Ignorer les commandes du ruban
Passer au contenu principal
SharePoint

Networking

août 17
Route Reflector configuration in a basic MPLS network supporting L3VPN service (IOS-XE)

In a previous article you learned how to build a basic L3VPN for a customer owning two distant sites. In this article we extend the topology by adding a VPNv4 route reflector. We modified a bit the addressing plan according to RFC3021 which allow the use of /31 subnets mask for point-to-point links and RFC6752 which recommand to use officially allocated public addresses for infrastructure links and loopbacks. We assume that we received from our RIR the block 23.0.0.0/8.

Cabling

 

 

Same calbing plan as in the previous article plus a new link between router P and the route reflector (RR).

Point-to-point links are emulated via dedicated VLANs on a vSwitch. For example, link between P (R3) and RR (R6) is emulated via VLAN 50 :

 

Addressing

 

23.0.0.0/24 is dedicated to PE routers and RR loopbacks.

23.0.1.0/24 is dedicated for infrastructure links.

 

RR configuration

 

 

In our previous article, PE1 and PE2 were peering VPNv4 routes directly. To support adding multiple VPN PE routers without maintaining a full meshed iBGP network, we add a VPNv4 route reflector in our topology.

On R6 (RR), we configure a peer group including each VPN PE in order to reduce configuration overhead when adding more VPN PE in the future (it's also simplify BGP update message generation on the router). We disable ipv4 peering because we dedicate this router to vpnv4 route reflection. Notice the « route-reflector-client »  command under vpnv4 address family :

 

Interface Loopback0
ip address 23.0.0.3 255.255.255.255
!
! MPLS is not needed on this link as it is not intended that VPN
! traffic will be forwarded by the route reflector
interface GigabitEthernet2
ip address 23.0.1.4 255.255.255.254
negotiation auto
!
router ospf 1
network 23.0.0.0 0.0.0.255 area 0
network 23.0.1.0 0.0.0.255 area 0
!
router bgp 1
bgp log-neighbor-changes
neighbor VPN-PE peer-group
neighbor VPN-PE remote-as 1
neighbor VPN-PE update-source Loopback0
neighbor 23.0.0.1 peer-group VPN-PE
neighbor 23.0.0.2 peer-group VPN-PE
!
address-family ipv4
no neighbor 23.0.0.1 activate
no neighbor 23.0.0.2 activate
exit-address-family
!
address-family vpnv4
neighbor VPN-PE send-community extended
neighbor VPN-PE route-reflector-client
neighbor 23.0.0.1 activate
neighbor 23.0.0.2 activate
exit-address-family

     

On PE1, we also configure a peer-group including the route reflector for the same reasons as mentioned above in the case we decide to add a second route reflector for redundancy :

 

router bgp 1
bgp log-neighbor-changes
neighbor VPN-RR peer-group
neighbor VPN-RR remote-as 1
neighbor VPN-RR update-source Loopback0
neighbor 23.0.0.3 peer-group VPN-RR
!
address-family ipv4
no neighbor 23.0.0.3 activate
exit-address-family
!
address-family vpnv4
neighbor VPN-RR send-community extended
neighbor 23.0.0.3 activate
exit-address-family

     

Configuration is similar on PE2.

Verifications :

 

PE1#show ip route vrf CUSTOMER1
snip
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 2 subnets
B 172.16.100.0 [20/0] via 192.168.0.0, 23:12:20
B 172.16.200.0 [200/0] via 23.0.0.2, 01:38:46
192.168.0.0/24 is variably subnetted, 3 subnets, 2 masks
C 192.168.0.0/31 is directly connected, GigabitEthernet2
L 192.168.0.1/32 is directly connected, GigabitEthernet2
B 192.168.0.2/31 [200/0] via 23.0.0.2, 01:38:46
CE1#ping 172.16.200.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.200.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/8/15 ms

Commentaires

Aucun commentaire sur ce billet.