Mpls vpn L3 PE-CE static explanation
L3 mpls vpn static CE route configuration: -- 1. IGP is deployed between P and PE devices to ensure that the loopback address is reachable. -- 2. Deploy LDP, IGP, and LDP between P and PE devices for Label Distribution of backbone networks. IGP ensures that the loop ports between PES can be reached, so that LDP can work normally. -- 3, PE equipment between establish MP-BGP Neighbor Relationship -- 4, PE equipment configuration related VRF and interface -- 5, configure the routing protocol between PE-CE (static) -- 6, introduce the CE route to the relevant vrf bgp of the PE. finally, the routing between CE---CE can interwork, And the loopback between CE R1 and R2 can interwork. suggestion: When configuring BGP on PE, it must be in the Global: no bgp default ipv4-unicast strongly recommended. between PES, you only need to establish the BGP neighbor of the loop port. Because BGP is carried by IPv4 routes by default globally, but the routes between ce and ce are not carried by BGP. So for logic clarity, we recommend global elimination of ipv4-unicast. activate in address-family ipv4-unicast. PE router bgp 1no bgp default ipv4-unicast // we recommend that you disable the default IPv4 bearer. neighbor 7.7.7 remote-as 1 // global BGP neighbor, global neighbor between PE and PE. neighbor 7.7.7 update-source loop0! Address-family vpnv4 // introduces the address family, which is MP-BGP, Multi-Protocol BGP. // address families include IPv4, IPv6, and VPNV4. multicast. in the future, it can be expanded based on the protocol development. neighbor 7.7.7 active // activate the VPNV4 neighbor. In this way, the following command is automatically generated. neighbor 7.7.7 send-community extended // extended group attributes will carry RD/rt to the peer, in this way, at the control level, there is a way to import the route prefix to the peer device from global to VRF. this command is automatically generated on the cisco device and cannot be deleted. Otherwise, RD/RT cannot be passed. There is also the VPN label assigned to me by the peer PE of BGP for this private network. exit-address-family. Therefore, in addition to the global bgp neighbors, there are also bgp vpnv4 neighbors. run the show ip bgp vpnv4 all summary command to view the information. here, the VPNV4 neighbor relationship has been established, and the RT/RD can be carried to the peer end. (private group attributes cannot be passed, so you need to specify a command to enable the transfer ). for RT, on the PE device, both the export and import must correspond to the following: ||||||||| after vrf is configured, the vrf address family is automatically generated in BGP. \/only redistribution is required. very intelligent. re-distribution of the CE-side routing protocol is required manually: Next, the routing protocol between PE--CE. here we use static routing. finally, you can use show ip bgp vpnv4 all to view PE5 and PE7. both local and peer CE routing information is available. and we can see that the carrying RD is, RT Go to the route details page. Tag. The outer tag is assigned by LDP and there is nothing to see. The focus here is on the VPN label. For the whole packet label forwarding, such as: Finally, the Traceroute above R5 can also be seen, to R6 strip the outer label. In R7, the VPN label is stripped. there are two tags in total. configuration case: the topology is as follows: Of course, the packet encapsulation and forwarding process is described in the experiment, and related configurations are attached. 1. When the RD of the two ends of the PE is different in the principle section, when the two RD ends are the same, they will not be maintained as the same routing Prefix: Let's look at the tag allocation, includes mpls ldp labels and labels assigned by the MP-BGP: On R5, the route prefix for 2.2.2.2 VPNv4, the RT export for the peer end is 100:2. for the label assigned by the MP-BGP, the peer MP-BGP allocates the 704 label for the prefix and advertises it to the local end. so the out tag is 704. tags are not assigned with this prefix locally. because the PE-1-R5 is IP ---> MPLS. therefore, in the CEF table, more complete tag information will be recorded: as shown in the following figure, for 2.2.2.2/32, the outer tag (LDP) is allocated to R5 local end 602. while the label assigned to me by the MP-BGP is the 704.602 label, for the global, it is actually the back port label of the R7 to the end, Because of BGP + MPLS, labels are allocated only for the next hop of the BGP Route prefix. Therefore, in mpls forwarding-table, the route prefix 2.2.2.2 VPNV4 is not displayed, but the result of tag. Traceroute of 7.7.7.7 is directly displayed. We can also see the work of these two labels: CE1 traceroute, to the PE-1-R5, is the IP packet, to the second hop R6, when going out with mpls ldp label 602, the VPNV4 label 704 assigned by the MP-BGP reaches R6. the third hop, because R6 is the penultimate hop, the outer label 602 is stripped when passed to the PE-2-R7. then only the packet carries the 704 MP-BGP label to R7, the last R7 according to the 704 label, the paper is sent to the relevant vrf interface, and finally reached the last hop. on R7, show ip cef vrf Hank detail shows that R7 indeed assigned the label 704 of the local MP-BGP for 2.2.2.2 this vpnv4 route Prefix: Finally, the loop0 of CE1 to the loop0 of ce2. 2. configuration & Note: For CE, there is no special interface IP address, followed by static routing. CE1-R1: interface Loopback0ip add Ress 1.1.1.1 255.255.255.255! Interface Ethernet0/0ip address 10.0.15.1 255.255.255.0! Ip route 2.2.2.2 255.255.255.255 10.0.15.5CE2-R2: interface Loopback0ip address 2.2.2.2 255.255.255.255! Interface Ethernet0/1ip address 10.0.27.2 255.255.0! Ip route 1.1.1.1 255.255.255.255.255 10.0.27.7 for PE, each configuration must be properly configured. PE-1-R5: ip vrf Hank // create a vrf on the PE-1-R5. rd // RD is only a local route ID, which is valid locally. Therefore, R5 is configured. r7 configuration no problem at all. route-target export 100// RT export. For the control plane, the RT export 100at the local end must be consistent with the RT import at R7. otherwise, the route to R7 cannot be imported. route-target import 100:2 // RT import. For the control plane, the RT export 100:2 at the peer end must correspond to the RT import of the local VRF. Otherwise, you cannot import a route from R7 to R5 .! Ip cef // cef is a FIB table and must be enabled. LDP is based on the FIB table. If cef is disabled, the show mpls forwarding-table is the metric item. mpls label range 500 599 // in this case, 99 labels are allocated for R5. starting from 500, it looks nice. in the real implementation network, the range cannot be configured in this way. Otherwise, the current network service will be affected because the routing prefix exceeds the range and the label is not available. mpls label protocol ldp // This is the default label distribution protocol of the system. after manual modification, you can change it to TDP. mpls ldp router-id Loopback0 force // The router-id of mpls LDP is forcibly set to loop0 .! // For the loop interface, I would like to say a few more words here. It must be configured with a 32-bit mask, at least a good habit. Why? The main reason is that the IGP protocol OSPF is used. We know that in the core backbone network, RIP, OSPF, is the most widely used. (the 16-hop of RIP limits that this Protocol cannot be used in medium and large networks. The VPN protocol is a cisco private protocol, and no carrier uses it because the compatibility of other devices needs to be considered. ISIS uses less), and OSPF is the last. OSPF. The default network type is broadcast. there is a feature: loopback port. If the network type is not changed to point-to-point, if the configured mask is 24 bits, a label will be assigned locally for 5.5.5.0/24, however, igp ospf is passed to other routers with a 32-bit mask. In this way, even if the labels 5.5.5.0/24 are advertised to other neighbors locally, the IGP route received by other neighbors is 5.5.5/32, the label does not match the route prefix, so the LSP is broken. eventually, the label cannot be found and packet loss occurs from the previous vro. interface Loopback0ip address 5.5.5.5 255.255.255.255! Interface Ethernet0/0ip vrf forwarding Hank/CE end interface, you need to divide the interface into VRF for distinction between CE. ip address 10.0.15.5 255.255.255.0! Interface Ethernet0/1ip address 9.0.56.5 255.255.255.0mpls label protocol ldp // default configuration under the interface. Mpls ip // You must manually enable it to indicate that this interface runs the LDP protocol .! // OSPF, the IGP protocol of the backbone network. Therefore, the VRF parameter cannot be carried. All the loopback ports and backbone interfaces must be connected to the network. After IGP is enabled, LDP can smoothly establish neighbors and distribute labels. router ospf 1router-id 5.5.5network 5.5.5.5 0.0.0.0 area 0 network 9.0.56.5 0.0.0.0 area 0! // BGP is the main play, the following configuration is MP-BGP, because it carries IPv4, vrf IPv4, VPNV4. if necessary, the MP-BGP also needs to bear more protocols in. router bgp 1000bgp router-id 5.5.5 // The loopback interface of bgp is used. TCP is reachable, and neighbors can be established. bgp log-neighbor-changesno bgp default ipv4-unicastneighbor 7.7.7 remote-as 1000 // establish BGP neighbor 7.7.7.7 update-source Loopback0 // use loopbackport when updating source, otherwise, the output interface is used by default .! Address-family ipv4 // because no bgp default ipv4 is set globally, the global IBGP neighbor. neighbor 7.7.7.7 activateexit-address-family must be activated in the ipv4 address family! // The following VPNV4 address family is one of the many protocols hosted by the MP-BGP. when the VRF interface imports the route to the global BGP, it carries the RD/RT and tag attributes. these will be carried in the VPNv4 address family as the extended group property of the MP-BGP and then sent to the peer. Therefore, the VPNv4 neighbor must be activated. Otherwise, the extended group attribute cannot be passed. address-family vpnv4neighbor 7.7.7.7 activateneighbor 7.7.7.7 send-community extendedexit-address-family! // For ipv4 vrf xxx, the route of the VRF interface must be re-distributed to BGP. A vrf --> BGP import process is required. in this example, only static routing is used. address-family ipv4 vrf Hankredistribute staticexit-address-family! Ip route vrf Hank 1.1.1.1 255.255.255.255 10.0.15.1 // static route. You need to write the route for vrf .! PE-2-R7: ip vrf Hankrd 2: 2route-target export 100: 2route-target import 100:1! Ip cefmpls label range 700 799 mpls label protocol ldpmpls ldp router-id Loopback0 force! Interface Loopback0ip address 7.7.7.7 255.255.255.255! Interface Ethernet0/0ip address 9.0.67.7 255.255.255.0mpls label protocol ldpmpls ip! Interface Ethernet0/1ip vrf forwarding Hankip address 10.0.27.7 255.255.255.0! Router ospf 1router-id 7.7.7.7network 7.7.7.7 0.0.0.0 area 0 network 9.0.67.7 0.0.0.0 area 0! Router bgp 1000bgp router-id 7.7.7bgp log-neighbor-changesno bgp default ipv4-unicastneighbor 5.5.5 remote-as 1000 neighbor 5.5.5 update-source Loopback0! Address-family limit 4neighbor 5.5.5 activateexit-address-family! Address-family vpnv4neighbor 5.5.5.5 activateneighbor 5.5.5.5 send-community extendedexit-address-family! Address-family ipv4 vrf Hankredistribute staticexit-address-family! Ip route vrf Hank 2.2.2.2 255.255.255.255 10.0.27.2! P-R6: P router, in fact, the configuration is very simple. In addition, P does not need to know the CE route of BGP and VRF. the only work of P is to forward label packets, so the operator's requirement for P router is: high performance and stability. generally, high-end devices such as cisco7600 and cisco7600 are used. ip cef // we still want to say that cef is a FIB table, which is the basis for MPLS label binding tables and label forwarding tables. If someone disables cef, the MPLS function of the device will be completely disabled. when the MPLS packet comes to the device, because the IGP route table of the device does not have the prefix of the packet destination, the result is direct packet loss. mpls label range 600 699 mpls label protocol ldpmpls ldp router-id Loopback0 force! Interface Loopback0ip address 6.6.6.6 255.255.255.255! Interface Ethernet0/0ip address 9.0.67.6 255.255.255.0mpls label protocol ldpmpls ip! Interface Ethernet0/1ip address 9.0.56.6 255.255.255.0mpls label protocol ldpmpls ip! Router ospf 1router-id 6.6.6.6network 6.6.6.6 0.0.0.0 area 0 network 9.0.56.6 0.0.0.0 area 0 network 9.0.67.6 0.0.0.0 area 0!