You have just received a nice job at a big enterprise that has multiple sites connected over their own managed MPLS Core. Each site runs EIGRP as the CE - PE routing protocol.
Two of these sites, Site-A and Site-B, have an additional direct link between each other as in the below diagram.
With the standard configuration, each site is reachable via its respective PE (for example, all traffic from MPLS cloud - other sites - to Site-A is via PE-1/CE-1 link), while the traffic between Site-A and Site-B uses the direct link between CE-1 and CE-2.
At this moment, traffic from PE-2 to Site-A's 192.168.1.55 will go
PE-2#traceroute vrf CUST_A 192.168.1.55 Type escape sequence to abort. Tracing the route to 192.168.1.55 1 10.0.0.6 [MPLS: Labels 16/19 Exp 0] 60 msec 60 msec 40 msec 2 192.168.1.1 [MPLS: Label 19 Exp 0] 36 msec 36 msec 40 msec 3 192.168.1.2 44 msec * 20 msec PE-2#
Because in the near future a new site will be connected to PE-2, you have been assigned the task of configuring the network in such a way that traffic from PE-2 to Site-A's 192.168.1.55 will go via Site-B (CE-2) instead of going over MPLS core!
How would you complete this task? - preferably only for prefix 192.168.1.55 !
You have checked the routing information on PE-2 and noticed that the prefix is learned from BGP over the MPLS cloud:
PE-2#sh ip route vrf CUST_A 192.168.1.55 Routing entry for 192.168.1.55/32Known via "bgp 100" , distance 200, metric 156160, type internal Redistributing via eigrp 100 Advertised by eigrp 100 metric 100000 10 255 1 1500 bgp 100 (self originated) Last update from 10.255.255.1 00:22:30 ago Routing Descriptor Blocks:* 10.255.255.1 (Default-IP-Routing-Table), from 10.255.255.1, 00:22:30 ago Route metric is 156160, traffic share count is 1 AS Hops 0 PE-2# PE-2#sh bgp vpnv4 uni all 192.168.1.55 BGP routing table entry for 100:1:192.168.1.55/32, version 22 Paths: (1 available, best #1, table CUST_A) Not advertised to any peer Local10.255.255.1 (metric 3) from 10.255.255.1 (10.255.255.1) Origin incomplete, metric 156160, localpref 100, valid, internal, best Extended Community: RT:100:1 Cost:pre-bestpath:128:156160 0x8800:32768:0 0x8801:100:130560 0x8802:65281:25600 0x8803:65281:1500 mpls labels in/out nolabel/19 PE-2#
You tried to influence the BGP path selection by setting a high local preference on the redistributed EIGRP routes, but unfortunately PE-2 still choses the prefix received over the MPLS as the best path:
ip access-list standard CE1_LOOPBACK permit 192.168.1.55 ! route-map SET_LP_500 permit 10 match ip address CE1_LOOPBACKset local-preference 500 route-map SET_LP_500 permit 999 ! router bgp 100 address-fam ipv4 vrf CUST_Aredistribute eigrp 100 route-map SET_LP_500
PE-2#sh bgp vpnv4 uni all 192.168.1.55
BGP routing table entry for 100:1:192.168.1.55/32, version 22
Paths: (1 available, best #1, table CUST_A)
Not advertised to any peer
Local
10.255.255.1 (metric 3) from 10.255.255.1 (10.255.255.1)
Origin incomplete, metric 156160, localpref 100, valid, internal, best
Extended Community: RT:100:1 Cost:pre-bestpath:128:156160
0x8800:32768:0 0x8801:100:130560 0x8802:65281:25600 0x8803:65281:1500
mpls labels in/out nolabel/19
!!
!! the prefix received over MPLS (with default LP = 100) is still chosen as best !!
!!
Why is that happening? How would you configure the network to achieve the desired result ?
hostname CE-1
!
ip cef
!
!
interface Loopback0
ip address 192.168.1.55 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.252
speed 100
full-duplex
!
interface FastEthernet0/1
ip address 192.168.12.1 255.255.255.252
speed 100
full-duplex
!
router eigrp 100
network 192.168.0.0 0.0.255.255
no auto-summary
!
hostname CE-2 ! ip cef ! ! interface Loopback0 ip address 192.168.2.55 255.255.255.255 ! interface FastEthernet0/0 ip address 192.168.2.2 255.255.255.252 speed 100 full-duplex ! interface FastEthernet0/1 ip address 192.168.12.2 255.255.255.252 speed 100 full-duplex ! router eigrp 100 network 192.168.0.0 0.0.255.255 no auto-summary !
hostname PE-1
!
ip cef
!
ip vrf CUST_A
rd 100:1
route-target export 100:1
route-target import 100:1
!
!
interface Loopback0
ip address 10.255.255.1 255.255.255.255
!
interface FastEthernet0/0
ip vrf forwarding CUST_A
ip address 192.168.1.1 255.255.255.252
speed 100
full-duplex
!
interface FastEthernet0/1
ip address 10.0.0.1 255.255.255.252
speed 100
full-duplex
mpls ip
!
router eigrp 1
auto-summary
!
address-family ipv4 vrf CUST_A
redistribute bgp 100 metric 100000 10 255 1 1500
network 192.168.1.1 0.0.0.0
no auto-summary
autonomous-system 100
exit-address-family
!
router ospf 1
log-adjacency-changes
network 10.0.0.0 0.255.255.255 area 0
!
router bgp 100
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.255.255.2 remote-as 100
neighbor 10.255.255.2 update-source Loopback0
!
address-family vpnv4
neighbor 10.255.255.2 activate
neighbor 10.255.255.2 send-community extended
exit-address-family
!
address-family ipv4 vrf CUST_A
redistribute eigrp 100
no synchronization
exit-address-family
!
hostname PE-2
!
ip cef
!
ip vrf CUST_A
rd 100:1
route-target export 100:1
route-target import 100:1
!
!
interface Loopback0
ip address 10.255.255.2 255.255.255.255
!
interface FastEthernet0/0
ip vrf forwarding CUST_A
ip address 192.168.2.1 255.255.255.252
speed 100
full-duplex
!
interface FastEthernet0/1
ip address 10.0.0.5 255.255.255.252
speed 100
full-duplex
mpls ip
!
router eigrp 1
auto-summary
!
address-family ipv4 vrf CUST_A
redistribute bgp 100 metric 100000 10 255 1 1500
network 192.168.2.1 0.0.0.0
no auto-summary
autonomous-system 100
exit-address-family
!
router ospf 1
log-adjacency-changes
network 10.0.0.0 0.255.255.255 area 0
!
router bgp 100
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.255.255.1 remote-as 100
neighbor 10.255.255.1 update-source Loopback0
!
address-family vpnv4
neighbor 10.255.255.1 activate
neighbor 10.255.255.1 send-community extended
exit-address-family
!
address-family ipv4 vrf CUST_A
redistribute eigrp 100 route-map SET_LP_500
no synchronization
exit-address-family
!
ip access-list standard CE1_LOOPBACK
permit 192.168.1.55
!
route-map SET_LP_500 permit 10
match ip address CE1_LOOPBACK
set local-preference 500
!
route-map SET_LP_500 permit 999
!
hostname P-CORE
!
ip cef
!
!
interface FastEthernet0/0
ip address 10.0.0.2 255.255.255.252
speed 100
full-duplex
mpls ip
!
interface FastEthernet0/1
ip address 10.0.0.6 255.255.255.252
speed 100
full-duplex
mpls ip
!
router ospf 1
log-adjacency-changes
network 10.0.0.0 0.255.255.255 area 0
!
Post your answer in the 'Comments' section below and subscribe to this blog to get the detailed solution and more interesting quizzes.
Costi is a network and security engineer with over 10 years of experience in multi-vendor environments. He holds a CCIE Routing and Switching certification and is currently pursuing same expert-level certifications in other areas. He believes that the best way to learn and understand networking topics is to challenge yourself to fix different problems, production-wise or lab-type exams. He also enjoys teaching networking and security technologies, whevever there is an opportunity for it.
Comments
comments powered by Disqus