Hello colleagues!

Bring to your attention the idea of design CsC MPLS VPN for the enterprise.

MPLS VPN SP AS1 is the primary path for what traffic, and MPLS VPN AS2 is for to support failover.

The two MPLS providers are used with one CE devices per location. On the part of the branch, one router combines the functions of CE and CsC-PE devices.

Imternet access for the branches going through the office.In this setting, between the equipment CE1 and CsC-PE1 can be set ASA.

Fully test this idea I do not have the technical capabilities. Who are interested in this idea, conduct tests, please.

I will be glad to hear from you comments and suggestions to improve the current design.

CsC_MPLS_VPN.png

If you see errors, please tell us.

It traceroute from the branch to the office.

CsC-CE5#traceroute vrf CUSTOM 10.1.30.130

Type escape sequence to abort.

Tracing the route to 10.1.30.130

VRF info: (vrf in name/id, vrf out name/id)

  1 10.5.30.5 [MPLS: Label 5014 Exp 0] 84 msec 44 msec 100 msec

  2 192.168.5.5 [MPLS: Labels 1212/4138 Exp 0] 76 msec 48 msec 56 msec

  3 172.16.0.1 [MPLS: Labels 0/1107/1107/4138 Exp 0] 68 msec 72 msec 72 msec

  4 10.1.190.14 [MPLS: Labels 4004/4138 Exp 0] 96 msec 44 msec 60 msec

  5 10.1.30.21 [MPLS: Label 4138 Exp 0] 56 msec 40 msec 60 msec

  6 10.1.30.22 48 msec *  44 msec

 

It traceroute from the branch to the AS1.

CsC-CE5#traceroute vrf CUSTOM 1.1.1.1   

Type escape sequence to abort.

Tracing the route to 1.1.1.1

VRF info: (vrf in name/id, vrf out name/id)

  1 10.5.30.5 [MPLS: Label 5011 Exp 0] 56 msec 60 msec 52 msec

  2 192.168.5.5 [MPLS: Labels 1212/4107 Exp 0] 60 msec 56 msec 48 msec

  3 172.16.0.1 [MPLS: Labels 0/1107/1107/4107 Exp 0] 48 msec 44 msec 44 msec

  4 10.1.190.14 [MPLS: Labels 4004/4107 Exp 0] 48 msec 48 msec 44 msec

  5 10.1.30.129 64 msec 44 msec 44 msec

  6 10.1.190.5 [MPLS: Label 4026 Exp 0] 48 msec 56 msec 60 msec

  7 10.1.190.13 96 msec *  88 msec


It traceroute from the branch to the AS2.

CsC-CE5#traceroute vrf CUSTOM 2.2.2.2

Type escape sequence to abort.

Tracing the route to 2.2.2.2

VRF info: (vrf in name/id, vrf out name/id)

  1 10.5.30.5 [MPLS: Label 5011 Exp 0] 44 msec 56 msec 56 msec

  2 192.168.5.5 [MPLS: Labels 1212/4107 Exp 0] 56 msec 56 msec 56 msec

  3 172.16.0.1 [MPLS: Labels 0/1107/1107/4107 Exp 0] 60 msec 56 msec 52 msec

  4 10.1.190.14 [MPLS: Labels 4004/4107 Exp 0] 64 msec 56 msec 60 msec

  5 10.1.30.129 60 msec 56 msec 60 msec

  6 10.1.190.5 [MPLS: Label 4008 Exp 0] 56 msec 68 msec 56 msec

  7 10.1.190.9 96 msec *  104 msec

 

It traceroute from the branch to the office, if MPLS VPN network AS1 is faulty.

CsC-CE5#traceroute vrf CUSTOM 10.1.30.130

Type escape sequence to abort.

Tracing the route to 10.1.30.130

VRF info: (vrf in name/id, vrf out name/id)

  1 10.5.30.5 [MPLS: Label 5014 Exp 0] 84 msec 72 msec 68 msec

  2 192.168.5.9 [MPLS: Labels 2204/4138 Exp 0] 72 msec 68 msec 68 msec

  3 172.16.3.1 [MPLS: Labels 0/2111/2111/4138 Exp 0] 72 msec 44 msec 60 msec

  4 10.1.190.10 [MPLS: Labels 4000/4138 Exp 0] 88 msec 72 msec 72 msec

  5 10.1.30.21 [MPLS: Labels 0/4138 Exp 0] 36 msec 48 msec 52 msec

  6 10.1.30.22 80 msec *  52 msec

 

CsC-PE1 is configured as follows:

!

version 15.2

!

hostname CsC-PE1

!

ip vrf CUSTOM

rd 10.1.30.129:1

maximum routes 1600 90

route-target export 65190:30

route-target import 65190:190

route-target import 65190:30

!

ip vrf GLOBAL

rd 10.1.190.1:1

maximum routes 1500 90

route-target export 65190:190

route-target import 65190:30

!

mpls label range 4100 4199

mpls label protocol ldp

mpls ldp explicit-null

mpls ldp session protection

mpls ip default-route

!

interface Loopback0

description FOR MPLS LDP ROUTER-ID

ip address 192.168.1.1 255.255.255.255

!

interface Loopback2

description FOR VPNV4 NEIGHBOR

ip address 192.168.1.2 255.255.255.255

!

interface Loopback30

ip vrf forwarding CUSTOM

ip address 10.1.30.129 255.255.255.255

!

interface Loopback190

ip vrf forwarding GLOBAL

ip address 10.1.190.1 255.255.255.255

!

interface GigabitEthernet0/0

mtu 1508

no ip address

duplex full

speed 1000

media-type gbic

negotiation auto

!

interface GigabitEthernet0/0.1

description TO THE CE1 FOR CsC MPLS VPN TRAFFIC THROUGH AS1

encapsulation dot1Q 11

ip address 192.168.1.6 255.255.255.252

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 PLASHCHUN

ip ospf network point-to-multipoint

mpls ip

bfd interval 300 min_rx 300 multiplier 3

no bfd echo

!

interface GigabitEthernet0/0.2

description TO THE CE1 FOR CsC MPLS VPN TRAFFIC THROUGH AS2

encapsulation dot1Q 2

ip address 192.168.1.10 255.255.255.252

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 PLASHCHUN

ip ospf network point-to-point

mpls ip

!

interface GigabitEthernet0/0.190

description TO THE CE1 FOR INTERNET TRAFFIC

encapsulation dot1Q 190

ip vrf forwarding GLOBAL

ip address 10.1.190.6 255.255.255.252

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 PLASHCHUN

ip ospf network point-to-multipoint

mpls ip

!

interface GigabitEthernet1/0

mtu 1504

no ip address

negotiation auto

!

interface GigabitEthernet1/0.30

description TO THE CsC-CE1 FOR MPLS

encapsulation dot1Q 30

ip vrf forwarding CUSTOM

ip address 10.1.30.21 255.255.255.252

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 PLASHCHUN

ip ospf network point-to-point

mpls ip

!

router ospf 190 vrf GLOBAL

router-id 10.1.190.1

max-metric router-lsa on-startup 30

ispf

auto-cost reference-bandwidth 1000

capability vrf-lite

redistribute bgp 65190 subnets route-map FOR_MPLS

network 1.1.190.0 0.0.0.255 area 0

network 2.2.190.0 0.0.0.255 area 0

network 10.1.190.1 0.0.0.0 area 0

network 10.1.190.4 0.0.0.3 area 0

!

router ospf 30 vrf CUSTOM

router-id 10.1.30.129

max-metric router-lsa on-startup 30

ispf

auto-cost reference-bandwidth 1000

capability vrf-lite

redistribute bgp 65190 subnets route-map FOR_MPLS

network 10.1.30.20 0.0.0.3 area 1

network 10.1.30.129 0.0.0.0 area 0

default-information originate always

!

router ospf 1

router-id 192.168.1.1

max-metric router-lsa on-startup 30

ispf

auto-cost reference-bandwidth 1000

area 1 filter-list prefix LOOPBACK_MPLS in

area 2 filter-list prefix LOOPBACK_MPLS in

network 192.168.1.1 0.0.0.0 area 0

network 192.168.1.2 0.0.0.0 area 2

network 192.168.1.4 0.0.0.3 area 1

network 192.168.1.8 0.0.0.3 area 2

!

router bgp 65190

bgp router-id 192.168.1.1

bgp log-neighbor-changes

bgp update-delay 1

bgp bestpath as-path multipath-relax

no bgp default ipv4-unicast

no bgp default route-target filter

timers bgp 10 30

neighbor 192.168.5.2 remote-as 65190

neighbor 192.168.5.2 description TO THE CE5_and_CsC-PE5 through AS2

neighbor 192.168.5.2 password PLASHCHUN

neighbor 192.168.5.2 update-source Loopback2

neighbor 192.168.5.2 fall-over route-map FALL_OVER_CsC_AS2

neighbor 192.168.5.6 remote-as 65190

neighbor 192.168.5.6 description TO THE CE5_and_CsC-PE5 through AS1

neighbor 192.168.5.6 password PLASHCHUN

neighbor 192.168.5.6 update-source GigabitEthernet0/0.1

neighbor 192.168.5.6 fall-over bfd single-hop

!

address-family vpnv4

  bgp nexthop trigger delay 1

  bgp scan-time 5

  neighbor 192.168.5.2 activate

  neighbor 192.168.5.2 send-community both

  neighbor 192.168.5.2 next-hop-self

  neighbor 192.168.5.2 advertisement-interval 1

  neighbor 192.168.5.6 activate

  neighbor 192.168.5.6 send-community both

  neighbor 192.168.5.6 next-hop-self

  neighbor 192.168.5.6 advertisement-interval 1

  neighbor 192.168.5.6 route-map CsC_MPLS_BEST_PATH in

  maximum-paths 2

exit-address-family

!

address-family ipv4 vrf CUSTOM

  import path selection all

  import path limit 2

  bgp router-id 10.1.30.129

  redistribute static metric 30

  redistribute ospf 30 match internal external 1 external 2

  maximum-paths 2

  default-information originate

exit-address-family

!

address-family ipv4 vrf GLOBAL

  import path selection all

  import path limit 2

  bgp router-id 10.1.190.1

  redistribute static metric 190

  redistribute ospf 190 match internal external 1 external 2

  neighbor 10.1.190.9 remote-as 2

  neighbor 10.1.190.9 description TO THE PE1_AS2 FOR INTERNET TRAFFIC

  neighbor 10.1.190.9 ebgp-multihop 2

  neighbor 10.1.190.9 password PLASHCHUN

  neighbor 10.1.190.9 update-source GigabitEthernet0/0.190

  neighbor 10.1.190.9 fall-over route-map FALL_OVER_GLOBAL_AS2

  neighbor 10.1.190.9 activate

  neighbor 10.1.190.9 prefix-list RFC1918_PLUS in

  neighbor 10.1.190.9 route-map NO_ADVERTISE in

  neighbor 10.1.190.9 maximum-prefix 1000 90

  neighbor 10.1.190.9 filter-list 2 in

  neighbor 10.1.190.9 filter-list 19 out

  neighbor 10.1.190.13 remote-as 1

  neighbor 10.1.190.13 description TO THE PE1_AS1 FOR INTERNET TRAFFIC

  neighbor 10.1.190.13 ebgp-multihop 2

  neighbor 10.1.190.13 password PLASHCHUN

  neighbor 10.1.190.13 update-source Loopback190

  neighbor 10.1.190.13 fall-over route-map FALL_OVER_GLOBAL_AS1

  neighbor 10.1.190.13 activate

  neighbor 10.1.190.13 prefix-list RFC1918_PLUS in

  neighbor 10.1.190.13 route-map NO_ADVERTISE in

  neighbor 10.1.190.13 maximum-prefix 1000 90

  neighbor 10.1.190.13 filter-list 1 in

  neighbor 10.1.190.13 filter-list 19 out

  maximum-paths 2

  default-information originate

exit-address-family

!

ip bgp-community new-format

ip as-path access-list 1 permit ^(1_)+$

ip as-path access-list 1 permit ^(1_)+_[0-9]+$

ip as-path access-list 2 permit ^2_[0-9]*$

ip as-path access-list 19 deny .*

!

ip route vrf CUSTOM 0.0.0.0 0.0.0.0 Null0

ip route vrf GLOBAL 0.0.0.0 128.0.0.0 10.1.190.3 254

ip route vrf GLOBAL 128.0.0.0 128.0.0.0 10.1.190.3 254

!

ip prefix-list FALL_OVER_CsC_NETWORK_AS2 seq 10 permit 192.168.5.2/32

!

ip prefix-list FALL_OVER_GLOBAL_NETWORK_AS1 seq 10 permit 10.1.190.13/32

!

ip prefix-list FALL_OVER_GLOBAL_NETWORK_AS2 seq 10 permit 10.1.190.9/32

!

ip prefix-list LOCAL_NETWORK seq 10 permit 10.0.0.0/8 le 32

ip prefix-list LOCAL_NETWORK seq 20 permit 172.16.0.0/12 le 32

ip prefix-list LOCAL_NETWORK seq 30 permit 192.168.0.0/16 le 32

!

ip prefix-list LOOPBACK_MPLS seq 10 permit 192.168.1.1/32

!

ip prefix-list RFC1918_PLUS seq 10 permit 10.1.190.3/32

ip prefix-list RFC1918_PLUS seq 20 deny 10.0.0.0/8 le 32

ip prefix-list RFC1918_PLUS seq 30 deny 172.16.0.0/12 le 32

ip prefix-list RFC1918_PLUS seq 40 deny 192.168.0.0/16 le 32

ip prefix-list RFC1918_PLUS seq 50 deny 127.0.0.0/8 le 32

ip prefix-list RFC1918_PLUS seq 60 deny 0.0.0.0/8 le 32

ip prefix-list RFC1918_PLUS seq 70 deny 169.254.0.0/16 le 32

ip prefix-list RFC1918_PLUS seq 80 deny 224.0.0.0/4 le 32

ip prefix-list RFC1918_PLUS seq 90 deny 240.0.0.0/4 le 32

ip prefix-list RFC1918_PLUS seq 100 deny 0.0.0.0/0

ip prefix-list RFC1918_PLUS seq 1000 permit 0.0.0.0/0 le 19

!

route-map FALL_OVER_CsC_AS2 permit 10

match ip address prefix-list FALL_OVER_CsC_NETWORK_AS2

!

route-map FOR_MPLS permit 10

match ip address prefix-list LOCAL_NETWORK

set origin igp

!

route-map NO_ADVERTISE permit 10

set community no-advertise

!

route-map CsC_MPLS_BEST_PATH permit 10

set weight 200

!

route-map FALL_OVER_GLOBAL_AS2 permit 10

match ip address prefix-list FALL_OVER_GLOBAL_NETWORK_AS2

!

route-map FALL_OVER_GLOBAL_AS1 permit 10

match ip address prefix-list FALL_OVER_GLOBAL_NETWORK_AS1

!

mpls ldp router-id Loopback0 force

mpls ldp router-id vrf CUSTOM Loopback30 force

mpls ldp router-id vrf GLOBAL Loopback190 force

!

banner motd !Looking fow new opportunities (remote/virtual) Network Engineer CCNP       igor.plashchun@yahoo.com +380953589271!

!

end

 

CE1 is configured as follows:

 

!

version 15.2

!

hostname CE1

!

ip vrf CsC_AS1

rd 192.168.1.0:1

route-target export 192.168.1.0:1

route-target import 192.168.5.0:5

!

ip vrf CsC_AS2

rd 192.168.1.3:1

route-target export 192.168.1.3:1

route-target import 192.168.5.3:5

!

mpls label range 4000 4099

mpls label protocol ldp

mpls ldp explicit-null

mpls ldp session protection

!

interface Loopback1

ip vrf forwarding CsC_AS1

ip address 192.168.1.0 255.255.255.255

!

interface Loopback2

ip vrf forwarding CsC_AS2

ip address 192.168.1.3 255.255.255.255

!

interface Loopback190

ip address 10.1.190.2 255.255.255.255

!

interface GigabitEthernet0/0

mtu 1508

no ip address

duplex full

speed 1000

media-type gbic

negotiation auto

!

interface GigabitEthernet0/0.1

description TO THE CsC-PE1 FOR CsC MPLS VPN TRAFFIC WITH AS1

encapsulation dot1Q 11

ip vrf forwarding CsC_AS1

ip address 192.168.1.5 255.255.255.252

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 PLASHCHUN

ip ospf network point-to-multipoint

mpls ip

!

interface GigabitEthernet0/0.2

description TO THE CsC-PE1 FOR CsC MPLS VPN TRAFFIC WITH AS2

encapsulation dot1Q 2

ip vrf forwarding CsC_AS2

ip address 192.168.1.9 255.255.255.252

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 PLASHCHUN

ip ospf network point-to-point

mpls ip

!

interface GigabitEthernet0/0.190

description TO THE CsC-PE1 FOR INTERNET TRAFFIC

encapsulation dot1Q 190

ip address 10.1.190.5 255.255.255.252

ip nat inside

ip virtual-reassembly in

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 PLASHCHUN

ip ospf network point-to-multipoint

mpls ip

!

interface GigabitEthernet1/0

mtu 1516

no ip address

negotiation auto

!

interface GigabitEthernet1/0.190

description TO THE PE1_AS1

encapsulation dot1Q 190

ip address 10.1.190.14 255.255.255.252

ip nat outside

ip virtual-reassembly in

mpls bgp forwarding

!

interface GigabitEthernet2/0

mtu 1516

no ip address

negotiation auto

!

interface GigabitEthernet2/0.190

description TO THE PE_AS2

encapsulation dot1Q 190

ip address 10.1.190.10 255.255.255.252

ip nat outside

ip virtual-reassembly in

mpls bgp forwarding

!

router ospf 1 vrf CsC_AS1

mpls ldp sync

router-id 192.168.1.0

max-metric router-lsa on-startup 30

ispf

auto-cost reference-bandwidth 1000

capability vrf-lite

redistribute bgp 65190 metric-type 1 subnets

network 192.168.1.0 0.0.0.0 area 1

network 192.168.1.4 0.0.0.3 area 1

!

router ospf 2 vrf CsC_AS2

mpls ldp sync

router-id 192.168.1.3

max-metric router-lsa on-startup 30

ispf

auto-cost reference-bandwidth 1000

capability vrf-lite

redistribute bgp 65190 metric-type 1 subnets

network 192.168.1.3 0.0.0.0 area 2

network 192.168.1.8 0.0.0.3 area 2

!

router ospf 190

router-id 10.1.190.2

max-metric router-lsa on-startup 30

ispf

auto-cost reference-bandwidth 1000

redistribute connected subnets

passive-interface default

no passive-interface GigabitEthernet0/0.190

network 10.1.190.2 0.0.0.0 area 0

network 10.1.190.4 0.0.0.3 area 0

!

router bgp 65190

bgp router-id 10.1.190.2

bgp log-neighbor-changes

no bgp default ipv4-unicast

no bgp default route-target filter

neighbor 10.1.190.9 remote-as 2

neighbor 10.1.190.9 local-as 65002 no-prepend replace-as

neighbor 10.1.190.9 description TO THE PE_AS2 FOR MPLS VPN

neighbor 10.1.190.9 password PLASHCHUN

neighbor 10.1.190.9 update-source GigabitEthernet2/0.190

neighbor 10.1.190.13 remote-as 1

neighbor 10.1.190.13 local-as 65002 no-prepend replace-as

neighbor 10.1.190.13 description TO THE PE1_AS1 FOR MPLS VPN

neighbor 10.1.190.13 password PLASHCHUN

neighbor 10.1.190.13 update-source GigabitEthernet1/0.190

!

address-family vpnv4

  neighbor 10.1.190.9 activate

  neighbor 10.1.190.9 send-community both

  neighbor 10.1.190.9 next-hop-self

  neighbor 10.1.190.9 advertisement-interval 5

  neighbor 10.1.190.13 activate

  neighbor 10.1.190.13 send-community both

  neighbor 10.1.190.13 next-hop-self

  neighbor 10.1.190.13 advertisement-interval 5

  maximum-paths 2

exit-address-family

!

address-family ipv4 vrf CsC_AS1

  redistribute ospf 1

exit-address-family

!

address-family ipv4 vrf CsC_AS2

  redistribute ospf 2

exit-address-family

!

ip bgp-community new-format

!

ip nat pool GLOBAL_AS1 1.1.190.2 1.1.190.254 netmask 255.255.255.0

ip nat pool GLOBAL_AS2 2.2.190.2 2.2.190.254 netmask 255.255.255.0

ip nat inside source route-map FOR_NAT_AS1 pool GLOBAL_AS1

ip nat inside source route-map FOR_NAT_AS2 pool GLOBAL_AS2

!

ip access-list extended LOCAL

permit ip 10.1.30.0 0.0.0.255 any

permit ip 10.5.30.0 0.0.0.255 any

!

route-map FOR_NAT_AS2 permit 10

match ip address LOCAL

match interface GigabitEthernet2/0.190

!

route-map FOR_NAT_AS1 permit 10

match ip address LOCAL

match interface GigabitEthernet1/0.190

!

mpls ldp router-id Loopback190 force

!

banner motd ! Looking fow new opportunities (remote/virtual) Network Engineer CCNP       igor.plashchun@yahoo.com +380953589271!

!

end

 

PE1_AS1 is configured as follows:

 

!

version 15.2

!

hostname PE1_AS1

!

mpls label range 1100 1199

mpls label protocol ldp

mpls ldp explicit-null

mpls ldp session protection

!

interface Loopback0

ip address 172.16.1.1 255.255.255.255

ip router isis

isis circuit-type level-2-only

!

interface Loopback1

ip address 1.1.1.1 255.255.255.255

!

interface Loopback190

ip address 10.1.190.3 255.255.255.255

!

interface GigabitEthernet0/0

mtu 1512

no ip address

duplex full

speed 1000

media-type gbic

negotiation auto

!

interface GigabitEthernet0/0.1

description To the PE2_AS2

encapsulation dot1Q 11

ip address 172.16.0.1 255.255.255.252

ip router isis

mpls ip

isis circuit-type level-2-only

!

interface GigabitEthernet1/0

mtu 1516

no ip address

negotiation auto

!

interface GigabitEthernet1/0.190

description To the CE1

encapsulation dot1Q 190

ip address 10.1.190.13 255.255.255.252

mpls bgp forwarding

!

router isis

net 10.0001.0000.0000.0001.00

is-type level-2-only

!

router bgp 1

bgp router-id 172.16.1.1

bgp log-neighbor-changes

no bgp default ipv4-unicast

no bgp default route-target filter

neighbor 10.1.190.1 remote-as 65190

neighbor 10.1.190.1 description TO CsC-PE1 FOR INTERNET TRAFFIC

neighbor 10.1.190.1 ebgp-multihop 2

neighbor 10.1.190.1 password PLASHCHUN

neighbor 10.1.190.1 update-source GigabitEthernet1/0.190

neighbor 10.1.190.1 fall-over route-map FALL_OVER_AS65190

neighbor 10.1.190.14 remote-as 65002

neighbor 10.1.190.14 description TO THE CE1 FOR MPLS VPN  TRAFFIC

neighbor 10.1.190.14 password PLASHCHUN

neighbor 10.1.190.14 update-source GigabitEthernet1/0.190

neighbor 172.16.1.2 remote-as 1

neighbor 172.16.1.2 description TO THE PE2_AS1

neighbor 172.16.1.2 update-source Loopback0

!

address-family ipv4

  network 1.1.0.0 mask 255.255.224.0

  network 1.1.190.0 mask 255.255.255.0

  network 10.1.190.3 mask 255.255.255.255

  neighbor 10.1.190.1 activate

  neighbor 10.1.190.1 maximum-prefix 10 90

  neighbor 10.1.190.1 filter-list 1 in

  neighbor 172.16.1.2 activate

  neighbor 172.16.1.2 next-hop-self

exit-address-family

!

address-family vpnv4

  neighbor 10.1.190.14 activate

  neighbor 10.1.190.14 send-community both

  neighbor 10.1.190.14 next-hop-self

  neighbor 10.1.190.14 advertisement-interval 5

  neighbor 10.1.190.14 maximum-prefix 100 90

  neighbor 172.16.1.2 activate

  neighbor 172.16.1.2 send-community both

  neighbor 172.16.1.2 next-hop-self

  neighbor 172.16.1.2 advertisement-interval 5

exit-address-family

!

ip bgp-community new-format

ip as-path access-list 1 deny .*

!

ip route 1.1.0.0 255.255.224.0 Null0

ip route 1.1.190.0 255.255.255.0 10.1.190.14

ip route 10.1.190.1 255.255.255.255 10.1.190.14

!

ip prefix-list FALL_OVER_NETWORK_AS65190 seq 10 permit 10.1.190.1/32

!

route-map FALL_OVER_AS65190 permit 10

match ip address prefix-list FALL_OVER_NETWORK_AS65190

!

mpls ldp router-id Loopback0 force

!

banner motd !Looking fow new opportunities (remote/virtual) Network Engineer CCNP       igor.plashchun@yahoo.com +380953589271!

!

end

 

PE2_AS1 is configured as follows:

 

!

hostname PE2_AS1

!

ip vrf CsC_AS1

rd 192.168.5.0:5

route-target export 192.168.5.0:5

route-target import 192.168.1.0:1

!

mpls label range 1200 1299

mpls label protocol ldp

mpls ldp explicit-null

mpls ldp session protection

!

interface Loopback0

ip address 172.16.1.2 255.255.255.255

ip router isis

isis circuit-type level-2-only

!

interface Loopback1

ip address 1.1.16.16 255.255.240.0

!

interface Loopback5

ip vrf forwarding CsC_AS1

ip address 192.168.5.0 255.255.255.255

!

interface GigabitEthernet0/0

mtu 1516

no ip address

duplex full

speed 1000

media-type gbic

negotiation auto

!

interface GigabitEthernet0/0.1

description TO THE PE1_AS1

encapsulation dot1Q 11

ip address 172.16.0.2 255.255.255.252

ip router isis

mpls ip

isis circuit-type level-2-only

!

interface GigabitEthernet1/0

mtu 1508

no ip address

negotiation auto

!

interface GigabitEthernet1/0.5

description TO THE CE5_and_CsC-PE5

encapsulation dot1Q 5

ip vrf forwarding CsC_AS1

ip address 192.168.5.5 255.255.255.252

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 PLASHCHUN

ip ospf network point-to-multipoint

mpls ip

!

router ospf 1 vrf CsC_AS1

router-id 192.168.5.0

max-metric router-lsa on-startup 30

ispf

auto-cost reference-bandwidth 1000

capability vrf-lite

redistribute bgp 1 metric-type 1 subnets

network 192.168.5.0 0.0.0.0 area 1

network 192.168.5.4 0.0.0.3 area 1

!

router isis

net 10.0001.0000.0000.0005.00

is-type level-2-only

!

router bgp 1

bgp router-id 172.16.1.5

bgp log-neighbor-changes

no bgp default ipv4-unicast

no bgp default route-target filter

neighbor 172.16.1.1 remote-as 1

neighbor 172.16.1.1 description TO THE PE1_AS1

neighbor 172.16.1.1 update-source Loopback0

!

address-family ipv4

  network 1.1.16.0 mask 255.255.240.0

  neighbor 172.16.1.1 activate

  neighbor 172.16.1.1 next-hop-self

exit-address-family

!

address-family vpnv4

  neighbor 172.16.1.1 activate

  neighbor 172.16.1.1 send-community both

  neighbor 172.16.1.1 next-hop-self

  neighbor 172.16.1.1 advertisement-interval 5

exit-address-family

!

address-family ipv4 vrf CsC_AS1

  redistribute ospf 1

exit-address-family

!

ip bgp-community new-format

!

mpls ldp router-id Loopback0 force

mpls ldp router-id vrf CsC_AS1 Loopback5 force

!

banner motd ! Looking fow new opportunities (remote/virtual) Network Engineer CCNP       igor.plashchun@yahoo.com +380953589271!

!

end

 

CE5_and_CsC-PE5 is configured as follows:


!

hostname CE5_and_CsC-PE5

!

ip vrf CUSTOM

rd 10.5.30.129:30

maximum routes 30 90

route-target export 65190:30

route-target import 65190:30

!

mpls label range 5000 5099

mpls label protocol ldp

mpls ldp explicit-null

mpls ldp session protection

mpls ip default-route

!

interface Loopback0

description FOR MPLS LDP ROUTER-ID

ip address 192.168.5.1 255.255.255.255

!

interface Loopback2

description FOR VPNV4 NEIGHBOR

ip address 192.168.5.2 255.255.255.255

!

interface Loopback30

ip vrf forwarding CUSTOM

ip address 10.5.30.129 255.255.255.255

!

interface GigabitEthernet0/0

mtu 1504

no ip address

duplex full

speed 1000

media-type gbic

negotiation auto

!

interface GigabitEthernet0/0.30

description TO THE CsC-CE5 FOR MPLS

encapsulation dot1Q 30

ip vrf forwarding CUSTOM

ip address 10.5.30.5 255.255.255.252

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 PLASHCHUN

ip ospf network point-to-point

mpls ip

!

interface GigabitEthernet1/0

mtu 1508

no ip address

negotiation auto

!

interface GigabitEthernet1/0.5

description TO THE PE_AS2 FOR CsC MPLS VPN

encapsulation dot1Q 5

ip address 192.168.5.10 255.255.255.252

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 PLASHCHUN

ip ospf network point-to-point

mpls ip

!

interface GigabitEthernet2/0

mtu 1508

no ip address

negotiation auto

!

interface GigabitEthernet2/0.5

description TO THE PE2_AS1 FOR CsC MPLS VPN

encapsulation dot1Q 5

ip address 192.168.5.6 255.255.255.252

ip ospf authentication message-digest

ip ospf message-digest-key 1 md5 PLASHCHUN

ip ospf network point-to-multipoint

mpls ip

bfd interval 300 min_rx 300 multiplier 3

no bfd echo

!

router ospf 30 vrf CUSTOM

router-id 10.5.30.129

max-metric router-lsa on-startup 30

ispf

auto-cost reference-bandwidth 1000

capability vrf-lite

redistribute bgp 65190 metric-type 1 subnets

network 10.5.30.4 0.0.0.3 area 5

network 10.5.30.129 0.0.0.0 area 0

default-information originate metric-type 1

!

router ospf 1

router-id 192.168.0.5

max-metric router-lsa on-startup 30

ispf

auto-cost reference-bandwidth 1000

area 1 filter-list prefix LOOPBACK_MPLS in

area 2 filter-list prefix LOOPBACK_MPLS in

network 192.168.5.1 0.0.0.0 area 0

network 192.168.5.2 0.0.0.0 area 2

network 192.168.5.4 0.0.0.3 area 1

network 192.168.5.8 0.0.0.3 area 2

!

router bgp 65190

bgp router-id 192.168.5.1

bgp log-neighbor-changes

bgp bestpath as-path multipath-relax

no bgp default ipv4-unicast

no bgp default route-target filter

neighbor 192.168.1.2 remote-as 65190

neighbor 192.168.1.2 description TO THE OFFICE FOR CSC MPLS VPN THROUGH AS2

neighbor 192.168.1.2 password PLASHCHUN

neighbor 192.168.1.2 update-source Loopback2

neighbor 192.168.1.2 fall-over route-map FALL_OVER_CsC_AS2

neighbor 192.168.1.6 remote-as 65190

neighbor 192.168.1.6 description TO THE OFFICE FOR CSC MPLS VPN THROUGH AS1

neighbor 192.168.1.6 password PLASHCHUN

neighbor 192.168.1.6 update-source GigabitEthernet2/0.5

neighbor 192.168.1.6 fall-over bfd single-hop

!

address-family vpnv4

  bgp nexthop trigger delay 1

  bgp scan-time 5

  neighbor 192.168.1.2 activate

  neighbor 192.168.1.2 send-community both

  neighbor 192.168.1.2 next-hop-self

  neighbor 192.168.1.2 advertisement-interval 1

  neighbor 192.168.1.6 activate

  neighbor 192.168.1.6 send-community both

  neighbor 192.168.1.6 next-hop-self

  neighbor 192.168.1.6 advertisement-interval 1

  neighbor 192.168.1.6 route-map CsC_MPLS_BEST_PATH in

  maximum-paths 2

exit-address-family

!

address-family ipv4 vrf CUSTOM

  import path selection all

  import path limit 2

  redistribute ospf 30 match internal external 1 external 2

  maximum-paths 2

exit-address-family

!

ip bgp-community new-format

!

ip prefix-list FALL_OVER_NETWORK_CsC_AS2 seq 5 permit 192.168.1.2/32

!

ip prefix-list LOOPBACK_MPLS seq 5 permit 192.168.5.1/32

!

route-map FALL_OVER_CsC_AS2 permit 10

match ip address prefix-list FALL_OVER_NETWORK_CsC_AS2

!

route-map CsC_MPLS_BEST_PATH permit 10

set weight 200

!

mpls ldp router-id Loopback0 force

mpls ldp router-id vrf CUSTOM Loopback30 force

!

banner motd !Looking fow new opportunities (remote/virtual) Network Engineer CCNP       igor.plashchun@yahoo.com +380953589271!

!

end

 

If you were interested to read the article, then click LIKE. Maybe this will help me find a job

 

P.S. Sorry for my English.