Sometimes its so hard to simply find the time to do what I promised. I hope this will spur up some conversation. I still stress that you should always try to do the lab without my help first. This will ensure you learn how to do it properly. Also remember that there are always multiple ways to do certain labs, so don’t take my solution as gospel.
This solution is for the lab I posted here: http://mellowd.co.uk/ccie/?p=527
- CPE1 and CPE5 belong to Customer1
- CPE2 and CPE6 belong to Customer2
- Both customers are running OSPF as their IGP’s
- The loopbacks as shown in the topology must be advertised into OSPF. Cutomer1 should be able to ping all loopbacks in their networks and Customer2 should be able to ping everything in theirs.
- Both customers are now running a project together, and need 2 of their offices connected. CPE1 from Customer1 should be able to communicate with CPE6 from Customer2 and vice-versa
- It’s essential that CPE2 and CPE5 are NOT able to get to all loopbacks. ONLY CPE1 and CPE6 should be able to communicate with each other. This new configuration should not break the previous VPN’s in place
- Do this without using any ACL’s, Prefix-lists, Route-maps or the like
We start by doing a regular MPLS VPN config – The same for which we did for the first MPLS VPN lab. All the MPLS-specific config is here:
CPE1
interface Loopback0 ip address 192.168.1.1 255.255.255.0 ! interface FastEthernet0/0 ip address 10.1.1.1 255.255.255.0 duplex auto speed auto ! router ospf 1 log-adjacency-changes network 10.1.1.0 0.0.0.255 area 0 network 192.168.1.0 0.0.0.255 area 0
CPE2:
interface Loopback0 ip address 172.16.1.1 255.255.255.0 ! interface FastEthernet0/0 ip address 10.1.2.1 255.255.255.0 duplex auto speed auto ! router ospf 1 log-adjacency-changes network 10.1.2.0 0.0.0.255 area 0 network 172.16.1.0 0.0.0.255 area 0
CPE5:
interface Loopback0 ip address 192.168.2.1 255.255.255.0 ! interface FastEthernet0/0 ip address 10.1.3.1 255.255.255.0 duplex auto speed auto ! router ospf 1 log-adjacency-changes network 10.1.3.0 0.0.0.255 area 0 network 192.168.2.0 0.0.0.255 area 0
CPE6:
interface Loopback0 ip address 172.16.2.1 255.255.255.0 ! interface FastEthernet0/0 ip address 10.1.4.1 255.255.255.0 duplex auto speed auto ! router ospf 1 log-adjacency-changes network 10.1.4.0 0.0.0.255 area 0 network 172.16.2.0 0.0.0.255 area 0
Now for the 2 AR Routers:
ip cef ip vrf CUS1 rd 400:1 route-target export 400:1 route-target import 400:1 ip vrf CUS2 rd 400:2 route-target export 400:2 route-target import 400:2 interface FastEthernet0/0 ip vrf forwarding CUS1 ip address 10.1.1.2 255.255.255.0 interface FastEthernet2/0 ip vrf forwarding CUS2 ip address 10.1.2.2 255.255.255.0 router ospf 2 vrf CUS1 redistribute bgp 400 metric 10 subnets network 10.1.1.0 0.0.0.255 area 0 router ospf 3 vrf CUS2 redistribute bgp 400 metric 10 subnets network 10.1.2.0 0.0.0.255 area 0 router bgp 400 bgp log-neighbor-changes neighbor 10.255.255.7 remote-as 400 neighbor 10.255.255.7 update-source Loopback0 address-family vpnv4 neighbor 10.255.255.7 activate neighbor 10.255.255.7 send-community extended address-family ipv4 vrf CUS2 redistribute ospf 3 vrf CUS2 metric 10 no synchronization address-family ipv4 vrf CUS1 redistribute ospf 2 vrf CUS1 metric 10 no synchronization
A similar config is on AR3. (I’m not going to post it here otherwise this post will just get to big)
Let’s now concentrate on CPE1. The initial requirements were to allow CPE1 and CPE5 to speak to each other. Currently CPE1 has the following routing table:
CPE1#sh ip route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 2 subnets
O IA 10.1.3.0 [110/11] via 10.1.1.2, 00:01:20, FastEthernet0/0
C 10.1.1.0 is directly connected, FastEthernet0/0
C 192.168.1.0/24 is directly connected, Loopback0
192.168.2.0/32 is subnetted, 1 subnets
O IA 192.168.2.1 [110/11] via 10.1.1.2, 00:01:20, FastEthernet0/0
Can CPE1 ping the loopback subnet on CPE5? It sure can!
CPE1#ping 192.168.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 80/112/156 ms
Can CPE1 ping CPE6? No it can’t (as expected at this point)
CPE1#ping 172.16.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5)
We are now told that we need CPE1 and CPE6 to be able to speak to each other for a project. CPE2 and CPE5 need to be left out of this completely. We need to do this without using any ACL’s or the like.
There is a simple way of doing this. It’s called Extranet MPLS VPN. In the configuration above, each customer is given a route target. We can create a third route-target and have both CPE1 and CPE6 join that third route-target. We then simply don’t add CPE2 and CPE6 to that same route-target.
Let’s add it on AR1 and AR3:
AR1(config)#ip vrf CUS1 AR1(config-vrf)#route-target both 400:100
AR3(config)#ip vrf CUS2 AR3(config-vrf)#route-target both 400:100
If I now check the routing table on CPE1 I see the following:
CPE1#sh ip route
Gateway of last resort is not set
172.16.0.0/32 is subnetted, 1 subnets
O E2 172.16.2.1 [110/10] via 10.1.1.2, 00:00:21, FastEthernet0/0
10.0.0.0/24 is subnetted, 3 subnets
O IA 10.1.3.0 [110/11] via 10.1.1.2, 00:08:41, FastEthernet0/0
C 10.1.1.0 is directly connected, FastEthernet0/0
O E2 10.1.4.0 [110/10] via 10.1.1.2, 00:00:21, FastEthernet0/0
C 192.168.1.0/24 is directly connected, Loopback0
192.168.2.0/32 is subnetted, 1 subnets
O IA 192.168.2.1 [110/11] via 10.1.1.2, 00:08:41, FastEthernet0/0
Can CPE1 now ping CPE6′s loopback subnet?
CPE1#ping 172.16.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 44/69/92 ms
It works :) – We now need to be sure that CPE2 and CPE5 still cannot see any of this.
CPE2#sh ip route
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.1.0/24 is directly connected, Loopback0
O IA 172.16.2.1/32 [110/11] via 10.1.2.2, 22:04:42, FastEthernet0/0
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.2.0 is directly connected, FastEthernet0/0
O IA 10.1.4.0 [110/11] via 10.1.2.2, 22:05:56, FastEthernet0/0
As expected, it cannot ping anywhere in Customer1′s network:
CPE2#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) CPE2#ping 192.168.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5)
Job done. :D
What is ARP and how does it actually work? I’m surprised at the amount of people who don’t know exactly what it does and how important it is.
To illustrate, I’m going to use this extremely simple network:
Both of these systems are really just connected to a home router. Remember that these ports are really just switched ports. The only time they traverse a layer3 port is when they are sending traffic outside the local LAN.
ARP is the Address Resolution Protocol. Essentially all it does is resolve a logical IP address to a physical Hardware (MAC) address.
In the above diagram, if 10.20.30.108 wants to send traffic to 10.20.30.4, it will move down the IOS layers. It will eventually get down to layer2. The layer2 header needs to have both a source and a destination MAC address. 10.20.30.108 has the layer3 address already, but not layer2. This is where ARP comes into the picture.
10.20.30.108 will send a broadcast out onto the lan asking that whoever holds 10.20.30.4 respond with it’s MAC address (In that broadcast it’ll let everyone know what the MAC address of 10.20.30.108 is – so they can reply). When 10.20.30.4 get’s that broadcast, it’ll respond with it’s OWN MAC address with a unicast.
Once 10.20.30.108 has received 10.20.30.4′s MAC address, it will add that mapping to it’s own local ARP cache. As long as that value is in the cache, it’ll know exactly how and where to send traffic bound for 10.20.30.4
As an example, I’ve run the above through wireshark to see exactly what is happening (Click the image to see the full request and response):
The first ARP packet was a broadcast to the local lan asking for the owner of the 10.20.30.4 address. It also asks to respond to 10.20.30.108 (this ARP request also contains 10.20.30.108′s own MAC address) – The second packet is a simple unicast back to 10.20.30.108 letting it know that 10.20.30.4′s MAC address is 00:11:32:06:0c:8a
This can be verified as follows:
C:\Windows\system32>arp -a Interface: 10.20.30.108 --- 0xb Internet Address Physical Address Type 10.20.30.4 00-11-32-06-0c-8a dynamic
ARP is one of the fundamental parts of TCP/IP – Make sure you know it :)
STP works extremely well, but you lose operational links with it. i.e. you lose bandwidth. There are also quite a few other problems with STP (convergence speed being 1 of them)
TRILL seems to be the new technology coming in to resolve this. I’ve gone through the RFC: http://tools.ietf.org/html/rfc5556 and it looks pretty awesome stuff. I particularly like the following:
3.2. Zero Configuration and Zero Assumption
Both bridges and hubs are zero configuration devices; hubs having no
configuration at all, and bridges being automatically self-
configured. Bridges are further zero-assumption devices, unlike
hubs. Bridges can be interconnected in arbitrary topologies, without
regard for cycles or even self-attachment. Spanning tree protocols
(STPs) remove the impact of cycles automatically, and port
autolearning reduces unnecessary broadcast of unicast traffic.A TRILL solution should strive to have a similar zero-configuration,
zero-assumption operation. This includes having TRILL solution
components automatically discover other TRILL solution components and
organize themselves, as well as to configure that organization for
proper operation (plug-and-play). It also includes zero-
configuration backward compatibility with existing bridges and hubs,
which may include interacting with some of the bridge protocols, such
as spanning tree.VLANs add a caveat to zero configuration; a TRILL solution should
support automatic use of a default VLAN (like non-VLAN bridges), but
would undoubtedly require explicit configuration for VLANs where
bridges require such configuration.Autoconfiguration extends to optional services, such as multicast
support via Internet Group Management Protocol (IGMP) snooping,
broadcast support via serial copy, and support of multiple VLANs.
and
3.4. Spanning Tree Management
In order to address convergence under reconfiguration and robustness
to link interruption (Section 2.2), participation in the spanning
tree (STP) must be carefully managed. The goal is to provide the
desired stability of the TRILL solution and of the entire Ethernet
link subnet, which may include bridges using STP. This may involve a
TRILL solution participating in the STP, where the protocol used for
TRILL might dampen interactions with STP, or it may involve severing
the STP into separate STPs on ‘stub’ external Ethernet link subnet
segments.A requirement is that a TRILL solution must not require modifications
or exceptions to the existing spanning tree protocols (e.g., STP,
RSTP (Rapid Spanning Tree Protocol), MSTP (Multiple Spanning Tree
Protocol)).
Basically, even though TRILL sounds complicated, it very well could be plug and play (well about as plug and play as current STP mind you)
As promised, I’ll now start writing up solutions to my previously posted labs. I hope this will spur up some conversation. I still stress that you should always try to do the lab without my help first. This will ensure you learn how to do it properly. Also remember that there are always multiple ways to do certain labs, so don’t take my solution as gospel.
I’ll be walking through my first MPLS lab which was originally posted over here: http://mellowd.co.uk/ccie/?p=518
- Use RIP as the routing protocol on CPE devices
- CPE1 and CPE5 belong to Company_A
- CPE2 and CPE6 belong to Company_B
- Each site has a /24 that is advertised via the loopback
- CPE1 should be able to ping CPE5’s loopback and vice-versa
- CPE2 should be able to ping CPE6’s loopback and vice-versa
- Different companies should NOT be able to ping each other. They must stay completely separate
- Now remove RIP and configure it so that both companies are using OSPF
- Once complete, remove the OSPF config and use EIGRP
The first part is very easy. As far as the config on the CPE goes, it’s standard. The CPE devices don’t know, or care, that the ISP is running MPLS. As an example, I’ve posted the relevent config from CPE6:
interface Loopback0 ip address 172.16.2.1 255.255.255.0 ! interface FastEthernet0/0 ip address 10.1.4.1 255.255.255.0 duplex auto speed auto ! router rip version 2 network 10.0.0.0 network 172.16.0.0 no auto-summary
The actual core routers also have a very simple configuration. This has already been setup in my provided configuration files. All thats needed is a IGP running correctly; CEF to be enabled; and then MPLS IP to be enabled on all links going to MPLS routers. As an example, I’ll show a bit of the configuration on CR1:
ip cef ! interface FastEthernet0/0 ip address 10.0.0.5 255.255.255.252 duplex auto speed auto mpls ip ! interface Serial1/0 ip address 10.3.0.1 255.255.255.252 mpls ip serial restart-delay 0 ! router ospf 1 log-adjacency-changes network 10.0.0.0 0.0.0.3 area 0 network 10.0.0.4 0.0.0.3 area 0 network 10.2.0.0 0.0.0.3 area 0 network 10.3.0.0 0.0.0.3 area 0 network 10.255.255.2 0.0.0.0 area 0
The real meat of the configuration comes in on the AR routers. i.e. the edge MPLS routers that the CPE devices connect to. These are the routers which needs to hold the customer routing tables, as well as keeping customer networks separate from each other.
The first thing that needs to be done is to configure the VRF’s on each AR router that will connect. I’ll use the vrf name of CUS1 for the first customer and CUS2 for the second.
For the first customer:
AR1#(config)ip vrf CUS1 AR1#(config)rd 400:1 AR1#(config)route-target both 400:1
And now the second:
AR1#(config)ip vrf CUS2 AR1#(config)rd 400:2 AR1#(config)route-target both 400:2
We now need to setup the interfaces that the CPE devices will connect to:
AR1#interface FastEthernet0/0 AR1#ip vrf forwarding CUS1 AR1#ip address 10.1.1.2 255.255.255.0 AR1#interface FastEthernet2/0 AR1#ip vrf forwarding CUS2 AR1#ip address 10.1.2.2 255.255.255.0
Now it’s time to set up the routing protocol between the ISP vrf and the customer device. We are using RIP for this lab, so the configuration will be as follows for both customers:
AR1#router rip AR1#version 2 AR1#no auto-summary AR1#address-family ipv4 vrf CUS2 AR1#redistribute bgp 400 metric 10 AR1#network 10.0.0.0 AR1#no auto-summary AR1#version 2 AR1#address-family ipv4 vrf CUS1 AR1#redistribute bgp 400 metric 10 AR1#network 10.0.0.0 AR1#no auto-summary AR1#version 2
You can see in the above commands that we are redistributing BGP even though we haven’t configured BGP yet. Don’t worry, that step is next.
MPLS used MP-BGP for the MPLS VPN feature. i.e. it uses MP-BGP to distribute routes via each customers VRF, through the core, and then out the other side.
The first part of the MP-BGP configuration is a simple iBGP config. AR1′s configuration is below:
AR1#router bgp 400 AR1#neighbor 10.255.255.7 remote-as 400 AR1#neighbor 10.255.255.7 update-source Loopback0 AR1#no auto-summary
The second part of the MP-BGP configuration is to enable the vpnv4 part of BGP:
AR1#address-family vpnv4 AR1#neighbor 10.255.255.7 activate AR1#neighbor 10.255.255.7 send-community extended
The final part is to set up the actual VRF part for each customer, and enable redistribution of RIP routes learned earlier:
AR1#address-family ipv4 vrf CUS2 AR1#redistribute rip metric 10 ! AR1#address-family ipv4 vrf CUS1 AR1#redistribute rip metric 10
To have a quick recap, this is the MPLS specific configuration now on AR1:
ip cef ! ip vrf CUS1 rd 400:1 route-target export 400:1 route-target import 400:1 ! ip vrf CUS2 rd 400:2 route-target export 400:2 route-target import 400:2 ! ! interface FastEthernet0/0 ip vrf forwarding CUS1 ip address 10.1.1.2 255.255.255.0 duplex auto speed auto ! interface FastEthernet2/0 ip vrf forwarding CUS2 ip address 10.1.2.2 255.255.255.0 duplex auto speed auto ! router rip version 2 no auto-summary ! address-family ipv4 vrf CUS2 redistribute bgp 400 metric 10 network 10.0.0.0 no auto-summary version 2 exit-address-family ! address-family ipv4 vrf CUS1 redistribute bgp 400 metric 10 network 10.0.0.0 no auto-summary version 2 exit-address-family ! router bgp 400 no synchronization bgp log-neighbor-changes neighbor 10.255.255.7 remote-as 400 neighbor 10.255.255.7 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 10.255.255.7 activate neighbor 10.255.255.7 send-community extended exit-address-family ! address-family ipv4 vrf CUS2 redistribute rip metric 10 no synchronization exit-address-family ! address-family ipv4 vrf CUS1 redistribute rip metric 10 no synchronization exit-address-family
A similar configuration will of course need to be done on AR3.
Once done, we should be able to log onto CPE6 and ensure that it has CPE2′s networks. We should also see that it has NO access to CPE1 and CPE5′s networks. This is exactly what we see:
CPE6#sh ip route
Gateway of last resort is not set
172.16.0.0/24 is subnetted, 2 subnets
R 172.16.1.0 [120/10] via 10.1.4.2, 00:00:19, FastEthernet0/0
C 172.16.2.0 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 2 subnets
R 10.1.2.0 [120/10] via 10.1.4.2, 00:00:19, FastEthernet0/0
C 10.1.4.0 is directly connected, FastEthernet0/0
Can we ping CPE2′s loopback? We sure can:
CPE6#ping 172.16.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/60/92 ms
Can we ping CPE1′s loopback? No we cannot!
CPE6#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: ..... Success rate is 0 percent (0/5)
If we run a traceroute to CPE2′s loopback, we can see it going through the MPLS core:
CPE6#trace 172.16.1.1 Type escape sequence to abort. Tracing the route to 172.16.1.1 1 10.1.4.2 8 msec 0 msec 20 msec 2 10.8.0.1 [MPLS: Labels 28/38 Exp 0] 44 msec 68 msec 84 msec 3 10.1.2.2 [MPLS: Label 38 Exp 0] 60 msec 48 msec 28 msec 4 10.1.2.1 112 msec * 44 msec CPE6#
Lab done. If there are any questions, please let me know! :)
The diagram is the same as my last VPN Lab. Also it uses my MPLs topology found over here: http://mellowd.co.uk/ccie/?p=522
This is the topology for this lab (click for a bigger image):
- Customer1 and Customer 2 both have MPLS vpn’s through the ISP core.
- Customer1 is using OSPF and Customer2 is using EIGRP
- Customers should have no access to each others networks
- Customers should be able to reach all their sites from all their sites
- The ISP wants to monitor the CPE routers via their monitoring server. Create another loopback on each CPE router and give them all a /32 loopback in the 172.16.1.1/24 range – i.e. 172.16.1.1/32 for CPE1, 172.16.1.2/32 for CPE2 and so on
- Ensure the monitoring router can get to all these /32 routes (and ONLY these /32 routes) – It should not know about any customer routes – CPE routers should only see their OWN loopbacks in the routing table
- Now enable CPE3 and CPE6 to see each others subnets. All other CPE routers should see no change in their routing tables
This lab will test a Central Services MPLS VPN.
The diagram is the same as my last VPN Lab. Also it uses my MPLs topology found over here: http://mellowd.co.uk/ccie/?p=522
This is the topology for this lab (click for a bigger image):
- Customer1 and Customer 2 both have MPLS vpn’s through the ISP core.
- Customer1 is using OSPF and Customer2 is using EIGRP
- Customers should have no access to each others networks
- Customers should be able to reach all their sites from all their sites
- The ISP is now providing a mail relay for it’s customers to use. Ensure that all customers can get to the 10.200.1.1/24 subnet through their vpn’s, but they must still be seperated from each other.
Sometimes you log onto a switch remotely and need to know what kind of optical interface the switches actually have plugged in. It’s pretty simple:
Switch#show interface gi1/0/25 capabilities GigabitEthernet1/0/25 Model: WS-C3750G-24TS Type: 1000BaseLX SFP Speed: 1000 Duplex: full Trunk encap. type: 802.1Q,ISL Trunk mode: on,off,desirable,nonegotiate Channel: yes Broadcast suppression: percentage(0-100) Flowcontrol: rx-(off,on,desired),tx-(none) Fast Start: yes QoS scheduling: rx-(not configurable on per port basis), tx-(4q3t) (3t: Two configurable values and one fixed.) CoS rewrite: yes ToS rewrite: yes UDLD: yes Inline power: no SPAN: source/destination PortSecure: yes Dot1x: yes
The most important things here is that you can see I have a 1000BaseLX SFP installed.
This VPN lab will test intranet and extranet MPLS VPN’s.
The diagram is the same as my last VPN Lab. Also it uses my MPLs topology found over here: http://mellowd.co.uk/ccie/?p=522
This is the lab topology again:
- CPE1 and CPE5 belong to Customer1
- CPE2 and CPE6 belong to Customer2
- Both customers are running OSPF as their IGP’s
- The loopbacks as shown in the topology must be advertised into OSPF. Cutomer1 should be able to ping all loopbacks in their networks and Customer2 should be able to ping everything in theirs.
- Both customers are now running a project together, and need 2 of their offices connected. CPE1 from Customer1 should be able to communicate with CPE6 from Customer2 and vice-versa
- It’s essential that CPE2 and CPE5 are NOT able to get to all loopbacks. ONLY CPE1 and CPE6 should be able to communicate with each other. This new configuration should not break the previous VPN’s in place
- Do this without using any ACL’s, Prefix-lists, Route-maps or the like
Hopefully this will be my final tweak. This time I’ve added base configs to the CPE devices. It just gives them a hostname and ensures there is no timeout. This prevents you from having to keep logging back in.
Image-wise, it’s the same. Click for the larger image:
This is the .net file contents:
#MPLS 1.0 Topology created by Darren O'Connor 22/02/10 #MPLS 1.1 created 23/02/10 #MPLS 1.2 created 24/02/10 #www.mellowd.co.uk/ccie #Feel free to use and change as you see fit. However if you do use please leave my details here at the top [localhost:7200] workingdir = /data/dynamips/working [[3640]] image = /data/dynamips/IOS_Images/3640/c3640-js-mz.124-25c.UNCOMPRESSED.bin ram = 128 disk0 = 0 disk1 = 0 mmap = true ghostios = true ########################### # # # Mpls Topology 1.2 # # # ########################### [[Router CR1]] model = 3640 console = 2001 autostart = true idlepc = 0x605105b8 slot0 = NM-1FE-TX slot1 = NM-4T slot2 = NM-1FE-TX s1/0 = AR1 s1/0 s1/2 = AR3 s1/2 Fa0/0 = CR3 Fa0/0 Fa2/0 = CR2 Fa2/0 cnfg = /data/dynamips/Topology/Topology_Config/mpls/CR1.cfg [[Router CR2]] model = 3640 console = 2002 autostart = true idlepc = 0x605105b8 slot0 = NM-1FE-TX slot1 = NM-4T slot2 = NM-1FE-TX s1/0 = AR2 s1/0 s1/2 = AR1 s1/2 Fa0/0 = CR4 Fa0/0 cnfg = /data/dynamips/Topology/Topology_Config/mpls/CR2.cfg [[Router CR3]] model = 3640 console = 2003 autostart = true idlepc = 0x605105b8 slot0 = NM-1FE-TX slot1 = NM-4T slot2 = NM-1FE-TX Fa2/0 = CR4 Fa2/0 s1/0 = AR3 s1/0 s1/1 = GR1 s1/1 s1/2 = AR4 s1/2 cnfg = /data/dynamips/Topology/Topology_Config/mpls/CR3.cfg [[Router CR4]] model = 3640 console = 2004 autostart = true idlepc = 0x605105b8 slot0 = NM-1FE-TX slot1 = NM-4T slot2 = NM-1FE-TX s1/0 = AR4 s1/0 s1/2 = AR2 s1/2 cnfg = /data/dynamips/Topology/Topology_Config/mpls/CR4.cfg [[Router AR1]] model = 3640 console = 2005 autostart = true idlepc = 0x605105b8 slot0 = NM-1FE-TX slot1 = NM-4T slot2 = NM-1FE-TX Fa0/0 = CPE1 Fa0/0 Fa2/0 = CPE2 Fa0/0 cnfg = /data/dynamips/Topology/Topology_Config/mpls/AR1.cfg [[Router AR2]] model = 3640 console = 2006 autostart = true idlepc = 0x605105b8 slot0 = NM-1FE-TX slot1 = NM-4T slot2 = NM-1FE-TX Fa0/0 = CPE4 Fa0/0 Fa2/0 = CPE3 Fa0/0 cnfg = /data/dynamips/Topology/Topology_Config/mpls/AR2.cfg [[Router AR3]] model = 3640 console = 2007 autostart = true idlepc = 0x605105b8 slot0 = NM-1FE-TX slot1 = NM-4T slot2 = NM-1FE-TX Fa0/0 = CPE5 Fa0/0 Fa2/0 = CPE6 Fa0/0 cnfg = /data/dynamips/Topology/Topology_Config/mpls/AR3.cfg [[Router AR4]] model = 3640 console = 2008 autostart = true idlepc = 0x605105b8 slot0 = NM-1FE-TX slot1 = NM-4T slot2 = NM-1FE-TX Fa0/0 = CPE8 Fa0/0 Fa2/0 = CPE7 Fa0/0 cnfg = /data/dynamips/Topology/Topology_Config/mpls/AR4.cfg [[Router CPE1]] model = 3640 console = 2009 autostart = false idlepc = 0x605105b8 slot0 = NM-1FE-TX cnfg = /data/dynamips/Topology/Topology_Config/mpls/CPE1.cfg [[Router CPE2]] model = 3640 console = 2010 autostart = false idlepc = 0x605105b8 slot0 = NM-1FE-TX cnfg = /data/dynamips/Topology/Topology_Config/mpls/CPE2.cfg [[Router CPE3]] model = 3640 console = 2011 autostart = false idlepc = 0x605105b8 slot0 = NM-1FE-TX cnfg = /data/dynamips/Topology/Topology_Config/mpls/CPE3.cfg [[Router CPE4]] model = 3640 console = 2012 autostart = false idlepc = 0x605105b8 slot0 = NM-1FE-TX cnfg = /data/dynamips/Topology/Topology_Config/mpls/CPE4.cfg [[Router CPE5]] model = 3640 console = 2013 autostart = false idlepc = 0x605105b8 slot0 = NM-1FE-TX cnfg = /data/dynamips/Topology/Topology_Config/mpls/CPE5.cfg [[Router CPE6]] model = 3640 console = 2014 autostart = false idlepc = 0x605105b8 slot0 = NM-1FE-TX cnfg = /data/dynamips/Topology/Topology_Config/mpls/CPE6.cfg [[Router CPE7]] model = 3640 console = 2021 autostart = false idlepc = 0x605105b8 slot0 = NM-1FE-TX cnfg = /data/dynamips/Topology/Topology_Config/mpls/CPE7.cfg [[Router CPE8]] model = 3640 console = 2022 autostart = false idlepc = 0x605105b8 slot0 = NM-1FE-TX cnfg = /data/dynamips/Topology/Topology_Config/mpls/CPE8.cfg [[Router GR1]] model = 3640 console = 2023 autostart = true idlepc = 0x605105b8 slot0 = NM-1FE-TX slot1 = NM-4T Fa0/0 = ISP2 Fa0/0 cnfg = /data/dynamips/Topology/Topology_Config/mpls/GR1.cfg [[Router ISP2]] model = 3640 console = 2024 autostart = false idlepc = 0x605105b8 slot0 = NM-1FE-TX cnfg = /data/dynamips/Topology/Topology_Config/mpls/ISP2.cfg
And here are the updated config files: http://mellowd.co.uk/ccie/wp-content/uploads/2010/02/mpls.tar2.gz
There was a big error in the topology I put up yesterday. Even though it looked like ldp was running, the actual ldp neighbour relationships were not up. This is why when I later tested, no customer traffic went across the core.
I’ve now given each of the core routers and the access routers a loopback address in the 10.255.255.0/24 range (Each has a /32 in this range) This is advertised into OSPF. This ensures all routers have a route to all loopbacks. I then forced MPLS to use the loopback address for the ldp neighbour relationship.
Image-wise, it’s the same. Click for the larger image:
This is the.net file contents:
#MPLS 1.0 Topology created by Darren O'Connor 22/02/10 #MPLS 1.1 Topology created by Darren O'Connor 23/02/10 #www.mellowd.co.uk/ccie #Feel free to use and change as you see fit. However if you do use please leave my details here at the top [localhost:7200] workingdir = /data/dynamips/working [[3640]] image = /data/dynamips/IOS_Images/3640/c3640-jk9o3s-mz.124-5a.UNCOMPRESSED.bin ram = 128 disk0 = 0 disk1 = 0 mmap = true ghostios = true ########################### # # # Mpls Topology # # # ########################### [[Router CR1]] model = 3640 console = 2001 autostart = true idlepc = 0x60610428 slot0 = NM-1FE-TX slot1 = NM-4T slot2 = NM-1FE-TX s1/0 = AR1 s1/0 s1/2 = AR3 s1/2 Fa0/0 = CR3 Fa0/0 Fa2/0 = CR2 Fa2/0 cnfg = /data/dynamips/Topology/Topology_Config/mpls/CR1.cfg [[Router CR2]] model = 3640 console = 2002 autostart = true idlepc = 0x60610428 slot0 = NM-1FE-TX slot1 = NM-4T slot2 = NM-1FE-TX s1/0 = AR2 s1/0 s1/2 = AR1 s1/2 Fa0/0 = CR4 Fa0/0 cnfg = /data/dynamips/Topology/Topology_Config/mpls/CR2.cfg [[Router CR3]] model = 3640 console = 2003 autostart = true idlepc = 0x60610428 slot0 = NM-1FE-TX slot1 = NM-4T slot2 = NM-1FE-TX Fa2/0 = CR4 Fa2/0 s1/0 = AR3 s1/0 s1/1 = GR1 s1/1 s1/2 = AR4 s1/2 cnfg = /data/dynamips/Topology/Topology_Config/mpls/CR3.cfg [[Router CR4]] model = 3640 console = 2004 autostart = true idlepc = 0x60610428 slot0 = NM-1FE-TX slot1 = NM-4T slot2 = NM-1FE-TX s1/0 = AR4 s1/0 s1/2 = AR2 s1/2 cnfg = /data/dynamips/Topology/Topology_Config/mpls/CR4.cfg [[Router AR1]] model = 3640 console = 2005 autostart = true idlepc = 0x60610428 slot0 = NM-1FE-TX slot1 = NM-4T slot2 = NM-1FE-TX Fa0/0 = CPE1 Fa0/0 Fa2/0 = CPE2 Fa0/0 cnfg = /data/dynamips/Topology/Topology_Config/mpls/AR1.cfg [[Router AR2]] model = 3640 console = 2006 autostart = true idlepc = 0x60610428 slot0 = NM-1FE-TX slot1 = NM-4T slot2 = NM-1FE-TX Fa0/0 = CPE4 Fa0/0 Fa2/0 = CPE3 Fa0/0 cnfg = /data/dynamips/Topology/Topology_Config/mpls/AR2.cfg [[Router AR3]] model = 3640 console = 2007 autostart = true idlepc = 0x60610428 slot0 = NM-1FE-TX slot1 = NM-4T slot2 = NM-1FE-TX Fa0/0 = CPE5 Fa0/0 Fa2/0 = CPE6 Fa0/0 cnfg = /data/dynamips/Topology/Topology_Config/mpls/AR3.cfg [[Router AR4]] model = 3640 console = 2008 autostart = true idlepc = 0x60610428 slot0 = NM-1FE-TX slot1 = NM-4T slot2 = NM-1FE-TX Fa0/0 = CPE8 Fa0/0 Fa2/0 = CPE7 Fa0/0 cnfg = /data/dynamips/Topology/Topology_Config/mpls/AR4.cfg [[Router CPE1]] model = 3640 console = 2009 autostart = false idlepc = 0x60610428 slot0 = NM-1FE-TX [[Router CPE2]] model = 3640 console = 2010 autostart = false idlepc = 0x60610428 slot0 = NM-1FE-TX [[Router CPE3]] model = 3640 console = 2011 autostart = false idlepc = 0x60610428 slot0 = NM-1FE-TX [[Router CPE4]] model = 3640 console = 2012 autostart = false idlepc = 0x60610428 slot0 = NM-1FE-TX [[Router CPE5]] model = 3640 console = 2013 autostart = false idlepc = 0x60610428 slot0 = NM-1FE-TX [[Router CPE6]] model = 3640 console = 2014 autostart = false idlepc = 0x60610428 slot0 = NM-1FE-TX [[Router CPE7]] model = 3640 console = 2021 autostart = false idlepc = 0x60610428 slot0 = NM-1FE-TX [[Router CPE8]] model = 3640 console = 2022 autostart = false idlepc = 0x60610428 slot0 = NM-1FE-TX [[Router GR1]] model = 3640 console = 2023 autostart = true idlepc = 0x60610428 slot0 = NM-1FE-TX slot1 = NM-4T Fa0/0 = ISP2 Fa0/0 cnfg = /data/dynamips/Topology/Topology_Config/mpls/GR1.cfg [[Router ISP2]] model = 3640 console = 2024 autostart = true idlepc = 0x60610428 slot0 = NM-1FE-TX cnfg = /data/dynamips/Topology/Topology_Config/mpls/ISP2.cfg
Comments