Официален блог на WebEKM EKM очаквайте сайта онлайн скоро.

Download Free Templates http://bigtheme.net/ free full Wordpress, Joomla, Mgento - premium themes.

MPLS L3VPN LAB – implementation from the scratch

In this lab from the scratch we will implement fully working MPLS core with Layer 3 VPN and MP-BGP vpnv4 on the provider edge routers. Also we will achieve full connectivity between customers edge routers with routing protocols. At the end we will find out how to implement “extranets” and “shared services”, thanks to which we will be able to share for example Internet for MPLS Layer3 VPN customers, still keeping their networks separately.

First of all, this lab I made based on very good MPLS course from Joe Astorino #24347. I only put all lessons together as a GNS3vm lab.

To create this LAB I used GNS 2.1.4 vm with 7200 routers and images c7200-
adventerprisek9-mz.152-4.M7.image. I have decided to split the lab  on a few steps, so frankly you don’t have to configure anything, just download particular lab, run its and enjoy. If you want configure only particular step, just download the appropriate lab. All parts I uploaded on mega.nz, under the download link you will find decryption key, besides rar files have been protected with password “www.itbundle.net”

Before you go over the lab configuration I recommend reading articles about MPLS ,MP-BGP and BGP as well, that you find a lot at www.itbundle.net. 

Topology that we will be using looks in this way. This is the final look, of course we wil start from the scratch. 

 

Between routers R2-R3-R4-R5 we will implement MPLS. Between routers R2-R5 we use MP-BGP vpnv4. Routers CustomerA1-A2 and CustomerB1-B2 belong to 2 different routing domains (VRFs) and are invisible for each other.

 

Next, I will replace  Customer-B2 router with Shared Services router and we configure server and the Internet access simulated by 100.100.100.100 gateway

There is a couple of steps that we have to pass through before we will be enjoying of
fully working MPLS Layer 3 VPN infrastructure

1. In the CORE we implement OSPF
2. In the CORE we implement MPLS
3. On the PE routers we implement VRF
4. On the PE routers we implement BGP vpnv4 address family (MPBGP)
5. Between CE and PE routers we implement eBGP neighborhood or any other
routing protocol
6. We implement route leaking import-export betwen VRFs if we have any shared services (common server, netflow collector, access to the Internet), or we may to that without sharing VRFs

1. In the CORE we implement OSPF
There are only configured interfaces according to the screenshot, also OSPF has been deployed between R2-R3-R4-R5.

 
1. MPLS_infrastructure_LAB 

!all2F4ZeAvFEtZsF37bCnjxZ66HS0dDnpGePWN857MM

2. In the CORE we implement MPLS
MPLS in the core has been added globally and on particular interfaces. We also pointed out used label ranges on given routers. LDP protocol is by default on Cisco routers, but for making sure we run ‘mpls label protocol ldp

R2:
mpls ip
mpls label protocol ldp
mpls label range 200 299
interface0/0
mpls ip

R3:
mpls ip
mpls label protocol ldp
mpls label range 300 399
interface0/0
mpls ip
interface1/0
mpls ip

R4:
mpls ip
mpls label protocol ldp
mpls label range 400 499
interface0/0
mpls ip
interface1/0
mpls ip

R5:
mpls ip
mpls label protocol ldp
mpls label range 500 599
interface0/0
mpls ip

 

2. MPLS_infrastructure_LAB- MPLS_CORE+OSPF

!CwrFFvftk-UAS3h9HN3Og_VC2N0i2Gg3Fb1iqk1rV6E

 

3. On the PE routers we implement VRF 

Now, we have to set up VRFs to separate Customers networks. In order to do that we have to provide Route Distinguishers and Targets Export and Import MP-BGP Extended Community  that we will use later for route leaking. Of course we have to add particular interfaces to appropiatre VRFs

R2 :
ip vrf CUSTOMER-A
rd 2345:1
route-target import 2345:1
route-target export 2345:1

ip vrf CUSTOMER-B
rd 2345:2
route-target import 2345:2
route-target export 2345:2

int fa1/0
ip vrf forwarding CUSTOMER-A
ip address 192.168.12.2 255.255.255.0

int fa1/1
ip vrf forwarding CUSTOMER-B
ip address 192.168.22.2 255.255.255.0

R5 :
ip vrf CUSTOMER-A
rd 2345:1
route-target import 2345:1
route-target export 2345:1

ip vrf CUSTOMER-B
rd 2345:2
route-target import 2345:2
route-target export 2345:2

int fa1/0
ip vrf forwarding CUSTOMER-A
ip address 192.168.56.2 255.255.255.0

int fa1/1
ip vrf forwarding CUSTOMER-B
ip address 192.168.11.2 255.255.255.0

 

3. MPLS_infrastructure_LAB- MPLS_CORE+OSPF+VRF

!2q3YOjmWhZgvu6yRTr6ZNxcdaJRkSoeXpzRx0KIuim8

 

4. On the PE routers we implement BGP vpnv4 address family 

We have to provide communication between Customer Edge routers. MP BGP with vpnv4 address family will deal with that. At this moment we activate both PE routers under ‘address-family vpnv4’, also we want neighbors exchange standard BGP and extended MP-BGP vpnv4 communities. I also run command ‘ip bgp new-format‘ in order to use Communities in format AS:NN, not decimal that is out of the box

R2:
ip bgp new-format
router bgp 2345
no bgp default ipv4-unicast
neighbor 5.5.5.5 remote-as 2345
neighbor 5.5.5.5 update-source lo0
address-family vpnv4
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 send-community both

R5:
ip bgp new-format
router bgp 2345
no bgp default ipv4-unicast
neighbor 2.2.2.2 remote-as 2345
neighbor 2.2.2.2 update-source lo0
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community both

 

4. MPLS_infrastructure_LAB- MPLS_CORE+OSPF+VRF+MP-BGP+VPNv4

!aLNJbbK4ReA8wNpGOW8uy8QRr9gkDv_OzcQ_gY2H08c

 

5. BGP between CE and PE and CE-CE (CUSTOMER-A)

Now we will establish connectivity, first between CE-A1 and PE-R2 also CE-A2 and PE-R5 and finally between CE-A1 and CE-A2. We start from creating loopbacks at the 2 ends of CE routers to have something to ping. Of course we may redistribute anything we want, static networks or routing protocols into iBGP AS 65012 and iBGP AS 65056 on the second side that we will create in a while between CE and PE routers. Pay attention we are working under ‘address-family ipv4 vrf CUSTOMER-A’

R1 CE CUSTOMER-A
route-map LOOPBACK permit 10
match interface loopback0

router bgp 65012
redistribute connected route-map LOOPBACK
neighbor 192.168.12.2 remote-as 2345
neighbor 192.168.12.2 send-community both

R2 PE
router bgp 2345
neighbor 192.168.12.1 remote-as 65012
address-family ipv4 vrf CUSTOMER-A
neighbor 192.168.12.1 remote-as 65012
neighbor 192.168.12.1 activate
neighbor 192.168.12.1 send-community both
redistribute connected

R5 PE
router bgp 2345
neighbor 192.168.56.6 remote-as 65056
address-family ipv4 vrf CUSTOMER-A
neighbor 192.168.56.6 remote-as 65056
neighbor 192.168.56.6 activate
neighbor 192.168.56.6 send-community both
redistribute connected

R6 CE CUSTOMER-A
route-map LOOPBACK permit 10
match interface loopback0

router bgp 65056
redistribute connected route-map LOOPBACK
neighbor 192.168.56.5 remote-as 2345
neighbor 192.168.56.5 send-community both

 

5. MPLS_infrastructure_LAB +…+PE-CE_Routing(BGP Protocol)_CUSTOMER-A

!VEf8dPphaySv7BScxaB_6qSR6KZoduiwYrX191HR4hM

P.S

Not the part of Joe Astorino LAB, but my 2 cents

If you want to deploy OSPF between PE and CE  then on the CE routers you advertise OSPF on the interfaces as usual. On the PE edges routers you have to remember that each VRF should be different OSPF process! OSPF prefixes between CE will be redistributed as IA (inter-area) and of course at the end you make mutual redistribution

R1 CE CUSTOMER-A
interface lo0

router ospf 1 area 0
interface fa1/0
router ospf 1 area 0

R2 PE
router ospf 2 vrf CUSTOMER-A
network 192.168.12.0 0.0.0.255 area 0
redistribute bgp 2345 subnets
router bgp 2345
address-family ipv4 vrf CUSTOMER-A
redistribute ospf 2

R6 CE CUSTOMER-A
interface lo0

router ospf 1 area 0
interface fa1/0
router ospf 1 area 0

R5 PE
router ospf 2 vrf CUSTOMER-A
network 192.168.56.0 0.0.0.255 area 0
redistribute bgp 2345 subnets
router bgp 2345
address-family ipv4 vrf CUSTOMER-A
redistribute ospf 2

 

You may also use static routing between PE-CE. On CE routers you have to ad only default route pointing the outside VRF PE interfaces. Regarding PE routers you have to add static routes  to the vrf RIB and redistribute them into appropriate vrf under bgp vpnv4

Customer A1
ip route 0.0.0.0 0.0.0.0 192.168.12.2

Customer A2
ip route 0.0.0.0 0.0.0.0 192.168.56.5

PE R2
ip route vrf CUSTOMER-A 1.1.1.1 255.255.255.255 192.168.12.1

PE R5
ip route vrf CUSTOMER-A 6.6.6.6 255.255.255.255 192.168.56.6

router bgp 2345
address-family ipv4 vrf CUSTOMER-A
redistribute static

 

6. EIGRP between CE and PE and CE-CE (CUSTOMER-B)
In case of R7 and R8 CUSTOMER-B routers we implement EIGRP and redistribute its into BGP. It doesn’t matter what EIGRP AS we will choose on the PE routers. Again we configure EIGRP under ‘address-family ipv4 vrf CUSTOMER-B’ in case of BGP and EIGRP as well. Firstly we configure EIGRP on the CE and PE routers , then we redistribute EIGRP into BGP 2345 (vpnv4) and BGP 2345 into EIGRP. This way we achieve full connectivity between CE Customer-B routers.

CUSTOMER B1
router eigrp 1
network 22.22.22.22 0.0.0.0
network 192.168.22.0

PE R2
router eigrp 65535
address-family ipv4 vrf CUSTOMER-B
default-metric 100000 10 255 1 1500
redistribute bgp 2345
network 192.168.22.0
autonomous-system 1
exit-address-family

router bgp 2345
address-family ipv4 vrf CUSTOMER-B
redistribute connected
redistribute eigrp 1
exit-address-family

PE R5
router eigrp 65535
address-family ipv4 vrf CUSTOMER-B
default-metric 100000 10 255 1 1500
redistribute bgp 2345
network 192.168.11.0
autonomous-system 1
exit-address-family

router bgp 2345
address-family ipv4 vrf CUSTOMER-B
redistribute connected
redistribute eigrp 1
exit-address-family

CUSTOMER B2
router eigrp 1
network 11.11.11.11 0.0.0.0
network 192.168.11.0

 

6. MPLS_infrastructure_LAB +…+PE-CE_Routing(BGP Protocol)_CUSTOMER-A+CUSTOMER-B(EIGRP)

!b4qkrnxoP8icRIWl5_OnXaZV5ABCpoVfyo9SsI2gfMQ

 

7. Shared Services and Internet – preparation
At this stage Shared Service with IP address 11.11.11.11 has been added.
Configuration of interface R5 towards Shared Services router has been removed, also
configuration of Shared Services router.

 

7. MPLS_infrastructure_LAB +…Shared_Services_LAB

!zIS3AV3a9vy52WyKGzwLk2qEjZsBFWJQTlzqoVxwyjU

 

8. Shared Services 

We implement route leaking with import-export betwen VRFs if we have any shared services (common server, netflow collector, access to the Internet). Also new VRF called Shared has been created and interface faced to Shared Services router has been assign to its.Route leads to 11.11.11.11 has been redistributed into BGP in order to share its with Customer-A and Customer-B VRFs. Also static routes have been added to Share Services router towards endpoints.

R2:
ip vrf CUSTOMER-A
route-target import 2345:3

ip vrf CUSTOMER-B
route-target import 2345:3

R5:
ip vrf SHARED
rd 2345:3
route-target export 2345:3
route-target import 2345:1
route-target import 2345:2

ip vrf CUSTOMER-A
route-target import 2345:3

ip vrf CUSTOMER-B
route-target import 2345:3

interface fa1/1
ip vrf forwarding SHARED
ip address 192.168.11.5 255.255.255.0

ip route vrf SHARED 11.11.11.11 255.255.255.255 192.168.11.8

router bgp 2345
address-family ipv4 vrf SHARED
redistribute static

SHARED_SERVICES
ip route 1.1.1.1 255.255.255.255 192.168.11.5
ip route 6.6.6.6 255.255.255.255 192.168.11.5
ip route 22.22.22.22 255.255.255.255 192.168.11.5
ip route 192.168.12.0 255.255.255.0 192.168.11.5
ip route 192.168.22.0 255.255.255.0 192.168.11.5
ip route 192.168.56.0 255.255.255.0 192.168.11.5

 

8. MPLS_infrastructure_LAB +…Shared_Services_LAB+Shared Services with Shared VRF

!to2oatRIWNZdAONqUdOHSqMQw7ysJmbzdi205AA27e0

 

9. The Internet

The last task is enable the Internet connection, what is done by adding default route and propagate its from SHARE VRF into Customer-A and Customer-B VRFs

R5
ip route vrf SHARED 0.0.0.0 0.0.0.0 192.168.11.8

router bgp 2345
address-family ipv4 vrf SHARED
default-information originate

 

9. MPLS_infrastructure_LAB +…Shared_Services_LAB+Shared Internet with Shared VRF

!Mhyp1KaoWFDmNF3KU3fLIVXsm3R_qh2YD3W_u_-I9Cg

, , ,

Onlain bookmaker bet365.com - the best bokie

Menu