- •Acknowledgments
- •Introduction
- •Assessment Test
- •Answers to Assessment Test
- •Service Provider Networks
- •Scalability
- •Traffic Engineering
- •Quality of Service
- •MPLS Label Stack
- •Shim Header
- •MPLS Architecture
- •Control
- •Forwarding
- •MPLS Label Switching
- •MPLS Network Components
- •Device Output
- •Label-Switched Paths
- •MPLS Applications
- •MPLS and ATM
- •Overlay
- •Quality of Service
- •Traffic Engineering
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Routing Review
- •Frame-Mode MPLS Working Example
- •Network Routing Protocol Examples
- •MPLS Step by Step
- •Label Distribution
- •Assigning Labels
- •Troubleshooting and Verification
- •Device Configuration
- •IGP Verification
- •CEF Verification
- •MPLS Verification
- •Label Distribution and Bindings
- •Binding Verification
- •Troubleshooting the Network
- •Hiding Service Provider Devices
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Frame-Mode MPLS and ATM
- •Frame-Mode MPLS and ATM Configuration
- •Cell-Mode MPLS
- •Label Binding with ATM
- •Cell-Mode Label Switching
- •VC Merge
- •Loop Prevention
- •Cell-Mode MPLS Configuration
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •VPNs 101
- •Point-to-Point Connections
- •Virtual Private Networks
- •Categories of VPNs
- •VPN Routing
- •Peer-to-Peer VPNs
- •Optimal Routing
- •Peer-to-Peer Security
- •Peer-to-Peer VPN Routing
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Service Provider Configuration
- •MPLS VPNs
- •Virtual Router
- •Virtual Routing and Forwarding Tables
- •MPLS Operational Overview
- •MP-BGP Configuration
- •An MPLS VPN Example
- •Route Distinguisher
- •MP-IBGP Configuration Example
- •Initial Network Configuration
- •MP-IBGP Configuration
- •Verification
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •A Review of VPNs
- •Configuring a Simple MPLS VPN
- •Configuring VRF Interfaces
- •Running RIP in an MPLS VPN
- •Configuring RIPv2 with Address-Family ipv4
- •Configuring Redistribution
- •Route Targets
- •Configuring Route Targets
- •A Review of Simple VPN Configuration
- •Configuring MPLS in the Service Provider Network
- •Simple VPN Configuration
- •Configuring the PE-CE Routing Protocol
- •Lab: Configuring an MPLS VPN
- •Configuring POP Routers
- •VPN Configuration
- •Raleigh Running-Config
- •Atlanta Running-Config
- •Peer 1 Running-Config
- •Peer 2 Running-Config
- •Verification with Ping
- •Routing Table Isolation
- •Verifying VRF Routes
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •MP-BGP and OSPF
- •A Review of OSPF
- •OSPF Router Types
- •Link State Advertisements
- •OSPF for MPLS VPNs
- •OSPF Super-Backbone
- •Preventing Routing Loops
- •Path Selection
- •MPLS VPN OSPF Lab
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Static Routing
- •Device Configuration
- •VPN Configuration
- •Raleigh Running-Config
- •Atlanta Running-Config
- •Peer Router Configuration
- •Verification with Ping
- •Verifying Static VRF Routes
- •E-BGP and MPLS VPNs
- •Device Configuration
- •E-BGP Operation
- •AS-Override
- •VPN Configuration
- •Raleigh Running-Config
- •Atlanta Running-Config
- •Peer Router Configuration
- •Peer 1 Running-Config
- •Peer 2 Running-Config
- •Verification with Ping
- •Advanced MPLS VPN Topologies
- •Simple VPNs
- •Central Services MPLS VPN Topology
- •Overlay MPLS VPN Topology
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Challenge Lab 1
- •MPLS
- •MP-IBGP
- •Answer to Lab 1.1
- •Answer to Lab 1.2
- •Answer to Lab 1.3
- •Challenge Lab 2
- •Tag Switching
- •MP-IBGP
- •Answer to Lab 2.1
- •Answer to Lab 2.2
- •Answer to Lab 2.3
- •Challenge Lab 3
- •VRF Configuration
- •RIPv2
- •Redistribution
- •Answer to Lab 3.1
- •Answer to Lab 3.2
- •Answer to Lab 3.3
- •Challenge Lab 4
- •VRF Configuration
- •OSPF
- •Redistribution
- •Answer to Lab 4.1
- •Answer to Lab 4.2
- •Answer to Lab 4.3
- •Challenge Lab 5
- •VRF Configuration
- •Static Routes and Redistribution
- •Answer to Lab 5.1
- •Answer to Lab 5.2
- •Challenge Lab 6
- •VRF Configuration
- •E-BGP Configuration
- •Answer to Lab 6.1
- •Answer to Lab 6.2
- •Service Provider Network Configuration with OSPF
- •Router Configuration
- •Routing Tables
- •Tags
- •Service Provider Network Configuration with IS-IS
- •Router Configuration
- •Routing Tables
- •Tag Switching Forwarding Tables
- •Glossary
Lab: Configuring an MPLS VPN 247
line aux 0 line vty 0 4
privilege level 15 password lab logging synchronous login
ip netmask-format decimal
!
end
Verification with Ping
To verify that the VPN works, all you need to do is a ping from one peer to the other. The following output is the result of a ping from Peer 2 to Peer 1:
Peer2#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 116/119/120 ms
Routing Table Isolation
First of all, let’s talk about routing table isolation and its implications. On the Raleigh and Atlanta POP routers, no customer (Peer 1 and Peer 2) routes show up in the global routing table. The routing tables of the Atlanta and Raleigh POP routers are as follows:
Raleigh#show ip route
.
. Output Omitted
.
Gateway of last resort is not set
204.134.83.0 255.255.255.0 is variably subnetted, 5 subnets, 2 masks
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |
248 Chapter 6 MPLS VPNs and RIP
C 204.134.83.8 255.255.255.252 is directly connected, Serial0/3
R204.134.83.1 255.255.255.255
[120/2] via 204.134.83.9, 00:00:00, Serial0/3 C 204.134.83.3 255.255.255.255 is directly
connected, Loopback0
R204.134.83.2 255.255.255.255
[120/1] via 204.134.83.9, 00:00:00, Serial0/3
R204.134.83.4 255.255.255.252
[120/1] via 204.134.83.9, 00:00:00, Serial0/3
Atlanta#show ip route
.
. Output Omitted
.
Gateway of last resort is not set
204.134.83.0 255.255.255.0 is variably subnetted, 5 subnets, 2 masks
R204.134.83.8 255.255.255.252
[120/1] via 204.134.83.6, 00:00:07, Serial0/0 C 204.134.83.1 255.255.255.255 is directly
connected, Loopback0
R204.134.83.3 255.255.255.255
[120/2] via 204.134.83.6, 00:00:07, Serial0/0
R204.134.83.2 255.255.255.255
[120/1] via 204.134.83.6, 00:00:07, Serial0/0 C 204.134.83.4 255.255.255.252 is directly
connected,
In addition, none of the customer routes (Peer 1 and Peer 2) show up on the Core router. The Core router is only running the IGP (RIPv2) and knows nothing about any of the customer subnets, as you can see in the global routing table of the Core router:
Core#show ip route
.
. Output Omitted
.
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |
|
Lab: Configuring an MPLS VPN 249 |
Gateway of last resort is not set |
|
|
204.134.83.0 255.255.255.0 is variably subnetted, |
|
5 subnets, 2 masks |
C |
204.134.83.8 255.255.255.252 is directly |
|
connected, Serial0/0 |
R204.134.83.1 255.255.255.255
[120/1] via 204.134.83.5, 00:00:19, Serial0/1
R204.134.83.3 255.255.255.255
[120/1] via 204.134.83.10, 00:00:26, Serial0/0
C204.134.83.2 255.255.255.255 is directly connected, Loopback0
C204.134.83.4 255.255.255.252 is directly connected, Serial0/1
If you see any customer routes in the global routing table, then more than likely, redistribution has been misconfigured. You need to check the redistribution syntax on your PE routers to make sure that they have the proper configuration.
What about on the client routers? They are isolated as well. The client routers do not know any of the details of the service provider network. If you recall, RIPv2 is running as the IGP for the service provider network. RIPv2 is also running on the clients (Peer 1 and Peer 2). The routing tables of the Peer 1 and Peer 2 routers are shown in the following device output. Notice that no service provider routes are in the global routing tables for Peer 1 and Peer 2:
Peer1#show ip route
.
. Output Omitted
.
Gateway of last resort is not set
192.168.1.0 255.255.255.255 is subnetted, 1 subnets C 192.168.1.1 is directly connected, Loopback0
192.168.3.0 255.255.255.252 is subnetted, 2 subnets R 192.168.3.8 [120/1] via 192.168.3.6, 00:00:12,
Serial0
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |
250 Chapter 6 MPLS VPNs and RIP
C192.168.3.4 is directly connected, Serial0
Peer2#show ip route
.
. Output Omitted
.
Gateway of last resort is not set
R 192.168.1.0 255.255.255.0 [120/2] via 192.168.3.9, 00:00:04, Serial0
192.168.2.0 255.255.255.255 is subnetted, 1 subnets
C192.168.2.1 is directly connected, Loopback0 192.168.3.0 255.255.255.252 is subnetted, 2 subnets
C192.168.3.8 is directly connected, Serial0
R 192.168.3.4 [120/1] via 192.168.3.9, 00:00:05,
Serial0
Verifying VRF Routes
In learning about MPLS VPNs, it’s important that you understand the flow of routing information. Let’s begin this discussion by looking at the routing table of vpn_1 as it exists on the Atlanta POP router:
Atlanta#show ip route vrf vpn_1
.
. Output Omitted
.
Gateway of last resort is not set
R 192.168.1.0 255.255.255.0 [120/1] via 192.168.3.5, 00:00:08, Serial0/1
B192.168.2.0 255.255.255.0 [200/1] via 204.134.83.3, 00:01:22
192.168.3.0 255.255.255.252 is subnetted, 2 subnets
B192.168.3.8 [200/0] via 204.134.83.3, 00:06:07 C 192.168.3.4 is directly connected, Serial0/1
In the routing table for vpn_1 on the Atlanta POP router, there are BGP routes (indicated by B in the routing table output) and RIPv2 routes (indicated
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |