MPLS: MPLS L3 VPN

Showing posts with label MPLS L3 VPN. Show all posts

How to configure Overlapping VPN?

Internetworks April 17, 2025

Configure the topology as per the diagram
Configure the IP addresses as per the topology
Configure OSPF inside the core of MPLS network
Configure MPLS LDP peering inside MPLS core network
Configure VRF site-a and site-c on router 1
Configure VRF site-b and site-d on router 3
configure route-distinguisher and route-target 500:1 for site-a, site-b, and for site-c and site-d 500:2
Configure fa0/0 and fa2/0 under VRF site-a and site-c on router 1
Configure fa0/0 and fa2/0 under VRF site-b and site-d on router 3
Configure EBGP between router 1 and router 6
Configure EBGP between router 3 and router 7
Both routers 6 and 7 are under AS-600
Configure connectivity between router 1 and router 3 with VPNv4
Configure the as-override feature on router 1 and router 3
Make sure router 6 and router 7 have installed their routes
configure connectivity between router 1 and router 4 with ospf under VRF site-c
configure redistribution between OSPF and BGP under VRF site-c
Configure connectivity between router 3 and router 4 under VRF site-d with EIGRP 100
Configure redistribution between EIGRP and BGP
Make sure router 3 is installed, and router 4 routes
configure connectivity between all sites-a, b, c,d
Ultimately, ensure all the routes are exchanged to all sites and all the sites can reach any network.

Configure the IP addresses as per the topology

R1(config)#interface serial 5/0
R1(config-if)#ip address 12.1.1.1 255.0.0.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface serial 5/2

R1(config-if)#ip address 31.1.1.2 255.0.0.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface FastEthernet 0/0
R1(config-if)#ip address 16.1.1.1 255.0.0.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface fastethernet 2/0
R1(config-if)#ip address 15.1.1.1 255.0.0.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface loopback 1
R1(config-if)#ip address 192.168.1.1 255.255.255.255
R1(config-if)#no shutdown
R1(config-if)#exit

R2(config)#interface serial 5/1
R2(config-if)#ip address 23.1.1.1 255.0.0.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface serial 5/0
R2(config-if)#ip address 12.1.1.2 255.0.0.0
R2(config-if)#no shutdown
R2(config-if)#exit

R2(config)#interface loopback 1
R2(config-if)#ip address 122.1.1.1 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit

R3(config)#interface serial 5/1
R3(config-if)#ip address 23.1.1.2 255.0.0.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface serial 5/2
R3(config-if)#ip address 31.1.1.1 255.0.0.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface FastEthernet 0/0
R3(config-if)#ip address 17.1.1.1 255.0.0.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#interface fastethernet 2/0
R3(config-if)#ip address 14.1.1.1 255.0.0.0
R3(config-if)#no shutdown
R3(config-if)#exit

R3(config)#interface loopback 1
R3(config-if)#ip address 192.168.3.1 255.255.255.255
R3(config-if)#no shutdown
R3(config-if)#exit

R4(config)#interface fastethernet 2/0
R4(config-if)#ip address 14.1.1.2 255.0.0.0
R4(config-if)#no shutdown
R4(config-if)#exit
R4(config)#interface loopback 1
R4(config-if)#ip address 44.1.1.1 255.255.255.0
R4(config-if)#no shutdown
R4(config-if)#exit

R5(config)#interface fastethernet 2/0
R5(config-if)#ip address 15.1.1.2 255.0.0.0
R5(config-if)#no shutdown
R5(config-if)#exit
R5(config)#interface loopback 1
R5(config-if)#ip address 55.1.1.1 255.255.255.0
R5(config-if)#no shutdown
R5(config-if)#exit

R6(config)#interface fastethernet 2/0
R6(config-if)#ip address 16.1.1.2 255.0.0.0
R6(config-if)#no shutdown
R6(config-if)#exit
R6(config)#interface loopback 1
R6(config-if)#ip address 66.1.1.1 255.255.255.255
R6(config-if)#no shutdown
R6(config-if)#exit

R7(config)#interface fastethernet 0/0
R7(config-if)#ip address 17.1.1.2 255.0.0.0
R7(config-if)#no shutdown
R7(config-if)#exit
R7(config)#interface loopback 1
R7(config-if)#ip address 77.1.1.1 255.255.255.255
R7(config-if)#no shutdown
R7(config-if)#exit

Configure OSPF inside the core of the MPLS network

R1(config)#router ospf 65100
R1(config-router)#network 12.0.0.0 0.255.255.255 area 0
R1(config-router)#network 31.0.0.0 0.255.255.255 area 0
R1(config-router)#network 192.168.1.0 0.0.0.0 area 0
R1(config-router)#exit

R2(config)#router ospf 65100
R2(config-router)#network 12.0.0.0 0.255.255.255 area 0
R2(config-router)#network 23.0.0.0 0.255.255.255 area 0
R2(config-router)#network 122.1.1.0 255.0.0.0 area 0
R2(config-router)#exit

R3(config)#router ospf 65100
R3(config-router)#network 31.0.0.0 0.255.255.255 area 0
R3(config-router)#network 23.0.0.0 0.255.255.255 area 0
R3(config-router)#network 192.168.3.0 0.0.0.0 area 0
R3(config-router)#exit

Configure PLS LDP peering inside the MPLS core network

R1(config)#mpls label range 50 149
R1(config)#mpls label protocol ldp
R1(config)#mpls ldp router-id loopback 1

R1(config)#interface serial 5/0
R1(config-if)#mpls ip
R1(config-if)#exit
R1(config)#interface serial 5/2
R1(config-if)#mpls ip
R1(config-if)#exit

R2(config)#mpls label range 150 249
R2(config)#mpls label protocol ldp
R2(config)#mpls ldp router-id loopback 1

R2(config)#interface serial 5/0
R2(config-if)#mpls ip
R2(config-if)#exit
R2(config)#interface serial 5/1
R2(config-if)#mpls ip
R2(config-if)#exit

R3(config)#mpls label range 250 349
R3(config)#mpls label protocol ldp
R3(config)#mpls ldp router-id loopback 1
R3(config)#interface serial 5/2
R3(config-if)#mpls ip
R3(config-if)#exit
R3(config)#interface serial 5/1
R3(config-if)#mpls ip
R3(config-if)#exit

Configure VRF site-a and site-c on router 1, configure route-distinguisher and route-target 500:1 for site-a, site-b, and for site-c and site-d 500:2

R1(config)#ip vrf site-a
R1(config-vrf)#rd 500:1
R1(config-vrf)#route-target both 500:1
R1(config-vrf)#exit

R1(config)#ip vrf site-c

R1(config-vrf)#rd 500:2

R1(config-vrf)#route-target both 500:2

R1(config-vrf)#exit

Configure VRF site-b and site-d on router 3

R3(config)#ip vrf site-b
R3(config-vrf)#rd 500:1
R3(config-vrf)#route-target both 500:1
R3(config-vrf)#exit

R3(config)#ip vrf site-d

R3(config-vrf)#rd 500:2

R3(config-vrf)#route-target both 500:2

R3(config-vrf)#exit

Configure fa0/0 and fa2/0 under VRF site-a and site-c on router 1

R1(config)#interface fastethernet 0/0
R1(config-if)#ip vrf forwarding site-a
% Interface FastEthernet0/0 IP address 16.1.1.1 removed due to enabling VRF site-a
R1(config-if)#ip address 16.1.1.1 255.0.0.0
R1(config-if)#exit

R1(config)#interface fastethernet 2/0

R1(config-if)#ip vrf forwarding site-c

R1(config-if)#ip address 15.1.1.1 255.0.0.0

R1(config-if)#exit

Configure fa0/0 and fa2/0 under VRF site-b and site-d on router 3

R3(config)#interface fastethernet 0/0
R3(config-if)#ip vrf forwarding site-b
% Interface FastEthernet0/0 IP address 17.1.1.1 removed due to enabling VRF site-b
R3(config-if)#ip address 17.1.1.1 255.0.0.0
R3(config-if)#exit

R3(config)#interface fastethernet 2/0

R3(config-if)#ip vrf forwarding site-d

% Interface FastEthernet2/0 IP address 14.1.1.1 removed due to enabling VRF site-d

R3(config-if)#ip address 14.1.1.1 255.0.0.0

R3(config-if)#exit

Configure EBGP between router 1 and router 6

R6(config)#router bgp 600
R6(config-router)#neighbor 16.1.1.1 remote-as 123
R6(config-router)#network 66.1.1.1 mask 255.255.255.255
R6(config-router)#network 16.0.0.0 mask 255.0.0.0
R6(config-router)#no auto-summary
R6(config-router)#no synchronization
R6(config-router)#exit

R1(config)#router bgp 123

R1(config-router)#no bgp default ipv4-unicast

R1(config-router)#address-family ipv4 vrf site-a

R1(config-router-af)#neighbor 16.1.1.2 remote-as 600

R1(config-router-af)#neighbor 16.1.1.2 activate

R1(config-router-af)#redistribute connected

R1(config-router-af)#exit

*Apr 15 15:42:59.667: %BGP-5-ADJCHANGE: neighbor 16.1.1.2 vpn vrf site-a Up

Configure EBGP between router 3 and router 7

R7(config)#router bgp 600

R7(config-router)#neighbor 17.1.1.1 remote-as 123

R7(config-router)#network 17.0.0.0 mask 255.0.0.0

R7(config-router)#network 77.1.1.1 mask 255.255.255.255

R7(config-router)#exit

R3(config)#router bgp 123

R3(config-router)#no bgp default ipv4-unicast

R3(config-router)#address-family ipv4 vrf site-b

R3(config-router-af)#neighbor 17.1.1.2 remote-as 600

R3(config-router-af)#neighbor 17.1.1.2 activate

R3(config-router-af)#redistribute connected

R3(config-router-af)#exiT

Configure connectivity between router 1 and router 3 with VPNv4

R1(config)#router bgp 123

R1(config-router)#no bgp default ipv4-unicast

R1(config-router)#neighbor 192.168.3.1 remote-as 123

R1(config-router)#neighbor 192.168.3.1 update-source loopback 1

R1(config-router)#address-family vpnv4 unicast

R1(config-router-af)#neighbor 192.168.3.1 activate

R1(config-router-af)#neighbor 192.168.3.1 send-community extended

R1(config-router-af)#neighbor 192.168.3.1 next-hop-self

R1(config-router-af)#exit

*Apr 15 16:14:33.543: %BGP-5-ADJCHANGE: neighbor 192.168.3.1 Up

R3(config)#router bgp 123

R3(config-router)#no bgp default ipv4-unicast

R3(config-router)#neighbor 192.168.1.1 remote-as 123

R3(config-router)#neighbor 192.168.1.1 update-source loopback 1

R3(config-router)#address-family vpnv4 unicast

R3(config-router-af)#neighbor 192.168.1.1 activate

R3(config-router-af)#neighbor 192.168.1.1 send-community extended

R3(config-router-af)#neighbor 192.168.1.1 next-hop-self

R3(config-router-af)#exit

*Apr 15 16:14:30.075: %BGP-5-ADJCHANGE: neighbor 192.168.1.1 Up

R6#ping 17.1.1.1 source 16.1.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 17.1.1.1, timeout is 2 seconds:

Packet sent with a source address of 16.1.1.2

.....

Success rate is 0 percent (0/5)

Configure the as-override feature on router 1 and router 3

R1(config)#router bgp 123

R1(config-router)#address-family ipv4 vrf site-a

R1(config-router-af)#neighbor 16.1.1.2 as-override

R1(config-router-af)#do clear ip bgp *

R1(config-router-af)#exit

R1(config-router)#exit

*Apr 15 16:21:33.103: %BGP-5-ADJCHANGE: neighbor 16.1.1.2 vpn vrf site-a Down AS -override change

R3(config)#router bgp 123

R3(config-router)#address-family ipv4 vrf site-b

R3(config-router-af)#neighbor 17.1.1.2 as-override

R3(config-router-af)#do clear ip bgp *

R3(config-router-af)#exit

*Apr 15 16:24:21.779: %BGP-5-ADJCHANGE: neighbor 17.1.1.2 vpn vrf site-b Down AS -override change

*Apr 15 16:24:22.475: %BGP-5-ADJCHANGE: neighbor 17.1.1.2 vpn vrf site-b Up

R6#ping 17.1.1.1 source 16.1.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 17.1.1.1, timeout is 2 seconds:

Packet sent with a source address of 16.1.1.2

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 68/84/112 ms

Configure the connectivity between router 1 and router 5 with OSPF under VRF site-c

R5(config)#router ospf 10

R5(config-router)#network 15.0.0.0 0.255.255.255 area 0

R5(config-router)#network 1.0.0.0 0.255.255.255 area 0

R5(config-router)#network 55.1.1.0 0.0.0.255 area 0

R5(config-router)#exit

*Apr 15 14:28:45.863: %OSPF-5-ADJCHG: Process 10, Nbr 15.1.1.1 on FastEthernet2/0 from LOADING to FULL, Loading Done

R1(config)#router ospf 10 vrf site-c

R1(config-router)#network 15.0.0.0 0.255.255.255 area 0

R1(config-router)#redistribute bgp 123 subnet

R1(config-router)#exit

*Apr 15 17:12:29.647: %OSPF-5-ADJCHG: Process 10, Nbr 55.1.1.1 on FastEthernet2/0 from LOADING to FULL, Loading Done

configure redistribution between OSPF and BGP under VRF site-c

R1(config)#router bgp 123

R1(config-router)#no bgp default ipv4-unicast

R1(config-router)#address-family ipv4 vrf site-c

R1(config-router-af)#redistribute ospf 10 vrf site-c match internal external

R1(config-router-af)#exit

R1(config-router)#exit

R1(config)#exit

R4(config)#router eigrp 100

R4(config-router)#no auto-summary

R4(config-router)#network 14.0.0.0

R4(config-router)#network 44.1.1.0

R4(config-router)#exit

*Apr 15 14:26:06.839: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 14.1.1.1 (FastEthernet2/0) is up: new adjacency

Configure connectivity between router 3 and router 4 under VRF site-d with EIGRP 100

R3(config)#router eigrp 100

R3(config-router)#address-family ipv4 vrf site-d

R3(config-router-af)#autonomous-system 100

R3(config-router-af)#network 14.0.0.0

R3(config-router-af)#redistribute bgp 123 metric 1000 2000 255 100 150

R3(config-router-af)#exit

R3(config-router)#exit

R3(config)#router bgp 123

R3(config-router)#address-family ipv4 vrf site-d

R3(config-router-af)#redistribute eigrp 100

R3(config-router-af)#exit

*Apr 15 17:26:01.687: %DUAL-5-NBRCHANGE: IP-EIGRP(2) 100: Neighbor 14.1.1.2 (Fas tEthernet2/0) is up: new adjacency

configure connectivity between all sites-a, b, c,d

R1(config)#ip vrf site-a

R1(config-vrf)#route-target import 500:2

R1(config-vrf)#exit

R1(config)#ip vrf site-c

R1(config-vrf)#route-target import 500:1

R1(config-vrf)#exit

R1(config)#end

R3(config)#ip vrf site-b

R3(config-vrf)#route-target import 500:2

R3(config-vrf)#exit

R3(config)#ip vrf site-d

R3(config-vrf)#route-target import 500:1

R3(config-vrf)#exit

R3(config)#end

R3#show ip bgp vpnv4 all

BGP table version is 38, local router ID is 192.168.3.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 500:1 (default for vrf site-b)

*> 14.0.0.0 0.0.0.0 0 32768 ?

*>i15.0.0.0 192.168.1.1 0 100 0 ?

*>i16.0.0.0 192.168.1.1 0 100 0 ?

* 17.0.0.0 17.1.1.2 0 0 600 i

*> 0.0.0.0 0 32768 ?

*> 44.1.1.0/24 14.1.1.2 156160 32768 ?

*>i55.1.1.1/32 192.168.1.1 2 100 0 ?

*>i66.1.1.1/32 192.168.1.1 0 100 0 600 i

*> 77.1.1.1/32 17.1.1.2 0 0 600 i

Route Distinguisher: 500:2 (default for vrf site-d)

*> 14.0.0.0 0.0.0.0 0 32768 ?

*>i15.0.0.0 192.168.1.1 0 100 0 ?

*>i16.0.0.0 192.168.1.1 0 100 0 ?

*> 17.0.0.0 0.0.0.0 0 32768 ?

*> 44.1.1.0/24 14.1.1.2 156160 32768 ?

*>i55.1.1.1/32 192.168.1.1 2 100 0 ?

*>i66.1.1.1/32 192.168.1.1 0 100 0 600 i

*> 77.1.1.1/32 17.1.1.2 0 0 600 i

R1#show ip bgp vpnv4 all summary

BGP router identifier 192.168.1.1, local AS number 123

BGP table version is 26, main routing table version 26

16 network entries using 2192 bytes of memory

17 path entries using 1156 bytes of memory

10/8 BGP path/bestpath attribute entries using 1240 bytes of memory

1 BGP AS-PATH entries using 24 bytes of memory

4 BGP extended community entries using 184 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 4796 total bytes of memory

BGP activity 27/11 prefixes, 36/19 paths, scan interval 15 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

16.1.1.2 4 600 225 242 26 0 0 01:48:02 2

192.168.3.1 4 123 207 207 26 0 0 01:48:02 4

R1#show ip route vrf site-a

Routing Table: site-a

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

B 17.0.0.0/8 [200/0] via 192.168.3.1, 01:48:24

C 16.0.0.0/8 is directly connected, FastEthernet0/0

55.0.0.0/32 is subnetted, 1 subnets

B 55.1.1.1 [20/2] via 15.1.1.2 (site-c), 01:35:54, FastEthernet2/0

66.0.0.0/32 is subnetted, 1 subnets

B 66.1.1.1 [20/0] via 16.1.1.2, 01:48:32

77.0.0.0/32 is subnetted, 1 subnets

B 77.1.1.1 [200/0] via 192.168.3.1, 01:48:24

44.0.0.0/24 is subnetted, 1 subnets

B 44.1.1.0 [200/156160] via 192.168.3.1, 01:35:54

B 14.0.0.0/8 [200/0] via 192.168.3.1, 01:35:54

B 15.0.0.0/8 is directly connected, 01:35:55, FastEthernet2/0

R1#show ip route vrf site-c

Routing Table: site-c

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

B 17.0.0.0/8 [200/0] via 192.168.3.1, 01:36:00

B 16.0.0.0/8 is directly connected, 01:36:00, FastEthernet0/0

55.0.0.0/32 is subnetted, 1 subnets

O 55.1.1.1 [110/2] via 15.1.1.2, 01:45:18, FastEthernet2/0

66.0.0.0/32 is subnetted, 1 subnets

B 66.1.1.1 [20/0] via 16.1.1.2 (site-a), 01:36:00

77.0.0.0/32 is subnetted, 1 subnets

B 77.1.1.1 [200/0] via 192.168.3.1, 01:36:00

44.0.0.0/24 is subnetted, 1 subnets

B 44.1.1.0 [200/156160] via 192.168.3.1, 01:40:15

B 14.0.0.0/8 [200/0] via 192.168.3.1, 01:41:15

C 15.0.0.0/8 is directly connected, FastEthernet2/0

R3#show ip route vrf site-b

Routing Table: site-b

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 17.0.0.0/8 is directly connected, FastEthernet0/0

B 16.0.0.0/8 [200/0] via 192.168.1.1, 01:48:36

55.0.0.0/32 is subnetted, 1 subnets

B 55.1.1.1 [200/2] via 192.168.1.1, 01:36:20

66.0.0.0/32 is subnetted, 1 subnets

B 66.1.1.1 [200/0] via 192.168.1.1, 01:49:05

77.0.0.0/32 is subnetted, 1 subnets

B 77.1.1.1 [20/0] via 17.1.1.2, 02:41:19

44.0.0.0/24 is subnetted, 1 subnets

B 44.1.1.0 [20/156160] via 14.1.1.2 (site-d), 01:36:20, FastEthernet2/0

B 14.0.0.0/8 is directly connected, 01:36:20, FastEthernet2/0

B 15.0.0.0/8 [200/0] via 192.168.1.1, 01:36:21

R3#show ip route vrf site-d

Routing Table: site-d

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

B 17.0.0.0/8 is directly connected, 01:35:24, FastEthernet0/0

B 16.0.0.0/8 [200/0] via 192.168.1.1, 01:35:24

55.0.0.0/32 is subnetted, 1 subnets

B 55.1.1.1 [200/2] via 192.168.1.1, 01:45:54

66.0.0.0/32 is subnetted, 1 subnets

B 66.1.1.1 [200/0] via 192.168.1.1, 01:35:24

77.0.0.0/32 is subnetted, 1 subnets

B 77.1.1.1 [20/0] via 17.1.1.2 (site-b), 01:35:24

44.0.0.0/24 is subnetted, 1 subnets

D 44.1.1.0 [90/156160] via 14.1.1.2, 01:41:11, FastEthernet2/0

C 14.0.0.0/8 is directly connected, FastEthernet2/0

B 15.0.0.0/8 [200/0] via 192.168.1.1, 01:48:41

R6#show ip bgp

BGP table version is 19, local router ID is 66.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 14.0.0.0 16.1.1.1 0 123 ?

*> 15.0.0.0 16.1.1.1 0 123 ?

* 16.0.0.0 16.1.1.1 0 0 123 ?

*> 0.0.0.0 0 32768 i

*> 17.0.0.0 16.1.1.1 0 123 ?

*> 44.1.1.0/24 16.1.1.1 0 123 ?

*> 55.1.1.1/32 16.1.1.1 0 123 ?

*> 66.1.1.1/32 0.0.0.0 0 32768 i

*> 77.1.1.1/32 16.1.1.1 0 123 123 i

R7#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 17.0.0.0/8 is directly connected, FastEthernet0/0

B 16.0.0.0/8 [20/0] via 17.1.1.1, 01:49:37

55.0.0.0/32 is subnetted, 1 subnets

B 55.1.1.1 [20/0] via 17.1.1.1, 01:37:12

66.0.0.0/32 is subnetted, 1 subnets

B 66.1.1.1 [20/0] via 17.1.1.1, 01:49:37

77.0.0.0/32 is subnetted, 1 subnets

C 77.1.1.1 is directly connected, Loopback1

44.0.0.0/24 is subnetted, 1 subnets

B 44.1.1.0 [20/0] via 17.1.1.1, 01:37:12

B 14.0.0.0/8 [20/0] via 17.1.1.1, 01:37:12

B 15.0.0.0/8 [20/0] via 17.1.1.1, 01:37:12

R4#show ip route eigrp

D EX 17.0.0.0/8 [170/3074560] via 14.1.1.1, 00:02:26, FastEthernet2/0

D EX 16.0.0.0/8 [170/3074560] via 14.1.1.1, 00:02:26, FastEthernet2/0

55.0.0.0/32 is subnetted, 1 subnets

D EX 55.1.1.1 [170/3074560] via 14.1.1.1, 00:08:23, FastEthernet2/0

66.0.0.0/32 is subnetted, 1 subnets

D EX 66.1.1.1 [170/3074560] via 14.1.1.1, 00:02:26, FastEthernet2/0

77.0.0.0/32 is subnetted, 1 subnets

D EX 77.1.1.1 [170/3074560] via 14.1.1.1, 00:02:26, FastEthernet2/0

D EX 15.0.0.0/8 [170/3074560] via 14.1.1.1, 00:08:23, FastEthernet2/0

R1#show run | section vrf

ip vrf site-a

rd 500:1

route-target export 500:1

route-target import 500:1

route-target import 500:2

ip vrf site-c

rd 500:2

route-target export 500:2

route-target import 500:2

route-target import 500:1

ip vrf forwarding site-a

ip vrf forwarding site-c

router ospf 10 vrf site-c

log-adjacency-changes

redistribute bgp 123 subnets

network 15.0.0.0 0.255.255.255 area 0

address-family ipv4 vrf site-c

redistribute ospf 10 vrf site-c match internal external 1 external 2

address-family ipv4 vrf site-a

R6#ping 44.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 44.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 96/113/136 ms

R6#ping 77.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 77.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 96/114/132 ms

R6#ping 55.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 55.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 60/76/92 ms

R7#traceroute 44.1.1.1

Type escape sequence to abort.

Tracing the route to 44.1.1.1

1 17.1.1.1 48 msec 28 msec 32 msec

2 14.1.1.2 [AS 123] 60 msec 64 msec 76 msec

R7#traceroute 55.1.1.1

Type escape sequence to abort.

Tracing the route to 55.1.1.1

1 17.1.1.1 44 msec 64 msec 28 msec

2 15.1.1.1 [AS 123] [MPLS: Label 59 Exp 0] 108 msec 80 msec 76 msec

3 15.1.1.2 [AS 123] 108 msec 108 msec 124 msec

R7#traceroute 66.1.1.1

Type escape sequence to abort.

Tracing the route to 66.1.1.1

1 17.1.1.1 28 msec 36 msec 36 msec

2 16.1.1.1 [AS 123] [MPLS: Label 56 Exp 0] 60 msec 72 msec 60 msec

3 16.1.1.2 [AS 123] 120 msec 140 msec 92 msec

LDP, MPLS, MPLS L3 VPN

What MPLS L3 VPN? | MPLS VPNv4 peering | MPLS LDP peering | How to configure MPLS L3 VPN Static?

Internetworks April 12, 2025

MPLS Layer 3 VPN (L3VPN) is a technology that enables service providers to offer secure and scalable IP-based VPN services to customers. It uses Multiprotocol Label Switching (MPLS) to route traffic efficiently while maintaining separation between different customer networks.

A static MPLS L3VPN typically refers to a setup where static routes are used instead of dynamic routing protocols like BGP or OSPF. This approach can be simpler to configure but may lack flexibility compared to dynamic routing.

Here are some key components of MPLS L3VPN:

VRF (Virtual Routing and Forwarding): Allows multiple routing tables on a single router.
MP-BGP (Multiprotocol BGP): Used to exchange VPN routes between provider edge (PE) routers.
Route Distinguisher (RD): Helps differentiate overlapping IP addresses between customers.
Route Target (RT): Defines which VPN routes should be imported/exported.

let's see the configuration:

Topology:-

Configure the topology as per the diagram
Configure the IP addresses as per the topology
Configure EIGRP AS 65100 inside the MPLS CORE network
Ensure the connectivity inside MPLS CORE
Configure MPLS LDP Peering
Create VRF A-1 for site 1 and VRF A-2 for site 2 (R1&R3)
Create route distinguisher value 500:1
Create route-target for both import and export value 500:1
Apply this on both sites
Configure route 1 fa0/0 under VRF A-1
Configure route 2 fa0/0 under VRF A-2
Configure default route on routers 5 and 4
Configure routing between PE and CE routers
Configure BGP VPNv4 peering
verify with show commands

MPLS L3 VPN

How to configure MPLS L3 with BGP AS OVERRIDE?

Internetworks August 26, 2020

BGP has a simple loop prevention mechanism for external BGP. When you see your own Autonomous system number in the AS path, we do not accept the prefix. This mechanism is fine for Internet routing but there are some other scenarios where this might be an issue.

In our topology, no routes get installed because the CE routers receive the routes with their own AS coming from other sites. (5500). So as per BGP, it will not install the routes in the BGP table. It's simple if the customer has the same ASN at different sites, the CE routers drop the BGP routes.

The CE routers drop the BGP update as it seems that it's own ASN 5500 is in the update. This behavior is the default behavior of BGP and is a prevention mechanism against loops in BGP

However, we have an easier solution is available and it involves having the PE router replace the customer ASN in the AS path with the ASN of the service provider. The command that you need to configure on the PE router to override the ASN is neighbor-address as-override.

MPLS L3 VPN

How to configure MPLS L3 VPN with OSPF ?

Internetworks March 20, 2020

In MPLS Layer 3 the service provider will participate in routing with the customers. The customers will run static, OSPF, EIGRP, BGP, or any other routing protocol with the service provider; these routes can be shared with other sites of the customers.

In VPN routing information from one customer is completely separated from other customers and tunneled over the service provider MPLS network.

we have already discussed what is MPLS? how MPLS work? and What is MPLS L3 VPN ? in this section we see how to configure MPLS L3 VPN supports OSPF sites. Before we start our configuration you must familiar with these topics.

1. Introduction of MPLS

2. What is MPLS Label distributing protocol (LDP)? How LDP works?

3. how to configure MPLS LDP Peering?

4. What is MPLS L3 VPN? How to configure?

5. How to configure MPLS L3 VPN with RIPv2?

6. How to configure MPLS L3 VPN with EIGRP?

7. How to configure MPLS L3 VPN with OSPF?

8. What are OSPF Sham Links? how to configure OSPF Sham Links?

9. How to configure MPLS L3 with BGP AS OVERRIDE?

10. What Is Network Tunneling And How To Configure Generic Routing Encapsulation (GRE) Tunnels?

11. What Is DMVPN (Dynamic Multipoint VPN), NHRP, MGRE, And How To Configure DMVPN Phase 1?

12. What Is DMVPN (Dynamic Multipoint VPN) Phase 2? How To Configure DMVPN Phase 2 Dynamic And Static Mapping?

13. How To Configure EIGRP And OSPF Over DMVPN Phase 1 & 2?

14. How To Configure External BGP And EIGRP On DMVPN Phase 2?

15. What Is IPSec (Internet Protocol Security)? What Is Internet Key Exchange IKE? How To Configure IPSec Tunnel?

16. What Is IKE (Internet Key Exchange)? How To Configure IPSec Site-To-Site?

What do we need to know before applying this configuration?

we need to assign a separate process ID because it required each VRF that receives VPN routes via OSPF from CE. in our topology we are running OSPF for multiple VRF and also running OSPF inside our core network. its need to distinguished which routes belong to which VRF and which interface belong to which OSPF process. in simple word use separate process ID.
When it comes to redistributing OSPF into BGP by Default only OSPF inter-area and inter-area routes are redistributed into BGP. We need to use the EXTERNAL key with the redistribute command under BGP to redistribute OSPF external routes into BGP. in simple words use external keywords.

Let see the configuration to get a better understanding:-

Topology:

Goal:

configure the topology as per the diagram
assign the IP addresses to their interfaces
configure IGP (OSPF 1) inside MPLS SP core
configure MPLS LDP on router 1_2_3
configure labels (99-199_200-299_300-399)
configure VRF A-1 on router 1 and VRF A-2 on router 3
configure RD and RT value 500:1 on both the sites
configure on router 1 assign FastEthernet facing CE under VRF A-1
configure on router 3 assign FastEthernet facing CE under VRF A-2
Configure the loopbacks with an exact mask to exchange the routes
configure OSPF 1 on both CE routers
configure OSPF 11 on PE router 1 under VRF A-1 and OSPF 13 on PE router 3 under VRF A-2

make sure PE and CE routers can ping
configure VPNv4 peering between PE routers.
Configure redistribution on PE routers between OSPF and BGP under VRF.
make sure both the CEs routers are able to ping.

R1(config)#Interface fastethernet 0/0

R1(config-if)#Ip address 10.1.1.1 255.0.0.0

R1(config-if)#No shutdown

R1(config-if)# keepalive

R1(config-if)#Exit

R1(config)#Interface serial 4/0

R1(config-if)#Ip address 1.1.1.1 255.0.0.0

R1(config-if)#No shutdown

R1(config-if)#Exit

R1(config)#Interface serial 4/2

R1(config-if)#Ip address 3.3.3.2 255.0.0.0

R1(config-if)#No shutdown

R1(config-if)#Exit

R1(config)#Interface loopback 0

R1(config-if)#Ip address 192.168.10.1 255.255.255.0

R1(config-if)#Exit

R1(config)#Interface loopback 1

R1(config-if)#Ip address 192.168.11.1 255.255.255.0

R1(config-if)#Exit

R1(config)#Interface loopback 2

R1(config-if)#Ip address 192.168.12.1 255.255.255.0

R1(config-if)#Exit

R1(config)#Interface loopback 3

R1(config-if)#Ip address 192.168.13.1 255.255.255.0

R1(config-if)#Exit

R2(config)#Interface fastethernet 0/0

R2(config-if)#Ip address 20.1.1.1 255.0.0.0

R2(config-if)#No shutdown

R2(config-if)#keepalive

R2(config-if)#Exit

R2(config)#Interface serial 4/0

R2(config-if)#Ip address 1.1.1.2 255.0.0.0

R2(config-if)#No shutdown

R2(config-if)#Exit

R2(config)#Interface serial 4/1

R2(config-if)#Ip address 2.2.2.1 255.0.0.0

R2(config-if)#No shutdown

R2(config-if)#Exit

R2(config)#Interface loopback 0

R2(config-if)#Ip address 192.168.20.1 255.255.255.0

R2(config-if)#Exit

R2(config)#Interface loopback 1

R2(config-if)#Ip address 192.168.21.1 255.255.255.0

R2(config-if)#Exit

R2(config)#Interface loopback 2

R2(config-if)#Ip address 192.168.22.1 255.255.255.0

R2(config-if)#Exit

R2(config)#Interface loopback 3

R2(config-if)#Ip address 192.168.23.1 255.255

R3(config)#Interface fastethernet 0/0

R3(config-if)#Ip address 30.1.1.1 255.0.0.0

R3(config-if)#No shutdown

R3(config-if)# keepalive

R3(config-if)#Exit

R3(config)#Interface serial 4/1

R3(config-if)#Ip address 2.2.2.2 255.0.0.0

R3(config-if)#No shutdown

R3(config-if)#Exit

R3(config)#Interface serial 4/2

R3(config-if)#Ip address 3.3.3.1 255.0.0.0

R3(config-if)#No shutdown

R3(config-if)#Exit

R3(config)#Interface loopback 0

R3(config-if)#Ip address 192.168.30.1 255.255.255.0

R3(config-if)#Exit

R3(config)#

R3(config)#Interface loopback 1

R3(config-if)#Ip address 192.168.31.1 255.255.255.0

R3(config-if)#Exit

R3(config)#Interface loopback 2

R3(config-if)#Ip address 192.168.32.1 255.255.255.0

R3(config-if)#Exit

R3(config)#Interface loopback 3

R3(config-if)#Ip address 192.168.33.1 255.255.

R3(config-if)#Exit

R4(config)#interface fastEthernet 0/0

R4(config-if)#ip address 30.1.1.2 255.0.0.0

R4(config-if)#no shutdown

R4(config-if)#exit

R4(config)#interface loopback 0

R4(config-if)#ip address 192.168.40.1 255.255.255.0

R4(config-if)#exit

R5(config)#Interface fastethernet 0/0

R5(config-if)#Ip address 10.1.1.2 255.0.0.0

R5(config-if)#shutdown

R5(config-if)#Exit

R5(config)#Interface loopback 0

R5(config-if)#Ip address 192.168.50.1 255.255.255.0

R5(config-if)#Exit

R1#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.1.1.1 YES manual up up

Serial4/0 1.1.1.1 YES manual up up

Serial4/2 3.3.3.2 YES manual up up
Loopback0 192.168.10.1 YES manual up up
Loopback1 192.168.11.1 YES manual up up
Loopback2 192.168.12.1 YES manual up up
Loopback3 192.168.13.1 YES manual up up

R2#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 20.1.1.1 YES manual up up

Serial4/0 1.1.1.2 YES manual up up

Serial4/1 2.2.2.1 YES manual up up

Loopback0 192.168.20.1 YES manual up up

Loopback1 192.168.21.1 YES manual up up

Loopback2 192.168.22.1 YES manual up up

Loopback3 192.168.23.1 YES manual up up

R3#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 30.1.1.1 YES manual up up

Serial4/1 2.2.2.2 YES manual up up

Serial4/2 3.3.3.1 YES manual up up

Loopback0 192.168.30.1 YES manual up up

Loopback1 192.168.31.1 YES manual up up

Loopback2 192.168.32.1 YES manual up up

Loopback3 192.168.33.1 YES manual up up

R4#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 10.1.1.2 YES manual up up

Loopback0 192.168.40.1 YES manual up up

R5#show ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 30.1.1.2 YES manual up up

Loopback0 192.168.50.1 YES manual up up

R1(config)#router ospf 1

R1(config-router)#network 1.0.0.0 0.255.255.255 area 0

R1(config-router)#network 3.0.0.0 0.255.255.255 area 0

R1(config-router)#network 192.168.10.0 255.0.0.0 area 0

R1(config-router)#network 192.168.11.0 255.0.0.0 area 0

R1(config-router)#network 192.168.12.0 255.0.0.0 area 0

R1(config-router)#network 192.168.13.0 255.0.0.0 area 0

R1(config-router)#end

R2(config)#router ospf 1

R2(config-router)#network 20.0.0.0 0.255.255.255 area 0

R2(config-router)#network 1.0.0.0 0.255.255.255 area 0

R2(config-router)#network 2.0.0.0 0.255.255.255 area 0

R2(config-router)#network 192.168.20.0 255.0.0.0 area 0

R2(config-router)#network 192.168.21.0 255.0.0.0 area 0

R2(config-router)#network 192.168.22.0 255.0.0.0 area 0

R2(config-router)#network 192.168.23.0 255.0.0.0 area 0

R2(config-router)#end

R3(config)#router ospf 1

R3(config-router)#network 2.0.0.0 0.255.255.255 area 0

R3(config-router)#network 3.0.0.0 0.255.255.255 area 0

R3(config-router)#network 192.168.30.0 255.0.0.0 area 0

R3(config-router)#network 192.168.31.0 255.0.0.0 area 0

R3(config-router)#network 192.168.32.0 255.0.0.0 area 0

R3(config-router)#network 192.168.33.0 255.0.0.0 area 0

R3(config-router)#end

R1#show ip route ospf

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

O 2.0.0.0/8 [110/128] via 3.3.3.1, 01:14:38, Serial4/2

[110/128] via 1.1.1.2, 01:14:38, Serial4/0

O 20.0.0.0/8 [110/65] via 1.1.1.2, 01:14:38, Serial4/0

192.168.20.0/32 is subnetted, 1 subnets

O 192.168.20.1 [110/65] via 1.1.1.2, 01:14:38, Serial4/0

192.168.21.0/32 is subnetted, 1 subnets

O 192.168.21.1 [110/65] via 1.1.1.2, 01:14:38, Serial4/0

192.168.22.0/32 is subnetted, 1 subnets

O 192.168.22.1 [110/65] via 1.1.1.2, 01:14:38, Serial4/0

192.168.23.0/32 is subnetted, 1 subnets

O 192.168.23.1 [110/65] via 1.1.1.2, 01:14:38, Serial4/0

O 192.168.30.0/24 [110/65] via 3.3.3.1, 01:14:38, Serial4/2

192.168.31.0/32 is subnetted, 1 subnets

O 192.168.31.1 [110/65] via 3.3.3.1, 01:14:38, Serial4/2

192.168.32.0/32 is subnetted, 1 subnets

O 192.168.32.1 [110/65] via 3.3.3.1, 01:14:38, Serial4/2

192.168.33.0/32 is subnetted, 1 subnets

O 192.168.33.1 [110/65] via 3.3.3.1, 01:14:38, Serial4/2

R3#show ip route ospf

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

O 1.0.0.0/8 [110/128] via 3.3.3.2, 01:18:05, Serial4/2

[110/128] via 2.2.2.1, 01:18:05, Serial4/1

O 20.0.0.0/8 [110/65] via 2.2.2.1, 01:18:05, Serial4/1

O 192.168.10.0/24 [110/65] via 3.3.3.2, 01:18:05, Serial4/2

192.168.11.0/32 is subnetted, 1 subnets

O 192.168.11.1 [110/65] via 3.3.3.2, 01:18:05, Serial4/2

192.168.12.0/32 is subnetted, 1 subnets

O 192.168.12.1 [110/65] via 3.3.3.2, 01:18:05, Serial4/2

192.168.13.0/32 is subnetted, 1 subnets

O 192.168.13.1 [110/65] via 3.3.3.2, 01:18:05, Serial4/2

192.168.20.0/32 is subnetted, 1 subnets

O 192.168.20.1 [110/65] via 2.2.2.1, 01:18:05, Serial4/1

192.168.21.0/32 is subnetted, 1 subnets

O 192.168.21.1 [110/65] via 2.2.2.1, 01:18:05, Serial4/1

192.168.22.0/32 is subnetted, 1 subnets

O 192.168.22.1 [110/65] via 2.2.2.1, 01:18:05, Serial4/1

192.168.23.0/32 is subnetted, 1 subnets

O 192.168.23.1 [110/65] via 2.2.2.1, 01:18:05, Serial4/1

R1(config)#mpls label protocol ldp
R1(config)#mpls label range 99 199
R1(config)#mpls ldp router-id loopback 0
R1(config)#exit

R1(config)#interface serial 4/0
R1(config-if)#mpls ip
R1(config-if)#exit

R1(config)#interface serial 4/2
R1(config-if)#mpls ip
R1(config-if)#exit

R2(config)#mpls label protocol ldp
R2(config)#mpls label range 200 299
R2(config)#mpls ldp router-id loopback 0
R2(config)#exit

R2(config)#interface serial 4/0
R2(config-if)#mpls ip
R2(config-if)#exit

R2(config)#interface serial 4/1
R2(config-if)#mpls ip
R2(config-if)#exit

R3(config)#mpls label protocol ldp
R3(config)#mpls label range 300 399
R3(config)#mpls ldp router-id loopback 0
R3(config)#exit

R3(config)#interface serial 4/1
R3(config-if)#mpls ip
R3(config-if)#exit

R3(config)#interface serial 4/2
R3(config-if)#mpls ip
R3(config-if)#exit

R1#show mpls ldp neighbor
Peer LDP Ident: 192.168.20.1:0; Local LDP Ident 192.168.10.1:0
TCP connection: 192.168.20.1.41723 - 192.168.10.1.646
State: Oper; Msgs sent/rcvd: 190/188; Downstream
Up time: 02:23:12
LDP discovery sources:
Serial4/0, Src IP addr: 1.1.1.2
Addresses bound to peer LDP Ident:
20.1.1.1 1.1.1.2 2.2.2.1 192.168.20.1
192.168.21.1 192.168.22.1 192.168.23.1
Peer LDP Ident: 192.168.30.1:0; Local LDP Ident 192.168.10.1:0
TCP connection: 192.168.30.1.27403 - 192.168.10.1.646
State: Oper; Msgs sent/rcvd: 186/184; Downstream
Up time: 02:20:31
LDP discovery sources:
Serial4/2, Src IP addr: 3.3.3.1
Addresses bound to peer LDP Ident:
2.2.2.2 3.3.3.1 192.168.30.1 192.168.31.1
192.168.32.1 192.168.33.1

R2#show mpls ldp neighbor

Peer LDP Ident: 192.168.10.1:0; Local LDP Ident 192.168.20.1:0

TCP connection: 192.168.10.1.646 - 192.168.20.1.41723

State: Oper; Msgs sent/rcvd: 189/192; Downstream

Up time: 02:24:22

LDP discovery sources:

Serial4/0, Src IP addr: 1.1.1.1

Addresses bound to peer LDP Ident:

1.1.1.1 3.3.3.2 192.168.10.1 192.168.11.1

192.168.12.1 192.168.13.1

Peer LDP Ident: 192.168.30.1:0; Local LDP Ident 192.168.20.1:0

TCP connection: 192.168.30.1.64637 - 192.168.20.1.646

State: Oper; Msgs sent/rcvd: 187/189; Downstream

Up time: 02:22:00

LDP discovery sources:

Serial4/1, Src IP addr: 2.2.2.2

Addresses bound to peer LDP Ident:

2.2.2.2 3.3.3.1 192.168.30.1 192.168.31.1

192.168.32.1 192.168.33.1

R3#show mpls ldp neighbor

Peer LDP Ident: 192.168.20.1:0; Local LDP Ident 192.168.30.1:0

TCP connection: 192.168.20.1.646 - 192.168.30.1.64637

State: Oper; Msgs sent/rcvd: 190/188; Downstream

Up time: 02:22:52

LDP discovery sources:

Serial4/1, Src IP addr: 2.2.2.1

Addresses bound to peer LDP Ident:

20.1.1.1 1.1.1.2 2.2.2.1 192.168.20.1

192.168.21.1 192.168.22.1 192.168.23.1

Peer LDP Ident: 192.168.10.1:0; Local LDP Ident 192.168.30.1:0

TCP connection: 192.168.10.1.646 - 192.168.30.1.27403

State: Oper; Msgs sent/rcvd: 187/189; Downstream

Up time: 02:22:33

LDP discovery sources:

Serial4/2, Src IP addr: 3.3.3.2

Addresses bound to peer LDP Ident:

1.1.1.1 3.3.3.2 192.168.10.1 192.168.11.1

192.168.12.1 192.168.13.1

R(config)#ip vrf A-1

R1(config-vrf)#rd 500:1

R1(config-vrf)#route-target import 500:1

R1(config-vrf)#route-target export 500:1

R1(config-vrf)#exit

R3(config)#ip vrf A-2

R3(config-vrf)#rd 500:1

R3(config-vrf)#route-target both 500:1

R3(config-vrf)#exit

R1(config)#interface fastethernet 0/0

R1(config-if)#ip vrf forwarding A-1

% Interface FastEthernet0/0 IPv4 disabled and address(es) removed due to enabling VRF A-1

R1(config-if)#ip address 10.1.1.1 255.0.0.0

R1(config-if)#no shutdown

R1(config-if)#exit

R3(config)#interface fastethernet 0/0

R3(config-if)#ip vrf forwarding A-2

% Interface FastEthernet0/0 IPv4 disabled and address(es) removed due to enabling VRF A-2

R3(config-if)#ip address 30.1.1.1 255.0.0.0

R3(config-if)#exit

R1#show run | section vrf
ip vrf A-1
rd 500:1
route-target export 500:1
route-target import 500:1
ip vrf forwarding A-1

R3#show run | section vrf

ip vrf A-2

rd 500:1

route-target export 500:1

route-target import 500:1

ip vrf forwarding A-2

R1(config)#interface loopback 0
R1(config-if)# ip ospf network point-to-point
R1(config-if)#end

R3(config)#interface loopback 0
R3(config-if)# ip ospf network point-to-point
R3(config-if)#end

R4(config)#router ospf 1
R4(config-router)#network 192.168.40.0 255.0.0.0 area 0
R4(config-router)#network 10.0.0.0 0.255.255.255 area 0
R4(config-router)#end

R1(config)#router ospf 11 vrf A-1

R1(config-router)#network 10.0.0.0 0.255.255.255 area 0

R1(config-router)#exit

*Mar 20 00:18:20.379: %OSPF-5-ADJCHG: Process 11, Nbr 192.168.40.1 on FastEthernet0/0 from LOADING to FULL, Loading Done

R1#show ip ospf 1 neighbor

Neighbor ID Pri State Dead Time Address Interface

192.168.33.1 0 FULL/ - 00:00:33 3.3.3.1 Serial4/2

192.168.23.1 0 FULL/ - 00:00:38 1.1.1.2 Serial4/0

R1#show ip ospf 11 neighbor

Neighbor ID Pri State Dead Time Address Interface

192.168.40.1 1 FULL/DR 00:00:33 10.1.1.2 FastEthernet0/0

R1#show ip route vrf A-1 ospf

Routing Table: A-1

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

192.168.40.0/32 is subnetted, 1 subnets

O 192.168.40.1 [110/2] via 10.1.1.2, 00:01:43, FastEthernet0/0

R1#ping vrf A-1 192.168.40.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.40.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/46/100 ms

R5(config)#router ospf 1
R5(config-router)#network 192.168.50.0 255.0.0.0 area 0
R5(config-router)#network 30.0.0.0 0.255.255.255 area 0
R5(config-router)#end

R3(config)#router ospf 13 vrf A-2
R3(config-router)#network 30.0.0.0 0.255.255.255 area 0
R3(config-router)#end

*Mar 20 00:28:16.623: %OSPF-5-ADJCHG: Process 13, Nbr 192.168.50.1 on FastEthernet0/0 from LOADING to FULL, Loading Done

R3#show ip ospf 13 neighbor

Neighbor ID Pri State Dead Time Address Interface
192.168.50.1 1 FULL/DR 00:00:33 30.1.1.2 FastEthernet0/0

R3#show ip route vrf A-2 ospf

Routing Table: A-2
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

192.168.50.0/32 is subnetted, 1 subnets
O 192.168.50.1 [110/2] via 30.1.1.2, 00:01:24, FastEthernet0/0

R1(config)#router bgp 6500
R1(config-router)#no bgp default ipv4-unicast
R1(config-router)#neighbor 192.168.30.1 remote-as 6500
R1(config-router)#neighbor 192.168.30.1 update-source loopback 0
R1(config-router)#address-family vpnv4 unicast
R1(config-router-af)#neighbor 192.168.30.1 activate
R1(config-router-af)#neighbor 192.168.30.1 send-community extended
R1(config-router-af)#neighbor 192.168.30.1 next-hop-self
R1(config-router-af)#end

R3(config)#router bgp 6500
R3(config-router)#no bgp default ipv4-unicast
R3(config-router)#neighbor 192.168.10.1 remote-as 6500
R3(config-router)#neighbor 192.168.10.1 update-source loopback 0
R3(config-router)#address-family vpnv4 unicast
R3(config-router-af)#neighbor 192.168.10.1 activate
R3(config-router-af)#neighbor 192.168.10.1 send-community extended
R3(config-router-af)#neighbor 192.168.10.1 next-hop-self
R3(config-router-af)#end

*Mar 20 00:59:36.259: %BGP-5-ADJCHANGE: neighbor 192.168.10.1 Up

R1(config)#router bgp 6500
R1(config-router)#address-family ipv4 vrf A-1
R1(config-router-af)#redistribute ospf 11 vrf A-1 match ?
external Redistribute OSPF external routes
internal Redistribute OSPF internal routes
nssa-external Redistribute OSPF NSSA external routes

R1(config-router-af)#redistribute ospf 11 vrf A-1 match internal ?
external Redistribute OSPF external routes
metric Metric for redistributed routes
nssa-external Redistribute OSPF NSSA external routes
route-map Route map reference
<cr>

R1(config-router-af)#redistribute ospf 11 vrf A-1 match internal external ?
1 Redistribute external type 1 routes
2 Redistribute external type 2 routes
metric Metric for redistributed routes
nssa-external Redistribute OSPF NSSA external routes
route-map Route map reference
<cr>

R1(config-router-af)#$e ospf 11 vrf A-1 match internal external 1 external 2
R1(config-router-af)#end

R1(config)#router ospf 11 vrf A-1
R1(config-router)#redistribute bgp 6500 subnets
R1(config-router)#end

R3(config)#router bgp 6500
R3(config-router)#address-family ipv4 vrf A-2
R3(config-router-af)#$e ospf 13 vrf A-2 match internal external 1 external 2
R3(config-router-af)#end

(R3(config-router-af)#redistribute ospf 13 vrf A-2 match internal external 1 external 2)

R3(config)#router ospf 13 vrf A-2
R3(config-router)#redistribute bgp 6500 subnets

R3(config-router)#end

R1#show ip bgp vpnv4 all

BGP table version is 7, local router ID is 192.168.13.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 500:1 (default for vrf A-1)

*> 10.0.0.0 0.0.0.0 0 32768 ?

*>i 30.0.0.0 192.168.30.1 0 100 0 ?

*> 192.168.40.1/32 10.1.1.2 2 32768 ?

*>i 192.168.50.1/32 192.168.30.1 2 100 0 ?

R1#show ip route vrf A-1

Routing Table: A-1

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.0.0.0/8 is directly connected, FastEthernet0/0

L 10.1.1.1/32 is directly connected, FastEthernet0/0

B 30.0.0.0/8 [200/0] via 192.168.30.1, 00:05:57

192.168.40.0/32 is subnetted, 1 subnets

O 192.168.40.1 [110/2] via 10.1.1.2, 00:40:55, FastEthernet0/0

192.168.50.0/32 is subnetted, 1 subnets

B 192.168.50.1 [200/2] via 192.168.30.1, 00:05:57

R1#show ip route vrf A-1 bgp

Routing Table: A-1

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

B 30.0.0.0/8 [200/0] via 192.168.30.1, 00:06:24

192.168.50.0/32 is subnetted, 1 subnets

B 192.168.50.1 [200/2] via 192.168.30.1, 00:06:24

R1#ping vrf A-1 192.168.40.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.40.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 44/72/104 ms

R1#ping vrf A-1 192.168.50.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.50.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 104/144/248 ms

R3#show ip bgp vpnv4 all

BGP table version is 7, local router ID is 192.168.33.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 500:1 (default for vrf A-2)

*>i 10.0.0.0 192.168.10.1 0 100 0 ?

*> 30.0.0.0 0.0.0.0 0 32768 ?

*>i 192.168.40.1/32 192.168.10.1 2 100 0 ?

*> 192.168.50.1/32 30.1.1.2 2 32768 ?

R3#show ip route vrf A-2

Routing Table: A-2

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

B 10.0.0.0/8 [200/0] via 192.168.10.1, 00:14:56

30.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 30.0.0.0/8 is directly connected, FastEthernet0/0

L 30.1.1.1/32 is directly connected, FastEthernet0/0

192.168.40.0/32 is subnetted, 1 subnets

B 192.168.40.1 [200/2] via 192.168.10.1, 00:14:56

192.168.50.0/32 is subnetted, 1 subnets

O 192.168.50.1 [110/2] via 30.1.1.2, 00:22:01, FastEthernet0/0

R3#show ip route vrf A-2 BGP

Routing Table: A-2

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

B 10.0.0.0/8 [200/0] via 192.168.10.1, 00:15:15

192.168.40.0/32 is subnetted, 1 subnets

B 192.168.40.1 [200/2] via 192.168.10.1, 00:15:15

R3#ping vrf A-2 192.168.50.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.50.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 44/76/132 ms

R3#ping vrf A-2 192.168.40.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.40.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 68/108/152 ms

R4#ping 192.168.50.1 source 192.168.40.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.50.1, timeout is 2 seconds:

Packet sent with a source address of 192.168.40.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 156/186/228 ms

R4#traceroute 192.168.50.1

Type escape sequence to abort.

Tracing the route to 192.168.50.1

VRF info: (vrf in name/id, vrf out name/id)

1 10.1.1.1 108 msec 56 msec 104 msec

2 30.1.1.1 [MPLS: Label 308 Exp 0] 84 msec 104 msec 104 msec

3 30.1.1.2 172 msec 148 msec 128 msec

R5#ping 192.168.40.1 source 192.168.50.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.40.1, timeout is 2 seconds:

Packet sent with a source address of 192.168.50.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 140/156/180 ms

R5#traceroute 192.168.40.1

Type escape sequence to abort.

Tracing the route to 192.168.40.1

VRF info: (vrf in name/id, vrf out name/id)

1 30.1.1.1 36 msec 76 msec 56 msec

2 10.1.1.1 [MPLS: Label 104 Exp 0] 180 msec 168 msec 56 msec

3 10.1.1.2 180 msec 172 msec 228 msec

R4#show ip route ospf

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

O E2 30.0.0.0/8 [110/1] via 10.1.1.1, 00:15:14, FastEthernet0/0

192.168.50.0/32 is subnetted, 1 subnets

O E2 192.168.50.1 [110/2] via 10.1.1.1, 00:15:14, FastEthernet0/0

R5#show ip route ospf

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

O E2 10.0.0.0/8 [110/1] via 30.1.1.1, 00:12:07, FastEthernet0/0

192.168.40.0/32 is subnetted, 1 subnets

O E2 192.168.40.1 [110/2] via 30.1.1.1, 00:12:07, FastEthernet0/0

MPLS

How to configure Overlapping VPN?

Configure the IP addresses as per the topology

Configure OSPF inside the core of the MPLS network

Configure PLS LDP peering inside the MPLS core network

Configure VRF site-a and site-c on router 1, configure route-distinguisher and route-target 500:1 for site-a, site-b, and for site-c and site-d 500:2

Configure VRF site-b and site-d on router 3

Configure fa0/0 and fa2/0 under VRF site-a and site-c on router 1

Configure fa0/0 and fa2/0 under VRF site-b and site-d on router 3

Configure EBGP between router 1 and router 6

Configure EBGP between router 3 and router 7

Configure connectivity between router 1 and router 3 with VPNv4

Configure the as-override feature on router 1 and router 3

Configure the connectivity between router 1 and router 5 with OSPF under VRF site-c

configure redistribution between OSPF and BGP under VRF site-c

Configure connectivity between router 3 and router 4 under VRF site-d with EIGRP 100

configure connectivity between all sites-a, b, c,d

What MPLS L3 VPN? | MPLS VPNv4 peering | MPLS LDP peering | How to configure MPLS L3 VPN Static?

How to configure MPLS L3 with BGP AS OVERRIDE?

BGP has a simple loop prevention mechanism for external BGP. When you see your own Autonomous system number in the AS path, we do not accept the prefix. This mechanism is fine for Internet routing but there are some other scenarios where this might be an issue.

How to configure MPLS L3 VPN with OSPF ?

Labels

Pages

Popular Posts

Follow us on Facebook

Featured post

How to configure Overlapping VPN?

Labels

About me

Pages

Popular Posts

subscribe