Configuration of MPLS-VPN (Super Backbone and Sham-Link)

I will introduce of the example of configuration of MPLS-VPN by Cisco. The diagram is below.

In MPLS network, IP address ranges of customers might be duplicated, but because you are dividing the routing table logically in the function of VRF, not a problem.

Also in the configuration of the above, in connection CE1-1 and CE2-1, IP address range of "10.1.11.0/24" is duplicated.

On PE1, configuring the VRF named VPN_A in connection with the CE1-1, and configuring the VRF named VPN_B in connection with the CE1-2, and start the OSPF process in each VRF.

Basicaly there is no problem if you divide the process ID of OSPF, but Physical interface of VRF is only one, so in default, both router try to assign the router ID of OSPF as "10.1.11.1" (because there is no loopback interface , use the maximum number of physical interface's IP address). When 2nd OSPF process is tried to start, it is failed by router ID duplication. So in this case it is needed to configure OSPF router ID by manual.

Configuring of MPLS Network
Configuration of VRF(Customers Routing Table)
Exchange route information of VPNv4 Prefix by MP-BGP
IT/インフラエンジニアの地位とスキル向上のために

Configuring of MPLS Network

After the setting of the Loopback interface to each router of PE1, PE2, P which routers operate the MPLS, assigns IP address of the physical interface through in MPLS, then configures OSPF and MPLS. It should be noted that the routing protocol does not have to be OSPF. RIP and EIGRP is no matter.

In case of setting MPLS by cisco routers, CEF function is needed, which is enabled by default.

[configuration of PE1]

PE1(config)# interface loopback 1
PE1(config-if)# ip address 1.1.1.1 255.255.255.255
PE1(config)# interface gigabitEthernet 0/0
PE1(config-if)# ip address 192.168.13.1 255.255.255.0
PE1(config-if)# mpls ip
PE1(config-if)# no shutdown
PE1(config)# router ospf 100
PE1(config-router)# network 1.1.1.1 0.0.0.0 area 100
PE1(config-router)# network 192.168.13.0 0.0.0.255 area 100

[configuration of PE2]

PE2(config)# interface loopback 1
PE2(config-if)# ip address 2.2.2.2 255.255.255.255
PE2(config)# interface gigabitEthernet 0/0
PE2(config-if)# ip address 192.168.23.2 255.255.255.0
PE2(config-if)# mpls ip
PE2(config-if)# no shutdown
PE2(config)# router ospf 100
PE2(config-router)# network 2.2.2.2 0.0.0.0 area 100
PE2(config-router)# network 192.168.23.0 0.0.0.255 area 100

[configuration of P1]

P1(config)# interface loopback 1
P1(config-if)# ip address 3.3.3.3 255.255.255.255
P1(config)# interface gigabitEthernet 0/0
P1(config-if)# ip address 192.168.13.3 255.255.255.0
P1(config-if)# mpls ip
P1(config-if)# no shutdown
P1(config)# interface gigabitEthernet 1/0
P1(config-if)# ip address 192.168.23.3 255.255.255.0
P1(config-if)# mpls ip
P1(config-if)# no shutdown
P1(config)# router ospf 100
P1(config-router)# network 3.3.3.3 0.0.0.0 area 100
P1(config-router)# network 192.168.13.0 0.0.0.255 area 100
P1(config-router)# network 192.168.23.0 0.0.0.255 area 100

Make sure that the neighbors are swollen by MPLS in each router.

PE1/PE2/P1 # show mpls ldp neighbor

Also, make sure that the LIB table has been created.

PE1/PE2/P1 # show mpls ldp bindings

Result of show command : PE1 / PE2 / P1

Configuration of VRF(Customers Routing Table)

You create the same number VRF as customers number on each PE1/PE2 router. Here you create two as an example. In addition, you operate the OSPF on the VRF and exchange the route information betweenthe CE1 and CE2. Note that this does not have to be OSPF. There is no problem using RIP and EIGRP. Also you need not to match the protocol to the network nor to separete the protocol against.

[Configuration of PE1]

PE1(config)# ip vrf VPN_A
PE1(config-vrf)# rd 10:10
PE1(config-vrf)# route-target both 100:100
PE1(config)# ip vrf VPN_B
PE1(config-vrf)# rd 20:20
PE1(config-vrf)# route-target both 200:200
PE1(config)# interface gigabitEthernet 1/0
PE1(config-if)# ip vrf forwarding VPN_A
PE1(config-if)# ip address 10.1.11.1 255.255.255.0
PE1(config-if)# no shutdown
PE1(config)# interface gigabitEthernet 2/0
PE1(config-if)# ip vrf forwarding VPN_B
PE1(config-if)# ip address 10.1.11.1 255.255.255.0
PE1(config-if)# no shutdown
PE1(config)# router ospf 10 vrf VPN_A
PE1(config-router)# router-id 1.1.1.10
PE1(config-router)# network 10.1.11.0 0.0.0.255 area 0
PE1(config)# router ospf 20 vrf VPN_B
PE1(config-router)# router-id 1.1.1.20
PE1(config-router)# network 10.1.11.0 0.0.0.255 area 0

[Configuration of PE2]

PE2(config)# ip vrf VPN_A
PE2(config-vrf)# rd 10:10
PE2(config-vrf)# route-target both 100:100
PE2(config)# ip vrf VPN_B
PE2(config-vrf)# rd 20:20
PE2(config-vrf)# route-target both 200:200
PE2(config)# interface gigabitEthernet 1/0
PE2(config-if)# ip vrf forwarding VPN_A
PE2(config-if)# ip address 10.2.23.1 255.255.255.0
PE2(config-if)# no shutdown
PE2(config)# interface gigabitEthernet 2/0
PE2(config-if)# ip vrf forwarding VPN_B
PE2(config-if)# ip address 10.2.24.1 255.255.255.0
PE2(config-if)# no shutdown
PE2(config)# router ospf 10 vrf VPN_A
PE2(config-router)# router-id 2.2.2.10
PE2(config-router)# network 10.2.23.0 0.0.0.255 area 0
PE2(config)# router ospf 30 vrf VPN_B
PE2(config-router)# router-id 2.2.2.30
PE2(config-router)# network 10.2.24.0 0.0.0.255 area 0

[Configuration of CE1-1]

CE1-1(config)# interface loopback 1
CE1-1(config-if)# ip address 11.11.11.11 255.255.255.255
CE1-1(config)# interface gigabitEthernet 0/0
CE1-1(config-if)# ip address 10.1.11.11 255.255.255.0
CE1-1(config-if)# no shutdown
CE1-1(config)# router ospf 1
CE1-1(config-router)# network 11.11.11.11 0.0.0.0 area 0
CE1-1(config-router)# network 10.1.11.0 0.0.0.255 area 0

[Configuration of CE2-1]

CE2-1(config)# interface loopback 1
CE2-1(config-if)# ip address 21.21.21.21 255.255.255.255
CE2-1(config)# interface gigabitEthernet 0/0
CE2-1(config-if)# ip address 10.1.11.21 255.255.255.0
CE2-1(config)# router ospf 1
CE2-1(config-router)# network 21.21.21.21 0.0.0.0 area 0
CE2-1(config-router)# network 10.1.11.0 0.0.0.255 area 0

[Configuration of CE1-2]

CE1-2(config)# interface loopback 1
CE1-2(config-if)# ip address 12.12.12.12 255.255.255.255
CE1-2(config)# interface gigabitEthernet 0/0
CE1-2(config-if)# ip address 10.2.23.12 255.255.255.0
CE1-2(config-if)# no shutdown
CE1-2(config)# router ospf 1
CE1-2(config-router)# network 12.12.12.12 0.0.0.0 area 0
CE1-2(config-router)# network 10.2.23.0 0.0.0.255 area 0

[Configuration of CE2-2]

CE2-2(config)# interface loopback 1
CE2-2(config-if)# ip address 22.22.22.22 255.255.255.255
CE2-2(config)# interface gigabitEthernet 0/0
CE2-2(config-if)# ip address 10.2.24.22 255.255.255.0
CE1-2(config-if)# no shutdown
CE2-2(config)# router ospf 1
CE2-2(config-router)# network 22.22.22.22 0.0.0.0 area 0
CE2-2(config-router)# network 10.2.24.0 0.0.0.255 area 0

About VRF of PE1 and PE2, make sure that the information of CE router is listed in each routing table.

PE1/PE2 # show ip ospf 10 neighbors
PE1/PE2 # show ip ospf 10 database
PE1/PE2 # show ip ospf 20 neighbors
PE1/PE2 # show ip ospf 20 database

Result of show command : PE1 / PE2

Exchange route information of VPNv4 Prefix by MP-BGP

Configuring Mutual redistribution between MP-BGP of ipv4 and OSPF of VRF and exchange VPNv4 Prefix by MP-BGP.

[Configuring of PE1]

PE1(config)# router bgp 65001
PE1(config-router)# neighbor 2.2.2.2 remote-as 65001
PE1(config-router)# neighbor 2.2.2.2 update-source loopback 1
PE1(config-router)# address-family vpnv4
PE1(config-router-af)# neighbor 2.2.2.2 activate
PE1(config-router)# address-family ipv4 vrf VPN_A
PE1(config-router-af)# redistribute ospf 10 vrf VPN_A
PE1(config-router)# address-family ipv4 vrf VPN_B
PE1(config-router-af)# redistribute ospf 20 vrf VPN_B
PE1(config)# router ospf 10
PE1(config-router)# redistribute bgp 65001 metric 20 subnets
PE1(config)# router ospf 20
PE1(config-router)# redistribute bgp 65001 metric 20 subnets

[Configuring of PE2]

PE2(config)# router bgp 65001
PE2(config-router)# neighbor 1.1.1.1 remote-as 65001
PE2(config-router)# neighbor 1.1.1.1 update-source loopback 1
PE2(config-router)# address-family vpnv4
PE2(config-router-af)# neighbor 1.1.1.1 activate
PE2(config-router)# address-family ipv4 vrf VPN_A
PE2(config-router-af)# redistribute ospf 10 vrf VPN_A
PE2(config-router)# address-family ipv4 vrf VPN_B
PE2(config-router-af)# redistribute ospf 30 vrf VPN_B
PE2(config)# router ospf 10
PE2(config-router)# redistribute bgp 65001 metric 20 subnets
PE2(config)# router ospf 30
PE2(config-router)# redistribute bgp 65001 metric 20 subnets

Make sure that the neighbor by BGP is 10/10 each other.

PE1/PE2 # show bgp vpnv4 unicast all

Also, make sure that the LFIB table has been created.

PE1/PE2 # show mpls forwarding-table

And, make sure that the information of VPN ID Label(Inner Label).

Result of show command : PE1 / PE2

PE1/PE2 # show bgp vpnv4 unicast vrf VPN_A labels
PE1/PE2 # show bgp vpnv4 unicast vrf VPN_B labels

Finally, make sure that the OSPF information is flowing in the CE router.

CE1-1/CE2-1/CE1-2/CE2-2 # show ip route

Result of show command : CE1-1 / CE2-1 / CE1-2 / CE2-2

While CE2-1 and CE2-2 play set as external routes (O E2), make sure that the route of CE1-1 and CE1-2 is in the Inter-Area (O IA) . This is because between the CE1-1 and CE1-2 is in the connection of Super BackBone.