Categories R&S

VPN technologies – MPLS-L3VPN – PE-CE routing

In this post I will add a customer to the MPLS-VPN network.

Customer1 will have a router connected to R5 (CE11) and a second router (CE12) connected to R6.

 

MPLS-L3VPN – PE-CE routing

 

VPN technologies – MPLS-L3VPN – PE-CE routing – configuration:

 

VRF configuration:

First we need to configured a VRF for our customer on all the PE routers.

This is done by configuring a route distinguisher and a route target for this customer.

R5(config)#vrf definition CUST1
R5(config-vrf)#address-family ipv4
R5(config-vrf)#rd 65101:1
R5(config-vrf)#route-target both 65101:1

 

Now we assign the interface of the PE that face CE11 and CE12 in the VRF and we define an IP address for this interface.

R5(config)#int Ethernet1/0
R5(config-if)#vrf forwarding CUST1
R5(config-if)#ip add 10.100.1.0 255.255.255.254

 

I use the same configuration for the interface between R6 and CE12.

 

PE-CE routing protocol configuration:

It’s time to configure the connectivity between the two CE router.

For this, we need to configure a routing protocol between the CE and the PE.

 

For Customer 1, we will use BGP as the PE-CE protocol.

Here is the configuration on R5. Note that the as-override command is important, without it, it won’t work.

R5(config)#router bgp 65010
R5(config-router)#address-family ipv4 unicast vrf CUST1
R5(config-router-af)#neighbor 10.100.1.1 remote-as 65101
R5(config-router-af)#neighbor 10.100.1.1 as-override

 

On CE11, we configure BGP. I’m also advertising CE11 loopback into BGP.

CE11(config)#router bgp 65101
CE11(config-router)#network 192.168.11.1 mask 255.255.255.255
CE11(config-router)#neigh 10.100.1.0 remote-as 65010

 

Configuration is the same on R6 and CE12.

 

And there it is, from CE11 we can ping the loopback interface of CE12.

Traceroute is showing that we go through the MPLS network.

CE11#ping 192.168.11.2 so lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.11.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

CE11#traceroute 192.168.11.2 so lo0
Type escape sequence to abort.
Tracing the route to 192.168.11.2
VRF info: (vrf in name/id, vrf out name/id)
  1 10.100.1.0 1 msec 0 msec 0 msec
  2 10.10.20.0 [MPLS: Labels 25/16 Exp 0] 1 msec 1 msec 0 msec
  3 10.10.10.3 [MPLS: Labels 16/16 Exp 0] 0 msec 1 msec 1 msec
  4 10.100.1.2 [MPLS: Label 16 Exp 0] 1 msec 0 msec 1 msec
  5 10.100.1.3 1 msec *  1 msec

 

It’s cool for the traceroute command to show the MPLS network.

However that’s not really something that you want in a production environment.

With this your customer is able to see your internal IPs and the number of hop within your MPLS network.

This can be hide by using the command ‘no mpls ip propagate-ttl’ on all the MPLS routers.

CE11#traceroute 192.168.11.2 so lo0
Type escape sequence to abort.
Tracing the route to 192.168.11.2
VRF info: (vrf in name/id, vrf out name/id)
  1 10.100.1.0 2 msec 0 msec 0 msec
  2 10.100.1.2 [MPLS: Label 16 Exp 0] 0 msec 5 msec 2 msec
  3 10.100.1.3 1 msec *  1 msec

 

It’s pretty cool to have a MPLS-L3VPN network working.

Even so there is more stuff that can be configured, I think that’s a good start.

 

In the next post, we will add a second customer to our MPLS-L3VPN network and use a different PE-CE protocol.

 

 

Thank you for reading.

 

Have a look at my previous VPN technologies posts :

VPN technologies – MPLS – Label Distribution Protocol

VPN technologies – MPLS-L3VPN – MP-BGP

 

 

VPN technologies – MPLS-L3VPN – PE-CE routing

Leave a Reply

Your email address will not be published.