Advanced Computer NetworksSummer term 2015/16

Petr Grygárek

Case Study

Network Configuration

Student group 1

3 student groups,

9 students in lab in parallel

Internet IPv4 + IPv6

PEinet

Psp

Student group 2 Student group 3

Pwan

Gray devices are preconfigured

Service Provider’s MPLS/IPv4 core

IGP1 process 1 + LDP

+ router loopbacks

Corporate WAN MPLS/IPv4 core

IGP2 process 2 + LDP

+ router loopbacks

RSg1

PErr

AS 65001 Route Reflector

RSg2 RSg3

Rg1 Rg2 Rg3

Overview

RSg1

Student group g

Psp

Service Provider Core

Corporate WAN MPLS/IPv4 core

Interface Loopback 789

7.8.9.1/24, 2001:7:8:9::1/64

(simulates IPv4 and IPv6 Internet]

RSg2 RSg3

Pwan

Rg1 Rg3Rg2

S0/1/0

S0/1/1

Fa0/0

PErr

AS 65001 Route Reflector

... ...

2x3 Serial + 3x Ethernet (4ESW module interface fa0/1-3 vlan 4091-4093)

PEinet

1.1.100.0/30

.1

.2

1.1.gr.0/30

.1

.2

2.2.gr.0/30

.2

.1

2.2.100.0/30

.2

.1

2x3 Serial + 3x Ethernet (4ESW module interface fa0/1-3 vlan 4091-4093)

fa0/0

fa0/0

lo1: 1.99.g.r/32

RID 1.0.g.r

lo1: 1.99.99.10/32

RID 1.99.99.10

lo1: 1.99.99.1/32

RID 1.99.99.1

lo1: 2.99.99.10/32

RID 2.99.99.10

lo1: 2.99.99.1/32

RID 2.99.99.1

RID 100.0.g.r

Physical Topology

Rg1

VRF A

VRF A

VRF B

VRF B BGP AS 651gr

RSg1

4.g.r.1/24 vlan gr20

3.g.r.1/24 vlan gr10

RD 65001:99gr1

RT export 65001:gr1

RD 65001:99gr2

RT export 65001:gr2

.1.1

.2.2

RD 65001:88gr1

RD 65001:88gr2

RID 100.0.g.r

RID 1.0.g.r

BGP AS 65001

Branch Office Infra

Global

2001:AAAA:gr00::/64

VLAN gr30

RD 65001:99gr3

RT export 65001:gr3

:1

:2

:1

VRF V6

Internet

PEinet

P

PE

AS 65001

EBGP,

MPLS

tunnel

Internet IC VLAN gr0

100.g.r.0/30

RSgx:

Internet in global routing table (IPv4)

interface vlan gr0

Lo 789

7.8.9.1/24

Lo1

1.99.99.1/32

Lo1

1.99.g.2/32

Lo1

1.99.g.3/32Lo1

1.99.g.1/32

No traffic between Rg1-Rg3 via InternetGW - Rg1-Rg3 are in the same AS, EBGP loop prevention mechanism apply

AS 789

PE

AS 65001

PE

AS 65001

Static default route from VRF A via global

Static route from global to VRF A VLAN gr10

.1

.2

static0/0

stati toVRF A vlan gr10

RSg1 RSg2 RSg3

Rg1 Rg2 Rg3

Service Provider’s MPLS/IPv4 core

IGP1 process 1 + LDP

VRF A

Global

staticgr10

0/0

BGP-free

Core

Rg1

VRF A

VRF A

VRF B

VRF B AS 651gr

RSg1

Rg2

VRF A

VRF A

VRF B

VRF B

RSg2

Rg3

VRF A

VRF A

VRF B

VRF B

RSg3

i/e

4.g.r.0/24

vlan gr20

3.g.r.0/24

vlan gr10

RD 65001:99gr1

RT export 65001:gr1

RD 65001:99gr2

RT export 65001:gr2.1

.1

.2.2

RID 100.0.g.r

RID 0.1.g.r

PErr

Corporate WAN MPLS/IPv4 core

IGP2 process 2 + LDP

AS 65001 Pwan

Additional i/e between VPNs according to

parameters for student group

BGP Route Reflector

Lo1 2.99.99.1

IPv4 MPLS/VPN WAN

PMPLS/IPv4 core

IGP1 process 1 + LDP

VLAN g16

Lo1

1.99.g.2/32

Lo1

1.99.g.3/32Lo1

1.99.g.1/32

VRF A backup connectivity - RIPv2

RSg1 RSg2 RSg3

Rg1 Rg2 Rg3

VLAN g25

int vlan g2530.g.12.2/30

PW ID g23

VLAN g15 VLAN g26

int vlan g2630.g.23.1/30

VLAN g35 VLAN g36

int vlan g1530.g.13.1/30

int vlan g1630.g.12.1/30

int vlan g3530.g.23.2/30

int vlan g3630.g.13.2/30

VRF A VRF A VRF A

fa0/0.g15 fa0/0.g16 fa0/0.g25 fa0/0.g26 fa0/0.g35 fa0/0.g36

3.g.1.1/24 vlan g110 3.g.2.1/24 vlan g210 3.g.3.1/24 vlan g310

(Make AD for routes via AToM worse in case if

you run RIPv2 protocol also as VRF A MPLS/

VPN PE-CE IGP so that WANCore connectivity is

always preferred)

BGP RR

VRF A

AToM VRF A Backup

Different VLAN IDs are bridged together – PVST+ BPDUs containing VLAN # TLV needs to be filtered out

PMPLS/IPv4 core

IGP1 process 1 + LDP

VLAN g16

Lo1

1.99.g.2/32

Lo1

1.99.g.3/32Lo1

1.99.g.1/32

VRF A backup connectivity - RIPv2

RSg1 RSg2 RSg3

Rg1 Rg2 Rg3

VLAN g25

int vlan g2530.g.12.2/30

PW ID g23

VLAN g15 VLAN g26

int vlan g2630.g.23.1/30

VLAN g35 VLAN g36

int vlan g1530.g.13.1/30

int vlan g1630.g.12.1/30

int vlan g3530.g.23.2/30

int vlan g3630.g.13.2/30

VRF T VRF T VRF T

fa0/0.g16 fa0/0.g25 fa0/0.g26 fa0/0.g35 fa0/0.g36

VRF A VRF A VRF A

3.g.1.1/24 vlan g110 3.g.2.1/24 vlan g210 3.g.3.1/24 vlan g310

i/e i/e i/e

VRF T:

RD 65001:88gr4

RT export 65001:8gr4

VRF A:

RT export 65001:8gr1

VRF A

BGP RR

fa0/0.g15

AToM VRF A Backup – via VRF T

Lo1

1.99.g.2/32

Lo1

1.99.g.3/32Lo1

1.99.g.1/32

RSg1 RSg2 RSg3

Rg1 Rg2 Rg3

Service Provider’s MPLS/IPv4 core

Tun12 111.g.12.2/30

Tun23 111.g.23.1/30

Tun12 111.g.12.1/30

Tun13 111.g.13.1/30

VRF B

4.g.r.0/24

VRF B VRF B

VRF B VRF B VRF B

RIPv2

Tun23 111.g.23.2/30

Tun13 111.g.13.2/30

IKE phase 1: authentication pre-shared key: g, DES, MD5

IKE phase 2: ESP AES, SHA1

Redistribute BGP->RIP only local server subnet;

Redistribute RIP->BGP: set community tag

filter vpnv4 routes from Rgx to BGP RR based on tag

Set weight >32768 for all BGP routes from BGP RR to

override „locally-originated” routes injected from RIP>BGP

redistribution

BGP RR

IPv4 IPSec/GRE VRF B Backup

Lo1

1.99.g.2/32

Lo1

1.99.g.3/32Lo1

1.99.g.1/32

RSg1 RSg2 RSg3

Rg1 Rg2 Rg3

Service Provider’s MPLS/IPv4 core

VRF B

4.g.r.0/24

VRF B VRF B

VRF B VRF B VRF B

RIPv2

IKE phase 1: authentication pre-shared key: g, DES, MD5

IKE phase 2: ESP AES, SHA1

Redistribute BGP->RIP only local server subnet;

Redistribute RIP->BGP: set community tag

filter vpnv4 routes from Rgx to BGP RR based on tag

Set weight >32768 for all BGP routes from BGP RR to

override „locally-originated” routes injected from RIP>BGP

redistribution

BGP RR

IPv4 DMVPN VRF B Backup

DMVPN Spoke

tun100 112.g.0.1/24

multipoint

DMVPN Spoke

tun100 112.g.0.3/24

multipoint

DMVPN Hub

tun100 112.g.0.2/24

multipoint

802.1q

Internet

Internet

GW

P

802.1q 802.1q

PE

AS 65001

EBGP,

MPLS

tunnel

Internet IC VLAN gr0

2001:100:g:r::1/64

Internet in global routing table (IPv6)

interface vlan gr0

Lo 789

2001:7:8:9::1/64

Lo1

1.99.99.1/32

Lo1

1.99.g.2/32

Lo1

1.99.g.3/32Lo1

1.99.g.1/32

No direct connection between Rg1-Rg3 – BGP nexthop changed on InternetGWNo traffic between Rg1-Rg3 via InternetGW - Rg1-Rg3 in the same AS (BGP loop prevention mechanism apply)

AS 789

PE

AS 65001

PE

AS 65001

:1

:2

static ::0

RSg1 RSg2 RSg3

Rg1 Rg2 Rg3

Service Provider’s MPLS/IPv4 core

IGP1 process 1 + LDP

IPv6: local segments 2001:AAAA:gr00::/64 VLAN gr30

6PE

Rg1

Global

VRF V6

RSg1

Rg2

VRF V6

Global

RSg2

Rg3

VRF V6

Global

RSg3

2001:AAAA:gr00::/64

VLAN gr30

RD 65001:99gr3

RT export 65001:gr3

:1

:2

Corporate WAN MPLS/IPv4 core

IGP2 process 2 + LDP

AS 65001

P

:1

PErr

BGP Route Reflector

Lo1 2.99.99.1

6VPE over WANCore

::/0

Lo1

1.99.g.2/32

Lo1

1.99.g.3/32Lo1

1.99.g.1/32

Rg1 Rg2 Rg3

Service Provider’s MPLS/IPv4 core

tun200

multipoint

tun200

multipoint

tun200

multipoint

VRF V6VRF V6VRF V6

Use 1.99.x.x./32 loopbacks for tunnel source/destination

6to4:

interface tunnel200

tunnel mode ipv6ip 6to4

ipv6 address 2002:<Lo1IP>:cccc::1/64

…

ipv6 route 2001:aaaa:gr00::/64 2002:<Lo1IP>:cccc::1

6to4

2001:AAAA:gr00::/64

VLAN gr30

RSg1

::/0

PEinet

Lo 789

2001:7:8:9::1/64

Tun200 multipoint

2002:0163:6301:cccc::1/64

static to VLAN gr30

static routes not preconfigured here

Lo1

1.99.g.2/32

Lo1

1.99.g.3/32Lo1

1.99.g.1/32

Rg1 Rg2 Rg3

Service Provider’s MPLS/IPv4 core

Tun 202 multipoint

VRF V6VRF V6VRF V6

Use 1.99.x.x./32 loopbacks for tunnel source/destination

ISATAP:

interface tunnel202

tunnel mode ipv6ip isatap

ipv6 address 2001:EEEE::/64 eui-64

…

ipv6 route 2001:aaaa:gr00::/64 2001:EEEE::5EFE:<LoIP>

ISATAP

2001:AAAA:gr00::/64

VLAN gr30

RSg1

::/0

PEinet

Lo 789

2001:7:8:9::1/64

Tun202 multipoint

static to VLAN gr30

Tun 202 multipoint Tun 202 multipoint

static routes not preconfigured here

site prefix 2001:EEEE::/32