1、Table of ContentsConfiguring a Basic MPLS VPN.1Introduction.1Before You Begin.1Conventions1Prerequisites.2Components Used.2Related Products.2Configure3Network Diagram.3Configuration Procedures.3Configurations4Verify11Troubleshoot.12Related Information13Cisco Configuring a Basic MPLS VPNiConfiguring
2、a Basic MPLS VPNIntroductionBefore You BeginConventionsPrerequisitesComponents UsedRelated ProductsConfigureNetwork DiagramConfiguration ProceduresConfigurationsVerifyTroubleshootRelated InformationIntroductionThis document provides a sample configuration of a Multiprotocol Label Switching (MPLS) VP
3、N over ATMwhen Border Gateway Protocol (BGP) or Routing Information Protocol (RIP) is present on the customerssite.When used with MPLS, the VPN feature allows several sites to interconnect transparently through a serviceproviders network. One service provider network can support several different IP
4、 VPNs. Each of theseappears to its users as a private network, separate from all other networks. Within a VPN, each site can sendIP packets to any other site in the same VPN.Each VPN is associated with one or more VPN routing or forwarding instances (VRFs). A VRF consists of anIP routing table, a de
5、rived Cisco express forwarding (CEF) table, and a set of interfaces that use thisforwarding table.The router maintains a separate routing and CEF table for each VRF. This prevents information being sentoutside the VPN and allows the same subnet to be used in several VPNs without causing duplicate IP
6、 addressproblems.The router using Multiprotocol BGP (MPBGP) distributes the VPN routing information using the MPBGPextended communities.For more information regarding the propagation of updates through a VPN, see the following URLs:VPN Route Target Communities BGP Distribution of VPN Routing Informa
7、tion MPLS Forwarding Before You BeginConventionsFor more information on document conventions, see the Cisco Technical Tips Conventions.Cisco Configuring a Basic MPLS VPNThe letters below represent the different types of routers and switches used.P Providers core router. PE Providers edge router. CE
8、Customers edge router. C Customers router. This diagram shows a typical configuration illustrating the conventions outlined above.PrerequisitesThere are no specific prerequisites for this document.Components UsedThe information in this document is based on the software and hardware versions below.P
9、and PE RoutersCisco IOS Software Release 12.2(6h) includes the MPLS VPN feature. Any Cisco router from the 7200 series or higher supports P functionality. The Cisco 2691, as well asany 3640 series or higher router supports PE functionality. C and CE RoutersYou can use any router that can exchange ro
10、uting information with its PE router. The information presented in this document was created from devices in a specific lab environment. All of thedevices used in this document started with a cleared (default) configuration. If you are working in a livenetwork, ensure that you understand the potenti
11、al impact of any command before using it.Related ProductsTo implement the MPLS feature, you must have a router from the range of Cisco 2600 or higher. To select therequired Cisco IOS with MPLS feature, use the Software Advisor ( registered customers only) . Also check for theadditional RAM and Flash
12、 memory required to run the MPLS feature in the routers. WIC1T, WIC2T, andserial interfaces can be used.Cisco Configuring a Basic MPLS VPNConfigureIn this section, you are presented with the information to configure the features described in this document.Note: To find additional information on the
13、commands used in this document, use the Command LookupTool ( registered customers only) .Network DiagramThis document uses the network setup shown in the diagram below.Configuration ProceduresFor more information, see MPLS Virtual Private Networks.Enabling ip cefUse the following procedure to enable
14、 ip cef. For improved performance, use ip cef distributed (whereavailable). Complete the following steps on the PEs after MPLS has been set up (configuring tagswitchingCisco Configuring a Basic MPLS VPNip on the interfaces).Create one VRF for each VPN connected using the ip vrf command.When doing th
15、is:Specify the correct route distinguisher used for that VPN. This is used to extend the IPaddress so that you can identify which VPN it belongs to.rd Set up the import and export properties for the MPBGP extended communities. These areused for filtering the import and export process.routetarget exp
16、ort|import|both 1. Configure the forwarding details for the respective interfaces using the ip vrf forwarding command and remember to set up the IP address after doing this.2. Depending on the PECE routing protocol you are using, you can configure static routes or routingprotocols (RIP, Open Shortes
17、t Path First OSPF, or BGP) between PE and CE. Detailedconfigurations are available on the MPLS over ATM Support Page.3. Configuring MPBGPConfigure MPBGP between the PE routers. There are several ways to configure BGP, such as using theroute reflector or confederation methods. The method used here di
18、rect neighbor configuration is the simplestand the least scalable.Declare the different neighbors.1. Enter the addressfamily ipv4 vrf command for eachVPN present at this PE router.Carry out one or more of the following steps, as necessary:Redistribute the static routing, RIP, or OSPF information. Re
19、distribute connected routing information. Activate BGP neighboring with the CE routers. 2. Enter the addressfamily vpnv4 mode, and complete the following steps:Activate the neighbors. Specify that extended community must be used. This is mandatory. 3. ConfigurationsThis document uses the configurati
20、ons shown below.Pescara Pesaro Pomerol Pulligny Pauillac Cisco Configuring a Basic MPLS VPNPescaraCurrent configuration:!version 12.2!hostname Pescara!ip cef! Customer A commands.ip vrf Customer_A! Enables the VPN routing and forwarding (VRF) routing table.! This command can be used in global or ! r
21、outer configuration mode. rd 100:110! Route distinguisher creates routing and forwarding ! tables for a VRF.routetarget export 100:1000! Creates lists of import and export routetarget extended ! communities for the specified VRF.routetarget import 100:1000! Customer B commands.ip vrf Customer_Brd 10
22、0:120routetarget export 100:2000routetarget import 100:2000!interface Loopback0ip address 10.10.10.4 255.255.255.255ip router isis! Customer A commands.interface Loopback101ip vrf forwarding Customer_A! Associates a VRF instance with an interface or subinterface.ip address 200.0.4.1 255.255.255.0! L
23、oopback101 and 102 use the same IP address, 200.0.4.1. ! This is allowed because they belong to two ! different customers VRFs. no ip directedbroadcast!Cisco Configuring a Basic MPLS VPN! Customer B commands.interface Loopback102ip vrf forwarding Customer_Bip address 200.0.4.1 255.255.255.0! Loopbac
24、k101 and 102 use the same IP address, 200.0.4.1. ! This is allowed because they belong to two ! different customers VRFs.no ip directedbroadcast!interface Serial2/0no ip addressno ip directedbroadcastencapsulation framerelayno fairqueue!interface Serial2/0.1 pointtopointdescription link to Pauillacb
25、andwidth 512ip address 10.1.1.14 255.255.255.252no ip directedbroadcastip router isis tagswitching ipframerelay interfacedlci 401 !router isis net 49.0001.0000.0000.0004.00istype level1! router bgp 100bgp logneighborchanges! Enables logging of BGP neighbor resets.neighbor 10.10.10.6 remoteas 100! Ad
26、ds an entry to the BGP or multiprotocol BGP neighbor table.neighbor 10.10.10.6 updatesource Loopback0! Enables BGP sessions to use a specific operational ! interface for TCP connections.! Customer A and B commands.addressfamily vpnv4! To enter address family configuration mode ! for configuring rout
27、ing sessions, such as BGP, ! that use standard VPN version 4 address prefixes.neighbor 10.10.10.6 activateneighbor 10.10.10.6 sendcommunity both! Sends the community attribute to a BGP neighbor.exitaddressfamily!Cisco Configuring a Basic MPLS VPN! Customer B commands.addressfamily ipv4 vrf Customer_
28、B! To enter address family configuration mode ! for configuring routing sessions, such as BGP, ! that use standard VPN version 4 address prefixes.redistribute connectedno autosummaryno synchronizationexitaddressfamily! Customer A commands.addressfamily ipv4 vrf Customer_Aredistribute connectedno aut
29、osummaryno synchronizationexitaddressfamily!ip classless!endPesaroCurrent configuration:!version 12.1!hostname Pesaro! Customer A commands.ip vrf Customer_Ard 100:110routetarget export 100:1000routetarget import 100:1000! Customer B commands.ip vrf Customer_Brd 100:120routetarget export 100:2000rout
30、etarget import 100:2000!ip cef!interface Loopback0ip address 10.10.10.6 255.255.255.255ip router isis ! Customer A commands.Cisco Configuring a Basic MPLS VPNinterface Loopback101ip vrf forwarding Customer_Aip address 200.0.6.1 255.255.255.0! Customer B commands.interface Loopback102ip vrf forwardin
31、g Customer_Bip address 200.0.6.1 255.255.255.0! Customer A commands.interface Loopback111ip vrf forwarding Customer_Aip address 200.1.6.1 255.255.255.0!interface Serial0/0no ip addressencapsulation framerelayno ip mroutecacherandomdetect!interface Serial0/0.1 pointtopointdescription link to Pomerolb
32、andwidth 512ip address 10.1.1.22 255.255.255.252ip router isis tagswitching ipframerelay interfacedlci 603 !router isis net 49.0001.0000.0000.0006.00istype level1!router bgp 100neighbor 10.10.10.4 remoteas 100neighbor 10.10.10.4 updatesource Loopback0! Customer B commands.addressfamily ipv4 vrf Cust
33、omer_Bredistribute connectedno autosummaryno synchronizationexitaddressfamily! Customer A commands.addressfamily ipv4 vrf Customer_Aredistribute connectedno autosummaryno synchronizationexitaddressfamily!Cisco Configuring a Basic MPLS VPN! Customer A and B commands.addressfamily vpnv4neighbor 10.10.
34、10.4 activateneighbor 10.10.10.4 sendcommunity bothexitaddressfamily!ip classless! endPomerolCurrent configuration:!version 12.0!hostname Pomerol!ip cef!interface Loopback0ip address 10.10.10.3 255.255.255.255ip router isis !interface Serial0/1no ip addressno ip directedbroadcastencapsulation framer
35、elayrandomdetect!interface Serial0/1.1 pointtopointdescription link to Pauillacip address 10.1.1.6 255.255.255.252no ip directedbroadcastip router isis tagswitching mtu 1520tagswitching ip framerelay interfacedlci 301 !interface Serial0/1.2 pointtopointdescription link to Pullignyip address 10.1.1.9
36、 255.255.255.252no ip directedbroadcastip router isis tagswitching ipframerelay interfacedlci 303 !interface Serial0/1.3 pointtopointdescription link to Pesaroip address 10.1.1.21 255.255.255.252no ip directedbroadcastip router isis tagswitching ipframerelay interfacedlci 306 !router isis net 49.000
37、1.0000.0000.0003.00istype level1Cisco Configuring a Basic MPLS VPN!ip classless!endPullignyCurrent configuration:!version 12.1!hostname Pulligny!ip cef!interface Loopback0ip address 10.10.10.2 255.255.255.255!interface Serial0/1no ip addressencapsulation framerelayrandomdetect!interface Serial0/1.1
38、pointtopointdescription link to Pauillacip address 10.1.1.2 255.255.255.252ip router isis tagswitching ip framerelay interfacedlci 201 !interface Serial0/1.2 pointtopointdescription link to Pomerolip address 10.1.1.10 255.255.255.252ip router isis tagswitching ip framerelay interfacedlci 203 !router
39、 isis passiveinterface Loopback0net 49.0001.0000.0000.0002.00istype level1!ip classless!endPauillac!version 12.1!hostname pauillac!ip cef!interface Loopback0ip address 10.10.10.1 255.255.255.255ip router isis !Cisco Configuring a Basic MPLS VPNinterface Serial0/0no ip addressencapsulation framerelay
40、no ip mroutecachetagswitching ipno fairqueue!interface Serial0/0.1 pointtopointdescription link to Pomerolbandwith 512ip address 10.1.1.1 255.255.255.252ip router isis tagswitching ip framerelay interfacedlci 102 !interface Serial0/0.2 pointtopointdescription link to Pulligny ip address 10.1.1.5 255
41、.255.255.252ip router isis tagswitching ip framerelay interfacedlci 103 !interface Serial0/0.3 pointtopointdescription link to Pescarabandwidth 512ip address 10.1.1.13 255.255.255.252ip router isis tagswitching ip framerelay interfacedlci 104 !router isis net 49.0001.0000.0000.0001.00istype level1!i
42、p classless!endVerifyThis section provides information you can use to confirm your configuration is working properly.Certain show commands are supported by the Output Interpreter Tool ( registered customers only) , which allowsyou to view an analysis of show command output.show ip vrf Verifies that
43、the correct VRF exists. show ip vrf interfaces Verifies the activated interfaces. show ip route vrf Customer_A Verifies the routing information on the PE routers. traceroute vrf Customer_A 200.0.6.1 Verifies the routing information on the PE routers. show ip bgp vpnv4 tag Verifies the BGP. show ip c
44、ef vrf Customer_A 200.0.6.1 detail Verifies the routing information on the PE routers. More commands are detailed in the MPLS VPN Solution Troubleshooting Guide.The following is sample command output of the show ip vrf command.Pescara#show ip vrf Name Default RD InterfacesCustomer_A 100:110 Loopback
45、101Cisco Configuring a Basic MPLS VPNCustomer_B 100:120 Loopback102The following is sample command output of the show ip vrf interfaces command.Pesaro#show ip vrf interfacesInterface IPAddress VRF ProtocolLoopback101 200.0.6.1 Customer_A up Loopback111 200.1.6.1 Customer_A up Loopback102 200.0.6.1 C
46、ustomer_B up The following show ip route vrf commands show the same prefix 200.0.6.0/24 in both the outputs. This isbecause the remote PE has the same network for two customers, Customer_A and Customer_B, which isallowed in a typical MPLS VPN solution.Pescara#show ip route vrf Customer_ACodes: C con
47、nected, S static, I IGRP, R RIP, M mobile, B BGPD EIGRP, EX EIGRP external, O OSPF, IA OSPF inter area N1 OSPF NSSA external type 1, N2 OSPF NSSA external type 2E1 OSPF external type 1, E2 OSPF external type 2, E EGPi ISIS, L1 ISIS level1, L2 ISIS level2, ia ISIS inter area* candidate default, U per
48、user static route, o ODRGateway of last resort is not setC 200.0.4.0/24 is directly connected, Loopback101B 200.0.6.0/24 200/0 via 10.10.10.6, 05:10:11B 200.1.6.0/24 200/0 via 10.10.10.6, 04:48:11Pescara#show ip route vrf Customer_BCodes: C connected, S static, I IGRP, R RIP, M mobile, B BGPD EIGRP, EX EIGRP externa
