MPLS VPN Tasklist – 14 days to go.

I have been  trying to master and speed up my approach to the MPLS VPN Section which I did not do my 1st time around – here is an abridged tasklist based on the relevant IOS Configuration Guides providing me with a roadmap to navigate through this crucial section. HTH.

Stephen Bowes – How to Configure MPLS Layer 3 VPNs:

Step 1: Configuring the Core Network (required)

            1a. Assessing the Needs of MPLS VPN Customers (not required in CCIE Lab as details provided)

• Identify the size of the network.
• Identify the routing protocols.
• Determine if you need MPLS High Availability support.
• Determine if you need BGP load sharing and redundant paths.

            1b. Configuring Routing Protocols in the Core (required – For SP Lab this will be OSPF or ISIS for scalability reasons)

            Configuring OSPF in the core:

• enable
• configure terminal
• router ospf process-id
• Router(config-router)# network ip-address wildcard-mask area area-id

            Configuring ISIS in the core:

• enable
• configure terminal
• router isis [area-tag]
• net network-entity-title
• end

            Enabling IS-IS as an IP Routing Protocol on the Interface (required)

• enable
• configure terminal
• interface type number
• ip address ip-address mask [secondary]
• ip router isis [area-tag]
• end

                        Monitoring IS-IS (optional)

                        Not listed here – various show commands

                        Shutting Down IS-IS to Make Changes to Your IS-IS Network (optional)

                        Not listed here

            1c. Configuring MPLS in the Core (required)

• enable
• configure terminal
• mpls ip
• mpls label protocol {ldp | tdp | both}
• interface type number
• mpls ip
• exit
• exit
• show mpls interfaces [interface] [detail]
• show mpls ldp discovery [all | vrf vpn-name] [detail]
• show mpls ldp neighbor [[vrf vpn-name] [address | interface] [detail] | [all]]

            LDP used as the example here – obviously could be TDP, etc.

            1d. Determining if CEF Is Enabled in the Core (required)

• sh run
• sh ip cef

            1e. Configuring Multiprotocol BGP on the PE Routers and Route Reflectors (required)

• enable
• configure terminal
• router bgp as-number
• no bgp default ipv4-unicast
• neighbor {ip-address | peer-group-name} remote-as as-number
• neighbor {ip-address | peer-group-name} activate
• address-family vpnv4 [unicast]
• neighbor {ip-address | peer-group-name} send-community extended
• neighbor {ip-address | peer-group-name} activate
• end

                                                                                                                                   

Step 2: Connecting the MPLS VPN Customers (required)

            2a. Defining VRFs on the PE Routers to Enable Customer Connectivity (required)

• enable
• configure terminal
• ip vrf vrf-name
• rd route-distinguisher
• route-target {import | export | both} route-target-ext-community
• import map route-map
• exit

            2b. Configuring VRF Interfaces on PE Routers for Each VPN Customer (required)

• enable
• configure terminal
• interface type number
• ip vrf forwarding vrf-name
• end

            2c. Configuring Routing Protocols Between the PE and CE Routers (required)

We can run BGP, RipV2, OSPF, Static Routes or EIGRP as the PE-CE Routing Protocol – here are the configuration tasks for all.

            Configuring BGP as the Routing Protocol Between the PE and CE Routers

• enable
• configure terminal
• router bgp as-number
• address-family ipv4 [multicast | unicast | vrf vrf-name]
• neighbor {ip-address | peer-group-name} remote-as as-number
• neighbor {ip-address | peer-group-name} activate
• exit-address-family
• end

            Configuring RIPv2 as the Routing Protocol Between the PE and CE Routers

• enable
• configure terminal
• router rip
• version {1 | 2}
• address-family ipv4 [multicast | unicast | vrf vrf-name]
• network ip-address
• redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [as-number] [metric metric-value] [metric-type type-value] [match {internal | external 1 | external 2}] [tag tag-value] [route-map map-tag] [subnets]
• exit-address-family
• end

            Configuring Static Routes Between the PE and CE Routers

• enable
• configure terminal
• ip route vrf vrf-name
• address-family ipv4 [multicast | unicast | vrf vrf-name]
• redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [as-number] [metric metric-value] [metric-type type-value] [match {internal | external 1 | external 2}] [tag tag-value] [route-map map-tag] [subnets]
• redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [as-number] [metric metric-value] [metric-type type-value] [match {internal | external 1 | external 2}] [tag tag-value] [route-map map-tag] [subnets]
• exit-address-family
• end

            Configuring OSPF as the Routing Protocol Between the PE and CE Routers

• enable
• configure terminal
• router ospf process-id [vrf vpn-name]
• network ip-address wildcard-mask area area-id
• address-family ipv4 [multicast | unicast | vrf vrf-name]
• redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [as-number] [metric metric-value] [metric-type type-value] [match {internal | external 1 | external 2}] [tag tag-value] [route-map map-tag] [subnets]
• exit-address-family
• end

            Configuring EIGRP as the Routing Protocol Between the PE and CE Routers

• enable
• configure terminal
• router bgp as-number
• no synchronization
• neighbor ip-address remote-as as-number
• neighbor ip-address update-source loopback interface-number
• address-family vpnv4
• neighbor ip-address activate
• neighbor ip-address send-community extended
• exit-address-family
• address-family ipv4 vrf vrf-name
• redistribute eigrp as-number [metric metric-value][route-map map-name]
• no synchronization
• exit-address-family
• end

            Configuring EIGRP Redistribution in the MPLS VPN

• enable
• configure terminal
• router eigrp as-number
• address-family ipv4 [multicast | unicast | vrf vrf-name]
• network ip-address wildcard-mask
• redistribute bgp {as-number} [metric bandwidth delay reliability load mtu] [route-map map-name]
• autonomous-system as-number
• exit-address-family
• end

                                                                                                                                   

Step 3: Verifying Connectivity between MPLS VPN Sites (optional)

            3a. Verifying the VPN Configuration

• show ip vrf

            3b. Verifying IP Connectivity from CE Router to CE Router Across the MPLS Core

• enable
• ping [protocol] {host-name | system-address}
• trace [protocol] [destination]
• show ip route [ip-address [mask] [longer-prefixes]] | [protocol [process-id]] | [list access-list-number access list number
• disable

            3c. Verifying that the Local and Remote CE Routers are in the Routing Table

• enable
• show ip route vrf vrf-name [prefix]
• show ip cef vrf vrf-name [ip-prefix]
• exit

                                                                                                                                   

References:

Cisco IOS IP Routing: ISIS Configuration Guide, Release 12.4

Cisco IOS IP Routing: OSPF Configuration Guide, Release 12.4

Cisco IOS Multiprotocol Label Switching Configuration Guide, Release 12.4