In this post we demonstrate how to configure MPLS layer-3 VPN
on Cisco, Juniper and Alcatel-Lucent.
MP-BGP Established between PE routers. Click here to view
MP-BGP configuration.
MPLS enabled throughout the network.
Topology:
Hub
and spoke topology is used in this example.
Cisco
router is configured as HUB, Juniper and Alcatel is configured as Spoke.
Hub
Exports route-target 100:601075 and spokes import routes with route-target 100:601075.
Spokes
exports routes with route-target 100:601074 Hub Import routes with route-target
100:601074
Cisco configuration:
ip vrf
l3vpn-alu-cisco
rd 100:601074
route-target export 100:601075
route-target import 100:601074
!
!
interface GigabitEthernet2/28.1
encapsulation dot1Q 8
ip vrf forwarding l3vpn-alu-cisco
ip address 192.168.2.2 255.255.255.252
!
router bgp 100
!
address-family ipv4 vrf l3vpn-alu-cisco
no synchronization
redistribute static
default-information originate
exit-address-family
!
ip route
vrf l3vpn-alu-cisco 0.0.0.0 0.0.0.0 Null0
end
cisco-rtr#sh
ip route vrf l3vpn-alu-cisco
Routing
Table: l3vpn-alu-cisco
Codes: L -
local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O -
OSPF, IA - OSPF inter area
N1 -
OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF
external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 -
IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate
default, U - per-user static route
o - ODR, P - periodic downloaded static
route, + - replicated route
Gateway of
last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, Null0
192.168.1.0/30 is subnetted, 1 subnets
B 192.168.1.0 [200/0] via 100.64.0.3,
1d00h
192.168.2.0/24 is variably subnetted, 2
subnets, 2 masks
C 192.168.2.0/30 is directly connected,
GigabitEthernet2/28.1
L 192.168.2.2/32 is directly connected,
GigabitEthernet2/28.1
192.168.3.0/30 is subnetted, 1 subnets
B 192.168.3.0 [200/0] via 100.64.0.102,
1d00h
cisco-rtr#
cisco-rtr#sh
mpls forwarding-table vrf l3vpn-alu-cisco 192.168.1.0
Local Outgoing
Prefix Bytes Label Outgoing
Next Hop
Label Label or VC
or Tunnel Id Switched interface
None 18
192.168.1.0/30[V] 0
Gi2/16 172.31.22.90
cisco-rtr#
cisco-rtr#sh
mpls forwarding-table vrf l3vpn-alu-cisco 192.168.3.0
Local Outgoing
Prefix Bytes Label Outgoing
Next Hop
Label Label or VC
or Tunnel Id Switched interface
None 261354 192.168.3.0/30[V] 0 Gi8/1/0 172.31.22.42
cisco-rtr#
Site-1 CPE Configuration:
!
interface
FastEthernet0/0.1
encapsulation dot1Q 8
ip address 192.168.2.1 255.255.255.252
end
ip
route 192.168.1.0 255.255.255.252
192.168.2.2
ip
route 192.168.3.0 255.255.255.252
192.168.2.2
Ping CPE at Site-2:
CPE-1#ping
192.168.1.2
Type escape
sequence to abort.
Sending 5,
100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Ping CPE at Site-3
CPE-1#ping 192.168.3.2
Type escape
sequence to abort.
Sending 5,
100-byte ICMP Echos to 192.168.3.2, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
CPE-1#
Juniper Configuration:
jpr-rtr>
show configuration interfaces ge-1/1/2.1
vlan-id 46;
family inet
{
address 192.168.1.1/30;
}
jpr-rtr#
show routing-instances L3-vpn-Lab-38xx01
instance-type
vrf;
interface
ge-1/1/2.1;
route-distinguisher
100:6010175;
vrf-target
{
import target:100:601075;
export target:100:601074;
}
vrf-table-label;
Verification:
jpr-rtr>
show route table L3-vpn-Lab-38xx01.inet.0
L3-vpn-Lab-38xx01.inet.0:
3 destinations, 4 routes (3 active, 0 holddown, 0 hidden)
+ = Active
Route, - = Last Active, * = Both
0.0.0.0/0 *[BGP/170] 23:45:48, MED 0, localpref
100, from 100.64.0.6
AS path: ?,
validation-state: unverified
> to 100.64.169.50 via
ae10.316, Push 340, Push 401396(top)
192.168.1.0/30 *[Direct/0] 1w5d 02:36:25
> via ge-1/1/2.1
192.168.1.1/32 *[Local/0] 1w5d 02:36:25
Local via ge-1/1/2.1
{master}
jpr-rtr>
Site-2 CPE Configuration:
interface
GigabitEthernet0/1.46
encapsulation dot1Q 46
ip address 192.168.1.2 255.255.255.252
ip route
192.168.2.0 255.255.255.252 192.168.1.1
ip route
192.168.3.0 255.255.255.252 192.168.1.1
Ping CPE at Site-1
CPE-2#ping
192.168.2.1
Type escape
sequence to abort.
Sending 5,
100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Ping CPE at Site-3
CPE-2#ping
192.168.3.2
Type escape
sequence to abort.
Sending 5,
100-byte ICMP Echos to 192.168.3.2, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
CPE-2#
Alcatel Configuration:
In Alcatel-lucent Virtual Private Routed Network (VPRN) is a Layer 3 Virtual Private Network (VPN) service.
alu-rtr#configure
service customer 6010174 create
alu-rtr>config>service>cust#
description "l3vpn-alu-cisco-juniper"
alu-rtr>config>service>cust#
exit
alu-rtr#
configure router policy-options
alu-rtr>config>router>policy-options#
begin
alu-rtr>config>router>policy-options#community
"6010174_IMP_RT" members "target:100:601075"
alu-rtr>config>router>policy-options#
community "6010174_EXP_RT" members "target:100:601074"
alu-rtr>config>router>policy-options#
policy-statement "6010174_VRF_IMP"
alu-rtr>config>router>policy-options>policy-statement#
info
----------------------------------------------
entry 10
from
community
"6010174_IMP_RT"
exit
action accept
exit
exit
default-action reject
----------------------------------------------
alu-rtr>config>router>policy-options>policy-statement#
alu-rtr>config>router>policy-options>policy-statement#
info
----------------------------------------------
entry 10
action accept
community add
"6010174_EXP_RT"
exit
exit
----------------------------------------------
alu-rtr>config>router>policy-options>policy-statement#
exit
alu-rtr>config>router>policy-options#
commit
alu-rtr>config>router>policy-options#
exit
alu-rtr#
configure service vprn 6010174 customer 6010174 create
alu-rtr>config>service>vprn#
info
----------------------------------------------
vrf-import
"6010174_VRF_IMP"
vrf-export
"6010174_VRF_EXP"
route-distinguisher 100:6010176
auto-bind mpls
interface "gi-7/1/5:30" create
address 192.168.3.1/30
sap 7/1/5:30 create
exit
exit
no shutdown
----------------------------------------------
alu-rtr>config>service>vprn#
exit
alu-rtr#
Verification on alu-rtr:
alu-rtr# show router 6010174 route-table
===============================================================================
Route Table (Service: 6010174)
===============================================================================
Dest Prefix[Flags] Type Proto
Age Pref
Next
Hop[Interface Name] Metric
-------------------------------------------------------------------------------
0.0.0.0/0 Remote
BGP VPN 00h41m07s 170
100.64.0.6
(tunneled) 0
192.168.3.0/30 Local Local
06d04h02m 0
gi-7/1/5:30
0
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup
route available
L = LFA nexthop
available
S = Sticky ECMP
requested
===============================================================================
alu-rtr#
Customer Site-3
Configuration:
interface FastEthernet0/0.30
encapsulation dot1Q 30
ip address 192.168.3.2
255.255.255.252
end
ip route 192.168.1.0
255.255.255.252 192.168.3.1
ip route 192.168.2.0
255.255.255.252 192.168.3.1
Verification:
Site-2 reachability
CPE-3#ping 192.168.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
1/2/4 ms
Chennai_CPE#
Site-1 reachability
CPE-3#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
1/3/8 ms
CPE-3#
How MPLS, LDP, and T-LDP are configured on Cisco, Juniper and Nokia?
ReplyDeleteThanks!
I think here can answer your question: http://junosvscisco.blogspot.com/2016/08/eompls-l2circuit-epipe-configuration.html
DeleteThanks!