Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Khalid Raza
• MPLS configuration
VRF
MP-BGP
PE-CE configuration
Advance configuration
• MPLS topologies
• VPN connectivity
• Design considerations
• Deployment strategies
• VPN
Concept is to use the service providers shared
resources connecting multiple customer sites
Technologies such as X.25, Frame-relay which use
virtual circuits to establish end-to-end connection
using shared service of the provider infrastructure
This statistical sharing of resources enables the
service provider to offer low cost services to the
end user
• Site
Set of (sub)networks part of the C-network and co-
located
A site is connected to the VPN backbone through
one or more PE/CE links
• PE router
Provider Edge router. Part of the P-Network and
interfaces to CE routers
• P router
Provider (core) router, without knowledge of VPN
Provider core
(P) device VPN Site
Virtual Circuit
• Shared router
Where a common router was used, extensive packet
filtering is used on the PE router to isolate customer
Service provider allocated addresses out of its space
to the customer and managed the packet filter to
ensure same customer reachability, and isolation
between customers.
High maintenance cost associated with packet filters
Performance impact due to packet filtering
• Dedicated router
Customer isolation is achieved via dedicated
routers connected to customer
POP edge router filter routing updates between
different provider edge routers
Route filtering is achieved via BGP Communities
Not cost effective
VPN-A
CE
Paris
PE
VRF for VPN-A
VPN-A CE
IGP &/or BGP
London
VRF for VPN-B
VPN-B CE
Munich
Global Routing Table
VPN-A
CE
Paris
PE
VRF for VPN-A
VPN-A CE
IGP &/or BGP
London
VRF for VPN-B
VPN-B CE
Munich
Global Routing Table
CE
Site-2
VPN-A
CE
Munich
P Router
CE Router PE PE CE Router
VPN-B
BGP Table
Munich
CE router sends 32 bit IPv4 prefix
Routes from VPN-A
Routes from VPN-B
197.26.15.1
Paris London
149.27.2.0/24
Paris London
149.27.2.0/24
• VRF configuration
Step 1. Create VRF
Step 2. Assign an RD
Step 3. RT export
Step 4. RT import
Step 5. Define an interface to a VRF
• VRF configuration
Step 1.
Creating a VRF
ip vrf name
Example ip vrf bootcamp
Where bootcamp is just a name like route-
map name
• VRF configurations
Step 2.
Every VRF needs an associated RD
rd route-distinguisher
Could be AS:X or IP address :X
Example: rd 109:12345
• VRF configuration
Step 3.
Defining a route target that will be exported
with every route that is send from the VRF
Multiple route-target can be attached to a vrf
route-target export RT
Example: route-target export 109:1234
• VRF configuration
Step 4.
Define a route-target that will be accepted by
the router to be imported into the VRF
route-target import
Example: route-target import 109:1345
• VRF configuration
Step 5.
Associate an interface to the VRF; this will remove
the interface from the global routing process
Existing IP address is removed once the interface
is defined to a VRF; you will have to re-configure
the IP address
• VRF configuration
Ip vrf GREEN
rd 109:145
route-target export 109:145
route-target import 109:145
• MP-BGP configuration
BGP process is extended to perform three
functions
Tasks are configured in same BGP process
through address families
1. Maintain and exchange global routing information (IPv4
routing)
2. VPNv4 routing
3. VRF routing exchange with CE
• MP-BGP configurations
Global neighbor are configured under the
global BGP process (All P and PE neighbors)
These neighbors need to be activated under
the appropriate address family according to
requirements
VRF specific neighbors are defined under the
corresponding VRFs
• MP-BGP configurations
Step 1. Configure neighbors and their
parameters under the global process
Step 2. Configure address family VPNv4
Step 3. Activate neighbors to carry VPNv4
routes
Step 4. Activate the VPNv4 specific parameters
under the address family (filter, etc.)
• MP-BGP configurations
Step 1. Configure BGP process
router bgp 110
neighbor 131.108.1.1 remote-as 110
neighbor 131.108.1.1 update-source loopback 0
• MP-BGP Configurations
Step 2. Configure the address family, activate the
neighbor under the address family for VNPv4
routes. Neighbor that was defined earlier under
main BGP process
address-family vpnv4
neighbor 131.108.1.1 activate
neighbor 131.108.1.1 next-hop-self
Address-family vpnv4
Neighbor 131.108.1.1 activate
Neighbor 131.108.1.3 activate
• BGP
Define the neighbor under the address-family
vrf and not under the global BGP
router bgp 110
!
address-family ipv4 vrf Green
neighbor 10.1.1.1 remote-as 115
neighbor 10.1.1.1 activate
• RIP
Single routing process
RIP parameters in each VRF
router rip
version 2
MPLS BGP
backbone
VPN-A VPN-A
VPN-B CE VPN-A
VPN-B CE
Area 0
CE CE
Area 1 London
Area 2
Paris
Area 0
VPN-A VPN-A
VPN-B VPN-A
VPN-B
Area 0
CE
Paris
Area 0
• OSPF
Configuration is still simple
router ospf 110 vrf RED
network 10.1.0.0 0.0.255.255 area 0
redistribute bgp 110
CQFE rev14 Russ Davis © 1999, Cisco Systems, Inc. www.Cisco.com 100
MPLS Configuration
• Static
Used to configure VRF specific routes
Always need to specify the interface
even though you have the next-hop
CQFE rev14 Russ Davis © 1999, Cisco Systems, Inc. www.Cisco.com 101