This is the sixth post in the series, the goal of the series is to provide a guide for the MPLS and BGP Lab I posted awhile back. The labs consists of MPLS VPNs and BGP along with some OSPF, NAT, IPSEC and GRE exposure. I will be posting the files needed for this lab at the bottom. Here’s the topology and the requirements:


(click image for fullsize)

Requirements:
Internet
* The two Internet routers should serve as transit ASes. No other routers should permit transit traffic.
* Internet sites (modeled by loopbacks) should be accessible by all lan IPs.

Clients
* London, Paris, and New York have Internet connections to their respective ISPs. New York is dual-homed.
* London, Paris, New York, and Chicago all have MPLS connections to the same provider. New York and Chicago constitute one company, while London and Paris constitute another. Their routes should not mix over MPLS.
* London, Paris, and New York each have data centers with a DMZ that should be publicly accessible.
* London, Paris, New York, and Chicago each have 2 LANs which should not be accessible from the Internet, though they should be able to access the Internet.
* London and Paris have a GRE over IPSEC connection between them that should take over routing between their LANs in case the MPLS connection fails. Additionally, the MPLS connection should take over for DMZ sites if the Internet connection should fail.

MPLS
* The MPLS-P router should be the only one in area 0. It should be an ABR connection MPLS-PE1 (a stub area 1) and MPLS-PE2 (a stub area 2).
* Area 1 and Area 2 should be summarized to /24′s before being injected into the OSPF backbone.
* The PE routers should communicate via BGP to the CE routers.

Today we will configure the M routers for London, NY, Paris and Chicago:

London-M

hostname London-M
!
interface Loopback0
 ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0
 description Connection to London-I
 ip address 192.168.0.254 255.255.255.0
!
interface Serial1/0
 description Connection to MPLS-PE1
 ip address 172.16.1.2 255.255.255.252
!
router bgp 65000
 no synchronization
 bgp log-neighbor-changes
 network 192.168.1.0
 neighbor 172.16.1.1 remote-as 65535
 neighbor 192.168.0.1 remote-as 65000
 neighbor 192.168.0.1 next-hop-self
 no auto-summary

Relatively basic stufff here. We have the Loopback configured to simulate the LAN, then we have interfaces connecting to London-I and MPLS-PE1. Our BGP config is not complex, we have two neighbors, one internal and one external, and we’re advertising our LAN.


NewYork-M

hostname NewYork-M
!
interface Loopback0
 ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0
 description Conection to NewYork-I
 ip address 192.168.0.254 255.255.255.0
!
interface Serial1/0
 description Connection to MPLS-PE1
 ip address 172.16.1.6 255.255.255.252
!
router bgp 65001
 no synchronization
 bgp log-neighbor-changes
 network 192.168.1.0
 neighbor 172.16.1.5 remote-as 65535
 neighbor 192.168.0.1 remote-as 65001
 neighbor 192.168.0.1 next-hop-self
 no auto-summary


Paris-M

hostname Paris-M
!
interface Loopback0
 ip address 192.168.4.1 255.255.255.0
!
interface FastEthernet0/0
 description Connection to Paris-I
 ip address 192.168.2.254 255.255.255.0
!
interface Serial1/0
 description Connection to MPLS-PE2
 ip address 172.16.2.2 255.255.255.252
!
router bgp 65002
 no synchronization
 bgp log-neighbor-changes
 network 192.168.4.0
 neighbor 172.16.2.1 remote-as 65535
 neighbor 192.168.2.1 remote-as 65002
 neighbor 192.168.2.1 next-hop-self
 no auto-summary


Chicago-M

hostname Chicago-M
!
interface Loopback0
 ip address 192.168.5.1 255.255.255.0
!
interface Serial1/0
 description Connection to MPLS-PE2
 ip address 172.16.2.6 255.255.255.252
!
router bgp 65003
 no synchronization
 bgp log-neighbor-changes
 network 192.168.5.0
 neighbor 172.16.2.5 remote-as 65535
 no auto-summary

The rest of the M routers are configured similarly, so I won’t redundantly explain everything. Let’s test things:

Chicago-M#sh ip route
...
     172.16.0.0/30 is subnetted, 2 subnets
B       172.16.1.4 [20/0] via 172.16.2.5, 00:55:17
C       172.16.2.4 is directly connected, Serial1/0
C    192.168.5.0/24 is directly connected, Loopback0
     10.0.0.0/8 is variably subnetted, 8 subnets, 3 masks
B       10.2.1.0/30 [20/0] via 172.16.2.5, 00:53:45
B       10.1.1.0/30 [20/0] via 172.16.2.5, 00:54:46
B       10.1.0.0/30 [20/0] via 172.16.2.5, 00:53:14
B       10.128.0.0/16 [20/0] via 172.16.2.5, 00:54:46
B       10.129.0.0/16 [20/0] via 172.16.2.5, 00:54:46
B       10.192.2.0/24 [20/0] via 172.16.2.5, 00:53:45
B       10.192.0.0/24 [20/0] via 172.16.2.5, 00:53:14
B       10.192.1.0/24 [20/0] via 172.16.2.5, 00:54:46
B    192.168.1.0/24 [20/0] via 172.16.2.5, 00:55:18
 
Chicago-M#ping 10.128.0.1 source lo0
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.128.0.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.5.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/28/48 ms
 
Chicago-M#ping 10.192.1.1
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.192.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/40/64 ms

Here we see that Chicago-M can ping the internet from its LAN interface, and it can communicate with the DMZ on NewYork-I.

That’s it for the series, the lab is complete other than some simple things I was too lazy to configure. Check out the Dynamips/GNS3 page for links to every post in the series, as well as all the configs. Here are the files needed for the lab:
The Dynagen/GNS3 .net file
The IP Address Allocations
The Visio Diagram for the Lab
(You will need to modify the .net file to reflect your own IOS and path values)

Colby

Colby Glass has been in IT since 2002. He is currently a Systems Engineer (presales) with a Cisco Gold partner and holds the CCNP R/S, CCNP DC, CCDP, CCIP, JNCIA-ER.

More Posts