Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
2
Archived

Don't Label Me Bro! - A MPLS Post

I has chatting with a fellow colleague about the value in seeing the bigger picture when learning topics the other day and had an idea, lets look at a relatively complex example of the full MPLS VPN picture. The point of this is that you can see that advanced solutions are often just the sum of other features and concepts being combined. Plus if you happen to be interesting in the SP track, your day has arrived!

Topology

The topology today is a good 20 routers in VIRL broken up into a few groups.

  • 6 x Provider (P) routers - This is the ISP core that runs OSPF and MPLS
  • 6 x Provider Edge (PE) routers - These routers run BGP and MPLS for the VPN, they also have the VRFs for the CE routers.
  • 2 x Route Reflectors (RR) routers - These are Route Reflector routers, all the PE routers peer to them to receive the VPNv4 routes.
  • 6 x Customer Edge (CE) routers - These are the Customer routers, this is what most of you would see when you order a MPLS service from a ISP.

There are two customers in this topology, CUST-A and CUST-B, very original I know!

Provider Routers

The Basics

The P routers just provide the routing between the PE routers so we just make sure we have IPs on the interfaces and turn on OSPF. For MPLS we will need a /32 loopback address, this is because OSPF will automatically advertise a loopback as a /32 route no matter what the mask is and that will mess with the MPLS side of things.

P01(config)#do sh ip int br | ex unass|0/0
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/1         10.1.2.1        YES NVRAM  up                    up      
GigabitEthernet0/2         10.1.4.1        YES NVRAM  up                    up      
GigabitEthernet0/4         10.1.5.1        YES NVRAM  up                    up      
GigabitEthernet0/9         10.1.255.1      YES manual up                    up      
GigabitEthernet0/10        10.1.11.1       YES NVRAM  up                    up      
Loopback0                  192.168.255.1   YES NVRAM  up                    up 


P01(config)#router ospf 1
P01(config-router)#network 0.0.0.0 255.255.255.255 area 0 

P02(config)#router ospf 1
P02(config-router)#network 0.0.0.0 255.255.255.255 area 0 

P03(config)#router ospf 1
P03(config-router)#network 0.0.0.0 255.255.255.255 area 0 

P04(config)#router ospf 1
P04(config-router)#network 0.0.0.0 255.255.255.255 area 0 

P05(config)#router ospf 1
P05(config-router)#network 0.0.0.0 255.255.255.255 area 0 

P06(config)#router ospf 1
P06(config-router)#network 0.0.0.0 255.255.255.255 area 0 

Turning on MPLS

Cisco actually makes turning on MPLS very easy when compared with other vendors so we can do it with just one command! But because MPLS labels are dynamically generated and are locally significant, we'll explicitly define the MPLS ranges so our traceroutes are easier to read.

P01(config)#mpls label range 100 199

P02(config)#mpls label range 200 299

P03(config)#mpls label range 300 399

P04(config)#mpls label range 400 499

P05(config)#mpls label range 500 599

P06(config)#mpls label range 600 699

OSPF has a MPLS feature that automagically enables LDP on all OSPF enabled interfaces

P01(config)#router ospf 1
P01(config-router)# mpls ldp autoconfig

Once all our P's are configured we can view the MPLS version of the routing table to see what label a particular route will use.

Note:At this point we are using MPLS forwarding in our core! This means that things like ACLs won't be able to affect the MPLS traffic unless you block MPLS entirely.

P01#show mpls forwarding-table 
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop    
Label      Label      or Tunnel Id     Switched      interface              
100        200        192.168.255.16/32   \
                                       0             Gi0/1      10.1.2.2    
           501        192.168.255.16/32   \
                                       0             Gi0/4      10.1.5.5    
101        500        192.168.255.15/32   \
                                       0             Gi0/4      10.1.5.5    
102        202        192.168.255.6/32 0             Gi0/1      10.1.2.2    
           502        192.168.255.6/32 0             Gi0/4      10.1.5.5    
103        Pop Label  192.168.255.5/32 0             Gi0/4      10.1.5.5    
104        Pop Label  192.168.255.4/32 1229          Gi0/2      10.1.4.4    
105        205        192.168.255.3/32 0             Gi0/1      10.1.2.2    
           504        192.168.255.3/32 0             Gi0/4      10.1.5.5    
106        Pop Label  192.168.255.2/32 0             Gi0/1      10.1.2.2    
107        Pop Label  10.4.14.0/24     0             Gi0/2      10.1.4.4    
108        208        10.3.13.0/24     0             Gi0/1      10.1.2.2    
           506        10.3.13.0/24     0             Gi0/4      10.1.5.5    
109        Pop Label  10.2.255.0/24    0             Gi0/1      10.1.2.2    
110        Pop Label  10.2.12.0/24     0             Gi0/1      10.1.2.2    
111        Pop Label  10.2.6.0/24      0             Gi0/1      10.1.2.2    
112        Pop Label  10.2.5.0/24      0             Gi0/1      10.1.2.2    
           Pop Label  10.2.5.0/24      0             Gi0/4      10.1.5.5    
113        Pop Label  10.2.4.0/24      0             Gi0/1      10.1.2.2    
           Pop Label  10.2.4.0/24      0             Gi0/2      10.1.4.4    
114        Pop Label  10.2.3.0/24      0             Gi0/1      10.1.2.2    
115        217        10.6.16.0/24     0             Gi0/1      10.1.2.2    
           511        10.6.16.0/24     0             Gi0/4      10.1.5.5    
116        216        10.3.6.0/24      0             Gi0/1      10.1.2.2    
           512        10.3.6.0/24      0             Gi0/4      10.1.5.5    
117        Pop Label  10.5.6.0/24      0             Gi0/4      10.1.5.5    
118        Pop Label  10.3.5.0/24      0             Gi0/4      10.1.5.5    
119        Pop Label  10.5.15.0/24     0             Gi0/4      10.1.5.5    
120        Pop Label  10.4.5.0/24      0             Gi0/2      10.1.4.4    
           Pop Label  10.4.5.0/24      0             Gi0/4      10.1.5.5

Provider Edge Routers

The Basics

The PEs are about the same except their label range starts at 10000 for PE01 and ends at 60000 for PE06, this is because I have added some IOS-XR routers for fun and their labels start at 16000.

PE01(config)#mpls label range 10000 19999
PE01(config)#
PE01(config)#router ospf 1
PE01(config-router)# network 0.0.0.0 255.255.255.255 area 0
PE01(config-router)# mpls ldp autoconfig

The XR way of doing this is:

RP/0/0/CPU0:PE05(config)#router ospf 1
RP/0/0/CPU0:PE05(config-ospf)# mpls ldp auto-config
RP/0/0/CPU0:PE05(config-ospf)# area 0.0.0.0
RP/0/0/CPU0:PE05(config-ospf-ar)#  interface Loopback0
RP/0/0/CPU0:PE05(config-ospf-ar-if)#  interface GigabitEthernet0/0/0/0

RP/0/0/CPU0:PE05(config)#mpls ldp
RP/0/0/CPU0:PE05(config)#mpls label range table 0 50000 59999

The VRFs

The PE puts each customer's route into a separate routing table, this among other things allows customer's to use the same address space without any conflict. We do that by making a VRF to store the routes. We have two customers so there will be CUST-A and CUST-B depending on the router.

The MPLS solution needs a Route Distinguisher to keep the customer routes unique, we also need to tell BGP what routes we want the customer to receive with the route target. Lastly we tell the router what address family we want, we'll just look at IPv4 right now.

Note: To save some time I've put the same VRFs and values on all the PE routers, though we could use unique RDs for each router to allow for more granular control of routes.

PE01(config)#vrf definition CUST-A
PE01(config-vrf)# rd 100:101
PE01(config-vrf)# route-target export 100:101
PE01(config-vrf)# route-target import 100:101
PE01(config-vrf)# !
PE01(config-vrf)# address-family ipv4

PE01(config)#vrf definition CUST-B
PE01(config-vrf)# rd 100:102
PE01(config-vrf)# route-target export 100:102
PE01(config-vrf)# route-target import 100:102
PE01(config-vrf)# !
PE01(config-vrf)# address-family ipv4

Then we need to add the interface that connects the CE router to the VRF.

Note: If you have an IP on the interface the router will remove it when you add a VRF!

PE01(config)#interface GigabitEthernet3
PE01(config-if)# vrf forwarding CUST-A
PE01(config-if)# ip address 192.168.1.254 255.255.255.0

Now that this is done we can view the interface in its own routing table

PE01(config-if)#do sh ip route vrf CUST-A | be Gateway
Gateway of last resort is not set

      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, GigabitEthernet3
L        192.168.1.254/32 is directly connected, GigabitEthernet3

The XR routers do things a bit differently like so

RP/0/0/CPU0:PE05(config)#vrf CUST-A
RP/0/0/CPU0:PE05(config-vrf)# address-family ipv4 unicast
RP/0/0/CPU0:PE05(config-vrf-af)#  import route-target
RP/0/0/CPU0:PE05(config-vrf-import-rt)#   100:101
RP/0/0/CPU0:PE05(config-vrf-import-rt)#  export route-target
RP/0/0/CPU0:PE05(config-vrf-export-rt)#   100:101

RP/0/0/CPU0:PE05(config)#vrf CUST-B
RP/0/0/CPU0:PE05(config-vrf)# address-family ipv4 unicast
RP/0/0/CPU0:PE05(config-vrf-af)#  import route-target
RP/0/0/CPU0:PE05(config-vrf-import-rt)#   100:102
RP/0/0/CPU0:PE05(config-vrf-import-rt)#  export route-target
RP/0/0/CPU0:PE05(config-vrf-export-rt)#   100:102


RP/0/0/CPU0:PE05(config)#interface GigabitEthernet0/0/0/1
RP/0/0/CPU0:PE05(config-if)# description to CE05
RP/0/0/CPU0:PE05(config-if)# vrf CUST-B
RP/0/0/CPU0:PE05(config-if)# ipv4 address 192.168.5.254 255.255.255.0

BGP

The BGP portion is probably the most config heavy we have seen so far, to make things a bit more concise we are going to utilize a BGP feature called templates, templates let you group similar configurations together so we don't have to repeat the neighbor configuration for all of our peers.

All the PEs will peer with each route reflector that is running for the VPNv4 family. Here is the first RR configuration which is identical to the other one. Each peer calls a template and only the VPNv4 address-family is running.

Note: The RRs don't actually run MPLS because they aren't in the data path, they just make sure all the PEs get the routes.

RR12(config)#router bgp 65123
RR12(config-router)# template peer-policy MPLSVPN-POLICY
RR12(config-router-ptmp)#  route-reflector-client
RR12(config-router-ptmp)#  send-community both
RR12(config-router-ptmp)# exit-peer-policy
RR12(config-router)# !
RR12(config-router)# template peer-session MPLSVPN-PEER
RR12(config-router-stmp)#  remote-as 65123
RR12(config-router-stmp)#  update-source Loopback0
RR12(config-router-stmp)# exit-peer-session
RR12(config-router)# !
RR12(config-router)# bgp cluster-id 1.2.3.4
RR12(config-router)# bgp log-neighbor-changes
RR12(config-router)# no bgp default ipv4-unicast
RR12(config-router)# neighbor 192.168.255.11 inherit peer-session MPLSVPN-PEER
RR12(config-router)# neighbor 192.168.255.12 inherit peer-session MPLSVPN-PEER
RR12(config-router)# neighbor 192.168.255.13 inherit peer-session MPLSVPN-PEER
RR12(config-router)# neighbor 192.168.255.14 inherit peer-session MPLSVPN-PEER
RR12(config-router)# neighbor 192.168.255.15 inherit peer-session MPLSVPN-PEER
RR12(config-router)# neighbor 192.168.255.16 inherit peer-session MPLSVPN-PEER
RR12(config-router)# neighbor 192.168.255.123 inherit peer-session MPLSVPN-PEER
RR12(config-router)# !
RR12(config-router)# address-family vpnv4
RR12(config-router-af)#  neighbor 192.168.255.11 activate
RR12(config-router-af)#  neighbor 192.168.255.11 send-community extended
RR12(config-router-af)#  neighbor 192.168.255.11 inherit peer-policy MPLSVPN-POLICY
RR12(config-router-af)#  neighbor 192.168.255.12 activate
RR12(config-router-af)#  neighbor 192.168.255.12 send-community extended
RR12(config-router-af)#  neighbor 192.168.255.12 inherit peer-policy MPLSVPN-POLICY
RR12(config-router-af)#  neighbor 192.168.255.13 activate
RR12(config-router-af)#  neighbor 192.168.255.13 send-community extended
RR12(config-router-af)#  neighbor 192.168.255.13 inherit peer-policy MPLSVPN-POLICY
RR12(config-router-af)#  neighbor 192.168.255.14 activate
RR12(config-router-af)#  neighbor 192.168.255.14 send-community extended
RR12(config-router-af)#  neighbor 192.168.255.14 inherit peer-policy MPLSVPN-POLICY
RR12(config-router-af)#  neighbor 192.168.255.15 activate
RR12(config-router-af)#  neighbor 192.168.255.15 send-community extended
RR12(config-router-af)#  neighbor 192.168.255.15 inherit peer-policy MPLSVPN-POLICY
RR12(config-router-af)#  neighbor 192.168.255.16 activate
RR12(config-router-af)#  neighbor 192.168.255.16 send-community extended
RR12(config-router-af)#  neighbor 192.168.255.16 inherit peer-policy MPLSVPN-POLICY
RR12(config-router-af)#  neighbor 192.168.255.123 activate
RR12(config-router-af)#  neighbor 192.168.255.123 send-community extended
RR12(config-router-af)#  neighbor 192.168.255.123 inherit peer-policy MPLSVPN-POLICY
RR12(config-router-af)# exit-address-family

On each of the PEs we do a IBGP peering with each RR, we'll also use templates to keep things clean.

PE01(config)#router bgp 65123
PE01(config-router)# template peer-policy MPLSVPN-POLICY
PE01(config-router-ptmp)#  send-community both
PE01(config-router-ptmp)# exit-peer-policy
PE01(config-router)# !
PE01(config-router)# template peer-session MPLSVPN-PEER
PE01(config-router-stmp)#  remote-as 65123
PE01(config-router-stmp)#  update-source Loopback0
PE01(config-router-stmp)# exit-peer-session
PE01(config-router)# !
PE01(config-router)# bgp log-neighbor-changes
PE01(config-router)# no bgp default ipv4-unicast
PE01(config-router)# neighbor 192.168.255.112 inherit peer-session MPLSVPN-PEER
PE01(config-router)# neighbor 192.168.255.134 inherit peer-session MPLSVPN-PEER
PE01(config-router)# !
PE01(config-router)# address-family vpnv4
PE01(config-router-af)#  neighbor 192.168.255.112 activate
PE01(config-router-af)#  neighbor 192.168.255.112 send-community extended
PE01(config-router-af)#  neighbor 192.168.255.112 inherit peer-policy MPLSVPN-POLICY
PE01(config-router-af)#  neighbor 192.168.255.134 activate
PE01(config-router-af)#  neighbor 192.168.255.134 send-community extended
PE01(config-router-af)#  neighbor 192.168.255.134 inherit peer-policy MPLSVPN-POLICY

CE Routing / Redistribution

Next we need to have the VRF run a routing protocol and have the routes be learned by BGP and back again.

We need to enable VRF aware routing on each protocol.

With OSPF we have to make a new process that calls the VRF we want to use. Then we do mutual redistribution between the protocol and BGP.

PE01(config)# router ospf 100 vrf CUST-A
PE01(config-router)# redistribute bgp 65123 subnets
PE01(config-router)# network 0.0.0.0 255.255.255.255 area 0
PE01(config-router)#exit

PE01(config)#router bgp 65123
PE01(config-router)#address-family ipv4 vrf CUST-A
PE01(config-router-af)#  redistribute ospf 100

For EIGRP I'll use Named Mode which I'm sure we'll talk about shortly

PE03(config)#router eigrp MEOWCAT
PE03(config-router)# !
PE03(config-router)# address-family ipv4 unicast vrf CUST-B autonomous-system 2323
PE03(config-router-af)#  !
PE03(config-router-af)#  topology base
PE03(config-router-af-topology)#   redistribute bgp 65123 metric 100000 100 255 1 1500
PE03(config-router-af-topology)#  exit-af-topology
PE03(config-router-af)#  network 0.0.0.0
PE03(config-router-af)# exit-address-family

PE03(config)#router bgp 65123
PE03(config-router)# address-family ipv4 vrf CUST-B
PE03(config-router-af)#  redistribute eigrp 2323

RIP just calls the VRF under its configuration

PE04(config)#router rip
PE04(config-router)# !
PE04(config-router)# address-family ipv4 vrf CUST-B
PE04(config-router-af)#  redistribute bgp 65123 metric 5
PE04(config-router-af)#  network 0.0.0.0
PE04(config-router-af)#  no auto-summary
PE04(config-router-af)#  version 2

PE04(config)#router bgp 65123
PE04(config-router)# address-family ipv4 vrf CUST-B
PE04(config-router-af)#  redistribute rip

The XR side of things looks like this:

For RIP we first need to set a metric with a route-policy

RP/0/0/CPU0:PE05(config)#route-policy BGP_TO_RIP
RP/0/0/CPU0:PE05(config-rpl)#  set rip-metric 5
RP/0/0/CPU0:PE05(config-rpl)#end-policy

Then we enable RIP and do the redistribution with the policy.

RP/0/0/CPU0:PE05(config)#router rip
RP/0/0/CPU0:PE05(config-rip)# vrf CUST-B
RP/0/0/CPU0:PE05(config-rip-vrf)#  interface GigabitEthernet0/0/0/1
RP/0/0/CPU0:PE05(config-rip-vrf-if)#  !
RP/0/0/CPU0:PE05(config-rip-vrf-if)#  redistribute bgp 65123 route-policy BGP_TO_RIP

On the BGP end one thing to note is that the rd is set under the BGP VRF config.

RP/0/0/CPU0:PE05(config)#router bgp 65123
RP/0/0/CPU0:PE05(config-bgp-nbr-af)# vrf CUST-B
RP/0/0/CPU0:PE05(config-bgp-vrf)#  rd 100:102
RP/0/0/CPU0:PE05(config-bgp-vrf)#  address-family ipv4 unicast
RP/0/0/CPU0:PE05(config-bgp-vrf-af)#   redistribute rip

CE

The CE side simply does routing like you would normally do, so nothing exciting there!

CE01(config)#router ospf 1
CE01(config-router)# network 0.0.0.0 255.255.255.255 area 0

Verification

If we did everything correctly we should see OSPF routes on CE01 from CE02 and CE06....we do! Notice that routes from CE02 are O IA even though they are both area 0, this is because MPLS creates a "super backbone" that acts as the main area 0. The routes from CE06 are external because they come from EIGRP.

CE01(config)#do sh ip route ospf | be Gate
Gateway of last resort is not set

      172.16.0.0/16 is variably subnetted, 16 subnets, 2 masks
O IA     172.16.21.1/32 
           [110/3] via 192.168.1.254, 02:23:02, GigabitEthernet0/1
O IA     172.16.22.1/32 
           [110/3] via 192.168.1.254, 02:23:02, GigabitEthernet0/1
O IA     172.16.23.1/32 
           [110/3] via 192.168.1.254, 02:23:02, GigabitEthernet0/1
O IA     172.16.24.1/32 
           [110/3] via 192.168.1.254, 02:23:02, GigabitEthernet0/1
O E2     172.16.61.0/24 
           [110/1] via 192.168.1.254, 02:23:07, GigabitEthernet0/1
O E2     172.16.62.0/24 
           [110/1] via 192.168.1.254, 02:23:07, GigabitEthernet0/1
O E2     172.16.63.0/24 
           [110/1] via 192.168.1.254, 02:23:07, GigabitEthernet0/1
O E2     172.16.64.0/24 
           [110/1] via 192.168.1.254, 02:23:07, GigabitEthernet0/1
O IA  192.168.2.0/24 [110/2] via 192.168.1.254, 02:23:02, GigabitEthernet0/1
O E2  192.168.6.0/24 [110/1] via 192.168.1.254, 02:23:07, GigabitEthernet0/1
      192.168.254.0/32 is subnetted, 3 subnets
O IA     192.168.254.2 [110/3] via 192.168.1.254, 02:23:02, GigabitEthernet0/1
O E2     192.168.254.6 [110/1] via 192.168.1.254, 02:23:07, GigabitEthernet0/1


CE01(config)#do ping 172.16.21.1 so l0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.21.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.254.1 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/25/53 ms

We can tell it is using MPLS by using a traceroute, this may be turned off in the real world but its on by default, we can see what labels are used through the network.

Note: MPLS VPN will use two labels, one for the transport and one from the destination PE.

We can see the second label by looking at BGP

PE01#show bgp vpnv4 unicast rd 100:101 172.16.21.0/24         
BGP routing table entry for 100:101:172.16.21.0/24, version 127
Paths: (2 available, best #2, table CUST-A)
  Not advertised to any peer
  Refresh Epoch 1
  Local
    192.168.255.12 (metric 4) (via default) from 192.168.255.134 (192.168.255.134)
      Origin incomplete, metric 2, localpref 100, valid, internal
      Extended Community: RT:100:101 OSPF DOMAIN ID:0x0005:0x000000640200 
        OSPF RT:0.0.0.126:2:0 OSPF ROUTER ID:192.168.2.254:0
      Originator: 192.168.255.12, Cluster list: 1.2.3.4
      mpls labels in/out nolabel/20039
      rx pathid: 0, tx pathid: 0
  Refresh Epoch 1
  Local
    192.168.255.12 (metric 4) (via default) from 192.168.255.112 (192.168.255.112)
      Origin incomplete, metric 2, localpref 100, valid, internal, best
      Extended Community: RT:100:101 OSPF DOMAIN ID:0x0005:0x000000640200 
        OSPF RT:0.0.0.126:2:0 OSPF ROUTER ID:192.168.2.254:0
      Originator: 192.168.255.12, Cluster list: 1.2.3.4
      mpls labels in/out nolabel/20039
      rx pathid: 0, tx pathid: 0x0

Looking at a traceroute we can see the labels at play.

CE01#traceroute 172.16.21.1 source l11
Type escape sequence to abort.
Tracing the route to 172.16.21.1
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.1.254 9 msec 2 msec 2 msec
  2 10.1.11.1 [MPLS: Labels 125/20034 Exp 0] 33 msec 5 msec 1 msec
  3 10.1.2.2 [MPLS: Labels 223/20034 Exp 0] 10 msec 17 msec 14 msec
  4 192.168.2.254 [MPLS: Label 20034 Exp 0] 10 msec 13 msec 10 msec
  5 192.168.2.2 17 msec *  21 msec

R03 on the other hand can see routes from R04 and R05

CE03#show ip route eigrp  | b Gate
Gateway of last resort is not set

      172.16.0.0/16 is variably subnetted, 16 subnets, 2 masks
D EX     172.16.41.0/24 
           [170/568320] via 192.168.3.254, 02:32:17, GigabitEthernet0/1
D EX     172.16.42.0/24 
           [170/568320] via 192.168.3.254, 02:32:17, GigabitEthernet0/1
D EX     172.16.43.0/24 
           [170/568320] via 192.168.3.254, 02:32:17, GigabitEthernet0/1
D EX     172.16.44.0/24 
           [170/568320] via 192.168.3.254, 02:32:17, GigabitEthernet0/1
D EX     172.16.51.0/24 
           [170/568320] via 192.168.3.254, 02:32:18, GigabitEthernet0/1
D EX     172.16.52.0/24 
           [170/568320] via 192.168.3.254, 02:32:18, GigabitEthernet0/1
D EX     172.16.53.0/24 
           [170/568320] via 192.168.3.254, 02:32:18, GigabitEthernet0/1
D EX     172.16.54.0/24 
           [170/568320] via 192.168.3.254, 02:32:18, GigabitEthernet0/1
D EX  192.168.4.0/24 
           [170/568320] via 192.168.3.254, 02:32:17, GigabitEthernet0/1
D EX  192.168.5.0/24 
           [170/568320] via 192.168.3.254, 02:32:18, GigabitEthernet0/1
      192.168.254.0/32 is subnetted, 3 subnets
D EX     192.168.254.4 
           [170/568320] via 192.168.3.254, 02:32:17, GigabitEthernet0/1
D EX     192.168.254.5 
           [170/568320] via 192.168.3.254, 02:32:18, GigabitEthernet0/1

The End

I suspect it will take a lot of you a while to try to figure this all out but the point is just to show a larger more complex topology than you would see in a typical CCNA R&S day to day. We can see how MPLS VPN is really just BGP + MPLS + VRF + Routing Protocols, when we get around to talking about IWAN you'll see it is DMVPN + VRF + PfR + IPSEC at its core. Cisco really loves gluing things together!

49 points
comment
100% Upvoted
This thread is archived
New comments cannot be posted and votes cannot be cast
Sort by

no comments yet

Be the first to share what you think!

the-packet-thrower

u/the-packet-thrower
Karma
35,568
Cake day
June 6, 2014
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.