Verify OSPF Routing

Verify the current OSPF configuration for IPv4 networks. Verify that OSPF is
configured for process ID 1, in Area 0, and check that OSPF runs in the
following interfaces: Loopback0
show ip ospf interface brief

PE_1#show ip ospf interface brief

Interface PID Area IP Address/Mask Cost State Nbrs
F/C
Lo0 1 0 10.0.0.1/32 1 LOOP 0/0
Et0/1 1 0 10.10.15.1/24 10 P2P 1/1
Et0/0 1 0 10.10.14.1/24 10 P2P 1/1

List the routers that have established full OSPF adjacency to the PE1 router.
Verify neighbors’ ID, adjacency state, and the local interface to which they
connect.
show ip ospf neighbor

PE_1#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address

Interface
10.0.0.5 0 FULL/ - 00:00:34 10.10.15.5
Ethernet0/1
10.0.0.4 0 FULL/ - 00:00:32 10.10.14.4
Ethernet0/0

Verify the current state of the routing table and filter only the routes that the
OSPF protocol learned. Confirm that all networks on the WAN and loopback
interfaces are listed.
show ip route ospf
 PE_1#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B -
BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
level-2
ia - IS-IS inter area, * - candidate default, U - per-user
static route
o - ODR, P - periodic downloaded static route, H - NHRP, l -
LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 14 subnets, 2 masks

O 10.0.0.2/32 [110/45] via 10.10.15.5, 00:12:54, Ethernet0/1
O 10.0.0.3/32 [110/45] via 10.10.15.5, 00:12:54, Ethernet0/1
O 10.0.0.4/32 [110/11] via 10.10.14.4, 00:45:30, Ethernet0/0
O 10.0.0.5/32 [110/11] via 10.10.15.5, 00:45:30, Ethernet0/1
O 10.0.0.6/32 [110/21] via 10.10.15.5, 00:45:20, Ethernet0/1
O 10.10.45.0/24 [110/20] via 10.10.15.5, 00:45:30, Ethernet0/1
[110/20] via 10.10.14.4, 00:45:30, Ethernet0/0
O 10.10.56.0/24 [110/20] via 10.10.15.5, 00:45:30, Ethernet0/1
O 10.10.236.0/24 [110/68] via 10.10.15.5, 00:12:54,
Ethernet0/1
O 10.10.236.6/32 [110/20] via 10.10.15.5, 00:45:20,
Ethernet0/1

Return to PE1 and verify IP connectivity to remote IP address on the

Loopback 0 interfaces. Make sure to use the IP address on Loopback0 on
local router as the source for your testing packets.
ping
 PE_1#ping 10.0.0.4 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.4, timeout is 2 seconds:
Packet sent with a source address of 10.0.0.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

PE_1#ping 10.0.0.3 source loopback 0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.3, timeout is 2 seconds:
Packet sent with a source address of 10.0.0.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

PE_1#ping 10.0.0.2 source loopback 0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
Packet sent with a source address of 10.0.0.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

Verify MPLS
In this task, you will verify the MPLS operation within the core infrastructure.
Test your knowledge of IP connectionless network forwarding using
connection-oriented, end-to-end LSPs. This is part of the section on MPLS in
the IP network core chapter.

Use the show mpls interfaces command to display information about one or
more interfaces that are configured for MPLS. Observe that LDP is used for
label distribution.

PE_1#show mpls interfaces

Interface IP Tunnel BGP Static Operational
Ethernet0/0 Yes (ldp) No No No Yes
Ethernet0/1 Yes (ldp) No No No Yes

R_Reflector>show mpls interfaces

Interface IP Tunnel BGP Static Operational
Ethernet0/0 Yes (ldp) No No No Yes
Ethernet0/1 Yes (ldp) No No No Yes

PE_2>show mpls interfaces

Interface IP Tunnel BGP Static Operational
Ethernet0/0 Yes (ldp) No No No Yes
Ethernet0/1 Yes (ldp) No No No Yes
Ethernet0/2 Yes (ldp) No No No Yes

P_DMVPN_Hub>show mpls interfaces

 Interface IP Tunnel BGP Static Operational
Ethernet0/0 Yes (ldp) No No No Yes
Tunnel0 Yes (ldp) No No No Yes

PE2_Dspoke>show mpls interfaces

Interface IP Tunnel BGP Static Operational
Tunnel0 Yes (ldp) No No No Yes

PE3_Dspoke>show mpls interfaces

Interface IP Tunnel BGP Static Operational
Tunnel0 Yes (ldp) No No No Yes

Verify the status of the LDP discovery process. Verify that PE1 has two
directly connected LDP neighbors. Observe that all routers use the IP
address in Loopback0 as the LDP router ID. Also, identify the interfaces in
which the neighbors have been discovered.

Use the show mpls ldp discovery command to verify both link discovery and
targeted discovery.

PE_1#show mpls ldp discovery

Local LDP Identifier:
10.0.0.1:0
Discovery Sources:
Interfaces:
Ethernet0/0 (ldp): xmit/recv
LDP Id: 10.0.0.4:0
Ethernet0/1 (ldp): xmit/recv
LDP Id: 10.0.0.5:0
P_DMVPN_Hub>show mpls ldp discovery
Local LDP Identifier:
10.0.0.6:0
Discovery Sources:
Interfaces:
Ethernet0/0 (ldp): xmit/recv
LDP Id: 10.0.0.5:0
Tunnel0 (ldp): xmit

PE2_Dspoke>show mpls ldp discovery

Local LDP Identifier:
10.0.0.2:0
Discovery Sources:
Interfaces:
Tunnel0 (ldp): xmit
PE3_Dspoke>show mpls ldp discovery
Local LDP Identifier:
10.0.0.3:0
Discovery Sources:
Interfaces:
Tunnel0 (ldp): xmit
Use the show mpls forwarding-table command to verify the content of the
MPLS LFIB table. Observe how MPLS handles the MPLS packets on DMVPN
Hub.

P_DMVPN_Hub#show mpls forwarding-table 10.0.0.3

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface

18 Pop Label 10.0.0.3/32 14960 Tu0

10.10.236.3

Verify MP-BGP
In this task, you will verify the MP-BGP operation within the service provider
WAN infrastructure and the tables it builds to provide IP network
connectivity.

Display detailed neighbor adjacency information.

Use the show bgp all neighbors command on the routers to display
detailed information about BGP connections to neighbors for all
(IPv4)address families.

PE_1#show ip bgp all

For address family: IPv4 Unicast

For address family: VPNv4 Unicast

BGP table version is 11, local router ID is 10.0.0.1

Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale, m multipath, b backup-path, f
RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 100:65001 (default for vrf ALPHA)
*> 172.16.18.0/24 0.0.0.0 0 32768 ?
*>i 172.16.123.0/24 10.0.0.3 0 100 0 ?
*>i 172.16.210.0/24 10.0.0.2 0 100 0 ?
Route Distinguisher: 100:65002 (default for vrf DELTA)
*> 172.16.19.0/24 0.0.0.0 0 32768 ?
*>i 172.16.133.0/24 10.0.0.3 0 100 0 ?
*>i 172.16.211.0/24 10.0.0.2 0 100 0 ?
R_Reflector>show ip bgp all
For address family: IPv4 Unicast

For address family: VPNv4 Unicast

BGP table version is 7, local router ID is 10.0.0.4

Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale, m multipath, b backup-path, f
RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 100:65001
*>i 172.16.18.0/24 10.0.0.1 0 100 0 ?
*>i 172.16.123.0/24 10.0.0.3 0 100 0 ?
*>i 172.16.210.0/24 10.0.0.2 0 100 0 ?
Route Distinguisher: 100:65002
*>i 172.16.19.0/24 10.0.0.1 0 100 0 ?
*>i 172.16.133.0/24 10.0.0.3 0 100 0 ?
*>i 172.16.211.0/24 10.0.0.2 0 100 0 ?

PE2_Dspoke>show ip bgp all

For address family: IPv4 Unicast

For address family: VPNv4 Unicast

BGP table version is 11, local router ID is 10.0.0.2

Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale, m multipath, b backup-path, f
RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 100:65001 (default for vrf ALPHA)
*>i 172.16.18.0/24 10.0.0.1 0 100 0 ?
*>i 172.16.123.0/24 10.0.0.3 0 100 0 ?
*> 172.16.210.0/24 0.0.0.0 0 32768 ?
Route Distinguisher: 100:65002 (default for vrf DELTA)
*>i 172.16.19.0/24 10.0.0.1 0 100 0 ?
*>i 172.16.133.0/24 10.0.0.3 0 100 0 ?
*> 172.16.211.0/24 0.0.0.0 0 32768 ?
PE3_Dspoke#show ip bgp all
For address family: IPv4 Unicast

For address family: VPNv4 Unicast

BGP table version is 11, local router ID is 10.0.0.3

Status codes: s suppressed, d damped, h history, * valid, > best, i -
 internal,
r RIB-failure, S Stale, m multipath, b backup-path, f
RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 100:65001 (default for vrf ALPHA)
*>i 172.16.18.0/24 10.0.0.1 0 100 0 ?
*> 172.16.123.0/24 0.0.0.0 0 32768 ?
*>i 172.16.210.0/24 10.0.0.2 0 100 0 ?
Route Distinguisher: 100:65002 (default for vrf DELTA)
*>i 172.16.19.0/24 10.0.0.1 0 100 0 ?
*> 172.16.133.0/24 0.0.0.0 0 32768 ?
*>i 172.16.211.0/24 10.0.0.2 0 100 0 ?

Verify VRF connectivity to branch sites

Use the show vrf detail Alpha and Delta command to display information for
the VRF named Alpha. Observe the RD and RT values. Also observe that two
Loopback interfaces (Loopback0 and Loopback2) and first interfaces are
assigned to this VRF.

PE_1#show vrf detail DELTA

VRF DELTA (VRF Id = 2); default RD 100:65002; default VPNID <not set>
New CLI format, supports multiple address-families
Flags: 0x180C
Interfaces:
Et0/3
Address family ipv4 unicast (Table ID = 0x2):
Flags: 0x0
Export VPN route-target communities
RT:100:65002
Import VPN route-target communities
RT:100:65002
No import route-map
No global export route-map
No export route-map
VRF label distribution protocol: not configured
VRF label allocation mode: per-prefix
Address family ipv6 unicast not active
Address family ipv4 multicast not active

PE_1#show vrf detail ALPHA

VRF ALPHA (VRF Id = 1); default RD 100:65001; default VPNID <not set>
New CLI format, supports multiple address-families
Flags: 0x180C
Interfaces:
 Et0/2
Address family ipv4 unicast (Table ID = 0x1):
Flags: 0x0
Export VPN route-target communities
RT:100:65001
Import VPN route-target communities
RT:100:65001
No import route-map
No global export route-map
No export route-map
VRF label distribution protocol: not configured
VRF label allocation mode: per-prefix
Address family ipv6 unicast not active
Address family ipv4 multicast not active

PE_1#show bgp vpnv4 unicast ?

all Display information about all VPN NLRIs
rd Display information for a route distinguisher
vrf Display information for a VPN Routing/Forwarding instance

PE_1#show bgp vpnv4 unicast vrf ALPHA

BGP table version is 11, local router ID is 10.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale, m multipath, b backup-path, f
RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 100:65001 (default for vrf ALPHA)
*> 172.16.18.0/24 0.0.0.0 0 32768 ?
*>i 172.16.123.0/24 10.0.0.3 0 100 0 ?
*>i 172.16.210.0/24 10.0.0.2 0 100 0 ?

PE_1#show bgp vpnv4 unicast vrf DELTA

BGP table version is 11, local router ID is 10.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale, m multipath, b backup-path, f
RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 100:65002 (default for vrf DELTA)
*> 172.16.19.0/24 0.0.0.0 0 32768 ?
*>i 172.16.133.0/24 10.0.0.3 0 100 0 ?
*>i 172.16.211.0/24 10.0.0.2 0 100 0 ?
You can verify the connectivity from ALPHA_HQ to Alpha Site 2

ALPHA#traceroute 192.168.20.1 source 192.168.10.1

Type escape sequence to abort.
Tracing the route to 192.168.20.1
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.18.1 [AS 100] 1 msec 0 msec 1 msec
2 10.10.15.5 [MPLS: Labels 20/27 Exp 0] 1 msec 1 msec 2 msec
3 10.10.56.6 [MPLS: Labels 19/27 Exp 0] 1 msec 5 msec 1 msec
4 172.16.210.2 [AS 100] [MPLS: Label 27 Exp 0] 3 msec 3 msec 2 msec
5 172.16.210.10 [AS 100] 2 msec * 2 msec

Verify DMVPN Connectivity

Use the show dmvpn command to verify proper operation of DMVPN

control functions.
 P_DMVPN_Hub#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel0, IPv4 NHRP Details

Type:Hub, NHRP Peers:2,

# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 1.1.27.2 10.10.236.2 UP 00:50:51 D
1 1.1.37.3 10.10.236.3 UP 00:50:52 D

Use the show ip nhrp tu0 command to display NHRP-mapping information

on a device.

P_DMVPN_Hub#show ip nhrp tu0

10.10.236.2/32 via 10.10.236.2
Tunnel0 created 00:54:12, expire 01:45:47
Type: dynamic, Flags: unique registered used nhop
NBMA address: 1.1.27.2
10.10.236.3/32 via 10.10.236.3
Tunnel0 created 00:54:13, expire 01:45:46
Type: dynamic, Flags: unique registered used nhop
NBMA address: 1.1.37.3

P_DMVPN_Hub#show ip nhrp tu 0 brief

Target Via NBMA Mode Intfc Claimed
10.10.236.2/32 10.10.236.2 1.1.27.2 dynamic Tu0 <
>
10.10.236.3/32 10.10.236.3 1.1.37.3 dynamic Tu0 <
>

Use the show crypto isakmp sa command to verify IPsec Tunnels

P_DMVPN_Hub#show crypto isakmp sa

IPv4 Crypto ISAKMP SA
dst src state conn-id status
1.1.67.6 1.1.37.3 QM_IDLE 1001 ACTIVE
1.1.67.6 1.1.27.2 QM_IDLE 1002 ACTIVE