You only configure VRFs on PE

trapthomas · ‎04-24-2014

Hello,

First of all sorry for my approximate English speaking. I’m playing with a lab, talking about VRFs. I have a star topology which can be seen there: http://imgbox.com/VA0Gsa1p

10.10.X.0/24 networks are simulated by loopback interfaces. I have on all routers a single OSPF process for routing tables, working fine. MPLS is also used, but that’s not my problem. Actually the 10.10.1.0/24 network on PE3 isn’t configured yet, because there is a conflict with PE1’s network. I must use VRFs to isolate each 10.10.1.0/24 network (it’s in my subject).
I created 2 vrf on each router:

Vrf clienta
Rd 1:1
Vrf client
Rd 1:2

Loopback 2 on PE2 is assigned to the “clienta” VRF.
Loopback 8 on PE2 is assigned to the “clientb” VRF.

I don’t understand some things:
In my mind, on PE routers I have to assign the good VRF on interfaces according to client they belongs. But what about P router?! What about the s1/1 interface for example, connected to PE2 so also to client A and client B?! I’m a little bit lost…
Thanks everybody for your help!

4everlearning · ‎04-24-2014

You only configure VRFs on PE routers.. all you need to do in P routers is enable MPLS under the interfaces in order to exchange labels and create LSP (label switched paths), then the packets will be sent through MPLS network using MPLS labels (outter aka transport label and inner aka vpn label)

trapthomas · ‎04-24-2014

And that's it? Damn i really tried to make it complicated... I do not even need to configure specific VRF's routing tables?!

I'll try to attributes VRF on interfaces and i'll go back to you.

Thanks for the reply !

EDIT: in my case, should I also configure MPLS on my loopbacks interfaces (which simulates clients networks) or i just need to configure MPLS on "ISP side" (serial interfaces only) ?

4everlearning · ‎04-24-2014

Assuming that your IGP is running and working fine.

On PE routers you need to do the following:

-Enable MPLS globally and under each interface that will participate in the MPLS network.

-Create VRFs for each customer and configure the RD and RT(import and export) for each VRF.

-Configure MP-BGP (address family VPNv4 between PEs)

-Bind the interfaces to the VRFs, so in your case you need to bind each loopback interface to the VRF you want it to participate in.

-if you are using static or any IGP protocol to connect PEs to CEs, you need to redistribute the routes into MPBGP and vice versa.

On P routers,

-Enable MPLS globally and under each interface that will participate in the MPLS network.

trapthomas · ‎04-24-2014

MP-BGP is an other part of my subject. For now, i just have to configure MPLS over an OSPF network, and segment this network for 2 clients using VRF.

- When you said "enable mpls globally", is "ip cef" command enough or is there something else to do? On interfaces i only used "mpls ip" and "mpls label protocol both" commands. Packet switching seems to work fine.

- I'm confused about import and export RT. In every tech notes i see how it works with BGP, but here my ISP network (P and PE routers) are using OSPF...

4everlearning · ‎04-24-2014

"MP-BGP is an other part of my subject. For now, i just have to configure MPLS over an OSPF network, and segment this network for 2 clients using VRF."

The whole concept of L3 VPNS (VRFs) will not work without enabling MP-BGP.

MP-BGP is the only protocol that can carry vpnv4 (IPv4+RD) routes.

However, if you don't wanna enable MP-BGP yet, you can still enable MPLS on the network for other features such as traffic engineering.

trapthomas · ‎04-25-2014

Ok, thanks 4everlearning for the replies.

I'm able to configure the OSPF/MPLS network between P and PEs routers.

I created for the moment only one VRF, named "a". I want to use it to connect 10.10.X.0/24 PE1's networks with the 10.10.2.0/24 network (connected on PE2).

I created the VRF, created routing table for the VRF and assigned the vrf on interfaces. But when i do a "sh ip route vrf a" i got only my directly connected networks :(

When i do a sh ip ospf neighbor, i don't see the new ospf-process-id created for the vrf...

There is my PE1, PE2 and P configs:

PE1:

ip cef
no ip domain lookup
!
ip vrf a
rd 1:1
route-target export 1:1
route-target import 1:1
!
mpls label protocol ldp
!
mpls ldp router-id Loopback0
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Serial1/0
ip address 192.168.254.9 255.255.255.252
mpls ip
serial restart-delay 0
!
interface Ethernet2/0
ip vrf forwarding a
ip address 10.10.1.1 255.255.255.0
duplex half
mpls ip
!
router ospf 10 vrf a
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 10.10.1.0 0.0.0.255 area 0
network 192.168.254.8 0.0.0.3 area 0
!
router ospf 1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 192.168.254.8 0.0.0.3 area 0
!

PE2:

ip cef
no ip domain lookup
!
!
ip vrf a
rd 1:1
route-target export 1:1
route-target import 1:1
!
mpls label protocol ldp
!
mpls ldp router-id Loopback0
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Serial1/0
ip address 192.168.254.21 255.255.255.252
mpls ip
serial restart-delay 0
!
interface Ethernet2/0
ip vrf forwarding a
ip address 10.10.2.1 255.255.255.0
duplex half
mpls ip
!
router ospf 10 vrf a
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 10.10.2.0 0.0.0.255 area 0
network 192.168.254.20 0.0.0.3 area 0
!
router ospf 1
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 192.168.254.20 0.0.0.3 area 0
!

and finally P router:

ip cef
no ip domain lookup
!
!
ip vrf a
rd 1:1
route-target export 1:1
route-target import 1:1
!
mpls label protocol ldp
!
mpls ldp router-id Loopback0
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface Serial1/0
ip address 192.168.254.10 255.255.255.252
mpls ip
serial restart-delay 0
!
interface Serial1/1
ip address 192.168.254.22 255.255.255.252
mpls ip
serial restart-delay 0
!
router ospf 10 vrf a
router-id 10.10.10.254
log-adjacency-changes
network 5.5.5.5 0.0.0.0 area 0
network 192.168.254.8 0.0.0.3 area 0
network 192.168.254.20 0.0.0.3 area 0
!
router ospf 1
log-adjacency-changes
network 5.5.5.5 0.0.0.0 area 0
network 192.168.254.8 0.0.0.3 area 0
network 192.168.254.20 0.0.0.3 area 0
network 192.168.254.28 0.0.0.3 area 0
network 192.168.254.40 0.0.0.3 area 0
!

Thank you very much to helpers !

EDIT: I also tried this, but still have no routes for VRF a ... :-(

PE1(config)#ip vrf a
PE1(config-vrf)#rd 1:1
PE1(config-vrf)#exit
PE1(config)#int e2/0
PE1(config-if)#ip vrf forwarding a
*Apr 25 14:13:16.759: %TDP-4-IDENT: cannot set VRF a TDP ident
PE1(config-if)#ip address 10.10.1.1 255.255.255.0
PE1(config)#router bgp 10
PE1(config-router)#no synchronization
PE1(config-router)#no auto-summary
PE1(config-router)#bgp log-neighbor-changes
PE1(config-router)#address-family ipv4 vrf a
PE1(config-router-af)#neighbor 2.2.2.2 remote-as 10
PE1(config-router-af)#neighbor 2.2.2.2 update-source lo0
PE1(config-router-af)#neighbor 2.2.2.2 activate
PE1(config-router-af)#network 10.10.1.0 mask 255.255.255.0
PE1(config-router-af)#exit

PE2(config)#ip vrf a
PE2(config-vrf)#rd 1:1
PE2(config-vrf)#exit
PE2(config)#int e2/0
PE2(config-if)#ip vrf forwarding a
*Apr 25 14:13:16.759: %TDP-4-IDENT: cannot set VRF a TDP ident
PE2(config-if)#ip address 10.10.2.1 255.255.255.0
PE2(config)#router bgp 10
PE2(config-router)#no synchronization
PE2(config-router)#no auto-summary
PE2(config-router)#bgp log-neighbor-changes
PE2(config-router)#address-family ipv4 vrf a
PE2(config-router-af)#neighbor 1.1.1.1 remote-as 10
PE2(config-router-af)#neighbor 1.1.1.1 update-source lo0
PE2(config-router-af)#neighbor 1.1.1.1 activate
PE2(config-router-af)#network 10.10.2.0 mask 255.255.255.0
PE2(config-router-af)#exit

4everlearning · ‎04-25-2014

Please go back to my previous post and follow the guidelines.

1) remove any VRF configuration from the P router and for your internal network configure regular OSPF not OSPF VRF. Again on P router you just need to enable MPLS under the interfaces.

2) on PE routers, whenever you configure a VRF and add RD, you need to configure MP-BGP. So basically under the BGP go to Address family VPNv4 and do peering between PEs only (P router is not involved) and dont forget to configure route reflector if you dont have full mesh between PEs.

3) if you configured your clients as loopback addresses, you need to go under BGP to address family IPv4 vrf a and redistribute connected

trapthomas · ‎04-28-2014

You right, it seems that my lab is fucked -.-

I have 3 steps:

1 - MPLS between PE routers

2- VRF lite

3- MP-BGP MPLS

Teacher said "part 2 ans 3 are different things" but VRFs needs MPLS to works so...

Your explanations with this topic : http://packetlife.net/blog/2011/may/16/creating-mpls-vpn/

helped me very much to understand how it works.

I'll try your way and i'll give you feedback ;-)

EDIT: I saw that VRF "lite" do not need MPLS, but every config i saw have one router per client (example: http://blog.indeni.com/vrf-lite-configuration/ ). In my case, i have two clients on same router so i don't even think it's possible with VRF lite. Am i right?

cmandrilly · ‎07-15-2014

Hello,

Have you finally succeed?

have you tried to tunnel (gre) between sites and put them in VRF?

please let me know if you succeed and let us know how you did.

thx

edit:

I succeed doing it with vrf-lite and GRE tunnel between site

I use loopback interfaces for source and destination.

Need some help to understand VRF feature