Internet Access in MPLS VPN Using VRF Aware NAT at Internet PE LAB

Config Guidelines
****************************************************************************************
Scenario - Providing Internet Access to MPLS VPN Cusomer using Route-Leaking via Global
Internet Table with using NAT for the Customer's Private IP Block used for Internet.
NAT being done at the PE ROuter Peering with Internet. In this design we need to propogate the
Private IP Block Route till the Internet Peering Router to have reachability Locally in Provider AS
ISP AS used 64513
IGP in ISP is ISIS with Loopbacks in Level-1 and Core Links in Level-2
EBGP used with Internet Router
Customer AS Used 64514
PE-CE Routing Protocol EBGP
Internet AS 64515
Lo0 and Lo1 used for Dummy Traffic
VRF Used CEA
rd 64513:1
rt 6413:100
CE1B is Normal IP Customer in AS 64516 running EBGP with PE2
CE1A and CE2A are VPN Sites with CE1A only having Internet Access.
Used NAT Inside on Serial1/0 at PE1 and NAT Outisde on Core Link Serial1/1towards P
NAT Pool Used GRE_Internet 192.168.1/0/30
Extended ACL used 134 Denying 10.0.1.1/32 and Allowing 192.168.100.0/24
CE1A has a default Route towards PE1 via Serial1/0
ANy Non-VPN Traffic from CE1A comes to PE1 via Serial1/0 and get Natted Outbound to
192.168.1.1 and Goes to Internet Router Internet Router has Reverse Route till PE1
for 192.168.1.1 and from there Reverse NAT Happens towards CE1A
***************************************************************************************
CE1A#show running-config
Building configuration...
Current configuration : 1474 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE1A
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description <>
ip address 10.0.10.1 255.255.255.0
!
interface FastEthernet0/0
ip address 172.16.199.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
description <>
ip address 10.0.2.10 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router bgp 64514
no synchronization
bgp log-neighbor-changes
redistribute connected route-map Local
neighbor 10.0.2.9 remote-as 64513
neighbor 10.0.2.9 description <>
neighbor 10.0.2.9 allowas-in 5
neighbor 10.0.2.9 soft-reconfiguration inbound
no auto-summary
!
ip http server
ip route 0.0.0.0 0.0.0.0 Serial1/0
!
!
!
!
route-map Local permit 10
match interface Loopback0 FastEthernet0/0
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
CE1A#
CE1A#
CE2A#sh running-config
Building configuration...
Current configuration : 1380 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE2A
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description <>
ip address 10.0.20.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
description <>
ip address 10.0.2.6 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router bgp 64514
no synchronization
bgp log-neighbor-changes
redistribute connected route-map Local
neighbor 10.0.2.5 remote-as 64513
neighbor 10.0.2.5 description <>
neighbor 10.0.2.5 allowas-in 5
neighbor 10.0.2.5 soft-reconfiguration inbound
no auto-summary
!
ip http server
!
!
!
!
route-map Local permit 10
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
CE2A#
CE1B#sh running-config
Building configuration...
Current configuration : 1424 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE1B
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description <>
ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.200.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
description <>
ip address 192.168.1.9 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router bgp 64516
no synchronization
bgp log-neighbor-changes
redistribute connected route-map Local
neighbor 192.168.1.10 remote-as 64513
neighbor 192.168.1.10 description <>
neighbor 192.168.1.10 soft-reconfiguration inbound
no auto-summary
!
ip http server
!
!
!
!
route-map Local permit 10
match interface Loopback0 FastEthernet0/0
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
CE1B#
PE1#sh running-config
Building configuration...
Current configuration : 2562 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE1
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
ip vrf CEA
description <>
rd 64513:1
route-target export 64513:100
route-target import 64513:100
!
!
!
!
!
ip cef
!
!
multilink bundle-name authenticated
mpls label protocol ldp
call rsvp-sync
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description <>
ip address 10.0.1.1 255.255.255.255
ip router isis
isis circuit-type level-1
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
description <>
ip vrf forwarding CEA
ip address 10.0.2.9 255.255.255.252
ip nat inside
serial restart-delay 0
!
interface Serial1/1
description <>
ip address 192.168.1.1 255.255.255.252
ip nat outside
ip router isis
mpls label protocol ldp
mpls ip
serial restart-delay 0
isis circuit-type level-2-only
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
router isis
net 49.0001.1111.2222.3333.00
!
router bgp 64513
no synchronization
bgp log-neighbor-changes
neighbor 10.0.2.1 remote-as 64513
neighbor 10.0.2.1 description <>
neighbor 10.0.2.1 update-source Loopback0
neighbor 10.0.3.1 remote-as 64513
neighbor 10.0.3.1 description <>
neighbor 10.0.3.1 next-hop-self
neighbor 10.0.3.1 soft-reconfiguration inbound
no auto-summary
!
address-family vpnv4
neighbor 10.0.2.1 activate
neighbor 10.0.2.1 send-community extended
exit-address-family
!
address-family ipv4 vrf CEA
no synchronization
redistribute connected
neighbor 10.0.2.10 remote-as 64514
neighbor 10.0.2.10 description <>
neighbor 10.0.2.10 activate
neighbor 10.0.2.10 soft-reconfiguration inbound
exit-address-family
!
ip classless
ip route 172.16.199.0 255.255.255.0 Serial1/0 10.0.2.10
ip route vrf CEA 0.0.0.0 0.0.0.0 192.168.1.2 global
!
!
no ip http server
no ip http secure-server
!
!
route-map CEA permit 10
match ip address CEA
!
!
mpls ldp router-id Loopback0
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
PE1#
PE2#sh running-config
Building configuration...
Current configuration : 2790 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE2
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
ip vrf CEA
description <>
rd 64513:1
route-target export 64513:100
route-target import 64513:100
!
!
!
!
!
ip cef
!
!
multilink bundle-name authenticated
mpls label protocol ldp
call rsvp-sync
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description <>
ip address 10.0.2.1 255.255.255.255
ip router isis
isis circuit-type level-1
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
description
ip address 192.168.1.5 255.255.255.252
ip router isis
mpls label protocol ldp
mpls ip
serial restart-delay 0
isis circuit-type level-2-only
!
interface Serial1/1
description
ip address 192.168.1.10 255.255.255.252
serial restart-delay 0
!
interface Serial1/2
description
ip vrf forwarding CEA
ip address 10.0.2.5 255.255.255.252
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
router isis
net 49.0002.2222.3333.4444.00
redistribute connected route-map Local
!
router bgp 64513
no synchronization
bgp log-neighbor-changes
aggregate-address 192.168.0.0 255.255.0.0 summary-only
neighbor 10.0.1.1 remote-as 64513
neighbor 10.0.1.1 update-source Loopback0
neighbor 10.0.3.1 remote-as 64513
neighbor 10.0.3.1 description <>
neighbor 10.0.3.1 update-source Loopback0
neighbor 10.0.3.1 next-hop-self
neighbor 10.0.3.1 soft-reconfiguration inbound
neighbor 192.168.1.9 remote-as 64516
neighbor 192.168.1.9 description <>
neighbor 192.168.1.9 default-originate
neighbor 192.168.1.9 soft-reconfiguration inbound
no auto-summary
!
address-family vpnv4
neighbor 10.0.1.1 activate
neighbor 10.0.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf CEA
no synchronization
redistribute connected
neighbor 10.0.2.6 remote-as 64514
neighbor 10.0.2.6 description <>
neighbor 10.0.2.6 activate
neighbor 10.0.2.6 send-community extended
neighbor 10.0.2.6 soft-reconfiguration inbound
exit-address-family
!
ip classless
!
!
no ip http server
no ip http secure-server
!
!
route-map Local permit 10
match interface Serial1/1
!
!
mpls ldp router-id Loopback0
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
PE2#
PE2#
P#sh running-config
Building configuration...
Current configuration : 2817 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname P
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
!
!
!
!
ip cef
!
!
multilink bundle-name authenticated
mpls label protocol ldp
call rsvp-sync
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description
ip address 10.0.3.1 255.255.255.255
ip router isis
isis circuit-type level-1
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
description
ip address 192.168.1.2 255.255.255.252
ip nat inside
ip router isis
mpls label protocol ldp
mpls ip
serial restart-delay 0
isis circuit-type level-2-only
!
interface Serial1/1
description
ip address 192.168.1.6 255.255.255.252
ip router isis
mpls label protocol ldp
mpls ip
serial restart-delay 0
isis circuit-type level-2-only
!
interface Serial1/2
description
ip address 172.16.1.1 255.255.255.252
ip nat outside
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
router isis
net 49.0003.3333.2222.1111.00
redistribute connected route-map Local
!
router bgp 64513
no synchronization
bgp log-neighbor-changes
aggregate-address 192.168.0.0 255.255.0.0 summary-only
neighbor 10.0.1.1 remote-as 64513
neighbor 10.0.1.1 description <>
neighbor 10.0.1.1 update-source Loopback0
neighbor 10.0.1.1 next-hop-self
neighbor 10.0.1.1 soft-reconfiguration inbound
neighbor 10.0.2.1 remote-as 64513
neighbor 10.0.2.1 description <>
neighbor 10.0.2.1 update-source Loopback0
neighbor 10.0.2.1 next-hop-self
neighbor 10.0.2.1 soft-reconfiguration inbound
neighbor 172.16.1.2 remote-as 64515
neighbor 172.16.1.2 description <>
neighbor 172.16.1.2 soft-reconfiguration inbound
no auto-summary
!
ip nat pool Internet 192.168.1.2 192.168.1.2 netmask 255.255.255.252
ip nat inside source list 134 pool Internet overload
ip classless
ip route 172.16.199.0 255.255.255.0 Serial1/0 192.168.1.1
!
!
no ip http server
no ip http secure-server
!
access-list 134 deny ip host 10.0.1.1 any
access-list 134 deny ip host 10.0.2.1 any
access-list 134 deny ip host 10.0.3.1 any
access-list 134 permit ip 172.16.199.0 0.0.0.255 any
!
route-map Local permit 10
match interface Serial1/1
!
!
mpls ldp router-id Loopback0
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
P#
P#
Internet_Router#sh running-config
Building configuration...
Current configuration : 1511 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Internet_Router
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description <>
ip address 172.16.10.1 255.255.255.0
!
interface Loopback1
description <>
ip address 172.16.20.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
description <>
ip address 172.16.1.2 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router bgp 64515
no synchronization
bgp log-neighbor-changes
redistribute connected route-map Local
neighbor 172.16.1.1 remote-as 64513
neighbor 172.16.1.1 description <>
neighbor 172.16.1.1 default-originate
neighbor 172.16.1.1 soft-reconfiguration inbound
no auto-summary
!
ip http server
!
!
!
!
route-map Local permit 10
match interface Loopback0
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
Internet_Router#
***********************************************************************
OUTPUT
**********************************************************************
CE1A#ping 172.16.20.1 source fastEthernet 0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.199.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 144/240/312 ms
CE1A#traceroute 172.16.20.1 source fastEthernet 0/0
Type escape sequence to abort.
Tracing the route to 172.16.20.1
1 10.0.2.9 60 msec 4 msec 172 msec
2 192.168.1.2 192 msec 268 msec 144 msec
3 172.16.1.2 552 msec 176 msec *
CE1A#
CE1A#ping 10.0.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 200/272/372 ms
CE1A#
CE2A#traceroute 10.0.10.1
Type escape sequence to abort.
Tracing the route to 10.0.10.1
1 10.0.2.5 68 msec 156 msec 96 msec
2 192.168.1.6 400 msec 528 msec 304 msec
3 10.0.2.9 [AS 64513] 308 msec 420 msec 192 msec
4 10.0.2.10 [AS 64513] 720 msec 516 msec 1184 msec
CE2A#
P#show access-lists
Extended IP access list 134
10 deny ip host 10.0.1.1 any
20 deny ip host 10.0.2.1 any
30 deny ip host 10.0.3.1 any
40 permit ip 172.16.199.0 0.0.0.255 any (4 matches)
P#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
udp 192.168.1.2:4501 172.16.199.1:49193 172.16.20.1:33440 172.16.20.1:33440
udp 192.168.1.2:4502 172.16.199.1:49194 172.16.20.1:33441 172.16.20.1:33441
udp 192.168.1.2:4503 172.16.199.1:49195 172.16.20.1:33442 172.16.20.1:33442
P#
CE1B#ping 172.16.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 200/379/588 ms
CE1B#tra
CE1B#traceroute 172.16.20.1
Type escape sequence to abort.
Tracing the route to 172.16.20.1
1 192.168.1.10 [AS 64513] 260 msec 308 msec 120 msec
2 192.168.1.6 [AS 64513] 708 msec 696 msec 1312 msec
3 172.16.1.2 [AS 64513] 504 msec 364 msec 360 msec
CE1B#
CE2A#ping 192.168.100.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CE2A#
CE1B#ping 10.0.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.10.1, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
CE1B#
CE1B#ping 10.0.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.20.1, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
CE1B#
CE2A#ping 192.168.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CE2A#
CE1A#ping 192.168.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CE1A#
CE1A#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.0.10.0/24 is directly connected, Loopback0
C 10.0.2.8/30 is directly connected, Serial1/0
B 10.0.2.4/30 [20/0] via 10.0.2.9, 00:19:24
B 10.0.20.0/24 [20/0] via 10.0.2.9, 00:19:24
C 192.168.100.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 is directly connected, Serial1/0
CE1A#
CE2A#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
B 10.0.10.0/24 [20/0] via 10.0.2.5, 00:19:28
B 10.0.2.8/30 [20/0] via 10.0.2.5, 00:19:28
C 10.0.2.4/30 is directly connected, Serial1/0
C 10.0.20.0/24 is directly connected, Loopback0
B 192.168.100.0/24 [20/0] via 10.0.2.5, 00:19:28
CE2A#
CE1B#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.1.10 to network 0.0.0.0
C 192.168.10.0/24 is directly connected, Loopback0
172.16.0.0/24 is subnetted, 1 subnets
B 172.16.10.0 [20/0] via 192.168.1.10, 00:56:03
C 192.168.200.0/24 is directly connected, FastEthernet0/0
192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.8 is directly connected, Serial1/0
B* 0.0.0.0/0 [20/0] via 192.168.1.10, 00:58:15
B 192.168.0.0/16 [20/0] via 192.168.1.10, 00:58:15
CE1B#
PE1#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 10.0.3.1 to network 0.0.0.0
B* 0.0.0.0/0 [200/0] via 10.0.3.1, 00:22:28
10.0.0.0/32 is subnetted, 3 subnets
C 10.0.1.1 is directly connected, Loopback0
i L2 10.0.2.1 [115/30] via 192.168.1.2, Serial1/1
i L2 10.0.3.1 [115/20] via 192.168.1.2, Serial1/1
172.16.0.0/24 is subnetted, 2 subnets
B 172.16.10.0 [200/0] via 10.0.3.1, 00:22:28
S 172.16.199.0 [1/0] via 10.0.2.10, Serial1/0
B 192.168.0.0/16 [200/0] via 10.0.2.1, 00:22:30
192.168.1.0/24 is variably subnetted, 4 subnets, 2 masks
C 192.168.1.0/30 is directly connected, Serial1/1
L 192.168.1.1/32 is directly connected, Serial1/1
i L2 192.168.1.4/30 [115/20] via 192.168.1.2, Serial1/1
i L2 192.168.1.8/30 [115/20] via 192.168.1.2, Serial1/1
PE1#
PE1#sh ip route vrf CEA
Routing Table: CEA
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 192.168.1.2 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 192.168.1.2
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
B 10.0.2.4/30 [200/0] via 10.0.2.1, 00:20:12
C 10.0.2.8/30 is directly connected, Serial1/0
L 10.0.2.9/32 is directly connected, Serial1/0
B 10.0.10.0/24 [20/0] via 10.0.2.10, 00:20:44
B 10.0.20.0/24 [200/0] via 10.0.2.1, 00:20:12
B 192.168.100.0/24 [20/0] via 10.0.2.10, 00:20:44
PE1#
Internet_Router#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
C 172.16.20.0/24 is directly connected, Loopback1
C 172.16.10.0/24 is directly connected, Loopback0
C 172.16.1.0/30 is directly connected, Serial1/0
B 192.168.0.0/16 [20/0] via 172.16.1.1, 00:57:07
Internet_Router#
P#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 172.16.1.2 to network 0.0.0.0
B* 0.0.0.0/0 [20/0] via 172.16.1.2, 01:38:50
10.0.0.0/32 is subnetted, 3 subnets
i L2 10.0.1.1 [115/20] via 192.168.1.1, Serial1/0
i L2 10.0.2.1 [115/20] via 192.168.1.5, Serial1/1
C 10.0.3.1 is directly connected, Loopback0
172.16.0.0/16 is variably subnetted, 4 subnets, 3 masks
C 172.16.1.0/30 is directly connected, Serial1/2
L 172.16.1.1/32 is directly connected, Serial1/2
B 172.16.10.0/24 [20/0] via 172.16.1.2, 01:38:45
S 172.16.199.0/24 [1/0] via 192.168.1.1, Serial1/0
B 192.168.0.0/16 [200/0] via 10.0.2.1, 01:40:31
192.168.1.0/24 is variably subnetted, 5 subnets, 2 masks
C 192.168.1.0/30 is directly connected, Serial1/0

Implementing Internet Access In MPLS VPN Using VRF Aware NAT at Local PE LAB

Config Guidelines
****************************************************************************************
Scenario - Providing Internet Access to MPLS VPN Cusomer using Route-Leaking via Global
Internet Table with using NAT for the Customer's Private IP Block used for Internet
ISP AS used 64513
IGP in ISP is ISIS with Loopbacks in Level-1 and Core Links in Level-2
EBGP used with Internet Router
Customer AS Used 64514
PE-CE Routing Protocol EBGP
Internet AS 64515
Lo0 and Lo1 used for Dummy Traffic
VRF Used CEA
rd 64513:1
rt 6413:100
CE1B is Normal IP Customer in AS 64516 running EBGP with PE2
CE1A and CE2A are VPN Sites with CE1A only having Internet Access.
Used NAT Inside on Serial1/0 at PE1 and NAT Outisde on Core Link Serial1/1towards P
NAT Pool Used GRE_Internet 192.168.1/0/30
Extended ACL used 134 Denying 10.0.1.1/32 and Allowing 192.168.100.0/24
CE1A has a default Route towards PE1 via Serial1/0
ANy Non-VPN Traffic from CE1A comes to PE1 via Serial1/0 and get Natted Outbound to
192.168.1.1 and Goes to Internet Router Internet Router has Reverse Route till PE1
for 192.168.1.1 and from there Reverse NAT Happens towards CE1A
***************************************************************************************
CE1A#show running-config
Building configuration...
Current configuration : 1474 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE1A
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description <>
ip address 10.0.10.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.100.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
description <>
ip address 10.0.2.10 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router bgp 64514
no synchronization
bgp log-neighbor-changes
redistribute connected route-map Local
neighbor 10.0.2.9 remote-as 64513
neighbor 10.0.2.9 description <>
neighbor 10.0.2.9 allowas-in 5
neighbor 10.0.2.9 soft-reconfiguration inbound
no auto-summary
!
ip http server
ip route 0.0.0.0 0.0.0.0 Serial1/0
!
!
!
!
route-map Local permit 10
match interface Loopback0 FastEthernet0/0
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
CE1A#
CE1A#
CE2A#sh running-config
Building configuration...
Current configuration : 1380 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE2A
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description <>
ip address 10.0.20.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
description <>
ip address 10.0.2.6 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router bgp 64514
no synchronization
bgp log-neighbor-changes
redistribute connected route-map Local
neighbor 10.0.2.5 remote-as 64513
neighbor 10.0.2.5 description <>
neighbor 10.0.2.5 allowas-in 5
neighbor 10.0.2.5 soft-reconfiguration inbound
no auto-summary
!
ip http server
!
!
!
!
route-map Local permit 10
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
CE2A#
CE1B#sh running-config
Building configuration...
Current configuration : 1424 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE1B
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description <>
ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.200.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
description <>
ip address 192.168.1.9 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router bgp 64516
no synchronization
bgp log-neighbor-changes
redistribute connected route-map Local
neighbor 192.168.1.10 remote-as 64513
neighbor 192.168.1.10 description <>
neighbor 192.168.1.10 soft-reconfiguration inbound
no auto-summary
!
ip http server
!
!
!
!
route-map Local permit 10
match interface Loopback0 FastEthernet0/0
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
CE1B#
PE1#sh running-config
Building configuration...
Current configuration : 2733 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE1
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
ip vrf CEA
description <>
rd 64513:1
route-target export 64513:100
route-target import 64513:100
!
!
!
!
!
ip cef
!
!
multilink bundle-name authenticated
mpls label protocol ldp
call rsvp-sync
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description <>
ip address 10.0.1.1 255.255.255.255
ip router isis
isis circuit-type level-1
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
description <>
ip vrf forwarding CEA
ip address 10.0.2.9 255.255.255.252
ip nat inside
serial restart-delay 0
!
interface Serial1/1
description <>
ip address 192.168.1.1 255.255.255.252
ip nat outside
ip router isis
mpls label protocol ldp
mpls ip
serial restart-delay 0
isis circuit-type level-2-only
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
router isis
net 49.0001.1111.2222.3333.00
!
router bgp 64513
no synchronization
bgp log-neighbor-changes
neighbor 10.0.2.1 remote-as 64513
neighbor 10.0.2.1 description <>
neighbor 10.0.2.1 update-source Loopback0
neighbor 10.0.3.1 remote-as 64513
neighbor 10.0.3.1 description <>
neighbor 10.0.3.1 next-hop-self
neighbor 10.0.3.1 soft-reconfiguration inbound
no auto-summary
!
address-family vpnv4
neighbor 10.0.2.1 activate
neighbor 10.0.2.1 send-community extended
exit-address-family
!
address-family ipv4 vrf CEA
no synchronization
redistribute connected
neighbor 10.0.2.10 remote-as 64514
neighbor 10.0.2.10 description <>
neighbor 10.0.2.10 activate
neighbor 10.0.2.10 soft-reconfiguration inbound
exit-address-family
!
ip nat pool Internet 192.168.1.1 192.168.1.2 netmask 255.255.255.252
ip nat inside source list 134 pool Internet vrf CEA overload
ip classless
ip route vrf CEA 0.0.0.0 0.0.0.0 192.168.1.2 global
!
!
no ip http server
no ip http secure-server
!
access-list 134 deny ip host 10.0.1.1 any
access-list 134 permit ip 192.168.100.0 0.0.0.255 any
!
route-map CEA permit 10
match ip address CEA
!
!
mpls ldp router-id Loopback0
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
PE1#
PE2#sh running-config
Building configuration...
Current configuration : 2790 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE2
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
ip vrf CEA
description <>
rd 64513:1
route-target export 64513:100
route-target import 64513:100
!
!
!
!
!
ip cef
!
!
multilink bundle-name authenticated
mpls label protocol ldp
call rsvp-sync
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description <>
ip address 10.0.2.1 255.255.255.255
ip router isis
isis circuit-type level-1
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
description
ip address 192.168.1.5 255.255.255.252
ip router isis
mpls label protocol ldp
mpls ip
serial restart-delay 0
isis circuit-type level-2-only
!
interface Serial1/1
description
ip address 192.168.1.10 255.255.255.252
serial restart-delay 0
!
interface Serial1/2
description
ip vrf forwarding CEA
ip address 10.0.2.5 255.255.255.252
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
router isis
net 49.0002.2222.3333.4444.00
redistribute connected route-map Local
!
router bgp 64513
no synchronization
bgp log-neighbor-changes
aggregate-address 192.168.0.0 255.255.0.0 summary-only
neighbor 10.0.1.1 remote-as 64513
neighbor 10.0.1.1 update-source Loopback0
neighbor 10.0.3.1 remote-as 64513
neighbor 10.0.3.1 description <>
neighbor 10.0.3.1 update-source Loopback0
neighbor 10.0.3.1 next-hop-self
neighbor 10.0.3.1 soft-reconfiguration inbound
neighbor 192.168.1.9 remote-as 64516
neighbor 192.168.1.9 description <>
neighbor 192.168.1.9 default-originate
neighbor 192.168.1.9 soft-reconfiguration inbound
no auto-summary
!
address-family vpnv4
neighbor 10.0.1.1 activate
neighbor 10.0.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf CEA
no synchronization
redistribute connected
neighbor 10.0.2.6 remote-as 64514
neighbor 10.0.2.6 description <>
neighbor 10.0.2.6 activate
neighbor 10.0.2.6 send-community extended
neighbor 10.0.2.6 soft-reconfiguration inbound
exit-address-family
!
ip classless
!
!
no ip http server
no ip http secure-server
!
!
route-map Local permit 10
match interface Serial1/1
!
!
mpls ldp router-id Loopback0
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
PE2#
PE2#
P#sh running-config
Building configuration...
Current configuration : 2419 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname P
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
!
!
!
!
ip cef
!
!
multilink bundle-name authenticated
mpls label protocol ldp
call rsvp-sync
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description
ip address 10.0.3.1 255.255.255.255
ip router isis
isis circuit-type level-1
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
description
ip address 192.168.1.2 255.255.255.252
ip router isis
mpls label protocol ldp
mpls ip
serial restart-delay 0
isis circuit-type level-2-only
!
interface Serial1/1
description
ip address 192.168.1.6 255.255.255.252
ip router isis
mpls label protocol ldp
mpls ip
serial restart-delay 0
isis circuit-type level-2-only
!
interface Serial1/2
description
ip address 172.16.1.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
router isis
net 49.0003.3333.2222.1111.00
redistribute connected route-map Local
!
router bgp 64513
no synchronization
bgp log-neighbor-changes
aggregate-address 192.168.0.0 255.255.0.0 summary-only
neighbor 10.0.1.1 remote-as 64513
neighbor 10.0.1.1 description <>
neighbor 10.0.1.1 update-source Loopback0
neighbor 10.0.1.1 next-hop-self
neighbor 10.0.1.1 soft-reconfiguration inbound
neighbor 10.0.2.1 remote-as 64513
neighbor 10.0.2.1 description <>
neighbor 10.0.2.1 update-source Loopback0
neighbor 10.0.2.1 next-hop-self
neighbor 10.0.2.1 soft-reconfiguration inbound
neighbor 172.16.1.2 remote-as 64515
neighbor 172.16.1.2 description <>
neighbor 172.16.1.2 soft-reconfiguration inbound
no auto-summary
!
ip classless
!
!
no ip http server
no ip http secure-server
!
!
route-map Local permit 10
match interface Serial1/1
!
!
mpls ldp router-id Loopback0
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
P#
Internet_Router#sh running-config
Building configuration...
Current configuration : 1511 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Internet_Router
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description <>
ip address 172.16.10.1 255.255.255.0
!
interface Loopback1
description <>
ip address 172.16.20.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
description <>
ip address 172.16.1.2 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router bgp 64515
no synchronization
bgp log-neighbor-changes
redistribute connected route-map Local
neighbor 172.16.1.1 remote-as 64513
neighbor 172.16.1.1 description <>
neighbor 172.16.1.1 default-originate
neighbor 172.16.1.1 soft-reconfiguration inbound
no auto-summary
!
ip http server
!
!
!
!
route-map Local permit 10
match interface Loopback0
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
Internet_Router#
***********************************************************************
OUTPUT
**********************************************************************
CE1A#ping 172.16.10.1 source fastEthernet 0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.100.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 112/311/420 ms
CE1A#
CE1A#traceroute 172.16.20.1 source fastEthernet 0/0
Type escape sequence to abort.
Tracing the route to 172.16.20.1
1 10.0.2.9 168 msec 136 msec 568 msec
2 192.168.1.2 340 msec 584 msec 196 msec
3 172.16.1.2 492 msec 364 msec *
CE1A#
CE1A#ping 10.0.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 200/272/372 ms
CE1A#
CE2A#traceroute 10.0.10.1
Type escape sequence to abort.
Tracing the route to 10.0.10.1
1 10.0.2.5 68 msec 156 msec 96 msec
2 192.168.1.6 400 msec 528 msec 304 msec
3 10.0.2.9 [AS 64513] 308 msec 420 msec 192 msec
4 10.0.2.10 [AS 64513] 720 msec 516 msec 1184 msec
CE2A#
PE1#show access-lists
Extended IP access list 134
10 deny ip host 10.0.1.1 any
20 permit ip 192.168.100.0 0.0.0.255 any (13 matches)
PE1#sho
PE1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 192.168.1.1:4097 192.168.100.2:3316 20.137.181.130:445 20.137.181.130:445
tcp 192.168.1.1:4099 192.168.100.2:3324 20.137.181.166:443 20.137.181.166:443
tcp 192.168.1.1:4096 192.168.100.2:3329 20.137.181.166:443 20.137.181.166:443
tcp 192.168.1.1:4098 192.168.100.2:3330 20.198.16.7:445 20.198.16.7:445
tcp 192.168.1.1:4100 192.168.100.2:3331 20.198.16.7:139 20.198.16.7:139
tcp 192.168.1.1:4101 192.168.100.2:3339 20.137.181.166:443 20.137.181.166:443
udp 192.168.1.1:4501 192.168.100.2:3340 20.198.58.50:389 20.198.58.50:389
PE1#
CE1B#ping 172.16.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 200/379/588 ms
CE1B#tra
CE1B#traceroute 172.16.20.1
Type escape sequence to abort.
Tracing the route to 172.16.20.1
1 192.168.1.10 [AS 64513] 260 msec 308 msec 120 msec
2 192.168.1.6 [AS 64513] 708 msec 696 msec 1312 msec
3 172.16.1.2 [AS 64513] 504 msec 364 msec 360 msec
CE1B#
CE2A#ping 192.168.100.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CE2A#
CE1B#ping 10.0.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.10.1, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
CE1B#
CE1B#ping 10.0.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.20.1, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
CE1B#
CE2A#ping 192.168.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CE2A#
CE1A#ping 192.168.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CE1A#
CE1A#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.0.10.0/24 is directly connected, Loopback0
C 10.0.2.8/30 is directly connected, Serial1/0
B 10.0.2.4/30 [20/0] via 10.0.2.9, 00:19:24
B 10.0.20.0/24 [20/0] via 10.0.2.9, 00:19:24
C 192.168.100.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 is directly connected, Serial1/0
CE1A#
CE2A#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
B 10.0.10.0/24 [20/0] via 10.0.2.5, 00:19:28
B 10.0.2.8/30 [20/0] via 10.0.2.5, 00:19:28
C 10.0.2.4/30 is directly connected, Serial1/0
C 10.0.20.0/24 is directly connected, Loopback0
B 192.168.100.0/24 [20/0] via 10.0.2.5, 00:19:28
CE2A#
CE1B#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.1.10 to network 0.0.0.0
C 192.168.10.0/24 is directly connected, Loopback0
172.16.0.0/24 is subnetted, 1 subnets
B 172.16.10.0 [20/0] via 192.168.1.10, 00:56:03
C 192.168.200.0/24 is directly connected, FastEthernet0/0
192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.8 is directly connected, Serial1/0
B* 0.0.0.0/0 [20/0] via 192.168.1.10, 00:58:15
B 192.168.0.0/16 [20/0] via 192.168.1.10, 00:58:15
CE1B#
PE1#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 10.0.3.1 to network 0.0.0.0
B* 0.0.0.0/0 [200/0] via 10.0.3.1, 00:20:06
10.0.0.0/32 is subnetted, 3 subnets
C 10.0.1.1 is directly connected, Loopback0
i L2 10.0.2.1 [115/30] via 192.168.1.2, Serial1/1
i L2 10.0.3.1 [115/20] via 192.168.1.2, Serial1/1
172.16.0.0/24 is subnetted, 1 subnets
B 172.16.10.0 [200/0] via 10.0.3.1, 00:20:06
B 192.168.0.0/16 [200/0] via 10.0.2.1, 00:20:06
192.168.1.0/24 is variably subnetted, 4 subnets, 2 masks
C 192.168.1.0/30 is directly connected, Serial1/1
L 192.168.1.1/32 is directly connected, Serial1/1
i L2 192.168.1.4/30 [115/20] via 192.168.1.2, Serial1/1
i L2 192.168.1.8/30 [115/20] via 192.168.1.2, Serial1/1
PE1#sh ip rou
PE1#sh ip route v
PE1#sh ip route vrf CEA
Routing Table: CEA
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 192.168.1.2 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 192.168.1.2
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
B 10.0.2.4/30 [200/0] via 10.0.2.1, 00:20:12
C 10.0.2.8/30 is directly connected, Serial1/0
L 10.0.2.9/32 is directly connected, Serial1/0
B 10.0.10.0/24 [20/0] via 10.0.2.10, 00:20:44
B 10.0.20.0/24 [200/0] via 10.0.2.1, 00:20:12
B 192.168.100.0/24 [20/0] via 10.0.2.10, 00:20:44
PE1#
Internet_Router#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
C 172.16.20.0/24 is directly connected, Loopback1
C 172.16.10.0/24 is directly connected, Loopback0
C 172.16.1.0/30 is directly connected, Serial1/0
B 192.168.0.0/16 [20/0] via 172.16.1.1, 00:57:07
Internet_Router#
P#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 172.16.1.2 to network 0.0.0.0
B* 0.0.0.0/0 [20/0] via 172.16.1.2, 00:57:20
10.0.0.0/32 is subnetted, 3 subnets
i L2 10.0.1.1 [115/20] via 192.168.1.1, Serial1/0
i L2 10.0.2.1 [115/20] via 192.168.1.5, Serial1/1
C 10.0.3.1 is directly connected, Loopback0
172.16.0.0/16 is variably subnetted, 3 subnets, 3 masks
C 172.16.1.0/30 is directly connected, Serial1/2
L 172.16.1.1/32 is directly connected, Serial1/2
B 172.16.10.0/24 [20/0] via 172.16.1.2, 00:57:15
B 192.168.0.0/16 [200/0] via 10.0.2.1, 00:59:01
192.168.1.0/24 is variably subnetted, 5 subnets, 2 masks
C 192.168.1.0/30 is directly connected, Serial1/0
L 192.168.1.2/32 is directly connected, Serial1/0
C 192.168.1.4/30 is directly connected, Serial1/1
L 192.168.1.6/32 is directly connected, Serial1/1
i L2 192.168.1.8/30 [115/10] via 192.168.1.5, Serial1/1
P#
P#

Implementing Inter-AS AToM L2 MPLS VPN LAB

Config Gudelines
******************************************************************************************
Scenario: ISP 64513 is Offering L2 VPN Services to Customer A by Provisioning an Inter-AS
AToM MPLS L2 VPN using VFI
IGP used in ISP 64513 is ISIS with Loopbacks in level-1 and Backbone Links in Level-2
IGP used in 64515 OSPF
Psuedowire Used CEA with VCID 101 within the AS PEs and VCID 200 VFI used between AS
IGP In customer dowain used OSPF
******************************************************************************************
CE1A#sh running-config
Building configuration...
Current configuration : 1340 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE1A
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description <>
ip address 172.16.30.1 255.255.255.255
!
interface FastEthernet0/0
description <>
ip address 172.16.100.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
description <>
ip address 172.16.1.1 255.255.255.252
no dce-terminal-timing-enable
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router ospf 100
log-adjacency-changes
redistribute connected subnets route-map Local
network 172.16.1.0 0.0.0.3 area 0
!
ip http server
!
!
!
!
route-map Local permit 10
match interface Loopback0 FastEthernet0/0
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
!
end
CE1A#
CE2A#sh running-config
Building configuration...
Current configuration : 1379 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE2A
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description <>
ip address 172.16.40.1 255.255.255.255
!
interface FastEthernet0/0
description <>
ip address 172.16.200.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
description <>
ip address 172.16.1.2 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
no fair-queue
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router ospf 100
log-adjacency-changes
redistribute connected subnets route-map Local
network 172.16.1.0 0.0.0.3 area 0
!
ip http server
!
!
!
!
route-map Local permit 10
match interface Loopback0 FastEthernet0/0
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
!
end
CE2A#
PE11#sh running-config
Building configuration...
Current configuration : 1709 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE11
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
!
!
!
!
ip cef
!
!
multilink bundle-name authenticated
mpls ldp discovery targeted-hello accept
mpls label protocol ldp
call rsvp-sync
!
!
!
!
!
!
!
!
pseudowire-class CEA
encapsulation mpls
!
l2 vfi CEA point-to-point
!
!
!
!
!
!
!
interface Loopback0
description <>
ip address 10.0.1.1 255.255.255.255
ip router isis
isis circuit-type level-1
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
description <>
no ip address
serial restart-delay 0
xconnect 10.0.1.2 101 encapsulation mpls pw-class CEA
!
interface Serial1/1
description <>
ip address 192.168.1.1 255.255.255.252
ip router isis
mpls label protocol ldp
mpls ip
serial restart-delay 0
isis circuit-type level-2-only
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
router isis
net 49.0001.1111.2222.3333.00
!
ip classless
!
!
no ip http server
no ip http secure-server
!
!
!
mpls ldp router-id Loopback0
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
PE11#
PE11#
PE12#sh running-config
Building configuration...
Current configuration : 2150 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE12
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
!
!
!
!
ip cef
!
!
multilink bundle-name authenticated
mpls ldp discovery targeted-hello accept
mpls label protocol ldp
call rsvp-sync
!
!
!
!
!
!
!
!
pseudowire-class CEA
encapsulation mpls
!
l2 vfi CEA point-to-point
neighbor 10.0.1.1 101 pw-class CEA
neighbor 10.0.2.2 200 pw-class CEA
!
!
!
!
!
!
!
interface Loopback0
description <>
ip address 10.0.1.2 255.255.255.255
ip router isis
isis circuit-type level-1
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
ip address 192.168.1.2 255.255.255.252
ip router isis
mpls label protocol ldp
mpls ip
serial restart-delay 0
isis circuit-type level-2-only
!
interface Serial1/1
description <>
ip address 10.0.20.1 255.255.255.252
mpls bgp forwarding
mpls label protocol ldp
mpls ip
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
router isis
net 49.0002.2222.3333.1111.00
!
router bgp 64513
no synchronization
bgp log-neighbor-changes
neighbor 10.0.2.2 remote-as 64515
neighbor 10.0.2.2 description <>
neighbor 10.0.2.2 ebgp-multihop 2
neighbor 10.0.2.2 update-source Loopback0
neighbor 10.0.2.2 soft-reconfiguration inbound
neighbor 10.0.2.2 send-label
no auto-summary
!
ip classless
ip route 10.0.2.2 255.255.255.255 10.0.20.2
!
!
no ip http server
no ip http secure-server
!
!
!
mpls ldp router-id Loopback0
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
PE12#
PE12#
PE21#sh running-config
Building configuration...
Current configuration : 1664 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE21
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
!
!
!
!
ip cef
!
!
multilink bundle-name authenticated
mpls ldp discovery targeted-hello accept
call rsvp-sync
!
!
!
!
!
!
!
!
pseudowire-class CEA
encapsulation mpls
!
!
!
!
!
!
!
interface Loopback0
description <>
ip address 10.0.2.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
description <>
ip address 10.0.10.1 255.255.255.252
mpls label protocol ldp
mpls ip
serial restart-delay 0
!
interface Serial1/1
description <>
no ip address
serial restart-delay 0
xconnect 10.0.2.2 101 encapsulation mpls pw-class CEA
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
router ospf 1
log-adjacency-changes
redistribute connected subnets route-map Local
network 10.0.10.0 0.0.0.3 area 0
!
ip classless
!
!
no ip http server
no ip http secure-server
!
!
route-map Local permit 10
match interface Loopback0
!
!
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
PE21#
PE22#sh running-config
Building configuration...
Current configuration : 2225 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE22
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
!
!
!
!
ip cef
!
!
multilink bundle-name authenticated
mpls ldp discovery targeted-hello accept
mpls label protocol ldp
call rsvp-sync
!
!
!
!
!
!
!
!
pseudowire-class CEA
encapsulation mpls
!
l2 vfi CEA point-to-point
neighbor 10.0.2.1 101 pw-class CEA
neighbor 10.0.1.2 200 pw-class CEA
!
!
!
!
!
!
!
interface Loopback0
description <>
ip address 10.0.2.2 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
description <>
ip address 10.0.20.2 255.255.255.252
mpls bgp forwarding
mpls label protocol ldp
mpls ip
no fair-queue
serial restart-delay 0
!
interface Serial1/1
description <>
ip address 10.0.10.2 255.255.255.252
mpls label protocol ldp
mpls ip
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
router ospf 1
log-adjacency-changes
redistribute connected subnets route-map Local
network 10.0.10.0 0.0.0.3 area 0
!
router bgp 64515
no synchronization
bgp log-neighbor-changes
neighbor 10.0.1.2 remote-as 64513
neighbor 10.0.1.2 description <>
neighbor 10.0.1.2 ebgp-multihop 2
neighbor 10.0.1.2 update-source Loopback0
neighbor 10.0.1.2 soft-reconfiguration inbound
neighbor 10.0.1.2 send-label
no auto-summary
!
ip classless
ip route 10.0.1.2 255.255.255.255 10.0.20.1
!
!
no ip http server
no ip http secure-server
!
!
route-map Local permit 10
match interface Loopback0
!
!
mpls ldp router-id Loopback0
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
PE22#
**********************************************************************
OUTPUT
**********************************************************************
CE1A#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.40.1 0 FULL/ - 00:00:38 172.16.1.2 Serial1/0
CE1A#sh ip rou
CE1A#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks
O E2 172.16.200.0/24 [110/20] via 172.16.1.2, 00:05:27, Serial1/0
O E2 172.16.40.1/32 [110/20] via 172.16.1.2, 00:06:07, Serial1/0
C 172.16.30.1/32 is directly connected, Loopback0
C 172.16.1.0/30 is directly connected, Serial1/0
C 172.16.100.0/24 is directly connected, FastEthernet0/0
CE1A#ping 172.16.200.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.200.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 84/124/196 ms
CE1A#tra
CE1A#traceroute 172.16.40.1
Type escape sequence to abort.
Tracing the route to 172.16.40.1
1 172.16.1.2 176 msec 256 msec *
CE1A#
CE2A#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.30.1 0 FULL/ - 00:00:36 172.16.1.1 Serial1/0
CE2A#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks
C 172.16.200.0/24 is directly connected, FastEthernet0/0
C 172.16.40.1/32 is directly connected, Loopback0
O E2 172.16.30.1/32 [110/20] via 172.16.1.1, 00:06:40, Serial1/0
C 172.16.1.0/30 is directly connected, Serial1/0
O E2 172.16.100.0/24 [110/20] via 172.16.1.1, 00:06:40, Serial1/0
CE2A#ping 172.16.100.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.100.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 108/196/276 ms
CE2A#tra
CE2A#traceroute 172.16.30.1
Type escape sequence to abort.
Tracing the route to 172.16.30.1
1 172.16.1.1 544 msec 252 msec *
CE2A#
PE11#show mpls l2transport vc detail
Local interface: Se1/0 up, line protocol up, HDLC up
Destination address: 10.0.1.2, VC ID: 101, VC status: up
Output interface: Se1/1, imposed label stack {19}
Preferred path: not configured
Default path: active
Next hop: point2point
Create time: 00:27:33, last status change time: 00:13:21
Signaling protocol: LDP, peer 10.0.1.2:0 up
Targeted Hello: 10.0.1.1(LDP Id) -> 10.0.1.2
Status TLV support (local/remote) : enabled/supported
Label/status state machine : established, LruRru
Last local dataplane status rcvd: no fault
Last local SSS circuit status rcvd: no fault
Last local SSS circuit status sent: no fault
Last local LDP TLV status sent: no fault
Last remote LDP TLV status rcvd: no fault
MPLS VC labels: local 16, remote 19
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 235, send 225
byte totals: receive 18549, send 20641
packet drops: receive 0, seq error 0, send 0
PE11#
PE12#show mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
MPLS PW 10.0.2.2:200 10.0.1.1 101 UP
MPLS PW 10.0.1.1:101 10.0.2.2 200 UP
PE12#sho
PE12#show vfi
Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No
VFI name: CEA, type: point-to-point
Neighbors connected via pseudowires:
Peer Address VC ID
10.0.1.1 101
10.0.2.2 200
PE12#show mpls l2transport vc det
PE12#show mpls l2transport vc detail
Local interface: MPLS PW 10.0.2.2:200 up
Destination address: 10.0.1.1, VC ID: 101, VC status: up
Output interface: Se1/0, imposed label stack {16}
Preferred path: not configured
Default path: active
Next hop: point2point
Create time: 00:26:19, last status change time: 00:12:30
Signaling protocol: LDP, peer 10.0.1.1:0 up
Targeted Hello: 10.0.1.2(LDP Id) -> 10.0.1.1
Status TLV support (local/remote) : enabled/supported
Label/status state machine : established, LruRru
Last local dataplane status rcvd: no fault
Last local SSS circuit status rcvd: no fault
Last local SSS circuit status sent: no fault
Last local LDP TLV status sent: no fault
Last remote LDP TLV status rcvd: no fault
MPLS VC labels: local 19, remote 16
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description: <>
Sequencing: receive transparent, send transparent
Sequencing resync disabled
VC statistics:
packet totals: receive 240, send 500
byte totals: receive 21882, send 45220
packet drops: receive 0, seq error 0, send 0
Local interface: MPLS PW 10.0.1.1:101 up
Destination address: 10.0.2.2, VC ID: 200, VC status: up
Output interface: Se1/1, imposed label stack {19}
Preferred path: not configured
Default path: active
Next hop: point2point
Create time: 00:26:21, last status change time: 00:14:32
Signaling protocol: LDP, peer 10.0.2.2:0 up
Targeted Hello: 10.0.1.2(LDP Id) -> 10.0.2.2
Status TLV support (local/remote) : enabled/supported
Label/status state machine : established, LruRru
Last local dataplane status rcvd: no fault
Last local SSS circuit status rcvd: no fault
Last local SSS circuit status sent: no fault
Last local LDP TLV status sent: no fault
Last remote LDP TLV status rcvd: no fault
MPLS VC labels: local 18, remote 19
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive transparent, send transparent
Sequencing resync disabled
VC statistics:
packet totals: receive 250, send 480
byte totals: receive 22610, send 43764
packet drops: receive 0, seq error 0, send 0
PE21#show mpls l2transport vc detail
Local interface: Se1/1 up, line protocol up, HDLC up
Destination address: 10.0.2.2, VC ID: 101, VC status: up
Output interface: Se1/0, imposed label stack {17}
Preferred path: not configured
Default path: active
Next hop: point2point
Create time: 00:28:27, last status change time: 00:15:41
Signaling protocol: LDP, peer 10.0.2.2:0 up
Targeted Hello: 10.0.2.1(LDP Id) -> 10.0.2.2
Status TLV support (local/remote) : enabled/supported
Label/status state machine : established, LruRru
Last local dataplane status rcvd: no fault
Last local SSS circuit status rcvd: no fault
Last local SSS circuit status sent: no fault
Last local LDP TLV status sent: no fault
Last remote LDP TLV status rcvd: no fault
MPLS VC labels: local 16, remote 17
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 255, send 265
byte totals: receive 20063, send 23851
packet drops: receive 0, seq error 0, send 0
PE21#
PE12#
PE22#show mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
MPLS PW 10.0.2.1:101 10.0.1.2 200 UP
MPLS PW 10.0.1.2:200 10.0.2.1 101 UP
PE22#show vfi
Legend: RT=Route-target, S=Split-horizon, Y=Yes, N=No
VFI name: CEA, type: point-to-point
Neighbors connected via pseudowires:
Peer Address VC ID
10.0.2.1 101
10.0.1.2 200
PE22#show mpls l2transport vc detail
Local interface: MPLS PW 10.0.2.1:101 up
Destination address: 10.0.1.2, VC ID: 200, VC status: up
Output interface: Se1/0, imposed label stack {18}
Preferred path: not configured
Default path: active
Next hop: point2point
Create time: 00:26:16, last status change time: 00:17:03
Signaling protocol: LDP, peer 10.0.1.2:0 up
Targeted Hello: 10.0.2.2(LDP Id) -> 10.0.1.2
Status TLV support (local/remote) : enabled/supported
Label/status state machine : established, LruRru
Last local dataplane status rcvd: no fault
Last local SSS circuit status rcvd: no fault
Last local SSS circuit status sent: no fault
Last local LDP TLV status sent: no fault
Last remote LDP TLV status rcvd: no fault
MPLS VC labels: local 19, remote 18
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive transparent, send transparent
Sequencing resync disabled
VC statistics:
packet totals: receive 273, send 566
byte totals: receive 24596, send 50608
packet drops: receive 0, seq error 0, send 0
Local interface: MPLS PW 10.0.1.2:200 up
Destination address: 10.0.2.1, VC ID: 101, VC status: up
Output interface: Se1/1, imposed label stack {16}
Preferred path: not configured
Default path: active
Next hop: point2point
Create time: 00:26:18, last status change time: 00:15:05
Signaling protocol: LDP, peer 10.0.2.1:0 up
Targeted Hello: 10.0.2.2(LDP Id) -> 10.0.2.1
Status TLV support (local/remote) : enabled/supported
Label/status state machine : established, LruRru
Last local dataplane status rcvd: no fault
Last local SSS circuit status rcvd: no fault
Last local SSS circuit status sent: no fault
Last local LDP TLV status sent: no fault
Last remote LDP TLV status rcvd: no fault
MPLS VC labels: local 17, remote 16
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description: <>
Sequencing: receive transparent, send transparent
Sequencing resync disabled
VC statistics:
packet totals: receive 283, send 546
byte totals: receive 25304, send 49192
packet drops: receive 0, seq error 0, send 0
PE22#

Implementing MPLS L2 VPN over MPLS L2 VPN with TE Fast Reroute LAB

COnfig Guidelines
***********************************************************************************************
Scenario : ISP 1 is a Tier 1 ISP which has deep geographic presence.
ISP A is a Tier 3 ISP which has less geographic presence and wants to offer MPLS L2 VPN Services
to its Customer B
ISP Takes MPLS L2 VPN Services from ISP 1 and overlays its own MPLS L2 VPN Services on top of it
for Customer B
ISP 1 being Tier 1 also provides redundancy in MPLS L2 VPN Services to ISP A using backup peer between
PEs IGP in ISP 1 is ISIS with Loopbacks in Level 1 and Backbone Links in Level-2
Pseudowire Used CE1A
VCID used 100 as Primary between PE1-PE2
VCID used 101 as Secondary betwen PE1-PE3
ISP1-ISPA Links are Ethernet
IGP in ISPA used OSPF
VCID Used 200 between CE1A and CE2A
PE-CE ROuting PRotocol Used EIGRP between ISPA and Customer B
TE Tunnel Used 100 between PE1 and PE2 as Primary
TE Tunnel used 101 between PE1 and PE2 as Backup via PE3 for PE1-PE2 link failure
PE1 S2/0 is Protected via MPLS TE Fast Reroute using backup tunnel 101
********************************************************************************************************
CE1B#sh running-config
Building configuration...
Current configuration : 1086 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE1B
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description <>
ip address 172.16.50.1 255.255.255.255
!
interface FastEthernet0/0
description <>
ip address 172.16.100.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
description <>
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.200
encapsulation dot1Q 200
ip address 10.0.10.1 255.255.255.252
no snmp trap link-status
!
!
router eigrp 100
redistribute connected metric 1544 2000 255 200 1500 route-map Local
network 10.0.10.0 0.0.0.3
network 10.0.20.0 0.0.0.3
auto-summary
!
ip http server
!
!
!
!
route-map Local permit 10
match interface Loopback0 FastEthernet0/0
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
!
end
CE1B#
CE2B#sh running-config
Building configuration...
Current configuration : 1041 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE2B
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description <>
ip address 172.16.60.1 255.255.255.255
!
interface FastEthernet0/0
description <>
ip address 172.16.200.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
description <>
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.200
encapsulation dot1Q 200
ip address 10.0.10.2 255.255.255.252
no snmp trap link-status
!
!
router eigrp 100
redistribute connected metric 1544 2000 255 200 1500 route-map Local
network 10.0.10.0 0.0.0.3
auto-summary
!
ip http server
!
!
!
!
route-map Local permit 10
match interface Loopback0 FastEthernet0/0
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
CE2B#
CE2B#
CE1A#sh running-config
Building configuration...
Current configuration : 1576 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE1A
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
!
!
!
!
ip cef
!
!
multilink bundle-name authenticated
mpls ldp discovery targeted-hello accept
mpls label protocol ldp
call rsvp-sync
!
!
!
!
!
!
!
!
pseudowire-class CE1A
encapsulation mpls
!
pseudowire-class CEB
encapsulation mpls
!
!
!
!
!
!
!
interface Loopback0
description <>
ip address 172.16.10.1 255.255.255.255
ip router isis
isis circuit-type level-1
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
description <>
no ip address
speed auto
duplex auto
!
interface FastEthernet1/0.200
encapsulation dot1Q 200
xconnect 172.16.20.1 200 encapsulation mpls pw-class CEB
!
interface FastEthernet1/1
description <>
no ip address
speed auto
duplex auto
!
interface FastEthernet1/1.100
encapsulation dot1Q 100
ip address 172.16.1.1 255.255.255.252
mpls label protocol ldp
mpls ip
!
router ospf 100
log-adjacency-changes
redistribute connected subnets route-map Local
network 172.16.1.0 0.0.0.3 area 0
!
router isis
net 49.0001.1111.2222.3333.00
!
ip classless
!
!
no ip http server
no ip http secure-server
!
!
route-map Local permit 10
match interface Loopback0
!
!
mpls ldp router-id Loopback0
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
CE1A#
CE1A#
CE1A#
CE2A#sh running-config
Building configuration...
Current configuration : 1362 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE2A
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
!
!
!
!
ip cef
!
!
multilink bundle-name authenticated
mpls ldp discovery targeted-hello accept
call rsvp-sync
!
!
!
!
!
!
!
!
pseudowire-class CEB
encapsulation mpls
!
!
!
!
!
!
!
interface Loopback0
ip address 172.16.20.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
description <>
no ip address
speed auto
duplex auto
!
interface FastEthernet1/0.200
encapsulation dot1Q 200
xconnect 172.16.10.1 200 encapsulation mpls pw-class CEB
!
interface FastEthernet1/1
description <>
no ip address
speed auto
duplex auto
!
interface FastEthernet1/1.100
encapsulation dot1Q 100
ip address 172.16.1.2 255.255.255.252
mpls label protocol ldp
mpls ip
!
router ospf 100
log-adjacency-changes
redistribute connected subnets route-map Local
network 172.16.1.0 0.0.0.3 area 0
!
ip classless
!
!
no ip http server
no ip http secure-server
!
!
route-map Local permit 10
match interface Loopback0
!
!
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
CE2A#
PE1#sh running-config
Building configuration...
Current configuration : 3192 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE1
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
!
!
!
!
ip cef
!
!
multilink bundle-name authenticated
mpls traffic-eng tunnels
mpls traffic-eng fast-reroute timers promotion 10
mpls label protocol ldp
call rsvp-sync
!
!
!
!
!
!
!
!
pseudowire-class CE1A
encapsulation mpls
!
!
!
!
!
!
!
interface Tunnel100
description <>
ip unnumbered Loopback0
tunnel destination 10.0.2.1
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng priority 1 1
tunnel mpls traffic-eng bandwidth 128
tunnel mpls traffic-eng path-option 1 explicit name PE2
tunnel mpls traffic-eng fast-reroute
!
interface Tunnel101
description <>
ip unnumbered Loopback0
tunnel destination 10.0.2.1
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng priority 2 2
tunnel mpls traffic-eng bandwidth 128
tunnel mpls traffic-eng path-option 1 explicit name backup
!
interface Loopback0
description <>
ip address 10.0.1.1 255.255.255.255
ip router isis
isis circuit-type level-1
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
description <>
no ip address
speed auto
duplex auto
!
interface FastEthernet1/0.100
encapsulation dot1Q 100
xconnect 10.0.2.1 100 encapsulation mpls pw-class CE1A
backup peer 10.0.3.1 101 pw-class CE1A
!
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
!
interface Serial2/0
description <>
ip address 192.168.1.1 255.255.255.252
ip router isis
mpls traffic-eng tunnels
mpls traffic-eng backup-path Tunnel101
mpls label protocol ldp
mpls ip
serial restart-delay 0
isis circuit-type level-2-only
ip rsvp bandwidth 128
!
interface Serial2/1
description <>
ip address 192.168.1.5 255.255.255.252
ip router isis
mpls traffic-eng tunnels
mpls label protocol ldp
mpls ip
serial restart-delay 0
isis circuit-type level-2-only
ip rsvp bandwidth 128
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/7
no ip address
shutdown
serial restart-delay 0
!
router isis
net 49.0001.1111.2222.3333.00
metric-style wide
mpls traffic-eng router-id Loopback0
mpls traffic-eng level-2
!
ip classless
!
!
no ip http server
no ip http secure-server
!
ip explicit-path name PE2 enable
next-address 192.168.1.2
next-address 10.0.2.1
!
ip explicit-path name backup enable
next-address 192.168.1.6
next-address 192.168.1.9
next-address 10.0.2.1
!
!
!
mpls ldp router-id Loopback0
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
PE2#sh running-config
Building configuration...
Current configuration : 3086 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE2
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
!
!
!
!
ip cef
!
!
multilink bundle-name authenticated
mpls traffic-eng tunnels
mpls label protocol ldp
call rsvp-sync
!
!
!
!
!
!
!
!
pseudowire-class CE1A
encapsulation mpls
!
!
!
!
!
!
!
interface Tunnel100
description <>
ip unnumbered Loopback0
tunnel destination 10.0.1.1
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng priority 1 1
tunnel mpls traffic-eng bandwidth 128
tunnel mpls traffic-eng path-option 1 explicit name PE1
tunnel mpls traffic-eng fast-reroute
!
interface Tunnel101
description <>
ip unnumbered Loopback0
tunnel destination 10.0.1.1
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng priority 2 2
tunnel mpls traffic-eng bandwidth 128
tunnel mpls traffic-eng path-option 1 explicit name backup
tunnel mpls traffic-eng fast-reroute
!
interface Loopback0
description <>
ip address 10.0.2.1 255.255.255.255
ip router isis
isis circuit-type level-1
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
description <>
no ip address
speed auto
duplex auto
!
interface FastEthernet1/0.100
encapsulation dot1Q 100
xconnect 10.0.1.1 100 encapsulation mpls pw-class CE1A
!
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
!
interface Serial2/0
description <>
ip address 192.168.1.2 255.255.255.252
ip router isis
shutdown
mpls traffic-eng tunnels
mpls label protocol ldp
mpls ip
serial restart-delay 0
isis circuit-type level-2-only
ip rsvp bandwidth 128
!
interface Serial2/1
description <>
ip address 192.168.1.9 255.255.255.252
ip router isis
mpls traffic-eng tunnels
mpls label protocol ldp
mpls ip
serial restart-delay 0
isis circuit-type level-2-only
ip rsvp bandwidth 128
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/7
no ip address
shutdown
serial restart-delay 0
!
router isis
net 49.0002.2222.1111.3333.00
metric-style wide
mpls traffic-eng router-id Loopback0
mpls traffic-eng level-2
!
ip classless
!
!
no ip http server
no ip http secure-server
!
ip explicit-path name PE1 enable
next-address 192.168.1.1
!
ip explicit-path name backup enable
next-address 192.168.1.10
next-address 192.168.1.5
next-address 10.0.1.1
!
!
!
mpls ldp router-id Loopback0
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
PE2#
PE3#sh run
PE3#sh running-config
Building configuration...
Current configuration : 2181 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE3
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
!
!
!
!
ip cef
!
!
multilink bundle-name authenticated
mpls traffic-eng tunnels
mpls label protocol ldp
call rsvp-sync
!
!
!
!
!
!
!
!
pseudowire-class CE1A
encapsulation mpls
!
!
!
!
!
!
!
interface Loopback0
description <>
ip address 10.0.3.1 255.255.255.255
ip router isis
isis circuit-type level-1
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
description <>
no ip address
speed auto
duplex auto
!
interface FastEthernet1/0.101
encapsulation dot1Q 100
xconnect 10.0.1.1 101 encapsulation mpls pw-class CE1A
!
interface FastEthernet1/1
no ip address
shutdown
speed auto
duplex auto
!
interface Serial2/0
description <>
ip address 192.168.1.6 255.255.255.252
ip router isis
mpls traffic-eng tunnels
mpls label protocol ldp
mpls ip
serial restart-delay 0
isis circuit-type level-2-only
ip rsvp bandwidth 256
!
interface Serial2/1
description <>
ip address 192.168.1.10 255.255.255.252
ip router isis
mpls traffic-eng tunnels
mpls label protocol ldp
mpls ip
serial restart-delay 0
isis circuit-type level-2-only
ip rsvp bandwidth 128
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/7
no ip address
shutdown
serial restart-delay 0
!
router isis
net 49.0002.3333.1111.2222.00
metric-style wide
mpls traffic-eng router-id Loopback0
mpls traffic-eng level-2
!
ip classless
!
!
no ip http server
no ip http secure-server
!
!
!
mpls ldp router-id Loopback0
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
PE3#
PE3#
***************************************************************************************
OUTPUT
***************************************************************************************
Traffic going via VCID 100 PE1-PE2
**************************************************************************************
PE1#show mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
Fa1/0.100 Eth VLAN 100 10.0.2.1 100 UP
Fa1/0.100 Eth VLAN 100 10.0.3.1 101 DOWN
PE1#
PE2#show mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
Fa1/0.100 Eth VLAN 100 10.0.1.1 100 UP
PE3#show mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
Fa1/0.101 Eth VLAN 100 10.0.1.1 101 DOWN
PE3#
CE1A#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.20.1 1 FULL/BDR 00:00:35 172.16.1.2 FastEthernet1/
1.1
CE1A#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks
C 172.16.1.0/30 is directly connected, FastEthernet1/1.100
L 172.16.1.1/32 is directly connected, FastEthernet1/1.100
C 172.16.10.1/32 is directly connected, Loopback0
O E2 172.16.20.1/32 [110/20] via 172.16.1.2, 00:08:10, FastEthernet1/1.100
CE1A#show mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
Fa1/0.200 Eth VLAN 200 172.16.20.1 200 UP
CE1A#
CE2A#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.10.1 1 FULL/DR 00:00:32 172.16.1.1 FastEthernet1/
1.1
CE2A#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks
C 172.16.1.0/30 is directly connected, FastEthernet1/1.100
L 172.16.1.2/32 is directly connected, FastEthernet1/1.100
O E2 172.16.10.1/32 [110/20] via 172.16.1.1, 00:09:07, FastEthernet1/1.100
C 172.16.20.1/32 is directly connected, Loopback0
CE2A#show mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
Fa1/0.200 Eth VLAN 200 172.16.10.1 200 UP
CE2A#
CE2A#show mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
Fa1/0.200 Eth VLAN 200 172.16.10.1 200 DOWN
CE2A#
CE2B#sh ip eigrp neighbors
IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.0.10.1 Fa0/1.200 11 00:09:27 1584 5000 0 2
CE2B#sh ip rou
CE2B#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks
C 172.16.200.0/24 is directly connected, FastEthernet0/0
C 172.16.60.1/32 is directly connected, Loopback0
D EX 172.16.50.1/32
[170/2172416] via 10.0.10.1, 00:09:29, FastEthernet0/1.200
D EX 172.16.100.0/24
[170/2172416] via 10.0.10.1, 00:09:29, FastEthernet0/1.200
10.0.0.0/30 is subnetted, 1 subnets
C 10.0.10.0 is directly connected, FastEthernet0/1.200
CE2B#ping 172.16.100.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.100.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/139/204 ms
CE2B#tra
CE2B#traceroute 172.16.100.1
Type escape sequence to abort.
Tracing the route to 172.16.100.1
1 10.0.10.1 256 msec 192 msec *
CE2B#
CE1B#sh ip eigrp neighbors
IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.0.10.2 Fa0/1.200 14 00:10:08 552 3312 0 2
CE1B#sh ip rou
CE1B#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks
D EX 172.16.200.0/24
[170/2172416] via 10.0.10.2, 00:10:09, FastEthernet0/1.200
D EX 172.16.60.1/32
[170/2172416] via 10.0.10.2, 00:10:09, FastEthernet0/1.200
C 172.16.50.1/32 is directly connected, Loopback0
C 172.16.100.0/24 is directly connected, FastEthernet0/0
10.0.0.0/30 is subnetted, 1 subnets
C 10.0.10.0 is directly connected, FastEthernet0/1.200
CE1B#ping 172.16.200.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.200.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 164/216/268 ms
CE1B#tra
CE1B#traceroute 172.16.200.1
Type escape sequence to abort.
Tracing the route to 172.16.200.1
1 10.0.10.2 356 msec 328 msec *
CE1B#
***************************************************************************************
Traffic going via VCID 100 PE1-PE2 with TE Fastreroute Implemented
**************************************************************************************
PE1#show mpls traffic-eng fast-reroute database detail
FRR Database Summary: