summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorekhudiyev <88712424+ekhudiyev@users.noreply.github.com>2021-11-26 17:31:13 +0400
committerGitHub <noreply@github.com>2021-11-26 17:31:13 +0400
commite87ed44e3b6a678a23b1eb5b425463b8d65e2ed7 (patch)
tree4e5f512d24ac6f639d5e0ba6765acacfe99275a4
parent8686fda24839acb92dd3c24cb7b7a8c325b08859 (diff)
downloadvyos-documentation-e87ed44e3b6a678a23b1eb5b425463b8d65e2ed7.tar.gz
vyos-documentation-e87ed44e3b6a678a23b1eb5b425463b8d65e2ed7.zip
Update l3vpn-hub-and-spoke.rst
-rw-r--r--docs/configexamples/l3vpn-hub-and-spoke.rst683
1 files changed, 655 insertions, 28 deletions
diff --git a/docs/configexamples/l3vpn-hub-and-spoke.rst b/docs/configexamples/l3vpn-hub-and-spoke.rst
index 66ad32fe..3a616873 100644
--- a/docs/configexamples/l3vpn-hub-and-spoke.rst
+++ b/docs/configexamples/l3vpn-hub-and-spoke.rst
@@ -46,6 +46,18 @@ The following software was used in the creation of this document:
**NOTE:** VyOS Router (tested with VyOS 1.4-rolling-202110310317)
– The configurations below are specifically for VyOS 1.4.x.
+General information can be found in the :ref:`l3vpn-vrfs` chapter.
+
+
+
+********
+Topology
+********
+.. image:: /_static/images/L3VPN_hub_spoke.png
+ :width: 80%
+ :align: center
+ :alt: Network Topology Diagram
+
*****************
@@ -70,35 +82,650 @@ routes exchange and minimize iBGP peerings between devices.
L3VPN configuration parameters table:
-+---------------------------------------+---------------------+
-| WAN Interface | eth0 |
-+---------------------------------------+---------------------+
-| On-premises address space | 10.10.0.0/16 |
-+---------------------------------------+---------------------+
-| Azure address space | 10.0.0.0/16 |
-+---------------------------------------+---------------------+
-| Vyos public IP | 198.51.100.3 |
-+---------------------------------------+---------------------+
-| Vyos private IP | 10.10.0.5 |
-+---------------------------------------+---------------------+
-| Azure VNet Gateway public IP | 203.0.113.2 |
-+---------------------------------------+---------------------+
-| Azure VNet Gateway BGP IP | 10.0.0.4 |
-+---------------------------------------+---------------------+
-| Pre-shared key | ch00s3-4-s3cur3-psk |
-+---------------------------------------+---------------------+
-| Vyos ASN | 64499 |
-+---------------------------------------+---------------------+
-| Azure ASN | 65540 |
-+---------------------------------------+---------------------+
++----------+-------+------------+-----------------+-------------+-------------+
+| Node | Role | VRF | RD | RT import | RT export |
++----------+-------+------------+-----------------+-------------+-------------+
+| VyOS-PE2 | Hub | BLUE_HUB | 10.80.80.1:1011 | 65035:1011 | 65035:1030 |
+| | | | | 65035:1030 | |
++----------+-------+------------+-----------------+-------------+-------------+
+| VyOS-PE1 | Spoke | BLUE_SPOKE | 10.50.50.1:1011 | 65035:1030 | 65035:1011 |
++----------+-------+------------+-----------------+-------------+-------------+
+| VyOS-PE3 | Spoke | BLUE_SPOKE | 10.60.60.1:1011 | 65035:1030 | 65035:1011 |
++----------+-------+------------+-----------------+-------------+-------------+
-********
-Topology
-********
-.. image:: /_static/images/Wan_load_balancing1.png
- :width: 80%
- :align: center
- :alt: Network Topology Diagram
+*************
+Configuration
+*************
+
+
+
+Step-1: Configuring IGP and enabling MPLS LDP
+=====================================
+
+At the first step we need to configure the IP/MPLS backbone network using OSPF as
+IGP protocol and LDP as label-switching protocol for the base connectivity between
+**P** (rovider), **P** (rovider) **E** (dge) and **R** (oute) **R** (eflector) nodes:
+
+- VyOS-P1:
+
+.. code-block:: none
+
+ # interfaces
+ set interfaces dummy dum10 address '3.3.3.3/32'
+ set interfaces ethernet eth0 address '172.16.30.1/24'
+ set interfaces ethernet eth1 address '172.16.40.1/24'
+ set interfaces ethernet eth2 address '172.16.90.1/24'
+ set interfaces ethernet eth3 address '172.16.10.1/24'
+ set interfaces ethernet eth5 address '172.16.100.1/24'
+
+ # protocols ospf+ldp
+ set protocols mpls interface 'eth1'
+ set protocols mpls interface 'eth2'
+ set protocols mpls interface 'eth3'
+ set protocols mpls interface 'eth5'
+ set protocols mpls interface 'eth0'
+ set protocols mpls ldp discovery transport-ipv4-address '3.3.3.3'
+ set protocols mpls ldp interface 'eth0'
+ set protocols mpls ldp interface 'eth1'
+ set protocols mpls ldp interface 'eth2'
+ set protocols mpls ldp interface 'eth3'
+ set protocols mpls ldp interface 'eth5'
+ set protocols mpls ldp router-id '3.3.3.3'
+ set protocols ospf area 0 network '0.0.0.0/0'
+ set protocols ospf parameters abr-type 'cisco'
+ set protocols ospf parameters router-id '3.3.3.3
+
+
+- VyOS-P2:
+
+.. code-block:: none
+
+ # interfaces
+ set interfaces dummy dum10 address '4.4.4.4/32'
+ set interfaces ethernet eth0 address '172.16.30.2/24'
+ set interfaces ethernet eth1 address '172.16.20.1/24'
+ set interfaces ethernet eth2 address '172.16.120.1/24'
+ set interfaces ethernet eth3 address '172.16.60.1/24'
+
+ # protocols ospf+ldp
+ set protocols mpls interface 'eth1'
+ set protocols mpls interface 'eth2'
+ set protocols mpls interface 'eth3'
+ set protocols mpls interface 'eth0'
+ set protocols mpls ldp discovery transport-ipv4-address '4.4.4.4'
+ set protocols mpls ldp interface 'eth0'
+ set protocols mpls ldp interface 'eth1'
+ set protocols mpls ldp interface 'eth2'
+ set protocols mpls ldp interface 'eth3'
+ set protocols mpls ldp router-id '4.4.4.4'
+ set protocols ospf area 0 network '0.0.0.0/0'
+ set protocols ospf parameters abr-type 'cisco'
+ set protocols ospf parameters router-id '4.4.4.4'
+
+- VyOS-P3:
+
+.. code-block:: none
+
+ # interfaces
+ set interfaces dummy dum10 address '5.5.5.5/32'
+ set interfaces ethernet eth0 address '172.16.110.1/24'
+ set interfaces ethernet eth1 address '172.16.40.2/24'
+ set interfaces ethernet eth2 address '172.16.50.1/24'
+ set interfaces ethernet eth3 address '172.16.70.1/24'
+
+ # protocols ospf + ldp
+ set protocols mpls interface 'eth1'
+ set protocols mpls interface 'eth2'
+ set protocols mpls interface 'eth3'
+ set protocols mpls interface 'eth0'
+ set protocols mpls ldp discovery transport-ipv4-address '5.5.5.5'
+ set protocols mpls ldp interface 'eth0'
+ set protocols mpls ldp interface 'eth1'
+ set protocols mpls ldp interface 'eth2'
+ set protocols mpls ldp interface 'eth3'
+ set protocols mpls ldp router-id '5.5.5.5'
+ set protocols ospf area 0 network '0.0.0.0/0'
+ set protocols ospf parameters abr-type 'cisco'
+ set protocols ospf parameters router-id '5.5.5.5'
+
+- VyOS-P4:
+
+.. code-block:: none
+
+ # interfaces
+ set interfaces dummy dum10 address '6.6.6.6/32'
+ set interfaces ethernet eth0 address '172.16.80.2/24'
+ set interfaces ethernet eth1 address '172.16.130.1/24'
+ set interfaces ethernet eth2 address '172.16.50.2/24'
+ set interfaces ethernet eth3 address '172.16.60.2/24'
+ set interfaces ethernet eth5 address '172.16.140.1/24'
+
+
+ # protocols ospf + ldp
+ set protocols mpls interface 'eth1'
+ set protocols mpls interface 'eth2'
+ set protocols mpls interface 'eth3'
+ set protocols mpls interface 'eth0'
+ set protocols mpls interface 'eth5'
+ set protocols mpls ldp discovery transport-ipv4-address '6.6.6.6'
+ set protocols mpls ldp interface 'eth0'
+ set protocols mpls ldp interface 'eth1'
+ set protocols mpls ldp interface 'eth2'
+ set protocols mpls ldp interface 'eth3'
+ set protocols mpls ldp interface 'eth5'
+ set protocols mpls ldp router-id '6.6.6.6'
+ set protocols ospf area 0 network '0.0.0.0/0'
+ set protocols ospf parameters abr-type 'cisco'
+ set protocols ospf parameters router-id '6.6.6.6'
+
+- VyOS-PE1:
+
+.. code-block:: none
+
+ # interfaces
+ set interfaces dummy dum10 address '7.7.7.7/32'
+ set interfaces ethernet eth0 address '172.16.90.2/24'
+
+ # protocols ospf + ldp
+ set protocols mpls interface 'eth0'
+ set protocols mpls ldp discovery transport-ipv4-address '7.7.7.7'
+ set protocols mpls ldp interface 'eth0'
+ set protocols mpls ldp router-id '7.7.7.7'
+ set protocols ospf area 0 network '0.0.0.0/0'
+ set protocols ospf parameters abr-type 'cisco'
+ set protocols ospf parameters router-id '7.7.7.7'
+
+- VyOS-PE2:
+
+.. code-block:: none
+
+ # interfaces
+ set interfaces dummy dum10 address '8.8.8.8/32'
+ set interfaces ethernet eth0 address '172.16.110.2/24'
+ set interfaces ethernet eth1 address '172.16.100.2/24'
+ set interfaces ethernet eth2 address '172.16.80.1/24'
+
+ # protocols ospf + ldp
+ set protocols mpls interface 'eth0'
+ set protocols mpls interface 'eth1'
+ set protocols mpls ldp discovery transport-ipv4-address '8.8.8.8'
+ set protocols mpls ldp interface 'eth0'
+ set protocols mpls ldp interface 'eth1'
+ set protocols mpls ldp router-id '8.8.8.8'
+ set protocols ospf area 0 network '0.0.0.0/0'
+ set protocols ospf parameters abr-type 'cisco'
+ set protocols ospf parameters router-id '8.8.8.8'
+
+- VyOS-PE3:
+
+.. code-block:: none
+
+ # interfaces
+ set interfaces dummy dum10 address '10.10.10.10/32'
+ set interfaces ethernet eth0 address '172.16.140.2/24'
+
+ # protocols ospf + ldp
+ set protocols mpls interface 'eth0'
+ set protocols mpls ldp discovery transport-ipv4-address '10.10.10.10'
+ set protocols mpls ldp interface 'eth0'
+ set protocols mpls ldp router-id '10.10.10.10'
+ set protocols ospf area 0 network '0.0.0.0/0'
+ set protocols ospf parameters abr-type 'cisco'
+ set protocols ospf parameters router-id '10.10.10.10'
+
+- VyOS-RR1:
+
+.. code-block:: none
+
+ # interfaces
+ set interfaces ethernet eth1 address '172.16.20.2/24'
+ set interfaces ethernet eth2 address '172.16.10.2/24'
+ set interfaces dummy dum10 address '1.1.1.1/32'
+
+ # protocols ospf + ldp
+ set protocols mpls interface 'eth1'
+ set protocols mpls interface 'eth2'
+ set protocols mpls ldp discovery transport-ipv4-address '1.1.1.1'
+ set protocols mpls ldp interface 'eth1'
+ set protocols mpls ldp interface 'eth2'
+ set protocols mpls ldp router-id '1.1.1.1'
+ set protocols ospf area 0 network '0.0.0.0/0'
+ set protocols ospf parameters abr-type 'cisco'
+ set protocols ospf parameters router-id '1.1.1.1'
+
+- VyOS-RR2:
+
+.. code-block:: none
+
+ # interfaces
+ set interfaces ethernet eth0 address '172.16.80.1/24'
+ set interfaces ethernet eth1 address '172.16.70.2/24'
+ set interfaces dummy dum10 address '2.2.2.2/32'
+
+ # protocols ospf + ldp
+ set protocols mpls interface 'eth0'
+ set protocols mpls interface 'eth1'
+ set protocols mpls ldp discovery transport-ipv4-address '2.2.2.2'
+ set protocols mpls ldp interface 'eth1'
+ set protocols mpls ldp interface 'eth0'
+ set protocols mpls ldp router-id '2.2.2.2'
+ set protocols ospf area 0 network '0.0.0.0/0'
+ set protocols ospf parameters abr-type 'cisco'
+ set protocols ospf parameters router-id '2.2.2.2'
+
+
+
+Step-2: Configuring iBGP for L3VPN control-plane
+================================================
+
+At this step we are going to enable iBGP protocol on MPLS nodes and
+Route Reflectors (two routers for redundancy) that will deliver IPv4
+VPN (L3VPN) routes between them:
+
+- VyOS-RR1:
+
+.. code-block:: none
+
+ set protocols bgp local-as '65001'
+ set protocols bgp neighbor 7.7.7.7 address-family ipv4-vpn route-reflector-client
+ set protocols bgp neighbor 7.7.7.7 peer-group 'RR_VPNv4'
+ set protocols bgp neighbor 8.8.8.8 address-family ipv4-vpn route-reflector-client
+ set protocols bgp neighbor 8.8.8.8 peer-group 'RR_VPNv4'
+ set protocols bgp neighbor 9.9.9.9 address-family ipv4-vpn route-reflector-client
+ set protocols bgp neighbor 9.9.9.9 peer-group 'RR_VPNv4'
+ set protocols bgp neighbor 10.10.10.10 address-family ipv4-vpn route-reflector-client
+ set protocols bgp neighbor 10.10.10.10 peer-group 'RR_VPNv4'
+ set protocols bgp parameters cluster-id '1.1.1.1'
+ set protocols bgp parameters default no-ipv4-unicast
+ set protocols bgp parameters log-neighbor-changes
+ set protocols bgp parameters router-id '1.1.1.1'
+ set protocols bgp peer-group RR_VPNv4 remote-as '65001'
+ set protocols bgp peer-group RR_VPNv4 update-source 'dum10'
+
+- VyOS-RR2:
+
+.. code-block:: none
+
+ set protocols bgp local-as '65001'
+ set protocols bgp neighbor 7.7.7.7 address-family ipv4-vpn route-reflector-client
+ set protocols bgp neighbor 7.7.7.7 peer-group 'RR_VPNv4'
+ set protocols bgp neighbor 8.8.8.8 address-family ipv4-vpn route-reflector-client
+ set protocols bgp neighbor 8.8.8.8 peer-group 'RR_VPNv4'
+ set protocols bgp neighbor 9.9.9.9 address-family ipv4-vpn route-reflector-client
+ set protocols bgp neighbor 9.9.9.9 peer-group 'RR_VPNv4'
+ set protocols bgp neighbor 10.10.10.10 address-family ipv4-vpn route-reflector-client
+ set protocols bgp neighbor 10.10.10.10 peer-group 'RR_VPNv4'
+ set protocols bgp parameters cluster-id '1.1.1.1'
+ set protocols bgp parameters default no-ipv4-unicast
+ set protocols bgp parameters log-neighbor-changes
+ set protocols bgp parameters router-id '2.2.2.2'
+ set protocols bgp peer-group RR_VPNv4 remote-as '65001'
+ set protocols bgp peer-group RR_VPNv4 update-source 'dum10'
+
+- VyOS-PE1:
+
+.. code-block:: none
+
+ set protocols bgp local-as '65001'
+ set protocols bgp neighbor 1.1.1.1 address-family ipv4-vpn nexthop-self
+ set protocols bgp neighbor 1.1.1.1 peer-group 'RR_VPNv4'
+ set protocols bgp neighbor 2.2.2.2 address-family ipv4-vpn nexthop-self
+ set protocols bgp neighbor 2.2.2.2 peer-group 'RR_VPNv4'
+ set protocols bgp parameters default no-ipv4-unicast
+ set protocols bgp parameters log-neighbor-changes
+ set protocols bgp parameters router-id '7.7.7.7'
+ set protocols bgp peer-group RR_VPNv4 remote-as '65001'
+ set protocols bgp peer-group RR_VPNv4 update-source 'dum10'
+
+- VyOS-PE2:
+
+.. code-block:: none
+
+ set protocols bgp local-as '65001'
+ set protocols bgp neighbor 1.1.1.1 address-family ipv4-vpn nexthop-self
+ set protocols bgp neighbor 1.1.1.1 peer-group 'RR_VPNv4'
+ set protocols bgp neighbor 2.2.2.2 address-family ipv4-vpn nexthop-self
+ set protocols bgp neighbor 2.2.2.2 peer-group 'RR_VPNv4'
+ set protocols bgp parameters default no-ipv4-unicast
+ set protocols bgp parameters log-neighbor-changes
+ set protocols bgp parameters router-id '8.8.8.8'
+ set protocols bgp peer-group RR_VPNv4 remote-as '65001'
+ set protocols bgp peer-group RR_VPNv4 update-source 'dum10'
+
+- VyOS-PE3:
+
+.. code-block:: none
+
+ set protocols bgp local-as '65001'
+ set protocols bgp neighbor 1.1.1.1 address-family ipv4-vpn nexthop-self
+ set protocols bgp neighbor 1.1.1.1 peer-group 'RR_VPNv4'
+ set protocols bgp neighbor 2.2.2.2 address-family ipv4-vpn nexthop-self
+ set protocols bgp neighbor 2.2.2.2 peer-group 'RR_VPNv4'
+ set protocols bgp parameters default no-ipv4-unicast
+ set protocols bgp parameters log-neighbor-changes
+ set protocols bgp parameters router-id '10.10.10.10'
+ set protocols bgp peer-group RR_VPNv4 remote-as '65001'
+ set protocols bgp peer-group RR_VPNv4 update-source 'dum10'
+
+
+
+Step-3: Configuring L3VPN VRFs on PE nodes
+==========================================
+
+This section provides configuration steps for setting up VRFs on our
+PE nodes including CE facing interfaces, BGP, rd and route-target
+import/export based on the pre-defined parameters.
+
+- VyOS-PE1:
+
+.. code-block:: none
+
+ # VRF settings
+ set vrf name BLUE_SPOKE table '200'
+ set vrf name BLUE_SPOKE protocols bgp address-family ipv4-unicast export vpn
+ set vrf name BLUE_SPOKE protocols bgp address-family ipv4-unicast import vpn
+ set vrf name BLUE_SPOKE protocols bgp address-family ipv4-unicast label vpn export 'auto'
+ set vrf name BLUE_SPOKE protocols bgp address-family ipv4-unicast network 10.50.50.0/24
+ set vrf name BLUE_SPOKE protocols bgp address-family ipv4-unicast rd vpn export '10.50.50.1:1011'
+ set vrf name BLUE_SPOKE protocols bgp address-family ipv4-unicast redistribute connected
+ set vrf name BLUE_SPOKE protocols bgp address-family ipv4-unicast route-target vpn export '65035:1011'
+ set vrf name BLUE_SPOKE protocols bgp address-family ipv4-unicast route-target vpn import '65035:1030'
+ set vrf name BLUE_SPOKE protocols bgp local-as '65001'
+ set vrf name BLUE_SPOKE protocols bgp neighbor 10.50.50.2 address-family ipv4-unicast as-override
+ set vrf name BLUE_SPOKE protocols bgp neighbor 10.50.50.2 remote-as '65035'
+
+ # interfaces
+ set interfaces ethernet eth3 address '10.50.50.1/24'
+ set interfaces ethernet eth3 vrf 'BLUE_SPOKE'
+
+- VyOS-PE2:
+
+.. code-block:: none
+
+ # VRF settings
+ set vrf name BLUE_HUB table '400'
+ set vrf name BLUE_HUB protocols bgp address-family ipv4-unicast export vpn
+ set vrf name BLUE_HUB protocols bgp address-family ipv4-unicast import vpn
+ set vrf name BLUE_HUB protocols bgp address-family ipv4-unicast label vpn export 'auto'
+ set vrf name BLUE_HUB protocols bgp address-family ipv4-unicast network 10.80.80.0/24
+ set vrf name BLUE_HUB protocols bgp address-family ipv4-unicast rd vpn export '10.80.80.1:1011'
+ set vrf name BLUE_HUB protocols bgp address-family ipv4-unicast redistribute connected
+ set vrf name BLUE_HUB protocols bgp address-family ipv4-unicast route-target vpn export '65035:1030'
+ set vrf name BLUE_HUB protocols bgp address-family ipv4-unicast route-target vpn import '65035:1011 65050:2011 65035:1030'
+ set vrf name BLUE_HUB protocols bgp local-as '65001'
+ set vrf name BLUE_HUB protocols bgp neighbor 10.80.80.2 address-family ipv4-unicast as-override
+ set vrf name BLUE_HUB protocols bgp neighbor 10.80.80.2 remote-as '65035'
+
+ # interfaces
+ set interfaces ethernet eth3 address '10.80.80.1/24'
+ set interfaces ethernet eth3 vrf 'BLUE_HUB'
+
+- VyOS-PE3:
+
+.. code-block:: none
+
+ # VRF settings
+ set vrf name BLUE_SPOKE table '200'
+ set vrf name BLUE_SPOKE protocols bgp address-family ipv4-unicast export vpn
+ set vrf name BLUE_SPOKE protocols bgp address-family ipv4-unicast import vpn
+ set vrf name BLUE_SPOKE protocols bgp address-family ipv4-unicast label vpn export 'auto'
+ set vrf name BLUE_SPOKE protocols bgp address-family ipv4-unicast network 10.60.60.0/24
+ set vrf name BLUE_SPOKE protocols bgp address-family ipv4-unicast rd vpn export '10.60.60.1:1011'
+ set vrf name BLUE_SPOKE protocols bgp address-family ipv4-unicast redistribute connected
+ set vrf name BLUE_SPOKE protocols bgp address-family ipv4-unicast route-target vpn export '65035:1011'
+ set vrf name BLUE_SPOKE protocols bgp address-family ipv4-unicast route-target vpn import '65035:1030'
+ set vrf name BLUE_SPOKE protocols bgp local-as '65001'
+ set vrf name BLUE_SPOKE protocols bgp neighbor 10.60.60.2 address-family ipv4-unicast as-override
+ set vrf name BLUE_SPOKE protocols bgp neighbor 10.60.60.2 remote-as '65035'
+
+ # interfaces
+ set interfaces ethernet eth3 address '10.60.60.1/24'
+ set interfaces ethernet eth3 vrf 'BLUE_SPOKE'
+
+
+
+Step-4: Configuring CE nodes
+============================
+
+Dynamic routing used between CE and PE nodes and eBGP peering
+established for the route exchanging between them. All routes
+received by PEs are then exported to L3VPN and delivered from
+Spoke sites to Hub and vise-versa based on previously
+configured L3VPN parameters.
+
+- VyOS-CE1-SPOKE:
+
+.. code-block:: none
+
+ # interfaces
+ set interfaces dummy dum20 address '80.80.80.80/32'
+ set interfaces ethernet eth0 address '10.50.50.2/24'
+
+ # BGP for peering with PE
+ set protocols bgp 65035 address-family ipv4-unicast network 80.80.80.80/32
+ set protocols bgp 65035 neighbor 10.50.50.1 ebgp-multihop '2'
+ set protocols bgp 65035 neighbor 10.50.50.1 remote-as '65001'
+ set protocols bgp 65035 neighbor 10.50.50.1 update-source 'eth0'
+ set protocols bgp 65035 parameters default no-ipv4-unicast
+ set protocols bgp 65035 parameters log-neighbor-changes
+ set protocols bgp 65035 parameters router-id '10.50.50.2'
+
+- VyOS-CE1-HUB:
+
+.. code-block:: none
+
+ # interfaces
+ set interfaces dummy dum20 address '100.100.100.100/32'
+ set interfaces ethernet eth0 address '10.80.80.2/24'
+
+ # BGP for peering with PE
+ set protocols bgp 65035 address-family ipv4-unicast network 100.100.100.100/32
+ set protocols bgp 65035 address-family ipv4-unicast redistribute connected
+ set protocols bgp 65035 neighbor 10.80.80.1 ebgp-multihop '2'
+ set protocols bgp 65035 neighbor 10.80.80.1 remote-as '65001'
+ set protocols bgp 65035 neighbor 10.80.80.1 update-source 'eth0'
+ set protocols bgp 65035 parameters default no-ipv4-unicast
+ set protocols bgp 65035 parameters log-neighbor-changes
+ set protocols bgp 65035 parameters router-id '10.80.80.2'
+
+- VyOS-CE2-SPOKE:
+
+.. code-block:: none
+
+ # interfaces
+ set interfaces dummy dum20 address '90.90.90.90/32'
+ set interfaces ethernet eth0 address '10.60.60.2/24'
+
+ # BGP for peering with PE
+ set protocols bgp 65035 address-family ipv4-unicast network 90.90.90.90/32
+ set protocols bgp 65035 neighbor 10.60.60.1 ebgp-multihop '2'
+ set protocols bgp 65035 neighbor 10.60.60.1 remote-as '65001'
+ set protocols bgp 65035 neighbor 10.60.60.1 update-source 'eth0'
+ set protocols bgp 65035 parameters default no-ipv4-unicast
+ set protocols bgp 65035 parameters log-neighbor-changes
+ set protocols bgp 65035 parameters router-id '10.60.60.2'
+
+
+
+Step-5: Verification
+====================
+
+This section describes verification commands for MPLS/BGP/LDP
+protocols and L3VPN related routes as well as diagnosis and
+reachability checks between CE nodes.
+
+Let’s check IPv4 routing and MPLS information on provider nodes
+(same procedure for all P nodes):
+
+- “show ip ospf neighbor” for checking ospf relationship
+
+.. code-block:: none
+
+ vyos@VyOS-P1:~$ show ip ospf neighbor
+
+ Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL
+ 4.4.4.4 1 Full/Backup 34.718s 172.16.30.2 eth0:172.16.30.1 0 0 0
+ 5.5.5.5 1 Full/Backup 35.132s 172.16.40.2 eth1:172.16.40.1 0 0 0
+ 7.7.7.7 1 Full/Backup 34.764s 172.16.90.2 eth2:172.16.90.1 0 0 0
+ 1.1.1.1 1 Full/Backup 35.642s 172.16.10.2 eth3:172.16.10.1 0 0 0
+ 8.8.8.8 1 Full/Backup 35.484s 172.16.100.2 eth5:172.16.100.1 0 0 0
+
+- “show mpls ldp neighbor “ for checking ldp neighbors
+
+.. code-block:: none
+
+ vyos@VyOS-P1:~$ show mpls ldp neighbor
+ AF ID State Remote Address Uptime
+ ipv4 1.1.1.1 OPERATIONAL 1.1.1.1 07w5d06h
+ ipv4 4.4.4.4 OPERATIONAL 4.4.4.4 09w3d00h
+ ipv4 5.5.5.5 OPERATIONAL 5.5.5.5 09w2d23h
+ ipv4 7.7.7.7 OPERATIONAL 7.7.7.7 03w0d01h
+ ipv4 8.8.8.8 OPERATIONAL 8.8.8.8 01w3d02h
+
+- “show mpls ldp binding” for checking mpls label assignment
+
+.. code-block:: none
+
+ vyos@VyOS-P1:~$ show mpls ldp discovery
+ AF Destination Nexthop Local Label Remote Label In Use
+ ipv4 1.1.1.1/32 1.1.1.1 23 imp-null yes
+ ipv4 1.1.1.1/32 4.4.4.4 23 20 no
+ ipv4 1.1.1.1/32 5.5.5.5 23 17 no
+ ipv4 1.1.1.1/32 7.7.7.7 23 16 no
+ ipv4 1.1.1.1/32 8.8.8.8 23 16 no
+ ipv4 2.2.2.2/32 1.1.1.1 20 16 no
+ ipv4 2.2.2.2/32 4.4.4.4 20 22 no
+ ipv4 2.2.2.2/32 5.5.5.5 20 24 yes
+ ipv4 2.2.2.2/32 7.7.7.7 20 17 no
+ ipv4 2.2.2.2/32 8.8.8.8 20 17 no
+ ipv4 3.3.3.3/32 1.1.1.1 imp-null 17 no
+ ipv4 3.3.3.3/32 4.4.4.4 imp-null 16 no
+ ipv4 3.3.3.3/32 5.5.5.5 imp-null 18 no
+ ipv4 3.3.3.3/32 7.7.7.7 imp-null 18 no
+ ipv4 3.3.3.3/32 8.8.8.8 imp-null 18 no
+ ipv4 4.4.4.4/32 1.1.1.1 16 18 no
+ ipv4 4.4.4.4/32 4.4.4.4 16 imp-null yes
+ ipv4 4.4.4.4/32 5.5.5.5 16 19 no
+ ipv4 4.4.4.4/32 7.7.7.7 16 19 no
+ ipv4 4.4.4.4/32 8.8.8.8 16 19 no
+ ipv4 5.5.5.5/32 1.1.1.1 21 19 no
+ ipv4 5.5.5.5/32 4.4.4.4 21 17 no
+ ipv4 5.5.5.5/32 5.5.5.5 21 imp-null yes
+ ipv4 5.5.5.5/32 7.7.7.7 21 20 no
+ ipv4 5.5.5.5/32 8.8.8.8 21 20 no
+ ipv4 6.6.6.6/32 1.1.1.1 17 20 no
+ ipv4 6.6.6.6/32 4.4.4.4 17 23 yes
+ ipv4 6.6.6.6/32 5.5.5.5 17 21 yes
+ ipv4 6.6.6.6/32 7.7.7.7 17 21 no
+ ipv4 6.6.6.6/32 8.8.8.8 17 21 no
+ ipv4 7.7.7.7/32 1.1.1.1 22 21 no
+ ipv4 7.7.7.7/32 4.4.4.4 22 18 no
+ ipv4 7.7.7.7/32 5.5.5.5 22 20 no
+ ipv4 7.7.7.7/32 7.7.7.7 22 imp-null yes
+ ipv4 7.7.7.7/32 8.8.8.8 22 22 no
+ ipv4 8.8.8.8/32 1.1.1.1 24 22 no
+ ipv4 8.8.8.8/32 4.4.4.4 24 19 no
+ ipv4 8.8.8.8/32 5.5.5.5 24 16 no
+ ipv4 8.8.8.8/32 7.7.7.7 24 22 no
+ ipv4 8.8.8.8/32 8.8.8.8 24 imp-null yes
+ ipv4 9.9.9.9/32 1.1.1.1 18 23 no
+ ipv4 9.9.9.9/32 4.4.4.4 18 21 yes
+ ipv4 9.9.9.9/32 5.5.5.5 18 22 no
+ ipv4 9.9.9.9/32 7.7.7.7 18 23 no
+ ipv4 9.9.9.9/32 8.8.8.8 18 23 no
+ ipv4 10.10.10.10/32 1.1.1.1 19 24 no
+ ipv4 10.10.10.10/32 4.4.4.4 19 24 yes
+ ipv4 10.10.10.10/32 5.5.5.5 19 23 yes
+ ipv4 10.10.10.10/32 7.7.7.7 19 24 no
+ ipv4 10.10.10.10/32 8.8.8.8 19 24 no
+
+Now we’re checking iBGP status and routes from route-reflector
+nodes to other devices:
+
+- “show bgp ipv4 vpn summary” for checking BGP VPNv4 neighbors:
+
+.. code-block:: none
+
+ vyos@VyOS-RR1:~$ show bgp ipv4 vpn summary
+ BGP router identifier 1.1.1.1, local AS number 65001 vrf-id 0
+ BGP table version 0
+ RIB entries 9, using 1728 bytes of memory
+ Peers 4, using 85 KiB of memory
+ Peer groups 1, using 64 bytes of memory
+
+ Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt
+ 7.7.7.7 4 65001 7719 7733 0 0 0 5d07h56m 2 10
+ 8.8.8.8 4 65001 7715 7724 0 0 0 5d08h28m 4 10
+ 9.9.9.9 4 65001 7713 7724 0 0 0 5d08h28m 2 10
+ 10.10.10.10 4 65001 7713 7724 0 0 0 5d08h28m 2 10
+
+ Total number of neighbors 4
+
+- “show bgp ipv4 vpn” for checking all VPNv4 prefixes information:
+
+.. code-block:: none
+
+ vyos@VyOS-RR1:~$ show bgp ipv4 vpn
+ BGP table version is 2, local router ID is 1.1.1.1, vrf id 0
+ Default local pref 100, local AS 65001
+ Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
+ i internal, r RIB-failure, S Stale, R Removed
+ Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
+ Origin codes: i - IGP, e - EGP, ? - incomplete
+
+ Network Next Hop Metric LocPrf Weight Path
+ Route Distinguisher: 10.50.50.1:1011
+ *>i10.50.50.0/24 7.7.7.7 0 100 0 i
+ UN=7.7.7.7 EC{65035:1011} label=80 type=bgp, subtype=0
+ *>i80.80.80.80/32 7.7.7.7 0 100 0 65035 i
+ UN=7.7.7.7 EC{65035:1011} label=80 type=bgp, subtype=0
+ Route Distinguisher: 10.60.60.1:1011
+ *>i10.60.60.0/24 10.10.10.10 0 100 0 i
+ UN=10.10.10.10 EC{65035:1011} label=80 type=bgp, subtype=0
+ *>i90.90.90.90/32 10.10.10.10 0 100 0 65035 i
+ UN=10.10.10.10 EC{65035:1011} label=80 type=bgp, subtype=0
+ Route Distinguisher: 10.80.80.1:1011
+ *>i10.80.80.0/24 8.8.8.8 0 100 0 i
+ UN=8.8.8.8 EC{65035:1030} label=80 type=bgp, subtype=0
+ *>i100.100.100.100/32
+ 8.8.8.8 0 100 0 65035 i
+ UN=8.8.8.8 EC{65035:1030} label=80 type=bgp, subtype=0
+ Route Distinguisher: 172.16.80.1:2011
+ *>i10.110.110.0/24 8.8.8.8 0 100 0 65050 i
+ UN=8.8.8.8 EC{65050:2011} label=81 type=bgp, subtype=0
+ *>i172.16.80.0/24 8.8.8.8 0 100 0 i
+ UN=8.8.8.8 EC{65050:2011} label=81 type=bgp, subtype=0
+ Route Distinguisher: 172.16.100.1:2011
+ *>i10.210.210.0/24 9.9.9.9 0 100 0 65050 i
+ UN=9.9.9.9 EC{65050:2011} label=80 type=bgp, subtype=0
+ *>i172.16.100.0/24 9.9.9.9 0 100 0 i
+ UN=9.9.9.9 EC{65050:2011} label=80 type=bgp, subtype=0
+
+- “show bgp ipv4 vpn x.x.x.x/x” for checking best path selected
+ for specific VPNv4 destination
+
+.. code-block:: none
+
+ vyos@VyOS-RR1:~$ show bgp ipv4 vpn 100.100.100.100/32
+ BGP routing table entry for 10.80.80.1:1011:100.100.100.100/32
+ not allocated
+ Paths: (1 available, best #1)
+ Advertised to non peer-group peers:
+ 7.7.7.7 8.8.8.8 9.9.9.9 10.10.10.10
+ 65035, (Received from a RR-client)
+ 8.8.8.8 from 8.8.8.8 (8.8.8.8)
+ Origin incomplete, metric 0, localpref 100, valid, internal, best (First path received)
+ Extended Community: RT:65035:1030
+ Remote label: 80
+ Last update: Tue Oct 19 13:45:32 202
+
+Also we can verify how PE devices receives VPNv4 networks from the RRs
+and installing them to the specific customer VRFs:
+
+- “show bgp ipv4 vpn summary” for checking iBGP neighbors against
+ route-reflector devices:
+.. code-block:: none
+