Cisco MPLS VPN(L3VPN) GNS3 Configuration Example and Explanation

Hello Friends,

Did you get chance to go through my basic MPLS configuration blog ?  If not then please go through this article for basic understanding of MPLS

In this blog I am going to take the discussion further and talk about the various application of MPLS network. To understand this better you need to put yourself in service provider’s shoe. Lets assume you are a service provider with many customers. First of all we need to know  why do we need a service provider?? Answer is simple is to take us to internet , but for enterprises this answer may not be enough because they also need service provider to connect their geographically separated sites as well. 

Now, suppose an enterprise (Customer1) comes to you asking for help to connect their two sites which are geographically separated and not only this but also they have specific requirement to exchange routes between the site. For example Customer1_SITE_A should be able to send dynamic route updates to Customer1_SITE_B. Now as we know we cannot have this kind of route exchange over public network so this becomes our problem number one.

 

We(ISP) took the requirement and started brain storming when we found out that there is another customer say Customer2 has exact same IP subnets that Customer1 uses. They do not need any Natting of traffic hence we will have to take the prefixes with exact same subnets from both the Customers and send it over the common MPLS core and eventually deliver route updates to respective customer’s sites. And we cannot suggest both the customer’s to change their subnet because that will be equivalent of asking them to “go away customer, choose some other ISP.”

 

This this brings us to problem number two, that how to keep both Customer’s traffic separate if they are using same network addresses.

Now lets see following diagram to have clarity ab out the issue.

MPLS VPN Cisco
MPLS VPN

 

Here you can see that we have two customer, Customer1(denoted in green) Customer2(denoted in white) . If you closely look at the diagram you will find out that both of the them are using same subnet (1.1.1.0/24 and 6.6.6.0/24) and they are connected with BGP AS500 which is ISP. Users sitting at SITE-A should reach to users sitting at SITE-B of respective customer. There must not be any kind of mis-routing because any mis-routing will be equivalent of saying both the customer to “go away customer, choose some other ISP.” 

Alright, so we now know the problem. Lets see what do we have to solve it. I have heard various type of solution from various engineers and listing down few of them here, let me know in comment section of you had any of these similar thoughts.

  • Why we cannot do this with VRF?? That means create one vrf end to end, in our diagram from R2 to R5. This will keep the routes separate and hence problem solved…..Well yes , it will keep the routing table separate but can you image the complexity, each router in core should be able to host 1000s of vrfs and around a million routes in routing table, this will increase the cost of the service at least by 10 times for customer. And how exactly you are sending the routes between sites ??? 🙂

 

  • We need to have a dedicated tunnel, something like GRE….well yes this will work and it solves both of our problems but IP routing is slow, label switching is fast. Even if you have dedicated GRE tunnel but those gre packets needs to be routed through the core and this makes the services slow in comparison of MPLS.

These two are some popular questions that I have been asked, let me know if you have any other question in comment section about the solution.

                                         Finally, lets discuss how to solve this problem with the recommended ways by some genius minds(people who follow protocoholic blog 😀 )

Before we begin we need to understand some terms used in MPLS VPN.

Route Distinguisher (RD) :

As the name suggest the RD is used to distinguish a particular IP prefix. For example if the same prefix is sent by one more customer then I will  have to assign another(distinct) RD to the prefix for distinction purpose. For example see following bgp update, here two different customers have sent the same ip prefix as BGP NLRI(Network Layer Reachability Information) update, and the PE router(R2 in this case) makes a distinction between both of them with the help of RD value.

The packet capture was taken in the MPLS core in the above given network.Here Csutomer1 and Customer2 at siteA are sending prefix 101.101.101.0/24  to ISP to transfer it to SITEB. In following captures we can see  how R2 has added different RD values to the prefix while sending it over to vpnv4 neighbor(R5 in our case). 

Route Update sent by Customer1 :

Route Distinguisher
Route Distingusher

 

Route Update sent by Customer2 :

RD2
Route Distinguisher

 

 

Route Target:

As the name suggests, route target tells you the target vrf where we need to put this particular route.

For example if both of the above BGP updates reaches to R5 in our network then on R5 how would I identify that which update is for which vrf. This is ensure with the help of following route target configuration. While sending the update out to vpnv4 peer  R2 needs to put the route target in bgp update so that the vpnv4 peer can identify the target vrf and update the route correctly. On R2 we need to configure route target EXPORT value and same should be configured on vpnv4 peer .i.e on R5 as IMPORT value in the respective vrf.

 

Config on R2 :

ip vrf CUS1
rd 300:1
route-target export 300:12
route-target import 400:65
!
ip vrf CUS2
rd 600:1
route-target export 600:27
route-target import 700:58

 

Config on R5:

ip vrf CUS1
rd 400:6
route-target export 400:65
route-target import 300:12
!
ip vrf CUS2
rd 700:8
route-target export 700:58
route-target import 600:27

 

Update sent by Customer1 :

RT2

Update sent by Customer2 :

Route Target

 

 PE Router (Provider Edge)

Provider edge router are the one sitting at the edge of provider and will have one handoff connection to customer router. It will have ipv4 bgp peering with customer router and vpnv4 peering with other end PE. In our network R2 and R5 are PE routers.

Following is the configuration on PE router R2. We have to do similar config at PE router R5.

// We need to assign interface connecting to customer
//in respective customer vrf. 

!
interface FastEthernet0/0
ip vrf forwarding CUS1
ip address 192.168.10.2 255.255.255.252
!
//In bgp you need to configure neighborship in the vrf address family
//CUS1 in this case.
!
router bgp 500
no synchronization
bgp log-neighbor-changes
!
address-family ipv4 vrf CUS1
neighbor 192.168.10.1 remote-as 300
neighbor 192.168.10.1 activate
no synchronization
exit-address-family

 

CE(Customer Edge router) 

This router sits at customer’s premises and will have a bgp neighborship with PE router.

Following is the configuration on CE router Customer1_SITE_A.

//This interface connects to ISP. 
!
interface FastEthernet0/0
ip address 192.168.10.1 255.255.255.252
no shut
!
router bgp 300
no synchronization
bgp log-neighbor-changes
neighbor 192.168.10.2 remote-as 500
no auto-summary
!

 

This similar config needs to be done at all the CE routers.

Provider(P) Router :

Provider router are the ones which are sitting at the MPLS core and will have IGP(ospf,isis,eigrp etc) and MPLS configured.

//isis is used as IGP in this setup. 
!
router isis 
net 49.1111.2222.3332.00
!
mpls ldp router-id Loopback1
!
interface Loopback1
ip address 3.3.3.3 255.255.255.255
ip router isis 
!
interface FastEthernet0/0
ip address 9.9.9.2 255.255.255.252
ip router isis 
mpls ip
!
interface FastEthernet1/0
ip address 9.9.9.9 255.255.255.252
ip router isis 
mpls ip
!

 

Now we know how the routes are populated between the neighbor. lets see the complete configuration quickly. First lets see the configuration vpnv4 neighbors. 

Router 2 configuration (PE router).

!
router bgp 500
no synchronization
bgp log-neighbor-changes
neighbor 5.5.5.5 remote-as 500
neighbor 5.5.5.5 update-source Loopback1
no auto-summary
!
//This vpnv4 configuration ensures the MPLS VPN neigborship betwenn PE 
routers, later this peering will be used to transfer routes between 
two sites of same customer.//
!
address-family vpnv4
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 send-community extended
exit-address-family
!
address-family ipv4 vrf CUS2
neighbor 192.168.50.1 remote-as 600
neighbor 192.168.50.1 activate
no synchronization
exit-address-family
!
address-family ipv4 vrf CUS1
neighbor 192.168.10.1 remote-as 300
neighbor 192.168.10.1 activate
no synchronization
exit-address-family
!

 

Router 5 configuration(PE router) :

!
router bgp 500
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 500
neighbor 2.2.2.2 update-source Loopback1
no auto-summary
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf CUS2
neighbor 192.168.70.2 remote-as 700
neighbor 192.168.70.2 activate
no synchronization
exit-address-family
!
address-family ipv4 vrf CUS1
neighbor 192.168.20.1 remote-as 400
neighbor 192.168.20.1 activate
no synchronization
exit-address-family
!

 

The above configuration is between the VPNv4 peers which is going to bring up the bgp neighborship between R2 and R5.  R2 and R5 will start transferring route updates to customer CE(Customer Edge) routers which are Customer1_SITE-A, Customer2_SITE-A, Customer1_SITE-B, Customer2_SITE-B in our topology.

On CE routers we need to configure simple bgp with PE(R2 and R5). SITE A routers will configure BGP peering with R2 and SITE-B routers will configure it with R5 which is PE at their site.

Following are some outputs from R5 (PE node):

R5#show ip bgp all summary 
For address family: IPv4 Unicast
BGP router identifier 5.5.5.5, local AS number 500
BGP table version is 1, main routing table version 1

Neighbor  V AS   MsgRcvd MsgSent TblVer InQ OutQ Up/Down   State/PfxRcd
2.2.2.2   4 500  39        39      1      0   0    00:35:54     0

For address family: VPNv4 Unicast
BGP router identifier 5.5.5.5, local AS number 500
BGP table version is 11, main routing table version 11
10 network entries using 1560 bytes of memory
10 path entries using 680 bytes of memory
7/4 BGP path/bestpath attribute entries using 1036 bytes of memory
4 BGP AS-PATH entries using 96 bytes of memory
4 BGP extended community entries using 96 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 3 (at peak 3) using 96 bytes of memory
BGP using 3564 total bytes of memory
BGP activity 10/0 prefixes, 10/0 paths, scan interval 15 secs

Neighbor       V   AS   MsgRcvd  MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2        4   500    39      39     11       0     0       00:35:54.  4
192.168.20.1.  4   400.   24      38     11       0     0       00:35:54   1
192.168.70.2   4   700    24      38     11       0     0       00:35:54   1

 

BGP

 

Conclusion :

MPLS VPN is a great method to connect two sites. With this you can have better control on routing in your network even though the sites are seperated in different geo locations.  Apart from this you can have switching like speed while sending traffic over the ISP.  This is global method used by ISPs to connect customers. Apart from MPLS VPN there are other methods to connect customers to MPLS ISP network and we are going to discuss the same in upcoming blogs. Stay connected by hitting the follow button in the blog. 

Thank you for visiting.

 

You can download complete configurations and gns3 file from this google drive link:

https://drive.google.com/file/d/1DL-rsEnZpmmqOg_iwPyOWIJd943-lBJ6/view?usp=sharing


Leave a Reply