Cisco MWR 2941 Mobile Wireless Edge Router Software Configuration Guide, Release 15.0(1)MR - Configuring Layer 3 Virtual Private Networks [Cisco MWR 2900 Series Mobile Wireless Routers]

Table Of Contents

Configuring MPLS VPNs

Understanding MPLS VPNs

Configuring MPLS VPNs

Sample MPLS VPN Configuration

Configuring MPLS VPNs

A Virtual Private Network (VPN) is an IP-based network that delivers private network services over a public infrastructure. VPNs allow you to create a set of sites that can communicate privately over the Internet or other public or private networks.

The following sections describe how to configure MPLS VPNs on the Cisco MWR 2941:

•Understanding MPLS VPNs

•Configuring MPLS VPNs

•Sample MPLS VPN Configuration

Understanding MPLS VPNs

A conventional VPN consists of a full mesh of tunnels or permanent virtual circuits (PVCs) connecting all of the sites within the VPN. This type of VPN requires changes to each edge device in the VPN in order to add a new site. MPLS VPNs, also known as Layer 3 VPNs, are easier to manage and expand than conventional VPNs because they use layer 3 communication protocols and are based on a peer model. The peer model enables the service provider and customer to exchange Layer 3 routing information, enabling service providers to relay data between customer sites without customer involvement. The peer model also provides improved security of data transmission between VPN sites because data is isolated between improves security between VPN sites.

The Cisco MWR 2941 supports the following MPLS VPN types:

•Basic Layer 3 VPN—Provides a VPN private tunnel connection between customer edge (CE) devices in the service provider network. The provider edge (PE) router uses Multiprotocol Border Gateway Protocol (MP-BGP) to distribute VPN routes and MPLS Label Distribution Protocol (LDP) to distribute Interior Gateway Protocol (IGP) labels to the next-hop PE router.

•MPLS Carrier Supporting Carrier (CSC) VPN—Enables an MPLS VPN-based service provider to allow other service providers to use a segment of its backbone network. MPLS CSC VPNs use MPLS LDP to distribute MPLS labels and IGP to distribute routes.

•Inter-Autonomous System (AS) VPN—An inter-AS VPN allows service providers running separate networks to jointly offer MPLS VPN services to the same end customer; an inter-AS VPN can begin at one customer site and traverse multiple service provider backbones before arriving at another customer site.

Configuring MPLS VPNs

Layer 3 VPNs allow you to establish VPNs in a routed environment, improving the flexibility and ease of maintenance of VPNs. For instructions on how to configure layer 3 VPNs, see the MPLS Configuration Guide, Cisco IOS Release 15.0S.

Sample MPLS VPN Configuration

The following section shows a sample configuration for Layer 3 Virtual Private Network (VPN).

Note This section provides a partial configuration intended to demonstrate a specific feature.
!
-----------Customer definitions for 2 customers---------------------------------------
vrf definition customer_a
rd 192.168.1.1:100
route-target export 192.168.1.1:100
route-target import 192.168.1.1:100
!
address-family ipv4
exit-address-family
!
vrf definition customer_b
rd 192.168.2.1:200
route-target export 192.168.2.1:200
route-target import 192.168.2.1:200
!
address-family ipv4
exit-address-family
!
-------------------Loopback addresses for 2 customers-----------------------------------
interface Loopback100
vrf forwarding customer_a
ip address 192.169.1.3 255.255.255.255
!
interface Loopback101
vrf forwarding customer_b
ip address 192.168.100.1 255.255.255.255
!
------------------------Core-facing OSPF instance----------------------------
router ospf 1
log-adjacency-changes
network 100.0.0.0 0.255.255.255 area 0
network 192.168.0.0 0.0.255.255 area 0
network 192.169.0.0 0.0.255.255 area 0
!
----------------------VRF OSPF instances for 2 customers -------------------------------
router ospf 100 vrf customer_a
router-id 192.168.1.3
log-adjacency-changes
redistribute bgp 101 metric-type 1 subnets
network 192.168.0.0 0.0.255.255 area 0
network 192.169.0.0 0.0.255.255 area 0
!
router ospf 100 vrf customer_b
router-id 192.168.100.1
log-adjacency-changes
redistribute bgp 101 metric-type 1 subnets
network 192.168.0.0 0.0.255.255 area 0
network 192.169.0.0 0.0.255.255 area 0
!
----------------------MP-BGP with 2 VRF customers ---------------------------------
router bgp 101
bgp router-id 100.1.1.1
bgp log-neighbor-changes
neighbor 100.1.1.2 remote-as 101
neighbor 100.1.1.2 update-source Loopback1
!
address-family ipv4
redistribute connected
neighbor 100.1.1.2 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 100.1.1.2 activate
neighbor 100.1.1.2 send-community extended
bgp scan-time import 5
exit-address-family
!
address-family ipv4 vrf customer_b
redistribute connected
neighbor 100.1.1.2 remote-as 101
neighbor 100.1.1.2 update-source Loopback1
neighbor 100.1.1.2 activate
no synchronization
exit-address-family
!
address-family ipv4 vrf customer_a
redistribute connected
neighbor 100.1.1.2 remote-as 101
neighbor 100.1.1.2 update-source Loopback1
neighbor 100.1.1.2 activate
no synchronization
exit-address-family
! 
----------------MP-BGP loopback interface ---------------------------------
interface Loopback1
ip address 100.1.1.1 255.255.255.255
!
------------------Core-facing Vlan interface -------------------------------
interface GigabitEthernet0/1
switchport access vlan 20
switchport trunk allowed vlan 1,2,20-23,1002-1005
switchport mode trunk
load-interval 30
!
interface Vlan20
ip address 192.169.10.1 255.255.255.0
load-interval 30
no ptp enable
mpls ip
!
------------------CE-facing Vlan interfaces for 2 customers------------------------------
interface GigabitEthernet0/4
switchport access vlan 100
load-interval 30
duplex full
! 
interface Vlan100
vrf forwarding customer_a
ip address 192.169.3.2 255.255.255.0
!
interface GigabitEthernet0/5
switchport access vlan 99
load-interval 30
duplex full
! 
interface Vlan99
vrf forwarding customer_b
ip address 192.169.3.2 255.255.255.0
!

	Cisco MWR 2941 Mobile Wireless Edge Router Software Configuration Guide, Release 15.0(1)MR
	Configuring Layer 3 Virtual Private Networks
Cisco MWR 2941 Mobile Wireless Edge Router Software Configuration Guide, Release 15.0(1)MR About This Guide Cisco MWR 2941 Router Overview Cisco IOS Software Basics First-Time Configuration Configuring Gigabit Ethernet Interfaces Configuring Layer 2 Interfaces Configuring HWIC-9ESW Interfaces Configuring VLANs Configuring IEEE 802.1Q Tunneling, VLAN Mapping, 802.1ad, and Layer 2 Protocol Tunneling Configuring STP Configuring MSTP Configuring Optional Spanning-Tree Features Managing the MAC Address Table Configuring Cisco Express Forwarding Configuring Resilient Ethernet Protocol Configuring Ethernet Link Operations, Administration, and Maintenance Configuring Clocking and Timing Configuring Synchronous Ethernet ESMC and SSM Configuring MLPPP Backhaul Configuring Multiprotocol Label Switching Configuring Routing Protocols Configuring Bidirectional Forwarding Detection Configuring Pseudowire Configuring Layer 3 Virtual Private Networks Configuring Quality of Service Configuring Link Noise Monitor Configuring Cisco Discovery Protocol Monitoring and Managing the Cisco MWR 2941 Router Index	Download this chapter Configuring Layer 3 Virtual Private Networks Download the complete book Cisco MWR 2941 Mobile Wireless Edge Router Software Configuration Guide, Release 15.0(1)MR (PDF - 4 MB) Feedback Table Of Contents Configuring MPLS VPNs Understanding MPLS VPNs Configuring MPLS VPNs Sample MPLS VPN Configuration Configuring MPLS VPNs A Virtual Private Network (VPN) is an IP-based network that delivers private network services over a public infrastructure. VPNs allow you to create a set of sites that can communicate privately over the Internet or other public or private networks. The following sections describe how to configure MPLS VPNs on the Cisco MWR 2941: •Understanding MPLS VPNs •Configuring MPLS VPNs •Sample MPLS VPN Configuration Understanding MPLS VPNs A conventional VPN consists of a full mesh of tunnels or permanent virtual circuits (PVCs) connecting all of the sites within the VPN. This type of VPN requires changes to each edge device in the VPN in order to add a new site. MPLS VPNs, also known as Layer 3 VPNs, are easier to manage and expand than conventional VPNs because they use layer 3 communication protocols and are based on a peer model. The peer model enables the service provider and customer to exchange Layer 3 routing information, enabling service providers to relay data between customer sites without customer involvement. The peer model also provides improved security of data transmission between VPN sites because data is isolated between improves security between VPN sites. The Cisco MWR 2941 supports the following MPLS VPN types: •Basic Layer 3 VPN—Provides a VPN private tunnel connection between customer edge (CE) devices in the service provider network. The provider edge (PE) router uses Multiprotocol Border Gateway Protocol (MP-BGP) to distribute VPN routes and MPLS Label Distribution Protocol (LDP) to distribute Interior Gateway Protocol (IGP) labels to the next-hop PE router. •MPLS Carrier Supporting Carrier (CSC) VPN—Enables an MPLS VPN-based service provider to allow other service providers to use a segment of its backbone network. MPLS CSC VPNs use MPLS LDP to distribute MPLS labels and IGP to distribute routes. •Inter-Autonomous System (AS) VPN—An inter-AS VPN allows service providers running separate networks to jointly offer MPLS VPN services to the same end customer; an inter-AS VPN can begin at one customer site and traverse multiple service provider backbones before arriving at another customer site. Configuring MPLS VPNs Layer 3 VPNs allow you to establish VPNs in a routed environment, improving the flexibility and ease of maintenance of VPNs. For instructions on how to configure layer 3 VPNs, see the MPLS Configuration Guide, Cisco IOS Release 15.0S. Sample MPLS VPN Configuration The following section shows a sample configuration for Layer 3 Virtual Private Network (VPN). Note This section provides a partial configuration intended to demonstrate a specific feature. ! -----------Customer definitions for 2 customers--------------------------------------- vrf definition customer_a rd 192.168.1.1:100 route-target export 192.168.1.1:100 route-target import 192.168.1.1:100 ! address-family ipv4 exit-address-family ! vrf definition customer_b rd 192.168.2.1:200 route-target export 192.168.2.1:200 route-target import 192.168.2.1:200 ! address-family ipv4 exit-address-family ! -------------------Loopback addresses for 2 customers----------------------------------- interface Loopback100 vrf forwarding customer_a ip address 192.169.1.3 255.255.255.255 ! interface Loopback101 vrf forwarding customer_b ip address 192.168.100.1 255.255.255.255 ! ------------------------Core-facing OSPF instance---------------------------- router ospf 1 log-adjacency-changes network 100.0.0.0 0.255.255.255 area 0 network 192.168.0.0 0.0.255.255 area 0 network 192.169.0.0 0.0.255.255 area 0 ! ----------------------VRF OSPF instances for 2 customers ------------------------------- router ospf 100 vrf customer_a router-id 192.168.1.3 log-adjacency-changes redistribute bgp 101 metric-type 1 subnets network 192.168.0.0 0.0.255.255 area 0 network 192.169.0.0 0.0.255.255 area 0 ! router ospf 100 vrf customer_b router-id 192.168.100.1 log-adjacency-changes redistribute bgp 101 metric-type 1 subnets network 192.168.0.0 0.0.255.255 area 0 network 192.169.0.0 0.0.255.255 area 0 ! ----------------------MP-BGP with 2 VRF customers --------------------------------- router bgp 101 bgp router-id 100.1.1.1 bgp log-neighbor-changes neighbor 100.1.1.2 remote-as 101 neighbor 100.1.1.2 update-source Loopback1 ! address-family ipv4 redistribute connected neighbor 100.1.1.2 activate no auto-summary no synchronization exit-address-family ! address-family vpnv4 neighbor 100.1.1.2 activate neighbor 100.1.1.2 send-community extended bgp scan-time import 5 exit-address-family ! address-family ipv4 vrf customer_b redistribute connected neighbor 100.1.1.2 remote-as 101 neighbor 100.1.1.2 update-source Loopback1 neighbor 100.1.1.2 activate no synchronization exit-address-family ! address-family ipv4 vrf customer_a redistribute connected neighbor 100.1.1.2 remote-as 101 neighbor 100.1.1.2 update-source Loopback1 neighbor 100.1.1.2 activate no synchronization exit-address-family ! ----------------MP-BGP loopback interface --------------------------------- interface Loopback1 ip address 100.1.1.1 255.255.255.255 ! ------------------Core-facing Vlan interface ------------------------------- interface GigabitEthernet0/1 switchport access vlan 20 switchport trunk allowed vlan 1,2,20-23,1002-1005 switchport mode trunk load-interval 30 ! interface Vlan20 ip address 192.169.10.1 255.255.255.0 load-interval 30 no ptp enable mpls ip ! ------------------CE-facing Vlan interfaces for 2 customers------------------------------ interface GigabitEthernet0/4 switchport access vlan 100 load-interval 30 duplex full ! interface Vlan100 vrf forwarding customer_a ip address 192.169.3.2 255.255.255.0 ! interface GigabitEthernet0/5 switchport access vlan 99 load-interval 30 duplex full ! interface Vlan99 vrf forwarding customer_b ip address 192.169.3.2 255.255.255.0 !
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks