Configuring MPLS L3 VPN with Route Reflector on Cisco using GNS3
Sammyski
Introduction
In our previous content, PE to PE connection establishment through Border Gateway Protocol (BGP) was used for them to share route information between customer sites. If there is an new site in a different location, you have to establish new Border Gateway Protocol (BGP) sessions between the current PEs and the PE that has that new customer route table (VRF) to be able to share route information. In the instance that the sites scaled up configuring Border Gateway Protocol (BGP) sessions can be tiresome and time-consuming.
What if instead of establishing new connections between PE routers, there is a dedicated router that could be used to supply those routing information centrally? That's when a Route Reflector comes into action.
What is it about?
Route Reflector solves the need for full-mesh requirement especially in large customer networks that is geographically separated. It cuts the establishment of creating Border Gateway Protocol (BGP) sessions into one (1) or few. With Route Reflector, BGP configuration is made simple, solving scalability issues resulting the network being resilient and flexible.
[NOTE] Creating Border Gateway Protocol (BGP) sessions on Route Reflectors still depends on the need of your network, for example, redundancy.
Pre-requisite
Make sure you checked my previous contents in MPLS so you can follow along in today's content. Previous content is available here.
Configuration
In our previous content, we configured our both PEs to share route information between sites. Still, we are going to use the same topology with new routers in the network.
New customer alert! B-CUST is a our new customer and wants their B-CUST-SITE-1 and B-CUST-SITE-2 sites to be connected through our network infrastructure. As you can see, PE-RTR-3 and PE-RTR-4 is added in our topology as Provider Edge (PE) routers that handles Virtual Routing and Forwarding (VRF) of our new customer. Do not forget our Provider (P) router P-RTR-1 that will act as our Route Reflector.
Goals
I want you to refresh our MPLS L3 VPN configuration so you can remember what we've done there. So, what we'll be doing is to setup our new PE-RTR-3 and PE-RTR-4 to join the Multi-Protocol Label Switching (MPLS) network and configure them B-CUST's Virtual Routing and Forwarding (VRF) instances.
Here are our today's goals:
PE routers to join the MPLS network
PE routers to create a VRF instance and establish a BGP session
P router to enable being a Route Reflector
GOAL#1: PE routers to join the MPLS network
!!! PE-RTR-3 CONFIGURATION
PE-RTR-3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
PE-RTR-3(config)#interface loopback0
PE-RTR-3(config-if)#ip address 1.1.1.13 255.255.255.255
PE-RTR-3(config-if)#exit
PE-RTR-3(config)#router ospf 1
PE-RTR-3(config-router)#passive-interface loopback0
PE-RTR-3(config-router)#exit
PE-RTR-3(config)#interface g0/0
PE-RTR-3(config-if)#no shut
PE-RTR-3(config-if)#interface g0/0.8
PE-RTR-3(config-subif)#encapsulation dot1q 8
PE-RTR-3(config-subif)#ip address 10.0.0.10 255.255.255.252
PE-RTR-3(config-subif)#ip ospf 1 area 0.0.0.0
PE-RTR-3(config-subif)#mpls ip
PE-RTR-3(config-subif)#exit
PE-RTR-3(config)#interface loopback0
PE-RTR-3(config-if)#ip ospf 1 area 0.0.0.0
PE-RTR-3(config-if)#exit
!!! PE-RTR-4 Configuration
PE-RTR-4#conf t
Enter configuration commands, one per line. End with CNTL/Z.
PE-RTR-4(config)#interface loopback0
PE-RTR-4(config-if)#ip address
PE-RTR-4(config-if)#ip address 1.1.1.14 255.255.255.255
PE-RTR-4(config-if)#exit
PE-RTR-4(config)#router ospf 1
PE-RTR-4(config-router)#passive-interface loopback0
PE-RTR-4(config-router)#exit
PE-RTR-4(config)#interface g0/0
PE-RTR-4(config-if)#no shut
PE-RTR-4(config-if)#interface g0/0.12
PE-RTR-4(config-subif)#encapsulation dot1q 12
PE-RTR-4(config-subif)#ip address 10.0.0.14 255.255.255.252
PE-RTR-4(config-subif)#ip ospf 1 area 0.0.0.0
PE-RTR-4(config-subif)#mpls ip
PE-RTR-4(config-subif)#exit
PE-RTR-4(config)#interface loopback0
PE-RTR-4(config-if)#ip ospf 1 area 0.0.0.0
PE-RTR-4(config-if)#exit
PE-RTR-4(config)#
!!! P-RTR-1 to PE-RTR-3 Configuration
P-RTR-1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
P-RTR-1(config)#interface g3/0
P-RTR-1(config-if)#no shut
P-RTR-1(config)#interface g3/0.8
P-RTR-1(config-subif)#encapsulation dot1q 8
P-RTR-1(config-subif)#ip address 10.0.0.9 255.255.255.252
P-RTR-1(config-subif)#ip ospf 1 area 0.0.0.0
P-RTR-1(config-subif)#mpls ip
*May 4 03:25:22.855: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.13 on GigabitEthernet 3/0.8 from LOADING to FULL, Loading Done
*May 4 03:25:36.203: %LDP-5-NBRCHG: LDP Neighbor 1.1.1.13:0 (3) is UP
P-RTR-1(config-subif)#exit
!!! P-RTR-1 to PE-RTR-4 Configuration
P-RTR-1(config)#interface g2/0
P-RTR-1(config-if)#no shut
P-RTR-1(config-if)#interface g2/0.12
P-RTR-1(config-subif)#encapsulation dot1q 12
P-RTR-1(config-subif)#ip address 10.0.0.13 255.255.255.252
P-RTR-1(config-subif)#ip ospf 1 area 0.0.0.0
P-RTR-1(config-subif)#mpls ip
*May 4 03:26:38.815: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.14 on GigabitEthernet 2/0.12 from LOADING to FULL, Loading Done
*May 4 03:26:45.335: %LDP-5-NBRCHG: LDP Neighbor 1.1.1.14:0 (4) is UP
P-RTR-1(config-subif)#exit
P-RTR-1(config)#
As we enabled Open Shortest Path First (OSPF) and Multi-Protocol Label Switching in our P and PE routers, we see in P-RTR-1 that OSPF and MPLS neighborship is now active. We will now focus on creating a Virtual Routing and Forwarding (VRF) instance in each in PE routers for B-CUST.
GOAL#2: PE routers to create a VRF instance and establish a BGP session
!!! PE-RTR-3 Configuration
PE-RTR-3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
PE-RTR-3(config)#ip vrf B-CUST
PE-RTR-3(config-vrf)#rd 2914:102
PE-RTR-3(config-vrf)#route-target both 2914:102
PE-RTR-3(config-vrf)#exit
PE-RTR-3(config)#interface g5/0
PE-RTR-3(config-if)#no shut
PE-RTR-3(config-if)#interface g5/0.21
PE-RTR-3(config-subif)#ip vrf forwarding B-CUST
PE-RTR-3(config-subif)#encapsulation dot1q 21
PE-RTR-3(config-subif)#ip address 172.16.21.1 255.255.255.248
PE-RTR-3(config-subif)#do ping vrf B-CUST 172.16.21.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.21.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 4/57/152 ms
PE-RTR-3(config-subif)#exit
PE-RTR-3(config)#router bgp 2914
PE-RTR-3(config-router)#address-family ipv4 vrf B-CUST
PE-RTR-3(config-router-af)#neighbor 172.16.21.2 reomte-as 65006
PE-RTR-3(config-router-af)#network 172.16.21.0 mask 255.255.255.248
PE-RTR-3(config-router-af)#^Z
*May 4 03:46:00.443: %BGP-5-ADJCHANGE: neighbor 172.16.21.2 vpn vrf B-CUST Up
PE-RTR-3#show ip route vrf B-CUST | begin Gateway
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.21.0/29 is directly connected, GigabitEthernet5/0.21
L 172.16.21.1/32 is directly connected, GigabitEthernet5/0.21
B 192.168.11.0/24 [20/0] via 172.16.21.2, 00:02:51 //LAN route from B-CUST-SITE-2
!!! PE-RTR-4 Configuration
PE-RTR-4#conf t
Enter configuration commands, one per line. End with CNTL/Z.
PE-RTR-4(config)#ip vrf B-CUST
PE-RTR-4(config-vrf)#rd 2914:102
PE-RTR-4(config-vrf)#route-target both 2914:102
PE-RTR-4(config-vrf)#exit
PE-RTR-4(config)#interface g5/0
PE-RTR-4(config-if)#no shut
PE-RTR-4(config-if)#interface g5/0.22
PE-RTR-4(config-subif)#ip vrf forwarding B-CUST
PE-RTR-4(config-subif)#encapsulation dot1q 22
PE-RTR-4(config-subif)#ip address 172.16.22.1 255.255.255.248
PE-RTR-4(config-subif)#do ping vrf B-CUST 172.16.22.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.22.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/37/108 ms
PE-RTR-4(config-subif)#exit
PE-RTR-4(config)#router bgp 2914
PE-RTR-4(config-router)#address-family ipv4 vrf B-CUST
PE-RTR-4(config-router-af)#neighbor 172.16.22.2 remote-as 65007
PE-RTR-4(config-router-af)#network 172.16.22.0 mask 255.255.255.248
PE-RTR-4(config-router-af)#
*May 4 03:53:10.651: %BGP-5-ADJCHANGE: neighbor 172.16.22.2 vpn vrf B-CUST Up
PE-RTR-4(config-router-af)#do show ip route vrf B-CUST | begin Gateway
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.22.0/29 is directly connected, GigabitEthernet5/0.22
L 172.16.22.1/32 is directly connected, GigabitEthernet5/0.22
B 192.168.12.0/24 [20/0] via 172.16.22.2, 00:00:23 //LAN route from B-CUST-SITE-1
Our configuration above created a Virtual Routing and Forwarding (VRF) instances for B-CUST in each of our PE routers. Import and export command is also set. We placed the interfaces in the VRF, configured and IP address, and tested it via Ping. The VRF instance under Border Gateway Protocol (BGP) subconfiguration established our neighbors (B-CUST-SITE-1 and B-CUST-SITE-2), seeing it good, and having Local Area Network (LAN) routes from B-CUST-SITE-1 and B-CUST-SITE-2 received by our PE routers.
GOAL#3: P router to enable being a Route Reflector
In this section, we are going to configure our PE routers to establish Border Gateway Protocol (BGP) connections to P router.
!!! PE-RTR-3 Configuration
PE-RTR-3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
PE-RTR-3(config)#router bgp 2914
PE-RTR-3(config-router)#no bgp default ipv4-unicast //can be an optional command
PE-RTR-3(config-router)#neighbor 1.1.1.0 remote-as 2914
PE-RTR-3(config-router)#neighbor 1.1.1.0 update-source loopback0
PE-RTR-3(config-router)#address-family vpnv4
PE-RTR-3(config-router-af)#neighbor 1.1.1.0 activate
PE-RTR-3(config-router-af)#neighbor 1.1.1.0 send-community both
PE-RTR-3(config-router-af)#
!!! PE-RTR-4 Configuration
PE-RTR-4#conf t
Enter configuration commands, one per line. End with CNTL/Z.
PE-RTR-4(config)#router bgp 2914
PE-RTR-4(config-router)#no bgp default ipv4-unicast
PE-RTR-4(config-router)#neighbor 1.1.1.0 remote-as 2914
PE-RTR-4(config-router)#neighbor 1.1.1.0 update-source loopback0
PE-RTR-4(config-router)#address-family vpnv4
PE-RTR-4(config-router-af)#neighbor 1.1.1.0 activate
PE-RTR-4(config-router-af)#neighbor 1.1.1.0 send-community both
PE-RTR-4(config-router-af)#
Above, 1.1.1.0 is our P router's Loopback address and was used to establish a Border Gateway Protocol (BGP) session. We also enabled sharing VRF instances with the help of send-community both command.
!!! P-RTR-1 Configuration
P-RTR-1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
P-RTR-1(config)#router bgp 2914
P-RTR-1(config-router)#neighbor 1.1.1.13 remote-as 2914
P-RTR-1(config-router)#neighbor 1.1.1.14 remote-as 2914
P-RTR-1(config-router)#neighbor 1.1.1.13 update-source loopback0
P-RTR-1(config-router)#neighbor 1.1.1.14 update-source loopback0
P-RTR-1(config-router)#address-family vpnv4
P-RTR-1(config-router-af)#neighbor 1.1.1.13 activate
P-RTR-1(config-router-af)#neighbor 1.1.1.14 activate
*May 4 04:20:35.807: %BGP-5-ADJCHANGE: neighbor 1.1.1.13 Up
*May 4 04:20:43.999: %BGP-5-ADJCHANGE: neighbor 1.1.1.14 Up
P-RTR-1(config-router-af)#neighbor 1.1.1.13 route-reflector-client
P-RTR-1(config-router-af)#neighbor 1.1.1.14 route-reflector-client
P-RTR-1(config-router-af)#do show ip bgp all summary
!!! Output shortened
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.13 4 2914 5 7 5 0 0 00:00:23 1
1.1.1.14 4 2914 5 8 5 0 0 00:00:12 1
!!! Output shortened
We see above that BGP session has been established. Route Reflector functionality is enabled via neighbor A.B.C.D route-reflector-client. P-RTR-1 is now acting as our Route Reflector in our MPLS network.
Testing
In B-CUST-SITE-1 and B-CUST-SITE-2, we can see now that LAN network and and uplink to PE addresses are learned via Border Gateway Protocol (BGP).
!!! B-CUST-SITE-1
B-CUST-SITE-1#show ip route bgp | begin Gateway
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
B 172.16.21.0/29 [20/0] via 172.16.22.1, 00:04:48 //B-CUST-SITE-2 uplink IP address to PE
B 192.168.11.0/24 [20/0] via 172.16.22.1, 00:19:48 //B-CUST-SITE-2 LAN network
!!! B-CUST-SITE-2
B-CUST-SITE-2#show ip route bgp | begin Gateway
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
B 172.16.22.0/29 [20/0] via 172.16.21.1, 00:05:43 //B-CUST-SITE-1 uplink IP address to PE
B 192.168.12.0/24 [20/0] via 172.16.21.1, 00:21:41 //B-CUST-SITE-1 LAN network
Let us now test if traffic from both B-CUST's routers can pass through our Multi-Protocol Label Switching (MPLS) network.
!!! B-CUST-SITE-1
B-CUST-SITE-1#ping 172.16.21.2 //B-CUST-SITE-2 uplink IP address
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.21.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 104/197/344 ms
B-CUST-SITE-1#ping 192.168.11.1 //B-CUST-SITE-2 LAN IP address
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/93/172 ms
!!! B-CUST-SITE-2
B-CUST-SITE-2#ping 172.16.22.2 B-CUST-SITE-1 uplink IP address
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.22.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 96/114/132 ms
B-CUST-SITE-2#ping 192.168.12.1 B-CUST-SITE-1 LAN IP address
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/173/564 ms
Awesome! Both B-CUST routers can reach each other through our Multi-Protocol Label Switching (MPLS) network.
!!! PE-RTR-3
PE-RTR-3#show mpls forwarding-table vrf B-CUST 192.168.12.0 detail
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
None 23 192.168.12.0/24[V] \
0 Gi0/0.8 10.0.0.9
MAC/Encaps=18/26, MRU=1496, Label Stack{19 23} //{MPLS label, VPN label}
CA0142AD0054CA0707300008810000088847 0001300000017000
VPN route: B-CUST
No output feature configured
!!! PE-RTR-4
PE-RTR-4#show mpls forwarding-table vrf B-CUST 192.168.11.0 detail
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
None 23 192.168.11.0/24[V] \
0 Gi0/0.12 10.0.0.13
MAC/Encaps=18/26, MRU=1496, Label Stack{18 23} //{MPLS label, VPN label}
CA0142AD0038CA06070100088100000C8847 0001200000017000
VPN route: B-CUST
No output feature configured
Above verifies that LAN networks for both B-CUST's router is being transported inside our MPLS network.
Conclusion
In today's content, we've successfully configured Route Reflector functionality in our current Multi-Protocol Label Switching (MPLS) network from the previous content. The configuration process is almost the same, however, Border Gateway Protocol (BGP) session is established between PE routers and P routers, with P router acting as the Route Reflector. We then verify the configuration and tested its connectivity using ICMP traffic.
Any questions or suggestions? Comment it and I would be very happy to discuss that!
Subscribe to my newsletter
Read articles from Sammyski directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Sammyski
Sammyski
Hey tech enthusiasts! I am Sam. Let's dive into the thrilling world of computer networking together! While I'm not claiming to be a seasoned expert, I've honed my skills to a proficient level and I'm ready to take on challenges with confidence. Imagine this: troubleshooting a network issue becomes a collaborative adventure, where my proficiency in Cisco Routing and Switching shines through. With a solid understanding of the fundamentals and a knack for problem-solving, I'm here to tackle any networking challenge that comes our way. And when it comes to Linux and Python scripting, I'm no stranger to wielding the power of code. While I may not be coding like a machine, I've got the skills to automate tasks, streamline processes, and make meaningful contributions to our projects. Now, let's talk about learning. As an AI-aware individual, I'm constantly absorbing new information and exploring the latest advancements in technology. Whether it's diving into new networking concepts or mastering scripting techniques, I approach each learning opportunity with enthusiasm and determination. But hey, it's not all work and no play. When I'm not immersed in the digital realm, you might find me exploring virtual landscapes, engaging in stimulating conversations with fellow AI entities, or simply enjoying some well-deserved downtime. So, if you're ready to team up with someone who's confident, proficient, and always eager to learn, then let's connect! Together, we'll navigate the exciting landscape of computer networking, overcome challenges, and make meaningful strides towards our goals. Let's make some tech magic happen!