Search This Blog

Thursday, December 6, 2012

Service provider MPLS Layer-3 LAB


Here is the following topology:

 
Hostname
Administrative
Role
R1
Service provider
PE
R2
Service provider
P
R3
Service provider
PE
R4
Customer #1
CE
R5
Customer #2
CE
R6
Customer #1
CE
R7
Customer #2
CE
R8
Service provider
PE

 
Customer #1 has two sites: R4 and R6 both connected to the SP in single homed mode and using EIGRP as a CE to PE dynamic routing protocol.

R4#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
 
Gateway of last resort is not set
 
D EX 192.168.61.0/24 [170/30720] via 10.1.34.3, 00:10:53, FastEthernet0/0
C    192.168.41.0/24 is directly connected, Loopback1
     10.0.0.0/24 is subnetted, 2 subnets
D EX    10.1.16.0 [170/30720] via 10.1.34.3, 1w3d, FastEthernet0/0
C       10.1.34.0 is directly connected, FastEthernet0/0

 We can see that R4 is learning network 192.168.61.0/24 from R6 using EIGRP.

Now customer #1 wants to get internet access although he doesn’t have a (physical) link to the internet or spare router to connect to, so the SP will have to provide him internet access through his backbone.

So our goal is to inject default route to customer #1 VRF.

In order to avoid advertising SP BGP router-id’s (loopback) and backbone link IP’s into customer VRF we would create a separate VRF which will hold default route to the global routing table and then we will do route leakage between customer #1 VRF and  this new VRF.

I have configured a new VRF on R8:

ip vrf INTERNET
 rd 65002:8
 route-target export 65002:888
 route-target import 65002:888
!

And configured interface Fa2/0 in VRF INTERNET:

interface FastEthernet2/0
 mac-address 0017.df3f.a832
 ip vrf forwarding INTERNET
 ip address 10.1.88.2 255.255.255.0
 no ip redirects
 no ip proxy-arp
 duplex full
 speed 100

Note that I changed the mac address of the interface.

Now interface Fa1/1 is in the global routing table:

interface FastEthernet1/1
 ip address 10.1.88.1 255.255.255.0
 no ip redirects
 no ip proxy-arp
 load-interval 30
 duplex full
 speed 100

 And now the BGP configuration between VRF INTERNET and the global routing table:

router bgp 65000
 no synchronization
 bgp router-id 8.8.8.8
 bgp log-neighbor-changes
 network 0.0.0.0
 redistribute static
 neighbor 2.2.2.2 remote-as 65000
 neighbor 2.2.2.2 update-source Loopback0
 neighbor 2.2.2.2 route-reflector-client
 neighbor 2.2.2.2 send-community both
 neighbor 2.2.2.2 soft-reconfiguration inbound
 neighbor 10.1.88.2 remote-as 65002
 neighbor 10.1.88.2 local-as 65001 no-prepend replace-as
 neighbor 10.1.88.2 ebgp-multihop 5
 neighbor 10.1.88.2 next-hop-self
 neighbor 10.1.88.2 default-originate
 default-information originate
 no auto-summary
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community both
  neighbor 2.2.2.2 route-reflector-client
 exit-address-family
 !
 address-family ipv4 vrf INTERNET
  redistribute connected
  redistribute static
  neighbor 10.1.88.1 remote-as 65001
  neighbor 10.1.88.1 local-as 65002 no-prepend replace-as
  neighbor 10.1.88.1 ebgp-multihop 5
  neighbor 10.1.88.1 activate
  neighbor 10.1.88.1 next-hop-self
  no synchronization
  bgp router-id 10.1.88.2
 exit-address-family

 
So now R8 has a BGP peering between VRF INTERNET and the global routing table:

R8#show ip bgp summary
BGP router identifier 8.8.8.8, local AS number 65000
BGP table version is 13, main routing table version 13
2 network entries using 264 bytes of memory
2 path entries using 104 bytes of memory
11/2 BGP path/bestpath attribute entries using 1628 bytes of memory
2 BGP rrinfo entries using 48 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
6 BGP extended community entries using 288 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 2 (at peak 3) using 64 bytes of memory
BGP using 2444 total bytes of memory
BGP activity 16/7 prefixes, 18/9 paths, scan interval 60 secs
 
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2.2.2.2         4 65000     453     127       13    0    0 01:19:45        0
10.1.88.2       4 65002     116     119       13    0    0 01:17:52        1

Now we can advertise default route, from R8 global routing table to the customer VRF, using VRF INTERNET,

R8:

ip vrf INTERNET
 rd 65002:8
 route-target export 65002:888
 route-target import 65002:888
 route-target import 100:888

 And on R1:

ip prefix-list PL_NET6 permit 192.168.61.0/24
!
route-map VRF_BLUE_EXPORT permit 10
 match ip address prefix-list PL_NET6
 set extcommunity rt  100:888
!
route-map VRF_BLUE_EXPORT deny 999
!
ip vrf BLUE
 rd 1:100
 export map VRF_BLUE_EXPORT
 route-target export 100:100
 route-target import 100:100
 route-target import 65002:888

 
Now when tracing to some unknown address from customer #1 R6 router:

R6#traceroute 8.8.8.8 source lo1
 
Type escape sequence to abort.
Tracing the route to 8.8.8.8
 
  1  *
    10.1.16.1 20 msec 36 msec
  2 10.1.12.2 [MPLS: Labels 17/24 Exp 0] 140 msec 72 msec 108 msec
  3 10.1.88.2 [MPLS: Label 24 Exp 0] 72 msec 40 msec 44 msec
  4 10.1.88.1 84 msec *  96 msec

 
We can see that we are reaching R8 global routing table hence we reach outside the VRF.

What I have done on R8 is a little bit tricky, i use one router with two different legs to create eBGP peer between them, in  this way I could made a VRF with default route injected in it without advertising all SP backbone IP’s and without the burden of managing static routes for return traffic.  

 

 

 

 
Posted by at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)