Solved: MPLS VPN command help

praveen rai · ‎07-09-2015

Hi Expert,

I was doing MPLS VPN LAB in which I have 1 customer having 2 sites connected through MPLS VPN. now on both end PE router I use different RD value instead of same like on PE1 RD is 1:1 and on PE2 RD is 2:2 and I am running BGP routing protocol between PE to CE. Every thing working fine

except few output differences like when I run command on PE1 router becoz of 2 different RD it list prefixes in both RD.

PE3#sh ip bgp vpnv4 all | b Network
     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1
*>i 11.1.1.1/32      1.1.1.1                 11    100      0 200 ?
*>i 11.11.11.11/32   1.1.1.1                  0    100      0 200 ?
*>i 192.168.10.0     1.1.1.1                  0    100      0 200 ?
Route Distinguisher: 2:2 (default for vrf site2)
*>i 11.1.1.1/32      1.1.1.1                 11    100      0 200 ?
*>i 11.11.11.11/32   1.1.1.1                  0    100      0 200 ?
*> 33.3.3.3/32      10.0.3.2                11             0 200 ?
*> 33.33.33.33/32   10.0.3.2                 0             0 200 ?
*>i 192.168.10.0     1.1.1.1                  0    100      0 200 ?
*> 192.168.20.0     10.0.3.2                 0             0 200 ?

so now here I want to know why PE3 has RD 1:1 column when PE3 doesn't have RD value 1:1.on PE3 I config 2:2 as RD and prefixes listed under it understood able. so please explain it to me.

my second question is when I run command ,Show ip bgp vpnv4 vrf site2 11.1.1.1/32 output list as below

PE3#show ip bgp vpnv4 vrf site2 11.1.1.1/32
BGP routing table entry for 2:2:11.1.1.1/32, version 95
Paths: (1 available, best #1, table site2)
Advertised to update-groups:
     10
Refresh Epoch 1
200, imported path from 1:1:11.1.1.1/32 (global)
    1.1.1.1 (metric 21) (via default) from 1.1.1.1 (1.1.1.1)
      Origin incomplete, metric 11, localpref 100, valid, internal, best
      Extended Community: RT:100:1
      mpls labels in/out nolabel/110
      rx pathid: 0, tx pathid: 0x0

here what (global) means as it is MPLS VPN environment then why it list prefix global. Does global means global routing table if it does mean then i also checked global routing table and prefixes not listed there I don't know why it mention global in output.

yes I notice one thing we we use same RD value it will might not mention (global) after prefix but if we use different RD value for 1 customer sites then it mention. have a look this output

PE3#show ip bgp vpnv4 all 11.1.1.1/32
BGP routing table entry for 1:1:11.1.1.1/32, version 92
Paths: (1 available, best #1, no table)
Not advertised to any peer
Refresh Epoch 1
200
    1.1.1.1 (metric 21) (via default) from 1.1.1.1 (1.1.1.1)
      Origin incomplete, metric 11, localpref 100, valid, internal, best
      Extended Community: RT:100:1
      mpls labels in/out nolabel/110
      rx pathid: 0, tx pathid: 0x0
BGP routing table entry for 2:2:11.1.1.1/32, version 95
Paths: (1 available, best #1, table site2)
Advertised to update-groups:
     10
Refresh Epoch 1
200, imported path from 1:1:11.1.1.1/32 (global)
    1.1.1.1 (metric 21) (via default) from 1.1.1.1 (1.1.1.1)
      Origin incomplete, metric 11, localpref 100, valid, internal, best
      Extended Community: RT:100:1
      mpls labels in/out nolabel/110
      rx pathid: 0, tx pathid: 0x0

Vinit Jain · ‎07-09-2015

Hello Praveen

By default, All RD's are seen in the BGP vpnv4 table. If you have used two different RD's it will show two tables. If you are using same RD, routes will be shown in same table. (RD's are route distinguishers so this is how they are distinguishing the same route in the vpnv4 table).

Regarding your 2nd question, if you are importing a prefix from site1 into site2 vrf, for site2, you will notice that it will not show the statement "imported path from ". This is because, you are checking the RD which was learnt directly from a remote PE which is known via global table. But if you check the prefix in vrf Site1, then you will see "imported path from ... (global)". This is because, you have imported the route-target. Now, the RD for site2 is already learnt but then you are importing the route-target to get that route into vrf site1. So Site1 has it imported from site2 (thats why its showing 1:1:11.1.1.1/32 and then (global) which means that this route was learnt from a source which is known via global routing table.

Hope this clarifies.

Vinit

Thanks
--Vinit

View solution in original post

Vinit Jain · ‎07-10-2015

if you read my previous comment, i mentioned that by default BGP has both RD information in its table. With two different RD's, you are importing a prefix learnt from different RD and the next-hop for that RD is in global. Thus the global keyword.

Please do not get confused with the statement, its just a clarification in the command that the prefix is imported from a different RD. That output still displays the next-hop information.

R1#sh ip bgp vpnv4 rd 1:1 200.1.1.1
BGP routing table entry for 1:1:200.1.1.1/32, version 4
Paths: (1 available, best #1, table ABC)
  Not advertised to any peer
  Refresh Epoch 1
  Local, imported path from 2:2:200.1.1.1/32 (global)
    6.6.6.6 (metric 41) from 6.6.6.6 (6.6.6.6)
      Origin incomplete, metric 0, localpref 100, valid, internal, best
      Extended Community: RT:2:2
      mpls labels in/out nolabel/26
      rx pathid: 0, tx pathid: 0x0
R1#

Thanks
--Vinit

View solution in original post

Vinit Jain · ‎07-09-2015

Hello Praveen

By default, All RD's are seen in the BGP vpnv4 table. If you have used two different RD's it will show two tables. If you are using same RD, routes will be shown in same table. (RD's are route distinguishers so this is how they are distinguishing the same route in the vpnv4 table).

Regarding your 2nd question, if you are importing a prefix from site1 into site2 vrf, for site2, you will notice that it will not show the statement "imported path from ". This is because, you are checking the RD which was learnt directly from a remote PE which is known via global table. But if you check the prefix in vrf Site1, then you will see "imported path from ... (global)". This is because, you have imported the route-target. Now, the RD for site2 is already learnt but then you are importing the route-target to get that route into vrf site1. So Site1 has it imported from site2 (thats why its showing 1:1:11.1.1.1/32 and then (global) which means that this route was learnt from a source which is known via global routing table.

Hope this clarifies.

Vinit

Thanks
--Vinit

praveen rai · ‎07-09-2015

Hi Vinit,

First of all thanks for reply,second sorry mate i couldn't get your second question response.can u elaborate bit more.what due mean site 1 imported prefix into site 2 vrf will not show "imported path from" and (Global) .

here i would like to tell you one think,when i export site 1 prefixes and import it on site 2 vrf then i could see on site 2 imported path from" and marked with (Global) .

Any good link you know which explain all these .please do let me.for your understanding i am attaching my topology diagram pls refer

Vinit Jain · ‎07-09-2015

Hi Praveen

so my statement says that for Site 2 output, you will not see the statement ("imported path from...(global)"). Below is an example.

R1#sh ip bgp vpnv4 all
BGP table version is 4, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf ABC)
 *>  100.1.1.1/32     0.0.0.0                  0         32768 ?
 *>i 200.1.1.1/32     6.6.6.6                  0    100      0 ?
Route Distinguisher: 2:2
 *>i 200.1.1.1/32     6.6.6.6                  0    100      0 ?
R1#

In this output, we are learning 200.1.1.1/32 from remote site says Site2 and its imported into Site1 VRF. Now, the Site2 is learnt directly from remote PE 6.6.6.6 which is known via global routing table. Thus it will not show "imported path from... ". The reason is, the prefix is not imported. It exists with the same RD.

R1#sh ip bgp vpnv4 rd 2:2 200.1.1.1
BGP routing table entry for 2:2:200.1.1.1/32, version 3
Paths: (1 available, best #1, no table)
  Not advertised to any peer
  Refresh Epoch 1
  Local
    6.6.6.6 (metric 41) from 6.6.6.6 (6.6.6.6)
      Origin incomplete, metric 0, localpref 100, valid, internal, best
      Extended Community: RT:2:2
      mpls labels in/out nolabel/26
      rx pathid: 0, tx pathid: 0x0
R1#

But when we look at the prefix under RD 1:1, its imported because we are importing the route-target value from other site.

ip vrf ABC
 rd 1:1
 route-target export 1:1
 route-target import 1:1
 route-target import 2:2
!
R1#sh ip bgp vpnv4 rd 1:1 200.1.1.1
BGP routing table entry for 1:1:200.1.1.1/32, version 4
Paths: (1 available, best #1, table ABC)
  Not advertised to any peer
  Refresh Epoch 1
  Local, imported path from 2:2:200.1.1.1/32 (global)
    6.6.6.6 (metric 41) from 6.6.6.6 (6.6.6.6)
      Origin incomplete, metric 0, localpref 100, valid, internal, best
      Extended Community: RT:2:2
      mpls labels in/out nolabel/26
      rx pathid: 0, tx pathid: 0x0
R1#

This is an imported prefix from RD 2:2 not the locally originated prefix under the RD. Thats why, we see the imported path from 2:2:200.1.1.1/32. Now this prefix is from different RD, which we already know is from a different PE router which can be reached via global routing table (explained in first set of output). So, the (global) tag tells the MPBGP that if you want to look the source of the prefix 2:2:200.1.1.1/32, do not look into the VRF table but look into the global routing table as its learnt from remote PE. The next-hop here is the remote PE which is 6.6.6.6.

Hope this clarifies now

PS. I dont think there is any CCO document that explains this.

Vinit

Thanks
--Vinit

praveen rai · ‎07-09-2015

Hi Vinit,

Thanks mate, now I am getting bit.so let me tell what I understand. prefix 200.1.1.1/32 is what we learned from Customer 1 site 2 into PE2 vrf okay, now on PE1 we import that route into site 1 vrf has RD 1:1.so here global means 200.1.1.1/32 which PE2 learned first from customer site 2 global routing table which it advertise or better we say export through route-target and get imported on PE1 vrf list imported by...(global)

so here global denote PE2 learned 200.1.1.1/32 from customer 1 site 2 global routing table that's why it listed in PE1 show output as Global after prefix

please correct me if my understanding is wrong here.

Vinit Jain · ‎07-09-2015

Global here means that 200.1.1.1/32 is learnt via a next-hop known via global routing table. Its the next-hop value which is looked for to reach remote PE.

Thanks
--Vinit

praveen rai · ‎07-10-2015

Hi Vinit,

Did you checked my comment where I said when we use same RD on site then why global is not listed for next-hop. but for different RD it list global after next-hop address.

praveen rai · ‎07-10-2015

Hi Vinit,

Thanks a lot for clearing my doubts .i really appreciate your effort.so just becoz there is different RD value and when we import the prefixes with respective RD in one vrf to other. show output always tell how do we get this route into bgp table and how it's next-hop reachable with marking as (global) keyword after next-hop.

But when do we have single RD PE devices already aware about prefix known through same RD so not put global keyword after next-hop. As in MPLS it is by default process to look global table for next-hop on which MP-IBGP peer session formed normally.

praveen rai · ‎07-09-2015

Hi Vinit,

I just lab same topology. this time I kept same RD value which is 1:1 on both PE routers and this time show output of command is different than what I post earlier have look.

PE1#sh ip bgp vpnv4 rd 1:1 33.3.3.3/32
BGP routing table entry for 1:1:33.3.3.3/32, version 8
Paths: (1 available, best #1, table site1)
Advertised to update-groups:
     2
Refresh Epoch 1
200
    3.3.3.3 (metric 21) (via default) from 3.3.3.3 (3.3.3.3)
      Origin incomplete, metric 11, localpref 100, valid, internal, best
      Extended Community: RT:100:1
      mpls labels in/out nolabel/300
      rx pathid: 0, tx pathid: 0x0
now see above output no (global) listed after next-hop 3.3.3.3.but in earlier output it was there why?

so my observation on both config is when we use different RD on both PE router in that case it will list (Global) after next-hop ip but if we use same RD then it will not.

Vinit Jain · ‎07-10-2015

Hello Praveen

so now, you already see the next-hop as 3.3.3.3 as both are same RD's and it knows the prefix is from remote RD. It will directly look into the global routing table to lookup for 3.3.3.3

Thanks
--Vinit

Vinit Jain · ‎07-10-2015

if you read my previous comment, i mentioned that by default BGP has both RD information in its table. With two different RD's, you are importing a prefix learnt from different RD and the next-hop for that RD is in global. Thus the global keyword.

Please do not get confused with the statement, its just a clarification in the command that the prefix is imported from a different RD. That output still displays the next-hop information.

R1#sh ip bgp vpnv4 rd 1:1 200.1.1.1
BGP routing table entry for 1:1:200.1.1.1/32, version 4
Paths: (1 available, best #1, table ABC)
  Not advertised to any peer
  Refresh Epoch 1
  Local, imported path from 2:2:200.1.1.1/32 (global)
    6.6.6.6 (metric 41) from 6.6.6.6 (6.6.6.6)
      Origin incomplete, metric 0, localpref 100, valid, internal, best
      Extended Community: RT:2:2
      mpls labels in/out nolabel/26
      rx pathid: 0, tx pathid: 0x0
R1#

Thanks
--Vinit