Professional Documents
Culture Documents
VPN MPLS L3
V1.0
OBJETIVOS DEL CURSO:
Internet
L2TP (l2)
GRE (l3)
Implementacion del operador-Basado en VPN
MPLS-Basado en L2 VPN
BGP/MPLS VPN
Contenidos del Curso:
Informacion red
Etiqueta MPLS Datos usuario
privada
VENTAJAS VPN MPLS:
Para el operador:
Provee nuevos servicios diferenciales.
servicio de expansion.
Realiza la integracin de redes, promueve la multiplexacin
VPN VPN
Blue Green
PE PE
Service Provider Network
VPN Blue
PE Router PE
P Router
CE Router VPN
VPN Green
Green
Contenidos del Curso:
routers PE
Slo los paquetes de sitios relacionados VRF se pueden consultar
Aislar diferentes VPNs
Como identificar VPN Identificacion local
PE(config)#interface fei_1/1
VPN 1
Int 1 VRF 1 PE(config-if)#ip vrf forwarding vpn1
Int 3
CE 1 Public PE (config)#interface fei_1/2
Network PE(config-if)#ip vrf forwarding vpn2
PE Route
Int 2 PE(config)#interface fei_1/3
VPN 2 VRF 2
CE 2
Como identificar VPN a traves de la identificacion de
una red publica (1)
10.0.1.0/24
BGP
?
VPN1
VPN1
int1 VRF1 int1
VRF1
CE1 int3 int3 CE3
Public Public
PE1 Routes P Routes PE2
int2 VRF2 VRF2 int2 VPN2
VPN2
RT: Route-target
Se usa para identificar la informacion de enrutamiento de
diferentes VPNs.
RD -- VPN-IPv4 address-family.
VPN BGP/MPLS compone una nueva estructura de direccin
VPN-IPv4 de la siguiente manera al enviar informacin de
enrutamiento:
RD
Site C
Import target 200: 1
Export target 100: 1
RD RT
Resuelve el problema de
Identifica VPN, Politica de
multiplexacion de direccion del
enrutamiento.
usuario.
Atributo de comunidad
Compone direccion VPN-IPV4
extendido de BGP
Puede haber un grupo de RT
Hay un solo RD para un VRF para una VRF (importacin y
exportacin)
Contenidos del Curso
10.0.1.0/24
OSPF
VPN1 VPN1
VRF VPN1 VRF VPN1
RD 10670: 11 RD 10670: 13
CE1 IN 10670: 1 CE3
IN 10670: 1
EX 10670: 1 EX 10670: 1
10.0.1.0/24
int1 int1
int3 int3
int2
CE3 int2
VPN2 PE1 P PE2 VPN2
VRF VPN2 VRF VPN2
RD 10670: 12 RD 10670: 14
CE2 IN 10670: 2 IN 10670: 2 CE4
10.0.1.0/24 EX 10670: 2 EX 10670: 2
VPN1 VPN1
VRF VPN1 VRF VPN1
RD 10670: 11 RD 10670: 13
CE1 IN 10670: 1 CE3
IN 10670: 1
10.0.1.0/24 EX 10670: 1 EX 10670: 1
int1 int1
int3 int3
int2
CE3 int2
VPN2 PE1 P PE2 VPN2
VRF VPN2 VRF VPN2
RD 10670: 12 RD 10670: 14
CE2 IN 10670: 2 IN 10670: 2 CE4
10.0.1.0/24 EX 10670: 2 EX 10670: 2
1.1.1.1(PE1): 3 1.1.1.1(PE1): 76
MPLS LDP MPLS LDP
VPN1 VPN1
VRF VPN1 VRF VPN1
RD 10670: 11
CE1 IN 10670: 1
RD 10670: 13 CE3
IN 10670: 1
10.0.1.0/24 EX 10670: 1 EX 10670: 1
int1 int1
int3 int3
int2
CE3 int2
VPN2 PE1 P PE2 VPN2
VRF VPN2 VRF VPN2
RD 10670: 12 RD 10670: 14
CE2 IN 10670: 2 IN 10670: 2 CE4
10.0.1.0/24 EX 10670: 2 EX 10670: 2
In Label FEC Out Label
76 1.1.1.1/32 POP
VRF VPN1
10670: 11: 10.0.1.0/24
Inner Label: 31
Next-hop: PE1
PE1 Outer Label: 76
VPN1 VPN1
VRF VPN1 VRF VPN1
RD 10670: 11 RD 10670: 13 CE3
10.0.1.0/24 CE1 IN 10670: 1 IN 10670: 1
EX 10670: 1 EX 10670: 1
int1 int1
int3 int3
int2
CE3 int2
VPN2 PE1 P PE2 VPN2
VRF VPN2 VRF VPN2
10.0.1.0/24CE2 RD 10670: 12 RD 10670: 14
IN 10670: 2 IN 10670: 2 CE4
EX 10670: 2 EX 10670: 2
10.0.1.0/24
OSPF
VPN1 VPN1
VRF VPN1 VRF VPN1
RD 10670: 11 RD 10670: 13
CE1 IN 10670: 1 IN 10670: 1 CE3
10.0.1.0/24 EX 10670: 1 EX 10670: 1
int1 int1
int3 int3
int2
CE3 int2
VPN2 PE1 P PE2 VPN2
VRF VPN2 VRF VPN2
RD 10670: 12 RD 10670: 14
CE2 IN 10670: 2 IN 10670: 2 CE4
10.0.1.0/24 EX 10670: 2 EX 10670: 2
User Data
10.0.2.1 10.0.2.1 10.0.2.1
Label
MPLS LSP
VPN1 VPN1
VPN 1 VPN 2
10. 0. 1. 0/ 24 10. 0. 1. 0/ 24
CE 1 10. 0. 2. 0/ 24 10. 0. 2. 0/ 24 CE 3
10. 0. 1. 0/ 24 int 1 10. 0. 2. 0/ 24
int 1 int 3 int 3
int 2 int 2
PE 2 P PE 2
VPN 2 VPN 2
VPN2 10. 0. 8. 0/ 24 10. 0. 8. 0/ 24 VPN2
10. 0. 2. 0/ 24 10. 0. 2. 0/ 24
CE 2 CE 4
10. 0. 8. 0/ 24 10. 0. 2. 0/ 24
IP
10.0.1.1
VPN1 VPN1
VRF VPN1 VRF VPN1
RD 10670: 11 RD 10670: 13
CE1 IN 10670: 1 IN 10670: 1 CE3
10.0.1.0/24 EX 10670: 1 EX 10670: 1
int1 int1
int3 int3
int2
CE3 int2
VPN2 PE1 P PE2 VPN2
VRF VPN2 VRF VPN2
RD 10670: 12 RD 10670: 14
CE2 IN 10670: 2 IN 10670: 2 CE4
10.0.1.0/24 EX 10670: 2 EX 10670: 2
VRF VPN1
IP 10.0.1.1
10670: 11: 10.0.1.0/24
Inner Label: 31 Inner Label: 31
Next-hop: PE1
Outer Label: 76
PE1Outer Label: 76
VPN1 VPN1
VRF VPN1 VRF VPN1
RD 10670: 11 RD 10670: 13
CE1 IN 10670: 1 IN 10670: 1 CE3
10.0.1.0/24 EX 10670: 1 EX 10670: 1
int1 int1
int3 int3
int2
CE3 int2
VPN2 PE1 P PE2 VPN2
VRF VPN2 VRF VPN2
RD 10670: 12 RD 10670: 14
CE2 IN 10670: 2 IN 10670: 2 CE4
10.0.1.0/24 EX 10670: 2 EX 10670: 2
IP IP
10 . 0. 1. 1 10. 0. 1. 1
Outer :31 Inner : 31
Outer : 76
10 . 0 . 1 . 0 / 24
EX:10670:1 EX:10670:1
IP
10.0.1.1
VPN1 VPN1
VRF VPN1 VRF VPN1
RD 10670: 11 RD 10670: 13 CE3
10.0.1.0/24CE1
IN 10670: 1 IN 10670: 1
EX 10670: 1 EX 10670: 1
int1 int1
int3 int3
int2
CE3 int2
VPN2 PE1 P PE2 VPN2
VRF VPN2 VRF VPN2
RD 10670: 12 RD 10670: 14
10.0.1.0/24CE2 IN 10670: 2 IN 10670: 2 CE4
EX 10670: 2 EX 10670: 2
PE(config)#interface gei_1/1
PE(config-if)#ip vrf forwarding
Configuraciones basicas de VPN MPLS/BGP
--Dispositivo PE (2)
activar pares PE
PE(config-router)#address-family vpnv4
PE(config-router-af)#neighbor x.x.x.x activate
Para diferentes VRFs, redistribuir sus rutas a MBGP por
anuncio
PE(config-router)#address-family ipv4 vrf vrf-name
PE(config-router-af)#redistribute connected
Contenidos del Curso
1.1.1.1/32 1.1.1.3/32
Fei_1/2 Fei_2/2
Fei_1/1 Fei_3/2
175.0.0.1 176.0.0.1
10.1.0.2 10.2.0.2
Fei_1/1 Fei_2/1 Fei_3/1
Fei_1/1
10.1.0.1 PE1 175.0.0.2 P 176.0.0.2 PE2
10.2.0.1
CE1 CE2
Fei_1/2 Fei_1/2
10.2.1.254/24
10.1.1.254/24
As shown in Figure, CE1 and CE2 belong to the same VPN. The fei_1/2 address of
CE1 is 10.1.1.254/24, and fei _1/2 address of CE2 is 10.2.1.254/24. Proper VPN
configuration needs to be conducted so that CE1 and CE2 can learn peer routes
mutually.
Static route is enabled between CE1 and PE1 and OSPF is enabled between CE2
and PE2.OSPF is enabled between PE and P.
Instancia de Configuracion de VPN MPLS/BGP
Configuracion de CE1:
CE1(config)#interface fei_1/1
CE1(config-if)#ip address 10.1.0.1 255.255.255.252
CE1(config)#interface fei_1/2
CE1(config-if)#ip address 10.1.1.254 255.255.255.0
CE1(config)#ip route 10.2.0.0 255.255.0.0 10.1.0.2
Instancia de Configuracion de VPN MPLS/BGP
Configuracion de PE1:
PE1(config)# ip vrf vpn_a //Configure one VPN instance vpn_a
PE1(config-vrf)# rd 100: 1 //Define RD of VRF and it is necessary to configure RD to validate VRF
PE1(config-vrf)# route-target import 100: 1 //Create route-target extended community attribute associated with VRF
PE1(config-vrf)# route-target export 100: 1
PE1(config)# interface loopback1
PE1(config-if)# ip address 1.1.1.1 255.255.255.255
PE1(config)# interface fei_1/2
PE1(config-if)# ip address 175.0.0.1 255.255.255.252
PE1(config-if)# mpls ip
PE1(config)# interface fei_1/1
PE1(config-if)# ip vrf forwarding vpn_a //Associate the interface with VRF
PE1(config-if)# ip address 10.1.0.2 255.255.255.252
PE1(config)# router ospf 1 //Configure routing protocol for public network
PE1(config-router)# network 1.1.1.1 0.0.0.0 area 0.0.0.0
PE1(config-router)# network 175.0.0.0 0.0.0.3 area 0.0.0.0
PE1(config)# router bgp 100
PE1(config-router)# neighbor 1.1.1.3 remote-as 100 //Specify IBGP neighbor PE2
PE1(config-router)# neighbor 1.1.1.3 activate
PE1(config-router)# neighbor 1.1.1.3 update-source loopback1
PE1(config-router)# address-family ipv4 vrf vpn_a //Enter VRF address configuration mode
PE1(config-router-af)# redistribute static
PE1(config-router-af)# redistribute connected
PE1(config-router)# address-family vpnv4 //Enter vpn4 address configuration mode
PE1(config-router-af)# neighbor 1.1.1.3 activate //Activate neighbor
PE1(config)# mpls ip
PE1(config)# ip route vrf vpn_a 10.1.0.0 255.255.0.0 10.1.0.1 //Configure VRF static route
Instancia de Configuracion de VPN MPLS/BGP
Configuracion de P:
P(config)#interface fei_2/1
P(config-if)# ip address 175.0.0.2 255.255.255.252
P(config-if)# mpls ip
P(config)# interface fei_2/2
P(config-if)# ip address 176.0.0.1 255.255.255.252
P(config-if)# mpls ip
P(config)# router ospf 1
P(config-router)# network 175.0.0.0 0.0.0.3 area 0.0.0.0
P(config-router)# network 176.0.0.0 0.0.0.3 area 0.0.0.0
P(config)# mpls ip
Instancia de Configuracion de VPN MPLS/BGP
Configuracion de PE2:
PE2(config)# ip vrf vpn_a
PE2(config-vrf)# rd 100: 1
PE2(config-vrf)# route-target import 100: 1
PE2(config-vrf)# route-target export 100: 1
PE2(config)# interface fei_3/2
PE2(config-if)# ip vrf forwarding vpn_a
PE2(config-if)# ip address 10.2.0.2 255.255.255.252
PE2(config)# interface loopback1
PE2(config-if)# ip address 1.1.1.3 255.255.255.255
PE2(config)# interface fei_3/1
PE2(config-if)# ip address 176.0.0.2 255.255.255.252
PE2(config-if)# mpls ip
PE2(config)# router ospf 2 vrf vpn_a //Configure OSPF corresponding to VRF
PE2(config-router)# network 10.2.0.0 0.0.0.3 area 0.0.0.0
PE2(config-router)# redistribute bgp-int
PE2(config)# router ospf 1 //Configure OSPF globally
PE2(config-router)# network 1.1.1.3 0.0.0.0 area 0.0.0.0
PE2(config-router)# network 176.0.0.0 0.0.0.3 area 0.0.0.0
PE2(config)# router bgp 100
PE2(config-router)# neighbor 1.1.1.1 remote-as 100
PE2(config-router)# neighbor 1.1.1.1 activate
PE2(config-router)# neighbor 1.1.1.1 update-source loopback1
PE2(config-router)# address-family ipv4 vrf vpn_a
PE2(config-router-af)# redistribute ospf-int
PE2(config-router-af)# redistribute connected
PE2(config-router)# address-family vpnv4
PE2(config-router-af)# neighbor 1.1.1.1 activate
PE2(config)# mpls ip
Instancia de Configuracion de VPN MPLS/BGP
Configuracion de CE2:
CE2(config)#interface fei_1/1
CE2(config-if)#ip address 10.2.0.1 255.255.255.252
CE2(config)#interface fei_1/2
CE2(config-if)#ip address 10.2.1.254 255.255.255.0
CE2(config)#router ospf 1
CE2(config-router)#network 10.2.0.0 0.0.0.3 area 0.0.0.0
CE2(config-router)#network 10.2.1.0 0.0.0.255 area 0.0.0.0
Monitoreo y Mantenimiento de VPN MPLS/BGP
PE1#show ip protocol routing vrf vpn_a //View VRF label table (inner label)
Routes of vpn:
status codes: *valid, >best
Dest NextHop Intag Outtag RtPrf Protocol
*> 10.1.0.0/16 10.1.0.1 18 notag 1 static
*> 10.1.0.0/30 10.1.0.2 17 notag 0 connected
*> 10.1.0.2/32 10.1.0.2 16 notag 0 connected
*> 10.2.0.0/30 1.1.1.3 21 17 200 bgp-int
*> 10.2.0.2/32 1.1.1.3 22 16 200 bgp-int
*> 10.2.1.0/24 1.1.1.3 23 19 200 bgp-int
Monitoreo y Mantenimiento de VPN MPLS/BGP