Lab4-2.net file for Dynamips:
##################################################
#
# CCNP Version 5.0: Implementing Secure Converged Wide-Area Networks
# Lab 4.2 Challenge Lab: Implementing MPLS VPNs
# By Happy Peter http://blog.xuite.net/juilin77/happy
#
##################################################
autostart=false
[localhost:7200]
workingdir = /opt/dynamips/dynagen-0.10.1/UTS/CCNP2/Lab4-2/workingconfig
[[3640]]
# Specify 3640 IOS image on Windows here:
# image = C:\Program Files\Dynamips\images\c3640-jk9o3s-mz.123-14.T7.extracted.bin
# Specify 3640 IOS image on Linux here:
image = /opt/dynamips/images/c3640-jk.bin
ram = 128
disk0 = 0
disk1 = 0
# Choose an idlepc value from the below
idlepc = 0x605ac7b8
mmap = true
ghostios = true
confreg = 0x2102
###########################
#
# Define router instances 1
#
###########################
[[Router SP1]]
model = 3640
console = 2001
slot0 = NM-4T
slot1 = NM-1FE-TX
[[Router SP2]]
model = 3640
console = 2002
slot0 = NM-4T
s0/0 = SP1 s0/0
s0/1 = SP3 s0/0
[[Router SP3]]
model = 3640
console = 2003
slot0 = NM-4T
[[Router HQ]]
model = 3640
console = 2004
slot0 = NM-1FE-TX
f0/0 = SP1 f1/0
[[Router BRANCH]]
model = 3640
console = 2005
slot0 = NM-4T
s0/0 = SP3 s0/1
Objective:
‧ Configure Open Shortest Path First (OSPF) and Enhanced Interior Gateway Routing Protocol (EIGRP) on a router
‧ Enable MPLS on a router
‧ Verify MPLS implementation
‧ Configure a Virtual Routing/Forwarding (VRF) instance
‧ Use MBGP to exchange VPN routing updates
‧ Verify VPN activity
Scenario:
First, set up the model of both the service provider’s network and the agency’s network. Then use appropriate routing and forwarding techniques to set up an MPLS VPN between the provider edge routers to which the customer connects.
SP1, SP2, and SP3 will represent a service provider network, and HQ and BRANCH will represent the International Travel Agency routers at their headquarters and at a branch site.
Basic Configuration:
enable
configure terminal
!
no ip domain lookup
!
line console 0
logging synchronous
exec-timeout 0 0
!
host R*
Step 1: Configure Addressing
SP1:
nterface Loopback0
ip address 10.0.1.1 255.255.255.255
!
interface Serial0/0
ip address 10.0.12.1 255.255.255.0
clock rate 64000
no shutdown
!
interface FastEthernet1/0
ip address 172.16.100.254 255.255.255.0
no shutdown
SP2:
interface Loopback0
ip address 10.0.2.1 255.255.255.255
!
interface Serial0/0
ip address 10.0.12.2 255.255.255.0
no shutdown
!
interface Serial0/1
ip address 10.0.23.2 255.255.255.0
clock rate 64000
no shutdown
SP3:
interface Loopback0
ip address 10.0.3.1 255.255.255.255
!
interface Serial0/0
ip address 10.0.23.3 255.255.255.0
no shutdown
!
interface Serial0/1
ip address 172.16.200.254 255.255.255.0
no shutdown
HQ:
interface Loopback0
ip address 172.16.10.1 255.255.255.0
!
interface FastEthernet0/0
ip address 172.16.100.1 255.255.255.0
no shutdown
BRANCH:
interface Loopback0
ip address 172.16.20.1 255.255.255.0
!
interface Serial0/0
ip address 172.16.200.1 255.255.255.0
clock rate 64000
no shutdown
Step 2: Configure Routing in the Service Provider Domain
SP1-3:
router ospf 1
network 10.0.0.0 0.255.255.255 area 0
Step 3: Configure MPLS in the SP Domain
On all the service provider routers, force MPLS to use the Loopback 0 interface as the router ID for Label Distribution Protocol (LDP) adjacencies.
SP1-3:
mpls ldp router-id loopback 0 force
SP1:
interface serial 0/0
mpls ip
SP2:
interface serial 0/0
mpls ip
!
interface serial 0/1
mpls ip
SP1-3:
show mpls ldp neighbor
Step 4: Configure a VRF
Configure a route distinguisher (RD) of 100:1 and route target (RT) of 1:100 using this commands
SP1:
ip vrf customer
rd 100:1
route-target both 1:100
SP3:
ip vrf customer
rd 100:1
route-target both 1:100
SP1:
interface fastEthernet 1/0
ip vrf forwarding customer
ip address 172.16.100.254 255.255.255.0
no shutdown
SP3:
interface serial 0/1
ip vrf forwarding customer
ip address 172.16.200.254 255.255.255.0
no shutdown
SP1:
ping vrf customer 172.16.100.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.100.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
SP3:
ping vrf customer 172.16.200.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.200.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/8/24 ms
Step 5: Configure EIGRP AS 1
HQ & BRANCH:
router eigrp 1
no auto-summary
network 172.16.0.0
On the PE routers, the configuration is more complex. Every IGP has a different method of configuring a VRF for it. To implement EIGRP for VRFs, start the EIGRP process by configuring EIGRP AS 100.
Now, to configure EIGRP for an individual VRF instance, use the command "address-family ipv4 vrf name", where name is the name of the VRF instance.
The address-family command creates a logical segment of a routing protocol and its routes and adjacencies in order to separate it from other sets of routes and adjacencies.
SP1 & SP3:
router eigrp 100
address-family ipv4 vrf customer
autonomous-system 1
no auto-summary
network 172.16.0.0
!
show ip route
!
show ip route vrf customer
Step 6: Configure BGP
SP1:
router bgp 100
neighbor 10.0.3.1 remote-as 100
neighbor 10.0.3.1 update-source loopback 0
SP3:
router bgp 100
neighbor 10.0.1.1 remote-as 100
neighbor 10.0.1.1 update-source loopback 0
To configure the exchange of VPNv4 routes over BGP, use the "address-family vpnv4" command. At the address family prompt, activate the BGP neighbor for this address family with "neighbor address activate" command. Activating a neighbor for an address family allows BGP to send routes to and receive routes from the designated neighbor using the specified address family. By default, neighbors are only activated for IPv4.
SP1:
router bgp 100
address-family vpnv4
neighbor 10.0.3.1 activate
neighbor 10.0.3.1 send-community both
SP3:
router bgp 100
address-family vpnv4
neighbor 10.0.1.1 activate
neighbor 10.0.1.1 send-community both
Finally, you need to configure BGP to redistribute the EIGRP routes in the VRF RIB into the BGP protocol so that these are advertised to the remote PE.
SP1 & SP3:
router bgp 100
address-family ipv4 vrf customer
redistribute eigrp 1
Enter the EIGRP instance that contains the VRF configuration on SP1 and SP3 and configure it to redistribute BGP routes.
SP1 & SP3:
router eigrp 100
address-family ipv4 vrf customer
redistribute bgp 100 metric 64 1000 255 1 1500
Step 7: Investigate Control Plane Operation
SP1 & SP3:
show ip route vrf customer
show bgp vpnv4 unicast all
HQ & BRANCH:
show ip route
SP1:
show bgp vpnv4 unicast all 172.16.20.0/24
BGP routing table entry for 100:1:172.16.20.0/24, version 4
Paths: (1 available, best #1, table customer)
Not advertised to any peer
Local
10.0.3.1 (metric 129) from 10.0.3.1 (10.0.3.1)
Origin incomplete, metric 2297856, localpref 100, valid, internal, best
Extended Community: RT:1:100
Cost:pre-bestpath:128:2297856 (default-2145185791) 0x8800:32768:0
0x8801:1:640000 0x8802:65281:1657856 0x8803:65281:1500
mpls labels in/out nolabel/20
SP1 & SP3:
show bgp vpnv4 unicast all labels
SP1 & SP3:
show ip eigrp vrf customer topology 172.16.20.0/24
IP-EIGRP (AS 1): Topology entry for 172.16.20.0/24
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 2297856
Routing Descriptor Blocks:
10.0.3.1, from VPNv4 Sourced, Send flag is 0x0
Composite metric is (2297856/0), Route is Internal (VPNv4 Sourced)
Vector metric:
Minimum bandwidth is 1544 Kbit
Total delay is 25000 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 1
HQ:
HQ#ping 172.16.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/18/28 ms
Step 8: Investigate Forwarding Plane Operation
SP1:
SP1#show ip cef vrf customer 172.16.20.0
172.16.20.0/24, version 10, epoch 0, cached adjacency to Serial0/0
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Se0/0, point2point, tags imposed: {16 20}
via 10.0.3.1, 0 dependencies, recursive
next hop 10.0.12.2, Serial0/0 via 10.0.3.1/32
valid cached adjacency
tag rewrite with Se0/0, point2point, tags imposed: {16 20}
SP1#show mpls ip binding
10.0.1.1/32
in label: imp-null
out label: 17 lsr: 10.0.2.1:0
10.0.2.1/32
in label: 17
out label: imp-null lsr: 10.0.2.1:0 inuse
10.0.3.1/32
in label: 16
out label: 16 lsr: 10.0.2.1:0 inuse
10.0.12.0/24
in label: imp-null
out label: imp-null lsr: 10.0.2.1:0
10.0.23.0/24
in label: 18
out label: imp-null lsr: 10.0.2.1:0 inuse
SP2#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 10.0.3.1/32 4596 Se0/1 point2point
17 Pop tag 10.0.1.1/32 6124 Se0/0 point2point
SP2:
SP2#debug mpls packets
MPLS packet debugging is on
HQ:
HQ#ping 172.16.20.1
Type escape sequence to abort
SP3:
SP3#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 10.0.12.0/24 0 Se0/0 point2point
17 Pop tag 10.0.2.1/32 0 Se0/0 point2point
18 17 10.0.1.1/32 0 Se0/0 point2point
19 Aggregate 172.16.200.0/24[V] \
0
20 Untagged 172.16.20.0/24[V] 1040 Se0/1 point2point
Conclusion:
HQ:
HQ#traceroute 172.16.20.1
Type escape sequence to abort.
Tracing the route to 172.16.20.1
1 172.16.100.254 0 msec 8 msec 4 msec
2 10.0.12.2 [MPLS: Labels 16/20 Exp 0] 4 msec 16 msec 36 msec
3 172.16.200.254 [MPLS: Label 20 Exp 0] 20 msec 12 msec 20 msec
4 172.16.200.1 20 msec * 20 msec
BRANCH:
BRANCH#show ip cef 172.16.100.1
172.16.100.0/24, version 14, epoch 0, cached adjacency to Serial0/0
0 packets, 0 bytes
via 172.16.200.254, Serial0/0, 0 dependencies
next hop 172.16.200.254, Serial0/0
valid cached adjacency
Final Configurations
SP1:
hostname SP1
!
no ip domain lookup
!
ip vrf customer
rd 100:1
route-target export 1:100
route-target import 1:100
!
interface Loopback0
ip address 10.0.1.1 255.255.255.255
!
interface Serial0/0
ip address 10.0.12.1 255.255.255.0
mpls ip
clock rate 64000
no shutdown
!
interface FastEthernet1/0
ip vrf forwarding customer
ip address 172.16.100.254 255.255.255.0
no shutdown
!
router eigrp 100
auto-summary
!
address-family ipv4 vrf customer
redistribute bgp 100 metric 64 1000 255 1 1500
network 172.16.0.0
no auto-summary
autonomous-system 1
exit-address-family
!
router ospf 1
network 10.0.0.0 0.255.255.255 area 0
!
router bgp 100
no synchronization
neighbor 10.0.3.1 remote-as 100
neighbor 10.0.3.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 10.0.3.1 activate
neighbor 10.0.3.1 send-community both
exit-address-family
!
address-family ipv4 vrf customer
redistribute eigrp 1
no synchronization
exit-address-family
!
mpls ldp router-id Loopback0 force
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
SP2:
hostname SP2
!
no ip domain lookup
!
interface Loopback0
ip address 10.0.2.1 255.255.255.255
!
interface Serial0/0
ip address 10.0.12.2 255.255.255.0
mpls ip
no shutdown
!
interface Serial0/1
ip address 10.0.23.2 255.255.255.0
mpls ip
clock rate 64000
no shutdown
!
router ospf 1
network 10.0.0.0 0.255.255.255 area 0
!
mpls ldp router-id Loopback0 force
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
SP3:
hostname SP3
!
no ip domain lookup
!
ip vrf customer
rd 100:1
route-target export 1:100
route-target import 1:100
!
interface Loopback0
ip address 10.0.3.1 255.255.255.255
!
interface Serial0/0
ip address 10.0.23.3 255.255.255.0
mpls ip
no shutdown
!
interface Serial0/1
ip vrf forwarding customer
ip address 172.16.200.254 255.255.255.0
no shutdown
!
router eigrp 100
auto-summary
!
address-family ipv4 vrf customer
redistribute bgp 100 metric 64 1000 255 1 1500
network 172.16.0.0
no auto-summary
autonomous-system 1
exit-address-family
!
router ospf 1
network 10.0.0.0 0.255.255.255 area 0
!
router bgp 100
no synchronization
neighbor 10.0.1.1 remote-as 100
neighbor 10.0.1.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 10.0.1.1 activate
neighbor 10.0.1.1 send-community both
exit-address-family
!
address-family ipv4 vrf customer
redistribute eigrp 1
no synchronization
exit-address-family
!
mpls ldp router-id Loopback0 force
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
HQ:
hostname HQ
!
no ip domain lookup
!
interface Loopback0
ip address 172.16.10.1 255.255.255.0
!
interface FastEthernet0/0
ip address 172.16.100.1 255.255.255.0
no shutdown
!
router eigrp 1
network 172.16.0.0
no auto-summary
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
BRANCH:
hostname BRANCH
!
no ip domain lookup
!
interface Loopback0
ip address 172.16.20.1 255.255.255.0
!
interface Serial0/0
ip address 172.16.200.1 255.255.255.0
clock rate 64000
no shutdown
!
router eigrp 1
network 172.16.0.0
no auto-summary
!
line con 0
exec-timeout 0 0
logging synchronous
!
end
Reference:
Cisco Networking Academy
http://www.cisco.com/web/learning/netacad/index.html
CCNP Version 5.0: Implementing Secure Converged Wide-Area Networks
Student Lab Manual
最初發表 / 最後更新: 2008.10.01 / 2018.06.11
0 comments:
張貼留言