Confgiguration Guidelines
*************************************************************************
Scenario - Providing Carrier Internet Access to Customer Carrier in Carrier
Supporting Carrier Multicast MPLS L3 VPN Services Both Customer Carrier
and Customer Carrier running MPLS
Design Considerations and Soultions: To Provide Internet Access in CSC MPLS VPN
Services we are considering Option Making Customer Carrier a MPLS
VPN Customer for Parent Carrier and Using Route Leaking with VRF Aware NAT at
the Internet PE in Parent Carrier and VRF Aware NAT at the Local PE in Customer Carrier
ISP A AS used 64514 - Parent carrier
ISP 2 AS used 64513 - Customer Carrier
IGP in ISPA is ISIS
****************************************************************************
CE1A#sh running-config
Building configuration...
Current configuration : 844 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE1A
!
boot-start-marker
boot-end-marker
!
no logging console
!
memory-size iomem 15
no aaa new-model
ip subnet-zero
ip cef
!
!
!
no ip domain lookup
no ftp-server write-enable
!
!
!
!
interface Loopback0
ip address 172.16.100.1 255.255.255.252
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
ip address 192.168.1.2 255.255.255.252
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
!
router ospf 20
log-adjacency-changes
network 172.16.100.0 0.0.0.3 area 0
network 192.168.1.0 0.0.0.3 area 0
!
ip classless
ip http server
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
!
end
CE1A#
CE2A#sh running-config
Building configuration...
Current configuration : 844 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CE2A
!
boot-start-marker
boot-end-marker
!
no logging console
!
memory-size iomem 15
no aaa new-model
ip subnet-zero
ip cef
!
!
!
no ip domain lookup
no ftp-server write-enable
!
!
!
!
interface Loopback0
ip address 172.16.200.1 255.255.255.252
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
ip address 192.168.2.2 255.255.255.252
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
!
router ospf 20
log-adjacency-changes
network 172.16.200.0 0.0.0.3 area 0
network 192.168.2.0 0.0.0.3 area 0
!
ip classless
ip http server
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
!
end
CE2A#
CE2A#
CE2A#
ISPB_PE1#sh running-config
Building configuration...
Current configuration : 2217 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISPB_PE1
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf CEA
rd 64513:1
route-target export 64513:100
route-target import 64513:100
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.0.1.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
speed auto
half-duplex
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip vrf forwarding CEA
ip address 192.168.1.1 255.255.255.252
ip nat inside
ip virtual-reassembly
mpls label protocol ldp
mpls ip
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
ip address 192.168.3.1 255.255.255.252
ip nat outside
ip virtual-reassembly
mpls label protocol ldp
mpls ip
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router ospf 20 vrf CEA
log-adjacency-changes
redistribute bgp 64513 subnets
network 192.168.1.0 0.0.0.3 area 0
default-information originate always
!
router bgp 64513
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.0.2.1 remote-as 64513
neighbor 10.0.2.1 update-source Loopback0
!
address-family vpnv4
neighbor 10.0.2.1 activate
neighbor 10.0.2.1 send-community extended
exit-address-family
!
address-family ipv4 vrf CEA
redistribute connected
redistribute static
redistribute ospf 20 vrf CEA match internal external 1 external 2
no synchronization
exit-address-family
!
no ip http server
ip route 0.0.0.0 0.0.0.0 Serial1/1
ip route vrf CEA 0.0.0.0 0.0.0.0 192.168.3.2 global
!
!
ip nat inside source list 10 interface Serial1/1 vrf CEA overload
!
access-list 10 deny 10.0.1.1
access-list 10 permit any
!
!
!
!
control-plane
!
!
!
!
!
!
dial-peer cor custom
!
!
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
ISPB_PE1#
ISPB_PE2#sh running-config
Building configuration...
Current configuration : 2012 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISPB_PE2
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf CEA
rd 64513:1
route-target export 64513:100
route-target import 64513:100
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 10.0.2.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
speed auto
half-duplex
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 192.168.4.1 255.255.255.252
mpls label protocol ldp
mpls ip
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
ip vrf forwarding CEA
ip address 192.168.2.1 255.255.255.252
mpls label protocol ldp
mpls ip
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router ospf 20 vrf CEA
log-adjacency-changes
redistribute bgp 64513 subnets
network 192.168.2.0 0.0.0.3 area 0
!
router ospf 10
log-adjacency-changes
redistribute bgp 64513 subnets
network 10.0.2.1 0.0.0.0 area 0
network 192.168.4.0 0.0.0.3 area 0
!
router bgp 64513
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.0.1.1 remote-as 64513
neighbor 10.0.1.1 update-source Loopback0
!
address-family vpnv4
neighbor 10.0.1.1 activate
neighbor 10.0.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf CEA
redistribute connected
redistribute ospf 20 vrf CEA match internal external 1 external 2
no synchronization
exit-address-family
!
no ip http server
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
dial-peer cor custom
!
!
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
ISPB_PE2#
ISPB_PE2#
ISPB_PE2#
ISPA_PE1#sh running-config
Building configuration...
Current configuration : 2495 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISPA_PE1
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf CEA
rd 64514:1
route-target export 64514:100
route-target import 64514:100
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 172.16.10.1 255.255.255.255
ip router isis
ip nat outside
ip virtual-reassembly
isis circuit-type level-1
!
interface FastEthernet0/0
no ip address
shutdown
speed auto
half-duplex
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip vrf forwarding CEA
ip address 192.168.3.2 255.255.255.252
ip nat inside
ip virtual-reassembly
mpls label protocol ldp
mpls ip
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
ip address 172.16.20.2 255.255.255.252
ip nat outside
ip virtual-reassembly
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
ip address 172.16.1.1 255.255.255.252
ip router isis
mpls label protocol ldp
mpls ip
serial restart-delay 0
no dce-terminal-timing-enable
isis circuit-type level-2-only
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router eigrp 100
redistribute isis level-1-2
network 172.16.20.0 0.0.0.3
auto-summary
!
router ospf 10 vrf CEA
log-adjacency-changes
redistribute bgp 64514 subnets
network 192.168.3.0 0.0.0.3 area 0
default-information originate always
!
router isis
net 49.0001.1111.2222.3333.00
redistribute eigrp 100
!
router bgp 64514
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 172.16.20.1 remote-as 64514
neighbor 172.16.20.1 update-source Loopback0
!
address-family vpnv4
neighbor 172.16.20.1 activate
neighbor 172.16.20.1 send-community extended
exit-address-family
!
address-family ipv4 vrf CEA
redistribute connected
redistribute static
redistribute ospf 10 vrf CEA match internal external 1 external 2
no synchronization
exit-address-family
!
no ip http server
ip route vrf CEA 0.0.0.0 0.0.0.0 172.16.20.1 global
!
!
ip nat inside source list 10 interface Serial1/1 vrf CEA overload
!
access-list 10 deny 172.16.10.1
access-list 10 permit any
!
!
!
!
control-plane
!
!
!
!
!
!
dial-peer cor custom
!
!
!
!
line con 0
stopbits 1
line aux 0
line vty 0 4
login
!
!
end
ISPA_PE1#
ISPA_PE1#
ISPA_PE2#sh running-config
Building configuration...
Current configuration : 2024 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ISPA_PE2
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf CEA
rd 64514:1
route-target export 64514:100
route-target import 64514:100
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 172.16.20.1 255.255.255.255
ip router isis
isis circuit-type level-1
!
interface FastEthernet0/0
no ip address
shutdown
speed auto
half-duplex
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 172.16.1.2 255.255.255.252
ip router isis
mpls label protocol ldp
mpls ip
serial restart-delay 0
no dce-terminal-timing-enable
isis circuit-type level-2-only
!
interface Serial1/1
ip vrf forwarding CEA
ip address 192.168.4.2 255.255.255.252
mpls label protocol ldp
mpls ip
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router ospf 10 vrf CEA
log-adjacency-changes
redistribute bgp 64514 subnets
network 192.168.4.0 0.0.0.3 area 0
!
router isis
net 49.0002.2222.3333.4444.00
!
router bgp 64514
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 172.16.10.1 remote-as 64514
neighbor 172.16.10.1 update-source Loopback0
!
address-family vpnv4
neighbor 172.16.10.1 activate
neighbor 172.16.10.1 send-community extended
exit-address-family
!
address-family ipv4 vrf CEA
redistribute connected
redistribute ospf 10 vrf CEA match internal external 1 external 2
no synchronization
exit-address-family
!
no ip http server
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
dial-peer cor custom
!
!
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
ISPA_PE2#
Internet#sh running-config
Building configuration...
Current configuration : 1300 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Internet
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
!
resource policy
!
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 172.16.154.1 255.255.255.0
!
interface Loopback1
ip address 172.16.254.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial1/0
ip address 172.16.20.1 255.255.255.252
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
no dce-terminal-timing-enable
!
!
router eigrp 100
redistribute connected route-map Local
network 172.16.20.0 0.0.0.3
auto-summary
!
ip http server
!
!
!
!
route-map Local permit 10
match interface Loopback0 Loopback1
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end
Internet#
Internet#
Internet#
Internet#
*********************************************************
OUTPUT
*********************************************************
CE1A#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.1.1 to network 0.0.0.0
172.16.0.0/30 is subnetted, 1 subnets
C 172.16.100.0 is directly connected, Loopback0
192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.0 is directly connected, Serial0/0
O*E2 0.0.0.0/0 [110/1] via 192.168.1.1, 00:07:36, Serial0/0
CE1A#
ISPB_PE1#sh ip route vrf CEA
Routing Table: CEA
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.3.2 to network 0.0.0.0
172.16.0.0/32 is subnetted, 1 subnets
O 172.16.100.1 [110/65] via 192.168.1.2, 00:23:32, Serial1/0
192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.0 is directly connected, Serial1/0
S* 0.0.0.0/0 [1/0] via 192.168.3.2
ISPB_PE1#
ISPA_PE1#sh ip route vrf CEA
Routing Table: CEA
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 172.16.20.1 to network 0.0.0.0
192.168.3.0/30 is subnetted, 1 subnets
C 192.168.3.0 is directly connected, Serial1/0
S* 0.0.0.0/0 [1/0] via 172.16.20.1
ISPA_PE1#
CE1A#ping 172.16.200.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.200.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 292/384/468 ms
CE1A#ping 172.16.154.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.154.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/153/260 ms
CE1A#ping 172.16.254.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.254.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/133/220 ms
CE1A#
CE1A#
ISPB_PE1#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 192.168.3.1:4278 192.168.1.2:4278 172.16.154.1:4278 172.16.154.1:4278
icmp 192.168.3.1:4279 192.168.1.2:4279 172.16.154.1:4279 172.16.154.1:4279
icmp 192.168.3.1:4280 192.168.1.2:4280 172.16.154.1:4280 172.16.154.1:4280
icmp 192.168.3.1:4281 192.168.1.2:4281 172.16.154.1:4281 172.16.154.1:4281
icmp 192.168.3.1:4282 192.168.1.2:4282 172.16.154.1:4282 172.16.154.1:4282
icmp 192.168.3.1:8636 192.168.1.2:8636 172.16.254.1:8636 172.16.254.1:8636
icmp 192.168.3.1:8637 192.168.1.2:8637 172.16.254.1:8637 172.16.254.1:8637
icmp 192.168.3.1:8638 192.168.1.2:8638 172.16.254.1:8638 172.16.254.1:8638
icmp 192.168.3.1:8639 192.168.1.2:8639 172.16.254.1:8639 172.16.254.1:8639
icmp 192.168.3.1:8640 192.168.1.2:8640 172.16.254.1:8640 172.16.254.1:8640
udp 192.168.3.1:646 192.168.3.1:646 224.0.0.2:646 224.0.0.2:646
ISPB_PE1#
ISPB_PE1#
ISPA_PE1#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 172.16.20.2:4278 192.168.3.1:4278 172.16.154.1:4278 172.16.154.1:4278
icmp 172.16.20.2:4279 192.168.3.1:4279 172.16.154.1:4279 172.16.154.1:4279
icmp 172.16.20.2:4280 192.168.3.1:4280 172.16.154.1:4280 172.16.154.1:4280
icmp 172.16.20.2:4281 192.168.3.1:4281 172.16.154.1:4281 172.16.154.1:4281
icmp 172.16.20.2:4282 192.168.3.1:4282 172.16.154.1:4282 172.16.154.1:4282
icmp 172.16.20.2:8636 192.168.3.1:8636 172.16.254.1:8636 172.16.254.1:8636
icmp 172.16.20.2:8637 192.168.3.1:8637 172.16.254.1:8637 172.16.254.1:8637
icmp 172.16.20.2:8638 192.168.3.1:8638 172.16.254.1:8638 172.16.254.1:8638
icmp 172.16.20.2:8639 192.168.3.1:8639 172.16.254.1:8639 172.16.254.1:8639
icmp 172.16.20.2:8640 192.168.3.1:8640 172.16.254.1:8640 172.16.254.1:8640
tcp 172.16.20.2:12722 192.168.3.2:12722 10.0.1.1:646 10.0.1.1:646
tcp 172.16.20.2:16359 192.168.3.2:16359 10.0.1.1:646 10.0.1.1:646
tcp 172.16.20.2:22042 192.168.3.2:22042 10.0.1.1:646 10.0.1.1:646
tcp 172.16.20.2:22461 192.168.3.2:22461 10.0.1.1:646 10.0.1.1:646
tcp 172.16.20.2:22602 192.168.3.2:22602 10.0.1.1:646 10.0.1.1:646
tcp 172.16.20.2:26207 192.168.3.2:26207 10.0.1.1:646 10.0.1.1:646
tcp 172.16.20.2:26556 192.168.3.2:26556 10.0.1.1:646 10.0.1.1:646
tcp 172.16.20.2:27051 192.168.3.2:27051 10.0.1.1:646 10.0.1.1:646
tcp 172.16.20.2:41139 192.168.3.2:41139 10.0.1.1:646 10.0.1.1:646
tcp 172.16.20.2:42953 192.168.3.2:42953 10.0.1.1:646 10.0.1.1:646
tcp 172.16.20.2:43963 192.168.3.2:43963 10.0.1.1:646 10.0.1.1:646
tcp 172.16.20.2:45960 192.168.3.2:45960 10.0.1.1:646 10.0.1.1:646
tcp 172.16.20.2:46434 192.168.3.2:46434 10.0.1.1:646 10.0.1.1:646
tcp 172.16.20.2:50853 192.168.3.2:50853 10.0.1.1:646 10.0.1.1:646
tcp 172.16.20.2:51355 192.168.3.2:51355 10.0.1.1:646 10.0.1.1:646
tcp 172.16.20.2:51413 192.168.3.2:51413 10.0.1.1:646 10.0.1.1:646
tcp 172.16.20.2:51428 192.168.3.2:51428 10.0.1.1:646 10.0.1.1:646
tcp 172.16.20.2:53173 192.168.3.2:53173 10.0.1.1:646 10.0.1.1:646
tcp 172.16.20.2:56329 192.168.3.2:56329 10.0.1.1:646 10.0.1.1:646
tcp 172.16.20.2:56631 192.168.3.2:56631 10.0.1.1:646 10.0.1.1:646
tcp 172.16.20.2:65300 192.168.3.2:65300 10.0.1.1:646 10.0.1.1:646
ISPA_PE1#
ISPA_PE1#
No comments:
Post a Comment