MPLS VPN Checklist

By Humphrey Cheung and the Southern California Router Gods Meetup Group (www.routergods.com)
Updated October 9 2010

Section I - Foundation

Provider router IP Addresses

Configure IP addresses and “no shut” on all provider router

interfaces
Verify next-hop reachability ping

Provider IGP (here we assume OSPF)

Configure an interior gateway routing protocol on all router ospf 1

provider routers network 0.0.0.0 0.0.0.0 area 0
Passive interface as needed (all interfaces pointed towards router ospf 1
customers) passive-interface fast 0/0
Verify provider edge to provider edge reachability ping

Provider MPLS

Start MPLS on provider router interfaces Int fast 0/0

DON’T start MPLS on interfaces facing the customer mpls ip
Verify MPLS neighbors and bindings show mpls ldp discovery
show mpls ldp neighbor
show mpls forwarding-table

Provider BGP

Configure basic BGP peering between provider edge router bgp 1

routers no bgp default ipv4-unicast
neighbor xxxxx remote-as 1
For single customer setups, you don’t need “no bgp default” neighbor xxxxx update-source loopback 0
Verify BGP peering show ip bgp summary
(if you used “no bgp default” then nothing will show)

Section II – Start MP-BGP on Provider Edge routers

Start MP-BGP on all necessary provider routers (config)# router bgp 1

(config-router)# address-family vpnv4
(config-router)# neighbor xxxx activate
(config-router)#neighbor xxxx next-hop-self
(config-router)# neighbor xxxx send-community extended
Verify MP-BGP show ip bgp neighbor xxxxx

Section III – VRF Configuration

Create VRFs on provider edge routers (config)# ip vrf CustA

Start VRF forwarding on provider edge interfaces
This associates the VRF with the interface
 Notice the IP is removed, you have to re-type it in
Verify VRF creation
(config-vrf)# rd 1:100
(config-vrf)# route-target export 1:10
(config-vrf)# route-target import 1:20
(config)# int fast 0/0
(config-if)# ip vrf forwarding CustA
(config-if)# ip address 172.16.10.1 255.255.255.0
show ip vrf detail
Section IV – Provider to Customer routing configuration

For Static routes, use this table

On PE routers, configure static route pointing to customer ip route vrf CustA 10.10.10.0 255.255.255.0 172.16.10.2
Redistribute static route into MP-BGP Router bgp 1
Address-family ipv4 vrf CustA
Redistribute connected
Redistribute static
Exit-address-family
Verify routes are in the vrf routing table show ip route vrf CustA
show bgp vpnv4 unicast all
show ip bgp vpnv4 rd 1:100
show ip bgp vpnv4 rd 1:100 labels

For RIP routes, use this table

On PE routers, configure vrf-aware RIP Router rip

Address-family ipv4 vrf CustA
For the network statement, you will include the link that Redistribute bgp 1 metric 2
connects to the customer Network x.x.x.x
No auto
Version 2
Exit
Redistribute RIP into BGP Router bgp 1
Address-family ipv4 vrf CustA
Redistribute rip
Exit
Verify routes are in the VRF routing table show ip route vrf CustA
show bgp vpnv4 unicast all
show ip bgp vpnv4 rd 1:100
show ip bgp vpnv4 rd 1:100 labels

For OSPF routes, use this table

On PE routers, configure VRF-aware OSPF Router ospf 2 vrf CustA

Ospf process/router-id must be unique between vrfs Router-id 1.1.1.12
If you only have one VRF, you don’t need router-id Network 172.16.10.0 0.0.0.255 area 0
Redistribute bgp 1 subnets
Redistribute OSPF into BGP Router bgp 1
Address-family ipv4 vrf CustA
Redistribute ospf 2 vrf CustA match internal external 1 external 2
Verify routes are in the VRF routing table show ip route vrf CustA
show ip ospf database | I Process

For BGP routes, use this table

On PE routers, configure eBGP peering router bgp 1

Usually done with private-AS numbers address-family ipv4 vrf CustA
redistribute connected
If customer sites are in same ASN, use as-override neighbor CUSTOMERIP remote-as 65001
neighbor CUSTOMERIP activate
neighbor CUSTOMERIP as-override
Redistribution is automatic into MP-BGP 

Verify BGP peering and routes are in BGP table show ip bgp summary
show ip route
Section V – Customer to Provider router configuration

For Static Routes

Configure IP addresses and “no shut” on all interfaces

Configure static routes towards PE routers ip route 0.0.0.0 0.0.0.0 172.16.10.1
Verify connectivity to other customer router ping
trace

For RIP

Configure IP addresses and “no shut” on all interfaces

Configure RIP as usual router rip
no auto
ver 2
network 0.0.0.0
Verify connectivity and routing protocol show ip protocol
show ip route
ping
trace

For OSPF

Configure IP addresses and “no shut” on all interfaces

Configure OSPF router ospf 1
network 0.0.0.0 0.0.0.0 area 0
Verify connectivity and routing protocol show ip prot
show ip route
show ip ospf neighbor
ping

For BGP

Configure IP addresses and “no shut” on all interfaces

Configure eBGP router bgp 65001
neighbor (PROVIDERIP) remote-as 65001
Use allowas if you didn’t use as-override on PE router neighbor (PROVIDERIP) allowas-in num
Verify connectivity and routing protocol ping the other side
show ip route
show ip bgp summary

Miscellaneous

Hide provider routers from traceroute - no mpls ip propagate-ttl

Topologies

Single customer

Two customers