MPLS
hostname router
!
mpls ip
no mpls ip propagate-ttl
!hide mpls labels in traceroute
!
interface f 0/0
description customer side
ip address 192.168.1.1 255.255.255.0
!
interface f 0/1
description privider side
ip address 192.168.222.1 255.255.255.0
mpls ip
!
router# show mpls interfaces
router# show mpls ldp neighbor
router# show mpls forwarding-table
router# show mpls ldp bindings
http://www.fryguy.net/2011/09/09/basic-mpls-with-vrf-rd-and-bgp-vpnv4/
https://www.youtube.com/watch?v=tNTMOBaD4IM
-----------------------------------------------------------------------------------------------------------------------
MPLS - MP BGP
R1 (CE of company A - site 1)
interface FastEthernet0/0
description connected to PE-R2
ip address 193.1.1.1 255.255.255.0
!
interface FastEthernet0/1
description LAN of company A - site 1
ip address 10.1.1.1 255.255.255.0
!
router ospf 100
network 10.1.1.0 0.0.0.255 area 0
network 193.1.1.0 0.0.0.255 area 0
!
**************************************************************
R2 (Provider Edge router)
ip cef
!
ip vrf VPNA
rd 1:100
route-target export 1:100
route-target import 1:100
!
ip vrf VPNB
rd 2:200
route-target export 2:200
route-target import 2:200
!
interface Loopback0
description used by iBGP
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip vrf forwarding VPNA
ip address 193.1.1.2 255.255.255.0
!
interface FastEthernet0/1
ip address 194.1.1.1 255.255.255.0
mpls ip
!
interface FastEthernet1/0
ip vrf forwarding VPNB
ip address 183.1.1.2 255.255.255.0
duplex auto
speed auto
!
router ospf 100 vrf VPNA
router-id 193.1.1.2
redistribute bgp 1 subnets
network 193.1.1.0 0.0.0.255 area 0
!
router ospf 200 vrf VPNB
router-id 183.1.1.2
redistribute bgp 1 subnets
network 183.1.1.0 0.0.0.255 area 0
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 1
neighbor 2.2.2.2 update-source Loopback0
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community both
exit-address-family
!
address-family ipv4 vrf VPNB
redistribute ospf 200 vrf VPNB
no synchronization
exit-address-family
!
address-family ipv4 vrf VPNA
redistribute ospf 100 vrf VPNA
no synchronization
exit-address-family
!
ip route 2.2.2.2 255.255.255.255 194.1.1.2 name used-by-iBGP
***************************************************************
R3
ip cef
!
ip vrf VPNA
rd 1:100
route-target export 1:100
route-target import 1:100
!
ip vrf VPNB
rd 2:200
route-target export 2:200
route-target import 2:200
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 194.1.1.2 255.255.255.0
mpls ip
!
interface FastEthernet0/1
ip vrf forwarding VPNA
ip address 195.1.1.1 255.255.255.0
!
interface FastEthernet1/0
ip vrf forwarding VPNB
ip address 185.1.1.1 255.255.255.0
!
router ospf 100 vrf VPNA
router-id 195.1.1.1
redistribute bgp 1 subnets
network 195.1.1.0 0.0.0.255 area 0
!
router ospf 200 vrf VPNB
router-id 185.1.1.1
redistribute bgp 1 subnets
network 185.1.1.0 0.0.0.255 area 0
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 update-source Loopback0
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community both
exit-address-family
!
address-family ipv4 vrf VPNB
redistribute ospf 200 vrf VPNB
no synchronization
exit-address-family
!
address-family ipv4 vrf VPNA
redistribute ospf 100 vrf VPNA
no synchronization
exit-address-family
!
ip route 1.1.1.1 255.255.255.255 194.1.1.1
**************************************************
R4
interface FastEthernet0/0
ip address 195.1.1.2 255.255.255.0
!
interface FastEthernet0/1
ip address 10.1.2.1 255.255.255.0
!
router ospf 100
log-adjacency-changes
network 10.1.2.0 0.0.0.255 area 0
network 195.1.1.0 0.0.0.255 area 0
*************************************************
R5
interface FastEthernet0/0
ip address 183.1.1.1 255.255.255.0
!
interface FastEthernet0/1
ip address 10.1.1.1 255.255.255.0
!
router ospf 100
log-adjacency-changes
network 10.1.1.0 0.0.0.255 area 0
network 183.1.1.0 0.0.0.255 area 0
*************************************************
R6
interface FastEthernet0/0
ip address 185.1.1.2 255.255.255.0
!
interface FastEthernet0/1
ip address 10.1.2.1 255.255.255.0
!
router ospf 100
log-adjacency-changes
network 10.1.2.0 0.0.0.255 area 0
network 185.1.1.0 0.0.0.255 area 0
-----------------------------------------------------------------------------------------------------------------------
IPSEC with dynamic IP
HQ
permit ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255
!
ip access-list extended VPN2-TRAFFIC
For branch1
crypto isakmp policy 1
encr 3des
hostname router
!
mpls ip
no mpls ip propagate-ttl
!hide mpls labels in traceroute
!
interface f 0/0
description customer side
ip address 192.168.1.1 255.255.255.0
!
interface f 0/1
description privider side
ip address 192.168.222.1 255.255.255.0
mpls ip
!
router# show mpls interfaces
router# show mpls ldp neighbor
router# show mpls forwarding-table
router# show mpls ldp bindings
http://www.fryguy.net/2011/09/09/basic-mpls-with-vrf-rd-and-bgp-vpnv4/
https://www.youtube.com/watch?v=tNTMOBaD4IM
-----------------------------------------------------------------------------------------------------------------------
MPLS - MP BGP
R1 (CE of company A - site 1)
interface FastEthernet0/0
description connected to PE-R2
ip address 193.1.1.1 255.255.255.0
!
interface FastEthernet0/1
description LAN of company A - site 1
ip address 10.1.1.1 255.255.255.0
!
router ospf 100
network 10.1.1.0 0.0.0.255 area 0
network 193.1.1.0 0.0.0.255 area 0
!
**************************************************************
R2 (Provider Edge router)
ip cef
!
ip vrf VPNA
rd 1:100
route-target export 1:100
route-target import 1:100
!
ip vrf VPNB
rd 2:200
route-target export 2:200
route-target import 2:200
!
interface Loopback0
description used by iBGP
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip vrf forwarding VPNA
ip address 193.1.1.2 255.255.255.0
!
interface FastEthernet0/1
ip address 194.1.1.1 255.255.255.0
mpls ip
!
interface FastEthernet1/0
ip vrf forwarding VPNB
ip address 183.1.1.2 255.255.255.0
duplex auto
speed auto
!
router ospf 100 vrf VPNA
router-id 193.1.1.2
redistribute bgp 1 subnets
network 193.1.1.0 0.0.0.255 area 0
!
router ospf 200 vrf VPNB
router-id 183.1.1.2
redistribute bgp 1 subnets
network 183.1.1.0 0.0.0.255 area 0
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 1
neighbor 2.2.2.2 update-source Loopback0
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community both
exit-address-family
!
address-family ipv4 vrf VPNB
redistribute ospf 200 vrf VPNB
no synchronization
exit-address-family
!
address-family ipv4 vrf VPNA
redistribute ospf 100 vrf VPNA
no synchronization
exit-address-family
!
ip route 2.2.2.2 255.255.255.255 194.1.1.2 name used-by-iBGP
***************************************************************
R3
ip cef
!
ip vrf VPNA
rd 1:100
route-target export 1:100
route-target import 1:100
!
ip vrf VPNB
rd 2:200
route-target export 2:200
route-target import 2:200
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 194.1.1.2 255.255.255.0
mpls ip
!
interface FastEthernet0/1
ip vrf forwarding VPNA
ip address 195.1.1.1 255.255.255.0
!
interface FastEthernet1/0
ip vrf forwarding VPNB
ip address 185.1.1.1 255.255.255.0
!
router ospf 100 vrf VPNA
router-id 195.1.1.1
redistribute bgp 1 subnets
network 195.1.1.0 0.0.0.255 area 0
!
router ospf 200 vrf VPNB
router-id 185.1.1.1
redistribute bgp 1 subnets
network 185.1.1.0 0.0.0.255 area 0
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 update-source Loopback0
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community both
exit-address-family
!
address-family ipv4 vrf VPNB
redistribute ospf 200 vrf VPNB
no synchronization
exit-address-family
!
address-family ipv4 vrf VPNA
redistribute ospf 100 vrf VPNA
no synchronization
exit-address-family
!
ip route 1.1.1.1 255.255.255.255 194.1.1.1
**************************************************
R4
interface FastEthernet0/0
ip address 195.1.1.2 255.255.255.0
!
interface FastEthernet0/1
ip address 10.1.2.1 255.255.255.0
!
router ospf 100
log-adjacency-changes
network 10.1.2.0 0.0.0.255 area 0
network 195.1.1.0 0.0.0.255 area 0
*************************************************
R5
interface FastEthernet0/0
ip address 183.1.1.1 255.255.255.0
!
interface FastEthernet0/1
ip address 10.1.1.1 255.255.255.0
!
router ospf 100
log-adjacency-changes
network 10.1.1.0 0.0.0.255 area 0
network 183.1.1.0 0.0.0.255 area 0
*************************************************
R6
interface FastEthernet0/0
ip address 185.1.1.2 255.255.255.0
!
interface FastEthernet0/1
ip address 10.1.2.1 255.255.255.0
!
router ospf 100
log-adjacency-changes
network 10.1.2.0 0.0.0.255 area 0
network 185.1.1.0 0.0.0.255 area 0
-----------------------------------------------------------------------------------------------------------------------
IPSEC with dynamic IP
HQ
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 86400
crypto isakmp key mykey address 0.0.0.0 0.0.0.0
!
crypto ipsec transform-set TS esp-3des esp-md5-hmac
!
crypto map VPN 1 ipsec-isakmp dynamic hq-vpn
!
crypto dynamic-map hq-vpn 10
set security-association lifetime seconds 86400
set transform-set TS
match address VPN1-TRAFFIC
!
crypto dynamic-map hq-vpn 11
set security-association lifetime seconds 86400
set transform-set TS
match address VPN2-TRAFFIC
!
interface FastEthernet0/1 crypto map VPN
!
ip access-list extended VPN1-TRAFFICpermit ip 10.10.10.0 0.0.0.255 20.20.20.0 0.0.0.255
!
ip access-list extended VPN2-TRAFFIC
permit ip 10.10.10.0 0.0.0.255 30.30.30.0 0.0.0.255
For branch1
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 86400
!
crypto isakmp key firewallcx address 74.200.90.5
!
ip access-list extended VPN-TRAFFIC
permit ip 20.20.20.0 0.0.0.255 10.10.10.0 0.0.0.255
!
crypto ipsec transform-set TS esp-3des esp-md5-hmac
!
crypto map vpn-to-hq 10 ipsec-isakmp
set peer 74.200.90.5
set transform-set TS
match address VPN-TRAFFIC
!
!
interface FastEthernet0/1
crypto map vpn-to-hq
