7. Appendix: complete configurationΒΆ
Listed here is the CLI configuration for the configuration discussed in this use case.
border1 running config# show config nodefault
vrf main
routing
ospf
router-id 172.16.200.1
abr-type standard
log-adjacency-changes detail
network 172.16.100.0/24 area 0
passive-interface vrrp_internal
redistribute connected
..
bgp
as 65200
log-neighbor-changes true
packet-rw-quantum
write 10
..
router-id 172.16.200.1
neighbor 172.16.200.3
remote-as 65200
neighbor-description PE1
update-source loopback0
address-family
ipv4-unicast
route-map out route-map-name set_nexthop_vip_internal
soft-reconfiguration-inbound true
..
..
..
neighbor 172.16.200.4
remote-as 65200
neighbor-description PE2
update-source loopback0
address-family
ipv4-unicast
route-map out route-map-name set_nexthop_vip_internal
soft-reconfiguration-inbound true
..
..
..
neighbor 3.3.3.1
remote-as 300
neighbor-description Transit3-IPv4
address-family
ipv4-unicast
prefix-list in prefix-list-name any_except_bogons
route-map out route-map-name set_nexthop_vip_transit3
soft-reconfiguration-inbound true
..
..
..
neighbor 1.1.1.1
remote-as 100
neighbor-description Transit1-IPv4
address-family
ipv4-unicast
prefix-list in prefix-list-name any_except_bogons
route-map out route-map-name set_nexthop_vip_transit1
soft-reconfiguration-inbound true
..
..
..
neighbor 2.2.2.1
remote-as 200
neighbor-description Transit2-IPv4
address-family
ipv4-unicast
prefix-list in prefix-list-name any_except_bogons
route-map out route-map-name set_nexthop_vip_transit2
soft-reconfiguration-inbound true
..
..
..
neighbor 172.16.200.2
remote-as 65200
neighbor-description border2
update-source loopback0
address-family
ipv4-unicast
soft-reconfiguration-inbound true
..
..
..
neighbor 172.16.100.253
remote-as 65200
neighbor-description IRP
address-family
ipv4-unicast
route-reflector-client true
soft-reconfiguration-inbound true
..
ipv4-flowspec
route-reflector-client true
soft-reconfiguration-inbound true
..
..
..
..
..
interface
physical ntfp1
port pci-b0s4
rx-cp-protection true
tx-cp-protection true
ipv4
address 172.16.100.1/24
..
ethernet
auto-negotiate true
..
..
physical ntfp2
port pci-b0s5
rx-cp-protection true
tx-cp-protection true
ethernet
auto-negotiate true
..
..
physical ntfp3
port pci-b0s6
rx-cp-protection true
tx-cp-protection true
ethernet
auto-negotiate true
..
..
vlan vlan1
description Transit_1
ipv4
address 1.1.1.2/24
..
vlan-id 1
link-interface ntfp3
..
vlan vlan3
description Transit_3
ipv4
address 3.3.3.2/24
..
vlan-id 3
link-interface ntfp2
..
vlan vlan2
description Transit_2
ipv4
address 2.2.2.2/24
..
vlan-id 2
link-interface ntfp3
..
loopback loopback0
ipv4
address 172.16.200.1/32
..
..
vrrp vrrp1
link-interface vlan1
vrid 1
priority 150
preempt-delay 60
track-fast-path true
virtual-address 1.1.1.4/24
..
vrrp vrrp2
link-interface vlan2
vrid 2
priority 150
preempt-delay 60
track-fast-path true
virtual-address 2.2.2.4/24
..
vrrp vrrp3
link-interface vlan3
vrid 3
priority 150
preempt-delay 60
track-fast-path true
virtual-address 3.3.3.4/24
..
vrrp vrrp_internal
link-interface ntfp1
vrid 200
priority 150
preempt-delay 60
track-fast-path true
virtual-address 172.16.100.5/24
..
..
logging
syslog
remote-server 172.16.100.253
..
..
..
sflow
agent-interface loopback0
sflow-collector 172.16.100.253
sflow-collector 172.16.100.254
sflow-interface vlan1
sflow-interface vlan3
sflow-interface vlan2
sflow-sampling speed 40G
sflow-sampling speed 10G rate 10000
..
snmp
static-info
location paris
contact noc@6wind.com
..
community local
authorization read-only
source 127.0.0.1
..
community ems
authorization read-only
source 172.16.100.254
..
..
kpi
telegraf
influxdb-output url http://172.16.100.254:8086 database telegraf
..
..
vrrp
router-id border1
group vrrp_group
instance vrrp1
instance vrrp2
instance vrrp3
instance vrrp_internal
..
..
..
vrf mgmt
interface
physical ens3
port pci-b0s3
ipv4
dhcp
..
..
..
..
..
system
fast-path
port pci-b0s4
port pci-b0s5
port pci-b0s6
cp-protection
budget 20
..
limits
ip4-max-route 3000000
..
..
license
online
serial XXXXXXXXXXXXXXXX
vrf mgmt
..
..
kpi
service fp-bridge-stats
service fp-context-switch-stats
service fp-cp-protect-stats
service fp-cpu-usage
service fp-dpvi-stats
service fp-ebtables-stats
service fp-exception-queue-stats
service fp-exceptions-stats
service fp-filling
service fp-global-stats
service fp-gre-stats
service fp-gro-stats
service fp-ip-stats
service fp-ip6-stats
service fp-ipsec-stats
service fp-ipsec6-stats
service fp-npf-stats
service fp-ports-stats
service fp-status
service fp-vlan-stats
service fp-vxlan-stats
service network-nic-eth-stats
service network-nic-hw-info
service network-nic-traffic-stats
service product-license
service product-version
service system-cpu-usage
service system-disk-usage
service system-memory
service system-numa-stats
service system-processes
service system-soft-interrupts-stats
service system-uptime
service system-user-count
service system-users
..
..
routing
ipv4-prefix-list any_except_bogons
seq 5 address 0.0.0.0/8 policy deny le 32
seq 10 address 10.0.0.0/8 policy deny le 32
seq 15 address 127.0.0.0/8 policy deny le 32
seq 20 address 169.254.0.0/16 policy deny le 32
seq 25 address 172.16.0.0/12 policy deny le 32
seq 35 address 192.168.0.0/16 policy deny le 32
seq 40 address 224.0.0.0/3 policy deny le 32
seq 45 address 0.0.0.0/0 policy deny ge 25
seq 50 address 0.0.0.0/0 policy permit le 32
..
route-map set_nexthop_vip_transit1
seq 10
policy permit
set
ip
next-hop 1.1.1.4
..
..
..
..
route-map set_nexthop_vip_transit2
seq 10
policy permit
set
ip
next-hop 2.2.2.4
..
..
..
..
route-map set_nexthop_vip_transit3
seq 10
policy permit
set
ip
next-hop 3.3.3.4
..
..
..
..
route-map set_nexthop_vip_internal
seq 10
policy permit
set
ip
next-hop 172.16.100.5
..
..
..
..
bgp
..
..
Here is the configuration of the other border router node: Border2
border2 running config# show config nodefault
vrf main
routing
ospf
router-id 172.16.200.2
abr-type standard
log-adjacency-changes detail
network 172.16.100.0/24 area 0
passive-interface vrrp_internal
redistribute connected
..
bgp
as 65200
log-neighbor-changes true
packet-rw-quantum
write 10
..
router-id 172.16.200.2
neighbor 172.16.200.3
remote-as 65200
neighbor-description PE1
update-source loopback0
address-family
ipv4-unicast
route-map out route-map-name set_nexthop_vip_internal
soft-reconfiguration-inbound true
..
..
..
neighbor 172.16.200.4
remote-as 65200
neighbor-description PE2
update-source loopback0
address-family
ipv4-unicast
route-map out route-map-name set_nexthop_vip_internal
soft-reconfiguration-inbound true
..
..
..
neighbor 3.3.3.1
remote-as 300
neighbor-description Transit3-IPv4
address-family
ipv4-unicast
prefix-list in prefix-list-name any_except_bogons
route-map out route-map-name set_nexthop_vip_transit3
soft-reconfiguration-inbound true
..
..
..
neighbor 1.1.1.1
remote-as 100
neighbor-description Transit1-IPv4
address-family
ipv4-unicast
prefix-list in prefix-list-name any_except_bogons
route-map out route-map-name set_nexthop_vip_transit1
soft-reconfiguration-inbound true
..
..
..
neighbor 2.2.2.1
remote-as 200
neighbor-description Transit2-IPv4
address-family
ipv4-unicast
prefix-list in prefix-list-name any_except_bogons
route-map out route-map-name set_nexthop_vip_transit2
soft-reconfiguration-inbound true
..
..
..
neighbor 172.16.200.1
remote-as 65200
neighbor-description border1
update-source loopback0
address-family
ipv4-unicast
soft-reconfiguration-inbound true
..
..
..
neighbor 172.16.100.253
remote-as 65200
neighbor-description IRP
address-family
ipv4-unicast
route-reflector-client true
soft-reconfiguration-inbound true
..
ipv4-flowspec
route-reflector-client true
soft-reconfiguration-inbound true
..
..
..
..
..
interface
physical ntfp1
port pci-b0s4
rx-cp-protection true
tx-cp-protection true
ipv4
address 172.16.100.2/24
..
ethernet
auto-negotiate true
..
..
physical ntfp2
port pci-b0s5
rx-cp-protection true
tx-cp-protection true
ethernet
auto-negotiate true
..
..
physical ntfp3
port pci-b0s6
rx-cp-protection true
tx-cp-protection true
ethernet
auto-negotiate true
..
..
vlan vlan1
description Transit_1
ipv4
address 1.1.1.3/24
..
vlan-id 1
link-interface ntfp3
..
vlan vlan3
description Transit_3
ipv4
address 3.3.3.3/24
..
vlan-id 3
link-interface ntfp2
..
vlan vlan2
description Transit_2
ipv4
address 2.2.2.3/24
..
vlan-id 2
link-interface ntfp3
..
loopback loopback0
ipv4
address 172.16.200.2/32
..
..
vrrp vrrp1
link-interface vlan1
vrid 1
preempt-delay 60
track-fast-path true
virtual-address 1.1.1.4/24
..
vrrp vrrp2
link-interface vlan2
vrid 2
preempt-delay 60
track-fast-path true
virtual-address 2.2.2.4/24
..
vrrp vrrp3
link-interface vlan3
vrid 3
preempt-delay 60
track-fast-path true
virtual-address 3.3.3.4/24
..
vrrp vrrp_internal
link-interface ntfp1
vrid 200
preempt-delay 60
track-fast-path true
virtual-address 172.16.100.5/24
..
..
logging
syslog
remote-server 172.16.100.253
..
..
..
sflow
agent-interface loopback0
sflow-collector 172.16.100.253
sflow-collector 172.16.100.254
sflow-interface vlan1
sflow-interface vlan3
sflow-interface vlan2
sflow-sampling speed 40G
sflow-sampling speed 10G rate 10000
..
snmp
static-info
location paris
contact noc@6wind.com
..
community local
authorization read-only
source 127.0.0.1
..
community ems
authorization read-only
source 172.16.100.254
..
..
kpi
telegraf
influxdb-output url http://172.16.100.254:8086 database telegraf
..
..
vrrp
router-id border2
group vrrp_group
instance vrrp1
instance vrrp2
instance vrrp3
instance vrrp_internal
..
..
..
vrf mgmt
interface
physical ens3
port pci-b0s3
ipv4
dhcp
..
..
..
..
..
system
fast-path
port pci-b0s4
port pci-b0s5
port pci-b0s6
cp-protection
budget 20
..
limits
ip4-max-route 3000000
..
..
license
online
serial XXXXXXXXXXXXXXXX
vrf mgmt
..
..
kpi
service fp-bridge-stats
service fp-context-switch-stats
service fp-cp-protect-stats
service fp-cpu-usage
service fp-dpvi-stats
service fp-ebtables-stats
service fp-exception-queue-stats
service fp-exceptions-stats
service fp-filling
service fp-global-stats
service fp-gre-stats
service fp-gro-stats
service fp-ip-stats
service fp-ip6-stats
service fp-ipsec-stats
service fp-ipsec6-stats
service fp-npf-stats
service fp-ports-stats
service fp-status
service fp-vlan-stats
service fp-vxlan-stats
service network-nic-eth-stats
service network-nic-hw-info
service network-nic-traffic-stats
service product-license
service product-version
service system-cpu-usage
service system-disk-usage
service system-memory
service system-numa-stats
service system-processes
service system-soft-interrupts-stats
service system-uptime
service system-user-count
service system-users
..
..
routing
ipv4-prefix-list any_except_bogons
seq 5 address 0.0.0.0/8 policy deny le 32
seq 10 address 10.0.0.0/8 policy deny le 32
seq 15 address 127.0.0.0/8 policy deny le 32
seq 20 address 169.254.0.0/16 policy deny le 32
seq 25 address 172.16.0.0/12 policy deny le 32
seq 35 address 192.168.0.0/16 policy deny le 32
seq 40 address 224.0.0.0/3 policy deny le 32
seq 45 address 0.0.0.0/0 policy deny ge 25
seq 50 address 0.0.0.0/0 policy permit le 32
..
route-map set_nexthop_vip_transit1
seq 10
policy permit
set
ip
next-hop 1.1.1.4
..
..
..
..
route-map set_nexthop_vip_transit2
seq 10
policy permit
set
ip
next-hop 2.2.2.4
..
..
..
..
route-map set_nexthop_vip_transit3
seq 10
policy permit
set
ip
next-hop 3.3.3.4
..
..
..
..
route-map set_nexthop_vip_internal
seq 10
policy permit
set
ip
next-hop 172.16.100.5
..
..
..
..
bgp
..
..
Here is the full configuration of one of the provider edges: PE1
pe1-vm running config# show config nodefault
vrf main
routing
ospf
router-id 172.16.200.3
abr-type standard
log-adjacency-changes detail
network 172.16.100.0/24 area 0
redistribute connected
..
bgp
as 65200
packet-rw-quantum
write 10
..
router-id 172.16.200.3
address-family
ipv4-unicast
network 200.200.210.0/24
..
..
..
neighbor 172.16.200.4
remote-as 65200
neighbor-description PE2
update-source loopback0
address-family
ipv4-unicast
soft-reconfiguration-inbound true
..
..
..
neighbor 172.16.200.2
remote-as 65200
neighbor-description border2
update-source loopback0
address-family
ipv4-unicast
route-map in route-map-name set_pref_100_border2
soft-reconfiguration-inbound true
..
..
..
neighbor 172.16.200.1
remote-as 65200
neighbor-description border1
update-source loopback0
address-family
ipv4-unicast
route-map in route-map-name set_pref_150_border1
soft-reconfiguration-inbound true
..
..
..
..
..
interface
physical core
port pci-b0s5
rx-cp-protection true
tx-cp-protection true
ipv4
address 172.16.100.3/24
..
ethernet
auto-negotiate true
..
..
loopback loopback0
ipv4
address 172.16.200.3/32
..
..
..
..
vrf mgmt
interface
physical ens3
port pci-b0s3
ipv4
dhcp
..
..
..
..
..
system
fast-path
port pci-b0s5
..
license
online
serial XXXXXXXXXXXXXXXX
vrf mgmt
..
..
..
routing
route-map set_pref_150_border1
seq 10
policy permit
set
local-preference 150
..
..
..
route-map set_pref_100_border2
seq 10
policy permit
set
local-preference 100
..
..
..
bgp
..
..
Here is the full configuration of one of the transit routers: transit1
transit1-vm running config# show config nodefault
vrf main
routing
bgp
as 100
packet-rw-quantum
write 10
..
router-id 5.5.5.5
address-family
ipv4-unicast
network 217.151.210.0/24
..
..
..
neighbor 1.1.1.2
remote-as 65200
address-family
ipv4-unicast
route-map out route-map-name TRANSIT1-OUT
soft-reconfiguration-inbound true
..
ipv6-unicast
..
..
..
neighbor 1.1.1.3
remote-as 65200
address-family
ipv4-unicast
route-map out route-map-name TRANSIT1-OUT
soft-reconfiguration-inbound true
..
ipv6-unicast
..
..
..
neighbor 100.100.100.1
remote-as 65000
address-family
ipv4-unicast
soft-reconfiguration-inbound true
..
..
..
..
..
interface
physical internet
port pci-b0s4
ipv4
address 100.100.100.10/24
..
ethernet
auto-negotiate true
..
..
physical border
port pci-b0s5
ethernet
auto-negotiate true
..
..
vlan vlan1
description vlan1
ipv4
address 1.1.1.1/24
..
vlan-id 1
link-interface border
..
loopback lo0
ipv4
address 217.151.210.1/24
..
..
..
ssh-server
..
..
vrf mgmt
interface
physical ens3
port pci-b0s3
ipv4
dhcp
..
..
..
..
..
system
fast-path
port pci-b0s4
port pci-b0s5
..
license
online
serial XXXXXXXXXXXXXXXX
vrf mgmt
..
..
..
routing
ipv4-prefix-list youtube
seq 10 address 216.239.60.0/24 policy permit
..
ipv4-prefix-list netflix
seq 10 address 37.77.186.0/24 policy permit
..
ipv4-prefix-list others
seq 10 address 216.239.60.0/24 policy deny
seq 20 address 37.77.186.0/24 policy deny
seq 30 policy permit
..
route-map TRANSIT1-OUT
seq 10
policy permit
match
ip
address
prefix-list youtube
..
..
..
..
seq 20
policy permit
match
ip
address
prefix-list netflix
..
..
..
set
as-path
prepend
asn 10
100
..
asn 20
100
..
..
..
..
..
seq 30
policy permit
match
ip
address
prefix-list others
..
..
..
set
as-path
prepend
asn 10
100
..
..
..
..
..
..
..