Tuesday, 30 July 2019

MPLS Layer 3 VPN (Juniper)

 

Network Diagram 


Interfaces and OSPF Configurations


PE1
set system host-name PE-1
set interfaces ge-0/0/7 unit 0 family inet address 10.10.10.1/24
set interfaces ge-0/0/8 unit 0 family inet address 172.22.211.1/24
set interfaces ge-0/0/8 unit 0 family mpls
set interfaces ge-0/0/9 unit 0 family inet address 172.22.210.1/24
set interfaces ge-0/0/9 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 192.168.100.1/32
set routing-options autonomous-system 65512
set protocols ospf area 0.0.0.0 interface ge-0/0/9.0
set protocols ospf area 0.0.0.0 interface ge-0/0/8.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive 

PE2
set system host-name PE-2
set interfaces ge-0/0/7 unit 0 family inet address 20.20.20.1/24
set interfaces ge-0/0/8 unit 0 family inet address 172.22.213.1/24
set interfaces ge-0/0/8 unit 0 family mpls
set interfaces ge-0/0/9 unit 0 family inet address 172.22.212.1/24
set interfaces ge-0/0/9 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 192.168.100.2/32
set routing-options autonomous-system 65512
set protocols ospf area 0.0.0.0 interface ge-0/0/9.0
set protocols ospf area 0.0.0.0 interface ge-0/0/8.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
 
P1
set system host-name P1
set system root-authentication encrypted-password "$1$3lTsSJ8D$2aV0KhMgR4f.n8xehMeHU/"
set interfaces ge-0/0/7 unit 0 family inet address 172.22.202.1/24
set interfaces ge-0/0/7 unit 0 family mpls
set interfaces ge-0/0/8 unit 0 family inet address 172.22.201.1/24
set interfaces ge-0/0/8 unit 0 family mpls
set interfaces ge-0/0/9 unit 0 family inet address 172.22.210.2/24
set interfaces ge-0/0/9 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 192.168.50.1/32
set routing-options autonomous-system 65512
set protocols ospf area 0.0.0.0 interface ge-0/0/9.0
set protocols ospf area 0.0.0.0 interface ge-0/0/8.0
set protocols ospf area 0.0.0.0 interface ge-0/0/7.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive 

P2
set system host-name P2
set system root-authentication encrypted-password "$1$XlqiXCyR$sGiGvQ2B7y64jig79BOsM0"
set interfaces ge-0/0/7 unit 0 family inet address 172.22.204.1/24
set interfaces ge-0/0/7 unit 0 family mpls
set interfaces ge-0/0/8 unit 0 family inet address 172.22.201.2/24
set interfaces ge-0/0/8 unit 0 family mpls
set interfaces ge-0/0/9 unit 0 family inet address 172.22.212.2/24
set interfaces ge-0/0/9 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 192.168.50.2/32
set routing-options autonomous-system 65512
set protocols ospf area 0.0.0.0 interface ge-0/0/9.0
set protocols ospf area 0.0.0.0 interface ge-0/0/8.0
set protocols ospf area 0.0.0.0 interface ge-0/0/7.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive 

P3
set system host-name P3
set interfaces ge-0/0/7 unit 0 family inet address 172.22.202.2/24
set interfaces ge-0/0/7 unit 0 family mpls
set interfaces ge-0/0/8 unit 0 family inet address 172.22.211.2/24
set interfaces ge-0/0/8 unit 0 family mpls
set interfaces ge-0/0/9 unit 0 family inet address 172.22.203.1/24
set interfaces ge-0/0/9 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 192.168.50.3/32
set routing-options autonomous-system 65512
set protocols ospf area 0.0.0.0 interface ge-0/0/9.0
set protocols ospf area 0.0.0.0 interface ge-0/0/8.0
set protocols ospf area 0.0.0.0 interface ge-0/0/7.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive

P4
set system host-name P4
set system root-authentication encrypted-password "$1$jewvHQKI$JFmCm8bBsE8ZMh2s3/jXl/"
set interfaces ge-0/0/7 unit 0 family inet address 172.22.204.2/24
set interfaces ge-0/0/7 unit 0 family mpls
set interfaces ge-0/0/8 unit 0 family inet address 172.22.213.2/24
set interfaces ge-0/0/8 unit 0 family mpls
set interfaces ge-0/0/9 unit 0 family inet address 172.22.203.2/24
set interfaces ge-0/0/9 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 192.168.50.4/32
set routing-options autonomous-system 65512
set protocols ospf area 0.0.0.0 interface ge-0/0/9.0
set protocols ospf area 0.0.0.0 interface ge-0/0/8.0
set protocols ospf area 0.0.0.0 interface ge-0/0/7.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive

CE1
set system host-name CE1
set interfaces ge-0/0/9 unit 0 family inet address 10.10.10.2/24
set interfaces lo0 unit 0 family inet address 1.1.1.1/32
set routing-options static route 172.10.0.0/24 reject
set routing-options static route 172.10.1.0/24 reject
set routing-options static route 172.10.2.0/24 reject
set routing-options static route 172.10.3.0/24 reject
set routing-options autonomous-system 65001

CE2
set system host-name CE2
set interfaces ge-0/0/9 unit 0 family inet address 20.20.20.2/24
set interfaces lo0 unit 0 family inet address 2.2.2.2/32
set routing-options static route 172.20.0.0/24 reject
set routing-options static route 172.20.1.0/24 reject
set routing-options static route 172.20.2.0/24 reject
set routing-options static route 172.20.3.0/24 reject
set routing-options autonomous-system 65001

OSPF Status


Enable MPLS and RSVP


PE1
set protocols rsvp interface ge-0/0/8.0
set protocols rsvp interface ge-0/0/9.0
set protocols mpls no-cspf
set protocols mpls interface ge-0/0/8.0
set protocols mpls interface ge-0/0/9.0 

PE2
set protocols rsvp interface ge-0/0/8.0
set protocols rsvp interface ge-0/0/9.0
set protocols mpls no-cspf
set protocols mpls interface ge-0/0/8.0
set protocols mpls interface ge-0/0/9.0
 
P1
set protocols rsvp interface all
set protocols mpls no-cspf
set protocols mpls interface all

P2
set protocols rsvp interface all
set protocols mpls no-cspf
set protocols mpls interface all

P3
set protocols rsvp interface all
set protocols mpls no-cspf
set protocols mpls interface all

P4
set protocols rsvp interface all
set protocols mpls no-cspf
set protocols mpls interface all

MPLS and RSVP Status

Establish IBGP Session Between PE Routers 


PE1
set protocols bgp group IBGP-PE2 type internal
set protocols bgp group IBGP-PE2 local-address 192.168.100.1
set protocols bgp group IBGP-PE2 neighbor 192.168.100.2

PE2
set protocols bgp group IBGP-PE1 type internal
set protocols bgp group IBGP-PE1 local-address 192.168.100.2
set protocols bgp group IBGP-PE1 neighbor 192.168.100.1

IBGP Session Between PE Routers

Establish Bi-directional MPLS LSP


PE1
set protocols mpls label-switched-path pe1-to-pe2 from 192.168.100.1
set protocols mpls label-switched-path pe1-to-pe2 to 192.168.100.2
 
PE2
set protocols mpls label-switched-path pe2-to-pe1 from 192.168.100.2
set protocols mpls label-switched-path pe2-to-pe1 to 192.168.100.1

MPLS LSP Status

inet.3 BGP Next Hop Resolved by LSP

Enable MP-BGP Peering on PEs


PE1
root@PE-1# show protocols bgp
group IBGP-PE2 {
    type internal;
    local-address 192.168.100.1;
    family inet {
        unicast;
    }
    family inet-vpn {
        unicast;
    }
    export NHS;
    neighbor 192.168.100.2;
}
 
PE2
root@PE-2# show protocols bgp
group IBGP-PE1 {
    type internal;
    local-address 192.168.100.2;
    family inet {
        unicast;
    }
    family inet-vpn {
        unicast;
    }
    export NHS;
    neighbor 192.168.100.1;
}

MP-BGP Address Family Verification



VRF Configuration


PE1
root@PE-1# show routing-instances
VPN-1 {
    instance-type vrf;
    interface ge-0/0/7.0;
    route-distinguisher 192.168.100.1:11;
    vrf-target target:65512:11;
    vrf-table-label;
    protocols {
        bgp {
            group EBGP-CE1 {
                type external;
                peer-as 65001;
                as-override;
                neighbor 10.10.10.2;
            }
        }
    }
}

PE2
root@PE-2# show routing-instances
VPN-1 {
    instance-type vrf;
    interface ge-0/0/7.0;
    route-distinguisher 192.168.100.2:11;
    vrf-target target:65512:11;
    vrf-table-label;
    protocols {
        bgp {
            group EBGP-CE2 {
                type external;
                peer-as 65001;
                as-override;
                neighbor 20.20.20.2;
            }
        }
    }
}

CE EBGP Configuration


CE1
set protocols bgp group my-ext-group type external
set protocols bgp group my-ext-group export ce-export-lb
set protocols bgp group my-ext-group peer-as 65512
set protocols bgp group my-ext-group neighbor 10.10.10.1
set policy-options policy-statement exp-policy term 1 from protocol direct
set policy-options policy-statement exp-policy term 1 from route-filter 1.1.1.1/32 exact
set policy-options policy-statement exp-policy term 1 then accept
set policy-options policy-statement exp-policy term 10 from protocol static
set policy-options policy-statement exp-policy term 10 then accept
set policy-options policy-statement exp-policy term 20 then reject

CE2
set protocols bgp group my-ext-group type external
set protocols bgp group my-ext-group export ce-export-lb
set protocols bgp group my-ext-group peer-as 65512
set protocols bgp group my-ext-group neighbor 20.20.20.1
set policy-options policy-statement exp-policy term 1 from protocol direct
set policy-options policy-statement exp-policy term 1 from route-filter 2.2.2.2/32 exact
set policy-options policy-statement exp-policy term 1 then accept
set policy-options policy-statement exp-policy term 10 from protocol static
set policy-options policy-statement exp-policy term 10 then accept
set policy-options policy-statement exp-policy term 20 then reject

Verification








~~~ THE END ~~~
at
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)