4.3 Creating An MdwaPLS VPN - PacketLife

20150220
CreatinganMPLSVPNPacketLife.net
(/)
Welcome,Guest! | Login(/users/login/) | Register(/users/register/)
CreatinganMPLSVPN
Bystretch(/users/stretch/)|Monday,May16,2011at1:17a.m.UTC
Todaywe'regoingtolookattheconfigurationrequiredtocreateabasicMPLSVPNservicingtwocustomers,
each with a presence at two physical sites. If you're unfamiliar with the concepts of MPLS switching and
VRFsonCiscoIOS,youmaywanttocheckoutafewofmypastarticlesbeforecontinuing:
IntrotoVRFlite(/blog/2009/apr/30/introvrflite/)
InterVRFRoutingwithVRFLite(/blog/2010/mar/29/intervrfroutingvrflite/)
GettingtoknowMPLS(/blog/2008/jul/16/gettingtoknowmpls/)
Ourlabtopologylookslikethis:
Asareview,recallthat
P(provider)routersareISPcorerouterswhichdon'tconnecttocustomerroutersandtypicallyrun
http://packetlife.net/blog/2011/may/16/creatingmplsvpn/
1/19
20150220
onlyMPLS
PE(provideredge)routersconnecttocustomersitesandformtheedgeofaVPN
CE(customeredge)routersexistattheedgeofacustomersitetheyhavenoVPNawareness
anIGPrunningamongallPandPEroutersisusedtosupportLDPandBGPadjacencieswithinthe
providernetwork
MPBGPisrunonlyamongPErouters
anIGP(typically)isrunbetweeneachCErouteranditsupstreamPErouter
In our lab, OSPF is already in operation as the provider network IGP. OSPF processes have also been
preconfigured on the CE routers however, these OSPF topologies will remain separate from the provider
OSPF.
TherearefivecoretasksweneedtoaccomplishtogetanMPLSVPNupandrunning:
1. EnableMPLSontheproviderbackbone.
2. CreateVRFsandassignroutedinterfacestothem.
3. ConfigureMPBGPbetweenthePErouters.
4. ConfigureOSPFbetweeneachPErouteranditsattachedCErouters.
5. Enablerouteredistributionbetweenthecustomersitesandthebackbone.
Although plenty of CLI outputs are shown below, you may want to grab the finished router configurations
(http://media.packetlife.net/media/blog/attachments/586/MPLS_VPN_configs.zip)ifyou'dliketoduplicatethe
labonyourown.
EnableMPLS
FirstweneedtoenableMPLSonallPPandPPElinkswiththe mplsip interfacecommand.MPLSisnot
enabled on any CEfacing interfaces CE routers do not run MPLS, just plain IP routing. LDP is enabled
automatically as the default label distribution protocol (versus Cisco's legacy TDP). LDP typically runs
betweenloopbackaddressesnotdirectlyreachablebyLDPpeers,whichiswhyit'simportanttoconfigurean
IGPinthecorebeforeenablingMPLS.
WecanverifytheconfigurationofMPLSinterfaceswith showmplsinterfaces .
P1(config)#interfacef0/1
P1(configif)#mplsip
P1(configif)#interfacef1/0
P1(configif)#mplsip
P1(configif)#doshowmplsinterfaces
InterfaceIPTunnelOperational
FastEthernet0/1Yes(ldp)NoYes
FastEthernet1/0Yes(ldp)NoYes
P2(config)#interfacef0/1
P2(configif)#mplsip
P2(configif)#interfacef1/0
P2(configif)#mplsip
PE1(config)#interfacef1/0
PE1(configif)#mplsip
2/19
20150220
PE2(configif)#mplsip
LDPadjacenciescanbeverifiedwiththecommand showmplsldpneighbor :
P1#showmplsldpneighbor
PeerLDPIdent:10.0.0.2:0;LocalLDPIdent10.0.0.1:0
TCPconnection:10.0.0.2.4511410.0.0.1.646
State:Oper;Msgssent/rcvd:12/13;Downstream
Uptime:00:02:43
LDPdiscoverysources:
FastEthernet0/1,SrcIPaddr:10.0.9.2
AddressesboundtopeerLDPIdent:
10.0.9.210.0.9.910.0.0.2
PeerLDPIdent:10.0.0.3:0;LocalLDPIdent10.0.0.1:0
TCPconnection:10.0.0.3.2032710.0.0.1.646
State:Oper;Msgssent/rcvd:12/12;Downstream
Uptime:00:02:25
LDPdiscoverysources:
FastEthernet1/0,SrcIPaddr:10.0.9.6
AddressesboundtopeerLDPIdent:
10.0.9.610.0.0.3
CreateandAssignVRFs
Our next step is to create customer VRFs on our PE routers and assign the customerfacing interfaces to
them.WeneedtoassigneachVRFaroutedistinguisher(RD)touniquelyidentifyprefixesasbelongingto
that VRF and one or more route targets (RTs) to specify how routes should be imported to and exported
fromtheVRF.
We'llusearoutedistinguisherforeachVRFintheformof<ASN>:<customernumber>.Forsimplicity,we'll
reuse the same value as both an import and export route target within each VRF (though we are free to
chooseadifferentoradditionalroutetargetsifweprefer).VRFconfigurationmustbeperformedonbothPE
routers.
PE1(config)#ipvrfCustomer_A
PE1(configvrf)#rd65000:1
PE1(configvrf)#routetargetboth65000:1
PE1(configvrf)#ipvrfCustomer_B
PE2(config)#ipvrfCustomer_A
PE2(configvrf)#ipvrfCustomer_B
Thecommand routetargetboth isusedasashortcutforthetwocommands routetargetimport and

routetargetexport ,whichappearseparatelyintherunningconfiguration.
3/19
20150220
NowweneedtoassigntheappropriateinterfacestoeachVRFandreapplytheirIPaddresses.(Assigningan
interfacetoaVRFautomaticallywipesitofanyconfiguredIPaddresses.YourversionofIOSmayormaynot
informyouofthiswhenithappens.)Thecommand showipvrfinterfaces canbeusedtoverifyinterface
VRFassignmentandaddressing.
PE1(configif)#ipvrfforwardingCustomer_A
%InterfaceFastEthernet0/0IPaddress10.0.1.1removedduetoenablingVRFCustomer_A
PE1(configif)#ipaddress10.0.1.1255.255.255.252
PE1(configif)#interfacef0/1
PE1(configif)#ipvrfforwardingCustomer_B
%InterfaceFastEthernet0/1IPaddress10.0.1.5removedduetoenablingVRFCustomer_B
PE1(configif)#^Z
PE1#showipvrfinterfaces
InterfaceIPAddressVRFProtocol
Fa0/010.0.1.1Customer_Aup
Fa0/110.0.1.5Customer_Bup
PE2(configif)#ipvrfforwardingCustomer_A
%InterfaceFastEthernet0/0IPaddress10.0.2.1removedduetoenablingVRFCustomer_A
PE2(configif)#interfacef0/1
PE2(configif)#ipvrfforwardingCustomer_B
%InterfaceFastEthernet0/1IPaddress10.0.2.5removedduetoenablingVRFCustomer_B
PE2(configif)#^Z
PE2#showipvrfinterfaces
InterfaceIPAddressVRFProtocol
Fa0/010.0.2.1Customer_Aup
Fa0/110.0.2.5Customer_Bup
ConfigureMPBGPonthePERouters
Thisiswherethingsstarttogetinteresting.InordertoadvertiseVRFroutesfromonePEroutertotheother,
we must configure multiprotocol BGP (MPBGP). MPBGP is a little different from legacy BGP in that it
supportsmultipleaddressfamilies(e.g.IPv4andIPv6)overacommonBGPadjacency.Italsosupportsthe
advertisement of VPN routes, which are longer than normal routes due to the addition of a 64bit route
distinguisher(whichweassignedunderVRFconfiguration).
MPBGPrunsonlyonthePErouters:ProutersrelyentirelyontheproviderIGPandMPLStoforwardtraffic
throughtheprovidernetwork,andCEroutershavenoknowledgeofroutesoutsidetheirownVRF.
MinimalMPBGPconfigurationisprettystraightforward.BothPEroutersexistinBGPAS65000.
PE1(config)#routerbgp65000
PE1(configrouter)#neighbor10.0.0.4remoteas65000
PE1(configrouter)#neighbor10.0.0.4updatesourceloopback0
PE1(configrouter)#addressfamilyvpnv4
PE1(configrouteraf)#neighbor10.0.0.4activate
4/19
20150220
PE2(configrouter)#neighbor10.0.0.3remoteas65000
PE2(configrouter)#neighbor10.0.0.3updatesourceloopback0
PE2(configrouter)#addressfamilyvpnv4
PE2(configrouteraf)#neighbor10.0.0.3activate
If we look at the running configuration of the BGP process on either PE router, we notice that a bit more
configurationthanweprovidedhasappeared:
PE1#showrunningconfig|sectionrouterbgp
routerbgp65000
nosynchronization
bgplogneighborchanges
neighbor10.0.0.4remoteas65000
neighbor10.0.0.4updatesourceLoopback0
noautosummary
!
addressfamilyvpnv4
neighbor10.0.0.4activate
neighbor10.0.0.4sendcommunityextended
exitaddressfamily
!
addressfamilyipv4vrfCustomer_B
nosynchronization
exitaddressfamily
!
addressfamilyipv4vrfCustomer_A
nosynchronization
exitaddressfamily
In addition to our VPNv4 address family, address families for the two customer VRFs have been created
automatically. Also, support for extended community strings has been added to the VPNv4 neighbor
configuration.
Verify that the MPBGP adjacency between PE1 and PE2 was formed successfully with the command
showbgpvpnv4unicastallsummary :
PE1#showbgpvpnv4unicastallsummary
BGProuteridentifier10.0.0.3,localASnumber65000
BGPtableversionis1,mainroutingtableversion1
NeighborVASMsgRcvdMsgSentTblVerInQOutQUp/DownState/PfxRcd
10.0.0.4465000121210000:06:050
Currently,therearenoroutesintheBGPtable,becausewehavenotspecifiedanythingtobeadvertisedor
redistributed,butwe'llgettothatafterthisnextstep.
ConfigurePECEOSPF
We just configured MPBGP between the two PE routers. Now, let's configure an IGP between each PE
routeranditsattachedCErouterstoexchangerouteswiththecustomersites.We'regoingtouseOSPFfor
thislab,butwecouldjustaseasilyuseanotherIGPlikeEIGRPorRIP.
5/19
20150220
Singlearea OSPF has already been configured on the CE routers all CE interfaces are in area 0.
Remember that although we're using OSPF between each of the CE routers and its upstream PE router,
theseOSPFprocessesareisolatedfromtheproviderOSPFtopology.Theoverallroutingtopologywilllook
likethis:
TheproviderOSPFprocesshasalreadybeenconfiguredonthePEroutersasprocess1.We'llconfigurean
additionalOSPFprocessforeachCErouteroneachPErouter.EachPErouterwillthenhavethreeOSPF
processes total: one for the provider network, and one for each CE router. Whereas the provider OSPF
process exists in the global routing table, the two CE processes will each be assigned to their respective
customerVRFs.
PE1(config)#routerospf2vrfCustomer_A
PE1(configrouter)#routerid10.0.1.1
PE1(configrouter)#interfacef0/0
PE1(configif)#ipospf2area0
PE1(configif)#routerospf3vrfCustomer_B
PE2(config)#routerospf2vrfCustomer_A
PE2(configif)#routerospf3vrfCustomer_B
6/19
20150220
We should see each PE router form an OSPF adjacency with both of its attached CE routers, and the
customerroutesshouldappearintheVRFtablesonthePErouters.
PE1#showiproutevrfCustomer_A
RoutingTable:Customer_A
...
172.16.0.0/16isvariablysubnetted,2subnets,2masks
O172.16.1.0/24[110/11]via10.0.1.2,00:04:21,FastEthernet0/0
10.0.0.0/30issubnetted,1subnets
C10.0.1.0isdirectlyconnected,FastEthernet0/0
PE1#showiproutevrfCustomer_B
RoutingTable:Customer_B
...
ConfigureRouteRedistribution
We're almost done! We have our MPLS and MPBGP backbone up and running, and our CE routers are
sendingroutestoourPErouterswithintheirVRFs.Thelaststepistoglueeverythingtogetherbyturningon
routeredistributionfromthecustomersideOSPFprocessesintoMPBGPandviceversaonthePErouters.
Firstwe'llconfigureredistributionofCEroutesineachVRFintoMPBGP.ThisisdoneundertheBGPIPv4
addressfamilyforeachVRF.
PE1(configrouter)#addressfamilyipv4vrfCustomer_A
PE1(configrouteraf)#redistributeospf2
PE1(configrouteraf)#addressfamilyipv4vrfCustomer_B
PE2(configrouter)#addressfamilyipv4vrfCustomer_A
PE2(configrouteraf)#addressfamilyipv4vrfCustomer_B
ThisenablesredistributionofOSPFroutesintoBGPfortransportacrosstheprovidernetworkbetweenthe
two sites. We can verify that the routes learned from the customer sites (the 172.16.0.0/16 and
172.17.0.0/16networks)nowappearintheBGPtablesfortheirrespectiveVRFs.
7/19
20150220
PE1#showipbgpvpnv4vrfCustomer_A
...
NetworkNextHopMetricLocPrfWeightPath
RouteDistinguisher:65000:1(defaultforvrfCustomer_A)
*>10.0.1.0/300.0.0.0032768?
*>i10.0.2.0/3010.0.0.401000?
*>172.16.0.1/3210.0.1.21132768?
*>i172.16.0.2/3210.0.0.4111000?
*>172.16.1.0/2410.0.1.21132768?
*>i172.16.2.0/2410.0.0.4111000?
PE1#showipbgpvpnv4vrfCustomer_B
...
NetworkNextHopMetricLocPrfWeightPath
RouteDistinguisher:65000:2(defaultforvrfCustomer_B)
*>10.0.1.4/300.0.0.0032768?
*>i10.0.2.4/3010.0.0.401000?
*>172.17.0.1/3210.0.1.61132768?
*>i172.17.0.2/3210.0.0.4111000?
*>172.17.1.0/2410.0.1.61132768?
*>i172.17.2.0/2410.0.0.4111000?
The last step is to complete the redistribution in the opposite direction: from BGP into the customer OSPF
processes.Ifyou'reaccustomedtorouteredistribution,there'snothingnewhere.(Wedon'thavetospecify
any VRF information in the redistribution statement because each customer OSPF process is already
assignedtoaVRF.)
PE1(config)#routerospf2
PE1(configrouter)#redistributebgp65000subnets
PE1(configrouter)#routerospf3
PE2(config)#routerospf2
PE2(configrouter)#routerospf3
TestingandConfirmation
Ifhasgonewell,weshouldnowhaveendtoendconnectivitybetweentheCErouterswithineachVRF.Both
routersforeachcustomershouldnowhavecompleteroutingtables.HerearecustomerA'sroutes:
CE1A#showiproute
...
C172.16.1.0/24isdirectlyconnected,Loopback1
OIA172.16.2.0/24[110/21]via10.0.1.1,00:03:50,FastEthernet0/0
OIA10.0.2.0[110/11]via10.0.1.1,00:03:50,FastEthernet0/0
8/19
20150220
CE2A#showiproute
...
OIA10.0.1.0[110/11]via10.0.2.1,00:02:49,FastEthernet0/0
YoumaynoticethatOSPFroutessentbetweentwositesbelongingtothesamecustomerappearasinter
area routes. Remember that although OSPF area 0 is being used at both sites, each site exists as a
separatelinkstatetopologyconnectedbytheMPLSVPN.
WeshouldbeabletopingfromoneCEroutertotheother.(Rememberthatwedon'tneedtospecifyaVRF
whendoingsobecauseCEroutershavenoknowledgethatthey'reinaVRF.)
CE1A#ping172.16.0.2
Typeescapesequencetoabort.
Sending5,100byteICMPEchosto172.16.0.2,timeoutis2seconds:
!!!!!
Successrateis100percent(5/5),roundtripmin/avg/max=12/21/32ms
We can perform a traceroute to verify the path taken as well as the MPLS labels used to traverse the
providernetwork.
CE1A#traceroute172.16.0.2
Typeescapesequencetoabort.
Tracingtherouteto172.16.0.2
110.0.1.14msec4msec8msec
210.0.9.5[MPLS:Labels19/22Exp0]16msec12msec24msec
310.0.9.2[MPLS:Labels19/22Exp0]24msec20msec16msec
410.0.2.1[MPLS:Label22Exp0]20msec16msec24msec
510.0.2.216msec*36msec
Here'sapacketcapture(/captures/traceroute_MPLS.cap)oftheabovetracerouteifyou'reinterestedinhow
the MPLS label information is returned. And again, here are the the finished router configurations
(http://media.packetlife.net/media/blog/attachments/586/MPLS_VPN_configs.zip)ifyou'dliketoreplicatethe
labyourself.
(ThankstoIvanPepelnjak(http://twitter.com/#!/ioshints)ofCiscoIOSHints(http://blog.ioshints.info/)helping
revisethisarticle!)
AbouttheAuthor
9/19
20150220
JeremyStretchisanetworkengineerlivingintheRaleigh
Durham,NorthCarolinaarea.Heisknownforhisblogandcheat
sheetshereatPacketLife.Youcanreachhimbyemail
(/contact/)orfollowhimonTwitter(http://twitter.com/packetlife).
(/users/stretch/)
PostedinMPLS(/blog/category/mpls/),VPN(/blog/category/vpn/)
(http://www.amazon.com/gp/prime/signup/videos?tag=packetlnet20)
Comments
Ace(guest)
May16,2011at3:59a.m.UTC
Thanks...
Daniel(guest)(http://lostintransit.se/)
HiJeremy,
Goodpost.I'mhavingsomeproblemswiththissentence:
"WeneedtoassigneachVRFaroutedistinguisher(RD)touniquelyidentifyprefixesasbelongingtothat
VRFandoneormoreroutetargets(RTs)tospecifyhowroutesshouldbeimportedtoandexportedfromthe
VRF."
Thiscouldbeduetoenglishnotbeingmynativelanguagebutthissoundslikeyou'resayingthatRDdefines
theVPNandthisisnottrue.TheRDonlymakesprefixesuniquebutdoesnotinanywaydefinetheVPN,
that'swhattheRTisfor.
I'msurprisedIvandidn'tcatchthisifhereadthearticle.Couldjustbea
misunderstandingfrommypartoryoushouldrewritethatsentence.
1111oneoneone(guest)
Anexcellentpost.ThanksJeremy.
Alain(/users/Alain/)
Stretch,Asalwaysthereisonlyonewordtodescribethispost:excellent!
Regards,
Alain
10/19
20150220
Trey(guest)
May16,2011at1:12p.m.UTC
IfyoueverplantoimplementIPv6,itsmucheasiertoaddifyouuse"vrfdefinition"insteadof"ipvrf"
vrfdefinitionvrf2
rd2:2
!
addressfamilyipv4
routetargetexport2:2
routetargetimport2:2
exitaddressfamily
Trey
Rob(guest)
thanks
stretch(/users/stretch/)
@Daniel:
Itmustbealanguagebarrierthing.ItsimplymeansthattheRDisusedtomakeroutesunique(e.g.when
customersuseoverlappingaddressspace).
Hussain(guest)
Manythanks!!
Bart(guest)
Yes,RDdoesnothingmorethanmaketheroutesuniquesothatBGPwilldistributethemcorrectly.
PeopleoftengetconfusedabouttheRDbecausenearlyallciscoexamplesIhaveseenusethesameRDon
bothPErouters,givingpeoplethefalseimpressionthatthisisrequired.
YoucanjustaseasilyuseoneRDperVRFperPE.ThatswhatIusuallydoinexamplesjusttoremind
peoplethatRTandRDaretwodifferentthings.
me_rahawan82(/users/me_rahawan82/)
ThanksJeremy,Myhero
reca(guest)
...andsometimesyouwanttouseonlyMPBGPanddonotcarryanyprefixesandthenyouadd"nobgp
defaultipv4unicast"underthe"routerbgp65001"context.
Thanxforthisshortandconcisepost.
11/19
20150220
OmiPR(/users/OmiPR/)
ThanksStretch!IthelpedmealotforMPLSconfigunderstanding!
alpi(guest)(http://ba.linkedin.com/pub/alenpiplica/29/465/415)
Hi,ireadyouryourpostsalmousttwoyearsandimustsayTHANKYOU.Youarethebest.
regards,
Alen
abulanov(/users/abulanov/)
UsingOSPFonPECEislimitedbyanumberofOSPFprocessesonPErouter.Thereareonly32.That
meansyoucannotconnectmorethan30uniqueCEtoonePE
(http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a0080094704.shtml#q46)
ThatswhyOSPFisn'tthebestchoisefor
ISISisnotsupportedthereatall.
amitabha(/users/amitabha/)
THANKYOUforthepostman.HopeyouwilldiscussL2VPN(Martini&Kompella)soon....wearewaiting:)
yelfathi(guest)(http://twitter.com/#!/yelfathi)
Goodintroductioniwilladdtworemarks:
checkipcefbeforeenablingmplsbecausemplsneedsit
creatededicatedloopbacksandforcethemplsrouteridtothem
Thoseavoidyoufrompotentialproblemsyouwillseeaftermorepractices:)
kammu(/users/kammu/)
thankyousomuchJeremy..Itisanexcellentintroductoryconfigtounderstandbasicsofmpls.Youare
great..!
Selasi(guest)
June20,2011at7:07p.m.UTC
ThanksJeremy.Thisexamplehasreallyhelpedmeunderstandtheconceptevenfurther.Writing
BGP+MPLSin3weeks.Wishmewell!
USvpn(guest)
October6,2011at6:07a.m.UTC
Yournetworktopologylooksgreat.Thankyouforsharingthis.
12/19
20150220
Aguest
November4,2011at2:35p.m.UTC
greatpostJeremy,
butmydoubtishowcanIimprovetheusingMPLSVPNs,
IamBrazilianandmyCBTisonthisissue,andI'mstill"raw"
regardingtheissue,Iwouldlikeyourhelp.
waleed143(/users/waleed143/)
January13,2012at6:48p.m.UTC
dearJeremyStretch
Thanksforyourawesomescenario.but1thingismissing,iwasworkingonthistopologyfor4to5hoursbut
myVRFsiteswasnotabletocommunicatewitheachotherandyousaidonthisscenariothat
neighbor10.0.0.4sendcommunity
extended
willgenerateautomatically,butididn't,thenicontactedwithmyfriendhetoldthatputthatcommand
manuallythenitworked.
Sastrt(guest)
Simplysupub!!!Thanksforyourpost...
pswolfwind(/users/pswolfwind/)
March3,2012at3:47a.m.UTC
hiwaleed143,thismaybeaissueinregardstotheiosversion,butismustbeconfigured.Anotherquestion
aboutthiscommandismypracticelabbookstatedthatitmustbeconfiguredtosendcommunity
both.What'sthedifference?
aki(guest)
April19,2012at5:15p.m.UTC
youareawesomejeremy!!!!!!thanksforbeinalifesaver
Karthik(guest)
HiJeremy,
Thanksforthepost.ItisagreatuseforMPLSbeginnerslikeme.
Onesmallquery.YouhadmentionedthatanIGPneedstorunatcore(thatis,betweenPEroutersandP
routersOSPFmostly).ThisisneededforPErouterstobelievethatIGPconnectivityisavailableandthey
canproceedwithexchangingtheprefixes.
Butinconfigurationyouhavenotconfiguredthat.Idounderstandthatitisresponsiblityoftheservice
providersinreallifetoconfiguretheIGPsatthecore.
13/19
20150220
However,fortheaboveexampleconfiguration,canyoupleaseconfirmthatwemustconfiguretheIGP
(preferrablyOSPF)atthecoreincasefortheaboveconfigurationtowork.
Pleaseguide.Thanksagainforyourwonderfulpieceofwork.
jh0n(guest)
September5,2012at6:38a.m.UTC
Hi,Jeremy
thisisthesecondtimeIreadyourarticleandallofyourinstructionworkreallywell!!
BigthankstoyouJeremy.
forPEProuter,youmustenabletheIGP(inyourcaseandmycaseisOSPF)tobeabletoadvertisethe
LDPthoughallthePandPErouterbyexecutingsomecommands.
routerospf8
mplsldpsync
mplsldpautoconfigarea0
routerid10.28.1.111
logadjacencychanges
area0authentication
network10.0.0.00.255.255.255area0
Clikc(guest)
October19,2012at7:24p.m.UTC
Heyman,thanksforthisgreattutorial,beenbangingmyheadtoreallyfindoutwhatexactlygoesoninthe
"cloud"
Anonymous(guest)
Excellenttutorial!!!
imranjan(/users/imranjan/)
December4,2012at7:52a.m.UTC
HiStretch,
Thankyoufortheforumwithsomuchinformationalmaterialandthesehelpfularticles.
Iwastryingtopracticethesameconceptwithsomeothertopologyandhadfacedoneissuewhichiam
facingwiththisoneaswell.
NowIconfiguredthislabasyouexplainedindetailedbutstillthesameissuethatis,iamgettingroutesfrom
theothersitebutiamnotabletopingthatnetwork/othersite.
Iverifiedtheconfigsomanytimes.Routingtablesandconfigallareasyoumentionedeventheniamnot
abletoreachtheothersite.
Whatcanbethepossiblereason
Regards/Imran
14/19
20150220
Stevec(guest)
December13,2012at2:03p.m.UTC
Shouldn'tthefinaltraceroutebeperformedfromPE1andnotCE1A,CE1Awon'tseetheMPLSlables.
lsantiago77(guest)(http://luichisantiago.blogspot/)
excellentpoststretch,justpurelyexcellent
nandanandan(guest)
February1,2013at12:04p.m.UTC
Hi,
Thisisreallyanicelab.
HelpedmeprettymuchinlearningPECEtopology.
Thanks
Bruce(guest)
Couldyoupleaseexplainwhythetracerouteoutputshowthefollowingoutput.
410.0.2.1[MPLS:Label22Exp0]20msec16msec24msec
Whywecan'tseethefollowingoutputinsteadtheoneabove?
410.0.9.10[MPLS:Label?Exp0]20msec16msec24msec
Victor(guest)
March11,2013at1:42p.m.UTC
CanyoupleasedoashowmplsinformationtablesowecanseetheactionforthattheLSRisgoingtotake
whenitforwardsthepacketdowntheLSP?
Thanks.
charles(guest)
youbrokeitdowninitssimplestterms.ThankyouJeremy
Heresy
rogue(guest)
April19,2013at6:25a.m.UTC
God.JustGod=)
Aguest
April26,2013at8:48a.m.UTC
verynice
15/19
20150220
Bob(guest)
ivegonethroughthislabwhichiswikid.
ButimhavingissuesCE1Acantping172.16.0.2likeinthetutorial.Imseeingalltherouteswhenidoashow
ipbgpvpnv4vrfCustomer_A&forBbutstillnothing.ImverynewonMPLSandIwouldliketotakeittothe
nextlevel.Anyhelpwouldbeamazing.
Thanks
Aguest
Thankyouverymuch.
ItstrugglesmewhilelookingtotheCiscomanual
Fez(guest)
July25,2013at11:56p.m.UTC
thanksmate..veryuseful!!
Mike(guest)
August10,2013at10:07p.m.UTC
Bobihaveananswertoyouandtoanyonewhocan'treplicatethistopologywithsuccessfulpingbetween
sites.
%BGP4VPNV4NH_MASK:Nexthop[IP_address]maynotbereachablefromneigbor[IP_address]not/32
mask
ExplanationAVPNv4routeisbeingsenttotheIBGPneighbor.Theaddressofthenexthopisaloopback
interfacethatdoesnothavea/32maskdefined.OSPFisbeingusedonthisloopbackinterface,andthe
OSPFnetworktypeofthisinterfaceisLOOPBACK.OSPFadvertisesthisIPaddressasahostroute(with
mask/32),regardlessofwhatmaskisconfigured.ThisadvertisingconflictswithTDP,whichusesconfigured
masks,sotheTDPneighborsmaynotreceiveatagfortherouteindicatedinthiserrormessage.This
conditioncouldbreakconnectivitybetweensitesthatbelongtothesameVPN.
RecommendedActionConfiguretheloopbackthatisbeingusedasthenexthoploopbacktousea32bit
networkmask(/32),orsetthenetworktypetopointtopointbyenteringtheipospfnetworkpointtopoint
command.
Theexplanationisquitesimple:OSPFannouncedtheloopbackIPaddressesashostroutes(/32).LDPwas
expectingtofinda/24addressattheroutingtable.Sinceitcouldntfindit,itdidntadvertisealabelforthis
FEC!!
kari(/users/kari/)
October31,2013at3:58p.m.UTC
howcaniusetheseconfigfilesingns3?
Mat(guest)(http://cisqueros.blogspot.com/)
December27,2013at9:51a.m.UTC
Nicepost,thanks!LikeabriefinstructionsforISPs:)
muhammadkhan(guest)
16/19
20150220
December31,2013at2:06p.m.UTC
Can'tthankyouthatmuchthatyoudeserve.
Topone,Jeremy...
Rod(guest)
Thanks!!!
Ahmad(guest)
Thanks)
Kara(guest)
Tnxman,ithelpedmealot!!!!
Cheers!
DavidMitchell(guest)
ThanksforagreatwriteuponMPLSVPN.IreadyourVRFandMPLSguidesfirstandtheytooareverywell
writtenandeasytounderstand.
Thanksagain,
Mitchell
CaesarLouis(guest)
thankyou
mpjassal(/users/mpjassal/)
July6,2014at9:23p.m.UTC
whatifihavefourPErotersthenhowsmyconfigurationwillbeeffectedcomparetothisone...?
Amit(guest)(http://www.cisco.com/c/en/us/td/docs/iosxml/ios/mp_l3_vpns/configuration/15mt/mpl3vpns
15mtbook/mpvpnsupporteigrpbetwpece.html#GUID9B532DAFCAC14C5D8382C21395512D18)
August11,2014at5:22p.m.UTC
Hithere,needhelp.IhavecreatedtheMPLStopologywithEIGRP...it'sallworking.Yourarticleisgreatand
Ididallconfigstill""showbgpvpnv4unicastallsummary"andallworkinggreat.HoweverIdon'tknowbut
OSPFisjustnotworkingandhenceIneedtoconnectCEusingEIGRP..Canyoupleasewithconfiguration
requiredatCEandPEwithEIGRP...IdidvisitcisolinksforEIGRPconfigsonPEandCEbutIamdoing
somethingwrong.....canyoupleasehelp!!
Dalip(guest)
September11,2014at10:34a.m.UTC
17/19
20150220
Howwecreatel3mplsvpnforcustomershavingmorethantwosites?Doweneedtocreateseparatepoint
topointpathsbydefininganewvrfatPErouter?
Jawwad(guest)
September23,2014at8:53p.m.UTC
Greatexplaination!Makesodifficultthingsoeasiertounderstand
tarakgupta(/users/tarakgupta/)
GreatThankyou
freealx(guest)(http://blog.ine.com/2010/04/08/ashamlinkreallyyesanditsnotusedforphishing/)
Hi,veryniceorderedexplanationgreatwork!Oneproposition.Intheendofthearticleyouarepointingon
theinterareatypeoftheOSPFroutes.Probablythat'sthebestplacetomakesomereferencetotheOSPF
shamlink...Greets!
deadman(guest)
excellent
praveen(guest)
January28,2015at10:24a.m.UTC
IsitpossibletouserealinterfaceinsteadofusingloopbackinterfaceinMPBGPconfiuration?
Ashish(guest)
Anicepost...
JaviL(guest)
Verynicepost,ididlearnalotwiththislabongns3.
LeaveaComment
Guestname
Guestname
Guestemail
Guestemail
Optionalwillnotbedisplayedpubliclyorgivenout.
GuestURL
GuestURL
18/19
20150220
GuestURL
Nocommerciallinks.Onlypersonal(e.g.blog,Twitter,orLinkedIn)and/orontopiclinks,please.
Comment
Comment
Challenge
HowmanybytesinlengthisaUDPheader?
Challenge
Save Preview
Home(/) | Blog(/blog/) | CheatSheets(/library/cheatsheets/) | Captures(/captures/) |

Armory(/armory/) | Toolbox(/toolbox/) | Bookshelf(/bookshelf/) | ContactMe(/contact/) |
About(/about/)
Morecoolstuff
networkingforum.com(http://networkingforum.com/) | r/Networking(http://www.reddit.com/r/networking/) |
Internetworkpro(http://inetpro.org/wiki/) | firewall.cx(http://firewall.cx/) |
NetworkEngineering@StackExchange(http://networkengineering.stackexchange.com/)
19/19

4.3 Creating An MdwaPLS VPN - PacketLife

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

4.3 Creating An MdwaPLS VPN - PacketLife

Hochgeladen von

Copyright:

Verfügbare Formate

20150220

Welcome,Guest! | Login(/users/login/) | Register(/users/register/)

Thecommand routetargetboth isusedasashortcutforthetwocommands routetargetimport and

Home(/) | Blog(/blog/) | CheatSheets(/library/cheatsheets/) | Captures(/captures/) |

Das könnte Ihnen auch gefallen