S-38.3192 ITGuru Exercise (3: Building the MPLS BGP VPN) Spring 2006



Similar documents
S ITGuru Excercise 3: BGP/MPLS VPN. Spring Timo-Pekka Heikkinen, Juha Järvinen and Piia Töyrylä

Notice the router names, as these are often used in MPLS terminology. The Customer Edge router a router that directly connects to a customer network.

Department of Communications and Networking. S /3133 Networking Technology, Laboratory course A/B

BGP: Border Gateway Protocol

For internal circulation of BSNLonly

MPLS VPN Implementation

Kingston University London

MPLS-based Layer 3 VPNs

Configuring MPLS Hub-and-Spoke Layer 3 VPNs

DD2491 p MPLS/BGP VPNs. Olof Hagsand KTH CSC

Table of Contents. Cisco Configuring a Basic MPLS VPN

MPLS VPN Route Target Rewrite

MikroTik RouterOS Introduction to MPLS. Prague MUM Czech Republic 2009

Implementing MPLS VPN in Provider's IP Backbone Luyuan Fang AT&T

Introducing Basic MPLS Concepts

Quidway MPLS VPN Solution for Financial Networks

Enterprise Network Simulation Using MPLS- BGP

Network Working Group Request for Comments: March 1999

RFC 2547bis: BGP/MPLS VPN Fundamentals

Introduction Inter-AS L3VPN

Configuring a Basic MPLS VPN

MPLS VPN over mgre. Finding Feature Information. Prerequisites for MPLS VPN over mgre

PRASAD ATHUKURI Sreekavitha engineering info technology,kammam

MPLS-based Virtual Private Network (MPLS VPN) The VPN usually belongs to one company and has several sites interconnected across the common service

MPLS/BGP Network Simulation Techniques for Business Enterprise Networks

Using the Border Gateway Protocol for Interdomain Routing

In this chapter, you learn about the following: How MPLS provides security (VPN separation, robustness against attacks, core hiding, and spoofing

MPLS Implementation MPLS VPN

Inter-Autonomous Systems for MPLS VPNs

How Routers Forward Packets

Virtual Private Networks. Juha Heinänen Song Networks

How To Make A Network Secure

Analyzing Capabilities of Commercial and Open-Source Routers to Implement Atomic BGP

Frame Mode MPLS Implementation

Implementing MPLS VPNs over IP Tunnels on Cisco IOS XR Software

MPLS VPN. Agenda. MP-BGP VPN Overview MPLS VPN Architecture MPLS VPN Basic VPNs MPLS VPN Complex VPNs MPLS VPN Configuration (Cisco) L86 - MPLS VPN

How To Understand Bg

l.cittadini, m.cola, g.di battista

BGP Link Bandwidth. Finding Feature Information. Prerequisites for BGP Link Bandwidth

Introduction to MPLS-based VPNs

Cisco Exam CCIE Service Provider Written Exam Version: 7.0 [ Total Questions: 107 ]

S ITGuru Excercise (Overview)

Implementing MPLS VPNs over IP Tunnels

Computer Network Architectures and Multimedia. Guy Leduc. Chapter 2 MPLS networks. Chapter 2: MPLS

MPLS Layer 2 VPNs Functional and Performance Testing Sample Test Plans

DD2491 p BGP-MPLS VPNs. Olof Hagsand KTH/CSC

MP PLS VPN MPLS VPN. Prepared by Eng. Hussein M. Harb

Implementing Cisco MPLS

MPLS Virtual Private Networks

MPLS Concepts. Overview. Objectives

Exterior Gateway Protocols (BGP)

IPv6 over IPv4/MPLS Networks: The 6PE approach

IPv6 over MPLS VPN. Contents. Prerequisites. Document ID: Requirements

HP Networking BGP and MPLS technology training

- Multiprotocol Label Switching -

Provisioning Cable Services

Design of Virtual Private Networks with MPLS

Implementing VPN over MPLS

IP/MPLS-Based VPNs Layer-3 vs. Layer-2

Understanding Route Redistribution & Filtering

IMPLEMENTING CISCO MPLS V2.3 (MPLS)

Tackling the Challenges of MPLS VPN Testing. Todd Law Product Manager Advanced Networks Division

Transitioning to BGP. ISP Workshops. Last updated 24 April 2013

White Paper. Cisco MPLS based VPNs: Equivalent to the security of Frame Relay and ATM. March 30, 2001

MPLS VPN Services. PW, VPLS and BGP MPLS/IP VPNs

IMPLEMENTING CISCO MPLS V3.0 (MPLS)

SBSCET, Firozpur (Punjab), India

Cisco Exam Implementing Cisco Service Provider Next-Generation Egde Network Services Version: 7.0 [ Total Questions: 126 ]

MPLS L2VPN (VLL) Technology White Paper

MPLS VPN Security in Service Provider Networks. Peter Tomsu Michael Behringer Monique Morrow

BGP Link Bandwidth. Finding Feature Information. Contents

UNDERSTANDING JUNOS OS NEXT-GENERATION MULTICAST VPNS

Why Is MPLS VPN Security Important?

Building VPNs. Nam-Kee Tan. With IPSec and MPLS. McGraw-Hill CCIE #4307 S&

Lab 4.2 Challenge Lab: Implementing MPLS VPNs

Junos MPLS and VPNs (JMV)

MPLS. Cisco MPLS. Cisco Router Challenge 227. MPLS Introduction. The most up-to-date version of this test is at:

Layer 3 Multiprotocol Label Switching Virtual Private Network

Implementing Cisco Service Provider Next-Generation Edge Network Services **Part of the CCNP Service Provider track**

basic BGP in Huawei CLI

AMPLS - Advanced Implementing and Troubleshooting MPLS VPN Networks v4.0

BGP as an IGP for Carrier/Enterprise Networks

Oracle Communications Unified Inventory Management

Understanding Virtual Router and Virtual Systems

SEC , Cisco Systems, Inc. All rights reserved.

Cisco IP Solution Center MPLS VPN Management 5.0

BGP Best Path Selection Algorithm

MPLS WAN Explorer. Enterprise Network Management Visibility through the MPLS VPN Cloud

MPLS VPN Security BRKSEC-2145

RA-MPLS VPN Services. Kapil Kumar Network Planning & Engineering Data. Kapil.Kumar@relianceinfo.com

IPv4/IPv6 Transition Mechanisms. Luka Koršič, Matjaž Straus Istenič

Methods of interconnecting MPLS Networks

This feature was introduced. This feature was integrated in Cisco IOS Release 12.2(11)T.

Table of Contents. Cisco How Does Load Balancing Work?

Multiprotocol Label Switching Load Balancing

How To Set Up Bgg On A Network With A Network On A Pb Or Pb On A Pc Or Ipa On A Bg On Pc Or Pv On A Ipa (Netb) On A Router On A 2

BGP (Border Gateway Protocol)

N2X Core Routing - BGP-4 MPLS VPN scenario with integrated traffic Application Note

Fundamentals Multiprotocol Label Switching MPLS III

Configuration Example

Transcription:

S-38.3192 ITGuru Exercise (3: Building the MPLS BGP VPN) Spring 2006 Original version: Johanna Nieminen and Timo Viipuri (2005) Modified: Timo-Pekka Heikkinen, Juha Järvinen and Yavor Ivanov (2006)

Task Description In ITGuru MPLS VPN creation is highly automated. The VPN Creation Wizard configures automatically e.g. BGP peers and VRF tables, and even the assignment of IP-addresses and autonomous system numbers is handled by the Wizard. This means that you should have a very clear view of how the network and the VPNs should be built before starting the wizard. Once the VPN has been created, it requires a lot of manual work to clear the configurations from the routers and build the VPN again if something went wrong in the first time. When creating a VPN with the Wizard, you first have to decide what sites you want to connect. You must select one LSR router for each site (in the MPLS core network) that will be designated as a Provider Edge (PE) router. These PE routers will be automatically configured as BGP peers and a VRF configuration will be created in each of them. Before you start configuring the wizard, do the following: If you have some separate server objects in the access networks, remove them. In the exercise we will utilize the server object available in the LAN object itself. If you have used an Ethernet switch to connect the separate server and the LAN, remove the switch as well. Add another IP gateway to Berlin and connect it with the LAN object and with the PE. This gateway is used as an endpoint for the IP VPN tunnel (this is not realistic and it s only done because ITGuru has its limitations). You should now have two different ethernet4_slip8_gtwy-gateways in Berlin: one for the MPLS VPN and another for the IP VPN. Be careful when assigning new IP addresses for the interfaces: it s best to first select the newly created links and then use AutoAssign (Protocols->IP->Addressing->Auto Assign IP addresses). Configure OSPF for the new links between Berlin LAN, Berlin tunnel-gw and Berlin PE. Name the devices in the access networks consistently. In this way it is much easier to read the configuration reports, for instance the IP-addresses assigned for the devices. Step-by-step configuration guide Step 1 Remove all previous LSPs and Traffic Mapping Configurations (if you made them in the previous exercise). The wizard will automatically create a full mesh of LSPs between the VPN sites.

Step 2 Create backup links between the PEs (LERs) and Ps (LSRs). Don t forget that 3 hops are required between any 2 subnets. If needed add new nodes. Assign IP addresses ONLY to the newly created links and enable OSPF on the interfaces. NOTE: As stated before, inside the Berlin subnet you have to put an additional gateway (ethernet4_slip8_gtwy) which will be used as a gateway for the IP VPN. Connect it to the LAN and the PE and on both interfaces enable OSPF. Check if everything is working (ping). Step 3 Applied ONLY to the sites Lisbon, Berlin, Rome 1. Disable OSPF between the CEs and PEs. Note that in Berlin subnet OSPF should only be disabled between the MPLS-VPN gateway (CE) and PE (not between the tunnel GW and PE). 2. Assign AS numbers to all autonomous systems. AS 100 AS 1 AS 1 AS 1 AS 200 LAN CE PE P PE CE LAN OSPF ebgp OSPF OSPF ebgp OSPF Assign AS numbers. A group of routers with a common set of administrative policies is called an Autonomous System (AS). Each AS is identified by a number, which you can specify on the individual routers comprising the AS. You can group the routers in your network into different ASs, each running a different interior gateway protocol (such as RIP, OSPF, or IGRP) within the AS and BGP between the border routers. AS numbers can be any integer value between 1 and 65,535. If the Autonomous System Number attribute has the default value of Auto Assigned, a random value between 1 and 65,535 is assigned to each router. For proper BGP operation, you should manually assign each BGP speaker an AS number using the Protocols > BGP > Configure AS Number operation. [See BGP Model User Guide] Step 4 MPLS/BGP VPN ibgp The approach relies on taking customer IP datagrams from a given site, looking up the destination IP address of the datagram in a forwarding table, then sending that datagram to its destination across the provider's network using an LSP.

Use the MPLS VPN wizard (Protocols->MPLS->Deploy MPLS VPNs ) to create the MPLS/BGP VPNs. Select layer 3 VPN. If you still have routers with AS number set to auto-assigned, here you can give a value. Add a VPN and uncheck the Configure OSPF box as shown on the picture. Before continuing you have to set the VPN details in the relevant column. Create a full mesh VPN between the PEs. For the interface attribute you have to select the one that points to the CE. Open the BGP parameters on each PE. You should see the following parameters: BGP can be used to distribute routing information about different address families, such as IPv4 and VPNv4. The first line specifies the IPv4 addresses and how they should be treated. Here should be defined information for the ibgp peers. Second line is specific for the created VPN and defines the ebgp neighbors. The last line is related to the VPN-IPv4 addresses (When an ingress PE router receives an IPv4 route

from a device within a VPN, it converts it into a VPN-IPv4 route by adding the route distinguisher prefix to the route). Check the Neighbor information for all address families and be sure that it contains the correct peers (in IPv4 and VPNv4: ibgp peers ONLY, and in the IPv4 parameters responsible for the VPN: ebgp peers ONLY). IPv4 and VPNv4 - ibgp peers VPN ebgp peers Neighbor Information. Configures the router s BGP neighbors. Unlike most other routing protocols, BGP does not automatically discover its neighbors. Instead, neighbors are manually configured. To configure two routers as neighbors, you should configure each as the neighbor of the other. When BGP is run between routers of the same autonomous system, it is termed an Internal BGP (IBGP). If the participating routers belong to different ASs, it is an External BGP (EBGP). When a BGP speaker receives an UPDATE message from an IBGP peer, the receiving BGP speaker does not forward the routing information in the UPDATE message to other IBGP peers. Because of this, each BGP speaker needs BGP connections to all other BGP speakers in its own AS to maintain a consistent view of the routing information within the AS. [See BGP Model User Guide] NOTE: If you need to change any records in the Neighbor Information table, be sure to specify the correct interface (for ibgp Loopback, for ebgp the physical interface). Define update source: Loopback for IBGP and for EBGP physical interface ( not used ). Enable also the Send-community attribute! Set BGP start time (use 160 seconds). Step 5 1. Configure ebgp between each CE and PE (use the correct AS numbers. NOTE: each site should have its own AS number, different from the other sites). Use the BGP wizard to create ebgp peers (Protocols->BGP->Configure EBGP Peers). 2. Redistribute the routing information accordingly. NOTE: For Berlin_CE (the VPN_Gateway) you have to enable ONLY BGP redistribution for directly connected peers. Do not enable redistribution on the PEs!

3. Select relevant statistics and test the setup by using ping from Lisbon to Berlin. Step 6 Configure the IP VPN tunnels (hint: there s an object in the internet_toolbox palette ): 1. Include IP VPN Config. 2. Configure the tunnel parameters 3. Test the configuration Again, select relevant statistics and test the setup by using ping from Paris to Berlin and from Athens to Berlin. Testing the VPN It is recommended that you test the VPNs at this point (if you haven t already) with simple IP Traffic Demands (or with anything that you find appropriate, for example ping or VoIP). First, select two site gateways belonging to the VPN and create a bidirectional IP traffic flow between these points ( Traffic->Create IP Traffic Flows ). Record the statistics that you want from the network by right clicking the mouse and selecting Choose Individual DES Statistics. Choose at least the throughput statistics from Path Statistics->LSP and from Link Statistics->pointto-point. In this way you can examine whether the traffic flows through the LSPs. To see if any traffic goes through a VPN select Global Statistics->VPN or Node Statistics->IP VPN Tunnel. If it seems that there is no traffic on the LSPs or VPNs, check if there is traffic on the links between the end points. It might be that conventional IP routing is used instead of the MPLS LSPs if you have not done the configuration properly. If the connection between the sites gateways seems to be working, try another test. Create an IP Traffic Demand between the LANs of two cities belonging to the VPN and check whether the traffic flows through all links that it should. Check also the VRF tables created by the PE routers. You can export the VRF table information by right clicking the mouse and selecting Edit Attributes->Reports->VRF Table- >Export at End of Simulation. You may also export other tables, such as IP Forwarding Table and OSPF Routing Table. Make sure that you have all the necessary destinations in the IP Forwarding Table. If something seems to be wrong, check the IP and BGP routing tables (click on a router and set Reports->BGP Routing Table to Export at End of Simulation). Hints You can check quickly the routing domains and protocol configuration by choosing View->Visualize Protocol Configuration->IP Routing Domains. The appearing Routing Domain Legend shows the meaning of the symbols. In this view you are able

to see the routing domains, points where static routes are used and points where redistribution is used. In order to visualize BGP peers, choose View->Visualize Protocol Configuration->BGP peers. The BGP peers should now be connected with green, dotted lines. When trying to figure out what IP address belongs to which network node use the network browser View->Show Network Browser. You must NOT touch the IP-addresses that the Wizard has assigned for the devices in the core network. For instance, if you select Clear IP addresses on all interfaces and after this use AutoAssign, this will clear and reassign ALL IP-addresses in the network, including the addresses of the core devices. The Wizard has configured BPG peers, VRF tables etc., and thus the IPaddresses of these peers MUST NOT be changed; otherwise you have to manually reconfigure the devices. After AutoAssign you can create a configuration report (Protocols->IP- >Configuration Reports->Select All) to check that there are no overlapping IP-addresses in the network. If you need to assign IP-addresses to some interfaces (for example, if you create new routers in the access network), you may use AutoAssign, as long as you do not erase the existing addresses. Check from the configuration reports or directly from the router configurations that IP-addresses were really created in the right interfaces. If you have problems when testing the network (e.g. no route to Berlin_LAN before at certain time) try adjusting the start times of traffic demands or the routing protocols. You will experience problems when trying to ping from Athens to Berlin before the routing protocols have converged. Exercise Sessions The exercise session for this task will be arranged on Thursday, 9 th February at 14 o clock in computer class Maari-A. Handout Requirements The exercise should be returned before the beginning of the next exercise session (23 rd February, 14 o clock). Send the exercise package as an e-mail attachment to Yavor Ivanov (yivanov@netlab.hut.fi) provided that the size of the attachment is reasonable. You have to pack the files with the command: tar -cf - -C ~ op_models gzip > 3_building_vpn.tar.gz Remember to include only the relevant files (we do not want all the backups). Try to unpack the files and then run the project on some other computer (or with another group member s account) to make sure that the packaging is done properly.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information