Dynamips MPLS/VPN Lab
From Internetworkpro
The ISCW certification guide has a short chapter on MPLS/VPN, but it doesn't get into any detail about VRF's, or how it's configured. I wanted more then that, so I set out to create a lab in Dynamips.
Contents |
[edit] Lab Topology
[edit] Routers and IOS
- 3x 7200 w/ 12.4(18) IOS (c7200-jk9s-mz.124-18.bin) for PE and P routers
- 6x 7200 w/ 12.2(46)a IOS (c7200-jk9s-mz.122-46a.bin) for CE routers (less memory needed)
on the digram CE_A1 and CE_A2 are having same IP address of PE1 same CE_B1 and CE-B2 are having same ip add of PE2
[edit] Dynamips Configuration
The lab is using two instances of Dynamips.
autostart = false
[localhost:7200]
workingdir = C:\Program Files\Dynamips\mpls_vpn\working
udp = 10000
[[7200]]
model = 7200
ram = 256
nvram = 64
disk0 = 0
disk1 = 0
confreg = 0x2102
npe = npe-400
midplane = vxr
mmap = true
image = C:\Program Files\Dynamips\mpls_vpn\ios\c7200-jk9s-mz.124-18.bin
[[router PE1]]
s1/2 = P s1/0
[[router PE2]]
s1/2 = P s1/1
[[router P]]
[localhost:7201]
workingdir = C:\Program Files\Dynamips\mpls_vpn\working
udp = 11000
[[7200]]
model = 7200
ram = 128
nvram = 64
disk0 = 0
disk1 = 0
confreg = 0x2102
npe = npe-400
midplane = vxr
mmap = true
image = C:\Program Files\Dynamips\mpls_vpn\ios\c7200-jk9s-mz.122-46a.bin
[[ROUTER CE_A1]]
s1/0 = PE1 s1/0
[[router CE_B1]]
s1/0 = PE1 s1/1
[[router CE_A2]]
s1/0 = PE2 s1/0
[[router CE_B2]]
s1/0 = PE2 s1/1
[edit] PE Routers
PE Router configuration is the beefiest part of the lab.
hostname PE1
!
ip cef
!
ip vrf ClientA
rd 999:1
route-target export 64999:1
route-target import 64999:1
!
ip vrf ClientB
rd 999:2
route-target export 64999:2
route-target import 64999:2
!
interface Loopback0
ip address 172.16.1.1 255.255.255.255
!
interface Serial1/0
ip vrf forwarding ClientA
ip address 10.1.1.2 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
ip vrf forwarding ClientB
ip address 10.1.1.2 255.255.255.252
serial restart-delay 0
!
interface Serial1/2
ip address 192.168.1.1 255.255.255.252
mpls ip
serial restart-delay 0
!
router ospf 100
log-adjacency-changes
network 172.16.0.0 0.0.255.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
router rip
version 2
!
address-family ipv4 vrf ClientB
redistribute bgp 64999 metric 1
network 10.0.0.0
no auto-summary
version 2
exit-address-family
!
address-family ipv4 vrf ClientA
redistribute bgp 64999 metric 1
network 10.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 64999
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 172.16.1.3 remote-as 64999
neighbor 172.16.1.3 update-source Loopback0
!
address-family vpnv4
neighbor 172.16.1.3 activate
neighbor 172.16.1.3 send-community extended
exit-address-family
!
address-family ipv4 vrf ClientB
redistribute rip metric 1
no synchronization
exit-address-family
!
address-family ipv4 vrf ClientA
redistribute rip metric 1
no synchronization
exit-address-family
!
hostname PE2
!
ip cef
!
ip vrf ClientA
rd 999:1
route-target export 64999:1
route-target import 64999:1
!
ip vrf ClientB
rd 999:2
route-target export 64999:2
route-target import 64999:2
!
interface Loopback0
ip address 172.16.1.3 255.255.255.255
!
interface Serial1/0
ip vrf forwarding ClientA
ip address 10.1.1.6 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
ip vrf forwarding ClientB
ip address 10.1.1.6 255.255.255.252
serial restart-delay 0
!
interface Serial1/2
ip address 192.168.1.6 255.255.255.252
mpls ip
serial restart-delay 0
!
router ospf 100
log-adjacency-changes
network 172.16.0.0 0.0.255.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
router rip
version 2
!
address-family ipv4 vrf ClientB
redistribute bgp 64999 metric 1
network 10.0.0.0
no auto-summary
version 2
exit-address-family
!
address-family ipv4 vrf ClientA
redistribute bgp 64999 metric 1
network 10.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 64999
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 172.16.1.1 remote-as 64999
neighbor 172.16.1.1 update-source Loopback0
!
address-family vpnv4
neighbor 172.16.1.1 activate
neighbor 172.16.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf ClientB
redistribute rip metric 1
no synchronization
exit-address-family
!
address-family ipv4 vrf ClientA
redistribute rip metric 1
no synchronization
exit-address-family
[edit] P Router
The P router is a very simple configuration, not caring about VRFs or anything, only making label switching decisions based on the top label.
hostname P
!
ip cef
!
interface Loopback0
ip address 172.16.1.2 255.255.255.255
!
interface Serial1/0
ip address 192.168.1.2 255.255.255.252
mpls ip
serial restart-delay 0
!
interface Serial1/1
ip address 192.168.1.5 255.255.255.252
mpls ip
serial restart-delay 0
!
router ospf 100
log-adjacency-changes
network 172.16.0.0 0.0.255.255 area 0
network 192.168.1.0 0.0.0.255 area 0
!
[edit] CE Routers
CE routers are a very basic config. They are completely unaware that MPLS/VPN is going on. All they really know is that their full mesh WAN is costing them a whole lot less then it used to ;)
I am only including the configuration for one CE router in an effort to keep this short. All four are configured in a similar way.
hostname CE_A1
!
ip cef
!
interface Serial1/0
ip address 10.1.1.1 255.255.255.252
serial restart-delay 0
!
router rip
version 2
network 10.0.0.0
no auto-summary
!
--IPv6Freely 00:29, 17 January 2008 (CST)
