2.9 Implement MPLS VPN
R3 and R5 should exchange VPNv4 labels using 3:3
R2 and R5 should exchange VPNv4 labels using 2:2
R2 and R3 shouldn't peer directly (R5 is VPNv4 RR)
SW2 should only see its Loopback0 prefix (1YY.7.7.7) in the global routing table;
SW2 should be divided to 2 VRFs SITE1 is connected to R3 and configured with Loopback 71: 71.71.71.71/32 and F0/3 172.16.37.7/24 in BGP AS177;
SITE2 is connected to R3 and configured with Loopback 72: 72.72.72.72/32 and F0/2 172.16.27.7/24 in BGP AS177;
Explicit null should be configured on both PEs;
Verification should be done on SW2:
Ping vrf SITE1 72.72.72.72 source lo1 (100% Success)
Ping vrf SITE2 71.71.71.71 source lo2 (100% Success)
Traceroute vrf SITE1 72.72.72.72 (Extended from Loopback71) (100% Success with all hops seen on the way );
Traceroute vrf SITE2 71.71.71.71 (Extended from Loopback72) (100% Success with all hops seen on the way );
SW2
ip vrf SITE1
rd 3:3
ip vrf SITE2
rd 2:2
int loopback1
ip vrf forwarding SITE1
ip address 71.71.71.71 255.255.255.255
int loopback2
ip vrf forwarding SITE2
ip address 72.72.72.72 255.255.255.255
int Fa0/2
ip vrf forwarding SITE2
ip address 172.16.27.7 255.255.255.0
int Fa0/3
ip vrf forwarding SITE1
ip address 172.16.37.7 255.255.255.0
router bgp 177
bgp router-id 110.7.7.7
address-family ipv4 vrf SITE1
neighbor 172.16.37.3 remote-as 10
neighbor 172.16.37.3 activate
network 71.71.71.71 mask 255.255.255.255
address-family ipv4 vrf SITE2
neighbor 172.16.27.2 remote-as 10
neighbor 172.16.27.2 activate
network 72.72.72.72 mask 255.255.255.255
R2
mpls ldp router-id Loopback0
int s0/0/1
mpls ip
mpls ldp exp
ip vrf SITE2
rd 2:2
route-target export 2:2
route-target import 2:2
route-target import 3:3
int f0/1
ip vrf forwarding SITE2
ip address 172.16.27.2 255.255.255.0
no shutdown
router bgp 10
neighbor 110.5.5.5 remote-as 10 -> This needs to be here so that you can configure and activate the VPNv4 address-family betwen R2 and R5
neighbor 110.5.5.5 update-source loopback0 -> This needs to be here so that you can configure and activate the VPNv4 address-family betwen R2 and R5
address-family vpnv4
neighbor 110.5.5.5 activate
neighbor 110.5.5.5 next-hop-self
address-family ipv4 vrf SITE2
neighbor 172.16.27.7 remote-as 177
neighbor 172.16.27.7 as-override -> AS-Override here is probably the best method, but you could also allow-as in on SW2.
neighbor 172.16.27.7 activate
R3
mpls ldp router-id Loopback0
int s0/0/0
mpls ip
mpls ldp exp
ip vrf SITE1
rd 3:3
route-target export 3:3
route-target import 3:3
route-target import 2:2
int f0/1
ip vrf forwarding SITE1
ip address 172.16.37.3 255.255.255.0
no shutdown
router bgp 10
neighbor 110.5.5.5 remote-as 10 -> This needs to be here so that you can configure and activate the VPNv4 address-family betwen R3 and R5
neighbor 110.5.5.5 update-source loopback0 -> This needs to be here so that you can configure and activate the VPNv4 address-family betwen R3 and R5
address-family vpnv4
neighbor 110.5.5.5 activate
neighbor 110.5.5.5 next-hop-self
address-family ipv4 vrf SITE1
neighbor 172.16.37.7 remote-as 177
neighbor 172.16.37.7 as-override -> AS-Override here is probably the best method, but you could also alow-as in on SW2.
neighbor 172.16.37.7 activate
R5
mpls ldp router-id Loopback0
int s0/0/0.100
mpls ip
int s0/0/0.10
mpls ip
int s0/0/1
mpls ip
router bgp 10
neighbor 110.2.2.2 remote-as 10
neighbor 110.2.2.2 update-source loopback0
neighbor 110.3.3.3 remote-as 10
neighbor 110.3.3.3 update-source loopback0
address-family vpnv4
neighbor 110.2.2.2 activate
neighbor 110.2.2.2 route-reflector-client
neighbor 110.3.3.3 activate
neighbor 110.3.3.3 route-reflector-client
NOTE: Make sure to activate the VPNv4 RR to both R2 and R3 otherwise your routes won't get there and be dropped at R5! [CrackerJoe69]
R4
mpls ldp router-id Loopback0
int s0/0/0
mpls ip
int s0/0/1
mpls ip
R1
mpls ldp router-id Loopback0
int s0/0/0
mpls ip
int s0/0/1.100
mpls ip
int s0/0/1.10
mpls ip
int f0/1
delay 100000