Configure Cisco MPLS L3 VPNs

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] [Applause] in this video we're going to configure MPLS layer 3 VPN s on the to PE routers pr2 and PE r7 and we're serving this customer called AK be incorporated they've got two sites one on the left over here and one on the far right first of all we're gonna jump into configuration mode and give this router which is r2 a beautiful name so once it has a beautiful name we next need to create a vrf now if you're gonna create a vrf just for ipv4 you could use the IP v RF commands but if you want to use version 6 and version 4 of IP you need to use the v RF definition command so let's we'll do for the flexibility then after we create this v RF definition called Acme will specify the route distinguisher that keeps that route and routes from this v RF separate in multi-protocol bgp from the other routes and once we've specified a route distinguisher will then go ahead and move into the address family configuration mode of this v RF for IP version 4 so basically when bgp takes routes out of the v RF and puts them into multi-protocol bgp it's going to attach whatever route targets are associated with this PRF on this router so we're gonna specify route target export values of 20 20 on r2 so that when our seven imports those he'll be importing 20 20 so over here we're gonna do route target export of 20 20 and then as far as when r2 takes routes from multi-protocol BGP and puts them into an import into the v RF we're only going to import routes that have the route target that we specify right here as part of our v RF definition on our - so we'll specify route target import of 30 30 here so let's we'll remember that so when we go to our 7 we'll have to do exports of 30 30 because we're importing 30 30 here now you can use the same number everywhere but I wanted you to be able to see how they interrelate alright next we're gonna go and globally enable MPLS so that if we want to enable interfaces for em it'll work so that commands real simple MPLS IP now the next thing we're gonna do is set up a loopback interface that we can use for peering so here on r2 we're gonna create a loopback zero specify a really easy to remember IP address we'll add it to an IG p OSP you have to make it reachable and we're gonna use the IP address of two two two two because it's our two really simple next we'll enter enable these interfaces we'll go to interface gig 1 slash 0 and give it a cool little description and an IP address appropriate for that subnet between r2 and r3 we're also going to enable MPLS on this is P facing interface right here because we want LSPs label switched paths to be formed instead of the service provider network so MPLS IP is all we need to do there going down to gig - - our 2/0 we're gonna go ahead and enable that with an IP address and MPLS IP and beforehand I took all these interfaces and I brought them up so I didn't have to do a no shutdown on a new router or interface hadn't been used you'd also want to do the nose shut as well now last but not least we're gonna go to this interface gig 3/0 and we're going to allocate this interface to the vrf so in interface configuration mode we're gonna say v RF forwarding for the v RF called Acme and then we're gonna give it an IP address now we're not done yet there's a couple other pieces we need to put in place we need to put in routing for the service provider so the service provider there IGP is gonna be OSPF we're normally gonna see OSPF r is is and so we'll use OSPF in this example and i want to include the loopback interface of our - so I'll do the network of - - - - to bring that in to SPF and I'm also going to include both of these interfaces here 1 0 and 2 0 they both begin with 10 so I can just do a 10 with a wildcard mask saying anything that starts - 10 is inside of OSPF next we'll configure this blue line which is the ibgp neighbor ship between our 2 and our 7 so we're going to use bgp 27 as our autonomous system number i'll they'll supply our seven is loopback as my peers address and I'm also going to say I want to source these bgp sessions from my loopback zero and that way we can have full reach ability and check this out if we lose a physical interface which tells some fault tolerance because we have multiple connections inside of the service provider network next we need to tell this router r2 that we want to support VPN v4 capability that is taking the routes putting them inside a VP and v4 routes inside a multiple call BGP and supporting not just IP between our two and our seven but also VPN version four that's a fancy way of saying VPN routes for version four as opposed to VPN routes for version six so we're gonna activate our neighbor for VPN v4 capability and we're also gonna make sure we're sending the community so once we've done that we're still in BGP we also need to make sure we're gonna correctly export routes from rip which we're gonna use with the customer into BGP so what we're gonna do is we're gonna say address family ipv4 for vrf Acme redistribute rip and that's an export my friends pulling routes out of the Acme vrf and into BGP specifically rip routes out of the v RF so last piece we need to go ahead and configure rip to operate between our two and the v RF and the customer so we go into rip configuration mode go further into address family for the v RF called Acme and we simply specify the details that we want to do in this case we're going to redistribute BGP that's pulling routes from BGP into rip and we're also going to include all the networks that we have at once into 216 now in reality we only have our to only has one interface that belongs to the ones that do 16 network and that's this guy right here so we could have said network 0 0 0 0 and that would include all interfaces that are part of assigned to the acme v RF so we're including that route and now we're sharing routes back and forth we have our 1 so that's it piece of cake right let's take a look at how we would verify some of the pieces so far Before we jump over to our seven in fact let's go to our one and take a look so an r1 what we should we expect is the customer site if we do a show IP route we shouldn't be too disappointed yet because we haven't really shared anything yet our sevens not configured yet so even if r8 was advertising routes over to our seven because our seven hasn't been configured with BGP and everything else r2 has basically nothing to share but we could do is back on r2 we could say let's do a show IP route for any routes in the vrf called Acme yeah I need to spell Acme right Acme not acne alright and we do have a directly connected route that's this interface 3/0 and we also have a rip learned route that's a loopback interface on our one the ones who do 16 1.1 and we could probably beam that it would do a ping BRF Acme and paint 170 2.16 dot what is the IP address let's go check the IP address real quick show IP interface brief it's this guy right here once into 216 1.1 so if we ping that from the correct vrf and that's that's that really good indicator that our vrf component is working we could also take a look at multi-protocol BGP this show bgp evpn v4 unicast all and that'll show us all the routes all the multi-protocol BPM v4 routes that we have and we have our this network right here and the 12 network so the 12 network is between r2 and r1 and this network is the loopback now routing commands things are changing so we could use this command here but we can also use an older command that does the same things show IP bgp VPN V for all and that would give us the same result so this command and the command with the word IP in it because I said IP enabled for version 4 between for BGP it both show us that same information so that's a lot of fun what have we accomplished really nothing yet because we have to configure our seven to the same game so let's make a road trip over to our seven and configure him with OSPF with BGP will enable MPLS on this side we're also going to use ew GRP to interact and share routes with the customer as well [Music] [Applause] alright so here we go on our seven these interfaces have been brought up so they're not in a shutdown state but everything else needs to be configured so let's begin on our seven will jump into router configuration mode or configuration mode to give it a hostname and enable MPLS IP and create the definition for Acme just like we did before a little bit faster this time because it's the second time around now here we're gonna set the route target export of 30 30 that's because our two is importing 30 30 so whatever we export the other side needs to import and vice versa as well we're gonna set our route target for imports of 20 20 why because our two is exporting with the tags or the extended communities of 2020 so you could use the same number on both sides but I wanted to mix it up a little bit so you can see the correlation well one side exports the other side needs to import then we'll specify our loopback interface for reach ability we'll make sure we put that in a routing protocol as well and we can then enable our interfaces so we'll go to gig 1 slash 0 which goes to our 5 right here give it an IP address and able MPLS on it will go to this interface gig to slash zero give it an IP address and able MPLS on it as well and then we'll go to interface gig 3/0 allocate it to the vrf that we created give it an IP address and again it does it's not shut down so it doesn't need to be brought up so that part's all good now what about the routing for our isp we need to enable OSPF so we'll set up OSPF and add the loopback interface and these 210 networks that's all good to go and then we also need to set up the routing between r7 and r8 so we're gonna go in the router EAG air p1 and then we're going to go into the v RF related configuration this is a little bit tricky for some people because they haven't seen it before but inside of the address family for ipv4 for that v RF that's where we set up the network statements that's where we set the redistribute command to pull the routes from BGP and also this next line right here this is so critical this number right here has to match the actual AAS number that the customer is using so even though I start off with eigrp 1 we need to specify the autonomous system inside of that address family for that v RF that the customer is using then the rest is similar to what we did on our - we're gonna specify our BGP or peering between r7 and r2 we're activating the neighbor for VPN v4 capabilities that's not news and then we're also going to make sure we export the routes from E I GRP so we're gonna specify an address family for ipv4 or the V ref called Acme that we want to pull any of the routes that are associated with eag rp8 and pull them into bgp sus and export from the V RF into multi-protocol BGP now we should in a few moments have some activity here r7 we should be having a BGP neighbor ship with r2 if the routing is held correct inside the core of the network so let's just do a quick couple verifications let's do they show IP BGP summary oh that's good I didn't notice that message popped up so we've got our BGP neighbor ship now this is actually showing us the ipv4 unicast neighbor ship information which were not too concerned with but let's do a show IP BGP VP and v4 BGP the OIC it could be VP and v6 or four I didn't put all the information in and we'll say all now what this command is doing and I could have typed in sho bgp evpn v for unicast all that also would have worked that's showing us all of the VPN v4 routes that are seven currently knows about and it knows about this guy is directly connected to it not a problem and it knows about this one and that is the 192 168 eight Network which is a loopback the next top is our H address and then we have two remote BGP VPN v4 routes that we've learned from our good buddy r2 over here so if everything is working correctly let me just verify the IP address over here on our 8 to the show IP interface brief and he's got yep there's a loopback right there let's let's go ahead and do a trace all the way from r1 through the MPLS Network all the way to r8 and see if that works for us I hope it does that'd be awesome so let's do a trace to 192 dot 168 8.8 I love it when a plan comes together so let's just trace this and identify what happened the first hop was from R 1 to R 2 the last octet by the way matches the router number on every single device so the next hop after that was our 3 so based on the IGP and the way MPLS decided to build the label switching path r2 is forwarding to our 3 and if we look at the next top it's going to our 6 that's interesting so it's going from r1 to r2 to r3 down this link r6 and then it's going to our 7 and then out to the final customer at r8 and there's the labels that are being imposed pushed and popped along the way wow that's pretty cool so let's see about fault tolerance if we are using this path that includes r6 let's go ahead and shut this interface here on our 6 down now that interface is gigabit interface 3/0 we could verify that as well well here basically this IP address the 36 subnet is between r3 and r6 so I know it's this interface right here we could verify that by going to our six and doing a show IP interface brief and sure enough there it is gig 3/0 so we could actually shut this down with a quick shutdown command so now this interface is shut down if we go back to the customer and we try that same trace again my hands will never leave my arms check this out now it went from started at r1 went to r2 and then it went to our three and then instead of going to our six because he's that interfaces down it went to our five so the convergence is very fast and fast the little limiting step the biggest time taker in converging a fault-tolerant network like this one with multiple paths is your IGP itself so let's go back to our six and he'll it will do a no shut on that interface and it'll bring up the interface and if their switches involved there might be some spanning-tree issues of convergence and so forth but after a few moments we should have our full connectivity back here again one of the other fun things we can do is we can actually change the labels that are being used so if we want to see some very different labels on our five for example in our six our three we could actually take off MPLS put it back on and it would keep continuing to increment the labels and make them higher and higher so let me demonstrate that real quick as well it's just for fun this would not be a good idea in any production network because if you remove the labels you're gonna lose your label switching path across the way so on our four well actually here's we could do let's go to our let's go to our three and you just do it across the board will do it no MPLS IP and it's not gonna like that MPLS IP and we'll do it a couple times so we'll say no and then we'll say yes especially how it can increase the number so if you're building a lab or practicing and let's do a trace again and you see the labels that were used previously inside of the service provider network if we do another trace going through well does that need labels are significantly different so here we impose label of 41 and that's because our three had increased his local label to 41 based on the changes that we injected and that looks like we are going through them from our 3 to our 5 and we didn't make any changes on our 5 so his labels be the same so that's a good way you can verify it so as a summary of how this operates is the customer advertises their routes via any routing protocol you darn well please it could be BGP it could be is is it could be OSPF it could be rip or EAG arp the advertising the routes over to the provider edge the provider edge receives those in an interface that was allocated to specifically AV RF for that customer when those routes are taken and put into bgp along with the export route targets assigned by that router they become VPN version 4 routes if we were using version 6 of IP they would be VPN v6 or outs it's very similar in that process as well r2 is going to advertise these VPN v4 routes or to its good buddy r7 with its own next hop our 7 is gonna take those routes from a multi protocol BGP and import them into the vrf on the local router once they're in the v RF they're advertised via eigrp over to router 8 who now knows about those remote networks this same process by the way half of the control plane happens in the other direction as well with our 8 advertising his routes getting those put into multiple called BGP advertised over to r2 and r2 advertising in through the v RF through the local routing protocol so it's rip over here yeah Giro Engr P over here and then we have a label switch path where these routers all in the middle are 3 r4 r5 and r6 have no clue about these customer routes all they know is how to reach the edges of the network and they're doing label switching between them so if we took a peek at let's say our five and we did a show IP route will show everything in the IP routing table you'll notice there's no 172 networks at all there's no one in 192 168 networks because primarily this guy is these guys are label switching between the IP address of - 2 - 2 which is our to loop back and 7 7 7 7 so if we go back here back to our 1 and we type in telnet over to one ninety two dot one sixty eight dot 8.8 which is a loopback interface over here of our eight the entire traffic is label switched across the service provider network they have no clue but we still have our full connectivity from site 1 or to site 2 so I've enjoyed walking you through the configuration of MPLS for those of you who want more information on it there was a presentation I gave at Cisco live in 2011 Cisco I believe has that available online so if you do a search I think you can find that and get access to that as well it's been great having you have a great rest of the day I'll catch you in the next video [Music] you

Info

Channel: Keith Barker

Views: 221,579

Rating: undefined out of 5

Keywords: 642-611, cisco mpls, Layer 3 VPN, CCIP, CCIE Cisco Systems

Id: pia2WceaevQ

Channel Id: undefined

Length: 21min 15sec (1275 seconds)

Published: Wed Oct 05 2011