Date created: Friday, September 11, 2015 1:46:22 PM. Last modified: Sunday, January 22, 2017 10:31:08 AM
Multi VRF over ADSL using GRE
Example of using GRE tunnels to route multiple VRF-lite BGP sessions over a single ADSL PPP session, with dedicated GRE concentrators to terminate the GRE tunnels on, instead of the LNS routers themselves.
In this scenario with dedicated GRE concentrators PPP sessions coming into the LNS routers (inside an L2TP tunnel) are terminated in a VRF called "GRE" which is acts as a transport VPN across the provider core for GRE tunnels between CPEs and the GRE concentrator routers. To provide predictable routing any CPE PPP session that is load-balanced by the wholesale providers LAC/BRAS onto LNS1 always routes to GRE concentrator router GRE1 and any CPE PPP session that is terminated on LNS2 always routes to GRE2. Both GRE concentrators have a mirror configuration of the other with the same loopback IP address (inside the GRE VRF), customer GRE tunnels inside the same customer VRFs (same RTs, different RDs), GRE tunnel end-point IPs, and customer eBGP sessions.
LNS Failure:
In the event that an LNS fails (assume that the example CPE is currently connected to LNS1), after the PPP sessions has timed out and dropped (due to the dialer PPP timeout config on the CPE), the LAC will timeout the L2TP tunnel to LNS1 (due to the L2TP no-session timeout, even if the CPE tries to renegotiate the PPP session during this time the L2TP incoming call request negotiation will fail between the LAC to LNS1 so the L2TP no-session timer is still counting down). Eventually the CPE will restart the PPP session to the LAC and the LAC will now open up a new L2TP tunnel to LNS2 (if one doesn't currently exit, or forward the session as a new "call" over the existing tunnel if one does exist), LNS2 will then terminate the L2TP tunnel and terminate the PPP session inside the GRE VRF.
Now the CPE will be able to re-establish its GRE tunnels but unknowingly it will now be communicating with router GRE2, and on top of those tunnels bring up the VRF-lite eBGP sessions. GRE2 will now originate the customer prefixes into the provider network giving connectivity between PE1 and the CPE in both VPNs, "MGMT" and "CUST1”.
GRE Concentrator Failure:
In the event that a GRE router fails (assume that the example CPE is currently connected to LNS1 thus its management "MGMT" and customer "CUST1" GRE VPNs are currently terminating on router GRE1), LNS1 is advertising the customer prefixes (CPE Loopback0 and Loopback1) used to establish the GRE tunnels to GRE2 as well as GRE1 however the BGP Local-Pref is lowered on the advertisements to GRE2. GRE1 and GRE2 are both route reflector clients of each other. Under normal working conditions when GRE1 is up, LNS1 sends the customer prefixes to GRE1 with a higher Local-Pre (which is more preferred) and lower Local-Pref to GRE2 (less preferred). GRE1 is then route reflecting those routes to GRE2 with a higher Local-Pref so GRE2 sees the best routes to the CPE via GRE1 and not LNS1, as long as GRE1 is up.
However GRE1 is re-writing the next hop address on the reflected client routes to GRE2 to a black hole address. This means that as long as GRE1 is up, GRE2 can't communicate with the CPE because the preferred route learnt from GRE1 points to a next hop IP via null interface destination. When GRE1 fails GRE2 will only be receiving the customer routes via LNS1 so the customer tunnels will then move over to GRE2, the next-hop is not being re-written so between LNS1 and GRE2.
Items of note:
MTU end-to-end needs planning:
- CPE MTU 1500 = TCP MSS 1414 bytes
- LAC to LNS minimum MTU = 1544
- LNS to GRE minimum MTU = 1504
Failover for the end user is dependant on the following timeouts being tuned:
- PPP session time out "ppp timeout idle 20" not dialer interface timeout "dialer idle-timeout 0"
- L2TP no-session timeout on VPDN group "l2tp tunnel timeout no-session 10"
- BGP hello and hold timers between CPE and GRE concentrators "timers 3 10"
Failure impact on device load:
- An LNS router failure means the load doubles on the remaining LNS router and GRE concentrator
- When an LNS is restored after a failure all sessions remain on the unaffected LNS and companion GRE router until they are moved back (either by natural churn or manual intervention)
- A GRE concentrator failure means the load remains the same on the two LNS routers but doubles on the remaining GRE concentrator
- When a GRE concentrator is restored after a failure users connected via it's companion LNS would be re-routed instantly causing disruption as no GRE tunnels or BGP sessions will be active on this GRE concentrator, the users will have to wait for BGP to time out then re-establish
Detailed MTU Calculation:
Note: *In this example using GNS3 for testing, PPPoE is being used so in production ADSL would be using PPPoA*
Note: *The end to end MTU is tested using ICMP ping with df-bit set*
CPE to LAC:
14 byte of Ethernet headers
6 bytes of PPPoE headers
2 bytes of PPP headers
20 bytes of IPv4 headers
4 bytes of GRE headers
20 bytes of IPv4 headers
8 bytes of ICMP headers
Total Headers = 74 bytes of header on the wire
Total Headers = 60 bytes of headers to transport (exclude Ethernet)
Total Headers = 56 bytes of headers to transport (exclude Ethernet and if using PPPoA on ADSL instead of PPPoE on Ethernet)
1444 bytes of ICMP payload
Total = 74+1444 = 1518 bytes on the wire (when using PPPoE IOS is allowing 1518 bytes on the wire before fragmentation is needed?)
Total = 60+1444 = 1504 bytes on the wire (exclude Ethernet)
Total = 56+1444 = 1500 bytes on the wire (exclude Ethernet and when using PPPoa/ADSL)
A CPE with a 1500 byte ADSL MTU can transport a maximum 1444 bytes ICMP of data due to the 56 bytes of end-user headers, over ADSL.
LAC to LNS:
-----------------------Provider headers
14 bytes of Ethernet headers
4 byte MPLS transport label (assume the provider is running an MPLS core)
4 byte MPLS VPN label (assume the provider is running an MPLS core)
20 bytes of IPv4 headers
8 bytes of UDP headers
8 bytes of L2TP headers
-----------------------Customer headers
4 bytes of PPP headers
20 bytes of IPv4 headers
4 bytes of GRE headers
20 bytes of IPv4 headers
8 bytes of ICMP headers
Total Headers = 114 bytes of headers on the wire
Total Headers = 100 bytes of headers to transport (exclude Ethernet)
1444 bytes of end user ICMP payload
Total = 114+1444 = 1558 bytes on the wire
Total = 100+1444 = 1544 bytes on the wire (exclude Ethernet)
Another way to calculate this, the provider needs 44 bytes of headers excluding Ethernet, the end user 1500 byte packet (56 bytes of headers and 1444 bytes of payload) + provider 44 bytes of overhead requires a 1544 byte MTU between LAC and LNS routers.
LNS to GRE:
-----------------------Provider headers
14 bytes of Ethernet headers
4 byte MPLS transport label (assume the provider is running an MPLS core)
4 byte MPLS VPN label (assume the provider is running an MPLS core)
-----------------------Customer headers
20 bytes of IPv4 headers
4 bytes of GRE headers
20 bytes of IPv4 headers
8 bytes of ICMP headers
Total Headers = 74 bytes of headers on the wire
Total Headers = 60 bytes of headers (exclude Ethernet)
1444 bytes of end user ICMP payload
Total = 74+1444 = 1518 bytes on the wire
Total = 60+1444 = 1504 bytes on the wire (exclude Ethernet)
Another way to calculate this, the provider has 8 bytes of headers excluding Ethernet, the end user 1496 byte packet (52 bytes of header and 1444 bytes of payload) + provider 8 bytes of overhead requires a 1504 byte MTU between LNS and GRE routers.
Adjust for TCP and ATM framing:
When using TCP a further 12 bytes on the 8 byte ICMP header is required so with TCP the maximum segment size is 1444-12=1432. The MSS must be adjusted to 1432 globally with "ip tcp mss 1432" or on the dialer interface with "ip tcp adjust-mss 1432".
However to keep a packet received on the LAN and destined for the WAN, in line with the ADSL ATM frame sizes to reduce additional frames and padding the TCP MSS could be adjusted as follows (assuming a 1500 byte LAN MTU):
1500 / 48 (ATM cell size) = 31 (whole ATM cells with remainder)
31 * 48 = 1488 bytes
1488 - 8 byte trailer = 1480 bytes
1480 - 2 bytes PPP = 1478 bytes MTU that exactly fills 31 ATM cells.
1478 - (20 bytes IPv4 + 4 bytes GRE + 20 bytes IPv4 + 20 bytes TCP) = 1414 byte TCP MSS
ip tcp mss 1414
or
ip tcp adjust-mss 1414
Configurations:
! CPE ip vrf CUST1 rd 172.16.10.1:61 route-target export 65001:61 route-target import 65001:61 ! ip vrf MGMT rd 172.16.10.1:51 route-target export 65001:51 route-target import 65001:51 ! interface Loopback0 ip address 172.16.10.1 255.255.255.255 ! interface Loopback1 ip address 172.16.10.2 255.255.255.255 ! interface Tunnel51 description Management Tunnel ip vrf forwarding MGMT ip address 172.16.51.2 255.255.255.252 ip tcp adjust-mss 1414 tunnel source Loopback0 tunnel destination 10.0.50.1 ! interface Tunnel61 description Customer Traffic Tunnel ip vrf forwarding CUST1 ip address 172.16.61.2 255.255.255.252 ip tcp adjust-mss 1414 tunnel source Loopback1 tunnel destination 10.0.50.1 ! interface FastEthernet0/0 description Link to LAC no ip address duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 ! interface Dialer1 ip address negotiated encapsulation ppp dialer pool 1 dialer idle-timeout 0 dialer persistent ppp authentication chap callin ppp pap sent-username test@example.net password 0 testpassword ppp ipcp route default ppp timeout idle 20 ! router bgp 65001 bgp router-id 172.16.10.1 bgp log-neighbor-changes ! address-family ipv4 vrf CUST1 redistribute connected neighbor 172.16.61.1 remote-as 65000 neighbor 172.16.61.1 timers 3 10 neighbor 172.16.61.1 activate neighbor 172.16.61.1 next-hop-self exit-address-family ! address-family ipv4 vrf MGMT redistribute connected neighbor 172.16.51.1 remote-as 65000 neighbor 172.16.51.1 timers 3 10 neighbor 172.16.51.1 activate neighbor 172.16.51.1 next-hop-self exit-address-family
! LAC vpdn enable vpdn multihop vpdn search-order domain ! vpdn-group test request-dialin protocol l2tp domain example.net initiate-to ip 192.0.2.1 initiate-to ip 192.0.2.5 local name l2tp-tunnel no l2tp tunnel authentication l2tp tunnel timeout no-session 10 ! bba-group pppoe global virtual-template 1 ! interface FastEthernet0/0 description link to LNS1 ip address 192.0.2.2 255.255.255.252 mtu 2000 ! interface FastEthernet0/1 description Link to LNS2 ip address 192.0.2.6 255.255.255.252 mtu 2000 ! interface FastEthernet1/0 description Link to CPE no ip address pppoe enable group global ! interface Virtual-Template1 no ip address no ip redirects no ip proxy-arp no logging event link-status no peer default ip address ntp disable no keepalive ppp authentication pap callin
! LNS1 ip vrf GRE rd 10.0.0.1:50 route-target export 65000:50 route-target import 65000:50 ! ip dhcp excluded-address vrf GRE 192.168.0.0 192.168.0.99 ip dhcp excluded-address vrf GRE 192.168.0.200 192.168.0.254 ! ip dhcp pool test-pool vrf GRE network 192.168.0.0 255.255.255.0 ! ip domain name example.net ! mpls label protocol ldp vpdn enable ! vpdn-group test accept-dialin protocol l2tp virtual-template 1 terminate-from hostname l2tp-tunnel local name tunnel-gw no l2tp tunnel authentication ! username test@example.net password 0 testpassword ! bba-group pppoe global virtual-template 1 ! interface Loopback0 ip address 10.0.0.1 255.255.255.255 ! interface Loopback50 ip vrf forwarding GRE ip address 10.0.50.2 255.255.255.255 ! interface FastEthernet0/0 description Link to LAC ip address 192.0.2.1 255.255.255.252 mtu 2000 ! interface FastEthernet0/1 description Link to GRE1 ip address 192.0.2.9 255.255.255.252 mtu 2000 ip ospf 1 area 0 mpls ip ! interface FastEthernet1/0 description Link to LNS2 ip address 192.0.2.17 255.255.255.252 mtu 2000 ip ospf 1 area 0 mpls ip ! interface Virtual-Template1 ip vrf forwarding GRE ip unnumbered Loopback50 no ip redirects no ip proxy-arp peer default ip address dhcp-pool test-pool ppp authentication chap pap ! router ospf 1 router-id 10.0.0.1 passive-interface default no passive-interface FastEthernet0/1 no passive-interface FastEthernet1/0 network 10.0.0.1 0.0.0.0 area 0 ! router bgp 65000 template peer-session PE timers 3 10 exit-peer-session ! bgp router-id 10.0.0.1 bgp log-neighbor-changes neighbor 10.0.0.2 remote-as 65000 neighbor 10.0.0.2 inherit peer-session PE neighbor 10.0.0.2 description LNS2 neighbor 10.0.0.2 update-source Loopback0 neighbor 10.0.0.3 remote-as 65000 neighbor 10.0.0.3 inherit peer-session PE neighbor 10.0.0.3 description GRE1 neighbor 10.0.0.3 update-source Loopback0 neighbor 10.0.0.4 remote-as 65000 neighbor 10.0.0.4 inherit peer-session PE neighbor 10.0.0.4 description GRE2 neighbor 10.0.0.4 update-source Loopback0 ! address-family ipv4 no neighbor 10.0.0.2 activate no neighbor 10.0.0.3 activate no neighbor 10.0.0.4 activate exit-address-family ! address-family vpnv4 neighbor 10.0.0.2 activate neighbor 10.0.0.2 send-community extended neighbor 10.0.0.2 next-hop-self neighbor 10.0.0.2 route-map GRE-ROUTES-TO-LNS2 out neighbor 10.0.0.3 activate neighbor 10.0.0.3 send-community extended neighbor 10.0.0.3 next-hop-self neighbor 10.0.0.4 activate neighbor 10.0.0.4 send-community extended neighbor 10.0.0.4 next-hop-self exit-address-family ! address-family ipv4 vrf GRE redistribute static exit-address-family ! ip extcommunity-list expanded GRE-ROUTES permit 65000:50 ip bgp-community new-format ! ip route vrf GRE 172.16.10.1 255.255.255.255 192.168.0.100 ip route vrf GRE 172.16.10.2 255.255.255.255 192.168.0.100 ! route-map GRE-ROUTES-TO-GRE1 permit 10 match extcommunity GRE-ROUTES ! route-map GRE-ROUTES-TO-GRE2 permit 10 match extcommunity GRE-ROUTES set local-preference 50 ! route-map GRE-ROUTES-TO-LNS2 deny 10 match extcommunity GRE-ROUTES ! mpls ldp router-id Loopback0 force
! LNS2 ip vrf GRE rd 10.0.0.2:50 route-target export 65000:50 route-target import 65000:50 ! ip dhcp excluded-address vrf GRE 192.168.0.0 192.168.0.199 ! ip dhcp pool test-pool vrf GRE network 192.168.0.0 255.255.255.0 ! ip domain name example.net ! mpls label protocol ldp vpdn enable ! vpdn-group test accept-dialin protocol l2tp virtual-template 1 terminate-from hostname l2tp-tunnel local name tunnel-gw no l2tp tunnel authentication ! username test@example.net password 0 testpassword ! bba-group pppoe global virtual-template 1 ! interface Loopback0 ip address 10.0.0.2 255.255.255.255 ! interface Loopback50 ip vrf forwarding GRE ip address 10.0.50.2 255.255.255.255 ! interface FastEthernet0/0 description Link to LAC ip address 192.0.2.5 255.255.255.252 mtu 2000 ! interface FastEthernet0/1 description Link to GRE2 ip address 192.0.2.13 255.255.255.252 mtu 2000 ip ospf 1 area 0 mpls ip ! interface FastEthernet1/0 description Link to LNS1 ip address 192.0.2.18 255.255.255.252 mtu 2000 ip ospf 1 area 0 mpls ip ! interface Virtual-Template1 ip vrf forwarding GRE ip unnumbered Loopback50 no ip redirects no ip proxy-arp peer default ip address dhcp-pool test-pool ppp authentication chap pap ! router ospf 1 router-id 10.0.0.2 passive-interface default no passive-interface FastEthernet0/1 no passive-interface FastEthernet1/0 network 10.0.0.2 0.0.0.0 area 0 ! router bgp 65000 template peer-session PE timers 3 10 exit-peer-session ! bgp router-id 10.0.0.2 bgp log-neighbor-changes neighbor 10.0.0.1 remote-as 65000 neighbor 10.0.0.1 inherit peer-session PE neighbor 10.0.0.1 description LNS1 neighbor 10.0.0.1 update-source Loopback0 neighbor 10.0.0.3 remote-as 65000 neighbor 10.0.0.3 inherit peer-session PE neighbor 10.0.0.3 description GRE1 neighbor 10.0.0.3 update-source Loopback0 neighbor 10.0.0.4 remote-as 65000 neighbor 10.0.0.4 inherit peer-session PE neighbor 10.0.0.4 description GRE2 neighbor 10.0.0.4 update-source Loopback0 ! address-family ipv4 no neighbor 10.0.0.1 activate no neighbor 10.0.0.3 activate no neighbor 10.0.0.4 activate exit-address-family ! address-family vpnv4 neighbor 10.0.0.1 activate neighbor 10.0.0.1 send-community extended neighbor 10.0.0.1 next-hop-self neighbor 10.0.0.1 route-map GRE-ROUTES-TO-LNS1 out neighbor 10.0.0.3 activate neighbor 10.0.0.3 send-community extended neighbor 10.0.0.3 next-hop-self neighbor 10.0.0.4 activate neighbor 10.0.0.4 send-community extended neighbor 10.0.0.4 next-hop-self exit-address-family ! address-family ipv4 vrf GRE redistribute static exit-address-family ! ip extcommunity-list expanded GRE-ROUTES permit 65000:50 ip bgp-community new-format ! ip route vrf GRE 172.16.10.1 255.255.255.255 192.168.0.200 ip route vrf GRE 172.16.10.2 255.255.255.255 192.168.0.200 ! route-map GRE-ROUTES-TO-LNS1 deny 10 match extcommunity GRE-ROUTES ! route-map GRE-ROUTES-TO-LNS1 permit 20 ! route-map GRE-ROUTES-TO-GRE1 permit 10 match extcommunity GRE-ROUTES set local-preference 50 ! route-map GRE-ROUTES-TO-GRE2 permit 10 match extcommunity GRE-ROUTES ! mpls ldp router-id Loopback0 force
! GRE1 ip vrf CUST1 rd 10.0.0.3:61 route-target export 65001:61 route-target import 65001:61 ! ip vrf GRE rd 10.0.0.3:50 route-target export 65000:50 route-target import 65000:50 ! ip vrf MGMT rd 10.0.0.3:51 route-target export 65001:51 route-target import 65001:51 ! mpls label protocol ldp ! interface Loopback0 ip address 10.0.0.3 255.255.255.255 ! interface Loopback50 ip vrf forwarding GRE ip address 10.0.50.1 255.255.255.255 ! interface Tunnel51 description CPE1 - Management Tunnel ip vrf forwarding MGMT ip address 172.16.51.1 255.255.255.252 ip tcp adjust-mss 1414 tunnel source Loopback50 tunnel destination 172.16.10.1 tunnel vrf GRE ! interface Tunnel61 description CPE1 - Customer Traffic Tunnel ip vrf forwarding CUST1 ip address 172.16.61.1 255.255.255.252 ip tcp adjust-mss 1414 tunnel source Loopback50 tunnel destination 172.16.10.2 tunnel vrf GRE ! interface FastEthernet0/0 description Link to GRE2 ip address 192.0.2.21 255.255.255.252 mtu 2000 ip ospf 1 area 0 mpls ip ! interface FastEthernet0/1 description Link to LNS1 ip address 192.0.2.10 255.255.255.252 mtu 2000 ip ospf 1 area 0 mpls ip ! interface FastEthernet1/0 description Link to PE1 ip address 192.0.2.25 255.255.255.252 mtu 2000 ip ospf 1 area 0 mpls ip ! router ospf 1 passive-interface default no passive-interface FastEthernet0/0 no passive-interface FastEthernet0/1 no passive-interface FastEthernet1/0 network 10.0.0.3 0.0.0.0 area 0 ! router bgp 65000 template peer-policy CPE next-hop-self exit-peer-policy ! template peer-session CPE timers 3 10 exit-peer-session ! template peer-session PE timers 3 10 exit-peer-session ! bgp router-id 10.0.0.3 bgp log-neighbor-changes neighbor 10.0.0.1 remote-as 65000 neighbor 10.0.0.1 inherit peer-session PE neighbor 10.0.0.1 description LNS1 neighbor 10.0.0.1 update-source Loopback0 neighbor 10.0.0.2 remote-as 65000 neighbor 10.0.0.2 inherit peer-session PE neighbor 10.0.0.2 description LNS2 neighbor 10.0.0.2 update-source Loopback0 neighbor 10.0.0.4 remote-as 65000 neighbor 10.0.0.4 inherit peer-session PE neighbor 10.0.0.4 description GRE2 neighbor 10.0.0.4 update-source Loopback0 neighbor 10.0.0.5 remote-as 65000 neighbor 10.0.0.5 inherit peer-session PE neighbor 10.0.0.5 description PE1 neighbor 10.0.0.5 update-source Loopback0 ! address-family ipv4 no neighbor 10.0.0.1 activate no neighbor 10.0.0.2 activate no neighbor 10.0.0.4 activate no neighbor 10.0.0.5 activate exit-address-family ! address-family vpnv4 neighbor 10.0.0.1 activate neighbor 10.0.0.1 send-community extended neighbor 10.0.0.1 next-hop-self neighbor 10.0.0.1 route-map PRIMARY-LNS-IN in neighbor 10.0.0.1 route-map PRIMARY-LNS-OUT out neighbor 10.0.0.2 activate neighbor 10.0.0.2 send-community extended neighbor 10.0.0.2 next-hop-self neighbor 10.0.0.2 route-map BACKUP-LNS-IN in neighbor 10.0.0.2 route-map BACKUP-LNS-OUT out neighbor 10.0.0.4 activate neighbor 10.0.0.4 send-community extended neighbor 10.0.0.4 route-reflector-client neighbor 10.0.0.4 route-map GRE-ROUTES-TO-GRE2 out neighbor 10.0.0.5 activate neighbor 10.0.0.5 send-community extended neighbor 10.0.0.5 next-hop-self exit-address-family ! address-family ipv4 vrf CUST1 neighbor 172.16.61.2 remote-as 65001 neighbor 172.16.61.2 inherit peer-session CPE neighbor 172.16.61.2 activate neighbor 172.16.61.2 inherit peer-policy CPE neighbor 172.16.61.2 next-hop-self exit-address-family ! address-family ipv4 vrf GRE redistribute connected exit-address-family ! address-family ipv4 vrf MGMT neighbor 172.16.51.2 remote-as 65001 neighbor 172.16.51.2 inherit peer-session CPE neighbor 172.16.51.2 activate neighbor 172.16.51.2 inherit peer-policy CPE exit-address-family ! ip extcommunity-list expanded GRE-ROUTES permit 65000:50 ip bgp-community new-format ! ip route 6.6.6.6 255.255.255.255 Null0 ! ip prefix-list GRE-LOOPBACKS seq 10 permit 10.0.50.1/32 ! route-map GRE-ROUTES-TO-GRE2 permit 10 match extcommunity GRE-ROUTES set ip next-hop 6.6.6.6 ! route-map GRE-ROUTES-TO-GRE2 deny 20 ! route-map BACKUP-LNS-OUT permit 10 match ip address prefix-list GRE-LOOPBACKS match extcommunity GRE-ROUTES set local-preference 50 ! route-map BACKUP-LNS-OUT permit 20 ! route-map PRIMARY-LNS-IN permit 10 match extcommunity GRE-ROUTES set local-preference 100 ! route-map PRIMARY-LNS-IN permit 20 ! route-map PRIMARY-LNS-OUT permit 10 match ip address prefix-list GRE-LOOPBACKS match extcommunity GRE-ROUTES set local-preference 100 ! route-map PRIMARY-LNS-OUT permit 20 ! route-map BACKUP-LNS-IN permit 10 match extcommunity GRE-ROUTES set local-preference 50 ! route-map BACKUP-LNS-IN permit 20 ! mpls ldp router-id Loopback0 force
! GRE2 ip vrf CUST1 rd 10.0.0.4:61 route-target export 65001:61 route-target import 65001:61 ! ip vrf GRE rd 10.0.0.4:50 route-target export 65000:50 route-target import 65000:50 ! ip vrf MGMT rd 10.0.0.4:51 route-target export 65001:51 route-target import 65001:51 ! mpls label protocol ldp ! interface Loopback0 ip address 10.0.0.4 255.255.255.255 ! interface Loopback50 ip vrf forwarding GRE ip address 10.0.50.1 255.255.255.255 ! interface Tunnel51 description CPE1 - Management Tunnel ip vrf forwarding MGMT ip address 172.16.51.1 255.255.255.252 ip tcp adjust-mss 1414 tunnel source Loopback50 tunnel destination 172.16.10.1 tunnel vrf GRE ! interface Tunnel61 description CPE1 - Customer Traffic Tunnel ip vrf forwarding CUST1 ip address 172.16.61.1 255.255.255.252 ip tcp adjust-mss 1414 tunnel source Loopback50 tunnel destination 172.16.10.2 tunnel vrf GRE ! interface FastEthernet0/0 description Link to GRE1 ip address 192.0.2.22 255.255.255.252 mtu 2000 ip ospf 1 area 0 mpls ip ! interface FastEthernet0/1 description Link to LNS2 ip address 192.0.2.14 255.255.255.252 mtu 2000 ip ospf 1 area 0 mpls ip ! interface FastEthernet1/0 description Link to PE1 ip address 192.0.2.29 255.255.255.252 mtu 2000 ip ospf 1 area 0 mpls ip ! router ospf 1 router-id 10.0.0.4 passive-interface default no passive-interface FastEthernet0/0 no passive-interface FastEthernet0/1 no passive-interface FastEthernet1/0 network 10.0.0.4 0.0.0.0 area 0 ! router bgp 65000 template peer-policy CPE next-hop-self exit-peer-policy ! template peer-session CPE timers 3 10 exit-peer-session ! template peer-session PE timers 3 10 exit-peer-session ! bgp router-id 10.0.0.4 bgp log-neighbor-changes neighbor 10.0.0.1 remote-as 65000 neighbor 10.0.0.1 inherit peer-session PE neighbor 10.0.0.1 description LNS1 neighbor 10.0.0.1 update-source Loopback0 neighbor 10.0.0.2 remote-as 65000 neighbor 10.0.0.2 inherit peer-session PE neighbor 10.0.0.2 description LNS2 neighbor 10.0.0.2 update-source Loopback0 neighbor 10.0.0.3 remote-as 65000 neighbor 10.0.0.3 inherit peer-session PE neighbor 10.0.0.3 description GRE1 neighbor 10.0.0.3 update-source Loopback0 neighbor 10.0.0.5 remote-as 65000 neighbor 10.0.0.5 inherit peer-session PE neighbor 10.0.0.5 description PE1 neighbor 10.0.0.5 update-source Loopback0 ! address-family ipv4 no neighbor 10.0.0.1 activate no neighbor 10.0.0.2 activate no neighbor 10.0.0.3 activate no neighbor 10.0.0.5 activate exit-address-family ! address-family vpnv4 neighbor 10.0.0.1 activate neighbor 10.0.0.1 send-community extended neighbor 10.0.0.1 next-hop-self neighbor 10.0.0.1 route-map BACKUP-LNS-IN in neighbor 10.0.0.1 route-map BACKUP-LNS-OUT out neighbor 10.0.0.2 activate neighbor 10.0.0.2 send-community extended neighbor 10.0.0.2 next-hop-self neighbor 10.0.0.2 route-map PRIMARY-LNS-IN in neighbor 10.0.0.2 route-map PRIMARY-LNS-OUT out neighbor 10.0.0.3 activate neighbor 10.0.0.3 send-community extended neighbor 10.0.0.3 route-reflector-client neighbor 10.0.0.3 route-map GRE-ROUTES-TO-GRE1 out neighbor 10.0.0.5 activate neighbor 10.0.0.5 send-community extended neighbor 10.0.0.5 next-hop-self exit-address-family ! address-family ipv4 vrf CUST1 neighbor 172.16.61.2 remote-as 65001 neighbor 172.16.61.2 inherit peer-session CPE neighbor 172.16.61.2 activate neighbor 172.16.61.2 inherit peer-policy CPE neighbor 172.16.61.2 next-hop-self exit-address-family ! address-family ipv4 vrf GRE redistribute connected exit-address-family ! address-family ipv4 vrf MGMT neighbor 172.16.51.2 remote-as 65001 neighbor 172.16.51.2 inherit peer-session CPE neighbor 172.16.51.2 activate neighbor 172.16.51.2 inherit peer-policy CPE exit-address-family ! ip extcommunity-list expanded GRE-ROUTES permit 65000:50 ip bgp-community new-format ! ip route 6.6.6.6 255.255.255.255 Null0 ! ip prefix-list GRE-LOOPBACKS seq 10 permit 10.0.50.1/32 ! route-map GRE-ROUTES-TO-GRE1 permit 10 match extcommunity GRE-ROUTES set ip next-hop 6.6.6.6 ! route-map GRE-ROUTES-TO-GRE1 deny 20 ! route-map BACKUP-LNS-OUT permit 10 match ip address prefix-list GRE-LOOPBACKS match extcommunity GRE-ROUTES set local-preference 50 ! route-map BACKUP-LNS-OUT permit 20 ! route-map PRIMARY-LNS-IN permit 10 match extcommunity GRE-ROUTES set local-preference 100 ! route-map PRIMARY-LNS-OUT permit 10 match ip address prefix-list GRE-LOOPBACKS match extcommunity GRE-ROUTES set local-preference 100 ! route-map PRIMARY-LNS-OUT permit 20 ! route-map BACKUP-LNS-IN permit 10 match extcommunity GRE-ROUTES set local-preference 50 ! mpls ldp router-id Loopback0 force
! PE1 ip vrf CUST1 rd 10.0.0.5:61 route-target export 65001:61 route-target import 65001:61 ! ip vrf MGMT rd 10.0.0.5:51 route-target export 65001:51 route-target import 65001:51 ! mpls label protocol ldp ! interface Loopback0 ip address 10.0.0.5 255.255.255.255 ! interface Loopback51 ip vrf forwarding MGMT ip address 10.0.51.1 255.255.255.255 ! interface Loopback61 ip vrf forwarding CUST1 ip address 10.0.61.1 255.255.255.255 ! interface FastEthernet0/0 description Link to GRE1 ip address 192.0.2.26 255.255.255.252 mtu 2000 mpls ip ! interface FastEthernet0/1 description Link to GRE2 ip address 192.0.2.30 255.255.255.252 mtu 2000 ip ospf 1 area 0 mpls ip ! router ospf 1 router-id 10.0.0.5 passive-interface default no passive-interface FastEthernet0/0 no passive-interface FastEthernet0/1 network 10.0.0.5 0.0.0.0 area 0 ! router bgp 65000 template peer-session PE timers 3 10 exit-peer-session ! bgp router-id 10.0.0.5 bgp log-neighbor-changes neighbor 10.0.0.3 remote-as 65000 neighbor 10.0.0.3 inherit peer-session PE neighbor 10.0.0.3 description GRE1 neighbor 10.0.0.3 update-source Loopback0 neighbor 10.0.0.4 remote-as 65000 neighbor 10.0.0.4 inherit peer-session PE neighbor 10.0.0.4 description GRE2 neighbor 10.0.0.4 update-source Loopback0 ! address-family ipv4 no neighbor 10.0.0.3 activate no neighbor 10.0.0.4 activate exit-address-family ! address-family vpnv4 neighbor 10.0.0.3 activate neighbor 10.0.0.3 send-community extended neighbor 10.0.0.3 next-hop-self neighbor 10.0.0.4 activate neighbor 10.0.0.4 send-community extended neighbor 10.0.0.4 next-hop-self exit-address-family ! address-family ipv4 vrf CUST1 redistribute connected exit-address-family ! address-family ipv4 vrf MGMT redistribute connected exit-address-family ! mpls ldp router-id Loopback0 force
Previous page: MLPPP over ADSL
Next page: Multi-VRF over ADSL using GRE and IPSEC