05-03-2020 06:53 AM
Hi,
I need to design a MPLS network as shown in the diagram. The requirement is below.VLAN 10 users in FRANCE only be able to access VLAN 10 servers in JAPAN and CHINA.
VLAN 20 users in GERMANY only be able to access VLAN 20 servers in JAPAN and CHINA.
How can reach this goal only using MPLS, MP-BGP, and VRF?
05-03-2020 07:54 AM
MPLS is an ISP service, you can advertise the routes as normal between your branches and set ACLs to block traffic where need it. you don't see any of the VRF configuration the services provider use to isolate your routes from other customers. All you need to do is set a neighbor relation with the ISP and then advertise the routes, the ISP will do the rest. the will want to use BGP because is what their are using internally, that way they don't have to redistribute between one routing protocol to another.
05-03-2020 07:59 AM
Hi Brayan,
Actually I need to know the ISP side configuration which should be done on PE routers. How can I separate VLAN 10 and 20 traffic in JAPAN and CHINA sites when it comes to PE routers?
05-03-2020 08:40 AM
To understand the VRF on the ISP PE router please reference to
To block traffic before it gets to the PE router you need to use extended ACL outbound on the interface facing to the PE router.
05-03-2020 08:00 AM
You can achieve in both, if this is simple network as look and mentioned., you can do with VRF.
05-03-2020 08:23 AM
05-03-2020 09:06 AM
Actually I am confused with the PE router VRF and MP-BGP configurations. If possible please post the configuration here.
05-03-2020 10:04 AM
supunit21
MPLS configuration is an advance routing configuration and if don’t understand the routing basics it will make it very difficult to understand, MPLS is an ISP services, reference the link I previously sent you will find the answer your looking for.
05-03-2020 09:10 AM - edited 05-03-2020 09:12 AM
Hi,
I don't encourage to seek configuration without have a try first. Do you encountered any problem when you trying to implement the MPLS and MP-BGP? Please kindly share your problem and we could offer help to you.
If you don't know where to start to configure the routers. Here I could have you a flow:
1. Build IGP routing for loopback interface between PE1 to PE4
2. Build MPLS LDP between PE1 to PE4
3. Build IPv4/IPv6 & VPNv4/VPNv6 iBGP between PE1 to PE4
4. Configure corresponding VRF (e.g. JAPAN,FRANCE) on the edge interfaces of PE1 to PE4
5. Configure corresponding route target (RT) import/export based on VPN requirement
6. Build Dynamic Routing (e.g. eBGP) between PE and CE
7. Configure route filtering/ACL for the requirement (e.g. VLAN10 receive only VLAN10 route, but not VLAN20 route)
HTH
05-03-2020 10:02 AM
here is the good example to start with :
https://ccieblog.co.uk/mpls/inter-vrf-routing
Once you made process with configuraton any issue let us know the issue, so we can fine tune the config.
05-03-2020 11:29 AM
05-03-2020 01:07 PM
show us some of your configuration to suggest better, if its VRF aware, you are not leaking to routes, both site should not see each other.
we can only confirm once we see the configuration of the interface and routing table.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide