1. OVerlapping VPN
Overlapping VPN. Now, in this section I’m going to explain you how the overlapping VPNs are going to work. Let me just give you a basic idea what exactly overlapping VPN. So if you just get back to the previous videos, what we have learned, we have seen some of the basic simple MPLS l three VPN configurations where you have a customer A. Let’s say this is customer site A one. The blue ones you can see there. And we have a customer site A two. Now, by default, the customer side A One is going to advertise the routes to PE router. And the PE router is responsible for exchanging the routes from one P two on the P and then they get advertised back to the customer site A two. Now, similarly, the same thing happens for another customer.
Let’s say I have another customer B one is communicating with a B Two. A b one address the routes. Now through the VPN V four route. They will be advertised to the other end of the provider edge router. And this portrait router is going to send back to the customer B. Now B one is able to communicate with B Two. That’s fine. And similarly the A one is also able to communicate with A two sides. Now, in the basic simple VPNs, what we have done in previously, we are actually exchanging the routes between the same customer sites. Now, what if you want to exchange the route between two or more different customers? Now you want to ensure that the customer A one should have should communicate with A two.
That is something by default because they are belonging to the same VPN or the same customer sites. But I want to make sure that some routes of the customer A should also get advice to customer B two, but not to B one, maybe some selected sites. Now, this kind of configuration we call it as overlapping VPNs. So in case of overlapping VPN, some customer routers is going to participate in more than one simple VPN. That means by default the customer A is going to participate in a VPN which is belonging to customer A sites. But here we are making customer A want to participate in more than one another VPN, exchange the routes between two or more different customers. So let’s see how to configure this. And we’ll see the practical labs as well.
Now, if you want to make this possible, it’s all about route target values. Now here the major modification, the major configuration. What we are going to do is we are going to play around with the route target values. So what we can do is we need to actually just make some changes to their respective import export values. Now based on that, the VPN will decide which routes it should import on the customer A, on the customer B. Let’s try to make some simple scenarios and we’ll verify how it is going to work practically. Okay, let’s jump into the lab here. Now in my lab, I’m going to take the same core routers where I have all the routers running in the four routers will be acting as my service for the core routers. And then I’m going to continue with my previous lab.
If you remember in the previous lab series, we have seen BGP as a P to C routing protocol. So this is something what we did in the previous lab. Now here router seven, sorry, router six. Router five is actually extending the route through BGP. And then from there there is a VPN V four pairing already pre configured. And then finally on the router six, again, we are going to we just configured BGP. So router five and router six is able to communicate. If you want to check, I can get into a command line here. On the router file, there is a router file which is my customer router of site A one. If I go show IP route PGP. Now, if you remember the last time actually there was a problem. I was not able to see the route six dot network which is coming from the site A two.
It was not coming because actually I missed one command on the router one that was as override. So actually I reconfigured this one. So it’s a continuation lab for what we did in our previous labs. Like the previous lab, what we have used EBGP as a PTC routing protocol. Now in this scenario, what I did is I got multiple sites, so it’s going to be the same lab continuation. Our IGP core remains the same and there is MPLS. IP is already preconfigured inside the core. And then between P to C routing, we are using BGP here and the BGP is also preconfigured. And then we have a BPM for peering already preconfigured here. Now here the site A one. The blue ones you can see this is a customer site A One is able to communicate with customers site A Two on the other side.
Now similarly, I got another customer which is B one, site One, and then is also able to communicate with B two here. Now, what I did, I configured OSPF as my P. Two C routing protocol here. And this is something I pre configured here. And here I’m using EHR, but it can be any other routing protocol as well. And also we are doing redistribution on this router and making sure that the customer side A one should be able to communicate with customer side A two. Similar way, the customer side B one must have a communication with customer side B two. So P two C routing, registration, everything is precommitted. Now here in this scenario, by default, A one is able to communicate with A two. It’s working fine, and the B one is able to communicate with B two.
So let’s try to verify here. To verify can go to router one, I can say that is my P router VPN V four VRF A one. I’m able to see the routes coming from five and six. Five belongs to a one and six belongs to a two on the other side. And if I go to router five, if I give show IP route BGP, I can see six route is coming into my BGP table. So or if I give show IP BGP, you can see I’m able to see the route find six which are between customer A one. This is five here and six. So this find six are able to communicate with each other. Let’s try to verify the same thing by using ping six which are source five five. You can see I’m able to communicate with each other in a similar way if I go back to my another customer site that is B one, which is also pre conferenced here IP BGP VPN V four, VR B one.
I’m going to verify the routes coming from customer B belongs to site one and site two here you can see as per my lab scenario here, these routers are router seven here and the red ones router seven and Outrage. So this is seven, seven and eight. Eight. I can see they’re able to communicate with each other. One is coming from seven, other one is coming from router three that is from here. Now, similar way if I go to customer site, that is R seven. If I go to IP route here, I’m running OSP of. So if I go show IP OSP of, I can see the route coming from B two, ping eight with a source interface of seven.
Now, I created just very simple basic VPNs here where a customer site A one is able to communicate with customers at A two and the RT value I’m using 501 on both the sides Rd and Rtvalues and then the customer side B one is able to communicate with customers at B two. And I’m using the route target values of 500 for the customer B. Now, these are all something initial configurations which I already did. It’s just a part of the simple basic VPN what we have used in our previous scenarios here. If you want to refer the steps, I have all the steps document in my workbook here where I have continued with the same lab. That’s what? R one, R three, r five, r six are pre conference using EBGP. What we are doing is we are just adding router seven outright to the existing topology and then we are going to create one VRF R one, VRF B one on the R one and B two.
That’s what the red route is. This is something preconference I said already. And then assigning some route route target values of 502 for customer B and then conquering some P two C routing protocol as a P two C routing protocol. I’m using OSPF on the B one and EHRP on the B two and then doing some redistribution of the routes. And then on the side two of the B two there is customer B side to B two. We are implementing, EHRP? It can be any other routing protocol. And then finally the customer A and B are able to communicate here. Now, what if as per our overlay VPN lab, what if a customer A want to communicate with customer B and customer B two? So in that case, what exactly we need to confirm? So that is something that we will be verifying in this lab here.
2. OVerlapping VPN – Continued
So configure the outer one, router three. So this is our task here, configure the router one, router three to ensure that the customer A one and P one should exchange the routes between P one and P two. So, which means, let’s take an example. Maybe these two companies merges into one company. Or you may want a customer A should exchange the routes between customer B both sides. So right now by default A one is able to communicate with A two and by default B one is able to communicate with B two. That is what we did in our simple VPNs, making each and every customer VPN as a separate route. What if I want to exchange the route between these two? Now, what we need to do in this scenario now it’s going to be very simple here.
Now, to make that possible, what we need to do is we need to go to the router one and we need to go to the VRF A one, which is a VRF A one. Let me write down here, if I want to exchange the routes so I need to go to router one. On the router one, under the VRF A one. So on the router one we are going to say VRFA one, I need to say Import because already I’m importing. So VRF A one is using Rd value of 501 Rd and Rtvalues as per our initial configuration. So A one and A two both are using the Rd value and RTVS of Pioneer colon one and B one and B Two are using the route distinguisher and route target values of 502. Now, I need to go to the VRFA One as well as VRFA two. So I need to tell VRFA one, VRFA two, I just need to add one simple command that is under the VRF mode I need to say import 500.
So when I say import 502 automatically, what happens is now the customer B routes are already exported with a 502 value. So if you remember we did that already, they are exporting. And then we already have a configuration of import 500 column two here import 500, which means whatever the routes coming from B two, they will be exported as a finite colon two, and then they get imported into only customer B because of import 500 column two. Now, in this scenario, what I want is I want to make sure that this B routes should also get imported into customer A also. So in that case, I just need to add import 500, sorry, 502. And similar way, if you want to do the same thing on the other side, that is on the router one also we need to say under the VRFA one, we need to say import 500.
Now, once you add this command automatically, all the routes which are exported with finite colonel two. In our scenario, all the routes means all the customer B routes are exported with finite Colonel two will automatically get imported into customer A sites. It’s up to you which customer sites you want to import. It all depends. If you want in each and every customer site, then you can go to each and every P router. You can do the same configuration. But let’s say you want to import only on router one and you don’t want on the router three you don’t want here. In that case, you don’t need to add that command under the VRFA two. Just add the command only on the VRFA one in a similar way, opposite side.
In my scenario, I want to make sure that B one and B two, the customer B one and B two should be able to communicate with customer A. In that case, I just need to add one command under the VRF B one and B two. Simply say import 500. Because in our scenario we are already exporting. The customer A is already exporting with a value of 501 501 from this side only. The thing is, we need to say on the customer B side we need to say import 501. Now, this is going to satisfy our requirements. So our requirement is customer A. Customer A sides should exchange the routes between customer B sides. Let’s verify that. So I’ll go to router one, that is on the router one. On the left side you can see and first I’ll verify whether the customer routes are differentiated.
If you just go back and verify show IP BGP to differentiate the routes VPN V four, VRF A Hyphen one. So not on the router seven, it is on the router one. So it says show IP BGP VPN v four VRF a one. Now, A one is going to receive the routes coming from router five and router six only. Now, as per our diagram, the customer A routes, this is five five and this route is six six. Route six which is coming from customer site A one and A two. Now, my requirement is to make sure that I should be able to see the routes which are coming from B also on this side. So to make that possible, I need to go to router one and then under the VRF A one, which is on router one I need to say import 500 column.
So once you configure this command automatically, I should see this seven dot network comes into my VRF A one and also this eight dot also will come automatically on both sides. Let’s go to Ipvrfa one and then we need to say route target import 502. That is Customer B. Now, before I configure, if you just want to verify what are the default configurations, the default import export configurations, what we are using short run section VRF. By default we are importing exporting our values in the VRFA one and then in the VRF B one we are importing exporting 500 km soda differentiated. So I need to say import route target sorry, route target import route target import 502 done.
So once I configure this now on the router one, if I just use show IP BGP Vpnv four BrfA one, I should say, let me clear the BGP. So just for faster convergence, I can simply say clear IP BGP asterisk VPN V four unicast. Now we can see now I can see routes coming from seven and eight also can be seen in the VRF private because by default these routes are exported with finite colon two. Now we are not only importing in B one also we are importing on A one as well. Now, similar way, if you want to do the same thing on opposite side, opposite side means now I want to make sure that let’s do for on the router three first, 1st, 1st, I’ll import all the P routes. Okay? So I’ll get into a command line of the router three. Again, on the router three, I’ll import all the B routes first and then I’ll come back to the importing on the A routs.
So I give you the same command. IP VRF a hyphen two. That is, we need to say route target import 400. Now, before actually this configure this command, if I do show IP BGP, we can be four VRFA two. I don’t see the routes coming from I don’t see the routes coming from seven and eight that is coming from B customer. I don’t see one file. Let me just troubleshoot it. So let me just quickly configure the same thing on the VRF A two as well, and then I’ll verify. Now show IPP GP VPN b four. VRFA two. Now, the same thing I should see on the router three. On the VRF A two, I should be able to see all the routes coming from the customer B. Now, similar way I had to do opposite side, I need to make sure that all the routes coming from customer A should be seen on customer B as well, from A to B.
Now, what we need to do, we need to configure under the VRFA one. Sorry, not on the way it has to be on the B one and B two, we need to say import route target value of 501 because all the routes of the customer A are exported with the 500 colon one value. So let me just quickly do the same thing on the VRFB as well. On both the routers first, I’ll start with B one. On the router one, route target import, we need to save 501, the same thing I do on the router three as well. Ipvrf P two, that is customers at B two, we need to say route target import 500 column one. Okay? So if you just get back and verify the configurations what we did. So we just configured some extra configurations here on the router one.
Let’s go and verify on the router one we have configured by default VRFA one is actually importing and exporting by default values. So this is something for all the customers which belongs to customer A, all the sites which belongs to customer A. Now what we are doing is our requirement was to make sure that customer B route should be seen on the VRFA one, that is this one. So we are importing 500 to whatever the routes coming from customer B. Now similarly the same thing we are doing on the B one as well. This is for customer B. For the customer A by default it is importing and exporting value of by default is importing exporting value of the customer and we are actually importing all the routes from the customer.
The similar kind of configurations you will find on the router three also. So showrun section VRF. Now if you check the configurations on the router three also it has similar configurations. So VRFA one is actually importing exporting all the routes coming from customer A and then if you want to import all the routes from customer B we are saying import all the routes from customer B which is already exporting with 500. Same thing. This is default import export for all the customers sites B and then importing all the routes coming from customer A. Now this way we can make sure that the different sides of the customer actually different customers sites can exchange the routes between them.
Okay so this is like a more simple overlay VPNs where we are actually exchanging all the routes from customer A to customer B. But let’s take an example. If we have a requirement where you want to exchange only selected routes between the customers or you just want to export only selected routes or maybe you just want to export, you want to communicate that customer A should communicate with B two but not with B one. So in that case we can actually get into some more complex overlap VPNs by adding some routes with respect to different route target values. So that’s something will see in the next section. In the next video I’m going to take one more task where we have a similar kind of requirement.
