4.3 Creating an MdwaPLS VPN - PacketLife

20150220 CreatinganMPLSVPNPacketLife.net

http://packetlife.net/blog/2011/may/16/creatingmplsvpn/ 1/19

Welcome,Guest! | Login(/users/login/) | Register(/users/register/)

(/)

CreatinganMPLSVPNBystretch(/users/stretch/)|Monday,May16,2011at1:17a.m.UTC

Todaywe'regoingtolookattheconfigurationrequiredtocreateabasicMPLSVPNservicingtwocustomers,eachwith a presence at two physical sites. If you're unfamiliar with the concepts ofMPLS switching andVRFsonCiscoIOS,youmaywanttocheckoutafewofmypastarticlesbeforecontinuing:

IntrotoVRFlite(/blog/2009/apr/30/introvrflite/)InterVRFRoutingwithVRFLite(/blog/2010/mar/29/intervrfroutingvrflite/)GettingtoknowMPLS(/blog/2008/jul/16/gettingtoknowmpls/)

Ourlabtopologylookslikethis:

Asareview,recallthat

P(provider)routersareISPcorerouterswhichdon'tconnecttocustomerroutersandtypicallyrun

http://packetlife.net/blog/2008/jul/16/getting-to-know-mpls/http://packetlife.net/blog/2009/apr/30/intro-vrf-lite/http://packetlife.net/http://packetlife.net/users/register/http://packetlife.net/users/login/http://packetlife.net/users/stretch/http://packetlife.net/blog/2010/mar/29/inter-vrf-routing-vrf-lite/



onlyMPLSPE(provideredge)routersconnecttocustomersitesandformtheedgeofaVPNCE(customeredge)routersexistattheedgeofacustomersitetheyhavenoVPNawarenessanIGPrunningamongallPandPEroutersisusedtosupportLDPandBGPadjacencieswithintheprovidernetworkMPBGPisrunonlyamongPEroutersanIGP(typically)isrunbetweeneachCErouteranditsupstreamPErouter

In our lab, OSPF is already in operation as the provider network IGP. OSPF processes have also beenpreconfiguredon theCE routers however, theseOSPF topologieswill remain separate from theproviderOSPF.

TherearefivecoretasksweneedtoaccomplishtogetanMPLSVPNupandrunning:

1. EnableMPLSontheproviderbackbone.2. CreateVRFsandassignroutedinterfacestothem.3. ConfigureMPBGPbetweenthePErouters.4. ConfigureOSPFbetweeneachPErouteranditsattachedCErouters.5. Enablerouteredistributionbetweenthecustomersitesandthebackbone.

Althoughplenty ofCLI outputs are shownbelow, youmaywant to grab the finished router configurations(http://media.packetlife.net/media/blog/attachments/586/MPLS_VPN_configs.zip)ifyou'dliketoduplicatethelabonyourown.

EnableMPLSFirstweneedtoenableMPLSonallPPandPPElinkswiththe mplsip interfacecommand.MPLSisnotenabled on any CEfacing interfaces CE routers do not runMPLS, just plain IP routing. LDP is enabledautomatically as the default label distribution protocol (versus Cisco's legacy TDP). LDP typically runsbetweenloopbackaddressesnotdirectlyreachablebyLDPpeers,whichiswhyit'simportanttoconfigureanIGPinthecorebeforeenablingMPLS.

WecanverifytheconfigurationofMPLSinterfaceswith showmplsinterfaces .

P1(config)#interfacef0/1P1(configif)#mplsipP1(configif)#interfacef1/0P1(configif)#mplsipP1(configif)#doshowmplsinterfacesInterfaceIPTunnelOperationalFastEthernet0/1Yes(ldp)NoYesFastEthernet1/0Yes(ldp)NoYes

P2(config)#interfacef0/1P2(configif)#mplsipP2(configif)#interfacef1/0P2(configif)#mplsip

PE1(config)#interfacef1/0PE1(configif)#mplsip

http://media.packetlife.net/media/blog/attachments/586/MPLS_VPN_configs.zip



PE2(config)#interfacef1/0PE2(configif)#mplsip

LDPadjacenciescanbeverifiedwiththecommand showmplsldpneighbor :

P1#showmplsldpneighborPeerLDPIdent:10.0.0.2:0;LocalLDPIdent10.0.0.1:0TCPconnection:10.0.0.2.4511410.0.0.1.646State:Oper;Msgssent/rcvd:12/13;DownstreamUptime:00:02:43LDPdiscoverysources:FastEthernet0/1,SrcIPaddr:10.0.9.2AddressesboundtopeerLDPIdent:10.0.9.210.0.9.910.0.0.2PeerLDPIdent:10.0.0.3:0;LocalLDPIdent10.0.0.1:0TCPconnection:10.0.0.3.2032710.0.0.1.646State:Oper;Msgssent/rcvd:12/12;DownstreamUptime:00:02:25LDPdiscoverysources:FastEthernet1/0,SrcIPaddr:10.0.9.6AddressesboundtopeerLDPIdent:10.0.9.610.0.0.3

CreateandAssignVRFsOurnextstep is tocreatecustomerVRFsonourPE routersandassign thecustomerfacing interfaces tothem.WeneedtoassigneachVRFaroutedistinguisher(RD)touniquely identifyprefixesasbelongingtothatVRFandoneormore route targets (RTs) tospecifyhow routesshouldbe imported toandexportedfromtheVRF.

We'llusearoutedistinguisherforeachVRFintheformof:.Forsimplicity,we'llreuse the samevalueasbothan import andexport route targetwithin eachVRF (thoughweare free tochooseadifferentoradditionalroutetargetsifweprefer).VRFconfigurationmustbeperformedonbothPErouters.

PE1(config)#ipvrfCustomer_APE1(configvrf)#rd65000:1PE1(configvrf)#routetargetboth65000:1PE1(configvrf)#ipvrfCustomer_BPE1(configvrf)#rd65000:2PE1(configvrf)#routetargetboth65000:2

PE2(config)#ipvrfCustomer_APE2(configvrf)#rd65000:1PE2(configvrf)#routetargetboth65000:1PE2(configvrf)#ipvrfCustomer_BPE2(configvrf)#rd65000:2PE2(configvrf)#routetargetboth65000:2

Thecommand routetargetboth isusedasashortcutforthetwocommands routetargetimport androutetargetexport ,whichappearseparatelyintherunningconfiguration.



NowweneedtoassigntheappropriateinterfacestoeachVRFandreapplytheirIPaddresses.(AssigninganinterfacetoaVRFautomaticallywipesitofanyconfiguredIPaddresses.YourversionofIOSmayormaynotinformyouofthiswhenithappens.)Thecommand showipvrfinterfaces canbeusedtoverifyinterfaceVRFassignmentandaddressing.

PE1(config)#interfacef0/0PE1(configif)#ipvrfforwardingCustomer_A%InterfaceFastEthernet0/0IPaddress10.0.1.1removedduetoenablingVRFCustomer_APE1(configif)#ipaddress10.0.1.1255.255.255.252PE1(configif)#interfacef0/1PE1(configif)#ipvrfforwardingCustomer_B%InterfaceFastEthernet0/1IPaddress10.0.1.5removedduetoenablingVRFCustomer_BPE1(configif)#ipaddress10.0.1.5255.255.255.252PE1(configif)#^ZPE1#showipvrfinterfacesInterfaceIPAddressVRFProtocolFa0/010.0.1.1Customer_AupFa0/110.0.1.5Customer_Bup

PE2(config)#interfacef0/0PE2(configif)#ipvrfforwardingCustomer_A%InterfaceFastEthernet0/0IPaddress10.0.2.1removedduetoenablingVRFCustomer_APE2(configif)#ipaddress10.0.2.1255.255.255.252PE2(configif)#interfacef0/1PE2(configif)#ipvrfforwardingCustomer_B%InterfaceFastEthernet0/1IPaddress10.0.2.5removedduetoenablingVRFCustomer_BPE2(configif)#ipaddress10.0.2.5255.255.255.252PE2(configif)#^ZPE2#showipvrfinterfacesInterfaceIPAddressVRFProtocolFa0/010.0.2.1Customer_AupFa0/110.0.2.5Customer_Bup

ConfigureMPBGPonthePERoutersThisiswherethingsstarttogetinteresting.InordertoadvertiseVRFroutesfromonePEroutertotheother,we must configure multiprotocol BGP (MPBGP). MPBGP is a little different from legacy BGP in that itsupportsmultipleaddressfamilies(e.g.IPv4andIPv6)overacommonBGPadjacency.Italsosupportstheadvertisement of VPN routes, which are longer than normal routes due to the addition of a 64bit routedistinguisher(whichweassignedunderVRFconfiguration).

MPBGPrunsonlyonthePErouters:ProutersrelyentirelyontheproviderIGPandMPLStoforwardtrafficthroughtheprovidernetwork,andCEroutershavenoknowledgeofroutesoutsidetheirownVRF.

MinimalMPBGPconfigurationisprettystraightforward.BothPEroutersexistinBGPAS65000.

PE1(config)#routerbgp65000PE1(configrouter)#neighbor10.0.0.4remoteas65000PE1(configrouter)#neighbor10.0.0.4updatesourceloopback0PE1(configrouter)#addressfamilyvpnv4PE1(configrouteraf)#neighbor10.0.0.4activate



PE2(config)#routerbgp65000PE2(configrouter)#neighbor10.0.0.3remoteas65000PE2(configrouter)#neighbor10.0.0.3updatesourceloopback0PE2(configrouter)#addressfamilyvpnv4PE2(configrouteraf)#neighbor10.0.0.3activate

Ifwe lookat the running configurationof theBGPprocessoneitherPE router,wenotice that abitmoreconfigurationthanweprovidedhasappeared:

PE1#showrunningconfig|sectionrouterbgprouterbgp65000nosynchronizationbgplogneighborchangesneighbor10.0.0.4remoteas65000neighbor10.0.0.4updatesourceLoopback0noautosummary!addressfamilyvpnv4neighbor10.0.0.4activateneighbor10.0.0.4sendcommunityextendedexitaddressfamily!addressfamilyipv4vrfCustomer_Bnosynchronizationexitaddressfamily!addressfamilyipv4vrfCustomer_Anosynchronizationexitaddressfamily

In addition to ourVPNv4 address family, address families for the two customerVRFs have been createdautomatically. Also, support for extended community strings has been added to the VPNv4 neighborconfiguration.

Verify that the MPBGP adjacency between PE1 and PE2 was formed successfully with the commandshowbgpvpnv4unicastallsummary :

PE1#showbgpvpnv4unicastallsummaryBGProuteridentifier10.0.0.3,localASnumber65000BGPtableversionis1,mainroutingtableversion1

NeighborVASMsgRcvdMsgSentTblVerInQOutQUp/DownState/PfxRcd10.0.0.4465000121210000:06:050

Currently,therearenoroutesintheBGPtable,becausewehavenotspecifiedanythingtobeadvertisedorredistributed,butwe'llgettothatafterthisnextstep.

ConfigurePECEOSPFWe just configuredMPBGP between the two PE routers. Now, let's configure an IGP between each PErouteranditsattachedCErouterstoexchangerouteswiththecustomersites.We'regoingtouseOSPFforthislab,butwecouldjustaseasilyuseanotherIGPlikeEIGRPorRIP.



Singlearea OSPF has already been configured on the CE routers all CE interfaces are in area 0.Remember that althoughwe're usingOSPFbetweeneachof theCE routers and its upstreamPE router,theseOSPFprocessesareisolatedfromtheproviderOSPFtopology.Theoverallroutingtopologywill looklikethis:

TheproviderOSPFprocesshasalreadybeenconfiguredonthePEroutersasprocess1.We'llconfigureanadditionalOSPFprocessforeachCErouteroneachPErouter.EachPErouterwill thenhavethreeOSPFprocesses total: one for the provider network, and one for each CE router.Whereas the provider OSPFprocess exists in the global routing table, the twoCEprocesseswill each be assigned to their respectivecustomerVRFs.

PE1(config)#routerospf2vrfCustomer_APE1(configrouter)#routerid10.0.1.1PE1(configrouter)#interfacef0/0PE1(configif)#ipospf2area0PE1(configif)#routerospf3vrfCustomer_BPE1(configrouter)#routerid10.0.1.5PE1(configrouter)#interfacef0/1PE1(configif)#ipospf3area0

PE2(config)#routerospf2vrfCustomer_APE2(configrouter)#routerid10.0.2.1PE2(configrouter)#interfacef0/0PE2(configif)#ipospf2area0PE2(configif)#routerospf3vrfCustomer_BPE2(configrouter)#routerid10.0.2.5PE2(configrouter)#interfacef0/1PE2(configif)#ipospf3area0



We should see each PE router form an OSPF adjacency with both of its attached CE routers, and thecustomerroutesshouldappearintheVRFtablesonthePErouters.

PE1#showiproutevrfCustomer_A

RoutingTable:Customer_A...

172.16.0.0/16isvariablysubnetted,2subnets,2masksO172.16.1.0/24[110/11]via10.0.1.2,00:04:21,FastEthernet0/0O172.16.0.1/32[110/11]via10.0.1.2,00:04:21,FastEthernet0/010.0.0.0/30issubnetted,1subnetsC10.0.1.0isdirectlyconnected,FastEthernet0/0PE1#showiproutevrfCustomer_B

RoutingTable:Customer_B...

172.17.0.0/16isvariablysubnetted,2subnets,2masksO172.17.1.0/24[110/11]via10.0.1.6,00:03:03,FastEthernet0/1O172.17.0.1/32[110/11]via10.0.1.6,00:03:04,FastEthernet0/110.0.0.0/30issubnetted,1subnetsC10.0.1.4isdirectlyconnected,FastEthernet0/1

ConfigureRouteRedistributionWe're almost done!WehaveourMPLSandMPBGPbackboneupand running, andourCE routers aresendingroutestoourPErouterswithintheirVRFs.ThelaststepistoglueeverythingtogetherbyturningonrouteredistributionfromthecustomersideOSPFprocessesintoMPBGPandviceversaonthePErouters.

Firstwe'llconfigureredistributionofCEroutesineachVRFintoMPBGP.ThisisdoneundertheBGPIPv4addressfamilyforeachVRF.

PE1(config)#routerbgp65000PE1(configrouter)#addressfamilyipv4vrfCustomer_APE1(configrouteraf)#redistributeospf2PE1(configrouteraf)#addressfamilyipv4vrfCustomer_BPE1(configrouteraf)#redistributeospf3

PE2(config)#routerbgp65000PE2(configrouter)#addressfamilyipv4vrfCustomer_APE2(configrouteraf)#redistributeospf2PE2(configrouteraf)#addressfamilyipv4vrfCustomer_BPE2(configrouteraf)#redistributeospf3

ThisenablesredistributionofOSPFroutesintoBGPfortransportacrosstheprovidernetworkbetweenthetwo sites. We can verify that the routes learned from the customer sites (the 172.16.0.0/16 and172.17.0.0/16networks)nowappearintheBGPtablesfortheirrespectiveVRFs.



PE1#showipbgpvpnv4vrfCustomer_A...

NetworkNextHopMetricLocPrfWeightPathRouteDistinguisher:65000:1(defaultforvrfCustomer_A)*>10.0.1.0/300.0.0.0032768?*>i10.0.2.0/3010.0.0.401000?*>172.16.0.1/3210.0.1.21132768?*>i172.16.0.2/3210.0.0.4111000?*>172.16.1.0/2410.0.1.21132768?*>i172.16.2.0/2410.0.0.4111000?PE1#showipbgpvpnv4vrfCustomer_B...

NetworkNextHopMetricLocPrfWeightPathRouteDistinguisher:65000:2(defaultforvrfCustomer_B)*>10.0.1.4/300.0.0.0032768?*>i10.0.2.4/3010.0.0.401000?*>172.17.0.1/3210.0.1.61132768?*>i172.17.0.2/3210.0.0.4111000?*>172.17.1.0/2410.0.1.61132768?*>i172.17.2.0/2410.0.0.4111000?

The laststep is tocomplete the redistribution in theoppositedirection: fromBGP into thecustomerOSPFprocesses.Ifyou'reaccustomedtorouteredistribution,there'snothingnewhere.(Wedon'thavetospecifyany VRF information in the redistribution statement because each customer OSPF process is alreadyassignedtoaVRF.)

PE1(config)#routerospf2PE1(configrouter)#redistributebgp65000subnetsPE1(configrouter)#routerospf3PE1(configrouter)#redistributebgp65000subnets

PE2(config)#routerospf2PE2(configrouter)#redistributebgp65000subnetsPE2(configrouter)#routerospf3PE2(configrouter)#redistributebgp65000subnets

TestingandConfirmationIfhasgonewell,weshouldnowhaveendtoendconnectivitybetweentheCErouterswithineachVRF.Bothroutersforeachcustomershouldnowhavecompleteroutingtables.HerearecustomerA'sroutes:

CE1A#showiproute...

172.16.0.0/16isvariablysubnetted,4subnets,2masksC172.16.1.0/24isdirectlyconnected,Loopback1C172.16.0.1/32isdirectlyconnected,Loopback0OIA172.16.2.0/24[110/21]via10.0.1.1,00:03:50,FastEthernet0/0OIA172.16.0.2/32[110/21]via10.0.1.1,00:03:50,FastEthernet0/010.0.0.0/30issubnetted,2subnetsOIA10.0.2.0[110/11]via10.0.1.1,00:03:50,FastEthernet0/0C10.0.1.0isdirectlyconnected,FastEthernet0/0



CE2A#showiproute...

172.16.0.0/16isvariablysubnetted,4subnets,2masksOIA172.16.1.0/24[110/21]via10.0.2.1,00:02:49,FastEthernet0/0OIA172.16.0.1/32[110/21]via10.0.2.1,00:02:49,FastEthernet0/0C172.16.2.0/24isdirectlyconnected,Loopback1C172.16.0.2/32isdirectlyconnected,Loopback010.0.0.0/30issubnetted,2subnetsC10.0.2.0isdirectlyconnected,FastEthernet0/0OIA10.0.1.0[110/11]via10.0.2.1,00:02:49,FastEthernet0/0

YoumaynoticethatOSPFroutessentbetweentwositesbelongingtothesamecustomerappearasinterarea routes. Remember that although OSPF area 0 is being used at both sites, each site exists as aseparatelinkstatetopologyconnectedbytheMPLSVPN.

WeshouldbeabletopingfromoneCEroutertotheother.(Rememberthatwedon'tneedtospecifyaVRFwhendoingsobecauseCEroutershavenoknowledgethatthey'reinaVRF.)

CE1A#ping172.16.0.2

Typeescapesequencetoabort.Sending5,100byteICMPEchosto172.16.0.2,timeoutis2seconds:!!!!!Successrateis100percent(5/5),roundtripmin/avg/max=12/21/32ms

We can perform a traceroute to verify the path taken as well as the MPLS labels used to traverse theprovidernetwork.

CE1A#traceroute172.16.0.2

Typeescapesequencetoabort.Tracingtherouteto172.16.0.2

110.0.1.14msec4msec8msec210.0.9.5[MPLS:Labels19/22Exp0]16msec12msec24msec310.0.9.2[MPLS:Labels19/22Exp0]24msec20msec16msec410.0.2.1[MPLS:Label22Exp0]20msec16msec24msec510.0.2.216msec*36msec

Here'sapacketcapture(/captures/traceroute_MPLS.cap)oftheabovetracerouteifyou'reinterestedinhowthe MPLS label information is returned. And again, here are the the finished router configurations(http://media.packetlife.net/media/blog/attachments/586/MPLS_VPN_configs.zip) ifyou'd liketoreplicatethelabyourself.

(ThankstoIvanPepelnjak(http://twitter.com/#!/ioshints)ofCiscoIOSHints(http://blog.ioshints.info/)helpingrevisethisarticle!)

AbouttheAuthor

http://media.packetlife.net/media/blog/attachments/586/MPLS_VPN_configs.ziphttp://packetlife.net/captures/traceroute_MPLS.caphttp://blog.ioshints.info/http://twitter.com/#!/ioshints



(/users/stretch/)

JeremyStretchisanetworkengineerlivingintheRaleighDurham,NorthCarolinaarea.HeisknownforhisblogandcheatsheetshereatPacketLife.Youcanreachhimbyemail(/contact/)orfollowhimonTwitter(http://twitter.com/packetlife).

PostedinMPLS(/blog/category/mpls/),VPN(/blog/category/vpn/)

(http://www.amazon.com/gp/prime/signup/videos?tag=packetlnet20)

Comments

Ace(guest)May16,2011at3:59a.m.UTC

Thanks...

Daniel(guest)(http://lostintransit.se/)May16,2011at6:14a.m.UTC

HiJeremy,

Goodpost.I'mhavingsomeproblemswiththissentence:

"WeneedtoassigneachVRFaroutedistinguisher(RD)touniquelyidentifyprefixesasbelongingtothatVRFandoneormoreroutetargets(RTs)tospecifyhowroutesshouldbeimportedtoandexportedfromtheVRF."

Thiscouldbeduetoenglishnotbeingmynativelanguagebutthissoundslikeyou'resayingthatRDdefinestheVPNandthisisnottrue.TheRDonlymakesprefixesuniquebutdoesnotinanywaydefinetheVPN,that'swhattheRTisfor.

I'msurprisedIvandidn'tcatchthisifhereadthearticle.Couldjustbeamisunderstandingfrommypartoryoushouldrewritethatsentence.

1111oneoneone(guest)May16,2011at7:31a.m.UTC

Anexcellentpost.ThanksJeremy.

Alain(/users/Alain/)May16,2011at8:53a.m.UTC

Stretch,Asalwaysthereisonlyonewordtodescribethispost:excellent!

Regards,Alain

http://lostintransit.se/http://packetlife.net/users/Alain/http://www.amazon.com/gp/prime/signup/videos?tag=packetlnet-20http://packetlife.net/contact/http://twitter.com/packetlifehttp://packetlife.net/blog/category/mpls/http://packetlife.net/users/stretch/http://packetlife.net/blog/category/vpn/



Trey(guest)May16,2011at1:12p.m.UTC

IfyoueverplantoimplementIPv6,itsmucheasiertoaddifyouuse"vrfdefinition"insteadof"ipvrf"

vrfdefinitionvrf2rd2:2!addressfamilyipv4routetargetexport2:2routetargetimport2:2exitaddressfamily

Trey

Rob(guest)May16,2011at2:09p.m.UTC

thanks

stretch(/users/stretch/)May16,2011at3:12p.m.UTC

@Daniel:

Itmustbealanguagebarrierthing.ItsimplymeansthattheRDisusedtomakeroutesunique(e.g.whencustomersuseoverlappingaddressspace).

Hussain(guest)May16,2011at5:20p.m.UTC

Manythanks!!

Bart(guest)May16,2011at6:30p.m.UTC

Yes,RDdoesnothingmorethanmaketheroutesuniquesothatBGPwilldistributethemcorrectly.

PeopleoftengetconfusedabouttheRDbecausenearlyallciscoexamplesIhaveseenusethesameRDonbothPErouters,givingpeoplethefalseimpressionthatthisisrequired.YoucanjustaseasilyuseoneRDperVRFperPE.ThatswhatIusuallydoinexamplesjusttoremindpeoplethatRTandRDaretwodifferentthings.

me_rahawan82(/users/me_rahawan82/)May17,2011at11:39a.m.UTC

ThanksJeremy,Myhero

reca(guest)May17,2011at6:23p.m.UTC

...andsometimesyouwanttouseonlyMPBGPanddonotcarryanyprefixesandthenyouadd"nobgpdefaultipv4unicast"underthe"routerbgp65001"context.

Thanxforthisshortandconcisepost.

http://packetlife.net/users/stretch/http://packetlife.net/users/me_rahawan82/



OmiPR(/users/OmiPR/)May17,2011at8:15p.m.UTC

ThanksStretch!IthelpedmealotforMPLSconfigunderstanding!

alpi(guest)(http://ba.linkedin.com/pub/alenpiplica/29/465/415)May17,2011at9:38p.m.UTC

Hi,ireadyouryourpostsalmousttwoyearsandimustsayTHANKYOU.Youarethebest.

regards,Alen

abulanov(/users/abulanov/)May18,2011at7:26a.m.UTC

UsingOSPFonPECEislimitedbyanumberofOSPFprocessesonPErouter.Thereareonly32.Thatmeansyoucannotconnectmorethan30uniqueCEtoonePE(http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a0080094704.shtml#q46)

ThatswhyOSPFisn'tthebestchoisefor

ISISisnotsupportedthereatall.

amitabha(/users/amitabha/)May19,2011at3:37a.m.UTC

THANKYOUforthepostman.HopeyouwilldiscussL2VPN(Martini&Kompella)soon....wearewaiting:)

yelfathi(guest)(http://twitter.com/#!/yelfathi)May19,2011at4:49p.m.UTC

Goodintroductioniwilladdtworemarks:

checkipcefbeforeenablingmplsbecausemplsneedsitcreatededicatedloopbacksandforcethemplsrouteridtothem

Thoseavoidyoufrompotentialproblemsyouwillseeaftermorepractices:)

kammu(/users/kammu/)May22,2011at2:54p.m.UTC

thankyousomuchJeremy..Itisanexcellentintroductoryconfigtounderstandbasicsofmpls.Youaregreat..!

Selasi(guest)June20,2011at7:07p.m.UTC

ThanksJeremy.Thisexamplehasreallyhelpedmeunderstandtheconceptevenfurther.WritingBGP+MPLSin3weeks.Wishmewell!

USvpn(guest)October6,2011at6:07a.m.UTC

Yournetworktopologylooksgreat.Thankyouforsharingthis.

http://packetlife.net/users/kammu/http://packetlife.net/users/abulanov/http://ba.linkedin.com/pub/alen-piplica/29/465/415http://packetlife.net/users/amitabha/http://packetlife.net/users/OmiPR/http://twitter.com/#!/yelfathi



AguestNovember4,2011at2:35p.m.UTC

greatpostJeremy,

butmydoubtishowcanIimprovetheusingMPLSVPNs,IamBrazilianandmyCBTisonthisissue,andI'mstill"raw"regardingtheissue,Iwouldlikeyourhelp.

waleed143(/users/waleed143/)January13,2012at6:48p.m.UTC

dearJeremyStretchThanksforyourawesomescenario.but1thingismissing,iwasworkingonthistopologyfor4to5hoursbutmyVRFsiteswasnotabletocommunicatewitheachotherandyousaidonthisscenariothat

neighbor10.0.0.4sendcommunityextendedwillgenerateautomatically,butididn't,thenicontactedwithmyfriendhetoldthatputthatcommandmanuallythenitworked.

Sastrt(guest)January24,2012at8:04p.m.UTC

Simplysupub!!!Thanksforyourpost...

pswolfwind(/users/pswolfwind/)March3,2012at3:47a.m.UTC

hiwaleed143,thismaybeaissueinregardstotheiosversion,butismustbeconfigured.Anotherquestionaboutthiscommandismypracticelabbookstatedthatitmustbeconfiguredtosendcommunityboth.What'sthedifference?

aki(guest)April19,2012at5:15p.m.UTC

youareawesomejeremy!!!!!!thanksforbeinalifesaver

Karthik(guest)May5,2012at9:11p.m.UTC

HiJeremy,

Thanksforthepost.ItisagreatuseforMPLSbeginnerslikeme.

Onesmallquery.YouhadmentionedthatanIGPneedstorunatcore(thatis,betweenPEroutersandProutersOSPFmostly).ThisisneededforPErouterstobelievethatIGPconnectivityisavailableandtheycanproceedwithexchangingtheprefixes.

Butinconfigurationyouhavenotconfiguredthat.IdounderstandthatitisresponsiblityoftheserviceprovidersinreallifetoconfiguretheIGPsatthecore.

http://packetlife.net/users/pswolfwind/http://packetlife.net/users/waleed143/



However,fortheaboveexampleconfiguration,canyoupleaseconfirmthatwemustconfiguretheIGP(preferrablyOSPF)atthecoreincasefortheaboveconfigurationtowork.

Pleaseguide.Thanksagainforyourwonderfulpieceofwork.

jh0n(guest)September5,2012at6:38a.m.UTC

Hi,Jeremy

thisisthesecondtimeIreadyourarticleandallofyourinstructionworkreallywell!!BigthankstoyouJeremy.

forPEProuter,youmustenabletheIGP(inyourcaseandmycaseisOSPF)tobeabletoadvertisetheLDPthoughallthePandPErouterbyexecutingsomecommands.

routerospf8mplsldpsyncmplsldpautoconfigarea0routerid10.28.1.111logadjacencychangesarea0authenticationnetwork10.0.0.00.255.255.255area0

Clikc(guest)October19,2012at7:24p.m.UTC

Heyman,thanksforthisgreattutorial,beenbangingmyheadtoreallyfindoutwhatexactlygoesoninthe"cloud"

Anonymous(guest)November18,2012at3:07p.m.UTC

Excellenttutorial!!!

imranjan(/users/imranjan/)December4,2012at7:52a.m.UTC

HiStretch,

Thankyoufortheforumwithsomuchinformationalmaterialandthesehelpfularticles.

Iwastryingtopracticethesameconceptwithsomeothertopologyandhadfacedoneissuewhichiamfacingwiththisoneaswell.

NowIconfiguredthislabasyouexplainedindetailedbutstillthesameissuethatis,iamgettingroutesfromtheothersitebutiamnotabletopingthatnetwork/othersite.

Iverifiedtheconfigsomanytimes.Routingtablesandconfigallareasyoumentionedeventheniamnotabletoreachtheothersite.

Whatcanbethepossiblereason

Regards/Imran

http://packetlife.net/users/imranjan/



Stevec(guest)December13,2012at2:03p.m.UTC

Shouldn'tthefinaltraceroutebeperformedfromPE1andnotCE1A,CE1Awon'tseetheMPLSlables.

lsantiago77(guest)(http://luichisantiago.blogspot/)January25,2013at9:56p.m.UTC

excellentpoststretch,justpurelyexcellent

nandanandan(guest)February1,2013at12:04p.m.UTC

Hi,

Thisisreallyanicelab.HelpedmeprettymuchinlearningPECEtopology.

Thanks

Bruce(guest)February23,2013at11:48p.m.UTC

Couldyoupleaseexplainwhythetracerouteoutputshowthefollowingoutput.

410.0.2.1[MPLS:Label22Exp0]20msec16msec24msec

Whywecan'tseethefollowingoutputinsteadtheoneabove?

410.0.9.10[MPLS:Label?Exp0]20msec16msec24msec

Victor(guest)March11,2013at1:42p.m.UTC

CanyoupleasedoashowmplsinformationtablesowecanseetheactionforthattheLSRisgoingtotakewhenitforwardsthepacketdowntheLSP?

Thanks.

charles(guest)March21,2013at7:35p.m.UTC

youbrokeitdowninitssimplestterms.ThankyouJeremy

Heresy

rogue(guest)April19,2013at6:25a.m.UTC

God.JustGod=)

AguestApril26,2013at8:48a.m.UTC

verynice

http://luichisantiago.blogspot/



Bob(guest)April30,2013at2:23p.m.UTC

ivegonethroughthislabwhichiswikid.

ButimhavingissuesCE1Acantping172.16.0.2likeinthetutorial.Imseeingalltherouteswhenidoashowipbgpvpnv4vrfCustomer_A&forBbutstillnothing.ImverynewonMPLSandIwouldliketotakeittothenextlevel.Anyhelpwouldbeamazing.

Thanks

AguestApril30,2013at6:01p.m.UTC

Thankyouverymuch.ItstrugglesmewhilelookingtotheCiscomanual

Fez(guest)July25,2013at11:56p.m.UTC

thanksmate..veryuseful!!

Mike(guest)August10,2013at10:07p.m.UTC

Bobihaveananswertoyouandtoanyonewhocan'treplicatethistopologywithsuccessfulpingbetweensites.

%BGP4VPNV4NH_MASK:Nexthop[IP_address]maynotbereachablefromneigbor[IP_address]not/32mask

ExplanationAVPNv4routeisbeingsenttotheIBGPneighbor.Theaddressofthenexthopisaloopbackinterfacethatdoesnothavea/32maskdefined.OSPFisbeingusedonthisloopbackinterface,andtheOSPFnetworktypeofthisinterfaceisLOOPBACK.OSPFadvertisesthisIPaddressasahostroute(withmask/32),regardlessofwhatmaskisconfigured.ThisadvertisingconflictswithTDP,whichusesconfiguredmasks,sotheTDPneighborsmaynotreceiveatagfortherouteindicatedinthiserrormessage.ThisconditioncouldbreakconnectivitybetweensitesthatbelongtothesameVPN.RecommendedActionConfiguretheloopbackthatisbeingusedasthenexthoploopbacktousea32bitnetworkmask(/32),orsetthenetworktypetopointtopointbyenteringtheipospfnetworkpointtopointcommand.Theexplanationisquitesimple:OSPFannouncedtheloopbackIPaddressesashostroutes(/32).LDPwasexpectingtofinda/24addressattheroutingtable.Sinceitcouldntfindit,itdidntadvertisealabelforthisFEC!!

kari(/users/kari/)October31,2013at3:58p.m.UTC

howcaniusetheseconfigfilesingns3?

Mat(guest)(http://cisqueros.blogspot.com/)December27,2013at9:51a.m.UTC

Nicepost,thanks!LikeabriefinstructionsforISPs:)

muhammadkhan(guest)

http://packetlife.net/users/kari/http://cisqueros.blogspot.com/



December31,2013at2:06p.m.UTCCan'tthankyouthatmuchthatyoudeserve.Topone,Jeremy...

Rod(guest)January1,2014at9:14p.m.UTC

Thanks!!!

Ahmad(guest)January6,2014at8:45p.m.UTC

Thanks)

Kara(guest)February14,2014at2:37p.m.UTC

Tnxman,ithelpedmealot!!!!

Cheers!

DavidMitchell(guest)March27,2014at2:00p.m.UTC

ThanksforagreatwriteuponMPLSVPN.IreadyourVRFandMPLSguidesfirstandtheytooareverywellwrittenandeasytounderstand.

Thanksagain,

Mitchell

CaesarLouis(guest)March31,2014at11:44p.m.UTC

thankyou

mpjassal(/users/mpjassal/)July6,2014at9:23p.m.UTC

whatifihavefourPErotersthenhowsmyconfigurationwillbeeffectedcomparetothisone...?

Amit(guest)(http://www.cisco.com/c/en/us/td/docs/iosxml/ios/mp_l3_vpns/configuration/15mt/mpl3vpns15mtbook/mpvpnsupporteigrpbetwpece.html#GUID9B532DAFCAC14C5D8382C21395512D18)

August11,2014at5:22p.m.UTCHithere,needhelp.IhavecreatedtheMPLStopologywithEIGRP...it'sallworking.YourarticleisgreatandIdidallconfigstill""showbgpvpnv4unicastallsummary"andallworkinggreat.HoweverIdon'tknowbutOSPFisjustnotworkingandhenceIneedtoconnectCEusingEIGRP..CanyoupleasewithconfigurationrequiredatCEandPEwithEIGRP...IdidvisitcisolinksforEIGRPconfigsonPEandCEbutIamdoingsomethingwrong.....canyoupleasehelp!!

Dalip(guest)September11,2014at10:34a.m.UTC

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/15-mt/mp-l3-vpns-15-mt-book/mp-vpn-support-eigrp-betw-pe-ce.html#GUID-9B532DAF-CAC1-4C5D-8382-C21395512D18http://packetlife.net/users/mpjassal/



LeaveaComment

Howwecreatel3mplsvpnforcustomershavingmorethantwosites?DoweneedtocreateseparatepointtopointpathsbydefininganewvrfatPErouter?

Jawwad(guest)September23,2014at8:53p.m.UTC

Greatexplaination!Makesodifficultthingsoeasiertounderstand

tarakgupta(/users/tarakgupta/)November11,2014at5:34p.m.UTC

GreatThankyou

freealx(guest)(http://blog.ine.com/2010/04/08/ashamlinkreallyyesanditsnotusedforphishing/)January15,2015at6:00p.m.UTC

Hi,veryniceorderedexplanationgreatwork!Oneproposition.IntheendofthearticleyouarepointingontheinterareatypeoftheOSPFroutes.Probablythat'sthebestplacetomakesomereferencetotheOSPFshamlink...Greets!

deadman(guest)January23,2015at8:12p.m.UTC

excellent

praveen(guest)January28,2015at10:24a.m.UTC

IsitpossibletouserealinterfaceinsteadofusingloopbackinterfaceinMPBGPconfiuration?

Ashish(guest)February2,2015at2:43p.m.UTC

Anicepost...

JaviL(guest)February13,2015at12:39p.m.UTC

Verynicepost,ididlearnalotwiththislabongns3.

Guestname

Guestname

Guestemail

Guestemail

Optionalwillnotbedisplayedpubliclyorgivenout.

GuestURL

GuestURL

http://packetlife.net/users/tarakgupta/http://blog.ine.com/2010/04/08/a-sham-link-really-yes-and-its-not-used-for-phishing/



Home(/) | Blog(/blog/) | CheatSheets(/library/cheatsheets/) | Captures(/captures/) |Armory(/armory/) | Toolbox(/toolbox/) | Bookshelf(/bookshelf/) | ContactMe(/contact/) |

About(/about/)

Morecoolstuffnetworkingforum.com(http://networkingforum.com/) | r/Networking(http://www.reddit.com/r/networking/) |

Internetworkpro(http://inetpro.org/wiki/) | firewall.cx(http://firewall.cx/) |NetworkEngineering@StackExchange(http://networkengineering.stackexchange.com/)

Save Preview

GuestURL

Nocommerciallinks.Onlypersonal(e.g.blog,Twitter,orLinkedIn)and/orontopiclinks,please.

Comment

Comment

ChallengeHowmanybytesinlengthisaUDPheader?

Challenge

http://packetlife.net/library/cheat-sheets/http://packetlife.net/toolbox/http://inetpro.org/wiki/http://networkengineering.stackexchange.com/http://firewall.cx/http://www.reddit.com/r/networking/http://packetlife.net/bookshelf/http://packetlife.net/armory/http://packetlife.net/blog/http://packetlife.net/contact/http://networking-forum.com/http://packetlife.net/http://packetlife.net/captures/http://packetlife.net/about/

4.3 Creating an MdwaPLS VPN - PacketLife

Documents

Transcript of 4.3 Creating an MdwaPLS VPN - PacketLife