i will move my blog to http://sioduy.blogsome.com so the new topology will be posting on it
Jumat, 20 Februari 2009
Rabu, 14 Januari 2009
Enable Multicast Support for MPLS VPN
this is my new topology, enabling multicast support for MPLS VPN
recently i thought how to enable multicast support on MPLS VPN until finally found articel from cisco so i try it
this is the configuration for PE Router
!--- Configure VRF, Route Distinguser (RD) to allow IP overlaping
!--- Configure the default Multicast Distribution Tree (MDT)
!--- for VRF vpn1 & vpn2
!
ip vrf vpn1
rd 777:1
route-target export 777:1
route-target import 777:1
mdt default 239.1.1.1
mdt data 239.2.2.0 0.0.0.255 threshold 1
!
ip vrf vpn2
rd 777:2
route-target export 777:2
route-target import 777:2
mdt default 239.7.7.7
mdt data 239.3.3.0 0.0.0.255 threshold 1
!
!----Enable global multicast routing
ip multicast-routing
!----Enable multicast routing in VRF vpn1 & vpn2
ip multicast-routing vrf vpn1
ip multicast-routing vrf vpn2
!
!
interface Loopback0
ip address 202.162.208.1 255.255.255.255
ip pim sparse-dense-mode
!
interface Loopback10
ip vrf forwarding vpn1
ip address 192.168.2.254 255.255.255.255
ip pim sparse-dense-mode
!--- Multicast needs to be enable on loopback interface
!--- This is used as a source
!--- for MP-BGP session between PE routers that participate in Multicast VPN
interface Loopback20
ip vrf forwarding vpn2
ip address 192.168.2.254 255.255.255.255
ip pim sparse-dense-mode
!--- this routers needs to be RP for multicast in VRF vpn1 & vpn2
!--- therefore multicast needs to be enabled on the interface is used as Rendezvous Point (RP)
!
!
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
no arp frame-relay
no frame-relay inverse-arp
!--- Multicast is enabled on PE-CE interfaces in VRF
!
interface Serial1/0.101 point-to-point
ip vrf forwarding vpn1
ip address 192.168.1.1 255.255.255.252
ip pim sparse-dense-mode
no arp frame-relay
frame-relay interface-dlci 101
!
interface Serial1/1
no ip address
encapsulation frame-relay
serial restart-delay 0
!
interface Serial1/1.102 point-to-point
ip vrf forwarding vpn2
ip address 192.168.1.1 255.255.255.252
ip pim sparse-dense-mode
no arp frame-relay
frame-relay interface-dlci 102
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!--- Service provider core needs to run multicast as global multicast
!--- to support MVPN services, so multicast is enabled on PE-P links
interface FastEthernet0/0
ip address 202.162.208.6 255.255.255.252
ip pim sparse-dense-mode
duplex auto
speed auto
mpls ip
!
!--- Configure global unicast routing PE-P routers
!
router ospf 1
log-adjacency-changes
network 202.162.208.0 0.0.0.255 area 0
!--- Configure unicast routing in VRF vpn1 & vpn2
!
router rip
version 2
!
address-family ipv4 vrf vpn2
redistribute bgp 777 metric transparent
network 192.168.1.0
network 192.168.2.0
no auto-summary
version 2
exit-address-family
!
address-family ipv4 vrf vpn1
redistribute bgp 777 metric transparent
network 192.168.1.0
network 192.168.2.0
no auto-summary
version 2
exit-address-family
!--- Configure MP-BGP session
!
router bgp 777
no synchronization
bgp log-neighbor-changes
neighbor vpn peer-group
neighbor vpn remote-as 777
neighbor vpn update-source Loopback0
neighbor vpn next-hop-self
neighbor 202.162.208.2 peer-group vpn
neighbor 202.162.208.3 peer-group vpn
no auto-summary
!
address-family vpnv4
neighbor vpn send-community both
neighbor 202.162.208.2 activate
neighbor 202.162.208.3 activate
exit-address-family
!
address-family ipv4 vrf vpn2
redistribute connected
redistribute rip
no synchronization
exit-address-family
!
address-family ipv4 vrf vpn1
redistribute connected
redistribute rip
no synchronization
exit-address-family
!--- Configure auto-RP. The PE1's VRF loopback interfaces
!--- 100 is the RP in VRF vpn1 & vpn2
!
ip pim bidir-enable
ip pim vrf vpn1 send-rp-announce Loopback10 scope 100
ip pim vrf vpn1 send-rp-discovery Loopback10 scope 100
ip pim vrf vpn2 send-rp-announce Loopback20 scope 100
ip pim vrf vpn2 send-rp-discovery Loopback20 scope 100
for P router
!−−− Enable global multicast routing.
!
interface Loopback0
ip address 202.162.208.254 255.255.255.255
ip pim sparse-dense-mode
!
interface FastEthernet0/0
ip address 202.162.208.5 255.255.255.252
ip pim sparse-dense-mode
duplex auto
speed auto
mpls ip
!−−− Enable multicast on links to PE routers
!−−− which have MVPNs configured.
!
interface FastEthernet1/0
ip address 202.162.208.9 255.255.255.252
ip pim sparse-dense-mode
duplex auto
speed auto
mpls ip
!
interface FastEthernet2/0
ip address 202.162.208.249 255.255.255.252
ip pim sparse-dense-mode
duplex auto
speed auto
mpls ip
!
!−−− P1 is configured to announce itself as
!−−− the RP through auto−RP.
router ospf 1
log-adjacency-changes
network 202.162.208.0 0.0.0.255 area 0
!
!
ip pim bidir-enable
ip pim send-rp-announce Loopback0 scope 100
ip pim send-rp-discovery Loopback0 scope 100
troubleshoot it
see all configuration at
http://sioduy.100webspace.net/Multicast%20VPN/
recently i thought how to enable multicast support on MPLS VPN until finally found articel from cisco so i try it
this is the configuration for PE Router
!--- Configure VRF, Route Distinguser (RD) to allow IP overlaping
!--- Configure the default Multicast Distribution Tree (MDT)
!--- for VRF vpn1 & vpn2
!
ip vrf vpn1
rd 777:1
route-target export 777:1
route-target import 777:1
mdt default 239.1.1.1
mdt data 239.2.2.0 0.0.0.255 threshold 1
!
ip vrf vpn2
rd 777:2
route-target export 777:2
route-target import 777:2
mdt default 239.7.7.7
mdt data 239.3.3.0 0.0.0.255 threshold 1
!
!----Enable global multicast routing
ip multicast-routing
!----Enable multicast routing in VRF vpn1 & vpn2
ip multicast-routing vrf vpn1
ip multicast-routing vrf vpn2
!
!
interface Loopback0
ip address 202.162.208.1 255.255.255.255
ip pim sparse-dense-mode
!
interface Loopback10
ip vrf forwarding vpn1
ip address 192.168.2.254 255.255.255.255
ip pim sparse-dense-mode
!--- Multicast needs to be enable on loopback interface
!--- This is used as a source
!--- for MP-BGP session between PE routers that participate in Multicast VPN
interface Loopback20
ip vrf forwarding vpn2
ip address 192.168.2.254 255.255.255.255
ip pim sparse-dense-mode
!--- this routers needs to be RP for multicast in VRF vpn1 & vpn2
!--- therefore multicast needs to be enabled on the interface is used as Rendezvous Point (RP)
!
!
interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
no arp frame-relay
no frame-relay inverse-arp
!--- Multicast is enabled on PE-CE interfaces in VRF
!
interface Serial1/0.101 point-to-point
ip vrf forwarding vpn1
ip address 192.168.1.1 255.255.255.252
ip pim sparse-dense-mode
no arp frame-relay
frame-relay interface-dlci 101
!
interface Serial1/1
no ip address
encapsulation frame-relay
serial restart-delay 0
!
interface Serial1/1.102 point-to-point
ip vrf forwarding vpn2
ip address 192.168.1.1 255.255.255.252
ip pim sparse-dense-mode
no arp frame-relay
frame-relay interface-dlci 102
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!--- Service provider core needs to run multicast as global multicast
!--- to support MVPN services, so multicast is enabled on PE-P links
interface FastEthernet0/0
ip address 202.162.208.6 255.255.255.252
ip pim sparse-dense-mode
duplex auto
speed auto
mpls ip
!
!--- Configure global unicast routing PE-P routers
!
router ospf 1
log-adjacency-changes
network 202.162.208.0 0.0.0.255 area 0
!--- Configure unicast routing in VRF vpn1 & vpn2
!
router rip
version 2
!
address-family ipv4 vrf vpn2
redistribute bgp 777 metric transparent
network 192.168.1.0
network 192.168.2.0
no auto-summary
version 2
exit-address-family
!
address-family ipv4 vrf vpn1
redistribute bgp 777 metric transparent
network 192.168.1.0
network 192.168.2.0
no auto-summary
version 2
exit-address-family
!--- Configure MP-BGP session
!
router bgp 777
no synchronization
bgp log-neighbor-changes
neighbor vpn peer-group
neighbor vpn remote-as 777
neighbor vpn update-source Loopback0
neighbor vpn next-hop-self
neighbor 202.162.208.2 peer-group vpn
neighbor 202.162.208.3 peer-group vpn
no auto-summary
!
address-family vpnv4
neighbor vpn send-community both
neighbor 202.162.208.2 activate
neighbor 202.162.208.3 activate
exit-address-family
!
address-family ipv4 vrf vpn2
redistribute connected
redistribute rip
no synchronization
exit-address-family
!
address-family ipv4 vrf vpn1
redistribute connected
redistribute rip
no synchronization
exit-address-family
!--- Configure auto-RP. The PE1's VRF loopback interfaces
!--- 100 is the RP in VRF vpn1 & vpn2
!
ip pim bidir-enable
ip pim vrf vpn1 send-rp-announce Loopback10 scope 100
ip pim vrf vpn1 send-rp-discovery Loopback10 scope 100
ip pim vrf vpn2 send-rp-announce Loopback20 scope 100
ip pim vrf vpn2 send-rp-discovery Loopback20 scope 100
for P router
!−−− Enable global multicast routing.
!
interface Loopback0
ip address 202.162.208.254 255.255.255.255
ip pim sparse-dense-mode
!
interface FastEthernet0/0
ip address 202.162.208.5 255.255.255.252
ip pim sparse-dense-mode
duplex auto
speed auto
mpls ip
!−−− Enable multicast on links to PE routers
!−−− which have MVPNs configured.
!
interface FastEthernet1/0
ip address 202.162.208.9 255.255.255.252
ip pim sparse-dense-mode
duplex auto
speed auto
mpls ip
!
interface FastEthernet2/0
ip address 202.162.208.249 255.255.255.252
ip pim sparse-dense-mode
duplex auto
speed auto
mpls ip
!
!−−− P1 is configured to announce itself as
!−−− the RP through auto−RP.
router ospf 1
log-adjacency-changes
network 202.162.208.0 0.0.0.255 area 0
!
!
ip pim bidir-enable
ip pim send-rp-announce Loopback0 scope 100
ip pim send-rp-discovery Loopback0 scope 100
troubleshoot it
see all configuration at
http://sioduy.100webspace.net/Multicast%20VPN/
Minggu, 04 Januari 2009
6VPE
my network diagram for 6VPE
what is 6VPE ?
IPv6 VPN Network through MPLS IPv4 network
for this topology I use IOS c7200-adventerprisek9-mz.122-33.SRC1.bin i need feature vpnv6 in BGP extension
1.create vrf vpnv6_a & vpnv6_b
2. Network VPN must overlap3. use sonet interface for backbone
here configuration for PE1
Use vrf definition command to create vrf vpnv6_a & vpnv6_b
you must activate address family ipv6 for ipv6 vpn support!
vrf definition vpnv6_a
rd 777:1
route-target export 777:1
route-target import 777:1
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition vpnv6_b
rd 777:2
route-target export 777:2
route-target import 777:2
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
ip cef
ipv6 unicast-routing
ipv6 cef
!
!
interface Loopback0
ip address 202.162.208.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface POS1/0
ip address 202.162.208.5 255.255.255.252
mpls ip
!
!
interface FastEthernet2/0
vrf forwarding vpnv6_a
no ip address
speed auto
duplex auto
ipv6 address 2001:5C0:1::1/126
!
interface FastEthernet2/1
vrf forwarding vpnv6_b
no ip address
speed auto
duplex auto
ipv6 address 2001:5C0:1::1/126
!
!
router ospf 1
log-adjacency-changes
network 202.162.208.0 0.0.0.255 area 0
!
router bgp 777
bgp log-neighbor-changes
neighbor 125.126.46.1 remote-as 777
neighbor 125.126.46.1 update-source Loopback0
!
address-family ipv4
no synchronization
redistribute static
neighbor 125.126.46.1 activate
neighbor 125.126.46.1 next-hop-self
no auto-summary
exit-address-family
!
address-family vpnv4
neighbor 125.126.46.1 activate
neighbor 125.126.46.1 send-community both
exit-address-family
!
address-family vpnv6
neighbor 125.126.46.1 activate
neighbor 125.126.46.1 send-community both
exit-address-family
!
address-family ipv4 vrf vpnv6_a
no synchronization
redistribute static
exit-address-family
!
address-family ipv6 vrf vpnv6_a
redistribute static
no synchronization
exit-address-family
!
address-family ipv4 vrf vpnv6_b
no synchronization
redistribute static
exit-address-family
!
address-family ipv6 vrf vpnv6_b
redistribute static
no synchronization
exit-address-family
!
ipv6 route vrf vpnv6_b 2001:D30:7::/64 2001:5C0:1::3
ipv6 route vrf vpnv6_a 2001:D30:7::/64 2001:5C0:1::3
!
!
interface Loopback0
ip address 202.162.208.2 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface POS1/0
ip address 202.162.208.6 255.255.255.252
mpls ip
!
interface POS2/0
ip address 202.162.208.254 255.255.255.252
mpls ip
!
router ospf 1
log-adjacency-changes
network 202.162.208.0 0.0.0.255 area 0
!
ip classless
!
troubleshoot it
now we check the packet passing P Router
see the all configuration at
http://sioduy.100webspace.net/6VPE/
MPLS VPN IPv4
hai everybody i am back, long time no see
its time for me to continue posting about networking
maybe starting this time and next time i wilL posting about MPLS Network
now its about MPLS VPN IPv4
this is my first MPLS lab using GNS 3
how about the rule ???
1. don't use sub interface on serial interface PE-CE1
2. create vrf name vpn_1 & vpn_2
3. network PE-CE must overlap ecah other
example PE-CE1 must overlap PE-CE2
4.use rip for PE-CE
5.use ospf for backbone router
and this is sample configuration for PE1
create vrf for vpn_1 & vpn_2
this configuration is mandatory configured
ip vrf vpn_1
rd 777:1
route-target export 777:1
route-target import 777:1
!
ip vrf vpn_2
rd 777:2
route-target export 777:2
route-target import 777:2
configure loopback interface you must configure IP with /32 prefix
interface Loopback0
ip address 202.162.208.1 255.255.255.255
configure interface to backbone network in cisco 3640 you can use tag switching ip or mpls ip command
!
interface FastEthernet0/0
ip address 202.162.208.5 255.255.255.252
duplex auto
speed auto
mpls ip
!
Configure PE-CE interface
!
interface Serial1/0
ip vrf forwarding vpn_1
ip address 192.168.2.1 255.255.255.252
encapsulation frame-relay
serial restart-delay 0
clock rate 504000
no arp frame-relay
frame-relay map ip 192.168.2.2 101 broadcast
no frame-relay inverse-arp
!
interface Serial1/1
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 1008000
!
interface Serial1/1.102 point-to-point
ip vrf forwarding vpn_2
ip address 192.168.2.1 255.255.255.252
no arp frame-relay
frame-relay interface-dlci 102
!
Configure global IGP
router ospf 1
log-adjacency-changes
network 202.162.208.0 0.0.0.255 area 0
!
Configure IGP in VRF vpn_1 & vpn_2
router rip
version 2
!
address-family ipv4 vrf vpn_2
redistribute bgp 777 metric transparent
network 192.168.2.0
no auto-summary
version 2
exit-address-family
!
address-family ipv4 vrf vpn_1
redistribute bgp 777 metric transparent
network 192.168.2.0
no auto-summary
version 2
exit-address-family
!
Configure MP-BGP session
!
router bgp 777
no synchronization
bgp log-neighbor-changes
neighbor 202.162.208.3 remote-as 777
neighbor 202.162.208.3 update-source Loopback0
neighbor 202.162.208.3 next-hop-self
no auto-summary
!
address-family vpnv4
neighbor 202.162.208.3 activate
neighbor 202.162.208.3 send-community both
exit-address-family
!
address-family ipv4 vrf vpn_2
redistribute rip
no synchronization
exit-address-family
!
address-family ipv4 vrf vpn_1
redistribute rip
no synchronization
exit-address-family
finish configuration for PE
you can use show mpls forwarding table command
let's check it with traceroute
if you want to see all configuration download at
http://sioduy.100webspace.net/MPLS%20VPN%20IPv4/
for the next post i will posting MPLS IPv6 or 6VPE
its time for me to continue posting about networking
maybe starting this time and next time i wilL posting about MPLS Network
now its about MPLS VPN IPv4
this is my first MPLS lab using GNS 3
how about the rule ???
1. don't use sub interface on serial interface PE-CE1
2. create vrf name vpn_1 & vpn_2
3. network PE-CE must overlap ecah other
example PE-CE1 must overlap PE-CE2
4.use rip for PE-CE
5.use ospf for backbone router
and this is sample configuration for PE1
create vrf for vpn_1 & vpn_2
this configuration is mandatory configured
ip vrf vpn_1
rd 777:1
route-target export 777:1
route-target import 777:1
!
ip vrf vpn_2
rd 777:2
route-target export 777:2
route-target import 777:2
configure loopback interface you must configure IP with /32 prefix
interface Loopback0
ip address 202.162.208.1 255.255.255.255
configure interface to backbone network in cisco 3640 you can use tag switching ip or mpls ip command
!
interface FastEthernet0/0
ip address 202.162.208.5 255.255.255.252
duplex auto
speed auto
mpls ip
!
Configure PE-CE interface
!
interface Serial1/0
ip vrf forwarding vpn_1
ip address 192.168.2.1 255.255.255.252
encapsulation frame-relay
serial restart-delay 0
clock rate 504000
no arp frame-relay
frame-relay map ip 192.168.2.2 101 broadcast
no frame-relay inverse-arp
!
interface Serial1/1
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 1008000
!
interface Serial1/1.102 point-to-point
ip vrf forwarding vpn_2
ip address 192.168.2.1 255.255.255.252
no arp frame-relay
frame-relay interface-dlci 102
!
Configure global IGP
router ospf 1
log-adjacency-changes
network 202.162.208.0 0.0.0.255 area 0
!
Configure IGP in VRF vpn_1 & vpn_2
router rip
version 2
!
address-family ipv4 vrf vpn_2
redistribute bgp 777 metric transparent
network 192.168.2.0
no auto-summary
version 2
exit-address-family
!
address-family ipv4 vrf vpn_1
redistribute bgp 777 metric transparent
network 192.168.2.0
no auto-summary
version 2
exit-address-family
!
Configure MP-BGP session
!
router bgp 777
no synchronization
bgp log-neighbor-changes
neighbor 202.162.208.3 remote-as 777
neighbor 202.162.208.3 update-source Loopback0
neighbor 202.162.208.3 next-hop-self
no auto-summary
!
address-family vpnv4
neighbor 202.162.208.3 activate
neighbor 202.162.208.3 send-community both
exit-address-family
!
address-family ipv4 vrf vpn_2
redistribute rip
no synchronization
exit-address-family
!
address-family ipv4 vrf vpn_1
redistribute rip
no synchronization
exit-address-family
finish configuration for PE
for P router
Activate tag switching or mpls IP and global IGP
interface Loopback0
ip address 202.162.208.2 255.255.255.255
!
interface FastEthernet0/0
ip address 202.162.208.6 255.255.255.252
duplex auto
speed auto
mpls ip
!
interface FastEthernet1/0
ip address 202.162.208.9 255.255.255.252
duplex auto
speed auto
mpls ip
!
interface FastEthernet2/0
ip address 202.162.208.253 255.255.255.252
duplex auto
speed auto
mpls ip
!
router ospf 1
log-adjacency-changes
network 202.162.208.0 0.0.0.255 area 0
you can use show mpls forwarding table command
let's check it with traceroute
if you want to see all configuration download at
http://sioduy.100webspace.net/MPLS%20VPN%20IPv4/
for the next post i will posting MPLS IPv6 or 6VPE
Langganan:
Postingan (Atom)
