Scenario:
In this lab, I will use the IOU to configure the running RIP in an MPLS VPN.
Shell script:
peter@Home-Server:~$ cat /home/peter/iou/lab/MPLS/lab02/mpls-lab02.sh
#!/bin/bash
#
# Creating 7 routers:
# R1 (Port #2001): e0/0-3 s1/0-3
# R2 (Port #2002): e0/0-3 s1/0-3
# R3 (Port #2003): e0/0-3 s1/0-3
# R4 (Port #2004): e0/0-3 s1/0-3
# R5 (Port #2005): e0/0-3 s1/0-3
# R6 (Port #2006): e0/0-3 s1/0-3
# R7 (Port #2007): e0/0-3 s1/0-3
#
# History:
# This shell sript is for MPLS lab02
# 2011/09/21 by Happy Peter
# Blog: http://blog.xuite.net/juilin77/happy
#
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
#
#iourc Environment Variable
export IOURC=/home/peter/iou/iourc
#
#NETMAP Environment Variable
export NETIO_NETMAP=/home/peter/iou/lab/MPLS/lab02/NETMAP
#
#R1-A1
/home/peter/iou/wrapper-linux -m /home/peter/iou/i86bi_linux-adventerprisek9-ms -p 2001 -- -e 1 -s 1 1 &
sleep 5s
#
#R2-B1
/home/peter/iou/wrapper-linux -m /home/peter/iou/i86bi_linux-adventerprisek9-ms -p 2002 -- -e 1 -s 1 2 &
sleep 5s
#
#R3-PE1
/home/peter/iou/wrapper-linux -m /home/peter/iou/i86bi_linux-adventerprisek9-ms -p 2003 -- -e 1 -s 1 3 &
sleep 5s
#
#R4-P
/home/peter/iou/wrapper-linux -m /home/peter/iou/i86bi_linux-adventerprisek9-ms -p 2004 -- -e 1 -s 1 4 &
sleep 5s
#
#R5-PE2
/home/peter/iou/wrapper-linux -m /home/peter/iou/i86bi_linux-adventerprisek9-ms -p 2005 -- -e 1 -s 1 5 &
sleep 5s
#
#R6-A2
/home/peter/iou/wrapper-linux -m /home/peter/iou/i86bi_linux-adventerprisek9-ms -p 2006 -- -e 1 -s 1 6 &
sleep 5s
#
#R7-B2
/home/peter/iou/wrapper-linux -m /home/peter/iou/i86bi_linux-adventerprisek9-ms -p 2007 -- -e 1 -s 1 7 &
sleep 5s
#
unset NETIO_NETMAP
#
unset IOURC
#
#Checking
exit 0
peter@Home-Server:~$
NETMAP:
peter@Home-Server:~$ cat /home/peter/iou/lab/MPLS/lab02/NETMAP
1:1/0 3:1/0
2:1/0 3:1/1
3:0/0 4:0/0
4:0/1 5:0/0
5:1/0 6:1/0
5:1/1 7:1/0
peter@Home-Server:~$
1. Configuring the interface and other basic router setting:
CE-A1:
hostname CE-A1
!
no ip domain lookup
!
interface Loopback0
ip address 192.168.10.10 255.255.255.0
!
interface Serial1/0
description To_PE1 s1/0
ip address 192.168.13.1 255.255.255.0
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
CE-B1:
hostname CE-B1
!
no ip domain lookup
!
interface Loopback0
ip address 192.168.20.10 255.255.255.0
!
interface Serial1/0
description To_PE1 s1/1
ip address 192.168.23.2 255.255.255.0
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
PE1:
hostname PE1
!
no ip domain lookup
!
interface Loopback0
ip address 192.168.30.10 255.255.255.0
!
interface Ethernet0/0
description To_P e0/0
ip address 192.168.34.3 255.255.255.0
!
interface Serial1/0
description To_CE-A1 s1/0
ip address 192.168.13.3 255.255.255.0
!
interface Serial1/1
description To_CE-B1 s1/0
ip address 192.168.23.3 255.255.255.0
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
P:
hostname P
!
no ip domain lookup
!
interface Loopback0
ip address 192.168.40.10 255.255.255.0
!
interface Ethernet0/0
description To_PE1 e0/0
ip address 192.168.34.4 255.255.255.0
!
interface Ethernet0/1
description To_PE2 e0/0
ip address 192.168.45.4 255.255.255.0
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
PE2:
hostname PE2
!
no ip domain lookup
!
interface Loopback0
ip address 192.168.50.10 255.255.255.0
!
interface Ethernet0/0
description To_P e0/1
ip address 192.168.45.5 255.255.255.0
!
interface Serial1/0
description To_CE-A2 s1/0
ip address 192.168.56.5 255.255.255.0
!
interface Serial1/1
description To_CE-B2 s1/0
ip address 192.168.57.5 255.255.255.0
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
CE-A2:
hostname CE-A2
!
no ip domain lookup
!
interface Loopback0
ip address 192.168.60.10 255.255.255.0
!
interface Serial1/0
description To_PE2 s1/0
ip address 192.168.56.6 255.255.255.0
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
CE-B2:
hostname CE-B2
!
no ip domain lookup
!
interface Loopback0
ip address 192.168.70.10 255.255.255.0
!
interface Serial1/0
description To_PE2 s1/1
ip address 192.168.57.7 255.255.255.0
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
2. Configuring Routing Protocols on the PE1, P and PE2
PE1:
PE1#show running-config | section router rip
router rip
version 2
network 192.168.30.0
network 192.168.34.0
no auto-summary
P:
P#show running-config | section router rip
router rip
version 2
network 192.168.34.0
network 192.168.40.0
network 192.168.45.0
no auto-summary
PE2:
PE2#show running-config | section router rip
router rip
version 2
network 192.168.45.0
network 192.168.50.0
no auto-summary
PE1:
PE1#show running-config | section router bgp
router bgp 65000
no synchronization
neighbor 192.168.50.10 remote-as 65000
neighbor 192.168.50.10 update-source Loopback0
neighbor 192.168.50.10 next-hop-self
no auto-summary
PE2:
PE2#show running-config | section router bgp
router bgp 65000
no synchronization
neighbor 192.168.30.10 remote-as 65000
neighbor 192.168.30.10 update-source Loopback0
neighbor 192.168.30.10 next-hop-self
no auto-summary
PE2#
3. Configuring MPLS in the Core network
PE1:
hostname PE1
!
ip cef
!
mpls ip
!
interface Ethernet0/0
mpls ip
P:
hostname P
!
ip cef
!
mpls ip
!
interface Ethernet0/0
mpls ip
!
interface Ethernet0/1
mpls ip
PE2:
hostname PE2
!
ip cef
!
mpls ip
!
interface Ethernet0/0
mpls ip
4. Configuring Multiprotocol BGP (MP-BGP) on the PE1 and PE2 Routers
PE1:
PE1#show running-config | section router bgp
router bgp 65000
!
address-family vpnv4
neighbor 192.168.50.10 activate
neighbor 192.168.50.10 send-community both
neighbor 192.168.50.10 next-hop-self
exit-address-family
PE2:
PE2#show running-config | section router bgp
router bgp 65000
!
address-family vpnv4
neighbor 192.168.30.10 activate
neighbor 192.168.30.10 send-community both
neighbor 192.168.30.10 next-hop-self
exit-address-family
5. Defining VRFs on the PE1 and PE2 routers to enable Customer-1 and Customer-2 connectivity
PE1:
hostname PE1
!
ip vrf VPN_CE-A
rd 65000:1
route-target export 65000:1
route-target import 65000:1
!
ip vrf VPN_CE-B
rd 65000:2
route-target export 65000:2
route-target import 65000:2
PE2:
hostname PE2
!
ip vrf VPN_CE-A
rd 65000:1
route-target export 65000:1
route-target import 65000:1
!
ip vrf VPN_CE-B
rd 65000:2
route-target export 65000:2
route-target import 65000:2
6. Configuring VRFs Interfaces on PE1 and PE2 Routers for Each VPN Customer
PE1:
hostname PE1
!
interface Serial1/0
description To_CE-A1 s1/0
ip vrf forwarding VPN_CE-A
ip address 192.168.13.3 255.255.255.0
!
interface Serial1/1
description To_CE-B1 s1/0
ip vrf forwarding VPN_CE-B
ip address 192.168.23.3 255.255.255.0
PE2:
hostname PE2
!
interface Serial1/0
description To_CE-A2 s1/0
ip vrf forwarding VPN_CE-A
ip address 192.168.56.5 255.255.255.0
!
interface Serial1/1
description To_CE-B2 s1/0
ip vrf forwarding VPN_CE-B
ip address 192.168.57.5 255.255.255.0
7. Configuring Routing Protocols (RIPv2) Between the PE and CE Routers
CE-A1:
CE-A1#show running-config | section router rip
router rip
version 2
network 192.168.10.0
network 192.168.13.0
no auto-summary
CE-B1:
CE-B1#show running-config | section router rip
router rip
version 2
network 192.168.20.0
network 192.168.23.0
no auto-summary
PE1:
PE1#show running-config | section router rip
router rip
!
address-family ipv4 vrf VPN_CE-A
network 192.168.13.0
no auto-summary
version 2
exit-address-family
!
address-family ipv4 vrf VPN_CE-B
network 192.168.23.0
no auto-summary
version 2
exit-address-family
PE2:
PE2#show running-config | section router rip
router rip
!
address-family ipv4 vrf VPN_CE-A
network 192.168.56.0
no auto-summary
version 2
exit-address-family
!
address-family ipv4 vrf VPN_CE-B
network 192.168.57.0
no auto-summary
version 2
exit-address-family
CE-A2:
CE-A2#show running-config | section router rip
router rip
version 2
network 192.168.56.0
network 192.168.60.0
no auto-summary
CE-B2:
CE-B2#show running-config | section router rip
router rip
version 2
network 192.168.57.0
network 192.168.70.0
no auto-summary
8. Redistribution VRFs routes between BGP and RIP on the PE1 and PE2 routers
PE1:
router bgp 65000
!
address-family ipv4 vrf VPN_CE-A
no synchronization
redistribute rip
exit-address-family
!
address-family ipv4 vrf VPN_CE-B
no synchronization
redistribute rip
exit-address-family
!
router rip
!
address-family ipv4 vrf VPN_CE-A
redistribute bgp 65000 metric transparent
!
address-family ipv4 vrf VPN_CE-B
redistribute bgp 65000 metric transparent
PE2:
router bgp 65000
!
address-family ipv4 vrf VPN_CE-A
no synchronization
redistribute rip
exit-address-family
!
address-family ipv4 vrf VPN_CE-B
no synchronization
redistribute rip
exit-address-family
!
router rip
!
address-family ipv4 vrf VPN_CE-A
redistribute bgp 65000 metric transparent
!
address-family ipv4 vrf VPN_CE-B
redistribute bgp 65000 metric transparent
9. Verifying Connectivity Between MPLS VPN Sites
CE-A1:
CE-A1#ping 192.168.60.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.60.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/17/20 ms
CE-A1#
CE-A1#
CE-A1#
CE-A1#
CE-A1#
CE-A1#traceroute 192.168.60.10
Type escape sequence to abort.
Tracing the route to 192.168.60.10
1 192.168.13.3 8 msec 12 msec 8 msec
2 192.168.34.4 [MPLS: Labels 17/20 Exp 0] 16 msec 20 msec 16 msec
3 192.168.56.5 [MPLS: Label 20 Exp 0] 8 msec 8 msec 12 msec
4 192.168.56.6 16 msec * 16 msec
CE-A1#
CE-B1:
CE-B1#ping 192.168.70.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.70.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/17/20 ms
CE-B1#
CE-B1#
CE-B1#
CE-B1#
CE-B1#
CE-B1#traceroute 192.168.70.10
Type escape sequence to abort.
Tracing the route to 192.168.70.10
1 192.168.23.3 12 msec 8 msec 8 msec
2 192.168.34.4 [MPLS: Labels 17/22 Exp 0] 20 msec 16 msec 20 msec
3 192.168.57.5 [MPLS: Label 22 Exp 0] 8 msec 12 msec 8 msec
4 192.168.57.7 16 msec * 16 msec
CE-B1#
PE1:
PE1#ping 192.168.50.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.50.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
PE1#
PE1#
PE1#
PE1#
PE1#
PE1#ping vrf VPN_CE-A 192.168.60.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.60.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/8/12 ms
PE1#
PE1#
PE1#
PE1#
PE1#
PE1#ping vrf VPN_CE-B 192.168.70.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.70.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/8 ms
PE1#
PE2:
PE2#ping 192.168.30.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.30.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
PE2#
PE2#
PE2#
PE2#
PE2#
PE2#ping vrf VPN_CE-A 192.168.60.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.60.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/9/12 ms
PE2#
PE2#
PE2#
PE2#
PE2#
PE2#ping vrf VPN_CE-B 192.168.70.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.70.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/9/12 ms
PE2#
CE-A2:
CE-A2#ping 192.168.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/17/20 ms
CE-A2#
CE-A2#
CE-A2#
CE-A2#
CE-A2#
CE-A2#traceroute 192.168.10.10
Type escape sequence to abort.
Tracing the route to 192.168.10.10
1 192.168.56.5 8 msec 12 msec 8 msec
2 192.168.45.4 [MPLS: Labels 16/19 Exp 0] 20 msec 16 msec 16 msec
3 192.168.13.3 [MPLS: Label 19 Exp 0] 12 msec 8 msec 8 msec
4 192.168.13.1 16 msec * 16 msec
CE-A2#
CE-B2:
CE-B2#ping 192.168.20.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/17/20 ms
CE-B2#
CE-B2#
CE-B2#
CE-B2#
CE-B2#
CE-B2#traceroute 192.168.20.10
Type escape sequence to abort.
Tracing the route to 192.168.20.10
1 192.168.57.5 12 msec 8 msec 8 msec
2 192.168.45.4 [MPLS: Labels 16/21 Exp 0] 20 msec 16 msec 20 msec
3 192.168.23.3 [MPLS: Label 21 Exp 0] 8 msec 8 msec 8 msec
4 192.168.23.2 20 msec * 16 msec
CE-B2#
10. Verifying routing table Between MPLS VPN Sites
CE-A1:
CE-A1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, Loopback0
L 192.168.10.10/32 is directly connected, Loopback0
192.168.13.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.13.0/24 is directly connected, Serial1/0
L 192.168.13.1/32 is directly connected, Serial1/0
R 192.168.56.0/24 [120/1] via 192.168.13.3, 00:00:18, Serial1/0
R 192.168.60.0/24 [120/2] via 192.168.13.3, 00:00:18, Serial1/0
CE-A1#
CE-B1:
CE-B1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.20.0/24 is directly connected, Loopback0
L 192.168.20.10/32 is directly connected, Loopback0
192.168.23.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.23.0/24 is directly connected, Serial1/0
L 192.168.23.2/32 is directly connected, Serial1/0
R 192.168.57.0/24 [120/1] via 192.168.23.3, 00:00:02, Serial1/0
R 192.168.70.0/24 [120/2] via 192.168.23.3, 00:00:02, Serial1/0
CE-B1#
PE1:
PE1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
192.168.30.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.30.0/24 is directly connected, Loopback0
L 192.168.30.10/32 is directly connected, Loopback0
192.168.34.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.34.0/24 is directly connected, Ethernet0/0
L 192.168.34.3/32 is directly connected, Ethernet0/0
R 192.168.40.0/24 [120/1] via 192.168.34.4, 00:00:24, Ethernet0/0
R 192.168.45.0/24 [120/1] via 192.168.34.4, 00:00:24, Ethernet0/0
R 192.168.50.0/24 [120/2] via 192.168.34.4, 00:00:24, Ethernet0/0
PE1#
PE1#
PE1#
PE1#
PE1#
PE1#show ip route vrf VPN_CE-A
Routing Table: VPN_CE-A
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
R 192.168.10.0/24 [120/1] via 192.168.13.1, 00:00:04, Serial1/0
192.168.13.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.13.0/24 is directly connected, Serial1/0
L 192.168.13.3/32 is directly connected, Serial1/0
B 192.168.56.0/24 [200/0] via 192.168.50.10, 00:25:27
B 192.168.60.0/24 [200/1] via 192.168.50.10, 00:25:27
PE1#
PE1#
PE1#
PE1#
PE1#
PE1#show ip route vrf VPN_CE-B
Routing Table: VPN_CE-B
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
R 192.168.20.0/24 [120/1] via 192.168.23.2, 00:00:05, Serial1/1
192.168.23.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.23.0/24 is directly connected, Serial1/1
L 192.168.23.3/32 is directly connected, Serial1/1
B 192.168.57.0/24 [200/0] via 192.168.50.10, 00:21:51
B 192.168.70.0/24 [200/1] via 192.168.50.10, 00:21:51
PE1#
P:
P#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
R 192.168.30.0/24 [120/1] via 192.168.34.3, 00:00:15, Ethernet0/0
192.168.34.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.34.0/24 is directly connected, Ethernet0/0
L 192.168.34.4/32 is directly connected, Ethernet0/0
192.168.40.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.40.0/24 is directly connected, Loopback0
L 192.168.40.10/32 is directly connected, Loopback0
192.168.45.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.45.0/24 is directly connected, Ethernet0/1
L 192.168.45.4/32 is directly connected, Ethernet0/1
R 192.168.50.0/24 [120/1] via 192.168.45.5, 00:00:11, Ethernet0/1
P#
PE2:
PE2#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
R 192.168.30.0/24 [120/2] via 192.168.45.4, 00:00:04, Ethernet0/0
R 192.168.34.0/24 [120/1] via 192.168.45.4, 00:00:04, Ethernet0/0
R 192.168.40.0/24 [120/1] via 192.168.45.4, 00:00:04, Ethernet0/0
192.168.45.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.45.0/24 is directly connected, Ethernet0/0
L 192.168.45.5/32 is directly connected, Ethernet0/0
192.168.50.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.50.0/24 is directly connected, Loopback0
L 192.168.50.10/32 is directly connected, Loopback0
PE2#
PE2#
PE2#
PE2#
PE2#
PE2#show ip route vrf VPN_CE-A
Routing Table: VPN_CE-A
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
B 192.168.10.0/24 [200/1] via 192.168.30.10, 00:37:20
B 192.168.13.0/24 [200/0] via 192.168.30.10, 00:37:20
192.168.56.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.56.0/24 is directly connected, Serial1/0
L 192.168.56.5/32 is directly connected, Serial1/0
R 192.168.60.0/24 [120/1] via 192.168.56.6, 00:00:12, Serial1/0
PE2#
PE2#
PE2#
PE2#
PE2#
PE2#show ip route vrf VPN_CE-B
Routing Table: VPN_CE-B
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
B 192.168.20.0/24 [200/1] via 192.168.30.10, 00:28:51
B 192.168.23.0/24 [200/0] via 192.168.30.10, 00:28:51
192.168.57.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.57.0/24 is directly connected, Serial1/1
L 192.168.57.5/32 is directly connected, Serial1/1
R 192.168.70.0/24 [120/1] via 192.168.57.7, 00:00:02, Serial1/1
PE2#
CE-A2:
CE-A2#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
R 192.168.10.0/24 [120/2] via 192.168.56.5, 00:00:12, Serial1/0
R 192.168.13.0/24 [120/1] via 192.168.56.5, 00:00:12, Serial1/0
192.168.56.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.56.0/24 is directly connected, Serial1/0
L 192.168.56.6/32 is directly connected, Serial1/0
192.168.60.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.60.0/24 is directly connected, Loopback0
L 192.168.60.10/32 is directly connected, Loopback0
CE-A2#
CE-B2:
CE-B2#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
R 192.168.20.0/24 [120/2] via 192.168.57.5, 00:00:17, Serial1/0
R 192.168.23.0/24 [120/1] via 192.168.57.5, 00:00:17, Serial1/0
192.168.57.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.57.0/24 is directly connected, Serial1/0
L 192.168.57.7/32 is directly connected, Serial1/0
192.168.70.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.70.0/24 is directly connected, Loopback0
L 192.168.70.10/32 is directly connected, Loopback0
CE-B2#
11. Verifying the VPN Configuration
PE1:
PE1#show ip vrf brief
Name Default RD Interfaces
VPN_CE-A 65000:1 Se1/0
VPN_CE-B 65000:2 Se1/1
PE1#
PE1#
PE1#
PE1#
PE1#
PE1#sh ip vrf interfaces
Interface IP-Address VRF Protocol
Se1/0 192.168.13.3 VPN_CE-A up
Se1/1 192.168.23.3 VPN_CE-B up
PE1#
PE2:
PE2#show ip vrf brief
Name Default RD Interfaces
VPN_CE-A 65000:1 Se1/0
VPN_CE-B 65000:2 Se1/1
PE2#
PE2#
PE2#
PE2#
PE2#
PE2#show ip vrf interfaces
Interface IP-Address VRF Protocol
Se1/0 192.168.56.5 VPN_CE-A up
Se1/1 192.168.57.5 VPN_CE-B up
PE2#
12. Final configuration:
CE-A1:
CE-A1#show running-config
hostname CE-A1
!
ip cef
!
no ip domain lookup
!
interface Loopback0
ip address 192.168.10.10 255.255.255.0
!
interface Serial1/0
description To_PE1 s1/0
ip address 192.168.13.1 255.255.255.0
!
router rip
version 2
network 192.168.10.0
network 192.168.13.0
no auto-summary
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
CE-B1:
CE-B1#show running-config
hostname CE-B1
!
ip cef
no ip domain lookup
!
interface Loopback0
ip address 192.168.20.10 255.255.255.0
!
interface Serial1/0
description To_PE1 s1/1
ip address 192.168.23.2 255.255.255.0
!
router rip
version 2
network 192.168.20.0
network 192.168.23.0
no auto-summary
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
PE1:
PE1#show running-config
hostname PE1
!
ip vrf VPN_CE-A
rd 65000:1
route-target export 65000:1
route-target import 65000:1
!
ip vrf VPN_CE-B
rd 65000:2
route-target export 65000:2
route-target import 65000:2
!
ip cef
!
mpls ip
!
no ip domain lookup
!
interface Loopback0
ip address 192.168.30.10 255.255.255.0
!
interface Ethernet0/0
description To_P e0/0
ip address 192.168.34.3 255.255.255.0
mpls ip
!
interface Serial1/0
description To_CE-A1 s1/0
ip vrf forwarding VPN_CE-A
ip address 192.168.13.3 255.255.255.0
!
interface Serial1/1
description To_CE-B1 s1/0
ip vrf forwarding VPN_CE-B
ip address 192.168.23.3 255.255.255.0
!
router rip
version 2
network 192.168.30.0
network 192.168.34.0
no auto-summary
!
address-family ipv4 vrf VPN_CE-B
redistribute bgp 65000 metric transparent
network 192.168.23.0
no auto-summary
version 2
exit-address-family
!
address-family ipv4 vrf VPN_CE-A
redistribute bgp 65000 metric transparent
network 192.168.13.0
no auto-summary
version 2
exit-address-family
!
router bgp 65000
no synchronization
neighbor 192.168.50.10 remote-as 65000
neighbor 192.168.50.10 update-source Loopback0
neighbor 192.168.50.10 next-hop-self
no auto-summary
!
address-family vpnv4
neighbor 192.168.50.10 activate
neighbor 192.168.50.10 send-community both
neighbor 192.168.50.10 next-hop-self
exit-address-family
!
address-family ipv4 vrf VPN_CE-A
no synchronization
redistribute rip
exit-address-family
!
address-family ipv4 vrf VPN_CE-B
no synchronization
redistribute rip
exit-address-family
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
P:
P#show running-config
hostname P
!
ip cef
!
mpls ip
!
no ip domain lookup
!
interface Loopback0
ip address 192.168.40.10 255.255.255.0
!
interface Ethernet0/0
description To_PE1 e0/0
ip address 192.168.34.4 255.255.255.0
mpls ip
!
interface Ethernet0/1
description To_PE2 e0/0
ip address 192.168.45.4 255.255.255.0
mpls ip
!
router rip
version 2
network 192.168.34.0
network 192.168.40.0
network 192.168.45.0
no auto-summary
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
PE2:
PE2#show running-config
hostname PE2
!
ip vrf VPN_CE-A
rd 65000:1
route-target export 65000:1
route-target import 65000:1
!
ip vrf VPN_CE-B
rd 65000:2
route-target export 65000:2
route-target import 65000:2
!
ip cef
!
mpls ip
!
no ip domain lookup
!
interface Loopback0
ip address 192.168.50.10 255.255.255.0
!
interface Ethernet0/0
description To_P e0/1
ip address 192.168.45.5 255.255.255.0
mpls ip
!
interface Serial1/0
description To_CE-A2 s1/0
ip vrf forwarding VPN_CE-A
ip address 192.168.56.5 255.255.255.0
!
interface Serial1/1
description To_CE-B2 s1/0
ip vrf forwarding VPN_CE-B
ip address 192.168.57.5 255.255.255.0
!
router rip
version 2
network 192.168.45.0
network 192.168.50.0
no auto-summary
!
address-family ipv4 vrf VPN_CE-B
redistribute bgp 65000 metric transparent
network 192.168.57.0
no auto-summary
version 2
exit-address-family
!
address-family ipv4 vrf VPN_CE-A
redistribute bgp 65000 metric transparent
network 192.168.56.0
no auto-summary
version 2
exit-address-family
!
router bgp 65000
no synchronization
neighbor 192.168.30.10 remote-as 65000
neighbor 192.168.30.10 update-source Loopback0
neighbor 192.168.30.10 next-hop-self
no auto-summary
!
address-family vpnv4
neighbor 192.168.30.10 activate
neighbor 192.168.30.10 send-community both
neighbor 192.168.30.10 next-hop-self
exit-address-family
!
address-family ipv4 vrf VPN_CE-A
no synchronization
redistribute rip
exit-address-family
!
address-family ipv4 vrf VPN_CE-B
no synchronization
redistribute rip
exit-address-family
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
CE-A2:
CE-A2#show running-config
hostname CE-A2
!
ip cef
!
no ip domain lookup
!
interface Loopback0
ip address 192.168.60.10 255.255.255.0
!
interface Serial1/0
description To_PE2 s1/0
ip address 192.168.56.6 255.255.255.0
!
!
router rip
version 2
network 192.168.56.0
network 192.168.60.0
no auto-summary
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
CE-B2:
CE-B2#show running-config
hostname CE-B2
!
ip cef
!
no ip domain lookup
!
interface Loopback0
ip address 192.168.70.10 255.255.255.0
!
interface Serial1/0
description To_PE2 s1/1
ip address 192.168.57.7 255.255.255.0
no fair-queue
serial restart-delay 0
!
router rip
version 2
network 192.168.57.0
network 192.168.70.0
no auto-summary
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
Reference:
1. CCIP: MPLS Study Guide (ISBN-13: 978-0782140965)
http://www.amazon.com/CCIP-Study-Guide-James-Regan/dp/0782140963
2. Configuring MPLS Layer 3 VPNs
http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_cfg_layer3_vpn_ps6350_TSD_Products_Configuration_Guide_Chapter.html
最初發表 / 最後更新: 2011.10.02 / 2018.06.08
0 comments:
張貼留言