MPLS VPN

Practice Labs:
Redouane MEDDANE

Lab 2: MPLS VPN using EIGRP between PE-CE link

The interfaces of P and PE routers are enabled for frame mode MPLS with the mpls
ip interface subcommand and all P and PE routers use a common IGP (EIGRP with AS
200):

PE1#show mpls ldp neighbor

Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 1.1.1.1:0
TCP connection: 2.2.2.2.27727 - 1.1.1.1.646
State: Oper; Msgs sent/rcvd: 20/18; Downstream
Up time: 00:05:49
LDP discovery sources:
Serial1/0, Src IP addr: 192.168.12.2
Addresses bound to peer LDP Ident:
192.168.12.2 192.168.23.2 192.168.24.2 2.2.2.2
Peer LDP Ident: 4.4.4.4:0; Local LDP Ident 1.1.1.1:0
TCP connection: 4.4.4.4.35129 - 1.1.1.1.646
State: Oper; Msgs sent/rcvd: 20/18; Downstream
Up time: 00:05:22
LDP discovery sources:
Serial1/1, Src IP addr: 192.168.14.4
 Addresses bound to peer LDP Ident:
192.168.34.4 192.168.14.4 192.168.24.4 4.4.4.4

PE2#show mpls ldp neighbor

Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 3.3.3.3:0
TCP connection: 2.2.2.2.646 - 3.3.3.3.53352
State: Oper; Msgs sent/rcvd: 22/21; Downstream
Up time: 00:08:00
LDP discovery sources:
Serial1/0, Src IP addr: 192.168.23.2
Addresses bound to peer LDP Ident:
192.168.12.2 192.168.23.2 192.168.24.2 2.2.2.2
Peer LDP Ident: 4.4.4.4:0; Local LDP Ident 3.3.3.3:0
TCP connection: 4.4.4.4.18633 - 3.3.3.3.646
State: Oper; Msgs sent/rcvd: 22/20; Downstream
Up time: 00:07:22
LDP discovery sources:
 Serial1/1, Src IP addr: 192.168.34.4
Addresses bound to peer LDP Ident:
192.168.34.4 192.168.14.4 192.168.24.4 4.4.4.4

PE1#show mpls forwarding-table

Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 192.168.24.0/24 0 Se1/0 point2point
Pop Label 192.168.24.0/24 0 Se1/1 point2point
17 Pop Label 192.168.23.0/24 0 Se1/0 point2point
18 Pop Label 192.168.34.0/24 0 Se1/1 point2point
19 18 3.3.3.3/32 0 Se1/0 point2point
18 3.3.3.3/32 0 Se1/1 point2point
20 Pop Label 2.2.2.2/32 0 Se1/0 point2point
21 Pop Label 4.4.4.4/32 0 Se1/1 point2point

PE2#SHOW MPLs forwarding-table

Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 192.168.12.0/24 0 Se1/0 point2point
17 Pop Label 192.168.24.0/24 0 Se1/0 point2point
Pop Label 192.168.24.0/24 0 Se1/1 point2point
18 Pop Label 192.168.14.0/24 0 Se1/1 point2point
19 Pop Label 2.2.2.2/32 0 Se1/0 point2point
20 19 1.1.1.1/32 0 Se1/0 point2point
20 1.1.1.1/32 0 Se1/1 point2point
21 Pop Label 4.4.4.4/32 0 Se1/1 point2point

Configuration of VRF:
Create each VRF, RD, and RT, plus associating the customer-facing PE interfaces
with the correct VRF:
VRF CUST-A, RD 1:111, RT 1:100
VRF CUST-B, RD 2:222, RT 2:200

PE2
ip vrf CUST-A
rd 1:111
route-target export 1:100
route-target import 1:100
!
ip vrf CUST-B
rd 2:222
route-target export 2:200
route-target import 2:200
!
interface FastEthernet0/0
ip vrf forwarding CUST-B
ip address 192.168.38.3 255.255.255.0
!
interface FastEthernet0/1
ip vrf forwarding CUST-A
ip address 192.168.37.3 255.255.255.0

PE1
ip vrf CUST-A
rd 1:111
route-target export 1:100
route-target import 1:100
!
ip vrf CUST-B
rd 2:222
route-target export 2:200
route-target import 2:200
!
interface FastEthernet0/0
ip vrf forwarding CUST-A
ip address 192.168.15.1 255.255.255.0
!
interface FastEthernet0/1
ip vrf forwarding CUST-B
ip address 192.168.16.1 255.255.255.0

Configuring the IGP Between PE and CE routers

CE-A1:
router eigrp 1
network 10.0.0.0
network 192.168.15.0

CE-A2:
router eigrp 1
network 10.0.0.0
network 192.168.37.0

CE_B1:
router eigrp 1
network 10.0.0.0
network 192.168.16.0

CE_B2:
router eigrp 1
network 10.0.0.0
network 192.168.38.0

PE1:
router eigrp 65001
!
address-family ipv4 vrf CUST-A autonomous-system 1
network 192.168.15.1 0.0.0.0
exit-address-family
!
address-family ipv4 vrf CUST-B autonomous-system 1
network 192.168.16.1 0.0.0.0
exit-address-family

PE2:
router eigrp 65001
!
address-family ipv4 vrf CUST-A autonomous-system 1
network 192.168.37.3 0.0.0.0
exit-address-family
!
address-family ipv4 vrf CUST-B autonomous-system 1
network 192.168.38.1 0.0.0.0
exit-address-family
Verify the EIGRP neighbors:

PE1#show ip eigrp vrf CUST-A neighbors

EIGRP-IPv4 Neighbors for AS(1) VRF(CUST-A)
H Address Interface Hold Uptime SRTT RTO Q
Seq
(sec) (ms) Cnt
Num
0 192.168.15.5 Fa0/0 10 00:05:15 1573 5000 0 2

PE1#show ip eigrp vrf CUST-B neighbors

EIGRP-IPv4 Neighbors for AS(1) VRF(CUST-B)
H Address Interface Hold Uptime SRTT RTO Q
Seq
(sec) (ms) Cnt
Num
0 192.168.16.2 Fa0/1 11 00:06:24 168 1008 0 2

PE2#show ip eigrp vrf CUST-A neighbors

EIGRP-IPv4 Neighbors for AS(1) VRF(CUST-A)
H Address Interface Hold Uptime SRTT RTO Q
Seq
(sec) (ms) Cnt
Num
0 192.168.37.6 Fa0/1 14 00:03:04 196 1176 0 2

PE2#show ip eigrp vrf CUST-B neighbors

EIGRP-IPv4 Neighbors for AS(1) VRF(CUST-B)
H Address Interface Hold Uptime SRTT RTO Q
Seq
(sec) (ms) Cnt
Num
0 192.168.38.2 Fa0/0 12 00:05:25 1617 5000 0 2

Verify the the EIGRP topology tables:

PE1#show ip eigrp vrf CUST-A topology

EIGRP-IPv4 Topology Table for AS(1)/ID(192.168.15.1) VRF(CUST-A)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status

P 192.168.15.0/24, 1 successors, FD is 28160

via Connected, FastEthernet0/0
P 10.1.1.0/24, 1 successors, FD is 156160
via 192.168.15.5 (156160/128256), FastEthernet0/0

PE1#show ip eigrp vrf CUST-B topology

EIGRP-IPv4 Topology Table for AS(1)/ID(192.168.16.1) VRF(CUST-B)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status

P 10.2.2.0/24, 1 successors, FD is 156160

via 192.168.16.2 (156160/128256), FastEthernet0/1
P 192.168.16.0/24, 1 successors, FD is 28160
via Connected, FastEthernet0/1

PE2#show ip eigrp vrf CUST-A topology

EIGRP-IPv4 Topology Table for AS(1)/ID(192.168.37.3) VRF(CUST-A)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
 r - reply Status, s - sia Status

P 192.168.37.0/24, 1 successors, FD is 28160

via Connected, FastEthernet0/1
P 10.3.3.0/24, 1 successors, FD is 156160
via 192.168.37.6 (156160/128256), FastEthernet0/1

PE2#show ip eigrp vrf CUST-B topology

EIGRP-IPv4 Topology Table for AS(1)/ID(192.168.38.3) VRF(CUST-B)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status

P 192.168.38.0/24, 1 successors, FD is 28160

via Connected, FastEthernet0/0
via Rconnected (28160/0)
P 10.3.3.0/24, 1 successors, FD is 156160
via 192.168.38.2 (156160/128256), FastEthernet0/0

Verify the IP routes for each VRF:

PE1#show ip route vrf CUST-A

Routing Table: CUST-A

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 1 subnets

D 10.1.1.0 [90/156160] via 192.168.15.5, 00:15:47, FastEthernet0/0
192.168.15.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.15.0/24 is directly connected, FastEthernet0/0
L 192.168.15.1/32 is directly connected, FastEthernet0/0
PE1#
PE1#show ip route vrf CUST-B

Routing Table: CUST-B

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 1 subnets

D 10.2.2.0 [90/156160] via 192.168.16.2, 00:15:41, FastEthernet0/1
192.168.16.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.16.0/24 is directly connected, FastEthernet0/1
L 192.168.16.1/32 is directly connected, FastEthernet0/1
PE2#show ip route vrf CUST-A

Routing Table: CUST-A

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 1 subnets

D 10.3.3.0 [90/156160] via 192.168.37.6, 00:14:01, FastEthernet0/1
192.168.37.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.37.0/24 is directly connected, FastEthernet0/1
L 192.168.37.3/32 is directly connected, FastEthernet0/1
PE2#
PE2#show ip route vrf CUST-B

Routing Table: CUST-B

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 1 subnets

D 10.3.3.0 [90/156160] via 192.168.38.2, 00:13:26, FastEthernet0/0
192.168.38.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.38.0/24 is directly connected, FastEthernet0/0
L 192.168.38.1/32 is directly connected, FastEthernet0/0

The normal routing table does not have any routes for customer route 10.1.1.0/24,
nor for the connected subnet between PE1 and CE-A1 (192.168.15.0/24):

PE1#show ip route 10.1.1.0

% Network not in table
PE1#
PE1#show ip route 10.2.2.0
% Network not in table
PE1#
PE1#show ip route 192.168.15.0
% Network not in table
PE1#
PE1#show ip route 192.168.16.0
% Network not in table
PE1#

PE2#show ip route 10.3.3.0

% Network not in table
PE2#
PE2#show ip route 192.168.37.0
% Network not in table
PE2#
PE2#show ip route 192.168.38.0
% Network not in table
PE2#

Redistribution Between PE-CE routers (between IGP and MP-BGP):

PE1(config)#router bgp 65001

PE1(config-router)#address-family ipv4 vrf Cust-A
PE1(config-router-af)#redistribute eigrp 1
PE1(config-router-af)#address-family ipv4 vrf Cust-B
PE1(config-router-af)#redistribute eigrp 1
PE1(config-router-af)#router eigrp 65001
PE1(config-router)#address-family ipv4 vrf Cust-A
PE1(config-router-af)#redistribute bgp 65001 metric 10000 1000 255 1 1500
PE1(config-router-af)#address-family ipv4 vrf Cust-B
PE1(config-router-af)#redistribute bgp 65001 metric 5000 500 255 1 1500

PE2(config)#router bgp 65001

PE2(config-router)#address-family ipv4 vrf Cust-A
PE2(config-router-af)#redistribute eigrp 1
PE2(config-router-af)#address-family ipv4 vrf Cust-B
PE2(config-router-af)#redistribute eigrp 1
PE2(config-router-af)#router eigrp 65001
PE2(config-router)#address-family ipv4 vrf Cust-A
PE2(config-router-af)#redistribute bgp 65001 metric 10000 1000 255 1 1500
PE2(config-router-af)#address-family ipv4 vrf Cust-B
PE2(config-router-af)#redistribute bgp 65001 metric 5000 500 255 1 1500

The BGP tables show only locally injected routes, no routes for the prefixes on
the other side of the MPLS cloud:

PE1#show ip bgp vpnv4 all

BGP table version is 3, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:111 (default for vrf CUST-A)
*> 10.1.1.0/24 192.168.15.5 156160 32768 ?
Route Distinguisher: 2:222 (default for vrf CUST-B)
*> 10.2.2.0/24 192.168.16.2 156160 32768 ?
PE1#

PE2#show ip bgp vpnv4 all

BGP table version is 3, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
 Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:111 (default for vrf CUST-A)
*> 10.3.3.0/24 192.168.37.6 156160 32768 ?
Route Distinguisher: 2:222 (default for vrf CUST-B)
*> 10.3.3.0/24 192.168.38.2 156160 32768 ?
PE2#

PE1#show ip bgp vpnv4 rd 1:111

BGP table version is 3, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:111 (default for vrf CUST-A)
*> 10.1.1.0/24 192.168.15.5 156160 32768 ?
PE1#

Configuration MP-BGP Between PEs routers:

PE1(config)#router bgp 65001

PE1(config-router)#neighbor 3.3.3.3 remote-as 65001
PE1(config-router)#neighbor 3.3.3.3 update-source loop0
PE1(config-router)#address-family vpnv4
PE1(config-router-af)#neighbor 3.3.3.3 activate
PE1(config-router-af)#neighbor 3.3.3.3 send-community

PE2(config)#router bgp 65001

PE2(config-router)#neighbor 1.1.1.1 remote-as 65001
PE2(config-router)#neighbor 1.1.1.1 update-source loop0
PE2(config-router)#address-family vpnv4
PE2(config-router-af)#neighbor 1.1.1.1 activate
PE2(config-router-af)#neighbor 1.1.1.1 send-community

Verify the BGP neighbor:

PE1#show ip bgp summary

BGP router identifier 1.1.1.1, local AS number 65001
BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down

State/PfxRcd
3.3.3.3 4 65001 12 12 1 0 0 00:04:43
0
PE1#

Verify the per-RD BGP table. And we can see the overlapping 10.3.3.0/24 part of
the two customers’ address spaces:

PE1#show ip bgp vpnv4 all

BGP table version is 7, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
 Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:111 (default for vrf CUST-A)
*> 10.1.1.0/24 192.168.15.5 156160 32768 ?
*>i 10.3.3.0/24 3.3.3.3 156160 100 0 ?
Route Distinguisher: 2:222 (default for vrf CUST-B)
*> 10.2.2.0/24 192.168.16.2 156160 32768 ?
*>i 10.3.3.0/24 3.3.3.3 156160 100 0 ?
PE1#

PE2#show ip bgp vpnv4 all

BGP table version is 7, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:111 (default for vrf CUST-A)
*>i 10.1.1.0/24 1.1.1.1 156160 100 0 ?
*> 10.3.3.0/24 192.168.37.6 156160 32768 ?
Route Distinguisher: 2:222 (default for vrf CUST-B)
*>i 10.2.2.0/24 1.1.1.1 156160 100 0 ?
*> 10.3.3.0/24 192.168.38.2 156160 32768 ?
PE2#

Verify the the per-VRF routing tables of PEs routers:

PE1#show ip route vrf CUST-A | beg Gate

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 2 subnets

D 10.1.1.0 [90/156160] via 192.168.15.5, 00:58:13, FastEthernet0/0
B 10.3.3.0 [200/156160] via 3.3.3.3, 00:06:20
192.168.15.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.15.0/24 is directly connected, FastEthernet0/0
L 192.168.15.1/32 is directly connected, FastEthernet0/0
PE1#
PE1#show ip route vrf CUST-B | beg Gate
Gateway of last resort is not set

10.0.0.0/24 is subnetted, 2 subnets

D 10.2.2.0 [90/156160] via 192.168.16.2, 00:25:35, FastEthernet0/1
B 10.3.3.0 [200/156160] via 3.3.3.3, 00:06:24
192.168.16.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.16.0/24 is directly connected, FastEthernet0/1
L 192.168.16.1/32 is directly connected, FastEthernet0/1
PE1#

Verify that the customer routers have learned the routes from each customer router
in the same VRF:

CE_A1#show ip route eigrp | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

D 10.3.3.0/24 [90/158720] via 192.168.15.1, 00:10:57, FastEthernet0/0
CE_A1#
CE_A2# show ip route eigrp | beg Gate
Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

D 10.1.1.0/24 [90/158720] via 192.168.37.3, 00:12:21, FastEthernet0/1
CE_A2#

CE_B1#show ip route eigrp | beg Gate

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

D 10.3.3.0/24 [90/158720] via 192.168.16.1, 00:13:29, FastEthernet0/1
CE_B1#

Verify the connectivity between customers:

CE_A1#ping 10.3.3.1 sou 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.3.3.1, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 220/264/296 ms
CE_A1#

CE_B1#ping 10.3.3.1 sou 10.2.2.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.3.3.1, timeout is 2 seconds:
Packet sent with a source address of 10.2.2.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 232/269/312 ms
CE_B1#