Re: Unbale to configure MPLS VPN in the below scenario - Page 2

mirzaakberali · ‎04-07-2009

Hi Experts,

I tried in my GNS3 lab for configuring MPLS VPN lab with the below attached scenario and configurations.

I am struggling to know what else should be configured on the P/PE /CE devices.

MPLS Flow diagram

R7-CE-Cust A

|

R3-PE--R4-P.Router---R5-PE--R8-CE-CustB

| |

| R2 CE-CustA

R1( CE- CustB)

Please refer the attached diagram and configuration .

Request you to suggest with valuable posts to configure MPLS VPN with the below scenario.

Also Can any one confirm me if i can use 7206 vxr router in GNS3 lab along with IOS c7200-jk9s-mz.124-23.bin .

Highly appreciate your earliest response and posts.

Configuration attached for reference.

Thanks in advance!

Regards,

Mirza.

mirzaakberali · ‎04-11-2009

Hi James & Shivlu,

Could you please send your inputs on my previous Post.

Appreciate your efforts on my query.

Thanks,

Mirza.

maldin · ‎04-11-2009

Mirza,

I build the topology i posted based on your diagram including the IP addresses, except for some loopbacks that were not there.

I also remove the static route in R4. The bgp for vpnv4 only runs on r3, r5 and r6. r4 is a pure P router with no bgp.

i suggest you load the net file i include and see first. There is no use of using 7206 vxr unless you want to try the AToM feature.

With the topology i gave you it should be able to do MPLS Te and also MPLS Multicast.

mirzaakberali · ‎04-11-2009

Hello Maldin,

Let me for sure try to understand your above posts :), as i was more focused to resolve my existing issue so was concentrating on it.

Can u post some good scenario on MPLS TE..

Thanks,

Mirza.

mirzaakberali · ‎04-13-2009

Hello James,

I have a got doubt on the above static route configuration :( that why do we need to configure Static route from R3- R5/R6 and vice versa from remaining PE's.

As we already have IBGP configured with a full mesh between PE router.

Can u please expalin to me.

Appreciate your valuable response.

Thanks,

Mirza.

JamesLuther · ‎04-13-2009

Hello Mirza,

Let me explain generally how an MPLS network is setup. For the routing then normally you will have the following setup.

CE-PE eBGP is configured

PE-PE MP-BGP is configured to distribute customer routes

PE-P-PE ISIS is configure to distribute PE/P loopback addreses to allow the MP-BGP sessions to come up.

The BGP session between each PE router is distributing VPN4 routes NOT routes from the global routing table. ie routes between VRFs

A good book on MPLS is "MPLS fundamentals" or the "MPLS & VPN Architecture" books.

Regards

James

mirzaakberali · ‎04-14-2009

Hi James,

My Sincere admiration to you for your above all posts.

I have successfully configured (believe so :) ) MPLS- VPN.

Following are my queries at the end of this excercise.

1) Can i ping from R1 to R8 IP.

2) Can i ping R3 to R5 IP's ( if not why)

3) Can i ping from R3 to R8 Interface IP.

4) Is there any way i can get output for the below command ....( by adding some more confiuration)

R3#sh ip route 150.1.7.7

5) In real scenarion does CustB VRF R1 & R8 /Cust A VRF routers R2 & R7 ping/communicate each other ? If not how packet will reach?

once again great thanks for your great explanation!

attaching my Show results/config /diagrams for your reference.

Thanks,

Mirza.

JamesLuther · ‎04-14-2009

Hi Mirza,

Well done configuring MPLS VPN !! Here are some answers to your questions

1) Yes, this is because you have reditribute connected. You can also try pinging from the insed interface ie "ping x.x.x.x source fa0/1"

2) Not required for MPLS to work, it depends on your global routing tables on the PE and P routers. If you have all the routes in there then it will work.

3) No. But you can ping from the VRF ie "ping vrf CustB x.x.x.x"

4) This IP is R7 loopback address. This address isn't in the global routing table but should be in VRF CustA, so you can do "sh ip route vrf CustA 150.1.7.7"

5) In real world this is not that common. However maybe a large company has two MPLS networks ie EMEA and America or ABC-Electronics & ABC-VideoGames. Then you may want to have customers talk to each other. This can be done with the following

ip vrf CustA

rd 100:1

route-target export 1000:1

route-target import 1000:1

route-target export 1000:100

ip vrf CustB

rd 100:2

route-target export 2000:1

route-target import 2000:1

route-target import 1000:100

Where RT 1000:1 is just used for CustA to talk to other CustA sites, similarly for 2000:1 and RT 1000:10 is used to put routes from CustA into CustB. Of course you would need to put some routes back the other way. This will do all routes, however you can also select routes to export with the following

ip vrf CustA

export map EXPORT_MAP

!

route-map EXPORT_MAP permit 10

match ip address prefix-list exported-routes-list

set extcommunity rt 1000:1

Regards

mirzaakberali · ‎04-14-2009

Hi James,

Query 1 : i tried using extended ping to 150.1.8.8 from R1 keeping sourece as loopback..but unbale to ping

Quer2: Can u plz identify if any thing missing between R3-R4-R5 config part.

Query3: I am unable to ping from R3 using the comand --ping vrf CustB 150.1.8.8.

Query 4 & 5 i am able to completely understand :)

Thanks for the awesome explanations.

Thanks ,

Mirza.