Mpls Presentation Ine

Mpls basics

Alp

14.1 VRF Lite

VPN_A rd 100:1VPN_B rd 100:2

VPN_A routing tableLo101 172.16.7.7/24Vlan 67 155.1.67.0/24

VPN_B routing tableLo101 192.168.7.7/24Vlan 67 155.1.76.0/24

vl67

vl76

14.1 VRF Lite• AtR6interface Ethernet1/0.67 encapsulation dot1Q 67

ip vrf forwarding VNP_A ip address 155.1.67.6 255.255.255.0

interface Ethernet1/0.76 encapsulation dot1Q 76

ip vrf forwarding VNP_B ip address 155.1.76.6 255.255.255.0

ip route vrf VNP_A 192.168.7.0 255.255.255.0 Ethernet1/0.76 155.1.76.7

ip route vrf VNP_B 172.16.7.0 255.255.255.0 Ethernet1/0.67 155.1.67.7

ip vrf VNP_A rd 100:1ip vrf VNP_B

rd 100:2

• At SW1ip vrf VPN_A

rd 100:1ip vrf VPN_B

rd 100:2interface Loopback101 ip vrf forwarding VPN_A

ip address 172.16.7.7 255.255.255.0interface Loopback102 ip vrf forwarding VPN_B

ip address 192.168.7.7 255.255.255.0interface Ethernet1/0.67 encapsulation dot1Q 67

ip vrf forwarding VPN_A ip address 155.1.67.7 255.255.255.0

interface Ethernet1/0.76 encapsulation dot1Q 76 ip vrf forwarding VPN_B ip address 155.1.76.7 255.255.255.0

ip route vrf VPN_A 0.0.0.0 0.0.0.0 155.1.67.6ip route vrf VPN_B 0.0.0.0 0.0.0.0 155.1.76.6

14.2 MPLS LDP• At R4

mpls ipmpls ldp router-id lo0 force

int e0/1mpls ldp discovery transport-address interface

router ospf 1mpls ldp autoconf

mpls ldp password requiredmpls ldp neighbor 150.1.5.5 password CISCOmpls ldp neighbor 150.1.6.6 password CISCO

• At R6mpls ipmpls ldp router-id lo0 forceint e0/0.146mpls ldp discovery transport-address interfacempls ip mpls ldp password required mpls ldp neighbor 150.1.4.4 password CISCO

• At R5mpls ipmpls ldp router-id lo0 forceint s2/1mpls ipint s2/0mpls ipmpls ldp password requiredmpls ldp neighbor 150.1.4.4 password CISCO

14.3 MPLS Label Filtering

• At R4, R5, R6

access-list 10 permit 150.1.0.0 0.0.255.255no mpls ldp advertise-labelsmpls ldp advertise-labels for 10

14.4 MP-BGP VPNv4

R5

R4

R6

RR

Vlan5Vl58

Vpn_aVpn_b

vl67vl76Vpn_b

Vpn_a

R5Vrf VPN_A bgp table155.1.58.0/24 155.1.67.0/24 Bgp vpnv4

R5Vrf VPN_B bgp table155.1.5.0/24 155.1.76.0/24

Redistribute connected Static into bgp

Redistribute connected Static into bgp

14.4 MP-BGP VPNv4• At R4

router bgp 100

no bgp default ipv4-unicastneighbor 150.1.5.5 remote-as 100neighbor 150.1.5.5 update-source lo0neighbor 150.1.6.6 remote-as 100neighbor 150.1.6.6 update-source lo0

address-family vpnv4 unicastneighbor 150.1.5.5 activateneighbor 150.1.6.6 activateneighbor 150.1.5.5 send-community extendedneighbor 150.1.6.6 send-community extendedneighbor 150.1.5.5 route-reflector-clientneighbor 150.1.6.6 route-reflector-client

• At R5ip vrf VPN_Ard 100:1 route-target both 100:1ip vrf VPN_B rd 100:2 route-target both 100:2

int e0/0ip vrf forwarding VPN_Aip add 155.1.58.5 255.255.255.0int e0/1ip vrf forwarding VPN_Bip address 155.1.5.5 255.255.255.0

• At R6ip vrf VNP_Ard 100:1route-target both 100:1ip vrf VNP_Brd 100:2route-target both 100:2

• At R5 & R6router bgp 100no bgp default ipv4neighbor 150.1.4.4 remote-as 100neighbor 150.1.4.4 update-source lo0

address-family vpnv4 unicastneighbor 150.1.4.4 activateneighbor 150.1.4.4 send-community extended // RT valuesunu bununla taşırız.

address-family ipv4 vrf VPN_Aredistribute connectedredistribute static

address-family ipv4 vrf VPN_Bredistribute connectedredistribute static

14.5 MP-BGP Prefix Filtering

R5

R4

R6

RR

Vlan5Vl58

Vpn_aVpn_b

vl67vl76

Vpn_b

Vpn_a

Bgp vpnv4

Lo1 172.16.5.5/24

Lo1 192.16.6.6/24

14.5 MP-BGP Prefix Filtering• At R5

int lo 101ip vrf forvarding VPN_Aip address 172.16.5.5 255.255.255.0

ip prefix-list LO101 permit 172.16.5.0/24

route-map VPN-A_EXPORT permit 10match ip address prefix-list LO101set extcommunity rt 100:55

route-map VPN-A_EXPORT permit 20set extcommunity rt 100:1

ip vrf VPN_Aexport map VPN-A_EXPORTroute-target import 100:66

• At R6int lo102ip vrf forwarding VNP_Bip address 192.168.6.6 255.255.255.0

ip prefix-list LO202 permit 192.168.6.0/24

route-map VNP-B-EXPORT permit 10match ip address prefix-list LO102set extcommunity rt 100:66route-map VNP-B-EXPORT permit 20set extcommunity rt 100:2

ip vrf VNP_Bexport map VNP-B-EXPORTroute-target import 100:55

14.6 PE – CE Routing with RIP

R5

R4

R6

RR

Vlan5Vl58

Vpn_aVpn_b

vl76

Vpn_b

Bgp vpnv4

Lo1 172.16.5.5/24

Lo1 192.16.6.6/24

RIP vrf vpn_b

vlan43

Vpn_b

RIP vrf vpn_b

Bgp to ripRip to bgp redistribution

Rip to bgpredistribution

204.12.1.0/24

14.6 PE – CE Routing with RIP• At R4ip vrf VPN_B

rd 100:2 route-target export 100:2 route-target import 100:2

router rip version 2 no auto-summary address-family ipv4 vrf VPN_B redistribute bgp 100 metric transparent ///// metriğin korunmasını sağlıyor network 204.12.1.0 no auto-summary exit-address-family

router bgp 100 no bgp default ipv4-unicast

address-family vpnv4 neighbor 150.1.5.5 activate neighbor 150.1.5.5 send-community extended neighbor 150.1.5.5 route-reflector-client

neighbor 150.1.6.6 activate neighbor 150.1.6.6 send-community extended

neighbor 150.1.6.6 route-reflector-client exit-address-family address-family ipv4 vrf VPN_B redistribute rip

• At R6router rip

ver 2no auto-sumaddress-family ipv4 vrf VNP_B

redistribute bgp 100 metric transparent //metriğin korunmasını sağlıyornetwork 155.1.0.0

no ip route vrf VNP_B 172.16.7.0 255.255.255.0 e1/0.67 155.1.67.7

• At SW1no ip route vrf VNP_A 0.0.0.0 0.0.0.0 155.1.76.6router rip

ver 2no auto-sumaddress-family ipv4 vrf VPN_Bnetwork 155.1.0.0 network 192.168.7.0

14.7 PE- CE Routing with OSPF

R5

R4

R6

RR

Vl58

Vpn_a

vl67Vpn_a

Bgp vpnv4

Lo1 172.16.5.5/24

Ospf area1

Ospf area 1

SW2

Lo 172.16.8.8/24

Redistribute bgp into vrf VPN_A ospf

Redistribute vrf VNP_A ospf into vrf VPN_A bgp

Redistribute bgp into vrf VPN_A ospf

Redistribute vrf VNP_A ospf into vrf VPN_A bgp SW1

Lo 172.16.7.7

Vrf VPN_A

14.7 PE- CE Routing with OSPF• MP-BGP’nin olduğu cloud’a super area 0 (super

backbone) denir.• OSPF iki yeni attribute’e sahip

1- domain-id : farklı vpn’lerdeki ospf process’leri ayırt etmeye yarar.

2- OSPF route-type: 3 bileşen içerir: source-area, route-type (lsa type) ve option (E1 – E2[external])metric değeri biz değiştirmediğimiz sürece aynı şekilde taşınır.

• At R5router ospf 100 vrf VPN_A

domain-id 0.0.0.5log-adjacency-changesredistribute bgp 100 subnetsnetwork 0.0.0.0 255.255.255.255 area 1

router bgp 100address-family ipv4 vrf VPN_Aredistribute ospf 100 vrf VPN_A

• At R6router ospf 100 vrf VNP_A

domain-id 0.0.0.6log-adjacency-changesredistribute bgp 100 subnetsnetwork 0.0.0.0 255.255.255.255 area 1summary-address 172.16.0.0 255.255.0.0

router bgp 100address-family ipv4 vrf VNP_Aredistribute ospf 100 vrf VNP_A

• SW1no ip route vrf VPN_A 0.0.0.0 0.0.0.0 155.14.76.6router ospf 1 vrf VPN_A

netw 0.0.0.0 255.255.255.255 area 1• SW2

ip routing router ospf 1

network 0.0.0.0 255.255.255.255 area 1int lo100

ip add 172.16.8.8 255.255.255.0

14.8 OSPF Sham-link

R5

R4

R6

RR

Vl58

Vpn_a

vl67Vpn_a

Bgp vpnv4

Lo1 172.16.5.5/24

Ospf area1

Ospf area 1

SW2

Lo 172.16.8.8/24

Redistribute bgp into vrf VPN_A ospf

Redistribute vrf VNP_A ospf into vrf VPN_A bgp

Redistribute bgp into vrf VPN_A ospf

Redistribute vrf VNP_A ospf into vrf VPN_A bgp SW1

Lo 172.16.7.7Backdoor link

Sham-link

lo100

lo100

Vrf A

14.8 OSPF Sham-link• At R5

router ospf 100 vrf VPN_Ano domain-id 0.0.0.5area 1 sham-link 150.1.55.55 150.1.66.66 cost 1no network 0.0.0.0 255.255.255.255 area 1network 155.1.58.5 0.0.0.0 area 1

int lo 200ip vrf forwarding VPN_Aip address 150.1.55.55 255.255.255.255

router bgp 100address-family ipv4 vrf VPN_A

network 150.1.55.55 mask 255.255.255.255

• At R6router ospf 100 vrf VNP_A

no domain-id 0.0.0.5area 1 sham-link 150.1.66.66 150.1.55.55 cost 1no network 0.0.0.0 255.255.255.255 area 1network 155.1.67.6 0.0.0.0 area 1

int lo 200ip vrf forwarding VNP_Aip address 150.1.66.66 255.255.255.255

router bgp 100address-family ipv4 vrf VNP_A

network 150.1.66.66 mask 255.255.255.255

• At SW1int e0/3

no swip address 155.1.78.7 255.255.255.0ip ospf cost 9999

int e1/0.67no ip vrf forwarding VPN_Aip address 155.1.67.7 255.255.255.0

int lo101ip add 172.16.7.7 255.255.255.0

no router ospf 1router ospf 1

network 0.0.0.0 255.255.255.255 area 1• At SW2

int e0/3no swip address 155.1.78.8 255.255.255.0ip ospf cost 9999

14.9 PE- CE Routing with EIGRP

R5

R4

R6

RR

Vl58

Vpn_a

vl67Vpn_a

Bgp vpnv4

Lo1 172.16.5.5/24

EIGRP

EIGRP

SW2

Lo 172.16.8.8/24

Redistribute bgp into vrf VPN_A eigrp

Redistribute vrf VNP_A eigrp into vrf VPN_A bgp

Redistribute bgp into vrf VPN_A eigrp

Redistribute vrf VNP_A eigrpinto vrf VPN_A bgp SW1

Lo 172.16.7.7

Backdoor link

Vlan 43204.12.1.0/24

EIGRPVPN_A

Redistribute vrf VPN_A EIGRPinto BGP

Redistribute bgp into vrf VPN_A eigrp

Delay 1000

Vrf VPN_A

14.9 PE- CE Routing with EIGRP• At R4

ip vrf VPN_Ard 100:1route-target both 100:1router eigrp 100no autoaddress-family ipv4 vrf VPN_Aautonomous-system 100network 204.12.1.0 0.0.0.255redistribute bgp 100 metric 1 1 1 1 1

router bgp 100 address-family ipv4 vrf VPN_Aredistribute eigrp 100

int e0/0ip vrf forwarding VPN_Aip address 204.12.1.4 255.255.255.0

• At R5no router ospf 100router eigrp 100

no autoaddress-family ipv4 vrf VPN_A

autonomous-system 100network 155.1.58.5 0.0.0.0redistribute bgp 100 metric 1 1 1 1 1

router bgp 100address-family ipv4 vrf VPN_A

redistribute eigrp 100

• At R6no router ospf 100router eigrp 100

no autoaddress-family ipv4 vrf VNP_A

autononous-system 100network 155.1.67.6 0.0.0.0

router bgp 100address-family ipv4 vrf VNP_A

redistribute eigrp 100

• At SW1 – SW2no router ospf 1router eigrp 100

no autosummnetwork 0.0.0.0 255.255.255.255

int e0/3delay 1000 /// to be sure it will be

backdoor.

14.10 EIGRP SITE OF ORIGIN

R5

R4

R6

RR

Vl58

Vpn_a

vl67Vpn_a

Bgp vpnv4

Lo1 172.16.5.5/24

BGP AS 78

BGP AS 78

SW2

Lo 172.16.8.8/24

SW1Lo 172.16.7.7

AS100

Vrf VPN_A

Backdoor link

SW1SW2

R5 R6

100:15

100:15

100:16

100:16

14.10 EIGRP Site-of-Origin

• At R5route-map EIGRP-SOOset extcommunity soo 100:15int e0/0ip vrf sitemap EIGRP-SOO

• At R6route-map EIGRP-SOOset extcommunity soo 100:16int e0/0.67ip vrf sitemap EIGRP-SOO

• At SW2route-map EIGRP-SOO

set extcommunity soo 100:15int e0/2

ip vrf sitemap EIGRP-SOO

• At SW1route-map EIGRP-SOO

set extcommunity soo 100:16int e0/2

ip vrf sitemap EIGRP-SOO

14.11 PE- CE Routing with BGP

R5

R4

R6

RR

Vl58

Vpn_a

vl67Vpn_a

Bgp vpnv4

Lo1 172.16.5.5/24

BGP AS 78

BGP AS 78

SW2

Lo 172.16.8.8/24

SW1Lo 172.16.7.7

AS100

Vrf VPN_A

AS78 overrided AS100

AS78 overrided AS100

• Farklı yerlerde aynı AS’in kullanılması; aynı AS ile gelen bilginin alınmayacağından prefix’in filtrelenmesine yol açar. Bunu çözmek için allowas-in ile as-override yapabliriz.

14.11 PE- CE Routing with BGP

• At R5no router eigrp 100router bgp 100

address-family ipv4 vrf VPN_Aneighbor 155.1.58.8 remote-as 78neighbor 155.1.58.8 as-override

• At R6no router eigrp 100router bgp 100

address-family ipv4 vrf VNP_Aneighbor 155.1.67.7 remote-as 78neighbor 155.1.67.7 as-override

• At SW1no router eigrp 100router bgp 78neighbor 155.1.67.6 remote-as 100network 150.1.7.0 mask 255.255.255.0

• At SW2no router eigrp 100router bgp 78neighbor 155.1.58.5 remote-as 100network 150.1.8.0 mask 255.255.255.0

14.12 BGP SoO Attribute

R5

R4

R6

RR

Vl58

Vpn_a

vl67Vpn_a

Bgp vpnv4

Lo1 172.16.5.5/24

BGP AS 78

BGP AS 78

SW2

Lo 172.16.8.8/24

SW1Lo 172.16.7.7

AS100

Backdoor link

Soo 100:1

Soo 100:1Vrf VPN_A

14.12 BGP SoO Attribute

• At R5router bgp 100

address-family ipv4 vrf VPN_Aneighbor 155.1.58.8 soo

100:1

• At R6router bgp 100

address-family ipv4 vrf VNP_Aneighbor 155.1.67.7 soo

100:1

SW1SW2

R5 R6

ibgp

ebgp ebgp

Bgp vpn

Soo 100:1 Soo 100:1

• At SW1router bgp 78

neighbor 155.1.78.8 remote-as 78

• At SW2router bgp 78

neighbor 155.1.78.7 remote-as 78

///CE’lerde backdoor komşuluğunu ekledik.

14.13 Internet Access• At R6

router ripvers 2no auto-sumnetwork 54.0.0.0ip route vrf VNP_A 0.0.0.0 0.0.0.0 54.1.1.254 global

router bgp 100address-family ipv4 vrf VNP_Adefault-information originateredistribute staticint s2/0ip nat outsideint e0/0.146ip nat insideint e0/0.67ip nat insideip access-list standard VPN-PREFIXESpermit 150.1.0.0 0.0.255.255ip nat inside source list VPN-PREFIXES interface s2/0 vrf VNP_A overload

14.14 AToM

R5

R4

R6

RR

Vl58

Vpn_a

vl67Vpn_a

Layer 2 vpn Bgp vpnv4

AS100

Vl 5 (e0/1)

E0/1

14.14 AToM

• At R5default interface e0/1int e0/1xconnect 150.1.6.6 100 encapsulation mpls

mpls ldp neighbor 150.1.6.6 password CISCO

• At R6int e0/1no shxconnect 150.1.5.5 100 encapsulation mpls

mpls ldp neighbor 150.1.5.5 password CISCO

• R5 ve R6 ya bağlı olan sw3 ve sw4 interfacelerine ip verip birbirlerini pingleyebiliriz.

14.15 L2TPV3

• At R5, similiar at R6pseudowire-class L2TPV3

encapsulation l2tpv3ip local interface lo0ip pmtuip dfbit setip tos reflect

default int e0/1int e0/1

xconnect 150.1.6.6 100 encapsulation l2tpv3 pw-class L2TPV3

14.16 MPLS VPN Performance Tuning

• At R4router bgp 100

address-family vpnv4 unicastneighbor 150.1.5.5 advertisement-interval 0neighbor 150.1.6.6 advertisement-interval 0

• At R5; R6router bgp 100

address-family vpnv4 unicastneighbor 150.1.4.4 advertisement-internal 0bgp scan import 5