Wednesday, April 16, 2014

Basic MPLS L3 VPN



This lab is according to A small MPLS VPN tutorial (by Alexandre Ribeiro, alexandregomesribeiro@gmail.com) pdf file.

Step1: IGP configuration inside the MPLS backbone
Step2: Basic MPLS configuration
Step3: VRF configuration
Step4: MP-BGP configuration
Step5: IGP configuration between CE and PE
Step6: Redistribute IGP route between CE and PE to MP-BGP
Step7: Verify connectivity between CEs

Using IOS - (C3660-JK9O3S-M)

Basic VPN

Detail Config ::


P_router

P_router#sh running-config 
Building configuration...

Current configuration : 1109 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname P_router
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
ip cef
no ip domain lookup
!      
!
mpls label range 100 199
!
interface Loopback0
 ip address 172.16.1.1 255.255.255.255
 ip ospf network point-to-point
!
interface FastEthernet0/0
 description P_router_to_PE_A
 ip address 192.168.1.2 255.255.255.252
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 description P_router_to_PE_B
 ip address 192.168.1.5 255.255.255.252
 duplex auto
 speed auto
 mpls ip
!
router ospf 1
 log-adjacency-changes
 network 172.16.0.0 0.0.255.255 area 0
 network 192.168.1.0 0.0.0.255 area 0
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
end
===================================================================
PE_A#sh running-config
Building configuration...

Current configuration : 2171 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE_A
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
ip cef
no ip domain lookup     
ip vrf siteA
 rd 100:1
 route-target export 100:1
 route-target import 100:1
!
ip vrf siteB
 rd 100:2
 route-target export 100:2
 route-target import 100:2
!
mpls label range 200 299
!
interface Loopback0
 ip address 172.16.1.2 255.255.255.255
 ip ospf network point-to-point
!
interface FastEthernet0/0
 description PE_A_to_P_router
 ip address 192.168.1.1 255.255.255.252
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 description PE_A_to_SiteA1
 ip vrf forwarding siteA
 ip address 10.1.1.2 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet1/0
 description PE_A_to_SiteB1
 ip vrf forwarding siteB
 ip address 10.1.1.2 255.255.255.252
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 172.16.0.0 0.0.255.255 area 0
 network 192.168.1.0 0.0.0.255 area 0
!
router rip
 !
 address-family ipv4 vrf siteB
 redistribute bgp 100 metric 1
 network 10.0.0.0
 no auto-summary
 version 2
 exit-address-family
 !
 address-family ipv4 vrf siteA
 redistribute bgp 100 metric 1
 network 10.0.0.0
 no auto-summary
 version 2
 exit-address-family
!
router bgp 100
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 172.16.1.3 remote-as 100
 neighbor 172.16.1.3 update-source Loopback0
 !
 address-family vpnv4
 neighbor 172.16.1.3 activate
 neighbor 172.16.1.3 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf siteB
 redistribute rip metric 1
 no synchronization
 exit-address-family
 !
 address-family ipv4 vrf siteA
 redistribute rip metric 1
 no synchronization
 exit-address-family
!
no ip http server
no ip http secure-server
!

control-plane
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end
======================================================================

PE_B#sh running-config 
Building configuration...

Current configuration : 2143 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE_B
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
ip cef
no ip domain lookup
!     
ip vrf siteA
 rd 100:1
 route-target export 100:1
 route-target import 100:1
!
ip vrf siteB
 rd 100:2
 route-target export 100:2
 route-target import 100:2
!
!
mpls label range 300 399
!
interface Loopback0
 ip address 172.16.1.3 255.255.255.255
 ip ospf network point-to-point
!
interface FastEthernet0/0
 description PE_B_to_P_router
 ip address 192.168.1.6 255.255.255.252
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 description PE_B_to_SiteB2
 ip vrf forwarding siteA
 ip address 10.1.1.6 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip vrf forwarding siteB
 ip address 10.1.1.6 255.255.255.252
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 172.16.0.0 0.0.255.255 area 0
 network 192.168.1.0 0.0.0.255 area 0
!
router rip
 !
 address-family ipv4 vrf siteB
 redistribute bgp 100 metric 1
 network 10.0.0.0
 no auto-summary
 version 2
 exit-address-family
 !
 address-family ipv4 vrf siteA
 redistribute bgp 100 metric 1
 network 10.0.0.0
 no auto-summary
 version 2
 exit-address-family
!
router bgp 100
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 172.16.1.2 remote-as 100
 neighbor 172.16.1.2 update-source Loopback0
 !
 address-family vpnv4
 neighbor 172.16.1.2 activate
 neighbor 172.16.1.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf siteB
 redistribute rip metric 1
 no synchronization
 exit-address-family
 !
 address-family ipv4 vrf siteA
 redistribute rip metric 1
 no synchronization
 exit-address-family
!
no ip http server
no ip http secure-server
!

control-plane

line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
end
================================================================

Site_A1#sh running-config 
Building configuration...

Current configuration : 948 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Site_A1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
interface Loopback0
 ip address 192.168.1.1 255.255.255.255
!
interface FastEthernet0/0
 description SiteA1_to_PE_A
 ip address 10.1.1.1 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router rip
 version 2
 network 10.0.0.0
 network 192.168.1.0
 no auto-summary
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end
=============================================================
Site_A2#sh running-config 
Building configuration...

Current configuration : 948 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Site_A2
!
boot-start-marker
boot-end-marker
!
interface Loopback0
 ip address 192.168.2.1 255.255.255.255
!
interface FastEthernet0/0
 description SiteA2_to_PE_A
 ip address 10.1.1.5 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router rip
 version 2
 network 10.0.0.0
 network 192.168.2.0
 no auto-summary
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end
==================================================================
Site_B1#sh running-config 
Building configuration...

Current configuration : 927 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Site_B1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
!
ip cef
no ip domain lookup
!
interface Loopback0
 ip address 192.168.1.1 255.255.255.255
!
interface FastEthernet0/0
 description SiteB1_to_PE_A
 ip address 10.1.1.1 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router rip
 version 2
 network 10.0.0.0
 no auto-summary
!
no ip http server
no ip http secure-server
!
!
control-plane
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end
================================================================
Site_B2#sh running-config 
Building configuration...

Current configuration : 927 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Site_B2
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip tcp synwait-time 5
!
!
ip cef
no ip domain lookup
!
interface Loopback0
 ip address 192.168.2.1 255.255.255.255
!
interface FastEthernet0/0
 description SiteB2_to_PE_B
 ip address 10.1.1.5 255.255.255.252
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router rip
 version 2
 network 10.0.0.0
 no auto-summary
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)