Interoperability IP Infusion OcNOS and Cisco IOS XE

Interoperability IP Infusion OcNOS and Cisco

In our previous post we talked about interoperability between IP Infusion’s OcNOS and Cisco IOS XR

To continue our interoperability testing, in this article, we examine how well IP Infusion’s OcNOS and Cisco’s IOS XE work together, testing key protocols like ISIS, Segment Routing MPLS, MP-BGP, L3VPN, EVPN/VPWS, and EVPN/VPLS.

We’ll start by setting up the IGP, using ISIS in conjunction with Segment Routing MPLS.

OcNOS  ISIS Configuration

router isis OCNOS
 is-type level-2-only
 metric-style wide
 mpls traffic-eng router-id 185.100.22.174
 mpls traffic-eng level-2
 dynamic-hostname
 net 49.1010.0100.4200.5003.00
 isis segment-routing global block 16000 23999
 segment-routing mpls

interface xe46
 description To cisco asr920 XE Te0/0/25
 ip address 10.10.10.5/30
 mtu 9200
 label-switching
 isis network point-to-point
 isis circuit-type level-2-only
 ip router isis OCNOS
 no isis hello padding
!
interface lo
 ip address 185.100.22.174/32 secondary
 prefix-sid index 1003
 ip router isis OCNOS
!

Cisco IOS XE  ISIS Configuration

!
interface Loopback0
 ip address 10.42.5.55 255.255.255.255
!

interface TenGigabitEthernet0/0/25
 description To Ocnos xe46  mtu 9200
 ip address 10.10.10.6 255.255.255.252
 ip router isis OCNOS
 isis network point-to-point
 isis metric 100 level-1
 isis metric 100 level-2
!

router isis OCNOS
 net 49.0141.0100.4200.5555.00
 metric-style wide
 segment-routing mpls
 redistribute isis ip level-2 into level-1 route-map L2_TO_L1
 passive-interface Loopback0
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
!

As you can see, we enabled Segment Routing MPLS within the IS-IS router configuration and assigned a prefix-SID to the loopback interface.

Note that MPLS forwarding is enabled on IS-IS interfaces on the OcNOS.

The state of the ISIS adjacency can be confirmed by executing the show clns neighbors command on the OcNOS

show clns neighbor
The neighbot LAB-ASR920-XE is UP

Now let’s take a look at the active IPV4 segment routing mappings

show isis neighbors

And here we see the MPLS forwarding table on OcNOS.

We also verify the same on the Cisco. Note that the commands are slightly different but very similar.

The state of the ISIS neighbor OcNOS is UP.
show isis segment-routing SID-to-pfx-map
And here we see the label mapping information related to segment routing
MPLS forwarding table on Cisco XE

Now let’s jump to MP-BGP configuration.

In our case we use activate 2 types of address families:

  1. VPNV4, used to exchange routing information for IPv4 prefixes in the context of Virtual Private Networks (VPNs). VPNV4 address-family is used for L3VPN, not shown in this article but will be shown in a future article.
  2. L2VPN EVPN, used to exchange routing and reachability information for Layer 2 services, specifically Ethernet VPNs, in the context of Virtual Private Networks (VPNs).

OcNOS BGP Configuration

router bgp 65055
 bgp router-id 185.100.22.174
 neighbor 10.42.5.42 remote-as 65055
 neighbor 10.42.5.42 update-source lo
 !
 address-family vpnv4 unicast
 neighbor 10.42.5.42 activate
 exit-address-family
 !
 address-family l2vpn evpn
 neighbor 10.42.5.42 activate
 exit-address-family
 !
 address-family ipv4 vrf L3VPN
 redistribute connected
 exit-address-family
!

Cisco IOS XE BGP Configuration

LAB_ASR920-XE#show running-config | section router bgp
router bgp 65055
 bgp router-id interface Loopback0
 bgp log-neighbor-changes
 neighbor 10.42.5.42 remote-as 65055
 neighbor 10.42.5.42 update-source Loopback0
 !
 address-family vpnv4
  neighbor 10.42.5.42 activate
  neighbor 10.42.5.42 send-community both
 exit-address-family
 !
 address-family l2vpn evpn
  neighbor 10.42.5.42 activate
  neighbor 10.42.5.42 send-community both
 exit-address-family
 !
 address-family ipv4 vrf L3VPN
  redistribute connected
 exit-address-family

Now let’s take a look at the OCNOS BGP neighbors’ table

BGP session is established between OcNOS and Cisco IOS XE

Let’s take a look at the Cisco’s BGP neighbors’ table

Now we can start the EVPN-VPWS configuration

OcNOS EVPN-VPWS Configuration

hardware-profile filter evpn-mpls-cw enable
!
evpn mpls enable
!
mac vrf EVPN-VPWS
 rd 185.100.22.174:65055
 route-target both 65055:1
!
evpn mpls vtep-ip-global 185.100.22.174
!
evpn mpls id 1 xconnect target-mpls-id 2 control-word
 host-reachability-protocol evpn-bgp EVPN-VPWS
!
interface xe9
 speed 1g
!
interface xe9.100 switchport
 encapsulation default
 access-if-evpn
map vpn-id 1
!

The control-word is enabled by default on the Cisco IOS XE and disabled by default on the OcNOS. For the service to work both sides should match. Therefore we have enabled the control-word on the OcNOS.
Note that enabling evpn mpls and the control-word requires a reboot of the router.

Cisco IOS XE EVPN-VPWS Configuration

interface GigabitEthernet0/0/1
 no ip address
 negotiation auto
 no keepalive
 service instance 1 ethernet
  encapsulation default
 !
!
l2vpn evpn instance 2 point-to-point
 rd 10.42.5.55:65055
 route-target export 65055:1
 route-target import 65055:1
 vpws context EVPN-VPWS
  service target 1 source 2
  member GigabitEthernet0/0/1 service-instance 1
 !
!

The configuration above should be sufficient to get the EVPN-VPWS up and running.

To verify the service let’s try to ping between the two PCs:

  • PC1 IP address:168.100.1/24
  • PC1 MAC address: 50-7B-9D-40-43-55
  • PC2 IP address:168.100.2/24
  • PC2 MAC address: 10-7B-44-9E-BE-A7
Interface configuration of PC1
Ping result from PC1 to PC2

To verify that the control-word is exchanged between the 2 devices, we mirrored the traffic on the link between the two routers and took a packet capture.

Capture on OcNOS interface xe46 direction OcNOS -> ASR920. Notice the control-word.
Capture on OcNOS interface xe46 direction ASR920 -> OcNOS

Now let’s try the EVPN-VPLS configuration

OcNOS Configuration

!
evpn mpls enable
!
mac vrf EVPN-VPLS
 evpn-vlan-service vlan-based
 rd 185.100.22.174:2
 route-target both 65055:2
!
evpn mpls vtep-ip-global 185.100.22.174
!
evpn mpls id 3000
 host-reachability-protocol evpn-bgp EVPN-VPLS
!

interface xe9.100 switchport
 encapsulation default
 access-if-evpn
  arp-cache disable
  nd-cache disable
  map vpn-id 3000
!

Cisco Configuration

!
l2vpn evpn
 replication-type ingress
 mpls label mode per-ce
 router-id Loopback0
!
l2vpn evpn instance 4000 vlan-based
 rd 10.42.5.55:3000
 route-target export 65055:2
 route-target import 65055:2
!
bridge-domain 3000
 member GigabitEthernet0/0/1 service-instance 3000
 member evpn-instance 4000
!

interface GigabitEthernet0/0/1
 no ip address
 negotiation auto
 no keepalive
 service instance 3000 ethernet
  encapsulation untagged
 !
!

Now let’s verify our configuration on OcNOS

The tunnel is installed.
Mac-IP route for remote PC is learned via BGP.

Now on the Cisco IOS XE

The tunnel is established.
We can see the EVPN prefixes.

To verify the EVPN-VPLS service, we will do a ping test between the two PCs:

  • PC1 IP address:168.100.1/24
  • PC1 MAC address: 50-7B-9D-40-43-55
  • PC2 IP address:168.100.2/24
  • PC2 MAC address: 10-7B-44-9E-BE-A7
PC1 ethernet interface configuration
Ping from PC1 to PC2 is successful
PC1 is learning the MAC address of PC2 via the VPLS
Capture of ping from PC1 to PC2 interface xe46 on the OcNOS. We can see the MPLS label.

To summarize, this lab test was pretty straightforward. ISIS, SR and BGP worked from the first try. EVPN-VPWS configuration took us a bit longer than expected since the IOS XE had the control-world enabled by default and on the OcNOS it is disabled by default. This mismatch caused traffic not to be forwarded in the tunnel. Once we enabled the control-word on the OcNOS, the traffic was forwarded between the two ends.

We hope you find this article enlightening. Feel free to leave us your comments or questions. 

Continue to join us for future networking adventures!