MPLS Core small ISP free from BGP and IPv6
Hello colleagues!
The network design is made in the form of rings, which provides good fault tolerance, at a low cost price.
MPLS in the Core uses the ISIS protocol with fine tuning.
Global ipv4 traffic is transmitted using MPLS tags for iBGP next-hop.
When transmitting the global ipv6 traffic, MPLS VPN V6PE technology is used.
Aslo in this example, various options for connecting equipment are implemented. Branch2 is connected to the office using CsC MPLS VPN technology. L2 or L3 equipment other branches are connected using MPLS VPN technology.
Internet access for the branches going through the office.In this setting, between the equipment CE1 and CsC-PE1 can be set ASA.
Ipv4 DHCP server Branch5 and Branch6 are located on the office router CsC-PE1. Ipv6 DHCP server Branch5 are located on CE5 and Branch6 on PE6.
Fully test this idea I do not have the technical capabilities. Who are interested in this idea, conduct tests, please.
I will be glad to hear from you comments and suggestions to improve the current design.
If you see errors, please tell us.
It traceroute from the Branch6 to the Branch5.
HOST6#traceroute 10.5.30.3
Type escape sequence to abort.
Tracing the route to 10.5.30.3
VRF info: (vrf in name/id, vrf out name/id)
1 10.6.30.1 68 msec 36 msec 16 msec
2 172.16.4.13 [MPLS: Labels 409/1133 Exp 0] 100 msec 132 msec 76 msec
3 172.16.2.13 [MPLS: Labels 313/1133 Exp 0] 72 msec 96 msec
172.16.2.9 [MPLS: Labels 202/1133 Exp 0] 116 msec
4 172.16.2.1 [MPLS: Labels 109/1133 Exp 0] 148 msec 100 msec
172.16.2.5 [MPLS: Labels 109/1133 Exp 0] 76 msec
5 172.16.3.2 [MPLS: Labels 0/1133 Exp 0] 120 msec 108 msec 76 msec
6 10.1.0.5 [MPLS: Label 41007 Exp 0] 72 msec 88 msec 56 msec
7 10.1.0.6 96 msec 128 msec 88 msec
8 10.1.0.5 [MPLS: Label 41040 Exp 0] 136 msec 176 msec 140 msec
9 10.1.190.13 [MPLS: Label 1147 Exp 0] 132 msec 176 msec 156 msec
10 172.16.3.1 [MPLS: Labels 120/1525 Exp 0] 184 msec 168 msec 136 msec
11 172.16.2.6 [MPLS: Labels 320/1525 Exp 0] 144 msec 168 msec 140 msec
12 172.16.4.2 [MPLS: Labels 1422/1525 Exp 0] 148 msec 172 msec 148 msec
13 10.5.30.1 144 msec 156 msec 144 msec
14 10.5.30.3 176 msec * 140 msec
HOST6#
It traceroute from the Branch6 to the AS3.
HOST6#traceroute 3.3.3.3
Type escape sequence to abort.
Tracing the route to 3.3.3.3
VRF info: (vrf in name/id, vrf out name/id)
1 10.6.30.1 44 msec 36 msec 8 msec
2 172.16.4.13 [MPLS: Labels 409/1133 Exp 0] 72 msec 96 msec 80 msec
3 172.16.2.9 [MPLS: Labels 202/1133 Exp 0] 68 msec 76 msec
172.16.2.13 [MPLS: Labels 313/1133 Exp 0] 92 msec
4 172.16.2.5 [MPLS: Labels 109/1133 Exp 0] 92 msec 100 msec
172.16.2.1 [MPLS: Labels 109/1133 Exp 0] 72 msec
5 172.16.3.2 [MPLS: Labels 0/1133 Exp 0] 116 msec 100 msec 76 msec
6 10.1.0.5 [MPLS: Label 41007 Exp 0] 68 msec 64 msec 56 msec
7 10.1.0.6 88 msec 96 msec 72 msec
8 10.1.190.5 [MPLS: Label 41000 Exp 0] 80 msec 100 msec 116 msec
9 10.1.190.13 72 msec 100 msec 104 msec
10 172.16.3.1 [MPLS: Label 117 Exp 0] 108 msec 140 msec 108 msec
11 172.16.2.26 116 msec * 128 msec
HOST6#
It traceroute from the Branch6 to the ipv6 address AS3.
HOST6#traceroute 2028:193::22:8:1
Type escape sequence to abort.
Tracing the route to 2028:193::22:8:1
1 2028:190:1:630:30:3:30:1 36 msec 36 msec 40 msec
2 ::FFFF:172.16.4.13 [MPLS: Labels 409/1127 Exp 0] 64 msec 68 msec 72 msec
3 ::FFFF:172.16.2.9 [MPLS: Labels 202/1127 Exp 0] 76 msec 72 msec
::FFFF:172.16.2.13 52 msec
4 ::FFFF:172.16.2.5 [MPLS: Labels 109/1127 Exp 0] 84 msec 48 msec
::FFFF:172.16.2.1 148 msec
5 ::FFFF:172.16.3.2 [MPLS: Labels 0/1127 Exp 0] 184 msec 72 msec 72 msec
6 *
2028:190:1:130:1:30:4:2 84 msec *
7 2028:190:1:130:1:30:4:1 52 msec 52 msec 88 msec
8 2028:190:1:122:1:22:4:2 68 msec 72 msec 88 msec
9 2028:190:0:1:1:1:22:2 68 msec 76 msec 84 msec
10 ::FFFF:172.16.3.1 [MPLS: Labels 117/823 Exp 0] 100 msec 116 msec 108 msec
11 2028:193::22:8:1 80 msec 88 msec 84 msec
HOST6#
ASBR1 is configured as follows:
!
version 15.2
!
hostname ASBR1
!
vrf definition GLOBAL
rd 172.16.130.8:1
!
address-family ipv6
route-target export 1:1
route-target import 1:1
exit-address-family
ip cef
ipv6 unicast-routing
ipv6 cef
!
mpls label range 800 899
mpls label protocol ldp
mpls ldp explicit-null
mpls ldp session protection
mpls ip default-route
!
interface Loopback0
ip address 172.16.0.8 255.255.255.255
ip router isis
isis circuit-type level-2-only
!
interface Loopback1
description FOR TESTING IPV4 NETWORK ISP AS3
ip address 3.3.3.3 255.255.0.0
!
interface Loopback22
description FOR TESTING IPV6 NETWORK ISP AS3
vrf forwarding GLOBAL
no ip address
ipv6 address FE80::22:8:1 link-local
ipv6 address 2028:193::22:8:1/112
ipv6 enable
!
interface GigabitEthernet0/0
mtu 1516
no ip address
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface GigabitEthernet0/0.2
description TO THE P1
encapsulation dot1Q 2
ip address 172.16.2.26 255.255.255.252
ip router isis
mpls ip
isis circuit-type level-2-only
isis network point-to-point
isis bfd
!
interface GigabitEthernet1/0
mtu 1516
no ip address
negotiation auto
!
interface GigabitEthernet1/0.2
description TO THE ASBR ISP AS 3
encapsulation dot1Q 2
ip address 172.16.2.33 255.255.255.252
mpls bgp forwarding
!
interface GigabitEthernet1/0.22
description FOR IPV6 INTERNET TRAFFIC FROM AS3
encapsulation dot1Q 22
vrf forwarding GLOBAL
ipv6 address FE80::8:1:22:1 link-local
ipv6 address 2028:190::8:1:22:1/112
ipv6 enable
!
router isis
mpls ldp sync
net 49.0172.0016.0000.0008.00
is-type level-2-only
domain-password PLASHCHUN
ispf level-1-2
fast-flood 10
set-overload-bit on-startup wait-for-bgp
spf-interval 5 50 200
prc-interval 5 50 200
bfd all-interfaces
!
router bgp 1
bgp router-id 172.16.0.8
bgp log-neighbor-changes
no bgp default ipv4-unicast
no bgp default route-target filter
neighbor 172.16.0.5 remote-as 1
neighbor 172.16.0.5 description TO THE RR1
neighbor 172.16.0.5 password PLASHCHUN
neighbor 172.16.0.5 update-source Loopback0
neighbor 172.16.0.6 remote-as 1
neighbor 172.16.0.6 description TO THE RR2
neighbor 172.16.0.6 password PLASHCHUN
neighbor 172.16.0.6 update-source Loopback0
neighbor 172.16.2.34 remote-as 3
neighbor 172.16.2.34 description FOR IPV4 TRAFFIC
neighbor 172.16.2.34 password PLASHCHUN_AS3
!
address-family ipv4
network 3.3.0.0 mask 255.255.0.0
aggregate-address 1.1.0.0 255.255.224.0 summary-only
neighbor 172.16.0.5 activate
neighbor 172.16.0.5 next-hop-self
neighbor 172.16.0.6 activate
neighbor 172.16.0.6 next-hop-self
neighbor 172.16.2.34 activate
neighbor 172.16.2.34 prefix-list RFC1918_PLUS in
exit-address-family
!
address-family vpnv6
neighbor 172.16.0.5 activate
neighbor 172.16.0.5 send-community both
neighbor 172.16.0.5 next-hop-self
neighbor 172.16.0.5 advertisement-interval 5
neighbor 172.16.0.6 activate
neighbor 172.16.0.6 send-community both
neighbor 172.16.0.6 next-hop-self
neighbor 172.16.0.6 advertisement-interval 5
exit-address-family
!
address-family ipv6 vrf GLOBAL
redistribute connected
redistribute static
neighbor 2028:190::8:1:22:2 remote-as 3
neighbor 2028:190::8:1:22:2 password PLASHCHUN_AS3
neighbor 2028:190::8:1:22:2 activate
neighbor 2028:190::8:1:22:2 prefix-list INCOMING_IPV6 in
neighbor 2028:190::8:1:22:2 prefix-list OUTCOMING_IPV6 out
exit-address-family
!
ip bgp-community new-format
!
ip prefix-list RFC1918_PLUS seq 20 deny 10.0.0.0/8 le 32
ip prefix-list RFC1918_PLUS seq 30 deny 172.16.0.0/12 le 32
ip prefix-list RFC1918_PLUS seq 40 deny 192.168.0.0/16 le 32
ip prefix-list RFC1918_PLUS seq 50 deny 127.0.0.0/8 le 32
ip prefix-list RFC1918_PLUS seq 60 deny 0.0.0.0/8 le 32
ip prefix-list RFC1918_PLUS seq 70 deny 169.254.0.0/16 le 32
ip prefix-list RFC1918_PLUS seq 80 deny 224.0.0.0/4 le 32
ip prefix-list RFC1918_PLUS seq 90 deny 240.0.0.0/4 le 32
ip prefix-list RFC1918_PLUS seq 100 deny 0.0.0.0/0
ip prefix-list RFC1918_PLUS seq 1000 permit 0.0.0.0/0 le 19
ipv6 route vrf GLOBAL 2028:193::/32 Null0
!
ipv6 prefix-list INCOMING_IPV6 seq 10 permit ::/0 le 32
!
ipv6 prefix-list OUTCOMING_IPV6 seq 10 permit ::/0 le 32
!
mpls ldp router-id Loopback0 force
!
banner motd ! Looking fow new opportunities (remote/virtual) Network Engineer CCNP igor.plashchun@yahoo.com+380953589271 !
!
end
RR1 is configured as follows:
!
hostname RR1
!
ip cef
ipv6 unicast-routing
ipv6 cef
!
multilink bundle-name authenticated
mpls label range 500 599
mpls label protocol ldp
mpls ldp explicit-null
mpls ldp session protection
!
interface Loopback0
ip address 172.16.0.5 255.255.255.255
ip router isis
isis circuit-type level-2-only
!
interface FastEthernet0/0
description To the P2
no ip address
carrier-delay msec 0
duplex full
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 172.16.2.18 255.255.255.252
ip router isis
mpls ip
isis circuit-type level-2-only
isis network point-to-point
isis bfd
!
router isis
mpls ldp sync
net 49.0172.0016.0000.0005.00
is-type level-2-only
domain-password PLASHCHUN
ispf level-1-2
fast-flood 10
set-overload-bit on-startup wait-for-bgp
spf-interval 5 50 200
prc-interval 5 50 200
bfd all-interfaces
!
router bgp 1
bgp router-id 172.16.0.5
bgp cluster-id 5
bgp log-neighbor-changes
no bgp default ipv4-unicast
no bgp default route-target filter
neighbor RR5 peer-group
neighbor RR5 remote-as 1
neighbor RR5 password PLASHCHUN
neighbor RR5 update-source Loopback0
neighbor 172.16.0.7 peer-group RR5
neighbor 172.16.0.7 description TO THE ASBR_AS2
neighbor 172.16.0.8 peer-group RR5
neighbor 172.16.0.8 description TO THE ASBR_AS3
neighbor 172.16.1.1 peer-group RR5
neighbor 172.16.1.1 description TO THE PE1
neighbor 172.16.1.2 peer-group RR5
neighbor 172.16.1.2 description TO THE PE2
neighbor 172.16.1.3 peer-group RR5
neighbor 172.16.1.3 description TO THE PE3
neighbor 172.16.1.4 peer-group RR5
neighbor 172.16.1.4 description TO THE PE4
neighbor 172.16.1.5 peer-group RR5
neighbor 172.16.1.5 description TO THE PE5
neighbor 172.16.1.6 peer-group RR5
neighbor 172.16.1.6 description TO THE PE6
!
address-family ipv4
neighbor RR5 route-reflector-client
neighbor 172.16.0.7 activate
neighbor 172.16.0.8 activate
neighbor 172.16.1.1 activate
neighbor 172.16.1.2 activate
neighbor 172.16.1.3 activate
neighbor 172.16.1.4 activate
neighbor 172.16.1.5 activate
neighbor 172.16.1.6 activate
exit-address-family
!
address-family vpnv4
bgp nexthop trigger delay 1
bgp scan-time 15
neighbor RR5 send-community both
neighbor RR5 route-reflector-client
neighbor RR5 advertisement-interval 5
neighbor 172.16.0.7 activate
neighbor 172.16.0.8 activate
neighbor 172.16.1.1 activate
neighbor 172.16.1.2 activate
neighbor 172.16.1.3 activate
neighbor 172.16.1.4 activate
neighbor 172.16.1.5 activate
neighbor 172.16.1.6 activate
exit-address-family
!
address-family vpnv6
neighbor RR5 send-community both
neighbor RR5 route-reflector-client
neighbor RR5 advertisement-interval 5
neighbor 172.16.0.7 activate
neighbor 172.16.0.8 activate
neighbor 172.16.1.1 activate
neighbor 172.16.1.2 activate
neighbor 172.16.1.3 activate
neighbor 172.16.1.4 activate
neighbor 172.16.1.5 activate
neighbor 172.16.1.6 activate
exit-address-family
!
ip bgp-community new-format
!
mpls ldp router-id Loopback0 force
!
banner motd ! Looking fow new opportunities (remote/virtual) Network Engineer CCNP igor.plashchun@yahoo.com+380953589271 !
!
end
P1 is configured as follows:
!
hostname P1
!
ip cef
!
mpls label range 100 199
mpls label protocol ldp
mpls ldp explicit-null
mpls ldp session protection
!
interface Loopback0
ip address 172.16.0.1 255.255.255.255
ip router isis
isis circuit-type level-2-only
!
interface GigabitEthernet0/0
mtu 1516
no ip address
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface GigabitEthernet0/0.2
description TO THE P2
encapsulation dot1Q 2
ip address 172.16.2.1 255.255.255.252
ip router isis
ip load-sharing per-packet
mpls ip
isis circuit-type level-2-only
isis network point-to-point
isis bfd
!
interface GigabitEthernet1/0
mtu 1516
no ip address
negotiation auto
!
interface GigabitEthernet1/0.2
description TO THE P3
encapsulation dot1Q 2
ip address 172.16.2.5 255.255.255.252
ip router isis
ip load-sharing per-packet
mpls ip
isis circuit-type level-2-only
isis network point-to-point
isis bfd
!
interface GigabitEthernet2/0
mtu 1516
no ip address
negotiation auto
!
interface GigabitEthernet2/0.2
description TO THE ASBR1
encapsulation dot1Q 2
ip address 172.16.2.25 255.255.255.252
ip router isis
mpls ip
isis circuit-type level-2-only
isis network point-to-point
isis bfd
!
interface GigabitEthernet3/0
mtu 1516
no ip address
negotiation auto
!
interface GigabitEthernet3/0.3
description TO THE PE1
encapsulation dot1Q 3
ip address 172.16.3.1 255.255.255.252
ip router isis
mpls ip
isis circuit-type level-2-only
isis network point-to-point
isis bfd
!
router isis
mpls ldp sync
net 49.0172.0016.0000.0001.00
is-type level-2-only
domain-password PLASHCHUN
ispf level-1-2
fast-flood 10
set-overload-bit on-startup wait-for-bgp
spf-interval 5 50 200
prc-interval 5 50 200
bfd all-interfaces
!
mpls ldp router-id Loopback0 force
!
banner motd ! Looking fow new opportunities (remote/virtual) Network Engineer CCNP igor.plashchun@yahoo.com+380953589271 !
!
end
PE1 is configured as follows:
!
hostname PE1
!
vrf definition GLOBAL
rd 172.16.1.1:1
!
address-family ipv6
route-target export 1:1
route-target import 1:1
exit-address-family
!
ip cef
ipv6 unicast-routing
ipv6 cef
!
mpls label range 1100 1199
mpls label protocol ldp
mpls ldp explicit-null
mpls ldp session protection
!
interface Loopback0
ip address 172.16.1.1 255.255.255.255
ip router isis
isis circuit-type level-2-only
!
interface Loopback190
ip address 10.1.190.3 255.255.255.255
!
interface GigabitEthernet0/0
mtu 1516
no ip address
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface GigabitEthernet0/0.3
description To THE PE2
encapsulation dot1Q 3
ip address 172.16.3.5 255.255.255.252
ip router isis
mpls ip
isis circuit-type level-2-only
isis network point-to-point
isis metric 30
isis bfd
!
interface GigabitEthernet1/0
mtu 1516
no ip address
negotiation auto
!
interface GigabitEthernet1/0.3
description TO THE P1
encapsulation dot1Q 3
ip address 172.16.3.2 255.255.255.252
ip router isis
mpls ip
isis circuit-type level-2-only
isis network point-to-point
!
interface GigabitEthernet2/0
mtu 1516
no ip address
negotiation auto
!
interface GigabitEthernet2/0.22
description FOR IPV6 INTERNET TRAFFIC
encapsulation dot1Q 22
vrf forwarding GLOBAL
ipv6 address FE80::1:1:22:2 link-local
ipv6 address 2028:190:0:1:1:1:22:2/122
ipv6 enable
!
interface GigabitEthernet2/0.190
description TO THE CE1
encapsulation dot1Q 190
ip address 10.1.190.13 255.255.255.252
mpls bgp forwarding
!
router isis
mpls ldp sync
net 49.0172.0016.0001.0001.00
is-type level-2-only
domain-password PLASHCHUN
ispf level-1-2
fast-flood 10
set-overload-bit on-startup wait-for-bgp
spf-interval 5 50 200
prc-interval 5 50 200
bfd all-interfaces
!
router bgp 1
bgp router-id 172.16.1.1
bgp log-neighbor-changes
no bgp default ipv4-unicast
no bgp default route-target filter
neighbor 10.1.190.1 remote-as 65190
neighbor 10.1.190.1 description TO CsC-PE1 FOR INTERNET TRAFFIC
neighbor 10.1.190.1 ebgp-multihop 2
neighbor 10.1.190.1 password PLASHCHUN
neighbor 10.1.190.1 fall-over route-map FALL_OVER_AS65190
neighbor 10.1.190.14 remote-as 65002
neighbor 10.1.190.14 description TO THE CE1 FOR MPLS VPN TRAFFIC
neighbor 10.1.190.14 password PLASHCHUN
neighbor 172.16.0.5 remote-as 1
neighbor 172.16.0.5 description TO THE RR1
neighbor 172.16.0.5 password PLASHCHUN
neighbor 172.16.0.5 update-source Loopback0
neighbor 172.16.0.6 remote-as 1
neighbor 172.16.0.6 description TO THE RR2
neighbor 172.16.0.6 password PLASHCHUN
neighbor 172.16.0.6 update-source Loopback0
!
address-family ipv4
network 1.1.190.0 mask 255.255.255.0
network 10.1.190.3 mask 255.255.255.255
neighbor 10.1.190.1 activate
neighbor 10.1.190.1 maximum-prefix 10 90
neighbor 10.1.190.1 filter-list 1 in
neighbor 172.16.0.5 activate
neighbor 172.16.0.5 next-hop-self
neighbor 172.16.0.6 activate
neighbor 172.16.0.6 next-hop-self
exit-address-family
!
address-family vpnv4
neighbor 10.1.190.14 activate
neighbor 10.1.190.14 send-community both
neighbor 10.1.190.14 next-hop-self
neighbor 10.1.190.14 advertisement-interval 5
neighbor 10.1.190.14 maximum-prefix 100 90
neighbor 172.16.0.5 activate
neighbor 172.16.0.5 send-community both
neighbor 172.16.0.5 next-hop-self
neighbor 172.16.0.5 advertisement-interval 5
neighbor 172.16.0.6 activate
neighbor 172.16.0.6 send-community both
neighbor 172.16.0.6 next-hop-self
neighbor 172.16.0.6 advertisement-interval 5
exit-address-family
!
address-family vpnv6
neighbor 10.1.190.14 activate
neighbor 10.1.190.14 send-community both
neighbor 10.1.190.14 next-hop-self
neighbor 10.1.190.14 advertisement-interval 5
neighbor 172.16.0.5 activate
neighbor 172.16.0.5 send-community both
neighbor 172.16.0.5 next-hop-self
neighbor 172.16.0.5 advertisement-interval 5
neighbor 172.16.0.6 activate
neighbor 172.16.0.6 send-community both
neighbor 172.16.0.6 next-hop-self
neighbor 172.16.0.6 advertisement-interval 5
exit-address-family
!
address-family ipv6 vrf GLOBAL
redistribute connected
redistribute static
neighbor 2028:190:1:122:1:22:4:1 remote-as 65190
neighbor 2028:190:1:122:1:22:4:1 ebgp-multihop 3
neighbor 2028:190:1:122:1:22:4:1 password PLASHCHUN
neighbor 2028:190:1:122:1:22:4:1 activate
neighbor 2028:190:1:122:1:22:4:1 filter-list 1 in
exit-address-family
!
ip bgp-community new-format
ip as-path access-list 1 deny .*
!
ip route 1.1.190.0 255.255.255.0 10.1.190.14
ip route 10.1.190.1 255.255.255.255 10.1.190.14
!
ip prefix-list FALL_OVER_NETWORK_AS65190 seq 10 permit 10.1.190.1/32
ipv6 route vrf GLOBAL 2028:190:1::/48 2028:190:0:1:1:1:22:1
!
route-map FALL_OVER_AS65190 permit 10
match ip address prefix-list FALL_OVER_NETWORK_AS65190
!
mpls ldp router-id Loopback0 force
!
banner motd ! Looking fow new opportunities (remote/virtual) Network Engineer CCNP igor.plashchun@yahoo.com+380953589271 !
!
end
CE1 is configured as follows:
!
hostname CE1
!
vrf definition CUSTOM
rd 10.1.0.2:30
!
address-family ipv4
route-target export 65190:30
route-target import 10.3.30.1:1
route-target import 65190:30
route-target import 10.6.30.1:1
route-target import 10.4.30.1:1
route-target import 192.168.3.0:3
route-target import 10.5.30.1:1
exit-address-family
!
address-family ipv6
route-target export 65190:30
route-target import 10.3.30.1:1
route-target import 65190:30
route-target import 10.6.30.1:1
route-target import 10.4.30.1:1
route-target import 192.168.3.0:3
route-target import 10.5.30.1:1
exit-address-family
!
vrf definition CsC_AS1
rd 192.168.1.0:1
route-target export 192.168.1.0:1
route-target import 192.168.2.0:2
!
address-family ipv4
exit-address-family
!
ip cef
ipv6 unicast-routing
ipv6 cef
!
mpls label range 41000 41099
mpls label protocol ldp
mpls ldp explicit-null
mpls ldp session protection
mpls ip default-route
!
interface Loopback1
vrf forwarding CsC_AS1
ip address 192.168.1.0 255.255.255.255
!
interface Loopback30
vrf forwarding CUSTOM
ip address 10.1.0.2 255.255.255.255
ipv6 address 2028:190:1:130:1:30:2:1/122
!
interface Loopback190
ip address 10.1.190.2 255.255.255.255
ipv6 address 2028:190:1:122:1:22:2:1/122
!
interface GigabitEthernet0/0
mtu 1508
no ip address
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface GigabitEthernet0/0.1
description TO THE CsC-PE1 FOR CsC MPLS VPN TRAFFIC WITH AS1
encapsulation dot1Q 11
vrf forwarding CsC_AS1
ip address 192.168.1.5 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 PLASHCHUN
ip ospf network point-to-point
mpls ip
!
interface GigabitEthernet0/0.22
description FOR IPV6 INTERNET TRAFFIC
encapsulation dot1Q 22
ipv6 address FE80::1:22:4:2 link-local
ipv6 address 2028:190:1:122:1:22:4:2/112
!
interface GigabitEthernet0/0.30
description TO THE CsC-PE1 FOR VRF TRAFFIC
encapsulation dot1Q 30
vrf forwarding CUSTOM
ip address 10.1.0.5 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 PLASHCHUN
ip ospf network point-to-point
mpls ip
!
interface GigabitEthernet0/0.130
description TO THE CsC-PE1 FOR IPV6 VRF TRAFFIC
encapsulation dot1Q 130
vrf forwarding CUSTOM
ipv6 address FE80::1:30:4:2 link-local
ipv6 address 2028:190:1:130:1:30:4:2/122
ipv6 enable
!
interface GigabitEthernet0/0.190
description TO THE CsC-PE1 FOR INTERNET TRAFFIC
encapsulation dot1Q 190
ip address 10.1.190.5 255.255.255.252
ip nat inside
ip virtual-reassembly in
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 PLASHCHUN
ip ospf network point-to-multipoint
mpls ip
!
interface GigabitEthernet1/0
mtu 1516
no ip address
negotiation auto
!
interface GigabitEthernet1/0.22
description FOR IPV6 INTERNET TRAFFIC
encapsulation dot1Q 22
ipv6 address FE80::1:1:22:1 link-local
ipv6 address 2028:190:0:1:1:1:22:1/122
ipv6 enable
!
interface GigabitEthernet1/0.190
description TO THE PE1
encapsulation dot1Q 190
ip address 10.1.190.14 255.255.255.252
ip nat outside
ip virtual-reassembly in
mpls bgp forwarding
!
router ospf 1 vrf CsC_AS1
router-id 192.168.1.0
max-metric router-lsa on-startup 30
ispf
auto-cost reference-bandwidth 1000
capability vrf-lite
redistribute static
redistribute bgp 65190 metric-type 1 subnets
network 192.168.1.0 0.0.0.0 area 1
network 192.168.1.4 0.0.0.3 area 1
!
router ospf 30 vrf CUSTOM
mpls ldp sync
router-id 10.1.0.2
max-metric router-lsa on-startup 30
ispf
auto-cost reference-bandwidth 1000
capability vrf-lite
redistribute bgp 65190 metric-type 1 subnets
network 10.1.0.2 0.0.0.0 area 0
network 10.1.0.4 0.0.0.3 area 0
!
router ospf 190
router-id 10.1.190.2
max-metric router-lsa on-startup 30
ispf
auto-cost reference-bandwidth 1000
redistribute connected subnets
passive-interface default
no passive-interface GigabitEthernet0/0.190
network 10.1.190.2 0.0.0.0 area 0
network 10.1.190.4 0.0.0.3 area 0
!
router bgp 65190
bgp router-id 10.1.190.2
bgp log-neighbor-changes
no bgp default ipv4-unicast
no bgp default route-target filter
neighbor 10.1.190.13 remote-as 1
neighbor 10.1.190.13 local-as 65002 no-prepend replace-as
neighbor 10.1.190.13 description TO THE PE1_AS1 FOR MPLS VPN
neighbor 10.1.190.13 password PLASHCHUN
neighbor 10.1.190.13 update-source GigabitEthernet1/0.190
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 10.1.190.13 activate
neighbor 10.1.190.13 send-community both
neighbor 10.1.190.13 next-hop-self
neighbor 10.1.190.13 advertisement-interval 5
maximum-paths 2
exit-address-family
!
address-family vpnv6
neighbor 10.1.190.13 activate
neighbor 10.1.190.13 send-community both
neighbor 10.1.190.13 next-hop-self
neighbor 10.1.190.13 advertisement-interval 5
exit-address-family
!
address-family ipv4 vrf CUSTOM
network 0.0.0.0
exit-address-family
!
address-family ipv6 vrf CUSTOM
redistribute connected
neighbor 2028:190:1:130:1:30:4:1 remote-as 65190
neighbor 2028:190:1:130:1:30:4:1 password PLASHCHUN
neighbor 2028:190:1:130:1:30:4:1 activate
neighbor 2028:190:1:130:1:30:4:1 next-hop-self
exit-address-family
!
address-family ipv4 vrf CsC_AS1
redistribute ospf 1
exit-address-family
!
ip bgp-community new-format
!
ip nat pool GLOBAL_AS1 1.1.190.2 1.1.190.254 netmask 255.255.255.0
ip nat inside source route-map FOR_NAT_AS1 pool GLOBAL_AS1
!
ip access-list extended LOCAL
permit ip 10.1.30.0 0.0.0.255 any
permit ip 10.2.30.0 0.0.0.255 any
permit ip 10.4.30.0 0.0.0.255 any
permit ip 10.5.30.0 0.0.0.255 any
permit ip 10.6.30.0 0.0.0.255 any
!
ipv6 route 2028:190:1::/48 2028:190:1:122:1:22:4:1
ipv6 route ::/0 2028:190:0:1:1:1:22:2
!
route-map FOR_NAT_AS1 permit 10
match ip address LOCAL
match interface GigabitEthernet1/0.190
!
mpls ldp router-id Loopback190 force
!
banner motd ! Looking fow new opportunities (remote/virtual) Network Engineer CCNP igor.plashchun@yahoo.com+380953589271 !
!
end
CsC-PE1 is configured as follows:
!
hostname CsC-PE1
!
vrf definition CUSTOM
rd 10.1.0.1:30
!
address-family ipv4
maximum routes 1600 90
route-target export 65190:30
route-target import 65190:190
route-target import 65190:30
exit-address-family
!
address-family ipv6
route-target export 65190:30
route-target import 1:1
route-target import 65190:30
exit-address-family
!
vrf definition GLOBAL
rd 10.1.190.1:1
!
address-family ipv4
maximum routes 1500 90
route-target export 65190:190
route-target import 65190:30
exit-address-family
!
address-family ipv6
route-target export 1:1
route-target import 1:1
route-target import 65190:30
exit-address-family
!
ip dhcp bootp ignore
ip dhcp excluded-address 10.1.30.1
ip dhcp excluded-address vrf CUSTOM 10.6.30.1
ip dhcp excluded-address vrf CUSTOM 10.5.30.1
!
ip dhcp pool CUSTOM_BRANCH_6
vrf CUSTOM
network 10.6.30.0 255.255.255.0
default-router 10.6.30.1
domain-name plashchun.com
lease 2 2 2
!
ip dhcp pool CUSTOM_BRANCH_5
vrf CUSTOM
network 10.5.30.0 255.255.255.0
default-router 10.5.30.1
domain-name plashchun.com
lease 2 2 2
!
ip dhcp pool CUSTOM_OFFICE
network 10.1.30.0 255.255.255.0
default-router 10.1.30.1
domain-name plashchun.com
lease 22 2 2
!
no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef
ipv6 dhcp pool OFFICEV6
prefix-delegation pool CUSTOM_OFFICEV6 lifetime 1800 600
dns-server 2001:4860:4860::8888
domain-name plashchun.com
!
mpls label range 41100 41199
mpls label protocol ldp
mpls ldp explicit-null
mpls ldp session protection
mpls ip default-route
!
interface Loopback0
description FOR MPLS LDP ROUTER-ID
ip address 192.168.1.1 255.255.255.255
!
interface Loopback30
vrf forwarding CUSTOM
ip address 10.1.0.1 255.255.255.255
ipv6 address FE80::1:30:1:1 link-local
ipv6 address 2028:190:0:30:1:30:1:1/122
!
interface Loopback190
vrf forwarding GLOBAL
ip address 10.1.190.1 255.255.255.255
ipv6 address 2028:190:1:122:1:22:1:1/122
ipv6 enable
!
interface GigabitEthernet0/0
mtu 1508
no ip address
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface GigabitEthernet0/0.1
description TO THE CE1 FOR CsC MPLS VPN TRAFFIC THROUGH AS1
encapsulation dot1Q 11
ip address 192.168.1.6 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 PLASHCHUN
ip ospf network point-to-point
mpls ip
!
interface GigabitEthernet0/0.22
description FOR IPV6 INTERNET TRAFFIC
encapsulation dot1Q 22
vrf forwarding GLOBAL
ipv6 address FE80::1:22:4:1 link-local
ipv6 address 2028:190:1:122:1:22:4:1/112
!
interface GigabitEthernet0/0.30
description TO THE CE1 FOR VRF TRAFFIC
encapsulation dot1Q 30
vrf forwarding CUSTOM
ip address 10.1.0.6 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 PLASHCHUN
ip ospf network point-to-point
mpls ip
!
interface GigabitEthernet0/0.130
description TO THE CE1 FOR IPV6 VRF TRAFFIC
encapsulation dot1Q 130
vrf forwarding CUSTOM
ipv6 address FE80::1:30:4:1 link-local
ipv6 address 2028:190:1:130:1:30:4:1/122
ipv6 enable
!
interface GigabitEthernet0/0.190
description TO THE CE1 FOR INTERNET TRAFFIC
encapsulation dot1Q 190
vrf forwarding GLOBAL
ip address 10.1.190.6 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 PLASHCHUN
ip ospf network point-to-multipoint
mpls ip
!
interface GigabitEthernet1/0
mtu 1504
no ip address
negotiation auto
!
interface GigabitEthernet1/0.30
description TO THE CsC-CE1 FOR MPLS
encapsulation dot1Q 30
vrf forwarding CUSTOM
ip address 10.1.0.9 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 PLASHCHUN
ip ospf network point-to-point
ipv6 address FE80::1:30:1:1 link-local
ipv6 address 2028:190:1:30:1:30:2:1/64
ipv6 dhcp server OFFICEV6
mpls ip
!
router ospf 190 vrf GLOBAL
router-id 10.1.190.1
max-metric router-lsa on-startup 30
ispf
auto-cost reference-bandwidth 1000
capability vrf-lite
redistribute bgp 65190 subnets route-map FOR_MPLS
network 1.1.190.0 0.0.0.255 area 0
network 10.1.190.1 0.0.0.0 area 0
network 10.1.190.4 0.0.0.3 area 0
!
router ospf 30 vrf CUSTOM
router-id 10.1.0.1
max-metric router-lsa on-startup 30
ispf
auto-cost reference-bandwidth 1000
capability vrf-lite
redistribute bgp 65190 subnets route-map FOR_MPLS
network 10.1.0.1 0.0.0.0 area 0
network 10.1.0.4 0.0.0.3 area 0
network 10.1.0.8 0.0.0.3 area 1
default-information originate always
!
router ospf 1
router-id 192.168.1.1
max-metric router-lsa on-startup 30
ispf
auto-cost reference-bandwidth 1000
network 192.168.1.1 0.0.0.0 area 0
network 192.168.1.4 0.0.0.3 area 1
!
router bgp 65190
bgp router-id 192.168.1.1
bgp log-neighbor-changes
bgp update-delay 1
bgp bestpath as-path multipath-relax
no bgp default ipv4-unicast
no bgp default route-target filter
timers bgp 10 30
neighbor 192.168.2.1 remote-as 65190
neighbor 192.168.2.1 description TO THE CE5_and_CsC-PE5 through AS1
neighbor 192.168.2.1 password PLASHCHUN
neighbor 192.168.2.1 update-source Loopback0
!
address-family vpnv4
bgp nexthop trigger delay 1
bgp scan-time 5
neighbor 192.168.2.1 activate
neighbor 192.168.2.1 send-community both
neighbor 192.168.2.1 next-hop-self
neighbor 192.168.2.1 advertisement-interval 1
exit-address-family
!
address-family ipv4 vrf CUSTOM
import path selection all
bgp router-id 10.1.0.1
redistribute static metric 30
redistribute ospf 30 match internal external 1 external 2
default-information originate
exit-address-family
!
address-family ipv6 vrf CUSTOM
redistribute connected
bgp router-id 10.1.0.1
neighbor 2028:190:1:130:1:30:4:2 remote-as 65190
neighbor 2028:190:1:130:1:30:4:2 password PLASHCHUN
neighbor 2028:190:1:130:1:30:4:2 activate
neighbor 2028:190:1:130:1:30:4:2 next-hop-self
neighbor 2028:190:1:130:1:30:4:2 default-originate
exit-address-family
!
address-family ipv4 vrf GLOBAL
import path selection all
import path limit 2
bgp router-id 10.1.190.1
redistribute static metric 190
redistribute ospf 190 match internal external 1 external 2
neighbor 10.1.190.13 remote-as 1
neighbor 10.1.190.13 description TO THE PE1_AS1 FOR INTERNET TRAFFIC
neighbor 10.1.190.13 ebgp-multihop 2
neighbor 10.1.190.13 password PLASHCHUN
neighbor 10.1.190.13 update-source Loopback190
neighbor 10.1.190.13 fall-over route-map FALL_OVER_GLOBAL_AS1
neighbor 10.1.190.13 activate
neighbor 10.1.190.13 prefix-list RFC1918_PLUS in
neighbor 10.1.190.13 route-map NO_ADVERTISE in
neighbor 10.1.190.13 maximum-prefix 1000 90
neighbor 10.1.190.13 filter-list 1 in
neighbor 10.1.190.13 filter-list 19 out
maximum-paths 2
default-information originate
exit-address-family
!
address-family ipv6 vrf GLOBAL
redistribute connected
redistribute static
bgp router-id 10.1.190.1
network ::/0
neighbor 2028:190:0:1:1:1:22:2 remote-as 1
neighbor 2028:190:0:1:1:1:22:2 ebgp-multihop 3
neighbor 2028:190:0:1:1:1:22:2 password PLASHCHUN
neighbor 2028:190:0:1:1:1:22:2 activate
neighbor 2028:190:0:1:1:1:22:2 prefix-list INCOMING_IPV6 in
exit-address-family
!
ip bgp-community new-format
ip as-path access-list 1 permit ^(1_)+$
ip as-path access-list 1 permit ^(1_)+_[0-9]+$
ip as-path access-list 19 deny .*
!
ip route vrf CUSTOM 0.0.0.0 0.0.0.0 Null0
ip route vrf GLOBAL 0.0.0.0 128.0.0.0 10.1.190.3 254
ip route vrf GLOBAL 128.0.0.0 128.0.0.0 10.1.190.3 254
!
ip prefix-list FALL_OVER_GLOBAL_NETWORK_AS1 seq 10 permit 10.1.190.13/32
!
ip prefix-list LOCAL_NETWORK seq 10 permit 10.0.0.0/8 le 32
ip prefix-list LOCAL_NETWORK seq 20 permit 172.16.0.0/12 le 32
ip prefix-list LOCAL_NETWORK seq 30 permit 192.168.0.0/16 le 32
!
ip prefix-list LOOPBACK_MPLS seq 10 permit 192.168.1.1/32
!
ip prefix-list RFC1918_PLUS seq 10 permit 10.1.190.3/32
ip prefix-list RFC1918_PLUS seq 20 deny 10.0.0.0/8 le 32
ip prefix-list RFC1918_PLUS seq 30 deny 172.16.0.0/12 le 32
ip prefix-list RFC1918_PLUS seq 40 deny 192.168.0.0/16 le 32
ip prefix-list RFC1918_PLUS seq 50 deny 127.0.0.0/8 le 32
ip prefix-list RFC1918_PLUS seq 60 deny 0.0.0.0/8 le 32
ip prefix-list RFC1918_PLUS seq 70 deny 169.254.0.0/16 le 32
ip prefix-list RFC1918_PLUS seq 80 deny 224.0.0.0/4 le 32
ip prefix-list RFC1918_PLUS seq 90 deny 240.0.0.0/4 le 32
ip prefix-list RFC1918_PLUS seq 100 deny 0.0.0.0/0
ip prefix-list RFC1918_PLUS seq 1000 permit 0.0.0.0/0 le 19
ipv6 route vrf GLOBAL 2028:190:0:1:1:1:22:0/122 2028:190:1:122:1:22:4:2
ipv6 route vrf GLOBAL 2028:190:1:122:1:22:2:0/122 2028:190:1:122:1:22:4:2
ipv6 route vrf CUSTOM 2028:190:1:130::/60 2028:190:1:30:1:30:2:2
ipv6 route vrf GLOBAL ::/0 Null0
ipv6 local pool CUSTOM_OFFICEV6 2028:190:1:130::/60 64
!
ipv6 prefix-list INCOMING_IPV6 seq 5 deny 2028:190:1::/48
ipv6 prefix-list INCOMING_IPV6 seq 10 permit ::/0 le 48
route-map FOR_MPLS permit 10
match ip address prefix-list LOCAL_NETWORK
set origin igp
!
route-map NO_ADVERTISE permit 10
set community no-advertise
!
route-map FALL_OVER_GLOBAL_AS1 permit 10
match ip address prefix-list FALL_OVER_GLOBAL_NETWORK_AS1
!
mpls ldp router-id Loopback0 force
mpls ldp router-id vrf CUSTOM Loopback30 force
mpls ldp router-id vrf GLOBAL Loopback190 force
!
banner motd ! Looking fow new opportunities (remote/virtual) Network Engineer CCNP igor.plashchun@yahoo.com+380953589271 !
!
end
If you were interested to read the article, then click LIKE. Maybe this will help me find a job
P.S. Sorry for my English
Hi Igor!
ReplyDeleteMaybe you should think about SegmentRouting? It has better convergence than classical mpls+ldp, trust me ;)