Getting the students familiar with Virtual Private Networks powered by MPLS technology. The lab features not only common L3VPN networks but overlapping VPNs, too. The network is built using GNS3 emulator. It's understood that the student is already familiar with MPLS technology and that is why the details on setting up MPLS in the service provider's network are not presented. One can review the lab on setting up of MPLS if necessary.
This lab emulates the service provider's network that offers L3 connectivity to its clients. The service provider's backbone network is powered by Cisco 7200 routers using MPLS technology. This lab emulates the procedure of maintaining connectivity between offices of two companies (A and B). R1, R6, and R8 are routers of company A, whilst R2, R7, and R9 are those of company B. R1, R2, R6, and R7 routers maintain common office networks and R8 and R9 routers terminate server segments of A and B companies.
It's understood that upon performing this lab the students should use supplementary literature if necessary.
- Perform all connections presented on the scheme.
- Develop an address plan for the service provider's network and client networks.
- Assign the IP addresses to the routers' interfaces in the service provider's network and enable an internal dynamic routing protocol like EIGRP.
- Create Loopback 0 interfaces on all routers. Assign them IP addresses with /32 mask.
- Make sure that every router of the service provider has a route to every address assigned to Loopback 0 interfaces of the other service providers' routers.
- Enable MPLS inside of the service provider's network.
- Use vrf definition vrfa command to create a VRF with vrfa name on R3 and R5 routers.
- Assign RD (Route Distinguisher) parameter equal to 1:101 to the created VRF using rd 1:101 command.
- Use address-family ipv4 command in order to specify that this VRF supports IPv4.
- Use route-target both 1:101 command in order to specify the route target parameter value for the respective address family for export and import.
- Use vrf forwarding vrfa interface command to add Fa1/0 interfaces into VRF vrfa on R3 and R5 routers and then assign them IP addresses.
- Assign the IP addresses to Gi0/0 interfaces of R1 and R6 routers. Also, create Loopback 0 interfaces, emulating the user networks, on these devices.
- Make sure that there is connectivity between R1-R3 and R5-R6 router pairs.
- Configure OSPF dynamic routing protocol on R1 and R6 routers. Enable it on Gi0/0 interfaces. Redistribute Loopback 0 interface networks into it.
- Enable OSPF for the respective VRF on R3 and R5 routers. One can use router ospf 1 vrf vrfa command in order to bind OSPF 1 routing process to VRF vrfa.
- Make sure that the respective routing table on R3 and R5 routers features routes towards the office network of client A. Make sure that the global routing table on R3 and R5 routers doesn't have routes towards the office networks of client B.
- Establish an iBGP session between R3 and R5 routers. Use the Loopback 0 interface addresses to do this.
- Use no auto-summary command to disable the automatic summary of routes.
- Activate vpnv4 support for the iBGP session configured in the previous item. Use the following commands: address-family vpnv4 unicast and neighbor ip_address activate where ip_address is the BGP neighbor address.
- Use neighbor ip_address send-community both command, where ip_address is the BGP neighbor address, in vpnv4 address family management mode on R3 and R5 routers to allow sending the neighbor information about standard and extended communities.
- Use sho bgp all summary command to make sure that the iBGP session has been established successfully.
- Perform mutual route redistribution between OSFP for client A and BGP process on R3 router. An example of the respective settings is presented below.
router ospf 1 vrf vrfa
redistribute bgp 1 subnets
router bgp 1
address-family ipv4 vrf vrfa
redistribute ospf 1 match internal external 1 external 2
- Use sho bgp all command, which must be performed on R5 router, to make sure that the routes from R1 router have been received successfully.
- Repeat the route redistribution procedure of client A prefixes between OSPF and BGP for R5 router. Make sure that R5 router receives all necessary prefixes.
- Make sure that all necessary client prefixes appeared on routers R1 and R6.
- Use ping command, which must be performed on R1 and R6 routers, to make sure that the remote office network is accessible.
- Make the same configuration for connection of client B, or in other words for R2 and R7 routers.
- Make sure that there is L3 connectivity between the offices of client B.
- Change OSPF protocol between PE (Provider Edge) and CE (Client Edge) routers to RIP on a certain link and to EIGRP on any other link.
- Make sure that the connectivity between the offices of both clients is maintained, while at the same time the exchange of routing information between the client and service provider is performed using different IGPs in different offices.
- Create another VRF with vrfac (rd=1:102) name on R3 router where the servers of company A would be connected.
- Connect R8 router to the VRF vrfac you have just created. Make sure that the exchange of routing information between PE and CE routers is taking place successfully.
- Use route-target=1:102 to ensure that routing information is exported from VRF vrfac on R3 router.
- Enable import of route-target, exported from VRF vrfa, for VRF vrfac on R3 router.
- Enable import of route-target, exported from VRF vrfac, for VRF vrfa on R3 and R5 routers.
- Enable route redistribution between BGP and IGP used for the exchange of routes between R3 and R8 routers.
- Make sure that the traffic is being exchanged successfully between the networks connected to R1, R6, and R8 routers.
- Create yet another VRF with vrfbc (rd=1:202) name on R5 router where servers of company B would be connected.
- Make sure that there's connectivity between the office and server networks of client B. Use route-target=1:202.
- Make sure that the transfer of routing information between the server networks of A and B clients is carried out successfully by changing parameters of import and export of route-target for vrfac and vrfbc.
- Make sure that there is connectivity between the networks with servers of both clients.
- Make sure that there is no connectivity between the office networks of different clients.
- Provide computers from the office networks of one client with access to the office networks of the other client and vice versa.
- Make sure that there is still no connectivity between the office networks of different clients.