MPLS VPN Extranet Route Leaking

ReneMolenaar · November 8, 2017, 3:53pm

This topic is to discuss the following lesson:

Zaman.rubd · November 24, 2017, 5:36pm

Hi Rene,

If I want to Communicate RED-CE1 to BLUE-CE1 and RED-CE2 to BLUE-CE2 then have to configure like the way you described in your lesson https://networklessons.com/cisco/ccie-routing-switching-written/vrf-lite-route-leaking/ . Right ???

Br//zaman

ReneMolenaar · November 27, 2017, 2:09pm

Hi Zaman,

If you don’t use MPLS then you can use VRF lite route leaking yes. If you do use MPLS, use MPLS VPN extranet route leaking.

Rene

rayjen1113 · September 2, 2018, 6:02pm

Hello Rene,

Can we just use the existing RT for exporting/importing vrf routes ? Would this config work?

PE1#show run | begin ip vrf
ip vrf BLUE
 rd 2:2
 route-target export 2:2
 route-target import 2:2
 route-target import 1:1
!
ip vrf RED
 rd 1:1
 route-target export 1:1
 route-target import 1:1
 route-target import 2:2

PE2#show run | begin ip vrf
ip vrf BLUE
 rd 2:2
 route-target export 2:2
 route-target import 2:2
 route-target import 1:1
!
ip vrf RED
 rd 1:1
 route-target export 1:1
 route-target import 1:1
 route-target import 2:2

ReneMolenaar · September 7, 2018, 7:01am

Hi Ray,

Yes, that would work just fine.

Rene

19nikm · March 12, 2019, 10:46pm

Why are the OSPF routes showing as IA route when all domain ID and area seems to be the same for the same customer?

lagapidis · March 14, 2019, 2:09pm

Hello Nikhil

When using OSPF in such a situation, the process ID plays a role in how learned OSPF routes are interpreted by CE devices. Specifically, the domain and process IDs affect the type of OSPF routes in the following way:

OSPF with unique process = O IA
OSPF with different process = O E2
OSPF with unique Process ID but different domain ID = O E2
OSPF with different process ID but unique domain ID = O IA

I hope this has been helpful!

Laz

lagapidis · April 17, 2020, 5:06am

Hello @pradyumnayadavgla

It seems you responded to me in a private message. I’ll post it and respond to it here so that others can benefit from the response. You said:

Hi Rene/Laz,

Can we make RED C1 to communicate with BLUE C1, BLUE C2 and RED C2 Simultaneously?

Yes we can. This in fact is the purpose of the MPLS VPN Extranet route leaking feature. If you take a look at the output of the show ip route ospf command on RED-CE1, you will see that you have OSPF routes to Red-CE2 using O IA routes and to both Blue-CE1 and Blue-CE2, using O E2 routes. And all this connectivity is enabled to all router simultaneously.

I hope this has been helpful!

Laz

pradyumnayadavgla · October 21, 2020, 11:32am

Hi Laz,

As per documents we are using RT( 1:2/2:1) for import/export , confusion is that the the value selected by us is on the basis of customer blue in AS 2 and Red cus in A1?

actually confused how did we you select value in import/export route from Cust red to Cus blue and vise-versa?

ccnp.manami · October 23, 2020, 9:44pm

Hi Rene,

Can you please give me an idea how can I get access to Internet (google.com) on my Laptop through a LAB created on GNS3 using MPLS VPN?

Thanks in Advance
Manami

lagapidis · October 25, 2020, 9:52am

Hello Pradyumna

For both the RD and RT, the format used is ASN:NN, where ASN is the service provider’s AS and NN is a number we pick to identify the site of the customer. However, as stated in this lesson, for both RD and RT, you can actually use any number you want. There is really no restriction.

So if it makes sense for you to use 1:2 and 2:1 because one is for import on one PE and the other is export on another PE, then you can use that.

Keep in mind that here we’re talking about EXTRANET route leaking, that is, from one VRF to another. This is why the RTs are different on the two PE routers for importing and exporting. If they were the same, then no VRF to VRF route leaking could take place.

I hope this has been helpful!

Laz

pradyumnayadavgla · October 25, 2020, 1:33pm

Actually i want to know how did you choose value 1:2 and 2:1 for import at one end and export at another end?, mean if we are selecting import 1:2 at PE1 then export must be 2:2 b/c initial no represent AS which is 2 for another VRF in which we want to export the route but NN must be same, is this the way of selection of import and export RT Here?

lagapidis · October 26, 2020, 10:49am

Hello Manami

So in more general terms, you want to be able to connect your GNS3 topology to the Internet, and have devices on that topology (a PC running as a VM in your computer) be able to view web sites. You can connect your topology using the following information provided by the GNS3 forum:

Now what your local topology is (MPLS VPN, simple IP network, or anything at all) doesn’t matter, you can still connect it to the Internet as shown in the above link.

I hope this has been helpful!

Laz

ccnp.manami · October 26, 2020, 8:17pm

It helps.
Thank you Laz.

ccnp.manami · October 27, 2020, 10:21pm

Hi Rene,

I was trying the below scenario,

Scope of Work,

PART1
======
CE1 - will be accessing “ip https” service on AS8
CE11 - will be accessing “Internet” on AS88

PART2
======
CE1 - Also can access “Internet”
CE11 - also can access “ip https” service

Can’t able to configure the below properly:
===============================

MP-iBGP inside Service provider network with 2 RR
Can’t enable only VPNv4 inside MPLS Network
Can’t configure “Route Leaking”

Just want to add some more twist,
=================================

There will be two windows PC on AS1 , one can access ip https service & Internet and other can only access Internet (AS88)

Below are the device-wise configuration
=================================

PE1#sho running-config
Building configuration...

Current configuration : 3386 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
ip vrf Customer1
 rd 1:1
 route-target export 1:1
 route-target export 1:2
 route-target import 1:1
!
ip vrf Customer11
 rd 2:2
 route-target export 2:2
 route-target export 1:2
 route-target import 2:2
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
 ip vrf forwarding Customer1
 ip address 192.168.12.2 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet0/1
 ip vrf forwarding Customer11
 ip address 192.168.111.2 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/2
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/3
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/4
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/5
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet1/0
 no switchport
 ip address 192.168.24.2 255.255.255.0
 mpls ip
!
interface FastEthernet1/1
 no switchport
 ip address 192.168.25.2 255.255.255.0
 mpls ip
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Vlan1
 no ip address
!
router ospf 1
 log-adjacency-changes
 network 2.2.2.2 0.0.0.0 area 0
 network 192.168.24.0 0.0.0.255 area 0
 network 192.168.25.0 0.0.0.255 area 0
!
router bgp 2
 bgp log-neighbor-changes
 neighbor 5.5.5.5 remote-as 2
 neighbor 5.5.5.5 update-source Loopback0
 !
 address-family ipv4
  neighbor 5.5.5.5 activate
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 send-community both
 exit-address-family
 !
 address-family ipv4 vrf Customer11
  neighbor 192.168.111.11 remote-as 11
  neighbor 192.168.111.11 activate
  no synchronization
 exit-address-family
 !
 address-family ipv4 vrf Customer1
  neighbor 192.168.12.1 remote-as 1
  neighbor 192.168.12.1 activate
  no synchronization
 exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

=============================================================

PE2#show running-config
Building configuration...

Current configuration : 3203 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
ip vrf Customer1
 rd 1:1
 route-target export 1:1
 route-target import 1:1
!
ip vrf Customer11
 rd 2:2
 route-target export 2:2
 route-target import 2:2
!
ip vrf forwarding
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
 ip vrf forwarding Customer11
 ip address 192.168.211.3 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet0/1
 ip vrf forwarding Customer1
 ip address 192.168.13.3 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/2
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/3
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/4
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/5
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet1/0
 no switchport
 ip address 192.168.35.3 255.255.255.0
 mpls ip
!
interface FastEthernet1/1
 no switchport
 ip address 192.168.34.3 255.255.255.0
 mpls ip
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Vlan1
 no ip address
!
router ospf 1
 log-adjacency-changes
 network 3.3.3.3 0.0.0.0 area 0
 network 192.168.34.0 0.0.0.255 area 0
 network 192.168.35.0 0.0.0.255 area 0
!
router bgp 2
 no synchronization
 bgp log-neighbor-changes
 neighbor 5.5.5.5 remote-as 2
 neighbor 5.5.5.5 update-source Loopback0
 neighbor 192.168.13.1 remote-as 1
 no auto-summary
 !
 address-family ipv4 vrf Customer11
  neighbor 192.168.211.11 remote-as 11
  neighbor 192.168.211.11 activate
  no synchronization
 exit-address-family
 !
 address-family ipv4 vrf Customer1
  neighbor 192.168.13.1 remote-as 1
  neighbor 192.168.13.1 activate
  no synchronization
 exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

==============================================================

P1#sho running-config
Building configuration...

Current configuration : 2729 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname P1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
 ip address 4.4.4.4 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.46.4 255.255.255.0
 duplex auto
 speed auto
 mpls ip
!
interface Serial0/0
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/2
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/3
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/4
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/5
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet1/0
 no switchport
 ip address 192.168.24.4 255.255.255.0
 mpls ip
!
interface FastEthernet1/1
 no switchport
 ip address 192.168.34.4 255.255.255.0
 mpls ip
!
interface FastEthernet1/2
 no switchport
 ip address 192.168.47.4 255.255.255.0
 mpls ip
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Vlan1
 no ip address
!
router ospf 1
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0
!
router bgp 2
 no synchronization
 bgp log-neighbor-changes
 neighbor 5.5.5.5 remote-as 2
 neighbor 5.5.5.5 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 send-community both
 exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

===============================================================

P2-RR#sho running-config
Building configuration...

Current configuration : 4090 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname P2-RR
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
 ip address 5.5.5.5 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.57.5 255.255.255.0
 duplex auto
 speed auto
 mpls ip
!
interface Serial0/0
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/2
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/3
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/4
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/5
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet1/0
 no switchport
 ip address 192.168.35.5 255.255.255.0
 mpls ip
!
interface FastEthernet1/1
 no switchport
 ip address 192.168.25.5 255.255.255.0
 mpls ip
!
interface FastEthernet1/2
 no switchport
 ip address 192.168.56.5 255.255.255.0
 mpls ip
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Vlan1
 no ip address
!
router ospf 1
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0
!
router bgp 2
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 2
 neighbor 2.2.2.2 update-source Loopback0
 neighbor 3.3.3.3 remote-as 2
 neighbor 3.3.3.3 update-source Loopback0
 neighbor 4.4.4.4 remote-as 2
 neighbor 4.4.4.4 update-source Loopback0
 neighbor 6.6.6.6 remote-as 2
 neighbor 6.6.6.6 update-source Loopback0
 neighbor 7.7.7.7 remote-as 2
 neighbor 7.7.7.7 update-source Loopback0
 !
 address-family ipv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community both
  neighbor 2.2.2.2 route-reflector-client
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 send-community both
  neighbor 3.3.3.3 route-reflector-client
  neighbor 4.4.4.4 activate
  neighbor 4.4.4.4 send-community both
  neighbor 4.4.4.4 route-reflector-client
  neighbor 6.6.6.6 activate
  neighbor 6.6.6.6 send-community both
  neighbor 6.6.6.6 route-reflector-client
  neighbor 7.7.7.7 activate
  neighbor 7.7.7.7 send-community both
  neighbor 7.7.7.7 route-reflector-client
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community both
  neighbor 2.2.2.2 route-reflector-client
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 send-community both
  neighbor 3.3.3.3 route-reflector-client
  neighbor 4.4.4.4 activate
  neighbor 4.4.4.4 send-community both
  neighbor 4.4.4.4 route-reflector-client
  neighbor 6.6.6.6 activate
  neighbor 6.6.6.6 send-community both
  neighbor 6.6.6.6 route-reflector-client
  neighbor 7.7.7.7 activate
  neighbor 7.7.7.7 send-community both
  neighbor 7.7.7.7 route-reflector-client
 exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

===================================================================

PE3#sho running-config
Building configuration...

Current configuration : 3288 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
ip vrf Customer1
 rd 1:1
 route-target export 1:1
 route-target import 1:1
!
ip vrf Customer11
 rd 2:2
 route-target export 2:2
 route-target import 2:2
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
 ip address 6.6.6.6 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.46.6 255.255.255.0
 duplex auto
 speed auto
 mpls ip
!
interface Serial0/0
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet0/1
 ip vrf forwarding Customer11
 ip address 192.168.69.6 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/2
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/3
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/4
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/5
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet1/0
 no switchport
 ip vrf forwarding Customer1
 ip address 192.168.68.6 255.255.255.0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
 no switchport
 ip address 192.168.56.6 255.255.255.0
 mpls ip
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Vlan1
 no ip address
!
router ospf 1
 log-adjacency-changes
 network 6.6.6.6 0.0.0.0 area 0
 network 192.168.46.0 0.0.0.255 area 0
 network 192.168.56.0 0.0.0.255 area 0
!
router bgp 2
 no synchronization
 bgp log-neighbor-changes
 neighbor 5.5.5.5 remote-as 2
 neighbor 5.5.5.5 update-source Loopback0
 neighbor 5.5.5.5 next-hop-self
 no auto-summary
 !
 address-family vpnv4
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 send-community both
 exit-address-family
 !
 address-family ipv4 vrf Customer11
  neighbor 192.168.69.9 remote-as 88
  neighbor 192.168.69.9 activate
  no synchronization
 exit-address-family
 !
 address-family ipv4 vrf Customer1
  neighbor 192.168.68.8 remote-as 8
  neighbor 192.168.68.8 activate
  no synchronization
 exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

====================================================================

PE4#sho running-config
Building configuration...

Current configuration : 3452 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
ip vrf Customer1
 rd 1:1
 route-target export 1:1
 route-target import 1:1
!
ip vrf Customer11
 rd 2:2
 route-target export 2:2
 route-target import 2:2
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
 ip address 7.7.7.7 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.57.7 255.255.255.0
 duplex auto
 speed auto
 mpls ip
!
interface Serial0/0
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet0/1
 ip vrf forwarding Customer1
 ip address 192.168.78.7 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/2
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/3
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/4
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/5
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet1/0
 no switchport
 ip vrf forwarding Customer11
 ip address 192.168.79.7 255.255.255.0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
 no switchport
 ip address 192.168.47.7 255.255.255.0
 mpls ip
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Vlan1
 no ip address
!
router ospf 1
 log-adjacency-changes
 network 7.7.7.7 0.0.0.0 area 0
 network 192.168.47.0 0.0.0.255 area 0
 network 192.168.57.0 0.0.0.255 area 0
!
router bgp 2
 no synchronization
 bgp log-neighbor-changes
 neighbor 5.5.5.5 remote-as 2
 neighbor 5.5.5.5 update-source Loopback0
 neighbor 5.5.5.5 next-hop-self
 no auto-summary
 !
 address-family vpnv4
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 send-community both
 exit-address-family
 !
 address-family ipv4 vrf Customer11
  neighbor 192.168.79.9 remote-as 88
  neighbor 192.168.79.9 activate
  no synchronization
  network 9.9.9.9 mask 255.255.255.255
  network 99.99.99.99 mask 255.255.255.255
 exit-address-family
 !
 address-family ipv4 vrf Customer1
  neighbor 192.168.78.8 remote-as 8
  neighbor 192.168.78.8 activate
  no synchronization
  network 8.8.8.8 mask 255.255.255.255
  network 88.88.88.88 mask 255.255.255.255
 exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

===========================================================================
===========================================================================

CE1#sho running-config
Building configuration...

Current configuration : 1876 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
!
!
ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 no switchport
 ip address 192.168.12.1 255.255.255.0
!
interface FastEthernet0/1
 no switchport
 ip address 192.168.13.1 255.255.255.0
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface Serial1/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface FastEthernet2/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet3/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
!
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.12.2 remote-as 2
 neighbor 192.168.13.3 remote-as 2
 no auto-summary
!
no ip http server
no ip http secure-server
!
!
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

===================================================

CE11#sho running-config
Building configuration...

Current configuration : 2322 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE11
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
 ip address 11.11.11.11 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.211.11 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet0/1
 ip address 192.168.111.11 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/2
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/3
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/4
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/5
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet1/0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Vlan1
 no ip address
!
router bgp 11
 no synchronization
 bgp log-neighbor-changes
 neighbor 192.168.111.2 remote-as 2
 neighbor 192.168.211.3 remote-as 2
 no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

====================================================================

CE2#sho running-config
Building configuration...

Current configuration : 2534 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
 ip address 8.8.8.8 255.255.255.255
!
interface Loopback1
 ip address 88.88.88.88 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet0/1
 ip address 192.168.78.8 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/2
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/3
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/4
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/5
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet1/0
 no switchport
 ip address 192.168.68.8 255.255.255.0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Vlan1
 no ip address
!
router bgp 8
 no synchronization
 bgp log-neighbor-changes
 network 8.8.8.8 mask 255.255.255.255
 network 88.88.88.88 mask 255.255.255.255
 neighbor 192.168.68.6 remote-as 2
 neighbor 192.168.78.7 remote-as 2
 no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

=====================================================================

CE22#sho running-config
Building configuration...

Current configuration : 2536 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE22
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
interface Loopback0
 ip address 9.9.9.9 255.255.255.255
!
interface Loopback1
 ip address 99.99.99.99 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet0/1
 ip address 192.168.69.9 255.255.255.0
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/2
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/3
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/4
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial0/5
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet1/0
 no switchport
 ip address 192.168.79.9 255.255.255.0
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Vlan1
 no ip address
!
router bgp 88
 no synchronization
 bgp log-neighbor-changes
 network 9.9.9.9 mask 255.255.255.255
 network 99.99.99.99 mask 255.255.255.255
 neighbor 192.168.69.6 remote-as 2
 neighbor 192.168.79.7 remote-as 2
 no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

lagapidis · October 28, 2020, 6:37am

Hello Pradyumna

Once again, the actual labels used for import and export don’t matter. They could be 1:2 and 2:1 or 123:321 and 321:123. You could even use 4:8 and 2:6 if you like, they don’t even have to be in any way identical. As long as they are consistent, and of the same format, then you can use them.

For example, the route-target export of the RED VRF in PE1 should match the route-target import of the BLUE VRF in PE2.
Similarly, the route-target export of the BLUE VRF in PE1 should match the route-target import of the RED VRF in PE2.

Practically speaking, you could have:

PE1(config)#ip vrf RED
PE1(config-vrf)#route-target export 4:6

PE2(config)#ip vrf BLUE
PE2(config-vrf)#route-target import 4:6

and

PE2(config)#ip vrf BLUE
PE2(config-vrf)#route-target export 22:13

PE1(config)#ip vrf RED
PE1(config-vrf)#route-target import 22:13

Typically, the format is to use ASN:NN, but it is not enforced by the IOS.

I hope this has been helpful!

Laz

ccnp.manami · October 29, 2020, 7:04pm

Hi Rene,

I understand you have replied back but don’t find the reply

Thanks Manami

lagapidis · October 30, 2020, 5:47am

Hello Manami

First of all, it is difficult to dive right into a topology that has many different things going on at the same time. It is also difficult to troubleshoot by reviewing ten different configuration files without having the devices available to issue show and other verification commands. For this reason, I suggest you begin by creating topologies that build-up to this big one. For example:

Begin by creating a topology with two PEs, two CEs, and one P and practice route leaking without adding anything else.
Next, you can add an RR to the mix and see how that goes. Get it working and do extensive experimentation first, before you go on to the next step.
Next you can disable IPv4 unicast and enable only VPNv4 address family on the same topology.
Next add two more CEs and try some more complex route leaking scenarios
Finally, build the whole topology and apply everything at the same time.

Doing it this way will ensure that you understand each concept and have implemented it successfully before incorporating it into a topology with additional features. It takes a long time, but it is the most effective. The important thing to understand is that the goal is not to make this particular topology work but to gain an understanding of the processes involved. Some lessons that will help you along the way include:

Rene doesn’t have a lesson where the RR is being implemented in an MPLS environment, but it should be helpful for you to apply. Some help for using an RR only for VPNv4 is found below:

router bgp 1
no bgp default ipv4-unicast

address-family ipv4
no neighbor x.x.x.x activate

address-family vpnv4
neighbor x.x.x.x route-reflector-client

This configuration will disable IPv4 unicast and will activate the RR for VPNv4 only.

Finally, about the “twist”, you can only import and export routes for the whole AS. If you want to limit traffic to a particular host, you will have to use ACLs.

I hope this has been helpful!

Laz

ccnp.manami · October 30, 2020, 5:40pm

Hi Laz/Rene,

Thank you to guide me to build a big topology step by step. Your suggestion will surely help.

Can you please help me to understand few small concepts,

what is MP-iBGP? Is this similar to normal BGP Route Reflector setup? If not where is that differ?
implicit null & explicit null concept.
what will happen if LDP/IGP/MPLS DOESN’T synchronize?

Explanation with Diagram will always be appreciated.

Many Thanks
Manami

pradyumnayadavgla · October 31, 2020, 9:03am

Thanks Laz for this explanation