MPLS RIP L3 VPN

image

configurations

R1

interface FastEthernet0/0
 ip address 10.1.12.1 255.255.255.0
interf loopback 0
ip add 1.1.1.1 255.255.255.0

R2

iinterface Loopback0
ip address 2.2.2.2 255.255.255.255

interface FastEthernet0/0
 ip address 10.1.12.2 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.1.23.2 255.255.255.0
 duplex auto
 speed auto

R3

interface FastEthernet0/0
 ip address 10.1.23.3 255.255.255.0
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.1.34.3 255.255.255.0
 duplex auto
 speed auto

R4

interface Loopback0
 ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
 ip address 10.1.45.4 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.1.34.4 255.255.255.0
 duplex auto
 speed auto

R5

interface FastEthernet0/0
 ip address 10.1.45.5 255.255.255.0
 duplex auto
 speed auto

The goal is to run mpls within the  ISP network and we also want to run RIP with Customer A CE routers (R1 and R5)

we will run OSPF inside the mpls network

let’s start with configuring OSPF between R2, R3 and R4

R2

R2(config)#router ospf 1
R2(config-router)#network 10.1.23.2 0.0.0.0 area 0
R2(config-router)#network 2.2.2.0 0.0.0.255 area 0

R3

R3(config)#router osp 1
R3(config-router)#network 0.0.0.0 0.0.0.0 area 0

R4

R4(config)#router ospf 1
R4(config-router)#network 4.4.4.0 0.0.0.255 area 0
R4(config-router)#network 10.1.34.0 0.0.0.255 area 0

So now we should have our IGP running on all our ISP network

we need to turn on mpls on these routers

R2(config)#interf f0/1
R2(config-if)#mpls ip

R3(config)#interf f0/0
R3(config-if)#mpls ip
R3(config)#interf f0/1
R3(config-if)#mpls ip

R4(config)#interf f0/1
R4(config-if)#mpls ip 

Now let’s check the LDP neighbors on these routers

R2

R2(config)#do sh mpls ldp ne
    Peer LDP Ident: 10.1.34.3:0; Local LDP Ident 10.1.23.2:0
        TCP connection: 10.1.34.3.21083 - 10.1.23.2.646
        State: Oper; Msgs sent/rcvd: 14/13; Downstream
        Up time: 00:06:56
        LDP discovery sources:
          FastEthernet0/1, Src IP addr: 10.1.23.3
        Addresses bound to peer LDP Ident:
          10.1.23.3       10.1.34.3     

R3

R3(config-if)#do sh mpls ldp ne
    Peer LDP Ident: 10.1.23.2:0; Local LDP Ident 10.1.34.3:0
        TCP connection: 10.1.23.2.646 - 10.1.34.3.21083
        State: Oper; Msgs sent/rcvd: 14/15; Downstream
        Up time: 00:07:12
        LDP discovery sources:
          FastEthernet0/0, Src IP addr: 10.1.23.2
        Addresses bound to peer LDP Ident:
          10.1.12.2       10.1.23.2      
   Peer LDP Ident: 4.4.4.4:0; Local LDP Ident 10.1.34.3:0
        TCP connection: 4.4.4.4.646 - 10.1.34.3.63944
        State: Oper; Msgs sent/rcvd: 13/14; Downstream
        Up time: 00:06:42
        LDP discovery sources:
          FastEthernet0/1, Src IP addr: 10.1.34.4
        Addresses bound to peer LDP Ident:
          10.1.45.4       10.1.34.4       4.4.4.4       

R4

R4(config-if)#do sh mpls ldp nei
    Peer LDP Ident: 10.1.34.3:0; Local LDP Ident 4.4.4.4:0
        TCP connection: 10.1.34.3.52025 - 4.4.4.4.646
        State: Oper; Msgs sent/rcvd: 330/324; Downstream
        Up time: 04:40:42
        LDP discovery sources:
          FastEthernet0/1, Src IP addr: 10.1.34.3
        Addresses bound to peer LDP Ident:
          10.1.23.3       10.1.34.3      

Now we need to enable BGP on the PE routers (R2 and R4)

R4

R4(config-router-af)#do sh run | sec router bgp 100
router bgp 100
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 100
 neighbor 2.2.2.2 update-source Loopback0
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community extended
 exit-address-family

R2

R2(config-router)#do sh run | sec router bgp 100
router bgp 100
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 4.4.4.4 remote-as 100
 neighbor 4.4.4.4 update-source Loopback0
 !
 address-family vpnv4
  neighbor 4.4.4.4 activate
  neighbor 4.4.4.4 send-community extended
 exit-address-family

Note: we have used this no bgp default ipv4-unicast command under the BGP configuration to stop the BGP from activating the ipv4 unicast peers automatically and we have to activate them manually under the vpnv4 unicast address family manually. let’s check the BGP peers

R2

R2(config)#do sh bgp vpn un all summ
BGP router identifier 10.1.23.2, local AS number 100
BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
4.4.4.4         4   100     586     585        1    0    0 09:41:49        0

R4

R4(config)#do sh bgp vpn un all summ
BGP router identifier 4.4.4.4, local AS number 100
BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2.2.2.2         4   100     587     587        1    0    0 09:43:46        0

we now need to create the VRFs on both R2 and R4 and run RIP with R1 and R5

R1

R1(config)#router rip      
R1(config-router)#no auto-summary
R1(config-router)#version 2
R1(config-router)#network 10.0.0.0  
R1(config-router)#network 1.0.0.0 

R2

R2(config)#ip vrf CUST_A
R2(config-vrf)#rd 100:1
R2(config-vrf)#exit
R2(config)#interf
R2(config)#interface f0/0
R2(config-if)#ip vrf forwarding CUST_A
% Interface FastEthernet0/0 IP address 10.1.12.2 removed due to enabling VRF CUST_A
R2(config-if)#ip address 10.1.12.2 255.255.255.0
R2(config)# router rip
R2(config-router)#address-family ipv4 vrf CUST_A
R2(config-router-af)#no auto-summary
R2(config-router-af)#version 2
R2(config-router-af)#network 10.0.0.0

R4

R4(config)#ip vrf CUST_A
R4(config-vrf)#rd 100:1
R4(config-router)#interf f0/0
R4(config-if)#ip vrf forwarding CUST_A 
% Interface FastEthernet0/0 IP address 10.1.45.4 removed due to enabling VRF CUST_A
R4(config-if)#ip address 10.1.45.4 255.255.255.0
R4(config)#router rip
R4(config-router)#address-family ipv4 vrf CUST_A
R4(config-router-af)#no aut
R4(config-router-af)#ver 2
R4(config-router-af)#net 10.0.0.0

R5

R5(config)#router rip
R5(config-router)#no auto-summary
R5(config-router)#ver 2
R5(config-router)#network 5.0.0.0
R5(config-router)#network 10.0.0.0

so on R2 and R4 we have created the VRF and identified a RD

RD is 64 bit that PEs prepend to the 32 bit prefixes in particular VRF to make it unique 96 bit prefix. RD is only local an doesn’t have to match on different PEs but they need to be locally different to avoid overlapping issues

Also note how the IP address of interfaces f0/0 on both R2 and R4 were removed when we assigned them to the new VRF CUST_A this basically because the router is moving these IP addresses to the VPNV4 table rather than the global routing table.

From customer’s point of view RIP configuration didn’t change  and you configure RIP as we we always do, however on PEs the RIP need to be configured under address family so we keep routing table separate for different customers

our next step will be configuring the BGP-MP on the PE routers and mutual redistribute between RIP and the BGP-MP

on both R2 and R4

(config)#router bgp 100
(config-router)#address-family ipv4 vrf CUST_A
(config-router-af)#redistribute rip
(config)#router rip
(config-router)#address-family ipv4 vrf CUST_A
(config-router-af)#redistribute bgp metric 1 

let’s check the BGP on R2 for that VRF

R2(config)#do sh bgp vpn un vrf CUST_A
BGP table version is 5, local router ID is 10.1.23.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf CUST_A)
*> 1.1.1.0/24       10.1.12.1                1         32768 ?
*> 10.1.12.0/24     0.0.0.0                  0         32768 ?

so we see that RIP is getting redistributed correctly into BGP but we are note receiving any routes from R4, in order for us to start receiving routes from other PEs we need to IMPORT/EXPORT Route Targets

Route Targets  control which routes will be imported on the far side PE, for a given VRF.

so let’s try this on both R2 and R4

(config)#ip vrf CUST_A
(config-vrf)#route-target import 100:1
(config-vrf)#route-target export 100:

route-target import: import the route from BGP-MP into the specific VRF

route-target export: Export the route from the VRF to BGP-MP

so now let’s check the routing table on R1 and R5

R1

R1#sh ip route rip
   5.0.0.0/24 is subnetted, 1 subnets
R       5.5.5.0 [120/1] via 10.1.12.2, 00:00:17, FastEthernet0/0
     10.0.0.0/24 is subnetted, 2 subnets
R       10.1.45.0 [120/1] via 10.1.12.2, 00:00:17, FastEthernet0/0

R5

R5#sh ip route rip
     1.0.0.0/24 is subnetted, 1 subnets
R       1.1.1.0 [120/1] via 10.1.45.4, 00:00:17, FastEthernet0/0
     10.0.0.0/24 is subnetted, 2 subnets
R       10.1.12.0 [120/1] via 10.1.45.4, 00:00:17, FastEthernet0/0

And we can confirm with a ping from R1 to R5

R1#ping 5.5.5.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/103/120 ms
R1#tra
R1#traceroute 5.5.5.5

Type escape sequence to abort.
Tracing the route to 5.5.5.5

  1 10.1.12.2 44 msec 44 msec 24 msec
  2 10.1.23.3 [MPLS: Labels 19/19 Exp 0] 132 msec 68 msec 80 msec
  3 10.1.45.4 [MPLS: Label 19 Exp 0] 96 msec 64 msec 56 msec
  4 10.1.45.5 112 msec *  88 msec

Comments

Post a Comment

Popular posts from this blog

BPDU Filter vs BPDU Guard

        Today we will try to explore the difference between these 2 options, BPDU guard and BPDU filter We know that BPDU are used to communicate between switches in L2 networks  to ensure loop free topology. BPDU Guard is used to protect our access (or trunks incase of servers) ports from receiving undesired BPDU packets, this feature is helpful in enforcing your network boundary in access layer BPDU Guard can be enabled on global configuration as well as under the interface configuration BPDU Filter on the other hand is used to filter BPDU packets outbound when configured  in global configuration (after sending 11 BPDU out ) and will filter BPDU inbound/outbound when configured under the interface level To better understand these two features, let’s use this simple topology R1 is connected to SW1 through F0/0 to have R1 send and receive BPDU we will simple configure bridging group 1 on the router and we will join the bridge group when desired to test our configuration BPDU
Read more

BGP Weight Attribute

Image
Before we start the lab let's see the BGP path selection process If the path specifies a next hop that is inaccessible, drop the update. •Prefer the path with the highest weight. •If the weights are the same, prefer the path with the largest local preference. •If the local preferences are the same, prefer the path that was originated by BGP running on this router. •If no route was originated, prefer the route that has the shortest AS_path. •If all paths have the same AS_path length, prefer the path with the lowest origin code (where IGP is lower than EGP, and EGP is lower than incomplete). •If the origin codes are the same, prefer the path with the lowest MED attribute. •If the paths have the same MED, prefer the external path over the internal path. •If the paths are still the same, prefer the path through the closest IGP neighbor. •Prefer the path with the lowest IP address, as specified by the BGP router ID. I read this on CCIE Pursuit blog We Love Oranges As O
Read more

OSPF–Point To Multipoint Non-Broadcast

Image
Using same setup that we have been using in the last 3 posts, we will change the network type to point-to-multipoint Non-Broadcast we will also add a Ethernet link between R2 and R3 and enable OSPF on it Our final configuration should be something like this R1 interface Serial0/0   no ip address   encapsulation frame-relay   no frame-relay inverse-arp ! interface Serial0/0.123 multipoint   ip address 10.1.123.1 255.255.255.0   ip ospf network point-to-multipoint non-broadcast   ip ospf 1 area 0   frame-relay map ip 10.1.123.2 102   frame-relay map ip 10.1.123.3 103 !          router ospf 1   router-id 1.1.1.1   log-adjacency-changes   neighbor 10.1.123.2   neighbor 10.1.123.3 R2 interface Serial0/0   no ip address   encapsulation frame-relay   no frame-relay inverse-arp ! interface Serial0/0.123 multipoint   ip address 10.1.123.2 255.255.255.0   ip ospf network point-to-multipoint non-broadcast   ip ospf 1 area 0   frame-relay map ip 10.1.123.1 201 R3 interface
Read more