End-to-End MPLS L3VPN Lab with MP-BGP
- Underlay IGP
Objective: ensure every PE and P node learns the 32-bit loopback of every other PE/P.
! PE-A
router ospf 1
router-id 10.0.0.1
network 10.0.0.1 0.0.0.0 area 0
network 100.1.1.0 0.0.0.3 area 0
! P
router ospf 1
router-id 10.0.0.3
network 10.0.0.3 0.0.0.0 area 0
network 100.1.1.0 0.0.0.3 area 0
network 100.1.2.0 0.0.0.3 area 0
! PE-B
router ospf 1
router-id 10.0.0.2
network 10.0.0.2 0.0.0.0 area 0
network 100.1.2.0 0.0.0.3 area 0
Verify adjacencies:
PE-A# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
10.0.0.3 1 FULL/DR 00:00:37 100.1.1.2 Gi0/0
- Enable MPLS & LDP
Global:
mpls label protocol ldp
mpls ldp router-id Loopback0 force
On every core-facing interface:
interface GigabitEthernet0/0
mpls ip
Check LDP sessions:
PE-A# show mpls ldp neighbor
Peer LDP Ident: 10.0.0.3:0; Local LDP Ident 10.0.0.1:0
TCP connection: 10.0.0.3.646 - 10.0.0.1.11052
State: Oper; Msgs sent/rcvd: 42/42
- Create VRFs
Design RD/RT to keep VPN-A and VPN-B separate while alloiwng sites of the same VPN too talk.
! PE-A
ip vrf VPN-A
rd 65000:1001
route-target export 65000:1001
route-target import 65000:1001
!
ip vrf VPN-B
rd 65000:1002
route-target export 65000:1002
route-target import 65000:1002
! PE-B (mirror image)
ip vrf VPN-A
rd 65000:1001
route-target export 65000:1001
route-target import 65000:1001
!
ip vrf VPN-B
rd 65000:1002
route-target export 65000:1002
route-target import 65000:1002
- Attach Customer Links
! PE-A
interface Gi0/1
ip vrf forwarding VPN-A
ip address 192.168.11.1 255.255.255.252
!
interface Gi0/2
ip vrf forwarding VPN-B
ip address 192.168.12.1 255.255.255.252
! PE-B
interface Gi0/1
ip vrf forwarding VPN-A
ip address 192.168.21.1 255.255.255.252
!
interface Gi0/2
ip vrf forwarding VPN-B
ip address 192.168.22.1 255.255.255.252
- PE-CE Routing
Use OSPF multi-instance; each VRF runs its own process.
! PE-A
router ospf 101 vrf VPN-A
network 192.168.11.0 0.0.0.3 area 0
!
router ospf 102 vrf VPN-B
network 192.168.12.0 0.0.0.3 area 0
! CE-A1 (VPN-A)
router ospf 101
network 192.168.11.0 0.0.0.3 area 0
network 10.1.1.0 0.0.0.255 area 0
Repeat symmetrically for PE-B and its CEs.
- MP-BGP Between PEs
! PE-A
router bgp 65000
neighbor 10.0.0.2 remote-as 65000
neighbor 10.0.0.2 update-source Loopback0
!
address-family vpnv4
neighbor 10.0.0.2 activate
neighbor 10.0.0.2 send-community both
exit-address-family
! PE-B (mirror)
router bgp 65000
neighbor 10.0.0.1 remote-as 65000
neighbor 10.0.0.1 update-source Loopback0
!
address-family vpnv4
neighbor 10.0.0.1 activate
neighbor 10.0.0.1 send-community both
exit-address-family
Confirm:
PE-A# show bgp vpnv4 unicast all summary
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.0.0.2 4 65000 105 108 152 0 0 01:33:20 4
- Route Redistribution
! PE-A
router bgp 65000
address-family ipv4 vrf VPN-A
redistribute ospf 101 match internal external
!
address-family ipv4 vrf VPN-B
redistribute ospf 102 match internal external
!
router ospf 101 vrf VPN-A
redistribute bgp 65000 subnets
!
router ospf 102 vrf VPN-B
redistribute bgp 65000 subnets
Mirror the same on PE-B.
- Verification
On CE-A1 check routes:
CE-A1# show ip route | include 10.2.1.0
O E2 10.2.1.0/24 [110/1] via 192.168.11.1, 00:05:21, GigabitEthernet0/0
Reachability test:
CE-A1# ping 10.2.1.100 source 10.1.1.100
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/6 ms
Repeat for VPN-B to confirm isolation and correct forawrding.
