Mpls vpn mutual access control

Mpls vpn mutual access control

1. Configure the basic information of each vro
2. OSPF standard configuration. Change the network type to point-to-point and configure the passive interface.
3. The MPLS backbone network runs OSPF and the Label Distribution Protocol is LDP.
4. RT1, RT2, RT3, RT4, and RT5 run MP_IPGP. RT1 is MP_IPGP RR, RT2, RT3, RT4, and RT5 build MP_IBGP neighbors with RR respectively.
5. RT4 S0/1 and E3/0 are divided into vrf SC, S0/2, E3/1 are divided into VRF BG, E3/2 is divided into VRF HUB, RT5 S0/1 and E3/0 are divided into vrf SC, S0/2, E3/1 to VRF BG, E3/2 To VRF HUB
6. RT4 vrf SC and RT6 run RIP, RT4 vrf bg and RT7 configure Static Routing, RT5 vrf SC and RT8 run OSPF, RT5 VRF BG and RT9 run EBGP
 
IP Address Allocation is as follows:

RT2 E3/2 172.18.2.1/24 RT4 E3/2 172.18.4.1
RT3 E3/2 172.18.3.1/24 RT5 E3/2 172.18.5.1/24
Mpls vpn mutual access relationship control is as follows:
1. vpn wg sites can access each other
2. HUB-Spoke MPLS VPN
Change WG to HUB-Spoke mpls vpn, RT2 to HUB (center), RT3, RT4, and RT5 to Spoke (Branch), and the WG of Spoke can only access HUB, spoke ends cannot communicate with each other.
3. Complex MPLS VPN
Adjust the inter-access relationship between WG: RT2 and RT3 are the central end. The central end can communicate with each other. RT4 and RT5 are the branches, and the branches can only access the central end.
I. configuration of IGP and MPLS in the MPLS backbone network

Ii. MP_IPGP RR commissioning
RT1:
Router bgp 65000
No synchronization
Neighbor rrc peer-group // create a peer group named rrc
Neighbor remote-as 65000
Neighbor rrc update-source Loopback0
Neighbor rrc next-hop-self
Neighbor 2.2.2.2 peer-group rrc
Neighbor 3.3.3.3 peer-group rrc // call peer group rrc to establish IBGP neighbor
Neighbor 4.4.4 peer-group rrc
Neighbor 5.5.5.5 peer-group rrc
No auto-summary
Address-family vpnv4
Neighbor rrc activate // create a peer group named rrc
Neighbor rrc send-community extended
Neighbor rrc route-reflector-client // configure it as the RR client
Neighbor 2.2.2.2 peer-group rrc // call peer group rrc to establish MP_BGP RR
Neighbor 3.3.3.3 peer-group rrc
Neighbor 4.4.4 peer-group rrc
Neighbor 5.5.5.5 peer-group rrc
Exit-address-family
RT2:
Router bgp 65000
No synchronization
Neighbor 1.1.1.1 remote-as 65000
Neighbor 1.1.1.1 update-source Loopback0
No auto-summary
Address-family vpnv4
Neighbor 1.1.1.1 activate
Neighbor 1.1.1.1 send-community extended
Exit-address-family
RT3:
Router bgp 65000
No synchronization
Neighbor 1.1.1.1 remote-as 65000
Neighbor 1.1.1.1 update-source Loopback0
No auto-summary
Address-family vpnv4
Neighbor 1.1.1.1 activate
Neighbor 1.1.1.1 send-community extended
Exit-address-family
RT4:
Router bgp 65000
No synchronization
Neighbor 1.1.1.1 remote-as 65000
Neighbor 1.1.1.1 update-source Loopback0
No auto-summary
Address-family vpnv4
Neighbor 1.1.1.1 activate
Neighbor 1.1.1.1 send-community extended
Exit-address-family
RT5:
Router bgp 65000
No synchronization
Neighbor 1.1.1.1 remote-as 65000
Neighbor 1.1.1.1 update-source Loopback0
No auto-summary
Address-family vpnv4
Neighbor 1.1.1.1 activate
Neighbor 1.1.1.1 send-community extended
Exit-address-family
3. Configure VRF commissioning
RT4:
Ip vrf BG // create VRF and name it BG
Rd // The RD of VRF is
Route-target export // export RT
Route-target import // The import RT is
Ip vrf SC
Rd 1:1
Route-target export :20
Route-target import :10
RT5:
Ip vrf BG
Rd 2:
Route-target export 2: 10
Route-target import 2: 20
Ip vrf SC
Rd 1:1
Route-target export :10
Route-target import :20
Iv. Commissioning of PE and CE routing protocols
RT4:
Router rip // configure the routing protocol between CE and PE VRF
Version 2
No auto-summary
Address-family ipv4 vrf SC // configure MP_BGP
Network 172.16.0.0
No auto-summary
Version 2
Exit-address-family
RT6:
Router rip
Version 2
Network 6.0.0.0
Network 172.16.0.0
No auto-summary
RT4:
Ip route vrf BG 7.7.7.7 route 255.255 Serial0/2 172.17.47.2 // Add a static route in VRF BG
Ip route vrf BG 172.17.7.0 255.255.255.0 Serial0/2 172.17.47.2
RT7:
Ip route 0.0.0.0 0.0.0.0 172.17.47.1 // configure the default route
RT5:
Router ospf 101 vrf SC // configure VRF SC OSPF
Router-id 172.16.5.1
Network 172.16.5.0 0.0.0.255 area 0
Network 172.16.58.0 0.0.3 area 0
RT8:
Router ospf 1
Router-id 8.8.8.8
Passive-interface Ethernet3/0
Network 8.8.8.8 0.0.0.0 area 0
Network 172.16.8.0 0.0.255 area 0
Network 172.16.58.0 0.0.3 area 0
Network 0.0.0.0 255.255.255.255 area 0
RT5:
Router bgp 65000 // configure EBGP
Address-family ipv4 vrf BG // configure MP_BGP
Neighbor 172.17.59.2 remote-as 65001 // create an EBGP neighbor
No auto-summary
No synchronization
Exit-address-family
RT9:
Router bgp 65001
No synchronization
Network 9.9.9 mask 255.255.255.255
Network 172.17.9.0 mask 255.255.255.0
Network 172.17.59.0 mask 255.255.255.252
Neighbor 172.17.59.1 remote-as 65000
No auto-summary
5. mpls vpn commissioning
RT4:
Router bgp 65000
Address-family ipv4 vrf SC
Redistribute connected metric 1000 // redistributed directly to MP_BGP
Redistribute rip metric 1000 // re-RIP directly connected to MP_BGP
No auto-summary
No synchronization
Exit-address-family
Address-family ipv4 vrf BG
Redistribute connected metric 1000 // redistributed directly to MP_BGP
Redistribute static metric 1000 // redistribution static to MP_BGP
No auto-summary
No synchronization
Exit-address-family
Router rip
Redistribute bgp 65000 metric 5 // redistributes vrf SC to RIP
RT5:
Router bgp 65000
Address-family ipv4 vrf SC
Redistribute connected metric 1000 // redistributed directly to MP_BGP
Redistribute ospf 101 vrf SC metric 1000 match internal external 1 external 2 // re-distribution OSPF 101 vrf SC matches external routes of Class 5 type 1 and type 2 to MP_BGP
No auto-summary
No synchronization
Exit-address-family
Address-family ipv4 vrf BG
Redistribute connected metric 1000 // redistributed directly to MP_BGP
Exit-address-family
Vi. mpls vpn mutual access relationship Control
1. vpn wg sites can access each other
RT2, RT3, RT4, and RT5 are configured as follows:
Ip vrf WG
Rd: 5
Route-target export 5: 5
Route-target import 5: 5
Int e3/2
Ip vrf forwarding WG
Ip address 172.18.xx.1 255.255.255.0
Router bgp 65000
Address-family ipv4 vrf WG
Redistribute connected metric 1000
No auto-summary
No synchronization
Exit-address-family
Test results:

Note: If the configuration is correct, a route exists in the MP_BGP table, but VRF is not imported automatically, use clear ip route vrf <Name> 〉*
2. HUB-Spoke MPLS VPN
Change WG to HUB-Spoke mpls vpn, RT2 to HUB (center), RT3, RT4, and RT5 to Spoke (Branch), and the WG of Spoke can only access HUB, spoke ends cannot communicate with each other.
RT2: RT2, RT3, RT4, RT5:
Ip vrf WG
No route-target export // clear the previously configured RT
No route-target import
RT2:
Ip vrf WG
Route-target export 5: 5
Route-target import 5: 10
RT3, RT4, RT5:
Ip vrf WG
Route-target export 5: 10
Route-target import 5: 5
RT2 (config-vrf) # do show ip route vrf WG
172.18.0.0/24 is subnetted, 4 subnets
B 172.18.4.0 [200/1000] via 4.4.4.4, 00:00:24
B 172.18.5.0 [200/1000] via 5.5.5.5, 00:02:38
C 172.18.2.0 is directly connected, Ethernet3/2
B 172.18.3.0 [200/1000] via 3.3.3.3, 00:01:54
RT3 (config-vrf) # do show ip route vrf WG
172.18.0.0/24 is subnetted, 2 subnets
B 172.18.2.0 [200/1000] via 2.2.2.2, 00:01:40
C 172.18.3.0 is directly connected, Ethernet3/2
RT4 (config-vrf) # do show ip route vrf WG
172.18.0.0/24 is subnetted, 2 subnets
C 172.18.4.0 is directly connected, Ethernet3/2
B 172.18.2.0 [200/1000] via 2.2.2.2, 00:00:07
Note: when viewing the VRF route table, refresh the VRF route table first.
3. Complex MPLS VPN
Adjust the inter-access relationship between WG: RT2 and RT3 are the central end. The central end can communicate with each other. RT4 and RT5 are the branches, and the branches can only access the central end.
RT2: RT2, RT3, RT4, RT5:
Ip vrf WG
No route-target export // clear the previously configured RT
No route-target import
RT2, RT3:
Ip vrf WG
Route-target export 5: 5
Route-target import 5: 5
Route-target export 5: 10
Route-target import 5: 20
RT4, RT5:
Ip vrf WG
Route-target export 5: 20
Route-target import 5: 10
RT2:
172.18.0.0/24 is subnetted, 4 subnets
B 172.18.4.0 [200/1000] via 4.4.4.4, 00:00:03
B 172.18.5.0 [200/1000] via 5.5.5.5, 00:00:03
C 172.18.2.0 is directly connected, Ethernet3/2
B 172.18.3.0 [200/1000] via 3.3.3.3, 00:00:03
RT3:
172.18.0.0/24 is subnetted, 4 subnets
B 172.18.4.0 [200/1000] via 4.4.4.4, 00:00:09
B 172.18.5.0 [200/1000] via 5.5.5.5, 00:00:09
B 172.18.2.0 [200/1000] via 2.2.2.2, 00:00:09
C 172.18.3.0 is directly connected, Ethernet3/2
RT4:
172.18.0.0/24 is subnetted, 3 subnets
C 172.18.4.0 is directly connected, Ethernet3/2
B 172.18.2.0 [200/1000] via 2.2.2.2, 00:00:01
B 172.18.3.0 [200/1000] via 3.3.3.3, 00:00:01
RT5:
172.18.0.0/24 is subnetted, 3 subnets
C 172.18.5.0 is directly connected, Ethernet3/2
B 172.18.2.0 [200/1000] via 2.2.2.2, 00:01:02
B 172.18.3.0 [200/1000] via 3.3.3.3, 00:01:02
Note: when viewing the VRF route table, refresh the VRF route table first.
The RT configuration is very flexible, it is easy to achieve business traffic distribution, and the configuration is very simple!
Author: "Mortal World"