Bring MPLS Network at Your Home Lab

Tool : GNS3

Purpose : Undestand PIM accept-register filtering options

Topology :

Comments :
All router running OSPFv3
All outer running PIM-SM
R0 is the Candidate RP with priority 100
R1 is the Candidate BSR
R2 is the Candidate RP and BSR with priority 100
HOST1 join groups FF17:7:77::777, FF18:8::88, FF19:9::99
R2 as BSR accept-register for multicast group FF17:7:77::777, FF19:9::99
HOST2 and HOST3 is only able to send multicast traffic to FF17:7:77::777, FF19:9::99

Example Configuration for PIM security

–Configure accept-register
!
ipv6 pim accept-register list allow-group
ipv6 pim register-source Loopback0
ipv6 pim bsr candidate bsr 2001::3 priority 100
ipv6 pim bsr candidate rp 2001::3
!
!
!
ipv6 access-list allow-group
 sequence 20 permit ipv6 any host FF17:7:77::777
 permit ipv6 any host FF19:9::99
!

For detail configuration download at this Link 

Tool : GNS3

Purpose : Understanding Bootstrap BSR Operation for IPv6 multicast

Topology :

Comments:
All router running OSPFv3
All router running PIM-SM
R0 is the Candidate RP with priority 100
R1 is the Candidate BSR
R2 is the Candidate RP and BSR with priority 100
HOST1 join to group FF17:7:77::777
HOST2 and HOST3 sends multicast traffic to FF17:7:77::777

Example configuration for BSR operations

–Set C-RP and C-BSR
!
ipv6 pim bsr candidate bsr 2001::3 priority 100
ipv6 pim bsr candidate rp 2001::3
!

Let’s verify the configuration

R1#show ipv6 pim bsr election
PIMv2 BSR information

BSR Election Information
  Scope Range List: ff00::/8
     BSR Address: 2001::3
     Uptime: 00:17:25, BSR Priority: 100, Hash mask length: 126
     RPF: FE80::CE02:AFF:FE68:0,FastEthernet1/0
     BS Timer: 00:02:03
  This system is candidate BSR
      Candidate BSR address: 2001::2, priority: 0, hash mask length: 126

R2#show ipv6 pim bsr candidate-rp
PIMv2 C-RP information
    Candidate RP: 2001::3 SM
      All Learnt Scoped Zones, Priority 192, Holdtime 150
      Advertisement interval 60 seconds
      Next advertisement in 00:00:19

U3#ping ff17:7:77::777
Output Interface: fastethernet0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FF17:7:77::777, timeout is 2 seconds:
Packet sent with a source address of 2001:200::3

Reply to request 0 received from 2001:100::3, 580 ms
Reply to request 1 received from 2001:100::3, 616 ms
Reply to request 2 received from 2001:100::3, 516 ms
Reply to request 3 received from 2001:100::3, 496 ms
Request 4 timed out
Success rate is 80 percent (4/5), round-trip min/avg/max = 496/552/616 ms
4 multicast replies and 0 errors.

U2#ping ff17:7:77::777
Output Interface: fastethernet0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FF17:7:77::777, timeout is 2 seconds:
Packet sent with a source address of 2001:400::3

Reply to request 0 received from 2001:100::3, 1060 ms
Reply to request 1 received from 2001:100::3, 736 ms
Reply to request 2 received from 2001:100::3, 896 ms
Request 3 timed out
Request 4 timed out
Success rate is 60 percent (3/5), round-trip min/avg/max = 736/897/1060 ms
3 multicast replies and 0 errors.

Woow I can ping multicast address from HOST2 and HOST3

For detail configuration download at this Link

Tool : GNS3

Purpose : Simulating IPv6 multicast routing with static-RP

Topology:

Comments:
All router running OSPFv3
All router running PIM-SM
R2 designated as RP
HOST1 join group FF17:7:77::777
HOST2 and HOST3 sends traffic to group FF17:7:77::777
(*,G) and (S,G) entries in every router

Example configuration

–Activate Unicast and multicast traffic forwarding for IPv6
!
ipv6 unicast-routing
ipv6 multicast-routing
!

–Configure interface
!
interface Loopback0
 no ip address
 ipv6 address 2001::1/128
 ipv6 ospf 1 area 0
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
 ipv6 address 2001:1::1/126
 ipv6 ospf 1 area 0
 ipv6 pim hello-interval 5
!

–Activate unicast routing
!
ipv6 router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
!

–Set Static-RP
!
ipv6 pim rp-address 2001::3
!

We can ping Multicast group from HOST3

U2#ping ff17:7:77::777
Output Interface: fastethernet0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FF17:7:77::777, timeout is 2 seconds:
Packet sent with a source address of 2001:400::3

Reply to request 0 received from 2001:100::3, 996 ms
Reply to request 1 received from 2001:100::3, 696 ms
Reply to request 2 received from 2001:100::3, 788 ms
Reply to request 3 received from 2001:100::3, 996 ms
Request 4 timed out
Success rate is 80 percent (4/5), round-trip min/avg/max = 696/869/996 ms
4 multicast replies and 0 errors.

For detail configuration download at this Link 

Tool : Olive 

Tujuan : Simulasi VRRP dengan Olive 

Topologi : 

Hmm kali ini posting dalam bahasa indonesia meskipun postingan-postingan yang lalu dengan bahasa inggris yang ancur 

topologi ini gw buat kerena ada temen gw nanya pernah bikin VRRP di olive dan ada yang posting di kaskus kalo VRRP bisa dijalankan di Olive akhirnya kabar ini membuat tangan ku semakin gatel pengen gw buka lagi Olive gw. Tentunya gw ga langsung config begitu saja, karena gw ga ngerti gimana hirarki command VRRP di juniper. Untung gw udah dondot semua manualnya JUNOS 9.3 gw cari ternyata ketemu di bab high-availability. gw baca2 sekilas hmmmm….. ternyata cuman gitu tok. Sampai akhirnya  gw contek Topology VRRP yang uda  gw buat make Dynamips yang udah gw posting sebelumnya . dengan hanya memakai 1 image Olive untuk membuat 2 VRRP group

Setelah config bertemu config dan "commit" deg deg an nunggu hasilnya dan berhasil tanpa ada pesan error gw cek pake #show vrrp bla..bla lantjar djaya cooy… trus jalan terakhir gw ping antar user…. eh Coy… ternyata ga nyambung…. gw binun  config dah bener master backup ruternya juga dah muncul tapi ga bisa ping….

Eh coy usut punya usut ternyata gw ga bisa di ping tuh virtual addressnya dari user padahal percobaan gw di cisco bisa  lancar. wuaahahaha tambah makin gatel nih tangan gw. Gw baca-baca lagi  akhirnya VIP nya gw samaain sama master IP nya trus config punya config dan commit dan akhirnya bisa coy… tapi bisa dengan beberapa syarat

1. Untuk master router prioritynya kudu 255 klo ga ga bakal bisa di commit 

2. Untuk master router juga ga bisa pasang tracking di interface/route klo dipasang ga bakal bisa di commit 

3. Untu master router hold time untuk preempt harus diset 0 klo ga ga bakal bisa di commit juga

Dan akhirnya jadilah topology di atas dengan hanya make 1 VRRP group dalam 1 image Olive 

Ini coy… gw posting juga contoh konfigurasinya

root# show
## Last changed: 2009-03-21 18:41:13 UTC
version 9.3R1.7;
system {
    arp {
        passive-learning;
    }
    root-authentication {
        encrypted-password "$1$XuRqUJCF$toR9je7KkYjp0TnE3tGLd1"; ## SECRET-DATA
    }
    services;
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
logical-systems {
    P1 {
        interfaces {
            fxp1 {
                unit 50 {
                    vlan-id 50;
                }
                unit 100 {
                    vlan-id 100;
                    family inet {
                        address 10.1.3.1/24;
                    }
                }
            }
        }
        protocols {
            ospf {
                area 0.0.0.0 {
                    interface all;
                }
            }
        }
    }
    P2 {
        interfaces {
            fxp0 {
                unit 60 {
                    vlan-id 60;
                    family inet {
                        address 10.1.2.10/24;
                    }
                }
                unit 100 {
                    vlan-id 100;
                    family inet {
                        address 10.1.3.2/24;
                    }
                }
            }
        }
        protocols {
            ospf {
                area 0.0.0.0 {
                    interface all;
                }
            }
        }
    }
    user1 {
        interfaces {
            fxp2 {
                unit 10 {
                    vlan-id 10;
                    family inet {
                        address 192.168.1.10/24;
                    }
                }
            }
        }
        routing-options {
            static {
                route 0.0.0.0/0 next-hop 192.168.1.1;
            }
        }
    }
    user2 {
        interfaces {
            fxp2 {
                unit 100 {
                    vlan-id 100;
                    family inet {
                        address 10.1.3.10/24;
                    }
                }
            }
        }
        protocols {
            ospf {
                area 0.0.0.0 {
                    interface all;
                }
            }
        }
    }
    vrrp1 {
        interfaces {
            fxp0 {
                unit 10 {
                    vlan-id 10;
                    family inet {
                        address 192.168.1.1/24 {
                            vrrp-group 1 {
                                virtual-address 192.168.1.1;
                                priority 255;
                                preempt {
                                    hold-time 0;
                                }
                            }
                        }
                    }
                }
                unit 50 {
                    vlan-id 50;
                    family inet {
                        address 10.1.1.1/24;
                    }
                }
            }
        }
        protocols {
            ospf {
                area 0.0.0.0 {
                    interface fxp0.10;
                    interface fxp0.50;
                }
            }
        }
    }
    vrrp2 {
        interfaces {
            fxp1 {
                unit 10 {
                    vlan-id 10;
                    family inet {
                        address 192.168.1.2/24 {
                            vrrp-group 1 {
                                virtual-address 192.168.1.1;
                                preempt;
                                track {
                                    route 10.1.3.0/24 routing-instance default priority-cost 5;
                                }
                            }
                        }
                    }
                }
                unit 60 {
                    vlan-id 60;
                    family inet {
                        address 10.1.2.1/24;
                    }
                }
            }
        }
        protocols {
            ospf {
                area 0.0.0.0 {
                    interface fxp1.10;
                    interface fxp1.60;
                }
            }
        }
    }
}
interfaces {
    fxp0 {
        vlan-tagging;
    }
    fxp1 {
        vlan-tagging;
    }
    fxp2 {
        vlan-tagging;
    }
}

[edit]

Ini juga coy hasil capture dari ping nya

root# run ping logical-system user1 10.1.3.10
PING 10.1.3.10 (10.1.3.10): 56 data bytes
36 bytes from 192.168.1.1: Redirect Host(New addr: 192.168.1.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 5466   0 0000  40  01 5786 192.168.1.10  10.1.3.10

64 bytes from 10.1.3.10: icmp_seq=0 ttl=62 time=25.655 ms
36 bytes from 192.168.1.1: Redirect Host(New addr: 192.168.1.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 546b   0 0000  40  01 5781 192.168.1.10  10.1.3.10

64 bytes from 10.1.3.10: icmp_seq=1 ttl=62 time=16.736 ms
36 bytes from 192.168.1.1: Redirect Host(New addr: 192.168.1.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 546f   0 0000  40  01 577d 192.168.1.10  10.1.3.10

64 bytes from 10.1.3.10: icmp_seq=2 ttl=62 time=16.688 ms
36 bytes from 192.168.1.1: Redirect Host(New addr: 192.168.1.2)
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 5472   0 0000  40  01 577a 192.168.1.10  10.1.3.10

64 bytes from 10.1.3.10: icmp_seq=3 ttl=62 time=14.641 ms
^C
— 10.1.3.10 ping statistics —
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 14.641/18.430/25.655/4.256 ms

hehehe keliatan kan kalo failovernya uda jalan  

mak Nyuss Cooy… selamat mencoba

Tool : GNS3

Puprose : Simulating Inter-AS Multicast L3VPN back-to-back mode/options A

Topology :

Comments:

PE1,P and ASBR-1 router are inside AS 777 and running OSPF
ASBR-2 and PE2 router are inside AS 2500 and running IS-IS
connention between PE and CE use static route  
MPLS between PE1-P-ASBR-1 and ASBR-2-PE2
We are using rip in order to exchange VPN route between AS 777 and AS 2500
All interface running PIM-Spase Mode including vrf interface
CE 1 designed as VPN RP use static RP configuration
PE1,P and ASBR-1 form MDT 224.7.7.7
ASBR-2 and PE2 form MDT 224.6.6.6
CE1 and CE2 established unicast routing
CE1 join in group 239.1.1.1
CE2 is able receiving multicast traffic

The configuration to form MLPS L3VPN and unicast routing are same with Inter-AS MPLS VPN on the privious post
we only add multicast traffic forwarding capability to know how to form Inter-AS MPLS VPN
you can review my privous post or read the whole configuration
In this post I only post how to add multicast traffic forwarding capability

Example configuration for PE router

–Set vrf name and RD and MDT
!
ip vrf vpn1
 rd 202.162.208.1:100
 route-target export 202.162.208.1:100
 route-target import 202.162.208.10:100
 mdt default 224.7.7.7

–Activate Multicast traffic forwarding capability
!
ip multicast-routing
ip multicast-routing vrf vpn1
!

–PIM-SM needs to be activate on all interface
!
interface Loopback0
 ip address 202.162.208.1 255.255.255.255
 ip pim sparse-mode
!
interface Loopback1
 ip vrf forwarding vpn1
 ip address 192.168.1.200 255.255.255.255
!
interface FastEthernet0/0
 ip vrf forwarding vpn1
 ip address 192.168.1.1 255.255.255.128
 ip pim sparse-mode
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 10.1.1.1 255.255.255.0
 ip pim sparse-mode
 duplex auto
 speed auto
 mpls ip
!

–Set Static RP and PIM range
!
ip pim ssm range 1
ip pim vrf vpn1 rp-address 172.17.63.1
!
access-list 1 permit 224.7.7.7
!

Example configuration for ASBR router 

–Set vrf name and RD and MDT
!
ip vrf vpn1
 rd 125.249.1.10:100
 route-target export 125.249.1.10:100
 route-target import 125.249.1.1:100
 mdt default 224.6.6.6

–Activate Multicast traffic forwarding capability
!
ip multicast-routing
ip multicast-routing vrf vpn1
!

–PIM-SM needs to be activate on all interface
!
interface Loopback0
 ip address 125.249.1.10 255.255.255.255
 ip router isis
 ip pim sparse-mode
!
interface FastEthernet0/0
 ip vrf forwarding vpn1
 ip address 172.16.1.10 255.255.255.0
 ip pim sparse-mode
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 10.1.1.10 255.255.255.0
 ip router isis
 ip pim sparse-mode
 duplex auto
 speed auto
 mpls ip
!

–Set Static RP and PIM range
!
ip pim ssm range 1
ip pim vrf vpn1 rp-address 172.17.63.1
!
access-list 1 permit 224.6.6.6

Lets verify the configuration 

WOOw THIS ROOCK… I can ping multicast address

For detail configuration download at this Link

Tool : GNS3

Purpose : Simulating Inter-AS Multicast routing

Topology :

Comments:

R0,R1,R2 in AS 777
R0,R1,R2 running OSPF
R3,R4,R5 in AS 2500
R3,R4,R5 running IS-IS
All router running PIM-SM
R2 as RP in AS 777
R3 as RP in AS 2500
MSDP used between R2 and R3
BGP used between R2 and R3 since R2 needs to join R3
MBGP used between R2 and R3 to avoid RPF failure
R5 receive  multicast traffic address 227.7.7.7 from R0  

Example configuration for ASBR router

–Activate multicast traffic forwarding
!
ip multicast-routing
!

–Activate PIM Sparse Mode on every interface
!
interface Loopback0
 ip address 192.168.1.3 255.255.255.255
 ip pim sparse-mode
!
interface FastEthernet0/0
 ip address 10.1.2.10 255.255.255.0
 ip pim sparse-mode
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 10.1.3.1 255.255.255.0
 ip pim sparse-mode
 duplex auto
 speed auto
!

–Activate Unicast routing within AS 777

!
router ospf 1
 router-id 1.1.1.3
 log-adjacency-changes
 redistribute bgp 777 subnets
 network 10.1.2.10 0.0.0.0 area 0
 network 192.168.1.3 0.0.0.0 area 0
!

–Set static RP (Rendezvous Point)  and MSDP peers
!
ip pim rp-address 192.168.1.3
ip msdp peer 10.1.3.10
!

–Activate BGP and MBGP

!
router bgp 777
 template peer-session IA-Multicast
  remote-as 2500
  password s10duy
  timers 10 30
 exit-peer-session
 !
 bgp log-neighbor-changes
 neighbor 10.1.3.10 inherit peer-session IA-Multicast
 !
 address-family ipv4
  redistribute ospf 1
  neighbor 10.1.3.10 activate
  no auto-summary
  no synchronization
  network 192.168.1.3 mask 255.255.255.255
 exit-address-family
 !
 address-family ipv4 multicast
  neighbor 10.1.3.10 activate
  no auto-summary
  no synchronization
  network 10.1.1.0 mask 255.255.255.0
 exit-address-family
!

lets Verify

R0#ping 227.7.7.7 source loopback 0 repeat 10

Type escape sequence to abort.
Sending 10, 100-byte ICMP Echos to 227.7.7.7, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
.
Reply to request 1 from 10.2.1.1, 480 ms.
Reply to request 3 from 10.2.1.1, 580 ms
Reply to request 4 from 10.2.1.1, 1652 ms
Reply to request 5 from 10.2.1.1, 1700 ms..
Reply to request 8 from 10.2.1.1, 1312 ms.

R3#show ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
       L - Local, P - Pruned, R - RP-bit set, F - Register flag,
       T - SPT-bit set, J - Join SPT, M - MSDP created entry,
       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
       U - URD, I - Received Source Specific Host Report,
       Z - Multicast Tunnel, z - MDT-data group sender,
       Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
 Timers: Uptime/Expires
 Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 227.7.7.7), 00:07:15/00:02:51, RP 172.17.63.3, flags: S
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    FastEthernet1/0, Forward/Sparse, 00:07:15/00:02:51

(10.1.1.1, 227.7.7.7), 00:01:19/00:03:16, flags: MT
  Incoming interface: FastEthernet0/0, RPF nbr 10.1.3.1, Mbgp
  Outgoing interface list:
    FastEthernet1/0, Forward/Sparse, 00:01:19/00:03:03

(172.17.63.3, 227.7.7.7), 00:03:31/00:00:08, flags: T
  Incoming interface: Loopback0, RPF nbr 0.0.0.0
  Outgoing interface list:
    FastEthernet1/0, Forward/Sparse, 00:03:31/00:02:51

(*, 224.0.1.40), 01:05:30/00:03:25, RP 172.17.63.3, flags: SJCL
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    FastEthernet1/0, Forward/Sparse, 00:07:39/00:03:25
    Loopback0, Forward/Sparse, 01:05:31/00:02:17

For detail configuration download at this Link