Basic MPLS VPN


Scenario:

Service provider “StoryTellers” is intrigued by your performance so far, before they allow you to even look at their production MPLS backbone there is another lab they would like you to configure another lab. By using MPLS VPN’s it’s possible to send customer routes over the provider network. OSPF will be configured in the service provider domain (Router SP1, SP2 and SP3), the customer will be using EIGRP.

Goal:

  • Configure all IP addresses as specified in the topology picture.
  • Configure a loopback0 interface on each router:
    HQ: 1.1.1.1 /25
    SP1: 2.2.2.2 /25
    SP2: 3.3.3.3 /25
    SP3: 4.4.4.4 /25
    BRANCH: 5.5.5.5 /25
  • Configure OSPF Area 0 at the provider side (Router SP1, SP2 and SP3).
  • Advertise the loopback interfaces as well in OSPF.
  • Ensure you have full reachability in the OSPF domain.
  • Configure MPLS on all physical interfaces in the service provider domain, do not configure MPLS on physical interfaces pointing towards the customer.
  • Force MPLS to use the loopback interface as router-id.
  • Configure VRF “customer” on SP1 and SP3 as following:
    RD 100:1
    Route-target both 1:100
  • On router SP1 and SP3 add the interfaces pointing towards the customer to the VRF you just created.
  • Ensure you can ping from within the VRF, try this as following on SP1:
    ping vrf customer 192.168.12.1
  • Configure EIGRP AS 100 on router HQ and Branch. Advertise the loopbacks as well.
  • Disable EIGRP auto-summary.
  • Configure EIGRP on router SP1 and SP3 for the correct VRF “customer”.
  • Ensure you have established a EIGRP neighbor relationship between Router HQ and SP1, and between SP3 and Branch.
  • See if you have learned routes by using “show ip route vrf customer”.
  • Configure BGP AS 1 between Router SP1 and SP3, make sure updates are sources from the loopback interface.
  • Configure the correct BGP address families and make sure communities are sent between neighbors.
  • Redistribute EIGRP into BGP, use the correct address-family for the VRF “customer”.
  • Redistribute the information from BGP back into EIGRP, use the following metrics:
    bandwidth: 64kbps
    delay: 1000
    reliability: 255
    load: 1
    MTU: 1500
  • Ensure you have full connectivity between router HQ and Branch. You should see each other’s EIGRP routes that have been carried over the service provider’s MPLS backbone.
  • Optional: Replace the Customer’s EIGRP with OSPF / RIP or BGP and achieve the same result.

IOS:

c3640-jk9s-mz.124-16.bin

Topology:

MPLS Basic VPN

Video Solution:



Configuration Files

You need to register to download the GNS3 topology file. (Registration is free!)

Once you are logged in you will find the configuration files right here.

Opt In Image
Do you want your CCNA or CCNP Certificate?

The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.

Written by RenΓ© Molenaar - CCIE #41726

You May Also Like

About the Author: Rene Molenaar

RenΓ© - CCIE #41726 is the creator of GNS3Vault.com where he shares CCNA, CCNP and CCIE R&S labs. He also blogs about networking on http://networklessons.com

120 Comments

  1. Do I understand correctly that 3.3.3.3/30 is the broadcast address for subnet 3.3.3.0/30?
    Also, is 4.4.4.4/30 the subnet address for 4.4.4.4/30?
    If so, how can these be assigned to interfaces? I keep getting “bad mask” errors when I try.

    For now, I will just use /29, and see how that goes…

  2. I am a member and I have done the registration and yet I do not see any download link? Can someone advise?

  3. Hi

    Only i can download the topology.But i need the configuration of the each router.Can anyone share the configuration for the above topology as i am in need.
    Thanks in advance
    Mr.KD

  4. About the loopbacks, I messed up on that one…you are correct Doug. 3.3.3.3/30 is a broadcast address. I changed the loopbacks all to /25’s, it doesn’t matter much what kind of address you have on the loopbacks.

    Frank, the download link is at the bottom of every article…below the topology picture.

    Mr.Kd, what kind of config would you like to see here? a basic config which has the IP addresses or a final configuration with the working solution? Right now I don’t supply any configs but I think I will in the future…it’s very time consuming to create ‘startup’ configs and ‘final’ configs as well.

  5. Hi Rene
    I am new to MPLS and so i just want to know how to configure MPLS for the above topology.So i request for the configuration so that i will get some ideas and i can create my own topologies.

    Thanks For Your Reply
    KD

  6. Dear All

    Please Can anyone the configuration for the above topology.Please upload r paste the configuration as comment.

    Thanks in Advance
    Kd

  7. I did this one of top of my head, but it should be pretty accurate. I didn’t include the OSPF part for the backbone, just the MPLS.

    // SP1, SP2 and SP3 should have MPLS enabled on the interfaces towards each other…NOT to the customer!

    router (config)# interface f0/0
    router (config)# mpls ip

    // force MPLS to use the loopback’s router ID:

    router (config) mpls ldp router-id loopback0

    // now the VRF part. A VRF is like a ‘virtual routing table’, kinda like a VLAN but now for L3. Let’s create the VRF first, you need to do this on SP1 and SP3:

    router (config)# ip vrf CUSTOMER
    Router(config-vrf)#

    // now we setup the RD (route distinguisher) which is needed to make the customers prefixes unique in our MPLS VPN setup.

    Router(config-vrf)# rd 100:1

    // Next step is to configure the correct route-target. The RT is what ‘creates’ the VPN:

    Router(config-vrf)# route-target import 1:100
    Router(config-vrf)# route-target export 1:100

    // Now we need to add the interfaces pointing towards the customer into the correct VRF, do this on SP1 and SP3 (example is for SP1):

    Router(config)# interface f1/0
    Router(config-if)# ip vrf forwarding CUSTOMER
    // you need to reassign the IP address…but it will tell you.

    Try to ping the customer router from the VRF: (example SP1)
    // ping vrf CUSTOMER 192.168.45.5

    // Now you need to enable routing between the PE routers and the customer router, and we are using EIGRP. The difference is you need to specify the VRF when configuring EIGRP, this is how you do it:

    Router(config)# Router EIGRP 100
    Router(config-router)#address-family ipv4 vrf CUSTOMER
    // then add all the network statements there…

    // At this moment, you should have a working EIGRP between the SP and the Customer.
    // You should have MPLS running on the SP routers.

    // The next step is to get BGP going between SP1 and SP3, we’ll use multi-protocol BGP (MP-BGP) to get those prefixes to the other side. You don’t need to configure BGP on SP2!
    // example is for SP1

    Router(config)#router bgp 1
    Router(config-router)# neighbor 4.4.4.4 remote-as 1
    Router(config-router)# neighbor 4.4.4.4 update-source loopback0

    // we need to send community information:
    Router(config-router)# address-family vpnv4
    Router(config-router-af)# neighbor 4.4.4.4 activate
    Router(config-router-af)# neighbor 4.4.4.4 send-community extended

    // Now we want to get those prefixes to the other side, we need to redistribute from EIGRP to BGP and the other way around.

    Router(config)#router bgp 1
    Router(config-router)#address-family ipv4 unicast
    Router(config-router-af)#redistribute eigrp 100

    // and from BGP to EIGRP, remember that you NEED to supply the metrics for EIGRP!

    Router(config)# Router EIGRP 100
    Router(config-router)#address-family ipv4 vrf CUSTOMER
    Router(config-router-af)#redistribute bgp 1 metric 64000 100 255 1 1500

    That should be it, these commands should be enough to help you to complete the lab.

    Just keep in mind, MPLS itself is just a single command (mpls ip) but there is a lot of knowledge you need beforehand:

    – IP Routing
    – BGP
    – OSPF / EIGRP
    – VRF’s

    This might make it more difficult.

    I’ll create a video how to solve this lab real soon, this one seems to be popular…:)

    Good luck!

  8. Dear Rene

    Thanks a lot for the Video Tutorials and now i got some idea how to configure the MPLS and awaiting for more topologies to come πŸ™‚

    Thanks a lot
    KD

  9. Glad you like it πŸ˜‰ With the same topology you can try to have RIP, OSPF or BGP exchanged for the customer…it’s kinda the same but a little bit different.

    Good luck

  10. Dear Rene
    I configured the same and working fine.But i have some doubts to clarify.

    Can you please explain,what is the use of RD and Route-Target and please explain using which criteria we assigned RD 100:1 and Route-Target 1:100.

    Please excuse if it is a silly question.

    Thanks in Advance
    KD

  11. No problem.

    The RD (Route Distinguisher) is to make a prefix “unique”.

    Let’s say you have Customer A and Customer B…and they both use the 10.0.0.0/8 prefix then you have a problem.

    By adding a RD to the prefix you create a “unique” value.

    You can pick whatever number you like for the RD, i just made something up.

    The Route-Target is used to determine what prefixes you want to import or export, this is what makes the VPN.

    Let’s say you have Customer A and Customer B, they each have 2 sites.

    You can use RT 100:1 for Customer A so the 2 sites can talk to each other.
    Use RT 200:2 for Customer B so the 2 sites can talk to each other.

    Now let’s say Customer A and B want to connect to each other, they each have a HQ site and the 2 HQ’s need to be able to communicate with each other.

    You can create another RT, for example 102:12 and use it to let the HQ’s communicate with each other.

    If you try the Advanced MPLS lab it will make more sense πŸ™‚

  12. Dear Rene

    Thanks a lot for ur xplanation.

    I just want to know

    using the above topology but with some modification like below

    SP1 >> Ethernet Switch >> HQ_A n Branch_B
    SP3 >> Ethernet Switch >> HQ_B n Branch_A

    If i make a scenario like this can i create 2 VLANS, 1 for HQ_A n Branch_A and the next VLAN for HQ_B n Branch_B in the SP1 n SP3.

    And For HQ_A n Branch_A routing protocol EIGRP
    and for HQ_B n Branch_B routing protocol RIP

    Will it works like this.Please suggest ur ideas.

    I think there is no modification in the P ie SP2.

    Please suggest and gimme some ideas to work it out.

    If everything goes fine shall i share the lab with the configuration over here.

    Thanks & Regards
    KD

  13. Hi KD,

    So if I understand correctly…you want to do this

    SP1 SWITCH vlan 10+20
    Connect HQ-A in Vlan10
    Connect Branch-B in vlan 20

    SP3 SWITCH vlan 10+20
    Connect HQ-B in vlan 20
    Connect Branch-A in vlan 10

    If you would build a trunk from the switch to the router and create sub-interfaces on the SP routers…that would work, but why would you want to do this? This isn’t something you would see or do in a real life situation..

    Keep in mind a switch is a layer2 vlan, and a VRF is kinda like a “layer 3 vlan”

    Rene

  14. [quote]Ensure you can ping from within the VRF, try this as following on SP1:
    ping vrf customer 192.168.45.4[/quote]

    This won’t work since we don’t have BGP yet. We should ping either from SP3 or .12.1

    BTW, thanks! You’re doing a good job.

  15. /o all,

    From the start of the posts I noted a one side of a coin and then the other. I see that some issues were addressed with the “config” and then a video added. Hats off to Rene; I’ve been looking at topologies in manuals, books, PDFs and building from them and having to look up a log of stuff along the way. I have found many errors from Authors and I have learned a lot more by having to look things up to make it work. I lost several hours worth of study time from today this evening, but I then went the extra mile to ensure that I save my topologies correctly, as I will work on something and then switch over for a while due to something I read. It can be good to have config’s to compare against but I am really glad that when I download a lab I have to build out from the image.

    Rene, if you decide to add completed configs, can you still have it so we have to… well there is always write erase… wr reload ;).

    Bogard

    (very long day, pardon typos…)

  16. Hi Bogard,

    Seems you had a long day of labs πŸ˜›

    About the configs..I’m trying to add a startup-config to make life easier, and a final config to compare your result against.

    Of course there’s always the video solution to follow your progress.

    Good luck πŸ™‚

    Rene

  17. Dear Rene

    How r u. Seems to be no labs updated for MPLS for a long time. Is it possible to share our labs….

  18. Hi Mr Kd!

    I’m doing fine thanks, I hope you as well πŸ™‚

    I’ve been kinda busy with work so I didn’t have time for MPLS labs…if you have some topologies and tasks please send them over, i’ll wrap them into a nice article for the site!

    Rene

  19. Speaking for myself… I would welcome more labs. The more the better. In response to Rene’s post regarding the start up config, I have several in as text files that I use for a always needed basics… if your using DHCP Pool & exclusions, router – EIGRP/OSPF/ect {AS#’s} XXXX. Line COn 0 settings… ect.

    Thanks again for the site,

    [i]JCB[/i]

  20. Ok so I am new to this and would like to know how to get the IOS images to work. I have found a bunch of IOS .bin files and tried loading them into the GSN3 program but when I try to load the topology from the file above it tells me that my IOS files are in bad paremeter. Any ideas and where did you guys get yours??

    Thanks

  21. DT- really the only solution if you’re unable to get the same IOS version is to build the lab from scratch. I do the same thing with my labs. Doesn’t take too much longer…. πŸ˜›

  22. To configure IBGP between SP1 & SP3 why didnt you use inside the address family ?

  23. The BGP configuration between SP1 and SP3 is a normal default BGP setup:

    router bgp 1
    no synchronization
    bgp log-neighbor-changes
    neighbor 4.4.4.4 remote-as 1
    neighbor 4.4.4.4 update-source Loopback0
    no auto-summary

    The only additional requirement is that you enable [b]address family VPN[/b] because you need the RD along with the prefix.

  24. it’s interesting to note when configuring the bgp vpnv4 send-community parameter that can appear an error message regarding the peering between bgp neighbors along the loopback interface. As i experienced the problem during the configuration i received a message like :”&#xBG;P-4-VPNV4NH_MASK : Nexthop 4.4.4.4 may not be reachable from neigbor 2.2.2.2 – not /32 mask”. After wonder around some possible causes of the problem i remembered that changing the ospf network type we can influence the appearance of the mask of loopback interface. As we were running ospf i changed that under lo0 and everything worked like charme.So bgp expect always an host mask to form neighborship over vpnv4 address-family and if we pass it a network mask the neighborship will fail anyway.

  25. Hi Lev,

    Quick question, on the routers where you saw this error you already had MPLS LDP enabled on the interface? If so…what happens when you disable MPLS and keep the /24 on the interface without changing the OSPF network type?

    Rene

  26. Hi Rene,
    yes the mpls part was completed, and the behaviour is the same without mpls enabled. I’ve paid more attention this time to the error and i noted that the redistribution of eigrp into bgp trigger the notification. It’s like if eigrp routes before to reach bgp are influenced by ospf net-type. But i honestly can’t figured out why because until have no redistribution seems everything fine…what you think about it?

  27. Hi Lev,

    Interesting. I thought it was only MPLS that had trouble with the /32. It’s something i’ll check in a lab…interesting πŸ™‚

  28. Hi Rene,

    I m also not able to see the topology file. Is it a zip. file or sth else? i have downloaded topologies for some other labs like VRF-Lite but that one. Could you please have a look?

    Even if im already registered i only see this:

    [b]You need to register to be able to download the GNS3 Topology File. (Registration is Free!)[/b]

    Thanks.

  29. Hi, Firstly I’d like to thank you for this lab, the resources and the videos, they’ve been very helpful. I’ve been working through the lab solution on your videos and I’ve gotten right to the end of Part 3. However the final 2 pings don’t work for me. Even when I download the Final Configs from here, the last 2 pings don’t work for me. Does anyone know why? Or what I could do to check?

    I have been following the commands in the videos one by one and everything looks identical to your results e.g. if I run the “show ip route vrf CUSTOMER” command I get the same result as in the video. As I said it’s just the last two pings to ensure that the HQ and the Branch have end to end connectivity that is failing.

    Thanks,
    John

  30. Apologies, I just loaded up the topology and the configs again, and the ping is working this time. It’s a bit of a mystery to be honest as I haven’t done anything differently from last time. At least it’s working now anyway, so thanks again!

  31. Hi John,

    There are a number of things to check when you are troubleshooting MPLS:

    1. Check the BGP adjacency between the PE routers.
    2. Check the VRF routing table and see if you can ping from the PE by using the VRF table (ping vrf
    3. Check the BGP and IGP (OSPF, RIP, EIGRP) table/database to see if your redistribution is ok.
    4. You can also check if there’s a label by using the “show mpls ldp bindings” command.

  32. It depends on the ISP solution, it’s possible that you will get an Ethernet connection from the ISP to the customer.

    For some of the labs I chose FastEthernet because you won’t have any layer1 or layer2 issues. If the lab is about MPLS I don’t want people to start struggling with layer1 or layer2 frame-relay issues or anything else so they only have to focus on MPLS πŸ™‚

  33. Question: Why use two Routing Protocols Within the Service Provider. Is this a realistic scenario ?? would the service Provider simple use a BGP route between them and the Customer?? Just curious. .

  34. This is a good example of a real MPLS network. This is what happens:

    – Within the MPLS “core” we will run an IGP like OSPF to advertise all the loopback interfaces.
    – All the PE routers will run IBGP to exchange routing information.
    – Beween the PE and CE (customer) routers you can use whatever routing protocol you like…OSPF, EIGRP but also BGP. It depends on the customer requirements.

    Keep in mind that whatever the customer advertises to you will be stored in a VRF (virtual routing table).

  35. I notice that mostly all the labs use Fast-Ethernet or Ethernet for making connection would WAN links be a more realistic representation of ISP connections over distance to the Customer or is their a draw back to this approach ??

    1. I use the Ethernet / FastEthernet links to keep things simple. In this lab I’m just focusing on the MPLS part and it would be bad if you also have to think about layer 2 issues with PPP, HDLC or Frame-Relay πŸ™‚

  36. Hi Rene,

    I would like to thank you for the free video lab’s. I took a look at all the labs. I wached the basic mpls vpn video and I appreciated so much that I tried to implment it in my own and it took me so much time to be able to do it.
    I have only a small feedback, namely when implementing the video’s. My remak is that you type very fast and ypu give very little explanation fo the command you are enering. I am CCNA and have a baisc MPLS and routing protocols and theri implementation.
    So, please try to have more time during you explanation especially for the beginners and your video’s will be very valuable and competitive. May thanks for help.

    1. Hi Mobazi,

      Thanks for your kind words and comments. In my future videos I’ll make sure to type a bit slower and take my time to explain things. I do "assume" however that people have read/learned a bit about the background theory of the protocols because it’s hard to explain theory + the implementation at the same time πŸ™‚ I hope it’s helpful to you and i’ll do my best in the future!

      Rene

  37. excellent LAB loved watching it….. Appreciation and thank you for the effort…. One thing I would like to notify here is I am not able to download the zip files attached to LAB can you please help….

    1. Hi Mohammed,

      Once you have registered and logged in you should be able to see the attachments of the bottom of each article. Can you see them?

      Rene

  38. Hi Gurus,
    I want to connect one Server with SP1 and one Server with SP3.Say server ips are (SP1-Server-192.168.2.1/30) and (SP3-Server-192.168.3.1/30). Do i need to add these networks to eigrp AS 100?. Actually i want to access these servers from hosts connected to Branch and HQ.

    1. You will have to advertise these networks in EIGRP. They will be redistributed into BGP and forwarded across the MPLS backbone.

      You can test this by adding additional loopback interfaces on HQ and Branch and advertise these into EIGRP.

  39. [b]excellent lab matey..
    just had a question though.
    when i do a traceroute from either the HQ or the Branch, the MPLS backbone routers come up in the list.
    i did do a no mpls ip propogate-ttl forwarded but that didn’t help.

    i also did a no mpls ip propagate-ttl and that removed only one hop router from being show.

    default traceroute:

    HQ#traceroute 5.5.5.5

    Type escape sequence to abort.
    Tracing the route to 5.5.5.5

    1 192.168.12.2 132 msec 80 msec 52 msec
    2 192.168.23.3 [MPLS: Labels 17/22 Exp 0] 340 msec 464 msec 408 msec
    3 192.168.45.4 [MPLS: Label 22 Exp 0] 288 msec 268 msec 208 msec
    4 192.168.45.5 400 msec * 424 msec

    after running a no mpls ip propagate-ttl on all my mpls backbone
    HQ#traceroute 5.5.5.5

    Type escape sequence to abort.
    Tracing the route to 5.5.5.5

    1 192.168.12.2 184 msec 92 msec 40 msec
    2 192.168.45.4 [MPLS: Label 22 Exp 0] 204 msec 348 msec 408 msec
    3 192.168.45.5 308 msec * 720 msec

    how do i hide that second hop?
    cheers for the lab..
    [/b]

    edit: is this related to PHP that i am seeing this?

    1. You see the last hop because of PHP (Penultimate Hop Popping). I’m not sure if we can disable the last hop in the traceroute showing up.

  40. thanks mate. let me try a php on the sp2 router and see what happens.
    lastly I had a question regarding the route target and rd.
    should the rd and the rt be unique in the whole mpls backbone domain? if yes, why?

    1. The RD (Route-Distuingisher) is used to make unique VPN routers. If multiple customers would use the 10.0.0.0/8 network or something else then it’s the RD that makes a "unique" VPN route. If you would use the same RD number we could have duplicates so yes it should be a unique value.

      The RT (Route-Target) is used to import or export prefixes, it should be unique because otherwise you might import or export prefixes that you didn’t intend to.

      I think that sounds about right πŸ™‚

  41. Hey, I had a bit of a hard time making this work and in the end it was because of a tiny difference in my configuration. Can someone help me understand the reason for this?:

    – When I first did all the configuration, I didn’t use the "ip ospf network point-to-point" on the PE loopback interfaces. The result was that there was no end-to-end communication between the customer sites.

    – I compared with the final configs and since this command was the only thing I was missing I thought I’d give it a try. Immediately after issuing the command on both sides, end-to-end communication started working perfectly!

    Can somebody explain to me why this happens? Thanks

    1. I might also add that although there was no end-to-end communication, route propagation was working (HQ routes were being propagated to the branch end) and PE-to-PE communication via the loopbacks was working as well. This made my troubleshooting a bit harder because I didn’t understand where the problem was.

    2. It’s because OSPF by default ALWAYS advertises a loopback interface as /32. If you configure a /24 subnet mask on the loopback interface then there will be a mismatch. OSPF advertises a /32 while you have a label for a /24 network. Changing the network type to something else (not loopback) will make OSPF advertise the network as whatever you configured on the interface. Another option is configuring a /32 subnet mask on the loopback interface.

  42. Hey Rene, I cleared my MPLS exam yesterday and used your labs to practice the concepts. Just want to thank you for providing this resource. Look forward to doing more such labs.

    Cheers,
    Aditya

    1. Hello Aditya,

      Congratulations! I’m glad my labs were useful to you.

      Greetings,

      Rene

  43. Renee,

    This is a well put together intro to MPLS, I’m loving it.

    I have a question. When configuring the vrf rd and route-target, you used 100:1 and 1:100 respectively. I have two questions:

    1. Do these numbers relate to OSPF PID and EIGRP ASN because they must, or because of convenience and simplicity? Put another way, do these numbers need to match the PID and ASN numbers to function.

    2. Could you explain the ordering (100:1 for rd and 1:100 for route-target) and is this also important?

    Matt

    1. Ok, now I am seeing that you used EIGRP ASN 100 and 1 for the customer and provider processes, respectively. I think get it. It has nothing to do with the OSPF process–that’s just for provider internal connectivity…I’m stupid!

      I’m thinking that the vrf rd and route-target commands are telling the router to "translate" or "connect" the customer’s EIGRP PID 100 into the internal provider EIGRP PID 1 and vice versa. Correct?

      1. It’s more of a coincidence that I picked these numbers. The RD (Route Distinguisher) is used to add "something extra" to a prefix so that it’s 100% unique. We do this in case customers have the same prefix. By adding the RD it’s a "unique prefix".

        The RT (Route Target) is kinda like a label…it helps us to select what we want to import/export.

  44. Hi Rene,

    I’m new to GNS3, and I have some basic questions πŸ™‚
    Did you use the same type of routers (c 3600) in this lab with image c3640-jk9s-mz.124-16.bin ? I’m asking this because I read somewhere that to configure MPLS VPN we need at least C7200 for PE routers.

    Thanks

    1. Hi Bobi,

      I used the C3640 images, they can run MPLS without any issues. Maybe some features like xconnect (pseudowire) can only be done on the 7200 routers.

      If you want to see what routers I used, just open the topology.net file in notepad/wordpad and you’ll see the IOS image.

      Rene

  45. Hi Rene,
    This is a very good lab and I loved doing it. Thanks to preconfigured routers, which was usually much of a pain in each lab.
    Also, I can see the routes being exchanged across the MPLS cloud and see them in the routing tables of the customers HQ and branch, however I’m not able to ping them. Even not able to ping the learnt routes from the PEs.

    Did some troubleshooting, but in vain., Any clues?
    Thanks.

    1. If you post your configs in the forum we can take a look. Are you able to ping the PE routers from the customer routers?

  46. Any ideas why I am getting (tdp) for my default instead of (ldp)? Why am I getting "Tag switching has not been enabled."?

    I followed the lab exactly as it is shown on youtube. Hmm

    I am on Video 1/3 on youtube (8:21). I am trying to get MPLS enabled properly on SP1, SP2, SP3.

    [IMG]http://i.imgur.com/MqIZg.png[/IMG]

    1. There’s LDP and TDP. TDP is the Cisco labeling protocol if I’m correct. It probably depends on the IOS version that you are using which one is the default. You can change it however.

      I think if you go the interface level you can change it with the "mpls label protocol" command.

  47. I found that even when I started the lab using a different 3640 IOS than the one mentioned in this article, the MPLS IP command didn’t work so well.

    I went back, used the EXACT IOS in your article, and build a brand new GNS3 project, then everything worked perfectly.

  48. When i tried the above lab, my BGP doesnt peer – even after stripping it – see below
    —————————————-
    router bgp 1
    no synchronization
    bgp log-neighbor-changes
    neighbor 192.168.34.4 remote-as 1
    neighbor 192.168.34.4 ebgp-multihop 30
    neighbor 192.168.34.4 update-source Loopback0
    no auto-summary
    !
    Connectivity test —- SP1#traceroute 192.168.34.4 source 2.2.2.2

    Type escape sequence to abort.
    Tracing the route to 192.168.34.4

    1 192.168.23.3 20 msec 60 msec 20 msec
    2 192.168.34.4 16 msec 36 msec *
    SP1#
    ————————–
    SP3#traceroute 192.168.23.2 source 4.4.4.4

    Type escape sequence to abort.
    Tracing the route to 192.168.23.2

    1 192.168.34.3 24 msec 24 msec 28 msec
    2 192.168.23.2 20 msec 36 msec *
    SP3#
    !
    router bgp 1
    no synchronization
    bgp log-neighbor-changes
    neighbor 192.168.23.2 remote-as 1
    neighbor 192.168.23.2 ebgp-multihop 30
    neighbor 192.168.23.2 update-source Loopback0
    no auto-summary
    !
    ____________________________________

    Regarding the EIGRP configuration for the VRF, does the difference in AS number for customer and PE router matter ? e.g from the video you configured eigrp AS 1 and on the VRF you configured AS number 100. what if i configured AS100 for PE router and 100 for customer AS on the address family

  49. It is great information for CCNP shooting lab, I am new & thanks for information …

  50. Hi everyone , please How configure frame- relay between PE and CE ?
    VPN Level 2

  51. I have some queries going through video solution. Please take your effort to clear my doubts.

    what is difference b/w Route Target Both command and route target export and Import both commands in the router. Because u used Route target both on SP1 and route target export as well as import in SP3, can we use route target both on same router and what effect will gave only export or import on SP routers

    2nd Question.

    BGP

    u create address-family vpvn4 under BGP, what effect will it take address-family vpvn4 unicast of SP routers?

    3rd question

    on SP1 u created neighbour 4.4.4.4 send-community both
    but
    SP3 u created neigbour 2.2.2.2 send-community extended..

    what is difference of this two.. why cant we use send-community both on SP3 is well..

    Please explain these 3 question.. on each function(export,import,extended and both as well unicast) key command i asked queries..

    1. I also did the Lab using 7200 IOS image and U will not find the ‘autonomous-system ‘ command form the list…just type the whole command manually and enter. the command will be accepted.

  52. mpls ip is not a valid command on my routers?

    Cisco IOS Software, 3600 Software (C3640-IK9S-M), Version 12.4(16), RELEASE SOFTWARE (fc1)

    Do I not have the correct IOS?

  53. Hi Rene,
    Thanks for a great lab.
    Can I ask why the SP needs to run BGP and peer the 2 PE routers with iBGP in order for the customer connectivity?
    Could it just work by redistributing EIGRP into OSPF already running?
    thanks!
    Mark.

  54. Hi Rene

    Thanks for all the lessons, I think you might have used a wrong gns3 topology for this lab.please double check this. The lab topology that is shown here and the one that is downloadable for gns 3 are different and hence one cannot do the lab. Thanks!

  55. Excellent Lab.. my first adventure with MPLS, BGP, EIGRP

    Now I understand a lot more than before

  56. Awesome tutorial…..Had a good understanding of MPLS and was looking for some conf examples.
    Your toplogy and explanation was ver helpful. Keep up the good work. Looking forward to the other advanced MPLS stuff on your website πŸ™‚

  57. Dear Rene,

    i becoming a big fan of you. You are doing really impressive job. God bless you brother and keep the nice job.

    Besides, are there any other uploads coming like Advanced MPLS

  58. Great labs.. also great explanation… keep up the good work!!

    However.. whta perhaps will be handy.. is to post the configs of all the routers also..
    because.. now i first watch you’re video’s want to build it myself also to test..
    and sometimes misses some config command…

    then i only have to check to configs again to see what it was…;)

    Perhaps you can think about it..

    thanks

    Kenny

  59. Hi Kenny,

    Do you mean a step-by-step configuration of the routers? not just the complete final configs?

    Rene

  60. Hi Rene,

    Yes indeed.. i mean the final configuration… that would be helpful..

    now i’m trying to configure it.. and when i forgot something i have to watch the video’s again πŸ˜›

    Then i can just take a look at the configs what i forgot to type.

    Thanks

    Kenny

    1. Hi Kenny,

      The final configuration is here, did you see it? πŸ™‚ It has the full configuration for each router.

      Rene

  61. Oeps… i missed it…

    but…i’m i going crazy now or…. is the startup-config zip file the same as the final config???

    hahaha πŸ˜‰

  62. Hi Rene,

    Can you upload the final configs under the final config link please?

    i’m stuck at some point.. but don’t see it right now..

    thankss

    Kenny

    1. Hi Kenny,

      I see I accidently uploaded the startup configs as the final configs. It’s fixed now.

      Rene

  63. Hi Rene,

    Got it working now… πŸ˜‰

    i forgot to redistribute the eigrpo traffic back into the bgp.. πŸ˜›

    however… i was also trying the same topology with static routes from the CE routers..

    with the command on the PE redistribute static and redistribute connected.. also created an ip route vrf on these PE routers… however… it seems that the static and or default routes won’t show up in the vrf ip route table…..

    so the PE router can reach my ip adress learned from the BGP but cannot reach the loopback addresses on my CE routers… just because these routes aren’t in my vrf routing table…

    how can i solve this? or is this just not possible?

    thankss

    Kenny

    1. howdy Kenny,

      i’m not sure what your configs were, so i made some assumptions.

      ====
      * 1 *
      ====

      only running static route (default 0.0.0.0 to PE) on the CE routers HQ & Branch.

      HQ#sh ip proto summ
      Index Process Name
      0 connected
      1 static
      *** IP Routing is NSF aware ***

      HQ#sh ip route | b Gate
      Gateway of last resort is 192.168.12.2 to network 0.0.0.0

      S* 0.0.0.0/0 [1/0] via 192.168.12.2, FastEthernet0/0
      1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
      C 1.1.1.0/24 is directly connected, Loopback0
      L 1.1.1.1/32 is directly connected, Loopback0
      192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks
      C 192.168.12.0/24 is directly connected, FastEthernet0/0
      L 192.168.12.1/32 is directly connected, FastEthernet0/0

      Branch#sh ip proto summ
      Index Process Name
      0 connected
      1 static
      *** IP Routing is NSF aware ***

      Branch#sh ip route | b Gate
      Gateway of last resort is 192.168.45.4 to network 0.0.0.0

      S* 0.0.0.0/0 [1/0] via 192.168.45.4, FastEthernet0/0
      5.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
      C 5.5.5.0/24 is directly connected, Loopback0
      L 5.5.5.5/32 is directly connected, Loopback0
      192.168.45.0/24 is variably subnetted, 2 subnets, 2 masks
      C 192.168.45.0/24 is directly connected, FastEthernet0/0
      L 192.168.45.5/32 is directly connected, FastEthernet0/0

      ====
      * 2 *
      ====

      configured static route on both PE routers pointing to loopback address of the CE routers.

      PE1#sh run | i ip route
      ip route vrf CUSTOMER 1.1.1.0 255.255.255.0 FastEthernet0/1 192.168.12.1

      PE2#sh run | i ip route
      ip route vrf CUSTOMER 5.5.5.0 255.255.255.0 FastEthernet0/0 192.168.45.5

      ====
      * 3 *
      ====

      redistributed both “STATIC” and “CONNECTED” routes in the PE BGP IPV4 address-family VRF.

      PE1#sh run | se router bgp
      router bgp 1
      bgp router-id 2.2.2.2
      bgp log-neighbor-changes
      neighbor 4.4.4.4 remote-as 1
      neighbor 4.4.4.4 update-source Loopback0
      !
      address-family vpnv4
      neighbor 4.4.4.4 activate
      neighbor 4.4.4.4 send-community extended
      exit-address-family
      !
      address-family ipv4 vrf CUSTOMER
      redistribute connected
      redistribute static
      exit-address-family

      PE2#sh run | se router bgp
      router bgp 1
      bgp router-id 4.4.4.4
      bgp log-neighbor-changes
      neighbor 2.2.2.2 remote-as 1
      neighbor 2.2.2.2 update-source Loopback0
      !
      address-family vpnv4
      neighbor 2.2.2.2 activate
      neighbor 2.2.2.2 send-community both
      exit-address-family
      !
      address-family ipv4 vrf CUSTOMER
      redistribute connected
      redistribute static
      exit-address-family

      ====
      * 4 *
      ====

      verified connectivity.

      HQ#ping 5.5.5.5
      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 68/97/124 ms

      Branch#ping 1.1.1.1
      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 56/87/116 ms

      ===============
      ADDITIONAL INFO
      ===============

      PE1#sh ip route vrf CUSTOMER | b Gate
      Gateway of last resort is not set

      1.0.0.0/24 is subnetted, 1 subnets
      S 1.1.1.0 [1/0] via 192.168.12.1, FastEthernet0/1
      5.0.0.0/24 is subnetted, 1 subnets
      B 5.5.5.0 [200/0] via 4.4.4.4, 00:17:46
      192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks
      C 192.168.12.0/24 is directly connected, FastEthernet0/1
      L 192.168.12.2/32 is directly connected, FastEthernet0/1
      B 192.168.45.0/24 [200/0] via 4.4.4.4, 00:15:19

      PE1#sh ip bgp vpnv4 vrf CUSTOMER | b Net
      Network Next Hop Metric LocPrf Weight Path
      Route Distinguisher: 100:1 (default for vrf CUSTOMER)
      *> 1.1.1.0/24 192.168.12.1 0 32768 ?
      *>i 5.5.5.0/24 4.4.4.4 0 100 0 ?
      *> 192.168.12.0 0.0.0.0 0 32768 ?
      *>i 192.168.45.0 4.4.4.4 0 100 0 ?

      PE2#sh ip route vrf CUSTOMER | b Gate
      Gateway of last resort is not set

      1.0.0.0/24 is subnetted, 1 subnets
      B 1.1.1.0 [200/0] via 2.2.2.2, 00:08:34
      5.0.0.0/24 is subnetted, 1 subnets
      S 5.5.5.0 [1/0] via 192.168.45.5, FastEthernet0/0
      B 192.168.12.0/24 [200/0] via 2.2.2.2, 00:16:06
      192.168.45.0/24 is variably subnetted, 2 subnets, 2 masks
      C 192.168.45.0/24 is directly connected, FastEthernet0/0
      L 192.168.45.4/32 is directly connected, FastEthernet0/0

      PE2#sh ip bgp vpnv4 vrf CUSTOMER | b Net
      Network Next Hop Metric LocPrf Weight Path
      Route Distinguisher: 100:1 (default for vrf CUSTOMER)
      *>i 1.1.1.0/24 2.2.2.2 0 100 0 ?
      *> 5.5.5.0/24 192.168.45.5 0 32768 ?
      *>i 192.168.12.0 2.2.2.2 0 100 0 ?
      *> 192.168.45.0 0.0.0.0 0 32768 ?

      =============
      ** LAST NOTE **
      =============

      * WITHOUT REDISTRIBUTING “connected” ROUTES IN THE PE BGP IPv4 VRF, THE CE LOOPBACK ADDRESSES ARE PINGABLE IF YOU SOURCE FROM THE CE LOOPBACK INTERFACE *

      PE1#conf t
      PE1(config-router)#address-family ipv4 vrf CUSTOMER
      PE1(config-router-af)#no redistribute connected
      PE1(config-router-af)#end
      PE1#

      PE1#sh run | se router bgp
      router bgp 1
      bgp router-id 2.2.2.2
      bgp log-neighbor-changes
      neighbor 4.4.4.4 remote-as 1
      neighbor 4.4.4.4 update-source Loopback0
      !
      address-family vpnv4
      neighbor 4.4.4.4 activate
      neighbor 4.4.4.4 send-community extended
      exit-address-family
      !
      address-family ipv4 vrf CUSTOMER
      redistribute static
      exit-address-family

      PE2#conf t
      PE2(config)#router bgp 1
      PE2(config-router)#address-family ipv4 vrf CUSTOMER
      PE2(config-router-af)#no redistribute connected
      PE2(config-router-af)#end
      PE2#

      PE2#sh run | se router bgp
      router bgp 1
      bgp router-id 4.4.4.4
      bgp log-neighbor-changes
      neighbor 2.2.2.2 remote-as 1
      neighbor 2.2.2.2 update-source Loopback0
      !
      address-family vpnv4
      neighbor 2.2.2.2 activate
      neighbor 2.2.2.2 send-community both
      exit-address-family
      !
      address-family ipv4 vrf CUSTOMER
      redistribute static
      exit-address-family

      ====
      PING
      ====

      HQ#ping 5.5.5.5
      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
      …..
      Success rate is 0 percent (0/5)

      HQ#ping 5.5.5.5 source loopback 0
      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
      Packet sent with a source address of 1.1.1.1
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 68/76/88 ms

      Branch#ping 1.1.1.1
      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
      …..
      Success rate is 0 percent (0/5)

      Branch#ping 1.1.1.1 source loopback 0
      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
      Packet sent with a source address of 5.5.5.5
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 48/68/112 ms

      HTH πŸ™‚

  64. Well….from my side only routes available in SP3 and branch……….not getting all route updates in SP1 and HQ……any idea why SP3 and SP1 are not exchanging routes though they are bgp neighbors?

    1. @Mazhar
      BGP 1 is just forming adjacency only between SP1 and SP3. If you want to advertise prefixes into BGP routing table. We have to add “network” command under router bgp 1.

  65. If you cannot ping from one non core router to the other non core router this could be the cause..

    This is one thing I discovered with mpls configuration..

    It appears that the most reliable way to configure this is to use the “mpls ip” command on the appropriate interfaces rather than using auto configuration as below..

    router ospf 1
    mpls ldp autoconfig area 0

    If you use the autoconfigure method you can run into an order of operations issue and find that your pings do not work.

    Simply leaving the auto config command in, briefly manually enabling mpls on the interface and then removing the manual configuration makes the auto configuration work.

    My general rule is you “outta” not use “auto” if you can do it manually. Manual is more reliable.

    Hope this helps someone one day and saves them some time and frustration!

  66. Hi all,
    I have tried the lab and have thus two problems.

    1) Router OSPF
    !
    router ospf 1
    log-adjacency-changes
    network 2.2.2.0 0.0.0.127 area 0
    network 192.168.23.0 0.0.0.255 area 0
    !

    I try here now the command “passive-interface Fast Ethernet x / x”, I get an error here.

    SP_1 (config-router) # passive-interface fastethernet 1/0
    % Specified interface does not belong to this process
    SP_1 (config-router) #

    2) If I try I get a ping from the backbone to the VRF also a mistake.

    SP_1 # ping ip vrf COSTUMER 192.168.12.2

    % IP routing table COSTUMER does not exist
    SP_1 #

    I do not understand why?

    I can ping from CE to CE and the PE to each other works.

    greetings
    Andres

  67. Guys please help me here
    My Eigrp Adjacency are not forming that is my only concern.

    Here is my Confi for Hq1
    My Hq Router

    interface Loopback0
    ip address 4.4.4.4 255.255.255.0
    !
    interface FastEthernet0/0
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface Serial0/0
    no ip address
    shutdown
    clock rate 2000000
    !
    interface FastEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface Serial1/0
    ip address 192.168.24.4 255.255.255.0
    serial restart-delay 0

    !
    router eigrp 100
    network 4.0.0.0
    network 192.168.24.0
    no auto-summary
    !

    My Sp1 Router

    ip vrf customer
    rd 100:1
    route-target export 1:100
    route-target import 1:100
    !

    interface Loopback0
    ip address 2.2.2.2 255.255.255.0
    ip ospf 1 area 0
    !
    interface FastEthernet0/0
    ip address 192.168.23.2 255.255.255.0
    ip ospf 1 area 0
    duplex auto
    speed auto
    mpls ip

    interface Serial1/0
    ip vrf forwarding customer
    ip address 192.168.24.2 255.255.255.0
    serial restart-delay 0
    !

    router eigrp 100
    auto-summary
    !
    address-family ipv4 vrf customer
    network 2.0.0.0
    network 192.168.24.0
    no auto-summary
    exit-address-family
    !
    router ospf 1
    router-id 0.0.0.2
    log-adjacency-changes
    !
    ip forward-protocol nd
    !

    1. You need the specify the AS number under the VRF in EIGRP. It is not inherited from the main process. You should be able to see that EIGRP is not enabled on any interfaces within AS 100 in your VRF right now.

  68. Hi Renee,

    Why do you use two different AS numbers on CE and PE site – one is 100, the other is 1? Our instructor in class told us we only need one AS number? What is the purpose of using two different AS numbers?

    Thanks a lot!

    1. Without looking at the lab, know that the AS number used in the “router eigrp X” statement means nothing when using VRF-aware EIGRP.

  69. i have done this lab easily .but my question is why we are using mpls we can also use vpn or dmvpn by using tunnel(gre)

    1. MPLS solves a different problem. Regular IP encapsulation does not give you fast-reroute or traffic engineering capabilities. For this small lab you could solve it many ways, but in a real provider network, MPLS makes the most sense.

  70. I have problem with the startup configuration , when I open the file after downloading I can only see the routers and without cables hooked up ,when I try to assing the cables for routers to connect each other , it gives error !!
    does anyone know why ? its so frustrating . I have the latest gns3 version
    yahya tuncer

Comments are closed.