Configuring Basic MPLS/L3VPN

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey guys how's everybody today in this video we're going to start taking a look at MPLS layer 3 VPN actually let me just say layer 3 VPN and let me just explain a few things layer 3 VPN is actually a combination of a few different things it's combination of MPLS so typically this is going to be LDP in fact that's we're going to talk about in this video it's a combination of multi-protocol bgp specifically you know your the address family that you're actually going to run whether it be ipv4 or ipv6 but this is going to include your v RF AF i as well as your VPN AF i and a lot of people get these confused a lot of people forget that no matter what they run between their CD and their PE they need both and I'll show you I'll show you what I mean as we as we actually configure this and then we're going to need AV RF now the virtual routing and forwarding instance is essentially going to be configured on the service provider facing the customer because as these routes come in we're going to want them to go into their own vrf now the last thing and then we put this in a different color the last thing is typically an IGP of some kind now I've seen people run layer 3 VPN using static routing so you just have a static route that that points you know everything everything this way I've seen you know all I've seen I've seen many different ways that people have configured this I've seen is is I've seen rip again static routing so you have a static route that points everything out this way I've seen static routes at that point you know things back in this way you know meaning static vrf routes so on the service writer will say look you know for subnet 192 168 blah blah blah go to this next hop for subnet 10.1 go to this X op so I've seen static routes I've seen all sorts of stuff but generally speaking the best way is to use some type of dynamic protocol between the C and the PE to make everything happy and hunky-dory now before I go into the config I want to mention that I want to try to keep this video as short as possible to essentially teach you guys how to actually set this up and how to configure it there's going to be a lot of stuff that I leave out in this video I'm going to be leaving out the label exchange between LDP so in other words the full label exchange that goes on between these guys I'm going to be leaving that out or I'll probably mention it but I won't go into great depth I'm not going to go into great depth into things like the route distinguisher and the route targets how they're how these guys are extended communities I'm not going to go into a whole bunch of the theory end of this what I will try to explain essentially how it works but my main goal of this video is to teach you guys essentially how do you get your routes your subnets from this customer over to this customer that's the primary focus of this video so if we leave out the theory don't worry I will have a separate you know layer 3 layer 3 VPN video series that goes through all the nitty gritty all the little details ok this is just for YouTube if you will so this router here and this router here are going to be what we would call our customer edge devices now normally some people make it confusedly well you know aren't they your customers you could consider them customers if these guys with a customer edge we're going to assume that off of here we have a subnet or we have some layer 3 devices that are running off of here you could also be doing sub interfaces off of your edge router and then it would be kind of a C it would be a customer slash customer edge combo so that's kind of what we're going to do here between our 6 and our 7 then we're going to be running a PE device on router 4 and router 5 so these guys here are going to be our PE s and then router 1 2 & 3 are going to be our providers so this here essentially is going to be going back into our provider network now for an IE GP in order for LD P and MPLS to essentially work we have to have full reach ability throughout our provider network so for the IGP we're going to be using OSPF i could use is is and many people do use is - is in their service provider network or in their core completely fine is is is a great protocol the reason why I'm using OSPF is because not that many people are familiar with is is and I don't want it to be confusing I want you guys to understand essentially as much as you can so I'm going to use OSPF I would not use AI GRP in my provider network you can use it there is no problem with using it depending on where you go and what you do with layer 3 VPN there could be issues but for for this video you won't have issues using any protocol you want you could use the edge erp you could you could use rip for all I care the idea here is that you need to have reach ability between the loopback addresses of these devices because we're going to use that as the LDP router ID now the LDP router ID has to be reachable because that these are going to be IPS that LDP actually uses to form an LD p adjacency so that's why they need to be reachable okay so everything's going to be in OSPF area 0 and we're going to run point-to-point interfaces between these guys so here's the here's the the objective here so here's what's going to happen the routes that come in from router 6 are going to hit the PE router and router for these guys are going to be dropped into AV RF and by the way we're going to run AI GRP on our network on both sides ok so both of these guys are going to get dropped into a v RF so yeah ARP here will be in it's in its raw state and then EIGRP here will be in this VR F okay once we're inside of this v RF you have to think it through think of think of how this is going to operate you've dropped these routes into a V RF well in order to get them from one PE to the other across the service provider network you have to be able to essentially keep them if you will inside of that V RF and I'm trying to again not give away a lot of the details and go too deep into it and make this video an hour and 40 minutes so we need a BGP instance of the same v RF so these routes are going to come in India ARP v RF and then they're going to be dropped into a BGP v RF they're going to go from here into here so yes you are going to do redistribution here okay between AI GRP and bgp on the PE router okay on both sides now these prefixes are now unique because we've assigned these route distinguishers and remember their route distinguishers that are going to get pended to your prefix so you have 10 bla bla bla bla bla right so now this round distinguisher is prepended to that prefix now what you're going to do is you need to get these routes that are now sitting here on router 5 all the way across the network which could be thousand devices over to router 4 well how do we do that well we're going to use multi protocol BGP first of all we're already using it for the VR app but we're going to use a VPN address family salsa AFI address family in order to take these routes and essentially pass them to the other PE so they're going to go from the EIGRP vrf into the vrf for bgp into the VPN address family and then they will get essentially advertised between these two guys and that's what the route targets are for the VPN adjacency between router 4 and router 5 carry these route target values so that router for and router 5 know what routes they need to take they know what routes are for them and what routes essentially they don't have a vrf for and so they can ignore they don't care about that's what the VPN address family is for and a lot of people forget this tri hop right so they forget we go into the the IGP vrf we go into the BGP vrf and then what BGP does on its own is its abled through this VPN address family to essentially allow these route targets to be advertised between these guys so that router form router 5 know what routes they want to choose now there is more to it than that so those of you folks that know maybe a little bit more in depth to theory you know don't bark don't say well but there's this NSE I know there's a lot more to it than this but again in this video I'm just trying to explain how to configure it so that essentially you can do it with a little bit more ease as you get deeper into the theory ok so let me just quickly redraw this and let's get it done so we're going to do AI GRP here okay then we're going to go into will say BGP here and then we're going to have that VPN address family so let's say VPN VPN AFI here and then we're going to go back the other way so we'll say BGP back over to here Vig RP back over to here so that's essentially how this works now on the service provider core remember we're going to run all this PF everything's going to be an area zero will run point to points between and we're going to run LDP as our label distribution protocol right you could use TDP also but I wouldn't recommend it now you may see some cleanup stuff that I've done over here just kind of ignore that not really a big deal this was some stuff that I had previously configured on my network so let me walk you through my configuration the first thing I do is I say no MPLS IP that's just in case somebody's left it globally enabled because there's two places we have to enable LBP we enable it on the air face so we have to enable LDPE both here as well as globally you have to enable it twice okay so be careful many people get confused here I'm going to say MPLS LDP router ID and I'm going to manually assign this to loopback zero so let me show IP interface brief assigned and every bit every device is going to have a loopback zero which is essentially the same as the router number and it's a slash 32 so router 3 would have 3.3 to 3 so I manually assign my router ID to that loopback remember that it has to be reachable via TCP and that's port 646 okay it's UDP and TCP but just remember 646 you'll be ok now let's see we'll do MPLS label range now by default let me the question mark here by default your device is when you enable LDP are going to start assigning labels from 16 to 1 million but I don't like that because it makes it very difficult to troubleshoot I mean imagine if router 3 has labeled 47 and you know you go to router 1 and you look at the same prefix and it says label 47 your mind gets all sorts of fun confused once you understand it it's not so bad but when you're first learning it it's it's like it's your mind explodes so I generally pick a label range especially when I'm labbing I pick a label range that matches something to do with the router ID so over in this case I'll say 1002 1999 ok so what's going to happen is that for me on router 1 when I start assigning labels I'm only going to assign labels from this range of course when you use this command you have to make sure that you're assigning enough labels for the amount of prefixes you're actually going to have if I have 2000 prefixes if I have you know 3000 prefixes this is not going to do me any good I have to create the label range for what I expect ok but if your labbing just a simple lab like this you know 999 labels it should be more than enough now we'll globally enable in say MPLS IP now let me show you the reason I'm using OSPF or is is in in this configuration so we'll say router ID 1.1.1 again I manually assign this LDP has basically the same router ID mechanism that OSPF has when choosing the router ID so the highest loopback address followed by the highest interface IP address I think is what it is but again I manually assign these because I like to do that like the control so we'll say do show IP interface brief e assigned and we're going to do this on easier of 0 and 1 so I'm going to say interface range 0 0 to 1 and I'm going to say IP ospf network point-to-point that way we don't have to deal with the the assignment of the D are in the BD r will say area 0 and I'll go ahead and enable it on this interface as well copy and paste this they redistribute connected subnets and this is the golden command MPLS LDP Auto config and you have to type it right now this point let me say show MPLS LDP discovery and you can see that at this point we're now transmitting LDP packets on those two interfaces because MPLS Auto config here under OSPF automagically enables LDP for us on any interface that's been added into our OSPF process so it makes our life very very easy so let's go on router 2 will do the same thing so we'll say no MPLS IP MPLS LDP router ID l0 MPLS label range and I'm going to say 2002 $29.99 MPLS IP to enable it globally interface range 0 0 to 1 IP ospf Network point-to-point will actually shut down the interface that goes on to that switch to not cause issues for ourself router OSPF one router ID 2.2 that too and do show IP interface brief and signed network ready this guy and we're going to do this guy oops redistribute connected subnets and MPLS LDP auto-config let's check router 3 so we'll say interface e0 to shut that guy down or your face range e 0 0 to 1 IP ospf network point-to-point i have a typo stool over here and let's do our MPLS config so no MPLS IP again just a habit you don't have to turn it off it just have it if it has been left on it somebody turned it on I think in some versions of code it was on by default at one point I don't know if it still is so it's kind of like no Auto summary EIGRP named mode many people have become have just built that habit to say no Auto even though it's disabled by default let me actually see these notifications over here we can see that router 1 now as a full OSPF adjacency but it also has an LDP adjacency so let's pause let's check that out show MPLS LDP discovery one more time you can see that on easier one which goes down to router 3 we're still transmitting but you can see that now we're also receiving right so now we're transmitting and we're receiving on this interface via LDP and we have a neighbor to a 2.2 let's say show MPLS LDP neighbor and you can see that we have a full neighbor ship and again there's our 646 ports so we can see that router 2 was essentially talking at the higher random so 41 647 and the destination port was 646 so let that be a lesson if you guys are creating a CLS your troubleshooting certain things you have to have that port open but the thing is is that look at the source and destination IP addresses it's the router ID that we actually used in in our configuration so router 1 and router 2 are actually talking to each other to the router ID and from the router ID so if the our ID if the rid is not reachable that you're using for LDP LDP is going to fail ok so let's go to 2 we should see the same thing we should see show MPLS LDP discovery we're transmitting and receiving let's backspace this guy out we'll say neighbor and we see the same we see the same same bits of information ok again I'm not going to dig through this because this is more of a get it configure and get you guys going get you guys out of the mud not more of a let's dig through all the nitty-gritty details ok so let's say MPLS LDP router ID will say l0 MPLS LDP label range oops label spell JP label range and I'm going to say 3000 to 39.99 am is to zero there okay MPLS IP let's say router OSPF router one and we'll say router ID 33.3 and do show IP interface brief e assign let's enable it on the networks here between router five and will enable it also between router one redistribute connected subnets and MPLS LDP bottom now I should also see let's say show MPLS LDP bindings spell write only P bindings and what you're seeing here is what I would call the full label exchange now I said I wasn't going to get too much into it but as I'm thinking about it you know I'm gonna kind of have to explain a little bit what's going on here OTP is going to have a full label exchange between the peers between the neighbors so essentially what's going to happen is that router 1 is going to have a rib and he's going to have all these prefixes listed in his rib what he's going to do is he's going to define a label for each one of these ok even if these prefixes have been advertised so what's happening here let's let's take this prefix for example router 2 says hey here's my loop back to a to a 2.2 well router one knows about that prefix because he's learning about it through OSPF right and so what happens is on router one is router one is going to assign a label for everything that's in his local routing table including routes that he's learned so this is the locally generated label that router one has said yes great thanks I'm going to generate a label for that well router two is also going to generate a label for every label in its routing table which of course includes 2.2 none to his own label but then we have a full label exchange so router 1 it tells router 2 hey here's all of my labels router 2 tells router 1 hey here's all of my labels and so you see here that router 2 generated the implicit null label for his own prefix which make sense because he's the essentially second-to-last hop to that loopback address right but now you see something strange too is that you also see another remote label and this guy came from router three well why is that well because think about OSPF router one knows about 2.2 2v OSPF and router one advertises that prefix 2 router 3 well router 3 did the same thing as router 1 did he generated a label for everything that he knew about in his routing table that included two dot 2.2 and so the label that router 3 generated was three thousand and one but you may say to yourself this does not make any sense whatsoever because why in the world would router 1 and I clear the screen to make it make it easier to read why in the world would router 1 send traffic to a label of three thousand and one to get to router two we already disabled these links right now it doesn't make any sense at all and that's where we look at the Ceph table and you look at the rib you look at the bindings oops we'll say bindings you look at the Ceph table and you look at the rib and you come out with something called the forwarding table now the mpls forwarding table is what makes sense of all of this nonsense so when we look at the forwarding table so if I say show MPLS forwarding table you're going to see a simplified version of essentially that information so you're going to see what actually makes sense so here if we look here I'm not going to get into too deep what what PHP is the penultimate hop popping it's essentially when we pop off the label the outer label when we're forwarding traffic so here you can see that that router two gave us a label of implicit null he's telling us hey pop the label when you send me this traffic so that I can perform a regular IP lookup right so again why would I send traffic to myself why would I send traffic to router three that doesn't make sense well the forwarding table goes and digests all of our physical information you know things in our set table it looks at our routing table and it says okay look I am going to pop this label whenever I receive traffic for 1004 I am going to pop this label I am going to send it for this prefix I am going to send it this out this interface towards this next hop so the next hop would be 10 dot 1.2 - which is router to the outgoing interface would be e 0 0 for this prefix and what's the function that I'm going to perform I'm going to pop the label so that's exactly what this the binding table is just essentially looking at all of the labels that have been designed for the prefixes in our routing table the forwarding table is actually telling us what we should do ok so let's go to router 3 let's finish our configuration I think we should be done and this will become more clear as we trace routes if what I said here wasn't clear we'll take a look at it in just another another minute or so ok as soon as we as soon as we're done with our config so let's say show MPLS LDP discovery good so now we have we have to configure router 5 so let's jump and we'll do that on router 5 so config T know MPLS IP MPLS LDP router ID l0 MPLS label rain I'm going to say 5,000 to $59.99 MPLS IP interface easier to will shut this down and I'm going to say interface a 0/0 IP ospf Network point-to-point now here's the thing on router 5 the PE routers let me jot this back down again so that you guys essentially don't forget these guys are going to be the PT routers these guys are all P routers and these guys here are going to be the CEO or CE CE combo ok so we don't want to is PF running between five and seven because remember this guy here this link here is going to be our customer link this is facing the customer we don't want our of global ISP process running on that interface so this takes it out we'll say router OSPF one router ID v dot v dot v network to show IP interface brief key sign network 10355 a zero zero zero three eight zero redistribute connected subnets MPLS LDP auto let's do the same thing on four and then pls LDP router ID like a type-0 MPLS label range and we're going to say 4,000 to 499 4999 MPLS IP let's shut this link down let's put this link in a point-to-point rather OSPF one router ID 4.4.4 and do show IP interface brief assigned network by the way in case you're wondering about and I just type this in it's a habit because this way I don't make any typos in theory redistribute connected subnets and MPLS LDP Auto config mm-hm okay let's go - lets see - show IP ospf neighbor I didn't see a neighbor come up there so so what's going on let's say do you show run interface easier one that I accidentally shut it down no let's check to nan-oh did I okay so let's go back and take a look at that in a minute so we have an LD P neighbor ship that's up between router five and router three so let's say show IP ospf neighbor that's up showing P round OSPF that's up let's say show MPLS LDPE discovery and that's up let's say show MPLS LDP bindings so we can see all of our bindings here and we should have a pretty good forwarding table so show MPLS forwarding table and we can see now that we have a good forwarding table between these guys so let's go back over two three four and two and see what's going on here so let's say show run section router OSPF let me just check my config you that's good research eczema that's good that's good show run interface easier one so get that point point all right let me just pause the video quickly here and we'll we'll get this guy fixed okay guys we're all back I had the incorrect Network statement there it's funny because I was saying I avoid typos and I had the network state but right just on the wrong interface no big deal just took me a minute it was staring at me in the face so here we have in here let's say do show IP interface sorry do show IP ospf neighbor and we can see that router 2 is a full of Jason see here between router for and router 2 so router 1 let's take a look here we have a good sized forwarding table now so let's take a look at this here for a second let's say show IP route OSPF router for wants to send traffic to let's say the loopback address of router 5 so let's pick 5.5 to 5 what's he gonna do with it let's say show MPLS forwarding table and let's take a look and see if we can find 5.5 to 5 well what's he going to do with it well when he sends it out he has a local label of 40 15 he's going to send it out local label 2010 I'm sorry remote label 2010 or this prefix right and he's going to send it out his easy Row 1 interface with a next top of 10.22 4.2 does that make sense router 4 is gonna send it out easy Row 1 with a label of 2010 ok remember we had a full label exchange so he's going to send it out with 2010 and he's going to send it to router 2 lechuck router 2 let's duel router 2 is going to do with it now at this point let's stop looking at the prefix let's start looking at the labels ok so from here on in forget the prefix five two five two five let's look for the label 2010 so let's say show MPLS forwarding table and let's look for 2010 there's 2010 don't look at the prefix and then we'll get anything 2010 what are we going to do with it well we're going to send it out with a label of 1010 and when we do that there's the prefix look and when we do that we're going to send it out of our Ethernet 0 0 interface toward the next top of 10 1 2 1 now remember what I want to do is stop looking at all this information here and I want to look for the label 1010 so we're we're going to go we're going to go with a label of 1010 so we're going to swap the label now I didn't go into the popping and the swapping in the etc because again this it was more of the how-to configuration just want to give you guys a little bit of information so you understand so we're going to swap this and we're going to put a label of 1010 in it and we're going to send it out our easier as your interface so let's check now router1 remember that I pick the label range so you can tell that all these were assigned from router to all these were assigned from router 1 makes sense so I'm going to go to router 1 and let's look for 10 10 we actually already have it up so here's 10 10 what are we going to do with it we're going to send it out with a label of 30 10 we're going to send it out our easier one interface to the next top of 10 1 3 3 and what's the prefix there it is so let's go to router 3 and look at 310 show MPLS forwarding table let's look for 310 there it is what are we going to do we're going to pop it we're going to pop the label one hop early right because router 5 is the last the second to last hop before the loopback address right so here we have router 5 our router 3 router is going to pop the label we're going to send it out or this prefix out our Ethernet 0 0 to 10 3 5 5 okay so that's how we label switch essentially we're no longer looking at just the routing table we're looking at all this information together and we're actually going to follow these labels so that's how this would work now now that we have that taken care of what we want to do is get eigrp configured here because I think we're already like a half hour into this thing so let's say router yeah ARP sift what they sift is that what did you send router yeah ARP and I'm going to say l3 VPN address family IP v4 autonomous system 1 and we'll say Network what are we on 6 I'm going to say 10 dot 4 dot 6.6 all zeroes apology base redistribute connected okay so there's our configuration for eigrp let's actually grab this and we'll go pop it on seven okay and we'll say Network ten dot what is that 5.7 dot seven and all zeroes whoops okay so now is where all the magic happens we already have perfectly functioning label switched paths between our two PE routers router form router five we have the edge RP running between router 6 and router 7 so essentially at this point all of the magic is going to happen between router 4 and router 5 because here's where we need router 4 and router 5 to receive the customer routes inside of a PRF take those routes put them into multi-protocol BGP and then somehow get them from router for to router 5 so let's set that up will say config T I'm going to say IP v RF and I'm going to go ahead and create a name now I'm going to use two different methods for creating the v RF because you know I don't know what you guys are used to I'm assuming you guys want to learn all the methods so I'm going to show you the old way as well as the new way and there's also a command to convert from the old way to the new way but that's another video another day I'm going to say IP v RF we'll call this guy l3 VPN and I need to give this guy Rob distinguisher remember that this is the value that essentially gives us a distinguished route right I mean that route distinguisher makes sense now what I'm going to do is I'm going to use a combination so you see here where it says IP address followed by a number and then we have a SN followed by a number I normally use a Frankenstein where I do IP address followed by the ASN okay so I'm going to do let's see router 4 is 10 dot 4 dot 6 0 : and our autonomous system at this point is 1 if it was 65,000 or 212 I would write 212 here so that I would know the ASN followed by the IP address or subnet now I'm also going to say the route target now the route targets do not have to match between the PE routers what has to match is whatever is being exported over here so export needs to be import over here ok let me do a different color whatever is export over here needs to be import over here ok so that's how it needs to work these values do not have to match although you can make them match they just have to match opposite if that makes sense so here if I hit the question mark you can see that my format is essentially the same but they don't have to match so what I'm going to do is I'm actually going to set my export value to match the the route distinguisher that I'm using so I'm going to say I want you to export that subnet followed by the ASN right but for the import I'm going to use this subnet so I'm going to say route target import and I'm going to say ten dot v dot 7.0 colon one so do show run whoops do show run section vrf alright so I'm going to import anything that comes from router seven and I want to export router six make sense so now what I'm going to do is I need to assign this to the interface the vrf has to be on the interface that essentially I'm going to face the customer with which is our zero zero number say interface e 0 0 do show run interface a zero zero and the reason why I brought that up is because when we apply the VR app it's going to peel this off now there's two different ways to apply it depending on how you created it IP vrf forwarding is the old way if you were using the new way which I'll show you later it would be vrf forwarding so if a the question mark here lets me know hey pop this via RF on once I do that it says hey interface blah blah blah blah blah removed due to enabling the VR app this physical interface is no longer going to be in our global routing table this physical interface is now going to be in this VR app and so it peeled off the IP information so that it's now in that v RF let's say shell v RF and let's say show IP v RF same command very subtle difference the IP v RF is the older way that we would verify this and it doesn't show us the protocol it just shows us the route distinguisher the interface and in the name of the v RF the new way which is using a v RF definition allows us for multiple protocols meaning ipv4 and ipv6 and so that's why this has the additional protocol field that lets us know what kind of protocol we're actually running so it's essentially giving you the same information I would recommend however that you use show v RF just to get yourself into that habit so we have the right interface in that instance now it's time for EIG R P so we're going to say di grp and what we're going to do is we're going to give this a name now let's just play around here let's give this a name of ISP I'm gonna say address family what do I need to do I'll say ipv4 now take a look at this for a second I have autonomous system but then I have this vrf option so I'm going to say V RF and it wants a word what's the word l3 VPN that's our v RF not LS l3 VPN and let's hit the question mark what's it want now now wants an autonomous system this autonomous system is going to be the ASN the autonomous system of the purr of the customer that we're connecting to okay it's not our own autonomous system right notice that our names are different we are the internet service provider but the name that we are using under the V RF is layer 3 VPN and we're going to connect to this autonomous system number ok now what I'm going to do is I'm going to do the same exact thing that I did on router 6 I'm going to say network 10 dot 4 dot 6.4 0 0 0 exit take a look at this dual exchange VI GRP neighbor 10.4 at 6.6 a new adjacency let's say show IP route v RF l3 VPN and take a look there are the three routes that are coming in from router 6 with from our ERP adjacency show run section router AIG RP here's our ERP configuration our global instance doesn't need all of that fun stuff autonomous system blah blah blah we need that instance we need that configuration under the v RF now we're not going to redistribute anything here just yet let's go over to router 5 we're going to configure the same thing so we'll say config T router yeah ARP will say ISP address family ipv4 v RF layer 3 VPN autonomous system 1 I didn't create the v RF woops my bad so we'll say v RF definition I said I was going to show you the new way so the new way is with v RF definition up by the way if you say V RF and you hit the question mark you have this upgrade CLI option this is what you would use essentially to upgrade your configuration if you wanted to just be careful of doing that you may lose some P addresses you know I would definitely take a backup of the interfaces that you have just to make sure that it doesn't sometimes peel off the IP address I've seen it happen once or twice just be careful if you use the upgrade CLI but we'll say vrf definition and here's where we're going to give it a name so we'll say l3 VPN now here's the thing the route distinguisher value is still going to be the same so I'm going to say route distinguisher and I'm going to say is 10.5 dot 7.0 colon 1 but now I have a few different options here you'll notice the addition of this address family so I'm going to go in and I'm going to say address family ipv4 or I can go in and I can say route target if I say route target here this would apply globally because under address family I have two choices I have address family for ipv4 and ipv6 I can have different route targets for both in other words I can have a different route target for either one or I can have a global route target for both if I decide to have a global route target I have to go in and at least enable the ipv4 a Fi and I would do that just by entering the address family let me show you what I mean real quick so we'll say route target and I'm going to say export I want to do the same as my route distinguisher will say route target import and I want to do the same where are you rather for show run section vrf and i want to do the same import value I want to do this one five okay all right so right now this has not actually been activated yet because what I need to do is I need to go into the ipv4 address family and just simply activate it okay I'm not going to go through all the troubleshooting to save time but had I not done this this this vrf actually wouldn't be activated okay it wouldn't actually work so here is now a fully functional vrf under the new syntax the upgraded CLI so we need to do this on easier one do show run interface easier one and we'll say vrf forwarding and I'm going to say l3 VPN now peeled off the IP address that's fine nobody cares do shall run interface easier one and we're good let's say do show vrf lets us know hey ipv4 easy row one here's your ragged sting sure everything is hunky-dory router EIGRP ISP this actually how hard this get before it aired out okay that's as far as you go address family ipv4 v RF l3 VPN and we're going to say autonomous system one and we'll say network 10.5 dot 7.5 and learn how to subnet do show run section router EIGRP you can see that we get an adjacency let's say show IP route v RF l3 VPN and pick the right BRF so now we're getting on the PE side so the customer side router for router v on the isp side are now getting all the routes coming in from the customer so now the next piece to this is we need to get these v RF routes into bgp now what we'll do is we'll pick an autonomous system let's say 65,000 ok so that will be our autonomous system so we'll say router bgp pipe 65,000 ok and I'm going to say bgp router ID will say 5.5 to 5 and I'm going to say bgp upgrade CLI that will give us the newer architecture even though we don't have to do that I generally like to run that macro now what we need to do is we need to again create a V RF instance because vgp is what's going to carry these routes from p2p they have to get into BGP first well they can't get into BGP if I don't do redistribution right I'm going to say address family what kind of IP am I using am I using ipv6 or ipv4 more say ipv4 and then what am I going to do well I need to create this vrf instance I'm going to say V RF and then what's the name of the RF l3 VPN now all I need to do here say redistribute VI GRP with the autonomous system and say exit ok that's all I need to do with regards to BGP in other words getting those routes from BGP - yeah ARP well do show run section e IG R P ok I need to get these back the other way as well so let's get in here get into our topology base and I'm going to say redistribute what am I going to do I need to do bgp here's border gateway protocol right I'm gonna say redistribute BGP what's the ASN I'm going to say 65,000 and we need to give it a metric remember EIGRP like symmetric what's the bandwidth I don't know let's say 10,000 what's the delay I don't know let's say 10 what's the reliability well we'll say 255 what's the load going to be well the load will just say it's it's 1 and what's the MTU going to be well you know we'll say 1,500 right you shall run section router a jarppi so now we have mutual redistribution going in between bgp in that vrf and EIGRP in that vrf and this is where again a lot of people get confused the routes are now coming into this vrf from the provider so let me actually draw so they're coming in like this into the vrf and then they're leaving the EIGRP vrf and they're going into this vrf here so now they're inside BGP okay once they're in BGP now we need to create a VPN so let me say VPN a fi to get them to go from router five to router four okay so again it's it's this it's this multi-hop so they go from here to here inside of the EIGRP vrf then they need to leave ya GRP they need to go into the bgp vrf then they leave the vrf they go into the VPN and they essentially get advertised over to router 4 and the route targets that we created are going to be these extended communities contained in these advertisements and that's essentially how router 4 and router 5 are going to know what routes to essentially use all right so let's go ahead and let's create the same thing over on router or oops portal or we can pick up Ritchie line and we can probably yeah let's just do this and let's take a look at our you add your B config we can probably just do this as well right and it makes sense all right so we're going to redistribute bgp any hedge erp on both ends okay so now what we need to do now that we have mutual redistribution going back and forth now some people get confused here as well because you don't see the vrf it's okay because you're in the address family for the vrf so it doesn't matter it's smart enough you don't need to put the vrf at the end of your redistribution statement now what we need to do is we need to simply create the bgp instance or I should say the the VPN connection between router four and router five so let's say config T will say router bgp 65,000 and what I'm going to do is say address family actually what I'll do is I'll say neighbor and I'm going to use the loopback so I'm going to say neighbor v dot v dot v remote ASN 65,000 neighbor v dot v dot v update loopback 0.5 router bgp 65k and will say neighbor 4.4.4 remote 65k neighbor 4.4.4 update l0 okay so we should see a bgp adjacency come up but this is not a VPN adjacency alright this is not a VPN adjacency all this is doing is regular ipv4 okay we need this address family to say VPN v4 and again this is where some people get confused some people say well do I need this do I want this you don't need an ipv4 address family in order to get layer 3 VPN to work some people use both because they're also transmitting ipv4 prefixes but essentially you don't need it there for it to work so let's actually just go in we're going to say address family VPN v4 and all I'm going to do is copy this activate statement you're going to see the capabilities change in in BGP and that's okay alright let's go into our bgp config will say VPN v4 and all i'm going to do is activate the same instance so now we have a VPN v4 instance and you can see that it says send community extended because without the community is extended without the extended communities being sent there's no way that we can actually send the route target values across the wire so now let's say show IP route vrf l3 VPN and you can see that now we're getting some BGP routes so take a look at router for router for is now getting bgp routes from router 5 let's take a look at them let's say show IP BGP vrf show IP BGP show BGP and we'll say VPN v4 unicast and I'm going to say V RF and we'll say l3 VPN and what I want to do is I want to actually look at the individual prefix that I'm looking for which is going to be let's take a look at this guy okay so now you can see that we actually are receiving these routes from BGP it lets us know the route target here is that route target that we configured so here's that extended community value that's coming in with the BGP route so router five or router four is saying I'm getting this route and the extended community is ten five seven zero : one well that's the community that we sent over that we sent over here on router five this was the export community but now we're importing it our vrf tells us to import it now I'm not going to go through the inner label in the outer label and all that stuff I'll do that again in other videos but let's actually see what our six and seven see show IP route EW GRP if I look at router six router six now has the 192 168 seven prefixes that are coming in from router seven if I take a look at seven show IP route EW GRP router seven now has the three prefixes that are coming in from router six moment of truth I was going to say ping trace there we go let's actually source this from our loopback zero or loopback one so now you can see that you have full reach ability so let's say trace and go to the same prefix and you can actually see the label exchange happening in your in your label exchange so here what's interesting is that this is the outer label what I just thought I wasn't going to go into this this is your outer label so you can see that this is changing because from router seven router seven sent it to router five router five sends this label packet to router three with it with a label of three fifteen router three swaps it to ten fifteen router to swat a router router against the router to router to swaps it with two fifteen I should say router one swaps it then we ultimately get to router four router 4 has this outer or this inner label of forty twenty two and this is the BGP label and this would be a whole other video but this is the MPLS or the layer 3 VPN BGP label that's essentially being used to know what PE router were essentially going to go to ok and again that may be a little bit confusing but here's the actual config so let me just quickly show you is so she'll run section router eigrp basic simple configuration on your customer let's head over to router five this is just a recap here's your Eid RP configuration on your on your provider it has to be inside of a vrf you have to configure BGP and AV RF so it's all a step by step process right so you have to configure BGP in a V RF and mutual redistribution because those routes have to leave yeah ARP and go into BGP once they're in BGP the VPN v4 address family being paired with the other provider edge router will advertise these extended community values in your v RF here's your extended community values your importing your export will advertise those between the two PE s and the PE S will decide what they want based on what address families you have configured in these VRS so the same process in Reverse you have EIGRP configured into vrf so then it's going to come out of this VPN before it's going to come into your BGP vrf and because you have the redistribution statement it's going to go into your ERP vrf instance and it's of course going to form a neighbor with your customer which is then going to allow your customer oops to receive those routes so again guys I know this is a really confusing video I know that sometimes this layer 3 VPN MPLS stuff can be confusing I hope that I cleared it up for you if not I would recommend watching our entire series on layer 3 VPN so that you guys can get a full grasp on it enjoy I'll talk to you guys soon

Info

Channel: XtremeIE

Views: 52,881

Rating: 4.9335546 out of 5

Keywords: Configure Basic L3VPN, CCIE, CCIE R&S, CCIEv5, CCIE version 5, CCIE MPLS, CCIE L3VPN, CCIE Layer 3 VPN, Configure BGP, EIGRP, MPLS, L3VPN, Layer 3 VPN, Service Provider, CCIE Service Provider, CCIE SP BGP, CCIE SP MPLS, CCIE R&S MPLS, CCIE R&S L3VPN, Pass CCIE, Pass CCIE R&S, VRF, BGP AFI, BGP Address families, BGP VPNv4, BGP VRF, VPNv4, VPNv4 AFI, Introduction to MPLS, MPLS L3, What is MPLS, Basic MPLS, MPLS VPN, MPLS Fundamentals, LDP, xie, xtremeie, jp cedeno

Id: XiQ9z7hidvU

Channel Id: undefined

Length: 50min 19sec (3019 seconds)

Published: Mon Oct 31 2016