Consider the topology below.
Configure R1 and R2 to support MPLS/OSPF/BGP
Configure the appropriate VRFs on R1 and R2
All Site A routers (R3, R4 and R7) should all be able to transparently ping all Site-A#s loopbacks
All Site B routers (R5 and R6) should all be able to transparently ping all Site-B#s loopbacks
Site A routers (R3, R4, R7) should not be able to ping Site B routers (R5 and R6) and vice-versa
Relevant configurations are posted below. So let's jump right into the complex world of MPLS!!
First thing we need to do is build the ISP MPLS CORE and let's assume that R1 and R2 are geographically dispersed but they are connected together via fiber.
Enable cef and mpls on R1 and R2.
R1#conf t
R1(config)#mpls ip
R1(config)#ip cef
R2#conf t
R2(config)#mpls ip
R2(config)#ip cef
Now let's create VRFs for Site A and Site B with a route distinguisher and route-target so we can control importing and exporting. We will save inter-vrf route leaking for another blogtorial :)
R1#sh run | sec ip vrf
ip vrf SITE_A
rd 1:100
route-target export 1:1000
route-target import 1:1000
ip vrf SITE_B
rd 1:200
route-target export 1:2000
route-target import 1:2000
R2#sh run | sec ip vrf
ip vrf SITE_A
rd 1:100
route-target export 1:1000
route-target import 1:1000
ip vrf SITE_B
rd 1:200
route-target export 1:2000
route-target import 1:2000
Next on our list is to get the interfaces configured with the proper VRFs and IP addresses. As you can see from the topology S1/0 on R1 and S1/0,S1/2 on R2 belong to Site-A. S1/1 on R1 and S1/1 on R2 belong to Site-B.
R1#sh run int ser1/0
interface Serial1/0
description Connected to R3
ip vrf forwarding SITE_A
ip address 10.1.1.1 255.255.255.0
encapsulation ppp
mpls ip
interface Serial1/1
description Connected to R6
ip vrf forwarding SITE_B
ip address 172.16.1.1 255.255.255.0
encapsulation ppp
mpls ip
R2#sh run int ser 1/0
interface Serial1/0
description Connected to R4
ip vrf forwarding SITE_A
ip address 10.2.2.2 255.255.255.0
encapsulation ppp
mpls ip
serial restart-delay 0
end
R2#sh run int se1/1
interface Serial1/1
description Connected to R5
ip vrf forwarding SITE_B
ip address 172.16.2.2 255.255.255.0
encapsulation ppp
mpls ip
serial restart-delay 0
end
R2#sh run int se1/2
interface Serial1/2
description Connected to R7
ip vrf forwarding SITE_A
ip address 10.3.3.2 255.255.255.0
encapsulation ppp
mpls ip
serial restart-delay 0
end
Next step on our list is to get all the remote routers (R3, R4, R5, R6, R7) ready. These can be CE (Customer Edge) or could just be CPE (Customer premise equipment).
R3#sh run int ser1/0
interface Serial1/0
description Connected to R1
ip address 10.1.1.3 255.255.255.0
encapsulation ppp
serial restart-delay 0
end
R3#sh run int loopback 0
interface Loopback0
description Loopback emulating a LAN
ip address 192.168.3.3 255.255.255.0
end
R4#sh run int ser 1/0
interface Serial1/0
description Connected to R2
ip address 10.2.2.4 255.255.255.0
encapsulation ppp
serial restart-delay 0
end
R4#sh run int loopback 0
interface Loopback0
description Loopback emulating a LAN
ip address 192.168.4.4 255.255.255.0
end
R5#sh run int ser 1/0
interface Serial1/0
description Connected to R2
ip address 172.16.2.5 255.255.255.0
encapsulation ppp
serial restart-delay 0
end
R5#sh run int loopback 0
interface Loopback0
description Loopback emulating a LAN
ip address 192.168.5.5 255.255.255.0
end
R6#sh run int ser 1/0
interface Serial1/0
description Connected to R1
ip address 172.16.1.6 255.255.255.0
encapsulation ppp
serial restart-delay 0
end
R6#sh run int loopback 0
interface Loopback0
description Loopback emulating a LAN
ip address 192.168.6.6 255.255.255.0
end
R7#sh run int ser 1/0
interface Serial1/0
description Connected to R2
ip address 10.3.3.7 255.255.255.0
encapsulation ppp
serial restart-delay 0
end
R7#sh run int loopback 0
interface Loopback0
description Loopback emulating a LAN
ip address 192.168.7.7 255.255.255.0
end
Alright, now that we got our MPLS core, interfaces up let's get MP-BGP configured so we can finally see it all come together.
First let's get R1 and R2 configured then we will do the rest of the routers. NOTE: Occasionally the remote routers wont support BGP in that case deploy a CE router to connect to CPE and either use static routing or IGP (OSPF, EIGRP etc) and use BGP between CE and the PE (Provider Edge).
R1#sh run | sec bgp
router bgp 1
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.2 remote-as 1
neighbor 1.1.1.2 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 1.1.1.2 activate
neighbor 1.1.1.2 send-community both
exit-address-family
!
address-family ipv4 vrf SITE_B
redistribute connected
neighbor 172.16.1.6 remote-as 65006
neighbor 172.16.1.6 activate
no synchronization
exit-address-family
!
address-family ipv4 vrf SITE_A
redistribute connected
neighbor 10.1.1.3 remote-as 65003
neighbor 10.1.1.3 activate
no synchronization
exit-address-family
R2#sh run | sec bgp
router bgp 1
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community both
exit-address-family
!
address-family ipv4 vrf SITE_B
redistribute connected
neighbor 172.16.2.5 remote-as 65005
neighbor 172.16.2.5 activate
no synchronization
exit-address-family
!
address-family ipv4 vrf SITE_A
redistribute connected
neighbor 10.2.2.4 remote-as 65004
neighbor 10.2.2.4 activate
neighbor 10.3.3.7 remote-as 65007
neighbor 10.3.3.7 activate
no synchronization
exit-address-family
R2#
Now let's finish up the configurations on the remote routers.
R3#sh run | sec bgp
router bgp 65003
no synchronization
bgp log-neighbor-changes
redistribute connected
neighbor 10.1.1.1 remote-as 1
no auto-summary
R4#sh run | sec bgp
router bgp 65004
no synchronization
bgp log-neighbor-changes
redistribute connected
neighbor 10.2.2.2 remote-as 1
no auto-summary
R5#sh run | sec bgp
router bgp 65005
no synchronization
bgp log-neighbor-changes
redistribute connected
neighbor 172.16.2.2 remote-as 1
no auto-summary
R6#sh run | sec bgp
router bgp 65006
no synchronization
bgp log-neighbor-changes
redistribute connected
neighbor 172.16.1.1 remote-as 1
no auto-summary
R7#sh run | sec bgp
router bgp 65007
no synchronization
bgp log-neighbor-changes
redistribute connected
neighbor 10.3.3.2 remote-as 1
no auto-summary
Whew!! That's it. Now let's verify.
show mpls forwarding-table vrf SITE_A and SITE_B |
Verify MP-BGP.
Let's see if R3 on Site A-1 can ping A-2 and A-3 and verify if we are indeed using MPLS also see if we have connectivity with Site B-#s.
Notice traceroute shows MPLS tags :) and I can now ping Site B-# |
At this point we now are talking between sites using MPLS. Scaling with MPLS is easy, all we have to do is bring up another interface get it in the right VRF and BGP. All other sites dynamically learn the routes. We will save inter-vrf route leaking, route leaking between global routing table and vrfs for another blogtorial.
Many more articles to come so stay tuned and "Join this site" on the right :)
No comments:
Post a Comment