MPLS-VPN

L3MPLS VPN

Definitions:

VRF – Virtual Routing Instance. Its an Instance of a routing table – Each customer has their own VRF defined with different definitions of RD and RT

Route Distinguisher (RD); Used to uniquely identify routes belonging to a particular VRF.

Route Targets (RT); Used to specify how routes are imported and exported from VRF.

MP-BGP; Multiprotocol BGP- Used to carry BGP routes and VPN routes between PE Routers.

Setup:

Required; VPN to interconnect Head office to a branch office.

1. Define VRF, RD and RT

VRF = Trust-Bank

Route Distinguisher (RD): 37027:20

Route Targets (RT): 37027:20

PE1(config)#ip vrf Trust-Bank

PE1(config-vrf)#rd 37027:20

PE1(config-vrf)#route-target both 37027:20

2. Enable VRF on the client facing interface on the PE routers and assign IP to be used to communicate to CE

VRF = Trust-Bank

R1(config)# int fastEthernet 0/0

R1(config-if)# ip vrf forwarding Trust-Bank

R1(config-if)# ip add 192.168.2.1 255.255.255.252

R1(config-if)# no shut

3. Configure MP-BGP Between PEs To Carry MPLS-VPN Routes

PE1(config)#router bgp 37027

PE1(config-router)#neighbor 3.3.3.3 remote-as 37027

PE1(config-router)#neighbor 3.3.3.3 update-source loopback 0

PE1(config-router)#address-family vpnv4

PE1(config-router-af)#neighbor 3.3.3.3 activate

With above configuration, an address family for each vrf is automatically generated.

address-family ipv4 vrf Customer_B

PE1# show bgp vpnv4 unicast all summary

3. Configure MP-BGP Between PEs To Carry MPLS-VPN Routes

With above configuration, an address family for each vrf is automatically generated.

!

address-family ipv4 vrf Trust-Bank

no synchronization

exit-address-family

Above address family Automatically generated is used for route exchange between PE and CE

4. PE to CE Routing (PE - Config)

This is achieved by an IGP between PE and CE attached to it.

PE1(config)#router ospf 2 vrf Trust-Bank

PE1(config-router)#router-id 192.168.2.1

PE1(config-router)#exit

PE1(config)#int fastEthernet 0/0

PE1(config-if)#ip ospf 2 area 0

PE1# show ip route vrf Trust-Bank

4. PE to CE Routing (CE - Config)

This is achieved by an IGP between PE and CE attached to it.

CE1(config)#router ospf 2

CE1(config-router)#router-id 192.168.2.2

CE1(config-router)#interface fa0/0

CE1(config-if)#ip ospf 2 area 0

CE1(config-if)#ip add 192.168.2.2 255.255.255.252

CE1(config-if)#no shut

5.Confirm PE to CE Routing;

This is achieved by an IGP between PE and CE attached to it.

---------------------------------------------------------------------------------------------

PE1#show ip route vrf Trust-Bank

Gateway of last resort is not set

6.0.0.0/32 is subnetted, 1 subnets

O 6.6.6.6 [110/2] via 192.168.2.2, 00:00:18, FastEthernet0/0

192.168.2.0/30 is subnetted, 1 subnets

C 192.168.2.0 is directly connected, FastEthernet0/0

---------------------------------------------------------------------------------------------

5.Confirm PE to CE Routing

This is achieved by an IGP between PE and CE attached to it.

---------------------------------------------------------------------------------------------

CE1#show ip ospf

*Jun 2 13:43:08.327: %OSPF-5-ADJCHG: Process 2, Nbr 192.168.2.1 on FastEthernet0/0 from LOADING to FULL, Loading Done

R6#show ip ospf nei

Neighbor ID Pri State Dead Time Address Interface

192.168.2.1 1 FULL/DR 00:00:38 192.168.2.1 FastEthernet0/0

---------------------------------------------------------------------------------------------

6.Redistribute routes Between MP-BGP and IGP to Customer;

a). Ridistribute to MP-BGP

R1(config)#router bgp 37027

R1(config-router)# address-family ipv4 vrf Trust-Bank

R1(config-router-af)#redistribute ospf 2

R1#show ip bgp vpnv4 vrf Trust-Bank

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 37027:20 (default for vrf Trust-Bank)

*> 6.6.6.6/32 192.168.2.2 2 32768 ?

*> 192.168.2.0/30 0.0.0.0 0 32768 ?

6.Redistribute routes Between MP-BGP and IGP to Customer;

b). Ridistribute to IGP (OSPF)

PE1(config)#router ospf 2 vrf Trust-Bank

PE1(config-router)#redistribute bgp 37027 subnet

Confirm routes from the branch are on Branch CE

>> CE1#show ip route

Confirm interbranch communication using ping

>> CE1# ping 192.168.0.2

Why L3MPLS for VPN ?

Highly Scalable!

END.

Comments

Post a Comment

Popular posts from this blog

MPLS - L2MPLS / L2 Circuits

Image
L2MPLS L2 Circuits Before MPLS MPLS Enabled Core: Required: Head office and Branch office to be interconnected on L2 which is of full redundancy on Service Provider Core Network Configuration: 1. Select VLAN to use for the circuit. For our case we assign VLAN 200 note: Configuration only done on Edge Devices (PE) 2.Configure on PE-1 Defining presudowire class to MPLS; #pseudowire-class ethernet-port encapsulation mpls #exit Note: fa0/0 is the interface facing HQ #show run int fa0/0.200 #interface FastEthernet0/0.200 #encapsulation dot1Q 200 #xconnect 3.3.3.3 200 pw-class ethernet-port 3. Configure on PE-3: Defining presudowire class to MPLS; #pseudowire-class ethernet-port #encapsulation mpls #exit Note: fa0/0 is the interface facing HQ # no shut #interface FastEthernet0/0.200 #encapsulation dot1Q 200 #Xconnect 1.1.1.1 200 pw-class ethernet-port Troubleshooting; Make sure that the CEF is enabled ...
Read more

Linux Box as a DHCP Server

Image
Operating System: Centos 6.3 In this setup, client machines on the LAN are assigned IP addresses automatically unlike the previous setup where IP addresses were being assigned manually. To configure; Install dhcp package via terminal; [root@telweb]#  yum install dhcp* -y Copy the available sample dhcp configuration at /usr/share/doc/dhcp* [root@telweb]#  Cd  /usr/share/doc/dhcp* [root@telweb]#  Cp dhcpd.conf.sample /etc/dhcp/dhcpd.conf If asked to replace the existing dhcpd.conf at /etc/dhcp/ , answer with an yes. To configure the dhcp, edit the file /etc/dhcp/dhcp.conf [root@telweb]#  Vi /etc/dhcp/dhcpd.conf Go to the section highlighted below and edit it to suit your network; -------------------------------------------------------------------------------------------------------------------- # A slightly different configuration for an internal subnet. subnet  192.168.2.0  netmask  255.255.255.0  {   range...
Read more