Friday, March 8, 2019

Configuring MPLS VPN between PE Routers

MPLS VPN Model

It is important to become familiar with the terminology concerning MPLS VPN.A service provider is providing the common public infrastructure that customers use.

A PE router is a provider edge (PE) router. It has a direct connection with the customer edge (CE) router at Layer 3.

A Provider (P) router is a router without the direct connection to the routers of the customer. In the MPLS VPN implementation, both P and PE routers run MPLS. This means that they must be able to distribute labels between them and forward labeled packets.

A CE router has a direct Layer 3 connection with the PE router. A customer (C) router is a router without a direct connection with the PE router. A CE router does not need to run MPLS.

Because the CE and PE routers interact at Layer 3, they must run a routing protocol (or static routing) between them. The CE router has only one peer outside of its own site: the PE router. If the CE router is multihomed, it can peer with multiple PE routers. The CE router does not peer with any of the CE routers from the other sites across the service provider network.


Architectural Overview of MPLS VPN

To achieve MPLS VPN, you need some basic building blocks on the PE routers. These building blocks are the following: VRF, route distinguisher (RD), route targets (RT), route propagation through MP-BGP, and forwarding of labeled packets.


Virtual Routing Forwarding (VRF)

A virtual routing and forwarding (VRF) is a VPN routing and forwarding instance. It is the name for the combination of the VPN routing table, the VRF Cisco Express Forwarding (CEF) table, and the associated IP routing protocols on the PE router. A PE router has a VRF instance for each attached VPN.

You create the VRF on the PE router with the ip vrf command. You use the ip vrf forwarding command to assign PE-CE interfaces on the PE router to a VRF.The VRF routing table does not differ from a regular routing table in Cisco IOS other than that it is used for a set of VPN sites only and is completely separated from all other routing tables.


Route Distinguisher (RD)

The VPN prefixes are propagated across the MPLS VPN network by Multiprotocol BGP (MPBGP). The concept of RDs was conceived to make IPv4 prefixes unique. The basic idea is that each prefix from each customer receives a unique identifier (the RD) to distinguish the same prefix from different customers. A prefix derived from the combination of the IPv4 prefix and the RD is called a vpnv4 prefix. MP-BGP needs to carry these vpnv4 prefixes between the PE routers.


Route Target (RT)

The communication between sites is controlled by another MPLS VPN feature called RTs. An RT is a BGP extended community that indicates which routes should be imported from MPBGP into the VRF. Exporting an RT means that the exported vpnv4 route receives an additional BGP extended community, this is the RT, as configured under ip vrf on the PE router, when the route is redistributed from the VRF routing table into MP-BGP. Importing an RT means that the received vpnv4 route from MP-BGP is checked for a matching extended community, this is the route target, with the ones in the configuration. If


Border Gateway Protocol (BGP)

The combination of the RD with the IPv4 prefix makes up the vpnv4 prefix. It is this vpnv4 prefix that iBGP needs to carry between the PE routers. BGP advertises the vpnv4 prefixes in the MPLS VPN network. This is not enough to be able to forward the VPN traffic correctly. For the egress PE router to be able to forward the VPN traffic correctly to the CE router, it must forward the packet based on a label. The egress PE router can map such a label to the vpnv4 prefix, it is called the VPN label. The egress PE router must advertise the label along with the vpnv4 prefix to the possible ingress PE routers.


Packet Forwarding in an MPLS VPN Network

The VRF-to-VRF traffic has two labels in the MPLS VPN network. The top label is the IGP label and is distributed by LDP or RSVP for TE between all P and PE routers hop by hop. The bottom label is the VPN label that is advertised by MP-iBGP from PE to PE. P routers use the IGP label to forward the packet to the correct egress PE router. The egress PE router uses the VPN label to forward the IP packet to the correct CE router.


Step 1: Configure iBGP between PE Routers. Use a Route Reflector for scalability since you'll need an iBGP mesh or peering for each PE Routers.

R1-PE1#show mpls forwarding-table 10.5.5.5    // ENSURE R5-PE2 LOOPBACK IS REACHABLE
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop   
Label      Label      or Tunnel Id     Switched      interface             
106        205        10.5.5.5/32      0             Fa0/0      10.12.0.2  

R1-PE1#show ip cef 10.5.5.5
10.5.5.5/32
  nexthop 10.12.0.2 FastEthernet0/0 label 205

R1-PE1#traceroute 10.5.5.5
Type escape sequence to abort.
Tracing the route to 10.5.5.5
VRF info: (vrf in name/id, vrf out name/id)
  1 10.12.0.2 [MPLS: Label 205 Exp 0] 88 msec 44 msec 44 msec
  2 10.23.0.3 [MPLS: Label 309 Exp 0] 44 msec 52 msec 44 msec
  3 10.34.0.4 [MPLS: Label 405 Exp 0] 44 msec 12 msec 64 msec
  4 10.45.0.5 40 msec 56 msec 60 msec


R1-PE1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R1-PE1(config)#router bgp 65000    
R1-PE1(config-router)#neighbor 10.5.5.5 ?
  activate                 Enable the Address Family for this Neighbor
  advertise                Advertise to this neighbor
  advertise-map            specify route-map for conditional advertisement
  advertisement-interval   Minimum interval between sending BGP routing updates
  allowas-in               Accept as-path with my AS present in it
  capability               Advertise capability to the peer
  default-originate        Originate default route to this neighbor
  description              Neighbor specific description
  disable-connected-check  one-hop away EBGP peer using loopback address
  distribute-list          Filter updates to/from this neighbor
  dmzlink-bw               Propagate the DMZ link bandwidth
  ebgp-multihop            Allow EBGP neighbors not on directly connected
                           networks
  fall-over                session fall on peer route lost
  filter-list              Establish BGP filters
  ha-mode                  high availability mode
  inherit                  Inherit a template
  local-as                 Specify a local-as number
  maximum-prefix           Maximum number of prefixes accepted from this peer
  next-hop-self            Disable the next hop calculation for this neighbor
  next-hop-unchanged       Propagate next hop unchanged for iBGP paths to this
                           neighbor
  password                 Set a password
  peer-group               Member of the peer-group
  prefix-list              Filter updates to/from this neighbor
  remote-as                Specify a BGP neighbor
  remove-private-as        Remove private AS number from outbound updates
  route-map                Apply route map to neighbor
  route-reflector-client   Configure a neighbor as Route Reflector client
  route-server-client      Configure a neighbor as Route Server client
  send-community           Send Community attribute to this neighbor
  send-label               Send NLRI + MPLS Label to this peer
  shutdown                 Administratively shut down this neighbor
  slow-peer                Configure slow-peer
  soft-reconfiguration     Per neighbor soft reconfiguration
  soo                      Site-of-Origin extended community
  timers                   BGP per neighbor timers
  translate-update         Translate Update to MBGP format
  transport                Transport options
  ttl-security             BGP ttl security check
  unsuppress-map           Route-map to selectively unsuppress suppressed
                           routes
  update-source            Source of routing updates
  version                  Set the BGP version to match a neighbor
  weight                   Set default weight for routes from this neighbor
                   
R1-PE1(config-router)#neighbor 10.5.5.5 remote-as 65000       // IBGP PEERING WITH R5-PE2 (IPv4)
R1-PE1(config-router)#neighbor 10.5.5.5 update-source ?
  Async              Async interface
  Auto-Template      Auto-Template interface
  BVI                Bridge-Group Virtual Interface
  CDMA-Ix            CDMA Ix interface
  CTunnel            CTunnel interface
  Dialer             Dialer interface
  FastEthernet       FastEthernet IEEE 802.3
  GMPLS              MPLS interface
  LISP               Locator/ID Separation Protocol Virtual Interface
  LongReachEthernet  Long-Reach Ethernet interface
  Loopback           Loopback interface
  MFR                Multilink Frame Relay bundle interface
  Multilink          Multilink-group interface
  Null               Null interface
  Port-channel       Ethernet Channel of interfaces
  Tunnel             Tunnel interface
  Vif                PGM Multicast Host interface
  Virtual-PPP        Virtual PPP interface
  Virtual-Template   Virtual Template interface
  Virtual-TokenRing  Virtual TokenRing
  vmi                Virtual Multipoint Interface

R1-PE1(config-router)#neighbor 10.5.5.5 update-source loopback0
R1-PE1(config-router)#address-family ?
  ipv4      Address family
  ipv6      Address family
  l2vpn     Address family
  nsap      Address family
  rtfilter  Address family
  vpnv4     Address family
  vpnv6     Address family

R1-PE1(config-router)#address-family vpnv4       // CONFIGURE MP-BGP FOR VPNv4
R1-PE1(config-router-af)#?   
Router Address Family configuration commands:
  bgp                  BGP specific commands
  default              Set a command to its defaults
  exit-address-family  Exit from Address Family configuration mode
  help                 Description of the interactive help system
  maximum-paths        Forward packets over multiple paths
  neighbor             Specify a neighbor router
  no                   Negate a command or set its defaults
  snmp                 Modify snmp parameters

R1-PE1(config-router-af)#neighbor 10.5.5.5 ?
  activate                Enable the Address Family for this Neighbor
  advertise               Advertise to this neighbor
  advertisement-interval  Minimum interval between sending BGP routing updates
  allowas-in              Accept as-path with my AS present in it
  capability              Advertise capability to the peer
  distribute-list         Filter updates to/from this neighbor
  dmzlink-bw              Propagate the DMZ link bandwidth
  filter-list             Establish BGP filters
  inherit                 Inherit a template
  inter-as-hybrid         Inter AS Hybrid mode
  maximum-prefix          Maximum number of prefixes accepted from this peer
  next-hop-self           Disable the next hop calculation for this neighbor
  next-hop-unchanged      Propagate next hop unchanged for iBGP paths to this
                          neighbor
  prefix-list             Filter updates to/from this neighbor
  remove-private-as       Remove private AS number from outbound updates
  route-map               Apply route map to neighbor
  route-reflector-client  Configure a neighbor as Route Reflector client
  send-community          Send Community attribute to this neighbor
  slow-peer               Configure slow-peer
  soft-reconfiguration    Per neighbor soft reconfiguration
  soo                     Site-of-Origin extended community
  unsuppress-map          Route-map to selectively unsuppress suppressed routes
  weight                  Set default weight for routes from this neighbor

R1-PE1(config-router-af)#neighbor 10.5.5.5 activate
R1-PE1(config-router-af)#neighbor 10.5.5.5 send-community ?
  both      Send Standard and Extended Community attributes
  extended  Send Extended Community attribute
  standard  Send Standard Community attribute
  <cr>

R1-PE1(config-router-af)#neighbor 10.5.5.5 send-community extended
R1-PE1(config-router-af)#end
R1-PE1#
*Nov 23 07:26:19.072: %BGP_SESSION-5-ADJCHANGE: neighbor 10.5.5.5 VPNv4 Unicast topology base removed from session  Capability changed
*Nov 23 07:26:19.076: %BGP-5-ADJCHANGE: neighbor 10.5.5.5 Up
R1-PE1#
*Nov 23 07:29:18.988: %BGP-5-ADJCHANGE: neighbor 10.5.5.5 Down Peer closed the session
*Nov 23 07:29:18.992: %BGP_SESSION-5-ADJCHANGE: neighbor 10.5.5.5 IPv4 Unicast topology base removed from session  Peer closed the session
*Nov 23 07:29:19.668: %BGP-5-ADJCHANGE: neighbor 10.5.5.5 Up


R5-PE2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R5-PE2(config)#router bgp 65000
R5-PE2(config-router)#neighbor 10.1.1.1 remote-as  65000
*Nov 23 07:26:49.184: %BGP-5-ADJCHANGE: neighbor 10.1.1.1 Up
R5-PE2(config-router)#neighbor 10.1.1.1 remote-as update-source loopback0
R5-PE2(config-router)#neighbor 10.1.1.1 update-source loopback0         
R5-PE2(config-router)#address-family vpnv4
R5-PE2(config-router-af)#neighbor 10.1.1.1 activate
*Nov 23 07:29:49.012: %BGP-5-ADJCHANGE: neighbor 10.1.1.1 Down Capability changed
*Nov 23 07:29:49.012: %BGP_SESSION-5-ADJCHANGE: neighbor 10.1.1.1 IPv4 Unicast topology base removed from session  Capability changed
*Nov 23 07:29:49.700: %BGP-5-ADJCHANGE: neighbor 10.1.1.1 Up
R5-PE2(config-router-af)#neighbor 10.1.1.1 send-community extended
R5-PE2(config-router-af)#end
R5-PE2#


R1-PE1#show ip bgp neighbors | sec capabilities
  Neighbor capabilities:
    Route refresh: advertised and received(new)
    Four-octets ASN Capability: advertised and received
    Address family IPv4 Unicast: advertised and received
    Address family VPNv4 Unicast: advertised and received
    Enhanced Refresh Capability: advertised and received
    Multisession Capability:
    Stateful switchover support enabled: NO for session 1

R1-PE1#show ip bgp neighbors                  
BGP neighbor is 10.5.5.5,  remote AS 65000, internal link
  BGP version 4, remote router ID 10.5.5.5
  BGP state = Established, up for 00:02:30      // BGP USES TCP PORT 179
  Last read 00:00:45, last write 00:00:38, hold time is 180, keepalive interval is 60 seconds
  Neighbor sessions:
    1 active, is not multisession capable (disabled)
  Neighbor capabilities:
    Route refresh: advertised and received(new)
    Four-octets ASN Capability: advertised and received
    Address family IPv4 Unicast: advertised and received
    Address family VPNv4 Unicast: advertised and received
    Enhanced Refresh Capability: advertised and received
    Multisession Capability:
    Stateful switchover support enabled: NO for session 1
  Message statistics:
    InQ depth is 0
    OutQ depth is 0
   
                         Sent       Rcvd
    Opens:                  1          1
    Notifications:          0          0
    Updates:                2          2
    Keepalives:             4          4
    Route Refresh:          0          0
    Total:                  7          7
  Default minimum time between advertisement runs is 0 seconds

 For address family: IPv4 Unicast
  Session: 10.5.5.5
  BGP table version 1, neighbor version 1/0
  Output queue size : 0
  Index 2, Advertise bit 0
  2 update-group member
  Slow-peer detection is disabled
  Slow-peer split-update-group dynamic is disabled
                                 Sent       Rcvd
  Prefix activity:               ----       ----
    Prefixes Current:               0          0
    Prefixes Total:                 0          0
    Implicit Withdraw:              0          0
    Explicit Withdraw:              0          0
    Used as bestpath:             n/a          0
    Used as multipath:            n/a          0

                                   Outbound    Inbound
  Local Policy Denied Prefixes:    --------    -------
    Total:                                0          0
  Number of NLRIs in the update sent: max 0, min 0
  Last detected as dynamic slow peer: never
  Dynamic slow peer recovered: never
  Refresh Epoch: 1
  Last Sent Refresh Start-of-rib: never
  Last Sent Refresh End-of-rib: never
  Last Received Refresh Start-of-rib: never
  Last Received Refresh End-of-rib: never
                                       Sent       Rcvd
        Refresh activity:              ----       ----
          Refresh Start-of-RIB          0          0
          Refresh End-of-RIB            0          0

 For address family: VPNv4 Unicast
  Session: 10.5.5.5
  BGP table version 1, neighbor version 1/0
  Output queue size : 0
  Index 1, Advertise bit 0
  1 update-group member
  Slow-peer detection is disabled
  Slow-peer split-update-group dynamic is disabled
                                 Sent       Rcvd
  Prefix activity:               ----       ----
    Prefixes Current:               0          0
    Prefixes Total:                 0          0
    Implicit Withdraw:              0          0
    Explicit Withdraw:              0          0
    Used as bestpath:             n/a          0
    Used as multipath:            n/a          0

                                   Outbound    Inbound
  Local Policy Denied Prefixes:    --------    -------
    Total:                                0          0
  Number of NLRIs in the update sent: max 0, min 0
  Last detected as dynamic slow peer: never
  Dynamic slow peer recovered: never
  Refresh Epoch: 1
  Last Sent Refresh Start-of-rib: never
  Last Sent Refresh End-of-rib: never
  Last Received Refresh Start-of-rib: never
  Last Received Refresh End-of-rib: never
                                       Sent       Rcvd
        Refresh activity:              ----       ----
          Refresh Start-of-RIB          0          0
          Refresh End-of-RIB            0          0

  Address tracking is enabled, the RIB does have a route to 10.5.5.5
  Connections established 2; dropped 1
  Last reset 00:02:31, due to Peer closed the session of session 1
  Transport(tcp) path-mtu-discovery is enabled
  Graceful-Restart is disabled
Connection state is ESTAB, I/O status: 1, unread input bytes: 0           
Connection is ECN Disabled, Mininum incoming TTL 0, Outgoing TTL 255
Local host: 10.1.1.1, Local port: 179
Foreign host: 10.5.5.5, Foreign port: 35099
Connection tableid (VRF): 0
Maximum output segment queue size: 50

Enqueued packets for retransmit: 0, input: 0  mis-ordered: 0 (0 bytes)

Event Timers (current time is 0x1422C71C):
Timer          Starts    Wakeups            Next
Retrans             6          0             0x0
TimeWait            0          0             0x0
AckHold             5          2             0x0
SendWnd             0          0             0x0
KeepAlive           0          0             0x0
GiveUp              0          0             0x0
PmtuAger            0          0             0x0
DeadWait            0          0             0x0
Linger              0          0             0x0
ProcessQ            0          0             0x0

iss:  635552372  snduna:  635552566  sndnxt:  635552566
irs: 1456967524  rcvnxt: 1456967718

sndwnd:  16191  scale:      0  maxrcvwnd:  16384
rcvwnd:  16191  scale:      0  delrcvwnd:    193

SRTT: 551 ms, RTTO: 3075 ms, RTV: 2524 ms, KRTT: 0 ms
minRTT: 60 ms, maxRTT: 1000 ms, ACK hold: 200 ms
Status Flags: passive open, gen tcbs
Option Flags: nagle, path mtu capable
IP Precedence value : 6

Datagrams (max data segment is 1436 bytes):
Rcvd: 14 (out of order: 0), with data: 7, total data bytes: 193
Sent: 13 (retransmit: 0, fastretransmit: 0, partialack: 0, Second Congestion: 0), with data: 7, total data bytes: 193

 Packets received in fast path: 0, fast processed: 0, slow path: 0
 fast lock acquisition failures: 0, slow path: 0
TCP Semaphore      0x6A3985F8  FREE


R1-PE1#ping mpls ?
  ipv4         Target specified as an IPv4 address
  pseudowire   Target VC specified as an IPv4 address and VC ID
  traffic-eng  Target specified as TE tunnel interface
  <cr>

R1-PE1#ping mpls ipv4 ?
  A.B.C.D  {/nn || A.B.C.D}  Target FEC address with mask

R1-PE1#ping mpls ipv4 10.5.5.5/32
Sending 5, 100-byte MPLS Echos to 10.5.5.5/32,
     timeout is 2 seconds, send interval is 0 msec:

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
  'L' - labeled output interface, 'B' - unlabeled output interface,
  'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
  'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
  'P' - no rx intf label prot, 'p' - premature termination of LSP,
  'R' - transit router, 'I' - unknown upstream index,
  'X' - unknown return code, 'x' - return code 0

Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/44/56 ms

R1-PE1#ping mpls ipv4 10.5.5.5/32 ?
  destination          Destination address or address range
  dsmap                Request dsmap from replying router
  exp                  EXP bits in mpls header
  flags                Flag options
  force-explicit-null  force an explicit null label to be added
  interval             Send interval between requests in msec
  output               Output options
  pad                  Pad TLV pattern
  repeat               Repeat count
  reply                Reply mode
  revision             Echo Packet TLV versioning
  size                 Packet size
  source               Source specified as an IP address
  sweep                Sweep range of sizes
  timeout              Timeout in seconds
  ttl                  Time to live
  verbose              verbose output mode
  <cr>

R1-PE1#ping mpls ipv4 10.5.5.5/32 verbose
Sending 5, 100-byte MPLS Echos to 10.5.5.5/32,
     timeout is 2 seconds, send interval is 0 msec:

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
  'L' - labeled output interface, 'B' - unlabeled output interface,
  'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
  'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
  'P' - no rx intf label prot, 'p' - premature termination of LSP,
  'R' - transit router, 'I' - unknown upstream index,
  'X' - unknown return code, 'x' - return code 0

Type escape sequence to abort.
!    size 100, reply addr 10.45.0.5, return code 3
!    size 100, reply addr 10.45.0.5, return code 3
!    size 100, reply addr 10.45.0.5, return code 3
!    size 100, reply addr 10.45.0.5, return code 3
!    size 100, reply addr 10.45.0.5, return code 3

Success rate is 100 percent (5/5), round-trip min/avg/max = 28/37/48 ms


Step 2: Configure VRF, Route Distinguisher (RD) and Route Target (RT)

VRF is locally significant on a PE router. It can be configured the same or different on each PE router. Most implementation will use the same VRF name across PE routers.

RD could use either syntax:
  • ASN:n
  • IP:n

RD can be either be configured the same or different on each PE router. Most implementation will use the RD.

RT are BGP extended community attribute. It's primarily used to control which  routes to export and import with PE routers. Syntax could be the same with RD:

  • ASN:n
  • IP:n



R1-PE1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R1-PE1(config)#vrf ?
  definition   VRF definition mode
  list         List of VRFs
  upgrade-cli  upgrade cli

R1-PE1(config)#vrf definition ?
  WORD  VRF name

R1-PE1(config)#vrf definition CUSTA         // "NEW" APPROACH IN CONFIGURING VRFs TO SUPPORT BOTH IPv4 AND IPv6; VRF IS CASE SENSITIVE AND IT'S LOCALLY SIGNIFICANT ON A PE ROUTER; THE "LEGACY" COMMAND ip vrf <VRF NAME>
R1-PE1(config-vrf)#?
VPN Routing/Forwarding instance configuration commands:
  address-family  Enter Address Family command mode
  default         Set a command to its defaults
  description     VRF specific description
  exit            Exit from VRF configuration mode
  no              Negate a command or set its defaults
  rd              Specify Route Distinguisher
  route-target    Specify Target VPN Extended Communities
  vnet            Virtual NETworking configuration
  vpn             Configure VPN ID as specified in rfc2685

R1-PE1(config-vrf)#rd ?
  ASN:nn or IP-address:nn  VPN Route Distinguisher

R1-PE1(config-vrf)#rd 65000:1
R1-PE1(config-vrf)#address-family ?
  ipv4  Address family
  ipv6  Address family

R1-PE1(config-vrf)#address-family ipv4
R1-PE1(config-vrf-af)#?
IP VPN Routing/Forwarding instance configuration commands:
  bgp                  Commands pertaining to BGP
  default              Set a command to its defaults
  exit-address-family  Exit from vrf address-family configuration submode
  export               VRF export
  import               VRF import
  inter-as-hybrid      Inter AS hybrid mode
  maximum              Set a limit
  mdt                  Backbone Multicast Distribution Tree
  no                   Negate a command or set its defaults
  protection           Configure local repair
  route-target         Specify Target VPN Extended Communities
  snmp                 Modify snmp parameters

R1-PE1(config-vrf-af)#route-target ?
  ASN:nn or IP-address:nn  Target VPN Extended Community
  both                     Both import and export Target-VPN community
  export                   Export Target-VPN community
  import                   Import Target-VPN community

R1-PE1(config-vrf-af)#route-target export 1:1     // YOU CAN ALSO ISSUE route-target both
R1-PE1(config-vrf-af)#route-target import 1:1
R1-PE1(config-vrf-af)#exit
R1-PE1(config-vrf)#interface f1/0
R1-PE1(config-if)#vrf ?
  forwarding  Configure forwarding table

R1-PE1(config-if)#vrf forwarding ?
  WORD  VRF name

R1-PE1(config-if)#vrf forwarding CUSTA      // "LEGACY" IPv4 COMMAND IS ip vrf forwarding <VRF NAME>; ASSIGN VRF FIRST BEFORE AN IP ADDRESS
R1-PE1(config-if)#ip address 172.16.1.1 255.255.255.252
R1-PE1(config-if)#no shutdown
R1-PE1(config-if)#
*Nov 25 10:04:42.136: %LINK-3-UPDOWN: Interface FastEthernet1/0, changed state to up
*Nov 25 10:04:43.136: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to up
R1-PE1(config-if)#
R1-PE1(config-if)#do show run interface f1/0
Building configuration...

Current configuration : 119 bytes
!
interface FastEthernet1/0
 vrf forwarding CUSTA
 ip address 172.16.1.1 255.255.255.252
 duplex auto
 speed auto
end

R1-PE1(config-if)#exit
R1-PE1(config)#vrf definition CUSTB
R1-PE1(config-vrf)#rd 65000:2
R1-PE1(config-vrf)#address-family ipv4
R1-PE1(config-vrf-af)#route-target both ?  
  ASN:nn or IP-address:nn  Target VPN Extended Community

R1-PE1(config-vrf-af)#route-target both 2:2
R1-PE1(config-vrf-af)#exit
R1-PE1(config-vrf)#exit
R1-PE1(config)#interface f1/1
R1-PE1(config-if)#vrf forwarding CUSTB
R1-PE1(config-if)#ip address 172.16.1.1 255.255.255.252     // USE THE SAME IPv4 ADDRESS
R1-PE1(config-if)#no shutdown
R1-PE1(config-if)#
R1-PE1(config-if)#
*Nov 25 10:09:05.420: %LINK-3-UPDOWN: Interface FastEthernet1/1, changed state to up
*Nov 25 10:09:06.420: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/1, changed state to up
R1-PE1(config-if)#
R1-PE1(config-if)#do show run interface f1/1
Building configuration...

Current configuration : 119 bytes
!
interface FastEthernet1/1
 vrf forwarding CUSTB
 ip address 172.16.1.1 255.255.255.252
 duplex auto
 speed auto
end

R1-PE1(config-if)#end
R1-PE1#


R1-PE1#show ip interface brief      // 172.16.1.1/30 ARE OVERLAPPING IPv4 ADDRESS ON THE ROUTER
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            10.12.0.1       YES manual up                    up     
FastEthernet1/0            172.16.1.1      YES manual up                    up     
FastEthernet1/1            172.16.1.1      YES manual up                    up     
Loopback0                  10.1.1.1        YES manual up                    up     

R1-PE1#show vrf
  Name                             Default RD          Protocols   Interfaces
  CUSTA                            65000:1             ipv4        Fa1/0
  CUSTB                            65000:2             ipv4        Fa1/1


R1-PE1#show ip route     // CUSTA AND CUSTB ROUTES DOESN'T SHOW IN THE GLOBAL ROUTING TABLE
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
C        10.1.1.1/32 is directly connected, Loopback0
O        10.2.2.2/32 [110/2] via 10.12.0.2, 6d00h, FastEthernet0/0
O        10.3.3.3/32 [110/3] via 10.12.0.2, 6d00h, FastEthernet0/0
O        10.4.4.4/32 [110/4] via 10.12.0.2, 6d00h, FastEthernet0/0
O        10.5.5.5/32 [110/5] via 10.12.0.2, 6d00h, FastEthernet0/0
C        10.12.0.0/24 is directly connected, FastEthernet0/0
L        10.12.0.1/32 is directly connected, FastEthernet0/0
O        10.23.0.0/24 [110/2] via 10.12.0.2, 6d00h, FastEthernet0/0
O        10.34.0.0/24 [110/3] via 10.12.0.2, 6d00h, FastEthernet0/0
O        10.45.0.0/24 [110/4] via 10.12.0.2, 6d00h, FastEthernet0/0

R1-PE1#show ip route ?
  Hostname or A.B.C.D  Network to display information about or hostname
  bgp                  Border Gateway Protocol (BGP)
  connected            Connected
  dhcp                 Show routes added by DHCP Server or Relay
  eigrp                Enhanced Interior Gateway Routing Protocol (EIGRP)
  isis                 ISO IS-IS
  lisp                 Locator ID Separation Protocol (LISP)
  list                 IP Access list
  loops                RIB routes forming loops
  mobile               Mobile routes
  multicast            Multicast global information
  next-hop-override    Show next-hop-overrides too
  nhrp                 Next Hop Resolution Protocol (NHRP)
  odr                  On Demand stub Routes
  ospf                 Open Shortest Path First (OSPF)
  ospfv3               OSPFv3
  profile              IP routing table profile
  repair-paths         Show repair paths too
  rip                  Routing Information Protocol (RIP)
  static               Static routes
  summary              Summary of all routes
  supernets-only       Show supernet entries only
  tag                  Route Tag
  track-table          Tracked static table
  vrf                  Display routes from a VPN Routing/Forwarding instance
  |                    Output modifiers
  <cr>

R1-PE1#show ip route vrf ?
  WORD  VPN Routing/Forwarding instance name

R1-PE1#show ip route vrf CUSTA

Routing Table: CUSTA
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.16.1.0/30 is directly connected, FastEthernet1/0
L        172.16.1.1/32 is directly connected, FastEthernet1/0

R1-PE1#show ip route vrf CUSTB

Routing Table: CUSTB
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.16.1.0/30 is directly connected, FastEthernet1/1
L        172.16.1.1/32 is directly connected, FastEthernet1/1


R1-PE1#show run vrf CUSTA
Building configuration...

Current configuration : 253 bytes
vrf definition CUSTA
 rd 65000:1
 !
 address-family ipv4
  route-target export 1:1
  route-target import 1:1
 exit-address-family
!
!
interface FastEthernet1/0
 vrf forwarding CUSTA
 ip address 172.16.1.1 255.255.255.252
 duplex auto
 speed auto
!
end

R1-PE1#show run vrf CUSTB
Building configuration...

Current configuration : 253 bytes
vrf definition CUSTB
 rd 65000:2
 !
 address-family ipv4
  route-target export 2:2
  route-target import 2:2
 exit-address-family
!
!
interface FastEthernet1/1
 vrf forwarding CUSTB
 ip address 172.16.1.1 255.255.255.252
 duplex auto
 speed auto
!
end


R5-PE2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R5-PE2(config)#vrf definition CUSTA
R5-PE2(config-vrf)#rd 65000:1
R5-PE2(config-vrf)#address-family ipv4
R5-PE2(config-vrf-af)#route-target both 1:1
R5-PE2(config-vrf-af)#exit
R5-PE2(config-vrf)#exit
R5-PE2(config)#interface f1/0
R5-PE2(config-if)#vrf forwarding CUSTA
R5-PE2(config-if)#ip address 192.168.1.1 255.255.255.252
R5-PE2(config-if)#no shutdown
R5-PE2(config-if)#
*Nov 25 10:28:23.300: %LINK-3-UPDOWN: Interface FastEthernet1/0, changed state to up
*Nov 25 10:28:24.300: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to up
R5-PE2(config-if)#
R5-PE2(config-if)#exit
R5-PE2(config)#vrf definition CUSTB
R5-PE2(config-vrf)#rd 65000:2
R5-PE2(config-vrf)#address-family ipv4
R5-PE2(config-vrf-af)#route-target both 2:2
R5-PE2(config-vrf-af)#exit
R5-PE2(config-vrf)#exit    
R5-PE2(config)#interface f1/1
R5-PE2(config-if)#vrf forwarding CUSTB
R5-PE2(config-if)#ip address 192.168.1.1 255.255.255.252
R5-PE2(config-if)#no shutdown
R5-PE2(config-if)#
*Nov 25 10:30:45.776: %LINK-3-UPDOWN: Interface FastEthernet1/1, changed state to up
*Nov 25 10:30:46.776: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/1, changed state to up
R5-PE2(config-if)#end
R5-PE2#


R5-PE2#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            10.45.0.5       YES manual up                    up     
FastEthernet1/0            192.168.1.1     YES manual up                    up     
FastEthernet1/1            192.168.1.1     YES manual up                    up     
Loopback0                  10.5.5.5        YES manual up                    up

R5-PE2#show run interface f1/0
Building configuration...

Current configuration : 120 bytes
!
interface FastEthernet1/0
 vrf forwarding CUSTA
 ip address 192.168.1.1 255.255.255.252
 duplex auto
 speed auto
end

R5-PE2#show run interface f1/1
Building configuration...

Current configuration : 120 bytes
!
interface FastEthernet1/1
 vrf forwarding CUSTB
 ip address 192.168.1.1 255.255.255.252
 duplex auto
 speed auto
end

R5-PE2#
R5-PE2#show vrf
  Name                             Default RD          Protocols   Interfaces
  CUSTA                            65000:1             ipv4        Fa1/0
  CUSTB                            65000:2             ipv4        Fa1/1
R5-PE2#
R5-PE2#show run vrf CUSTA
Building configuration...

Current configuration : 254 bytes
vrf definition CUSTA
 rd 65000:1
 !
 address-family ipv4
  route-target export 1:1
  route-target import 1:1
 exit-address-family
!
!
interface FastEthernet1/0
 vrf forwarding CUSTA
 ip address 192.168.1.1 255.255.255.252
 duplex auto
 speed auto
!
end

R5-PE2#
R5-PE2#show run vrf CUSTB
Building configuration...

Current configuration : 254 bytes
vrf definition CUSTB
 rd 65000:2
 !
 address-family ipv4
  route-target export 2:2
  route-target import 2:2
 exit-address-family
!
!
interface FastEthernet1/1
 vrf forwarding CUSTB
 ip address 192.168.1.1 255.255.255.252
 duplex auto
 speed auto
!
end


R5-PE2#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
O        10.1.1.1/32 [110/5] via 10.45.0.4, 6d00h, FastEthernet0/0
O        10.2.2.2/32 [110/4] via 10.45.0.4, 6d00h, FastEthernet0/0
O        10.3.3.3/32 [110/3] via 10.45.0.4, 6d00h, FastEthernet0/0
O        10.4.4.4/32 [110/2] via 10.45.0.4, 6d00h, FastEthernet0/0
C        10.5.5.5/32 is directly connected, Loopback0
O        10.12.0.0/24 [110/4] via 10.45.0.4, 6d00h, FastEthernet0/0
O        10.23.0.0/24 [110/3] via 10.45.0.4, 6d00h, FastEthernet0/0
O        10.34.0.0/24 [110/2] via 10.45.0.4, 6d00h, FastEthernet0/0
C        10.45.0.0/24 is directly connected, FastEthernet0/0
L        10.45.0.5/32 is directly connected, FastEthernet0/0

R5-PE2#show ip route vrf CUSTA

Routing Table: CUSTA
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/30 is directly connected, FastEthernet1/0
L        192.168.1.1/32 is directly connected, FastEthernet1/0

R5-PE2#show ip route vrf CUSTB

Routing Table: CUSTB
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/30 is directly connected, FastEthernet1/1
L        192.168.1.1/32 is directly connected, FastEthernet1/1