Tags

, ,

image

MPLS L3 VPN involves following steps:

Step 1: The CE router sends an IPv4 routing update to the PE Router.
Step 2: A 64 bit RD is prepended to the customer IPv4 prefix to make it globally unique, resulting in a 96-bit VPNv4 prefix.
Step 3: A 96 bit VPNv4 prefix is propagated via MP-BGP to the other PE router.
Step 4: The RD is removed from the VPNv4 prefix, resulting in a 32 bit IPv4 prefix.
Step 5: The PE router sends the resulting IPv4 prefix to the CE router.

For the provider R1 & R4 work as PE Router.

PHASE 2: Configure L3 VPN for CUSTOMER1

1. Create Separate VRF for CUSTOMER1
R1(config)#ip vrf CUSTOMER1
R1(config-vrf)#rd 500:1
R1(config-vrf)#route-target export 500:1
R1(config-vrf)#route-target import 500:1

2. MP-BGP with R4, actiavte VPNv4 and redistribute static route to BGP
2.A Configurer MP-BGP

R1(config)#router bgp 500
R1(config-router)#neighbor 10.10.10.4 remote-as 500
R1(config-router)#neighbor 10.10.10.4 update-source Loopback0

2.B Activate VPNv4

R1(config-router)# address-family vpnv4
R1(config-router-af)#neighbor 10.10.10.4 activate
R1(config-router-af)#neighbor 10.10.10.4 next-hop-self
R1(config-router-af)#neighbor 10.10.10.4 send-community extended

2.C Redistribute CUSTOMER1 VRF static route to BGP

R1(config-router-af)#address-family ipv4 vrf CUSTOMER1
R1(config-router-af)#redistribute static
R1(config-router-af)#no auto-summary

3. Create static route in CUSTOMER1 VRF.

R1(config)#ip route vrf CUSTOMER1 172.172.1.0 255.255.255.0 192.168.10.2

4. Put interface or R1 & R4 in related VRF.

R1(config)#interface FastEthernet1/0
R1(config-if)#ip vrf forwarding CUSTOMER1

5. From C1S1 route just provide a default route to R1.

PE router R4 configuration will be similar to R1. Bellow is the configuration of R4

R4:

ip vrf CUSTOMER1
rd 500:1
route-target export 500:1
route-target import 500:1
!
interface FastEthernet1/0
ip vrf forwarding CUSTOMER1
!
router bgp 500
no synchronization
bgp log-neighbor-changes
neighbor 10.10.10.1 remote-as 500
neighbor 10.10.10.1 update-source Loopback0
no auto-summary
 !
address-family vpnv4
neighbor 10.10.10.1 activate
neighbor 10.10.10.1 next-hop-self
neighbor 10.10.10.1 send-community extended
exit-address-family
 !
address-family ipv4 vrf CUSTOMER1
redistribute static
no auto-summary
no synchronization
exit-address-family
!
ip route vrf CUSTOMER1 172.172.2.0 255.255.255.0 192.168.11.2

Check the VRF table for CUSTOMER1

R4#show ip route vrf CUSTOMER1

Routing Table: CUSTOMER1
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

172.172.0.0/24 is subnetted, 2 subnets
B 172.172.1.0 [200/0] via 10.10.10.1, 01:35:55
S 172.172.2.0 [1/0] via 192.168.11.2
192.168.11.0/30 is subnetted, 1 subnets
C 192.168.11.0 is directly connected, FastEthernet1/0

R4 is receiving 172.172.1.0/24 as BGP route via 10.10.10.1. This route is coming statically coming to R1; R1 is announcing this via MP-BGP to R4. R4 remove MPLS and VPN tag and install it CUSTOMER1 VRF table.

If you check carefully, there is no related route (172.172.1.0/.24 or 172.172.2.0/24) in provider core router(R2,R3 or R5). These routers are not aware about these routes.

Check the reachability from C1S1:

C1S1# traceroute
Protocol [ip]:
Target IP address: 172.172.2.1
Source address: 172.172.1.1
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 172.172.2.1

1 192.168.10.1 12 msec 24 msec 8 msec
2 192.168.12.2 [MPLS: Labels 22/25 Exp 0] 112 msec 160 msec 136 msec
3 192.168.23.2 [MPLS: Labels 20/25 Exp 0] 92 msec 156 msec 148 msec
4 192.168.11.1 [MPLS: Label 25 Exp 0] 80 msec 112 msec 112 msec
5 192.168.11.2 96 msec * 104 msec