鲨鱼网
CCIE ISP-Inter-AS MPLS solutions - Back-to-Back vrf’s
创始人
2024-06-09 09:51:47
0

When configuring inter-as mpls vpn’s you’ve got 3 options to choose from.

A - Back-to-Back VRF’s

B - MP-eBGP for VPNv4

C - Multi-hop EBGP VPNv4

This post is about option A. I will show how to configure inter-as vpn’s using back-to-back vrf’s. Below you can see the diagram used for the purpose of this post.

 

With back-to-back vrf’s what you’ll do is basically make the connected PE’s think of each other as CE’s. You can run any supported PE-CE routing protocol over the per VPN logical interface between the directly connected ASBR’s. This option is seen as the easiest one to configure, a drawback is that this option doesn’t scale very well as the numbers of VPN’s start to grow.

Below the working configurations for this inter-as solution, I left out the configurations for router R1, R5, R7 and R8 because there is nothing special configured on these routers (they’re just simple P-routers and CE routers running RIPv2).

R2 :

hostname R2
!
ip cef
!
ip vrf VPN_A
 rd 2.2.2.2:1
 route-target export 2.2.2.2:1
 route-target import 3.3.3.3:1
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface Loopback1
 ip vrf forwarding VPN_A
 ip address 22.22.22.22 255.255.255.255
!
interface FastEthernet0/0
 ip vrf forwarding VPN_A
 ip address 24.24.24.2 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 12.12.12.2 255.255.255.0
 duplex auto
 speed auto
 tag-switching ip
!
router ospf 100 vrf VPN_A
 log-adjacency-changes
 redistribute bgp 123 subnets
 network 22.22.22.22 0.0.0.0 area 0
 network 24.24.24.2 0.0.0.0 area 0
!
router ospf 1
 router-id 2.2.2.2
 log-adjacency-changes
 network 2.2.2.2 0.0.0.0 area 0
 network 12.12.12.2 0.0.0.0 area 0
!
router bgp 123
 bgp router-id 2.2.2.2
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 3.3.3.3 remote-as 123
 neighbor 3.3.3.3 update-source Loopback0
 !
 address-family vpnv4
 neighbor 3.3.3.3 activate
 neighbor 3.3.3.3 send-community both
 exit-address-family
 !
 address-family ipv4 vrf VPN_A
 redistribute ospf 100 vrf VPN_A match internal external 1 external 2
 no auto-summary
 no synchronization
 exit-address-family

R4 :

hostname R4
!
ip cef
!
ip vrf VPN_A
 rd 4.4.4.4:1
 route-target export 4.4.4.4:1
 route-target import 6.6.6.6:1
!
interface Loopback0
 ip address 4.4.4.4 255.255.255.255
!
interface Loopback1
 ip vrf forwarding VPN_A
 ip address 44.44.44.44 255.255.255.255
!
interface FastEthernet0/0
 ip vrf forwarding VPN_A
 ip address 24.24.24.4 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 45.45.45.4 255.255.255.0
 duplex auto
 speed auto
 tag-switching ip
!
router ospf 100 vrf VPN_A
 log-adjacency-changes
 redistribute bgp 456 subnets
 network 24.24.24.4 0.0.0.0 area 0
 network 44.44.44.44 0.0.0.0 area 0
!
router ospf 1
 router-id 4.4.4.4
 log-adjacency-changes
 network 4.4.4.4 0.0.0.0 area 0
 network 45.45.45.4 0.0.0.0 area 0
!
router bgp 456
 bgp router-id 4.4.4.4
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 6.6.6.6 remote-as 456
 neighbor 6.6.6.6 update-source Loopback0
 !
 address-family vpnv4
 neighbor 6.6.6.6 activate
 neighbor 6.6.6.6 send-community both
 exit-address-family
 !
 address-family ipv4 vrf VPN_A
 redistribute ospf 100 vrf VPN_A match internal external 1 external 2
 no auto-summary
 no synchronization
 exit-address-family

#p3

R3 :

hostname R3
!
ip cef
!
ip vrf VPN_A
 rd 3.3.3.3:1
 route-target export 3.3.3.3:1
 route-target import 2.2.2.2:1
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 13.13.13.3 255.255.255.0
 duplex auto
 speed auto
 tag-switching ip
!
interface FastEthernet2/0
 ip vrf forwarding VPN_A
 ip address 37.37.37.3 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 router-id 3.3.3.3
 log-adjacency-changes
 network 3.3.3.3 0.0.0.0 area 0
 network 13.13.13.3 0.0.0.0 area 0
!
router rip
 version 2
 no auto-summary
 !
 address-family ipv4 vrf VPN_A
 redistribute bgp 123 metric transparent
 network 37.0.0.0
 no auto-summary
 exit-address-family
!
router bgp 123
 bgp router-id 3.3.3.3
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 123
 neighbor 2.2.2.2 update-source Loopback0
 !
 address-family vpnv4
 neighbor 2.2.2.2 activate
 neighbor 2.2.2.2 send-community both
 exit-address-family
 !
 address-family ipv4 vrf VPN_A
 redistribute rip
 no auto-summary
 no synchronization
 exit-address-family

R6 :

hostname R6
!
ip cef
!
ip vrf VPN_A
 rd 6.6.6.6:1
 route-target export 6.6.6.6:1
 route-target import 4.4.4.4:1
!
interface Loopback0
 ip address 6.6.6.6 255.255.255.255
!
interface FastEthernet0/0
 ip vrf forwarding VPN_A
 ip address 61.61.61.6 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 56.56.56.6 255.255.255.0
 duplex auto
 speed auto
 tag-switching ip
!
interface FastEthernet2/0
 ip vrf forwarding VPN_A
 ip address 68.68.68.6 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 router-id 6.6.6.6
 log-adjacency-changes
 network 6.6.6.6 0.0.0.0 area 0
 network 56.56.56.6 0.0.0.0 area 0
!
router rip
 version 2
 no auto-summary
 !
 address-family ipv4 vrf VPN_A
 redistribute bgp 456 metric transparent
 network 68.0.0.0
 no auto-summary
 exit-address-family
!
router bgp 456
 bgp router-id 6.6.6.6
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 4.4.4.4 remote-as 456
 neighbor 4.4.4.4 update-source Loopback0
 !
 address-family vpnv4
 neighbor 4.4.4.4 activate
 neighbor 4.4.4.4 send-community both
 exit-address-family
 !
 address-family ipv4 vrf VPN_A
 redistribute rip
 no auto-summary
 no synchronization
 exit-address-family

As you can see we run a separate instance of the OSPF process between router R2 and R4, under this process we redistribute BGP.

Now let’s do a “show ip route” on router R7 :

R7 :

R7#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     68.0.0.0/24 is subnetted, 1 subnets
R       68.68.68.0 [120/2] via 37.37.37.3, 00:00:07, FastEthernet1/3
     37.0.0.0/24 is subnetted, 1 subnets
C       37.37.37.0 is directly connected, FastEthernet1/3
     22.0.0.0/32 is subnetted, 1 subnets
R       22.22.22.22 [120/1] via 37.37.37.3, 00:00:07, FastEthernet1/3
     7.0.0.0/32 is subnetted, 1 subnets
C       7.7.7.7 is directly connected, Loopback0
     8.0.0.0/32 is subnetted, 1 subnets
R       8.8.8.8 [120/2] via 37.37.37.3, 00:00:07, FastEthernet1/3
     24.0.0.0/24 is subnetted, 1 subnets
R       24.24.24.0 [120/1] via 37.37.37.3, 00:00:07, FastEthernet1/3
     44.0.0.0/32 is subnetted, 1 subnets
R       44.44.44.44 [120/3] via 37.37.37.3, 00:00:09, FastEthernet1/3

As you can see router R7 can see router R8

【编辑推荐】

  1. CCIE Lab考试可以放心使用"show run"命令
  2. CCIE找工作指南
  3. 思科今年各CCIE考试形势分析读后感

上一篇:康普综合布线系统案例应用详解

下一篇:安博、高交两会大幕将启 视高邀您一起体验视频会议之旅

相关内容

热门资讯

如何允许远程连接到MySQL数... [[277004]]【51CTO.com快译】默认情况下,MySQL服务器仅侦听来自localhos...
如何利用交换机和端口设置来管理... 在网络管理中,总是有些人让管理员头疼。下面我们就将介绍一下一个网管员利用交换机以及端口设置等来进行D...
施耐德电气数据中心整体解决方案... 近日,全球能效管理专家施耐德电气正式启动大型体验活动“能效中国行——2012卡车巡展”,作为该活动的...
Windows恶意软件20年“... 在Windows的早期年代,病毒游走于系统之间,偶尔删除文件(但被删除的文件几乎都是可恢复的),并弹...
20个非常棒的扁平设计免费资源 Apple设备的平面图标PSD免费平板UI 平板UI套件24平图标Freen平板UI套件PSD径向平...
2009 IBM动态架构新动力...
通过 XML 进行内容发布
德国电信门户网站可实时显示全球... 德国电信周三推出一个门户网站,直观地实时提供其安装在全球各地的传感器网络检测到的网络攻击状况。该网站...
着眼MAC地址,解救无法享受D... 在安装了DHCP服务器的局域网环境中,每一台工作站在上网之前,都要先从DHCP服务器那里享受到地址动...
为啥国人偏爱 Mybatis,... 关于 SQL 和 ORM 的争论,永远都不会终止,我也一直在思考这个问题。昨天又跟群里的小伙伴进行...