Archive

Archive for March, 2013

Configuring LDP in SROS

March 26, 2013 Leave a comment

OK so we have configured our IGP and we have full reachability within the core network. In order to provide MPLS VPN services we are going to need some protocol that will signal labels for both the transport addresses and the services. For the transport we can use LDP or RSVP and for services we can use BGP as well. This post will focus on LDP only.

Label Distribution Protocol is pretty much the awesomest protocol you can have. It’s very easy to configure, easy enough to troubleshoot and is scalable. I love it cos it’s difficult to mess up which means less of a mess for me to clean up when someone does!

LDP is the standardized version of Ciscos Tag Distribution Protocol, a.k.a TDP. It was developed by the IETF and is covered in a multitude of RFCs but the basics can be found in RFC5036, LDP Specification. For neighbour discovery (link local), LDP uses UDP port 646 and multicasts to 224.0.0.2. Once discovered, neighbours are maintained through TCP port 646. Targeted peers use the same function except the destination address is explicitly specified and unicast. Have a read of the RFC, it’s not the worst.

Anyway on to the 7750s and how we enable LDP.

Like the majority of protocol happenings the LDP configuration section is within the config router context. Entering the LDP subconfig admin enables the protocol on the router.

A:r2# configure router ldp

Once we have enabled LDP we need to put specific entities in to say where we want LDP to run, what variables we want to attach to each interface and if we want to specify targeted parameters.
First we will put our interfaces in to the process, the interface to r5 is used here:

*A:r2>config>router>ldp# interface-parameters
*A:r2>config>router>ldp>if-params# interface "tor5"
*A:r2>config>router>ldp>if-params>if# exit

Next we will want to specify some peers so that we can do authentication and neighbour specific parameters.

*A:r2>config>router>ldp# peer-parameters
*A:r2>config>router>ldp>peer-params# peer 1.1.1.1
*A:r2>config>router>ldp>peer-params>peer$ authentication-key labldp

Now by far the most useful command with LDP is show router ldp session, it will tell you who you have an adjacency with and if its link local or link local and targeted, displayed as both, and you will want both for services.

Now if we look at our peers we will see nothing to 1.1.1.1 even though we just configured it, wtf!? That’s because you need a reason to signal a targeted session as 1.1.1.1 is not directly connected to r2. You can do this in a couple of ways either by creating an explicit targeted relationship or creating a SDP. We will use targeted here as SDPs will be covered when I get on to services.

*A:r2>config>router>ldp# targeted-session peer 1.1.1.1

Of course we configure the equivalent on the remote side at r1. What is the result?  r1 becomes a targeted peer:

*A:r2# show router ldp session


==============================================================================
LDP Sessions
==============================================================================
Peer LDP Id Adj Type State Msg Sent Msg Recv Up Time
------------------------------------------------------------------------------
1.1.1.1:0 Targeted Established 36 35 0d 00:02:56
3.3.3.3:0 Both Established 171473 171428 4d 14:31:48
4.4.4.4:0 Both Established 171551 171613 4d 14:34:36
5.5.5.5:0 Both Established 171369 172009 4d 14:27:47
------------------------------------------------------------------------------
No. of Sessions: 4

So what else can you do to tweak LDP? Interestingly you can enable fast reroute on it but since I only just saw it I have never tried it, maybe give that a go when I get on to RSVP FRR:

*A:r2>config>router>ldp# info detail | match fast
no fast-reroute

Under interface config you can change a few things, nothing really fancy. You can alter the local keepalive timers here but I dont set them away from default as I use the IGP and BFD to determine when something has failed. If you want to its hello # or keepalive #.

You can also bind BFD to the LDP interface by simply typing bfd-enable under the interface.

You can change the transport address away from the system address by setting it to use the interface address itself:

*A:r2>config>router>ldp>if-params>if# transport-address interface

There are lots of other things like tunnel in tunnel, or LDP over RSVP, that you configure here but I will leave those more advanced things for another time. I will finish up with import/export policies and controlling label propagation.

First off I am going to put a loopback interface of 44.44.44.44/32 on r4 and advertise it in to OSPF. This will cause a label to be allocated, or will it? No it won’t, not on a SROS box. On a Cisco router it would but the 7750s (and other SROS routers) will only advertise the system addresses by default. We need to use a policy to cause a label binding.

*A:r4# configure router interface loo44
*A:r4>config>router>if$ address 44.44.44.44/32
*A:r4>config>router>if$ loopback
*A:r4>config>router>if$ back
*A:r4>config>router# ospf area 0 interface "loo44"
*A:r4>config>router>ospf>area>if$ passive

OK so we should have the route in OSPF now but no label associated:

*A:r2# show router route-table | match 44.44.44.44
44.44.44.44/32 Remote OSPF 00h03m41s 10

*A:r2# show router ldp bindings prefix 44.44.44.44/32 | match Match
No Matching Entries Found

So now we create the policy to match our prefix and export it in to LDP:

*A:r4>config>router>policy-options# prefix-list 44
*A:r4>config>router>policy-options>prefix-list$ prefix 44.44.44.44/32 exact
*A:r4>config>router>policy-options>prefix-list$ back
*A:r4>config>router>policy-options# policy-statement add_label
*A:r4>config>router>policy-options>policy-statement$ entry 10
*A:r4>config>router>policy-options>policy-statement>entry$ from prefix-list "44"
*A:r4>config>router>policy-options>policy-statement>entry$ action accept
*A:r4>config>router>policy-options>policy-statement>entry>action$ back
*A:r4>config>router>policy-options>policy-statement>entry$ back
*A:r4>config>router>policy-options>policy-statement$ default-action accept
*A:r4>config>router>policy-options>policy-statement>default-action$ back
*A:r4>config>router>policy-options>policy-statement$ back
*A:r4>config>router>policy-options# commit
*A:r4>config>router>policy-options# /configure router ldp export "add_label"
*A:r4>config>router>policy-options#

We should now see a label for our loopback

*A:r2# show router ldp bindings prefix 44.44.44.44/32
===============================================================================
LDP LSR ID: 2.2.2.2
===============================================================================
Legend: U - Label In Use, N - Label Not In Use, W - Label Withdrawn
WP - Label Withdraw Pending, BU - Alternate Next-hop for Fast Re-Route
===============================================================================
LDP Prefix Bindings
===============================================================================
Prefix IngLbl EgrLbl EgrIntf EgrNextHop
Peer
-------------------------------------------------------------------------------
44.44.44.44/32 131041U 131042 -- --
3.3.3.3
44.44.44.44/32 -- 131038 1/1/4:24 24.24.24.4
4.4.4.4
44.44.44.44/32 131041U 131049 -- --
5.5.5.5
-------------------------------------------------------------------------------
No. of Prefix Bindings: 3

Huzzah!

Now lets look at import policies, this is sooo not a real world example but it gets the point across.

In this example I am using r2 again. It is receiving a label for r4’s system address and allocating one for downstream distribution to r5, nothing unusual with that.

*A:r2# show router ldp bindings prefix 4.4.4.4/32


===============================================================================
LDP LSR ID: 2.2.2.2
===============================================================================
Legend: U - Label In Use, N - Label Not In Use, W - Label Withdrawn
WP - Label Withdraw Pending, BU - Alternate Next-hop for Fast Re-Route
===============================================================================
LDP Prefix Bindings
===============================================================================
Prefix IngLbl EgrLbl EgrIntf EgrNextHop
Peer
-------------------------------------------------------------------------------
4.4.4.4/32 131069U 131069 -- --
3.3.3.3
4.4.4.4/32 -- 131069 1/1/4:24 24.24.24.4
4.4.4.4
4.4.4.4/32 131069U 131066 -- --
5.5.5.5
-------------------------------------------------------------------------------
No. of Prefix Bindings: 3

So here we see we have selected the label of 131069 directly from r4 as this is our IGP shortest path to 4.4.4.4. I am going to create a policy that will deny 4.4.4.4 from the peering to r4. You might think that forces us to use the label from r3 or r5 but as they are not on the IGP best path they wont be active label bindings. The policy will use a prefix list to match 4.4.4.4/32 and deny it, breaking any LSP going to or through r4. OK caveat time, I am only showing this so you see the danger of filtering labels and so this can be avoided. Breaking the LSP is going to get you in lots of trouble, don’t do it unless you have a good reason.

The import policy is configured as follows:

*A:r2# show router policy admin
prefix-list "r4"
prefix 4.4.4.4/32 exact
exit
policy-statement "ldp_import"
entry 10
from
prefix-list "r4"
exit
action reject
exit
default-action accept
exit
exit
*A:r2#

Here we go, successfully broken:

*A:r2# configure router ldp peer-parameters peer 4.4.4.4 import-prefixes "ldp_import"
*A:r2# show router ldp bindings prefix 4.4.4.4/32
===============================================================================
LDP LSR ID: 2.2.2.2
===============================================================================
Legend: U - Label In Use, N - Label Not In Use, W - Label Withdrawn
WP - Label Withdraw Pending, BU - Alternate Next-hop for Fast Re-Route
===============================================================================
LDP Prefix Bindings
===============================================================================
Prefix IngLbl EgrLbl EgrIntf EgrNextHop
Peer
-------------------------------------------------------------------------------
4.4.4.4/32 -- 131069 -- --
3.3.3.3
4.4.4.4/32 -- 131069 -- --
4.4.4.4
-------------------------------------------------------------------------------
No. of Prefix Bindings: 2
===============================================================================
*A:r2#
*A:r2# show router ldp bindings active prefix 4.4.4.4/32
===============================================================================
Legend: (S) - Static (M) - Multi-homed Secondary Support
(B) - BGP Next Hop (BU) - Alternate Next-hop for Fast Re-Route
===============================================================================
LDP Prefix Bindings (Active)
===============================================================================
Prefix Op IngLbl EgrLbl EgrIntf/LspId EgrNextHop
-------------------------------------------------------------------------------
No Matching Entries Found

Finally lets cost out the path to r4 and see the labels over another path working. The excitement is almost too much…

*A:r2# configure router ospf area 0 int tor4 met 65534
*A:r2# show router ldp bindings active prefix 4.4.4.4/32
===============================================================================
Legend: (S) - Static (M) - Multi-homed Secondary Support
(B) - BGP Next Hop (BU) - Alternate Next-hop for Fast Re-Route
===============================================================================
LDP Prefix Bindings (Active)
===============================================================================
Prefix Op IngLbl EgrLbl EgrIntf/LspId EgrNextHop
-------------------------------------------------------------------------------
4.4.4.4/32 Push -- 131069 1/1/3:23 23.23.23.3
4.4.4.4/32 Swap 131069 131069 1/1/3:23 23.23.23.3
-------------------------------------------------------------------------------
No. of Prefix Active Bindings: 2
*A:r2#

OK that’s all I got for this one, next up, hmm, mpls/rsvp maybe? Let’s see…

Advertisements
Categories: ALU MPLS, SROS

Configuring Basic OSPF in SROS

This post will cover setting up OSPF as your IGP, IS-IS will be covered separately.

First off we need to enable OSPF.  Make sure you have your system interface configured before this point or your RID will be based on the base MAC of the chassis and will look like a public IP.

A:r2# show router interface "system" | match /32
2.2.2.2/32 n/a

If you forget or need to change the RID you need to config router ospf shut followed by config router ospf no shut. There is no command like clear ip ospf process in IOS.

So once we confirm this in place we can go ahead and enable OSPF so let’s do that.

The router will use the system address as the RID but we will statically configure one anyway.  We will also make the routers an ASBR. This is quite important as simply redistributing prefixes in to OSPF with a policy doesn’t actually send any prefixes to OSPF without the ASBR command in place, the source of many an early days headaches.  We will also enable traffic-engineering extensions so we can run MPLS TE, we will need it later.

BTW configuring something for the first time changes the prompt to $ but as I have already enabled OSPF and am just retyping commands the prompt appears as #

*A:r2# configure router ospf
*A:r2>config>router>ospf# router-id 2.2.2.2
*A:r2>config>router>ospf# traffic-engineering
*A:r2>config>router>ospf# asbr
*A:r2>config>router>ospf#

At this point OSPF will be up which you can verify through show router ospf status. If you failed to set your system interface address you will see your funny RID in here.

*A:r2>config>router>ospf# show router ospf status
OSPF Cfg Router Id : 2.2.2.2
OSPF Oper Router Id : 2.2.2.2
OSPF Version : 2
OSPF Admin Status : Enabled
OSPF Oper Status : Enabled
Graceful Restart : Enabled
GR Helper Mode : Enabled
Preference : 10
External Preference : 150
Backbone Router : True
Area Border Router : False
AS Border Router : True
Opaque LSA Support : True
Traffic Engineering Support : True

Now we want to configure some interfaces in to the process and we will start by creating area 0.0.0.0.  This is where you should place your system interface unless you are a stub area router and not an ABR.  The system interface is broadcast type by default and passive so I will set the interface type to point to point, and passive just to demonstrate the command.

*A:r2>config>router>ospf# area 0
*A:r2>config>router>ospf>area# interface "system"
*A:r2>config>router>ospf>area>if# interface-type point-to-point
*A:r2>config>router>ospf>area>if# passive
*A:r2>config>router>ospf>area>if#

Now lets configure an interface in to area 0 and give it some meaningful configuration such as link cost/metric, bind it to the interface BFD instance and force authentication using the password mypassword

*A:r2>config>router>ospf>area# interface "tor3"
*A:r2>config>router>ospf>area>if# interface-type point-to-point
*A:r2>config>router>ospf>area>if# metric 1001
*A:r2>config>router>ospf>area>if# bfd-enable
*A:r2>config>router>ospf>area>if# message-digest-key 1 md5 mypassword
*A:r2>config>router>ospf>area>if# authentication-type message-digest

Next we will configure a stub area, called area 5. In here we will put a link to r5

*A:r2>config>router>ospf# area 5
*A:r2>config>router>ospf>area# stub
*A:r2>config>router>ospf>area>stub# exit
*A:r2>config>router>ospf>area# interface "tor5"
*A:r2>config>router>ospf>area>if# interface-type point-to-point
*A:r2>config>router>ospf>area>if# metric 10101
*A:r2>config>router>ospf>area>if# bfd-enable
*A:r2>config>router>ospf>area>if# message-digest-key 1 md5 mypassword
*A:r2>config>router>ospf>area>if# authentication-type message-digest

To create a Totally Stub Area then we put the no summaries option under the stub configuration.

MTU obviously plays an important part in OSPF and every network engineer has been mind boggled by it at some stage in their career, exchange start anyone?  To set it under an interface its simply mtu # where # is the value you apply. The maximum you can set is 9198, on my routers anyway.

A couple of miscellaneous commands now.  If you wish to stop advertising subnet routes for an interface you configure no advertise-subnet if that floats your boat.  Finally on the basics, if you have DR set up with type 2 LSAs for some reason (not a fan, it’s just messy), you can set the interface priority to bias the DR election. Simply configure the priority # command

Some useful show commands:

We have show router ospf status which we saw earlier

*A:r2# show router ospf neighbor
===============================================================================
OSPF Neighbors
===============================================================================
Interface-Name Rtr Id State Pri RetxQ TTL
Area-Id
-------------------------------------------------------------------------------
tor5 5.5.5.5 Full 1 0 35
0.0.0.0
tor4 4.4.4.4 Full 1 0 33
0.0.0.0
tor3_b 3.3.3.3 Full 1 0 34
0.0.0.0
-------------------------------------------------------------------------------
No. of Neighbors: 3

(Yep I didn’t actually configure area 5 for tor5 🙂 I’m running some tests at the moment so can’t be messin with that!)

show router ospf interface shows you which interfaces you have OSPF running on, the DR/BDR, area and interface type. Unlike show ip ospf interface brief in IOS it doesn’t give you the interface cost. For that you need to use the detail option, which can be for all interfaces or a single one if you specify it:

*A:r2# show router ospf interface "tor4" detail | match "Oper Metric"
Oper Metric : 100 Bfd Enabled : Yes

show router ospf database -or- show router ospf opaque-database (for the TED) gives you access to the OSPF database, strange huh!? You can use the usual qualifiers to get in to more detail on the LSA contents:

*A:r2# show router ospf database
- database [type {router|network|summary|asbr-summary|external|nssa|all}] [area ] [adv-router ]
[] [detail]

I’m not going to show the output of these commands cos it’s just too much space for a post.

So lets assume I have repeated this on 5 routers in the network. We should now have full reachability.

*A:r2# show router route-table
Route Table (Router: Base)
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.0.0.0/8 Remote OSPF 06d19h45m 150
24.24.24.4 1
1.1.1.1/32 Remote OSPF 01d17h10m 10
24.24.24.4 300
2.2.2.2.2/32 Local Local 31d18h16m 0
system 0
3.3.3.3/32 Remote OSPF 01d17h10m 10
24.24.24.4 200
4.4.4.4/32 Remote OSPF 06d19h45m 10
24.24.24.4 100
5.5.5.5/32 Remote OSPF 01d17h40m 10
25.25.25.5 100
13.13.13.0/24 Remote OSPF 01d17h10m 10
24.24.24.4 300
23.23.23.0/24 Local Local 01d18h11m 0
tor3 0
24.24.24.0/24 Local Local 06d19h45m 0
tor4 0
25.25.25.0/24 Local Local 01d19h55m 0
tor5 0
32.32.32.0/24 Local Local 01d17h51m 0
tor3_b 0
34.34.34.0/24 Remote OSPF 01d17h10m 10
24.24.24.4 200
35.35.35.0/24 Remote OSPF 01d17h10m 10
25.25.25.5 200

And we do…

*A:r2# ping 3.3.3.3
PING 3.3.3.3 56 data bytes
64 bytes from 3.3.3.3: icmp_seq=1 ttl=63 time=5.44ms.
64 bytes from 3.3.3.3: icmp_seq=2 ttl=63 time=3.17ms.
^C
ping aborted by user


---- 3.3.3.3 PING Statistics ----
2 packets transmitted, 2 packets received, 0.00% packet loss
round-trip min = 3.17ms, avg = 4.30ms, max = 5.44ms, stddev = 1.13ms
*A:r2# ping 4.4.4.4
PING 4.4.4.4 56 data bytes
64 bytes from 4.4.4.4: icmp_seq=1 ttl=64 time=8.86ms.
64 bytes from 4.4.4.4: icmp_seq=2 ttl=64 time=3.33ms.
^C
ping aborted by user


---- 4.4.4.4 PING Statistics ----
2 packets transmitted, 2 packets received, 0.00% packet loss
round-trip min = 3.33ms, avg = 6.10ms, max = 8.86ms, stddev = 2.76ms
*A:r2# ping 1.1.1.1
PING 1.1.1.1 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=1 ttl=62 time=42.3ms.
64 bytes from 1.1.1.1: icmp_seq=2 ttl=62 time=3.43ms.
^C
ping aborted by user

---- 1.1.1.1 PING Statistics ----
2 packets transmitted, 2 packets received, 0.00% packet loss
round-trip min = 3.43ms, avg = 22.9ms, max = 42.3ms, stddev = 19.5ms

*A:r2# ping 5.5.5.5
PING 5.5.5.5 56 data bytes
64 bytes from 5.5.5.5: icmp_seq=1 ttl=64 time=4.92ms.
64 bytes from 5.5.5.5: icmp_seq=2 ttl=64 time=3.06ms.
^C
ping aborted by user


---- 5.5.5.5 PING Statistics ----
2 packets transmitted, 2 packets received, 0.00% packet loss
round-trip min = 3.06ms, avg = 3.99ms, max = 4.92ms, stddev = 0.926ms

Next up is enabling LDP which is pretty straightforward. TTFN

Categories: ALU IGPs, SROS

Base Topology for Further Posts

I have been really busy trying to get stuff done in work so haven’t has a chance to post anything and any spare time goes on study or family so it’s time to rectify that.

This is the topology I will be using for most of the build I do here. If I need to add in other links or devices I will state that.

Lab basic

Naming and numbering conventions:

-Routers are called rx with r1-4 being SR1 chassis and r5 is a SR7.
-System addresses are x.x.x.x
-Interfaces are ‘torx’, e.g. the link from r5 to r2 is tor2
-Point to point addressing follows xy.xy.xy.x/24 where x is the lower numerical rx and y is the higher numeric rx, e.g. the above mentioned link is 25.25.25.2 on r2

I have some testers dotted around the place and a few Ciscos/Junipers connected for various bits I’m doing. I will point out where they are if I end up including them in a post.

First up, OSPF

Categories: labbing, SROS