MPLS L3VPN with Shared Site
From Internetworkpro
Here is another configuration example of using MPLS L3 VPNs which have different customer sites connecting to a centralized site providing services. This only covers IPv4, but I will post another addition later that covers IPv6. This was tested on an experimental version of 12.4T. It should work on standard 12.4T, but ymmv.
P1 and P2 do not have BGP running. P3 only has BGP running to simulate a shared site. I could have done this on another leg, but I was lazy. The BGP instance running does not any way contribute to the core network.
P1
ip cef ! interface Ethernet0/0 ip address 172.16.13.1 255.255.255.0 mpls ip ! interface Serial2/0 ip address 10.1.12.1 255.255.255.252 mpls ip serial restart-delay 0 ! interface Serial2/1 ip address 10.1.19.1 255.255.255.252 mpls ip serial restart-delay 0 ! router ospf 10 log-adjacency-changes redistribute ospf 20 subnets network 10.1.12.0 0.0.0.3 area 0 network 10.1.19.0 0.0.0.3 area 0 ! router ospf 20 log-adjacency-changes redistribute ospf 10 subnets network 172.16.13.0 0.0.0.255 area 0 !
P2
ip cef ! interface Ethernet0/0 ip address 172.16.24.1 255.255.255.0 mpls ip ! interface Serial2/0 ip address 10.1.12.2 255.255.255.252 mpls ip serial restart-delay 0 ! interface Serial2/2 ip address 10.1.29.1 255.255.255.252 mpls ip serial restart-delay 0 ! router ospf 10 log-adjacency-changes redistribute ospf 20 subnets network 10.1.12.0 0.0.0.3 area 0 network 10.1.19.0 0.0.0.3 area 0 ! router ospf 20 log-adjacency-changes redistribute ospf 10 subnets network 172.16.24.0 0.0.0.255 area 0 !
P3
ip cef ! interface Loopback0 ip address 10.1.3.3 255.255.255.255 ! interface Loopback1 ip vrf forwarding SHARED_SITE ip address 44.44.44.1 255.255.255.0 ! interface Loopback2 ip vrf forwarding SHARED_SITE ip address 44.44.45.1 255.255.255.0 ! interface Loopback3 ip vrf forwarding SHARED_SITE ip address 44.44.46.1 255.255.255.0 ! interface Serial2/1 ip address 10.1.19.2 255.255.255.252 mpls ip serial restart-delay 0 ! interface Serial2/2 ip address 10.1.29.2 255.255.255.252 mpls ip serial restart-delay 0 ! router ospf 10 log-adjacency-changes network 10.1.3.3 0.0.0.0 area 0 network 10.1.4.4 0.0.0.0 area 0 network 10.1.19.0 0.0.0.3 area 0 network 10.1.29.0 0.0.0.3 area 0 ! router bgp 65000 no synchronization bgp log-neighbor-changes neighbor 10.1.1.1 remote-as 65000 neighbor 10.1.1.1 update-source Loopback0 neighbor 10.1.2.2 remote-as 65000 neighbor 10.1.2.2 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 10.1.1.1 activate neighbor 10.1.1.1 send-community extended neighbor 10.1.2.2 activate neighbor 10.1.2.2 send-community extended exit-address-family ! address-family ipv4 vrf SHARED_SITE no synchronization redistribute connected exit-address-family !
PE1
ip vrf CUST_A rd 65000:1 route-target export 65000:1 route-target export 65000:401 route-target import 65000:1 route-target import 65000:402 ! ip vrf CUST_B rd 65000:2 route-target export 65000:401 route-target export 65000:2 route-target import 65000:402 route-target import 65000:2 ! interface Loopback0 ip address 10.1.1.1 255.255.255.255 ! interface Ethernet0/0 ip address 172.16.13.2 255.255.255.0 mpls ip ! interface Ethernet1/0 ip vrf forwarding CUST_A ip address 192.168.35.1 255.255.255.0 ! interface Ethernet1/1 ip vrf forwarding CUST_B ip address 192.168.36.1 255.255.255.0 ! router eigrp 100 ! address-family ipv4 vrf CUST_A autonomous-system 100 redistribute bgp 65000 metric 1 1 1 1 1 network 192.168.35.0 no auto-summary exit-address-family no auto-summary ! ! router eigrp 200 ! address-family ipv4 vrf CUST_B autonomous-system 200 redistribute bgp 65000 metric 1 1 1 1 1 network 192.168.36.0 no auto-summary exit-address-family no auto-summary ! router ospf 20 log-adjacency-changes network 10.1.1.1 0.0.0.0 area 0 network 172.16.13.0 0.0.0.255 area 0 ! router bgp 65000 no synchronization bgp log-neighbor-changes neighbor 10.1.2.2 remote-as 65000 neighbor 10.1.2.2 update-source Loopback0 neighbor 10.1.3.3 remote-as 65000 neighbor 10.1.3.3 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 10.1.2.2 activate neighbor 10.1.2.2 send-community extended neighbor 10.1.3.3 activate neighbor 10.1.3.3 send-community extended exit-address-family ! address-family ipv4 vrf CUST_A no synchronization redistribute eigrp 100 metric 100 exit-address-family ! address-family ipv4 vrf CUST_B no synchronization redistribute eigrp 200 metric 100 exit-address-family !
PE2
ip vrf CUST_A rd 65000:1 route-target export 65000:1 route-target export 65000:401 route-target import 65000:1 route-target import 65000:402 ! ip vrf CUST_B rd 65000:2 route-target export 65000:401 route-target export 65000:2 route-target import 65000:402 route-target import 65000:2 ! ! interface Loopback0 ip address 10.1.2.2 255.255.255.255 ! interface Ethernet0/0 ip address 172.16.24.2 255.255.255.0 mpls ip ! interface Ethernet1/0 ip vrf forwarding CUST_A ip address 192.168.47.1 255.255.255.0 ! interface Ethernet1/1 ip vrf forwarding CUST_B ip address 192.168.48.1 255.255.255.0 ! ! router eigrp 100 ! address-family ipv4 vrf CUST_A autonomous-system 100 redistribute bgp 65000 metric 1 1 1 1 1 network 192.168.47.0 no auto-summary exit-address-family no auto-summary ! ! router eigrp 200 ! address-family ipv4 vrf CUST_B autonomous-system 200 redistribute bgp 65000 metric 1 1 1 1 1 network 192.168.48.0 no auto-summary exit-address-family no auto-summary ! router ospf 20 log-adjacency-changes network 10.1.2.2 0.0.0.0 area 0 network 172.16.24.0 0.0.0.255 area 0 ! router bgp 65000 no synchronization bgp log-neighbor-changes neighbor 10.1.1.1 remote-as 65000 neighbor 10.1.1.1 update-source Loopback0 neighbor 10.1.3.3 remote-as 65000 neighbor 10.1.3.3 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 10.1.1.1 activate neighbor 10.1.1.1 send-community extended neighbor 10.1.3.3 activate neighbor 10.1.3.3 send-community extended exit-address-family ! address-family ipv4 vrf CUST_A no synchronization redistribute eigrp 100 metric 100 exit-address-family ! address-family ipv4 vrf CUST_B no synchronization redistribute eigrp 200 metric 100 exit-address-family
CE1A
interface Loopback0 ip address 11.11.35.1 255.255.255.0 ! interface Ethernet0/0 ip address 192.168.35.2 255.255.255.0 ! router eigrp 100 network 11.11.35.0 0.0.0.255 network 192.168.35.0 no auto-summary
CE1B
interface Loopback0 ip address 22.22.36.1 255.255.255.0 ! interface Ethernet0/0 ip address 192.168.36.2 255.255.255.0 ! router eigrp 200 network 22.22.35.0 0.0.0.255 network 192.168.36.0 no auto-summary
CE2A
interface Loopback0 ip address 11.11.47.1 255.255.255.0 ! interface Ethernet0/0 ip address 192.168.47.2 255.255.255.0 ! router eigrp 100 network 11.11.47.0 0.0.0.255 network 192.168.47.0 no auto-summary
CE2B
interface Loopback0 ip address 22.22.48.1 255.255.255.0 ! interface Ethernet0/0 ip address 192.168.48.2 255.255.255.0 ! router eigrp 200 network 22.22.48.0 0.0.0.255 network 192.168.48.0 no auto-summary
Some Notes:
- The CE routers have no knowledge of BGP or the VRFs. They just know they can reach their other site as well as the shared site.
- The different imports/exports for the shared site are so that the shared site will not leak routes to the other customers' sites.
- You couldve gotten away without using VRFs for EIGRP on the PE/CE links, but I wanted to test it out. In normal (non-experimental 12.4T) EIGRP does not support VRFs for IPv6.
- There are other ways that this could have been done, but I chose this way.
Some Verifications:
Routing tables from CEs
CE1A#sh ip ro
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
11.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 11.11.35.0/24 is directly connected, Loopback0
L 11.11.35.1/32 is directly connected, Loopback0
D 11.11.47.0/24 [90/435200] via 192.168.35.1, 01:33:21, Ethernet0/0
44.0.0.0/24 is subnetted, 3 subnets
D EX 44.44.44.0 [170/2560025856] via 192.168.35.1, 01:11:19, Ethernet0/0
D EX 44.44.45.0 [170/2560025856] via 192.168.35.1, 01:11:18, Ethernet0/0
D EX 44.44.46.0 [170/2560025856] via 192.168.35.1, 01:11:17, Ethernet0/0
192.168.35.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.35.0/24 is directly connected, Ethernet0/0
L 192.168.35.2/32 is directly connected, Ethernet0/0
D 192.168.47.0/24 [90/307200] via 192.168.35.1, 01:33:21, Ethernet0/0
CE1B#sh ip ro
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
22.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 22.22.36.0/24 is directly connected, Loopback0
L 22.22.36.1/32 is directly connected, Loopback0
D 22.22.48.0/24 [90/435200] via 192.168.36.1, 01:33:17, Ethernet0/0
44.0.0.0/24 is subnetted, 3 subnets
D EX 44.44.44.0 [170/2560025856] via 192.168.36.1, 01:11:59, Ethernet0/0
D EX 44.44.45.0 [170/2560025856] via 192.168.36.1, 01:11:59, Ethernet0/0
D EX 44.44.46.0 [170/2560025856] via 192.168.36.1, 01:11:57, Ethernet0/0
192.168.36.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.36.0/24 is directly connected, Ethernet0/0
L 192.168.36.2/32 is directly connected, Ethernet0/0
D 192.168.48.0/24 [90/307200] via 192.168.36.1, 01:33:17, Ethernet0/0
CE2A#sh ip ro
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
11.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
D 11.11.35.0/24 [90/435200] via 192.168.47.1, 01:33:23, Ethernet0/0
C 11.11.47.0/24 is directly connected, Loopback0
L 11.11.47.1/32 is directly connected, Loopback0
44.0.0.0/24 is subnetted, 3 subnets
D EX 44.44.44.0 [170/2560025856] via 192.168.47.1, 01:12:16, Ethernet0/0
D EX 44.44.45.0 [170/2560025856] via 192.168.47.1, 01:12:16, Ethernet0/0
D EX 44.44.46.0 [170/2560025856] via 192.168.47.1, 01:12:14, Ethernet0/0
D 192.168.35.0/24 [90/307200] via 192.168.47.1, 01:33:23, Ethernet0/0
192.168.47.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.47.0/24 is directly connected, Ethernet0/0
L 192.168.47.2/32 is directly connected, Ethernet0/0
CE2B#sh ip ro
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
22.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 22.22.48.0/24 is directly connected, Loopback0
L 22.22.48.1/32 is directly connected, Loopback0
44.0.0.0/24 is subnetted, 3 subnets
D EX 44.44.44.0 [170/2560025856] via 192.168.48.1, 01:12:29, Ethernet0/0
D EX 44.44.45.0 [170/2560025856] via 192.168.48.1, 01:12:29, Ethernet0/0
D EX 44.44.46.0 [170/2560025856] via 192.168.48.1, 01:12:27, Ethernet0/0
D 192.168.36.0/24 [90/307200] via 192.168.48.1, 01:33:31, Ethernet0/0
192.168.48.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.48.0/24 is directly connected, Ethernet0/0
L 192.168.48.2/32 is directly connected, Ethernet0/0
Some output from the PE routers
PE1#sh ip ro vrf CUST_A
Routing Table: CUST_A
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
11.0.0.0/24 is subnetted, 2 subnets
D 11.11.35.0 [90/409600] via 192.168.35.2, 01:48:44, Ethernet1/0
B 11.11.47.0 [200/100] via 10.1.2.2, 01:48:07
44.0.0.0/24 is subnetted, 3 subnets
B 44.44.44.0 [200/0] via 10.1.3.3, 01:13:23
B 44.44.45.0 [200/0] via 10.1.3.3, 01:13:23
B 44.44.46.0 [200/0] via 10.1.3.3, 01:13:21
192.168.35.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.35.0/24 is directly connected, Ethernet1/0
L 192.168.35.1/32 is directly connected, Ethernet1/0
B 192.168.47.0/24 [200/0] via 10.1.2.2, 01:48:07
PE1#sh ip ro vrf CUST_B
Routing Table: CUST_B
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
22.0.0.0/24 is subnetted, 1 subnets
B 22.22.48.0 [200/100] via 10.1.2.2, 01:35:58
44.0.0.0/24 is subnetted, 3 subnets
B 44.44.44.0 [200/0] via 10.1.3.3, 01:13:46
B 44.44.45.0 [200/0] via 10.1.3.3, 01:13:46
B 44.44.46.0 [200/0] via 10.1.3.3, 01:13:44
192.168.36.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.36.0/24 is directly connected, Ethernet1/1
L 192.168.36.1/32 is directly connected, Ethernet1/1
B 192.168.48.0/24 [200/0] via 10.1.2.2, 01:44:32
PE1#sh ip bgp vpnv4 ?
all Display information about all VPN NLRIs
rd Display information for a route distinguisher
vrf Display information for a VPN Routing/Forwarding instance
PE1#sh ip bgp vpnv4 all
BGP table version is 47, local router ID is 10.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 65000:1 (default for vrf CUST_A)
*> 11.11.35.0/24 192.168.35.2 100 32768 ?
*>i11.11.47.0/24 10.1.2.2 100 100 0 ?
*>i44.44.44.0/24 10.1.3.3 0 100 0 ?
*>i44.44.45.0/24 10.1.3.3 0 100 0 ?
*>i44.44.46.0/24 10.1.3.3 0 100 0 ?
*> 192.168.35.0 0.0.0.0 0 32768 ?
*>i192.168.47.0 10.1.2.2 0 100 0 ?
Route Distinguisher: 65000:2 (default for vrf CUST_B)
*>i22.22.48.0/24 10.1.2.2 100 100 0 ?
*>i44.44.44.0/24 10.1.3.3 0 100 0 ?
*>i44.44.45.0/24 10.1.3.3 0 100 0 ?
*>i44.44.46.0/24 10.1.3.3 0 100 0 ?
*> 192.168.36.0 0.0.0.0 0 32768 ?
*>i192.168.48.0 10.1.2.2 0 100 0 ?
Route Distinguisher: 65000:400
*>i44.44.44.0/24 10.1.3.3 0 100 0 ?
Network Next Hop Metric LocPrf Weight Path
*>i44.44.45.0/24 10.1.3.3 0 100 0 ?
*>i44.44.46.0/24 10.1.3.3 0 100 0 ?
The view from the Shared site
P3# sh ip ro
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
O E2 10.1.1.1/32 [110/11] via 10.1.19.1, 01:27:58, Serial2/1
O E2 10.1.2.2/32 [110/11] via 10.1.19.1, 01:27:58, Serial2/1
C 10.1.3.3/32 is directly connected, Loopback0
O 10.1.12.0/30 [110/128] via 10.1.19.1, 01:27:58, Serial2/1
C 10.1.19.0/30 is directly connected, Serial2/1
L 10.1.19.2/32 is directly connected, Serial2/1
C 10.1.29.0/30 is directly connected, Serial2/2
L 10.1.29.2/32 is directly connected, Serial2/2
172.16.0.0/24 is subnetted, 2 subnets
O E2 172.16.13.0 [110/10] via 10.1.19.1, 01:27:58, Serial2/1
O E2 172.16.24.0 [110/10] via 10.1.19.1, 01:27:58, Serial2/1
P3#sh ip ro vrf SHARED_SITE
Routing Table: SHARED_SITE
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
11.0.0.0/24 is subnetted, 2 subnets
B 11.11.35.0 [200/100] via 10.1.1.1, 01:18:45
B 11.11.47.0 [200/100] via 10.1.2.2, 01:18:45
22.0.0.0/24 is subnetted, 1 subnets
B 22.22.48.0 [200/100] via 10.1.2.2, 01:18:45
44.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C 44.44.44.0/24 is directly connected, Loopback1
L 44.44.44.1/32 is directly connected, Loopback1
C 44.44.45.0/24 is directly connected, Loopback2
L 44.44.45.1/32 is directly connected, Loopback2
C 44.44.46.0/24 is directly connected, Loopback3
L 44.44.46.1/32 is directly connected, Loopback3
B 192.168.35.0/24 [200/0] via 10.1.1.1, 01:18:46
B 192.168.36.0/24 [200/0] via 10.1.1.1, 01:18:46
B 192.168.47.0/24 [200/0] via 10.1.2.2, 01:18:46
B 192.168.48.0/24 [200/0] via 10.1.2.2, 01:18:46
