![](/user_photo/1438_p9ksI.png)
- •Acknowledgments
- •Introduction
- •Assessment Test
- •Answers to Assessment Test
- •Service Provider Networks
- •Scalability
- •Traffic Engineering
- •Quality of Service
- •MPLS Label Stack
- •Shim Header
- •MPLS Architecture
- •Control
- •Forwarding
- •MPLS Label Switching
- •MPLS Network Components
- •Device Output
- •Label-Switched Paths
- •MPLS Applications
- •MPLS and ATM
- •Overlay
- •Quality of Service
- •Traffic Engineering
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Routing Review
- •Frame-Mode MPLS Working Example
- •Network Routing Protocol Examples
- •MPLS Step by Step
- •Label Distribution
- •Assigning Labels
- •Troubleshooting and Verification
- •Device Configuration
- •IGP Verification
- •CEF Verification
- •MPLS Verification
- •Label Distribution and Bindings
- •Binding Verification
- •Troubleshooting the Network
- •Hiding Service Provider Devices
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Frame-Mode MPLS and ATM
- •Frame-Mode MPLS and ATM Configuration
- •Cell-Mode MPLS
- •Label Binding with ATM
- •Cell-Mode Label Switching
- •VC Merge
- •Loop Prevention
- •Cell-Mode MPLS Configuration
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •VPNs 101
- •Point-to-Point Connections
- •Virtual Private Networks
- •Categories of VPNs
- •VPN Routing
- •Peer-to-Peer VPNs
- •Optimal Routing
- •Peer-to-Peer Security
- •Peer-to-Peer VPN Routing
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Service Provider Configuration
- •MPLS VPNs
- •Virtual Router
- •Virtual Routing and Forwarding Tables
- •MPLS Operational Overview
- •MP-BGP Configuration
- •An MPLS VPN Example
- •Route Distinguisher
- •MP-IBGP Configuration Example
- •Initial Network Configuration
- •MP-IBGP Configuration
- •Verification
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •A Review of VPNs
- •Configuring a Simple MPLS VPN
- •Configuring VRF Interfaces
- •Running RIP in an MPLS VPN
- •Configuring RIPv2 with Address-Family ipv4
- •Configuring Redistribution
- •Route Targets
- •Configuring Route Targets
- •A Review of Simple VPN Configuration
- •Configuring MPLS in the Service Provider Network
- •Simple VPN Configuration
- •Configuring the PE-CE Routing Protocol
- •Lab: Configuring an MPLS VPN
- •Configuring POP Routers
- •VPN Configuration
- •Raleigh Running-Config
- •Atlanta Running-Config
- •Peer 1 Running-Config
- •Peer 2 Running-Config
- •Verification with Ping
- •Routing Table Isolation
- •Verifying VRF Routes
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •MP-BGP and OSPF
- •A Review of OSPF
- •OSPF Router Types
- •Link State Advertisements
- •OSPF for MPLS VPNs
- •OSPF Super-Backbone
- •Preventing Routing Loops
- •Path Selection
- •MPLS VPN OSPF Lab
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Static Routing
- •Device Configuration
- •VPN Configuration
- •Raleigh Running-Config
- •Atlanta Running-Config
- •Peer Router Configuration
- •Verification with Ping
- •Verifying Static VRF Routes
- •E-BGP and MPLS VPNs
- •Device Configuration
- •E-BGP Operation
- •AS-Override
- •VPN Configuration
- •Raleigh Running-Config
- •Atlanta Running-Config
- •Peer Router Configuration
- •Peer 1 Running-Config
- •Peer 2 Running-Config
- •Verification with Ping
- •Advanced MPLS VPN Topologies
- •Simple VPNs
- •Central Services MPLS VPN Topology
- •Overlay MPLS VPN Topology
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Challenge Lab 1
- •MPLS
- •MP-IBGP
- •Answer to Lab 1.1
- •Answer to Lab 1.2
- •Answer to Lab 1.3
- •Challenge Lab 2
- •Tag Switching
- •MP-IBGP
- •Answer to Lab 2.1
- •Answer to Lab 2.2
- •Answer to Lab 2.3
- •Challenge Lab 3
- •VRF Configuration
- •RIPv2
- •Redistribution
- •Answer to Lab 3.1
- •Answer to Lab 3.2
- •Answer to Lab 3.3
- •Challenge Lab 4
- •VRF Configuration
- •OSPF
- •Redistribution
- •Answer to Lab 4.1
- •Answer to Lab 4.2
- •Answer to Lab 4.3
- •Challenge Lab 5
- •VRF Configuration
- •Static Routes and Redistribution
- •Answer to Lab 5.1
- •Answer to Lab 5.2
- •Challenge Lab 6
- •VRF Configuration
- •E-BGP Configuration
- •Answer to Lab 6.1
- •Answer to Lab 6.2
- •Service Provider Network Configuration with OSPF
- •Router Configuration
- •Routing Tables
- •Tags
- •Service Provider Network Configuration with IS-IS
- •Router Configuration
- •Routing Tables
- •Tag Switching Forwarding Tables
- •Glossary
![](/html/1438/356/html_IE5eMGyoCe.4mvY/htmlconvd-racxcq238x1.jpg)
Configuring a Simple MPLS VPN 205
MPLS-based VPNs offer the same privacy and security as traditional VPNs, but without the worries. Overlapping address spaces, intranets, extranets, and even hub-and-spoke topologies are supported in an MPLS VPN.
Configuring a Simple MPLS VPN
Chapter 5 explained most, but not all, of what is required to set up an MPLS VPN. In this chapter, I’ll expand on what you learned in Chapter 5 about MPLS VPN configuration. To start with, let’s revisit the simple service provider network illustrated in Figure 6.1.
F I G U R E 6 . 1 A simple service provider network
10.1.0.0/16 10.1.0.0/16
Customer B1 |
|
|
|
|
|
Customer A1 |
|||
|
|
|
Serial 0 |
|
|
|
|
||
10.2.0.2/16 |
|
Serial 0 10.2.0.2/16 |
|||||||
10.2.0.1/16 |
|
|
10.2.0.1/16 |
||||||
Serial 0/2 |
|
|
Serial 0/1 |
||||||
|
|
|
|
|
|
PE1 |
|||
|
|
Serial 0/0 |
|
192.168.1.1 |
|
||||
|
|
|
|
|
|
192.168.1.10 |
|||
|
|
Serial 0/0 |
|
|
|
|
|
||
|
|
|
|
|
|
P1 |
|||
|
|
Serial 0/1 |
|
|
|
|
|
||
|
|
Serial 0/0 |
|
|
|
|
|
||
|
|
|
|
|
|
P2 |
|||
|
|
Serial 0/1 |
|
|
|
|
|
||
|
|
Serial 0/0 |
|
|
|
|
|
||
Serial 0/2 |
|
|
PE2 |
||||||
|
|
||||||||
|
|
Serial 0/1 |
|||||||
10.3.0.1/16 |
|
|
10.3.0.1/16 |
||||||
10.3.0.2/16 |
|
|
|
10.3.0.2/16 |
|||||
Customer B2 |
|
|
|
|
|
Customer A2 |
|||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
10.4.0.0 |
|
|
10.4.0.0 |
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |
![](/html/1438/356/html_IE5eMGyoCe.4mvY/htmlconvd-racxcq239x1.jpg)
206 Chapter 6 MPLS VPNs and RIP
Table 6.1 lists the IP addresses and interfaces of all the service provider network devices in Figure 6.1.
T A B L E 6 . 1 Service Provider IP Addressing
Device |
Serial 0/0 |
Serial 0/1 |
Loopback 0 |
|
|
|
|
PE1 |
192.168.1.10 |
|
192.168.1.1 |
P1 |
192.168.1.9 |
192.168.1.14 |
192.168.1.2 |
P2 |
192.168.1.13 |
192.168.1.18 |
192.168.1.3 |
PE2 |
192.168.1.17 |
|
192.168.1.4 |
|
|
|
|
As you can see in Figure 6.1, the network has grown a bit. Table 6.2 lists the IP addresses and interfaces of the new PE devices in Figure 6.1.
T A B L E 6 . 2 PE Customer Link Addressing
Device |
Serial 0/1 |
Serial 0/2 |
Mask |
|
|
|
|
PE1 |
10.2.0.1 |
10.2.0.1 |
/16 |
PE2 |
10.3.0.1 |
10.3.0.1 |
/16 |
|
|
|
|
Table 6.3 lists the IP addresses and interfaces of all the customer devices in Figure 6.1.
T A B L E 6 . 3 PE Customer Link Addressing
Device |
Serial 0 |
Ethernet0 |
Mask |
|
|
|
|
Customer A1 |
10.2.0.2 |
10.1.0.1 |
/16 |
Customer A2 |
10.3.0.2 |
10.4.0.1 |
/16 |
Customer B1 |
10.2.0.2 |
10.1.0.1 |
/16 |
Customer B2 |
10.3.0.2 |
10.4.0.1 |
/16 |
|
|
|
|
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |
![](/html/1438/356/html_IE5eMGyoCe.4mvY/htmlconvd-racxcq240x1.jpg)
Configuring a Simple MPLS VPN 207
For the sake of this discussion, let’s say that MPLS and MP-IBGP are configured already. Since the MP-BGP backbone is already in place, you only need to concentrate on configuring the VPNs.
From a business standpoint, you need to configure a simple VPN for Customer A and Customer B. Customer A has two sites (Customer A1 and Customer A2), and Customer B has two sites (Customer B1 and Customer B2).
Chapter 5 introduced the concepts of VRFs and route distinguishers, so let’s set up a VRF and configure the route distinguishers on PE1 for Customer A and Customer B using the following commands:
PE1#config t
PE1(config)#ip vrf vpn_a
PE1(config-vrf)#rd 1:1
PE1(config-vrf)#exit
PE1(config)#ip vrf vpn_b
PE1(config-vrf)rd 1:2
Use the following commands to set up the VRFs and configure the route distinguishers on PE2 for both customers:
PE2#config t
PE2(config)#ip vrf vpn_a
PE2(config-vrf)#rd 1:1
PE2(config-vrf)#exit
PE2(config)#ip vrf vpn_b
PE2(config-vrf)rd 1:2
If the preceding syntax doesn’t ring any bells, go back and re-read Chapter 5.
That’s pretty much where we left things in Chapter 5. The next section explains how to configure interfaces to be part of a VRF.
Configuring VRF Interfaces
After you’ve created the VRF and configured the route distinguisher, interfaces must be added to the VRF. You’re probably thinking to yourself, “Add the interface to the VRF?” If you remember back to Chapter 5, a VRF is like a virtual router.
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |
![](/html/1438/356/html_IE5eMGyoCe.4mvY/htmlconvd-racxcq241x1.jpg)
208 Chapter 6 MPLS VPNs and RIP
When you execute the show ip route command, you always see the connected interfaces in the global routing table. Since a VRF is a virtual routing table, the interfaces need to be in it. In Figure 6.1, Serial 0/1 connects to Customer A1 and Serial 0/2 connects to Customer B1. These interfaces need to be added to their particular VRF.
So on PE1, to put Serial 0/1 in Customer A’s VRF (vpn_a), you use the ip vrf forwarding command. The configuration for Customer A is as follows:
PE1#config t
PE1(config)#interface serial 0/1
PE1(config-if)#ip vrf forwarding vpn_a
After the interface is placed in a VRF, it loses its IP address configuration. The
IP address will need to be reconfigured.
PE1(config-if)#ip address 10.2.0.1 mask 255.255.0.0
The interface that used to be present in the global routing table is now associated with a VRF. To verify that the Serial 0/1 interface is now associated with the VRF, use the show ip route vrf vpn_a connected command. The output from this command is as follows:
PE1#show ip route vrf vpn_a connected
C10.2.0.1 is directly connected, Serial0/1
MPLS VPN security can be negated with misconfiguration. Make sure the
right interface is in the right VRF.
The same process needs to be repeated on PE1 for Customer B (vpn_b) using the following commands:
PE1#config t
PE1(config)#interface serial 0/2
PE1(config-if)#ip vrf forwarding vpn_b
PE1(config-if)#ip address 10.2.0.1 mask 255.255.0.0
Verify that the Serial 0/2 interface is now associated with the VRF using the show ip route vrf vpn_b connected command as follows:
PE1#show ip route vrf vpn_b connected
C 10.2.0.1 is directly connected, Serial0/2
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |