Sunday, June 13, 2021

MPLS L3VPN between two Sites that use same Autonomous number

Let's assume that your company asked you to create an MPLS VPN for a customer that wanted to connect two branches of the company together.

However, the customer is using same BGP AS number on both sites, and they can't change it for some reason.

You are required to solve this issue by providing the connectivity and solve any misconfiguration.

In this post, we will discuss what how to configure MPLS-L3VPN type.

Terms will be used:

P => Provider router

PE => provider edge router

CE => Customer edge router

IP addresses are as in the topology.

Using the following topology:

The design shows the ISP network represented by three Routers some of which are P routers (R5) and some are PE's (R2, R3)

On the other hand we will be two sides of the topology to represent CE's Routers.

ISP will be AS#253, while Customer AS#65000

ISP will use OSPF and it's only (area0) you can do the same with any other IGP but of course IS-IS protocol and OSPF are the best due to obvious reasons.

OSPF configuration is enabled on the following interfaces:

R5 E0/0, E0/1, Loopback0

R2 E0/0, Loopback0

R3 E0/1, Loopback0

MPLS LDP is enabled on the same interfaces except the loopbacks.

Command to enable MPLS:

1. option is to enable under interface with command #MPLS IP

2. option is to enable under OSPF process using #MPLS LDP AUTOCONFIG

How to display MPLS FIB table?

R5#show mpls forwarding-table
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop    
Label      Label      or Tunnel Id     Switched      interface              
16         Pop Label  2.2.2.2/32       176893        Et0/0      10.25.0.2   
17         Pop Label  3.3.3.3/32       178410        Et0/1      10.35.0.3   
R5#


Ok, now it's time to configure BGP VPNv4 between the two PE's (R2,R3) which will be the tunnel that we create between the two routers as can be seen in the topology.

we will form the peering using the loopback interfaces.

R2:




 

 

 

 R3:







Next, we will use VRF on the PE's interfaces to CE's, and we will configure the VRF on R2, R3 Route distinguisher RD 65000:65000

Route Target to export and import (65000:65000).


 





We will need to add interfaces under these VRF's and configure IP addresses on the interfaces facing the CE's routers.

Now, we will enable eBGP between the PE's and the CE's



 


from the CE's side, it will be normal eBGP configuration, but we will also advertise the loopback's of the CE in BGP table so we can use for testing later on.

the only exceptional thing on CE's we will add the (AllowAS-IN) option on BGP in order to allow incoming BGP AS 65000 updates into each of the routers which should be blocked by default on BGP as a loop prevention mechanism.

of course we have another option to be done on ISP side which is (AS-override), but this time we will use (Allow-AS-IN)

R4, R5 will use same configs:






Now, let's start verifying configs and routes exchange between the two CE's:


 








As you can see on the output of #show ip bgp that R1 is advertising it's Loopback interface 1.1.1.1/32 and it also receiving the Loopback of R4 4.4.4.4/32

Note the AS path or R1 to reach 4.4.4.4/32 (253, 65000) and this is because R1 allowed same AS to be injected into it's BGP.

 Ok, now let's do some trace between the two Loopbacks:







Success!

you can download the EVE lab file here

 

Hope this was useful!


Samer R. Saleem.






No comments:

Post a Comment

Python-Jinja template configuration generator for Cisco devices and printout configs to external text files

 In this post, I worked on collecting a code that works with Jinja template. the nice thing in working with Jinja is that you can have basel...