SlideShare a Scribd company logo

mpls-04

kj teoh
kj teoh

The document describes the configuration of a Layer 3 VPN network with multiple VRF instances. Key steps include: 1. Configuring IP addresses, loopbacks and OSPF routing between core routers R1 through R5. 2. Establishing iBGP peering between R1, R3, and R5 to exchange VPN routing information. 3. Creating VRF instances VPN-MY on R1 and R3, and VPN-SG on R5, each with a unique RD and RT. 4. Connecting customer edge devices CE6 to R1, CE7 to R3, and CE8 to R5 through interfaces associated with the corresponding VRFs. 5.

1 of 11
Download to read offline
1. L3VPN RD and RT – Setup IP Address, Loopbacks & OSPF R2 10.0.0.2 R1 Penang 10.0.0.1 R3 KL 10.0.0.3 R4 10.0.0.4 Singapore R5 10.0.0.5 FA0/0 FA0/0FA0/1 FA0/1 FA0/0 FA0/0 FA0/1 FA0/1 R1 interface FastEthernet0/0 description R1-R2 ip address 20.0.0.1 255.255.255.252 R2 interface FastEthernet0/0 description R2-R1 ip address 20.0.0.2 255.255.255.252 interface FastEthernet0/1 description R2-R3 ip address 20.0.0.5 255.255.255.252 R4 interface FastEthernet0/0 description R4-R3 ip address 20.0.0.10 255.255.255.252 interface FastEthernet0/1 description R4-R5 ip address 20.0.0.13 255.255.255.252 R3 interface FastEthernet0/1 description R3-R2 ip address 20.0.0.6 255.255.255.252 interface FastEthernet0/0 description R3-R4 ip address 20.0.0.9 255.255.255.252 R5 interface FastEthernet0/1 description R5-R4 ip address 20.0.0.14 255.255.255.252 OSPF Configs R1-R5 router ospf 999 router-id 10.0.0.X log-adjacency-changes redistribute connected subnets network 0.0.0.0 255.255.255.255 area 0 NOTES Basically with this setup the “baseline” configurations can be said to be complete. Loopback are all reachable and all interfaces are talking. So make sure OSPF “talks” properly. We will do the following: 1. Setup IP's / Loopback / OSPF – this slide 2. Setup IBGP between selected routers ONLY * R1 ↔ R3 ↔ R5 3. Add CE6 ↔ R1 (Penang) 4. Add CE7 ↔ R3 (KL) 5. Add CE8 ↔ R5 (Singapore)
2. L3VPN RD and RT – Setup IP Address, Loopbacks & OSPF, iBGP R2 10.0.0.2 R1 Penang 10.0.0.1 R3 KL 10.0.0.3 R4 10.0.0.4 Singapore R5 10.0.0.5 FA0/0 FA0/0FA0/1 FA0/1 FA0/0 FA0/0 FA0/1 FA0/1 NOTES Basically with this setup the “baseline” configurations can be said to be complete. Loopback are all reachable and all interfaces are talking. So make sure OSPF “talks” properly. We will do the following: 1. Setup IP's / Loopback / OSPF 2. Setup IBGP between selected routers ONLY * R1 ↔ R3 ↔ R5 3. Add CE6 ↔ R1 (Penang) 4. Add CE7 ↔ R3 (KL) 5. Add CE8 ↔ R5 (Singapore) R1 router bgp 999 bgp router-id 10.0.0.1 bgp log-neighbor-changes neighbor 10.0.0.3 remote-as 999 neighbor 10.0.0.3 update-source Loopback0 neighbor 10.0.0.5 remote-as 999 neighbor 10.0.0.5 update-source Loopback0 ! address-family ipv4 neighbor 10.0.0.3 activate neighbor 10.0.0.5 activate R3 router bgp 999 bgp router-id 10.0.0.3 bgp log-neighbor-changes neighbor 10.0.0.1 remote-as 999 neighbor 10.0.0.1 update-source Loopback0 neighbor 10.0.0.5 remote-as 999 neighbor 10.0.0.5 update-source Loopback0 ! address-family ipv4 neighbor 10.0.0.1 activate neighbor 10.0.0.5 activate R5 router bgp 999 bgp router-id 10.0.0.5 bgp log-neighbor-changes neighbor 10.0.0.1 remote-as 999 neighbor 10.0.0.1 update-source Loopback0 neighbor 10.0.0.3 remote-as 999 neighbor 10.0.0.3 update-source Loopback0 ! address-family ipv4 neighbor 10.0.0.1 activate neighbor 10.0.0.3 activate R2 & R4 does not require iBGP participation!
3. L3VPN RD and RT – Setup IP Address, Loopbacks & OSPF, iBGP & VPNV4 & VRF R2 10.0.0.2 R1 Penang 10.0.0.1 R3 KL 10.0.0.3 R4 10.0.0.4 Singapore R5 10.0.0.5 FA0/0 FA0/0FA0/1 FA0/1 FA0/0 FA0/0 FA0/1 FA0/1 NOTES Basically with this setup the “baseline” configurations can be said to be complete. Loopback are all reachable and all interfaces are talking. So make sure OSPF “talks” properly. We will do the following: 1. Setup IP's / Loopback / OSPF 2. Setup IBGP between selected routers ONLY * R1 ↔ R3 ↔ R5 3. Add CE6 ↔ R1 (Penang) 4. Add CE7 ↔ R3 (KL) 5. Add CE8 ↔ R5 (Singapore) CE6 CE7 This is where it gets more interesting CE6 / CE7 will be VPN Customers CE6 ↔ R1 will have vrf VPN-MY RD 999:111 RT import 999:111 RT export 999:111 CE7 ↔ R3 will have vrf VPN-MY RD 999:111 RT import 999:111 RT export 999:111 BUT Preparation on (R1) & CE6 required! 1. Must setup router bgp 999 & special “address family vpnv4” 2. Under R1 router bgp 999 ! address-family vpnv4 neighbor 10.0.0.3 activate neighbor 10.0.0.3 send-community both neighbor 10.0.0.5 activate neighbor 10.0.0.5 send-community both 3. Must create “vrf” (R1) ip vrf VPN-MY rd 999:111 route-target export 999:111 route-target import 999:111 4. Must distribute vrf routes (R1) ! address-family ipv4 vrf VPN-MY redistribute connected 5. Make interface participate in vrf (R1) interface FastEthernet0/1 description R1-CE6 ip vrf forwarding VPN-MY ip address 30.0.0.1 255.255.255.252 Note: Carefully go through running-config of R1. I of course provide you guys with everything! Basically these are the ONLY 5 steps required to get your VRF/RD-RT working! You just need to make sure that your “baseline” ospf/ibgp works properly.
4. L3VPN RD and RT – Setup IP Address, Loopbacks & OSPF, iBGP, VPNV4, VRF, Verify that it Works! R2 10.0.0.2 R1 Penang 10.0.0.1 R3 KL 10.0.0.3 R4 10.0.0.4 Singapore R5 10.0.0.5 FA0/0 FA0/0FA0/1 FA0/1 FA0/0 FA0/0 FA0/1 FA0/1 NOTES 1. Setup IP's / Loopback / OSPF 2. Setup IBGP between selected routers ONLY * R1 ↔ R3 ↔ R4 3. Add CE6 ↔ R1 (Penang) 4. Add CE7 ↔ R3 (KL) 5. Add CE8 ↔ R5 (Singapore) CE6 CE7 Focus on R1 ↔ CE6 Believe it or not, your VPN-MY to R1 → CE6 is already WORKING! R1#ping 30.0.0.1 Sending 5, 100-byte ICMP Echos to 30.0.0.1 ..... R1#show ip route 30.0.0.1 % Network not in table R1#ping vrf VPN-MY 30.0.0.1 Sending 5, 100-byte ICMP Echos to 30.0.0.1 !!!!! R1#show ip route vrf VPN-MY 30.0.0.1 Routing entry for 30.0.0.0/30 Known via "connected", distance 0, metric 0 (connected, via interface) Redistributing via bgp 999 Advertised by bgp 999 Routing Descriptor Blocks: * directly connected, via FastEthernet0/1 You can repeat the same on R3 ↔ CE7 BTW: don't forget to configure /30s on CE6 & CE7 plus a default route. CE6 interface FastEthernet0/1 description CE6-R1 ip address 30.0.0.2 255.255.255.252 ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 30.0.0.1 name default-route Problems will start on the next-page! Access to Default Route Table reveals NONE. Expected Results! Access to VRF VPN-MY Table reveals 30.0.0.1/30 You access a DIFFERENT Table i.e. “VPN-MY”
5. L3VPN RD and RT – Setup IP Address, Loopbacks & OSPF, iBGP, VPNV4, VRF, MPLS-LDP R2 10.0.0.2 R1 Penang 10.0.0.1 R3 KL 10.0.0.3 R4 10.0.0.4 Singapore R5 10.0.0.5 FA0/0 FA0/0FA0/1 FA0/1 FA0/0 FA0/0 FA0/1 FA0/1 NOTES 3. Add CE6 ↔ R1 (Penang) 4. Add CE7 ↔ R3 (KL) 5. Add CE8 ↔ R5 (Singapore) CE6 CE7 R1 ↔ CE6 & R3 ↔ CE7 ● BUT, does CE6 talk to CE7? ● Does VRF R1 VPN-MY talk to R3 VPN-MY? R1#ping vrf VPN-MY 30.0.0.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 30.0.0.5 ..... R1#show ip bgp vpnv4 vrf VPN-MY BGP table version is 7, local router ID is 10.0.0.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 999:111 (default for vrf VPN-MY) *> 30.0.0.0/30 0.0.0.0 0 32768 ? *>i30.0.0.4/30 10.0.0.3 0 100 0 ? R1#show ip route vrf VPN-MY 30.0.0.5 Routing entry for 30.0.0.4/30 Known via "bgp 999", distance 200, metric 0, type internal Last update from 10.0.0.3 01:43:54 ago Routing Descriptor Blocks: * 10.0.0.3 (Default-IP-Routing-Table), from 10.0.0.3, 01:43:54 ago Route metric is 0, traffic share count is 1 BGP vpnv4 tells me its THERE Ip route vrf tells me its THERE BUT still cannot reach? Problem is … mpls ip needs to be configure on every backbone interface. While BGP may TELL you about the routes, there is no TRANSPORT or Label coming from R2 & R3 R1 interface FastEthernet0/0 description R1-R2 ip address 20.0.0.1 255.255.255.252 mpls ip ←You NEED this! Talking? MPLS IP? MPLS IP? Talking?
6. L3VPN RD and RT – Setup IP Address, Loopbacks & OSPF, iBGP, VPNV4, VRF, MPLS-LDP R2 10.0.0.2 R1 Penang 10.0.0.1 R3 KL 10.0.0.3 R4 10.0.0.4 Singapore R5 10.0.0.5 FA0/0 FA0/0FA0/1 FA0/1 FA0/0 FA0/0 FA0/1 FA0/1 NOTES 3. Add CE6 ↔ R1 (Penang) 4. Add CE7 ↔ R3 (KL) 5. Add CE8 ↔ R5 (Singapore) CE6 CE7 So what have we learnt so far? 1. Plain vanilla setup Loopbacks, IP Address etc 2. OSPF between R1 – R5 3. iBGP between R1, R3 & R5 ONLY 4. VPNV4 between R1 & R3 ONLY – Slide 3 5. VRF VPN-MY between R1 & R3 ONLY – Slide 3/4 Make interfaces participate Outgoing R1 → CE6 Outgoing R3 → CE7 6. Make backbone interfaces participate in MPLS – Slide 5 This will create connectivity between CE6 & CE7 which participates in the SAME VRF VPN-MY 7. We understand that while iBGP/VPNV4 may “tell” us about routes, we still MUST have MPLS-LDP to create the forward table for us or be the “transport” to achieve connectivity.
7. L3VPN RD and RT – Setup IP Address, Loopbacks & OSPF, iBGP, VPNV4, VRF, MPLS-LDP, RD/RT R2 10.0.0.2 R1 Penang 10.0.0.1 R3 KL 10.0.0.3 R4 10.0.0.4 Singapore R5 10.0.0.5 FA0/0 FA0/0FA0/1 FA0/1 FA0/0 FA0/0 FA0/1 FA0/1 NOTES 3. Add CE6 ↔ R1 (Penang) 4. Add CE7 ↔ R3 (KL) 5. Add CE8 ↔ R5 (Singapore) CE6 CE7 What is RD/RT? Route Distinguisher Important, but automagically created if you don't specify it We usually specify it for convenience. Route Target Compose of IMPORT and EXPORT statement. Actual prefix's are identified by the RT. We are going to add R5 → CE8 now: ● Different & Distinct VRF VPN-SG ● Does not talk with other VRF VPN-MY ● Lets assume it is a different company altogether Very similar configs to R1 → CE6 / R3 → CE7 CE8 R5 ip vrf VPN-SG rd 999:222 route-target export 999:222 route-target import 999:222 ! interface FastEthernet0/0 description R5-CE8 ip vrf forwarding VPN-SG ip address 40.0.0.1 255.255.255.252 ! address-family ipv4 vrf VPN-SG redistribute connected R5#ping 40.0.0.1 Sending 5, 100-byte ICMP Echos to 40.0.0.1 ..... Success rate is 0 percent (0/5) R5#ping vrf VPN-SG 40.0.0.1 Sending 5, 100-byte ICMP Echos to 40.0.0.1 !!!!! R5#show bgp vpnv4 unicast rd 999:222 BGP table version is 11, local router ID is 10.0.0.5 Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 999:222 (default for vrf VPN-SG) *> 40.0.0.0/30 0.0.0.0 0 32768 ? Only one route is learnt vide VPNV4/BGP V P N M Y VPN-SG
8. L3VPN RD and RT – Setup IP Address, Loopbacks & OSPF, iBGP, VPNV4, VRF, MPLS-LDP, RD/RT R2 10.0.0.2 R1 Penang 10.0.0.1 R3 KL 10.0.0.3 R4 10.0.0.4 Singapore R5 10.0.0.5 FA0/0 FA0/0FA0/1 FA0/1 FA0/0 FA0/0 FA0/1 FA0/1 NOTES 6. Connecting VPN-MY & VPN-SG CE6 CE7 Connecting VPN-MY ↔ VPN-SG Say VPN-MY has now bought up VPN-SG and would like to create seamless network integration between the two. In other words, take-over VPN-SG Option: Remove VPN-SG & substitute with VPN-MY & create new prefix OR IMPORT / EXPORT the route-targets! CE8 R1 ip vrf VPN-MY rd 999:111 route-target export 999:111 route-target import 999:111 route-target import 999:222 R5 ip vrf VPN-SG rd 999:222 route-target export 999:222 route-target import 999:222 route-target import 999:111 R3 ip vrf VPN-MY rd 999:111 route-target export 999:111 route-target import 999:111 NB: NO IMPORT Statement VPN-MY RT999:111 VPN-SG RT999:222 R5#show bgp vpnv4 unicast vrf VPN-SG BGP table version is 15, local router ID is 10.0.0.5 Network Next Hop Metric LocPrf Weight Route Distinguisher: 999:222 (default for vrf VPN-SG) *>i30.0.0.0/30 10.0.0.1 0 100 0 ? *>i30.0.0.4/30 10.0.0.3 0 100 0 ? *> 40.0.0.0/30 0.0.0.0 0 32768 ? R5#ping vrf VPN-SG 30.0.0.5 Sending 5, 100-byte ICMP Echos to 30.0.0.5 ..... Because R3 has NOT import RT999:222, BGP “TELLS” me its there, but MPLS won't carry the traffic for me. R3 must include “route-target import 999:222” to participate between VPN-MY ↔ VPN-SG
9. L3VPN RD and RT – Setup IP Address, Loopbacks & OSPF, iBGP, VPNV4, VRF, MPLS-LDP, RD/RT R2 10.0.0.2 R1 Penang 10.0.0.1 R3 KL 10.0.0.3 R4 10.0.0.4 Singapore R5 10.0.0.5 FA0/0 FA0/0FA0/1 FA0/1 FA0/0 FA0/0 FA0/1 FA0/1 CE6 CE7 So what have we leant so far? CE8 VPN-MY RT999:111 VPN-SG RT999:222 1. Connected two single VRF with two sites VPN-MY → R1 → CE6 VPN-MY → R3 → CE7 2. Create exclusive VRF for Singapore/R5 VPN-SG → R5 → CE8 3. Integrated VRF VPN-MY ↔ VPN-SG 4. Looked at how BGP may tell you stuff/prefix but MORE may be required to get it to work – ie, import route-target 999:222 in R3 R5#show bgp vpnv4 unicast rd 999:222 Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 999:222 (default for vrf VPN-SG) *>i30.0.0.0/30 10.0.0.1 0 100 0 ? *>i30.0.0.4/30 10.0.0.3 0 100 0 ? *> 40.0.0.0/30 0.0.0.0 0 32768 ? R5#show bgp vpnv4 unicast rd 999:111 Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 999:111 *>i30.0.0.0/30 10.0.0.1 0 100 0 ? *>i30.0.0.4/30 10.0.0.3 0 100 0 ? Imported from route- target 999:111
10. L3VPN RD and RT – Setup IP Address, Loopbacks & OSPF, iBGP, VPNV4, VRF, MPLS-LDP, RD/RT, MPLS R2 10.0.0.2 R1 Penang 10.0.0.1 R3 KL 10.0.0.3 R4 10.0.0.4 Singapore R5 10.0.0.5 FA0/0 FA0/0FA0/1 FA0/1 FA0/0 FA0/0 FA0/1 FA0/1 CE6 CE7 What the MPLS will look like: CE8 VPN-MY RT999:111 VPN-SG RT999:222 From previous class on MPLS-LDP and MPLS-XCONNECTS you should be familiar with the concept of “Label Stacking”. The same applies here. What we must understand is that BGP Extended Communities will “tell” us about the prefix but MPLS will do the actual forwarding. CE8 R8#traceroute 30.0.0.2 Tracing the route to 30.0.0.2 1 40.0.0.1 12 msec 16 msec 20 msec 2 20.0.0.13 [MPLS: Labels 19/23 Exp 0] 80 msec 108 3 20.0.0.9 [MPLS: Labels 20/23 Exp 0] 100 msec 100 4 20.0.0.5 [MPLS: Labels 20/23 Exp 0] 100 msec 104 5 30.0.0.1 100 msec 84 6 30.0.0.2 128 msec 104 Label Stack R5#show mpls forwarding-table vrf VPN-SG 30.0.0.2 detail Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface None 23 30.0.0.0/30 0 Fa0/1 20.0.0.13 MAC/Encaps=14/22, MRU=1496, Tag Stack{19 23} R5#show mpls forwarding-table vrf VPN-SG 30.0.0.6 detail Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface None 22 30.0.0.4/30 0 Fa0/1 20.0.0.13 MAC/Encaps=14/22, MRU=1496, Tag Stack{17 22} CE7 VPN-MY R1#show mpls forwarding-table vrf VPN-MY 30.0.0.0 30 / Local Aggregate Label 23
11. L3VPN RD and RT – Setup IP Address, Loopbacks & OSPF, iBGP, VPNV4, VRF, MPLS-LDP, RD/RT R2 10.0.0.2 R1 Penang 10.0.0.1 R3 KL 10.0.0.3 R4 10.0.0.4 Singapore R5 10.0.0.5 FA0/0 FA0/0FA0/1 FA0/1 FA0/0 FA0/0 FA0/1 FA0/1 CE6 CE7 Thank you kjteoh at gmail.com 11/2/2016 – Put your NOTES here! CE8 VPN-MY RT999:111 VPN-SG RT999:222

Recommended

Cisco CCNA- How to Configure Multi-Layer Switch
Cisco CCNA- How to Configure Multi-Layer SwitchCisco CCNA- How to Configure Multi-Layer Switch
Cisco CCNA- How to Configure Multi-Layer Switch
Hamed Moghaddam
 
Cisco CCNA EIGRP IPV6 Configuration
Cisco CCNA EIGRP IPV6 ConfigurationCisco CCNA EIGRP IPV6 Configuration
Cisco CCNA EIGRP IPV6 Configuration
Hamed Moghaddam
 
Cisco CCNA- NAT Configuration
Cisco CCNA- NAT ConfigurationCisco CCNA- NAT Configuration
Cisco CCNA- NAT Configuration
Hamed Moghaddam
 
Cisco CCNA IPV6 Static Configuration
Cisco CCNA IPV6 Static ConfigurationCisco CCNA IPV6 Static Configuration
Cisco CCNA IPV6 Static Configuration
Hamed Moghaddam
 
11 zxr10 b-en-bgp-mpls-vpn configuration-2-ppt-201105 26
11 zxr10 b-en-bgp-mpls-vpn configuration-2-ppt-201105 2611 zxr10 b-en-bgp-mpls-vpn configuration-2-ppt-201105 26
11 zxr10 b-en-bgp-mpls-vpn configuration-2-ppt-201105 26
legasu zemene
 
Ipv6
Ipv6Ipv6
Ipv6
Alp isik
 
MPLS Deployment Chapter 3 - Optimization
MPLS Deployment Chapter 3 - OptimizationMPLS Deployment Chapter 3 - Optimization
MPLS Deployment Chapter 3 - Optimization
Ericsson
 
Troubleshooting BGP
Troubleshooting BGPTroubleshooting BGP
Troubleshooting BGP
Duane Bodle
 

Recommended

Cisco CCNA- How to Configure Multi-Layer Switch
Cisco CCNA- How to Configure Multi-Layer SwitchCisco CCNA- How to Configure Multi-Layer Switch
Cisco CCNA- How to Configure Multi-Layer Switch
Hamed Moghaddam
 
Cisco CCNA EIGRP IPV6 Configuration
Cisco CCNA EIGRP IPV6 ConfigurationCisco CCNA EIGRP IPV6 Configuration
Cisco CCNA EIGRP IPV6 Configuration
Hamed Moghaddam
 
Cisco CCNA- NAT Configuration
Cisco CCNA- NAT ConfigurationCisco CCNA- NAT Configuration
Cisco CCNA- NAT Configuration
Hamed Moghaddam
 
Cisco CCNA IPV6 Static Configuration
Cisco CCNA IPV6 Static ConfigurationCisco CCNA IPV6 Static Configuration
Cisco CCNA IPV6 Static Configuration
Hamed Moghaddam
 
11 zxr10 b-en-bgp-mpls-vpn configuration-2-ppt-201105 26
11 zxr10 b-en-bgp-mpls-vpn configuration-2-ppt-201105 2611 zxr10 b-en-bgp-mpls-vpn configuration-2-ppt-201105 26
11 zxr10 b-en-bgp-mpls-vpn configuration-2-ppt-201105 26
legasu zemene
 
Ipv6
Ipv6Ipv6
Ipv6
Alp isik
 
MPLS Deployment Chapter 3 - Optimization
MPLS Deployment Chapter 3 - OptimizationMPLS Deployment Chapter 3 - Optimization
MPLS Deployment Chapter 3 - Optimization
Ericsson
 
Troubleshooting BGP
Troubleshooting BGPTroubleshooting BGP
Troubleshooting BGP
Duane Bodle
 
ACI MultiPod Config Guide
ACI MultiPod Config GuideACI MultiPod Config Guide
ACI MultiPod Config Guide
Woo Hyung Choi
 
Implementing Internet and MPLS BGP
Implementing Internet and MPLS BGPImplementing Internet and MPLS BGP
Implementing Internet and MPLS BGP
Private
 
Cisco CCNA- DHCP Server
Cisco CCNA- DHCP ServerCisco CCNA- DHCP Server
Cisco CCNA- DHCP Server
Hamed Moghaddam
 
Mpls vpn.rip
Mpls vpn.ripMpls vpn.rip
Mpls vpn.rip
farhanica
 
Samplab19
Samplab19Samplab19
Samplab19Noman Ashraf (CCNA, MCTS)
 
Ccnpswitch
CcnpswitchCcnpswitch
Ccnpswitch
Siddhartha Rajbhatt
 
MPLS VPN Per Vrf Traffic
MPLS VPN Per Vrf TrafficMPLS VPN Per Vrf Traffic
MPLS VPN Per Vrf Traffic
alco
 
How to configure static nat on cisco routers
How to configure static nat on cisco routersHow to configure static nat on cisco routers
How to configure static nat on cisco routers
IT Tech
 
Migrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip SmithMigrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip Smith
MyNOG
 
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner) Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
Puppet
 
Nat
NatNat
Nat
Elshan86
 
NAT Ccna
NAT CcnaNAT Ccna
NAT Ccna
singhsukdeep
 
OSPF- Multi area
OSPF- Multi area OSPF- Multi area
OSPF- Multi area
Ahmed Ali
 
Hands on Experience with IPv6 Routing and Switching Services
Hands on Experience with IPv6 Routing and Switching ServicesHands on Experience with IPv6 Routing and Switching Services
Hands on Experience with IPv6 Routing and Switching Services
Cisco Canada
 
Cisco vs juniper
Cisco vs juniperCisco vs juniper
Cisco vs juniper
Elshaday Gelaye
 
BGP Monitoring Protocol
BGP Monitoring ProtocolBGP Monitoring Protocol
BGP Monitoring Protocol
Bertrand Duvivier
 
CCIE Lab - IGP Routing
CCIE Lab - IGP Routing CCIE Lab - IGP Routing
CCIE Lab - IGP Routing
Kristof De Brouwer
 
BGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationBGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing Optimisation
Andy Davidson
 
Bgp multihoming
Bgp multihomingBgp multihoming
Bgp multihomingee38sp
 
NAT Scneario
NAT ScnearioNAT Scneario
NAT Scneario
Mansour Naslcheraghi
 
junos-firewall-filter
junos-firewall-filterjunos-firewall-filter
junos-firewall-filterkj teoh
 
mpls-05
mpls-05mpls-05
mpls-05kj teoh
 

More Related Content

What's hot

ACI MultiPod Config Guide
ACI MultiPod Config GuideACI MultiPod Config Guide
ACI MultiPod Config Guide
Woo Hyung Choi
 
Implementing Internet and MPLS BGP
Implementing Internet and MPLS BGPImplementing Internet and MPLS BGP
Implementing Internet and MPLS BGP
Private
 
Cisco CCNA- DHCP Server
Cisco CCNA- DHCP ServerCisco CCNA- DHCP Server
Cisco CCNA- DHCP Server
Hamed Moghaddam
 
Mpls vpn.rip
Mpls vpn.ripMpls vpn.rip
Mpls vpn.rip
farhanica
 
Ccnpswitch
CcnpswitchCcnpswitch
Ccnpswitch
Siddhartha Rajbhatt
 
MPLS VPN Per Vrf Traffic
MPLS VPN Per Vrf TrafficMPLS VPN Per Vrf Traffic
MPLS VPN Per Vrf Traffic
alco
 
How to configure static nat on cisco routers
How to configure static nat on cisco routersHow to configure static nat on cisco routers
How to configure static nat on cisco routers
IT Tech
 
Migrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip SmithMigrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip Smith
MyNOG
 
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner) Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
Puppet
 
Nat
NatNat
Nat
Elshan86
 
NAT Ccna
NAT CcnaNAT Ccna
NAT Ccna
singhsukdeep
 
OSPF- Multi area
OSPF- Multi area OSPF- Multi area
OSPF- Multi area
Ahmed Ali
 
Hands on Experience with IPv6 Routing and Switching Services
Hands on Experience with IPv6 Routing and Switching ServicesHands on Experience with IPv6 Routing and Switching Services
Hands on Experience with IPv6 Routing and Switching Services
Cisco Canada
 
Cisco vs juniper
Cisco vs juniperCisco vs juniper
Cisco vs juniper
Elshaday Gelaye
 
BGP Monitoring Protocol
BGP Monitoring ProtocolBGP Monitoring Protocol
BGP Monitoring Protocol
Bertrand Duvivier
 
CCIE Lab - IGP Routing
CCIE Lab - IGP Routing CCIE Lab - IGP Routing
CCIE Lab - IGP Routing
Kristof De Brouwer
 
BGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationBGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing Optimisation
Andy Davidson
 
Bgp multihoming
Bgp multihomingBgp multihoming
Bgp multihomingee38sp
 
NAT Scneario
NAT ScnearioNAT Scneario
NAT Scneario
Mansour Naslcheraghi
 

What's hot (20)

ACI MultiPod Config Guide
ACI MultiPod Config GuideACI MultiPod Config Guide
ACI MultiPod Config Guide
 
Implementing Internet and MPLS BGP
Implementing Internet and MPLS BGPImplementing Internet and MPLS BGP
Implementing Internet and MPLS BGP
 
Cisco CCNA- DHCP Server
Cisco CCNA- DHCP ServerCisco CCNA- DHCP Server
Cisco CCNA- DHCP Server
 
Mpls vpn.rip
Mpls vpn.ripMpls vpn.rip
Mpls vpn.rip
 
Samplab19
Samplab19Samplab19
Samplab19
 
Ccnpswitch
CcnpswitchCcnpswitch
Ccnpswitch
 
MPLS VPN Per Vrf Traffic
MPLS VPN Per Vrf TrafficMPLS VPN Per Vrf Traffic
MPLS VPN Per Vrf Traffic
 
How to configure static nat on cisco routers
How to configure static nat on cisco routersHow to configure static nat on cisco routers
How to configure static nat on cisco routers
 
Migrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip SmithMigrating from OSPF to IS-IS by Philip Smith
Migrating from OSPF to IS-IS by Philip Smith
 
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner) Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
 
Nat
NatNat
Nat
 
NAT Ccna
NAT CcnaNAT Ccna
NAT Ccna
 
OSPF- Multi area
OSPF- Multi area OSPF- Multi area
OSPF- Multi area
 
Hands on Experience with IPv6 Routing and Switching Services
Hands on Experience with IPv6 Routing and Switching ServicesHands on Experience with IPv6 Routing and Switching Services
Hands on Experience with IPv6 Routing and Switching Services
 
Cisco vs juniper
Cisco vs juniperCisco vs juniper
Cisco vs juniper
 
BGP Monitoring Protocol
BGP Monitoring ProtocolBGP Monitoring Protocol
BGP Monitoring Protocol
 
CCIE Lab - IGP Routing
CCIE Lab - IGP Routing CCIE Lab - IGP Routing
CCIE Lab - IGP Routing
 
BGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing OptimisationBGP Traffic Engineering / Routing Optimisation
BGP Traffic Engineering / Routing Optimisation
 
Bgp multihoming
Bgp multihomingBgp multihoming
Bgp multihoming
 
NAT Scneario
NAT ScnearioNAT Scneario
NAT Scneario
 

Viewers also liked

junos-firewall-filter
junos-firewall-filterjunos-firewall-filter
junos-firewall-filterkj teoh
 
智能广域网及开源项目更新
智能广域网及开源项目更新智能广域网及开源项目更新
智能广域网及开源项目更新
Bertrand Duvivier
 
Cisco crs1
Cisco crs1Cisco crs1
Cisco crs1wjunjmt
 
BGP Graceful Shutdown - IOS XR
BGP Graceful Shutdown - IOS XR BGP Graceful Shutdown - IOS XR
BGP Graceful Shutdown - IOS XR
Bertrand Duvivier
 
Segment routing in ISO-XR 5.2.2
Segment routing in ISO-XR 5.2.2Segment routing in ISO-XR 5.2.2
Segment routing in ISO-XR 5.2.2
Bertrand Duvivier
 
BGP Route Aggregation Lab WorkBook
BGP Route Aggregation Lab WorkBookBGP Route Aggregation Lab WorkBook
BGP Route Aggregation Lab WorkBook
RHC Technologies
 
Bgp
BgpBgp
Bgp
Febrian ‎
 
Segment Routing Lab
Segment Routing Lab Segment Routing Lab
Segment Routing Lab
Cisco Canada
 
Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing
Cisco Canada
 
Using BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet ConnectionsUsing BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet Connections
Rowell Dionicio
 
Bgp tutorial for ISP
Bgp tutorial for ISPBgp tutorial for ISP
Bgp tutorial for ISP
Wahyu Nasution
 
BGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesBGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesFebrian ‎
 
Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Febrian ‎
 
Border Gateway Protocol
Border Gateway ProtocolBorder Gateway Protocol
Border Gateway ProtocolKashif Latif
 
Bgp Basic Labs
Bgp Basic LabsBgp Basic Labs
Bgp Basic Labs
cisconetworker
 
Segment Routing & Application Engeering Routing
Segment Routing & Application Engeering RoutingSegment Routing & Application Engeering Routing
Segment Routing & Application Engeering Routing
Bertrand Duvivier
 
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USASegment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
Jose Liste
 

Viewers also liked (20)

junos-firewall-filter
junos-firewall-filterjunos-firewall-filter
junos-firewall-filter
 
mpls-05
mpls-05mpls-05
mpls-05
 
智能广域网及开源项目更新
智能广域网及开源项目更新智能广域网及开源项目更新
智能广域网及开源项目更新
 
bgp-01
bgp-01bgp-01
bgp-01
 
Cisco crs1
Cisco crs1Cisco crs1
Cisco crs1
 
BGP Graceful Shutdown - IOS XR
BGP Graceful Shutdown - IOS XR BGP Graceful Shutdown - IOS XR
BGP Graceful Shutdown - IOS XR
 
Segment routing in ISO-XR 5.2.2
Segment routing in ISO-XR 5.2.2Segment routing in ISO-XR 5.2.2
Segment routing in ISO-XR 5.2.2
 
BGP Route Aggregation Lab WorkBook
BGP Route Aggregation Lab WorkBookBGP Route Aggregation Lab WorkBook
BGP Route Aggregation Lab WorkBook
 
Bgp
BgpBgp
Bgp
 
Segment Routing Lab
Segment Routing Lab Segment Routing Lab
Segment Routing Lab
 
BGP
BGPBGP
BGP
 
Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing Traffic Engineering Using Segment Routing
Traffic Engineering Using Segment Routing
 
Using BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet ConnectionsUsing BGP To Manage Dual Internet Connections
Using BGP To Manage Dual Internet Connections
 
Bgp tutorial for ISP
Bgp tutorial for ISPBgp tutorial for ISP
Bgp tutorial for ISP
 
BGP Advance Technique by Steven & James
BGP Advance Technique by Steven & JamesBGP Advance Technique by Steven & James
BGP Advance Technique by Steven & James
 
Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010
 
Border Gateway Protocol
Border Gateway ProtocolBorder Gateway Protocol
Border Gateway Protocol
 
Bgp Basic Labs
Bgp Basic LabsBgp Basic Labs
Bgp Basic Labs
 
Segment Routing & Application Engeering Routing
Segment Routing & Application Engeering RoutingSegment Routing & Application Engeering Routing
Segment Routing & Application Engeering Routing
 
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USASegment Routing Advanced Use Cases - Cisco Live 2016 USA
Segment Routing Advanced Use Cases - Cisco Live 2016 USA
 

Similar to mpls-04

OSPF_Exercises.pdf
OSPF_Exercises.pdfOSPF_Exercises.pdf
OSPF_Exercises.pdf
Denis Rasskazov
 
MPLS Deployment Chapter 2 - Services
MPLS Deployment Chapter 2 - ServicesMPLS Deployment Chapter 2 - Services
MPLS Deployment Chapter 2 - Services
Ericsson
 
Networking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP ConfigurationNetworking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP Configuration
3Anetwork com
 
Cisco CCNA OSPF IPV6 Configuration
Cisco CCNA OSPF IPV6 ConfigurationCisco CCNA OSPF IPV6 Configuration
Cisco CCNA OSPF IPV6 Configuration
Hamed Moghaddam
 
Transitioning IPv4 to IPv6
Transitioning IPv4 to IPv6Transitioning IPv4 to IPv6
Transitioning IPv4 to IPv6
Jhoni Guerrero
 
Ccn pv7 route_lab2-1_eigrp-load-balancing_student
Ccn pv7 route_lab2-1_eigrp-load-balancing_studentCcn pv7 route_lab2-1_eigrp-load-balancing_student
Ccn pv7 route_lab2-1_eigrp-load-balancing_student
Angel Clavel
 
ospf ahmed tawfeek CCNA dump for Exam12
ospf ahmed tawfeek CCNA dump for Exam12ospf ahmed tawfeek CCNA dump for Exam12
ospf ahmed tawfeek CCNA dump for Exam12
ym7md88
 
ACI MultiPod 구성
ACI MultiPod 구성ACI MultiPod 구성
ACI MultiPod 구성
Woo Hyung Choi
 
Lab- Full IPsec Implementation.pdf
Lab- Full IPsec Implementation.pdfLab- Full IPsec Implementation.pdf
Lab- Full IPsec Implementation.pdf
Nesibusami
 
2.6.6 Packet Tracer - Verify Single-Area OSPFv2 - ILM.docx
2.6.6 Packet Tracer - Verify Single-Area OSPFv2 - ILM.docx2.6.6 Packet Tracer - Verify Single-Area OSPFv2 - ILM.docx
2.6.6 Packet Tracer - Verify Single-Area OSPFv2 - ILM.docx
Josimar Caitano
 
Cisco CCNA- PPP Multilink Configuration
Cisco CCNA- PPP Multilink ConfigurationCisco CCNA- PPP Multilink Configuration
Cisco CCNA- PPP Multilink Configuration
Hamed Moghaddam
 
MPLS L3 VPN Deployment
MPLS L3 VPN DeploymentMPLS L3 VPN Deployment
MPLS L3 VPN Deployment
APNIC
 
Mpls layer 3 vp ns
Mpls layer 3 vp nsMpls layer 3 vp ns
Mpls layer 3 vp ns
IT Tech
 
2.7.1 Packet Tracer - Single-Area OSPFv2 Configuration - ILM.docx
2.7.1 Packet Tracer - Single-Area OSPFv2 Configuration - ILM.docx2.7.1 Packet Tracer - Single-Area OSPFv2 Configuration - ILM.docx
2.7.1 Packet Tracer - Single-Area OSPFv2 Configuration - ILM.docx
Josimar Caitano
 
Сүлжээ1
Сүлжээ1Сүлжээ1
Сүлжээ1
Lhagvaa Byamba
 
MPLS LAB Practice Vol.1.pdf
MPLS LAB Practice Vol.1.pdfMPLS LAB Practice Vol.1.pdf
MPLS LAB Practice Vol.1.pdf
SupakornVisutthicho
 
VXLAN and FRRouting
VXLAN and FRRoutingVXLAN and FRRouting
VXLAN and FRRouting
Faisal Reza
 
보안위협 관리통제
보안위협 관리통제보안위협 관리통제
보안위협 관리통제
Munkyeonggu
 
Routing Implementation - Cisco vs. Mikrotik
Routing Implementation - Cisco vs. MikrotikRouting Implementation - Cisco vs. Mikrotik
Routing Implementation - Cisco vs. Mikrotik
KHNOG
 

Similar to mpls-04 (20)

OSPF_Exercises.pdf
OSPF_Exercises.pdfOSPF_Exercises.pdf
OSPF_Exercises.pdf
 
MPLS Deployment Chapter 2 - Services
MPLS Deployment Chapter 2 - ServicesMPLS Deployment Chapter 2 - Services
MPLS Deployment Chapter 2 - Services
 
Networking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP ConfigurationNetworking Tutorial Goes to Basic PPP Configuration
Networking Tutorial Goes to Basic PPP Configuration
 
Cisco CCNA OSPF IPV6 Configuration
Cisco CCNA OSPF IPV6 ConfigurationCisco CCNA OSPF IPV6 Configuration
Cisco CCNA OSPF IPV6 Configuration
 
Transitioning IPv4 to IPv6
Transitioning IPv4 to IPv6Transitioning IPv4 to IPv6
Transitioning IPv4 to IPv6
 
Ccn pv7 route_lab2-1_eigrp-load-balancing_student
Ccn pv7 route_lab2-1_eigrp-load-balancing_studentCcn pv7 route_lab2-1_eigrp-load-balancing_student
Ccn pv7 route_lab2-1_eigrp-load-balancing_student
 
ospf ahmed tawfeek CCNA dump for Exam12
ospf ahmed tawfeek CCNA dump for Exam12ospf ahmed tawfeek CCNA dump for Exam12
ospf ahmed tawfeek CCNA dump for Exam12
 
Labs ospf
Labs ospfLabs ospf
Labs ospf
 
ACI MultiPod 구성
ACI MultiPod 구성ACI MultiPod 구성
ACI MultiPod 구성
 
Lab- Full IPsec Implementation.pdf
Lab- Full IPsec Implementation.pdfLab- Full IPsec Implementation.pdf
Lab- Full IPsec Implementation.pdf
 
2.6.6 Packet Tracer - Verify Single-Area OSPFv2 - ILM.docx
2.6.6 Packet Tracer - Verify Single-Area OSPFv2 - ILM.docx2.6.6 Packet Tracer - Verify Single-Area OSPFv2 - ILM.docx
2.6.6 Packet Tracer - Verify Single-Area OSPFv2 - ILM.docx
 
Cisco CCNA- PPP Multilink Configuration
Cisco CCNA- PPP Multilink ConfigurationCisco CCNA- PPP Multilink Configuration
Cisco CCNA- PPP Multilink Configuration
 
MPLS L3 VPN Deployment
MPLS L3 VPN DeploymentMPLS L3 VPN Deployment
MPLS L3 VPN Deployment
 
Mpls layer 3 vp ns
Mpls layer 3 vp nsMpls layer 3 vp ns
Mpls layer 3 vp ns
 
2.7.1 Packet Tracer - Single-Area OSPFv2 Configuration - ILM.docx
2.7.1 Packet Tracer - Single-Area OSPFv2 Configuration - ILM.docx2.7.1 Packet Tracer - Single-Area OSPFv2 Configuration - ILM.docx
2.7.1 Packet Tracer - Single-Area OSPFv2 Configuration - ILM.docx
 
Сүлжээ1
Сүлжээ1Сүлжээ1
Сүлжээ1
 
MPLS LAB Practice Vol.1.pdf
MPLS LAB Practice Vol.1.pdfMPLS LAB Practice Vol.1.pdf
MPLS LAB Practice Vol.1.pdf
 
VXLAN and FRRouting
VXLAN and FRRoutingVXLAN and FRRouting
VXLAN and FRRouting
 
보안위협 관리통제
보안위협 관리통제보안위협 관리통제
보안위협 관리통제
 
Routing Implementation - Cisco vs. Mikrotik
Routing Implementation - Cisco vs. MikrotikRouting Implementation - Cisco vs. Mikrotik
Routing Implementation - Cisco vs. Mikrotik
 

mpls-04

  • 1. 1. L3VPN RD and RT – Setup IP Address, Loopbacks & OSPF R2 10.0.0.2 R1 Penang 10.0.0.1 R3 KL 10.0.0.3 R4 10.0.0.4 Singapore R5 10.0.0.5 FA0/0 FA0/0FA0/1 FA0/1 FA0/0 FA0/0 FA0/1 FA0/1 R1 interface FastEthernet0/0 description R1-R2 ip address 20.0.0.1 255.255.255.252 R2 interface FastEthernet0/0 description R2-R1 ip address 20.0.0.2 255.255.255.252 interface FastEthernet0/1 description R2-R3 ip address 20.0.0.5 255.255.255.252 R4 interface FastEthernet0/0 description R4-R3 ip address 20.0.0.10 255.255.255.252 interface FastEthernet0/1 description R4-R5 ip address 20.0.0.13 255.255.255.252 R3 interface FastEthernet0/1 description R3-R2 ip address 20.0.0.6 255.255.255.252 interface FastEthernet0/0 description R3-R4 ip address 20.0.0.9 255.255.255.252 R5 interface FastEthernet0/1 description R5-R4 ip address 20.0.0.14 255.255.255.252 OSPF Configs R1-R5 router ospf 999 router-id 10.0.0.X log-adjacency-changes redistribute connected subnets network 0.0.0.0 255.255.255.255 area 0 NOTES Basically with this setup the “baseline” configurations can be said to be complete. Loopback are all reachable and all interfaces are talking. So make sure OSPF “talks” properly. We will do the following: 1. Setup IP's / Loopback / OSPF – this slide 2. Setup IBGP between selected routers ONLY * R1 ↔ R3 ↔ R5 3. Add CE6 ↔ R1 (Penang) 4. Add CE7 ↔ R3 (KL) 5. Add CE8 ↔ R5 (Singapore)
  • 2. 2. L3VPN RD and RT – Setup IP Address, Loopbacks & OSPF, iBGP R2 10.0.0.2 R1 Penang 10.0.0.1 R3 KL 10.0.0.3 R4 10.0.0.4 Singapore R5 10.0.0.5 FA0/0 FA0/0FA0/1 FA0/1 FA0/0 FA0/0 FA0/1 FA0/1 NOTES Basically with this setup the “baseline” configurations can be said to be complete. Loopback are all reachable and all interfaces are talking. So make sure OSPF “talks” properly. We will do the following: 1. Setup IP's / Loopback / OSPF 2. Setup IBGP between selected routers ONLY * R1 ↔ R3 ↔ R5 3. Add CE6 ↔ R1 (Penang) 4. Add CE7 ↔ R3 (KL) 5. Add CE8 ↔ R5 (Singapore) R1 router bgp 999 bgp router-id 10.0.0.1 bgp log-neighbor-changes neighbor 10.0.0.3 remote-as 999 neighbor 10.0.0.3 update-source Loopback0 neighbor 10.0.0.5 remote-as 999 neighbor 10.0.0.5 update-source Loopback0 ! address-family ipv4 neighbor 10.0.0.3 activate neighbor 10.0.0.5 activate R3 router bgp 999 bgp router-id 10.0.0.3 bgp log-neighbor-changes neighbor 10.0.0.1 remote-as 999 neighbor 10.0.0.1 update-source Loopback0 neighbor 10.0.0.5 remote-as 999 neighbor 10.0.0.5 update-source Loopback0 ! address-family ipv4 neighbor 10.0.0.1 activate neighbor 10.0.0.5 activate R5 router bgp 999 bgp router-id 10.0.0.5 bgp log-neighbor-changes neighbor 10.0.0.1 remote-as 999 neighbor 10.0.0.1 update-source Loopback0 neighbor 10.0.0.3 remote-as 999 neighbor 10.0.0.3 update-source Loopback0 ! address-family ipv4 neighbor 10.0.0.1 activate neighbor 10.0.0.3 activate R2 & R4 does not require iBGP participation!
  • 3. 3. L3VPN RD and RT – Setup IP Address, Loopbacks & OSPF, iBGP & VPNV4 & VRF R2 10.0.0.2 R1 Penang 10.0.0.1 R3 KL 10.0.0.3 R4 10.0.0.4 Singapore R5 10.0.0.5 FA0/0 FA0/0FA0/1 FA0/1 FA0/0 FA0/0 FA0/1 FA0/1 NOTES Basically with this setup the “baseline” configurations can be said to be complete. Loopback are all reachable and all interfaces are talking. So make sure OSPF “talks” properly. We will do the following: 1. Setup IP's / Loopback / OSPF 2. Setup IBGP between selected routers ONLY * R1 ↔ R3 ↔ R5 3. Add CE6 ↔ R1 (Penang) 4. Add CE7 ↔ R3 (KL) 5. Add CE8 ↔ R5 (Singapore) CE6 CE7 This is where it gets more interesting CE6 / CE7 will be VPN Customers CE6 ↔ R1 will have vrf VPN-MY RD 999:111 RT import 999:111 RT export 999:111 CE7 ↔ R3 will have vrf VPN-MY RD 999:111 RT import 999:111 RT export 999:111 BUT Preparation on (R1) & CE6 required! 1. Must setup router bgp 999 & special “address family vpnv4” 2. Under R1 router bgp 999 ! address-family vpnv4 neighbor 10.0.0.3 activate neighbor 10.0.0.3 send-community both neighbor 10.0.0.5 activate neighbor 10.0.0.5 send-community both 3. Must create “vrf” (R1) ip vrf VPN-MY rd 999:111 route-target export 999:111 route-target import 999:111 4. Must distribute vrf routes (R1) ! address-family ipv4 vrf VPN-MY redistribute connected 5. Make interface participate in vrf (R1) interface FastEthernet0/1 description R1-CE6 ip vrf forwarding VPN-MY ip address 30.0.0.1 255.255.255.252 Note: Carefully go through running-config of R1. I of course provide you guys with everything! Basically these are the ONLY 5 steps required to get your VRF/RD-RT working! You just need to make sure that your “baseline” ospf/ibgp works properly.
  • 4. 4. L3VPN RD and RT – Setup IP Address, Loopbacks & OSPF, iBGP, VPNV4, VRF, Verify that it Works! R2 10.0.0.2 R1 Penang 10.0.0.1 R3 KL 10.0.0.3 R4 10.0.0.4 Singapore R5 10.0.0.5 FA0/0 FA0/0FA0/1 FA0/1 FA0/0 FA0/0 FA0/1 FA0/1 NOTES 1. Setup IP's / Loopback / OSPF 2. Setup IBGP between selected routers ONLY * R1 ↔ R3 ↔ R4 3. Add CE6 ↔ R1 (Penang) 4. Add CE7 ↔ R3 (KL) 5. Add CE8 ↔ R5 (Singapore) CE6 CE7 Focus on R1 ↔ CE6 Believe it or not, your VPN-MY to R1 → CE6 is already WORKING! R1#ping 30.0.0.1 Sending 5, 100-byte ICMP Echos to 30.0.0.1 ..... R1#show ip route 30.0.0.1 % Network not in table R1#ping vrf VPN-MY 30.0.0.1 Sending 5, 100-byte ICMP Echos to 30.0.0.1 !!!!! R1#show ip route vrf VPN-MY 30.0.0.1 Routing entry for 30.0.0.0/30 Known via "connected", distance 0, metric 0 (connected, via interface) Redistributing via bgp 999 Advertised by bgp 999 Routing Descriptor Blocks: * directly connected, via FastEthernet0/1 You can repeat the same on R3 ↔ CE7 BTW: don't forget to configure /30s on CE6 & CE7 plus a default route. CE6 interface FastEthernet0/1 description CE6-R1 ip address 30.0.0.2 255.255.255.252 ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 30.0.0.1 name default-route Problems will start on the next-page! Access to Default Route Table reveals NONE. Expected Results! Access to VRF VPN-MY Table reveals 30.0.0.1/30 You access a DIFFERENT Table i.e. “VPN-MY”
  • 5. 5. L3VPN RD and RT – Setup IP Address, Loopbacks & OSPF, iBGP, VPNV4, VRF, MPLS-LDP R2 10.0.0.2 R1 Penang 10.0.0.1 R3 KL 10.0.0.3 R4 10.0.0.4 Singapore R5 10.0.0.5 FA0/0 FA0/0FA0/1 FA0/1 FA0/0 FA0/0 FA0/1 FA0/1 NOTES 3. Add CE6 ↔ R1 (Penang) 4. Add CE7 ↔ R3 (KL) 5. Add CE8 ↔ R5 (Singapore) CE6 CE7 R1 ↔ CE6 & R3 ↔ CE7 ● BUT, does CE6 talk to CE7? ● Does VRF R1 VPN-MY talk to R3 VPN-MY? R1#ping vrf VPN-MY 30.0.0.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 30.0.0.5 ..... R1#show ip bgp vpnv4 vrf VPN-MY BGP table version is 7, local router ID is 10.0.0.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 999:111 (default for vrf VPN-MY) *> 30.0.0.0/30 0.0.0.0 0 32768 ? *>i30.0.0.4/30 10.0.0.3 0 100 0 ? R1#show ip route vrf VPN-MY 30.0.0.5 Routing entry for 30.0.0.4/30 Known via "bgp 999", distance 200, metric 0, type internal Last update from 10.0.0.3 01:43:54 ago Routing Descriptor Blocks: * 10.0.0.3 (Default-IP-Routing-Table), from 10.0.0.3, 01:43:54 ago Route metric is 0, traffic share count is 1 BGP vpnv4 tells me its THERE Ip route vrf tells me its THERE BUT still cannot reach? Problem is … mpls ip needs to be configure on every backbone interface. While BGP may TELL you about the routes, there is no TRANSPORT or Label coming from R2 & R3 R1 interface FastEthernet0/0 description R1-R2 ip address 20.0.0.1 255.255.255.252 mpls ip ←You NEED this! Talking? MPLS IP? MPLS IP? Talking?
  • 6. 6. L3VPN RD and RT – Setup IP Address, Loopbacks & OSPF, iBGP, VPNV4, VRF, MPLS-LDP R2 10.0.0.2 R1 Penang 10.0.0.1 R3 KL 10.0.0.3 R4 10.0.0.4 Singapore R5 10.0.0.5 FA0/0 FA0/0FA0/1 FA0/1 FA0/0 FA0/0 FA0/1 FA0/1 NOTES 3. Add CE6 ↔ R1 (Penang) 4. Add CE7 ↔ R3 (KL) 5. Add CE8 ↔ R5 (Singapore) CE6 CE7 So what have we learnt so far? 1. Plain vanilla setup Loopbacks, IP Address etc 2. OSPF between R1 – R5 3. iBGP between R1, R3 & R5 ONLY 4. VPNV4 between R1 & R3 ONLY – Slide 3 5. VRF VPN-MY between R1 & R3 ONLY – Slide 3/4 Make interfaces participate Outgoing R1 → CE6 Outgoing R3 → CE7 6. Make backbone interfaces participate in MPLS – Slide 5 This will create connectivity between CE6 & CE7 which participates in the SAME VRF VPN-MY 7. We understand that while iBGP/VPNV4 may “tell” us about routes, we still MUST have MPLS-LDP to create the forward table for us or be the “transport” to achieve connectivity.
  • 7. 7. L3VPN RD and RT – Setup IP Address, Loopbacks & OSPF, iBGP, VPNV4, VRF, MPLS-LDP, RD/RT R2 10.0.0.2 R1 Penang 10.0.0.1 R3 KL 10.0.0.3 R4 10.0.0.4 Singapore R5 10.0.0.5 FA0/0 FA0/0FA0/1 FA0/1 FA0/0 FA0/0 FA0/1 FA0/1 NOTES 3. Add CE6 ↔ R1 (Penang) 4. Add CE7 ↔ R3 (KL) 5. Add CE8 ↔ R5 (Singapore) CE6 CE7 What is RD/RT? Route Distinguisher Important, but automagically created if you don't specify it We usually specify it for convenience. Route Target Compose of IMPORT and EXPORT statement. Actual prefix's are identified by the RT. We are going to add R5 → CE8 now: ● Different & Distinct VRF VPN-SG ● Does not talk with other VRF VPN-MY ● Lets assume it is a different company altogether Very similar configs to R1 → CE6 / R3 → CE7 CE8 R5 ip vrf VPN-SG rd 999:222 route-target export 999:222 route-target import 999:222 ! interface FastEthernet0/0 description R5-CE8 ip vrf forwarding VPN-SG ip address 40.0.0.1 255.255.255.252 ! address-family ipv4 vrf VPN-SG redistribute connected R5#ping 40.0.0.1 Sending 5, 100-byte ICMP Echos to 40.0.0.1 ..... Success rate is 0 percent (0/5) R5#ping vrf VPN-SG 40.0.0.1 Sending 5, 100-byte ICMP Echos to 40.0.0.1 !!!!! R5#show bgp vpnv4 unicast rd 999:222 BGP table version is 11, local router ID is 10.0.0.5 Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 999:222 (default for vrf VPN-SG) *> 40.0.0.0/30 0.0.0.0 0 32768 ? Only one route is learnt vide VPNV4/BGP V P N M Y VPN-SG
  • 8. 8. L3VPN RD and RT – Setup IP Address, Loopbacks & OSPF, iBGP, VPNV4, VRF, MPLS-LDP, RD/RT R2 10.0.0.2 R1 Penang 10.0.0.1 R3 KL 10.0.0.3 R4 10.0.0.4 Singapore R5 10.0.0.5 FA0/0 FA0/0FA0/1 FA0/1 FA0/0 FA0/0 FA0/1 FA0/1 NOTES 6. Connecting VPN-MY & VPN-SG CE6 CE7 Connecting VPN-MY ↔ VPN-SG Say VPN-MY has now bought up VPN-SG and would like to create seamless network integration between the two. In other words, take-over VPN-SG Option: Remove VPN-SG & substitute with VPN-MY & create new prefix OR IMPORT / EXPORT the route-targets! CE8 R1 ip vrf VPN-MY rd 999:111 route-target export 999:111 route-target import 999:111 route-target import 999:222 R5 ip vrf VPN-SG rd 999:222 route-target export 999:222 route-target import 999:222 route-target import 999:111 R3 ip vrf VPN-MY rd 999:111 route-target export 999:111 route-target import 999:111 NB: NO IMPORT Statement VPN-MY RT999:111 VPN-SG RT999:222 R5#show bgp vpnv4 unicast vrf VPN-SG BGP table version is 15, local router ID is 10.0.0.5 Network Next Hop Metric LocPrf Weight Route Distinguisher: 999:222 (default for vrf VPN-SG) *>i30.0.0.0/30 10.0.0.1 0 100 0 ? *>i30.0.0.4/30 10.0.0.3 0 100 0 ? *> 40.0.0.0/30 0.0.0.0 0 32768 ? R5#ping vrf VPN-SG 30.0.0.5 Sending 5, 100-byte ICMP Echos to 30.0.0.5 ..... Because R3 has NOT import RT999:222, BGP “TELLS” me its there, but MPLS won't carry the traffic for me. R3 must include “route-target import 999:222” to participate between VPN-MY ↔ VPN-SG
  • 9. 9. L3VPN RD and RT – Setup IP Address, Loopbacks & OSPF, iBGP, VPNV4, VRF, MPLS-LDP, RD/RT R2 10.0.0.2 R1 Penang 10.0.0.1 R3 KL 10.0.0.3 R4 10.0.0.4 Singapore R5 10.0.0.5 FA0/0 FA0/0FA0/1 FA0/1 FA0/0 FA0/0 FA0/1 FA0/1 CE6 CE7 So what have we leant so far? CE8 VPN-MY RT999:111 VPN-SG RT999:222 1. Connected two single VRF with two sites VPN-MY → R1 → CE6 VPN-MY → R3 → CE7 2. Create exclusive VRF for Singapore/R5 VPN-SG → R5 → CE8 3. Integrated VRF VPN-MY ↔ VPN-SG 4. Looked at how BGP may tell you stuff/prefix but MORE may be required to get it to work – ie, import route-target 999:222 in R3 R5#show bgp vpnv4 unicast rd 999:222 Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 999:222 (default for vrf VPN-SG) *>i30.0.0.0/30 10.0.0.1 0 100 0 ? *>i30.0.0.4/30 10.0.0.3 0 100 0 ? *> 40.0.0.0/30 0.0.0.0 0 32768 ? R5#show bgp vpnv4 unicast rd 999:111 Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 999:111 *>i30.0.0.0/30 10.0.0.1 0 100 0 ? *>i30.0.0.4/30 10.0.0.3 0 100 0 ? Imported from route- target 999:111
  • 10. 10. L3VPN RD and RT – Setup IP Address, Loopbacks & OSPF, iBGP, VPNV4, VRF, MPLS-LDP, RD/RT, MPLS R2 10.0.0.2 R1 Penang 10.0.0.1 R3 KL 10.0.0.3 R4 10.0.0.4 Singapore R5 10.0.0.5 FA0/0 FA0/0FA0/1 FA0/1 FA0/0 FA0/0 FA0/1 FA0/1 CE6 CE7 What the MPLS will look like: CE8 VPN-MY RT999:111 VPN-SG RT999:222 From previous class on MPLS-LDP and MPLS-XCONNECTS you should be familiar with the concept of “Label Stacking”. The same applies here. What we must understand is that BGP Extended Communities will “tell” us about the prefix but MPLS will do the actual forwarding. CE8 R8#traceroute 30.0.0.2 Tracing the route to 30.0.0.2 1 40.0.0.1 12 msec 16 msec 20 msec 2 20.0.0.13 [MPLS: Labels 19/23 Exp 0] 80 msec 108 3 20.0.0.9 [MPLS: Labels 20/23 Exp 0] 100 msec 100 4 20.0.0.5 [MPLS: Labels 20/23 Exp 0] 100 msec 104 5 30.0.0.1 100 msec 84 6 30.0.0.2 128 msec 104 Label Stack R5#show mpls forwarding-table vrf VPN-SG 30.0.0.2 detail Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface None 23 30.0.0.0/30 0 Fa0/1 20.0.0.13 MAC/Encaps=14/22, MRU=1496, Tag Stack{19 23} R5#show mpls forwarding-table vrf VPN-SG 30.0.0.6 detail Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface None 22 30.0.0.4/30 0 Fa0/1 20.0.0.13 MAC/Encaps=14/22, MRU=1496, Tag Stack{17 22} CE7 VPN-MY R1#show mpls forwarding-table vrf VPN-MY 30.0.0.0 30 / Local Aggregate Label 23
  • 11. 11. L3VPN RD and RT – Setup IP Address, Loopbacks & OSPF, iBGP, VPNV4, VRF, MPLS-LDP, RD/RT R2 10.0.0.2 R1 Penang 10.0.0.1 R3 KL 10.0.0.3 R4 10.0.0.4 Singapore R5 10.0.0.5 FA0/0 FA0/0FA0/1 FA0/1 FA0/0 FA0/0 FA0/1 FA0/1 CE6 CE7 Thank you kjteoh at gmail.com 11/2/2016 – Put your NOTES here! CE8 VPN-MY RT999:111 VPN-SG RT999:222