5. MPLS L3 VPN – EBGP
MPLS l three VPN. Support for a BGP. Now if you remember in our previous sections we have seen the different routing protocols used as a PE two C routing protocol. And then we are redistributing those routes into VGP. It will take you to the next end of the provider edge router and then finally we are redistributing back again into a specific routing protocol which is used between PE to C. Now in this section again we will be doing the same kind of thing m plus L three VPN support. But this time the PE to C routing protocol will be BGP. Now this is one of the most common way of conferring. Maybe the customer is using BGP and the routing exchange between the customer and the provider edge router will be done based on BGP routing protocol.
Let’s see how to do that. Now if you see the steps now the four five steps which we discuss, the six steps, it’s going to remain the same. The first step will remain the same and it is pre configured in my lab here. And the second step we are going to configure LDP insider service four. Again it is pre configured and we also have a VRF called a one which is configured on the site one. And we have a VRF A two configured on the site two. And then our requirement is to make sure that the customer land here five five should be able to communicate with six six. Now in this lab the first three steps are pre configured. It’s the same way how we did in our previous scenarios. Now when it comes to routing between P and C, we are not going to use static because we already verified with static.
So we are not using Rip OSPF, EHR could also be verified. So we’ll be using BGP this time as a P to C routing protocol. After that VPN V four configuration will be same, no changes. And then finally here we don’t need to configure any redistribution. So now if you’re using BGP as a P to C routing protocol, we don’t need to do redistribution because whatever the VPN V four we are going to configure it’s one type of BGP implementation. And this is again the EPGP side and this is going to be EPGP again. So which means by default automatically the routes coming from the customer will go to the PE router and these routes will be advertised to the other edge of the PE router because without any redistribution, because of running a common protocol on both sides.
So if you’re using BGP as a customer PE to C router, then we just have only five steps and the 6th step is not required. Redistribution is something not required here. So let us verify. So the first thing I’ll verify the pre requirements, the first three things already pre configured in my lab. If you want you can verify with US commands. So the first thing I’ll go to router one and then I’ll verify show IP OSPF neighbor. Router one is having two neighbors and if I use show IP route OSPF, I can see the route routing table is populated. And then if I use show MPLS LDP neighbors LDP is already pre configured here. If you want we can verify we Show MPLS forwarding table. And then finally if I verify VRF configurations show Ipvrf interfaces and or if I give show Ipvrf detail.
Now, I already have an import export route target values of 500 colon one, which is which we’re exporting as well as importing 500 column one on both sides. So the first three things are pre configured here. Now, I’m going to continue with the fourth step where I’m going to configure EBGP between router One and router Phi. So because we are using BGP here, let’s see what are the steps we need to configure. Now, this is the configurations we need to do it on the router Phi and router One. So if you see on the router file we are going to configure a normal BGP configuration because the router file is a customer router, so it will be a normal configuration. So we need to go to router BGP 5600.
So I’m going to use 5600 as a customer router customer autonomous system number and my autonomous system number will be 500. So I’m going to say router BGP 5600 and the neighbor the neighbor IP address is 170 216 51 and the remote is 500. And then no auto summary, no synchronization the recent iOS. This is by default disable and just one neighbor command. We need to configure n two network commands. We need to utilize the land interface and also I’m rodizing the one interface. So network five with a slash 32 subnet mark and network 50 network with a 24 subnet mark. Now, instead of giving network commands, you can also give something called redistribute connected.
So if you just want to minimize the number of commands, we can also say redistribute connected. Any options we can use. Now, if I just see the configurations on the router file, it is more like a normal BGP we are going to configure. Now, when you see the configurations on the provider edge router here, the provider edge router we need to configure EBGP towards the customer, but it has to be under the VRF. So what we are doing, we are going to say router BGP 500 and we are saying no BGP default IPV for unicast. We will be disabling the default IPV for BGP and then under the address family because you need to go under the VRF. Just like if you want to convert rip, we need to say router rip and address family IPV for VRF a one similar way.
If you want to get into under the VRF we need to define the address family. Now, we are under the router mode, under the VRF address family. Then we need to configure the neighbor command. That is 170, 216, 55. This is our route of file. And then we need to say activate. An active command is mandatory under the VRF because by default, the neighbor ship will not come up if you don’t give activate. So it’s more like a VPN V four activate command. So every VRF must have an activate command mandatory for each neighbor. And then I’m going to interface which is connecting towards the customer side. So if you see on the router One, which is my provider edge router, you’ll see it’s more like a normal BGP, but it has to be under the VRF.
So all the commands are more similar to a normal BGP commands. But the only difference is it is configured under the VRF because we are running a common BGP, but it must be under the VRF. So every customer will have a separate VRF routing configurations under the BGP. Let’s quickly configure these things and verify the neighborhood. So I’ll start with the customer side on the router five. So on the router Five, we’re using as number 5600. And then I’m going to say enable one, 9216, 15, 133 one. Remote s is 500. No need to activate because we are not disabling the default BGP. So I’ll simply advertise my networks. So I’m going to use my LAN interface 532 subnet mask. And then I’m also rodizing the one interface which will be 24 submitted mask.
And the network is one seven to 1615, dot zero. Now, so if you see it’s just a normal BGP where we have a set of neighbor command and the network commands, no auto summary, no synchronization, it’s by default, disabled. So we don’t need to do it again the same thing. I’m going to do it on the router One. The router one. We need to configure router BGP 500. And I’m going to say BGP default IP before unicast to disable the normal BGP because we’ll be configuring VPN V four also in our next step. And then everything, whatever you do towards the customer, it has to be under the VRF. So I need to say IP address family IPV four, VRFA one. And then I need to say neighbor 170, 216, 15 five. There is a route of five and the remote AIS is 5600. And then it’s mandatory.
We need to say activate and then advertising the interface 170 1650 network with a mask of 255-255-2550. So instead of doing this, you can also get redistribute connected because when you say redistribute connect automatically. The interface which is under the VRF will get advertised in the BGP. Okay, now you can see the Router One is forming a neighbor ship with 10 to 1615 five, which is router Phi here under the VRFA one. Now, to verify, I cannot use this command because this is a normal BGP. Show IP BGP summary works for a normal BGP. So we’re not using normal BGP. We need to verify with show IP BGP VPN before all summary. So when I say all summary it is going to display all the VRF routes because normally in the production networks when you say all you may have five to six VRFs configured on the same provider edge router.
So if you don’t want to see all the VRFs, then we can say show IP VGP VPN v four VRF A one and then summary. Now it is going to show you only the BGP peering the BGP peering towards the customer under the VRF a one only. So when I say all it’s going to display all anyway. We don’t have many VRFs configured here so all will be okay. But when it comes to production networks, you need to be more specific if you want to verify the more specific neighbor, we can always use this command and if I remove a one I can see what are the routes coming from customer. Now, if you see here now this fighter network as we are advertising this fighter network is coming into my VPN V four route and automatically I think it should also come into my VRF routing table.
If I go show IP route VRFA one I’m able to learn five through BGP, external BGP and if I try to access that five I should be able to ping to that interface. Now this is going to confirm that B to C routing using EBGP is working fine. Let’s try to do the same thing on the router three as well. Three to six, I’ll start with six here. Now on the router six, router BGP 5600 and then neighbor 170, 216. What is enable 172? Dot 16, dot 36, dot three, that is router three. Remote is 500 and then we need to send network command network. We can write as two interfaces network six with a mask of two 5525-525-5255 I’m using 32 here. And what is the other network one seven to 1634 network with a mask of 24. Done. Anyway, note or summary no synchronization is something by default disabled.
So we don’t need to add it again because I’m using the recent iOS versions, the same thing I do on the router three as well. But it has to be under the VRF. So let’s go to router three. I need to configure EBGP between router three and router six. So router BGP 500, I’m going to disable the default PGP and address family IPV four VRF a two. So we need to configure the EBGP on the router three, but it has to be under the VRF. So we need to send label 172 1636 remote as what is the remote is 5600 and then we need to say activate mandatory and then we need to advertise the connected interface. So if I just you redistribute connected automatically, it will advertise all the connected interfaces under the BRF. So it’s a simple way of advertising if you want to be more specific 17 16 36 network with a mask of 255-255-2550. So now I should see router three and router six neighbor ship should come up.
You can see the neighborship is up and to verify this I can use Shaw IPGP VPN v four all summary this command is more equivalent to your Shu IP BGP summary. In a normal BGP when I say VPN v four it’s going to be the VRF route. When I say all it is going to display all the EBGP neighborship for all the VRFs, right? So if I want to be more specific I can say VRF a one A two summary if I remove that VPN view for all, it’s going to display all the VRF learned routes. As of now we just have a route distinguisher value of 501 and I’m receiving the routes six six three which is coming from site two. And if I want you can also verify the routing table. So IP route A hyphen two you can see six six six and if I try to ping under the VRFs six six. Now you can see from the router three I’m able to ping to the land interface of the router customer.
6. MPLS L3 VPN – EBGP Continued
Now just now we have finished the third step here. The third step is EDC routing between router three to router six and router one to router Phi. Okay so now the customer route from router Phi, it’s coming on router one in the VR routing table and the routes coming from this customer customer is present and separate via a routing table. Now I want to ensure that this customer routes from this peak should go to another P. Then we need to configure a VPN vivo Peter between them and that’s it. We don’t need to do a distribution because it’s A, BGP and PGP. Once I finish the VPN vivo configuration I should see this fire network should be coming into the P of the other side. Similarly the six should be coming on the other side of the P.
Let’s try to configure the VPN vivo peering between router one and router. So it’s going to be the same commands what we have done in the previous steps. If you see here router BGP 500 and then on the router three we are going to say 110 zero one remote as Update source and then under the family event before we are going to say Activate Send Community next option. So let me just copy paste these commands on the router three. So these are on the router three. Now on the router one I’m going to replace eleven one using 13 one. So replace all. So it’s going to be the similar commands on the router one as well done. Now what I should see now I should see all the routes. The first thing I should verify is show IP BGP VPN V four all summary.
Now I should see router one and router Three must have a VPN V four neighborship. Now it is up. That’s the first step. And then I should be able to see the routes coming from you from router three. If I remove that summary I can see on the router one this six six six coming from PSI two is advertised to router three and router three is going to place that in a VRF routing table. And then it is going to advertise through VPN route. As a VPN route it goes to router One and router one is receiving the route as BGP. Now you can see six six is coming via 39 one. The same thing should happen on the other side as well. Let’s verify on the router three. Also on the router three I should be able to see Show IP PGP VPN V Four all neighborship is already up.
So I’m going to verify this five route is coming to router One and router one is going to place in the VRF routing table and then it will rise to other end of the router as a VPN route. And then the router three is going to receive the route five five with the next hop of eleven one. So you can see, everything seems to be okay here up to here. Let’s try to verify the same thing on the customer router. Now, if I go to router, I should see Six route coming into my BGP table as well as in the routing table. Can you see Six network coming on the router file? It’s not coming. Let’s verify on the Router Six. Now show IP route. Can you see Five out network coming on the router Six? Now, what is happening here? So everything seems to be okay up to you.
So we thought of conquering five steps. I think we did everything perfect. Let’s try to understand what’s the reason. Now what is happening here is. This five dot network is not coming on the customer side, but it is coming till this provider edge router. The same thing happening opposite side as well. Same thing on the opposite side. The six dot network is advertised to routers router Three and Router Three advertises to Router One. But Router One is not actually advertising to Router Six. Now what’s the reason? So the reason is very simple here. If you just try to observe, if you just get back to the BGP basics, what we have learned in the BGP basics, BGP will not install the routes or it will not install the routes in the BGP table if it sees its own as number.
If I just get back to BGP basics, if you remember, we have discussed that BGP will not install the routes if it sees its own as number in the BGP update. So this is something, it’s a loop prevention mechanism in the PGP. Now, this is the same exactly what’s happening here in our scenario. Also. Now in our scenario, the customer routes from the router file getting advertised to service Four network, which means the router file, Router One is receiving five five with originating from 600. It’s not 600, it is 5600 and I. Let’s verify on the Router One. If I just see Five network, it’s coming with 5600 and I, which means it is originating from 5600 before it comes to my autonomous system number. Now, similar way, the Router Three also will receive the Route 55.
It is originating from 5600 and I on the same route. It is advertised on the other end of the P router through VPN routes as five coming from 5600 and I. Same thing. Now, when the Router Three is advertising to Router Six, the Router Six is going to receive this update. It’s actually originating from 5600, right? It’s originating from 5600 here and then going to 500. It goes through 500 before it comes to my autonomous system number. This is what happening here. Now this router, the customer router here, it belongs to as number 5600, right? Because we have used the same autonomous system number of both the sides, because both the sides belong to the same customer. So a 600 and 5600 and here also it is 5600.
Now, the Router six, what it is doing is whenever it sees its own as number, what it is doing, it will not install the router, it thinks that it is looping. Maybe it is going from its own as again, coming back to its own autonomous system number. So it will not install the routes in the BGP, it will not accept. In general, we can say in simple, it will not accept, but actually it is not looping here, it’s coming from a different side. Now, to overcome this problem, this is what exactly preventing the router routes coming from coming from router fire, going through service portal and coming back to Router six. Now, to overcome this problem, there are two possible solutions I can do.
The first one, I can use the different autonomous system numbers for each and every site. So, which means if I have MPLS respond to work, I got multiple sites, and on all the sites I’m using BGP, so I’m going to use the as number of 1000 here, probably 1001, 1002. So I should not repeat the same autonomous system number. So, which means I need to go with a unique autonomous system number on each and every side, which is again not scalable. Now, it belongs to the same customer, there are ten sites, and for the same customer I cannot use ten different autonomous system numbers. So it’s not a scalable solution. Instead, what I can do is the second solution, what I’m going to do in this scenario is I’m going to override the as number by using a command called as overwrite.
There is a command called as overwrite. So what I’m going to do is I’m going to tell the same scenario here, I’m going to tell the Router five, when it is advertising to Router one, it’s going to be the same originating from 5600, it will be 5600 and I. Now, when it gets advertised to Router Three, it will be 5600 and I. But I’m going to tell, when the Router Three is advertising to the Router Six, I’m going to say overwrite as number 5600 with its own as number. So what I’m going to say, I’m going to tell the router, Router Three, to change the autonomous system number from 5600, to write its own as number, as 500. Now, which means when the Router Three is advertising to Router Five, router Six, it’s going to advertise with 500 500 I instead of 500 600 and I.
So now the customer as number will be overwritten with its own service order as number. Now, this way we can actually allow the customer routes coming from one side to go to other side. And this can be done by using one command. And that command will be, we need to go to Router Three and under the VRF we need to say enable what’s? Enable router six, it is 170, 216, 36, six. And I have to give the same command as as override. So I’m going to say override this customer as member with its own as member. So I’m going to change the behavior, the default behavior to some other behavior. So this is the solution. This is something we need to really do. If you are using BGP, it’s mandatory because we cannot go with unique as number on each and every site.
So we need to go with one common autonomous system number for multiple sites of the same customer. And we can just overwrite with this command. Let’s try that practically and then verify the similar kind of thing. I’ll go to router three. I need to add what is the command we discussed? Address family IPV four, PRFA two. And we need to say neighbor. Neighbor. What’s the neighbor? It’s 170 216 36 six. I need to say as override done. So now as override change the neighborship is up. Now if I go and check on the router six, I should be able to see the route as router file. You can see I’m able to see the route now. Now if I go and check my BGP show IP BGP, I can see I’m receiving five five from next top three. That is router three and it’s coming as 500 500 and I it’s not displayed as 500.
Actually, as per our lab, it is originating from 5600 and then going to 500 before it comes to my S number. Now it has to be in general, it has to be like this originating from 5600, coming to 500 and coming to I. Now what it is doing is it is overwriting this with 500 500. That is the importance of as override command. So it’s really important for you to overwrite with your own as member. That is service for as number. It has to be done on the P router pointing towards the customer. Now let me do the same thing on the other side, because on the router one, not on the router one, on the router five, I’m not able to see six because I did not confirm on the router one. Let me do the same thing on the router one. Router BGP 500 address family IPV four, b RFA one I need to say 172 dot 16 dot 15 dot one.
That is router one. I need to say a s overwrite. Sorry, I wrote actually my own IP address. So I need to get into the address family and 55. That is router file. Done. So now if I go and check on the router file, I should be able to see if I can show IP BGP. I can see six network is coming into my router now. And if I verify show IP BGP, I can see six network is coming with 500 500. So the same behavior happens on the opposite side as well. Now this is something we need to remember whenever we configure PGP as a vote to see routing protocol. It’s mandatory for you to override the OS number by using as override command. Now, finally, the last step verifying end to enrichability. So if I give ping so I should be able to access similar way. If I tried trace, I should get the trace like this.
