Implementation of MPLS VPN

 

Lab Topology

 

Lab procedure

1: configure the basic address and enable the ISP to run OSPF in the middle so that the PES at both ends can communicate with each other.

2: BGP is built internally and MPLS is used to solve the black hole problem.

3: Enable VRF. It carries a large number of prefixes and is responsible for Route import and export.

4: Enable the extended group attribute: VPN V4. Put ipv4 vrf in one attribute.

5: Disable the aggregation and synchronization of IPv4 vrf. And re-distribute the Routes learned from CE.

6: Apply the VPN to the interface, and connect the PE and CE interfaces. Note the IP address.

7: The CE end writes related routes.

Below is a simple experiment:

R5 # show ip route

Codes: C-connected, S-static, R-RIP, M-mobile, B-BGP

D-OSPF, EX-VPN external, O-OSPF, IA-OSPF inter area

N1-ospf nssa external type 1, N2-ospf nssa external type 2

E1-OSPF external type 1, E2-OSPF external type 2

I-IS, su-IS summary, L1-IS-level-1, L2-IS level-2

Ia-IS inter area, *-candidate default, U-per-user static route

O-ODR, P-periodic downloaded static route

Gateway of last resort is not set

1.0.0.0/24 is subnetted, 1 subnets

S 1.1.1.0 [1/0] via 45.1.1.4

5.0.0.0/24 is subnetted, 1 subnets

C 5.5.5.0 is directly connected, Loopback10

45.0.0.0/24 is subnetted, 1 subnets

C 45.1.1.0 is directly connected, Serial1/0

R5 # ping 1.1.1.1 source 5.5.5

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

Packet sent with a source address of 5.5.5.5

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 72/90/104 MS

Router ospf 110

Log-adjacency-changes

Network 2.2.2.0 0.0.255 area 1

Network 23.1.1.0 0.0.255 area 1

!

R2: router bgp 1

No synchronization

Bgp log-neighbor-changes

Neighbor 4.4.4 remote-as 1

Neighbor 4.4.4 update-source Loopback10

No auto-summary

!

Address-family vpnv4

Neighbor 4.4.4 activate

Neighbor 4.4.4.4 send-community both

Exit-address-family

!

Address-family ipv4 vrf

Redistribute static

No auto-summary

No synchronization

Exit-address-family

OSPF automatically uses the loopback port as a 32-bit host route notification. Therefore, there is no 32-bit route at the end point during transmission in MPLS. You can manually change it to 24.

RD is used to identify the "who I am" in VRF to distinguish routing.

RT is used to introduce and send routes in VRF routes.

RD format

There are two formats for RD:

ASN: nn (commonly used) and IP-address: nn

ASN indicates the bgp as number, nn indicates the number, and the number can be defined AS needed. However, the number must be different for different users on a vro.

For example, if the network segment of a user is 10.1.1.0/24 and the RD is, the vpnv4 of the user is. 1.1.0/24

Next experiment:

The internal PE1, P, and PE2 run OSPF; CE1, PE1 run OSPF; CE2, PE2 run r1_2.

Lab Purpose

MPLS is used throughout the network, and the others are the same as above, achieving internal communication between the two ends

Lab Topology

 

Configuration points

CE1: router VPN 90

Network 0.0.0.0

No auto-summary

Interface Serial1/1

Ip address 12.1.1.1 255.255.255.0

Tag-switching ip

PE1: interface Loopback10

Ip address 2.2.2.2 255.255.255.0

Ip ospf network point-to-point

Interface Serial1/0

Ip vrf forwarding

Ip address 12.1.1.2 255.255.255.0

Tag-switching ip

Interface Serial1/1

Ip address 23.1.1.2 255.255.255.0

Tag-switching ip

Router VPN 90

No auto-summary

!

Address-family ipv4 vrf

Redistribute bgp 1 metric 1544 20000 255 1 1500

Network 12.1.1.0 0.0.255

No auto-summary

Autonomous-system 90

Exit-address-family

Router ospf 110

Log-adjacency-changes

Network 2.2.2.0 0.0.0.255 area 0

Network 23.1.1.0 0.0.0.255 area 0

Router bgp 1

No synchronization

Bgp log-neighbor-changes

Neighbor 4.4.4 remote-as 1

Neighbor 4.4.4 update-source Loopback10

No auto-summary

Address-family vpnv4

Neighbor 4.4.4 activate

Neighbor 4.4.4.4 send-community extended

Exit-address-family

Address-family ipv4 vrf

Redistribute fig 90

No auto-summary

No synchronization

Exit-address-family

P: router ospf 110

Log-adjacency-changes

Network 0.0.0.0 255.255.255.255 area 0

Interface Serial1/1

Ip address 34.1.1.3 255.255.255.0

Tag-switching ip

Interface Serial1/0

Ip address 23.1.1.3 255.255.255.0

Tag-switching ip

Interface Loopback10

Ip address 3.3.3.3 255.255.255.0

Lab Verification

CE2 # traceroute

Protocol [ip]:

Target IP address: 1.1.1.1

Source address: 5.5.5.5

1 34.1.1.4 [MPLS: Label 19 Exp 0] 124 msec 112 msec 100 msec

2 34.1.1.3 [MPLS: Labels 16/18 Exp 0] 80 msec 104 msec 104 msec

3 12.1.1.2 [MPLS: Label 18 Exp 0] 124 msec 72 msec 96 msec

4 12.1.1.1 80 msec * 228 msec

CE1 # ping 5.5.5 source 1.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:

Packet sent with a source address of 1.1.1.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 84/95/116 MS

Let's take a look at the MPLS table on the PE end:

PE2 # show mpls forwarding-table

Local Outgoing Prefix Bytes tag Outgoing Next Hop

Tag or VC or Tunnel Id switched interface

16 16 2.2.2.0/24 0 Se1/0 point2point

17 Untagged 3.3.3.3/32 0 Se1/0 point2point

18 Pop tag 23.1.1.0/24 0 Se1/0 point2point

19 16 1.1.1.0/24 [V] 2600 Se1/0 point2point

20 16 12.1.1.0/24 [V] 0 Se1/0 point2point

21 Pop tag 5.5.5.0/24 [V] 3760 Se1/1 point2point

22 Aggregate 45.1.1.0/24 [V] 0

This article is from the "not interested" blog