Skip to content

Belajar MPLS Layer 3 VPN

6 July 2010
----------------------------------------------------------------
!                 Belajar MPLS Layer 3 VPN                     !
----------------------------------------------------------------                   
----------------------------------------------------------------
!                          Topology                            !
----------------------------------------------------------------

----------------------------------------------------------------
!                          Terminology                         !
----------------------------------------------------------------
-LSR   : label switch router
-LSP   : label switched path
 The chain of labels that are swapped at each hop
 to get from one LSR to another
-VRF   : VPN routing and forwarding
 Mechanism in Cisco IOS®used to build
 per-customer RIB and FIB
-MP-BGP: multiprotocol BGP
-PE    : provider edge router interfaces with CE routers
-P     : provider (core) router, without knowledge of VPN
-VPNv4 : address family used in BGP to carry MPLS-VPN routes
-RD    : route distinguisher
 Distinguish same network/mask prefix in different VRFs
-RT    : route target
 Extended community attribute used to control import
 and export policies of VPN routes
-LFIB  : label forwarding information base
-FIB   : forwarding information base

----------------------------------------------------------------
!                Basic Layer 3 VPN configuration               !
----------------------------------------------------------------
1. Enable MPLS in core,advertise core links with OSPF,enable label
 switching on the core links
2. Enable MP-BGP between the PE (PE1-PE2),in the vpnv4 address family
 activate the neighbour and enable  the sending of extended comunitied
3. Create the VRFs on the PE1-PE2 routes, define the VRFs RDs and RTs,
 and associate interfaces with the VRFs
4. Enable Routing static,RIP,OSPF,EIGRP,BGP for custumer, mutually redis
 tribute with MP-BGP
----------------------------------------------------------------
!                        Provider Network                       !
----------------------------------------------------------------
-LDP Enable on core links
-R2(PE1) and R6(PE6) as Provider Edge, Sit at the Edge,
 Use MPLS with P routers, Uses IP with CE routers,
 Distributes VPN information through MP-BGP to other PE routers
-R3(P1),R4(P2),R5(P3) as Provider, Sit inside the network,
 Forward packets by looking at labels
-P and PE routers share a common IGP
-OSPF process ID 1 and area 0
-MP-BGP peer between R2(PE1) and R6(PE2)
----------------------------------------------------------------
!                          Custumer A VPN                       !
----------------------------------------------------------------
-RD 100:1
-RT 100:1
-R1(CE1) and R7(CE1) as Custumer Edge
-OSPF process ID 100 area 0
----------------------------------------------------------------
cnc2#sh ip vrf detail
VRF cnc1; default RD 100:1; default VPNID <not set>
 Interfaces:
 Gi1/0
VRF Table ID = 1
 Export VPN route-target communities
 RT:100:1
 Import VPN route-target communities
 RT:100:1
 No import route-map
 No export route-map
 VRF label distribution protocol: not configured
 VRF label allocation mode: per-prefix

cnc2#
----------------------------------------------------------------
cnc6#sh ip vrf detail
VRF cnc1; default RD 100:1; default VPNID <not set>
 Interfaces:
 Gi2/0
VRF Table ID = 1
 Export VPN route-target communities
 RT:100:1
 Import VPN route-target communities
 RT:100:1
 No import route-map
 No export route-map
 VRF label distribution protocol: not configured
 VRF label allocation mode: per-prefix

cnc6#
----------------------------------------------------------------
!                        Sample Configuration                   !
----------------------------------------------------------------
cnc2#sh run
!
hostname cnc2
!
ip cef
!
ip vrf cnc1
 rd 100:1
 route-target export 100:1
 route-target import 100:1
!
mpls label protocol ldp
!
interface Loopback0
 ip address 192.168.100.1 255.255.255.255
!
interface GigabitEthernet1/0
 ip vrf forwarding cnc1
 ip address 192.168.10.2 255.255.255.252
 negotiation auto
!
interface GigabitEthernet2/0
 ip address 192.168.10.5 255.255.255.252
 negotiation auto
 mpls ip
!
router ospf 100 vrf cnc1
 log-adjacency-changes
 redistribute bgp 100 subnets
 network 10.0.0.0 0.255.255.255 area 0
 network 192.0.0.0 0.255.255.255 area 0
!
router ospf 1
 log-adjacency-changes
 network 192.168.10.4 0.0.0.3 area 0
 network 192.168.100.1 0.0.0.0 area 0
!
router bgp 100
 bgp log-neighbor-changes
 neighbor 192.168.100.5 remote-as 100
 neighbor 192.168.100.5 update-source Loopback0
 !
 address-family ipv4
 neighbor 192.168.100.5 activate
 no auto-summary
 no synchronization
 exit-address-family
 !
 address-family vpnv4
 neighbor 192.168.100.5 activate
 neighbor 192.168.100.5 send-community both
 exit-address-family
 !
 address-family ipv4 vrf cnc1
 redistribute connected
 redistribute ospf 100 vrf cnc1 match internal external 1 external 2
 no synchronization
 exit-address-family
!
mpls ldp router-id Loopback0 force
!
end

cnc2#

----------------------------------------------------------------
cnc6#sh run
!
hostname cnc6
!
no aaa new-model
ip source-route
ip cef
!
ip vrf cnc1
 rd 100:1
 route-target export 100:1
 route-target import 100:1
!
mpls label protocol ldp
!
voice dsp waitstate 0
!
interface Loopback0
 ip address 192.168.100.5 255.255.255.255
!
interface GigabitEthernet1/0
 ip address 192.168.10.18 255.255.255.252
 negotiation auto
 mpls ip
!
interface GigabitEthernet2/0
 ip vrf forwarding cnc1
 ip address 192.168.10.21 255.255.255.252
 negotiation auto
!
router ospf 100 vrf cnc1
 log-adjacency-changes
 redistribute bgp 100 subnets
 network 10.0.0.0 0.255.255.255 area 0
 network 192.0.0.0 0.255.255.255 area 0
!
router ospf 1
 log-adjacency-changes
 network 192.168.10.16 0.0.0.3 area 0
 network 192.168.100.5 0.0.0.0 area 0
!
router bgp 100
 bgp log-neighbor-changes
 neighbor 192.168.100.1 remote-as 100
 neighbor 192.168.100.1 update-source Loopback0
 !
 address-family ipv4
 neighbor 192.168.100.1 activate
 no auto-summary
 no synchronization
 exit-address-family
 !
 address-family vpnv4
 neighbor 192.168.100.1 activate
 neighbor 192.168.100.1 send-community both
 exit-address-family
 !
 address-family ipv4 vrf cnc1
 redistribute connected
 redistribute ospf 100 vrf cnc1 match internal external 1 external 2
 no synchronization
 exit-address-family
!
mpls ldp router-id Loopback0 force
!
end

cnc6#

----------------------------------------------------------------
cnc2#sh ip bgp vpnv4 rd 100:1 10.14.200.2
BGP routing table entry for 100:1:10.14.200.2/32, version 8
Paths: (1 available, best #1, table cnc1)
 Not advertised to any peer
 Local
 192.168.100.5 (metric 5) from 192.168.100.5 (192.168.100.5)
 Origin incomplete, metric 2, localpref 100, valid, internal, best
 Extended Community: RT:100:1 OSPF DOMAIN ID:0x0005:0x000000640200
 OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:192.168.10.21:0
 mpls labels in/out nolabel/23
cnc2#

cnc6#sh ip bgp vpnv4 rd 100:1 10.14.200.1
BGP routing table entry for 100:1:10.14.200.1/32, version 6
Paths: (1 available, best #1, table cnc1)
 Not advertised to any peer
 Local
 192.168.100.1 (metric 5) from 192.168.100.1 (192.168.100.1)
 Origin incomplete, metric 2, localpref 100, valid, internal, best
 Extended Community: RT:100:1 OSPF DOMAIN ID:0x0005:0x000000640200
 OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:192.168.10.2:0
 mpls labels in/out nolabel/23
cnc6#
----------------------------------------------------------------
cnc2#sh ip ospf | begin ospf 100

 Routing Process "ospf 100" with ID 192.168.10.2
 Domain ID type 0x0005, value 0.0.0.100
 Start time: 00:02:18.012, Time elapsed: 00:56:56.804
 Supports only single TOS(TOS0) routes
 Supports opaque LSA
 Supports Link-local Signaling (LLS)
 Supports area transit capability
 Connected to MPLS VPN Superbackbone, VRF cnc1
 It is an area border and autonomous system boundary router
 Redistributing External Routes from,
 bgp 100, includes subnets in redistribution
 Router is not originating router-LSAs with maximum metric
 Initial SPF schedule delay 5000 msecs
 Minimum hold time between two consecutive SPFs 10000 msecs
 Maximum wait time between two consecutive SPFs 10000 msecs
 Incremental-SPF disabled
 Minimum LSA interval 5 secs
 Minimum LSA arrival 1000 msecs
 LSA group pacing timer 240 secs
 Interface flood pacing timer 33 msecs
 Retransmission pacing timer 66 msecs
 Number of external LSA 0. Checksum Sum 0x000000
 Number of opaque AS LSA 0. Checksum Sum 0x000000
 Number of DCbitless external and opaque AS LSA 0
 Number of DoNotAge external and opaque AS LSA 0
 Number of areas in this router is 1. 1 normal 0 stub 0 nssa
 Number of areas transit capable is 0
 External flood list length 0
 IETF NSF helper support enabled
 Cisco NSF helper support enabled
 Area BACKBONE(0)
 Number of interfaces in this area is 1
 Area has no authentication
 SPF algorithm last executed 00:55:55.720 ago
 SPF algorithm executed 3 times
 Area ranges are
 Number of LSA 5. Checksum Sum 0x02C13F
 Number of opaque link LSA 0. Checksum Sum 0x000000
 Number of DCbitless LSA 0
 Number of indication LSA 0
 Number of DoNotAge LSA 0
 Flood list length 0

cnc2#

cnc6#sh ip ospf | begin ospf 100
 Routing Process "ospf 100" with ID 192.168.10.21
 Domain ID type 0x0005, value 0.0.0.100
 Start time: 00:02:13.216, Time elapsed: 00:57:48.496
 Supports only single TOS(TOS0) routes
 Supports opaque LSA
 Supports Link-local Signaling (LLS)
 Supports area transit capability
 Connected to MPLS VPN Superbackbone, VRF cnc1
 It is an area border and autonomous system boundary router
 Redistributing External Routes from,
 bgp 100, includes subnets in redistribution
 Router is not originating router-LSAs with maximum metric
 Initial SPF schedule delay 5000 msecs
 Minimum hold time between two consecutive SPFs 10000 msecs
 Maximum wait time between two consecutive SPFs 10000 msecs
 Incremental-SPF disabled
 Minimum LSA interval 5 secs
 Minimum LSA arrival 1000 msecs
 LSA group pacing timer 240 secs
 Interface flood pacing timer 33 msecs
 Retransmission pacing timer 66 msecs
 Number of external LSA 0. Checksum Sum 0x000000
 Number of opaque AS LSA 0. Checksum Sum 0x000000
 Number of DCbitless external and opaque AS LSA 0
 Number of DoNotAge external and opaque AS LSA 0
 Number of areas in this router is 1. 1 normal 0 stub 0 nssa
 Number of areas transit capable is 0
 External flood list length 0
 IETF NSF helper support enabled
 Cisco NSF helper support enabled
 Area BACKBONE(0)
 Number of interfaces in this area is 1
 Area has no authentication
 SPF algorithm last executed 00:56:46.648 ago
 SPF algorithm executed 3 times
 Area ranges are
 Number of LSA 5. Checksum Sum 0x02A697
 Number of opaque link LSA 0. Checksum Sum 0x000000
 Number of DCbitless LSA 0
 Number of indication LSA 0
 Number of DoNotAge LSA 0
 Flood list length 0

cnc6#
----------------------------------------------------------------
cnc2#sh ip bgp summary
BGP router identifier 192.168.100.1, local AS number 100
BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.100.5   4   100      86      85        1    0    0 01:21:20        0
cnc2#
----------------------------------------------------------------
cnc6#sh ip bgp summary
BGP router identifier 192.168.100.5, local AS number 100
BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.100.1   4   100      85      86        1    0    0 01:21:09        0
cnc6#
----------------------------------------------------------------
!                 Separate Routing Tables at PE                !
----------------------------------------------------------------
!                 Customer Specific Routing Table              !
----------------------------------------------------------------
cnc2#sh ip route vrf cnc1

Routing Table: cnc1
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
 D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
 E1 - OSPF external type 1, E2 - OSPF external type 2
 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
 ia - IS-IS inter area, * - candidate default, U - per-user static route
 o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

 192.168.10.0/30 is subnetted, 2 subnets
C       192.168.10.0 is directly connected, GigabitEthernet1/0
B       192.168.10.20 [200/0] via 192.168.100.5, 00:00:38
 10.0.0.0/32 is subnetted, 2 subnets
O       10.14.200.1 [110/2] via 192.168.10.1, 00:00:54, GigabitEthernet1/0
B       10.14.200.2 [200/2] via 192.168.100.5, 00:00:38
cnc2#
----------------------------------------------------------------
cnc6#sh ip route vrf cnc1

Routing Table: cnc1
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
 D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
 E1 - OSPF external type 1, E2 - OSPF external type 2
 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
 ia - IS-IS inter area, * - candidate default, U - per-user static route
 o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

 192.168.10.0/30 is subnetted, 2 subnets
B       192.168.10.0 [200/0] via 192.168.100.1, 01:14:18
C       192.168.10.20 is directly connected, GigabitEthernet2/0
 10.0.0.0/32 is subnetted, 2 subnets
B       10.14.200.1 [200/2] via 192.168.100.1, 01:14:18
O       10.14.200.2 [110/2] via 192.168.10.22, 01:17:56, GigabitEthernet2/0
cnc6#
----------------------------------------------------------------
!                   Global Routing Table                        !
----------------------------------------------------------------
cnc2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
 D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
 E1 - OSPF external type 1, E2 - OSPF external type 2
 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
 ia - IS-IS inter area, * - candidate default, U - per-user static route
 o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

 192.168.10.0/30 is subnetted, 4 subnets
C       192.168.10.4 is directly connected, GigabitEthernet2/0
O       192.168.10.8 [110/2] via 192.168.10.6, 00:00:36, GigabitEthernet2/0
O       192.168.10.12 [110/3] via 192.168.10.6, 00:00:26, GigabitEthernet2/0
O       192.168.10.16 [110/4] via 192.168.10.6, 00:00:26, GigabitEthernet2/0
 192.168.100.0/32 is subnetted, 5 subnets
O       192.168.100.4 [110/4] via 192.168.10.6, 00:00:26, GigabitEthernet2/0
O       192.168.100.5 [110/5] via 192.168.10.6, 00:00:26, GigabitEthernet2/0
C       192.168.100.1 is directly connected, Loopback0
O       192.168.100.2 [110/2] via 192.168.10.6, 00:00:36, GigabitEthernet2/0
O       192.168.100.3 [110/3] via 192.168.10.6, 00:00:36, GigabitEthernet2/0
cnc2#
----------------------------------------------------------------
cnc6#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
 D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
 E1 - OSPF external type 1, E2 - OSPF external type 2
 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
 ia - IS-IS inter area, * - candidate default, U - per-user static route
 o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

 192.168.10.0/30 is subnetted, 4 subnets
O       192.168.10.4 [110/4] via 192.168.10.17, 01:16:21, GigabitEthernet1/0
O       192.168.10.8 [110/3] via 192.168.10.17, 01:17:19, GigabitEthernet1/0
O       192.168.10.12 [110/2] via 192.168.10.17, 01:17:43, GigabitEthernet1/0
C       192.168.10.16 is directly connected, GigabitEthernet1/0
 192.168.100.0/32 is subnetted, 5 subnets
O       192.168.100.4 [110/2] via 192.168.10.17, 01:17:43, GigabitEthernet1/0
C       192.168.100.5 is directly connected, Loopback0
O       192.168.100.1 [110/5] via 192.168.10.17, 01:16:21, GigabitEthernet1/0
O       192.168.100.2 [110/4] via 192.168.10.17, 01:16:21, GigabitEthernet1/0
O       192.168.100.3 [110/3] via 192.168.10.17, 01:17:19, GigabitEthernet1/0
cnc6#
----------------------------------------------------------------
!                 Customer Edge Routing Table                  !
----------------------------------------------------------------
cnc1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
 D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
 E1 - OSPF external type 1, E2 - OSPF external type 2
 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
 ia - IS-IS inter area, * - candidate default, U - per-user static route
 o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

 192.168.10.0/30 is subnetted, 2 subnets
C       192.168.10.0 is directly connected, GigabitEthernet1/0
O IA    192.168.10.20 [110/2] via 192.168.10.2, 00:01:24, GigabitEthernet1/0
 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       10.14.200.0/24 is directly connected, Loopback0
O IA    10.14.200.2/32 [110/3] via 192.168.10.2, 00:01:24, GigabitEthernet1/0
cnc1#
----------------------------------------------------------------
cnc7#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
 D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
 E1 - OSPF external type 1, E2 - OSPF external type 2
 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
 ia - IS-IS inter area, * - candidate default, U - per-user static route
 o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

 192.168.10.0/30 is subnetted, 2 subnets
O IA    192.168.10.0 [110/2] via 192.168.10.21, 00:01:13, GigabitEthernet2/0
C       192.168.10.20 is directly connected, GigabitEthernet2/0
 10.0.0.0/32 is subnetted, 2 subnets
O IA    10.14.200.1 [110/3] via 192.168.10.21, 00:01:13, GigabitEthernet2/0
C       10.14.200.2 is directly connected, Loopback0
cnc7#

----------------------------------------------------------------
!                   Global Forwarding Table                    !
----------------------------------------------------------------
cnc2#sh ip cef
Prefix               Next Hop             Interface
0.0.0.0/0            no route
0.0.0.0/8            drop
0.0.0.0/32           receive
127.0.0.0/8          drop
192.168.10.4/30      attached             GigabitEthernet2/0
192.168.10.4/32      receive              GigabitEthernet2/0
192.168.10.5/32      receive              GigabitEthernet2/0
192.168.10.6/32      attached             GigabitEthernet2/0
192.168.10.7/32      receive              GigabitEthernet2/0
192.168.10.8/30      192.168.10.6         GigabitEthernet2/0
192.168.10.12/30     192.168.10.6         GigabitEthernet2/0
192.168.10.16/30     192.168.10.6         GigabitEthernet2/0
192.168.100.1/32     receive              Loopback0
192.168.100.2/32     192.168.10.6         GigabitEthernet2/0
192.168.100.3/32     192.168.10.6         GigabitEthernet2/0
192.168.100.4/32     192.168.10.6         GigabitEthernet2/0
192.168.100.5/32     192.168.10.6         GigabitEthernet2/0
224.0.0.0/4          drop
224.0.0.0/24         receive
240.0.0.0/4          drop
255.255.255.255/32   receive
cnc2#
----------------------------------------------------------------
cnc6#sh ip cef
Prefix               Next Hop             Interface
0.0.0.0/0            no route
0.0.0.0/8            drop
0.0.0.0/32           receive
127.0.0.0/8          drop
192.168.10.4/30      192.168.10.17        GigabitEthernet1/0
192.168.10.8/30      192.168.10.17        GigabitEthernet1/0
192.168.10.12/30     192.168.10.17        GigabitEthernet1/0
192.168.10.16/30     attached             GigabitEthernet1/0
192.168.10.16/32     receive              GigabitEthernet1/0
192.168.10.17/32     attached             GigabitEthernet1/0
192.168.10.18/32     receive              GigabitEthernet1/0
192.168.10.19/32     receive              GigabitEthernet1/0
192.168.100.1/32     192.168.10.17        GigabitEthernet1/0
192.168.100.2/32     192.168.10.17        GigabitEthernet1/0
192.168.100.3/32     192.168.10.17        GigabitEthernet1/0
192.168.100.4/32     192.168.10.17        GigabitEthernet1/0
192.168.100.5/32     receive              Loopback0
224.0.0.0/4          drop
224.0.0.0/24         receive
240.0.0.0/4          drop
255.255.255.255/32   receive
cnc6#
----------------------------------------------------------------
!                   VRF Forwarding Table                       !
----------------------------------------------------------------
cnc2#sh ip cef vrf cnc1
Prefix               Next Hop             Interface
0.0.0.0/0            no route
0.0.0.0/8            drop
0.0.0.0/32           receive
10.14.200.1/32       192.168.10.1         GigabitEthernet1/0
10.14.200.2/32       192.168.10.6         GigabitEthernet2/0
127.0.0.0/8          drop
192.168.10.0/30      attached             GigabitEthernet1/0
192.168.10.0/32      receive              GigabitEthernet1/0
192.168.10.1/32      attached             GigabitEthernet1/0
192.168.10.2/32      receive              GigabitEthernet1/0
192.168.10.3/32      receive              GigabitEthernet1/0
192.168.10.20/30     192.168.10.6         GigabitEthernet2/0
224.0.0.0/4          drop
224.0.0.0/24         receive
240.0.0.0/4          drop
255.255.255.255/32   receive
cnc2#
----------------------------------------------------------------
cnc6#sh ip cef vrf cnc1
Prefix               Next Hop             Interface
0.0.0.0/0            no route
0.0.0.0/8            drop
0.0.0.0/32           receive
10.14.200.1/32       192.168.10.17        GigabitEthernet1/0
10.14.200.2/32       192.168.10.22        GigabitEthernet2/0
127.0.0.0/8          drop
192.168.10.0/30      192.168.10.17        GigabitEthernet1/0
192.168.10.20/30     attached             GigabitEthernet2/0
192.168.10.20/32     receive              GigabitEthernet2/0
192.168.10.21/32     receive              GigabitEthernet2/0
192.168.10.22/32     attached             GigabitEthernet2/0
192.168.10.23/32     receive              GigabitEthernet2/0
224.0.0.0/4          drop
224.0.0.0/24         receive
240.0.0.0/4          drop
255.255.255.255/32   receive
cnc6#
----------------------------------------------------------------
!    MPLS-VPN Forwarding Plane Packet Forwarding               !
----------------------------------------------------------------
-PE1 imposes two labels (MPLS headers) for each packet going to
 the VPN destination 10.14.200.2
 Outer label is LDP learned; Corresponds derived from an IGP route
 Inner label is learned via MP-BGP; corresponds to the VPN address
-PE2 recovers the IP packet (from the received MPLS packet)
 and forwards it to CE2.
----------------------------------------------------------------







----------------------------------------------------------------

cnc2#sh ip bgp vpnv4 rd 100:1 labels
 Network          Next Hop      In label/Out label
Route Distinguisher: 100:1 (cnc1)
 10.14.200.1/32   192.168.10.1    23/nolabel
 10.14.200.2/32   192.168.100.5   nolabel/23
 192.168.10.0/30  0.0.0.0         24/nolabel(cnc1)
 192.168.10.20/30 192.168.100.5   nolabel/24

cnc2#

cnc2#show mpls ip binding 192.168.100.5 255.255.255.255
 192.168.100.5/32
 in label:     18
 out label:    17        lsr: 192.168.100.2:0  inuse
cnc2#

cnc3#show mpls ip binding 192.168.100.5 255.255.255.255
 192.168.100.5/32
 in label:     17
 out label:    16        lsr: 192.168.100.3:0  inuse
 out label:    18        lsr: 192.168.100.1:0
cnc3#

cnc4#show mpls ip binding 192.168.100.5 255.255.255.255
 192.168.100.5/32
 in label:     16
 out label:    16        lsr: 192.168.100.4:0  inuse
 out label:    17        lsr: 192.168.100.2:0
cnc4#

cnc5#show mpls ip binding 192.168.100.5 255.255.255.255
 192.168.100.5/32
 in label:     16
 out label:    imp-null  lsr: 192.168.100.5:0  inuse
 out label:    16        lsr: 192.168.100.3:0
cnc5#

cnc6#sho mpls forwarding-table
Local  Outgoing      Prefix            Bytes Label   Outgoing   Next Hop
Label  Label or VC   or Tunnel Id      Switched      interface
16     Pop Label     192.168.100.4/32  0             Gi1/0      192.168.10.17
17     Pop Label     192.168.10.12/30  0             Gi1/0      192.168.10.17
18     17            192.168.100.3/32  0             Gi1/0      192.168.10.17
19     18            192.168.10.8/30   0             Gi1/0      192.168.10.17
20     19            192.168.100.2/32  0             Gi1/0      192.168.10.17
21     20            192.168.100.1/32  0             Gi1/0      192.168.10.17
22     21            192.168.10.4/30   0             Gi1/0      192.168.10.17
23     No Label      10.14.200.2/32[V] 3326          Gi2/0      192.168.10.22
24     No Label      192.168.10.20/30[V]   \
 0             aggregate/cnc1
cnc6#

----------------------------------------------------------------
!                Testing and Verification                      !
----------------------------------------------------------------

cnc1#ping 10.14.200.2 source 10.14.200.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.14.200.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 484/604/884 ms

cnc1#traceroute 10.14.200.2 source 10.14.200.1

Type escape sequence to abort.
Tracing the route to 10.14.200.2

 1 192.168.10.2 184 msec 108 msec 120 msec
 2 192.168.10.6 [MPLS: Labels 17/23 Exp 0] 524 msec 504 msec 508 msec
 3 192.168.10.10 [MPLS: Labels 16/23 Exp 0] 408 msec 752 msec 440 msec
 4 192.168.10.14 [MPLS: Labels 16/23 Exp 0] 876 msec *  1172 msec
 5 192.168.10.21 [MPLS: Label 23 Exp 0] 480 msec 412 msec 452 msec
 6 192.168.10.22 624 msec 536 msec 528 msec
cnc1#

cnc1#telnet 10.14.200.2
Trying 10.14.200.2 ... Open

User Access Verification

Password:
cnc7>
----------------------------------------------------------------
cnc7#ping 10.14.200.1 source 10.14.200.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.14.200.1, timeout is 2 seconds:
Packet sent with a source address of 10.14.200.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 384/442/532 ms

cnc7#traceroute 10.14.200.1 source 10.14.200.2

Type escape sequence to abort.
Tracing the route to 10.14.200.1

 1 192.168.10.21 100 msec 180 msec 96 msec
 2 192.168.10.17 [MPLS: Labels 19/23 Exp 0] 480 msec 536 msec 408 msec
 3 192.168.10.13 [MPLS: Labels 20/23 Exp 0] 528 msec 412 msec 576 msec
 4 192.168.10.9 [MPLS: Labels 16/23 Exp 0] 696 msec 460 msec 456 msec
 5 192.168.10.2 [MPLS: Label 23 Exp 0] 456 msec 436 msec 356 msec
 6 192.168.10.1 484 msec 1352 msec *
cnc7#

cnc7#telnet 10.14.200.1
Trying 10.14.200.1 ... Open

User Access Verification

Password:
cnc1>

----------------------------------------------------------------
ref:
[1].Deploying MPLS VPN Networks,
anonymous, url:http://www.google.com, (juni 2010)
[2].Ivan,Pepelnjak, Guichard,Jim. 2001."MPLS and VPN Architectures".
Penerbit Ciscopress.com
[3].Cisco IOS Multiprotocol Label Switching Configuration Guide
Release 12.4T, url:http://www.cisco.com, (juni 2010)
[4]Rasyid,Rafdian.EXPERIMENT Cisco MPLS-L3VPN Dengan GNS3,
URL http://www.ilmukomputer.com,(Februari 2010)   
[5].http://www.ccie18473.net
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: