3.1.b L3VPN, CE, PE, P (Static)




Make the IGP OSPF (or IS-IS):

R1(config)#router ospf 1
R1(config-router)#router-id 1.1.1.1
R1(config-router)#net 0.0.0.0 0.0.0.0 area 0

R2(config)#router ospf 1
R2(config-router)#router-id 2.2.2.2
R2(config-router)#netw 2.2.2.2 0.0.0.0 area 0
R2(config-router)#netw 192.1.12.2 0.0.0.0 area 0
R2(config-router)#
*Oct 25 11:10:01.494: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on Serial1/0 from LOADING to FULL, Loading Done

R3(config)#router ospf 1
R3(config-router)#router-id 3.3.3.3
R3(config-router)#netw 3.3.3.3 0.0.0.0 area 0
R3(config-router)#netw 192.1.13.3 0.0.0.0 area 0
R3(config-router)#
*Oct 25 11:13:39.339: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on Serial1/0 from LOADING to FULL, Loading Done

R1(config-router)#do sh ip route ospf | b Gat
Gateway of last resort is not set

      2.0.0.0/32 is subnetted, 1 subnets
O        2.2.2.2 [110/65] via 192.1.12.2, 00:04:53, Serial1/0
      3.0.0.0/32 is subnetted, 1 subnets
O        3.3.3.3 [110/65] via 192.1.13.3, 00:01:15, Serial1/1

R1#tclsh
R1(tcl)#foreach VAR {
+>(tcl)#1.1.1.1
+>(tcl)#192.1.12.1
+>(tcl)#192.1.13.1
+>(tcl)#2.2.2.2
+>(tcl)#192.1.12.2
+>(tcl)#3.3.3.3
+>(tcl)#192.1.13.3
+>(tcl)#} {
+>(tcl)#ping $VAR
+>(tcl)#}
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/5 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.1.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 15/16/17 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.1.13.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 15/16/17 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/9 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.1.12.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/9 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/9 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.1.13.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 7/8/9 ms
R1(tcl)#

Light up LDP in the IGP:

R1(config)#int s1/0
R1(config-if)#mpls ip
R1(config-if)#int s1/1
R1(config-if)#mpls ip

R2(config)#int s1/0
R2(config-if)#mpls ip
R2(config-if)#
*Oct 25 11:21:34.023: %LDP-5-NBRCHG: LDP Neighbor 1.1.1.1:0 (1) is UP

R3(config-if)#int s1/0
R3(config-if)#mpls ip
R3(config-if)#
*Oct 25 11:22:48.133: %LDP-5-NBRCHG: LDP Neighbor 1.1.1.1:0 (1) is UP
R3(config-if)#

R1(config-if)#do sh mpls ldp neigh
    Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 1.1.1.1:0
  TCP connection: 2.2.2.2.17507 - 1.1.1.1.646
  State: Oper; Msgs sent/rcvd: 10/11; Downstream
  Up time: 00:01:45
  LDP discovery sources:
    Serial1/0, Src IP addr: 192.1.12.2
        Addresses bound to peer LDP Ident:
          192.1.24.2      192.1.12.2      2.2.2.2         
    Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 1.1.1.1:0
  TCP connection: 3.3.3.3.14413 - 1.1.1.1.646
  State: Oper; Msgs sent/rcvd: 8/9; Downstream
  Up time: 00:00:31
  LDP discovery sources:
    Serial1/1, Src IP addr: 192.1.13.3
        Addresses bound to peer LDP Ident:
          192.1.35.3      192.1.13.3      3.3.3.3  

R1(config-if)#do sh mpls int
Interface              IP            Tunnel   BGP Static Operational
Serial1/0              Yes (ldp)     No       No  No     Yes        
Serial1/1              Yes (ldp)     No       No  No     Yes       

make CE facing VRF's

R2(config-if)#vrf def PE
R2(config-vrf)#rd 100:1
R2(config-vrf)#address-fam ipv4 
R2(config-vrf-af)#route-t both 100:1

R3(config-if)#
R3(config-if)#vrf def PE
R3(config-vrf)#rd 100:1
R3(config-vrf)#address-fam ipv4
R3(config-vrf-af)#route-t both 100:1

set VRF forwarding on CE facing interfaces:

R2(config-if)#vrf forward PE
% Interface Ethernet0/0 IPv4 disabled and address(es) removed due to enabling VRF PE
R2(config-if)#ip add 192.1.24.2 255.255.255.0

R3(config-if)#vrf for PE
% Interface Ethernet0/0 IPv4 disabled and address(es) removed due to enabling VRF PE
R3(config-if)#ip add 192.1.35.3 255.255.255.0

R2#sh vrf PE
  Name                             Default RD            Protocols   Interfaces
  PE                               100:1                 ipv4        Et0/0

R3#sh vrf
  Name                             Default RD            Protocols   Interfaces
  PE                               100:1                 ipv4        Et0/0

set statics from PE's to CE's in the VRF

R2(config-if)#ip route vrf PE 4.4.4.4 255.255.255.255 192.1.24.4

R3(config-if)#ip route vrf PE 5.5.5.5 255.255.255.255 192.1.35.5

Use default routing from CE's to PE's

R4(config)#ip route 0.0.0.0 0.0.0.0 192.1.24.2

R5(config)#ip route 0.0.0.0 0.0.0.0 192.1.35.3

Test VRF routing

R2#ping vrf PE 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

R3#ping vrf PE 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/6 ms

Build MPBGP, in summary:

initiate the BGP process
use a deterministic router-id
turn off ipv4 as default (best)
set up neighbors as normal

using the vpnv4 address-family:
activate (adjacency will come up), and forward the vrf communities

advertise the connective tissue in the vrf address-family
network statement and redistribution

R2#sh run | sec bgp
router bgp 100
 bgp router-id 2.2.2.2
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 3.3.3.3 remote-as 100
 neighbor 3.3.3.3 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 send-community both
 exit-address-family
 !
 address-family ipv4 vrf PE
  network 192.1.24.0
  redistribute static
 exit-address-family

R3#sh run | sec bgp
router bgp 100
 bgp router-id 3.3.3.3
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 2.2.2.2 remote-as 100
 neighbor 2.2.2.2 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community both
 exit-address-family
 !
 address-family ipv4 vrf PE
  network 192.1.35.0
  redistribute static
 exit-address-family

final verification:

R2#sh bgp vpnv4 uni all | b Net
     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf PE)
 *>  4.4.4.4/32       192.1.24.4               0         32768 ?
 *>i 5.5.5.5/32       3.3.3.3                  0    100      0 ?
 *>  192.1.24.0       0.0.0.0                  0         32768 i
 *>i 192.1.35.0       3.3.3.3                  0    100      0 i