Saturday, February 22, 2020

MPLS Layer 3 VPN PE-CE RIP

In my previous lessons I explained the basics of MPLS L3 VPNs and I explained in detail how to configure it. This time, we are going to configure MPLS VPN PE-CE with RIP as the routing protocol between the customer and service provider.
RIP is a simple routing protocol and easy to implement with MPLS VPN. Here’s the topology we will use:
MPLS L3 VPN PE CE
This is the same topology that I used in my previous examples. Let’s see what the configuration is like…

Configuration

IGP and LDP

We will start with the configuration of the service provider network, we’ll have to configure an IGP (OSPF) and LDP on the PE1, P and PE2 router. Let’s add some loopbacks that are required for LDP:
PE1(config)#interface loopback 0
PE1(config-if)#ip address 2.2.2.2 255.255.255.255
P(config)#interface loopback 0
P(config-if)#ip address 3.3.3.3 255.255.255.255
PE2(config)#interface loopback 0
PE2(config-if)#ip address 4.4.4.4 255.255.255.255
Now we can configure OSPF:
PE1(config)#router ospf 1
PE1(config-router)#network 192.168.23.0 0.0.0.255 area 0
PE1(config-router)#network 2.2.2.2 0.0.0.0 area 0
PE1(config-router)#mpls ldp autoconfig
P(config)#router ospf 1
P(config-router)#network 192.168.23.0 0.0.0.255 area 0
P(config-router)#network 192.168.34.0 0.0.0.255 area 0
P(config-router)#network 3.3.3.3 0.0.0.0 area 0
P(config-router)#mpls ldp autoconfig
PE2(config)#router ospf 1
PE2(config-router)#network 192.168.34.0 0.0.0.255 area 0
PE2(config-router)#network 4.4.4.4 0.0.0.0 area 0
PE2(config-router)#mpls ldp autoconfig
This time I used the mpls ldp autoconfig command to automatically enable LDP for all OSPF enabled interfaces. Let’s do a quick check to see if LDP is enabled:
P#show mpls ldp neighbor | include Peer
    Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 3.3.3.3:0
    Peer LDP Ident: 4.4.4.4:0; Local LDP Ident 3.3.3.3:0
Our P router in the middle has two neighbors so this is looking good. Just in case, let’s verify if there is connectivity between PE1 and PE2:
PE1#traceroute 4.4.4.4 source loopback 0
Type escape sequence to abort.
Tracing the route to 4.4.4.4
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.23.3 [MPLS: Label 17 Exp 0] 0 msec 0 msec 4 msec
  2 192.168.34.4 0 msec 0 msec *
PE1 and PE2 are able to reach each other and you can see we are using label switching.

VRFs on the PE Routers

Our next step in the configuration is to configure the VRFs. I will use a VRF called “CUSTOMER”, the route distinguisher and route-target will be 1:1.
PE1 & PE2
(config)#ip vrf CUSTOMER
(config-vrf)#rd 1:1
(config-vrf)#route-target both 1:1
Don’t forget to add the interfaces facing the customer routers into the VRF:
PE1(config)#interface FastEthernet 0/0
PE1(config-if)#ip vrf forwarding CUSTOMER
PE1(config-if)#ip address 192.168.12.2 255.255.255.0
PE2(config)#interface FastEthernet 0/1
PE2(config-if)#ip vrf forwarding CUSTOMER
PE2(config-if)#ip address 192.168.45.4 255.255.255.0
Let’s check if the PE routers are able to ping the CE routers from the VRF:
PE1#ping vrf CUSTOMER 192.168.12.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
PE2#ping vrf CUSTOMER 192.168.45.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.45.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
So far so good…

IBGP between PE1 and PE2

Our two PE routers require iBGP to exchange the VPNv4 routes. Let’s configure this:
PE1(config)#router bgp 234      
PE1(config-router)#neighbor 4.4.4.4 remote-as 234
PE1(config-router)#neighbor 4.4.4.4 update-source loopback 0
PE1(config-router)#address-family vpnv4 
PE1(config-router-af)#neighbor 4.4.4.4 activate
PE2(config)#router bgp 234
PE2(config-router)#neighbor 2.2.2.2 remote-as 234
PE2(config-router)#neighbor 2.2.2.2 update-source loopback 0
PE2(config-router)#address-family vpnv4
PE2(config-router-af)#neighbor 2.2.2.2 activate
Before we continue we should check if our routers have formed an IBGP neighbor adjacency:
PE1#show bgp vpnv4 unicast all summary 
BGP router identifier 2.2.2.2, local AS number 234
BGP table version is 1, main routing table version 1

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
4.4.4.4         4          234       5       6        1    0    0 00:01:03        0
Great, the BGP session has been established.

RIP between PE and CE routers

The only thing left to do is to configure RIP between the PE and CE routers. Let’s start with the CE routers:
CE1(config)#interface loopback 0
CE1(config-if)#ip address 1.1.1.1 255.255.255.255

CE1(config)#router rip
CE1(config-router)#version 2
CE1(config-router)#no auto-summary 
CE1(config-router)#network 192.168.12.0
CE1(config-router)#network 1.0.0.0
CE2(config)#interface loopback 0
CE2(config-if)#ip address 5.5.5.5 255.255.255.255

CE2(config)#router rip
CE2(config-router)#version 2
CE2(config-router)#no auto-summary 
CE2(config-router)#network 192.168.45.0
CE2(config-router)#network 5.0.0.0
The CE routers use regular RIP, nothing special here. Now we will configure the PE routers:
PE1(config)#router rip
PE1(config-router)#address-family ipv4 vrf CUSTOMER
PE1(config-router-af)#version 2
PE1(config-router-af)#no auto-summary 
PE1(config-router-af)#network 192.168.12.0
Since the customer is in the VRF, we have to configure RIP not for the global routing table but for this particular VRF. This is done with the address-family, the rest of the configuration is the same. Let’s do the same on PE2:
PE2(config)#router rip
PE2(config-router)#address-family ipv4 vrf CUSTOMER
PE2(config-router-af)#version 2
PE2(config-router-af)#no auto-summary 
PE2(config-router-af)#network 192.168.45.0
The PE routers should learn something from the CE routers. Let’s see if this is true:
PE1#show ip route vrf CUSTOMER rip

      1.0.0.0/32 is subnetted, 1 subnets
R        1.1.1.1 [120/1] via 192.168.12.1, 00:00:18, FastEthernet0/0
PE2#show ip route vrf CUSTOMER rip

      5.0.0.0/32 is subnetted, 1 subnets
R        5.5.5.5 [120/1] via 192.168.45.5, 00:00:20, FastEthernet0/1
The PE routers have learned the networks from the CE routers. Now there’s only one thing left to do…somehow we need to get this RIP information into BGP so that we can advertise it to the other PE router. This is done with redistribution:
PE1(config)#router bgp 234
PE1(config-router)#address-family ipv4 vrf CUSTOMER
PE1(config-router-af)#redistribute rip
PE2(config)#router bgp 234 
PE2(config-router)#address-family ipv4 vrf CUSTOMER
PE2(config-router-af)#redistribute rip
All networks learned through RIP should now be VPNv4 routes, let’s verify this:
PE1#show bgp vpnv4 unicast vrf CUSTOMER
BGP table version is 7, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf CUSTOMER)
*> 1.1.1.1/32       192.168.12.1             1         32768 ?
*>i5.5.5.5/32       4.4.4.4                  1    100      0 ?
*> 192.168.12.0     0.0.0.0                  0         32768 ?
*>i192.168.45.0     4.4.4.4                  0    100      0 ?
PE2#show bgp vpnv4 unicast vrf CUSTOMER
BGP table version is 7, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf CUSTOMER)
*>i1.1.1.1/32       2.2.2.2                  1    100      0 ?
*> 5.5.5.5/32       192.168.45.5             1         32768 ?
*>i192.168.12.0     2.2.2.2                  0    100      0 ?
*> 192.168.45.0     0.0.0.0                  0         32768 ?
Our PE routers have learned about each others redistributed RIP routes. Also, take a close look at the metric value of 1. BGP uses its MED to carry the original metric of RIP (hop count 1). This allows us to transparently advertise the metric between two customer sites.
Last but not least, we’ll have to redistribute these VPNv4 routes back into RIP so that the CE routers can learn the networks. Here’s how to do this:
PE1(config)#router rip
PE1(config-router)#address-family ipv4 vrf CUSTOMER
PE1(config-router-af)#redistribute bgp 234 metric ?
  <0-16>       Default metric
  transparent  Transparently redistribute metric
When we redistribute something into RIP, we have to use a seed metric. You can choose if you want to set a metric yourself or if you want to use the transparent option. If you choose this then the router will use the value in the BGP MED as the metric. Let’s try this:
PE1(config-router-af)#redistribute bgp 234 metric transparent
Don’t forget PE2:
PE2(config)#router rip
PE2(config-router)#address-family ipv4 vrf CUSTOMER
PE2(config-router-af)#redistribute bgp 234 metric transparent
Our configuration is now finished.

Verification

Let’s check if everything is working. First we’ll check if CE1 and CE2 have learned anything:
CE1#show ip route 

      5.0.0.0/32 is subnetted, 1 subnets
R        5.5.5.5 [120/2] via 192.168.12.2, 00:00:25, FastEthernet0/0
R     192.168.45.0/24 [120/1] via 192.168.12.2, 00:00:25, FastEthernet0/0
CE2#show ip route 

      1.0.0.0/32 is subnetted, 1 subnets
R        1.1.1.1 [120/2] via 192.168.45.4, 00:00:03, FastEthernet0/0
R     192.168.12.0/24 [120/1] via 192.168.45.4, 00:00:03, FastEthernet0/0
You can see the networks in the routing tables. Note the hop counts, the 1.1.1.1 /32 network had a hop count of 1 in the routing table of PE2 so it is advertised with a hop count of 2 to the CE2 router. Let’s try if it actually works:
CE1#ping 5.5.5.5 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Pinging from CE1 to CE2 is no problem. Let’s look at a trace:
CE1#traceroute 5.5.5.5 source loopback 0
Type escape sequence to abort.
Tracing the route to 5.5.5.5
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.12.2 0 msec 0 msec 4 msec
  2 192.168.23.3 [MPLS: Labels 17/19 Exp 0] 0 msec 0 msec 4 msec
  3 192.168.45.4 [MPLS: Label 19 Exp 0] 0 msec 0 msec 4 msec
  4 192.168.45.5 0 msec 0 msec *
Above you can see that transport label (17) and VPN label (19) that were used in the service provider network.

Conclusion

RIP as the PE-CE routing protocol is pretty straight forward. The only new item in this configuration is that we had to redistribute between RIP and BGP and the option of transparently setting the seed metric.
hostname CE1
!
ip cef
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
duplex auto
speed auto
!
router rip
version 2
network 1.0.0.0
network 192.168.12.0
no auto-summary
!
end
hostname PE1
!!
ip cef
!
ip vrf CUSTOMER
rd 1:1
route-target export 1:1
route-target import 1:1
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip vrf forwarding CUSTOMER
ip address 192.168.12.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.23.2 255.255.255.0
duplex auto
speed auto
!
router ospf 1
mpls ldp autoconfig
network 2.2.2.2 0.0.0.0 area 0
network 192.168.23.0 0.0.0.255 area 0
!
router rip
!
address-family ipv4 vrf CUSTOMER
redistribute bgp 234 metric transparent
network 192.168.12.0
no auto-summary
version 2
exit-address-family
!
router bgp 234
bgp log-neighbor-changes
neighbor 4.4.4.4 remote-as 234
neighbor 4.4.4.4 update-source Loopback0
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
exit-address-family
!
address-family ipv4 vrf CUSTOMER
redistribute rip
exit-address-family
!
end
hostname P
!
ip cef
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.23.3 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.34.3 255.255.255.0
duplex auto
speed auto
!
router ospf 1
mpls ldp autoconfig
network 3.3.3.3 0.0.0.0 area 0
network 192.168.23.0 0.0.0.255 area 0
network 192.168.34.0 0.0.0.255 area 0
!
end
hostname PE2
!
ip vrf CUSTOMER
rd 1:1
route-target export 1:1
route-target import 1:1
!
ip cef
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.34.4 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip vrf forwarding CUSTOMER
ip address 192.168.45.4 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
!
interface Serial0/1/0
no ip address
shutdown
!
router ospf 1
mpls ldp autoconfig
network 4.4.4.4 0.0.0.0 area 0
network 192.168.34.0 0.0.0.255 area 0
!
router rip
!
address-family ipv4 vrf CUSTOMER
redistribute bgp 234 metric transparent
network 192.168.45.0
no auto-summary
version 2
exit-address-family
!
router bgp 234
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 234
neighbor 2.2.2.2 update-source Loopback0
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf CUSTOMER
redistribute rip
exit-address-family
!
end
hostname CE2
!
ip cef
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.45.5 255.255.255.0
duplex auto
speed auto
!
router rip
version 2
network 5.0.0.0
network 192.168.45.0
no auto-summary
!
end

If you have any questions, feel free to leave a comment!
at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)