Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out...
Transcript of Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out...
![Page 1: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/1.jpg)
Vinit Jain, CCIE Security, Data Center, SP, and R&S
September 15, 2015
Configuring and Troubleshooting MPLS VPN
Cisco Support Community
Expert Series Webcast
![Page 2: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/2.jpg)
Switch and IOS Architecture and Unexpected Reboots
on all Cisco Catalyst Switches with Ivan Shirshin and
Naveen Venkateshaia.
September 21 – October 2
Ask the Expert Events
Join the discussion for these Ask The Expert Events:
http://bit.ly/events-webinar
Implementing and Troubleshooting VSS on Catalyst
6500 and 4500 with Inayathulla Shariff and Suresh
Vs.
Now through September 18
![Page 3: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/3.jpg)
T.
Next Webcast
Register for this event at
http://bit.ly/octwebcast-reg
Cisco Data Center Overlays with
Focus on VXLAN. With Vishal
Mehta and Pranav Doshi
Tuesday October 20th, 10:00 AM PDT
![Page 4: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/4.jpg)
https://supportforums.cisco.com/expert-corner/top-contributors
Participate in Live
Interactive
Technical Events
and much more
http://bit.ly/1jlI93B
Become an Event Top Contributor
![Page 5: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/5.jpg)
Rate Content Now your ratings on documents, videos, and blogs count give points to the authors!!!
So, when you contribute and receive ratings you now get the points in your profile.
Help us to recognize the quality content in the community and make your searches easier. Rate content in the community.
https://supportforums.cisco.com/blog/154746
Encourage and acknowledge
people who generously share
their time and expertise
![Page 6: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/6.jpg)
Cisco Support Community Expert Series Webcast
Vinit Jain CCIE Security, Data Center SP and R&S
#22854
![Page 7: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/7.jpg)
Meet Your Question Managers
Mohammed Jameel
Brian Dunn
![Page 8: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/8.jpg)
If you would like a copy of the presentation slides, click the PDF file link in the chat box on the right or go to:
https://supportforums.cisco.com/document/12605756/webcast-slides-configuring-and-troubleshooting-mpls-vpn
Thank You For Joining Us Today!
![Page 9: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/9.jpg)
Now through September 25
Ask the Expert Event following the Webcast
Join the discussion for these Ask The Expert Events:
http://bit.ly/events-webinar
https://supportforums.cisco.com/discussion/12604306/ask-
expert-configuring-and-troubleshooting-mpls-vpn
![Page 10: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/10.jpg)
Submit Your Questions Now! Use the Q & A panel to submit your questions
and the panel of experts will respond.
Please take a moment to
complete the survey at
the end of the webcast
![Page 11: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/11.jpg)
Vinit Jain, CCIE Security, Data Center SP, and R&S
September 15, 2015
Configuring and Troubleshooting MPLS VPN
Cisco Support Community
Expert Series Webcast
![Page 12: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/12.jpg)
• Introduction to MPLS VPN
• MPLS VPN Overview
• Terminologies
• Understanding MPLS VPN Control Plane and Data Plane
• Basic MPLS VPN Configuration
• Live Troubleshooting Demo
Agenda
![Page 13: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/13.jpg)
Why do we need MPLS?
A. BGP free core
B. Scalability
C. Increased Performance
D. All of the above
E. None of the above
Polling Question 1
![Page 14: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/14.jpg)
Overlay VPN Scenarios
Internet
Customer
802.1q
VLANs
Hosted
Content
Services
Branch Office
Head Office VPN
Concentration Point NAS ISDN
POTS
On-Net
Dial-in
Users
DSL Branch/Home
Office
Off-Net Dial-
in Users
![Page 15: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/15.jpg)
15
Provider Edge
(PE) Device
Provider Edge
(PE) Device
L2/L3 Virtual Circuit
CPE (CE)
Device
CPE (CE)
Device
Layer-3 Routing Adjacency
How to Size, or
provide, Inter-Site
Circuit Capacity?
Full Circuit Mesh
Requirement for
Optimal Routing
Layer-3 CPE
Routing Adjacencies
between Sites
Duplicate IP Addressing Capability
Complete Isolation Between Customers
Secure VPN Service
Overlay VPN Model
![Page 16: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/16.jpg)
16
Peer to Peer based VPN Scenarios
Internet
Customer
802.1q
VLANs
Hosted
Content
Services
Branch Office
Head Office VPN
Concentration Point NAS ISDN
POTS
On-Net
Dial-in
Users
DSL Branch/Home
Office
Off-Net Dial-
in Users
VPN
Client
A
![Page 17: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/17.jpg)
17
Provider Edge
(PE) Device
Provider Edge
(PE) Device
CPE (CE)
Device
CPE (CE)
Device
Layer-3 Routing Adjacency
Peer to Peer IP-VPN Model
All VPN Routes
Carried in SP IGP
Duplicate IP
Addressing Is
Not an Option
Complex Filters or
Dedicated Devices
Routing between Sites Is Optimal
Circuit Sizing between Sites No Longer Such an Issue
Simple Routing Scheme for Customers
![Page 18: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/18.jpg)
18
PE Router PE Router
MPLS Backbone
CPE (CE)
Device
CPE (CE)
Device
Combined Benefits of Overlay and Peer-to-Peer VPN Models
RFC 2547 / 4364 MPLS VPN Model
Routing between Sites Is Optimal
Duplicate IP Addressing
Capability
Secure Service
PE Routers Hold Only Relevant VPN Routes
Complete Isolation between Customers
No Complex Filters or Dedicated Routers
P Router
![Page 19: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/19.jpg)
• Combine benefits of overlay and network models in a scalable manner
- Overlay (security and isolation between customers)
- Network (simplified customer routing)
• PE routers only hold routes for attached VPNs
- Reduces size of PE routing information
- Proportional to number of VPNs attached
• MPLS used to forward packets (not routing)
- Full routing within backbone no longer required
MPLS VPN Overview MPLS VPN Overview
![Page 20: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/20.jpg)
Benefits
• Operating Efficiencies – Any to Any routing between sites
• Flexibility & Scalability – Easy to add or move sites.
• Lower cost
• Security
• QoS
Benefits
![Page 21: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/21.jpg)
Terminologies
MPLS VPN
![Page 22: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/22.jpg)
• Virtual Routing and Forwarding (VRF)
• Route Distinguisher (RD)
• Route Target (RT)
• Multi-Protocol BGP (MP-BGP)
Terminologies
![Page 23: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/23.jpg)
23
• VRF can be thought of as a virtual router with the following structures:
- rules to control import/export of routes from/into the VPN routing table
- set of routing protocols/peers which inject information into the VPN routing table (including static routing)
- forwarding table based on CEF
VPN Routing and Forwarding Instance (VRF)
![Page 24: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/24.jpg)
PE
CE
VPN-A
VPN-A
CE VPN-B
CE
Multiple Routing and Forwarding Instances (VRFs)
Provide the Separation
IGP/BGP
VPN Routing and Forwarding Instance (VRF)
VPN Routing
Table
Global Routing
Table
VRF for VPN-B
VRF for VPN-A
![Page 25: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/25.jpg)
RIP BGP EIGRP PE to CE
Routing
Processes
Routing
Contexts
VRF Routing Tables
VRF Forwarding
Tables
VRF and Multiple Routing Instances
• Routing processes run within specific routing contexts
• Populate specific VPN routing table and FIBs (VRF)
• PE-CE Protocols – BGP, OSPF, EIGRP, RIP, Static, (ISIS only on IOS)
![Page 26: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/26.jpg)
Can we use VRF without MPLS VPN scenario?
A. No
B. Yes
Polling Question 2
![Page 27: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/27.jpg)
Route Distinguisher
• Uniqueness of IPv4 prefix achieved through the use of a Route Distinguisher
- RD (64 bits) identifier
- creates a VPN-V4 Prefix = RD + IPv4 Prefix (96 bits)
- RD Format:
- ASN:NN
- IP_ADDR:NN
![Page 28: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/28.jpg)
Route Target
• Identification of route placement achieved through use of BGP Extended Community Attribute – Route Target
• Used to identify the set of sites to which a particular route should be exported to
• Do not confuse RT with RD
- Both values can be different
![Page 29: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/29.jpg)
Multi-protocol BGP (MP-BGP)
• Multi-protocol BGP (MP-BGP) defined in RFC 2283
• Provides the ability for BGP to carry routing information other than IPv4
- Through the use of Address Families
• VPN-V4 Address-Family Defined
- For use with MPLS VPN Architecture
- AFI=1, Sub-AFI=128
![Page 30: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/30.jpg)
Understanding MPLS VPN Control Plane
MPLS VPN
![Page 31: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/31.jpg)
31
Distribution of Local VRF Routes
MP-BGP
VRF VPN-A
VPN-A VPN-A
VRF VPN-A
• PE routers distribute local VPN information across the MPLS VPN backbone
- Through the use of MP-BGP & redistribution from VRF;
- Receiving PE imports routes into attached VRFs
![Page 32: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/32.jpg)
VRF Population of MP-BGP
MP-BGP
VPN-A VPN-A
ip vrf VPN-A
rd 1:27
route-target export 1:231
• PE routers translate into VPN-V4 route Assign a RD and RT based on configuration
Re-write Next-Hop attribute (to PE loopback)
Assign a label based on VRF and/or interface
Send MP-BGP update to all PE neighbors
BGP, OSPF, RIPv2 192.168.2.0/24,NH=CE-1
192.168.2.0/24 CE-1 PE-1 PE-2 CE-2
VPN-v4 update: RD:1:27:192.168.2.0/24,
NH=PE-1 RT=1:231, Label=(28)
![Page 33: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/33.jpg)
MP-BGP Update Contents
• VPN-V4 address
Route Distinguisher (64 bits)
Makes the IPv4 route globally unique
RD is configured in the PE for each VRF
IPv4 address (32bits)
• Extended Community attribute (64 bits)
Route-target (RT): identifies the set of sites the
route has to be advertised to
![Page 34: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/34.jpg)
MP-BGP Update Contents
• Any other standard BGP attribute
- Local Preference
- MED
- Next-hop
- AS_PATH
- Standard Community
- A Label identifying:
- The outgoing interface or VRF where a lookup has to be performed (Aggregate / connected)
![Page 35: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/35.jpg)
MP-BGP Update Processing
• Receiving PE routers translate to IPv4 prefix
Inserts the route into the relevant VRFs identified by the RT
attribute
• The label associated to the VPN-V4 address will be set on packets forwarded towards the destination
MP-BGP
VPN-A VPN-A
ip vrf VPN-A
rd 1:27
route-target import 1:231
192.168.2.0/24 CE-1 PE-1 PE-2 CE-2
VPN-v4 update: RD:1:27:192.168.2.0/24,
NH=PE-1 RT=1:231, Label=(28)
VPN-v4 update is translated into IPv4 address and put into VRF VPN-A as RT=1:231matches import statement. Optionally advertised to CE-2
![Page 36: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/36.jpg)
Which protocols have Labeling capabilities?
A. LDP
B. BGP
C. OSPF / ISIS
D. A & B
E. A & C
Polling Question 3
![Page 37: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/37.jpg)
Understanding MPLS VPN Data Plane
MPLS VPN
![Page 38: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/38.jpg)
LDP & MP-BGP Label Distribution
• PE and P routers have BGP next-hop reachability through the backbone IGP
• Labels are distributed through LDP corresponding to BGP Next-Hops & through MP-BGP for VPN routes
PE-1 PE-2 P-1
1.1.1.1 Use label implicit-null for
destination 1.1.1.1/32 Use label 41 for destination
1.1.1.1/32
In Label FEC Out Label
- 1.1.1.1/32 - In Label FEC Out Label
41 1.1.1.1/32 POP
In Label FEC Out Label
- 1.1.1.1/32 41
VPN-v4 update: RD:1:27:192.168.2.0/24,
NH=1.1.1.1 RT=1:231, Label=(28)
192.168.2.0/24
![Page 39: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/39.jpg)
Ingress PE Label Imposition
VPN-A VPN-A
192.168.2.0/24
CE-1
PE-1 PE-2
CE-2
VPN-A FIB 192.168.2.0/24,
Label Stack {41 28}
192.168.2.2
P-1
• Ingress PE receives normal IP packets
• PE router performs IP Longest Match from VPN FIB, finds iBGP next-hop and imposes a stack of labels <IGP, VPN>
192.168.2.2 28 41
![Page 40: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/40.jpg)
MPLS VPN Forwarding
VPN-A VPN-A 192.168.2.0/24
CE-1
PE-1 PE-2
CE-2
VPN-A FIB 192.168.2.0/24,
Label Stack {41 28}
P-1 P-1 LFIB
192.168.2.0/24 In label {41}
Out label {implicit-null}
192.168.2.2 28
PE-1 LFIB 192.168.2.0/24 (V)
In label {28}
192.168.2.2
• Penultimate PE router removes the IGP label
• Egress PE router uses the VPN label to select which CE to forward the packet
• VPN label is removed and the packet is routed toward the VPN site using the relevant VRF
![Page 41: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/41.jpg)
MPLS VPN
Configuration
![Page 42: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/42.jpg)
ip vrf ABC
rd 1:1
route-target import 1:1
route-target export 1:1
route-target import 2:2
vrf definition ABC
rd 1:1
address-family ipv4 unicast
route-target import 1:1
route-target export 1:1
route-target import 2:2
address-family ipv6 unicast
. . .
Defining VRF
![Page 43: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/43.jpg)
Assigning VRF Interfaces
interface Gig0/1
ip vrf forwarding ABC
ip address 192.168.10.1 255.255.255.252
interface Gig0/1
vrf forwarding ABC
ip address 192.168.10.1 255.255.255.252
![Page 44: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/44.jpg)
MP-BGP Configuration router bgp 100
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source loopback0
address-family vpnv4 unicast
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community [extended | both]
address-family ipv4 vrf ABC
neighbor 192.168.10.2 remote-as 65535
neighbor 192.168.10.2 activate
exit-address-family
![Page 45: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/45.jpg)
CONFIGURATION DEMO
MPLS VPN
![Page 46: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/46.jpg)
Lab Topology
AS 100
PE1 P-1 PE2
CE1 CE2
CE3 CE4
AS-65001
AS-65535 AS-65000
AS-65001
VPN - ABC VPN - ABC
VPN - XYZ VPN - XYZ
![Page 47: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/47.jpg)
TROUBLESHOOTING DEMO
MPLS VPN
![Page 48: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/48.jpg)
Resources
![Page 49: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/49.jpg)
Resources
• RFC 4364
- https://tools.ietf.org/html/rfc4364
• CCO Documentation
- http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/15-mt/mp-l3-vpns-15-mt-book/mp-cfg-layer3-vpn.html
- http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/13733-mpls-vpn-basic.html
• CSC Blog post on Troubleshooting MPLS VPN
- https://supportforums.cisco.com/blog/12599296/configuring-and-troubleshooting-basic-mpls-layer3-vpn
![Page 50: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/50.jpg)
Submit Your Questions Now! Use the Q & A panel to submit your questions and our expert will respond
![Page 51: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/51.jpg)
Collaborate within our Social Media
Facebook- http://bit.ly/csc-facebook
Twitter- http://bit.ly/csc-twitter
You Tube http://bit.ly/csc-youtube
Google+ http://bit.ly/csc-googleplus
LinkedIn http://bit.ly/csc-linked-in
Instgram http://bit.ly/csc-instagram
Newsletter Subscription http://bit.ly/csc-newsletter
Learn About Upcoming Events
![Page 52: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/52.jpg)
Cisco has support communities in other languages!
Spanish https://supportforums.cisco.com/community/spanish
Portuguese https://supportforums.cisco.com/community/portuguese
Japanese https://supportforums.cisco.com/community/csc-japan
Russian https://supportforums.cisco.com/community/russian
Chinese http://www.csc-china.com.cn
If you speak Spanish, Portuguese,
Japanese, Russian or Chinese we invite you
to participate and collaborate in your
language
![Page 53: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/53.jpg)
More IT Training Videos and Technical Seminars on the Cisco Learning Network
View Upcoming Sessions Schedule
https://cisco.com/go/techseminars
![Page 54: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/54.jpg)
Please take a moment to complete the survey
Thank you for Your Time!
![Page 55: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/55.jpg)
Thank you for participating!
. Redeem your 35% discount offer by entering code: CSC when checking out:
Visit Cisco Press at:
Cisco Press
http://bit.ly/csc-ciscopress-sept
![Page 56: Cisco Support Community Expert Series Webcast Configuring ......192.168.2.0/24 In label {41} Out label {implicit-null} 28 192.168.2.2 PE-1 LFIB 192.168.2.0/24 (V) In label {28} 192.168.2.2](https://reader033.fdocuments.in/reader033/viewer/2022041914/5e68e8077c596712c70d0d2a/html5/thumbnails/56.jpg)