Configuring MPLS VPNs
A Virtual Private Network (VPN) is an IP-based network that delivers private network services over a public infrastructure. VPNs allow you to create a set of sites that can communicate privately over the Internet or other public or private networks.
The following sections describe how to configure MPLS VPNs on the Cisco MWR 2941:
•
Understanding MPLS VPNs
•
Configuring MPLS VPNs
•
Sample MPLS VPN Configuration
Understanding MPLS VPNs
A conventional VPN consists of a full mesh of tunnels or permanent virtual circuits (PVCs) connecting all of the sites within the VPN. This type of VPN requires changes to each edge device in the VPN in order to add a new site. MPLS VPNs, also known as Layer 3 VPNs, are easier to manage and expand than conventional VPNs because they use layer 3 communication protocols and are based on a peer model. The peer model enables the service provider and customer to exchange Layer 3 routing information, enabling service providers to relay data between customer sites without customer involvement. The peer model also provides improved security of data transmission between VPN sites because data is isolated between improves security between VPN sites.
The Cisco MWR 2941 supports the following MPLS VPN types:
•
Basic Layer 3 VPN—Provides a VPN private tunnel connection between customer edge (CE) devices in the service provider network. The provider edge (PE) router uses Multiprotocol Border Gateway Protocol (MP-BGP) to distribute VPN routes and MPLS Label Distribution Protocol (LDP) to distribute Interior Gateway Protocol (IGP) labels to the next-hop PE router.
•
MPLS Carrier Supporting Carrier (CSC) VPN—Enables an MPLS VPN-based service provider to allow other service providers to use a segment of its backbone network. MPLS CSC VPNs use MPLS LDP to distribute MPLS labels and IGP to distribute routes.
•
Inter-Autonomous System (AS) VPN—An inter-AS VPN allows service providers running separate networks to jointly offer MPLS VPN services to the same end customer; an inter-AS VPN can begin at one customer site and traverse multiple service provider backbones before arriving at another customer site.
Configuring MPLS VPNs
Layer 3 VPNs allow you to establish VPNs in a routed environment, improving the flexibility and ease of maintenance of VPNs. For instructions on how to configure layer 3 VPNs, see the MPLS Configuration Guide, Cisco IOS Release 15.0S.
Sample MPLS VPN Configuration
The following section shows a sample configuration for Layer 3 Virtual Private Network (VPN).
Note
This section provides a partial configuration intended to demonstrate a specific feature.
-----------Customer definitions for 2 customers---------------------------------------
vrf definition customer_a
route-target export 192.168.1.1:100
route-target import 192.168.1.1:100
vrf definition customer_b
route-target export 192.168.2.1:200
route-target import 192.168.2.1:200
-------------------Loopback addresses for 2 customers-----------------------------------
vrf forwarding customer_a
ip address 192.169.1.3 255.255.255.255
vrf forwarding customer_b
ip address 192.168.100.1 255.255.255.255
------------------------Core-facing OSPF instance----------------------------
network 100.0.0.0 0.255.255.255 area 0
network 192.168.0.0 0.0.255.255 area 0
network 192.169.0.0 0.0.255.255 area 0
----------------------VRF OSPF instances for 2 customers -------------------------------
router ospf 100 vrf customer_a
redistribute bgp 101 metric-type 1 subnets
network 192.168.0.0 0.0.255.255 area 0
network 192.169.0.0 0.0.255.255 area 0
router ospf 100 vrf customer_b
redistribute bgp 101 metric-type 1 subnets
network 192.168.0.0 0.0.255.255 area 0
network 192.169.0.0 0.0.255.255 area 0
----------------------MP-BGP with 2 VRF customers ---------------------------------
neighbor 100.1.1.2 remote-as 101
neighbor 100.1.1.2 update-source Loopback1
neighbor 100.1.1.2 activate
neighbor 100.1.1.2 activate
neighbor 100.1.1.2 send-community extended
address-family ipv4 vrf customer_b
neighbor 100.1.1.2 remote-as 101
neighbor 100.1.1.2 update-source Loopback1
neighbor 100.1.1.2 activate
address-family ipv4 vrf customer_a
neighbor 100.1.1.2 remote-as 101
neighbor 100.1.1.2 update-source Loopback1
neighbor 100.1.1.2 activate
----------------MP-BGP loopback interface ---------------------------------
ip address 100.1.1.1 255.255.255.255
------------------Core-facing Vlan interface -------------------------------
interface GigabitEthernet0/1
switchport access vlan 20
switchport trunk allowed vlan 1,2,20-23,1002-1005
ip address 192.169.10.1 255.255.255.0
------------------CE-facing Vlan interfaces for 2 customers------------------------------
interface GigabitEthernet0/4
switchport access vlan 100
vrf forwarding customer_a
ip address 192.169.3.2 255.255.255.0
interface GigabitEthernet0/5
switchport access vlan 99
vrf forwarding customer_b
ip address 192.169.3.2 255.255.255.0