Classical Internet Access

Classical Internet Access

CE1 router accesses the Internet through its Fa 0/0.20 outgoing interface. CE1 router advertises a default-route to CE2 router, and so CE2 router accesses the Internet through CE1 router.

CE1 router-

interface Loopback0

ip address 11.1.1.1 255.255.255.255

!

interface FastEthernet0/0

no ip address

!

interface FastEthernet0/0.10

description VPN_link

encapsulation dot1Q 10

ip address 10.1.1.2 255.255.255.252

!

interface FastEthernet0/0.20

description Internet_link

encapsulation dot1Q 20

ip address 20.1.1.2 255.255.255.252

ip policy route-map REMOTE

!

router bgp 65001

no synchronization

network 11.1.1.1 mask 255.255.255.255

neighbor 10.1.1.1 remote-as 100

neighbor 10.1.1.1 default-originate

neighbor 20.1.1.1 remote-as 100

neighbor 20.1.1.1 soft-reconfiguration inbound

neighbor 20.1.1.1 prefix-list NO_ADV out

no auto-summary

!

ip prefix-list NO_ADV seq 5 deny 11.1.1.1/32

ip prefix-list NO_ADV seq 10 permit 0.0.0.0/0 le 32

!

ip prefix-list REMOTE_SITES seq 5 permit 10.2.2.0/30

ip prefix-list REMOTE_SITES seq 10 permit 12.1.1.1/32

!

route-map REMOTE permit 10

match ip address prefix-list REMOTE_SITES

set ip default next-hop 20.1.1.1

!

PE1 router-

mpls label protocol ldp

mpls ldp router-id Loopback0 force

!

interface Loopback0

ip address 1.1.1.1 255.255.255.255

ip ospf 1 area 0

!

interface FastEthernet0/0

no ip address

!

interface FastEthernet0/0.10

encapsulation dot1Q 10

ip vrf forwarding CUST1

ip address 10.1.1.1 255.255.255.252

!

interface FastEthernet0/0.20

encapsulation dot1Q 20

ip address 20.1.1.1 255.255.255.252

!

interface Serial0/0

description To_Internet_Router_AS300

ip address 172.16.1.1 255.255.255.252

!

interface FastEthernet0/1

ip address 192.168.1.1 255.255.255.252

ip ospf 1 area 0

mpls ip

!

router bgp 100

no synchronization

redistribute connected route-map No_Internal

neighbor 2.2.2.2 remote-as 100

neighbor 2.2.2.2 update-source Loopback0

neighbor 20.1.1.2 remote-as 65001

neighbor 20.1.1.2 allowas-in 2

neighbor 20.1.1.2 soft-reconfiguration inbound

neighbor 172.16.1.2 remote-as 300

no auto-summary

!

address-family vpnv4

neighbor 2.2.2.2 activate

neighbor 2.2.2.2 send-community extended

exit-address-family

!

address-family ipv4 vrf CUST1

redistribute connected

neighbor 10.1.1.2 remote-as 65001

neighbor 10.1.1.2 activate

no synchronization

exit-address-family

!

ip prefix-list Internal seq 5 deny 192.168.1.0/30

ip prefix-list Internal seq 10 deny 1.1.1.1/32

ip prefix-list Internal seq 15 permit 0.0.0.0/0 le 32

!

route-map No_Internal permit 10

match ip address prefix-list Internal

!

CE1 router receives Internet routes via Fastethernet 0/0.20 interface i.e through Internet_link interface. However, the Internet router only advertises the default route. CE1 router uses Fa 0/0.10 as the outgoing interface for VPN access and Fa 0/0.20 for Internet access.

CE1# show ip route | begin Gateway

Gateway of last resort is 20.1.1.1 to network 0.0.0.0

20.0.0.0/30 is subnetted, 1 subnets

C 20.1.1.0 is directly connected, FastEthernet0/0.20

172.16.0.0/30 is subnetted, 1 subnets

B 172.16.1.0 [20/0] via 20.1.1.1, 00:28:31

10.0.0.0/30 is subnetted, 2 subnets

B 10.2.2.0 [20/0] via 10.1.1.1, 00:28:54

C 10.1.1.0 is directly connected, FastEthernet0/0.10

11.0.0.0/32 is subnetted, 1 subnets

C 11.1.1.1 is directly connected, Loopback0

12.0.0.0/32 is subnetted, 1 subnets

B 12.1.1.1 [20/0] via 10.1.1.1, 00:28:54

B* 0.0.0.0/0 [20/0] via 20.1.1.1, 00:29:02

As seen below, PE1 router learns about CUST1 remote VPN routes in its Global BGP table.

PE1# show ip bgp nei 20.1.1.2 received-routes

BGP table version is 7, local router ID is 1.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

*> 10.1.1.0/30 20.1.1.2 0 65001 100 ?

*> 10.2.2.0/30 20.1.1.2 0 65001 100 ?

*> 12.1.1.1/32 20.1.1.2 0 65001 100 65002 i

Total number of prefixes 3

The Internet router learns about all remote VPN routes (CE2 routes) as leaked by CE1 router.

Internet# show ip route | begin Gateway

Gateway of last resort is not set

20.0.0.0/30 is subnetted, 1 subnets

B 20.1.1.0 [20/0] via 172.16.1.1, 00:14:29

172.16.0.0/30 is subnetted, 1 subnets

C 172.16.1.0 is directly connected, Serial0/0

10.0.0.0/30 is subnetted, 2 subnets

B 10.2.2.0 [20/0] via 172.16.1.1, 00:10:54

B 10.1.1.0 [20/0] via 172.16.1.1, 00:10:54

12.0.0.0/32 is subnetted, 1 subnets

B 12.1.1.1 [20/0] via 172.16.1.1, 00:10:54

13.0.0.0/32 is subnetted, 1 subnets

C 13.1.1.1 is directly connected, Loopback0

CE2 router receives a default-route as originated by CE1 router.

CE2# sh ip route | begin Gateway

Gateway of last resort is 10.2.2.1 to network 0.0.0.0

10.0.0.0/30 is subnetted, 2 subnets

C 10.2.2.0 is directly connected, FastEthernet0/0

B 10.1.1.0 [20/0] via 10.2.2.1, 00:15:12

11.0.0.0/32 is subnetted, 1 subnets

B 11.1.1.1 [20/0] via 10.2.2.1, 00:15:12

12.0.0.0/32 is subnetted, 1 subnets

C 12.1.1.1 is directly connected, Loopback0

B* 0.0.0.0/0 [20/0] via 10.2.2.1, 00:15:12

As seen below, CE2 router access the Internet through CE1 router.

CE2# traceroute 13.1.1.1

Type escape sequence to abort.

Tracing the route to 13.1.1.1

1 10.2.2.1 212 msec 176 msec 184 msec

2 10.1.1.1 [AS 100] [MPLS: Label 20 Exp 0] 384 msec 192 msec 392 msec

3 10.1.1.2 [AS 100] 740 msec 468 msec 560 msec

4 20.1.1.1 [AS 65001] 748 msec 580 msec 748 msec

5 172.16.1.2 [AS 65001] 748 msec 620 msec 936 msec