& Switehing Version 5.0 VPN Workbook www.noasolutions.com yMom oan scary hall,Banjarahills road no 1 Noa solutions oor, id, Page 1 s N.K Arcade, 2nd & 3rd floor, Opposite to Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.About the Author Sikandar Sheik, a dual CCIE (RS/SP# 35012) is a highly experienced and extremely driven senior technical instructor and network consultant. He has been training networking courses for more than 10 years, teaching on a wide range of topics including Routing and Switching, Service Provider and Security (CCNA to CCIE). In addition, he has been developing and updating the content for these courses. He has assisted many engineers in passing out the lab examinations and securing certifications. Sikandar Shaik is highly skilled at designing, planning, coordinating, maintaining, troubleshooting and implementing changes to various aspects of multi-scaled, multiplatform, multi-protocol complex networks as well as course development and instruction for a technical workforce in a varied networking environment. His experience includes responsibilities ranging from operating and maintaining PC's and peripherals to network control programs for multi faceted data communication networks in LAN, MAN and WAN environments. Sikandar Shaik has delivered instructor led trainings in several states in India as well as in abroad in countries like China, Kenya and UAE, He has also worked as a Freelance Cisco Certified Instructor globally for Corporate Major Clients. ‘Acknowledgment First and foremost | would like to thank the Almighty for his continued blessings and for always being there for me. You have given me the power and confidence to believe in myself and pursue my dreams. | could never have done this without the faith | have in you. Secondly | would like to thank my family for understanding my long nights at the computer. | have spent alot of time on preparing workbooks and this workbook would not have been possible without their support and encouragement. ! would also like to recognize the cooperation of my students who took my trainings and workbooks. | believe my workbooks have helped them in upskilling themselves with respect to the subject and technologies and | will continue preparing workbooks for the updated technology versions. ‘Shaik Gouse Moinuddin Sikandar CCIE x 2 (RS/SP) Feedback Please send feedback if there are any issues with respect to the content of this workbook. | would also appreciate suggestions from you which can improve this workbook further. Kindly send your feedback and suggestions at info@noasolutions.com NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 2INDEX PAGE NO MPLS labels srsssossossseesessessesseesssssssssnesnesteseeseesseen cusses Label Distribution protocol CONFIUGURING LDP MPLS LDP Troubleshooting LAB MPLS LDP PEERING MPLS Layer 3 VPNS LAB: MPLS L3 VPN Support for Static Routing LAB: MPLS L3 VPN Support for RIPv2 LAB: MPLS L3\VPN Support for EIGRP LAB: MPLS L3 VPN Support for OSPF ...scsseseeseeee OPSF Super Backbone]. (OSPF Domain-id (OSPF Shamdink LAB: OSPF Shamdink LAB: MPLS L3 VPN Support for EBGP ........ LAB: Overlap VPN: LAB: EXPORT MAPS: Configure Basic setup for VPN labs: Generic Routing Encapsulation LAB: GRE POINT TO POINT TUNNELS ..... DYNAMIC MULTI POINT VPN LAB: DMVPN Phase 1 static Mapping: LAB: DMVPN phase using NHRP Dynamic Mapping: LAB: DMVPN Phase-2 using Static Mappir LAB: DMVEN phase 2 using dynamic mapping: Routing Protocols over DMVPN phase 1 RIPv2 over DMVPN Phase 41 .. EIGRP over DMVPN Phase -t.. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution ste 106 16 20 22 36 a 5 7 101 103 47 80 at 44 152 158 163 167 m 178 181 185 Page 3OSPF over DMVPN Phase -1 189 EBGP over DMVPN Phase-1 193 Routing Protocols over DMVPN phase 2 198 EIGRP over DMVPN Phase-2 201 RIPv2 over DMVPN Phase-2 208 OSPF over DMVPN Phase-2 «+... 2 EBGP over DMVPN Phase-2 24 LAB: NHRP Phase-3 27 IPsec VPN .. 221 LAB : IPsec Site-Sit 239 LAB : IPSec over DMVPN: 249 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 4NETWORK ONLINE ACAGEMY HOA solutions,N-K Arcade, 2nd & 3rd Floor Opposite to banjara function hall, Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 uww.noasolutions, Page 5NA. MPLS Layer 3 VPN Modern SP networks (VPN) NA. + Concept of VPNs + Reasons why VPNs were introduced + VPN implementation models + list benefits and drawbacks of VPNs NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 6Traditional Router-Based Networks MOA, Traditional router-based networks connect customer sites through routers connected via dedicated point-to-point links (leased lines). Customer A Leased lines \ Site B Customer A J Site A site C - — Site D y/ Traditional Router-Based Networks(Contd) A. Advantages + Complete Secure + High Bandwieth + Superior Quality + Reliable Disadvantages + Expensive + Permanent Physical connection + Not scalable NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 7VPN Example MOA. VPNs replace dedicated point-to-point links with emulated point-to-point links that share ‘common infrastructure. + Customers use VPNs primarily to reduce their operational costs. + Example: X.25, Frame-relay, ATM, GRE, DMPVN,, Ipsec, MPLS , L2TPv3 Large Customer Site Customer Site Router Customer Premises Equipment (CPE) or Customer Edge (CE) Advantages of VPNs * Cost savings * Scalability * Improved security * Better performance Flexible + Reliable NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page &VPN Terminology MOA. Large Customer Site VPN Terminology (Cont.) KOA, Large Customer Site Customer Site Other CE Router Customet Customer Edge (CE) Routers Router NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 9VPN Models VPN services can be offered based on two major models: Overlay model + in which the service provider provides virtual point-to-point links between customer sites + Frame relay , ATM, X.25, Ipsec, GRE Peer-to-peer model + in which the service provider participates in the customer routing + MPLS VPN Classification NA, ACLs (Shared router) Split routing (dedicated router) GET VPN. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 10Overlay Layer 2 VPNs + Layer 2 VPN + The service provider establishes Layer 2 VCs between customer sites. + The customer is responsible for all higher layers. Overlay Layer 2 VPN: Frame Relay/ATM XA, Customer site C ‘CE Router ~ SPOKE Customer Site D CE Router ~ SPOKE CE Router ~ SPOKE + virtua circuits VPN is implemented with IP-over-Frame Relay or ATM tunnels: + The service provider establishes Layer 2 VCs between customer sites. NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 11ZA. «The service provider infrastructure appears as point-to-point links to the customer. Overlay Layer 3 VPN The service provider does not see customer routes and is responsible only for providing the point-to-point transport of customer data. Layer3 VPN IP tunneling pT Routing protocols run directly | + GRE is simple (and quicker). + IPsec provides authentication and security. | VPN Classification (Shared router) 25 GE 5 DMVPN (dedicated router) — (“carve ] GET VPN L2TPv3 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 12Peer-to-Peer VPN: implementation Techniques OA. PE-CE routing information is exchanged between CE and PE routers. Customer ste Customer site C CE Router - HUB CE Router ~ SPOKE Customer Site B Customer Site D CCE Router ~ SPOKE (CE Router ~ SPOKE PE routers exchange customer routes | | Customer routes are propagated through the PE through the core network. network and sent to other CE routers. Peer-to-Peer VPN: ACLs (Shared Router) nero OA. POP router carries all customer routes. Isolation between customers is achieved with the use of ACLs (packet filters) on PE-to-CE interfaces. NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 13Peer-to-Peer VPN: Split Routing (Dedicated Router) DECAL The P router contains all cistomer | [Each customer has a dedicated PE routes. router that carries only its routes. CE Router ‘through the lack of routing information ‘on the PE router. MPLS VPN NEA, ’ Customer Site A Customer Site C CE Router, CE routers route traffic to PE routers. Each customer has its own isolated routing table instance on PE router. P routers do not have customer route information. Label switching is enabled in service provider core. NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 14Overlay VPN MOA, » Benefits + Well-known and easy £0 implement + Service provider does not participate in customer routing. + Customer network and service provider network ate well olated, + Drawbacks Implementing optimum routing requires a fll mesh of VG. + VCs have to be provisioned manually + Bandwidth must be provisioned on a site-to-site bass + Overlay VPNs always incur encapsulation overhead (GRE or IPsec) Peer-to-peer VPN MOA. » Benefits + Guarantees optimum routing between customer sites + Exsier to provision an addtional VPN + Only sites provisioned, not links between ther + Drawbacks +The service provider participates in customer routing, Filters should be applied to customer links. +The service provider becomes responsible for customer convergence, + PE routers cary all routes from all customers + Asecure environment must be provided for customers + Complex configuration +The service provider needs detlled IP routing knowledge. NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 15Funan MOA. ‘Two options: + Traditional router-based networks connect via dedicated point-to-point links. + VPNs use emulated point-to-point links sharing a common infrastructure. The two major VPN models are overlay VPN and peer-to-peer VPN: (Overlay VPNs + use well-known technologies and are easy to implement. + VCs have to be provisioned manually. Peer-to-peer VPNs + guarantee optimum routing between customer sites. + require that the service provider participate in customer routing. MPLS VPN + Forward packets based on labels instead of IP » Combines the best of both Overlay and Peer-peer model Customer Site A Customer site C Provider (P) Core CE Router CE Router Customer site 8 Customer Site D CE Router NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 16NA. Multi-Protocol label switching Introduction to MPLS MOA, » Traditional IP Routing » Basic MPLS Features » Cisco Express Forwarding » MPLS Terminology » Benefits of MPLS NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 17Traditional IP Routing XA, 10/24 | Routing Routing Routing protocols are used to distribute Layer 3 routing information. A forwarding decision is made, based on: + Packet header + Local routing table Routing lookups are independently performed at every hop. Basic MPLS Features OA. eu —ememe > MPLS isa forwarding mechanism in which packets are forwarded based on labels. » MPLS packets can run on other layer 2 technologies such as ATM.FR, PPP, Ethernet, > MPLS Leverages both IP routing and CEF switching. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution J Page 18Cisco Express Forwarding MPLS Architecture: Control Plane Exchange of Routing Information Exchange of Label Information Cisco Express Forwarding XA, MPLS Architecture: Data Plane Incoming IP and Labeled Packets ‘Outgoing IP and Labeled Packets NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 19MPLS Architecture Example NA, LSRs forward packets based on labels and swap labels: + The last LSR in the path also removes the label and forwards the IP packet. Edge LSR: + Labels IP packets (Imposes label) and forwards them into the MPLS domain + Forwards IP packets out of the MPLS domain A sequence of labels to reach a destination Is called an LSP. NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 20Benefits of MPLS MOA. MPLS supports multiple applications including: MPLS Label o [abet ee J] —_ Unicast and multicast IP routing MPLS decreases forwarding overhead on core routers. BGP Free Core. MPLS can support forwarding of non-IP protocols VPN 1 Qos AToM 1920 222324 12 Header MPLS Label IP Packet MPLS uses a 32-bit label header that is inserted between 12 &13 of OSI + 20-bit label + 3-bit experimental field + Lbit bottom-ofstack indicator + 8.bit Time-to-Live field A single label correspond to single route and share them with MPLS neighbors( using LDP. protocol) NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 ww. noasolution: om Page 21MPLS Label Stack NA.. » Usually only one label is assigned to a packet, but multiple labels in a label stack are supported. » These scenarios may produce more than one label: MPLS VPNs (two labels): ‘The top label points to the egress router, and the second label identifies the VPN. MPLS TE (two or more labels): The top label points to the endpoint of the traffic engineering tunnel and the second label points to the destination. MPLS VPNs combined with MPLS TE (three or more labels) | MPLS Label Stack (Example) MOA. fot CNEL) acs The outer label is used for switching the packet in the MPLS network (points to the TE destination). Inner labels are used to separate packets at egress points (point to an egress router and identify a VPN). | NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 22 Inner LabelSharing the label information » MPLS do not forward based on the label automatically » We need to share the label information using LDP Label Distribution Protocols Works with IGP inside the Core Tag distribution Protocol + Cisco proprietary + Old (not used) + TCP port 711 Label distribution protocol + Standard + Default on cisco + UDP port 646 RSVP + Used for MPLS TE labels NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 23Configuring LDP NA. Pre-requirments: CEF enabled # show ip caf Rifsh ip cef ‘%CEF not running Prefix Next Hop Interface To enable CEF Ri(config)#ip cef Configuring LDP NA, Pre-requirements: 1. CEFenabled# show ip cef 2. IGP Routing I(config)mpls label protocol Idp i(config)#mpls Idp routerid loopback O (config) int s1/0 i(confg.i}#mpls ip M(configiend ‘#Show MPLS LDP Neighbor ‘#Show MPLS interfaces # show mplsidp bindings Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 24MOA. How LDP Label forwarding Works 1 IGP built Routing table ( FIB using CEF) ISR assigns a local label for each route learned [SR share the labels with neighbors using LDP [SR built their own LFIB 5. Forward packets based on label lookup Penultimate Hop Popping (PHP) » Penultimate hop popping optimizes MPLS performance » PHP removes the requirement for a double lookup to be performed on a egress PE {one less LFIB lookup) » The UB table will display a value of imp-null. Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 25Without PHP NGA. tabelrmoneon ‘ee Se CRS heecos OA. With PHP Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 26» To disable PHP Rx(config)# mpls Ip explict-null » Tore-enable PHP Rx(config}#no_mpls Idp expliit-null NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 27LAB: _CONFIUGURING LDP TASK: + Configure the basic IP addressing according to the diagram. * Configure ospf area 0 as IGP protocol running inside the MPLS SP network. + Advertise the loopback 0 interface also inside the IGP. Ri(config)#router ospf 1 Ri(config-router)#network 10.0.0.0 0.255.255.255 area 0 Ri(config-router)#network 1.0.0.0 0.255.255.255 area O Ri(config-router Ri(config-router)#exit R2(config)router ospf 1 R2(config-router)#network 20.0.0.0 0.255.255.255 area 0 Ra(config-router)#network 2.0.0.0 0.255.255.255 area 0 R2(config-router)#network 1.0.0.0 0.255.255.255 area 0 Ra(config-router R2(config-router)#end R3(config)router ospf 1 R3(config-router}#network 30.0.0.0 0.255.255.255 area 0 R3(config-router)#network 3.0.0.0 0.255.255.255 area 0 R3(config-router)#network 2.0.0.0 0.255.255.255 area 0 R3(config-router) NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 28R3(config-router}#exit Ra(config)#router ospf 1 Ra(config-router)#network 40.0.0.0 0.255.255.255 area 0 Ra(config-router)#network 3.0.0.0 0.255.255.255 area 0 fa{contgrouteryetwork 49.0.0 0.0.05 area 0 Ra(config-router)#end R3#sh ip ospf neighbor Neighbor ID Pri State Dead Time Address interface 12.0.3.4 0 FULLJ- 00:00:36 2.2.2.1 Serialt/o 14.034 0 FULL{- 00:00:38 3.3.3.2 Serialt/t Ra#sh ip ospf neighbor Neighbor ID Pri State Dead Time Address _ interface 1.034 0 FULL/ : Serialt/o 13.031 0 FULL - Serial Ri#sh ip route ospf © 2.0.0.0/8 [110/128] via 1.1.1.2, 00:00:20, Serialifo © 3.0.0.0/8 [110/192] via 1.1.1.2, 00: © 20.0.0.0/8 [110/65] via 11.1.2, 00:00: © 40.0.0.0/8 [110/193] via 1.1.1.2, 00: 12.0.0.0/32 is subnetted, 1 subnets © 12.0.0.1[ 110/65] via 1.1.12, 00:00:20, Seriali/o 13,0.0.0/32 is subnetted, 1 subnets © 13.0.0.1 [11oft29] via 1.2, 00:00:20, Serialifo 14.0.0.0/32 is subnetted, 1 subnets © 14,0.0.1 [110/193] via 1.1.1.2, 00:00:20, Serialt/o © 30.0.0.0/8 [110/129] via 1.11.2, 00:00:20, Serialt/o 20, Serialt/o Ri#sh ip cef Prefix Next Hop Interface 0.0.0.00 drop Nullo (default route handler entry) 0.0.0.0/32 receive 1.0.0.0/8 attached Serialiio 1.0.0.0/32 receive 141/32, receive 1.255.255.255/32, receive 2.0.0.0/8 142 Serialilo 3.0.0.0/8 1.44.2 Seriali/o 4,0.0.0/8 attached Serrialy/t 4.0.0.0)32 receive 4.4.4.2/32 receive NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 294.255.255.255/32 receive 10.0.0.0/8 attached -—_—*FastEtherneto/o 10.0.0.0/32 receive to-s.1/32_ receive 10.255.255.255/32 receive 11.0.0.0/24 attached ——_Loopbacko 11.0.0.0/32 receive 11.0.0./32 receive 11.0.0.255/32 receive tt.01.0/24 attached Loopback tt.0.1.0/32 receive Prefix NextHop _ Interface 11.04.32 receive 11.0.1.255/32 receive 11.0.2.0/24 attached ——_Loopback2 11.0.2.0/32 receive 11.02.4132 receive 11.0.2.255/52 receive 11.03.0/24 attached —Loopback3 11.0,3.0/32 receive 11.03.1132 receive 11,0.3.255/32_ receive 12.0.0.1/32 14.2 Serialtfo 13.0.0.1/32 Seriali/o 14.0.0.1/32 Seriali/o 20.0.0.0/8, Serialifo 30.0.0.0/8 Serials/o 40.0.0.08 11.2 Serialifo 224.0.0.0/4 drop 224.0.0.0/24 receive 255.255.255.255/32 receive Ri#sh ip route 40.0.0.0 Routing entry for 40.0.0.0/8 Known via "OSpftt distance) metric 193, type intra area Last update from 1.1.1.2 on Serialt/o, 00:00:50 ago Routing Descriptor Blocks: * 1.1.2, from 14.0:3.1, 00:00:50 ago, via Serialt/o Route metric is 193, traffic share count is 1 Cisco Express Forwarding (CEF) is advanced, Layer 3 IP switching technology. CEF optimizes network performance and scalability for networks with large and dynamic traffic patterns, such as the Internet, on networks characterized by intensive Web-based applications, or interactive sessions. NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 30* Cisco Express Forwarding is enabled by default on most Cisco platforms running Cisco 10S software Release12.0 or later. When Cisco Express Forwarding is enabled on a router, the Route Processor (RP) performs the express forwarding. * To find out if Cisco Express Forwarding is enabled on your platform, enter the show ip cef command. If Cisco Express Forwarding is enabled, you receive output that looks like this: Rt#sh ip cef 40.0.0.0 40.0.0.018, version 30, epach o, cached adjacency to Seriali/o o packets, o bytes (Wig TARE)SEHAHIONG dependencies next hop 1.11.2, Serialt/o valid cached adjacency Todisable CEF: Ri(config)#no ip cef Ri(config)#end If Cisco Express Forwarding is not enabled on your platform, the output for the show ip cef command looks like this: Riésh ip cef CEF not running Prefix Next Hop Interface Toenable CEF Ri(config)#ip cef Ri(config)end Ritesh ip cef 40.0.0.0 40.0.0.0]8, version 30, epoch o, cached adjacency to Seriali/o o packets, o bytes Via 1.1.1.2, Seriali/o, 0 dependencies next hop 1.11.2, Serialt/o valid cached adjacency NOTE: ‘+ Make sure that you are able to ping to loopback 0 of every router as we are going to establish the LDP neighborship based on MPLS router -1D (and it has to be advertised in the IGP for LDP peering) MPLS Label Protocol - LDP MPLS Idp routerid - Best to set it as the 1P must be reachable as i discovery hello messages. is used in the transport address in the LDP How the LDP Router-1D is derived If the MPLS Router1D command has not been applied NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 311. The router checks the IP addresses of all operational interfaces. 2. If any of these interfaces are loopbacks the router selects the highest loopback address for the LDP routerid 3. Ifno loopback interfaces are configured the highest operational IP address is selected as the LDP routerid ‘This default method of assigning the LDP router-id can cause problems if the assigned id is not able to be advertised by the routing protocol. ‘+ The mpls routerid command allows you to specify an interface as the LDP router-id. You need to make sure the specified interface is up s0 it’s IP address can be used. ‘+ Ifyouissue the command without the force option the router will select the ip address of the specified interface when it next selects an LDP router 1D. ‘+ When you issue the mpls Idp router-id with the force option if the interface is up and itis not currently using the IP address as the router-id the routerid changes. This will tear down any existing LOP sessions and will interupt the MPLS forwarding. TASK * Configure MPLS on all routers. Use LDP as protocol. * Configure LDP router ID has to be the loop 0 1D * Configure the routers to select the labels as below Ri 100499 R2 200299 R3 300399 R4 400-499 NOTE: Make sure the CEF is enabled.before you configure. Rifsh ip cef Pref NextHop Interface ‘+ Ifyou see the above output which means CEF is disabled or not runing. ‘+ Make sure that CEFis enabled as MPLS rely on CEF to build its label database. Ri(config)#mpls label range 100 199 Ri(config)#mpls label protocol Idp Ri(config)#mpls Idp router-id loopback o Ri(config)#int st/o Ri(config-f}¥mpls ip Ri(config-if}#end Ra(config)#mpls label range 200 299 R2(config)¢mpls label protocol Idp Ra(config)¢mpls Idp router id loopback 0 R2(config)#int st/o Ra(configif}#mpls ip Ra(config:f)#int stf R2(config-f)#mpls ip Ra(configif)#end NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 323(config)tmpls label range 300 399 3(config)#mpls label protocol Idp R3(config)¢mpls Idp router id loopback 0 R3(config)#int sto R3(config-if}#mpls ip R3(configif)#int sift R3(config-if}¥mpls ip R3(config-if}#end Ra(config)#mpls label range 400 499 Ra(config)#mpls label protocol Idp Ra(config)#mpls Idp router-id loopback 0 Ra(config)#int si/o Ra(config:if}#mpls ip Ra(config:f}¥end R3#sh mpls Idp neighbor Peer LOP Ident: 12.0.0.1:0; Local LDP Ident 13.0.0.1:0 TCP connection: 12.0.0.1.646 - 13.0.0.1.20380 State: Oper; Msgs sentircvd: 17/1 Up time: 00:00:47, LP discovery sources: Serialo, Src IP adi ‘Addresses bound to peer LDP Ident: 204A M2 22.24 12.0.0 ROA 2.024 120.34 Peer LDP Ident: 14.0.0.1:0; Local LDP Ident 13.0.0.t10 TCP connection: 14.0.0.1.30158 -13.0.0.1.646 State: Oper; Msgs sent/rcvd: 17/18; Downstream Up time: 00:00:06 LOP discovery sources: Serialt/t, Src IP addr: 3.3.3.2, Addresses bound to peer LDP Ident: 401A 333.2 4.441 14.0.0.1 140A 140.201 14.0.3-1 R3#sh mpls interfaces Interface 1P Tunnel Operational Serialt/o Yes(Idp) No Yes Serialt/t Yes(Idp) No Yes NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 33R2#sh mpls Idp neighbor SSFLDP ISSR HLGIOGE Local LDP Ident 12.0.0.10 TCP connection: 11.0.0.1.646 - 12.0.0.1.11373 State: Oper; Msgs sent/rcvd: 19/19; Downstream Up time: 00:01:45 LDP discovery sources: Seriali/o, Src IP addr: 1.1.14 ‘Addresses bound to peer LDP Ident: tat 4.4.2 110.01 TCP connection: 13.0.0.1.20380 - 12.0.0.1.646 State: Oper; Msgs sent/revd: 18/18; Downstream Up time: 00:01:10 LDP discovery sources: Serialtft, Src IP addr: 2.2.2.2 Addresses bound to peer LDP Ident: BO 2222 3334 13.0.0. 13.014 13.021 13.034 Rash mpls interfaces Interface iP Tunnel Operational Serialt/o Yes(Idp) No Yes Serial Yes(Idp) No Yes Rr#sh ip cef 40.0.0. 40.0.0.018, version 30, epoch o, cached adjacency to Serialt/o © packets, o bytes tag information set local tag: 19 fast tag rewrite with Se1/o, point2point, tags imposed: {201} Via 1.11.2, Serialt/o, 0 dependencies next hop 1.1.1.2, Serialt/o valid cached adjacency tag rewrite with Set/o, point2point, tags imposed: {201} R4#sh mpls Idp bindings 40.0.0.0 255.0.0.0 tid entry: 40.0.0.0/8, rev 12 local binding: tag: imp-null remote binding: tsr: 13.0.0. 0, tag: 302 R3#sh mpls Idp bindings 40.0.0.0 255.0.0.0 tib entry: 40.0.0.0/8, rev 10 local binding: tag: 302 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 34remote binding: tsr: 12.0.0.1:0, tag: 201 remote binding: tsr: 14.0.0.1:0, tag: imp-null + TIBis also equivalent to LIB. Tag Information Base was its old name when Label Switching was then called Tag Switching. * Local binding means what tag the router will put for the packet to destination, + Imp-null meaning it will not put because this is a locally originated. * Remote Binding means, the label the LDP neighbor router assigned to this subnet. + TSR (Tag Switching Router) old name for Label Switching Router (LDP) R3#sh mpls forwarding-table 40.0.0.08 Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tagorVC orTunnelid switched interface 302 Poptag 40.0.0.0/8 0 — Set/t_pointapoint ‘Where does the Untagged keyword appear? It only appears as the output label in the LFIB (Label Forwarding information Base) that you can inspect with the show mpls forwarding-table. means that the router has no output label associated If this LSR receives a packet with top label 102, it removesall labels and forwards the packet as an IP packet, because the outgoing label (tag) is Untagged. If this LSR were to receive a labeled packet with the top label 22, it would swap the label with label 17 and then forward it on the Etherneto/o/o interface. + Pop—The top label is removed. The packet is forwarded with the remaining label stack or as an unlabeled packet. Networks originating on the outside of the MPLS domain are not assigned any label on the edge LSR; instead, the POP label is advertised. + Swap—the top label is removed and replaced with a new label. + Push—The fop label is replaced with a new label (swapped), and dne or more labels dre added (pushed) on top of the swapped label. + Untagged/No Label—The stack is removed, and the packet is forwarded unlabeled. Ra#sh mpls Idp bindings 40.0.0.0 255.0.0.0 tib entry: 40.0.0.0/8, rev 10 local binding: tag: 201 remote binding: ts: 13.0.0.1:0, tag: 302 remote binding: tsr:11.0.0.1:0, tag: 103, Ra#sh mpls forwarding table 40.0.0.0 8 Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tagorVC orTunnelid switched interface 201 302 40.0.0.0/8 0 — Seti _point2point Rr#sh mpls Idp bindings 40.0.0.0 8 tib entry: 40.0.0.0/8, rev 12 local binding: tag: 103 remote binding: tsr:12.0.0.1:0, tag: 201 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 35Résh mpls forwarding-table 40.0.0.0 8 Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tagorVC orTunnel id switched interface 103 201 40.0.0.0/8 0 Seto _pointapoint Ri#ping 40.441 source t0.t-4.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 40.1.1, timeout is 2 seconds: Packet sent with a source address of 10.1.1 Success rate is 100 percent (5/5), round-trip min/avgimax = 32/57/76 ms Ri#traceroute 40.1.1 source 10.414 Type escape sequence to abort. Tracing the route to 40.1.1. 11.1.2 [MPLS: Label 201 Exp 0] 68 msec 60 msec 64 msec 22.2.2.2 [MPLS: Label 302 Exp 0] 64 msec 56 msec 52 msec 33.3.3.2.60 msec * 60 msec NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 36LAB: MPLS LDP Troubleshooting ZA. MPLS LDP Troubleshooting Show commands sh mpls interfaces sh ms Idp neigh shun int shun | in ps Possible issues: 1. _mpls ip not enabled ( MPLS 1P missing on interfaces connected) 2. protocol mismatch (TDP /LDP) global or at interface level 3, _ higher loopback ID taken as router ID which is not advertised In IGP 4, mismatch authentication if configured . 5. Filtering port 646 (LDP packets) TASK: * Continue with the previous lab. * Remove the Mpls Ip Command to Verify Troubleshooting Ri(config)#int s/t Ri(config if) Ri(config.if}# Ri(config.if}#end rsh mpls Idp neighbor Ri#sh mpls interfaces Interface 1P Tunnel Operational Ri(config)#int st/t Ri(config-if)}#mmplsip Ri(config.if)#end ish mpls Idp neighbor Peer LDP Ident: 12.0.0.1:0; Local LDP Ident 11.0.0.1:0 TCP connection: 12.0.0.1.51918 - 11.0.0.1.646 State: Oper; Msgs sent/revd: 52/52; Downstream Up time: 00:22:07 LDP discovery sources: Serialtfo, SreIP addr: 1.1.1.2 ‘Addresses bound to peer LDP Ident: NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 37OA 12 2.2.24 12.0.0.1 ROA 12.024 12.0.3.1 TASK: Change the MPLS protocol to TDP instead of LDP and verify the outputs R2(config)#mpls label protocol tdp Ra(config)vend Rt#sh mpls Idp neighbor Ri#sh mpls interfaces Interface IP Tunnel Operational Seriah/o Yes(Idp) No Yes Seriaht Yes(Idp) No Yes Rrésh run | in mpls mpls label range 100 199 mpls label protocol Idp mplsip mpls Idp routerid Loopbacko Ra¥sh mpls Idp neighbor Ro#sh mpls interfaces Interface 1P___Tunnel_ Operational Seriah/o No Yes Serialift No Yes Ro¥sh run] in mpls mpls label fate 200 299 mpls ip mpls ip mpls Idp router‘id Loopbacko R2(config)#no mpls label protocol tdp R2(config)#mpls label protocol Idp R2i#sh mpls Idp neighbor PEEEIDE MERRIE Local LDP ident 2.0.0110 TCP connection: 1.0.0.1.646 -12.0.0.1.42191 State: Oper; Msgs sent/revd: 27/27; Downstream Up time: 00:00:21 LOP discovery sources: Seriali/o, Src IP addr: 1.1.1.1 Addresses bound to peer LDP Iden fora aa 4d ‘ thos eer LOPIdeRB.0/6%E0; Local LDP Ident 12.0.0.t0 TCP connection: 13.0.0.1.14107 - 12.0.0.1.646 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 38State: Oper; Msgs sent/revd: 27/27; Downstream Up time: 00:00:20 LOP discovery sources: Serialth, StciP addr: 2.2.2.2 Addresses bound to peer LOP Ident: BOA 2222 3334 13.0.0. 301 1300.24 13.034 Rt#sh mpls Idp neighbor PTLD TERETE] Local LDP ident 1.0.00 TCP connection: 12.0.0.1.42191 -1.0.0.1.646 State: Oper; Msgs sent/revd: 27/27; Downstream Up time: 00:00:33, LOP discovery sources: Serialtfo, Src IP addr: 1.1.1.2 Addresses bound to peer LOP Ident: OAL AED DIA 1011 120.21 12.031 ont TASK: Create loopback 10 and make it as MPLS Idp router-id on R2 R2(config)#int loop 10 Ra(config-if}#ip add 172.16.1.1 255.255.255.0 Ra(config-if}#end R2(contig)4mpls Idp router-id loopback 10 force Ra#sh mpls Idp neighbor Ra#sh mpls Idp neighbor Ra¥sh mpls interfaces Interface IP Tunnel Operational Seriah/o Yes(Idp) No Yes Serial Yes(Idp) No Yes rsh mpls interfaces Interface 1P Tunnel. Operational Seriahfo Yes(Idp) No Yes Ra¥sh run | in mpls mpls label range 200 299 mpls label protocol Idp mplsip ai : Rosh ip int brief Interface IP-Address OK? Method Status Protocol FastEthernetolo —20.1-11 YES NVRAM up up Fastéthernetoft unassigned YES NVRAM administratively down down NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 39Serialfo ta2 YESNVRAM up up Serialit 2.224 YES NVRAM up up. Seriah/2 unassigned YES NVRAM administratively down down Seriah/3 unassigned YES NVRAM administratively down down Loopbacko 120.01 YES NVRAM up up Loopbackt YES NVRAM up up Loopback2 ‘YES NVRAM up up Loopback3 YES NVRAM up up manual up up rsh mpls Idp neighbor Peer LDP Ident: 14.0.0.1:0; Local LDP Ident 11.0.0.110 TCP connection: 14.0.0.1.15677 -11.0.0.1.646 State: Oper; Msgs sent/revd: 35/35; Downstream Up time: 00:07:38 LOP discovery sources: Serialift, Src IP addr: 4.4.4.1 Addresses bound to peer LDP Ident: 40.114 3332 dt — 1.0.0.1 14.014 14.024 14.031 Redping 1772.16.14 Translating "172.161 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds: Success rate is 0 percent (0/5) Solution: ‘* Advertise loopback 10 in IGP or change router-id to some address which is already advertised Riéping 12.0.0. Translating "12.0.0.1" Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.0.0.1, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax = 32/84/132 ms Ra(config)#mpls Idp router-id loopback 0 force patch mpls dp neighbor Peer UDP eeriSOBHERSE LO? dent 2.0.0.0 TCP connection: 13.0.0.1.44501 -12.0.0.1.646 State: Oper; Msgs sent/rcvd: 28/27; Downstream Up time: 00:00:08 LOP discovery sources: Seriali/t, Src IP addr: 2.2.2.2 Addresses bound to peer LDP Ident: 30-01-2222 3334 13.0.0. 13.014 13.021 13.034 Local LDP Ident 12.0.0.1:0 TCP connection: 11.0.0.1.646 - 12.0.0.1.60014 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 40State: Oper; Msgs sent/revd: 28/27; Downstream Up time: 00:00:03 LOP discovery sources: Seriat[o, Src IP addr: 1.1.1 Addresses bound to peer LOP Ident: HOt tet dude. 1.0.0.4 ord 1.0.24 110.34 R2(config)#mpls Idp neighbor 11.0.0.1 password ciscot23 Ra(config)#end Ri#sh mpls Idp neighbor Rifsh mpls interfaces Interface 1P Tunnel Operational Seriali/o Yes(Idp) No Yes Serial Yes(Idp) No Yes Ra#sh mpls interfaces Interface IP Tunnel Operational Seriali/o Yes(Idp) No Yes Serialif Yes(Idp) No Yes ish run | in mpls mpls label range 100199 mpls label protocol Idp mpls ip mpls Idp router-id Loopbacko Ro¥sh run] in mpls mpls label range 200 299 mpls label protocol Idp mpls ip mpls ip mpls Idp routerid Loopbacko force Ridping 12.0.0.1 source 11.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 12.0.0.1, timeout is 2 seconds: Packet sent with a source address of 11.0.0.1 Success rate is 100 percent (5/5), round-trip min/avgimax = 8]76/188 ms Ri(config)#mpls Idp neighbor 12.0.0.1 password cisco123 rsh mpls Idp neighbor Peer LDP Ident: 12.0.0.1:0; Local LDP Ident 11.0.0. TCP connection: 12.0.0.1.14810 -11.0.0.1.646 State: Oper; Msgs sentirevd: 27/2 Up time: 00:00:03 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 41LOP discovery sources: Serialtfo, Sre1P addr: 1.1.1.2 Addresses bound to peer LDP Ident: OANA AA2 222A 1.0.0.4 120.1 120.21 120.34 172.1644 LAB_MPLS LDP PEERING LooPBACKS 100/34 iao.i/as iaoai/as 203.1138 es Se LooPBACKS LOOPBACKS 11.0.0.1/24 fy 13.0.0.1/24 11.0.1.1/24 . ef 13.0.1.1/28 11.0.211/24,,° > ‘ea, 13.0.2.1/24 11.03.1724) *F13.0.3.1/24 10.1.1. 14.0.3.1/24 TASK: * Configure the basic IP addressing according to the diagram. * Configure ospf area 0 as IGP protocol running inside the MPLS SP network. * Advertise the loopbacks interfaces also inside the IGP Ri Ri(config)#router ospf 1 Ri(config-router}# network 1.1.1.1 0.0.0.0 area 0 Ri(configrouter)# network 4.4.4.2 0.0.0.0 area 0 Ri(config-router}#network 10.0.0.0 0.255.255.255 are 0 Ri(config-router)# network 11.0.0.0 0.255.255.255 area 0 Ri(config-router)# R2 Ra(config)# router ospf 1 Ra(config-router)# network 1 Ra(config-router)# network 2.2. Ra(config-router)#network 20.0.0.0 0.255.255.255 are 0 Ra(config-router)# network 12.0.0.0 0.255.255.255 area 0 Ra(config-router)#exit R3 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions.com Page 42R3(config)# router ospf 1 R3(config-router)# network 2.2.2.2 0.0.0.0 area o R3(config-router)# network 3.3.3.1 0.0.0.0 area o R3(config-router)#network 30.0.0.0 0.255.255.255 are 0 R3(config-router)# network 13.0.0.0 0.255.255.255 area 0 R3(config-router)#end Ra Ral Ral Ral Ral Rat Ral config)router ospf 1 config-router)# network 3.3.3.2 0.0.0.0 area 0 configrrouter)# network 4.4.4.1 0.0.0.0 area 0 config-router}#network 40.0.0.0 0.255.255.255 area 0 config-router)# network 14.0.0.0 0.255.255.255 area 0 config-router)¥end Rt#sh ip ospf neighbor Neighbor ID Pri State Dead Time Address _interface moar 9 Full nonso a4 Seah 00:00:32 Serialy/o R3#sh ip ospf neighbor NeighborID Pri State Dead Time Address Interface 14.034 0 FULL/- 00:00:35 3.3.3.2 Seriali/t 12.034 0 FULLJ- 00:00:34 2.2.21 — Serialtfo Rr#sh ip route ospf © 2.0.0.0/8 [110/128] via 1.1.1.2, 00:02:01, Serialifo 3.0.0.0/8 [110/128] via 4.4.4.1, 00:02:01, Serials/1 12,0,0.0/32 is subnetted, 4 subnets 12.0.1. [110/65] via 1.14.2, 00:02:01, Serialt/o 12.0.0.1 [110/65] via 1.14.2, 00:02:01, Serialt/o 12.0.3.1 [110]65] via 1.1.1.2, 00:02:01, Serialt/o 12.0.2.1 [110/65] via 1.1.12, 00:02:01, Serialt/o 13.0.0.0/32 is subnetted, 4 subnets 13.0.0. [110/129] via 4.4.4.1, 00:02:01, Serialt/t [110/129] via 1.12.2, 00:02:01, Serials/o © 13.0.1 [110/129] via 4.4.4.1, 00:02:01, Seriali/ [110/129] via 1.1.12, 00:02:01, Serialt/o © 13.0.2.1[110/129] via 4.4.4.1, 00:02:01, Serialt/+ [110/129] via 1.1.2, 00:02:01, Serialt/o © 13.0.3.1[110/129] via 4.4.41, 00:02:01, Serialt/t [110/129] via 1.1.12, 00:02:01, Serialt/o 14.0.0.0/32 is subnetted, 4 subnets 1 [110/65] via 4.4.4.1, 00:02:01, Serialt/t 4 [110/65] via 4.4.4.1, 00:02:01, Serialtft 0.1.1 [110/65] via 4.4.4.1, 00:02:01, Serialt/t 14.0.0.1 [110/65] via 4.4.4.1, 00:02:01, Serialt/t ° oo00 ° e000 Rash ip route ospf © 3.0.0.0/8 [110/128] via 2.2.2.2, 0 © 4,0.0.0/8 [110/128] via 1.1.1.1, 0 11.0.0.0/32 is subnetted, 4 subnets |, Serialif 4, Serialt/o NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 431.0.2.1 [110/65] via 1.11.1, 00:02:34, Seriali/o 11.0,3.1 [110/65] via 1.11.1, 00:02:34, Serialt/o 1.0.0.1 [110/65] via 1141.1, 00:02:34, Serialt/o 11.0.1. [110/65] via 1.11.1, 00:02:34, Serialt/o 13.0.0.0/32 is subnetted, 4 subnets 13.0.0.1 [110/65] via 2.2.2.2, 00:02:34, Serialt/t 4.1 [110[65] via 2.2.2.2, 00:02:34, Serialt/1 2.1 [110]65] via 2.2.2.2, 00:02:34, Serialt/t 13.0.3.1 [110/65] via 2.2.2.2, 00:02:34, Serialtft 14.0.0.0/32 is subnetted, 4 subnets 2000 e000 © 14.0.3:1 [110/129] via 2.2.2.2, 00:02:34, Serialt/1 [110/129] via 1.1.11, 00:02:34, Serialt/o ° 41 [110/129] via 2.2.2.2, 00:02:34, Serialt/t [110/129] via 1.1.14, 00:02:34, Serialt/o © 14.0.1. [110/129] via 2.2.2.2, 00:02:34, Serialt/1 [110/129] via 1.1.1.1, 00:02:34, Serialt/o © 14.0.041[110/129] via 2.2.2.2, 0 Serialt/1 [110/129] via 1.1211, 00:02:34, Serialsfo R3#sh ip route ospf © 1.0.0.0/8 [110/128] vie 2.2.2.1, 00:02:44, Serialt/o © 4.0.0.0/8 [110/128] via 3.3.3.2, 00:02:44, Seriali/t 11.0.0.0/32 is subnetted, 4 subnets © 11.0.2: [110/129] via 3.3.3.2, 00:02:44, Serialt/t [110/129] via 2.2.2.1, 00:02:44, Seriali/o © 11.03.1[ 110/129] via 3.3:3.2, 00:02:44, Serialt/t [rt0/129] via 2.2.2.1, 00:02:44, Serialt/o © 1.0.0.1 [110/129] via 3.3.3.2, 00:02:44, Serialt/1 [110/129] via 2.2.2.1, 00:02:44, Serialt/o © 1.0.14 [110/129] vie 3.3.3.2, 00:02:44, Serialy/ [110/129] via 2.2.2.1, 00:02:44, Seriali/o 12.0.0.0/32 is subnetted, 4 subnets © 12.0.1 [110/65] via 2.2.2.1, 00:02:44, Serialifo © 12.0.0.1[ 110/65] vie 2.2.2.1, 00:02:44, Seriali/o © 12.0.3 [110/65] via 2.2.2.1, 00:02:44, Serialt/o © 12.0.2.1[ 110/65] via 2.2.2.4, 00:02:44, Serialt/o 14.0.0.0]32 5 subnetted, 4 subnets 14.0.3.1 [110/65] via 3.3.3.2, 00:02:44, Serial 14.0.2.1 [110/65] vie 3.3.3.2, 00:02:44, Serialt/t 14.0.1.1 [110/65] via 3.3.3.2, 00:02:44, Serialt/t 14.0.0.1 [110/65] via 3.3.3.2, 00:02:44, Seriali/1 e000 Raash ip route ospf © 1.0.0.0/8 [110/128] via 4.4.4.2, 00:02:44, Serialt/ © 2.0.0.0/8 [110/128] via 3.3.3.1, 00:02:44, Serialt/o 11.0.0.0]32:s subnetted, 4 subnets 1.0.2.1 [110/65] via 4.4.4.2, 00:02:44, Serialt/ 11.0:3.1 [110/65] via 4.4.4.2, 00:02:44, Serialt/t 1.0.0.1 [110/65] via 4.4.4.2, 00:02:44, Serialt/t ‘1.0.1.1 [110/65] via 4.4.4.2, 00:02:44, Serialt/1 12.0.0.0/32.is subnetted, 4 subnets 2000 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution ‘om Page 44© 12.0414 [110/129] via 4.4.4.2, 00:02:44, Serialt/t [10/129] via 3.3.3.1, 00:02:44, Serialt/o © 12.0.0.1[ 110/129] via 4.4.4.2, 00:02:44, Seriali/t [110/129] via 3.3.3.1, 00:02:44, Serialt/o © 12.0.3.1[110/129] via 4.4.4.2, 00:02:44, Serialt/t [110/129] via 3.3.3.1, 00:02:44, Serialtfo 12.0.2.1 [110/129] via 4.4.4.2, 00:02:44, Serialt/1 [110/129] via 3.3.3.1, 00:02:44, Serialt/o 13.0.0.0/32 is subnetted, 4 subnets 13.0.0.1 [110/65] via 3.3.3.1, 00:02:44, Serialt/o 13.0.1.1 [110/65] via 3.3.3-1, 00:02:44, Serialt/o 4, Seriali/o 44, Serialio ° 0000 NOTE: * Make sure that you are able to ping to loopback o of every router as we are going to establish the LDP neighborship based on MPLS router -1D (and it has to be advertised in the IGP for LDP peering) MPLS Label Protocol - LDP MPLS Idp router‘id - Best to set it as the IP must be reachable as itis used in the transport addresss in the LDP discovery hello messages. How the LDP Router-ID is derived If the MPLS Router1D command has not been applied 4. The router checks the IP addresses of all operational interfaces. 5. If any of these interfaces are loopbacks the router selects the highest loopback address for the LDP routerid 6. If no loopback interfaces are configured the highest operational IP address is selected as the LDP routerid ‘+ This default method of assigning the LDP router-id can cause problems if the assigned id is not able to be advertised by the routing protocol. ‘+The mpls router-id command allows you to specify an interface as the LDP router-id. Youneed to make sure the specified interface is up soit’s IP address can be used. ‘+ IFyouissue the command without the force option the router will select the ip address of the specified interface when it next selects an LDP router 1D. ‘+ When you issue the mpls Idp router-id with the force option if the interface is up and itis not currently using the IP address as the router-id the routerid changes. This will tear down any existing LDP sessions and will interupt the MPLS forwarding. TASK * Configure MPLS on all routers. Use LDP as protocol. * Configure LDP router ID has to be the loop 0 1D * Configure the routers to select the labels as below Ri 100199 R2 200299 R3 300399 R4 400-499, NOTE: Make sure the CEF is enabled.before you configure. Riésh ip cef Prefix NextHop _ Interface NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 45‘+ Ifyou see the above output which means CEF is disabled or not ruuning. ‘+ Make sure that CEF is enabled as MPLS rely on CEF to build its label database. Ri (config) #ip cef Ri(config)#mpls label protocol ldp Ri(config)# mpls label range 100 199 Ri(config)# mpls ldp router-id loopback 0 Ri(config}# int s/o Ri(config.if}# mpls ip Ri(config.f}# exit Ri(config)# int si/t Ri(config-if}# mpls ip R2 R2(config)empls label protocol Idp Ra(config)# mpls label range 200 299 Ra(config)# mpls Idp router-id loopback 0 Ra(config)# int silo Ra(config-f}# mplsip Ra(configif}# exit Ra(config)# int sift Ra(config-f)# mpls ip Ra(configif}#end R3 3(config)#mpls label protocol Idp R3(config)# mpls label range 300 399 R3(config)# mpls Idp router-id loopback 0 R3(config)# int si/o R3(config:if}# mpls ip R3(config:f}# int sift R3(config:if}# mpls ip R3(config:if}#end Ra R4(config)¢mpls label protocol Idp Rq(contig)# mpls label range 400 499 Ra(config)# mpls Idp router-id loopback 0 Ra(config)# int st/o Ra(configif}# mpls ip Ra(configif}# exit Ra(config)# int si/t Ra(configif}# mpls ip NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 46Ra(configif)#end Rt#sh mpls Idp neighbor ‘SFL Ident 1858} Loca LDP ident 1.00.20 TCP connection: 12.0.0.1.49535 - 1.0.0.1.646 State: Oper; Msgs sent/revd: 29/29; Downstream Up time: 00:05:03, LDP discovery sources: Seriali/o, Src IP addr: 1.1.1.2 Addresses bound to peer LDP ident: DOA A222 12.0.0 Road 2. 12.03. RSFLDP IER 4LGLOIHGS Local LDP Ident 1. TCP connection: 14.0.0.1.48141 -1.0.0.1.646 State: Oper; Msgs sent/rcvd: 24/24; Downstream Up time: 00:00:15 LDP discovery source: Serials, Src1P addr: 4.4.4.1 ‘Addresses bound to peer LDP Ident: 40rd) 3332 4ddt 14.0.0. 14.0.4 14.024 14.0.3.4 R3#sh mpls Idp neighbor ae Seo TERIEROT TCP connection: 12.0.0.1.646 - 13.0.0.1.25930 State: Oper; Msgs sent/revd: 30/30; Downstream Up time: 00:05:13, LOP discovery sources: Serialtfo, Src IP addr: 2.2.2.1 ‘Addresses bound to peer LDP Ident: 2AM AAD -2.224-| 2.0.0.4 1.0.14 12.0.3.4 Peer LDP Ident: 14.0.0.1:0; Local LDP Ident 13.0.0.1:0 TCP connection: 14.0.0.1.45733 -13.0.0.1.646 State: Oper; Msgs sent/rvd: 29/28; Downstream Up time: 00:04:30 LOP discovery sources: Serialih, SrcIP addr: 3.3.3.2 Addresses bound to peer LDP Ident: 40114 3332 4g — 1.0.0.1 14.0.4 14.024 14.0.3.1 20 Rifsh mpls interfaces Interface 1P___Tunnel_ Operational No Yes Seriali(t Yes(Idp) No Yes Ra#sh mpls interfaces Interface 1P-_—‘Tunnel_ Operational Serialilo Yes(Idp) No Yes Serialit —Yes(Idp) No Yes NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 47R3#sh mpls interfaces Interface IP Tunnel Operational Seriah/o Yes(Idp) No Yes Serial Yes(Idp) No Yes Ra#sh mpls interfaces Interface IP Tunnel Operational Seriah/o Yes(Idp) No Yes Seriaht Yes(Idp) No Yes ish mpls Idp bindings 14.0.0.1:0, tag: 400 0.0/8, rev 4 ‘0, tag: imp-null remote binding: tsr: 14.0.0.1:0, tag: 401 ti entry: 3.0.0.0/8, rev 6 local binding: ta 0, tag: 200 5 14.0.0.120, tag: imp-null tib entry: 4.0.0.0/8, rev 8 5 14,0.0.120, tag: imp-null 0.0.0.0/8, rev 10 local binding: tag: imp-null /11.0.0.0)24, rev 18 local binding: tag: tib entry: 11.0.1.1/32, rev 47 0, tag: 205 remote binding: tsr: 14.0.0.1:0, tag: 405, tib entry: 1.0.2.0/24, rev 14 local binding: tag: imp-null 1.0.2.1132, FeV 44 0, tag: 202 remote binding: tsr: 14.0.0.1:0, tag: 402 tib entry: 1.0.3.0/24, rev 12 Local binding: tag: imp-null tib entry: 11.0.3.1152, rev 45 Remote binding: tag: 203, Remote binding: ts: 14.0.0.1:0, tag: 403 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 48tib entry: 12.0.0.0/24, rev 48 1 14.0.0.1:0, tag: 407 tib entry: 12.0.1.0)24, rev 49 0, tag: imp-null 1 14.0.0.10, tag: 406 tib entry: 12.0.2.0/24, rev50 0, tag: imp-null 5 14.0.0.120, tag: 409 tib entry: 12.0.3.0/24, rev 51 10, tag: imp-null /:12.0.3.1/32, TeV 24 local binding: tag: 104 14.0.0.1:0, tag: 408 tib entry: 13.0.0.1/32, rev 28 local binding: ta remote binding: tsr: 12.0. 5 14.0.0.120, tag: 410 ti entry: 13.0.1.132, rev 30 local binding: tag: 107 remote binding: tsr: 12.0. remote binding: ts: 14.0.0.1:0, tag: 411 13.0.2-1[32, FEV 32 14.0.0.10, tag: 412 13.0.3.1/32, Fev 34 local binding: tag: 109 remote bindin 0, tag: 209 remote binding: tsr: 14.0.0.1:0, tag: 413 tib entry: 14.0.0.0/24, rev 55, remote binding: tsr: 4.0.0.0, tag: imp-null tib entry: 14.0.0.1/32, rev 42 local binding: tag: 113 remote binding: tsr:12.0.0.1:0, tag: 213, tib entry: 14.0.1.0/24, rev 56 remote binding: ts: 4.0.0.1:0, tag: imp-null 14.01.1132, FeV 40 remote binding: tsr:12.0.0.1:0, tag: 212 tib entry: 14.0.2.0/24, rev 53 : tS 14.0.0.420, tag: imp-null :14.0.2.1[32, FeV 38 local binding: tag: 111 remote binding: ts: 12.0.0.1:0, tag: 211 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 49tib entry: 14.0.3.0/24, rev 54 5: 14,0.0.120, tag: imp-null rev 36 110 tib entry: 40.0.0.0/8, rev 52 remote binding: tsr: 14.0.0.1:0, tag: imp-null Ra¥sh mpls Idp bindings 0/8, rev 2 local binding: tag: imp-null 5: 13.0.0.110, tag: 300, tib entry: 2.0.0.0/8, rev 4 remote binding: ts: 13.0.0.1:0, tag: imp-null tid entry: 3.0.0.0/8, rev 6 local binding: tag: 200 remote binding: tsr:11.0.0.1:0, tag: 101 remote binding: ts: 13.0.0.1:0, tag: imp-null tib entry: 4.0.0.0/8, rev 8 tib entry: 10.0.0.0/8, rev 43 remote binding: ts: 11.0. tib entry: 11.0.0.0)24, rev 47 remote binding: tsr:11.0.0.1:0, tag: imp-null |:0, tag: imp-null tib entry: 11.0.1.0/24, rev 46 remote binding: tsriifis0v0H:0) tags imip=null tib entry: 11.0.1.1/32, rev 18 local binding: tag: 205 remote binding: ts: 13.0.0.1:0, tag: 305 tib entry: 1.0.2.0/24, rev 45, remote binding: tsr:11.0.0.1:0, tag: imp-null tib entry: 1.0.2.1/52, rev 12 local binding: tag: 202 remote binding: tsr:13.0.0.1:0, tag: 302 tib entry: 11.0.3.0/24, rev 44 remote binding: tsr:11.0.0.1:0, tag: imp-null ti entry: 1.0.3.1/52, rev 14 local binding: tag: 203 remote binding: ts: 13.0.0.1:0, tag: 303 tid entry: 12.0.0.0/24, rev 20 local binding: tag: imp-null NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 50tib entry: 12.0.0.1132, rev 49 5 1,0.0.1:0, tag: 103 LS 13.0.0.1:0, t2g: 307 12.0.1.0/24, rev 22 local binding: tag: imp-null tib entry: 12.0.1.1/32, rev 48 remote binding: tsr:11.0.0.1:0, tag: 102 remote binding: ts: 13.0.0.1:0, tag: 306 7 12.0.2.0]24, FeV 24 local binding: tag: imp-null tib entry: 12.0.2.1/32, rev 51 0, tag: 105, tS: 13.0.0.1:0, tag: 309 :12.0.3.0)24, Fev 26 local binding: tag: imp-null tid entry: 12.0.3.1/32, rev 50 0, tag: 104 tS: 13.0.0.1:0, tag: 308 tib entry: 13.0.0.0/24, rev 53 remote binding: tsr: 13.0.0.1:0, tag: imp-null tib entry: 13.0.0.1/32, rev 28 local binding: ta remote binding: tsr: tt /:13.0.1.0/24, rev 52 5 13.0.0.1:0, tag: imp-null tib entry: 13.0.1.1/32, rev 30 0, tag: 106 1ST 11.0.0.1:0, tag: 107 2 13.0.2.0]24, FeV 55 5: 13.0.0.120, tag: imp-null tib entry: 13.0.2.1/32, rev 32 tS: 1.0.0.1:0, tag: 108 tib entry: 13.0.3.0/24, rev 54 13.0.0.120, tag: imp-null ti entry: 13.0.3.1/32, rev 34 5 tS 11.0.0.1:0, tag: 109, tib entry: 14.0.0.1/32, rev 42 13 1 13.0.0.120, tag: 313 tid entry: 14.032, rev 40 0, tags 112 remote binding: tsr:13.0.0.1:0, tag: 312 tib entry: 14.0.2.1/32, rev 38 local binding: ta 5 13.0.0.420, tag 311 tib entry: 14.0.3.1/32, rev 36 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 51local binding: tag: 210 local binding: tag: imp-null, tib entry: 30.0.0.0/8, rev 56 remote binding: tsr:13.0.0.1:0, tag: imp-null R3#sh mpls Idp bindings tib entry: 1.0.0.0/8, rev 2 0/8, rev 6 imp-null remote binding: ts: 12.0.0.1:0, tag: 200 5: 14,0.0.1:0, tag: imp-null, 712.0.0.40, tag: 201 remote binding: ts: 14.0.0.1:0, tag: imp-null tib entry: 11.0.1.1/32, rev 16 : 0, tag: 205 remote binding: ts: 14.0.0.1:0, tag: 405 1.0.2.1/32, rev 10 local binding: tag: 303 remote binding: tsr:12.0.0.1:0, tag: 203 remote binding: tsr:14.0.0.120, tag: 403 tib entry: 12.0.0.0/24, rev 44 remote binding: tsr: 12.0 0, tag: imp-null local binding: tag: 306 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 52remote binding: tsr: 14.0.0.1:0, tag: 406 ti entry: 2.0.2.0/24, rev 46 , tag: imp-null remote binding: ts: 14.0.0.1:0, tag: 409 tib entry: 12.0,3.0/24, rev 47 remote binding: tsr: 12.0. /: 12.03.1132, Fev 22 0, tag: imp-null remote binding: tsr:14.0.0.1:0, tag: 408 tib entry: 3.0.0.0/24, rev 28 local binding: tag: tib entry: 13.0.0.1152, rev 48 0, tag: 206 remote binding: tsr: 14.0.0.t:0, tag: 410 tib entry: 13.0.1.0/24, rev 26 local binding: tag: tib entry: 13.01.12, rev 49 0, tag: 207 remote binding: tsr: 14.0.0.10, tag: 411 tib entry: 13.0.2.0/24, rev 32 local binding: tag: imp-null :13.0.2.1/32, FeV 50 5: 12.0.0.1:0, tag: 208 remote binding: tsr: 14.0.0.1:0, tag: 412 tib entry: 13.0,3.0/24, rev 30 local binding: tag: imp-null tib entry: 13.0.3.1/32, rev 51 0, tag: 209 remote binding: tsr:14.0.0.1:0, tag: 413 tib entry: 14.0.0.0/24, rev 55, remote binding: ts: 14.0.0.1:0, tag: imp-null tib entry: 14.0.0.1/32, rev 40 remote binding: ts: 12.0.0.1:0, tag: 213, ti entry: 14.0.1.0/24, rev 56 remote binding: ts: 14.0.0.:0, tag: imp-null tib entry: 14.0.1.1/32, rev 38 remote binding: tsr:12.0.0.1:0, tag: 212 ti entry: 14.0.2.0/24, rev 53 remote binding: tsr: 14.0.0.1:0, tag: imp-null :14.0.2.1]32, FeV 36 remote binding: ts: 12.0.0.1:0, tag: 211 tib entry: 14.0.3.0/24, rev 54 tS: 14,0.0.120, tag: imp-null :14.0.3.1132, TeV 34 local binding: tag: 310 remote binding: ts: 12.0.0.1:0, tag: 210 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 53tib entry: 20.0.0.0/8, rev 43, 5 imp-null tid entry: 40.0.0.0/8, rev 52 remote binding: tsr: 14.0.0.:0, tag: imp-null Ra#sh mpls Idp bindings 5 13.0.0.120, tag: imp-null remote binding: tsr: 11.0.0.1:0, tag: 100 .0.0.0/8, rev 6 local binding: tag: remote binding: tsr:13.0.0.t9, tag: imp-null tib entry: 10.0.0.0/8, rev 52 remote binding: tsr:11.0.0.1:0, tag: imp-null ti entry: 1.0.0.0)24, rev 56 remote binding: ts: 11.0.0.1:0, tag: imp-null f 1.0.1.0)24, FeV 55 remote binding: tib entry: 11.0.1.1/32, rev 18 local binding: tag: 405 remote binding: ts: 13.0.0.120, tag: 305 tib entry: 1.0.2.0/24, rev 54 remote binding: tsr:11.0.0.1:0, tag: imp-null tib entry: 11.0.2.1/32, rev 12 local binding: tag: 402 remote binding: tsr:13.0.0.1:0, tag: 302 tib entry: 11.0.3.0/24, rev 53 remote binding: tsr: /:11.0,3.1/32, FeV 14 0, tag: imp-null remote binding: tsr:13.0.0.1:0, tag: 303 tib entry: 12.0.0.1/32, rev 22 local binding: tag: 407 ES: 13.0.0.1:0, tag: 307 0, tag: 103, fib entry 2.0.11132, rev 20 NOA solutions,N.K Arcade, 2nd & 3rd Floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40° 65890380, 491 7036826345 wa. noasolution: om Page 54local binding: tag: 406 5 13.0.0.120, tag: 306 0, tag: 102 1 1.0.0.1:0, tag: 105, tib entry: 12.0.3.1/32, rev 24 5: 13.0.0.1:0, tag: 308 remote binding: ts: 11.0.0.1:0, tag: 104 tib entry: 13.0.0.0/24, rev 44 : tS: 13.0.0.1:0, tag: imp-null 13.0.0.1132, rev 28 local binding: tag: 410 remote binding: tsr:11.0.0.1:0, tag: 106 tib entry: 13.0.1.0/24, rev 43, remote binding: tsr:13.0.0.1:0, tag: imp-null tib entry: 3.0.1.152, rev 30 remote binding: ts: 11.0.0.1:0, tag: 107 tib entry: 13.0.2.0/24, rev 46 remote binding: ts: 13.0.0.1:0, tag: imp-null 13.0.2.1/32, TeV 32 remote binding: tsr:11.0.0.1:0, tag: 108 tib entry: 13.0.3.0/24, rev 45 remote binding: ts: 13.0.0.1:0, tag: imp-null tib entry: 13.0.3.1132, rev 34 local binding: tag: 413 remote binding: tsr:11.0.0.1:0, tag: 109 tib entry: 14.0.0.0/24, rev 40 local binding: tag: imp-null tib entry: 14.0.0.1/32, rev 50 remote binding: tsr: 13.0.0.t:0, tag: 313 remote binding: tsr:11.0.0.1:0, tag: 113 tib entry: 14.0.1.0/24, rev 42 local binding: tag: imp-null tib entry: 14.0.1.1/32, rev 49 remote binding: ts: 13.0.0.1:0, tag: 312 remote binding: tsr:11.0.0.1:0, tag: 112 ti entry: 14.0.2.0/24, rev 36 local binding: tag: imp-null 14.0.2.1/32, Fev 48 5: 13.0.0.1:0, tag 311 remote binding: tsr:11.0.0.1:0, tag: 111 tib entry: 14.0.3.0/24, rev 38 local binding: tag: imp-null tib entry: 14.0.3.1132, rev 47 remote binding: tsr: 13.0.0.1:0, tag: 310 remote binding: tsr:11.0.0.1:0, tag: 110 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 55tib entry: 30.0.0.0/8, rev 51 5 13.0.0.1:0, tag: imp-null 0.0.0.0]8, rev 10 rsh mpls forwarding-table Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tagorVC orTunnelid switched interface 100 Poptag 20.0.0/8 0 — Sei/o _pointapoint 101 a 3.0.0.0/8 0 Serf ‘ an 103 Untagged 12.0.0.1/32 0 Seto _pointapoint 104 Untagged 12.03.32 0 — Setfo _point2point 105 Untagged 12.0.2.1/32 0 — Setjo_pointapoint 106 410 13.0.0.1/32 0 —_Setft_pointapoint 206 © 13.0.0.1/32 0 Set/o_pointapoint 107 4it_ 13.0.14132 0 Setft_pointzpoint 207 13.0.15/32 0 Sesfo_pointapoint 108 412 13.0.2:/32 0 Sei/t_pointapoint 208 13.0.2.1/32 0 — Setfo_pointapoint 109 413 13.03.1132 0 Sexft_pointapoint 209 13.0.3.1/32 0 —Sexfo_pointapoint 110 Untagged. 14.0.3:/32 0 Setfi_pointzpoint ttt Untagged 14.0.2.1/32 0 Seti pointapoint 12 Untagged 14.0.1.1/32 0 — Setfi_pointapoint 113 Untagged 14.0.0.1/32 0 Serft_pointapoint Rash mpls forwarding table Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tagorVC orTunnelld switched interface 200 Poptag 3.0.0.0/8 0 — Seift_pointzpoint 201 Poptag 4.0.0.0/8 0 — Seifo _pointzpoint 202 Untagged 11.0.2.1/32 0 Setlo_pointzpoint op unaage oso Sel poctzont 205 Untagged 11.0.1./32 0 Seif _point2point 206 Untagged 13. © Ses pointapoint 207 Untagged 13. © — Seift_pointapoint ° ° 208 Untagged 13. Seti point2point 209 Untagged Sei! point2point 210 310 14.0,3.1/32 0 —Serfi_point2point 110 14.03.12 0 — Seifo_pointzpoint 211 31 14.0.2.1/32. © Sett__point2point ttt — 14.0.2.132 © Seto point2point 212-312 14.0.14/32 0 Setft_pointzpoint 12 14.0.1.f32 © — Setfo_pointapoint 213313 14.0.0.1/32. 0 Set/t__point2point 13 14.0.0.152 0 — Seifo_pointapoint R3# sh mpls forwarding-table NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 56Local Outgoing. Prefix tag tagorVC or Tunnel id 300 Poptag 1.0.0.0/8 301 Poptag 4.0.0.0/8 302 402 11.0.2.1/32 0 202 11.0.2:182 0 303 403 11.03.1/32 0 203 11.0,3.1/32_ 0 305 405 1.0.14/532 0 205 11.0.14/32 0 306 Untagged 12.0.1.1/32 307 Untagged 12.0.0.1/32 308 Untagged 12.0,3.1/32 309 Untagged 12.0.2:1/32 310 Untagged 14.0:3.1/32 31 Untagged 14.0.2.1/32 312. Untagged 14.0.1.1/32 313. Untagged 14.0.0.1/32 Ra#sh mpls forwarding table Local Outgoing. Prefix tag tagorVC or Tunnel id 400 Poptag 1.0.0.0/8 401 Poptag 2.0.0.0/8 402 Untagged 11.0.2.1/32 Bytes tag Outgoing Next Hop switched interface Seto pointapoint Serlt pointapoint Sei/i_ pointapoint Seilo pointapoint Sexi point2point Seifo _pointapoint ° ° Serft Seifo pointapoint pointapoint © Sexfopointapoint © Sesfo_pointzpoint © — Setfo_pointapoint © Seto pointapoint © Sei pointapoint © Sexi. pointapoint © Serft__pointapoint © Sei pointzpoint Bytes tag Outgoing Next Hop switched interface © Seti pointzpoint © Seto point2poi © Setft_pointzpoint 403 ee 03.1132 0 Seit__pointapoint 405. Untagged 11.0.1.1/32 406 102 R0.A/32 0 306 12.0.4.32 0 407 103 12.0.0.132 0 307 12.0.0.1/32 0 408 104 12.03.1/32 0 308 12.0. ° 409 10522 ° 309 120. ° 410 Untagged 13.0.0.1/32 4m Untagged 13.0.14/32 412 Untagged 13.0.2.1/32 413. Untagged 13.0.3.1/32 TASK: configure Authentication between Rt Ri(config)#mpls Idp neighbor 12.0.0. Ra(config)#mpls Idp neighbor 11.0.0. Rifsh mpls Idp neighbor Peer LOP Ident: 14.0.0.1:0; TCP connection: 14.0.0-1. NOA solutions,N.K Arcade, 2nd & 3rd fi Hyderabad, INDIA. +91 40 65890380, 49: © Seth _pointzpoint Seri pointapoint Sei/o pointapoint Seift pointapoint Seifo pointapoint Serf pointzpoint Sexo pointapoint Seti pointapoint Seifo _ pointapoint © — Seifo _pointapoint © Seto pointapoint © Seto point2point © Sexo pointapoint and R2 (password cisco123) 1 password cisco123 1 password ciscor3 Local LDP Ident 11.0.0.1:0 34678 - 1.0.0.1.646 ‘loor Opposite to banjara function hall,Banjarahills road no 1 om Page 57 1 7036826345 www. noasolution:State: Oper; Msgs sent/revd: 36/36; Downstream Up time: 00:08:35, LOP discovery sources: Serialih, Src IP addr: 4.4.4.1 Addresses bound to peer LOP Ident: 40.44 3332 4digt — 14.0.0.1 140.14 4.0.2.4 14.0.3.1 Peer LDP Ident: 12.0.0.1:0; Local LDP Ident 11.0.0.1:0 TCP connection: 12.0.0.1.14931 - 11.0.0.1.646 State: Oper; Msgs sent/revd: 27/27; Downstream, Up time: 00:00:18 LDP discovery sources: Serialtfo, Sre1P addr: 1.1.1.2 Addresses bound to peer LDP Ident: At ted — DIA 12 120.1 120.21 120.341 ‘TASK: Configure the Ri to change the router-id to loopback 1 Ri(config)#mpls Idp router-id loopback 1 FOFES: Rr#sh mpls Idp neighbor Peer LDP Ident: 12.0.0.:0; LGESIUDPISERERIONES TCP connection: 12.0.0.1.21307 -11.0.1.1.646 State: Oper; Msgs sent/rcvd: 27/27; Downstream Up time: 00:00:26 LOP discovery sources: Serialt/o, Sre IP addr: 1.1.1.2 Addresses bound to peer LDP Ident: AAA WA DDIA— A OAL 2024 12.034 Peer LDP Ident: 14.0.0.1:0; Local LDP Ident 11.0.1.10 TCP connection: 14.0.0.1.16756 - 11.0.1.1.646 State: Oper; Msgs sent/revd: 27/27; Downstream Up time: 00:00:04 LOP discovery sources: Serial, SrciP addr: 4.4.4.1 Addresses bound to peer LOP Ident: 40At) 3332 4.441 14.0.0. 14.014 14.024 14.031 MPLS LDP DISCOVERY To configure the interval between transmission of consecutive Label Distribution Protocol (LDP) Discovery Hello messages, or the hold time for a discovered LDP neighbor, or the neighbors from which requests for targeted Hello messages may be honored, use the mpls Idp discovery command in global configuration mode. To disable transmission times, or hold times, or neighbor requests, use the no form of this command. pls Idp discovery {hello {holdtime | interval} seconds | targeted-hello {holdtime | interval} seconds | accept [from acl]} no mpls Idp discovery {hello {holdtime | interval} | targeted-hello {holdtime | interval} | accept} ‘The default value for the interval keyword is 5 seconds ‘+The default value for the holdtime keyword is 15 seconds NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 58TASK © Configure The Interval Of Discovery Hello To Be 20 Sec And With Hold Down Time Of 60 Sec On All LSR Ridsh mpls Idp discovery detail Local LDP identifier: 11.0.0.10 Discovery Sources: Interfaces: Serialtfo (Idp): xmit/reev Enabled: Interface config, Hello interval: 5000 ms; Transport IP addr: 1.0.0.1 +0 LOP Id: 12. Src IP addr: 1.1.1.2; Transport IP addr: 12.0.0.1 ‘Hold timeli§)/$26 Proposed local/peer: 15/15 sec Reachable via 12.0.0.1/32 Serialit (Ip): xmit/recv Enabled: Interface config, Hello interval: 5000 ms; Transport IP addr: 1.0.0.1 LDP Id: 14.0.0.110 Src IP addr: 4.4.4.1; Transport IP addr: 14.0.0.1 Hold time: 15 sec; Proposed local/peer: 15/15 sec Reachable via 14.0.0.1/32 Rtdsh mpls Idp parameters Protocol version:1 Downstream label oo sc min label: 100; max label: 199 Discovery targeted hello: holdtime: 90 sec; interval: 10 sec Downstream on Demand max hop count: 255, Downstream on Demand Path Vector Limit: 255 LOP for targeted sessions LDP initialfmaximum backoff: 15/120 sec LOP loop detection: off if a router missed 3 hello packets, he will declare its neighbour down then KA will be sent every 60s; after missing 3 KA msgs the router will remove neighbour from his database Ri(config)#mpls Idp discovery ? hello LDP discovery Hello targeted-hello LDP discovery Targeted Hello ON ALL ROUTERS Rx(config)mpls Idp discovery Rx(config)¢mpls Idp discovery Rrésh mpls Idp discovery detail Local LDP identifier: NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 591.0.0.1 Discovery Sources: Interfaces: Serialtfo (Idp): xmit/reev Enabled: Interface config, Hello interval: 20000 ms; Transport IP addr: 1.0.0.1 LOP Id: 12.0.0.1:0 Src IP addr: 1.1.1.2; Transport IP addr: 12.0.0.1 Reachable via 12.0.0.1/32 Serialit (Ip): xmit/recv Hello interval: 20000 ms; Transport IP addr: LOP Id: 14.0.0.1:0 Src IP addr: 4.4.4 rami IP addr: 14.0.0.1 Reachable via 14.0.0.1/32 Ridsh mpls Idp parameters Protocol version: 1 Downstream label generic region: min label: 100; max label: 199 Session hold time: 180 sec; keep alive interval: 60 sec Discovery targeted hello: holdtime: 90 sec; interval: 10 sec Downstream on Demand max hop count: 255 Downstream on Demand Path Vector Limit: 255 LDP for targeted sessions LDP initial/maximum backoff: 15/120 sec LDP loop detection: off NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 60MPLS L3 VPN MPLS VPN » VRE (Virtual Routing and Forwarding) » RD (Route-Distinguisher) » RT (RouteTarget) NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 61VRF (Virtual Routing and Forwarding) OA, + VRF provides a way for you to configure multiple routing instances on your router. » keep customer traffic and routing separate utilize the same hardware. > Without VRF we need to use ACL filtering to keep traffic segregated. PE RD (Route-Distinguisher) NA, + Isa G&-bit (B-byte) prepended prefix, used to convert fa clients nonsunique 32-bit [Pv address into a unique xs 2 ‘96-bit VPNv4_ addres, to enable transport between PE routers. The resulting address is a VPNuA address Vind hs 8s > ARD isloeally significant to a router + AVRF isnot operational unless you configure an RD. You can use the ASNinn or A.B.C.Dinn format for RD. Each VRF in a PE router must have a unique RD. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 62RT (RouteTarget) OA. » Isa 64-bit extended BGP community that is attached to a VPNv4 BGP route to indicate its VPN membership » Any number of RTE can be attached to a single route. Export RI |. Identifies the VPN membership, to which the associated VRF belongs to. 2. Areattached toa client's route, when its converted into a VPNv4 route Import RT 1 Are used to select which VPNd routes ae tobe inserted into which VRE tables. 2. Onthe receiving PE router a route Is importd into VRF only If af least one RT ettached to the route matches atleast one import RT configured in that VRE XM OA. Ven Adeeoss 4003:30000/8 < vont rivet so ay VPM 1000/8 romecaptimpertiont ‘mactarmineen 04 so000/8 ‘teat peo reese npr 2063 ‘ouctoet eon a68 ‘ve Adress 2011000078 vena ro00.0/8 Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions.com Page 63VRF-RD-RT Configuration MOA, (0 3600/3700 (On 7000 series cisco routers Router(config)# ip vrf A Routerconfigari} ed 500% Routerconfgov} routetarget export 500: Routereonfg-ve)# route target import 500:1 Router(config)# vet definition A‘ Router(configvef# rd 50031 Router(configanf\# addressfamily pvt Router(configwefa# routetarget export 500:1 Router(configrfaf}# routetarget import 500:1 Router(configartaf}# exit Router(configaef# address-family [pv Router(configarfaf route target export 500:1 Router(configarf-af# routetarget import 500:1 Router(configefaf# exit Steps to configure MPLS L3 VPN NA, 1. Configure IGP inside SP Core Configure MPLS LDP inside the SP core Create VRF_ Al, RD & Route Target. 4. Configure Routing between PE and CE Seta, V2, OFF, GRP, BOP. 5S Configure VPNV4 peering between both the PE Routers © Configure Redistribution on PE routers. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 6422 Betas eat ™ ireoarae/ ney 5 i1o2ias 0.3% Too. (30.11/28 30.21/24 Toss TASK 1. Configure IGP inside SP Core ( Ri/R2/R3/R4) under OSPF area o 2. Configure MPLS LDP inside the SP core ( Ri/R2/R3/R4) (The Above two tasks are configured in the previous Lab Here we Assume the above two tasks are preconfigured) 3. Connect R5 & R6 and Assign IP addressing as per the Diagram and Verify Connectivity. Rs(config)#int loopback 0 R5(configcif)#ip address 5.5.5.5 255.255.255.255 Rs(config-if}#end Rs(config)#int fo/o R5(config-f}#ip address 172.16.15.5 255.255.255.0 Rs(config-f}#no shutdown Rs(configif}#end Ri(config)int fo/o Ri(config:f}#ip address 172.16.15.1 255.255.255.0 Ri(config:f}#no shutdown Ri(config.if}¥end Riéping 172.16.15.5 Type escape sequence to abort. NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 65Sending 5, 100-byte ICMP Echos to 172.16.15.5, timeout is 2 seconds: Success rate is 80 percent (4/5), round-trip min/avgimax = 8/31/48 ms R6(config)#int fo/o R6(contig:if)Fip address 172.16.36.6 255.255.255.0 R6(config.if}#no shutdown R6(configif}#exit R6(config)#int loop 0 R6(config:f)#ip address 6.6.6.6 255.255.255.255 R6(config.if)¥end. R3(config)#int fo/o R3(config-if}#ip address 172.16.36.3 255.255-255.0 R3(config-f)#no shutdown R3(config:if}¥end R3#ping 172.16.36.6 Type escapes sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.36.6, timeout is 2 seconds: Success rate is 80 percent (4/5), round-trip min/avgimax = 16/30/52 ms R3#ping 172.16.36.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.36.6, timeout is 2 seconds: Success rate is 100 percent (5/5), round:-trip minfavgimax = 8/30/64 ms TASK: + Create VRF A-ton Site 1 (on Rt) and VRF A-2 on site-2 (R3) + RD &Route Target value should be 500:1 for both sites Ri(config)#ip rf A-1 Ri(config-vef}#rd 500:1 Ri(config-vrF)#route-target import 500:1 Ri(config-vrF}#route-target export 500: Ri(config-vrf}#exit R3(config)#ip vrf A R3(config-vef}#rd 500:1 R3(config-vrf)#route-target both 5oo:1 R3(config-vrt}#exit NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 66R3(config)#exit R3#sh ip wrt Name Default RD Interfaces Aa S00: R3#sh ip vrf detail VRF A-2; default RD 00:4; default VPNID No interfaces Connected addresses are not in global routing table (EXBOFEVPN route target communities Import VPN route-target communities No import route-map No export route-map RF label distribution protocol: jot configured R3#sh run |s vrf ip vf Az rd501 route-target export 500:1 route-+target import 500:t TASK: + On Rt Assign interfaces facing CE (R5) under VRF At + OnR3 Assign interfaces facing CE (R6) under VRF A2 R3#sh ip route connected C 2.0.0.0/8 is directly connected, Serialt/o 3.0.0.0/8 is directly connected, Serialt/1 172.16.0.0/24 is subnetted, t subnets C _ 17216.36.0 is directly connected, FastEthernetolo 13.0.0.0/24 is subnetted, 4 subnets C 13.0.1.0is directly connected, Loopbackt C 13.0.0.0is directly connected, Loopbacko 13.03.0/s directly connected, Loopback3 C 13.0.2.0is directly connected, Loopback2 R3(config)#do sh run int fo/o Building confi Current configuration: 130 bytes interface FastEtherneto/o NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 67ip address 172.16.36.3 255.255.255.0 duplex auto speed auto ipv6 address FC00:33:33:33::3/64 end R3(config)#int fo/o R3(config:f}#ip vrf forwarding A2 ‘interface Fastéthemeto/o IP address 172.16.36.3 removed due to enabling VRF A R3(configeif)# ip address 172.16.36.3 255.255.255.0 R3(configif)wexit R3#sh ip route connected CC 2.0.0.0/8 is directly connected, Serialt/o CC 3.0.0.0/8 is directly connected, Serialt/1 13.0.0.0/24 is subnetted, 4 subnets 13.0.1.0 is directly connected, Loopback 13.0.0.0 is directly connected, Loopbacko 13.0.3.0 is directly connected, Loopback3, 13.0.2.0 is directly connected, Loopback naan + Once we assign the interface under VRF A-2 it moves to separate VRF A:2 routing table. * All the routes receiving from this interface ( facing CE) will be placed in a separate VRF routing table (A2) R3#sh ip route vrf A2 Routing Tables Codes: C- connected, S- static, R- RIP, M-mobile, B- BGP D-EIGRP, EX- EIGRP external, O - OSPF, IA- OSPF inter area N1- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 £1- OSPF external type 1, £2 - OSPF external type 2 -1S4S, su-IS1S summary, L1-1S-S level, L2-IS-1S level-2 ja-1S+S inter area, * - candidate default, U- peruser static route 0- ODR, P- periodic downloaded static route Gateway of last resort isnot set 172.16.0.0/24 is subnetted, t subnets R3#sh ip vrf Name Default RD interfaces R3#ping 172.16.36.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.36.6, timeout is 2 seconds: NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 68Success rate is 0 percent (0/5) R3#ping vr A-2 172.16.36.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.36.6, timeout is 2 seconds: Success rate is 80 percent (4/5), round-trip min/avgimax = 16/32/48 ms Rr#sh ip route connected 1.0.0.0/8 is directly connected, Serialt/o C 4.0.0.0/8 is directly connected, Serialt/1 172.16.0.0/24 is subnetted, t subnets © 172:16.15.0 is directly connected, FastEtherneto/o, 11.0.0.0/24 is subnetted, 4 subnets 1.0.3.0 is directly connected, Loopback3, 1.0.2.0 is directly connected, Loopback 11.0.1.0 is directly connected, Loopbackt 1.0.0.0 is directly connected, Loopbacko nanan Ri(config)#do sh run int folo Building cor Current configuration 144 bytes interface FastEtherneto/o ip address 172.16.15.1 255.255.255.0 duplex auto speed auto ipv6 address FCoo:ttstttt:1/64 end Ri(config)int fo/o Ri(config.if}#ip vrf forwarding A+ ‘interface Fastéthemeto/o IP address 172.16.15.1 removed due to enabling VRF At Ri(configcif}#ip address 172.16.15.1 255,255.255.0 Ri(config-if}¥end Ri#sh ip route connected C_ 1.0.0.0/8 is directly connected, Serialt/o © 4.0.0.0/8 is directly connected, Serialt/1 11.0.0.0/24 is subnetted, 4 subnets C 11.0.3.0is directly connected, Loopback3 C 11.0.2.0is directly connected, Loopback2 C 11.0.1.01s directly connected, Loopbackt NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 69C 1.0.0.0 is directly connected, Loopbacko Rrésh ip route vrf A-+t Routing Table: At Codes: C-connected, S- static, R- RIP, M-mobile, B- BGP D-EIGRP, EX-EIGRP external, O - OSPF, IA- OSPF inter area N1- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 £1- OSPF external type 1, £2 - OSPF external type 2 i-1S4S, su-IS-1S summary, L1-1S-1S level, L2-1S-1S level-2 ja-1S:S inter area, * - candidate default, U- per-user static route 0- ODR, P- periodic downloaded static route Gateway of last resort isnot set 172.16.0.0/24 is subnetted, 1 subnets Riésh ip vrf Name Default RD Interfaces At S00: Faojo Reéping 172.16.15.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.15.5, timeout is 2 seconds: Success rate is 0 percent (0/5) Regping vrf Act 172.16.15.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.15.5, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax = 12/38/76 ms TASK: * Configure Routing between PE and CE using Static Routing on both Ends. + Ensure that PE routers (Rt & R3) should be able to ping CE routers (R5/R6) LAN interfaces respectively. Rs(config)#ip route 0.0.0.0 0.0.0.0 172.16.15.1 Rs(config)#end Ri(config)#ip route vrf A-1 5.5.5.5. 255.255.255.255 172.16.15.5 Ri(config)#end Rr#sh ip route vrf A+ Routing Table: At Gateway of last resort isnot set NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 705.0.0.0/32 is subnetted, 1 subnets 172.16.0.0/24 is subnetted, 1 subnets C 172.16.15.0 is directly connected, FastEtherneto/o Reéping vrf A-15.5.5.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.5. Success rate is 100 percent (5/5), round-trip minjavgimax = 8/29/72 ms timeout is 2 seconds: R6(contig}#ip route 0.0.0.0 0.0.0.0 172.16.36.3 R6(config)#end R3(config)tip route vrf A-2 6.6.6.6 255.255.255.255 172.16.36.6 R3(config)#end R3#sh ip route vrf A2 Routing Table: A2 Gateway of last resort is not set 6.0.0.0/32 is subnetted, 1 subnets S 6.6.6.6 [1/0] via 172.16.36.6 172.16.0.0/24 is subnetted, t subnets C 172.16.36.0 is directly connected, FastEtherneto/o R3#ping vif A2 6.6.6.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: Success rate is 100 percent (5/5), round:-trip minfavgimax = 8[23/60 ms TASK: + Configure VPNV4 peering between both the PE Routers (R1/R3). Rvéping 13.0.0.1 source 11.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 13.0.0.1, timeout is 2 seconds: Packet sent with a source address of 11.0.0.1 Success rate is 100 percent (5/5), round-trip min/avgimax = 40/5676 ms onri Ri(config)#router bgp 500 Ri(config-router)éno bgp default ipv4-unicast NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 71Ri(config-router)#neighbor 13.0.0.1 remote-as 500 Ri(config-router)4neighbor 13.0.0.1 update-source loopback 0 Ri(config-router}¥address-family vpnvg unicast Ri(config-router-af#neighbor 13.0.0.1 activate Ri(config-router-af)#neighbor 13.0.0.1 send-community extended Ri(config-router-af)#neighbor 13.0.0.1 next-hop-self Ri(config-router-af end onr3 R3(config)frouter bgp 500 R3(config-router)# no bgp default ipv4-unicast R3(config-router)# neighbor 11.0.0.1 remote-as 500 R3(config-router)# neighbor 11.0.0.1 update source loopback 0 R3(config-router)# address-family vpnvg unicast R3(config-router-af)# neighbor 1.0.0.1 activate R3(config-router-af}# neighbor 11.0.0.1 send-community extended R3(config-router-af}# neighbor 1.0.0.1 next-hop-self R3(config-router-af)# end R3#sh ip bgp vpnv4 all summary BGP router identifier 13.0.3.1,local AS number 500 BGP table version is 1, main routing table version 1 Neighbor VAS MsgRevd MsgSent_TbiVer InQ Out Up/Down State/PfxRed Note: * By default OSPF will advertise loopback as /32 no matter what mask is actually configured on the interface. + This will lad to issues because when LDP is creating labels for the nexthops it will look at the mask of the local interface which is [24 or something else + There will be mismatch between labels and routing table. + That’s the reason ensure that we use any of the options below to overcome with this issue 1. Make sure that the loopback used for IBGP peering should be configured with exact mask to exchange the routes which are getting redistributed in to BGP. or 2. use loop 0 address should be /32 mask in case of OSPF (recommended ) Rr#sh ip route ospt © 2.0.0.0/8 [110/128] via 11.1.2, 00:01:01, Serialt/o © 3.0.0.0/8 [110/128] via 4.4.4.1, 00:01:01, Serialt/t © 20.0.0.0/8 [110/65] via 1.1.1.2, 00:01:01, Serialt/o NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 72© 40.0.0.0/8 [110/65] via 4.4.4.1, 00:01:01, Seriali/ 12,0.0.0/32 is subnetted, 1 subnets © 12.0.0.1[110/65] via 1.1.1.2, 0 13,0.0.0]32 is subnetted, 1 subnets © 13.0.0.1 [110/129] via 4.4.4.1, 00:01:01, Serialt/t [110/129] via 1.1.12, 00:01:04, Serialt/o 14,0.0.0/32 is subnetted, 2 subnets © 14.0.2.1[110/65] vie 4.4.4.1, 00:01:01, Seriali/t © 14.0.0.1 [110/65] via 4.4.4.1, 00:01:01, Serialt/t 1, Seriali/o Ri(config)#int loop 0 Ri(config.if}# ip address 11.0.0.1 255.255.255.255 Ri(config-if}#end R3(config)#int loop o R3(config-f}#ip address 13.0.0.1 255.255.255.255 R3(config:if}¥end OR Ri Ri(config)#int loop 0 Ri(config-f) ip ospf network point-to-point R3 R3(config)#int loop 0 3(configf) ip ospf network point-to-point TASK: * Configure Redistribution static Routing in to BGP under VRF + Ensure that CE routers on both sites (Rs/R6) should have reachability between them. Ri(config)#router bgp 500 Ri(config-router)#address-family ipv4 vrf A-+t Ri(config-router-af redistribute static Ri(config-router-af)redistribute connected Ri(config-router-af)end R3(config)# router bgp 500 R3(configrouter)# address-family ipv4 vrf A-2 R3(config-router-af}# redistribute static R3(config-router-af)# redistribute connected R3(config-router-af)# exit R3(config-router)# NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 73Rrésh ip route vrf A+ Routing Table: At Gateway of last resort isnot set 5.0.0.0/32 is subnetted, 1 subnets S 5.5.5.5 [10] via 172.16.15.5 6.0.0.0/32 is subnetted, 1 subnets B 6.6.6.6 [200/0] via 13.0.0.1, 00:09:59 172.16.0.0/24 is subnetted, 2 subnets B 172.16.36.0 [200/0] via 13.0.0.1, 00:09:44 C _ 172.16.15.0 is directly connected, FastEtherneto/o Regping vrf A+ 6.6.6.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip minavgimax = 48/72/112 ms R3#sh ip route vrf A2 Routing Table: A2 9/32 Is subnetted, 1 subnets B 55.5 [20/0] via 1.0.0.1, 00:02:08 6.0.0.0/32 is subnetted, 1 subnets S 6.6.6.6 [1/0] via 172.16.36.6 172.16.0.0/24 is subnetted, 2 subnets C 172:16.36.0 is directly connected, FastEtherneto/o B 172.16.15.0 [200/0] via 1.0.0.1, 00:02:08 R3#ping vif A25.5.5.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax = 60/71/88 ms R5#ping 6.6.6.6 source 5.5.5.5, Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: Packet sent with a source address of 5.5. Success rate is 100 percent (5/5), round-trip min/avgimax = 64/84/104 ms R5#ping 6.6.6.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 74Success rate is 100 percent (5/5), round-trip min/avg/max = 80/99/120 ms Rrésh ip bgp vpnv4 all summary BGP router identifier 11.0.3.1, local AS number 500 BGP table version is 9, main routing table version 9 4 network entries using 548 bytes of memory 4 path entries using 272 bytes of memory 3/2 BGP path/bestpath attribute entries using 372 bytes of memory 1 BGP extended community entries using 24 bytes of memory © BGP route-map cache entries using 0 bytes of memory © BGP filterlist cache entries using 0 bytes of memory BGP using 1216 total bytes of memory BGP activity 4/o prefixes, 4/0 paths, scan interval 15 secs Neighbor VAS MsgRevd MsgSent TbiVer InQ OutQ Up/Down State/PfxRed 1300.01 4 500 22 2 9 0 ooon6:§7ls Rrésh ip bgp vpnva all BGP table version is 9, local router ID is 1.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, F RIB-ailure, S Stale internal, Origin codes: i-IGP, e- EGP, ?- incomplete Network NextHop Metric LocPrf Weight Path Route Bistinguisher: 5001 (default for vrf A-1) 45 55.55/32 172.16.15.5 0 32768? 5 172.16.15.0/24 0.0.0.0 0 32768? *5i172.16.36.0/24 13.0.0.1 © 100 0? Rvésh ip bgp vpnva vrf At BGP table version is 9, local router ID is 1.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, FRIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for vrf A-1) *>172.16.15.024 0.0.0.0 © 32768? *5i172.16.36.0/24 1.0.0.1 © 100 0? NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 75LAB: MPLS L3 VPN Support for RIPv2 LooPsacks 1200.1/24 320.11/24 1202/24 128 14.0.0.1/24 14.0.1:1/24 14.02.1/24 140.3.1/24 TASK: If you start from Basic then follow below steps: 1. Configure IGP inside SP Core ( Ri/R2/R3/R4) under OSPF area 0 je the SP core ( Ri/R2/R3/R4) 3. Connect R5 & R6 and Assign IP addressing as per the Diagram and Verify Connecti |. Create VRF A-1on Site 1 (on Rt) and VRF A-2 on site-2 (R3) 5. RD & Route Target value should be 500:1 for both sites 6. Ont Assign interfaces facing CE (Rs) under VRF At 7. OnR3 Assign interfaces facing CE (R6) under VRF A-2 2 (The Above tasks are preconfigured in the first MPLS LDP Lab Here we assume the above tasks are preconfigured and we are continuing from previous t lab configs) Check the previous labs for detailed step by step configurations. OR * Incase if you are about to continue from previous lab then © Remove the static and default configurations on PE and CE © Remove the BGP configs from both PE routers, Ri(config)#no router bgp 500 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 763(config)#no router bgp 500 Ri(config)#no ip route vrf A-1 5.5.5.5 255.255.255.255 172.16.15.5 3(config)#no ip route vrf A-2 6.6.6.6 255.255.255.255 172.16.36.6 5(config)#no ip route 0.0.0.0 0.0.0.0 172.16.15.1 R6(config)#no ip route 0.0.0.0 0.0.0.0 172.16.36.3 Riésh ip route vrf A+ Routing Table: At 172.16.0.0/24 is subnetted, 1 subnets R3#sh ip route vrf A2 Routing Table: A2 172.16.0.0/24 is subnetted, 1 subnets TASK: + Configure Routing between PE and CE using Ripv2 on both Ends. + Ensure that PE routers (Rt & R3) should be able to ping CE routers (R5/R6) LAN interfaces respectively. R5(config)6#router rip Rs(config-router}#ver 2 Rs(config-router)¢no auto-summary (config router)#network 5.0.0.0 ( ( R5(config-router)#network 172.16.0.0 Rs(config-router)#exit Ri(config)#router rip Ri(config-router)#address-family ipv4 vrf A-+t Ri(config-router-af)#ver 2 Ri(config-router-af)#no auto-summary Ri(config-router-af network 172.16.0.0 Ri(config-router-af exit Rr#sh ip route vrf A+ Routing Table: At 5.0.0.0/32 is subnetted, 1 subnets 172.16.0.0/24 is subnetted, 1 subnets © 172.16.15.0 is directly connected, FastEtherneto/o NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 77Reéping vrf A15.5.5.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5. Success rate is 100 percent (5/5), round-trip min/avgimax = 8/26/60 ms R6(config)#router rip R6(config-router)#ver 2 R6(config-router)#no auto-summary R6(config-router)#network 6.0.0.0 R6(config-router)#network 172.16.0.0 R6(config-router)#exit R3(config)router rip R3(config-router)#address-family ipv4 vrf A-2 R3(config-router-af)#ver 2 3(config-router-af)#no auto-summary R3(config-router-af)#network 172.16.0.0 R3(config-router-af}#exit R3#sh ip route vrf A 6.0.0.0/32 is subnetted, 1 subnets 172.16.0.0/24 is subnetted, 1 subnets C 172.16.36.0 is directly connected, FastEtherneto/o R3¢ping vrf A2 6.6.6.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: Success rate is 100 percent (5/5), roundtrip minjavgimax = 8/24/44 ms TASK: + Configure VPNV4 peering between both the PE Routers (Rt/R3)- Ri(config)#router bgp 500 Ri(config-router)#no bgp default ipv4-unicast Ri(config-router)¢neighbor 13.0.0.1 remote-as 500 ( ( ( 1(config-router)#neighbor 13.0.0.1 update-source loopback 0 Ri(configrouter)#address-family vpnvg unicast Ri(config-router-af éneighbor 13.0.0.1 activate NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 78Ri(config-router-af)#neighbor 13.0.0.1 send-community extended Ri(config-router-af #neighbor 13.0.0.1 next-hop-self Ri(config-router-af)¥end R3(config)#router bgp 500 R3(config-router)# no bgp default ipv4-unicast R3(config-router)# neighbor 11.0.0.1 remote-as 500 R3(configrouter)# neighbor 11.0.0.1 update-source loopback 0 R3(config-router)# address-family vpnv4 unicast R3(config-router-af) neighbor 1.0.0.1 activate R3(config-router-af)# neighbor 1.0.0.1 send-community extended R3(config-router-af}# neighbor 11.0.0.1 next-hop-self R3(configrouter-af)# end Rrésh ip bgp vpnvq all summary BGP router identifier 11.0.3.1, local AS number 500 BGP table version is 4, main routing table version 1 Neighbor VAS MsgRevd MsgSent TbiVer InQOutQ Up/Down State/PfxRed TASK: + Configure Redistribution on PE routers RIPv2 in to BGP and BGP into RIPv2 under VRF. + Ensure that CE routers on both sites (R5/R6) should have reachability between them. Ri(config)#router bgp 500 Ri(config-router)#address-family ipva vrf A-t Ri(config-router-af redistribute rip Ri(config-router-af exit Ri(config-router)exit Ri(config)#router rip Ri(config-router)#address-family ipva vrf A-t Ri(config-router-af redistribute bgp 500 metric 2 Ri(config-router-af exit Ri(config-router}#end R3#sh ip route vrf A2 Codes: C - connected, S- static, R- RIP, M- mobile, B - BGP D-EIGRP, EX- EIGRP external, O- OSPF, IA- OSPF inter area N1- OSPF NSSA external type 1, N2- OSPF NSSA external type 2 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 79E1- OSPF external type 1, E2 - OSPF external type 2 1-1SAS, su-IS-1S summary, L1-1S-S level, L2-IS4S level-2 ia ISAS inter area, * - candidate default, U -per-user static route 0-ODR, P- periodic downloaded static route Gateway of last resort is not set 5.0.0.0/32 is subnetted, 1 subnets B 555.5 [200/I] via 1.0.0.1, 00:00:46 6.0.0.0/32 is subnetted, 1 subnets R 6.6.6.6 [120/1] via 172.16.36.6, 00:00:04, FastEtherneto/o 172.16.0.0/24 is subnetted, 2 subnets C 172.16.36.0 is directly connected, FastEtherneto/o B 172.16.15.0 [200/0] via 1.0.0.1, 00:00:46 R3(config)#router bgp 500 R3(config-router)#address-family ipv4 vrf A-2 R3(config-router-af)#redistribute rip R3(config-router-af}#exit R3(config-router)#exit R3(config)#router rip R3(config-router)#address-family ipv4 vrf A-2 R3(config-router-af)#redistribute bgp 500 metric 2 R3(config-router-af}#end Riésh ip route vrf A+ Gateway of last resort isnot set 5.0.0.0)32's subnetted, 1 subnets R 5.5.5.5 [120/1] via 172.16.15.5, 00:00:00, FastEtherneto/o 6.0.0.0/32 is subnetted, 1 subnets B 6.6.6.6 [200]1] via 13.0.0.1, 00:00:32 172.16.0.0/24 is subnetted, 2 subnets B 172.16.36.0 [200]o] via 13.0.0.1, 00:00:32 © 172.16.15.0 is directly connected, FastEtherneto/o Regping vrf A+ 6.6.6.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax = 28/55/76 ms R5#sh ip route rip NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 806.0.0.0/32 is subnetted, 1 subnets 172.16.0.0/24 is subnetted, 2 subnets R_172.16.36.0 [120/2] via 172.16.15.1, 00:00:04, FastEtherneto/o R5#ping 6.6.6.6 source loopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: Packet sent with a source address of 5.5.5.5 Success rate is 100 percent (5/5), round-trip min/avgimax = 80/94/112 ms R6#sh ip route rip 5.0.0.0/32 is subnetted, 1 subnets 172.16.0.0/24 is subnetted, 2 subnets R 172.16.15.0 [120/2] via 172.16.36.3, 00:00:13, FastEthemeto/o Ro#ping 5.5.5.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avg/max = 64/102/156 ms NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 811200.1/24 120.11/24 12021/28 0.31/28 ‘Loormacks 110.0.1/24 TASK: If you start from Basic then follow below steps: * Configure IGP inside SP Core ( Ri/R2/R3/R4) under OSPF area o * Configure MPLS LDP inside the SP core ( Ri/R2/R3/R4) + Connect Rs & R6 and Assign IP addressing as per the Diagram and Verify Connectivity. + Create VRF A-1on Site 1(on Rt) and VRF A-2 on site2 (R3) * RD & Route Target value should be 500: for both sites * OnRI Assign interfaces facing CE (R5) under VRF Ax © OnR3 Assign interfaces facing CE (Ré) under VRF A:2 ‘The Above tasks are preconfigured in the first MPLS LDP Lab Here we assume the above tasks are preconfigured and we are continuing from previous t lab configs Check the previous labs for detailed step by step configurations. OR * Incase if you are about to continue from previous lab then © Remove RiPv2configurations on PE and CE © Remove BGP configs from both PE routers NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 82Ri(config)#no router bgp 500 Ri(config)#no router rip R3(config)#no router bgp 500 R3(config)#no router rip Rs(config)#no router rip R6(config)#no router rip TASK: * Configure Routing between PE and CE using EIGRP 100 on both Ends. + Ensure that PE routers (Rt & R3) should be able to ping CE routers (Rs/R6) LAN interfaces respectively. Rs(config)#router eigrp 100 R5(config-router)#no auto-summary R5(config-router)¢network 5.0.0.0 Rs(config-router)#network 172.16.0.0 Rs(config-router)#exit Ri(config)#router eigrp 500 Ri(config-router)#address-family ipv4 vrf A-t Ri(config-router-af)#autonomous-system ? Ri(config-router-af)#autonomous-system 100 Ri(config-router-af)#no auto-summary Ri(config-router-af)#network 172.16.0.0 Ri(config-router-af exit Here SURSHOMOUSS)SEEMINOD specifies the autonomous system number of the EIGRP network for the customer site. Ri#sh ip eigrp vrf A-t neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num Rrésh ip route vrf A+ eigrp 5.0.0.0/32 is subnetted, 1 subnets DENS [9 OIBGISS] HEME, co 53, Fastétherneto/o Reeping vrf A-415.5.5.5 Type escape sequence to abort. Sending 5, 100:byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 83Success rate is 100 percent (5/5), round-trip minjavgimax = 8/24/56 ms R6(config)#router eigrp 100 R6(config-router)#network 6.0.0.0 R6(config-router)#network 172.16.0.0 R6(config-router)Hexit 3(config)router eigrp 500 3(config-router)#address-family ipv4 vrf 3(config-router-af)/alutonioMmous system 700 3(config-router-af)#no auto-summary 3(config-router-af)#network 172.16.0.0 R3(config-router-af)#exit R3(config-router)#end R3#sh ip eigrp vrf A-2 neighbors |P-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num GUARESCIIMFA0}6 © 1 00:00:31 69 414 03 R3#sh ip route vr A2 Routing Table: A2 Gateway of last resort isnot set 6.0.0,0/32 is subnetted, 1 subnets (DIN 6166.6 [96 /156160] Via 17246. 36.6, 00:00:39, FastEtherneto/o 172.16.0.0/24 is subnetted, t subnets C 172.16.36.0 is directly connected, FastEtherneto/o R3¢ping vif A2 6.6.6.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax = 8/27/48 ms TASK: + Configure VPNV4 peering between both the PE Routers ( Ri/R3). Ri(config)#router bgp 500 Ri(config-router)#no bgp default ipv4-unicast Ri(config-router)#neighbor 13.0.0.1 remote-as 500 Ri(config-router)#neighbor 13.0.0.1 update source loopback o NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 84Ri(config-router)#address-family vpnv4 unicast Ri(config-router-af)#neighbor 13.0.0.1 activate Ri(config-router-af#neighbor 13.0.0.1 send-community extended Ri(config-router-af #neighbor 13.0.0.1 next-hop-self Ri(config-router-af)wend R3(config)frouter bgp 500 R3(config-router)# no bgp default ipv4-unicast R3(config-router)# neighbor 11.0.0.1 remote-as 500 R3(config-router)# neighbor 11.0.0.1 update-source loopback 0 R3(config-router)# address-family vpnvg unicast R3(config-router-af}# neighbor 1.0.0.1 activate R3(config-router-af)# neighbor 1.0.0.1 send-community extended R3(config-router-af)# neighbor 1 R3(config-router-af)# end R#sh ip bgp vpnv4 all summary BGP router identifier 11.0.3.1, local AS number 500 BGP table version is 4, main routing table version + Neighbor V_AS MsgRevd MsgSent_TbiVer In OutQ Up/Down State/PfxRed TASK: + Configure Mutual Redistribution on PE routers between EIGRP & BGP under VRF. + Ensure that CE routers on both sites (R5/R6) should have reachability between them. R3(config)frouter bgp 500 R3(config-router)#address-family ipv4 vrf A-2 R3(config-router-af)#redistribute eigrp 100 R3(config-router-af)exit R3(config-router)#exit R3(config)#router eigrp 500 R3(config-router)¥address-family ipv4 vrf A-2 R3(config-router-af)#redistribute bgp 500 metric {SUS BOBOES5IISOO R3(config-router-af}#end Rr#sh ip bgp vpnv4 all summary BGP router identifier 11.0.3.1, local AS number 500 BGP table version is 5, main routing table version 5 2 network entries using 274 bytes of memory NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 852 path entries using 136 bytes of memory 3/2 BGP path/bestpath attribute entries using 372 bytes of memory 2 BGP extended community entries using 120 bytes of memory © BGP route-map cache entries using o bytes of memory © BGP filterlist cache entries using 0 bytes of memory BGP using 902 total bytes of memory BGP activity 2/0 prefixes, 2/0 paths, scan interval 15 secs Neighbor V_AS MsgRcvd MsgSent TbiVer InQ OutQ Up/Down State/PfxRed 13.0.01 4 500 10 6 § 0 00:03:17 Rrésh ip bgp vpnvg all BGP table version is 5, local router ID is 11.0.3-1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, F RIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete Network NextHop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for vrf A-t) BIGGER 5.0.01 156160 100 0? ¥51172.16.36.0124 13.0.0 © 100 0? Rr#sh ip route vrf At Routing Table: A+ Codes: C- connected, S- static, R- RIP, M- mobile, B- BGP D-EIGRP, EX- EIGRP external, O- OSPF, IA- OSPF inter area Nt- OSPF NSSA external type 1, N2- OSPF NSSA external type 2 E1- OSPF external type 1, £2 - OSPF external type 2 1-155, su-1SS summary, Lt - ISAS level-t,L2- ISS level-2 ia ISS inter area, * -candidate default, U - per-user static route 0-ODR, P- periodic downloaded static route Gateway of last resort is not set 5.0.0.0/32.is subnetted, 1 subnets D 5.5.5.5 [90/156160] via 172.16.15.5, 00:12:28, FastEthernetolo 6.0.0.0]32 is subnetted, 1 subnets B 6.6.6.6 [200/156160] via 13.0.0.1, 00:02:04 172.16.0.0/24 is subnetted, 2 subnets B 172.16.36.0 [200]0] via 13.0.0.1, 00:02:04 C 172.16.15.0is directly connected, FastEthemeto/o Ri(config)#router bgp 500 Ri(config-router)#address-family ipv4 vrf A-t NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 86Ri(config-router-af)redistribute eigrp 100 Ri(config-router-af exit Ri(config-router)exit Ri(config)#router eigrp 500 Ri(config-router)#address-family ipv4 vrf At Ri(config-router-af)#redistribute bgp 500 metric #4444 Ri(config-routeraf)¥end Rr#sh ip bgp vpnv4 all BGP table version is 9, local router ID is 1.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, F RIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for vrf A-1) 455,5.5.5/32 172.1655 156160 32768? 5 172.16.15.0/24 0.0.0.0 0 32768? *51172.16.36.0/24 13.0.0.1 © 100 0? Résh ip bgp vpnva vrf A-t BGP table version is 9, local router ID is 1.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, FRIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher 5608 (@EURTOEVA AA) *>5.5.5.5/32 172416155 15616032768? *516.6.6.6/32 13.0.0.1 156160 100 0? 5 172.16.15.0124 0.0.0.0 032768? *5i172.16.36.0/24 13.0.0.1 0 100 0? Riéping vrf A+ 6.6.6.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax = 52/69/92 ms R3#sh ip route vrf A2 Routing Table: A2 Codes: C - connected, $- static, R- RIP, M- mobile, B- BGP NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 87D-EIGRP, EX- EIGRP external, O - OSPF, IA- OSPF inter area N1- OSPF NSSA external type 1, N2- OSPF NSSA external type 2 E1- OSPF external type 1, E2 - OSPF external type 2 i-1S4S, su-IS-1S summary, L1-1S1S level, L2-IS-1S level-2 ja-1S:S inter area, * -candidate default, U-per-user static route 0- ODR, P-periodic downloaded static route Gateway of last resort isnot set 5.0.0.0/32 is subnetted, 1 subnets B 5.5.5.5 [200/156160] via 11.0.0.1, 00:02:50 6.0.0.0/32 is subnetted, 1 subnets D 6.6.6.6 [90/156160] via 172.16.36.6, 00:09:54, FastEtherneto/o 172.16.0.0/24 is subnetted, 2 subnets C 172.16.36.0 is directly connected, FastEtherneto/o B 172.16.15.0 [200/0] via 11.0.0.1, 00:02:50 R3#sh ip bgp vpnv4 all BGP table version is 9, local router ID is 13.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, r RIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete Network NextHop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for vrf A-2) SISSSS/2 “rte! | S660 100 0? *> 6.6.6.6/32 172.16.36.6 156160 32768? *>i172.16.15.0/24 11. A 0 100 0? *> 172.16.36.0/24 0.0.0.0 0 32768? R5#sh ip route eigrp 6.0.0.0/32 is subnetted, 1 subnets D 6.6.6.6 [90/158720] via 172.16.15.1, 00:03:08, FastEthemeto/o 172.16.0.0/24 is subnetted, 2 subnets D__ 172.16.36.0 [90/30720] via 172.16.15.1, 00:03:08, FastEtherneto/o Rs#ping 6.6.6.6 source loopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: Packet sent with a source address of 5.5. Success rate is 100 percent (55), round-trip minjavgimex = 104/140/172 ms R6#ship route elgrp 5.0.0.0/32 is subnetted, 1 subnets ‘BENS [90158720] via 172.16.36.3, 00:03:41, FastEthernetolo NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 88172.16.0.0/24 is subnetted, 2 subnets D__172.16.15.0 [90/30720] via 172.16.36.3, 00:03:41, FastEtherneto/o NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 891200.1/28 waoi/as 1202.1/28 0.3.1/28 2” 14.000.1/28 40.11/28 1402.1/28 1403.1/28 TASK: If you start from Basic then follow below steps: 1. Configure IGP inside SP Core ( Ri/R2/R3/R4) under OSPF area 0 2. Configure MPLS LDP inside the SP core ( Ri/R2/R3/R4) 3. Connect R5 & R6 and Assign IP addressing as per the Diagram and Verify Connectivity. 4. Create VRF Aton Site 1 (on Ri) and VRF A-2 on site-2 (R3) 5. RD & Route Target value should be 500:1 for both sites (On Rt Assign interfaces facing CE (R5) under VRF Ax (On R3 Assign interfaces facing CE (R6) under VRF A-2 + The Above tasks are preconfigured in the first MPLS LDP Lab * Here we assume the above tasks are preconfigured and we are continuing from previous lab configs) ‘+ Check the previous labs for detailed step by step configurations. OR * Incase if you are about to continue from previous lab then © Remove EIGRP configurations on PE and CE © Remove BGP configs from both PE routers R6(config)#no router eigrp 100 5(config)#no router eigrp 100 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions.com Page 90Ri(config)#no router bgp 500 Ri(config)#no router eigrp 500 R3(config)#no router eigrp 500 R3(config)#no router bgp 500 R3(config)#end TASK: + Configure Routing between PE and CE using OSPF on both Ends. + Ensure that PE routers (Rt & R3) should be able to ping CE routers (R5/R6) LAN interfaces respectively. Rs(config)#router ospf 1 Rs(config-router)#network 5.5.5.5 0.0.0.0 area 0 R5(config-router)#network 172.16.15.5 0.0.0.0 area 0 Rs(config-router)#end Ri(config)#router ospf 1 vrf A-t Rrésh run | s ospf router ospft log.adjacency-changes network 1.1.11 0.0.0.0 area 0 network 4.4.4.2 0.0.0.0 area 0 etwork 10.0.0.0 0.255.255.255 area 0 network 11.0.0.1 0.0.0.0 area 0 + Aseparate Process ID is required for each VRF that receive VPN routes via OSPF from CE + If PE Routers are running OSPF for multiple Vrf ( customers)and also running inside the SP core it needs to distinguish which routes belong to which VRFs, and to understand which interfaces belong to which OSPF processes Ri(config)#router ospf 10 vrf A-t Ri(config-router)#network 172.16.15.1 0.0.0.0 area 0 Ri(config-router}#end Rr#sh ip ospf neighbor NeighborID Pri State Dead Time Address interface 140.34 0 FULL{- 00:00:32 4.4.4.1 Serialt/t 12.034 0 FULL/- 00:00:32. 1.14.2 Ri#sh ip ospf 10 neighbor NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 91NeighborID Pri State Dead Time Address _ interface 5.5.5.5 1 FULLIDR 00:00:34 172.16.15.5 FastEtherneto/o Rrésh ip route vrf A. ospf 5.0.0.0/32 is subnetted, 1 subnets © 55.5.5 [110/2] via 172.16.15.5, 00:01:18, FastEtherneto/o R6(config)#router ospf 1 R6(config-router)#network 172.16.36.6 0.0.0.0 area o R6(config-router)#network 6.6.6.6 0.0.0.0 area o R6(config-router)#end R3(config)#router ospf 30 vrf A2 R3(config-router)#network 172.16.36.3 0.0.0.0 area 0 R3(config-router)#end R3#sh ip ospf 30 neighbor Neighbor ID Pri State Dead Time Address interface 6.6.6.6 1 FULLIDR 00:00:36 172.16.36.6 _FastEthemeto/o R3#sh ip route vrf A2 ospf Routing Table: A2 6.0.0.0/32 is subnetted, 1 subnets (CMMSGELE [10/2] Via 7ANE.36.6, 00:00:18, FastEthernetolo TASK: + Configure VPNV4 peering between both the PE Routers (R1/R3). Ri(config)#router bgp 500 Ri(config-router)#no bgp default ipv4-unicast Ri(config-router)#neighbor 13.0.0.1 remote-as 500 1(contig-router)éneighbor 13.0.0.1 update-source loopback 0 Ri(config-router)#address-family vpnv4 unicast ( ( ( ( (config-router-af)#neighbor 13.0.0.1 activate Ri(config-router-af #neighbor 13.0.0.1 send-community extended Ri(config-router-af)#neighbor 13.0.0.1 next-hop-self Ri(config-router-af}wend R3(config)router bgp 500 R3(config-router)# no bgp default ipv4-unicast 3(config-router)# neighbor 11.0.0.1 remote-as 500 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 92R3(config-router)# neighbor 11.0.0.1 update-source loopback 0 R3(configrouter)# address-family vpnv4 unicast R3(config-router-af)# neighbor 1.0.0.1 activate R3(config-router-af}# neighbor 1.0.0.1 send-community extended R3(configrouter-af)# neighbor 1.0.0.1 next hop-self R3(config-router-af)# end Rrésh ip bgp vpnv4 all summary BGP router identifier 11.0.3.1, local AS number 500 BGP table version is 1, main routing table version + Neighbor VAS MsgRevd MsgSent TbiVer InQ OutQ Up/Down State/PfxRed TASK: + Configure Mutual Redistribution on PE routers between OSPF & BGP under VRF. + Ensure that CE routers on both sites (R5/R6) should have reachability between them. Ri(config)#router bgp 500 Ri(config-router)#address-family ipva vrf A+ ( ( «(config-router-af)#redistribute ospf 10 vrf A-1 mateh internal external external? ( ( 2 Ri(config-router-af#exit Ri(config-router)exit © If you configure the redistribution of OSPF into BGP without keywords, only OSPF intra-area and inter-area routes are redistributed into BGP, by default. + You can use the internal keyword along with the redistribute command under router bgp to redistribute OSPF intra- and inter-area routes. © Use the external keyword alon routes into BGP. * With theexternal keyword, you have three choices: 1. redistribute both external type-t and type-2 (Default) 2. redistribute type 3. redistribute type-2 with the redistribute command under router bgp to redistribute OSPF external Ri(config)#router ospf 10 vrf A-t Ri(config-router)éredistribute bgp 500 subnets Ri(config-router}#end R34sh ip bgp vpnv4 all summary BGP router identifier 13.0.3.1, local AS number 500 BGP table version is 5, main routing table version 5 2 network entries using 274 bytes of memory 2 path entries using 136 bytes of memory 3/2 BGP path/bestpath attribute entries using 372 bytes of memory NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution: om Page 931 BGP extended community entries using 40 bytes of memory © BGP route-map cache entries using 0 bytes of memory © BGP filterlist cache entries using 0 bytes of memory BGP using 822 total bytes of memory BGP activity 2/0 prefixes, 2/0 paths, scan interval 15 secs Neighbor VAS MsgRevd MsgSent_TbiVer InQ OutQ Up/Down State/PfxRed 1.0.01 4 500 tt 7 5 0 00:04:47 2 R3#sh ip bgp vpnv4 all BGP table version is 5, local router 1D is 13.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, F RIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for vrf A-2) *5172.16.15.0/24 11,0.0.1 0 100 oF R3#sh ip route vrf A2 Routing Table: A2 Codes: C- connected, S- static, R- RIP, M- mobile, B- BGP D-EIGRP, EX- EIGRP external, O- OSPF, IA- OSPF inter area N1- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1- OSPF external type 1, E2 - OSPF external type 2 i-1SAS, su-IS15 summary, L1-1S-1S level, L2-IS-IS level-2 ia ISAS inter area, * - candidate default, U- per-user static route 0- ODR, P- periodic downloaded static route Gateway of last resort is not set 5.0.0.0/32 is subnetted, 1 subnets B 5.5.55 [200)2] via 1.0.0.1, 00:08:46 6.0.0.0/32 is subnetted, 1 subnets © 6.6.6.6 [110]2] via 172.16.36.6, 00:07:11, FastEthemeto/o 172.16.0.0/24 is subnetted, 2 subnets C 172.16.36.0 is directly connected, FastEtherneto/o B_ 172.16.15.0 [20/0] via 11.0.0.1, 00:01:46 3(config)#router bgp 500 R3(config-router}#address-family ipv4 vrf A-2 3(config-router-af)#redistribute ospf 30 vrf A-2 match internal external t external 2 R3(config-router-af)#end NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 94R3(config)#router ospf 30 vrf A2 R3(config-router)redistribute bgp 500 subnets R3(config-router)¥end Riésh ip bgp vpnva all BGP table version is 9, local router ID is 1.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, F RIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete Network NextHop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for vrf A-t) *> 172.16.15.0124 0.0.0.0 © 32768? *51172.16.36.024 13.0.0.1 © 100 0? Ri#sh ip route vrf At Routing Table: At Codes: C- connected, S- static, R-RIP, M-mobile, B- BGP D-EIGRP, EX- EIGRP external, © - OSPF, IA- OSPF inter area N1- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 £1- OSPF external type 1, E2- OSPF external type 2 i-1SAS, su-ISAS summary, L1- 15-5 level, L2-IS-1S level-2 ja-1S-S inter area, * -candidate default, U - per-user static route 0-ODR, P -periodic downloaded static route Gateway of last resort isnot set 5.0.0.0)32's subnetted, 1 subnets © 5.5.5.5 [110)2] via 172.16.15.5, 00:02:35, FastEthemeto/o 6.0.0.0]32 is subnetted, 1 subnets B 6.6.6.6 [200/2] via 13.0.0.1, 00:00:43 172.16.0.0/24 is subnetted, 2 subnets B 172.16.36.0 [200]o] via 13.0.0.1, 00:00:43 © 172.16.15.0 is directly connected, FastEtherneto/o Ri#sh ip route vrf A bgp 6.0.0.0/32 is subnetted, 1 subnets B 6.6.6.6 [200/2] via 13.0.0.1, 00:00:47 172.16.0.0/24 is subnetted, 2 subnets B 172.16.36.0 [200/0] via 13.0.0.1, 00:00:47 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 95Redping vrf A+ 6.6.6.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip minjavgimax = 60/85/116 ms Rs#sh ip route ospf 6.0.0.0/32 is subnetted, 1 subnets (IE 6.6.65 [ol] via 651, OOS Fstethemetolo 172.16.0.0/24 is subnetted, 2 subnets OED 172.16.36.0 [10/1] via 172.16.15.1, 00:01:21, FastEtherneto/o Rs#ping 6.6.6.6 source loopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: Packet sent with a source address of 5.5.5.5 Success rate is 100 percent (5/5), round-trip min/avgimax = 96/124/176 ms R6#sh ip route ospf 1/32 is subnetted, + subnets (ERNE BSS [10/2] via 172.16.36.3, 00:01:27, FastEthernetojo 172.16.0.0/24 is subnetted, 2 subnets OE2 172.16.15.0 [110)t] via 172.16.36.3, 00:01:27, FastEtherneto/o NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 96OSPF in MPLS VPN NA. » In MPLS, BGP becomes the backbone for Customer network. » Every site runs separate OSPF » Exchange routes through Redistribution NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions.com Page 97OPSF Super Backbone NA. » MPLS VPN extends concept of OSPF » Another backbone over Area 0 » OSPF Super backbone is exact like Area 0 of OSPF OPSF Super Backbone ( Contd) NEA, » Goals: © OSPF Sites uses normal ee eee redistribution © OSPF continuity must be provided + Internat must be internal + External routes must be External + OSPF metric preserved » Rules: rac Type 35a © OSPF Super backbone is exact like Area 0 of OSPF. + PE routers are advertised as ABR = Routes from Area 0 of sitel / site 2 seen as OIA NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 98Oenr Domain-id A. PE routers mark OSPF routes with the domain attribute » It is derived from the OSPF process number » Indicates whether the route originated within the same OSPF domain or from outside it. » If domain ID value on both PE + matches OIA + No match E /e2 If domain-ID same MN OA. Tpe2sn pes If domain-ID not same NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution ‘om Page 99* By default the routes exchanged between two CE routers will see the routes of the other site as LASS (E1/E2) routes. + Asthey get from CE to CE (r5 to R6 ) via OSPF redistributed through BGP * And hence those routes are considered as OE1/OE2 routes when they reach the other end of CE. To change these routes OE1/OE2 routes exchange between CE routers (R5/R6) to OIA routes there are two possible solutions 1. Use same process ID on both PE routers ( Ri/R3) for VRF 2. Change the domainD same on both PE routers ( Ri/R3) TASK: + Configure Rt & R3 to ensure that OSPF routes learned from other end should be seen as LSA 3 ( OIA) routes instead of o£1/0E2 using DOMAIN-D Ri#sh ip bgp vpnva vrf A15.5.5.5, BGP routing table entry for 500:135.5.5.5/32, version 4 Paths: (1 available, best #1, table A-1) Advertised to update-groups: 1 Local 172.16.15,5 from 0.0.0.0 (11.0.3.1) Origin incomplete, metric 2, localpref 100, weight 32768, valid, sourced, best Extended Community: RT:500:1 OSPF DOMAIN 1D:0x0005:0x0000000A0200 OSPF RT:0.0.0.0:2:0 OSPF ROUTER 1D:172.16.15.10 mpls labels injout 107/nolabel R3#sh ip bgp vpnv4 vrf A-2 6.6.6.6 BGP routing table entry for $00:1:6.6.6.6/32, version 8 Paths: (1available, best #1, table A2) Advertised to update-groups: 1 Local 172.16.36.6 from 0.0.0.0 (13.0.3.1) Origin incomplete, metric 2, localpref 100, weight 32768, valid, sourced, best Extended Community: RT:500:1 OSPR DOMAIN ID:0x0005:0x0000001E0200 OSPF RT:0.0.0.0:2:0 OSPF ROUTER 1D:172.16.36.3:0 mpls labels injout 304/nolabel Ri(config)#router ospf 10 vrf A-t Ri(config-router) Ri(config-router)#exit R3(config)#router ospf 30 vrf A2 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 1003(config-router)4omtain-ia T6:40:10:10 R3(config-router)#exit R3#clear ip bgp vpnv4 unicast 500 R3#sh ip bgp vpnv4 all summary BGP router identifier 13.0.3.1, local AS number 500 BGP table version is 19, main routing table version 19 4 network entries using 548 bytes of memory 4 path entries using 272 bytes of memory 5/4 8GP pathjbestpath attribute entries using 620 bytes of memory 2 BGP extended community entries using 80 bytes of memory © BGP route-map cache entries using 0 bytes of memory © BGP filterlist cache entries using 0 bytes of memory BGP using 1520 total bytes of memory BGP activity 4/o prefixes, 6/2 paths, scan interval 15 secs Neighbor VAS MsgRevd MsgSent_TbiVer InQOutQ Up/Down State/PfxRed 110.01 4 500 33 33 19 0 00:04 2 R3#sh ip bgp vpnva vrF A-26.6.6.6 BGP routing table entry for $00:1:6.6.6.6/32, version 12 Paths: (1 available, best #, table A2) Flag: oxAo0 Advertised to update-groups: 1 Local 172.16.36.6 from 0.0.0.0 (13.0.3.1) Origin incomplete, metric 2, localpref 100, weight 32768, valid, sourced, best Extended Community: RT:500:1 OSPRIDOMAIN ID:0X0605!0XGAGAGAGAG300 OSPF RT:0.0.0.0:2:0 OSPF ROUTER 1D:172.16.36.3:0 mpls labels injout 304/nolabel Rvésh ip bgp vpnva vrf A15.5.5.5, BGP routing table entry for Soo:ts. Paths: (1 available, best #1, table At) Flag: oxA0o Advertised to update-groups: 1 Local 172.16.15.5 from 0.0.0.0 (11.0.3-1) Origin incomplete, metric 2, localpref 100, weight 32768, valid, sourced, best Extended Community: R500 OSPFIDOMAIN ID:x0005:0x0NOASABAGHGS OSPF RT:0.0.0.0:2:0 OSPF ROUTER 1D:172.16.15.1:0 +5.5/32, version 10 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 101mpls labels injout 107/nolabel R6#sh ip route ospf 5.0.0.0/32 is subnetted, 1 subnets 17216.0.0/24 is subnetted, 2 subnets OIA. 172.16.15.0 [110)2] via 172.16.36.3, 00: R5#sh ip route ospf 6.0.0.0/32 is subnetted, 1 subnets 172.16.0.0/24 is subnetted, 2 subnets O1A. 172.16.36.0 [110)2] via 172.16.15,1, 00:01:33, FastEtherneto/o :02, FastEtherneto/o NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 102OSPF Sham-link NA. » O>OIA> El >E2 MOA. What is OSPF Sham-link » A logical intra-area link. » Carried by the super backbone, » A sham link is required only between two VPN sites that belong to the same area and have a backdoor link for backup purposes. » OSPF adjacency is established across the sham link. » LSA flooding occurs across the sham link. (pastes oule- Preferes NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 103Configuring OSPF Sham-link NA. 1. Create a loopback interface with /32 mask on both PE routers 2. Configure the loopback interface under the VRF 3, Advertise the loopback interface in BGP vrf address- family 4. Configure OSPF Sham-link in OSPF vrf between PE routers Ri(config)#router ospf 10 vef A-1 Ri(config-router)#area 0 sham-link 100.5.5.5 100.6.6.6 | NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 104voorsacKs 12.00.1/28 12011/38 LooPRAcKs Y.00.1/28 ieo11/26 14.0.2:1/28 1403.1/28 TASK: ‘© Continue with the configurations done in the previous lab. ‘© Connnect one serial link (backup link) between R5/R6. © Configure Rt & R3 in Area 0 to ensure that OSPF routes learned from other end should Prefer MPLS backbone. R5(config)#int s1/o R5(configif)#ip address 10.0.56.5 255.255.255.0 R6(config)#int s1/o R6(configiif)ip address 10.0.56.6 255.255.255.0 R6(configiif}#no sh R6(configif}#end RG#pIng 10.0.56.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.56.5, timeout is 2 seconds: Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 105Success rate is 100 percent (5/5), round-trip min/avgimax = 20/56/140 ms. RS/R6 R5(config)#router ospf1 5(config-router}#network 10.0.56.0 0.0.0.255 area 0 R5(config-router)#exit R5#sh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 6.6.6.6 0 FULL/- 00:00:32 10.0.56.6 Serialt/o 172.1651 1 FULL/BDR 00:00:36 172.16.15.1 FastEtherneto/ R5#sh ip route ospf 6.0.0.0/32 is subnetted, 1 subnets © 66.6.6 {10/65] va 10.0566, 0009, Serato 172.16.0,0/24 is subnetted, 2 subnets O — 172.16.36.0 [110/65] via 10.0.56.6, 00: 242, Serialt/o * OSPF Default preferred path selctionis based on route-type 0 > OIA > £1 >E2 + Inoder to prefer MPLS first thing is we need to change the route-type over MPLS to be seen as “0” routes instead of o£1/0E2 or OIA ( making both the route-type has tobe same) + TOmake the above thing possible we need to Configure OPSF SHAM-LINK between Ri and R3 Steps to Configure OPSF SHAM-LINK 1. Create a loopback interface with /32 mask on both PE routers 2. Configure the loopback interface under the VRF 3. Advertise the loopback interface in BGP vrf address-family 4. Configure OSPF Shamink in OSPF vrf between PE routers: 5. NOTE: + If we want we can remove the domain-id command configured in the previous task + Matching domain‘d is not pre-requirement anyway to configure Sharlink + using shamdink we can convert either LSA3 ( O1A) of LSA5 (E1/0£2) routes in to LSA 1 routes when it reaches the other end of CE Ri(config)int loopback 10 Ri(config-f}#ip vrf forwarding A-t Ri(configcif}#ip address 100.5,5.5 255.255.255.255 Ri(config.if}exit Ri(config)#router bgp 500 Ri(config-router)#address-family ipv4 vrf Aa Ri(config-router-af)#network 100.5.5.5 mask 255.255.255.255 Ri(config-router.af)#exit NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 106Ri(config)#router ospf 10 vrf A-t Ri(config-router)#area 0 sharn-link ? A.B.CD IP addr associated with sham-link source Ri(config-router)#area 0 shamlink 100.5.5.5 100.6.6.6 Ri(config-router)exit R3(config)#int loopback 10 R3(config:f)#ip vrf forwarding A-2 R3(configif)#ip address 100.6.6.6 255.255.255.255 R3(config)#router bgp 500 R3(config-router)¥address-family ipva vrf A-2 3(config-router-af)#network 100.6.6.6 mask 255.255.255.255 R3(config-router-af)#exit R3(config-router}¥exit R3(config)#router ospf 30 vrf A-2 R3(config-router)#area 0 shanr-link 100.6.6.6 100.5.5.5 R3(config-router)#end R3#sh ip ospf neighbor Neighbor ID Pri State Dead Time Address _ Interface 14.031 0 FULL! - 00:00:38 3.3.3.2. Serialt/t 12.031 0 FULL/- 00:00:38 2.221 Serialt/o 6.6.6.6 1 FULL/DR 00:00:32 172.16.36.6 FastEthernetojo R5#sh ip route ospf 100.0.0.0]32:is subnetted, 2 subnets O€2 100.5.5.5 [tto/t] via 172.16.15.1, 00:01:41, FastEtherneto/o O€2 100.6.6.6 [110}t] via 172.16.15.1, 00:01:41, FastEtherneto/o 6.0.0.0/32 is subnetted, 1 subnets 172.16.0.0/24 is subnetted, 2 subnets © 172.16.36.0 [110/3] via 172.16.15.1, 00:01:41, FastEtherneto/o R6#sh ip route ospf 100.0.0.0]32 is subnetted, 1 subnets O€2 100.5.5.5 [t1o/t] via 172.16.36.3, 00:01:42, FastEtherneto/o 5.0.0.0/32 is subnetted, 1 subnets 172.16.0.0/24 is subnetted, 2 subnets NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 107© 172.16.15.0 [110/65] via 10.0.56.5, 00:10:54, Seriah/o NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 108‘ea odPacks 14.00.1/28 140.11/28 1402.1/28 1403.1/24 TASK: If you start from Basic then follow below steps: 1. Configure IGP inside SP Core ( Ri/R2/R3/R4) under OSPF area 0 2. Configure MPLS LDP inside the SP core ( Ri/R2/R3/R4) 3. Connect R5 & R6 and Assign IP addressing as per the Diagram and Verify Connectivity. 4. Create VRF A-1on Site 1 (on Rt) and VRF A-2on site-2 (R3) 5. RD & Route Target value should be 50011 for both sites 6. 7 ‘On Rt Assign interfaces facing CE (R5) under VRF A-t ‘On Rs Assign interfaces facing CE (R6) under VRF A-2 (The Above tasks are preconfigured in the first MPLS LDP Lab Here we assume the above tasks are preconfigured and we are continuing from previous t lab configs) Check the previous labs for detailed step by step configurations. OR Incase if you are about to continue from previous lab then © Remove OSPF configurations on PE and CE © Remove BGP configs from both PE routers © Romove the loopback 10 interface used for Shamlink Ri Ri(config)# no router bgp 500 Ri(config)# no router ospf 10 NOA solutions,N.K Arcade, 2nd & 3rd floor Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 109x(config)# no int loop 10 R3 R3(config)# no router bgp 500 R3(config)# no router ospf 30 R3(config)# no int loop 10 Rs and R6 Rx(config)#no router ospf 1 TASK: + Configure Routing between PE and CE using EBGP on both Ends. + Use AS-500 For SP Core, AS 5600 for both the customer sites + Ensure that PE routers (Rt & R3) should be able to ping CE routers (R5/R6) LAN interfaces respectively. Rs(config)#router bgp 5600 Rs(config-router)#neighbor 172.16.15.1 remote-as 500 Rs(config-router)#no auto-summary 5(config-router)#no synchronization ( ( ( Rs(config-router)#network 5.5.5.5 mask 255.255.255.255, R5(config-router)#network 172.16.15.0 mask 255.255.255.0 R5(config-router}#exit Ri(config)# router bgp 500 Ri(config-router)éno bgp default ipv4-unicast Ri(config-router)# address-family ipvg vrf Ac Ri(config-router-af #neighbor 172.16.15,5 remote-as 5600 1(config-router.af)# neighbor 172.16.15.5 activate ( ( ( ( 1(config-router.af)# no auto-summary Ri(config-router-af)# no synchronization Ri(config-router-af network 172.16.15.0 mask 255.255.255.0 Ri(config-router-afvexit Rvésh ip bgp vpnv4 all summary BGP router identifier 11.0.3.1, local AS number 500 BGP table version is 6, main routing table version 6 2 network entries using 274 bytes of memory 3 path entries using 204 bytes of memory 4/2 BGP pathybestpath attribute entries using 496 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory 1 BGP extended community entries using 24 bytes of memory © BGP route-map cache entries using 0 bytes of memory © BGP filterlist cache entries using 0 bytes of memory BGP using 1022 total bytes of memory NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 110BGP activity 2/0 prefixes, 3/0 paths, scan interval 15 secs Neighbor V_AS MsgRcvd MsgSent TbiVer InQ OutQ Up/Down State/PfxRed 17216155 45600 10 1 6 © O00:05:25 2 Riésh ip bgp vpnva all BGP table version is 6, local router ID is 1.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, F RIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete Network NextHop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for vrf A-t) 55555132 17216155 (056001 > 172.1645.0/24 0.0.0.0 0327681 . 172.16.15.5, © 056001 Riésh ip route vrf At Routing Table: Ad Codes: C-connected, S- static, R-RIP, M-mobile, B- BGP D-EIGRP, EX-EIGRP external, O- OSPF, IA- OSPF inter area N1- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1- OSPF external type 1, E2- OSPF external type 2 1-1S4S, su-IS1S summary, L1-1S-1S level, L2-IS.1S level-2 ja-1S:S inter area, * - candidate default, U-peruser static route 0- ODR, P- periodic downloaded static route Gateway of last resort is not set 5.0.0.0)32s subnetted, 1 subnets B 555.5 [20/0] via 172.16.15.5, 00:06:43 172.16.0.0/24 is subnetted, 1 subnets © 172.16.15.0 is directly connected, FastEtherneto/o R6(config)#router bgp 5600 R6(config-router)¢neighbor 172.16.36.3 remote-as 500 R6(config-router)#no auto-summary R6(config-router)#no synchronization R6(config-router)#network 6.6.6.6 mask 255.255.255.255 R6(config-router)#network 172.16.36.0 mask 255.255.255.0 R6(config-router)#exit R3(config)#router bgp 500 3(config-router)#no bgp default ipv4-unicast R3(config-router)#address-family ipv4 vrf A-2 R3(config-router-af)#neighbor 172.16.36.6 remote-as 5600 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 111R3(config-router-af)¢neighbor 172.16.36.6 activate R3(config-router-af)#redistribute connected R3(config-router-af)#exit R3#sh ip bgp vpnv4 all summary BGP router identifier 13.0.3.1, ocal AS number 500 BGP table version is 6, main routing table version 6 2 network entries using 274 bytes of memory 3 path entries using 204 bytes of memory 4/2 BGP pathybestpath attribute entries using 496 bytes of memory 1. BGP AS-PATH entries using 24 bytes of memory 1 BGP extended community entries using 24 bytes of memory © BGP route-map cache entries using 0 bytes of memory © BGP filterlist cache entries using 0 bytes of memory BGP using 1022 total bytes of memory BGP activity 2/0 prefixes, 3/0 paths, scan interval 15 secs Neighbor VAS MsgRevd MsgSent_TbiVer InQOutQ Up/Down State/PfxRed R3#sh ip bgp vpnv4 all BGP table version is 6, local router ID is 13.0.3. Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, FRIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete Network NextHop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for vrf A-2) * 172.16.36.6 ° 056001 R3#sh ip route vrf A2 Routing Table: A2 Codes: C- connected, S- static, R- RIP, M-mobile, B- BGP D-EIGRP, EX- EIGRP external, © - OSPF, IA- OSPF inter area N1- OSPF NSSA external type 1, N2- OSPF NSSA external type 2 E1- OSPF external type 1, E2 - OSPF external type 2 i-1S4S, su-IS-S summary, L1- 1S: level, L2-IS-1S level-2 ia ISAS inter area, * - candidate default, U -per-user static route 0- ODR, P- periodic downloaded static route Gateway of last resort isnot set 6.0.0.0/32 is subnetted, 1 subnets NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 112172.16.0.0/24 is subnetted, 1 subnets, © 172.16.36.0 is directly connected, FastEtherneto/o Configuring VPNV4 Peering Rréping 13.0.0.1 source 1.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 13.0.0.1, timeout is 2 seconds: Packet sent with a source address of 11.0.0.1 Success rate is 100 percent (5/5), round-trip min/avgimax = 40/56/76 ms Ri(config)#router bgp 500 Ri(config-router)no bgp default ipv4-unicast Ri(config-router)#neighbor 13.0.0.1 remote-as 500 Ri(config-router)¢neighbor 13.0.0.1 update-source loopback 0 Ri(config-router}¥address-family vpnvg unicast ( ( ( ( 2 (config-router-af)#neighbor 13.0.0.1 activate Ri(config-router-af)#neighbor 13.0.0.1 send-community extended Ri(config-router-af #neighbor 13.0.0.1 next-hop-self Ri(config-router-af wend R3(config)#router bgp 500 R3(config-router)# no bgp default ipv4-unicast R3(config-router}# neighbor 11.0.0.1 remote-as 500 R3(configrouter)# neighbor 11.0.0.1 update-source loopback 0 R3(config-router)# address-family vpnv4 unicast R3(config-router-af)# neighbor 1.0.0.1 activate R3(config-router-af)}# neighbor 1.0.0.1 send-community extended R3(config-router-af)# neighbor 1.0.0.1 next-hop-self R3(config-router-af)# end R3#sh ip bgp vpnv4 all summary BGP router identifier 13.0.3, local AS number 500 BGP table version is 10, main routing table version 10 4 network entries using 548 bytes of memory 5 path entries using 340 bytes of memory 6/4 BGP path/bestpath attribute entries using 744 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory 1 BGP extended community entries using 24 bytes of memory © BGP route-map cache entries using 0 bytes of memory 0 BGP filterlist cache entries using 0 bytes of memory NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 113BGP using 1680 total bytes of memory BGP activity 4/o prefixes, 5/o paths, scan interval 15 secs, Neighbor VAS MsgRevd MsgSent TbiVer InQ OutQ Up/Down State/PfxRed 1.0.01 4 500 7 7 10 0 OO0:0116 2 172.1636.6 45600 13 16 R3#sh ip bgp vpnv4 all BGP table version is 10, local router ID is 13.0.; Status codes: s suppressed, d damped, h history, * valid, > best, FRIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete internal, Network Next Hop Metric LocPrf Weight Path Route Distinguisher 508 (CEUTA A) *> 6.6.6.6/32 _ 172.16.36.6 © 056001 *51172.16.15.0124 1.0.0.1 0 100 oi #5 172.16,36.0124 0.0.0.0 © 32768? . 17216366 0 056004 R3#sh ip route vrf A2 Routing Table: A2 Codes: C- connected, S- static, R- RIP, M- mobile, B- BGP D-EIGRP, EX-EIGRP external, O- OSPF, IA- OSPF inter area N1- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1- OSPF external type 1, £2 - OSPF external type 2 i-1SAS, su-IS1S summary, L1-1S-1S level, L2-IS-IS level-2 ia ISAS inter area, * - candidate default, U- per-user static route 0- ODR, P- periodic downloaded static route Gateway of last resort isnot set 5.0.0.0/32 is subnetted, 1 subnets B 555.5 [200/0] via 1.0.0.1, 0:01:17 6.0.0.0/32 is subnetted, 1 subnets B 6.6.6.6 [20/0] via 172.16.36.6, 00:08:25, 172.16.0.0/24 is subnetted, 2 subnets C — 172.16.36.0 is directly connected, FastEtherneto/o Rvésh ip bgp vpnv4 all summary BGP router identifier 11.0.3.1, local AS number 500 BGP table version is 10, main routing table version 10 4 network entries using 548 bytes of memory 5 path entries using 340 bytes of memory NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 1146/4 BGP path/bestpath attribute entries using 744 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory 1 BGP extended community entries using 24 bytes of memory © BGP route-map cache entries using o bytes of memory © BGP filterlist cache entries using 0 bytes of memory BGP using 1680 total bytes of memory BGP activity 4/o prefixes, 5/o paths, scan interval 15 secs, Neighbor V_AS MsgRcvd MsgSent TbiVer InQ OutQ Up/Down State/PfxRed 13.0.0.1 4500 7 7 10 0 000:01:48 2 17216155 45600 18 ™ 10 0 0001300 2 Ri#sh ip bgp vpnv4 all BGP table version is 10, local router ID is 1.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, F RIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for vrf A-1) 455.5,5.5/32 172.16.15.5 © 056001 #5 172.16.15.0124 0.0.0.0 © 327681 * 172.16.15.5, © 056001 Riésh ip route vrf A+ Routing Table: A Codes: C-connected, S- static, R- RIP, M- mobile, B- BGP D-EIGRP, EX- EIGRP external, O- OSPF, IA- OSPF inter area N1- OSPF NSSA external type 1, N2- OSPF NSSA external type 2 E1- OSPF external type 1, E2 - OSPF external type 2 i-1SAS, su-IS-1S summary, L1-1S1S level, L2-IS-IS level-2 ia ISAS inter area, * - candidate default, U -per-user static route 0- ODR, P- periodic downloaded static route Gateway of last resort is not set 5.0.0.0/32 is subnetted, 1 subnets 5.5.5 [20/0] via 172.16.15.5, 00:1 6.0.0.0/32 is subnetted, 1 subnets 172.16.0.0/24 is subnetted, 2 subnets B 172.16.36.0 [2000] via 13.0.0.1, 00:01:43 8 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 115C 172.16.15.0 is directly connected, FastEtherneto/o Rvéping vrf A-1 6.6.6.6 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: Success rate is 0 percent (0/5) Rs#sh ip route Codes: C-connected, S- static, R- RIP, M- mobile, B- BGP D-EIGRP, EX- EIGRP external, O- OSPF, IA- OSPF inter area N1- OSPF NSSA external type 1, N2- OSPF NSSA external type 2 E1- OSPF external type 1, E2 - OSPF external type 2 1-1SAS, su-IS-1S summary, L1- ISS level, L2-IS-S level-2 ja-1S:S inter area, * -candidate default, U-per-user static route 0- ODR, P- periodic downloaded static route Gateway of last resort isnot set 5.0.0.0/32 is subnetted, 1 subnets C 5.5.5.5 is directly connected, Loopbacko 172.16.0.0/24 is subnetted, 2 subnets B 172.16.36.0 [20/0] via 172.16.15.1, 00:03:07 C 172.16.15.0 is directly connected, FastEtherneto/o R6#sh ip route Codes: C- connected, S- static, R- RIP, M- mobile, B - BGP D-EIGRP, EX- EIGRP external, O- OSPF, IA- OSPF inter area N1- OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1- OSPF external type 1, £2 - OSPF external type 2 i-1S4S, su-IS-1S summary, L1- 1S-S level, L2-IS-1S level-2 ja-1S:S inter area, * -candidate default, U- per-user static route 0- ODR, P- periodic downloaded static route Gateway of last resort isnot set 6.0.0.032 is subnetted, 1 subnets C 6.6.6.6 is directly connected, Loopbacko 172.16.0.0/24 is subnetted, 2 subnets C 172.16.36.0 is directly connected, FastEtherneto/o B 172.16.15.0 [20]0] via 172.16.36.3, 00:03:19 NoTES: * Noroutes get installed because the CE routers re the routes with its own AS coming from other sites * Soas per BGp it will not install the routes in the BGP table If the customer has the same ASN at different sites, the CE routers drop the BGP routes * The CE router drops the BGP update as it sees that its own ASN 5600 is in the update. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 116This behavior is the default behavior of BGP and is a prevention mechanism against loops in BGP. ‘This means that if the customer had his own private network (with only t autonomous system number) before using the MPLS VPN service from the service provider, he would now have to use different autonomous system numbers for each site. This is tedious, and new autonomous system numbers are almost impossible to get. The customer can use ASNs from the private ASN range [64512-65535]. However, an easier solution is available, and it involves having the PE router replace the customer ASN in the as. path with the ASN of the service provider. The command that you need to configure on the PE router to override the ASN is neighborip-address as- override. Rr#sh ip bgp vpnva all BGP table version is 10, local router ID is 1.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- F RIB-ailure, S Stale ternal, Origin codes: i-IGP, e- EGP, ?- incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for vrf A-t) ¥55.5.5.5/32 _172.1615.5 © 056001 #5 172.16.15.0/24 0.0.0.0 0 327681 * 17216.15.5, © 056001 *51172.16.36.0124 13.0.0.1 © 100 0? R3#sh ip bgp vpnv4all BGP table version is 10, local router ID is 13.0.; Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, FRIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete Network NextHop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for vrf A-2) *5 6.6.6.6/32 172.16.36.6 © 056001 #5i172.16.15.0124. 11.0.0. © 100 of #5 172.16.36.0/24 0.0.0.0 © 32768? * 172.16.36.6 © 056004 Ri(config)#router bgp 500 Ri(config-router)#address-family ipv4 vrf A-t Ri(config-router-afy#neighbor 172.16.15,5 as-override Ri(config-router-af exit NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 117R5#sh ip route Codes: C-connected, S- static, R- RIP, M-mobile, B- BGP D-EIGRP, EX-EIGRP external, O - OSPF, IA- OSPF inter area N1- OSPF NSSA external type 1, N2- OSPF NSSA external type 2 E1- OSPF external type 1, E2 - OSPF external type 2 1-1S4S, su-IS-1S summary, L1- ISS level, L2-1S-1S level-2 ja-1S:S inter area, * - candidate default, U- per-user static route 0- ODR, P- periodic downloaded static route Gateway of last resort isnot set 5.0.0.0/32 is subnetted, 1 subnets © 5.55.5is directly connected, Loopbacko 6.0.0.0/32 is subnetted, 1 subnets B 6.6.6.6 [200] via 172.16.15.1, 00:02:20 172.16.0.0/24 is subnetted, 2 subnets B_172.16.36.0 [20/0] via 172.16.15.1, 00:02:20 C _ 172.16.15.0 is directly connected, FastEtherneto/o Rs#sh ip bgp BGP table version is 7, local router ID is 5.5.5.5 Status codes: s suppressed, d damped, h history, * valid, > best, I-internal, FRIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete Network Next Hop Metric LocPrf Weight Path #5 55,55/32 0 © 327681 * 972.16.15.0/24 172.1615. © 0500% s 0.0.0.0 0 327681 #5 172.16.36.0/24. 172.16.1541 0500? R3(config)#router bgp 500 R3(config-router)#address-family ipv4 vrf A-2 3(config-router-af)#neighbor 172.16.36.6 as-override R3(config-router-af#end R6Ash ip route Codes: C - connected, S- static, R - RIP, M- mobile, B - BGP D-EIGRP, EX-EIGRP external, O- OSPF, IA- OSPF inter area N1- OSPF NSSA external type 1, N2- OSPF NSSA external type 2 E1- OSPF external type 1, E2- OSPF external type 2 i115, su-IS-1S summary, L1-1S-1S level, L2 -IS4S level-2 ia-ISIS inter area, * - candidate default, U - per-user static route 0-ODR, P- periodic downloaded static route NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 118Gateway of last resort isnot set 5.0.0.0/32 is subnetted, 1 subnets B 5.5.5.5 [2ol0] via 172.16.36.5, 00:00:10 6.0.0.0/32 is subnetted, 1 subnets C 6.6.6.6 is directly connected, Loopbacko 172.16.0.0/24 is subnetted, 2 subnets C 172.16.36.0 is directly connected, FastEtherneto/o B_ 172.16.15.0 [20/0] via 172.16.36.3, 00:00:10 R6#sh ip bgp BGP table version is 9, local router ID is 6.6.6.6 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, F RIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete Network NextHop Metric LocPrf Weight Path ¥5 6.6.6.6/32 0.0.0.0 0 32768! #5 172.16.15.0/24 172:16.36.3 05001 * 172.16,36.0/24 17246363 0 +—--0500? % 0.0.0.0 0 327681 R6#ping 5.5.5.5 source loopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: Packet sent with a source address of 6.6.6.6 Success rate is 100 percent (5/5), round-trip min/avgimax = 108/162/220 ms R3éping vif A25.5.5.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip minavgimax = 64/85/120 ms NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 119Overlap VPN: * Overlapping VPNs are used to provide connectivity between segments of two VPNs. * CErouters participate in simple VPNs. + Some CE routers participate in more than one simple VPN: * There are two uses for overlapping VPNs: 1. Companies that use MPLS VPNs to implement both intranet and extranet services 2. Companies that might decide to limit visibility between departments * Sites that participate in more than one (overlapping) VPN import and export routes with RTs from any VPN in which they participate. + Sites cannot talk to each other ifthey belong to different VPNs. * Overlapping VPN sites are configured with the required RTs + based on the VPN membership. LAB: Overlap VPN: Ry ETT7132 555/32 TASK: * Continue with same Lab done for A-t and A2 sites on R1/R3/R5/R6 where PE to CE Routing is configured using EBGP + Add R7 R8 to existing as per the diagram and configure basic ip addressing Ri(config)int st/2 Ri(config:f}#ip address 172.16.17.1 255.255.255.0 Ri(config-if}#no shutdown Ri(config:f}#exit NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 120R7(config)#int st/2 R7(configif)#no shutdown Ra(config-if)¥ip address 172.16.17.7 255.255.255.0 R7(configif)¥exit R7(config)#int loop 0 R7(configrif)¥ip address 7.7.7.7 255.255.255.255 R7(configif)¥end Ry#ping 172.16.17.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.17.1, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip minjavgimex = 4/21/48 ms R3(config)#int s1/2 R3(config-if}#ip address 172.16.38.3 255.255.255.0 R3(configrf)¢no shutdown R3(configif}exit R8(config)#int loop 0 R8(config-if}#ip address 8.8.8.8 255.255.255.255 R&(config.if}Hexit R8(config)#int si/2 Ra(config.if}fip address 172.16.38.8 255.255.255.0 R8(config-if)#no shutdown R8(config-if}¥end R8éping 172.16.38.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.38.3, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax = 20/30/52 ms TASK: + Configure VRF B-1on Ri and B-2 on R3 using RD /RT value of 50:2 for both sides * Configure interface facing interface under VRF as per the diagram (Ri as Site B-1, R3 as Site B-2) Rr#sh ip vrf interfaces Interface IP-Address VRF Protocol Faolo 1216.15.41 At up Ri(config)ip vrf Ba NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 121Ri(config-vrf}#rd 5002 Ri(config-vrF)#route-target both 500:2 Ri(config-vrF) exit Ri(config)#int si/2 Ri(config-if}#ip vrf forwarding B-t Ri(configcif}# ip address 172.16.17.1 255.255.255.0 Ri(config-if}¥end Rr#sh ip vrf interfaces Interface IP-Address VRF Protocol Faolo 172.1645. At up R3#sh ip vef interfaces Interface IP-address VF Protocol Faolo 172.16.36.3 A2 up R3(config)#ip vrF B-2 R3(config-vrf}#rd 500:2 R3(config-vrf)#route-target both 500:2 R3(config-vrf#exit R3(config)#int s1/2 R3(configcif}#ip vrf forwarding B-2 R3(config-if)#ip address 172.16.38.3 255.255.255.0 R3(configif)¥end R3#sh ip vrf interfaces Interface IP-Address VRF Protocol Faolo 172.16.36.3 A2 up Configure PE CE routing for customer Site B-1 and B-2 using any routing protocol and configure Redistributi required.( here | am using OSPF on sitet and EIGRP on site) R7(config)#router ospf 1 R7(config-router)#network 172.16.17.0 0.0.0.255 area 0 R7(config-router)#network 7.7.7.7 0.0.0.0 a0 R7(config-router)exit Ri(config)#router ospf 10 vrf B-1 Ri(config-router)#network 172.16.17.0 0.0.0.255 area 0 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 122Ri(config-router)#redistribute bgp 500 subnets Ri(config-router)#exit Ri(config-router)#address-family ipv4 vrf B+ Ri(config-router-af redistribute ospf 10 vrf B-1 match internal external Ri(config-router-af exit Rt#ésh ip ospf 10 neighbor NeighborID Pri State Dead Time Address Interface 777-7 0 FULL- 00:00:36 172.16.17.7._ Serialt/2 Rrésh ip route vrf B-1 ospf Routing Table: B-1 7.0.0.0/32 is subnetted, 1 subnets Roping vrf 7.7.7.7 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax = 4/35/76 ms R8(config)#router eigrp 100 R&(config-router)#no auto-summary R8(config-router)#network 172.16.0.0 R8(config-router)#network 8.0.0.0 R&(config-router)Hexit R3(config)#router eigrp 500 3(config-router)#address-family ipva vré B-2 3(config-router-af)/altoniomious system 100 R3(config-router-af)#network 172.16.0.0 3(config-router-af)redistribute bgp 500 metric 11 111 R3(config-router-af)#exit R3(config-router)#exit R3(config)router bgp 500 R3(config-router)#address-family ipv4 vrf B-2 R3(config-router-af)#redistribute eigrp 100 R3(config-router-af)#exit R3#sh ip eigrp vrf B-2 neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 123(Sec) (ms) Cnt Num 0 172.16.38.8 — Seif2——13.00:0134 74 444.03, R3#sh ip route vrf B-2 eigrp 8.0.0.0/32 is subnetted, 1 subnets D_ 8.8.8.8 [90/2297856] via 172.16.38.8, 00:01:14, Serialt/2 R3¢ping vif B.2 8.8.8.8 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8. timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax = 32/108/232 ms R3#sh ip route vrf B-2 Routing Table: B-2 172.16.0.0/24 is subnetted, 2 subnets C 172.16.38.0/s directly connected, Serialt/2 B 172.16.17.0 [200/0] via 1.0.0.1, 00:03:43 7.0.0.0/32 is subnetted, 1 subnets B 7.7.7.7 [200/65] via 1.0.0.1, 00:03:43 8.0.0.0/32 is subnetted, 1 subnets D 8.8.8.8 [90/2297856] via 172.16.38.8, 00% Riésh ip route vrf B+ Routing Table: Bt 172.16.0.0/24 is subnetted, 2 subnets B 172.16.38.0 [200/o] via 13.0.0.1, 00:01:17 © 172.16.17.0iis directly connected, Serialt/2 7.0.0.0/32 is subnetted, 1 subnets © 7.7.7.7 [110165] via 172.16.17.7, 00:04:57, Serialt/2 8,0.0.0/32 is subnetted, 1 subnets R7#sh ip route ospf 172.16.0.0/24 is subnetted, 2 subnets OED 172.16.38.0 [10/1] via 172.16.17.1, 00:01: 8,0.0.0/32 is subnetted, 1 subnets Ry#ping 8.8.8.8 source loopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: Packet sent with a source address of 7.7.7.7 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 124 5» Serial/2Success rate is 100 percent (5/5), round-trip minjavg/max = 28/98/128 ms Rr#trace 8.8.8.8 source loopback 0 Type escape sequence to abort. Tracing the route to 8.8.8.8 1172.16.17.1 120 msec 112 msec 28 msec 2 14.1.2 [MPLS: Labels 23/35 Exp 0] 236 msec 148 msec 76 msec 3 172.16.38.3 [MPLS: Label 35 Exp 0] 120 msec 88 msec 44 msec 4.172.16.38.8 96 msec 84 msec 72 msec TASK: Configure R1/R3 to ensure that cusmtomer site A-/A-2 can exchange routers between Customer sites B-/B-2 R3#sh run | section vrf ip vf A rd 500: route-target export 500:1 route-target import 500:1 pvt rd501 route-target export 500:2 route-target import 500:2 Rrésh run | section vrf ip what rd 501 route-target export 500:1 route-target import 500:1 ip wf B+ rd 50:2 route-target export 500:2 route-target import 500:2 Ri(config)#ip rf A-t Ri(config-vrf}#route-target import 500:2 Ri(config-vrF) exit Ri(config)#ip vrf B+ Ri(config-vrf}#route-target import 500:1 Ri(config-vrF}#exit R3(config)# ip vrf A-2 R3(config-vrf}# route-target import 500:2 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 125A3(configwef}# exit R3(config)# ip vrf B-2 R3(config-vrf}# route-target import 500:1 R3(config-vef# end Rr#sh ip bgp vpnva vrf A+t BGP table version is 24, local router ID is 11 Status codes: s suppressed, d damped, h history, * valid, > best, FRIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete internal, Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for vrf A-t) 455.5.55)82 172.16.15.5 © 056001 *316.6.6.6/32 13.0.0.1 © 100 056001 "7.777132 1724677 6532768? #518.8.8.8)52 13.0.0.1 2297856 100 0? * 172.16.15.0/24. 172.16.15.5 © 056001 » 0.0.0.0 © 32768i #5 172.16.17.0/24 0.0.0.0 © 32768? *5i172.16.36.0/24.13.0.0.1 © 100 oi *3i172.16.38.0/24 13.0.0.4 © 100 0? Rrésh ip bgp vpnva vrf B+ BGP table version is 24, local router 1D is 1. Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, FRIB-ailure, S Stale Origin codes: i- IGP, e- EGP, ?- incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:2 (default for vrf B-t) *57.7-7-7132 172467.7 6532768? *5i8.8.8.8/32 13.0.0.1 2297856 100 0? #5 172.16.15.0/24 0.0.0.0 © 327681 *>172.16.17.0/24 0.0.0.0 0 32768? *51172.16.36.0/24 13.0.0.1 © 100 of *51172.16.38.0/24 13.0.0.1 0 100 0? Rr#sh ip route vrf A+ Routing Table: At Gateway of last resort isnot set NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 1265.0.0.0/32 5 subnetted, 1 subnets B 5.5.5.5 [20/0] via 172.16.15.5, 00: 6.0.0.0/32 is subnetted, 1 subnets B 6.6.6.6 [200/0] via 13.0.0.1, 00:23:27 172.16.0.0/24 is subnetted, 4 subnets 172.16.36.0 [2000] via 13.0.0, 00:23:42 172.16.38.0 [200] via 13.0.0.1, 00:03:57 172.16.17.0 i directly connected, 00:03:57, Seriali/2 172.16.15.0 is directly connected, Fastéthemeto/o 7.0.0.0/32s subnetted, 1 subnets 240 neae 8.0.0.0]32is subnetted, 1 subnets Rrésh ip route vrf B+ Routing Table: B-1 5.0.0.0/32 is subnetted, 1 subnets 6.0.0.0/32 is subnetted, 1 subnets 172.16.0.0/24 is subnetted, 4 subnets 172.16.36.0 [200/0] via 13.0.0.1, 00:04:05, 172.16.38.0 [200/0] via 13.0.0.4, 00:1 172.16.17.0 is directly connected, Serialt/2 172.16.15.0 is directly connected, 00:04:05, FastEthemeto/o 7.0.0.0/32is subnetted, 1 subnets © 7.7.7.7 [110165] via 172.16.17-7, 00:19:32, Serialt/2 8,0.0.0/32 is subnetted, 1 subnets B 8.8.8.8 [200/2297856] via 13.0.0.1, 00:15:54 rr) R5#sh ip route bgp 6.0.0.0/32 is subnetted, subnets B 6.6.6.6 [20/0] via 172.16.15.1, 00:23:58 172.16.0.0/24 is subnetted, 4 subnets B_172.16.36.0 [20/0] via 172.16.15.1, 00:23:58 B_ 172.16.38.0 [20/0] via 172.16.15.1, 00:04:36 B 172.16.17.0 [20]o] via 172.16.15-1, 00:04:36 7.0.0.0/32is subnetted, 1 subnets 8.0.0.0/32 is subnetted, 1 subnets Rs#ping 7.7-7-7 source loopback 0 Type escape sequence to abort. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 127Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds: Packet sent with a source address of 5. 5 Success rate is 100 percent (5/5), round-trip min/avgimax = 28/48/92 ms R5#ping 8.8.8.8 source loopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8. Packet sent with a source address of 5. timeout is 2 seconds: 5 Success rate is 100 percent (5/5), round-trip min/avgimax = 88/120/172 ms R3#sh ip route vrf A-2 Routing Table: A-2 5.0.0.0/32 is subnetted, 1 subnets B 5.5.5.5 [200/0] via 11.0.0.1, 00: 6.0.0.0/32 is subnetted, 1 subnets B 6.6.6.6 [20/0] via 172.16.36.6, 00:04:13, 172.16.0.0/24 is subnetted, 4 subnets 172.16.36.0 is directly connected, FastEtherneto/o 172.16.38.0 Is directly connected, 00:04:13, Serialt/2 172.16.17.0 [200]0] via 11.0.0.1, 00:04:13 172.16.5.0 [2000] via 11.0.0.1, 00:04:13 7.0.0.0/32 is subnetted, 1 subnets c B B B 8.0.0.0/32 is subnetted, 1 subnets R3#sh ip route vrf B-2 Routing Table: B-2 5.0.0.0)32's subnetted, 1 subnets 6.0.0.0/32 is subnetted, 1 subnets 172.16.0.0/24 is subnetted, 4 subnets B 172.16.36.0is directly connected, 00:04:26, FastEtherneto/o © 172.16.38.0 is directly connected, Serialt/2 B 172.16.17.0 [20/0] via 11.0.0.1, 00:04:26 B_ 172.16.15.0 [200/o] via 1.0.0.1, 00:04:26 7.0.0.0/32 is subnetted, 1 subnets B 7.7:7-7 [200/65] via 11.0.0.1, 00:04:27 8.0.0.0/32 is subnetted, 1 subnets D 8.8.8.8 [90/2297856] via 172.16.38.8, 00:18:27, Serialt/2 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 128R3#sh ip bgp vpnv4 all BGP table version is 24, local router 1D is 13.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- FRIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete ternal, Network Next Hop Metric LocPrf Weight Path Route Distinguisher{S60# (@EfSUIEfOFVEFA) *i5.5.5.5/32 Tho0.08 © 100 056001 *56.6.6.6/32 17216366 0 056001 *5i172.16.15.0/24 11.0.0 © 100 ¥51172.16.17.0)24 11.0.0 0 100 0? * 172.16.36.0/24 172.16.36.6 0 ~—-0 56001 * 0.0.0.0 © 327681 0 32768? 517.7-7-7152 65 100 0? 5 8.8.8.8/32 172:16.38.8 2297856 32768? ¥51172.16.15.0124 11.0.0 0 100 of 451172.16.17.0/24 11.0.0 © 100 0? 5 172.16.36.0)24 0.0.0.0 © 327681 5 172.16.38.0124 0.0.0.0 0 32768? RBesk route eigrp 5.0.0.0/32 is subnetted, 1 subnets DEX 55.5.5 [170/2560512256] via 172.16.38.3, 00:05:58, Serial 6.0.0.0/32 is subnetted, 1 subnets DEX 6.6.6.6 [170/2560512256] via 172.16.38.3, 00:05:38, Serialt/2 172.16.0.0/24 is subnetted, 4 subnets DEX 172.16.36.0[170/2560512256] via 172.16.38.3, 00:05:38, Serialt/2 DEX 172.16.17.0[170/2560512256] via 172.16.38.3, 00:19:29, Serialt/2 DEX 172.16.15.0 [170]2560512256] via 172.16.38.3, 00:05:38, Serialt/2 7.0.0.0/32's subnetted, 1 subnets DEX 77.7.7 [1702560512256] via 172.16.38.3, 00:1 19, Serialy/2 R8#ping 5.5.5.5 source loopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: Packet sent with a source address of 8.8.8.8 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 129Success rate is 100 percent (5/5), roundtrip minfavgimax = 72[100/128 ms RB#ping 6.6.6.6 source loopback o Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds: Packet sent with a source address of 8.8.8.8 Success rate is 100 percent (5/5), round-trip min/avgimax = 32/58/88 ms TASK: + Remove the import options configured in the previous task: Rgésh run |s vrf ipwhAa rd 50 route-target export 500:1 route-target import 500:1 _route+target import 500:2 ip vf 2 145002 route-target export 00:2 route-target import 50022 R3(config)#ip vrf A2 R3(config-vrf}#no route-target import 500:2 R3(config-vrf exit R3(config)#ip vrf B-2 R3(config-vrf}#no route-target import 50:1, R3(config-vef exit Rrésh run |s vrf ip wf At rd 500:1 route-target export 500:1 route-target import 500: “routetarget import 500:2 ip vf B4 rd 50:2 route-target export 500:2 route-target import 500:2 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 130Ri(config)ip wrt A-t Ri(config-vrf}#no route-target import 50:2 Ri(config-vrF}#texit Ri(config)#ip rf Ba Ri(config-vrf)#no route-target import 50:1 Ri(config-vrF)¥end Riésh ip route vrf A+ Routing Table: At 5.0.0.0/32 is subnetted, 1 subnets 6.0.0.0]32is subnetted, + subnets 172.16.0.0/24 is subnetted, 2 subnets B 172.16.36.0 [200/o] via 13.0.0.1, 00:07:04 C _ 172.16.15.0is directly connected, FastEtherneto/o Ri#sh ip route vré Bt Routing Table: B4 172.16.0.0/24 is subnetted, 2 subnets B 172.16.38.0 [200/o] via 13.0.0.4, 00:07:15 © 172.16.17.01s directly connected, Seriali2 7.0.0.0/32 is subnetted, 1 subnets 8.0.0.0/32 is subnetted, 1 subnets TASK: + Configure R1/R3 to ensure that Site A-1 can exchange routes from A-2 & B-2 but not from B-t Ri(config)ip rf A-t Ri(config-vrF}#route-target export 500:12 Ri(config-vrf}#route-target import 500:12 Ri(config-vrf)¥end R3(config)#ip vrf B-2 R3(config-vrf#route-target import 50:12 3(config-vrf}#route-target export 500:12 R3(config-vrt#end Résh ip route vrf At NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 om Page 131 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutionRouting Table: At 5.0.0.0/32 is subnetted, 1 subnets 5.5.5 [2010] via 172.16.15.5, 0 6.0.0.0/32 is subnetted, 1 subnets B 6.6.6.6 [200]o] via 13.0.0.1, 00:17:18 172.16.0.0/24 is subnetted, 3 subnets B 172.16.36.0 [200/o] via 13.0.0.1, 00:17:18 B 172.16.38.0 [200/o] via 13.0.0.1, 00:00:32 C 172.16.15.0 is directly connected, FastEtherneto/o 8.0.0.0/32 is subnetted, 1 subnets R3#sh ip route vrf B-2 Routing Table: B-2 5.0.0.0/32 is subnetted, 1 subnets B 5.5.5.5 [200/0] via 11.0.0.1, 00:01:24 172.16.0.024 is subnetted, 3 subnets C 172.16.38.0 is directly connected, Serialt/2 B 172.16.17.0 [200/0] via 11.0.0.4, 00:17:25, B 172.16.15.0 [20/0] via 1.0.0.1, 00:01:24 7.0.0.0/32 is subnetted, 1 subnets B 7.7.7.7 [200/65] via 11.0.0.1, 00:17:25 8.0.0.0/32 is subnetted, 1 subnets D 8.8.8.8 [90/2297856] via 172.16.38.8, 00:56:11, Serialt/2 8 Rr#sh ip bgp vpnva vrf A+ BGP table version is 44, local router ID is 11 Status codes: s suppressed, d damped, h history, * valid, > best, F RIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete ternal, Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for vrf A-t) 455.5.5.5)82 172.16.15.5 © 056001 *316.6.6.6/32 _13.0.0.1 © 100 056004 * 172.16.15.0/24. 172.16.15.5 © 056001 s 0.0.0.0 0 327681 #3i172.16.36.0124 13.0.0.1 © 100 oi ¥5i172.16.38.0124 13.0.0.1 © 100 0? R5#sh ip route bgp 6.0.0.0/32 is subnetted, 1 subnets B 6.6.6.6 [20/0] via 172.16.15.1, 00:02:21 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 132172.16.0.0/24 is subnetted, 3 subnets B 172.16.36.0 [20/0] via 172.16.15.1, 00:02:21 B 172.16.38.0 [20/0] via 172.16.15.1, 00:01:19 8.0.0.0/32 is subnetted, 1 subnets R5#ping 8.8.8.8 source loopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: Packet sent with a source address of 5.5.5.5 Success rate is 100 percent (5/5), round-trip minjavgimax = 80/101/132 ms NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 133555/32 TASK: + Continue with same Diagram and configurations done in the previous lab + Remove the import/export 500:12 configured on A-1 & B-2 Customer sites. + Ensure that respective Customer Sites (A-t with A-2 & B-1 with B-2) communicate with each other. No traffic should between Cusomter A and B. Re#sh run | s vrf ip vf At rd 50 route-target export 500:1 route-target export 500:12 route-target import 500:1 route-target import 500:12 ip vefB4 Fd 50 route-target export 500:2 route-target import 500:2 Ri(config)#ip vrf At Ri(config-vrf}#no route-target export so0:12 Ri(config-vrF)#no route-target import 500:12, NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 134i(configur)¥end R3#sh run |s vrf ip vf A rd 50:1 route-target export 500:1 route-target import 500:1 ip vrfB2 rd 50:2 route-target export 500:2 route-target export 500:12 route-target import 500:2 route-target import 500:12 R3(config)#ip vrf B-2 R3(config-vrf}#no route-target import 500:12 R3(config-vrf)#no route-target export 500:12 R3(config-vrf}#end Rrésh ip bgp vpnva vrf A+ BGP table version is 49, local router ID is 1.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, FRIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for vrf A-1) * 172.16.15.0/24 172.16.15.5, © 056001 s 0.0.0.0 0 327681 *51172.16.36.0124 13.0.0.1 © 100 oi Résh ip bgp vpnva vrf B+ BGP table version is 49, local router ID is 11.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, FRIB-ailure, S Stale Origin code: = IGP, e- EGP, ?- incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:2 (default for vrf B-t) NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 135*> 172.16.17.0124 0.0.0.0 © 32768? 451172.16.38.0124 13.0.0.1 © 100 0? Rit R3#sh ip bgp vpnva vrf B-2 BGP table version is 61, local router ID is 13.0. Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, F RIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete Network NextHop Metric LocPrf Weight Path Route Distinguisher: 50:2 (default for vrf B-2) ¥51172.16.17.0)24 11.0.0 0 100 0? > 172.16.38.0/24 0.0.0.0 © 32768? R3#sh ip bgp vpnva vrf A-2 BGP table version is 61, local router ID is 13.0. Status codes: s suppressed, d damped, h history, * valid, > best, F RIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete internal, Network NextHop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for vrf A-2) ¥51172.16.15.024.11.0.0.1 © 100 oi * 172.16,36.0/24. 172.16.36.6 © 056001 » 0.0.0.0 © 327681 TASK: * Configure Ri/R3 to exchange all routes between both Customer A &B sites. Ri(config)ip vrf Act Ri(config-vrf)#route-target import 500:2 Ri(config-vrf}#exit Ri(config)ip vrf Ba Ri(config-vrf}#route-target import 500:1 Ri(config-veF)#texit R3(config)#ip vrf A2. R3(config-vrf}#route-target import 500:2 R3(config-vef}Hexit NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 136R3(config)#ip vrf B2 R3(config-vrf)#route-target import 5oo:1 R3(config-vrf exit R3#sh ip bgp vpnv4 vrf B-2 BGP table version is 71, local router 1D is 13.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, FRIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete internal, Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:2 (default for vrf B-2) +3i7.7.7:7132 11.0.0 65 100 *>8.8.8.8/32 172.16.38.8 2297856 32768? *5i172.16.15.024 1.0.0.1 © 100 oi *5i172.16.17.0/24 11.0.0. © 100 0? #5 172.16.36.0/24 0.0.0.0 © 327681 *> 172.16.38.0/24 0.0.0.0 © 32768? R3#sh ip bgp vpnv4 vrf A-2 8G? table version is 71,local router ID is 13.0341 Status codes: s suppressed, d damped, hhistory, * valid, > best, i- internal, rRIBfallure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete Network NextHop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for vrf A-2) 4515.5.5.5/32 11.0.0.1 © 100 056001 > 6.6.6.6/32 172.16.36.6 © 056001 *51172.16.15.0/24 11.0.0 0 100 of #5i172.16.17.0/24 11.0.0.1 © 100 0? * 172.16,36.0/24. 172.16.36.6 © 056004 % 0.0.0.0 0 32768i ¥5172.16.38.0/24 0. 0 32768? Rr#sh ip bgp vpnva vrf A+ BGP table version is 59, local router ID is 11.0.3-1 Status codes: s suppressed, d damped, h history, * valid, > best, ternal, NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 137rRIBfallure, $ Stale Origin codes: i-IGP, e- EGP, ?-incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500: (default for vef A-t) *55.5,5.5)82 172.1615.5 © 056001 *316.6.6.6/32__13.0.0.1 © 100 056001 7777152 1216177 6532768? *918.8.8.8)52 13.0.0.1 2297856 100 0? * 172.16.15.0/24. 172.16.15.5 © 056001 *» 0.0.0.0 © 327681 *172.16.17.0/24 0.0.0.0 0 32768? *5i172.16.36.0/24 13.0.0.1 © 100 of *51172.16.38.0)24 13.0.0.1 © 100 0? Résh ip bgp vpnva vrf B+ BGP table version is 59, local router ID is 11, Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, r RIB-ailure, S Stale Origin codes: i-IGP, e- EGP, incomplete Network NextHop Metric LocPrf Weight Path Route Distinguisher: 500:2 (default for vrf B-t) *> 7.777132 172467.7 65—-327682 *518.8.8.8/32 13.0.0.1 2297856 100 0? #5 172.16.15.0/24 0.0.0.0 © 327681 > 172.16.17.0124 0.0.0.0 0 32768? *51172.16.36.0124 13.0.0.1 © 100 of ¥51172.16.38.0)24 13.0.0.1 © 100 0? R5#sh ip route bgp 6.0.0.0/32 is subnetted, 1 subnets B 6.6.6.6 [20/0] via 172.16.15-1, 00:09:13 172.16.0.0/24 is subnetted, 4 subnets B 172.16.36.0 [20/0] via 172.16.15.1, 00:09:13 B 172.16.38.0 [20/0] via 172.16.15.1, 00:01:53 B_ 172.16.17.0 [20]0] via 172.16.15.4, 00:08: 7.0.0.0/32s subnetted, 1 subnets 8.0.0.0/32 is subnetted, 1 subnets NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 138R7#sh ip route ospf 5.0.0.0/32 is subnetted, 1 subnets 6.0.0.0/32 is subnetted, 1 subnets 172.16.0.0/24 is subnetted, 4 subnets OED 172:16.36.0 [10/1] via 172.16.17.1, 00:02:10, Serialt!2 OE2 172:16.38.0 [10/1] via 172.16.17.1, 03:01:30, Serialt/2 OE2 172.16.15.0 [10/1] via 172.16.17.1, 00:02:10, Seriali[2 8.0.0.0/32 is subnetted, 1 subnets OE2 8.8.8.8 [110/2297856] via 172.16.17.1, 03:01:30, Serialt/2 TASK: + Add two new loopback interfaces on R5 using IP_ loopback 10 -5.5.10.5/32, loopback 11 -5.5.11.5/32 ‘* Advertise them in to BGP + Ensure that Rt should exchange these two above loopback interfaces with only sites of Customer A ( A-1/A-2) and not be seen on any site of Customer B Rs(config)# int loop 10 Re(config-if)# ip address 5.5.10.5 255.255.255.255 Rs(configif)#exit Rs(config)#int loop 11 R5(configif}# ip address 5.5.11.5 255.255.255.255 R5(configrf)exit R5(config)#router bgp 5600 R5(config-router)énetwork 5.5.10.5 mask 255.255.255.255 Rs(config-router)#network 5.5.11.5 mask 255.255.255.255 Rs(config-router)#end Ridésh ip bgp vpnva vrf At BGP table version is 61, local router ID is 11.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, FRIB-ailure, $ Stale Origin codes: i-IGP, e- EGP, ?-incomplete Network NextHop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for vrf A-1) 5551051532 17246155 0 056001 *>i6.6.6.6/3213.0.0.1 © 100 056001 *>7.7-7-7/32 — 172.16.17.7 65 32768? NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 139*518.8.8.8/3213.0.0.1 2297856 100 0? * 172.16.15.0/24.172.16.15.5 © 056001 *% 0.0.0.0 0 327681 5 172.16.17.0124 0.0.0.0 0 32768? #51172.16.36.0124 13.0.0.1 © 100 of #5i172.16.38.0)24.13.0.0.1 © 100 0? Riésh ip bgp vpnva vrf B+ BGP table version is 63, local router 1D is 11, Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, FRIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete Network NextHop Metric LocPrf Weight Path Route Distinguisher: 500:2 (default for vrf B-1) SSSA 0 056001 *516.6.6.6/32._ 13,0.0.1 © 100 056001 *>7.7-7-7132 172467.7 65_—«32768? 4518.8.8.8/32 13.0.0.1 2297856 100 0? *> 172.16.15.0124 0.0.0.0 © 327681 #5 172.16.17.0124 0.0.0.0 © 32768? #51172.16.36.024 13.0.0.1 © 100 of *5i172.16.38.0/24.13.0.0.1 © 100 0? R3#sh ip bgp vpnva vrf A-2 BGP table version is 77, local router ID is 13.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, F RIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for vrf A-2) Sissaisis2 1.0.0. © 100 056001 5 6.6.6.6/32 17216366 0-0 5600 *17.7.7-7132, 1.0.04 65 100 0? %58.8.8.8/32 172.16.38.8 2297856 32768? *i172.16.15.0/24 11.0.0. © 100 oi ¥51172.16.17.0)24 11.0.0 0 100 0? + 172.16.36.0/24 172.16.36.6 0 +0 56004 * 0.0.0.0 © 32768: NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 140*>172.16.38.0/24 0.0.0.0 0 32768? R3#sh ip bgp vpnv4 vrf B-2 BGP table version is 77, local router ID is 13.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, F RIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete Network NextHop Metric LocPrf Weight Path Route Distinguisher: 500:2 (default for vrf B-2) 915.5.5:5/32 1.0.0.1 © 100.0 5600 91554105/52 10.0.1 0 100056001 *5i5.5.11.5/32 1.0.0.1 © 100 056001 *> 6.6.6.6/32 172.16.36.6 © 056001 *517.7.7:7132 1.0.04 65 100 0? *> 8.8.8.8/32 17216.38.8 229785632768? #51172.16.15.0124. 11.0.0. 0 100 of 451172.16.17.0/24 11.0.0 0 100 0? *> 172.16.36.0)24 0.0.0.0 © 327681 #5 172.16.38.0124 0. © 32768? By default all the routers from R5 1g New Loopback interfaces) get advertised to Ri vrf A-tand then advertised to all sites of Customer A & B based on default import /export values. Reésh run| s vrf ip wf At rd 500:1 route target export 500:1 route-target import 500:1 route-target import 500:2 ip vef Ba rd 50:2 route-target export 500:2 route-target import 500:2 R3#sh run | vrf ip vrfA2 rd 500: route-target export 5001 route-target import 500:1 route-target import 500:2 ipvfB2 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 141rd 50:2 route-target export 500:2 route-target import soo: ‘+ As per the task these two new loopbacks should get advertised only between Customer A (A-4, A:2) only. + To make that possible we need to adveritse these two new loopback interfaces with new RT value (using Exportmaps).. Ri(config)#ip prefixlist CCIE seq 5 permit 5.5.10.5/32 Ri(config)#ip prefix-list CCIE seq 10 permit 5.5.11.5/32 Ri(config)#route-map CCIE permit 10 Ri(config-route-map)#match ip address prefix-list CCIE Ri(config-route-map)#set extcommunity rt 5:5 Ri(config-route-map exit Ri(config)#route-map CCIE permit 20 Ri(config-route-map)¥exit Ri(config)#ip rf A+ Ri(config-vef}#export map CCIE Ri(config-vrF)#end Rréclear ip bgp * vprv unicast Rvésh ip bgp vpnva vrf A+ BGP table version is 29, local router ID is 11.0.3-1 Status codes: s suppressed, d damped, h history, * valid, > best, I- FRIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete ternal, Network NextHop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for vrf A-t) 55555152 1724655 0056001 *55.5.10.5/32 17246155 056001 SESMEB 17216155 0 056001 4316.6.6.6/3213.0.0.1 © 100 056001 7.777132 172.1617.7 —65—«32768? ¥518.8.8.8/32 13.0.0 2297856 100 0? #5 172.16.15.0/24 0.0.0.0 0 32768 * 172.16.45.5, © 056001 ¥5172.16.17.0/24 0.0.0.0 0 32768? ¥51172.16.36.0124 13.0.0. © 100 01 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 142*5i172.16.38.0/24 1.0.0.1 0 10 0? Rrésh ip bgp vpnva vrf Bt BGP table version is 29, local router 1D is 11. Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, F RIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete Network NextHop Metric LocPrf Weight Path Route Distinguisher: 500:2 (default for vrf B-t) ¥516.6.6.6/3213.0.0.1 © 100 056001 *>7.7-7-7132_— 172.16.17.7 65 32768? ¥518.8.8.8/32 13.0.0.1 2297856 100 0? #5 172.16.15.0124 0.0.0.0 0 327681 > 172.16.17.0124 0.0.0.0 © 32768? *51172.16.36.0124 13.0.0.1 © 100 of 451172.16.38.0124 13.0.0.1 © 100 0? R3#sh ip bgp vpnva vrf B-2 BGP table version is 165, local router ID is 3.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, FRIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?-incomplete internal, Network Next Hop __ Metric LocPrf Weight Path Route Distinguisher: 500:2 (default for vrf B-2) *> 6.6.6.6/32 172.16.36.6 ° 056001 *in77712 1.0.01 65 100 0? *58.8.8.8/32 17216388 2297856 32768? *5i172.16.15.0/24 11.0.0.1 0 100 of *5i172.16.17.0/24. 11.0.0.1 0 100 0? *> 172.16.36.0/24 0.0.0.0 oO 327681 > 172.16.38.0/24 0.0.0.0 © 32768? R3#sh ip bgp vpnv4 vrf A-2 BGP table version is 165, local router ID is 3.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, FRIB-ailure, S Stale Origin codes: i-IGP, e- EGP, ?- incomplete Network NextHop Metric LocPrf Weight Path Route Distinguisher: 500:1 (default for vrf A-2) NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 143+5 6.6.6.6/32 172.16.36.6 0 056001 %i7.7.77132 1.0.04 65 100 0? > 8.8.8.8/32 172.16.38.8 229785632768? ¥51172.16.15.0124 11.0.0 © 100 of *51172.16.17.0/24 11.0.0 © 100 0? * 172.16.36.0]24 17216366 0 056004 * 0.0.0.0 © 327681 ¥5172.16.38.0/24 0. 0 32768? 3(config)#ip vrf A-2 R3(config-vrf)#route-target import s:5 R3(config-vrf)exit 3(config)tend R3#sh ip bgp vpnv4 vrf A-2 BGP table version is 169, local router ID is 13.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i- internal, r RIB-ailure, S Stale Origin codes: /-IGP, e- EGP, 2- Incomplete Network NextHop ‘Metric LocPrf Weight Path Route Distinguisher: 500: (default for vrf A-2) 4515,5,5.5/32 11.0.0. © 100 056001 *5i5.5.10.5/32 110.01 0 100056001 *3i5.5.115/32, 1.0.01 0 100056001 *56.6.6.6/32 172.16.36.6 0-0 56001 *517.7.7.7132_ 1.0.0.4 65 100 0? %58.8.8.8)32 172.16.38.8 2297856 32768? *5172.16.15.0124 11.0.0. © 100 oi ¥5i172.16.17.0224 11.0.0. © 100 0? * 172.16.36.0]24 172:1636.6 0 +0 56004 » 0.0.0.0 © 327681 *5172.1638.0/24, 0.0.0.0 0 32768? R3#sh ip bgp vpnv4 vrf B-2 BGP table version is 169, local router ID is 13.0.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i internal, F RIB-ailure, S Stale Origin codes: i-IGP, ¢- EGP, ?- incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 500:2 (default for vrf B-2) 4515.5.5.582 1.0.0.1 © 100 056001 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 144*>6.6.6.6/32 172.16.36.6 © 056004 *sin777]2 1.0.01 65 100 0? *58.8.8.8/32 17216388 2297856 32768? *5i172.16.15.0/24 11.0.0.1 0 100 of *51172.16.17.0/24 11.0.0.1 0 100 0? *5172.16.36.0124 0. *> 172.16.38.0/24 0. ° 0 327681 ° 0 32768? NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 145Configure Basic setup for VPN labs: Joop 0 2222/32 109 werieezons R2 5002/24 oop 9 1111/32 Joop 0 . 3/32 33332 192168.3.0/24 30/0 00 mt 1501/24 as2iea..0/24 Ri(config)# int so/o Ri(config.if}# ip address 15.0.0.1 255.255,255.0 Ri(config.if}# no shutdown Ri(config.if}# exit Ri(config)# int loop 0 Ri(configiif}# ip address 1.1.1 255.255.255.255 Ri(config.if)# exit Ri(config)# int foo Ri(config-if}#ip address 192.168.1.1 255.255.255.0 Ri(config.if}# no shutdown Ri(config-if)# exit 2(config)# int foo R2(configif}# ip address 192.168.2.2 255.255.255.0 R2(config-f}# no shutdown Ra(config-f}# exit Ra(config)# int so/o Ra(configif}# ip address 25.0.0.2 255,255.255.0 Ra(config-if}# no sh Ra(config-if}# exit Ra(config)# int loop Ra(configrif}# ip address 2.2.2.2 255.255.255.255 Ra(config-f}¥end R3(config)# int fo/o R3(configcif}# ip address 192.168.3.3 255.255.255.0 R3(config.if}# no sh NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 146R3(config.if}# exit R3(config)# int loop 0 R3(config:f}# ip address 3.3.3.3 255.255.255.255 R3(config.f}# exit R3(config)# int so/o R3(config:if)¥end Rq(contig)# int fofo Ra(contig:if# ip address 192.168.4.4 255.255.255.0 Ra(configif}# no sh Ra(configif}# exit Ra(config) int loop 0 Ra(config-if}# ip address 4.4.4.4 255.255.255.255 Ra(config:if}# exit Ra(config)# int so/o Ra(configf)# ip address 45.0.0.4 255.255.255.0 Ra(configif}# no sh Ra(contig.if)# Ra(contig.if}¥end int soft if}# ip address 15.0.0.5 255.255.255.0 R5(config-f}# int so/2 R5(config:if}¥ ip address 5.0.0.5 255.255.255.0 R5(config-if}# no sh R5(config:if}# exit R5(config)# int so/3 R5(config-if}# ip address 35.0.0.5 255.255.255.0 R5(config:f}# no sh R5(config.f}# exit R5(config)# int sola R5(config:f}# ip address 45.0.0.5 255.255.255.0 R5(config:if}# no sh R5(config-f}#end R5(config)#int loop 0 R5(config:f}# ip address 5.5.5.5 255.255.255.255 R5(config:if}# exit Ri/R2/R3/R4 Ri(config}#ip route 0.0.0.0 0.0.0.0 0/0 Ri(config}#exit 5(config)# ip route 1.1.1.1 255.255.255.255 so/t R5(config) ip route 192.168.1.0 255.255.255.0 soft NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 147R5(config)# ip route 192.168.2.0 255.255.255.0 50/2 S(config)# ip route 2.2.2.2 255.255.255.255 $0/2 5(config)# ip route 192.168.3.0 255.255.2550 so/3 Rg(config)# ip route 3.3.3.3 255.255.255.255 50/3 )# ip route 192.168.4.0 255.255.255.0 50/4 )# ip route 4.4.4.4 255.255.255.255 50/4 s(config)¥end Rs#ping 192.168.141 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax = 1/67/144 ms Rs#ping 192.168.2.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax = 1/53/136 ms Rséping 192.168.3,3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.3, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip minjavgimax = 8/54/148 ms Rs#ping 192.168.4.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.4.4, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip minjavg/max = 4/33/72 ms NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 148GRE (Generic Routing Encapsulation) VPN over Internet NA, > GRE » DMVPN » Ipsec VPN NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 149Generic Routing Encapsulation(GRE) MOA. » isused when packets need to be sent from one network to another over the Internet or an insecure network. > tunneling protocol developed by Cisco » Support encapsulation of a wide variety of network layer protocols inside poi point links.(rmultcast and IPv6 ) » a GRE tunnel are not encrypted > GRE tunnels are much easier to configure, I(config)Fintert 112 Son (config)finterface tunnel i i#ip address 10.0.12.1 255.255.255.0 GRE Configuration i#tunnel source 15.0.0.1 Be if}#tunnel destination 25.0.0.2 Ra saimiaare R2{config)# int tunnel 12 R2(config-iN# ip address 10.0.12.2 255.255.255.0 cael R2(config-if}# tunnel source 25.0.0.2 R2{configrif)# tunnel destination 15.0.0.1 o R2{configi# exit R2{(confighend NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 150Default Lab setup NA. 070 00 at isa asaieszars “081% Drawbacks of GRE NA. + Clase GRE tunnel is point-to-point + Manual tunnels Not scalable. (100 end points we need to build 99 tunnels) No encryption. anim Stati IP on all end points. 510 oo at 1880 waietioat “081% Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 151LAB : GRE POINT TO POINT TUNNEL GRE tunnel uses a ‘tunnel’ interface - a logical interface configured on the router with an IP address where packets are encapsulated and decapsulated as they enter or exit the GRE tunnel. loop 0 2223/32 10/0 192168.2.0/24 R 0/0 95002724 loop 0 soa LaLa, 0p 0 133.3/32 33332 30/0 192.168.3.0/24 £00 RI 15.0.0:1/24 soo 192.168.1.0/24 35.003/24 Rs oop aaaapz sor 45004724 10 92.168.4.0/24 RS Resping 25.0.0.2 source 15.0.0.1 ‘Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 25.0.0.2, timeout is 2 seconds: Packet sent with a source address of 15.0.0.1 Success rate is 100 percent (5/5), round-trip min/avgimax = 4/36/88 ms Ri(config)#interface tunnel 12 Ri(config-if}#ip address 10.0.12.1 255.255.255.0 Ri(config-i}tip mtu 1400 Ri(config-if}tip tep adjust-mss 1360 Ri(config.if}#tunnel source 15.0.0.1 Ri(config.if}#tunnel destination 25.0.0.2 Ri(config-if)#exit + All Tunnel interfaces of participating routers must always be configured with an IP address that is not used anywhere else in the network. * Each Tunnel interface is assigned an IP address within the same network as the other Tunnel interfaces. Since GRE is an encapsulating protocol, we adjust the maximum transfer unit (mtu) to 1400 bytes and maximum segment size (mss) to 1360 bytes. Because most transport MTUs are 1500 bytes and we have an added overhead because of GRE, we must reduce the MTU to account for the extra overhead. A setting of 1400 is a common practice and will ensure unnecessary packet fragmentation is kept to a minimum. ‘We define the Tunnel source, which is R1’s public IP address, and destination ~ R2’s public IP address NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 152Ra(config)# int tunnel 12 Ra(config-if}# ip address 10.0.12.2 255,255.255.0 Ra(config:f}# ip mtu 1400 .2(configif}# ip tep adjust-mss 1360 Ra(configcif}# tunnel source 25.0.0.2 ( 2 Ra(config-f}# tunnel destination 15.0.0.1 Ra(config-if}# exit Ra(config)vend Ro#ping 10.0.12.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.12.1, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip minavgimax = 60/74/84 ms Rosh ip int brief | ex unas Interface IP-Address OK? Method Status Protocol FastEthemetoo 192.168.2.2_ YES manual up up Serialolo 25.0.0.2 YES manual up up Loopbacko 2.222 YES manual up up Tunneli2 10.0.12.2 YESmanual up up TASK: Ri(config)#router eigrp 100 Ri(config-router)#no auto-summary Ri(config-router)#network 10.0.12.0 0.0.0.255 Ri(config-router)#network 192.168.1.0 Ri(config-router)#exit Ra(config)#router eigrp 100 Ra(config-router)#no auto-summary R2(config-router)#network 10.0.12.0 0.0.0.255 R2(config-router)#network 192.168.2.0 Ra(config-router)#exit Rosh ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num © 10.0.124 Tur 1200:00:20 158 5000 0 3 Ra#sh ip route eigrp DI 193:68:80/34 [901297270016] via 10.0.2, 00:00:25, TREN Rae Ra¥ping 192.168.1.1 source foo Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: Packet sent with a source address of 192.168.2.2 Success rate is 100 percent (5/5), round-trip min/avgimax = 32/95/200 ms NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 153* Now both networks are able to freely communicate with each over the GRE Tunnel. * GRE isan encapsulation protocol and does not perform any encryption. + Creating a point-to-point GRE tunnel without any encryption is extremely risky as sensitive data can easily be extracted from the tunnel and viewed by others. * For this purpose, we use IPSec to add an encryption layer and secure the GRE tunnel. This provides us with the necessary military-grade encryption and peace of mind. TASK: configure Point to point GRE tunnels between R1-R3 & R-R4 Ri#ping 35.0.0.3 source 15.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 35. 9.0.3, timeout is 2 seconds: Packet sent with a source address of 15.0.0.1 Success rate is 100 percent (5/5), round-trip min/avgimax = 12/40/72 ms Ri(config)#int tunnel 23 Ri(config-if}#ip address 10.0.13.1 255.255.255.0 Ri(config.if}# ip mtu 400 Ri(config.if)# ip tep adjust-mss 1360 Ri(config.if)# tunnel source 15.0.0.1 Ri(config-if}# tunnel destination 35.0.0.3 Ri(config.if}#enit Ri(config}# int tunnel 14 Ri(config:if}# ip address 10.0.14.1 255.255.255.0 Ri(config-if}# tunnel source so/o Ri(config.if}# tunnel destination 45.0.0.4 Ri(configiif)# ip mtu 1400 Ri(config.if}# ip tep adjust-mss 1360 Ri(config.if}#end Résh ip int brief | ex unassign Interface IP-Address OK? Method Status Protocol FastEthemetoo —192.168.1.1_ YES manual up up Serialolo 5.0.0.1 YES manual up up Loopbacko tata YES manual up up Tunnelt2 10.0.124 YES manual up up Tunnelig 10.0.14.1 YES manual up up Tunnel23 10.0.13.1 YES manual up up 3(config)#int tunnel 31 if}# tunnel source so/o 3(config:if}# tunnel destination 15. R3(config:f)¥ ip address 10.0.13.3 255,255.255.0 R3(config.if}# ip mtu 1400 3(config:f}# ip tep adjust-mss 1360 R3(config:f}# e: NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 154Ra(config)# int tunnel 41 Ra(configif)# ip address 10.0.14.4 255.255.255.0 Ra(configf)# tunnel source solo Ra(configif}# tunnel destination 15.0.0.1 Ra(config.if}# ip mtu 1400 Ra(contig:if)# ip tep adjust-mss 1360 Ra(config.if}#end Résh ip int brief | ex unassign Interface IP-Address OK? Method Status Protocol FastEtherneto/o —_192.168.1.1._ YES manual up up Serialofo 15.0.0.1 YES manual up up Loopbacko tata YES manual up up Tunneli2 10.0.121 YES manual up up Tunnelig 10.0.14.1. YES manual up up Tunnel23 10.0.1341 YES manual up up Reéping 10.0.12.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.12.2, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip minjavgima: 52178192 ms Re#ping 10.0.13.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.13:3, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax = 4/79/144 ms Re#ping 10.0.14.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.14.4, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax = 4/81/132 ms Ri(config)#router eigrp 100 Ri(config-router}#network 10. Ri(config-router)#network 10. Ri(config-router)#exit R3(config)#router eigrp 100 R3(config-router)#no auto-summary 3(config-router)#network 192.168.3.0 3(config-router)#network 10.0.13.0 0.0.0.255 R3(config-router}#exit, Rq(config)#router eigrp 100 Ra(config-router}éno auto-summary Ra(configrouter)énetwork 192.168.4.0 Ra(configrouter}énetwork 10.0.14.0 0.0.0.255 } Ra(config-router}#exit NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 155Riésh ip eigrp neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (Sec) (ms) Cnt Num 2 10.0.14.4 Tug 11.00:00:13 151 5000 0 3 + 10.03.3 Tu23 14 00:00:38 250 5000 0 3 © 10.0.2.2 Tur2 —_13.00:05:56 284 5000 0 8 Rvésh ip route eigrp D_ 192.168.4.0/24 [90/297270016] via 10.0.14.4, 00:00:26, Tunneli4 D_ 192.168.2.0/24 [90/297270016] via 10.0.12.2, 00:06:09, Tunnelt2 D_ 192.168.3.0/24 [90/297270016] via 10.0.13.3, 00:00:51, Tunnel23, Risping 192.168.2.2 source 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds: Packet sent with a source address of 192.168.1.1 Success rate is 100 percent (5/5), round-trip min/avgimax = 4/48/96 ms Rifping 192.168.3.3 source 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.3, timeout is 2 seconds: Packet sent with a source address of 192.168.1-1 Success rate is 100 percent (5/5), round-trip min/avgimax = 16/53/112 ms Rifping 192.168.4.4 source 192,168.11 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.4.4, timeout is 2 seconds: Packet sent with a source address of 192.168.1.1 Success rate is 100 percent (5/5), round-trip min/avgimax = 20]76/124 ms Rasping 192.168:3.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.3.3, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax = 120/164/204 ms Radtrace 192.168.3.3 Type escape sequence to abort. Tracing the route to 192.168.3.3 110.0.14.1 100 msec 72 msec 4 msec 2 10.0.13.3 192 msec * 208 msec NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 156A. Dynamic Multi-point VPN NHRP Multipoint GRE Drawbacks of GRE MOA. + Clasie GRE tunnel is point-to-point + Manual tunnels » Not scalable. (100 end points we need to build 99 tunnels) + No encryption. Static IP on all end pons. Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 157Dynamic Multi Point VPN XA, » Introduced by Cisco in late 2000. » This technology has been developed to address needs for ‘automatically created VPN tunnels when dynamic IP ‘addresses on the spokes are in use. » This is pure Hub-and-Spoke topology where all branches may communicate with each ‘other securely through the Hub. > MGRE interfaces do not have a tunnel destination » keeping costs low, minimizing configuration complexity and increasing flexibility. DMVPN is combination of the following technologies: Multipoint GRE (mGRE) Next-Hop Resolution Protocol (NHRP) Dynamic Routing Protocol (EIGRR, RIP. OSPF, BGP) Dynamic IPsec encryption Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 158» No tunnel destination » Uses Tunnel source and tunnel mode (mGRE) » Tunnels can have many end points using single tunnel interface). » The end points can be configured as gre or mgre » Mapping is done by NHRP protocol NHRP » Next Hop resolution protocol > Maps the tunnel IP with NBMA address (public IP)(static or dynamic) » Provides layer 2 address resolution protocol and caching services ( similar to ARP and. inverse ARP) » Alli does is building a dynamic database stored on the hub wit spokes’ IP addresses, information about Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 159NHRP MOA. » Routers can be configured as Next hop servers (NHS) Next hop Clients (NHC) » NHS acts as mapping agent and stores all registered mappings. » NHC send query to the NHS if they want to communicate with another NHC. » NHS reply to queries made by NHC. NHRP messages 0 milton NHRP registration request Spoke register with NBMA end tunnel IP to Next hop server Required to build spoke to Hub Tunnels Se NHRP resolution request * Spoke query for NEMA and tunnel IP of other spokes. Required to build spoke to spoke Tunnel NHRP redirect Server answers spoke to spoke dataplane packet through it Used in dmvpn phase3 to bulld spoke to spoke tunnels. (needed if we have spoke to spoke tafe) Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 160DMVPN : Advantages Simplified Hub Router Configuration. Full Support for Spoke Routers with Dynamic IP Addressing. Dynamic Creation of Spoke-to-Spoke VPN Tunnels > Lower Administration Costs + Optional strong Securty with IPSec. anittiod! DMVPN Phase Phase 1 eos, 2. Phase 2 nite > Phase 3 Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution com Page 161DMVPN Phase 1 XA.. Not used now a days GRE on the hub and P2P GRE on the spokes, a NHRP needed for spoke to regiter Fy with Hub. ry la No Spoke to Spoke tunnels. ifr! "Stim 5 Simple Hub and Spoke topology were dynamic IP addresses on the spokes in may be used. All your traffic goes through the hub. ee 1. An MGRE tunnel on the hub 2. A standard GRE tunnel on the spokes (P2P) 3. Arrouting protocol on the hub that sets next-hop-self DMVPN Phase 2 & 3 NA. DMVPN Phase 2: ae » Hub and Spokes are configured as multipoint GRE. > Spoke to spoke tunnels are created. 8% rf tgs > NHRP required for spokes to register ee an to Hub. witha! ae > NHRP required for spokes to spoke resolution DMVPN Phase 3: + Hub and Spoke with Spoke to Spoke direct communication allowed + with better scalability using NHRP Redirects. NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 162DMVPN Phase 1 OA. Static NHRP Configuration i BS-2 iconv neu t254 Rowse eater 0001 2552552550 Reon ga tne sures (config? tunnel mode gre multipoint FR, Ronfgsinsip hep networked saitiact se, Ri(configifip nhep map 10.0.0.2 25.002 pon Ri(eonig:ifip nhep map 10.0.03 35.0.0.3 Ri(contigi}tip nhrp map 10.0.04 45.0.04 —_pafeonsigafa nt tunnel 1234 ™ R2(config-f}# ip address 1.0.0.3 255.255.255.0 R2(confgiN# tunnel source 35.0.0.3, R2(config-f}# tunnel destination 15.0.0.1 R2(config:N# Ip nbrp networkid 3 2{config:ip nhep map 10.0.0.115.0.0.1 Ra(configsfitent LAB: DMVPN Phase t static Mapping: oop 0 222272 foro 192168.2.0/24 m2 S00 95002724 oop 0 302 111/32, oop 0 3333/32 so/o £00 RI 15.0.0.1/26 192:168.1.0/24 TASK: Basic lab setup: * Configure DMVPN phase t on Rt/R2/R3/R4. + Rtshould be configured as Hub and R2/R3/R4 will be configured as spokes. * Use tunnel IP address 10.0.0.x/24. * Ensure that all the sites should have reachability to tunnel end points. * For NHRP use Static Mapping. NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 163Ri(config)# int tu 1234 Ri(config.if}# ip address 10.0.0.1 255.255.255.0 Ri(config.if}# tunnel source so/o Ri(config.if}# tunnel mode gre multipoint Ri(configiif}* + Tunnel destination command been replaced with the tunnel mode gre-multipoint command, which designates this tunnel as a multipoint GRE tunnel. Ri(config.if}#ip nhrp networkid 1 Enabling NHRP on an Interface + The NHRP network ID is used to define the NHRP domain for an NHRP interface and differentiate between multiple NHRP domains or networks, when two or more NHRP domains (GRE tunnel interfaces) are available on the same NHRP node (router). ‘* The NHRP network ID is used to help keep two NHRP networks (clouds) separate from each other when both are configured on the same router. + The NHRP network ID is @ local only parameter. Its significant only to the local router and itis not transmitted in NHRP packets to other NHRP nodes. For this reason the actual value of the NHRP network 1D configured on a router need not match the same NHRP network ID on another router where both of these routers are in the same NHRP domain, As NHRP packets arrive on a GRE interface, they are assigned to the local NHRP domain in the NHRP network ID that is configured on that interface. * Note This method of assigning a network ID is similar to the Open Shortest Path First (OSPF) concept of process ID in the router ospf id command. if more than one OSPF process is configured, then the OSPF neighbors and any routing data that they provide is assigned to the OSPF process (domain) by which interfaces map to the network arguments under the different router ospf id configuration blocks. © We recommend that the same NHRP network ID be used on the GRE interfaces on all router that are in the same NHRP network. Itis then easier to track which GRE interfaces are members of which the NHRP network. Ri(config.if}#ip nhrp map ? ABCD IPaddress of destination multicast Use this NBMA mapping for broadcasts/multicasts Ri(config-if}#ip nhrp map 10.0.0.2 25.0.0.2 Ri(config.if}#ip nhrp map 10.0.0.3 35.0.0.3 Ri(config.if}fip nhrp map 10.0.0.4 45.0.0.4 Ri(configif}fend + The above commands configure static IP-to-NBMA address mapping on the station. Ridsh ip nhrp 10.0.0.2/32 via 10.0.0.2, Tunnel1234 created 00:09:07, never expire Type: static, Flags NOA solutions,N.K Arcade, 2nd & 3rd floor Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution: om Page 164NBMA address: 25.0.0.2 10.0.0.3/32 via 10.0.0.3, Tunnelt234 created 00:08:58, never expire Type: static, Flags NBMA address: 35.0.0.3, 10.0.0.4/32 via 10.0.0.4, Tunneli234 created 00:08:49, never expire Type: static, Flags: NBMA address: 45.0.0.4 DMVPN Phase Not used now a days - _ MGRE on the hub and P2P GRE on the spokes. - _NHRP needed for spoke to register with Hub. No Spoke to Spoke tunnels. ‘Simple Hub and Spoke topology were dynamic IP addresses on the spokes may be used. All your traffic goes through the hub. ‘The differentiating components of Phase 1 are: ‘An MGRE tunnel on the hub A standard GRE tunnel on the spokes A routing protocol on the hub that sets next hop-self Ra(config-if}# int tunnel 1234 Ra(configcif}# ip address 10.0.0.2 255.255.255.0 Ra(config-f}# tunnel source 25.0.0.2 Ra(config-f}# tunnel destination 15.0. Ra(configcif}# ip nhrp network-id 2 Ra(configcif}#ip nhrp map 10.0.0.1 15.0.0.1 Ra(config-if}#exit Ra¥sh ip nhrp 10.0.0.1132 via 10.0.0.1, Tunneli234 created 00:04:11, never expire Type: static, Flags: NBMA address: 15.0.0.1 Ra¥ping 10.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax = 4/29/60 ms TASK: Configure R3/R4 spokes P2P Gre with Hub (Rt) (DMVPN phaset) R3(config-if}# int tunnel 1234 R3(configcif}# ip address 10.0.0.3 255.255.255.0 R3(config-f}# tunnel source 35.0.0.3, R3(config:if)# tunnel destination 15.0.0.1 R3(config:f)# ip nhrp network-id 3 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution: om Page 1653(config-f}#ip nhrp map 10.0.0.1 15.0.0.1 R3#sh ip nhrp 10.0.0.1/32 via 10.0.0.1, Tunneli234 created 00:00:11, never expire Type: static, Flags: NBMA address: 15.0.0.1 R3#ping 10.0.0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax = 12/65/124 ms R3#ping 10.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10. .2, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax 16/54/120 ms. R3#traceroute 10.0.0.2 Type escape sequence to abort. Tracing the route to 10.0.0.2 110.0.0.1 68 msec 60 msec 8 msec 210.0.0.2 92 msec * 116 msec Ra(config)#int tu 1234 Ra(configif)# ip address 10.0.0.4 255.255.255.0 Ra(configif)# tunnel source so/o Ra(configif)# tunnel destination 15.0.0.1 Ral Ra( Ral configif}# ip nhrp network-id 4 configif)# ip nhrp map 10.0.0.115.0.0.1 configif)#end Raash ip nhrp 10.0.0.1/32 via 10.0.0.1, Tunnelt234 created 00:00:16, never expire Type: static, Flags: NBMA address: 15.0.0.1 Rq#traceroute 10.0.0.3 Type escape sequence to abort. Tracing the route to 10.0.0.3 110.0.0.1 100 msec 108 msec 64 msec .3 6B msec * 156 msec Rg#traceroute 10.0.0.2 Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions.com Page 166 210.Type escape sequence to abort. Tracing the route to 10.0.0.2, 110.0.0.1 164 msec 84 msec 8 msec 210.0.0.2. 44 msec * 128 msec NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 167DMVPN Phase 1 NA. Dynamic NHRP Configuration RU(confg)# int tw 1234 Al(config-i}# Ip address 10.0.0.1 255.255.255.0 U(config-}# tunnel source 5/0 ‘eo, l(configif tunnel mode gre multipoint Ri(configsifip nhep networkid 1 R2{congciNA int tunnel 1234 eon” Ratcontgi ipaddras 10.003 255.255.255.0 %*°*™ R2(configiNA tunnel source 35.0.0.3 R2(config-i# tunnel destination 15.0.0.1 R2{confgiN# Ip nhep nhs 10.0.0. R2(conigiN# Ip nbrp networkid 3 R2(config:ip nhep map 10.0.0.115.0.0.1 R2(config:itexit LAB: DMVPN phase using NHRP Dynamic Mapping: oop 0 2222/2 for0 192168.2.0/24 m2 0/0 95.002/24 oop 0 302 111/32, oop 0 233322 s0/0 192168.3.0/24 $00 mi 15001/24 192168.1.0/24 TASK: - Continue with same lab and remove the tunnel configured (tunnel 1234) Reconfigure DMVPN phase 1 tunnel using NHRP dynamic mapping. on Ry/R2/R3/R4 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 168x(config)# no int tunnel 1234 Ri(config)# int tu 1234 Ri(config.if}# ip address 10.0.0.1 255.255.255.0 Ri(configiif}# tunnel source 15.0.0.1 Ri(configiif}# tunnel mode gre multipoint Ri(config.if)# ip nhrp networkid 1 Ri(config.if}fexit * Hub can be configured to do dynamic mapping of NBMA to tunnel IP for all spokes more scalable than configuring hub static mappings ( done in the previous lab) there is no need to manually add mapping for new spokes as hub dynamically learns mapping information of newly added spokes + Aslong.as NHRPis enabled on tunnel interface dynamic mapping happen automatically. Configuration on Spokes: Ra(config)# int tu 1234 Ra(configcif}# ip address 10.0.0.2 255.255.255.0 Ra(config-f}# tunnel source so/o Ra(config-f}# tunnel destination 15.0.0.1 Ra(configif}# ip nhrp network-id 2 Ra(configif}# ip nhrp nhs 10.0.0.1 Ra(config-f)# ip nhrp map 10.0.0.115.0.0.1 Ra(configif}¥exit How Dynamic Mapping works: * Spoke initally must register with its own NBMA and tunnel IP to Next hop server (Ri) (NHRP registration request) + This allows the Hub routers to build Spoke to Hub Tunnels. * Spoke routers must be configured with IP address of NextHop Server or else the spokes will not come to know where to register. + Spokes must also be configured with tunnel ip address of the Hub, and also the manual mapping of tunnel - NBMA address. Ro#ping 10.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip minjavgima) 8/40/96 ms Ra#sh ip nhrp 10.0.0.132 via 10.0.0.1, Tunnelt234 created 00:07:33, never expire Type: static, Flag NBMA address: 15.0.0.1 NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 1693(config)#int tunnel 1234 3(config:if)}fip address 10.0.0.3 255.255.255.0 R3(configif}# tunnel source Serialolo 3(configcif}# tunnel destination 15.0.0.1 3(config-f}# ip nhrp network-id 3 R3(config-if)# ip nhrp nhs 10.0.0.1 R3(config-if}#ip nhrp map 10.0.0.1 15.0.0.1 R3(config:if}#end R3#ping 10.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax = 8/30/80 ms R3#ping 10.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax = 16/88/180 ms R3#sh ip nhrp 10.0.0.1/32 via 10.0.0.1, Tunneli234 created 00:01:38, never expire Type: static, Flags: NBMA address: 15.0.0.1 Ra(config)# int tu 1234 Rq(configif)# ip address 10.0.0.4 255.255.255.0 Ra(configif)# tunnel source solo Ra(configif)# tunnel destination 15.0.0.1 Ra(config:if)# ip nhrp network-id 1 Ra(configif)# ip nhrp nhs 10.0.0.1 Ra(configif)# ip nhrp map 10. Ra(configif}# exit 115,0.0.1 Raash ip nhrp 10.0.0.1/32 via 10.0.0.1, Tunneli234 created 00:00:20, never expire Type: static, Flags: NBMA address: 15.0.0.1 Raaping 10.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 170Success rate is 100 percent (5/5), round-trip minjavgimax = 4/41/10 ms Ra#ping 10.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10. 2, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax Radping 10.0.0.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10. 16/38/104 ms 3, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax 16/52/124 ms. Rq#traceroute 10.0.0.3 Type escape sequence to abort. Tracing the route to 10.0.0.3, 110.0.0.1 84 msec 64 msec 24 msec 2 10.0.0.3 32 msec * 40 msec NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 171DMVPN Phase 2 & 3 NA. DMVPN Phase 2: Hub and Spokes are configured as multipoint RE. Bin + Spoke to spoke tunnel are rae 1 NHR rece for pokes to reir Hub "NHR reeled for potest Spoke moMton ER mitted DMVPN Phase 3: » Hub and Spoke with Spoke to Spoke direct communication allowed with better sealablity using NHRP Redirects. DMPVN Configuration Phase 2 (Static Mapping) NEA, : ng (oot tt 1234 LB 2% Ri(contgi ipaddtes 10.001 255.255.255.0 aitatare l(confg¥ tunnel source 50/0 ifconfig tunel mode gre mukipoint oe font nip ewok ae nitane Afonfe:sp hyp map 10002 25.002 icontgibfpanpmap 0003 35.003 {config int tunne1234 “ alco Ipaddress10.0.02255.255.255.0, Ra{conig# tunnel source 10/0 Ra(conis# tunnel mode gre mutipoint Ra(conti:t# Ip nhypnetworkid2 Ra{config ip akypmap 10.00115.001 Ratcontizine ipnhrpmap 10.003 33.003 a(conigs# Ipniyp map 10.00445.004 Noa solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 172LAB: DMVPN Phase-2 using Static Mappings: loop 0 2223/32 foro 192.168.20/24 Rm “ojo $5002/24 loop 0 3072 11/32 loop 0 333/32 33. i S070 192.168:3.0/24 £00 wt rs001/28 sa 192.68.1.0/24 35.003/24 ws loop 0 aaaan2 so asana28 010 02168.4.0/24 RA TASK: + Remove the tunnel configurations on all routers. * Reconfigure DMVPN phase 2 where Rt is the Hub, and R2/R3/R4 will be spokes. * Use Ip addressing 10.0.0.x/24 and ensure that all tunnel end points should be able to reach each other. * Use static Mappings. DMVPN Phase 2: Hub and Spokes are configured as multipoint GRE. * Spoke to spoke tunnels are created * HRP required for spokes to register to Hub. * HRP required for spokes to spoke resolution Ri(config)# int tunnel 1234 Ri(config.if}# ip address 10.0.0.1 255.255.255.0 Ri(configif}# tunnel source 15.0.0.1 Ri(configif)# tunnel mode gre multipoint Ri(config.if}# ip nhrp network-id 1 Ri(config.if}fip nhrp map 10.0.0.2 25.0.0.2 Ri(config.if}# ip nhrp map 10.0.0.3 35.0.0.3, Ri(config.if}# ip nhrp map 10.0.0.4 45.0.0.4 Ri(config.if}#exit Ra(config)# int tunnel 1234 Ra(configcif}# ip address 10.0.0.2 255.255.255.0 Ra(configcif}# tunnel source so/o NOA solutions,N.K Arcade, 2nd & 3rd floor,Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 173Ra(config-f}# tunnel mode gre multipoint Ra(config-f}# ip nhrp networkid 2 Ra(config.if}# ip nhrp map 10.0.0.115.0.0.1 Ra(config:f}# ip nhrp map 10.0.0.3 35.0.0.3 Ra(configcif}# ip nhrp map 10.0.0.4 45.0.0.4 Ra(config-f}#exit Ra¥sh ip int brief | in Tu Tunneli234 0.0.02 YES manual up up R3(config)#int tunnel 1234 R3(config:if)# ip address 10.0.0.3 255.255.255.0 R3(config:f}# tunnel source so/o R3(config-f}# tunnel mode gre mul R3(config.if}# ip nhrp network-id 3 R3(config.if}# ip nhrp map 10.0.0.115.0.0.1 R3(config:if}# ip nhrp map 10.0.0.2 25.0.0.2 if}# ip nhrp map 10.0.0.4 45.0.0.4 R3(config:f}# exit Ra(config)# int tunnel 1234 Ra(configif}# ip address 10.0.0.4 255.255.255.0 Ra(configif}# tunnel source so/o (configif}# tunnel mode gre multipoint ( ( ( ( ( configif)#_ ip nhrp network-id 4 Ra(configif}# ip nhrp map 10.0.0.115.0.0.1 Ra(configif}# ip nhrp map 10.0.0.2 25.0.0.2 Rq(configif)# ip nhrp map 10.0.0.3 35.0.0.3 Ra(configif)# Raash ip nhrp 10.0.0.1/32 via 10.0.0.1, Tunneli234 created 00:00:53, never expire Type: static, Flags: NBMA address: 15.0.0.1 10.0.0.2/32 via 10.0.0.2, Tunnelt234 created 00:00: Type: static, Flag NBMA address: 25.0.0.2 10.0.0.3/32 via 10.0.0.3, Tunnel1234 created 00:00:53, never expire Type: static, Flags: NBMA address: 35.0.0.3, 3, never expire Ridsh ip nhrp 10.0.0.2/32 via 10.0.0.2, Tunnel1234 created 00:07:41, never expire Type: static, Flags: NBMA address: 25.0.0.2 10.0.0.3/32 via 10.0.0.3, Tunnelt234 created 00:07:35, never expire Type: static, Flags: NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution: om Page 174NBMA address: 35.0.0.3, 10.0.0.4/32 via 10.0.0.4, Tunneli234 created 00:07:29, never expire Type: static, Flag NBMA address: 45.0.0. Ra¥sh ip nhrp 10.0.0.132 via 10.0.0.1, Tunnelt234 created 00:02:49, never expire Type: static, Flags: NBMA address: 15.0.0.1 10.0.0.3/32 via 10.0.0.3, Tunnel1234 created 00:0: Type: static, Flags: NBMA address: 35.0.0.3, 10.0.0.4/32 via 10.0.0.4, Tunnelt234 created 00:04:59, never expire Type: static, Flag: NBMA address: 45.0.0.4 never expire Ro¥sh dmvpn Legend: Attrb > S -Static, D - Dynamic, |- Incomplete N-NATed, L- Local, X-No Socket # Ent > Number of NHRP entries with same NBMA peer Tunneli234, Type:Spoke, NHRP Peers:3, # Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb 1 15.0.0.1 0.0.0.1 NHRP_ neverS 1 35.0.0.3 10.0.0.3 NHRP_ never S 1 45.0.0.4 10.0.0.4 NHRP_ never S R3#sh ip nhrp 10.0.0.132 via 10.0.0.1, Tunnelt234 created 00:03:25, never expire Type: static, Flags: NBMA address: 15.0.0.1 10.0.0.2/32 via 10.0.0.2, Tunnel1234 created 00:03:25, never expire Type: static, Flags: NBMA address: 25.0.0.2 10.0.0.4/32 via 10.0.0.4, Tunnelt234 created 00:03:25, never expire Type: static, Flags: NBMA address: 45.0.0.4 R3¥sh dmvpn Legend: Attrb -> $ -Static, D - Dynamic, |- Incompletea N-NATed, L- Local, X-No Socket # Ent > Number of NHRP entries with same NBMA peer Tunnel1234, Type:Spoke, NHAP Peers:3, #Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attr NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 1751 15.0.0.1. 0.0.0.1 NHRP_ neverS 1 25.0.0.2 10.0.0.2 NHRP_neverS 1 45.0.0.4 10.0.0.4 NHRP_ never S R3#ping 10.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax = 8/66/160 ms R3#ping 10.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10. .2, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax = 8/36/112 ms R3#ping 10.0.0.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10. \eout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax = 8/55/104 ms R3#traceroute 10.0.0.4 Type escape sequence to abort. Tracing the route to 10.0.0.4 110.0.0. 200 msec * 112 msec R3#traceroute 10.0.0.2, Type escape sequence to abort. Tracing the route to 10.0.0.2, 110.0.0.2 148 msec * 92 msec ‘Two spokes will be able to get each other directly.. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 176DMPVN Configuration Phase 2 (Dynamic Mapping) MOA. rca tne 1234 ilconigiNe ip adress 10.001 255.255.2550 ieee Al(contg:tf tunel source 0/0 7 Al(contg:f# tunel mode gremutipolot Bim Alconfig:DFip np network Ra(coni itertce tunnel 1234 fae R2(conigsh# Ip addeess 10.002 255.255 255.0 a Ra{conigf tunnel source s0/0 Ra(conit}# tunnel mode gre multipoint Ra(conig:t# ip nbrpnetworkid2 R2{config#. Ipnhrp map 10.00115.001 RatconfgIpnhepnhs10.001 LAB: DMVPN phase 2 using dynamic mapping: toop0 22a 199 1925682.0/24 R S0/0 25.0.0.2/24 Joop 0 $02 1LL2, loop 0 333.332 so/o £00 RI 15.0.0.1/28 192:168.1.0/24 Ra TASK: + Remove the tunnel configurations on all routers. * Reconfigure DMVPN phase 2 where Rt is the Hub, and R2/R3/R4 will be spokes. Use Ip addressing 10.0.0.x/24 and ensure that all tunnel end points should be able to reach each other. * Use Dynamic Mappings. NOA solutions,N.K Arcade, 2nd & 3rd floor Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution: om Page 177Ru/R2/R3/R4 Rx(config)# no int tunnel 1234 Rx#debug nhrp NHRP protocol debugging is on onri Ri(config)# int tunnel 1234 Ri(config.if}# ip address 10.0.0.1 255.255.255.0 Ri(config.if}# tunnel source 15.0.0.1 Ri(configif}# tunnel mode gre multipoint Ri(configif)# ip nhrp networkid 1 Ri(config.if}# exit Note: + Riwill be configured as hub. + Ipnhrp network 1D enables NHRP on tunnel interface. R2(config-f}# interface tunnel 1234 Ra(config-f}# ip address 10.0.0.2 255.255.255.0 Ra(config-f}# tunnel source so/o Ra(config-f}# tunnel mode gre multipoint ( ( ( ( 2 ‘2(configif}# ip nhrp network-id 2 Ra(config-f}# ip nhrp map 10.0.0.115.0.0.1 Ra(config:f}# ip nhrp nhs 10.0.0.1 Ra(config-f}# exit *Mar 1 02:34:16.439: NHRP: Tur234: Updating State Mapping FORTOLOLONI52NBMANS.6.018015.0008 *Mar 1 02:34:17.043: NHRP: Attempting to send packet via DEST 10.0.0. *Mar 1 02:34:17.043: *Mar 1 02:34:17.047: *Mar 102:34:17.05t: *Mar 1 02:34:17.055: NHRP: 92 bytes out Tunnelt234 Mar 1.02:34:17.135: vif 0, packet size: 112 *Mar 1 02:34:17.139: NHRP: netid_in= 0, to_us=1 R3(config)# interface tunnel 1234 R3(config:if}# ip address 10.0.0.3 255.255.255.0 tunnel source so/o tunnel mode gre multipoint ip nhrp networkid 3 ip nhrp map 10.0.0.115.0.0.1 ip nhrp nhs 10.0.0.1 if}# exit *Mar 1 02:36:53.599: NHRP: if_up: Tunneli234 proto 0 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 178*Mar 102: : NHRP: Tum234: Creating static mapping for 10.0.0.1/52 NEMA: 15.0.0.1 “Mar 10: NHRP: Attempting to send packet via DEST 10.0.0.1 *Mar 10: NHRP: Encapsulation succeeded. Tunnel IP addr 15.0.0.1 *Mar 1 02:36:54.007: NHRP: Send Registration Request via Tunnel1234 vrf 0, packet size: 92 Mar 1.02:36:54.007: src: 10.0.0.3, dst: 10.0.0.1 *Mar 1 02:36:54.01t: NHRP: 92 bytes out Tunnel1234 *Mar 1 02:36:54.111: NHRP: Receive Registration Reply via Tunnelt234 vrf 0, packet size: 112 Ra(config}# interface tunnel 1234 Ra(contigif}# — ip address 10.0.0.4 255.255.255.0 Ra(configif)# tunnel source so/o Ra(configif)# tunnel mode gre multipoint Ra(configif}# ip nhrp network-id 4 Ra(configif}# ip nhrp map 10.0.0.115.0.0.1 Ra(configif)# ip nhrp nhs 10.0.0.1 Ra(configif# exit *Mar 102:38: 1.451: NHRP: Tut234: Creating static mapping for 10.0.0.1/32 NBMA: 15.0.0.1 *Mar 1 02:38:21.531: NHRP: Attempting to send packet via DEST 10.0.0.1 *Mar 1 02:38:21.531: NHRP: Encapsulation succeeded. Tunnel IP addr 15.0.0.1 *Mar 1 02:38:21.535: NHRP: Send Registration Request via Tunneli234 vrf 0, packet size: 92 *Mar 1 :02:38:21.775: NHRP: Receive Registration Reply via Tunnel1234 vrf 0, packet size: 112 Raash ip nhrp 10.0.0.132 via 10.0.0.1, Tunneli234 created 00:02:54, never expire Type: static, Flags: used NBMA address: 15.0.0.1 R3#sh ip nhrp 10.0.0.1/32 via 10.0.0.1, Tunneli234 created 00:04:29, never expire Type: static, Flags: used NBMA address: 15.0.0.1 Ro#sh ip nhrp 10.0.0.1/32 via 10.0.0.1, Tunneli234 created 00:07:40, never expire Type: static, Flags: used NBMA address: 15.0.0.1 Rrdsh ip nhrp 10.0.0.2/32 via 10.0.0.2, Tunnel1234 created 00:07:48, expire 01:52:49 Type: dynamic, Flags: unique registered NBMA address: 25.0.0.2 10.0.0.3/32 via 10.0.0.3, Tunneli234 created 00:04:47, expire o1:55:13 Type: dynamic, Flags: unique registered NBMA address: 35.0.0.3, NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution: om Page 17910.0.0.4/32 via 10.0.0.4, Tunnelt234 created 00:03:28, expire or: Type: dynamic, Flags: unique registered NBMA address: 45.0.0.4 Ra¥sh ip nhrp 10.0.0.1/32 via 10.0.0.1, Tunneli234 created 00:08:39, never expire Type: static, Flags: used NBMA address: 15.0.0.1 Ra#traceroute 10.0.0.4 Type escape sequence to abort. Tracing the route to 10.0.0.4 110.0.0.1 184 msec 176 msec 10.0.0.4 164 msec in null netic-in 0 if_out Tunnelt234 netid-out 2 : Checking for delayed event 0.0.0.0/10.0.0.4 on list (Tunnel1234). 242:41.311: NHRP: Sending packet to NHS 10.0.0.1 on Tunnelt234 Maar 1.02:42:41.323: NHRP: Checking for delayed event 0.0.0.0/10.0.0.4 on list (Tunnelt234). *Maar 1 02:42:41.327: NHRP: No node found. *Mar 1.02:42:41.327: NHRI *Mar 1.02:42:41.33: NHRP: Send Resolution Request via Tunnel1234 vet 0, packet size: *Mar 1 02:42:41. 10.0.0.2, dst: 10.0.0.4 *Mar 10; *Mar 102: *Mar 1 02:42:41. 0.0.1 Mar 1.02:42:41.347: NHRP: vif 0, packet size: 72 *Mar 102:42:41.35t *Mar 1.02:42:41.355: NHRP: 72 bytes out Tunnel1234 *Mar 1.02:42:41.487: NHRP: MACADDR: if_in null netid-in 0 if_out Tunnel1234 netid-out 2 Maar 1 02:42:41.487: NHRP: Checking for delayed event 0.0.0.0/10.0.0.4 on list (Tunnelt234). *Mar 1.02:42:41.491: NHRP: No node found. *Mar 1.02:42:41.495: NHRI *Mar 1 02:42:41,663: NHRP: Receive Resolution Reply via Tunnelt234 vrf 0, packet size: 120 Mar 1:02:42:41.663: NHRP: netid_in = 0, to_us=1 Maar 1 02:42:41,667: NHRP: Checking for delayed event 0.0.0.0/10.0.0.4 on list (Tunnel1234).. *Mar 1 02:42:41,671: NHRP: No node found. *Mar 1.02:42:41.675: NHRP: No need to delay processing of resolution event nbma src:25.0.0.2 nbma dst:45.0.0.4 out Tunnelt234 Mar 1.09:19:18.949: NHRP: Receive Resolution Request vie Tunnel1234 vrf 0, packet size: 72 *Mar 1 09:19:18,953: NHRP: netid_in=1, to_us=0 *Mar 1 09:19:18.957: NHRP: nhrp_rtlookup yielded Tunnelr234 Mar 1.09:19:18.957: NHRP: netid_out 1, netid_in *Mar 1 09:19:18.961: NHRP: nhrp_cache_lookup_comp returned 0x65086730 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution: om Page 180*Mar 1.09:19:18.965: NHRP: Forwarding request due to authoritative request. *Mar 1 09:19:18.965: NHRP: Attempting to send packet via DEST 10.0.0.4 *Mar 1.09:19:18.96' Encapsulation succeeded. Tunnel IP addr 45.0.0.4 *Mar 1 09:19:18.973: NHRP: Forwarding Resolution Request via Tunneli234 vrf 0, packet size: 92 *Mar 1.09:19:18.977: Rié src: 10.0.0.1, dst: 10.0.0.4 *Mar 1 09:19:18,981: NHRP: 92 bytes out Tunnelt234 Rie Ra¥sh ip nhrp 10.0.0.132 via 10.0.0.1, Tunneli234 created 00:10:08, never expire Type: static, Flags: used NBMA address: 15.0.0.1 NBMA address: 45.0.0.4 R2#traceroute 10.0.0.4 Type escape sequence to abort. Tracing the route to 10.0.0. Ra#sh dmvpn Legend: Attr—> S -Static, D - Dynamic, |- Incompletea, N-NATed, L- Local, X -No Socket # Ent -> Number of NHRP entries with same NBMA peer Tunnelt234, Type:Spoke, NHRP Peers: # Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm attr 1 15.0.0.1 10.0.0.1 UP. 00:06:47 S 1 25.0.0.2 10.0.0.2 UP neverD Ra¥sh dmvpn Legend: Attrb -> S -Static, D - Dynamic, |- Incomplete N-NATed, L- Local, X -No Socket # Ent > Number of NHRP entries with same NBMA peer Tunnel1234, Type:Spoke, NHRP Peers:2, # Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb 1 15.0.0.1 0.0.0.1 UP 00:11:26 S 1 45.0.0.4 10.0.0.4 UP neverD Ra#traceroute 10.0.03 Type escape sequence to abort. NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 181Tracing the route to 10.0.0.3, 110.0.0.1 88 msec 256 msec 10.0.0.3 348 msec Rot *Mar 1.02:45:36.815: NHRP: MACADDR: if_in null netid-in 0 if_out Tunnel1234 netid-out 2 *Mar 1 02:45:36.819: NHRP: Checking for delayed event 0.0.0.0/10.0.0.3 on list (Tunneli234).. *Mar 1.02:45:36.823: NHRP: No node found. *Mar 1 02:45:36.827: NHRP: Sending packet to NHS 10.0.0.1 on Tunnelt234 Mar 1 02:45:36.839: NHRP: Checking for delayed event 0.0.0.0/10.0.0.3 on list (Tunnel1234). Mar 1 02:45:36.843: NHRP: No node found. *Mar 1 02:45:36.847: NHRP: Attempting to send packet via DEST 10.0.0.3, *Mar 1 02:45:36.851: NHRP: Send Resolution Request via Tunneli234 vrf 0, packet: *Mar 102:45:36.851: ste: 10.0.0.2, dst: 10.0.0.3 *Mar 1 02:45:36.855: NHRP: Encapsulation failed for destination 10.0.0.3 out Tunnelt234 *Mar 1.02:45:36.859: NHRP: Attempting to send packet via NHS 10.0.0.1 *Maar 1 02:45:36.863: NHRP: Encapsulation succeeded. Tunnel IP addr 15.0.0.1 *Mar 1 02:45:36.867: NHRP: Send Resolution Request via Tunnel1234 vrf o, packet size: 72 sfc: 10.0.0.2, dst: 10.0.0.1 *Mar 1.02:45:36.871: NHRP: 72 bytes out Tunnelt234 *Mar 1 02:45:36.907: NHRP: MACADDR: if_in null netid-in 0 if_out Tunnelt234 netid-out 2 *Maar 1 02:45:36.911: NHRP: Checking for delayed event 0.0.0.0/10.0.0.3 on list (Tunnelt234). e372 *Mar 102:45: NHRP: No node found. *Mar 1.02:45:36.919: NHRP: Sending packet to NHS 10.0.0.1 on Tunnel1234 *Mar 10245: NHRP: Receive Resolution Reply via Tunnelt234 vrf o, packet size: 120 *Mar 1.0245: NHRP: netid_in=0,to_us=1 *Mar 1.02:45:37.171: NHRP: Checking for delayed event 0.0.0.0]10.0.0.3 on list (Tunneli234).. *Mar 1.02:45:37.175: NHRP: No node found. *Mar 1 02:45:37.179: NHRP: No need to delay processing of resolution event nbma src:25.0.0.2 nbma dst:35.0.0.3 Ra¥sh dmvpn Legend: Attrb > $ -Static, D - Dynamic, 1- Incompletea N-NATed, L- Local, X-No Socket # Ent > Number of NHRP entries with same NBMA peer Tunneli234, Type:Spoke, NHAP Peers:3, #Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm attr 1 15.0.1 10.0.0.1 UP oost2:11S 1 35.0.0.3 10.0.0.3 UP. neverD 1 45.0.0.4 10.0.0.4 UP neverD Ro#sh ip nhrp 10.0.0.1132 via 10.0.0.1, Tunnelt234 created 00:12:17, never expit Type: static, Flags: used NBMA address: 15.0.0.1 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution: om Page 18210.0.0.3/32 via 10.0.0.3, Tunnelt234 created 00:00:26, expire 01:59:33, Type: dynamic, Flags: router used NBMA address: 35.0.0.3, 10.0.0.4/32 via 10.0.0.4, Tunnelt234 created 00:03:21, expire or: Type: dynamic, Flags: router NBMA address: 45.0.0.4 Ra#traceroute 10.0.0.3 Type escape sequence to abort. Tracing the route to 10.0.0:3, 110.0.0.3 52msec* 100 msec NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolutions. com Page 183:: Routing Protocols over DMVPN phase 1 -RIPv2 loop 0 2222/32 fo/0 192.168.2.0/24 R2 So/0 25.0.0.2/24 loop 0 1344/32, loop 0 3/32 40/0 30/0 192.168.3.0/24 £00 Rt 15.0.0.1/24 192.168.1.0/24 psoas asl loop 0 444/32 30/0) 45.0.0.4/24 =~ .92.168.4.0/24 TASK: * Configure DMVPN Phase tusing NHRP Dynamic Mapping: (Refer previous labs for complete set of steps) + This lab assumes that the routers are preconfigured with DMVPN phaset. Ri(config)# int tu 1234 Ri(config.if}# ip address 10.0.0.1 255.255.255.0 Ri(configif)# tunnel source 15.0.0.1 Ri(config.if}# tunnel mode gre multipoint Ri(config.if}# ip nhrp networ! Ri(config.if}#exit Configuration on Spokes: Ra(config)# int tu 1234 Ra(config-f}# ip address 10.0.0.2 255.255,255.0 ( ( Ra(config-f}# tunnel source so/o Ra(config-f}# tunnel destination 15.0.0.1 Ra(config-f}# ip nhrp network-id 2 Ra(config-f}# ip nhrp nhs 10.0.0.1 Ra(config-f}# ip nhrp map 10.0.0.115.0.0.1 Ra(config:if}#exit, Roping 10.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution om Page 184Success rate is 100 percent (5/5), round-trip min/avgimax = 8/40/96 ms Ra¥sh ip nhrp 10.0.0.1/32 via 10.0.0.1, Tunneli234 created 00:07:33, never expire Type: static, Flags: NBMA address: 15.0.0.1 R3(config)#int tunnel 1234 3(config.if}#ip address 10.0.0.3 255.255.255.0 3(config-if)# tunnel source Serialolo 3(config-f)# tunnel destination 15.0.0.1 R3(configif}# ip nhrp network-id 3 R3(configcif}# ip nhrp nhs 10.0.0.1 R3(config:if}#ip nhrp map 10.0.0.1 15.0.0.1 R3(config:if}#end R3#ping 10.0.0.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: Success rate is 100 percent (5/5), roundtrip min/avgimax = 8/30/80 ms R3#ping 10.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds: Success rate is 100 percent (5/5), roundtrip minjavgimax = 16/88/180 ms R3#sh ip nhrp 10.0.0.1/32 via 10.0.0.1, Tunnel1234 created 00:01:38, never expire Type: static, Flags: NBMA address: 15.0.0.1 Ra(config) int tu 1234 Ra(contig:if)# ip address 10.0.0.4 255.255.255.0 Ra(configif)# tunnel source solo Ra(configif)# tunnel destination 15.0.0.1 Ra(config:if)# ip nhrp network-id 1 Ra(config.if)# ip nhrp nhs 10.0.0.1 Ra(configif)# ip nhrp map 10.0.0.1 15.0.0.1 Ra(configf# exit Raash ip nhrp 10.0.0.1/32 via 10.0.0.1, Tunnelt234 created 00:00:20, never expire Type: static, Flags: NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall, Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution: om Page 185NBMA address: 15.0.0.1 Reaping 10.0.0.1 Type escape sequence to abort. Sending 5, 100:byte ICMP Echos to 10.0.0.1, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip minjavgimax = 4/41/100 ms Radping 10.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds: Success rate is 100 percent (5/5), round-trip min/avgimax = 16/38/104 ms Raaping 10.0.0.3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.3, timeout is 2 seconds: Success rate is 100 percent (5/5), roundtrip minfavgimax = 16/52/124 ms Rq#traceroute 10.0.0.3 Type escape sequence to abort. Tracing the route to 10.0.0.3 110.0.0.1 84 msec 64 msec 24 msec 2 10.0.0.3 32 msec * 40 msec TASK: * Configure all the routers to have reachability between LAN interfaces (192.168.x.0/24) © use RIPV2. Ri(config)# router rip Ri(config-router) version 2 Ri(config-router)éno auto-summary ( ( ( 1(config-router)# network 10.0.0.0 Ri(config-router)# network 192.168.1.0 Ri(config-router)# exit R2(config}# router rip Ri(config-router)#no auto-summary Ra(config-router)# version 2 Ra(config-router)# network 10.0.0.0 Ra(config-router)# network 192.168.2.0 Ra(config-router)#exit R3(config)# router rip R3(config-router}#no auto-summary R3(config-router)# version 2 R3(config-router)# network 10.0.0.0 NOA solutions,N.K Arcade, 2nd & 3rd floor, Opposite to banjara function hall,Banjarahills road no 1 Hyderabad, INDIA. +91 40 65890380, +91 7036826345 www.noasolution: om Page 186