A different method is needed in which a set of identifiers can be attached to a route

All right, icrvcd. MPLS .20-4-31 The RD (again, a single entity prepended to an IPv4 route) cannot indicate that a site participates in more than one VPN. A method is needed in which a set of VPN identifiers can be attached to a route to indicate its membership in several VPNs. RTs were introduced into the MPLS VPN architecture to support this requirement. Route Targets (Cont.) What Are They Mirni mini limn nil hum mini limn

A label can be removed one hop earlier

All rights reserved The figure illustrates how labels are propagated and used in a typical frame-mode MPLS network. The check marks show which tables are used on individual routers. The egress router in this example must do a lookup in the LFIB table to determine whether the label must be removed and if a further lookup in the FIB table is required. PHP removes the requirement for a double lookup to be performed on egress LSRs.

A label is removed on the router before the last hop within an MPLS domain

All right* reserved The figure illustrates how a predefined label pop, which corresponds to the pop action in the LFIB, is propagated on the first hop or the last hop, depending on the perspective. The term pop means to remove the top label in the MPLS label stack instead of swapping it with the next-hop label. The last router before the egress router therefore removes the top label. PHP slightly optimizes MPLS performance by eliminating one LFIB lookup.

A route is installed in the site VRF that matches the RT attribute

All right* reserve* MPLS .20-4-15 VPNv4 routes are installed into VRFs on the receiving PE router the incoming VPNv4 route is imported into the VRF only if at least one RT attached to the route matches at least one import RT configured in the VRF. The SOO attribute attached to the VPNv4 route controls the IPv4 route propagation to the CE routers. A route inserted into a VRF is not propagated to a CE router if the SOO attached to the route is equal to the SOO attribute...

A route that is matched by the export route map will have additional RTs attached

All right* reserved. MPLS v2.0 -12 To apply a route map in order to filter and modify exported routes, use the export map command in VRF configuration mode. To remove the route map from the VRF, use the no form of this command no export map route-> mip Specifies the name of the route map to be used. W 2003, Cisco System*, Inc. All right* reserved The example here mirrors the earlier example in this lesson. This time the configuration is implemented with an export...

A router requests a label for every destination in the routing table with the next hop reachable over an LCATM interface

All rights reserved. In the example here, a request is sent from router A to the ATM switch C. Because the ATM switch cannot perform IP lookups, the switch is not allowed to reply with the local label unless it already has the next-hop label. If switch C does not have the next-hop label, it must forward the request to the next downstream neighbor, ATM switch D. If switch D does not have the next-hop label, it must forward the request to the next downstream neighbor....

Access Vpn Vpdn provides dialup access into a customer network

All rights n MVML MPLS v2O 4- Another very popular VPN category classifies VPNs based on the business needs that they fulfill Intranet VPN Intranet VPNs connect sites within an organization. Security mechanisms are usually not deployed in an intranet, because all sites belong to the same organization. Extranet VPN Extranet VPNs connect different organizations. Extranets usually rely on security mechanisms to ensure the protection of participating individual...

Addressfamily

To enter the address family submode for configuring routing protocols, such as BGP, RIP, and static routing, use the address-family command in global configuration mode. To disable the address family submode for configuring routing protocols, use the no form of this command address-family vpnv4 unicast no address-family vpnv4 unicast address-family ipv4 unicast no address-family ipv4 unicast IPv4 unicast with CE router address-family ipv4 unicast vrf vrf-name no address-family ipv4 unicast vrf...

Addressfamily ipv4

To enter address family configuration mode for configuring routing sessions, such as BGP, that use standard IPv4 address prefixes, use the address-family ipv4 command in router configuration mode. To disable address family configuration mode, use the no form of this command address-family ipv4 multicast unicast vrf vrf-name no address-family ipv4 multicast unicast vrf vrf-name (Optional) Specifies IPv4 multicast address prefixes. (Optional) Specifies IPv4 unicast address prefixes. (Optional)...

After this operation the provider AS number is prepended to the AS path

All right* twerved. MPLS v2.0-5-M The modified AS path update procedure is called AS-override and is extremely simple The procedure is used only if the first AS number in the AS path is equal to the AS number of the receiving BGP router. In this case, all leading occurrences of the AS number of the receiving BGP router are replaced with the AS number of the sending BGP router. Occurrences further down the AS path of the AS number of the receiving router are not...

Aggregation should not be used where endtoend LSPs are required Mpls Vpn

All right i erved. MPLS V2.0-2-22 When cell-mode MPLS is used, ATM switches are IP-aware they run an IP routing protocol, and LDP or TDP, and are generally seen as IP routers. In reality, however, ATM switches are capable of forwarding only cells, not IP packets. Aggregation (or summarization) should not be used on ATM LSRs because it breaks LSPs in two, which means that ATM switches would have to perform Layer 3 lookups. Aggregation should also not be used where an...

All Internet traffic from all sites goes across the central site

All right reserved. MPLS V20-7-4 There are a number of benefits associated with the classical design It is a well-known setup used worldwide for Internet connectivity from a corporate network. Access to expertise needed to implement such a setup is thus simple and straightforward. There is only one interconnection point between the secure customer network and the Internet. Security of the Internet access needs to be managed only at this central point. The major...

All loopback interfaces are in one contiguous address block 192168254024

All right immvmL MPLS V2.0-3-17 The example here describes where conditional label advertising can be used. The existing network still performs normal IP routing, but the MPLS LSP tunnel between the loopback interfaces of the LSR routers is needed to enable MPLS Virtual Private Network (VPN) functionality. Using one contiguous block of IP addresses for loopbacks on provider edge (PE) routers can simplify the configuration of conditional advertising.

All nonBGP perVRF routes have to be redistributed into perVrf Bgp context to be propagated by MPBGP to other PE routers

All right* r MtvML MPLS .20-7-5 Select the VRF routing context with the address-family ipv4 vrf vrf-name command in the RIP and BGP routing processes. All per-VRF routing protocol parameters (network numbers, passive interfaces, neighbors, filters, and so on) are configured under this address family. Note Common parameters defined in router configuration mode are inherited by ail address families defined for this routing process and can be overridden for each individual...

Allocating a Label

Rnuti nq TaMp of A Rout1 ng Tabla of C Routing Tab la Df D Rnuti nq TaMp of A Rout1 ng Tabla of C Routing Tab la Df D The LFIB la actt-ally the AT-M jinitcliiiisriBtiriK- The LFIB la actt-ally the AT-M jinitcliiiisriBtiriK- The cgreEE ATM edge LSR allocates a Inhel und replied I'D the request An ATM KR can allocate in incoming label aftnr neMiviny sr omaolii ) It be l. Implies with Flloc TEri label tc the incoming mrjuest. The cgreEE ATM edge LSR allocates a Inhel und replied I'D the request W...

Allocating a Label Allocation Requests Additional LSRs

Routing Table of A Routing Ta hie of C Ru ntlng TeNs ol D Routing Table of A Routing Ta hie of C Ru ntlng TeNs ol D Each hp-summit. LSR will rrq jest from r ATM LSR a IdL> rI far The ATM LS R con I d rc use an I re a d y all tsted d miritr& arn I a be I f r the Each hp-summit. LSR will rrq jest from r ATM LSR a IdL> rI far The ATM LS R con I d rc use an I re a d y all tsted d miritr& arn I a be I f r the W 2003, Cisco Systems, Inc. All rights reserved The figure shows how another...

Allowasin Cont

Hinil III IUI lllllll IUI lllllll lllllll lllllll PE-1 announces network 10.1.0.0 16 to CE-BGP-A1. CE-BGP-A1 prepends its AS number to the AS path and propagates the prefix to PE-2. PE-2 drops the update because its AS number is already in the AS path. AS-override is needed on CE-BGP-A1, but that would require a Cisco IOS software upgrade on the CE router. PE-1 announces network 10.1.0.0 16 to CE-BGP-A1. CE-BGP-A1 prepends its AS number to the AS path and propagates the prefix to PE-2. PE-2...

Allowasin The issue

Not a usual setup-traffic between VPNs should not flow over the customer site. Sometimes used for enhanced security. 2003, Cisco Systems, Inc. All rights reserved In some security-conscious implementations, customer VPNs are linked by a customer router that performs security functions such as access filtering or access logging. Note This setup is not usual because it deviates from the basic goal of MPLS VPN replacing the hub-and-spoke routing of a traditional...

Alternatively only internal OSPF routes can be redistributed into MPBGP on the PE routers

All right. reserved MPLS .20-5-4 The OSPF tag field is present only in the external OSPF routes (type 5 LSA or type 7 LSA). This technique, therefore, cannot detect cross-domain loops involving internal OSPF routes. There are two manual methods that you can use to overcome this OSPF limitation You can set the tag field manually on the router, redistributing routes between OSPF domains using the redistribute ospf source-process-id tag value command. The PE router can be...

Am A

PEwgrl (config) ip vrf Internet PEwgl(config-vrf) route-target 100 600 PEwg1(config-vrf) rd 100 600 PEwgl(config) int S0 0.114 PEwg1(config-subif) ip vrf forwarding Internet Interface Serial0 0.114 IP address 150.wg.wg1.65 removed due to enabling VRF Internet PEwg1(config-subif) ip add 150.wg.wg1.65 255.255.255.240 PEwg1(config) router bgp 65001 PEwg1(config-router) no neighbor 150.wg.wg1.66 remote-as 650wg1 PEwg1(config-router) address-family ipv4 vrf Internet PEwg1(config-router-af) nei...

An ICMP timetolive exceeded message is sent to the source from router A

All right reserved. MPLS v20-2- The first traceroute packet (ICMP or User Datagram Protocol UDP ) that reaches the MPLS network is dropped on the first router (A), and an ICMP reply is sent to the source. This action results in an identification of router A by the traceroute application. Traceroute with Disabled TTL Propagation (Cont.)

An ICMP timetolive exceeded message is sent to the source from router D

All right icawved The traceroute application increases the initial TTL for every packet that it sends. The second packet, therefore, would be able to reach one hop farther (router B in the example). However, the TTL value is not copied into the TTL field of the label. Instead, router A sets the TTL field of the label to 255. Router B decreases the TTL of the label, and router C removes the label without copying it back into the IP TTL. Router D then decreases the...

An LDP session is established from the router with the higher IP address

In the figure, three out of four routers periodically send out LDP hello messages (the fourth router is not MPLS-enabled). Routers that have the higher IP addresses must initiate the TCP session. Note The highest IP address of all loopback interfaces is used, if no ioopback interfaces are configured on the router, then the highest IP address of a configured interface that was operational at LDP startup is used, After the TCP session is established, routers will keep sending LDP hello messages...

An LSP can take a different path from the one chosen by an IP routing protocol MPLS Traffic Engineering

All right reserved. MPLS v2.0-2-14 An LSP is a sequence of LSRs that forward labeled packets for a particular FEC. Each LSR swaps the top label in a packet traversing the LSP. An LSP is similar to Frame Relay or ATM virtual circuits. In cell-mode MPLS, an LSP vi a virtual circuit. In MPLS unicast IP forwarding, the FECs are determined by destination networks found in the main routing table. Therefore, an LSP is created for each entry found in the main routing table....

An LSR can assign a label only if it has already received a label from the nexthop LSR otherwise it must request a

All right* rwerved Ordered control mode is usually combined with downstream-on-demand propagation of labels, where a local label can be assigned and propagated only if a next-hop label is available. This requirement results in an ordered sequence of downstream requests until an LSR is found that already has a next-hop label or an LSR is reached that uses independent control mode. Although ordered control mode could be used with frame-mode MPLS, its use is mandatory...

Any number of RTs can be attached to a single route

All right* raMtved MPLS v2.0 -32 RTs are attributes that are attached to a VPNv4 BGP route to indicate its VPN membership. The extended BGP communities of a routing update is used to carry the RT of that update, thus identifying which VPN the update belongs to. As with standard BGP communities, a set of extended communities can be attached to a single BGP route, satisfying the requirements of complex VPN topologies. Extended BGP communities are 64-bit values. The...

Any other BGP attribute for example AS path local preference MED standard community

All right reserved. MPLS v2.0-4-13 An MP-BGP update exchange between PE routers contains the following Extended BGP communities (RTs required Site of Origin, or SOO, optional) Label used for VPN packet forwarding (the MPLS VPN Packet Forwarding lesson follows this lesson and explains how the label is used) Mandatory BGP attributes (for example, AS path) Optionally, the MP-BGP update can contain any other BGP attribute for example, local preference, multi-exit...

Are CE routes received by PE

Verify with show ip route vrf vrf-name on PE-1. Perform traditional routing protocol troubleshooting if needed. 2003, Chco Syatema, Inc. All right raerved. MPLS V2.0 -7 Routing information flow troubleshooting requires the verification of end-to-end routing information propagation between CE routers. The first step is to check the routing information exchange from CE routers to PE routers. Use the show ip route vrf vrf-name command to verify that the PE router receives customer routes from the...

Are large labeled packets propagated across the MPLS backbone maximum transmission unit issues

All right metved MPLS v20-5-5 Before you start in-depth MPLS VPN troubleshooting, you should ask the following standard MPLS troubleshooting questions Is CEF enabled on all routers in the transit path between the PE routers Are labels for BGP next hops generated and propagated Are there any maximum transmission unit (MTU) issues in the transit path (for example, LAN switches not supporting a jumbo Ethernet frame) MPLS VPN troubleshooting consists of two major steps...

Are routes redistributed into MPBGP with proper extended communities

Verify with show ip bgp vpnv4 vrf vrf-name ip-prefix on PE-1. Troubleshoot with debug ip bgp commands. 2003, Chco System*, Inc. All right* reserved. MPLS V20-S-8 The CE routes received by the PE router need to be redistributed into MP-BGP otherwise, they will not get propagated to other PE routers. Common configuration mistakes in this step include the following Failing to configure redistribution between the PE-CE routing protocol and the per-VRF routing context of the BGP Using a route map...

Are VPNv4 routes inserted into VRFs on PE2

Troubleshoot with show ip bgp ip-prefix and show ip vrf detail. Perform additional BGP troubleshooting if needed. 2003, Ctaco System , Inc. All right reserved. MPLS v20-6-11 The VPNv4 routes received by the PE router have to be inserted into the proper VRF. This insertion can be verified with the show ip route vrf command. Common configuration mistakes in this step include the following The wrong import RTs are configured in the VRF. The route map configured as...

Are VPNv4 routes propagated to other CE routers

Verify with show ip route on CE Spoke. Alternatively, does CE Spoke have a default route toward PE-2 Perform traditional routing protocol troubleshooting if needed. 2003, Chco Systems, Inc. All right* reserved. MPLS v2.0 -13 Last but not least, the routes redistributed into the PE-CE routing protocol have to be propagated to CE routers. You may also configure the CE routers with a default route toward the PE routers (see note). Use standard routing protocol troubleshooting techniques in this...

Are VPNv4 routes propagated to other PE routers

Verify with show ip bgp vpnv4 all ip-prefix length. Troubleshoot PE-to-PE connectivity with traditional BGP troubleshooting tools. 2043, Ctaco System*, Inc. All right* reserved. MPLS v20-5-9 The CE routes redistributed into MP-BGP need to be propagated to other PE routers. Verify proper route propagation with the show ip bgp vpnv4 all ip-prefix command on the remote PE router. Note Routes sent by the originating PE router might not be received by a remote PE router because of automatic RT-based...

Are VPNv4 routes redistributed from BGP into the PECE routing protocol

Verify redistribution configuration is the IGP metric specified Perform traditional routing protocol troubleshooting. 2003, Ctaco System , Inc. All right reserved. MPLS v2.0 6- Finally, the BGP routes received via MP-BGP and inserted into the VRF need to be redistributed into the PE-CE routing protocol. A number of common redistribution mistakes can occur here, starting with missing redistribution metrics. Refer to the Building Scalable Cisco Networks (BSCN) and Cisco Internetwork...

Areas could correspond to individual sites from Mpls Vpn perspective

All rl ts reserved The Open Shortest Path First (OSPF) routing protocol was designed to support hierarchical networks with a central backbone. The network running OSPF is divided into areas. All areas have to be directly connected to the backbone area (Area 0). The whole OSPF network (backbone area and any other areas connected to it) is called the OSPF domain. The OSPF areas in the customer network could correspond to individual sites, but there are also other...

As each virtual routing table requires a distinct RD value the number of RDs in the Mpls Vpn network increases

All right raMtved MPLS V20-4-3S A single virtual routing table can be used only for sites with identical connectivity requirements. Complex VPN topologies, therefore, require more than one virtual routing table per VPN. Note If sites with different requirements are associated with the same virtual routing table, some of them might be able to access destinations that should not be accessible to them. Because each virtual routing table requires a distinctive RD, the...

AS pathbased BGP loop prevention is bypassed with ASoverride and allowasin features

All right* reterved Most aspects of BGP loop prevention are bypassed when either the AS-override or the allowas-in feature is used. The routing information loops can still be detected by manually counting occurrences of an AS number in the AS path in an end-to-end BGP routing scenario then ensuring that the number field in the neighbor allowas-in command is set low enough to prevent loops. This ability to still detect loops can present a particular problem when BGP is...

Ask questions

All right reserved To take full advantage of the information presented in this course, you must have completed the prerequisite requirements. In class, you are expected to participate in all lesson exercises and assessments. In addition, you are encouraged to ask any questions relevant to the course materials. If you have pertinent information or questions concerning future Cisco product releases and product features, please discuss these topics during breaks or...

ASPath Prepending

Win mini mini ninii nun mini 1 & EJ f.c ilfflu - rami. Ijf vif Guat-jOitfir__A r.fiLghtjou LU.2C0.2.1. n t*-U 213 ncijfet 1Q . 2C0 .2 .1 activate f.c ilfflu - rami. Ijf vif Guat-jOitfir__A r.fiLghtjou LU.2C0.2.1. n t*-U 213 ncijfet 1Q . 2C0 .2 .1 activate PE-Site-Y replaces all occurrences of AS 213 with AS 115 in the AS path, prepends another copy of AS 115 to the AS path, and propagates the prefix. 2043, Ctaco System , Inc. All right reserved. MPLS v2.0-5-31 PE-Site-Y replaces all...

Assign interfaces to VRFs

All right metved MPLS v20-5-4 Configuring a VRF table and starting deployment of an MPLS VPN service for a customer consists of four mandatory steps Assign a unique RD to the VRF. Note You must assign a unique RD to every VRF created in a PE router. The same RD might be used in multiple PE routers, based on customer connectivity requirements. The same RD should be used on all PE routers for simple VPN service. Refer to the MPLS VPN Architecture module for more details...

Assigning an Interface to a VRF Table

This topic identifies the command syntax required to assign an interface to a VRF table. * Associates an interface with the specified VRF. * Existing IP address removed from the interface when interface is put into VRF IP address must be reconfigured. * CEF switching must be enabled on the interface. 2003, Cisco System , Inc. All right* reserved

ATM LSRs can swap a label with only one label Vpivci fields change

All right reserved. MPLS v20-4- An IP packet going through an MPLS domain experiences the following A label or a stack of labels is inserted (imposed) on an edge LSR. The top label is swapped with a next-hop label or a stack of labels on an LSR. The top label is removed on the LSP tunnel endpoint (usually one hop before the egress edge LSR or on the egress edge LSR itself). ATM LSRs support the swapping of only one label (normal ATM operation). On ingress, a label is...

ATM Virtual Path Usages Cont Example

All right* reserved W 2003, CImo Syatern*, Inc. All right* reserved To enable cell-mode MPLS across a virtual path, the control virtual circuit should use the VPI of the virtual path. A router or a switch will then establish an adjacency with a router or a switch on the other end of the virtual path. It is mandatory that the same VPI be used on both ends of the path because the VPI value is part of the LDP virtual path range negotiation. - Router to router (not...

Basic Lcatm Configuration

All right reserved W 2003, Cisco Sy*ten , Inc. All right reserved To enable cell-mode MPLS between a router and a switch, ensure that the router uses the MPLS type for the subinterface. For successful establishment of a label distribution session, both devices need to use the same protocol LDP (or TDP). Both devices should use the same parameters for the control virtual circuit (VPI VCI 0 32). There should be an intersection between the proposed ranges of VPI and VCI...

Basic MPLS Concepts Cont Example

Only edge routers must perform a routing lookup. Core routers switch packets based on simple label lookups and swap labels. W 2003, Cisco System , Inc. All right reserved The figure illustrates a situation where the intermediary router does not have to perform a time-consuming routing lookup. Instead, this router simply swaps a label with another label (25 is replaced by 23) and forwards the packet based on the received label (23). In larger networks, the result of MPLS labeling is that only...

Benefits and Drawbacks of VC Merge

The merging ATM LSR can reuse the same downstream label for multiple upstream LSRs. Buffering requirements increase on the ATM LSR. Jitter and delay across the ATM network increase. The ATM network is effectively transformed into a framemode MPLS network. 2043, Ctaco System*, Inc. All right* reserved. MPLS v20-2-30 The major benefit of VC merge is that it minimizes the number of labels (VPI VCI values) needed in the ATM part of the network. As identified in the first topic in this lesson,...

BGP Route Propagation Outbound

Pn te Two VPNs are attached to the same PE router. Each VPN is represented by a VRF. Two VPNs are attached to the same PE router. Each VPN is represented by a VRF. 2003, CImo Syatern*, Inc. All right* reserved This figure and the following figures illustrate the interactions between VRF instances of routing processes, VRF routing tables, and the global VPNv4 BGP routing process. The network contains two VPN customers. Ordinarily, the customer sites would be connected to a number of PE routers....

BGP Route Propagation Outbound Cont

Route distinguisher is prepended during route export to the BGP routes from VRF instance of BGP process to convert them into VPNv4 prefixes. Route targets are attached to these prefixes. VPNv4 prefixes are propagated to other PE routers. Route distinguisher is prepended during route export to the BGP routes from VRF instance of BGP process to convert them into VPNv4 prefixes. Route targets are attached to these prefixes. VPNv4 prefixes are propagated to other PE routers. W 2003, Cisco System ,...

BGP that supports address families other than IPv4 addresses is called Multiprotocol Bgp Mpbgp

All right metved MPLS v20-4-ft The RD is used only to transform nonunique 32-bit customer IP version 4 (IPv4) addresses into unique 96-bit VPNv4 addresses (also called VPN IPv4 addresses). VPNv4 addresses are exchanged only between PE routers they are never used between CE routers. BGP between PE routers must therefore support exchange of traditional IPv4 prefixes as well as exchange of VPNv4 prefixes. A BGP session between PE routers is consequently called a...

Bit TTL equal to the TTL in IP header

All right* reserved. MPLS v2.0 1-5 2003, Cisco System , Inc. All right* reserved. MPLS v2.0 1-5 A label contains these fields Label Fields Used to define a class of service (CoS) (IP precedence). MPLS allows multiple labels to be inserted this bit determines if this label is the last label in the packet. If this bit is set (1 ), it indicates that this is the last label. Has the same purpose as the TTL field in the IP header.

Both TCP and UDP use wellknown LDP port number 646 711 for TDP

All right reserved. MPLS v2.0-2-4 LDP is a standard protocol used to exchange labels between adjacent routers. TDP) is a Cisco proprietary protocol that has the same functionality as LDP. Although the remainder of this lesson will focus on LDP, it should be noted that TDP, as the predecessor of LDP, works in a similar fashion. LDP periodically sends hello messages. The hello messages use UDP packets with a multicast destination address of 224.0.0.2 (all routers on a...

Break and lunchroom locations

All right reserved The instructor will discuss the administrative issues noted here so you know exactly what to expect from the class. Starting and anticipated ending times of each class day Class breaks and lunch facilities Appropriate attire during class Materials you can expect to receive during class What to do in the event of an emergency How to send and receive telephone and fax messages This topic covers the suggested flow of the course materials. This topic...

CE routers run standard OSPF software

All right* reserved. MPLS v20-5-13 The goals that have to be met by the OSPF superbackbone are as follows The superbackbone shall not use standard OSPF-BGP redistribution. OSPF continuity must be provided between OSPF sites Internal OSPF routes must remain internal OSPF routes. External OSPF routes must remain external OSPF routes. Non-OSPF routes redistributed into OSPF must appear as external OSPF routes in OSPF. OSPF metrics and metric types (external 1 or external...

Cell Interleave Issues

Solution 1 Allocate a separate downstream label for each upstream request. Solution 1 Allocate a separate downstream label for each upstream request. Solution 2 Prevent cell interleave by blocking incoming cells until a whole frame is collected. 2003, Cisco System*, Inc. All right* reserved Analysis of the previous two figures reveals that an unusual situation has developed. Two virtual circuits from routers A and B (1 56 and 1 43) merge into one (2 82). Standard ATM virtual switching hardware...

Cell Interleave Issues Cont Additional Label Allocation

Routing) TsBle at A Routing TEble-sic Ranting able et D Routing) TsBle at A Routing TEble-sic Ranting able et D Routing Tabla nf B jJMwwt I una nap X C Thft ATV1 LSR nsiiiiFst.i- a new la hfl I from (Jowiisbnea m LSPa tor eve-y Up5l T5iri requit ThR iTI fgnws miit r has tri Unn tz a urLqu* Jabel tor every ATM in y re s s m gier for every d9 Sti n 31 Ion- W 2003, CI*co Sy tem , Inc. All right* reserved The figure illustrates the first option, where an additional LSP tunnel is created for the...

Cell Mode MPLS Network Issues

An MPLS label is encoded as the VPI VCI value in cell-mode MPLS networks. Each VPI VCI combination represents a virtual circuit in ATM. The number of virtual circuits supported by router and switch hardware is severely limited. Conclusion Labels in cell-mode MPLS are a scarce resource. 2003, Chco Systems, Inc. All rights reserved. MPLS V2.0-2-4 Cell-mode MPLS is significantly different from frame-mode MPLS because of some ATM- ATM uses cells and not frames. A single packet may be encapsulated...

Central Firewall Service Addressing

All customers have to use coordinated addresses, which can also be private. Central firewall provides NAT for all customers. W 2DOS, Cisco Systems, Inc. All rights reserved. The central firewall, hosted by the service provider, has to use public addresses toward the Internet. Private addresses can be used between the central firewall and the individual customers. However, these addresses need to be coordinated between the service provider and the customers to prevent routing conflicts and...

Central Services Extranet

Serried ekmiffei fcKi. unL-i lirftiEirnKtum W 2003, Cisco Systems, Inc. All rights reserved. The figure shows a central services extranet implementing international Voice over IP (VoIP) service. Every customer of this service can access voice gateways in various countries but cannot access other customers using the same service. Hybrid (Overlay + Peer-to-Peer) Implementation in mini mini mini nil iiiiiii mini iiiiiii ii c r The network diagram shows an interesting scenario where peer-to-peer...

Central Services VPN Data Flow Model

This topic describes the data flow within a central services VPN. This topic describes the data flow within a central services VPN. W 2003, Cisco Systems, Inc. All rights reserved. Client VRFs contain server routes clients can talk to servers. Server VRFs contain client routes servers can talk to clients. Client VRFs do not contain routes from other clients clients cannot communicate. Make sure there is no client-to-client leakage across server sites. W 2003, Cisco Systems, Inc. All rights...

Central Services VPN Routing

This topic describes the routing characteristics of a central services VPN. This topic describes the routing characteristics of a central services VPN. W 2003, Cisco Systems, Inc. All rights reserved. Client routes need to be exported to server site. Server routes need to be exported to client and server sites. No routes are exchanged between client sites. W 2003, Cisco Systems, Inc. All rights reserved. The figure illustrates the MPLS VPN routing model that is used to implement a central...

Check BGP connectivity with the show ip bgp summary command on the CE routers CEpop Ash ip bgp sum

BGP router identifier lO.l.pop.49, local AS number 65Opop BGP table version is lO, main routing table version lO 9 network entries and 9 paths using ll97 bytes of memory 2 BGP path attribute entries using l2O bytes of memory l BGP AS-PATH entries using 24 bytes of memory O BGP route-map cache entries using O bytes of memory O BGP filter-list cache entries using O bytes of memory BGP activity 9 30 prefixes, 9 0 paths, scan interval 60 sees Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ...

Classical Internet Access for a VPN Customer

A separate link for Internet access is a perfect match for this customer type. W 2003, Cisco System , Inc. All right* reserved. The classical Internet access setup for a VPN customer is based on a separated Internet access design model. This design model is thus a perfect match for customers looking for classical Internet access service.

Clients can communicate with all servers but not with each other

All rights reserved. A central services VPN is a topology with the following characteristics Some sites (server sites) can communicate with all other sites All the other sites (client sites) can communicate only with the server sites This topology can be used in the following situations The service provider offers services to all customers by allowing them access to a common VPN. Two (or more) companies want to exchange information by sharing a common set of servers....

Command List

The commands used in this exercise are described in the table here. network network-number network-mask no network network-number network-mask To specify a list of networks for the Enhanced Interior Gateway Routing Protocol (EIGRP) routing process, use the network router configuration command. To remove an entry, use the no form of this command. router eigrp as-number no router eigrp as- To configure the EIGRP routing process, use the router eigrp global configuration command. To shut down a...

Command Modes

The example here shows how a sham link is used only to affect the OSPF intra-area path selection of the PE and CE routers. The PE router also uses the information received from MP-BGP to set the outgoing label stack of incoming packets, and to decide to which egress PE router to label-switch the packets. The figure shows a sample MPLS VPN topology in which a sham-link configuration is necessary. A VPN client has two sites connected by a backdoor link. A sham link has been configured between the...

Complex VPN topologies are supported by multiple virtual routing tables on the PE routers

With the introduction of complex VPN topologies, the definition of a VPN has needed to be changed. A VPN is simply a collection of sites sharing common routing information. In traditional switched WAN terms (for example, in X.25 terminology), such a concept would be called a closed user group (CUG). In the classic VPN, all sites connected to a VPN shared a common routing view. In complex VPNs, however, a site can be part of more than one VPN. This results in differing routing requirements for...

Conclusion Mpls Vpn must extend the classic Ospfbgp routing model

All right* moved. MPLS .20-5-11 With the traditional OSPF-BGP redistribution, the OSPF route type (internal or external route) is not preserved when the OSPF route is redistributed into BGP. When that same route is redistributed back into OSPF, it is always redistributed as an external OSPF route. There are a number of caveats associated with external OSPF routes External routes cannot be summarized. External routes are flooded across all OSPF areas. External routes...

Configuration of Mpibgp sessions

Define a loopback interface that will serve as the BGP next hop for VPNv4 routes and as the source address for the IBGP session. Configure the remote PE router as the global BGP neighbor. Specify the source address for the TCP session. Activate the remote PE router for VPNv4 route exchange. Disable next-hop processing for VPNv4 route exchange. This action guarantees that the loopback 0 interface will always be the BGP next hop for VPNv4 routes propagated by this router to its MP-IBGP neighbors....

Configuration steps on CEwg2A

CEwg2A(config) int s0 0.113 point-to-point CEwg2A(config-subif) ip address 150.wg.y.49 255.255.255.240 CEwg2A(config-subif) frame-relay interface-dlci 113 CEwg2A(config-fr-dlci) no shut CEwg2A(config) router bgp 650wg1 CEwg2A(config-router) nei 150.wg.wg1.50 remote-as 65001 Configuration steps on PEwgl PEwg1(config) interface s0 0.113 point-to-point PEwg1(config-subif) ip vrf forwarding Customer_A PEwg1(config-subif) ip address 150.wg.y.50 255.255.255.240 PEwg1(config-subif) frame-relay...

Configuration steps on CEwg2B router

CEwg2B(config-router) no passive-interface Serial0 0.ll4 CEwg2B(config-router) no network l50.wg.0.0 0.0.255.255 area 0 CEwg2B(config-router) router bgp 650wg2 CEwg2B(config-router) no net 0.0.0.0 CEwg2B(config-router) nei l50.wg.wg2.65 remote 6500l CEwg2B(config-router) no ip route 0.0.0.0 0.0.0.0 Serial0 0.ll4 Configuration steps on PEwg2 routers PEwg2(config) no ip route l0.2.wgl.0 255.255.255.0 l50.wg.wg2.66 PEwg2(config) no ip route l0.2.wg2.0 255.255.255.0 l50,wg.wg2.66...

Configuration steps on CEwglA

CEwglA(config-router) nei l50.wg.pop.l8 remote-as 6500l CEwglA(config-router) no auto-summary CEwglA(config-router) redistribute ospf l CEwglA(config) router ospf l CEwglA(config-router) redistribute bgp 650wgl subnets Configuration steps on CEwglB CEwglB(config-router) nei l50.wg.pop.34 remote-as 6500l CEwglB(config-router) no auto-summary CEwglB(config-router) redistribute ospf 2 CEwglB(config-router) router ospf 2 CEwglB(config-router) redistribute bgp 650wg2 subnets Configuration steps on...

Configuration steps on CEwglB

CEwg1B(config) int sO O.113 point-to-point CEwg1B(config-subif) ip address 150.wg.x.49 255.255.255.240 CEwg1B(config-subif) frame-relay interface-dlci 113 CEwg1B(config-fr-dlci) no shut CEwg1B(config) router bgp 6500wg CEwg1B(config-router) nei 150.wg.wg2.50 remote-AS 65001 Configuration steps on PEwg2 PEwg2(config) interface s0 0.113 point-to-point PEwg2(config-subif) ip vrf forwarding Customer_B PEwg2(config-subif) ip address 150. wg.pop.50 255.255.255.24 0 PEwg2(config-subif) frame-relay...

Configuration steps on PE routers

PEpop(config) int s0 0.ll4 point-to-point PEpop(config-subif) ip add l50.wg.pop.65 255.255.255.240 PEpop(config-subif) frame-relay interface-dlci ll4 PEpop(config-subif) ip router isis PEpop(config-subif) router isis s0 0.ll4 Task 2 Establishing Routing Between the Customer and the Internet Configuration steps on PEwgrl routers PEwgrl(config) ip route l0.l.wgl.0 255.255.255.0 l50.wg.wgl.66 PE grl(config) ip route l0.l.wg2.0 255.255.255.0 l50.wg.wgl .66 PEwgrl(config) router bgp 6500l PE...

Configuration steps on PEwg2

PEwg2(config) ip vrf Customer_A PEwg2(config-vrf) rd wg 10 PEwg2(config-vrf) route-target both wg 10 PEwg2(config) ip vrf Customer_B PEwg2(config-vrf) rd wg 20 PEwg2(config-vrf) route-target both wg 20 PEwg2(config) int s0 0.101 PEwg2(config-subif) ip vrf forwarding Customer_A PEwg2(config-subif) ip address 150.wg.pop.18 255.255.255.24 0 PEwg2(config-subif) ip vrf forwarding Customer_B PEwg2(config-subif) ip address l50.wg.pop.34 255.255.255.24 0 PEwg2(config) router rip PEwg2(config-router)...

Configuration steps on PEwgl

PEwgl(config) no tag-switching ip propagate-ttl Configuration steps on Pwgl Pwgl(config) no tag-switching ip propagate-ttl Configuration steps on Pwg2 Pwg2(config) no tag-switching ip propagate-ttl Configuration steps on PEwg2 PEwg2(config) no tag-switching ip propagate-ttl Task 3 Configuring Conditional Label Distribution Note There are different ways to construct an access list to accomplish the desired result. This is one way. The key, however, is to meet the task objective.

Configuration steps on PEwgl for Customer A

PEwg1(config) ip vrf Customer_A PEwg1(config-vrf) export map NMS_Cus_A PEwg1(config-vrf) route-target import 101 500 PEwg1(config) ip vrf A_Central PEwg1(config-vrf) export map NMS_Cus_A PEwg1(config-vrf) route-target import 101 500 PEwg1(config) route-map NMS_Cus_A permit 10 PEwg1(config-route-map) match ip address access-list 10 PEwg1(config route-map) set extcommunity rt 101 501 add PEwg1(config) access-list 10 permit host 10.1.41.49 PEwg1(config) access-list 10 permit host 10.1.42.49

Configuration steps on PEwgl for Customer B

PEwg1(config) ip vrf Customer_B PEwg1(config-vrf) export map NMS_Cus_B PEwg1(config-vrf) route-target import 101 500 PEwg1(config) route-map NMS_Cus_B permit 10 PEwg1(config-route-map) match ip address 20 PEwg1(config route-map) set extcommunity rt 101 501 add PEwg1(config) access-list 20 permit host 10.2.41.49 PEwgrl(config) access-list 20 permit host l0.2.42.49 Configuration steps on PEwg2 for Customer B PEwg2(config) ip vrf Customer_B PEwg2(config-vrf) export map NMS_Cus_B PEwg2(config-vrf)...

Configuration steps on PEwgl PEpopconfigno

Note Depending on which router has issued the no router eigrp command, you will see the *Mar 6 14 59 15.110 DUAL-5-NBRCHANGE IP-EIGRP(0) 1 Neighbor l92.l68.wg.65 (Serial0 0.lll) is down interface down *Mar 6 14 59 15.110 destroy peer 192.168.wg.65 *Mar 6 14 59 15.110 DUAL-5-NBRCHANGE IP-EIGRP(0) 1 Neighbor l92.l68.wg.ll3 (Serial0 0.ll2) is down interface down *Mar 6 14 59 15.110 destroy peer l92.l68.wg.ll3 *Mar 6 14 59 15.110 DUAL-5-NBRCHANGE IP-EIGRP(0) 1 Neighbor 192.168.100.65 (Serial0...

Configuration steps on PEwgl routers

PEwgl(config) no ip route l0.l.wgl.0 255.255.255.0 l50.wg.wgl.66 PEwgl(config) no ip route l0.l.wg2.0 255.255.255.0 l50.wg.wgl.66 PEwgl(config-router) nei l50.wg.wgl.66 remote 650wgl Configuration steps on CEwg2A router CEwg2A(config-router) nei l50.wg.wg2.l29 remote 6500l Configuration steps on PEwg2 routers PEwg2(config-router) nei l50.wg.wg2.l30 remote 650wgl Xeam B

Configuration steps on Pwg2

Pwg2(config) no router eigrp l Pwg2(config) router isis Pwg2(config-router) net 49.000l.0000.0000.02wg2.00 Pwg2(config-router) metric-style wide Task 3 Enabling MPLS LDP Connectivity with the Central P Router Note The subinterface number and DLCi number in the following configurations will match with each other, and are determined by the instructions for this task.

Configuration Tasks for MPLS on Lcatm Interfaces

This topic lists the configuration tasks for configuring MPLS on LC-ATM interfaces. This topic lists the configuration tasks for configuring MPLS on LC-ATM interfaces. Configuration Tasks for MPLS on LC-ATM Interfaces Configuration tasks on Catalyst 8510 and Catalyst 8540 ATM switches - Configure MPLS on the ATM interface Configure additional LC-ATM parameters 2003, Cisco System , Inc. All right reserved. Configuration of cell-mode MPLS differs from configuration of frame-mode MPLS. An...

Configure redistribution of OSPF into MPBGP

To configure OSPF as a PE-CE routing protocol, you need to start a separate OSPF process for each VRF in which you want to run OSPF. The per-VRF OSPF process is configured in the same way as a standard OSPF process. You can use all OSPF features available in Cisco IOS software. You need to redistribute OSPF routes into BGP and redistribute BGP routes into OSPF if necessary. Alternatively, you can originate a default route into a per-VRF OSPF process by using the default-information originate...

Configuring Additional Lcatm Parameters Cont

All right* reterved W 2003, Cltco Syttent, Inc. All right* reterved The example shows how to change the default VPI range from 1-1 to 5-6. The control virtual circuit can also use the VPI value used for LVCs. In this example, the control virtual circuit is using VPI 5 and VCI 32. Note that the values must match on each neighbor.

Configuring an Lcatm Interface on a Catalyst ATM Switch

* Enables LC-ATM control on an ATM interface * Default control VC 0 32, label allocation uses VPI 1 2OO1, Ctaco Systems, Inc. All rights n Mve L MPLS v2O -4 Use these commands to enable MPLS on an interface of a Catalyst ATM switch. Cell-mode MPLS is implied. Enabling both distribution protocols can be useful in a mixed environment when the supported protocol for every device connected to the switch does not need to be determined. When the LDP or TDP adjacency is established (over virtual...

Configuring an Lcatm Interface on a Router

Interface atm number.sub-number mpls * Creates an LC-ATM subinterface. * By default, this subinterface uses VC 0 32 for label control protocols and VP 1 for label allocation. mpls label protocol ldp tdp both * Enables MPLS on an LC-ATM subinterface * Starts LDP on an LC-ATM subinterface 2003, Chco System*, Inc. All right* reserved. MPLS .2.0-3-5 On Cisco IOS platform routers, subinterfaces are typically used. Use the mpls keyword to specify the type of subinterface when you are entering...

Configuring Eigrp Pece Routing Cont

The EIGRP configuration in this sample network is exceedingly simple The EIGRP routing process is configured. The EIGRP version is configured as the global EIGRP parameter. The EIGRP routing context is configured for every VRF where you want to run EIGRP as the PE-CE routing protocol. The directly connected networks (configured on interfaces in the VRF) over which you want to run EIGRP are specified to have standard EIGRP configuration. Redistribution from BGP into EIGRP with metric propagation...

Configuring MPIBGP

This topic identifies the command syntax required to configure MP-IBGP in an MPLS VPN environment. router bgp as-number neighbor ip-address remote-as as-number neighbor ip-address update-source loopback-type interface number All MP-BGP neighbors have to be configured under global BGP routing configuration. MP-IBGP sessions have to run between loopback interfaces. Starts configuration of MP-BGP routing for VPNv4 route exchange. Parameters that apply only to MP-BGP exchange of VPNv4 routes...

Configuring MPLS on a Frame Mode Interface Cont Example

All right moved 200 , Ctarn Syateni , Inc. All right moved When combining Cisco routers with equipment of other vendors, you may need to use standard LDP (MPLS). TDP (tag switching) can be replaced by LDP on point-to-point interfaces. However, you can also use both protocols on shared media if some devices do not support TDP. Label switching is more or less independent of the distribution protocol, so there should be no problem in mixing the two protocols. TDP and...

Configuring MPLS over ATM Virtual Path Routers

This topic shows how to configure MPLS over ATM VP for routers. An LC-ATM interface is created. The ATM VPI value is set to the virtual path number. < The control virtual circuit needs to be established within the virtual path. The virtual path number has to match between peers. An LC-ATM interface is created. The ATM VPI value is set to the virtual path number. < The control virtual circuit needs to be established within the virtual path. The virtual path number has to match between peers....

Configuring MPLS over ATM Virtual Path Routers Cont

When you connect a router and a switch through a virtual path, you need to set only the parameters for the control virtual circuit and the label range on the router. The router is unaware that the control virtual circuit is not terminated on the directly connected switch. The public ATM network simply forwards all cells based on the VPI value to the other endpoint, where an MPLS-enabled switch continues forwarding based on VPI and VCI values.

Configuring MPLS over ATM Virtual Path Switches Cont

This example shows the configuration of both MPLS-enabled ATM switches connected by a virtual path across a public ATM network. The VPI value has to be the same on the first and last hop in the path. The ATM provider can use any VPI on any other link. The example shows that the subinterface that is created, on both switches, has a subinterface number equal to the VPI number. Note The example does not change the parameters of the control virtual circuit. PVCs will need to be established for the...

Configuring Pece Ospf Routing Cont

Redistribute ospf process-id match internal external-1 external-2 OSPF-BGP route redistribution is configured with the redistribute command under the proper address-family. Without the OSPF match keyword specified, only internal OSPF routes are redistributed into OSPF. 2003, Cisco Systems, Inc. All right* reserved. MPLS v2.0 -2S Use the standard BGP redistribution commands.

Configuring PerVrf Bgp Routing Context

This topic identifies the command syntax that is used to select the VRF routing context for BGP. Configuring Per-VRF BGP Routing Context address-family ipv4 vrf vrf-name Per-VRF BGP definitions Select per-VRF BGP context with the address-family command. Configure CE EBGP neighbors in VRF context, not in the global BGP configuration. CE neighbors have to be activated with the neighbor activate command. 2003, Ctaco Sy tan , Inc. All right rnaetved MPLS v20-5-4 Select the VRF routing context with...

Configuring PerVRF Static Routes

This topic identifies the command syntax used to configure per-VRF static routes. This topic identifies the command syntax used to configure per-VRF static routes. ip route vrf name static route parameters This command configures per-VRF static routes. The route is entered in the VRF table. You must always specify the outgoing interface, even if you specify the next hop. ip route vrf u tomer-AS l ., ., ., serial router- fegp address-family ipv4 vrf eusto er_AB redistribute static 2003, Cisco...

Configuring RDs in a Central Services and Simple VPN

miiiiiii mini mini mini nil mini mini limn i it Configure a unique RD for every set of VRFs with unique membership requirements - A-Spoke-1 and A-Spoke-2 can share the same RD. - B-Spoke-1 and B-Spoke-2 can share the same RD. Configure one RD for all central server VRFs. 2003, Ctaco System*, Inc. All rights reserved. MPLS v20- -19 Configure a unique RD for every set of VRFs with unique membership requirements - A-Spoke-1 and A-Spoke-2 can share the same RD. - B-Spoke-1 and B-Spoke-2 can share...

Configuring RTs in a Central Services and Simple VPN

Configure customer VPN import-export route target in all VRFs participating in customer VPN Configure a unique import-export route target in every VRF that is only a client of central servers Configure central services import and export route targets in VRFs that participate in central services VPN 2003, Cisco Systems, Inc. All rl t* reserved This table shows an RD and RT numbering scheme for PE-1 This table shows an RD and RT numbering scheme for PE-2. PE-2 RD and RT Numbering Scheme This...

Configuring Selective VRF Import

Mmmmmmmmmmmw mini mini mini mini iiiim mini 1111 5 0 VRF import criteria might be more specific than just the match on the RT for example Import only routes with specific BGP attributes (community, and so on). Import routes with specific prefixes or subnet masks (only loopback addresses). A route map can be configured in a VRF to make route import more specific. 2003, Chco System*, Inc. All right* reserved. MPLS v2.0 -5 Selective route import into a VRF allows you to narrow the route import...

Configuring VRFs

This topic identifies the command syntax that is required to configure a managed CE routers VPN. The figure shows a sample configuration for a customer VRF with differentiated RT export for loopback addresses according to the numbering scheme shown on the previous page. An export route map is used to match one part of the IP address space and attach an additional RT to the routes within this address space (CE router loopback addresses). Note The routing protocol between PE and CE routers has to...

Connect to CEwgA2 and try to ping CEwg2B or CEwglB Those routers should not be reachable from CEwgA2 For subgroup B

Sending 5, 100-byte ICMP Echos to 10.2.pop.49, timeout is 2 seconds Sending 5, 100-byte ICMP Echos to 10.2.pop.49, timeout is 2 seconds Sending 5, 100-byte ICMP Echos to 10.1.pop.49, timeout is 2 seconds Sending 5, 100-byte ICMP Echos to 10.1.pop.49, timeout is 2 seconds

Connect to CEwgAl and perform ping and trace to the loopback address of CEwg2B or vice versa The other router should be

CEwgrlA ping 10.1. wgr2 . 49 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.1.wg2.49, timeout is 2 seconds Success rate is 100 percent (5 5) , round-trip min avg max 148 148 149 ms CEpopAB trace 10.1.pop.4 9 Type escape sequence to abort. Tracing the route to 10.1.pop.4 9 1 150.wg.pop.34 16 msec 16 msec 12 msec 2 150.wg.pop.17 AS 6500wg 72 msec 76 msec * CEpopA ping 10.2.pop.49 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.2.pop.49, timeout is 2...