Thursday, June 2, 2016

MPLS VPN Practice




Explanation for the topology above:

R7, R5, R8, R6 are customer routers that uses static Routes to ISP 0.0.0.0/0,  or you can say [ CE ]

R3, R1, R2, R4 are ISP Network domain, R3 and R4 are PE's while R1, R2, are P's


ISP Domain uses OSPF for IGP
ISP Domain uses MPLS  service to provide the customer with a VPN on the P's and on internal interfaces of the PE's
LDP protocol is used for labeling and exchange of the labels, with manual labeling and auto
on PE's redistribution have been implemented into OSPF domain to provide reachability to CE's.




configs will be as followed
R1:


interface Loopback0
 ip address 1.1.1.1 255.255.255.0
 ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 12.1.1.1 255.255.255.0
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 ip address 31.1.1.1 255.255.255.0
 duplex auto
 speed auto
 mpls ip
!
router ospf 1
 log-adjacency-changes
 network 12.1.1.0 0.0.0.255 area 0
 network 31.1.1.0 0.0.0.255 area 0

mpls ldp router-id Loopback0 force
!
control-plane
!
!
==========================================================


R2:

mpls label range 200 299
mpls label protocol ldp
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 12.1.1.2 255.255.255.0
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 ip address 24.1.1.2 255.255.255.0
 duplex auto
 speed auto
 mpls ip
!
router ospf 1
 log-adjacency-changes
 network 12.1.1.0 0.0.0.255 area 0
 network 24.1.1.0 0.0.0.255 area 0
!

!
mpls ldp router-id Loopback0 force
!

==============================================================


R7:


!
interface Loopback0
 ip address 7.7.7.7 255.255.255.0
!
interface FastEthernet0/0
 ip address 37.1.1.7 255.255.255.0
 speed 100
 full-duplex
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 37.1.1.3
!
!


===========================================================

R4

mpls label protocol ldp
!
!
!
interface Loopback0
 ip address 4.4.4.4 255.255.255.0
 ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 46.1.1.4 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 24.1.1.4 255.255.255.0
 ip ospf 1 area 0
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet1/0
 ip address 48.1.1.4 255.255.255.0
 ip ospf 1 area 0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 redistribute connected subnets
 network 4.0.0.0 0.0.0.255 area 0
 network 24.0.0.0 0.0.0.255 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
mpls ldp router-id Loopback0 force
!
==============================================================

R5


!
interface Loopback0
 ip address 5.5.5.5 255.255.255.0
!
interface FastEthernet0/0
 ip address 53.1.1.5 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 53.1.1.3
!
===============================================================


R6


!
interface Loopback0
 ip address 6.6.6.6 255.255.255.0
!
interface FastEthernet0/0
 ip address 46.1.1.6 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 46.1.1.4
!
!
==================================================================

R3


mpls label protocol ldp
multilink bundle-name authenticated
!
!

!
archive
 log config
  hidekeys
!

interface Loopback0
 ip address 3.3.3.3 255.255.255.0
 ip ospf 1 area 0
!
interface FastEthernet0/0
 ip address 53.1.1.3 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 31.1.1.3 255.255.255.0
 ip ospf 1 area 0
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet1/0
 ip address 37.1.1.3 255.255.255.0
 ip ospf 1 area 0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 redistribute connected subnets
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
mpls ldp router-id Loopback0







====================================================================


R8


interface Loopback0
 ip address 8.8.8.8 255.255.255.0
!
interface FastEthernet0/0
 ip address 48.1.1.8 255.255.255.0
 speed 100
 full-duplex
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 48.1.1.4
!
!

==================================================================


Verifying configuration:

1st method is of course the ICMP packets
lets ping from one CE to another


R5 ping to R6

R5#ping 46.1.1.6 repeat 50

Type escape sequence to abort.
Sending 50, 100-byte ICMP Echos to 46.1.1.6, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (50/50), round-trip min/avg/max = 20/58/84 ms
R5#

trace route from R5 to R6
R5#traceroute 46.1.1.6

Type escape sequence to abort.
Tracing the route to 46.1.1.6

  1 53.1.1.3 4 msec 12 msec 8 msec
  2 31.1.1.1 [MPLS: Label 106 Exp 0] 60 msec 52 msec 40 msec
  3 12.1.1.2 [MPLS: Label 202 Exp 0] 72 msec 52 msec 32 msec
  4 24.1.1.4 48 msec 60 msec 36 msec
  5 46.1.1.6 108 msec 52 msec 76 msec
R5#


R5 is using static route to reach R6

R5#show ip route 46.1.1.6
% Network not in table
R5#show ip cef 46.1.1.6
0.0.0.0/0, version 17, epoch 0, cached adjacency 53.1.1.3
0 packets, 0 bytes
  via 53.1.1.3, 0 dependencies, recursive
    next hop 53.1.1.3, FastEthernet0/0 via 53.1.1.3/32
    valid cached adjacency





Checking MPLS forwarding table on Provider  Routers inside ISP network:

R1#show mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop  
tag    tag or VC   or Tunnel Id      switched   interface            
100    Pop tag     24.1.1.0/24       0          Fa0/0      12.1.1.2    
101    Pop tag     2.2.2.0/24        0          Fa0/0      12.1.1.2    
103    200         4.4.4.4/32        0          Fa0/0      12.1.1.2    
104    Pop tag     37.1.1.0/24       0          Fa0/1      31.1.1.3    
105    201         48.1.1.0/24       0          Fa0/0      12.1.1.2    
106    202         46.1.1.0/24       12332      Fa0/0      12.1.1.2    
107    Pop tag     53.1.1.0/24       13026      Fa0/1      31.1.1.3    
108    Pop tag     3.3.3.0/24        0          Fa0/1      31.1.1.3  


Hope this practice was useful!
Samer R. Saleem




No comments:

Post a Comment

Securing Small Businesses: A Roadmap to Continuity and Confidence

  In an ever-expanding world of cyberspace, the prevalence of cyber-attacks grows daily. Allocating budgetary resources to network and cyber...