MPLS VPN – Part 1

This topic relates to one of the most important SP technologies, MPLS L3VPNs. You know that there are different ways of creating VPNs, and MPLS L3VPN is just one of them. Discussing the fundamentals of this type of MPLS maybe needs a complete book, and I don’t want to go through it either. But I want to show you the configuration part. So what we need is a topology and its requirements.

There are 2 customers, A and B, which are connected to a single service provider, AS 234. Each of these customers has 2 offices geographically separated and their respective departments need to be able to have access to the resources inside other offices. I mean, two offices of customer A must have access to each other network and this is the what matters for customer B too. We don’t want any leakage between the customer’s network and they should not to be able to see other’s network.

Here are the customer’s capabilities and situations:
- Customer A in HQ office runs EIGRP 1.
- Customer A in its remote office runs EIGRP 46.
- Customer B in its HQ office runs EIGRP 2.
- Customer B in its remote office runs OSPF 100.
- Customer B has some links and small branches that are not capable of running OSPF. These networks then need to be redistributed into OSPF on R5. We simulate these networks with loopback 1 and loopback 2.

And here are the facts about SP network:
- The SP runs OSPF 1 single area inside its internal network.
- Router R3 is small and old box and is not capable of running MPLS, but it runs OSPF.

Know, we know what are needed, but before jumping into core tasks, let’s take a look at existing networks:

R1(config-router)#do sh ip vrf
  Name                             Default RD          Interfaces
  A                                1:1                 Fa0/0.1
                                                       Lo0
  B                                2:2                 Fa0/0.2
                                                       Lo1

R1(config-router)#do sh ip route
Gateway of last resort is not set

R1(config-router)#

R1(config-router)# do sh ip route vrf A
Gateway of last resort is not set
     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
     100.0.0.0/24 is subnetted, 1 subnets
C       100.1.1.0 is directly connected, FastEthernet0/0.1
     6.0.0.0/32 is subnetted, 1 subnets

R1(config-router)#do sh ip route vrf B
Gateway of last resort is not set
     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.2 is directly connected, Loopback1
     100.0.0.0/24 is subnetted, 1 subnets
C       100.1.2.0 is directly connected, FastEthernet0/0.2
     55.0.0.0/32 is subnetted, 1 subnets

R5(config)#do sh ip inter b
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES unset  administratively down down    
FastEthernet0/1            45.45.45.5      YES manual up                    up      
Loopback0                  5.5.5.5         YES manual up                    up      
Loopback1                  55.55.55.55     YES manual up                    up      
Loopback2                  55.55.55.56     YES manual up                    up      
R5(config)#

R5(config)#do sh ip ospf inter b 
Interface    PID   Area            IP Address/Mask    Cost  State Nbrs F/C
Fa0/1        100   0               45.45.45.5/24      10    DR    1/1
Lo0          100   0               5.5.5.5/32         1     LOOP  0/0
R5(config)#

R6(config)#do sh ip inter b
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES unset  administratively down down    
Serial0/0                  46.46.46.6      YES manual up                    up      
FastEthernet0/1            unassigned      YES unset  administratively down down    
Loopback0                  6.6.6.6         YES manual up                    up      
R6(config)#

R6(config)#do sh ip eigrp inter 
IP-EIGRP interfaces for process 46
                        Xmit Queue   Mean   Pacing Time   Multicast    Pending
Interface        Peers  Un/Reliable  SRTT   Un/Reliable   Flow Timer   Routes
Lo0                0        0/0         0       0/1            0           0
Se0/0              1        0/0        28       0/15         127           0

Now we need to create two VRFs on R2 as SP PE router for our customers:

ip vrf A
 rd 1:1
 route-target export 1:1
 route-target import 1:1
!         
ip vrf B  
 rd 2:2   
 route-target export 2:2
 route-target import 2:2

VRF A is for customer A and B for customer B. just because we need to establish connection between offices of a single customer and there must not be any access between customers, I gave both RTs in each VRF (route targets) the same value. You need to play with these values while configuring central-services MPLS, which is more advanced than what is supposed to be discussed here, in this topic.
As I said before, R5 have some other small boxes without ability to run OSPF, then customer B redistributed them into OSPF on R5:

router ospf 100
 log-adjacency-changes
 redistribute connected subnets route-map DIRECT>OSPF

route-map DIRECT>OSPF permit 10
 match interface Loopback1 loopback2

let’s begin configuring our first PE router, R2. At the first place, we are going through IGP configuration on R2. Our goal is establishing connectivity between R2 and networks of Customer A and B that are connected locally to R2 through physical f0/0 interface. Regarding our requirements mentioned before, the configuration of EIGRP on R2 should be like this:

router eigrp 100
 auto-summary
 !
 address-family ipv4 vrf B
  network 100.1.2.2 0.0.0.0
  no auto-summary
  autonomous-system 2
 exit-address-family
 !
 address-family ipv4 vrf A
  network 100.1.1.2 0.0.0.0
  no auto-summary
  autonomous-system 1
 exit-address-family

The parent AS number, which is 100, is not important, but AS numbers written inside address families are. You know that the AS numbers must match between two EIGRP routers. Here AS numbers are 1 and 2 that are the same between R1 and R2. Actually customer A (VRF A) uses AS number 1 on both of R1 and R2 and customer B (VRF B) uses AS number 2 on these two routers. Now the same task for R1:

router eigrp 100
 auto-summary
 !
 address-family ipv4 vrf B
  network 1.1.1.2 0.0.0.0
  network 100.1.2.1 0.0.0.0
  no auto-summary
  autonomous-system 2
 exit-address-family
 !
 address-family ipv4 vrf A
  network 1.1.1.1 0.0.0.0
  network 100.1.1.1 0.0.0.0
  no auto-summary
  autonomous-system 1
 exit-address-family

With regards to requirements, R4 runs EIGRP with R6 (customer A) and OSPF with R5 (customer B):

router eigrp 100
 auto-summary
 !
 address-family ipv4 vrf A
  network 46.0.0.0
  no auto-summary
  autonomous-system 46
 exit-address-family
!
router ospf 100 vrf B
 log-adjacency-changes
network 45.45.45.4 0.0.0.0 area 0

At this point we must see local customer routes on PE routers:

R2(config-router)#do sh ip route vrf A
Routing Table: A
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
D       1.1.1.1 [90/409600] via 100.1.1.1, 00:06:47, FastEthernet0/0.1
     100.0.0.0/24 is subnetted, 1 subnets
C       100.1.1.0 is directly connected, FastEthernet0/0.1
     6.0.0.0/32 is subnetted, 1 subnets

R2(config-router)#do sh ip route vrf B
Routing Table: B
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
D       1.1.1.2 [90/409600] via 100.1.2.1, 00:07:27, FastEthernet0/0.2
     100.0.0.0/24 is subnetted, 1 subnets
C       100.1.2.0 is directly connected, FastEthernet0/0.2
     55.0.0.0/32 is subnetted, 2 subnets

R4(config-router)#do sh ip route  vrf A
Routing Table: A
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     6.0.0.0/32 is subnetted, 1 subnets
D       6.6.6.6 [90/2297856] via 46.46.46.6, 00:07:12, Serial0/0
     46.0.0.0/24 is subnetted, 1 subnets
C       46.46.46.0 is directly connected, Serial0/0

R4(config-router)#do sh ip route  vrf B
Routing Table: B
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     55.0.0.0/32 is subnetted, 2 subnets
O E2    55.55.55.55 [110/20] via 45.45.45.5, 01:47:43, FastEthernet0/1
O E2    55.55.55.56 [110/20] via 45.45.45.5, 00:24:19, FastEthernet0/1
     5.0.0.0/32 is subnetted, 1 subnets
O       5.5.5.5 [110/11] via 45.45.45.5, 02:22:01, FastEthernet0/1
     45.0.0.0/24 is subnetted, 1 subnets
C       45.45.45.0 is directly connected, FastEthernet0/1

So let’s verify reachability:

R4(config-router)#do ping vrf A 6.6.6.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/10/36 ms
R4(config-router)#
R4(config-router)#do ping vrf B 55.55.55.55
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 55.55.55.55, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/28/36 ms

R4(config-router)#do ping vrf B 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/21/36 ms
R4(config-router)#

R2(config-router)#do ping vrf A 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/22/28 ms
R2(config-router)#

R2(config-router)#do ping vrf B 1.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/31/44 ms
R2(config-router)#

up to now, we have configured both of our PE routers to have access to their local customer networks. Although Enterprise administrators are not responsible for the configuration of devices inside SP network, but here we are going to do it as well. Configuration of SP network consists of some major tasks, including configuration of an IGP, MPLS, BGP and finally MP-BGP. In our case the SP network is running OSPF.

R2(config-router)#do sh ip ospf 1 inter b
Interface    PID   Area            IP Address/Mask    Cost  State Nbrs F/C
Fa0/1        1     0               23.23.23.2/24      10    DR    1/1
Lo0          1     0               2.2.2.2/32         1     LOOP  0/0
R2(config-router)#

R3(config-if)#do sh ip ospf inter b
Interface    PID   Area            IP Address/Mask    Cost  State Nbrs F/C
Fa0/0        1     0               34.34.34.3/24      10    DR    1/1
Fa0/1        1     0               23.23.23.3/24      10    BDR   1/1
Lo0          1     0               3.3.3.3/32         1     LOOP  0/0
R3(config-if)#

R4(config-router)#do sh ip ospf 1 inter b
Interface    PID   Area            IP Address/Mask    Cost  State Nbrs F/C
Fa0/0        1     0               34.34.34.4/24      10    BDR   1/1
Lo0          1     0               4.4.4.4/32         1     LOOP  0/0

R4(config-router)#do ping 2.2.2.2 so lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 4.4.4.4 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/56/84 ms
R4(config-router)#

want to continue? go for Part 2 of this document.

Leave a Comment

Your email address will not be published. Required fields are marked *

* Copy This Password *

* Type Or Paste Password Here *

1,993 Spam Comments Blocked so far by Spam Free Wordpress

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>