Published 6月 11, 2018 by with 0 comment

CCNP-ISCW-v5.0 Lab 4-2: Implementing MPLS VPNs


Lab4-2.net file for Dynamips:

##################################################
#
# CCNP Version 5.0: Implementing Secure Converged Wide-Area Networks
# Lab 4.2 Challenge Lab: Implementing MPLS VPNs
# By Happy Peter  http://blog.xuite.net/juilin77/happy
#
##################################################

autostart=false
[localhost:7200]
workingdir = /opt/dynamips/dynagen-0.10.1/UTS/CCNP2/Lab4-2/workingconfig

[[3640]]
#  Specify 3640 IOS image on Windows here:
#  image = C:\Program Files\Dynamips\images\c3640-jk9o3s-mz.123-14.T7.extracted.bin
#  Specify 3640 IOS image on Linux here:
 image = /opt/dynamips/images/c3640-jk.bin
 ram = 128
 disk0 = 0
 disk1 = 0
 # Choose an idlepc value from the below
 idlepc = 0x605ac7b8
 mmap = true
 ghostios = true
 confreg = 0x2102

###########################
#
# Define router instances 1
#
###########################
 
 [[Router SP1]]
  model = 3640
  console = 2001
  slot0 = NM-4T
  slot1 = NM-1FE-TX

 [[Router SP2]]
  model = 3640
  console = 2002
  slot0 = NM-4T
  s0/0 = SP1 s0/0
  s0/1 = SP3 s0/0

 [[Router SP3]]
  model = 3640
  console = 2003
  slot0 = NM-4T

 [[Router HQ]]
  model = 3640
  console = 2004
  slot0 = NM-1FE-TX
  f0/0 = SP1 f1/0

 [[Router BRANCH]]
  model = 3640
  console = 2005
  slot0 = NM-4T
  s0/0 = SP3 s0/1

Objective:
‧ Configure Open Shortest Path First (OSPF) and Enhanced Interior Gateway Routing Protocol (EIGRP) on a router
‧ Enable MPLS on a router
‧ Verify MPLS implementation
‧ Configure a Virtual Routing/Forwarding (VRF) instance
‧ Use MBGP to exchange VPN routing updates
‧ Verify VPN activity


Scenario:
First, set up the model of both the service provider’s network and the agency’s network. Then use appropriate routing and forwarding techniques to set up an MPLS VPN between the provider edge routers to which the customer connects.
SP1, SP2, and SP3 will represent a service provider network, and HQ and BRANCH will represent the International Travel Agency routers at their headquarters and at a branch site.


Basic Configuration:
enable
configure terminal
!
no ip domain lookup
!
line console 0
 logging synchronous
 exec-timeout 0 0
!
host R*


Step 1: Configure Addressing
SP1:
nterface Loopback0
 ip address 10.0.1.1 255.255.255.255
!       
interface Serial0/0
 ip address 10.0.12.1 255.255.255.0
 clock rate 64000
 no shutdown
!
interface FastEthernet1/0
 ip address 172.16.100.254 255.255.255.0
 no shutdown

SP2:
interface Loopback0
 ip address 10.0.2.1 255.255.255.255
!       
interface Serial0/0
 ip address 10.0.12.2 255.255.255.0
 no shutdown
!
interface Serial0/1
 ip address 10.0.23.2 255.255.255.0
 clock rate 64000
 no shutdown

SP3:
interface Loopback0
 ip address 10.0.3.1 255.255.255.255
!       
interface Serial0/0
 ip address 10.0.23.3 255.255.255.0
 no shutdown
!
interface Serial0/1
 ip address 172.16.200.254 255.255.255.0
 no shutdown

HQ:
interface Loopback0
 ip address 172.16.10.1 255.255.255.0
!       
interface FastEthernet0/0
 ip address 172.16.100.1 255.255.255.0
 no shutdown

BRANCH:
interface Loopback0
 ip address 172.16.20.1 255.255.255.0
!       
interface Serial0/0
 ip address 172.16.200.1 255.255.255.0
 clock rate 64000
 no shutdown


Step 2: Configure Routing in the Service Provider Domain
SP1-3:
router ospf 1
 network 10.0.0.0 0.255.255.255 area 0


Step 3: Configure MPLS in the SP Domain
On all the service provider routers, force MPLS to use the Loopback 0 interface as the router ID for Label Distribution Protocol (LDP) adjacencies.
SP1-3:
mpls ldp router-id loopback 0 force

SP1:
interface serial 0/0
 mpls ip

SP2:
interface serial 0/0
 mpls ip
!
interface serial 0/1
 mpls ip

SP1-3:
show mpls ldp neighbor


Step 4: Configure a VRF
Configure a route distinguisher (RD) of 100:1 and route target (RT) of 1:100 using this commands
SP1:
ip vrf customer
 rd 100:1
 route-target both 1:100

SP3:
ip vrf customer
 rd 100:1
 route-target both 1:100

SP1:
interface fastEthernet 1/0
 ip vrf forwarding customer
 ip address 172.16.100.254 255.255.255.0
 no shutdown

SP3:
interface serial 0/1
 ip vrf forwarding customer
 ip address 172.16.200.254 255.255.255.0
 no shutdown

SP1:
ping vrf customer 172.16.100.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.100.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

SP3:
ping vrf customer 172.16.200.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.200.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/8/24 ms


Step 5: Configure EIGRP AS 1
HQ & BRANCH:
router eigrp 1
 no auto-summary
 network 172.16.0.0

On the PE routers, the configuration is more complex. Every IGP has a different method of configuring a VRF for it. To implement EIGRP for VRFs, start the EIGRP process by configuring EIGRP AS 100.
Now, to configure EIGRP for an individual VRF instance, use the command "address-family ipv4 vrf name", where name is the name of the VRF instance.
The address-family command creates a logical segment of a routing protocol and its routes and adjacencies in order to separate it from other sets of routes and adjacencies.
SP1 & SP3:
router eigrp 100
 address-family ipv4 vrf customer
 autonomous-system 1
 no auto-summary
 network 172.16.0.0
!
show ip route
!
show ip route vrf customer



Step 6: Configure BGP
SP1:
router bgp 100
 neighbor 10.0.3.1 remote-as 100
 neighbor 10.0.3.1 update-source loopback 0

SP3:
router bgp 100
 neighbor 10.0.1.1 remote-as 100
 neighbor 10.0.1.1 update-source loopback 0

To configure the exchange of VPNv4 routes over BGP, use the "address-family vpnv4" command. At the address family prompt, activate the BGP neighbor for this address family with "neighbor address activate" command. Activating a neighbor for an address family allows BGP to send routes to and receive routes from the designated neighbor using the specified address family. By default, neighbors are only activated for IPv4.
SP1:
router bgp 100
 address-family vpnv4
 neighbor 10.0.3.1 activate
 neighbor 10.0.3.1 send-community both

SP3:
router bgp 100
 address-family vpnv4
 neighbor 10.0.1.1 activate
 neighbor 10.0.1.1 send-community both

Finally, you need to configure BGP to redistribute the EIGRP routes in the VRF RIB into the BGP protocol so that these are advertised to the remote PE.
SP1 & SP3:
router bgp 100
 address-family ipv4 vrf customer
 redistribute eigrp 1

Enter the EIGRP instance that contains the VRF configuration on SP1 and SP3 and configure it to redistribute BGP routes.
SP1 & SP3:
router eigrp 100
 address-family ipv4 vrf customer
 redistribute bgp 100 metric 64 1000 255 1 1500


Step 7: Investigate Control Plane Operation
SP1 & SP3:
show ip route vrf customer
show bgp vpnv4 unicast all

HQ & BRANCH:
show ip route

SP1:
show bgp vpnv4 unicast all 172.16.20.0/24
BGP routing table entry for 100:1:172.16.20.0/24, version 4
Paths: (1 available, best #1, table customer)
  Not advertised to any peer
  Local
    10.0.3.1 (metric 129) from 10.0.3.1 (10.0.3.1)
      Origin incomplete, metric 2297856, localpref 100, valid, internal, best
      Extended Community: RT:1:100
        Cost:pre-bestpath:128:2297856 (default-2145185791) 0x8800:32768:0
        0x8801:1:640000 0x8802:65281:1657856 0x8803:65281:1500
      mpls labels in/out nolabel/20

SP1 & SP3:
show bgp vpnv4 unicast all labels

SP1 & SP3:
show ip eigrp vrf customer topology 172.16.20.0/24
IP-EIGRP (AS 1): Topology entry for 172.16.20.0/24
  State is Passive, Query origin flag is 1, 1 Successor(s), FD is 2297856
  Routing Descriptor Blocks:
  10.0.3.1, from VPNv4 Sourced, Send flag is 0x0
      Composite metric is (2297856/0), Route is Internal (VPNv4 Sourced)
      Vector metric:
        Minimum bandwidth is 1544 Kbit
        Total delay is 25000 microseconds
        Reliability is 255/255
        Load is 1/255
        Minimum MTU is 1500
        Hop count is 1

HQ:
HQ#ping 172.16.20.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/18/28 ms


Step 8: Investigate Forwarding Plane Operation
SP1:
SP1#show ip cef vrf customer 172.16.20.0
172.16.20.0/24, version 10, epoch 0, cached adjacency to Serial0/0
0 packets, 0 bytes
  tag information set
    local tag: VPN-route-head
    fast tag rewrite with Se0/0, point2point, tags imposed: {16 20}
  via 10.0.3.1, 0 dependencies, recursive
    next hop 10.0.12.2, Serial0/0 via 10.0.3.1/32
    valid cached adjacency
    tag rewrite with Se0/0, point2point, tags imposed: {16 20}

SP1#show mpls ip binding   
  10.0.1.1/32
        in label:     imp-null
        out label:    17        lsr: 10.0.2.1:0    
  10.0.2.1/32
        in label:     17      
        out label:    imp-null  lsr: 10.0.2.1:0       inuse
  10.0.3.1/32
        in label:     16      
        out label:    16        lsr: 10.0.2.1:0       inuse
  10.0.12.0/24
        in label:     imp-null
        out label:    imp-null  lsr: 10.0.2.1:0    
  10.0.23.0/24
        in label:     18      
        out label:    imp-null  lsr: 10.0.2.1:0       inuse

SP2#show mpls forwarding-table   
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop  
tag    tag or VC   or Tunnel Id      switched   interface            
16     Pop tag     10.0.3.1/32       4596       Se0/1      point2point
17     Pop tag     10.0.1.1/32       6124       Se0/0      point2point

SP2:
SP2#debug mpls packets
MPLS packet debugging is on

HQ:
HQ#ping 172.16.20.1
Type escape sequence to abort

SP3:
SP3#show mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop  
tag    tag or VC   or Tunnel Id      switched   interface            
16     Pop tag     10.0.12.0/24      0          Se0/0      point2point
17     Pop tag     10.0.2.1/32       0          Se0/0      point2point
18     17          10.0.1.1/32       0          Se0/0      point2point
19     Aggregate   172.16.200.0/24[V]   \
                                     0                                
20     Untagged    172.16.20.0/24[V] 1040       Se0/1      point2point


Conclusion:
HQ:
HQ#traceroute 172.16.20.1

Type escape sequence to abort.
Tracing the route to 172.16.20.1

  1 172.16.100.254 0 msec 8 msec 4 msec
  2 10.0.12.2 [MPLS: Labels 16/20 Exp 0] 4 msec 16 msec 36 msec
  3 172.16.200.254 [MPLS: Label 20 Exp 0] 20 msec 12 msec 20 msec
  4 172.16.200.1 20 msec *  20 msec


BRANCH:
BRANCH#show ip cef 172.16.100.1
172.16.100.0/24, version 14, epoch 0, cached adjacency to Serial0/0
0 packets, 0 bytes
  via 172.16.200.254, Serial0/0, 0 dependencies
    next hop 172.16.200.254, Serial0/0
    valid cached adjacency


Final Configurations
SP1:
hostname SP1
!
no ip domain lookup
!
ip vrf customer
 rd 100:1
 route-target export 1:100
 route-target import 1:100
!
interface Loopback0
 ip address 10.0.1.1 255.255.255.255
!
interface Serial0/0
 ip address 10.0.12.1 255.255.255.0
 mpls ip
 clock rate 64000
 no shutdown
!
interface FastEthernet1/0
 ip vrf forwarding customer
 ip address 172.16.100.254 255.255.255.0
 no shutdown
!
router eigrp 100
 auto-summary
 !
 address-family ipv4 vrf customer
  redistribute bgp 100 metric 64 1000 255 1 1500
  network 172.16.0.0
  no auto-summary
  autonomous-system 1
 exit-address-family
!
router ospf 1
 network 10.0.0.0 0.255.255.255 area 0
!       
router bgp 100
 no synchronization
 neighbor 10.0.3.1 remote-as 100
 neighbor 10.0.3.1 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
  neighbor 10.0.3.1 activate
  neighbor 10.0.3.1 send-community both
 exit-address-family
 !
 address-family ipv4 vrf customer
  redistribute eigrp 1
  no synchronization
 exit-address-family
!
mpls ldp router-id Loopback0 force
!
line con 0
 exec-timeout 0 0
 logging synchronous
!
end


SP2:
hostname SP2
!
no ip domain lookup
!
interface Loopback0
 ip address 10.0.2.1 255.255.255.255
!       
interface Serial0/0
 ip address 10.0.12.2 255.255.255.0
 mpls ip
 no shutdown
!
interface Serial0/1
 ip address 10.0.23.2 255.255.255.0
 mpls ip
 clock rate 64000
 no shutdown
!
router ospf 1
 network 10.0.0.0 0.255.255.255 area 0
!
mpls ldp router-id Loopback0 force
!
line con 0
 exec-timeout 0 0
 logging synchronous
!
end

SP3:
hostname SP3
!
no ip domain lookup
!
ip vrf customer
 rd 100:1
 route-target export 1:100
 route-target import 1:100
!
interface Loopback0
 ip address 10.0.3.1 255.255.255.255
!
interface Serial0/0
 ip address 10.0.23.3 255.255.255.0
 mpls ip
 no shutdown
!
interface Serial0/1
 ip vrf forwarding customer
 ip address 172.16.200.254 255.255.255.0
 no shutdown
!
router eigrp 100
 auto-summary
 !
 address-family ipv4 vrf customer
  redistribute bgp 100 metric 64 1000 255 1 1500
  network 172.16.0.0
  no auto-summary
  autonomous-system 1
 exit-address-family
!
router ospf 1
 network 10.0.0.0 0.255.255.255 area 0
!
router bgp 100
 no synchronization
 neighbor 10.0.1.1 remote-as 100
 neighbor 10.0.1.1 update-source Loopback0
 no auto-summary
 !      
 address-family vpnv4
  neighbor 10.0.1.1 activate
  neighbor 10.0.1.1 send-community both
 exit-address-family
 !
 address-family ipv4 vrf customer
  redistribute eigrp 1
  no synchronization
 exit-address-family
!
mpls ldp router-id Loopback0 force
!
line con 0
 exec-timeout 0 0
 logging synchronous
!
end

HQ:
hostname HQ
!
no ip domain lookup
!
interface Loopback0
 ip address 172.16.10.1 255.255.255.0
!       
interface FastEthernet0/0
 ip address 172.16.100.1 255.255.255.0
 no shutdown
!
router eigrp 1
 network 172.16.0.0
 no auto-summary
!
line con 0
 exec-timeout 0 0
 logging synchronous
!
end

BRANCH:
hostname BRANCH
!
no ip domain lookup
!
interface Loopback0
 ip address 172.16.20.1 255.255.255.0
!       
interface Serial0/0
 ip address 172.16.200.1 255.255.255.0
 clock rate 64000
 no shutdown
!
router eigrp 1
 network 172.16.0.0
 no auto-summary
!
line con 0
 exec-timeout 0 0
 logging synchronous
!
end


Reference:
Cisco Networking Academy
http://www.cisco.com/web/learning/netacad/index.html

CCNP Version 5.0: Implementing Secure Converged Wide-Area Networks
Student Lab Manual


最初發表 / 最後更新: 2008.10.01 / 2018.06.11

0 comments:

張貼留言