lab setup-men part 2_norestriction

Lab Setup-MEN Part 2

CX600- RT-C, RT-D, RT-E

C7609-RT-A, RT-B, RT-F

C3400 – SW-A

CX200D – SW-B, SW-C

1/12/0/2

1/0/21/0/0

1/2 2/1

2/2 1/0/0

2/0/41/3

2/0/01/1 RT-A

RT-B

RT-C

RT-D

RT-E RT-F

1/0/2 1/2

2/3

Ge0/1

1/0/6

2/4

1/0/4

Ge 0/0/1

SW-A

SW-C

2/5 2/0/6

1/0/8

1/0/4

PC-C

Fe 0/0/9

PC-A

Fe0/9 SW-B

PC-B

1/4

Ge 0/0/1

Fe 0/0/9

2/0/8

Ge0/1

SW-D

SW-E

1/0/6

Ge 0/0/1

1

Lab1- Configuring Basic BGP Functions



1/12/0/2

1/0/21/0/0

1/2 2/1

2/2 1/0/0 2/0/41/3 2/0/01/1 RT-A

RT-B

RT-C

RT-D RT-E

AS 65001

Summary IP-192.168.0.0/16

RT-A

Lo- 192.168.255.12/32

2/2 -10.0.1.2/30

2/1-192.168.0.1/30

2/3 -Switchport

AS 65000

Summary IP-10.0.0.0/8

RT-B

Lo- 10.0.255.11/32

1/1 -10.0.1.1/30

1/2 -10.0.0.1/30

1/3 -10.0.0.10/30

RT-C

Lo- 10.0.255.21/32

1/0/0 -10.0.0.2/30

1/0/2 -10.0.0.5/30

RT-D

Lo- 10.0.255.31/32

2/0/0 -10.0.2.1/30

2/0/4 -10.0.0.9/30

2/0/2 -10.0.0.6/30

AS 65002

Summary IP-172.16.0.0/16

RT-E

Lo- 172.16.255.33/32

1/0/0 -10.0.2.2/30

1/0/2 -172.16.0.1/30

RT-F

Lo- 172.16.255.23/32

1/2 -172.16.0.2/30

1/1 -192.168.0.2/30

RT-F

1/0/2 1/2

2/3

Group1- RT-A & RT-B

Group2- RT-C & RT-D

Group3- RT-E & RT-F

0/1

2

Configuration Procedure Step 1

1. Clear the Configuration 2. Change the hostname or sysname 3. Configure the IP address for each interface

Interface loopback0 Ip address 192.168.255.12 255.255.255.255 Interface gigabitethernet 2/2 Ip address 10.0.1.2 255.255.255.252 No shut/undo shut Negotiation auto (on CX port, if it is connected to Cisco)

Step 2 Configure IBGP connections.

# Configure RT-B.

RT-B(config)#router bgp 65000

RT-B(config-router)#neighbor 10.0.0.2 remote-as 65000


# Configure RT-D.

[RT-D] bgp 65000

[RT-D-bgp] peer 10.0.0.10 as-number 65000


# Configure RT-C.

[RT-C] bgp 65000

[RT-C-bgp] peer 10.0.0.1 as-number 65000


# Configure RT-E.

[RT-E] bgp 65002

[RT-E-bgp] peer 172.16.0.2 as-number 65002

# Configure RT-F.

RT-F(config)#router bgp 65002

RT-F(config-router)#neighbor 172.16.0.1 remote-as 65002

3

Check:- Disp bgp peer

Show bgp neighbor

Disp bgp routing-table

Show ip route bgp

There is no bgp routes in the routing table

Step 3 Configure EBGP.

# Configure RT-A.

RT-A(config)#router bgp 65001

RT-A(config-router)#neighbor 10.0.255.11 remote-as 65000

RT-A(config-router)#neighbor 10.0.255.11 update-source loopback0

RT-A(config-router)#neighbor 10.0.255.11 ebgp-multihop 3

RT-A(config)#ip route 10.0.0.0 255.0.0.0 10.0.1.1


RT-A (config-router)#neighbor 172.16.255.23 update-source loopback0



# Configure RT-B.

RT-B(config)#router bgp 65000


RT-B(config-router)#neighbor 192.168.255.12 update-source loopback0

RT-B(config-router)#neighbor 192.168.255.12 ebgp-multihop 3

RT-B(config)#ip route 192.168.0.0 255.255.0.0 10.0.1.2

# Configure RT-D.

[RT-D] bgp 65000


[RT-D-bgp] peer 172.16.255.33 connect-interface loopback0

[RT-D-bgp] peer 172.16.255.33 ebgp-max-hop 3

[RT-D] ip route-static 172.16.0.0 16 10.0.2.2

# Configure RT-E.

[RT-E] bgp 65002


[RT-E-bgp] peer 10.0.255.31 connect-interface loopback0

[RT-E-bgp] peer 10.0.255.31 ebgp-max-hop 3

[RT-E] ip route-static 10.0.0.0 8 10.0.2.1

4

# Configure RT-F.

RT-F(config)#router bgp 65002

RT-F(config-router)#neighbor 192.168.255.12 remote-as 65001

RT-F(config-router)#neighbor 192.168.255.12 update-source loopback0

RT-F(config-router)#neighbor 192.168.255.12 ebgp-multihop 3

RT-F(config)#ip route 192.168.0.0 255.255.0.0 192.168.0.1

# Display the connection status of the BGP peers.

[CX] display bgp peer

Cisco# show bgp neighbor

It should be established

Step 4 Configure RT-A to advertise 100.0.0.0/8.

Connect Switch to the gigaetherent interface

Switch(config-if)# switchport mode trunk

Switch(config-if)#switchport trunk allow vlan all

Switch(config-if)#no shut

Switch(config)# vlan 100

Switch(config)# interface vlan 100

Switch(config-if)#ip address 100.0.0.2 255.0.0.0


Switch(config)#ip default-gateway 100.0.0.1

[Quidway]ip route-static 0.0.0.0 0 vlanif 100

RT-A(config-if)#switchport

RT-A(config-if)#switchport trunk encaspulation dot1q

RT-A(config-if)#switchport mode trunk

RT-A(config-if)#switchport trunk allow vlan all

RT-A(config-if)#no shut

RT-A(config)#vlan 100

RT-A(config)#interface vlan 100

RT-A(config-if)#ip address 100.0.0.1 255.0.0.0



RT-A(config-router)# address-family ipv4

RT-A(config-router-af)# network 100.0.0.0 mask 255.0.0.0

5

# Display the routing table of RT-B.

RT-B# show ip route bgp

B 100.0.0.0/8 [20/0] via 192.168.255.12

Check:

RT-B# ping 100.0.0.1

Reply from RT-A

# Display the routing table of RT-C.

[RT-C] display bgp routing-table

Network NextHop MED LocPrf PrefVal Path/Ogn

i 100.0.0.0 192.168.255.12 0 100 0 65001i

Check:

[RT-C] ping 100.0.0.1

No Reply from RT-A

# Display the routing table of RT-D.

[RT-D] display bgp routing-table


i 100.0.0.0 192.168.255.12 0 100 0 65001i

Check:

[RT-D] ping 100.0.0.1

No Reply from RT-A

# Display the routing table of RT-F.

RT-F# show ip route bgp

B 100.0.0.0/8 [20/0] via 192.168.255.12

Check:

RT-F# ping 100.0.0.1

Reply from RT-A

Note:- To Solve the above problem • In Step5 we will change the BGP route next hop and reach 100.x.x.x network

without using OSPF • AS specific routes should be available in the ip routing table. In step3 this is

manually added in ASBR, but it should be redistributed in the entire AS. We will do this by using OSPF in Step6

6

Step 5 Configure ASBR to change the next hop as self

# Configure RT-B for route updates from AS65001 to AS65000

RT-B(config-router)address-family ipv4

RT-B(config-router-af)neighbor 10.0.0.2 next-hop-self

RT-B(config-router-af)neighbor 10.0.0.9 next-hop-self

Check: On RT-C

[RT-C] disp bgp route

*>i 100.0.0.0 10.0.0.1 0 100 0 65001i

[RT-C] ping 100.0.0.1

Reply from RT-A

# Configure RT-D for route updates from AS65000 to AS65002

[RT-D-bgp]peer 172.16.255.33 next-hop-local

# Configure RT-F for route updates from AS65001 to AS65002

RT-F(config-router)address-family ipv4

RT-F(config-router-af)neighbor 172.16.0.1 next-hop-self

Check: On RT-E

[RT-E] disp bgp route

*>i 100.0.0.0 172.16.0.2 0 100 0 65001i

Note: Remove next-hop-self and next-hop-local commands before starting step6

7

Step 6 Configure OSPF on each network of ASs

# Configure AS65001

RT-A(config)# router ospf 200

RT-A(config-router)# network 192.168.255.12 0.0.0.0 area 0



RT-A(config-router)# redistributed connected

RT-A(config-router)# redistributed static

# Configure AS65000

RT-B(config)# router ospf 100

RT-B(config-router)# network 10.0.255.11 0.0.0.0 area 0


RT-B(config-router)# redistributed connected

RT-B(config-router)# redistributed static

[RT-D]ospf 100

[RT-D-ospf-100]area 0

[RT-D-ospf-100-area-0.0.0.0]network 10.0.255.31 0.0.0.0


[RT-D-ospf-100]import-route direct

[RT-D-ospf-100]import-route static

[RT-C]ospf 100

[RT- C-ospf-100]area 0

[RT-C-ospf-100-area-0.0.0.0]network 10.0.255.21 0.0.0.0


[RT-C-ospf-100]import-route direct

[RT-C-ospf-100]import-route static

8

# Configure AS65002

[RT-E]ospf 300

[RT-E-ospf-300]area 0

[RT-E-ospf-300-area-0.0.0.0]network 172.16.255.33 0.0.0.0


[RT-E-ospf-300]import-route direct

[RT-E-ospf-300]import-route static

RT-F(config)# router ospf 300

RT-F(config-router)# network 172.16.255.23 0.0.0.0 area 0

RT-F(config-router)# network 172.16.0.0 0.0.255.255 area 0

RT-F(config-router)# redistributed connected

RT-F(config-router)# redistributed static

Check: Ping any IP from any where

1

Lab2- Working with BGP & IGP

CX600- RT-C, RT-D

C7609-RT-A

2/0/21/0/22/4 1/0/4

RT-A RT-C

RT-D

AS 65001

Summary IP-192.168.0.0/16

RT-A

Lo- 192.168.255.12/32

2/4 -10.0.1.2/30

2/3 - Switchport

AS 65000


RT-C

Lo- 10.0.255.11/32

1/0/4 -10.0.1.1/30

1/0/2 -10.0.0.1/30

RT-D

Lo- 10.0.255.21/32

2/0/2 -10.0.0.2/30

2/3

Group1- RT-A

Group2- RT-C

Group3- RT-D

0/1

2

Configuration Roadmap The configuration roadmap is as follows:

1. Configure the OSPF protocol on RT-C and RT-D to realize the interconnection. 2. Configure the EBGP connection on RT-A and RT-C. 3. Enable BGP and OSPF to import routes from each other on RT-C, and check the routing information. 4. Configure BGP route aggregation on RT-C and simplify the BGP routing table.



Interface loopback0 Ip address 192.168.255.12 255.255.255.255 Interface gigabitethernet 1/0/4 Ip address 10.0.1.1 255.255.255.252 No shut/undo shut Negotiation auto (on CX port, if it is connected to Cisco)

Step 2 Configure OSPF in AS 65000

[RT-C]ospf 100

[RT-C-ospf-100]area 0



[RT-D]ospf 100





# Configure RT-A.






3

# Configure RT-C.

[RT-C]bgp 65000


[RT-C-bgp] peer 192.168.255.12 connect-interface loopback0

[RT-C-bgp]peer 192.168.255.12 ebgp-max-hop 3

[RT-C]ip route-static 192.168.255.12 255.255.255.255 10.0.1.2





Step 4 Configure RT-A to advertise 100.0.0.0/8.










[Quidway]ip route-static 0.0.0.0 0 vlanif 100











RT-A(config-router)# address-family ipv4

RT-A(config-router-af)# network 100.0.0.0 mask 255.0.0.0

4

# Display the routing table of RT-C.

[RT-C] display bgp routing-table


*i> 100.0.0.0 192.168.255.12 0 100 0 65001i

[RT-C] display ip routing-table protocol ospf

You will see 4 routes

1 active route of 10.0.255.21/32

3 inactive route of directly connected networks

Step 5 Configure BGP on RT-C to import OSPF routes

[RT-C-bgp] ipv4-family unicast

[RT-C-bgp-af-ipv4] import-route ospf 100

# Display the routing table of RT-A

RT-A# show ip route bgp

You should see 2 OSPF routes of 10.x.x.x in BGP routing table

Step 6 Configure OSPF on RT-C to import BGP routes

[RT-C-ospf-100] import-route bgp

# Display the routing table of RT-D

[RT-D] display ip routing-table

You should see BGP route of 100.x.x.x in OSPF routing table

To check:

Ping 100.0.0.1 form RT-D

5

Step 7 Configure the automatic route aggregation.

# Configure RT-C

[RT-C] bgp 65000


[RT-C-bgp-af-ipv4] summary automatic

# Display the routing table of RT-A.

[RT-A] display bgp routing-table

You should see single route for all 10.x.x.x networks of AS 65000

1

Lab3- Configuring AS-Path Filter

EBGP connections are set up between RT-A, RT-C, and RT-D. Configure the AS-Path filter on RT-A. AS 65001 thus does not advertises routes of AS 65002 to AS 65000, or advertise routes of AS 65000 to AS 65002.

CX600- RT-C, RT-D

C7609-RT-A

RT-C

1/0/4

2/4 1/0/2

RT-A 2/0/2

RT-D

AS 65000


RT-C

Lo- 10.0.255.11/32

1/0/4 -10.0.1.1/24

1/0/2-10.0.2.1/24

AS 65001

Summary IP-192.168.0.0/16

RT-A

Lo- 192.168.255.12/32

2/4 -10.0.1.2/24

2/5 - 10.0.3.1/24

2/5

Group1- RT-A

Group2- RT-C

Group3- RT-D

2/0/6

AS 65002

Summary IP-172.16.0.0/16

RT-D

Lo- 172.16.255.13/32

2/0/2-10.0.2.2/24

2/0/6 -10.0.3.2/24

2


1. Configure the EBGP connecting between RT-C and RT-A, RT-A and RT-D, RT-D and RT-C respectively, and import direct routes.

2. Configure the AS-Path on RT-A, and apply the filtering rule.




# Configure RT-A










RT-A(config-router)#redistributed connected

# Configure RT-C.

[RT-C] bgp 65000



[RT-C-bgp] peer 192.168.255.12 ebgp-max-hop 3

[RT-C]ip route-static 192.168.255.12 32 10.0.1.2





[RT-C-bgp] import-route direct

3

# Configure RT-D

[RT-D] bgp 65002




[RT-D]ip route-static 192.168.255.12 32 10.0.3.1





[RT-D-bgp] import-route direct





# Check the routing table advertised by RT-A to peer RT-C. You can find that RT-A advertises the routes for direct network between RT-C and RT-D.

RT-A#show bgp ipv4 unicast neighbors 10.0.255.11 advertised-routes

BGP table version is 13, local router ID is 192.168.255.12

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 10.0.1.0/24 0.0.0.0 0 32768 ?

*> 10.0.2.0/24 172.16.255.13 0 0 65002 ?

*> 10.0.3.0/24 0.0.0.0 0 32768 ?

r> 10.0.255.11/32 10.0.255.11 0 0 65000 ?

r> 172.16.255.13/32 172.16.255.13 0 0 65002 ?

*> 192.168.255.12/32

0.0.0.0 0 32768 ?

Total number of prefixes 6

Huawei command

<RT-A> display bgp routing-table peer 10.0.255.11 advertised-routes

4

Check the routing table of RT-C, and you can find that RT-C learns the two routes advertised by RT-A.

<RT-C> display bgp routing-table

Total Number of Routes: 13

BGP Local router ID is 10.0.255.11

Status codes: * - valid, > - best, d - damped,

h - history, i - internal, s - suppressed, S - Stale

Origin : i - IGP, e - EGP, ? - incomplete


*> 10.0.1.0/24 0.0.0.0 0 0 ?

* 192.168.255.12 0 0 65001?

*> 10.0.1.1/32 0.0.0.0 0 0 ?

*> 10.0.2.0/24 0.0.0.0 0 0 ?

* 172.16.255.13 0 0 65002?

* 192.168.255.12 0 65001 65002?

*> 10.0.2.1/32 0.0.0.0 0 0 ?

*> 10.0.3.0/24 172.16.255.13 0 0 65002?

* 192.168.255.12 0 0 65001?

*> 10.0.255.11/32 0.0.0.0 0 0 ?

172.16.255.13/32 172.16.255.13 0 0 65002?

* 192.168.255.12 0 65001 65002?

192.168.255.12/32 192.168.255.12 0 0 65001?

Step 3 Configure the AS-Path filter on RT-A and apply the filter in the outgoing direction of RT-A

# Create AS-Path filter 1, refusing the passing of routes carrying AS 65002 (The regular expression _65002_ indicates any AS list that contains AS 65002 and * matches any character.)

RT-A(config)# ip as-path access-list 1 deny _65002_

RT-A(config)# ip as-path access-list 1 permit .*

# Create AS-Path filter 2, refusing the passing of routes carrying AS 65000.

RT-A(config)# ip as-path access-list 2 deny _65000_

RT-A(config)# ip as-path access-list 2 permit .*

# Apply the AS-Path filter in two outgoing directions of RT-A.

RT-A#router bgp 65001

RT-A(config-router)# neighbor 10.0.255.11 filter-list 1 out

RT-A(config-router)# neighbor 172.16.255.13 filter-list 2 out

Additional Info:- If RT-A is a CX600 router use following commands


[RT-A] ip as-path-filter 1 deny _65002_

5

[RT-A] ip as-path-filter 1 permit .*


[RT-A] ip as-path-filter 2 deny _65000_ [RT-A] ip as-path-filter 2 permit .*

# Apply the AS-Path filter in two outgoing directions of RT-A

[RT-A] bgp 20 [RT-A-bgp] peer 200.1.2.1 as-path-filter 1 export [RT-A-bgp] peer 200.1.3.2 as-path-filter 2 export

Step 4 Check the routing table advertised by RT-A, and it will not have advertised direct routes for networks between RT-C and RT-D.

RT-A#show bgp ipv4 unicast neighbor 10.0.255.11 advertised-routes

It will not have routes learned from AS65002.






*> 10.0.1.0/24 0.0.0.0 0 32768 ?

*> 10.0.3.0/24 0.0.0.0 0 32768 ?

*> 192.168.255.12/32

0.0.0.0 0 32768 ?

Total number of prefixes 3

Additional Info:- If RT-A is a CX600 router use following commands <RT-A> display bgp routing-table peer 172.16.255.13 advertised-routes

Similarly, the BGP routing table of RT-C does not have the two routes.

<RT-C> display bgp routing-table

This will not have routes coming from AS65002 via AS65001




6




*> 10.0.1.0/24 0.0.0.0 0 0 ?

* 192.168.255.12 0 0 65001?

*> 10.0.1.1/32 0.0.0.0 0 0 ?

*> 10.0.2.0/24 0.0.0.0 0 0 ?

* 172.16.255.13 0 0 65002?

*> 10.0.2.1/32 0.0.0.0 0 0 ?

*> 10.0.3.0/24 172.16.255.13 0 0 65002?

* 192.168.255.12 0 0 65001?

*> 10.0.255.11/32 0.0.0.0 0 0 ?

172.16.255.13/32 172.16.255.13 0 0 65002?

192.168.255.12/32 192.168.255.12 0 0 65001?

Step 5 # Similarly Check the routing table advertised by RT-A to RT-D

It will not have routes learned from AS65000 via AS65001

7

Additional Info:

Metacharacter-Cisco

Metacharacter-Huawei

Connotation

\ Indicates escape character.

. . Matches any single character including the space except for \n.

* * Indicates that characters on the left of it appear for 0 or many times continuously in the target object

+ + Indicates that characters on the left of it appear for 1 or many times continuously in the target object.

| | The 'or' relationship exists between characters on the left and right sides of it.

^ ^ Characters on the right of it must appear at the beginning of the target object.

$ $ Characters on the left of it must appear at the end of the target object.

[ ] [xyz] Matches the character listed in the square character.

[^ ] [^xyz] Matches any character that is not listed in the square bracket (^ is on the left of the character).

- [a-z] Matches any character within the specified range.

[^a-z] Matches any character that is not within the specified range.

{n} The matches appear for n times (n is a non-negative integer).

{n,} The matches appear for at least n times (n is a non-negative integer).

{n,m} The matches appear for n–m times (m and n are non-negative integer and n is smaller than or equal to m). Note that there is no space between n and m.

? Zero or one instance of the character or pattern

1

Lab4- BGP Community Attribute

Networking Requirements RT-A creates EBGP connections with RT-C and RT-D respectively. You can configure the No_Export community attribute on RT-C. Thus, the routes advertised from AS65000 to AS65001 are not advertised to other ASs.

CX600- RT-C, RT-D

C7609-RT-A

CX200D- SW-C

RT-C

1/0/4

2/4

RT-A

RT-D

AS 65000


RT-C

Lo- 10.0.255.11/32

1/0/4 -10.0.1.1/24

1/0/6 - Switchport

AS 65001

Summary IP-192.168.0.0/16

RT-A

Lo- 192.168.255.12/32

2/4 -10.0.1.2/24

2/5 - 10.0.3.1/24

2/5

Group1- RT-A

Group2- RT-C , SW-C

Group3- RT-D

2/0/6

AS 65002

Summary IP-172.16.0.0/16

RT-D

Lo- 172.16.255.13/32

2/0/6 -10.0.3.2/24

1/0/6

Ge0/0/1

SW-C

2


1. Configure the EBGP connection between RT-C and RT-A, as well as between RT-A and RT-D.

2. Configure the routing policy on RT-C, and advertise No_Export community attribute.



Step 2 Configure the EBGP.

# Configure RT-C.

[RT-C] bgp 65000





[RT-C-bgp] ] ipv4-family unicast

[RT-C-bgp-af-ipv4] network 100.0.0.0 255.0.0.0

[RT-C-GigabitEthernet1/0/6]portswitch

[RT-C-GigabitEthernet1/0/6]port link-type trunk

[RT-C-GigabitEthernet1/0/6]port trunk allow-pass vlan all

[RT-C-GigabitEthernet1/0/6]undo shut

[RT-C]vlan 100

[RT-C]interface Vlanif 100

[RT-C-Vlan127]ip address 100.0.0.1 255.0.0.0

3


[SW-C-gigabitethernet0/0/1]port link-type trunk

[SW-C-gigabitethernet0/0/1]port trunk allow-pass vlan all

[SW-C-gigabitethernet0/0/1]bpdu enable

[SW-C-gigabitethernet0/0/1]undo shut

[SW-C ]vlan 100

[SW-C ]interface vlan 100

[SW-C-vlanif100]ip address 100.0.0.2 255.0.0.0

[SW-C-vlanif100]undo shut

[SW-C]ip route-static 0.0.0.0 0 vlanif 100

# Configure RT-A










# Configure RT-D

[RT-D] bgp 65002





4


RT-A# show ip bgp 100.0.0.0

BGP routing table entry for 100.0.0.0/8, version 34

Paths: (1 available, best #1, table default)

Advertised to update-groups: 1

65000

10.0.255.11 from 10.0.255.11 (10.0.255.11)

Origin IGP, metric 0, localpref 100, valid, external, best

You can see that RT-A advertises the routes received from RT-C to RT-D in AS65002.

# Display the routing table of RT-D

[RT-D] display bgp routing-table







*> 100.0.0.0 192.168.255.12 0 65001

65000i

From the routing table, you can confirm that RT-D has learned a route to the destination 100.0.0.0/8 from RT-A

Step 3 Configure BGP community attributes.

# Configure the routing policy on RT-C to enable RT-C to advertise routes to RT-A. As the result RT-A does not advertise the routes advertised by RT-C to any other AS.

[RT-C] route-policy RT-A permit node 10

Info: New Sequence of this List !!

[RT-C-route-policy] apply community no-export

# Apply routing policies.

[RT-C] bgp 65000


[RT-C-bgp-af-ipv4] peer 192.168.255.12 route-policy RT-A export

[RT-C-bgp-af-ipv4] peer 192.168.255.12 advertise-community

5

Additional Info: It RT-C is a Cisco router than use following commands

access-list 1 permit 100.0.0.0

Route-map RT-C permit 10

Match ip address 1

Set community no-export

Route-map RT-C permit 20

# Apply routing policies.

RT-C(config-router)#neighbor 192.168.255.12 send-community

RT-C(config-router)#neighbor 192.168.255.12 route-map RT-C out


RT-A# show ip bgp 100.0.0.0

BGP routing table entry for 100.0.0.0/8, version 40

Paths: (1 available, best #1, table default, not advertised to EBGP peer)

Flag: 0x880

Not advertised to any peer

65000

10.0.255.11 from 10.0.255.11 (10.0.255.11)

Origin IGP, metric 0, localpref 100, valid, external, best

Community: no-export

You can see the configured community attribute in the routing table of RT-A. At this time, there are no routes to the destination 100.0.0.0/8 in the routing table of RT-D

1

Lab5- BGP Load Balancing and the MED Attribute

CX600- RT-C, RT-D

C7609-RT-A

1/0/2

2/0/2

2/4

1/0/4

RT-A

RT-C

RT-D

AS 65001

Summary IP-192.168.0.0/16

RT-A

Lo- 192.168.255.12/32

2/4 -192.168.1.1/30

2/5 - 192.168.2.1/30

AS 65000


RT-C

Lo- 10.0.255.11/32

1/0/4 -192.168.1.2/30

1/0/2 -20.0.0.1/24

RT-D

Lo- 10.0.255.21/32

2/0/2 -20.0.0.2/24

2/0/6 -192.168.2.2/30

2/5

Group1- RT-A

Group2- RT-C

Group3- RT-D

2/0/6

2


1. Configure the EBGP connections between RT-A and RT-C, as well as between RT-A and RT-D.

2. Configure the IBGP connections between RT-C and RT-D 3. Configure the load balancing on RT-A and MED value RT-C, and check the routing

information.



Step 2 Configure BGP.

# Configure RT-A.










# Configure RT-C.

[RT-C] bgp 65000







[RT-C-bgp-af-ipv4] network 20.0.0.0 255.255.255.0

# Configure RT-D.

[RT-D] bgp 65000



3




[RT-D-bgp] ipv4-family unicast

[RT-D-bgp-af-ipv4] network 20.0.0.0 255.255.255.0







Gateway of last resort is not set

20.0.0.0/30 is subnetted, 1 subnets

B 20.0.0.0 [20/0] via 10.0.255.11, 00:04:00

RT-A#sh ip bgp 20.0.0.0 255.255.255.0 subnets






* 20.0.0.0/24 10.0.255.21 0 0 65000 i

*> 10.0.255.11 0 0 65000 i

As displayed in the routing table, there are two valid routes to the destination 20.0.0.0/24. The route whose next hop is 10.0.255.11 is the optimum route. This is because the Router ID of RT-C is smaller.

4

Step 3 Configure load balancing.

# Configure RT-A


RT-A(config-router)#address-family ipv4

RT-A(config-router-af)#maximum-paths 2

Additional info: Huawei commands

[CX-A] bgp 65001

[CX-A-bgp] ipv4-family unicast

[CX-A-bgp-af-ipv4] maximum load-balancing 2




20.0.0.0/24 is subnetted, 1 subnets

B 20.0.0.0 [20/0] via 10.0.255.21, 00:00:17

[20/0] via 10.0.255.11, 00:00:17

As displayed in the routing table, BGP route 20.0.0.0/24 has two next hops. They are 10.0.255.11 and 10.0.255.21. Both of them are optimum routes.

5

Step 4 Configure MED attributes.

# Set the default value of MED sent by RT-C to RT-A by using the policy.

[RT-C] route-policy 10 permit node 10

[RT-C -route-policy] apply cost 100

[RT-C] bgp 65000

[RT-C -bgp] peer 192.168.255.12 route-policy 10 export



RT-A#sh ip bgp 20.0.0.0 255.255.255.0 subnets






*> 20.0.0.0/24 10.0.255.21 0 0 65000 i

* 10.0.255.11 100 0 65000 i

As displayed in the routing table, the MED of the next hop 10.0.255.11 (RT-C) is 100, and that of the next hop 10.0.255.21 is 0. Therefore, the route with the smaller MED is selected.

1

Lab6- Basic MPLS Configuration

CX600- RT-C, RT-D

C7609-RT-A, RT-B

C3400 – SW-A

CX200D – SW-C

RT-C

2/0/2

1/0/2

RT-A 2/0/42/2

1/3RT-B

1/1

RT-D2/3

Ge0/1

1/0/6

Ge 0/0/1

SW-A

SW-C

Group1- RT-A, SW-A

Group2- RT-B, RT-D

Group3- RT-C, SW-C


RT-A

Lo- 10.0.255.11/32

2/2 -10.0.1.1/30

2/3 –switchport (100.0.1.0/24)

RT-B

Lo- 10.0.255.21/32

1/1 -10.0.1.2/30

1/3 -10.0.2.1/30

RT-C

Lo- 10.0.255.31/32

1/0/2 -10.0.3.2/30

1/0/6 –switchport (100.0.2.0/24)

RT-D

Lo- 10.0.255.41/32

2/0/4 -10.0.2.2/30

2/0/2 -10.0.3.1/30

2




Step 2 Configure OSPF








[RT-C]ospf 100





[RT-D]ospf 100




3

Step 3 Configure SW-A & RT-A for 100.0.1.0/24.


















Step 4 Configure SW-C & RT-C for 100.0.2.0/24.





[SW-C ]vlan 100

[SW-C ]interface vlan 100


[SW-C-vlanif100]undo shut

[SW-C]ip route-static 0.0.0.0 0 vlanif 100





[RT-C]vlan 100

[RT-C]interface Vlanif 100

[RT-C-Vlan127]ip address 100.0.2.1 255.255.255.0

4

Step 5 Configure MPLS

Configure RTA:

RT-A(config)#mpls ip

RT-A(config)#mpls ldp router-id Loopback0 force

RT-A(config-if)#mpls ip

RT-A(config-if)#mpls lable protocol ldp

Configure RTB:

RT-B(config)#mpls ip

RT-B(config)#mpls ldp router-id Loopback0 force

RT-B(config-if)#mpls ip

RT-B(config-if)#mpls lable protocol ldp


RT-B(config-if)#mpls lable protocol ldp

Configure RTC:

[RT-C]mpls lsr-id 10.0.255.31

[RT-C]mpls [RT-C-mpls]lsp-trigger all [RT-C]mpls ldp [RT-C-gigabitethernet1/0/2]mpls [RT-C-gigabitethernet1/0/2]mpls ldp

Configure RTD: [RT-D]mpls lsr-id 10.0.255.41

[RT-D]mpls [RT-D-mpls]lsp-trigger all [RT-D]mpls ldp [RT-D-gigabitethernet2/0/2]mpls [RT-D-gigabitethernet2/0/2]mpls ldp [RT-D-gigabitethernet2/0/4]mpls [RT-D-gigabitethernet2/0/4]mpls ldp

5

Check:

1) View the interface on which the LDP runs:

RT-B>show mpls interfaces

Interface IP Tunnel BGP Static Operational

GigabitEthernet1/1 Yes (ldp) No No No Yes


[RT-D]display mpls ldp interface

LDP Interface Information in Public Network

------------------------------------------------------------------------------

IF-Name Status LAM Transport-Address Hello-Sent/Rcv

------------------------------------------------------------------------------

GE2/0/2 Active DU 10.0.255.41 316/314

GE2/0/4 Active DU 10.0.255.41 312/354

------------------------------------------------------------------------------

LAM: Label Advertisement Mode IF-Name: Interface name

2) View the established LDP Session:

RT-B>show mpls ldp neighbor

Peer LDP Ident: 10.0.255.11:0; Local LDP Ident 10.0.255.21:0

TCP connection: 10.0.255.11.646 - 10.0.255.21.11000

State: Oper; Msgs sent/rcvd: 84/82; Downstream

Up time: 01:02:42

LDP discovery sources:

GigabitEthernet1/1, Src IP addr: 10.0.1.1

Addresses bound to peer LDP Ident:

100.0.1.1 10.0.255.11 10.0.1.1


TCP connection: 10.0.255.41.52580 - 10.0.255.21.646


Up time: 00:30:44




10.0.3.1 10.0.2.2 10.0.255.41

6

[RT-D]display mpls ldp peer

LDP Peer Information in Public network

------------------------------------------------------------------------------

Peer-ID Transport-Address Discovery-Source

------------------------------------------------------------------------------

10.0.255.31:0 10.0.255.31 GigabitEthernet2/0/2


------------------------------------------------------------------------------

TOTAL: 2 Peer(s) Found.

3) Take FEC:100.0.2.0/24 for example to view the label switching in the whole forwarding process:

View the MPLS LSP of RT-A:

RT-A#show mpls forwarding-table

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or VC or Tunnel Id Switched interface

16 Pop Label 10.0.255.21/32 0 Gi2/2 10.0.1.2

17 Pop Label 10.0.2.0/30 0 Gi2/2 10.0.1.2

18 18 10.0.3.0/30 0 Gi2/2 10.0.1.2

19 19 10.0.255.41/32 0 Gi2/2 10.0.1.2

20 20 10.0.255.31/32 0 Gi2/2 10.0.1.2

21 21 100.0.2.0/24 0 Gi2/2 10.0.1.2

On RT-A, the outbound label to 100.0.2.0/24 is 21. View the MPLS LSP of RT-B:

7

RT-B#show mpls forwarding-table



16 Pop Label 10.0.255.11/32 0 Gi1/1 10.0.1.1

17 Pop Label 100.0.1.0/24 0 Gi1/1 10.0.1.1

18 Pop Label 10.0.3.0/30 0 Gi1/3 10.0.2.2

19 Pop Label 10.0.255.41/32 0 Gi1/3 10.0.2.2

20 1029 10.0.255.31/32 0 Gi1/3 10.0.2.2

21 1028 100.0.2.0/24 0 Gi1/3 10.0.2.2

On RT-B, inbound labels being 21 are switched to 1028. On RT-D, view the MPLS LSP:

[RT-D]display mpls lsp

-------------------------------------------------------------------------------

LSP Information: LDP LSP

-------------------------------------------------------------------------------

FEC In/Out Label In/Out IF Vrf Name

10.0.2.0/30 3/NULL -/-

10.0.255.41/32 3/NULL -/-

100.0.2.0/24 NULL/3 -/GE2/0/2

10.0.255.31/32 NULL/3 -/GE2/0/2

10.0.255.31/32 1029/3 -/GE2/0/2

100.0.2.0/24 1028/3 -/GE2/0/2

10.0.1.0/30 1024/3 -/GE2/0/4

10.0.1.0/30 NULL/3 -/GE2/0/4

10.0.255.11/32 1026/16 -/GE2/0/4

10.0.255.11/32 NULL/16 -/GE2/0/4

10.0.255.21/32 1027/3 -/GE2/0/4

10.0.255.21/32 NULL/3 -/GE2/0/4

100.0.1.0/24 1025/17 -/GE2/0/4

100.0.1.0/24 NULL/17 -/GE2/0/4

8

10.0.3.0/30 3/NULL -/-

Outbound label of the packet with inbound label 1028 is 3. It indicates that RT-D is the penultimate hop and thus needs to pop off the label and send the IP data packet to the last hop, RT-C, directly.

[RT-C]display mpls lsp

-------------------------------------------------------------------------------


-------------------------------------------------------------------------------


10.0.2.0/30 NULL/3 -/GE1/0/2

10.0.255.41/32 NULL/3 -/GE1/0/2

10.0.1.0/30 NULL/1024 -/GE1/0/2

100.0.1.0/24 NULL/1025 -/GE1/0/2

10.0.255.11/32 NULL/1026 -/GE1/0/2

10.0.255.21/32 NULL/1027 -/GE1/0/2

100.0.2.0/24 3/NULL -/-

10.0.255.31/32 3/NULL -/-

Labels allocated by RT-C to RT-D are specially 3, which indicates that RT-C is the last hop. The MPLS LSP forwarding process for other FECs is similar.

1

Lab7 - L3 VPN (Switchport is assigned to customer)

CX600- RT-C, RT-D

C7609-RT-A, RT-B

C3400 – SW-A

CX200D – SW-C

RT-C

2/0/2

1/0/2

RT-A 2/0/42/2

1/3RT-B

1/1

RT-D2/3

Ge0/1

1/0/6

Ge 0/0/1

SW-A

SW-C

Group1- RT-B, RT-D

Group2- RT-A, SW-A

Group3- RT-C, SW-C

As65000


RT-A

Lo- 10.0.255.11/32

2/2 -10.0.1.1/30

2/3 –switchport (100.0.1.0/24)

RT-B

Lo- 10.0.255.21/32

1/1 -10.0.1.2/30

1/3 -10.0.2.1/30

RT-C

Lo- 10.0.255.31/32

1/0/2 -10.0.3.2/30

1/0/6 –switchport (100.0.2.0/24)

RT-D

Lo- 10.0.255.41/32

2/0/4 -10.0.2.2/30

2/0/2 -10.0.3.1/30

Ge0/9

PC-A

PC-C

Ge 0/0/9

2


1. Configure OSPF between PEs to implement interworking. 2. Configure the basic MPLS functions and MPLS LDP 3. Configure the VPN instance on the PE connected with the CE in the backbone

network, bind the PE interface connected with the CE to the corresponding VPN instance, and then reconfigure the IP address for the PE interface connected with the CE.

4. Configure MP IBGP to exchange the VPN routing information between the PEs. 5. Configure CEs and PEs to exchange VPN routes by using direct connection, static

routes, OSPF, or EBGP.

RD= PE loopback IP: 1

RT=100:1 (every site can talk to any other site)

1. Configure IP address 2. Enable OSPF 3. Enable MPLS 4. Enable LDP 5. Create VRF + RD + RT 6. Bind interface to VRF 7. iBGP between PE 8. Redistribute static into BGP

3




Step 2 Configure OSPF in MPLS Backbone







[RT-D]ospf 100




[RT-C]ospf 100




4

After the configuration, the OSPF neighbor relationship should be established between RT-A, RT-B, RT-D and RT-C. After running the show ip ospf neighbor & display ospf peer command, you can find that the OSPF neighbor relationship is in Full state. Run the show ip routing-table & display ip routing-table command on the PE (RT-A, RT-C), and you can view the Loopback0 routes imported from the peer.

RT-A# show ip ospf neighbor

[RT-C] display ospf peer

RT-A# show ip routing-table

[RT-C] display ip routing-table

Step 3 Configure basic MPLS functions and MPLS LDP on the MPLS backbone network to setup LDP LSP.

Configure RTA:




RT-A(config-if)#mpls label protocol ldp

Configure RTB:




RT-B(config-if)#mpls label protocol ldp




[RT-D]mpls [RT-D-mpls]lsp-trigger all [RT-D]mpls ldp [RT-D-gigabitethernet2/0/2]mpls [RT-D-gigabitethernet2/0/2]mpls ldp [RT-D-gigabitethernet2/0/4]mpls [RT-D-gigabitethernet2/0/4]mpls ldp

5

Configure RTC:



After the configuration, LDP sessions are set up between RT-A, RT-B, RT-D and RT-C. After running following commands on the devices, you can find the status of the session is "Operational" in the display result. Run the display mpls ldp lsp command, and view the state of the LDP LSP.

RT-A>show mpls ldp neighbor

[RT-C] display mpls ldp session

[RT-C]display mpls ldp peer


[RT-C] display mpls ldp lsp


Step 4 Configure SW-A & RT-A for 100.0.1.0/24.




RT-A(config-if)#switchport trunk allowed vlan all



SW-A(config-if)# switchport mode trunk

SW-A(config-if)#switchport trunk allow vlan all

SW-A(config-if)#no shut

SW-A(config)# vlan 100

SW-A(config)# interface fastEthernet 0/9

SW-A(config-if)#switchport access vlan 100

SW-A(config-if)#port-type nni


6

PC-A:- On the second interface card give following IP

IP- 100.0.1.2

Mask-255.255.255.0

Gateway-100.0.1.1

On Command prompt add folowing route

Route add 100.0.2.0 mask 255.255.255.0 100.0.1.1 metric 1

Step 5 Configure SW-C & RT-C for 100.0.2.0/24.





[RT-C]vlan 100





[SW-C ]vlan 100

[SW-C ]interface Ethernet 0/0/9

[SW-C-ethernet0/0/9]port link-type access

[SW-C-ethernet0/0/9]port default vlan 100

[SW-C-ethernet0/0/9]undo shut

PC-C:- On the second interface card give following IP

IP- 100.0.2.2

Mask-255.255.255.0

Gateway-100.0.2.1

On Command prompt add folowing route

Route add 100.0.1.0 mask 255.255.255.0 100.0.2.1 metric 1

Step 6 Configure VPN instances on PEs (RT-A & RT-C) and bind the instance to the interfaces of CEs.

# Configure RT-A (PE1).

RT-A(config)# ip vrf vpna

RT-A(config-vrf)# rd 100: 1

RT-A(config-vrf)# route-target export 111:1

RT-A(config-vrf)# route-target import 111:1

RT-A(config)# interface vlan 100

RT-A(config-if)# ip vrf forwarding vpna

RT-A(config-if)# ip address 100.0.1.1 255.255.255.0


7

# Configure RT-C (PE2).

[RT-C] ip vpn-instance vpna

[RT-C-vpn-instance-vpna] route-distinguisher 200:1

[Rt-C-vpn-instance-vpna] vpn-target 111:1 both

[RT-C] interface vlanif 100

[RT-C-vlanif100] ip binding vpn-instance vpna

[RT-C-vlanif100]ip address 100.0.2.1 24

[RT-C-vlanif100]undo shut

After the configuration, view the configuration of VPN instances by running following commands on the PEs. The PE can ping through its own CE.

RT-A# show ip vrf

RT-A#show ip route vrf vpna

[RT-C] display ip vpn-instance

[RT-C] display ip vpn-instance verbose

[RT-C] display ip routing-table vpn-instance vpna

RT-A# ping vrf vpna 100.0.1.1

RT-A# ping vrf vpna 100.0.1.2

[RT-C] ping -vpn-instance vpna 100.0.2.1

[RT-C] ping -vpn-instance vpna 100.0.2.2

Step 7 Establish MP-IBGP peering between the PEs (RT-A & RT-C).

# Configure RT-A.


RT-A(config-router)# neighbor 10.0.255.31 remote-as 65000

RT-A(config-router)# neighbor 10.0.255.31 update-source loopback0

RT-A(config-router)# address-family vpnv4

RT-A(config-router-af)# neighbor 10.0.255.31 activate

RT-A(config-router)# address-family ipv4 vrf vpna

RT-A(config-router-af)# redistributed connected

# Configure RT-C.

[RT-C] bgp 65000


[RT-C-bgp] peer 10.0.255.11 connect-interface loopback 0

[RT-C-bgp] ipv4-family vpnv4

[RT-C-bgp-af-vpnv4] peer 10.0.255.11 enable

8

[RT-C-bgp] ipv4-family vpn-instance vpna

[RT-C-bgp-vpna] import-route direct

After the configuration, you can find that the BGP peer relationship has been set up between PE1 and PE2 by running the following commands

RT-A#sh bgp neig

BGP neighbor is 10.0.255.31, remote AS 65000, internal link

BGP version 4, remote router ID 10.0.255.31

BGP state = Established, up for 00:27:17

Last read 00:00:47, last write 00:00:32, hold time is 180, keepalive interval is 60 seconds

Neighbor sessions:

1 active, is not multisession capable

Neighbor capabilities:

Route refresh: advertised and received(new)

Address family IPv4 Unicast: advertised and received

Address family VPNv4 Unicast: advertised and received

Message statistics:

InQ depth is 0

OutQ depth is 0

Sent Rcvd

Opens: 1 1

Notifications: 0 0

Updates: 2 1

Keepalives: 28 32

Route Refresh: 0 0

Total: 31 34

Default minimum time between advertisement runs is 0 seconds

9

RT-A#show bgp vpnv4 unicast vrf vpna






Route Distinguisher: 100:1 (default for vrf vpna)

*> 100.0.1.0/24 0.0.0.0 0 32768 ?

*>i100.0.2.0/24 10.0.255.31 0 100 0 ?

[RT-C]display bgp peer

BGP local router ID : 10.0.255.31

Local AS number : 65000

Total number of peers : 1 Peers in established state : 1

Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv

10.0.255.11 4 65000 42 52 0 00:15:53 Established 0

[RT-C]display bgp vpnv4 all peer





10.0.255.11 4 65000 42 53 0 00:16:20 Established 1

10

Check:

Find the route to peer CEs(PC-A & PC-C).

RT-A# show ip route vrf vpna

Routing Table: vpna

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, + - replicated route


100.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

C 100.0.1.0/24 is directly connected, Vlan100

L 100.0.1.1/32 is directly connected, Vlan100

B 100.0.2.0/24 [200/0] via 10.0.255.31, 00:32:38

[RT-C]display ip routing-table vpn-instance vpna

Route Flags: R - relay, D - download to fib

------------------------------------------------------------------------------

Routing Tables: vpna

Destinations : 7 Routes : 7

Destination/Mask Proto Pre Cost Flags NextHop Interface

11

100.0.1.0/24 BGP 255 0 RD 10.0.255.11 GigabitEthernet1/0/2

100.0.2.0/24 Direct 0 0 D 100.0.2.1 Vlanif100

100.0.2.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

100.0.2.2/32 Direct 0 0 D 100.0.2.2 Vlanif100

100.0.2.3/32 Direct 0 0 D 100.0.2.3 Vlanif100



The CEs (PC-A & PC-C) in the same VPN can ping through each other

PC-A> ping 100.0.2.2

PC-C> ping 100.0.1.2

You can also ping from PEs VRF

RT-A#ping vrf vpna 100.0.2.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 100.0.2.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

RT-A#ping vrf vpna 100.0.2.2



!!!!!


[RT-C]ping -vpn-instance vpna 100.0.1.1

12

PING 100.0.1.1: 56 data bytes, press CTRL_C to break

Reply from 100.0.1.1: bytes=56 Sequence=1 ttl=253 time=1 ms





--- 100.0.1.1 ping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 1/1/1 ms

[RT-C]ping -vpn-instance vpna 100.0.1.2










0.00% packet loss


13

1) View the interface on which the LDP runs:

RT-A#show mpls interfaces

Interface IP Tunnel BGP Static Operational


[RT-C]display mpls ldp interface

LDP Interface Information in Public Network

------------------------------------------------------------------------------

IF-Name Status LAM Transport-Address Hello-Sent/Rcv

------------------------------------------------------------------------------

GE1/0/2 Active DU 10.0.255.31 16551/16529

------------------------------------------------------------------------------

LAM: Label Advertisement Mode IF-Name: Interface name

2) View the established LDP Session:

RT-A#show mpls ldp neighbor


TCP connection: 10.0.255.21.11000 - 10.0.255.11.646


Up time: 23:18:53




10.0.1.2 10.0.2.1 10.0.255.21

14


LDP Peer Information in Public network

------------------------------------------------------------------------------

Peer-ID Transport-Address Discovery-Source

------------------------------------------------------------------------------


------------------------------------------------------------------------------

TOTAL: 1 Peer(s) Found.

3) To view the label switching in the whole forwarding process:





16 Pop Label 10.0.2.0/30 0 Gi2/2 10.0.1.2

17 16 10.0.3.0/30 0 Gi2/2 10.0.1.2

18 Pop Label 10.0.255.21/32 0 Gi2/2 10.0.1.2

19 18 10.0.255.31/32 0 Gi2/2 10.0.1.2

20 19 10.0.255.41/32 0 Gi2/2 10.0.1.2

21 Pop Label IPv4 VRF[V] 1420 aggregate/vpna

On RT-A, the outbound label to PE2 is 18. View the MPLS LSP of RT-B:

15

RT-B#sh mpls forwarding-table



16 Pop Label 10.0.3.0/30 490 Gi1/3 10.0.2.2

17 Pop Label 10.0.255.11/32 464681 Gi1/1 10.0.1.1

18 1027 10.0.255.31/32 486060 Gi1/3 10.0.2.2

19 Pop Label 10.0.255.41/32 0 Gi1/3 10.0.2.2

On RT-B, inbound label being 18 are switched to 1027. On RT-D, view the MPLS LSP:

[RT-D]display mpls lsp

-------------------------------------------------------------------------------


-------------------------------------------------------------------------------


10.0.255.41/32 3/NULL -/-

10.0.2.0/30 3/NULL -/-

10.0.255.31/32 NULL/3 -/GE2/0/2

10.0.255.31/32 1027/3 -/GE2/0/2

10.0.1.0/30 1024/3 -/GE2/0/4

10.0.1.0/30 NULL/3 -/GE2/0/4

10.0.255.11/32 1026/17 -/GE2/0/4

10.0.255.11/32 NULL/17 -/GE2/0/4

10.0.255.21/32 1025/3 -/GE2/0/4

10.0.255.21/32 NULL/3 -/GE2/0/4

10.0.3.0/30 3/NULL -/-

Outbound label of the packet with inbound label 1027 is 3. It indicates that RT-D is the penultimate hop and thus needs to pop off the label

16


-------------------------------------------------------------------------------

LSP Information: BGP LSP

-------------------------------------------------------------------------------


100.0.2.0/24 115712/NULL -/- vpna

-------------------------------------------------------------------------------


-------------------------------------------------------------------------------


10.0.255.31/32 3/NULL -/-

10.0.255.41/32 NULL/3 -/GE1/0/2

10.0.2.0/30 NULL/3 -/GE1/0/2

10.0.1.0/30 NULL/1024 -/GE1/0/2

10.0.255.21/32 NULL/1025 -/GE1/0/2

10.0.255.11/32 NULL/1026 -/GE1/0/2


1

Lab 8- L3 VPN (Router port is given to customer)



RT-C

2/0/2

1/0/2

RT-A 2/0/42/2

1/3RT-B

1/1

RT-D2/1

1/1

1/0/8

1/0/4

RT-F

RT-E

Group1- RT-A, RT-F

Group2- RT-B, RT-D

Group3- RT-C, RT-E

RT-A

Lo- 10.0.255.11/32

2/2 -10.0.1.1/30

2/1 –100.0.1.1/24

RT-B

Lo- 10.0.255.21/32

1/1 -10.0.1.2/30

1/3 -10.0.2.1/30

RT-C

Lo- 10.0.255.31/32

1/0/2 -10.0.3.2/30

1/0/8 –100.0.2.1/24

RT-D

Lo- 10.0.255.41/32

2/0/4 -10.0.2.2/30

2/0/2 -10.0.3.1/30

RT-E

Lo- 100.0.255.1/32

1/0/4 –100.0.2.2/24

RT-F

Lo- 100.0.255.2/32

1/1 -100.0.1.2/24

2

Configuration Roadmap

RD= PE loopback IP: 1

RT=100:1 (every site can talk to any other site)

1. Configure IP address 2. Enable OSPF 3. Enable MPLS 4. Enable LDP 5. Create VRF + RD + RT 6. Bind interface to VRF 7. iBGP between PE 8. Redistribute connected into BGP











3

[RT-D]ospf 100




[RT-C]ospf 100









Step 3 Configure basic MPLS functions and MPLS LDP on the MPLS backbone network to setup LDP LSP.

Configure RTA:





Configure RTB:








[RT-D]mpls [RT-D-mpls]lsp-trigger all [RT-D]mpls ldp [RT-D-gigabitethernet2/0/2]mpls

4

[RT-D-gigabitethernet2/0/2]mpls ldp [RT-D-gigabitethernet2/0/4]mpls [RT-D-gigabitethernet2/0/4]mpls ldp

Configure RTC:



After the configuration, LDP sessions are set up between RT-A, RT-B, RT-D and RT-C. After running following commands on the devices, you can find the status of the session is "Operational" in the display result. Run the display mpls ldp lsp command, and view the state of the LDP LSP.

RT-A>show mpls ldp neighbor

[RT-C] display mpls ldp session



[RT-C] display mpls ldp lsp


Step 4 Configure VPN instances on PEs (RT-A & RT-C) and bind the instance to the interfaces of CEs.

# Configure RT-A (PE1).

RT-A(config)# ip vrf vpnb

RT-A(config)# rd 100: 2

RT-A(config)# # route-target export 222:2

RT-A(config)# # route-target import 222:2

RT-A(config)# interface gigabitethernet 2/1

RT-A(config-if)# ip vrf forwarding vpnb

RT-A(config-if)# ip address 100.0.1.1 255.255.255.0


# Configure RT-C (PE2).

[RT-C] ip vpn-instance vpnb

[RT-C-vpn-instance-vpna] route-distinguisher 200:2

[Rt-C-vpn-instance-vpna] vpn-target 222:2 both

[RT-C] interface gigabitethernet 1/0/8

[RT-C-GigabitEthernet1/0/8] ip binding vpn-instance vpnb

[RT-C- GigabitEthernet1/0/8]ip address 100.0.2.1 24

[RT-C- GigabitEthernet1/0/8]undo shut

5

Step 5 Configure a routing protocol between the PE and the CE, and import routes to the VPN routing table.

# Configure RT-E.

[RT-E] bgp 65400


[RT-E-bgp] peer 100.0.2.1 ebgp-max-hop 2

[RT-E-bgp] import-route direct

# Configure RT-C.

[RT-C] bgp 65000

[RT-C-bgp] ipv4-family vpn-instance vpnb

[RT-C-bgp-vpnb] peer 100.0.2.2 as-number 65400

[RT-C-bgp-vpnb] peer 100.0.2.2 ebgp-max-hop 2

# Configure RT-F.

RT-F(config)# ip route 0.0.0.0 0.0.0.0 100.0.1.1

After the configuration, view the configuration of VPN instances by running following commands on the PEs. The PE can ping through its own CE.

RT-A# show ip vrf

RT-A#show ip route vrf vpnb

[RT-C] display ip vpn-instance

[RT-C] display ip vpn-instance verbose

[RT-C] display ip routing-table vpn-instance vpnb

RT-A# ping vrf vpnb 100.0.1.1

RT-A# ping vrf vpnb 100.0.1.2

[RT-C] ping -vpn-instance vpnb 100.0.2.1

[RT-C] ping -vpn-instance vpnb 100.0.2.2

Step 6 Establish MP-IBGP peers between the PEs (RT-A & RT-C).

# Configure RT-A.


RT-A(config-router)# neighbor 10.0.255.31 remote-as 65000

RT-A(config-router)# neighbor 10.0.255.31 update-source loopback0

RT-A(config-router)# address-family vpnv4

RT-A(config-router-af)# neighbor 10.0.255.31 activate

RT-A(config-router)# address-family ipv4 vrf vpnb

6

RT-A(config-router-af)# redistributed connected

# Configure RT-C.

[RT-C] bgp 65000


[RT-C-bgp] peer 10.0.255.11 connect-interface loopback 0

[RT-C-bgp] ipv4-family vpnv4

[RT-C-bgp-af-vpnv4] peer 10.0.255.11 enable

[RT-C-bgp] ipv4-family vpn-instance vpnb

[RT-C-bgp-vpna] import-route direct

After the configuration, you can find that the BGP peer relationship has been set up between PE1 and PE2 by running the following commands

RT-A#sh bgp nei

BGP neighbor is 10.0.255.31, remote AS 65000, internal link

BGP version 4, remote router ID 10.0.255.31

BGP state = Established, up for 05:11:47

Last read 00:00:51, last write 00:00:05, hold time is 180, keepalive interval is 60 seconds

Neighbor sessions:

1 active, is not multisession capable

Neighbor capabilities:

Route refresh: advertised and received(new)

Address family IPv4 Unicast: advertised and received

Address family VPNv4 Unicast: advertised and received

Message statistics:

InQ depth is 0

OutQ depth is 0

Sent Rcvd

Opens: 1 1

Notifications: 0 0

Updates: 5 9

Keepalives: 309 354

7

Route Refresh: 2 1

Total: 317 365

Default minimum time between advertisement runs is 0 seconds

RT-A#show bgp vpnv4 unicast vrf vpnb






Route Distinguisher: 100:2 (default for vrf vpnb)

*> 100.0.1.0/24 0.0.0.0 0 32768 ?

*>i100.0.2.0/24 10.0.255.31 0 100 0 ?

*>i100.0.255.1/32 10.0.255.31 0 100 0 65400 ?

[RT-C]display bgp peer





10.0.255.11 4 65000 342 401 0 05:15:31 Established 0

[RT-C]display bgp vpnv4 all peer




8


10.0.255.11 4 65000 343 401 0 05:16:00 Established 2

Peer of vpn instance :

vpn instance vpnb :

100.0.2.2 4 65400 42 50 0 00:36:42 Established 2

Check:

Find the route to peer CEs (RT-F & RT-E).

RT-A#show ip route vrf vpnb

Routing Table: vpnb

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, + - replicated route


100.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

C 100.0.1.0/24 is directly connected, GigabitEthernet2/1

L 100.0.1.1/32 is directly connected, GigabitEthernet2/1

B 100.0.2.0/24 [200/0] via 10.0.255.31, 00:30:56

B 100.0.255.1/32 [200/0] via 10.0.255.31, 00:30:56

9

[RT-C]display ip routing-table vpn-instance vpnb

Route Flags: R - relay, D - download to fib

------------------------------------------------------------------------------

Routing Tables: vpnb

Destinations : 6 Routes : 6

Destination/Mask Proto Pre Cost Flags NextHop Interface


100.0.2.0/24 Direct 0 0 D 100.0.2.1 GigabitEthernet1/0/8





The CEs (RT-F & RT-E) in the same VPN can ping through each other

RT-F> ping 100.0.2.2

Rt-E> ping 100.0.1.2

You can also ping from PEs VRF

RT-A#ping vrf vpnb 100.0.2.1



!!!!!


10

RT-A#ping vrf vpnb 100.0.2.2



!!!!!


[RT-C]ping -vpn-instance vpnb 100.0.1.1










0.00% packet loss


[RT-C]ping -vpn-instance vpnb 100.0.1.2







11




0.00% packet loss


To view the label switching in the whole forwarding process:





16 Pop Label 10.0.2.0/30 0 Gi2/2 10.0.1.2

17 16 10.0.3.0/30 0 Gi2/2 10.0.1.2

18 Pop Label 10.0.255.21/32 0 Gi2/2 10.0.1.2

19 18 10.0.255.31/32 0 Gi2/2 10.0.1.2

20 19 10.0.255.41/32 0 Gi2/2 10.0.1.2

21 Pop Label IPv4 VRF[V] 1420 aggregate/vpna

22 Pop Label IPv4 VRF[V] 2672 aggregate/vpnb

On RT-A, the outbound label to PE2 is 18. View the MPLS LSP of RT-B:

RT-B#sh mpls forwarding-table



16 Pop Label 10.0.3.0/30 490 Gi1/3 10.0.2.2

17 Pop Label 10.0.255.11/32 1875863 Gi1/1 10.0.1.1

18 1027 10.0.255.31/32 1968423 Gi1/3 10.0.2.2

19 Pop Label 10.0.255.41/32 0 Gi1/3 10.0.2.2

12

On RT-B, inbound label being 18 are switched to 1027. On RT-D, view the MPLS LSP:

[RT-D]disp mpls ls

-------------------------------------------------------------------------------


-------------------------------------------------------------------------------


10.0.255.41/32 3/NULL -/-

10.0.2.0/30 3/NULL -/-

10.0.255.31/32 NULL/3 -/GE2/0/2

10.0.255.31/32 1027/3 -/GE2/0/2

10.0.1.0/30 1024/3 -/GE2/0/4

10.0.1.0/30 NULL/3 -/GE2/0/4

10.0.255.11/32 1026/17 -/GE2/0/4

10.0.255.11/32 NULL/17 -/GE2/0/4

10.0.255.21/32 1025/3 -/GE2/0/4

10.0.255.21/32 NULL/3 -/GE2/0/4

10.0.3.0/30 3/NULL -/-

Outbound label of the packet with inbound label 1027 is 3. It indicates that RT-D is the penultimate hop and thus needs to pop off the label

[RT-C]disp mpls ls

-------------------------------------------------------------------------------

LSP Information: BGP LSP

-------------------------------------------------------------------------------


100.0.2.0/24 115712/NULL -/- vpna

100.0.2.0/24 115713/NULL -/- vpnb

100.0.255.1/32 115714/NULL -/- vpnb

13

-------------------------------------------------------------------------------


-------------------------------------------------------------------------------


10.0.255.31/32 3/NULL -/-

10.0.255.41/32 NULL/3 -/GE1/0/2

10.0.2.0/30 NULL/3 -/GE1/0/2

10.0.1.0/30 NULL/1024 -/GE1/0/2

10.0.255.21/32 NULL/1025 -/GE1/0/2

10.0.255.11/32 NULL/1026 -/GE1/0/2


1

Lab 9- L2 VPN (sub-interface on 7609 and SVI on CX600)

CX600- RT-C

C7609-RT-A, RT-B

C3400 – SW-A

CX200D – SW-C

RT-C

1/0/6

RT-A 2/2

1/2

RT-B

1/1

2/3

Ge0/1

1/0/0 Ge 0/0/1

SW-A

SW-C

Group1- RT-B

Group2- RT-A, SW-A

Group3- RT-C, SW-C

AS 65000

RT-A

Lo- 10.0.255.11/32

2/2 -10.0.1.1/30

2/3 –switchport

RT-C

Lo- 10.0.255.31/32

1/0/0 -10.0.2.2/30

1/0/6 –switchport

Fe0/9

PC-A

PC-C

Fe 0/0/9

RT-B

Lo- 10.0.255.21/32

1/1 -10.0.1.2/30

1/2 -10.0.2.1/30

2

Configuration Procedure Step 1 Configure CE.

In our example CE is a PC, therefore configure

PC-A- IP- 50.0.0.1/24

PC-C- IP- 50.0.0.2/24

If CE is a Router, configure a sub interface as below

# Huawei

<Quidway> system-view

[Quidway] sysname CE1

[CE1] interface gigabitethernet 1/0/0

[CE1-GigabitEthernet1/0/0] undo shutdown

[CE1-GigabitEthernet1/0/0] quit

[CE1] interface gigabitethernet 1/0/0.1

[CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 100

[CE1-GigabitEthernet1/0/0.1] ip address 50.0.0.1 24

[CE1-GigabitEthernet1/0/0.1] undo shutdown

[CE1-GigabitEthernet1/0/0.1] quit

# Cisco

interface GigabitEthernet2/4.100

encapsulation dot1Q 100

ip address 50.0.0.1 255.255.255.0

Step 2 Configure SW-A, SW-C

# Configure SW-A.







VLAN – 100(A) & 200 (C)

VC ID – 10

VSI - 11

3



# Configure SW-C.





[SW-C ]vlan 200












[RT-C]ospf 100









Step 4 Configure MPLS basic capability and LDP on MPLS backbone network.

# Configure RT-A.




4


# Configure RT-B.







# Configure RT-C.


[RT-C]mpls [RT-C]mpls ldp [RT-C-gigabitethernet1/0/2]mpls [RT-C-gigabitethernet1/0/2]mpls ldp

Step 5 Establish the remote LDP session on PE.

# Configure RT-C.

[PE2] mpls ldp remote-peer 1

[PE2-mpls-ldp-remote-1] remote-ip 10.0.255.11

[PE2-mpls-ldp-remote-1] quit

After the configuration, run the display mpls ldp session command on PE2 to check the establishment of the LDP session. You can find that the remote LDP session between PE1 and PE2 is newly set up.

[RT-C]display mpls ldp session

LDP Session(s) in Public Network

------------------------------------------------------------------------------

Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv

------------------------------------------------------------------------------

10.0.255.11:0 Operational DU Active 000:01:37 389/444


------------------------------------------------------------------------------

TOTAL: 2 session(s) Found.

LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM

RT-A#sh mpls ldp neighbor


TCP connection: 10.0.255.21.11037 - 10.0.255.11.646


Up time: 02:08:12



5


10.0.1.2 10.0.255.21 10.0.2.1


TCP connection: 10.0.255.31.49803 - 10.0.255.11.646


Up time: 01:47:50


Targeted Hello 10.0.255.11 -> 10.0.255.31, active, passive


10.0.2.2 10.0.255.31

Step 6 Enable MPLS L2VPN on PE and create the VC connection.

# On RT-A, create a VC on sub interface Gigabit Ethernet 2/3.100, which connects PC-A through SW-A.

RT-A(config)#interface gigabitetherent 2/3


RT-A(config-if)# switchport trunk encapsulation dot1q

RT-A(config-if)# switchport mode trunk


RT-A(config)#interface gigabitetherent 2/3.100

RT-A(config-subif)#encapsulation dot1q 100

RT-A(config-subif)#xconnect 10.0.255.31 10 encap mpls

# On RT-C, create a VSI, which connects PC-C through SW-C.

[RT-C] mpls l2vpn

[RT-C-l2vpn] mpls l2vpn default martini

[RT-C]Vlan 200

[RT-C]vsi 11 static

[RT-C-vsi-11]pwsignal ldp

[RT-C-vsi-11-ldp]vsi-id 10

[RT-C-vsi-11-ldp]peer 10.0.255.11


[RT-C-vlanif200] l2 binding vsi 11

[RT-C] interface gigabitethernet1/0/6




[RT-C-GigabitEthernet1/0/6] undo shutdown

Extra info- Command for Cisco



RT-A(config-if)#no ip address

RT-A(config-if)#xconnect 10.0.255.11 10 encap mpls


6

Check:- PC-A and PC-C can successfully ping each other.

Check the L2VPN connection on the PEs. You can find that an L2VC is set up and the VC status is Up.

RT-A#sh mpls l2transport vc

Local intf Local circuit Dest address VC ID Status

------------- -------------------------- --------------- ---------- ----------

Gi2/3.100 Eth VLAN 100 10.0.255.31 10 UP

[RT-C]display vsi name 11

Vsi Mem PW Mac Encap Mtu Vsi

Name Disc Type Learn Type Value State

--------------------------------------------------------------------------

11 static ldp unqualify vlan 1500 up

1

Lab 10- L2 VPN (sub-interface both sides) (Optional)

CX600- RT-C

C7609-RT-A, RT-B

C3400 – SW-A

CX200D – SW-C

RT-C

1/0/6

RT-A 2/2

1/2

RT-B

1/1

2/3

Ge0/1

1/0/0 Ge 0/0/1

SW-A

SW-C

Group1- RT-B

Group2- RT-A, SW-A

Group3- RT-C, SW-C

AS 65000

RT-A

Lo- 10.0.255.11/32

2/2 -10.0.1.1/30

2/3 –switchport

RT-C

Lo- 10.0.255.31/32

1/0/0 -10.0.2.2/30

1/0/6 –switchport

Fe0/9

PC-A

PC-C

Fe 0/0/9

RT-B

Lo- 10.0.255.21/32

1/1 -10.0.1.2/30

1/2 -10.0.2.1/30

2


In our example CE is a PC, therefore configure

PC-A- IP- 50.0.0.1/24

PC-C- IP- 50.0.0.2/24

If CE is a Router, configure a sub interface as below

# Huawei

<Quidway> system-view

[Quidway] sysname CE1

[CE1] interface gigabitethernet 1/0/0

[CE1-GigabitEthernet1/0/0] undo shutdown

[CE1-GigabitEthernet1/0/0] quit

[CE1] interface gigabitethernet 1/0/0.1

[CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 100

[CE1-GigabitEthernet1/0/0.1] ip address 50.0.0.1 24

[CE1-GigabitEthernet1/0/0.1] undo shutdown

[CE1-GigabitEthernet1/0/0.1] quit

# Cisco

interface GigabitEthernet2/4.100

encapsulation dot1Q 100

ip address 50.0.0.1 255.255.255.0

Step 2 Configure SW-A, SW-C

# Configure SW-A.







VLAN – 100(A) & 200 (C)

VC ID - 10

3



# Configure SW-C.





[SW-C ]vlan 200












[RT-C]ospf 100









Step 4 Configure MPLS basic capability and LDP on MPLS backbone network.

# Configure RT-A.




4


# Configure RT-B.







# Configure RT-C.



Step 5 Establish the remote LDP session on PE.

# Configure RT-C.



[PE2-mpls-ldp-remote-1] quit

After the configuration, run the display mpls ldp session command on PE2 to check the establishment of the LDP session. You can find that the remote LDP session between PE1 and PE2 is newly set up.

[RT-C]display mpls ldp session


------------------------------------------------------------------------------


------------------------------------------------------------------------------



------------------------------------------------------------------------------





TCP connection: 10.0.255.21.11037 - 10.0.255.11.646


Up time: 02:08:12



5


10.0.1.2 10.0.255.21 10.0.2.1


TCP connection: 10.0.255.31.49803 - 10.0.255.11.646


Up time: 01:47:50




10.0.2.2 10.0.255.31

Step 6 Enable MPLS L2VPN on PE and create the VC connection.

# On RT-A, create a VC on sub interface Gigabit Ethernet 2/3.100, which connects PC-A through SW-A.






RT-A(config)#interface gigabitetherent 2/3.100

RT-A(config-subif)#encapsulation dot1q 100

RT-A(config-subif)#xconnect 10.0.255.31 10 encap mpls

# On RT-C, create a VC on sub interface, which connects PC-C through SW-C.

[RT-C] mpls l2vpn

[RT-C-l2vpn] mpls l2vpn default martini




[RT-C-GigabitEthernet1/0/6]port trunk allow-pass vlan 127


[RT-C] interface gigabitethernet1/0/6.200

[RT-C-GigabitEthernet1/0/6.200] mpls l2vc 10.0.255.11 10

[RT-C-GigabitEthernet1/0/6.200]vlan-type dot1q 200

6

Check:- PC-A and PC-C can successfully ping each other.

Check the L2VPN connection on the PEs. You can find that an L2VC is set up and the VC status is Up.

RT-A#sh mpls l2transport vc

Local intf Local circuit Dest address VC ID Status

------------- -------------------------- --------------- ---------- ----------

Gi2/3.100 Eth VLAN 100 10.0.255.31 10 UP

[RT-C]display mpls l2vc interface GigabitEthernet 1/0/6.200

*client interface : GigabitEthernet1/0/6.200 is up

session state : up

AC state : up

VC state : up

VC ID : 10

VC type : VLAN

destination : 10.0.255.11

local group ID : 0 remote group ID : 0

local VC label : 146432 remote VC label : 20

local AC OAM State : up

local PSN State : up

local forwarding state : forwarding

remote AC OAM state : up

remote PSN state : up

remote forwarding state: forwarding

BFD for PW : unavailable

manual fault : not set

active state : active

forwarding entry : exist

link state : up

local VC MTU : 1500 remote VC MTU : 1500

local VCCV : Disable

remote VCCV : alert lsp-ping

local control word : disable remote control word : disable

tunnel policy name : --

traffic behavior name : --

PW template name : --

primary or secondary : primary

VC tunnel/token info : 1 tunnels/tokens

NO.0 TNL type : lsp , TNL ID : 0x1008001

create time : 0 days, 0 hours, 32 minutes, 48 seconds

up time : 0 days, 0 hours, 21 minutes, 25 seconds

last change time : 0 days, 0 hours, 21 minutes, 25 seconds

1

Lab 11- VPLS (using SVI on CX600)

CX600- RT-C, RT-D, RT-E C3400 – SW-D CX200D – SW-C, SW-E

RT-E 1/0/6

RT-C 1/0/2

2/0/0

RT-D

2/0/2

1/0/6

Ge 0/0/1

1/0/0 Ge 0/0/1

SW-C

SW-E

Group1- RT-C, SW-C Group2- RT-D, SW-D Group3- RT-E, SW-E

AS 65000 RT-C

Lo- 10.0.255.31/32 1/0/2 -10.0.1.1/30 1/0/6 –switchport

RT-D Lo- 10.0.255.41/32 2/0/0 -10.0.2.1/30 2/0/2 -10.0.1.2/30 2/0/8 –switchport

RT-E Lo- 10.0.255.51/32 1/0/0 -10.0.2.2/30 1/0/6 –switchport

Ge 0/1

2/0/8

SW-D

VLAN – 10, 20 & 30 vsi - 50

VC ID - 25

2

Configuration Procedure Step 1 Configure SW & RT for access

# Configure RT-C & SW-C.









[SW-C ]vlan 10

[SW-C ]interface vlanif 10


[SW-C- vlanif10]undo shut

# Configure RT-D & SW-D.

[RT-D] interface gigabitethernet2/0/8

[RT-D-GigabitEthernet2/0/8]portswitch

[RT-D-GigabitEthernet2/0/8]port link-type trunk

[RT-D-GigabitEthernet2/0/8]port trunk allow-pass vlan all

[RT-D-GigabitEthernet2/0/8] undo shutdown

SW-D(config-if)# switchport mode trunk

SW-D(config-if)#switchport trunk allowed vlan all

SW-D(config-if)#port-type nni

SW-D(config-if)#no shut

SW-D(config)# vlan 20

SW-D(config)# interface vlan 20

SW-D(config-if)#ip address 1.0.0.2 255.0.0.0

SW-D(config-if)#no shut

# Configure RT-E & SW-E.

[RT-E] interface gigabitethernet1/0/6

[RT-E-GigabitEthernet1/0/6]portswitch

[RT-E-GigabitEthernet1/0/6]port link-type trunk

[RT-E-GigabitEthernet1/0/6]port trunk allow-pass vlan all

[RT-E-GigabitEthernet1/0/6] undo shutdown

[SW-E-gigabitethernet0/0/1]port link-type trunk

[SW-E-gigabitethernet0/0/1]port trunk allow-pass vlan all

[SW-E-gigabitethernet0/0/1]undo shut

3

[SW-E ]vlan 30

[SW-E]interface vlanif 30

[SW-E-vlanif30]ip address 1.0.0.3 255.0.0.0

[SW-E- vlanif30]undo shut

Step 2 Configure OSPF.

[RT-C]ospf 100




[RT-D]ospf 100




[RT-E]ospf 100

[RT-E-ospf-100]area 0



Step 3 Configure basic MPLS capability and LDP.

# Configure RT-C. [RT-C]mpls lsr-id 10.0.255.31


# Configure RT-D.

[RT-D]mpls lsr-id 10.0.255.41

[RT-D]mpls [RT-D]mpls ldp [RT-D-gigabitethernet2/0/0]mpls [RT-D-gigabitethernet2/0/0]mpls ldp [RT-D-gigabitethernet2/0/2]mpls [RT-D-gigabitethernet2/0/2]mpls ldp

# Configure RT-E.

[RT-E]mpls lsr-id 10.0.255.51

[RT-E]mpls [RT-E]mpls ldp [RT-E-gigabitethernet1/0/0]mpls

4

[RT-E-gigabitethernet1/0/0]mpls ldp

Step 4 Configure remote session of LDP.

# Configure RT-C.

[RT-C] mpls ldp remote-peer 1

[RT-C-mpls-ldp-remote-1] remote-ip 10.0.255.51

# Configure RT-E.

[RT-E] mpls ldp remote-peer 1

[RT-E-mpls-ldp-remote-1] remote-ip 10.0.255.31

After the configuration, run the display mpls ldp session command on PEs to check the establishment of the LDP session. You can find that the remote LDP session between PEs are newly set up.

[RT-C]disp mpls ldp session


------------------------------------------------------------------------------


------------------------------------------------------------------------------



------------------------------------------------------------------------------



Step 5 Enable MPLS L2VPN on PEs.

# Configure RT-C. [RT-C] mpls l2vpn

# Configure RT-D. [RT-D] mpls l2vpn

# Configure RT-E. [RT-E] mpls l2vpn

5

Step 6 Configure a VSI on each PE.

# Configure RT-C.

[RT-C]vsi 50 static



[RT-C-vsi-50-ldp]peer 10.0.255.41

[RT-C-vsi-50-ldp]peer 10.0.255.51

# Configure RT-D. [RT-D]vsi 50 static

[RT-D-vsi-50]pwsignal ldp

[RT-D-vsi-50-ldp]vsi-id 25

[RT-D-vsi-50-ldp]peer 10.0.255.31

[RT-D-vsi-50-ldp]peer 10.0.255.51

# Configure RT-E. [RT-E]vsi 50 static

[RT-E-vsi-50]pwsignal ldp

[RT-E-vsi-50-ldp]vsi-id 25

[RT-E-vsi-50-ldp]peer 10.0.255.31

[RT-E-vsi-50-ldp]peer 10.0.255.41

Step 7 Bind the VSI with the interface on PE.

# Configure RT-C.

[RT-C] vlan 10




# Configure RT-D. [RT-D] vlan 20

[RT-D] interface vlanif 20

[RT-D-vlanif20] l2 binding vsi 50

[RT-D-vlanif20]undo shut

# Configure RT-E. [RT-E] vlan 30

[RT-E] interface vlanif 30

[RT-E-vlanif30] l2 binding vsi 50

[RT-E-vlanif30]undo shut

6

Step 8 Verify the configuration.

After the configuration, run the following command on PEs, and you can see that VSI named 50 establishes a PW to PE1 & PE2 and the VSI is Up.

[RT-C]disp vsi name 50



--------------------------------------------------------------------------


Check:-

Ping from [SW-C]ping 1.0.0.2

Ping from [SW-C]ping 1.0.0.3

Similarly try from other switches

1

Lab 12- VPLS (using SVI) (Optional) Note- VFI/VSI will be UP, but will not ping because 7609 don’t have OSM card.

CX600- RT-C C7609-RT-A, RT-B C3400 – SW-A CX200D – SW-B, SW-C

RT-C 1/0/6

RT-A 2/2

1/2

RT-B

1/1

2/3

Ge0/1

1/0/0 Ge 0/0/1

SW-A

SW-C

Group1- RT-A, SW-A Group2- RT-B, SW-B Group3- RT-C, SW-C

AS 65000 RT-A

Lo- 10.0.255.11/32 2/2 -10.0.1.1/30 2/3 –switchport

RT-B Lo- 10.0.255.21/32

1/1 -10.0.1.2/30 1/2 -10.0.2.1/30 1/4 –switchport

RT-C Lo- 10.0.255.31/32 1/0/0 -10.0.2.2/30 1/0/6 –switchport

Fe0/9

PC-A

PC-C Fe

0/0/9

Ge 0/0/1

1/4

PC-B SW-B

VLAN – 100,200 & 300 vfi/vsi - 2611 VC ID - 20

2


In our example CE is a PC, therefore configure PC-A- IP- 100.0.0.1/24 PC-B- IP- 100.0.0.2/24 PC-C- IP- 100.0.0.3/24

Step 2 Configure SW & RT for access

# Configure SW-A & RT-A.















# Configure SW-B & RT-B.

RT-B(config)#interface gigabitetherent 1/4

RT-B(config-if)#switchport

RT-B(config-if)# switchport trunk encapsulation dot1q

RT-B(config-if)# switchport mode trunk

RT-B(config-if)#no shut

[SW-B-gigabitethernet0/0/1]port link-type trunk

[SW-B-gigabitethernet0/0/1]port trunk allow-pass vlan all

[SW-B-gigabitethernet0/0/1]bpdu enable

[SW-B-gigabitethernet0/0/1]undo shut

[SW-B ]vlan 200

[SW-B ]interface Ethernet 0/0/9

[SW-B-ethernet0/0/9]port link-type access

[SW-B-ethernet0/0/9]port default vlan 200

3

[SW-B-ethernet0/0/9]undo shut

# Configure SW-C & RT-C.










[SW-C ]vlan 300





Step 3 Configure OSPF.







[RT-C]ospf 100




Step 4 Configure basic MPLS capability and LDP.

# Configure RT-A. RT-A(config)#mpls ip




# Configure RT-B. RT-B(config)#mpls ip



4




# Configure RT-C. [RT-C]mpls lsr-id 10.0.255.31


Step 5 Configure remote session of LDP.

# Configure RT-C.



After the configuration, run the display mpls ldp session or show mpls ldp neighbor command on PEs to check the establishment of the LDP session. You can find that the remote LDP session between PEs are newly set up.

[RT-C]disp mpls ldp session


------------------------------------------------------------------------------


------------------------------------------------------------------------------



------------------------------------------------------------------------------



RT-B#sh mpls ldp neighbor


TCP connection: 10.0.255.11.646 - 10.0.255.21.11037


Up time: 05:11:27





10.0.255.11 10.0.1.1


TCP connection: 10.0.255.31.51690 - 10.0.255.21.646


Up time: 04:58:30

5




10.0.2.2 10.0.255.31



TCP connection: 10.0.255.21.11037 - 10.0.255.11.646


Up time: 05:15:35





10.0.1.2 10.0.255.21 10.0.2.1


TCP connection: 10.0.255.31.51916 - 10.0.255.11.646


Up time: 01:02:43




10.0.2.2 10.0.255.31

Step 6 Enable MPLS L2VPN on PEs.

# Configure RT-C. [RT-C] mpls l2vpn

Step 7 Configure a VFI/VSI on each PE.

# Configure RT-A.

RT-A(config)#l2 vfi 2611 manual

RT-A(config-vfi)#vpn id 20

RT-A(config-vfi)#neighbor 10.0.255.21 encapsulation mpls


# Configure RT-B.

RT-B(config)#l2 vfi 2611 manual

RT-A(config-vfi)#vpn id 20



# Configure RT-C.

[RT-C]vsi 2611 static


6


[RT-C-vsi-2611-ldp]peer 10.0.255.11

[RT-C-vsi-2611-ldp]peer 10.0.255.21

Step 8 Bind the VSI/VFI with the interface on PE.

# Configure RT-A.



RT-A(config-if)#no ip address

RT-A(config-if)#xconnect vfi 2611


# Configure RT-B.

RT-B(config)#vlan 200

RT-B(config)#interface vlan 200

RT-B(config-if)#no ip address

RT-B(config-if)#xconnect vfi 2611

RT-B(config-if)#no shut

# Configure RT-C. [RT-C] vlan 300




Step 9 Verify the configuration.

After the configuration, run the following command on PEs, and you can see that VSI/VFI named 2611 establishes a PW to PE1 & PE2and the VSI is Up.

[RT-C]disp vsi name 2611



--------------------------------------------------------------------------


RT-B#sh vfi 2611

Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No

VFI name: 2611, state: up, type: multipoint

VPN ID: 20

Local attachment circuits:

Vlan200

Neighbors connected via pseudowires:

7

Peer Address VC ID S

10.0.255.31 20 Y

10.0.255.11 20 Y

RT-A#sh vfi 2611

Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No

VFI name: 2611, state: up, type: multipoint

VPN ID: 20

Local attachment circuits:

Vlan100

Neighbors connected via pseudowires:

Peer Address VC ID S

10.0.255.31 20 Y

10.0.255.21 20 Y

lab setup-men part 2_norestriction

Documents