VRF-aware Routing: MPLS Layer 3 VPN Configuration

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey everyone i'm charles judd and in this video we're going to take a look at configuring an mpls layer 3 vpn so that we can examine vrf aware routing there's lots of moving pieces involved so let's dive in and take a look at our topology first [Music] so here is our topology we have a fairly simple representation of a provider network here this is essentially a small snippet of what we would see within an mpls provider network you can see that in the center we have an mpls core and at the edges of that core we have two provider edge routers labeled pe1 and pe2 these of course sit at the edge of the mpls core network and connect out to our customer sites as we see here and those all lie within autonomous system 65 000. we also have four customer edge routers labeled cea1 cea2 ceb1 and ceb2 so each of our provider edge routers has a customer a site and a customer b site each individual customer having two sites in this network we're going to configure an mpls layer 3 vpn for vrf aware routing where we'll implement separate vrf's for each of these customers let's start on our pe 1 router our provider edge router and let's say show mpls interfaces and you'll notice that we have our gig zero slash two interface configured for mpls which is connected into our provider backbone or our mpls core if we say show mpls ldp neighbor you can see we do have a valid neighborship as we would expect we can also say show ipospf neighbor and we're also going to see an ospf adjacency with one of those mpls core routers so this tells us that we have ospf configured as an igp on our provider network and we have mpls configured as well so with our provider edge devices configured for mpls and with a valid igp in place in our provider network we're ready to begin creating and designing our customer vrfs again these are going to be configured on the pe routers and the interfaces connecting to our customer sites will be assigned into those vrfs which our topology on the screen indicates is going to be gig 0 zero and zero slash one on each of those routers so still on pe one on our first provider edge router let's go ahead and create our vrfs let's go under global configuration mode and we can say ipvrf followed by the name that we want this vrf to have so i'm going to name our customer a vrf simply cust-a the next thing we need to do is to indicate a route distinguisher a route distinguisher is a way that we distinguish one vrf from another and this very simply is a unique number that's going to be prepended to each route within the vrf so that ownership can be identified so in our case we're going to create a couple of different route distinguishers one to identify customer a vrf traffic and the other for customer b vrf traffic we do that by saying rd followed by the actual route distinguisher and if we look at contextual help we can see the format options for that now whatever you choose it really doesn't matter it's actually just up to your own preference because this is mostly cosmetic i'm going to use the first format that we see indicated here which is a two byte autonomous system number followed by a four byte custom identifier value so in my case i'm going to make the route distinguisher for the customer avrf 65000 colon one we also need to specify a route target which is the way that we indicate which routes are going to be imported or exported with a vrf so let's say route hyphen target and if we look at contextual help you can see that we have the options listed for import export or for both so we can choose which one of these we want specifically in my case i'm just going to use the both keyword to take care of both importing and exporting prefixes and i'm going to give this a similarly formatted identifier here now you can make this exactly the same as your route distinguish your value and for simplicity i typically do that but just know that it doesn't have to be the same you can give that a different identifier if you choose to do so again in my case i'm going to keep it the same 65 000 colon 1. so let's also create a vrf for customer b as well let's say ipvrf and i'll name that cust-b i want to create a route distinguisher this time i'll make that 65000 colon 2. again we want that to be unique from our customer a route distinguisher and then let's say route hyphen target both again i'm going to use the same identifier 65 000 colon 2. so with that in place let's go to our other provider edge router pe2 and we're going to do something fairly similar here we want to create our vrfs on this router we'll do that a little bit quicker this time since we've already discussed the reasoning behind what we're doing so we'll say ipvrf customer a route distinguisher 65 000 colon one route target both 65 000 colon one let's also create a vrf for customer b our route distinguisher 65 000 colon 2 route target both 65 000 colon 2. so now we have our vrfs created the next thing we need to do is to assign the customer facing interfaces into each vrf so back on pe1 let's go under interface gig zero slash 0 which you can see in our topology is facing the customer a network on this router the ce a1 router and let's say ipvrf forwarding and we will follow that with the name of the vrf which in our case is cust-a now notice when we do this we have a message saying that the interface ip address has been removed this is the expected behavior so we do need to reapply the ip address to this interface now i'll also say that there are some versions of ios that do not have this warning message so this is something you want to especially be aware of if you're using an older ios version in any event let's reconfigure that ip address let's say ip address and you can see from the topology that should be 10.0.0.2 with a slash 30 subnet mask so with that back in place let's do the same now for our customer b vrf we want to do that under interface gig zero slash one which is connecting out to our customer b site and we'll say ipvrf cust-b and actually i left out the forwarding command ipvrf forwarding cust-b and actually before i do that i have to go back because that actually placed me under vrf configuration mode i don't want to do that so we'll go under interface gig zero slash one say ipvrf forwarding customer b it's going to remove our ip address so let's put that back in place say ip address and this needs to be 20.0.0.2 with a slash 30 subnet mask let's go over to pe2 and do the same thing let's go under interface gig 0 0 ipvrf forwarding customer a it's going to remove our ip address so we'll put that back in place ip address 30.0.0.2 30 subnet mask and now interface gig zero slash one ip vrf forwarding customer b reconfigure our ip address 40.0.0.2 with a slash 30 subnet mask if we break out of here and we say show ipvrf interfaces we can verify which interfaces we've added into each vrf instance you see that interface gig zero zero is associated with customer a and zero slash one is associated with the customer b vrf let's do the same on pe one show ipvrf interfaces and gig zero slash zero is with customer a zero slash one is with customer b so that's good now one thing i'll point out is that if we try to ping one of our routers so for example we should be able to ping the ce-a1 router at 10.0.0.1 but if we try to do that that's going to fail and that's because we've added these interfaces into our vrfs so we'll have to explicitly state which vrf we want to use when we're trying to ping a device so we would need to say ping vrf the name of the vrf which is customer dash a 10.0.0.1 and this time we do get a success message now it's time to take care of our multi-protocol bgp configuration and that's going to allow us to advertise our vrf routes between our two provider edge routers so mp bgp is only going to run on the pe routers themselves the provider routers in the mpls core they'll be using their own igp and mpls to take care of all that traffic there and likewise the customer edge routers will also have no knowledge of routes outside of their own vrf so still here on pe1 let me clear off a little bit of space and this is going to be a fairly basic mpbgp configuration so let's go under global configuration mode go under our bgp autonomous system number which is 65 000 and we'll say neighbor and you can see in the topology the loopback address on the pe2 router is 3.3.3.3 so we'll use that we'll say remote hyphen as 65000 and i'm also going to say neighbor 3.3.3.3 update hyphen source to loopback zero to set the source of my packets as the loopback interface now in order to carry our prefixes remember now we have the route distinguisher prepended to the front of those prefixes as we discussed earlier so in order to do that we need to use an address family and specifically a vpn version for address family in order to carry these longer than normal routes so let's say address hyphen family and the option that we want to use under here is vpn version 4 which will support our vrf route distinguishers and ip prefixes when we hit enter we're now under address family configuration mode so let's activate our neighbor by saying neighbor 3.3.3.3 activate now let's go to pe2 and finish up this configuration on that side clear off a little bit of space we'll go under our bgp autonomous system number 65 000 we'll say neighbor you can see the loopback for pe1 is 2.2.2.2 remote hyphen as 65000 neighbor 2.2.2.2 update hyphen source to loopback zero you can see that we have a bgp adjacency neighbor 2.2.2.2 is up so that's a good sign let's say address hyphen family vpn version 4 and now we want to say neighbor 2.2.2 activate we do see our bgp adjacency reset because of the address family configuration but we now see that we are back into the upstate so that's good we have an adjacency formed if we break out of here a little different than our normal bgp show command we want to say show bgp vpn version 4 unicast all summary and here we see our neighborship with the 2.2.2 router which is pe1 next we want to configure the route exchange between our customer edge routers and our provider edge routers this is going to allow us to exchange routes between the customer and the provider now we could use bgp we could use rip eigrp whatever we prefer between the customer and provider edge devices in this case i'm just going to use ospf to exchange those routes so first let's go to ce a1 that's our first customer a site and let's do a quick show run pipe 2 section router ospf i do want to show you what we currently have in place on all of our customer routers and here we're going to see that we have ospf process one and we're advertising the local loopback address into ospf we're also advertising the network that is attached to the pe router and we're advertising our host subnet the 172.16.1.0.24 network so now let's configure ospf on our provider edge routers back on pe1 let's break out of here and clear off a little room and we want to create an ospf process for each of our customer vrf's that we're using on this router remember we already have process id 1 running on our provider edge router as the igp for the provider network and we can verify this by saying show run pipe 2 section router ospf and this is going to show us that we have ospf process one running again this is being used as an igp for our provider network so when we create these two new ospf processes for our vrfs i want to start with number two instead so let me go under global configuration mode and i want to say router ospf process id2 and if we look at contextual help you'll see that we can associate this with a particular vrf so let's do that let's say vrf and i'll do customer a first and now let's add the network that's connecting us to our customer a edge router let's say network 10.0.0.0 a0.0.0.3 wildcard mask and we'll add that into area 0. and we should see an adjacency form for this very shortly we do see that so that's another good sign now let's create our other ospf process for the customer b vrf let's say router ospf 3 vrf customer b and we want to say network 20.0.0.0 same wildcard mask also into area 0 and we should see a second adjacency form here as well shortly and we did just see that happen so that's great let's go to our pe 2 router our other provider edge router and we're going to do basically the same thing let's go under global configuration mode we'll say router ospf 2 vrf customer a we want to say network 30.0.0.0 with a 0.0.0.3 wildcard mask into area 0. now we'll create our ospf 3 process for vrf customer b network 40.0.0.0. they slash 30 wildcard mask and we'll say area 0. we already saw one ospf adjacency form we should see the second one soon and we did just see that in our console so we're almost there our mpls backbone is up and running our customer edge routers are sending routes to the provider edge routers within separate vrfs so now the last thing we need to do is to redistribute this into bgp once we do that this is going to allow our customer edge routes in each vrf to be transported across the provider network between our two provider sites in other words between pe1 and pe2 if you're familiar with route redistribution this is going to be really straightforward so let's go back to our pe1 router and we'll clear off a little space and let's first run the show bgp vpn v4 unicast vrf cust dash a and you'll notice this output is blank if we do that for customer b we also have a blank output this means we don't have any vpn version for routes at the moment once we redistribute ospf then we should have some routes listed in this output so let's go under global configuration mode router bgp 65000 and again a really simple redistribute process that we're going to use here let's go under address family ipv4 vrf customer a and we'll say redistribute ospf and remember our customer avrf is associated with ospf process 2. so we'll hit enter for that and we'll do the exact same thing for customer b and we'll redistribute ospf process 3. now let's break out of here and let's run that show command that we used earlier now you'll notice for customer b we do have some routes learned from the customer sites let's do that for customer a as well and we're also seeing routes there that's great we are only seeing our ce a1 routes and our ceb one routes of course we haven't configured redistribution on the other side yet so let's go over and do that and then we should see routes from all of our customer sides that should give us a complete look at the network so let's clear off a little space here we'll go under global configuration mode on pe2 router bgp 65000 address hyphen family ipv4 vrf customer a and we'll redistribute ospf process 2 into that and for the vrf customer b address family we'll redistribute ospf process 3. let's break out of here and let's run that same show command that we used on pe one show ipbgp vpn version four vrf customer a and now we're seeing networks from both of our customer a sites cea1 and cea2 if we do the same for customer b we should see a similar story and we do we see routes from both of our customer b sites so that's exactly what we want to see we also want to redistribute these in the opposite direction as well we want to redistribute from bgp into the customer ospf processes so back on pe 1 let's go under router ospf 2 which is associated with customer a and we'll say redistribute bgp 65000 subnets into that and then router ospf 3 which is associated with customer b and we'll do the same thing for that back on pe 2 we'll do the exact same thing router ospf 2 redistribute bgp 65 000 subnets for ospf3 redistribute there as well okay now we've come a long long way that's a lot of commands a lot of things going on let's confirm everything we should now have end-to-end connectivity between our customer edge routers so let's go on ce a1 we'll clear off a little space so theoretically we should be able to ping the other customer a site cea2 at 6.6.6.6 that's the loopback address on that router if we try to ping that we are successful that works so that's great now if we say show ip route it looks as though we have a complete routing table for our customer a vrf we see both the 172.16.1.0 24 network represented and the 2.0 24 network represented as well one last thing let's run a trace route so let's trace route to our other customer a site and we'll take a look at the path that we're taking through the network you can see our first hop is 10.0.0.2 which is of course our pe1 router after that we noticed some mpls labels that are being used to cross our provider network so first we go over 50.0.0.1 which is going into our mpls core then we see the 30.0.0.2 address which is pe2 and then we reach our cea2 routers loopback address over the gig zero slash zero interface which has the ip address of 30.0.0.1 so there's a lot going on here a lot of moving pieces a lot to absorb but that's a look at how we would do full blown vrf aware routing configuring an mpls layer 3 vpn i hope you found this content useful and i want to thank you sincerely for watching

Info

Channel: Kevin Wallace Training, LLC

Views: 19,689

Rating: undefined out of 5

Keywords: cisco, networking, ccna, ccnp, ccie, ccna 200-301, enarsi, encor, kwtrain, vrf, virtual routing and forwarding, vrf-lite, mpls, multiprotocol label switch, mpls layer 3 vpn

Id: s77xYL2ccHU

Channel Id: undefined

Length: 23min 2sec (1382 seconds)

Published: Fri Sep 04 2020