6. • At R6
mpls ip
mpls ldp router-id lo0 force
int e0/0.146
mpls ldp discovery transport-address interface
mpls ip
mpls ldp password required
mpls ldp neighbor 150.1.4.4 password CISCO
• At R5
mpls ip
mpls ldp router-id lo0 force
int s2/1
mpls ip
int s2/0
mpls ip
mpls ldp password required
mpls ldp neighbor 150.1.4.4 password CISCO
7. 14.3 MPLS Label Filtering
• At R4, R5, R6
access-list 10 permit 150.1.0.0 0.0.255.255
no mpls ldp advertise-labels
mpls ldp advertise-labels for 10
10. • At R5
ip vrf VPN_A
rd 100:1
route-target both 100:1
ip vrf VPN_B
rd 100:2
route-target both 100:2
int e0/0
ip vrf forwarding VPN_A
ip add 155.1.58.5 255.255.255.0
int e0/1
ip vrf forwarding VPN_B
ip address 155.1.5.5 255.255.255.0
• At R6
ip vrf VNP_A
rd 100:1
route-target both 100:1
ip vrf VNP_B
rd 100:2
route-target both 100:2
13. 14.5 MP-BGP Prefix Filtering
• At R5
int lo 101
ip vrf forvarding VPN_A
ip address 172.16.5.5 255.255.255.0
ip prefix-list LO101 permit 172.16.5.0/24
route-map VPN-A_EXPORT permit 10
match ip address prefix-list LO101
set extcommunity rt 100:55
route-map VPN-A_EXPORT permit 20
set extcommunity rt 100:1
ip vrf VPN_A
export map VPN-A_EXPORT
route-target import 100:66
14. • At R6
int lo102
ip vrf forwarding VNP_B
ip address 192.168.6.6 255.255.255.0
ip prefix-list LO202 permit 192.168.6.0/24
route-map VNP-B-EXPORT permit 10
match ip address prefix-list LO102
set extcommunity rt 100:66
route-map VNP-B-EXPORT permit 20
set extcommunity rt 100:2
ip vrf VNP_B
export map VNP-B-EXPORT
route-target import 100:55
15. 14.6 PE – CE Routing
Lo1
with RIP RIP vrf vpn_b
192.16.6.6/24 Rip to bgp
vl76 redistribution
R6
Vpn_b
Bgp vpnv4
Bgp to rip
R4 Rip to bgp
redistribution
Lo1 RR
R5 RIP vrf vpn_b
172.16.5.5
/24
vlan43
Vl58 Vlan5
204.12.1.0/24
Vpn_b
Vpn_b
Vpn_a
16. 14.6 PE – CE Routing with RIP
• At R4
ip vrf VPN_B
rd 100:2
route-target export 100:2
route-target import 100:2
router rip
version 2
no auto-summary
address-family ipv4 vrf VPN_B
redistribute bgp 100 metric transparent ///// metriğin korunmasını sağlıyor
network 204.12.1.0
no auto-summary
exit-address-family
router bgp 100
no bgp default ipv4-unicast
address-family vpnv4
neighbor 150.1.5.5 activate
neighbor 150.1.5.5 send-community extended
neighbor 150.1.5.5 route-reflector-client
neighbor 150.1.6.6 activate
neighbor 150.1.6.6 send-community extended
neighbor 150.1.6.6 route-reflector-client
exit-address-family
address-family ipv4 vrf VPN_B
redistribute rip
17. • At R6
router rip
ver 2
no auto-sum
address-family ipv4 vrf VNP_B
redistribute bgp 100 metric transparent
//metriğin korunmasını sağlıyor
network 155.1.0.0
no ip route vrf VNP_B 172.16.7.0 255.255.255.0
e1/0.67 155.1.67.7
18. • At SW1
no ip route vrf VNP_A 0.0.0.0 0.0.0.0 155.1.76.6
router rip
ver 2
no auto-sum
address-family ipv4 vrf VPN_B
network 155.1.0.0
network 192.168.7.0
19. 14.7 PE- CE Routing with OSPF
Ospf area 1
Redistribute vrf VNP_A ospf Lo 172.16.7.7
into vrf VPN_A bgp SW1
R6
vl67
Vpn_a
Vrf VPN_A Redistribute bgp into
vrf VPN_A ospf
Redistribute bgp into Bgp vpnv4
vrf VPN_A ospf
Ospf area1 R4
Lo1 RR
R5
172.16.5.5/24
SW2 Vl58
Redistribute vrf VNP_A ospf into vrf VPN_A bgp
Vpn_a Lo 172.16.8.8/24
20. 14.7 PE- CE Routing with OSPF
• MP-BGP’nin olduğu cloud’a super area 0 (super
backbone) denir.
• OSPF iki yeni attribute’e sahip
1- domain-id : farklı vpn’lerdeki ospf process’leri
ayırt etmeye yarar.
2- OSPF route-type: 3 bileşen içerir: source-
area, route-type (lsa type) ve option (E1 –
E2[external])
metric değeri biz değiştirmediğimiz sürece aynı
şekilde taşınır.
22. • SW1
no ip route vrf VPN_A 0.0.0.0 0.0.0.0 155.14.76.6
router ospf 1 vrf VPN_A
netw 0.0.0.0 255.255.255.255 area 1
• SW2
ip routing
router ospf 1
network 0.0.0.0 255.255.255.255 area 1
int lo100
ip add 172.16.8.8 255.255.255.0
23. 14.8 OSPF Sham-link
Ospf area 1
Backdoor link Redistribute vrf VNP_A ospf Lo 172.16.7.7
into vrf VPN_A bgp SW1
lo100 R6
vl67
Vpn_a
Vrf A Redistribute bgp into
vrf VPN_A ospf
Redistribute bgp into Bgp vpnv4
vrf VPN_A ospf
Ospf area1 lo100 R4
Lo1 RR
R5
172.16.5.5/24
SW2 Vl58 Redistribute vrf VNP_A ospf
into vrf VPN_A bgp
Vpn_a Lo 172.16.8.8/24
24. 14.8 OSPF Sham-link
• At R5
router ospf 100 vrf VPN_A
no domain-id 0.0.0.5
area 1 sham-link 150.1.55.55 150.1.66.66 cost 1
no network 0.0.0.0 255.255.255.255 area 1
network 155.1.58.5 0.0.0.0 area 1
int lo 200
ip vrf forwarding VPN_A
ip address 150.1.55.55 255.255.255.255
router bgp 100
address-family ipv4 vrf VPN_A
network 150.1.55.55 mask 255.255.255.255
25. • At R6
router ospf 100 vrf VNP_A
no domain-id 0.0.0.5
area 1 sham-link 150.1.66.66 150.1.55.55 cost 1
no network 0.0.0.0 255.255.255.255 area 1
network 155.1.67.6 0.0.0.0 area 1
int lo 200
ip vrf forwarding VNP_A
ip address 150.1.66.66 255.255.255.255
router bgp 100
address-family ipv4 vrf VNP_A
network 150.1.66.66 mask 255.255.255.255
26. • At SW1
int e0/3
no sw
ip address 155.1.78.7 255.255.255.0
ip ospf cost 9999
int e1/0.67
no ip vrf forwarding VPN_A
ip address 155.1.67.7 255.255.255.0
int lo101
ip add 172.16.7.7 255.255.255.0
no router ospf 1
router ospf 1
network 0.0.0.0 255.255.255.255 area 1
• At SW2
int e0/3
no sw
ip address 155.1.78.8 255.255.255.0
ip ospf cost 9999
27. 14.9 PE- CE Routing with EIGRP
EIGRP
Redistribute vrf VNP_A eigrp Lo 172.16.7.7
Delay 1000
into vrf VPN_A bgp SW1
Backdoor link R6
vl67
Vpn_a
Vrf VPN_A Redistribute bgp into
vrf VPN_A eigrp
Bgp vpnv4
Redistribute bgp into
vrf VPN_A eigrp Redistribute bgp into
vrf VPN_A eigrp
EIGRP R4
EIGRP
Lo1 RR VPN_A
R5
172.16.5.5/24
Vlan 43
Redistribute vrf VPN_A EIGRP
SW2 Vl58 204.12.1.0/24
into BGP
Redistribute vrf VNP_A eigrp
into vrf VPN_A bgp
Vpn_a Lo 172.16.8.8/24
28. 14.9 PE- CE Routing with EIGRP
• At R4
ip vrf VPN_A
rd 100:1
route-target both 100:1
router eigrp 100
no auto
address-family ipv4 vrf VPN_A
autonomous-system 100
network 204.12.1.0 0.0.0.255
redistribute bgp 100 metric 1 1 1 1 1
router bgp 100
address-family ipv4 vrf VPN_A
redistribute eigrp 100
int e0/0
ip vrf forwarding VPN_A
ip address 204.12.1.4 255.255.255.0
30. • At R6
no router ospf 100
router eigrp 100
no auto
address-family ipv4 vrf VNP_A
autononous-system 100
network 155.1.67.6 0.0.0.0
router bgp 100
address-family ipv4 vrf VNP_A
redistribute eigrp 100
31. • At SW1 – SW2
no router ospf 1
router eigrp 100
no autosumm
network 0.0.0.0 255.255.255.255
int e0/3
delay 1000 /// to be sure it will be
backdoor.
32. 14.10 EIGRP SITE OF ORIGIN BGP AS 78
Backdoor link Lo 172.16.7.7
SW1
R6
vl67
Vpn_a
Vrf VPN_A
AS100
Bgp vpnv4
BGP AS 78 R4
Lo1 RR
R5
172.16.5.5/24 R5 R6
100:15 100:16
SW2 Vl58
SW2 SW1
Vpn_a Lo 172.16.8.8/24 100:15 100:16
33. 14.10 EIGRP Site-of-Origin
• At R5
• At SW2
route-map EIGRP-SOO
route-map EIGRP-SOO
set extcommunity soo 100:15
set extcommunity soo 100:15
int e0/0 int e0/2
ip vrf sitemap EIGRP-SOO ip vrf sitemap EIGRP-SOO
• At R6 • At SW1
route-map EIGRP-SOO route-map EIGRP-SOO
set extcommunity soo 100:16 set extcommunity soo 100:16
int e0/0.67 int e0/2
ip vrf sitemap EIGRP-SOO ip vrf sitemap EIGRP-SOO
34. 14.11 PE- CE Routing with BGP BGP AS 78
Lo 172.16.7.7
SW1
R6
AS78 overrided
vl67
AS100 Vpn_a
Vrf VPN_A
AS100
Bgp vpnv4
AS78 overrided R4
BGP AS 78
AS100
Lo1 RR
R5
172.16.5.5/24
SW2 Vl58
Vpn_a Lo 172.16.8.8/24
35. 14.11 PE- CE Routing with BGP
• Farklı yerlerde aynı AS’in kullanılması; aynı AS
ile gelen bilginin alınmayacağından prefix’in
filtrelenmesine yol açar. Bunu çözmek için
allowas-in ile as-override yapabliriz.
37. • At SW1
no router eigrp 100
router bgp 78
neighbor 155.1.67.6 remote-as 100
network 150.1.7.0 mask 255.255.255.0
• At SW2
no router eigrp 100
router bgp 78
neighbor 155.1.58.5 remote-as 100
network 150.1.8.0 mask 255.255.255.0
38. 14.12 BGP SoO Attribute BGP AS 78
Lo 172.16.7.7
Backdoor link SW1
R6
vl67
Vpn_a
Soo 100:1
Vrf VPN_A
AS100
Bgp vpnv4
BGP AS 78 R4
Lo1 RR
R5
172.16.5.5/24
SW2 Vl58
Soo 100:1
Vpn_a Lo 172.16.8.8/24
39. 14.12 BGP SoO Attribute
• At R5
router bgp 100
address-family ipv4 vrf VPN_A
neighbor 155.1.58.8 soo 100:1
• At R6
router bgp 100
address-family ipv4 vrf VNP_A Bgp vpn
neighbor 155.1.67.7 soo 100:1 R5 R6
ebgp ebgp
Soo 100:1 Soo 100:1
ibgp
SW2 SW1
41. 14.13 Internet Access
• At R6
router rip
vers 2
no auto-sum
network 54.0.0.0
ip route vrf VNP_A 0.0.0.0 0.0.0.0 54.1.1.254 global
router bgp 100
address-family ipv4 vrf VNP_A
default-information originate
redistribute static
int s2/0
ip nat outside
int e0/0.146
ip nat inside
int e0/0.67
ip nat inside
ip access-list standard VPN-PREFIXES
permit 150.1.0.0 0.0.255.255
ip nat inside source list VPN-PREFIXES interface s2/0 vrf VNP_A overload
43. 14.14 AToM
• At R5
default interface e0/1
int e0/1
xconnect 150.1.6.6 100 encapsulation mpls
mpls ldp neighbor 150.1.6.6 password CISCO
• At R6
int e0/1
no sh
xconnect 150.1.5.5 100 encapsulation mpls
mpls ldp neighbor 150.1.5.5 password CISCO
44. • R5 ve R6 ya bağlı olan sw3 ve sw4
interfacelerine ip verip birbirlerini
pingleyebiliriz.
45. 14.15 L2TPV3
• At R5, similiar at R6
pseudowire-class L2TPV3
encapsulation l2tpv3
ip local interface lo0
ip pmtu
ip dfbit set
ip tos reflect
default int e0/1
int e0/1
xconnect 150.1.6.6 100 encapsulation l2tpv3 pw-class L2TPV3
R6 ile SW1 arasında yeni bir VLAN 76 oluşturalım, ip adresi 155.1.76.0/24 olsun.Vlan67 vrf group VPN_A’ya, Vlan76 VPN_B’ye ait olsun.SW1’de lo101 ve lo102 VPN_A ve VPN_B’de olsun.172.16.7.7/24 ve 192.168.7.7/24.SW1’deki her iki vrf’in de default route’u R6 olsun.R6 da yapacağımız config ile lo101 lo102yi; lo102 lo101’i pingleyebilsin.
Rack1R6#sh ip vrf Name Default RD Interfaces VNP_A 100:1 Et1/0.67 VNP_B 100:2 Et1/0.76Rack1SW1#sh ip vrf Name Default RD Interfaces VPN_A 100:1 Et1/0.67 Lo101 VPN_B 100:2 Et1/0.76 Lo102Rack1R6#pingvrfVNP_A 155.1.67.7Type escape sequence to abort.Sending 5, 100-byte ICMPEchos to 155.1.67.7, timeout is 2 seconds:!!!!!ack1R6#pingvrfVNP_B 155.1.76.7Type escape sequence to abort.Sending 5, 100-byte ICMPEchos to 155.1.76.7, timeout is 2 seconds:!!!!!Rack1R6#show ip route vrf VNP_ARouting Table: VNP_ACodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is not set 155.1.0.0/24 is subnetted, 1 subnetsC 155.1.67.0 is directly connected, Ethernet1/0.67S 192.168.7.0/24 [1/0] via 155.1.76.7, Ethernet1/0.76
R4, R5, R6; IETF standart protocol’u ile mpls labellerini değiş tokuş etsinler.LDP’yi md5 ile authenticate et; password CISCO olsun.Ldp’yi ospf enabled interfacelerde enable etmek için tek komut kullan.
Rack1R4#sh mpls ldp nei Peer LDP Ident: 150.1.5.5:0; Local LDP Ident 150.1.4.4:0 TCP connection: 150.1.5.5.14089 - 150.1.4.4.646 State: Oper; Msgs sent/rcvd: 13/13; Downstream Up time: 00:00:37 LDP discovery sources: Serial2/1, Src IP addr: 155.1.45.5 Addresses bound to peer LDP Ident: 155.1.58.5 155.1.5.5 155.1.0.5 155.1.45.5 150.1.5.5 Rack1R4#sh mpls ldp neighb passw Peer LDP Ident: 150.1.5.5:0; Local LDP Ident 150.1.4.4:0 TCP connection: 150.1.5.5.14089 - 150.1.4.4.646 Password: required, neighbor, in use State: Oper; Msgs sent/rcvd: 14/14Rack1R5#sh mpls forwarding-table Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or VC or Tunnel Id Switched interface 16 16 54.1.1.0/24 0 Se2/1 point2point 17 Pop Label 150.1.4.4/32 0 Se2/1 point2point 18 18 150.1.6.6/32 0 Se2/1 point2point 19 Pop Label 155.1.146.0/24 0 Se2/1 point2point 20 Pop Label 204.12.1.0/24 0 Se2/1 point2point
R4, R5, R6 da sadece lo0 interface’i için olan label advertisement’lar alınsın.Default davranış olarak routing tablo’sunda olan bütün prefix’ler için ldp üretir.Rack1R4#sh mpls forwLocal Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or VC or Tunnel Id Switched interface 16 No Label 54.1.1.0/24 0 Et0/1 155.1.146.6 17 Pop Label 150.1.5.5/32 0 Se2/1 point2point 18 No Label 150.1.6.6/32 0 Et0/1 155.1.146.6 19 No Label 155.1.5.0/24 0 Se2/1 point2point 20 No Label 155.1.58.0/24 0 Se2/1 point2point
R5’te iki yeni VRF yapalım VPN_A ve VPN_B; bunlara vlan 58 ve vlan 5’i assign edelim.R4 bgp route-reflector olacak şekilde; R5 ve R6 arasında vpn route’larını exchange edelim.IPv4 default olarak active edilmesin
------------------------------------------------------------------------------Vpnv4 prefix exchange için source lo0 olmalı bu lo0 /32 olmalı.Bir vrf prefix’ini bgp’ye inject etmek için önce vpnv4’u active etmelisin; sonra bu route’ları bgp’ye redistribute etmelisin. İnject edilen routelar RD’leri ile birlikte edilir ve vpn label’ları oluşturulur.
Rack1R5#sh ip route vrf VPN_ARouting Table: VPN_ACodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is not set 155.1.0.0/24 is subnetted, 2 subnetsC 155.1.58.0 is directly connected, Ethernet0/0B 155.1.67.0 [200/0] via 150.1.6.6, 00:01:04B 192.168.7.0/24 [200/0] via 150.1.6.6, 00:01:04Rack1R4#sh bgp vpnv4 unicast allBGP table version is 7, local router ID is 150.1.4.4Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S StaleOrigin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:1*>i155.1.58.0/24 150.1.5.5 0 100 0 ?*>i155.1.67.0/24 150.1.6.6 0 100 0 ?*>i192.168.7.0 150.1.6.6 0 100 0 ?Route Distinguisher: 100:2*>i155.1.5.0/24 150.1.5.5 0 100 0 ?*>i155.1.76.0/24 150.1.6.6 0 100 0 ?*>i172.16.7.0/24 150.1.6.6 0 100 0 ?
R5 te VRF VPN_A da yeni lo 101 ip adresi 172.16.5.5/24R6 te VRF VNP_B da yeni lo 101 ip adresi 192.168.6.6/24Bu iki subnet için çift yönlü erişilebilirliği sağla.R6’nın VNP_A’sı 172.16.5.0/24 u ve R5’in VPN_B’si 192.168.6.0/24’u gormesin.
PE- CE routing protocol’u olarak VPN_B’de RIP kullan. Static route’u kaldır.R4’te VLAN_43’ü VPN_B ‘ye dahil et.CE router’larından öğrenilen RIP metriğini koru.
Rack1SW1#sh ip route vrf VPN_BRouting Table: VPN_BCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is 155.1.76.6 to network 0.0.0.0R 204.12.1.0/24 [120/1] via 155.1.76.6, 00:00:06, Ethernet1/0.76 155.1.0.0/24 is subnetted, 2 subnetsR 155.1.5.0 [120/1] via 155.1.76.6, 00:00:06, Ethernet1/0.76C 155.1.76.0 is directly connected, Ethernet1/0.76C 192.168.7.0/24 is directly connected, Loopback102 31.0.0.0/16 is subnetted, 4 subnetsR 31.3.0.0 [120/2] via 155.1.76.6, 00:00:06, Ethernet1/0.76R 31.2.0.0 [120/2] via 155.1.76.6, 00:00:06, Ethernet1/0.76R 31.1.0.0 [120/2] via 155.1.76.6, 00:00:06, Ethernet1/0.76R 31.0.0.0 [120/2] via 155.1.76.6, 00:00:06, Ethernet1/0.76 30.0.0.0/16 is subnetted, 4 subnetsR 30.2.0.0 [120/2] via 155.1.76.6, 00:00:07, Ethernet1/0.76R 30.3.0.0 [120/2] via 155.1.76.6, 00:00:07, Ethernet1/0.76R 30.0.0.0 [120/2] via 155.1.76.6, 00:00:07, Ethernet1/0.76R 30.1.0.0 [120/2] via 155.1.76.6, 00:00:07, Ethernet1/0.76S* 0.0.0.0/0 [1/0] via 155.1.76.6
PE-CE routing protocol’u olarak VPN_A side’larında OSPF kullan; area id 1 olsunR6 ve R5’te aynı OSPF process-id’sini kullan, SW1 ve SW2 birbirlerine ulaşabilsinler.SW2 de yeni bir lo 172.16.8.8/24 ile oluştur. R6 bunun sadece /16 summary’sini gorsun.
Rack1R5#sh ip ospf 100 Routing Process "ospf 100" with ID 155.1.58.5 Domain ID type 0x0005, value 0.0.0.5 Start time: 00:32:00.932, Time elapsed: 00:03:47.320 Supports only single TOS(TOS0) routes Supports opaque LSA Supports Link-local Signaling (LLS) Supports area transit capability Connected to MPLS VPN Superbackbone, VRF VPN_A It is an area border and autonomous system boundary routerRack1R6#sh bgp vpnv4 unicast vrf VNP_A 172.16.8.8BGP routing table entry for 100:1:172.16.8.8/32, version 45Paths: (1 available, best #1, table VNP_A)Flag: 0x820 Not advertised to any peer Local 150.1.5.5 (metric 75) from 150.1.4.4 (150.1.4.4) Origin incomplete, metric 11, localpref 100, valid, internal, best Extended Community: RT:100:1 OSPF DOMAIN ID:0x0005:0x000000050200 OSPF RT:0.0.0.1:2:0 OSPF ROUTER ID:155.1.58.5:512 Originator: 172.16.5.5, Cluster list: 150.1.4.4 mpls labels in/out nolabel/22
Rack1SW2#*Dec 14 08:45:45.763: %SYS-5-CONFIG_I: Configured from console by consoleRack1SW2#sh ip route ospf 155.1.0.0/24 is subnetted, 5 subnetsO E2 155.1.76.0 [110/1] via 155.1.58.5, 00:00:36, Ethernet1/0O E2 155.1.67.0 [110/1] via 155.1.58.5, 00:00:36, Ethernet1/0 172.16.0.0/16 is variably subnetted, 4 subnets, 3 masksO E2 172.16.7.0/24 [110/1] via 155.1.58.5, 00:00:36, Ethernet1/0O E2 172.16.7.7/32 [110/11] via 155.1.58.5, 00:00:36, Ethernet1/0O E2 172.16.0.0/16 [110/11] via 155.1.58.5, 00:00:15, Ethernet1/0O E2 192.168.6.0/24 [110/1] via 155.1.58.5, 00:00:36, Ethernet1/0O E2 192.168.7.0/24 [110/1] via 155.1.58.5, 00:00:36, Ethernet1/0
Rack1SW1#sh ip route vrf VPN_ARouting Table: VPN_ACodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is 155.1.67.6 to network 0.0.0.0 155.1.0.0/16 is variably subnetted, 4 subnets, 2 masksO E2 155.1.8.8/32 [110/11] via 155.1.67.6, 00:01:06, Ethernet1/0.67O E2 155.1.58.0/24 [110/1] via 155.1.67.6, 00:01:44, Ethernet1/0.67C 155.1.67.0/24 is directly connected, Ethernet1/0.67O E2 155.1.108.0/24 [110/20] via 155.1.67.6, 00:01:06, Ethernet1/0.67 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masksC 172.16.7.0/24 is directly connected, Loopback101O E2 172.16.0.0/16 [110/11] via 155.1.67.6, 00:01:05, Ethernet1/0.67 150.1.0.0/32 is subnetted, 1 subnetsO E2 150.1.8.8 [110/11] via 155.1.67.6, 00:01:06, Ethernet1/0.67S* 0.0.0.0/0 [1/0] via 155.1.67.6
PE-CE routing protocol’u olarak VPN_A side’larında OSPF kullan; area id 1 olsunR6 ve R5’te aynı OSPF process-id’sini kullan, SW1 ve SW2 birbirlerine ulaşabilsinler.SW2 de yeni bir lo 172.16.8.8/24 ile oluştur. R6 bunun sadece /16 summary’sini gorsun.
SW1 pure CE router olsun, vrf-lite’ı kaldır.R5 ve R6 VPN_A sideları arasında ospf routing calıssın. SW1 SW2 arasında bir L3 backdoor linki yapalım.R5 ve R6 VPN_A ospf process domain-id’lerini aynı yapalım.SW1 ve SW2 mpls core yolunu tercih etsin.
Rack1R5#shipospf sham-liSham Link OSPF_SL0 to address 150.1.66.66 is upArea 1 source address 150.1.55.55 Run as demand circuitDoNotAgeLSA allowed. Cost of using 1 State POINT_TO_POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Hello due in 00:00:09
VPN_A’da PE-CE arasında EIGRP kullan; backdoor kullanımda olsun; primary path mpls vpn cloud olsun.R4’un vlan 43’u VPN_A’da olsun, bunu da EIGRP’ye advertise et. Butun EIGRP routerları aynı AS’te olsun
R5 ve R6’da eigrp – mp-bgp redistribution’ından kaynaklanan gecici routing-loop’ları engelleyin.SW1 – SW2 arasında ki primary path, MPLS VPN core’u olsun.PE 1 - CE 1 aynı 100:15; PE2 – CE2 aynı 100:16.
R5, R6, SW1, SW2 deki eigrp configlerini kaldır.SW1, SW2, R5, R6 da Bgp AS 78 configure et.Lo0’larını SW1 ve SW2’de BGP’ye advertise et.
Rack1SW2#sh ip route bgpB 204.12.1.0/24 [20/0] via 155.1.58.5, 00:03:30 155.1.0.0/24 is subnetted, 6 subnetsB 155.1.76.0 [20/0] via 155.1.58.5, 00:03:30B 155.1.67.0 [20/0] via 155.1.58.5, 00:03:30 172.16.0.0/24 is subnetted, 2 subnetsB 172.16.7.0 [20/0] via 155.1.58.5, 00:03:30B 192.168.6.0/24 [20/0] via 155.1.58.5, 00:03:30B 192.168.7.0/24 [20/0] via 155.1.58.5, 00:03:30 150.1.0.0/16 is variably subnetted, 4 subnets, 2 masksB 150.1.7.0/24 [20/0] via 155.1.58.5, 00:00:56B 150.1.66.66/32 [20/0] via 155.1.58.5, 00:03:30B 150.1.55.55/32 [20/0] via 155.1.58.5, 00:03:30Rack1SW2#sh ip bgpBGP table version is 13, local router ID is 172.16.8.8Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S StaleOrigin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path*> 150.1.7.0/24 155.1.58.5 0 100 100 i*> 150.1.8.0/24 0.0.0.0 0 32768 i*> 150.1.55.55/32 155.1.58.5 0 0 100 i*> 150.1.66.66/32 155.1.58.5 0 100 ir> 155.1.58.0/24 155.1.58.5 0 0 100 ?*> 155.1.67.0/24 155.1.58.5 0 100 ?*> 155.1.76.0/24 155.1.58.5 0 100 ?*> 172.16.7.0/24 155.1.58.5 0 100 ?*> 192.168.6.0 155.1.58.5 0 100 ?*> 192.168.7.0 155.1.58.5 0 100 ?*> 204.12.1.0 155.1.58.5 0 100 ?
Rack1R6#sh ip bgp vpnv4 vrf VNP_A 150.1.8.0BGP routing table entry for 100:1:150.1.8.0/24, version 144Paths: (1 available, best #1, table VNP_A)Flag: 0x820 Advertised to update-groups: 1 78 155.1.67.7 from 155.1.67.7 (155.1.7.7) Origin IGP, localpref 100, valid, external, best Extended Community: SoO:100:1 RT:100:1 mpls labels in/out 24/nolabelRack1R6#sh ip bgp vpnv4 vrf VNP_A neighbor 155.1.67.7 advBGP table version is 144, local router ID is 150.1.6.6Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S StaleOrigin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:1 (default for vrf VNP_A)*>i150.1.55.55/32 150.1.5.5 0 100 0 i*> 150.1.66.66/32 0.0.0.0 0 32768 i*>i155.1.58.0/24 150.1.5.5 0 100 0 ?*> 155.1.67.0/24 0.0.0.0 0 32768 ?*> 192.168.7.0 0.0.0.0 0 32768 ?*>i204.12.1.0 150.1.4.4 0 100 0 ?Total number of prefixes 6
R6’nın BB1 interface’inde RIP’ı enable et, boylelikle VNP_A müşterileri bu route’lara erişebilsin. 1 adet static route kullanmaya iznin var.Sadece 150.1.0.0/16 route’larının internete çıkış izni olsun.Rack1SW1#show ip routeCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static routeGateway of last resort is 155.1.67.6 to network 0.0.0.0B 204.12.1.0/24 [20/0] via 155.1.67.6, 00:58:36 155.1.0.0/24 is subnetted, 7 subnetsC 155.1.7.0 is directly connected, Loopback7B 155.1.58.0 [20/0] via 155.1.67.6, 00:58:36C 155.1.37.0 is directly connected, Ethernet0/3C 155.1.78.0 is directly connected, Ethernet0/2C 155.1.79.0 is directly connected, Ethernet0/0B 155.1.76.0 [200/0] via 155.1.58.5, 00:32:20C 155.1.67.0 is directly connected, Ethernet1/0.67 172.16.0.0/24 is subnetted, 1 subnetsB 172.16.7.0 [200/0] via 155.1.58.5, 00:32:20B 192.168.6.0/24 [200/0] via 155.1.58.5, 00:32:20B 192.168.7.0/24 [20/0] via 155.1.67.6, 00:58:36 150.1.0.0/16 is variably subnetted, 4 subnets, 2 masksC 150.1.7.0/24 is directly connected, Loopback0B 150.1.66.66/32 [20/0] via 155.1.67.6, 00:58:37B 150.1.55.55/32 [20/0] via 155.1.67.6, 00:58:37B 150.1.8.0/24 [200/0] via 155.1.78.8, 00:32:21B* 0.0.0.0/0 [20/0] via 155.1.67.6, 00:01:11Rack1R6#sh ip route ripR 212.18.1.0/24 [120/1] via 54.1.1.254, 00:00:18, Serial2/0R 212.18.0.0/24 [120/1] via 54.1.1.254, 00:00:18, Serial2/0R 212.18.3.0/24 [120/1] via 54.1.1.254, 00:00:18, Serial2/0R 212.18.2.0/24 [120/1] via 54.1.1.254, 00:00:18, Serial2/0
R5 vlan 5 ile R6 nın kullanılmayan bir interface’inde p2p l2vpn kur.Kullanacağın metod minimum overhead getirsin.
“100” vc id’si.Rack1R6#sh mpls l2transport vc detailLocal interface: Et0/1 up, line protocol up, Ethernet up Destination address: 150.1.5.5, VC ID: 100, VC status: down Output interface: none, imposed label stack {} Preferred path: not configured Default path: no route No adjacency Create time: 00:00:44, last status change time: 00:00:40 Signaling protocol: LDP, peer 150.1.5.5:0 up MPLS VC labels: local 28, remote 24 Group ID: local 0, remote 0 MTU: local 1500, remote 1500 Remote interface description: Sequencing: receive disabled, send disabled VC statistics: packet totals: receive 0, send 0 byte totals: receive 0, send 0 packet drops: receive 0, seq error 0, send 0
Bir önceki örnekte mpls yerine l2tpv3 kullanalım. Pkaetlerin hicbir zaman fragmante olmadığdan emin olalım, automatic mtu detection açık olsun.Rack1R5#sh l2tp session all
PE ve P router’larında yapacağımız config ile CE side’larında meydana gelen topology change’in iletim süresini minimize edelim.