You are on page 1of 15

MPLS VPN for different path on

Cisco Routers
• Base MPLS vpn architecture
• Solution for different path from each
VRF.
Contact
alco.t42@gmail.com
+886-920-891-782

PHY link
Loopback
R1 9.9.1.1/32

R1

R2 9.9.2.2/32
.1

R3 9.9.3.3/32

9.9.12.0/24

R4 9.9.4.4/32
R5 9.9.5.5/32

.2

R2
.2

.2
9.9.23.0/24

9.9.24.0/24
.4

.3

R4
.4
9.9.45.0/24

.4
.5

R5

9.9.34.0/24

.3

R3

VRF
A

!
ip vrf A
rd 99:1
route-target export 99:1
route-target import 99:1
route-target import 99:3
route-target import 99:5
!
ip vrf B
rd 99:11
route-target export 99:11
route-target import 99:11
route-target import 99:4
!

B

R1

R2

R4

R3

A
R5

B

!
interface Loopback99
ip vrf forwarding A
ip address 192.168.11.1 255.255.255.0
!
interface Loopback199
ip vrf forwarding B
ip address 192.168.111.1 255.255.255.0
!

!
ip vrf A
rd 99:3
route-target export 99:3
route-target import 99:3
route-target import 99:1
route-target import 99:5
!
ip vrf B
rd 99:4
route-target export 99:4
route-target import 99:4
route-target import 99:11
!
!

!
interface Loopback99
ip vrf forwarding A
ip address 192.168.33.33 255.255.255.0
!
interface Loopback199
ip vrf forwarding B
ip address 192.168.33.3 255.255.255.0
!

BGP ASN

ALL router in the same AS

R1

R2

R4

R3

R5

OSPF area 0
R1
router ospf 1
log-adjacency-changes
network 9.9.0.0 0.0.255.255 area 0
!

R2
R1(config-router-af)#do sh ip os ne
Neighbor ID Pri State
9.9.24.2
1 FULL/DR
R1(config-router-af)#

R4

Dead Time Address
00:00:33 9.9.12.2

Interface
FastEthernet0/0.12

R3

OSPF cost 200
R5

O
9.9.5.5/32 [110/4] via 9.9.12.2, 16:14:12, FastEthernet0/0.12
O
9.9.4.4/32 [110/3] via 9.9.12.2, 16:14:12, FastEthernet0/0.12
O
9.9.3.3/32 [110/3] via 9.9.12.2, 16:14:12, FastEthernet0/0.12
O
9.9.2.2/32 [110/2] via 9.9.12.2, 16:14:12, FastEthernet0/0.12
C
9.9.1.1/32 is directly connected, Loopback0
C
9.9.12.0/24 is directly connected, FastEthernet0/0.12
O
9.9.23.0/24 [110/2] via 9.9.12.2, 16:14:12, FastEthernet0/0.12
O
9.9.24.0/24 [110/2] via 9.9.12.2, 16:14:12, FastEthernet0/0.12
O
9.9.34.0/24 [110/3] via 9.9.12.2, 16:14:12, FastEthernet0/0.12
O
9.9.45.0/24 [110/3] via 9.9.12.2, 16:14:12, FastEthernet0/0.12
R1(config-router-af)#

MPLS LDP enable interfaces
R1

R2

R4

R3

R5

R2(config-subif)#do sh mpls ld nei
Peer LDP Ident: 9.9.1.1:0; Local LDP Ident 9.9.2.2:0
TCP connection: 9.9.1.1.646 - 9.9.2.2.21205
State: Oper; Msgs sent/rcvd: 1142/1143; Downstream
Up time: 16:30:20
LDP discovery sources:
FastEthernet0/0.12, Src IP addr: 9.9.12.1
Addresses bound to peer LDP Ident:
9.9.12.1
9.9.1.1
Peer LDP Ident: 9.9.3.3:0; Local LDP Ident 9.9.2.2:0
TCP connection: 9.9.3.3.61681 - 9.9.2.2.646
State: Oper; Msgs sent/rcvd: 1140/1143; Downstream
Up time: 16:29:19
LDP discovery sources:
FastEthernet0/0.23, Src IP addr: 9.9.23.3
Addresses bound to peer LDP Ident:
9.9.23.3
9.9.34.3
9.9.3.3
Peer LDP Ident: 9.9.4.4:0; Local LDP Ident 9.9.2.2:0
TCP connection: 9.9.4.4.61384 - 9.9.2.2.646
State: Oper; Msgs sent/rcvd: 1149/1142; Downstream
Up time: 16:29:12
LDP discovery sources:
FastEthernet0/0.24, Src IP addr: 9.9.24.4
Addresses bound to peer LDP Ident:
9.9.24.4
9.9.45.4
9.9.4.4
9.9.34.4
R2(config-subif)#

R2(config-subif)#do sh mpls for
Local Outgoing Prefix
Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id
switched interface
16 Pop tag 9.9.34.0/24
0
Fa0/0.23 9.9.23.3
17 Pop tag 9.9.4.4/32
125421 Fa0/0.24 9.9.24.4
18 Pop tag 9.9.45.0/24
0
Fa0/0.24 9.9.24.4
19 Pop tag 9.9.1.1/32
374038 Fa0/0.12 9.9.12.1
20 20
9.9.5.5/32
143242 Fa0/0.24 9.9.24.4
21 Pop tag 9.9.3.3/32
280354 Fa0/0.23 9.9.23.3
R2(config-subif)#

MP-iBGP peer
ASN is 9

RR

R1
router bgp 9
no synchronization
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 9.9.0.5 remote-as 9
neighbor 9.9.3.3 remote-as 9
neighbor 9.9.3.3 update-source Loopback0
neighbor 9.9.5.5 remote-as 9
neighbor 9.9.5.5 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 9.9.3.3 activate
neighbor 9.9.3.3 send-community extended
neighbor 9.9.3.3 route-reflector-client
neighbor 9.9.5.5 activate
neighbor 9.9.5.5 send-community extended
neighbor 9.9.5.5 route-reflector-client
exit-address-family
!

R1

R2

R4

R3

R5

Show ip bgp vp all summary
Neighbor
V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
9.9.3.3
4 9 1069 1110
13 0 0 14:43:11
2
9.9.5.5
4 9 1050 1095
13 0 0 14:43:10
1
R1(config-router-af)#

VRF traffic flow
A

R1(config-router-af)#do sh ip ro vrf A
C 192.168.11.0/24 is directly connected, Loopback99
B 192.168.55.0/24 [200/0] via 9.9.5.5, 14:46:30
B 192.168.33.0/24 [200/0] via 9.9.3.3, 14:46:30

B

R1(config-router-af)#do sh ip ro vrf B
C 192.168.111.0/24 is directly connected, Loopback199
B 192.168.33.0/24 [20/0] via 9.9.3.3, 01:23:12
R1(config-router-af)#

R1

R2

R4

R3

A

B

R5
R2(config-subif)#
21 Pop tag 9.9.3.3/32
R2(config-subif)#

287059

Fa0/0.23 9.9.23.3

R1(config-router-af)#do sh mpls for
Local Outgoing Prefix
Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id
switched interface
16 Pop tag 9.9.24.0/24
0
Fa0/0.12 9.9.12.2
17 Pop tag 9.9.23.0/24
0
Fa0/0.12 9.9.12.2
18 Pop tag 9.9.2.2/32
0
Fa0/0.12 9.9.12.2
19 17
9.9.4.4/32
0
Fa0/0.12 9.9.12.2
20 16
9.9.34.0/24
0
Fa0/0.12 9.9.12.2
21 18
9.9.45.0/24
0
Fa0/0.12 9.9.12.2
22 20
9.9.5.5/32
0
Fa0/0.12 9.9.12.2
23 21
9.9.3.3/32
0
Fa0/0.12 9.9.12.2

sh ip cef vrf A de
192.168.33.0/24, version 13, epoch 0, cached adjacency 9.9.12.2
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Fa0/0.12, 9.9.12.2, tags imposed: {21 23}
via 9.9.3.3, 0 dependencies, recursive
next hop 9.9.12.2, FastEthernet0/0.12 via 9.9.3.3/32
valid cached adjacency
tag rewrite with Fa0/0.12, 9.9.12.2, tags imposed: {21 23}

We want different path for vrf
B

A

R1

R2

R4

R3

A
R5

B

Cisco TE is base on LDP, it’s IGP
For the same destination only one path.
But How ??

The MP-EBGP peer from R4
MP-EBGP
MP-iBGP
R1

RR

R2
AS65001
R4

R3

R5

R1
router bgp 9
no synchronization
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 9.9.0.5 remote-as 9
neighbor 9.9.3.3 remote-as 9
neighbor 9.9.3.3 update-source Loopback0
neighbor 9.9.4.4 remote-as 65001
neighbor 9.9.4.4 ebgp-multihop 255
neighbor 9.9.4.4 update-source Loopback0
neighbor 9.9.5.5 remote-as 9
neighbor 9.9.5.5 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 9.9.3.3 activate
neighbor 9.9.3.3 send-community extended
neighbor 9.9.3.3 route-reflector-client
neighbor 9.9.4.4 activate
neighbor 9.9.4.4 send-community extended
neighbor 9.9.4.4 weight 300
neighbor 9.9.4.4 allowas-in
neighbor 9.9.5.5 activate
neighbor 9.9.5.5 send-community extended
neighbor 9.9.5.5 route-reflector-client
exit-address-family
!

Show ip bgp vp all summary

Neighbor
9.9.3.3
9.9.4.4
9.9.5.5

V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
4 9 1134 1175
13 0 0 15:48:40
2
4 65001 1096 1129
13 0 0 15:48:40
1
4 9 1115 1160
13 0 0 15:48:39
1

R1(config-router-af)#

Show result for VRF A on R1
B

Route Distinguisher: 99:11 (default for vrf B)
*> 192.168.33.0 9.9.4.4
300 65001 9 ?
*> 192.168.111.0 0.0.0.0
0
32768 ?
R1(config-router-af)#

A

R1#sh ip cef vrf A 192.168.33.0 de
192.168.33.0/24, version 10, epoch 0, cached adjacency 9.9.12.2
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Fa0/0.12, 9.9.12.2, tags imposed: {205 409}
via 9.9.4.4, 0 dependencies, recursive
next hop 9.9.12.2, FastEthernet0/0.12 via 9.9.4.4/32
valid cached adjacency
tag rewrite with Fa0/0.12, 9.9.12.2, tags imposed: {205 409}
R1#

R1

R2

R1#sh mpls for | i 205
105 205
9.9.4.4/32
R1#

R4

Fa0/0.12 9.9.12.2

R3

A

R5

0

R3#sh mpls for | i 309
309 Aggregate 192.168.33.0/24[V] \
R3#

B

R2#sh mpls for | i 205
205 Pop tag 9.9.4.4/32
R2#

3732947

Fa0/0.24 9.9.24.4

R4(config-router-af)#do sh ip bgp vp all la
Network
Next Hop
In label/Out label
Route Distinguisher: 99:3
192.168.33.0 9.9.34.3
409/309

Show result for VRF B on R1
B

R1#sh ip bgp vp vrf B
Network
Next Hop
Metric LocPrf Weight Path
Route Distinguisher: 99:11 (default for vrf B)
*> 192.168.111.0 0.0.0.0
0
32768 ?
*>i192.168.133.0 9.9.3.3
0 100
0?
*>i192.168.155.0 9.9.5.5
0 100
0?
R1#

A

R1#sh ip cef vrf B 192.168.133.0 de
192.168.133.0/24, version 17, epoch 0, cached adjacency 9.9.12.2
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Fa0/0.12, 9.9.12.2, tags imposed: {203 310}
via 9.9.3.3, 0 dependencies, recursive
next hop 9.9.12.2, FastEthernet0/0.12 via 9.9.3.3/32
valid cached adjacency
tag rewrite with Fa0/0.12, 9.9.12.2, tags imposed: {203 310}
R1#

R1

R2

R4

R3

A
R5
R2#sh mpls for | i 203
203 Pop tag 9.9.3.3/32
R2#

3728767

Fa0/0.23 9.9.23.3

B

R3#sh mpls for | i 310
310 Aggregate 192.168.133.0/24[V] \
R3#sh ip bgp vp vrf B 192.168.133.0
BGP routing table entry for 99:33:192.168.133.0/24, version 5
Paths: (1 available, best #1, table B)
Advertised to update-groups:
2
Local
0.0.0.0 from 0.0.0.0 (9.9.3.3)
Origin incomplete, metric 0, localpref 100, weight 32768,
valid, sourced, best
Extended Community: RT:99:33
mpls labels in/out 310/aggregate(B)
R3#

Debug mpls packet
B

A

R1 to R3 (Path R1---R2-----R4-----R3)
R2(config-subif)#
*Oct 4 05:45:26.482: MPLS: Fa0/0.12: recvd: CoS=0, TTL=255, Label(s)=17/30
*Oct 4 05:45:26.482: MPLS: Fa0/0.24: xmit: CoS=0, TTL=254, Label(s)=30
R2(config-subif)#

R1

R2

R4

R3 to R1 (Path R3---R4----R2----R1)
R2(config-subif)#
*Oct 4 05:45:26.486: MPLS: Fa0/0.23: recvd: CoS=0, TTL=255, Label(s)=19/28
*Oct 4 05:45:26.486: MPLS: Fa0/0.12: xmit: CoS=0, TTL=254, Label(s)=28
R2(config-subif)#

R3

A
R5

B
R4(config-router)#do deb mpls pa
MPLS packet debugging is on
R4(config-router)#
*Oct 4 05:42:30.686: MPLS: Fa0/0.24: recvd: CoS=0, TTL=254, Label(s)=30
*Oct 4 05:42:30.686: MPLS: Fa0/0.34: xmit: CoS=0, TTL=253, Label(s)=24

It’s perfect for each VRF
B

A

R1

R2

R4

R3

B
A
R5

End