What is MPLS L3 VPN ? How to configure?

We already discuss what is MPLS and LDP in the previous sections. In this section, we will see what is MPLS L3 VPN? And what are VRF (virtual routing forwarding), Rd (route-distinguisher), RT (route-target), and how to configure MPLS L3 VPN in the service provider network?

In MPLS Layer 3 the service provider will participate in routing with the customers. The customers will run static, OSPF, EIGRP, BGP, or any other routing protocol with the service provider; these routes can be shared with other sites of the customers.

In VPN routing information from one customer is completely separated from other customers and tunneled over the service provider MPLS network.

What is VRF (virtual routing forwarding)?

Virtual routing forwarding VRF provides a way for us to configure multiple routing instances on our router. We use multiple routing tables. Each customer of the service provider will use a different VRF. VRF keeps customer traffic and routing separate utilizes the same hardware. Without VRF we need to use ACL filtering to keep traffic segregated.

What is Rd (route-distinguisher?)

Route-distinguisher is used to convert a client non-unique 32-bit address into a unique 96-bit vpnv4 address, to enable transport between PE routers and the resulting address is a vpnv4 address. RD is locally significant to a router. VRF is not operational unless you configure an RD.

We can use any value we want but we use the ASN: NN format where ASN means the service provider’s AS number and NN is a number we pick that identifies the site of the customer. Each VRF in a PE router must have a unique RD.

RT (Route-Target)

Is a 64-bit extended BGP community that is attached to aVPNv4 BGP route to indicate its VPN membership?

Any number of RTs can be attached to a single route.

Export RTs

1. Identifies the VPN member to which the associated VRF belongs.

2. 2. Are attached to a client’s route, when it is converted into a VPNv4 route.

Import RTs

1. Import RT is used to select which VPNv4 routers is to be inserted into which VRF tables.

2. on the receiving PE router, a route is imported into a VRF only if at least one RT attached to the route matches at least one import RT configuration in that VRF.

1. Introduction of MPLS

2. What is MPLS Label distributing protocol (LDP)? How LDP works?

3. how to configure MPLS LDP Peering?

4. What is MPLS L3 VPN? How to configure?

5. How to configure MPLS L3 VPN with RIPv2?

6. How to configure MPLS L3 VPN with EIGRP?

7. How to configure MPLS L3 VPN with OSPF?

8. What are OSPF Sham Links? how to configure OSPF Sham Links?

9. How to configure MPLS L3 with BGP AS OVERRIDE?

10. What Is Network Tunneling And How To Configure Generic Routing Encapsulation (GRE) Tunnels?

11. What Is DMVPN (Dynamic Multipoint VPN), NHRP, MGRE, And How To Configure DMVPN Phase 1?

12. What Is DMVPN (Dynamic Multipoint VPN) Phase 2? How To Configure DMVPN Phase 2 Dynamic And Static Mapping?

13. How To Configure EIGRP And OSPF Over DMVPN Phase 1 & 2?

14. How To Configure External BGP And EIGRP On DMVPN Phase 2?

15. What Is IPSec (Internet Protocol Security)? What Is Internet Key Exchange IKE? How To Configure IPSec Tunnel?

16. What Is IKE (Internet Key Exchange)? How To Configure IPSec Site-To-Site?

Let see the configuration:-

Topology:

GOAL:

Configure the topology as per the diagram
assign IP addresses as per the topology
`configure OSPF area 0 inside MPLS SP core.
configure MPLS LDP inside the MPLS SP core
configure MPLS Labels (99-199, 200-399, 400-499)
configure VRF a-1 on ( router 1) and VRF a-2 on (router 3)
configure RD and RT value 100:1 both sites
configure router 4 CE under VRF a-1 and router 5 VRF a-2
configure routing between PE and CE using static routing
make sure PE and CE routers can ping
configure VPNv4 between PE routers.
redistribute static routing into BGP under VRF
make sure CEs routers are able to ping.

R1(config)#Interface FastEthernet 0/0

R1(config-if)#Ip address 10.1.1.1 255.0.0.0

R1(config-if)#No shutdown

R1(config-if)#Exit

R1(config)#Interface serial 3/0

R1(config-if)#Ip address 1.1.1.1 255.0.0.0

R1(config-if)#No shutdown

R1(config-if)#Exit

R1(config)#Interface loopback 0

R1(config-if)#Ip address 192.168.10.1 255.255.255.0

R1(config-if)#Exit

R1(config)#Interface loopback 1

R1(config-if)#Ip address 192.168.11.1 255.255.255.0

R1(config-if)#Exit

R1(config)#Interface loopback 2

R1(config-if)#Ip address 192.168.12.1 255.255.255.0

R1(config-if)#Exit

R1(config)#Interface loopback 3

R1(config-if)#Ip address 192.168.13.1 255.255.255.0

R1(config-if)#Exit

R3(config)#Interface serial 3/2

R3(config-if)#Ip address 3.3.3.2 255.0.0.0

R3(config-if)#No shutdown

R3(config-if)#Exit

R2(config)#Interface fastethernet 0/0

R2(config-if)#Ip address 20.1.1.1 255.0.0.0

R2(config-if)#No shutdown

R2(config-if)#No keepalive

R2(config-if)#Exit

R2(config)#Interface serial 3/0

R2(config-if)#Ip address 1.1.1.2 255.0.0.0

R2(config-if)#No shutdown

R2(config-if)#Exit

R2(config)#Interface serial 3/1

R2(config-if)#Ip address 2.2.2.1 255.0.0.0

R2(config-if)#No shutdown

R2(config-if)#Exit

R2(config)#Interface loopback 0

R2(config-if)#Ip address 192.168.20.1 255.255.255.0

R2(config-if)#Exit

R2(config)#Interface loopback 1

R2(config-if)#Ip address 192.168.21.1 255.255.255.0

R2(config-if)#Exit

R2(config)#Interface loopback 2

R2(config-if)#Ip address 192.168.22.1 255.255.255.0

R2(config-if)#Exit

R2(config)#Interface loopback 3

R2(config-if)#Ip address 192.168.23.1 255.255.255.0

R2(config-if)#Exit

R3(config)#Interface fastethernet 0/0

R3(config-if)#Ip address 30.1.1.1 255.0.0.0

R3(config-if)#No shutdown

R3(config-if)#Exit

R3(config)#Interface serial 3/1

R3(config-if)#Ip address 2.2.2.2 255.0.0.0

R3(config-if)#No shutdown

R3(config-if)#Exit

R3(config)#Interface serial 3/2

R3(config-if)#Ip address 3.3.3.1 255.0.0.0

R3(config-if)#No shutdown

R3(config-if)#Exit

R3(config)#Interface loopback 0

R3(config-if)#Ip address 192.168.30.1 255.255.255.0

R3(config-if)#Exit

R3(config)#Interface loopback 1

R3(config-if)#Ip address 192.168.31.1 255.255.255.0

R3(config-if)#Exit

R3(config)#Interface loopback 2

R3(config-if)#Ip address 192.168.32.1 255.255.255.0

R3(config-if)#Exit

R3(config)#Interface loopback 3

R3(config-if)#Ip address 192.168.33.1 255.255.255.0

R3(config-if)#Exit

R4(config)#Interface fastethernet 0/0

R4(config-if)#Ip address 40.1.1.2 255.0.0.0

R4(config-if)#No shutdown

R4(config-if)#Exit

R4(config)#Interface loopback 0

R4(config-if)#Ip address 192.168.40.1 255.255.255.0

R4(config-if)#Exit

R5(config)#Interface fastethernet 0/0

R5(config-if)#Ip address 30.1.1.2 255.0.0.0

R5(config-if)#No shutdown

R5(config-if)#Exit

R5(config)#Interface loopback 0

R5(config-if)#Ip address 192.168.50.1 255.255.255.0

R5(config-if)#Exit

R1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.1.1.1 YES manual up up
Serial3/0 1.1.1.1 YES manual up up
Serial3/2 3.3.3.2 YES manual up up
Loopback0 192.168.10.1 YES manual up up
Loopback1 192.168.11.1 YES manual up up
Loopback2 192.168.12.1 YES manual up up
Loopback3 192.168.13.1 YES manual up up

R2#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 20.1.1.1 YES manual up up
Serial3/0 1.1.1.2 YES manual up up
Serial3/1 2.2.2.1 YES manual up up
Loopback0 192.168.20.1 YES manual up up
Loopback1 192.168.21.1 YES manual up up
Loopback2 192.168.22.1 YES manual up up
Loopback3 192.168.23.1 YES manual up up

R3#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 30.1.1.1 YES manual up up
Serial3/1 2.2.2.2 YES manual up up
Serial3/2 3.3.3.1 YES manual up up
Loopback0 192.168.30.1 YES manual up up
Loopback1 192.168.31.1 YES manual up up
Loopback2 192.168.32.1 YES manual up up
Loopback3 192.168.33.1 YES manual up up

R4#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 10.1.1.2 YES manual up up

Loopback0 192.168.40.1 YES manual up up

R5#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 30.1.1.2 YES manual up up

Loopback0 192.168.50.1 YES manual up up

R1(config)#router ospf 1

R1(config-router)#network 10.0.0.0 0.255.255.255 area 0

R1(config-router)#network 1.0.0.0 0.255.255.255 area 0

R1(config-router)#network 3.0.0.0 0.255.255.255 area 0

R1(config-router)#network 192.168.10.0 255.0.0.0 area 0

R1(config-router)#network 192.168.11.0 255.0.0.0 area 0

R1(config-router)#network 192.168.12.0 255.0.0.0 area 0

R1(config-router)#network 192.168.13.0 255.0.0.0 area 0

R1(config-router)#end

R2(config)#router ospf 1

R2(config-router)#network 20.0.0.0 0.255.255.255 area 0

R2(config-router)#network 1.0.0.0 0.255.255.255 area 0

R2(config-router)#network 2.0.0.0 0.255.255.255 area 0

R2(config-router)#network 192.168.20.0 255.0.0.0 area 0

R2(config-router)#network 192.168.21.0 255.0.0.0 area 0

R2(config-router)#network 192.168.22.0 255.0.0.0 area 0

R2(config-router)#network 192.168.23.0 255.0.0.0 area 0

R2(config-router)#end

R3(config)#router ospf 1

R3(config-router)#network 30.0.0.0 0.255.255.255 area 0

R3(config-router)#network 2.0.0.0 0.255.255.255 area 0

R3(config-router)#network 3.0.0.0 0.255.255.255 area 0

R3(config-router)#network 192.168.30.0 255.0.0.0 area 0

R3(config-router)#network 192.168.31.0 255.0.0.0 area 0

R3(config-router)#network 192.168.32.0 255.0.0.0 area 0

R3(config-router)#network 192.168.33.0 255.0.0.0 area 0

R3(config-router)#end

R1#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

192.168.33.1 0 FULL/ - 00:00:38 3.3.3.1 Serial3/2

192.168.23.1 0 FULL/ - 00:00:31 1.1.1.2 Serial3/0

R2#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

192.168.13.1 0 FULL/ - 00:00:33 1.1.1.1 Serial3/0

192.168.33.1 0 FULL/ - 00:00:30 2.2.2.2 Serial3/1

R3#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

192.168.23.1 0 FULL/ - 00:00:31 2.2.2.1 Serial3/1

192.168.13.1 0 FULL/ - 00:00:37 3.3.3.2 Serial3/2

R1(config)#ip cef

R1(config)#mpls label protocol LDP

R1(config)#mpls label range 99 199

R1(config)#mpls ldp router-id loopback 0

R1(config)#end

R1(config)#interface serial 3/0

R1(config-if)#mpls ip

R1(config-if)#exit

R1(config)#interface serial 3/4

R1(config-if)#mpls ip

R1(config-if)#exit

R2(config)#ip cef

R2(config)#mpls label protocol LDP

R2(config)#mpls label range 200 299

R2(config)#mpls ldp router-id loopback 0

R2(config)#end

R2(config)#interface serial 3/0

R2(config-if)#mpls ip

R2(config-if)#exit

R2(config)#interface serial 3/1

R2(config-if)#mpls ip

R2(config-if)#exit

R3(config)#ip cef

R3(config)#mpls label protocol LDP

R3(config)#mpls label range 300 399

R3(config)#mpls ldp router-id loopback 0

R3(config)#end

R3(config)#interface serial 3/1

R3(config-if)#mpls ip

R3(config-if)#exit

R3(config)#interface serial 3/2

R3(config-if)#mpls ip

R3(config-if)#exit

R1(config)#ip vrf a-1

R1(config-vrf)#rd 100:1

R1(config-vrf)#route-target import 100:1

R1(config-vrf)#route-target export 100:1

R1(config-vrf)#exit

R3(config)#ip vrf a-2

R3(config-vrf)#rd 100:1

R3(config-vrf)#route-target both 100:1

R3(config-vrf)#exit

R1#show ip vrf

Name Default RD Interfaces

a-1 100:1 Fa0/0

R3#show ip vrf

Name Default RD Interfaces

a-2 100:1 Fa0/0

R1#show ip vrf detail

VRF a-1 (VRF Id = 1); default RD 100:1; default VPNID <not set>

Interfaces:

Fa0/0

VRF Table ID = 1

Export VPN route-target communities

RT:100:1

Import VPN route-target communities

RT:100:1

No import route-map

No global export route-map

No export route-map

VRF label distribution protocol: not configured

VRF label allocation mode: per-prefix

R3#show ip vrf detail

VRF a-2 (VRF Id = 1); default RD 100:1; default VPNID <not set>

Interfaces:

Fa0/0

VRF Table ID = 1

Export VPN route-target communities

RT:100:1

Import VPN route-target communities

RT:100:1

No import route-map

No global export route-map

No export route-map

VRF label distribution protocol: not configured

VRF label allocation mode: per-prefix

R1#show run | section vrf

ip vrf a-1

rd 100:1

route-target export 100:1

route-target import 100:1

R3#show run | section vrf

ip vrf a-2

rd 100:1

route-target export 100:1

route-target import 100:1

R3(config)#interface fastEthernet 0/0

R3(config-if)#ip vrf forwarding a-2

R3(config-if)#ip address 30.1.1.1 255.0.0.0

R3(config-if)#exit

R1(config)#interface fastEthernet 0/0

R1(config-if)#ip vrf forwarding a-1

R1(config-if)#ip address 10.1.1.1 255.0.0.0

R1(config-if)#exit

R4(config-if)#ip route 0.0.0.0 0.0.0.0 10.1.1.1

R5(config)#ip route 0.0.0.0 0.0.0.0 30.1.1.1

R3(config)#ip route vrf a-2 192.168.50.1 255.255.255.255 30.1.1.2

R3(config)#end

R1(config)#ip route vrf a-1 192.168.40.1 255.255.255.255 10.1.1.2

R1(config)#end

R1(config)#router bgp 65001

R1(config-router)#no bgp default ipv4-unicast

R1(config-router)#neighbor 192.168.30.1 remote-as 65001

R1(config-router)#neighbor 192.168.30.1 update-source loopback 0

R1(config-router)#address-family VPNv4 unicast

R1(config-router-af)#neighbor 192.168.30.1 activate

R1(config-router-af)#neighbor 192.168.30.1 send-community extended

R1(config-router-af)#neighbor 192.168.30.1 next-hop-self

R1(config-router-af)#end

R1(config)#interface loopback 0

R1(config-if)#ip ospf network point-to-point

R1(config-if)#exit

R3(config)#interface loopback 0

R3(config-if)#ip ospf network point-to-point

R3(config-if)#exit

R1(config)#router bgp 65001

R1(config-router)#address-family ipv4 vrf a-1

R1(config-router-af)#redistribute static

R1(config-router-af)#redistribute connected

R1(config-router-af)#end

R3(config)#router bgp 65001

R3(config-router)#address-family ipv4 vrf a-2

R3(config-router-af)#redistribute static

R3(config-router-af)#redistribute connected

R3(config-router-af)#exit

R1#show ip route vrf a-1

Routing Table: a-1

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.0.0.0/8 is directly connected, FastEthernet0/0

L 10.1.1.1/32 is directly connected, FastEthernet0/0

B 30.0.0.0/8 [200/0] via 192.168.30.1, 01:19:26

192.168.40.0/32 is subnetted, 1 subnets

S 192.168.40.1 [1/0] via 10.1.1.2

192.168.50.0/32 is subnetted, 1 subnets

B 192.168.50.1 [200/0] via 192.168.30.1, 01:19:34

R3#show ip route vrf a-2

Routing Table: a-2

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

B 10.0.0.0/8 [200/0] via 192.168.10.1, 01:20:43

30.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 30.0.0.0/8 is directly connected, FastEthernet0/0

L 30.1.1.1/32 is directly connected, FastEthernet0/0

192.168.40.0/32 is subnetted, 1 subnets

B 192.168.40.1 [200/0] via 192.168.10.1, 01:20:52

192.168.50.0/32 is subnetted, 1 subnets

S 192.168.50.1 [1/0] via 30.1.1.2

R1#show ip bgp vpnv4 all

BGP table version is 7, local router ID is 192.168.13.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 100:1 (default for vrf a-1)

*> 10.0.0.0 0.0.0.0 0 32768 ?

*>i 30.0.0.0 192.168.30.1 0 100 0 ?

*> 192.168.40.1/32 10.1.1.2 0 32768 ?

*>i 192.168.50.1/32 192.168.30.1 0 100 0 ?

R1#show ip bgp vpnv4 all summary

BGP router identifier 192.168.13.1, local AS number 65001

BGP table version is 7, main routing table version 7

4 network entries using 624 bytes of memory

4 path entries using 320 bytes of memory

2/2 BGP path/bestpath attribute entries using 288 bytes of memory

1 BGP extended community entries using 24 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 1256 total bytes of memory

BGP activity 4/0 prefixes, 4/0 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

192.168.30.1 4 65001 106 106 7 0 0 01:30:51 2

R3#show ip bgp vpnv4 all

BGP table version is 7, local router ID is 192.168.33.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 100:1 (default for vrf a-2)

*>i 10.0.0.0 192.168.10.1 0 100 0 ?

*> 30.0.0.0 0.0.0.0 0 32768 ?

*>i 192.168.40.1/32 192.168.10.1 0 100 0 ?

*> 192.168.50.1/32 30.1.1.2 0 32768 ?

R3#show ip bgp vpnv4 all summary

BGP router identifier 192.168.33.1, local AS number 65001

BGP table version is 7, main routing table version 7

4 network entries using 624 bytes of memory

4 path entries using 320 bytes of memory

2/2 BGP path/bestpath attribute entries using 288 bytes of memory

1 BGP extended community entries using 24 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 1256 total bytes of memory

BGP activity 4/0 prefixes, 4/0 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

192.168.10.1 4 65001 106 106 7 0 0 01:31:25 2

R3#ping vrf a-2 192.168.50.1