Steps to configure MPLS VPN
General steps
-
Make sure mpls is enabled on each of the routers interfaces- including the Customer Edge (CE) interface.
- Obviously the Provider (P) routers require this, but only the receiving Customer Edge (CE) router interface needs to be MPLS enabled unless Penultimate POP is being used.
-
Define include each of your customer Networks using an Interior Routing protocol (IGP) such as Open Shortest Path First (OSPF) on your own network Customer (C) routers.
- You might choose to use Border Gateway Protocol (BGP) with "Extended Communities Attribute" to achieve the same thing. This basically allows you to group autonomous systems, or differentiate between them. See Understanding BGP Communities.
Understanding the virtual routing and forwarding (VRF)
Creating, forwarding and understanding what Virtual Route Forwarding (VRF) is.
- Creating the VRF (with
vrf definition ....
) - Allocating routes to the vrf with
vrf forwarding ...
Creating a VRF
PE-R2(config)# vrf definition mycompany
*
* Note the above is the newer command for multiprotocol (IPv4/6 support) on older IOSs you must use:
PE-R2(config)# ip vrf mycompany
Create a Route Distinguisher (RD)
Note that a route distinguisher is 'nothing more' than a number to separate customers from each other and avoid IP conflicts:
"The route distinguisher has only one purpose: to make IPv4 prefixes globally unique. It is not used for IP forwarding by the provider's core (non-edge) routers (within the MPLS cloud), but it is used by the edge routers to identify which VPN a packet belongs to. For example, for a Provider Edge (PE) router to be able to distinguish between the IP address 10.0.0.0 of one customer from the 10.0.0.0 of another customer, the network administrator must configure the Provider Edge (PE) to add a unique route distinguisher to each packet arriving from the Customer Edge's (CEs)." - Route distinguisher - Wikipedia
PE-R2(config-vrf)# rd xx:xx
*
*In a lab environment this number can be can be 'anything' in reality, the conversion here is to use the Autonomous System Number (ASN) of the organisation. For this example we'll use 120:120. Remember, that the route distinguisher is used by edge routers to identify which VPN a packet belongs to.
Set the address family for the VRF
If needed:
PE-R2(config-vrf)# address-family ipv4
(newer multiprotocol IOSs)
PE-R2(config-vrf)# address-family vpnv4
(newer multiprotocol IOSs)
Specify The Route Target export & import
For an excellent explanation of what is a route distinguisher and also the utility of the route-target export and import commands, refer to the article 'Difference Between the RD and RT' by CCIE Blog. In summary:
PE-R2(config-vrf-af)# route-target export 20:20 (sending *)
PE-R2(config-vrf-af)# route-target import 30:30 (receiving)
- So when the reciving PE router gets packets from this at the other end, the statement will be the opposite (
route-target *import* 20:20
) because this router is exporting/sending its mpls packets with the 20 identifier (tag?). If the above doesn't make sense, read the explanation of how do route-target import export commands work on the Difference Between the RD and RT' CCIE Blog.
Specify the interface to perform vrf forwarding on
OK so we've already created the VRF by issuing vrf definition mycompany
on the PE router. That just creates a VRF, it's not assigned to any interface yet. To do this, the interface specific vrf forwarding
command is used.
e.g.
PE-R2(config-if)#vrf forwarding mycompany
* (newer IOS)
PE-R2(config-if)#ip vrf forwarding mycomany
(older IOS's)
- This should be done on the Customer Edge (CE) interface which is connected to the Provider Edge (PE) router.
Note that when you assign an interface to a VRF any IP address assigned to it will be removed, and will need re-adding.
(src)
Define loopbacks on your PE routers
Define loopbacks on your PE routers and add them to your chosen Interior Gateway protocol (IGP) e.g Open Shortest Path First (OSPF).
Remember that the Router ID (RID) is the highest IP address on the box or the loopback interface, calculated at boot time or whenever the OSPF process is restarted.
Cisco - OSPF Design Guide
Create the loopbacks
PE-R2(config-if)# ip address 2.2.2.2 255.255.255.255