Tuesday, August 28, 2012

Lab 185 - MPLS L2 VPN

Prerequisites: CCNP level skills.

Topology
Pic.3 - MPLS Topology 3

Task 1
Based on the previous lab configuration, assume there is no MPLS between PE1 and PE2 (already removed in Lab 184). Remove L2TPv3 configuration from PE1 and PE2

Task 2
Configure PE1 and PE2 to provide layer 2 VPN service between CE3 and CE4. If the task requires this, you can create required static routes and additional interfaces. Use AToM encapsulation to accomplish the task.

Solution

Yet another "interesting" hack here. Don't you miss the time when things were simpler and there was only one way of getting it done?


Task 1
Based on the previous lab configuration, assume there is no MPLS between PE1 and PE2 (already removed in Lab 184). Remove L2TPv3 configuration from PE1 and PE2. 

CE1 (R1) Config:
!

no pseudowire-class VPN1
!
int f0/1.15
 no xconnect 10.0.3.3 45 encapsulation l2tpv3 pw-class VPN1
!


CE2 (R3) Config:
!

no pseudowire-class VPN1
!
int f0/0.34
 no xconnect 10.0.1.1 45 encapsulation l2tpv3 pw-class VPN1
!

Task 2
Configure PE1 and PE2 to provide layer 2 VPN service between CE3 and CE4. If the task requires this, you can create required static routes and additional interfaces. Use AToM encapsulation to accomplish the task.

CE1 (R1) Config:
!

interface Loopback1
 ip address 1.1.1.1 255.255.255.255

!
mpls ldp router-id Loopback1 force
!

interface Tunnel13
 ip address 10.13.13.1 255.255.255.0
 mpls ip
 tunnel source Loopback0
 tunnel destination 10.0.3.3
!
ip route 3.3.3.3 255.255.255.255 Tunnel13
!
interface FastEthernet0/1.15
 encapsulation dot1Q 45
 xconnect 3.3.3.3 45 encapsulation mpls


CE2 (R3) Config:
!

interface Loopback1
 ip address 3.3.3.3 255.255.255.255

mpls ldp router-id Loopback1 force
!        
interface Tunnel13
 ip address 10.13.13.3 255.255.255.0
 mpls ip  
 tunnel source Loopback0
 tunnel destination 10.0.1.1
!
ip route 1.1.1.1 255.255.255.255 Tunnel13

!

interface FastEthernet0/0.34
 encapsulation dot1Q 45
 xconnect 1.1.1.1 45 encapsulation mpls
!

Note!
In previous lab we have removed LDP protocol. For this solution to work, LDP must be implemented (it is used on Tunnel interfaces).

Saturday, August 25, 2012

Lab 184 - L2TPv3

Prerequisites: CCNP level skills.

Topology

Pic1. MPLS Topology 3

Task 1
Assume there is no MPLS between PE1 (R1) and PE2 (R3) (remove LDP protocol in PE routers).

Task 2
Based on the previous lab's assignment (lab 183), configure similar VLAN-based VPN between CE3 (R5) and CE4 (R4). Use L2TPv3 to accomplish the task.

Solution

Task 1
Assume there is no MPLS between PE1 (R1) and PE2 (R3) (remove LDP protocol in PE routers).

PE1 (R1) Config:

R1(config)#int f0/0.13
R1(config-subif)#no mpls ip



PE2 (R3) Config:

R3(config)#int f0/0.13
R3(config-subif)#no mpls ip

Notice!
PE1 and PE2 are not using MP-BGP and LDP any more. Reachability in the cloud is purely OSPF routing domain (Layer3).

Task 2
Based on the previous lab's assignment (lab 183), configure similar VLAN-based VPN between CE3 (R5) and CE4 (R4). Use L2TPv3 to accomplish the task.


PE1 (R1) Config:

R1(config)#int f0/1.15
R1(config-subif)#no xconnect 10.0.3.3 45 encapsulation mpls
R1(config-subif)#

PE2 (R3) Config:

R3(config)#int f0/0.34
R3(config-subif)#no xconnect 10.0.1.1 45 encapsulation mpls
R3(config-subif)#

PE1 and PE2 Config:
!
pseudowire-class VPN1
 encapsulation l2tpv3
 ip local interface Loopback0
!

PE1 Config:
!
interface FastEthernet0/1.15
 encapsulation dot1Q 45
 xconnect 10.0.3.3 45 encapsulation l2tpv3 pw-class VPN1
!

PE2 Config:
!
interface FastEthernet0/0.34
 encapsulation dot1Q 45
 xconnect 10.0.1.1 45 encapsulation l2tpv3 pw-class VPN1
!

Notice!
It took a good while for the tunnel to be brought up. Be patient here!

Verification:

PE1 (R1):

Ping from CE3 to CE4 should now work (also EIGRP adjacency between them too, like in lab 183).

Lab 183 - AToM Vlan Mode

Prerequisites: CCNP level skills.

Topology

Pic3. MPLS Topology 3

If you don't want to waste your time on configuring the above diagram, you can use my configuration available here (in this case task 1 and task 2 are already complete).

Task 1
Remove direct connection (backdoor) between CE3 (R5) and CE4 (R4) by deleting sub-interfaces Fa0/0.45. You can also remove previous lab configuration (lab 182). Create configuration that matches Pic. 3 (above)

Task 2
Remove MP-BGP from both PE routers (we create overlay VPNs this time).

Task 3
Advertise 192.168.5.x and 192.168.4.x subnets into EIGRP. After you have completed task 4, these subnets should be reachable (you can remove network 172.16.0.0 from those routers).

Task 4
Configure Any Transport over MPLS between CE3 (R5) and CE4 (R4). Use IP address 10.45.45.x, where 'x' is the router number. Interfaces should belong to Vlan 45. Pseudowire configuration in PE routers should use number 45.

SOLUTION

Task 3
Advertise 192.168.5.x and 192.168.4.x subnets into EIGRP. After you have completed task 4, these subnets should be reachable (you can remove network 172.16.0.0 from those routers).

CE3 (R5) Config:
!
router eigrp 100
 no network 172.16.0.0
 network 192.168.5.0
 network 10.0.0.0
 no auto-summary
!

CE4 (R4) Config:
!
router eigrp 100
 no network 172.16.0.0
 network 192.168.4.0
 network 10.0.0.0
 no auto-summary
!

Task 4
Configure Any Transport over MPLS between CE3 (R5) and CE4 (R4). Use IP address 10.45.45.x, where 'x' is the router number. Interfaces should belong to Vlan 45. Pseudowire configuration in PE routers should use number 45.

PE1 (R1) Config:
!
interface FastEthernet0/1.15
 encapsulation dot1Q 45
 xconnect 10.0.3.3 45 encapsulation mpls
!

PE2 (R3) Config:
!
interface FastEthernet0/0.34
 encapsulation dot1Q 45
 xconnect 10.0.1.1 45 encapsulation mpls
!

Verification:

PE1 (R1):


PE2 (R3):



CE4 (R4):


Wednesday, August 22, 2012

Lab 182 - EIGRP SoO

Prerequisites: CCNP level skills.


Note!
CE3 and CE4 use BACKDOOR link (should be used by CE routers as a secondary path).
Use the configuration from the previous lab (lab 181).

Topology

Pic2. MPLS Topology 2

You are about to advertise subnets connected to CE3 (R5). The subnets are the two loopbacks:
Loopback1 - 192.168.5.1/27
Loopback2 - 192.168.5.33/27

Based on the previous lab (Lab 181), you should fully understand what a non-standard BGP Cost Community achieves. Consider what can happen when CE3 (R5) advertises its Loopback 1 subnet (192.168.5.0/27) and then it becomes inaccessible (shutdown). Explain what two racing conditions can occur and what they can cause in the given design. List all potential solutions: their pros and cons. Then, proceed to the the tasks below.


! Here is your homework, you must start digging deep.
! Do your Google search on the topic.
! It is imperative that you are able to find information on this,
! and understand the concept. I will help you only when you are
! DESPARATE 
! Geeks are sometimes busy you know ...

Task 1
In CE3 (R5) and CE4 (R4) advertise loopback1 and loopback 2 into EIGRP. 

Task 2
Provide a solution preventing the potential loop that can occur when CE3's Loopback is shutdown (subnet inaccessible). The solution can allow a stale information to be propagated for a short moment but should not rely on changing the default hop count limitation.

Solution 


Task 1
In CE3 (R5) and CE4 (R4) advertise loopback1 and loopback 2 into EIGRP.


CE3 and CE4 Config:
!
router eigrp 100
 network 172.16.0.0
 network 192.168.5.0
 no auto-summary
!

Task 2
Provide a solution preventing the potential loop that can occur when CE3's Loopback is shutdown (subnet inaccessible). The solution can allow a stale information to be propagated for a short moment but should not rely on changing the default hop count limitation.

PE1 (R1) Config:
!
route-map FILTER_WHEN_IT_GETS_BACK permit 10
 set extcommunity soo 100:5
!
interface FastEthernet0/0.15
 encapsulation dot1Q 15
 ip vrf forwarding A
 ip vrf sitemap FILTER_WHEN_IT_GETS_BACK
 ip address 172.16.15.1 255.255.255.0


PE2 (R3) Config:
!
route-map FILTER_WHEN_IT_GETS_BACK permit 10
 set extcommunity soo 100:4
!
interface FastEthernet0/0.34
 encapsulation dot1Q 34
 ip vrf forwarding A
 ip vrf sitemap FILTER_WHEN_IT_GETS_BACK
 ip address 172.16.34.3 255.255.255.0
!

Lab 181 - MPLS BGP Cost Community

Prerequisites: CCNP level skills.

Note!
This lab layout is based on the new physical topology presented here. SW1, SW2 are configured with trunking allowing communication between PE and CE routers.

Note!
CE3 and CE4 use BACKDOOR link (should be used by CE routers as a secondary path).

Topology

Pic2. MPLS Topology 2

Task 1
Re-configure the lab so that it matches the Pic. 2 connections above (you can find the the initial configuration at the bottom of this page assuming you use my layout for MPLS labs).
Do not create VRF yet but check if you can ping all neighboring devices first.

Task 2
In PE1 (R1) and PE2 (R3) configure VRF A with rd and rt import/export value of 1:100.
Assign proper interfaces into the VRF A (as per topology diagram).

Task 3
Configure EIGRP AS 100 in all CE devices. Enable EIGRP on all 172.16.x.x interfaces.
In CE1 (R6) advertise all 192.168.6.x subnets into EIGRP.
In CE2 (SW4) advertise all 192.168.10.x subnets into EIGRP.

NOTE!
Perform the below steps in EXACT order listed!

Task 4
In PE1 (R1), enable EIGRP AS 1 and create EIGRP adjacency with CE1 (R6). PE1 (R1) should learn 192.168.6.x subnets.

Task 5
Establish EIGRP adjacency between PE1 (R1) and CE3 (R5). Make sure that both CE3 (R5) and CE4 (R4) learn prefixes advertised by CE1 (R6). In CE4 (R4) check the next hop address for these destination.

Task 6
In PE2 (R3) configure EIGRP adjacency with CE4 (R4) and with CE2 (SW4). Check the next hop address PE2 (R3) chooses for 192.168.6.x subnets.

Question1:
Which path does PE2 (R3) choose to reach 192.168.6.x subnets?

Task 7
Configure mutual redistribution between EIGRP 100 and MP-BGP in PE1 (R1) and PE2 (R3) respectively. Start by redistributing EIGRP 100 into MP-BGP on PE1 (R1). Wait about 15 seconds and check the next-hop address of 192.168.6.x subnets in PE2's (R3) routing table.

Question2:
Which path does PE2 (R3) choose to reach 192.168.6.x subnets after redistribution and what source is chosen (EIGRP or BGP)? Why?

Question3:
Why do PE routers show only one path towards the remote subnets in their BGP table?

Task 8
Ensure that both CE3 (R5) and CE4 (R4) choose their respective PE router towards all prefixes advertised by CE1 (R6) and CE2 (SW4) . This includes the remote CE-to-PE connection.

Solution

Having some audio problems; solution in writing for now ;)

Task 2
In PE1 (R1) and PE2 (R3) configure VRF A with rd and rt import/export value of 1:100.
Assign proper interfaces into the VRF A (as per topology diagram).

PE1 (R1) Config:
!
ip vrf A
 rd 1:100
 route-target export 1:100
 route-target import 1:100
!
interface FastEthernet0/0.15
 encapsulation dot1Q 15
 ip vrf forwarding A
 ip address 172.16.15.1 255.255.255.0
!
interface FastEthernet0/0.16
 encapsulation dot1Q 16
 ip vrf forwarding A
 ip address 172.16.16.1 255.255.255.0
!

PE2 (R3) Config:
!
ip vrf A
 rd 1:100
 route-target export 1:100
 route-target import 1:100
!
interface FastEthernet0/0.34
 encapsulation dot1Q 34
 ip vrf forwarding A
 ip address 172.16.34.3 255.255.255.0
!
interface FastEthernet0/0.103
 encapsulation dot1Q 103
 ip vrf forwarding A
 ip address 172.16.103.3 255.255.255.0
!

Task 3
Configure EIGRP AS 100 in all CE devices. Enable EIGRP on all 172.16.x.x interfaces.
In CE1 (R6) advertise all 192.168.6.x subnets into EIGRP.
In CE2 (SW4) advertise all 192.168.10.x subnets into EIGRP.

CE1 (R6) Config:
!
router eigrp 100
 network 172.16.0.0
 network 192.168.6.0
 no auto-summary
!

CE2 (SW4) Config:
!
router eigrp 100
 network 172.16.0.0
 network 192.168.10.0
 no auto-summary
!

CE3 (R5) Config:
!
router eigrp 100
 network 172.16.0.0
 no auto-summary
!

CE4 (R4) Config:
!
router eigrp 100
 network 172.16.0.0
 no auto-summary
!

NOTE!
Perform the below steps in EXACT order listed!

Task 4
In PE1 (R1), enable EIGRP AS 1 and create EIGRP adjacency with CE1 (R6). PE1 (R1) should learn 192.168.6.x subnets.

PE (R1) Config:
!
router eigrp 1
 auto-summary
 !
 address-family ipv4 vrf A
  network 172.16.15.1 0.0.0.0
  network 172.16.16.1 0.0.0.0
  no auto-summary
  autonomous-system 100
 exit-address-family
!

Task 5
Establish EIGRP adjacency between PE1 (R1) and CE3 (R5). Make sure that both CE3 (R5) and CE4 (R4) learn prefixes advertised by CE1 (R6). In CE4 (R4) check the next hop address for these destination.

! Done in the task 4

Task 6
In PE2 (R3) configure EIGRP adjacency with CE4 (R4) and with CE2 (SW4). Check the next hop address PE2 (R3) chooses for 192.168.6.x subnets.

! You don't need my assistance here, do you?

Question1:
Which path does PE2 (R3) choose to reach 192.168.6.x subnets?

! Of course, you know the answer to this question! 
! If not, you should get back to study routing fundamentals ;)

Task 7
Configure mutual redistribution between EIGRP 100 and MP-BGP in PE1 (R1) and PE2 (R3) respectively. Start by redistributing EIGRP 100 into MP-BGP on PE1 (R1). Wait about 15 seconds and check the next-hop address of 192.168.6.x subnets in PE2's (R3) routing table.

PE1 (R1) Config:
!
router eigrp 1
 auto-summary
 !
 address-family ipv4 vrf A
  redistribute bgp 1 metric 1 1 1 1 1
  network 172.16.15.1 0.0.0.0
  network 172.16.16.1 0.0.0.0
  no auto-summary
  autonomous-system 100
 exit-address-family
!
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.0.3.3 remote-as 1
 neighbor 10.0.3.3 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
  neighbor 10.0.3.3 activate
  neighbor 10.0.3.3 send-community both
  neighbor 10.0.3.3 next-hop-self
 exit-address-family
 !
 address-family ipv4 vrf A
  redistribute eigrp 100
  no synchronization
!
!
! Similar config on PE2 (R3)
!

Question2:
Which path does PE2 (R3) choose to reach 192.168.6.x subnets after redistribution and what source is chosen (EIGRP or BGP)? Why?

! PE2 chooses direct path through MPLS cloud.
! Two reasons:
! Firstly, BGP Cost Community is advertised and used by default
! The IGP metric is checked before a regular BGP route selection process occurs.
! Secondly, the metric advertised from PE1 to PE2 does not get incremented.
! The metric through site A3 will have a higher value (less preferred)
! You can check the behavior by disabling the command:
! router bgp 1
!  bgp bestpath cost-community ignore
! and then clearing bgp session.


Question3:
Why do PE routers show only one path towards the remote subnets in their BGP table?

! Come on! If you understand the answer in question 2 you must know this!

Task 8
Ensure that both CE3 (R5) and CE4 (R4) choose their respective PE router towards all prefixes advertised by CE1 (R6) and CE2 (SW4) . This includes the remote CE-to-PE connection.

! traceroute from CE3 and CE4 to sites A1 and A2

MPLS Topology 2 Initial Configuration:

PE1 (R1)
!
hostname R1
!
interface Loopback0
 ip address 10.0.1.1 255.255.255.255
!
interface FastEthernet0/0.13
 encapsulation dot1Q 13
 ip address 172.16.13.1 255.255.255.0
 mpls ip  
!         
interface FastEthernet0/0.15
 encapsulation dot1Q 15
 ip address 172.16.15.1 255.255.255.0
!         
interface FastEthernet0/0.16
 encapsulation dot1Q 16
 ip address 172.16.16.1 255.255.255.0
!
router ospf 1
 log-adjacency-changes
 network 10.0.1.1 0.0.0.0 area 0
 network 172.16.12.1 0.0.0.0 area 0
 network 172.16.13.1 0.0.0.0 area 0
!
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.0.3.3 remote-as 1
 neighbor 10.0.3.3 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
  neighbor 10.0.3.3 activate
  neighbor 10.0.3.3 send-community both
  neighbor 10.0.3.3 next-hop-self
 exit-address-family
!

PE2 (R3)
!
hostname R3
!
interface Loopback0
 ip address 10.0.3.3 255.255.255.255
!
interface FastEthernet0/0.13
 encapsulation dot1Q 13
 ip address 172.16.13.3 255.255.255.0
 mpls ip
!
interface FastEthernet0/0.34
 encapsulation dot1Q 34
 ip address 172.16.34.3 255.255.255.0
!
interface FastEthernet0/0.103
 encapsulation dot1Q 103
 ip address 172.16.103.3 255.255.255.0
!
router ospf 1
 log-adjacency-changes
 network 10.0.3.3 0.0.0.0 area 0
 network 172.16.13.3 0.0.0.0 area 0
 network 172.16.23.3 0.0.0.0 area 0
!
router bgp 1
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.0.1.1 remote-as 1
 neighbor 10.0.1.1 update-source Loopback0
 no auto-summary
 !
 address-family vpnv4
  neighbor 10.0.1.1 activate
  neighbor 10.0.1.1 send-community both
  neighbor 10.0.1.1 next-hop-self
 exit-address-family


CE4 (R4)
!
hostname R4
!
interface Loopback0
 ip address 10.0.4.4 255.255.255.255
!
interface Loopback1
 ip address 192.168.4.1 255.255.255.224
!
interface Loopback2
 ip address 192.168.4.33 255.255.255.224
!
interface FastEthernet0/0.34
 encapsulation dot1Q 34
 ip address 172.16.34.4 255.255.255.0
!
interface FastEthernet0/0.45
 encapsulation dot1Q 45
 ip address 172.16.45.4 255.255.255.0
!

CE3 (R5)
!
hostname R5
!
interface Loopback0
 ip address 10.0.5.5 255.255.255.255
!
interface Loopback1
 ip address 192.168.5.1 255.255.255.224
!
interface Loopback2
 ip address 192.168.5.33 255.255.255.224
!
interface FastEthernet0/0.15
 encapsulation dot1Q 15
 ip address 172.16.15.5 255.255.255.0
!
interface FastEthernet0/0.45
 encapsulation dot1Q 45
 ip address 172.16.45.5 255.255.255.0
!

CE1 (R6)
!
hostname R6
!
interface Loopback0
 ip address 10.0.6.6 255.255.255.255
!         
interface Loopback1
 ip address 192.168.6.1 255.255.255.248
!         
interface Loopback2
 ip address 192.168.6.9 255.255.255.248
!         
interface Loopback3
 ip address 192.168.6.17 255.255.255.248
!         
interface Loopback4
 ip address 192.168.6.25 255.255.255.248
!
interface FastEthernet0/0.16
 encapsulation dot1Q 16
 ip address 172.16.16.6 255.255.255.0
!

CE2 (SW4)
!
hostname SW4
!
interface Loopback0
 ip address 10.0.10.10 255.255.255.255
!
interface Loopback1
 ip address 192.168.10.1 255.255.255.240
!         
interface Loopback2
 ip address 192.168.10.17 255.255.255.240
!
interface Vlan103
 ip address 172.16.103.10 255.255.255.0
!

Tuesday, August 14, 2012

Lab 180 - MPLS Internet Access (as VPN)

Prerequisites: CCNP level skills.

Note!
This lab layout is based on the new physical topology presented here. This lab assumes that you have successfully configured ALL previous MPLS labs.


IMPORTANT!
If your configuration contains solution from the previous lab (Lab 179), please remove that solution before you proceed.

Topology


Pic. 1 - MPLS Topology.


Main Goal
BB1 is the Internet router (prefix 111.111.111.1). SW2 is to be the central router to access the Internet. It should be the gateway for the sites connected to VRF A (R4, R5, SW2). Access towards the Internet should be enabled without using global routing table of SW3. SW3 should learn and distribute default route obtained from BB1. The default route must be a VPN prefix. Most important details in this lab:

  • Default route: rd and rt = 1:111
  • IP address 111.111.111.1/24 to simulate Internet prefix (ping test)
  • R4 to advertise 4.4.4.0/24 as public address (loopback 10)
  • R5 to advertise 5.5.5.0/24 as public address (loopback 10)
  • SW2 to advertise 8.8.8.0/24 as public address (loopback 10)
  • R4 and R5 to use SW2's 10.0.8.8 address as an Internet gateway (central site access)
  • You are allowed to use one static route on in R1 and R3.

If you already know how to solve the problem based on the above data, skip the tasks below and go ahead with your solution. 

NOTE
In BB1 and SW3 remove configuration created in lab 179 before proceeding with the tasks below.

Task 1
In BB1 create a loopback interface with IP address of 111.111.111.1/24. This will represent Internet address for a connectivity test.

Task 2
In R1R3, and SW3 (PE routers), create new VRF with the following parameters:
  • Name: INTERNET
  • RD: 1:111
  • RT import/export 1:111
NOTE!
Technically, vrf INTERNET does not have to be configured on R1 and R3 (PEs), since we will use static routing to the central site (10.0.8.8) in task 6. Here vrfs are added only for consistency sakes.

Task 3
Configure BGP peering between SW3 (AS: 1) and BB1 (AS: 254). BB1 should advertise default route towards SW3. This default route should be learned as INTERNET VPN prefix (VRF INTERNET).

Task 4
In R4, R5, and SW2 configure new loopback10 interfaces and advertise them in OSPF as public prefixes. The following addresses should be used:

  • R4 Loopback 10: 4.4.4.4/24
  • R5 loopback 10: 5.5.5.5/24
  • SW2 loopback 10: 8.8.8.8/24
These subnets should be advertised with their /24 network mask length towards the Internet (BB1 should learn them).

Task 5
Configure SW3 so that it advertises the default route towards SW2. Test the connectivity from SW2 loopback 10 interface (8.8.8.8) towards 111.111.111.1.

Task 6
Configure R1 and R3 (PE routers) such that they distribute the default route towards R4 and R5 respectively. Ensure that PE routers point to 10.0.8.8 (SW2) as the central gateway towards to Internet. You are allowed to create one static route on each PE to accomplish the goal.

Solution

Monday, August 13, 2012

Lab 179 - MPLS Internet Access (via global table)

Prerequisites: CCNP level skills.

Note!
This lab layout is based on the new physical topology presented here. This lab assumes that you have successfully configured ALL previous MPLS labs.


IMPORTANT!
As per recommendation ALL loopback addresses on P and PE routers will use /32 network mask! 
PE routers are: R1, R3, SW3.
P router is: R2
All other devices are CE routers in this MPLS topology.

Topology


Pic. 1 - MPLS Topology.



Task 1
Consider your BB1 as the router connected to the Internet. SW3 should have its VLAN 111 interface placed in the global routing table. The below subnets will simulate Internet prefixes.

Configure two loopback interfaces in BB1:
Loopback1: 131.1.1.1/24
Loopback2: 131.1.2.1/24

Task 2
Allow SW2's subnet 10.0.8.0/24 access to the Internet prefixes (132.1.x.x). This access should be done via SW3's global routing table. You are allowed to use one static route in SW3 to accomplish this.

Solution


Friday, August 10, 2012

Lab 178 - MPLS Common Services VPN

Prerequisites: CCNP level skills.

Note!
This lab layout is based on the new physical topology presented here. This lab assumes that you have successfully configured ALL previous MPLS labs.


IMPORTANT!
As per recommendation ALL loopback addresses on P and PE routers will use /32 network mask! 
PE routers are: R1, R3, SW3.
P router is: R2
All other devices are CE routers in this MPLS topology.

Topology


Pic. 1 - MPLS Topology.



Task 1
In SW3 enable loopback1 interface with the address: 10.0.99.9/24.

Task 2
Configure the following vrf in SW3 and assign loopback1 into it.

VRF name = VoIP
rd = 1:500
rt import and export = 1:500 
rt import = 1:501

Task 3
Ensure that two (and no other) subnets: 192.168.6.8/29 (R6's Loopback2) and 10.0.8.8/24 (SW2's loopback0) can reach VoIP gateway address. VoIP gateway expects to communicate with the prefixes advertised as route-target 1:501.

Solution


Monday, August 6, 2012

Lab 177 - MPLS Overlapping VPNs

Prerequisites: CCNP level skills.

Note!
This lab layout is based on the new physical topology presented here. This lab assumes that you have successfully configured ALL previous MPLS labs.


IMPORTANT!
As per recommendation ALL loopback addresses on P and PE routers will use /32 network mask! 
PE routers are: R1, R3, SW3.
P router is: R2
All other devices are CE routers in this MPLS topology.

Topology


Pic. 1 - MPLS Topology.


Task 1
Configure MPLS VPNs such that subnets advertised by SW1 (VRF C) can reach the ones advertised by SW2 (VRF A). Ensure that SW1 CANNOT reach prefixes advertised by R4 and R5 (VRF A), and that SW2 cannot reach subnets advertised by SW4 (VRF C)

NOTE
Restore the Lab 175 configuration after you have completed Lab 176 tasks.

Solution