Download the full article
In this post I have covered how to provision Internet to customer if service provider is having the MPLSVPN backbone and the customer is looking for internet as well as vpn services.
R0 – CPE router
R1 – PE router
R2 – Internet Gateway of SP and default route is originating in OSPF
Figure is given below:-
Internet Cloud----------R2----------------R1----------------CE
R2 router is having a directly connected interface with upstream service provider router. A vrf INTERNET is configured on R2 with default route pointing towards the 2.2.2.2 which is available in global routing table. For achieving this global keyword is used. Click here for more information about global keyword in VRF.
Configuration of R2
ip vrf INTERNET
rd 1:2
route-target export 1:2
router bgp 1
address-family ipv4 vrf INTERNET
redistribute connected
no auto-summary
no synchronization
Now check the route table of VRF INTERNET on R2
R2#show ip route vrf INTERNET
Gateway of last resort is 2.2.2.2 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 2.2.2.2
BGP routing table for vrf INTERNET
Router#sh ip bgp vpnv4 vrf INTERNET
From the above output of bgp routing table of VPNv4, no default route is coming in the gp routing table. The reason for this is that 2.2.2.2 is not available in vrf INTERNET routing table that’s why it is not installing in the vrf INTERNET bgp routing table. For its completion you need to add a 0.0.0.0 network under address-family INTERNET.
router bgp 1
address-family ipv4 vrf INTERNET
redistribute connected
network 0.0.0.0
no auto-summary
no synchronization
Check the vpnv4 bgp routing table of vrf INTERNET
R2#show ip bgp vpnv4 vrf INTERNET
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:2 (default for vrf INTERNET)
*> 0.0.0.0 2.2.2.2 0 32768 i
Hurrah! Received default route in bgp routing table of vrf INTERNET.
Being MPLS is enabled in the whole cloud and need to check the label for route in vrf INTERNET. I love utmost the given commands because it gives the full information about the labels. 18 label is generating for given route and r2 will advertise the same route towards the cloud to RR or other PE routers.
R2#show ip bgp vpnv4 vrf INTERNET 0.0.0.0
BGP routing table entry for 1:2:0.0.0.0/0, version 3
Paths: (1 available, best #1, table INTERNET)
Advertised to update-groups:
1
Local
2.2.2.2 from 0.0.0.0 (10.10.10.10)
Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, local, best
Extended Community: RT:1:2
mpls labels in/out 18/nolabel
R2#show mpls forwarding-table labels 18
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id Switched interface
18 No Label 0.0.0.0/0[V] 570 Fa0/1 2.2.2.2
Configure R1 and customer vrf named CUST is coming on same pop. In my previous article of “How Internet Works In MPLS” depicts that a vrf route leaked in global. But in this article CUST vrf requires the default route to access internet freely.
Configuration of VRF CUST on R1
R1#show running-config | section vrf CUST
ip vrf CUST
rd 1:1
route-target export 1:1
route-target import 1:1
router bgp 1
address-family ipv4 vrf CUST
redistribute connected
redistribute static
no auto-summary
no synchronization
Routing table of vrf CUST
Router#sh ip route vrf CUST
Routing Table: CUST
192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.0 is directly connected, FastEthernet0/1
BGP vpnv4 routing table of vrf CUST
R1#show ip bgp vpnv4 vrf CUST
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf CUST)
*> 192.168.1.0/30 0.0.0.0 0 32768 ?
Till now CUST vrf doesn’t have the default route. For that we need to play with route target. INTERNET vrf is exporting 1:2; in other words one can understand the INTERNET is saying to MPLS cloud those who want to surf internet, accept me. Now CUST vrf wants to surf internet; for this it needs to import that default route in its vrf by using route target import 1:2 in its vrf CUST.
ip vrf CUST
rd 1:1
route-target export 1:1
route-target import 1:1
route-target import 1:2
Routing table of vrf CUST
Router#show ip route vrf CUST
Routing Table: CUST
192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.0 is directly connected, FastEthernet0/1
B* 0.0.0.0/0 [200/0] via 10.10.10.10, 00:50:36
BGP vpnv4 routing table of vrf CUST
Router#sh ip bgp vpnv4 vrf CUST
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf CUST)
*>i0.0.0.0 10.10.10.10 0 100 0 i
*> 192.168.1.0/30 0.0.0.0 0 32768 ?
From the above output vrf CUST is receiving a default route with next hop 10.10.10.10 which is the router id of R2. R1 will forward the vpnv4 traffic to R1 there after traffic will leak to the global routing table. [Check How internet works in MPLS]
You are amazed because I have been using vpnv4 keyword in the above paragraph. VPNv4 means label will be pushed from R1 to R2 then R2 will remove the label and forward the ip traffic. As per process two labels should imposed on packet; one label for vpnv4 and another label for IGP. But in my scenario R2 is the directly connected router so that implicit null generated for 10.10.10.10 and vpnv4 label of 18 is imposed. This is the same label which is shown in above output of INTERNET vrf. The foremost difference is that in INTERNET vrf label is “in” and on R2 it is showing as “out”.
Router#sh ip bgp vpnv4 vrf CUST 0.0.0.0
BGP routing table entry for 1:1:0.0.0.0/0, version 9
Paths: (1 available, best #1, table CUST)
Not advertised to any peer
Local, imported path from 1:2:0.0.0.0/0
10.10.10.10 (metric 2) from 10.10.10.10 (10.10.10.10)
Origin IGP, metric 0, localpref 100, valid, internal, best
Extended Community: RT:1:2
mpls labels in/out nolabel/18
Router#sh mpls ldp bindings 10.10.10.10 32
lib entry: 10.10.10.10/32, rev 8
local binding: label: 17
remote binding: lsr: 10.10.10.10:0, label: imp-null
For reverse traffic global route is added in R1 for CUST
ip route 3.3.3.1 255.255.255.255 FastEthernet0/1 192.168.1.2
Test from R0 which is CE router
R0#ping 4.2.2.2 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.1
!!!!!
The foremost advantage of using this scenario is that only a single INTERNET vrf need to be created in the whole cloud and where ever customer is looking for internet simply import the route target of the VRF. Ease of manageability.
regards
shivlu jain
Tuesday, March 10, 2009
Provisioning Internet With INTERNET vrf
Subscribe to:
Post Comments (Atom)
5 comments:
MPLS L3 VPNs allow customers to use overlapping IP addresses and private IP ranges.
Is is true that in a situation like this an Internet VRF would not work unless you manage your customer's IP space to ensure there are no overlapping ip addresses being used? You then have to apply some form of NAT on R2 if they were using private IP's.
Thanks.
Andy
I hope you will keep updating your content constantly as you have one dedicated reader here.
online pharmacy
I’m really Glad i ran across this web site.Added pompeiitours.org to my bookmark!
clomid
Can you please write a new post about this topic (in detail)? coz there are some issues like : overlapping private IP addresses. Do we need to do the NAT ???? Please help. I'm in a situation like this: 2 Public IP client and 5 Private IP clients ...??
yes you need to provision nat in case of overlapping of ip addresses.
contact me on my email with your full problem description:- shivlu.jain at gmail dot com
Post a Comment