENDIX II – MPLSPING trace

The following sniffer trace is between P17 (Avaya ERS 8600) and PE10 (Cisco 7500). It is an MPLSPING frame (defined in RFC 4379). PE17 sends a MPLSPING request and PE10 sends a MPLSPING reply .



(00:90:69:87:24:00)

802.1Q Virtual LAN


MPLS Label: 102384



MPLS TTL: 255


Version: 4



Total Length: 80

Identification: 0xd684 (54916)

Flags: 0x00

Fragment offset: 0

Time to live: 1


Header checksum: 0x24f1 [correct]

Source: 172.16.254.17 (172.16.254.17)

Destination: 127.0.0.1 (127.0.0.1)

Options: (4 bytes)


Source port: 53504 (53504)


Length: 56


Multiprotocol Label Switching Echo

Version: 1

Global Flags: 0x0001

Message Type: MPLS Echo Request (1)

Reply Mode: Reply via an IPv4/IPv6 UDP packet (2)


avaya.com

Return Code: No return code (0)

Return Subcode: 0

Sender's Handle: 0x00000001

Sequence Number: 1

Timestamp Sent: Oct 26, 2007 10:08:26.0001 UTC

Timestamp Received: NULL

Target FEC Stack

Type: Target FEC Stack (1)

Length: 12

FEC Element 1: LDP IPv4 prefix

Type: LDP IPv4 prefix (1)

Length: 5

IPv4 Prefix: 172.16.254.10 (172.16.254.10)

Prefix Length: 32

Padding



(00:80:2d:35:92:01)

802.1Q Virtual LAN


MPLS Label: 19



MPLS TTL: 254


Version: 4


Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00)

Total Length: 76

Identification: 0xf5ed (62957)

Flags: 0x00

Fragment offset: 0

Time to live: 255


Header checksum: 0x6eab [correct]

Source: 172.16.0.21 (172.16.0.21)

Destination: 172.16.254.17 (172.16.254.17)


avaya.com




Length: 56

Checksum: 0xf522 [correct]

Multiprotocol Label Switching Echo

Version: 1

Global Flags: 0x0001

Message Type: MPLS Echo Reply (2)

Reply Mode: Reply via an IPv4/IPv6 UDP packet (2)

Return Code: Replying router is an egress for the FEC at stack depth RSC (3)

Return Subcode: 0

Sender's Handle: 0x00000001

Sequence Number: 1

Timestamp Sent: Oct 26, 2007 10:08:26.0001 UTC

Timestamp Received: Oct 26, 2007 02:03:45.2219 UTC

Vendor Private

Type: Vendor Private (64512)

Length: 12

Vendor Id: cisco (9)

Value: 0001000400000002


avaya.com

12. APPENDIX III – BGP trace

The following sniffer trace is between P17 (Avaya ERS 8600) and PE10 (Cisco 7500). It is a BGP frame (defined in RFC 4271[BGP], 2858[BGP-MP] and 4360[BGP-EXTCOMM]). PE17 sends a BGP UPDATE message to route reflector (P2) announcing VPN routes to route target (RT) 2028:1000. It sends three routes (10.17.0.1/32, 10.17.1.0/24 and 10.17.123.0/24) with route descriptor (RD) 2028:1000. MPLS outer label to use is 524289 and next hop is 172.16.254.17 (rd 0:0 means next hop).



(00:90:69:8c:a4:00)

802.1Q Virtual LAN


(172.16.254.2)

Transmission Control Protocol, Src Port: bgp (179), Dst Port: 4785 (4785), Seq: 92,

Ack: 1428, Len: 122

Border Gateway Protocol

UPDATE Message

Marker: 16 bytes

Length: 122 bytes

Type: UPDATE Message (2)

Unfeasible routes length: 0 bytes

Total path attribute length: 99 bytes

Path attributes

ORIGIN: INCOMPLETE (4 bytes)

Flags: 0x40 (Well-known, Transitive, Complete)

Type code: ORIGIN (1)

Length: 1 byte

Origin: INCOMPLETE (2)

AS_PATH: empty (3 bytes)


Type code: AS_PATH (2)

Length: 0 bytes

AS path: empty

NEXT_HOP: 172.16.254.17 (7 bytes)


Type code: NEXT_HOP (3)

Length: 4 bytes

Next hop: 172.16.254.17 (172.16.254.17)

LOCAL_PREF: 100 (7 bytes)


avaya.com


Type code: LOCAL_PREF (5)

Length: 4 bytes

Local preference: 100

EXTENDED_COMMUNITIES: (11 bytes)

Flags: 0xc0 (Optional, Transitive, Complete)

Type code: EXTENDED_COMMUNITIES (16)

Length: 8 bytes

Carried Extended communities

Route Target: 2028:1000

MP_REACH_NLRI (67 bytes)

Flags: 0x90 (Optional, Non-transitive, Complete, Extended Length)

Type code: MP_REACH_NLRI (14)

Length: 63 bytes

Address family: IPv4 (1)

Subsequent address family identifier: Labeled VPN Unicast (128)

Next hop network address (12 bytes)

Next hop: Empty Label Stack RD=0:0 IPv4=172.16.254.17 (12)

Subnetwork points of attachment: 0

Network layer reachability information (46 bytes)

Label Stack=524289 (bottom) RD=2028:1000, IPv4=10.17.0.1/32

MP Reach NLRI Prefix length: 120

MP Reach NLRI Label Stack: 524289 (bottom)

MP Reach NLRI Route Distinguisher: 2028:1000

MP Reach NLRI IPv4 prefix: 10.17.0.1 (10.17.0.1)












avaya.com

13. APPENDIX IV – RSVP-TE trace

The following sniffer trace is between P17 (Avaya ERS 8600) and PE10 (Cisco 7500). It is an RSVP-TE frame (defined in RFC 3209). PE17 sends a resource reservation PATH message to PE10 with explicit route to use (ERO), it records current route RRO (local interface, as frame is capture on this interface). Bandwidth is set to 10.000 bps (1250 Bytes per seconds) and label is requested. This frame will be forwarded to all hops specified in ERO because mode is strict.



(00:90:69:8c:a4:00)

802.1Q Virtual LAN


(172.16.254.10)

Resource ReserVation Protocol (RSVP): PATH Message. SESSION: IPv4-LSP, Destination

172.16.254.10, Tunnel ID 1, Ext ID ac10fe12. SENDER TEMPLATE: IPv4-LSP, Tunnel Source:

172.16.254.18, LSP ID: 1.

RSVP Header. PATH Message.

RSVP Version: 1

Flags: 01

Message Type: PATH Message. (1)

Message Checksum: 0xf561 [correct]

Sending TTL: 32

Message length: 228

MESSAGE-ID: 20

SESSION: IPv4-LSP, Destination 172.16.254.10, Tunnel ID 1, Ext ID ac10fe12.

Length: 16

Object class: SESSION object (1)

C-type: 7 - IPv4 LSP

Destination address: 172.16.254.10 (172.16.254.10)

Tunnel ID: 1

Extended Tunnel ID: 2886794770 (172.16.254.18)

HOP: IPv4, 172.16.0.38

TIME VALUES: 30000 ms

EXPLICIT ROUTE: IPv4 172.16.0.37, IPv4 172.16.0.5, IPv4 172.16.0.18

Length: 28

Object class: EXPLICIT ROUTE object (20)

C-type: 1

IPv4 Subobject - 172.16.0.37, Strict



avaya.com


LABEL REQUEST: Basic: L3PID: IP (0x0800)

SESSION ATTRIBUTE: SetupPrio 4, HoldPrio 3, SE Style, [PE17-PE10]

Length: 20

Object class: SESSION ATTRIBUTE object (207)

C-type: 7 - IPv4 LSP (No Resource Affinities)

Setup priority: 4

Hold priority: 3

Flags: 0x04

Name length: 9

Name: PE17-PE10

SENDER TEMPLATE: IPv4-LSP, Tunnel Source: 172.16.254.18, LSP ID: 1.

SENDER TSPEC: IntServ: Token Bucket, 1250 bytes/sec.

Length: 36

Object class: SENDER TSPEC object (12)

C-type: 1 - Integrated Services

Message format version: 0

Data length: 7 words, not including header

Service header: 1 - Traffic specification

Length of service 1 data: 6 words, not including header

Token Bucket TSpec: Rate=1250 Burst=1000 Peak=1250 m=20 M=1500

ADSPEC

RECORD ROUTE: IPv4 172.16.0.38

RECOVERY LABEL

In return a reservation PATH message you get a RESERVATION message with ERO, RRO, Tpsec, Style and label to use, in our case label is 102880.



(00:80:2d:35:92:02)

802.1Q Virtual LAN


Resource ReserVation Protocol (RSVP): RESV Message. SESSION: IPv4-LSP, Destination

172.16.254.10, Tunnel ID 1, Ext ID ac10fe12. FILTERSPEC: IPv4-LSP, Tunnel Source:

172.16.254.18, LSP ID: 1.

RSVP Header. RESV Message.

RSVP Version: 1

Flags: 00

Message Type: RESV Message. (2)


avaya.com

Message Checksum: 0xb3d1 [correct]

Sending TTL: 255

Message length: 136

SESSION: IPv4-LSP, Destination 172.16.254.10, Tunnel ID 1, Ext ID ac10fe12.

Length: 16

Object class: SESSION object (1)


Destination address: 172.16.254.10 (172.16.254.10)

Tunnel ID: 1

Extended Tunnel ID: 2886794770 (172.16.254.18)

HOP: IPv4, 172.16.0.37

TIME VALUES: 30000 ms

STYLE: Shared-Explicit (18)

Length: 8

Object class: STYLE object (8)

C-type: 1

Flags: 0x00

Style: 0x000012 - Shared-Explicit

FLOWSPEC: Controlled Load: Token Bucket, 1250 bytes/sec.

Length: 36

Object class: FLOWSPEC object (9)

C-type: 2

Message format version: 0

Data length: 7 words, not including header

Service header: 5 - Controlled Load

Length of service 5 data: 6 words, not including header

Token Bucket: Rate=1250 Burst=1000 Peak=1250 m=0 M=0

FILTERSPEC: IPv4-LSP, Tunnel Source: 172.16.254.18, LSP ID: 1.

Length: 12

Object class: FILTER SPEC object (10)


Sender IPv4 address: 172.16.254.18 (172.16.254.18)

Sender LSP ID: 1

LABEL: 102880

Length: 8

Object class: LABEL object (16)

C-type: 1 (Packet Label)


avaya.com

Label: 102880

RECORD ROUTE: IPv4 172.16.0.37, IPv4 172.16.0.5, IPv4 172.16.0.18

Length: 28

Object class: RECORD ROUTE object (21)

C-type: 1

IPv4 Subobject - 172.16.0.37

Type: 1 (IPv4)

Length: 8

IPv4 hop: 172.16.0.37

Prefix length: 32

Flags: 0x00


Type: 1 (IPv4)

Length: 8

IPv4 hop: 172.16.0.5

Prefix length: 32

Flags: 0x00


Type: 1 (IPv4)

Length: 8

IPv4 hop: 172.16.0.18

Prefix length: 32

Flags: 0x00


avaya.com

14. Customer service

Visit the Avaya Web site to access the complete range of services and support that Avaya provides. Go to www.avaya.com or go to one of the pages listed in the following sections.

14.1 Getting technical documentation

To download and print selected technical publications and release notes directly from the Internet, go to www.avaya.com/support.

14.2 Getting product training

Ongoing product training is available. For more information or to register, you can access the Web site at www.avaya.com/support. From this Web site, you can locate the Training contacts link on the left-hand navigation pane.

14.3 Getting help from a distributor or reseller

If you purchased a service contract for your Avaya product from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller for assistance.

14.4 Getting technical support from the Avaya Web site

The easiest and most effective way to get technical support for Avaya products is from the Avaya Technical Support Web site at www.avaya.com/support.

http://www.avaya.com/

http://www.avaya.com/support



Documents

IP-VPN and IP-LER Interoperability for Ethernet Routing