Multi-Protocol Label Switching Based VPN

2016/1/7 CreatinganMPLSVPNPacketLife.
net
(/)
Creating Welcome,Guest! | Login(/users/login/) | Register(/users/register/)
anMPLS
VPN
Bystretch(/users/stretch/)|Monday,May16,2011at1:17a.m.UTC
Todaywe'regoingtolookattheconfigurationrequiredtocreateabasicMPLSVPNservicing
two customers, each with a presence at two physical sites. If you're unfamiliar with the
conceptsofMPLSswitchingandVRFsonCiscoIOS,youmaywanttocheckoutafewofmy
pastarticlesbeforecontinuing:
IntrotoVRFlite(/blog/2009/apr/30/introvrflite/)
InterVRFRoutingwithVRFLite(/blog/2010/mar/29/intervrfroutingvrflite/)
GettingtoknowMPLS(/blog/2008/jul/16/gettingtoknowmpls/)
Ourlabtopologylookslikethis:
http://packetlife.net/blog/2011/may/16/creatingmplsvpn/ 1/23
2016/1/7 CreatinganMPLSVPNPacketLife.net
Asareview,recallthat
P(provider)routersareISPcorerouterswhichdon'tconnecttocustomerroutersand
typicallyrunonlyMPLS
PE(provideredge)routersconnecttocustomersitesandformtheedgeofaVPN
CE(customeredge)routersexistattheedgeofacustomersitetheyhavenoVPN
awareness
anIGPrunningamongallPandPEroutersisusedtosupportLDPandBGP
adjacencieswithintheprovidernetwork
MPBGPisrunonlyamongPErouters
anIGP(typically)isrunbetweeneachCErouteranditsupstreamPErouter
Inourlab,OSPFisalreadyinoperationastheprovidernetworkIGP.OSPFprocesseshave
also been preconfigured on the CE routers however, these OSPF topologies will remain
separatefromtheproviderOSPF.
TherearefivecoretasksweneedtoaccomplishtogetanMPLSVPNupandrunning:
1. EnableMPLSontheproviderbackbone.
2. CreateVRFsandassignroutedinterfacestothem.
3. ConfigureMPBGPbetweenthePErouters.
4. ConfigureOSPFbetweeneachPErouteranditsattachedCErouters.
5. Enablerouteredistributionbetweenthecustomersitesandthebackbone.
Although plenty of CLI outputs are shown below, you may want to grab the finished router
configurations
(http://media.packetlife.net/media/blog/attachments/586/MPLS_VPN_configs.zip) if you'd like
toduplicatethelabonyourown.
EnableMPLS
FirstweneedtoenableMPLSonallPPandPPElinkswiththe mplsip interfacecommand.
MPLSisnotenabledonanyCEfacinginterfacesCEroutersdonotrunMPLS,justplainIP
routing.LDPisenabledautomaticallyasthedefaultlabeldistributionprotocol(versusCisco's
legacy TDP). LDP typically runs between loopback addresses not directly reachable by LDP
peers,whichiswhyit'simportanttoconfigureanIGPinthecorebeforeenablingMPLS.
WecanverifytheconfigurationofMPLSinterfaceswith showmplsinterfaces .
P1(config)#interfacef0/1
P1(configif)#mplsip
P1(configif)#interfacef1/0
P1(configif)#mplsip
P1(configif)#doshowmplsinterfaces
InterfaceIPTunnelOperational
FastEthernet0/1Yes(ldp)NoYes
FastEthernet1/0Yes(ldp)NoYes
P2(config)#interfacef0/1
P2(configif)#mplsip
P2(configif)#interfacef1/0
P2(configif)#mplsip
PE1(config)#interfacef1/0
PE1(configif)#mplsip
PE2(configif)#mplsip
LDPadjacenciescanbeverifiedwiththecommand showmplsldpneighbor :
P1#showmplsldpneighbor
PeerLDPIdent:10.0.0.2:0;LocalLDPIdent10.0.0.1:0
TCPconnection:10.0.0.2.4511410.0.0.1.646
State:Oper;Msgssent/rcvd:12/13;Downstream
Uptime:00:02:43
LDPdiscoverysources:
FastEthernet0/1,SrcIPaddr:10.0.9.2
AddressesboundtopeerLDPIdent:
10.0.9.210.0.9.910.0.0.2
PeerLDPIdent:10.0.0.3:0;LocalLDPIdent10.0.0.1:0
TCPconnection:10.0.0.3.2032710.0.0.1.646
State:Oper;Msgssent/rcvd:12/12;Downstream
Uptime:00:02:25
LDPdiscoverysources:
FastEthernet1/0,SrcIPaddr:10.0.9.6
AddressesboundtopeerLDPIdent:
10.0.9.610.0.0.3
CreateandAssignVRFs
OurnextstepistocreatecustomerVRFsonourPEroutersandassignthecustomerfacing
interfacestothem.WeneedtoassigneachVRFaroutedistinguisher(RD)touniquelyidentify
prefixesasbelongingtothatVRFandoneormoreroutetargets(RTs)tospecifyhowroutes
shouldbeimportedtoandexportedfromtheVRF.
We'llusearoutedistinguisherforeachVRFintheformof<ASN>:<customernumber>.For
simplicity, we'll reuse the same value as both an import and export route target within each
VRF (though we are free to choose a different or additional route targets if we prefer). VRF
configurationmustbeperformedonbothPErouters.
PE1(config)#ipvrfCustomer_A
PE1(configvrf)#rd65000:1
PE1(configvrf)#routetargetboth65000:1
PE1(configvrf)#ipvrfCustomer_B
PE2(config)#ipvrfCustomer_A
PE2(configvrf)#ipvrfCustomer_B
The command routetarget both is used as a shortcut for the two commands
routetarget import and routetarget export , which appear separately in the running
configuration.
Now we need to assign the appropriate interfaces to each VRF and reapply their IP
addresses. (Assigning an interface to a VRF automatically wipes it of any configured IP
addresses. Your version of IOS may or may not inform you of this when it happens.) The
command show ip vrf interfaces can be used to verify interface VRF assignment and
addressing.
PE1(configif)#ipvrfforwardingCustomer_A
%InterfaceFastEthernet0/0IPaddress10.0.1.1removedduetoenablingVRFCust
omer_A
PE1(configif)#ipaddress10.0.1.1255.255.255.252
PE1(configif)#interfacef0/1
PE1(configif)#ipvrfforwardingCustomer_B
omer_B
PE1(configif)#^Z
PE1#showipvrfinterfaces
InterfaceIPAddressVRFProtocol
Fa0/010.0.1.1Customer_Aup
Fa0/110.0.1.5Customer_Bup
PE2(configif)#ipvrfforwardingCustomer_A
omer_A
PE2(configif)#interfacef0/1
PE2(configif)#ipvrfforwardingCustomer_B
omer_B
PE2(configif)#^Z
PE2#showipvrfinterfaces
InterfaceIPAddressVRFProtocol
Fa0/010.0.2.1Customer_Aup
Fa0/110.0.2.5Customer_Bup
ConfigureMPBGPonthePERouters
This is where things start to get interesting. In order to advertise VRF routes from one PE
router to the other, we must configure multiprotocol BGP (MPBGP). MPBGP is a little
differentfromlegacyBGPinthatitsupportsmultipleaddressfamilies(e.g.IPv4andIPv6)over
acommonBGPadjacency.ItalsosupportstheadvertisementofVPNroutes,whicharelonger
than normal routes due to the addition of a 64bit route distinguisher (which we assigned
underVRFconfiguration).
MPBGPrunsonlyonthePErouters:ProutersrelyentirelyontheproviderIGPandMPLSto
forward traffic through the provider network, and CE routers have no knowledge of routes
outsidetheirownVRF.
Minimal MPBGP configuration is pretty straightforward. Both PE routers exist in BGP AS

65000.
PE1(config)#routerbgp65000
PE1(configrouter)#neighbor10.0.0.4remoteas65000
PE1(configrouter)#neighbor10.0.0.4updatesourceloopback0
PE1(configrouter)#addressfamilyvpnv4
PE1(configrouteraf)#neighbor10.0.0.4activate
PE2(configrouter)#neighbor10.0.0.3remoteas65000
PE2(configrouter)#neighbor10.0.0.3updatesourceloopback0
PE2(configrouter)#addressfamilyvpnv4
PE2(configrouteraf)#neighbor10.0.0.3activate
IfwelookattherunningconfigurationoftheBGPprocessoneitherPErouter,wenoticethata
bitmoreconfigurationthanweprovidedhasappeared:
PE1#showrunningconfig|sectionrouterbgp
routerbgp65000
nosynchronization
bgplogneighborchanges
neighbor10.0.0.4remoteas65000
neighbor10.0.0.4updatesourceLoopback0
noautosummary
!
addressfamilyvpnv4
neighbor10.0.0.4activate
neighbor10.0.0.4sendcommunityextended
exitaddressfamily
!
addressfamilyipv4vrfCustomer_B
nosynchronization
exitaddressfamily
!
addressfamilyipv4vrfCustomer_A
nosynchronization
exitaddressfamily
In addition to our VPNv4 address family, address families for the two customer VRFs have
beencreatedautomatically.Also,supportforextendedcommunitystringshasbeenaddedto
theVPNv4neighborconfiguration.
Verify that the MPBGP adjacency between PE1 and PE2 was formed successfully with the
command showbgpvpnv4unicastallsummary :
PE1#showbgpvpnv4unicastallsummary
BGProuteridentifier10.0.0.3,localASnumber65000
BGPtableversionis1,mainroutingtableversion1
NeighborVASMsgRcvdMsgSentTblVerInQOutQUp/DownState/PfxRcd
10.0.0.4465000121210000:06:050
Currently,therearenoroutesintheBGPtable,becausewehavenotspecifiedanythingtobe
advertisedorredistributed,butwe'llgettothatafterthisnextstep.
ConfigurePECEOSPF
WejustconfiguredMPBGPbetweenthetwoPErouters.Now,let'sconfigureanIGPbetween
eachPErouteranditsattachedCErouterstoexchangerouteswiththecustomersites.We're
goingtouseOSPFforthislab,butwecouldjustaseasilyuseanotherIGPlikeEIGRPorRIP.
Singlearea OSPF has already been configured on the CE routers all CE interfaces are in
area 0. Remember that although we're using OSPF between each of the CE routers and its
upstream PE router, these OSPF processes are isolated from the provider OSPF topology.
Theoverallroutingtopologywilllooklikethis:
The provider OSPF process has already been configured on the PE routers as process 1.
We'll configure an additional OSPF process for each CE router on each PE router. Each PE
router will then have three OSPF processes total: one for the provider network, and one for
eachCErouter.WhereastheproviderOSPFprocessexistsintheglobalroutingtable,thetwo
CEprocesseswilleachbeassignedtotheirrespectivecustomerVRFs.
PE1(config)#routerospf2vrfCustomer_A
PE1(configrouter)#routerid10.0.1.1
PE1(configrouter)#interfacef0/0
PE1(configif)#ipospf2area0
PE1(configif)#routerospf3vrfCustomer_B
PE2(config)#routerospf2vrfCustomer_A
PE2(configif)#routerospf3vrfCustomer_B
WeshouldseeeachPErouterformanOSPFadjacencywithbothofitsattachedCErouters,
andthecustomerroutesshouldappearintheVRFtablesonthePErouters.
PE1#showiproutevrfCustomer_A
RoutingTable:Customer_A
...
172.16.0.0/16isvariablysubnetted,2subnets,2masks
O172.16.1.0/24[110/11]via10.0.1.2,00:04:21,FastEthernet0/0
10.0.0.0/30issubnetted,1subnets
C10.0.1.0isdirectlyconnected,FastEthernet0/0
PE1#showiproutevrfCustomer_B
RoutingTable:Customer_B
...
ConfigureRouteRedistribution
We'realmostdone!WehaveourMPLSandMPBGPbackboneupandrunning,andourCE
routers are sending routes to our PE routers within their VRFs. The last step is to glue
everythingtogetherbyturningonrouteredistributionfromthecustomersideOSPFprocesses
intoMPBGPandviceversaonthePErouters.
Firstwe'llconfigureredistributionofCEroutesineachVRFintoMPBGP.Thisisdoneunder
theBGPIPv4addressfamilyforeachVRF.
PE1(configrouter)#addressfamilyipv4vrfCustomer_A
PE1(configrouteraf)#redistributeospf2
PE1(configrouteraf)#addressfamilyipv4vrfCustomer_B
PE2(configrouter)#addressfamilyipv4vrfCustomer_A
PE2(configrouteraf)#addressfamilyipv4vrfCustomer_B
ThisenablesredistributionofOSPFroutesintoBGPfortransportacrosstheprovidernetwork
between the two sites. We can verify that the routes learned from the customer sites (the
172.16.0.0/16and172.17.0.0/16networks)nowappearintheBGPtablesfortheirrespective
VRFs.
PE1#showipbgpvpnv4vrfCustomer_A
...
NetworkNextHopMetricLocPrfWeightPath
RouteDistinguisher:65000:1(defaultforvrfCustomer_A)
*>10.0.1.0/300.0.0.0032768?
*>i10.0.2.0/3010.0.0.401000?
*>172.16.0.1/3210.0.1.21132768?
*>i172.16.0.2/3210.0.0.4111000?
*>172.16.1.0/2410.0.1.21132768?
*>i172.16.2.0/2410.0.0.4111000?
PE1#showipbgpvpnv4vrfCustomer_B
...
NetworkNextHopMetricLocPrfWeightPath
RouteDistinguisher:65000:2(defaultforvrfCustomer_B)
*>10.0.1.4/300.0.0.0032768?
*>i10.0.2.4/3010.0.0.401000?
*>172.17.0.1/3210.0.1.61132768?
*>i172.17.0.2/3210.0.0.4111000?
*>172.17.1.0/2410.0.1.61132768?
*>i172.17.2.0/2410.0.0.4111000?
The last step is to complete the redistribution in the opposite direction: from BGP into the
customer OSPF processes. If you're accustomed to route redistribution, there's nothing new
here. (We don't have to specify any VRF information in the redistribution statement because
eachcustomerOSPFprocessisalreadyassignedtoaVRF.)
PE1(config)#routerospf2
PE1(configrouter)#redistributebgp65000subnets
PE1(configrouter)#routerospf3
PE2(config)#routerospf2
PE2(configrouter)#routerospf3
TestingandConfirmation
Ifhasgonewell,weshouldnowhaveendtoendconnectivitybetweentheCErouterswithin
eachVRF.Bothroutersforeachcustomershouldnowhavecompleteroutingtables.Hereare
customerA'sroutes:
CE1A#showiproute
...
C172.16.1.0/24isdirectlyconnected,Loopback1
OIA172.16.2.0/24[110/21]via10.0.1.1,00:03:50,FastEthernet0/0
OIA10.0.2.0[110/11]via10.0.1.1,00:03:50,FastEthernet0/0
CE2A#showiproute
...
OIA10.0.1.0[110/11]via10.0.2.1,00:02:49,FastEthernet0/0
You may notice that OSPF routes sent between two sites belonging to the same customer
appear as interarea routes. Remember that although OSPF area 0 is being used at both
sites,eachsiteexistsasaseparatelinkstatetopologyconnectedbytheMPLSVPN.
WeshouldbeabletopingfromoneCEroutertotheother.(Rememberthatwedon'tneedto
specifyaVRFwhendoingsobecauseCEroutershavenoknowledgethatthey'reinaVRF.)
CE1A#ping172.16.0.2
Typeescapesequencetoabort.
Sending5,100byteICMPEchosto172.16.0.2,timeoutis2seconds:
!!!!!
Successrateis100percent(5/5),roundtripmin/avg/max=12/21/32ms
We can perform a traceroute to verify the path taken as well as the MPLS labels used to
traversetheprovidernetwork.
CE1A#traceroute172.16.0.2
Typeescapesequencetoabort.
Tracingtherouteto172.16.0.2
110.0.1.14msec4msec8msec
210.0.9.5[MPLS:Labels19/22Exp0]16msec12msec24msec
310.0.9.2[MPLS:Labels19/22Exp0]24msec20msec16msec
410.0.2.1[MPLS:Label22Exp0]20msec16msec24msec
510.0.2.216msec*36msec
Here's a packet capture (/captures/traceroute_MPLS.cap) of the above traceroute if you're

interestedinhowtheMPLSlabelinformationisreturned.Andagain,herearethethefinished
router configurations
(http://media.packetlife.net/media/blog/attachments/586/MPLS_VPN_configs.zip) if you'd like
toreplicatethelabyourself.
(Thanks to Ivan Pepelnjak (http://twitter.com/#!/ioshints) of Cisco IOS Hints

(http://blog.ioshints.info/)helpingrevisethisarticle!)
AbouttheAuthor
JeremyStretchisanetworkengineerlivinginthe (/users/stretch/)
RaleighDurham,NorthCarolinaarea.Heisknown
forhisblogandcheatsheetshereatPacketLife.
Youcanreachhimbyemail(/contact/)orfollow
himonTwitter(http://twitter.com/packetlife).
PostedinMPLS(/blog/category/mpls/),VPN(/blog/category/vpn/)
(http://www.amazon.com/gp/prime/signup/videos?tag=packetlnet20)
Comments
Ace(guest)
May16,2011at3:59a.m.UTC
Thanks...
Daniel(guest)(http://lostintransit.se/)
HiJeremy,
Goodpost.I'mhavingsomeproblemswiththissentence:
"WeneedtoassigneachVRFaroutedistinguisher(RD)touniquelyidentifyprefixesas
belongingtothatVRFandoneormoreroutetargets(RTs)tospecifyhowroutesshouldbe
importedtoandexportedfromtheVRF."
Thiscouldbeduetoenglishnotbeingmynativelanguagebutthissoundslikeyou'resaying
thatRDdefinestheVPNandthisisnottrue.TheRDonlymakesprefixesuniquebutdoesnot
inanywaydefinetheVPN,that'swhattheRTisfor.
I'msurprisedIvandidn'tcatchthisifhereadthearticle.Couldjustbea
misunderstandingfrommypartoryoushouldrewritethatsentence.
1111oneoneone(guest)
Anexcellentpost.ThanksJeremy.
Alain(/users/Alain/)
Stretch,Asalwaysthereisonlyonewordtodescribethispost:excellent!
Regards,
Alain
Trey(guest)
May16,2011at1:12p.m.UTC
IfyoueverplantoimplementIPv6,itsmucheasiertoaddifyouuse"vrfdefinition"insteadof
"ipvrf"
vrfdefinitionvrf2
rd2:2
!
addressfamilyipv4
routetargetexport2:2
routetargetimport2:2
exitaddressfamily

Trey
Rob(guest)
thanks
stretch(/users/stretch/)
@Daniel:
Itmustbealanguagebarrierthing.ItsimplymeansthattheRDisusedtomakeroutesunique
(e.g.whencustomersuseoverlappingaddressspace).
Hussain(guest)
Manythanks!!
Bart(guest)
Yes,RDdoesnothingmorethanmaketheroutesuniquesothatBGPwilldistributethem
correctly.
PeopleoftengetconfusedabouttheRDbecausenearlyallciscoexamplesIhaveseenuse
thesameRDonbothPErouters,givingpeoplethefalseimpressionthatthisisrequired.
YoucanjustaseasilyuseoneRDperVRFperPE.ThatswhatIusuallydoinexamplesjustto
remindpeoplethatRTandRDaretwodifferentthings.
me_rahawan82(/users/me_rahawan82/)
ThanksJeremy,Myhero
reca(guest)
...andsometimesyouwanttouseonlyMPBGPanddonotcarryanyprefixesandthenyou
add"nobgpdefaultipv4unicast"underthe"routerbgp65001"context.
Thanxforthisshortandconcisepost.
OmiPR(/users/OmiPR/)
ThanksStretch!IthelpedmealotforMPLSconfigunderstanding!
alpi(guest)(http://ba.linkedin.com/pub/alenpiplica/29/465/415)
Hi,ireadyouryourpostsalmousttwoyearsandimustsayTHANKYOU.Youarethebest.
regards,
Alen
abulanov(/users/abulanov/)
UsingOSPFonPECEislimitedbyanumberofOSPFprocessesonPErouter.Thereare
only32.Thatmeansyoucannotconnectmorethan30uniqueCEtoonePE
(http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a0080094704.shtml#q46)
ThatswhyOSPFisn'tthebestchoisefor
ISISisnotsupportedthereatall.
amitabha(/users/amitabha/)
THANKYOUforthepostman.HopeyouwilldiscussL2VPN(Martini&Kompella)soon....we
arewaiting:)
yelfathi(guest)(http://twitter.com/#!/yelfathi)
Goodintroductioniwilladdtworemarks:
checkipcefbeforeenablingmplsbecausemplsneedsit
creatededicatedloopbacksandforcethemplsrouteridtothem
Thoseavoidyoufrompotentialproblemsyouwillseeaftermorepractices:)
kammu(/users/kammu/)
thankyousomuchJeremy..Itisanexcellentintroductoryconfigtounderstandbasicsofmpls.
Youaregreat..!
Selasi(guest)
June20,2011at7:07p.m.UTC
ThanksJeremy.Thisexamplehasreallyhelpedmeunderstandtheconceptevenfurther.
WritingBGP+MPLSin3weeks.Wishmewell!
USvpn(guest)
October6,2011at6:07a.m.UTC
Yournetworktopologylooksgreat.Thankyouforsharingthis.
Aguest
November4,2011at2:35p.m.UTC
greatpostJeremy,
butmydoubtishowcanIimprovetheusingMPLSVPNs,
IamBrazilianandmyCBTisonthisissue,andI'mstill"raw"
regardingtheissue,Iwouldlikeyourhelp.
waleed143(/users/waleed143/)
January13,2012at6:48p.m.UTC
dearJeremyStretch
Thanksforyourawesomescenario.but1thingismissing,iwasworkingonthistopologyfor4
to5hoursbutmyVRFsiteswasnotabletocommunicatewitheachotherandyousaidonthis
scenariothat
neighbor10.0.0.4sendcommunity
extended
willgenerateautomatically,butididn't,thenicontactedwithmyfriendhetoldthatputthat
commandmanuallythenitworked.
Sastrt(guest)
Simplysupub!!!Thanksforyourpost...
pswolfwind(/users/pswolfwind/)
March3,2012at3:47a.m.UTC
hiwaleed143,thismaybeaissueinregardstotheiosversion,butismustbe
configured.Anotherquestionaboutthiscommandismypracticelabbookstatedthatitmustbe
configuredtosendcommunityboth.What'sthedifference?
aki(guest)
April19,2012at5:15p.m.UTC
youareawesomejeremy!!!!!!thanksforbeinalifesaver
Karthik(guest)
HiJeremy,
Thanksforthepost.ItisagreatuseforMPLSbeginnerslikeme.
Onesmallquery.YouhadmentionedthatanIGPneedstorunatcore(thatis,betweenPE
routersandProutersOSPFmostly).ThisisneededforPErouterstobelievethatIGP
connectivityisavailableandtheycanproceedwithexchangingtheprefixes.
Butinconfigurationyouhavenotconfiguredthat.Idounderstandthatitisresponsiblityofthe
serviceprovidersinreallifetoconfiguretheIGPsatthecore.
However,fortheaboveexampleconfiguration,canyoupleaseconfirmthatwemustconfigure
theIGP(preferrablyOSPF)atthecoreincasefortheaboveconfigurationtowork.
Pleaseguide.Thanksagainforyourwonderfulpieceofwork.
jh0n(guest)
September5,2012at6:38a.m.UTC
Hi,Jeremy
thisisthesecondtimeIreadyourarticleandallofyourinstructionworkreallywell!!
BigthankstoyouJeremy.
forPEProuter,youmustenabletheIGP(inyourcaseandmycaseisOSPF)tobeableto
advertisetheLDPthoughallthePandPErouterbyexecutingsomecommands.
routerospf8
mplsldpsync
mplsldpautoconfigarea0
routerid10.28.1.111
logadjacencychanges
area0authentication
network10.0.0.00.255.255.255area0
Clikc(guest)
October19,2012at7:24p.m.UTC
Heyman,thanksforthisgreattutorial,beenbangingmyheadtoreallyfindoutwhatexactly
goesoninthe"cloud"
Anonymous(guest)
Excellenttutorial!!!
imranjan(/users/imranjan/)
December4,2012at7:52a.m.UTC
HiStretch,
Thankyoufortheforumwithsomuchinformationalmaterialandthesehelpfularticles.
Iwastryingtopracticethesameconceptwithsomeothertopologyandhadfacedoneissue
whichiamfacingwiththisoneaswell.
NowIconfiguredthislabasyouexplainedindetailedbutstillthesameissuethatis,iam
gettingroutesfromtheothersitebutiamnotabletopingthatnetwork/othersite.
Iverifiedtheconfigsomanytimes.Routingtablesandconfigallareasyoumentionedeven
theniamnotabletoreachtheothersite.
Whatcanbethepossiblereason
Regards/Imran
Stevec(guest)
December13,2012at2:03p.m.UTC
Shouldn'tthefinaltraceroutebeperformedfromPE1andnotCE1A,CE1Awon'tseethe
MPLSlables.
lsantiago77(guest)(http://luichisantiago.blogspot/)
excellentpoststretch,justpurelyexcellent
nandanandan(guest)
February1,2013at12:04p.m.UTC
Hi,
Thisisreallyanicelab.
HelpedmeprettymuchinlearningPECEtopology.
Thanks
Bruce(guest)
Couldyoupleaseexplainwhythetracerouteoutputshowthefollowingoutput.
410.0.2.1[MPLS:Label22Exp0]20msec16msec24msec
Whywecan'tseethefollowingoutputinsteadtheoneabove?
410.0.9.10[MPLS:Label?Exp0]20msec16msec24msec
Victor(guest)
March11,2013at1:42p.m.UTC
CanyoupleasedoashowmplsinformationtablesowecanseetheactionforthattheLSRis
goingtotakewhenitforwardsthepacketdowntheLSP?
Thanks.
charles(guest)
youbrokeitdowninitssimplestterms.ThankyouJeremy
Heresy
rogue(guest)
April19,2013at6:25a.m.UTC
God.JustGod=)
Aguest
April26,2013at8:48a.m.UTC
verynice
Bob(guest)
ivegonethroughthislabwhichiswikid.
ButimhavingissuesCE1Acantping172.16.0.2likeinthetutorial.Imseeingalltheroutes
whenidoashowipbgpvpnv4vrfCustomer_A&forBbutstillnothing.ImverynewonMPLS
andIwouldliketotakeittothenextlevel.Anyhelpwouldbeamazing.
Thanks
Aguest
Thankyouverymuch.
ItstrugglesmewhilelookingtotheCiscomanual
Fez(guest)
July25,2013at11:56p.m.UTC
thanksmate..veryuseful!!
Mike(guest)
August10,2013at10:07p.m.UTC
Bobihaveananswertoyouandtoanyonewhocan'treplicatethistopologywithsuccessful
pingbetweensites.
%BGP4VPNV4NH_MASK:Nexthop[IP_address]maynotbereachablefromneigbor
[IP_address]not/32mask
ExplanationAVPNv4routeisbeingsenttotheIBGPneighbor.Theaddressofthenexthopis
aloopbackinterfacethatdoesnothavea/32maskdefined.OSPFisbeingusedonthis
loopbackinterface,andtheOSPFnetworktypeofthisinterfaceisLOOPBACK.OSPF
advertisesthisIPaddressasahostroute(withmask/32),regardlessofwhatmaskis
configured.ThisadvertisingconflictswithTDP,whichusesconfiguredmasks,sotheTDP
neighborsmaynotreceiveatagfortherouteindicatedinthiserrormessage.Thiscondition
couldbreakconnectivitybetweensitesthatbelongtothesameVPN.
RecommendedActionConfiguretheloopbackthatisbeingusedasthenexthoploopbackto
usea32bitnetworkmask(/32),orsetthenetworktypetopointtopointbyenteringtheip
ospfnetworkpointtopointcommand.
Theexplanationisquitesimple:OSPFannouncedtheloopbackIPaddressesashostroutes
(/32).LDPwasexpectingtofinda/24addressattheroutingtable.Sinceitcouldntfindit,it
didntadvertisealabelforthisFEC!!
kari(/users/kari/)
October31,2013at3:58p.m.UTC
howcaniusetheseconfigfilesingns3?
Mat(guest)(http://cisqueros.blogspot.com/)
Nicepost,thanks!LikeabriefinstructionsforISPs:)
muhammadkhan(guest)
December31,2013at2:06p.m.UTC
Can'tthankyouthatmuchthatyoudeserve.
Topone,Jeremy...
Rod(guest)
Thanks!!!
Ahmad(guest)
Thanks)
Kara(guest)
Tnxman,ithelpedmealot!!!!
Cheers!
DavidMitchell(guest)
ThanksforagreatwriteuponMPLSVPN.IreadyourVRFandMPLSguidesfirstandthey
tooareverywellwrittenandeasytounderstand.
Thanksagain,
Mitchell
CaesarLouis(guest)
thankyou
mpjassal(/users/mpjassal/)
whatifihavefourPErotersthenhowsmyconfigurationwillbeeffectedcomparetothis
one...?
Amit(guest)(http://www.cisco.com/c/en/us/td/docs/iosxml/ios/mp_l3_vpns/configuration/15
mt/mpl3vpns15mtbook/mpvpnsupporteigrpbetwpece.html#GUID9B532DAFCAC1
4C5D8382C21395512D18)
Hithere,needhelp.IhavecreatedtheMPLStopologywithEIGRP...it'sallworking.Your
articleisgreatandIdidallconfigstill""showbgpvpnv4unicastallsummary"andallworking
great.HoweverIdon'tknowbutOSPFisjustnotworkingandhenceIneedtoconnectCE
usingEIGRP..CanyoupleasewithconfigurationrequiredatCEandPEwithEIGRP...Ididvisit
cisolinksforEIGRPconfigsonPEandCEbutIamdoingsomethingwrong.....canyouplease
help!!
Dalip(guest)
September11,2014at10:34a.m.UTC
Howwecreatel3mplsvpnforcustomershavingmorethantwosites?Doweneedtocreate
separatepointtopointpathsbydefininganewvrfatPErouter?
Jawwad(guest)
September23,2014at8:53p.m.UTC
Greatexplaination!Makesodifficultthingsoeasiertounderstand
tarakgupta(/users/tarakgupta/)
GreatThankyou
freealx(guest)(http://blog.ine.com/2010/04/08/ashamlinkreallyyesanditsnotusedfor
phishing/)
Hi,veryniceorderedexplanationgreatwork!Oneproposition.Intheendofthearticleyou
arepointingontheinterareatypeoftheOSPFroutes.Probablythat'sthebestplacetomake
somereferencetotheOSPFshamlink...Greets!
deadman(guest)
excellent
praveen(guest)
January28,2015at10:24a.m.UTC
IsitpossibletouserealinterfaceinsteadofusingloopbackinterfaceinMPBGPconfiuration?
Ashish(guest)
Anicepost...
JaviL(guest)
Verynicepost,ididlearnalotwiththislabongns3.
Aguest
June10,2015at8:36a.m.UTC
iamhavingalittlechallengewithMPLSrouteredistribution.thoughihavealittlebitmorehard
settingsfromCBTnuggetsmplsfundamentalsettings.oneofmyCPiswellconvergebutthe
secondCPsiteASiteBdidnotatall.amabitconfusedidentifyingwhatididwrong.amlabbing
withGNS3c7200ISOused.
Ozzy(guest)
YoucanuseWebIOUinsteadofGNS3.Iimplementedthislabanditworksprettywell.
https://www.youtube.com/watch?v=UBfGIcZ6_p4(https://www.youtube.com/watch?
v=UBfGIcZ6_p4)
KOKO(guest)
Thankyousomuch.thispostveryhelpfultometounderstandtheMPLSclearly.
ThankyouJeremy
Moses(guest)
Thanksforthepost.Excellent.ButIhaveonequestion.HowcanyouuseonePEporttoserve
multiplecustomers.
SibiAlexJacob(guest)
September23,2015at5:21p.m.UTC
ThanksfortheInteresting&Informativepost.IhaveaQuestion.IntheaboveScenarioAll
PEroutersareRunningOSPFasIGPtoexchangePE'sReachabilityinformationwithinsame
AS.WhatifRoutersareacrossdifferentASandmangedbydifferentProviders?Howisthe
MPLSVPNDeploymentacrossCustomersitesconnectedbydifferentProviders?Doyouhave
informationaboutrealtimedeployments?
bluephoenix71(/users/bluephoenix71/)
October2,2015at10:20a.m.UTC
HiJeremy,
IhopeyoucancreateasectionforMPLSVPNusingBGPonPEandCEsitessinceinlarge
enterprises,thatishowthecustomersnowusuallywanttheirMPLSimplementationtohave
moregranularcontrolontheiradvertisements.
tivanni(/users/tivanni/)
Greatarticle!Thankyousomuch!
LeaveaComment
Guestname
Guestname
Guestemail
Guestemail
Optionalwillnotbedisplayedpubliclyorgivenout.
GuestURL
GuestURL
Nocommerciallinks.Onlypersonal(e.g.blog,Twitter,orLinkedIn)and/orontopiclinks,
please.
Comment
Comment
Challenge
The_____TCPflagisusedtoinitiateaconnection.
Challenge
Save Preview
Home(/) | Blog(/blog/) | CheatSheets(/library/cheatsheets/) | Captures(/captures/) |

Armory(/armory/) | Toolbox(/toolbox/) | Bookshelf(/bookshelf/) | ContactMe(/contact/) |
About(/about/)
Morecoolstuff
networkingforum.com(http://networkingforum.com/) | r/Networking(http://www.reddit.com/r/networking/) |
Internetworkpro(http://inetpro.org/wiki/) | firewall.cx(http://firewall.cx/) |
NetworkEngineering@StackExchange(http://networkengineering.stackexchange.com/)

Multi-Protocol Label Switching Based VPN

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Multi-Protocol Label Switching Based VPN

Hochgeladen von

Copyright:

Verfügbare Formate

2016/1/7 CreatinganMPLSVPNPacketLife.

Creating Welcome,Guest! | Login(/users/login/) | Register(/users/register/)

Minimal MPBGP configuration is pretty straightforward. Both PE routers exist in BGP AS

Here's a packet capture (/captures/traceroute_MPLS.cap) of the above traceroute if you're

(Thanks to Ivan Pepelnjak (http://twitter.com/#!/ioshints) of Cisco IOS Hints

Home(/) | Blog(/blog/) | CheatSheets(/library/cheatsheets/) | Captures(/captures/) |

Das könnte Ihnen auch gefallen