MPLS Layer 3 VPN Configuration

Hello Haniyeh

This is an excellent question. This question clarifies the difference between the control plane and the data plane in an MPLS/Layer3 VPN environment.

The RT is involved in the exchange of routing information between CEs. It is used to allow CEs to export and import the correct routes (via the configuration on the PEs) so that CEs of particular customers can exchange routes correctly. The RT is involved in the control plane only.

Conversely, the VPN label is something that operates in the data plane. It is involved in the routing of data packets to the appropriate CE. When a packet reaches the PE, it must know to which VRF and to which customer the packet is destined for.

So the RT is involved in the import/export of routing information (control plane) while the VPN label exists on data packets and is used to determine which VRF (and ultimately which CE) the packet is destined for.

This is described in more detail in the following lesson:

Take a look especially at the sections titled RT (Route Target) and Transport and VPN Label.

I hope this has been helpful!

Laz

Hello, could you help me with an explanation of BGP-LU (Unicast label) please.

Where in the implemented scheme could it be applied?

Hello Alex

BGP Labelled Unicast is a feature that provides MPLS transport across IGB boundaries. What this means essentially is that you can you can send MPLS bindings between administrative systems functioning with EIGRP, OSPF, or IS-IS for example. In this way, MPLS labels can be shared with remote areas not sharing the local IGP.

BGP-LU advertisements only impact edge routers and border routers and not the transport routers found within administrative systems.

You can see a detailed example of such a network, and how it uses BGP-LU at the following link:

You can also review BGP-LU at RFC 3107.

I hope this has been helpful!

Laz

Hi,
I have a question if PE2 has both routing information on it’s table so why PE1 has only one prefix.

Hello Dinesh

Looking at the lesson, I see that at some point eBGP is configured between PE1 and CE1. Once that is done, we can see that PE1 receives one prefix as shown below:

Now at this point only one prefix is shown because eBGP configuration is not complete for PE2 and CE2. CE2 has already been configured, but not PE2. You can see in the above image that the very next step is to configure PE2. Once this is configured, then PE1 will also see the 5.5.5.5/32 network.

I hope this has been helpful!

Laz

Hi there,

I have an issue with the topology, at this web-site I’ve seen the the topology: https://networklessons.com/mpls/mpls-layer-3-vpn-configuration
But that topology is without redundant line and without RR on the router, and I am struggling with that. Because I would like to do a VPN sie-to-site connection.

Hello Robert

Your topology looks very ambitious! That’s great! Is there something more specific that we can help you with?

Laz

Hello Lazaros,

Thank you for compliment, I do not know how but I am trying to do a VPN over the AS1 (as SP), site-to-site (AS2-AS3-AS4-AS5), and I am strugling with several things. VRF MPLS, and now with NAT on site. because I have subinterfaces (Vlans) on each site without gateway for physical interface just default-gateway for each Vlans.

Rob

Hello Robert

I have a feeling that maybe you bit off a little more than you can chew? Looking at such a topology and attempting to implement these concepts can be a daunting task. The most important thing is to first gain a solid understanding of the technologies involved, and then to begin implementing the. I would suggest you go through some of the related lessons first, do the labs there, invest the time to gain the understanding, and then you will be in a position to tackle these bigger problems.

A good starting point is to go over Unit 3 of the MPLS course which focuses on MPLS VPN and VRFs. A good starting point is the following lesson, from which you can continue on with all the lessons in Unit 3.:

You can also take a look at the series of lessons on NAT, starting with the following, and going through the various other involved configurations.

As you go through these, and the tackle your large topology, we’ll be here to respond to your specific questions and queries.

I hope this has been helpful!

Laz

Hi Rene,

I’m confused between RT and RD…

Can you please help me to understand, whether we can configure different RD values on different PE for same customer or it should be same always ?

And, can we configure export/import RT values for the same customer for two-way communication ?

Just like below :-

PE1# >>>
ip vrf CUSTOMER
 rd 1:1
 route-target export 1:1 (traffic from PE1 to PE2)
 route-target import 1:2

PE2 >>>>
ip vrf CUSTOMER
 rd 1:1
 route-target export 1:2 (Traffic from PE2 to PE1)
 route-target import 1:1

Please help to make me understand …

Regards
Mukul Jain

Hello Mukul

The short answer is yes, you can configure different RD values on different PEs for the same customer. Remember that the RD values are used in order to make a particular prefix of a particular customer unique. They are not unique to the customer, they are unique to the prefix. Therefore if you have prefix A on customer 1 off of PE2 and prefix B on customer 1 off of PE1, you can indeed have different RDs. The prefixes at each customer site, along with the RD do indeed remain unique.

I hope this has been helpful!

Laz

I have a successful MPLS-VPN with R1 to R5/R6 communication. R10 is my route reflector. I need to do some additional testing where R1 tags it’s loopback with community 100:100 when sending it to R2. R2 receives the community but it does not get sent to R4.

#####
R1
router bgp 1
 bgp log-neighbor-changes
 network 1.1.1.1 mask 255.255.255.255
 neighbor 10.0.12.2 remote-as 100
 neighbor 10.0.12.2 send-community
 neighbor 10.0.12.2 route-map set-community out

ip prefix-list set-community seq 5 permit 1.1.1.1/32
!
route-map set-community permit 10
 match ip address prefix-list set-community
 set community 0:100 100:100 64984:0 65100:100
####
R2 
r2#show ip bgp vpnv4 vrf CUSTOMER-A 1.1.1.1
BGP routing table entry for 1:1:1.1.1.1/32, version 10
Paths: (1 available, best #1, table CUSTOMER-A)
  Advertised to update-groups:
     14        
  Refresh Epoch 1
  1
    10.0.12.1 (via vrf CUSTOMER-A) from 10.0.12.1 (1.1.1.1)
      Origin IGP, metric 0, localpref 100, valid, external, best
      Community: 0:100 100:100 64984:0 65100:100
      Extended Community: RT:1:1
      mpls labels in/out 30/nolabel
      rx pathid: 0, tx pathid: 0x0
####
R4
r4#show ip bgp vpnv4 vrf CUSTOMER-A 1.1.1.1
BGP routing table entry for 1:1:1.1.1.1/32, version 37
Paths: (1 available, best #1, table CUSTOMER-A)
  Advertised to update-groups:
     6         
  Refresh Epoch 2
  1
    2.2.2.2 (metric 3) (via default) from 10.10.10.10 (10.10.10.10)
      Origin IGP, metric 0, localpref 100, valid, internal, best
      Extended Community: RT:1:1
      Originator: 2.2.2.2, Cluster list: 10.10.10.10
      mpls labels in/out nolabel/30
      rx pathid: 0, tx pathid: 0x0

Hello Jeremy

Nothing out of the ordinary pops out from the configs and the topology you shared. Now you have configured R1 to send the community attribute to its neighbor. Have you made the same configuration to R2 (neighbor ip-address send-community) so that it too will send the community attribute to its neighbor, namely R4? You shouldn’t need a route map in this case since the attribute is already set.

Also, you might want to do some BGP debugging on R2 and R4 to see if the attribute is being sent correctly and if it is being received correctly as well…

The following links may also be helpful:

• Cisco Command Reference
• MPLS VPN Configuration Example lesson where communities are used.

Hopefully this gives you some insight on how to proceed with troubleshooting.

I hope this has been helpful!

Laz

This works now. My original lab that I had issues with was using vIOS for PE. When I switched that to CSRs, everything works great. Thanks for the response!

Please See attachment.

Multiple VRFs configured under the sub-interface for the VLAN-to-VRF mapping on Customer A, and Customer B.

All switches configured with VLANs matching to respective Customer router. For example, VLAN 50 maps to GigabitEthernet0/0/0/2.50.

Desktop default-gateways is the sub-interface (GigabitEthernet0/0/0/2.50) IP address for respective Customer.

The core is complete were PEs established vpnv4, and ipv4 peering between each other. Labels are flowing through the core when trace command was on PE and P routers.

Need assistance with completing the configuration on the PEs. Please see below:

I’m stuck at configuring the PEs where the VLAN/VRFs mappings on the Customer are transported by the PEs into the core.

The PEs and Customer router has a /30 IP address configured between them.

I’ve searched the web for documentation but was unsuccessful in finding anything useful. I have been at this for several weeks, so I decided to reach out to someone for assistance.
I cannot provide specific configuration since I’m reproducing my work environment.

Thanks
Tim

Hello Timothy

The best suggestion I can give you at this point is to take a look at the following lesson that details the configuration of MPLS Layer 3 VPN including the configuration at the PEs that incorporates VRFs, BGP, as well as the IGP that you may have configured.

In addition to this, there are a whole series of lessons you can see below this one in the Course Contents on the right that further describe configurations specific to the use of other protocols, as seen below:

Take a look and see if those can help you in your troubleshooting process. If you find yourself stuck on something specific, please don’t hesitate to reach out and ask further questions.

I hope this has been helpful!

Laz

Hi Rene,

My goal is to access Internet (viz google.com/cisco.com e.t.c.) over MPLS VPN Network.

I had a below scenario copied from you.

Final target is to access Internet on AS3 by Windows10 PC on AS1 over MPLS VPN Network.

1. I configured eBGP between PE-CE
2. Configured ospf as IGP
3. Created a VRF “Internet”
4. Configured iBGP between PE1-PE2
5. Created a static route on CE1 for accessing internet
6. Advertised L0 : 5.5.5.5/32 & 192.168.184.0/24 into BGP on CE2 Router

Verification
==========

PE1#sh ip route vrf Internet

Routing Table: Internet
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

**C    192.168.12.0/24 is directly connected, FastEthernet0/0**
**     5.0.0.0/32 is subnetted, 1 subnets**
**B       5.5.5.5 [200/0] via 4.4.4.4, 00:00:56**
**B    192.168.184.0/24 [200/0] via 4.4.4.4, 00:00:56**

CE1#sh ip bgp
BGP table version is 4, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   **Network          Next Hop            Metric LocPrf Weight Path**
***> 5.5.5.5/32       192.168.12.2                           0 2 3 i**
**r> 192.168.184.0    192.168.12.2                           0 2 3 i**

CE1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

**C    192.168.12.0/24 is directly connected, FastEthernet0/0**
**     1.0.0.0/32 is subnetted, 1 subnets**
**C       1.1.1.1 is directly connected, Loopback0**
**     5.0.0.0/32 is subnetted, 1 subnets**
**B       5.5.5.5 [20/0] via 192.168.12.2, 00:03:20**
**S    192.168.184.0/24 [1/0] via 192.168.12.2**
CE1#

CE1#ping 5.5.5.5 source loopback 0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
.....
Success rate is 0 percent (0/5)

CE1#ping 192.168.184.131 source loopback 0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.184.131, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
.....
Success rate is 0 percent (0/5)
CE1#



***CE1#sho running-config***
Building configuration...

Current configuration : 2311 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.12.1 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/2
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/3
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/4
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/5
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet1/0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Vlan1
 no ip address
!
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.12.2 remote-as 2
 no auto-summary
!
ip forward-protocol nd
ip route 192.168.184.0 255.255.255.0 192.168.12.2
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

CE1#


***PE1#sho running-config***
Building configuration...

Current configuration : 2886 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
ip vrf Internet
 rd 100:100
 route-target export 100:100
 route-target import 100:100
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
 ip vrf forwarding Internet
 ip address 192.168.12.2 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/2
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/3
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/4
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/5
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet1/0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Serial2/0
 ip address 192.168.23.2 255.255.255.0
 mpls ip
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Vlan1
 no ip address
!
router ospf 1
 log-adjacency-changes
 network 2.2.2.2 0.0.0.0 area 0
 network 192.168.23.0 0.0.0.255 area 0
!
router bgp 2
 bgp log-neighbor-changes
 neighbor 4.4.4.4 remote-as 2
 neighbor 4.4.4.4 update-source Loopback0
 !
 address-family ipv4
  no neighbor 4.4.4.4 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 4.4.4.4 activate
  neighbor 4.4.4.4 send-community both
 exit-address-family
 !
 address-family ipv4 vrf Internet
  neighbor 192.168.12.1 remote-as 1
  neighbor 192.168.12.1 activate
  no synchronization
 exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end



***P#sho running-config***
Building configuration...

Current configuration : 2758 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname P
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/2
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/3
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/4
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/5
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet1/0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Serial2/0
 ip address 192.168.23.3 255.255.255.0
 mpls ip
 serial restart-delay 0
!
interface Serial2/1
 ip address 192.168.34.3 255.255.255.0
 mpls ip
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Vlan1
 no ip address
!
router ospf 1
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0
!
router bgp 2
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 2
 neighbor 2.2.2.2 update-source Loopback0
 neighbor 4.4.4.4 remote-as 2
 neighbor 4.4.4.4 update-source Loopback0
 !
 address-family ipv4
  no neighbor 2.2.2.2 activate
  no neighbor 4.4.4.4 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community both
  neighbor 4.4.4.4 activate
  neighbor 4.4.4.4 send-community both
 exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end


***PE2#sho running-config***
Building configuration...

Current configuration : 2884 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
ip vrf Internet
 rd 100:100
 route-target export 100:100
 route-target import 100:100
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
 ip address 4.4.4.4 255.255.255.0
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/2
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/3
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/4
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/5
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet1/0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 ip address 192.168.34.4 255.255.255.0
 mpls ip
 serial restart-delay 0
!
interface Serial2/2
 ip vrf forwarding Internet
 ip address 192.168.45.4 255.255.255.0
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Vlan1
 no ip address
!
router ospf 1
 log-adjacency-changes
 network 4.4.4.4 0.0.0.0 area 0
 network 192.168.34.0 0.0.0.255 area 0
!
router bgp 2
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 2
 neighbor 2.2.2.2 update-source Loopback0
 !
 address-family ipv4
  no neighbor 2.2.2.2 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community both
 exit-address-family
 !
 address-family ipv4 vrf Internet
  neighbor 192.168.45.5 remote-as 3
  neighbor 192.168.45.5 activate
  no synchronization
 exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end



***CE2#sho running-config***
Building configuration...

Current configuration : 2317 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
ip name-server 8.8.8.8
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
 ip address 5.5.5.5 255.255.255.255
!
interface FastEthernet0/0
 ip address dhcp
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/2
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/3
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/4
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/5
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet1/0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 ip address 192.168.45.5 255.255.255.0
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Vlan1
 no ip address
!
router bgp 3
 no synchronization
 bgp log-neighbor-changes
 network 5.5.5.5 mask 255.255.255.255
 network 192.168.184.0
 neighbor 192.168.45.4 remote-as 2
 no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

Thanks in advance
Manami

Hello Manami

As mentioned in a previous post, it’s difficult to verify or troubleshoot a topology simply by examining the configurations of multiple devices without the benefit of implementing show and other test commands. As mentioned before, it’s a good idea to take it step by step. The steps you created are great, you’ll just have to examine the network after each one to see that all is working as expected.

The following lesson may be helpful in identifying and resolving specific issues found in a network:

I hope this has been helpful!

Laz

Hi Laz,

If you at least can help me to know if I need any extra setup for Internet to access over MPLS in GNS3 that will also be great help.

Thanks
Manami

Hello Manami

There’s nothing special that you need to do for an MPLS topology in GNS3 to connect it to the real Internet. You simply follow the same steps that are necessary as described in this previous post:

I hope this has been helpful!

Laz