Thursday, November 24, 2011

Cisco Inter-AS Mpls VPN with back-to-back VRF

In this blog we will configure Cisco Inter-AS Mpls VPN with back-to-back vrf at AS edge PE routers.Here is the topology for this blog:


We will run Eigrp 100 as vrf routing protocol between CE-1 and AS1234-PE1 routers.
We will run rip vrf routing protocol between CE-2 and AS5678-PE1 routers.
The link between AS border PE-2 routers will be partioned into sub-interfaces.Each sub-interface will be associated to a vrf on each AS border router.We will run Ospf on this link for each vrf.
We will run  OSPF as IGP and MP-BGP between AS1234 PE1-PE2 and P routers.P router will be route-reflector.
We will run OSPF as IGP and MP-BGP between AS5678 PE1-PE2 and P routers.P router will be route-reflector.
All routers in this example are Cisco Systems 3725 router.Any other Cisco router that support Mpls VPN could be used for this example.Cisco IOS version should be checked  on routers before configuring Inter-AS Mpls VPN with back-to-back vrf.
Here is the configurations:

Configuration of CE-1

interface Loopback0
 ip address 1.1.1.1 255.255.255.255
interface Loopback11
 ip address 11.11.11.11 255.255.255.255
interface FastEthernet0/0
 ip address 12.12.12.1 255.255.255.0
router eigrp 100
 redistribute connected
 network 1.0.0.0
 network 12.12.12.1 0.0.0.0
 no auto-summary

Configuration of AS1234-PE1
ip vrf a
 rd 1234:1
 route-target export 1234:1
 route-target import 1234:1
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 192.168.23.2 255.255.255.0
ip ospf network point-to-point
 mpls ip
!
interface FastEthernet0/1
 ip vrf forwarding a
 ip address 12.12.12.2 255.255.255.0
!
router eigrp 1
 no auto-summary
 !
 address-family ipv4 vrf a
  redistribute bgp 1234
  network 12.12.12.2 0.0.0.0
  default-metric 1000 100 255 1 1500
  no auto-summary
  autonomous-system 100
 exit-address-family
!
router ospf 1
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
router bgp 1234
 no synchronization
 bgp log-neighbor-changes
 neighbor 3.3.3.3 remote-as 1234
 neighbor 3.3.3.3 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf a
  redistribute connected
  redistribute static
  redistribute eigrp 100
  no synchronization
  network 22.22.22.22 mask 255.255.255.255
 exit-address-family

Configuration of AS1234-P

interface Loopback0
 ip address 3.3.3.3 255.255.255.255
 ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 192.168.23.3 255.255.255.0
ip ospf network point-to-point
mpls ip
!        
interface FastEthernet0/1
 ip address 192.168.34.3 255.255.255.0
mpls ip
!
router ospf 1
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
router bgp 1234
 no synchronization
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 1234
 neighbor 2.2.2.2 update-source Loopback0
 neighbor 4.4.4.4 remote-as 1234
 neighbor 4.4.4.4 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community extended
  neighbor 2.2.2.2 route-reflector-client
  neighbor 4.4.4.4 activate
  neighbor 4.4.4.4 send-community extended
  neighbor 4.4.4.4 route-reflector-client
 exit-address-family

Configuration of AS1234-PE2:

ip vrf a
 rd 1234:1
 route-target export 1234:1
 route-target import 1234:1

interface Loopback0
 ip address 4.4.4.4 255.255.255.255

 ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 192.168.34.4 255.255.255.0
mpls ip
!
interface FastEthernet0/1
 no ip address
!
interface FastEthernet0/1.10
 encapsulation dot1Q 10
 ip vrf forwarding a
 ip address 192.168.45.4 255.255.255.0
!
router ospf 10 vrf a
 log-adjacency-changes
 redistribute bgp 1234 subnets
 network 192.168.45.4 0.0.0.0 area 0
!
router ospf 1
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
router bgp 1234
 bgp log-neighbor-changes
 neighbor 3.3.3.3 remote-as 1234
 neighbor 3.3.3.3 update-source Loopback0
 !
 address-family ipv4
  neighbor 3.3.3.3 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf a
  redistribute connected
  redistribute ospf 10 vrf a match internal external 1 external 2
  no synchronization
  network 44.44.44.44 mask 255.255.255.255
 exit-address-family

Configuration AS5678-PE2

ip vrf a
 rd 5678:1
 route-target export 5678:1
 route-target import 5678:1
!
interface Loopback0
 ip address 5.5.5.5 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.56.5 255.255.255.0
mpls ip
!
interface FastEthernet0/1
 no ip address
!
interface FastEthernet0/1.10
 encapsulation dot1Q 10
 ip vrf forwarding a
 ip address 192.168.45.5 255.255.255.0
!
router ospf 10 vrf a
 log-adjacency-changes
 redistribute bgp 5678 subnets
 network 192.168.45.5 0.0.0.0 area 0
!
router ospf 1
 router-id 5.5.5.5
 log-adjacency-changes
 network 5.5.5.5 0.0.0.0 area 0
 network 192.168.0.0 0.0.255.255 area 0
!
router bgp 5678
 bgp log-neighbor-changes
 neighbor 6.6.6.6 remote-as 5678
 neighbor 6.6.6.6 update-source Loopback0
 !
 address-family ipv4
  neighbor 6.6.6.6 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 6.6.6.6 activate
  neighbor 6.6.6.6 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf a
  redistribute ospf 10 vrf a match internal external 1 external 2
  no synchronization
 exit-address-family

Configuration of AS5678-P:

interface Loopback0
 ip address 6.6.6.6 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.56.6 255.255.255.0
mpls ip
!
interface FastEthernet0/1
 ip address 192.168.67.6 255.255.255.0
mpls ip
!
router ospf 1
 router-id 6.6.6.6
 log-adjacency-changes
 network 6.6.6.6 0.0.0.0 area 0
 network 192.168.0.0 0.0.255.255 area 0
!
router bgp 5678
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 5.5.5.5 remote-as 5678
 neighbor 5.5.5.5 update-source Loopback0
 neighbor 7.7.7.7 remote-as 5678
 neighbor 7.7.7.7 update-source Loopback0
 !
 address-family ipv4
  neighbor 5.5.5.5 activate
  neighbor 7.7.7.7 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 send-community extended
  neighbor 5.5.5.5 route-reflector-client
  neighbor 7.7.7.7 activate
  neighbor 7.7.7.7 send-community extended
  neighbor 7.7.7.7 route-reflector-client
 exit-address-family

Configuration AS5678-PE1:

ip vrf a
 rd 5678:1
 route-target export 5678:1
 route-target import 5678:1
!
interface Loopback0
 ip address 7.7.7.7 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.67.7 255.255.255.0
mpls ip
!
interface FastEthernet0/1
 ip vrf forwarding a
 ip address 78.78.78.7 255.255.255.0
 !
router ospf 1
 router-id 7.7.7.7
 log-adjacency-changes
 network 7.7.7.7 0.0.0.0 area 0
 network 192.168.0.0 0.0.255.255 area 0
!
router rip
 !
 address-family ipv4 vrf a
  redistribute bgp 5678 metric 1
  network 78.0.0.0
  no auto-summary
  version 2
 exit-address-family
!
router bgp 5678
 no synchronization
 bgp log-neighbor-changes
 neighbor 6.6.6.6 remote-as 5678
 neighbor 6.6.6.6 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
  neighbor 6.6.6.6 activate
  neighbor 6.6.6.6 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf a
  redistribute rip
  no synchronization
 exit-address-family

Configuration of CE-2

interface Loopback0
 ip address 8.8.8.8 255.255.255.255
!
interface FastEthernet0/0
 ip address 78.78.78.8 255.255.255.0
!
router rip
 version 2
 network 8.0.0.0
 network 78.0.0.0
 no auto-summary

Lets check reachability between  CE routers:
CE1#sh ip route               
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
D EX 192.168.45.0/24 [170/2611200] via 12.12.12.2, 00:03:47, FastEthernet0/0
     8.0.0.0/32 is subnetted, 1 subnets
D EX    8.8.8.8 [170/2611200] via 12.12.12.2, 00:01:17, FastEthernet0/0
     78.0.0.0/24 is subnetted, 1 subnets
D EX    78.78.78.0 [170/2611200] via 12.12.12.2, 00:01:32, FastEthernet0/0
     11.0.0.0/32 is subnetted, 1 subnets
C       11.11.11.11 is directly connected, Loopback11
     12.0.0.0/24 is subnetted, 1 subnets
C       12.12.12.0 is directly connected, FastEthernet0/0
CE1#ping 8.8.8.8 source 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 508/596/764 ms
CE1#trace 8.8.8.8 source 1.1.1.1 numeric

Type escape sequence to abort.
Tracing the route to 8.8.8.8

  1 12.12.12.2 144 msec 240 msec 80 msec
  2 192.168.23.3 [MPLS: Labels 17/22 Exp 0] 272 msec 272 msec 276 msec
  3 192.168.45.4 [MPLS: Label 22 Exp 0] 244 msec 196 msec 200 msec
  4 192.168.45.5 296 msec 288 msec 256 msec
  5 192.168.56.6 [MPLS: Labels 17/20 Exp 0] 704 msec 524 msec 696 msec
  6 78.78.78.7 [MPLS: Label 20 Exp 0] 444 msec 364 msec 556 msec
  7 78.78.78.8 524 msec *  468 msec
Connectivity between CE routers is OK.
We see that in traceroute result, packets are MPLS labeled when they enter to the PE router.They are unlabeled at Edge PE routers and labeled again at AS5678 PE-2 router.
In this Inter-AS Mpls VPN configuration choice there is no label exchange between the AS border routers

at 2:49 AM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)