Scribd
Upload
226 views

Net Route Academy - MPLS VPN Over DMVPN

The document verifies the configuration and operation of an MPLS VPN network using OSPF for routing, LDP for MPLS label distribution, and MP-BGP for VPNv4 route distribution between provider edge (PE) routers. Key steps include verifying OSPF neighbor adjacencies, the MPLS forwarding table, LDP discovery process, and MP-BGP neighbor connections and route advertisements for each VPNv4 address family.

Uploaded by

Adrian Tiamson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
226 views

Net Route Academy - MPLS VPN Over DMVPN

The document verifies the configuration and operation of an MPLS VPN network using OSPF for routing, LDP for MPLS label distribution, and MP-BGP for VPNv4 route distribution between provider edge (PE) routers. Key steps include verifying OSPF neighbor adjacencies, the MPLS forwarding table, LDP discovery process, and MP-BGP neighbor connections and route advertisements for each VPNv4 address family.

Uploaded by

Adrian Tiamson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
You are on page 1/ 8

Net Route Academy – MPLS VPN over DMVPN

Verify OSPF Routing


Verify the current OSPF configuration for IPv4 networks. Verify that OSPF
is configured for process ID 1, in Area 0, and check that OSPF runs in
the following interfaces: Loopback0
show ip ospf interface brief

PE_1#show ip ospf interface brief


Interface PID Area IP Address/Mask Cost State Nbrs F/C
Lo0 1 0 10.0.0.1/32 1 LOOP 0/0
Et0/1 1 0 10.10.15.1/24 10 P2P 1/1
Et0/0 1 0 10.10.14.1/24 10 P2P 1/1
List the routers that have established full OSPF adjacency to the PE1 router.
Verify neighbors’ ID, adjacency state, and the local interface to which they
connect.
show ip ospf neighbor

PE_1#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface


10.0.0.5 0 FULL/ - 00:00:34 10.10.15.5 Ethernet0/1
10.0.0.4 0 FULL/ - 00:00:32 10.10.14.4 Ethernet0/0

Verify the current state of the routing table and filter only the routes that the
OSPF protocol learned. Confirm that all networks on the WAN and loopback
interfaces are listed.
show ip route ospf

PE_1#show ip route ospf


Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 14 subnets, 2 masks


O 10.0.0.2/32 [110/45] via 10.10.15.5, 00:12:54, Ethernet0/1
O 10.0.0.3/32 [110/45] via 10.10.15.5, 00:12:54, Ethernet0/1
O 10.0.0.4/32 [110/11] via 10.10.14.4, 00:45:30, Ethernet0/0
O 10.0.0.5/32 [110/11] via 10.10.15.5, 00:45:30, Ethernet0/1
O 10.0.0.6/32 [110/21] via 10.10.15.5, 00:45:20, Ethernet0/1
O 10.10.45.0/24 [110/20] via 10.10.15.5, 00:45:30, Ethernet0/1
[110/20] via 10.10.14.4, 00:45:30, Ethernet0/0
O 10.10.56.0/24 [110/20] via 10.10.15.5, 00:45:30, Ethernet0/1
O 10.10.236.0/24 [110/68] via 10.10.15.5, 00:12:54, Ethernet0/1
O 10.10.236.6/32 [110/20] via 10.10.15.5, 00:45:20, Ethernet0/1
Net Route Academy – MPLS VPN over DMVPN

Return to PE1 and verify IP connectivity to remote IP address on the Loopback


0 interfaces. Make sure to use the IP address on Loopback0 on local router as
the source for your testing packets.
ping

PE_1#ping 10.0.0.4 source loopback 0


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.4, timeout is 2 seconds:
Packet sent with a source address of 10.0.0.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

PE_1#ping 10.0.0.3 source loopback 0


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.3, timeout is 2 seconds:
Packet sent with a source address of 10.0.0.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

PE_1#ping 10.0.0.2 source loopback 0


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
Packet sent with a source address of 10.0.0.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

Verify MPLS
In this task, you will verify the MPLS operation within the core infrastructure.
Test your knowledge of IP connectionless network forwarding using
connection-oriented, end-to-end LSPs. This is part of the section on MPLS in
the IP network core chapter.

Use the show mpls interfaces command to display information about one or
more interfaces that are configured for MPLS. Observe that LDP is used for
label distribution.

PE_1#show mpls interfaces


Interface IP Tunnel BGP Static Operational
Ethernet0/0 Yes (ldp) No No No Yes
Ethernet0/1 Yes (ldp) No No No Yes

R_Reflector>show mpls interfaces


Interface IP Tunnel BGP Static Operational
Ethernet0/0 Yes (ldp) No No No Yes
Ethernet0/1 Yes (ldp) No No No Yes

PE_2>show mpls interfaces


Interface IP Tunnel BGP Static Operational
Ethernet0/0 Yes (ldp) No No No Yes
Ethernet0/1 Yes (ldp) No No No Yes
Ethernet0/2 Yes (ldp) No No No Yes
Net Route Academy – MPLS VPN over DMVPN

P_DMVPN_Hub>show mpls interfaces


Interface IP Tunnel BGP Static Operational
Ethernet0/0 Yes (ldp) No No No Yes
Tunnel0 Yes (ldp) No No No Yes

PE2_Dspoke>show mpls interfaces


Interface IP Tunnel BGP Static Operational
Tunnel0 Yes (ldp) No No No Yes

PE3_Dspoke>show mpls interfaces


Interface IP Tunnel BGP Static Operational
Tunnel0 Yes (ldp) No No No Yes

Verify the status of the LDP discovery process. Verify that PE1 has two directly
connected LDP neighbors. Observe that all routers use the IP address in
Loopback0 as the LDP router ID. Also, identify the interfaces in which the
neighbors have been discovered.

Use the show mpls ldp discovery command to verify both link discovery and
targeted discovery.

PE_1#show mpls ldp discovery


Local LDP Identifier:
10.0.0.1:0
Discovery Sources:
Interfaces:
Ethernet0/0 (ldp): xmit/recv
LDP Id: 10.0.0.4:0
Ethernet0/1 (ldp): xmit/recv
LDP Id: 10.0.0.5:0
P_DMVPN_Hub>show mpls ldp discovery
Local LDP Identifier:
10.0.0.6:0
Discovery Sources:
Interfaces:
Ethernet0/0 (ldp): xmit/recv
LDP Id: 10.0.0.5:0
Tunnel0 (ldp): xmit

PE2_Dspoke>show mpls ldp discovery


Local LDP Identifier:
10.0.0.2:0
Discovery Sources:
Interfaces:
Tunnel0 (ldp): xmit
PE3_Dspoke>show mpls ldp discovery
Local LDP Identifier:
10.0.0.3:0
Discovery Sources:
Interfaces:
Tunnel0 (ldp): xmit
Net Route Academy – MPLS VPN over DMVPN

Use the show mpls forwarding-table command to verify the content of the MPLS
LFIB table. Observe how MPLS handles the MPLS packets on DMVPN Hub.

P_DMVPN_Hub#show mpls forwarding-table 10.0.0.3


Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
18 Pop Label 10.0.0.3/32 14960 Tu0 10.10.236.3

Verify MP-BGP
In this task, you will verify the MP-BGP operation within the service provider
WAN infrastructure and the tables it builds to provide IP network connectivity.

Display detailed neighbor adjacency information.

Use the show bgp all neighbors command on the routers to display detailed
information about BGP connections to neighbors for all (IPv4)address families.

PE_1#show ip bgp all


For address family: IPv4 Unicast

For address family: VPNv4 Unicast

BGP table version is 11, local router ID is 10.0.0.1


Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path


Route Distinguisher: 100:65001 (default for vrf ALPHA)
*> 172.16.18.0/24 0.0.0.0 0 32768 ?
*>i 172.16.123.0/24 10.0.0.3 0 100 0 ?
*>i 172.16.210.0/24 10.0.0.2 0 100 0 ?
Route Distinguisher: 100:65002 (default for vrf DELTA)
*> 172.16.19.0/24 0.0.0.0 0 32768 ?
*>i 172.16.133.0/24 10.0.0.3 0 100 0 ?
*>i 172.16.211.0/24 10.0.0.2 0 100 0 ?
R_Reflector>show ip bgp all
For address family: IPv4 Unicast

For address family: VPNv4 Unicast

BGP table version is 7, local router ID is 10.0.0.4


Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Net Route Academy – MPLS VPN over DMVPN

Network Next Hop Metric LocPrf Weight Path


Route Distinguisher: 100:65001
*>i 172.16.18.0/24 10.0.0.1 0 100 0 ?
*>i 172.16.123.0/24 10.0.0.3 0 100 0 ?
*>i 172.16.210.0/24 10.0.0.2 0 100 0 ?
Route Distinguisher: 100:65002
*>i 172.16.19.0/24 10.0.0.1 0 100 0 ?
*>i 172.16.133.0/24 10.0.0.3 0 100 0 ?
*>i 172.16.211.0/24 10.0.0.2 0 100 0 ?

PE2_Dspoke>show ip bgp all


For address family: IPv4 Unicast

For address family: VPNv4 Unicast

BGP table version is 11, local router ID is 10.0.0.2


Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path


Route Distinguisher: 100:65001 (default for vrf ALPHA)
*>i 172.16.18.0/24 10.0.0.1 0 100 0 ?
*>i 172.16.123.0/24 10.0.0.3 0 100 0 ?
*> 172.16.210.0/24 0.0.0.0 0 32768 ?
Route Distinguisher: 100:65002 (default for vrf DELTA)
*>i 172.16.19.0/24 10.0.0.1 0 100 0 ?
*>i 172.16.133.0/24 10.0.0.3 0 100 0 ?
*> 172.16.211.0/24 0.0.0.0 0 32768 ?
PE3_Dspoke#show ip bgp all
For address family: IPv4 Unicast

For address family: VPNv4 Unicast

BGP table version is 11, local router ID is 10.0.0.3


Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path


Route Distinguisher: 100:65001 (default for vrf ALPHA)
*>i 172.16.18.0/24 10.0.0.1 0 100 0 ?
*> 172.16.123.0/24 0.0.0.0 0 32768 ?
*>i 172.16.210.0/24 10.0.0.2 0 100 0 ?
Route Distinguisher: 100:65002 (default for vrf DELTA)
*>i 172.16.19.0/24 10.0.0.1 0 100 0 ?
*> 172.16.133.0/24 0.0.0.0 0 32768 ?
*>i 172.16.211.0/24 10.0.0.2 0 100 0 ?
Net Route Academy – MPLS VPN over DMVPN

Verify VRF connectivity to branch sites

Use the show vrf detail Alpha and Delta command to display information for the
VRF named Alpha. Observe the RD and RT values. Also observe that two
Loopback interfaces (Loopback0 and Loopback2) and first interfaces are
assigned to this VRF.

PE_1#show vrf detail DELTA


VRF DELTA (VRF Id = 2); default RD 100:65002; default VPNID <not set>
New CLI format, supports multiple address-families
Flags: 0x180C
Interfaces:
Et0/3
Address family ipv4 unicast (Table ID = 0x2):
Flags: 0x0
Export VPN route-target communities
RT:100:65002
Import VPN route-target communities
RT:100:65002
No import route-map
No global export route-map
No export route-map
VRF label distribution protocol: not configured
VRF label allocation mode: per-prefix
Address family ipv6 unicast not active
Address family ipv4 multicast not active

PE_1#show vrf detail ALPHA


VRF ALPHA (VRF Id = 1); default RD 100:65001; default VPNID <not set>
New CLI format, supports multiple address-families
Flags: 0x180C
Interfaces:
Et0/2
Address family ipv4 unicast (Table ID = 0x1):
Flags: 0x0
Export VPN route-target communities
RT:100:65001
Import VPN route-target communities
RT:100:65001
No import route-map
No global export route-map
No export route-map
VRF label distribution protocol: not configured
VRF label allocation mode: per-prefix
Address family ipv6 unicast not active
Address family ipv4 multicast not active

PE_1#show bgp vpnv4 unicast ?


all Display information about all VPN NLRIs
rd Display information for a route distinguisher
vrf Display information for a VPN Routing/Forwarding instance

PE_1#show bgp vpnv4 unicast vrf ALPHA


BGP table version is 11, local router ID is 10.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
Net Route Academy – MPLS VPN over DMVPN

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,


x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path


Route Distinguisher: 100:65001 (default for vrf ALPHA)
*> 172.16.18.0/24 0.0.0.0 0 32768 ?
*>i 172.16.123.0/24 10.0.0.3 0 100 0 ?
*>i 172.16.210.0/24 10.0.0.2 0 100 0 ?

PE_1#show bgp vpnv4 unicast vrf DELTA


BGP table version is 11, local router ID is 10.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path


Route Distinguisher: 100:65002 (default for vrf DELTA)
*> 172.16.19.0/24 0.0.0.0 0 32768 ?
*>i 172.16.133.0/24 10.0.0.3 0 100 0 ?
*>i 172.16.211.0/24 10.0.0.2 0 100 0 ?

You can verify the connectivity from ALPHA_HQ to Alpha Site 2

ALPHA#traceroute 192.168.20.1 source 192.168.10.1


Type escape sequence to abort.
Tracing the route to 192.168.20.1
VRF info: (vrf in name/id, vrf out name/id)
1 172.16.18.1 [AS 100] 1 msec 0 msec 1 msec
2 10.10.15.5 [MPLS: Labels 20/27 Exp 0] 1 msec 1 msec 2 msec
3 10.10.56.6 [MPLS: Labels 19/27 Exp 0] 1 msec 5 msec 1 msec
4 172.16.210.2 [AS 100] [MPLS: Label 27 Exp 0] 3 msec 3 msec 2 msec
5 172.16.210.10 [AS 100] 2 msec * 2 msec
Net Route Academy – MPLS VPN over DMVPN

Verify DMVPN Connectivity


Use the show dmvpn command to verify proper operation of DMVPN control
functions.

P_DMVPN_Hub#show dmvpn
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================

Interface: Tunnel0, IPv4 NHRP Details


Type:Hub, NHRP Peers:2,

# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
----- --------------- --------------- ----- -------- -----
1 1.1.27.2 10.10.236.2 UP 00:50:51 D
1 1.1.37.3 10.10.236.3 UP 00:50:52 D

Use the show ip nhrp tu0 command to display NHRP-mapping information on a


device.

P_DMVPN_Hub#show ip nhrp tu0


10.10.236.2/32 via 10.10.236.2
Tunnel0 created 00:54:12, expire 01:45:47
Type: dynamic, Flags: unique registered used nhop
NBMA address: 1.1.27.2
10.10.236.3/32 via 10.10.236.3
Tunnel0 created 00:54:13, expire 01:45:46
Type: dynamic, Flags: unique registered used nhop
NBMA address: 1.1.37.3

P_DMVPN_Hub#show ip nhrp tu 0 brief


Target Via NBMA Mode Intfc Claimed
10.10.236.2/32 10.10.236.2 1.1.27.2 dynamic Tu0 < >
10.10.236.3/32 10.10.236.3 1.1.37.3 dynamic Tu0 < >

Use the show crypto isakmp sa command to verify IPsec Tunnels

P_DMVPN_Hub#show crypto isakmp sa


IPv4 Crypto ISAKMP SA
dst src state conn-id status
1.1.67.6 1.1.37.3 QM_IDLE 1001 ACTIVE
1.1.67.6 1.1.27.2 QM_IDLE 1002 ACTIVE

You might also like