Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
390
Views
1
Helpful
0
Replies

Sharing MPLS Layer-3 VPN Configuration

Gopinath_Pigili
Spotlight
Spotlight

‎11-08-2023 03:38 AM - edited ‎11-09-2023 04:23 AM

In the following topology... we have five routers where AS 234 is the service provider. There’s one customer with two sites, AS 1 and AS 5. Our customer wants to exchange 1.1.1.1 /32 and 5.5.5.5 /32 between its sites using BGP.

MPLS Layer-3 VPN.jpg

To achieve this, we’ll have to do a couple of things:

  • Configure IGP and LDP within the service provider network.
  • Configure VRFs on the PE routers.
  • Configure IBGP between the PE routers.
  • Configure BGP between the PE and CE routers.

Assume that all interface are configured with ip addresses according to the given topology

Step-1: Configure Service Provider Network with ospf and enable mpls

PE1(config)#router ospf 1
PE1(config-router)#network 192.168.23.0 0.0.0.255 area 0
PE1(config-router)#network 2.2.2.2 0.0.0.0 area 0

P(config)#router ospf 1
P(config-router)#network 192.168.23.0 0.0.0.255 area 0
P(config-router)#network 192.168.34.0 0.0.0.255 area 0
P(config-router)#network 3.3.3.3 0.0.0.0 area 0

PE2(config)#router ospf 1
PE2(config-router)#network 192.168.34.0 0.0.0.255 area 0
PE2(config-router)#network 4.4.4.4 0.0.0.0 area 0

Now,let’s enable LDP on all internal interfaces:

PE1(config)#interface FastEthernet 0/1
PE1(config-if)#mpls ip
P(config)#interface FastEthernet 0/0
P(config-if)#mpls ip
P(config)#interface FastEthernet 0/1
P(config-if)#mpls ip
PE2(config)#interface FastEthernet 0/0
PE2(config-if)#mpls ip

PE1# ping 4.4.4.4 source 2.2.2.2  (! ! ! ! !)

Step-2:- VRF on the PE routers

Since we want our customer routes separated from the service
provider’s routes, we’ll have to create some VRFs.Here’s how it’s done:

PE1(config)#ip vrf CUSTOMER
PE1(config-vrf)#rd 234:1
PE1(config-vrf)#route-target both 234:1

After creating the VRF globally, we have to assign the interface that is facing the customer to the VRF:

PE1(config)#interface FastEthernet 0/0
PE1(config-if)#ip vrf forwarding CUSTOMER
PE1(config-if)#ip address 192.168.12.2 255.255.255.0

PE2(config)#ip vrf CUSTOMER
PE2(config-vrf)#rd 234:1
PE2(config-vrf)#route-target export 234:1
PE2(config-vrf)#route-target import 234:1

PE2(config)#interface FastEthernet 0/1
PE2(config-if)#ip vrf forwarding CUSTOMER
PE2(config-if)#ip address 192.168.45.4 255.255.255.0

PE1#ping vrf CUSTOMER 192.168.12.1 (!!!!!)

Step-3:- IBGP Configuration on PE1 and PE2

PE1(config)#router bgp 234
PE1(config-router)#neighbor 4.4.4.4 remote-as 234
PE1(config-router)#neighbor 4.4.4.4 update-source loopback 0
PE1(config-router)#address-family vpnv4
PE1(config-router-af)#neighbor 4.4.4.4 activate

PE2(config)#router bgp 234
PE2(config-router)#neighbor 2.2.2.2 remote-as 234
PE2(config-router)#neighbor 2.2.2.2 update-source loopback 0
PE2(config-router)#address-family vpnv4
PE2(config-router-af)#neighbor 2.2.2.2 activate

The PE routers will only be used to exchange VPNv4 routes so we can disable the address-family for
IPv4 unicast. Here's how you can do this:

PE1(config)#router bgp 234
PE1(config-router)#address-family ipv4
PE1(config-router-af)#no neighbor 4.4.4.4 activate

PE2(config)#router bgp 234
PE2(config-router)#address-family ipv4
PE2(config-router-af)#no neighbor 2.2.2.2 activate

PE1/PE2#show run | section bgp
PE1/PE2#show bgp vpnv4 unicast all summary

Step-4:- EBGP on PE and CE

CE1(config)#router bgp 1
CE1(config-router)#neighbor 192.168.12.2 remote-as 234
CE1(config-router)#network 1.1.1.1 mask 255.255.255.255

CE2(config)#router bgp 5
CE2(config-router)#neighbor 192.168.45.4 remote-as 234
CE2(config-router)#network 5.5.5.5 mask 255.255.255.255

The configuration of the CE routers is straight forward, this is plain and simple eBGP.

Let's configure the PE routers: The interface that connects to the
CE1 router is assigned to the VRF.This means we'll have to create an address-family in BGP for this
VRF:

PE1(config)#router bgp 234
PE1(config-router)#address-family ipv4 vrf CUSTOMER
PE1(config-router-af)#neighbor 192.168.12.1 remote-as 1

PE2(config)#router bgp 234
PE2(config-router)#address-family ipv4 vrf CUSTOMER
PE2(config-router-af)#neighbor 192.168.45.5 remote-as 1

PE1/PE2# show bgp vpnv4 unicast vrf CUSTOMER summary

PE1/PE2# show bgp vpnv4 unicast vrf CUSTOMER

CE1# ping 5.5.5.5 source 1.1.1.1 (!!!!!)
CE1# traceroute 5.5.5.5 source 1.1.1.1
The traceroute command output proves that packet is labled switched in AS-234...

Best regards
******* If This Helps, Please Rate *******

 

 

Labels:
0 Replies 0
Customers Also Viewed These Support Documents