MPLS dapat melayani L2 dengan 2 cara:
1. Dengan P2P menggunakan AToM (Any Transport over MPLS), dimana akan dibahas dalam artikel ini.
2. Dengan P2MP menggunakan VPLS (Virtual Private Lan Service).
Dengan demikian untuk solusi Etnernet L2 PTP ada 2 solusi:
1. Menggunakan existing IP Cloud dan di PE di lakukan pseudowire over L2TP
2. Menggunakan MPLS network dimana di PE dilakukan pseudowire over MPLS
Keuntungan menggunakan L2TP adalah sederhana, karena memanfaatkan IP Cloud yang ada, sehingga lebih murah. Sedangkan keuntungan menggunakan MPLS sederhana dan scalable dan banyak fitur yang bisa diterapkan, namun ada investasi untuk mengupgrade router-router existing jadi MPLS router.
Berikut adalah skenarionya:
Setting pada gambar diatas mengasumsikan sudah dicreate IGP menggunakak OSPF.
Selanjutnya untuk setting L2 VPN over MPLS ATOM. Langkah-langkahnya sbb:
1. Setting semua Router sesuai gambar diatas
2. Settingan IGP menggunakan OSPF harus lengkap
3. Pada router yang akan melakukan xconnect sebaiknya dibuatkan interface Loopback
4. Aktifkan mpls tag di semua interface fisik yang akan berpartisipasi dalam cloud mpls, menggunakan command "mpls ip", periksa apakah neighbour sudah terdeteksi dengan command "show mpls ldp neigh". Periksa juga apakah MPLS label sudah bekerja dengan melakukan traceroute dari PE-R1 ke PE-R2, ada 3 hop: hop pertama dan kedua harusnya ada Label nya.
5. Setelah semua selesai maka lakukan crossconnect pseudowire di Router PE-R1 port e1/0 dan PE-R3 port e1/1 dengan perintah sbb:
PE-R1:
interface Loopback0
ip address 11.11.11.11 255.255.255.255
!
interface Ethernet1/0
no ip address
duplex full
no keepalive
xconnect 13.13.13.13 100 encapsulation mpls
PE-R3:
interface Loopback0
ip address 13.13.13.13 255.255.255.255
!
interface Ethernet1/1
no ip address
duplex full
no keepalive
xconnect 11.11.11.11 100 encapsulation mpls
periksa apakah mpls neighbour sudah bertambah di PE-R3
Apabila sudah maka, coba lakukan ping dari CE1 ke CE2.
Settingan lengkap sbb:
Ref:
http://resources.intenseschool.com/gns3-lab-mpls-layer-2-vpn-atom/
Task 1: Build MPLS network. Configure OSPF between the service provider devices. Announce their Loopback0 into OSPF. Configure LDP between the SP devices.
PE-R1(config)#router ospf 1 PE-R1(config-router)#router-id 11.11.11.11 PE-R1(config-router)#network 11.11.11.11 0.0.0.0 area 0 PE-R1(config-router)#network 13.13.13.0 0.0.0.255 area 0 PE-R1(config-router)#int fa3/0 PE-R1(config-if)#mpls ip PE-R2(config)#router ospf 1 PE-R2(config-router)#router-id 22.22.22.22 PE-R2(config-router)#network 22.22.22.22 0.0.0.0 area 0 PE-R2(config-router)#network 23.23.23.0 0.0.0.255 area 0 PE-R2(config-router)#int fa2/0 PE-R2(config-if)#mpls ip PE-R3(config)#router ospf 1 PE-R3(config-router)#router-id 33.33.33.33 PE-R3(config-router)#network 33.33.33.33 0.0.0.0 area 0 PE-R3(config-router)#network 13.13.13.0 0.0.0.255 area 0 PE-R3(config-router)#network 23.23.23.0 0.0.0.255 area 0 PE-R3(config-router)#int fa3/0 PE-R3(config-if)#mpls ip PE-R3(config-if)#int fa2/0 PE-R3(config-if)#mpls
Let’s verify LDP neighborship and check if PE1 and PE2 have LDP bindings on their Loopback0 IP addresses. It is important to have LDP Bindings for the Loopback IP addresses of PE1 and PE2, otherwise Layer 2 VPN will not work.
PE-R3#show mpls ldp neigh | inc Peer LDP Ident:
Peer LDP Ident: 22.22.22.22:0; Local LDP Ident 23.23.23.3:0
Peer LDP Ident: 11.11.11.11:0; Local LDP Ident 23.23.23.3:0
PE-R1#sh mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 23.23.23.0/24 0 Fa3/0 13.13.13.3
17 17 22.22.22.22/32 0 Fa3/0 13.13.13.3
PE-R2#sh mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 13.13.13.0/24 0 Fa2/0 23.23.23.3
17 16 11.11.11.11/32 0 Fa2/0 23.23.23.3
PE-R1#traceroute 22.22.22.22
Type escape sequence to abort.
Tracing the route to 22.22.22.22
1 13.13.13.3 [MPLS: Label 17 Exp 0] 28 msec 40 msec 40 msec
2 23.23.23.2 60 msec 40 msec 40 msec
We have confirmed that there are label switch paths to reach 11.11.11.11/32 and 22.22.22.22/32. Let’s proceed to do Task 2.
Task 2: Configure Ethernet over MPLS AToM between CUSTA-R1 and CUSTA-R2. Configure IP addresses and verify connectivity.
PE-R1(config)#pseudowire-class ETHERNET PE-R1(config-pw-class)#encapsulation mpls PE-R1(config-pw-class)#int fa0/0 PE-R1(config-if)#no ip address PE-R1(config-if)#duplex full PE-R1(config-if)#xconnect 22.22.22.22 102 pw-class ETHERNET PE-R1(config-if)#no shut PE-R2(config)#pseudowire-class ETHERNET PE-R2(config-pw-class)#encapsulation mpls PE-R2(config-pw-class)#int fa0/0 PE-R2(config-if)#no ip address PE-R2(config-if)#duplex full PE-R2(config-if)#xconnect 11.11.11.11 102 pw-class ETHERNET PE-R2(config-if)# no shut CUSTA-R1(config)#int fa1/0 CUSTA-R1(config-if)#duplex full CUSTA-R1(config-if)#ip address 10.1.12.1 255.255.255.0 CUSTA-R1(config-if)#no shut CUSTA-R2(config)#int fa1/0 CUSTA-R2(config-if)#duplex full CUSTA-R2(config-if)#ip address 10.1.12.2 255.255.255.0 CUSTA-R2(config-if)#no shut
Now let’s verify what happens to the MPLS forwarding table and then we’ll issue some commands.
PE-R1#sh mpls forwarding-table Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or VC or Tunnel Id Switched interface 16 Pop Label 33.33.33.33/32 0 Fa3/0 13.13.13.3 17 17 22.22.22.22/32 0 Fa3/0 13.13.13.3 18 Pop Label 23.23.23.0/24 0 Fa3/0 13.13.13.3 19 No Label l2ckt(102) 4923 Fa0/0 point2point PE-R2#sh mpls forwarding-table Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or VC or Tunnel Id Switched interface 16 Pop Label 33.33.33.33/32 0 Fa2/0 23.23.23.3 17 16 11.11.11.11/32 0 Fa2/0 23.23.23.3 18 Pop Label 13.13.13.0/24 0 Fa2/0 23.23.23.3 19 No Label l2ckt(102) 4426 Fa0/0 point2point PE-R1#sh mpls l2transport vc 102 Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ---------- Fa0/0 Ethernet 22.22.22.22 102 UP
When we issue the “show mpls forwarding-table” command, we see that there is a new entry “l2ckt(102).” This is the pseudowire label. Similar to Layer 3 VPN, this pseudowire label makes the connection unique. The “show mpls l2transport vc 102” command indicates that, for VC 102, the traffic needs to go to 22.22.22.22.
Let’s break down the commands we entered above.
pseudowire-class ETHERNET specifies that the pseudo wire class name is ETHERNET.
encapsulation mpls indicates MPLS is the encapsulation. L2TPv3 is another option here.
xconnect 22.22.22.22 102 pw-class ETHERNET is the command that enables Layer 2 VPN on the interface. This basically indicates that all traffic from this interface should be forwarded to PE-R2 22.22.22.22. The configuration on PE-R2 should indicate 11.11.11.11 in the xconnect configuration to establish the Layer 2 VPN connection. 102 is the VC identifier and should be identical on both routers and should be unique on the two PE routers. The pw-class command just calls the pseudowire class ETHERNET. The pseudowire name doesn’t need to match on both routers, as this is locally significant.
Let’s test connectivity between CUSTA-R1 and CUSTA-R2.
CUSTA-R1#ping 10.1.12.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.12.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/64/76 ms
CUSTA-R1#sh cdp neigh
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
CUSTA-R2 Fas 1/0 136 R S I 3640 Fas 1/0
PE-R1 Fas 1/0 146 R 7206VXR Fas 0/0
Even CDP is showing that CUSTA-R2 is directly connected to CUSTA-R1.
Task 3: Configure PPP over MPLS AToM between CUSTA-R1 and CUSTB-R2. Configure IP addresses and verify connectivity.
PE-R1(config)#pseudowire-class PPP PE-R1(config-pw-class)#encapsulation mpls PE-R1(config-pw-class)#int se1/0 PE-R1(config-if)#xconnect 22.22.22.22 201 pw-class PPP PE-R1(config-if)#encapsulation ppp PE-R1(config-if)#no shut PE-R2(config-pw-class)#pseudowire-class PPP PE-R2(config-pw-class)#encapsulation mpls PE-R2(config-pw-class)#int se1/0 PE-R2(config-if)#xconnect 11.11.11.11 201 pw-class PPP PE-R2(config-if-xconn)#encap ppp PE-R2(config-if)#encapsulation ppp PE-R2(config-if)#no shut CUSTA-R1(config)#int se0/0 CUSTA-R1(config-if)#no shut CUSTA-R1(config-if)#encapsulation ppp CUSTA-R1(config-if)#ip address 192.168.12.1 255.255.255.0 CUSTA-R2(config)#int se0/0 CUSTA-R2(config-if)#no shut CUSTA-R2(config-if)#encapsulation pp CUSTA-R2(config-if)#ip address 192.168.12.2 255.255.255.0
Configuration is similar to the Ethernet AToM configuration. The only difference here is the encapsulation command. PPP authentication can be added to the customer routers if desired. Verify connectivity.
CUSTA-R1#ping 192.168.12.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.12.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 40/47/72 ms
Task 4: Configure frame relay over MPLS AToM between CUSTB-R1 and CUSTB-R2. Verify connectivity.
The frame-relay Layer 2 VPN configuration will be slightly different from the rest. Instead of declaring a pseudo-wire class, the “connect” command is used. The PE routers will be configured as a frame-relay switch.
PE-R2(config)#frame-relay switching PE-R2(config)#int se1/1 PE-R2(config-if)#no ip address PE-R2(config-if)#no shut PE-R2(config-if)#encap frame-relay IETF PE-R2(config-if)#frame-relay intf-type dce PE-R2(config-if)#exit PE-R2(config)#connect R2-R3 Serial1/1 203 l2transport PE-R2(config-fr-pw-switching)#xconnect 33.33.33.33 10 encapsulation mpls PE-R3(config)#frame-relay switching PE-R3(config)#int se4/0 PE-R3(config-if)#no ip address PE-R3(config-if)#no shut PE-R3(config-if)#encapsulation frame-relay ietf PE-R3(config-if)#frame-relay intf-type dce PE-R3(config-if)#connect R3-R2 Serial4/0 302 l2transport PE-R3(config-fr-pw-switching)#xconnect 22.22.22.22 10 encapsulation mpls CUSTB-R1(config)#int se0/0 CUSTB-R1(config-if)#encapsulation frame-relay ietf CUSTB-R1(config-if)#no shut CUSTB-R1(config)#int se0/0.1 point-to-point CUSTB-R1(config-subif)#ip address 172.16.12.1 255.255.255.0 CUSTB-R1(config-subif)#frame-relay interface-dlci 302 CUSTB-R2(config)#int se0/0 CUSTB-R2(config-if)#encapsulation frame-relay ietf CUSTB-R2(config-if)#no shut CUSTB-R2(config-if)#int se0/0.1 point-to-point CUSTB-R2(config-subif)#ip address 172.16.12.2 255.255.255.0 CUSTB-R2(config-subif)#frame-relay interface-dlci 203
Let’s break down these two commands and understand what they are for.
connect R2-R3 Serial1/1 203 l2transport is basically the equivalent for the pseudo wire class. The Se1/1 is the interface where the succeeding xconnect command will be applied. 203 in this case is the DLCI number. The same value should be configured on the corresponding CE router.
xconnect 22.22.22.22 10 encapsulation mpls is basically the same command as with the Ethernet and PPP examples. The number 10 here should match on both PEs.
Let’s now try and check if frame-relay PVCs are active and whether there is IP reachability between the two customer routers.
CUSTB-R1#sh frame-relay pvc
PVC Statistics for interface Serial0/0 (Frame Relay DTE)
Active Inactive Deleted Static
Local 1 0 0 0
Switched 0 0 0 0
Unused 0 0 0 0
DLCI = 302, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0.1
input pkts 0 output pkts 8 in bytes 0
out bytes 2584 dropped pkts 0 in pkts dropped 0
out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 8 out bcast bytes 2584
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:06:52, last time pvc status changed 00:00:39
CUSTB-R2#sh frame-relay pvc
PVC Statistics for interface Serial0/0 (Frame Relay DTE)
Active Inactive Deleted Static
Local 1 0 0 0
Switched 0 0 0 0
Unused 0 0 0 0
DLCI = 203, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0.1
input pkts 6 output pkts 1 in bytes 1938
out bytes 323 dropped pkts 0 in pkts dropped 0
out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 1 out bcast bytes 323
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
pvc create time 00:04:37, last time pvc status changed 00:01:09
CUSTB-R1#ping 172.16.12.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.12.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/46/56 ms
Let’s check the MPLS forwarding tables and the VC status.
PE-R2#show mpls l2transport vc Local intf Local circuit Dest address VC ID Status ------------- -------------------------- --------------- ---------- ---------- Fa0/0 Ethernet 11.11.11.11 102 UP Se1/0 PPP 11.11.11.11 201 UP Se1/1 FR DLCI 203 33.33.33.33 10 UP
The configured VCs are up and working. That’s it for MPLS Layer 2 VPN
Ref:
http://resources.intenseschool.com/gns3-lab-mpls-layer-2-vpn-atom/
No comments:
Post a Comment