Cisco MPLS virtual private network configuration

The topology diagram and IP address planning are shown in the figure:

Configuration ideas

1. Configure the IP address
2. IGP of the core network
3. MP-BGP between PEs
4. The vrf on the PE prepares for establishing contact
with the CE 5. The route of the CE-PE
6. The two-way importing of the PE equipment
7 , Control the route updated between PEs and which VRF is injected (RT value control)
8. Improve the data forwarding layer (LDP of the core network)

Static routing between PE and CE

R6 configuration (R7 configuration is similar)

R6#show running-config 
!
hostname R6  //改名
!
ip route 7.7.7.7 255.255.255.255 Ethernet0/0  //配置到达对端PE设备的静态路由
!
line con 0
 exec-timeout 0 0  //设置配置永不超时
!

R1 configuration (R4 configuration is similar)

R1#show running-config 
!
hostname R1
!
ip vrf A  //配置vrf
 rd 100:200  //置RD值，区分重叠路由
 route-target export 16:16   //设置出口RT值，注意与对端PE设备的入口RT值匹配
 route-target import 47:47  //设置入口RT值，注意与对端PE设备的出口RT值匹配
!
ip cef
！
mpls label range 100 199  //设备标签分发范围
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
 ip ospf network point-to-point
 ip ospf 100 area 0   //启用OSPF
!
interface Ethernet0/0
 ip vrf forwarding A   //与对端CE设备相连的端口绑定vrf
 ip address 16.0.0.1 255.255.255.0
 duplex auto
!         
interface Ethernet0/1
 ip address 13.0.0.1 255.255.255.0
 ip ospf network point-to-point
 ip ospf 100 area 0   //启用OSPF
 duplex auto
 mpls ip   //启用MPLS转发
!
router ospf 100
!
router bgp 100
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 4.4.4.4 remote-as 100  //与对端PE设备建立VPNV4邻居
 neighbor 4.4.4.4 update-source Loopback0   //修改更新源
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 4.4.4.4 activate   //激活对端PE邻居
  neighbor 4.4.4.4 send-community extended  //自动生成，可以删除
 exit-address-family
 !
 address-family ipv4 vrf A   //为每个vrf创建一个地址族
  redistribute static   //在地址族下为每个VRF引入路由
 exit-address-family
!
ip route vrf A 6.6.6.6 255.255.255.255 16.0.0.6   //配置到达对端CE设备的静态路由
!
line con 0
 exec-timeout 0 0
 

R3 configuration

R3#show running-config 
！
hostname R3
!         
ip cef   //开启快速转发
！
mpls label range 300 399  //设备标签分发范围
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
 ip ospf network point-to-point
 ip ospf 100 area 0  //启用OSPF
!
interface Ethernet0/0
 ip address 13.0.0.3 255.255.255.0
 ip ospf network point-to-point
 ip ospf 100 area 0  //启用OSPF
 duplex auto
 mpls ip   //启用MPLS转发
!
interface Ethernet0/1
 ip address 23.0.0.3 255.255.255.0
 ip ospf network point-to-point
 ip ospf 100 area 0
 duplex auto
 mpls ip
!
interface Ethernet0/2
 ip address 34.0.0.3 255.255.255.0
 ip ospf network point-to-point
 ip ospf 100 area 0
 duplex auto
 mpls ip
!
interface Ethernet0/3
 ip address 35.0.0.3 255.255.255.0
 ip ospf network point-to-point
 ip ospf 100 area 0
 duplex auto
 mpls ip
!

an examination

View R1's VPNV4 route

View R1's MP-BGP neighbors

Verify the communication between R6 and R7:

Trace route

Dynamic routing protocol is adopted between PE and CE

Note: You need to associate with VRF to establish contact with CE!

RIPv2

R6 configuration

R6#show run | se r r
router rip
version 2
 network 6.0.0.0
 network 16.0.0.0
 no auto-summary
！

R7 configuration

R7#show run | se r r
router rip
version 2
 network 7.0.0.0
 network 47.0.0.0
 no auto-summary
！

R1 configuration (similar to R4 configuration, do two-way redistribution)

R1#show running-config | se r r
router rip
 !
 address-family ipv4 vrf A  //关联vrf
  redistribute bgp 100 metric 1  //引入BGP路由，并设置cost
  network 16.0.0.0
  no auto-summary
  version 2
 exit-address-family
！
R1#show running-config | se r b
router bgp 100
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 4.4.4.4 remote-as 100
 neighbor 4.4.4.4 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 4.4.4.4 activate
  neighbor 4.4.4.4 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf A
  redistribute rip  //引入rip路由
 exit-address-family
！

R3 configuration is the same as static routing

an examination

Verify communication:

EIGRP

R6 configuration

R6#show run | se r e
router eigrp 90
 network 6.6.6.6 0.0.0.0   //宣告接口
 network 16.0.0.6 0.0.0.0  //宣告接口
！

R7 configuration

R7#show run | se r e
router eigrp 90
 network 7.7.7.7 0.0.0.0
 network 47.0.0.7 0.0.0.0
 ！

R1 placement

R1#show run | se r e
router eigrp A  //命名的EIGRP
 !
 address-family ipv4 unicast vrf A autonomous-system 90   //关联VRF
  !
  topology base   //在topology base 下进行重分发
   redistribute bgp 100 metric 100000 100 255 1 1500
  exit-af-topology
  network 16.0.0.1 0.0.0.0   //宣告接口
 exit-address-family
！

R4 configuration

R4#show run | se r e
router eigrp A
 !
 address-family ipv4 unicast vrf A autonomous-system 90
  !
  topology base
   redistribute bgp 100 metric 100000 100 255 1 1500
  exit-af-topology
  network 47.0.0.4 0.0.0.0
 exit-address-family
！

View R6 routing table

Verify communication:

MP-BGP

as-override put ring

R6 and R7 have the same autonomous system number. Call as-override on the PE device against the CE neighbor to destroy the ring release mechanism

R6 configuration

R6#show run | se r b
router bgp 200   //R7与R6自治系统号相同
 bgp log-neighbor-changes
 network 6.6.6.6 mask 255.255.255.255  //宣告回环口地址
 neighbor 16.0.0.1 remote-as 100   //宣告邻居
 ！

R7 configuration

R7#show run | se r b
router bgp 200   //R7与R6自治系统号相同
 bgp log-neighbor-changes
 network 7.7.7.7 mask 255.255.255.255  //宣告回环口地址
 neighbor 47.0.0.4 remote-as 100   //宣告邻居
 ！

R1 placement

R1#show run | se r b
router bgp 100
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 4.4.4.4 remote-as 100
 neighbor 4.4.4.4 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 4.4.4.4 activate
  neighbor 4.4.4.4 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf A
  neighbor 16.0.0.6 remote-as 200
  neighbor 16.0.0.6 activate
  neighbor 16.0.0.6 as-override  //破话BGP的ASPATH放环机制
 exit-address-family
 ！

R4 configuration

R4#show run | se r b
router bgp 100
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 1.1.1.1 remote-as 100
 neighbor 1.1.1.1 update-source Loopback0
 !
 address-family vpnv4
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf A
  neighbor 47.0.0.7 remote-as 200
  neighbor 47.0.0.7 activate
  neighbor 47.0.0.7 as-override  //破话BGP的ASPATH放环机制
 exit-address-family
！

verification:

7.7.7.7/32 route path is modified to 100

R6 communicates with R7

allowas-in put ring

Call allowas-in to destroy the ring release mechanism for PE neighbors on CE equipment

R6 configuration

R6#show run | se r b      
router bgp 200
 bgp log-neighbor-changes
 network 6.6.6.6 mask 255.255.255.255
 neighbor 16.0.0.1 remote-as 100
 neighbor 16.0.0.1 allowas-in 1  //针对PE邻居调用  allowas-in ，允许携带本自治系统号1次的路由进来
！

an examination:

SOO 放 环

R1, R4, R5 establish VPNV4 neighbors with each other

R4 configuration

R4#show run | se route-m
  neighbor 47.0.0.7 route-map SOO in
route-map SOO permit 10   //创建路由策略
 set extcommunity soo 78:78   //设置扩展团体属性SOO
R4#show run | se r b    
router bgp 100
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 1.1.1.1 remote-as 100
 neighbor 1.1.1.1 update-source Loopback0
 neighbor 5.5.5.5 remote-as 100
 neighbor 5.5.5.5 update-source Loopback0
 !
 address-family vpnv4
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 send-community extended
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf A
  neighbor 47.0.0.7 remote-as 200
  neighbor 47.0.0.7 activate
  neighbor 47.0.0.7 as-override
  neighbor 47.0.0.7 route-map SOO in  //针对CE邻居调用SOO策略
 exit-address-family
 ！
R4#show run | se vrf de
vrf definition A
 rd 100:200
 !
 address-family ipv4
  route-target export 47:47
  route-target import 16:16
  route-target import 58:58
 exit-address-family
 ！

R5 configuration

R5#show run | se route-map
  neighbor 58.0.0.8 route-map SOO in
route-map SOO permit 10    //创建路由策略
 set extcommunity soo 78:78  //设置扩展团体属性SOO
R5#show run | se r b      
router bgp 100
 bgp log-neighbor-changes
 neighbor 1.1.1.1 remote-as 100
 neighbor 1.1.1.1 update-source Loopback0
 neighbor 4.4.4.4 remote-as 100
 neighbor 4.4.4.4 update-source Loopback0
 !
 address-family vpnv4
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 send-community extended
  neighbor 4.4.4.4 activate
  neighbor 4.4.4.4 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf A
  neighbor 58.0.0.8 remote-as 200
  neighbor 58.0.0.8 activate
  neighbor 58.0.0.8 as-override
  neighbor 58.0.0.8 route-map SOO in  //针对CE邻居调用SOO策略
 exit-address-family
 ！
R5#show run | se ip vrf
ip vrf A
 rd 5:5
 route-target export 58:58
 route-target import 47:47
 route-target import 16:16
 ip vrf forwarding A
 ！

R1 placement

R1#show run | se ip vrf
ip vrf A
 rd 100:200
 route-target export 16:16
 route-target import 47:47
 route-target import 58:58
 ip vrf forwarding A
R1#show run | se r b   
router bgp 100
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 4.4.4.4 remote-as 100
 neighbor 4.4.4.4 update-source Loopback0
 neighbor 5.5.5.5 remote-as 100
 neighbor 5.5.5.5 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 4.4.4.4 activate
  neighbor 4.4.4.4 send-community extended
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf A
  neighbor 16.0.0.6 remote-as 200
  neighbor 16.0.0.6 activate
  neighbor 16.0.0.6 route-map A out
 exit-address-family
 ！

Check:
R7 cannot receive R8's route.

On the contrary, R8 cannot receive R7's route.