Friday, January 1, 2010

Implementing Internet Access in MPLS L3 VPN via Dedicated VRF with NAT at Internet PE via GRE Tunnel LAB



Config Guidelines
****************************************************************************************
Scenario - Providing Internet Access to MPLS VPN Cusomer using Deicated VRF along with
using NAT for the Customer's Private IP Block used for Internet at the Internet PE Router
Peering with Internet
Design Challenge: We need to do NAT for the IP Block Inside Customer VRF and Pass the Natted IPs to
Internet VRF. The Internet ROuter needs to have route to the NAT IP.
Soultion: Set up a GRE Tunnel between the PE Router peering with Internet and PE Router
peering with Customer Site and put this Tunnel in Customer VPN. This Tunnel will have Public Routable
IPs over Internet. The Traffic coming from Private IPs across Customer VPN will get Natted to this IP.
For making this GRE Tunnel reachable in Internet VRF , Import the ROute-Target for Customer VPN in
Internet Router on PE to Internet. Also we need to use a different ROute-Target for the Customers site requiring
Internet access and those will be not imported in Internet VRF but other customers Site VRF. Send a default route
to the CE rquiring Internet access via PE-CE Routing Protocol and put a static default for the VRF on the PE pointing
to GRE Tunnel.
we need to propogate the Private IP Block VRF Route till the Internet Peering Router to have reachability Locally under Customer
VRF in Provider AS
This way CEs of Customer VRF can talk same way via Private IPs and Only the Traffic for Internet Access Gets Natted to GRE
Tunnel
Caveats: We will will need to setup' n'GRE Tunnel for CEs on n" PEs. Also it will lead to usage of n+1 Public IPs assuming to use
GRE Tunnels with same /24 and Internet PE End Tunnel IP Fixed and Local PE Tunnel IP Changing.Need to define Static Routes for the
PE-CE Subnet and Intended Private LAN Blocks under the customer VRF poiting to GRT Tunnel for local VRF Reachability
ISP AS used 64513
IGP in ISP is ISIS with Loopbacks in Level-1 and Core Links in Level-2
EBGP used with Internet Router
Customer AS Used 64514
PE-CE Routing Protocol OSPF
Internet AS 64515
Lo0 and Lo1 used for Dummy Traffic
Customer VRF Used CEA
rd 64513:1
rt 6413:100
rt 64513:101 ( for site needing Internet Access)
Internet VRF Used Inet
rd 64513:2
rt 6413:200
CE1A and CE2A are VPN Sites with CE1A only having Internet Access.
Used NAT Inside on Serial1/0 at PE1-CE1A VRF Interface and NAT Outisde on GRE Tunnel 100 to P Router peering with
Internet
NAT Pool Used Inet 10.0.40.2/30
Extended ACL used 134 Denying 10.0.1.1/32 and Allowing 172.16.100.0/24 and 172.16.1.0/30
CE1A has a default Route towards PE1 via Serial1/0
ANy Non-VPN Traffic from CE1A comes to PE1 via Serial1/0 and get Natted Outbound to
10.0.40.2 and Goes to Internet Router Internet Router has Reverse Route till PE1
for 10.0.40.1 and from there Reverse NAT Happens towards CE1A
***************************************************************************************
CE1A#sh running-config
Building configuration...
Current configuration : 1294 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE1A
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 172.16.10.1 255.255.255.0
!
interface FastEthernet0/0
ip address 172.16.100.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 172.16.1.2 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
no fair-queue
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router ospf 10
log-adjacency-changes
redistribute connected subnets route-map Local
network 172.16.1.0 0.0.0.3 area 0
!
ip http server
!
!
!
!
route-map Local permit 10
match interface Loopback0 FastEthernet0/0
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
!
end
CE1A#
CE2A#sh running-config
Building configuration...
Current configuration : 1294 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE2A
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 172.16.20.1 255.255.255.0
!
interface FastEthernet0/0
ip address 172.16.200.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 172.16.2.2 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
no fair-queue
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router ospf 10
log-adjacency-changes
redistribute connected subnets route-map Local
network 172.16.2.0 0.0.0.3 area 0
!
ip http server
!
!
!
!
route-map Local permit 10
match interface Loopback0 FastEthernet0/0
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
!
end
CE2A#
CE2A#
CE2A#
PE1#sh running-config
Building configuration...
Current configuration : 3207 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE1
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
ip vrf CEA
rd 64513:1
route-target export 64513:101
route-target import 64513:100
!
ip vrf Inet
rd 64513:2
route-target export 64513:200
route-target import 64513:200
!
!
!
!
!
ip cef
!
!
multilink bundle-name authenticated
mpls label protocol ldp
call rsvp-sync
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Tunnel100
ip vrf forwarding CEA
ip address 10.0.40.1 255.255.255.252
mpls ip
mpls label protocol ldp
tunnel source Serial1/1
tunnel destination 192.168.1.2
!
interface Loopback0
ip address 10.0.1.1 255.255.255.255
ip router isis
isis circuit-type level-1
!
interface Loopback1
ip vrf forwarding Inet
ip address 10.0.20.1 255.255.255.252
!
interface Loopback2
ip vrf forwarding CEA
ip address 172.16.30.1 255.255.255.252
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
ip vrf forwarding CEA
ip address 172.16.1.1 255.255.255.252
no fair-queue
serial restart-delay 0
!
interface Serial1/1
ip address 192.168.1.1 255.255.255.252
ip router isis
mpls label protocol ldp
mpls ip
serial restart-delay 0
isis circuit-type level-2-only
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
router ospf 10 vrf CEA
log-adjacency-changes
redistribute bgp 64513 subnets
network 172.16.1.0 0.0.0.3 area 0
default-information originate always
!
router isis
net 49.0001.1111.2222.3333.00
!
router bgp 64513
no synchronization
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 10.0.2.1 remote-as 64513
neighbor 10.0.2.1 update-source Loopback0
neighbor 10.0.3.1 remote-as 64513
neighbor 10.0.3.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 10.0.2.1 activate
neighbor 10.0.2.1 send-community extended
neighbor 10.0.2.1 next-hop-self
neighbor 10.0.3.1 activate
neighbor 10.0.3.1 send-community extended
exit-address-family
!
address-family ipv4 vrf CEA
no synchronization
redistribute connected
redistribute ospf 10 vrf CEA match internal external 1 external 2
exit-address-family
!
address-family ipv4 vrf Inet
no synchronization
redistribute connected
exit-address-family
!
ip classless
ip route vrf CEA 0.0.0.0 0.0.0.0 Tunnel100 10.0.40.2
!
!
no ip http server
no ip http secure-server
!
access-list 134 deny ip host 10.0.1.1 any
access-list 134 permit ip 172.16.100.0 0.0.0.255 any
access-list 134 permit ip 172.16.1.0 0.0.0.3 any
!
route-map Inet permit 10
match ip address 134
match extcommunity 64513:200
!
!
mpls ldp router-id Loopback0
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
PE1#
PE1#
PE2#sh running-config
Building configuration...
Current configuration : 2532 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE2
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
ip vrf CEA
rd 64513:1
route-target export 64513:100
route-target import 64513:100
route-target import 64513:200
route-target import 64513:101
!
ip vrf Inet
rd 64513:2
route-target export 64513:200
route-target import 64513:200
route-target import 64513:100
!
!
!
!
!
ip cef
!
!
multilink bundle-name authenticated
mpls label protocol ldp
call rsvp-sync
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.0.2.1 255.255.255.255
ip router isis
isis circuit-type level-1
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
ip address 192.168.1.5 255.255.255.252
ip router isis
mpls label protocol ldp
mpls ip
no fair-queue
serial restart-delay 0
isis circuit-type level-2-only
!
interface Serial1/1
ip vrf forwarding CEA
ip address 172.16.2.1 255.255.255.252
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
router ospf 10 vrf CEA
log-adjacency-changes
redistribute bgp 64513 subnets
network 172.16.2.0 0.0.0.3 area 0
!
router isis
net 49.0002.2222.1111.3333.00
!
router bgp 64513
no synchronization
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 10.0.1.1 remote-as 64513
neighbor 10.0.3.1 remote-as 64513
neighbor 10.0.3.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 10.0.1.1 activate
neighbor 10.0.1.1 send-community extended
neighbor 10.0.1.1 next-hop-self
neighbor 10.0.3.1 activate
neighbor 10.0.3.1 send-community extended
exit-address-family
!
address-family ipv4 vrf CEA
no synchronization
redistribute connected
redistribute ospf 10 vrf CEA match internal external 1 external 2
exit-address-family
!
ip classless
!
!
no ip http server
no ip http secure-server
!
!
!
mpls ldp router-id Loopback0
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
PE2#
PE2#
P#sh running-config
Building configuration...
Current configuration : 3672 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname P
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
ip vrf CEA
rd 64513:1
route-target export 64513:100
route-target import 64513:100
route-target import 64513:200
!
ip vrf Inet
rd 64513:2
route-target export 64513:200
route-target import 64513:200
route-target import 64513:100
!
!
!
!
!
ip cef
!
!
multilink bundle-name authenticated
mpls label protocol ldp
call rsvp-sync
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Tunnel100
ip vrf forwarding CEA
ip address 10.0.40.2 255.255.255.252
ip nat inside
mpls ip
mpls label protocol ldp
tunnel source Serial1/0
tunnel destination 192.168.1.1
!
interface Loopback0
ip address 10.0.3.1 255.255.255.255
ip router isis
isis circuit-type level-1
!
interface Loopback1
no ip address
!
interface Loopback2
no ip address
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
ip address 192.168.1.2 255.255.255.252
ip router isis
mpls label protocol ldp
mpls ip
no fair-queue
serial restart-delay 0
isis circuit-type level-2-only
!
interface Serial1/1
ip address 192.168.1.6 255.255.255.252
ip router isis
mpls label protocol ldp
mpls ip
serial restart-delay 0
isis circuit-type level-2-only
!
interface Serial1/2
ip vrf forwarding Inet
ip address 10.0.10.1 255.255.255.252
ip nat outside
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/4
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/5
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/6
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/7
no ip address
shutdown
serial restart-delay 0
!
router isis
net 49.0002.3333.2222.1111.00
!
router bgp 64513
no synchronization
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 10.0.1.1 remote-as 64513
neighbor 10.0.1.1 update-source Loopback0
neighbor 10.0.2.1 remote-as 64513
neighbor 10.0.2.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 10.0.1.1 activate
neighbor 10.0.1.1 send-community extended
neighbor 10.0.2.1 activate
neighbor 10.0.2.1 send-community extended
exit-address-family
!
address-family ipv4 vrf CEA
no synchronization
redistribute connected
exit-address-family
!
address-family ipv4 vrf Inet
no synchronization
redistribute connected
neighbor 10.0.10.2 remote-as 64515
neighbor 10.0.10.2 activate
neighbor 10.0.10.2 send-community extended
neighbor 10.0.10.2 soft-reconfiguration inbound
exit-address-family
!
ip nat pool Inet 10.0.40.1 10.0.40.2 netmask 255.255.255.252
ip nat inside source list 134 pool Inet vrf CEA overload
ip nat outside source list 134 pool Inet vrf CEA
ip classless
ip route vrf CEA 172.16.1.0 255.255.255.252 Tunnel100
ip route vrf CEA 172.16.100.0 255.255.255.0 Tunnel100
!
!
no ip http server
no ip http secure-server
!
access-list 101 deny ip host 10.0.2.1 any
access-list 101 deny ip host 10.0.1.1 any
access-list 101 deny ip host 10.0.3.1 any
access-list 101 permit ip 172.16.10.0 0.0.0.255 any
access-list 134 deny ip host 10.0.1.1 any
access-list 134 deny ip host 10.0.2.1 any
access-list 134 deny ip host 10.0.3.1 any
access-list 134 permit ip 172.16.1.0 0.0.0.3 any
access-list 134 permit ip 172.16.100.0 0.0.0.255 any
!
route-map Inet permit 10
match ip address 101
!
!
mpls ldp router-id Loopback0
!
control-plane
!
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
end
P#
P#
P#
Internet#sh running-config
Building configuration...
Current configuration : 1392 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Internet
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.0.100.1 255.255.255.0
!
interface Loopback1
ip address 10.0.200.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 10.0.10.2 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
no fair-queue
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router bgp 64515
no synchronization
bgp log-neighbor-changes
network 10.0.100.0 mask 255.255.255.0
network 10.0.200.0 mask 255.255.255.0
neighbor 10.0.10.1 remote-as 64513
neighbor 10.0.10.1 soft-reconfiguration inbound
no auto-summary
!
ip http server
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
!
end
Internet#
Internet#
Internet#
******************************************************
OUTPUT
*******************************************************
CE1A#ping 10.0.200.1 source f0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.200.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.100.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 204/252/284 ms
CE1A#ping 172.16.200.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.200.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 256/418/804 ms
CE1A#
CE1A#traceroute 10.0.200.1 source fastEthernet 0/0
Type escape sequence to abort.
Tracing the route to 10.0.200.1
1 172.16.1.1 92 msec 40 msec 108 msec
2 10.0.40.2 136 msec 428 msec 292 msec
3 10.0.10.2 340 msec 340 msec *
CE1A#
CE1A#traceroute 172.16.200.1
Type escape sequence to abort.
Tracing the route to 172.16.200.1
1 172.16.1.1 56 msec 40 msec 88 msec
2 192.168.1.2 104 msec 124 msec 204 msec
3 172.16.2.1 200 msec 272 msec 124 msec
4 172.16.2.2 212 msec 224 msec *
CE1A#
CE2A#ping 10.0.200.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.200.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/127/168 ms
CE2A#ping 172.16.100.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.100.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 116/180/308 ms
CE2A#
CE2A#traceroute 172.16.100.1
Type escape sequence to abort.
Tracing the route to 172.16.100.1
1 172.16.2.1 52 msec 132 msec 124 msec
2 192.168.1.6 284 msec 192 msec 168 msec
3 172.16.1.1 200 msec 184 msec 80 msec
4 172.16.1.2 208 msec 196 msec *
CE2A#
CE2A#traceroute 10.0.200.1
Type escape sequence to abort.
Tracing the route to 10.0.200.1
1 172.16.2.1 108 msec 112 msec 44 msec
2 10.0.10.1 128 msec 56 msec 120 msec
3 10.0.10.2 184 msec 180 msec *
CE2A#
CE1A#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 172.16.1.1 to network 0.0.0.0
172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
O E2 172.16.200.0/24 [110/20] via 172.16.1.1, 01:52:11, Serial1/0
O E2 172.16.20.0/24 [110/20] via 172.16.1.1, 01:52:11, Serial1/0
C 172.16.10.0/24 is directly connected, Loopback0
C 172.16.1.0/30 is directly connected, Serial1/0
O IA 172.16.2.0/30 [110/65] via 172.16.1.1, 01:52:16, Serial1/0
C 172.16.100.0/24 is directly connected, FastEthernet0/0
O*E2 0.0.0.0/0 [110/1] via 172.16.1.1, 01:37:35, Serial1/0
CE1A#
CE2A#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 7 subnets, 2 masks
C 172.16.200.0/24 is directly connected, FastEthernet0/0
O E2 172.16.30.0/30 [110/1] via 172.16.2.1, 01:52:42, Serial1/0
C 172.16.20.0/24 is directly connected, Loopback0
O E2 172.16.10.0/24 [110/20] via 172.16.2.1, 01:52:42, Serial1/0
O IA 172.16.1.0/30 [110/65] via 172.16.2.1, 01:52:47, Serial1/0
C 172.16.2.0/30 is directly connected, Serial1/0
O E2 172.16.100.0/24 [110/20] via 172.16.2.1, 01:52:42, Serial1/0
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
O E2 10.0.10.0/30 [110/1] via 172.16.2.1, 01:52:42, Serial1/0
O E2 10.0.20.0/30 [110/1] via 172.16.2.1, 01:52:42, Serial1/0
O E2 10.0.40.0/30 [110/1] via 172.16.2.1, 01:52:42, Serial1/0
O E2 10.0.100.0/24 [110/1] via 172.16.2.1, 01:52:42, Serial1/0
O E2 10.0.200.0/24 [110/1] via 172.16.2.1, 01:52:43, Serial1/0
CE2A#
CE2A#
PE1#sh ip route vrf CEA
Routing Table: CEA
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 10.0.40.2 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 10.0.40.2, Tunnel100
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.40.0/30 is directly connected, Tunnel100
L 10.0.40.1/32 is directly connected, Tunnel100
172.16.0.0/16 is variably subnetted, 9 subnets, 3 masks
C 172.16.1.0/30 is directly connected, Serial1/0
L 172.16.1.1/32 is directly connected, Serial1/0
B 172.16.2.0/30 [200/0] via 10.0.2.1, 01:38:33
O E2 172.16.10.0/24 [110/20] via 172.16.1.2, 01:38:33, Serial1/0
B 172.16.20.0/24 [200/20] via 10.0.2.1, 01:38:33
C 172.16.30.0/30 is directly connected, Loopback2
L 172.16.30.1/32 is directly connected, Loopback2
O E2 172.16.100.0/24 [110/20] via 172.16.1.2, 01:38:34, Serial1/0
B 172.16.200.0/24 [200/20] via 10.0.2.1, 01:38:35
PE1#sh ip route vrf Inet
Routing Table: Inet
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
B 10.0.10.0/30 [200/0] via 10.0.3.1, 01:38:38
C 10.0.20.0/30 is directly connected, Loopback1
L 10.0.20.1/32 is directly connected, Loopback1
B 10.0.100.0/24 [200/0] via 10.0.3.1, 01:38:38
B 10.0.200.0/24 [200/0] via 10.0.3.1, 01:38:38
PE1#
PE1#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/32 is subnetted, 3 subnets
C 10.0.1.1 is directly connected, Loopback0
i L2 10.0.2.1 [115/30] via 192.168.1.2, Serial1/1
i L2 10.0.3.1 [115/20] via 192.168.1.2, Serial1/1
192.168.1.0/24 is variably subnetted, 3 subnets, 2 masks
C 192.168.1.0/30 is directly connected, Serial1/1
L 192.168.1.1/32 is directly connected, Serial1/1
i L2 192.168.1.4/30 [115/20] via 192.168.1.2, Serial1/1
PE1#
P#sh ip route vrf CEA
Routing Table: CEA
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 7 subnets, 3 masks
B 10.0.10.0/30 is directly connected, 01:39:35, Serial1/2
L 10.0.10.1/32 is directly connected, Serial1/2
B 10.0.20.0/30 [200/0] via 10.0.1.1, 01:39:35
C 10.0.40.0/30 is directly connected, Tunnel100
L 10.0.40.2/32 is directly connected, Tunnel100
B 10.0.100.0/24 [20/0] via 10.0.10.2 (Inet), 01:39:35
B 10.0.200.0/24 [20/0] via 10.0.10.2 (Inet), 01:39:35
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
S 172.16.1.0/30 is directly connected, Tunnel100
B 172.16.2.0/30 [200/0] via 10.0.2.1, 01:39:35
B 172.16.20.0/24 [200/20] via 10.0.2.1, 01:39:36
S 172.16.100.0/24 is directly connected, Tunnel100
B 172.16.200.0/24 [200/20] via 10.0.2.1, 01:39:37
P#sh ip route vrf Inet
Routing Table: Inet
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 7 subnets, 3 masks
C 10.0.10.0/30 is directly connected, Serial1/2
L 10.0.10.1/32 is directly connected, Serial1/2
B 10.0.20.0/30 [200/0] via 10.0.1.1, 01:39:40
B 10.0.40.0/30 is directly connected, 00:52:54, Tunnel100
L 10.0.40.2/32 is directly connected, Tunnel100
B 10.0.100.0/24 [20/0] via 10.0.10.2, 01:39:40
B 10.0.200.0/24 [20/0] via 10.0.10.2, 01:39:40
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
B 172.16.2.0/30 [200/0] via 10.0.2.1, 01:39:40
B 172.16.20.0/24 [200/20] via 10.0.2.1, 01:39:40
B 172.16.200.0/24 [200/20] via 10.0.2.1, 01:39:41
P#
P#sh ip rou
P#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/32 is subnetted, 3 subnets
i L2 10.0.1.1 [115/20] via 192.168.1.1, Serial1/0
i L2 10.0.2.1 [115/20] via 192.168.1.5, Serial1/1
C 10.0.3.1 is directly connected, Loopback0
192.168.1.0/24 is variably subnetted, 4 subnets, 2 masks
C 192.168.1.0/30 is directly connected, Serial1/0
L 192.168.1.2/32 is directly connected, Serial1/0
C 192.168.1.4/30 is directly connected, Serial1/1
L 192.168.1.6/32 is directly connected, Serial1/1
P#
PE2#sh ip route vrf CEA
Routing Table: CEA
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
B 10.0.10.0/30 [200/0] via 10.0.3.1, 01:54:11
B 10.0.20.0/30 [200/0] via 10.0.1.1, 01:54:11
B 10.0.40.0/30 [200/0] via 10.0.3.1, 00:53:37
B 10.0.100.0/24 [200/0] via 10.0.3.1, 01:54:11
B 10.0.200.0/24 [200/0] via 10.0.3.1, 01:54:11
172.16.0.0/16 is variably subnetted, 8 subnets, 3 masks
B 172.16.1.0/30 [200/0] via 10.0.1.1, 01:54:41
C 172.16.2.0/30 is directly connected, Serial1/1
L 172.16.2.1/32 is directly connected, Serial1/1
B 172.16.10.0/24 [200/20] via 10.0.1.1, 01:54:41
O E2 172.16.20.0/24 [110/20] via 172.16.2.2, 01:56:02, Serial1/1
B 172.16.30.0/30 [200/0] via 10.0.1.1, 01:54:42
B 172.16.100.0/24 [200/20] via 10.0.1.1, 01:54:42
O E2 172.16.200.0/24 [110/20] via 172.16.2.2, 01:56:03, Serial1/1
PE2#sh ip route vrf Inet
Routing Table: Inet
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
B 10.0.10.0/30 [200/0] via 10.0.3.1, 01:54:46
B 10.0.20.0/30 [200/0] via 10.0.1.1, 01:54:46
B 10.0.40.0/30 [200/0] via 10.0.3.1, 00:53:27
B 10.0.100.0/24 [200/0] via 10.0.3.1, 01:54:46
B 10.0.200.0/24 [200/0] via 10.0.3.1, 01:54:46
172.16.0.0/16 is variably subnetted, 4 subnets, 3 masks
B 172.16.2.0/30 is directly connected, 01:54:46, Serial1/1
L 172.16.2.1/32 is directly connected, Serial1/1
B 172.16.20.0/24 [20/20] via 172.16.2.2 (CEA), 01:54:16, Serial1/1
B 172.16.200.0/24 [20/20] via 172.16.2.2 (CEA), 01:54:16, Serial1/1
PE2#
PE2#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
10.0.0.0/32 is subnetted, 3 subnets
i L2 10.0.1.1 [115/30] via 192.168.1.6, Serial1/0
C 10.0.2.1 is directly connected, Loopback0
i L2 10.0.3.1 [115/20] via 192.168.1.6, Serial1/0
192.168.1.0/24 is variably subnetted, 3 subnets, 2 masks
i L2 192.168.1.0/30 [115/20] via 192.168.1.6, Serial1/0
C 192.168.1.4/30 is directly connected, Serial1/0
L 192.168.1.5/32 is directly connected, Serial1/0
PE2#
Internet#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
B 172.16.200.0/24 [20/0] via 10.0.10.1, 01:54:20
B 172.16.20.0/24 [20/0] via 10.0.10.1, 01:54:20
B 172.16.2.0/30 [20/0] via 10.0.10.1, 01:54:20
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C 10.0.10.0/30 is directly connected, Serial1/0
B 10.0.20.0/30 [20/0] via 10.0.10.1, 01:55:21
B 10.0.40.0/30 [20/0] via 10.0.10.1, 00:53:22
C 10.0.100.0/24 is directly connected, Loopback0
C 10.0.200.0/24 is directly connected, Loopback1
Internet#
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)