- •Acknowledgments
- •Introduction
- •Assessment Test
- •Answers to Assessment Test
- •Service Provider Networks
- •Scalability
- •Traffic Engineering
- •Quality of Service
- •MPLS Label Stack
- •Shim Header
- •MPLS Architecture
- •Control
- •Forwarding
- •MPLS Label Switching
- •MPLS Network Components
- •Device Output
- •Label-Switched Paths
- •MPLS Applications
- •MPLS and ATM
- •Overlay
- •Quality of Service
- •Traffic Engineering
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Routing Review
- •Frame-Mode MPLS Working Example
- •Network Routing Protocol Examples
- •MPLS Step by Step
- •Label Distribution
- •Assigning Labels
- •Troubleshooting and Verification
- •Device Configuration
- •IGP Verification
- •CEF Verification
- •MPLS Verification
- •Label Distribution and Bindings
- •Binding Verification
- •Troubleshooting the Network
- •Hiding Service Provider Devices
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Frame-Mode MPLS and ATM
- •Frame-Mode MPLS and ATM Configuration
- •Cell-Mode MPLS
- •Label Binding with ATM
- •Cell-Mode Label Switching
- •VC Merge
- •Loop Prevention
- •Cell-Mode MPLS Configuration
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •VPNs 101
- •Point-to-Point Connections
- •Virtual Private Networks
- •Categories of VPNs
- •VPN Routing
- •Peer-to-Peer VPNs
- •Optimal Routing
- •Peer-to-Peer Security
- •Peer-to-Peer VPN Routing
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Service Provider Configuration
- •MPLS VPNs
- •Virtual Router
- •Virtual Routing and Forwarding Tables
- •MPLS Operational Overview
- •MP-BGP Configuration
- •An MPLS VPN Example
- •Route Distinguisher
- •MP-IBGP Configuration Example
- •Initial Network Configuration
- •MP-IBGP Configuration
- •Verification
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •A Review of VPNs
- •Configuring a Simple MPLS VPN
- •Configuring VRF Interfaces
- •Running RIP in an MPLS VPN
- •Configuring RIPv2 with Address-Family ipv4
- •Configuring Redistribution
- •Route Targets
- •Configuring Route Targets
- •A Review of Simple VPN Configuration
- •Configuring MPLS in the Service Provider Network
- •Simple VPN Configuration
- •Configuring the PE-CE Routing Protocol
- •Lab: Configuring an MPLS VPN
- •Configuring POP Routers
- •VPN Configuration
- •Raleigh Running-Config
- •Atlanta Running-Config
- •Peer 1 Running-Config
- •Peer 2 Running-Config
- •Verification with Ping
- •Routing Table Isolation
- •Verifying VRF Routes
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •MP-BGP and OSPF
- •A Review of OSPF
- •OSPF Router Types
- •Link State Advertisements
- •OSPF for MPLS VPNs
- •OSPF Super-Backbone
- •Preventing Routing Loops
- •Path Selection
- •MPLS VPN OSPF Lab
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Static Routing
- •Device Configuration
- •VPN Configuration
- •Raleigh Running-Config
- •Atlanta Running-Config
- •Peer Router Configuration
- •Verification with Ping
- •Verifying Static VRF Routes
- •E-BGP and MPLS VPNs
- •Device Configuration
- •E-BGP Operation
- •AS-Override
- •VPN Configuration
- •Raleigh Running-Config
- •Atlanta Running-Config
- •Peer Router Configuration
- •Peer 1 Running-Config
- •Peer 2 Running-Config
- •Verification with Ping
- •Advanced MPLS VPN Topologies
- •Simple VPNs
- •Central Services MPLS VPN Topology
- •Overlay MPLS VPN Topology
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Challenge Lab 1
- •MPLS
- •MP-IBGP
- •Answer to Lab 1.1
- •Answer to Lab 1.2
- •Answer to Lab 1.3
- •Challenge Lab 2
- •Tag Switching
- •MP-IBGP
- •Answer to Lab 2.1
- •Answer to Lab 2.2
- •Answer to Lab 2.3
- •Challenge Lab 3
- •VRF Configuration
- •RIPv2
- •Redistribution
- •Answer to Lab 3.1
- •Answer to Lab 3.2
- •Answer to Lab 3.3
- •Challenge Lab 4
- •VRF Configuration
- •OSPF
- •Redistribution
- •Answer to Lab 4.1
- •Answer to Lab 4.2
- •Answer to Lab 4.3
- •Challenge Lab 5
- •VRF Configuration
- •Static Routes and Redistribution
- •Answer to Lab 5.1
- •Answer to Lab 5.2
- •Challenge Lab 6
- •VRF Configuration
- •E-BGP Configuration
- •Answer to Lab 6.1
- •Answer to Lab 6.2
- •Service Provider Network Configuration with OSPF
- •Router Configuration
- •Routing Tables
- •Tags
- •Service Provider Network Configuration with IS-IS
- •Router Configuration
- •Routing Tables
- •Tag Switching Forwarding Tables
- •Glossary
Lab: Configuring an MPLS VPN 233
address-family vpnv4
neighbor 204.134.83.3 activate
neighbor 204.134.83.3 send-community both no auto-summary
exit-address-family
!
ip classless
no ip http server
!
!
!
line con 0 exec-timeout 0 0 privilege level 15 logging synchronous transport input none
ip netmask-format decimal line aux 0
line vty 0 4 privilege level 15 password cisco logging synchronous login
ip netmask-format decimal
!
VPN Configuration
So now the network is all set up, and you need to configure an MPLS VPN.
From a business case standpoint, Peer 1 and Peer 2 require a simple MPLSbased VPN. Peer 1 and Peer 2 will run RIPv2 to exchange network routes.
The first thing to configure on the Atlanta POP router is a VRF with a route distinguisher and a route target. The configuration for the Atlanta POP is implemented using the following commands:
Atlanta#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |
234 Chapter 6 MPLS VPNs and RIP
Atlanta(config)#ip vrf vpn_1
Atlanta(config-vrf)#rd 65000:1
Atlanta(config-vrf)#route-target both 65000:1
The next step is to associate the interface that connects to Peer 1 to the
VRF using the following commands:
Atlanta(config)#int s 0/1
Atlanta(config-if)#ip vrf forwarding vpn_1
%Interface Serial0/1 IP address 192.168.3.6 removed due to enabling VRF vpn_1
Atlanta(config-if)#ip address 192.168.3.6 255.255.255.252
The third step is to configure a routing context for the VRF in RIPv2 with the following commands:
Atlanta(config)#router rip
Atlanta(config-router)#address-family ipv4 vrf vpn_1
Atlanta(config-router-af)#network 192.168.3.0
The fourth step is to configure redistribution using the following commands:
Atlanta(config-router-af)#redistribute bgp 65000 metric transparent
Now on to BGP. You need to configure the redistribution for the VPN into BGP for the VRF by executing the following commands:
Atlanta(config-router-af)#exit
Atlanta(config-router)#exit
Atlanta(config)#router bgp 65000
Atlanta(config-router)#address-family ipv4 vrf vpn_1
Atlanta(config-router-af)#redistribute rip
You need to repeat these configuration steps on the Raleigh POP router. The first thing to configure on the Raleigh POP is a VRF with a route distinguisher and a route target by executing the following commands:
Raleigh#conf t
Enter configuration commands, one per line. End with
CNTL/Z.
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |
Lab: Configuring an MPLS VPN 235
Raleigh(config)#ip vrf vpn_1
Raleigh(config-vrf)#rd 65000:1
Raleigh(config-vrf)#route-target both 65000:1
Next, you need to associate the interface that connects to Peer 1 to the VRF using the following commands:
Raleigh(config-vrf)#exit
Raleigh(config)#int s 0/1
Raleigh(config-if)#ip vrf forwarding vpn_1
%Interface Serial0/1 IP address 192.168.3.9 removed due to enabling VRF vpn_1
Raleigh(config-if)#ip address 192.168.3.9 255.255.255.252
To configure a routing context for the VRF in RIPv2, use the following commands:
Raleigh(config)#router rip
Raleigh(config-router)#address-family ipv4 vrf vpn_1
Raleigh(config-router-af)#network 192.168.3.0
To configure redistribution on the Raleigh POP router, use the following command:
Raleigh(config-router-af)#redistribute bgp 65000 metric transparent
Now on to BGP. You configure the redistribution for the VPN into BGP for the VRF with the following commands:
Raleigh(config-router-af)#exit
Raleigh(config-router)#exit
Raleigh(config)#router bgp 65000
Raleigh(config-router)#address-family ipv4 vrf vpn_1
Raleigh(config-router-af)#redistribute rip
Raleigh Running-Config
This section contains the running-config of the Raleigh POP router. Try to get in the habit of reading and verifying the configurations of the routers.
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |
236 Chapter 6 MPLS VPNs and RIP
Raleigh#show running-config
Building configuration...
Current configuration : 1997 bytes
!
version 12.1
service timestamps debug uptime service timestamps log uptime no service password-encryption
!
hostname Raleigh
!
enable password cisco
!
!
!
!
!
memory-size iomem 25 ip subnet-zero
ip tcp synwait-time 5 no ip domain-lookup
!
!
ip vrf vpn_1 rd 65000:1
route-target export 65000:1 route-target import 65000:1
ip cef
cns event-service server
!
!
!
!
!
interface Loopback0
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |
Lab: Configuring an MPLS VPN 237
ip address 204.134.83.3 255.255.255.255
!
interface Serial0/0 no ip address shutdown
no fair-queue clockrate 64000
!
interface Serial0/1
description *** Link to Peer2 ***
ip vrf forwarding vpn_1
ip address 192.168.3.9 255.255.255.252 clockrate 64000
!
interface Serial0/2 no ip address shutdown
clockrate 64000
!
interface Serial0/3
description *** Link to Core Router ***
ip address 204.134.83.10 255.255.255.252 tag-switching ip
clockrate 64000
!
interface Ethernet1/0 no ip address shutdown
!
interface Ethernet1/1 no ip address shutdown
!
interface Ethernet1/2 no ip address shutdown
!
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |
238 Chapter 6 MPLS VPNs and RIP
interface Ethernet1/3 no ip address shutdown
!
router rip version 2
network 204.134.83.0
!
address-family ipv4 vrf vpn_1 version 2
redistribute bgp 65000 metric transparent network 192.168.3.0
no auto-summary exit-address-family
!
router bgp 65000
no synchronization
bgp log-neighbor-changes
neighbor 204.134.83.1 remote-as 65000 neighbor 204.134.83.1 update-source Loopback0 neighbor 204.134.83.1 next-hop-self
no auto-summary
!
address-family ipv4 vrf vpn_1 redistribute rip
no auto-summary
no synchronization exit-address-family
!
address-family vpnv4
neighbor 204.134.83.1 activate
neighbor 204.134.83.1 send-community both no auto-summary
exit-address-family
!
ip classless
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |