Let's assume that your company asked you to create an MPLS VPN for a customer that wanted to connect two branches of the company together.
However, the customer is using same BGP AS number on both sites, and they can't change it for some reason.
You are required to solve this issue by providing the connectivity and solve any misconfiguration.
In this post, we will discuss what how to configure MPLS-L3VPN type.
Terms will be used:
P => Provider router
PE => provider edge router
CE => Customer edge router
IP addresses are as in the topology.
Using the following topology:
The design shows the ISP network represented by three Routers some of which are P routers (R5) and some are PE's (R2, R3)
On the other hand we will be two sides of the topology to represent CE's Routers.
ISP will be AS#253, while Customer AS#65000
ISP will use OSPF and it's only (area0) you can do the same with any other IGP but of course IS-IS protocol and OSPF are the best due to obvious reasons.
OSPF configuration is enabled on the following interfaces:
R5 E0/0, E0/1, Loopback0
R2 E0/0, Loopback0
R3 E0/1, Loopback0
MPLS LDP is enabled on the same interfaces except the loopbacks.
Command to enable MPLS:
1. option is to enable under interface with command #MPLS IP
2. option is to enable under OSPF process using #MPLS LDP AUTOCONFIG
How to display MPLS FIB table?
R5#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 2.2.2.2/32 176893 Et0/0 10.25.0.2
17 Pop Label 3.3.3.3/32 178410 Et0/1 10.35.0.3
R5#
Ok, now it's time to configure BGP VPNv4 between the two PE's (R2,R3) which will be the tunnel that we create between the two routers as can be seen in the topology.
we will form the peering using the loopback interfaces.
R2:
R3:
Next, we will use VRF on the PE's interfaces to CE's, and we will configure the VRF on R2, R3 Route distinguisher RD 65000:65000
Route Target to export and import (65000:65000).
We will need to add interfaces under these VRF's and configure IP addresses on the interfaces facing the CE's routers.
Now, we will enable eBGP between the PE's and the CE's
from the CE's side, it will be normal eBGP configuration, but we will also advertise the loopback's of the CE in BGP table so we can use for testing later on.
the only exceptional thing on CE's we will add the (AllowAS-IN) option on BGP in order to allow incoming BGP AS 65000 updates into each of the routers which should be blocked by default on BGP as a loop prevention mechanism.
of course we have another option to be done on ISP side which is (AS-override), but this time we will use (Allow-AS-IN)
R4, R5 will use same configs:
Now, let's start verifying configs and routes exchange between the two CE's:
As you can see on the output of #show ip bgp that R1 is advertising it's Loopback interface 1.1.1.1/32 and it also receiving the Loopback of R4 4.4.4.4/32
Note the AS path or R1 to reach 4.4.4.4/32 (253, 65000) and this is because R1 allowed same AS to be injected into it's BGP.
Ok, now let's do some trace between the two Loopbacks:
Success!
you can download the EVE lab file here
Hope this was useful!
Samer R. Saleem.
No comments:
Post a Comment