- •Acknowledgments
- •Introduction
- •Assessment Test
- •Answers to Assessment Test
- •Service Provider Networks
- •Scalability
- •Traffic Engineering
- •Quality of Service
- •MPLS Label Stack
- •Shim Header
- •MPLS Architecture
- •Control
- •Forwarding
- •MPLS Label Switching
- •MPLS Network Components
- •Device Output
- •Label-Switched Paths
- •MPLS Applications
- •MPLS and ATM
- •Overlay
- •Quality of Service
- •Traffic Engineering
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Routing Review
- •Frame-Mode MPLS Working Example
- •Network Routing Protocol Examples
- •MPLS Step by Step
- •Label Distribution
- •Assigning Labels
- •Troubleshooting and Verification
- •Device Configuration
- •IGP Verification
- •CEF Verification
- •MPLS Verification
- •Label Distribution and Bindings
- •Binding Verification
- •Troubleshooting the Network
- •Hiding Service Provider Devices
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Frame-Mode MPLS and ATM
- •Frame-Mode MPLS and ATM Configuration
- •Cell-Mode MPLS
- •Label Binding with ATM
- •Cell-Mode Label Switching
- •VC Merge
- •Loop Prevention
- •Cell-Mode MPLS Configuration
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •VPNs 101
- •Point-to-Point Connections
- •Virtual Private Networks
- •Categories of VPNs
- •VPN Routing
- •Peer-to-Peer VPNs
- •Optimal Routing
- •Peer-to-Peer Security
- •Peer-to-Peer VPN Routing
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Service Provider Configuration
- •MPLS VPNs
- •Virtual Router
- •Virtual Routing and Forwarding Tables
- •MPLS Operational Overview
- •MP-BGP Configuration
- •An MPLS VPN Example
- •Route Distinguisher
- •MP-IBGP Configuration Example
- •Initial Network Configuration
- •MP-IBGP Configuration
- •Verification
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •A Review of VPNs
- •Configuring a Simple MPLS VPN
- •Configuring VRF Interfaces
- •Running RIP in an MPLS VPN
- •Configuring RIPv2 with Address-Family ipv4
- •Configuring Redistribution
- •Route Targets
- •Configuring Route Targets
- •A Review of Simple VPN Configuration
- •Configuring MPLS in the Service Provider Network
- •Simple VPN Configuration
- •Configuring the PE-CE Routing Protocol
- •Lab: Configuring an MPLS VPN
- •Configuring POP Routers
- •VPN Configuration
- •Raleigh Running-Config
- •Atlanta Running-Config
- •Peer 1 Running-Config
- •Peer 2 Running-Config
- •Verification with Ping
- •Routing Table Isolation
- •Verifying VRF Routes
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •MP-BGP and OSPF
- •A Review of OSPF
- •OSPF Router Types
- •Link State Advertisements
- •OSPF for MPLS VPNs
- •OSPF Super-Backbone
- •Preventing Routing Loops
- •Path Selection
- •MPLS VPN OSPF Lab
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Static Routing
- •Device Configuration
- •VPN Configuration
- •Raleigh Running-Config
- •Atlanta Running-Config
- •Peer Router Configuration
- •Verification with Ping
- •Verifying Static VRF Routes
- •E-BGP and MPLS VPNs
- •Device Configuration
- •E-BGP Operation
- •AS-Override
- •VPN Configuration
- •Raleigh Running-Config
- •Atlanta Running-Config
- •Peer Router Configuration
- •Peer 1 Running-Config
- •Peer 2 Running-Config
- •Verification with Ping
- •Advanced MPLS VPN Topologies
- •Simple VPNs
- •Central Services MPLS VPN Topology
- •Overlay MPLS VPN Topology
- •Summary
- •Exam Essentials
- •Key Terms
- •Review Questions
- •Answers to Review Questions
- •Challenge Lab 1
- •MPLS
- •MP-IBGP
- •Answer to Lab 1.1
- •Answer to Lab 1.2
- •Answer to Lab 1.3
- •Challenge Lab 2
- •Tag Switching
- •MP-IBGP
- •Answer to Lab 2.1
- •Answer to Lab 2.2
- •Answer to Lab 2.3
- •Challenge Lab 3
- •VRF Configuration
- •RIPv2
- •Redistribution
- •Answer to Lab 3.1
- •Answer to Lab 3.2
- •Answer to Lab 3.3
- •Challenge Lab 4
- •VRF Configuration
- •OSPF
- •Redistribution
- •Answer to Lab 4.1
- •Answer to Lab 4.2
- •Answer to Lab 4.3
- •Challenge Lab 5
- •VRF Configuration
- •Static Routes and Redistribution
- •Answer to Lab 5.1
- •Answer to Lab 5.2
- •Challenge Lab 6
- •VRF Configuration
- •E-BGP Configuration
- •Answer to Lab 6.1
- •Answer to Lab 6.2
- •Service Provider Network Configuration with OSPF
- •Router Configuration
- •Routing Tables
- •Tags
- •Service Provider Network Configuration with IS-IS
- •Router Configuration
- •Routing Tables
- •Tag Switching Forwarding Tables
- •Glossary
366 Chapter 8 Advanced MPLS Topics
Advanced MPLS VPN Topologies
When discussing MPLS VPNs throughout this book, you have seen only simple VPNs. There are many additional topologies that you should know about even though they are not specified in the exam objectives.
Simple VPNs
Throughout this book you have seen only simple MPLS VPN topologies. For example, Figure 8.7 illustrates a customer with two sites connected to a service provider.
F I G U R E 8 . 7 A simple VPN topology
Customer A1 |
PE1 |
PE2 |
Customer A2 |
For the sites Customer A1 and Customer A2 to be connected together with an MPLS VPN, a VRF, route distinguisher, routing protocol, and route target must be configured. For the purpose of this discussion of MPLS VPN topologies, I’m interested only in the route targets.
When a route from Customer A1 arrives at PE1, it is redistributed into MP-BGP. Remember that the export route target value is carried in the extended community. When the route arrives at PE2, the import route target value is used to pull the route from MP-BGP into the VRF. For example, the relevant configuration of PE1 is as follows:
ip vrf vpn_1
route-target export 1289:172 route-target import 1289:172
By analyzing the configuration of PE1 and PE2, you can see that routes from PE1, when exported into MP-BGP, carry the export route target value of 1289:172 in the extended community. In addition, routes from PE2, when exported into MP-BGP, carry the export route target value of 1289:172 in the extended community. Both PE1 and PE2 import routes that have an extended community route target value of 1289:172.
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |
Advanced MPLS VPN Topologies 367
Central Services MPLS VPN Topology
Although many of your customers may require only a simple MPLS VPN to meet their connectivity requirements, route targets can be used to support a host of other topologies.
A Central Services MPLS VPN topology is where there is some central service, such as data storage facilities or media content, that is being accessed by different sites. Figure 8.8 illustrates a Central Services network.
F I G U R E 8 . 8 A Central Services network
Customer B
|
|
|
PE2 |
|
|
|
|
|
|
|
|
Customer A |
PE1 |
PE3 |
Customer C |
||
|
|
|
SPS1 |
|
|
E-Learning content
In Figure 8.8, there are three customers: Customer A, Customer B, and
Customer C. Each of these three customers is paying the service provider for access to the e-learning content hosted by the service provider.
Customer A, Customer B, and Customer C need to know how to send packets to the e-learning content site. The e-learning content site needs to know how to send packets back to Customer A, Customer B, and Customer C. Customer A, Customer B, and Customer C do not need to send packets to each other.
On PE1, Customer A’s routes will be exported with a route target of 100:1. The relevant configuration of PE1 is as follows:
ip vrf vpn_a
route-target export 100:1
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |
368 Chapter 8 Advanced MPLS Topics
On PE2, Customer B’s routes will be exported with a route target of 100:2. The relevant configuration of PE2 is as follows:
ip vrf vpn_b
route-target export 100:2
On PE3, Customer C’s routes will be exported with a route target of 100:3. The relevant configuration of PE2 is as follows:
ip vrf vpn_c
route-target export 100:3
On SPS1, the e-learning content routes will be exported with a route target of 1289:1027. The relevant configuration of SPS1 is as follows:
ip vrf elearning_svc route-target export 1289:107
On PE1, Customer A needs to know about the e-learning content routes. PE1 is configured to import the routes from the e-learning content. The relevant configuration of PE1 is as follows:
ip vrf vpn_a
route-target export 100:1 route-target import 1289:1027
On PE2, Customer B needs to know about the e-learning content routes. PE2 is configured to import the routes from the e-learning content. The relevant configuration of PE2 is as follows:
ip vrf vpn_b
route-target export 100:2 route-target import 1289:1027
On PE3, Customer C needs to know about the e-learning content routes. PE3 is configured to import the routes from the e-learning content. The relevant configuration of PE3 is as follows:
ip vrf vpn_c
route-target export 100:3 route-target import 1289:1027
On SPS1, the e-learning content needs to know about the Customer A, Customer B, and Customer C routes. SPS1 is configured to import the routes from Customer A, Customer B, and Customer C. The relevant configuration of SPS1 is as follows:
ip vrf elearning_svc route-target export 1289:1073
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |
Advanced MPLS VPN Topologies 369
route-target import 100:1 route-target import 100:2 route-target import 100:3
Overlay MPLS VPN Topology
One other topology you should know about is an overlay MPLS VPN topology. An overlay is essentially a situation where a site participates in more than one VPN. In Figure 8.9, there are two customers: Customer A and Customer B. Customer A has two sites: CustomerA_HQ and CustomerA_Site1. Customer B has two sites: Customer B_HQ and CustomerB_Site1.
F I G U R E 8 . 9 An overlay MPLS VPN topology
Customer A_Site1
PE1
Customer A_HQ |
PE2 |
PE3 |
Customer B_HQ |
PE4
Customer B_Site1
For connectivity, Customer A requires a simple VPN between its headquarters and the remote site. Customer B requires a simple VPN between its headquarters and the remote site. However, Customer A and Customer B are collaborating on a project and need to have an extranet set up between their headquarters locations: CustomerA_HQ and CustomerB_HQ.
Let’s start with the simple VPN. For a simple VPN, the import route target and export route target values can match. For CustomerA_VPN, a route distinguisher of 517:1 will be used. For CustomerB_VPN, a route target of 517:38 will be used. On PE1 and PE2, the following configuration exists for CustomerA_VPN:
ip vrf customera_vpn route-target export 517:1 route-target import 517:1
Copyright ©2002 SYBEX, Inc., Alameda, CA |
www.sybex.com |