Monday, March 9, 2009

Route Leaking For Internet In MPLS

In this post I have covered how to provision Internet to customer if service provider is having the MPLSVPN backbone and the customer is looking for internet as well as vpn services.
R0 – CPE router
R1 – PE router
R2 – Internet Gateway of SP and default route is originating in OSPF
Figure is given below:-
Internet Cloud----------R2----------------R1----------------CE

R2 router is having a default route towards the upstream service provider. On R1 vrf CUST is created and fa0/1 is part of vrf CUST.
Configuration of R1
ip vrf CUST
rd 1:1
route-target export 1:1
route-target import 1:1
router bgp 1
address-family ipv4 vrf CUST
no auto-summary
no synchronization
ip route vrf CUST 0.0.0.0 0.0.0.0 10.10.10.10 global

Note:- Even is your primary path is mpls enabled and by anyhow you forgot to enable mpls on back path; No issues even in that case internet customers will never face any type of downtime.
A new command is added in vrf with global keyword. Meaning of this command is that in the vrf table default route will be destination but the next hop which is 10.10.10.10 will be searched in global routing table. Here the actual route leaking comes in picture. For more read “How internet works In MPLS” which depicts the flow of traffic. Actually this PE will convert the MPLSVPN packet to ipv4 packet and forward towards the 10.10.10.10 which is the loopback address of PE2. When the ip packet reaches at PE2 it gets the default route towards the service provider. Now check the ping of 4.2.2.2 from CE router.
CE#ping 4.2.2.2 source loopback 0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.1
.....

Woh! Ping is not working. Do you know where the problem is? Of course you could answer if you would read “How internet works In MPLS”.
Let’s start troubleshooting and find where the fault is? Check the routing table of R2

R2#show ip route
1.0.0.0/30 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, FastEthernet0/0
2.0.0.0/30 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, FastEthernet0/1
10.0.0.0/32 is subnetted, 2 subnets
C 10.10.10.10 is directly connected, Loopback0
O 10.10.10.20 [110/2] via 1.1.1.2, 00:27:29, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 2.2.2.2

Actually for reverse traffic the customer global route which is 3.3.3.0 is not in global routing table of R2. For that we need to add the route in the global towards the customer end on PE1.
ip route 3.3.3.1 255.255.255.255 FastEthernet0/1 192.168.1.2
Still ping wouldn’t come because R1 knows about the static route and what about the R2 router. Of course need to redistribute static route in OSPF.
PE1# Router ospf 1
Redistribute static subnets

Now check the routing table of R2
R2#show ip route
1.0.0.0/30 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, FastEthernet0/0
2.0.0.0/30 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, FastEthernet0/1
3.0.0.0/32 is subnetted, 1 subnets
O E2 3.3.3.1 [110/20] via 1.1.1.2, 00:00:02, FastEthernet0/0
10.0.0.0/32 is subnetted, 2 subnets
C 10.10.10.10 is directly connected, Loopback0
O 10.10.10.20 [110/2] via 1.1.1.2, 00:33:24, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 2.2.2.2

Ping from CE router to 4.2.2.2
CE#ping 4.2.2.2 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.1
!!!!!

Note:- Global ip addresses are used only for testing purpose and the scenario is simulated on local lan by changing the name of routers like internet etc.

Regards
Shivlu Jain

People who read this post also read :



1 comment:

raj said...

thanx for this educational post