Multiprotocol Label Switching MPLS LDP mpls ip mpls ldp router-id loopback0 force interface ldp discovert transport-address transport-address interface router ospf 1 mpls ldp autocong autocong mpls ldp password required mpls ldp neighbor 150.1.5.5 password CIC! mpls ldp meighbor 150.1."." password CIC!
MPLS Label Filtering #!nl$ advertised labels for loopback interfaces% access-list 10 permit 150.1.0.0 0.0.&55.&55 no mpls ldp advertise-labels advertise-labels mpls ldp advertise-labels for 10 10
MP-BGP VPNv4 P Router router bgp 100 neighbor 150.1.5.5 150.1.5.5 neighbor 150.1.5.5 150.1.5.5 neighbor 150.1."." 150.1."." neighbor 150.1."." 150.1."."
remote-as remote-as 100 100 updates-sour updates-source ce lo0 remote-as remote-as 100 100 updates-sour updates-source ce lo0
PE Router ip vrf *+, rd 100/1 route-target route-target both both 100/1 100/1 ip vrf *+, rd 100/& route-target route-target both both 100/& 100/& interface fa020 ip vrf forwarding *+, ip address address 155.1..53.5 155.1..53.5 &55.&55.&55.0 interface fa021 ip vrf forwarding *+, ip address address 155.1.5.5 &55.&55.&55.0
address-famil$ address-famil$ vpnv' unicast neighbor 150.1.5.5 150.1.5.5 activate neighbor 150.1."." 150.1."." activate neighbor 150.1.5.5 150.1.5.5 send-communit$ e(tended neighbor 150.1."." 150.1."." send-communit$ e(tended neighbor neighbo r 150.1.5.5 route-re)ector-client route-re)ector-clie nt neighbor neighbo r 150.1."." route-re)ector-client route-re)ector-clie nt
router bgp 100 no bgp default ipv'-unicast neighbor 150.1.'.' 150.1.'.' remote-as remote-as 100 100 neighbor 150.1.'.' 150.1.'.' update-source update-source 4oopback0 address-famil$ address-famil$ vpnv' vpnv' unicast unicast neighbor 150.1.'.' activate neighbor 150.1.'.' send-communit$ e(tended ctivate the address families address-famil$ ipv' vrf *+, redistribute connected redistribute static address-famil$ ipv' vrf *+, redistribute connected redistribute static
MP-BGP Pre! Filtering #(ports 67 for specic routes% route-map VPN_A_EXPORT permit permit 10 match ip address address pre(-list pre(-list 4!101 4!101 set e(tcommunit$ e(tcommunit$ rt 100/55 route-map VPN_A_EXPORT permit permit &0 set e(tcommunit$ e(tcommunit$ rt 100/1
ip vrf *+, e(port map VPN_A_EXPORT route-target import 100/""
PE-"E Routing with R#P
PE-"E Routing with $SPF
router rip address-famil$ ipv' vrf *+, redistribute bgp 100 metric transparent network 155.1.0.0
router ospf 100 vrf *+, domain-id 0.0.0.5 redistribute bgp 100 subnets network 0.0.0.0 &55.&55.&55.&55 area 1 router bgp 100 router bgp 100 address-famil$ ipv' vrf *+, address-famil$ ipv' vrf *+, redistribute rip redistribute ospf 100 vrf *+, N$%E& 6outes redistributed from 8+ into !+9 appear like inter-area routes even if the$ belong to the same area number. 7his e:ect is due to the fact that 4s cross the super-backbone Di'erent (o)ain-i(* ; !+9 pre(es will be learned as 7$pe-5 (ternal 4s
$SPF Sha) Lin+ #!+9 ackdoor% PE,router ospf 100 vrf *+, area 1 sham-link 150.1.55.55 150.1.66.66 cost 1 network 155.1.53.5 0.0.0.0 area 1 interface 4oopback &00 ip vrf forwarding *+, ip address 150.1.55.55 &55.&55.&55.&55 router bgp 100 address-famil$ ipv' vrf *+, network 150.1.55.55 mask &55.&55.&55.&55
PE0router ospf 100 vrf *+, area 1 sham-link 150.1.66.66 150.1.55.55 cost 1 network 155.1."<." 0.0.0.0 area 1 interface 4oopback &00 ip vrf forwarding *+, ip address 150.1.""."" &55.&55.&55.&55
"E,interface 9astthernet 0215 ip address 155.1.<3.< &55.&55.&55.0 ip o*p. co*t ////
"E0interface 9astthernet 0215 ip address 155.1.<3.3 &55.&55.&55.0 ip o*p. co*t //// == >igher ?etric
router bgp 100 address-famil$ ipv' vrf *+, network 150.1.""."" mask &55.&55.&55.&55
PE-"E Routing with E#GRP
PE-"E Routing with BGP
router eigrp 100 no auto-summar$ address-famil$ ipv' vrf *+, autonomous-s$stem 100 network &0'.1&.1.0 0.0.0.&55 redistribute bgp 100 metric 1 1 1 1 1 router bgp 100 address-famil$ ipv' vrf *+, redistribute eigrp 100
PE#router bgp 100 address-family ipv4 vrf VPN_A neighbor 155.1.!.! remote-as !" neighbor 155.1.!.! as-override CE#router bgp !" neighbor 155.1.!. remote-as 100 net#or$ 150.1.!.0 mas$ %55.%55.%55.0
E#GRP Site-o.-$rigin #I86+ ackdoor% PE1#route-map &'()P_*++ set e,tommunity soo 10015 / interfae ast&thernet 00 ip vrf sitemap &'()P_*++ PE2#route-map &'()P_*++ set e,tommunity soo 1001 / interfae ast&thernet 00 ip vrf sitemap &'()P_*++
BGP So$ 1ttribute #8+ ackdoor% PE,router bgp 100 address-famil$ ipv' vrf *+, neighbor 155.1.53.3 soo 100/1 or neighbor =I+@ route-map =,?@ in
PE0router bgp 100 address-famil$ ipv' vrf *+, neighbor 155.1."<.< soo 100/1 or neighbor =I+@ route-map =,?@ in
"E,router bgp <3 neighbor 155.1.<3.3 remote-as <3
"E0router bgp <3 neighbor 155.1.<3.< remote-as <3
imilar to I86+ but congured per-neighbor peering session in + routers !,4A
Internet Access for MPLS
router rip == 6outing +rotocol for Internet version & no auto-summar$ network 5'.0.0.0 ip route vrf *+, 0.0.0.0 0.0.0.0 5'.1.1.&5' global router bgp 100 address-famil$ ipv' vrf *+, default-information originate redistribute static
interface erial 02020 === 7o 8lobal Interface 2 Internet ip nat outside interface 9astthernet 020.1'" ip nat inside interface 9astthernet 020."< ip nat inside ip access-list standard *+,+69IB permit 150.1.0.0 0.0.&55.&55 ip nat inside source list *+,+69IB interface erial 02020 vrf *+, overload
1%oM 2Point-to-Point L0 VPN*3 #method that provide minimum transport overhead% 65/ 6"/ default interface 9astthernet 021 interface 9astthernet 021 interface 9astthernet 021 (connect 150.1."." 100 encapsulation (connect 150.1.5.5 100 encapsulation mpls mpls mpls ldp neighbor 150.1."." password mpls ldp neighbor 150.1.5.5 password CIC! CIC! Note& 7his t$pe uses ?+4 encapsulation for tunneling 7he source I+ address used for this session is based on the congured ?+4 4D+ router identier.
L0%Pv5 - does not require ?+4 la$er deplo$ed in the networkE as it uses normal I+ packets #either I+ protocol 115 or FD+ packets% to tunnel the pa$load. -+ackets are never fragmented in the core and automatic ?7F detection is in progressE larger overhead than ?+4-based. R6 pseudowire-class 4&7+*G encapsulation l&tpvG ip local interface 4oopback0 ip pmtu ip dfbit set ip tos re)ect default interface 9astthernet 021 interface 9astthernet 021 (connect 150.1."." 100 encapsulation l&tpvG pw-class 4&7+*G
R7 pseudowire-class 4&7+*G encapsulation l&tpvG ip local interface 4oopback0 ip pmtu ip dfbit set ip tos re)ect default interface 9astthernet 021 interface 9astthernet 021 (connect 150.1.5.5 100 encapsulation l&tpvG pw-class 4&7+*G
ip dfbit set - avoids in-core fragmentation and performancedegradation. ip tos reect - $ou want to cop$ the 7! b$te from encapsulate packets or ip tos
M%8 #**ue*& ince $ou cannot increase the core network ?7FE $ou can implement Hip tcp !d"#st$%ssH at the client sideE or $ou ma$ use Hip &oc!& p%t#H which allows the encapsulating + to forward back to the customer IC?+ unreachable messages informing the end-devices of fragmentation issues. 7his command should alwa$s be used with Hip dfbit H set to ensure all packets are subect to drop if the$ cannot be fragmented.
MPLS VPN Per.or)ance %uning router bgp 100 address-famil$ vpnv' unicast bgp scan-interval == . neighbor 150.1.5.5 advertisement-interval 0 == . bgp scan import =5-"0@ == C. 1 bgp scan-interval - 7he time it takes for the I8+ update to be redistributed into 8+ B 7he 7ime it takes the local 8+ speaker to propagate updates to their peers " 7ime it takes the + routerJs 8+ process to import the ?+-8+ *+,v' pre(es into the local *69 table
