• About

blog.alam.rocks

blog.alam.rocks

Tag Archives: MPLS L3 VPN

MPLS Layer3 VPN : Part 3 (Configure L3 VPN for CUSTOMER2)

15 Monday Apr 2013

Posted by Fakrul Alam in Uncategorized

≈ Leave a comment

Tags

cisco, mpls, MPLS L3 VPN

image

In this phase L3VPN is configured for CUSTOMER2. It is same for CUSTOMER1 but only difference is that between PE router R1 and CE router C2S1 protocol will be OSPF.

PHASE 3: Configure L3 VPN for CUSTOMER2

1. Create Separate VRF for CUSTOMER1

R1(config)#ip vrf CUSTOMER2
R1(config-vrf)#rd 500:2
R1(config-vrf)#route-target export 500:2
R1(config-vrf)#route-target import 500:2

2. MP-BGP with R4, actiavte VPNv4 and redistribute OSPF route to BGP

2.A Configurer MP-BGP/Activate VPNv4
As MP-BGP in place with R1 and R4 (configured in phase 2) do not need configure anything new.

2.B Redistribute CUSTOMER2 VRF OSPF route to BGP

R1(config-router-af)#address-family ipv4 vrf CUSTOMER2
R1(config-router-af)#redistribute ospf 102 match internal
R1(config-router-af)#no auto-summary

3. Create OSPF with R1 and C2S1 and redistribute BGP to OSPF

R1(config)#router ospf 102 vrf CUSTOMER2
R1(config-router)#network 192.168.100.0 0.0.0.3 area 0
R1(config-router)#redistribute bgp 500 subnets

4. Put interface or R1 & R4 in related VRF.

R1(config)#interface FastEthernet2/0
R1(config-if)#ip vrf forwarding CUSTOMER2

PE router R4 configuration will be similar to R1. Bellow is the configuration of R4

R4:

ip vrf CUSTOMER2

rd 500:2

route-target export 500:2
route-target import 500:2
!
interface FastEthernet2/0
ip vrf forwarding CUSTOMER2
!
router ospf 102 vrf CUSTOMER2
log-adjacency-changes
redistribute bgp 500 subnets
network 192.168.110.0 0.0.0.3 area 0
!
router bgp 500
no synchronization
bgp log-neighbor-changes
neighbor 10.10.10.1 remote-as 500
neighbor 10.10.10.1 update-source Loopback0
no auto-summary
 !
address-family vpnv4
neighbor 10.10.10.1 activate
neighbor 10.10.10.1 next-hop-self
neighbor 10.10.10.1 send-community extended
exit-address-family
 !
address-family ipv4 vrf CUSTOMER2
redistribute ospf 102 match internal
no auto-summary
no synchronization
exit-address-family
 !

Check the VRF table for CUSTOMER2

R4#show ip route vrf CUSTOMER2

Routing Table: CUSTOMER2
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

192.168.110.0/30 is subnetted, 1 subnets
C 192.168.110.0 is directly connected, FastEthernet2/0
172.173.0.0/32 is subnetted, 2 subnets
B 172.173.1.1 [200/2] via 10.10.10.1, 02:03:24
O 172.173.2.1 [110/2] via 192.168.110.2, 01:58:20, FastEthernet2/0
192.168.100.0/30 is subnetted, 1 subnets
B 192.168.100.0 [200/0] via 10.10.10.1, 02:03:24

R4 is receiving 172.173.1.0/24 as BGP route via 10.10.10.1. This route is coming via OSPF from C2S1 to R1; R1 is announcing this via MP-BGP to R4. R4 remove MPLS and VPN tag and install it CUSTOMER1 VRF table.

If you check carefully, there is no related route (172.173.1.0/.24 or 172.173.2.0/24) in provider core router(R2,R3 or R5). These routers are not aware about these routes.

C2S1#traceroute

Protocol [ip]:
Target IP address: 172.173.2.1
Source address: 172.173.1.1
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:

Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 172.173.2.1

1 192.168.100.1 56 msec 76 msec 4 msec
2 192.168.12.2 [MPLS: Labels 22/27 Exp 0] 140 msec 132 msec 160 msec
3 192.168.23.2 [MPLS: Labels 20/27 Exp 0] 168 msec 112 msec 140 msec
4 192.168.110.1 [MPLS: Label 27 Exp 0] 100 msec 356 msec 108 msec
5 192.168.110.2 132 msec * 100 msec

MPLS Layer3 VPN : Part 2 (Configure L3 VPN for CUSTOMER1)

15 Monday Apr 2013

Posted by Fakrul Alam in Uncategorized

≈ Leave a comment

Tags

cisco, mpls, MPLS L3 VPN

image

MPLS L3 VPN involves following steps:

Step 1: The CE router sends an IPv4 routing update to the PE Router.
Step 2: A 64 bit RD is prepended to the customer IPv4 prefix to make it globally unique, resulting in a 96-bit VPNv4 prefix.
Step 3: A 96 bit VPNv4 prefix is propagated via MP-BGP to the other PE router.
Step 4: The RD is removed from the VPNv4 prefix, resulting in a 32 bit IPv4 prefix.
Step 5: The PE router sends the resulting IPv4 prefix to the CE router.

For the provider R1 & R4 work as PE Router.

PHASE 2: Configure L3 VPN for CUSTOMER1

1. Create Separate VRF for CUSTOMER1
R1(config)#ip vrf CUSTOMER1
R1(config-vrf)#rd 500:1
R1(config-vrf)#route-target export 500:1
R1(config-vrf)#route-target import 500:1

2. MP-BGP with R4, actiavte VPNv4 and redistribute static route to BGP
2.A Configurer MP-BGP

R1(config)#router bgp 500
R1(config-router)#neighbor 10.10.10.4 remote-as 500
R1(config-router)#neighbor 10.10.10.4 update-source Loopback0

2.B Activate VPNv4

R1(config-router)# address-family vpnv4
R1(config-router-af)#neighbor 10.10.10.4 activate
R1(config-router-af)#neighbor 10.10.10.4 next-hop-self
R1(config-router-af)#neighbor 10.10.10.4 send-community extended

2.C Redistribute CUSTOMER1 VRF static route to BGP

R1(config-router-af)#address-family ipv4 vrf CUSTOMER1
R1(config-router-af)#redistribute static
R1(config-router-af)#no auto-summary

3. Create static route in CUSTOMER1 VRF.

R1(config)#ip route vrf CUSTOMER1 172.172.1.0 255.255.255.0 192.168.10.2

4. Put interface or R1 & R4 in related VRF.

R1(config)#interface FastEthernet1/0
R1(config-if)#ip vrf forwarding CUSTOMER1

5. From C1S1 route just provide a default route to R1.

PE router R4 configuration will be similar to R1. Bellow is the configuration of R4

R4:

ip vrf CUSTOMER1
rd 500:1
route-target export 500:1
route-target import 500:1
!
interface FastEthernet1/0
ip vrf forwarding CUSTOMER1
!
router bgp 500
no synchronization
bgp log-neighbor-changes
neighbor 10.10.10.1 remote-as 500
neighbor 10.10.10.1 update-source Loopback0
no auto-summary
 !
address-family vpnv4
neighbor 10.10.10.1 activate
neighbor 10.10.10.1 next-hop-self
neighbor 10.10.10.1 send-community extended
exit-address-family
 !
address-family ipv4 vrf CUSTOMER1
redistribute static
no auto-summary
no synchronization
exit-address-family
!
ip route vrf CUSTOMER1 172.172.2.0 255.255.255.0 192.168.11.2

Check the VRF table for CUSTOMER1

R4#show ip route vrf CUSTOMER1

Routing Table: CUSTOMER1
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

172.172.0.0/24 is subnetted, 2 subnets
B 172.172.1.0 [200/0] via 10.10.10.1, 01:35:55
S 172.172.2.0 [1/0] via 192.168.11.2
192.168.11.0/30 is subnetted, 1 subnets
C 192.168.11.0 is directly connected, FastEthernet1/0

R4 is receiving 172.172.1.0/24 as BGP route via 10.10.10.1. This route is coming statically coming to R1; R1 is announcing this via MP-BGP to R4. R4 remove MPLS and VPN tag and install it CUSTOMER1 VRF table.

If you check carefully, there is no related route (172.172.1.0/.24 or 172.172.2.0/24) in provider core router(R2,R3 or R5). These routers are not aware about these routes.

Check the reachability from C1S1:

C1S1# traceroute
Protocol [ip]:
Target IP address: 172.172.2.1
Source address: 172.172.1.1
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 172.172.2.1

1 192.168.10.1 12 msec 24 msec 8 msec
2 192.168.12.2 [MPLS: Labels 22/25 Exp 0] 112 msec 160 msec 136 msec
3 192.168.23.2 [MPLS: Labels 20/25 Exp 0] 92 msec 156 msec 148 msec
4 192.168.11.1 [MPLS: Label 25 Exp 0] 80 msec 112 msec 112 msec
5 192.168.11.2 96 msec * 104 msec

MPLS Layer3 VPN : Part 1 (Enable MPLS in Provider Core)

15 Monday Apr 2013

Posted by Fakrul Alam in Uncategorized

≈ Leave a comment

Tags

cisco, mpls, MPLS L3 VPN

image

Loopback Interface:
R1: 10.10.10.1/32
R2: 10.10.10.2/32
R3: 10.10.10.3/32
R4: 10.10.10.4/32
R5: 10.10.10.5/32

Connectivity between Provider Routers:
IP block used to connect Provider routers is 192.168. In additional there is additional loopback1 interface in R1(172.16.1.0/24) & R4(172.16.4.0/24).

OSPF as IGP used in provider network.

Provider has two customer. Customer1 Site1 will communicate with Customer1 Site2. For this Customer1 will connect with Provider via static route. Customer2 Site1 will communicate with Customer2 Site2. For this Customer2 will connect with Provider via OSPF.

TASK:
1. Configure interface accordingly.
2. Enable OSPF as IGP in Provider Core.
3. Enable MPLS in Provider Core.
4. Ensure that R1 loopback1 is reachable from R4 loopback1
5. Check the MPLS lable and tags.

Bellow is the standard templates used for all the routers:

hostname ROUTERNAME
ip cef
no ip domain-lookup
no ip http server
no ip http secure-server
no ip finger
no service pad
no service udp-small-server
no service tcp-small-server
no ip bootp server
no ip source-route
logging source-interface loopback 0
logging buffered 16384
service timestamps debug datetime msec
service timestamps log datetime msec
clock timezone UTC 06
ip routing
ip subnet-zero
ip classless
!
line console 0
logging synchronous
transport preferred none
exec-timeout 0 0

PHASE 1:

In PHASE 1 we enable MPLS in provider routers.

1. Enable CEF globally

R1(config)#ip cef

2. Activate LDP

R1(config)#mpls label protocol ldp

3. Enable MPLS per interface

R1(config-if)#mpls ip

[Please do the same for the rest of the routers R2, R3, R4 & R5]

Bellow are the routers configurations:

R1:

interface Loopback0
ip address 10.10.10.1 255.255.255.255
!
interface Loopback1
ip address 172.16.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.252
duplex auto
speed auto
mpls label protocol ldp
tag-switching ip
!
router ospf 100
network 10.10.10.1 0.0.0.0 area 0
network 172.16.1.0 0.0.0.255 area 0
network 192.168.12.0 0.0.0.3 area 0

R2:

interface Loopback0
ip address 10.10.10.2 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.252
duplex auto
speed auto
mpls label protocol ldp
tag-switching ip
!
interface FastEthernet1/0
ip address 192.168.23.1 255.255.255.252
duplex auto
speed auto
mpls label protocol ldp
tag-switching ip
!
interface FastEthernet2/0
ip address 192.168.25.1 255.255.255.252
duplex auto
speed auto
mpls label protocol ldp
tag-switching ip
!
router ospf 100
log-adjacency-changes
network 10.10.10.2 0.0.0.0 area 0
network 192.168.12.0 0.0.0.3 area 0
network 192.168.23.0 0.0.0.3 area 0
network 192.168.25.0 0.0.0.3 area 0

R3:

interface Loopback0
ip address 10.10.10.3 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.23.2 255.255.255.252
duplex auto
speed auto
mpls label protocol ldp
tag-switching ip
!
interface FastEthernet1/0
ip address 192.168.34.1 255.255.255.252
duplex auto
speed auto
mpls label protocol ldp
tag-switching ip
!
interface FastEthernet2/0
ip address 192.168.35.1 255.255.255.252
duplex auto
speed auto
mpls label protocol ldp
tag-switching ip
!
router ospf 100
log-adjacency-changes
network 10.10.10.3 0.0.0.0 area 0
network 192.168.23.0 0.0.0.3 area 0
network 192.168.34.0 0.0.0.3 area 0
network 192.168.35.0 0.0.0.3 area 0

R4:

interface Loopback0
ip address 10.10.10.4 255.255.255.255
!
interface Loopback1
ip address 172.16.4.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.34.2 255.255.255.252
duplex auto
speed auto
mpls label protocol ldp
tag-switching ip
!
router ospf 100
log-adjacency-changes
network 10.10.10.4 0.0.0.0 area 0
network 172.16.4.0 0.0.0.255 area 0
network 192.168.34.0 0.0.0.3 area 0

R5:

interface Loopback0
ip address 10.10.10.5 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.35.2 255.255.255.252
duplex auto
speed auto
mpls label protocol ldp
tag-switching ip
!
interface FastEthernet1/0
ip address 192.168.25.2 255.255.255.252
duplex auto
speed auto
mpls label protocol ldp
tag-switching ip
!
router ospf 100
log-adjacency-changes
network 10.10.10.5 0.0.0.0 area 0
network 192.168.25.0 0.0.0.3 area 0
network 192.168.35.0 0.0.0.3 area 0

Few output:

R1#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 192.168.23.0/30 0 Fa0/0 192.168.12.2
17 17 192.168.35.0/30 0 Fa0/0 192.168.12.2
18 16 192.168.34.0/30 0 Fa0/0 192.168.12.2
19 Pop tag 192.168.25.0/30 0 Fa0/0 192.168.12.2
20 Pop tag 10.10.10.2/32 0 Fa0/0 192.168.12.2
21 19 10.10.10.3/32 0 Fa0/0 192.168.12.2
22 20 10.10.10.5/32 0 Fa0/0 192.168.12.2
23 22 10.10.10.4/32 0 Fa0/0 192.168.12.2
24 23 172.16.4.1/32 0 Fa0/0 192.168.12.2

R1#traceroute
Protocol [ip]:
Target IP address: 172.16.4.1
Source address: 172.16.1.1
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 172.16.4.1

1 192.168.12.2 [MPLS: Label 23 Exp 0] 140 msec 136 msec 252 msec
2 192.168.23.2 [MPLS: Label 23 Exp 0] 100 msec 156 msec 16 msec
3 192.168.34.2 316 msec * 8 msec

In next blog we will configure MPLS L3 VPN for Customer 1 & Customer 2.

Social

  • View rapappu’s profile on Twitter
  • View fakrulalam’s profile on LinkedIn
  • View fakrul’s profile on GitHub
  • View FakrulAlamPappu’s profile on Google+
  • View fakrulalam’s profile on Flickr

Twitter Updates

  • #sydeny #summer https://t.co/4FhMTbgG1g 1 week ago
  • RT @protocoljournal: The August 2022 issue of IPJ is ready. Head over to protocoljournal.org for your copy! https://t.co/c0dfwBQAuu 3 weeks ago
  • RT @teamcymru: Take The first step toward clarity, visibility, and reducing external asset related risks With our free Attack Surface Asses… 3 weeks ago
  • RT @akanygren: Have you been working with tech for years and want an overview of #IPv6? I've been working on an open source "Inessential I… 1 month ago
  • blog.lastpass.com/2022/11/notice… 2 months ago
  • #bdnog15 CfP is now open bdnog.org/bdnog15/cfp.php #bdnog #bangladesh #nog #networkoperatorsgroup 2 months ago
  • RT @Cloudflare: Today we’re introducing Cloudflare Radar’s route leak data and API so that anyone can get information about route leaks acr… 2 months ago
  • Battling Zimbabwe fall short as Bangladesh win in chaotic final-over finish espncricinfo.com/series/icc-men… #t20 #worldcup #bangladeh 3 months ago
  • RT @vince2_: With the team @Free_1337, we have developed a Netflow/IPFIX collector and visualizer. It is available at https://t.co/6XtpOtm9… 6 months ago
  • RT @openbsdnow: Effective Shell effective-shell.com 7 months ago
  • RT @nocontextfooty: https://t.co/PU0JeRSrbD 7 months ago
  • smallstep.com/blog/if-openss… 7 months ago
  • github.com/tldr-pages/tldr 9 months ago
  • How to properly interpret a traceroute or MTR | APNIC Blog blog.apnic.net/2022/03/28/how… 9 months ago
  • #dayandnight #Newcastle #beachlife https://t.co/LaKATcEsFY 10 months ago
Follow @rapappu

Tags

antismap antivirus automation Azure bangladesh BASH BASH Script BDCERT bgp bind ccsp centos CentOS mirror CERT CISA cisco Cyber Security ddos dhaka dhakacom DNS DNSSEC GSM intrusion detectoin system Intrusion prevention system ips IPv6 ISACA junos linux Looking Glass lxc lxc profile lxd mailqueue mailscanner Mail Server mailwatch Meraki mikrotik monitor mpls MPLS L3 VPN mysql My Work network network management nginx NSD observium OpenVPN perl PHP ping postfix Proxy PTA python RANCID Reading RPKI Shell Script sms sms server SNMP SSH Tutorial ubuntu Ubuntu Mirror Server Virtual Box vispan vmware websvn Youtube hack খামাখা

Blog at WordPress.com.

  • Follow Following
    • blog.alam.rocks
    • Join 27 other followers
    • Already have a WordPress.com account? Log in now.
    • blog.alam.rocks
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar