How to configure Overlapping VPN?

 

1. Configure the topology as per the diagram
2. Configure the IP addresses as per the topology
3. Configure OSPF inside the core of MPLS network 
4. Configure MPLS LDP peering inside MPLS core network
5. Configure VRF site-a and site-c on router 1 
6. Configure VRF site-b and site-d on router 3
7. configure route-distinguisher and route-target 500:1 for site-a, site-b, and for site-c and site-d 500:2
8. Configure fa0/0 and fa2/0 under VRF site-a and site-c on router 1
9. Configure fa0/0 and fa2/0 under VRF site-b and site-d on router 3
10. Configure EBGP between router 1 and router 6
11. Configure EBGP between router 3 and router 7
12. Both routers 6 and 7 are under AS-600
13. Configure connectivity between router 1 and router 3 with VPNv4
14. Configure the as-override feature on router 1 and router 3 
15. Make sure router 6 and router 7 have installed their routes 
16. configure connectivity between router 1 and router 4  with ospf under VRF site-c
17. configure redistribution between OSPF and BGP under VRF site-c
18. Configure connectivity between router 3 and router 4 under VRF site-d with EIGRP 100
19. Configure redistribution between EIGRP and BGP
20. Make sure router 3 is installed, and router 4 routes
21. configure connectivity between all sites-a, b, c,d 
22. Ultimately, ensure all the routes are exchanged to all sites and all the sites can reach any network.

Configure the IP addresses as per the topology

R1(config)#interface serial 5/0
R1(config-if)#ip address 12.1.1.1 255.0.0.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface serial 5/2

R1(config-if)#ip address 31.1.1.2 255.0.0.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface FastEthernet 0/0
R1(config-if)#ip address 16.1.1.1 255.0.0.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface fastethernet 2/0
R1(config-if)#ip address 15.1.1.1 255.0.0.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface loopback 1
R1(config-if)#ip address 192.168.1.1 255.255.255.255
R1(config-if)#no shutdown
R1(config-if)#exit
 
 
R2(config)#interface serial 5/1
R2(config-if)#ip address 23.1.1.1 255.0.0.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface serial 5/0
R2(config-if)#ip address 12.1.1.2 255.0.0.0
R2(config-if)#no shutdown
R2(config-if)#exit
 
R2(config)#interface loopback 1
R2(config-if)#ip address 122.1.1.1 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit
 
 
R3(config)#interface serial 5/1
R3(config-if)#ip address 23.1.1.2 255.0.0.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface serial 5/2
R3(config-if)#ip address 31.1.1.1 255.0.0.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface FastEthernet 0/0
R3(config-if)#ip address 17.1.1.1 255.0.0.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface fastethernet 2/0
R3(config-if)#ip address 14.1.1.1 255.0.0.0
R3(config-if)#no shutdown
R3(config-if)#exit

R3(config)#interface loopback 1
R3(config-if)#ip address 192.168.3.1 255.255.255.255
R3(config-if)#no shutdown
R3(config-if)#exit
 
 
R4(config)#interface fastethernet 2/0
R4(config-if)#ip address 14.1.1.2 255.0.0.0
R4(config-if)#no shutdown
R4(config-if)#exit
R4(config)#interface loopback 1
R4(config-if)#ip address 44.1.1.1 255.255.255.0
R4(config-if)#no shutdown
R4(config-if)#exit
 
 
R5(config)#interface fastethernet 2/0
R5(config-if)#ip address 15.1.1.2 255.0.0.0
R5(config-if)#no shutdown
R5(config-if)#exit
R5(config)#interface loopback 1
R5(config-if)#ip address 55.1.1.1 255.255.255.0
R5(config-if)#no shutdown
R5(config-if)#exit
 
 
R6(config)#interface fastethernet 2/0
R6(config-if)#ip address 16.1.1.2 255.0.0.0
R6(config-if)#no shutdown
R6(config-if)#exit
R6(config)#interface loopback 1
R6(config-if)#ip address 66.1.1.1 255.255.255.255
R6(config-if)#no shutdown
R6(config-if)#exit
 
 
R7(config)#interface fastethernet 0/0
R7(config-if)#ip address 17.1.1.2 255.0.0.0
R7(config-if)#no shutdown
R7(config-if)#exit
R7(config)#interface loopback 1
R7(config-if)#ip address 77.1.1.1 255.255.255.255
R7(config-if)#no shutdown
R7(config-if)#exit

Configure OSPF inside the core of the MPLS network 

R1(config)#router ospf 65100
R1(config-router)#network 12.0.0.0 0.255.255.255 area 0
R1(config-router)#network 31.0.0.0 0.255.255.255 area 0
R1(config-router)#network 192.168.1.0 0.0.0.0 area 0
R1(config-router)#exit
 

 
R2(config)#router ospf 65100
R2(config-router)#network 12.0.0.0 0.255.255.255 area 0
R2(config-router)#network 23.0.0.0 0.255.255.255 area 0
R2(config-router)#network 122.1.1.0 255.0.0.0 area 0
R2(config-router)#exit
 
 

R3(config)#router ospf 65100
R3(config-router)#network 31.0.0.0 0.255.255.255 area 0
R3(config-router)#network 23.0.0.0 0.255.255.255 area 0
R3(config-router)#network 192.168.3.0 0.0.0.0 area 0
R3(config-router)#exit
 

Configure PLS LDP peering inside the MPLS core network

R1(config)#mpls label range 50 149
R1(config)#mpls label protocol ldp
R1(config)#mpls ldp router-id loopback 1

R1(config)#interface serial 5/0
R1(config-if)#mpls ip
R1(config-if)#exit
R1(config)#interface serial 5/2
R1(config-if)#mpls ip
R1(config-if)#exit

R2(config)#mpls label range 150 249
R2(config)#mpls label protocol ldp
R2(config)#mpls ldp router-id loopback 1

R2(config)#interface serial 5/0
R2(config-if)#mpls ip
R2(config-if)#exit
R2(config)#interface serial 5/1
R2(config-if)#mpls ip
R2(config-if)#exit

R3(config)#mpls label range 250 349
R3(config)#mpls label protocol ldp
R3(config)#mpls ldp router-id loopback 1
R3(config)#interface serial 5/2
R3(config-if)#mpls ip
R3(config-if)#exit
R3(config)#interface serial 5/1
R3(config-if)#mpls ip
R3(config-if)#exit

Configure VRF site-a and site-c on router 1, configure route-distinguisher and route-target 500:1 for site-a, site-b, and for site-c and site-d 500:2

 

R1(config)#ip vrf site-a
R1(config-vrf)#rd 500:1
R1(config-vrf)#route-target both 500:1
R1(config-vrf)#exit

R1(config)#ip vrf site-c

R1(config-vrf)#rd 500:2

R1(config-vrf)#route-target both 500:2

R1(config-vrf)#exit

Configure VRF site-b and site-d on router 3

R3(config)#ip vrf site-b
R3(config-vrf)#rd 500:1
R3(config-vrf)#route-target both 500:1
R3(config-vrf)#exit

R3(config)#ip vrf site-d

R3(config-vrf)#rd 500:2

R3(config-vrf)#route-target both 500:2

R3(config-vrf)#exit

Configure fa0/0 and fa2/0 under VRF site-a and site-c on router 1

R1(config)#interface fastethernet 0/0
R1(config-if)#ip vrf forwarding site-a
% Interface FastEthernet0/0 IP address 16.1.1.1 removed due to enabling VRF site-a
R1(config-if)#ip address 16.1.1.1 255.0.0.0
R1(config-if)#exit

R1(config)#interface fastethernet 2/0

R1(config-if)#ip vrf forwarding site-c

R1(config-if)#ip address 15.1.1.1 255.0.0.0

R1(config-if)#exit

Configure fa0/0 and fa2/0 under VRF site-b and site-d on router 3

R3(config)#interface fastethernet 0/0
R3(config-if)#ip vrf forwarding site-b
% Interface FastEthernet0/0 IP address 17.1.1.1 removed due to enabling VRF site-b
R3(config-if)#ip address 17.1.1.1 255.0.0.0
R3(config-if)#exit

R3(config)#interface fastethernet 2/0

R3(config-if)#ip vrf forwarding site-d

% Interface FastEthernet2/0 IP address 14.1.1.1 removed due to enabling VRF site-d

R3(config-if)#ip address 14.1.1.1 255.0.0.0

R3(config-if)#exit

Configure EBGP between router 1 and router 6

R6(config)#router bgp 600
R6(config-router)#neighbor 16.1.1.1 remote-as 123
R6(config-router)#network 66.1.1.1 mask 255.255.255.255
R6(config-router)#network 16.0.0.0 mask 255.0.0.0
R6(config-router)#no auto-summary
R6(config-router)#no synchronization
R6(config-router)#exit

R1(config)#router bgp 123

R1(config-router)#no bgp default ipv4-unicast

R1(config-router)#address-family ipv4 vrf site-a

R1(config-router-af)#neighbor 16.1.1.2 remote-as 600

R1(config-router-af)#neighbor 16.1.1.2 activate

R1(config-router-af)#redistribute connected

R1(config-router-af)#exit

*Apr 15 15:42:59.667: %BGP-5-ADJCHANGE: neighbor 16.1.1.2 vpn vrf site-a Up

Configure EBGP between router 3 and router 7

R7(config)#router bgp 600

R7(config-router)#neighbor 17.1.1.1 remote-as 123

R7(config-router)#network 17.0.0.0 mask 255.0.0.0

R7(config-router)#network 77.1.1.1 mask 255.255.255.255

R7(config-router)#exit

R3(config)#router bgp 123

R3(config-router)#no bgp default ipv4-unicast

R3(config-router)#address-family ipv4 vrf site-b

R3(config-router-af)#neighbor 17.1.1.2 remote-as 600

R3(config-router-af)#neighbor 17.1.1.2 activate

R3(config-router-af)#redistribute connected

R3(config-router-af)#exiT

Configure connectivity between router 1 and router 3 with VPNv4

R1(config)#router bgp 123

R1(config-router)#no bgp default ipv4-unicast

R1(config-router)#neighbor 192.168.3.1 remote-as 123

R1(config-router)#neighbor 192.168.3.1 update-source loopback 1

R1(config-router)#address-family vpnv4 unicast

R1(config-router-af)#neighbor 192.168.3.1 activate

R1(config-router-af)#neighbor 192.168.3.1 send-community extended

R1(config-router-af)#neighbor 192.168.3.1 next-hop-self

R1(config-router-af)#exit

*Apr 15 16:14:33.543: %BGP-5-ADJCHANGE: neighbor 192.168.3.1 Up

R3(config)#router bgp 123

R3(config-router)#no bgp default ipv4-unicast

R3(config-router)#neighbor 192.168.1.1 remote-as 123

R3(config-router)#neighbor 192.168.1.1 update-source loopback 1

R3(config-router)#address-family vpnv4 unicast

R3(config-router-af)#neighbor 192.168.1.1 activate

R3(config-router-af)#neighbor 192.168.1.1 send-community extended

R3(config-router-af)#neighbor 192.168.1.1 next-hop-self

R3(config-router-af)#exit

*Apr 15 16:14:30.075: %BGP-5-ADJCHANGE: neighbor 192.168.1.1 Up

R6#ping 17.1.1.1 source 16.1.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 17.1.1.1, timeout is 2 seconds:

Packet sent with a source address of 16.1.1.2

.....

Success rate is 0 percent (0/5)

Configure the as-override feature on router 1 and router 3 

R1(config)#router bgp 123

R1(config-router)#address-family ipv4 vrf site-a

R1(config-router-af)#neighbor 16.1.1.2 as-override

R1(config-router-af)#do clear ip bgp *

R1(config-router-af)#exit

R1(config-router)#exit

*Apr 15 16:21:33.103: %BGP-5-ADJCHANGE: neighbor 16.1.1.2 vpn vrf site-a Down AS -override change

R3(config)#router bgp 123

R3(config-router)#address-family ipv4 vrf site-b

R3(config-router-af)#neighbor 17.1.1.2 as-override

R3(config-router-af)#do clear ip bgp *

R3(config-router-af)#exit

*Apr 15 16:24:21.779: %BGP-5-ADJCHANGE: neighbor 17.1.1.2 vpn vrf site-b Down AS -override change

*Apr 15 16:24:22.475: %BGP-5-ADJCHANGE: neighbor 17.1.1.2 vpn vrf site-b Up

R6#ping 17.1.1.1 source 16.1.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 17.1.1.1, timeout is 2 seconds:

Packet sent with a source address of 16.1.1.2

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 68/84/112 ms

Configure the connectivity between router 1 and router 5 with OSPF under VRF site-c

R5(config)#router ospf 10

R5(config-router)#network 15.0.0.0 0.255.255.255 area 0

R5(config-router)#network 1.0.0.0 0.255.255.255 area 0

R5(config-router)#network 55.1.1.0 0.0.0.255 area 0

R5(config-router)#exit

*Apr 15 14:28:45.863: %OSPF-5-ADJCHG: Process 10, Nbr 15.1.1.1 on FastEthernet2/0 from LOADING to FULL, Loading Done

R1(config)#router ospf 10 vrf site-c

R1(config-router)#network 15.0.0.0 0.255.255.255 area 0

R1(config-router)#redistribute bgp 123 subnet

R1(config-router)#exit

*Apr 15 17:12:29.647: %OSPF-5-ADJCHG: Process 10, Nbr 55.1.1.1 on FastEthernet2/0 from LOADING to FULL, Loading Done

configure redistribution between OSPF and BGP under VRF site-c

R1(config)#router bgp 123

R1(config-router)#no bgp default ipv4-unicast

R1(config-router)#address-family ipv4 vrf site-c

R1(config-router-af)#redistribute ospf 10 vrf site-c match internal external

R1(config-router-af)#exit

R1(config-router)#exit

R1(config)#exit

R4(config)#router eigrp 100

R4(config-router)#no auto-summary

R4(config-router)#network 14.0.0.0

R4(config-router)#network 44.1.1.0

R4(config-router)#exit

*Apr 15 14:26:06.839: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 14.1.1.1 (FastEthernet2/0) is up: new adjacency

Configure connectivity between router 3 and router 4 under VRF site-d with EIGRP 100

R3(config)#router eigrp 100

R3(config-router)#address-family ipv4 vrf site-d

R3(config-router-af)#autonomous-system 100

R3(config-router-af)#network 14.0.0.0

R3(config-router-af)#redistribute bgp 123 metric 1000 2000 255 100 150

R3(config-router-af)#exit

R3(config-router)#exit

R3(config)#router bgp 123

R3(config-router)#address-family ipv4 vrf site-d

R3(config-router-af)#redistribute eigrp 100

R3(config-router-af)#exit

*Apr 15 17:26:01.687: %DUAL-5-NBRCHANGE: IP-EIGRP(2) 100: Neighbor 14.1.1.2 (Fas        tEthernet2/0) is up: new adjacency

configure connectivity between all sites-a, b, c,d 

R1(config)#ip vrf site-a

R1(config-vrf)#route-target import 500:2

R1(config-vrf)#exit

R1(config)#ip vrf site-c

R1(config-vrf)#route-target import 500:1

R1(config-vrf)#exit

R1(config)#end

R3(config)#ip vrf site-b

R3(config-vrf)#route-target import 500:2

R3(config-vrf)#exit

R3(config)#ip vrf site-d

R3(config-vrf)#route-target import 500:1

R3(config-vrf)#exit

R3(config)#end

R3#show ip bgp vpnv4 all

BGP table version is 38, local router ID is 192.168.3.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

Route Distinguisher: 500:1 (default for vrf site-b)

*> 14.0.0.0         0.0.0.0                  0         32768 ?

*>i15.0.0.0         192.168.1.1              0    100      0 ?

*>i16.0.0.0         192.168.1.1              0    100      0 ?

*  17.0.0.0         17.1.1.2                 0             0 600 i

*>                  0.0.0.0                  0         32768 ?

*> 44.1.1.0/24      14.1.1.2            156160         32768 ?

*>i55.1.1.1/32      192.168.1.1              2    100      0 ?

*>i66.1.1.1/32      192.168.1.1              0    100      0 600 i

*> 77.1.1.1/32      17.1.1.2                 0             0 600 i

Route Distinguisher: 500:2 (default for vrf site-d)

*> 14.0.0.0         0.0.0.0                  0         32768 ?

*>i15.0.0.0         192.168.1.1              0    100      0 ?

*>i16.0.0.0         192.168.1.1              0    100      0 ?

*> 17.0.0.0         0.0.0.0                  0         32768 ?

*> 44.1.1.0/24      14.1.1.2            156160         32768 ?

*>i55.1.1.1/32      192.168.1.1              2    100      0 ?

*>i66.1.1.1/32      192.168.1.1              0    100      0 600 i

*> 77.1.1.1/32      17.1.1.2                 0             0 600 i

R1#show ip bgp vpnv4 all summary

BGP router identifier 192.168.1.1, local AS number 123

BGP table version is 26, main routing table version 26

16 network entries using 2192 bytes of memory

17 path entries using 1156 bytes of memory

10/8 BGP path/bestpath attribute entries using 1240 bytes of memory

1 BGP AS-PATH entries using 24 bytes of memory

4 BGP extended community entries using 184 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 4796 total bytes of memory

BGP activity 27/11 prefixes, 36/19 paths, scan interval 15 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd

16.1.1.2        4   600     225     242       26    0    0 01:48:02        2

192.168.3.1     4   123     207     207       26    0    0 01:48:02        4

R1#show ip route vrf site-a

Routing Table: site-a

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

B    17.0.0.0/8 [200/0] via 192.168.3.1, 01:48:24

C    16.0.0.0/8 is directly connected, FastEthernet0/0

     55.0.0.0/32 is subnetted, 1 subnets

B       55.1.1.1 [20/2] via 15.1.1.2 (site-c), 01:35:54, FastEthernet2/0

     66.0.0.0/32 is subnetted, 1 subnets

B       66.1.1.1 [20/0] via 16.1.1.2, 01:48:32

     77.0.0.0/32 is subnetted, 1 subnets

B       77.1.1.1 [200/0] via 192.168.3.1, 01:48:24

     44.0.0.0/24 is subnetted, 1 subnets

B       44.1.1.0 [200/156160] via 192.168.3.1, 01:35:54

B    14.0.0.0/8 [200/0] via 192.168.3.1, 01:35:54

B    15.0.0.0/8 is directly connected, 01:35:55, FastEthernet2/0

R1#show ip route vrf site-c

Routing Table: site-c

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

B    17.0.0.0/8 [200/0] via 192.168.3.1, 01:36:00

B    16.0.0.0/8 is directly connected, 01:36:00, FastEthernet0/0

     55.0.0.0/32 is subnetted, 1 subnets

O       55.1.1.1 [110/2] via 15.1.1.2, 01:45:18, FastEthernet2/0

     66.0.0.0/32 is subnetted, 1 subnets

B       66.1.1.1 [20/0] via 16.1.1.2 (site-a), 01:36:00

     77.0.0.0/32 is subnetted, 1 subnets

B       77.1.1.1 [200/0] via 192.168.3.1, 01:36:00

     44.0.0.0/24 is subnetted, 1 subnets

B       44.1.1.0 [200/156160] via 192.168.3.1, 01:40:15

B    14.0.0.0/8 [200/0] via 192.168.3.1, 01:41:15

C    15.0.0.0/8 is directly connected, FastEthernet2/0

R3#show ip route vrf site-b

Routing Table: site-b

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    17.0.0.0/8 is directly connected, FastEthernet0/0

B    16.0.0.0/8 [200/0] via 192.168.1.1, 01:48:36

     55.0.0.0/32 is subnetted, 1 subnets

B       55.1.1.1 [200/2] via 192.168.1.1, 01:36:20

     66.0.0.0/32 is subnetted, 1 subnets

B       66.1.1.1 [200/0] via 192.168.1.1, 01:49:05

     77.0.0.0/32 is subnetted, 1 subnets

B       77.1.1.1 [20/0] via 17.1.1.2, 02:41:19

     44.0.0.0/24 is subnetted, 1 subnets

B       44.1.1.0 [20/156160] via 14.1.1.2 (site-d), 01:36:20, FastEthernet2/0

B    14.0.0.0/8 is directly connected, 01:36:20, FastEthernet2/0

B    15.0.0.0/8 [200/0] via 192.168.1.1, 01:36:21

R3#show ip route vrf site-d

Routing Table: site-d

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

B    17.0.0.0/8 is directly connected, 01:35:24, FastEthernet0/0

B    16.0.0.0/8 [200/0] via 192.168.1.1, 01:35:24

     55.0.0.0/32 is subnetted, 1 subnets

B       55.1.1.1 [200/2] via 192.168.1.1, 01:45:54

     66.0.0.0/32 is subnetted, 1 subnets

B       66.1.1.1 [200/0] via 192.168.1.1, 01:35:24

     77.0.0.0/32 is subnetted, 1 subnets

B       77.1.1.1 [20/0] via 17.1.1.2 (site-b), 01:35:24

     44.0.0.0/24 is subnetted, 1 subnets

D       44.1.1.0 [90/156160] via 14.1.1.2, 01:41:11, FastEthernet2/0

C    14.0.0.0/8 is directly connected, FastEthernet2/0

B    15.0.0.0/8 [200/0] via 192.168.1.1, 01:48:41

R6#show ip bgp

BGP table version is 19, local router ID is 66.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

*> 14.0.0.0         16.1.1.1                               0 123 ?

*> 15.0.0.0         16.1.1.1                               0 123 ?

*  16.0.0.0         16.1.1.1                 0             0 123 ?

*>                  0.0.0.0                  0         32768 i

*> 17.0.0.0         16.1.1.1                               0 123 ?

*> 44.1.1.0/24      16.1.1.1                               0 123 ?

*> 55.1.1.1/32      16.1.1.1                               0 123 ?

*> 66.1.1.1/32      0.0.0.0                  0         32768 i

*> 77.1.1.1/32      16.1.1.1                               0 123 123 i

R7#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    17.0.0.0/8 is directly connected, FastEthernet0/0

B    16.0.0.0/8 [20/0] via 17.1.1.1, 01:49:37

     55.0.0.0/32 is subnetted, 1 subnets

B       55.1.1.1 [20/0] via 17.1.1.1, 01:37:12

     66.0.0.0/32 is subnetted, 1 subnets

B       66.1.1.1 [20/0] via 17.1.1.1, 01:49:37

     77.0.0.0/32 is subnetted, 1 subnets

C       77.1.1.1 is directly connected, Loopback1

     44.0.0.0/24 is subnetted, 1 subnets

B       44.1.1.0 [20/0] via 17.1.1.1, 01:37:12

B    14.0.0.0/8 [20/0] via 17.1.1.1, 01:37:12

B    15.0.0.0/8 [20/0] via 17.1.1.1, 01:37:12

R4#show ip route eigrp

D EX 17.0.0.0/8 [170/3074560] via 14.1.1.1, 00:02:26, FastEthernet2/0

D EX 16.0.0.0/8 [170/3074560] via 14.1.1.1, 00:02:26, FastEthernet2/0

     55.0.0.0/32 is subnetted, 1 subnets

D EX    55.1.1.1 [170/3074560] via 14.1.1.1, 00:08:23, FastEthernet2/0

     66.0.0.0/32 is subnetted, 1 subnets

D EX    66.1.1.1 [170/3074560] via 14.1.1.1, 00:02:26, FastEthernet2/0

     77.0.0.0/32 is subnetted, 1 subnets

D EX    77.1.1.1 [170/3074560] via 14.1.1.1, 00:02:26, FastEthernet2/0

D EX 15.0.0.0/8 [170/3074560] via 14.1.1.1, 00:08:23, FastEthernet2/0

R1#show run | section vrf

ip vrf site-a

 rd 500:1

 route-target export 500:1

 route-target import 500:1

 route-target import 500:2

ip vrf site-c

 rd 500:2

 route-target export 500:2

 route-target import 500:2

 route-target import 500:1

 ip vrf forwarding site-a

 ip vrf forwarding site-c

router ospf 10 vrf site-c

 log-adjacency-changes

 redistribute bgp 123 subnets

 network 15.0.0.0 0.255.255.255 area 0

 address-family ipv4 vrf site-c

 redistribute ospf 10 vrf site-c match internal external 1 external 2

 address-family ipv4 vrf site-a

R6#ping 44.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 44.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 96/113/136 ms

R6#ping 77.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 77.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 96/114/132 ms

R6#ping 55.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 55.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 60/76/92 ms

R7#traceroute 44.1.1.1

Type escape sequence to abort.

Tracing the route to 44.1.1.1

  1 17.1.1.1 48 msec 28 msec 32 msec

  2 14.1.1.2 [AS 123] 60 msec 64 msec 76 msec

R7#traceroute 55.1.1.1

Type escape sequence to abort.

Tracing the route to 55.1.1.1

  1 17.1.1.1 44 msec 64 msec 28 msec

  2 15.1.1.1 [AS 123] [MPLS: Label 59 Exp 0] 108 msec 80 msec 76 msec

  3 15.1.1.2 [AS 123] 108 msec 108 msec 124 msec

R7#traceroute 66.1.1.1

Type escape sequence to abort.

Tracing the route to 66.1.1.1

  1 17.1.1.1 28 msec 36 msec 36 msec

  2 16.1.1.1 [AS 123] [MPLS: Label 56 Exp 0] 60 msec 72 msec 60 msec

  3 16.1.1.2 [AS 123] 120 msec 140 msec 92 msec

Read More

What is VRF (virtual routing and forwarding)? What is RD (Route-Distinguisher) and Route Target (RT) ?

  VRF (virtual routing and forwarding)

 

Virtual Routing and Forwarding (VRF) is a technology that allows multiple instances of a routing table to coexist within the same router simultaneously. This enables network paths to be segmented without using multiple devices. VRF keeps customer traffic and routing separate and utilizes the same hardware. Without VRF, we need to use ACL filtering to keep traffic segregated. 

 

Each VRF has three main components, as follows:

• an IP routing table (RIB)
• A CEF FIB, populated based on that VRF's RIB
• A separate instance or process of the routing protocol used to exchange routes with the CEs that need to be supported by the VRF

Key Concepts of VRF

• Routing Isolation: Each VRF maintains its own separate routing table
• Forwarding Isolation: Traffic from one VRF cannot leak into another VRF
• Interface Assignment: Network interfaces are assigned to specific VRFs

 

RD (Route-Distinguisher)

A Route Distinguisher (RD) is a BGP attribute used in MPLS VPNs (RFC 4364) to make overlapping IPv4 addresses unique across different VPNs. It prepends a unique identifier to customer routes, allowing them to be distinguished in the provider's backbone.

RD is a 64-bit (8-bytes) prepended prefix, used to convert a client's non-unique 32-bit IPv4 address into a unique 96-bit VPNv4 address, to enable transport between PE routers. RD uniquely identifies a route (IP prefix), it does NOT identify a VPN. RD is locally significant to a router Without an RD, MPLS VPNs cannot distinguish between duplicate customer routes.

•  A VRF is not operational unless you configure an RD.
• You can see the ASN:nm or ABC:nn format for RD
• Each VRF in a PE router must have a unique RD.

 

A Route Target (RT) is a BGP extended community attribute used in MPLS VPNs to control how routes are imported and exported between VRFs (Virtual Routing and Forwarding instances). RT is a 64-bit extended BGP community that is attached to be VPNv4 BGP route to indicate its VPN membership. Any number of RTs can be attached to a single route.

 

How Does It Work?

Export RTs

• Identifies the VPN membership, to which the associated VRF belongs.
• Export RTs attached to a client's routes, when it is converted into a VPNv4 route.

 

Import RTs

• Import RTs used to select which VPNv4 routes are to be inserted into which VRF tables.
• On the receiving PE router, a route is imported into a VRF only if at least one RT attached to the route matches at least one import RT configured in that VRF. 

 

Routing Instance:

• Each VRF instance acts as a virtual router, with its own routing table and forwarding mechanism.

Interface Isolation:

• VRF interfaces are isolated, meaning they can have the same IP address or other configurations without conflict, says PyNet Labs and Cisco. 

 

 ---------configuation------- please visit----https://mpls.internetworks.in/2025/04/what-mpls-l3-vpn-mpls-vpnv4-peering.html

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Read More

What MPLS L3 VPN? | MPLS VPNv4 peering | MPLS LDP peering | How to configure MPLS L3 VPN Static?

 MPLS Layer 3 VPN (L3VPN) is a technology that enables service providers to offer secure and scalable IP-based VPN services to customers. It uses Multiprotocol Label Switching (MPLS) to route traffic efficiently while maintaining separation between different customer networks.

A static MPLS L3VPN typically refers to a setup where static routes are used instead of dynamic routing protocols like BGP or OSPF. This approach can be simpler to configure but may lack flexibility compared to dynamic routing.

Here are some key components of MPLS L3VPN:

• VRF (Virtual Routing and Forwarding): Allows multiple routing tables on a single router.
• MP-BGP (Multiprotocol BGP): Used to exchange VPN routes between provider edge (PE) routers.
• Route Distinguisher (RD): Helps differentiate overlapping IP addresses between customers.
• Route Target (RT): Defines which VPN routes should be imported/exported.

let's see the configuration:

Topology:-

1. Configure the topology as per the diagram 
2. Configure the IP addresses as per the topology
3. Configure EIGRP AS 65100 inside the MPLS CORE network
4. Ensure the connectivity inside MPLS CORE
5. Configure MPLS LDP Peering 
6. Create VRF A-1 for site 1 and VRF A-2 for site 2 (R1&R3)
7. Create route distinguisher value 500:1
8. Create route-target for both import and export value 500:1
9. Apply this on both sites
10. Configure route 1 fa0/0 under VRF A-1
11. Configure route 2 fa0/0 under VRF A-2
12. Configure default route on routers 5 and 4
13. Configure routing between PE and CE routers
14. Configure BGP VPNv4 peering
15. verify with show commands 

Read More

What is MPLS ? How to implement MPLS?

MPLS defines protocols that make different paradigms for the way routers forward packets. rather than forwarding packets based on the packet's destination IP address, MPLS defines how the router can forward packets based on the MPLS label.

 What we are going to see in this section:

• How does MPLS work?
• Traditional IP routing
• Basic MPLS feature
• MPLS terminology

1. Introduction of MPLS

2.What is MPLS Label distributing protocol (LDP) ? How LDP works?

3.how to configure MPLS LDP Peering ?

4.What is MPLS L3 VPN ? How to configure?

5.How to configure MPLS L3 VPN with RIPv2 ?

6.How to configure MPLS L3 VPN with EIGRP ?

7.How to configure MPLS L3 VPN with OSPF ?

8.What is OSPF Sham Links? how to configure OSPF Sham Links?

9.How to configure MPLS L3 with BGP AS OVERRIDE?

10.What Is Network Tunneling And How To Configure Generic Routing Encapsulation (GRE) Tunnels?

11. What Is DMVPN (Dynamic Multipoint VPN), NHRP, MGRE And How To Configure DMVPN Phase 1?

12. What Is DMVPN (Dynamic Multipoint VPN) Phase 2? How To Configure DMVPN Phase 2 Dynamic And Static Mapping?

 13. How To Configure EIGRP And OSPF Over DMVPN Phase 1 & 2?

 14. How To Configure External BGP And EIGRP On DMVPN Phase 2?

15.  What Is IPSec (Internet Protocol Security)? What Is Internet Key Exchange IKE? How To  Configure IPSec Tunnel?

16. What Is IKE (Internet Key Exchange)? How To Configure IPSec Site-To-Site?

 

 

 

Let’s take an example to understand better.

MPLS Packet Forwarding host 10.1.1.1 generates and sends an unlabeled packet destined to host 20.1.1.1.

1. router 1, with no MPLS feature configured, forwards the unlabeled packet based on the destination IP address, and traditional IP routing, without any labels.
2. MPLS router e receives the unlabeled packet and decides, as part of the MPLS forwarding process to impose(push) a new label (value 20) into the packet and forwards the packet to router 3.
3. MPLS router 3 revives the labeled packet. router 3 swaps the label for a new label value (30) and then forward the packet to router 4.
4. MPLS router receives the labeled packet, removes (pops) the label, and forwards the packet toward router 5
5. non-MPLS router 5 forwards the unlabeled packet based on the destination IP address, as normal.

Traditional IP routing

Routing protocols are used to distribute layer routing information. A forwarding decision is made based on:

• Packet header
• Local routing table

Routing lookups are independently performed at every hop

Basic MPLS features

MPLS is a forwarding mechanism in which packets are forwarded based on labels. MPLS packets can run another layer 2 technology such as ATM, Frame relay. PPP, Ethernet.  MPLS leverages both IP routing and CEF switching.

MPLS terminology

LSR (label switch router) is any router that pushes a label onto the packet, pops a label from the packet, or simply forwards the labeled packet. in other words, LSR forward packets based on labels and swap labels.

Edge LSP (E-LSR) Edge LSR in the MPLS network process both labeled and unlabeled 

Labels IP packets (Imposes labels) and forwarded them into the MPLS domain

Forwards IP packets out of the MPLS domain

A sequence of labels to reach a destination is called an lSP.

Benefits of MPLS

MPLS supports multiple applications including:

Unicast and multicast IP routing

MPLS decreases forwarding overhead on core routers.

BGP free core

MPLS can support the forwarding of non-IP protocol

VPN

TE

QoS

Atom

MPLS label

MPLS uses a 32-bit label header that is inserted between l2 & l3 of OSI

20-bit label

3-bit experiment field

1-bit bottom of the stuck indicator

8-bit time to live field

A single label corresponds to a single route and shares them with MPLS neighbor (using LDP protocol)

 MPLS label stack

Usually, only one label is assigned to a packet, but multiple labels in a label stack are supported.

These scenarios may produce more than one label:

MPLS VPN (two labels):

The top points to the egress routers, and the second label identifies the vpn.

MPLS-TE (two or more labels):

The top label points to the endpoint of the traffic engineering tunnel and the second label point to the point destination.

MPLS VPNs combined with MPLS-TE

Three or more labels).

What is MPLS Label distributing protocol (LDP) ? How LDP works?

Read More