Previous Section  < Day Day Up >  Next Section

Case Study—Hub and Spoke MPLS VPN Network Using BGP PE-CE Routing for Sites Using Unique AS Numbers

Figure 6-22 shows an MPLS VPN network implementing BGP PE-CE routing in a hub and spoke environment.

Figure 6-22. Hub and Spoke-Based MPLS VPN Network

[View full size image]


CE1-A, CE2-A, and CE3-A are CE devices. CE1-A is the hub CE for the Customer A network and is connected to PE1-AS1, which is the hub PE router for the Customer A network. CE2-A and CE3-A are spoke sites and are connected to PE2-AS1 and PE3-AS1. As shown in Figure 6-22, the PE-CE link between PE1-AS1 and CE1-A has two links. One link is configured to forward routing information for VRF from_spoke and another link for VRF from_hub. VRF from_spoke on PE1-AS1 is configured to receive routes from spoke sites CE2-A and CE3-A. VRF from_hub receives routes from CE1-A and sends that out to remote sites. The sequence of steps that takes place in the hub and spoke environment is shown in Figure 6-22.

Base MPLS VPN Configuration

Example 6-45 shows the base MPLS configuration.

Example 6-45. Base MPLS VPN Configuration for the Provider Core
hostname PE1-AS1

!

ip cef

!

mpls ldp router-id Loopback0

!

interface Loopback0

 ip address 10.10.10.101 255.255.255.255

!

interface Serial0/0

 ip address 10.10.10.1 255.255.255.252

 mpls ip

!

interface Serial1/0

 ip address 10.10.10.5 255.255.255.252

 mpls ip

!

router ospf 1

 log-adjacency-changes

 network 10.0.0.0 0.255.255.255 area 0

!

router bgp 1

 no synchronization

 bgp log-neighbor-changes

 neighbor 10.10.10.102 remote-as 1

 neighbor 10.10.10.102 update-source Loopback0

 neighbor 10.10.10.103 remote-as 1

 neighbor 10.10.10.103 update-source Loopback0

 no auto-summary

 !

 address-family vpnv4

 neighbor 10.10.10.102 activate

 neighbor 10.10.10.102 send-community extended

 neighbor 10.10.10.103 activate

 neighbor 10.10.10.103 send-community extended

 exit-address-family

__________________________________________________________________________

hostname PE2-AS1

!

ip cef

!

mpls ldp router-id Loopback0

!

interface Loopback0

 ip address 10.10.10.102 255.255.255.255

!

interface Serial0/0

 ip address 10.10.10.2 255.255.255.252

 mpls ip

!

router ospf 1

 log-adjacency-changes

 network 10.0.0.0 0.255.255.255 area 0

!

router bgp 1

 no synchronization

 bgp log-neighbor-changes

 neighbor 10.10.10.101 remote-as 1

 neighbor 10.10.10.101 update-source Loopback0

no auto-summary

!

 address-family vpnv4

 neighbor 10.10.10.101 activate

 neighbor 10.10.10.101 send-community extended

 exit-address-family

__________________________________________________________________________

hostname PE3-AS1

!

ip cef

!

mpls ldp router-id Loopback0

!

interface Loopback0

 ip address 10.10.10.103 255.255.255.255

!

interface Serial0/0

 ip address 10.10.10.6 255.255.255.252

 mpls ip

!

router ospf 1

 log-adjacency-changes

 network 10.0.0.0 0.255.255.255 area 0

!

router bgp 1

 no synchronization

 bgp log-neighbor-changes

 neighbor 10.10.10.101 remote-as 1

 neighbor 10.10.10.101 update-source Loopback0

 no auto-summary

 !

 address-family vpnv4

 neighbor 10.10.10.101 activate

 neighbor 10.10.10.101 send-community extended

 exit-address-family

Hub and Spoke MPLS VPN Configuration for Sites Using Unique AS Numbers

Figure 6-23 shows the relevant configuration to implement hub and spoke MPLS VPN for sites using unique AS numbers.

Figure 6-23. Hub and Spoke MPLS VPN Configuration for Sites Using Unique AS Numbers

[View full size image]


Verifying MPLS VPN Hub and Spoke Routing for Sites Using Unique AS Numbers

The steps to verify MPLS VPN hub and spoke routing are

Step 1.
Verify routing on hub PE and spoke PE?a class="docLink" href="#ch06ex46">Example 6-46 shows that VRF from_spoke on PE1-AS1 has received routes from spoke site Routers CE2-A and CE3-A via the MP-BGP session. VRF from_hub shows the routes received from CE1-A (hub CE). Similarly, PE2-AS1 and PE3-AS1 also show that routes are received by each of the VRFs configured on them.

Example 6-46. Verify Routing on Hub PE and Spoke PE Routers
PE1-AS1#show ip route vrf from_spoke

<truncated for brevity>

     172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks

B       172.16.30.0/24 [200/0] via 10.10.10.103, 00:24:08

B       172.16.20.0/24 [200/0] via 10.10.10.102, 00:25:08

B       172.16.10.0/24 [20/0] via 172.16.1.2, 00:25:23

C       172.16.1.0/30 is directly connected, Serial2/0

________________________________________________________________

PE1-AS1#show ip route vrf from_hub

<truncated for brevity>

     172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks

B       172.16.30.0/24 [20/0] via 172.16.1.6, 00:23:58

B       172.16.20.0/24 [20/0] via 172.16.1.6, 00:24:57

B       172.16.10.0/24 [20/0] via 172.16.1.6, 00:27:13

C       172.16.1.4/30 is directly connected, Serial3/0

________________________________________________________________

PE2-AS1#show ip route vrf spoke1

<truncated for brevity>

     172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks

B       172.16.30.0/24 [200/0] via 10.10.10.101, 00:25:42

B       172.16.20.0/24 [20/0] via 172.16.2.2, 00:26:42

B       172.16.10.0/24 [200/0] via 10.10.10.101, 00:27:27

C       172.16.2.0/30 is directly connected, Serial1/0

________________________________________________________________

PE3-AS1#show ip route vrf spoke2

<truncated for brevity>

     172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks

B       172.16.30.0/24 [20/0] via 172.16.3.2, 00:34:01

B       172.16.20.0/24 [200/0] via 10.10.10.101, 00:35:02

B       172.16.10.0/24 [200/0] via 10.10.10.101, 00:34:47

C       172.16.3.0/30 is directly connected, Serial1/0

Step 2.
Verify routing on CE routers?a class="docLink" href="#ch06ex47">Example 6-47 shows CE routers have received the relevant BGP routes.

Example 6-47. Verify Routing on CE Routers
CE1-A#show ip route bgp

     172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks

B       172.16.30.0/24 [20/0] via 172.16.1.1, 00:29:54

B       172.16.20.0/24 [20/0] via 172.16.1.1, 00:30:56

__________________________________________________________________________

CE1-A#show ip bgp

<truncated for brevity>

     Network      Next Hop          Metric LocPrf Weight Path

*> 172.16.10.0/24 0.0.0.0                0         32768 i

*> 172.16.20.0/24 172.16.1.1                           0 1 65002 i

*> 172.16.30.0/24 172.16.1.1                           0 1 65003 i

__________________________________________________________________________

CE2-A#show ip route bgp

     172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks

B       172.16.30.0/24 [20/0] via 172.16.2.1, 00:29:51

B       172.16.10.0/24 [20/0] via 172.16.2.1, 00:31:52

__________________________________________________________________________

CE2-A#show ip bgp

<truncated for brevity>

     Network      Next Hop          Metric LocPrf Weight Path

*> 172.16.10.0/24 172.16.2.1                           0 1 65001 i

*> 172.16.20.0/24 0.0.0.0                0         32768 i

*> 172.16.30.0/24 172.16.2.1                           0 1 65001 1 65003 i

__________________________________________________________________________

CE3-A#show ip route bgp

     172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks

B       172.16.20.0/24 [20/0] via 172.16.3.1, 00:31:17

B       172.16.10.0/24 [20/0] via 172.16.3.1, 00:30:46

__________________________________________________________________________

CE3-A#show ip bgp

<truncated for brevity>

     Network         Next Hop           Metric LocPrf Weight Path

*> 172.16.10.0/24 172.16.3.1                            0 1 65001 i        

*> 172.16.20.0/24 172.16.3.1                            0 1 65001 1 65002 i

*> 172.16.30.0/24 0.0.0.0                 0         32768 i

Step 3.
Verify connectivity between CE routers?a class="docLink" href="#ch06ex48">Example 6-48 shows CE2-A and CE3-A have access to each other's networks and the 172.16.10.0 network located on CE1-A.

Example 6-48. Verify Connectivity Between CE Routers
CE2-A#ping 172.16.10.1 source 172.16.20.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2 seconds:

Packet sent with a source address of 172.16.20.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 60/61/68 ms

___________________________________________________________________________

CE2-A#ping 172.16.30.1 source 172.16.20.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.30.1, timeout is 2 seconds:

Packet sent with a source address of 172.16.20.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 116/119/120 ms

___________________________________________________________________________

CE3-A#ping 172.16.20.1 source 172.16.30.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds:

Packet sent with a source address of 172.16.30.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 120/120/120 ms

___________________________________________________________________________

CE3-A#ping 172.16.10.1 source 172.16.30.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2 seconds:

Packet sent with a source address of 172.16.30.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 48/57/60 ms

    Previous Section  < Day Day Up >  Next Section