Community ForumCommunity Wiki * Blog Home  * Log in
« »

MPLS VPN with OPSF and OSPF-Sham Link Customers

posted in Cisco Networking, Technical
by on November 1st, 2010 tags: , , ,


Objectives

Company 1 and Company 2 have decided to sign up with ISP for their MPLS VPN service to connect their two sites. CE routers IP addresses and routing protocols are already configured. ISP already has MPLS and iBGP peering between the PE routers configured.

We will complete these six steps to complete and verify the setup of a MPLS VPN for C1 and C2:

  1. Configure C1 and C2 VRFs on PE1 and PE2 router. Assign a RD and RT for each VRF
  2. Configure PE1 and PE2 CE-facing interfaces
  3. PE-CE routing protocol setup
  4. MP-BGP IPv4 address family configuration
  5. OSPF sham link configuration
  6. Verification of configuration for both C1 and C2

Topology

MPLS VPN OSPF and OSPF with sham link

Step 1

We need to setup the VRF information for the two customers, including assigning a RD and RT for each customer.

PE1(config)#ip vrf C1
PE1(config-vrf)# rd 65001:1
PE1(config-vrf)# route-target export 65001:1
PE1(config-vrf)# route-target import 65001:1
PE1(config-vrf)#ip vrf C2
PE1(config-vrf)# rd 65001:2
PE1(config-vrf)# route-target export 65001:2
PE1(config-vrf)# route-target import 65001:2
PE2(config)#ip vrf C1
PE2(config-vrf)# rd 65001:1
PE2(config-vrf)# route-target export 65001:1
PE2(config-vrf)# route-target import 65001:1
PE2(config-vrf)#ip vrf C2
PE2(config-vrf)# rd 65001:2
PE2(config-vrf)# route-target export 65001:2
PE2(config-vrf)# route-target import 65001:2

Step 2

Next, we configure IP addressing and put CE-facing interfaces on the PE routers into the VRFs for the customer.

PE1(config)#interface FastEthernet0/0
PE1(config-if)# ip vrf forwarding C1
PE1(config-if)# ip address 172.17.0.0 255.255.255.254
PE1(config-if)# no shutdown
PE1(config-if)#interface FastEthernet2/0
PE1(config-if)# ip vrf forwarding C2
PE1(config-if)# ip address 172.17.0.4 255.255.255.254
PE1(config-if)# no shutdown
PE2(config-vrf)#interface FastEthernet0/0
PE2(config-if)# ip vrf forwarding C1
PE2(config-if)# ip address 172.17.0.2 255.255.255.254
PE2(config-if)# no shutdown
PE2(config-if)#interface FastEthernet1/0
PE2(config-if)# ip vrf forwarding C2
PE2(config-if)# ip address 172.17.0.6 255.255.255.254
PE2(config-if)# no shutdown

Step 3

Now we configure the PE-CE routing protocol.

PE1(config)#router ospf 1 vrf C1
PE1(config-router)# redistribute bgp 65001 subnets
PE1(config-router)# network 172.17.0.0 0.0.0.0 area 0
PE1(config-router)#router ospf 2 vrf C2
PE1(config-router)# redistribute bgp 65001 subnets
PE1(config-router)# network 172.17.0.4 0.0.0.0 area 0
PE2(config)#router ospf 1 vrf C1
PE2(config-router)# redistribute bgp 65001 subnets
PE2(config-router)# network 172.17.0.2 0.0.0.0 area 0
PE2(config-router)#router ospf 2 vrf C2
PE2(config-router)# redistribute bgp 65001 subnets
PE2(config-router)# network 172.17.0.6 0.0.0.0 area 0

Step 4

MP-BGP IPv4 address family setup is next.

PE1(config)#router bgp 65001
PE1(config-router)# address-family ipv4 vrf C1
PE1(config-router-af)# redistribute connected
PE1(config-router-af)# redistribute ospf 1 vrf C1
PE1(config-router-af)# address-family ipv4 vrf C2
PE1(config-router-af)# redistribute connected
PE1(config-router-af)# redistribute ospf 2 vrf C2
PE2(config)#router bgp 65001
PE2(config-router)# address-family ipv4 vrf C1
PE2(config-router-af)# redistribute connected
PE2(config-router-af)# redistribute ospf 1 vrf C1
PE2(config-router)# address-family ipv4 vrf C2
PE2(config-router-af)# redistribute connected
PE2(config-router-af)# redistribute ospf 2 vrf C2

Step 5

Customer 2′s backup link between site 1 and site 2 is preferred over the MPLS VPN because the backup link learned routes are considered an Intra-area route and the MPLS VPN learned routes are considered an Inter-area route. To prefer the MPLS VPN learned routes a sham link is created on the PE routers and the backup links interfaces have their OSPF cost raised.

PE1(config)#interface Loopback1
PE1(config-if)# ip vrf forwarding C2
PE1(config-if)# ip address 2.2.2.1 255.255.255.255
PE1(config-if)# router bgp 65001
PE1(config-router)# address-family ipv4 vrf C2
PE1(config-router-af)# network 2.2.2.1 mask 255.255.255.255
PE2(config)#interface Loopback1
PE2(config-if)# ip vrf forwarding C2
PE2(config-if)# ip address 2.2.2.2 255.255.255.255
PE2(config-if)#router bgp 65001
PE2(config-router)# address-family ipv4 vrf C2
PE2(config-router-af)# network 2.2.2.2 mask 255.255.255.255
C2S1(config)#interface FastEthernet1/0
C2S1(config-if)# ip ospf cost 500
C2S2(config)#interface FastEthernet1/0
C2S2(config-if)# ip ospf cost 500

Step 6

Lastly we verify that everything is working and prefering the correct paths. We can run a traceroute to do this.

C1S1#traceroute 10.0.1.1 numeric

Type escape sequence to abort.
Tracing the route to 10.0.1.1

  1 172.17.0.0 12 msec 36 msec 20 msec
  2 172.16.1.0 [MPLS: Labels 17/19 Exp 0] 12 msec 32 msec 16 msec
  3 172.17.0.2 [MPLS: Label 19 Exp 0] 24 msec 24 msec 20 msec
  4 172.17.0.3 12 msec *  60 msec
C2S2#traceroute 192.168.0.1 numeric

Type escape sequence to abort.
Tracing the route to 192.168.0.1

  1 172.17.0.6 28 msec 28 msec 8 msec
  2 172.16.1.2 [MPLS: Labels 16/24 Exp 0] 44 msec 12 msec 32 msec
  3 172.17.0.4 [MPLS: Label 24 Exp 0] 28 msec 16 msec 16 msec
  4 172.17.0.5 20 msec *  20 msec

Appears the sham link is working perfectly. The traceroute shows the traffic going over the MPLS VPN to reach C2S1.

Other useful commands to verify.

PE1#show ip ospf sham-links 
Sham Link OSPF_SL0 to address 2.2.2.2 is up
Area 0 source address 2.2.2.1
  Run as demand circuit
  DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40,
    Hello due in 00:00:04
    Adjacency State FULL (Hello suppressed)
    Index 2/2, retransmission queue length 0, number of retransmission 0
    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
    Last retransmission scan length is 0, maximum is 0
    Last retransmission scan time is 0 msec, maximum is 0 msec
PE1#show ip bgp vpnv4 all labels
   Network          Next Hop      In label/Out label
Route Distinguisher: 65001:1 (C1)
   10.0.0.0/24      172.17.0.1      19/nolabel
   10.0.1.0/24      1.1.1.3         nolabel/19
   172.17.0.0/31    0.0.0.0         20/aggregate(C1)
   172.17.0.2/31    1.1.1.3         nolabel/20
Route Distinguisher: 65001:2 (C2)
   2.2.2.1/32       0.0.0.0         21/aggregate(C2)
   2.2.2.2/32       1.1.1.3         nolabel/21
   172.17.0.4/31    0.0.0.0         22/aggregate(C2)
   172.17.0.6/31    1.1.1.3         nolabel/23
   192.168.0.0      172.17.0.5      24/nolabel
   192.168.1.0      1.1.1.3         nolabel/25
   192.168.200.0/31 1.1.1.3         26/26
                    172.17.0.5      26/nolabel
PE1#show ip vrf detail C2
VRF C2; default RD 65001:2; default VPNID 
  Interfaces:
    Lo1                      Fa2/0                   
  Connected addresses are not in global routing table
  Export VPN route-target communities
    RT:65001:2              
  Import VPN route-target communities
    RT:65001:2              
  No import route-map
  No export route-map
  VRF label distribution protocol: not configured

Comments

A thread has been created on the site forum specifically for commenting on this blog post.

Files

starting configs
final configs
.net file