Introduction
This document provides a sample configuration of a Multiprotocol Label Switching (MPLS) VPN when Border Gateway Protocol (BGP) or Routing Information Protocol (RIP) is present on the customer's site.When used with MPLS, the VPN feature allows several sites to interconnect transparently through a service provider's network. One service provider network can support several different IP VPNs. Each of these appears to its users as a private network, separate from all other networks. Within a VPN, each site can send IP packets to any other site in the same VPN.
Each VPN is associated with one or more VPN routing or forwarding instances (VRFs). A VRF consists of an IP routing table, a derived Cisco express forwarding (CEF) table, and a set of interfaces that use this forwarding table.
The router maintains a separate routing and CEF table for each VRF. This prevents information being sent outside the VPN and allows the same subnet to be used in several VPNs without causing duplicate IP address problems.
The router using Multiprotocol BGP (MP-BGP) distributes the VPN routing information using the MP-BGP extended communities.
For more information about the propagation of updates through a VPN, refer to these documents:
Prerequisites
Requirements
There are no specific requirements for this document.Components Used
The information in this document is based on these software and hardware versions:P and PE Routers
-
Cisco IOS® Software Release 12.2(6h) includes the MPLS VPN feature.
-
Any Cisco router from the 7200 series or higher supports P
functionality. The Cisco 2691, as well as any 3640 series or higher router
supports PE functionality.
-
You can use any router that can exchange routing information with its
PE router.
Related Products
To implement the MPLS feature, you must have a router from the range of Cisco 2600 or higher. To select the required Cisco IOS with MPLS feature, use the Software Advisor (registered customers only) . Also check for the additional RAM and Flash memory required to run the MPLS feature in the routers. WIC-1T, WIC-2T, and serial interfaces can be used.Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.The letters below represent the different types of routers and switches used.
-
P—Provider's core router.
-
PE—Provider's edge router.
-
CE—Customer's edge router.
-
C—Customer's router.
Configure
In this section, you are presented with the information to configure the features described in this document.Note: Use the Command Lookup Tool (registered customers only) to find more information on the commands used in this document.
Network Diagram
This document uses this network setup:Configuration Procedures
Refer to MPLS Virtual Private Networks for more information.Enabling ip cef
Use this procedure in order to enable ip cef . For improved performance, use ip cef distributed (where available). Complete these steps on the PEs after MPLS has been set up (configuring tag-switching ip on the interfaces).-
Create one VRF for each VPN connected using the
ip
vrf <VPN routing/forwarding instance
name>
command.
When doing this:
-
Specify the correct route distinguisher used for that VPN. This
is used to extend the IP address so that you can identify which VPN it belongs
to.
rd <VPN route distinguisher>
-
Set up the import and export properties for the MP-BGP extended
communities. These are used for filtering the import and export process.
route-target [export|import|both] <target VPN extended community>
-
Specify the correct route distinguisher used for that VPN. This
is used to extend the IP address so that you can identify which VPN it belongs
to.
-
Configure the forwarding details for the respective interfaces
using the
ip
vrf forwarding
<VPN routing/forwarding instance
name> command and remember to set up the IP
address after doing this.
-
Depending on the PE-CE routing protocol you are using, you can
configure static routes or routing protocols (RIP, Open Shortest Path First
[OSPF], or BGP) between PE and CE. Detailed configurations are available on the
MPLS
over ATM Support page.
Configuring MP-BGP
Configure MP-BGP between the PE routers. There are several ways to configure BGP, such as using the route reflector or confederation methods. The method used here—direct neighbor configuration—is the simplest and the least scalable.-
Declare the different neighbors.
-
Enter the
address-family
ipv4 vrf <VPN routing/forwarding instance
name>
command for each VPN present at this PE
router.
Carry out one or more of the following steps, as necessary:
-
Redistribute the static routing, RIP, or OSPF information.
-
Redistribute connected routing information.
-
Activate BGP neighboring with the CE routers.
-
Redistribute the static routing, RIP, or OSPF information.
-
Enter the
address-family
vpnv4
mode, and complete the following steps:
-
Activate the neighbors.
-
Specify that extended community must be used. This is mandatory.
-
Activate the neighbors.
Configurations
This document uses these configurations:Pescara |
---|
Current configuration: ! version 12.2 ! hostname Pescara ! ip cef ! !--- Customer A commands. ip vrf Customer_A !--- Enables the VPN routing and forwarding (VRF) routing table. !--- This command can be used in global or !--- router configuration mode. rd 100:110 !--- Route distinguisher creates routing and forwarding !--- tables for a VRF. route-target export 100:1000 !--- Creates lists of import and export route-target extended !--- communities for the specified VRF. route-target import 100:1000 ! !--- Customer B commands. ip vrf Customer_B rd 100:120 route-target export 100:2000 route-target import 100:2000 ! interface Loopback0 ip address 10.10.10.4 255.255.255.255 ip router isis !--- Customer A commands. interface Loopback101 ip vrf forwarding Customer_A !--- Associates a VRF instance with an interface or subinterface. ip address 200.0.4.1 255.255.255.0 !--- Loopback101 and 102 use the same IP address, 200.0.4.1. !--- This is allowed because they belong to two !--- different customers' VRFs. no ip directed-broadcast ! !--- Customer B commands. interface Loopback102 ip vrf forwarding Customer_B ip address 200.0.4.1 255.255.255.0 !--- Loopback101 and 102 use the same IP address, 200.0.4.1. !--- This is allowed because they belong to two !--- different customers' VRFs. no ip directed-broadcast ! interface Serial2/0 no ip address no ip directed-broadcast encapsulation frame-relay no fair-queue ! interface Serial2/0.1 point-to-point description link to Pauillac bandwidth 512 ip address 10.1.1.14 255.255.255.252 no ip directed-broadcast ip router isis tag-switching ip frame-relay interface-dlci 401 ! router isis net 49.0001.0000.0000.0004.00 is-type level-1 ! router bgp 100 bgp log-neighbor-changes !--- Enables logging of BGP neighbor resets. neighbor 10.10.10.6 remote-as 100 !--- Adds an entry to the BGP or multiprotocol BGP neighbor table. neighbor 10.10.10.6 update-source Loopback0 !--- Enables BGP sessions to use a specific operational !--- interface for TCP connections. ! !--- Customer A and B commands. address-family vpnv4 !--- To enter address family configuration mode !--- for configuring routing sessions, such as BGP, !--- that use standard VPN version 4 address prefixes. neighbor 10.10.10.6 activate neighbor 10.10.10.6 send-community both !--- Sends the community attribute to a BGP neighbor. exit-address-family ! !--- Customer B commands. address-family ipv4 vrf Customer_B !--- To enter address family configuration mode !--- for configuring routing sessions, such as BGP, !--- that use standard VPN version 4 address prefixes. redistribute connected no auto-summary no synchronization exit-address-family ! !--- Customer A commands. address-family ipv4 vrf Customer_A redistribute connected no auto-summary no synchronization exit-address-family ! ip classless ! end |
Pesaro |
---|
Current configuration: ! version 12.1 ! hostname Pesaro ! !--- Customer A commands. ip vrf Customer_A rd 100:110 route-target export 100:1000 route-target import 100:1000 ! !--- Customer B commands. ip vrf Customer_B rd 100:120 route-target export 100:2000 route-target import 100:2000 ! ip cef ! interface Loopback0 ip address 10.10.10.6 255.255.255.255 ip router isis !--- Customer A commands. interface Loopback101 ip vrf forwarding Customer_A ip address 200.0.6.1 255.255.255.0 ! !--- Customer B commands. interface Loopback102 ip vrf forwarding Customer_B ip address 200.0.6.1 255.255.255.0 ! !--- Customer A commands. interface Loopback111 ip vrf forwarding Customer_A ip address 200.1.6.1 255.255.255.0 ! interface Serial0/0 no ip address encapsulation frame-relay no ip mroute-cache random-detect ! interface Serial0/0.1 point-to-point description link to Pomerol bandwidth 512 ip address 10.1.1.22 255.255.255.252 ip router isis tag-switching ip frame-relay interface-dlci 603 ! router isis net 49.0001.0000.0000.0006.00 is-type level-1 ! router bgp 100 neighbor 10.10.10.4 remote-as 100 neighbor 10.10.10.4 update-source Loopback0 ! !--- Customer B commands. address-family ipv4 vrf Customer_B redistribute connected no auto-summary no synchronization exit-address-family ! !--- Customer A commands. address-family ipv4 vrf Customer_A redistribute connected no auto-summary no synchronization exit-address-family ! !--- Customer A and B commands. address-family vpnv4 neighbor 10.10.10.4 activate neighbor 10.10.10.4 send-community both exit-address-family ! ip classless ! end |
Pomerol |
---|
Current configuration: ! version 12.0 ! hostname Pomerol ! ip cef ! interface Loopback0 ip address 10.10.10.3 255.255.255.255 ip router isis ! interface Serial0/1 no ip address no ip directed-broadcast encapsulation frame-relay random-detect ! interface Serial0/1.1 point-to-point description link to Pauillac ip address 10.1.1.6 255.255.255.252 no ip directed-broadcast ip router isis tag-switching mtu 1520 tag-switching ip frame-relay interface-dlci 301 ! interface Serial0/1.2 point-to-point description link to Pulligny ip address 10.1.1.9 255.255.255.252 no ip directed-broadcast ip router isis tag-switching ip frame-relay interface-dlci 303 ! interface Serial0/1.3 point-to-point description link to Pesaro ip address 10.1.1.21 255.255.255.252 no ip directed-broadcast ip router isis tag-switching ip frame-relay interface-dlci 306 ! router isis net 49.0001.0000.0000.0003.00 is-type level-1 ! ip classless ! end |
Pulligny |
---|
Current configuration: ! version 12.1 ! hostname Pulligny ! ! ip cef ! ! interface Loopback0 ip address 10.10.10.2 255.255.255.255 ! interface Serial0/1 no ip address encapsulation frame-relay random-detect ! interface Serial0/1.1 point-to-point description link to Pauillac ip address 10.1.1.2 255.255.255.252 ip router isis tag-switching ip frame-relay interface-dlci 201 ! interface Serial0/1.2 point-to-point description link to Pomerol ip address 10.1.1.10 255.255.255.252 ip router isis tag-switching ip frame-relay interface-dlci 203 ! router isis passive-interface Loopback0 net 49.0001.0000.0000.0002.00 is-type level-1 ! ip classless ! end |
Pauillac |
---|
! version 12.1 ! hostname pauillac ! ip cef ! interface Loopback0 ip address 10.10.10.1 255.255.255.255 ip router isis ! interface Serial0/0 no ip address encapsulation frame-relay no ip mroute-cache tag-switching ip no fair-queue ! interface Serial0/0.1 point-to-point description link to Pomerol bandwith 512 ip address 10.1.1.1 255.255.255.252 ip router isis tag-switching ip frame-relay interface-dlci 102 ! interface Serial0/0.2 point-to-point description link to Pulligny ip address 10.1.1.5 255.255.255.252 ip router isis tag-switching ip frame-relay interface-dlci 103 ! interface Serial0/0.3 point-to-point description link to Pescara bandwidth 512 ip address 10.1.1.13 255.255.255.252 ip router isis tag-switching ip frame-relay interface-dlci 104 ! router isis net 49.0001.0000.0000.0001.00 is-type level-1 ! ip classless ! end |
Verify
This section provides information you can use to confirm your configuration is working properly.The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.
-
show
ip vrf
—Verifies that the correct VRF exists.
-
show ip vrf interfaces—Verifies the
activated interfaces.
-
show
ip route vrf Customer_A—Verifies the routing information
on the PE routers.
-
traceroute
vrf Customer_A 200.0.6.1—Verifies the routing information
on the PE routers.
-
show ip bgp vpnv4 tag—Verifies the
BGP.
-
show
ip cef vrf Customer_A 200.0.6.1 detail—Verifies the
routing information on the PE routers.
The following is sample command output of the show ip vrf command.
The following is sample command output of the show ip vrf interfaces command.Pescara#show ip vrf Name Default RD Interfaces Customer_A 100:110 Loopback101 Customer_B 100:120 Loopback102
The following show ip route vrf commands show the same prefix 200.0.6.0/24 in both the outputs. This is because the remote PE has the same network for two customers, Customer_A and Customer_B, which is allowed in a typical MPLS VPN solution.Pesaro#show ip vrf interfaces Interface IP-Address VRF Protocol Loopback101 200.0.6.1 Customer_A up Loopback111 200.1.6.1 Customer_A up Loopback102 200.0.6.1 Customer_B up
By running a traceroute between two sites of Customer_A, it is possible to see the label stack used by the MPLS network (if it is configured to do so by mpls ip ttl ...).Pescara#show ip route vrf Customer_A Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR Gateway of last resort is not set C 200.0.4.0/24 is directly connected, Loopback101 B 200.0.6.0/24 [200/0] via 10.10.10.6, 05:10:11 B 200.1.6.0/24 [200/0] via 10.10.10.6, 04:48:11 Pescara#show ip route vrf Customer_B Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set C 200.0.4.0/24 is directly connected, Loopback102 B 200.0.6.0/24 [200/0] via 10.10.10.6, 00:03:24
Note: Exp 0 is an experimental field used for Quality of Service (QoS).Pescara#traceroute vrf Customer_A 200.0.6.1 Type escape sequence to abort. Tracing the route to 200.0.6.1 1 10.1.1.13 [MPLS: Labels 20/26 Exp 0] 400 msec 276 msec 264 msec 2 10.1.1.6 [MPLS: Labels 18/26 Exp 0] 224 msec 460 msec 344 msec 3 200.0.6.1 108 msec * 100 msec
No comments:
Post a Comment