Thursday, March 14, 2013

MPLS Inter AS VPN Option B AKA Option 2








R1 Final Configuration

!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
ip vrf A
 rd 100:1
 route-target export 1:1
 route-target import 1:1
!
ip vrf B
 rd 100:2
 route-target export 2:2
 route-target import 2:2
!
no ip domain lookup
mpls label protocol ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 14.0.0.1 255.255.255.0
 ip router isis 1
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 ip vrf forwarding A
 ip address 12.0.0.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip vrf forwarding B
 ip address 13.0.0.1 255.255.255.0
 duplex auto
 speed auto
!
router eigrp 1
 auto-summary
 !
 address-family ipv4 vrf A
  redistribute bgp 100 metric 1 1 1 1 1
  network 12.0.0.1 0.0.0.0
  no auto-summary
  autonomous-system 100
 exit-address-family
!
router ospf 1 vrf B
 log-adjacency-changes
 redistribute bgp 100 subnets
 network 13.0.0.1 0.0.0.0 area 0
!
router isis 1
 net 49.1456.0000.0000.0001.00
 is-type level-2-only
 passive-interface Loopback0
!
router bgp 100
 no synchronization
 bgp log-neighbor-changes
 neighbor 4.4.4.4 remote-as 100
 neighbor 4.4.4.4 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
  neighbor 4.4.4.4 activate
  neighbor 4.4.4.4 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf B
  redistribute ospf 1 vrf B match internal external 1 external 2
  no synchronization
 exit-address-family
 !
 address-family ipv4 vrf A
  redistribute eigrp 100
  no synchronization
 exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp run
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

R2 Final Configuration 

 !
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 12.0.0.2 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router eigrp 100
 network 2.2.2.2 0.0.0.0
 network 12.0.0.2 0.0.0.0
 no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp run
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

R3 Final Configuration

!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
 ip address 13.0.0.3 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 3.3.3.3 0.0.0.0 area 0
 network 13.0.0.3 0.0.0.0 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp run
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end


R4 Final Configuration

!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
mpls label protocol ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
interface Loopback0
 ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
 ip address 14.0.0.4 255.255.255.0
 ip router isis 1
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 ip address 45.0.0.4 255.255.255.0
 duplex auto
 speed auto
!
router isis 1
 net 49.1456.0000.0000.0004.00
 is-type level-2-only
 passive-interface Loopback0
!
router bgp 100
 no synchronization
 no bgp default route-target filter
 bgp log-neighbor-changes
 neighbor 1.1.1.1 remote-as 100
 neighbor 1.1.1.1 update-source Loopback0
 neighbor 45.0.0.5 remote-as 200
 no auto-summary
 !
 address-family vpnv4
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 send-community extended
  neighbor 1.1.1.1 next-hop-self
  neighbor 45.0.0.5 activate
  neighbor 45.0.0.5 send-community extended
 exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end


R5 Final Configuration

!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R5
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
mpls label protocol ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
interface Loopback0
 ip address 5.5.5.5 255.255.255.255
!
interface FastEthernet0/0
 ip address 56.0.0.5 255.255.255.0
 ip router isis 1
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 ip address 45.0.0.5 255.255.255.0
 duplex auto
 speed auto
!
router isis 1
 net 49.1456.0000.0000.0005.00
 is-type level-2-only
 passive-interface Loopback0
!
router bgp 200
 no synchronization
 no bgp default route-target filter
 bgp log-neighbor-changes
 neighbor 6.6.6.6 remote-as 200
 neighbor 6.6.6.6 update-source Loopback0
 neighbor 45.0.0.4 remote-as 100
 no auto-summary
 !
 address-family vpnv4
  neighbor 6.6.6.6 activate
  neighbor 6.6.6.6 send-community extended
  neighbor 6.6.6.6 next-hop-self
  neighbor 45.0.0.4 activate
  neighbor 45.0.0.4 send-community extended
 exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp run
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

R6 Final Configuration

!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R6
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
ip vrf A
 rd 200:1
 route-target export 1:1
 route-target import 1:1
!
ip vrf B
 rd 200:2
 route-target export 2:2
 route-target import 2:2
!
no ip domain lookup
mpls label protocol ldp
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
interface Loopback0
 ip address 6.6.6.6 255.255.255.255
!
interface FastEthernet0/0
 ip address 56.0.0.6 255.255.255.0
 ip router isis 1
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet0/1
 ip vrf forwarding A
 ip address 67.0.0.6 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip vrf forwarding B
 ip address 68.0.0.6 255.255.255.0
 duplex auto
 speed auto
!
router eigrp 1
 auto-summary
 !
 address-family ipv4 vrf A
  redistribute bgp 200 metric 1 1 1 1 1
  network 67.0.0.6 0.0.0.0
  no auto-summary
  autonomous-system 100
 exit-address-family
!
router ospf 1 vrf B
 log-adjacency-changes
 redistribute bgp 200 subnets
 network 68.0.0.6 0.0.0.0 area 0
!
router isis 1
 net 49.1456.0000.0000.0006.00
 is-type level-2-only
 passive-interface Loopback0
!
router bgp 200
 no synchronization
 bgp log-neighbor-changes
 neighbor 5.5.5.5 remote-as 200
 neighbor 5.5.5.5 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf B
  redistribute ospf 1 vrf B match internal external 1 external 2
  no synchronization
 exit-address-family
 !
 address-family ipv4 vrf A
  redistribute eigrp 100
  no synchronization
 exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp run
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

R7 Final Configuration

!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R7
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
interface Loopback0
 ip address 7.7.7.7 255.255.255.255
!
interface FastEthernet0/0
 ip address 67.0.0.7 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router eigrp 100
 network 7.7.7.7 0.0.0.0
 network 67.0.0.7 0.0.0.0
 no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp run
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

R8 Final Configuration

!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R8
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
interface Loopback0
 ip address 8.8.8.8 255.255.255.255
!
interface FastEthernet0/0
 ip address 68.0.0.8 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 8.8.8.8 0.0.0.0 area 0
 network 68.0.0.8 0.0.0.0 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp run
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

Further Readings:







Deepak Arora
Evil CCIE

4 comments:

Anonymous said...

Can we do
--PE to PE BGP direct without connecting ASBR
--ASBR to ASBR direct with BGP like we do in IBGP
--for ASBR I guess we need wither OSPF/ISIS why we can not use other protocols like static etc

Thnaks for your lab

Deepak Arora said...

There is no ISIS exchange between ASBRs to begin with.

Also there is no LDP between ASBR to ASBR.

We can go across multiple hops using Option C for instance.

Gaurav Madan said...

ASBR - ASBR link

i believe the link where you have enabled vpnv4 address family .. will also have " mpls bgp forwarding" command ?

Am i not correct?

Deepak Arora said...

Hi Gaurav,

Depending upon IOS version you may or may not need to enable this command. In the version I used for demo, the command gets enabled automatically once I setup peering.