Monday, December 12, 2011

MPLS VPN

 

image

Ok now the fun stuff start, MPLS VPN’s, I have created nice topology with ISP “someisp.net” and two customers that have connected their branches in NY and Tel Aviv, “google.net” a small company and “shirannet.net” an innovative company working Native IPv6.

Now this time I would go in a different approach instead of talking and talking (I mean writing and writing) I will give you all configurations and .net file I did and let you play around.

MPLS VPN Topology configuration + .net

Some pointers:

1) You can divide the topology into 2 main sections Provider and Customer and 3 virtual divisions (explained below):

image

a) Provider Back Bone, relatively simple configuration P router are set only with IGP (OSPF flat area 0)
b) PE’s are the complex part, holding both the Customer Interconnecting protocol Provider Topology and doing the conversion between them.
c) Customer Edge again simple configuration

2) ttl propagation in the configuration files I have provided you I have left the default behavior of ttl propagation where the inner ttl field (original packet) is decremented along the path reveling Service Provider path, normally it is not what you will have, and the way to change that behavior is very simple with single command on each PE router see below example:

PE_newyork_someisp.n(config)#no mpls ip propagate-ttl

another scenario is where “shirannet.net” customer is using native IPv6 and you will notice that if you perform a trace and and the ttl propagation is enabled your trace will not function properly and that is because the backbone routers P routers are not IPv6 enabled at all they do not know what is IPv6!!!

! Before diableing ttl propagation 
CE_newyork_shirannet.net#traceroute  2001:CE72:68::2
Type escape sequence to abort.
Tracing the route to 2001:CE72:68::2
  1 2001:CE92:68::1 52 msec 16 msec 8 msec
  2  *  *  *
  3  *
CE_newyork_shirannet.net#ping  2001:CE72:68::2
!
! altoug there is nothing wrong with End To End Connectivity
!
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:CE72:68::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/64/88 ms
!
! After diableing ttl propagation also trace is fine :-)
!
CE_newyork_shirannet.net#traceroute  2001:CE72:68::2
Type escape sequence to abort.
Tracing the route to 2001:CE72:68::2
  1 2001:CE92:68::1 36 msec 36 msec 24 msec
  2 2001:CE72:68::1 52 msec 56 msec 32 msec
  3 2001:CE72:68::2 52 msec 48 msec 60 msec
CE_newyork_shirannet.net#traceroute  2001:CE72:68::2

 

3) Another last thing I would like to point your attention again concerning IPv6, notice to the vrf configuration, using the new method:

! This is the new way of define vrf's and the only supported
! When working with IPv6 and vrf's
vrf definition shirannet.net
 rd 20000:40
 route-target export 20000:40
 route-target import 20000:40
 !
 address-family ipv6
 exit-address-family
!
!I did both methods just to get your attention on both ways
!
ip vrf google.net
 rd 10000:80
 route-target export 10000:80
 route-target import 10000:80
!

 

Ok, That is it I hope you will have fun, I think that the basic configuration will allow you to play and test all kind of scenarios and get better understanding on the subject.

Sunday, December 11, 2011