Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
BSTS (2005-2008)
FINAL
IMPLEMENTING COMPLEX MP-BGP
DISSERTATION
REPORT OVER-LAPPING VPNS
Undertaken by
Session 2005-2008
Supervised by
Committee:
Supervisor: Sir Engineer Ahmad Mustufa
Signature: Dated:
External Examiner:
Signature: Dated:
First of all, we are thankful to Almighty ALLAH who gave us the courage and patience to
complete the dissertation.
No doubt, many individuals have profoundly influenced us during our graduate studies at the
Bahauddin Zakariya University, Multan and it is a matter of great pleasure to acknowledge the
guidance and support extended by all these benevolent fellows.
We would like to express out most revered thanks to our supervisor: Engineer Ahmad Mustufa,
who has always extended out of turn support and guidance to us to work on this project. No
doubt, he has scarified plenty of his precious time and his brain to make us handle this arduous
project. Had not be encouraged us from time to time by taking the time to read and critique out
thesis, we would have surrounded the mission unaccomplished.
We are deeply grateful to our teachers especially Madam Sarwat, Sir Imran, Engineer Laeeq
Akhtar, Engineer Abdul Mannan, Engineer Tariq Aziz, Engineer Aqeel, for their prudence and
foresightedness to inspire us to execute into such interesting and innovative studies like this.
Obviously, all of them have been kind enough to us during execution of the project by sharing
their Knowledge and as well as giving us nice pieces of advice, appositely, adequately and
generously.
Another round of applause goes to our special friends – to name some of them – Zohaib Aslam,
Rumman Ahmad, Assam Hammad, Sufyan Masuod, Akmal Khan Warsi & Talal Mehmood.
Surely, these people have been true benefactors in our whole study session at BZU.
And last but obviously not the least, we wish our kind Parents & Siblings who extended their
invaluable support during whole of our life.
A big part of the sensation is the result of the huge success of MPLS VPN in the industry. Service
providers quickly recognized the great benefits of MPLS VPN and deployed it quickly while
features for it were still being developed. These days even enterprise customers are looking at
MPLS VPN with interest. They might have already deployed MPLS VPN for the benefit of a
greater scalability. Other benefits to them are the separation of departments, or the easier
deployment of PE and CE routers.
The Overlapping VPNs or Extranets have evolved as one of the most deployed features of MPLS.
As per the growing connectivity requirements of the corporate world today, Overlapping VPNs
have confronted a tremendous success. The demand for extranets is increasing with time for
they provide greater scalability, security and easier implementation of the network machines.
Now days, the corporates require a secure & easily implemented connectivity solution to have
their uninterrupted relation with their counterparts all over the world. The dissertation
document addresses this surprising technology in the most apprehensible way. These writings
showcase that how two or more organizations can colligate with each other by the use of MP-
BGP VPNs.
Episode 0 Baseline Configuration
Episode 0
Baseline Configuration
The Topology
The following tables list the interface addresses of the Core routers:
This table lists the interface addresses of the Customer Edge A routers:
The next table lists the interface addresses of Customer Edge B machines:
Episode 1
• neighbor table
• routing table
• topology table
However, as a matter of fact, SPF is rarely used. SPF is only used to find OSI neighbors. Actually,
it uses Partial Route Calculation (PRC) to calculate IP reachability.
• Level 1 (L1) router maintains the topology database of its own area.
• Level 2 (L2) routers are considered as back bone routers maintaining the backbone of
the whole network. And the back bone runs to all areas.
• Whereas Level 1-2 (L-1-2) routers carry the relations with both L1 & L2 routers to bridge
between L1 and the back bone L2 routers.
• L1 & L2 routers form like relationships but maintain different databases for level 1
routers and level 2 routers. They actually maintain two relationships with each other
i.e., leve1 and level 2 associations separately.
• L-1-2 routers actually act as OSPF’s ABRs.
• In IS-IS, a router belongs to one area at a time unlike OSPF where a router can be in
different areas.
• End systems participating in the process are known to be End System- Intermediate
System (ES-IS).
Address format
To configure IS-IS on Provider router, first we configure IS-IS in the global configuration mode,
giving its NET & defining the level of the router. Provider is deep in the core, so it must be a
level-2 router. Then, the intended interfaces are configured step by step. As the Provider router
exists deep inside the core, so all of its interfaces are configured for IS-IS. The isis circuit-type
command tweaks the interface to send only the intended level packets, thus saving bandwidth.
The Provider Edge 1 router is being configured here as a level-1-2 router as it is connected to
the Provider level-2 router & on any other of its interfaces, it can establish a level-1 relationship
if needed, e.g., with any new Customer who might be running IS-IS. Here, we only need to
include interface serial 1/0 and interface loopback 0 in the IS-IS routing process. The
configuration is as under:
The Provider Edge 2 router is also configured here as a level-1-2 router as it is connected to the
Provider level-2 router & at any other of its interfaces, it can establish a level-1 relationship if
needed, e.g., with any new Customer who might be running IS-IS. Here, we only need to include
interface serial 1/0 and interface loopback 0 in the IS-IS routing process. The configuration is as
under:
The Provider Edge 3 router is also configured here as a level-1-2 router as it is connected to the
Provider level-2 router & on any other of its interfaces, it can establish a level-1 relationship if
needed, e.g., with any new Customer who might be running IS-IS. Here, we only need to include
interface serial 1/0 and interface loopback 0 in the IS-IS routing process. The configuration is as
under:
To verify the IS-IS routing process, we run show clns neighbors command to confirm the IS-IS
neighbors of the provider & we can see that all the core machines are participating in IS-IS
process. The next verification command is show isis topology, which gives a peak into the
whole of IS-IS topology while we sit at the Provider router.
These labels are attached to the IP packets, enabling the routers to forward the traffic by
looking at the label and not the destination IP address. The packets are forwarded by label
switching instead of by IP switching.
Optimizes IP
IP is broadly accepted as the platform for converged network services, but the traditional IP
networks have faced shortcoming especially in the field of scalability, security and quality of
service. MPLS technology is designed to address the shortcomings of the IP network and
enabling the providers to ensure the amenities of QoS scalability and security to the network.
Terminologies
• The routers within an MPLS network that are responsible for label processing are known
as Label Switched Routers (LSRs)
• The path followed by data is known as a Label Switched Path (LSP).
• The Tag Distribution Protocol (TDP) is Cisco’s proprietary protocol that is used to bind
tags (which are the same as MPLS labels) to network routes in the routing table.
• The Label Distribution Protocol (LDP) is the IETF version of Cisco’s TDP. LDP is used to
bind labels to network routes.
• The label information base (LIB) is a mapping of incoming labels to outbound labels,
along with outbound interface and link information.
• The LFIB is a subset of the LIB.
• An additional component that resides in the forwarding plane is the forwarding
information base (FIB).The FIB is built by Cisco Express Forwarding (CEF). The FIB is
essentially a cached version of the IP routing table that eliminates the need for a route-
cache. For Cisco MPLS or tag switching to work, CEF must be enabled.
is where information created and maintained from the control plane is actually used. Simply
put, we can think of the forwarding plane as being like a big cache.
Control Plane
The routing table is built in the control plane and cached in the forwarding plane. For labels, the
LIB is built in the control plane, and only those labels in use reside in the label forwarding
information base (LFIB).
Operation
On entry to an MPLS network, a fixed-format label is inserted at the front of each packet. This
label tells switching nodes throughout the network how to process and forward the data. The
packet's path through the network is defined by its initial labeling; the subsequent mapping of
labels is consistent at each node.
Each LSR in the MPLS network runs a Label Distribution Protocol (LDP). LDP distributes the
labels that are to be used to forward packets across the MPLS network using peer-to-peer
negotiation from network edge to network edge. These labels are bound to Forwarding
Equivalence Classes (FECs) each of which defines an IP address prefix for an egress point from
the network. The point to be noted is that these labels only have significance between these
LSR-peers.
Benefits of MPLS
• The use of one unified network infrastructure
• Better IP over ATM integration
• Border Gateway Protocol (BGP)-free core
• The peer-to-peer model for MPLS VPN
• Optimal traffic flow
• Traffic engineering
All of the interfaces of the Provider router are configured to run MPLS as follows:
The above trend is followed for interfaces serial 1/0 of all the three Provider Edges routers.
Now, to verify MPLS, we run show mpls ldp neighbor command at Provider. This command
shows us all the MPLS neighbors of the Provider.
Hence, we can see that the Provider router has established MPLS neighborship with the
Provider Edge routers. So, we don’t need to verify this on Provider Edges. Another interesting
command here is show mpls forwarding-table, which showcases the labels assigned to the
networks. And we do have the output cuts of this command for all the four core routers.
Episode 2
Features
• BGP runs on top of TCP (port 179).
• Updates are incremental & triggered.
• BGP is the slowest protocol on the planet to converge.
• BGP resides over an IGP.
• It is one of the most tunable and flexible routing protocol.
Attributes
• It uses compound set of metrics also called attributes.
• BGP attributes are of two types: well-known (every vendor supports) and optional.
• Well-known attributes might be mandatory (must be in the update) or discretionary.
• While optional attributes might be transitive (travel from router to router or AS-AS) or
non-transitive.
1. Well-known Attributes
AS path (mandatory) - is actually the list of AS numbers that a route has traversed in order to
reach a destination. It helps in loop prevention.
Next hop address (mandatory) - is the next hop IP address that is used to reach a certain
destination.
Origin (mandatory) - defines the origin of the path information. The origin attribute can assume
three values:
o IGP: This normally happens when we use the BGP network command or when IGP is
redistributed into BGP, than the origin of the path info will be IGP. This is indicated with
an “i” in the BGP table.
o EGP: NLRI is learned via EGP (Exterior Gateway Protocol). This is indicated with an “e” in
the BGP table.
o INCOMPLETE: A route is unknown or learned via some other means. This usually occurs
when we redistribute a static route into BGP and the origin of the route will be
incomplete. This is indicated with an “?” in the BGP table.
Local preference (discretionary) - is an indication to the AS about which path is preferred to exit
the AS in order to reach a certain network. A path with a higher local preference is more
preferred. The default value for local preference is 100.
Atomic aggregate (discretionary) – informs router that a route has been summarized.
2. Optional Attributes
Multi-exit discriminator - The metric attribute which is also called multi exit discriminator (MED,
BGP4) or Inter-As (BGP3) is a hint to external neighbors about the preferred path into an AS.
This is a dynamic way to influence another AS on which way to choose in order to reach a
certain route given that we have multiple entry points into that AS. A lower value of a metric is
more preferred.
Aggregator – goes right along the Atomic aggregator & tells actually who (router) has
summarized the route.
Here above, there iBGP neighborships are being established between loop backs of PE1-PE2,
PE1-PE3, under same Autonomous System with the command neighbor 192.168.1.2 remote-as
65000.
The Update- source loopback 0 command forces BGP to use the loopback IP address as the
source in the TCP neighbor connection. We use loopbacks for the neighborships so that they
never get down.
The next-hop-self command will allow us to force BGP to use a specified IP address as the next
hop rather than letting the protocol choose the next hop. By default, iBGP neighbors do not
change the next hop in the updates. Say, a neighbor A sends updates to the neighbor B, this
command tells the neighbor B to use the router A as the next hop for that update.
And now, as usual, the verification procedure. Sh ip bgp neighbors command shows the brief
description of neighborships with the BGP peers. On Provider Edge 1 down here, we can see
that it is forming iBGP neighborships with Provider Edge2 & 3 respectively.
Episode 3
Multi-Protocol BGP
In an MPLS-enabled network, it is not necessary for every device in the network to know about
every possible network route. In addition, labels can be stacked. In the case of MPLS VPNs, IP
packets enter the network as unlabeled IP. The edge-LSR not only applies a label for the packet
to move through the network, but it also provides a VPN label. This process is called label
stacking. The following figure shows the label stacking process.
Now, the question that teases here is that why is the VPN label important? Well, the answer is
“how else does an egress LSR know which VPN a packet is destined for?” Two Customers might
have an address space that may over-lap. In that case, the edge router will have no idea about
where to route the packet?
To remedy situations like these, the Provider Edge routers assign labels to customer routes that
show up in the VRF. Those labels are then propagated through Multi-Protocol BGP (MP-BGP).
MP-BGP must be configured for an MPLS VPN to work. In the following figure, the PE1 router
has assigned a label of 32 to the 10.0.0.0 network for Customer A and propagated that to P.
When a packet arrives at PE3, the router sees the VPN label first. Since PE1 assigned the label, it
knows exactly where the packet goes.
MP-BGP must be configured between all routers that need to propagate or exchange VPN
routes. To configure MP-BGP, the address-family vpnv4 command is used from within the
traditional BGP configuration. An address family is sometimes referred to as a routing context.
In this case, the address family vpnv4 command is used within global BGP configuration.
Therefore, this special context does not need a new BGP process. (Only one BGP process is
supported at a time on a Cisco IOS router). Neighbors, if already configured in global BGP,
simply need to be activated.
Communities must be configured as well. There are two types of communities: extended and
standard. Standard communities have not been replaced by extended communities. It is
necessary to specify extended communities between MP-BGP neighbors for proper VPN
operation. The default operation of BGP is to send no community values. Therefore, we must
manually configure MP-BGP to send both standard and extended communities.
Here above, already iBGP neighborships are activated for address-families with command
neighbor 192.168.x.x activate.
Send-community both command will allow the address families to carry standard and extended
communities.
Episode 4
• Virtual circuit-based VPN solutions deliver IP services across a public Frame Relay or
ATM network. This architecture uses a Layer 2 overlay model to map logical networks on
top of physical ones.
• Layer 3 IP tunneling architectures operate across routed core networks (e.g., using GRE
or IPSec). A tunnel applies to specific traffic and serves to hide certain information from
the rest of the network.
However, these technologies can be associated with scalability problems, largely because they
depend on creating and administering connections, not networks. Scalability suffers so much
because of the high volume of virtual circuits that have to be provisioned and because each
new customer or site added to a VPN will require new connections to be created and
supported.
In MPLS based VPNs, routing information is exchanged between a customer site and a service
provider edge site, and the service provider is responsible for establishing and maintaining
paths through the core and propagating routes between customer sites.
• Scalability is one of the foremost advantages of MPLS VPNs. They are based on
networks, not connections, hence they are easier to scale. There is no need to create a
full mesh of tunnels or permanent VCs between all sites in the VPN. Deploying and
maintaining an MPLS VPN is therefore easier than the VC-based or IP tunneling options.
• Security and privacy within an MPLS VPN is achieved by limiting the distribution of
routing information to all members of the VPN. Routes to VPN sites are only advertised
to members of the same VPN, and are not shared with devices outside the VPN.
In an MPLS VPN, routers are classified according to the roles they perform:
• Provider Edge (PE) routers are those routers within a service provider core network that
connect directly to a router at the customer's site.
• Provider (P) routers are all those routers within the VPN core network that are not edge
routers.
• Customer Edge (CE) routers are those routers at the customer premises that have a
direct interface to the PE router. These are sometimes known as CPE devices.
The PE routers actually define the membership of the VPN by maintaining configuration
information to link together all sites in the VPN. Members of a VPN are aware only of other
members, although sites can be in multiple VPNs. Provider core routers do not maintain any
VPN routing information but are responsible for forwarding traffic throughout the network
using MPLS.
Route distinguishers
• MPLS VPNs enable customer site networks to use private address space, rather than
globally registered IP addresses. This is achieved by ensuring unique public addresses for
use within the VPN, by means of Route Distinguishers (RDs).
• A route distinguisher (RD) creates routing and forwarding tables and specifies the
default route-distinguisher for a VPN.
• The RD is added to the beginning of the customer's IPv4 prefixes to change them into
globally unique VPN-IPv4 prefixes.
• An RD is either ASN-relative, in which case it is composed of an autonomous system
number and an arbitrary number, or it is IP-address-relative, in which case it is
composed of an IP address and an arbitrary number.
VRF tables
• One of the key points about a VPN is the maintenance of security and separation of
data; it must prevent communication between sites that are not in the same VPN.
• One of the ways in which this is achieved is by ensuring that VPNs have their own
routing and forwarding tables in the PE router, so a customer site that belongs to a VPN
can access only the set of routes contained in that routing table.
• Each PE router maintains a number of separate forwarding tables known as VRFs (VPN
Routing and Forwarding tables), and each site (i.e., each PE interface or sub-interface
connected to a CE device) must be mapped to one of those VRFs.
• The vital point here is that a VRF table does not necessarily correspond to a particular
VPN. Its purpose is to hold the routes that are available to a particular site connected to
a PE device. If a site is in multiple VPNs, the VRF associated with that site contains
routes from all the VPNs of which it is a member.
• VRF tables are propagated to other PE devices. But since a VRF table is not mapped
directly on to a VPN, it is necessary to identify the VPN to which each route applies. This
is achieved by means of route targets.
Route Targets
• Every route that is distributed from a VRF is tagged with an export route target attribute
identifying its VPN.
• Each VRF is tagged with one or more import route target attributes, indicating the VPNs
that it wants to import routes for.
• When routes are distributed, any route marked with a particular export route target
attribute will be installed in VRF tables marked with the same import route target
attribute.
• For a fully-meshed VPN, each site's VRF table imports and exports the same routes.
• For a hub and spoke VPN, the VRF table at the hub site imports routes from all sites,
while the VRF tables at the spoke sites import only routes from the hub site VRF.
To create a route-target extended community for a VRF, we use the route-target VRF sub-mode
command.
Syntax Description
import Imports routing information from the target VPN extended community.
both Imports both import and export routing information to the target VPN
extended community.
route-target-ext- Adds the route-target extended community attributes to the VRF's list of
community import, export, or both (import and export) route-target extended
communities.
Address Families
• To support the Multiprotocol behavior of BGP in Cisco IOS, the BGP routing process has
the concept of address families. The four address families that are currently supported
are IPv4, IPv6, vpnv4 (VPN-IPv4), and vpnv6 (VPN-IPv6).
• Virtual Routing & Forwarding tables work under address families in the routing
protocols. To pass VPN routes from one Provider Edge router to another, a BGP VPN
address family is established.
• Also, under the routing protocols processes, which run from Provider Edge machines to
Customer Edge machines, we need to establish IPv4 address families & they are
associated with the related VRFs.
• Next process is the redistribution of PE-CE protocols into BGP process & vice versa.
In the previous section, we established VPNv4 neighborships so, next step asks for the creation
of VRFs & the Route Distinguishers along with the Route Targets. Also, the related interfaces
are then bounded with their VRFs. And here we go for the Provider edges step by step:
Here above, on Pedge1 a VRF for customer A is created with command ip vrf custa (where
custa is the name of VRF) and route distinguisher of 1:10 for vrf is created with command rd
1:10.
Routes to be exported or imported with this vrf are set by commands route-target import 1:10,
route-target export 1:10.
Binding the vrf custa with s1/1 through command ip vrf forwarding custa.
Here above, on Pedge1 a VRF for customer C is created with command ip vrf custc (where custc
is the name of VRF) and route distinguisher of 1:30 for vrf is created with command rd 1:30.
Routes to be exported or imported with this vrf are set by commands route-target import 1:30,
route-target export 1:30.
Binding the vrf custc with s1/2 through command ip vrf forwarding custc.
Instead of using both import & export versions of route-target command, we can simply use
route-target both command as shown above & in next configurations.
Here above, on Pedge2 a VRF for customer B is created with command ip vrf custb (where
custb is the name of VRF) and route distinguisher of 1:20 for vrf is created with command rd
1:20.
Routes to be exported or imported with this vrf are set by commands route-target import 1:20,
route-target export 1:20.
Binding the vrf custb with s1/2 through command ip vrf forwarding custc.
The following configuration is for custa & custb on Provider Edge 3 router respectively.
Episode 5
PE to CE Routing Protocols
• It uses Dijkstra’s Shortest Path First algorithm which appears to be processor intensive.
• It sends triggered updates to announce network changes and periodic updates on long
intervals.
• OSPF divides the network into multiple areas & all areas must connect to area 0 which is
the area created for the first time and is the backbone area.
• Every area has a bunch of routers. All routers in an area have the same road map about
their area. The goal is to localize the updates within an area.
• One area connects to the other area through Area Border Routers (ABR). An ABR has it’s
interfaces in different areas with one interface in area 0 for sure.
• An Autonomous System Border Router (ASBR) is the router sitting at the boundary of
the autonomous system.
• OSPF elects one router to be a Designated Router (DR) & one router to be a Backup DR
(BDR) on multi-access segments.
Let’s configure OSPF for customer A sites connected to Provider Edge 1 & Provider Edge 3
router respectively.
Up here, the router ospf 1 vrf custa command is starting the OSPF process & also establishes a
VRF for Customer A. We did not use the keyword address-family here because the above
syntax is defined as it is for OSPF.
Then the network is propagated in the OSPF process through the network command.
The redistribute bgp 65000 subnets command redistributes the classless subnet routes from
BGP into OSPF.
After entering into router BGP process, redistributing OSPF routes into BGP with command
redistribute ospf 1.
This vice versa process of redistribution is necessary as BGP takes OSPF routes from 1 OSPF site
and takes them to another OSPF site through Provider Edge routers.
Now, at the Customer Edge A 1 (cea1), we will do the normal OSPF configuration as under:
As we can see in the mid of our configuration, the OSPF neighborship between Provider Edge 1
& Customer Edge 1 has been established. Now, to Provider Edge 3:
See, the loading is done. We are up with the OSPF neighbors. Obviously, this is the confirmation
time. Let’s check whether the Customer A’s both sites can reach each other! For the purpose,
we can use sh ip route command on both Customer Edges to ensure they receive each other’s
routes.
So, both the sites are receiving each other’s routes, means they can ping each other.
• EIGRP doesn’t send link state packets like OSPF does, it sends traditional distance-vector
updates containing information about the networks plus the cost of reaching them from
the perspective of the advertising router.
• It synchronizes routing tables between neighbors at startup and then sends specific
updates only when topology changes occur.
• This makes EIGRP suitable for large networks. It has a maximum hop count of 255.
• It supports unequal cost load balancing. Actually it combines best of distance vector and
link state protocols.
• It uses a sophisticated composite metric that includes bandwidth, delay, reliability, load
and MTU.
• EIGRP uses Diffusing Update Algorithm (DUAL) for selecting and maintaining the best
path to each remote network.
On Provider Edge 2 above, under EIGRP process, we created a vrf for custc through address-
family command.
Then, it’s the network propagation. And after that, we have to define the autonomous system
through autonomous-system command as it is necessary to mention under creating VRFs.
The no auto-summary command is used not to summarize the connected and propagated
networks. Then it’s the redistribution command with the default K values of EIGRP.
And lastly, under the VRF for Customer C in BGP process, EIGRP is redistributed.
See, we are up with the EIGRP neighborship between Provider Edge 2 & Customer Edge C 1.
Well, the neighbors are up! So, now let’s move towards the confirmation.
We can see both the remote sites now know about each other’s networks.
Here, as we use BGP as PE-CE protocol, we will establish an eBGP neighbor relation with
Customer B sites under VRF custb.
The as-override command helps receive routes with repeated autonomous system numbers. If
this command is not used, BGP won’t pass routes from one site of B to the other site of B as
both the sites of Customer B are in same autonomous system number.
The redistribute connected command redistributes connected network routes into BGP.
Provider Edge 2:
So, both the sites are receiving each other’s networks & are done.
Episode 6
In the context of today’s complex connectivity requirements, where organizations deal with
each other, demand connectivity with each other. Through the use of extranet topology, this is
achievable. Say, the main sites of two different organizations are capable of communicating
directly across the MP-BGP VPN backbone as they import each other’s routes into their VRFs.
The above implementation shows three customers as we have configured separate VPNs for
them. However, the three customers want their head-sites (CEA1, CEB1, and CEC1) only to
communicate with each other. The scenario above shows three customers with their head sites
namely CEA1, CEB1 & CEC2 and their remote sites namely CEA2, CEB2 & CEC2 respectively. It
also shows three different VPNs plus the extranet connectivity among the head sites.
Here above, on pedge1 we have configured a overlapping vrf named custabc with route
distinguisher 1:100 participating in multiple sites of A, B, & C.
Command route-target both 1:100 and route-target both 1:10 , will import and export routes
of Customer A site 2 & the of Customer B 1 and Customer C 1.
Then we bound the new VRF custabc to the interface s1/1 with ip vrf forwarding custabc, while
disassociating the vrf custa with it.
Now, the OSPF process is started for the new VRF custabc which neighbors with CEA1 as before,
but this time CEA1 receives the routes from CEA2, CEB1 and CEC1 as intended.
And then the new VRF needs to be distributed in the BGP address family for custabc.
The same configuration is repeated here except that as we are forming neighborship with CEC1
under the new VRF custabc so we have imported and exported routes for both 1:30 (Customer
C) & 1:100 (Customer A1, B1).
The same configuration is repeated here except that as we are forming neighborship with CEB1
under the new VRF custabc so we have imported and exported routes for both 1:20 (Customer
B) & 1:100 (Customer A1, C1).
And last but not the least, the verification process: we run the most famous sh ip route
command on all the three over-lapped sites i.e., CEA1, CEB1 & CEC1.
• www.knowledgenet.com
• www.cisco.com
• www.tdap.com
Dissertation Brief
Title Implementing Complex MP-BGP Over-Lapping VPNs
External Examiner
Machine used Intel Core 2 Duo @ 2.20 GHz with 1024 MB DDR-II memory