MPLS - Layer3 VPN with OSPF Protocol between CE-PE
Layer3 VPN with OSPF Protocol between CE-PE
In a Layer 3 VPN (Virtual Private Network) deployment with OSPF (Open Shortest Path First) protocol between Customer Edge (CE) and Provider Edge (PE) routers, OSPF plays a crucial role in exchanging routing information and facilitating dynamic routing within the VPN. OSPF, a link-state routing protocol, enables the CE routers to share their routing information with the PE routers, allowing for the efficient exchange of routes and network reachability details. The MPLS-based Layer 3 VPN infrastructure ensures secure and scalable interconnection across geographically dispersed locations. By using OSPF as the routing protocol between CE and PE routers, organizations benefit from dynamic route propagation, automatic network adaptation, and the ability to scale their VPN networks seamlessly. This combination of Layer 3 VPNs and OSPF protocol is well-suited for businesses seeking robust, dynamic, and scalable solutions for secure communication across their distributed network infrastructure.
Lab:
Disclaimer
This Configuration Guide is designed to assist members to enhance their skills in particular technology area. While every effort has been made to ensure that all material is as complete and accurate as possible, the enclosed material is presented on an “as is” basis. Neither the authors nor Forum assume any liability or responsibility to any person or entity with respect to loss or damages incurred from the information contained in this guide. This configuration guide was developed by Forum. Any similarities between material presented in this configuration guide and any other material is completely coincidental.
IOS used: c7200-p-mz.120-32.S.bin
Task 1: BASIC OSPF MPLS and BGP Setup
Configure OSPF, MPLS, BGP on all PE-routers and P-router
Step 1. Configure following on respective P and PE routers:
PE1 Router Initial Config:
hostname PE1
!
ip cef
mpls label protocol ldp
mpls ldp router-id Loopback0
!
interface Loopback0
ip address 192.168.3.1 255.255.255.255
!
interface Fastethernet0/0
description *** Link to A1 ***
ip address 150.1.31.1 255.255.255.252
no shutdown
!
interface Serial2/0
description *** Link to PE2 ***
ip address 192.168.3.22 255.255.255.252
mpls ip
no shutdown
!
router ospf 1
Network 192.168.3.0 0.0.0.255 area 0
!
router bgp 3
no synchronization
no auto-summary
neighbor 192.168.3.2 remote-as 3
neighbor 192.168.3.2 update-source
Loopback0
network 192.168.3.1 mask 255.255.255.255
!
end
PE2 Router Initial Config:
hostname PE2
!
ip cef
mpls label protocol ldp
mpls ldp router-id Loopback0
!
interface Loopback0
ip address 192.168.3.2 255.255.255.255
!
interface FastEthernet0/0
description *** Link to A2 ***
ip address 150.1.31.5 255.255.255.252
no shutdown
!
interface Serial2/0
description *** Link to PE1 ***
ip address 192.168.3.21 255.255.255.252
mpls ip
no shutdown
!
interface Serial2/1
description *** Link to P ***
Ip address 192.168.3.18 255.255.255.252
clock rate 64000
mpls ip
no shutdown
!
router ospf 1
network 192.168.3.0 0.0.0.255 area 0
!
router bgp 3
no synchronization
no auto-summary
network 192.168.3.2 mask 255.255.255.255
neighbor 192.168.3.3 remote-as 3
neighbor 192.168.3.3 update-source
Loopback0
neighbor 192.168.3.1 remote-as 3
neighbor 192.168.3.1 update-source
Loopback0
neighbor 192.168.3.1 route-reflector-client
!
end
PE3 Router Initial Config :
hostname PE3
!
ip cef
mpls label protocol ldp
mpls ldp router-id Loopback0
!
interface Loopback0
ip address 192.168.3.3 255.255.255.255
!
interface FastEthernet0/0
description *** Link to A3 ***
ip address 150.1.31.13 255.255.255.252
no shutdown
!
interface Serial2/1
description *** Link to PE4 ***
ip address 192.168.3.10 255.255.255.252
mpls ip
no shutdown
!
interface Serial2/0
description *** Link to P ***
ip address 192.168.3.13 255.255.255.252
mpls ip
no shutdown
!
router ospf 1
network 192.168.3.0 0.0.0.255 area 0
!
router bgp 3
no synchronization
no auto-summary
network 192.168.3.3 mask 255.255.255.255
neighbor 192.168.3.2 remote-as 3
neighbor 192.168.3.2 update-source Lo0
neighbor 192.168.3.4 remote-as 3
neighbor 192.168.3.4 update-source Lo0
neighbor 192.168.3.4 route-reflector-client
!
end
PE4 Router Initial Config :
hostname PE4
!
ip cef
mpls label protocol ldp
mpls ldp router-id Loopback0
!
interface Loopback0
ip address 192.168.3.4 255.255.255.255
!
interface FastEthernet0/0
description *** Link to A4 ***
ip address 150.1.31.17 255.255.255.252
no shutdown
!
interface Serial2/1
description *** Link to PE3 ***
ip address 192.168.3.9 255.255.255.252
clock rate 64000
mpls ip
no shutdown
!
Router ospf 1
Network 192.168.3.0 0.0.0.255 area 0
!
router bgp 3
no synchronization
no auto-summary
neighbor 192.168.3.3 remote-as 3
neighbor 192.168.3.3 update-source lo0
network 192.168.3.4 mask 255.255.255.255
!
end
P Router Config:
hostname P
!
ip cef
mpls label protocol ldp
mpls ldp router-id Loopback0
!
interface Loopback0
ip address 192.168.3.5 255.255.255.255
!
interface Serial2/0
description *** Link to PE3 ***
ip address 192.168.3.14 255.255.255.252
clock rate 64000
mpls ip
no shutdown
!
interface Serial2/1
description *** Link to PE2 ***
ip address 192.168.3.17 255.255.255.252
clock rate 64000
mpls ip
no shutdown
!
router ospf 1
network 192.168.3.0 0.0.0.255 area 0
!
end
Verification:
PE1#sh ip route
150.1.0.0/30 is subnetted, 1 subnets
C 150.1.31.0 is directly connected, FastEthernet0/0
192.168.3.0/24 is variably subnetted, 9 subnets, 2 masks
O 192.168.3.8/30 [110/256] via 192.168.3.21, 00:02:51, Serial1/0
O 192.168.3.12/30 [110/192] via 192.168.3.21, 00:02:51, Serial1/0
O 192.168.3.3/32 [110/193] via 192.168.3.21, 00:02:51, Serial1/0
O 192.168.3.2/32 [110/65] via 192.168.3.21, 00:02:51, Serial1/0
C 192.168.3.1/32 is directly connected, Loopback0
O 192.168.3.5/32 [110/129] via 192.168.3.21, 00:02:51, Serial1/0
O 192.168.3.4/32 [110/257] via 192.168.3.21, 00:02:51, Serial1/0
O 192.168.3.16/30 [110/128] via 192.168.3.21, 00:02:51, Serial1/0
C 192.168.3.20/30 is directly connected, Serial1/0
PE4#sh ip bgp
BGP table version is 5, local router ID is 192.168.3.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i192.168.3.1/32 192.168.3.1 0 100 0 i
*>i192.168.3.2/32 192.168.3.2 0 100 0 i
*>i192.168.3.3/32 192.168.3.3 0 100 0 i
*> 192.168.3.4/32 0.0.0.0 0 32768 i
A1 Router Initial Config:
hostname A1
!
interface Loopback0
ip address 203.1.0.1 255.255.255.255
!
interface Loopback1
ip address 203.1.1.1 255.255.255.0
!
interface FastEthernet0/0
description *** Link to PE1 ***
ip address 150.1.31.2 255.255.255.252
no shutdown
!
end
A2 Router Initial Config:
hostname A2
!
interface Loopback0
ip address 203.1.0.2 255.255.255.255
!
interface Loopback1
ip address 203.1.2.1 255.255.255.0
!
interface FastEthernet0/0
description *** Link to PE2 ***
ip address 150.1.31.6 255.255.255.252
no shutdown
!
end
A3 Router Initial Config:
hostname A3
!
interface Loopback0
ip address 203.1.0.3 255.255.255.255
!
interface Loopback1
ip address 203.1.3.1 255.255.255.0
!
interface FastEthernet0/0
description *** Link to PE3 ***
ip address 150.1.31.14 255.255.255.252
no shutdown
!
end
A4 Router Initial Config:
hostname A4
!
interface Loopback0
ip address 203.1.0.4 255.255.255.255
!
interface Loopback1
ip address 203.1.4.1 255.255.255.0
!
interface FastEthernet0/0
description *** Link to PE4 ***
ip address 150.1.31.18 255.255.255.252
no shutdown
!
end
Task 2: Configure Multiprotocol BGP
Configure multi-protocol BGP between provider-edge (PE) routers.
Step 1 Activate VPNv4 BGP sessions between all PE routers in your Service Provider backbone.
Step 2 On the PE routers acting as route reflectors, configure the route-reflector clients under the VPNv4 address family.
The following commands need to be entered on the PE-routers:
PE1(config)#
router bgp 3
address-family vpnv4
neighbor 192.168.3.2 activate
no auto-summary
PE2(config)#
router bgp 3
address-family vpnv4
neighbor 192.168.3.1 activate
neighbor 192.168.3.1 route-reflector-client
neighbor 192.168.3.3 activate
no auto-summary
PE3(config)#
router bgp 3
address-family vpnv4
neighbor 192.168.3.2 activate
neighbor 192.168.3.4 activate
neighbor 192.168.3.4 route-reflector-client
no auto-summary
PE4(config)#
router bgp 3
address-family vpnv4
neighbor 192.168.3.3 activate
no auto-summary
Task 3: Configure VRF Tables
The following commands need to be entered on PE router:
PE1(config)#
ip vrf vpna
rd 3:10
route-target both 3:10
!
interface FastEthernet0/0
description *** Link to A1 ***
ip vrf forwarding vpna
ip address 150.1.31.1 255.255.255.252
Note: "ip vrf forwarding vpna" will remove IP address, so IP address need to be reconfigured
PE2(config)#
ip vrf vpna
rd 3:10
route-target both 3:10
!
interface FastEthernet0/0
description *** Link to A2 ***
ip vrf forwarding vpna
ip address 150.1.31.5 255.255.255.252
PE3(config)#
ip vrf vpna
rd 3:10
route-target both 3:10
!
interface fastEthernet0/0
description *** Link to A3 ***
ip vrf forwarding vpna
ip address 150.1.31.13 255.255.255.252
PE4(config)#
ip vrf vpna
rd 3:10
route-target both 3:10
!
interface FastEthernet0/0
description *** Link to A4 ***
ip vrf forwarding vpna
ip address 150.1.31.17 255.255.255.252
Verification:
PE3#show ip vrf
Name Default RD Interfaces
vpna 3:10 FastEthernet0/0
Task 3: Configure PE-CE Routing
Configure OSPF Routing Protocol between PE and CE router.
Step 1: Configure OSPF on all PE routers to learn routes from respective CE routers.
Step 2: Configure IPv4 BGP instance for customer VRF VPNA on PE routers
Step 3: Redistribute between OSPF and BGP on PE routers
The following commands need to be entered on all PE router:
router ospf 3 vrf vpna
log-adjacency-changes
redistribute bgp 3 subnets
network 150.1.0.0 0.0.255.255 area 0
!
router bgp 3
address-family ipv4 vrf vpna
redistribute ospf 3 vrf vpna
Step 4: Configure OSPF on all CE routers
The following commands need to be entered on CE router:
(config)#
router ospf 3
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
Verification:
Step 5: To check status of link between PE and CE use VRF Ping. Normal ping will not work as your PE – CE link and interface is not part of global routing table, it is now part of VRF table.
A sample VRF Ping printout is shown below:
PE1#ping 150.1.31.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.31.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
PE1#ping vrf vpna 150.1.31.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.31.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/47/68 ms
Step 6: A sample VRF Telnet printout is shown below:
PE1#telnet 150.1.31.2 /vrf vpna
Trying 150.1.31.2 ... Open
User Access Verification
Password:
Step 7: To check VRF table for VPNA give following command on PE1 router
PE1#show ip route vrf vpna
Routing Table: vpna
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR
Gateway of last resort is not set
203.1.4.0/32 is subnetted, 1 subnets
B 203.1.4.1 [200/2] via 192.168.3.4, 00:13:43
203.1.3.0/32 is subnetted, 1 subnets
B 203.1.3.1 [200/2] via 192.168.3.3, 00:13:58
203.1.2.0/32 is subnetted, 1 subnets
B 203.1.2.1 [200/2] via 192.168.3.2, 00:13:58
203.1.1.0/32 is subnetted, 1 subnets
O 203.1.1.1 [110/2] via 150.1.31.2, 00:14:16, FastEthernet0/0
203.1.0.0/32 is subnetted, 4 subnets
B 203.1.0.2 [200/2] via 192.168.3.2, 00:13:58
B 203.1.0.3 [200/2] via 192.168.3.3, 00:13:58
O 203.1.0.1 [110/2] via 150.1.31.2, 00:14:18, FastEthernet0/0
B 203.1.0.4 [200/2] via 192.168.3.4, 00:13:45
150.1.0.0/30 is subnetted, 5 subnets
B 150.1.31.8 [200/0] via 192.168.3.3, 00:13:45
B 150.1.31.12 [200/0] via 192.168.3.3, 00:13:45
C 150.1.31.0 is directly connected, FastEthernet0/0
B 150.1.31.4 [200/0] via 192.168.3.2, 00:14:01
B 150.1.31.16 [200/0] via 192.168.3.4, 00:13:45
PE1#
Step 8: To check BGP table for VRF VPNA give following command on PE1 router
PE1#show ip bgp vpnv4 vrf vpna
BGP table version is 25, local router ID is 192.168.3.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 3:10 (default for vrf vpna)
*> 150.1.31.0/30 0.0.0.0 0 32768 ?
*>i150.1.31.4/30 192.168.3.2 0 100 0 ?
*>i150.1.31.12/30 192.168.3.3 0 100 0 ?
*>i150.1.31.16/30 192.168.3.4 0 100 0 ?
*> 203.1.0.1/32 150.1.31.2 1 32768 ?
*>i203.1.0.2/32 192.168.3.2 1 100 0 ?
*>i203.1.0.3/32 192.168.3.3 1 100 0 ?
*>i203.1.0.4/32 192.168.3.4 1 100 0 ?
*> 203.1.1.0 150.1.31.2 1 32768 ?
*>i203.1.2.0 192.168.3.2 1 100 0 ?
*>i203.1.3.0 192.168.3.3 1 100 0 ?
*>i203.1.4.0 192.168.3.4 1 100 0 ?
PE1#
Step 9: To check CE Routing table give following command on A1 router
A1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR
Gateway of last resort is not set
203.1.4.0/32 is subnetted, 1 subnets
O IA 203.1.4.1 [110/3] via 150.1.31.1, 00:16:27, FastEthernet0/0
203.1.3.0/32 is subnetted, 1 subnets
O IA 203.1.3.1 [110/3] via 150.1.31.1, 00:16:27, FastEthernet0/0
203.1.2.0/32 is subnetted, 1 subnets
O IA 203.1.2.1 [110/3] via 150.1.31.1, 00:16:27, FastEthernet0/0
C 203.1.1.0/24 is directly connected, Loopback1
203.1.0.0/32 is subnetted, 4 subnets
O IA 203.1.0.2 [110/3] via 150.1.31.1, 00:16:27, FastEthernet0/0
O IA 203.1.0.3 [110/3] via 150.1.31.1, 00:16:27, FastEthernet0/0
C 203.1.0.1 is directly connected, Loopback0
O IA 203.1.0.4 [110/3] via 150.1.31.1, 00:16:27, FastEthernet0/0
150.1.0.0/30 is subnetted, 5 subnets
O IA 150.1.31.8 [110/2] via 150.1.31.1, 00:16:34, FastEthernet0/0
O IA 150.1.31.12 [110/2] via 150.1.31.1, 00:16:34, FastEthernet0/0
C 150.1.31.0 is directly connected, FastEthernet0/0
O IA 150.1.31.4 [110/2] via 150.1.31.1, 00:16:34, FastEthernet0/0
O IA 150.1.31.16 [110/2] via 150.1.31.1, 00:16:34, FastEthernet0/0
A1#
Step 10: To check CE Routing table give following command on A4 router
A4#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR
Gateway of last resort is not set
C 203.1.4.0/24 is directly connected, Loopback1
203.1.3.0/32 is subnetted, 1 subnets
O IA 203.1.3.1 [110/3] via 150.1.31.17, 00:18:33, FastEthernet0/0
203.1.2.0/32 is subnetted, 1 subnets
O IA 203.1.2.1 [110/3] via 150.1.31.17, 00:18:33, FastEthernet0/0
203.1.1.0/32 is subnetted, 1 subnets
O IA 203.1.1.1 [110/3] via 150.1.31.17, 00:18:33, FastEthernet0/0
203.1.0.0/32 is subnetted, 4 subnets
O IA 203.1.0.2 [110/3] via 150.1.31.17, 00:18:33, FastEthernet0/0
O IA 203.1.0.3 [110/3] via 150.1.31.17, 00:18:33, FastEthernet0/0
O IA 203.1.0.1 [110/3] via 150.1.31.17, 00:18:33, FastEthernet0/0
C 203.1.0.4 is directly connected, Loopback0
150.1.0.0/30 is subnetted, 5 subnets
O IA 150.1.31.8 [110/2] via 150.1.31.17, 00:18:34, FastEthernet0/0
O IA 150.1.31.12 [110/2] via 150.1.31.17, 00:18:34, FastEthernet0/0
O IA 150.1.31.0 [110/2] via 150.1.31.17, 00:18:34, FastEthernet0/0
O IA 150.1.31.4 [110/2] via 150.1.31.17, 00:18:34, FastEthernet0/0
C 150.1.31.16 is directly connected, FastEthernet0/0