Friday, January 1, 2010

Implementing Internet Access in MPLS L3 VPN via Dedicated VRF with NAT at Local PE via GRE Tunnel LAB



Config Guidelines
****************************************************************************************
Scenario - Providing Internet Access to MPLS VPN Cusomer using Deicated VRF along with
using NAT for the Customer's Private IP Block used for Internet at the Local PE Router
Peering with Customer
Design Challenge: We need to do NAT for the IP Block Inside Customer VRF and Pass the Natted IPs to
Internet VRF. The Internet ROuter needs to have route to the NAT IP.
Soultion: Set up a GRE Tunnel between the PE Router peering with Internet and PE Router
peering with Customer Site and put this Tunnel in Customer VPN. This Tunnel will have Public Routable
IPs over Internet. The Traffic coming from Private IPs across Customer VPN will get Natted to this IP.
For making this GRE Tunnel reachable in Internet VRF , Import the ROute-Target for Customer VPN in
Internet Router on PE to Internet. Also we need to use a different ROute-Target for the Customers site requiring
Internet access and those will be not imported in Internet VRF but other customers Site VRF. Send a default route
to the CE rquiring Internet access via PE-CE Routing Protocol and put a static default for the VRF on the PE pointing
to GRE Tunnel.
This way CEs of Customer VRF can talk same way via Private IPs and Only the Traffic for Internet Access Gets Natted to GRE
Tunnel
Caveats: We will will need to setup' n'GRE Tunnel for CEs on n" PEs. Also it will lead to usage of n+1 Public IPs assuming to use
GRE Tunnels with same /24 and Internet PE End Tunnel IP Fixed and Local PE Tunnel IP Changing.
ISP AS used 64513
IGP in ISP is ISIS with Loopbacks in Level-1 and Core Links in Level-2
EBGP used with Internet Router
Customer AS Used 64514
PE-CE Routing Protocol OSPF
Internet AS 64515
Lo0 and Lo1 used for Dummy Traffic
Customer VRF Used CEA
rd 64513:1
rt 6413:100
rt 64513:101 ( for site needing Internet Access)
Internet VRF Used Inet
rd 64513:2
rt 6413:200
CE1A and CE2A are VPN Sites with CE1A only having Internet Access.
Used NAT Inside on Serial1/0 at PE1-CE1A VRF Interface and NAT Outisde on GRE Tunnel 100 to P Router peering with
Internet
NAT Pool Used Inet 10.0.40.1/30
Extended ACL used 134 Denying 10.0.1.1/32 and Allowing 172.16.100.0/24 and 172.16.1.0/30
CE1A has a default Route towards PE1 via Serial1/0
ANy Non-VPN Traffic from CE1A comes to PE1 via Serial1/0 and get Natted Outbound to
10.0.40.1 and Goes to Internet Router Internet Router has Reverse Route till PE1
for 10.0.40.1 and from there Reverse NAT Happens towards CE1A
***************************************************************************************
CE1A#sh running-config
Building configuration...
Current configuration : 1294 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE1A
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 172.16.10.1 255.255.255.0
!
interface FastEthernet0/0
ip address 172.16.100.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 172.16.1.2 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
no fair-queue
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router ospf 10
log-adjacency-changes
redistribute connected subnets route-map Local
network 172.16.1.0 0.0.0.3 area 0
!
ip http server
!
!
!
!
route-map Local permit 10
match interface Loopback0 FastEthernet0/0
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
!
end
CE1A#
CE2A#sh running-config
Building configuration...
Current configuration : 1294 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE2A
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 172.16.20.1 255.255.255.0
!
interface FastEthernet0/0
ip address 172.16.200.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 172.16.2.2 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
no fair-queue
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router ospf 10
log-adjacency-changes
redistribute connected subnets route-map Local
network 172.16.2.0 0.0.0.3 area 0
!
ip http server
!
!
!
!
route-map Local permit 10
match interface Loopback0 FastEthernet0/0
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
!
end
CE2A#
Internet#sh running-config
Building configuration...
Current configuration : 1392 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Internet
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.0.100.1 255.255.255.0
!
interface Loopback1
ip address 10.0.200.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 10.0.10.2 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
no fair-queue
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router bgp 64515
no synchronization
bgp log-neighbor-changes
network 10.0.100.0 mask 255.255.255.0
network 10.0.200.0 mask 255.255.255.0
neighbor 10.0.10.1 remote-as 64513
neighbor 10.0.10.1 soft-reconfiguration inbound
no auto-summary
!
ip http server
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
!
end
Internet#
P#sh running-config
Building configuration...
Current configuration : 3071 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname P
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
ip vrf CEA
rd 64513:1
route-target export 64513:100
route-target import 64513:100
!
ip vrf Inet
rd 64513:2
route-target export 64513:200
route-target import 64513:200
!
!
!
!
!
ip cef
!
!
multilink bundle-name authenticated
mpls label protocol ldp
call rsvp-sync
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Tunnel100
ip vrf forwarding CEA
ip address 10.0.40.2 255.255.255.252
tunnel source Serial1/0
tunnel destination 192.168.1.1
!
interface Loopback0
ip address 10.0.3.1 255.255.255.255
ip router isis
isis circuit-type level-1
!
interface Loopback1
no ip address
!
interface Loopback2
no ip address
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
ip address 192.168.1.2 255.255.255.252
ip router isis
mpls label protocol ldp
mpls ip
no fair-queue
serial restart-delay 0
isis circuit-type level-2-only
!
interface Serial1/1
ip address 192.168.1.6 255.255.255.252
ip router isis
mpls label protocol ldp
mpls ip
serial restart-delay 0
isis circuit-type level-2-only
!
interface Serial1/2
ip vrf forwarding Inet
ip address 10.0.10.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
router isis
net 49.0002.3333.2222.1111.00
!
router bgp 64513
no synchronization
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 10.0.1.1 remote-as 64513
neighbor 10.0.1.1 update-source Loopback0
neighbor 10.0.2.1 remote-as 64513
neighbor 10.0.2.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 10.0.1.1 activate
neighbor 10.0.1.1 send-community extended
neighbor 10.0.2.1 activate
neighbor 10.0.2.1 send-community extended
exit-address-family
!
address-family ipv4 vrf CEA
no synchronization
redistribute connected
exit-address-family
!
address-family ipv4 vrf Inet
no synchronization
redistribute connected
neighbor 10.0.10.2 remote-as 64515
neighbor 10.0.10.2 activate
neighbor 10.0.10.2 send-community extended
neighbor 10.0.10.2 soft-reconfiguration inbound
exit-address-family
!
ip classless
!
!
no ip http server
no ip http secure-server
!
access-list 101 deny ip host 10.0.2.1 any
access-list 101 deny ip host 10.0.1.1 any
access-list 101 deny ip host 10.0.3.1 any
access-list 101 permit ip 172.16.10.0 0.0.0.255 any
!
route-map Inet permit 10
match ip address 101
!
!
mpls ldp router-id Loopback0
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
P#
PE1#sh running-config
Building configuration...
Current configuration : 3372 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE1
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
ip vrf CEA
rd 64513:1
route-target export 64513:100
route-target import 64513:100
!
ip vrf Inet
rd 64513:2
route-target export 64513:200
route-target import 64513:200
!
!
!
!
!
ip cef
!
!
multilink bundle-name authenticated
mpls label protocol ldp
call rsvp-sync
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Tunnel100
ip vrf forwarding CEA
ip address 10.0.40.1 255.255.255.252
ip nat outside
tunnel source Serial1/1
tunnel destination 192.168.1.2
!
interface Loopback0
ip address 10.0.1.1 255.255.255.255
ip router isis
isis circuit-type level-1
!
interface Loopback1
ip vrf forwarding Inet
ip address 10.0.20.1 255.255.255.252
ip nat outside
!
interface Loopback2
ip vrf forwarding CEA
ip address 172.16.30.1 255.255.255.252
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
ip vrf forwarding CEA
ip address 172.16.1.1 255.255.255.252
ip nat inside
no fair-queue
serial restart-delay 0
!
interface Serial1/1
ip address 192.168.1.1 255.255.255.252
ip router isis
mpls label protocol ldp
mpls ip
serial restart-delay 0
isis circuit-type level-2-only
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
router ospf 10 vrf CEA
log-adjacency-changes
redistribute bgp 64513 subnets
network 172.16.1.0 0.0.0.3 area 0
default-information originate always
!
router isis
net 49.0001.1111.2222.3333.00
!
router bgp 64513
no synchronization
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 10.0.2.1 remote-as 64513
neighbor 10.0.2.1 update-source Loopback0
neighbor 10.0.3.1 remote-as 64513
neighbor 10.0.3.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 10.0.2.1 activate
neighbor 10.0.2.1 send-community extended
neighbor 10.0.2.1 next-hop-self
neighbor 10.0.3.1 activate
neighbor 10.0.3.1 send-community extended
exit-address-family
!
address-family ipv4 vrf CEA
no synchronization
redistribute connected
redistribute ospf 10 vrf CEA match internal external 1 external 2
exit-address-family
!
address-family ipv4 vrf Inet
no synchronization
redistribute connected
exit-address-family
!
ip nat pool Inet 10.0.40.1 10.0.40.1 netmask 255.255.255.252
ip nat inside source list 134 interface Tunnel100 vrf CEA overload
ip classless
ip route vrf CEA 0.0.0.0 0.0.0.0 Tunnel100
!
!
no ip http server
no ip http secure-server
!
access-list 134 deny ip host 10.0.1.1 any
access-list 134 permit ip 172.16.100.0 0.0.0.255 any
access-list 134 permit ip 172.16.1.0 0.0.0.3 any
!
route-map Inet permit 10
match ip address 134
match extcommunity 64513:200
!
!
mpls ldp router-id Loopback0
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
PE1#
PE2#sh running-config
Building configuration...
Current configuration : 2439 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE2
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
ip vrf CEA
rd 64513:1
route-target export 64513:100
route-target import 64513:100
!
ip vrf Inet
rd 64513:2
route-target export 64513:200
route-target import 64513:200
!
!
!
!
!
ip cef
!
!
multilink bundle-name authenticated
mpls label protocol ldp
call rsvp-sync
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.0.2.1 255.255.255.255
ip router isis
isis circuit-type level-1
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
ip address 192.168.1.5 255.255.255.252
ip router isis
mpls label protocol ldp
mpls ip
no fair-queue
serial restart-delay 0
isis circuit-type level-2-only
!
interface Serial1/1
ip vrf forwarding CEA
ip address 172.16.2.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
router ospf 10 vrf CEA
log-adjacency-changes
redistribute bgp 64513 subnets
network 172.16.2.0 0.0.0.3 area 0
!
router isis
net 49.0002.2222.1111.3333.00
!
router bgp 64513
no synchronization
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 10.0.1.1 remote-as 64513
neighbor 10.0.3.1 remote-as 64513
neighbor 10.0.3.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 10.0.1.1 activate
neighbor 10.0.1.1 send-community extended
neighbor 10.0.1.1 next-hop-self
neighbor 10.0.3.1 activate
neighbor 10.0.3.1 send-community extended
exit-address-family
!
address-family ipv4 vrf CEA
no synchronization
redistribute connected
redistribute ospf 10 vrf CEA match internal external 1 external 2
exit-address-family
!
ip classless
!
!
no ip http server
no ip http secure-server
!
!
!
mpls ldp router-id Loopback0
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
PE2#
PE2#
OUTPUT
PE1#show access-lists
Extended IP access list 134
10 deny ip host 10.0.1.1 any
20 permit ip 172.16.100.0 0.0.0.255 any (9 matches)
30 permit ip 172.16.1.0 0.0.0.3 any (37 matches)
PE1#
PE1#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 10.0.40.1:1024 172.16.1.2:71 10.0.100.1:71 10.0.100.1:1024
udp 10.0.40.1:1024 172.16.1.2:49191 10.0.200.1:33437 10.0.200.1:33437
udp 10.0.40.1:1025 172.16.1.2:49192 10.0.200.1:33438 10.0.200.1:33438
udp 10.0.40.1:1026 172.16.1.2:49193 10.0.200.1:33439 10.0.200.1:33439
udp 10.0.40.1:1027 172.16.1.2:49194 10.0.200.1:33440 10.0.200.1:33440
udp 10.0.40.1:1028 172.16.1.2:49195 10.0.200.1:33441 10.0.200.1:33441
udp 10.0.40.1:1029 172.16.1.2:49196 10.0.200.1:33442 10.0.200.1:33442
PE1#
CE1A#ping 172.16.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/101/240 ms
CE1A#tra
CE1A#traceroute 10.0.200.1
Type escape sequence to abort.
Tracing the route to 10.0.200.1
1 172.16.1.1 36 msec 40 msec 88 msec
2 10.0.40.2 184 msec 212 msec 104 msec
3 10.0.10.2 196 msec 652 msec 264 msec
CE1A#
CE1A#ping 10.0.200.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.200.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/72/100 ms
CE1A#
CE2A#ping 172.16.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 84/107/136 ms
CE2A#
CE2A#ping 10.0.200.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.200.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 120/148/192 ms
CE2A#
PE1#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/32 is subnetted, 3 subnets
C 10.0.1.1 is directly connected, Loopback0
i L2 10.0.2.1 [115/30] via 192.168.1.2, Serial1/1
i L2 10.0.3.1 [115/20] via 192.168.1.2, Serial1/1
192.168.1.0/24 is variably subnetted, 3 subnets, 2 masks
C 192.168.1.0/30 is directly connected, Serial1/1
L 192.168.1.1/32 is directly connected, Serial1/1
i L2 192.168.1.4/30 [115/20] via 192.168.1.2, Serial1/1
PE1#
P#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/32 is subnetted, 3 subnets
i L2 10.0.1.1 [115/20] via 192.168.1.1, Serial1/0
i L2 10.0.2.1 [115/20] via 192.168.1.5, Serial1/1
C 10.0.3.1 is directly connected, Loopback0
192.168.1.0/24 is variably subnetted, 4 subnets, 2 masks
C 192.168.1.0/30 is directly connected, Serial1/0
L 192.168.1.2/32 is directly connected, Serial1/0
C 192.168.1.4/30 is directly connected, Serial1/1
L 192.168.1.6/32 is directly connected, Serial1/1
P#
P#sh ip route vrf CEA
Routing Table: CEA
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/30 is subnetted, 1 subnets
B 10.0.40.0 [200/0] via 10.0.1.1, 00:15:44
172.16.0.0/16 is variably subnetted, 7 subnets, 2 masks
B 172.16.1.0/30 [200/0] via 10.0.1.1, 01:31:02
B 172.16.2.0/30 [200/0] via 10.0.2.1, 02:12:22
B 172.16.10.0/24 [200/20] via 10.0.1.1, 01:31:02
B 172.16.20.0/24 [200/20] via 10.0.2.1, 02:12:22
B 172.16.30.0/30 [200/0] via 10.0.1.1, 01:31:02
B 172.16.100.0/24 [200/20] via 10.0.1.1, 01:31:02
B 172.16.200.0/24 [200/20] via 10.0.2.1, 02:12:22
P#sh ip route vrf Inet
Routing Table: Inet
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 7 subnets, 3 masks
C 10.0.10.0/30 is directly connected, Serial1/2
L 10.0.10.1/32 is directly connected, Serial1/2
B 10.0.20.0/30 [200/0] via 10.0.1.1, 01:35:45
C 10.0.40.0/30 is directly connected, Tunnel100
L 10.0.40.2/32 is directly connected, Tunnel100
B 10.0.100.0/24 [20/0] via 10.0.10.2, 02:20:19
B 10.0.200.0/24 [20/0] via 10.0.10.2, 00:17:48
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
B 172.16.2.0/30 [200/0] via 10.0.2.1, 00:04:40
B 172.16.20.0/24 [200/20] via 10.0.2.1, 00:04:40
B 172.16.200.0/24 [200/20] via 10.0.2.1, 00:04:41
P#
P#
P#sh ip route vrf CEA
Routing Table: CEA
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
B 10.0.10.0/30 is directly connected, 00:04:43, Serial1/2
L 10.0.10.1/32 is directly connected, Serial1/2
B 10.0.20.0/30 [200/0] via 10.0.1.1, 00:04:43
B 10.0.40.0/30 [20/0] via 0.0.0.0 (Inet), 00:04:28, Tunnel100
B 10.0.100.0/24 [20/0] via 10.0.10.2 (Inet), 00:04:43
B 10.0.200.0/24 [20/0] via 10.0.10.2 (Inet), 00:04:43
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
B 172.16.2.0/30 [200/0] via 10.0.2.1, 02:17:08
B 172.16.20.0/24 [200/20] via 10.0.2.1, 02:17:08
B 172.16.200.0/24 [200/20] via 10.0.2.1, 02:17:08
P#
P#
PE2#sh ip route vrf CEA
Routing Table: CEA
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
B 10.0.10.0/30 [200/0] via 10.0.3.1, 00:00:06
B 10.0.20.0/30 [200/0] via 10.0.1.1, 00:00:06
B 10.0.40.0/30 [200/0] via 10.0.3.1, 00:00:06
B 10.0.100.0/24 [200/0] via 10.0.3.1, 00:00:06
B 10.0.200.0/24 [200/0] via 10.0.3.1, 00:00:06
172.16.0.0/16 is variably subnetted, 8 subnets, 3 masks
B 172.16.1.0/30 [200/0] via 10.0.1.1, 01:27:03
C 172.16.2.0/30 is directly connected, Serial1/1
L 172.16.2.1/32 is directly connected, Serial1/1
B 172.16.10.0/24 [200/20] via 10.0.1.1, 01:27:03
O E2 172.16.20.0/24 [110/20] via 172.16.2.2, 02:09:56, Serial1/1
B 172.16.30.0/30 [200/0] via 10.0.1.1, 01:27:03
B 172.16.100.0/24 [200/20] via 10.0.1.1, 01:27:04
O E2 172.16.200.0/24 [110/20] via 172.16.2.2, 02:09:57, Serial1/1
PE2#
PE2#
PE2#sh ip route vrf Inet
Routing Table: Inet
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
B 10.0.10.0/30 [200/0] via 10.0.3.1, 01:58:26
B 10.0.20.0/30 [200/0] via 10.0.1.1, 01:28:14
B 10.0.40.0/30 [200/0] via 10.0.3.1, 01:02:52
B 10.0.100.0/24 [200/0] via 10.0.3.1, 01:58:26
B 10.0.200.0/24 [200/0] via 10.0.3.1, 00:10:03
172.16.0.0/16 is variably subnetted, 8 subnets, 3 masks
B 172.16.1.0/30 [200/0] via 10.0.1.1, 00:00:17
B 172.16.2.0/30 is directly connected, 00:00:17, Serial1/1
L 172.16.2.1/32 is directly connected, Serial1/1
B 172.16.10.0/24 [200/20] via 10.0.1.1, 00:00:17
B 172.16.20.0/24 [20/20] via 172.16.2.2 (CEA), 00:00:18, Serial1/1
B 172.16.30.0/30 [200/0] via 10.0.1.1, 00:00:18
B 172.16.100.0/24 [200/20] via 10.0.1.1, 00:00:18
B 172.16.200.0/24 [20/20] via 172.16.2.2 (CEA), 00:00:18, Serial1/1
PE2#
PE2#
PE1#sh ip route vrf CEA
Routing Table: CEA
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, Tunnel100
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.40.0/30 is directly connected, Tunnel100
L 10.0.40.1/32 is directly connected, Tunnel100
172.16.0.0/16 is variably subnetted, 9 subnets, 3 masks
C 172.16.1.0/30 is directly connected, Serial1/0
L 172.16.1.1/32 is directly connected, Serial1/0
B 172.16.2.0/30 [200/0] via 10.0.2.1, 00:15:48
O E2 172.16.10.0/24 [110/20] via 172.16.1.2, 02:09:38, Serial1/0
B 172.16.20.0/24 [200/20] via 10.0.2.1, 00:15:48
C 172.16.30.0/30 is directly connected, Loopback2
L 172.16.30.1/32 is directly connected, Loopback2
O E2 172.16.100.0/24 [110/20] via 172.16.1.2, 02:09:39, Serial1/0
B 172.16.200.0/24 [200/20] via 10.0.2.1, 00:15:51
PE1#
PE1#sh ip route vrf Inet
Routing Table: Inet
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
B 10.0.10.0/30 [200/0] via 10.0.3.1, 01:25:13
C 10.0.20.0/30 is directly connected, Loopback1
L 10.0.20.1/32 is directly connected, Loopback1
B 10.0.40.0/30 [200/0] via 10.0.3.1, 00:10:09
B 10.0.100.0/24 [200/0] via 10.0.3.1, 01:25:13
B 10.0.200.0/24 [200/0] via 10.0.3.1, 00:07:04
PE1#
CE2A#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 7 subnets, 2 masks
C 172.16.200.0/24 is directly connected, FastEthernet0/0
O E2 172.16.30.0/30 [110/1] via 172.16.2.1, 01:28:26, Serial1/0
C 172.16.20.0/24 is directly connected, Loopback0
O E2 172.16.10.0/24 [110/20] via 172.16.2.1, 01:28:26, Serial1/0
O IA 172.16.1.0/30 [110/65] via 172.16.2.1, 01:28:31, Serial1/0
C 172.16.2.0/30 is directly connected, Serial1/0
O E2 172.16.100.0/24 [110/20] via 172.16.2.1, 01:28:26, Serial1/0
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
O E2 10.0.10.0/30 [110/1] via 172.16.2.1, 00:01:34, Serial1/0
O E2 10.0.20.0/30 [110/1] via 172.16.2.1, 00:01:34, Serial1/0
O E2 10.0.40.0/30 [110/1] via 172.16.2.1, 00:13:05, Serial1/0
O E2 10.0.100.0/24 [110/1] via 172.16.2.1, 00:01:34, Serial1/0
O E2 10.0.200.0/24 [110/1] via 172.16.2.1, 00:01:35, Serial1/0
CE2A#
CE1A#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 172.16.1.1 to network 0.0.0.0
172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
O E2 172.16.200.0/24 [110/20] via 172.16.1.1, 00:19:46, Serial1/0
O E2 172.16.20.0/24 [110/20] via 172.16.1.1, 00:19:46, Serial1/0
C 172.16.10.0/24 is directly connected, Loopback0
C 172.16.1.0/30 is directly connected, Serial1/0
O IA 172.16.2.0/30 [110/65] via 172.16.1.1, 00:19:51, Serial1/0
C 172.16.100.0/24 is directly connected, FastEthernet0/0
O*E2 0.0.0.0/0 [110/1] via 172.16.1.1, 00:19:46, Serial1/0
CE1A#
Internet#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
B 172.16.200.0/24 [20/0] via 10.0.10.1, 00:03:49
B 172.16.20.0/24 [20/0] via 10.0.10.1, 00:03:49
B 172.16.2.0/30 [20/0] via 10.0.10.1, 00:03:49
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C 10.0.10.0/30 is directly connected, Serial1/0
B 10.0.20.0/30 [20/0] via 10.0.10.1, 01:34:55
B 10.0.40.0/30 [20/0] via 10.0.10.1, 01:09:53
C 10.0.100.0/24 is directly connected, Loopback0
C 10.0.200.0/24 is directly connected, Loopback1
Internet#
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)