Basic MPLS L3 VPN

This lab is according to A small MPLS VPN tutorial (by Alexandre Ribeiro, alexandregomesribeiro@gmail.com) pdf file.

Step1: IGP configuration inside the MPLS backbone
Step2: Basic MPLS configuration
Step3: VRF configuration
Step4: MP-BGP configuration
Step5: IGP configuration between CE and PE
Step6: Redistribute IGP route between CE and PE to MP-BGP
Step7: Verify connectivity between CEs

Using IOS - (C3660-JK9O3S-M)

MPLS VPN Cheatsheet

Basic VPN

Detail Config ::

P_router

P_router#sh running-config 
Building configuration...

Current configuration : 1109 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname P_router
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
ip cef
no ip domain lookup
!      
!
mpls label range 100 199
!
interface Loopback0
 ip address 172.16.1.1 255.255.255.255
 ip ospf network point-to-point
!
interface FastEthernet0/0
 description P_router_to_PE_A
 ip address 192.168.1.2 255.255.255.252
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 description P_router_to_PE_B
 ip address 192.168.1.5 255.255.255.252
 duplex auto
 speed auto
 mpls ip
!
router ospf 1
 log-adjacency-changes
 network 172.16.0.0 0.0.255.255 area 0
 network 192.168.1.0 0.0.0.255 area 0
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
end
===================================================================

PE_A#sh running-config
Building configuration...

Current configuration : 2171 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE_A
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
ip cef
no ip domain lookup     
ip vrf siteA
 rd 100:1
 route-target export 100:1
 route-target import 100:1
!
ip vrf siteB
 rd 100:2
 route-target export 100:2
 route-target import 100:2
!
mpls label range 200 299
!
interface Loopback0
 ip address 172.16.1.2 255.255.255.255
 ip ospf network point-to-point
!
interface FastEthernet0/0
 description PE_A_to_P_router
 ip address 192.168.1.1 255.255.255.252
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 description PE_A_to_SiteA1
 ip vrf forwarding siteA
 ip address 10.1.1.2 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet1/0
 description PE_A_to_SiteB1
 ip vrf forwarding siteB
 ip address 10.1.1.2 255.255.255.252
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 172.16.0.0 0.0.255.255 area 0
 network 192.168.1.0 0.0.0.255 area 0
!
router rip
 !
 address-family ipv4 vrf siteB
 redistribute bgp 100 metric 1
 network 10.0.0.0
 no auto-summary
 version 2
 exit-address-family
 !
 address-family ipv4 vrf siteA
 redistribute bgp 100 metric 1
 network 10.0.0.0
 no auto-summary
 version 2
 exit-address-family
!
router bgp 100
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 172.16.1.3 remote-as 100
 neighbor 172.16.1.3 update-source Loopback0
 !
 address-family vpnv4
 neighbor 172.16.1.3 activate
 neighbor 172.16.1.3 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf siteB
 redistribute rip metric 1
 no synchronization
 exit-address-family
 !
 address-family ipv4 vrf siteA
 redistribute rip metric 1
 no synchronization
 exit-address-family
!
no ip http server
no ip http secure-server
!

control-plane
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end
======================================================================

PE_B#sh running-config 
Building configuration...

Current configuration : 2143 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE_B
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
ip cef
no ip domain lookup
!     
ip vrf siteA
 rd 100:1
 route-target export 100:1
 route-target import 100:1
!
ip vrf siteB
 rd 100:2
 route-target export 100:2
 route-target import 100:2
!
!
mpls label range 300 399
!
interface Loopback0
 ip address 172.16.1.3 255.255.255.255
 ip ospf network point-to-point
!
interface FastEthernet0/0
 description PE_B_to_P_router
 ip address 192.168.1.6 255.255.255.252
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 description PE_B_to_SiteB2
 ip vrf forwarding siteA
 ip address 10.1.1.6 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip vrf forwarding siteB
 ip address 10.1.1.6 255.255.255.252
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 172.16.0.0 0.0.255.255 area 0
 network 192.168.1.0 0.0.0.255 area 0
!
router rip
 !
 address-family ipv4 vrf siteB
 redistribute bgp 100 metric 1
 network 10.0.0.0
 no auto-summary
 version 2
 exit-address-family
 !
 address-family ipv4 vrf siteA
 redistribute bgp 100 metric 1
 network 10.0.0.0
 no auto-summary
 version 2
 exit-address-family
!
router bgp 100
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 172.16.1.2 remote-as 100
 neighbor 172.16.1.2 update-source Loopback0
 !
 address-family vpnv4
 neighbor 172.16.1.2 activate
 neighbor 172.16.1.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf siteB
 redistribute rip metric 1
 no synchronization
 exit-address-family
 !
 address-family ipv4 vrf siteA
 redistribute rip metric 1
 no synchronization
 exit-address-family
!
no ip http server
no ip http secure-server
!

control-plane

line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
end
================================================================

Site_A1#sh running-config 
Building configuration...

Current configuration : 948 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Site_A1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
interface Loopback0
 ip address 192.168.1.1 255.255.255.255
!
interface FastEthernet0/0
 description SiteA1_to_PE_A
 ip address 10.1.1.1 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router rip
 version 2
 network 10.0.0.0
 network 192.168.1.0
 no auto-summary
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end
=============================================================
Site_A2#sh running-config 
Building configuration...

Current configuration : 948 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Site_A2
!
boot-start-marker
boot-end-marker
!
interface Loopback0
 ip address 192.168.2.1 255.255.255.255
!
interface FastEthernet0/0
 description SiteA2_to_PE_A
 ip address 10.1.1.5 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router rip
 version 2
 network 10.0.0.0
 network 192.168.2.0
 no auto-summary
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end
==================================================================
Site_B1#sh running-config 
Building configuration...

Current configuration : 927 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Site_B1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
!
ip cef
no ip domain lookup
!
interface Loopback0
 ip address 192.168.1.1 255.255.255.255
!
interface FastEthernet0/0
 description SiteB1_to_PE_A
 ip address 10.1.1.1 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router rip
 version 2
 network 10.0.0.0
 no auto-summary
!
no ip http server
no ip http secure-server
!
!
control-plane
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end
================================================================
Site_B2#sh running-config 
Building configuration...

Current configuration : 927 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Site_B2
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
!
ip cef
no ip domain lookup
!
interface Loopback0
 ip address 192.168.2.1 255.255.255.255
!
interface FastEthernet0/0
 description SiteB2_to_PE_B
 ip address 10.1.1.5 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router rip
 version 2
 network 10.0.0.0
 no auto-summary
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

My Study Techniques

၂၀၁၀ ေလာက္မွာ သူငယ္ခ်င္း CCIE တစ္ေယာက္နဲ ့ေတြ ့ျဖစ္ခဲ့ျပီး ေနာက္ပုိင္းမွာ က်ေနာ့္အတြက္
Cisco Certification Trend ကုိ စိတ္၀င္စားခဲ့ပါတယ္ .. အဲ့အရင္က သိခဲ့တယ္ ဆုိခဲ့ေပမယ့္ သိပ္ျပီး စိတ္၀င္တစားေတာ့ မရွိခဲ့ပါဘူး.. ဒါေပမယ့္ ေနာက္ပုိင္းမွာ တေျဖးေျဖး လုပ္ငန္းခြင္အတြက္ လုိအပ္တဲ့
လက္မွတ္ ဆုိတာ လုိအပ္ခ်က္ တစ္ခုလုိ ့ ျမင္လာပါတယ္ ။ အနည္းဆုံးေတာ့ CV ကုိ ကုိယ့္ CV ကုိ အေရြးခံရဖုိ ့ေတာ့ အခြင့္အလမ္းမ်ားလာမယ္လုိ ့ လုိခဲ့ပါတယ္ ။။
ပထမဦးဆံုး CCNA ကေတာ့ ၂ နွစ္ေလာက္ ၾကာခဲ့ပါတယ္ ။ ဘာလုိ ့လဲ ဆုိေတာ့ ေလ့လာပုံ ေလ့လာနည္း
လြဲခဲ့တာေၾကာင့္ အဲေလာက္ ၾကာခဲ့တာလုိ ့ ထင္ပါတယ္ ။ လုပ္ငန္းခြင္ အေတြ ့အၾကဳံနဲ ့ဆုိင္မယ္ ထင္ပါတယ္
ေနာက္ပုိင္း CCNP ကုိ ၂ နွစ္အတြင္းမွာ ျပီးနုိင္မယ္လုိ ့ မွန္းထားပါတယ္ ။ Paper Certified မျဖစ္ခ်င္တာေၾကာင့္လဲ တတ္နုိင္သမွ် ကို္ယ့္ဘက္ မွတ္သားနုိင္သေလာက္ ေလ့လာျပီး ေျဖဆုိခဲ့ပါတယ္
အခု စာေရးေနခ်ိန္မွာ Routing နဲ ့ Switching ကုိ ေျဖျပီးပါျပီ ။ လာမယ့္လေလာက္မွာ Tshoot ေျဖနိင္မယ္လုိ ့
ထင္ပါတယ္ ။ က်ေနာ္ကေတာ့ CCNP မွာ Self study လုပ္ျဖစ္တယ္ ။ အလုပ္က စီနီယာေတြရဲ ့ သင္ၾကားျပသမႈလဲ အမ်ားၾကီး ပါပါတယ္ . ဂရုေတြမွာ ပါ၀င္ေဆြးေႏြးတာကလဲ အက်ဳိးအမ်ားၾကီးရွိပါတယ္
ေဆြးေႏြးျခင္းက ကုိယ္မျမင္တဲ့ ေက်ာ္သြားမိတဲ့ Concept ေတြကုိ ျမင္မိေစပါတယ္ ။ က်ေနာ္ ့အတြက္ အဓိက
Study Material ေတြက CBT Nugget က Video Lessons ေတြနဲ ့ Cisco Official Press Book ေတြပါ ၊
ေနာက္ျပီး GNS3 vault , How to Master , Note ေတြက အေတာ္ေလး ထိေရာက္မယ္လုိ ့ ယူဆပါတယ္
တစ္ေန ့စာဖတ္ျပီးရင္ ဒီေန ့ ငါ ဘာသိလုိက္လဲ ကုိယ္ကုိကုိယ္ ျပန္ျပီးေတာ့ ဆန္းစစ္ၾကည့္ပါတယ္ ။
ဒါေပမယ့္ ေန ့စဥ္ အကၽႊမ္းတ၀င္ မျဖစ္တဲ့ ကိစၥေတြက ေမ့သြားတတ္ပါတယ္ ။အနည္းဆုံး ေနာက္တစ္ခါ ၾကည့္ရင္ေတာ့ လြယ္တာေပါ့ ။ ေနာက္ျပီး စာျပန္ရွာရမယ္ ဆုိရင္ေတာင္ ဘယ္နားမွာ ရွိတယ္ဆုိတာေတာ့
သိျဖစ္မယ္ ထင္ပါတယ္ ။ စာၾကည့္တာေတာ့ ညပုိင္းမွာ ၾကည့္ျဖစ္တယ္ ။ Lab ကေတာ့ ပုံမွန္ မဟုတ္ပဲ
ေတာ္ေတာ္မ်ားမ်ားလုပ္ၾကည့္ျဖစ္တယ္ ။ လုပ္ေနရင္းနဲ ့ ပုိသိလာရတဲ့ အေၾကာင္းေတြလဲ ရွိပါတယ္
Lab ကေတာ့ ရုံးက ေပးထားတဲ့ Lab ကေတာ့ အေတာ္ေလး အဆင္ေျပပါတယ္ ။ အေဆာင္ကုိ ျပန္ေ၇ာက္ရင္ေတာ့ GNS 3 က က်ေနာ့္ အေဖာ္မြန္ပါပဲ..
ဆက္ျပီးလဲ ေလ့လာစရာေတြ အမ်ားၾကီး ရွိေနပါေသးပါတယ္ . ...ဒီထက္လဲ နားလည္ ကၽႊမ္းက်င္တဲ့ အင္ဂ်င္နီယာ တစ္ေယာက္ ျဖစ္ဖုိ ့ၾကုိးစားေနပါတယ္ .....

Basic VRF Lab

Step 1 : Assign Ip address at Fa 0/0 of R1 and R2.
Step 2 : Configure Vrf R1 on router R1 and add Loopback 0 and 11 to this vrf
Step 3 : Configure Vrf R2 on router R2 and add Loopback 0 and 11 to this vrf
Step 4 : Configure the tunnel1 interface on both routers. Make sure the source and destination IP addresses of the Fastethernet link are used for this.
Step 5 : Make sure the tunnel1 interface is added to VRF R1 and R2 .
Step 6 : Configure the 192.168.1.0 /24 subnet on the tunnel1 interface.
Step 7 : Configure EIGRP AS 100 as the routing protocol for these VRFs. Make sure both routers can ping each others loopback interfaces.

Note :::::  interfaces must be assigned to a VRF before being addressed; assigning an interface to a VRF wipes any IP addresses already configured on that interface.

:::::Task To do:::::

sh ip route
sh ip route vrf
R1#ping 2.2.2.2
R1#ping vrf R1 2.2.2.2
R1#ping vrf R1 2.2.2.2 loopback 0

================================================================
#######Devices Config ######

================================================================
::::::::::::::::R1:::::::::::::

R1#sh running-config
Building configuration...

Current configuration : 1275 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
!
ip cef
no ip domain lookup
!       
ip vrf R1
!     
interface Loopback0
 ip vrf forwarding R1
 ip address 1.1.1.1 255.255.255.0
!
interface Loopback11
 ip vrf forwarding R1
 ip address 11.11.11.11 255.255.255.0
!
interface Tunnel1
 ip vrf forwarding R1
 ip address 192.168.1.1 255.255.255.0
 tunnel source FastEthernet0/0
 tunnel destination 192.168.100.2
!
interface FastEthernet0/0
 ip address 192.168.100.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router eigrp 100
 no auto-summary
 !
 address-family ipv4 vrf R1
 network 1.0.0.0
 network 11.0.0.0
 network 192.168.1.0
 auto-summary
 autonomous-system 100
 exit-address-family
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

=================================================================
::::::::::::::::::::::R2:::::::::::::::::::::::::::
R2#sh running-config
Building configuration...

Current configuration : 1275 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
ip cef
no ip domain lookup
!       
ip vrf R2
!  
interface Loopback0
 ip vrf forwarding R2
 ip address 2.2.2.2 255.255.255.0
!
interface Loopback11
 ip vrf forwarding R2
 ip address 22.22.22.22 255.255.255.0
!
interface Tunnel1
 ip vrf forwarding R2
 ip address 192.168.1.2 255.255.255.0
 tunnel source FastEthernet0/0
 tunnel destination 192.168.100.1
!
interface FastEthernet0/0
 ip address 192.168.100.2 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router eigrp 100
 no auto-summary
 !
 address-family ipv4 vrf R2
 network 2.0.0.0
 network 22.0.0.0
 network 192.168.1.0
 auto-summary
 autonomous-system 100
 exit-address-family
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
end
======================================================================
Reference ::::::::::: GNS3Vault :: VRF Routing
======================================================================