MPLS - Layer3 VPN with OSPF Protocol between CE-PE

Layer3 VPN with OSPF Protocol between CE-PE

In a Layer 3 VPN (Virtual Private Network) deployment with OSPF (Open Shortest Path First) protocol between Customer Edge (CE) and Provider Edge (PE) routers, OSPF plays a crucial role in exchanging routing information and facilitating dynamic routing within the VPN. OSPF, a link-state routing protocol, enables the CE routers to share their routing information with the PE routers, allowing for the efficient exchange of routes and network reachability details. The MPLS-based Layer 3 VPN infrastructure ensures secure and scalable interconnection across geographically dispersed locations. By using OSPF as the routing protocol between CE and PE routers, organizations benefit from dynamic route propagation, automatic network adaptation, and the ability to scale their VPN networks seamlessly. This combination of Layer 3 VPNs and OSPF protocol is well-suited for businesses seeking robust, dynamic, and scalable solutions for secure communication across their distributed network infrastructure.

Lab:

Disclaimer

This Configuration Guide is designed to assist members to enhance their skills in particular technology area. While every effort has been made to ensure that all material is as complete and accurate as possible, the enclosed material is presented on an “as is” basis. Neither the authors nor Forum assume any liability or responsibility to any person or entity with respect to loss or damages incurred from the information contained in this guide. This configuration guide was developed by Forum. Any similarities between material presented in this configuration guide and any other material is completely coincidental.

IOS used: c7200-p-mz.120-32.S.bin

Task 1: BASIC OSPF MPLS and BGP Setup

Configure OSPF, MPLS, BGP on all PE-routers and P-router

Step 1. Configure following on respective P and PE routers:

PE1 Router Initial Config:

hostname PE1 
! 
ip cef 
mpls label protocol ldp 
mpls ldp router-id Loopback0 
! 
interface Loopback0 
ip address 192.168.3.1 255.255.255.255 
! 
interface Fastethernet0/0 
description *** Link to A1 *** 
ip address 150.1.31.1 255.255.255.252 
no shutdown 
! 
interface Serial2/0 
description *** Link to PE2 *** 
ip address 192.168.3.22 255.255.255.252 
mpls ip 
no shutdown 
! 
router ospf 1 
Network 192.168.3.0 0.0.0.255 area 0 
! 
router bgp 3 
no synchronization 
no auto-summary 
neighbor 192.168.3.2 remote-as 3 
neighbor 192.168.3.2 update-source 
Loopback0 
network 192.168.3.1 mask 255.255.255.255 
! 
end

PE2 Router Initial Config:

hostname PE2 
! 
ip cef 
mpls label protocol ldp 
mpls ldp router-id Loopback0 
! 
interface Loopback0 
ip address 192.168.3.2 255.255.255.255 
! 
interface FastEthernet0/0 
description *** Link to A2 *** 
ip address 150.1.31.5 255.255.255.252 
no shutdown 
! 
interface Serial2/0 
description *** Link to PE1 *** 
ip address 192.168.3.21 255.255.255.252 
mpls ip 
no shutdown 
! 
interface Serial2/1 
description *** Link to P *** 
Ip address 192.168.3.18 255.255.255.252 
clock rate 64000 
mpls ip 
no shutdown 
! 
router ospf 1 
network 192.168.3.0 0.0.0.255 area 0 
! 
router bgp 3 
no synchronization 
no auto-summary 
network 192.168.3.2 mask 255.255.255.255 
neighbor 192.168.3.3 remote-as 3 
neighbor 192.168.3.3 update-source 
Loopback0 
neighbor 192.168.3.1 remote-as 3 
neighbor 192.168.3.1 update-source 
Loopback0 
neighbor 192.168.3.1 route-reflector-client 
! 
end

PE3 Router Initial Config :

hostname PE3 
! 
ip cef 
mpls label protocol ldp 
mpls ldp router-id Loopback0 
! 
interface Loopback0 
ip address 192.168.3.3 255.255.255.255 
! 
interface FastEthernet0/0 
description *** Link to A3 *** 
ip address 150.1.31.13 255.255.255.252 
no shutdown 
! 
interface Serial2/1 
description *** Link to PE4 *** 
ip address 192.168.3.10 255.255.255.252 
mpls ip 
no shutdown 
! 
interface Serial2/0 
description *** Link to P *** 
ip address 192.168.3.13 255.255.255.252 
mpls ip 
no shutdown 
! 
router ospf 1 
network 192.168.3.0 0.0.0.255 area 0 
! 
router bgp 3 
no synchronization 
no auto-summary 
network 192.168.3.3 mask 255.255.255.255 
neighbor 192.168.3.2 remote-as 3 
neighbor 192.168.3.2 update-source Lo0 
neighbor 192.168.3.4 remote-as 3 
neighbor 192.168.3.4 update-source Lo0 
neighbor 192.168.3.4 route-reflector-client 
! 
end

PE4 Router Initial Config :

hostname PE4 
! 
ip cef 
mpls label protocol ldp 
mpls ldp router-id Loopback0 
! 
interface Loopback0 
ip address 192.168.3.4 255.255.255.255 
! 
interface FastEthernet0/0 
description *** Link to A4 *** 
ip address 150.1.31.17 255.255.255.252 
no shutdown 
! 
interface Serial2/1 
description *** Link to PE3 *** 
ip address 192.168.3.9 255.255.255.252 
clock rate 64000 
mpls ip 
no shutdown 
! 
Router ospf 1 
Network 192.168.3.0 0.0.0.255 area 0 
! 
router bgp 3 
no synchronization 
no auto-summary 
neighbor 192.168.3.3 remote-as 3 
neighbor 192.168.3.3 update-source lo0 
network 192.168.3.4 mask 255.255.255.255 
! 
end

P Router Config:

hostname P 
! 
ip cef 
mpls label protocol ldp 
mpls ldp router-id Loopback0 
! 
interface Loopback0 
ip address 192.168.3.5 255.255.255.255 
! 
interface Serial2/0 
description *** Link to PE3 *** 
ip address 192.168.3.14 255.255.255.252 
clock rate 64000 
mpls ip 
no shutdown 
! 
interface Serial2/1 
description *** Link to PE2 *** 
ip address 192.168.3.17 255.255.255.252 
clock rate 64000 
mpls ip 
no shutdown 
! 
router ospf 1 
network 192.168.3.0 0.0.0.255 area 0 
! 
end

Verification:

PE1#sh ip route

      150.1.0.0/30 is subnetted, 1 subnets 
C         150.1.31.0 is directly connected, FastEthernet0/0 
      192.168.3.0/24 is variably subnetted, 9 subnets, 2 masks 
O         192.168.3.8/30 [110/256] via 192.168.3.21, 00:02:51, Serial1/0 
O         192.168.3.12/30 [110/192] via 192.168.3.21, 00:02:51, Serial1/0 
O         192.168.3.3/32 [110/193] via 192.168.3.21, 00:02:51, Serial1/0 
O         192.168.3.2/32 [110/65] via 192.168.3.21, 00:02:51, Serial1/0 
C         192.168.3.1/32 is directly connected, Loopback0 
O         192.168.3.5/32 [110/129] via 192.168.3.21, 00:02:51, Serial1/0 
O         192.168.3.4/32 [110/257] via 192.168.3.21, 00:02:51, Serial1/0 
O         192.168.3.16/30 [110/128] via 192.168.3.21, 00:02:51, Serial1/0 
C         192.168.3.20/30 is directly connected, Serial1/0 
PE4#sh ip bgp 

BGP table version is 5, local router ID is 192.168.3.4 
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
 S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete 
 Network              Next Hop       Metric      LocPrf      Weight       Path 
*>i192.168.3.1/32     192.168.3.1    0           100         0            i 
*>i192.168.3.2/32     192.168.3.2    0           100         0            i 
*>i192.168.3.3/32     192.168.3.3    0           100         0            i 
*> 192.168.3.4/32     0.0.0.0        0                       32768        i 

A1 Router Initial Config:

hostname A1 
! 
interface Loopback0 
ip address 203.1.0.1 255.255.255.255 
! 
interface Loopback1 
ip address 203.1.1.1 255.255.255.0 
! 
interface FastEthernet0/0 
description *** Link to PE1 *** 
ip address 150.1.31.2 255.255.255.252 
no shutdown 
! 
end

A2 Router Initial Config:

hostname A2 
! 
interface Loopback0 
ip address 203.1.0.2 255.255.255.255 
! 
interface Loopback1 
ip address 203.1.2.1 255.255.255.0 
! 
interface FastEthernet0/0 
description *** Link to PE2 *** 
ip address 150.1.31.6 255.255.255.252 
no shutdown 
! 
end 

A3 Router Initial Config:

hostname A3 
! 
interface Loopback0 
ip address 203.1.0.3 255.255.255.255 
! 
interface Loopback1 
ip address 203.1.3.1 255.255.255.0 
! 
interface FastEthernet0/0 
description *** Link to PE3 *** 
ip address 150.1.31.14 255.255.255.252 
no shutdown 
! 
end 

A4 Router Initial Config:

hostname A4 
! 
interface Loopback0 
ip address 203.1.0.4 255.255.255.255 
! 
interface Loopback1 
ip address 203.1.4.1 255.255.255.0 
! 
interface FastEthernet0/0 
description *** Link to PE4 *** 
ip address 150.1.31.18 255.255.255.252 
no shutdown 
! 
end 

Task 2: Configure Multiprotocol BGP

Configure multi-protocol BGP between provider-edge (PE) routers.

Step 1 Activate VPNv4 BGP sessions between all PE routers in your Service Provider backbone.

Step 2 On the PE routers acting as route reflectors, configure the route-reflector clients under the VPNv4 address family.

The following commands need to be entered on the PE-routers:

PE1(config)#
router bgp 3 
address-family vpnv4 
 neighbor 192.168.3.2 activate 
 no auto-summary 
PE2(config)#
router bgp 3 
 address-family vpnv4 
 neighbor 192.168.3.1 activate 
 neighbor 192.168.3.1 route-reflector-client 
 neighbor 192.168.3.3 activate 
 no auto-summary 
PE3(config)#
router bgp 3 
 address-family vpnv4 
 neighbor 192.168.3.2 activate 
 neighbor 192.168.3.4 activate 
 neighbor 192.168.3.4 route-reflector-client 
 no auto-summary 
PE4(config)#
router bgp 3 
 address-family vpnv4 
 neighbor 192.168.3.3 activate 
 no auto-summary

Task 3: Configure VRF Tables

The following commands need to be entered on PE router:

PE1(config)#
ip vrf vpna 
 rd 3:10 
 route-target both 3:10 
! 
interface FastEthernet0/0 
 description *** Link to A1 *** 
 ip vrf forwarding vpna 
 ip address 150.1.31.1 255.255.255.252 

Note: "ip vrf forwarding vpna" will remove IP address, so IP address need to be reconfigured

PE2(config)#
ip vrf vpna 
 rd 3:10
  route-target both 3:10 
! 
interface FastEthernet0/0 
 description *** Link to A2 *** 
 ip vrf forwarding vpna 
 ip address 150.1.31.5 255.255.255.252 
PE3(config)#
ip vrf vpna 
 rd 3:10 
 route-target both 3:10 
! 
interface fastEthernet0/0 
 description *** Link to A3 *** 
 ip vrf forwarding vpna 
 ip address 150.1.31.13 255.255.255.252
PE4(config)#
ip vrf vpna 
 rd 3:10 
 route-target both 3:10 
! 
interface FastEthernet0/0 
 description *** Link to A4 *** 
 ip vrf forwarding vpna 
 ip address 150.1.31.17 255.255.255.252

Verification:

PE3#show ip vrf
 Name     Default RD    Interfaces 
 vpna     3:10          FastEthernet0/0 

Task 3: Configure PE-CE Routing

Configure OSPF Routing Protocol between PE and CE router.

Step 1: Configure OSPF on all PE routers to learn routes from respective CE routers.

Step 2: Configure IPv4 BGP instance for customer VRF VPNA on PE routers

Step 3: Redistribute between OSPF and BGP on PE routers

The following commands need to be entered on all PE router:

router ospf 3 vrf vpna 
 log-adjacency-changes 
 redistribute bgp 3 subnets 
 network 150.1.0.0 0.0.255.255 area 0 
! 
router bgp 3 
 address-family ipv4 vrf vpna 
 redistribute ospf 3 vrf vpna

Step 4: Configure OSPF on all CE routers

The following commands need to be entered on CE router:

(config)#
router ospf 3 
 log-adjacency-changes 
 network 0.0.0.0 255.255.255.255 area 0

Verification:

Step 5: To check status of link between PE and CE use VRF Ping. Normal ping will not work as your PE – CE link and interface is not part of global routing table, it is now part of VRF table.

A sample VRF Ping printout is shown below:

PE1#ping 150.1.31.2 
Type escape sequence to abort. 
Sending 5, 100-byte ICMP Echos to 150.1.31.2, timeout is 2 seconds: 
..... 
Success rate is 0 percent (0/5)  

PE1#ping vrf vpna 150.1.31.2
Type escape sequence to abort. 
Sending 5, 100-byte ICMP Echos to 150.1.31.2, timeout is 2 seconds: 
!!!!! 
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/47/68 ms 

Step 6: A sample VRF Telnet printout is shown below:

PE1#telnet 150.1.31.2 /vrf vpna
Trying 150.1.31.2 ... Open 
User Access Verification 
Password: 

Step 7: To check VRF table for VPNA give following command on PE1 router

PE1#show ip route vrf vpna
Routing Table: vpna 
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP 
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP 
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 
       ia - IS-IS inter area, * - candidate default, U - per-user static route 
       o - ODR 

Gateway of last resort is not set 

     203.1.4.0/32 is subnetted, 1 subnets 
B         203.1.4.1 [200/2] via 192.168.3.4, 00:13:43 
     203.1.3.0/32 is subnetted, 1 subnets 
B         203.1.3.1 [200/2] via 192.168.3.3, 00:13:58 
     203.1.2.0/32 is subnetted, 1 subnets 
B         203.1.2.1 [200/2] via 192.168.3.2, 00:13:58 
     203.1.1.0/32 is subnetted, 1 subnets 
O         203.1.1.1 [110/2] via 150.1.31.2, 00:14:16, FastEthernet0/0 
     203.1.0.0/32 is subnetted, 4 subnets 
B          203.1.0.2 [200/2] via 192.168.3.2, 00:13:58 
B          203.1.0.3 [200/2] via 192.168.3.3, 00:13:58 
O          203.1.0.1 [110/2] via 150.1.31.2, 00:14:18, FastEthernet0/0 
B          203.1.0.4 [200/2] via 192.168.3.4, 00:13:45 
     150.1.0.0/30 is subnetted, 5 subnets 
B          150.1.31.8 [200/0] via 192.168.3.3, 00:13:45 
B          150.1.31.12 [200/0] via 192.168.3.3, 00:13:45 
C          150.1.31.0 is directly connected, FastEthernet0/0 
B          150.1.31.4 [200/0] via 192.168.3.2, 00:14:01 
B          150.1.31.16 [200/0] via 192.168.3.4, 00:13:45 
PE1#

Step 8: To check BGP table for VRF VPNA give following command on PE1 router

PE1#show ip bgp vpnv4 vrf vpna

BGP table version is 25, local router ID is 192.168.3.1 
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
 r RIB-failure, S Stale 
Origin codes: i - IGP, e - EGP, ? - incomplete 
 Network             Next Hop         Metric      LocPrf       Weight      Path 
Route Distinguisher: 3:10 (default for vrf vpna) 
*> 150.1.31.0/30     0.0.0.0          0                        32768       ? 
*>i150.1.31.4/30     192.168.3.2      0           100          0           ? 
*>i150.1.31.12/30    192.168.3.3      0           100          0           ? 
*>i150.1.31.16/30    192.168.3.4      0           100          0           ? 
*> 203.1.0.1/32      150.1.31.2       1                        32768       ? 
*>i203.1.0.2/32      192.168.3.2      1           100          0           ? 
*>i203.1.0.3/32      192.168.3.3      1           100          0           ? 
*>i203.1.0.4/32      192.168.3.4      1           100          0           ? 
*> 203.1.1.0         150.1.31.2       1                        32768       ? 
*>i203.1.2.0         192.168.3.2      1           100          0           ? 
*>i203.1.3.0         192.168.3.3      1           100          0           ? 
*>i203.1.4.0         192.168.3.4      1           100          0           ? 
PE1# 

Step 9: To check CE Routing table give following command on A1 router

A1#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP 
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP 
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 
       ia - IS-IS inter area, * - candidate default, U - per-user static route 
       o - ODR 

Gateway of last resort is not set 

     203.1.4.0/32 is subnetted, 1 subnets 
O IA      203.1.4.1 [110/3] via 150.1.31.1, 00:16:27, FastEthernet0/0 
     203.1.3.0/32 is subnetted, 1 subnets 
O IA      203.1.3.1 [110/3] via 150.1.31.1, 00:16:27, FastEthernet0/0 
     203.1.2.0/32 is subnetted, 1 subnets 
O IA      203.1.2.1 [110/3] via 150.1.31.1, 00:16:27, FastEthernet0/0 
C    203.1.1.0/24 is directly connected, Loopback1 
     203.1.0.0/32 is subnetted, 4 subnets 
O IA      203.1.0.2 [110/3] via 150.1.31.1, 00:16:27, FastEthernet0/0 
O IA      203.1.0.3 [110/3] via 150.1.31.1, 00:16:27, FastEthernet0/0 
C         203.1.0.1 is directly connected, Loopback0 
O IA      203.1.0.4 [110/3] via 150.1.31.1, 00:16:27, FastEthernet0/0 
     150.1.0.0/30 is subnetted, 5 subnets 
O IA      150.1.31.8 [110/2] via 150.1.31.1, 00:16:34, FastEthernet0/0 
O IA      150.1.31.12 [110/2] via 150.1.31.1, 00:16:34, FastEthernet0/0 
C         150.1.31.0 is directly connected, FastEthernet0/0 
O IA      150.1.31.4 [110/2] via 150.1.31.1, 00:16:34, FastEthernet0/0 
O IA      150.1.31.16 [110/2] via 150.1.31.1, 00:16:34, FastEthernet0/0 
A1# 

Step 10: To check CE Routing table give following command on A4 router

A4#show ip route 
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP 
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP 
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 
       ia - IS-IS inter area, * - candidate default, U - per-user static route 
       o - ODR 

Gateway of last resort is not set 

C    203.1.4.0/24 is directly connected, Loopback1 
     203.1.3.0/32 is subnetted, 1 subnets 
O IA      203.1.3.1 [110/3] via 150.1.31.17, 00:18:33, FastEthernet0/0 
     203.1.2.0/32 is subnetted, 1 subnets 
O IA      203.1.2.1 [110/3] via 150.1.31.17, 00:18:33, FastEthernet0/0 
     203.1.1.0/32 is subnetted, 1 subnets 
O IA      203.1.1.1 [110/3] via 150.1.31.17, 00:18:33, FastEthernet0/0 
     203.1.0.0/32 is subnetted, 4 subnets 
O IA      203.1.0.2 [110/3] via 150.1.31.17, 00:18:33, FastEthernet0/0 
O IA      203.1.0.3 [110/3] via 150.1.31.17, 00:18:33, FastEthernet0/0 
O IA      203.1.0.1 [110/3] via 150.1.31.17, 00:18:33, FastEthernet0/0 
C    203.1.0.4 is directly connected, Loopback0 
     150.1.0.0/30 is subnetted, 5 subnets 
O IA      150.1.31.8 [110/2] via 150.1.31.17, 00:18:34, FastEthernet0/0 
O IA      150.1.31.12 [110/2] via 150.1.31.17, 00:18:34, FastEthernet0/0 
O IA      150.1.31.0 [110/2] via 150.1.31.17, 00:18:34, FastEthernet0/0 
O IA      150.1.31.4 [110/2] via 150.1.31.17, 00:18:34, FastEthernet0/0 
C         150.1.31.16 is directly connected, FastEthernet0/0