Jump to content






Photo - - - - -

MPLS L3VPN Internet Access

Posted by MSSK , 19 May 2013 · 2,946 views

MPLS L3VPN Internet Access Issue

In the above topology we have two VRFs, MSSK which connects R1 and R5 to the service provider backbone, and VRF ABC which connects R7 to the service provider core
The aim is to enable these customers to gain internet access which is represented by R8 loopback 0 interface, R8 is located in AS#1
R3 will be VPNV4 router reflector for the three PE routers and BGP is the PE-CE routing protocol

Configuration


R1

R1#sh run int f1/0
interface FastEthernet1/0
ip address 172.1.12.1 255.255.255.0
speed 100
duplex full

R1#sh run int lo0
interface Loopback0
ip address 172.16.1.1 255.255.255.255

R1#sh run | sec router bgp
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 172.1.12.2 remote-as 100
!
address-family ipv4
  network 172.16.1.1 mask 255.255.255.255
  neighbor 172.1.12.2 activate
exit-address-family

R2

R2#sh run int f1/0
interface FastEthernet1/0
ip address 192.1.23.2 255.255.255.0
ip router isis 1
speed 100
duplex full

R2#sh run int f1/1
interface FastEthernet1/1
vrf forwarding MSSK
ip address 172.1.12.2 255.255.255.0
speed 100
duplex full

R2#sh run int lo0
interface Loopback0
ip address 2.2.2.2 255.255.255.255

R2#sh run | sec vrf def
vrf definition MSSK
rd 100:1
route-target export 100:1
route-target import 100:1
!
address-family ipv4
exit-address-family
R2#sh run | sec router bgp
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 send-community both
exit-address-family
!
address-family ipv4 vrf MSSK
  neighbor 172.1.12.1 remote-as 200
  neighbor 172.1.12.1 activate
  neighbor 172.1.12.1 send-community both
  neighbor 172.1.12.1 as-override
exit-address-family
R2#sh run | sec router isis
ip router isis 1
router isis 1
net 49.0001.0000.0000.0002.00
is-type level-2-only
passive-interface Loopback0
mpls ldp autoconfig

R3

R3#sh run int f1/0
interface FastEthernet1/0
ip address 192.1.23.3 255.255.255.0
ip nat inside
ip router isis 1
speed 100
duplex full

R3#sh run int f1/1
interface FastEthernet1/1
ip address 192.1.34.3 255.255.255.0
ip nat inside
ip router isis 1
speed 100
duplex full

R3#sh run int f2/0
interface FastEthernet2/0
ip address 192.1.36.3 255.255.255.0
ip nat inside
ip router isis 1
speed 100
duplex full

R3#sh run int f2/1
interface FastEthernet2/1
ip address 192.1.38.3 255.255.255.0
ip nat outside
speed 100
duplex full

R3#sh run int lo0
interface Loopback0
ip address 3.3.3.3 255.255.255.255

R3#sh run | sec router isis
router isis 1
net 49.0001.0000.0000.0003.00
is-type level-2-only
passive-interface Loopback0
mpls ldp autoconfig

R3#sh run | sec router bgp
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback0
neighbor 4.4.4.4 remote-as 100
neighbor 4.4.4.4 update-source Loopback0
neighbor 6.6.6.6 remote-as 100
neighbor 6.6.6.6 update-source Loopback0
neighbor 192.1.38.8 remote-as 1
!
address-family ipv4
  network 212.118.0.0
  network 212.118.1.0
  neighbor 192.1.38.8 activate
exit-address-family
!
address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community both
  neighbor 2.2.2.2 route-reflector-client
  neighbor 2.2.2.2 next-hop-self
  neighbor 4.4.4.4 activate
  neighbor 4.4.4.4 send-community both
  neighbor 4.4.4.4 route-reflector-client
  neighbor 4.4.4.4 next-hop-self
  neighbor 6.6.6.6 activate
  neighbor 6.6.6.6 send-community both
  neighbor 6.6.6.6 route-reflector-client
  neighbor 6.6.6.6 next-hop-self
exit-address-family
!
address-family ipv4 vrf ABC
  network 0.0.0.0
exit-address-family
!
address-family ipv4 vrf MSSK
  network 0.0.0.0
exit-address-family

R3#sh run | sec vrf def
vrf definition ABC
rd 200:1
route-target export 200:1
route-target import 200:1
!
address-family ipv4
exit-address-family
vrf definition MSSK
rd 100:1
route-target export 100:1
route-target import 100:1
!
address-family ipv4
exit-address-family

R3#sh run | inc nat
ip nat pool MSSK_POOL 212.118.0.0 212.118.0.255 prefix-length 24
ip nat pool ABC_POOL 212.118.1.0 212.118.1.255 prefix-length 24
ip nat inside source list RFC pool ABC_POOL vrf ABC
ip nat inside source list RFC pool MSSK_POOL vrf MSSK

R3#sh run | sec ip access
ip access-list standard RFC
permit 10.0.0.0 0.255.255.255
permit 172.16.0.0 0.15.255.255
permit 192.168.0.0 0.0.255.255

ip route 212.118.0.0 255.255.255.0 Null0
ip route 212.118.1.0 255.255.255.0 Null0
ip route vrf MSSK 0.0.0.0 0.0.0.0 192.1.38.8 global
ip route vrf ABC 0.0.0.0 0.0.0.0 192.1.38.8 global



R4

R4#sh run int f1/0
interface FastEthernet1/0
ip address 192.1.34.4 255.255.255.0
ip router isis 1
speed 100
duplex full

R4#sh run int f1/1
interface FastEthernet1/1
vrf forwarding MSSK
ip address 172.1.45.4 255.255.255.0
speed 100
duplex full

R4#sh run int lo0
interface Loopback0
ip address 4.4.4.4 255.255.255.255

R4#sh run | sec router isis
router isis 1
net 49.0001.0000.0000.0004.00
is-type level-2-only
passive-interface Loopback0
mpls ldp autoconfig

R4#sh run | sec router bgp
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 send-community both
exit-address-family
!
address-family ipv4 vrf MSSK
  neighbor 172.1.45.5 remote-as 200
  neighbor 172.1.45.5 activate
  neighbor 172.1.45.5 send-community both
  neighbor 172.1.45.5 as-override
exit-address-family

R5

R5#sh run int f1/0
interface FastEthernet1/0
ip address 172.1.45.5 255.255.255.0
speed 100
duplex full

R5#sh run int lo0
interface Loopback0
ip address 172.16.5.5 255.255.255.255

R5#sh run | sec router bgp
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 172.1.45.4 remote-as 100
!
address-family ipv4
  network 172.16.5.5 mask 255.255.255.255
  neighbor 172.1.45.4 activate
exit-address-family

R6

R6#sh run int f1/0
interface FastEthernet1/0
ip address 192.1.36.6 255.255.255.0
ip router isis 1
speed 100
duplex full

R6#sh run int f1/1
interface FastEthernet1/1
vrf forwarding ABC
ip address 172.1.67.6 255.255.255.0
speed 100
duplex full

R6#sh run int lo0
interface Loopback0
ip address 6.6.6.6 255.255.255.255

R6#sh run | sec router isis
router isis 1
net 49.0001.0000.0000.0006.00
is-type level-2-only
passive-interface Loopback0
mpls ldp autoconfig
R6#sh run | sec vrf def
vrf definition ABC
rd 200:1
route-target export 200:1
route-target import 200:1
!
address-family ipv4
exit-address-family

R6#sh run | sec router bgp
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 send-community both
exit-address-family
!
address-family ipv4 vrf ABC
  neighbor 172.1.67.7 remote-as 300
  neighbor 172.1.67.7 activate
  neighbor 172.1.67.7 send-community both
exit-address-family

R7

R7#sh run int f1/0
interface FastEthernet1/0
ip address 172.1.67.7 255.255.255.0
speed 100
duplex full

R7#sh run int lo0
interface Loopback0
ip address 192.168.7.7 255.255.255.255

R7#sh run | sec router bgp
router bgp 300
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 172.1.67.6 remote-as 100
!
address-family ipv4
  network 192.168.7.7 mask 255.255.255.255
  neighbor 172.1.67.6 activate
exit-address-family

R8

R8#sh run int f1/0
interface FastEthernet1/0
ip address 192.1.38.8 255.255.255.0
speed 100
duplex full

R8#sh run int lo0
interface Loopback0
ip address 8.8.8.8 255.255.255.255

R8#sh run | sec router bgp
router bgp 1
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 192.1.38.3 remote-as 100
!
address-family ipv4
  network 8.8.8.8 mask 255.255.255.255
  neighbor 192.1.38.3 activate
exit-address-family

Verification

R1#ping 8.8.8.8 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/13/20 ms

R5#ping 8.8.8.8 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 172.16.5.5
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/12 ms

R7#ping 8.8.8.8 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.7.7
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/15/24 ms

R3#sh ip nat translations  
Pro Inside global   Inside local    Outside local   Outside global
icmp 212.118.0.2:2 172.16.1.1:2    8.8.8.8:2   8.8.8.8:2
--- 212.118.0.2     172.16.1.1 ---     ---
icmp 212.118.0.3:1 172.16.5.5:1    8.8.8.8:1   8.8.8.8:1
--- 212.118.0.3     172.16.5.5 ---     ---
icmp 212.118.1.2:1 192.168.7.7:1   8.8.8.8:1   8.8.8.8:1
--- 212.118.1.2   192.168.7.7     ---     ---

R1#sh ip bgp
BGP table version is 4, local router ID is 172.16.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
  r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
  x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network   Next Hop     Metric LocPrf Weight Path
*>  0.0.0.0   172.1.12.2 0 100 i
*>  172.16.1.1/32    0.0.0.0   0 32768 i
*>  172.16.5.5/32    172.1.12.2 0 100 100 i

R5#sh ip bgp
BGP table version is 4, local router ID is 172.16.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
  r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
  x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network   Next Hop     Metric LocPrf Weight Path
*>  0.0.0.0   172.1.45.4 0 100 i
*>  172.16.1.1/32    172.1.45.4 0 100 100 i
*>  172.16.5.5/32    0.0.0.0   0 32768 i

R7#sh ip bgp
BGP table version is 3, local router ID is 192.168.7.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
  r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
  x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network   Next Hop     Metric LocPrf Weight Path
*>  0.0.0.0   172.1.67.6 0 100 i
*>  192.168.7.7/32   0.0.0.0   0 32768 i




Please find the image below
http://www.mediafire.com/view/?31u6ryzhkpry0vj

BR,
MSSK

July 2019

S M T W T F S
 123456
78910111213
14151617181920
21 222324252627
28293031   

Recent Entries

Recent Comments

Tags

    Search My Blog

    Categories

    Organization

    Community

    Downloads

    Test Providers

    Site Info


    Go to top