As I mentioned in the previous L3VPN posts, those were using one specific architecture to connect two ISPs to each other, which is called Back to Back VRFs where a VRF is needed for each customer in both ISPs networks. Of course this is one way of making this to work. Another design is called carrier supporting carrier which I'm going to explain in this post. I'm going to use the same previous design with some slight changes, HERE is the complete diagram. There are no changes in the customer sites configuration and they are exactly as I left them in the previous MPLS VPN series, so I am not going to copy their configuration here. All the configuration changes happen in both ISPs
Tag: VRF
L3VPN: Route Leak
Now that we have covered many examples of L3VPN and for different customer deployments, I think this is a good point where we introduce the concept of Route Leaking. Notice in our DIAGRAM, only sites that belong to the same customer could reach each other and this is of course the required end result. But let assume for whatever reason we needed to change this behavior, now Customer C needs to reach Customer D and vice versa. This means, all four sites need to have full connectivity among each other. Simply put, we will need to leak Customer C's VRF routes into Customer D's VRF route table and vice versa. As always, things will get clearer with configuring this part: Just to confirm, at
L3VPN Part 5 of 5
CE-PE: BGP Starting with the remote sites. R17 interface Loopback17 ip address 17.17.17.1 255.255.255.0 ! interface FastEthernet0/0 ip address 172.16.37.2 255.255.255.0 speed 100 full-duplex ! router bgp 65000 no synchronization bgp log-neighbor-changes network 17.17.17.0 mask 255.255.255.0 neighbor 172.16.37.1 remote-as 100 neighbor 172.16.37.1 allowas-in no auto-summary ! R19 interface Loopback19 ip address 19.19.19.1 255.255.255.0 ! interface FastEthernet0/0 ip address 172.16.198.2 255.255.255.0 speed 100 full-duplex ! router bgp 65000 no synchronization bgp log-neighbor-changes network 19.19.19.0 mask 255.255.255.0 neighbor 172.16.198.1 remote-as 100 neighbor 172.16.198.1 allowas-in no auto-summary ! Moving to the PEs facing the CEs. R8 router bgp 100 address-family ipv4 vrf CUSTC100 neighbor 172.16.198.2 remote-as 65000 neighbor 172.16.198.2 activate no synchronization network 172.16.198.0 mask 255.255.255.0 exit-address-family ! R13 router bgp 100 address-family ipv4 vrf CUSTC222 neighbor 172.16.37.2 remote-as 65000 neighbor 172.16.37.2 activate no synchronization network 172.16.37.0 mask 255.255.255.0 exit-address-family ! Verifying that BGP is up and established between the PEs-PEs: Last step is configuring ISP to ISP PEs. R5: router bgp 100 address-family ipv4 vrf CUSTC100 neighbor 172.16.153.1 remote-as 500 neighbor 172.16.153.1 activate neighbor
L3VPN Part 4 of 5
CE-PE: IGP - OSPF As always, I will start with the remote sites to configure OSPF. R9 interface Loopback9 ip address 9.9.9.9 255.255.255.255 ! interface Loopback99 ip address 99.99.99.1 255.255.255.0 ! interface FastEthernet0/0 ip address 172.16.89.2 255.255.255.0 speed 100 full-duplex ! router ospf 20 router-id 9.9.9.9 log-adjacency-changes no auto-cost network 99.99.99.0 0.0.0.255 area 0 network 172.16.89.0 0.0.0.255 area 0 ! R14 interface Loopback14 ip address 14.14.14.1 255.255.255.0 ! interface FastEthernet0/0 ip address 172.16.34.2 255.255.255.0 speed 100 full-duplex ! router ospf 20 network 14.14.14.0 0.0.0.255 area 0 network 172.16.34.0 0.0.0.255 area 0 ! Next step is configuring the PEs facing the CEs. R8 router ospf 20 vrf CUSTB100 redistribute bgp 100 subnets network 172.16.89.0 0.0.0.255 area 0 ! router bgp 100 address-family ipv4 vrf CUSTB100 redistribute ospf 20 vrf CUSTB100 no synchronization exit-address-family ! R13 router ospf 20 vrf CUSTB222 redistribute bgp 100 subnets network 172.16.34.0 0.0.0.255 area 0 ! router bgp 100 address-family ipv4 vrf CUSTB222 redistribute
L3VPN Part 3 of 5
CE-PE: IGP - EIGRP As in the previous scenario, we will start with configuring EIGRP on the remote sites first. The config is pretty much straightforward R18 interface Loopback18 ip address 18.18.18.1 255.255.255.0 ! interface FastEthernet0/0 ip address 172.16.138.2 255.255.255.0 speed 100 full-duplex ! router eigrp 10 network 18.18.18.0 0.0.0.255 network 172.16.138.0 0.0.0.255 no auto-summary ! R20 interface Loopback20 ip address 20.20.20.1 255.255.255.0 ! interface FastEthernet0/0 ip address 172.16.208.2 255.255.255.0 speed 100 full-duplex ! router eigrp 10 network 20.20.20.0 0.0.0.255 network 172.16.208.0 0.0.0.255 no auto-summary ! Next step is configuring the PEs (PE facing the customer/remote site). R8 router eigrp 100 no auto-summary ! address-family ipv4 vrf CUSTD100 redistribute bgp 100 metric 1000 10 255 1 1500 network 172.16.208.0 0.0.0.255 no auto-summary autonomous-system 10 exit-address-family ! router bgp 100 address-family ipv4 vrf CUSTD100 redistribute eigrp 10 no synchronization exit-address-family ! R13 router eigrp 100 no auto-summary ! address-family ipv4 vrf CUSTD222 redistribute bgp 100
L3VPN Part 2 of 5
CE-PE: Static Routes: First, let's configure the customer's remote sites (CEs): R15 interface Loopback15 ip address 15.15.15.1 255.255.255.0 ! interface FastEthernet0/0 ip address 172.16.158.2 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 172.16.158.1 ! R16 interface Loopback16 ip address 16.16.16.1 255.255.255.0 ! interface FastEthernet0/0 ip address 172.16.36.2 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 172.16.36.1 ! As you can see from the above config, The CEs are pushing all traffic to the next hop IP addresses which are the PEs. Next, we should configure the provider edges (PEs facing the remote sites) for both sites: R8 router bgp 100 address-family ipv4 vrf CUSTA100 redistribute static no synchronization network 172.16.158.0 mask 255.255.255.0 exit-address-family ! ip route vrf CUSTA100 15.15.15.0 255.255.255.0 172.16.158.2 ! R13 router bgp 100 address-family ipv4 vrf CUSTA111 redistribute static no synchronization network 172.16.36.0 mask 255.255.255.0 exit-address-family
L3VPN Part 1 of 5
L3VPN was one of the recent challenges for me in routing and switching world as it introduces many new concepts that change conventional routing as we know it, but with a lot of reading, lab scenarios I became quite comfortable with L3VPN now. To be honest, even though it is really a complex topic, I think most of the books were not doing a good job explaining this. I had to read CCIE cert guide, BGP implementation and then MPLS fundamentals to finally be able to work some lab scenarios. Only then, I started to get the big picture of how L3VPN works. Now I am glad to share what I learnt so far in this post. I will try to