1 00:00:02,034 --> 00:00:08,398 [music] 2 00:00:08,399 --> 00:00:18,278 Okay, time for MPLS 6VPE. Hopefully you just finished the lesson on 6PE, 3 00:00:18,279 --> 00:00:20,961 and this is going to build on that. 4 00:00:20,962 --> 00:00:26,624 Just to bring up our diagram-- again, this is the diagram for the slides, 5 00:00:26,625 --> 00:00:32,383 but I'm going to bring up my live diagram here, which is sort of the same. 6 00:00:32,384 --> 00:00:35,402 I've just been marking up on this one here a little bit. 7 00:00:37,182 --> 00:00:40,860 What we want to take a look at here is, 8 00:00:40,861 --> 00:00:44,833 we're going to make some changes to what we did earlier, 9 00:00:44,834 --> 00:00:50,199 but really just to the extent of bringing VRFs into this. 10 00:00:50,200 --> 00:00:52,353 So we're simply going to create, 11 00:00:52,353 --> 00:00:56,698 in this case, we'll do-- let's see. I'll just grab a pen here. 12 00:00:56,700 --> 00:01:01,721 We'll do VRFA, and maybe we'll bring in customer B, we'll see. 13 00:01:01,722 --> 00:01:05,182 But that would be A and B, this would be VRFA, 14 00:01:05,182 --> 00:01:10,999 VRFA, VRFB - and that's if we decide to run it down there. 15 00:01:11,000 --> 00:01:14,033 We'll see how we're doing here. 16 00:01:14,034 --> 00:01:22,678 Now as a reminder, on router 1, 4 and 5 I already have BGP running. 17 00:01:22,679 --> 00:01:28,771 I did actually-- in the cleanup from the previous section I did actually 18 00:01:28,772 --> 00:01:31,487 get rid of the IPv6 address family. 19 00:01:31,488 --> 00:01:37,664 We don't need it anymore, all we need now is the VPNv6 address family. 20 00:01:37,665 --> 00:01:45,068 And I also had to kill OSPF on the PE routers because we can't run 21 00:01:45,069 --> 00:01:50,824 it the way we had it before. Up until now we've just been running straight, 22 00:01:50,825 --> 00:01:57,660 call it legacy if you will, config for OSPF version 3. 23 00:01:57,661 --> 00:02:03,662 Now, we're going to move into actually doing VRFs here. 24 00:02:03,663 --> 00:02:08,510 So let's jump into the config, and we'll start at least with customer A 25 00:02:08,510 --> 00:02:12,673 and we'll see how that goes, if we want to get into customer B here. 26 00:02:12,674 --> 00:02:18,675 So let's go over to router 1. And the first thing is, if you've used VRFs before, 27 00:02:18,676 --> 00:02:23,989 you might be very tempted to type ip vrf A. 28 00:02:23,990 --> 00:02:33,133 And the problem with that is, once you look at the VRFs, it's only protocol IPv4. 29 00:02:33,134 --> 00:02:38,745 That would be because you typed ip vrf A. 30 00:02:38,745 --> 00:02:48,682 No. What you need is the new format, vrf definition A, 31 00:02:48,683 --> 00:02:52,342 and then we'll set up our route distinguishers, 32 00:02:52,354 --> 00:02:54,802 so route distinguisher 100:100. 33 00:02:57,791 --> 00:03:08,653 Route target 100:100. Address family IPv4 and address family IPv6. 34 00:03:08,654 --> 00:03:12,184 We're not going to do IPv4 today, but I'm going to assume that you 35 00:03:12,185 --> 00:03:17,514 would ultimately want support for that. So, do show vrf. 36 00:03:17,515 --> 00:03:22,080 Now, notice we have both protocols. 37 00:03:22,081 --> 00:03:28,837 No interfaces yet, but we're going to do that next. So there's VRFA. 38 00:03:28,839 --> 00:03:34,158 Just in case we decide to use it, vrf definition B. 39 00:03:43,762 --> 00:03:46,355 Nice of it to tell at me since I typed it wrong. 40 00:03:51,291 --> 00:03:56,603 So route distinguisher, route target, address family IPv4, 41 00:03:56,604 --> 00:04:04,863 address family-- 65, IPv6, okay. So there's that. 42 00:04:04,864 --> 00:04:07,959 We can go do the same thing on router 4. 43 00:04:24,959 --> 00:04:27,086 And 5. 44 00:05:17,223 --> 00:05:23,638 And A and B on router 5. So that's step one, actually create the VRFs. 45 00:05:23,639 --> 00:05:26,229 Step two, let's go back to router 1. 46 00:05:26,230 --> 00:05:30,284 Let's actually put the interfaces in there. And what I would do if I were you 47 00:05:30,285 --> 00:05:35,162 is I would say, interface fa0/0.71. 48 00:05:35,163 --> 00:05:40,730 Do show run interface fa0/0.71, before I did anything. 49 00:05:40,731 --> 00:05:46,502 Because then what you're going to have to say is, vrf forwarding A, 50 00:05:49,663 --> 00:05:55,450 and it's going to remove this, which I just put 51 00:05:55,462 --> 00:06:00,898 back in, and this, which I just put back in. 52 00:06:00,899 --> 00:06:15,922 Interface fa0/0.91. Do show run interface fa0/0.91, ip vrf forwarding B. 53 00:06:15,923 --> 00:06:21,572 Of course. See, now I just messed up - vrf forwarding B. 54 00:06:21,574 --> 00:06:27,016 At least it yells at you because it realizes that that's an IPv6-enabled VRF. 55 00:06:29,791 --> 00:06:32,018 I don't know why I keep doing that twice. 56 00:06:35,055 --> 00:06:38,838 There we go, router 4. 57 00:06:54,679 --> 00:06:57,975 There we go, router 5. 58 00:07:10,484 --> 00:07:12,298 Did it again. 59 00:07:29,083 --> 00:07:30,963 That was good. 60 00:07:42,840 --> 00:07:45,512 And that was 105. 61 00:07:49,532 --> 00:07:53,764 See, that's what the startup's for. 62 00:07:53,765 --> 00:07:59,262 All right, so let's put those back on there and everybody should be good. 63 00:08:00,480 --> 00:08:04,069 Normally if this was production or whatever, I would go around 64 00:08:04,070 --> 00:08:08,480 start doing some ping tests, make sure everything's working. But at this point 65 00:08:08,480 --> 00:08:11,882 I'm sort of going to go with the, it's working unless something doesn't 66 00:08:11,884 --> 00:08:14,474 come up, and then we'll go investigate and 67 00:08:14,486 --> 00:08:17,209 see why, in case we have a typo or anything. 68 00:08:17,209 --> 00:08:19,177 Because there are a lot of moving parts here. 69 00:08:19,178 --> 00:08:21,505 Everybody's human, it's very easy to make mistakes, 70 00:08:21,507 --> 00:08:25,801 miss a piece - you always want to verify and check. 71 00:08:25,802 --> 00:08:30,741 Let's hop back over here to router 1 and let's get our CE to PE 72 00:08:30,741 --> 00:08:39,052 routing protocol running. Now, I kept OSPF running on switch 1, switch 2 and router 6. 73 00:08:39,054 --> 00:08:46,533 So what we need to do is we need to say interface fa0/0.71, 74 00:08:46,533 --> 00:08:58,757 ospfv3 process 1 for ipv6 area 0. 75 00:09:05,561 --> 00:09:11,064 There you go. Neighbor comes up, no big deal. Router 4... 76 00:09:16,259 --> 00:09:33,937 ospfv3 1, ipv4-- I don't have to say vrf on that, just area. Area 0. Router 5... 77 00:09:37,448 --> 00:09:43,808 Should come up. Oh, I said ipv4. It's really cool if we want to run IPv4, 78 00:09:43,809 --> 00:09:46,563 but that's not what we're trying to do right now. 79 00:09:56,177 --> 00:09:59,008 We could support that, of course, if we wanted to. 80 00:09:59,009 --> 00:10:04,293 If you wanted to have a customer that could run IPv4 routes over OSPF version 3, 81 00:10:04,295 --> 00:10:07,323 I could leave that there. It's not going to hurt anything. 82 00:10:07,324 --> 00:10:12,471 It's just a lot more infrastructure I would have to set up for my MPLS to support that. 83 00:10:12,471 --> 00:10:28,989 And then router 5, interface fa0/0.65, ospfv3 1 for ipv4 area 0. 84 00:10:36,233 --> 00:10:38,525 Neighborship should come up 85 00:10:44,328 --> 00:10:47,814 if 6 is running OSPF. It should be. 86 00:10:47,815 --> 00:10:50,518 And I just typed IPv4 again. 87 00:10:50,518 --> 00:10:54,044 Let's sit here and watch it all day trying to work, and it's not going to. 88 00:10:54,046 --> 00:10:56,320 I don't know why I keep doing that. 89 00:10:56,320 --> 00:10:59,827 Here we go. That should be a little bit better. 90 00:10:59,828 --> 00:11:10,954 There we go. Now we're running OSPF in the VRFs. So, do show ipv6 route for vrf A. 91 00:11:10,955 --> 00:11:15,049 So there, he's learning OSPF routes in the VRF. 92 00:11:15,049 --> 00:11:17,578 Router 4... 93 00:11:21,498 --> 00:11:24,900 is learning the routes in the VRF. 94 00:11:24,901 --> 00:11:27,674 Router 1-- 95 00:11:33,664 --> 00:11:35,673 Can't do that. 96 00:11:38,542 --> 00:11:41,178 And he's learning them as well. 97 00:11:41,179 --> 00:11:47,254 So, as always, next thing is simply redistribution. 98 00:11:47,255 --> 00:11:54,381 So, since I'm already on router 1, I say router ospfv3 1, 99 00:11:54,382 --> 00:12:04,715 address family ipv6 unicast for vrf A. Redistribute bgp 100. 100 00:12:04,716 --> 00:12:16,494 Router bgp 100, address family ipv6 unicast for vrf A. Redistribute ospf. 101 00:12:16,495 --> 00:12:19,364 And this doesn't actually support V3, you 102 00:12:19,376 --> 00:12:22,668 literally just have to say ospf 1, that's fine. 103 00:12:25,378 --> 00:12:29,836 Again, if I want to support everything coming from a potential customer, 104 00:12:29,837 --> 00:12:32,572 internal external NSSA. 105 00:12:34,616 --> 00:12:36,542 Router 4... 106 00:12:40,686 --> 00:12:43,793 no space in there. 107 00:12:43,794 --> 00:12:53,547 Address family ipv6 unicast for vrf A. Redistribute bgp 100. 108 00:13:04,377 --> 00:13:06,744 Redistribute... 109 00:13:13,602 --> 00:13:16,932 And router 5. 110 00:13:46,131 --> 00:13:49,900 Obviously if I had any more than about these three routers to do I'd 111 00:13:49,901 --> 00:13:54,098 put this in Notepad and just paste it in there, which you can do either way anyway. 112 00:13:54,099 --> 00:13:56,607 It just doesn't take that long to do. 113 00:13:56,608 --> 00:14:01,068 If we've done our jobs, we should be able to go over to router-- let's go for broke. 114 00:14:01,069 --> 00:14:03,815 Let's go all the way over to Switch 1 and let's say, 115 00:14:03,816 --> 00:14:09,806 do show ipv6 route, and he should have all of them. There we go. 116 00:14:09,807 --> 00:14:12,932 So they're all coming through. 117 00:14:16,572 --> 00:14:21,543 Let's say, do trace that guy. 118 00:14:24,452 --> 00:14:26,611 and there you go. It goes to all the devices 119 00:14:26,623 --> 00:14:28,793 in the middle, right through the MPLS cloud. 120 00:14:28,794 --> 00:14:36,558 Perfect. Now, if we go to-- and this is why I always bring a router into it, 121 00:14:39,228 --> 00:14:44,459 because the router can actually see the MPLS tags. 122 00:14:44,460 --> 00:14:49,534 So if I were to trace over to say, switch 2's loopback, 123 00:14:53,014 --> 00:14:55,784 you can actually see it go right through MPLS. 124 00:14:55,785 --> 00:15:00,986 So it goes to 5, to 3, to 4, and up to switch 2. 125 00:15:00,988 --> 00:15:05,493 Perfect. And you can see that it's getting label 18 and 23. 126 00:15:05,494 --> 00:15:10,211 Pop label 18, deliver it with just 23 to that router. 127 00:15:10,212 --> 00:15:18,366 If we try to go to, say, switch 1's address, different labels. 128 00:15:18,366 --> 00:15:20,929 16, because it's going to a different next-hop, 129 00:15:20,930 --> 00:15:25,509 and again it just so happens they all generated 23 for that first VPN label. 130 00:15:25,511 --> 00:15:29,878 Remember that that label 23 is per PE. 131 00:15:29,879 --> 00:15:34,697 So, when they started walking the VRF routing tables, 132 00:15:34,699 --> 00:15:39,079 they started generating the same labels. So when you see the same labels like this, 133 00:15:39,080 --> 00:15:42,865 it's just coincidence. Don't think anything of it. 134 00:15:42,866 --> 00:15:45,765 It's just because it's from a different PE router. 135 00:15:47,116 --> 00:15:52,845 So that takes care of customer A, so that went pretty good. 136 00:15:52,846 --> 00:15:57,884 Let's go ahead and bring in customer B, and let's go a little more real-world with him. 137 00:15:57,885 --> 00:16:03,245 Customer B is going to run-- I think he's going to run BGP. 138 00:16:03,245 --> 00:16:06,673 So let's go over to switch 3, and I don't honestly remember what 139 00:16:06,674 --> 00:16:12,295 I have set up on this guy right now. Do show ipv6 interface brief. 140 00:16:12,296 --> 00:16:18,835 So he's got his 91 with a link-local, and he's got the same basic setup. 141 00:16:18,836 --> 00:16:21,232 Okay, so here's what we're going to do. We're going to say, 142 00:16:21,233 --> 00:16:25,311 router bgp, and let's see, he's switch 3, 143 00:16:25,312 --> 00:16:35,789 so generally his number is 9, so we'll make it bgp 900. And we will say, neighbor. 144 00:16:35,790 --> 00:16:37,839 And we're going to have to use link-locals here, 145 00:16:37,840 --> 00:16:49,819 so it's going to be fe80::1%Vlan, should be 91, remote-AS is 100. 146 00:16:52,754 --> 00:17:04,468 Address family ipv6 unicast. Neighbor, that guy. 147 00:17:08,147 --> 00:17:11,098 Activate. Okay. 148 00:17:11,099 --> 00:17:14,363 Let's also say network, 149 00:17:19,796 --> 00:17:24,127 that guy /, and that's his real loopback, 150 00:17:24,128 --> 00:17:29,141 so that should be a /128, and network, 151 00:17:34,993 --> 00:17:38,619 and that should be a /64. 152 00:17:38,620 --> 00:17:45,579 Do you show bgp ipv6 unicast. So he's putting those two networks in. 153 00:17:45,580 --> 00:17:54,813 Let's go up to router 1, and let's say address family, ipv6 unicast for vrf B, 154 00:17:54,814 --> 00:18:12,350 neighbor fe80::9%FastEthernet0/0.91 remote-AS 900. 155 00:18:16,957 --> 00:18:19,357 It yelled about that quite a few times. 156 00:18:27,438 --> 00:18:30,376 I don't think it actually came up either. 157 00:18:30,377 --> 00:18:34,501 I'll put global addresses on these if I have to. 158 00:18:34,502 --> 00:18:39,405 Again, this code has a little bit of an issue with this link-local-- oh. 159 00:18:39,406 --> 00:18:45,780 That's interesting. I bet it did have a fit about that. 160 00:18:49,828 --> 00:18:52,319 It's a typo. 161 00:18:57,815 --> 00:19:00,765 That's why it's screaming and yelling so much. 162 00:19:15,917 --> 00:19:20,049 Yelling once is one thing. Yelling three times and then not working, is another. 163 00:19:20,050 --> 00:19:22,114 There we go, much better. 164 00:19:22,114 --> 00:19:31,102 Do show ipv6 route for vrf B, and we should be getting those two routes from BGP. 165 00:19:31,103 --> 00:19:33,539 Perfect. 166 00:19:33,540 --> 00:19:45,822 Let's go to switch 4 and say, router bgp 1000 - just because 167 00:19:45,823 --> 00:19:53,909 his number, so to speak, is 10 - and address family ipv6 unicast 168 00:19:53,910 --> 00:20:09,137 neighbor fe80::5%Vlan105 remote 100. Do show ipv6 interface brief. 169 00:20:13,764 --> 00:20:17,053 You could always do the exclude unassigned here, 170 00:20:17,054 --> 00:20:23,782 but the way it puts it on another line it gets a little bit tricky to filter this. 171 00:20:23,783 --> 00:20:27,756 One thing you could do is you could say something like, 172 00:20:27,757 --> 00:20:39,731 exclude unassigned, or, bracket down, something like that. 173 00:20:39,732 --> 00:20:44,467 Incomplete command before pipe. Do show ipv6 interface brief. 174 00:20:46,881 --> 00:20:50,187 It probably doesn't like that. 175 00:20:55,205 --> 00:20:56,402 Here we go. 176 00:20:58,640 --> 00:21:03,824 Oh. I put that in there and then I put a brace instead of a bracket. 177 00:21:06,801 --> 00:21:10,371 Hello, Escape, normal meaning of the bracket. 178 00:21:10,372 --> 00:21:15,090 Normal meaning of the bracket is to create a grouping, a range, basically. 179 00:21:16,951 --> 00:21:20,820 Oh, see, now I didn't geto routes from BGP. 0:19:31.140000 --> 0:19:35.460000 Perfect. Okay. Over to router. 0:19:35.460000 --> 0:19:44.780000 Let's go to switch four and say router BGP 1000. 0:19:44.780000 --> 0:19:49.640000 Just because his number so to speak is 10. 0:19:49.640000 --> 0:19:54.520000 And address family IPV6 unicast. 0:19:54.520000 --> 0:20:00.160000 Neighbor FE80 colon colon 5 percent VLAN 105. 0:20:00.160000 --> 0:20:09.400000 Remote 100. Do you show IPV6 interface brief? 0:20:09.400000 --> 0:20:17.080000 You could always do like the exclude on assigned here. 0:20:17.080000 --> 0:20:20.700000 But the way it puts it on another line. 0:20:20.700000 --> 0:20:23.800000 It gets a little bit tricky to filter this. 0:20:23.800000 --> 0:20:31.200000 Now one thing you could do is you could say something like exclude unassigned 0:20:31.200000 --> 0:20:37.900000 or bracket down. 0:20:37.900000 --> 0:20:40.060000 Something like that. 0:20:40.060000 --> 0:20:47.820000 And complete command for private do show IPV6 interface brief. 0:20:47.820000 --> 0:20:50.260000 Probably doesn't like that. 0:20:50.260000 --> 0:21:00.520000 There we go. Oh. 0:21:00.520000 --> 0:21:04.160000 I put that in there and then I put a brace instead of a bracket. 0:21:04.160000 --> 0:21:10.280000 Hello. Normal meaning of the bracket. 0:21:10.280000 --> 0:21:13.280000 Normal meaning of the bracket is to create a grouping. 0:21:13.280000 --> 0:21:15.480000 A range basically. 0:21:15.480000 --> 0:21:20.020000 So, I'll see now it didn't get the administrative read down. 0:21:20.020000 --> 0:21:22.900000 See how much fun this is? 0:21:22.900000 --> 0:21:25.740000 You know what? Let's leave the bracket out. 0:21:25.740000 --> 0:21:28.440000 Let's just say unassigned or down. 0:21:28.440000 --> 0:21:31.540000 There we go. It's one way to do it. 0:21:31.540000 --> 0:21:35.080000 So, let's try to get a little too fancy there. 0:21:35.080000 --> 0:21:37.800000 You see we're adding to get both lines though because if you look up here 0:21:37.800000 --> 0:21:40.660000 otherwise it's on two different lines. 0:21:40.660000 --> 0:21:42.900000 The unassigned and the down. 0:21:42.900000 --> 0:21:44.240000 But see then I wasn't missing these. 0:21:44.240000 --> 0:21:46.720000 You can always do like down at the end of the line anyway. 0:21:46.720000 --> 0:21:48.080000 What we did is fine. 0:21:48.080000 --> 0:21:51.820000 What we want to say anyway, all of that was just to say network. 0:21:51.820000 --> 0:21:57.760000 This one. That's his regular loop back. 0:21:57.760000 --> 0:21:59.620000 So, that's a slash 128. 0:21:59.620000 --> 0:22:05.240000 And this network. 0:22:05.240000 --> 0:22:09.660000 Which should be a slash 64. 0:22:09.660000 --> 0:22:13.240000 Do you show BGP IPV6 unicast? 0:22:13.240000 --> 0:22:19.020000 Good. And then router five. 0:22:19.020000 --> 0:22:23.980000 Add just family IPV6 unicast for VRFB. 0:22:23.980000 --> 0:22:26.960000 Neighbor FE80 colon colon. 0:22:26.960000 --> 0:22:52.860000 That should be 10% fast Ethernet 00.105 remote AS1000. 0:22:52.860000 --> 0:23:04.780000 Good. Do show IPV6 route for VRFB. 0:23:04.780000 --> 0:23:10.140000 Coolness. Go over to switch one. 0:23:10.140000 --> 0:23:12.120000 Sorry. Switch three. 0:23:12.120000 --> 0:23:21.620000 Let's see. Do trace 2001 DB8 colon 100 colon 10 colon colon 10. 0:23:21.620000 --> 0:23:25.300000 Here we go. Right through the MPLS core. 0:23:25.300000 --> 0:23:28.040000 Two AS1000 on the other side. 0:23:28.040000 --> 0:23:32.620000 The beautiful thing about using BGP as your CE to PE routing protocol 0:23:32.620000 --> 0:23:36.140000 is there's no redistribution. 0:23:36.140000 --> 0:23:40.940000 Now, normally, of course, you would be doing redistribution on, in this 0:23:40.940000 --> 0:23:44.920000 case, the CE devices, switch three and switch four. 0:23:44.920000 --> 0:23:51.780000 Okay. But notice on switch three, if I say do show IPV6 route, all he 0:23:51.780000 --> 0:23:55.380000 has is customer B's routes. 0:23:55.380000 --> 0:24:03.220000 That's it. And if I go to customer A, switch one. 0:24:03.220000 --> 0:24:06.380000 All he has is customer A's routes. 0:24:06.380000 --> 0:24:08.420000 So no route leaking between them. 0:24:08.420000 --> 0:24:16.720000 Customers separated A and B and we're sending IPV6 directly through MPLS. 0:24:16.720000 --> 0:24:19.520000 Now, something to note about this whole thing. 0:24:19.520000 --> 0:24:20.720000 It's really cool. 0:24:20.720000 --> 0:24:22.240000 It's a lot of fun. 0:24:22.240000 --> 0:24:24.060000 There are of course downsides. 0:24:24.060000 --> 0:24:27.760000 Number one, the service provider and or your core has to support it. 0:24:27.760000 --> 0:24:33.600000 Number two, unlike DMVPN that we looked at earlier, this requires a specific 0:24:33.600000 --> 0:24:38.140000 protocol, MPLS, to be available at every location. 0:24:38.140000 --> 0:24:41.060000 The advantage of DMVPN is it can run over anything. 0:24:41.060000 --> 0:24:45.020000 It can run over to standard IP, you know, internet connectivity. 0:24:45.020000 --> 0:24:47.680000 This requires MPLS underneath the whole thing. 0:24:47.680000 --> 0:24:51.420000 So that can, of course, you know, become a little bit of an issue and 0:24:51.420000 --> 0:24:55.220000 so on. But otherwise, that's it. 0:24:55.220000 --> 0:25:00.060000 That's your 6VPE and works very well. 0:25:00.060000 --> 0:25:02.760000 A little bit of config to set up there. 0:25:02.760000 --> 0:25:04.460000 You know, a little bit of typing. 0:25:04.460000 --> 0:25:06.600000 But otherwise, a pretty straightforward process.