Tuesday, August 14, 2012

Lab 180 - MPLS Internet Access (as VPN)

Prerequisites: CCNP level skills.

Note!
This lab layout is based on the new physical topology presented here. This lab assumes that you have successfully configured ALL previous MPLS labs.


IMPORTANT!
If your configuration contains solution from the previous lab (Lab 179), please remove that solution before you proceed.

Topology


Pic. 1 - MPLS Topology.


Main Goal
BB1 is the Internet router (prefix 111.111.111.1). SW2 is to be the central router to access the Internet. It should be the gateway for the sites connected to VRF A (R4, R5, SW2). Access towards the Internet should be enabled without using global routing table of SW3. SW3 should learn and distribute default route obtained from BB1. The default route must be a VPN prefix. Most important details in this lab:

  • Default route: rd and rt = 1:111
  • IP address 111.111.111.1/24 to simulate Internet prefix (ping test)
  • R4 to advertise 4.4.4.0/24 as public address (loopback 10)
  • R5 to advertise 5.5.5.0/24 as public address (loopback 10)
  • SW2 to advertise 8.8.8.0/24 as public address (loopback 10)
  • R4 and R5 to use SW2's 10.0.8.8 address as an Internet gateway (central site access)
  • You are allowed to use one static route on in R1 and R3.

If you already know how to solve the problem based on the above data, skip the tasks below and go ahead with your solution. 

NOTE
In BB1 and SW3 remove configuration created in lab 179 before proceeding with the tasks below.

Task 1
In BB1 create a loopback interface with IP address of 111.111.111.1/24. This will represent Internet address for a connectivity test.

Task 2
In R1R3, and SW3 (PE routers), create new VRF with the following parameters:
  • Name: INTERNET
  • RD: 1:111
  • RT import/export 1:111
NOTE!
Technically, vrf INTERNET does not have to be configured on R1 and R3 (PEs), since we will use static routing to the central site (10.0.8.8) in task 6. Here vrfs are added only for consistency sakes.

Task 3
Configure BGP peering between SW3 (AS: 1) and BB1 (AS: 254). BB1 should advertise default route towards SW3. This default route should be learned as INTERNET VPN prefix (VRF INTERNET).

Task 4
In R4, R5, and SW2 configure new loopback10 interfaces and advertise them in OSPF as public prefixes. The following addresses should be used:

  • R4 Loopback 10: 4.4.4.4/24
  • R5 loopback 10: 5.5.5.5/24
  • SW2 loopback 10: 8.8.8.8/24
These subnets should be advertised with their /24 network mask length towards the Internet (BB1 should learn them).

Task 5
Configure SW3 so that it advertises the default route towards SW2. Test the connectivity from SW2 loopback 10 interface (8.8.8.8) towards 111.111.111.1.

Task 6
Configure R1 and R3 (PE routers) such that they distribute the default route towards R4 and R5 respectively. Ensure that PE routers point to 10.0.8.8 (SW2) as the central gateway towards to Internet. You are allowed to create one static route on each PE to accomplish the goal.

Solution