Tags

, ,

image

In this phase L3VPN is configured for CUSTOMER2. It is same for CUSTOMER1 but only difference is that between PE router R1 and CE router C2S1 protocol will be OSPF.

PHASE 3: Configure L3 VPN for CUSTOMER2

1. Create Separate VRF for CUSTOMER1

R1(config)#ip vrf CUSTOMER2
R1(config-vrf)#rd 500:2
R1(config-vrf)#route-target export 500:2
R1(config-vrf)#route-target import 500:2

2. MP-BGP with R4, actiavte VPNv4 and redistribute OSPF route to BGP

2.A Configurer MP-BGP/Activate VPNv4
As MP-BGP in place with R1 and R4 (configured in phase 2) do not need configure anything new.

2.B Redistribute CUSTOMER2 VRF OSPF route to BGP

R1(config-router-af)#address-family ipv4 vrf CUSTOMER2
R1(config-router-af)#redistribute ospf 102 match internal
R1(config-router-af)#no auto-summary

3. Create OSPF with R1 and C2S1 and redistribute BGP to OSPF

R1(config)#router ospf 102 vrf CUSTOMER2
R1(config-router)#network 192.168.100.0 0.0.0.3 area 0
R1(config-router)#redistribute bgp 500 subnets

4. Put interface or R1 & R4 in related VRF.

R1(config)#interface FastEthernet2/0
R1(config-if)#ip vrf forwarding CUSTOMER2

PE router R4 configuration will be similar to R1. Bellow is the configuration of R4

R4:

ip vrf CUSTOMER2

rd 500:2

route-target export 500:2
route-target import 500:2
!
interface FastEthernet2/0
ip vrf forwarding CUSTOMER2
!
router ospf 102 vrf CUSTOMER2
log-adjacency-changes
redistribute bgp 500 subnets
network 192.168.110.0 0.0.0.3 area 0
!
router bgp 500
no synchronization
bgp log-neighbor-changes
neighbor 10.10.10.1 remote-as 500
neighbor 10.10.10.1 update-source Loopback0
no auto-summary
 !
address-family vpnv4
neighbor 10.10.10.1 activate
neighbor 10.10.10.1 next-hop-self
neighbor 10.10.10.1 send-community extended
exit-address-family
 !
address-family ipv4 vrf CUSTOMER2
redistribute ospf 102 match internal
no auto-summary
no synchronization
exit-address-family
 !

Check the VRF table for CUSTOMER2

R4#show ip route vrf CUSTOMER2

Routing Table: CUSTOMER2
Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

192.168.110.0/30 is subnetted, 1 subnets
C 192.168.110.0 is directly connected, FastEthernet2/0
172.173.0.0/32 is subnetted, 2 subnets
B 172.173.1.1 [200/2] via 10.10.10.1, 02:03:24
O 172.173.2.1 [110/2] via 192.168.110.2, 01:58:20, FastEthernet2/0
192.168.100.0/30 is subnetted, 1 subnets
B 192.168.100.0 [200/0] via 10.10.10.1, 02:03:24

R4 is receiving 172.173.1.0/24 as BGP route via 10.10.10.1. This route is coming via OSPF from C2S1 to R1; R1 is announcing this via MP-BGP to R4. R4 remove MPLS and VPN tag and install it CUSTOMER1 VRF table.

If you check carefully, there is no related route (172.173.1.0/.24 or 172.173.2.0/24) in provider core router(R2,R3 or R5). These routers are not aware about these routes.

C2S1#traceroute

Protocol [ip]:
Target IP address: 172.173.2.1
Source address: 172.173.1.1
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:

Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 172.173.2.1

1 192.168.100.1 56 msec 76 msec 4 msec
2 192.168.12.2 [MPLS: Labels 22/27 Exp 0] 140 msec 132 msec 160 msec
3 192.168.23.2 [MPLS: Labels 20/27 Exp 0] 168 msec 112 msec 140 msec
4 192.168.110.1 [MPLS: Label 27 Exp 0] 100 msec 356 msec 108 msec
5 192.168.110.2 132 msec * 100 msec