Task description

This lab models a situation where two provider's clients need to logically connect their remote networks in a way so that the traffic of one client never intercepts with the other client's traffic. In order to do this one needs to adjust virtual devices as part of the provider edge routers using VRF technology and create GRE-tunnels so that their ends go to the corresponding virtual routers.

Procedure description

At first one should understand what VRF is. VRF (Virtual Routing and Forwarding) is a mechanism of virtual routers creation within one physical device. Among the advantages of this method are almost complete independence of routing tables and the settings of various virtual devices. That's where we get its obvious application: if there's a large provider network where one needs to connect a certain number of new clients with peculiar settings (for example a new DHCP server or default gateway), one will simply need to create a virtual device and configure it in the right way. In our case VRF is used in order to partition traffic of different clients and build necessary logical topology.

The following network must be built on the basis of this task.

Over here LeftSPRouter, CentralSPRouter, and RightSPRouter routers model the provider network, 1Lan1Client and 2Lan1Client are the first client's remote networks, and 1Lan2Client and 2Lan2Client are the remote networks of the second client. One should use Cisco 7200 routers for the provider network and Cisco 3600 routers for building the office networks.

Modelling

Let's add the necessary routers and switches. And configure the switches: interface 1 on SW1 is in the trunk mode (the same mode is called dot1q on GNS3 switch), interface 2 is in the access mode and belongs to VLAN 2, interface 3 is in the access mode too and belongs to VLAN 3, and SW2 has the same settings. Let's connect the device as shown on the scheme, but connecting 1Lan1Client to the second interface of SW1, 1Lan2Client to the third interface of SW1, 2Lan2Client to the third interface of SW2, and 2Lan1Client to the second interface of SW2. That's where modelling section is about to be over and we are passing on to the setup.

Setup

Let's configure the above-mentioned scheme for the first client. In order to do this one will need to create virtual devices on the routers, adjust all necessary interfaces on these devices, create a GRE-tunnel on loopbacks, and finally apply the dynamic routing.

At first one must configure the VRF routers. Add a new virtual router on LeftSPRouter in the global configuration mode.

LeftSPRouter(config)# ip vrf Client1vrf

Assign it a unique ID.

LeftSPRouter(config-vrf)# rd 1:1

Repeat the same with RightSPRouter.

RightSPRouter(config)# ip vrf Client1vrf
RightSPRouter(config-vrf)#rd 1:2

Then configure 1Lan1Client. Enter the interface configuration mode towards the switch (in our case it's called fa0/0) and assign it the IP address with a mask using ip address 10.10.10.2 255.255.255.0 command. Enable the interface using no shutdown command. Also, please create a loopback interface that models the client network.

1Lan1Client(config)# int loopback 1
1Lan1Client(config-if)# ip address 10.10.11.1 255.255.255.0

Let's switch to the configuration of LeftSPRouter. Assign it the IP address with a mask using ip address 192.168.10.1 255.255.255.252 command in the interface configuration mode (towards CentralSPRouter). Enable the interface using no shutdown command.

Repeat the same with the interface towards RightSPRouter.

LeftSPRouter(config-if)# ip address 192.168.30.1 255.255.255.252
LeftSPRouter(config-if)# no shutdown

Now let's configure the interface towards SW1 switch. Enable a sub-interface, associate it with the virtual router, set encapsulation, and assign it the IP-address and mask.

LeftSPRouter(config)# int fa0/0.2
LeftSPRouter(config-if)# ip vrf forwarding Client1vrf
LeftSPRouter(config-if)# encapsulation dot1Q 2
LeftSPRouter(config)# ip address 10.10.10.1 255.255.255.0

Let's switch to the configuration of CentralSPRouter.

CentralSPRouter(config)# int fa0/0
CentralSPRouter(config-if)# ip address 192.168.10.2 255.255.255.252
CentralSPRouter(config-if)# no shutdown
CentralSPRouter(config)# int fa0/1
CentralSPRouter(config-if)# ip address 192.168.20.2 255.255.255.252
CentralSPRouter(config-if)# no shutdown

And then to RightSPRouter. Use the same settings as for LeftSPRouter. Configure and enable interfaces towards LeftSPRouter and CentralSPRouter using ip address 192.168.20.1 255.255.255.252 and ip address 192.168.30.2 255.255.255.252 commands, respectively. Now let's configure the interface towards SW2. Enable a sub-interface, add it to the virtual router, configure encapsulation, and assign it the IP-address and mask.

RightSPRouter(config)# int fa0/0.2
RightSPRouter(config-if)# ip vrf forwarding Client1vrf
RightSPRouter(config-if)# encapsulation dot1Q 2
RightSPRouter(config)# ip address 10.10.40.1 255.255.255.0

The only thing left now is to configure 2Lan1Client. Enter the interface configuration mode towards the switch and assign it the IP address with a mask using ip address 10.10.40.2 255.255.255.0 command. Launch the interface using no shutdown command. Also, please create a loopback interface that emulates the client network.

2Lan1Client(config)# int loopback 1
2Lan1Client(config-if)# ip address 10.10.41.1 255.255.255.0

That's where the first configuration phase ends. Now we need to configure a GRE-tunnel on loopback interfaces between RightSPRouter and LeftSPRouter. Add loopback1 interface in the global configuration mode on LeftSPRouter.

LeftSPRouter(config)# int loopback1
LeftSPRouter(config-if)# ip address 1.1.3.1 255.255.255.252

The tunnel configuration: create a tunnel interface, associate it with the virtual router, and configure the tunnel.

LeftSPRouter(config)# int tunnel1
LeftSPRouter(config-if)# ip vrf forwarding Client1vrf
LeftSPRouter(config-if)# ip address 1.1.1.1 255.255.255.252
LeftSPRouter(config-if)# tunnel source loopback1
LeftSPRouter(config-if)# tunnel destination 1.1.4.1
LeftSPRouter(config-if)# tunnel key 1

The second to the last command shows the address of the other endpoint of the tunnel, which we will configure later, whilst the last command is necessary for tunnel identification.

Let's explain the objective of tunnel key tunnel identification command. Client tunnels are often built on the same interfaces (in our case they are loopback interfaces), which leads to ambiguity in identifying whether an incoming packet belongs to this or that tunnel. One can find it out really easily themselves: only one tunnel will function (the one that was configured the last) if there's no specified key, which means that in our case the first client's tunnel will be switched off after the building of the second client's tunnel on the same loopback interfaces. The ambiguity issue may be solved by building client tunnels on various interfaces, which is pretty resource-intensive. It's really easier to specify the tunnel identification key, which we already did.

Now let's configure RightSPRouter.

RightSPRouter(config)# int loopback1
RightSPRouter(config-if)# ip address 1.1.4.1 255.255.255.252

The tunnel configuration: create a tunnel interface, associate it with the virtual router, and configure the tunnel.

RightSPRouter(config)# int tunnel1
RightSPRouter(config-if)# ip vrf forwarding Client1vrf
RightSPRouter(config-if)# ip address 1.1.1.2 255.255.255.252
RightSPRouter(config-if)# tunnel source loopback1
RightSPRouter(config-if)# tunnel destination 1.1.3.1
RightSPRouter(config-if)# tunnel key 1

Now the tunnel is configured, but it won't work unless the dynamic routing is configured and enabled.

Let's switch to the last phase in the configuration. Choose OSPF as the dynamic routing protocol.

In the provider network for LeftSPRouter.

LeftSPRouter(config)# router ospf 1
LeftSPRouter(config-router)# network 192.168.10.0 0.0.0.3 area 0
LeftSPRouter(config-router)# network 192.168.30.0 0.0.0.3 area 0
LeftSPRouter(config-router)# network 1.1.3.0 0 0.0.0.3 area 0

Now one needs to use the following commands in order to enable routing on LeftSPRouter inside VRF Client1vrf .

LeftSPRouter(config)# router ospf 2 vrf Client1vrf
LeftSPRouter(config-router)# network 10.10.10.0 0.0.0.255 area 0
LeftSPRouter(config-router)# network 1.1.1.0 0.0.0.3 area 0

In the provider network for RightSPRouter.

RightSPRouter(config)# router ospf 1
RightSPRouter(config-router)# network 192.168.20.0 0.0.0.3 area 0
RightSPRouter(config-router)# network 192.168.30.0 0.0.0.3 area 0
RightSPRouter(config-router)# network 1.1.4.0 0 0.0.0.3 area 0

And now the commands for routing on RightSPRouter inside VRF Client1vrf.

RightSPRouter(config)# router ospf 2 vrf Client1vrf
RightSPRouter(config-router)# network 10.10.40.0 0.0.0.255 area 0
RightSPRouter(config-router)# network 1.1.1.0 0.0.0.3 area 0

In the provider network for CentralSPRouter.

CentralSPRouter(config)# router ospf 1
CentralSPRouter(config-router)# network 192.168.20.0 0.0.0.3 area 0
CentralSPRouter(config-router)# network 192.168.10.0 0.0.0.3 area 0

On 1Lan1Client (OSPF process number – VLAN number).

1Lan1Client(config)# router ospf 2
1Lan1Client(config-router)# network 10.10.10.0 0.0.0.255 area 0
1Lan1Client(config-router)# network 10.10.11.0 0.0.0.255 area 0

On 2Lan1Client (OSPF process number – VLAN number).

2Lan1Client(config)# router ospf 2
2Lan1Client(config-router)# network 10.10.40.0 0.0.0.255 area 0
2Lan1Client(config-router)# network 10.10.41.0 0.0.0.255 area 0

That's where the first client configuration ends.

The configuration of the second client is not that different. Below you can see the settings for every device with explanations for the most complicate parts.

1Lan2Client

1Lan2Client(config)# int fa0/0
1Lan2Client(config-if)# ip address 10.10.20.2 255.255.255.0
1Lan2Client(config)# no shutdown
1Lan2Client(config)# int loopback 1
1Lan2Client(config-if)# ip address 10.10.21.1 255.255.255.0
1Lan2Client(config)# router ospf 3
1Lan2Client(config-router)# network 10.10.20.0 0.0.0.255 area 0
1Lan2Client(config-router)# network 10.10.21.0 0.0.0.255 area 0

LeftSPRouter

LeftSPRouter(config)# ip vrf Client2vrf\\new vrf router
LeftSPRouter(config-vrf)# rd 2:1
LeftSPRouter(config)# int fa0/0.3\\interface configuration towards the client network
LeftSPRouter(config-if)# ip vrf forwarding Client2vrf
LeftSPRouter(config-if)# encapsulation dot1Q 3
LeftSPRouter(config)# ip address 10.10.20.1 255.255.255.0
LeftSPRouter(config)# int tunnel2\\new tunnel
LeftSPRouter(config-if)# ip vrf forwarding Client2vrf
LeftSPRouter(config-if)# ip address 1.1.2.1 255.255.255.252
LeftSPRouter(config-if)# tunnel source loopback1\\launch the tunnel on the same loopback as
LeftSPRouter(config-if)# tunnel destination 1.1.4.1\\the first one
LeftSPRouter(config-if)# tunnel key 2\\the ID key will come in handy here
LeftSPRouter(config)# router ospf 3 vrf Client2vrf\\add 1Lan2Client in Client2vrf table
LeftSPRouter(config-router)# network 10.10.20.0 0.0.0.255 area 0
LeftSPRouter(config-router)# network 1.1.2.0 0.0.0.3 area 0

RightSPRouter

RightSPRouter(config)# ip vrf Client2vrf
RightSPRouter(config-vrf)# rd 2:2
RightSPRouter(config)# int fa0/0.3
RightSPRouter(config-if)# ip vrf forwarding Client2vrf
RightSPRouter(config-if)# encapsulation dot1Q 3
RightSPRouter(config)# ip address 10.10.30.1 255.255.255.0
RightSPRouter(config)# int tunnel2
RightSPRouter(config-if)# ip vrf forwarding Client2vrf
RightSPRouter(config-if)# ip address 1.1.2.2 255.255.255.252
RightSPRouter(config-if)# tunnel source loopback1
RightSPRouter(config-if)# tunnel destination 1.1.3.1
RightSPRouter(config-if)# tunnel key 2
RightSPRouter(config)# router ospf 3 vrf Client2vrf
RightSPRouter(config-router)# network 10.10.30.0 0.0.0.255 area 0
RightSPRouter(config-router)# network 1.1.2.0 0.0.0.3 area 0

2Lan2Client

2Lan2Client(config)# int fa0/0
2Lan2Client(config-if)# ip address 10.10.30.2 255.255.255.0
2Lan2Client(config)# no shutdown
2Lan2Client(config)# int loopback 1
2Lan2Client(config-if)# ip address 10.10.31.1 255.255.255.0
2Lan2Client(config)# router ospf 3
2Lan2Client(config-router)# network 10.10.30.0 0.0.0.255 area 0
2Lan2Client(config-router)# network 10.10.31.0 0.0.0.255 area 0

CentralSPRouter doesn't need to be configured. That's where the setup procedure ends and we pass on to testing the network.

Testing

  1. At first one must use ping 10.10.40.2 source 10.10.11.1 command from 1Lan1Client and ping 10.10.30.2 source 10.10.41.1 from 1Lan2Client in order to make sure that the packets successfully reach the network. Also, we will examine the packet path using traceroute command from the same devices and for the same addresses.
  2. Then we will make sure that OSPF protocol functions well by using show ip protocols and show ip route commands on all devices in the network. Think how the above-mentioned commands allow for understanding whether OSPF protocol functions well or not.
  3. Review the operation result of show ip protocols vrf Client1vrf command (show ip protocols vrf Client2vrf) on LeftSPRouter and RightSPRouter. Analyse the data you have received.
  4. Review the output of show ip route vrf Client1vrf command (show ip route vrf Client2vrf) on LeftSPRouter and RightSPRouter.
  5. Use Wireshark to capture the packets on channels between LeftSPRouter and RightSPRouter. Analyse the capture results.
  6. And finally we must check the network fault-tolerance: disable the channel between LeftSPRouter and RightSPRouter to make sure that the network is still functioning. Specify what devices can detect the changes in the provider network.
  7. Switch the channel you just disabled back on. Make sure that the routing in the provider network started functioning well again.
  8. Suggest a solution that allows for transmission of IPv6 user traffic between the client networks in such a way so that the readjustment of the provider network won't be necessary.
  9. *Implement the solution put forward in the previous item.

Add comment


Security code
Refresh

Found a typo? Please select it and press Ctrl + Enter.