SanJose# show clns neighbors
Area EuroBank:
System Id Interface SNPA State Holdtime Type Protocol SanFrancisco Se3/0/0 *HDLC* Up 26 L1L2 IS-IS
SanJose# show clns neighbors detail
Area EuroBank:
System Id Interface SNPA State Holdtime Type Protocol SanFrancisco Se3/0/0 *HDLC* Up 28 L1L2 IS-IS Area Address(es): 47.1234
IP Address(es): 192.168.2.13*
Uptime: 00:00:36
At this stage of the deployment, the San Francisco EuroBank CE router should see all routers within its local site in addition to the San Jose PE router. Because both the PE router and the CE router are running Level 1-2, all routes that are reachable within the site should be seen both within the Level 1 and Level 2 link-state database. Example 3-20 confirms this and shows that the San Francisco CE router has Level 1 and Level 2 link-state packets (LSPs) from the San Jose PE router.
Example 3-20. Level 1-2 Database for EuroBank CE Router
SanFrancisco# show isis database detail
IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
• Table of Contents
• Index
MPLS and VPN Architectures, Volume II By Jim Guichard, Ivan Pepelnjak, Jeff Apcar
Publisher: Cisco Press Pub Date: June 06, 2003
ISBN: 1-58705-112-5 Pages: 504
With MPLS and VPN Architectures, Volume II, you'll learn:
How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II, builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II, begins with a brief refresher of the MPLS VPN Architecture. Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone. Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting.
MPLS and VPN Architectures, Volume II, also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced SanFrancisco.00-00 * 0x00000004 0x85CB 942 1/0/0 Area Address: 47.1234
NLPID: 0xCC Hostname: SanFrancisco IP Address: 10.2.1.1
Metric: 10 IP 192.168.2.12/30 Metric: 0 IP 10.2.1.1/32
Metric: 10 IS-Extended SanJose.00
SanJose.00-00 0x00000003 0xBE4C 1065 1/0/0 Area Address: 47.1234
NLPID: 0xCC Hostname: SanJose
IP Address: 196.7.25.3
Metric: 10 IP 192.168.2.12/30 Metric: 0 IP 196.7.25.3/32
Metric: 10 IS-Extended SanFrancisco.00 IS-IS Level-2 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL SanFrancisco.00-00 * 0x00000002 0xDC7E 925 0/0/0 Area Address: 47.1234
NLPID: 0xCC Hostname: SanFrancisco IP Address: 10.2.1.1
Metric: 10 IS-Extended SanJose.00 Metric: 0 IP 10.2.1.1/32
Metric: 10 IP 192.168.2.12/30
SanJose.00-00 0x00000004 0x050A 1058 0/0/0 Area Address: 47.1234
NLPID: 0xCC Hostname: SanJose
• Table of Contents
• Index
MPLS and VPN Architectures, Volume II By Jim Guichard, Ivan Pepelnjak, Jeff Apcar
Publisher: Cisco Press Pub Date: June 06, 2003
ISBN: 1-58705-112-5 Pages: 504
With MPLS and VPN Architectures, Volume II, you'll learn:
How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II, builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II, begins with a brief refresher of the MPLS VPN Architecture. Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone. Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting.
MPLS and VPN Architectures, Volume II, also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced IP Address: 196.7.25.3
Metric: 10 IS-Extended SanFrancisco.00 Metric: 0 IP 196.7.25.3/32
Metric: 10 IP 10.2.1.1/32 Metric: 10 IP 192.168.2.12/30
IS-IS always prefers intra-area routes to interarea routes. This means that in our example, the EuroBank San Francisco CE router will select any Level 1 routes over Level 2 routes learned from the San Jose PE router. The previous example showed that the only route reachable at the San Jose PE router is 196.7.25.3/32, and this was advertised both at Level 1 and Level 2.
Example 3-21 shows that the San Francisco CE router has selected the Level 1 path for this particular prefix.
Example 3-21. San Francisco CE Router Level 1-2 Route Selection
SanFrancisco# show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
196.7.25.0/32 is subnetted, 1 subnets
i L1 196.7.25.3 [115/10] via 192.168.2.14, Serial1/0 10.0.0.0/32 is subnetted, 1 subnets
C 10.2.1.1 is directly connected, Loopback0 192.168.2.0/30 is subnetted, 1 subnets
C 192.168.2.12 is directly connected, Serial1/0
• Table of Contents
• Index
MPLS and VPN Architectures, Volume II By Jim Guichard, Ivan Pepelnjak, Jeff Apcar
Publisher: Cisco Press Pub Date: June 06, 2003
ISBN: 1-58705-112-5 Pages: 504
With MPLS and VPN Architectures, Volume II, you'll learn:
How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II, builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II, begins with a brief refresher of the MPLS VPN Architecture. Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone. Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting.
MPLS and VPN Architectures, Volume II, also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced Now that all the local site routes have been learned, you must redistribute them from within the VRF into Multiprotocol BGP so that other PE routers can import them. An example of how to configure this redistribution was shown earlier. After the redistribution has been completed, any routes that are learned from the San Francisco CE router or locally attached VRF interfaces that are associated with the EuroBank IS-IS process are carried within Multiprotocol BGP (see Example 3-22). This example also shows the output of debug isis vrf, which can be used to confirm that the routes are passed to Level 3 (MPLS VPN backbone) and advertised by Multiprotocol BGP.
Example 3-22. IS-IS Routes Carried Within Multiprotocol BGP
SanJose# show ip bgp vpnv4 vrf EuroBank
BGP table version is 54, local router ID is 194.22.15.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:251 (default for vrf EuroBank)
*> 10.2.1.1/32 192.168.2.13 10 32768 ?
*> 192.168.2.12/30 0.0.0.0 0 32768 ?
SanJose# show ip bgp vpnv4 vrf EuroBank 10.2.1.1
BGP routing table entry for 100:251:10.2.1.1/32, version 54 Paths: (1 available, best #1, table EuroBank)
Advertised to non peer-group peers:
192.168.1.14 194.22.15.3 Local
192.168.2.13 from 0.0.0.0 (194.22.15.2)
Origin incomplete, metric 10, localpref 100, weight 32768, valid, sourced, best Extended Community: RT:1:793
SanJose# debug isis vrf
• Table of Contents
• Index
MPLS and VPN Architectures, Volume II By Jim Guichard, Ivan Pepelnjak, Jeff Apcar
Publisher: Cisco Press Pub Date: June 06, 2003
ISBN: 1-58705-112-5 Pages: 504
With MPLS and VPN Architectures, Volume II, you'll learn:
How to integrate various remote access technologies into the backbone providing VPN service to many different types of customers
The new PE-CE routing options as well as other advanced features, including per-VPN Network Address Translation (PE-NAT)
How VRFs can be extended into a customer site to provide separation inside the customer network
The latest MPLS VPN security features and designs aimed at protecting the MPLS VPN backbone
How to carry customer multicast traffic inside a VPN
The latest inter-carrier enhancements to allow for easier and more scalable deployment of inter-carrier MPLS VPN services
Advanced troubleshooting techniques including router outputs to ensure high availability MPLS and VPN Architectures, Volume II, builds on the best-selling MPLS and VPN
Architectures, Volume I (1-58705-002-1), from Cisco Press. Extending into more advanced topics and deployment architectures, Volume II provides readers with the necessary tools they need to deploy and maintain a secure, highly available VPN.
MPLS and VPN Architectures, Volume II, begins with a brief refresher of the MPLS VPN Architecture. Part II describes advanced MPLS VPN connectivity including the integration of service provider access technologies (dial, DSL, cable, Ethernet) and a variety of routing protocols (IS-IS, EIGRP, and OSPF), arming the reader with the knowledge of how to integrate these features into the VPN backbone. Part III details advanced deployment issues including security, outlining the necessary steps the service provider must take to protect the backbone and any attached VPN sites, and also detailing the latest security features to allow more advanced topologies and filtering. This part also covers multi-carrier MPLS VPN
deployments. Finally, Part IV provides a methodology for advanced MPLS VPN troubleshooting.
MPLS and VPN Architectures, Volume II, also introduces the latest advances in customer integration, security, and troubleshooting features essential to providing the advanced 5d22h: ISIS-VRF: EuroBank:Adv(ISIS=>BGP VPN) 10.2.1.1/32, L3
5d22h: ISIS-VRF: EuroBank:Adv(ISIS=>BGP VPN) 192.168.2.12/30, L3
It is also necessary to redistribute any remote EuroBank routes into the local site at the PE router. Example 3-23 shows some debugging output that confirms successful redistribution of Multiprotocol BGP routes into Level 1 and Level 2 IS-IS topology databases, and also the San Francisco CE router's routing table after this redistribution has been performed at the San Jose PE router.