I have been trying to master and speed up my approach to the MPLS VPN Section which I did not do my 1st time around – here is an abridged tasklist based on the relevant IOS Configuration Guides providing me with a roadmap to navigate through this crucial section. HTH.
Stephen Bowes – How to Configure MPLS Layer 3 VPNs:
Step 1: Configuring the Core Network (required)
1a. Assessing the Needs of MPLS VPN Customers (not required in CCIE Lab as details provided)
- Identify the size of the network.
- Identify the routing protocols.
- Determine if you need MPLS High Availability support.
- Determine if you need BGP load sharing and redundant paths.
1b. Configuring Routing Protocols in the Core (required – For SP Lab this will be OSPF or ISIS for scalability reasons)
Configuring OSPF in the core:
- enable
- configure terminal
- router ospf process-id
- Router(config-router)# network ip-address wildcard-mask area area-id
Configuring ISIS in the core:
- enable
- configure terminal
- router isis [area-tag]
- net network-entity-title
- end
Enabling IS-IS as an IP Routing Protocol on the Interface (required)
- enable
- configure terminal
- interface type number
- ip address ip-address mask [secondary]
- ip router isis [area-tag]
- end
Monitoring IS-IS (optional)
Not listed here – various show commands
Shutting Down IS-IS to Make Changes to Your IS-IS Network (optional)
Not listed here
1c. Configuring MPLS in the Core (required)
- enable
- configure terminal
- mpls ip
- mpls label protocol {ldp | tdp | both}
- interface type number
- mpls ip
- exit
- exit
- show mpls interfaces [interface] [detail]
- show mpls ldp discovery [all | vrf vpn-name] [detail]
- show mpls ldp neighbor [[vrf vpn-name] [address | interface] [detail] | [all]]
LDP used as the example here – obviously could be TDP, etc.
1d. Determining if CEF Is Enabled in the Core (required)
- sh run
- sh ip cef
1e. Configuring Multiprotocol BGP on the PE Routers and Route Reflectors (required)
- enable
- configure terminal
- router bgp as-number
- no bgp default ipv4-unicast
- neighbor {ip-address | peer-group-name} remote-as as-number
- neighbor {ip-address | peer-group-name} activate
- address-family vpnv4 [unicast]
- neighbor {ip-address | peer-group-name} send-community extended
- neighbor {ip-address | peer-group-name} activate
- end
Step 2: Connecting the MPLS VPN Customers (required)
2a. Defining VRFs on the PE Routers to Enable Customer Connectivity (required)
- enable
- configure terminal
- ip vrf vrf-name
- rd route-distinguisher
- route-target {import | export | both} route-target-ext-community
- import map route-map
- exit
2b. Configuring VRF Interfaces on PE Routers for Each VPN Customer (required)
- enable
- configure terminal
- interface type number
- ip vrf forwarding vrf-name
- end
2c. Configuring Routing Protocols Between the PE and CE Routers (required)
We can run BGP, RipV2, OSPF, Static Routes or EIGRP as the PE-CE Routing Protocol – here are the configuration tasks for all.
Configuring BGP as the Routing Protocol Between the PE and CE Routers
- enable
- configure terminal
- router bgp as-number
- address-family ipv4 [multicast | unicast | vrf vrf-name]
- neighbor {ip-address | peer-group-name} remote-as as-number
- neighbor {ip-address | peer-group-name} activate
- exit-address-family
- end
Configuring RIPv2 as the Routing Protocol Between the PE and CE Routers
- enable
- configure terminal
- router rip
- version {1 | 2}
- address-family ipv4 [multicast | unicast | vrf vrf-name]
- network ip-address
- redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [as-number] [metric metric-value] [metric-type type-value] [match {internal | external 1 | external 2}] [tag tag-value] [route-map map-tag] [subnets]
- exit-address-family
- end
Configuring Static Routes Between the PE and CE Routers
- enable
- configure terminal
- ip route vrf vrf-name
- address-family ipv4 [multicast | unicast | vrf vrf-name]
- redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [as-number] [metric metric-value] [metric-type type-value] [match {internal | external 1 | external 2}] [tag tag-value] [route-map map-tag] [subnets]
- redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [as-number] [metric metric-value] [metric-type type-value] [match {internal | external 1 | external 2}] [tag tag-value] [route-map map-tag] [subnets]
- exit-address-family
- end
Configuring OSPF as the Routing Protocol Between the PE and CE Routers
- enable
- configure terminal
- router ospf process-id [vrf vpn-name]
- network ip-address wildcard-mask area area-id
- address-family ipv4 [multicast | unicast | vrf vrf-name]
- redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [as-number] [metric metric-value] [metric-type type-value] [match {internal | external 1 | external 2}] [tag tag-value] [route-map map-tag] [subnets]
- exit-address-family
- end
Configuring EIGRP as the Routing Protocol Between the PE and CE Routers
- enable
- configure terminal
- router bgp as-number
- no synchronization
- neighbor ip-address remote-as as-number
- neighbor ip-address update-source loopback interface-number
- address-family vpnv4
- neighbor ip-address activate
- neighbor ip-address send-community extended
- exit-address-family
- address-family ipv4 vrf vrf-name
- redistribute eigrp as-number [metric metric-value][route-map map-name]
- no synchronization
- exit-address-family
- end
Configuring EIGRP Redistribution in the MPLS VPN
- enable
- configure terminal
- router eigrp as-number
- address-family ipv4 [multicast | unicast | vrf vrf-name]
- network ip-address wildcard-mask
- redistribute bgp {as-number} [metric bandwidth delay reliability load mtu] [route-map map-name]
- autonomous-system as-number
- exit-address-family
- end
Step 3: Verifying Connectivity between MPLS VPN Sites (optional)
3a. Verifying the VPN Configuration
- show ip vrf
3b. Verifying IP Connectivity from CE Router to CE Router Across the MPLS Core
- enable
- ping [protocol] {host-name | system-address}
- trace [protocol] [destination]
- show ip route [ip-address [mask] [longer-prefixes]] | [protocol [process-id]] | [list access-list-number access list number
- disable
3c. Verifying that the Local and Remote CE Routers are in the Routing Table
- enable
- show ip route vrf vrf-name [prefix]
- show ip cef vrf vrf-name [ip-prefix]
- exit
References:
Cisco IOS IP Routing: ISIS Configuration Guide, Release 12.4
Cisco IOS IP Routing: OSPF Configuration Guide, Release 12.4
Cisco IOS Multiprotocol Label Switching Configuration Guide, Release 12.4
Hey,
Good stuff but I just wanted to point out you made an error that I have seen many people make when rushing for time, in section 2b (Configuring VRF Interfaces on PE Routers for Each VPN Customer), you didn’t put the IP Address back on the interface after you put that interface part of the VRF. Remembering once you apply the “ip vrf forwarding ” command, the IP address will be removed as its used in the global routing table! 🙂
Cheers,
mpls-te.
Absolutley – good spot.
Usually I would like to perform “show run int ” prior to typing “ip vrf for ” so that I can later copy and paste the IP address back to the interface after the router has removed the pre-configured IP address. Just my 2 cents.
Zey,
Also agreed – I use “sh ip int br” a lot in that regard.
Steve.