Configuring MPLS L3 VPN with Route Reflector on Cisco using GNS3

Configuring MPLS L3 VPN with Route Reflector on Cisco using GNS3

·

9 min read

Introduction

In our previous content, PE to PE connection establishment through Border Gateway Protocol (BGP) was used for them to share route information between customer sites. If there is an new site in a different location, you have to establish new Border Gateway Protocol (BGP) sessions between the current PEs and the PE that has that new customer route table (VRF) to be able to share route information. In the instance that the sites scaled up configuring Border Gateway Protocol (BGP) sessions can be tiresome and time-consuming.

What if instead of establishing new connections between PE routers, there is a dedicated router that could be used to supply those routing information centrally? That's when a Route Reflector comes into action.

What is it about?

Route Reflector solves the need for full-mesh requirement especially in large customer networks that is geographically separated. It cuts the establishment of creating Border Gateway Protocol (BGP) sessions into one (1) or few. With Route Reflector, BGP configuration is made simple, solving scalability issues resulting the network being resilient and flexible.

[NOTE] Creating Border Gateway Protocol (BGP) sessions on Route Reflectors still depends on the need of your network, for example, redundancy.

Pre-requisite

Make sure you checked my previous contents in MPLS so you can follow along in today's content. Previous content is available here.

Configuration

In our previous content, we configured our both PEs to share route information between sites. Still, we are going to use the same topology with new routers in the network.

New customer alert! B-CUST is a our new customer and wants their B-CUST-SITE-1 and B-CUST-SITE-2 sites to be connected through our network infrastructure. As you can see, PE-RTR-3 and PE-RTR-4 is added in our topology as Provider Edge (PE) routers that handles Virtual Routing and Forwarding (VRF) of our new customer. Do not forget our Provider (P) router P-RTR-1 that will act as our Route Reflector.

Goals

I want you to refresh our MPLS L3 VPN configuration so you can remember what we've done there. So, what we'll be doing is to setup our new PE-RTR-3 and PE-RTR-4 to join the Multi-Protocol Label Switching (MPLS) network and configure them B-CUST's Virtual Routing and Forwarding (VRF) instances.

Here are our today's goals:

  1. PE routers to join the MPLS network

  2. PE routers to create a VRF instance and establish a BGP session

  3. P router to enable being a Route Reflector

GOAL#1: PE routers to join the MPLS network

!!! PE-RTR-3 CONFIGURATION
PE-RTR-3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
PE-RTR-3(config)#interface loopback0
PE-RTR-3(config-if)#ip address 1.1.1.13 255.255.255.255
PE-RTR-3(config-if)#exit
PE-RTR-3(config)#router ospf 1
PE-RTR-3(config-router)#passive-interface loopback0
PE-RTR-3(config-router)#exit
PE-RTR-3(config)#interface g0/0
PE-RTR-3(config-if)#no shut
PE-RTR-3(config-if)#interface g0/0.8
PE-RTR-3(config-subif)#encapsulation dot1q 8
PE-RTR-3(config-subif)#ip address 10.0.0.10 255.255.255.252
PE-RTR-3(config-subif)#ip ospf 1 area 0.0.0.0
PE-RTR-3(config-subif)#mpls ip
PE-RTR-3(config-subif)#exit
PE-RTR-3(config)#interface loopback0
PE-RTR-3(config-if)#ip ospf 1 area 0.0.0.0
PE-RTR-3(config-if)#exit
!!! PE-RTR-4 Configuration
PE-RTR-4#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
PE-RTR-4(config)#interface loopback0
PE-RTR-4(config-if)#ip address
PE-RTR-4(config-if)#ip address 1.1.1.14 255.255.255.255
PE-RTR-4(config-if)#exit
PE-RTR-4(config)#router ospf 1
PE-RTR-4(config-router)#passive-interface loopback0
PE-RTR-4(config-router)#exit
PE-RTR-4(config)#interface g0/0
PE-RTR-4(config-if)#no shut
PE-RTR-4(config-if)#interface g0/0.12
PE-RTR-4(config-subif)#encapsulation dot1q 12
PE-RTR-4(config-subif)#ip address 10.0.0.14 255.255.255.252
PE-RTR-4(config-subif)#ip ospf 1 area 0.0.0.0
PE-RTR-4(config-subif)#mpls ip
PE-RTR-4(config-subif)#exit
PE-RTR-4(config)#interface loopback0
PE-RTR-4(config-if)#ip ospf 1 area 0.0.0.0
PE-RTR-4(config-if)#exit
PE-RTR-4(config)#
!!! P-RTR-1 to PE-RTR-3 Configuration
P-RTR-1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
P-RTR-1(config)#interface g3/0
P-RTR-1(config-if)#no shut
P-RTR-1(config)#interface g3/0.8
P-RTR-1(config-subif)#encapsulation dot1q 8
P-RTR-1(config-subif)#ip address 10.0.0.9 255.255.255.252
P-RTR-1(config-subif)#ip ospf 1 area 0.0.0.0
P-RTR-1(config-subif)#mpls ip
*May  4 03:25:22.855: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.13 on GigabitEthernet                                                                                                             3/0.8 from LOADING to FULL, Loading Done
*May  4 03:25:36.203: %LDP-5-NBRCHG: LDP Neighbor 1.1.1.13:0 (3) is UP
P-RTR-1(config-subif)#exit

!!! P-RTR-1 to PE-RTR-4 Configuration
P-RTR-1(config)#interface g2/0
P-RTR-1(config-if)#no shut
P-RTR-1(config-if)#interface g2/0.12
P-RTR-1(config-subif)#encapsulation dot1q 12
P-RTR-1(config-subif)#ip address 10.0.0.13 255.255.255.252
P-RTR-1(config-subif)#ip ospf 1 area 0.0.0.0
P-RTR-1(config-subif)#mpls ip
*May  4 03:26:38.815: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.14 on GigabitEthernet                                                                                                             2/0.12 from LOADING to FULL, Loading Done
*May  4 03:26:45.335: %LDP-5-NBRCHG: LDP Neighbor 1.1.1.14:0 (4) is UP
P-RTR-1(config-subif)#exit
P-RTR-1(config)#

As we enabled Open Shortest Path First (OSPF) and Multi-Protocol Label Switching in our P and PE routers, we see in P-RTR-1 that OSPF and MPLS neighborship is now active. We will now focus on creating a Virtual Routing and Forwarding (VRF) instance in each in PE routers for B-CUST.

GOAL#2: PE routers to create a VRF instance and establish a BGP session

!!! PE-RTR-3 Configuration
PE-RTR-3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
PE-RTR-3(config)#ip vrf B-CUST
PE-RTR-3(config-vrf)#rd 2914:102
PE-RTR-3(config-vrf)#route-target both 2914:102
PE-RTR-3(config-vrf)#exit
PE-RTR-3(config)#interface g5/0
PE-RTR-3(config-if)#no shut
PE-RTR-3(config-if)#interface g5/0.21
PE-RTR-3(config-subif)#ip vrf forwarding B-CUST
PE-RTR-3(config-subif)#encapsulation dot1q 21
PE-RTR-3(config-subif)#ip address 172.16.21.1 255.255.255.248
PE-RTR-3(config-subif)#do ping vrf B-CUST 172.16.21.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.21.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 4/57/152 ms
PE-RTR-3(config-subif)#exit
PE-RTR-3(config)#router bgp 2914
PE-RTR-3(config-router)#address-family ipv4 vrf B-CUST
PE-RTR-3(config-router-af)#neighbor 172.16.21.2 reomte-as 65006
PE-RTR-3(config-router-af)#network 172.16.21.0 mask 255.255.255.248
PE-RTR-3(config-router-af)#^Z
*May  4 03:46:00.443: %BGP-5-ADJCHANGE: neighbor 172.16.21.2 vpn vrf B-CUST Up
PE-RTR-3#show ip route vrf B-CUST | begin Gateway
Gateway of last resort is not set

      172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.16.21.0/29 is directly connected, GigabitEthernet5/0.21
L        172.16.21.1/32 is directly connected, GigabitEthernet5/0.21
B     192.168.11.0/24 [20/0] via 172.16.21.2, 00:02:51 //LAN route from B-CUST-SITE-2
!!! PE-RTR-4 Configuration
PE-RTR-4#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
PE-RTR-4(config)#ip vrf B-CUST
PE-RTR-4(config-vrf)#rd 2914:102
PE-RTR-4(config-vrf)#route-target both 2914:102
PE-RTR-4(config-vrf)#exit
PE-RTR-4(config)#interface g5/0
PE-RTR-4(config-if)#no shut
PE-RTR-4(config-if)#interface g5/0.22
PE-RTR-4(config-subif)#ip vrf forwarding B-CUST
PE-RTR-4(config-subif)#encapsulation dot1q 22
PE-RTR-4(config-subif)#ip address 172.16.22.1 255.255.255.248
PE-RTR-4(config-subif)#do ping vrf B-CUST 172.16.22.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.22.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/37/108 ms
PE-RTR-4(config-subif)#exit
PE-RTR-4(config)#router bgp 2914
PE-RTR-4(config-router)#address-family ipv4 vrf B-CUST
PE-RTR-4(config-router-af)#neighbor 172.16.22.2 remote-as 65007
PE-RTR-4(config-router-af)#network 172.16.22.0 mask 255.255.255.248
PE-RTR-4(config-router-af)#
*May  4 03:53:10.651: %BGP-5-ADJCHANGE: neighbor 172.16.22.2 vpn vrf B-CUST Up
PE-RTR-4(config-router-af)#do show ip route vrf B-CUST | begin Gateway
Gateway of last resort is not set

      172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.16.22.0/29 is directly connected, GigabitEthernet5/0.22
L        172.16.22.1/32 is directly connected, GigabitEthernet5/0.22
B     192.168.12.0/24 [20/0] via 172.16.22.2, 00:00:23 //LAN route from B-CUST-SITE-1

Our configuration above created a Virtual Routing and Forwarding (VRF) instances for B-CUST in each of our PE routers. Import and export command is also set. We placed the interfaces in the VRF, configured and IP address, and tested it via Ping. The VRF instance under Border Gateway Protocol (BGP) subconfiguration established our neighbors (B-CUST-SITE-1 and B-CUST-SITE-2), seeing it good, and having Local Area Network (LAN) routes from B-CUST-SITE-1 and B-CUST-SITE-2 received by our PE routers.

GOAL#3: P router to enable being a Route Reflector

In this section, we are going to configure our PE routers to establish Border Gateway Protocol (BGP) connections to P router.

!!! PE-RTR-3 Configuration
PE-RTR-3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
PE-RTR-3(config)#router bgp 2914
PE-RTR-3(config-router)#no bgp default ipv4-unicast //can be an optional command
PE-RTR-3(config-router)#neighbor 1.1.1.0 remote-as 2914
PE-RTR-3(config-router)#neighbor 1.1.1.0 update-source loopback0
PE-RTR-3(config-router)#address-family vpnv4
PE-RTR-3(config-router-af)#neighbor 1.1.1.0 activate
PE-RTR-3(config-router-af)#neighbor 1.1.1.0 send-community both
PE-RTR-3(config-router-af)#
!!! PE-RTR-4 Configuration 
PE-RTR-4#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
PE-RTR-4(config)#router bgp 2914
PE-RTR-4(config-router)#no bgp default ipv4-unicast
PE-RTR-4(config-router)#neighbor 1.1.1.0 remote-as 2914
PE-RTR-4(config-router)#neighbor 1.1.1.0 update-source loopback0
PE-RTR-4(config-router)#address-family vpnv4
PE-RTR-4(config-router-af)#neighbor 1.1.1.0 activate
PE-RTR-4(config-router-af)#neighbor 1.1.1.0 send-community both
PE-RTR-4(config-router-af)#

Above, 1.1.1.0 is our P router's Loopback address and was used to establish a Border Gateway Protocol (BGP) session. We also enabled sharing VRF instances with the help of send-community both command.

!!! P-RTR-1 Configuration
P-RTR-1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
P-RTR-1(config)#router bgp 2914
P-RTR-1(config-router)#neighbor 1.1.1.13 remote-as 2914
P-RTR-1(config-router)#neighbor 1.1.1.14 remote-as 2914
P-RTR-1(config-router)#neighbor 1.1.1.13 update-source loopback0
P-RTR-1(config-router)#neighbor 1.1.1.14 update-source loopback0
P-RTR-1(config-router)#address-family vpnv4
P-RTR-1(config-router-af)#neighbor 1.1.1.13 activate
P-RTR-1(config-router-af)#neighbor 1.1.1.14 activate
*May  4 04:20:35.807: %BGP-5-ADJCHANGE: neighbor 1.1.1.13 Up
*May  4 04:20:43.999: %BGP-5-ADJCHANGE: neighbor 1.1.1.14 Up
P-RTR-1(config-router-af)#neighbor 1.1.1.13 route-reflector-client
P-RTR-1(config-router-af)#neighbor 1.1.1.14 route-reflector-client
P-RTR-1(config-router-af)#do show ip bgp all summary
!!! Output shortened
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.13        4         2914       5       7        5    0    0 00:00:23        1
1.1.1.14        4         2914       5       8        5    0    0 00:00:12        1
!!! Output shortened

We see above that BGP session has been established. Route Reflector functionality is enabled via neighbor A.B.C.D route-reflector-client. P-RTR-1 is now acting as our Route Reflector in our MPLS network.

Testing

In B-CUST-SITE-1 and B-CUST-SITE-2, we can see now that LAN network and and uplink to PE addresses are learned via Border Gateway Protocol (BGP).

!!! B-CUST-SITE-1
B-CUST-SITE-1#show ip route bgp | begin Gateway
Gateway of last resort is not set

      172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
B        172.16.21.0/29 [20/0] via 172.16.22.1, 00:04:48 //B-CUST-SITE-2 uplink IP address to PE
B     192.168.11.0/24 [20/0] via 172.16.22.1, 00:19:48 //B-CUST-SITE-2 LAN network
!!! B-CUST-SITE-2
B-CUST-SITE-2#show ip route bgp | begin Gateway
Gateway of last resort is not set

      172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
B        172.16.22.0/29 [20/0] via 172.16.21.1, 00:05:43 //B-CUST-SITE-1 uplink IP address to PE
B     192.168.12.0/24 [20/0] via 172.16.21.1, 00:21:41 //B-CUST-SITE-1 LAN network

Let us now test if traffic from both B-CUST's routers can pass through our Multi-Protocol Label Switching (MPLS) network.

!!! B-CUST-SITE-1
B-CUST-SITE-1#ping 172.16.21.2 //B-CUST-SITE-2 uplink IP address
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.21.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 104/197/344 ms
B-CUST-SITE-1#ping 192.168.11.1 //B-CUST-SITE-2 LAN IP address
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/93/172 ms

!!! B-CUST-SITE-2
B-CUST-SITE-2#ping 172.16.22.2 B-CUST-SITE-1 uplink IP address
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.22.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 96/114/132 ms
B-CUST-SITE-2#ping 192.168.12.1 B-CUST-SITE-1 LAN IP address
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/173/564 ms

Awesome! Both B-CUST routers can reach each other through our Multi-Protocol Label Switching (MPLS) network.

!!! PE-RTR-3
PE-RTR-3#show mpls forwarding-table vrf B-CUST 192.168.12.0 detail
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
None       23         192.168.12.0/24[V]   \
                                       0             Gi0/0.8    10.0.0.9
        MAC/Encaps=18/26, MRU=1496, Label Stack{19 23} //{MPLS label, VPN label}
        CA0142AD0054CA0707300008810000088847 0001300000017000
        VPN route: B-CUST
        No output feature configured
!!! PE-RTR-4
PE-RTR-4#show mpls forwarding-table vrf B-CUST 192.168.11.0 detail
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
None       23         192.168.11.0/24[V]   \
                                       0             Gi0/0.12   10.0.0.13
        MAC/Encaps=18/26, MRU=1496, Label Stack{18 23} //{MPLS label, VPN label}
        CA0142AD0038CA06070100088100000C8847 0001200000017000
        VPN route: B-CUST
        No output feature configured

Above verifies that LAN networks for both B-CUST's router is being transported inside our MPLS network.

Conclusion

In today's content, we've successfully configured Route Reflector functionality in our current Multi-Protocol Label Switching (MPLS) network from the previous content. The configuration process is almost the same, however, Border Gateway Protocol (BGP) session is established between PE routers and P routers, with P router acting as the Route Reflector. We then verify the configuration and tested its connectivity using ICMP traffic.

Any questions or suggestions? Comment it and I would be very happy to discuss that!

Did you find this article valuable?

Support Sammyski by becoming a sponsor. Any amount is appreciated!