MPLS VPN Model
It is important to become familiar with the terminology concerning MPLS VPN.A service provider is providing the common public infrastructure that customers use.
A PE router is a provider edge (PE) router. It has a direct connection with the customer edge (CE) router at Layer 3.
A Provider (P) router is a router without the direct connection to the routers of the customer. In the MPLS VPN implementation, both P and PE routers run MPLS. This means that they must be able to distribute labels between them and forward labeled packets.
A CE router has a direct Layer 3 connection with the PE router. A customer (C) router is a router without a direct connection with the PE router. A CE router does not need to run MPLS.
Because the CE and PE routers interact at Layer 3, they must run a routing protocol (or static routing) between them. The CE router has only one peer outside of its own site: the PE router. If the CE router is multihomed, it can peer with multiple PE routers. The CE router does not peer with any of the CE routers from the other sites across the service provider network.
Architectural Overview of MPLS VPN
To achieve MPLS VPN, you need some basic building blocks on the PE routers. These building blocks are the following: VRF, route distinguisher (RD), route targets (RT), route propagation through MP-BGP, and forwarding of labeled packets.
Virtual Routing Forwarding (VRF)
A virtual routing and forwarding (VRF) is a VPN routing and forwarding instance. It is the name for the combination of the VPN routing table, the VRF Cisco Express Forwarding (CEF) table, and the associated IP routing protocols on the PE router. A PE router has a VRF instance for each attached VPN.
You create the VRF on the PE router with the ip vrf command. You use the ip vrf forwarding command to assign PE-CE interfaces on the PE router to a VRF.The VRF routing table does not differ from a regular routing table in Cisco IOS other than that it is used for a set of VPN sites only and is completely separated from all other routing tables.
Route Distinguisher (RD)
The VPN prefixes are propagated across the MPLS VPN network by Multiprotocol BGP (MPBGP). The concept of RDs was conceived to make IPv4 prefixes unique. The basic idea is that each prefix from each customer receives a unique identifier (the RD) to distinguish the same prefix from different customers. A prefix derived from the combination of the IPv4 prefix and the RD is called a vpnv4 prefix. MP-BGP needs to carry these vpnv4 prefixes between the PE routers.
Route Target (RT)
The communication between sites is controlled by another MPLS VPN feature called RTs. An RT is a BGP extended community that indicates which routes should be imported from MPBGP into the VRF. Exporting an RT means that the exported vpnv4 route receives an additional BGP extended community, this is the RT, as configured under ip vrf on the PE router, when the route is redistributed from the VRF routing table into MP-BGP. Importing an RT means that the received vpnv4 route from MP-BGP is checked for a matching extended community, this is the route target, with the ones in the configuration. If
Border Gateway Protocol (BGP)
The combination of the RD with the IPv4 prefix makes up the vpnv4 prefix. It is this vpnv4 prefix that iBGP needs to carry between the PE routers. BGP advertises the vpnv4 prefixes in the MPLS VPN network. This is not enough to be able to forward the VPN traffic correctly. For the egress PE router to be able to forward the VPN traffic correctly to the CE router, it must forward the packet based on a label. The egress PE router can map such a label to the vpnv4 prefix, it is called the VPN label. The egress PE router must advertise the label along with the vpnv4 prefix to the possible ingress PE routers.
Packet Forwarding in an MPLS VPN Network
The VRF-to-VRF traffic has two labels in the MPLS VPN network. The top label is the IGP label and is distributed by LDP or RSVP for TE between all P and PE routers hop by hop. The bottom label is the VPN label that is advertised by MP-iBGP from PE to PE. P routers use the IGP label to forward the packet to the correct egress PE router. The egress PE router uses the VPN label to forward the IP packet to the correct CE router.
Step 1: Configure iBGP between PE Routers. Use a Route Reflector for scalability since you'll need an iBGP mesh or peering for each PE Routers.
Step 2: Configure VRF, Route Distinguisher (RD) and Route Target (RT)
It is important to become familiar with the terminology concerning MPLS VPN.A service provider is providing the common public infrastructure that customers use.
A PE router is a provider edge (PE) router. It has a direct connection with the customer edge (CE) router at Layer 3.
A Provider (P) router is a router without the direct connection to the routers of the customer. In the MPLS VPN implementation, both P and PE routers run MPLS. This means that they must be able to distribute labels between them and forward labeled packets.
A CE router has a direct Layer 3 connection with the PE router. A customer (C) router is a router without a direct connection with the PE router. A CE router does not need to run MPLS.
Because the CE and PE routers interact at Layer 3, they must run a routing protocol (or static routing) between them. The CE router has only one peer outside of its own site: the PE router. If the CE router is multihomed, it can peer with multiple PE routers. The CE router does not peer with any of the CE routers from the other sites across the service provider network.
Architectural Overview of MPLS VPN
To achieve MPLS VPN, you need some basic building blocks on the PE routers. These building blocks are the following: VRF, route distinguisher (RD), route targets (RT), route propagation through MP-BGP, and forwarding of labeled packets.
Virtual Routing Forwarding (VRF)
A virtual routing and forwarding (VRF) is a VPN routing and forwarding instance. It is the name for the combination of the VPN routing table, the VRF Cisco Express Forwarding (CEF) table, and the associated IP routing protocols on the PE router. A PE router has a VRF instance for each attached VPN.
You create the VRF on the PE router with the ip vrf command. You use the ip vrf forwarding command to assign PE-CE interfaces on the PE router to a VRF.The VRF routing table does not differ from a regular routing table in Cisco IOS other than that it is used for a set of VPN sites only and is completely separated from all other routing tables.
Route Distinguisher (RD)
The VPN prefixes are propagated across the MPLS VPN network by Multiprotocol BGP (MPBGP). The concept of RDs was conceived to make IPv4 prefixes unique. The basic idea is that each prefix from each customer receives a unique identifier (the RD) to distinguish the same prefix from different customers. A prefix derived from the combination of the IPv4 prefix and the RD is called a vpnv4 prefix. MP-BGP needs to carry these vpnv4 prefixes between the PE routers.
Route Target (RT)
The communication between sites is controlled by another MPLS VPN feature called RTs. An RT is a BGP extended community that indicates which routes should be imported from MPBGP into the VRF. Exporting an RT means that the exported vpnv4 route receives an additional BGP extended community, this is the RT, as configured under ip vrf on the PE router, when the route is redistributed from the VRF routing table into MP-BGP. Importing an RT means that the received vpnv4 route from MP-BGP is checked for a matching extended community, this is the route target, with the ones in the configuration. If
Border Gateway Protocol (BGP)
The combination of the RD with the IPv4 prefix makes up the vpnv4 prefix. It is this vpnv4 prefix that iBGP needs to carry between the PE routers. BGP advertises the vpnv4 prefixes in the MPLS VPN network. This is not enough to be able to forward the VPN traffic correctly. For the egress PE router to be able to forward the VPN traffic correctly to the CE router, it must forward the packet based on a label. The egress PE router can map such a label to the vpnv4 prefix, it is called the VPN label. The egress PE router must advertise the label along with the vpnv4 prefix to the possible ingress PE routers.
Packet Forwarding in an MPLS VPN Network
The VRF-to-VRF traffic has two labels in the MPLS VPN network. The top label is the IGP label and is distributed by LDP or RSVP for TE between all P and PE routers hop by hop. The bottom label is the VPN label that is advertised by MP-iBGP from PE to PE. P routers use the IGP label to forward the packet to the correct egress PE router. The egress PE router uses the VPN label to forward the IP packet to the correct CE router.
Step 1: Configure iBGP between PE Routers. Use a Route Reflector for scalability since you'll need an iBGP mesh or peering for each PE Routers.
R1-PE1#show
mpls forwarding-table 10.5.5.5 //
ENSURE R5-PE2 LOOPBACK IS REACHABLE
Local Outgoing
Prefix Bytes Label Outgoing
Next Hop
Label Label
or Tunnel Id Switched interface
106 205 10.5.5.5/32 0 Fa0/0 10.12.0.2
R1-PE1#show
ip cef 10.5.5.5
10.5.5.5/32
nexthop 10.12.0.2 FastEthernet0/0 label 205
R1-PE1#traceroute
10.5.5.5
Type
escape sequence to abort.
Tracing
the route to 10.5.5.5
VRF info:
(vrf in name/id, vrf out name/id)
1 10.12.0.2 [MPLS: Label 205 Exp 0] 88 msec
44 msec 44 msec
2 10.23.0.3 [MPLS: Label 309 Exp 0] 44 msec
52 msec 44 msec
3 10.34.0.4 [MPLS: Label 405 Exp 0] 44 msec
12 msec 64 msec
4 10.45.0.5 40 msec 56 msec 60 msec
R1-PE1#configure
terminal
Enter
configuration commands, one per line.
End with CNTL/Z.
R1-PE1(config)#router
bgp 65000
R1-PE1(config-router)#neighbor
10.5.5.5 ?
activate Enable the Address Family for
this Neighbor
advertise Advertise to this neighbor
advertise-map specify route-map for conditional
advertisement
advertisement-interval Minimum interval between sending BGP routing
updates
allowas-in Accept as-path with my AS
present in it
capability Advertise capability to the peer
default-originate Originate default route to this
neighbor
description Neighbor specific description
disable-connected-check one-hop away EBGP peer using loopback address
distribute-list Filter updates to/from this neighbor
dmzlink-bw Propagate the DMZ link bandwidth
ebgp-multihop Allow EBGP neighbors not on
directly connected
networks
fall-over session fall on peer route lost
filter-list Establish BGP filters
ha-mode high availability mode
inherit Inherit a template
local-as Specify a local-as number
maximum-prefix Maximum number of prefixes accepted
from this peer
next-hop-self Disable the next hop calculation
for this neighbor
next-hop-unchanged Propagate next hop unchanged for iBGP
paths to this
neighbor
password Set a password
peer-group Member of the peer-group
prefix-list Filter updates to/from this
neighbor
remote-as Specify a BGP neighbor
remove-private-as Remove private AS number from outbound
updates
route-map Apply route map to neighbor
route-reflector-client Configure a neighbor as Route Reflector
client
route-server-client Configure a neighbor as Route Server
client
send-community Send Community attribute to this
neighbor
send-label Send NLRI + MPLS Label to this
peer
shutdown Administratively shut down
this neighbor
slow-peer Configure slow-peer
soft-reconfiguration Per neighbor soft reconfiguration
soo Site-of-Origin extended
community
timers BGP per neighbor timers
translate-update Translate Update to MBGP format
transport Transport options
ttl-security BGP ttl security check
unsuppress-map Route-map to selectively unsuppress
suppressed
routes
update-source Source of routing updates
version Set the BGP version to match
a neighbor
weight Set default weight for
routes from this neighbor
R1-PE1(config-router)#neighbor
10.5.5.5 remote-as 65000 // IBGP
PEERING WITH R5-PE2 (IPv4)
R1-PE1(config-router)#neighbor
10.5.5.5 update-source ?
Async Async interface
Auto-Template Auto-Template interface
BVI Bridge-Group Virtual Interface
CDMA-Ix CDMA Ix interface
CTunnel CTunnel interface
Dialer Dialer interface
FastEthernet FastEthernet IEEE 802.3
GMPLS MPLS interface
LISP Locator/ID Separation Protocol
Virtual Interface
LongReachEthernet Long-Reach Ethernet interface
Loopback Loopback interface
MFR Multilink Frame Relay bundle
interface
Multilink Multilink-group interface
Null Null interface
Port-channel Ethernet Channel of interfaces
Tunnel Tunnel interface
Vif PGM Multicast Host interface
Virtual-PPP Virtual PPP interface
Virtual-Template Virtual Template interface
Virtual-TokenRing Virtual TokenRing
vmi Virtual Multipoint Interface
R1-PE1(config-router)#neighbor
10.5.5.5 update-source loopback0
R1-PE1(config-router)#address-family
?
ipv4
Address family
ipv6
Address family
l2vpn
Address family
nsap
Address family
rtfilter
Address family
vpnv4 Address family
vpnv6
Address family
R1-PE1(config-router)#address-family
vpnv4 // CONFIGURE MP-BGP FOR VPNv4
R1-PE1(config-router-af)#?
Router
Address Family configuration commands:
bgp BGP specific commands
default Set a command to its defaults
exit-address-family Exit from Address Family configuration mode
help Description of the interactive
help system
maximum-paths Forward packets over multiple paths
neighbor Specify a neighbor router
no Negate a command or set its
defaults
snmp Modify snmp parameters
R1-PE1(config-router-af)#neighbor
10.5.5.5 ?
activate Enable the Address Family for
this Neighbor
advertise Advertise to this neighbor
advertisement-interval Minimum interval between sending BGP routing
updates
allowas-in Accept as-path with my AS present
in it
capability Advertise capability to the peer
distribute-list Filter updates to/from this neighbor
dmzlink-bw Propagate the DMZ link bandwidth
filter-list Establish BGP filters
inherit Inherit a template
inter-as-hybrid Inter AS Hybrid mode
maximum-prefix Maximum number of prefixes accepted
from this peer
next-hop-self Disable the next hop calculation for
this neighbor
next-hop-unchanged Propagate next hop unchanged for iBGP
paths to this
neighbor
prefix-list Filter updates to/from this
neighbor
remove-private-as Remove private AS number from outbound
updates
route-map Apply route map to neighbor
route-reflector-client Configure a neighbor as Route Reflector
client
send-community Send Community attribute to this
neighbor
slow-peer Configure slow-peer
soft-reconfiguration Per neighbor soft reconfiguration
soo Site-of-Origin extended
community
unsuppress-map Route-map to selectively unsuppress
suppressed routes
weight Set default weight for routes
from this neighbor
R1-PE1(config-router-af)#neighbor
10.5.5.5 activate
R1-PE1(config-router-af)#neighbor
10.5.5.5 send-community ?
both
Send Standard and Extended Community attributes
extended
Send Extended Community attribute
standard
Send Standard Community attribute
<cr>
R1-PE1(config-router-af)#neighbor
10.5.5.5 send-community extended
R1-PE1(config-router-af)#end
R1-PE1#
*Nov 23
07:26:19.072: %BGP_SESSION-5-ADJCHANGE: neighbor 10.5.5.5 VPNv4 Unicast
topology base removed from session
Capability changed
*Nov 23 07:26:19.076: %BGP-5-ADJCHANGE: neighbor
10.5.5.5 Up
R1-PE1#
*Nov 23
07:29:18.988: %BGP-5-ADJCHANGE: neighbor 10.5.5.5 Down Peer closed the session
*Nov 23
07:29:18.992: %BGP_SESSION-5-ADJCHANGE: neighbor 10.5.5.5 IPv4 Unicast topology
base removed from session Peer closed
the session
*Nov 23 07:29:19.668: %BGP-5-ADJCHANGE: neighbor
10.5.5.5 Up
R5-PE2#configure
terminal
Enter
configuration commands, one per line.
End with CNTL/Z.
R5-PE2(config)#router
bgp 65000
R5-PE2(config-router)#neighbor
10.1.1.1 remote-as 65000
*Nov 23 07:26:49.184: %BGP-5-ADJCHANGE: neighbor
10.1.1.1 Up
R5-PE2(config-router)#neighbor
10.1.1.1 remote-as update-source loopback0
R5-PE2(config-router)#neighbor
10.1.1.1 update-source loopback0
R5-PE2(config-router)#address-family
vpnv4
R5-PE2(config-router-af)#neighbor
10.1.1.1 activate
*Nov 23
07:29:49.012: %BGP-5-ADJCHANGE: neighbor 10.1.1.1 Down Capability changed
*Nov 23
07:29:49.012: %BGP_SESSION-5-ADJCHANGE: neighbor 10.1.1.1 IPv4 Unicast topology
base removed from session Capability
changed
*Nov 23 07:29:49.700: %BGP-5-ADJCHANGE: neighbor
10.1.1.1 Up
R5-PE2(config-router-af)#neighbor
10.1.1.1 send-community extended
R5-PE2(config-router-af)#end
R5-PE2#
R1-PE1#show
ip bgp neighbors | sec capabilities
Neighbor capabilities:
Route refresh: advertised and received(new)
Four-octets ASN Capability: advertised and
received
Address
family IPv4 Unicast: advertised and received
Address
family VPNv4 Unicast: advertised and received
Enhanced Refresh Capability: advertised and
received
Multisession Capability:
Stateful switchover support enabled: NO for
session 1
R1-PE1#show
ip bgp neighbors
BGP
neighbor is 10.5.5.5, remote AS 65000,
internal link
BGP version 4, remote router ID 10.5.5.5
BGP state =
Established, up for 00:02:30
// BGP USES TCP PORT 179
Last read 00:00:45, last write 00:00:38, hold
time is 180, keepalive interval is 60 seconds
Neighbor sessions:
1 active, is not multisession capable
(disabled)
Neighbor capabilities:
Route refresh: advertised and received(new)
Four-octets ASN Capability: advertised and
received
Address
family IPv4 Unicast: advertised and received
Address
family VPNv4 Unicast: advertised and received
Enhanced Refresh Capability: advertised and
received
Multisession Capability:
Stateful switchover support enabled: NO for
session 1
Message statistics:
InQ depth is 0
OutQ depth is 0
Sent Rcvd
Opens: 1 1
Notifications: 0 0
Updates: 2 2
Keepalives: 4 4
Route Refresh: 0 0
Total: 7 7
Default minimum time between advertisement
runs is 0 seconds
For address
family: IPv4 Unicast
Session: 10.5.5.5
BGP table version 1, neighbor version 1/0
Output queue size : 0
Index 2, Advertise bit 0
2 update-group member
Slow-peer detection is disabled
Slow-peer split-update-group dynamic is
disabled
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 0 0
Prefixes Total: 0 0
Implicit Withdraw: 0 0
Explicit Withdraw: 0 0
Used as bestpath: n/a 0
Used as multipath: n/a 0
Outbound Inbound
Local Policy Denied Prefixes: --------
-------
Total: 0 0
Number of NLRIs in the update sent: max 0,
min 0
Last detected as dynamic slow peer: never
Dynamic slow peer recovered: never
Refresh Epoch: 1
Last Sent Refresh Start-of-rib: never
Last Sent Refresh End-of-rib: never
Last Received Refresh Start-of-rib: never
Last Received Refresh End-of-rib: never
Sent Rcvd
Refresh activity: ---- ----
Refresh Start-of-RIB 0 0
Refresh End-of-RIB 0 0
For address
family: VPNv4 Unicast
Session: 10.5.5.5
BGP table version 1, neighbor version 1/0
Output queue size : 0
Index 1, Advertise bit 0
1 update-group member
Slow-peer detection is disabled
Slow-peer split-update-group dynamic is
disabled
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 0 0
Prefixes Total: 0 0
Implicit Withdraw: 0 0
Explicit Withdraw: 0 0
Used as bestpath: n/a 0
Used as multipath: n/a 0
Outbound Inbound
Local Policy Denied Prefixes: --------
-------
Total: 0 0
Number of NLRIs in the update sent: max 0,
min 0
Last detected as dynamic slow peer: never
Dynamic slow peer recovered: never
Refresh Epoch: 1
Last Sent Refresh Start-of-rib: never
Last Sent Refresh End-of-rib: never
Last Received Refresh Start-of-rib: never
Last Received Refresh End-of-rib: never
Sent Rcvd
Refresh activity: ---- ----
Refresh Start-of-RIB 0 0
Refresh End-of-RIB 0 0
Address tracking is enabled, the RIB does
have a route to 10.5.5.5
Connections established 2; dropped 1
Last reset 00:02:31, due to Peer closed the
session of session 1
Transport(tcp) path-mtu-discovery is enabled
Graceful-Restart is disabled
Connection
state is ESTAB, I/O status: 1, unread input bytes: 0
Connection
is ECN Disabled, Mininum incoming TTL 0, Outgoing TTL 255
Local
host: 10.1.1.1, Local port: 179
Foreign
host: 10.5.5.5, Foreign port: 35099
Connection
tableid (VRF): 0
Maximum
output segment queue size: 50
Enqueued
packets for retransmit: 0, input: 0
mis-ordered: 0 (0 bytes)
Event
Timers (current time is 0x1422C71C):
Timer Starts Wakeups Next
Retrans 6 0 0x0
TimeWait 0 0 0x0
AckHold 5 2 0x0
SendWnd 0 0 0x0
KeepAlive 0 0 0x0
GiveUp 0 0 0x0
PmtuAger 0 0 0x0
DeadWait 0 0 0x0
Linger 0 0 0x0
ProcessQ 0 0 0x0
iss: 635552372
snduna: 635552566 sndnxt:
635552566
irs:
1456967524 rcvnxt: 1456967718
sndwnd: 16191
scale: 0 maxrcvwnd:
16384
rcvwnd: 16191
scale: 0 delrcvwnd:
193
SRTT: 551
ms, RTTO: 3075 ms, RTV: 2524 ms, KRTT: 0 ms
minRTT:
60 ms, maxRTT: 1000 ms, ACK hold: 200 ms
Status
Flags: passive open, gen tcbs
Option
Flags: nagle, path mtu capable
IP
Precedence value : 6
Datagrams
(max data segment is 1436 bytes):
Rcvd: 14
(out of order: 0), with data: 7, total data bytes: 193
Sent: 13
(retransmit: 0, fastretransmit: 0, partialack: 0, Second Congestion: 0), with
data: 7, total data bytes: 193
Packets received in fast path: 0, fast
processed: 0, slow path: 0
fast lock acquisition failures: 0, slow path:
0
TCP
Semaphore 0x6A3985F8 FREE
R1-PE1#ping
mpls ?
ipv4
Target specified as an IPv4 address
pseudowire
Target VC specified as an IPv4 address and VC ID
traffic-eng
Target specified as TE tunnel interface
<cr>
R1-PE1#ping
mpls ipv4 ?
A.B.C.D
{/nn || A.B.C.D} Target FEC
address with mask
R1-PE1#ping
mpls ipv4 10.5.5.5/32
Sending
5, 100-byte MPLS Echos to 10.5.5.5/32,
timeout is 2 seconds, send interval is 0
msec:
Codes:
'!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' -
unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping,
'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported
tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature
termination of LSP,
'R' - transit router, 'I' - unknown upstream
index,
'X' - unknown return code, 'x' - return code
0
Type
escape sequence to abort.
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 36/44/56 ms
R1-PE1#ping
mpls ipv4 10.5.5.5/32 ?
destination Destination address or address range
dsmap Request dsmap from replying
router
exp EXP bits in mpls header
flags Flag options
force-explicit-null force an explicit null label to be added
interval Send interval between requests in
msec
output Output options
pad Pad TLV pattern
repeat Repeat count
reply Reply mode
revision Echo Packet TLV versioning
size Packet size
source Source specified as an IP
address
sweep Sweep range of sizes
timeout Timeout in seconds
ttl Time to live
verbose verbose output mode
<cr>
R1-PE1#ping
mpls ipv4 10.5.5.5/32 verbose
Sending
5, 100-byte MPLS Echos to 10.5.5.5/32,
timeout is 2 seconds, send interval is 0
msec:
Codes:
'!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' -
unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping,
'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported
tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature
termination of LSP,
'R' - transit router, 'I' - unknown upstream
index,
'X' - unknown return code, 'x' - return code
0
Type
escape sequence to abort.
! size 100, reply addr 10.45.0.5, return code
3
! size 100, reply addr 10.45.0.5, return code
3
! size 100, reply addr 10.45.0.5, return code
3
! size 100, reply addr 10.45.0.5, return code
3
! size 100, reply addr 10.45.0.5, return code
3
Success
rate is 100 percent (5/5), round-trip min/avg/max = 28/37/48 ms
Step 2: Configure VRF, Route Distinguisher (RD) and Route Target (RT)
VRF is
locally significant on a PE router. It can be configured the same or different
on each PE router. Most implementation will use the same VRF name across PE
routers.
RD could
use either syntax:
- ASN:n
- IP:n
RD can be
either be configured the same or different on each PE router. Most
implementation will use the RD.
RT are
BGP extended community attribute. It's primarily used to control which routes to export and import with PE routers.
Syntax could be the same with RD:
- ASN:n
- IP:n
R1-PE1#configure
terminal
Enter
configuration commands, one per line.
End with CNTL/Z.
R1-PE1(config)#vrf
?
definition
VRF definition mode
list
List of VRFs
upgrade-cli
upgrade cli
R1-PE1(config)#vrf
definition ?
WORD
VRF name
R1-PE1(config)#vrf definition CUSTA // "NEW" APPROACH IN
CONFIGURING VRFs TO SUPPORT BOTH IPv4 AND IPv6; VRF IS CASE SENSITIVE AND IT'S
LOCALLY SIGNIFICANT ON A PE ROUTER; THE "LEGACY" COMMAND ip vrf
<VRF NAME>
R1-PE1(config-vrf)#?
VPN
Routing/Forwarding instance configuration commands:
address-family Enter Address Family command mode
default Set a command to its defaults
description VRF specific description
exit Exit from VRF configuration mode
no Negate a command or set its
defaults
rd Specify Route Distinguisher
route-target Specify Target VPN Extended Communities
vnet Virtual NETworking configuration
vpn Configure VPN ID as specified in
rfc2685
R1-PE1(config-vrf)#rd
?
ASN:nn or IP-address:nn VPN Route Distinguisher
R1-PE1(config-vrf)#rd 65000:1
R1-PE1(config-vrf)#address-family
?
ipv4 Address family
ipv6 Address family
R1-PE1(config-vrf)#address-family ipv4
R1-PE1(config-vrf-af)#?
IP VPN
Routing/Forwarding instance configuration commands:
bgp Commands pertaining to BGP
default Set a command to its defaults
exit-address-family Exit from vrf address-family configuration
submode
export VRF export
import VRF import
inter-as-hybrid Inter AS hybrid mode
maximum Set a limit
mdt Backbone Multicast
Distribution Tree
no Negate a command or set its
defaults
protection Configure local repair
route-target Specify Target VPN Extended
Communities
snmp Modify snmp parameters
R1-PE1(config-vrf-af)#route-target
?
ASN:nn or IP-address:nn Target VPN Extended Community
both Both import and export
Target-VPN community
export Export Target-VPN community
import Import Target-VPN community
R1-PE1(config-vrf-af)#route-target export 1:1 // YOU CAN ALSO ISSUE route-target both
R1-PE1(config-vrf-af)#route-target import 1:1
R1-PE1(config-vrf-af)#exit
R1-PE1(config-vrf)#interface
f1/0
R1-PE1(config-if)#vrf
?
forwarding
Configure forwarding table
R1-PE1(config-if)#vrf
forwarding ?
WORD
VRF name
R1-PE1(config-if)#vrf
forwarding CUSTA //
"LEGACY" IPv4 COMMAND IS ip vrf forwarding <VRF NAME>; ASSIGN
VRF FIRST BEFORE AN IP ADDRESS
R1-PE1(config-if)#ip
address 172.16.1.1 255.255.255.252
R1-PE1(config-if)#no
shutdown
R1-PE1(config-if)#
*Nov 25
10:04:42.136: %LINK-3-UPDOWN: Interface FastEthernet1/0, changed state to up
*Nov 25
10:04:43.136: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0,
changed state to up
R1-PE1(config-if)#
R1-PE1(config-if)#do
show run interface f1/0
Building
configuration...
Current
configuration : 119 bytes
!
interface
FastEthernet1/0
vrf
forwarding CUSTA
ip address
172.16.1.1 255.255.255.252
duplex auto
speed auto
end
R1-PE1(config-if)#exit
R1-PE1(config)#vrf
definition CUSTB
R1-PE1(config-vrf)#rd
65000:2
R1-PE1(config-vrf)#address-family
ipv4
R1-PE1(config-vrf-af)#route-target
both ?
ASN:nn or IP-address:nn Target VPN Extended Community
R1-PE1(config-vrf-af)#route-target
both 2:2
R1-PE1(config-vrf-af)#exit
R1-PE1(config-vrf)#exit
R1-PE1(config)#interface
f1/1
R1-PE1(config-if)#vrf
forwarding CUSTB
R1-PE1(config-if)#ip
address 172.16.1.1 255.255.255.252 //
USE THE SAME IPv4 ADDRESS
R1-PE1(config-if)#no
shutdown
R1-PE1(config-if)#
R1-PE1(config-if)#
*Nov 25
10:09:05.420: %LINK-3-UPDOWN: Interface FastEthernet1/1, changed state to up
*Nov 25
10:09:06.420: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/1,
changed state to up
R1-PE1(config-if)#
R1-PE1(config-if)#do
show run interface f1/1
Building
configuration...
Current
configuration : 119 bytes
!
interface
FastEthernet1/1
vrf
forwarding CUSTB
ip address
172.16.1.1 255.255.255.252
duplex auto
speed auto
end
R1-PE1(config-if)#end
R1-PE1#
R1-PE1#show
ip interface brief // 172.16.1.1/30
ARE OVERLAPPING IPv4 ADDRESS ON THE ROUTER
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.12.0.1 YES manual up up
FastEthernet1/0 172.16.1.1 YES manual up up
FastEthernet1/1 172.16.1.1 YES manual up up
Loopback0 10.1.1.1 YES manual up up
R1-PE1#show
vrf
Name Default RD Protocols Interfaces
CUSTA 65000:1 ipv4 Fa1/0
CUSTB 65000:2 ipv4 Fa1/1
R1-PE1#show
ip route // CUSTA AND CUSTB ROUTES
DOESN'T SHOW IN THE GLOBAL ROUTING TABLE
Codes: L
- local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -
OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 -
OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF
external type 2
i - IS-IS, su - IS-IS summary, L1 -
IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate
default, U - per-user static route
o - ODR, P - periodic downloaded static
route, H - NHRP, l - LISP
+ - replicated route, % - next hop
override
Gateway
of last resort is not set
10.0.0.0/8 is variably subnetted, 10
subnets, 2 masks
C 10.1.1.1/32 is directly connected,
Loopback0
O 10.2.2.2/32 [110/2] via 10.12.0.2,
6d00h, FastEthernet0/0
O 10.3.3.3/32 [110/3] via 10.12.0.2,
6d00h, FastEthernet0/0
O 10.4.4.4/32 [110/4] via 10.12.0.2,
6d00h, FastEthernet0/0
O 10.5.5.5/32 [110/5] via 10.12.0.2,
6d00h, FastEthernet0/0
C 10.12.0.0/24 is directly connected,
FastEthernet0/0
L 10.12.0.1/32 is directly connected,
FastEthernet0/0
O 10.23.0.0/24 [110/2] via 10.12.0.2,
6d00h, FastEthernet0/0
O 10.34.0.0/24 [110/3] via 10.12.0.2,
6d00h, FastEthernet0/0
O 10.45.0.0/24 [110/4] via 10.12.0.2,
6d00h, FastEthernet0/0
R1-PE1#show
ip route ?
Hostname or A.B.C.D Network to display information about or
hostname
bgp Border Gateway Protocol (BGP)
connected Connected
dhcp Show routes added by DHCP
Server or Relay
eigrp Enhanced Interior Gateway
Routing Protocol (EIGRP)
isis ISO IS-IS
lisp Locator ID Separation Protocol
(LISP)
list IP Access list
loops RIB routes forming loops
mobile Mobile routes
multicast Multicast global information
next-hop-override Show next-hop-overrides too
nhrp Next Hop Resolution Protocol
(NHRP)
odr On Demand stub Routes
ospf Open Shortest Path First
(OSPF)
ospfv3 OSPFv3
profile IP routing table profile
repair-paths Show repair paths too
rip Routing Information Protocol
(RIP)
static Static routes
summary Summary of all routes
supernets-only Show supernet entries only
tag Route Tag
track-table Tracked static table
vrf Display routes from a VPN
Routing/Forwarding instance
| Output modifiers
<cr>
R1-PE1#show
ip route vrf ?
WORD
VPN Routing/Forwarding instance name
R1-PE1#show ip route vrf CUSTA
Routing
Table: CUSTA
Codes: L
- local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -
OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 -
OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF
external type 2
i - IS-IS, su - IS-IS summary, L1 -
IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate
default, U - per-user static route
o - ODR, P - periodic downloaded static
route, H - NHRP, l - LISP
+ - replicated route, % - next hop
override
Gateway
of last resort is not set
172.16.0.0/16 is variably subnetted, 2
subnets, 2 masks
C 172.16.1.0/30 is directly connected,
FastEthernet1/0
L 172.16.1.1/32 is directly connected,
FastEthernet1/0
R1-PE1#show
ip route vrf CUSTB
Routing
Table: CUSTB
Codes: L
- local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -
OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 -
OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF
external type 2
i - IS-IS, su - IS-IS summary, L1 -
IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate
default, U - per-user static route
o - ODR, P - periodic downloaded static
route, H - NHRP, l - LISP
+ - replicated route, % - next hop
override
Gateway
of last resort is not set
172.16.0.0/16 is variably subnetted, 2
subnets, 2 masks
C 172.16.1.0/30 is directly connected,
FastEthernet1/1
L 172.16.1.1/32 is directly connected,
FastEthernet1/1
R1-PE1#show run vrf CUSTA
Building
configuration...
Current
configuration : 253 bytes
vrf
definition CUSTA
rd 65000:1
!
address-family ipv4
route-target export 1:1
route-target import 1:1
exit-address-family
!
!
interface
FastEthernet1/0
vrf forwarding CUSTA
ip address 172.16.1.1 255.255.255.252
duplex auto
speed auto
!
end
R1-PE1#show
run vrf CUSTB
Building
configuration...
Current
configuration : 253 bytes
vrf
definition CUSTB
rd 65000:2
!
address-family ipv4
route-target export 2:2
route-target import 2:2
exit-address-family
!
!
interface
FastEthernet1/1
vrf forwarding CUSTB
ip address 172.16.1.1 255.255.255.252
duplex auto
speed auto
!
end
R5-PE2#configure
terminal
Enter
configuration commands, one per line.
End with CNTL/Z.
R5-PE2(config)#vrf
definition CUSTA
R5-PE2(config-vrf)#rd
65000:1
R5-PE2(config-vrf)#address-family
ipv4
R5-PE2(config-vrf-af)#route-target
both 1:1
R5-PE2(config-vrf-af)#exit
R5-PE2(config-vrf)#exit
R5-PE2(config)#interface
f1/0
R5-PE2(config-if)#vrf
forwarding CUSTA
R5-PE2(config-if)#ip
address 192.168.1.1 255.255.255.252
R5-PE2(config-if)#no
shutdown
R5-PE2(config-if)#
*Nov 25
10:28:23.300: %LINK-3-UPDOWN: Interface FastEthernet1/0, changed state to up
*Nov 25
10:28:24.300: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0,
changed state to up
R5-PE2(config-if)#
R5-PE2(config-if)#exit
R5-PE2(config)#vrf
definition CUSTB
R5-PE2(config-vrf)#rd
65000:2
R5-PE2(config-vrf)#address-family
ipv4
R5-PE2(config-vrf-af)#route-target
both 2:2
R5-PE2(config-vrf-af)#exit
R5-PE2(config-vrf)#exit
R5-PE2(config)#interface
f1/1
R5-PE2(config-if)#vrf
forwarding CUSTB
R5-PE2(config-if)#ip
address 192.168.1.1 255.255.255.252
R5-PE2(config-if)#no
shutdown
R5-PE2(config-if)#
*Nov 25
10:30:45.776: %LINK-3-UPDOWN: Interface FastEthernet1/1, changed state to up
*Nov 25
10:30:46.776: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/1,
changed state to up
R5-PE2(config-if)#end
R5-PE2#
R5-PE2#show
ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.45.0.5 YES manual up up
FastEthernet1/0 192.168.1.1 YES manual up up
FastEthernet1/1 192.168.1.1 YES manual up up
Loopback0 10.5.5.5 YES manual up up
R5-PE2#show
run interface f1/0
Building
configuration...
Current
configuration : 120 bytes
!
interface
FastEthernet1/0
vrf forwarding CUSTA
ip address 192.168.1.1 255.255.255.252
duplex auto
speed auto
end
R5-PE2#show
run interface f1/1
Building
configuration...
Current
configuration : 120 bytes
!
interface
FastEthernet1/1
vrf forwarding CUSTB
ip address 192.168.1.1 255.255.255.252
duplex auto
speed auto
end
R5-PE2#
R5-PE2#show
vrf
Name Default RD Protocols Interfaces
CUSTA 65000:1 ipv4 Fa1/0
CUSTB 65000:2 ipv4 Fa1/1
R5-PE2#
R5-PE2#show
run vrf CUSTA
Building
configuration...
Current
configuration : 254 bytes
vrf
definition CUSTA
rd 65000:1
!
address-family ipv4
route-target export 1:1
route-target import 1:1
exit-address-family
!
!
interface
FastEthernet1/0
vrf forwarding CUSTA
ip address 192.168.1.1 255.255.255.252
duplex auto
speed auto
!
end
R5-PE2#
R5-PE2#show
run vrf CUSTB
Building
configuration...
Current
configuration : 254 bytes
vrf
definition CUSTB
rd 65000:2
!
address-family ipv4
route-target export 2:2
route-target import 2:2
exit-address-family
!
!
interface
FastEthernet1/1
vrf forwarding CUSTB
ip address 192.168.1.1 255.255.255.252
duplex auto
speed auto
!
end
R5-PE2#show
ip route
Codes: L
- local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -
OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 -
OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF
external type 2
i - IS-IS, su - IS-IS summary, L1 -
IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate
default, U - per-user static route
o - ODR, P - periodic downloaded static
route, H - NHRP, l - LISP
+ - replicated route, % - next hop
override
Gateway
of last resort is not set
10.0.0.0/8 is variably subnetted, 10
subnets, 2 masks
O 10.1.1.1/32 [110/5] via 10.45.0.4,
6d00h, FastEthernet0/0
O 10.2.2.2/32 [110/4] via 10.45.0.4,
6d00h, FastEthernet0/0
O 10.3.3.3/32 [110/3] via 10.45.0.4,
6d00h, FastEthernet0/0
O 10.4.4.4/32 [110/2] via 10.45.0.4,
6d00h, FastEthernet0/0
C 10.5.5.5/32 is directly connected,
Loopback0
O 10.12.0.0/24 [110/4] via 10.45.0.4,
6d00h, FastEthernet0/0
O 10.23.0.0/24 [110/3] via 10.45.0.4,
6d00h, FastEthernet0/0
O 10.34.0.0/24 [110/2] via 10.45.0.4,
6d00h, FastEthernet0/0
C 10.45.0.0/24 is directly connected,
FastEthernet0/0
L 10.45.0.5/32 is directly connected,
FastEthernet0/0
R5-PE2#show
ip route vrf CUSTA
Routing
Table: CUSTA
Codes: L
- local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -
OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 -
OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF
external type 2
i - IS-IS, su - IS-IS summary, L1 -
IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate
default, U - per-user static route
o - ODR, P - periodic downloaded static
route, H - NHRP, l - LISP
+ - replicated route, % - next hop
override
Gateway
of last resort is not set
192.168.1.0/24 is variably subnetted, 2
subnets, 2 masks
C 192.168.1.0/30 is directly connected,
FastEthernet1/0
L 192.168.1.1/32 is directly connected,
FastEthernet1/0
R5-PE2#show
ip route vrf CUSTB
Routing
Table: CUSTB
Codes: L
- local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -
OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 -
OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF
external type 2
i - IS-IS, su - IS-IS summary, L1 -
IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate
default, U - per-user static route
o - ODR, P - periodic downloaded static
route, H - NHRP, l - LISP
+ - replicated route, % - next hop
override
Gateway
of last resort is not set
192.168.1.0/24 is variably subnetted, 2
subnets, 2 masks
C 192.168.1.0/30 is directly connected,
FastEthernet1/1
L 192.168.1.1/32 is directly connected,
FastEthernet1/1