LabMinutes# SP0006 – Cisco MPLS VPN Fundamental (Part 2)

moving on to our project numeral three which is completing out MPLS VPN configuration and the goal of this is to provide connectivity for the customer c1 and c2 across our MPLS VPN okay so so far we already have the customer network prepped for this now we’re going to have to complete the BGP configuration in the middle now so first we have to configure a full mesh ibgp between r1 r2 and r4 which are LP routers to haul via p.m.V4 roadway we need to disable ipv4 bgp make sense because we do a VPN v4 not ipv4 and we must use BGP or template since the configurations going to be pretty much same for each of the peer and a neighbor configuration so merely to be efficient and then we need to source out BGP from the loopback as we usually do when we can figure it I be GP okay so let’s run with that first starting off with our router r1 and I feel out a s numeral is 100 a so router bgp 100 no synchronous and no auto gain a standard bgp config with the router ID 1 say 2 16 0.1 say it is essential to disable ipv4 the default so in command is a no bgp default ipv4 unicast and then we go ahead and configure our peer template if you’re not familiar with the peer template we have a separate bgp video that moves you through the concept of peer template so you want to check that out there’s our two types so first is peer conference we’re going to call this one PE ok and what you can configure now so are the basic remote a s as well as the update source okay there’s a assortment of other configuration they can do as well but the ones that’s required for an our particular test here if you laded a s 100 and then update source 3 back to 0 okay second type of PA template is peer policy I’m going to call it the same name PE and what is necessary from this particular template is the sent commuity as I mentioned the street target is actually an extended society so we need to make sure that all of our BGP neighbours are capable of sending an extended community okay so now that we have the peer template we can go ahead and configure our neighbor to acquire the peer template so start out with our neighbour once a to 1602 which is how our two command to inherit the peer template is inherit and then you can do question mark you can see the only options we have here is peer session okay if you’ve done this before I inhibit the peer template you might expect to see a PA policy here as well but since we have very disabled the ipv4 BGP the peer policy configuration it’s actually going to be configure under the address family at VPN before she will see in the second here but for us we only need to configure peer session at this time and it is necessary to the four for that okay now we need to get under the address family and if you have done where there’s vrf beacon with the BGP you might be familiar with ipv4 address family with the vrf alternative but for the superhighway that’s going to be carry or transported across the MPLS VPN those superhighway are considered a VPN v4 roadway so we have to do address home TP and b4 and then get only a unicast okay the first thing you need to do just like any other address family is to activate their neighbor so firstly r2 and then we do activate and then we can go ahead and acquire as you can see right here the only option we have is peer policy because peer time has already been taken care of outside of address family and they’ll be PE I’m just do up arrow and then do the same thing for our for okay so activate alley four and then inherit beer policy and there should be out of the configuration that we need and that will be pretty much almost identical for all our routers so I’m going to do now is to bring up a notepad and then copy these relevant sections and we’re just going to modify slightly so we have a peer policy pure hearings or these abides the same on all off the routers router ID for next round we’re getting it configured is our two so I have to change it to our two and then the peer is going to be r1 and r4 so this will be our one we actually don’t eat this because it’s part of the peer programme so right here are two PRA 104 104 okay so I don’t need that neither and we can’t exactly articulated no sync only to make sure no audio in case you’re running on the iOS that doesn’t have those options as a default and let me copy that down over two by two and then paste okay so this for our two however last-place router is our four so we’re going to change that it is necessary two it should be two can copy-and-paste so let’s do some speedy proof from our one if you do show IP BGP and then just somewhere you can see that we have absolutely nothing because that’s acquired in ipv4 BGP which “were not” extending for our scenario now what you need is instead a VPN v4 option and then you can exactly do all or you can if you’re only interested in certain VR app you can stew vrf as well here we just do all so currently we have a VP and v4 BGP connection from r1 to r2 and r4 and you are able do a neighbor command let’s see here are items our neighbour details for r2 then we have a capability to transport VP and v4 and that would be advertised and received right we can go over to for and do the same thing real quick for my pvp pvp MV full dormitory summary same thing i’ve already has connection to r2 and r1 ok so there should be first part of the enterprise now let’s move down to the next strand which is advertised all pece subnet into appropriate v RF and then once those subnets are advertised we’re going to go ahead and trace the labels being used from traffic or by the traffic from the OSA 216 16 subnet to 132 1627 subnet which is this segment right here going toward the subnet right here ok so begins with the ad of the subnet on r1 and we currently have two boundaries this part of want to see one and the other one is look two so in order to advertise the subnet into the MP BGP we get under the BGP 100 and then we need to get under the address family since this is part of a neighbourhood DRF we have to do ipv4 and then VR fc-1 so far experience one the network is once a two 16160 with the mass of reduce 24 and then do pretty much the same thing for C 2 which is once a to 1618 it’s nice 24 ok we’ll come back and take a look at as far as what that direction looks like but let’s go ahead and ended router r2 and r4 so on a router r2 have a router bgp and I speculate router r2 has the VR F of C 1 so address home of PVR fc-1 Network 1627 0 mass 0 okay and the last router is r4 that has the VR F of C 2 system 104 fleck 0 zero okay so at this stage all of the subnet that belongs to the RF c1 and c2 you should be advertised across the MPLS VPNs let’s go and has confirmed that starting at r1 I’ m going to show IP BGP VP and V for all so that will show you the whole routing table for both or all for actually all of the vrf so the first one is V RFC one as you can see the regional superhighway which has the heavines of 32 768 and the next time of quad 0 the issue is neighbourhood Ralph it’s a VLAN 16 and this also has received a route that belongs to the same vrf on the other side coming in from r7 for our to our seven CPE which is what’s at your 1627 and those are identify or that is identified as a ibgp brown’s okay same thing with the V RFC – it has a neighbourhood route elbows a 3 16 18 and it has receive a remote road so if once they do 16 104 so you can see the roadway has been successfully exchanged now if you’d kind of look deeper into the route itself I’d this are now considered an ipv4 route so sure i pv g BG p VPN p4o once a to 16 16 0 so these are the regional routes let’s make a note that right here instead of simply a regular prefix has actually been prepended with the rap distinguisher as i mentioned earlier and route distinguisher spawns the VPN v4 roadway distinct so that mode if you have a overlapping or the same prefix that’s being used between different customers you make sure that those are all state unique because different client will be having it unique brown distinguish or assigned to them okay you so want to make a quick note as far as the extended parish as well which is route target so the direction hasn’t been attacked as part of the superhighway target exportation with the route target of 100 100 so together with that the router r1 also has assigned a MPLS label a neighbourhood label of 25 for this particular roadway you can see right here so that’s for input 25 and in case it’s the local right there’s no yield label okay so that’s how that’s actually a different method of exchanging and LDP or MPLS label LDP was committed as part of them was one method but for MPLS VPN bgp or to be exact is the multi-protocol bgp is used by a router to advertise the MPLS label so on every PE routers each of the prefix on each PRF has a label assigned to it just like how the regular MPLS router has the label assigned to its street in this unicast routing counter okay so let’s take another look at the remote street so we just look at the neighbourhood directions speck 16 now let’s take a look at 27 okay so same thing the rat has been prepended with the Rd of 100 hundred and extended community these are being received from by r1 from r2 okay and along with that direction is a label MPLS label 24 okay so for r1 to send traffic to this particular subnet it are essentially impose a label of 24 to the packet which you will see when we do the packet capture okay it’s just for the sake of completeness let’s do a present dictation for c2 as well so c2 you can see how they wreaked distinguish a disgrace to 202 203 our target has changed as well and then the neighbourhood description for that is 26 and the last route is 104 and c2 200 200 200 and then the remote name is 23 for that rounds right so now let’s do a support and pls forwarding figure out of fc-1 so I time want to see what it looks like whenever one feeds the same traffic towards the VLAN 27 subnet and this is kind of stepping into the task for tracing the label used by the traffic from VLAN 16 to VLAN 27 okay so let’s see what that looks like so r1 2 an MPLS forwarding based on V RFC 116 about 27.0 “youre seeing” the outgoing description is shown as 24 okay and the prefix is 27. 0 and V mark it’s part of a PRF ARS VPN street and the next top is a router r3 which is our P router right here that’s our next top certainly from r1 but what this evidence bidding doesn’t register you is these label load so we need to do a detail of the same command so right here now you can see the whole label stack that will get imposed onto that container so 24 is just the transport label if you will merely to get the traffic from one PE to another the ingress PE to egress PE but what’s actually identifying the remote prefix on the end prefix is D or actually 24 is that 18 is a transport label and 24 is actually the true label for the end okay so here’s a label staff that would be the bottom but that would be the bottom of the stack and then 18 will be the top of the stack so 8 description 18 will get the traffic from r1 to r2 basically and then on top of that you have 24 which is the VPN label and if you recall where reference is did the indicate the IP BGP command right here for one say two 1627 we’re seeing that the label 24 was advertised along with the street from the router r2 to identify that particular prefix and your thing you want to make a know fairly is the mr you actually went down if you’ve been watching a previous video appointed ru has traditionally been 1500 which is the same as the interface MTU by default but now since we are dealing with additional MPLS label you can see how it gets reduced by 4 bytes because each MPLS label is 4 bytes long okay so we know that as the packet leaves the router r1 it’ s going to have a stack of 18 and 24 okay so top to bottom 18 on the top 24 at the bottom you can pretty much do the same thing with the present IP seft vrf command c1 once we through 16 27.0 okay you can see that the two description that get imposed to the packet sir shown in right there 18 and 24 so now we’re going to trace this specific names or these labels on the containers so next hop-skips are our sr3 so we’ re going to go over to r3 and they’re going to do substantiate and TLS forwarding we know that it’s going to be coming in as name 18 so let’s see how the r3 lookup label 18 okay so input label 18 or incoming label 18 it’s going to be outgoing or be swapped by the outgoing label 16 okay and that’s being loading poise between the interface 0 0 0 and 0 1 0 because we have an equal payment paths to get to r2 now okay so r3 has an option to send traffic that method on that space but either way it will swap the label 18 with the label 16 so at this station the packet should become 16 24 so the bottom label or API label should never vary okay so 16 24 now let’s assume that the packets on the r3 actually select r5 for that so we’re going to hop-skip over to our 5 and we’re going to look for pls forwarding label 16 okay and at this pitch the RFI who will altogether remove the label or a top description must do maintain the maintaining the MPLS label as far as papa call pa call entails removing the topmost label okay and it’s going to say it out of zero zero zero and that’s towards our two and as you can see that particular name is being used or it should be used for getting to the prefix it was a two 1602 which is our two right here okay so as it leaves our five the tax 16 does sounded so what is left is name 24 okay now finally the packet contacts the egress PE router with description 24 so we’ve been trying to only indicate MPLS forwarding description 24 that you can see that how to knows exactly that that particular packet is destined to arrive for the once 8216 27 subnet okay there’s also labelled as a VPN v4 VPN roadway as well okay and only to make a quick note the behavior of removing the topmost label before it reached the final or egress PE router is what is called a penultimate move popping or hop hop or PHP and that mode r2 doesn’t have to do a label look up twice and in this case all the RTV needs to look up this name 24 knows exactly where the end of that container is okay so now you should understand it a bit better as far as how the MPLS VPN packets gets moved across a MPLS core network and how the MPLS VPN label toy our part in that and simply to reiterate the label 24 is the label that are to communicate to r1 as one of the purposes of the BGP advertisement so our one knows what containers to what names to foist before it’s it pushed the container into the MPLS kind of so next we need to make sure that the r6 can reach r7 and r8 can reach switch 1 but there should be no connectivity between the two purchasers structure okay so it means is our six right here should be able to reach our seven and then aren’t eight should be able to reach switch one even before we do out connectivity evaluation from the Cee device we can do a immediate exam between the PE to PE sourcing from the current spinning network so let’s try firstly for a purchaser c1 from r1 to r2 let’ s do a simple ping for this we need to source it from the compensate vrf which is c1 and then while we’re trying to ping it so I’d say 216 27.2 which is our IP of to interphase right here and then enter you can see that it’s reachable actually let me go over to r2 and then do a immediate Kiba ICMP so you know exactly what source IP the packets exercising so it’s the r2 is ascertaining the IP or the packet is coming from the IP you formerly a 216 16.1 run ASL fast 0 1.16 on r1 okay so that’s basically proof that we have connectivity for that special vrf across the subnet we can do the same thing with our one pinging vrf c2 1 say 216 DUP 104 fleck species it’s just i’ll for fast ethernet and 0 boundary you can see that it’s pinging boys ok so now we’re going to need to do two research message connectivity is to start off by going to get our 6 so since you’re not working a dynamic route protocol between c e and PE well we just need to do is to create a static roadways on our 6.2 r1 and to keep things simple just going to do a default value static on our six so authorities IP superhighway and a success no idea about the PRF itself so it doesn’t have to reference in the various kinds of b RF whatsoever it’s just a PE router that has the knowledge of the PRF configuration all it knows for r6 is in order to send a traffic for anything for now the next moves going to be our one okay and we have to do the same thing on our seven as well for the return freight so superhighway IP roadway formerly a to 1627 for our salmon is scattered 2 which is router 2 okay now from r7 now you are eligible to precisely basically with a through 16 16.6 you can see that it’s payable now okay so merely ping our aim our six from our seven then we going to take care of the V RFC – so I have to go into the r8 same thing IP streets plus 18 16 18.1 and then I’ll switch one IP route formerly they 2016 at 104 speck 1 if actually it’s not for leave that for and then do a ping plus a 2 16 18.8 and that is ping Apple as well ok let’s go back to our 6 real quick and we know we were able to ping our 6 from our 7 and we should be able to ping our 7 from our 6 as well 7 and that’s it’s the case now we can do a draw superhighway to that and see what happens you can see how our 6 ascertains every single hop so I proceeded from our 6 to 1 3 4 to 7 it is therefore exited 1 3 4 and then 2 finally 7 ok but if you’re trying to ping from c1 to c2 which is our 6 to let’s say a switch one 104 scatter 10 and you can see that is not ping Abul in fact it’s receiving a unreachable ICMP and contact for the container because then there’s no such roads to this particular prefix in the routing table or that special vrf routing table ok so we have successfully assessment connectivity between the two remote websites within the same vrf but not bridging the vrf takes that takes us to our final components on now project which is we need to one Wireshark packet capture on our m1 fast 0 0 and discuss the MPLS VPN okay so we’re going to run wah shark right here okay so now let me bring up ma shark and we need to make sure that the house which has the encompass discussion configure so let me make sure that’s the case Steve show my opening hearing okay so apparently there’s no straddle conference on this switching so our our one lodge zero zero so that’s where what the interface is is connected to a button fast zero one so right here fast zero one so and we have a washer arc machine off a fast 0:23 remember hearing so I see interphase fast 0 1 and then destination interphase fast 0 23 okay and here’s our wireshark capture that will be half of flowing so we’re going to do now is to time a ping from r6 again right here to r7 and see what that packet looks like as it leaves router r1 just going back to router r6 go up arrow give 27.7 there “theres going” five ping successful assure a Bachelor pings right here let me stop the capture and let’s go through the ping seek container starting off with the Ethernet since it’s an Ethernet interface okay we’ve seen this before and now previous MPLS video where the ethernet make type from the next hitter is MPLS and then we have actually this time to MPLS labels as we anticipated one is advisable to 18 which is the topmost just right here as you can see it establishes as description 18 experimental bit is 0 since we’re not actually dealing here with key OS at this phase and then we have a TTL of 254 okay and then the next description are at the bottom of the stack description which is the MPLS VPN label it has a label number of 24 that’s we once again ensure on our display bids earlier then you can see since it’s a freighter of the stack is also has a bits for the bottom label load set to 1 and the TTL is also 254 okay and then after a bottom of the load MPLS is just two regular IP headers with the bar 6 PI P as a source and then R 7 as the end and these are just regular IP packet header time-to-live 254 ok this protocol ICMP and then we have Ally cmp warhead for ping petition ok so coming back the other way reply although we didn’t quite discover the labels on the packet coming from going from our seven back to our 6 ok but we kind of talked about how the and the last hop the packets are the topmost label and the container goes divested and then we just left with the VPN label right here so the same should be true right here since this this right here is the last hop as the container comes in to our one for the ICMP reply we have the label 25 and that’s and if you retain when we did the appearance require on our one realise we can find that for right here once a to 1616 it has the neighbourhood name of 25 allocated for that particular prefix and that’s why when the traffic is coming back towards Wednesday to 1616 it has the VPN label of 25 okay that’s the transport label which is used to be a topmost label got divested already because of the PHP action alright and then it’s just a regular like ping echo reply alright so that’s pretty much the structure of a MPLS VPN container and that concludes task number three okay so what we’ve looked at so far this laboratory is just a very basic configuration of MPLS VPN we haven’t even dealt with a dynamic CEP routing etiquettes more and things like the well advanced and pls topology or even a share assistances those are something we’re going to be looking at in our future videos but the most important thing is you guys have a good understanding of this technology in its most basic form before proceeding to a well advanced or complex configuration okay so this pretty much wraps up our video on MPLS VPN fundamental you can visit our website to consider an lengthy schedule of our lab videos and sign up to get access to additional lab contents expressed appreciation for for watching laboratory information pacify and I’ll see you guys in the next video

You May Also Like