www.routermonkey.org

MPLS PIP With 2 Customer Networks

MPLS PIP With 2 Customer Networks

I put this MPLS Lab together to simulate Verizons PIP product (PIP is trademarked I'm sure).  I wanted to illustrated the flexibility of MPLS and this seemed like a good model for that.

The basic foundation for my lab is VPN MPLS over ATM much like my previous MPLS lab, but instead of the PE routers running "Multi-protocol" I chose to use BGP all the way out to the CE.  To do this, you must create an "address-family" for each CE's BGP AS that also includes what vrf instance the address-family is tied to.  This is created in the PE's BGP process.  The address family contains the neighbor information and must use the activate statement to pass updates.  You will also need to use the "redistribute connected" statement within the address-family so that the IGP routes will be known otherwise forwarding through the Provider core will not occure.

Also, you need to add "address-family vpnv4" to you BGP AS on the PE using the adjacent Provider Core as the peer to build VPN Tunnels across the core which carry the labled traffic.

Note that a given vrf instance is also applied to the interface connecting the PE to the CE for that private network. 

The following equipment was used in this lab:

1 x Cisco 2900

1 x Cisco 3550

1 x Cisco 4003 w/L3 Module

1 x Cisco 6509

1 x Cisc LS1010 

1 x Cisco 1760 

3 x Cisco 3640

3 x Cisco 3620 

 

In the illustration below you see the device roles in the MPLS cloude and the BGP AS layout. 

 

I the next diagram, the logical separation of networks is shown. 

 

The next illustration shows the logical view of Customer A's network. 

 

 

The following are the actual configurations from the routers and switchgear used in this lab.  There may be some things that don't fit as I don't always wip these routers and switches between labs.

 

Router Configs:

Customer A (Site 1) Core Switch

version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service counters max age 10
!
hostname lab_6509
!
boot system flash sup-bootflash:s72033-pk9sv-mz.122-18.SXD7b.bin
enable password cisco
!
no aaa new-model
ip subnet-zero
!
!
!
mls ip multicast flow-stat-timer 9
no mls flow ip
no mls flow ipv6
mls cef error action freeze
!
!
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
diagnostic cns publish cisco.cns.device.diag_results
diagnostic cns subscribe cisco.cns.device.diag_commands
!
redundancy
 mode sso
 main-cpu
  auto-sync running-config
!
vlan internal allocation policy ascending
vlan access-log ratelimit 2000
!
!
interface Loopback0
 bandwidth 100000
 ip address 172.18.0.1 255.255.255.0
 ip directed-broadcast
 ip ospf network point-to-point
!
interface Loopback1
 bandwidth 100000
 ip address 172.18.1.1 255.255.255.0
 ip directed-broadcast
 ip ospf network point-to-point
!
interface Loopback2
 bandwidth 100000
 ip address 172.18.2.1 255.255.255.0
 ip directed-broadcast
 ip ospf network point-to-point
!
interface Loopback3
 bandwidth 100000
 ip address 172.18.3.1 255.255.255.0
 ip directed-broadcast
 ip ospf network point-to-point
!
interface Loopback4
 bandwidth 100000
 ip address 172.18.4.1 255.255.255.0
 ip directed-broadcast
 ip ospf network point-to-point
!
interface Loopback5
 bandwidth 100000
 ip address 172.18.5.1 255.255.255.0
 ip directed-broadcast
 ip ospf network point-to-point
!
interface GigabitEthernet1/1
 no ip address
 shutdown
!
interface GigabitEthernet1/2
 no ip address
 shutdown
!
interface GigabitEthernet1/3
 no ip address
 shutdown
!
interface GigabitEthernet1/4
 no ip address
 shutdown
!
interface GigabitEthernet1/5
 no ip address
 switchport
!
interface GigabitEthernet1/6
 no ip address
 switchport
!
interface GigabitEthernet1/7
 no ip address
 switchport
!
interface GigabitEthernet1/8
 no ip address
 switchport
!
interface GigabitEthernet1/9
 no ip address
 switchport
!
interface GigabitEthernet1/10
 no ip address
 switchport
!
interface GigabitEthernet1/11
 no ip address
 switchport
!
interface GigabitEthernet1/12
 no ip address
 switchport
!
interface GigabitEthernet1/13
 no ip address
 switchport
!
interface GigabitEthernet1/14
 no ip address
 switchport
!
interface GigabitEthernet1/15
 no ip address
 switchport
!
interface GigabitEthernet1/16
 no ip address
 switchport
!
interface FastEthernet2/1
 no ip address
 switchport
 switchport mode access
!
interface FastEthernet2/2
 no ip address
 switchport
 switchport mode access
!
interface FastEthernet2/3
 no ip address
 switchport
 switchport mode access
!
interface FastEthernet2/4
 no ip address
 switchport
 switchport mode access
!
interface FastEthernet2/5
 no ip address
 switchport
 switchport mode access
!
interface FastEthernet2/6
 no ip address
 switchport
!
interface FastEthernet2/7
 no ip address
 switchport
!
interface FastEthernet2/8
 no ip address
 switchport
!
interface FastEthernet2/9
 no ip address
 switchport
!
interface FastEthernet2/10
 no ip address
 switchport
!
interface FastEthernet2/11
 no ip address
 switchport
!
interface FastEthernet2/12
 no ip address
 switchport
!
interface FastEthernet2/13
 no ip address
 switchport
!
interface FastEthernet2/14
 no ip address
 switchport
!
interface FastEthernet2/15
 no ip address
 switchport
!
interface FastEthernet2/16
 no ip address
 switchport
!
interface FastEthernet2/17
 no ip address
 switchport
!
interface FastEthernet2/18
 no ip address
 switchport
 switchport mode access
!
interface FastEthernet2/19
 no ip address
 switchport
!
interface FastEthernet2/20
 no ip address
 switchport
!
interface FastEthernet2/21
 no ip address
 switchport
!
interface FastEthernet2/22
 no ip address
 switchport
!
interface FastEthernet2/23
 no ip address
 switchport
!
interface FastEthernet2/24
 no ip address
 switchport
!
interface FastEthernet2/25
 no ip address
 switchport
!
interface FastEthernet2/26
 no ip address
 switchport
!
interface FastEthernet2/27
 no ip address
 switchport
!
interface FastEthernet2/28
 no ip address
 switchport
!
interface FastEthernet2/29
 no ip address
 switchport
!
interface FastEthernet2/30
 no ip address
 switchport
!
interface FastEthernet2/31
 no ip address
 switchport
!
interface FastEthernet2/32
 no ip address
 switchport
!
interface FastEthernet2/33
 no ip address
 switchport
!
interface FastEthernet2/34
 no ip address
 switchport
!
interface FastEthernet2/35
 no ip address
 switchport
!
interface FastEthernet2/36
 no ip address
 switchport
!
interface FastEthernet2/37
 no ip address
 switchport
!
interface FastEthernet2/38
 no ip address
 duplex full
 switchport
 switchport mode access
!
interface FastEthernet2/39
 no ip address
 switchport
!
interface FastEthernet2/40
 no ip address
 switchport
!
interface FastEthernet2/41
 no ip address
 switchport
!
interface FastEthernet2/42
 no ip address
 switchport
!
interface FastEthernet2/43
 description .....to wan router
 ip address 10.21.100.1 255.255.255.252
 ip ospf priority 15
 speed 100
 duplex full
!
interface FastEthernet2/44
 no ip address
 switchport
!
interface FastEthernet2/45
 no ip address
 switchport
!
interface FastEthernet2/46
 no ip address
 switchport
!
interface FastEthernet2/47
 no ip address
 switchport
!
interface FastEthernet2/48
 ip address 192.168.1.3 255.255.255.0
!
interface GigabitEthernet5/1
 no ip address
 shutdown
!
interface GigabitEthernet5/2
 no ip address
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan2
 no ip address
 shutdown
!
interface Vlan4
 no ip address
 shutdown
!
interface Vlan12
 no ip address
 shutdown
!
interface Vlan203
 no ip address
 shutdown
!
router ospf 100
 log-adjacency-changes
 passive-interface default
 no passive-interface FastEthernet2/43
 network 10.21.100.0 0.0.0.3 area 0
 network 172.18.0.0 0.0.0.255 area 0
 network 172.18.1.0 0.0.0.255 area 0
 network 172.18.2.0 0.0.0.255 area 0
 network 172.18.3.0 0.0.0.255 area 0
 network 172.18.4.0 0.0.0.255 area 0
 network 172.18.5.0 0.0.0.255 area 0
!
ip classless
no ip http server
!
!
control-plane
!
!
!
line con 0
line vty 0 4
 exec-timeout 0 0
 password cisco
 login
line vty 5 15
 login
!
end

 

Customer A CE1

version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname lab-3640C
!
enable password cisco
!
ip subnet-zero
!
!
!
call rsvp-sync
!
interface Ethernet0/0
 ip address 192.168.3.2 255.255.255.0
 half-duplex
!
interface FastEthernet1/0
 ip address 10.21.100.2 255.255.255.252
 speed 100
 full-duplex
!
interface ATM3/0
 no ip address
 shutdown
 no atm ilmi-keepalive
!
router ospf 100
 log-adjacency-changes
 redistribute bgp 64590 subnets
 passive-interface default
 no passive-interface FastEthernet1/0
 network 10.21.100.0 0.0.0.3 area 0
!
router bgp 64590
 no synchronization
 bgp log-neighbor-changes
 network 10.21.100.0 mask 255.255.255.252
 network 172.18.0.0 mask 255.255.255.0
 network 172.18.1.0 mask 255.255.255.0
 network 172.18.2.0 mask 255.255.255.0
 network 172.18.3.0 mask 255.255.255.0
 network 172.18.4.0 mask 255.255.255.0
 network 172.18.5.0 mask 255.255.255.0
 neighbor 192.168.3.1 remote-as 200
 no auto-summary
!
ip classless
ip http server
!
!
dial-peer cor custom
!
!
!
!
line con 0
line aux 0
line vty 0 4
 password cisco
 login
!
end

MPLS PE (lab-3640b)

 

version 12.4
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname lab-3640b
!
boot-start-marker
boot system flash:c3640-jk9o3s-mz.124-1a.bin
boot-end-marker
!
enable password cisco
!
no aaa new-model
!
resource policy
!
memory-size iomem 10
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
!
!
ip vrf lab-01
 rd 200:1
 route-target export 200:1
 route-target import 200:1
!
ip vrf lab-02
 rd 100:1
 route-target export 100:1
 route-target import 100:1
!
no ip ips deny-action ips-interface
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
 ip vrf forwarding lab-02
 ip address 192.168.2.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip vrf forwarding lab-01
 ip address 192.168.3.1 255.255.255.0
 duplex auto
 speed auto
!
interface Serial1/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface ATM3/0
 mtu 1500
 no ip address
 atm ilmi-keepalive
!
interface ATM3/0.10 mpls
 ip unnumbered Loopback0
 mpls ip
!
router ospf 100
 no log-adjacency-changes
 network 2.0.0.0 0.255.255.255 area 0
!
router bgp 200
 synchronization
 bgp log-neighbor-changes
 neighbor 1.1.1.1 remote-as 200
 neighbor 1.1.1.1 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
 neighbor 1.1.1.1 activate
 neighbor 1.1.1.1 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf lab-02
 redistribute connected
 neighbor 192.168.2.2 remote-as 64510
 neighbor 192.168.2.2 activate
 no auto-summary
 no synchronization
 exit-address-family
 !
 address-family ipv4 vrf lab-01
 redistribute connected
 neighbor 192.168.3.2 remote-as 64590
 neighbor 192.168.3.2 activate
 no auto-summary
 no synchronization
 exit-address-family
!
ip http server
no ip http secure-server
ip classless
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 password cisco
 login
!
!
end

MPLS Provider Core

Current configuration : 1303 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname lab-ls1010
!
boot system flash:ls1010-wpk2-mz.121-27b.E3.bin
boot bootldr bootflash:ls1010-11-2-8.boot
enable password cisco
!
sdm ipqos zero
sdm policy 0
ip subnet-zero
!
ip ssh time-out 120
ip ssh authentication-retries 3
mpls label protocol ldp
!
atm address 47.0091.8100.0000.0010.073e.0301.0010.073e.0301.00
atm router pnni
 no aesa embedded-number left-justified
 node 1 level 56 lowest
  redistribute atm-static
!
!
!
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface ATM1/0/0
 mtu 1500
 ip unnumbered Loopback0
 ip ospf mtu-ignore
 tag-switching ip
!
interface ATM1/0/1
 mtu 1500
 ip unnumbered Loopback0
 tag-switching ip
!
interface ATM1/0/2
 no ip address
!
interface ATM1/0/3
 mtu 1500
 ip unnumbered Loopback0
 shutdown
 tag-switching ip
!
interface CBR1/1/0
 no ip address
!
interface CBR1/1/1
 no ip address
!
interface CBR1/1/2
 no ip address
!
interface CBR1/1/3
 no ip address
!
interface ATM0
 no ip address
!
interface Ethernet0
 no ip address
!
router ospf 100
 log-adjacency-changes
 network 3.0.0.0 0.255.255.255 area 0
!
ip classless
no ip http server
!
!
!
line con 0
line aux 0
line vty 0 4
 password cisco
 login
!
!
end

MPLS PE (lab-3640a)

Current configuration : 2200 bytes
!
version 12.4
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname lab-3640a
!
boot-start-marker
boot system flash:c3640-jk9o3s-mz.124-1a.bin
boot-end-marker
!
enable password 7 0822455D0A16
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
!
!
ip vrf lab-01
 rd 200:1
 route-target export 200:1
 route-target import 200:1
!
ip vrf lab-02
 rd 100:1
 route-target export 100:1
 route-target import 100:1
!
no ip ips deny-action ips-interface
!
mpls ip default-route
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Ethernet0/0
 ip vrf forwarding lab-02
 ip address 172.16.1.1 255.255.255.0
 half-duplex
!
interface Serial1/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface FastEthernet2/0
 ip vrf forwarding lab-01
 ip address 172.17.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface ATM3/0
 mtu 1500
 no ip address
 no atm ilmi-keepalive
!
interface ATM3/0.1 mpls
 ip unnumbered Loopback0
 mpls ip
!
router ospf 100
 log-adjacency-changes
 network 1.0.0.0 0.255.255.255 area 0
!
router bgp 200
 no synchronization
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 200
 neighbor 2.2.2.2 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
 neighbor 2.2.2.2 activate
 neighbor 2.2.2.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf lab-02
 redistribute connected
 neighbor 172.16.1.2 remote-as 64512
 neighbor 172.16.1.2 activate
 no auto-summary
 no synchronization
 exit-address-family
 !
 address-family ipv4 vrf lab-01
 redistribute connected
 neighbor 172.17.1.2 remote-as 64580
 neighbor 172.17.1.2 activate
 no auto-summary
 no synchronization
 exit-address-family
!
ip http server
no ip http secure-server
ip classless
!
!
control-plane
!
dial-peer cor custom
!
line con 0
line aux 0
line vty 0 4
 password 7 094F471A1A0A
 login
!
!
end

MPLS CE2

version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname lab-3620b
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
ip subnet-zero
!
!
ip cef
!
ip audit po max-events 100
!
!
interface Ethernet0/0
 ip address 172.17.1.2 255.255.255.252
 half-duplex
!
interface Serial0/0
 no ip address
 shutdown
!
interface FastEthernet1/0
 ip address 172.20.0.2 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 redistribute bgp 64580 subnets
 network 172.20.0.0 0.0.0.255 area 0
!
router bgp 64580
 no synchronization
 bgp log-neighbor-changes
 network 172.20.0.0 mask 255.255.255.0
 network 172.20.1.0 mask 255.255.255.0
 network 172.20.2.0 mask 255.255.255.0
 network 172.20.3.0 mask 255.255.255.0
 neighbor 172.17.1.1 remote-as 200
 no auto-summary
!
ip http server
no ip http secure-server
ip classless
!
!
line con 0
line aux 0
 modem InOut
 transport input all
 flowcontrol hardware
line vty 0 4
 password cisco
 login
!
!
end

Customer A (Site 2) Core

This Core Segment is "router on a stick" configuration:

Router:

version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname lab-voice01
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable password cisco
!
voice-card 2
!
no aaa new-model
ip subnet-zero
!
!
ip dhcp excluded-address 172.20.0.1 172.20.0.20
!
ip dhcp pool vlan2
   network 172.20.0.0 255.255.255.0
   default-router 172.20.0.1
   domain-name routermonkey.org
   dns-server 172.20.0.1
!
ip cef
!
!
interface FastEthernet0/0
 no ip address
 speed 100
 full-duplex
!
interface FastEthernet0/0.1
 encapsulation dot1Q 1
 shutdown
!
interface FastEthernet0/0.2
 encapsulation dot1Q 2 native
 ip address 172.20.0.1 255.255.255.0
 ip helper-address 172.20.0.1
 ip directed-broadcast
!
interface FastEthernet0/0.3
 encapsulation dot1Q 3
 ip address 172.20.1.1 255.255.255.0
!
interface FastEthernet0/0.4
 encapsulation dot1Q 4
 ip address 172.20.2.1 255.255.255.0
!
interface FastEthernet0/0.5
 encapsulation dot1Q 5
 ip address 172.20.3.1 255.255.255.0
!
router ospf 1
 log-adjacency-changes
 passive-interface default
 no passive-interface FastEthernet0/0.2
 network 172.20.0.0 0.0.0.255 area 0
 network 172.20.1.0 0.0.0.255 area 0
 network 172.20.2.0 0.0.0.255 area 0
 network 172.20.3.0 0.0.0.255 area 0
!
ip classless
no ip http server
!
voice-port 2/0
!
voice-port 2/1
!
line con 0
line aux 0
line vty 0 4
 password cisco
 login
!
end
 

Switch:

version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname cat2900-1
!
enable password cisco
!
ip subnet-zero
!
interface FastEthernet0/1
 duplex full
 speed 100
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 2
!
interface FastEthernet0/3
 switchport access vlan 3
!
interface FastEthernet0/4
 switchport access vlan 4
!
interface FastEthernet0/5
 switchport access vlan 5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
 switchport access vlan 2
 spanning-tree portfast
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
 switchport access vlan 2
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface VLAN1
 no ip address
 no ip directed-broadcast
 no ip route-cache
 shutdown
!
interface VLAN2
 ip address 172.20.0.10 255.255.255.0
 ip helper-address 172.20.0.1
 no ip directed-broadcast
 no ip route-cache
!
ip default-gateway 172.20.0.1
!
line con 0
 transport input none
 stopbits 1
line vty 0 4
 password cisco
 login
line vty 5 15
 login
!
end

 

The next illustration shows the logical view of Customer B's network.

Customer B (Site 1) Core

version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname lab_4232_L3
!
enable password cisco
!
ip subnet-zero
!
!
!
interface Loopback0
 ip address 10.100.2.1 255.255.255.0
 ip directed-broadcast
!
interface Loopback1
 ip address 10.100.100.1 255.255.255.0
 ip directed-broadcast
!
interface Loopback2
 ip address 10.100.101.1 255.255.255.0
 ip directed-broadcast
!
interface Loopback3
 ip address 10.100.102.1 255.255.255.0
 ip directed-broadcast
!
interface Loopback4
 ip address 10.100.200.1 255.255.255.0
 ip directed-broadcast
!
interface Port-channel1
 no ip address
 ip directed-broadcast
 hold-queue 300 in
!
interface Port-channel1.201
 encapsulation dot1Q 201
 ip address 192.168.91.1 255.255.255.0
 ip directed-broadcast
!
interface Port-channel2
 no ip address
 no ip directed-broadcast
 shutdown
 hold-queue 300 in
!
interface FastEthernet1
 no ip address
 no ip directed-broadcast
 shutdown
!
interface GigabitEthernet1
 no ip address
 no ip directed-broadcast
 channel-group 2
!
interface GigabitEthernet2
 no ip address
 no ip directed-broadcast
 channel-group 2
!
interface GigabitEthernet3
 no ip address
 no ip directed-broadcast
 no negotiation auto
 channel-group 1
!
interface GigabitEthernet4
 no ip address
 no ip directed-broadcast
 no negotiation auto
 channel-group 1
!
router rip
 version 2
 network 10.0.0.0
 network 192.168.91.0
 no auto-summary
!
ip classless
!
snmp-server community public RO
!
line con 0
 transport input none
line aux 0
line vty 0 4
 password cisco
 login
!
end

Customer B  CE1

version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname lab-3620c
!
boot system flash:c3620-ik9s-mz.122-46a.bin
enable password cisco
!
ip subnet-zero
ip cef
!
!
!
!
call rsvp-sync
!
!
interface Ethernet0/0
 ip address 172.16.1.2 255.255.255.0
 half-duplex
!
interface Ethernet0/1
 ip address 192.168.91.2 255.255.255.0
 half-duplex
!
router rip
 version 2
 redistribute bgp 64512 metric 2
 network 10.0.0.0
 network 172.16.0.0
 network 192.168.91.0
 default-metric 2
 no auto-summary
!
router bgp 64512
 no synchronization
 bgp log-neighbor-changes
 network 10.100.2.0 mask 255.255.255.0
 network 10.100.100.0 mask 255.255.255.0
 network 10.100.101.0 mask 255.255.255.0
 network 10.100.102.0 mask 255.255.255.0
 network 10.100.200.0 mask 255.255.255.0
 network 192.168.91.0
 neighbor 172.16.1.1 remote-as 200
 no auto-summary
!
ip classless
ip http server
!
!
dial-peer cor custom
!
!
line con 0
line aux 0
line vty 0 4
 password cisco
 login
!
end

MPLS PE (lab-3640a)

Current configuration : 2200 bytes
!
version 12.4
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname lab-3640a
!
boot-start-marker
boot system flash:c3640-jk9o3s-mz.124-1a.bin
boot-end-marker
!
enable password 7 0822455D0A16
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
!
!
ip vrf lab-01
 rd 200:1
 route-target export 200:1
 route-target import 200:1
!
ip vrf lab-02
 rd 100:1
 route-target export 100:1
 route-target import 100:1
!
no ip ips deny-action ips-interface
!
mpls ip default-route
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Ethernet0/0
 ip vrf forwarding lab-02
 ip address 172.16.1.1 255.255.255.0
 half-duplex
!
interface Serial1/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface FastEthernet2/0
 ip vrf forwarding lab-01
 ip address 172.17.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface ATM3/0
 mtu 1500
 no ip address
 no atm ilmi-keepalive
!
interface ATM3/0.1 mpls
 ip unnumbered Loopback0
 mpls ip
!
router ospf 100
 log-adjacency-changes
 network 1.0.0.0 0.255.255.255 area 0
!
router bgp 200
 no synchronization
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 200
 neighbor 2.2.2.2 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
 neighbor 2.2.2.2 activate
 neighbor 2.2.2.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf lab-02
 redistribute connected
 neighbor 172.16.1.2 remote-as 64512
 neighbor 172.16.1.2 activate
 no auto-summary
 no synchronization
 exit-address-family
 !
 address-family ipv4 vrf lab-01
 redistribute connected
 neighbor 172.17.1.2 remote-as 64580
 neighbor 172.17.1.2 activate
 no auto-summary
 no synchronization
 exit-address-family
!
ip http server
no ip http secure-server
ip classless
!
!
control-plane
!
dial-peer cor custom
!
line con 0
line aux 0
line vty 0 4
 password 7 094F471A1A0A
 login
!
!
end

MPLS Provider Core

Current configuration : 1303 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname lab-ls1010
!
boot system flash:ls1010-wpk2-mz.121-27b.E3.bin
boot bootldr bootflash:ls1010-11-2-8.boot
enable password cisco
!
sdm ipqos zero
sdm policy 0
ip subnet-zero
!
ip ssh time-out 120
ip ssh authentication-retries 3
mpls label protocol ldp
!
atm address 47.0091.8100.0000.0010.073e.0301.0010.073e.0301.00
atm router pnni
 no aesa embedded-number left-justified
 node 1 level 56 lowest
  redistribute atm-static
!
!
!
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface ATM1/0/0
 mtu 1500
 ip unnumbered Loopback0
 ip ospf mtu-ignore
 tag-switching ip
!
interface ATM1/0/1
 mtu 1500
 ip unnumbered Loopback0
 tag-switching ip
!
interface ATM1/0/2
 no ip address
!
interface ATM1/0/3
 mtu 1500
 ip unnumbered Loopback0
 shutdown
 tag-switching ip
!
interface CBR1/1/0
 no ip address
!
interface CBR1/1/1
 no ip address
!
interface CBR1/1/2
 no ip address
!
interface CBR1/1/3
 no ip address
!
interface ATM0
 no ip address
!
interface Ethernet0
 no ip address
!
router ospf 100
 log-adjacency-changes
 network 3.0.0.0 0.255.255.255 area 0
!
ip classless
no ip http server
!
!
!
line con 0
line aux 0
line vty 0 4
 password cisco
 login
!
!
end

MPLS PE (lab-3640b)

 

version 12.4
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname lab-3640b
!
boot-start-marker
boot system flash:c3640-jk9o3s-mz.124-1a.bin
boot-end-marker
!
enable password cisco
!
no aaa new-model
!
resource policy
!
memory-size iomem 10
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
!
!
ip vrf lab-01
 rd 200:1
 route-target export 200:1
 route-target import 200:1
!
ip vrf lab-02
 rd 100:1
 route-target export 100:1
 route-target import 100:1
!
no ip ips deny-action ips-interface
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
 ip vrf forwarding lab-02
 ip address 192.168.2.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip vrf forwarding lab-01
 ip address 192.168.3.1 255.255.255.0
 duplex auto
 speed auto
!
interface Serial1/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface ATM3/0
 mtu 1500
 no ip address
 atm ilmi-keepalive
!
interface ATM3/0.10 mpls
 ip unnumbered Loopback0
 mpls ip
!
router ospf 100
 no log-adjacency-changes
 network 2.0.0.0 0.255.255.255 area 0
!
router bgp 200
 synchronization
 bgp log-neighbor-changes
 neighbor 1.1.1.1 remote-as 200
 neighbor 1.1.1.1 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
 neighbor 1.1.1.1 activate
 neighbor 1.1.1.1 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf lab-02
 redistribute connected
 neighbor 192.168.2.2 remote-as 64510
 neighbor 192.168.2.2 activate
 no auto-summary
 no synchronization
 exit-address-family
 !
 address-family ipv4 vrf lab-01
 redistribute connected
 neighbor 192.168.3.2 remote-as 64590
 neighbor 192.168.3.2 activate
 no auto-summary
 no synchronization
 exit-address-family
!
ip http server
no ip http secure-server
ip classless
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 password cisco
 login
!
!
end

Customer A CE2

version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname lab-3620d
!
enable password cisco
!
ip subnet-zero
!
interface Ethernet0/0
 ip address 192.168.2.2 255.255.255.0
!
interface Ethernet0/1
 ip address 192.168.90.2 255.255.255.252
!
router eigrp 100
 redistribute bgp 64510 metric 10000 100 255 10 1500
 passive-interface default
 no passive-interface Ethernet0/1
 network 192.168.2.0
 network 192.168.90.0 0.0.0.3
 no auto-summary
 no eigrp log-neighbor-changes
!
router bgp 64510
 no synchronization
 bgp log-neighbor-changes
 network 10.200.1.0 mask 255.255.255.0
 network 10.200.2.0 mask 255.255.255.0
 network 10.200.3.0 mask 255.255.255.0
 network 10.200.4.0 mask 255.255.255.0
 network 10.200.5.0 mask 255.255.255.0
 network 10.200.107.0 mask 255.255.255.0
 network 192.168.90.0 mask 255.255.255.252
 neighbor 192.168.2.1 remote-as 200
 no auto-summary
!
ip classless
ip http server
!
!
map-list lab-atm
!
line con 0
line aux 0
line vty 0 4
 password cisco
 login
!
end

Customer B (Site 2) Core

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname lab-3550
!
enable password cisco
!
no aaa new-model
ip subnet-zero
ip routing
ip dhcp excluded-address 10.200.107.1 10.200.107.20
!
ip dhcp pool vlan7
   network 10.200.107.0 255.255.255.0
   default-router 10.200.107.1
   domain-name routermonkey.org
   dns-server 10.200.107.1
!
vtp domain lab-monkey
vtp mode transparent
!
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 2
 name VLAN2
!
vlan 3
 name VLAN3
!
vlan 4
 name VLAN4
!
vlan 5
 name VLAN5
!
vlan 6
 name VLAN6
!
vlan 7
 name VLAN7
!
!
interface Loopback0
 ip address 10.200.1.1 255.255.255.0
!
interface Loopback1
 ip address 10.200.2.1 255.255.255.0
!
interface Loopback2
 ip address 10.200.3.1 255.255.255.0
!
interface Loopback3
 ip address 10.200.4.1 255.255.255.0
!
interface Loopback4
 ip address 10.200.5.1 255.255.255.0
!
interface Port-channel1
 no switchport
 no ip address
 shutdown
!
interface FastEthernet0/1
 no switchport
 ip address 192.168.1.8 255.255.255.0
!
interface FastEthernet0/2
 switchport access vlan 7
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport access vlan 3
 switchport mode access
!
interface FastEthernet0/4
 switchport access vlan 4
 switchport mode access
!
interface FastEthernet0/5
 switchport access vlan 5
 switchport mode access
!
interface FastEthernet0/6
 switchport access vlan 2
 switchport mode dynamic desirable
!
interface FastEthernet0/7
 switchport mode dynamic desirable
!
interface FastEthernet0/8
 switchport mode dynamic desirable
!
interface FastEthernet0/9
 switchport access vlan 3
 switchport mode dynamic desirable
!
interface FastEthernet0/10
 switchport access vlan 3
 switchport mode dynamic desirable
!
interface FastEthernet0/11
 switchport access vlan 3
 switchport mode dynamic desirable
!
interface FastEthernet0/12
 switchport access vlan 3
 switchport mode dynamic desirable
!
interface FastEthernet0/13
 switchport access vlan 2
 switchport mode dynamic desirable
!
interface FastEthernet0/14
 switchport access vlan 2
 switchport mode dynamic desirable
!
interface FastEthernet0/15
 switchport access vlan 2
 switchport mode dynamic desirable
!
interface FastEthernet0/16
 switchport access vlan 2
 switchport mode dynamic desirable
!
interface FastEthernet0/17
 switchport access vlan 2
 switchport mode dynamic desirable
!
interface FastEthernet0/18
 switchport access vlan 2
 switchport mode dynamic desirable
!
interface FastEthernet0/19
 switchport access vlan 2
 switchport mode dynamic desirable
!
interface FastEthernet0/20
 switchport access vlan 2
 switchport mode dynamic desirable
!
interface FastEthernet0/21
 switchport access vlan 2
 switchport mode dynamic desirable
!
interface FastEthernet0/22
 switchport access vlan 2
 switchport mode dynamic desirable
!
interface FastEthernet0/23
 switchport access vlan 2
 switchport mode dynamic desirable
!
interface FastEthernet0/24
 no switchport
 ip address 192.168.90.1 255.255.255.252
!
interface GigabitEthernet0/1
 no switchport
 no ip address
 shutdown
 channel-group 1 mode on
!
interface GigabitEthernet0/2
 no switchport
 no ip address
 shutdown
 channel-group 1 mode on
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan2
 no ip address
!
interface Vlan3
 no ip address
!
interface Vlan4
 no ip address
!
interface Vlan5
 no ip address
!
interface Vlan6
 no ip address
!
interface Vlan7
 ip address 10.200.107.1 255.255.255.0
 ip directed-broadcast
!
router eigrp 100
 passive-interface default
 no passive-interface FastEthernet0/24
 network 10.200.0.0 0.0.255.255
 network 192.168.90.0 0.0.0.3
 no auto-summary
!
ip classless
ip http server
ip http secure-server
!
!
logging 10.200.0.100
access-list 10 deny   0.0.0.0
access-list 10 permit any
access-list 90 permit any log
!
control-plane
!
!
line con 0
line vty 0 4
 access-class 90 in
 password cisco
 login
line vty 5 15
 no login
!
end

 

Configuring VPN MPLS over ATM with Cisco 3600 Routers and LightStream 1010 Switches

Configuring VPN MPLS over ATM with Cisco 3600 Routers and LightStream 1010 Switches

This howto is based on Cisco Systems similarly titled document, Cisco document ID 10533.

Introduction:

I will cover how to configure VPN MPLS over ATM using the Cisco LS1010 as a provider core and two Cisco 3640's with Ethernet and ATM OC3 as provider edge as well as two Cisco 3620's as customer edge. I am revisiting this exercise originally published by Cisco due to issues with TDP as the default protocol on P1 and LDP on PE1 and PE2.

Prerequisites:

Cisco LS1010 (IOS Image: ls1010-wpk2-mz.121-27b.E3.bin)

Cisco C3640 with NM-1A-OC3MM (IOS Image: c3640-jk9o3s-mz.124-1a.bin)

Conventions:

VPN Terminology:

• CE = Customer Edge Router

• PE = Provider Edge Router

• P = Provider Router

MPLS Terminology:

• LER = Label Edge Router

• LSR = Label Switch Router

• TDP/LDP = Tag Distribution Protocol/Label Distribution Protocol

Configurations:

• PE1 and PE2 are the LERs in our ATM network.

• P1 is the LSR.

• CE1 and CE2 are Customer Edge Routers that unaware of the VPN MPLS process.

• CE1 and CE2 are Ethernet connected to PE1 and PE2 respectively and share RIP over their respective Ethernet Links.

• PE1, PE2 and P1 use OSPF as the IGP with a /32 IP Address on Loopback0 in Area 0, ensure the MTU on the ATM major interface is set to 1500 to avoid dbd errors and adjacency problems. Tag-switching is used on the two OC3 interfaces on the LS1010, MPLS IP is used on the sub-interfaces on PE1 and PE2 as it appears that Tag-switching has been depreciated in IOS 12.4. It is important to note, TDP is the default protocol in IOS 12.1.27b on the LS1010 which was a major problem in our exercise. You will need to change this in global configuration mode in the Cisco LS1010 by typing “mpls label protocol ldp”. LDP assigns labels to the OSPF routes.

• PE1 and PE2 are MP BGP peers.

• RIP routes and MP-BGP routes are cross redistributed on PE1 and PE2.

• PE1 and PE2 maintain separate VRF routing tables.

• The VRF instance on PE1 and PE2 are named “lab-01”

• Our exercise uses the AS form for the RD (Route Distinguisher) example “rd 200:1”.

CE1

! version 12.1 service timestamps debug datetime msec service timestamps log uptime no service password-encryption ! hostname lab-3620a ! enable password cisco ! ! ip subnet-zero no ip finger ! ! interface Loopback0 ip address 10.1.1.1 255.255.255.0 ! interface Loopback1 ip address 10.2.2.2 255.255.255.0 ! interface Loopback2 ip address 10.3.3.3 255.255.255.0 ! interface Ethernet0/0 ip address 172.16.1.2 255.255.255.0 ! interface Serial0/0 no ip address shutdown no fair-queue ! interface FastEthernet1/0 ip address 192.168.1.10 255.255.255.0 duplex auto speed auto ! router rip version 2 network 10.0.0.0 network 172.16.0.0 network 192.168.1.0 neighbor 172.16.1.1 no auto-summary ! ip classless ip route 0.0.0.0 0.0.0.0 192.168.1.1 ip http server ! ! line con 0 transport input none line aux 0 line vty 0 4 password cisco login ! end

PE1

! version 12.4 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname lab-3640a ! boot-start-marker boot system flash:c3640-jk9o3s-mz.124-1a.bin boot-end-marker ! enable password 7 0822455D0A16 ! no aaa new-model ! resource policy ! ip subnet-zero ! ! ip cef no ip dhcp use vrf connected ! ! ip vrf lab-01 rd 200:1 route-target export 200:1 route-target import 200:1 ! no ip ips deny-action ips-interface ! mpls ip default-route ! interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface Ethernet0/0 ip vrf forwarding lab-01 ip address 172.16.1.1 255.255.255.0 half-duplex ! interface Serial1/0 no ip address shutdown serial restart-delay 0 ! interface Serial1/1 no ip address shutdown serial restart-delay 0 ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! interface ATM3/0 mtu 1500 no ip address no atm ilmi-keepalive ! interface ATM3/0.1 mpls ip unnumbered Loopback0 mpls ip ! router ospf 100 log-adjacency-changes network 1.0.0.0 0.255.255.255 area 0 ! router rip version 2 network 172.16.0.0 neighbor 172.16.1.2 default-metric 2 no auto-summary ! address-family ipv4 vrf lab-01 redistribute bgp 200 metric 0 network 172.16.0.0 no auto-summary version 2 exit-address-family ! router bgp 200 no synchronization bgp log-neighbor-changes neighbor 2.2.2.2 remote-as 200 neighbor 2.2.2.2 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 2.2.2.2 activate neighbor 2.2.2.2 send-community extended exit-address-family ! address-family ipv4 vrf lab-01 redistribute rip no auto-summary no synchronization exit-address-family ! ip http server no ip http secure-server ip classless ! ! control-plane ! ! dial-peer cor custom ! ! ! line con 0 line aux 0 line vty 0 4 password 7 094F471A1A0A login ! ! end

P1

! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname lab-ls1010 ! boot system flash:ls1010-wpk2-mz.121-27b.E3.bin boot bootldr bootflash:ls1010-11-2-8.boot enable password cisco ! sdm ipqos zero sdm policy 0 ip subnet-zero ! ip ssh time-out 120 ip ssh authentication-retries 3 mpls label protocol ldp ! atm address 47.0091.8100.0000.0010.073e.0301.0010.073e.0301.00 atm router pnni no aesa embedded-number left-justified node 1 level 56 lowest redistribute atm-static ! ! interface Loopback0 ip address 3.3.3.3 255.255.255.255 ! interface ATM1/0/0 mtu 1500 ip unnumbered Loopback0 tag-switching ip ! interface ATM1/0/1 mtu 1500 ip unnumbered Loopback0 tag-switching ip ! interface ATM1/0/2 no ip address ! interface ATM1/0/3 no ip address ! interface CBR1/1/0 no ip address ! interface CBR1/1/1 no ip address ! interface CBR1/1/2 no ip address ! interface CBR1/1/3 no ip address ! interface ATM0 no ip address ! interface Ethernet0 no ip address ! router ospf 100 log-adjacency-changes network 3.0.0.0 0.255.255.255 area 0 ! ip classless no ip http server ! ! ! line con 0 line aux 0 line vty 0 4 password cisco login ! ! end

PE2

! version 12.4 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname lab-3640b ! boot-start-marker boot system flash:c3640-jk9o3s-mz.124-1a.bin boot-end-marker ! enable password cisco ! no aaa new-model ! resource policy ! memory-size iomem 10 ip subnet-zero ! ! ip cef no ip dhcp use vrf connected ! ! ip vrf lab-01 rd 200:1 route-target export 200:1 route-target import 200:1 ! no ip ips deny-action ips-interface ! ! interface Loopback0 ip address 2.2.2.2 255.255.255.255 ! interface FastEthernet0/0 ip vrf forwarding lab-01 ip address 192.168.2.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address duplex auto speed auto ! interface Serial1/0 no ip address shutdown serial restart-delay 0 ! interface Serial1/1 no ip address shutdown serial restart-delay 0 ! interface Serial1/2 no ip address shutdown serial restart-delay 0 ! interface Serial1/3 no ip address shutdown serial restart-delay 0 ! interface ATM3/0 mtu 1500 no ip address atm ilmi-keepalive ! interface ATM3/0.10 mpls ip unnumbered Loopback0 mpls ip ! router ospf 100 no log-adjacency-changes network 2.0.0.0 0.255.255.255 area 0 ! router rip version 2 network 192.168.2.0 no auto-summary ! address-family ipv4 vrf lab-01 redistribute bgp 200 metric 0 network 192.168.2.0 neighbor 192.168.2.2 no auto-summary version 2 exit-address-family ! router bgp 200 no synchronization bgp log-neighbor-changes neighbor 1.1.1.1 remote-as 200 neighbor 1.1.1.1 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 1.1.1.1 activate neighbor 1.1.1.1 send-community extended exit-address-family ! address-family ipv4 vrf lab-01 redistribute rip no auto-summary no synchronization exit-address-family ! ip http server no ip http secure-server ip classless ! ! control-plane ! ! line con 0 line aux 0 line vty 0 4 password cisco login ! ! end

CE2

! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname lab-3620b ! boot-start-marker boot-end-marker ! enable password cisco ! no aaa new-model ip subnet-zero ! ! ip cef ip host lab-3620a 2001 30.1.1.1 ! ip audit po max-events 100 ! ! interface Loopback0 ip address 30.1.1.1 255.255.255.0 ! interface Loopback1 ip address 30.2.2.2 255.255.255.0 ! interface Loopback2 ip address 30.3.3.3 255.255.255.0 ! interface Ethernet0/0 ip address 192.168.2.2 255.255.255.0 half-duplex ! interface Serial0/0 no ip address shutdown ! router rip version 2 network 30.0.0.0 network 192.168.2.0 neighbor 192.168.2.1 no auto-summary ! ip http server no ip http secure-server ip classless ! ! line con 0 line aux 0 modem InOut transport input all flowcontrol hardware line vty 0 4 password cisco login ! ! end

Show command used to verify VPN, MPLS, BGP and RIP information:

lab-3640a#sh mpls atm-ldp bindings
 Destination: 2.2.2.2/32
    Headend Router ATM3/0.1 (2 hops) 1/35  Active, VCD=3, CoS=available
 Destination: 3.3.3.3/32
    Headend Router ATM3/0.1 (1 hop) 1/33  Active, VCD=2, CoS=available
 Destination: 1.1.1.1/32
    Tailend Router ATM3/0.1 1/33 Active, VCD=2, CoS=available

lab-3640a#sh mpls label range
Downstream Generic label region: Min/Max label: 16/100000

lab-3640a#sh mpls ldp bindings
  tib entry: 1.1.1.1/32, rev 2
        local binding:  tag: imp-null
  tib entry: 2.2.2.2/32, rev 4
        local binding:  tag: 16
  tib entry: 3.3.3.3/32, rev 6
        local binding:  tag: 17

lab-3640a#sh mpls ldp parameters
Protocol version: 1
Downstream label generic region: min label: 16; max label: 100000
Session hold time: 180 sec; keep alive interval: 60 sec
Discovery hello: holdtime: 15 sec; interval: 5 sec
Discovery targeted hello: holdtime: 90 sec; interval: 10 sec
Downstream on Demand max hop count: 255
LDP for targeted sessions
LDP initial/maximum backoff: 15/120 sec
LDP loop detection: off

lab-3640a#sh mpls ip binding
  1.1.1.1/32
        in label:     imp-null  
        in vc label:  1/33      lsr: 3.3.3.3:1        ATM3/0.1
                      Active    egress (vcd 2)  
  2.2.2.2/32
        in label:     16        
        out vc label: 1/35      lsr: 3.3.3.3:1        ATM3/0.1
                      Active    ingress 2 hops (vcd 3)  
  3.3.3.3/32
        in label:     17        
        out vc label: 1/33      lsr: 3.3.3.3:1        ATM3/0.1
                      Active    ingress 1 hop (vcd 2)  

lab-3640a#sh mpls atm-ldp bindings
 Destination: 2.2.2.2/32
    Headend Router ATM3/0.1 (2 hops) 1/35  Active, VCD=3, CoS=available
 Destination: 3.3.3.3/32
    Headend Router ATM3/0.1 (1 hop) 1/33  Active, VCD=2, CoS=available
 Destination: 1.1.1.1/32
    Tailend Router ATM3/0.1 1/33 Active, VCD=2, CoS=available

lab-3640a#sh mpls interfaces
Interface              IP            Tunnel   Operational
ATM3/0.1               Yes (ldp)     No       Yes         (ATM labels)

lab-3640a#sh ip route vrf lab-01

Routing Table: lab-01
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, Ethernet0/0
     10.0.0.0/24 is subnetted, 3 subnets
R       10.3.3.0 [120/1] via 172.16.1.2, 00:00:18, Ethernet0/0
R       10.2.2.0 [120/1] via 172.16.1.2, 00:00:18, Ethernet0/0
R       10.1.1.0 [120/1] via 172.16.1.2, 00:00:18, Ethernet0/0
R    192.168.1.0/24 [120/1] via 172.16.1.2, 00:00:18, Ethernet0/0
B    192.168.2.0/24 [200/0] via 2.2.2.2, 15:06:46
     30.0.0.0/24 is subnetted, 3 subnets
B       30.3.3.0 [200/1] via 2.2.2.2, 15:06:46
B       30.2.2.0 [200/1] via 2.2.2.2, 15:06:46
B       30.1.1.0 [200/1] via 2.2.2.2, 15:06:46
R    192.168.0.0/23 [120/2] via 172.16.1.2, 00:00:18, Ethernet0/0


lab-3640a#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/3] via 3.3.3.3, 3d14h, ATM3/0.1
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/2] via 3.3.3.3, 3d14h, ATM3/0.1

lab-3640a#sh ip vrf detail
VRF lab-01; default RD 200:1; default VPNID <not set>
  Interfaces:
    Et0/0                   
  Connected addresses are not in global routing table
  Export VPN route-target communities
    RT:200:1                
  Import VPN route-target communities
    RT:200:1                
  No import route-map
  No export route-map
  VRF label distribution protocol: not configured

lab-3640a#sh mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop    
tag    tag or VC   or Tunnel Id      switched   interface              
16     1/35        2.2.2.2/32        0          AT3/0.1    point2point  
17     1/33        3.3.3.3/32        0          AT3/0.1    point2point  
24     Aggregate   172.16.1.0/24[V]  0                                  
25     Untagged    10.1.1.0/24[V]    0          Et0/0      172.16.1.2   
26     Untagged    10.2.2.0/24[V]    0          Et0/0      172.16.1.2   
27     Untagged    10.3.3.0/24[V]    0          Et0/0      172.16.1.2   
28     Untagged    192.168.0.0/23[V] 0          Et0/0      172.16.1.2   
29     Untagged    192.168.1.0/24[V] 18434      Et0/0      172.16.1.2   

lab-3640b#sh mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop    
tag    tag or VC   or Tunnel Id      switched   interface              
16     1/33        1.1.1.1/32        0          AT3/0.10   point2point  
17     1/34        3.3.3.3/32        0          AT3/0.10   point2point  
18     Aggregate   192.168.2.0/24[V] 7011                               
19     Untagged    30.1.1.0/24[V]    11439      Fa0/0      192.168.2.2  
20     Untagged    30.2.2.0/24[V]    0          Fa0/0      192.168.2.2  
21     Untagged    30.3.3.0/24[V]    0          Fa0/0      192.168.2.2  

lab-ls1010#sh mpls atm-ldp bindings
 Destination: 3.3.3.3/32
    Tailend Switch ATM1/0/0 1/33 Active -> Terminating Active, VCD=47
    Tailend Switch ATM1/0/1 1/34 Active -> Terminating Active, VCD=48
 Destination: 1.1.1.1/32
    Transit ATM1/0/1 1/33 Active -> ATM1/0/0 1/33 Active
 Destination: 2.2.2.2/32
    Transit ATM1/0/0 1/35 Active -> ATM1/0/1 1/33 Active

lab-ls1010#sh mpls atm-ldp capability

               VPI           VCI           Alloc   Odd/Even VC Merge     
ATM1/0/0       Range         Range         Scheme  Scheme   IN   OUT  
  Negotiated   [1 - 1]       [33 - 1018]   UNIDIR           -    -    
  Local        [1 - 1]       [33 - 16383]  UNIDIR           NO   NO   
  Peer         [1 - 1]       [33 - 1018]   UNIDIR           -    -    

               VPI           VCI           Alloc   Odd/Even VC Merge     
ATM1/0/1       Range         Range         Scheme  Scheme   IN   OUT  
  Negotiated   [1 - 1]       [33 - 1018]   UNIDIR           -    -    
  Local        [1 - 1]       [33 - 16383]  UNIDIR           NO   NO   
  Peer         [1 - 1]       [33 - 1018]   UNIDIR           -    -


lab-ls1010#sh mpls atm-ldp summary
Total number of destinations: 3

ATM label bindings summary
      interface   total  active   local  remote   Bwait   Rwait  IFwait
       ATM1/0/0       3       3       2       1       0       0       0
       ATM1/0/1       3       3       2       1       0       0       0

lab-ls1010#sh mpls ip binding
  1.1.1.1/32
        in label:     17        
        in vc label:  1/33      lsr: 2.2.2.2:1        ATM1/0/1
                      Active    transit
        out vc label: 1/33      lsr: 1.1.1.1:1        ATM1/0/0
                      Active    transit
  2.2.2.2/32
        in label:     16        
        in vc label:  1/35      lsr: 1.1.1.1:1        ATM1/0/0
                      Active    transit
        out vc label: 1/33      lsr: 2.2.2.2:1        ATM1/0/1
                      Active    transit
  3.3.3.3/32
        in label:     imp-null  
        in vc label:  1/33      lsr: 1.1.1.1:1        ATM1/0/0
                      Active    egress (vcd 47)
        in vc label:  1/34      lsr: 2.2.2.2:1        ATM1/0/1
                      Active    egress (vcd 48)

lab-ls1010#sh mpls ldp neighbor
Peer LDP Ident: 1.1.1.1:1; Local LDP Ident 3.3.3.3:1
        TCP connection: 1.1.1.1.646 - 3.3.3.3.11000
        State: Oper; Msgs sent/rcvd: 5369/5369; Downstream on demand
        Up time: 3d06h
        LDP discovery sources:
          ATM1/0/0, Src IP addr: 1.1.1.1
Peer LDP Ident: 2.2.2.2:1; Local LDP Ident 3.3.3.3:2
        TCP connection: 2.2.2.2.646 - 3.3.3.3.11001
        State: Oper; Msgs sent/rcvd: 5357/5370; Downstream on demand
        Up time: 3d06h
        LDP discovery sources:
          ATM1/0/1, Src IP addr: 2.2.2.2

lab-ls1010#sh mpls interfaces
Interface              IP            Tunnel   Operational
ATM1/0/0               Yes (ldp)     No       Yes         (ATM labels)
ATM1/0/1               Yes (ldp)     No       Yes         (ATM labels)

lab-3620a#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, Ethernet0/0
     10.0.0.0/24 is subnetted, 3 subnets
C       10.3.3.0 is directly connected, Loopback2
C       10.2.2.0 is directly connected, Loopback1
C       10.1.1.0 is directly connected, Loopback0
C    192.168.1.0/24 is directly connected, FastEthernet1/0
R    192.168.2.0/24 [120/1] via 172.16.1.1, 00:00:21, Ethernet0/0
     30.0.0.0/24 is subnetted, 3 subnets
R       30.3.3.0 [120/1] via 172.16.1.1, 00:00:21, Ethernet0/0
R       30.2.2.0 [120/1] via 172.16.1.1, 00:00:21, Ethernet0/0
R       30.1.1.0 [120/1] via 172.16.1.1, 00:00:21, Ethernet0/0
S*   0.0.0.0/0 [1/0] via 192.168.1.1
R    192.168.0.0/23 [120/1] via 192.168.1.1, 00:00:16, FastEthernet1/0

lab-3620b#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 1 subnets
R       172.16.1.0 [120/1] via 192.168.2.1, 00:00:17, Ethernet0/0
     10.0.0.0/24 is subnetted, 3 subnets
R       10.3.3.0 [120/1] via 192.168.2.1, 00:00:17, Ethernet0/0
R       10.2.2.0 [120/1] via 192.168.2.1, 00:00:17, Ethernet0/0
R       10.1.1.0 [120/1] via 192.168.2.1, 00:00:17, Ethernet0/0
R    192.168.1.0/24 [120/1] via 192.168.2.1, 00:00:17, Ethernet0/0
C    192.168.2.0/24 is directly connected, Ethernet0/0
     30.0.0.0/24 is subnetted, 3 subnets
C       30.3.3.0 is directly connected, Loopback2
C       30.2.2.0 is directly connected, Loopback1
C       30.1.1.0 is directly connected, Loopback0
R    192.168.0.0/23 [120/1] via 192.168.2.1, 00:00:17, Ethernet0/0

lab-3640a#sh ip bgp vpnv4 vrf lab-01
BGP table version is 105, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 200:1 (default for vrf lab-01)
*> 10.1.1.0/24      172.16.1.2               1         32768 ?
*> 10.2.2.0/24      172.16.1.2               1         32768 ?
*> 10.3.3.0/24      172.16.1.2               1         32768 ?
*>i30.1.1.0/24      2.2.2.2                  1    100      0 ?
*>i30.2.2.0/24      2.2.2.2                  1    100      0 ?
*>i30.3.3.0/24      2.2.2.2                  1    100      0 ?
*> 172.16.1.0/24    0.0.0.0                  0         32768 ?
*> 192.168.0.0/23   172.16.1.2               2         32768 ?
*> 192.168.1.0      172.16.1.2               1         32768 ?
*>i192.168.2.0      2.2.2.2                  0    100      0 ?

lab-3640b#sh ip bgp vpnv4 vrf lab-01
BGP table version is 105, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 200:1 (default for vrf lab-01)
*>i10.1.1.0/24      1.1.1.1                  1    100      0 ?
*>i10.2.2.0/24      1.1.1.1                  1    100      0 ?
*>i10.3.3.0/24      1.1.1.1                  1    100      0 ?
*> 30.1.1.0/24      192.168.2.2              1         32768 ?
*> 30.2.2.0/24      192.168.2.2              1         32768 ?
*> 30.3.3.0/24      192.168.2.2              1         32768 ?
*>i172.16.1.0/24    1.1.1.1                  0    100      0 ?
*>i192.168.0.0/23   1.1.1.1                  2    100      0 ?
*>i192.168.1.0      1.1.1.1                  1    100      0 ?
*> 192.168.2.0      0.0.0.0                  0         32768 ?

lab-3640a#sh ip rip database vrf lab-01
10.0.0.0/8    auto-summary
10.1.1.0/24
    [1] via 172.16.1.2, 00:00:12, Ethernet0/0
10.2.2.0/24
    [1] via 172.16.1.2, 00:00:12, Ethernet0/0
10.3.3.0/24
    [1] via 172.16.1.2, 00:00:12, Ethernet0/0
30.0.0.0/8    auto-summary
30.1.1.0/24    redistributed
    [1] via 2.2.2.2,
30.2.2.0/24    redistributed
    [1] via 2.2.2.2,
30.3.3.0/24    redistributed
    [1] via 2.2.2.2,
172.16.0.0/16    auto-summary
172.16.1.0/24    directly connected, Ethernet0/0
192.168.0.0/23
    [2] via 172.16.1.2, 00:00:12, Ethernet0/0
192.168.1.0/24    auto-summary
192.168.1.0/24
    [1] via 172.16.1.2, 00:00:12, Ethernet0/0
192.168.2.0/24    auto-summary
192.168.2.0/24    redistributed
    [1] via 2.2.2.2,

lab-3640b#sh ip rip database vrf lab-01
10.0.0.0/8    auto-summary
10.1.1.0/24    redistributed
    [1] via 1.1.1.1,
10.2.2.0/24    redistributed
    [1] via 1.1.1.1,
10.3.3.0/24    redistributed
    [1] via 1.1.1.1,
30.0.0.0/8    auto-summary
30.1.1.0/24
    [1] via 192.168.2.2, 00:00:01, FastEthernet0/0
30.2.2.0/24
    [1] via 192.168.2.2, 00:00:01, FastEthernet0/0
30.3.3.0/24
    [1] via 192.168.2.2, 00:00:01, FastEthernet0/0
172.16.0.0/16    auto-summary
172.16.1.0/24    redistributed
    [1] via 1.1.1.1,
192.168.0.0/23    redistributed
    [1] via 1.1.1.1,
192.168.1.0/24    auto-summary
192.168.1.0/24    redistributed
    [1] via 1.1.1.1,
192.168.2.0/24    auto-summary
192.168.2.0/24    directly connected, FastEthernet0/0

Hope this lab helps you to learn some of the MPLS basics that were covered – credit to Cisco Systems for their documentation and support which is superb as always!

Regards,
Barney Gaumer
www.routermonkey.org

IPv6 over GRE Tunnel howto with Cisco IOS

IPv6 over IPv4 based GRE Tunnel howto with Cisco IOS
Barney Gaumer 03/05/2008

This short howto covers carrying IPv6 traffic over a IPv4 cloud to another IPv6 network. It’s a simplified method using an IPv4 based GRE Tunnel.  There’s more than one method to make this work but this is the way I set it up in my lab and it worked well.

First; the IOS levels on routers that will run “Dual Stack” need to be high enough to support IPv6 obviously.

Also, I use a Cisco 3640 as my frame-relay switch which is not depicted in the diagram.  Maybe I will cover setting up a frame-relay switch in another LAB for anyone interested.

The main point I would like to make is this LAB is fairly simple as long as careful planning is done before you get behind the console.

Plan out the networks ahead of time for loopbacks, WAN, LAN and Tunnel Interfaces, Loopback0 and the WAN networks will be advertised into the dynamic routing process.

I’m using RIPv2 as my routing process, as I said - intermediary networks and local loopbacks will be advertised but NOT the tunnel interface networks, also DON’T advertise LAN interfaces via your dynamic process as you may end up with a situation referred to as “recursive routes”.

In our example we had a need to tunnel through multiple routers to get to the IPv6 destination.

On the both endpoint routers, Loopback 0 is setup and each endpoint has a distinct IPv4 network addresses.  Also, the two endpoint routers Tunnel 0 interface will be on the same distinct network.

Loopback 0 as-well-as the LAN interface will have both IPv6 and IPv4 addresses on them, this is referred to as “Dual Stack”.

Taking the following illustration for example; the tunnel source for Router A is its own loop0 Interface. The tunnel destination is the ip address of the loop0 on Router C.

Conversely, the tunnel source for Router C is its own loop0 Interface and its tunnel destination is the ip address of Router A’s loop0.  Router B should participate in the RIP process.

Now add IPv4 route on Router A for Net2 and the next hop should be tun0.  On Router C set a route for Net1 with next hop Tun0.  Now use ping to test.

If your test is successful add routes for IPv6 on each router for the same as you did for IPv4.  Make sure to type the “ipv6 enable” command on your tunnel interfaces.

I am not going into IPv4 or IPv6 in this document but I will mention that if you need a nice subnet calculator to help with either version of IP, check out:

http://www.bitcricket.com/

(direct download)
http://www.bitcricket.com/downloads/IPCalculator.msi

That’s the short version.

I'm including configs and a diagram from my lab if you want more detail than was presented in the material above.

---

lab-3620b Config:

Current configuration : 1373 bytes
!
version 12.3                                                                       
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname lab-3620b
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
ip subnet-zero  
!
!
ip cef
ip domain name ankeny-labs.local
ip name-server 10.200.2.11
ip name-server FEC0:0:1:2:250:4FF:FE43:4363
!
ip audit po max-events 100
ipv6 unicast-routing
ipv6 cef  
!                                                                                  
!  
interface Loopback0
 ip address 172.21.10.1 255.255.255.0
 ipv6 address FEC0:0:1:8::/64 eui-64
!
interface Tunnel0
 ip address 192.168.100.2 255.255.255.0
 ipv6 enable
 tunnel source Loopback0
 tunnel destination 172.21.20.1
!
interface Ethernet0/0
 ip address 192.168.1.9 255.255.255.0
 half-duplex
 ipv6 address FEC0:0:1:4::/64 eui-64
!
interface Serial0/0
 no ip address
 encapsulation frame-relay
!
interface Serial0/0.1 point-to-point
 ip address 172.16.100.2 255.255.255.252
 ip rip send version 2
 ip rip receive version 2
 frame-relay interface-dlci 16
!
router rip
 version 2
 passive-interface Ethernet0/0
 network 172.16.0.0  
 network 172.21.0.0
 default-metric 2
 no auto-summary
!
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 10.200.2.0 255.255.255.0 Tunnel0
!
!
ipv6 route FEC0:0:1:2::/64 Tunnel0
!
!
!
line con 0
line aux 0
line vty 0 4
 password cisco
 login
!
!
end 

---

lab-3620a Config:

Current configuration : 786 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname lab-3620a
!
enable password cisco
!
!
!
!
!
ip subnet-zero
no ip finger
!
!
!
!
interface Ethernet0/0
 ip address 192.168.250.2 255.255.255.0
 ip rip send version 2
 ip rip receive version 2
!
interface Serial0/0
 no ip address
 encapsulation frame-relay
!
interface Serial0/0.1 point-to-point
 ip address 172.16.100.1 255.255.255.252
 ip rip send version 2
 ip rip receive version 2
 frame-relay interface-dlci 16
!
router rip
 version 2
 redistribute connected
 network 172.16.0.0
 network 192.168.250.0
 default-metric 2
 no auto-summary
!
ip classless
ip http server
!
!
line con 0
 transport input none
line aux 0
line vty 0 4
 password cisco
 login
!
end

---

lab-3640b Config:

Current configuration : 2211 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname lab-3640b
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
!
resource policy
!
memory-size iomem 10
ip subnet-zero
!
!
ip cef
ip domain name ankeny-labs.local
ip name-server 10.200.2.11
ip name-server FEC0:0:1:2:250:4FF:FE43:4363
no ip dhcp use vrf connected
!
!
no ip ips deny-action ips-interface
!
ipv6 unicast-routing
ipv6 cef
!
!
!
interface Tunnel0
 ip address 192.168.100.1 255.255.255.0
 ipv6 enable
 tunnel source Loopback0
 tunnel destination 172.21.10.1
!
interface Loopback0
 ip address 172.21.20.1 255.255.255.0
 ipv6 address FEC0:0:1:9::/64 eui-64
!
interface FastEthernet0/0
 ip address 192.168.250.1 255.255.255.0
 ip rip send version 2
 ip rip receive version 2
 speed 10
 half-duplex
!
interface FastEthernet0/1
 ip address 10.200.2.2 255.255.255.0
 ip nbar protocol-discovery
 duplex auto
 speed auto
 ipv6 address FEC0:0:1:2::/64 eui-64
 ipv6 enable
 ipv6 rip 1 enable
!
interface Serial1/0
 no ip address
 shutdown
 serial restart-delay 0
 no fair-queue
!
interface Serial1/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface FastEthernet2/0
 ip address 10.200.0.7 255.255.255.0
 duplex auto
 speed auto
!
router eigrp 100
 network 10.200.0.0 0.0.0.255
 network 10.200.2.0 0.0.0.255
 default-metric 1000 100 255 10 1500
 no auto-summary     
!
router rip
 version 2
 network 172.21.0.0
 network 192.168.250.0
 default-metric 2
 no auto-summary
!
ip http server
no ip http secure-server
ip classless
ip route 192.168.1.0 255.255.255.0 Tunnel0
!
!
!
logging 10.200.0.100
access-list 90 permit any log
access-list 111 permit tcp any any eq telnet log
ipv6 route FEC0:0:1:4::/64 Tunnel0
ipv6 router rip 1
 redistribute static
!
!
!
!
control-plane
!
!
!
!
line con 0
line aux 0
line vty 0 4
 access-class 90 in
 password cisco
 login
!
!
end

 

load-sharing per-packet howto Cisco IOS 12.2(46)

load-sharing per-packet howto Cisco IOS 12.2(46)

Per-packet load balancing allows the router to send successive data packets over paths without regard to individual hosts or user sessions. It uses the round-robin method to determine which path each packet takes to the destination. With per-packet load balancing enabled, the router sends one packet for destination1 over the first path, the second packet for (the same) destination1 over the second path, and so on. Per-packet load balancing ensures balancing over multiple links.

Although path utilization with per-packet load balancing is beneficial, packets for a given pair of source-destination hosts might take different paths. This means that per-packet load balancing can introduce reordering of packets. This load balancing method would be inappropriate for certain types of data traffic (such as voice traffic over IP) that depend on packets arriving at the destination in sequence.

Use per-packet load balancing to ensure that a path for a single source-destination pair does not get overloaded. If the bulk of data passing through parallel links is for a single pair, per-destination load balancing overloads a single link while other links have very little traffic. Enabling per-packet load balancing allows you to use alternate paths to the same busy destination.

Source: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s21/pplb.htm

 

In figure 1.0 you see a graphical representation of round-robin load balancing.

In this graphic, the computer on Network A is sending a file to the computer on Network B.  As the file is encoded onto the wire the packets traverses Router 1 and packet A is transmitted over Serial 0 on router 1, packet B is transmitted over Serial 1 on router 1 and so on.  This is absolute and not dependent on interface loading, delay etc...

Figure 1.0

 

 

I am including config revisions from my RANCID Repo for a Lab I’ve implemented using load-sharing per-packet on two routers.  We will just call them router1 and router2.

 

Router1:

!RANCID-CONTENT-TYPE: cisco
!
!Chassis type: 4700 - a 4700 router
!CPU: R4K, R4700 CPU at 133Mhz, impl 33, Rev 1.0, 512KB L2 Cache
!
!Memory: main 65536K/16384K
!Memory: nvram 128K
!
!Processor ID: 10881428
!
!
!Image: Software: C4500-IS-M, 12.2(46), RELEASE SOFTWARE (fc1)
!Image: Compiled: Thu 26-Apr-07 23:38 by pwade
!Image: flash:c4500-is-mz.122-46.bin
!
!ROM Bootstrap: Version 5.3(16) [richardd 16], RELEASE SOFTWARE (fc1)
!BOOTLDR: Version 12.2(46), RELEASE SOFTWARE (fc1)
!
!
!
!BootFlash: Boot flash directory:
!BootFlash: File  Length   Name/status
!BootFlash:   1   3010356  c4500-boot-mz.122-46.bin  
!BootFlash: [3010420 bytes used, 1183880 available, 4194300 total]
!BootFlash: 4096K bytes of processor board Boot flash (Read/Write)
!
!Flash: System flash directory:
!Flash: File  Length   Name/status
!Flash:   1   7608332  c4500-is-mz.122-46.bin  
!Flash: [7608396 bytes used, 25946032 available, 33554428 total]
!Flash: 32768K bytes of processor board System flash (Read/Write)
!
!Flash: nvram: Directory of nvram:/
!Flash: nvram:   122  -rw-        2234                    <no date>  startup-config
!Flash: nvram:   123  ----          27                    <no date>  private-config
!Flash: nvram:     1  ----          12                    <no date>  persistent-data
!Flash: nvram:     2  -rw-           0                    <no date>  ifIndex-table
!Flash: nvram: 129016 bytes total (124655 bytes free)
!
!Flash: bootflash: Directory of bootflash:/
!Flash: bootflash:     1  -rw-     3010356                    <no date>  c4500-boot-mz.122-46.bin
!Flash: bootflash: 4194300 bytes total (1183880 bytes free)
!
!Interface: AM79970 unit 0 NIM slot 0, NIM type code 14, NIM version 2
!    Media Type is 10BaseT
!Interface: AM79970 unit 1 NIM slot 0, NIM type code 14, NIM version 2
!    Media Type is 10BaseT
!Interface: AM79970 unit 2 NIM slot 0, NIM type code 14, NIM version 2
!    Media Type is 10BaseT
!Interface: AM79970 unit 3 NIM slot 0, NIM type code 14, NIM version 2
!    Media Type is 10BaseT
!Interface: AM79970 unit 4 NIM slot 0, NIM type code 14, NIM version 2
!    Media Type is 10BaseT
!Interface: AM79970 unit 5 NIM slot 0, NIM type code 14, NIM version 2
!    Media Type is 10BaseT
!Interface: HD unit 0, NIM slot 1, NIM type code 12, NIM version 5
!    Universal Serial: DTE V.35 cable
!Interface: HD unit 1, NIM slot 1, NIM type code 12, NIM version 5
!    Universal Serial: DTE V.35 cable
!Interface: HD unit 2, NIM slot 1, NIM type code 12, NIM version 5
!    Universal Serial: DTE V.35 cable
!Interface: HD unit 3, NIM slot 1, NIM type code 12, NIM version 5
!    Universal Serial: DTE V.35 cable
!
config-register 0x2102
version 12.2
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname isi-4700-row1
!
no logging console
enable secret 5 <removed>
!enable password <removed>
!
clock timezone CDT -6
clock summer-time CDT date Mar 11 2007 0:01 Nov 4 2007 0:01
ip subnet-zero
ip cef
ip cef load-sharing algorithm tunnel
ip host isi-2500 4.4.4.2
ip name-server 172.16.0.20
!
interface Loopback0
 ip address 4.4.4.1 255.255.255.255
!
interface Ethernet0
 ip address 172.30.100.26 255.255.255.248
 ip rip send version 2
 ip rip receive version 2
 media-type 10BaseT
!
interface Ethernet1
 no ip address
 shutdown
 media-type 10BaseT
!
interface Ethernet2
 no ip address
 shutdown
 media-type 10BaseT
!
interface Ethernet3
 no ip address
 shutdown
 media-type 10BaseT
!
interface Ethernet4
 no ip address
 shutdown
 media-type 10BaseT
!
interface Ethernet5
 no ip address
 shutdown
 media-type 10BaseT
!
interface Serial0
 bandwidth 1544
 ip address 172.16.200.9 255.255.255.252
 ip load-sharing per-packet
 ip rip send version 2
 ip rip receive version 2
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
!
interface Serial1
 bandwidth 1544
 ip address 172.16.200.13 255.255.255.252
 ip load-sharing per-packet
 ip rip send version 2
 ip rip receive version 2
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
!
interface Serial2
 bandwidth 1544
 ip address 172.16.200.17 255.255.255.252
 ip load-sharing per-packet
 ip rip send version 2
 ip rip receive version 2
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
!
interface Serial3
 bandwidth 1544
 ip address 172.16.200.21 255.255.255.252
 ip load-sharing per-packet
 ip rip send version 2
 ip rip receive version 2
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
!
router rip
 version 2
 network 172.16.0.0
 network 172.30.0.0
 neighbor 172.16.200.10
 default-metric 2
 no auto-summary
!
ip classless
no ip http server
!
logging source-interface Loopback0
logging 10.0.107.13
access-list 90 permit any log
snmp-server community public RO
snmp-server enable traps tty
!
line con 0
line aux 0
line vty 0 4
 access-class 90 in
! password <removed>
 login
!
end


Router2:

!RANCID-CONTENT-TYPE: cisco
!
!Chassis type: 4500 - a 4500 router
!CPU: R4K, R4600 CPU at 100Mhz, impl 32, Rev 2.0
!
!Memory: main 32768K/4096K
!Memory: nvram 128K
!
!Processor ID: 01176969
!
!
!Image: Software: C4500-IS-M, 12.2(46), RELEASE SOFTWARE (fc1)
!Image: Compiled: Thu 26-Apr-07 23:38 by pwade
!Image: flash:c4500-is-mz.122-46.bin
!
!ROM Bootstrap: Version 5.1(1) [daveu 1], RELEASE SOFTWARE (fc1)
!BOOTLDR: Version 12.2(46), RELEASE SOFTWARE (fc1)
!
!
!
!BootFlash: Boot flash directory:
!BootFlash: File  Length   Name/status
!BootFlash:   1   3010356  c4500-boot-mz.122-46.bin  
!BootFlash: [3010420 bytes used, 1183880 available, 4194300 total]
!BootFlash: 4096K bytes of processor board Boot flash (Read/Write)
!
!Flash: System flash directory:
!Flash: File  Length   Name/status
!Flash:   1   7608332  c4500-is-mz.122-46.bin  
!Flash: [7608396 bytes used, 780208 available, 8388604 total]
!Flash: 8192K bytes of processor board System flash (Read/Write)
!
!Flash: nvram: Directory of nvram:/
!Flash: nvram:   122  -rw-        2710                    <no date>  startup-config
!Flash: nvram:   123  ----          27                    <no date>  private-config
!Flash: nvram:     1  -rw-           0                    <no date>  ifIndex-table
!Flash: nvram:     2  ----          12                    <no date>  persistent-data
!Flash: nvram: 129016 bytes total (124179 bytes free)
!
!Flash: bootflash: Directory of bootflash:/
!Flash: bootflash:     1  -rw-     3010356                    <no date>  c4500-boot-mz.122-46.bin
!Flash: bootflash: 4194300 bytes total (1183880 bytes free)
!
!Interface: LANCE unit 0, NIM slot 2, NIM type code 9, NIM version 2
!    Media Type is 10BaseT
!Interface: LANCE unit 1, NIM slot 2, NIM type code 9, NIM version 2
!    Media Type is 10BaseT
!Interface: HD unit 0, NIM slot 0, NIM type code 12, NIM version 5
!    Universal Serial: DCE V.35 cable, clockrate 2000000
!Interface: HD unit 1, NIM slot 0, NIM type code 12, NIM version 5
!    Universal Serial: DCE V.35 cable, clockrate 2000000
!Interface: HD unit 2, NIM slot 0, NIM type code 12, NIM version 5
!    Universal Serial: DCE V.35 cable, clockrate 2000000
!Interface: HD unit 3, NIM slot 0, NIM type code 12, NIM version 5
!    Universal Serial: DCE V.35 cable, clockrate 2000000
!
config-register 0x2102
version 12.2
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname isi-4500-row1
!
logging buffered 4096 debugging
no logging console
enable secret 5 <removed>
!enable password <removed>
!
clock timezone CDT -6
clock summer-time CDT date Mar 11 2007 0:01 Nov 4 2007 0:01
ip subnet-zero
ip cef
ip cef load-sharing algorithm tunnel
ip host isi-4500 4.4.4.2
ip host reverse_t 2001 10.10.107.2
ip name-server 172.16.0.2
!
interface Loopback0
 ip address 4.4.4.2 255.255.255.255
!
interface Ethernet0
 ip address 10.10.107.2 255.255.255.248
 media-type 10BaseT
!
interface Ethernet1
 no ip address
 shutdown
 media-type 10BaseT
!
interface Serial0
 bandwidth 1544
 ip address 172.16.200.10 255.255.255.252
 ip load-sharing per-packet
 ip rip send version 2
 ip rip receive version 2
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
 clock rate 2000000
 dce-terminal-timing-enable
!
interface Serial1
 bandwidth 1544
 ip address 172.16.200.14 255.255.255.252
 ip load-sharing per-packet
 ip rip send version 2
 ip rip receive version 2
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
 clock rate 2000000
 dce-terminal-timing-enable
!
interface Serial2
 bandwidth 1544
 ip address 172.16.200.18 255.255.255.252
 ip load-sharing per-packet
 ip rip send version 2
 ip rip receive version 2
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
 clock rate 2000000
 dce-terminal-timing-enable
!
interface Serial3
 bandwidth 1544
 ip address 172.16.200.22 255.255.255.252
 ip load-sharing per-packet
 ip rip send version 2
 ip rip receive version 2
 encapsulation ppp
 no ip route-cache
 no ip mroute-cache
 clock rate 2000000
 dce-terminal-timing-enable
!
interface TokenRing0
 no ip address
 shutdown
!
router eigrp 400
 redistribute rip
 network 10.0.0.0
 default-metric 1000 100 250 100 1500
 no auto-summary
!
router rip
 version 2
 redistribute eigrp 400
 network 4.0.0.0
 network 172.16.0.0
 neighbor 172.16.200.9
 default-metric 2
 no auto-summary
!
no ip classless
no ip http server
!
logging source-interface Loopback0
logging 10.0.107.13
access-list 1 deny   10.0.105.0 0.0.0.255
access-list 1 deny   10.0.106.0 0.0.0.255
access-list 1 permit any
access-list 90 permit any log
snmp-server community public RO
snmp-server enable traps tty
!
line con 0
line aux 0
 modem InOut
 transport input all
 stopbits 1
 flowcontrol hardware
line vty 0 4
 access-class 90 in
! password <removed>
 login
!
ntp server 172.16.0.20 prefer
end


Now let't look at some utilization graphs from Cacti to see how we did:

Router1:

 

Router2:

 

That's it!  Please post comments or questions at forums.routermonkey.org.  Sign-up is free and easy!

Regards,

Barney Gaumer

www.routermonkey.org 

ATM SVC Howto: ATM SVC between two or more ATM switches

ATM SVC Howto: ATM SVC between two or more ATM switches

You will need to do very little on your ATM switchgear to facilitate an SVC, just verify the switches NSAP address and make a note of it.  For the purpose of this howto we will enable PNNI and use the default configuration on the ATM switch’s ATM Interfaces

The ATM Private Network-Node Interface (PNNI), an ATM network-to-network signaling protocol, provides mechanisms to support scalable, QoS-based ATM routing and switch-to-switch switched virtual connection (SVC) interoperability.

The PNNI (Private Network-to-Network Interface), is a hierarchical, dynamic link-state routing protocol. It is designed to support large-scale ATM networks. The PNNI protocol uses VPI/VCI 0,18 for its messages. In addition, it uses signalling messages to support connection establishment across multiple networks. PNNI is based on UNI 4.0 and Q.2931. Specific information elements were added to UNI 4.0 in order to support the routing process of PNNI. PNNI Signalling contains the procedure to dynamically establish, maintain and clear ATM connections at the private network to network interface or network node interface between 2 ATM networks or 2 ATM network nodes. The PNNI signalling protocol is based on the ATM forum UNI specification and on Q.2931 .

Config Snip 1.0

!

atm address 47.0091.8100.0000.0030.f206.bc01.0030.f206.bc01.00

atm router pnni

 no aesa embedded-number left-justified

 node 1 level 56 lowest

  redistribute atm-static

!

!       

interface ATM3/0/1

 description .....isi-7507

 no ip address

!

isi-ls1010-1#

 

QSAAL and ILMI PVCs

An SVC is dynamically established, maintained and released. It allows you to provide bandwidth on demand for a particular connection or set of user traffic. When configuring SVCs on Cisco router ATM interfaces, you need to configure the following two permanent virtual circuits (PVCs):

·         pvc 0/5 qsaal (Required)—Configures the signaling PVC. SVC service requires a signaling protocol between the end-device and the ATM switch. Cisco IOS® Software conforms to the ATM Forum's UNI 3.0, UNI 3.1 or UNI 4.0 user-to-network signaling standard, depending on what version is selected by Interim Local Management Interface (ILMI) or configuration.

·         pvc 0/16 ilmi (Optional)—Configures an ILMI PVC. The ATM router interface exchanges ILMI packets to communicate ATM-layer addressing information and to register its complete ATM address with the directly attached switch, which then provides ATM-layer routing to the destination router. Refer to Understanding ILMI on ATM Interfaces.

Both of these overhead PVCs are configured on the ATM main interface.

Config Snip 1.1

interface ATM5/0/0

 no ip address

 no ip route-cache

 no ip mroute-cache

 atm uni-version 3.0

 no atm ilmi-keepalive

 pvc 0/5 qsaal

 !

 pvc 0/16 ilmi

 !

In my example, I’ve created a multipoint subinterface on ATM5/0/0 to allow me to pass BGP traffic between multiple routers on the same subnet.

Config Snip 1.2

!

interface ATM5/0/0.100 multipoint

 ip address 192.168.98.34 255.255.255.224

 no ip route-cache

 no ip mroute-cache

 map-group isi-backbone

 atm esi-address 100000111111.00

The end system identifier (ESI) address form is preferred in that it automatically handles advertising the address. Use the network service access point (NSAP) form of the command when you need to define a full 20-byte unique address with a prefix unrelated to the network prefix on that interface. You only need to specify a static route when configuring an ARP client using an NSAP address.

To find the NSAP address of the adjacent ATM switch you can use the following at the IOS CLI:

Example 1.3

isi-7507-1#sh atm ilmi-status

Interface : ATM5/0/0 Interface Type : Private UNI (User-side)

ILMI VCC : (0, 16) ILMI Keepalive : Disabled

ILMI State:       UpAndNormal

Peer IP Addr:     172.16.0.235    Peer IF Name:     ATM3/0/1

Peer MaxVPIbits:  8               Peer MaxVCIbits:  14

Active Prefix(s) :

47.0091.8100.0000.0030.f206.bc01

End-System Registered Address(s) :

47.0091.8100.0000.0030.f206.bc01.1000.0011.1111.00(Confirmed)

isi-7507-1#

 

You need to perform the same tasks on the console of the other routers that you would like to add to your ATM network.

 

Lastly, you need to configure an ATM map-list to map IP to the End-System Registered Address for each router in the network.  Notice back at Code Snip 1.2 the map-group “isi-backbone” is configured at the global config level and then applied on the sub-interface ATM5/0/0.100.

Config Snip 1.4

map-list isi-backbone

 ip 192.168.98.33 atm-nsap 47.0091810000000030F206BC01.100000222222.00

 ip 192.168.98.34 atm-nsap 47.0091810000000030F206BC01.100000111111.00

 ip 192.168.98.35 atm-nsap 47.00918100000000014273BA01.100000333333.00

 ip 192.168.98.36 atm-nsap 47.0091810000000030F206BC01.100000444444.00

 

Diagram 1 shows the result of the lab we have exercised in this howto.

 

Diagram 1

 

Complete router configs:

Router1: 

 
!
config-register 0x2102
version 12.1
no service single-slot-reload-enable
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname isi-7507-1
!
boot system slot0:rsp-a3jk2sv-mz.121-27b.bin
logging buffered 4096 debugging
no logging console
enable secret 5 <removed>
!enable password <removed>
!
microcode CIP flash bootflash:cip27-20.bin
microcode reload
clock timezone CDT -6
clock summer-time CDT date Mar 11 2007 0:01 Nov 4 2007 0:01
ip subnet-zero
no ip domain-lookup
ip host isi-ATM01 7.7.7.3
ip name-server 172.16.0.20
!
ip cef
!
interface Loopback0
 ip address 7.7.7.3 255.255.255.255
!
interface Channel1/0
 no ip address
 no keepalive
!
interface Channel1/2
 no ip address
 no keepalive
!
interface FastEthernet4/0/0
 ip address 172.16.0.239 255.255.255.0
 no ip route-cache
 no ip mroute-cache
 full-duplex
!
interface ATM5/0/0
 no ip address
 no ip route-cache
 no ip mroute-cache
 atm uni-version 3.0
 no atm ilmi-keepalive
 pvc 0/5 qsaal
 !
 pvc 0/16 ilmi
 !
!
interface ATM5/0/0.100 multipoint
 ip address 192.168.98.34 255.255.255.224
 no ip route-cache
 no ip mroute-cache
 map-group isi-backbone
 atm esi-address 100000111111.00
!
interface Channel6/0
 no ip address
 no keepalive
!
interface Channel6/2
 no ip address
 no keepalive
!
router ospf 100
 log-adjacency-changes
 redistribute bgp 100 subnets
 network 7.7.7.3 0.0.0.0 area 0
 network 172.16.0.0 0.0.0.255 area 0
!
router bgp 100
 no synchronization
 bgp log-neighbor-changes
 network 192.168.98.32 mask 255.255.255.224
 redistribute ospf 100 match internal external 1 external 2
 neighbor 192.168.98.33 remote-as 200
 neighbor 192.168.98.35 remote-as 300
 neighbor 192.168.98.36 remote-as 400
 no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.0.1
no ip http server
!
map-list isi-backbone
 ip 192.168.98.33 atm-nsap 47.0091810000000030F206BC01.100000222222.00
 ip 192.168.98.34 atm-nsap 47.0091810000000030F206BC01.100000111111.00
 ip 192.168.98.35 atm-nsap 47.00918100000000014273BA01.100000333333.00
 ip 192.168.98.36 atm-nsap 47.0091810000000030F206BC01.100000444444.00
!
logging history debugging
logging source-interface Loopback0
logging 10.0.107.13
access-list 90 permit any log
snmp-server community public RO
!
line con 0
line aux 0
line vty 0 4
 access-class 90 in
! password <removed>
 login
!
ntp server 172.16.0.20 prefer
end 

---

Router2:

 
!
config-register 0x2102
version 12.2
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname isi-4700-2
!
logging buffered 4096 debugging
no logging console
enable secret 5 <removed>
!enable password <removed>
!
clock timezone CDT -6
clock summer-time CDT date Mar 11 2007 0:01 Nov 4 2007 0:01
ip subnet-zero
no ip domain-lookup
ip name-server 172.16.0.2
!
interface Loopback0
 ip address 7.7.7.6 255.255.255.255
!
interface Serial0
 no ip address
 encapsulation frame-relay
!
interface Serial0.1 point-to-point
 ip address 172.16.200.5 255.255.255.252
 frame-relay interface-dlci 32  
!
interface Serial1
 no ip address
 shutdown
!
interface Serial2
 no ip address
 shutdown
!
interface Serial3
 no ip address
 shutdown
!
interface ATM0
 no ip address
 pvc 0/5 qsaal
 !
 pvc 0/16 ilmi
 !
 no atm ilmi-keepalive
!
interface ATM0.120 multipoint
 ip address 192.168.98.35 255.255.255.224
 map-group isi-backbone
 atm esi-address 100000333333.00
!
interface FastEthernet0
 ip address 172.30.100.33 255.255.255.248
 half-duplex
!
router rip
 version 2
 redistribute static
 redistribute bgp 300 metric 2 route-map bgp-rip
 redistribute igrp 1
 network 172.16.0.0
 default-information originate
 default-metric 2
 no auto-summary
!
router igrp 1
 redistribute static
 redistribute rip
 redistribute bgp 300
 network 172.30.0.0
 default-metric 1000 100 200 100 1500
 distribute-list 20 in
!
router bgp 300
 no synchronization
 bgp log-neighbor-changes
 network 7.7.7.6 mask 255.255.255.255
 network 192.168.98.32 mask 255.255.255.224
 network 192.168.99.16 mask 255.255.255.248
 redistribute rip
 redistribute igrp 1
 neighbor 192.168.98.33 remote-as 200
 neighbor 192.168.98.34 remote-as 100
 neighbor 192.168.98.36 remote-as 400
 no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.98.34
no ip http server
!
map-list isi-backbone
 ip 192.168.98.33 atm-nsap 47.0091810000000030F206BC01.100000222222.00
 ip 192.168.98.34 atm-nsap 47.0091810000000030F206BC01.100000111111.00
 ip 192.168.98.35 atm-nsap 47.00918100000000014273BA01.100000333333.00
 ip 192.168.98.36 atm-nsap 47.0091810000000030F206BC01.100000444444.00
logging source-interface Loopback0
logging 10.0.107.13
access-list 20 deny   172.16.0.0 0.0.0.255
access-list 20 permit any
access-list 90 permit any log
route-map bgp-rip permit 10
 match route-type internal external local
 set metric 2
!
snmp-server community public RO
snmp-server enable traps tty
!
line con 0
line aux 0
line vty 0 4
 access-class 90 in
! password <removed>
 login
!
ntp server 172.16.0.20 prefer
end

 

---

Router3:

!
config-register 0x2102
version 12.2
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname isi-4700-1
!
logging buffered 4096 debugging
no logging console
enable secret 5 <removed>
!enable password <removed>
!
clock timezone CDT -6
clock summer-time CDT date Mar 11 2007 0:01 Nov 4 2007 0:01
ip subnet-zero
ip name-server 172.16.0.2
!
interface Loopback0
 ip address 7.7.7.4 255.255.255.255
!
interface Ethernet0
 ip address 192.168.200.10 255.255.255.0
 ip broadcast-address 192.168.200.255
 ip rip send version 1
 ip rip receive version 1
 shutdown
 media-type 10BaseT
!
interface Ethernet1
 no ip address
 shutdown
 media-type 10BaseT
!
interface ATM0
 no ip address
 pvc 0/5 qsaal
 !
 pvc 0/16 ilmi
 !
 atm uni-version 3.0
 no atm ilmi-keepalive
!
interface ATM0.110 multipoint
 ip address 192.168.98.33 255.255.255.224
 map-group isi-backbone
 atm esi-address 100000222222.00
!
interface FastEthernet0
 ip address 192.168.99.9 255.255.255.248
 full-duplex
!
router rip
 version 1
 redistribute bgp 200
 network 192.168.99.0
 network 192.168.200.0
 neighbor 192.168.200.1
 distribute-list 20 in
 no auto-summary
!
router bgp 200
 no synchronization
 bgp log-neighbor-changes
 network 7.7.7.4 mask 255.255.255.255
 redistribute rip
 neighbor 192.168.98.34 remote-as 100
 neighbor 192.168.98.35 remote-as 300
 neighbor 192.168.98.36 remote-as 400
 no auto-summary
!
ip classless
no ip http server
!
map-list isi-backbone
 ip 192.168.98.33 atm-nsap 47.0091810000000030F206BC01.100000222222.00
 ip 192.168.98.34 atm-nsap 47.0091810000000030F206BC01.100000111111.00
 ip 192.168.98.35 atm-nsap 47.00918100000000014273BA01.100000333333.00
 ip 192.168.98.36 atm-nsap 47.0091810000000030F206BC01.100000444444.00
logging source-interface Loopback0
logging 10.0.107.13
access-list 20 deny   0.0.0.0
access-list 20 permit any
access-list 90 permit any log
snmp-server community public RO
snmp-server enable traps tty
!
line con 0
 access-class 90 in
 exec-timeout 0 0
line aux 0
 access-class 90 in
line vty 0 2
 access-class 90 in
! password <removed>
 login
line vty 3 4
! password <removed>
 login
!
ntp server 172.16.0.20 prefer
end

---

Router4:

!
config-register 0x2102
version 12.2
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname tunrcis1201
!
logging buffered 4096 debugging
no logging console
enable secret 5 <removed>
!enable password <removed>
!
clock timezone CDT -6
clock summer-time CDT date Mar 11 2007 0:01 Nov 4 2007 0:01
ip subnet-zero
ip host rtelnet 2001 7.7.7.5
ip name-server 172.16.0.2
ip name-server 10.0.107.50
ip name-server 172.16.0.20
!
interface Loopback0
 ip address 7.7.7.5 255.255.255.255
!
interface Ethernet0
 ip address 192.168.99.26 255.255.255.248
 media-type 10BaseT
!
interface Ethernet1
 ip address 172.30.100.25 255.255.255.248
 ip rip send version 2
 ip rip receive version 2
 media-type 10BaseT
!
interface Ethernet2
 no ip address
 shutdown
 media-type 10BaseT
!
interface Ethernet3
 no ip address
 shutdown
 media-type 10BaseT
!
interface Ethernet4
 no ip address
 shutdown
 media-type 10BaseT
!
interface Ethernet5
 no ip address
 shutdown
 media-type 10BaseT
!
interface Ethernet6
 no ip address
 shutdown
 media-type 10BaseT
!
interface Ethernet7
 no ip address
 shutdown
 media-type 10BaseT
!
interface ATM0
 no ip address
 pvc 0/5 qsaal
 !
 pvc 0 0/16 ilmi
 !
 atm uni-version 3.0
 no atm ilmi-keepalive
!
interface ATM0.400 multipoint
 ip address 192.168.98.36 255.255.255.224
 map-group isi-backbone
 atm esi-address 100000444444.00
!
router rip
 version 2
 redistribute static
 redistribute bgp 400 metric 2 route-map bgp-rip
 network 172.30.0.0
 network 192.168.99.0
 default-metric 2
 no auto-summary
!
router bgp 400
 no synchronization
 bgp log-neighbor-changes
 network 7.7.7.5 mask 255.255.255.255
 network 192.168.98.32 mask 255.255.255.224
 redistribute static
 redistribute rip
 neighbor 192.168.98.33 remote-as 200
 neighbor 192.168.98.34 remote-as 100
 neighbor 192.168.98.35 remote-as 300
 no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.98.34
ip route 10.0.100.0 255.255.255.0 192.168.99.25
ip route 10.0.101.0 255.255.255.0 192.168.99.25
ip route 10.0.102.0 255.255.255.0 192.168.99.25
ip route 10.0.103.0 255.255.255.0 192.168.99.25
ip route 10.0.104.0 255.255.255.0 192.168.99.25
no ip http server
ip pim bidir-enable
!
map-list isi-backbone
 ip 192.168.98.33 atm-nsap 47.0091810000000030F206BC01.100000222222.00
 ip 192.168.98.34 atm-nsap 47.0091810000000030F206BC01.100000111111.00
 ip 192.168.98.35 atm-nsap 47.00918100000000014273BA01.100000333333.00
 ip 192.168.98.36 atm-nsap 47.0091810000000030F206BC01.100000444444.00
logging source-interface Loopback0
logging 10.0.107.13
access-list 90 permit any log
route-map bgp-rip permit 10
 match route-type external local internal
 set metric 2
!
snmp-server community public RO
snmp-server enable traps tty
!
line con 0
line aux 0
 modem InOut
 transport input all
line vty 0 4
 access-class 90 in
! password <removed>
 login
!
ntp server 172.16.0.20 prefer
end

 

Credits:

Bernard Gaumer (Author)

Cisco Systems (Technology Definitions)

Javvin Technologies, Inc. (Technology Definitions)