Connectivity from Remote sites back to a Data center via MPLS

I wanted to blog a bit about MPLS connectivity.  I have been studying a ton of this lately for the lab, I blogged a few months ago about VRF’s connectivity through EIGRP and that was fairly straight forward.  The nice thing about MPLS is being able to send routes from each site back to each remote sites or even to a Datacenter.  This quick lab will have 2 remote sites which will send their prefixes through a MPLS VPN back to a data center to provide connectivity.

Here is our logical topology.

Image

Here is what everything Looks like with our MPLS routers and each subnet/prefix of each remote site.

Image

If this looks familiar to anyone this is part of INE’s topology.

The first thing we want to do is establish connectivity through our VRF’s handing out from or
PE to CE routers. For example R6,R1 and R5 are all PE routers. They will each need a interface
in a VRF handed out to its respecitive CE router. That VRF will participate in BGP on both
ends the CE side and PE side.

Every configuration is similar we will do R1 for example.

#create a VRF and set a RD and route target import and export both
ip vrf vpn
rd 1:1
route-target export 1:1
route-target import 1:1
!
#Put the interface which hands off to CE/Remote site 2 into
vrf vpn
interface Serial0/1
ip vrf forwarding vpn
ip address 155.1.13.1 255.255.255.0
#Create our bgp peering within our VRF
Router bgp 1
address-family ipv4 vrf vpn
address-family ipv4 vrf vpn
neighbor 155.1.13.3 remote-as 100
neighbor 155.1.13.3 activate
neighbor 155.1.13.3 default-originate
neighbor 155.1.13.3 as-override

In this example we need to use as-override, for reasons that for
each site we are planning on using the same AS#. Each remote site is within AS100.

On the PE side.

interface Serial1/2
ip address 155.1.13.3 255.255.255.0
serial restart-delay 0
clock rate 64000
!
router bgp 100
no synchronization
bgp log-neighbor-changes
network 192.168.4.0 mask 255.255.255.0
neighbor 155.1.13.1 remote-as 1
no auto-summary

Remote site 2 CE router has no idea it is in a VRF. From its point of view it is connecting to
anoter AS#.

Step 2 is going to be enabling MPLS within each interface in our MPLS cloud. Then creating a
BGP connection to each router within the MPLS cloud.

R6

ip cef
mpls ip
!
interface FastEthernet0/0.146
encapsulation dot1Q 146
ip address 155.1.146.6 255.255.255.0
mpls ip
end
!
router eigrp 100
network 150.1.0.0
network 155.1.0.0
no auto-summary
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 150.1.1.1 remote-as 1
neighbor 150.1.1.1 update-source Loopback0
neighbor 150.1.4.4 remote-as 1
neighbor 150.1.4.4 update-source Loopback0
neighbor 150.1.5.5 remote-as 1
neighbor 150.1.5.5 update-source Loopback0
!
address-family vpnv4
neighbor 150.1.1.1 activate
neighbor 150.1.1.1 send-community both
neighbor 150.1.4.4 activate
neighbor 150.1.4.4 send-community both
neighbor 150.1.5.5 activate
neighbor 150.1.5.5 send-community extended
exit-address-family

Theres plenty of config here. First CEF has to be turned on. MPLS ip on the global
configuration has to be turned on in order to turn on MPLS.

Each interface we want to send LDP MPLS packets out of MPLS has to be turned on as well.
Since I have a 155.1.146.0/24,155.1.45.0/24 networks and each bgp router needs connectivity to
each others loopback to peer with I had to run a IGP in between them, EIGRP is quick and
simple.

The first section of config is to setup a BGP session for each routers ie

router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 150.1.1.1 remote-as 1
neighbor 150.1.1.1 update-source Loopback0
!
#the next is to setup MP-BGP
!
address-family vpnv4
neighbor 150.1.1.1 activate
neighbor 150.1.1.1 send-community both
neighbor 150.1.4.4 activate

What this does is activates each neighbor for MP-BGP next what it does is sends the VRF RT plus
prefix across to each router within the MPLS Cloud. For example.
Going to R6 another PE router. We can see we are learning a prefix for 192.168.3.0/24 from R1.
We are passing the Extended community string of the RT 1:1 and a MPLS label.

Rack1R6#sh bgp vpnv4 unicast all 192.168.4.0
BGP routing table entry for 1:1:192.168.4.0/24, version 18
Paths: (1 available, best #1, table vpn)
Flag: 0x820
Advertised to update-groups:
1
100
150.1.1.1 (metric 156160) from 150.1.1.1 (150.1.1.1)
Origin IGP, metric 0, localpref 100, valid, internal, best
Extended Community: RT:1:1
mpls labels in/out nolabel/24

This is extremely flexible as we do not have to have the Same VRF on each and every router.
This topology is small. In a cloud full of 10,20 or 30 plus routers not having to span the
same VRF everywhere is huge.

Now going to our data center side we should see a 192.168.4.0/24 network again.
Data Center as it is…

Datacenter#sh ip bgp 192.168.4.0/24
BGP routing table entry for 192.168.4.0/24, version 17
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
Not advertised to any peer
1 1, (received & used)
155.1.58.5 from 155.1.58.5 (150.1.5.5)
Origin IGP, localpref 100, valid, external, best

And we see this prefix being advertised from R5 like it was directly peered connecting to it.

Now our final part of this configuration. To hand out a default route out to each site and
have each one of our prefixex handed out to the data center. I would not like each site to see
each sites prefixs only a default route to each others respected PE routers. This
configuration will be applied on the PE side of course.

For example on R1 for simplicity
ip prefix-list defaultonly seq 5 permit 0.0.0.0/0
!
address-family ipv4 vrf vpn
neighbor 155.1.13.3 remote-as 100
neighbor 155.1.13.3 activate
neighbor 155.1.13.3 default-originate
neighbor 155.1.13.3 as-override
neighbor 155.1.13.3 prefix-list defaultonly out
no synchronization

The easiest thing to do here is create a prefix list that only allows a default route. So it will allow 0.0.0.0/0 and nothing else.

From Remote site 2’s view…

Remote2#sh ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 155.1.13.1 0 0 1 i
*> 192.168.4.0 0.0.0.0 0 32768 i

BGP wise all I see is my default route and the nextwork which I am advertising. Now the Datacenter side should see everything.

Datacenter#sh ip bgp
BGP table version is 26, local router ID is 150.1.8.8
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network Next Hop Metric LocPrf Weight Path
*> 0.0.0.0 155.1.58.5 0 0 1 i
*> 192.168.1.0 155.1.58.5 0 1 1 i
*> 192.168.2.0 155.1.58.5 0 1 1 i
*> 192.168.3.0 155.1.58.5 0 1 1 i
*> 192.168.4.0 155.1.58.5 0 1 1 i

I have all my routes, they are being sent from the mpls cloud from the datacenters PE router. Now the odd part here is the origin of the perfixes. 1 1 i, this is due to the as-overide feature. As remote site 1 and remote site 2 are looked at to becoming from AS1 and not AS100. ANother way to get around this would be to use a different AS# per site or use some sort of local-as trickery.

Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: