1. MPLS L3 VPN – RIPv2
In this section we’ll see how to configure MPLS L three, VPN for Rip version two. So let’s take an example. If you remember in our previous scenarios we have used static routing which is acting as a P to C routing protocol. Now in this scenario we are going to use RFP version two and all the remaining things will be same on both the sides. You can use the same routing protocol or it can be a different routing protocol. It doesn’t make difference. So we’ll see how to configure Rip version two in case if you are using in between PA to C routing as a routing protocol. So if you remember the six steps, what we discussed. Now in my lab I already have the first three steps pre configured, which means I have IGP running and also I have LDP enabled inside the Respondetwork and also I have the VRF configured and the VRF Rd value is 501 and route target value.
Also I’m using the same number. So the first three steps are pre configured. So in this complete lab I’m going to show you the remaining three steps configuration. So VPN V four configuration is more similar to what we did. It’s actually the same configuration, only the changes will be the fourth step. Because you are not going to use static routing here, we are going to use Rip protocol as a PE to C routing and there will be a slight modification in the redistribution steps also. Let us see how we can do that. So, I go to my command line here on the router one. First thing we’ll try to verify the configurations. And this is my diagram here. Let’s try to verify the configurations. I’ll go to Router One and the first thing I’ll say show MP’s LDP neighbors. I can see two neighbors exactly as per my requirement.
Similar, we can go to router three, also shown Pillars LDP neighbors. All the LDP configurations are done already. And then if you want to verify the configurations, showrun section VRF. You can use this command to verify the VRF configurations. I have a VRF called A one on the left side on the router one with the Rd value of 501 and I have import export the route target values of 501. Now I can also verify with show Ipvr interfaces I already have configured F zero by zero interface facing towards the customer is already inside your VRF a one and it is up and running and the connectivity is also working fine. The same thing if I verify on router three. Also I have interface which is connecting to router six. A customer router is already under the VRF called A two and if I verify the configurations it is something pre configured here with 501 and input export finite one.
Again, the fourth step will be we need to configure P to C routing. And in my scenario I’m going to use Rap here. So we’ll start with this a one raw site using Rap protocol. So let us start with customer side. And if I verify I just want to verify, do I have any configuration? Because last time I have configured some static route in my previous lab. So I need to check whether it is removed or not in case if it is already there, I had to remove it. So when you’re going to continue with my previous labs. So ensure that you don’t have any of the routing configured which is going to again, which can impact this lab also. So ensure that you remove that. Now let’s try to verify the configurations. There is nothing configured show IP interface brief.
All my interfaces are up and on the router file. I’m going to start with router file here. So what’s the protocol? We decided to go with router rip. Now, customer side, it’s like in normal rip configurations, we need to say version two, no auto summary network. I’m using five or network in the lamp and one centre dot 16 network in the in the van. The link connecting between the routers. Similarly on the router six. Also I’ll configure the same customer side, no auto summary network, six dot network on the router six. And what is the network we are using? One sent to 16 dot network. Done. Okay, so when it comes to router file configurations, it’s a customer router. We need to just configure normal rip. Let’s see how we can configure rip under the VRF. Because if you remember anything you configured towards the customer, it has to be under the VRF.
So I had to configure rip on this, but it has to be under the VRF a one. There is a name of the VRF which we created on the router one. So to get into the VRF, we need to go throughout the rip and we need to type address family, IPV four, VRF a one. So in this way so even in rip also we need to configure address family. And once we get into the router mode inside that address family, we are inside the VRF mode. Now here we need to configure all the commands similarly like we did our normal rip. So, virtual two, no auto summary. And what is the network I’m using? 170 network which is connecting towards the customer side. That’s it. So once you configure on this side automatically now verification part anyway, I’ll do it on router three. Before I come to router three, I want to verify show IP route we are at A one.
I should see the fire network learn through rip coming from router file. If you see this route, it confirms that the router file is advertising the fire network to rip and that fire network is installed into the VRF routing table learned through rip protocol. Now, previously we have used static. Now this time we are using rip. The same thing we need to do on the router three. Also, already I configured on the router six. So we need to just finish up the configurations on the router three r IP address, family IPV for VRFA two. And what are the commands? Network 170 216 network version two. Version two not auto summary darses. So all the commands are same, except we just need to add a family VRF and then we need to apply all the commands just like we do in a normal rip configurations.
Now verification. If I go to show IP route VRF A two I should see the six dot network coming from router six into my routing table into the VRF routing table of router three. And then I should be able to ping to that six dot network from VRF from the same side. From router three, I should be able to ping to six under the VRF. Similar way on the router one, I should be able to ping to VRF five five network which is on the router five. Now, once we finish up, once you get this output, it confirms that the routing between P two C is working fine. But we are just using rip version two on both the sites. Now, I want to ensure that the next step, the fourth step will be if you want to send the route from site one to site two we need to configure something extra. That is, we need to configure VPN V Four pairing between Router one and Router three.
The both the peer routers. And then finally we need to do redistribution. Okay, let us finish off with the VPN V Four configurations. I already have the VPN V four configurations here. If you see the VPN V Four configurations, there’s no difference. If you are using any protocol, the VPN V four configurations remains the same. So you can see the commands here neighbor eleven remote is updated source and under that is family VPN V Four unicache. We need to say activate send community next observe. So these commands I already explained in detail in my previous section. So I’ll simply go to Router one and I’m going to copy paste the same commands over there. Okay? Sorry, it has to be router this commands. So on the Router one we need to configure router Three. As a neighbor, I will go to Router one and then we’ll configure these commands and similar way these commands neighbor Eleven one applies on the Router three.
Done. So once you finish up the configurations to ensure that the Vpnvo peering is working fine, we can use a command called Schwaipgp Vpnv for all summary command. Now, I should not see active. Let us give some time for convergence. If all the configurations are correct, then definitely you should see the VPN V Four. neighborship will come up. I can see now it is up, but no exchange of the routes. And the reason for that is we did not configure a distribution because the routes are coming from here and it is installed in the routing table of PRF and the routes coming from side to install in the VRF routing table through rip. And then we just configured VPN before pairing between them. Now we need to combine these three parts. So to combine we need to configure redistribution of rip into BGP and then BGP into rip.
The same way we need to do on the other side redistribution of BGP into rip, rip into BGP under the address family. Remember that it has to be under the address family always. So let’s finish up the configuration with redistribution. So I’ll start with redistribution of rip into BGP first. So the router BGP 500 always go under the family address family IPV four, VRFA one and then redistribute. What is the source protocol? Rip. That’s it. There’s no need to define any metric in the BGP. Similar way I have to redistribute BGP into rip. So I need to go to router rip and then here also I have to I should go into the VRF compulsory, remember that? And then inside the VRF we need to say redistribute BGP. What is the as number 500 and metric has to be defined in terms of Hopkins. So any Hopkins, let’s say just I’ll give one, that’s it.
Okay. Similar way I’ll go and configure the same thing on the router three also. So router router BGP 500 family IP before VRF is a two and then redistributing rip into PGP which means redistribute rip and then now we are going to redistribute BGP into rip. So redistribute rip and then address family IPV four VRF a two, redistribute BGP 500 and metric in terms of Hopkins. Done. Now the redistribution of BGP into rip and R IP into BGP is more like your normal redistribution. But the only difference is we need to get into a trust family of that VRF mandatory. If you don’t get into that, if you do in a normal BGP, in that case the routes will not be installed in the VRF routing table. Now that is something you need to keep in mind. Now the final thing is verification.
Now the first thing I should verify is on the router one I should be able to see file anyway, I’m able to see file but I should also see six dot network into the Vrfrod interval. Let’s assume that I am a service folder. I want to check the customer routes are coming or not. So I can always use this command. I can see six dot network will be learn learning through BGP. Or you can also use this command show IP BGP VPN v for all summary when you say all it’s going to display all the VRFs. When I say all means it’s going to display all the VRFs. As of now anyway, we don’t have multiple VRS but it’s going to display all the VRFs. So sometimes when you’re working in a service portal network. Probably you want to verify only specific customer or specific VRF routes.
In that case we can also say shy, ppgp, VPN, v, four VRF and name of that VRF. Now you almost get the similar kind of output but the only difference is when you say VRF, it will display only that particular VRF learned routes. When you say all, it’s going to display all the VRF routes. So probably this will be very useful, especially when you have multiple customers connecting to the same provider router and you want to be more specific when you are trying to verify a similar way on the router three. Also, I can verify show IP road VRFA two. I should be able to see five coming to router three as a BGP route and finally customer site it will be just like a normal rip.
If I give show IP R IP, I can see six dot network into my routing table even though it is belonging to a different site. And if I try to ping six dot six trying to ping from my loop back to loop back, you can see the communication happens even if you try to ping trace everything is just like a normal. OK, so now the only difference between the previous MPLS L, three VP and this example is the only change in the routing protocol on the customer end. And when we get into some other labs or other sections, probably we might be using OSPF and the behavior will be slightly different when it comes to OSP protocol and the behavior or the configurations might vary in EHRP and also it will vary vary in BGP also.
2. MPLS L3 VPN – EIGRP
In this section we’ll see how to provide support for EHRP on MPLS L three VPMS. Now, the only difference between the previous scenarios and this scenario is now previously we have seen how to configure a static routing between PE to C router and then we have verified with using EHRP sorry, using Rip. In this section we’ll see how to configure EHRP. When it comes to the overall overall functionality of L three VPNs, it’s going to be the same for any routing protocol. But the only difference is the way we configure on the provider routers. It will be slightly different. Let us see how to configure EHRP. So when it comes to configuration here, already out of six steps, which I defined out of this three six step, the first three steps of preconfigured in this lab.
Now LDP is preconfigured and also I have IGP configured, LDP configured and also the VRFs. Everything is configured. Anyway, before we move, we will quickly verify these three configurations. Now here we are going to configure P to C routing using EHRP. Now, when it comes to EHRP, there is slight modification, there is slight variation in the configuration. So we’ll see that and then configuration of VPN before pairing is same like what we did previously. And then the redistribution is going to slightly vary. If you are using EHRP when it comes to the entire configuration, it’s going to be the same. Let us verify first. So for verification, I’m going to my diagram here. Now the diagram is going to be the same diagram and then I’ll go to router one for verification.
I’ll start with router one. So the first thing, we already have LDP configured. So I’ll say show embedded LDP neighbors for verifying the neighbor ship. And also I’m going to verify show Ipvrf interfaces. And I have only one BRF created on router one with VRFA one and F zero by zero is the interface which is assigned in that BRF. And if you want to verify the VRF configurations, complete VRF configurations. You can see I’m using Rd value of 500, column one and import export. All the values are same. In a similar way, I’ll verify the same thing on the router three. Also shorten section VRF, you can see Rd value is 500, column one and import export values. Everything is pre configured. Now, the only thing we don’t have configured is the last three steps. So I don’t have a VPN, V four peering, I don’t have a distribution. And also we didn’t configure any routing between P two C.
So I’ll start with P two C routing. So I’ll start with router five. And I want to use Rip. And probably let’s assume that the customer is using EHRP 100. So I’ll go to router file, I’m going to say router EHRP 100. So router five we are going to confirm EHRP 500. And what are the interfaces on the router file one is LAN interface which is five network and what is other network 170 network, no auto summary on the customer routers. It’s going to be a normal plane configurations without any VRS because the customer is not using any VRS here, let’s try to configure on the router six. Also router rip sorry, router EHRP 100, no auto summary, network 170, 216 dot network. And what is the LAN interface on the router six? It’s going to be six dot network. Done. So now we just finished the configurations on the customer routers, that is router five and router six.
Let’s try to configure on the router one. And once I configure on the router one automatically I should see the neighborship between router one and router five. Let’s get into router one. So the commands are almost similar router EHRP 100. But here also just like rip, to configure anything under the VRF we need to get into address family, IPV four VRF and the name of the VRF and then all the commands are the same. There is one extra command you need to define that is autonomous system. Now this is something which is mandatory. Okay, just a minute. I’ll not use Ehrb 100 probably I’ll use router Ehrb 500 here. Now I’ll explain you these configurations here. Address family IPV four, VRFA one. And under the address family we need to define the autonomous system number and that number has to be the same number whatever you are going to configure on the customer side.
So let’s say I’m using EHRP 100 on this router. Now, under the EHRP address family now you need to define a command called autonomous system number and this number. And on this router, router one under the disassembly and whatever used on the customer side, these two numbers must match. If they match, then only they will form the neighborship, then only they will exchange the routes. But when it comes to the other number which I used here, if you try to see here this number, router Ehrb 500 and now this number can be any number. Now this number and whatever you are using on the customer side, these two must be saved. Okay? Now it’s up to you what what is number you want to use here inside the provider edge router, it’s not mandatory to be 100 but if you want to use 100, you can use it’s not mandatory.
So generally this will be the autonomous system number of service portal. In my scenario it is 500. And under the VRF, whatever the autonomous system used by customer, that number has to be defined with a command called autonomous system 100. So this is one extra thing we need to keep in mind when we do configuration of EHRP as a PTC routing protocol. Apart from that, everything is simple. Just we need to advise the van interface which is connecting between the routers. That’s it. Now if you see, you can see the neighborship comes up between router One and Router Five. And to verify that neighborship, we need to say show IP EHRP 100 neighbors. I think this command show IPPRP VRFA one neighbors. So if you want to verify the neighborship on the service provider router, we need to give this command.
So if I give normal, it’s not going to work because it is global routing. So we need to define the VRF and neighbors. You can see the neighborship is up and if I verify the route in my VRF routing table, I should be able to see five dot network from the router file coming into Router One. And then I should be able to ping to that particular five dot network the LAN interface on the customer. Now this is going to confirm that the PTC routing is correct on the site one. Let’s try to do the same thing on the site Two. Also already I have configured Router six. If you remember, we already did the configuration on the Router Six. And on the Router Three I’m going to configure EHRP 500, but it has to be under the first family. Now this number, you can use any number, it’s up to you.
But under the VRF, sorry, it has to be VRFA two autonomous system 100. Now in some of the iOS you will not find this option in the taps. So probably you need to type this command completely. Now here this iOS which I’m using, it’s working fine here. But if you don’t find this option, probably you can type without iOS help. So it will work. And then I need to advertise network one seven to so once the confirmation goes, I should be able to see the neighborship message here. And for verification of the neighbor ship, I can say show IP EHRP VRFA two neighbors. I can see Router Three and Six are forming the neighbor ship and I should be able to see the routes from Router Three.
Show IP route VRFA Two I should be able to see the route from the customer router Six LAN interface into my VRF routing table. So this is going to confirm that P two C routing is configured correctly on both the sides. Now the next thing is the next two steps are almost same. We need to configure VPN before pairing between Router One and Router Three. Now the steps are same, so I already have the steps in my Notepad. So I’ll copy paste these commands. So you know this already. We discussed. So on the router Three I’ll start and then on the router this is on the Router One as per our lab here. That’s the same thing what we did in our previous sections. So now once you do this, what’s the next thing we need to verify the neighborship? It’s not normal BGP, it has to be show IP PGP VPN V Four all Summary Command I must see the neighborship should come up.
It’s going to take some time now we can see the neighborship is up but zero routes are extended because the reason is there is one more step remain remaining. We need to finish off that and that is the redistribution of EHRP into BGP, BGP into EHRP. Now the same thing we need to do BGP into EHRP, HRP into BGP and both the provider edge routers. Let’s do that again. So router BGP 500 and the redistribution is almost similar to what we did in our rip protocol. We need to get into the address family IPV four, VRFA one and then redistribute EHRP. What is the S number we need to define? What is the town system number? I mean to define this is one thing we need to keep in mind, we need to define under the VRF we are not going to distribute 500. If I try to give 500 you can see it’s not going to match.
Now here you have to define the autonomous system number whatever you define under the VRF at the time of configurations. If you see if you get back to a previous configurations here now you have to define this number whatever the number you have used over there, the customer autonomous system number. Now if you try to give the global areas number it’s not going to work. So it has to be always 100. That’s it. And then redistribution of router EHRP 500 and then at the family IPV four, VRFA one and we need to redistribute BGP 500 again and metric and when you are redistributing anything into HRP it is mandatory. You have to define the five values, the K values, any number you can use metric, bandwidth, let’s say 1000 and delay, let’s say 2000 and these values can be anything just but it is mandatory to define any values that’s it.
So now the entire redistribution is almost similar to a normal redistribution but it has to be done under the address family. Now let’s do the same thing on the router three as well. So I’ll go to router BGP 500 and under the dust family IPV four, VRF A two, that is the VRF a two is the VRF on the router three, router three and then redistribute EIGRP 100. That’s it, no need of matrix inside the BGP. Now, similar way we need to redistribute router Bghrp 500 and then address family IPV four, VRF A two and then redistribute PGP. What is the autonomous system number? 500 and metric you need to define those five values, many numbers. So I’m just typing just one one one done. So verification now if you want to verify we can verify like this. If I use show IP route VRFA two I can see six dot network, any of it is coming through EHRP but you can see five dot network is also learned through BGP because in the form of redistribution.
So now the route is getting access to router one. Router one it’s redistributing EHRP into BGP and I’m able to receive the route in the form of PGP update. A similar way, if I want to verify, I can also use show IP PGP VPN view for all summary command, I can see the prefixes. If you remove the summary, you will be able to see the individual prefixes coming. And this metric, whatever you see here, it’s a normal EHRP metric. Now, finally, if I want to verify on the customer side so schwaiper route EHRP, I’m able to see the six dot network on the router fire. And finally, if I try to ping, which shows look back and loop back, I’m able to ping. And if I try to trace six dot six, I’m able to see the same output like what we have seen in when we used R IP as well as static. So, similar way, let’s finish off with verification. On the router six, also on the router six, I’m able to see five five five, which means automatically they will communicate. Okay?
