Goals
Here's a simple diagram of what I tried to accomplish with this lab:
- To have all routing tables as clean as possible, interface ge-0/0/0 will be used for management and be placed in a dedicated routing instance on all the fireflies.
- Devices P, PE1 and PE2 will be set up in packet mode and run mpls: that will be the "core mpls network"
- OSPF will be used in the core as IGP in the core, so PE1 and PE2 can reach each other's loopback; and LDP for label distribution, just because it is simpler to set up.
- BGP will run between PE1 and PE2 so they can exchange routes from CE's
- BGP will also run between CE's and PE's vrf's
I have used a separate vSwitch in the ESXi for each segment, what makes it to 6 vSwitches + the default one for management, where all ge-0/0/0 interfaces are connected. I will skip the part of deploying and configuring the VM's.
Core configuration
First thing is to get L3 connectivity on each segment in the core. To do so we configure interfaces ge-0/0/1 in FF-PE1, ge-0/0/1 and ge-0/0/2 in FF-P1 and ge-0/0/1 in FF-PE2, and add a loopback interface in PE routers that will be used later to stablish MBGP neighbourhood, which is the way the PEs will exchange routes from the VRFs connected. Also, to enable the label distribution over the mpls enabled interfaces on our core network, we need to enable LDP on the interfaces configured for mpls. In this case there will be only 2 LSP, hence 2 labels, one for traffic ending on PE1 and another for traffic ending in PE2:PE1:
set interfaces ge-0/0/1 unit 0 family inet address 10.0.1.0/31
set interfaces ge-0/0/1 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 10.1.1.1/32
set protocols mpls interface ge-0/0/1.0
set protocols ldp interface ge-0/0/1.0
P1:
set interfaces ge-0/0/1 unit 0 family inet address 10.0.1.1/31
set interfaces ge-0/0/1 unit 0 family mpls
set interfaces ge-0/0/2 unit 0 family inet address 10.0.2.0/31
set interfaces ge-0/0/2 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 10.2.2.2/32
set protocols mpls interface ge-0/0/1.0
set protocols mpls interface ge-0/0/2.0
set protocols ldp interface ge-0/0/1.0
set protocols ldp interface ge-0/0/2.0
PE2:
set interfaces ge-0/0/1 unit 0 family inet address 10.0.2.1/31
set interfaces ge-0/0/1 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 10.3.3.3/32
set protocols mpls interface ge-0/0/1.0
set protocols ldp interface ge-0/0/1.0
Now we need to configure ospf on each router so each PE can reach the other PE loopback interface. We will use the loopback interfaces to configure BGP neighbourhood between PE1 and PE2:
PE1:
set routing-options router-id 10.1.1.1
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
P1:
set routing-options router-id 10.2.2.2
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
set protocols ospf area 0.0.0.0 interface ge-0/0/2.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
PE2:
set routing-options router-id 10.3.3.3
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
Last thing we need to configure in the core is BGP. We will use MP-BGP to exchange the routes connected to CE devices, isolating routes from one customer to another using the route-distinguishers:
PE1:
set routing-options autonomous-system 65535
set protocols bgp group PE type internal
set protocols bgp group PE local-address 10.1.1.1
set protocols bgp group PE family inet-vpn any
set protocols bgp group PE neighbor 10.3.3.3
PE2:
set routing-options autonomous-system 65535
set protocols bgp group PE type internal
set protocols bgp group PE local-address 10.1.1.1
set protocols bgp group PE family inet-vpn any
set protocols bgp group PE neighbor 10.3.3.3
Adding a CE device
In order to add a CE device we need not only to configure the dvice itself but also to set up a routing instance (VRF) in the PE device that it will be connected to. PE and CE will then exchange routes using BGP, and the PE will export those routes to the MBGP so these routes can be advertised all over the MPLS network.First of all we configure the VRF in the PE device, with the interface that will be used to connect to the CE device. It also includes the route-distinguisher, that will state the way the route labels from this CE will traverse the mpls core network, the vrf-target, that will tell how to mark route advertisements from this vrf, and how to determine if a route has to be placed in this vrf; as well as the bgp config to peer with the PE device
In PE1:
set interfaces ge-0/0/2 unit 0 family inet address 192.168.103.1/24
set routing-instances CE1 instance-type vrf
set routing-instances CE1 interface ge-0/0/2.0
set routing-instances CE1 route-distinguisher 10.1.1.1:10
set routing-instances CE1 vrf-target target:65535:10
set routing-instances CE1 protocols bgp group CE1 peer-as 65100
set routing-instances CE1 protocols bgp group CE1 as-override
set routing-instances CE1 protocols bgp group CE1 neighbor 192.168.103.2
Then the CE router. I've included a loopback interface with a /24 address just to check later that the route to it's subnet is redistributed to other CE device in the same L3VPN:
In CE1:
set interfaces ge-0/0/1 unit 0 family inet address 192.168.103.2/24
set interfaces lo0 unit 0 family inet address 192.168.100.1/24
set routing-options autonomous-system 65100
set protocols bgp group PE type external
set protocols bgp group PE export send-direct
set protocols bgp group PE peer-as 65535
set protocols bgp group PE as-override
set protocols bgp group PE neighbor 192.168.103.1
I will not show how to configure the other 3 PE-CE pairs in the lab: it's all done in the same fashion, only changing the IP addresses, and paying special attention to the vrf-target, that will mark with which L3VPN will a CE device exchange routes. I have also used the same AS for PE-CE BGP peering of devices belonging to the same vrf.
No hay comentarios:
Publicar un comentario