Solved: Help me with MPLS VPN 1 site Rip and 1 site OSPF

cuongbenky · ‎12-07-2013

Hi everybody.

I have a problem with my assignment. Can you help me?

I have a topology of MPLS VPN like this

And my problem is my teacher ask me to configure one site with RIP routing protocol between PE1 and CPE1; another one with OSPF routing protocol between PE2 and CPE2. And this is my problem, i dont know how to do that. If configure two site RIP-RIP or OSPF-OSPF, i can practice immetately but with this problem, i dont know how to start.

Anyone can help me? I'm very apreciate your help.

This is my basic configuration:

Configuration PE1(RIP):

hostname PE1

no ip domain lookup

ip http server

interface loopback 0

ip address 10.0.1.1 255.255.255.255

exit

interface serial 1/0

ip address 10.0.12.1 255.255.255.0

clock rate 64000

no shutdown

exit

router ospf 1

network 10.0.0.0 0.255.255.255 area 0

exit

mpls ldp router-id loopback0 force

interface serial1/0ư

mpls label protocol ldp

mpls ip

exit

ip vrf A

rd 100:1

route-target both 1:100

exit

interface fastethernet 0/0

ip vrf forwarding A

ip address 172.16.100.1 255.255.255.0

no shut

exit

router rip

version 2

address-family ipv4 vrf A

no auto-summary

network 172.16.0.0

redistribute bgp 100 metric transpa

exit

router bgp 100

neighbor 10.0.4.1 remote-as 100

neighbor 10.0.4.1 update-source loopback0

address-family vpnv4

neighbor 10.0.4.1 activate

neighbor 10.0.4.1 send-community both

exit

address-family ipv4 vrf A

redistribute rip

no auto-summary

exit

Configuration PE2 (OSPF):

hostname PE1

no ip domain lookup

ip http server

interface loopback 0

ip address 10.0.4.1 255.255.255.255

exit

interface serial 1/0

ip address 10.0.23.1 255.255.255.0

clock rate 64000

no shutdown

exit

router ospf 1

network 10.0.0.0 0.255.255.255 area 0

exit

mpls ldp router-id loopback0 force

interface serial1/0

mpls label protocol ldp

mpls ip

exit

ip vrf A

rd 100:1

route-target both 1:100

exit

interface fastethernet 0/0

ip vrf forwarding A

ip address 172.16.200.1 255.255.255.0

no shut

exit

router ospf 2 vrf A

network 172.16.0.0 0.0.255.255 area 0

redistribute bgp 100 subnets

exit

router bgp 100

neighbor 10.0.1.1 remote-as 100

neighbor 10.0.1.1 update-source loopback0

address-family vpnv4

neighbor 10.0.1.1 activate

neighbor 10.0.1.1 send-community both

exit

address-family ipv4 vrf A

redistribute ospf 2

no auto-summary

exit

Peter Paluch · ‎12-08-2013

Cuong,

I can not give you the entire solution as that would be harmful to your learning - but let me give you a few hints.

First, when configuring MPLS L3 VPNs and the PE/CE routing, always focus simply on the single location and totally ignore the routing protocol run at other locations. On the CE, you configure the routing protocol in an absolutely normal way, ignoring even the fact that there is anything like a VPN or MPLS somewhere along the path. One CE is going to be configured with totally plain RIPv2, the other with totally plain OSPF preferably in area 0.

The configuration of PE routers is very similar - the only extra facts that need to be taken into account are:

The PE/CE routing protocol has to be run inside the customer's VRF. With RIP and EIGRP, this is done by defining the address-family ipv4 vrf vrf-name inside the RIP or EIGRP process. All settings have to be configured inside this section. Note the error in your configuration here: one one of your PEs: the version 2 RIP command is in the global RIP section, not in the address-family section. If you want to run RIPv2 towards the customer, the version 2 has to be defined in the address-family section as well. With OSPF, the configuration is slightly different - a separate process for a particular VRF is started (you got that part correct).
When redistributing into RIP, do not use metric transparent because RIP has a very limited range of allowable metrics. Instead, redistribute into RIP using an explicit small metric, say, 1.

Try this out - and let us know what you have found out. Step by step, you'll get it working!

Best regards,

Peter

View solution in original post

Peter Paluch · ‎12-08-2013

Cuong,

I can not give you the entire solution as that would be harmful to your learning - but let me give you a few hints.

First, when configuring MPLS L3 VPNs and the PE/CE routing, always focus simply on the single location and totally ignore the routing protocol run at other locations. On the CE, you configure the routing protocol in an absolutely normal way, ignoring even the fact that there is anything like a VPN or MPLS somewhere along the path. One CE is going to be configured with totally plain RIPv2, the other with totally plain OSPF preferably in area 0.

The configuration of PE routers is very similar - the only extra facts that need to be taken into account are:

The PE/CE routing protocol has to be run inside the customer's VRF. With RIP and EIGRP, this is done by defining the address-family ipv4 vrf vrf-name inside the RIP or EIGRP process. All settings have to be configured inside this section. Note the error in your configuration here: one one of your PEs: the version 2 RIP command is in the global RIP section, not in the address-family section. If you want to run RIPv2 towards the customer, the version 2 has to be defined in the address-family section as well. With OSPF, the configuration is slightly different - a separate process for a particular VRF is started (you got that part correct).
When redistributing into RIP, do not use metric transparent because RIP has a very limited range of allowable metrics. Instead, redistribute into RIP using an explicit small metric, say, 1.

Try this out - and let us know what you have found out. Step by step, you'll get it working!

Best regards,

Peter

cuongbenky · ‎12-09-2013

Yeah. I did it. It worked, thank you so much.
But i still dont understand about "metric transparent" and "metric 1" ( 1 is your advice)

With my knowledge, i just know that we use "transparent" in the VPN between two customers and we dont want ISP to see routes of customers. So when RIP distribute to BGP, they dont add the details of hop count into MED feature of BGP, and it's neccesary.

So how about your example "metric 1" ? Can you explain me?

Best Regard !

Peter Paluch · ‎12-11-2013

Cuong,

With my knowledge, i just know that we use "transparent" in the VPN  between two customers and we dont want ISP to see routes of customers

The transparent keyword in the redistribute command does not refer to "hiding networks" but instead to retaking the metric of the route from the source protocol and simply copying it into the destination routing protocol without any change. In your case, the redistribution is from OSPF-to-BGP and from BGP-to-RIP. Note that the metrics in OSPF are quite wide; they are in the range of 1 to (2^24)-1, much more than RIP is capable of understanding. When OSPF is redistributed into BGP, the OSPF costs of routes are stored in the BGP MED (metric) attribute. During the BGP-to-RIP redistribution with the transparent keyword, the router would try to use the BGP MED value, in essence the OSPF's original metric, and advertise it in RIP along with the routes. That would not work, as the maximal usable metric in RIP is 15 and 16 equals to infinity (an unreachable network). If you took the OSPF costs and advertised them into RIP thanks to the transparent keyword, you would create a set of routes whose metric would be, most probably, higher than 15, so they would immediately be advertised into RIP as unreachable. That is why I objected to using the transparent keyword.

The metric 1 causes RIP to take all routes from BGP with the initial metric of 1, disregarding BGP metrics of those routes. They have no meaning in RIP, anyway.

Isolation between MPLS L3VPN customers is provided by means of VRFs. These VRFs also prevent the customers from seeing ISP's networks, and they also allow the ISP to contain customer routes inside their particular VRFs and not leak them into the ISP's core. So the key to isolation between customers in MPLS are the VRFs. The transparent keyword has nothing to do with it.

Best regards,

Peter