RIPv2 PE-CE Routing Overview, Configuration, and Verification

Static PE-CE routing can create administrative overheads for the service provider. Service providers, therefore, prefer to run dynamic PE-CE routing protocols for the following reasons:

In an RIPv2 PE-CE routing environment, an IPv4 routing context is configured for each VRF running RIP on the PE router. The RIP parameters are specified in the VRF routing context. Global RIP parameters, if entered in the RIP router configuration, are inherited by the RIP VRF routing context. These parameters can, however, be overwritten in the routing context.

Figure 4-3 shows a typical MPLS VPN network, where PE1-AS1 uses RIPv2 as the PE-CE routing protocol with CE1-A, and PE2-AS1 can run either RIPv2, OSPF, EIGRP, BGP, or static PE-CE routing protocol with CE2-A. PE1-AS1 receives RIPv2 routes from the CE1-A router. The received RIP routes are redistributed into MP-iBGP at the PE1-AS1 router and are transported across the backbone as VPNv4 routes to the PE2-AS1 router. These VPNv4 routes are redistributed back into RIPv2, OSPF, EIGRP, and BGP routes at the PE2-AS1 router and then propagated to the CE2-A router.

Figure 4-3. MPLS VPN Network with RIPv2 PE-CE Routing

 

Configuration Flowchart to Implement RIPv2 PE-CE Routing

Figure 4-4 shows the configuration flowchart to implement RIPv2 PE-CE routing on a PE router.

Figure 4-4. Configurations Steps for RIPv2 PE-CE Routing

 

Configuring RIPv2 PE-CE Routing

The network topology in Figure 4-5 depicts an ATM-based MPLS VPN provider network providing MPLS VPN services to Customer A sites, Site 1 and Site 2. The MPLS provider network comprises PE1-AS1 and PE2-AS1 as PE routers. P1-AS1 and P2-AS1 are LS1010 switches and function as provider routers. The MPLS VPN provider network is running OSPF as the IGP routing protocol on PE1-AS1, P1-AS1, P2-AS1, and PE2-AS1. PE routers PE1-AS1 and PE2-AS1 are configured for MP-iBGP connectivity between them.

Figure 4-5. MPLS VPN Provider Implementing RIPv2 PE-CE Routing

Customer A requires connectivity between the Site 1 network (172.16.10.0/24) and Site 2 network (172.16.20.0/24). Site 1 and Site 2 belong to the same VPN, VPN-A. Site 1 and Site 2 comprise CE routers CE1-A and CE2-A, respectively. CE1-A and CE2-A are connected to PE1-AS1 and PE2-AS1, respectively. CE1-A and CE2-A are already running RIPv2 routing protocol. RIPv2 PE-CE routing protocol on PE routers PE1-AS1 and PE2-AS1 is implemented as follows.

Prior to the configuration shown in Example 4-10, ensure that the provider network is provisioned to deliver MPLS VPN services to Customer A sites. Ensure that IP addresses are preconfigured and VRFs defined on PE router. Example 4-10 provides the configuration related to defining VRF and its attributes on PE routers for RIPv2 PE-CE routing.

Example 4-10. Define VRF VRF-RIP on PE Routers PE1-AS1 and PE2-AS1

PE1-AS1(config)#ip vrf VRF-RIP PE1-AS1(config-vrf)# rd 1:100 PE1-AS1(config-vrf)#route-target both 1:100 PE1-AS1(config-vrf)#interface FastEthernet0/0 PE1-AS1(config-if)# ip vrf forwarding VRF-RIP PE1-AS1(config-if)# ip address 172.16.1.1 255.255.255.252 PE2-AS1(config)#ip vrf VRF-RIP PE2-AS1(config-vrf)# rd 1:100 PE2-AS1(config-vrf)# route-target both 1:100 PE2-AS1(config-vrf)#interface Ethernet1/0 PE2-AS1(config-if)# ip vrf forwarding VRF-RIP PE2-AS1(config-if)# ip address 172.16.2.1 255.255.255.252

The steps to configure RIPv2 PE-CE routing on PE routers are as follows:

Step 1.

Configure per VRF RIP routing context and RIP parameters on PE routers – Configure per VRF RIP routing context for VRF RIP under the RIP routing process on PE1-AS1 and PE2-AS1. Configure the per VRF RIP parameters under the address family. Example 4-11 shows this configuration step for PE1-AS1. Repeat the same steps for PE2-AS1.

 

Example 4-11. Configure per VRF RIP Routing Context on PE Routers

PE1-AS1(config)#router rip PE1-AS1(config-router)# version 2 PE1-AS1(config-router)# address-family ipv4 vrf VRF-RIP PE1-AS1(config-router-af)#network 172.16.0.0 PE1-AS1(config-router-af)# no auto-summary PE1-AS1(config-router-af)# exit-address-family  

Step 2.

Redistribute the per VRF RIP routes in BGP – Example 4-12 shows the step to redistribute the per VRF RIP routes into BGP on PE routers PE1-AS1 and PE2-AS1. This configuration step is shown in Example 4-12.

 

Example 4-12. Redistribute RIPv2 Routes in BGP on PE Routers

PE1-AS1(config)#router bgp 1 PE1-AS1(config-router)#address-family ipv4 vrf VRF-RIP PE1-AS1(config-router-af)#redistribute rip ________________________________________________________________ PE2-AS1(config)#router bgp 1 PE2-AS1(config-router)#address-family ipv4 vrf VRF-RIP PE2-AS1(config-router-af)#redistribute rip  

Step 3.

Redistribute MP-iBGP VPNv4 prefixes into RIP – Redistribute the MP-iBGP VPNv4 prefixes from remote PE1-AS1 into RIP per VRF routing context on PE2-AS1 router. In RIP PE-CE routing, the RIP metric is copied into the BGP multi-exit discriminator (MED) attribute. This metric can be preserved across the CE network by configuring the metric transparent option during redistribution from BGP into RIPv2, and, by doing so, it is copied back from the BGP MED attribute into the RIP version 2 metric. The configuration step is shown in Example 4-13.

 

Example 4-13. Redistribute MP-IBGP Routes into RIP Routing Context on PE Routers

PE1-AS1(config-router-af)#router rip PE1-AS1(config-router)#address-family ipv4 vrf VRF-RIP PE1-AS1(config-router-af)#redistribute bgp 1 metric transparent ________________________________________________________________ PE2-AS1(config-router-af)#router rip PE2-AS1(config-router)#address-family ipv4 vrf VRF-RIP PE2-AS1(config-router-af)#redistribute bgp 1 metric transparent  

RIPv2 PE-CE Routing – Customer Edge CE1-A and CE2-A Configuration

Example 4-14 shows the configuration on the CE1-A and CE2-A customer edge routers.

Example 4-14. CE1-A and CE2-A Router Configuration

hostname CE1-A ! interface Loopback0 ip address 172.16.10.1 255.255.255.0 ! interface FastEthernet0/0 description connected to PE1-AS1 ip address 172.16.1.2 255.255.255.252 ! router rip version 2 network 172.16.0.0 no auto-summary __________________________________________________________________________ hostname CE2-A ! interface Loopback0 ip address 172.16.20.1 255.255.255.0 ! interface Ethernet0/0 description connected to PE2-AS1 ip address 172.16.2.2 255.255.255.252 ! router rip version 2 network 172.16.0.0 no auto-summary

 

RIPv2 PE-CE Routing – Provider Edge PE1-AS1 and PE2-AS1 Configuration

Example 4-15 shows the final configuration on the CE1-RIP and CE2-RIP provider edge routers PE1-AS1 and PE2-AS1.

Example 4-15. PE1-AS1 and PE2-AS1 Router Configuration

hostname PE1-AS1 ! ip cef ! ip vrf VRF-RIP rd 1:100 route-target export 1:100 route-target import 1:100 ! mpls label protocol ldp mpls tdp router-id Loopback0 ! interface Loopback0 ip address 10.10.10.101 255.255.255.255 ! interface FastEthernet0/0 description connected to CE1-A ip vrf forwarding VRF-RIP ip address 172.16.1.1 255.255.255.252 ! interface ATM2/0 no ip address no atm ilmi-keepalive ! interface ATM2/0.1 mpls description Connection to A1 ip address 10.10.10.1 255.255.255.252 mpls ip ! router ospf 1 network 10.0.0.0 0.255.255.255 area 0 ! router rip version 2 ! address-family ipv4 vrf VRF-RIP version 2 redistribute bgp 1 metric transparent network 172.16.0.0 no auto-summary exit-address-family ! router bgp 1 no synchronization bgp log-neighbor-changes neighbor 10.10.10.102 remote-as 1 neighbor 10.10.10.102 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 10.10.10.102 activate neighbor 10.10.10.102 send-community extended no auto-summary exit-address-family ! address-family ipv4 vrf VRF-RIP redistribute rip no auto-summary no synchronization exit-address-family __________________________________________________________________________ hostname PE2-AS1 ! ip cef ! ip vrf VRF-RIP rd 1:100 route-target export 1:100 route-target import 1:100 ! mpls label protocol ldp mpls ldp router-id Loopback0 ! interface Loopback0 ip address 10.10.10.102 255.255.255.255 ! interface Ethernet1/0 description connected to CE2-A ip vrf forwarding VRF-RIP ip address 172.16.2.1 255.255.255.252 ! interface ATM2/0 no ip address ! interface ATM2/0.1 mpls description connection to A2 ip address 10.10.10.10 255.255.255.252 mpls ip ! router ospf 100 network 10.10.0.0 0.0.255.255 area 0 ! router rip version 2 ! address-family ipv4 vrf VRF-RIP version 2 redistribute bgp 1 metric transparent network 172.16.0.0 no auto-summary exit-address-family ! router bgp 1 no synchronization neighbor 10.10.10.101 remote-as 1 neighbor 10.10.10.101 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 10.10.10.101 activate neighbor 10.10.10.101 send-community extended no auto-summary exit-address-family ! address-family ipv4 vrf VRF-RIP redistribute rip no auto-summary no synchronization exit-address-family

 

Verification of RIPv2 PE-CE Routing

The steps to verify RIPv2 PE-CE routing are as follows:

Step 1.

Verify BGP VPNv4 routing table on PE1-AS1 and PE2-AS1 – Check the BGP VPNv4 routing table to see if routes are received properly. Example 4-16 shows that PE1-AS1 receives 172.16.20.0/24. Repeat the same step on PE2-AS1.

 

Example 4-16. Verify BGP VPNv4 Routing Table on PE Routers

PE1-AS1#show ip bgp vpnv4 vrf VRF-RIP BGP table version is 24, local router ID is 10.10.10.101 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 1:100 (default for vrf VRF-RIP) *> 172.16.1.0/30 0.0.0.0 0 32768 ? *>i172.16.2.0/30 10.10.10.102 0 100 0 ? *> 172.16.10.0/24 172.16.1.2 1 32768 ? *>i172.16.20.0/24 10.10.10.102 1 100 0 ?  

Step 2.

Verify VRF routing table on PE1-AS1 and PE2-AS1 – Check the VRF routing table to see if routes advertised by local and remote CE routers are seen in the VRF routing table.

Example 4-17 shows that PE1-AS1 has received the 172.16.20.0 network from the PE2-AS1 and the 172.16.10.0/24 network from CE1-A.

 

Example 4-17. Verify VRF Routing Table on PE Routers

PE1-AS1#show ip route vrf VRF-RIP 172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks B 172.16.20.0/24 [200/1] via 10.10.10.102, 2d02h R 172.16.10.0/24 [120/1] via 172.16.1.2, 00:00:06, FastEthernet0/0 C 172.16.1.0/30 is directly connected, FastEthernet0/0 B 172.16.2.0/30 [200/0] via 10.10.10.102, 2d02h  

Step 3.

Verify end-to-end connectivity using ping – Verify end-to-end connectivity between the CE1-A and CE2-A by issuing a ping from CE1-A to network 172.16.20.0/24 on CE2-A and vice versa. Example 4-18 shows that the ping has been successful.

 

Example 4-18. Verify Reachability via Ping

CE1-A#ping 172.16.20.1 source 172.16.10.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds: Packet sent with a source address of 172.16.10.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms ____________________________________________________________________ CE2-A#ping 172.16.10.1 source 172.16.20.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2 seconds: Packet sent with a source address of 172.16.20.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms  

Control Plane Forwarding Operation

Figure 4-6 shows the path taken by the control packet originating from CE1-A to CE2-A.

Figure 4-6. Control Plane Forwarding Between CE Routers

Step 1.

CE1-RIP sends 172.16.10.0/24 as an IPv4 update to PE1-AS1:

 

PE1-AS1#show ip route vrf VRF-RIP | include 172.16.10.0 R 172.16.10.0/24 [120/1] via 172.16.1.2, 00:00:03, FastEthernet0/0  

Step 2.

Figure 4-6 shows that PE1-AS1 accepts and transforms the IPv4 route, 172.16.10.0/24, to a VPNv4 route by assigning an RD 1:100, SoO, and RT 1:100 based on the VRF RIP configuration on PE1-AS1. It then allocates a VPNv4 label 24 to 172.16.10.0/24 update and rewrites the next-hop attribute to the PE1-AS1 loopback0 IP address 10.10.10.101.

Now PE1-AS1, 10.10.10.101, is reachable via IGP (OSPF) and LDP. The following control plane operation shows the IGP label propagation for prefix 10.10.10.101/32 from PE1-AS1 to PE2-AS1 inside the provider network. This propagation takes place as soon as the MPLS VPN provider network is established and is always in place prior to any VPNv4 prefix being propagated across the MPLS VPN provider network. The following steps are performed in the label propagation process for prefix 10.10.10.101/32. This operation is shown for clarity:

 

Step 2A In Figure 4-6, Edge ATM LSR PE2-AS1 requests a label for the 10.10.10.101/32 prefix using the LDP label mapping request from its downstream neighbor, ATM LSR P2-AS1. P2-AS1 requests a label for the 10.10.10.101/32 prefix using the LDP label mapping request from its downstream neighbor, ATM LSR P1-AS1. P1-AS1, in turn, requests a label for the 10.10.10.101/32 prefix using the LDP label mapping request from its downstream neighbor, Edge ATM LSR PE1-AS1. Edge ATM LSR PE1-AS1 allocates a label to 10.10.10.101/32, which corresponds to its inbound VPI/VCI value 1/33, modifies the entry in the LFIB corresponding to 10.10.10.101/32, and sends it to P1-AS1 using an LDP reply. Example 4-19 shows the output of show mpls atm-ldp bindings on PE1-AS1.

 

Example 4-19. Label Allocation and Distribution Verification on PE1-AS1

PE1-AS1#show mpls atm-ldp bindings Destination: 10.10.10.101/32 Tailend Router ATM2/0.1 1/33 Active, VCD=95 Destination: 10.10.10.4/30 Headend Router ATM2/0.1 (1 hop) 1/33 Active, VCD=95 Destination: 10.10.10.8/30 Headend Router ATM2/0.1 (2 hops) 1/34 Active, VCD=97 Destination: 10.10.10.102/32 Headend Router ATM2/0.1 (3 hops) 1/35 Active, VCD=99 Destination: 10.10.10.200/32 Headend Router ATM2/0.1 (1 hop) 1/36 Active, VCD=96 Destination: 10.10.10.201/32 Headend Router ATM2/0.1 (2 hops) 1/37 Active, VCD=98

Step 2B P1-AS1 uses the VPI/VCI, 1/33, received from PE1-AS1 as its outbound VPI/VCI label value, allocates a free VC that is mapped to the local inbound VPI/VCI 1/44, and modifies the LFIB entry for 10.10.10.101/32. P1-AS1 then sends VPI/VCI value 1/44 to P2-AS1 via an LDP reply, as shown in Figure 4-6. Example 4-20 shows the output of show mpls atm-ldp bindings on P1-AS1.

 

Example 4-20. Label Allocation and Distribution Verification on P1-AS1

P1-AS1#show mpls atm-ldp bindings Destination: 10.10.10.200/32 Tailend Switch ATM4/0/0 1/35 Active -> Terminating Active, VCD=70 Tailend Switch ATM4/0/2 1/36 Active -> Terminating Active, VCD=74 Destination: 10.10.10.0/30 Tailend Switch ATM4/0/0 1/33 Active -> ATM4/0/2 Terminating Active, VCD=69 Destination: 10.10.10.101/32 Transit ATM4/0/0 1/44 Active -> ATM4/0/2 1/33 Active Destination: 10.10.10.4/30 Tailend Switch ATM4/0/2 1/33 Active -> ATM4/0/0 Terminating Active, VCD=73 Destination: 10.10.10.8/30 Transit ATM4/0/2 1/34 Active -> ATM4/0/0 1/33 Active Destination: 10.10.10.102/32 Transit ATM4/0/2 1/35 Active -> ATM4/0/0 1/34 Active Destination: 10.10.10.201/32 Transit ATM4/0/2 1/37 Active -> ATM4/0/0 1/35 Active

Step 2C P2-AS1 uses the VPI/VCI, 1/44, received from P1-AS1 as its outbound VPI/VCI value, allocates a free VC that is mapped to the local inbound VPI/VCI 1/39, and modifies the LFIB entry for 10.10.10.101/32. P2-AS1 then sends VPI/VCI value 1/39 to PE2-AS1 via an LDP reply. Example 4-21 shows the output of show mpls atm-ldp bindings on P2-AS1.

 

Example 4-21. Label Allocation and Distribution Verification on P2-AS1

P2-AS1#show mpls atm-ldp bindings Destination: 10.10.10.0/30 Transit ATM4/0/1 1/33 Active -> ATM4/0/0 1/33 Active Destination: 10.10.10.4/30 Tailend Switch ATM4/0/1 1/34 Active -> ATM4/0/0 Terminating Active, VCD=119 Destination: 10.10.10.200/32 Transit ATM4/0/1 1/36 Active -> ATM4/0/0 1/35 Active Destination: 10.10.10.201/32 Tailend Switch ATM4/0/1 1/37 Active -> Terminating Active, VCD=120 Tailend Switch ATM4/0/0 1/35 Active -> Terminating Active, VCD=126 Destination: 10.10.10.101/32 Transit ATM4/0/1 1/39 Active -> ATM4/0/0 1/44 Active Destination: 10.10.10.8/30 Tailend Switch ATM4/0/0 1/33 Active -> ATM4/0/1 Terminating Active, VCD=125 Destination: 10.10.10.102/32 Transit ATM4/0/0 1/34 Active -> ATM4/0/1 1/35 Active

Edge ATM LSR PE2-AS1 then uses VPI/VCI value 1/39, received from P2-AS1, as its outbound VPI/VCI value and modifies the entry in the LFIB. This is shown in Example 4-22.

 

Example 4-22. Label Allocation and Distribution Verification on PE2-AS1

PE2-AS1#show mpls forwarding-table Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 16 1/34 10.10.10.4/30 0 AT2/0.1 point2point 18 1/33 10.10.10.0/30 0 AT2/0.1 point2point 19 1/39 10.10.10.101/32 0 AT2/0.1 point2point 22 1/36 10.10.10.200/32 0 AT2/0.1 point2point 23 1/37 10.10.10.201/32 0 AT2/0.1 point2point 25 Aggregate 172.16.2.0/30[V] 0 26 Untagged 172.16.20.0/24[V] 0 Et1/0 172.16.2.2 __________________________________________________________________________ PE2-AS1#show mpls atm-ldp bindings Destination: 10.10.10.0/30 Headend Router ATM2/0.1 (2 hops) 1/33 Active, VCD=72 Destination: 10.10.10.4/30 Headend Router ATM2/0.1 (1 hop) 1/34 Active, VCD=70 Destination: 10.10.10.200/32 Headend Router ATM2/0.1 (2 hops) 1/36 Active, VCD=73 Destination: 10.10.10.201/32 Headend Router ATM2/0.1 (1 hop) 1/37 Active, VCD=71 Destination: 10.10.10.101/32 Headend Router ATM2/0.1 (3 hops) 1/39 Active, VCD=76 Destination: 10.10.10.102/32 Tailend Router ATM2/0.1 1/35 Active, VCD=77  

Step 3.

PE1-AS1 has VRF RIP configured to accept routes with RT 1:100 and, therefore, translates the VPNv4 update to IPv4 and inserts the route in VRF RIP. It then propagates this route to the CE2-A.

 

Data Forwarding Operation

The data forwarding path originates from 172.16.20.1, which is the source address with the traffic destined to 172.16.10.1. Figure 4-6 traces the path of the data packet from the source to the destination:

Step 1.

CE2-RIP originates a data packet with the source address of 172.16.20.1 and destination of 172.16.10.1.

 

Step 2.

PE2-AS1 receives the data packet and appends the VPN label 24 and LDP label 1/39 and forwards the packet to P2-AS1. See Example 4-23.

 

Example 4-23. Data Forwarding Verification on PE2-AS1

PE2-AS1#show ip cef vrf VRF-RIP 172.16.10.0 172.16.10.0/24, version 17, epoch 0, cached adjacency to ATM2/0.1 0 packets, 0 bytes tag information set local tag: VPN-route-head fast tag rewrite with AT2/0.1, point2point, tags imposed: {1/39(vcd=76) 24} via 10.10.10.101, 0 dependencies, recursive next hop 10.10.10.9, ATM2/0.1 via 10.10.10.101/32 valid cached adjacency tag rewrite with AT2/0.1, point2point, tags imposed: {1/39(vcd=76) 24}  

Step 3.

P2-AS1 receives the data packet destined to 172.16.10.1 and swaps LDP label 1/39 with 1/44. Example 4-24 shows the output of show mpls atm-ldp bindings destination-prefix mask-length on P2-AS1.

 

Example 4-24. Data Plane Verification on P2-AS1

P2-AS1#show mpls atm-ldp bindings 10.10.10.101 32 Destination: 10.10.10.101/32 Transit ATM4/0/1 1/39 Active -> ATM4/0/0 1/44 Active  

Step 4.

P1-AS1 receives the data packet destined to 172.16.10.1 and swaps LDP label 1/44 with 1/33. Example 4-25 shows the output of show mpls atm-ldp bindings destination-prefix mask-length. Penultimate hop popping is not supported on ATM LSRs because the label is part of the ATM cell payload and cannot be removed by ATM switching hardware. Therefore, P1-AS1, which is an ATM device, does not perform any penultimate hop popping function.

 

Example 4-25. Data Plane Verification on P1-AS1

P1-AS1#show mpls atm-ldp bindings 10.10.10.101 32 Destination: 10.10.10.101/32 Transit ATM4/0/0 1/44 Active -> ATM4/0/2 1/33 Active  

Step 5.

PE1-AS1 pops the label stack (both VPN label 24 and LDP label 1/33) and forwards the data packet to CE1-RIP where the 172.16.10.0 network is located.

 

Категории