MPLS Layer 3 VPN

BGP, MPLS, OSPF, Route, WAN 10 Minutes

Acknowledgement

Without MR.Keith Barker’s 21 minutes video instruction, constructing MPLS VPN lab will take a longer time. His 21 minutes video instruction summarizes all. MR. Keith Barker has amazing skills to translate complicated concepts into simpler and easier to understand concepts. Now it is clearer to me and I believe it will be easier on my journey to learn more about MPLS and BGP. Thank you once more MR. Keith Barker!

Here’s the 21 min long video instruction.

MPLS VPN components

1. IGP
Preferred IGP used for MPLS network is either IS-IS or OSPF. In this lab I used OSPF because I do not know IS-IS :p The purpose of IGP is to distribute the MPLS label, the MPLS LFIB depends on CEF, without CEF there will be no MPLS LFIB, and CEF is replicated from FIB and adjacency table. The FIB is a directly replication of RIB, and RIB is built from best path calculated with link state IGP.

Here’s the OSPF configuration from R1 to R6.

r1#sh run | s router ospf
router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 passive-interface default
 no passive-interface Serial0/0
 no passive-interface Serial0/1
 no passive-interface Serial0/2
 no passive-interface Serial0/3
 no passive-interface Loopback0
 network 1.1.1.1 0.0.0.0 area 0
 network 192.168.0.1 0.0.0.0 area 0
 network 192.168.0.5 0.0.0.0 area 0
 network 192.168.0.9 0.0.0.0 area 0
 network 192.168.0.13 0.0.0.0 area 0
r1#

r2#sh run | s router ospf
router ospf 1
 router-id 2.2.2.2
 log-adjacency-changes
 passive-interface default
 no passive-interface Serial0/0
 no passive-interface Serial0/1
 no passive-interface Serial0/2
 no passive-interface Serial0/3
 no passive-interface Loopback0
 network 2.2.2.2 0.0.0.0 area 0
 network 192.168.0.2 0.0.0.0 area 0
 network 192.168.0.21 0.0.0.0 area 0
 network 192.168.0.25 0.0.0.0 area 0
 network 192.168.0.29 0.0.0.0 area 0
r2#

r3#sh run | s router ospf
router ospf 1
 router-id 3.3.3.3
 log-adjacency-changes
 passive-interface default
 no passive-interface Serial0/0
 no passive-interface Serial0/1
 no passive-interface Serial0/2
 no passive-interface Serial0/3
 no passive-interface Loopback0
 network 3.3.3.3 0.0.0.0 area 0
 network 192.168.0.10 0.0.0.0 area 0
 network 192.168.0.17 0.0.0.0 area 0
 network 192.168.0.22 0.0.0.0 area 0
 network 192.168.0.37 0.0.0.0 area 0
r3#

r4#sh run | s router ospf
router ospf 1
 router-id 4.4.4.4
 log-adjacency-changes
 passive-interface default
 no passive-interface Serial0/0
 no passive-interface Serial0/1
 no passive-interface Serial0/2
 no passive-interface Serial0/3
 no passive-interface Loopback0
 network 4.4.4.4 0.0.0.0 area 0
 network 192.168.0.6 0.0.0.0 area 0
 network 192.168.0.26 0.0.0.0 area 0
 network 192.168.0.33 0.0.0.0 area 0
 network 192.168.0.38 0.0.0.0 area 0
r4#

r5#sh run | s router ospf
router ospf 1
 router-id 5.5.5.5
 log-adjacency-changes
 passive-interface default
 no passive-interface Serial0/0
 no passive-interface Serial0/1
 no passive-interface Loopback0
 network 5.5.5.5 0.0.0.0 area 0
 network 192.168.0.14 0.0.0.0 area 0
 network 192.168.0.18 0.0.0.0 area 0
r5#

r6#sh run | s router ospf
router ospf 1
 router-id 6.6.6.6
 log-adjacency-changes
 passive-interface default
 no passive-interface Serial0/0
 no passive-interface Serial0/1
 no passive-interface Loopback0
 network 6.6.6.6 0.0.0.0 area 0
 network 192.168.0.30 0.0.0.0 area 0
 network 192.168.0.34 0.0.0.0 area 0
r6#

2. Multiprotocol Label switching (MPLS)
This WAN technology uses labels to make packet forwarding decision instead of doing recursive ip prefix lookup with routing table.

MPLS randomly assigns a label on each MPLS enabled interface, builds up a label information base which stores all local and remote bindings indiscriminately. Based on IGP calculated best path, label forwarding information base is constructed.

MPLS relies heavily on Cisco Express Forwarding in all Cisco routers, CEF is enabled by default on all Cisco routers. Cisco Express Forwarding is built from forward information base and adjacency table. When the best path is calculated by an IGP, forward information base is replicated from routing information base, the adjacency table contains the mac address and the exit interface.

MPLS enabled router look at the 32-bit MPLS shimmed label of an IP packet, look at its LFIB and based on the incoming label decide which interface to exit and if a label should be imposed when sending the packet out.

The advantage of MPLS network is not because of speed, the motivation for provider to use MPLS network is because the core network can be used to route packets without relying on BGP. In other words, MPLS enable provider’s routers to be operated in BGP-free core environment.

The BGP-free core routers that run MPLS are known as Provider’s routers or P-routers.

Cisco router uses LDP as the default MPLS protocol, the legacy way of doing MPLS was known as tag-switching using tag distribution protocol (TDP). Hence it is unnecessary to type mpls label protocol ldp.

To enable MPLS, simply type mpls ip in global configuration mode then in interface configuration mode type mpls ip.

Reference: http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_ldp_overview.html#wp1354703

3. Virtual routing and forwarding (VRF)

Each VRF instance has its own routing table and routing protocols, multiple number of VRF instances do not interact with one another.

VRF-Lite is the usage of VRF without route distinguisher and route targets. On a single interface IP address can be overlapped on each VRF instance, as each VRF instance has its own virtual routing.

VRF uses the BGP extended community to import customer’s route into BGP, transport over the MPLS and send out to the destination. The interaction of Site A and Site B is established from export and import of route targets.

Route distinguisher is a 64-bit address that is prepended to the traditional 32-bit IPv4 address producing an address family known as VPN version 4 address which is 96-bit long.

Step 1: In global configuration mode type ip vrf vrf-instance-name

Step 2: In VRF configuration mode type rd ASN:NN|IP_address:NN

Step 3: Create route target and export it by typing route-target export ASN:NN|IP_address:NN

Step 4: Import another site’s route target into the VRF instance route-target import ASN:NN|IP_address:NN.

If no export or import is explicitly specified Cisco IOS will do export and import for your route-target created.

Simply put, route-target is a crate, in the crate contains your routing information. You export the crate until the destination, the recipient opens the crate and get your routing information.

VRF route-target and route distinguisher uses the BGP new format to define the numbers.
ASN:NN – Autonomous number:any number you choose, in fact you can choose any AS number you like.
IP_address:NN – IPv4 address:any number you choose.

RD and RT are locally significant. The core point (thanks Keith for making this so clear!) is when one source VRF instance exports, the destination VRF instance should import in order to receive the source VRF instance route.

Only the PE routers need to use BGP and VRF, the P routers only needs to run MPLS and a link-state IGP.

Here’s the VRF configuration on r5 and r6 which are the PE-routers.

r5#sh run | s ip vrf
ip vrf SITE-A
 rd 5.5.5.5:5
 route-target export 50:50
 route-target import 60:60
r5#
r5#sh run int fa1/0
interface FastEthernet1/0
 ip vrf forwarding SITE-A
 ip address 172.16.0.1 255.255.255.0
 speed auto
 full-duplex
end
r5#

r6#sh run | s ip vrf
ip vrf SITE-B
 rd 6.6.6.6:6
 route-target export 60:60
 route-target import 50:50
r6#
r6#sh run int fa1/0
interface FastEthernet1/0
 ip vrf forwarding SITE-B
 ip address 10.0.0.1 255.255.255.0
 duplex auto
 speed auto
end
r6#

Notice the export and import commands, when r5 exports its VPNv4 route into a crate label as 50:50, r6 imports crate 50:50 and got the 5.5.5.5:5.. The same logic goes to r6 as well.

4. Multiprotocol Border Gateway Protocol

MP-BGP is BGP that supports VPNv4 address family.

Step 1: Establish iBGP peering between r5 and r6.

Step 2: Type address-family vpnv4, in the address-family vpnv4 configuration mode activate the peering neighbor and send BGP extended community.

Step 3: Go to BGP VRF instance and redistribute customer’s route into BGP vrf instance.

Here’s the configuration for r5 and r6.

r5#sh run | s router bgp
router bgp 65000
 bgp router-id 5.5.5.5
 bgp log-neighbor-changes
 neighbor 6.6.6.6 remote-as 65000
 neighbor 6.6.6.6 update-source Loopback0
 !
 address-family ipv4
  no neighbor 6.6.6.6 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 6.6.6.6 activate
  neighbor 6.6.6.6 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf SITE-A
  redistribute rip
  no synchronization
 exit-address-family
r5#

r6#sh run | s router bgp
router bgp 65000
 bgp router-id 6.6.6.6
 bgp log-neighbor-changes
 neighbor 5.5.5.5 remote-as 65000
 neighbor 5.5.5.5 update-source Loopback0
 !
 address-family ipv4
  no neighbor 5.5.5.5 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf SITE-B
  redistribute eigrp 100
  no synchronization
 exit-address-family
r6#
R1-R4 are P routers which are the BGP free MPLS core. R5 and R6 are PE routers which are the routers that operate VRF and MP-BGP. R7 and R8 are customer’s edger routers, the MPLS VPN operation is completely transparent to the customer.

MPLS VPN lab

BGP free core P-routers
R1:

!
hostname r1
!
ip cef
!
!
!
mpls label protocol ldp
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Serial0/0
 bandwidth 2000
 ip address 192.168.0.1 255.255.255.252
 mpls ip
 clock rate 2000000
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 bandwidth 2000
 ip address 192.168.0.9 255.255.255.252
 mpls ip
 clock rate 2000000
!
interface Serial0/2
 bandwidth 2000
 ip address 192.168.0.5 255.255.255.252
 mpls ip
 clock rate 2000000
!
interface Serial0/3
 bandwidth 2000
 ip address 192.168.0.13 255.255.255.252
 mpls ip
 clock rate 2000000
!
interface Serial0/4
 no ip address
 shutdown
 clock rate 2000000
!
router ospf 1
 router-id 1.1.1.1
 log-adjacency-changes
 passive-interface default
 no passive-interface Serial0/0
 no passive-interface Serial0/1
 no passive-interface Serial0/2
 no passive-interface Serial0/3
 no passive-interface Loopback0
 network 1.1.1.1 0.0.0.0 area 0
 network 192.168.0.1 0.0.0.0 area 0
 network 192.168.0.5 0.0.0.0 area 0
 network 192.168.0.9 0.0.0.0 area 0
 network 192.168.0.13 0.0.0.0 area 0
!

R2:

!
hostname r2
!
ip cef
!
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 bandwidth 2000
 ip address 192.168.0.2 255.255.255.252
 mpls ip
 clock rate 2000000
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 bandwidth 2000
 ip address 192.168.0.25 255.255.255.252
 mpls ip
 clock rate 2000000
!
interface Serial0/2
 bandwidth 2000
 ip address 192.168.0.21 255.255.255.252
 mpls ip
 clock rate 2000000
!
interface Serial0/3
 bandwidth 2000
 ip address 192.168.0.29 255.255.255.252
 mpls ip
 clock rate 2000000
!
router ospf 1
 router-id 2.2.2.2
 log-adjacency-changes
 passive-interface default
 no passive-interface Serial0/0
 no passive-interface Serial0/1
 no passive-interface Serial0/2
 no passive-interface Serial0/3
 no passive-interface Loopback0
 network 2.2.2.2 0.0.0.0 area 0
 network 192.168.0.2 0.0.0.0 area 0
 network 192.168.0.21 0.0.0.0 area 0
 network 192.168.0.25 0.0.0.0 area 0
 network 192.168.0.29 0.0.0.0 area 0
!

R3:

r3#
!
hostname r3
!
ip cef
!
mpls label protocol ldp
!
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 bandwidth 2000
 ip address 192.168.0.10 255.255.255.252
 mpls ip
 clock rate 2000000
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 bandwidth 2000
 ip address 192.168.0.37 255.255.255.252
 mpls ip
 clock rate 2000000
!
interface Serial0/2
 bandwidth 2000
 ip address 192.168.0.22 255.255.255.252
 mpls ip
 clock rate 2000000
!
interface Serial0/3
 bandwidth 2000
 ip address 192.168.0.17 255.255.255.252
 mpls ip
 clock rate 2000000
!
interface Serial0/4
 no ip address
 shutdown
 clock rate 2000000
!
!
router ospf 1
 router-id 3.3.3.3
 log-adjacency-changes
 passive-interface default
 no passive-interface Serial0/0
 no passive-interface Serial0/1
 no passive-interface Serial0/2
 no passive-interface Serial0/3
 no passive-interface Loopback0
 network 3.3.3.3 0.0.0.0 area 0
 network 192.168.0.10 0.0.0.0 area 0
 network 192.168.0.17 0.0.0.0 area 0
 network 192.168.0.22 0.0.0.0 area 0
 network 192.168.0.37 0.0.0.0 area 0
!

R4:

!
hostname r4
!
ip cef
!
!
mpls label protocol ldp
!
interface Loopback0
 ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 bandwidth 2000
 ip address 192.168.0.38 255.255.255.252
 mpls ip
 clock rate 2000000
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 bandwidth 2000
 ip address 192.168.0.26 255.255.255.252
 mpls ip
 clock rate 2000000
!
interface Serial0/2
 bandwidth 2000
 ip address 192.168.0.6 255.255.255.252
 mpls ip
 clock rate 2000000
!
interface Serial0/3
 bandwidth 2000
 ip address 192.168.0.33 255.255.255.252
 mpls ip
 clock rate 2000000
!
!
router ospf 1
 router-id 4.4.4.4
 log-adjacency-changes
 passive-interface default
 no passive-interface Serial0/0
 no passive-interface Serial0/1
 no passive-interface Serial0/2
 no passive-interface Serial0/3
 no passive-interface Loopback0
 network 4.4.4.4 0.0.0.0 area 0
 network 192.168.0.6 0.0.0.0 area 0
 network 192.168.0.26 0.0.0.0 area 0
 network 192.168.0.33 0.0.0.0 area 0
 network 192.168.0.38 0.0.0.0 area 0
!

PE-routers
R5 and R7 formed RIP adjacency. As a PE-router it runs 3 routing processes to make the whole MPLS VPN works.

R5:

!
hostname r5
!
ip cef
!
!
!
!
ip vrf SITE-A
 rd 5.5.5.5:5
 route-target export 50:50
 route-target import 60:60
!
!
interface Loopback0
 ip address 5.5.5.5 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface Serial0/0
 ip address 192.168.0.14 255.255.255.252
 mpls ip
 clock rate 2000000
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 bandwidth 2000
 ip address 192.168.0.18 255.255.255.252
 mpls ip
 clock rate 2000000
!
interface Serial0/2
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/3
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet1/0
 ip vrf forwarding SITE-A
 ip address 172.16.0.1 255.255.255.0
 speed auto
 full-duplex
!
router ospf 1
 router-id 5.5.5.5
 log-adjacency-changes
 passive-interface default
 no passive-interface Serial0/0
 no passive-interface Serial0/1
 no passive-interface Loopback0
 network 5.5.5.5 0.0.0.0 area 0
 network 192.168.0.14 0.0.0.0 area 0
 network 192.168.0.18 0.0.0.0 area 0
!
router rip
 !
 address-family ipv4 vrf SITE-A
  redistribute bgp 65000 metric 2
  network 172.16.0.0
  no auto-summary
  version 2
 exit-address-family
!
router bgp 65000
 bgp router-id 5.5.5.5
 bgp log-neighbor-changes
 neighbor 6.6.6.6 remote-as 65000
 neighbor 6.6.6.6 update-source Loopback0
 !
 address-family ipv4
  no neighbor 6.6.6.6 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 6.6.6.6 activate
  neighbor 6.6.6.6 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf SITE-A
  redistribute rip
  no synchronization
 exit-address-family
!

R6 and R8 established EIGRP adjacency. Notice, R6 eigrp AS is 1, however the actual configuration for forming EIGRP adjacency with R8 is in address-family ipv4 vrf mode. In this address-family ipv4 vrf mode it is very crucial to have the same EIGRP AS number as customer’s edge router.

R6:

!
hostname r6
!
ip cef
!
!
!
!
ip vrf SITE-B
 rd 6.6.6.6:6
 route-target export 60:60
 route-target import 50:50
!
mpls label protocol ldp
!
!
!
interface Loopback0
 ip address 6.6.6.6 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface Serial0/0
 bandwidth 2000
 ip address 192.168.0.30 255.255.255.252
 mpls ip
 clock rate 2000000
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 bandwidth 2000
 ip address 192.168.0.34 255.255.255.252
 mpls ip
 clock rate 2000000
!
interface Serial0/2
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/3
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet1/0
 ip vrf forwarding SITE-B
 ip address 10.0.0.1 255.255.255.0
 duplex auto
 speed auto
!
router eigrp 1
 auto-summary
 !
 address-family ipv4 vrf SITE-B
  redistribute bgp 65000 metric 1 1 1 1 1
  network 10.0.0.1 0.0.0.0
  no auto-summary
  autonomous-system 100
 exit-address-family
!
router ospf 1
 router-id 6.6.6.6
 log-adjacency-changes
 passive-interface default
 no passive-interface Serial0/0
 no passive-interface Serial0/1
 no passive-interface Loopback0
 network 6.6.6.6 0.0.0.0 area 0
 network 192.168.0.30 0.0.0.0 area 0
 network 192.168.0.34 0.0.0.0 area 0
!
router bgp 65000
 bgp router-id 6.6.6.6
 bgp log-neighbor-changes
 neighbor 5.5.5.5 remote-as 65000
 neighbor 5.5.5.5 update-source Loopback0
 !
 address-family ipv4
  no neighbor 5.5.5.5 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf SITE-B
  redistribute eigrp 100
  no synchronization
 exit-address-family
!

Customer’s edge routers
The provider’s MPLS operation is completely transparent to customer, customer only needs to bother to form neighbour relationship with provider’s edge router, the rest of the thing is taken care by ISP, hey you pay for the work and service right? 😉

R7:

!
hostname r7
!
boot-start-marker
boot-end-marker
!
ip cef
!
!
!
!
interface Loopback7
 ip address 172.16.1.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 172.16.0.2 255.255.255.0
 speed auto
 full-duplex
!
router rip
 version 2
 network 172.16.0.0
 no auto-summary
!

R8:

!
hostname r8
!
ip cef
!
!
!
interface Loopback8
 ip address 172.31.0.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 10.0.0.2 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router eigrp 100
 network 10.0.0.2 0.0.0.0
 network 172.31.0.1 0.0.0.0
 no auto-summary
!

What customer’s edge router sees
R7 sees the redistributed route into RIP. 172.31.0.0/24 prefix belongs to R8.

r7#sh ip route | beg Gateway
Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 2 subnets
C       172.16.0.0 is directly connected, FastEthernet0/0
C       172.16.1.0 is directly connected, Loopback7
     172.31.0.0/24 is subnetted, 1 subnets
R       172.31.0.0 [120/2] via 172.16.0.1, 00:00:17, FastEthernet0/0
     10.0.0.0/24 is subnetted, 1 subnets
R       10.0.0.0 [120/2] via 172.16.0.1, 00:00:17, FastEthernet0/0
r7#ping 172.31.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.31.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/29/48 ms
r7#

R8 sees the redistributed route into EIGRP. 172.16.1.0/24 is the prefix belongs to R7.

r8#sh ip route | beg Gateway
Gateway of last resort is not set

     172.16.0.0/24 is subnetted, 2 subnets
D EX    172.16.0.0 [170/2560002816] via 10.0.0.1, 01:59:10, FastEthernet0/0
D EX    172.16.1.0 [170/2560002816] via 10.0.0.1, 01:59:10, FastEthernet0/0
     172.31.0.0/24 is subnetted, 1 subnets
C       172.31.0.0 is directly connected, Loopback8
     10.0.0.0/24 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, FastEthernet0/0
r8#ping 172.16.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/25/48 ms
r8#
Advertisement

Published by cyruslab

Published

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s