In this post we will cover MPLS VPN using the following digram.
We have a customer with 2 different sites. We need to creat an MPLS VPN so that site A and site B can share routes. We will be using EIGRP between the 2 sites and between the CE and PE. We will be running OSFP in our provider network. We will need to run multi protocol BGP between PE1 and PE2. The first thing to do is to create the loopback interfaces and set up OSPF on our provider routers.
PE1 ! interface Loopback1 ip address 2.2.2.2 255.255.255.0 ip ospf network point-to-point ! router ospf 1 network 2.2.2.0 0.0.0.255 area 0 network 192.168.23.0 0.0.0.255 area 0 !
P ! interface Loopback1 ip address 3.3.3.3 255.255.255.0 ip ospf network point-to-point ! router ospf 1 network 3.3.3.0 0.0.0.255 area 0 network 192.168.23.0 0.0.0.255 area 0 network 192.168.34.0 0.0.0.255 area 0 !
PE2 ! interface Loopback1 ip address 4.4.4.4 255.255.255.0 ip ospf network point-to-point ! router ospf 1 network 4.4.4.0 0.0.0.255 area 0 network 192.168.34.0 0.0.0.255 area 0 !
Now we have configured OSPF in our provider network we need to enable MPLS.
PE1 ! interface FastEthernet0/1 ip address 192.168.23.2 255.255.255.0 mpls ip !
P ! interface FastEthernet0/0 ip address 192.168.23.3 255.255.255.0 mpls ip ! interface FastEthernet0/1 ip address 192.168.34.3 255.255.255.0 mpls ip !
PE2 ! interface FastEthernet0/1 ip address 192.168.34.4 255.255.255.0 mpls ip !
Now we are running MPLS Frame mode using LDP on our service provider network. Its now time to create a VRF for the Customer . Virtual route forwarding (VRF) is basically like having another routing table. Each of these tables are private and are not shared with each other. You can have multiple instances of VRF’s running on your router.
PE1 ! ip vrf CUS rd 100:1 route-target export 1:100 route-target import 1:100 !
PE2 ! ip vrf CUS rd 100:1 route-target export 1:100 route-target import 1:100 !
The rd (route distinguisher) is a ways of distinguishing between different customer routes. Route Target allows you to export routes from a VRF and import them in to a different VRF. Route Targets are added as a tag to the BGP NLRI in the BGP community. Now we have created the VRF we need to add them to the correct interface
PE1 ! interface FastEthernet0/0 ip vrf forwarding CUS ip address 192.168.12.2 255.255.255.0 !
PE2 ! interface FastEthernet0/0 ip vrf forwarding CUS ip address 192.168.45.4 255.255.255.0 !
Now we need to configure EIGRP on the CE routers
CE1A ! router eigrp 100 network 1.1.1.0 0.0.0.255 network 192.168.12.0 no auto-summary !
CE1B ! router eigrp 100 network 5.5.5.0 0.0.0.255 network 192.168.45.0 no auto-summar !
Now we have set up EIGRP on the CE routers we need to configure EIGRP on the PE routers. We need to do this under the VRF process using the address-family command.
PE1 ! router eigrp 1 auto-summary ! address-family ipv4 vrf CUS network 192.168.12.0 no auto-summary autonomous-system 100 exit-address-family !
PE2 ! router eigrp 1 auto-summary ! address-family ipv4 vrf CUS network 192.168.45.0 no auto-summary autonomous-system 100 exit-address-family !
Now we have configured EIGRP on the PE routers and the CE routers its now time to check the connections
We can see that the ping to CE1A has failed. If we remember that we are using a VRF and the VRF process is separate from the global routing table. Therefore if we simply need to ping it using the correct VRF (ping VRF <vrf name>).
We can now see that the ping to CE1A has been successful and we have reachability. Its now time to configure BGP for the PE routers.
PE1 ! router bgp 6500 neighbor 4.4.4.4 remote-as 6500 neighbor 4.4.4.4 update-source Loopback1 no auto-summary ! address-family vpnv4 neighbor 4.4.4.4 activate neighbor 4.4.4.4 send-community both exit-address-family !
PE2 ! router bgp 6500 no synchronization bgp log-neighbor-changes neighbor 2.2.2.2 remote-as 6500 neighbor 2.2.2.2 update-source Loopback1 no auto-summary ! address-family vpnv4 neighbor 2.2.2.2 activate neighbor 2.2.2.2 send-community both exit-address-family !
We now have setup BGP between the PE routers. We have also configured BGP to send the Community under the VPNv4 process. We now need to redistribute EIGRP routes into BGP and BGP back into EIGRP. This is done under the address family section of BGP and EIGRP.
PE1 ! router eigrp 1 ! address-family ipv4 vrf CUS redistribute bgp 6500 metric 1500 4000 200 12 1500 exit-address-family ! router bgp 6500 ! address-family ipv4 vrf CUS redistribute eigrp 100 exit-address-family !
PE2 ! router eigrp 1 ! address-family ipv4 vrf CUS redistribute bgp 6500 metric 1500 4000 255 150 1500 exit-address-family ! router bgp 6500 ! address-family ipv4 vrf CUS redistribute eigrp 100 exit-address-family !
Now we have redistributed the routes we now need to check if CE1A has the routes to get to router CE1B’s loopback.
We can see we have learnt 2 EIGRP routes from our neighbour. Now we will try a ping to the loopback address 5.5.5.5 that is on CE1B.
We can see we have a 100% success rate. Now we will check the routing table of the P router to make sure this VRF is private.
We can see the P router does not have a route to the 5.5.5.0 network and it can get there via a ping. Lets to a traceroute from the CE1A router to the CE1B router to see how the packets are going across.
We can see as the route goes across the network it has 2 labels put on it. The first is the label for the provider network (16) and the second is the label for the VPN(19). We can see this on the PE1 router
To get the 5.5.5.0 network we need to at labels 16 and 19. Having a look at the forwarding table on PE1 we can see that the tag 16 is for the loopback of PE2
We have successfully created and verified an MPLS VPN.