Wednesday, July 15, 2009

MPLS -- Layer 3 VPNs over L2TPv3 Tunnels and Layer 3 VPNs over mGRE

Layer 3 VPNs over L2TPv3 Tunnels and Layer 3 VPNs over mGRE –
(both these technologies are different – one uses L2TPv3 and other uses GRE; config is very similar)


L2TPv3:
int tu0
tunnel mode l3vpn l2tpv3 multipoint.

#sh tunnel endpo
Tunnel0 running in Multi-L2TPv3 (L3VPN) mode
RFC2547/L3VPN Tunnel endpoint discovery is active on Tu0

#router bgp 1

address-family ipv4 tunnel
neighbor 10.10.10.102 activate
neighbor 10.10.10.103 activate
exit-address-family
…..

------------------------------------------------------

mGRE:
int tu0
tunnel mode l3vpn multipoint.

#sh tunnel endpo
Tunnel0 running in multi-GRE/IP mode
RFC2547/L3VPN Tunnel endpoint discovery is active on Tu0

#router bgp 1
** SAFI “ipv4 tunnel” is not used in mGRE.

--------------------------------------------------------------
(Supported only on 12.0S on 7200 and 7500, no other)
These are needed when SP core is not running MPLS but we need to provide VPN services. This won’t be L2 but will be a L3 VPN with each CE having a different IP subnet.
Implementation of L2TPv3 tunnels creates a tunnel network as an overlay to the IP backbone, which interconnects the PE routers to transport VPN traffic. The multipoint tunnel uses BGP to distribute VPNv4 information between PE routers.

[b] Full Config [\b]
-------------------------
Configurations for PE Routers


hostname PE1-AS1
!
ip cef
ip vrf CustA
rd 100:1
route-target export 100:1
route-target import 100:1
!
ip vrf l3vpn_l2tpv3
rd 100:100
!
interface Loopback0
ip address 10.10.10.101 255.255.255.255
!
interface Tunnel0
ip vrf forwarding l3vpn_l2tpv3
ip address 172.16.1.101 255.255.255.255
tunnel source Loopback0
tunnel mode l3vpn l2tpv3 multipoint
!
interface Serial0/0
ip address 10.10.10.1 255.255.255.252
!
interface Serial1/0
description connection to CE1-A
ip vrf forwarding CustA
ip address 172.16.1.1 255.255.255.252
!
router ospf 100
network 10.0.0.0 0.255.255.255 area 0
!
router bgp 1
no synchronization
neighbor 10.10.10.102 remote-as 1
neighbor 10.10.10.102 update-source Loopback0
neighbor 10.10.10.103 remote-as 1
neighbor 10.10.10.103 update-source Loopback0
no auto-summary
!
address-family ipv4 tunnel
neighbor 10.10.10.102 activate
neighbor 10.10.10.103 activate
exit-address-family
!
address-family vpnv4
neighbor 10.10.10.102 activate
neighbor 10.10.10.102 send-community extended
neighbor 10.10.10.102 route-map vpn_l2tpv3 in
neighbor 10.10.10.103 activate
neighbor 10.10.10.103 send-community extended
neighbor 10.10.10.103 route-map vpn_l2tpv3 in
exit-address-family
!
address-family ipv4 vrf CustA
redistribute connected
redistribute static
no auto-summary
no synchronization
exit-address-family
!
ip route vrf CustA 172.16.100.1 255.255.255.255 172.16.1.2
ip route vrf l3vpn_l2tpv3 0.0.0.0 0.0.0.0 Tunnel0
!
route-map vpn_l2tpv3 permit 10
set ip next-hop in-vrf l3vpn_l2tpv3
________________________________________________________________
hostname PE2-AS1
!
ip cef
ip vrf CustA
rd 100:1
route-target export 100:1
route-target import 100:1
!
ip vrf l3vpn_l2tpv3
rd 100:100
!
interface Loopback0
ip address 10.10.10.102 255.255.255.255
!
interface Tunnel0
ip vrf forwarding l3vpn_l2tpv3
ip address 172.16.1.102 255.255.255.255
tunnel source Loopback0
tunnel mode l3vpn l2tpv3 multipoint
!
interface Serial0/0
ip address 10.10.10.5 255.255.255.252
!
interface Serial1/0
description connection to CE2-A
ip vrf forwarding CustA
ip address 172.16.2.1 255.255.255.252
!
router ospf 100
network 10.0.0.0 0.255.255.255 area 0
!
router bgp 1
no synchronization
neighbor 10.10.10.101 remote-as 1
neighbor 10.10.10.101 update-source Loopback0
neighbor 10.10.10.103 remote-as 1
neighbor 10.10.10.103 update-source Loopback0
no auto-summary
!
address-family ipv4 tunnel
neighbor 10.10.10.101 activate
neighbor 10.10.10.103 activate
exit-address-family
!
address-family vpnv4
neighbor 10.10.10.101 activate
neighbor 10.10.10.101 send-community extended
neighbor 10.10.10.101 route-map vpn_l2tpv3 in
neighbor 10.10.10.103 activate
neighbor 10.10.10.103 send-community extended
neighbor 10.10.10.103 route-map vpn_l2tpv3 in
exit-address-family
!
address-family ipv4 vrf CustA
redistribute connected
redistribute static
no auto-summary
no synchronization
exit-address-family
!
ip route vrf CustA 172.16.100.2 255.255.255.255 172.16.2.2
ip route vrf l3vpn_l2tpv3 0.0.0.0 0.0.0.0 Tunnel0
!
route-map vpn_l2tpv3 permit 10
set ip next-hop in-vrf l3vpn_l2tpv3
________________________________________________________________
hostname PE3-AS1
!
ip cef
ip vrf CustA
rd 100:1
route-target export 100:1
route-target import 100:1
!
ip vrf l3vpn_l2tpv3
rd 100:100
!
interface Loopback0
ip address 10.10.10.103 255.255.255.255
!
interface Tunnel0
ip vrf forwarding l3vpn_l2tpv3
ip address 172.16.1.103 255.255.255.255
tunnel source Loopback0
tunnel mode l3vpn l2tpv3 multipoint
!
interface Serial0/0
ip address 10.10.10.9 255.255.255.252
!
interface Serial1/0
description connection to CE1-A
ip vrf forwarding CustA
ip address 172.16.3.1 255.255.255.252
!
router ospf 100
network 10.0.0.0 0.255.255.255 area 0
!
router bgp 1
no synchronization
neighbor 10.10.10.101 remote-as 1
neighbor 10.10.10.101 update-source Loopback0
neighbor 10.10.10.102 remote-as 1
neighbor 10.10.10.102 update-source Loopback0
no auto-summary
!
address-family ipv4 tunnel
neighbor 10.10.10.101 activate
neighbor 10.10.10.102 activate
exit-address-family
!
address-family vpnv4
neighbor 10.10.10.101 activate
neighbor 10.10.10.101 send-community extended
neighbor 10.10.10.101 route-map vpn_l2tpv3 in
neighbor 10.10.10.102 activate
neighbor 10.10.10.102 send-community extended
neighbor 10.10.10.102 route-map vpn_l2tpv3 in
exit-address-family
!
address-family ipv4 vrf CustA
redistribute connected
redistribute static
no auto-summary
no synchronization
exit-address-family
!
ip route vrf CustA 172.16.100.3 255.255.255.255 172.16.3.2
ip route vrf l3vpn_l2tpv3 0.0.0.0 0.0.0.0 Tunnel0
!
route-map vpn_l2tpv3 permit 10
set ip next-hop in-vrf l3vpn_l2tpv3

2 comments: