Thursday, November 24, 2011

Cisco Inter-AS Mpls VPN with VPNv4 Route Exchange

Cisco Inter-AS Mpls VPN with VPNv4 Route Exchange  
In this blog we will do Cisco Inter-AS Mpls VPN with VPNv4 Route Exchange  configuration at AS edge PE routers.Here is the topology for this blog:


We will run Eigrp 100 as vrf routing protocol between CE-1 and AS1234-PE1 routers.
We will run rip vrf routing protocol between CE-2 and AS5678-PE1 routers.
We will eBGP vpnv4 between PE-2 routers.
We will run  OSPF as IGP and MP-BGP between AS1234 PE1-PE2 and P routers.P router will be route-reflector.
We will run OSPF as IGP and MP-BGP between AS5678 PE1-PE2 and P routers.P router will be route-reflector.
All routers in this example are Cisco Systems 3725 router.Any other Cisco router that support Mpls VPN could be used for this example.Cisco IOS version should be checked  on routers before configuring Cisco Inter-AS Mpls VPN with VPNv4 Route Exchange

Here is the configurations:

Configuration of CE-1

interface Loopback0
 ip address 1.1.1.1 255.255.255.255
interface Loopback11
 ip address 11.11.11.11 255.255.255.255
interface FastEthernet0/0
 ip address 12.12.12.1 255.255.255.0
router eigrp 100
 redistribute connected
 network 1.0.0.0
 network 12.12.12.1 0.0.0.0
 no auto-summary

Configuration of AS1234-PE1
ip vrf a
 rd 1234:1
 route-target export 1234:1
 route-target import 1234:1
route-target import 5678:1
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 192.168.23.2 255.255.255.0
ip ospf network point-to-point
 mpls ip
!
interface FastEthernet0/1
 ip vrf forwarding a
 ip address 12.12.12.2 255.255.255.0
!
router eigrp 1
 no auto-summary
 !
 address-family ipv4 vrf a
  redistribute bgp 1234
  network 12.12.12.2 0.0.0.0
  default-metric 1000 100 255 1 1500
  no auto-summary
  autonomous-system 100
 exit-address-family
!
router ospf 1
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
router bgp 1234
 no synchronization
 bgp log-neighbor-changes
 neighbor 3.3.3.3 remote-as 1234
 neighbor 3.3.3.3 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf a
  redistribute connected
  redistribute static
  redistribute eigrp 100
  no synchronization
  network 22.22.22.22 mask 255.255.255.255
 exit-address-family

Configuration of AS1234-P

interface Loopback0
 ip address 3.3.3.3 255.255.255.255
 ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 192.168.23.3 255.255.255.0
ip ospf network point-to-point
mpls ip
!        
interface FastEthernet0/1
 ip address 192.168.34.3 255.255.255.0
mpls ip
!
router ospf 1
 log-adjacency-changes
 network 192.168.0.0 0.0.255.255 area 0
!
router bgp 1234
 no synchronization
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 1234
 neighbor 2.2.2.2 update-source Loopback0
 neighbor 4.4.4.4 remote-as 1234
 neighbor 4.4.4.4 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community extended
  neighbor 2.2.2.2 route-reflector-client
  neighbor 4.4.4.4 activate
  neighbor 4.4.4.4 send-community extended
  neighbor 4.4.4.4 route-reflector-client
 exit-address-family

Configuration of AS1234-PE2:

interface Loopback0
 ip address 4.4.4.4 255.255.255.255
ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 192.168.34.4 255.255.255.0
mpls ip
!
interface FastEthernet0/1.10
 encapsulation dot1Q 10
 ip address 192.168.45.4 255.255.255.0
!
router ospf 1
 log-adjacency-changes
 passive-interface FastEthernet0/1.10
 network 192.168.0.0 0.0.255.255 area 0
!
router bgp 1234
 no bgp default route-target filter
 bgp log-neighbor-changes
 neighbor 3.3.3.3 remote-as 1234
 neighbor 3.3.3.3 update-source Loopback0
 neighbor 192.168.45.5 remote-as 5678
 !
 address-family ipv4
  neighbor 3.3.3.3 activate
  neighbor 192.168.45.5 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 send-community extended
  neighbor 3.3.3.3 next-hop-self
  neighbor 192.168.45.5 activate
  neighbor 192.168.45.5 send-community extended
 exit-address-family

Configuration AS5678-PE2

interface Loopback0
 ip address 5.5.5.5 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.56.5 255.255.255.0
mpls ip
!
interface FastEthernet0/1.10
 encapsulation dot1Q 10
 ip address 192.168.45.5 255.255.255.0
!
router ospf 1
 router-id 5.5.5.5
 log-adjacency-changes
 passive-interface FastEthernet0/1.10
 network 5.5.5.5 0.0.0.0 area 0
 network 192.168.0.0 0.0.255.255 area 0
!
router bgp 5678
 no bgp default route-target filter
 bgp log-neighbor-changes
 neighbor 6.6.6.6 remote-as 5678
 neighbor 6.6.6.6 update-source Loopback0
 neighbor 192.168.45.4 remote-as 1234
 !
 address-family ipv4
  neighbor 6.6.6.6 activate
  neighbor 192.168.45.4 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 6.6.6.6 activate
  neighbor 6.6.6.6 send-community extended
  neighbor 6.6.6.6 next-hop-self
  neighbor 192.168.45.4 activate
  neighbor 192.168.45.4 send-community extended
 exit-address-family
Configuration of AS5678-P:

interface Loopback0
 ip address 6.6.6.6 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.56.6 255.255.255.0
mpls ip
!
interface FastEthernet0/1
 ip address 192.168.67.6 255.255.255.0
mpls ip
!
router ospf 1
 router-id 6.6.6.6
 log-adjacency-changes
 network 6.6.6.6 0.0.0.0 area 0
 network 192.168.0.0 0.0.255.255 area 0
!
router bgp 5678
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 5.5.5.5 remote-as 5678
 neighbor 5.5.5.5 update-source Loopback0
 neighbor 7.7.7.7 remote-as 5678
 neighbor 7.7.7.7 update-source Loopback0
 !
 address-family ipv4
  neighbor 5.5.5.5 activate
  neighbor 7.7.7.7 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 send-community extended
  neighbor 5.5.5.5 route-reflector-client
  neighbor 7.7.7.7 activate
  neighbor 7.7.7.7 send-community extended
  neighbor 7.7.7.7 route-reflector-client
 exit-address-family

Configuration AS5678-PE1:

ip vrf a
 rd 5678:1
 route-target export 5678:1
 route-target import 5678:1
route-target import 1234:1
!
interface Loopback0
 ip address 7.7.7.7 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.67.7 255.255.255.0
mpls ip
!
interface FastEthernet0/1
 ip vrf forwarding a
 ip address 78.78.78.7 255.255.255.0
 !
router ospf 1
 router-id 7.7.7.7
 log-adjacency-changes
 network 7.7.7.7 0.0.0.0 area 0
 network 192.168.0.0 0.0.255.255 area 0
!
router rip
 !
 address-family ipv4 vrf a
  redistribute bgp 5678 metric 1
  network 78.0.0.0
  no auto-summary
  version 2
 exit-address-family
!
router bgp 5678
 no synchronization
 bgp log-neighbor-changes
 neighbor 6.6.6.6 remote-as 5678
 neighbor 6.6.6.6 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
  neighbor 6.6.6.6 activate
  neighbor 6.6.6.6 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf a
  redistribute rip
  no synchronization
 exit-address-family

Configuration of CE-2

interface Loopback0
 ip address 8.8.8.8 255.255.255.255
!
interface FastEthernet0/0
 ip address 78.78.78.8 255.255.255.0
!
router rip
 version 2
 network 8.0.0.0
 network 78.0.0.0
 no auto-summary

Lets check reachability between  CE routers:
R1#sh ip route eigrp              
     8.0.0.0/32 is subnetted, 1 subnets
D EX    8.8.8.8 [170/2611200] via 12.12.12.2, 00:19:54, FastEthernet0/0
     78.0.0.0/24 is subnetted, 1 subnets
D EX    78.78.78.0 [170/2611200] via 12.12.12.2, 00:19:54, FastEthernet0/0
R1# ping 8.8.8.8 source 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 280/400/476 ms
R1#trace 8.8.8.8 source 1.1.1.1 num

Type escape sequence to abort.
Tracing the route to 8.8.8.8

  1 12.12.12.2 104 msec 64 msec 44 msec
  2 192.168.23.3 [MPLS: Labels 17/24 Exp 0] 360 msec 352 msec 356 msec
  3 192.168.34.4 [MPLS: Label 24 Exp 0] 356 msec 608 msec 640 msec
  4 192.168.45.5 [MPLS: Label 22 Exp 0] 372 msec 280 msec 372 msec
  5 192.168.56.6 [MPLS: Labels 16/19 Exp 0] 332 msec 744 msec 524 msec
  6 78.78.78.7 [MPLS: Label 19 Exp 0] 636 msec 532 msec 560 msec
  7 78.78.78.8 596 msec 520 msec *
Connectivity between CE routers is OK.

Lets check the LSP.We should look at the traceroute result while checking the LSP.
When the packet comes from CE-1 to AS1234-PE1, it is unlabeled Ipv4 packet.It is labeled as below:
AS1234-PE1#show ip route vrf a 8.8.8.8
Routing entry for 8.8.8.8/32
  Known via "bgp 1234", distance 200, metric 0
  Tag 5678, type internal
  Redistributing via eigrp 100
  Advertised by eigrp 100
  Last update from 4.4.4.4 00:19:45 ago
  Routing Descriptor Blocks:
  * 4.4.4.4 (Default-IP-Routing-Table), from 3.3.3.3, 00:19:45 ago
      Route metric is 0, traffic share count is 1
      AS Hops 1
      Route tag 5678

AS1234-PE1#show ip cef 4.4.4.4       
4.4.4.4/32, version 17, epoch 0, cached adjacency 192.168.23.3
0 packets, 0 bytes
  tag information set, shared
    local tag: 18
    fast tag rewrite with Fa0/0, 192.168.23.3, tags imposed: {17}
  via 192.168.23.3, FastEthernet0/0, 2 dependencies
    next hop 192.168.23.3, FastEthernet0/0
    valid cached adjacency
    tag rewrite with Fa0/0, 192.168.23.3, tags imposed: {17}

AS1234-PE1#show ip bgp vpnv4 vrf a labels
   Network          Next Hop      In label/Out label
Route Distinguisher: 1234:1 (a)
   1.1.1.1/32       12.12.12.1      20/nolabel
   8.8.8.8/32       4.4.4.4         nolabel/24
   11.11.11.11/32   12.12.12.1      21/nolabel
   12.12.12.0/24    0.0.0.0         22/aggregate(a)
   78.78.78.0/24    4.4.4.4         nolabel/25

R2# show ip cef vrf a 8.8.8.8
8.8.8.8/32, version 15, epoch 0, cached adjacency 192.168.23.3
0 packets, 0 bytes
  tag information set
    local tag: VPN-route-head
    fast tag rewrite with Fa0/0, 192.168.23.3, tags imposed: {17 24}
  via 4.4.4.4, 0 dependencies, recursive
    next hop 192.168.23.3, FastEthernet0/0 via 4.4.4.4/32
    valid cached adjacency
    tag rewrite with Fa0/0, 192.168.23.3, tags imposed: {17 24}
It is labeled with vpn label 24 and with transport label 17(topmost label)

Mpls labeled packet comes to AS1234 P router.It pops the  topmost label:
AS1234-P#show mpls forwarding-table labels 17
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop   
tag    tag or VC   or Tunnel Id      switched   interface             
17     Pop tag     4.4.4.4/32        4806       Fa0/1      192.168.34.4

Only Vpn labeled packet comes to AS1234-PE2.It swaps the label with new VPN label.Vpn labeled changed because next-hop changed.
AS1234-PE2#show mpls forwarding-table labels 24
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop   
tag    tag or VC   or Tunnel Id      switched   interface             
24     22          5678:1:8.8.8.8/32    \
                                     6426       Fa0/1.10   192.168.45.5
The other As`s PE router gets VPN labeled packet.It swaps the label with new VPN label and it adds new transport label:

AS5678-PE2#show mpls forwarding-table labels 22
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop   
tag    tag or VC   or Tunnel Id      switched   interface             
22     19          5678:1:8.8.8.8/32    \
                                     7686       Fa0/0      192.168.56.6
AS5678-PE2#show ip cef 7.7.7.7                
7.7.7.7/32, version 11, epoch 0, cached adjacency 192.168.56.6
0 packets, 0 bytes
  tag information set, shared
    local tag: 16
    fast tag rewrite with Fa0/0, 192.168.56.6, tags imposed: {16}
  via 192.168.56.6, FastEthernet0/0, 0 dependencies
    next hop 192.168.56.6, FastEthernet0/0
    valid cached adjacency
    tag rewrite with Fa0/0, 192.168.56.6, tags imposed: {16}

AS5678-P router pops the topmost label:
AS5678-P#show mpls forwarding-table labels 16
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop   
tag    tag or VC   or Tunnel Id      switched   interface             
16     Pop tag     7.7.7.7/32        8622       Fa0/1      192.168.67.7

AS5678-PE1 router gets the VPN labeled packet, removes the label and sends the packet to the CE router.
Wee see that our Cisco Inter-AS Mpls VPN with VPNv4 Route Exchange  configuration is successful.

No comments:

Post a Comment