326 Chapter 8 Advanced MPLS Topics

ip netmask-format decimal line aux 0

line vty 0 4 privilege level 15 password cisco logging synchronous login

ip netmask-format decimal

!

VPN Configuration

Once the service provider network is set up, you need to configure an MPLS VPN. From a business case standpoint, the Peer 1 and Peer 2 routers require a simple MPLS-based VPN. The Peer 1 and Peer 2 routers will use the default routes, and the Atlanta and Raleigh POP routers will use the static routes.

The first thing to configure on the Atlanta POP router is a VRF with a route distinguisher and a route target:

Atlanta#conf t

Enter configuration commands, one per line. End with CNTL/Z. Atlanta(config)#ip vrf vpn_1

Atlanta(config-vrf)#rd 65000:1

Atlanta(config-vrf)#route-target both 65000:1

Next, you need to associate the interface that connects to Peer 1 with the VRF:

Atlanta(config)#int s 0/1

Atlanta(config-if)#ip vrf forwarding vpn_1

%Interface Serial0/1 IP address 192.168.3.6 removed due to enabling VRF vpn_1

Atlanta(config-if)#ip address 192.168.3.6 255.255.255.252

Now you need to configure a static route on the Atlanta POP router to point to the loopback of Peer 1. To configure a global static route, use the ip route command. To configure a static route for a particular VRF, use the ip route vrf vpn_name command. The configuration on the Atlanta POP router to configure a static route associated with vpn_1 is as follows. Note

Static Routing 327

that if more routes were made available from the Peer 1 router, you would need to add more static routes.

Atlanta(config)#ip route vrf vpn_1 192.168.1.1

255.255.255.255 Serial0/1 192.168.3.5

For VRF static routes, the outgoing interface must be specified even if the next

hop address is given.

Now on to BGP. You need to configure the redistribution of the static route and VRF connected interfaces into BGP:

Atlanta(config)#router bgp 65000

Atlanta(config-router)#address-family ipv4 vrf vpn_1

Atlanta(config-router-af)#redistribute connected Atlanta(config-router-af)#redistribute static Atlanta(config-router-af)#^Z

Atlanta#

You need to repeat the same configuration steps on the Raleigh POP router. First, you need to configure a VRF with a route distinguisher and a route target:

Raleigh#conf t

Enter configuration commands, one per line. End with CNTL/Z. Raleigh(config)#ip vrf vpn_1

Raleigh(config-vrf)#rd Raleigh(config-vrf)#rd 65000:1 Raleigh(config-vrf)#route

Raleigh(config-vrf)#route-target both 65000:1

Next, you need to associate the interface that connects to Peer 1 with the VRF:

Raleigh(config-vrf)#exit

Raleigh(config)#int s 0/1

Raleigh(config-if)#ip vrf forwarding vpn_1

%Interface Serial0/1 IP address 192.168.3.9 removed due to enabling VRF vpn_1

Raleigh(config-if)#ip address 192.168.3.9 255.255.255.252

Now you need to configure a static route on the Atlanta POP router to point to the loopback of Peer 2. To configure a global static route, use the

328 Chapter 8 Advanced MPLS Topics

ip route command. To configure a static route for a particular VRF, use the ip route vrf vpn_name command. The configuration on the Raleigh POP router to configure a static route associated with vpn_1 is as follows:

Raleigh(config)#ip route vrf vpn_1 192.168.2.1

255.255.255.255 Serial0/1 192.168.3.10

Now on to BGP. You need to configure the redistribution of the static route and VRF connected interfaces into BGP:

Raleigh(config)#router bgp 65000

Raleigh(config-router)#address-family ipv4 vrf vpn_1

Raleigh(config-router-af)#redistribute connected

Raleigh(config-router-af)#redistribute static

Raleigh(config-router-af)#^Z

Raleigh#

The following sections contain the running-configs of the Atlanta and Raleigh POP routers. Try to get in the habit of reading and verifying the configuration.

Raleigh Running-Config

As you review the Raleigh POP router running-config, locate the configuration showing the static route associated with the VRF:

Raleigh#show running-config

Building configuration...

Current configuration : 1947 bytes

!

version 12.1

service timestamps debug uptime service timestamps log uptime no service password-encryption

!

hostname Raleigh

!

enable password cisco

!

!

Static Routing 329

!

!

!

memory-size iomem 25 ip subnet-zero

ip tcp synwait-time 5 no ip domain-lookup

!

!

ip vrf vpn_1 rd 65000:1

route-target export 65000:1 route-target import 65000:1

ip cef

cns event-service server

!

!

!

!

!

interface Loopback0

ip address 204.134.83.3 255.255.255.255

!

interface Serial0/0 no ip address shutdown

no fair-queue clockrate 64000

!

interface Serial0/1

description *** Link to Peer2 ***

ip vrf forwarding vpn_1

ip address 192.168.3.9 255.255.255.252 clockrate 64000

!

interface Serial0/2

330 Chapter 8 Advanced MPLS Topics

no ip address shutdown clockrate 64000

!

interface Serial0/3

description *** Link to Core Router ***

ip address 204.134.83.10 255.255.255.252 tag-switching ip

clockrate 64000

!

interface Ethernet1/0 no ip address shutdown

!

interface Ethernet1/1 no ip address shutdown

!

interface Ethernet1/2 no ip address shutdown

!

interface Ethernet1/3 no ip address shutdown

!

router rip version 2

network 204.134.83.0

!

router bgp 65000

no synchronization

bgp log-neighbor-changes

neighbor 204.134.83.1 remote-as 65000 neighbor 204.134.83.1 update-source Loopback0 neighbor 204.134.83.1 next-hop-self

Static Routing 331

no auto-summary

!

address-family ipv4 vrf vpn_1 redistribute connected redistribute static

no auto-summary

no synchronization exit-address-family

!

address-family vpnv4

neighbor 204.134.83.1 activate

neighbor 204.134.83.1 send-community both no auto-summary

exit-address-family

!

ip classless

ip route vrf vpn_1 192.168.2.1 255.255.255.255 Serial0/1 192.168.3.10

no ip http server

!

!

!

line con 0 exec-timeout 0 0 privilege level 15 logging synchronous transport input none

ip netmask-format decimal line aux 0

line vty 0 4 privilege level 15 password cisco logging synchronous login

ip netmask-format decimal

!

end