martedì 5 gennaio 2010

IS-IS and MPLS Integration between Junos and IOS devices

In recent years I have concentrated work and study on Cisco's MPLS platform, but wanting to deepen my knowledge of Junos and test the interoperability  between the two platforms, I decided to incorporate a couple of Cisco routers in my lab. I replaced J4 and J6 with two Cisco 7200 routers running IOS version 12.2 SRC.



It's necessary to configure ISIS, forming adjacency, enable the carrying of Traffic Engineering extensions, enable RSVP and LSP signaling ( which in Cisco terminology are often called Traffic Engineering Tunnel ) and finally to enable the forwarding of MPLS Labeled packets.

Starting from my topology JNCIP delete on my Olive router "Zion" the two logical-system J4 and J6:
[edit] 
nick@zion# delete logical-systems J4  

[edit] 
nick@zion# delete logical-systems J6  
and proceed with the configuration of two new Cisco router:

R4: IP address and IS-IS Routing

The IS-IS configuration is very simple, enable ISIS on the interfaces and set as a point-to-point link, (to avoid DIS election, speed-up and reduce the database).
In the IS-IS process specified the System ID ( "net" entry) define this as an only level-2 router and use the "wide style" mandatory metrics for the TE operation, and finally declare the loopback as passive to include in the topology.
interface Loopback0
 ip address 10.0.3.4 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.0.4.9 255.255.255.252
 ip router isis    
 isis network point-to-point   
!
interface FastEthernet0/1
 ip address 10.0.2.6 255.255.255.252
 ip router isis 
 isis network point-to-point 
!         
interface FastEthernet1/0
 ip address 10.0.2.10 255.255.255.252
 ip router isis 
 isis network point-to-point 
!
router isis
 net 49.0000.0000.0004.00
 is-type level-2-only   
 metric-style wide    
 passive-interface Loopback0   
!
but the adjacencies never come up, remaining in the INIT state:
R4#sh clns neighbors 
System Id      Interface   SNPA                State  Holdtime  Type Protocol 
0000.0000.0002 Fa0/0       0050.8be3.eb2c      Init   24        L2   IS-IS 
0000.0000.0003 Fa0/1       0050.8be3.eb2d      Init   23        L2   IS-IS 
0000.0000.0005 Fa1/0       0050.8be3.eb2c      Init   20        L2   IS-IS 
there is a MTU mistmatch, the Zion interface has and CLNS (ISO) MTU of 1493:
nick@zion> show interfaces fxp2.204 
  Logical interface fxp2.204 (Index 82) (SNMP ifIndex 143) 
    Description: ------- link ptp J2 <-> J4 -- 
    Flags: SNMP-Traps VLAN-Tag [ 0x8100.204 ]  Encapsulation: ENET2 
    Bandwidth: 0 
    Input packets : 6673 
    Output packets: 6931 
    Protocol inet, MTU: 1496 
      Flags: None 
      Addresses, Flags: Is-Preferred Is-Primary 
        Destination: 10.0.4.8/30, Local: 10.0.4.10, Broadcast: 10.0.4.11 
    Protocol iso, MTU: 1493 
      Flags: None 
    Protocol mpls, MTU: 1484 
      Flags: None 
This is because Zion interfaces are using 802.1q and Olive uses a fixed MTU of 1500 bytes on FXP interfaces, reducing the effective packet length of 4 bytes, while Cisco routers are connected to in access-mode to the switch...
The absence of adjacency depend on hello messages padding introduced for early detection of MTU problems.
The solution proposed is to reduce MTU just for the CLNS packet on the cisco side ( my hardware does not support changing interface MTU )
R4#conf t 
Enter configuration commands, one per line.  End with CNTL/Z. 
R4(config)#int fast 0/0 
R4(config-if)#clns mtu 1493 
R4(config-if)#int fast 0/1 
R4(config-if)#clns mtu 1493 
R4(config-if)#int fast 1/0 
R4(config-if)#clns mtu 1493 
R4(config-if)#^Z 
alternatively you can use the command "no hello padding" and all its variants

for example:
R4(config)#router isis 
R4(config-router)#no hello padding point-to-point 
adjacency is now established and the database is populated ...
R4#sh clns neighbors 
System Id      Interface   SNPA                State  Holdtime  Type Protocol 
zion-J2        Fa0/0       0050.8be3.eb2c      Up     25        L2   IS-IS 
zion-J3        Fa0/1       0050.8be3.eb2d      Up     22        L2   IS-IS 
zion-J5        Fa1/0       0050.8be3.eb2c      Up     20        L2   IS-IS 
R4#sh ip route isis | B ^Ga
Gateway of last resort is not set 

      10.0.0.0/8 is variably subnetted, 22 subnets, 3 masks 
i L2     10.0.2.0/30 [115/20] via 10.0.2.9, FastEthernet1/0 
                     [115/20] via 10.0.2.5, FastEthernet0/1 
i L2     10.0.3.3/32 [115/10] via 10.0.2.5, FastEthernet0/1 
...
R4 : MPLS and IS-IS TE Database integration

you must also enable the extensions required by RFC3784 necessary for TE information exchange, to control band allocation and label signaling via RSVP and finally the process of MPLS labeled packet:

globally enable LSP allocation
mpls traffic-eng tunnels
enable on all PE facing interface RSVP and MPLS packet processing like:
interface FastEthernet0/0 
 ip rsvp bandwidth    
 mpls traffic-eng tunnels
estabilish the router-id ( TLV 134 ) and allow the necessary TE TLV exchange on all Level-2 adjacencies
router isis
 mpls traffic-eng router-id Loopback0 
 mpls traffic-eng level-2

this is the complete R4 configuration:
!
hostname R4
!
mpls traffic-eng tunnels
!
interface Loopback0
 ip address 10.0.3.4 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.0.4.9 255.255.255.252
 ip router isis     
 mpls traffic-eng tunnels  
 clns mtu 1493    
 isis network point-to-point   
 ip rsvp bandwidth   
!
interface FastEthernet0/1
 ip address 10.0.2.6 255.255.255.252
 ip router isis 
 mpls traffic-eng tunnels
 clns mtu 1493
 isis network point-to-point 
 ip rsvp bandwidth
!         
interface FastEthernet1/0
 ip address 10.0.2.10 255.255.255.252
 ip router isis 
 mpls traffic-eng tunnels
 clns mtu 1493
 isis network point-to-point 
 ip rsvp bandwidth
!
router isis
 net 49.0000.0000.0004.00
 is-type level-2-only   
 metric-style wide   
 passive-interface Loopback0   
 mpls traffic-eng router-id Loopback0 
 mpls traffic-eng level-2  
!
the R6 configuration is similar and available at the end of this post.

LSP Setup

To verify the effective integration of the two platforms, let's configure two LSP (or TE Tunnels ), one from J2 to R6 and the simmetric from R6 to J2, reminding us that LSPs are always unidirectional.
We will not use any constraint, and hence the LSP will be allocated according to the best IGP metric the result should be:
LSP1 : J2 → R4 → R6 → J4
LSP2 : J5 → R4 → R6 → J2



The J2 configuration is simple:
protocols { 
    mpls { 
        label-switched-path J2-to-R6 { 
            to 10.0.9.6; 
        } 
}
This command requires an LSP to the address 10.0.9.6, resources allocation and Label signaling. If the entire process is successful, it immediately create an entry for the destination address in the inet.3 table, usually used to resolve the BGP next-hop, and that has precedence over the inet.0:

the LSP is active:
nick@zion> show mpls lsp ingress logical-system J2              
Ingress LSP: 1 sessions 
To              From            State Rt P     ActivePath       LSPname 
10.0.9.6        10.0.6.2        Up     0 *                      J2-to-R6 
Total 1 displayed, Up 1, Down 0 
the destination is installed in inet.3
nick@zion> show route 10.0.9.6 logical-system J2                

inet.0: 21 destinations, 21 routes (21 active, 0 holddown, 0 hidden) 
+ = Active Route, - = Last Active, * = Both 

10.0.9.6/32        *[IS-IS/18] 00:51:24, metric 30 
                    > to 10.0.4.1 via fxp2.203 
                      to 10.0.4.9 via fxp2.204 

inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) 
+ = Active Route, - = Last Active, * = Both 

10.0.9.6/32        *[RSVP/7] 00:49:32, metric 30 
                    > to 10.0.4.9 via fxp2.204, label-switched-path J2-to-R6 
The label allocated and signaled by R4 for this LSP is 16, the first label non-reserved
nick@zion> show route 10.0.9.6 logical-system J2 table inet.3 extensive | match Label  
                Label-switched-path J2-to-R6 
                Label operation: Push 16    
The minimum configuration of R6 is:
interface Tunnel0 
 ip unnumbered Loopback0 
 tunnel destination 10.0.6.2 
 tunnel mode mpls traffic-eng 
 tunnel mpls traffic-eng autoroute announce 
 tunnel mpls traffic-eng path-option 10 dynamic 
!
in IOS LSP is usually called “TE Tunnel” and configured as a tunnel interface: some notes about the configuration:
in this type of tunnel there is no “tunnel source”
“autoroute announce” install in the routing table the destination through the tunnel
“path-option 10 dynamic” use just the IGP metric without costrain
R6#sh mpls traffic-eng tunnels brief | b ^TU 
TUNNEL NAME                      DESTINATION      UP IF     DOWN IF   STATE/PROT 
R6_t0                            10.0.6.2         -         Fa0/0     up/up     
J2-to-R6                         10.0.9.6         Fa0/0     -         up/up     
Displayed 1 (of 1) heads, 0 (of 0) midpoints, 1 (of 1) tails 
show 2 tunnels “UP/UP”, one head and one tail.

IOS has just 1 table and this output can be disorienting (or the different Junos table :-) )

R6#sh ip route 10.0.6.2                          
Routing entry for 10.0.6.2/32 
  Known via "isis", distance 115, metric 30, type level-2 
  Redistributing via isis 
  Last update from 10.0.6.2 on Tunnel0, 00:55:05 ago 
  Routing Descriptor Blocks: 
  * 10.0.6.2, from 10.0.6.2, via Tunnel0 
      Route metric is 30, traffic share count is 1 
and the label used, allocated and signaled by J5 is in the tipical Junos range for this type of traffic:
R6#sh mpls traffic-eng tunnels tunnel 0 | i Label 
  InLabel  :  - 
  OutLabel : FastEthernet0/0, 299888
Also on the transit router can control the LSP allocated
On Junos:
nick@zion> show mpls lsp logical-system J5    
Ingress LSP: 0 sessions 
Total 0 displayed, Up 0, Down 0 

Egress LSP: 0 sessions 
Total 0 displayed, Up 0, Down 0 

Transit LSP: 2 sessions 
To              From            State   Rt Style Labelin Labelout LSPname 
10.0.6.2        10.0.9.6        Up       1  1 SE  299888       17 R6_t0 
10.0.9.6        10.0.6.2        Up       1  1 FF  299872        0 J2-to-R6 
Total 2 displayed, Up 2, Down 0 
and on Cisco:
R4#sh mpls traffic-eng tunnels brief | b ^TU 
TUNNEL NAME                      DESTINATION      UP IF     DOWN IF   STATE/PROT 
J2-to-R6                         10.0.9.6         Fa0/0     Fa1/0     up/up     
R6_t0                            10.0.6.2         Fa1/0     Fa0/0     up/up     
Displayed 0 (of 0) heads, 2 (of 2) midpoints, 0 (of 0) tails 

R4#sh mpls traffic-eng tunnels | i Tunnel|Label      
LSP Tunnel J2-to-R6 is signalled, connection is up 
  InLabel  : FastEthernet0/0, 16 
  OutLabel : FastEthernet1/0, 299872 
LSP Tunnel R6_t0 is signalled, connection is up 
  InLabel  : FastEthernet1/0, 17 
  OutLabel : FastEthernet0/0, implicit-null
In both cases the special label "implict-null" is used in place of PHP (Penultimate Hop Popping) because TE operations usually use the EXP Bit for traffic classification, which for some traffic reclassification may be different from the IP Precedence of the transported package ( and obviously also the traffic can not be IP... )

One further note for the Cisco platform that can misleading:
analizing LFIB (Label Forwarding Information Base) used for MPLS packet forwarding on R4 shows "Pop Label"
R4#sh mpls forwarding-table 
Local  Outgoing      Prefix            Bytes Label   Outgoing   Next Hop    
Label  Label or VC   or Tunnel Id      Switched      interface              
16     299872        10.0.6.2 12053 [1]   \ 
                                       0             Fa1/0      10.0.2.9    
17     Pop Label     10.0.9.6 0 [248]  0             Fa0/0      10.0.4.10 

but this mean ( from Cisco documentation ) :
No Label - Means that there is no label for the destination from the next hop or that label switching is not enabled on the outgoing interface.
** Pop Label ** - Means that the next hop advertised an implicit NULL label for the destination and that the router popped the top label.
Aggregate - Means there are several prefixes for one local label. This entry is used when IPv6 is configured on edge routers to transport IPv6 traffic over an IPv4 MPLS network.


Nothing particularly exciting at this point, only a couple of suggestions like the hello padding ISIS and verification of proper implementation of the two LSPs, it is now time to think about what to do with this two LSPs...

final Zion Configuration here
final R4 Configuration here
final R6 Configuration here

1 commento: