Classical Internet Access
Classical Internet Access
CE1 router accesses the Internet through its Fa 0/0.20 outgoing interface. CE1 router advertises a default-route to CE2 router, and so CE2 router accesses the Internet through CE1 router.
CE1 router-
interface Loopback0
ip address 11.1.1.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
!
interface FastEthernet0/0.10
description VPN_link
encapsulation dot1Q 10
ip address 10.1.1.2 255.255.255.252
!
interface FastEthernet0/0.20
description Internet_link
encapsulation dot1Q 20
ip address 20.1.1.2 255.255.255.252
ip policy route-map REMOTE
!
router bgp 65001
no synchronization
network 11.1.1.1 mask 255.255.255.255
neighbor 10.1.1.1 remote-as 100
neighbor 10.1.1.1 default-originate
neighbor 20.1.1.1 remote-as 100
neighbor 20.1.1.1 soft-reconfiguration inbound
neighbor 20.1.1.1 prefix-list NO_ADV out
no auto-summary
!
ip prefix-list NO_ADV seq 5 deny 11.1.1.1/32
ip prefix-list NO_ADV seq 10 permit 0.0.0.0/0 le 32
!
ip prefix-list REMOTE_SITES seq 5 permit 10.2.2.0/30
ip prefix-list REMOTE_SITES seq 10 permit 12.1.1.1/32
!
route-map REMOTE permit 10
match ip address prefix-list REMOTE_SITES
set ip default next-hop 20.1.1.1
!
PE1 router-
mpls label protocol ldp
mpls ldp router-id Loopback0 force
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip ospf 1 area 0
!
interface FastEthernet0/0
no ip address
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip vrf forwarding CUST1
ip address 10.1.1.1 255.255.255.252
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 20.1.1.1 255.255.255.252
!
interface Serial0/0
description To_Internet_Router_AS300
ip address 172.16.1.1 255.255.255.252
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.252
ip ospf 1 area 0
mpls ip
!
router bgp 100
no synchronization
redistribute connected route-map No_Internal
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback0
neighbor 20.1.1.2 remote-as 65001
neighbor 20.1.1.2 allowas-in 2
neighbor 20.1.1.2 soft-reconfiguration inbound
neighbor 172.16.1.2 remote-as 300
no auto-summary
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf CUST1
redistribute connected
neighbor 10.1.1.2 remote-as 65001
neighbor 10.1.1.2 activate
no synchronization
exit-address-family
!
ip prefix-list Internal seq 5 deny 192.168.1.0/30
ip prefix-list Internal seq 10 deny 1.1.1.1/32
ip prefix-list Internal seq 15 permit 0.0.0.0/0 le 32
!
route-map No_Internal permit 10
match ip address prefix-list Internal
!
CE1 router receives Internet routes via Fastethernet 0/0.20 interface i.e through Internet_link interface. However, the Internet router only advertises the default route. CE1 router uses Fa 0/0.10 as the outgoing interface for VPN access and Fa 0/0.20 for Internet access.
CE1# show ip route | begin Gateway
Gateway of last resort is 20.1.1.1 to network 0.0.0.0
20.0.0.0/30 is subnetted, 1 subnets
C 20.1.1.0 is directly connected, FastEthernet0/0.20
172.16.0.0/30 is subnetted, 1 subnets
B 172.16.1.0 [20/0] via 20.1.1.1, 00:28:31
10.0.0.0/30 is subnetted, 2 subnets
B 10.2.2.0 [20/0] via 10.1.1.1, 00:28:54
C 10.1.1.0 is directly connected, FastEthernet0/0.10
11.0.0.0/32 is subnetted, 1 subnets
C 11.1.1.1 is directly connected, Loopback0
12.0.0.0/32 is subnetted, 1 subnets
B 12.1.1.1 [20/0] via 10.1.1.1, 00:28:54
B* 0.0.0.0/0 [20/0] via 20.1.1.1, 00:29:02
As seen below, PE1 router learns about CUST1 remote VPN routes in its Global BGP table.
PE1# show ip bgp nei 20.1.1.2 received-routes
BGP table version is 7, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.1.1.0/30 20.1.1.2 0 65001 100 ?
*> 10.2.2.0/30 20.1.1.2 0 65001 100 ?
*> 12.1.1.1/32 20.1.1.2 0 65001 100 65002 i
Total number of prefixes 3
The Internet router learns about all remote VPN routes (CE2 routes) as leaked by CE1 router.
Internet# show ip route | begin Gateway
Gateway of last resort is not set
20.0.0.0/30 is subnetted, 1 subnets
B 20.1.1.0 [20/0] via 172.16.1.1, 00:14:29
172.16.0.0/30 is subnetted, 1 subnets
C 172.16.1.0 is directly connected, Serial0/0
10.0.0.0/30 is subnetted, 2 subnets
B 10.2.2.0 [20/0] via 172.16.1.1, 00:10:54
B 10.1.1.0 [20/0] via 172.16.1.1, 00:10:54
12.0.0.0/32 is subnetted, 1 subnets
B 12.1.1.1 [20/0] via 172.16.1.1, 00:10:54
13.0.0.0/32 is subnetted, 1 subnets
C 13.1.1.1 is directly connected, Loopback0
CE2 router receives a default-route as originated by CE1 router.
CE2# sh ip route | begin Gateway
Gateway of last resort is 10.2.2.1 to network 0.0.0.0
10.0.0.0/30 is subnetted, 2 subnets
C 10.2.2.0 is directly connected, FastEthernet0/0
B 10.1.1.0 [20/0] via 10.2.2.1, 00:15:12
11.0.0.0/32 is subnetted, 1 subnets
B 11.1.1.1 [20/0] via 10.2.2.1, 00:15:12
12.0.0.0/32 is subnetted, 1 subnets
C 12.1.1.1 is directly connected, Loopback0
B* 0.0.0.0/0 [20/0] via 10.2.2.1, 00:15:12
As seen below, CE2 router access the Internet through CE1 router.
CE2# traceroute 13.1.1.1
Type escape sequence to abort.
Tracing the route to 13.1.1.1
1 10.2.2.1 212 msec 176 msec 184 msec
2 10.1.1.1 [AS 100] [MPLS: Label 20 Exp 0] 384 msec 192 msec 392 msec
3 10.1.1.2 [AS 100] 740 msec 468 msec 560 msec
4 20.1.1.1 [AS 65001] 748 msec 580 msec 748 msec
5 172.16.1.2 [AS 65001] 748 msec 620 msec 936 msec