MPLS VPN using IS-IS between PE-CE link

Meddane · ‎07-14-2022

The interfaces of P and PE routers are enabled for frame mode MPLS with the mpls ip interface subcommand and all P and PE routers use a common IGP (EIGRP with AS 200):

P#show mpls ldp neighbor

Peer LDP Ident: 1.1.1.1:0; Local LDP Ident 3.3.3.3:0

TCP connection: 1.1.1.1.646 - 3.3.3.3.33628

State: Oper; Msgs sent/rcvd: 10/11; Downstream

Up time: 00:01:54

LDP discovery sources:

Serial1/0, Src IP addr: 192.168.1.1

Addresses bound to peer LDP Ident:

10.1.1.1 192.168.1.1 1.1.1.1

Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 3.3.3.3:0

TCP connection: 2.2.2.2.646 - 3.3.3.3.17194

State: Oper; Msgs sent/rcvd: 9/10; Downstream

Up time: 00:01:19

LDP discovery sources:

Serial1/1, Src IP addr: 192.168.2.1

Addresses bound to peer LDP Ident:

10.2.2.1 192.168.2.1 2.2.2.2

P#

PE1#show mpls ldp neighbor

Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 1.1.1.1:0

TCP connection: 3.3.3.3.33628 - 1.1.1.1.646

State: Oper; Msgs sent/rcvd: 10/9; Downstream

Up time: 00:01:43

LDP discovery sources:

Serial1/0, Src IP addr: 192.168.1.2

Addresses bound to peer LDP Ident:

192.168.1.2 192.168.2.2 3.3.3.3

PE1#

PE2#show mpls ldp neighbor

Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 2.2.2.2:0

TCP connection: 3.3.3.3.17194 - 2.2.2.2.646

State: Oper; Msgs sent/rcvd: 10/9; Downstream

Up time: 00:01:13

LDP discovery sources:

Serial1/0, Src IP addr: 192.168.2.2

Addresses bound to peer LDP Ident:

192.168.1.2 192.168.2.2 3.3.3.3

PE2#

PE1#show mpls forwarding-table

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface

16 Pop Label 3.3.3.0/24 0 Se1/0 point2point

17 Pop Label 192.168.2.0/24 0 Se1/0 point2point

18 17 2.2.2.0/24 0 Se1/0 point2point

PE1#

PE2#show mpls forwarding-table

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface

16 Pop Label 3.3.3.0/24 0 Se1/0 point2point

17 Pop Label 192.168.1.0/24 0 Se1/0 point2point

18 16 1.1.1.0/24 0 Se1/0 point2point

PE2#

Configuration of VRF:

Create each VRF, RD, and RT, plus associating the customer-facing PE interfaces with the correct VRF:

VRF CUST-A, RD 1:111, RT 1:100

VRF CUST-B, RD 2:222, RT 2:200

PE1

ip vrf CUST-A

rd 1:111

route-target export 1:100

route-target import 1:100

!

ip vrf CUST-B

rd 2:222

route-target export 2:200

route-target import 2:200

!

interface FastEthernet0/0

ip vrf forwarding CUST-A

ip address 10.1.1.1 255.255.255.0

!

interface FastEthernet0/1

ip vrf forwarding CUST-B

ip address 10.3.3.1 255.255.255.0

PE2

ip vrf CUST-A

rd 1:111

route-target export 1:100

route-target import 1:100

!

ip vrf CUST-B

rd 2:222

route-target export 2:200

route-target import 2:200

!

interface FastEthernet0/0

ip vrf forwarding CUST-A

ip address 10.2.2.1 255.255.255.0

!

interface FastEthernet0/1

ip vrf forwarding CUST-B

ip address 10.4.4.1 255.255.255.0

Configuring the IGP Between PE and CE routers

I am using IS-IS between CEs and PEs routers:

PE1(config)#router isis CCNP

PE1(config-router)#net 49.0000.1111.bbbb.00

PE1(config-router)#router isis CCIE

PE1(config-router)#net 49.0000.1111.aaaa.00

PE1(config-router)#int fa0/0

PE1(config-if)#ip router isis CCIE

PE1(config-if)#int fa0/1

PE1(config-if)#ip router isis CCNP

PE2(config)#router isis CCIE

PE2(config-router)#vrf CUST-A

PE2(config-router)#net 49.0000.2222.aaaa.00

PE2(config-router)#router isis CCNP

PE2(config-router)#vrf CUST-B

PE2(config-router)#net 49.0000.2222.bbbb.00

PE2(config-router)#int fa0/0

PE2(config-if)#ip router isis CCIE

PE2(config-if)#int fa0/1

PE2(config-if)#ip router isis CCNP

CE-A1(config)#router isis

CE-A1(config-router)#net 49.0000.0000.aa11.00

CE-A1(config-router)#int fa0/0

CE-A1(config-if)#ip router isis

CE-A1(config-router)#int Lo0

CE-A1(config-if)#ip router isis

CE-A2(config)#router isis

CE-A2(config-router)#net 49.0000.0000.aa22.00

CE-A2(config-router)#int fa0/0

CE-A2(config-if)#ip router isi

CE-A2(config-if)#ip router isis

CE-A2(config-if)#int lo0

CE-A2(config-if)#ip router isis

CE-B1(config)#router isis

CE-B1(config-router)#net 49.0000.0000.bb11.00

CE-B1(config-router)#int fa0/0

CE-B1(config-if)#ip router isis

CE-B1(config-router)#int Lo0

CE-B1(config-if)#ip router isis

CE-B2(config)#router isis

CE-B2(config-router)#net 49.0000.0000.bb22.00

CE-B2(config-router)#int fa0/0

CE-B2(config-if)#ip router isis

CE-B2(config-router)#int Lo0

CE-B2(config-if)#ip router isis

Let's verify the IS-IS neighboring, The PE and CE routers negociate the L1 and L2 adjacencies because the IS-IS routers act as a L1/2 router.

PE1#show isis neighbors

Tag CCIE:

System Id Type Interface IP Address State Holdtime Circuit Id

CE-A1 L1 Fa0/0 10.1.1.2 UP 21 PE1.01

CE-A1 L2 Fa0/0 10.1.1.2 UP 21 PE1.01

Tag CCNP:

System Id Type Interface IP Address State Holdtime Circuit Id

CE-B1 L1 Fa0/1 10.3.3.2 UP 8 CE-B1.01

CE-B1 L2 Fa0/1 10.3.3.2 UP 8 CE-B1.01

PE1#

PE2#show isis neighbors

Tag CCIE:

System Id Type Interface IP Address State Holdtime Circuit Id

CE-A2 L1 Fa0/0 10.2.2.2 UP 8 CE-A2.01

CE-A2 L2 Fa0/0 10.2.2.2 UP 6 CE-A2.01

Tag CCNP:

System Id Type Interface IP Address State Holdtime Circuit Id

CE-B2 L1 Fa0/1 10.4.4.2 UP 7 CE-B2.01

CE-B2 L2 Fa0/1 10.4.4.2 UP 9 CE-B2.01

PE2#

The PE routers create two separate LSDB for each VRF customers as shown by the show isis database on PE1 router taggued with the VRF name.

The PE routers have two separate Link State Database for Level 1 and Level 2 for each VRF.

PE1#show isis database

Tag CCIE:

IS-IS Level-1 Link State Database:

LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL

CE-A1.00-00 0x0000000F 0xF912 1169 0/0/0

PE1.00-00 * 0x00000006 0xA71C 1169 0/0/0

PE1.01-00 * 0x00000001 0xD0DA 1167 0/0/0

IS-IS Level-2 Link State Database:

LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL

CE-A1.00-00 0x0000000D 0xCC41 1173 0/0/0

PE1.00-00 * 0x00000010 0xE178 1180 0/0/0

PE1.01-00 * 0x00000007 0x54D9 1176 0/0/0

Tag CCNP:

IS-IS Level-1 Link State Database:

LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL

CE-B1.00-00 0x00000009 0xDFF9 1169 0/0/0

PE1.00-00 * 0x00000008 0x472E 1170 0/0/0

PE1.01-00 * 0x00000001 0x1541 1167 0/0/0

IS-IS Level-2 Link State Database:

LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL

CE-B1.00-00 0x0000000F 0x6370 1175 0/0/0

PE1.00-00 * 0x0000000B 0xE929 1178 0/0/0

PE1.01-00 * 0x00000001 0xA43A 1178 0/0/0

PE1#

PE2#show isis database

Tag CCIE:

IS-IS Level-1 Link State Database:

LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL

CE-A2.00-00 0x0000000B 0xAC2B 1111 0/0/0

PE2.00-00 * 0x00000009 0x6F08 1114 0/0/0

PE2.01-00 * 0x00000001 0x9DB8 1114 0/0/0

IS-IS Level-2 Link State Database:

LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL

CE-A2.00-00 0x00000009 0x32A7 1108 0/0/0

PE2.00-00 * 0x0000000C 0x2CE7 1130 0/0/0

PE2.01-00 * 0x00000001 0x2DB1 1106 0/0/0

Tag CCNP:

IS-IS Level-1 Link State Database:

LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL

CE-B2.00-00 0x00000009 0x8A17 1107 0/0/0

PE2.00-00 * 0x00000007 0x1716 1107 0/0/0

PE2.01-00 * 0x00000001 0xE11F 1105 0/0/0

IS-IS Level-2 Link State Database:

LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL

CE-B2.00-00 0x0000000A 0xCAD5 1108 0/0/0

PE2.00-00 * 0x0000000C 0x2A9D 1114 0/0/0

PE2.01-00 * 0x00000001 0x7118 1106 0/0/0

PE2#

Verify the IP routes for each VRF, we can see that the PE1 routers install a Level-1 route because they are learned through the same area from the CE routers:

PE1#show ip route vrf CUST-A | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.1.1.0/24 is directly connected, FastEthernet0/0

L 10.1.1.1/32 is directly connected, FastEthernet0/0

172.16.0.0/24 is subnetted, 1 subnets

i L1 172.16.1.0 [115/20] via 10.1.1.2, 00:10:30, FastEthernet0/0

PE1#

PE1#show ip route vrf CUST-B | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.3.3.0/24 is directly connected, FastEthernet0/1

L 10.3.3.1/32 is directly connected, FastEthernet0/1

172.16.0.0/24 is subnetted, 1 subnets

i L1 172.16.1.0 [115/20] via 10.3.3.2, 00:10:39, FastEthernet0/1

PE1#

PE2#show ip route vrf CUST-A | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.2.2.0/24 is directly connected, FastEthernet0/0

L 10.2.2.1/32 is directly connected, FastEthernet0/0

172.16.0.0/24 is subnetted, 1 subnets

i L1 172.16.2.0 [115/20] via 10.2.2.2, 00:11:22, FastEthernet0/0

PE2#

PE2#show ip route vrf CUST-B | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.4.4.0/24 is directly connected, FastEthernet0/1

L 10.4.4.1/32 is directly connected, FastEthernet0/1

172.16.0.0/24 is subnetted, 1 subnets

i L1 172.16.2.0 [115/20] via 10.4.4.2, 00:11:41, FastEthernet0/1

PE2#

Now let's configure the PE routers as Level-2-Only:

PE1(config-router-af)#router isis CCIE

PE1(config-router)#is-type level-2-only

PE1(config-router)#router isis CCNP

PE1(config-router)#is-type level-2-only

PE2(config-router-af)#router isis CCIE

PE2(config-router)#is-type level-2-only

PE2(config-router)#router isis CCNP

PE2(config-router)#is-type level-2-only

Now we have a Level 2 adjacencies between the PE and CE routers:

PE1#show isis neighbors

Tag CCIE:

System Id Type Interface IP Address State Holdtime Circuit Id

CE-A1 L2 Fa0/0 10.1.1.2 UP 29 PE1.01

Tag CCNP:

System Id Type Interface IP Address State Holdtime Circuit Id

CE-B1 L2 Fa0/1 10.3.3.2 UP 26 PE1.01

PE1#

PE2#show isis neighbors

Tag CCIE:

System Id Type Interface IP Address State Holdtime Circuit Id

CE-A2 L2 Fa0/0 10.2.2.2 UP 26 PE2.01

Tag CCNP:

System Id Type Interface IP Address State Holdtime Circuit Id

CE-B2 L2 Fa0/1 10.4.4.2 UP 25 PE2.01

PE2#

And the IS-IS database is reduced and contains only Level-2 database:

PE1#show isis database

Tag CCIE:

IS-IS Level-2 Link State Database:

LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL

CE-A1.00-00 0x00000011 0xC445 921 0/0/0

PE1.00-00 * 0x00000017 0xE7FB 1102 0/0/0

PE1.01-00 * 0x0000000A 0x4EDC 923 0/0/0

Tag CCNP:

IS-IS Level-2 Link State Database:

LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL

CE-B1.00-00 0x00000013 0x5B74 928 0/0/0

PE1.00-00 * 0x00000012 0xEFAC 1112 0/0/0

PE1.01-00 * 0x00000004 0x9E3D 930 0/0/0

PE1#

The PE routers installs a Level-2 routes because they are a Level-2-Only routers:

PE1#show ip route vrf CUST-A | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.1.1.0/24 is directly connected, FastEthernet0/0

L 10.1.1.1/32 is directly connected, FastEthernet0/0

172.16.0.0/24 is subnetted, 1 subnets

i L2 172.16.1.0 [115/20] via 10.1.1.2, 00:00:15, FastEthernet0/0

PE1#

PE1#show ip route vrf CUST-B | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.3.3.0/24 is directly connected, FastEthernet0/1

L 10.3.3.1/32 is directly connected, FastEthernet0/1

172.16.0.0/24 is subnetted, 1 subnets

i L2 172.16.1.0 [115/20] via 10.3.3.2, 00:00:20, FastEthernet0/1

PE1#

PE2#show ip route vrf CUST-A | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.2.2.0/24 is directly connected, FastEthernet0/0

L 10.2.2.1/32 is directly connected, FastEthernet0/0

172.16.0.0/24 is subnetted, 1 subnets

i L2 172.16.2.0 [115/20] via 10.2.2.2, 00:01:52, FastEthernet0/0

PE2#

PE2#show ip route vrf CUST-B | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.4.4.0/24 is directly connected, FastEthernet0/1

L 10.4.4.1/32 is directly connected, FastEthernet0/1

172.16.0.0/24 is subnetted, 1 subnets

i L2 172.16.2.0 [115/20] via 10.4.4.2, 00:01:57, FastEthernet0/1

PE2#

Redistribution Between PE-CE routers (between ISIS and MP-BGP):

PE1(config)#router bgp 65000

PE1(config-router)#address-family ipv4 vrf CUST-A

PE1(config-router-af)#redistribute isis CCIE level-1-2

PE1(config-router-af)#address-family ipv4 vrf CUST-B

PE1(config-router-af)#redistribute isis CCNP level-1-2

PE1(config)#router isis CCIE

PE1(config-router)#redistribute bgp 65000

PE1(config-router)#router isis CCNP

PE1(config-router)#redistribute bgp 65000

PE2(config)#router bgp 65000

PE2(config-router)#address-family ipv4 vrf CUST-A

PE2(config-router-af)#redistribute isis CCIE level-1-2

PE2(config-router-af)#address-family ipv4 vrf CUST-B

PE2(config-router-af)#redistribute isis CCNP level-1-2

PE2(config)#router isis CCIE

PE2(config-router)#redistribute bgp 65000 level-1-2

PE2(config-router)#router isis CCNP

PE2(config-router)#redistribute bgp 65000 level-1-2

Verify the BGP neighbor:

PE1#show ip bgp summary

BGP router identifier 1.1.1.1, local AS number 65000

BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

2.2.2.2 4 65000 2 2 1 0 0 00:00:09 0

PE1#

PE2#show ip bgp summary

BGP router identifier 2.2.2.2, local AS number 65000

BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

1.1.1.1 4 65000 6 4 1 0 0 00:00:51 0

PE2#

Verify the per-RD BGP table. And we can see the overlapping subnets 172.16.1.1/32 and 172.16.2.1/32 are a part of the two customers’ address spaces:

PE1#show ip bgp vpnv4 all

BGP table version is 7, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:111 (default for vrf CUST-A)

*> 172.16.1.0/24 10.1.1.2 20 32768 ?

*>i 172.16.2.0/24 2.2.2.2 20 100 0 ?

Route Distinguisher: 2:222 (default for vrf CUST-B)

*> 172.16.1.0/24 10.3.3.2 20 32768 ?

*>i 172.16.2.0/24 2.2.2.2 20 100 0 ?

PE1#

PE2#show ip bgp vpnv4 all

BGP table version is 7, local router ID is 2.2.2.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:111 (default for vrf CUST-A)

*>i 172.16.1.0/24 1.1.1.1 20 100 0 ?

*> 172.16.2.0/24 10.2.2.2 20 32768 ?

Route Distinguisher: 2:222 (default for vrf CUST-B)

*>i 172.16.1.0/24 1.1.1.1 20 100 0 ?

*> 172.16.2.0/24 10.4.4.2 20 32768 ?

PE2#

Notice that the prefixes 10.2.2.0/24 and 10.4.4.0/24 are missisng in the BGP table of PE1 router. Same thing for the prefixes 10.1.1.0/24 and 10.3.3.0/24 which are missing in the BGP table of PE2 router.

To get these prefixes that are within the VRF into MP-BGP,it is necessary to configure the redistribute connected within the BGP address family for that VRF.

PE1(config-router)#router bgp 65000

PE1(config-router)#address-family ipv4 vrf CUST-A

PE1(config-router-af)#redistribute connected

PE1(config-router-af)#address-family ipv4 vrf CUST-B

PE1(config-router-af)#redistribute connected

PE2(config-router)#router bgp 65000

PE2(config-router)#address-family ipv4 vrf CUST-A

PE2(config-router-af)#redistribute connected

PE2(config-router-af)#address-family ipv4 vrf CUST-B

PE2(config-router-af)#redistribute connected

Verify the per-RD BGP table once again, PE1 router receives the prefixes 10.2.2.0/24 and 10.4.4.0/24 and PE2 router receive the prefixes 10.1.1.0/24 and 10.3.3.0/24:

PE1#show ip bgp vpnv4 all

BGP table version is 13, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:111 (default for vrf CUST-A)

*> 10.1.1.0/24 0.0.0.0 0 32768 ?

*>i 10.2.2.0/24 2.2.2.2 0 100 0 ?

*> 172.16.1.0/24 10.1.1.2 20 32768 ?

*>i 172.16.2.0/24 2.2.2.2 20 100 0 ?

Route Distinguisher: 2:222 (default for vrf CUST-B)

*> 10.3.3.0/24 0.0.0.0 0 32768 ?

*>i 10.4.4.0/24 2.2.2.2 0 100 0 ?

*> 172.16.1.0/24 10.3.3.2 20 32768 ?

*>i 172.16.2.0/24 2.2.2.2 20 100 0 ?

PE1#

PE2#show ip bgp vpnv4 all

BGP table version is 13, local router ID is 2.2.2.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:111 (default for vrf CUST-A)

*>i 10.1.1.0/24 1.1.1.1 0 100 0 ?

*> 10.2.2.0/24 0.0.0.0 0 32768 ?

*>i 172.16.1.0/24 1.1.1.1 20 100 0 ?

*> 172.16.2.0/24 10.2.2.2 20 32768 ?

Route Distinguisher: 2:222 (default for vrf CUST-B)

*>i 10.3.3.0/24 1.1.1.1 0 100 0 ?

*> 10.4.4.0/24 0.0.0.0 0 32768 ?

*>i 172.16.1.0/24 1.1.1.1 20 100 0 ?

*> 172.16.2.0/24 10.4.4.2 20 32768 ?

PE2#

Verify the the per-VRF routing tables of PEs routers, they receive both the BGP routes toward 172.16.1.0/24 and 172.16.2.0/24 for each VRF:

PE1#show ip route vrf CUST-A | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

C 10.1.1.0/24 is directly connected, FastEthernet0/0

L 10.1.1.1/32 is directly connected, FastEthernet0/0

B 10.2.2.0/24 [200/0] via 2.2.2.2, 00:23:56

172.16.0.0/24 is subnetted, 2 subnets

i L2 172.16.1.0 [115/20] via 10.1.1.2, 00:34:26, FastEthernet0/0

B 172.16.2.0 [200/20] via 2.2.2.2, 00:32:28

PE1#

PE1#show ip route vrf CUST-B | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

C 10.3.3.0/24 is directly connected, FastEthernet0/1

L 10.3.3.1/32 is directly connected, FastEthernet0/1

B 10.4.4.0/24 [200/0] via 2.2.2.2, 00:23:57

172.16.0.0/24 is subnetted, 2 subnets

i L2 172.16.1.0 [115/20] via 10.3.3.2, 00:34:50, FastEthernet0/1

B 172.16.2.0 [200/20] via 2.2.2.2, 00:32:34

PE1#

PE2#show ip route vrf CUST-A | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

B 10.1.1.0/24 [200/0] via 1.1.1.1, 00:25:30

C 10.2.2.0/24 is directly connected, FastEthernet0/0

L 10.2.2.1/32 is directly connected, FastEthernet0/0

172.16.0.0/24 is subnetted, 2 subnets

B 172.16.1.0 [200/20] via 1.1.1.1, 00:33:41

i L2 172.16.2.0 [115/20] via 10.2.2.2, 00:35:26, FastEthernet0/0

PE2#

PE2#show ip route vrf CUST-B | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

B 10.3.3.0/24 [200/0] via 1.1.1.1, 00:25:30

C 10.4.4.0/24 is directly connected, FastEthernet0/1

L 10.4.4.1/32 is directly connected, FastEthernet0/1

172.16.0.0/24 is subnetted, 2 subnets

B 172.16.1.0 [200/20] via 1.1.1.1, 00:33:48

i L2 172.16.2.0 [115/20] via 10.4.4.2, 00:35:37, FastEthernet0/1

PE2#

Verify that the customer routers have learned the routes from each customer router in the same VRF:

CE-A1#show ip route isis | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

i L2 10.2.2.0/24 [115/10] via 10.1.1.1, 00:18:12, FastEthernet0/0

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

i L2 172.16.2.0/24 [115/10] via 10.1.1.1, 00:23:59, FastEthernet0/0

CE-A1#

CE-A2#show ip route isis | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

i L2 10.1.1.0/24 [115/10] via 10.2.2.1, 00:19:29, FastEthernet0/0

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

i L2 172.16.1.0/24 [115/10] via 10.2.2.1, 00:24:29, FastEthernet0/0

CE-A2#

CE-B1#show ip route isis | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

i L2 10.4.4.0/24 [115/10] via 10.3.3.1, 00:20:40, FastEthernet0/0

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

i L2 172.16.2.0/24 [115/10] via 10.3.3.1, 00:26:26, FastEthernet0/0

CE-B1#

CE-B2#show ip route isis | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

i L2 10.3.3.0/24 [115/10] via 10.4.4.1, 00:22:05, FastEthernet0/0

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

i L2 172.16.1.0/24 [115/10] via 10.4.4.1, 00:27:07, FastEthernet0/0

CE-B2#

Verify the connectivity between customers:

CE-A1#ping 172.16.2.1 sou 172.16.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:

Packet sent with a source address of 172.16.1.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 512/662/916 ms

CE-A1#

CE-B1#ping 172.16.2.1 sou 172.16.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:

Packet sent with a source address of 172.16.1.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 576/636/676 ms

CE-B1#

As you can see above in the routing tables, the PE and CE routers learned routes and they are seen as Level 2 routes within the routing tables because the PE routers act as Level 2 router into backbone , therefore any route that are reachable across the backbone are seen as Level 2.

Now what happen if the CE router were running in Level 1 only?

Let's configure the PE1 routers as Level1/2 router:

PE1(config-router-af)#router isis CCIE

PE1(config-router)#no is-type level-2-only

PE1(config-router)#router isis CCNP

PE1(config-router)#no is-type level-2-only

PE2(config-router-af)#router isis CCIE

PE2(config-router)#no is-type level-2-only

PE2(config-router)#router isis CCNP

PE2(config-router)#no is-type level-2-only

Now let's configure the CE-A1 and CE-A2 routers as Level 1 only:

CE-A1(config)#router isis

CE-A1(config-router)#is-type level-1

CE-A2(config)#router isis

CE-A2(config-router)#is-type level-1

Let's verify the routing tables of the CE-A1 and CE-A2 router:

We can that the routes are no longer Level 2 bu Level 1:

CE-A1#show ip route isis | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

i L1 10.2.2.0/24 [115/10] via 10.1.1.1, 00:01:19, FastEthernet0/0

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

i L1 172.16.2.0/24 [115/10] via 10.1.1.1, 00:00:42, FastEthernet0/0

CE-A1#

CE-B1#show ip route isis | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

i L1 10.4.4.0/24 [115/10] via 10.3.3.1, 00:00:02, FastEthernet0/0

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

i L1 172.16.2.0/24 [115/10] via 10.3.3.1, 00:00:02, FastEthernet0/0

CE-B1#

KevA · ‎07-30-2023

Great explanation. I simulated this lab and everything worked except the last part. (configure the CE-A1 and CE-A2 routers as Level 1 only)

I used Cisco vIOS router software Version 15.9(3)M6, not sure if you used similar router type and software version or done on real equipment.

Is it possible to change bgp next-hop under vrf address-family on one of the PE routers? For instance, what if configured additional loopback on PE1 and I wanted vrf CUST-A to use loopback per say as its next-hop? Not sure if I am asking this correctly.

ip vrf CUST-A
rd 1:111
route-target export 1:100
route-target import 1:100
bgp next-hop Loopback1
exit-address-family

Harold Ritter · ‎07-31-2023

Hi @KevA ,

> (configure the CE-A1 and CE-A2 routers as Level 1 only)

It is because routes are not redistributed in level-1 by default. You need to do the following on PE1.

router isis CCIE

redistribute bgp 65000 level-1-2

router isis CCNP

redistribute bgp 65000 level-1-2

> Is it possible to change bgp next-hop under vrf address-family on one of the PE routers? For

> instance, what if configured additional loopback on PE1 and I wanted vrf CUST-A to use

> loopback per say as its next-hop?

Yes, it is certainly possible and the configuration you included would be the way to do it.

Regards,

KevA · ‎08-03-2023

Hey Harold,

Thanks for the response. So when we configure 'redistribute bgp 65000 level-1-2', level-1-2 is referring to ISIS I would imagine. Seems ISIS levels operate similar to OSPF areas? I will substitute EIGRP in the MPLS cloud with OSPF just for fun to see what difference or challenges with introduce and in other scenario replace ISIS with OSPF but leave EIGRP. I like doing stuff like to try understand the behavior of the protocols. This was great lab given most scenarios involves OSPF or EIGRP as IGP. I hardly run in to practice labs that have ISIS as a routing protocols.

Thank you for this!!

p.s - Your response went into my SPAM folder and just found it today.

Harold Ritter · ‎08-15-2023

Hi @KevA ,

> So when we configure 'redistribute bgp 65000 level-1-2', level-1-2 is referring to ISIS I would imagine

Correct.

> Seems ISIS levels operate similar to OSPF areas?

IS-IS is bit different than OSPF. With OSPF, a router can have several interfaces in several different areas. With IS-IS, the router belong to only one area and established a L2 adjacency with routers in other area and a L1 or L1/L2 with routers in the same area.

> I like doing stuff like to try understand the behavior of the protocols.

That is the best way to learn.

> p.s - Your response went into my SPAM folder and just found it today.

As it normally should, Hahaha.

Regards,

Harold