CE-PE Routing: Configuring
Static route
·
There
are many options for CE-PE routing.
·
In
this post, let me configure a basic static route for routing between CE-PE
VRF Configuration:
PE1:
PE1(config)#ip
vrf VPN_A
PE1(config-vrf)#rd
100:1
PE1(config-vrf)#route-target
both 100:1
PE1(config-vrf)#do show run int ser1/0
Building
configuration...
Current
configuration : 87 bytes
!
interface
Serial1/0
ip address 10.1.13.3 255.255.255.0
serial restart-delay 0
end
PE1(config-vrf)#int
ser1/0
PE1(config-if)#ip
vrf forwarding VPN_A
%
Interface Serial1/0 IP address 10.1.13.3 removed due to enabling VRF VPN_A
PE1(config-if)#ip
address 10.1.13.3 255.255.255.0
PE1(config-if)#do ping vrf VPN_A 10.1.13.1
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 10.1.13.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 4/17/44 ms
PE1(config-if)#
CE1:
CE1(config-if)#do show run int ser1/0
Building
configuration...
Current
configuration : 87 bytes
!
interface
Serial1/0
ip address 10.1.13.1 255.255.255.0
serial restart-delay 0
end
CE1(config-if)#do ping 10.1.13.3
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 10.1.13.3, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 4/25/44 ms
CE1(config-if)#
Observation:
·
CE1-PE1
link is up
PE1:
PE2(config-router-af)#ip
vrf VPN_A
PE2(config-vrf)#rd
100:1
PE2(config-vrf)#route-target
both 100:1
PE2(config-vrf)#do show run int ser1/0
Building
configuration...
Current
configuration : 87 bytes
!
interface
Serial1/0
ip address 10.1.24.4 255.255.255.0
serial restart-delay 0
end
PE2(config-vrf)#int
ser1/0
PE2(config-if)#do
show run int ser1/0
Building
configuration...
Current
configuration : 87 bytes
!
interface
Serial1/0
ip address 10.1.24.4 255.255.255.0
serial restart-delay 0
end
PE2(config-if)#ip
vrf forwarding VPN_A
%
Interface Serial1/0 IP address 10.1.24.4 removed due to enabling VRF VPN_A
PE2(config-if)#ip
address 10.1.24.4 255.255.255.0
PE2(config-if)#do ping vrf VPN_A 10.1.24.2
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 10.1.24.2, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 4/16/36 ms
PE2(config-if)#
CE2:
CE2(config-if)#do show run int ser1/0
Building
configuration...
Current
configuration : 87 bytes
!
interface
Serial1/0
ip address 10.1.24.2 255.255.255.0
serial restart-delay 0
end
CE2(config-if)#do ping 10.1.24.4
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 10.1.24.4, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 4/24/64 ms
CE2(config-if)#
Observation:
·
CE2-PE2
link is up
IGP-OSPF Configuration
between PE1-PE2:
PE1(config-if)#do
show run | begin router ospf
router
ospf 1
router-id 3.3.3.3
log-adjacency-changes
network 3.3.3.3 0.0.0.0 area 0
network 100.1.34.3 0.0.0.0 area 0
!
PE2(config-if)#do
show run | begin router ospf
router
ospf 1
router-id 4.4.4.4
log-adjacency-changes
network 4.4.4.4 0.0.0.0 area 0
network 100.1.34.4 0.0.0.0 area 0
!
MP-iBGP configuration
between PE1-PE2:
PE1(config)#do
show run | begin router bgp
router
bgp 100
bgp router-id 3.3.3.3
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 4.4.4.4 remote-as 100
neighbor 4.4.4.4 update-source Loopback0
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
exit-address-family
!
address-family ipv4 vrf VPN_A
redistribute connected
redistribute static
no synchronization
exit-address-family
!
PE2(config-router-af)#do
show run | begin router bgp
router
bgp 100
bgp router-id 4.4.4.4
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
!
address-family ipv4 vrf VPN_A
redistribute connected
redistribute static
no synchronization
exit-address-family
!
Configuring MPLS in
the Core (between PE1-PE2):
PE1(config)#int
ser1/1
PE1(config-if)#mpls
ip
PE1(config-if)#
PE2(config)#int
ser1/1
PE2(config-if)#mpls
ip
PE2(config-if)#
Configuring vrf static
route in PE1 to reach CE1’s loopback:
PE1(config)#ip route vrf VPN_A 1.1.1.0 255.255.255.0 ser1/0
PE1(config)#ip route vrf VPN_A 11.11.11.0 255.255.255.0 ser1/0
PE1(config)#do
ping vrf VPN_A 1.1.1.1
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 4/24/68 ms
PE1(config)#do
ping vrf VPN_A 11.11.11.11
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 4/30/104 ms
PE1(config)#
Observation:
·
PE1
can reach CE1’s loopback0 and loopback1
Configuring vrf static
route in PE2 to reach CE2’s loopback:
PE2(config)#ip route vrf VPN_A 2.2.2.0 255.255.255.0 ser1/0
PE2(config)#ip route vrf VPN_A 22.22.22.0 255.255.255.0 ser1/0
PE2(config)#do
ping vrf VPN_A 2.2.2.2
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 16/37/92 ms
PE2(config)#do
ping vrf VPN_A 22.22.22.22
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 4/24/56 ms
PE2(config)#
Observation:
·
PE2
can reach CE2’s loopback0 and loopback1
CE1(config)#ip
route 0.0.0.0 0.0.0.0 ser1/0
CE1(config)#
Configuring
a default route in CE2 towards PE2:
CE2(config)#ip
route 0.0.0.0 0.0.0.0 ser1/0
CE2(config)#
Verification:
CE1#ping
2.2.2.2
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 12/38/124 ms
CE1#
CE1#ping
22.22.22.22
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 12/44/120 ms
CE1#
PE1(config-if)#do
ping vrf VPN_A 2.2.2.2
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 8/37/80 ms
PE1(config-if)#
PE1(config-if)#do
ping vrf VPN_A 22.22.22.22
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 8/40/104 ms
PE1(config-if)#
CE2#ping
1.1.1.1
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 16/46/96 ms
CE2#
CE2#ping
11.11.11.11
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 16/48/132 ms
CE2#
PE2#ping
vrf VPN_A 1.1.1.1
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 4/46/144 ms
PE2#
PE2#ping
vrf VPN_A 11.11.11.11
Type
escape sequence to abort.
Sending
5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
!!!!!
Success
rate is 100 percent (5/5), round-trip min/avg/max = 8/38/112 ms
PE2#
Observations:
·
CE1
is successfully reaching CE2’s loopback0 and loopback1 (2.2.2.2, 22.22.22.22)
·
CE2
is successfully reaching CE1’s loopback0 and loopback1 (1.1.1.1, 11.11.11.11)
BGP
Table in PE1 and PE2:
PE1(config)#do show
ip bgp vpnv4 all sum
BGP
router identifier 3.3.3.3, local AS number 100
BGP
table version is 13, main routing table version 13
6
network entries using 936 bytes of memory
6
path entries using 408 bytes of memory
3/2
BGP path/bestpath attribute entries using 504 bytes of memory
1
BGP extended community entries using 24 bytes of memory
0
BGP route-map cache entries using 0 bytes of memory
0
BGP filter-list cache entries using 0 bytes of memory
Bitfield
cache entries: current 1 (at peak 1) using 32 bytes of memory
BGP
using 1904 total bytes of memory
BGP
activity 6/0 prefixes, 6/0 paths, scan interval 15 secs
Neighbor V AS MsgRcvd MsgSent TblVer
InQ OutQ Up/Down State/PfxRcd
4.4.4.4 4 100
78 78 13
0 0 01:11:44 3
PE1(config)#do show
ip bgp vpnv4 all
BGP
table version is 13, local router ID is 3.3.3.3
Status
codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin
codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route
Distinguisher: 100:1 (default for vrf VPN_A)
*>
1.1.1.0/24 0.0.0.0 0 32768 ?
*>i2.2.2.0/24 4.4.4.4 0 100
0 ?
*>
10.1.13.0/24 0.0.0.0 0 32768 ?
*>i10.1.24.0/24 4.4.4.4 0 100
0 ?
*>
11.11.11.0/24 0.0.0.0 0 32768 ?
*>i22.22.22.0/24 4.4.4.4 0 100
0 ?
PE1(config)#
PE2(config)#do show
ip bgp vpnv4 all sum
BGP
router identifier 4.4.4.4, local AS number 100
BGP
table version is 13, main routing table version 13
6
network entries using 936 bytes of memory
6
path entries using 408 bytes of memory
3/2
BGP path/bestpath attribute entries using 504 bytes of memory
1
BGP extended community entries using 24 bytes of memory
0
BGP route-map cache entries using 0 bytes of memory
0
BGP filter-list cache entries using 0 bytes of memory
Bitfield
cache entries: current 1 (at peak 1) using 32 bytes of memory
BGP
using 1904 total bytes of memory
BGP
activity 6/0 prefixes, 6/0 paths, scan interval 15 secs
Neighbor V AS MsgRcvd MsgSent TblVer
InQ OutQ Up/Down State/PfxRcd
3.3.3.3 4 100
78 78
13 0 0 01:12:28 3
PE2(config)#
PE2(config)#
PE2(config)#do show
ip bgp vpnv4 all
BGP
table version is 13, local router ID is 4.4.4.4
Status
codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin
codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route
Distinguisher: 100:1 (default for vrf VPN_A)
*>i1.1.1.0/24 3.3.3.3 0 100 0 ?
*>
2.2.2.0/24 0.0.0.0 0 32768 ?
*>i10.1.13.0/24 3.3.3.3 0 100
0 ?
*>
10.1.24.0/24 0.0.0.0 0 32768 ?
*>i11.11.11.0/24 3.3.3.3 0 100
0 ?
*>
22.22.22.0/24 0.0.0.0 0 32768 ?
PE2(config)#
PE2(config)#
