Guia de laboratorio Avanzado HP NetworkingLab Guide Advanced Enterprise Networking
description
Transcript of Guia de laboratorio Avanzado HP NetworkingLab Guide Advanced Enterprise Networking
-
Advanced Enterprise Networking Technical Labs
- 1 -
Lab1: Layer 3 Switching
LAB1: LAYER 3 SWITCHING ........................................................................................................... - 1 -1.1 OVERVIEW .................................................................................................................................................................................... - 1 -1.2 NETWORKING DIAGRAM ............................................................................................................................................................... - 2 -1.3 IP ADDRESSING SCHEME............................................................................................................................................................... - 3 -1.4 EQUIPMENT .................................................................................................................................................................................. - 4 -1.5 LAB PURPOSE ................................................................................................................................................................................ - 5 -1.6 PROCEDURES ................................................................................................................................................................................ - 5 -
Mission1 Configure basic IP configuration on the Chassis Switches ...................................................................................... - 5 -Mission2 Configure VLANs and OSPF on the Chassis Switches ............................................................................................. - 6 -Mission3 Configure Access Switches ....................................................................................................................................... - 9 -Mission4 Configure VRRP ...................................................................................................................................................... - 11 -Mission5 Types of VLANs ...................................................................................................................................................... - 12 -Mission6 Prep for Network Management .............................................................................................................................. - 13 -
1.1 Overview In this lab exercise, you will: Configure Layer 3 connectivity on all chassis and Access Switches Understand the basic operation of Layer 3 and Comware
-
Advanced Enterprise Networking Technical Labs
- 2 -
1.2 Networking Diagram
Figure 1-1
Figure 1-2
-
Advanced Enterprise Networking Technical Labs
- 3 -
1.3 IP Addressing Scheme
Device Interface IP Address
POD#1 Chassis #1 Loopback 0 1.1.1.1/32
Vlan 99 10.10.1.1/24 Vlan 31 10.10.31.1/24 Vlan 10 10.1.10.1/24 Vlan 11 10.1.11.1/24
Chassis #2 Loopback 0 1.1.1.2/32 Vlan 99 10.10.1.2/24 Vlan 12 10.10.12.2/24 Vlan 10 10.1.10.2/24 Vlan 11 10.1.11.2/24
58x0 #1 Vlan 10 10.1.10.10/24 58x0 #2 Vlan 10 10.1.10.11/24
PC 1 Plugged into VLAN x 10.1.x.100/24 Gateway 10.1.x.254 PC 2 Plugged into VLAN x 10.1.x.101/24 Gateway 10.1.x.254
IMC Server Plugged into VLAN 10 10.1.10.200 POD#2
Chassis #1 Loopback 0 2.2.2.1/32 Vlan 99 10.10.2.1/24 Vlan 12 10.10.12.1/24 Vlan 10 10.2.10.1/24 Vlan 11 10.2.11.1/24
Chassis #2 Loopback 0 2.2.2.2/32 Vlan 99 10.10.2.2/24 Vlan 23 10.10.23.2/24 Vlan 10 10.2.10.2/24 Vlan 11 10.2.11.2/24
58x0 #1 Vlan 10 10.2.10.10/24 58x0 #2 Vlan 10 10.2.10.11/24
PC 1 Plugged into VLAN x 10.2.x.100/24 Gateway 10.2.x.254 PC 2 Plugged into VLAN x 10.2.x.101/24 Gateway 10.2.x.254
IMC Server Plugged into VLAN 10 10.2.10.200 POD#3
Chassis #1 Loopback 0 3.3.3.1/32 Vlan 99 10.10.3.1/24 Vlan 23 10.10.23.1/24 Vlan 10 10.3.10.1/24 Vlan 11 10.3.11.1/24
Chassis #2 Loopback 0 3.3.3.2/32 Vlan 99 10.10.3.2/24 Vlan 31 10.10.31.2/24 Vlan 10 10.3.10.2/24 Vlan 11 10.3.11.2/24
58x0 #1 Vlan 10 10.3.10.10/24 58x0 #2 Vlan 10 10.3.10.11/24
PC 1 Plugged into VLAN x 10.3.x.100/24 Gateway 10.3.x.254 PC 2 Plugged into VLAN x 10.3.x.101/24 Gateway 10.3.x.254
IMC Server Plugged into VLAN 10 10.3.10.200
-
Advanced Enterprise Networking Technical Labs
- 4 -
1.4 Equipment
Version No. Description
S750xE 5.20 E6605P01 2 At least 3 slot chassis
S9500E 5.20 R1230 2 At Least 5 Slot Chassis
S12508E 5.20 R1230 2 At Least 8 Slot Chassis
SD, EB or LEC Modules 3 any MPLS capable
module
S5800/S5820x 5.20 R11109P01 2 Requirement is ability to
build IRF 2 stack
Client 2 Client for test
Note that the cards and versions may not be exactly the same as your lab environment. When that is the case, please adjust the parameters to fit your lab. Use the lab hand outs to note down the appropriate port numbers and additional information that you might need to fulfill the labs.
-
Advanced Enterprise Networking Technical Labs
- 5 -
1.5 Lab purpose Configure Layer 3 switching, and related features, on the provided network.
1.6 Procedures
Mission1Configure basic IP configuration on the Chassis Switches
Step1Login to the Chassis switch through the serial port
Step2Ensure that all switches are running the same software version [PODxx]display version Step3Ensure that all switches have no active configurations system [PODxx]reset saved-configuration [PODxx]quit reboot system [H3C]sysname PODxxC1 (xx = POD: 00, 01, 02, 03 and C1 becomes C2 for Chassis #2) Step4Configure telnet for this switch. [PODxxC1]local-user admin [PODxxC1]password simple admin [PODxxC1]authorization-attribute level 3 [PODxxC1]service-type terminal telnet [PODxxC1]quit [PODxxC1]user-interface vty 0 4 [PODxxC1]authentication-mode scheme [PODxxC1]quit [PODxxC1]telnet server enable Step5Save the configuration and set as the startup config on all swiches: [PODxxC1]quit save l3.cfg startup saved-configuration l3.cfg Repeat for Chassis #2
-
Advanced Enterprise Networking Technical Labs
- 6 -
Mission2Configure VLANs and OSPF on the Chassis Switches
Step1login to the switch through the serial port
Step2Configure VLAN Interfaces for Chassis 1: Configure Chassis #1 to Chassis #2 Connection VLAN 99 and IP Address system [PODxxC1]vlan 99 [PODxxC1]port Ten-GigabitEthernet2/0/1 [PODxxC1-vlan102]quit [PODxxC1]interface vlan-interface 99 [PODxxC1-Vlan-interface99]ip address 10.10.x.1 24 (where x is the POD number) [PODxxC1-Vlan-interface99]quit Configure Pod-to-Pod VLAN where:
- yy=12 for connection from Pod #1 to Pod #2 - yy=23 for connection from Pod #2 to Pod #3 - yy=31 for connection from Pod #3 to Pod #1
[PODxxC1]vlan yy [PODxxC1]port GigabitEthernet3/0/1 [PODxxC1-vlan102]quit [PODxxC1]interface vlan-interface yy [PODxxC1-Vlan-interface12]ip address 10.10.yy.1 24 [PODxxC1-Vlan-interface12]quit Create VLAN 10 and assign IP address [PODxxC1]vlan 10 [PODxxC1-vlan102]quit [PODxxC1]interface vlan-interface 10 [PODxxC1-Vlan-interface100]ip address 10.x.10.1 24 [PODxxC1-Vlan-interface100]quit Create VLAN 11 and assign IP address [PODxxC1]vlan 11 [PODxxC1-vlan101]quit [PODxxC1]interface vlan-interface 11 [PODxxC1-Vlan-interface101]ip address 10.x.11.1 24 [PODxxC1-Vlan-interface101]quit Configure uplink ports from access switches to Chassis as trunk ports and allow local VLANs: [PODxxC1]interface Ten-GigabitEthernet 2/0/2 [PODxxC1-GigabitEthernet1/0/24]port link-type trunk [PODxxC1-GigabitEthernet1/0/24]port trunk permit vlan 10 11 [PODxxC1-GigabitEthernet1/0/24]quit
Step3Configure OSPF for Chassis 1: [PODxxC1]interface loopback 0 [PODxxC1-LoopBack0]ip address x.x.x.1 32 (where x is the POD number) [PODxxC1-LoopBack0]quit Enable OSPF on Chassis #1 [PODxxC1]ospf [PODxxC1-ospf-1]area 0 [PODxxC1-ospf-1-area-0.0.0.0]network 10.0.0.0 0.255.255.255 [PODxxC1-ospf-1-area-0.0.0.0]network x.x.x.1 0.0.0.0 [PODxxC1-ospf-1-area-0.0.0.0]quit
-
Advanced Enterprise Networking Technical Labs
- 7 -
[PODxxC1-ospf-1]opaque-capability enable [PODxxC1-ospf-1]graceful-restart ietf [PODxxC1-ospf-1]quit Step4Save the configuration and set as the startup config on all switches [PODxxC1]quit save l3.cfg startup saved-configuration l3.cfg Step5Configure VLAN Interfaces for Chassis #2
Configure Chassis #2 to Chassis #1 Connection VLAN 99 and IP Address system [PODxxC2]vlan 99 [PODxxC2]port Ten-GigabitEthernet2/0/1 [PODxxC2-vlan99]quit [PODxxC2]interface vlan-interface 99 [PODxxC2-Vlan-interface99]ip address 10.10.x.2 24 (where x is the POD number) [PODxxC2-Vlan-interface99]quit Configure Pod-to-Pod VLAN [PODxxC2]vlan yy [PODxxC2]port GigabitEthernet3/0/1 [PODxxC2-vlanyy]quit [PODxxC2]interface vlan-interface yy [PODxxC2-Vlan-interfaceyy]ip address 10.10.yy.2 24 [PODxxC2-Vlan-interfaceyy]quit (Where yy is the Pod-to-Pod VLAN from the table/diagram above) Create VLAN 10 and assign IP address [PODxxC2]vlan 10 [PODxxC2-vlan10]quit [PODxxC2]interface vlan-interface 10 [PODxxC2-Vlan-interface10]ip address 10.x.10.2 24 [PODxxC1-Vlan-interface100]quit Create VLAN 11 and assign IP address [PODxxC2]vlan 11 [PODxxC2-vlan11]quit [PODxxC2]interface vlan-interface 11 [PODxxC2-Vlan-interface11]ip address 10.x.11.2 24 [PODxxC2-Vlan-interface11]quit Configure uplink ports from access switches to Chassis as trunk ports and allow local VLANs: [PODxxC2]interface Ten-GigabitEthernet 2/0/2 [PODxxC2-GigabitEthernet1/0/2]port link-type trunk [PODxxC2-GigabitEthernet1/0/2]port trunk permit vlan 10 11 [PODxxC2-GigabitEthernet1/0/2]quit Configure OSPF for switch Chassis Switch 2: [PODxxC2]interface loopback 0 [PODxxC2-LoopBack0]ip address x.x.x.2 32 (where x is the POD number) [PODxxC2-LoopBack0]quit Enable OSPF on Chassis #2 [PODxxC2]ospf [PODxxC2-ospf-1]area 0 [PODxxC2-ospf-1-area-0.0.0.0]network 10.0.0.0 0.255.255.255 [PODxxC2-ospf-1-area-0.0.0.0]network x.x.x.2 0.0.0.0
-
Advanced Enterprise Networking Technical Labs
- 8 -
[PODxxC2-ospf-1-area-0.0.0.0]quit [PODxxC2-ospf-1]opaque-capability enable [PODxxC2-ospf-1]graceful-restart ietf [PODxxC2-ospf-1-area-0.0.0.0]quit [PODxxC2-ospf-1]quit
Step6Save the configuration and set as the startup config on all switches [PODxxC2]quit save l3.cfg startup saved-configuration l3.cfg Before continuing with the lab, ensure that you have a fully operational OSPF environment. Verify the adjacencies and routing tables and verify whether you are able to ping all the loopback addresses. [PODxxC1]display ospf peer verbose [PODxxC1]disp ip routing-table
-
Advanced Enterprise Networking Technical Labs
- 9 -
Mission3Configure Access Switches
Step1Login to the Access switch #1 through the serial port
Step2Ensure that all switches are running the same software version [PODxx]display version Step3Ensure that all switches have no active configurations [PODxx]reset saved-configuration [PODxx]quit reboot system [H3C]sysname PODxxA1 (xx = POD: 00, 01, 02, 03 and A1 becomes A2 for Switch #2, etc) Step4Configure telnet for this switch. [PODxxA1]local-user admin [PODxxA1]password simple admin [PODxxA1]authorization-attribute level 3 [PODxxA1]service-type terminal telnet [PODxxA1]quit [PODxxA1]user-interface vty 0 4 [PODxxA1]authentication-mode scheme [PODxxA1]quit [PODxxA1]telnet server enable Step5Save the configuration and set as the startup config on all switches [PODxxA1]quit save l3.cfg startup saved-configuration l3.cfg Step6Configure IP Address for Access Switches : Configure Access #1 Switch IP Address for VLAN 10 [PODxxA1]vlan 10 [PODxxA1-vlan10]quit [PODxxA1]interface vlan-interface 10 [PODxxA1-Vlan-interface10]ip address 10.x.10.10 24 (where x is the POD number) [PODxxA1-Vlan-interface10]quit Create VLAN 11 [PODxxC1]vlan 11 [PODxxC1-vlan11]quit
Step7Configure uplink ports from access switch #1 to Chassis as a trunk port and allow local VLANs: [PODxxA1]interface Ten-GigabitEthernet 1/0/25 (Or 1/0/1 or the S5820x-28S) [PODxxA1-GigabitEthernet1/0/25]port link-type trunk [PODxxA1-GigabitEthernet1/0/25]port trunk permit vlan 10 11 [PODxxA1-GigabitEthernet1/0/25]quit Configure link between Access switches and allow local VLANs [PODxxA1]interface Ten-GigabitEthernet 1/0/28 (Or 1/0/24 on the S5820x-28S) [PODxxA1-TenGigabitEthernet1/0/28]port link-type trunk [PODxxA1-TenGigabitEthernet1/0/28]port trunk permit vlan 10 11 [PODxxA1-TenGigabitEthernet1/0/28]quit
-
Advanced Enterprise Networking Technical Labs
- 10 -
Step8Place GigabitEthernet 1/0/1 on VLAN 10 [PODxxA1]interface GigabitEthernet 1/0/1 [PODxxA1-GigabitEthernet1/0/1]port access vlan 10 [PODxxA1-GigabitEthernet1/0/1]quit
Step9Configure Default Gateway on Access Switch #1 [PODxxA1]ip route-static 0.0.0.0 0.0.0.0 10.x.10.254
Step10Save the configuration and set as the startup config on all switches [PODxxA1]quit save l3.cfg startup saved-configuration l3.cfg
Step11Configure Access #2 Switch IP Address for VLAN 10 [PODxxA2]vlan 10 [PODxxA2-vlan10]quit [PODxxA2]interface vlan-interface 10 [PODxxA2-Vlan-interface10]ip address 10.x.10.11 24 [PODxxA2-Vlan-interface10]quit
Create VLAN 11 [PODxxA2]vlan 11 [PODxxA2-vlan11]quit
Step12Configure uplink ports from access switch #2 to Chassis #2 as a trunk port and allow local VLANs: [PODxxA2]interface Ten-GigabitEthernet 1/0/25 (Or 1/0/1 for the S5820x-28S) [PODxxA2-GigabitEthernet1/0/25]port link-type trunk [PODxxA2-GigabitEthernet1/0/25]port trunk permit vlan 10 11 [PODxxA2-GigabitEthernet1/0/25]quit Configure link between Access switches and allow local VLANs [PODxxA2]interface Ten-GigabitEthernet 1/0/28 (Or 1/0/24 for the S5820x-28S) [PODxxA2-TenGigabitEthernet1/0/28]port link-type trunk [PODxxA2-TenGigabitEthernet1/0/28]port trunk permit vlan 10 11 [PODxxA2-TenGigabitEthernet1/0/28]quit
Step13Place GigabitEthernet 1/0/1 on VLAN 10 [PODxxA2]interface GigabitEthernet 1/0/1 (Or 1/0/25 for the S5820x-28S) [PODxxA2-GigabitEthernet1/0/1]port access vlan 10 [PODxxA2-GigabitEthernet1/0/1]quit
Step14Configure Default Gateway on Access Switch #2 [PODxxA2]ip route-static 0.0.0.0 0.0.0.0 10.x.10.254
Step15Save the configuration and set as the startup config on all switches [PODxxA2]quit save l3.cfg startup saved-configuration l3.cfg
Connect switches as shown in the diagran and verify connectivity from each access switch port GigabitEthernet 1/0/1 to the VLAN 10 IP Address of each Chassis Switch.
-
Advanced Enterprise Networking Technical Labs
- 11 -
Mission4Configure VRRP
Step1Configure VRRP between Chassis switches On Chassis #1 [PODxxC1]interface vlan-interface 10 [PODxxC1-Vlan-interface10]vrrp vrid 1 virtual-ip 10.x.10.254 [PODxxC1-Vlan-interface10]vrrp vrid 1 priority 110 [PODxxC1-Vlan-interface10]quit [PODxxC1]interface vlan-interface 11 [PODxxC1-Vlan-interface11]vrrp vrid 2 virtual-ip 10.x.11.254 [PODxxC1-Vlan-interface11]quit On Chassis #2 [PODxxC2]interface vlan-interface 10 [PODxxC2-Vlan-interface10]vrrp vrid 1 virtual-ip 10.x.10.254 [PODxxC2-Vlan-interface10]quit [PODxxC2]interface vlan-interface 11 [PODxxC2-Vlan-interface11]vrrp vrid 2 virtual-ip 10.x.11.254 [PODxxC2-Vlan-interface12]vrrp vrid 2 priority 110 [PODxxC2-Vlan-interface11]quit Verify that you can ping the Virtual address created in the last step.
Step2Save the configuration and set as the startup config on all switches [PODxxC1]quit save l3.cfg startup saved-configuration l3.cfg
-
Advanced Enterprise Networking Technical Labs
- 12 -
Mission5Types of VLANs
Step1Use MAC-Based VLANs: On your associated Access switch, associate the MAC address of Client 1 (xxxx-xxxx-xxxx) with VLAN 10 and Client 2 (yyyy-yyyy-yyyy) with VLAN 11.
Step2Use ipconfig /all on your Windows Clients to determine your MAC address.
Step3Enable MAC-based VLANs on GigabitEthernet 1/0/2 [PODxxA1]mac-vlan mac-address xxxx-xxxx-xxxx vlan 10 [PODxxA1]mac-vlan mac-address yyyy-yyyy-yyyy vlan 11 [PODxxA1]interface GigabitEthernet 1/0/2 [PODxxA1-GigabitEthernet1/0/2]port link-type hybrid [PODxxA1-GigabitEthernet1/0/2]port hybrid vlan 10 11 untagged [PODxxA1-GigabitEthernet1/0/2]mac-vlan enable [PODxxA1-GigabitEthernet1/0/2]quit You should see that the client with the appropriate MAC Addresses are automatically assigned to the assigned VLAN.
Step4Use IP Subnet-Based VLANs: On your associated Access switch, associate subnets for VLAN 10 and 11 Enable IP Subnet based VLANs on GigabitEthernet 1/0/3 [PODxxA1]vlan 10 [PODxxA1]ip-subnet-vlan ip 10.x.10.0 255.255.255.0 [PODxxA1]quit [PODxxA1]vlan 11 [PODxxA1]ip-subnet-vlan ip 10.x.11.0 255.255.255.0 [PODxxA1]quit [PODxxA1]interface GigabitEthernet 1/0/3 [PODxxA1-GigabitEthernet1/0/3]port link-type hybrid [PODxxA1-GigabitEthernet1/0/3]port hybrid vlan 10 11 untagged [PODxxA1-GigabitEthernet1/0/3]port hybrid ip-subnet-vlan vlan 10 [PODxxA1-GigabitEthernet1/0/3]port hybrid ip-subnet-vlan vlan 11 [PODxxA1-GigabitEthernet1/0/3]quit Configure your clients to be on one or the other VLAN subnets. You should see that the client(s) with the appropriate IP subnet configured are automatically assigned to the assigned VLAN when plugged into that port.
-
Advanced Enterprise Networking Technical Labs
- 13 -
Mission6Prep for Network Management
Step1Enable SNMP on each switch. [PODxxC1]snmp-agent sys-info version v1 v2c [PODxxC1]snmp-agent community read public [PODxxC1]snmp-agent community write private
Step2Enable SNMP traps on the switch. [PODxxC1]snmp-agent trap enable [PODxxC1]snmp-agent target-host trap address udp-domain 10.x.10.200 upd-port 5000 params securityname public
Step3Enable SNMP operation logging on the switch. [PODxxC1]terminal monitor [PODxxC1]terminal logging [PODxxC1]info-center source snmp channel console log level informational [PODxxC1]snmp-agent log get-operation [PODxxC1]snmp-agent log set-operation
Step4Enable logging on the switch. [PODxxC1]info-center enable [PODxxC1]info-center loghost 10.x.10.200 channel loghost facility local4 [PODxxC1]info-center source default channel loghost debug state off log state off trap state off
Step5Enable sflow on the switch. [PODxxC1]sflow agent ip 10.x.10.yyy (IP Address of the switch) [PODxxC1]sflow collector ip 10.x.10.200 [PODxxC1]interface GigabitEthernet1/0/1 [PODxxC1-Gig-Ethernet1/0/23]sflow enable inbound [PODxxC1-Gig-Ethernet1/0/23]sflow enable outbound [PODxxC1-Gig-Ethernet1/0/23]sflow sampling-rate 1000
Repeat for all switches in your pod.
-
Advanced Enterprise Networking Technical Labs
- 1 -
Lab2: IRF
LAB2: IRF ............................................................................................................................................. - 1 -1.1 OVERVIEW .................................................................................................................................................................................... - 1 -1.2 NETWORKING DIAGRAM ............................................................................................................................................................... - 2 -1.3 IP ADDRESSING SCHEME............................................................................................................................................................... - 4 -1.4 EQUIPMENT .................................................................................................................................................................................. - 5 -1.5 LAB PURPOSE ................................................................................................................................................................................ - 6 -1.6 PROCEDURES ................................................................................................................................................................................ - 6 -
Mission1 Configure IRF on the S5800/S5820x ....................................................................................................................... - 6 -Mission2 Configure IRF on the S12500/S9500E/S7500E ....................................................................................................... - 8 -Mission3 Verify IRF Operation .............................................................................................................................................. - 13 -
1.1 Overview In this lab exercise, you will:
Configure IRF on a S12500/S9500E/S7500E and S5800/S5820x
Understand the operation of IRF Before starting this lab please use the following commands
reset saved-reconfiguration reboot
-
Advanced Enterprise Networking Technical Labs
- 2 -
1.2 Networking Diagram
Figure 1-1
-
Advanced Enterprise Networking Technical Labs
- 3 -
Figure 1-2
-
Advanced Enterprise Networking Technical Labs
- 4 -
1.3 IP Addressing Scheme for IRF
Device Interface IP Address
PODA 7500 Pair Loopback 0 1.1.1.1/32 7500 Pair Vlan 10 10.1.10.254/24 5800 Pair Vlan 10 10.1.10.10/24
PC 1 Plugged into VLAN x 10.1.x.100/24 Gateway 10.1.x.254 PC 2 Plugged into VLAN x 10.1.x.101/24 Gateway 10.1.x.254
IMC Server Plugged into VLAN 10 10.1.10.200 PODB
7500 Pair Loopback 0 2.2.2.1/32 7500 Vlan 10 10.2.10.254/24
5800 Pair Vlan 10 10.2.10.10/24 PC 1 Plugged into VLAN x 10.2.x.100/24 Gateway 10.2.x.254 PC 2 Plugged into VLAN x 10.2.x.101/24 Gateway 10.2.x.254
IMC Server Plugged into VLAN 10 10.2.10.200 PODC
7500 Pair Loopback 0 3.3.3.1/32 7500 Pair Vlan 10 10.3.10.254/24 5800 Pair Vlan 10 10.3.10.10/24
PC 1 Plugged into VLAN x 10.3.x.100/24 Gateway 10.3.x.254 PC 2 Plugged into VLAN x 10.3.x.101/24 Gateway 10.3.x.254
IMC Server Plugged into VLAN 10 10.3.10.200
-
Advanced Enterprise Networking Technical Labs
- 5 -
1.4 Equipment
Version No. Description
S750xE 5.20 E6605P01 2 At least 3 slot chassis
S9500E 5.20 R1230 2 At Least 5 Slot Chassis
S12508E 5.20 R1230 2 At Least 8 Slot Chassis
SD, EB or LEC Modules 3 any MPLS capable
module
S5800/S5820x 5.20 R11109P01 2 Requirement is ability to
build IRF 2 stack
Client 2 Client for test
Note that the cards and versions may not be exactly the same as your lab environment. When that is the case, please adjust the parameters to fit your lab. Use the lab hand outs to note down the appropriate port numbers and additional information that you might need to fulfill the labs.
-
Advanced Enterprise Networking Technical Labs
- 6 -
1.5 Lab purpose Establish full IRF redundancy.
1.6 Procedures
Mission1Configure IRF on the S5800/S5820x
Step1Login to the switch through the console port
Step2Ensure that both switches are running the same software version [PODxyz]display version
Step3Reset the configuration of the switches. reset saved-configuration reboot
Step4Assign a unit number to each S5800. The unit number is based on the z designation of your switch1 or 2. For unit 2: [H3C]irf member 1 renumber 2 (x is current unit number)
Step5Save the configuration and reboot the switches [H3C]quit save irf.cfg startup saved-configuration irf.cfg reboot
Step6Setting priority on Master S5800. For unit 1: [H3C]irf member 1 priority 32
Step7Shutdown the 10 Gbps port that will form the IRF (T1/0/25) For Unit 1: [H3C]int TenGigabitEthernet 1/0/25 [H3C-Ten-GigabitEthernet1/0/25]shutdown [H3C]int TenGigabitEthernet 1/0/26 [H3C-Ten-GigabitEthernet1/0/25]shutdown For Unit 2: [H3C]int TenGigabitEthernet 2/0/25 [H3C-Ten-GigabitEthernet2/0/25]shutdown [H3C]int TenGigabitEthernet 2/0/26 [H3C-Ten-GigabitEthernet2/0/25]shutdown
Step8Assign the 10 Gbps port to an IRF port group On Unit 1: [H3C]irf-port 1/1 [H3C-irf-port]port group interface TenGigabitEthernet 1/0/25
-
Advanced Enterprise Networking Technical Labs
- 7 -
[H3C-irf-port]port group interface TenGigabitEthernet 1/0/26 [H3C-irf-port]quit On Unit 2: [H3C]irf-port 2/2 [H3C-irf-port]port group interface TenGigabitEthernet 2/0/25 [H3C-irf-port]port group interface TenGigabitEthernet 2/0/26 [H3C-irf-port]quit
Step9Connect the cables to the 2 5800
Step10Enable the 10 Gbps ports that will form the IRF (on both switches) On unit 1: [H3C]int TenGigabitEthernet 1/0/25 [H3C-Ten-GigabitEthernet1/0/25]undo shutdown [H3C]int TenGigabitEthernet 1/0/26 [H3C-Ten-GigabitEthernet1/0/25]undo shutdown On unit 2: [H3C]int TenGigabitEthernet 2/0/25 [H3C-Ten-GigabitEthernet2/0/25]undo shutdown [H3C]int TenGigabitEthernet 2/0/26 [H3C-Ten-GigabitEthernet2/0/25]undo shutdown
Step11Activate the IRF Port Configuration [H3C]irf-port-configuration active
Step12Save the configuration [PODxyz]quit save
Step13Connect the 2 cables into Tengig ports 25 and 26.
The secondary switch (unit 2) should now reboot automatically.
Step14The IRF stack should now be formed. Verify IRF operation [H3C]display irf [H3C]display irf configuration [H3C]display irf topology [H3C]display devices
Step15Rename the IRF Access-PODx, where x is your pod letter (A, B, C)
[H3C]sysname Access-PODx
Step16On the master, assign IP addresses to VLAN 10 [Access-PODx]vlan 10 [Access-PODx]quit [Access-PODx]interface vlan 10 [Access-PODx -Vlan-interface1]ip address 10.xx.10.10 255.255.255.0 (xx = POD: 01 for PodA, 02 for PodB, 03 for PodC)
Step17On the master, create a dynamic aggregation interface [Access-PODx]interface bridge-aggregation 1 [Access-PODx-bridge-agg-1]link-aggregation mode dynamic
-
Advanced Enterprise Networking Technical Labs
- 8 -
Step18On the master, assign ports to the aggregation interfaces
[Access-PODx]interface gigabitethernet 1/0/11 [Access-PODx-bridge-agg-1]port link-aggregation group 1 [Access-PODx]interface gigabitethernet 1/0/12 [Access-PODx-bridge-agg-1]port link-aggregation group 1 [Access-PODx]interface gigabitethernet 2/0/11 [Access-PODx-bridge-agg-1]port link-aggregation group 1 [Access-PODx]interface gigabitethernet 2/0/12 [Access-PODx-bridge-agg-1]port link-aggregation group 1
Step19On the bridge aggregation, enable trunking and allow all VLANs on the aggregation interface. [Access-PODx-bridge-agg-1]interface bridge-aggregation 1 [Access-PODx-bridge-agg-1]port link-type trunk [Access-PODx-bridge-agg-1]port trunk permit vlan all
Step20On the master, configure the access ports VLAN membership on both Access switches (you can connect your PC to this).
[Access-PODx]interface gigabitethernet 1/0/1 [Access-PODx]port access vlan 10 [Access-PODx]interface gigabitethernet 2/0/1 [Access-PODx]port access vlan 10
Step21Before continuing, verify that all partners5800 and 7500E switcheshave completed the IRF configuration. If this has been accomplished, then, on the master 5800 switch, disable STP.
[Access-PODx]undo stp enable
Step22Save the configuration [PODxyz]quit save
Mission2Configure IRF on the S12500/S9500E/S7500E
Step1Login into the switch through the console port
Step2Ensure that both switches are running the same software version [H3C]display version
Step3Reset the configuration of the switches. reset saved-configuration reboot
Step4Set the 2 Chassis to operate in IRF mode. The chassis will be rebooted automatically.
]chassis convert mode irf
-
Advanced Enterprise Networking Technical Labs
- 9 -
Step5Assign IRF priority 32 to Chassis 1 to make it the master For unit 1:
[H3C]irf member 1 priority 32 Save the configuration under irf.cfg name. Youve to do it on both Master and Slave SRPUs.
[H3C]quit save irf.cfg save chassis1#slot1#flash:/irf.cfg startup saved-configuration irf.cfg
Step6Renumber chassis 2 as member 2. (It started as Member 1 in its own IRF)
For unit 2:
[H3C]irf member 1 renumber 2
Save the configuration under irf.cfg name. Youve to do it on both Master and Slave SRPUs.
[H3C]quit save irf.cfg save chassis1#slot1#flash:/irf.cfg startup saved-configuration irf.cfg reboot
Step7Shutdown the 10 Gbps ports that will form the IRF For Unit 1: [H3C]int Ten-GigabitEthernet 1/2/0/1 [H3C-Ten-GigabitEthernet1/2/0/1] shutdown [H3C]int Ten-GigabitEthernet 1/2/0/2 [H3C-Ten-GigabitEthernet1/2/0/1] shutdown For Unit 2: [H3C]int Ten-GigabitEthernet 2/2/0/1 [H3C-Ten-GigabitEthernet2/2/0/1] shutdown [H3C]int Ten-GigabitEthernet 2/2/0/2 [H3C-Ten-GigabitEthernet1/2/0/1]shutdown
Step8Assign the 10 Gbps ports to an IRF port group On Unit 1: [H3C]irf-port 1/1 [H3C-irf-port]port group interface ten-gigabitethetnet 1/2/0/1 [H3C-irf-port]port group interface ten-gigabitethetnet 1/2/0/2 [H3C-irf-port]quit On Unit 2: [H3C]irf-port 2/2 [H3C-irf-port]port group interface ten-gigabitethetnet 2/2/0/1 [H3C-irf-port]port group interface ten-gigabitethetnet 2/2/0/2 [H3C-irf-port]quit
Step9Enable the 10 Gbps ports that will form the IRF For Unit 1: [H3C]int Ten-GigabitEthernet 1/2/0/1
-
Advanced Enterprise Networking Technical Labs
- 10 -
[H3C-Ten-GigabitEthernet1/2/0/1]undo shutdown [H3C]int Ten-GigabitEthernet 1/2/0/1 [H3C-Ten-GigabitEthernet1/2/0/1]undo shutdown For Unit 2: [H3C]int Ten-GigabitEthernet 2/2/0/1 [H3C-Ten-GigabitEthernet2/2/0/1]undo shutdown [H3C]int Ten-GigabitEthernet 2/2/0/2 [H3C-Ten-GigabitEthernet1/2/0/1]undo shutdown
Step10 Save the configuration [H3C]quit save
Step11Cable the IRF ports of the two switches. You get a message on both chassis.
On chassis 1 (Master) a message mentions the IRF Merge but does not require a reboot
On the Chassis 2 (Slave) it should now request to reboot.
Step12Reboot the Slave switch reboot
Step13The IRF stack should now be formed. Verify IRF operation [H3C]display irf [H3C]display irf configuration [H3C]display irf topology Also try the followings: [H3C]display device [H3C]display version
Step14Rename the IRF Core-PODx, where x is your pod letter (A, B, C)
[H3C]sysname Core-PODx
Step15On the master, create Loopback 0 and assign IP address [H3C]interface loopback 0 [Core-PODx-Vlan-interface1]ip address xx.xx.xx.1 32 (x = POD: PodA will use 1, PodB will use 2, and PodC will use 3)
-
Advanced Enterprise Networking Technical Labs
- 11 -
Step16On the master, create VLAN 10 and assign IP addresses to the VLANs [Core-PODx]vlan 10 [Core-PODx]quit [Core-PODx]interface vlan 10 [Core-PODx-Vlan-interface1]ip address 10.xx.10.254 255.255.255.0 (x = POD: 1 for PodA, 2 for PodB, 3 for PodC)
Step17On the master, create a dynamic aggregation interface [Core-PODx]interface bridge-aggregation 1 [Core-PODx-int-br-1]link-aggregation mode dynamic
Step18On the master, configure trunk ports and assign ports to the aggregation interfaces for the interfaces connected between the 5800s and the 7500s.
[Core-PODx]interface gigabitethernet 1/3/0/11 [Core-PODx-int]port link-aggregation group 1 [Core-PODx]interface gigabitethernet 1/3/0/12 [Core-PODx-int]port link-aggregation group 1 [Core-PODx]interface gigabitethernet 2/3/0/11 [Core-PODx-int]port link-aggregation group 1 [Core-PODx]interface gigabitethernet 2/3/0/12 [Core-PODx-int]port link-aggregation group 1
Step19On the master, set the brige aggregation as a VLAN trunk and enable MAD LACP. [Core-PODx]interface bridge-aggregation 1 [Core-PODx-int-br-1]port link-type trunk [Core-PODx-int-br-1]port trunk permit vlan all [Core-PODx-int-br-1]mad enable
Step20On the master, set BFD MAD. First define a dedicated VLAN and assign 2 Gigabit interfaces to it [H3C] vlan 3 [H3C-vlan3] port gigabitethernet 1/3/0/24 [H3C-vlan3] port gigabitethernet 2/3/0/24 [H3C-vlan3] quit
Step21Create VLAN-interface 3 and configure the MAD IP address for the interface. [H3C] interface vlan-interface 3 [H3C-Vlan-interface3] mad bfd enable [H3C-Vlan-interface3] mad ip add 10.x.3.1 24 member 1 [H3C-Vlan-interface3] mad ip add 10.x.3.2 24 member 2 [H3C-Vlan-interface3] quit
-
Advanced Enterprise Networking Technical Labs
- 12 -
Step22C onfigure the access ports VLAN membership on both Core switches (you can connect your PC to this port).
[Core-PODx]interface gigabitethernet 1/0/1 [Core-PODx]port access vlan 10 [Core-PODx]interface gigabitethernet 2/0/1 [Core-PODx]port access vlan 10
Step23Save the configuration [Core-PODx]quit save
-
Advanced Enterprise Networking Technical Labs
- 13 -
Mission3Verify IRF Operation
Step1Connect a PC to each switch and assign a static IP address using the following table: PC1 = 10.x.10.101/24 connected to 7500E master PC2 = 10.x.10.102/24 connected to 7500E slave PC3 = 10.x.10.103/24 connected to 5800 master PC4 = 10.x.10.104/24 connected to 5800 slave xx is the POD ID: (xx = POD: PodA is 01, PodB is 02, and PodC is 03)
Step2Verify connectivity through pingping each of the devices in your IRF grouping. Or use Fping to be able to test ping at the millisecond level. Copy the fping.exe to you c:/Windows folder.
fping can be used which can issue continuous pings with a very small time interval. This will allow a more precise calculation of down time. When the following command is issued for a continuous ping to host a.b.c.d with a time interval of 50 milliseconds and a timeout of 50 milliseconds
C:\> fping 10.X.10.Y c t 50 w 50
Step3Start removing cables, one-at-a-time, ensuring that at least end to end connectivity is maintained): - There should be no or minimal PING loss. - Remove one IRF cable, notice if there are any changes in response. - Remove the whole IRF link between your switch and the corresponding IRF switch (the master and the slave) and notice what happens. - Reconnect the IRF link. Is the IRF self healing? - If not, what actions are required to restore IRF functionality?
Step4Trigger a switchover of the Master Main Board of IRF chassis by issuing command slave switchover or by removing the Main Board (MSU) that is set to Master
Check what board is master with display irf display device
Step5Trigger a switchover of the Master chassis in the IRF chassis by issuing command reboot chassis X or by powering off the Master Chassis
Step6Save the configuration on your switch [Access-PODxyz]quit save
This concludes the IRF lab.
-
Advanced Enterprise Networking Technical Labs
- 1 -
Lab3: RRPP
LAB3: RRPP ......................................................................................................................................... - 1 -1.1 OVERVIEW .................................................................................................................................................................................... - 1 -1.2 NETWORKING DIAGRAM ............................................................................................................................................................... - 2 -1.3 IP ADDRESSING SCHEME............................................................................................................................................................... - 2 -1.4 EQUIPMENT .................................................................................................................................................................................. - 4 -1.5 LAB PURPOSE ................................................................................................................................................................................ - 5 -1.6 PROCEDURES ................................................................................................................................................................................ - 5 -
Mission1 Configure RRPP between all IRF chassis. ............................................................................................................... - 5 -
1.1 Overview
In this lab exercise, you will:
Configure RRPP Understand the operation of RRPP
-
Advanced Enterprise Networking Technical Labs
- 2 -
1.2 Networking Diagram
Transit
VLANS_IP SubnetsVLAN 10 10.x.10.0/24
PODX_A1 PODX_A2
Ten 2/0/1
Ten 2/0/2 Ten 2/0/2
Ten 1/0/25 Ten 1/0/25
Ten 1/0/26
.2.1
PODX_C1 PODX_C2
X= POD #
1 2
.4.3
RRPP Domain 1
Ring 1
Master Transit
Transit
P
PS
SS
P Primary Ring Port
Secondary Ring Port
PP
SS
Figure 1-1
1.3 IP Addressing Scheme
Before configuring devices in the RRPP lab, youll remove the IRF configuration. Each switch will be an individual member of the Ring. Each pod will create its own ring. In order to test the RRPP fault tolerance and Rapid Recovery functionality with IP nodes, the PC connected to the Ring must be in the same VLAN and in the same IP Subnet.
-
Advanced Enterprise Networking Technical Labs
- 3 -
Device Interface IP Address
POD#X
Chassis 1 Vlan 10 10.X.10.1/24
Chassis 2 Vlan 10 10.X.10.2/24
Access 1 Vlan 10 10.X.10.3/24
Access 2 Vlan 10 10.X.10.4/24
PC 1 Plugged into VLAN 10 10.X.10.101/24
PC 2 Plugged into VLAN 10 10.X.10.102/24
-
Advanced Enterprise Networking Technical Labs
- 4 -
1.4 Equipment
Version No. Description
S750xE 5.20 E6605P03 2 At least 3 slot chassis
S5800/S5820x 5.20 R11109P01 2 Requirement is ability to
build IRF 2 stack
Client 2 Client for test
Note that the cards and versions may not be exactly the same as your lab environment. When that is the case, please adjust the parameters to fit your lab. Use the lab hand outs to note down the appropriate port numbers and additional information that you might need to fulfill the labs.
-
Advanced Enterprise Networking Technical Labs
- 5 -
1.5 Lab purpose
Create a main RRPP ring between the Switches.
1.6 Procedures
Mission1Configure RRPP between chassis.
Step1Disconnect cables from previous lab
Step2login to the Chassis switch through the serial port or by Telnet
Step3Remove IRF and all configuration on the Chassis undo chassis convert mode reset saved-config reboot
Step4Reset configuration on the 5800 switches reset saved-config reboot
Step5Create the appropriate VLANs on all switches system-view [PODxx]vlan 10 [PODxx-vlan10]quit [PODxx]vlan 11 [PODxx-vlan11]quit [PODxx]interface vlan 10 [PODxx-interface-vlan10]quit [PODxx]interface vlan 11 [PODxx-interface-vlan11]quit
Step6Set ALL the ports that will form the RRPP ring as Trunk ports on ALL Switches For example: [PODxx]interface ten-gigabit-ethernet 2/0/X [PODxx-Ten-GigabitEthernet1/3/0/3]port link-type trunk [PODxx-Ten-GigabitEthernet1/3/0/3]port trunk permit vlan all [PODxx-Ten-GigabitEthernet1/3/0/3]quit
Step7Disable STP on ALL the ports that will form the RRPP ring on ALL Switches [PODxx]interface ten-gigabit-ethernet 2/0/X [PODxx-Ten-GigabitEthernet1/3/0/3]link-delay 0 or 2
-
Advanced Enterprise Networking Technical Labs
- 6 -
Note: Minimum Link-delay is 0 on 7500 and 2 on 5800 [PODxx-Ten-GigabitEthernet1/3/0/3]stp disable [PODxx-Ten-GigabitEthernet1/3/0/3]quit
Step8Enable RRPP on ring 1, configure the protected VLAN (required) [PODxx]rrpp domain 1 [PODxx-rrpp]control-vlan 4092 [PODxx-rrpp]protected-vlan reference-instance 0 to 31 [PODxx]quit
Set Chassis 1 as the RRPP Master node, and Chassis 2 as a transit node Before configuring RRPP, do not connect the cables that form the RRPP ring yet. Note down the port numbers on the network diagram that comes with this lab. Configure chassis 1 as the Master Node in Ring 1
[PODxx]rrpp domain 1 [PODxx-rrpp]ring 1 node-mode master primary-port ten-gigabit-ethernet 2/0/1 secondary-port ten-gigabit-ethernet 2/0/2 level 0 [PODxx-rrpp]ring 1 enable [PODxx-rrpp]quit [PODxx]rrpp enable
Configure Chassis 2 as the Transit Node in Ring 1 [PODxx]rrpp domain 1 [PODxx-rrpp]ring 1 node-mode transit primary-port ten-gigabit-ethernet 2/0/2 secondary-port ten-gigabit-ethernet 2/0/1 level 0 [PODxx-rrpp]ring 1 enable [PODxx-rrpp]quit [PODxx]rrpp enable
Step9Set Access Switches 1 and 2 as RRPP Transit nodes Configure Access Switch 1 as the Transit Node in Ring 1
[Accessxx]rrpp domain 1 [Accessxx-rrpp]ring 1 node-mode transit primary-port ten-gigabit-ethernet 1/0/25 secondary-port ten-gigabit-ethernet 1/0/26 level 0 [Accessxx-rrpp]ring 1 enable [Accessxx-rrpp]quit [Accessxx]rrpp enable
Configure Access Switch 2 as the Transit Node in Ring 1 [Accessxx]rrpp domain 1 [Accessxx-rrpp]ring 1 node-mode transit primary-port ten-gigabit-ethernet 1/0/26
-
Advanced Enterprise Networking Technical Labs
- 7 -
secondary-port ten-gigabit-ethernet 1/0/25 level 0 [Accessxx-rrpp]ring 1 enable [Accessxx-rrpp]quit [Accessxx]rrpp enable
Step10Connect the cables to the ports that will form the RRPP ring Verify RRPP status on all switches [PODxx]display rrpp brief [PODxx]display rrpp verbose domain 1 ring 1 Verify connectivity through PING or fping utility on your PC (Copy fping.exe into C:/Windows folder) C:\> fping 10.X.10.Y c t 50 w 50 Use the PCs that are connected throughout the Ring using the IP address space information at the beginning of this document. If connectivity is successful, remove one of the ring connections and verify whether there is loss of information. Verify RRPP status on all switches after you disconnect a link [PODxx]display rrpp brief [PODxx]display rrpp verbose domain 1 ring 1
Step11Save the configuration [PODxx]quit save rrpp.cfg save chassis1#slot1#flash:/rrpp.cfg
startup saved-configuration rrpp.cfg This concludes the RRPP lab.
-
Advanced Enterprise Networking Technical Labs
- 1 -
Lab 4: MCE
LAB 4: MCE ............................................................................................................................................. - 1 -1.1 OVERVIEW ........................................................................................................................................ - 1 -1.2 NETWORKING DIAGRAM ................................................................................................................... - 2 -1.3 EQUIPMENT ....................................................................................................................................... - 4 -1.4 LAB PURPOSE .................................................................................................................................... - 5 -1.5 PROCEDURES..................................................................................................................................... - 5 -
Mission1 Configure IRF 2 on the S5500-EI (already focused in lab 1) ........................................ - 5 -Mission2 Configure VPN instances 1 and 2 on MCE for customers ............................................. - 6 -
1.1 Overview
In this lab exercise, you will:
Configure MCE on two S7500E
Understand the operation of MCE
Use BGP to exchange routes between Instances
-
Advanced Enterprise Networking Technical Labs
- 2 -
1.2 Networking Diagram
Figure 1-1
-
Advanced Enterprise Networking Technical Labs
- 3 -
IP Address Design
Device Interface IP Address
S7500E Vlan interface 10 192.168.10.1/24
Vlan interface 20 192.168.20.1/24
S5500EI IRF Vlan interface 10 192.168.10.10/24
PC1 VLAN 10 192.168.10.100/24
PC2 VLAN 10 192.168.10.101/24
S7500E Vlan interface 10 192.168.10.2/24
Vlan interface 20 192.168.20.2/24
S5500EI IRF Vlan interface 20 192.168.20.10/24
PC3 VLAN 20 192.168.20.100/24
PC4 VLAN 20 192.168.20.101/24
-
Advanced Enterprise Networking Technical Labs
- 4 -
1.3 Equipment
Version No. Description
S750xE 2 At least 3 slot chassis
S7500E Fabric 5.20.E6603P01 2 Switch Fabric
LSQ1GP24TXSD0, 16 x
x, 8 x Combo, 2 x 10 G
SD module
2
Or any other module that
provides access
connectivity
S5500-28C-EI CMW520-R2202 or later 4
Or any other Comware 5
based switch.
Requirement is ability to
build IRF 2 stack
H3C S5500-SI
Loc.Conn.CX4 Cable 4
If Access Switch is based
on S5500-EI
2-Port 10-Gigabit Local
Connection Module 4
If Access Switch is based
on S5500-EI
PC Windows XP SP2 4 PC
Please connect the above devices as shown in figure 1-1.
Note that the cards and versions may not be exactly the same as your lab environment. When that is the case, please adjust the parameters to fit your lab.
Use the lab hand outs to note down the appropriate port numbers and additional information that you might need to fulfill the labs.
-
Advanced Enterprise Networking Technical Labs
- 5 -
1.4 Lab purpose
Separate routing tables for customer A and customer B on the 7500E.
Configure OSPF between MCEs
PCs that exist in the different VLANs should be able to reach each other
1.5 Procedures
Mission1Configure IRF 2 on the S5500-EI (already done in lab 1)
Step1Configure 2 x IRF for the access connectivity
Step2Create VLANs and assign IP addresses to the VLANs Stack 1: [Access-PODxx]vlan 10 [Access-PODxx]interface vlan 10 [Access-PODxx -Vlan-interface10]ip address 192.168.10.10 24 Stack 2: [Access-PODxx]vlan 20 [Access-PODxx]interface vlan 20 [Access-PODxx -Vlan-interface10]ip address 192.168.20.10 24
Step3Create a dynamic aggregation interface Stack1 and Stack 2: [Access-PODxx]interface Bridge-Aggregation 1 [Access-PODxx]port link-type trunk [Access-PODxx]port trunk permit vlan all
Step4Configure trunk ports and assign ports to the aggregation interfaces Stack1 and Stack 2: [Access-PODxx]interface gigabitethernet 1/0/1 (port number is example) [Access-PODxx]port link-aggregation group 1 [Access-PODxx]interface gigabitethernet 1/0/2(port number is example) [Access-PODxx]link-aggregation group 1
Step5Configure the access ports VLAN membership on Access stacks Stack 1: [Access-PODxx]vlan 10 [Access-PODxx]interface gigabitethernet 1/0/10 [Access-PODxx]interface gigabitethernet 2/0/1 (port number is example)
-
Advanced Enterprise Networking Technical Labs
- 6 -
Stack 2: [Access-PODxx]vlan 20 [Access-PODxx]interface gigabitethernet 1/0/10 [Access-PODxx]interface gigabitethernet 2/0/1 (port number is example)
Mission2Configure VPN instances 1 and 2 on MCE for customers
Step1Create the appropriate VLANs on both 7500E chassis system-view [PODxx]sysname PODxx [PODxx]vlan 10 [PODxx]vlan 20
Step2Configure Link Aggregation at the access switches to core conection
MCE 1 [PODxx]interface Bridge-Aggregation 1 [PODxx]port link-type trunk [PODxx]port trunk permit vlan 10
MCE 2 [PODxx]interface Bridge-Aggregation 1 [PODxx]port link-type trunk [PODxx]port trunk permit vlan 20
Step3Assign the VLANs to the ports between the MCEs and to the access switches
MCE1 - [PODxx]interface gigabit-ethernet 1/0/1 (port number is example) [PODxx]port link-aggregation group 1 [PODxx]interface gigabit-ethernet 1/0/2 (port number is example) [PODxx]port link-aggregation group 1
MCE2 - [PODxx]interface gigabit-ethernet 1/0/1 (port number is example) [PODxx]port link-aggregation group 1 [PODxx]interface gigabit-ethernet 1/0/2 (port number is example) [PODxx]port link-aggregation group 1
Step4Assign the VLANs to the ports between the MCEs
MCE1 - [PODxx]interface gigabit-ethernet 1/0/24 (port number is example) [PODxx]port link-type trunk [PODxx]port trunk permit vlan 10 to 20
MCE2 - [PODxx]interface gigabit-ethernet 1/0/24 (port number is example) [PODxx]port link-type trunk [PODxx]port trunk permit vlan 10 to 20
-
Advanced Enterprise Networking Technical Labs
- 7 -
Step5Configure VPN instances 10 and 20 on MCEs
MCE1 - [PODxx]ip vpn-instance 10 [PODxx]route-distinguisher 10:1 [PODxx]ip vpn-instance 20 [PODxx]route-distinguisher 20:1
MCE2 [PODxx]ip vpn-instance 10 [PODxx]route-distinguisher 10:1 [PODxx]ip vpn-instance 20 [PODxx]route-distinguisher 20:1
Step6: Configure VLAN-interfaces 10 and 20 and bind them to VPN 10 and VPN 20 respectively
MCE1 - [PODxx]interface vlan 10 [PODxx]ip binding vpn-instance 10 [PODxx]ip address 192.168.10.1 255.255.255.0 [PODxx]interface vlan 20 [PODxx]ip binding vpn-instance 20 [PODxx]ip address 192.168.20.1 255.255.255.0
MCE2 - [PODxx]interface vlan 10 [PODxx]ip binding vpn-instance 10 [PODxx]ip address 192.168.10.2 255.255.255.0 [PODxx]interface vlan 20 [PODxx]ip binding vpn-instance 20 [PODxx]ip address 192.168.20.2 255.255.255.0
-
Advanced Enterprise Networking Technical Labs
- 8 -
Step7: Configure OSPF for VPN Instances
MCE1 - [PODxx]ospf 10 vpn-instance 10 [PODxx]vpn-instance-capability simple [PODxx]area 0.0.0.0 [PODxx]network 192.168.10.0 0.0.0.255 [PODxx]ospf 20 vpn-instance 20 [PODxx]vpn-instance-capability simple [PODxx]area 0.0.0.0 [PODxx]network 192.168.20.0 0.0.0.255
MCE2 - [PODxx]ospf 10 vpn-instance 10 [PODxx]vpn-instance-capability simple [PODxx]area 0.0.0.0 [PODxx]network 192.168.10.0 0.0.0.255 [PODxx]ospf 20 vpn-instance 20 [PODxx]vpn-instance-capability simple [PODxx]area 0.0.0.0 [PODxx]network 192.168.20.0 0.0.0.255
Step8: Configure routing for the edge devices
MCE1 and MCE 2- [PODxx]bgp 65534 [PODxx]ipv4-family vpn-instance 10 [PODxx]import-route direct [PODxx]import-route ospf 10 [PODxx]ipv4-family vpn-instance 20 [PODxx]import-route direct [PODxx]import-route ospf 20
MCE1 and MCE2 - [PODxx]ip vpn-instance 10 [PODxx]vpn-target 10:1 export-extcommunity [PODxx]vpn-target 10:1 20:1 import-extcommunity [PODxx]ip vpn-instance 20 [PODxx]vpn-target 20:1 export-extcommunity [PODxx]vpn-target 20:1 10:1 import-extcommunity
Verify connectivity through PING
PCs in VPN10 should reach PCs in VPN 20.
Display the different routing tables for each VRF Instance on MCE
display ip routing table vpn-instance 10
display ip routing table vpn-instance 20
-
Advanced Enterprise Networking Technical Labs
- 9 -
Step6Save the configuration on all devices [PODxx]quit save mce.cfg startup saved-configuration mce.cfg
This concludes the MCE lab.
-
Advanced Enterprise Networking Technical Labs
- 1 -
Lab5: MPLS L3VPNs and VPLS
LAB5: MPLS L3VPNS AND VPLS .................................................................................................... - 1 -
1.1 OVERVIEW .................................................................................................................................................................................... - 1 - 1.2 LAB PURPOSE ................................................................................................................................................................................ - 1 - 1.3 PROCEDURES ................................................................................................................................................................................ - 1 -
Mission1 Reset Saved Configurations ..................................................................................................................................... - 1 - Mission2 Recable the Lab Topology ........................................................................................................................................ - 2 - Mission3 Assign Basic Configuration: .................................................................................................................................... - 3 - Mission4 Interior Gateway Protocol: ...................................................................................................................................... - 5 - Mission5 MPLS Configuration ................................................................................................................................................ - 6 - Mission6 Customer Connectivity ............................................................................................................................................. - 7 - Pod A Customer Connectivity: .................................................................................................................................................. - 7 - Pod B Customer Connectivity: .................................................................................................................................................. - 8 - Pod C Customer Connectivity: .................................................................................................................................................. - 9 - Mission7 Consider Methods of Distributing Customer Route Information ............................................................................ - 11 - Mission8 Consider Methods of Implementing BGP in the Provider Network ........................................................................ - 11 - Mission9 Configure BGP on the Provider Network: ............................................................................................................. - 14 - Mission10 Share Customer Networks using BGP: ................................................................................................................ - 14 - Mission11 Create MPLS Layer-3 VPNs Create VPN Instances and assign interfaces: ...................................................... - 14 - Mission12 MPLS Layer-3 VPNs Static Routing: ................................................................................................................ - 16 - Mission13 MPLS Layer-3 VPNs MBGP: ............................................................................................................................ - 17 - Mission14 Configuration Examples: ..................................................................................................................................... - 21 - Mission15 Configure VPLS.................................................................................................................................................... - 25 -
1.1 Overview In this lab exercise, you will: Understand the basic operation of MPLS, MPLS L3 VPNs, L2VPNs, and VPLS.
1.2 Lab purpose
1.3 Procedures
Mission1Reset Saved Configurations This Lab will begin by resetting the saved configuration on your four Switches.
Step1Reset the Saved configuration of your Core Switch #1 and Core Switch #2 and reboot: [PODxx]reset saved-configuration [PODxx]reboot Step2Reset the Saved configuration of your Access Switch #1 and Access Switch #2 and reboot: [PODxx]reset saved-configuration [PODxx]reboot
-
Advanced Enterprise Networking Technical Labs
- 2 -
Mission2Recable the Lab Topology
Step1Recable the Lab Topology according to the diagram #1.
T2/0/1
T2/0/2
G1/0/1 G1/0/1
G1/0/1
G1/0/1
G1/0/1
G1/0/1
T2/0/1
T2/0/1
T2/0/1
T2/0/1
G3/0/2G3/0/1
G3/0/2
G3/0/1G3/0/1
G3/0/2
T2/0/3
T2/0/2
T2/0/3 T2/0/2
T2/0/3
Core27506E
Core27506E
Access1S5800
Access1S5800
T2/0/1
Core17506E
Core17506E
Core27506E
Core27506E
Core17506E
Core17506E
Core17506E
Core17506E
Core27506E
Core27506E
Access2S5800
Access2S5800
Access1S5800
Access1S5800
Access2S5800
Access2S5800
Access2S5800
Access2S5800
Access1S5800
Access1S5800
Pod A Pod B
Pod C Diagram # 1.
-
Advanced Enterprise Networking Technical Labs
- 3 -
Mission3Assign Basic Configuration:
Step1Using diagram #2, note the three distinct roles your Switches will serve in this lab.
Core Switch #1 will serve as a Provider router: P router.
Core Switch # 2 will serve as a Provider Edge router: PE router
Both Access Switches will serve as Customer Edge routers, CE routers.
Step2Assign hostnames to your Switches according to this chart: [PODxx]sysname CE-3x enable telnet, tracert, superuser,
Hostnames Pod A Pod B Pod C Core-Switch #1 P-1 P-2 P-3 Core-Switch #2 PE-1 PE-2 PE-3 Access-Switch #1 CE-1A CE-2A CE-3A Access-Switch #2 CE-1B CE-2B CE-3B
Step3Enable telnet, and traceroute on all four of your Switches: [PODxx]sysname Step4Confirm the cabling topology is correct and functional using LLDP protocol. [PODxx]sysname
-
Advanced Enterprise Networking Technical Labs
- 4 -
Step5Create six VLANs and assign interfaces to VLANs as shown in diagram #2. All of these ports should be configured as access ports.
Pod A Pod B Pod C VLAN 11 VLAN 22 VLAN 33 VLAN 101 VLAN 201 VLAN 301 VLAN 102 VLAN 202 VLAN 302 VLAN 161 VLAN 161 VLAN 161 VLAN 162 VLAN 162 VLAN 162
VLAN 163 VLAN 163 VLAN 163
G1/0/1 G1/0/1
G1/0/1G1/0/1
G3/0/2G3/0/1
G3/0/2
G3/0/1G3/0/1
G3/0/2
T2/0/3
T2/0/3 T2/0/2
T2/0/2
T2/0/2T2/0/3
PCore-1
PCore-1
PECore-2PE
Core-2
T2/0/1
T2/0/1
T2/0/1 T2/0/1
T2/0/1
T2/0/1
G1/0/1 G1/0/1
CEAccess-1
CEAccess-1
CEAccess-2
CEAccess-2
CEAccess-1
CEAccess-1
CEAccess-1
CEAccess-1
CEAccess-2
CEAccess-2
CEAccess-2
CEAccess-2
PCore-1
PCore-1
PCore-1
PCore-1
PECore-2PE
Core-2
PECore-2PE
Core-2
Pod A Pod B
Pod C
VLAN 11VLAN 11
VLAN 161VLAN 161
VLAN 163VLAN 163 VLAN 162VLAN 162
VLAN 33VLAN 33
VLAN 202VLAN 202
VLAN 201VLAN 201
VLAN 302VLAN 302VLAN 301VLAN 301
VLAN 101VLAN 101
VLAN 102VLAN 102
VLAN 22VLAN 22
Diagram # 2.
-
Advanced Enterprise Networking Technical Labs
- 5 -
int VLAN 161
OSPFArea 0OSPFArea 016.1.1.2 /30
16.1.1.1 /3016.0.1.1 /30
16.2.2.2 /30
16.2.2.1 /30
16.3.3.1 /3016.3.3.2 /30
16.0.1.2 /30
16.0.3.2 /30
16.0.3.1 /30
16.0.2.1 /30
16.0.2.2 /30
16.0.0.0 /8
Loopback 016.0.0.1Loopback 016.0.0.1
Loopback 016.0.0.11
Loopback 016.0.0.33
Loopback 016.0.0.3Loopback 016.0.0.3
Loopback 016.0.0.22
Loopback 016.0.0.2Loopback 016.0.0.2
Pod A Pod B
Pod C
int VLAN 163
int VLAN 163 int VLAN 162
int VLAN 161
int VLAN 162
int VLAN 22
int VLAN 22int VLAN 11
int VLAN 11
int VLAN 101int VLAN 101
int VLAN 102
int VLAN 102
int VLAN 201 int VLAN 201
int VLAN 202
int VLAN 202
int VLAN 33
int VLAN 33
int VLAN 301
int VLAN 301
int VLAN 302
int VLAN 302
CE-1ACE-1A
CE-1BCE-1BCE-1B CE-2BCE-2BCE-2B
CE-3BCE-3BCE-3B
CE-2ACE-2A
CE-3ACE-3A
P3P3
P2P2P1P1
PE1PE1
PE3PE3
PE2PE2
Diagram # 3.
Step6On your Provider router (Core Switch #1) create three vlan interfaces and assign IP addresses to these vlan interfaces as shown in diagram #3.
Step7On your Provider-Edge router (Core Switch #2) create three vlan interfaces and assign IP addresses to these vlan interfaces as shown in diagram #3.
Step8On your Customer-Edge routers (Access Switch #1 and Access Switch #2) create one vlan interface on each of these routers as shown in diagram # 3. IP addresses will be assigned to these interfaces later.
Mission4Interior Gateway Protocol:
Step1Create Loopback interface 0 on your Provider router and Provider-Edge router and assign an IP address to this Loopback interface using diagram # 3. Use a /32 mask on this IP address.
Step2Configure the OSPF interior gateway routing protocol on both your Provider routers. Use Loopback 0 as the router ID, and activate OSPF on all interfaces that have been assigned an IP address. All interfaces should belong to OSPF area 0.
Step3Test your OSPF configuration by reviewing your routing tables. Your Provider-Edge router should be able to ping the other two Provider-Edge routers in the classroom. Your Provider-Edge router should be able to ping all three Provider routers.
-
Advanced Enterprise Networking Technical Labs
- 6 -
Mission5MPLS Configuration Configure MPLS on your Provider network.
Step1Configure MPLS on your Provider router and your Provider Edge router. Use the Label Distribution Protocol, LDP, to share and learn MPLS labels from your directly connected neighbors. Choose your Loopback 0 interface as your LDP router-ID.
Step2Confirm that an LDP peer is established between your Provider router and your Provider-Edge router
Step3Confirm that an LDP peer is established between your Provider router and the other two Provider routers.
Step4Review your Label Information Base to ensure your Provider-Edge router has learned labels from your Provider router.
Step5Ping from your Provider-Edge router to the Loopback 0 interface of another Provider-Edge router. This ping should be successful. What label does your PE router push onto this ping? __________.
Step6When this ping is processed by your P router, your P router will replace this label with which label? ____________
Step7When this ping is processed by the next P router, what action will be taken by the next P router? ____________
Step8Ping from your Provider-Edge router to the Loopback 0 interface of the remaining (third) PE router. This ping should be successful. Indentify the set of MPLS labels that are used for this Label Switching Path: ____________.
P3P3
P2P2P1P1
PE1PE1
PE3PE3
PE2PE2LDP
LDP
LDP
LDP
LDP
LDP
AS 100
OSPFArea 0OSPFArea 0
MPLSMPLS
Loopback 016.0.0.1Loopback 016.0.0.1 Loopback 016.0.0.2
Loopback 016.0.0.2
Loopback 016.0.0.3Loopback 016.0.0.3
-
Advanced Enterprise Networking Technical Labs
- 7 -
Mission6Customer Connectivity
Pod A Customer Connectivity:
Step1Your Access-Switches will serve as Customer Edge routers.
Step2Assign IP addresses to the vlan interface that connects your PE router to your CE router CE-2A.
Step3Assign IP addresses to the vlan interface that connects your PE router to your CE router CE-2B.
CE-1A CE-1B PE-2 vlan interface 201.1.1.2 /30 202.1.1.2 /30 CE vlan interface 201.1.1.1 /30 202.1.1.1 /30
Step4 Ensure that you can ping from your PE router to the CE-1A and CE-1B and vice versa.
P1P1
PE1PE1
202.1.1.0 /24202.1.1.0 /24
201.1.1.0 /24201.1.1.0 /24
201.1.1.33 /27
202.1.1.33 /27
CE-1ACE-1ACE-1A
CE-1BCE-1B
201.1.1.65 /27201.1.1.1 /30201.1.1.2 /30
202.1.1.65 /27
202.1.1.2 /30
202.1.1.1 /30
0.0.0.0
0.0.0.0
int VLAN 101
int VLAN 102
Diagram # 4 Pod A
Step5Create two Loopback interfaces on each Customer Edge router to serve as internal Customer networks. If you prefer, use physical interfaces. Assign IP addresses to the two internal Customer networks as follows:
CE-1A CE-1B
Customer LAN interface-1 201.1.1.33 /27 202.1.1.33 /27 Customer LAN interface-2 201.1.1.65 /27 202.1.1.65 /27
-
Advanced Enterprise Networking Technical Labs
- 8 -
Step6Can you ping these two new Loopback interfaces from your PE router? _______ Why not? __________
Step7On your PE router, create a static route to the entire /24 IP address block of Customer A and a static route to the /24 IP address block of Customer B.
Step8Ping from your PE router to both Loopback interfaces of both CE routers. These pings should be successful.
Step9.Confirm that your CE routers can ping the directly connected interface of the PE router. Can your CE routers ping the Loopback 0 interface of the PE router? __________ Why not? __________
Step10Configure a default route on both CE routers. Confirm that your CE routers can ping the Loopback 0 interface of the PE router. Confirm that your CE-A router can ping both Loopback interfaces of CE-B router (and vice versa). These pings should be successful.
Pod B Customer Connectivity:
Step11Your Access-Switches will serve as Customer Edge routers.
Step12Assign IP addresses to the vlan interface that connects your PE router to your CE router CE-2A.
Step13Assign IP addresses to the vlan interface that connects your PE router to your CE router CE-2B.
CE-2A CE-2B PE-2 vlan interface 201.2.2.2 /30 202.2.2.2 /30 CE vlan interface 201.2.2.1 /30 202.2.2.1 /30
Step14 Ensure that you can ping from your PE router to the CE-A and CE-B and vice versa.
P2P2
PE2PE2
202.2.2.0 /24202.2.2.0 /24
201.2.2.0 /24201.2.2.0 /24
201.2.2.33 /27
202.2.2.33 /27
CE-2ACE-2ACE-2A
CE-2BCE-2B
201.2.2.65 /27201.2.2.1 /30201.2.2.2 /30
202.2.2.65 /27
202.2.2.2 /30
202.2.2.1 /30
0.0.0.0
0.0.0.0
int VLAN 201
int VLAN 202
Diagram # 4 Pod B
Step15Create two Loopback interfaces on each Customer Edge router to serve as internal Customer networks. If you prefer, use physical interfaces. Assign IP addresses to the two internal Customer networks as follows:
CE-2A CE-2B
-
Advanced Enterprise Networking Technical Labs
- 9 -
Customer LAN interface-1 201.2.2.33 /27 202.2.2.33 /27 Customer LAN interface-2 201.2.2.65 /27 202.2.2.65 /27
Step16Can you ping these two new Loopback interfaces from your PE router? _______ Why not? __________
Step17On your PE router, create a static route to the entire /24 IP address block of Customer A and a static route to the /24 IP address block of Customer B.
Step18Ping from your PE router to both Loopback interfaces of both CE routers. These pings should be successful.
Step19.Confirm that your CE routers can ping the directly connected interface of the PE router. Can your CE routers ping the Loopback 0 interface of the PE router? __________ Why not? __________
Step20Configure a default route on both CE routers. Confirm that your CE routers can ping the Loopback 0 interface of the PE router. Confirm that your CE-A router can ping both Loopback interfaces of CE-B router (and vice versa). These pings should be successful.
Pod C Customer Connectivity:
Step1Your Access-Switches will serve as Customer Edge routers.
Step2Assign IP addresses to the vlan interface that connects your PE router to your CE router CE-3A.
Step3Assign IP addresses to the vlan interface that connects your PE router to your CE router CE-3B.
CE-3A CE-3B PE-3 vlan interface 201.3.3.2 /30 202.3.3.2 /30 CE vlan interface 201.3.3.1 /30 202.3.3.1 /30
Step4 Ensure that you can ping from your PE router to the CE-A and CE-B and vice versa.
P3P3
PE3PE3
202.3.3.0 /24202.3.3.0 /24
201.3.3.0 /24201.3.3.0 /24
201.3.3.33 /27
202.3.3.33 /27
CE-3ACE-3ACE-3A
CE-3BCE-3B
201.3.3.65 /27201.3.3.1 /30201.3.3.2 /30
202.3.3.65 /27
202.3.3.2 /30
202.3.3.1 /30
0.0.0.0
0.0.0.0
int VLAN 301
int VLAN 302
Diagram # 4 Pod C
-
Advanced Enterprise Networking Technical Labs
- 10 -
Step5Create two Loopback interfaces on each Customer Edge router to serve as internal Customer networks. If you prefer, use physical interfaces. Assign IP addresses to the two internal Customer networks as follows:
CE-3A CE-3B
Customer LAN interface-1 201.3.3.33 /27 202.3.3.33 /27 Customer LAN interface-2 201.3.3.65 /27 202.3.3.65 /27
Step6Can you ping these two new Loopback interfaces from your PE router? _______ Why not? __________
Step7On your PE router, create a static route to the entire /24 IP address block of Customer A and a static router to the /24 IP address block of Customer B.
Step8Ping from your PE router to both Loopback interfaces of both CE routers. These pings should be successful.
Step9.Confirm that your CE routers can ping the directly connected interface of the PE router. Can your CE routers ping the Loopback 0 interface of the PE router? __________ Why not? __________
Step10Configure a default route on both CE routers. Confirm that your CE routers can ping the Loopback 0 interface of the PE router. Confirm that your CE-A router can ping both Loopback interfaces of CE-B router (and vice versa). These pings should be successful.
-
Advanced Enterprise Networking Technical Labs
- 11 -
Mission7Consider Methods of Distributing Customer Route Information
Your PE router now has complete knowledge of both Customer sites, and your PE router can ping the internal Loopback addresses of both Customer sites. However, the other PE routers in the classroom cannot ping your customer sites. Why is this the case? ________ Do the other PE and P routers have a route to your two Customer sites? ___________
Viewing this problem from a different perspective, your PE router cannot ping any other Customer site other than the locally connected site. Most importantly, the Customer Sites cannot ping each other, for it is our primary objective that the Customer site be able to ping each other.
To provide the desired end-to-end connectivity, your two Customer networks must be shared with the routers in the Provider network. Lets consider several methods for sharing your two /24 Customer networks with the other
Method #1 Share routes with the Customer using OSPF and inject the Customer networking into OSPF.
OSPF is designed to function as an interior Gateway Protocol. Injecting Customer prefixes into the Providers IGP will increase the instability of the Provider network. Method # 1 is a bad idea.
Method #2 Import the static routes for each Customer site into OSPF.
Importing routes into OSPF will produces External, type 5 LSAs which will flood thoughout the Autonomous System. It is better to see these Customer networks as external LSAs than internal LSAs as would be the case in Method # 1; however, it would be better to completely eliminate any external customer networks from OSPF. OSPF, the Providers IGP, should include only internal Provider subnets and be free of external routes from foreign networks over which the provider has little control. Method # 2 is better that Method # 1, but still not a good idea.
Method #3 Use BGP, the Border Gateway Protocol, to desiminate the customer prefixes from one PE router to all the other PE routers.
BGP is a much better routing protocol choice to carry external, customer routing information. In fact, BGP is designed as an exterior routing protocol and can carry thousands of external networks. Method # 3 is the best method to share the Customer prefixes from one site to the others.
Mission8Consider Methods of Implementing BGP in the Provider Network Now that we have chosen BGP as the protocol to share the Customer prefixes and provide the desired Customer site-to-site connectivity, lets consider various methods of implementing BGP in our Provider network.
Method #1 Configure a Full-mesh of iBGP on all Provider routers.
BGP Design Method # 1 is shown in diagram # 5.
-
Advanced Enterprise Networking Technical Labs
- 12 -
P3P3
P2P2P1P1
PE3PE3
PE2PE2PE1PE1
iBGP
AS 100
OSPFArea 0OSPFArea 0
iBGPiBGP
CE-1ACE-1ACE-1A
CE-1BCE-1B CE-2BCE-2B
CE-2ACE-2ACE-2A
202.3.3.0 /24202.3.3.0 /24201.3.3.0 /24201.3.3.0 /24
CE-3BCE-3BCE-3ACE-3ACE-3A
201.1.1.0 /24201.1.1.0 /24
202.1.1.0 /24202.1.1.0 /24 202.2.2.0 /24202.2.2.0 /24
201.2.2.0 /24201.2.2.0 /24
Diagram # 5. BGP Design Method # 1 - iBGP Full-Mesh (also known as iBGP Full-Mess) Method # 2 iBGP Full-Mesh with Route-Reflectors
Method # 1, a full-mesh of iBGP on all Provider Routers, will be complicated, difficult to support, and hard to scale. BGP supports the use of Route Reflectors to simplify the iBGP toplogy. Method # 2 identifies the three Provider routers as Route Reflectors with one client each. This topology is much simpler, and more scalable than an iBGP full mesh. Method # 2 is shown in diagram # 6.
P3P3
P2P2P1P1
PE3PE3
PE2PE2PE1PE1
iBGPAS 100
iBGPRoute ReflectorsRoute Reflectors
CE-1ACE-1ACE-1A
CE-1BCE-1B CE-2BCE-2B
CE-2ACE-2ACE-2A
202.3.3.0 /24202.3.3.0 /24201.3.3.0 /24201.3.3.0 /24
CE-3BCE-3BCE-3ACE-3ACE-3A
201.1.1.0 /24201.1.1.0 /24
202.1.1.0 /24202.1.1.0 /24 202.2.2.0 /24202.2.2.0 /24
201.2.2.0 /24201.2.2.0 /24
Diagram # 6. BGP Design Method # 2 - iBGP Full-Mesh with Route Reflectors.
-
Advanced Enterprise Networking Technical Labs
- 13 -
Method # 3 iBGP Removal from Core - Full-Mesh of PE Routers with MPLS One of the benefits of using MPLS in the Provider Network is that iBGP can be removed from the core of the Provider Network; BGP is only necessary on the PE routers. Removing iBGP from the Core of the Provider network will free up resources on the core devices and further simplify the iBGP design. Another advantage of this design is that the Customer devices will no longer have access to the Core of the Provider network. Our objective is to provide Customer site-to-site connectivity. Customer access to the core of the Provider network is not desired. Since MPLS has already been configured in the Provider network, we can take advantage of this and choose Method # 3 as our best method of sharing Customer routes across the provider network. Method # 3, Full mesh of iBGP only on the PE routers, shown in diagram # 7, is our selected method of sharing the customer prefixes from site to site and providing site to site connectivity for both customers. In the next steps, we will proceed to configure BGP following BGP design method # 3.
OSPFArea 0OSPFArea 0
P3P3
P2P2P1P1
PE3PE3
PE2PE2PE1PE1
iBGP
AS 100
iBGPiBGPMPLSMPLS
CE-1ACE-1ACE-1A
CE-1BCE-1B CE-2BCE-2B
CE-2ACE-2ACE-2A
202.3.3.0 /24202.3.3.0 /24201.3.3.0 /24201.3.3.0 /24
CE-3BCE-3BCE-3ACE-3ACE-3A
201.1.1.0 /24201.1.1.0 /24
202.1.1.0 /24202.1.1.0 /24 202.2.2.0 /24202.2.2.0 /24
201.2.2.0 /24201.2.2.0 /24
Diagram # 7. BGP Design Method # 3 - iBGP Full-Mesh of iBGP on the PE routers only using MPLS.
-
Advanced Enterprise Networking Technical Labs
- 14 -
Mission9Configure BGP on the Provider Network:
Step1Configure an iBGP peer from your PE router to both of the other PE routers. Use Loopback interface 0 as your BGP router-ID.
Step2Use the Loopback interface 0 IP address as the source and destination of all three iBGP sessions.
Step3Confirm that both of your iBGP sessions are established. If not, confirm that you have a /32 OSPF route in your routing table for both of the other PE routers Loopback 0 interface. You should be able to ping the Loopback 0 interface of the PE routers from your PE router.
Mission10Share Customer Networks using BGP:
Step1Import your Static routes to Customer Site A and Customer Site B into BGP on your PE route.
Step2Confirm that the other PE routers see your two Customer networks in their BGP tables.
Step3Ensure that you have achieved site-to-site Customer connectivity for Customer-A by pinging from your CE-A router to the Customer inside networks at the other two Customer A locations.
Step4Ensure that you have achieved site-to-site Customer connectivity for Customer-B by pinging from your CE-B router to the Customer inside networks at the other two Customer B locations
Step5Trace from your Customer CE-A to the internal subnets of both of the other Customer A locations. This trace should show five hops.
Step6Trace from your Customer CE-B to the internal subnets of both of the other Customer B locations. This trace should show five hops.
Step7Confirm that you are label swapping by reviewing the routing table of the P routers. You should find no customer networks in the routing tables of the P routers; yet, customer site-to-site traffic flows through the P routers.
Mission11Create MPLS Layer-3 VPNs Create VPN Instances and assign interfaces:
A logical full-mesh of site-to-site connectivity has now been configured for all locations of Customer-A and Customer-B. However, there is no separation between the Customer-A traffic and the Customer-B traffic. To prove this, ping from your CE-A router to at least one CE-B router. This ping shows that traffic can flow from Customer-A to Customer-B. This traffic flow from one Customer to another is not desired. Each Customer requires private connectivity between their three sites only. To achieve this objective, you will configure two MPLS Layer 3 VPNs. More specifically, you will create the Red VPN for Customer A and the Green VPN for Customer B.
-
Advanced Enterprise Networking Technical Labs
- 15 -
PP
PEPELDP
MP-iBGP
201.1.1.0 /24201.2.2.0 /24202.1.1.0 /24202.2.2.0 /24201.3.3.0 /24202.3.3.0 /24
201.1.1.0 /24201.2.2.0 /24201.3.3.0 /24
202.1.1.0 /24202.2.2.0 /24202.3.3.0 /24
202.3.3.0 /24
201.3.3.0 /24
GreenGreen
RedRed
CE-3BCE-3B
CE-3ACE-3ACE-3A
VPN InstanceRed
VPN InstanceRed
VPN InstanceGreen
VPN InstanceGreen
Route TargetRoute Target
Step1Before beginning this Mission, remove the static route to your Customer site prefix. This will will remove theCustomer networks from the global instance of BGP and disconnect the customer sites. Connectivity will be restored using MPLS Layer-3 VPNs.
=== Customer A ===
Step2Create a VPN instance for each Customer:
Customer VPN Instance Name Route Target Route Distinguisher
Customer A Red 100:201 100:201 Customer B Green 100:202 100:202
.
Step3Display the VPN instance to confirm both the Route Target and the Router Distinguisher are properly set.
Step4Display the routing table for the Red VPN instance. This routing table should exist, but no routes will be found in the table.
Step5Assign the vlan interface that connects to Customer-A to the Red VPN instance.
Step6Confirm that IP address 201.x.0.2 /30 is assigned to this interface. Some vendors remove the IP address from an interface when the interface is assigned to a VPN instance.
Step7Again, review the Red VPN routing table. You should find one directly connected route in the Red routing table.
Step8Connectivity between your Red Customer and your PE router has now been established. Test this connectivity by pinging the PE router from your Red CE router. This ping should be successful.
Step9Test connectivity in the other direction by pinging from your PE router to the directly connected interface of the Customer CE router. This ping should work. Be careful, you must ping from the Red VPN instance!
-
Advanced Enterprise Networking Technical Labs
- 16 -
=== Customer B ===
Step10Create a VPN instance for your Customer on your PE router. The Customer Router will have no knowledge of VPNs or MPLS.
Customer VPN Instance Name Route Target Route Distinguisher
Customer A Red 100:201 100:201 Customer B Green 100:202 100:202
Step11Display the VPN instance to confirm both the Route Target and the Router Distinguisher are properly set.
Step12. Display the routing table for the Green VPN instance. This routing table should exist, but no routes will be found in the table.
Step13Assign the vlan interface that connects to Customer-B to the Green VPN instance.
Step14Confirm that IP address 202.x.0.2 /30 is assigned to this interface. Some vendors remove the IP address from an interface when the interface is assigned to a VPN instance.
Step15Again, review the Green VPN routing table. You should find one directly connected route in the Green routing table.
Step16Connectivity between your Green Customer and your PE router has now been established. Test this connectivity by pinging the PE router from your Green CE router. This ping should be successful.
Step17Test connectivity in the other direction by pinging from your PE router to the directly connected interface of the Customer CE router. This ping should work. Be careful, you must ping from the Green VPN instance!
Mission12MPLS Layer-3 VPNs Static Routing: === Customer A ===
Step1Your PE router can ping the directly connected interface of Customer A within the Red VPN instance, but your PE router cannot ping the internal Customer networks because the PE router has no route to these destinations.
Step2Create a static route to the block of IP addresses at your Red Customer site: 201.x.x.0 /24. Be sure to place this static route in the Red VPN instance.
Step3Display the Red VPN routing table. You should find one directly connected route and one static route in the Red routing table.
Step4Ping within the Red VPN from your PE router to the internal interfaces of your Red Customer router. This ping should be successful.
Step5Can you ping the internal interfaces of any other Red CE router?. ______
Step6Can your CE router ping any other Red Customer site? _____
-
Advanced Enterprise Networking Technical Labs
- 17 -
=== Customer B ===
Step7Your PE router can ping the directly connected interface of Customer B within the Green VPN instance, but your PE router cannot ping the internal Customer networks because the PE router has no route to these destinations.
Step8Create a static route to the block of IP addresses at your Green Customer site: 202.x.x.0 /24. Be sure to place this static route in the Green VPN instance.
Step9Display the Green VPN routing table. You should find one directly connected route and one static route in the Green routing table.
Step10Ping within the Green VPN from your PE router to the internal interfaces of your Green Customer router. This ping should be successful.
Step11Can you ping the internal interfaces of any other Green CE router?. ______
Step12Can your CE router ping any other Green Customer site? _____
Mission13MPLS Layer-3 VPNs MBGP: To provide site-to-site connectivity, the routes in your Red VPN routing table must be advertised to the other PE routers. MPBGP will be used to distribute your VPN routes to the other PE routers, and the BGP extended community Route Target will help to place these routes in the proper VPN routing table on the other PE routers.
202.2.2.0 /24202.1.1.0 /24
201.2.2.0 /24201.1.1.0 /24
OSPFArea 0OSPFArea 0
P3P3
P2P2P1P1
PE2PE2PE1PE1
MP-iBGP
AS 100
MPLSMPLSMP-iBGP MP-iBGP
Loopback 016.0.0.1
Loopback 016.0.0.1
Loopback 016.0.0.2
Loopback 016.0.0.2
Loopback 016.0.0.3
Loopback 016.0.0.3
CE-1ACE-1ACE-1A
CE-1BCE-1B CE-2BCE-2B
CE-2ACE-2ACE-2A
202.3.3.0 /24202.3.3.0 /24201.3.3.0 /24201.3.3.0 /24
CE-3BCE-3BCE-3ACE-3ACE-3A
PE3PE3
-
Advanced Enterprise Networking Technical Labs
- 18 -
=== Customer A ===
Step1Review your configuration of BGP. Notice that two BGP address families have been automatically created.
Step2Create an address family within the BGP process for vpnv4 prefixes. Enable the sharing of vpnv4 prefixes with both your iBGP peers, (the other PE routers).
Step3Share your Red VPN static route with the other PE routers as a vpnv4 route. To do this, import your static route into the Red address family of BGP.
Step4Telnet to another PE router, and display its Red VPN routing table. Ensure your customer prefix is in the routing table.
Step5Test Customer site-to-site connectivity by pinging from your CE-A router to an internal interface of both the other CE-A routers.
Step6When your lab partner has completed this Mission, test the separation of the Red and Green Customer networks by attempting to ping from your Red Customer site into any Green customer site. This ping should not work since no route to the other customer network exists in the PE Red VPN instance.
201.2.2.0 /24201.1.1.0 /24
201.3.3.0 /24
CE-1ACE-1ACE-1A CE-2ACE-2ACE-2A
CE-3ACE-3ACE-3A
=== Customer B ===
-
Advanced Enterprise Networking Technical Labs
- 19 -
Step7Review your configuration of BGP. Notice that two BGP address families have been automatically created.
Step8Create an address family within the BGP process for vpnv4 prefixes. Enable the sharing of vpnv4 prefixes with both your iBGP peers, (the other PE routers).
Step9Share your Green VPN static route with the other PE routers as a vpnv4 route. To do this, import your static route into the Green address family of BGP.
Step10Telnet to another PE router, and display its Green VPN routing table. Ensure your customer prefix is in the routing table.
Step11Test Customer site-to-site connectivity by pinging from your CE-B router to an internal interface of both the other CE-B routers.
Step12When your lab partner has completed this Mission, test the separation of the Red and Green Customer networks by attempting to ping from your Green Customer site into any Red customer site. This ping should not work since no route to the other customer network exists in the PE Green VPN instance.
202.1.1.0 /24
202.3.3.0 /24
202.2.2.0 /24
CE-1BCE-1B
CE-3BCE-3B
CE-2BCE-2B
201.2.2.0 /24201.1.1.0 /24
201.3.3.0 /24
CE-1ACE-1ACE-1A CE-2ACE-2ACE-2A
CE-3ACE-3ACE-3A
202.1.1.0 /24
CE-1BCE-1B
202.3.3.0 /24
CE-3BCE-3B
202.2.2.0 /24
CE-2BCE-2B
-
Advanced Enterprise Networking Technical Labs
- 20 -
-
Advanced Enterprise Networking Technical Labs
- 21 -
Mission14Configuration Examples:
sysname PE-1
telnet server enable
#
#
user-interface vty 0 4
authentication-mode none
user privilege level 3
#
ip ttl-expires enable
ip unreachables enable
#
lldp enable
#
#### VLAN ####