Hey Folks,
My SP lab training and preparation is going very smooth and i am almost ready to pick the date for my lab, as recently passed my written exam so need more focus on lab and preparation.
I have picked the very nice technology of MPLS as my core study and willing to learn more on this and here i will share the MPLS Inter-As concept and lab for the Option A. So let’s Start:
MPLS Inter-AS is used when you have your customer Sites connected to another upstream ISP and they want to have the MPLS configuration/reachibility in between the sites. If you are a single ISP, you can do the simple configurations which i already shared many scenarios but what if your customer is connected to another ISP? in order to accomplish this scenario you have 3 ways to pass the MPLS traffic in Intranet through your ISP to another ISP and to the destination. The options are
1. Option A (Back-to-Back VRF)
2. Option B (VPNv4 eBGP between ASBRs)
3. Option C (VPNv4 between RRs or PEs using multihop eBGP)
Here in this Lab we will take about the Option A and So for other Option in other posts, Option A is also called Back to Back VRF’s where you will connect/treat your other end device which is another ISP as a CE (Customer Edge Device) and the same is applicable from other end of the ISP.
In this procedure, a PE router in one AS attaches directly to a PE router in another. The two PE routers will be attached by multiple sub-interfaces, at least one for each of the VPNs whose routes need to be passed from AS to AS. Each PE will treat the other as if it were a CE router. That is, the PEs associate each such sub-interface with a VRF, and use EBGP to distribute unlabeled IPv4 addresses to each other.
This is a procedure that “just works”, and that does not require MPLS at the border between ASes. However, it does not scale as well as the other procedures because it needs to be manually configured and for each VRF tables, as the number of the customer grows the configuration and management of these will get higher and will be very overload to the Administrator to monitor or to manage the tables. But for having below scenario, this solutions works perfectly fine. Let’s see the following scenario:
As you see in the above topology where we have TWO ISP running both BGP AS 100 and BGP AS 200 and in ISP 1 we are running OSPF as a IGP and in ISP 2 we are running ISIS as a IGP.
We have 1 P Routers in each ISP and 2 PE routers which are connected to the Customer and Other PE Devices, where you can see that PE-1 is serving the TWO Different Clients which are C-A and C-B (Customer A and Customer B) and Same on the Second ISP where PE-1 Serve the same client for different sites.
PE-2 in ISP 1 and PE-2 in ISP 2 are connected through the sub-interfaces which is require to have each sub-interface for each VRF Customers.
C-A is running RIP in all their sites while C-B is running EIGRP AS 10 on all the Sites, they require to have end to end reachibility where these sites are located in different path and different ISP. So let’s start by looking on the initial configuration of devices:
PE-1 (ISP-1)
!
Interface FastEthernet 0/1
description Link To C-A
ip address 10.1.12.1 255.255.255.252
no shutdown
!
Interface FastEthernet 0/2
description Link To C-B
ip address 10.1.13.1 255.255.255.252
no shutdown
!
interface FastEthernet 0/3
description Link To P-Device
ip address 10.1.14.1 255.255.255.252
no shutdown
!
interface loopoback 0
ip address 1.1.1.1 255.255.255.255
!
end
==============================
P (ISP-1)
!
Interface FastEthernet 0/0
description Link To PE-1
ip address 10.1.14.4 255.255.255.252
no shutdown
!
Interface FastEthernet 0/1
description Link To PE-2
ip address 10.1.24.4 255.255.255.252
no shutdown
!
Interface Loopback 0
ip address 4.4.4.4 255.255.255.255
!
end
==============================
PE-2 (ISP-1)
!
Interface FastEthernet 0/0
description Link To P Device
ip address 10.1.24.2 255.255.255.252
no shutdown
!
Interface FastEthernet 0/1
description Link To ISP-2 PE-2
no shutdown
!
Interface FastEthernet 0/1.10
encapsulation dot1q 10
ip address 10.1.21.1 255.255.255.252
no shutdown
!
Interface FastEthernet 0/1.20
encapsulation dot1q 20
ip address 20.1.21.1 255.255.255.252
no shutdown
!
Interface Loopback 0
ip address 11.11.11.11 255.255.255.255
!
end
==============================
PE-1 (ISP-2)
!
Interface FastEthernet 0/1
description Link To C-A
ip address 30.1.12.1 255.255.255.252
no shutdown
!
Interface FastEthernet 0/2
description Link To C-B
ip address 30.1.13.1 255.255.255.252
no shutdown
!
interface FastEthernet 0/3
description Link To P-Device
ip address 30.1.14.1 255.255.255.252
no shutdown
!
interface loopoback 0
ip address 2.2.2.2 255.255.255.255
!
end
==============================
P (ISP-2)
!
Interface FastEthernet 0/0
description Link To PE-1
ip address 30.1.14.4 255.255.255.252
no shutdown
!
Interface FastEthernet 0/1
description Link To PE-2
ip address 30.1.24.4 255.255.255.252
no shutdown
!
Interface Loopback 0
ip address 5.5.5.5 255.255.255.255
!
end
==============================
PE-2 (ISP-2)
!
Interface FastEthernet 0/0
description Link To P Device
ip address 30.1.24.2 255.255.255.252
no shutdown
!
Interface FastEthernet 0/1
description Link To ISP-2 PE-2
no shutdown
!
Interface FastEthernet 0/1.10
encapsulation dot1q 10
ip address 10.1.21.2 255.255.255.252
no shutdown
!
Interface FastEthernet 0/1.20
encapsulation dot1q 20
ip address 20.1.21.2 255.255.255.252
no shutdown
!
Interface Loopback 0
ip address 22.22.22.22 255.255.255.255
!
end
==============================
CE1 (C-A)
!
Interface FastEthernet 0/0
description Link To PE-1 (ISP-1)
ip address 10.1.12.2 255.255.255.252
no shutdown
!
Interface Loopback 0
ip address 7.7.7.7 255.255.255.255
!
end
==============================
CE1 (C-B)
!
Interface FastEthernet 0/0
description Link To PE-1 (ISP-1)
ip address 10.1.13.2 255.255.255.252
no shutdown
!
Interface Loopback 0
ip address 8.8.8.8 255.255.255.255
!
end
==============================
CE2 (C-A)
!
Interface FastEthernet 0/0
description Link To PE-1 (ISP-1)
ip address 30.1.12.2 255.255.255.252
no shutdown
!
Interface Loopback 0
ip address 9.9.9.9 255.255.255.255
!
end
==============================
CE2 (C-B)
!
Interface FastEthernet 0/0
description Link To PE-1 (ISP-1)
ip address 30.1.13.2 255.255.255.252
no shutdown
!
Interface Loopback 0
ip address 10.10.10.10 255.255.255.255
!
end
==============================
As you can see that after adding the above configuration we see that the basic reacbility for layer 3 and layer 2 is working perfectly and we are good to start the lab practice:
So let’s add two separate VRF in PE-1 of ISP 1 and PE-2 of ISP 2 for C-A and C-B and assign them to interfaces:
PE-1 (ISP-1)
!
vrf definition C-A
rd 100:1
!
address-family ipv4
route-target import 100:1
route-target export 100:1
!
Interface FastEthernet 0/0
vrf forwarding C-A
ip address 10.1.12.1 255.255.255.0
exit
!
vrf definition C-B
rd 200:2
!
address-family ipv4
route-target import 200:2
route-target export 200:2
!
Interface FastEthernet 0/1
vrf forwarding C-B
ip address 10.1.13.1 255.255.255.0
exit
!
end
====================
PE-1 (ISP-2)
!
vrf definition C-A
rd 100:1
!
address-family ipv4
route-target import 100:1
route-target export 100:1
!
Interface FastEthernet 0/0
vrf forwarding C-A
ip address 30.1.12.1 255.255.255.0
exit
!
vrf definition C-B
rd 200:2
!
address-family ipv4
route-target import 200:2
route-target export 200:2
!
Interface FastEthernet 0/1
vrf forwarding C-B
ip address 30.1.13.1 255.255.255.0
exit
!
==============================
You Can verify as below:
ping vrf C-A X.X.X.X
So now let’s enable the IGP between the clients which are RIP and EIGRP:
PE-1 (ISP-1)
!
router rip
address-family ipv4 vrf C-A
version 2
no auto-summary
network 10.1.12.0
exit
!
!
!
router eigrp 10
address-family ipv4 vrf C-B
no auto-summary
autonomous-system 10
network 10.1.13.1 0.0.0.0
exit
!
end
==============================
PE-1 (ISP-2)
!
router rip
address-family ipv4 vrf C-A
version 2
no auto-summary
network 30.1.12.0
exit
!
!
!
router eigrp 10
address-family ipv4 vrf C-B
no auto-summary
autonomous-system 10
network 30.1.13.1 0.0.0.0
exit
!
end
==============================
Now let’s see the Configuration of IGP on the Customer Side which are CE routers and running RIP and EIGRP, but we need to advertise the loopback of each CE into the IGP:
CE1 & CE2 (C-A)
!
router rip
version 2
no auto-summary
network 0.0.0.0
!
end
==============================
CE1 & CE2 (C-B)
!
router eigrp 10
no auto-summary
network 0.0.0.0 0.0.0.0
end
!
==============================
You will now have full reachibility to your CE devices loopback from the PE devices now let’s start the IGP+LDP configuration on the ISP 1 and ISP 2:
PE1 (ISP-1)
!
router ospf 1
passive loopback 0
!
Interface loopback 0
ip ospf 1 area 0
mpls ip
!
Interface FastEthernet 0/3
ip ospf 1 area 0/1
mpls ip
!
mpls label protocol ldp
mpls ldp router-id loopback 0
!
end
==============================
PE2 (ISP-1)
!
router ospf 1
passive loopback 0
!
Interface loopback 0
ip ospf 1 area 0
mpls ip
!
Interface FastEthernet 0/0
ip ospf 1 area 0
mpls ip
!
mpls label protocol ldp
mpls ldp router-id loopback 0
!
end
==============================
P(ISP-1)
!
router ospf 1
passive loopback 0
!
Interface loopback 0
ip ospf 1 area 0
mpls ip
!
Interface FastEthernet 0/0
ip ospf 1 area 0
mpls ip
!
Interface FastEthernet 0/1
ip ospf 1 area 0
mpls ip
!
mpls label protocol ldp
mpls ldp router-id loopback 0
!
end
==============================
PE1 (ISP-2)
!
router isis 10
net 49.0001.0000.0000.0001.0000
is-type level-2-only
passive-interface loopback 0
!
Interface FastEthernet 0/3
ip router isis 10
mpls ip
!
mpls label protocol ldp
mpls ldp router-id loopback 0
!
end
==============================
PE2 (ISP-2)
!
router isis 10
net 49.0001.0000.0000.0002.0000
is-type level-2-only
passive-interface loopback 0
!
Interface FastEthernet 0/0
ip router isis 10
mpls ip
!
mpls label protocol ldp
mpls ldp router-id loopback 0
!
end
==============================
P (ISP-2)
!
router isis 10
net 49.0001.0000.0000.0003.0000
is-type level-2-only
passive-interface loopback 0
!
Interface FastEthernet 0/0
ip router isis 10
mpls ip
!
Interface FastEthernet 0/1
ip router isis 10
mpls ip
!
mpls label protocol ldp
mpls ldp router-id loopback 0
!
end
==============================
Now you have internal IGP configured and now let’s start configuration of the VRF on the PE-2 devices which are connected toward ISP-2:
PE-2 (ISP-1)
!
vrf definition C-A
rd 100:1
address-family ipv4
route-target import 100:1
route-target export 100:1
!
Interface FastEthernet 0/1.10
vrf forwarding C-A
ip add 10.1.21.1 255.255.255.252
!
vrf definition C-B
rd 200:2
address-family ipv4
route-target import 200:2
route-target export 200:2
!
Interface FastEthernet 0/1.20
vrf forwarding C-B
ip add 20.1.21.1 255.255.255.252
!
end
==============================
PE-2 (ISP-2)
!
vrf definition C-A
rd 100:1
address-family ipv4
route-target import 100:1
route-target export 100:1
!
Interface FastEthernet 0/1.10
vrf forwarding C-A
ip add 10.1.21.2 255.255.255.252
!
vrf definition C-B
rd 200:2
address-family ipv4
route-target import 200:2
route-target export 200:2
!
Interface FastEthernet 0/1.20
vrf forwarding C-A
ip add 20.1.21.2 255.255.255.252
!
end
==============================
Now you have the connectivity in between the two ISP while they both treat each other as a end customer, now let’s start configuring iBGP in between the PE devices in ISP 1 and ISP 2:
PE1 (ISP-1)
!
router bgp 100
nei 11.11.11.11 remote 100
nei 11.11.11.11 update-source loopback 0
address-family vpnv4 unicast
nei 11.11.11.11 activate
nei 11.11.11.11 send-community both
exit
!
end
==============================
PE2 (ISP-1)
!
router bgp 100
nei 1.1.1.1 remote 100
nei 1.1.1.1 update-source loopback 0
address-family vpnv4 unicast
nei 1.1.1.1 activate
nei 1.1.1.1 send-community both
exit
!
end
==============================
PE2 (ISP-2)
!
router bgp 200
nei 22.22.22.22 remote 200
nei 22.22.22.22 update-source loopback 0
address-family vpnv4 unicast
nei 22.22.22.22 activate
nei 22.22.22.22 send-community both
exit
!
end
==============================
PE1 (ISP-2)
!
router bgp 200
nei 2.2.2.2 remote 200
nei 2.2.2.2 update-source loopback 0
address-family vpnv4 unicast
nei 2.2.2.2 activate
nei 2.2.2.2 send-community both
exit
!
end
==============================
Now let’s start the mutual redistribution in between the IGP and iBGP where you need to redistribute rip and eigrp into BGP and vice versa as below:
PE1 & PE2 (ISP-1 & ISP-2)
!
router rip
address-family ipv4 vrf C-A
redistribute bgp 100 metric 1
!
!
router eigrp 10
address-family ipv4 vrf C-B
redistribute bgp 100 metric 1 1 1 1 1
!
!
router bgp 100
address-family ipv4 vrf C-A
redistribute rip metric 1
!
address-family ipv4 vrf C-B
redistribute eigrp 10 metric 1
exit
!
end
==============================
Volla, That’s it…
Now you can see the Routes of the CE1 C-A on the CE2 C-A and same for the C-B, you can trace and see that multiple path are selected when the traffic leave the PE-2 of ISP1.
NOTE: if you want different path for different VRF you can have sub-interfaces in between the PE and P devices.
Cheers,
Follow