Mpls Presentation Ine
Upcoming SlideShare
Loading in...5
×
 

Mpls Presentation Ine

on

  • 706 views

ine mpls basic

ine mpls basic

Statistics

Views

Total Views
706
Views on SlideShare
702
Embed Views
4

Actions

Likes
0
Downloads
34
Comments
0

1 Embed 4

http://www.linkedin.com 4

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • R6 ile SW1 arasında yeni bir VLAN 76 oluşturalım, ip adresi 155.1.76.0/24 olsun.Vlan67 vrf group VPN_A’ya, Vlan76 VPN_B’ye ait olsun.SW1’de lo101 ve lo102 VPN_A ve VPN_B’de olsun.172.16.7.7/24 ve 192.168.7.7/24.SW1’deki her iki vrf’in de default route’u R6 olsun.R6 da yapacağımız config ile lo101 lo102yi; lo102 lo101’i pingleyebilsin.
  • Rack1R6#sh ip vrf Name Default RD Interfaces VNP_A 100:1 Et1/0.67 VNP_B 100:2 Et1/0.76Rack1SW1#sh ip vrf Name Default RD Interfaces VPN_A 100:1 Et1/0.67 Lo101 VPN_B 100:2 Et1/0.76 Lo102Rack1R6#pingvrfVNP_A 155.1.67.7Type escape sequence to abort.Sending 5, 100-byte ICMPEchos to 155.1.67.7, timeout is 2 seconds:!!!!!ack1R6#pingvrfVNP_B 155.1.76.7Type escape sequence to abort.Sending 5, 100-byte ICMPEchos to 155.1.76.7, timeout is 2 seconds:!!!!!Rack1R6#show ip route vrf VNP_ARouting Table: VNP_ACodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is not set 155.1.0.0/24 is subnetted, 1 subnetsC 155.1.67.0 is directly connected, Ethernet1/0.67S 192.168.7.0/24 [1/0] via 155.1.76.7, Ethernet1/0.76
  • R4, R5, R6; IETF standart protocol’u ile mpls labellerini değiş tokuş etsinler.LDP’yi md5 ile authenticate et; password CISCO olsun.Ldp’yi ospf enabled interfacelerde enable etmek için tek komut kullan.
  • Rack1R4#sh mpls ldp nei Peer LDP Ident: 150.1.5.5:0; Local LDP Ident 150.1.4.4:0 TCP connection: 150.1.5.5.14089 - 150.1.4.4.646 State: Oper; Msgs sent/rcvd: 13/13; Downstream Up time: 00:00:37 LDP discovery sources: Serial2/1, Src IP addr: 155.1.45.5 Addresses bound to peer LDP Ident: 155.1.58.5 155.1.5.5 155.1.0.5 155.1.45.5 150.1.5.5 Rack1R4#sh mpls ldp neighb passw Peer LDP Ident: 150.1.5.5:0; Local LDP Ident 150.1.4.4:0 TCP connection: 150.1.5.5.14089 - 150.1.4.4.646 Password: required, neighbor, in use State: Oper; Msgs sent/rcvd: 14/14Rack1R5#sh mpls forwarding-table Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or VC or Tunnel Id Switched interface 16 16 54.1.1.0/24 0 Se2/1 point2point 17 Pop Label 150.1.4.4/32 0 Se2/1 point2point 18 18 150.1.6.6/32 0 Se2/1 point2point 19 Pop Label 155.1.146.0/24 0 Se2/1 point2point 20 Pop Label 204.12.1.0/24 0 Se2/1 point2point
  • R4, R5, R6 da sadece lo0 interface’i için olan label advertisement’lar alınsın.Default davranış olarak routing tablo’sunda olan bütün prefix’ler için ldp üretir.Rack1R4#sh mpls forwLocal Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or VC or Tunnel Id Switched interface 16 No Label 54.1.1.0/24 0 Et0/1 155.1.146.6 17 Pop Label 150.1.5.5/32 0 Se2/1 point2point 18 No Label 150.1.6.6/32 0 Et0/1 155.1.146.6 19 No Label 155.1.5.0/24 0 Se2/1 point2point 20 No Label 155.1.58.0/24 0 Se2/1 point2point
  • R5’te iki yeni VRF yapalım VPN_A ve VPN_B; bunlara vlan 58 ve vlan 5’i assign edelim.R4 bgp route-reflector olacak şekilde; R5 ve R6 arasında vpn route’larını exchange edelim.IPv4 default olarak active edilmesin
  • ------------------------------------------------------------------------------Vpnv4 prefix exchange için source lo0 olmalı bu lo0 /32 olmalı.Bir vrf prefix’ini bgp’ye inject etmek için önce vpnv4’u active etmelisin; sonra bu route’ları bgp’ye redistribute etmelisin. İnject edilen routelar RD’leri ile birlikte edilir ve vpn label’ları oluşturulur.
  • Rack1R5#sh ip route vrf VPN_ARouting Table: VPN_ACodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is not set 155.1.0.0/24 is subnetted, 2 subnetsC 155.1.58.0 is directly connected, Ethernet0/0B 155.1.67.0 [200/0] via 150.1.6.6, 00:01:04B 192.168.7.0/24 [200/0] via 150.1.6.6, 00:01:04Rack1R4#sh bgp vpnv4 unicast allBGP table version is 7, local router ID is 150.1.4.4Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S StaleOrigin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:1*>i155.1.58.0/24 150.1.5.5 0 100 0 ?*>i155.1.67.0/24 150.1.6.6 0 100 0 ?*>i192.168.7.0 150.1.6.6 0 100 0 ?Route Distinguisher: 100:2*>i155.1.5.0/24 150.1.5.5 0 100 0 ?*>i155.1.76.0/24 150.1.6.6 0 100 0 ?*>i172.16.7.0/24 150.1.6.6 0 100 0 ?
  • R5 te VRF VPN_A da yeni lo 101 ip adresi 172.16.5.5/24R6 te VRF VNP_B da yeni lo 101 ip adresi 192.168.6.6/24Bu iki subnet için çift yönlü erişilebilirliği sağla.R6’nın VNP_A’sı 172.16.5.0/24 u ve R5’in VPN_B’si 192.168.6.0/24’u gormesin.
  • PE- CE routing protocol’u olarak VPN_B’de RIP kullan. Static route’u kaldır.R4’te VLAN_43’ü VPN_B ‘ye dahil et.CE router’larından öğrenilen RIP metriğini koru.
  • Rack1SW1#sh ip route vrf VPN_BRouting Table: VPN_BCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is 155.1.76.6 to network 0.0.0.0R 204.12.1.0/24 [120/1] via 155.1.76.6, 00:00:06, Ethernet1/0.76 155.1.0.0/24 is subnetted, 2 subnetsR 155.1.5.0 [120/1] via 155.1.76.6, 00:00:06, Ethernet1/0.76C 155.1.76.0 is directly connected, Ethernet1/0.76C 192.168.7.0/24 is directly connected, Loopback102 31.0.0.0/16 is subnetted, 4 subnetsR 31.3.0.0 [120/2] via 155.1.76.6, 00:00:06, Ethernet1/0.76R 31.2.0.0 [120/2] via 155.1.76.6, 00:00:06, Ethernet1/0.76R 31.1.0.0 [120/2] via 155.1.76.6, 00:00:06, Ethernet1/0.76R 31.0.0.0 [120/2] via 155.1.76.6, 00:00:06, Ethernet1/0.76 30.0.0.0/16 is subnetted, 4 subnetsR 30.2.0.0 [120/2] via 155.1.76.6, 00:00:07, Ethernet1/0.76R 30.3.0.0 [120/2] via 155.1.76.6, 00:00:07, Ethernet1/0.76R 30.0.0.0 [120/2] via 155.1.76.6, 00:00:07, Ethernet1/0.76R 30.1.0.0 [120/2] via 155.1.76.6, 00:00:07, Ethernet1/0.76S* 0.0.0.0/0 [1/0] via 155.1.76.6
  • PE-CE routing protocol’u olarak VPN_A side’larında OSPF kullan; area id 1 olsunR6 ve R5’te aynı OSPF process-id’sini kullan, SW1 ve SW2 birbirlerine ulaşabilsinler.SW2 de yeni bir lo 172.16.8.8/24 ile oluştur. R6 bunun sadece /16 summary’sini gorsun.
  • Rack1R5#sh ip ospf 100 Routing Process "ospf 100" with ID 155.1.58.5 Domain ID type 0x0005, value 0.0.0.5 Start time: 00:32:00.932, Time elapsed: 00:03:47.320 Supports only single TOS(TOS0) routes Supports opaque LSA Supports Link-local Signaling (LLS) Supports area transit capability Connected to MPLS VPN Superbackbone, VRF VPN_A It is an area border and autonomous system boundary routerRack1R6#sh bgp vpnv4 unicast vrf VNP_A 172.16.8.8BGP routing table entry for 100:1:172.16.8.8/32, version 45Paths: (1 available, best #1, table VNP_A)Flag: 0x820 Not advertised to any peer Local 150.1.5.5 (metric 75) from 150.1.4.4 (150.1.4.4) Origin incomplete, metric 11, localpref 100, valid, internal, best Extended Community: RT:100:1 OSPF DOMAIN ID:0x0005:0x000000050200 OSPF RT:0.0.0.1:2:0 OSPF ROUTER ID:155.1.58.5:512 Originator: 172.16.5.5, Cluster list: 150.1.4.4 mpls labels in/out nolabel/22
  • Rack1SW2#*Dec 14 08:45:45.763: %SYS-5-CONFIG_I: Configured from console by consoleRack1SW2#sh ip route ospf 155.1.0.0/24 is subnetted, 5 subnetsO E2 155.1.76.0 [110/1] via 155.1.58.5, 00:00:36, Ethernet1/0O E2 155.1.67.0 [110/1] via 155.1.58.5, 00:00:36, Ethernet1/0 172.16.0.0/16 is variably subnetted, 4 subnets, 3 masksO E2 172.16.7.0/24 [110/1] via 155.1.58.5, 00:00:36, Ethernet1/0O E2 172.16.7.7/32 [110/11] via 155.1.58.5, 00:00:36, Ethernet1/0O E2 172.16.0.0/16 [110/11] via 155.1.58.5, 00:00:15, Ethernet1/0O E2 192.168.6.0/24 [110/1] via 155.1.58.5, 00:00:36, Ethernet1/0O E2 192.168.7.0/24 [110/1] via 155.1.58.5, 00:00:36, Ethernet1/0
  • Rack1SW1#sh ip route vrf VPN_ARouting Table: VPN_ACodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is 155.1.67.6 to network 0.0.0.0 155.1.0.0/16 is variably subnetted, 4 subnets, 2 masksO E2 155.1.8.8/32 [110/11] via 155.1.67.6, 00:01:06, Ethernet1/0.67O E2 155.1.58.0/24 [110/1] via 155.1.67.6, 00:01:44, Ethernet1/0.67C 155.1.67.0/24 is directly connected, Ethernet1/0.67O E2 155.1.108.0/24 [110/20] via 155.1.67.6, 00:01:06, Ethernet1/0.67 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masksC 172.16.7.0/24 is directly connected, Loopback101O E2 172.16.0.0/16 [110/11] via 155.1.67.6, 00:01:05, Ethernet1/0.67 150.1.0.0/32 is subnetted, 1 subnetsO E2 150.1.8.8 [110/11] via 155.1.67.6, 00:01:06, Ethernet1/0.67S* 0.0.0.0/0 [1/0] via 155.1.67.6
  • PE-CE routing protocol’u olarak VPN_A side’larında OSPF kullan; area id 1 olsunR6 ve R5’te aynı OSPF process-id’sini kullan, SW1 ve SW2 birbirlerine ulaşabilsinler.SW2 de yeni bir lo 172.16.8.8/24 ile oluştur. R6 bunun sadece /16 summary’sini gorsun.
  • SW1 pure CE router olsun, vrf-lite’ı kaldır.R5 ve R6 VPN_A sideları arasında ospf routing calıssın. SW1 SW2 arasında bir L3 backdoor linki yapalım.R5 ve R6 VPN_A ospf process domain-id’lerini aynı yapalım.SW1 ve SW2 mpls core yolunu tercih etsin.
  • Rack1R5#shipospf sham-liSham Link OSPF_SL0 to address 150.1.66.66 is upArea 1 source address 150.1.55.55 Run as demand circuitDoNotAgeLSA allowed. Cost of using 1 State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Hello due in 00:00:09
  • VPN_A’da PE-CE arasında EIGRP kullan; backdoor kullanımda olsun; primary path mpls vpn cloud olsun.R4’un vlan 43’u VPN_A’da olsun, bunu da EIGRP’ye advertise et. Butun EIGRP routerları aynı AS’te olsun
  • R5 ve R6’da eigrp – mp-bgp redistribution’ından kaynaklanan gecici routing-loop’ları engelleyin.SW1 – SW2 arasında ki primary path, MPLS VPN core’u olsun.PE 1 - CE 1 aynı 100:15; PE2 – CE2 aynı 100:16.
  • R5, R6, SW1, SW2 deki eigrp configlerini kaldır.SW1, SW2, R5, R6 da Bgp AS 78 configure et.Lo0’larını SW1 ve SW2’de BGP’ye advertise et.
  • Rack1SW2#sh ip route bgpB 204.12.1.0/24 [20/0] via 155.1.58.5, 00:03:30 155.1.0.0/24 is subnetted, 6 subnetsB 155.1.76.0 [20/0] via 155.1.58.5, 00:03:30B 155.1.67.0 [20/0] via 155.1.58.5, 00:03:30 172.16.0.0/24 is subnetted, 2 subnetsB 172.16.7.0 [20/0] via 155.1.58.5, 00:03:30B 192.168.6.0/24 [20/0] via 155.1.58.5, 00:03:30B 192.168.7.0/24 [20/0] via 155.1.58.5, 00:03:30 150.1.0.0/16 is variably subnetted, 4 subnets, 2 masksB 150.1.7.0/24 [20/0] via 155.1.58.5, 00:00:56B 150.1.66.66/32 [20/0] via 155.1.58.5, 00:03:30B 150.1.55.55/32 [20/0] via 155.1.58.5, 00:03:30Rack1SW2#sh ip bgpBGP table version is 13, local router ID is 172.16.8.8Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S StaleOrigin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path*> 150.1.7.0/24 155.1.58.5 0 100 100 i*> 150.1.8.0/24 0.0.0.0 0 32768 i*> 150.1.55.55/32 155.1.58.5 0 0 100 i*> 150.1.66.66/32 155.1.58.5 0 100 ir> 155.1.58.0/24 155.1.58.5 0 0 100 ?*> 155.1.67.0/24 155.1.58.5 0 100 ?*> 155.1.76.0/24 155.1.58.5 0 100 ?*> 172.16.7.0/24 155.1.58.5 0 100 ?*> 192.168.6.0 155.1.58.5 0 100 ?*> 192.168.7.0 155.1.58.5 0 100 ?*> 204.12.1.0 155.1.58.5 0 100 ?
  • SW1 ve SW2 arasında (direct-linkten) backdoor bgp peering session kuralım. As-override feature’un bgp loop-prevention mechanism’i disable ettiğini hesaba katarak loop oluşumunu engelleyici config yapalım.
  • Rack1R6#sh ip bgp vpnv4 vrf VNP_A 150.1.8.0BGP routing table entry for 100:1:150.1.8.0/24, version 144Paths: (1 available, best #1, table VNP_A)Flag: 0x820 Advertised to update-groups: 1 78 155.1.67.7 from 155.1.67.7 (155.1.7.7) Origin IGP, localpref 100, valid, external, best Extended Community: SoO:100:1 RT:100:1 mpls labels in/out 24/nolabelRack1R6#sh ip bgp vpnv4 vrf VNP_A neighbor 155.1.67.7 advBGP table version is 144, local router ID is 150.1.6.6Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S StaleOrigin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:1 (default for vrf VNP_A)*>i150.1.55.55/32 150.1.5.5 0 100 0 i*> 150.1.66.66/32 0.0.0.0 0 32768 i*>i155.1.58.0/24 150.1.5.5 0 100 0 ?*> 155.1.67.0/24 0.0.0.0 0 32768 ?*> 192.168.7.0 0.0.0.0 0 32768 ?*>i204.12.1.0 150.1.4.4 0 100 0 ?Total number of prefixes 6
  • R6’nın BB1 interface’inde RIP’ı enable et, boylelikle VNP_A müşterileri bu route’lara erişebilsin. 1 adet static route kullanmaya iznin var.Sadece 150.1.0.0/16 route’larının internete çıkış izni olsun.Rack1SW1#show ip routeCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is 155.1.67.6 to network 0.0.0.0B 204.12.1.0/24 [20/0] via 155.1.67.6, 00:58:36 155.1.0.0/24 is subnetted, 7 subnetsC 155.1.7.0 is directly connected, Loopback7B 155.1.58.0 [20/0] via 155.1.67.6, 00:58:36C 155.1.37.0 is directly connected, Ethernet0/3C 155.1.78.0 is directly connected, Ethernet0/2C 155.1.79.0 is directly connected, Ethernet0/0B 155.1.76.0 [200/0] via 155.1.58.5, 00:32:20C 155.1.67.0 is directly connected, Ethernet1/0.67 172.16.0.0/24 is subnetted, 1 subnetsB 172.16.7.0 [200/0] via 155.1.58.5, 00:32:20B 192.168.6.0/24 [200/0] via 155.1.58.5, 00:32:20B 192.168.7.0/24 [20/0] via 155.1.67.6, 00:58:36 150.1.0.0/16 is variably subnetted, 4 subnets, 2 masksC 150.1.7.0/24 is directly connected, Loopback0B 150.1.66.66/32 [20/0] via 155.1.67.6, 00:58:37B 150.1.55.55/32 [20/0] via 155.1.67.6, 00:58:37B 150.1.8.0/24 [200/0] via 155.1.78.8, 00:32:21B* 0.0.0.0/0 [20/0] via 155.1.67.6, 00:01:11Rack1R6#sh ip route ripR 212.18.1.0/24 [120/1] via 54.1.1.254, 00:00:18, Serial2/0R 212.18.0.0/24 [120/1] via 54.1.1.254, 00:00:18, Serial2/0R 212.18.3.0/24 [120/1] via 54.1.1.254, 00:00:18, Serial2/0R 212.18.2.0/24 [120/1] via 54.1.1.254, 00:00:18, Serial2/0
  • R5 vlan 5 ile R6 nın kullanılmayan bir interface’inde p2p l2vpn kur.Kullanacağın metod minimum overhead getirsin.
  • “100” vc id’si.Rack1R6#sh mpls l2transport vc detailLocal interface: Et0/1 up, line protocol up, Ethernet up Destination address: 150.1.5.5, VC ID: 100, VC status: down Output interface: none, imposed label stack {} Preferred path: not configured Default path: no route No adjacency Create time: 00:00:44, last status change time: 00:00:40 Signaling protocol: LDP, peer 150.1.5.5:0 up MPLS VC labels: local 28, remote 24 Group ID: local 0, remote 0 MTU: local 1500, remote 1500 Remote interface description: Sequencing: receive disabled, send disabled VC statistics: packet totals: receive 0, send 0 byte totals: receive 0, send 0 packet drops: receive 0, seq error 0, send 0
  • Bir önceki örnekte mpls yerine l2tpv3 kullanalım. Pkaetlerin hicbir zaman fragmante olmadığdan emin olalım, automatic mtu detection açık olsun.Rack1R5#sh l2tp session all
  • PE ve P router’larında yapacağımız config ile CE side’larında meydana gelen topology change’in iletim süresini minimize edelim.

Mpls Presentation Ine Mpls Presentation Ine Presentation Transcript

  • Mpls basics Alp
  • 14.1 VRF Lite vl67VPN_A routing tableLo101 172.16.7.7/24 vl76Vlan 67 155.1.67.0/24VPN_B routing tableLo101 192.168.7.7/24Vlan 67 155.1.76.0/24 VPN_A rd 100:1 VPN_B rd 100:2
  • 14.1 VRF Lite• AtR6interface Ethernet1/0.67 encapsulation dot1Q 67 ip vrf forwarding VNP_A ip address 155.1.67.6 255.255.255.0interface Ethernet1/0.76 encapsulation dot1Q 76 ip vrf forwarding VNP_B ip address 155.1.76.6 255.255.255.0ip route vrf VNP_A 192.168.7.0 255.255.255.0 Ethernet1/0.76 155.1.76.7ip route vrf VNP_B 172.16.7.0 255.255.255.0 Ethernet1/0.67 155.1.67.7ip vrf VNP_A rd 100:1ip vrf VNP_B rd 100:2
  • • At SW1 ip vrf VPN_A rd 100:1 ip vrf VPN_B rd 100:2interface Loopback101 ip vrf forwarding VPN_A ip address 172.16.7.7 255.255.255.0interface Loopback102 ip vrf forwarding VPN_B ip address 192.168.7.7 255.255.255.0interface Ethernet1/0.67 encapsulation dot1Q 67 ip vrf forwarding VPN_A ip address 155.1.67.7 255.255.255.0interface Ethernet1/0.76 encapsulation dot1Q 76 ip vrf forwarding VPN_B ip address 155.1.76.7 255.255.255.0ip route vrf VPN_A 0.0.0.0 0.0.0.0 155.1.67.6ip route vrf VPN_B 0.0.0.0 0.0.0.0 155.1.76.6
  • 14.2 MPLS LDP• At R4 mpls ip mpls ldp router-id lo0 force int e0/1 mpls ldp discovery transport-address interface router ospf 1 mpls ldp autoconf mpls ldp password required mpls ldp neighbor 150.1.5.5 password CISCO mpls ldp neighbor 150.1.6.6 password CISCO
  • • At R6 mpls ip mpls ldp router-id lo0 force int e0/0.146 mpls ldp discovery transport-address interface mpls ip mpls ldp password required mpls ldp neighbor 150.1.4.4 password CISCO• At R5 mpls ip mpls ldp router-id lo0 force int s2/1 mpls ip int s2/0 mpls ip mpls ldp password required mpls ldp neighbor 150.1.4.4 password CISCO
  • 14.3 MPLS Label Filtering• At R4, R5, R6 access-list 10 permit 150.1.0.0 0.0.255.255 no mpls ldp advertise-labels mpls ldp advertise-labels for 10
  • 14.4 MP-BGP VPNv4 Redistribute connected Static into bgp Vpn_b vl76 R6 vl67 Vpn_aR5Vrf VPN_A bgp table155.1.58.0/24155.1.67.0/24 Bgp vpnv4 Redistribute connected Static into bgp R4 R5 RR Vl58 Vlan5 R5 Vrf VPN_B bgp table Vpn_b 155.1.5.0/24 Vpn_a 155.1.76.0/24
  • 14.4 MP-BGP VPNv4• At R4 router bgp 100 no bgp default ipv4-unicast neighbor 150.1.5.5 remote-as 100 neighbor 150.1.5.5 update-source lo0 neighbor 150.1.6.6 remote-as 100 neighbor 150.1.6.6 update-source lo0 address-family vpnv4 unicast neighbor 150.1.5.5 activate neighbor 150.1.6.6 activate neighbor 150.1.5.5 send-community extended neighbor 150.1.6.6 send-community extended neighbor 150.1.5.5 route-reflector-client neighbor 150.1.6.6 route-reflector-client
  • • At R5 ip vrf VPN_A rd 100:1 route-target both 100:1 ip vrf VPN_B rd 100:2 route-target both 100:2 int e0/0 ip vrf forwarding VPN_A ip add 155.1.58.5 255.255.255.0 int e0/1 ip vrf forwarding VPN_B ip address 155.1.5.5 255.255.255.0• At R6 ip vrf VNP_A rd 100:1 route-target both 100:1 ip vrf VNP_B rd 100:2 route-target both 100:2
  • • At R5 & R6 router bgp 100 no bgp default ipv4 neighbor 150.1.4.4 remote-as 100 neighbor 150.1.4.4 update-source lo0 address-family vpnv4 unicast neighbor 150.1.4.4 activate neighbor 150.1.4.4 send-community extended // RT valuesunu bununla taşırız. address-family ipv4 vrf VPN_A redistribute connected redistribute static address-family ipv4 vrf VPN_B redistribute connected redistribute static
  • 14.5 MP-BGP Prefix Filtering Lo1 192.16.6.6/24 vl76 R6 vl67 Vpn_b Vpn_a Bgp vpnv4 R4Lo1 RR R5172.16.5.5/24 Vl58 Vlan5 Vpn_b Vpn_a
  • 14.5 MP-BGP Prefix Filtering• At R5 int lo 101 ip vrf forvarding VPN_A ip address 172.16.5.5 255.255.255.0 ip prefix-list LO101 permit 172.16.5.0/24 route-map VPN-A_EXPORT permit 10 match ip address prefix-list LO101 set extcommunity rt 100:55 route-map VPN-A_EXPORT permit 20 set extcommunity rt 100:1 ip vrf VPN_A export map VPN-A_EXPORT route-target import 100:66
  • • At R6 int lo102 ip vrf forwarding VNP_B ip address 192.168.6.6 255.255.255.0 ip prefix-list LO202 permit 192.168.6.0/24 route-map VNP-B-EXPORT permit 10 match ip address prefix-list LO102 set extcommunity rt 100:66 route-map VNP-B-EXPORT permit 20 set extcommunity rt 100:2 ip vrf VNP_B export map VNP-B-EXPORT route-target import 100:55
  • 14.6 PE – CE Routing Lo1 with RIP RIP vrf vpn_b 192.16.6.6/24 Rip to bgp vl76 redistribution R6 Vpn_b Bgp vpnv4 Bgp to rip R4 Rip to bgp redistributionLo1 RR R5 RIP vrf vpn_b172.16.5.5/24 vlan43 Vl58 Vlan5 204.12.1.0/24 Vpn_b Vpn_b Vpn_a
  • 14.6 PE – CE Routing with RIP• At R4ip vrf VPN_B rd 100:2 route-target export 100:2 route-target import 100:2router rip version 2 no auto-summary address-family ipv4 vrf VPN_B redistribute bgp 100 metric transparent ///// metriğin korunmasını sağlıyor network 204.12.1.0 no auto-summary exit-address-familyrouter bgp 100 no bgp default ipv4-unicast address-family vpnv4 neighbor 150.1.5.5 activate neighbor 150.1.5.5 send-community extended neighbor 150.1.5.5 route-reflector-client neighbor 150.1.6.6 activate neighbor 150.1.6.6 send-community extended neighbor 150.1.6.6 route-reflector-client exit-address-family address-family ipv4 vrf VPN_B redistribute rip
  • • At R6 router rip ver 2 no auto-sum address-family ipv4 vrf VNP_B redistribute bgp 100 metric transparent //metriğin korunmasını sağlıyor network 155.1.0.0 no ip route vrf VNP_B 172.16.7.0 255.255.255.0 e1/0.67 155.1.67.7
  • • At SW1 no ip route vrf VNP_A 0.0.0.0 0.0.0.0 155.1.76.6 router rip ver 2 no auto-sum address-family ipv4 vrf VPN_B network 155.1.0.0 network 192.168.7.0
  • 14.7 PE- CE Routing with OSPF Ospf area 1 Redistribute vrf VNP_A ospf Lo 172.16.7.7 into vrf VPN_A bgp SW1 R6 vl67 Vpn_a Vrf VPN_A Redistribute bgp into vrf VPN_A ospfRedistribute bgp into Bgp vpnv4vrf VPN_A ospfOspf area1 R4Lo1 RR R5172.16.5.5/24 SW2 Vl58 Redistribute vrf VNP_A ospf into vrf VPN_A bgpVpn_a Lo 172.16.8.8/24
  • 14.7 PE- CE Routing with OSPF• MP-BGP’nin olduğu cloud’a super area 0 (super backbone) denir.• OSPF iki yeni attribute’e sahip 1- domain-id : farklı vpn’lerdeki ospf process’leri ayırt etmeye yarar. 2- OSPF route-type: 3 bileşen içerir: source- area, route-type (lsa type) ve option (E1 – E2[external]) metric değeri biz değiştirmediğimiz sürece aynı şekilde taşınır.
  • • At R5 router ospf 100 vrf VPN_A domain-id 0.0.0.5 log-adjacency-changes redistribute bgp 100 subnets network 0.0.0.0 255.255.255.255 area 1 router bgp 100 address-family ipv4 vrf VPN_A redistribute ospf 100 vrf VPN_A• At R6 router ospf 100 vrf VNP_A domain-id 0.0.0.6 log-adjacency-changes redistribute bgp 100 subnets network 0.0.0.0 255.255.255.255 area 1 summary-address 172.16.0.0 255.255.0.0 router bgp 100 address-family ipv4 vrf VNP_A redistribute ospf 100 vrf VNP_A
  • • SW1 no ip route vrf VPN_A 0.0.0.0 0.0.0.0 155.14.76.6 router ospf 1 vrf VPN_A netw 0.0.0.0 255.255.255.255 area 1• SW2 ip routing router ospf 1 network 0.0.0.0 255.255.255.255 area 1 int lo100 ip add 172.16.8.8 255.255.255.0
  • 14.8 OSPF Sham-link Ospf area 1 Backdoor link Redistribute vrf VNP_A ospf Lo 172.16.7.7 into vrf VPN_A bgp SW1 lo100 R6 vl67 Vpn_a Vrf A Redistribute bgp into vrf VPN_A ospf Redistribute bgp into Bgp vpnv4 vrf VPN_A ospfOspf area1 lo100 R4Lo1 RR R5172.16.5.5/24 SW2 Vl58 Redistribute vrf VNP_A ospf into vrf VPN_A bgpVpn_a Lo 172.16.8.8/24
  • 14.8 OSPF Sham-link• At R5 router ospf 100 vrf VPN_A no domain-id 0.0.0.5 area 1 sham-link 150.1.55.55 150.1.66.66 cost 1 no network 0.0.0.0 255.255.255.255 area 1 network 155.1.58.5 0.0.0.0 area 1 int lo 200 ip vrf forwarding VPN_A ip address 150.1.55.55 255.255.255.255 router bgp 100 address-family ipv4 vrf VPN_A network 150.1.55.55 mask 255.255.255.255
  • • At R6 router ospf 100 vrf VNP_A no domain-id 0.0.0.5 area 1 sham-link 150.1.66.66 150.1.55.55 cost 1 no network 0.0.0.0 255.255.255.255 area 1 network 155.1.67.6 0.0.0.0 area 1 int lo 200 ip vrf forwarding VNP_A ip address 150.1.66.66 255.255.255.255 router bgp 100 address-family ipv4 vrf VNP_A network 150.1.66.66 mask 255.255.255.255
  • • At SW1 int e0/3 no sw ip address 155.1.78.7 255.255.255.0 ip ospf cost 9999 int e1/0.67 no ip vrf forwarding VPN_A ip address 155.1.67.7 255.255.255.0 int lo101 ip add 172.16.7.7 255.255.255.0 no router ospf 1 router ospf 1 network 0.0.0.0 255.255.255.255 area 1• At SW2 int e0/3 no sw ip address 155.1.78.8 255.255.255.0 ip ospf cost 9999
  • 14.9 PE- CE Routing with EIGRP EIGRP Redistribute vrf VNP_A eigrp Lo 172.16.7.7 Delay 1000 into vrf VPN_A bgp SW1 Backdoor link R6 vl67 Vpn_a Vrf VPN_A Redistribute bgp into vrf VPN_A eigrp Bgp vpnv4 Redistribute bgp into vrf VPN_A eigrp Redistribute bgp into vrf VPN_A eigrpEIGRP R4 EIGRPLo1 RR VPN_A R5172.16.5.5/24 Vlan 43 Redistribute vrf VPN_A EIGRP SW2 Vl58 204.12.1.0/24 into BGP Redistribute vrf VNP_A eigrp into vrf VPN_A bgpVpn_a Lo 172.16.8.8/24
  • 14.9 PE- CE Routing with EIGRP• At R4 ip vrf VPN_A rd 100:1 route-target both 100:1 router eigrp 100 no auto address-family ipv4 vrf VPN_A autonomous-system 100 network 204.12.1.0 0.0.0.255 redistribute bgp 100 metric 1 1 1 1 1 router bgp 100 address-family ipv4 vrf VPN_A redistribute eigrp 100 int e0/0 ip vrf forwarding VPN_A ip address 204.12.1.4 255.255.255.0
  • • At R5 no router ospf 100 router eigrp 100 no auto address-family ipv4 vrf VPN_A autonomous-system 100 network 155.1.58.5 0.0.0.0 redistribute bgp 100 metric 1 1 1 1 1 router bgp 100 address-family ipv4 vrf VPN_A redistribute eigrp 100
  • • At R6 no router ospf 100 router eigrp 100 no auto address-family ipv4 vrf VNP_A autononous-system 100 network 155.1.67.6 0.0.0.0 router bgp 100 address-family ipv4 vrf VNP_A redistribute eigrp 100
  • • At SW1 – SW2 no router ospf 1 router eigrp 100 no autosumm network 0.0.0.0 255.255.255.255 int e0/3 delay 1000 /// to be sure it will be backdoor.
  • 14.10 EIGRP SITE OF ORIGIN BGP AS 78 Backdoor link Lo 172.16.7.7 SW1 R6 vl67 Vpn_a Vrf VPN_A AS100 Bgp vpnv4BGP AS 78 R4Lo1 RR R5172.16.5.5/24 R5 R6 100:15 100:16 SW2 Vl58 SW2 SW1Vpn_a Lo 172.16.8.8/24 100:15 100:16
  • 14.10 EIGRP Site-of-Origin• At R5 • At SW2 route-map EIGRP-SOO route-map EIGRP-SOO set extcommunity soo 100:15 set extcommunity soo 100:15 int e0/0 int e0/2 ip vrf sitemap EIGRP-SOO ip vrf sitemap EIGRP-SOO• At R6 • At SW1 route-map EIGRP-SOO route-map EIGRP-SOO set extcommunity soo 100:16 set extcommunity soo 100:16 int e0/0.67 int e0/2 ip vrf sitemap EIGRP-SOO ip vrf sitemap EIGRP-SOO
  • 14.11 PE- CE Routing with BGP BGP AS 78 Lo 172.16.7.7 SW1 R6 AS78 overrided vl67 AS100 Vpn_a Vrf VPN_A AS100 Bgp vpnv4 AS78 overrided R4BGP AS 78 AS100Lo1 RR R5172.16.5.5/24 SW2 Vl58Vpn_a Lo 172.16.8.8/24
  • 14.11 PE- CE Routing with BGP• Farklı yerlerde aynı AS’in kullanılması; aynı AS ile gelen bilginin alınmayacağından prefix’in filtrelenmesine yol açar. Bunu çözmek için allowas-in ile as-override yapabliriz.
  • • At R5 no router eigrp 100 router bgp 100 address-family ipv4 vrf VPN_A neighbor 155.1.58.8 remote-as 78 neighbor 155.1.58.8 as-override• At R6 no router eigrp 100 router bgp 100 address-family ipv4 vrf VNP_A neighbor 155.1.67.7 remote-as 78 neighbor 155.1.67.7 as-override
  • • At SW1 no router eigrp 100 router bgp 78 neighbor 155.1.67.6 remote-as 100 network 150.1.7.0 mask 255.255.255.0• At SW2 no router eigrp 100 router bgp 78 neighbor 155.1.58.5 remote-as 100 network 150.1.8.0 mask 255.255.255.0
  • 14.12 BGP SoO Attribute BGP AS 78 Lo 172.16.7.7 Backdoor link SW1 R6 vl67 Vpn_a Soo 100:1 Vrf VPN_A AS100 Bgp vpnv4BGP AS 78 R4Lo1 RR R5172.16.5.5/24 SW2 Vl58 Soo 100:1Vpn_a Lo 172.16.8.8/24
  • 14.12 BGP SoO Attribute• At R5 router bgp 100 address-family ipv4 vrf VPN_A neighbor 155.1.58.8 soo 100:1• At R6 router bgp 100 address-family ipv4 vrf VNP_A Bgp vpn neighbor 155.1.67.7 soo 100:1 R5 R6 ebgp ebgp Soo 100:1 Soo 100:1 ibgp SW2 SW1
  • • At SW1 router bgp 78 neighbor 155.1.78.8 remote-as 78• At SW2 router bgp 78 neighbor 155.1.78.7 remote-as 78///CE’lerde backdoor komşuluğunu ekledik.
  • 14.13 Internet Access• At R6 router rip vers 2 no auto-sum network 54.0.0.0 ip route vrf VNP_A 0.0.0.0 0.0.0.0 54.1.1.254 global router bgp 100 address-family ipv4 vrf VNP_A default-information originate redistribute static int s2/0 ip nat outside int e0/0.146 ip nat inside int e0/0.67 ip nat inside ip access-list standard VPN-PREFIXES permit 150.1.0.0 0.0.255.255 ip nat inside source list VPN-PREFIXES interface s2/0 vrf VNP_A overload
  • 14.14 AToM E0/1 R6 vl67 Vpn_a AS100 Bgp vpnv4 Vl 5 (e0/1) R4 R5 RR Vl58Vpn_a
  • 14.14 AToM• At R5 default interface e0/1 int e0/1 xconnect 150.1.6.6 100 encapsulation mpls mpls ldp neighbor 150.1.6.6 password CISCO• At R6 int e0/1 no sh xconnect 150.1.5.5 100 encapsulation mpls mpls ldp neighbor 150.1.5.5 password CISCO
  • • R5 ve R6 ya bağlı olan sw3 ve sw4 interfacelerine ip verip birbirlerini pingleyebiliriz.
  • 14.15 L2TPV3• At R5, similiar at R6 pseudowire-class L2TPV3 encapsulation l2tpv3 ip local interface lo0 ip pmtu ip dfbit set ip tos reflect default int e0/1 int e0/1 xconnect 150.1.6.6 100 encapsulation l2tpv3 pw-class L2TPV3
  • 14.16 MPLS VPN Performance Tuning• At R4 router bgp 100 address-family vpnv4 unicast neighbor 150.1.5.5 advertisement-interval 0 neighbor 150.1.6.6 advertisement-interval 0• At R5; R6 router bgp 100 address-family vpnv4 unicast neighbor 150.1.4.4 advertisement-internal 0 bgp scan import 5