MPLS Fundamental

PART 1
Jan 24 2014
GNS3 Lab: Introduction to MPLS Layer 3 VPN Part 1
In this first article on MPLS Layer 3 VPN, e ill !e ha"in# a ste$ !y ste$ la! on ho to set%$ MPLS
VPN netor& in !oth the ser"ice $ro"i'er an' c%sto(er $ers$ecti"es) *elo are the folloin# tas&s
an' re+%ire(ents that e nee' to acco($lish in Part 1,
Tasks
1) -onfi#%re MPLS L.P in the Ser"ice Pro"i'er netor&)
2) -onfi#%re VR/ in the Pro"i'er 0'#e 1P02 ro%ters)
3) -onfi#%re *3P VPN"4 $eerin# !eteen R1 an' R4)
4) -onfi#%re Peerin# !eteen P0 ro%ters R1 an' R4 to c%sto(er ro%ters -4ST5A6R1 an' -4ST6
A6R2) Anno%nce Loo$!ac& 10 an' 100 in the -0 ro%ters) Verify connecti"ity)
7SP/ an' *3P ere $reconfi#%re') The I7S %se' as a 3849 ith A'"ance' 0nter$rise feat%re) The
3NS3 )net file an' the startin# confi#%rations can !e 'onloa'e' here)
MPLS VPN (i#ht so%n' co($licate' !%t in fact the !asics are easy) *efore yo% $rocee' f%rther ith
this la!, rea'in# an intro'%ction to MPLS ill !e e:tre(ely hel$f%l) My collea#%e ha' ritten a "ery
#oo' article entitle' ;The -o($lete 3%i'e to MPLS< hich can !e fo%n' here)
Figure 1: Lab Topology
*efore e (o"e on to the first tas&, let %s re"ie so(e conce$ts an' ter(inolo#ies relate' to MPLS)
MPLS o$erates in the (i''le of the 'ata lin& layer 1Layer 22 an' the netor& layer 1Layer 32 hence it is
consi'ere' to !e a Layer 2)9 $rotocol) It o$erates %sin# the $rotocol calle' L.P 1La!el .istri!%tion
Protocol2 hich assi#ns la!els ran#in# fro( 1= to 1,04>,989 10619 reser"e' an' cannot !e %se' in
-isco ro%ters2 to IP $refi:es?s%!nets in the ro%tin# ta!le) L.P relies on the ro%tin# ta!le in or'er for it
to for( its LI* 1La!el Infor(ation *ase2 an' L/I* 1La!el /orar'in# Infor(ation *ase2) LSR 1La!el
Sitch Ro%ters2 are ro%ters in the (i''le of the Ser"ice $ro"i'er netor& that %ses la!el to $erfor(
ro%tin#) L0R 1La!el 0'#e Ro%ters2 are ro%ters that are entry an' e:it $oints of the netor&) They are
#enerally the Pro"i'er 0'#e 1P02 ro%ters)
The three #eneral o$erations of L.P hen 'ealin# ith la!elin# $ac&ets are P4S@, SAAP an' P7P)
P4S@ (eans that the inco(in# $ac&et has no la!el an' has to assi#n a ne la!el to it) SAAP is
!asically chan#in# the la!el to a 'ifferent la!el) P7P on the other han', is to re(o"e the la!el) L0Rs
are %s%ally the ones ho P4S@ la!els to $ac&ets, LSRs 'o SAAP of the la!els an' the $en%lti(ate ho$
ro%ters 1A'Bacent LSRs to the L0Rs, in o%r case Ro%ters R2 an' R32 'o the P7P o$eration) The feat%re
here LSRs P7P la!els !efore it sen's o%t to L0Rs is calle' P@P 1Pen%lti(ate @o$ Po$$in#2 ith
I($licit6n%ll)
The L.P ro%ter6i' nee's to !e reacha!le thro%#h the #lo!al ro%tin# ta!le in or'er for L.P to for(
nei#h!orshi$) The ro%ter6i' election for L.P is the hi#hest IP a''ress of any loo$!ac& interface) If no
loo$!ac& interfaces e:ist, it ill !e the hi#hest IP a''ress of any $hysical interface that is o$erational)
LetCs $rocee' to confi#%re Tas& 1)
Task 1: on!igure MPLS L"P in t#e Ser$ice Pro$ider net%ork
R1(config)#int fa0/0
R1(config-if)#mpls ip
R1(config-if)#exit
R1(config)#mpls label ?
protocol Set platform default label distribution protocol
range Label range
R1(config)#mpls label range ?
Minimum label alue
R1(config)#mpls label range 1000 1!!!
" Label range c#anges $ill ta%e effect at t#e next reload&
R1(config)#mpls ldp router-id lo0 force
R'(config)#int fa0/0
R'(config-if)#mpls ip
R'(config-if)#int f0/1
R'(config-if)#mpls ip
R'(config-if)#mpls label range '000 '!!!
R((config)#int fa0/0
R((config-if)#mpls ip
R((config-if)#int fa0/1
R((config-if)#mpls ip
R((config-if)#mpls label range (000 (!!!
R)
R)(config)#int fa0/0
R)(config-if)#mpls ip
R)(config-if)#mpls label range )000 )!!!
The co((an' ;($ls i$< is re+%ire' to for( L.P nei#h!ors) It is only confi#%re' in interfaces that are
insi'e the ser"ice $ro"i'er netor&) Any interfaces s%ch as loo$!ac&s or those facin# the c%sto(er are
not re+%ire' to !e confi#%re' !eca%se L.P is not re+%ire' !eteen c%sto(er an' P0 ro%ters) Tho%#h
the c%sto(er is connecte' to the MPLS netor&, it is a co((on $ractice for ser"ice $ro"i'ers not to
(a&e their netor& "isi!le to the c%sto(er)
The ;($ls la!el ran#e< co((an' in the ro%ters sets the n%(!er of la!els only) I confi#%re' it that ay
so it ill !e easier to e:$lain later ho L.P or&s) In the e:a($le confi#%ration a!o"e, the n%(!er of
la!els that can !e assi#ne' for each ro%ter only a(o%nts to 1000) If the netor& has (ore than 1000
$refi:es, the rest of the $refi:es ill not !e la!ele' an' ill !e ro%te' %sin# IP)
The ;($ls l'$ ro%ter6i' loo$!ac&0 force< co((an' enforces the L.P to %se the IP a''ress of
Loo$!ac&0 as its I.) The ;force< &eyor' ill tear 'on e:istin# L.P sessions an' clear all the
c%rrent !in'in#s an' a$$lies the chan#es to the L.P I.) If ;force< is not %se', the ro%ter ill ait %ntil
the c%rrent interface of the L.P I. #oes 'on !efore it a$$lies the ne L.P I. s$ecifie' in the
co((an')
The ro%ters ha"e !een restarte') LetCs chec& the L.P nei#h!orshi$) LetCs %se to e:a($les for !re"ity)
R1#s# mpls ldp neig#
*eer L+* ,dent- '&'&'&'-0. Local L+* ,dent 1&1&1&1-0
/0* connection- '&'&'&'&11102 - 1&1&1&1&3)3
State- 4per. Msgs sent/rcd- )3/)3. +o$nstream
5p time- 00-(1-')
L+* discoer6 sources-
7ast8t#ernet0/09 Src ,* addr- 1'&1'&1'&'
:ddresses bound to peer L+* ,dent-
1'&1'&1'&' '&'&'&' '(&'(&'(&'
R(#s# mpls ldp neig#
*eer L+* ,dent- '&'&'&'-0. Local L+* ,dent (&(&(&(-0
/0* connection- '&'&'&'&3)3 - (&(&(&(&)';;1
State- 4per. Msgs sent/rcd- 3;/33. +o$nstream
5p time- 00-)!-2'
7ast8t#ernet0/19 Src ,* addr- '(&'(&'(&'
1'&1'&1'&' '&'&'&' '(&'(&'(&'
*eer L+* ,dent- )&)&)&)-0. Local L+* ,dent (&(&(&(-0
/0* connection- )&)&)&)&2!3)) - (&(&(&(&3)3
State- 4per. Msgs sent/rcd- 3;/3;. +o$nstream
5p time- 00-)!-21
7ast8t#ernet0/09 Src ,* addr- ()&()&()&)
()&()&()&) )&)&)&)
R1#s#o$ mpls for$arding-table
Local 4utgoing *refix <6tes tag 4utgoing =ext >op
tag tag or ?0 or /unnel ,d s$itc#ed interface
1000 *op tag '&'&'&'/(' 0 7a0/0 1'&1'&1'&'
1001 *op tag '(&'(&'(&0/') 0 7a0/0 1'&1'&1'&'
100' '001 ()&()&()&0/') 0 7a0/0 1'&1'&1'&'
100( '00' (&(&(&(/(' 0 7a0/0 1'&1'&1'&'
100) '00( )&)&)&)/(' 0 7a0/0 1'&1'&1'&'
As (entione', the L.P I. ill !e the hi#hest loo$!ac& IP a''ress that is o$erational in the ro%ter) The
L.P ro%ters, !efore they for( an L.P session, elect hich ro%ter ill !e acti"e an' $assi"e) The ro%ter
chosen as acti"e ill initiate the L.P T-P connection) In o%r case, R2 initiate' a connection %sin# a
ran'o( n%(!er hich in this case is 1>>09, R1 res$on's !ac& ith the $ort =4=, the T-P $ort that is
assi#ne' to L.P) The ;A''resses !o%n' to $eer L.P I'ent,< section s$ecifies that the ro%tes !elo are
'irectly connecte' to the L.P nei#h!or) .irectly connecte' ro%tes to the nei#h!or !y 'efa%lt ill not
ha"e any la!el assi#ne' in the LI* 1La!el Infor(ation *ase2)
The ;sho ($ls forar'in#6ta!le< also calle' the L/I*, shos the actions hich L.P ill ta&e hen
it recei"es a s$ecific la!el) As yo% can see, it 'oesnCt $%t any la!els to 'irectly connecte' ro%tes of its
a'Bacent L.P nei#h!or hich is R2)
Task &: on!igure V'F in t#e Pro$ider (dge )P(* 'outers
VR/ 1Virt%al Ro%tin# an' /orar'in#2 is co($ara!le to a VLAN in a sitch) VR/ is %se' to create
'ifferent ro%tin# ta!les that are se$arate' fro( each other) Since one VR/ canCt see hat ro%tes are in
another VR/, the sa(e IP $refi: can e:ist in 'ifferent VR/s) @oe"er, '%$licate IP $refi:es ill ha"e
an iss%e hen it co(es to ro%te6lea&in# !eteen VR/s) This ill !e 'isc%sse' in the ne:t article)
R1(config)#ip rf 05S/-:
R1(config-rf)#rd 3200'-1
R1(config-rf)#route
R1(config-rf)#route-target import 3200'-1
R1(config-rf)#route-target export 3200'-1
R)(config)#ip rf 05S/-:
R)(config-rf)#rd 3200'-1
R)(config-rf)#route-target import 3200'-1
R)(config-rf)#route-target export 3200'-1
LetCs a$$ly the VR/ into the interface facin# the -0 1c%sto(er e'#e2 ro%ter)
R1(config-if)#ip rf for$arding 05S/-:
" ,nterface 7ast8t#ernet0/1 ,* address 12&12&12&1 remoed due to enabling ?R7 05S/-
:
R1(config-if)#ip address 12&12&12&1 '22&'22&'22&0
R)(config-if)#int fa0/1
R)(config-if)#ip rf for$arding 05S/-:
" ,nterface 7ast8t#ernet0/1 ,* address )3&)3&)3&) remoed due to enabling ?R7 05S/-
:
R)(config-if)#ip address )3&)3&)3&) '22&'22&'22&0
The VR/ na(e is locally si#nificant) It is not a transiti"e attri!%te that ill !e share' !eteen ro%ters)
In fact, in an MPLS VPN netor&, as lon# as the R. 1Ro%te .istin#%isher2 an' the RT 1Ro%te Tar#et2
"al%es are confi#%re' correctly !%t the VR/ na(es are 'ifferent, the MPLS VPN ser"ice ill or&)
R. is hat M%lti$rotocol *3P %ses to 'istin#%ish an' (a&es the ro%te %ni+%e) The stan'ar' telco
$ractice is to assi#n a %ni+%e R. for e"ery c%sto(er) RT on the other han', is an e:ten'e' *3P
co((%nity that (ar&s, ta#s or classifies the $refi:) The ;e:$ort< &eyor' in the co((an' (eans that
the ro%te ill !e (ar&e' an' anno%nce' o%t ith that "al%eD ;i($ort< (eans $%t all the ro%tes ith that
(ar&, into the VR/Cs ro%tin# ta!le s$ecifie' a!o"e the co((an')
Task 3: on!igure +GP VPN$, peering bet%een '1 and ',
VPN"4 is an a''ress6fa(ily of M%lti$rotocol *3P) To e:$lain it si($ly, VPN"4 is a collection of all
ro%tes fro( 'ifferent VR/s that ere (ar&e' ith the e:ten'e' co((%nity ro%te6tar#et) This is the
a''ress6fa(ily here ro%te6lea&in# can !e $erfor(e') Ro%te6lea&in# is si($ly sharin# a ro%te fro(
one VR/ to another) -o((on a$$lication for this is, one co($any ants to connect to another
co($anyCs ser"ers an' they ha$$en to !e connecte' to the sa(e MPLS $ro"i'er) The 'ifferent
techni+%es of ro%te6lea&in# ill !e 'isc%sse' in Part 2)
R1(config)#router bgp 32001
R1(config-router)#address-famil6 pn)
R1(config-router-af)#neig# )&)&)&) actiate
R1#s# run @ inc router bgp @ address-famil6 pn)@neig#
router bgp 32001
bgp log-neig#bor-c#anges
neig#bor )&)&)&) remote-as 32001
neig#bor )&)&)&) update-source Loopbac%0
neig#bor )&)&)&) actiate
neig#bor )&)&)&) next-#op-self
address-famil6 pn)
neig#bor )&)&)&) actiate
neig#bor )&)&)&) send-communit6 extended
R)(config-if)#router bgp 32001
R)(config-router)#address-famil6 pn)
R)(config-router-af)#neig# 1&1&1&1 actiate
R)#s# ip bgp pn) all sum
<A* router identifier )&)&)&)9 local :S number 32001
<A* table ersion is 19 main routing table ersion 1
=eig#bor ? :S MsgRcd MsgSent /bl?er ,nB 4utB 5p/+o$n State/*fxRcd
1&1&1&1 ) 32001 113 113 1 0 0 00-01-0! 0
In VPN"4 a''ress6fa(ily confi#%ration, yo% si($ly iss%e the nei#h!or state(ent an' the &eyor'
;acti"ate<) The *3P $eerin# confi#%ration nee's to !e 'one o%tsi'e the a''ress6fa(ily) The ro%ter
%n'erstan's that VPN"4 $eerin# nee's to acti"ate e:ten'e' co((%nities so it a%to(atically confi#%re'
the state(ent hi#hli#hte' a!o"e) In re#ar's to the VPN"4 *3P $eerin#, e canCt see any $refi:es for
no since there is no $eerin# yet !eteen the P0 s an' -0s)
Task ,: -onfi#%re Peerin# !eteen P0 ro%ters R1 an' R4 to c%sto(er ro%ters -4ST5A6R1 an' -4ST6
A6R2) Anno%nce Loo$!ac& 10 an' 100 in the -0 ro%ters) Verify connecti"ity)
R1(config)#router bgp 32001
R1(config-router)#address-famil6 pn)
R1(config-router-af)#address-famil6 ip) rf 05S/-:
R1(config-router-af)#neig#bor 12&12&12&2 remote-as 3200'
R1(config-router-af)# neig#bor 12&12&12&2 actiate
R1(config-router-af)# neig#bor 12&12&12&2 as-oerride
05S/C:-R1(config)#router bgp 3200'
05S/C:-R1(config-router)#neig#bor 12&12&12&1 remote-as 32001
05S/C:-R1(config-router)# net$or% 2&2&2&2 mas% '22&'22&'22&'22
05S/C:-R1(config-router)# net$or% 22&22&22&22 mas% '22&'22&'22&'22
R)(config)#router bgp 32001
R)(config-router)# address-famil6 ip) rf 05S/-:
R)(config-router-af)# neig#bor )3&)3&)3&3 remote-as 3200'
R)(config-router-af)# neig#bor )3&)3&)3&3 actiate
R)(config-router-af)# neig#bor )3&)3&)3&3 as-oerride
05S/C:-R'(config)#router bgp 3200'
05S/C:-R'(config-router)#net$or% 3&3&3&3 mas% '22&'22&'22&'22
05S/C:-R'(config-router)# net$or% 33&33&33&33 mas% '22&'22&'22&'22
05S/C:-R'(config-router)# neig#bor )3&)3&)3&) remote-as 32001
The P0 is confi#%re' ith an ;a''ress6fa(ily i$"4 "rf< hen $eerin# ith the -0 ro%ters) The ;as6
o"erri'e< co((an' re$laces the AS of the ro%te to circ%("ent the *3P loo$ $re"ention) *3P loo$
$re"ention !loc&s any ro%te that it recei"es fro( an e*3P $eer ith its on AS 1=9002 in this case2
insi'e it) The AS for the c%sto(er is =9002, !%t notice the o%t$%t !elo, the P0Cs re$lace' the AS to
=9001 to ena!le co((%nication !eteen these to ro%ters ith the sa(e AS insi'e an MPLS clo%')
-4ST5A6R2 is no a!le to see the -4ST5A6R1 ro%tes !%t ith a 'ifferent AS) Another ay to 'o this
is to confi#%re a nei#h!or state(ent ith ;alloas6in< &eyor')
R1#s#o$ ip bgp pn) rf 05S/-:
<A* table ersion is ;9 local router ,+ is 1&1&1&1
Status codes- s suppressed9 d damped9 # #istor69 D alid9 E best9 i - internal9
r R,<-failure9 S Stale
4rigin codes- i - ,A*9 e - 8A*9 ? - incomplete
=et$or% =ext >op Metric Loc*rf Feig#t *at#
Route +istinguis#er- 3200'-1 (default for rf 05S/-:)
DE 2&2&2&2/(' 12&12&12&2 0 0 3200' i
DEi3&3&3&3/(' )&)&)&) 0 100 0 3200' i
DE 22&22&22&22/(' 12&12&12&2 0 0 3200' i
05S/C:-R'#s# ip bgp
<A* table ersion is 29 local router ,+ is 33&33&33&33
Status codes- s suppressed9 d damped9 # #istor69 D alid9 E best9 i - internal9
r R,<-failure9 S Stale
4rigin codes- i - ,A*9 e - 8A*9 ? - incomplete
=et$or% =ext >op Metric Loc*rf Feig#t *at#
DE 2&2&2&2/(' )3&)3&)3&) 0 32001 32001 i
DE 3&3&3&3/(' 0&0&0&0 0 (';31 i
DE 22&22&22&22/(' )3&)3&)3&) 0 32001 32001 i
DE 33&33&33&33/(' 0&0&0&0 0 (';31 i
Lets chec& an' "erify connecti"ity)
05S/C:-R'#traceroute 22&22&22&22 source l100
/6pe escape seGuence to abort&
/racing t#e route to 22&22&22&22
1 )3&)3&)3&) ') msec '1 msec '0 msec
' ()&()&()&( 11 msec !' msec 100 msec
( '(&'(&'(&' 101 msec !' msec 10 msec
) 12&12&12&1 10 msec 31 msec ;' msec
2 12&12&12&2 11 msec 11 msec 10 msec
As e can see, there is a f%ll reacha!ility !eteen the -0 ro%ters !%t the tracero%te shos the $ath it
too& insi'e the ser"ice $ro"i'er core netor&) This is not an a'"isa!le !eha"ior, nor(ally ser"ice
$ro"i'er fro( the c%sto(er any infor(ation a!o%t its core netor&) LetCs confi#%re a ay to 'o that)
R1(config)#no mpls ip propagate-ttl
R)(config)#no mpls ip propagate-ttl
LetCs test that a#ain)
05S/C:-R'#traceroute 22&22&22&22 source l100
/6pe escape seGuence to abort&
/racing t#e route to 22&22&22&22
1 )3&)3&)3&) '1 msec 13 msec '0 msec
' 12&12&12&1 10 msec 10 msec 10 msec
( 12&12&12&2 101 msec 10) msec !3 msec
No, the ser"ice $ro"i'er netor& has !een hi''en thro%#h the ;no ($ls i$ $ro$a#ate6ttl< co((an')
@o$ef%lly this has !een an infor(ati"e article) The ne:t $art ill foc%s on ho to share ro%tes !eteen
'ifferent VR/s insi'e an MPLS netor&) Stay t%ne')
PART 2
A$r 04 2014
GNS3 Lab: Introduction to MPLS Layer 3 VPN Part &
Note: -lic& here to 'onloa' 3NS36ena!le' confi# an' to$o#ra$hy files)
In the last article, e 'isc%sse' the !asic confi#%ration of MPLS Layer 3 VPN) Part 2 ill co"er the
folloin# tas&s an' to$ics on ho to share ro%tin# infor(ation !eteen 'ifference c%sto(ers or VR/
in an MPLS VPN netor&,
1) -onfi#%re static ro%tes !eteen to VR/s -4ST6* an' #lo!al ro%tin# ta!le -%sto(er -)
2) -onfi#%re a VPN"4 ro%te6reflector)
3) I($ort ro%tes !eteen -%sto(er A an' * %sin# ro%te6tar#et f%nctionality)
4) /ilter the ro%tes i($orte' ro%tes thro%#h the %se of i($ort6(a$s)
Sharin# ro%tin# infor(ation thro%#h to VR/s is &non as ;ro%te6lea&in#<) The !asic !eha"ior of
MPLS VPN is that e"ery c%sto(er has a %ni+%e ro%tin# ta!le an' this ta!le is not "isi!le to the other
c%sto(ers) Ro%te6lea&in# co(es into $lay hen there is a nee' to share ro%tin# infor(ation fro( one
c%sto(er to another) A #oo' e:a($le, here ro%te6lea&in# is %se' in real life is hen to co($anies
'eci'e to ha"e a *2* 1*%siness to *%siness2 connection in or'er for the( to share 'ata an'
a$$lications) A co($any (i#ht !e $ro"i'in# ser"ices to another an' it ha$$ens that !oth of the( are
%sin# MPLS of the sa(e $ro"i'er or 'ifferent MPLS $ro"i'ers !%t ith interconnecti"ity ith each
other) To interconnect the( ri#ht aay is to ro%te6lea& the infor(ation "ice6"ersa) 7ne thin# to atch
o%t for is that the ro%tes (%st !e %ni+%e to each of the c%sto(ers) Most often, c%sto(ers ho ant to
ha"e ro%tes interconnecte' in the MPLS clo%' NATs their IP a''resses !efore sharin# to their $artners)
Figure 1- MPLS VPN Topology
Ae ill !e %sin# the si(ilar to$olo#y in Part 1 an' e ill confi#%re it here e left off) The only
'ifference here is an a''itional -%sto(er - ro%ter) Eo% can 'onloa' the 3NS files !elo)
Task 1: on!igure V'F static routes bet%een t%o V'F.s-
-%sto(er * an' -%sto(er - ants to ha"e connecti"ity !eteen their ser"ers >)>)>)>?32 an' F)F)F)F?32
res$ecti"ely) LetCs $ro"i'e connecti"ity !eteen these to netor&s thro%#h the %se of VR/ static
ro%tes) *y the ay, if yo% hear the ter( ;VR/6Lite<, it si($ly (eans %sin# VR/ itho%t MPLS)
-%sto(er - is not %n'er any VR/ !%t is in the #lo!al ro%tin# ta!le) Ae ill lea& o%t the #lo!al ro%tin#
ta!le to VR/ -4ST6* an' "ice6"ersa)
R2(config)#ip route 8.8.8.8 255.255.255.255 fa1/0 28.28.28.8
R2(config)#ip route vrf CUST-B ... 255.255.255.255 fa2/0 2.2.2. g!o"a!
R2##$ ip route 8.8.8.8
Routing entr% for 8.8.8.8/&2
'no(n via )#tatic*+ ,i#tance 1+ -etric 0
Routing .e#criptor B!oc/#0
1 28.28.28.8+ via 2a#t3t$ernet1/0
Route -etric i# 0+ traffic #$are count i# 1
R2##$ ip route vrf CUST-B ...
Routing entr% for .../&2
'no(n via )#tatic*+ ,i#tance 1+ -etric 0
Routing .e#criptor B!oc/#0
1 2.2.2. (.efau!t-45-Routing-Ta"!e)+ via 2a#t3t$ernet2/0
Route -etric i# 0+ traffic #$are count i# 1
CUST6B-R1#ping ... #ource 8.8.8.8
T%pe e#cape #e7uence to a"ort.
Sen,ing 5+ 100-"%te 4C85 3c$o# to ...+ ti-eout i# 2 #econ,#0
5ac/et #ent (it$ a #ource a,,re## of 8.8.8.8
99999
Succe## rate i# 100 percent (5/5)+ roun,-trip -in/avg/-a: ; 20/&0/<8 -#
CUST6B-R1#traceroute ... #ource 8.8.8.8
Tracing t$e route to ...
1 28.28.28.2 &2 -#ec 20 -#ec 20 -#ec
2 2.2.2. &= -#ec 2< -#ec 28 -#ec
In the confi#%ration $art, e confi#%re' to static ro%tes to tell the ro%ter ho to ro%te fro( #lo!al to
VR/) In the VR/ -4ST6* static ro%te, the ;#lo!al< &eyor' an' !asically instr%cte' the ro%ter that the
ro%te is in the #lo!al ro%tin# ta!le) 7n the other han', the #lo!al static ro%te $ointin# to >)>)>)>?32 ith
the ne:t6ho$ of 2>)2>)2>)> as confi#%re' nor(ally) This is still acce$te' !y the ro%ter e"en tho%#h
that IP is in VR/ -4ST6*) Ahat if there are (any interfaces confi#%re' as 2>)2>)2>)0?24, ho ill the
ro%ter &no here to ro%te itG This is han'le' !y s$ecifyin# the o%t#oin# interface in the static ro%te
co((an')
7%r $in# or&s !eca%se the -0 ro%ters ha"e !een confi#%re' ith 'efa%lt ro%te) LetCs re(o"e the
'efa%lt ro%tes in the -0 an' in R2 e ill re'istri!%te the ro%tes into the res$ecti"e *3P a''ress6
fa(ilies so the -0Cs ill learn the e:act ro%te fro( *3P)
CUST6B-R1(config)#no ip route 0.0.0.0 0.0.0.0 28.28.28.2
CUST6C(config)#no ip route 0.0.0.0 0.0.0.0 2.2.2.2
R2(config-router-af)#e:it
R2(config-router)#router "gp =5001
R2(config-router)#re,i#tri"ute #tatic
R2(config-router)#a,,re##-fa-i!% ipv< vrf CUST-B
R2(config-router-af)#re,i#tri"ute #tatic
CUST6C#ping 8.8.8.8 #ource ...
Sen,ing 5+ 100-"%te 4C85 3c$o# to 8.8.8.8+ ti-eout i# 2 #econ,#0
5ac/et #ent (it$ a #ource a,,re## of ...
99999
Succe## rate i# 100 percent (5/5)+ roun,-trip -in/avg/-a: ; 28/<</52 -#
CUST6C##$ ip "gp
B>5 ta"!e ver#ion i# <+ !oca! router 4. i# ...
Statu# co,e#0 # #uppre##e,+ , ,a-pe,+ $ $i#tor%+ 1 va!i,+ ? "e#t+ i @ interna!+
r R4B-fai!ure+ S Sta!e
Arigin co,e#0 i @ 4>5+ e @ 3>5+ B @ inco-p!ete
Cet(or/ Ce:t Dop 8etric Eoc5rf Feig$t 5at$
1? 8.8.8.8/&2 2.2.2.2 0 0 =5001 B
1? .../&2 0.0.0.0 0 &2G=8 i
1? .../&2 0.0.0.0 0 &2G=8 i
Task &: on!igure a VPN$, 'oute/'e!lector
*efore e (o"e on to the thir' tas&, e nee' to $re$are the netor& for three ro%ters no to share
ro%tes) In Part 1, e 'i'nCt confi#%re VPN"4 Ro%te6Reflector !eca%se e are only ha"in# to P0
ro%ters) VPN"4 ro%te6reflector or&s the sa(e ay as a nor(al *3P RR) VPN"4 Ro%te Reflector
contains all the ro%tes collecte' fro( 'ifferent VR/s) Ae ill confi#%re R2 as the VPN"4 RR in this
case)
R2(config)#router "gp =5001
R2(config-router)#a,,re##-fa-i!% vpnv<
R2(config-router)#neig$ 1.1.1.1 re-ote-a# =5001
R2(config-router)#neig$ <.<.<.< re-ote-a# =5001
R2(config-router)#neig$ 1.1.1.1 up,ate-#ource Eoop"ac/0
R2(config-router)#neig$ <.<.<.< up,ate-#ource Eoop"ac/0
R2(config-router-af)#neig$"or 1.1.1.1 activate
R2(config-router-af)#neig$"or <.<.<.< activate
R2(config-router-af)#neig$ 1.1.1.1 route-ref!ector-c!ient
R2(config-router-af)#neig$ <.<.<.< route-ref!ector-c!ient
R2(config-router-af)#neig$ 1.1.1.1 #en,-co--unit% e:ten,e,
R2(config-router-af)#neig$ <.<.<.< #en,-co--unit% e:ten,e,
R1(config)#router "gp =5001
R1(config-router)#neig$ 2.2.2.2 re-ote =5001
R1(config-router)#neig$"or 2.2.2.2 ne:t-$op-#e!f
R1(config-router)#neig$"or 2.2.2.2 up,ate-#ource Eoop"ac/0
R1(config-router-af)#neig$ 2.2.2.2 activate
R1(config-router-af)#neig$ 2.2.2.2 #en,-co--unit% e:ten,e,
R<(config)#router "gp =5001
R<(config-router)#neig$ 2.2.2.2 re-ote =5001
R<(config-router)#neig$"or 2.2.2.2 ne:t-$op-#e!f
R<(config-router)#neig$"or 2.2.2.2 up,ate-#ource Eoop"ac/0
R<(config-router)#a,,re##-fa-i!% vpnv<
R<(config-router-af)#neig$ 2.2.2.2 activate
R<(config-router-af)#neig$ 2.2.2.2 #en,-co--unit% e:ten,e,
R2##$ ip "gp vpnv< a!! #u- H "eg Ceig$"or
Ceig$"or I JS 8#gRcv, 8#gSent T"!Ier 4nK AutK Up/.o(n State/5f:Rc,
1.1.1.1 < =5001 10 15 1& 0 0 00005052 2
<.<.<.< < =5001 = 11 1& 0 0 000010< 2
28.28.28.8 < =500& = = 1& 0 0 0100&051 2
Task 3: I0port routes bet%een usto0er 1 and +
Ae ill 'o hat is calle' ;ro%te6lea&in#< an' ill !e confi#%rin# the P0s R1, R2 an' R4) Re(e(!er
in VR/ e ha"e hat e call ro%te6tar#et) ;Ro%te6tar#et e:$ort< co((an' ill (ar& the ro%tes %n'er
that s$ecific VR/ hich the ro%te6tar#et "al%e s$ecifie') This feat%re is act%ally a MP6*3P e:ten'e'
co((%nity) ;Ro%te6tar#et< i($ort on the other han' (eans that all ro%tes ith those ro%te6tar#et
"al%es ill !e i($orte' into the VR/ ro%tin# ta!le) LetCs $rocee' into the confi#%ration)
R1##$ run H #ec vrf
ip vrf CUST-J
r, =500201
route-target e:port =500201
route-target i-port =500201
ip vrf for(ar,ing CUST-J
a,,re##-fa-i!% ipv< vrf CUST-J
R1#conf t
3nter configuration co--an,#+ one per !ine. 3n, (it$ CCTE/L.
R1(config)#ip vrf CUST-J
R1(config-vrf)#route-target i-port =500202
R2##$ run H #ec vrf
ip vrf CUST-B
r, =500202
ip vrf for(ar,ing CUST-B
a,,re##-fa-i!% ipv< vrf CUST-B
ip route vrf CUST-B ... 255.255.255.255 2a#t3t$ernet2/0 2.2.2. g!o"a!
R2#conf t
R2(config)#ip vrf CUST-B
R2(config-vrf)#route-target e:port =500202
R2(config-vrf)#route-t
18ar 1 000005=.<50 MB>5-5-J.NCDJC>30 neig$"or 28.28.28.8 vpn vrf CUST-B .o(n IR2 config
c$ange
R2(config-vrf)#route-targ
18ar 1 000005G.=G0 MB>5-5-J.NCDJC>30 neig$"or 28.28.28.8 vpn vrf CUST-B Up
R<##$ run H #ec vrf
ip vrf CUST-J
r, =500201
route-target e:port =500201
route-target i-port =500201
ip vrf for(ar,ing CUST-J
a,,re##-fa-i!% ipv< vrf CUST-J
R<#conf t
R<(config)#ip vrf CUST-J
R<(config-vrf)#route-target i-port =500202
7n the 'ia#ra( !elo, e can see ho this ro%te6lea&in# or&s) R1 is e:$ortin# its ro%tes fro( VR/
-4ST6A ith a ro%te6tar#et "al%e of =9002,1) In or'er for R2 to recei"e R1Hs ro%tes, it nee's to i($ort
the sa(e "al%es) The sa(e #oes "ice "ersa, R1 nee's to i($ort R2Hs ro%te6tar#et for that s$ecific VR/)
If R1 is not i($ortin# R2s ro%tes ith ro%te6tar#et "al%e of =9002,2, there ill !e no reacha!ility
!eteen the to VR/s) R2 ill !e a!le to see R1Hs ro%te !%t not "ice6"ersa)
LetCs chec& if the there is f%ll reacha!ility !eteen -4ST5A6R1, -4ST5A6R2 an' -4ST5*6R1)
CUST6J-R1##$ ip "gp
B>5 ta"!e ver#ion i# 28+ !oca! router 4. i# 55.55.55.55
1? 5.5.5.5/&2 0.0.0.0 0 &2G=8 i
1? =.=.=.=/&2 15.15.15.1 0 =5001 =5001 i
1? 8.8.8.8/&2 15.15.15.1 0 =5001 =500& i
1? .../&2 15.15.15.1 0 =5001 B
1? 55.55.55.55/&2 0.0.0.0 0 &2G=8 i
1? ==.==.==.==/&2 15.15.15.1 0 =5001 =5001 i
1? 88.88.88.88/&2 15.15.15.1 0 =5001 =500& i
CUST6J-R1#ping 8.8.8.8 #ource 5.5.5.5
99999
Succe## rate i# 100 percent (5/5)+ roun,-trip -in/avg/-a: ; =0/=</80 -#
CUST6B-R1##$ ip "gp
B>5 ta"!e ver#ion i# 1=+ !oca! router 4. i# 88.88.88.88
1? 5.5.5.5/&2 28.28.28.2 0 =5001 =5002 i
1? =.=.=.=/&2 28.28.28.2 0 =5001 =5002 i
1? 8.8.8.8/&2 0.0.0.0 0 &2G=8 i
1? .../&2 28.28.28.2 0 0 =5001 B
1? 55.55.55.55/&2 28.28.28.2 0 =5001 =5002 i
1? ==.==.==.==/&2 28.28.28.2 0 =5001 =5002 i
1? 88.88.88.88/&2 0.0.0.0 0 &2G=8 i
CUST6B-R1#ping 5.5.5.5 #ource 8.8.8.8
99999
Succe## rate i# 100 percent (5/5)+ roun,-trip -in/avg/-a: ; <8/=G/2 -#
CUST6B-R1#ping =.=.=.= #ource 8.8.8.8
Sen,ing 5+ 100-"%te 4C85 3c$o# to =.=.=.=+ ti-eout i# 2 #econ,#0
99999
Succe## rate i# 100 percent (5/5)+ roun,-trip -in/avg/-a: ; 80/8/10< -#
Task ,: Filter t#e routes i0ported routes t#roug# t#e use o! i0port/0aps
In this tas&, e ill confi#%re R1 to filter >)>)>)>?32 fro( !ein# i($orte' to VR/ -4ST6A %sin# an
i($ort (a$ state(ent)
The co((an' !elo can !e %se' on the P0 to chec& the c%rrent *3P $refi:es %n'er a s$ecific VR/)
Ae can see that >)>)>)>?32 has alrea'y !een i($orte' to "rf -4ST6A)
R1##$ ip "gp vpnv< vrf CUST-J
Route .i#tingui#$er0 =500201 (,efau!t for vrf CUST-J)
1? 5.5.5.5/&2 15.15.15.5 0 0 =5002 i
1 i=.=.=.=/&2 <.<.<.< 0 100 0 =5002 i
1?i <.<.<.< 0 100 0 =5002 i
1?i8.8.8.8/&2 2.2.2.2 0 100 0 =500& i
1?i.../&2 2.2.2.2 0 100 0 B
1? 55.55.55.55/&2 15.15.15.5 0 0 =5002 i
1 i==.==.==.==/&2 <.<.<.< 0 100 0 =5002 i
1?i <.<.<.< 0 100 0 =5002 i
1?i88.88.88.88/&2 2.2.2.2 0 100 0 =500& i
No letCs confi#%re an i($ort6(a$ state(ent 'enyin# >)>)>)>?32 fro( !ein# i($orte')
R1(config)#ip prefi:-!i#t .3CO8 #e7 5 per-it 8.8.8.8/&2
R1(config)#no route--ap .3CO8
R1(config)#route--ap .3CO8 ,en% 5
R1(config-route--ap)#-atc$ ip a,,re## prefi
R1(config-route--ap)#-atc$ ip a,,re## prefi:-!i#t .3CO8
R1(config-route--ap)#route--ap .3CO8 per-it 10
R1(config)#ip vrf CUST-J
R1(config-vrf)#i-port -ap .3CO8
R1##$ ip "gp vpnv< vrf CUST-J
Route .i#tingui#$er0 =500201 (,efau!t for vrf CUST-J)
1? 5.5.5.5/&2 15.15.15.5 0 0 =5002 i
1?i=.=.=.=/&2 <.<.<.< 0 100 0 =5002 i
1 i <.<.<.< 0 100 0 =5002 i
1?i.../&2 2.2.2.2 0 100 0 B
1? 55.55.55.55/&2 15.15.15.5 0 0 =5002 i
1?i==.==.==.==/&2 <.<.<.< 0 100 0 =5002 i
1 i <.<.<.< 0 100 0 =5002 i
1?i88.88.88.88/&2 2.2.2.2 0 100 0 =500& i
>)>)>)>?32 no is not !ein# i($orte' into the VR/I Ahat as 'one here as confi#%rin# a $refi:6list
(atchin# >)>)>)>?32) Then create a ro%te6(a$ .0NE> 'enyin# the $refi: list .0NE> hich (atches
>)>)>)>?32) The last state(ent on the ro%te6(a$ sho%l' !e an e:$licit $er(it to allo other ro%tes to !e
i($orte') Lastly, %n'er VR/ -4ST6A s$ecify an i($ort (a$ that references to .0NE>)

MPLS Fundamental

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MPLS Fundamental

Uploaded by

Copyright:

Available Formats

PART 1

You might also like