Friday, August 27, 2010

Importing Routes from Global Table into a VRF Table

Every time I saw that we leake route from VRF to global routing table, So VRF can use the Global routing table for Internet Accsess ( Internet over L3 VPN ) or for specific network access.

But heere we are going to see that If we want to import routes from Global routing table to VRF then how  we can configure the network device .

Using the feature know as Import Route Map  ( import ipv4 unicase | multicast )

The BGP Support to Import routes  from Global Table into a VRF Table feature introduces the capability to import IPv4 unicast prefixes from the global routing table into a Virtual Private Network (VPN) routing/forwarding instance (VRF) table using an import route map.

Below is the Example :

ip prefix-list chetan seq 10 permit x.x.x.x/x

ip prefix-list chetan seq 20 permit x.x.x.x/x
ip prefix-list chetane seq 30 permit x.x.x.x/x

ip vrf ckumar
rd 50:1

import ipv4 unicast map CHETAN_IMPORT
route-target export 50:1

route-target import 50:1




route-map CHETAN_IMPORT permit 10

match ip address prefix-list chetan

Friday, August 20, 2010

Cisco IOS Release Naming

Letter Definitions for Cisco IOS Release Trains

The first character assigned to the release is based on the technology specific to that release. These are technology characters utilized in Cisco's IOS Release deployment.

A = Aggregation/Access Server/Dial technology

B = Broadband

C = Core routers (11.1CA, 11.1CT, 11.1CC)

D = xDSL technology

E = Enterprise feature set

F = Feature Specific enhancements (11.2F)

G = Gigabit Switch Routers (GSR)

H = SDH/SONET technology (11.3HA)

J = Wireless Networking technology (Aironet)

M = Mobile (Restricted to Mobile Wireless BU usage and further reserved for Mainline)

N = Voice, Multimedia, Conference (11.3NA)

P = Platform features (11.2P)

R = Reserved for ROMMON reference

S = Service Provider

T = Reserved for Consolidated Technology Train

W = LAN Switching/Layer 2 routing

X = A short lived, one-time release (12.0XA)

Y = A short-lived, one-time release (when Xs are exhausted)

Z = A short-lived, one-time release (reserved if Ys are exhausted

Cisco IOS S Family Numbering

Cisco IOS Mainline and T Trains Numbering

How Cisco IOS Life Cycle Works

1] First Customer Shipment (FCS)
2] End of Sale (EoS) Announcement
3] End of Software Maintenance (EoSWM or EoSW)
4] End of Vulnerability/Security Fixes
5] Last Date of Support

Cisco IOS Naming Standard

Below is Cisco IOS Naming Standard

Cisco IOS Family

Below Diagram show the Cisco ISO Tree

Thursday, August 12, 2010

EIGRP CE-PE Routing Protocol with MPLS Domain

EIGRP PE-CE routing protocol is used by service providers for customers who use EIGRP as their IGP routing protocol and, hence, prefer to use EIGRP to exchange routing information between the customer sites across an MPLS VPN backbone. In an MPLS VPN environment, to achieve this, the original EIGRP metrics must be carried inside MP-BGP updates. This is achieved by using BGP extended community attributes to carry and preserve EIGRP metrics when crossing the MP-iBGP domain. These communities define the intrinsic characteristics associated with EIGRP, such as the AS number or EIGRP cost metric like bandwidth, delay, load, reliability, and MTU.

BGP Extended Communities for EIGRP PE-CE Routing

Wednesday, August 11, 2010

Loop Prevention : OSPF Down Bit and Domain Tag

Loop Prevention in MPLS VPN Domain using OSPF

Down Bit

Routing loops can occur in the MPLS VPN environment when customer edge routers are dual-homed to the service provider network. MPLS VPN network implementing OSPF PE-CE routing for Customer A VPN-A sites, Site 1 and Site 2. Site 2 is in OSPF Area 2 and has multiple connections to the provider backbone.

The routing loop can be prevented by the use of the OSPF down bit, which is part of the options field in the OSPF header. The LSA header with the option field


The down bit helps prevent routing loops between MP-BGP and OSPF, but not when external routes are announced, such as when redistribution between multiple OSPF domains or when external routes are injected in an area that is dual-homed to the provider network. The PE router redistributes an OSPF route from a different OSPF domain into an OSPF domain as an external route. The down bit is not set because LSA Type 5 does not support the down bit. The redistributed route is propagated across the OSPF domain.

The routing loops introduced by route redistribution between OSPF domains can be solved with the help of the tag field, using standard BGP-OSPF redistribution rules. A non-OSPF route is redistributed as an external OSPF route by a PE router. By default, the tag field is set to the BGP-AS number. The redistributed route is propagated across the OSPF domain without the down bit but with the tag field set. When the route is redistributed into another OSPF domain, the tag field is propagated. Another PE router receives the external OSPF route and filters the route based on the tag field. The tag field matches the AS number so the route is not redistributed into MP-BGP

Tuesday, August 10, 2010

MPLS TE with OSPF Sham-link

When OSPF sites have a backdoor connection, they will by default prefer that link over the MPLS VPN link. Because of the redistribution that occurs, the VPN routes will be seen as inter-area (if OSPF process numbers match on PEs), E1 or E2 routes. As you probably know by now, inter-area and external routes are less preferred than intra-area routes in OSPF. No amount of administrative distance-altering or interface cost- changing can affect this decision making. Here we look briefly at a feature designed to allow VPN routes to look like intra-area routes, giving us the ability to prefer them over the VPN connection by adjusting interface costs.

Above topology show the how OSPF Sham-Link configured .

Below Link give you complete Document for same .

MPLS Traffic Engineering with OSPF Sham-link

Chetan Kumar

MPLS TE VPN with OSPF Process ID vs Domain ID

The below scenario shows the different flavours of OSPF between CE-PE.

 OSPF with unique process = O IA (OSPF Route)

 OSPF with different process = O E2 (OSPF Route)

 OSPF with unique Process ID but different domain ID = O E2 (OSPF Route)

OSPF with different process ID but unique domain ID = O IA (OSPF Route)

Below link is the complete document for same.

MPLS Traffic engineering VPN with OSPF Process ID vs Domain ID

Chetan Kumar Ress

MPLS TE VPN with Extranet

MPLS provides the flexibility to link VPN sites in a number of ways. When several VPNs get access to a shared part of network infrastructure, this is called an extranet .

Below Topology show the example of MPLS Traffic Engineering VPN with Extranet.

Attach link is the complete document for same.

MPLS Traffic Engineering VPN with Extranet

Chetan Kumar Ress

MPLS TEVPN with Export-Map

The Document show that how to configure MPLS VPN with Export - Map feature .
Using Export Map feature we can advertise the route that customer had requested .

We can restrict that advertisement of HUB VPN to other Spoke VPN .
Above topology show thta how to configure MPLS VPN with Export - Map Feature.

The attach link will give you complete document.

MPLS Traffic Engineering VPN with Export-Map

Chetan Kumar Ress

MPLS TE with Per VRF / VPN

Always we can see that in service provider network there will be primary link & Secondary link but only one link will be utilize. Implementing Policy base routing somehow we manipulate the route,

But still it required man force to monitor the link & manipulate the route as per requirement. It becomes very chaotic to do route manipulation every time in service provider network. So the solution is to have a technology where we can use un-equal load balancing or path manipulation as per requirement. So it give us scalability to use or chose any path that we required, may be it can primary path, backup path or both path i.e. un-equal circuit load balancing . So the solution is MPLS- Traffic Engineering , using MPLS traffic engineering we can manipulate the route as per our requirement where you can use each circuit or you can have route path on-demand.

MPLS Traffic Engineering (MPLS TE) is a growing implementation in today's service provider networks. MPLS adoption in service provider networks has increased manifold due to its inherent TE capabilities. MPLS TE allows the MPLS-enabled network to replicate and expand upon the TE capabilities of Layer 2 ATM and Frame Relay networks. MPLS uses the reachability information provided by Layer 3 routing protocols and operates like a Layer 2 ATM network. With MPLS, TE capabilities are integrated into Layer 3, which can be implemented for efficient bandwidth utilization between routers in the SP network.

Below link is an example where we have redundant link in service provider network, Without MPLS Traffic engineering we can see that we can only one link will be utilized . But after implementing MPLS Traffic engineering we can use both circuit as per our requirement or on-demand path manipulation per VRF.

MPLS Traffic Engineering with Per VRF / VPN

Chetan Kumar

MPLS Central VPN with Route Reflector

In certain circumstances, it may be desirable to use a hub-and-spoke topology so that all spoke sites send all their traffic toward a central site location. This may be because certain central site services for a particular VPN, such as Internet access, firewalls, server farms, and so on, are housed within the hub site. Or it may be because this particular VPN customer requires that all connectivity between its sites be via the central site

Above Topology & Attach Link show how to configure MPLS Central VPN with Route Reflector ( RR is used for more scalability in SP network )

Chetan Kumar Ress

Thursday, August 5, 2010

SDH / SONET Mapping Abbreviation

In my previous post ( SDH Mapping )  i had shared all SDH mapping & here are the terms & there abbreviation that used in configuration of STM or STS .

1] STM: Synchronise Transport Module

2] STS : Synchronise Transport Signal

3] AUG: Administrative Unit Group

4] AU: Administrative Unit

5] VC: Virtual Container

6] TUG: Tributary Unit Group

7] TU: Tributary Unit Group

8] VT: Virtual Tributary

9] C: Container

MPLS Label Distribution Modes

In an MPLS domain running LDP, a label is assigned to a destination prefix found in the FIB, and it is distributed to upstream neighbors in the MPLS domain after session establishment. The labels that are of local significance on the router are exchanged with adjacent LSRs during label distribution. Label binding of a specific prefix to a local label and a next-hop label (received from downstream LSR) is then stored in the LFIB and LIB structures. The label distribution methods used in MPLS are as follows:

Downstream on demand : -This mode of label distribution allows an LSR to explicitly request from its downstream next-hop router a label mapping to a particular destination prefix and is thus known as downstream on demand label distribution.

Unsolicited downstream : - This mode of label distribution allows an LSR to distribute bindings to upstream LSRs that have not explicitly requested them and is referred to as unsolicited downstream label distribution.

Depicts the two modes of label distribution between R1 (Edge LSR) and R2 (LSR). In the downstream-on-demand distribution process, LSR R2 requests a label for the destination R1 replies with a label mapping of label 17 for In the unsolicited downstream distribution process, R1 does not wait for a request for a label mapping for prefix but sends the label mapping information to the upstream LSR R2

Forwarding Equivalence Class in MPLS

Forwarding Equivalence Class (FEC) : - As noted in RFC 3031(MPLS architecture), this group of packets are forwarded in the same manner (over the same path with the same forwarding treatment).

In MPLS Domain FEC will not perform on every HOP, It will perform only on Ingress & Egress router in MPLS domain.

But in traditional IP network FEC will perform on every HOP that comes between source & destination.

The LER is the place where aggregation is completed. LER is responsible for classifying incoming packets and relating them to FECs. Each FEC is associated with an appropriate label and forwarding path. LER uses several modes to classify traffic. For example, using the packet destination adress and port as is indicated in the following table:

When packets leave the LER to go into the MPLS domain they will be forwarded using LSRs. To do this, the LSR looks just for labels on the MPLS packet and matches it with labels within its forwarding table. This forwarding table is called the Label Information Base (LIB). The LSR will push, pop or swap labels and forward packets according with LIB instructions. One representation of such a table is as follows:

Finally when the packet reaches again another LER to leave the MPLS domain, the LER removes the MPLS header and forward the packet to an IP network.

LDP Session Establishment

There are four categories of LDP messages

1] Discovery messages : - Announce and sustain an LSR's presence in the network
2] Session messages : - Establish, upkeep, and tear down sessions between LSRs
3] Advertisement messages : - Advertise label mappings to FECs
4] Notification messages : - Signal errors

All LDP messages follow the type, length, value (TLV) format. LDP uses TCP port 646, and the LSR with the higher LDP router ID opens a connection to port 646 of another LSR:

1] LDP sessions are initiated when an LSR sends periodic hellos (using UDP multicast on on interfaces enabled for MPLS forwarding. If another LSR is connected to that interface (and the interface enabled for MPLS), the directly connected LSR attempts to establish a session with the source of the LDP hello messages. The LSR with the higher LDP router ID is the active LSR. The active LSR attempts to open a TCP connection with the passive LSR (LSR with a lower router ID) on TCP port 646 (LDP).

2] The active LSR then sends an initialization message to the passive LSR, which contains information such as the session keepalive time, label distribution method, max PDU length, and receiver's LDP ID, and if loop detection is enabled.

3] The passive LDP LSR responds with an initialization message if the parameters are acceptable. If parameters are not acceptable, the passive LDP LSR sends an error notification message.

4] Passive LSR sends keepalive message to the active LSR after sending an initialization message.

5] The active LSR sends keepalive to the passive LDP LSR, and the LDP session comes up. At this juncture, label-FEC mappings can be exchanged between the LSRs

Special Outgoing Label Types

  • Untagged : -- The incoming MPLS packet is converted to an IP packet and forwarded to the destination (MPLS to IP Domain transition). This is used in the implementation of MPLS VPN

  • Implicit-null or POP label : -- This label is assigned when the top label of the incoming MPLS packet is removed and the resulting MPLS or IP packet is forwarded to the next-hop downstream router. The value for this label is 3 (20 bit label field). This label is used in MPLS networks that implement penultimate hop popping .

  • Explicit-null Labe : -- This label is assigned to preserve the EXP value of the top label of an incoming packet. The top label is swapped with a label value of 0 (20 bit label field) and forwarded as an MPLS packet to the next-hop downstream router. This label is used in the implementation of QoS with MPLS.

  • Aggregate : -- In this label, the incoming MPLS packet is converted to an IP packet (by removing all labels if label stack is found on incoming packet), and an FIB (CEF) lookup is performed to identify the outgoing interface to destination