Multiprotocol BGP (MP-BGP) for L3VPN

For an L3VPN environment, the PE router uses MP-BGP to advertise VPNv4-NLRI to a remote PE router.

 

This post demonstrates how to configure MP-BGP on Cisco, Juniper and Nokia (Alcatel-Lucent) routers.

 

Cisco MP-BGP Configuration:

 

router bgp 100

address-family vpnv4

  neighbor 100.64.0.102 activate

  neighbor 100.64.0.102 send-community extended

  neighbor 100.64.0.3 activate

  neighbor 100.64.0.3 send-community extended

 

Verification:

Verify MBGP session with below Cisco command:

Cisco-RTR #show bgp vpnv4 unicast all summary | include 100.64.0.102

100.64.0.102    4  100   84736   71225   415128    0    0 2w3d         8680

 

Cisco-RTR#show bgp vpnv4 unicast all summary | include 100.64.0.3  

100.64.0.3      4  100  173961   18620   415128    0    0 4d20h           4

 

MP-BGP Configuration on Juniper:

 

set protocols bgp group vpls-family type internal

set protocols bgp group L3-VPN neighbor 100.64.0.6 local-address 100.64.0.3

set protocols bgp group L3-VPN neighbor 100.64.0.6 family inet-vpn unicast

 

Verification:

JPR-RTR> show bgp neighbor 100.64.0.6

Peer: 100.64.0.6+26559 AS 100 Local: 100.64.0.3+179 AS 100

  Group: L3-VPN           Routing-Instance: master

  Forwarding routing-instance: master 

  Type: Internal    State: Established    Flags: <Sync RSync>

  Last State: EstabSync     Last Event: RecvKeepAlive

  Last Error: Open Message Error

  Options: <Preference LocalAddress LogUpDown AddressFamily Rib-group Refresh>

  Address families configured: inet-unicast inet-vpn-unicast

  Local Address: 100.64.0.3 Holdtime: 90 Preference: 170

  Number of flaps: 3

  Last flap event: RecvNotify

  Error: 'Open Message Error' Sent: 1 Recv: 0

  Error: 'Hold Timer Expired Error' Sent: 0 Recv: 3

  Peer ID: 100.64.0.6      Local ID: 100.64.0.3        Active Holdtime: 90

  Keepalive Interval: 30         Group index: 18   Peer index: 1  

  BFD: disabled, down

  NLRI for restart configured on peer: inet-unicast inet-vpn-unicast

  NLRI advertised by peer: inet-unicast inet-vpn-unicast

  NLRI for this session: inet-unicast inet-vpn-unicast

  Peer supports Refresh capability (2)

  Stale routes from peer are kept for: 300

  Peer does not support Restarter functionality

  Peer does not support Receiver functionality

  Peer does not support LLGR Restarter or Receiver functionality

  Peer does not support 4 byte AS extension

  Peer does not support Addpath

  Table inet.0 Bit: 10000

    RIB State: BGP restart is complete

    Send state: in sync

    Active prefixes:              132

    Received prefixes:            151

    Accepted prefixes:            149

    Suppressed due to damping:    0

    Advertised prefixes:          1

  Table bgp.l3vpn.0

    RIB State: BGP restart is complete

    RIB State: VPN restart is complete

    Send state: not advertising

    Active prefixes:              27

    Received prefixes:            27

    Accepted prefixes:            27

    Suppressed due to damping:    0

 

MP-BGP Configuration on Alcatel SR routers:

 

ALU-RTR# configure router bgp

ALU-RTR>config>router>bgp# info

               group "L3-VPN"

                family vpn-ipv4

                type internal

                neighbor 100.64.0.6

exit

 

Verification:

ALU-RTR# show  router bgp summary

===============================================================================

 BGP Router ID:100.64.0.102     AS:100        Local AS:100      

===============================================================================

BGP Admin State         : Up          BGP Oper State              : Up

Total Peer Groups       : 3           Total Peers                 : 4        

Total BGP Paths         : 516         Total Path Memory           : 129436   

Total IPv4 Remote Rts   : 263         Total IPv4 Rem. Active Rts  : 132      

Total McIPv4 Remote Rts : 0           Total McIPv4 Rem. Active Rts: 0        

Total McIPv6 Remote Rts : 0           Total McIPv6 Rem. Active Rts: 0        

Total IPv6 Remote Rts   : 0           Total IPv6 Rem. Active Rts  : 0        

Total IPv4 Backup Rts   : 0           Total IPv6 Backup Rts       : 0        

 

Total Supressed Rts     : 0           Total Hist. Rts             : 0        

Total Decay Rts         : 0        

 

Total VPN Peer Groups   : 2           Total VPN Peers             : 2        

Total VPN Local Rts     : 34       

Total VPN-IPv4 Rem. Rts : 8929        Total VPN-IPv4 Rem. Act. Rts: 11       

Total VPN-IPv6 Rem. Rts : 1           Total VPN-IPv6 Rem. Act. Rts: 0        

Total VPN-IPv4 Bkup Rts : 0           Total VPN-IPv6 Bkup Rts     : 0                                                          

 

Total VPN Supp. Rts     : 0           Total VPN Hist. Rts         : 0        

Total VPN Decay Rts     : 0        

 

Total L2-VPN Rem. Rts   : 0           Total L2VPN Rem. Act. Rts   : 0        

Total MVPN-IPv4 Rem Rts : 0           Total MVPN-IPv4 Rem Act Rts : 0        

Total MDT-SAFI Rem Rts  : 266         Total MDT-SAFI Rem Act Rts  : 2        

Total MSPW Rem Rts      : 0           Total MSPW Rem Act Rts      : 0        

Total RouteTgt Rem Rts  : 584         Total RouteTgt Rem Act Rts  : 584       

Total McVpnIPv4 Rem Rts : 0           Total McVpnIPv4 Rem Act Rts : 0        

Total MVPN-IPv6 Rem Rts : 0           Total MVPN-IPv6 Rem Act Rts : 0        

Total EVPN Rem Rts      : 0           Total EVPN Rem Act Rts      : 0        

Total FlowIpv4 Rem Rts  : 0           Total FlowIpv4 Rem Act Rts  : 0        

Total FlowIpv6 Rem Rts  : 0           Total FlowIpv6 Rem Act Rts  : 0        

 

===============================================================================

BGP Summary

===============================================================================

Neighbor

                   AS PktRcvd InQ  Up/Down   State|Rcv/Act/Sent (Addr Family)

                      PktSent OutQ

-------------------------------------------------------------------------------

100.64.0.6

                100   10941    0 17d00h18m 248/121/0 (IPv4)

                         6112    0           8891/5/27 (VpnIPv4)

-------------------------------------------------------------------------------

ALU-RTR#

 

Multiprotocol Reachable NLRI information:

 

Please find the below image bgp update message for VPNv4 NLRI details sent to remote PE router

No comments:
Labels: , , ,

Inline Source NAT Configuration Example

This post explains inline NAT configuration on juniper MX-series router.

On MX-series Juniper routers we generally need Multiservices Dense Port Concentrator (MS-DPC) card for NAT. Inline NAT eliminates need of MS-DPC card.

Requirements for Inline NAT:

·         MPC cards

·         Junos OS Release 11.4R1 or higher

 

Topology:

In the above topology RTR-2 performs Source NAT when traffic from RTR-1 to RTR-3 reaches RTR-2.

We initiate traffic from loopback of RTR-1 (11.11.11.11) to loopback of RTR-3 (13.13.13.13)

RTR-2 nats source address 11.11.11.11 to 192.168.16.0

 

RTR-1 Configuration:

set interfaces lt-3/0/0 unit 0 encapsulation ethernet

set interfaces lt-3/0/0 unit 0 peer-unit 1

set interfaces lt-3/0/0 unit 0 family inet address 1.1.1.1/24

set interfaces lo0 unit 11 family inet address 11.11.11.11/32

 

//Static route to RTR-3 loopback

set routing-options static route 13.13.13.13/32 next-hop 1.1.1.2

 

RTR-2 Configuration:

//Configure inline services on MPC cards. Below command will create si- interface

set chassis fpc 7 pic 1 inline-services bandwidth 1g

 

//Interface configuration

 

set interfaces lt-3/0/0 unit 1 encapsulation ethernet

set interfaces lt-3/0/0 unit 1 peer-unit 0

set interfaces lt-3/0/0 unit 1 family inet service input service-set SSET1

set interfaces lt-3/0/0 unit 1 family inet service output service-set SSET1

set interfaces lt-3/0/0 unit 1 family inet address 1.1.1.2/24

set interfaces lt-3/0/0 unit 2 encapsulation ethernet

set interfaces lt-3/0/0 unit 2 peer-unit 3

set interfaces lt-3/0/0 unit 2 family inet address 2.2.2.1/24

 

//Static route towards RTR-1 loopback

set routing-options static route 11.11.11.11/32 next-hop 1.1.1.1

 

//Static route towards RTR-3 loopback

set routing-options static route 13.13.13.13/32 next-hop 2.2.2.2

//service-set configuration

set services service-set SSET1 nat-rules RULE1

set services service-set SSET1 interface-service service-interface si-7/1/0.0

 

//NAT POOL

set services nat pool SOURCE-POOL address 192.168.16.0/24

 

//NAT Rule

set services nat rule RULE1 match-direction input

set services nat rule RULE1 term 1 from source-address 11.11.11.11/32

set services nat rule RULE1 term 1 then translated source-pool SOURCE-POOL

set services nat rule RULE1 term 1 then translated translation-type basic-nat44

 

 

RTR-3 Configuration:

set interfaces lt-3/0/0 unit 3 encapsulation ethernet

set interfaces lt-3/0/0 unit 3 peer-unit 2

set interfaces lt-3/0/0 unit 3 family inet address 2.2.2.2/24

set interfaces lo0 unit 13 family inet address 13.13.13.13/32

 

//Static route to NAT POOL towards RTR-2

set routing-options static route 192.168.16.0/24 next-hop 2.2.2.1

 

Verification:

Ping loopback interface of RTR-3 from RTR-1:

lab@RTR-1> ping 13.13.13.13 source 11.11.11.11 count 10 rapid

PING 13.13.13.13 (13.13.13.13): 56 data bytes

!!!!!!!!!!

--- 13.13.13.13 ping statistics ---

10 packets transmitted, 10 packets received, 0% packet loss

round-trip min/avg/max/stddev = 0.689/0.732/0.820/0.032 ms

 

RTR-2

We can see 10 packets are natted and denatted

lab@RTR-2> show services inline nat statistics                                 

 

 Service PIC Name                                      si-7/1/0            

 

 Control Plane Statistics

     Received IPv4 packets                                0                   

     ICMPv4 error packets pass through                    0                   

     ICMPv4 error packets locally generate                0                   

     Dropped IPv4 packets                                 0                   

     Received IPv6 packets                                0                   

     ICMPv6 error packets pass through for NPTv6          0                   

     ICMPv6 error packets locally generated for NPTv6     0                   

     Dropped IPv6 packets                                 0                   

 

 Data Plane Statistics           Packets                  Bytes

     IPv4 NATed packets            10                      840                 

     IPv4 deNATed packets          10                      840                 

     IPv4 error packets            0                       0                   

     IPv4 skipped packets          0                       0                   

     IPv6 NATed packets            0                       0                   

     IPv6 deNATed packets          0                       0                   

     IPv6 error packets            0                       0                   

     IPv6 skipped packets          0                       0

 

RTR-3

Monitor traffic interface output on RTR-3 shows that traffic is received from 192.168.16.0

lab@RTR-3> monitor traffic interface lt-3/0/0.3

verbose output suppressed, use <detail> or <extensive> for full protocol decode

Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay.

Address resolution timeout is 4s.

Listening on lt-3/0/0.3, capture size 96 bytes

 

Reverse lookup for 13.13.13.13 failed (check DNS reachability).

Other reverse lookup failures will not be reported.

Use <no-resolve> to avoid reverse lookups on IP addresses.

 

17:22:43.175949  In IP 192.168.16.0 > 13.13.13.13: ICMP echo request, id 45695, seq 59, length 64

17:22:43.175966 Out IP truncated-ip - 30 bytes missing! 13.13.13.13 > 192.168.16.0: ICMP echo reply, id 45695, seq 59, length 64

1 comment:
Labels: ,
Subscribe to: Posts (Atom)