img img
Practice Exams:
View All
  • Home
  • 350-501 SPCOR Cisco CCNP Service Provider – MPLS Layer 3 VPN part 3

350-501 SPCOR Cisco CCNP Service Provider – MPLS Layer 3 VPN part 3

  1. VRF Configuration

Now in this section we’ll see how to configure VRF on the provider edge routers. If you remember in the previous classes we have seen what is the concept of VRF. VRF is a virtual forwarding which is going to differentiate each and every customer. Let’s take an example called a router, a customer router which is blue, red, yellow. Even though they are connecting to the same router, still the provider edge router is going to maintain three separate routing tables in the form of PRF. But to make that possible, you need to create a VRF and you have to assign the interfaces which are connecting to customer into that PRF. And also we need to assign some route distinguisher value and also route target values. So in this section we’ll see how to configure them.

So I got my lab here. So this will be my diagram which I’m going to use again for all my labs here. Router one, router two, router three, router four are acting as my service for core networks and the router one will be my provider edge router. Now in this I got f zero by zero interface which is facing towards the customer will be my interface connecting to router file which is my customer edge router. And I have a LAN interface called five on the site one. And then site two is using six six six here. And I’m going to give the VRF name as a one and then we’ll give the VRF name as a two here. So when it comes to configurations, the configuration, these are the commands which we use for configurations.

So if you are using some low end series routers, especially 36 37 series as a provider edge routers, which is very rare you’ll find and also if you are preparing for CCI routing switching lab exam, probably you’ll be getting into this kind of configurations. So to create the VRF we need to go to config mode and then we have to say Ipvrf and any name for the VRF. So maybe I’m going to give a one as the VRF name. And then the next thing we need to configure route distinguisher value. So I’ll say IP, VRF and name of the VRF. Let’s say a one. And the next thing we need to define Rd value. Maybe I’m using 500 colon one as an Rd value here. And then we had to define route target value import and route target value export, whatever the route target value.

We decided similarly, if you are using some high end routers, probably if you work preparing for your CCI service Ford exam or if service sport a track, most commonly you’ll find these 7000 series routers as your provider edge routers. Or maybe you have some other routers like I was XR. But here we’ll see how to configure them in iOS routers. Now, in case of these routers you have a different kinds of configurations. The VRF will be created with this command VRF definition, ABC or whatever the customer side here. And then we have to define the Rd value and then we have an option called Utters Family IPV Four and we have an option called Utters Family IPV Six. Now these options vary depending upon the requirement.

Like you can have a customer if you are supporting a customer who is using IPV Six over MPLS. Generally, typically we call this as VPN V six configurations or six P six VP. Terminology wise, we use this kind of configuration. So we need to say router and import export. But it has to be defined under the outer family IPV six. So if you are using normal IPV four then we have to configure the same commands route, target, import, router and export whatever the router ID value under the Atlasami IPV Four and the same commands comes under Sami IPV Six if you are using IPV Six on the customer ends. So probably this is something beyond the scope of your CCI routing switching exam.

But definitely if you are preparing for service for the tracks, probably you need to go with this kind of configurations where you will be using your customers might also be using IPV Six and you are providing customers to support IPV Six over MPLS also. Okay, so these are the commands. Right now in this lab, I’m going to show you how to configure on 36 37 routers. So I got a pre configured lab here. If you see the diagram here, I got routers. Router five is my customer router. Router six is also my customer router and router one and router two are my provider edge routers. So as per my requirement. Now as for my task here, I’m going to create a VRF a one which will be on the router one here. Let’s assume that this is my customer a one customer A with site one and maybe this is customer with site two.

And on both the sides I’m going to use the Rd value of 500 colon one and 500 colon one on both the sides. So VRFA one, VRFA two, the Rd value will be 500 colon one and 500 colon one on both the sides. So it’s not mandatory to use the same Rd values, but something recommended to just go with the similar same Rd values on all the sides of the same customer. And then I’m going to use route target value also will be 501 again, but it’s not mandatory to use 501. You can use any other number just to add simplicity. So I’m going to use the same number for route target and route distinguishes. Let us see how to configure. So I have my topology already pre configured here. So I’m getting into my command line here on the router one, router two, router three out of four.

And if you verify here, I already have the neighbor ship. If you see the first steps before we already configured IGP inside the service photo code. And if you see the routing table, I’m already able to learn all the routes the IGP is running already. And also if I verify MPLS LDP inside the service for a core, I already enabled that MPLS and also they are forming the neighbor ship. Now, all the four routers inside the service, four are already enabled with IGP and also LDP inside the service power core. So the third step will be creating the VRF on the router one. So which is my provider edge router. So to create the VRF. So this VRF definition, this command is not supported here because I’m using some 3600 iOS image here.

So if you’re using some 7200 series routers, probably the configuration will be a little bit different. So I’m going to use Ipvrf and name of the VRF. So in my scenario, I’m going to use a Hyphen one will be the name of the VRF and after that we need to configure something called route distinguisher value. We have to define route distinguisher value, which is mandatory. Every VRF should have a unique route distinguisher value. So in my case, and it is locally significant, so I’m going to use 501 route distinguisher and then we have to say route target import or we can say export. What are the routes? I’m going to export all the routes from router one with adding an external community called route Target with a value of 501.

And then if any routes are coming with 501 external community, those routes will be automatically imported into my VRF. So that’s what we say because we want to ensure that whatever the routes coming from site A to automatically, it has to get into this VRF routing table and it should reach router five. Done. So if you see the configurations I created a VRF and define the Rd value and then define the route target values, which route targets values you want to export and import and the same thing I need to do on the router three. Also the command is Ipvrf a two, we can use a one also it’s up to you. I’m going to use same route distribution value and then I’m going to export my values with 500 colon one and import 501. Or you can simply configure both.

Let’s say if you are importing exporting the same number, instead of configuring in two commands, we can configure route target both 500 colon one, which means it’s going to import 501 and export fire at colon one. But the end result will be same. So to verify these configurations, you can use show run section VRF in some of the iOS, even showrun VRF also will work, but here it will not work here in this iOS. So probably you can try that command. Also if you see VRF configurations, all my VRF configurations and there is one more command I can use for verification. Show VRF interfaces. Show Ipvr interfaces. So these commands little bit vary depending upon the iOS versions. Show Ipvr. You can also verify with shui Pvrf. I can see I just have only one VRF as of now on the router three, and the default Rd value will be fine at colon one.

And as of now I don’t have any interface assigned to that VRF. Now there might be some scenarios in mostly here, I don’t have multiple sites here, but there is a possibility that this router is connecting to multiple customers. Let’s say I also have a Vrfp two, VRFC two, something like that. Now, if you want to verify all the VRFs, then this command will be very useful, especially in the production networks where you have multiple customers connecting on the same provider edge router. Now the next step is assigning the interface under the VRF. Now what’s the next step here? The next step is to ensure that whatever the interface which is connecting towards the customer, we need to assign that interface under the VRF, because by default the interface facing towards the customer is in a normal routing table.

And whatever the routes coming from this side will be automatically placed in a global routing table which we don’t want. We want to ensure that whatever the routes received from this customer has to be placed in a separate VRF routing table. And in my scenario, I’m going to use VRFA two on router three and VRFA one on the site one. Okay, let’s configure that. Now before I configure, let’s go to router one and start with router one. Now for verification, if you see show IP route connected, and if you see the interface which is connecting f zero by zero and already I have the IP address one and that interface by default in the global routing table. Now if you do P to C routing automatically, all the routes coming from here will be placed in a global routing table which I don’t want.

So we need to apply this interface in the VRF, and to apply that interface under the VRF, there is a command we need to go to interface f zero by zero. Before I do that, I will copy the IP addresses on the interface. So let me show you. Interface f zero by zero is a command, and then we need to say IP VRF forwarding. And then we need to define the name of the VRF on which VRF we need to apply. So router one has to be applied on VRFA one. Now, this VRF name is case sensitive. Remember that if you’re using capital A, you have to use Always capital A. So it’s a case sensitive. So if you use any other names, if that VRF is not created automatically, it says that particular VRF is not created. So ipvrf a one.

Now, once you apply this interface under the VRF automatically, now what happens is now this interface, the interface which is connecting to customer which is a part of the global routing table. Now it moves into VRF routing table and the name of the VRF we have used is a one. Now automatically whatever the routes coming from this customer will be placed in a separate VRF routing table called a one. Let us verify. And there’s one more thing we need to keep in mind. When you assign any interface in the VRF automatically, it is going to remove the IP address on that interface. If you see here do showrun interface f zero by zero. Now this interface is assigned to the VRF, but it automatically removes the IPRF. This is the default behavior.

Whenever you configure anything on the VRF, it will remove IPV for addresses automatically. Okay, so if you are running IPV six depending upon the VRF configurations, it will also remove IPV six addresses also. So that’s the reason it’s recommended to use this command before we assign, so that whatever the IP address we have, we can simply copy paste on that interface. Okay, so now I have verified once again so this is something the default always it will remove IP addresses from the interface because we are moving this interface from the global routing table into VRF routing table. Now how to verify that? So if you verify show IP route connected. This is global routing table. I should not see f zero by zero interface in the global routing table.

And if you want to verify the VRF routing table, we need to say show IP route VRF and name of the VRF. That’s it. So now this is a software routing table. Now this router is having two routing tables. One is global routing table and the other one is VRF routing table that is a one. Now, similar way if you are connecting multiple sites, let’s say b one C like that you can have multiple different routing tables and each and every routing table is isolated with each other. So anything coming on VRF routing table it will not get into global routing table and anything in the global routing table will not be seen in the VRF routing table. And if you have multiple VRF routing tables, then all are isolated. So this way to verify the same thing I’ll do on the router three also quickly and the interface which is connecting towards the customer is f zero by zero.

And before I assign the interface, I will use shortrun interface f zero by zero command to see what is the IP address I have. So to assign Ipvr forwarding, if you’re using 7200 image of operating systems, probably instead of using Ipvr forwarding, you have to simply use VRF forwarding. So the command is slightly different as per the IBASE. And then what is the VRF name? A two. Now once you apply VRF, it will automatically remove the IP address. We need to assign the ipods on that again. And if you verify show ipvrf interfaces. Now once again, now you can see as of now I just have only one VRF on the router three. And this is the IP address on that interface and as of my desk and this is the interface applied. Now, previously when we are verifying, we don’t find this interface listed.

And if I can show Ipvr without interfaces, you can see now VRF name, what is the Rd value and what is the interface applied to that. So you can have multiple interfaces on the same VRF, but single interface cannot be a part of multiple VRFs. Remember that. Okay, so there’s one more command you can use, show Ipvrf detail. Now this command will give some detailed information about what are the interfaces we applied and what is the Rd value and what are the route target values. We are importing and exporting some detailed information on this. And then finally, if you want to test the connectivity between p two C, because this is something very basic we do, let’s take an example. If a customer says I’m not getting anything, any routes from here and you are the service boarder and you are doing some testing just to ensure that is there any problem with the connectivity or not.

So what we’ll do if we just simply go to router and we just give a command called ping, what’s the command and then whatever the IP address on the connect interface. So in my scenario it is 170 216 15 five, right? Let us do that on the router one. I want to see the connectivity between router one and router file 170 216 15 one is my IPRs. So you can see I’m not able to ping to my local IP. Let me try to the remote IPRs I’m not able to ping. Now, what’s the reason? So you may try some troubleshooting, but there is no problem here because if you see show IP interface brief, the interface is up but you’re not able to ping because whenever you give ping command and if I give this ping command one ping, it’s going to see this particular network in the global routing table.

But in our scenario this interface, the interface which is connecting to customer f zero by zero or 172 dot network is not in the global routing table, it is inside your VRF routing table. So which means if you want to verify the routing table, we need to get into VRF similar way. Anything we want to do, we want to do something like routing or testing, anything you want to do, you need to get into the VRF. So we need to say ping VRF a one one seven to 1615 dot file, that is router file. Now you can see the communication is successful. So remember this very basic thing, because normally what happens is if you don’t understand this, probably you end up doing some lot of troubleshooting and finally don’t get anything.

Because once you apply this interface under the VRF, whatever, the things you want to do, let’s say you want to implement some routing, or you want to do some ping command, or you want to verify this route is coming here or not, anything you do towards the customer, it has to be under the VRF. So if you want to verify the routing table, we need to say show IP, route VRF and name of the VRF. If you want to ping, we need to say ping VRF a one and whatever the IP address. And if you want to implement any routing protocol configurations, we’ll see that in one next step you have to do everything under the VRF. Okay, a similar way, the same thing if I go to router three, show iPad VRF a two, and if you want to test the connectivity, the interface IP is 116 36, I should be able to ping.

You can see it’s successful. So as of now, I don’t see the route from the customer land because we did not confirm any routing, but we just verifying the connectivity. Now, these are the things we need to keep in mind. So let me just quickly revise what we did. Now in this section we already have an IGP running inside the service for core network. And then we also have LDP pre configured inside the service for network. Now, we went to router one and then we have created one VRF and the VRF VRF Rd value finite, colon one. And then we have configured route target import export finite, column one. Now, the same thing we did on the router three, also with a VRF Rd value same and route target value import export finite, column one.

And then the next step we assign the customer facing interface under the VRF. So for testing purpose, you can add some multiple interfaces, assuming that this is customer B two, customer C two, but that is something required later on when you get into some advanced complicated MPLS configuration. But to make it simple, just connect one site on both the site and then we need to ensure that these two can communicate. But for that, we need to have some remaining three steps to configure. So we have configured three steps IGP, LDP and VRF.

  1. MPLS Layer 3 VPN – Static-Default Routing

Now we’ll continue with our MPLS l three VPN configurations. So let me just quickly summarize what we did. In our previous sections, we have configured IGP inside the service four core network using OSP protocol. And the second thing, we have enabled MPLS LDP inside the service four network. And then we also created VRF by using VRF a one on the site one, A two on the site two. And then we have also assigned some Rd values and RT values on both the sides. And then also we have applied the interface under the VRF. So in this step, what we are going to do is we are going to focus on configuring routing between P two C routers. So the first step, you can use any dynamic routing protocol like OSP of EHR, p, BGP, ISS or Rap. But the first thing, this is the first example, so I’ll go with static and default routings.

Let us see how to do that. So I’m going to follow the same diagram here. Now, in my diagram, I have a customer router which is five five, which is my LAN interface. And I want to ensure that this customer network must be able to reach, that is, router one, must be able to reach this customer LAN interface. Now for that, I need to configure routing between these two routers. And in my scenario, I’m going to use static and default combinations on the router file. I’m going to use default routing on the router file towards router one. I’m going to use default routing because unknown destinations on the customer side, we cannot write the static route for each and every each and every customer or each and every site.

So simply, we use default route on the customer end, and on the router one, we are going to use static routing. As I said, we can also use Rap, EHR, POS for more simplified way. But in this section, I’m going to explain you how to use static and default combinations. Now, the same thing I’m going to do on the router six also. So I have a LAN interface six dot six dot six dot six, and on the router six, we are going to configure the default routing. And on the router three, we are going to configure the static routing towards the LAN interface of router six. Okay, let us see how to configure. So I’ll start with my customer routers. I’m going to connect my router file, router six. On the router file, if you verify the initial configurations, I have an interface which is connecting to router one.

And I’m assuming this is my LAN interface loop back zero, it can mean interface. So I want to ensure that I’m going to configure default route on the router five, router six. Okay, IP, and what is the next stop? The next stop is 15 115 one. That is router one. So we are going to configure normal default routing on the router file and on the Router One, which is our provider edge router. So we have to configure static routing, or you can use default routing also. But here we are using static routing specifically for customer land interface. That is five five. So what’s the command we use IP Route Five or 50 if I’m assuming it has a 24 submitted mass and 255-25-5250. And what’s the next stop? The next stop at this is 170 to 1615 five. That is the router file 15 dot five. But if you press Enter here now, what happens? So I’m not going to press Enter because this this command is actually wrong.

Now why it is wrong? Because if you see the command, this command is correct. But if I press Enter here, it is going to place this static route into our global routing table, right into our global routing table. But anything where you do configuration towards the customer, it has to be under the VRF, it’s not into the global routing table. So remember that we used ping under the VRF, anything towards the customer. And also if you are verifying the routing table towards the customer, we have to give a command called Show IP Route connected. Sorry. Show IP route VRF and a one interface. A one is the VRF name? So that’s the reason whenever you do any routing configurations towards the customer on provider edge router, we have to configure under the VRF. Now this way we configure static routing under the VRF.

So if you’re using Rap, the configurations will be different. But the entire concept, how MPLS L Three VPN is going to work, it will be the same. So remember this. So when you configure IP Route VRFA One, which means this static route will be placed inside your VRF routing table. So press Enter not to verify, show IP route VRFA one. The verification you must see the customer land interface in your VRF routing table. If you are able to see, this is the first verification. If you are able to see, it confirms that your routing between P to C is correct. And there is one more verification you can do. You can go and check. From Router One, I must be able to ping to the customer land interface under the VRF because if you do normal ping, it will not work because it is under the VRF.

So we need to say five five I should be able to ping. You can see. So these are the two basic verifications which is going to confirm that VRF between P to C routing between the P to C routing using any routing protocol is correct. So this is what you should see. If we’re not able to ping, which means there is a problem in the routing configurations, let us try to do the same thing on the other side. That is Router Three to Router Six. I’ll go to Router Six. On the router six. I’ll configure a simple default route. And what’s the next top one? Seven to 1636 three. That is the next stop as well. And on the router six also I’m going to configure IP route. Now remember, it has to be under the VRF and the name of the VRF on the router three is a two and the destination network is six 60, 255-255-2550.

And what’s the next stop? One seven to 16. That is six. Six. Okay, done. So now if I verify my VRF routing table, I should see the Customer land interface into my VRF routing table and at the same time I should be able to ping to that customer land interface. So if you’re able to ping, which means the P to C routing is correct. Now this is your fourth step we need to do. We need to ensure that Customer Land interface or the Customer Land should get advertised into provider edge router into the VRF routing table. We can use any routing, but here we have seen how to configure static routing. And then if I try to go and check on the router file, can you see? Now on the customer side it’s less like a normal routing verification because you have a simple default route.

If I try to ping two six, will I be able to ping? So you can see I’m not able to ping. And the reason for that is we did only four things up to now. We have configured IGP inside the service portal and LDP and then we have configured VRF and P to C routing. Now these routes reach the provider edge router and the routes from the customer It will enter the provider edge router but they are not exchanging between them. Now if you want to exchange the routes between PE to PE, we need to configure two more things which we have to do the VPN V four peering which will see in in detail in our next section. And then there’s one more step left over, which is redistribution. So once you finish up these two steps now this customer land interface will be able to ping to the land interface on the other side.

Related posts:

  1. 5 Reasons to Make PowerShell Your First Programming Language
  2. 5 Useful Tips: How to Conquer IT Job Search in This Digital Age?
  3. Advantages Of Being A Certified Specialist In IT
  4. Basic CompTIA Certifications for you
  5. Boost Your Career With Cisco Certifications (Part 1)
  6. Job Opportunities For MCSE Certification
  7. Recruiter Tips for Candidates Aspiring for Software Development Position
  8. SY0-501 Section 2.9 given a scenario; select the appropriate control to meet the goals of security.
  9. Top 5 Security Skills You Should Have as a Сloud App Developer
  10. What Benefits Can You Bring to Your Company with New Cisco Certification Program?

Popular posts

Top Vendors On The IT Certification Market

Case Study Hillary’s HillRaisers raising cash for Obama inauguration

Top 5 Agile Certifications You Should Pursue in 2020

SY0-501 Section 1.1- Implement security configuration parameters on network devices and other technologies.

Your Best Career Path With EC-Council Certification

Job Opportunities For MCSE Certification

First Day at a New IT Job: Do’s and Don’ts to Master Your New Role

Reasons To Get Microsoft MCSA Certification

SY0-501 Section 3.2- Summarize various types of attacks.

SY0-501 Section 6.2- Given a scenario, use appropriate cryptographic methods.

Recent Posts

img