- •Acknowledgments
- •Introduction
- •Assessment Test
- •Answers to Assessment Test
- •Service Provider Networks
- •Scalability
- •Traffic Engineering
- •Quality of Service
- •MPLS Label Stack
- •Shim Header
- •MPLS Architecture
- •Control
- •Forwarding
- •MPLS Label Switching
- •MPLS Network Components
- •Device Output
- •Label-Switched Paths
- •MPLS Applications
- •MPLS and ATM
- •Overlay
- •Quality of Service
- •Traffic Engineering
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Routing Review
- •Frame-Mode MPLS Working Example
- •Network Routing Protocol Examples
- •MPLS Step by Step
- •Label Distribution
- •Assigning Labels
- •Troubleshooting and Verification
- •Device Configuration
- •IGP Verification
- •CEF Verification
- •MPLS Verification
- •Label Distribution and Bindings
- •Binding Verification
- •Troubleshooting the Network
- •Hiding Service Provider Devices
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Frame-Mode MPLS and ATM
- •Frame-Mode MPLS and ATM Configuration
- •Cell-Mode MPLS
- •Label Binding with ATM
- •Cell-Mode Label Switching
- •VC Merge
- •Loop Prevention
- •Cell-Mode MPLS Configuration
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •VPNs 101
- •Point-to-Point Connections
- •Virtual Private Networks
- •Categories of VPNs
- •VPN Routing
- •Peer-to-Peer VPNs
- •Optimal Routing
- •Peer-to-Peer Security
- •Peer-to-Peer VPN Routing
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Service Provider Configuration
- •MPLS VPNs
- •Virtual Router
- •Virtual Routing and Forwarding Tables
- •MPLS Operational Overview
- •MP-BGP Configuration
- •An MPLS VPN Example
- •Route Distinguisher
- •MP-IBGP Configuration Example
- •Initial Network Configuration
- •MP-IBGP Configuration
- •Verification
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •A Review of VPNs
- •Configuring a Simple MPLS VPN
- •Configuring VRF Interfaces
- •Running RIP in an MPLS VPN
- •Configuring RIPv2 with Address-Family ipv4
- •Configuring Redistribution
- •Route Targets
- •Configuring Route Targets
- •A Review of Simple VPN Configuration
- •Configuring MPLS in the Service Provider Network
- •Simple VPN Configuration
- •Configuring the PE-CE Routing Protocol
- •Lab: Configuring an MPLS VPN
- •Configuring POP Routers
- •VPN Configuration
- •Raleigh Running-Config
- •Atlanta Running-Config
- •Peer 1 Running-Config
- •Peer 2 Running-Config
- •Verification with Ping
- •Routing Table Isolation
- •Verifying VRF Routes
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •MP-BGP and OSPF
- •A Review of OSPF
- •OSPF Router Types
- •Link State Advertisements
- •OSPF for MPLS VPNs
- •OSPF Super-Backbone
- •Preventing Routing Loops
- •Path Selection
- •MPLS VPN OSPF Lab
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Static Routing
- •Device Configuration
- •VPN Configuration
- •Raleigh Running-Config
- •Atlanta Running-Config
- •Peer Router Configuration
- •Verification with Ping
- •Verifying Static VRF Routes
- •E-BGP and MPLS VPNs
- •Device Configuration
- •E-BGP Operation
- •AS-Override
- •VPN Configuration
- •Raleigh Running-Config
- •Atlanta Running-Config
- •Peer Router Configuration
- •Peer 1 Running-Config
- •Peer 2 Running-Config
- •Verification with Ping
- •Advanced MPLS VPN Topologies
- •Simple VPNs
- •Central Services MPLS VPN Topology
- •Overlay MPLS VPN Topology
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Challenge Lab 1
- •MPLS
- •MP-IBGP
- •Answer to Lab 1.1
- •Answer to Lab 1.2
- •Answer to Lab 1.3
- •Challenge Lab 2
- •Tag Switching
- •MP-IBGP
- •Answer to Lab 2.1
- •Answer to Lab 2.2
- •Answer to Lab 2.3
- •Challenge Lab 3
- •VRF Configuration
- •RIPv2
- •Redistribution
- •Answer to Lab 3.1
- •Answer to Lab 3.2
- •Answer to Lab 3.3
- •Challenge Lab 4
- •VRF Configuration
- •OSPF
- •Redistribution
- •Answer to Lab 4.1
- •Answer to Lab 4.2
- •Answer to Lab 4.3
- •Challenge Lab 5
- •VRF Configuration
- •Static Routes and Redistribution
- •Answer to Lab 5.1
- •Answer to Lab 5.2
- •Challenge Lab 6
- •VRF Configuration
- •E-BGP Configuration
- •Answer to Lab 6.1
- •Answer to Lab 6.2
- •Service Provider Network Configuration with OSPF
- •Router Configuration
- •Routing Tables
- •Tags
- •Service Provider Network Configuration with IS-IS
- •Router Configuration
- •Routing Tables
- •Tag Switching Forwarding Tables
- •Glossary
Lab: Configuring an MPLS VPN 225
CustomerX2(config)#router rip
CustomerX2(config-router)#version 2
CustomerX2(config-router)#network 10.0.0.0
Now on to the service provider devices. On PE1 and PE2, you need to configure RIPv2 for the VRF and redistribution of BGP routes into RIP. In addition, you need to configure RIP routes to be redistributed into BGP. The following commands accomplish this configuration:
PE1#config t
PE1(config)#router rip
PE1(config)#version 2
PE1(config-router)#address-family ipv4 vrf customer_x
PE1(config-router-af)#redistribute bpg 1 metric transparent
PE1(config-router-af)#exit
PE1(config-router)#exit
PE1(config)#router bgp 1
PE1(config-router)#address-family ipv4 vrf customer_x
PE1(config-router-af)#redistribute rip
The same commands can be used to accomplish the configuration on PE2:
PE2#config t
PE2(config)#router rip
PE2(config)#version 2
PE2(config-router)#address-family ipv4 vrf customer_x
PE2(config-router-af)#redistribute bpg 1 metric transparent
PE2(config-router-af)#exit
PE2(config-router)#exit
PE2(config)#router bgp 1
PE2(config-router)#address-family ipv4 vrf customer_x
PE2(config-router-af)#redistribute rip
Lab: Configuring an MPLS VPN
To really hammer home all of the configuration steps that you’ve been exposed to, I’d like to go through the configuration one more time. This section uses the same simple network you first saw in Chapter 2, “Frame-Mode
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |
226 Chapter 6 MPLS VPNs and RIP
MPLS.” For this section, you’ll be using the simple service provider network illustrated in Figure 6.16.
F I G U R E 6 . 1 6 A simple service provider network
Serial |
0/0 |
0/0 |
Serial |
|
|
Serial 0/1 |
|
|
PE1 |
|
P1 |
Serial 0
Peer 1
0/1 |
0/0 |
0/1 |
0/0 |
Serial Serial |
|
Serial Serial |
|
|
P2 |
|
PE2 |
Serial 0/1
Serial 0
Peer 2
Figure 6.17 illustrates the routing protocol utilization for this network.
F I G U R E |
6 . 1 7 |
Routing protocol utilization |
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
IGP |
|
|
|
|
|
|
|
|
|
|
0/0 |
0/0 |
0/1 |
0/0 |
Serial |
0/1 |
0/0 |
|
|
|
|
Serial 0/1 |
|
Serial Serial |
|
Serial Serial |
|
Serial |
|
Serial 0/1 |
||
|
|
|
|
|
|
|
|
|
|
|||
|
|
PE1 |
|
P1 |
|
P2 |
|
|
PE2 |
|||
|
|
Serial 0 |
|
|
|
|
|
|
|
Serial 0 |
||
|
|
CE1 |
|
|
|
|
|
|
|
|
CE2 |
|
|
|
|
|
|
|
I-BGP |
|
|
|
|
|
|
|
|
Table 6.6 lists the IP addresses and interfaces for the CE devices in |
||||||||||
|
|
Figure 6.16. |
|
|
|
|
|
|
|
|
|
|
T A B L E |
6 . 6 |
Customer Addressing |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
|
|
Device |
Loopback 0 |
|
Serial 0 |
|
|
|
|
|||
|
|
|
|
|
|
|
|
|||||
|
|
Peer 1 |
192.168.1.1/32 |
192.168.3.5/30 |
|
|
||||||
|
|
Peer 2 |
192.168.2.1/32 |
192.168.3.10/30 |
|
|||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |
Lab: Configuring an MPLS VPN 227
Table 6.7 lists the IP addresses and interfaces of all the service provider devices in Figure 6.16.
T A B L E |
6 . 7 Service Provider Addressing |
|
|
|
|
|
|
|
|
Device |
Loopback 0 |
Serial 0/0 |
Serial 0/1 |
Serial 0/3 |
|
|
|
|
|
Atlanta |
204.134.83.1/32 |
204.134.83.5/30 |
192.168.3.6/30 |
N/A |
Core |
204.134.83.2/32 |
204.134.83.9/30 |
204.134.83.6/30 |
N/A |
Raleigh |
204.134.83.3/32 |
N/A |
192.168.3.9/30 |
204.134.83.10/30 |
|
|
|
|
|
Configuring POP Routers
Presently, the network is set up with an IGP (RIPv2), tag switching, and MP-BGP between the Atlanta and Raleigh POP routers.
The configuration of the Raleigh POP router is as follows:
Raleigh#show running-config
Building configuration...
Current configuration : 1997 bytes
!
version 12.1
service timestamps debug uptime service timestamps log uptime no service password-encryption
!
hostname Raleigh
!
enable password cisco
!
!
!
!
!
memory-size iomem 25
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |
228 Chapter 6 MPLS VPNs and RIP
ip subnet-zero
ip tcp synwait-time 5 no ip domain-lookup
!
!
ip vrf vpn_1 rd 65000:1
route-target export 65000:1 route-target import 65000:1
ip cef
cns event-service server
!
!
!
!
!
interface Loopback0
ip address 204.134.83.3 255.255.255.255
!
interface Serial0/0 no ip address shutdown
no fair-queue clockrate 64000
!
interface Serial0/1
description *** Link to Peer2 ***
ip address 192.168.3.9 255.255.255.252 clockrate 64000
!
interface Serial0/2 no ip address shutdown
clockrate 64000
!
interface Serial0/3
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |
Lab: Configuring an MPLS VPN 229
description *** Link to Core Router ***
ip address 204.134.83.10 255.255.255.252 tag-switching ip
clockrate 64000
!
interface Ethernet1/0 no ip address shutdown
!
interface Ethernet1/1 no ip address shutdown
!
interface Ethernet1/2 no ip address shutdown
!
interface Ethernet1/3 no ip address shutdown
!
router rip version 2
network 204.134.83.0
!
router bgp 65000
no synchronization
bgp log-neighbor-changes
neighbor 204.134.83.1 remote-as 65000 neighbor 204.134.83.1 update-source Loopback0 neighbor 204.134.83.1 next-hop-self
no auto-summary
!
!
address-family vpnv4
neighbor 204.134.83.1 activate
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |
230 Chapter 6 MPLS VPNs and RIP
neighbor 204.134.83.1 send-community both no auto-summary
exit-address-family
!
ip classless
no ip http server
!
!
!
line con 0 exec-timeout 0 0 privilege level 15 logging synchronous transport input none
ip netmask-format decimal line aux 0
line vty 0 4 privilege level 15 password cisco logging synchronous login
ip netmask-format decimal
!
end
The configuration of the Atlanta POP router is as follows:
Atlanta#show running-config
Building configuration...
Current configuration : 1972 bytes
!
version 12.1
service timestamps debug uptime service timestamps log uptime no service password-encryption
!
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |
Lab: Configuring an MPLS VPN 231
hostname Atlanta
!
enable password cisco
!
!
!
!
!
memory-size iomem 25 ip subnet-zero
ip tcp synwait-time 5 no ip domain-lookup
!
!
ip cef
cns event-service server
!
!
!
!
!
interface Loopback0
ip address 204.134.83.1 255.255.255.255
!
interface Serial0/0
description *** Link to Core Router ***
ip address 204.134.83.5 255.255.255.252 tag-switching ip
no fair-queue clockrate 64000
!
interface Serial0/1
description *** Link to Peer1 ***
ip address 192.168.3.6 255.255.255.252 clockrate 64000
!
interface Serial0/2
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |
232 Chapter 6 MPLS VPNs and RIP
no ip address shutdown clockrate 64000
!
interface Serial0/3 no ip address shutdown
clockrate 64000
!
interface Ethernet1/0 no ip address shutdown
!
interface Ethernet1/1 no ip address shutdown
!
interface Ethernet1/2 no ip address shutdown
!
interface Ethernet1/3 no ip address shutdown
!
router rip version 2
network 204.134.83.0
!
router bgp 65000
no synchronization
bgp log-neighbor-changes
neighbor 204.134.83.3 remote-as 65000 neighbor 204.134.83.3 update-source Loopback0 neighbor 204.134.83.3 next-hop-self
no auto-summary
!
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |