Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1209
Views
0
Helpful
11
Replies

MPLS Network Solution

supunit21
Level 1
Level 1

‎05-03-2020 06:53 AM

Diagram.PNG

 

 

 

 

 

 

 

 

 

 

 

 

 

Hi,

I need to design a MPLS network as shown in the diagram. The requirement is below.VLAN 10 users in FRANCE only be able to access VLAN 10 servers in JAPAN and CHINA.

VLAN 20 users in GERMANY only be able to access VLAN 20 servers in JAPAN and CHINA.

 

How can reach this goal only using MPLS, MP-BGP, and VRF?

Labels:
Preview file
41 KB
0 Helpful
11 Replies 11

Bryan2015
Level 1
Level 1

‎05-03-2020 07:54 AM

MPLS is an ISP service, you can advertise the routes as normal between your branches and set ACLs to block traffic where need it. you don't see any of the VRF configuration the services provider use to isolate your routes from other customers.  All you need to do is set a neighbor relation with the ISP and then advertise the routes, the ISP will do the rest. the will want to use BGP because is what their are using internally, that way they don't have to redistribute between one routing protocol to another. 

0 Helpful

supunit21
Level 1
Level 1
In response to Bryan2015

‎05-03-2020 07:59 AM

Hi Brayan,

Actually I need to know the ISP side configuration which should be done on PE routers. How can I separate VLAN 10 and 20 traffic in JAPAN and CHINA sites when it comes to PE routers? 

0 Helpful

Bryan2015
Level 1
Level 1
In response to supunit21

‎05-03-2020 08:40 AM

To understand the VRF on the ISP PE router please reference to 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/15-02SG/configuration/guide/config/vrf.html

 

To block traffic before it gets to the PE router you need to use extended ACL outbound on the interface facing to the PE router. 

 

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎05-03-2020 08:00 AM

You can achieve in both, if this is simple network as look and mentioned., you can do with VRF.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

supunit21
Level 1
Level 1
In response to balaji.bandi

‎05-03-2020 08:23 AM

Hi Balaji,
Could you please post the VRF and MP-BGP configurations for PE1 router and CE router in GERMANY?

If possible please post configurations (VRF and MP-BGP) for all routers.

I appreciate your help regarding this...
0 Helpful

supunit21
Level 1
Level 1
In response to supunit21

‎05-03-2020 09:06 AM

Actually I am confused with the PE router VRF and MP-BGP configurations. If possible please post the configuration here.

0 Helpful

Bryan2015
Level 1
Level 1
In response to supunit21

‎05-03-2020 10:04 AM

supunit21

 

MPLS configuration is an advance routing configuration and if don’t understand the routing basics it will make it very difficult to understand, MPLS is an ISP services, reference the link I previously sent you will find the answer your looking for. 

0 Helpful

ngkin2010
Level 7
Level 7
In response to supunit21

‎05-03-2020 09:10 AM - edited ‎05-03-2020 09:12 AM

Hi,

I don't encourage to seek configuration without have a try first. Do you encountered any problem when you trying to implement the MPLS and MP-BGP? Please kindly share your problem and we could offer help to you.

If you don't know where to start to configure the routers. Here I could have you a flow:

1. Build IGP routing for loopback interface between PE1 to PE4
2. Build MPLS LDP between PE1 to PE4
3. Build IPv4/IPv6 & VPNv4/VPNv6 iBGP between PE1 to PE4
4. Configure corresponding VRF (e.g. JAPAN,FRANCE) on the edge interfaces of PE1 to PE4
5. Configure corresponding route target (RT) import/export based on VPN requirement
6. Build Dynamic Routing (e.g. eBGP) between PE and CE
7. Configure route filtering/ACL for the requirement (e.g. VLAN10 receive only VLAN10 route, but not VLAN20 route)

HTH

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to supunit21

‎05-03-2020 10:02 AM

here is the good example to start with :

 

https://ccieblog.co.uk/mpls/inter-vrf-routing

 

Once you made process with configuraton any issue let us know the issue, so we can fine tune the config.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

supunit21
Level 1
Level 1
In response to balaji.bandi

‎05-03-2020 11:29 AM

Hi,
I created VRFs and MPBGP peering on all PE routers. And it is working fine.
But I get the routes for both VLAN 10 and 20 routes in the FRANCE and GERMANY routing tables.
How can I eliminate the unwanted subnets being received through my MP-BGP peers? Do I have to do the route filtering or is there any best practice to achieve this?
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to supunit21

‎05-03-2020 01:07 PM

show us some of your configuration to suggest better,  if its VRF aware, you are not leaking to routes, both site should not see each other. 

 

we can only confirm once we see the configuration of the interface and routing table.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents